last executing test programs: 43.144430855s ago: executing program 4 (id=41): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x31, &(0x7f0000000040)=0x7, 0x4) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) syz_emit_ethernet(0x2a, &(0x7f0000000080)={@multicast, @multicast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @remote, @broadcast}, {0x4e21, 0x4e20, 0x8}}}}}, 0x0) 42.860475419s ago: executing program 4 (id=45): syz_mount_image$hfsplus(&(0x7f0000000100), &(0x7f0000000180)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x80, &(0x7f0000000200)={[{@nobarrier}, {@nobarrier}, {}, {@umask={'umask', 0x3d, 0x8}}, {@nobarrier}, {@uid}, {@nls={'nls', 0x3d, 'cp775'}}]}, 0x44, 0x6ff, &(0x7f0000000500)="$eJzs3U1sHGf5APBn1uu1N5XcbZu0/f+FFKsRETSQ2F5KgoREqBDyoUKRuPS6JE5jee1GtoucCBEXKBzhhHLooQiZQ0+oB6QiDohyRkLiinKPxD3iwKKZnVnvh73ebfyRhN9Pmp13Zt6PZ57OvN6dbbQB/M9afDsmtyOJxQtvbaXbD3bqzQc79dWiHBFTEVGKKLdXkaxFJJ9FXI32Ev+X7sy7S/Yb542Hn354/v7H9fZWOV+y+qVh7Xa1hoywnS8xGxET+XpM5f36ux5vDvR3b6yuk07cacLOFYmDk9YasD1O8xHuW+BJdy9iYnKP/bWIUxExnb8PiHx2KB1zeIdurFkOAAAAnkwTB1V4/lE8iq2YOZ5wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4NmQtH8zMMmXUlGejaT4/f9Kvi9VqZxwvMN95YDjH9w8pkAAAAAAAAAA4Eh8kn9xf/ZRPIqtmCn2t5LsO//Xso3T2etz8V5sxFKsx8XYikZsxmasx3zE5ExXh5Wtxubm+vxgy19H2rLVat3LWy5ERG2g5cI+gZYO+cQBAAAAAAAA4Nn0k1iMmZMOAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuiURE+1VtpwuyrUolSNiOiIqab3tiD8V5afZn086AAAAADh61Xw9k/ynXWgl2Wf+l7PP/dPxXqzFZizHZjRjKW5kzwLan/pLf9+uNx/s1FfTZbDjb/9rrDiyHiNiIt7fZ+S5rMaZTovF+G58Py7EbFyL9ViOH0YjNmMpZqOankQ0Iolatf30olbEuXe8V3u2rvXHdrZv+9UskmrcjOUstotxvRLtxybZOaRjvto12h8qEX0jvp9mJ/lWbsQc3ej67/Wr/LlMrvX8iH0cjVp25pOdjMyluc+z8cLw3I95nfSPNB+lzjOo07ujpJv9IxU5/8E4OT/VXk2nLz/vzflhG/NRWn8mFqKUX30RL/fm/PYX77/Y2/jL//jLtVultZVbNzcuHOEpPY7ZgypMFoX+TNS7MvHK8Ksvz0QzzcT26JmY7N8xPWrLo1XJs5FNRSPOlt/JSo14resSfDduxFJcjrmYjysxF9+Ihah3rrB0OdOT13J9tTcn2b1WGpzfqkOCP/elrkq/OKDy8Urz8kJXXrtnulp2LN9z9Zcx13X1vTj86hv7r0A6/v/n5XSMn3b+4jwJejKRz81FdC8Nz8RvWunrRnNtZf1W4/aI453P1+lt+0Hv3Pzb0aPu/+t+GNLrJZ1xy9lWlpNqcb2kx17qRNubr0r+jUu7XWng2JnOsVrMxHJ8b987tZK/hxvsqX3sle5j/9ydOSv5+5viWM+7nHg3mtm7kD4HTtUAHLNTr5+qVB9W/1b9qPqz6q3qW9NvTl2Z+kIlJv9a/uPE70u/K30zeT0+ih/HzElHCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAz4KNO3dXGs3m0nqnENP9ex63UNl3rOGFKB1YZ+e50TqMWsTwsZK8UDncc38aC9Xo21P8wtLj9vxJRAypU3ns4JOxr7GxC2keDqXDVqud1GxPa2KM5uWi1d51yrExHSuNpLzHHTe1exdEbaXR/Herp3k1um4Z4Bl3aXP19qWNO3e/urzaeGfpnaW1hSuXr1yuf33+a5duLjeX5tqvJx0lcBQ27tyd2GP3wC/dAgAAAAAAAAAAAE+O/P/+3/zc/5ihfECdyvrG3iOfPe5TBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ5Si2/H5HYkMT93cS7dfrBTb6ZLUd6tWY6IUkQkP4pIPou4Gu0lal3dJfuN88bDTz88f//j+m5f5aJ+aVi70WznS8xGxES+PtjUHt0M9ne9q7/tzxVe0jnDNGHnisTBSftvAAAA//9u//cB") r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x90) syz_mount_image$vfat(&(0x7f0000000b00), &(0x7f0000000b40)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x1802a53, 0x0, 0xfa, 0x0, &(0x7f00000000c0)) getdents64(r0, &(0x7f0000001f80)=""/4097, 0x1001) 42.454172048s ago: executing program 4 (id=48): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001540)=ANY=[@ANYBLOB="bf16000000000000b7070000000100004870000000000000500000000000000095000000000000002ba728041598fbd30cb599e83d24a3aa81d36bb3019c13bd23212fb56fa54f2641d8b02c3815e79c1414eb07eae6f0711e6bd917487960717142fa9ea4318123f602000000000080de89e661168c1886d0d4d94f204e34ff65c26e278ef5b915395b19284a1a4bc72fbc1626e3a2a2ad358061d0ae0209e62f51ee988e6ea604ce974a22a550d6f97080980400003e05df3ceb9f1feae5737ecaa80a666963c474c2a100c788b277beee1cbf9b0a4d3881dcc7b1b85f3c3d44aeaccd3641110bec4e90a6341965c39e4b3431abe802f5ab3e89cf6c662ed4048d3b3e22278d00ce00000000d3a02762c2951257b85802189d74005d2a1bcf9436e192e23fd275985bf31b714f000bcab6fcd610f25f5888000000003f11afc9bd08c6ebfbb89432fb465bc52f49129b9b6150e320c9901de2ebb9000000018e3095c4c5c7a156cec33a667dccaff950ca1e5efdd4c968dacf81baa3a509b1041d06f6b0097c430481824a3f4fddd3c643f630ba175d876defd3541772f26e27c44cfdb2d85d6d29983e830a9cdd79837b3468e8c67a571d0a017c100344c52a570dd39877dfb2ff1ae66e1ce917474b2e650ae630afd086004c4a56c6cce6e51723257c872c5255f20100000000000000f041b665ab21372c8d8b7bac5b5c784d20a4a24d8dbd75062e1daef9dead619cc6e7baa72707157791c3d2a286ffb8d35452bb5d36c2a8682bf7ecbd53f950ef4709ec01e230d2f53594ef4839c6130c4c13a0cca84b9935f771fd49e480cd9d48aeb12b1d6acabd38a817bcd222614d1f62734d679039a97d2b74f9e8e997ccd314000f7477137f4e8e7025123e783df8b8a17e3aa9fe1f662aef87a065b03cfb65b4dfe4f1b56e1f23128d743753a1de172d683d5892ce9414a1d98ea93e3d35dbb6c23b90cf36e83b8a434a97d09343d7f83079ccb02e69d384146056d125cfa788237874dd42dae334bda042819a2aa24dba1c25be2794448b4f63483026b5e34d44705b76ef29241adab0dd7d68bf975e02069f6f2425e1bc97a3d588085f16bef63a06578d4f5de7bfb6aaa75f16996d536256c02284cb1d3a6fb8cae87691fae365a70c3fc69e1565bba8dd8a8ca049f798abe646f738bebd69413afc9d8a5edd7aaa000000000000001e6c2f2a287c5278a218dbfaffffff00a14db5cfa6819eb1d39c48cfdc80d215c9e16e0c4736c819363154cca4e2f89800d18c89d7f46f679df6c9e2952ae1ebfd0ca88368ee6ce139e8b5822c22cf2e9dde943d34c432e1001171792c65986146666a5490928441f47e0fe5eac41824ca1fd0eb71aa243c88d5480efd8329d9a733d8f9ffffff5f912ac4e34bf6ea8a86da707b03bddb491ba0cc98f6be92c50008a2b50025419d1476c73132ca7ca26ce8a7e3ffb700f09e157f9b844051f1a642aca9ff98c9036471ccff0522903e7bcf62e18f7696bbc280b95e8e0d6fd5644b0ebde3a95b06548862de809d3dae3cccf109f7c78e8479a345e800000000000000000000009455bf417627ce723a5d9103706aba69279500bb82f6b5a3ddc0bd9856712945b70c75ce5b722578820820d010d7a3cffc99fc647d0b82ef26ab708c0b19ed144be51c3b398f0e6bb7a30006000000cba12953d58cff0f0378740fe6662f377b97d8e7cdb047acd083d3cd3856476a60a49ad127ba6570bafc2bbcf9ee721fd9cb467ff071e5604fbf0491245c0000007d932d7a64de4c4aa433fc0840aff7c47da3a4c6966d0000000000000000f6bfbae29e8a6e2a889f6ef6869d82d6bd73eb76b65c7a35a54a4a6b8ad4600e3a972a0bb5971a5f16590b0a03dafa3fd1118765cc8ab9fccf3b51c41a339f200f2fa33006910a679a9ae0187b4d750c4bd244cb0cbfd23b265f4d4da448a7a0d19c5e430a31609dfa2dde267551467eb6475293dd7012cc449009981f22820e57a0eff234ccfe21d7a2302e000669753d3c3432cc14ee1abe724adb6b5431befedd3e22971118f0e21aed1823cb7dde8212a8531bd9691dd4cc6a370e9eb56b3d790b98f2bd0db1e5de6a146597b2cbb7103040d2a39d7965d34df524b760ab92efcce7dd1574052c735935bf6a752c015c7f5ffee9ff66e5dd2866b15b6e0d17618cb1f5c1ee4b051f47db7aa110f499f840a5c965443d725556351ee25fe09f69494b053678dcadcf02e063dff2fa4bef1ac3bbbebe6c74d71ec3b23e29895eff1d1017024fe3e8cc759b05785adc346b7ffd05963f92c1d0d7d90ba878ad89e490f3e29ac51d30632869a534418f916bf6fe8167827a8e6c8f8b391c822805cb0adf1b8bd6947ff208753eb0d208ce14f7b206b2e02c21e963abc5ceb735c1b3c46b0a843de52a903375dfb663a8d8ee9c2b2705c1a81d9d3b9656b219c8cd99c9cafcd0d0540884d97aecb19983fc6af29ab44a82aff9cba921192c665b877af6539bdb1b567f481ba07982e7ad758f4e1eac69e7e88a63960975f490e161e371ec8534791e3b61c685d900a9c0839208356b53750e76fcc3c2d1bddcbd83897921414d0c02e8188f3df79ea2a5c5444004830e6cb227ca1bdafb977c00000000003a417193b8c5d793687335a930867094fd6a78218218e04b705ec62f1608cb569b81914e68f175b392af6bc4fd2121d7fd276af2c97a441b56e7a0687d98b8e76d8d0d231e4fe00be1de76bd19cc12e2bd938eb681ed6bc951c1b4f7c51af59eea4d40c6000000000200778a677b72786311153271a3313da02645e11761699e4d04ac86dd14ff7b9a10d3fa74696fe3953a5b7706bf5d1faba4b18808d9cb0e9db696dec4e0820ee4028d7225a2c9c427cf64cbde6fba056b2006b7a37c1181d530fb865e235cd302f3b4071ee5237ada986b9e5e3144bf479f277f10656ad3744037ccc9c63685a6f1109d2ea73773d3635f61497f1fa1ea4a16f601800bf3e59141fbf05a96113320c445f9ba8596970d5254727e804fbd99ccefb7c09269dd2c5c25e56e169ac15980f3f85f7ca36dd5950ef5b64fd46f123311829534a82940994199b3cf7a8fabea9930952f5da9b909c1946e55289f668c423fcbb31ae91864c882313151741a67538c9689dc8ecc9903c7041e5c0704e2fa55a756487517a7445cbd9e3f5175e41c0000000000000000000a000000bf98efd587fffe326f474b0b089c017b16c0062cbce96f5adebec52a79f9363909842f79c50a1520be46d87003137e4c5031f00123e812a5e37cd52c9eb7336281cb8c6ce9934b157d7875a70eaf103cb3938e2361c51cd1eab8a26b232acf6bf0ab829c26dab637538b2eb1420d812d2b80c777710ba0f18e4661681aa218d9ba54023ab4305d77eb15611ae2545835e9d30e9f6d4fb43a291c69545a1eea0f8720431132d8549f99bf6c5cb060da70cbb59d0a000000000034d083fc37d2449f72de0cbea4bc1dc89c136cdbc504f849d5502d77a95c7bfff4cd9c03058d0d4d07ea64824f1acf2b39389f675f39d01719cdbab3f1ce10609c8d7b3e37cb99b41da5e485a441b6a103549f55ab09dc98767763d1f2fafd45bb7d2b40050d1f8292f4d9ec6d0000000000003932062290f4996fdd55b06023437e9e2072daf7f5d82f6f1b5b89a41134f4dc2e65bb11272fdf8c8141f41d6160b3d8b6ecd16d14267f61b4881adee7f07f3d6af5ae79e16fe2c3f55ac7a6392d2e1d9b4286b6c3e1f5a76b85ed6e1f0000c67e6c5fcdc8c39381be4799b8cb2d08b8262c807dd755e22b801162381aa9d1af2bbc9cfd497585337eac408b8475b47a392a10cae349160f128e5f873a58064eb400c36a90624f6aed398a215e9ce64522ab249f67c38a656d32ecff5cdb2b039c4abf349d2c0f88a42e9189bbfa7f5cf35b6e7ef8f9d33163b7ea875583e3aec4714c9c4ca3ecb04f2720237615a28bf310b58ffa2a103216fdcc8c2d8f