last executing test programs: 5m23.458071161s ago: executing program 4 (id=400): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000200)={'syz_tun\x00', 0x0}) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x6, 0xe, 0x0, &(0x7f0000000440)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000040), 0x10}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000003c0)={r2, r1, 0x25, 0x0, @val=@kprobe_multi=@syms={0x1, 0x0, 0x0, 0x0, 0x100}}, 0x30) syz_emit_ethernet(0x4e, &(0x7f0000000040)={@broadcast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x1, 0x6, "fbddf0", 0x18, 0x3a, 0xff, @local, @mcast2, {[], @mld={0x84, 0x0, 0x0, 0x5, 0xc0, @empty}}}}}}, 0x0) 5m23.258797307s ago: executing program 4 (id=402): r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f00000000c0)={0x1, {{0xa, 0x4e20, 0x5, @mcast2, 0x6}}}, 0x88) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000000940)={0x1, {{0xa, 0x4e1d, 0x1, @mcast1, 0x5}}, 0x1, 0x1, [{{0xa, 0x4e21, 0xd9, @dev={0xfe, 0x80, '\x00', 0x3a}, 0x7bf}}]}, 0x110) 5m23.104034157s ago: executing program 4 (id=405): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) syz_mount_image$fuse(0x0, &(0x7f0000000180)='./bus\x00', 0x301242f, 0x0, 0x1, 0x0, 0x0) socket$can_raw(0x1d, 0x3, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) r0 = syz_open_dev$loop(&(0x7f0000000000), 0x4, 0x0) ioctl$LOOP_GET_STATUS(r0, 0x4c03, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r4 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) r6 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001000000000000000640000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b70800000e0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r7, r5, 0x25, 0x0, @void}, 0x10) syz_emit_ethernet(0xd41, &(0x7f0000000340)={@broadcast, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1c}, @void, {@llc_tr={0x11, {@llc={0x42, 0xbc, '6', "5776d4b5e03c6557c6273fe39513cc626869a1ff55cf6129b9efa99ef87f9d26833882ce3b8fb3125b2074e1527e3edaff6cfe322b0dd3e80b50c27bfa8a83dfda4ecfa0cdc2b58bd82d6157f68dfa5d7cc1945f6256b2f1c812230cf33554fd001affcdd614b624e9c6efdb99a04cbf388e10af8ebb75e3d2049abd1da5a10d7d91655dbe4ba1252617b9283dba543f2f747aa39032508ff492a85e7522c73d062fe4c9d9fc58379be8f22cb5e2769b1e56cc77598ed7df29f772008c2a133b1f742d2f9797b860c2e7e68f32a0d4558136b7d5c9dddfef0aaee1adc3509280ff5be224d0a6cff3d501352a6537c1ad7de89d15a9dc1b886f68e5ff47ccfcb87e19e63bceabf8380817e4e41314797fc7df283674fa0777d5ae9b9ffead0d8a77a6be1fc8b16a4f77945f91af6173d770111b18a500d25a7ef5a2f41b06df7bfaaa3cff23dda0f52608dc73466c90cf74b9c2da4cdd112617e8ac88e775c70a0a2d5f32a71383a648d04a63f2b8909ca31a999038275b064495ca60159bc67b3da06d66ef505a5aa7c3284100d2c8592fa14703dbd232893451591082c32c17c2ce7d011ab2bae885c351003fca56b7318d0ecfa7e01fed2ebc4cb4db51624f6b6efb94b325c36babb5cbf6f5e3ac204b8c3db6c42ac165b20da5e05210ece786bd5d08705da9536f0c4f419a8bd8e8d7896aab612320a25edc069f69e881424ff5ebfc8c49cd4a357a8a87683fdc9f72abfe167bc912af01019d993ad43b99537a47471e54cca9b1800b0cf1428a1130bf6bfdc165c1ca1e962d8949e619dce3174ea8099502692132c7eb443f05169c2def77c5e1de3086cf129aaa298ee846486ea317b135d84d57cb419cb3d72f74ac2db501093d3d96f16e43e28fdf13d426e8d51fec39b727b8761cde5376c5e73cd39974c23866aa6a3e23cb83b1a2a7fe4214c6905e0bb695a8509e7d21a9d9562ee058cca482faa8cf443693c857d1315be5e35e0509b41d98e65427109add7c1d894f280896704572e99b97f029b1b1eafc026550e77c6b35e29aa74f1c5b0061ee3bc0ec9de5176ac46361c8de17bc5344a8b95bbb8b5108bb82df849f981c6c448a6329f742a87a17b17b7afb13a0db95ad332ad496e890d03a0f2abcd00b4f1025fd43d757922ecf5c83c28a6d13e33ba3905897cc53c092c00a9397c5802cf884251e72d206310eb841f7832f8369bd23be1ae6486bb425af23a855c76e7fe39e1e280a86e8f6caeeaa3d4fd633ccf5676c59b4d2f6821ea456674f25f03e8ed5f246b8accaad9223becf7170233cf77614b85f6e87dd85905c52265b6ad98ef2d8b675f3621e90c565882bd73989d6f3db73ec52450bc1fdc6306b716bc1940c3e65499e7e7dad821aa24e3b4be30cd9aa82af59998773bb63f01fcbf8b5c6ce35ee8439d67cb8a6c6bf12ebd8027ba0f5a971613718aa8eba19fa6b268cfb24c7a78977d705e30ce42ef00d94b020694ecfd5ac0d9e6ffa5d9bc68851569fc06f99dce23cc8e3e027f6b07a2d13c06dce50b2e3a7d3c85a346c9a14d8be455fc433b673d2f32a7b414de38cb07db842527054ed5d8d9a4e94e1692e2d99e587366d1ce7e604effaebbdfcd00fb69d386ac8d98b91f5e80c79bc6d0e41308e5a2937784aff7fcc05bd324a6674994823d85c68eb73b6f1d128d46b9e609b01d854453f2e802287af1e45986eca0df03f27b004ccbfa3ba439d95fcd804ee8adf30190addc188ee51ddda05915a40e18045f58c02149a5c00f8e08a8b0ee457cf12102d1a98bc53f66d05971e0d0c7c562d40a51ae1261a36c76f986919b85a484477a31a307b4e3d5612ea2bc60b6f5929d05ba710be590b1d7f0c6c2a1d004872e53f1a1ff73906ea874c77724e580410561547181f628a304352b1db1b4e805a6c36ca4e6c372a23128457671c66ffbb7fbe087c8d760900e1e6fff9f4081c6c49b2fc67743e15c890f50a09c34719b10a040477b73ffe24a88d071f1fdb9b7b42206cb961516ccf042980f27dd41eb3c003cc0b9240d79855f7cb926d1d6d424b2f6e1d826e33c8ac04ef081dbebff33b8eaae3a6d1ab58740c07edaeac0f683236edc389926481ec6b2fa4fa55f739e4eb0060e02c44b82c00f5d0e816d3c7fea156afa6be1acf6950aec7055b6c87717fb5f71e4cb049936102f79cfe540da234073971ec7fbef346d2f2efac36bb30cae926f279156dc28456ed5a17adbe726ed925bd4074ae6cba584f37f7abcb213fd8a292b39df70a53452d381c8df39590ecc3d1c52949422f2ab357bc442acbcd6ee2f8faf2431d7eaae362412ea644f7960d609a5b38f0ee7ab0195e57eb41f5bf9bd76e9cb18e184660a983b6b28eed40cc5b9766f5d422bb1bdf8da9ec2e25c74082bb85d86a18023f37dd98526a34d5c0350e82247be1a7484bb06fdd96388cfbb7d0021432da3288eea5f42d0f2375afd2a0bd6854441bbd8be716d742bdc8e2ac960c21eefbac6032557e2eb12feb802ce5ea770393758f180bee302fe9150ca177e6ef3b08b049c9deb0b1c6a0ffd87fcd6bf5e2022c10e8db2604126ff3abf4b58914bbcb4bc07dcfdc50c50e8b71144456ef7254de96cedb5da34a74837482bd385438f7c93da70609bcf93bd795f68920a28f296151a98f4ace98b07213de078c98e2ab48e30e9f00bbcee5feea313651042e4945b553bc6aff01ec0754676bb8da455d1997b062d13c2b5c14b6d5de5923fe068a94b9ae940dc8d506602fe5c7aa4786fed76a60e81623f9743378acdf985dc27f1fa53798171072b163363e0f630a7bdb9c51671db890939f013acd9892093ce4f6d00757ff31139b2ceed0c565f65c643b98266259f8af7729341866104a6fee2a3451083f327d3a7dc0047d406ece26e3ac864d395f9d06977bd44092f42a11ce0788d1ec407183a5aa2a25e002e9f0dbbcf744583b00337d3e59367680eb7045167409c13bc66e6c9e59fd83f06824c6aca2a25b45a1242a329d8da2a4e6bfce98138e7b3baf33f6e2a6d2b4049120fd50fe9dec02a0e9e4ff5dc680dfb49e388f455b3186b70bf16346a414888437a0cd017add6ddb12c594db1925959dac508f5b2df37b04ffa76972d564774333c3b147a1299db499d725582f0ad9713a5693ae8ab3e491dc6d2e6af0fd1707a6e260d3dddd0fa68011fe92770052842bf4fba8535eae4f2e776fd67e27ab509d8d7a86b9e5ed72e0f6c354c59987b17744c94213917ebfeff9e5baf1d1284dae2607cca47274073e6f8c4328f922161772931c64e472eb99be677ee9726d26b3ff73fcb5e00fb520554667937a241da67bc2d3cf861604e3e0144a7a25722d4ba39a95a3baf026469b5189d0001665f73dd29bd2d1455aaec6a1198cc8ab552f88ad49c5541b3a87b3c34d9cb4b630a109d87703b05cf64bdd998972824b2a751b086c95214012292036ba361768671b067b2aa4c552f14f9482cd30521d5fda53579918272f5399f5308a15648dd895dd53fc153ad90fc877dfb2f112b6225549f5946a5898e27b0da3806f1e465cbdf99ecad2dfc917fbe77db76cbc5d6b1cdc57cce57fbbc3060455c9fa7c2d36e5563b0e9481bbf3d20fdb8bfe0d208688e2a4b158368af3f367a6c4524e93a86c545d9fe4b4e5256b74ae9ba73375fdb368dab0d5f47712ecd38b0011f2ae521c8307cafbe7f4aae10f260bcc89d689593ea2252cc7358d2e17f87a5ac595605780f5a3d5d5382aa4079fcfc93fcf3d49a4c320d5316f4cf2299ae2ac81f3bc2337117e3505c69fe031dde92d9e9da70b5e001dcf3eb090738936d0fff36dbc708c90112dd1e7af7ec779333d267f8d2dc8a81e86ea67761b82311070d438dd2d7367e51453d662497b9c023f19f5aed5e6dbf1e817dac3f3c8d5a632d1c7545ae48e50c5f010a4d4de544794f7a37efd8bfa18a840badbdc8fc397dc02590abcab3885bf6083ba6a70762a2d71bf61f9979edd37313654cbf8670b95d87f5adc1b902f643cc7676022d296c16a56398acc283b7df45b65376a06269bf9b7a1f2af112d0f8444a6895caa0927bc434cdf960ac0b0e859d4a0a564eca5543b4ecd2281b5b6ab87258713d1ea4b831244865f4c991549dd769a304bc8c9eb56e7afdcc12705471d090a5aa8835419a7a6bc9733c75f44bbe7f52698716352bc4423cd31cfa3e643937087d4b1f57120b95f0b2133cc1df72d4acf514a34548c77ca00637bf0cb45153cbd9bbed91b2a6765dbbc2c3a308e5d150dc939b7f54a97b7ae5ddfa1450d26a08d5148287efc3c6f62512471060239c40a998a5efd5fbf8479b59fdefa3209705f5df3e9fa61345e134550aceeb41db09afb8c8ebb49553f4d93b3171141ffccaaab591d4bfad4a3d2affa88fd1f437404a241b508c714332897fb1a460b564db42173e2f964d47d497cf6acca474aaade26a48555f228a21ba59e426bdc2ce37c3063f9c5dbc33072d3d9ec419e7a8d2dd72438df2b7f98e4ff304efb6f48eb49ccf2fb3ee90950898d971c7c590add955ab976036cc42ac3622fae53ee9cf61b3265fa3adb1583c5f35d97d97371ab69022e768ad2773955aef70805489c35ea9f1b8a0491d61c8e2139ad6017373fd79f473fccd84d9f7759f13100d06e8ff3f7f7d7559d56f6b8cb2d1d51d581afd75d503b963b6cc9ff747ef558b581013e3dd6b1de8b8d872d973b8a45714d8ca26fcdc821d78fa7c5f859a48251fe994c9d3aa684691f"}}}}}, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000002080)=ANY=[@ANYBLOB="b619f8d2ea0db175811ce19830e6f0247c31a7ad4c06ec294e31f7b577d0bb0531cb9e55003b6e99b12eaf987d79bfc4b475d36994939d1cd37c7c2d1ec21ae9a9e0bc25fe413cb426cdf94828bcab80e6bf9e1031c20426da3ada8c48944fa9280fbe0ff44be4f80d19840d4abeb9bd337066054797db9e09c0cc77a661983fddc95e8a2ec16121b0192c8d15d86d13dc8ac66dc5043325913d66c3fae294fb53c9c7dd4afed2d53088e2a428e74c3a497d91003218d9c0ee0ec499f582", @ANYRESOCT, @ANYRESOCT=r1], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2241, 0x0) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="f001000000010104200000fff500000002000000240001801400018008000100e000000108000200000000000c0002800500010000000000240002800c00028005000100000000001400018008000100e000000108000200ac1e00010800074000000000080008400000000280000d8014000380060001004e240000060002004e240000140005000000000000000000000000000000000108000200e0000002140004000000000000000000000000000000000014000400fc00000000000000000000000000000114000400fe80000000000000000000000000002308000200ac1414bb08000100e00000022c0010"], 0x1f0}}, 0x0) 5m21.232653327s ago: executing program 4 (id=408): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000300)='./file0/../file0\x00', 0x0, 0x2151090, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0) mount$bind(0x0, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0) mount$bind(0x0, &(0x7f0000000240)='./file0\x00', 0x0, 0x88000, 0x0) 5m21.025423544s ago: executing program 4 (id=411): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) write$cgroup_pid(r2, &(0x7f00000003c0), 0xffffffa0) sendmsg$IPVS_CMD_SET_INFO(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0}, 0x1, 0x0, 0x0, 0xf261085b73388e01}, 0x44000) 5m20.551235375s ago: executing program 4 (id=415): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x28a) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=@newlink={0x38, 0x10, 0x439, 0x0, 0xfffffffc, {0x0, 0x0, 0x0, r2, 0x9801}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @gre={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_REMOTE={0x8, 0x7, @remote}]}}}]}, 0x38}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x50, 0x10, 0x439, 0x2, 0x0, {0x0, 0x0, 0x0, r2, 0x1040, 0x44100}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @gre={{0x8}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_GRE_REMOTE={0x8, 0x7, @local}, @IFLA_GRE_LOCAL={0x8, 0x6, @initdev={0xac, 0x1e, 0x0, 0x0}}, @IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x1}]}}}, @IFLA_MTU={0x8, 0x4, 0x6}]}, 0x50}, 0x1, 0x0, 0x0, 0x20008001}, 0x4040000) 5m19.380223145s ago: executing program 32 (id=415): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x28a) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=@newlink={0x38, 0x10, 0x439, 0x0, 0xfffffffc, {0x0, 0x0, 0x0, r2, 0x9801}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @gre={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_REMOTE={0x8, 0x7, @remote}]}}}]}, 0x38}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x50, 0x10, 0x439, 0x2, 0x0, {0x0, 0x0, 0x0, r2, 0x1040, 0x44100}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @gre={{0x8}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_GRE_REMOTE={0x8, 0x7, @local}, @IFLA_GRE_LOCAL={0x8, 0x6, @initdev={0xac, 0x1e, 0x0, 0x0}}, @IFLA_GRE_ENCAP_TYPE={0x6, 0xe, 0x1}]}}}, @IFLA_MTU={0x8, 0x4, 0x6}]}, 0x50}, 0x1, 0x0, 0x0, 0x20008001}, 0x4040000) 2m22.267017431s ago: executing program 2 (id=1529): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r3, 0x541c, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) socket$packet(0x11, 0x3, 0x300) r4 = socket$packet(0x11, 0x2, 0x300) socket$packet(0x11, 0xa, 0x300) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYRES32=0x0, @ANYBLOB="1400050000000000000000000000000000000012"], 0x3c}, 0x1, 0x11, 0x0, 0x80}, 0x0) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x8000}, 0x4) syz_emit_ethernet(0xfdef, &(0x7f0000000000)=ANY=[@ANYBLOB="bbbbbbbbbbbb0180c200000008004500002c0000ff"], 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000001680)={0x0}, 0x1, 0x0, 0x0, 0x4060040}, 0x0) ioctl$USBDEVFS_SUBMITURB(0xffffffffffffffff, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000080)={0x0, 0xb, 0x0, 0x0, 0x7995}, 0xfcb5, 0x0, 0x0, 0x48000000, 0x0, 0x0, 0x0}) r6 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301) ioctl$USBDEVFS_FREE_STREAMS(r6, 0x802c550a, &(0x7f0000000000)=ANY=[]) keyctl$KEYCTL_PKEY_VERIFY(0x1c, 0x0, &(0x7f0000000080)=ANY=[], 0x0, 0x0) keyctl$KEYCTL_PKEY_QUERY(0x18, 0x0, 0x0, &(0x7f0000000080)=' hash=', 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x6, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000001000000000000000200000085000000600000009500000000000000"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0xe0e4f3ee43f6dc44, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x9000) 2m20.590241406s ago: executing program 2 (id=1535): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000000c0)=@ipv6_deladdrlabel={0x1c, 0x49, 0x1, 0x70bd29, 0x25dfdbfd, {0xa, 0x0, 0x80, 0x0, 0x0, 0xfffffff9}}, 0x1c}, 0x1, 0x0, 0x0, 0x4008840}, 0x0) 2m20.389598922s ago: executing program 2 (id=1540): mkdirat(0xffffffffffffff9c, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) socket$key(0xf, 0x3, 0x2) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x1) bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB], 0x48) bpf$MAP_CREATE(0x0, 0x0, 0x48) r3 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x40800, 0x0) ioctl$TUNGETVNETLE(r3, 0x800454dd, &(0x7f0000000380)) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r4, &(0x7f0000000480)={0x0, 0x60, &(0x7f0000000140)={&(0x7f00000002c0)={0x1c, r5, 0x9c3fa077fa966179, 0x0, 0x0, {{0x7e}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) 2m19.015898769s ago: executing program 2 (id=1547): syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000400)='./file1\x00', 0x10000, &(0x7f00000000c0)=ANY=[@ANYRES32=0x0, @ANYRESDEC], 0xfe, 0x687, &(0x7f0000000fc0)="$eJzs3c1vHGcdB/DvrNeOHaTUfUlaUCWsRioIi8QvcsFcGjggHypUhUOFxMVKnMbKxq1sF7kVAvN+5dA/oBx8QOICEvdIReKAgFvFzeKAKiFx6cm3oJmdtdfxS9Ybv8Tw+Viz+8w8r/PbmWd3dmVNgP9bc+NpPkiRufE31sr1zY3p1ubG9IU6u5WkTDeSZvspxVJSfJzcSHvJ58uNdfnioH4+XJy9+clnm5+215r1UpVvHFavN+v1krEkA/XzXoN9tXfrwPYON7+dKrb3sAzY1U7g4Kw93GP9KNWf8LwFngZF+31zj9HkYpLh+nNA6tmhcbqjO35HmuUAAADgnHpmK1tZy6WzHgcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACcJ/X9/4t6aXTSYyk69/8fqrelTt9snPGYn8SDsx4AAAAAAAAAAByDL25lK2u5lPrH/YftX/ZfqR5fqB4/l/eykoUs51rWMp/VrGY5k0lGuxoaWptfXV2e7KHm1L41p/ob/+/7qwYAAAAAAAAA/2t+mrn27/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPC0KJKB9lO1vNBJj6bRTDKcZKgst578vZM+J4r9Nj44/XEAAADAExnuo84zW9nKWi511h8W1TX/lep6eTjvZSmrWcxqWlnI7foaurzqb2xuTLc2N6bvb25MVx1//2Fbu51v/udIw6haTPu7h/17fqkqMZI7Way2XMutajC306hqll6qx7O97O7kJ+WYRl6v9Tiy2/Vz2dmvD/oW4Tg0jlphtKo0uB2RiXpsZUPPHh6Jx746zUN7mkxj+5ufFw7pqbNLxRFjfrFTL8kvH4n56//67fd6bOYEbEeikSoSU11H35XDY5586Y+/e+tua+ne3Tsr4yd2GJ2WR4+J6a5IvHiuI9E8YvmJKhKXt9fn8u18N+MZy5tZzmJ+kPmsZiH1zJj5+nguH0e7opTsidSNXWtvPm4kQ/Xr0p5FexnTWC5Uqfm8UtW9lMUUeSe3s5DXqr+pTOZrmclMZrte4csHvsLVvlUzbeNoZ/3VL2fnVP9VOVP3Vi/5c68Fj679llrG9dmuuHbPuaNVXveWnSg918P70RHnxuYX6kTZx8/6eds4MY9GYrIrEs8fHonfVOfGSmvp3vLd+XcPaH/9kfVXB3fSv+jrnfmkpp7yeHkuw/VMsvvoKPOe355ldsdrqP7FpZ3X2JN3ucoris6Z+p19ztQy4rNV6Sv7tjRV5b24N2+gHvk//tmVt+vzVt756wkFDIDjdfErF4dG/j3yt5GPRn4+cnfkjeFvXfj6hZeHMvinwW80JwZebbxc/CEf5Uc71/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAED/Vt7/4N58q7WwvH+icXDW8SaK+rY8B5VpZiSnMIzTTBTJ+rG3nLPfrx4SnZsIPmk7b914KnbnXCcGktRbfpzsHD/1S9TPzUWBc+H66v13r6+8/8FXF+/Pv73w9sLS4MzM7MTszGvT1+8sthYm2o9nPUrgJOx8HuixwuAJDwgAAAAAAAAAAAB4rP3+MeAvx/yfBl3djZ3hrgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADn1Nx4moMpMjlxbaJc39yYbpVLJ71Tspmk0UiKHybFx8mNtJeMdjVXHNTPh4uzNz/5bPPTnbaanfKNw+r1Zr1eMpZkoH7eY6i/9m4d1F7Piu09LAN2tRM4OGv/DQAA//+iHAcm") r0 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000001c0)=0x10) 2m18.774915069s ago: executing program 2 (id=1549): openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000200)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) accept4(r0, 0x0, 0x0, 0x0) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r1, 0x84, 0x6e, &(0x7f0000000140)=[@in6={0xa, 0x4e20, 0x2, @private2={0xfc, 0x2, '\x00', 0x1}, 0x3}], 0x1c) mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x8, 0x20132, 0xffffffffffffffff, 0xb2993000) munmap(&(0x7f0000001000/0x3000)=nil, 0x3000) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) 2m15.924121016s ago: executing program 2 (id=1570): r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) wait4(r0, 0x0, 0x8, 0x0) ptrace$setregset(0x4205, r0, 0x1, &(0x7f0000000100)={&(0x7f0000000040)="dcef58b7f29c1f7c93d183044aedba283413e674c7719c33a4b17f028f68610a6c55bb2bf8282853f3e16f8394a8676ff55a3507e2ad50248c6130863b0f7433c7fbc9b978a39eae88bffd05d139cedbee444f7c98e1f92b0f64462b4b470bedced2125e0b1f38fbaa348c6d75aa1a4011e9cdae15ecb9309b0101edbf6dd6d111d6132f18", 0x85}) ptrace$setregset(0x4205, r0, 0x200, &(0x7f00000001c0)={&(0x7f0000000440)="00000000000000002800000001000000", 0x10}) 2m15.263642291s ago: executing program 33 (id=1570): r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) wait4(r0, 0x0, 0x8, 0x0) ptrace$setregset(0x4205, r0, 0x1, &(0x7f0000000100)={&(0x7f0000000040)="dcef58b7f29c1f7c93d183044aedba283413e674c7719c33a4b17f028f68610a6c55bb2bf8282853f3e16f8394a8676ff55a3507e2ad50248c6130863b0f7433c7fbc9b978a39eae88bffd05d139cedbee444f7c98e1f92b0f64462b4b470bedced2125e0b1f38fbaa348c6d75aa1a4011e9cdae15ecb9309b0101edbf6dd6d111d6132f18", 0x85}) ptrace$setregset(0x4205, r0, 0x200, &(0x7f00000001c0)={&(0x7f0000000440)="00000000000000002800000001000000", 0x10}) 9.980593507s ago: executing program 1 (id=2169): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x1}, 0x40044) r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000004c0)={'bond0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010025bd7000fadbdf2500000000", @ANYRES32=r1, @ANYBLOB="138000002b9201001c00128009000100626f6e64000000000c0002800800020029"], 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x4000) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4008804}, 0x20040040) 9.670340707s ago: executing program 1 (id=2175): bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0x2f, 0xe8034000, 0x0, 0x0, 0x0, 0x0, 0x5dc}, 0x50) rt_sigqueueinfo(0xffffffffffffffff, 0x28, &(0x7f00000000c0)={0x2, 0x0, 0xfffffff7}) r0 = socket$pppl2tp(0x18, 0x1, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x4, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) inotify_add_watch(0xffffffffffffffff, 0x0, 0x1400005f) bind$bt_l2cap(0xffffffffffffffff, 0x0, 0x0) getsockopt$bt_BT_SNDMTU(0xffffffffffffffff, 0x112, 0xc, 0x0, &(0x7f00000000c0)) r5 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f00000002c0)=@pppol2tpin6={0x18, 0x1, {0x0, r5, 0x8, 0x0, 0x3, 0x0, {0xa, 0x0, 0x6, @rand_addr=' \x01\x00', 0x200000}}}, 0x32) getsockname$tipc(r0, 0x0, &(0x7f00000000c0)) ptrace$getsig(0x4202, 0x0, 0x10, &(0x7f0000000000)) inotify_init() getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000480)={{{@in=@remote, @in6=@private0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@private1}, 0x0, @in=@dev}}, &(0x7f0000000240)=0xe8) syz_mount_image$ext4(&(0x7f0000000600)='ext4\x00', &(0x7f0000000640)='./file0\x00', 0x0, &(0x7f0000000400)={[], [{@subj_type={'subj_type', 0x3d, 'ext4\x00'}}, {@fowner_lt={'fowner<', r6}}, {@appraise}, {@obj_role={'obj_role', 0x3d, ']:%'}}, {@permit_directio}]}, 0x1, 0x5ef, &(0x7f0000000cc0)="$eJzs3FFoVNkZAOD/TsZYY2qstpRKhVCLSNXEcaLR0oIWSh9aS1t9KhY7mEmUTDRNYmlSEO2TD60gFkopCKUUii8NbaEvrRSFwrIL+7qwqyz7sIuCuLi+7S5Z7mQmjpsxiSbmss73wTXnnHvH89/55z9zuTA3gJbVnf6Ti/hKRIwmEV0N+/JR29k9e9yV4vSpdEtiZubogySSiDhfnD5VPz6p/V1fe9mBiLj5/ySG2+fPOz45NVyqVMpjtX7vxMho7/jk1O7TI6Wh8lD5TP++QrGw/2B/ceXO9fLO6//a/Ncj71+8/fHvdnfdOpLEoeis7Ws8j5XSHd1z70mjfBLRs9KTZSzf0E7yGQbCkr294eHVtojYHBHbIuLL0RVttUx+1HH8YVf8cdfTXnt8+7W7qxkrsPJmkogZoCVlvf4AAAAAAAAAAAAAAAAAAACPzcwkfv8PLSrr9QcAAAAAAAAAAAAAAAAAAJjvfHH6VH1brTn/vXG1ZuJp7h+OiPxs/q/Uttk9+eiu/v1crImIjg+S9LA5SUQcWubcN16N6I5vbHp0t/zfdIva53CZ/y2fEdPvZB0BWWrvyzoCsrTlx1lHQJZev5R1BFy4GBF78vn51/9J7frv+f18kf0bD6TXf7fWNo65/msdPzmadQRk6Yf7s46ALP3pQdYR8L/DEbGr2f2/3Nz9n2hy/2d9RPxomXN/6Xj6/f/K1sax+d//uXvLnIYF3D8c8a2IuDLv/l+ufsjGtlrv82kn1iSDpyvlPRGxISJ2xJq1ab+wwBzfPPG3rzUb//C7af63Hqrf/0u3dP76vcBaHPfya5983UBporTc82bW/YsRW/LN8p/M1X/SpP7Tz8PoEufY++6vdzYbP/edNP9f/+XC+edFmvlzxPam9Z/MHZO2eidGRnvHJ6d2nx4pDZWHymf69xWKhf0H+4u91eWgt74oNFG4PPbbZuP/mErz//eb8p+dtP47Fs5/df0fn5waLlUq5bHxZ5/jNz/r29Rs/LW/pPn/w7HnWf/bk2PVANtrY78qTUyMFSLakx/MH9/77DG/rOrvR/39SvO/Y1vz7/+F1v91EXFhqXO+d/VEs/HB76X53/dGPfd9G356Q/2vrjT/A4vUf/JE/T9749tvXtvcbO7b/0nz/9Ubi9d/XzWYHbUR13+LW2qCso4TAAAAAAAAAAAAAAAAAAAAAAAAAOBll4uIzkhyPXPtXK6nZ/b5/l+Mjlzl7PjEzsGz584MpPuqz3/P1R/13NXwPPhCtf24v/dT/WJEfCEiLrWtq/Z7Tp6tDGR98tCiOiPu/PMXJ9uzjgMAAAAAAAAAAAAAAAAAAHhs/VN+/596qy3r6IAXoTPizuDv2y6k7UfqHFpKWv/XH418P9Q/tBz1D61L/UPrUv/QutQ/tC71D61L/UPrUv/QutQ/tK7G+gcAAAAAAAAAAAAAAAAAAAAAAAAAAF6M8cmp4VKlUh7T0NDQmGtkvTIBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB1nwQAAP//taZClw==") 6.794341266s ago: executing program 6 (id=2183): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_percpu\x00', 0x275a, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) fcntl$lock(r0, 0x6, &(0x7f0000000000)={0x0, 0x0, 0x8}) fcntl$lock(r0, 0x26, &(0x7f0000000280)={0x1, 0x0, 0x9, 0x9}) fcntl$lock(r0, 0x7, &(0x7f0000000140)={0x1, 0x1, 0x7}) timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r1, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) 5.484249515s ago: executing program 3 (id=2189): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000200)={'veth1_to_bridge\x00', 0x0}) r2 = socket$inet6_mptcp(0xa, 0x1, 0x106) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_inet6_SIOCADDRT(r3, 0x890b, &(0x7f0000000240)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @mcast1, @dev={0xfe, 0x80, '\x00', 0xe}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4400046, r1}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'team0\x00', 0x0}) ioctl$sock_inet6_SIOCADDRT(r3, 0x890b, &(0x7f0000000540)={@remote, @private0={0xfc, 0x0, '\x00', 0x1}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, r4}) ioctl$sock_inet_SIOCSIFFLAGS(r2, 0x8914, &(0x7f0000000100)={'veth1_to_bridge\x00'}) 5.305894868s ago: executing program 0 (id=2190): r0 = open(&(0x7f00000000c0)='.\x00', 0x10000, 0x0) getdents(r0, &(0x7f0000001fc0)=""/184, 0xb8) 4.593714029s ago: executing program 3 (id=2192): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r3, 0x541c, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) socket$packet(0x11, 0x3, 0x300) r4 = socket$packet(0x11, 0x2, 0x300) socket$packet(0x11, 0xa, 0x300) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="3c0000001800ef0100800000000000000a0000000000c800000000000c00090008000000", @ANYRES32=0x0, @ANYBLOB="1400050000000000000000000000000000000012"], 0x3c}, 0x1, 0x11, 0x0, 0x80}, 0x0) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x8000}, 0x4) syz_emit_ethernet(0xfdef, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000001680)={0x0}, 0x1, 0x0, 0x0, 0x4060040}, 0x0) ioctl$USBDEVFS_SUBMITURB(0xffffffffffffffff, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000080)={0x0, 0xb, 0x0, 0x0, 0x7995}, 0xfcb5, 0x0, 0x0, 0x48000000, 0x0, 0x0, 0x0}) r6 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301) ioctl$USBDEVFS_FREE_STREAMS(r6, 0x802c550a, &(0x7f0000000000)=ANY=[]) keyctl$KEYCTL_PKEY_VERIFY(0x1c, 0x0, &(0x7f0000000080)=ANY=[], 0x0, 0x0) keyctl$KEYCTL_PKEY_QUERY(0x18, 0x0, 0x0, &(0x7f0000000080)=' hash=', 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x6, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000001000000000000000200000085000000600000009500000000000000"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0xe0e4f3ee43f6dc44, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x9000) 4.424478481s ago: executing program 0 (id=2193): sched_setscheduler(0x0, 0x0, &(0x7f0000000040)=0x9) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48) bpf$MAP_CREATE(0x0, 0x0, 0x50) r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x8000000000002) sched_setscheduler(r1, 0x2, &(0x7f0000000240)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x1d0) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000140)='ramfs\x00', 0x10, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x400a8, &(0x7f0000000380)=ANY=[], 0x5, 0x0, 0x0) symlinkat(&(0x7f0000000080)='.\x00', 0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00') mount$bind(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f00000002c0)='./file0/file0/../file0\x00', 0x0, 0x20a1c08, 0x0) mount$9p_unix(0x0, 0x0, 0x0, 0x12d7498, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r0, 0xfca804a0, 0x10, 0x38, &(0x7f00000002c0)="b80a000500000000", &(0x7f0000000300)=""/8, 0x2f00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000002180)=ANY=[], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) setsockopt$sock_attach_bpf(r5, 0x1, 0x32, &(0x7f0000000180)=r4, 0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) 4.009985364s ago: executing program 1 (id=2195): bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000280)={0x1b, 0x0, 0x0, 0x3, 0x0, 0xffffffffffffffff, 0xfffffffa, '\x00', 0x0, 0x0, 0x5, 0x0, 0x1}, 0x50) r0 = socket$xdp(0x2c, 0x3, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) mmap$xdp(&(0x7f0000016000/0x4000)=nil, 0x4000, 0x700000d, 0x811, r0, 0x180000000) r1 = socket$nl_route(0x10, 0x3, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r2, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc) r3 = socket$inet6(0xa, 0x80003, 0x6) connect$inet6(r3, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f0000000340)={{{@in=@broadcast, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x0, 0x0, 0x4}, {0x0, 0x4, 0x0, 0xa78a}, 0xfffffffe, 0x0, 0x1}, {{@in=@private, 0x0, 0x33}, 0x0, @in=@rand_addr=0x64010101, 0x0, 0x3, 0x1, 0x7}}, 0xe8) socket$nl_generic(0x10, 0x3, 0x10) sendmmsg(r3, &(0x7f0000000480), 0x2e9, 0x0) r4 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r4, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000540)={0x2, 0x6, 0x2, 0x0, 0x2, 0x0, 0x2}, 0x10}}, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newqdisc={0x24, 0x29, 0xa19702d202eff97b, 0x4001, 0xfff7fdfc, {0x0, 0x0, 0x0, r5, {0xb}, {0xffff}, {0x4, 0x1}}}, 0x24}, 0x1, 0x0, 0x0, 0x400dc}, 0x4000080) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_user\x00', 0x0, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r6, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r6, @ANYRES64], 0x118) 3.504553469s ago: executing program 6 (id=2196): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x1}, 0x40044) r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000004c0)={'bond0\x00'}) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010025bd7000fadbdf2500000000", @ANYBLOB="138000002b9201001c00128009000100626f6e64000000000c00028008000200297d"], 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x4000) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4008804}, 0x20040040) 3.335084221s ago: executing program 3 (id=2197): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="10000000040000000800000005"], 0x48) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b7030000000000008500000033000000"], &(0x7f0000000780)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000400)={r1, r3, 0x25, 0x0, @val=@netkit={@void, @value=r1}}, 0x1c) syz_emit_ethernet(0x36, &(0x7f0000000000)=ANY=[], 0x0) 2.819521667s ago: executing program 6 (id=2198): r0 = openat$vimc1(0xffffff9c, &(0x7f00000011c0), 0x2, 0x0) ioctl$VIDIOC_G_SELECTION(r0, 0xc040565e, &(0x7f0000001200)={0xb, 0x101, 0x2, {0xffff9dea, 0x4, 0x5e, 0x4}}) 2.790993231s ago: executing program 0 (id=2199): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000080)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x204092, &(0x7f0000000200), 0x6, 0x515, &(0x7f0000000c00)="$eJzs3V1PY3kZAPDnlHYGdtGyu16smziL+xLG6BRY9oV4sS6JL1ebGNd7BqEQQqETKLsDmSjzCTRmoibe6JU3Jn4AEzMfwZhMondeeKWZKONceGNqTns6A6XFTqa0M/D7JYfzP/8/Pc/zFFrOGz0BXFiTEfFRRIxExNsRUcz6c9kUB80p/b4Hh7eW0ymJev2TfyaRZH3t63wxe1jqe9+J+EFyMu7O3v7GUqVS3j7evX9tfXNprbxW3pqbm31//oP59+ZneqwkyZ82+lJEfPjNhz/78W++/eEfvvbZ3xb/cfWHaVrXs/FOdfRDs/RCjB5bPj/S35t8o0IAAJ4Hr0TEyxHxRkR8JYoxEqduRgMAAADPofo3xi+3mgAAAMD5lIuI8Uhypex63/HI5Uql5jW8X4gXcpXqTu2rq9XdrZV0LGIiCrnV9Up5JrtWeCIKSbo822g/Xn6nbXkuuwb3TnEsXW6MAQAAAIOx0Lb//7DY3P8HAAAAzpnOJ+NHBp4HAAAAcHZcjA8AAADnn/1/AAAAONe++/HH6VR/cHircR+AlU/3djeqn15bKe9slDZ3l0vL1e0bpbVqda1SLvXwHwGVavXGu7G1e3O6lt+pTe/s7S9uVne3aouN+3ovll8eQE0AAADAcS+9fvcvSUQcfH2sMaUuZWOFoWYGPEOSfFvH9S8PKROgLzoc0h879QGTu2eXDDBQ7X/TgYvDPj6QtHe0bRiMdttU+GN7x5X/G8s2BwAADMfUF53/h4sqN+wEgKH5yYmeS0PJAxi8no/FT55tHsDgFdzmDy68E+f/24x2Gzhx/r+bev2JEgIAAPpuvDk7iOxc4HjkcqXSo9OCyep6pTwTEZ+PiD8XC5fT5dkh5gsAAAAAAAAAAAAAAAAAAAAAAAAAz6N6PYk6AAAAcK5F5P6eZPf/miq+Nd5+fOBS8p9iZHcF/uyXn/z85lKttj2b9v/rUX/tF1n/O8M4ggEAAAAXUeHU0dZ+ems/HgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD66cHhreXWNMi49xdiLCY6xc/HaGM+GoWIeOHfSeSPPC6JiJE+xD+4HRGvdoqfpGnFRJZFe/xcRIwNOf6LfYgPF9ndhYj4qNPrLxeTjXnn118+m57W/YXGi7xj/Nb730iX97/P9RjjtXu/m+4a/3bEa/mT8ccjeRQ/6RL/zR7jX//+/n63sfqvI6Y6/v1JmrNc9o21zRvTO3v719Y3l9bKa+WtubnZ9+c/mH9vfmZ6db1Szr52jPHTL/3+4E7X+psBjsZv1TnRzPBH3ep/q8f6/3vv5uErzWbhZPyIq292/vm/2ph3fv7T34m3s6cnHZ9qtQ+a7aOu/PZPV7rllsZf6fL8N3/+xfrj+Plj9V/trfyjNf+qt4cAAGdpZ29/Y6lSKW8PoPHGu/1bYdJopFtBA0p+2I3WwY5nJZ/R4US/HMOt/VtPvZ7W5vDTrOevfasr3WfoPDTENyUAAOBMPN7oH3YmAAAAAAAAAAAAAAAAAAAAcHE1/v9/5Ak/CPD1J/uksfaYB8MpFQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgVP8LAAD//9WHwV0=") openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000006c0)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) 2.676492595s ago: executing program 5 (id=2200): r0 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000000)="580000001400192340834b80040d8c560a067fbc45ff810500000000000058000b480400945f6400947e570028925a01000000000000008000f0fffeffe809000000fff5dd0000001000010002081000418e00000004fcff", 0x58}], 0x1) syz_genetlink_get_family_id$devlink(&(0x7f00000001c0), r0) 2.602043735s ago: executing program 5 (id=2201): r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = getpgrp(0xffffffffffffffff) sched_setscheduler(r1, 0x0, &(0x7f0000000040)=0x9) openat$cgroup_int(r0, &(0x7f0000000080)='blkio.throttle.write_bps_device\x00', 0x2, 0x0) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="005a595fbdb016de16", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x3, 0x13, &(0x7f0000000800)=ANY=[@ANYBLOB="0001800080181100"/20, @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7020000000000008500000008000000bf91000000000000b7020000000000008500000085000000b7000000000000009500000000000000"], &(0x7f00000007c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r4 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x8000000000002) sched_setscheduler(r4, 0x2, &(0x7f0000000240)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x1d0) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000140)='ramfs\x00', 0x10, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x400a8, &(0x7f0000000380)=ANY=[], 0x5, 0x0, 0x0) symlinkat(&(0x7f0000000080)='.\x00', 0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00') mount$bind(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f00000002c0)='./file0/file0/../file0\x00', 0x0, 0x20a1c08, 0x0) mount$9p_unix(0x0, 0x0, 0x0, 0x12d7498, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r3, 0xfca804a0, 0x10, 0x38, &(0x7f00000002c0)="b80a000500000000", &(0x7f0000000300)=""/8, 0x2f00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000002180)=ANY=[@ANYRES8=r3], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) setsockopt$sock_attach_bpf(r8, 0x1, 0x32, &(0x7f0000000180)=r7, 0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) 2.597694566s ago: executing program 0 (id=2202): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0) getsockname$packet(r2, &(0x7f0000000600)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="3c0000001000850600000000ff6122314a000800", @ANYRES32=r3, @ANYBLOB="f5ff0f00252155b21c0012000c000100626f6e64000000000c00020008"], 0x3c}}, 0x40000) r4 = socket(0x10, 0x803, 0x8) sendmsg$IPVS_CMD_SET_INFO(r4, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x2d}, 0x1, 0x0, 0x0, 0x8801}, 0x8000) r5 = socket(0x10, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000600)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f00000000c0)={'macvlan1\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000680)=ANY=[@ANYBLOB="4400000010000104fcfffffffbdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="0315000004000000140012800b0001006970766c616e00000400028008000500", @ANYRES32=r7, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r6], 0x44}, 0x1, 0x0, 0x0, 0x4001}, 0x4) 2.588894927s ago: executing program 3 (id=2203): openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='blkio.bfq.io_queued_recursive\x00', 0x275a, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0), r2) getsockname$packet(r2, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000005c0)=0x56) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000040)=@newlink={0x40, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0x0, r3, 0x49801}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @sit={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x8, 0x3, @remote}, @IFLA_IPTUN_ENCAP_TYPE={0x6, 0xf, 0x1}]}}}]}, 0x40}}, 0x0) sendto$packet(r0, &(0x7f0000000600)="05d936277c6f5422007f83477ca1b2f8e3e4018a", 0x14, 0x40890, &(0x7f0000000200)={0x11, 0x86dd, r3, 0x1, 0x4, 0x6, @multicast}, 0x14) 2.520549016s ago: executing program 6 (id=2204): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000040)={0x0, 0x2, 0x1, 0x1, 0x0, 0x0, 0x0, 0xc, 0x0, 0x8}, 0xe) shutdown(r0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000440)=0x10) getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r0, 0x84, 0x1b, &(0x7f0000000100)={r1}, &(0x7f0000000140)=0x8) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) socket$inet_udp(0x2, 0x2, 0x0) sendmsg$ETHTOOL_MSG_TSINFO_GET(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)={0x20, r3, 0x1, 0x0, 0x3, {0x1c}, [@HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}]}, 0x20}}, 0x4) 2.305825183s ago: executing program 6 (id=2205): bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0x2f, 0xe8034000, 0x0, 0x0, 0x0, 0x0, 0x5dc}, 0x50) rt_sigqueueinfo(0xffffffffffffffff, 0x28, &(0x7f00000000c0)={0x2, 0x0, 0xfffffff7}) r0 = socket$pppl2tp(0x18, 0x1, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x4, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) inotify_add_watch(0xffffffffffffffff, 0x0, 0x1400005f) bind$bt_l2cap(0xffffffffffffffff, 0x0, 0x0) getsockopt$bt_BT_SNDMTU(0xffffffffffffffff, 0x112, 0xc, 0x0, &(0x7f00000000c0)) r5 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f00000002c0)=@pppol2tpin6={0x18, 0x1, {0x0, r5, 0x8, 0x0, 0x3, 0x0, {0xa, 0x0, 0x6, @rand_addr=' \x01\x00', 0x200000}}}, 0x32) getsockname$tipc(r0, 0x0, &(0x7f00000000c0)) ptrace$getsig(0x4202, 0x0, 0x10, &(0x7f0000000000)) inotify_init() getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000480)={{{@in=@remote, @in6=@private0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@private1}, 0x0, @in=@dev}}, &(0x7f0000000240)=0xe8) syz_mount_image$ext4(&(0x7f0000000600)='ext4\x00', &(0x7f0000000640)='./file0\x00', 0x0, &(0x7f0000000400)={[], [{@subj_type={'subj_type', 0x3d, 'ext4\x00'}}, {@fowner_lt={'fowner<', r6}}, {@appraise}, {@obj_role={'obj_role', 0x3d, ']:%'}}, {@permit_directio}]}, 0x1, 0x5ef, &(0x7f0000000cc0)="$eJzs3FFoVNkZAOD/TsZYY2qstpRKhVCLSNXEcaLR0oIWSh9aS1t9KhY7mEmUTDRNYmlSEO2TD60gFkopCKUUii8NbaEvrRSFwrIL+7qwqyz7sIuCuLi+7S5Z7mQmjpsxiSbmss73wTXnnHvH89/55z9zuTA3gJbVnf6Ti/hKRIwmEV0N+/JR29k9e9yV4vSpdEtiZubogySSiDhfnD5VPz6p/V1fe9mBiLj5/ySG2+fPOz45NVyqVMpjtX7vxMho7/jk1O7TI6Wh8lD5TP++QrGw/2B/ceXO9fLO6//a/Ncj71+8/fHvdnfdOpLEoeis7Ws8j5XSHd1z70mjfBLRs9KTZSzf0E7yGQbCkr294eHVtojYHBHbIuLL0RVttUx+1HH8YVf8cdfTXnt8+7W7qxkrsPJmkogZoCVlvf4AAAAAAAAAAAAAAAAAAACPzcwkfv8PLSrr9QcAAAAAAAAAAAAAAAAAAJjvfHH6VH1brTn/vXG1ZuJp7h+OiPxs/q/Uttk9+eiu/v1crImIjg+S9LA5SUQcWubcN16N6I5vbHp0t/zfdIva53CZ/y2fEdPvZB0BWWrvyzoCsrTlx1lHQJZev5R1BFy4GBF78vn51/9J7frv+f18kf0bD6TXf7fWNo65/msdPzmadQRk6Yf7s46ALP3pQdYR8L/DEbGr2f2/3Nz9n2hy/2d9RPxomXN/6Xj6/f/K1sax+d//uXvLnIYF3D8c8a2IuDLv/l+ufsjGtlrv82kn1iSDpyvlPRGxISJ2xJq1ab+wwBzfPPG3rzUb//C7af63Hqrf/0u3dP76vcBaHPfya5983UBporTc82bW/YsRW/LN8p/M1X/SpP7Tz8PoEufY++6vdzYbP/edNP9f/+XC+edFmvlzxPam9Z/MHZO2eidGRnvHJ6d2nx4pDZWHymf69xWKhf0H+4u91eWgt74oNFG4PPbbZuP/mErz//eb8p+dtP47Fs5/df0fn5waLlUq5bHxZ5/jNz/r29Rs/LW/pPn/w7HnWf/bk2PVANtrY78qTUyMFSLakx/MH9/77DG/rOrvR/39SvO/Y1vz7/+F1v91EXFhqXO+d/VEs/HB76X53/dGPfd9G356Q/2vrjT/A4vUf/JE/T9749tvXtvcbO7b/0nz/9Ubi9d/XzWYHbUR13+LW2qCso4TAAAAAAAAAAAAAAAAAAAAAAAAAOBll4uIzkhyPXPtXK6nZ/b5/l+Mjlzl7PjEzsGz584MpPuqz3/P1R/13NXwPPhCtf24v/dT/WJEfCEiLrWtq/Z7Tp6tDGR98tCiOiPu/PMXJ9uzjgMAAAAAAAAAAAAAAAAAAHhs/VN+/596qy3r6IAXoTPizuDv2y6k7UfqHFpKWv/XH418P9Q/tBz1D61L/UPrUv/QutQ/tC71D61L/UPrUv/QutQ/tK7G+gcAAAAAAAAAAAAAAAAAAAAAAAAAAF6M8cmp4VKlUh7T0NDQmGtkvTIBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB1nwQAAP//taZClw==") 1.577835197s ago: executing program 1 (id=2206): r0 = open(&(0x7f00000000c0)='.\x00', 0x10000, 0x0) getdents(r0, &(0x7f0000001fc0)=""/184, 0xb8) 1.528543563s ago: executing program 3 (id=2207): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r3, 0x541c, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) socket$packet(0x11, 0x3, 0x300) r4 = socket$packet(0x11, 0x2, 0x300) socket$packet(0x11, 0xa, 0x300) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="3c0000001800ef0100800000000000000a0000000000c800000000000c00090008000000", @ANYRES32=0x0, @ANYBLOB="1400050000000000000000000000000000000012"], 0x3c}, 0x1, 0x11, 0x0, 0x80}, 0x0) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x8000}, 0x4) syz_emit_ethernet(0xfdef, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000001680)={0x0}, 0x1, 0x0, 0x0, 0x4060040}, 0x0) ioctl$USBDEVFS_SUBMITURB(0xffffffffffffffff, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000080)={0x0, 0xb, 0x0, 0x0, 0x7995}, 0xfcb5, 0x0, 0x0, 0x48000000, 0x0, 0x0, 0x0}) r6 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301) ioctl$USBDEVFS_FREE_STREAMS(r6, 0x802c550a, &(0x7f0000000000)=ANY=[]) keyctl$KEYCTL_PKEY_VERIFY(0x1c, 0x0, &(0x7f0000000080)=ANY=[], 0x0, 0x0) keyctl$KEYCTL_PKEY_QUERY(0x18, 0x0, 0x0, &(0x7f0000000080)=' hash=', 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x6, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000001000000000000000200000085000000600000009500000000000000"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0xe0e4f3ee43f6dc44, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x9000) 1.483313259s ago: executing program 5 (id=2208): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x1}, 0x40044) r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000004c0)={'bond0\x00'}) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010025bd7000fadbdf2500000000", @ANYBLOB="138000002b9201001c00128009000100626f6e64000000000c00028008000200297d"], 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x4000) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4008804}, 0x20040040) 1.424099566s ago: executing program 1 (id=2209): sched_setscheduler(0x0, 0x0, &(0x7f0000000040)=0x9) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48) bpf$MAP_CREATE(0x0, 0x0, 0x50) r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x8000000000002) sched_setscheduler(r1, 0x2, &(0x7f0000000240)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x1d0) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000140)='ramfs\x00', 0x10, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x400a8, &(0x7f0000000380)=ANY=[], 0x5, 0x0, 0x0) symlinkat(&(0x7f0000000080)='.