5d55e5e7ebf147105272aaae56e86d856b3cf79a3f7306436762dd1a08ce873e07cebc7892ec6f9f696da38feed3dc0001500e34adae1ba89a32bad2af9030f840f1ba46cdadd5cbacc59352c290f55d971b65953533668c25f21d8d62d849e9058eaa97c63491568887548f668cdbca2abf01a361a0b64d8b523e669da350e3ec7445dfbf366b0b3bc5e76824a1e43eaaeca70db90f2fa39596443447671933079a24fe3681ad9ac361f71ac279a688f10a1cc4df1112105edebc5e3bbc394c8305ab129ca2dfb9b7c5e9d097bd01b495cccefddce569117f7f5d6a6270ff0f0f4c371029ca8489571b55841bf3dd003bc81460eee57ceb3c33f4e9300b0144fe040cf5fcfcbb616c2070237881afdb314cecd1623f3e55ab8b7627fa1be349145a8d6313cbc790eefe2020138e82fb9d351be4ddcbcc9bc048dd3db5828d16baec6e07a007f0030f34ea3cfd524d6fa1d45da5641d6c94e1d3ae7fba1c85035d2a60ef1696e0d96aa1c60019f73ae0aa6113cd66ef26b5777337c26e1461405d86fdf091edd526f25cada439bb3609ed5c35ab60a539ade786bd6004d0ea3edbd6c4da0d8e8be8c771c8c8a0b07d9859e04adb18964dcce9bce546074c26dffbc2df372a016e8c845d4257000000000000000000000000000000000000f29657697d9c2b132b2dc2f5ea5122836582a7e85fe2bc166f17aefd9d861de0191f5277d4a3b5afb6f23d9eea2459f7844606e1202768d83c24cc791bde44a448022bbfa571fe029a7b2d5152639ee283894ab6168992ff0acc01b39a078f285ce615351f262019586eb9447bb3eaffd7b53d8f37ca6c5f1027dd5b7592996c8a7789ba108979cc9ad07ed86682843e2eaa855dd01443ee6ffde1811f10039d5d14458177096e15cc4d8f2582a1bea5ccb9f10f615c87c441dc50a244bc138a1cae9868c3079bafe69769000000000000000000e99b63029d219cd3545a8426b56554a9f265d3557eefb3602894507c256cb8ee9ebadfecb6afeb84ba757bfa8d00a5af0dd6aa1e8144ef8ef04410d52204c335408941b8eccc5c734cc6a05247142ed647f89bcb5c043acfb382b9cc918bc3cdc368983157851cdf678800aa7eb2a6cbc12c7ae23bc88b8f10223ab2a093429f3f6965bc5af0114cf6f246e891e20ecaad7059866506c3000000000c3230e901e885b7a4a36bdfdb5ce7a2e5807a0f4c1d461d1243fccf51b875b49490cd7d044e7a1e1a4c013fae1f070a8a37ab90da2efc6c875b3aab34b75a252072691fc97bef0fed8ee597ab83bb53f89c36bc2ee3ad54904542f66dc94132df75fc9944882d6f2e13b7057e0000000000000000000000000000000000001b726c0ccd24000000000000cfd2f4d005578b9ed06e1c41ef3b411066739de953d39b968caaca1507928d68c8f052"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffe89}, 0x48) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000200)=r1, 0x4) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000d80)=@newtaction={0x88, 0x30, 0xffff, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x74, 0x1, [@m_mirred={0x70, 0x1, 0x0, 0x0, {{0xb}, {0x44, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x4, {{0xda53, 0x0, 0x3, 0xffffdf00, 0x5}}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x7f, 0x0, 0x2, 0x4, 0x8}, 0x1}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x2}}}}]}]}, 0x88}}, 0x0) 42.023860502s ago: executing program 4 (id=50): syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000180)='./file0\x00', 0x1400c, &(0x7f0000000080), 0x3, 0x47a, &(0x7f00000006c0)="$eJzs3M1vG0UbAPBn13H65k1pTClfLR+BgqgQJE1boAcOgEDiUCQkOMDRSkJVmhbUBIlWkUg5lBNCSNwRR/4FTnBBiBMSV7ijShXqhZaT0dq7sZ3YTpPaccG/n+T2mf3IzOPd2czu2AlgZE1n/yQReyPit4iYahTbN5hu/Hfj+ur8zeur80nUam/9mdS3++v66nyxabHfZGshkjjUod7li5fOVpeWFi/k5dmVcx/OLl+89OyZc9XTi6cXzx87efLE8bkXnj/2XF/ynIw0j15/98s3Tn3elv+GPPpkutfKJ2u1Plc3XHe1xGNDbAfbU8qPV7ne/6ei1HL0puK1T9cLnwypgcDA1Gq12mT31Ws14D8sifayLg+jovhFX9z/droPfmlgo4/hu/Zy4wYoy/tG/mqsGVt/YlDecH/bT9MR8c7a319nrxjMcwgAgDbfZ+OfZ7LRzup8NvZojj/SuK9lu3353FAlIu6OiP0RcU+cjwMRcW9Efdv7I+KBbdbfMklSH2ZuHv+kV3ec3C3Ixn8v5nNb7eO/YvQXlVK9dLFRiHLy3pmlxaP5e3Ikynuy8lyPOn549dcvuq1rHf9lr6z+YiyYt+Pq2J72fRaqK9WdZ9zu2uWIg2Od8k/WZwKSiHgwIg52+gHp1nWcefrbh7qt2zr/Hvow0VT7JuKpxvFfiw35F5Le85Oz/4ulxaOzxVmx2c+/XHmzW/23lX8fZMf//x3P//X8K0nrfO3yNiuoRFz5/bOu9zTT5TzYxvm/Vl2pjidv1+PxfNnH1ZWVC3MR48mpotrm8mPNfYtysX2W/5HDnfv//mi+E4ciIjuJH46IRyLi0fzYPRYRj0fE4R5vwU+vPPH+xmUTRf53wPFf2Nbxbwbj0b4k7bBNFpTO/vhdW6WVZpjnf7P39e9EPTqSL7mV69/mVnQObvf9AwAAgH+DNCL2RpLOrMdpOjPT+Az/gcbUd+aj8wuN7whUopwWT7qmWp6HzuW39Y3y5YhofLSgWH880vpz469KE/XyzPwHSwtDzRyY7NL/M3+Uht06YOB8YQtGl/4Po6tn/y/vXjuA3bep//fs83sG2hZgd3X4/T8xjHYAu6/T+N/f+4HRsKH/m/aDEeL5P4wu/R9Gl/4PI2l5Irb+knzPoPhJO9x9q2Aq4nZbOJwgyndEMwYWRDrwKsYHe2ptHUzEjnZPhtnmfgVtl4l9u31dAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6Jd/AgAA///miM2S") mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000040)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x4, 0x80) getdents64(r0, &(0x7f0000000400)=""/4096, 0x1000) 41.157510559s ago: executing program 4 (id=54): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$lock(r1, 0x6, &(0x7f0000002000)={0x1}) close_range(r0, 0xffffffffffffffff, 0x0) 40.140768119s ago: executing program 4 (id=60): r0 = syz_io_uring_setup(0x4172, &(0x7f0000000780)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=0x0, &(0x7f0000000040)=0x0) openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r0, 0x567, 0x0, 0xe00000000000000, 0x0, 0x0) 39.757375142s ago: executing program 32 (id=60): r0 = syz_io_uring_setup(0x4172, &(0x7f0000000780)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=0x0, &(0x7f0000000040)=0x0) openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r0, 0x567, 0x0, 0xe00000000000000, 0x0, 0x0) 3.896593136s ago: executing program 1 (id=335): futex(&(0x7f000000cffc)=0x4, 0x9, 0x4, 0x0, 0x0, 0x400000) futex(&(0x7f000000cffc), 0x4, 0x0, &(0x7f0000fd7ff0), &(0x7f0000048000)=0x1, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0xc, 0x1, 0x0, &(0x7f0000048000)=0xfffffffe, 0x0) 3.791378491s ago: executing program 5 (id=337): r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000180)=@bpf_lsm={0x6, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00', 0x4, 0x0, 0x0, 0x40f00}, 0x94) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000080)={r0, 0xf, 0x25, 0x2, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff}, 0x40) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@newlink={0x34, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x14080, 0x10000}, [@IFLA_XDP={0xc, 0x2b, 0x0, 0x1, [@IFLA_XDP_FD={0x8}]}, @IFLA_GROUP={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000040}, 0x0) 3.509133053s ago: executing program 6 (id=340): r0 = socket$inet6(0xa, 0x3, 0x1) r1 = socket(0x10, 0x3, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000580)=@raw={'raw\x00', 0x8, 0x3, 0x560, 0x0, 0xffffffff, 0xffffffff, 0xf0, 0xffffffff, 0x490, 0xffffffff, 0xffffffff, 0x490, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xf0}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@mcast2, 'vxcan1\x00', {0x8}}}}, {{@ipv6={@empty, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0xfd}}, [], [0x0, 0xffffffff], 'pim6reg\x00', 'gre0\x00', {}, {}, 0x62}, 0x0, 0x358, 0x3a0, 0x0, {}, [@common=@inet=@hashlimit3={{0x158}, {'veth0_virt_wifi\x00', {0x4, 0x8, 0x20, 0x5e1b2d47, 0xf91, 0x5, 0x4, 0x9f7, 0x18}, {0x8}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x5}}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@mcast2, 'bridge_slave_0\x00', {0x53}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x5c0) ioctl$SIOCSIFMTU(r1, 0x8923, &(0x7f0000000040)={'veth1_to_team\x00', 0x96}) 3.317539203s ago: executing program 5 (id=341): syz_mount_image$iso9660(&(0x7f0000000dc0), &(0x7f0000002380)='./file1\x00', 0x3a0cc0a, &(0x7f00000023c0)=ANY=[@ANYRES64=0x0, @ANYRESDEC=0x0, @ANYBLOB='\x00\x00', @ANYRESDEC, @ANYRESDEC, @ANYRES8, @ANYRESDEC], 0x43, 0xa14, &(0x7f0000001840)="$eJzs3U9sXNW9B/Dv9Z/Ez0QhQB4vDwGZhBcwkOfYTgmN2DSxx4mp/1S2UxFVFaEkqaJYpYIiAapUV6q6KmoXVaXSHVI3XVGxgU2VXbvtpotKFevuUFdpF53q3hnHTuzxOIljm/D5WNdz//zuOb8z98498njmnvBF1mg0qukOl8/9biuTZec5PfbZhx+9X04/XsyudOeF4pOkL0kt6UlyIMno2OzMVIeCriYXklxLiiS703zckAspfp49y8vXUvymqrd07g4bxoY0+FLb7vMPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB2omJ0bGhouMjkxPS5V2rtVUOAt9vYtVzep9Wo38WnHetNinJKX9/SUN8H9i9vfrT8dTiPN5cerwYkT1/ee+DRfS890tO1tP86Cd+Of7cGQ77tHd96972rry0sXHqzzfbuVnPuOsMd6kx9emJuZmLq1Jl6bWJupnbyxImhY2fH52rjE5P1ufNz8/Wp2uhs/dT8zGxtYPTZ2vDJk8dr9cHzM+emz4wNTtaXVr74/yNDQydqLw9+o35qdm5m+tjLg3OjZycmJyemz1Qx5eYy5sXa4tjs1yfma/P1U1O12uUrC5eO35TRGk91GTTcqSVl0EinoJGhkZHh4ZGR4RMvnHzhxaGhnuUV3alWDN0iq3Yp8s1/Nk+KPffvefEl9EHXBoLKi2Ntsy7dcNe6Wv1/JjOR6ZzLK6mt+TOascxmJlNttrcs9f9HjtXXrXdl/7/Uyx9Y3vxYqv7/yebSk+36/za5bN3PW3k37+VqXstCFnIpb960dfcdlNhorN2q3/65+Vxsd4tv/jmTeqYzkbnMZCJTOVWtqbXW1HIyJ3IiQ3k1ZzOeudQynolMpp65nM9c5lOvzqjRzKaeU5nvabZxIKN5NrUM52RO5nhqqWcw5zOTc5nOmYzlVFXK5Vypnvfj6+R4I2h4I0Ej6wSt0/+3Vmyk/9+CzogdbLMv4XDHGq3+f9ct67tWhw6MblVSAAAAwKb63z9l7/6H//i3pDdPVO+xAwAAAPeb6uN6j5cPveXcEynGJybrQ6sD39763AAAAIDNUVTfsSuS9Odgc27pm1BrvAkAAAAAfBFV//9/snzoL+cOpvD3PwAAANxvOt9jv2NEcTS1LJabahebkRdbEa37/PaPT0zWB0dnJl8aztPVXQaqbxqsKq07+5Lq6wfP5VAz6lB/87H/5hL7yqjhwZeG05fDrYYMPFU+PDWwRuRIGflcnmlGPrMU2ZdVkcfLSAC43x1epz9e1f///tU1+//ncrQZcfSx6vbtPY+t0QcPNXvWH21XQwGAGzqPsdMxovjK0vA/bf7+787lg82PFAzm9byRhVzM0erbBtUnDlql5lqR5VL7V3wM4WiHdwP6V4zwcnTp/YCDe9Z8P6B/xUAvR1e9I9Au9viaz12x6UcDALbG4VX98Dr9f6PRnLsR8etWKev//d/vI4UAsKPcGMH+Hs7cWmfv9jQVAGhp30uvo/seJgQAAAAAAAAAAAAAAAAAAAAAAAAAAAD3gXt5//+uJPd2ZIG7mFlMsv1p9G5xpX9vHfZVm1rrF3fI0almdufuy+nbkhEu3v32rh18qt/ZzDZelAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANgyRdK91vquZHfSM5Tk2NZnde8sbncC26y4nut5J3u3Ow8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAgPtN6/7/XWk+PtBclZ6u5EiSC0m+td05bqbr253ApituL3r5/v/lMU+jSE/zsKfoHR2bnZmqyttdbv/sw4/eL6c7yaosoKzhpsElWjW03+uhaq/+sUtvXf3BG9+vjZ2ukjw9Pz45NnVm9mvLgY8WHye1NKclS/n+sFjraSk+Llvaud6ylvGq3rHV9f7PWnvfqPfIH37Rvm3LltO4snBppKxpvv7K/Nvfu/LOiqCHcyh5aiAZuLmm75ZTm5oOpXe9eovPi58We/OrXKiOf5lG0SjKQ/Rgsitd/3X5ysKlwdffWLjYJqd9OZjkYtK38ZwOtj9Bq7Ouq7esdagKKn/t71Deuh7o3ttoNEscbtOGh6pTpv+22lDr8CLr8Ly32ni8TUaP5OnbPtJPd6ix5V+NpuZS8Xnx1+Js/pKftMb/2Fe9Rrubl/rOr84ypopccaa0b/OR5ZaPrNzw6q2RbV+V3AM/y3fy1Rvjv3StuP63jtXWXI9W1HjPXhdFsxdqqeb339Ijta4+7bJs5bm/GdUmz//O86v365Dn85267c15/d+s+Lz4oBjIP7Jo/B8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGDnK5LutdZ3JUeS7EvyYLlcSxqbUV9Xf7EZxWzQrlVrFrew9p2j68ZccT3X8072bms6AAAAAAAAAGya02OfffjR++VU/T++O/9XfJL0Nf/T35NkX/HL3tGx2ZmpDgX1JheSXCvn+24vh3K/7FlevlYuHbj9tgAAG/OfAAAA///pfHAp") unshare(0x22020600) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x400, 