\x00', 0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00') mount$bind(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f00000002c0)='./file0/file0/../file0\x00', 0x0, 0x20a1c08, 0x0) mount$9p_unix(0x0, 0x0, 0x0, 0x12d7498, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r0, 0xfca804a0, 0x10, 0x38, &(0x7f00000002c0)="b80a000500000000", &(0x7f0000000300)=""/8, 0x2f00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000002180)=ANY=[], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) setsockopt$sock_attach_bpf(r5, 0x1, 0x32, &(0x7f0000000180)=r4, 0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) 1.283944454s ago: executing program 5 (id=2210): syz_mount_image$hfsplus(&(0x7f0000001140), &(0x7f00000004c0)='./file1\x00', 0x804c10, &(0x7f0000000180)=ANY=[], 0xfe, 0x66b, &(0x7f0000001180)="$eJzs3c1vHGcdB/DvbDZ2Ni3BTZM2oEq1GgkQFolf5IK5YBBCPlSoKgfOVuI0VjZpsV3kVog6vF576B9QDr4gTkjcIxUOXODWG/KxEhKXXjCnRTuetdfrl66TxrtpP59o93lmnplnfs/vmZl9saIN8IW1MJH6gxRZmHhlvb28tTnT3NqcudupJxlNspHUk9SSFP9ttVofJvNJsdtN0VMe8P7y3GsffbL18c5SvXqU29eO269Htd1Gz+qNzrrxJGeq8hHs6+/GI/dX7EY+n+RqVcLAnU3S2udnf396t6VL47C9z51KjMDjVey8bh4wlpyvLvT2+4DOK2/tdKPr32if2/W+gwAAAIAnTT+fgb+8ne2sFxdOIRwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4XNjY+/3/onrUOvXxFJ3f/x+p1qWqD5cXT7b5g8cVBwAAAAAAAACcohe3s531XOgst4ryb/4vlQuXyuen8lZWs5SVXMt6FrOWtaxkKslYV0cj64traytTfew5feie058S6GhVNj6bcQMAAAAAAADA58yvsrD3938AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgGRXJmp0hxv2v1WGr1JOeSjLRXbCT/7NSfZA8GHQAAAACcgtFkO+u50FluFbmU5LnyO4BzeSv3spblrKWZpdwsvxfY+dRf29qcaW5tztxtPw72+/3/nCiMssfsfPdw+JGvlFs0civL5ZpruZE30szN1Mo9265U8XR67Ynrfjum4nuVPiO7WZXtkb9XlQe8e6LBHuWEX6aMlRk5u5uRySq2djae6czM4TN0wtnpPdJUarvBXuo50sj+wTxUzs9XZXs8vzsq5wPRm4nprrPvueNznnz9L3/66WRVH54h9edMVbbK58bBTMx0ZeL5fjJxu3nvzu1bqxNPWiYOmCwzcXl3eSE/yk8ykfG8mpUs5+dZzFqWMp4flrXFavKLrkv+iEzN71t69dMiGanO0J3JOllML5X7Xshyfpw3cjNLebn8N52pfDuzmc1c1wxfPn6Gy6u+tu+q35vm1pcODf7qN6pKI8nvq3I4tPP6TFdeu++5Y2Vb95q9LF3sI0snvDfWv1pV2sf4dVUOh95MTHVl4tnjM/GH8ray2rx3Z+X24pv9He7ie1WlfWb9NhkfnhtJ+3y52J6scmn/2dFue/bQtqmy7dJuW+1A2+Xdtp0rdePIK3Wkeg93sKfpsu35Q9tmyrYrXW2Hvd8CYOid/+b5kca/G/9ofND4TeN245VzPxj9zugLIzn717PfrU+e+VrtheLP+SC/3Pv8DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPLzVt9+5s9hsLq30VFqt1rtHNPVZqVdHeMjdH6GS8X891T7yIU2dnzM7xXi+8nRyemMf1sr/Wq1WtaY4Yps//m1oEtWqDEXqBlQZ3D0JOB3X1+6+eX317Xe+tXx38fWl15fuzc3Ozk3Ozb48c/3WcnNpcud50FECj8Pei/6gIwEAAAAAAAAAAAD6dRr/nWDQYwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACebAsTqT9IkanJa5Pt5a3NmWb70anvbVlPUktS/CIpPkzmi6phrKu74qjjvL8899pHn2x9vNdXvbN97bj9+rNRPTKe5MxOef+z6u9GVR6rOG4Ixe4I55NcrUoYuP8HAAD//xokBkA=") creat(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x141) openat$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0xc0000, 0xc6) rename(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f00000002c0)='./file1\x00') 1.16271856s ago: executing program 5 (id=2211): prctl$PR_SET_IO_FLUSHER(0x41, 0x3) r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x6, 0x11, r0, 0x0) 1.067745172s ago: executing program 0 (id=2212): r0 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000000)="580000001400192340834b80040d8c560a067fbc45ff810500000000000058000b480400945f6400947e570028925a01000000000000008000f0fffeffe809000000fff5dd0000001000010002081000418e00000004fcff", 0x58}], 0x1) syz_genetlink_get_family_id$devlink(&(0x7f00000001c0), r0) 888.456605ms ago: executing program 5 (id=2213): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="10000000040000000800000005"], 0x48) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000000850000003300000095"], &(0x7f0000000780)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000400)={r0, r2, 0x25, 0x0, @val=@netkit={@void, @value=r0}}, 0x1c) syz_emit_ethernet(0x36, &(0x7f0000000000)=ANY=[], 0x0) 87.294288ms ago: executing program 1 (id=2214): r0 = userfaultfd(0x801) mmap(&(0x7f0000ff4000/0xc000)=nil, 0xc000, 0x1000005, 0x20031, 0xffffffffffffffff, 0xb9ddd000) remap_file_pages(&(0x7f0000ff6000/0xa000)=nil, 0xa000, 0x0, 0x2, 0x100000) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000180)={{&(0x7f0000ffc000/0x4000)=nil, 0x4000}, 0x5}) ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000080)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff9000/0x3000)=nil, 0x3000, 0x1}) 86.938988ms ago: executing program 3 (id=2215): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000040)={0x0, 0x2, 0x1, 0x1, 0x0, 0x0, 0x0, 0xc, 0x0, 0x8}, 0xe) shutdown(r0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000440)=0x10) getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r0, 0x84, 0x1b, &(0x7f0000000100)={r1}, &(0x7f0000000140)=0x8) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) socket$inet_udp(0x2, 0x2, 0x0) sendmsg$ETHTOOL_MSG_TSINFO_GET(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)={0x20, r3, 0x1, 0x0, 0x3, {0x1c}, [@HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}]}, 0x20}}, 0x4) 67.794991ms ago: executing program 6 (id=2216): bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000280)={0x1b, 0x0, 0x0, 0x3, 0x0, 0xffffffffffffffff, 0xfffffffa, '\x00', 0x0, 0x0, 0x5, 0x0, 0x1}, 0x50) r0 = socket$xdp(0x2c, 0x3, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) mmap$xdp(&(0x7f0000016000/0x4000)=nil, 0x4000, 0x700000d, 0x811, r0, 0x180000000) r1 = socket$nl_route(0x10, 0x3, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r2, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc) r3 = socket$inet6(0xa, 0x80003, 0x6) connect$inet6(r3, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f0000000340)={{{@in=@broadcast, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x0, 0x0, 0x4}, {0x0, 0x4, 0x0, 0xa78a}, 0xfffffffe, 0x0, 0x1}, {{@in=@private, 0x0, 0x33}, 0x0, @in=@rand_addr=0x64010101, 0x0, 0x3, 0x1, 0x7}}, 0xe8) socket$nl_generic(0x10, 0x3, 0x10) sendmmsg(r3, &(0x7f0000000480), 0x2e9, 0x0) r4 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r4, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000540)={0x2, 0x6, 0x2, 0x0, 0x2, 0x0, 0x2}, 0x10}}, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newqdisc={0x24, 0x29, 0xa19702d202eff97b, 0x4001, 0xfff7fdfc, {0x0, 0x0, 0x0, r5, {0xb}, {0xffff}, {0x4, 0x1}}}, 0x24}, 0x1, 0x0, 0x0, 0x400dc}, 0x4000080) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_user\x00', 0x0, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) write$UHID_CREATE2(r6, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r6, @ANYRES64], 0x118) 0s ago: executing program 0 (id=2217): openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='blkio.bfq.io_queued_recursive\x00', 0x275a, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0), r2) getsockname$packet(r2, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000005c0)=0x56) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000040)=@newlink={0x40, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0x0, r3, 0x49801}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @sit={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x8, 0x3, @remote}, @IFLA_IPTUN_ENCAP_TYPE={0x6, 0xf, 0x1}]}}}]}, 0x40}}, 0x0) sendto$packet(r0, &(0x7f0000000600)="05d936277c6f5422007f83477ca1b2f8e3e4018a34e7bfd3de1a00ad6762", 0x1e, 0x40890, &(0x7f0000000200)={0x11, 0x86dd, r3, 0x1, 0x4, 0x6, @multicast}, 0x14) kernel console output (not intermixed with test programs): f tx timeout [ 61.613940][ T4274] Bluetooth: hci4: command 0x040f tx timeout [ 61.627670][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 61.637110][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 61.665659][ T4268] device veth1_macvtap entered promiscuous mode [ 61.675476][ T4269] device veth0_macvtap entered promiscuous mode [ 61.687644][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 61.696869][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 61.714549][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 61.723955][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 61.738453][ T4276] device veth0_macvtap entered promiscuous mode [ 61.760034][ T4268] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 61.790044][ T4268] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.790960][ T4379] loop3: detected capacity change from 0 to 256 [ 61.800826][ T4268] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 61.817114][ T4268] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 61.822110][ T4379] ======================================================= [ 61.822110][ T4379] WARNING: The mand mount option has been deprecated and [ 61.822110][ T4379] and is ignored by this kernel. Remove the mand [ 61.822110][ T4379] option from the mount to silence this warning. [ 61.822110][ T4379] ======================================================= [ 61.832718][ T4268] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 61.874663][ T4269] device veth1_macvtap entered promiscuous mode [ 61.890597][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 61.894741][ T4276] device veth1_macvtap entered promiscuous mode [ 61.912025][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 61.927650][ T4352] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 61.944540][ T4352] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 61.957899][ T4379] FAT-fs (loop3): Directory bread(block 64) failed [ 61.964980][ T4379] FAT-fs (loop3): Directory bread(block 65) failed [ 61.967622][ T4352] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 61.971632][ T4379] FAT-fs (loop3): Directory bread(block 66) failed [ 61.979923][ T4352] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 61.994896][ T4379] FAT-fs (loop3): Directory bread(block 67) failed [ 61.998800][ T4352] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 62.001497][ T4379] FAT-fs (loop3): Directory bread(block 68) failed [ 62.018035][ T4379] FAT-fs (loop3): Directory bread(block 69) failed [ 62.019979][ T4352] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 62.025132][ T4379] FAT-fs (loop3): Directory bread(block 70) failed [ 62.039171][ T4379] FAT-fs (loop3): Directory bread(block 71) failed [ 62.053429][ T4379] FAT-fs (loop3): Directory bread(block 72) failed [ 62.054938][ T4268] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 62.060003][ T4379] FAT-fs (loop3): Directory bread(block 73) failed [ 62.076080][ T4268] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.096767][ T4268] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 62.121327][ T4379] syz.3.4: attempt to access beyond end of device [ 62.121327][ T4379] loop3: rw=0, sector=1768, nr_sectors = 4 limit=256 [ 62.133522][ T4268] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.168617][ T4268] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 62.191233][ T4276] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 62.207598][ T4276] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.222082][ T4276] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 62.237939][ T4276] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.262956][ T4276] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 62.279529][ T4276] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.290776][ T4276] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 62.302380][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 62.317328][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 62.329061][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 62.339073][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 62.353094][ T4269] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 62.366387][ T4269] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.376595][ T4269] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 62.387705][ T4269] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.397821][ T4269] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 62.409672][ T4269] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.419974][ T4269] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 62.431055][ T4269] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.456617][ T4269] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 62.465196][ T4276] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 62.477199][ T4276] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.490290][ T4276] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 62.500801][ T4276] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.510772][ T4276] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 62.521362][ T4276] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.534263][ T4276] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 62.558749][ T4268] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.603597][ T4268] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.626922][ T4268] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.653680][ T4268] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.658745][ T4387] xt_hashlimit: size too large, truncated to 1048576 [ 62.675085][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 62.699887][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 62.710800][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 62.719881][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 62.731283][ T4269] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 62.742637][ T4269] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.758852][ T4269] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 62.771784][ T4269] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.786892][ T4269] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 62.799626][ T4269] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.822439][ T4269] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 62.838395][ T4269] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 62.850240][ T4269] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 62.871938][ T4276] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.894180][ T4276] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.912843][ T4276] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.921968][ T4276] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 62.944808][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 62.954627][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 62.993752][ T4269] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.002468][ T4269] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.022585][ T4269] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.034760][ T4269] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 63.046497][ T4396] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 63.259622][ T4352] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 63.270561][ T4352] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 63.274527][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 63.295953][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 63.307573][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 63.327104][ T4352] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 63.352008][ T4352] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 63.364397][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 63.371857][ T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 63.385604][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 63.420684][ T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 63.460457][ T4352] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 63.460530][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 63.484342][ T4352] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 63.513809][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 63.562876][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 63.571088][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 63.603575][ T4274] Bluetooth: hci1: command 0x0419 tx timeout [ 63.609632][ T4274] Bluetooth: hci3: command 0x0419 tx timeout [ 63.617338][ T4277] Bluetooth: hci2: command 0x0419 tx timeout [ 63.617446][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 63.683523][ T4284] Bluetooth: hci0: command 0x0419 tx timeout [ 63.689586][ T4284] Bluetooth: hci4: command 0x0419 tx timeout [ 63.851261][ T4414] loop2: detected capacity change from 0 to 512 [ 63.944651][ T4414] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.3: invalid indirect mapped block 256 (level 2) [ 64.028754][ T4414] EXT4-fs (loop2): 2 truncates cleaned up [ 64.055124][ T4414] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 64.454297][ T4429] IPv6: NLM_F_REPLACE set, but no existing node found! [ 64.491061][ T4431] loop4: detected capacity change from 0 to 256 [ 64.541051][ T4431] netlink: 16 bytes leftover after parsing attributes in process `syz.4.15'. [ 65.710894][ T4450] loop3: detected capacity change from 0 to 16 [ 65.757257][ T4452] process 'syz.4.22' launched '/dev/fd/4' with NULL argv: empty string added [ 65.782023][ T4450] erofs: (device loop3): mounted with root inode @ nid 36. [ 66.640898][ T4269] EXT4-fs (loop2): unmounting filesystem. [ 66.658634][ T4474] capability: warning: `syz.4.31' uses deprecated v2 capabilities in a way that may be insecure [ 67.952864][ T129] cfg80211: failed to load regulatory.db [ 68.156061][ T4504] loop4: detected capacity change from 0 to 512 [ 68.342513][ T4504] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #11: comm syz.4.42: invalid indirect mapped block 256 (level 2) [ 68.394967][ T4504] EXT4-fs (loop4): 2 truncates cleaned up [ 68.400755][ T4504] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 69.003566][ T4510] IPv6: NLM_F_REPLACE set, but no existing node found! [ 69.408344][ T4531] IPv6: NLM_F_REPLACE set, but no existing node found! [ 69.595588][ T4537] loop3: detected capacity change from 0 to 128 [ 70.707991][ T4543] syz.3.53 (4543) used greatest stack depth: 17272 bytes left [ 71.339461][ T4560] loop1: detected capacity change from 0 to 1024 [ 71.352313][ T4560] ext4: Unknown parameter 'subj_type' [ 71.363458][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.370083][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 72.217032][ T4573] xt_TCPMSS: Only works on TCP SYN packets [ 72.569869][ T4513] EXT4-fs error (device loop4): ext4_validate_block_bitmap:429: comm ext4lazyinit: bg 0: block 5: invalid block bitmap [ 72.873578][ T4276] EXT4-fs (loop4): unmounting filesystem. [ 73.428619][ T4600] netlink: 216 bytes leftover after parsing attributes in process `syz.3.69'. [ 73.439572][ T4600] netlink: 40 bytes leftover after parsing attributes in process `syz.3.69'. [ 74.182412][ T4605] loop4: detected capacity change from 0 to 512 [ 74.210330][ T4605] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #11: comm syz.4.73: invalid indirect mapped block 256 (level 2) [ 74.237555][ T4605] EXT4-fs (loop4): 2 truncates cleaned up [ 74.258153][ T4605] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 74.576027][ T4618] IPv6: NLM_F_REPLACE set, but no existing node found! [ 74.660306][ T4619] IPv6: NLM_F_REPLACE set, but no existing node found! [ 75.175786][ T4628] loop3: detected capacity change from 0 to 128 [ 75.215248][ T4628] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 75.272953][ T4628] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 75.341059][ T4365] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 75.362509][ T4630] pit: kvm: requested 179352 ns i8254 timer period limited to 200000 ns [ 75.391915][ T4630] pit: kvm: requested 10895 ns i8254 timer period limited to 200000 ns [ 75.400964][ T4630] pit: kvm: requested 58666 ns i8254 timer period limited to 200000 ns [ 75.419920][ T4630] pit: kvm: requested 131581 ns i8254 timer period limited to 200000 ns [ 75.440161][ T4630] pit: kvm: requested 125714 ns i8254 timer period limited to 200000 ns [ 75.458570][ T4630] pit: kvm: requested 118171 ns i8254 timer period limited to 200000 ns [ 75.481270][ T4630] pit: kvm: requested 154209 ns i8254 timer period limited to 200000 ns [ 75.507441][ T4630] pit: kvm: requested 77942 ns i8254 timer period limited to 200000 ns [ 75.534385][ T4630] pit: kvm: requested 60342 ns i8254 timer period limited to 200000 ns [ 75.559004][ T4630] pit: kvm: requested 170133 ns i8254 timer period limited to 200000 ns [ 76.608985][ T4647] netlink: 216 bytes leftover after parsing attributes in process `syz.2.83'. [ 76.618159][ T4647] netlink: 40 bytes leftover after parsing attributes in process `syz.2.83'. [ 77.389781][ T4276] EXT4-fs (loop4): unmounting filesystem. [ 77.420092][ T4653] overlayfs: option "index=on" is useless in a non-upper mount, ignore [ 77.493491][ T4653] overlayfs: missing 'lowerdir' [ 77.838008][ T4658] loop4: detected capacity change from 0 to 1024 [ 77.849105][ T4658] ext4: Unknown parameter 'subj_type' [ 78.368322][ T4526] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 78.882928][ T4674] netlink: 25 bytes leftover after parsing attributes in process `syz.1.90'. [ 78.972719][ T4674] device gretap0 entered promiscuous mode [ 78.983375][ T4675] netlink: 45349 bytes leftover after parsing attributes in process `syz.1.90'. [ 78.992634][ T4675] 0猉功D龌: renamed from gretap0 [ 79.131409][ T4675] device 00猉功D龌 left promiscuous mode [ 79.152819][ T4679] loop2: detected capacity change from 0 to 764 [ 79.164607][ T4681] loop3: detected capacity change from 0 to 128 [ 79.255077][ T26] audit: type=1800 audit(1768855404.653:2): pid=4681 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.94" name="file1" dev="loop3" ino=1048598 res=0 errno=0 [ 80.314325][ T4689] loop0: detected capacity change from 0 to 512 [ 80.368336][ T4689] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #11: comm syz.0.97: invalid indirect mapped block 256 (level 2) [ 80.451287][ T4689] EXT4-fs (loop0): 2 truncates cleaned up [ 80.457877][ T4689] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 80.723264][ T4680] IPv6: NLM_F_REPLACE set, but no existing node found! [ 80.830122][ T4696] IPv6: NLM_F_REPLACE set, but no existing node found! [ 81.525524][ T4268] EXT4-fs (loop0): unmounting filesystem. [ 82.389016][ T4720] loop3: detected capacity change from 0 to 128 [ 82.455756][ T26] audit: type=1800 audit(1768855407.853:3): pid=4720 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.107" name="file1" dev="loop3" ino=1048599 res=0 errno=0 [ 84.711729][ T4744] loop4: detected capacity change from 0 to 256 [ 84.796330][ T4744] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 198) [ 84.807384][ T4744] FAT-fs (loop4): error, fat_free: invalid cluster chain (i_pos 198) [ 86.212904][ C0] sched: RT throttling activated [ 86.929874][ T4759] netlink: 48 bytes leftover after parsing attributes in process `syz.2.122'. [ 86.941395][ T4759] netlink: 48 bytes leftover after parsing attributes in process `syz.2.122'. [ 87.273167][ T4771] loop3: detected capacity change from 0 to 128 [ 88.344549][ T4788] loop3: detected capacity change from 0 to 512 [ 88.440986][ T4788] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 88.757819][ T4798] loop1: detected capacity change from 0 to 512 [ 88.759490][ T4794] netlink: 48 bytes leftover after parsing attributes in process `syz.3.134'. [ 88.833861][ T4794] netlink: 48 bytes leftover after parsing attributes in process `syz.3.134'. [ 88.916265][ T4798] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz.1.133: bg 0: block 248: padding at end of block bitmap is not set [ 88.993409][ T4798] Quota error (device loop1): write_blk: dquota write failed [ 89.012313][ T4798] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 89.032858][ T4798] EXT4-fs error (device loop1): ext4_acquire_dquot:6835: comm syz.1.133: Failed to acquire dquot type 1 [ 89.055290][ T4808] Illegal XDP return value 4294967294 on prog (id 8) dev N/A, expect packet loss! [ 89.078598][ T4798] EXT4-fs (loop1): 1 truncate cleaned up [ 89.092977][ T4798] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 89.112257][ T4798] ext4 filesystem being mounted at /12/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 89.482555][ T4279] EXT4-fs (loop1): unmounting filesystem. [ 90.420086][ T4826] loop1: detected capacity change from 0 to 512 [ 90.513683][ T4826] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #11: comm syz.1.142: invalid indirect mapped block 256 (level 2) [ 90.699727][ T4826] EXT4-fs (loop1): 2 truncates cleaned up [ 90.709042][ T4826] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 91.419196][ T4853] IPv6: NLM_F_REPLACE set, but no existing node found! [ 92.631154][ T4279] EXT4-fs (loop1): unmounting filesystem. [ 92.663923][ T26] audit: type=1326 audit(1768855418.053:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4864 comm="syz.2.156" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa3b579acb9 code=0x0 [ 93.244409][ T4871] loop4: detected capacity change from 0 to 128 [ 93.474092][ T4875] netlink: 48 bytes leftover after parsing attributes in process `syz.3.159'. [ 93.566967][ T4876] netlink: 48 bytes leftover after parsing attributes in process `syz.3.159'. [ 93.816238][ T4888] loop1: detected capacity change from 0 to 128 [ 93.846003][ T26] audit: type=1800 audit(1768855419.243:5): pid=4888 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.164" name="file1" dev="loop1" ino=1048602 res=0 errno=0 [ 93.938605][ T4892] IPv6: NLM_F_REPLACE set, but no existing node found! [ 95.813642][ T4904] kvm [4898]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0xc2) = 0x5407 [ 99.015509][ T4932] kvm [4928]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x1000000c1 [ 99.749561][ T4939] loop4: detected capacity change from 0 to 8192 [ 100.705347][ T4963] loop0: detected capacity change from 0 to 128 [ 100.820233][ T26] audit: type=1800 audit(1768855426.213:6): pid=4963 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.185" name="file1" dev="loop0" ino=1048603 res=0 errno=0 [ 103.493532][ T4992] device macvtap1 entered promiscuous mode [ 103.536167][ T4992] device vlan0 entered promiscuous mode [ 103.567423][ T4992] team0: Device macvtap1 failed to register rx_handler [ 103.582477][ T4992] device vlan0 left promiscuous mode [ 104.605591][ T4998] IPv6: NLM_F_REPLACE set, but no existing node found! [ 104.841092][ T5008] loop4: detected capacity change from 0 to 128 [ 105.547193][ T26] audit: type=1800 audit(1768855430.943:7): pid=5008 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.200" name="file1" dev="loop4" ino=1048604 res=0 errno=0 [ 106.423156][ T5033] fuse: Bad value for 'fd' [ 106.719808][ T5049] loop1: detected capacity change from 0 to 164 [ 107.255540][ T5057] netlink: 24 bytes leftover after parsing attributes in process `syz.1.214'. [ 107.283056][ T7] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 108.433103][ T7] usb 4-1: Using ep0 maxpacket: 32 [ 108.449347][ T7] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 108.464095][ T5073] loop1: detected capacity change from 0 to 128 [ 108.480488][ T7] usb 4-1: config 0 interface 0 altsetting 16 has 0 endpoint descriptors, different from the interface descriptor's value: 5 [ 108.535277][ T7] usb 4-1: config 0 interface 0 has no altsetting 0 [ 108.556090][ T7] usb 4-1: New USB device found, idVendor=1241, idProduct=5015, bcdDevice= 0.00 [ 108.589694][ T7] usb 4-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 108.590293][ T26] audit: type=1800 audit(1768855433.983:8): pid=5073 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.216" name="file1" dev="loop1" ino=1048605 res=0 errno=0 [ 108.618647][ T7] usb 4-1: Manufacturer: syz [ 108.746441][ T7] usb 4-1: config 0 descriptor?? [ 108.815691][ T7] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 109.396684][ T5081] fuse: Bad value for 'fd' [ 109.663391][ T5088] bridge0: port 2(bridge_slave_1) entered disabled state [ 109.686826][ T5088] device bridge_slave_1 left promiscuous mode [ 109.700301][ T5088] bridge0: port 2(bridge_slave_1) entered disabled state [ 112.435394][ T4320] usb 4-1: USB disconnect, device number 2 [ 114.997276][ T5126] netlink: 25 bytes leftover after parsing attributes in process `syz.3.230'. [ 115.104788][ T5126] device gretap0 entered promiscuous mode [ 115.176501][ T5129] netlink: 45349 bytes leftover after parsing attributes in process `syz.3.230'. [ 115.227102][ T5129] 0猉功D龌: renamed from gretap0 [ 115.267734][ T5129] device 00猉功D龌 left promiscuous mode [ 117.133368][ T5164] fuse: Bad value for 'fd' [ 117.292886][ T5166] loop0: detected capacity change from 0 to 512 [ 117.438602][ T5166] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #11: comm syz.0.246: invalid indirect mapped block 256 (level 2) [ 117.468297][ T5172] loop1: detected capacity change from 0 to 128 [ 117.498709][ T26] audit: type=1800 audit(1768855442.893:9): pid=5172 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.247" name="file1" dev="loop1" ino=1048606 res=0 errno=0 [ 117.556878][ T5166] EXT4-fs (loop0): 2 truncates cleaned up [ 117.562680][ T5166] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 118.828955][ T5183] fuse: Bad value for 'fd' [ 118.886354][ T4268] EXT4-fs (loop0): unmounting filesystem. [ 119.164082][ T5197] fuse: Bad value for 'fd' [ 120.491257][ T5221] loop1: detected capacity change from 0 to 128 [ 120.634138][ T5224] netlink: 25 bytes leftover after parsing attributes in process `syz.3.265'. [ 120.659987][ T26] audit: type=1800 audit(1768855446.053:10): pid=5221 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.264" name="file1" dev="loop1" ino=1048607 res=0 errno=0 [ 120.738194][ T5224] device 00猉功D龌 entered promiscuous mode [ 120.818094][ T5227] netlink: 45349 bytes leftover after parsing attributes in process `syz.3.265'. [ 121.149951][ T5227] 1猉功D龌: renamed from 00猉功D龌 [ 121.167631][ T5227] device 01猉功D龌 left promiscuous mode [ 121.911078][ T5226] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 121.945679][ T5226] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 122.437295][ T5245] fuse: Bad value for 'fd' [ 122.781372][ T5256] loop1: detected capacity change from 0 to 512 [ 122.871354][ T5256] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #11: comm syz.1.279: invalid indirect mapped block 256 (level 2) [ 122.997520][ T5256] EXT4-fs (loop1): 2 truncates cleaned up [ 123.022495][ T5256] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 124.093400][ T4279] EXT4-fs (loop1): unmounting filesystem. [ 124.539610][ T5279] IPv6: NLM_F_REPLACE set, but no existing node found! [ 124.650118][ T26] audit: type=1326 audit(1768855450.043:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5284 comm="syz.0.287" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f28af79acb9 code=0x7ffc0000 [ 124.708717][ T5288] loop3: detected capacity change from 0 to 128 [ 124.729053][ T5289] fuse: Bad value for 'fd' [ 124.928903][ T26] audit: type=1326 audit(1768855450.093:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5284 comm="syz.0.287" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f28af79acb9 code=0x7ffc0000 [ 124.951155][ T26] audit: type=1326 audit(1768855450.093:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5284 comm="syz.0.287" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f28af79acb9 code=0x7ffc0000 [ 124.971316][ T5294] loop0: detected capacity change from 0 to 512 [ 124.973371][ T26] audit: type=1326 audit(1768855450.113:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5284 comm="syz.0.287" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f28af79acb9 code=0x7ffc0000 [ 125.044539][ T5294] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #11: comm syz.0.291: invalid indirect mapped block 256 (level 2) [ 125.068876][ T5294] EXT4-fs (loop0): 2 truncates cleaned up [ 125.072392][ T26] audit: type=1326 audit(1768855450.113:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5284 comm="syz.0.287" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f28af79acb9 code=0x7ffc0000 [ 125.082953][ T5294] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 125.227327][ T26] audit: type=1326 audit(1768855450.113:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5284 comm="syz.0.287" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f28af79acb9 code=0x7ffc0000 [ 125.320381][ T26] audit: type=1326 audit(1768855450.113:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5284 comm="syz.0.287" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f28af79acb9 code=0x7ffc0000 [ 126.014918][ T26] audit: type=1326 audit(1768855450.113:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5284 comm="syz.0.287" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f28af79acb9 code=0x7ffc0000 [ 126.049309][ T4268] EXT4-fs (loop0): unmounting filesystem. [ 126.233202][ T26] audit: type=1326 audit(1768855450.113:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5284 comm="syz.0.287" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f28af79acb9 code=0x7ffc0000 [ 126.293548][ T26] audit: type=1326 audit(1768855450.113:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5284 comm="syz.0.287" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f28af79acb9 code=0x7ffc0000 [ 127.478404][ T5331] loop3: detected capacity change from 0 to 512 [ 127.543554][ T5331] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 127.753205][ T5343] netlink: 'syz.0.305': attribute type 13 has an invalid length. [ 127.760983][ T5343] netlink: 'syz.0.305': attribute type 17 has an invalid length. [ 128.043306][ T5343] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 128.169671][ T5343] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 129.644431][ T5375] netlink: 25 bytes leftover after parsing attributes in process `syz.1.315'. [ 129.927487][ T5375] device 00猉功D龌 entered promiscuous mode [ 130.012937][ T5377] netlink: 45349 bytes leftover after parsing attributes in process `syz.1.315'. [ 130.022203][ T5377] 1猉功D龌: renamed from 00猉功D龌 [ 130.166914][ T5377] device 01猉功D龌 left promiscuous mode [ 130.379626][ T26] kauditd_printk_skb: 3 callbacks suppressed [ 130.379638][ T26] audit: type=1326 audit(1768855455.773:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5383 comm="syz.1.320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e4739acb9 code=0x7ffc0000 [ 130.462955][ T26] audit: type=1326 audit(1768855455.773:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5383 comm="syz.1.320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e4739acb9 code=0x7ffc0000 [ 130.568248][ T26] audit: type=1326 audit(1768855455.823:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5383 comm="syz.1.320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=33 compat=0 ip=0x7f6e4739acb9 code=0x7ffc0000 [ 130.657959][ T5390] loop1: detected capacity change from 0 to 128 [ 130.683018][ T26] audit: type=1326 audit(1768855455.823:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5383 comm="syz.1.320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e4739acb9 code=0x7ffc0000 [ 130.762236][ T26] audit: type=1326 audit(1768855455.823:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5383 comm="syz.1.320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e4739acb9 code=0x7ffc0000 [ 130.825209][ T26] audit: type=1326 audit(1768855455.823:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5383 comm="syz.1.320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f6e4739acb9 code=0x7ffc0000 [ 130.886096][ T5399] loop1: detected capacity change from 0 to 128 [ 130.892590][ T26] audit: type=1326 audit(1768855455.823:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5383 comm="syz.1.320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e4739acb9 code=0x7ffc0000 [ 130.923755][ T5399] FAT-fs (loop1): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1) [ 130.947030][ T26] audit: type=1326 audit(1768855455.823:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5383 comm="syz.1.320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e4739acb9 code=0x7ffc0000 [ 130.985135][ T26] audit: type=1326 audit(1768855455.823:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5383 comm="syz.1.320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f6e4739acb9 code=0x7ffc0000 [ 131.047427][ T26] audit: type=1326 audit(1768855455.823:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5383 comm="syz.1.320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e4739acb9 code=0x7ffc0000 [ 131.081840][ T5015] FAT-fs (loop1): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1) [ 131.090174][ T5385] overlayfs: failed to clone upperpath [ 131.443349][ T5416] capability: warning: `syz.4.329' uses 32-bit capabilities (legacy support in use) [ 131.480175][ T5416] program syz.4.329 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 131.739911][ T5424] loop0: detected capacity change from 0 to 128 [ 131.845697][ T5427] FAT-fs (loop0): error, fat_bmap_cluster: request beyond EOF (i_pos 50) [ 131.861372][ T5427] FAT-fs (loop0): Filesystem has been set read-only [ 132.471928][ T5453] fuse: Bad value for 'fd' [ 132.587930][ T5459] loop3: detected capacity change from 0 to 512 [ 132.635982][ T5459] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 132.701086][ T5461] device batadv_slave_0 entered promiscuous mode [ 132.725005][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.731389][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.756787][ T5460] device batadv_slave_0 left promiscuous mode [ 133.354441][ T5485] netlink: 24 bytes leftover after parsing attributes in process `syz.3.355'. [ 134.741557][ T5489] loop1: detected capacity change from 0 to 1024 [ 134.749121][ T5489] ext4: Unknown parameter 'subj_type' [ 134.806632][ T4526] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 135.321880][ T5502] loop4: detected capacity change from 0 to 736 [ 136.250464][ T5517] loop3: detected capacity change from 0 to 512 [ 137.184118][ T5534] device macvtap2 entered promiscuous mode [ 138.510847][ T5576] loop1: detected capacity change from 0 to 1024 [ 138.521282][ T5576] ext4: Unknown parameter 'subj_type' [ 139.076045][ T4526] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 140.135968][ T5604] loop0: detected capacity change from 0 to 512 [ 140.294922][ T5604] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #11: comm syz.0.403: invalid indirect mapped block 256 (level 2) [ 140.339010][ T5604] EXT4-fs (loop0): 2 truncates cleaned up [ 140.346172][ T5604] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 141.631632][ T5615] netlink: 216 bytes leftover after parsing attributes in process `syz.4.405'. [ 141.641684][ T5615] netlink: 40 bytes leftover after parsing attributes in process `syz.4.405'. [ 141.684191][ T5609] EXT4-fs error (device loop0): ext4_validate_block_bitmap:429: comm ext4lazyinit: bg 0: block 5: invalid block bitmap [ 142.595004][ T5630] IPv6: NLM_F_REPLACE set, but no existing node found! [ 142.728038][ T4352] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 142.901842][ T4352] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 143.038634][ T4352] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 143.993093][ T4352] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 144.995319][ T4284] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 145.017532][ T4284] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 145.025565][ T4284] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 145.040478][ T4284] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 145.048122][ T4284] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 145.055469][ T4284] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 145.224677][ T4268] EXT4-fs (loop0): unmounting filesystem. [ 145.738651][ T5652] chnl_net:caif_netlink_parms(): no params data found [ 146.226279][ T5652] bridge0: port 1(bridge_slave_0) entered blocking state [ 146.262713][ T5652] bridge0: port 1(bridge_slave_0) entered disabled state [ 146.284035][ T5652] device bridge_slave_0 entered promiscuous mode [ 146.856939][ T5652] bridge0: port 2(bridge_slave_1) entered blocking state [ 146.936256][ T5652] bridge0: port 2(bridge_slave_1) entered disabled state [ 146.983170][ T5652] device bridge_slave_1 entered promiscuous mode [ 147.122986][ T4274] Bluetooth: hci2: command 0x0409 tx timeout [ 147.203606][ T5652] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 147.321226][ T5652] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 147.463262][ T127] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 147.531463][ T5652] team0: Port device team_slave_0 added [ 147.570921][ T5652] team0: Port device team_slave_1 added [ 147.664442][ T127] usb 4-1: Using ep0 maxpacket: 32 [ 147.691047][ T127] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 147.775221][ T5735] netlink: 216 bytes leftover after parsing attributes in process `syz.2.444'. [ 147.784742][ T5735] netlink: 40 bytes leftover after parsing attributes in process `syz.2.444'. [ 147.834766][ T127] usb 4-1: config 0 interface 0 altsetting 16 has 0 endpoint descriptors, different from the interface descriptor's value: 5 [ 148.053101][ T127] usb 4-1: config 0 interface 0 has no altsetting 0 [ 148.281066][ T127] usb 4-1: New USB device found, idVendor=1241, idProduct=5015, bcdDevice= 0.00 [ 148.332320][ T127] usb 4-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 148.349788][ T127] usb 4-1: Manufacturer: syz [ 148.368813][ T127] usb 4-1: config 0 descriptor?? [ 148.379858][ T127] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 148.607816][ T5652] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 148.626069][ T5739] loop1: detected capacity change from 0 to 512 [ 148.653977][ T5652] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 148.711202][ T5652] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 148.750660][ T5739] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz.1.446: bg 0: block 248: padding at end of block bitmap is not set [ 148.826553][ T5652] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 148.833734][ T5652] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 148.842227][ T5739] __quota_error: 172 callbacks suppressed [ 148.842242][ T5739] Quota error (device loop1): write_blk: dquota write failed [ 148.862218][ T5652] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 148.928912][ T5739] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 148.950711][ T5652] device hsr_slave_0 entered promiscuous mode [ 148.966367][ T5739] EXT4-fs error (device loop1): ext4_acquire_dquot:6835: comm syz.1.446: Failed to acquire dquot type 1 [ 149.007929][ T5739] EXT4-fs (loop1): 1 truncate cleaned up [ 149.059686][ T5739] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 149.080028][ T5739] ext4 filesystem being mounted at /73/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 149.126100][ T5652] device hsr_slave_1 entered promiscuous mode [ 149.153467][ T5652] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 149.161971][ T5652] Cannot create hsr debugfs directory [ 149.203846][ T4274] Bluetooth: hci2: command 0x041b tx timeout [ 150.467569][ T4352] device hsr_slave_0 left promiscuous mode [ 150.526603][ T4352] device hsr_slave_1 left promiscuous mode [ 150.597408][ T4352] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 150.613288][ T4279] EXT4-fs (loop1): unmounting filesystem. [ 150.633081][ T4352] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 