0x0) fchown(r0, 0x0, 0xee01) 2.937842794s ago: executing program 3 (id=346): openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) openat$vimc1(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) pselect6(0x40, &(0x7f0000000100)={0x0, 0x1, 0x0, 0x7fffffffffc, 0x0, 0xfffffffffffff30a, 0x5}, &(0x7f0000000000)={0x1f, 0x0, 0x9792, 0x8, 0x6, 0x1, 0xfffffffffffffffe, 0xc}, 0x0, 0x0, 0x0) 2.81303917s ago: executing program 1 (id=348): syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000140)='./bus\x00', 0x8, &(0x7f0000000040)={[{@noauto_da_alloc}, {@errors_remount}]}, 0x21, 0x4f3, &(0x7f00000012c0)="$eJzs3c9vVEUcAPDvbru0lEJBOahRQUTRELY/gIZwES4aQ0iMxJMHqO3SNN1lm26JtHIoR+8kknjSP8GbBxNOHrx505sXPJigEg018bDmvV3apb+1P9Z2P5/k9b2ZWfY702Vm9g3sTgAt62hEzEbEnoi4FhE99fxM/YgLtSN53ONHt4fnHt0ezkS1euW3TFqe5EXDn0nsqz9nZ0S8/07ER5mlcSvTM+NDxWJhsp7unSpN9FamZ06NZes5A4P9g33nTp8d2LS2Hil99fDtsUsffPP1Sw++n33zk6Ra3Z/uT8sa27GZak3PRXdDXntEXNqKYE3SXv/7w86T9LZnIuJY2v97oi19NQGA3axa7YlqT2MaANjtkvv/7shk8/W1gO7IZvP52hre4ejKFsuVqZM95Zs3RiJdwzoYuez1sWKhr75WeDBymSTdn14vpAeeSt8tnI6IQxFxt2NvWp4fLhdHmvnGBwBa2L5F8/+fHbX5HwDY5TqbXQEAYNuZ/wGg9Zj/AaD1/Iv536cDAWCXcP8PAK3H/A8ArWfN+f/O9tQDANgW712+nBzVudr3Xz/5pu5TI4XKeL50czg/XJ6cyI+Wy6PFQn64Wl3r+Yrl8kT/mflkZXrmaql888bU1bHS0GjhaiG3lY0BANbl0JH7PyaT/uz5vekRDXs5mKthd8s2uwJA07Q1uwJA0/g8D7SuddzjWwaAXW6ZLXqfsuJ/Ebpn81fYqU48b/0fWtVG1v+tHcDO9t/W/9/a9HoA288cDq2rWs3Y8x8AWow1fmBD//4PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALao7PTLZfLoX+GzyM5vPR+yPiIORy1wfKxb6IuJARPzQketI0v3NrjQAsEHZXzL1/b9O9BzvXly6J/NXR3qOiI8/v/LZraGpqcn+JP/3+fype/X8gT3NaAAA0OjC0qzaPF0/N9zIP350e/jJsZ1VfHixtrloEneuftRK2qM9PXdGLiK6/sjU0zXJ+5W2TYg/eycinlto/62GCN3pGkht59PF8ZPY+7cg/sLvf3H87FPxs2lZcs6lv4tnN6Eu0GruX6yNk/W+l3Sxev/LxtH0vHz/70xHqI1Lxr9kLJlbMv5l58e/tiXxM2mfPzqfXr0mD898++6SzGpPrexOxAvty8XPzMfPLD/+5o6vs40/vfjysZXKql9EnFi2/U92pC6lw2zvVGmitzI9c2qsNDRaGC3cGBgY7B/sO3f67EBvukZd+/ndcjF+PX/ywErxk/Z3rRC/c/X2x2vrbP+Xf1/78JVV4r/x6vKv/+FV4idz4uvrjD/UdWHF7buT+CMrtH+N1z9OrjP+g59nRtb5UABgG1SmZ8aHisXC5BoXyXvNtR7jYmdexGzEZj1huigREf+HdrnYyEWzRyZgqy10+mbXBAAAAAAAAAAAAAAAWEllema8Y4s/rdXsNgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALB7/RMAAP//TwTJNg==") syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000080)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x399446c, 0x0, 0x1, 0x0, &(0x7f0000000080)) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) renameat2(r0, &(0x7f0000000180)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r0, &(0x7f0000000200)='./file0\x00', 0x4) 2.644875562s ago: executing program 5 (id=349): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x4, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x7, 0x4008032, 0xffffffffffffffff, 0xd06d000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) futimesat(0xffffffffffffffff, 0x0, 0x0) 2.607944955s ago: executing program 6 (id=350): bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000007c0)=@bpf_tracing={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x21, '\x00', 0x0, 0x18, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x1af06, 0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000540), 0x10, 0x8}, 0x94) r0 = socket$kcm(0xa, 0x1, 0x106) sendmsg$kcm(r0, &(0x7f0000000780)={&(0x7f0000000000)=@in6={0xa, 0x4001, 0xfffffffd, @empty}, 0x80, 0x0}, 0x20000001) sendmsg$sock(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000840), 0x28}, 0x400c0) 2.594076864s ago: executing program 3 (id=351): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f00000008c0)=0x400002) ioctl$PPPIOCSPASS(r0, 0x40107447, &(0x7f0000000140)={0x2, &(0x7f00000000c0)=[{0x48, 0x7, 0xc0, 0xc}, {0x6, 0xd, 0x7, 0x4b}]}) write$ppp(r0, &(0x7f00000006c0)="188f2afe5691a274f5da29a8", 0xc) 2.56284069s ago: executing program 0 (id=352): madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) mbind(&(0x7f0000ff6000/0xa000)=nil, 0xa000, 0x3, &(0x7f0000000040)=0xf, 0x3, 0x0) mbind(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x3, &(0x7f0000000000)=0xff72, 0x83, 0x0) mlock(&(0x7f0000ffa000/0x3000)=nil, 0x3000) 2.275461345s ago: executing program 6 (id=354): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f00000006c0)={[{@dioread_nolock}, {@noauto_da_alloc}, {@inlinecrypt}, {@i_version}, {@data_err_ignore}, {@barrier_val={'barrier', 0x3d, 0x9}}, {@data_err_ignore}, {@grpquota}, {@noblock_validity}, {@user_xattr}, {@resuid}, {@quota}]}, 0x1, 0x563, &(0x7f0000000b00)="$eJzs3d9rW+UbAPDnpO1+dd/vOhhDRaSwCydz6dr6Y4IX81J0OND7GdqzMpouo0nHWgduF+7GGxmCiAPxXu+9HP4D/hWCDoaMohfeVE560qZL0mZdtnTm84FT3veck7znyTnP2/fkTUgAA2s8+1OIeDEivkoijkREkm8bjnzj+Pp+qw9vzGRLEmtrH/+Z1PfL6o3najxuNK+8EBG/fBFxqtDabnV5Zb5ULqeLeX2itnB1orq8cvryQmkunUuvTE1Pn31zeuqdt9/qWayvXfj724/uvX/2yxOr3/x0/+idJM7F4XxbcxxP4GZzZTzG89dkJM49suNkDxrbS5J+HwC7MpTn+UhkfcCRGMqzHvjv+zwi1oABlch/GFCNcUDj3r5H98HPjQfvrd8AtcY/vP7eSByo3xsdWk223Bll97tjPWg/a+PnP+7eyZbo3fsQADu6eSsizgwPt/Z/Sd7/7d6ZLvZ5tA39Hzw797Lxz+vtxj+FjfFPtBn/jLbJ3d3YOf8L93vQTEfZ+O/dtuPfjUmrsaG89r/6mG8kuXS5nGZ92/8j4mSM7M/q283nnF3t/KZ68/gvW7L2G2PB/DjuD+/f+pjZUq30JDE3e3Ar4qW2499k4/wnbc5/9npc6LKN4+ndVzpt2zn+p2vth4hX257/zRmtZPv5yYn69TDRuCpa/XX7+K+ta9fzqt/xZ+f/0PbxjyXN87XVx2/j+wP/pJ22bYk/ur/+9yWf1Mv78nXXS7Xa4mTEvuTD1vVTm49t1Bv7Z/GfPLF9/9fu+j8YEZ92Gf/tYz++3FX8fTr/s491/vNCY/Pmmo6F3z747LtO7XfX/71RL53M13TT/21zOFsKu33dAAAAAAAAYC8qRMThSArFjXKhUCyuf77jWBwqlCvV2qlLlaUrs1H/ruxYjBQaM91Hmj4PMZl/HrZRn3qkPh0RRyPi66GD9XpxplKe7XfwAAAAAAAAAAAAAAAAAAAAsEeMdvj+f+b3oX4fHfDU+clvGFw75n8vfukJ2JP8/4fBJf9hcMl/GFzyHwaX/IfBJf9hcMl/GFzyHwAAAAAAAAAAAAAAAAAAAAAAAAAAAHrqwvnz2bK2+vDGTFafvba8NF+5dno2rc4XF5ZmijOVxavFuUplrpwWZyoLOz1fuVK5OjkVS9cnamm1NlFdXrm4UFm6Urt4eaE0l15MR55JVAAAAAAAAAAAAAAAAAAAAPB8qS6vzJfK5XRxszDaskZBoWNheG8chkKPC/3umQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABg078BAAD//8MXMfA=") r0 = creat(&(0x7f00000000c0)='./bus\x00', 0x182) write$binfmt_register(r0, &(0x7f0000000640)={0x3a, 'syz0', 0x3a, 'M', 0x3a, 0x40, 0x3a, '//[,{\x87&#p\xe72\x92hT\x00\x15\xa1P\xa7w\xb7v\xf4\xdd5\xcb \xcb\xd5}i\x02\x1a\x0f\xf2\xbd\x006\x0en^u\xba\xac\xd6\xa7r\xfb\a@\xe1|\x13z\xb3\x88\x1c@(%\xe1\xc2)J\xc7\x99\xd0p9\xe0d\x02vV9@^\xa6\xb4uf\xa4\xb7\xa5{\x86l\x1c\xfd\xd7Q\x8ab\xdc\x11\xf4\x05\xcf\xc6DCU\xe6\x1d\xf6\xe2b0\xc7\x11\x00L\xdab\xd2\x9c\x90\xc3\xe7 \xbb\xdcu@\x97[\xdf\xad\x16\xd7h>\x7f\x1c\xef\xd7\xff\x86\xd4\x02*\x84\xf2\x13\xa5\xc6@\x01\xe3\xeb\xc1\xb6e\xc3!\x95\x86\xea\x13\xa2\'\xf0\f:\\Y\xe06Y\x01\xee|\x91\xf7j\xf9\xcc\\\n.w\xc0(\x1f\x9d\xa6\xb3\xa5#\xb5\v8\x84:\xecK\xb2\xa8L\xc0\xbav\xaf\xa0\xec\xa0\xbau&\\\xf3\xaf\xf2>\x86\xd4\x90\xf4\xfe\xb3c\xcbQA1\xf2#.\x98=\xd7\xd2)4O*\xa2\xb0\xc8\xdc\xaaJ@\xa2\xfd\x984_zDx8\xdf$\x88k\xd7+T_0\xb8Y\xf6\xbd[\xf3\x90\x95>Tu\x88\xf3\x8d\x83\x8d\xf6\xe2\xf0\x9dd!\xd1L\x11c\x94\x1a\xf4\xdb3\xa3@\xb0G\x8c\x1c!K^\xfe\x81cY\xd2\b\xcag\x94u2\x05\xb7}\xbd:\xe9\\\xc8\xb9t\x00\xca\xf5l\xa3\x1f\xa1\xf8\x8b%\xfb\x883sx\x13AL\xee&\x05\xac\xc3\r7\x92;/\xe3\xb0\x05\xf8', 0x3a, '\xab.a\x038#\xc6\xcf\f\x8b7\x82\xa8X\xf0!\x19\xaf\n\x95\xc3k<\xe4\xb2k\xd1\xb8}L\xfb\xc1Ds|$\xbd\xaeb\x95{lPL\xcd\xf4\xfcfSg\x15\aiY&\x16\xbdK\v\xa6\xe4%\xc7v\x8e\xbe\x8dk\xd9\xa8\xa2\ak\x8a#\x8fV\x89\xcd\xd8\xeb\xd5lC$TN\xee\xb4\xab\xb8\x7f\f\xf9\xeb\',\x86V\xc6\xfd\x82\xb4\xd0b\x8f`\xb4\xc06\xe6Nw\x00\xc9>\xb8\a\x8c\xf5gjg\xc9\xe3\xe2\xee\xf1]Br\xa4\xcag\xc8[\xbe\x1f\x9d\xc3\xfa\x14\x93\xcb\xe8\x8c\xe3\'\x1bhzRN\xc4\xf79SfKi\xe1\xc5\x19\x9bl\xc4A\xe3\xb5\xc7\xdb\xb5\xa7\xdap4\xbalN\ft\x85\x9e^\xf8\x8f_\x01p8\xc3\xe2GQ\v\x92\x00\x9c*3\x88h&\xe6\xa7\x1d\xf9\xc1\xeezr!