150.717296][ T4352] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 150.733102][ T4352] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 150.771378][ T4352] device bridge_slave_1 left promiscuous mode [ 150.802805][ T4352] bridge0: port 2(bridge_slave_1) entered disabled state [ 150.886598][ T4352] device bridge_slave_0 left promiscuous mode [ 150.892921][ T4352] bridge0: port 1(bridge_slave_0) entered disabled state [ 150.996885][ T4352] device veth1_macvtap left promiscuous mode [ 151.030243][ T4352] device veth0_macvtap left promiscuous mode [ 151.058542][ T4352] device veth1_vlan left promiscuous mode [ 151.077290][ T4352] device veth0_vlan left promiscuous mode [ 151.158744][ T4323] usb 4-1: USB disconnect, device number 3 [ 151.284112][ T4274] Bluetooth: hci2: command 0x040f tx timeout [ 151.478273][ T5788] netlink: 216 bytes leftover after parsing attributes in process `syz.3.457'. [ 151.487781][ T5788] netlink: 40 bytes leftover after parsing attributes in process `syz.3.457'. [ 152.216505][ T5794] loop0: detected capacity change from 0 to 512 [ 152.329742][ T5794] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #11: comm syz.0.459: invalid indirect mapped block 256 (level 2) [ 152.343838][ T5794] EXT4-fs (loop0): 2 truncates cleaned up [ 152.349707][ T5794] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 153.256663][ T4268] EXT4-fs (loop0): unmounting filesystem. [ 153.379201][ T4274] Bluetooth: hci2: command 0x0419 tx timeout [ 153.458377][ T5809] ipt_CLUSTERIP: Please specify destination IP [ 153.770726][ T4352] team0 (unregistering): Port device team_slave_1 removed [ 153.891958][ T4352] team0 (unregistering): Port device team_slave_0 removed [ 153.961987][ T4352] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 154.019945][ T4352] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 154.402092][ T4352] bond0 (unregistering): Released all slaves [ 154.589205][ T5806] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 154.640672][ T5806] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 154.647911][ T5815] loop1: detected capacity change from 0 to 512 [ 154.671665][ T5812] IPv6: NLM_F_REPLACE set, but no existing node found! [ 154.798159][ T5815] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz.1.463: bg 0: block 248: padding at end of block bitmap is not set [ 154.844138][ T5815] Quota error (device loop1): write_blk: dquota write failed [ 154.851737][ T5815] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 154.864924][ T5815] EXT4-fs error (device loop1): ext4_acquire_dquot:6835: comm syz.1.463: Failed to acquire dquot type 1 [ 154.893083][ T5815] EXT4-fs (loop1): 1 truncate cleaned up [ 154.898953][ T5815] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 154.960018][ T5815] ext4 filesystem being mounted at /76/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 156.269600][ T5652] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 156.296744][ T4279] EXT4-fs (loop1): unmounting filesystem. [ 156.308583][ T5652] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 156.385335][ T5652] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 156.425087][ T5652] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 156.728842][ T5652] 8021q: adding VLAN 0 to HW filter on device bond0 [ 156.752909][ T4328] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 156.781154][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 156.802291][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 156.841891][ T5652] 8021q: adding VLAN 0 to HW filter on device team0 [ 156.871862][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 156.898147][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 156.928087][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 156.935283][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 156.962993][ T4328] usb 4-1: Using ep0 maxpacket: 32 [ 156.977557][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 156.985970][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 156.994323][ T4328] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 156.994377][ T4328] usb 4-1: config 0 interface 0 altsetting 16 has 0 endpoint descriptors, different from the interface descriptor's value: 5 [ 156.994403][ T4328] usb 4-1: config 0 interface 0 has no altsetting 0 [ 156.995522][ T4328] usb 4-1: New USB device found, idVendor=1241, idProduct=5015, bcdDevice= 0.00 [ 157.028885][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 157.042293][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 157.049470][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 157.059121][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 157.150858][ T5652] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 157.198054][ T5652] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 157.209352][ T4328] usb 4-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 157.255011][ T4328] usb 4-1: Manufacturer: syz [ 157.255724][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 157.299289][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 157.300942][ T4328] usb 4-1: config 0 descriptor?? [ 157.361906][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 157.458528][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 157.492412][ T5872] netlink: 216 bytes leftover after parsing attributes in process `syz.2.473'. [ 157.501875][ T5872] netlink: 40 bytes leftover after parsing attributes in process `syz.2.473'. [ 157.675308][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 157.818134][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 157.968625][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 158.112586][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 158.349106][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 158.479167][ T4328] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 158.536231][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 158.585773][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 158.821616][ T5884] loop1: detected capacity change from 0 to 512 [ 158.947228][ T5884] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz.1.476: bg 0: block 248: padding at end of block bitmap is not set [ 159.156745][ T5884] Quota error (device loop1): write_blk: dquota write failed [ 159.201148][ T5884] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 159.233166][ T5884] EXT4-fs error (device loop1): ext4_acquire_dquot:6835: comm syz.1.476: Failed to acquire dquot type 1 [ 159.304832][ T5894] IPv6: NLM_F_REPLACE set, but no existing node found! [ 159.630653][ T5884] EXT4-fs (loop1): 1 truncate cleaned up [ 159.645008][ T5884] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 159.715855][ T4575] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 159.733648][ T5884] ext4 filesystem being mounted at /80/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 159.752344][ T4575] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 159.843663][ T5652] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 160.633920][ T4279] EXT4-fs (loop1): unmounting filesystem. [ 160.821076][ T5904] loop0: detected capacity change from 0 to 8192 [ 160.900947][ T5910] loop2: detected capacity change from 0 to 7 [ 160.968874][ T5910] Dev loop2: unable to read RDB block 7 [ 160.997103][ T5910] loop2: unable to read partition table [ 161.033326][ T5910] loop2: partition table beyond EOD, truncated [ 161.071646][ T5910] loop_reread_partitions: partition scan of loop2 (x鼦熝鄸 ) failed (rc=-5) [ 161.117158][ T3637] Dev loop2: unable to read RDB block 7 [ 161.122777][ T3637] loop2: unable to read partition table [ 161.171284][ T3637] loop2: partition table beyond EOD, truncated [ 161.505115][ T5930] netlink: 216 bytes leftover after parsing attributes in process `syz.0.484'. [ 161.514491][ T5930] netlink: 40 bytes leftover after parsing attributes in process `syz.0.484'. [ 162.285673][ T4575] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 162.324605][ T4575] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 162.372650][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 162.419475][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 162.440156][ T5652] device veth0_vlan entered promiscuous mode [ 162.462927][ T7] usb 4-1: USB disconnect, device number 4 [ 162.470922][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 162.506351][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 162.547489][ T5652] device veth1_vlan entered promiscuous mode [ 162.620727][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 162.640197][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 162.667806][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 162.703875][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 162.728919][ T5652] device veth0_macvtap entered promiscuous mode [ 162.783723][ T5652] device veth1_macvtap entered promiscuous mode [ 162.817656][ T5652] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 162.851408][ T5652] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 162.894344][ T5652] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 162.921445][ T5949] loop0: detected capacity change from 0 to 512 [ 162.949115][ T5652] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 162.961132][ T5652] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 163.012072][ T5652] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 163.042379][ T5949] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz.0.489: bg 0: block 248: padding at end of block bitmap is not set [ 163.082881][ T5652] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 163.133325][ T5652] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 163.145874][ T5652] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 163.158453][ T5652] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 163.160642][ T5949] Quota error (device loop0): write_blk: dquota write failed [ 163.178778][ T5652] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 163.189570][ T5652] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 163.234004][ T5949] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 163.236964][ T5652] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 163.252755][ T5949] EXT4-fs error (device loop0): ext4_acquire_dquot:6835: comm syz.0.489: Failed to acquire dquot type 1 [ 163.294829][ T5652] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 163.314982][ T5949] EXT4-fs (loop0): 1 truncate cleaned up [ 163.339523][ T5652] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 163.347620][ T5949] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 163.380108][ T5652] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 163.387693][ T5949] ext4 filesystem being mounted at /76/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 163.410550][ T5652] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 163.464781][ T5652] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 163.472590][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 163.495669][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 163.537011][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 163.580544][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 163.624661][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 163.652198][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 164.465064][ T4268] EXT4-fs (loop0): unmounting filesystem. [ 164.472622][ T5652] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 164.508289][ T5652] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 164.573131][ T5652] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 164.582131][ T5652] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 164.813039][ T3910] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 164.838524][ T75] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 164.878174][ T75] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 164.919252][ T4519] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 164.938565][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 164.958730][ T4519] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 164.993006][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 165.002913][ T3910] usb 2-1: Using ep0 maxpacket: 32 [ 165.011520][ T3910] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 165.067105][ T3910] usb 2-1: config 0 interface 0 altsetting 16 has 0 endpoint descriptors, different from the interface descriptor's value: 5 [ 165.120988][ T3910] usb 2-1: config 0 interface 0 has no altsetting 0 [ 165.208484][ T3910] usb 2-1: New USB device found, idVendor=1241, idProduct=5015, bcdDevice= 0.00 [ 165.228130][ T3910] usb 2-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 165.266029][ T3910] usb 2-1: Manufacturer: syz [ 165.306722][ T3910] usb 2-1: config 0 descriptor?? [ 165.343272][ T3910] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 165.622387][ T6000] loop0: detected capacity change from 0 to 1024 [ 165.729534][ T6000] ext4: Unknown parameter 'subj_type' [ 166.204627][ T6016] loop3: detected capacity change from 0 to 128 [ 166.266482][ T26] audit: type=1800 audit(1768855491.663:206): pid=6016 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.501" name="file1" dev="loop3" ino=1048617 res=0 errno=0 [ 167.359313][ T6025] IPv6: NLM_F_REPLACE set, but no existing node found! [ 168.437053][ T6036] netlink: 4 bytes leftover after parsing attributes in process `syz.2.506'. [ 169.073070][ T6056] loop0: detected capacity change from 0 to 512 [ 169.183811][ T6056] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz.0.513: bg 0: block 248: padding at end of block bitmap is not set [ 169.225092][ T6056] Quota error (device loop0): write_blk: dquota write failed [ 169.232539][ T6056] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 169.294023][ T6056] EXT4-fs error (device loop0): ext4_acquire_dquot:6835: comm syz.0.513: Failed to acquire dquot type 1 [ 169.389644][ T6056] EXT4-fs (loop0): 1 truncate cleaned up [ 169.427884][ T6056] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 169.505687][ T6056] ext4 filesystem being mounted at /78/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 170.407334][ T4347] usb 2-1: USB disconnect, device number 2 [ 170.953220][ T4268] EXT4-fs (loop0): unmounting filesystem. [ 170.974307][ T6081] IPv6: NLM_F_REPLACE set, but no existing node found! [ 173.168307][ T6128] netlink: 216 bytes leftover after parsing attributes in process `syz.1.530'. [ 173.243877][ T6128] netlink: 40 bytes leftover after parsing attributes in process `syz.1.530'. [ 177.458244][ T6187] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 177.515614][ T6187] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 177.597476][ T6199] loop1: detected capacity change from 0 to 512 [ 177.636225][ T6198] overlayfs: failed to clone upperpath [ 177.748972][ T26] audit: type=1800 audit(1768855503.143:207): pid=6199 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.548" name="file1" dev="loop1" ino=1048618 res=0 errno=0 [ 178.180743][ T6212] loop3: detected capacity change from 0 to 128 [ 178.732515][ T6222] syz.3.554: attempt to access beyond end of device [ 178.732515][ T6222] loop3: rw=2049, sector=145, nr_sectors = 896 limit=128 [ 178.837061][ T7] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 179.324334][ T6221] syz.3.554: attempt to access beyond end of device [ 179.324334][ T6221] loop3: rw=524288, sector=897, nr_sectors = 144 limit=128 [ 179.508768][ T6210] syz.3.554: attempt to access beyond end of device [ 179.508768][ T6210] loop3: rw=524288, sector=145, nr_sectors = 224 limit=128 [ 179.532556][ T6221] syz.3.554: attempt to access beyond end of device [ 179.532556][ T6221] loop3: rw=0, sector=1025, nr_sectors = 8 limit=128 [ 179.692936][ T7] usb 2-1: Using ep0 maxpacket: 32 [ 179.701435][ T7] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 179.809163][ T7] usb 2-1: config 0 interface 0 altsetting 16 has 0 endpoint descriptors, different from the interface descriptor's value: 5 [ 179.852405][ T7] usb 2-1: config 0 interface 0 has no altsetting 0 [ 179.892928][ T7] usb 2-1: New USB device found, idVendor=1241, idProduct=5015, bcdDevice= 0.00 [ 179.932397][ T7] usb 2-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 179.983823][ T7] usb 2-1: Manufacturer: syz [ 180.008266][ T7] usb 2-1: config 0 descriptor?? [ 180.039007][ T7] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 180.883004][ T4277] Bluetooth: hci4: command 0x0406 tx timeout [ 180.889092][ T4277] Bluetooth: hci1: command 0x0406 tx timeout [ 180.902938][ T4274] Bluetooth: hci3: command 0x0406 tx timeout [ 180.907567][ T4284] Bluetooth: hci0: command 0x0406 tx timeout [ 181.152557][ T6293] fuse: Bad value for 'fd' [ 181.440317][ T7] usb 2-1: USB disconnect, device number 3 [ 181.484157][ T6302] team0: No ports can be present during mode change [ 182.147586][ T6322] loop1: detected capacity change from 0 to 512 [ 182.231418][ T6322] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #11: comm syz.1.587: invalid indirect mapped block 256 (level 2) [ 182.299862][ T6331] IPv6: NLM_F_REPLACE set, but no existing node found! [ 182.693613][ T6322] EXT4-fs (loop1): 2 truncates cleaned up [ 182.866981][ T6322] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 183.190126][ T6344] netlink: 216 bytes leftover after parsing attributes in process `syz.2.592'. [ 183.199384][ T6344] netlink: 40 bytes leftover after parsing attributes in process `syz.2.592'. [ 183.273858][ T6347] IPv6: NLM_F_REPLACE set, but no existing node found! [ 183.852988][ T6329] EXT4-fs error (device loop1): ext4_validate_block_bitmap:429: comm ext4lazyinit: bg 0: block 5: invalid block bitmap [ 184.803027][ T6383] Zero length message leads to an empty skb [ 184.984900][ T6391] netlink: 28 bytes leftover after parsing attributes in process `syz.3.610'. [ 185.073157][ T6395] xt_hashlimit: max too large, truncated to 1048576 [ 185.111353][ T4279] EXT4-fs (loop1): unmounting filesystem. [ 185.923724][ T6434] xt_hashlimit: overflow, try lower: 3/0 [ 186.300872][ T6449] loop0: detected capacity change from 0 to 1024 [ 186.308056][ T6449] ext4: Unknown parameter 'subj_type' [ 189.123205][ T4526] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 189.277996][ T6474] netlink: 5 bytes leftover after parsing attributes in process `syz.2.630'. [ 189.981363][ T6486] kvm [6485]: vcpu0, guest rIP: 0x0 Unhandled WRMSR(0x1d9) = 0x5555555555555555 [ 192.363413][ T6507] loop1: detected capacity change from 0 to 128 [ 192.463597][ T26] audit: type=1800 audit(1768855517.863:208): pid=6507 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.642" name="file1" dev="loop1" ino=1048620 res=0 errno=0 [ 194.183271][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.189702][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.236234][ T6552] kvm [6551]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0xfffb0000c0b8 [ 194.342183][ T6552] kvm [6551]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x186) = 0xefed [ 194.532346][ T6568] IPv6: NLM_F_REPLACE set, but no existing node found! [ 194.557720][ T6552] kvm [6551]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x186) = 0x7f2e [ 195.475355][ T6571] netlink: 25 bytes leftover after parsing attributes in process `syz.5.649'. [ 195.505410][ T6571] device gretap0 entered promiscuous mode [ 195.686466][ T6572] netlink: 45349 bytes leftover after parsing attributes in process `syz.5.649'. [ 195.702513][ T6572] 0猉功D龌: renamed from gretap0 [ 195.723255][ T6572] device 00猉功D龌 left promiscuous mode [ 195.731141][ T6574] IPv6: NLM_F_REPLACE set, but no existing node found! [ 195.838764][ T6584] xt_connbytes: Forcing CT accounting to be enabled [ 195.857927][ T6584] x_tables: ip_tables: DNAT target: used from hooks POSTROUTING, but only usable from PREROUTING/OUTPUT [ 197.098089][ T6617] loop0: detected capacity change from 0 to 128 [ 197.168948][ T26] audit: type=1800 audit(197.179:209): pid=6617 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.670" name="file1" dev="loop0" ino=1048621 res=0 errno=0 [ 202.251679][ T6669] device vlan2 entered promiscuous mode [ 202.283125][ T6669] device bond0 entered promiscuous mode [ 202.309616][ T6669] device bond_slave_0 entered promiscuous mode [ 202.332668][ T6669] device bond_slave_1 entered promiscuous mode [ 202.382802][ T6676] loop3: detected capacity change from 0 to 512 [ 202.486442][ T6676] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz.3.687: bg 0: block 248: padding at end of block bitmap is not set [ 202.503474][ T6676] Quota error (device loop3): write_blk: dquota write failed [ 202.520170][ T6676] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 202.593255][ T6676] EXT4-fs error (device loop3): ext4_acquire_dquot:6835: comm syz.3.687: Failed to acquire dquot type 1 [ 202.614041][ T6676] EXT4-fs (loop3): 1 truncate cleaned up [ 202.619742][ T6676] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 202.669655][ T6685] netlink: 8 bytes leftover after parsing attributes in process `syz.0.689'. [ 202.678935][ T6685] netlink: 4 bytes leftover after parsing attributes in process `syz.0.689'. [ 202.817414][ T6690] netlink: 25 bytes leftover after parsing attributes in process `syz.1.682'. [ 202.934730][ T6690] device 01猉功D龌 entered promiscuous mode [ 202.970180][ T6692] netlink: 45349 bytes leftover after parsing attributes in process `syz.1.682'. [ 203.021456][ T6692] 0猉功D龌: renamed from 01猉功D龌 [ 203.451004][ T6692] device 00猉功D龌 left promiscuous mode [ 203.638174][ T4275] EXT4-fs (loop3): unmounting filesystem. [ 205.606862][ T6733] loop0: detected capacity change from 0 to 1764 [ 205.892705][ T6745] loop0: detected capacity change from 0 to 512 [ 206.004302][ T6745] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz.0.704: bg 0: block 248: padding at end of block bitmap is not set [ 206.036392][ T6745] Quota error (device loop0): write_blk: dquota write failed [ 206.066614][ T6745] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 206.079893][ T6745] EXT4-fs error (device loop0): ext4_acquire_dquot:6835: comm syz.0.704: Failed to acquire dquot type 1 [ 206.135966][ T6745] EXT4-fs (loop0): 1 truncate cleaned up [ 206.141691][ T6745] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 207.048595][ T6774] loop1: detected capacity change from 0 to 512 [ 207.115474][ T4268] EXT4-fs (loop0): unmounting filesystem. [ 207.135840][ T6774] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #11: comm syz.1.711: invalid indirect mapped block 256 (level 2) [ 207.153822][ T6774] EXT4-fs (loop1): 2 truncates cleaned up [ 207.159608][ T6774] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 207.489268][ T6786] IPv6: NLM_F_REPLACE set, but no existing node found! [ 208.019898][ T6783] IPv6: NLM_F_REPLACE set, but no existing node found! [ 209.383295][ T4279] EXT4-fs (loop1): unmounting filesystem. [ 209.849187][ T6848] netlink: 216 bytes leftover after parsing attributes in process `syz.1.724'. [ 209.858364][ T6848] netlink: 40 bytes leftover after parsing attributes in process `syz.1.724'. [ 210.744926][ T6871] IPv6: NLM_F_REPLACE set, but no existing node found! [ 211.086535][ T6893] netlink: 'syz.2.742': attribute type 13 has an invalid length. [ 211.119605][ T6893] gretap0: refused to change device tx_queue_len [ 211.127790][ T6893] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 211.298318][ T26] audit: type=1326 audit(211.309:210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6899 comm="syz.1.743" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e4739acb9 code=0x7ffc0000 [ 211.362393][ T26] audit: type=1326 audit(211.319:211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6899 comm="syz.1.743" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e4739acb9 code=0x7ffc0000 [ 211.397849][ T26] audit: type=1326 audit(211.319:212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6899 comm="syz.1.743" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e4739acb9 code=0x7ffc0000 [ 211.571603][ T6908] netlink: 216 bytes leftover after parsing attributes in process `syz.5.746'. [ 211.581682][ T6908] netlink: 40 bytes leftover after parsing attributes in process `syz.5.746'. [ 211.672299][ T26] audit: type=1326 audit(211.319:213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6899 comm="syz.1.743" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6e4739acb9 code=0x7ffc0000 [ 212.589363][ T26] audit: type=1326 audit(211.319:214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6899 comm="syz.1.743" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e4739acb9 code=0x7ffc0000 [ 213.059970][ T6928] netlink: 20 bytes leftover after parsing attributes in process `syz.2.751'. [ 213.490997][ T26] audit: type=1326 audit(211.319:215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6899 comm="syz.1.743" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e4739acb9 code=0x7ffc0000 [ 213.767324][ T6939] netlink: 8 bytes leftover after parsing attributes in process `syz.5.755'. [ 213.775161][ T26] audit: type=1326 audit(211.319:216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6899 comm="syz.1.743" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e4739acb9 code=0x7ffc0000 [ 213.909966][ T26] audit: type=1326 audit(211.319:217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6899 comm="syz.1.743" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e4739acb9 code=0x7ffc0000 [ 213.962954][ T26] audit: type=1326 audit(211.319:218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6899 comm="syz.1.743" exe="/root/syz-executor" sig=0 arch=c000003e syscall=117 compat=0 ip=0x7f6e4739acb9 code=0x7ffc0000 [ 214.047937][ T26] audit: type=1326 audit(211.319:219): auid=4294967295 uid=60929 gid=0 ses=4294967295 subj=unconfined pid=6899 comm="syz.1.743" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e4739acb9 code=0x7ffc0000 [ 214.144698][ T6947] IPv6: NLM_F_REPLACE set, but no existing node found! [ 214.651423][ T6970] netlink: 20 bytes leftover after parsing attributes in process `syz.5.764'. [ 215.266390][ T6968] loop3: detected capacity change from 0 to 8192 [ 216.157188][ T6997] bridge1: the hash_elasticity option has been deprecated and is always 16 [ 216.165899][ T6997] bridge1: trying to set multicast query interval below minimum, setting to 100 (1000ms) [ 217.168215][ T7008] netlink: 216 bytes leftover after parsing attributes in process `syz.2.781'. [ 217.177671][ T7008] netlink: 40 bytes leftover after parsing attributes in process `syz.2.781'. [ 219.973408][ T7] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 220.163249][ T7] usb 2-1: Using ep0 maxpacket: 32 [ 220.176991][ T7] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 220.201947][ T7] usb 2-1: config 0 interface 0 altsetting 16 has 0 endpoint descriptors, different from the interface descriptor's value: 5 [ 220.240409][ T7] usb 2-1: config 0 interface 0 has no altsetting 0 [ 220.270259][ T7] usb 2-1: New USB device found, idVendor=1241, idProduct=5015, bcdDevice= 0.00 [ 220.297491][ T7] usb 2-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 220.320302][ T7] usb 2-1: Manufacturer: syz [ 220.350325][ T7] usb 2-1: config 0 descriptor?? [ 220.385585][ T7] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 222.622103][ T7] usb 2-1: USB disconnect, device number 4 [ 226.112887][ T7164] overlayfs: failed to clone upperpath [ 226.266812][ T7159] overlayfs: missing 'lowerdir' [ 226.512634][ T26] kauditd_printk_skb: 8 callbacks suppressed [ 226.512649][ T26] audit: type=1804 audit(226.519:228): pid=7183 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.846" name="bus" dev="ramfs" ino=43232 res=1 errno=0 [ 227.982864][ T7189] netlink: 25 bytes leftover after parsing attributes in process `syz.3.847'. [ 228.508384][ T7189] device 01猉功D龌 entered promiscuous mode [ 228.516907][ T7191] netlink: 45349 bytes leftover after parsing attributes in process `syz.3.847'. [ 228.526392][ T7191] 0猉功D龌: renamed from 01猉功D龌 [ 228.546134][ T7191] device 00猉功D龌 left promiscuous mode [ 229.018814][ T7212] loop1: detected capacity change from 0 to 1024 [ 229.026048][ T7212] ext4: Unknown parameter 'subj_type' [ 229.090737][ T4526] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 229.463728][ T26] audit: type=1326 audit(229.479:229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7227 comm="syz.0.859" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f28af79acb9 code=0x0 [ 229.471916][ T7229] netlink: 'syz.3.858': attribute type 1 has an invalid length. [ 229.552543][ T7229] device bond1 entered promiscuous mode [ 229.575113][ T7229] 8021q: adding VLAN 0 to HW filter on device bond1 [ 229.593296][ T7232] bond1: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 229.613642][ T7232] bond1: (slave ipvlan2): The slave device specified does not support setting the MAC address [ 229.637542][ T7232] bond1: (slave ipvlan2): Setting fail_over_mac to active for active-backup mode [ 230.003576][ T7243] netlink: 25 bytes leftover after parsing attributes in process `syz.1.860'. [ 230.038182][ T7243] device 00猉功D龌 entered promiscuous mode [ 230.062628][ T7243] netlink: 45349 bytes leftover after parsing attributes in process `syz.1.860'. [ 230.073698][ T7243] 1猉功D龌: renamed from 00猉功D龌 [ 230.420749][ T7243] device 01猉功D龌 left promiscuous mode [ 230.967423][ T7265] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 231.007032][ T7265] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 231.145839][ T26] audit: type=1326 audit(231.159:230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7276 comm="syz.0.877" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f28af79acb9 code=0x7ffc0000 [ 231.191759][ T26] audit: type=1326 audit(231.189:231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7276 comm="syz.0.877" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f28af79acb9 code=0x7ffc0000 [ 231.223681][ T26] audit: type=1326 audit(231.199:232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7276 comm="syz.0.877" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f28af79acb9 code=0x7ffc0000 [ 231.277916][ T26] audit: type=1326 audit(231.199:233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7276 comm="syz.0.877" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f28af79acb9 code=0x7ffc0000 [ 231.316804][ T26] audit: type=1326 audit(231.199:234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7276 comm="syz.0.877" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f28af79acb9 code=0x7ffc0000 [ 231.343666][ T26] audit: type=1326 audit(231.199:235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7276 comm="syz.0.877" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f28af79acb9 code=0x7ffc0000 [ 231.390023][ T26] audit: type=1326 audit(231.199:236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7276 comm="syz.0.877" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f28af79acb9 code=0x7ffc0000 [ 231.481639][ T26] audit: type=1326 audit(231.199:237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7276 comm="syz.0.877" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f28af79acb9 code=0x7ffc0000 [ 231.567336][ T7287] netlink: 25 bytes leftover after parsing attributes in process `syz.2.879'. [ 231.578236][ T7287] device gretap0 entered promiscuous mode [ 231.601856][ T7287] netlink: 45349 bytes leftover after parsing attributes in process `syz.2.879'. [ 231.611923][ T7287] 0猉功D龌: renamed from gretap0 [ 232.100864][ T26] audit: type=1326 audit(231.199:238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7276 comm="syz.0.877" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f28af79acb9 code=0x7ffc0000 [ 232.138272][ T7287] device 00猉功D龌 left promiscuous mode [ 232.162943][ T26] audit: type=1326 audit(231.199:239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7276 comm="syz.0.877" exe="/root/syz-executor" sig=0 arch=c000003e syscall=50 compat=0 ip=0x7f28af79acb9 code=0x7ffc0000 [ 232.303097][ T26] audit: type=1326 audit(231.199:240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7276 comm="syz.0.877" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f28af79acb9 code=0x7ffc0000 [ 232.361935][ T26] audit: type=1326 audit(231.199:241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7276 comm="syz.0.877" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f28af79acb9 code=0x7ffc0000 [ 232.536679][ T26] audit: type=1326 audit(231.199:242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7276 comm="syz.0.877" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f28af79acb9 code=0x7ffc0000 [ 232.559784][ T26] audit: type=1326 audit(231.199:243): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7276 comm="syz.0.877" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f28af79acb9 code=0x7ffc0000 [ 232.585995][ T26] audit: type=1326 audit(231.199:244): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7276 comm="syz.0.877" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f28af79acb9 code=0x7ffc0000 [ 232.619953][ T26] audit: type=1326 audit(231.199:245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7276 comm="syz.0.877" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f28af79acb9 code=0x7ffc0000 [ 233.370701][ T26] audit: type=1326 audit(231.199:246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7276 comm="syz.0.877" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f28af79acb9 code=0x7ffc0000 [ 233.404702][ T26] audit: type=1326 audit(231.229:247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7276 comm="syz.0.877" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f28af79acb9 code=0x7ffc0000 [ 233.561753][ T7315] netlink: 'syz.1.890': attribute type 15 has an invalid length. [ 233.906745][ T7330] netlink: 12 bytes leftover after parsing attributes in process `syz.1.897'. [ 234.033617][ T7334] netlink: 25 bytes leftover after parsing attributes in process `syz.2.894'. [ 234.060283][ T7334] device 00猉功D龌 entered promiscuous mode [ 234.110675][ T7337] netlink: 45349 bytes leftover after parsing attributes in process `syz.2.894'. [ 234.127933][ T7337] 1猉功D龌: renamed from 00猉功D龌 [ 234.148982][ T7337] device 01猉功D龌 left promiscuous mode [ 238.796493][ T7412] netlink: 'syz.5.927': attribute type 1 has an invalid length. [ 239.011396][ T7412] device bond1 entered promiscuous mode [ 239.668002][ T7412] 8021q: adding VLAN 0 to HW filter on device bond1 [ 240.181674][ T7443] netlink: 'syz.5.941': attribute type 1 has an invalid length. [ 240.329018][ T7443] device bond2 entered promiscuous mode [ 240.366621][ T7443] 8021q: adding VLAN 0 to HW filter on device bond2 [ 241.409340][ T7486] netlink: 'syz.1.955': attribute type 1 has an invalid length. [ 241.499217][ T7486] device bond1 entered promiscuous mode [ 241.519419][ T7486] 8021q: adding VLAN 0 to HW filter on device bond1 [ 245.037810][ T7586] netlink: 25 bytes leftover after parsing attributes in process `syz.2.986'. [ 245.193139][ T7586] device 01猉功D龌 entered promiscuous mode [ 245.225349][ T7591] netlink: 45349 bytes leftover after parsing attributes in process `syz.2.986'. [ 245.234870][ T7591] 0猉功D龌: renamed from 01猉功D龌 [ 245.257250][ T7591] device 00猉功D龌 left promiscuous mode [ 249.331965][ T7647] netlink: 'syz.2.1011': attribute type 1 has an invalid length. [ 250.069512][ T7647] device bond1 entered promiscuous mode [ 250.081157][ T7650] Process accounting resumed [ 250.093229][ T7647] 8021q: adding VLAN 0 to HW filter on device bond1 [ 250.886121][ T7673] netlink: 25 bytes leftover after parsing attributes in process `syz.2.1022'. [ 250.895854][ T7673] device 00猉功D龌 entered promiscuous mode [ 250.934468][ T7673] netlink: 45349 bytes leftover after parsing attributes in process `syz.2.1022'. [ 250.944545][ T7673] 1猉功D龌: renamed from 00猉功D龌 [ 250.952344][ T7673] device 01猉功D龌 left promiscuous mode [ 251.997283][ T7698] netlink: 'syz.1.1030': attribute type 1 has an invalid length. [ 252.102180][ T7698] device bond2 entered promiscuous mode [ 252.136140][ T7698] 8021q: adding VLAN 0 to HW filter on device bond2 [ 253.323803][ T7722] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1039'. [ 253.667826][ T7738] netlink: 'syz.0.1048': attribute type 1 has an invalid length. [ 254.293624][ T7738] device bond1 entered promiscuous mode [ 254.299475][ T7738] 8021q: adding VLAN 0 to HW filter on device bond1 [ 254.560295][ T7759] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1055'. [ 255.605161][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.611552][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 258.454676][ T7850] netlink: 25 bytes leftover after parsing attributes in process `syz.5.1090'. [ 258.464033][ T7850] device 00猉功D龌 entered promiscuous mode [ 258.476223][ T7850] netlink: 45349 bytes leftover after parsing attributes in process `syz.5.1090'. [ 258.485659][ T7850] 1猉功D龌: renamed from 00猉功D龌 [ 258.503917][ T7850] device 01猉功D龌 left promiscuous mode [ 260.937706][ T7865] netlink: 'syz.3.1098': attribute type 1 has an invalid length. [ 261.038336][ T7865] device bond2 entered promiscuous mode [ 261.073339][ T7865] 8021q: adding VLAN 0 to HW filter on device bond2 [ 261.204835][ T7874] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1097'. [ 263.393620][ T7911] netlink: 'syz.0.1115': attribute type 1 has an invalid length. [ 263.607650][ T7911] device bond2 entered promiscuous mode [ 263.635315][ T7911] 8021q: adding VLAN 0 to HW filter on device bond2 [ 263.738878][ T7928] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1117'. [ 266.699177][ T7966] netlink: 'syz.5.1136': attribute type 1 has an invalid length. [ 266.731210][ T7966] device bond3 entered promiscuous mode [ 266.741478][ T7966] 8021q: adding VLAN 0 to HW filter on device bond3 [ 267.062657][ T7979] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1137'. [ 268.483142][ T4270] Bluetooth: hci2: command 0x0406 tx timeout [ 271.002410][ T8029] fuse: Bad value for 'fd' [ 273.683964][ T8062] netlink: 'syz.5.1172': attribute type 1 has an invalid length. [ 273.743392][ T8062] device bond4 entered promiscuous mode [ 273.762670][ T8062] 8021q: adding VLAN 0 to HW filter on device bond4 [ 273.815261][ T8060] overlayfs: failed to clone upperpath [ 274.287135][ T8091] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1185'. [ 274.454192][ T8093] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1182'. [ 275.233300][ T8099] netlink: 216 bytes leftover after parsing attributes in process `syz.2.1186'. [ 275.243980][ T8099] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1186'. [ 278.171268][ T8125] overlayfs: failed to clone upperpath [ 279.287945][ T8152] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1209'. [ 282.152935][ T8188] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1223'. [ 285.005056][ T8223] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1237'. [ 286.235605][ T8241] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1245'. [ 287.189180][ T8257] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1251'. [ 294.452379][ T8368] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1292'. [ 296.894827][ T8405] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1305'. [ 300.485360][ T8437] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 300.522653][ T8437] overlayfs: option "index=on" is useless in a non-upper mount, ignore [ 300.563052][ T8437] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 301.682237][ T8494] netlink: 36 bytes leftover after parsing attributes in process `syz.5.1347'. [ 303.148244][ T8532] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1360'. [ 303.675946][ T8551] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 303.685355][ T8551] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 303.694150][ T8551] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 303.702904][ T8551] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 306.133556][ T8609] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1395'. [ 306.539984][ T8631] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1398'. [ 307.301630][ T4642] bridge0: port 2(bridge_slave_1) entered disabled state [ 307.403451][ T8650] tmpfs: Unknown parameter 'quota' [ 307.435213][ T8650] overlayfs: failed to clone upperpath [ 308.754641][ T8667] overlayfs: missing 'lowerdir' [ 308.783747][ T4270] Bluetooth: hci0: Dropping invalid advertising data [ 308.791013][ T4270] Bluetooth: hci0: Malformed LE Event: 0x02 [ 308.913180][ T8691] device vlan1 entered promiscuous mode [ 308.918821][ T8691] device bond0 entered promiscuous mode [ 308.932935][ T8691] device bond_slave_0 entered promiscuous mode [ 308.942186][ T8691] device bond_slave_1 entered promiscuous mode [ 308.969867][ T8694] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1430'. [ 309.272327][ T8705] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1435'. [ 310.137749][ T8720] device vlan2 entered promiscuous mode [ 310.144646][ T8720] device bond0 entered promiscuous mode [ 310.150753][ T8720] device bond_slave_0 entered promiscuous mode [ 310.167218][ T8720] device bond_slave_1 entered promiscuous mode [ 310.363669][ T0] NOHZ tick-stop error: local softirq work is pending, handler #142!!! [ 312.566521][ T8775] netlink: 'syz.5.1466': attribute type 16 has an invalid length. [ 312.582030][ T8775] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1466'. [ 314.521265][ T8817] netlink: 'syz.3.1482': attribute type 16 has an invalid length. [ 314.552959][ T8817] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1482'. [ 316.215485][ T8837] netlink: 'syz.0.1490': attribute type 1 has an invalid length. [ 316.416512][ T8837] device bond3 entered promiscuous mode [ 316.432714][ T8837] 8021q: adding VLAN 0 to HW filter on device bond3 [ 316.753377][ T8862] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1486'. [ 