\xb6\x1ff\xa3\xa5\xc2o%\xcb#\xae\x8a}\xdd\xfa\xb8e|\xe6\xa6\b\x88\xb6\xdfB\x00\x00', 0x3a, './file0'}, 0x290) lseek(r0, 0x9, 0x4) 2.164640143s ago: executing program 1 (id=356): r0 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000f40)=@raw={'raw\x00', 0x8, 0x3, 0x500, 0x0, 0xffffffff, 0xffffffff, 0x190, 0xffffffff, 0x430, 0xffffffff, 0xffffffff, 0x430, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [0xffffff00], [], 'veth0_macvtap\x00', 'bridge0\x00', {}, {0xff}}, 0x0, 0x148, 0x190, 0x0, {}, [@common=@unspec=@helper={{0x48}}, @common=@inet=@hashlimit1={{0x58}, {'bond_slave_1\x00', {0x41, 0x1ff, 0x6, 0xb0e2, 0x10001, 0x84e, 0xfffffffb, 0x18, 0x8}, {0x1}}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@private1={0xfc, 0x1, '\x00', 0x1}, 'bridge0\x00', {0x8}}}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'erspan0\x00', 'gre0\x00', {}, {}, 0x0, 0x0, 0x0, 0x4b}, 0x0, 0x258, 0x2a0, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'vcan0\x00', {0x3, 0x0, 0x41, 0xfffffffe, 0x2, 0x8, 0x6, 0x3}}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@local, 'pimreg\x00', {0xf2e3}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x560) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a30000000002c000000030a010200000000000000000100fffe0900010073797a30000000000900030073797a3213000000dc000000060a010400000000000000000100000508000b4000000000b4000480200001800d00010073796e70726f7879000000000c000280060001400000000034000180080001006c6f670028000280080006400000000d110002402b24292d2d2a5d24402c2d400000000006000440000700003c0001800900010068617368000000002c000280080007400000000008000340000000160800014000ff00120800024000000000080004400000000020000180080001006e61740014000280080003400000000008000540000000000900010073797a30"], 0x150}}, 0x0) 2.13052083s ago: executing program 0 (id=357): bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1200000007"], 0x50) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r0, &(0x7f0000000000), 0xd) 2.125985984s ago: executing program 3 (id=358): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000040)={0xffffffffffffffff}, 0x106}}, 0x20) write$RDMA_USER_CM_CMD_BIND(r0, &(0x7f0000000180)={0x14, 0x88, 0xfa00, {r2, 0x1c, 0x0, @in6={0xa, 0x4e23, 0xe, @empty, 0x1}}}, 0x90) 1.957635211s ago: executing program 2 (id=359): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000000)={'batadv0\x00', 0x0}) r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), r0) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, r2, 0x48212b8952c3aff5, 0x70bd25, 0x0, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x700) 1.824894111s ago: executing program 3 (id=360): r0 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x80, 0x2, 0x1ce}, &(0x7f0000000000)=0x0, &(0x7f0000000300)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x5, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, r0, 0x0, 0x0, 0x64, 0x183000, 0x12345}) io_uring_enter(r0, 0x47f6, 0x0, 0x0, 0x0, 0x0) 1.81307213s ago: executing program 0 (id=361): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000001140)={'team_slave_0\x00', @remote}) ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000001140)={'team_slave_0\x00', @broadcast}) 1.653614103s ago: executing program 0 (id=362): r0 = socket$inet6(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000001680)={&(0x7f0000000000)=@newtaction={0x6c, 0x30, 0x53b, 0x0, 0x0, {}, [{0x58, 0x1, [@m_simple={0x54, 0x1, 0x0, 0x0, {{0xb}, {0x28, 0x2, 0x0, 0x1, [@TCA_DEF_DATA={0xb, 0x3, 'simple\x00'}, @TCA_DEF_PARMS={0x18, 0x2, {0x9f}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc}}}]}]}, 0x6c}, 0x1, 0x0, 0x0, 0x4060040}, 0x0) sendmsg$IPCTNL_MSG_EXP_GET(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="02e0bf11bbea9d20"], 0x14}, 0x1, 0x0, 0x0, 0x48001}, 0x40048c0) sendto$inet6(r0, &(0x7f0000000000)='s', 0x10a73, 0x800, 0x0, 0x4b6ae4f95a5de35b) 1.552169191s ago: executing program 2 (id=363): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0xfe, 0x7fff0006}]}) mkdirat(0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x4c) r0 = openat(0xffffffffffffff9c, &(0x7f00000013c0)='./file0/file0\x00', 0x42, 0x0) pwritev(r0, 0x0, 0x0, 0x2, 0x8001) 1.550215433s ago: executing program 6 (id=364): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000100)={'wpan0\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL802154_CMD_DEL_SEC_DEVKEY(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000005c0)={0x40, r2, 0x1, 0x70bd28, 0x25dfdbfd, {}, [@NL802154_ATTR_SEC_DEVKEY={0x24, 0x2f, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0xaaaaaaaaaaaa0102}}, @NL802154_DEVKEY_ATTR_ID={0x14, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x1}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x3}]}]}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r1}]}, 0x40}, 0x1, 0x0, 0x0, 0x4000891}, 0x20004044) 1.301048305s ago: executing program 2 (id=365): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) ioctl$TUNSETOFFLOAD(r0, 0x400454c9, 0xba98575a95aeb70d) ioctl$TUNSETFILTEREBPF(r0, 0x800454e1, &(0x7f0000000bc0)) 1.239125729s ago: executing program 0 (id=366): r0 = syz_open_dev$vim2m(&(0x7f0000000140), 0x12, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1}) ioctl$vim2m_VIDIOC_STREAMON(r0, 0x40045612, &(0x7f0000000080)=0x2) ioctl$vim2m_VIDIOC_QBUF(r0, 0xc058560f, &(0x7f00000002c0)=@multiplanar_mmap={0x0, 0x2, 0x0, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "fafc00"}, 0x0, 0x1, {0x0}}) 1.09753084s ago: executing program 3 (id=367): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="01000000050000000100000007"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0xfffffffffffffe8b, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x3, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={r1, 0x2000300, 0xe, 0x0, &(0x7f0000000000)="63eced8e46dc3f0adf3389f7b986", 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 1.032559414s ago: executing program 1 (id=368): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000004c0)={r0}, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x4, 0x10, &(0x7f0000000240)=@framed={{0x18, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x2}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1000}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0xb6}}]}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r1, 0x0, 0x10, 0x10, &(0x7f00000006c0)="0000000005000000", &(0x7f0000000700)=""/8, 0x2f00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) 953.144529ms ago: executing program 6 (id=369): syz_mount_image$hfsplus(&(0x7f0000000600), &(0x7f0000000640)='./file1\x00', 0x1008000, &(0x7f0000000300)=ANY=[@ANYBLOB="000075b8b62e943fefae1913e055b8852885f3200b41a4a7e940141a3e9a708cfa000f58442c767bb8bac7e75a49ac5762e52f7f3bf6909e28d3468821124bce8d75bf8584dedd275c45e85bfa22d157b6d5ac4e569df05173d6ff9d8ed3bdf95c41f60f6a1b456842fecd0f09b6ab9136de2336b349cfe9cd308933da9b574e4f040f"], 0x1, 0x5ec, &(0x7f0000001640)="$eJzs3cFvHFcdB/Dvbhxn10jpxk3agCphFalCWCS7tkRShASUgixUoUocOFvESaxs0sreIrcHCIhDxal/Qjn4H0Aci5QD7RFOPRv1iMQZ31zN7Ky9jreuHbvZdfP5SLPvvXkzb3/vN7OTmbWiDfDMWprP1KPUsjT/xkbR3tpc7G5tLt4f1JNcSFJPGklqxeq/J/kseZj+km8OOobKAz79qHHnkw8+fr/falRLuX3tsP0Oao5YtxtLqx9rWZ7AvvEWTjze/hnOJpk7WXxwOnYG/jOy+xifSwDgrKkl50atbyUz1c168RzQvyvu32OfaQ/HHQAAAAA8Bc9tZzsbuTjuOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAsqX7/v1Yt9UF9LrXB7/9PV+tS1c+0R+MOAAAAAAAAAACOZuawzm9vZzsbuTho79TKv/m/XDYul6/fyDtZz0rWci0bWU4vvaylk6Q1NND0xnKvt9Y5wp4LI/dc2G1PndK8AQAAAAAAAOBZ8qcs7f39HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJkEtOdcvyuXyoN5KfSpJI8l0sd3D5N+D+ln2aNwBAAAAwFPw3Ha2s5GLg/ZOrXzmf6F87m/knTxIL6vppZuV3Cq/C+g/9de3Nhe7W5uL94vl4Lg//d+xwihHTP+7h9HvfLXcopnbWS3XXMtv81a6uZV6uWfh6iCe0XH9sYip9uPKESO7VZXFzH9ZlZOhVWbk/G5G2lVsRTYuHZ6JYx6dx9+pk/ruNz+Xv4Kcz1RlMZ/XJzrnC0Nn3wuHZyKZ/c1fbtztPrh39/b6/ORM6Qk9nonFoUy8+Exlol1m4spueym/yK8zn7m8mbWs5ndZTi8rmcvrZW25Op+L19bhmfrJvtabXxbJdHVc+lfR48X0crnvxazmV3krt8oj2s6N3MhCfpBX0953hK+MjPsPO1V3+amvH+9T/53vVpXzSX5elZOhyOulobwOX3NbZd/wmr0szZ7+tXHqW1WlOHtem7hr46XH/pUYZOL5wzPx1/LEWe8+uLd2d/ntI77fK1VZZOBnBzKxc+7EE3pixfkyWxyssrX/7Cj6nh/Z1yn7Lu/21Q/0Xdnt+7JP6nR1D3dwpIWy78WRff39rvb7mkXvqPstACbezPdmppv/bf6r+WHzz827zTcar124eeGl6Zz/5/kfTrXPvVJ/qfa3fJjf7z3/AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAT2793ffuLXe7K2uTXfn/Tt+kxKOi8jWvjPvKBHzVrvfuv319/d33vr96f/nOyp2VB6+2b97sdDo32tdvr3ZXqtdxRwkAnKa9m/5xRwIAAAAAAAAAAAAAAHyRp/Hficc9RwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4OttaT5Tj1JLp32tXbS3Nhe7xTKo723ZSFIrKv9I8lnyMP0lraHhal/0Pp9+1LjzyQcfv783VmOwfe2w/Y7mRzNDsdQfi+kJ7JvbwonH25vhXJLZqoSx+zwAAP//3pMKTQ==") mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2a05004, 0x0) chroot(&(0x7f0000000180)='./file0\x00') pivot_root(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file0/../file0\x00') 915.060725ms ago: executing program 2 (id=370): bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x9, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1af8ff00000000bfa10000000000000701"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="1802000000000000000000000000020085000000a800000095"], 