317.047223][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.053588][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.979036][ T8881] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1505'. [ 318.056128][ T8883] netlink: 'syz.0.1506': attribute type 1 has an invalid length. [ 318.120963][ T8883] device bond4 entered promiscuous mode [ 318.208119][ T8883] 8021q: adding VLAN 0 to HW filter on device bond4 [ 318.238230][ T8892] syz.2.1509 uses obsolete (PF_INET,SOCK_PACKET) [ 319.865766][ T8921] netlink: 'syz.1.1520': attribute type 1 has an invalid length. [ 319.952460][ T8921] device bond3 entered promiscuous mode [ 319.988574][ T8921] 8021q: adding VLAN 0 to HW filter on device bond3 [ 321.200595][ T8949] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1530'. [ 323.146033][ T8979] netlink: 45349 bytes leftover after parsing attributes in process `syz.5.1538'. [ 325.647049][ T9022] netlink: 'syz.0.1559': attribute type 1 has an invalid length. [ 325.684063][ T9022] device bond5 entered promiscuous mode [ 325.690031][ T9022] 8021q: adding VLAN 0 to HW filter on device bond5 [ 326.562932][ T9036] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1563'. [ 327.713776][ T4352] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 327.724469][ T4352] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 327.831310][ T4352] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 327.850318][ T4352] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 327.916131][ T4352] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 327.929816][ T4352] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 328.018912][ T9065] netlink: 'syz.0.1575': attribute type 1 has an invalid length. [ 328.108718][ T9065] device bond6 entered promiscuous mode [ 328.143277][ T9065] 8021q: adding VLAN 0 to HW filter on device bond6 [ 328.277355][ T4352] netdevsim netdevsim2 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 328.325563][ T4352] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 328.471484][ T4270] Bluetooth: min 6 > max 0 [ 328.861298][ T4284] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 328.871003][ T4284] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 329.102046][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 329.204355][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 329.394525][ T4284] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 329.410448][ T4284] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 329.422404][ T4284] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 329.471830][ T4284] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 329.613767][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 329.614113][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 329.981127][ T9119] netlink: 'syz.0.1595': attribute type 1 has an invalid length. [ 330.036376][ T9119] device bond7 entered promiscuous mode [ 330.042366][ T9119] 8021q: adding VLAN 0 to HW filter on device bond7 [ 330.512952][ T4284] Bluetooth: hci0: command 0x2021 tx timeout [ 331.613037][ T4270] Bluetooth: hci1: command 0x0409 tx timeout [ 331.748512][ T9097] chnl_net:caif_netlink_parms(): no params data found [ 331.989681][ T9097] bridge0: port 1(bridge_slave_0) entered blocking state [ 332.008634][ T9097] bridge0: port 1(bridge_slave_0) entered disabled state [ 332.017121][ T9097] device bridge_slave_0 entered promiscuous mode [ 332.029809][ T9097] bridge0: port 2(bridge_slave_1) entered blocking state [ 332.042422][ T9097] bridge0: port 2(bridge_slave_1) entered disabled state [ 332.051880][ T9097] device bridge_slave_1 entered promiscuous mode [ 332.093805][ T9179] netlink: 'syz.0.1610': attribute type 1 has an invalid length. [ 332.140663][ T9179] device bond8 entered promiscuous mode [ 332.153991][ T9179] 8021q: adding VLAN 0 to HW filter on device bond8 [ 332.959549][ T9097] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 333.026904][ T4352] device hsr_slave_0 left promiscuous mode [ 333.082666][ T4352] device hsr_slave_1 left promiscuous mode [ 333.121312][ T4352] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 333.146092][ T4352] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 333.171335][ T4352] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 333.188905][ T4352] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 333.205199][ T4352] device bridge_slave_0 left promiscuous mode [ 333.211583][ T4352] bridge0: port 1(bridge_slave_0) entered disabled state [ 333.290799][ T4352] device veth1_macvtap left promiscuous mode [ 333.309979][ T4352] device veth0_macvtap left promiscuous mode [ 333.319131][ T4352] device veth1_vlan left promiscuous mode [ 333.338371][ T4352] device veth0_vlan left promiscuous mode [ 333.682857][ T4270] Bluetooth: hci1: command 0x041b tx timeout [ 335.878966][ T4270] Bluetooth: hci1: command 0x040f tx timeout [ 336.010579][ T4352] bond1 (unregistering): Released all slaves [ 336.985978][ T4352] team0 (unregistering): Port device team_slave_1 removed [ 337.023883][ T4352] team0 (unregistering): Port device team_slave_0 removed [ 337.064827][ T4352] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 337.106785][ T4352] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 337.387628][ T4352] bond0 (unregistering): Released all slaves [ 337.469465][ T9097] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 337.490255][ T9225] netlink: 'syz.5.1628': attribute type 10 has an invalid length. [ 337.490793][ T9216] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12 [ 337.508668][ T9216] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12 [ 337.518373][ T9216] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 337.537286][ T9225] 8021q: adding VLAN 0 to HW filter on device team0 [ 337.567355][ T9225] device team0 entered promiscuous mode [ 337.587872][ T9225] device team_slave_0 entered promiscuous mode [ 337.605834][ T9225] device team_slave_1 entered promiscuous mode [ 337.617584][ T9225] bond0: (slave team0): Enslaving as an active interface with an up link [ 337.629540][ T9230] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1627'. [ 337.783694][ T9097] team0: Port device team_slave_0 added [ 337.819518][ T9097] team0: Port device team_slave_1 added [ 337.922838][ T4270] Bluetooth: hci1: command 0x0419 tx timeout [ 340.177283][ T9097] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 340.240345][ T9097] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 340.353637][ T9097] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 340.377749][ T9097] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 340.428947][ T9097] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 340.518868][ T9097] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 342.792699][ T9293] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1647'. [ 343.104842][ T9097] device hsr_slave_0 entered promiscuous mode [ 343.145226][ T9097] device hsr_slave_1 entered promiscuous mode [ 343.170017][ T9097] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 343.357693][ T9097] Cannot create hsr debugfs directory [ 344.390985][ T9319] sch_tbf: burst 274 is lower than device lo mtu (65550) ! [ 344.566265][ T9097] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 344.609567][ T9097] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 344.638576][ T9097] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 344.665922][ T9097] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 344.936570][ T9097] 8021q: adding VLAN 0 to HW filter on device bond0 [ 345.004279][ T4563] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 345.022195][ T4563] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 345.065007][ T9097] 8021q: adding VLAN 0 to HW filter on device team0 [ 345.494939][ T5015] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 345.615609][ T5015] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 345.714888][ T5015] bridge0: port 1(bridge_slave_0) entered blocking state [ 345.722031][ T5015] bridge0: port 1(bridge_slave_0) entered forwarding state [ 345.730621][ T5015] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 345.932600][ T5015] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 345.954064][ T5015] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 345.980367][ T5015] bridge0: port 2(bridge_slave_1) entered blocking state [ 345.987591][ T5015] bridge0: port 2(bridge_slave_1) entered forwarding state [ 346.483868][ T5015] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 346.628508][ T5015] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 346.650127][ T4500] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 346.677715][ T4500] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 346.683613][ T9357] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 346.712669][ T9354] netlink: 32 bytes leftover after parsing attributes in process `syz.5.1662'. [ 346.830664][ T9097] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 346.842117][ T9097] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 346.881029][ T9357] CIFS mount error: No usable UNC path provided in device string! [ 346.881029][ T9357] [ 346.884067][ T4500] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 346.921519][ T4500] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 346.941045][ T4500] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 346.958975][ T4500] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 346.977987][ T4500] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 347.000615][ T9357] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 347.083569][ T4500] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 347.102378][ T4500] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 347.382395][ T4500] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 349.068567][ T9373] overlayfs: missing 'workdir' [ 349.347140][ T9403] netlink: 32 bytes leftover after parsing attributes in process `syz.5.1675'. [ 350.422614][ T4500] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 350.436561][ T4500] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 350.476727][ T9097] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 352.860833][ T9447] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1686'. [ 353.735870][ T4500] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 353.790169][ T4500] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 353.828619][ T4500] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 353.943336][ T4500] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 354.623407][ T4500] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 354.674935][ T4500] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 354.683664][ T9097] device veth0_vlan entered promiscuous mode [ 354.696487][ T9097] device veth1_vlan entered promiscuous mode [ 354.720109][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 354.778805][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 354.811980][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 354.837009][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 354.876248][ T9097] device veth0_macvtap entered promiscuous mode [ 354.905906][ T35] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 354.952362][ T9097] device veth1_macvtap entered promiscuous mode [ 355.001450][ T9097] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 355.042036][ T9097] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 355.080062][ T9097] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 355.105412][ T9097] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 355.123025][ T9097] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 355.142783][ T9097] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 355.175217][ T9097] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 355.592464][ T9097] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 355.821849][ T9097] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 356.337582][ T4499] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 356.347800][ T4499] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 356.362021][ T9097] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 356.387694][ T9097] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 357.175454][ T9097] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 357.198550][ T9097] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 357.237747][ T9097] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 357.248306][ T9097] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 357.258657][ T9097] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 357.269994][ T9097] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 357.285755][ T9097] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 357.298151][ T9097] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 357.306939][ T9097] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 357.332963][ T9097] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 357.352912][ T9097] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 357.376980][ T5015] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 357.413659][ T5015] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 357.626132][ T5015] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 357.644578][ T5015] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 357.721803][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 357.753051][ T4499] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 357.788202][ T4499] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 357.831645][ T5015] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 358.756232][ T9543] loop6: detected capacity change from 0 to 128 [ 358.863055][ T9543] UDF-fs: error (device loop6): udf_read_tagged: read failed, block=256, location=256 [ 358.956363][ T9543] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 359.174335][ T9558] bond0: (slave bond_slave_1): Releasing backup interface [ 359.216185][ T9558] device bond_slave_1 left promiscuous mode [ 360.463633][ T9579] loop6: detected capacity change from 0 to 4096 [ 363.832160][ T9647] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1746'. [ 363.901698][ T9650] fuse: Bad value for 'fd' [ 364.111086][ T9658] bridge0: port 3(ipvlan2) entered blocking state [ 364.120882][ T9658] bridge0: port 3(ipvlan2) entered disabled state [ 364.761503][ T9683] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1760'. [ 365.526604][ T3910] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 365.725742][ T3910] usb 7-1: Using ep0 maxpacket: 32 [ 365.735286][ T3910] usb 7-1: config 0 has an invalid interface number: 196 but max is 0 [ 365.796754][ T3910] usb 7-1: config 0 has no interface number 0 [ 365.845632][ T3910] usb 7-1: config 0 interface 196 has no altsetting 0 [ 366.226596][ T3910] usb 7-1: New USB device found, idVendor=05ac, idProduct=77c2, bcdDevice=eb.3a [ 366.238091][ T3910] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 366.246557][ T3910] usb 7-1: Product: syz [ 366.255678][ T3910] usb 7-1: Manufacturer: syz [ 366.260377][ T3910] usb 7-1: SerialNumber: syz [ 366.280470][ T3910] usb 7-1: config 0 descriptor?? [ 366.517142][ T3910] ipheth 7-1:0.196: Unable to find endpoints [ 366.593181][ T9709] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1765'. [ 366.720412][ T129] usb 7-1: USB disconnect, device number 2 [ 366.831569][ T9715] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1769'. [ 367.068774][ T9720] device team0 entered promiscuous mode [ 367.076616][ T9720] device team_slave_0 entered promiscuous mode [ 367.089252][ T9720] device team_slave_1 entered promiscuous mode [ 367.097828][ T9720] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 367.112871][ T9720] bond0: (slave macvlan2): Enslaving as an active interface with an up link [ 367.127261][ T9724] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1772'. [ 368.035800][ T9746] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1777'. [ 369.172934][ T9762] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1782'. [ 370.253334][ T9768] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1786'. [ 370.272499][ T9769] loop6: detected capacity change from 0 to 1024 [ 370.292600][ T9769] hfsplus: gid requires an argument [ 370.355701][ T9769] hfsplus: unable to parse mount options [ 371.650875][ T9788] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1794'. [ 372.188544][ T9806] loop6: detected capacity change from 0 to 128 [ 372.240485][ T9806] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none. [ 373.269263][ T9097] EXT4-fs (loop6): unmounting filesystem. [ 373.276512][ T9817] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1801'. [ 373.455460][ T9823] loop6: detected capacity change from 0 to 128 [ 374.544256][ T9799] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1797'. [ 375.317495][ T9856] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1812'. [ 375.412815][ T22] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 375.886608][ T9862] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1816'. [ 375.954327][ T22] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 375.988564][ T22] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 375.999649][ T22] usb 7-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 376.021510][ T22] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 376.038390][ T22] usb 7-1: SerialNumber: syz [ 376.103033][ T9867] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 376.118383][ T9869] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 376.136248][ T9869] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 376.157145][ T9871] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 376.170338][ T9869] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 376.189071][ T9869] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 376.294864][ T22] usb 7-1: 0:2 : does not exist [ 376.538455][ T22] usb 7-1: USB disconnect, device number 3 [ 376.801635][ T9873] udevd[9873]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 377.186829][ T9883] netlink: 83 bytes leftover after parsing attributes in process `syz.3.1822'. [ 377.526080][ T9898] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1828'. [ 377.562133][ T9898] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1828'. [ 377.945612][ T129] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 378.205254][ T9913] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1832'. [ 378.581220][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.587649][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.723126][ T129] usb 7-1: Using ep0 maxpacket: 32 [ 378.820092][ T129] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 379.461934][ T129] usb 7-1: config 0 interface 0 altsetting 16 has 0 endpoint descriptors, different from the interface descriptor's value: 5 [ 379.575872][ T129] usb 7-1: config 0 interface 0 has no altsetting 0 [ 379.588222][ T129] usb 7-1: New USB device found, idVendor=1241, idProduct=5015, bcdDevice= 0.00 [ 379.644373][ T129] usb 7-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 379.670333][ T129] usb 7-1: Manufacturer: syz [ 379.695951][ T129] usb 7-1: config 0 descriptor?? [ 379.747272][ T129] usbhid 7-1:0.0: couldn't find an input interrupt endpoint [ 381.686752][ T9944] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1837'. [ 382.169197][ T9946] netlink: 45349 bytes leftover after parsing attributes in process `syz.0.1839'. [ 382.372432][ T4328] usb 7-1: USB disconnect, device number 4 [ 383.505532][ T26] kauditd_printk_skb: 31 callbacks suppressed [ 383.505547][ T26] audit: type=1326 audit(383.518:279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9968 comm="syz.3.1844" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f026f99acb9 code=0x0 [ 386.831244][T10012] netlink: 45349 bytes leftover after parsing attributes in process `syz.6.1853'. [ 388.565438][T10025] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1857'. [ 391.028613][T10075] netlink: 45349 bytes leftover after parsing attributes in process `syz.0.1870'. [ 391.761069][T10085] netlink: 20 bytes leftover after parsing attributes in process `syz.6.1873'. [ 392.472323][T10095] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1878'. [ 392.500874][T10095] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1878'. [ 393.413472][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 393.504609][ T0] NOHZ tick-stop error: local softirq work is pending, handler #282!!! [ 393.513018][ T0] NOHZ tick-stop error: local softirq work is pending, handler #382!!! [ 393.521424][ T0] NOHZ tick-stop error: local softirq work is pending, handler #382!!! [ 393.529795][ T0] NOHZ tick-stop error: local softirq work is pending, handler #382!!! [ 396.033503][T10147] netlink: 20 bytes leftover after parsing attributes in process `syz.6.1889'. [ 396.466596][T10150] fuse: Bad