0x0}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r0}, 0xc) 877.755726ms ago: executing program 0 (id=371): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0xc2240, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xf) ioctl$TCFLSH(r0, 0x400455c8, 0x1) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000040)=0x32) 840.354595ms ago: executing program 5 (id=372): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x1f, 0x19, &(0x7f0000000500)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x7e}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x101}}, @snprintf={{}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x5}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0xb3}}]}, &(0x7f00000000c0)='GPL\x00', 0x3, 0x0, 0x0, 0x41100, 0x18, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xebfb}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000)={r2}, 0xc) 613.259711ms ago: executing program 2 (id=373): r0 = syz_io_uring_setup(0x49e, &(0x7f0000000400)={0x0, 0xe7ae, 0x1, 0x3, 0x40024a}, &(0x7f0000000340)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_MSG_RING={0x28, 0x40, 0x0, r0, 0x0, 0x0, 0x0, 0x2}) io_uring_enter(r0, 0x3d0e, 0x4c1, 0x43, 0x0, 0x0) 611.502021ms ago: executing program 1 (id=374): r0 = socket(0x40000000015, 0x5, 0x0) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000000000)=0x1, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e24, @loopback}, 0x10) sendmmsg$inet(r0, &(0x7f0000000a00)=[{{&(0x7f00000001c0)={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10, 0x0, 0x0, &(0x7f0000000800)=[@ip_tos_u8={{0x11, 0x0, 0x1, 0xa}}], 0x18}}], 0x1, 0x4000040) 526.234534ms ago: executing program 5 (id=375): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'sha224\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000001000)=[{0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000a40)="f2", 0x1}, {&(0x7f0000000140)="aa", 0x1}], 0x2, 0x0, 0x0, 0x400c850}], 0x1, 0x10) 424.634393ms ago: executing program 6 (id=376): write(0xffffffffffffffff, &(0x7f0000000340)="88a9131cf90d056c26f9fbb61532bc6dbee9e4688070d97f50f7d9a557f67083867c1dd810c17b510db0c6f5b5fbe4847f462a360060ac10cb674c18f7992a2b194205b505face7efa1d5efaeb182e3a51eb551626185e1546e26810157fdb825f5ff6ab936e5607499c2191ff3ed92cc1398ad4e52345cf159b3016c58835f2f8d8249c1e0c2f228a0a30e649a90eaefcc10616f99b31365d", 0x99) mmap(&(0x7f0000009000/0x4000)=nil, 0x4000, 0x3000000, 0x32, 0xffffffffffffffff, 0x1a326000) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) write(r0, &(0x7f0000000280)="e8bd8a4c56281ba2ba42cfa5b9fe5fc6dcde2ee431f5595ceadb9a2c95e57f15ee4a83f9e7d78ea996f78bd588bedcdbc730d6d15df6d2a26ca4e55e97ed0522a190ce241a37bad3317fba7e4be3dbbfec5e2f401b5658cc8fda", 0xffffffe5) 222.869138ms ago: executing program 2 (id=377): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r0, &(0x7f0000000040)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x12, r0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000c40)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000050000"], &(0x7f0000000f80)=""/4115, 0x29, 0x1013, 0x1}, 0x28) 144.634669ms ago: executing program 1 (id=378): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0xc0041, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, &(0x7f0000000140)=0x90) write$tun(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="e7c8543bcf4c64bd5de303d6b41b1e04d3d062d45dd9dc1459"], 0xfdef) 13.873317ms ago: executing program 5 (id=379): r0 = syz_io_uring_setup(0x3866, &(0x7f0000000000)={0x0, 0xffffffff, 0x1, 0x0, 0x4}, &(0x7f0000000080)=0x0, &(0x7f0000000340)=0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x2, 0x0, 0xa, 0x2, 0x0, 0x7fff, 0x0, 0x0, {0x3}}) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0x2, 0x0, 0x4) io_uring_enter(r0, 0x2, 0x10a5, 0x3, 0x0, 0x0) 0s ago: executing program 3 (id=380): r0 = socket(0xa, 0x3, 0xff) syz_emit_ethernet(0x3e, &(0x7f0000000100)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3f}, @void, {@ipv6={0x86dd, @generic={0xc, 0x6, "370c89", 0x8, 0x2b, 0x1, @ipv4={'\x00', '\xff\xff', @empty}, @local, {[@hopopts={0xff}]}}}}}, 0x0) recvmmsg(r0, &(0x7f0000003600)=[{{0x0, 0x0, 0x0}, 0x6}, {{0x0, 0x0, 0x0}, 0x6}], 0x2, 0x40000322, 0x0) syz_emit_ethernet(0x42, &(0x7f0000000100)=ANY=[], 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.79' (ED25519) to the list of known hosts. [ 81.335356][ T5806] cgroup: Unknown subsys name 'net' [ 81.525446][ T5806] cgroup: Unknown subsys name 'cpuset' [ 81.535397][ T5806] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 82.977179][ T5806] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 86.591944][ T5831] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 86.599406][ T5831] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 86.607721][ T5831] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 86.615238][ T5831] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 86.623339][ T5831] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 86.635658][ T5831] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 86.638608][ T5833] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 86.648024][ T5138] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 86.652752][ T5833] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 86.658251][ T5138] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 86.674620][ T5834] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 86.682716][ T5834] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 86.691877][ T5834] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 86.694592][ T5838] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 86.699676][ T5834] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 86.707277][ T5838] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 86.713419][ T5834] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 86.726300][ T5838] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 86.727500][ T5834] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 86.741228][ T5834] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 86.741940][ T5828] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 86.756016][ T5828] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 86.759524][ T5834] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 86.764423][ T5828] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 86.770891][ T5834] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 86.784301][ T5834] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 86.800506][ T5828] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 86.803457][ T5833] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 86.808214][ T5828] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 86.815425][ T5833] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 87.548051][ T5832] chnl_net:caif_netlink_parms(): no params data found [ 87.719810][ T5820] chnl_net:caif_netlink_parms(): no params data found [ 87.772255][ T5829] chnl_net:caif_netlink_parms(): no params data found [ 87.786015][ T5827] chnl_net:caif_netlink_parms(): no params data found [ 87.814016][ T5823] chnl_net:caif_netlink_parms(): no params data found [ 87.954790][ T5832] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.962547][ T5832] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.969823][ T5832] bridge_slave_0: entered allmulticast mode [ 87.978712][ T5832] bridge_slave_0: entered promiscuous mode [ 88.033283][ T5832] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.040857][ T5832] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.048030][ T5832] bridge_slave_1: entered allmulticast mode [ 88.055484][ T5832] bridge_slave_1: entered promiscuous mode [ 88.152958][ T5821] chnl_net:caif_netlink_parms(): no params data found [ 88.165411][ T5820] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.173133][ T5820] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.180321][ T5820] bridge_slave_0: entered allmulticast mode [ 88.187811][ T5820] bridge_slave_0: entered promiscuous mode [ 88.243903][ T5820] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.251199][ T5820] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.258355][ T5820] bridge_slave_1: entered allmulticast mode [ 88.265961][ T5820] bridge_slave_1: entered promiscuous mode [ 88.288039][ T5832] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 88.369577][ T5832] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.379552][ T5829] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.387193][ T5829] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.394730][ T5829] bridge_slave_0: entered allmulticast mode [ 88.402269][ T5829] bridge_slave_0: entered promiscuous mode [ 88.411367][ T5827] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.418509][ T5827] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.425938][ T5827] bridge_slave_0: entered allmulticast mode [ 88.433517][ T5827] bridge_slave_0: entered promiscuous mode [ 88.448868][ T5827] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.456216][ T5827] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.463456][ T5827] bridge_slave_1: entered allmulticast mode [ 88.471189][ T5827] bridge_slave_1: entered promiscuous mode [ 88.488925][ T5823] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.496748][ T5823] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.504290][ T5823] bridge_slave_0: entered allmulticast mode [ 88.512085][ T5823] bridge_slave_0: entered promiscuous mode [ 88.548815][ T5829] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.557099][ T5829] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.564297][ T5829] bridge_slave_1: entered allmulticast mode [ 88.571773][ T5829] bridge_slave_1: entered promiscuous mode [ 88.599295][ T5820] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 88.609326][ T5823] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.616670][ T5823] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.623971][ T5823] bridge_slave_1: entered allmulticast mode [ 88.631490][ T5823] bridge_slave_1: entered promiscuous mode [ 88.653808][ T5832] team0: Port device team_slave_0 added [ 88.693018][ T5820] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.726813][ T5832] team0: Port device team_slave_1 added [ 88.733092][ T5833] Bluetooth: hci1: command tx timeout [ 88.783451][ T5827] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 88.797635][ T5827] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.811343][ T5138] Bluetooth: hci0: command tx timeout [ 88.811579][ T5828] Bluetooth: hci2: command tx timeout [ 88.816968][ T5833] Bluetooth: hci3: command tx timeout [ 88.849075][ T5820] team0: Port device team_slave_0 added [ 88.876810][ T5823] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 88.890647][ T5833] Bluetooth: hci5: command tx timeout [ 88.893674][ T5828] Bluetooth: hci4: command tx timeout [ 88.898261][ T5823] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.915306][ T5829] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 88.927433][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.934555][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 88.960623][ T5832] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.997123][ T5820] team0: Port device team_slave_1 added [ 89.016943][ T5829] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.027007][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 89.034052][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 89.060030][ T5832] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 89.071152][ T5821] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.078267][ T5821] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.086032][ T5821] bridge_slave_0: entered allmulticast mode [ 89.093604][ T5821] bridge_slave_0: entered promiscuous mode [ 89.156484][ T5821] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.164074][ T5821] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.171341][ T5821] bridge_slave_1: entered allmulticast mode [ 89.178708][ T5821] bridge_slave_1: entered promiscuous mode [ 89.187942][ T5827] team0: Port device team_slave_0 added [ 89.196548][ T5827] team0: Port device team_slave_1 added [ 89.215786][ T5823] team0: Port device team_slave_0 added [ 89.236852][ T5829] team0: Port device team_slave_0 added [ 89.266866][ T5820] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 89.273907][ T5820] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 89.300191][ T5820] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 89.314488][ T5823] team0: Port device team_slave_1 added [ 89.321766][ T5820] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 89.328709][ T5820] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 89.354666][ T5820] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 89.368195][ T5829] team0: Port device team_slave_1 added [ 89.456791][ T5821] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.467420][ T5829] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 89.474452][ T5829] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 89.500394][ T5829] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 89.512110][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 89.519049][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 89.545404][ T5827] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 89.570556][ T5823] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 89.577520][ T5823] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 89.603697][ T5823] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 89.629078][ T5821] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.639885][ T5829] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 89.647004][ T5829] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 89.672927][ T5829] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 89.691104][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 89.698042][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 89.724163][ T5827] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 89.753813][ T5823] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 89.760830][ T5823] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 89.786756][ T5823] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 89.804610][ T5832] hsr_slave_0: entered promiscuous mode [ 89.811422][ T5832] hsr_slave_1: entered promiscuous mode [ 89.845372][ T5821] team0: Port device team_slave_0 added [ 89.894970][ T5820] hsr_slave_0: entered promiscuous mode [ 89.901656][ T5820] hsr_slave_1: entered promiscuous mode [ 89.908005][ T5820] debugfs: 'hsr0' already exists in 'hsr' [ 89.913825][ T5820] Cannot create hsr debugfs directory [ 89.923621][ T5821] team0: Port device team_slave_1 added [ 90.081431][ T5829] hsr_slave_0: entered promiscuous mode [ 90.087825][ T5829] hsr_slave_1: entered promiscuous mode [ 90.094198][ T5829] debugfs: 'hsr0' already exists in 'hsr' [ 90.099936][ T5829] Cannot create hsr debugfs directory [ 90.151493][ T5823] hsr_slave_0: entered promiscuous mode [ 90.157934][ T5823] hsr_slave_1: entered promiscuous mode [ 90.164279][ T5823] debugfs: 'hsr0' already exists in 'hsr' [ 90.170005][ T5823] Cannot create hsr debugfs directory [ 90.181860][ T5827] hsr_slave_0: entered promiscuous mode [ 90.188230][ T5827] hsr_slave_1: entered promiscuous mode [ 90.194495][ T5827] debugfs: 'hsr0' already exists in 'hsr' [ 90.200206][ T5827] Cannot create hsr debugfs directory [ 90.237568][ T5821] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.244981][ T5821] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 90.271488][ T5821] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.284217][ T5821] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.291301][ T5821] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 90.317276][ T5821] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.568144][ T5821] hsr_slave_0: entered promiscuous mode [ 90.575602][ T5821] hsr_slave_1: entered promiscuous mode [ 90.582129][ T5821] debugfs: 'hsr0' already exists in 'hsr' [ 90.587859][ T5821] Cannot create hsr debugfs directory [ 90.810364][ T5828] Bluetooth: hci1: command tx timeout [ 90.894424][ T5828] Bluetooth: hci2: command tx timeout [ 90.894458][ T5138] Bluetooth: hci0: command tx timeout [ 90.905593][ T5833] Bluetooth: hci3: command tx timeout [ 90.970416][ T5138] Bluetooth: hci5: command tx timeout [ 90.980537][ T5138] Bluetooth: hci4: command tx timeout [ 91.079008][ T5820] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 91.098868][ T5820] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 91.110457][ T5820] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 91.136335][ T5820] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 91.145584][ T791] cfg80211: failed to load regulatory.db [ 91.208726][ T5832] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 91.220919][ T5832] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 91.234465][ T5832] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 91.256664][ T5832] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 91.338122][ T5829] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 91.357598][ T5829] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 91.390878][ T5829] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 91.424556][ T5829] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 91.479166][ T5827] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 91.492075][ T5827] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 91.518946][ T5827] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 