value for 'fd' [ 396.518989][T10155] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1892'. [ 396.560501][T10155] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1892'. [ 399.076265][T10191] netlink: 32 bytes leftover after parsing attributes in process `syz.5.1901'. [ 402.041019][T10225] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1905'. [ 403.070897][T10243] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1917'. [ 403.877125][ T26] audit: type=1326 audit(403.838:280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10254 comm="syz.3.1921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f026f99acb9 code=0x7ffc0000 [ 404.114113][ T26] audit: type=1326 audit(403.838:281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10254 comm="syz.3.1921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f026f99acb9 code=0x7ffc0000 [ 404.226132][ T26] audit: type=1326 audit(403.858:282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10254 comm="syz.3.1921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f026f99acb9 code=0x7ffc0000 [ 404.373664][ T26] audit: type=1326 audit(403.858:283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10254 comm="syz.3.1921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f026f99acb9 code=0x7ffc0000 [ 404.422916][ T26] audit: type=1326 audit(403.858:284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10254 comm="syz.3.1921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f026f99acb9 code=0x7ffc0000 [ 404.439210][T10268] overlayfs: failed to clone upperpath [ 404.452807][ T26] audit: type=1326 audit(403.858:285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10254 comm="syz.3.1921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f026f99acb9 code=0x7ffc0000 [ 404.581013][T10269] loop6: detected capacity change from 0 to 1024 [ 404.593806][T10269] ext4: Unknown parameter 'subj_type' [ 405.067642][ T26] audit: type=1326 audit(403.858:286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10254 comm="syz.3.1921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f026f99acb9 code=0x7ffc0000 [ 405.090248][ T26] audit: type=1326 audit(403.858:287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10254 comm="syz.3.1921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f026f99acb9 code=0x7ffc0000 [ 405.282025][ T26] audit: type=1326 audit(403.858:288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10254 comm="syz.3.1921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f026f99acb9 code=0x7ffc0000 [ 405.385036][ T26] audit: type=1326 audit(403.858:289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10254 comm="syz.3.1921" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f026f99acb9 code=0x7ffc0000 [ 406.231382][T10286] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1930'. [ 406.242121][T10286] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1930'. [ 406.579104][T10287] IPv6: NLM_F_REPLACE set, but no existing node found! [ 406.703993][T10303] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1932'. [ 406.797703][T10301] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1933'. [ 407.496038][T10313] netlink: 44 bytes leftover after parsing attributes in process `syz.6.1935'. [ 407.517311][T10313] netlink: 24 bytes leftover after parsing attributes in process `syz.6.1935'. [ 407.611263][T10314] sp0: Synchronizing with TNC [ 410.103843][T10335] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1943'. [ 410.115423][T10335] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1943'. [ 411.354162][T10351] IPv6: NLM_F_REPLACE set, but no existing node found! [ 411.707498][T10353] netlink: 32 bytes leftover after parsing attributes in process `syz.5.1947'. [ 413.053307][ T4398] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 413.854569][T10376] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1944'. [ 413.872910][ T4398] usb 7-1: Using ep0 maxpacket: 32 [ 413.884240][ T4398] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 413.924378][ T4398] usb 7-1: config 0 interface 0 altsetting 16 has 0 endpoint descriptors, different from the interface descriptor's value: 5 [ 413.961548][ T4398] usb 7-1: config 0 interface 0 has no altsetting 0 [ 413.961585][T10382] overlayfs: failed to clone upperpath [ 413.979252][ T4398] usb 7-1: New USB device found, idVendor=1241, idProduct=5015, bcdDevice= 0.00 [ 414.018927][ T4398] usb 7-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 414.051567][ T4398] usb 7-1: Manufacturer: syz [ 414.086845][ T4398] usb 7-1: config 0 descriptor?? [ 414.134873][ T4398] usbhid 7-1:0.0: couldn't find an input interrupt endpoint [ 414.322995][ T9] bridge0: port 2(bridge_slave_1) entered disabled state [ 414.420764][T10397] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1959'. [ 416.356682][ T4328] usb 7-1: USB disconnect, device number 5 [ 416.518266][ T4499] bridge0: port 2(bridge_slave_1) entered disabled state [ 416.889863][T10443] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1973'. [ 417.831431][T10461] fuse: Bad value for 'fd' [ 419.146968][ T4519] bridge0: port 2(bridge_slave_1) entered disabled state [ 419.163218][ T7] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 419.372876][ T7] usb 7-1: Using ep0 maxpacket: 32 [ 419.379875][ T7] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 419.414109][ T7] usb 7-1: config 0 interface 0 altsetting 16 has 0 endpoint descriptors, different from the interface descriptor's value: 5 [ 419.493783][T10492] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1988'. [ 420.090313][ T7] usb 7-1: config 0 interface 0 has no altsetting 0 [ 420.109435][ T7] usb 7-1: New USB device found, idVendor=1241, idProduct=5015, bcdDevice= 0.00 [ 420.142793][ T7] usb 7-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 420.214245][ T7] usb 7-1: Manufacturer: syz [ 420.283804][ T7] usb 7-1: config 0 descriptor?? [ 420.336386][ T7] usbhid 7-1:0.0: couldn't find an input interrupt endpoint [ 420.633946][T10483] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1989'. [ 421.117164][T10514] device batadv_slave_1 entered promiscuous mode [ 421.179671][T10513] device batadv_slave_1 left promiscuous mode [ 422.296961][T10531] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2001'. [ 422.307029][ T7] usb 7-1: USB disconnect, device number 6 [ 422.581598][T10548] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2002'. [ 424.961179][T10589] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2019'. [ 425.246776][T10602] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2020'. [ 427.843569][T10643] netlink: 216 bytes leftover after parsing attributes in process `syz.1.2035'. [ 427.853137][T10643] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2035'. [ 428.763461][T10655] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2037'. [ 431.016614][T10693] netlink: 216 bytes leftover after parsing attributes in process `syz.3.2050'. [ 431.026174][T10693] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2050'. [ 431.955629][T10709] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2053'. [ 431.992793][T10708] overlayfs: unrecognized mount option "\" or missing value [ 432.689080][T10718] loop6: detected capacity change from 0 to 512 [ 433.146769][T10725] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2061'. [ 433.166227][T10718] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback. [ 433.219903][T10718] EXT4-fs error (device loop6): ext4_do_update_inode:5272: inode #2: comm syz.6.2059: corrupted inode contents [ 433.367444][T10718] EXT4-fs error (device loop6): ext4_dirty_inode:6137: inode #2: comm syz.6.2059: mark_inode_dirty error [ 433.440095][T10718] EXT4-fs error (device loop6): ext4_do_update_inode:5272: inode #2: comm syz.6.2059: corrupted inode contents [ 434.482232][T10718] EXT4-fs error (device loop6): __ext4_ext_dirty:202: inode #2: comm syz.6.2059: mark_inode_dirty error [ 434.526554][T10734] EXT4-fs error (device loop6): ext4_lookup:1855: inode #18: comm syz.6.2059: 'file0' linked to parent dir [ 434.703534][ T9097] EXT4-fs (loop6): unmounting filesystem. [ 434.853195][T10756] netlink: 216 bytes leftover after parsing attributes in process `syz.0.2065'. [ 434.862827][T10756] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2065'. [ 435.026615][T10759] netlink: 72 bytes leftover after parsing attributes in process `syz.3.2069'. [ 435.838906][T10769] tipc: Failed to remove unknown binding: 66,0,0/0:1371246293/1371246294 [ 436.545180][T10769] tipc: Failed to remove unknown binding: 66,0,0/0:1371246293/1371246294 [ 436.607576][T10779] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2076'. [ 436.998602][T10792] overlayfs: failed to set xattr on upper [ 437.016076][T10792] overlayfs: ...falling back to index=off,metacopy=off. [ 437.195929][T10794] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2071'. [ 437.673143][T10792] overlayfs: upperdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 438.003563][T10807] netlink: 216 bytes leftover after parsing attributes in process `syz.3.2084'. [ 438.013146][T10807] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2084'. [ 438.871991][T10817] loop6: detected capacity change from 0 to 1024 [ 438.939842][T10821] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2092'. [ 439.937068][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 439.943449][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.251548][T10817] EXT4-fs: Ignoring removed orlov option [ 440.269513][T10817] EXT4-fs (loop6): Test dummy encryption mode enabled [ 440.282130][T10817] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback. [ 440.368114][T10854] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2098'. [ 440.921282][T10857] netlink: 216 bytes leftover after parsing attributes in process `syz.1.2101'. [ 440.930655][T10857] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2101'. [ 441.715050][T10814] fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-aesni" [ 441.744730][T10874] device bond3 entered promiscuous mode [ 441.750515][T10874] 8021q: adding VLAN 0 to HW filter on device bond3 [ 441.769760][T10874] bond3: (slave ipvlan3): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 441.783247][T10874] bond3: (slave ipvlan3): The slave device specified does not support setting the MAC address [ 441.881006][T10874] bond3: (slave ipvlan3): Error -95 calling set_mac_address [ 442.649270][ T9097] EXT4-fs (loop6): unmounting filesystem. [ 444.751564][T10915] netlink: 216 bytes leftover after parsing attributes in process `syz.5.2115'. [ 444.780979][T10915] netlink: 40 bytes leftover after parsing attributes in process `syz.5.2115'. [ 444.790297][ T7] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 445.021039][T10922] device bond4 entered promiscuous mode [ 445.650795][ T7] usb 7-1: Using ep0 maxpacket: 32 [ 445.671714][ T7] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 445.698786][T10922] 8021q: adding VLAN 0 to HW filter on device bond4 [ 445.715845][ T7] usb 7-1: config 0 interface 0 altsetting 16 has 0 endpoint descriptors, different from the interface descriptor's value: 5 [ 445.760168][ T7] usb 7-1: config 0 interface 0 has no altsetting 0 [ 445.842536][ T7] usb 7-1: New USB device found, idVendor=1241, idProduct=5015, bcdDevice= 0.00 [ 445.853784][ T7] usb 7-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 445.861942][ T7] usb 7-1: Manufacturer: syz [ 445.889011][ T7] usb 7-1: config 0 descriptor?? [ 445.907672][ T7] usbhid 7-1:0.0: couldn't find an input interrupt endpoint [ 446.346237][T10947] bond0: option active_slave: mode dependency failed, not supported in mode balance-rr(0) [ 446.373248][T10947] bond0: option active_slave: mode dependency failed, not supported in mode balance-rr(0) [ 446.670214][T10953] IPv6: NLM_F_REPLACE set, but no existing node found! [ 447.344764][ T3910] usb 7-1: USB disconnect, device number 7 [ 447.759052][T10980] bond0: option active_slave: mode dependency failed, not supported in mode balance-rr(0) [ 447.787905][T10980] bond0: option active_slave: mode dependency failed, not supported in mode balance-rr(0) [ 448.421661][T10991] netlink: 216 bytes leftover after parsing attributes in process `syz.1.2144'. [ 448.430872][T10991] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2144'. [ 451.025769][T11018] bond0: option active_slave: mode dependency failed, not supported in mode balance-rr(0) [ 451.047769][T11018] bond0: option active_slave: mode dependency failed, not supported in mode balance-rr(0) [ 451.545862][T11034] netlink: 216 bytes leftover after parsing attributes in process `syz.3.2160'. [ 451.557703][T11034] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2160'. [ 453.116262][ T4270] Bluetooth: hci1: command 0x0406 tx timeout [ 453.166755][T11048] device sit0 entered promiscuous mode [ 453.201732][T11048] netlink: 'syz.6.2167': attribute type 1 has an invalid length. [ 453.232493][T11048] netlink: 1 bytes leftover after parsing attributes in process `syz.6.2167'. [ 453.340367][T11053] bond0: option active_slave: mode dependency failed, not supported in mode balance-rr(0) [ 453.392052][T11053] bond0: option active_slave: mode dependency failed, not supported in mode balance-rr(0) [ 456.464592][T11095] bond0: option active_slave: mode dependency failed, not supported in mode balance-rr(0) [ 456.477233][T11095] bond0: option active_slave: mode dependency failed, not supported in mode balance-rr(0) [ 457.851975][T11109] netlink: 216 bytes leftover after parsing attributes in process `syz.5.2188'. [ 457.861570][T11109] netlink: 40 bytes leftover after parsing attributes in process `syz.5.2188'. [ 459.737126][T11130] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2196'. [ 459.750516][T11130] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2196'. [ 460.727545][T11145] device bond9 entered promiscuous mode [ 460.760664][T11145] 8021q: adding VLAN 0 to HW filter on device bond9 [ 460.868398][T11153] bond9: (slave ipvlan5): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 460.881216][T11153] bond9: (slave ipvlan5): The slave device specified does not support setting the MAC address [ 460.893750][T11153] bond9: (slave ipvlan5): Error -95 calling set_mac_address [ 461.811146][T11165] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2208'. [ 461.826646][T11165] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2208'. [ 462.041303][T11157] loop6: detected capacity change from 0 to 1024 [ 462.048565][T11157] ext4: Unknown parameter 'subj_type' [ 463.225461][T11187] mmap: syz.1.2214 (11187) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 463.301484][T11187] [ 463.303857][T11187] ====================================================== [ 463.310881][T11187] WARNING: possible circular locking dependency detected [ 463.317924][T11187] syzkaller #0 Not tainted [ 463.322430][T11187] ------------------------------------------------------ [ 463.329643][T11187] syz.1.2214/11187 is trying to acquire lock: [ 463.335710][T11187] ffff88807c14ede0 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: process_measurement+0x3a2/0x1c30 [ 463.346430][T11187] [ 463.346430][T11187] but task is already holding lock: [ 463.353807][T11187] ffff88807d396a58 (&mm->mmap_lock){++++}-{3:3}, at: __se_sys_remap_file_pages+0x1a4/0x7b0 [ 463.363852][T11187] [ 463.363852][T11187] which lock already depends on the new lock. [ 463.363852][T11187] [ 463.374357][T11187] [ 463.374357][T11187] the existing dependency chain (in reverse order) is: [ 463.383390][T11187] [ 463.383390][T11187] -> #1 (&mm->mmap_lock){++++}-{3:3}: [ 463.390967][T11187] down_read_killable+0x4c/0x340 [ 463.396420][T11187] mmap_read_lock_killable+0x1d/0x60 [ 463.402217][T11187] lock_mm_and_find_vma+0x2b1/0x2f0 [ 463.407924][T11187] do_user_addr_fault+0x2db/0xb10 [ 463.413463][T11187] exc_page_fault+0x60/0x100 [ 463.418645][T11187] asm_exc_page_fault+0x22/0x30 [ 463.424000][T11187] fault_in_readable+0x13e/0x1f0 [ 463.429455][T11187] fault_in_iov_iter_readable+0xbb/0x2e0 [ 463.435605][T11187] generic_perform_write+0x1f1/0x5c0 [ 463.441408][T11187] __generic_file_write_iter+0x148/0x2a0 [ 463.447997][T11187] generic_file_write_iter+0xab/0x2e0 [ 463.453896][T11187] vfs_write+0x4b1/0xa30 [ 463.458671][T11187] ksys_write+0x14c/0x250 [ 463.463519][T11187] do_syscall_64+0x4c/0xa0 [ 463.468446][T11187] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 463.474934][T11187] [ 463.474934][T11187] -> #0 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}: [ 463.483603][T11187] __lock_acquire+0x2d07/0x7d10 [ 463.488961][T11187] lock_acquire+0x1bb/0x4a0 [ 463.494000][T11187] down_write+0x36/0x60 [ 463.498658][T11187] process_measurement+0x3a2/0x1c30 [ 463.504370][T11187] ima_file_mmap+0x102/0x150 [ 463.509477][T11187] __se_sys_remap_file_pages+0x559/0x7b0 [ 463.515635][T11187] do_syscall_64+0x4c/0xa0 [ 463.520570][T11187] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 463.526981][T11187] [ 463.526981][T11187] other info that might help us debug this: [ 463.526981][T11187] [ 463.537295][T11187] Possible unsafe locking scenario: [ 463.537295][T11187] [ 463.544796][T11187] CPU0 CPU1 [ 463.550153][T11187] ---- ---- [ 463.555505][T11187] lock(&mm->mmap_lock); [ 463.559820][T11187] lock(&sb->s_type->i_mutex_key#13); [ 463.567788][T11187] lock(&mm->mmap_lock); [ 463.574635][T11187] lock(&sb->s_type->i_mutex_key#13); [ 463.580195][T11187] [ 463.580195][T11187] *** DEADLOCK *** [ 463.580195][T11187] [ 463.588334][T11187] 1 lock held by syz.1.2214/11187: [ 463.593435][T11187] #0: ffff88807d396a58 (&mm->mmap_lock){++++}-{3:3}, at: __se_sys_remap_file_pages+0x1a4/0x7b0 [ 463.603875][T11187] [ 463.603875][T11187] stack backtrace: [ 463.609768][T11187] CPU: 0 PID: 11187 Comm: syz.1.2214 Not tainted syzkaller #0 [ 463.617213][T11187] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 463.627286][T11187] Call Trace: [ 463.630577][T11187] [ 463.633504][T11187] dump_stack_lvl+0x188/0x24e [ 463.638192][T11187] ? load_image+0x400/0x400 [ 463.642692][T11187] ? show_regs_print_info+0x12/0x12 [ 463.647901][T11187] ? print_circular_bug+0x12b/0x1a0 [ 463.653111][T11187] check_noncircular+0x296/0x330 [ 463.658071][T11187] ? look_up_lock_class+0x75/0x140 [ 463.663178][T11187] ? add_chain_block+0x940/0x940 [ 463.668116][T11187] ? lockdep_lock+0xf1/0x1f0 [ 463.672711][T11187] ? _find_first_zero_bit+0xcf/0x100 [ 463.678003][T11187] __lock_acquire+0x2d07/0x7d10 [ 463.682860][T11187] ? ima_match_policy+0x107/0x2120 [ 463.687975][T11187] ? __lock_acquire+0x7d10/0x7d10 [ 463.692998][T11187] ? verify_lock_unused+0x140/0x140 [ 463.698196][T11187] ? ima_match_policy+0x107/0x2120 [ 463.703308][T11187] ? ima_match_policy+0x2093/0x2120 [ 463.708513][T11187] lock_acquire+0x1bb/0x4a0 [ 463.713011][T11187] ? process_measurement+0x3a2/0x1c30 [ 463.718381][T11187] ? __might_sleep+0xd0/0xd0 [ 463.722962][T11187] ? read_lock_is_recursive+0x10/0x10 [ 463.728321][T11187] ? ima_get_action+0x71/0xa0 [ 463.732990][T11187] down_write+0x36/0x60 [ 463.737136][T11187] ? process_measurement+0x3a2/0x1c30 [ 463.742500][T11187] process_measurement+0x3a2/0x1c30 [ 463.747694][T11187] ? ima_file_mmap+0x150/0x150 [ 463.752464][T11187] ? aa_file_perm+0x112/0xf00 [ 463.757141][T11187] ? aa_file_perm+0x112/0xf00 [ 463.761846][T11187] ? mtree_load+0x100/0xa70 [ 463.766342][T11187] ? apparmor_current_getsecid_subj+0xb1/0x110 [ 463.772501][T11187] ima_file_mmap+0x102/0x150 [ 463.777085][T11187] ? end_current_label_crit_section+0x14b/0x170 [ 463.783317][T11187] ? ima_file_free+0x3e0/0x3e0 [ 463.788064][T11187] ? common_file_perm+0x171/0x1c0 [ 463.793074][T11187] ? bpf_lsm_mmap_file+0x5/0x10 [ 463.797908][T11187] ? security_mmap_file+0x11b/0x180 [ 463.803106][T11187] __se_sys_remap_file_pages+0x559/0x7b0 [ 463.808751][T11187] ? up_write+0x1bb/0x420 [ 463.813072][T11187] ? __x64_sys_remap_file_pages+0xc0/0xc0 [ 463.818779][T11187] ? lock_chain_count+0x20/0x20 [ 463.823656][T11187] ? lockdep_hardirqs_on+0x94/0x140 [ 463.828843][T11187] ? __x64_sys_remap_file_pages+0x1c/0xc0 [ 463.834563][T11187] do_syscall_64+0x4c/0xa0 [ 463.838964][T11187] ? clear_bhb_loop+0x60/0xb0 [ 463.843637][T11187] ? clear_bhb_loop+0x60/0xb0 [ 463.848298][T11187] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 463.854195][T11187] RIP: 0033:0x7f6e4739acb9 [ 463.858607][T11187] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 463.878229][T11187] RSP: 002b:00007f6e48329028 EFLAGS: 00000246 ORIG_RAX: 00000000000000d8 [ 463.886648][T11187] RAX: ffffffffffffffda RBX: 00007f6e47615fa0 RCX: 00007f6e4739acb9 [ 463.894691][T11187] RDX: 0000000000000000 RSI: 000000000000a000 RDI: 0000200000ff6000 [ 463.902737][T11187] RBP: 00007f6e47408bf7 R08: 0000000000100000 R09: 0000000000000000 [ 463.910885][T11187] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000 [ 463.918842][T11187] R13: 00007f6e47616038 R14: 00007f6e47615fa0 R15: 00007ffe23db5788 [ 463.926892][T11187]