91.556299][ T5827] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 91.592290][ T5820] 8021q: adding VLAN 0 to HW filter on device bond0 [ 91.650122][ T5832] 8021q: adding VLAN 0 to HW filter on device bond0 [ 91.713195][ T5832] 8021q: adding VLAN 0 to HW filter on device team0 [ 91.750701][ T5820] 8021q: adding VLAN 0 to HW filter on device team0 [ 91.757996][ T5823] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 91.768934][ T5823] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 91.784221][ T5823] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 91.795530][ T5823] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 91.837063][ T37] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.844381][ T37] bridge0: port 1(bridge_slave_0) entered forwarding state [ 91.883471][ T37] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.890773][ T37] bridge0: port 1(bridge_slave_0) entered forwarding state [ 91.928049][ T37] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.935191][ T37] bridge0: port 2(bridge_slave_1) entered forwarding state [ 91.946512][ T37] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.953645][ T37] bridge0: port 2(bridge_slave_1) entered forwarding state [ 91.993587][ T5829] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.018532][ T5821] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 92.051294][ T5827] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.066573][ T5821] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 92.077744][ T5821] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 92.112919][ T5821] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 92.172064][ T5829] 8021q: adding VLAN 0 to HW filter on device team0 [ 92.216825][ T5827] 8021q: adding VLAN 0 to HW filter on device team0 [ 92.244319][ T597] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.251479][ T597] bridge0: port 1(bridge_slave_0) entered forwarding state [ 92.263593][ T597] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.270710][ T597] bridge0: port 2(bridge_slave_1) entered forwarding state [ 92.296750][ T597] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.303910][ T597] bridge0: port 1(bridge_slave_0) entered forwarding state [ 92.343484][ T37] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.350659][ T37] bridge0: port 2(bridge_slave_1) entered forwarding state [ 92.524188][ T5823] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.735939][ T5823] 8021q: adding VLAN 0 to HW filter on device team0 [ 92.758143][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.765329][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 92.800020][ T5821] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.867351][ T5832] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 92.888820][ T60] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.896031][ T60] bridge0: port 2(bridge_slave_1) entered forwarding state [ 92.903759][ T5138] Bluetooth: hci1: command tx timeout [ 92.919244][ T5820] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 92.972200][ T5833] Bluetooth: hci3: command tx timeout [ 92.977733][ T5138] Bluetooth: hci0: command tx timeout [ 92.986634][ T5833] Bluetooth: hci2: command tx timeout [ 92.996745][ T5821] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.050468][ T5138] Bluetooth: hci5: command tx timeout [ 93.056000][ T5833] Bluetooth: hci4: command tx timeout [ 93.092082][ T597] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.099269][ T597] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.137020][ T50] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.144200][ T50] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.162443][ T5829] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 93.177742][ T5827] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 93.306303][ T5820] veth0_vlan: entered promiscuous mode [ 93.315517][ T5832] veth0_vlan: entered promiscuous mode [ 93.339838][ T5829] veth0_vlan: entered promiscuous mode [ 93.364384][ T5832] veth1_vlan: entered promiscuous mode [ 93.377471][ T5820] veth1_vlan: entered promiscuous mode [ 93.439945][ T5829] veth1_vlan: entered promiscuous mode [ 93.557914][ T5832] veth0_macvtap: entered promiscuous mode [ 93.595598][ T5820] veth0_macvtap: entered promiscuous mode [ 93.624182][ T5820] veth1_macvtap: entered promiscuous mode [ 93.654714][ T5832] veth1_macvtap: entered promiscuous mode [ 93.718875][ T5820] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 93.762786][ T5829] veth0_macvtap: entered promiscuous mode [ 93.774640][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 93.791991][ T5820] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 93.809546][ T5829] veth1_macvtap: entered promiscuous mode [ 93.844519][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 93.892791][ T13] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.903580][ T13] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.921959][ T5823] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 93.937663][ T13] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.947295][ T13] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.965236][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 93.984466][ T13] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.993827][ T13] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.013169][ T5827] veth0_vlan: entered promiscuous mode [ 94.022809][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 94.033664][ T13] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.042608][ T13] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.084984][ T13] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.095541][ T13] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.141494][ T13] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.185213][ T5821] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.192898][ T13] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.216999][ T5827] veth1_vlan: entered promiscuous mode [ 94.285544][ T50] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.297451][ T50] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.390348][ T597] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.398214][ T597] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.463914][ T5823] veth0_vlan: entered promiscuous mode [ 94.483557][ T50] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.492348][ T50] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.524363][ T3481] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.545199][ T5823] veth1_vlan: entered promiscuous mode [ 94.550808][ T3481] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.563917][ T5827] veth0_macvtap: entered promiscuous mode [ 94.614458][ T5827] veth1_macvtap: entered promiscuous mode [ 94.640098][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.657020][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.684157][ T5820] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 94.743011][ T597] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.744936][ T5823] veth0_macvtap: entered promiscuous mode [ 94.752725][ T597] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.769437][ T5823] veth1_macvtap: entered promiscuous mode [ 94.793058][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 94.871691][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 94.927499][ T50] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.971497][ T5833] Bluetooth: hci1: command tx timeout [ 95.006215][ T50] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.018671][ T50] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.033710][ T5823] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.051519][ T5833] Bluetooth: hci2: command tx timeout [ 95.057035][ T5833] Bluetooth: hci0: command tx timeout [ 95.064110][ T5138] Bluetooth: hci3: command tx timeout [ 95.085373][ T50] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.125885][ T5823] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.148584][ T5828] Bluetooth: hci4: command tx timeout [ 95.148603][ T5833] Bluetooth: hci5: command tx timeout [ 95.159776][ T5821] veth0_vlan: entered promiscuous mode [ 95.242820][ T5975] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 95.276891][ T3481] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.310980][ T5821] veth1_vlan: entered promiscuous mode [ 95.339729][ T3481] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.349255][ T3481] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.381115][ T3481] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.465170][ T50] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.490431][ T50] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.539309][ T5821] veth0_macvtap: entered promiscuous mode [ 95.551608][ T5922] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 95.592985][ T5821] veth1_macvtap: entered promiscuous mode [ 95.632335][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.671154][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.744008][ T5922] usb 4-1: Using ep0 maxpacket: 32 [ 95.768295][ T3481] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.785799][ T5922] usb 4-1: New USB device found, idVendor=0fd9, idProduct=0021, bcdDevice=29.40 [ 95.789902][ T3481] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.799228][ T5922] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 95.832175][ T5922] usb 4-1: config 0 descriptor?? [ 95.844409][ T5821] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.923262][ T5821] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.960438][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.968342][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.992294][ T50] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.025206][ T50] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.064684][ T5922] dvb-usb: found a 'Elgato EyeTV DTT' in warm state. [ 96.101792][ T5922] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 96.115170][ T50] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.134474][ T50] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.150911][ T5922] dvbdev: DVB: registering new adapter (Elgato EyeTV DTT) [ 96.163197][ T5922] usb 4-1: media controller created [ 96.208582][ T5922] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 96.453512][ T5922] DVB: Unable to find symbol dib7000p_attach() [ 96.459721][ T5922] dvb-usb: no frontend was attached by 'Elgato EyeTV DTT' [ 96.521695][ T31] audit: type=1326 audit(1769986979.279:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6006 comm="syz.5.17" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf9d19aeb9 code=0x7ffc0000 [ 96.575752][ T597] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.617777][ T597] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.640922][ T31] audit: type=1326 audit(1769986979.279:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6006 comm="syz.5.17" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf9d19aeb9 code=0x7ffc0000 [ 96.708582][ T31] audit: type=1326 audit(1769986979.279:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6006 comm="syz.5.17" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf9d19aeb9 code=0x7ffc0000 [ 96.733367][ T5922] rc_core: IR keymap rc-dib0700-rc5 not found [ 96.739441][ T5922] Registered IR keymap rc-empty [ 96.761118][ T5922] dvb-usb: could not initialize remote control. [ 96.767357][ T5922] dvb-usb: Elgato EyeTV DTT successfully initialized and connected. [ 96.830833][ T31] audit: type=1326 audit(1769986979.279:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6006 comm="syz.5.17" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf9d19aeb9 code=0x7ffc0000 [ 96.875077][ T5922] usb 4-1: USB disconnect, device number 2 [ 96.876435][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.911035][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.917218][ T31] audit: type=1326 audit(1769986979.319:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6006 comm="syz.5.17" exe="/root/syz-executor" sig=0 arch=c000003e syscall=259 compat=0 ip=0x7fcf9d19aeb9 code=0x7ffc0000 [ 97.026996][ T5922] dvb-usb: Elgato EyeTV DTT successfully deinitialized and disconnected. [ 97.051707][ T31] audit: type=1326 audit(1769986979.319:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6006 comm="syz.5.17" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf9d19aeb9 code=0x7ffc0000 [ 97.112112][ T6027] loop3: detected capacity change from 0 to 16 [ 97.147244][ T31] audit: type=1326 audit(1769986979.319:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6006 comm="syz.5.17" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf9d19aeb9 code=0x7ffc0000 [ 97.177920][ T31] audit: type=1326 audit(1769986979.319:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6006 comm="syz.5.17" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf9d19aeb9 code=0x7ffc0000 [ 97.178077][ T6029] loop1: detected capacity change from 0 to 256 [ 97.213367][ T6027] erofs (device loop3): mounted with root inode @ nid 36. [ 97.250554][ T6025] mkiss: ax0: crc mode is auto. [ 97.277816][ T31] audit: type=1326 audit(1769986979.319:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6006 comm="syz.5.17" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf9d19aeb9 code=0x7ffc0000 [ 97.305741][ T6029] exfat: Deprecated parameter 'utf8' [ 97.352113][ T6029] exfat: Deprecated parameter 'namecase' [ 97.395983][ T31] audit: type=1326 audit(1769986979.319:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6006 comm="syz.5.17" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7fcf9d19aeb9 code=0x7ffc0000 [ 97.421723][ T6029] exfat: Deprecated parameter 'namecase' [ 97.427381][ T6029] exfat: Deprecated parameter 'utf8' [ 97.562742][ T6029] exFAT-fs (loop1): failed to load upcase table (idx : 0x00012153, chksum : 0x5270ca8d, utbl_chksum : 0xe619d30d) [ 97.664480][ T6029] exFAT-fs (loop1): failed to test first cluster bit of root dir(5) [ 97.838858][ T6039] pimreg: entered allmulticast mode [ 97.887768][ T6043] pimreg: left allmulticast mode [ 97.997536][ T6045] loop5: detected capacity change from 0 to 128 [ 98.052775][ T6045] FAT-fs (loop5): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 98.194369][ T6045] FAT-fs (loop5): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 98.444068][ T37] FAT-fs (loop5): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 99.170089][ T6050] loop1: detected capacity change from 0 to 32768 [ 99.263231][ T6050] BTRFS: device fsid 3d39d0ba-bdae-447e-827b-b091e1a68885 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.30 (6050) [ 99.299044][ T6077] loop4: detected capacity change from 0 to 1024 [ 99.363480][ T6050] BTRFS info (device loop1): first mount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885 [ 99.392942][ T6077] hfsplus: bad catalog entry type [ 99.413816][ T6050] BTRFS info (device loop1): using crc32c (crc32c-lib) checksum algorithm [ 99.449036][ T6082] loop0: detected capacity change from 0 to 256 [ 99.490382][ T5939] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 99.505601][ T13] hfsplus: b-tree write err: -5, ino 4 [ 99.534076][ T6055] loop2: detected capacity change from 0 to 32768 [ 99.642291][ T6055] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 99.686930][ T6050] BTRFS info (device loop1): enabling ssd optimizations [ 99.705251][ T5939] usb 4-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 99.730293][ T5939] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 99.730338][ T6050] BTRFS info (device loop1): turning on async discard [ 99.761317][ T5939] usb 4-1: config 0 descriptor?? [ 99.781562][ T6106] netlink: 'syz.4.48': attribute type 4 has an invalid length. [ 99.852385][ T6050] BTRFS info (device loop1): enabling free space tree [ 99.887402][ T6055] XFS (loop2): Ending clean mount [ 99.918650][ T6055] XFS (loop2): Quotacheck needed: Please wait. [ 99.996724][ T5939] udl 4-1:0.0: [drm] Unrecognized vendor firmware descriptor [ 100.024404][ T6055] XFS (loop2): Quotacheck: Done. [ 100.057174][ T6110] ======================================================= [ 100.057174][ T6110] WARNING: The mand mount option has been deprecated and [ 100.057174][ T6110] and is ignored by this kernel. Remove the mand [ 100.057174][ T6110] option from the mount to silence this warning. [ 100.057174][ T6110] ======================================================= [ 100.149631][ T6112] loop4: detected capacity change from 0 to 512 [ 100.215215][ T6112] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 100.293958][ T5939] [drm] Initialized udl 0.0.1 for 4-1:0.0 on minor 2 [ 100.311046][ T6112] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 100.335604][ T5829] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 100.350679][ T5939] [drm] Initialized udl on minor 2 [ 100.375445][ T5832] BTRFS info (device loop1): last unmount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885 [ 100.392264][ T6112] EXT4-fs error (device loop4): ext4_orphan_get:1417: comm syz.4.50: bad orphan inode 131083 [ 100.403735][ T5939] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed [ 100.412331][ T5939] udl 4-1:0.0: [drm] Cannot find any crtc or sizes [ 100.477952][ T6112] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 100.551501][ T6117] loop0: detected capacity change from 0 to 256 [ 100.620648][ T30] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 100.642355][ T30] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 100.653012][ T6117] exFAT-fs (loop0): failed to load upcase table (idx : 0x00011a39, chksum : 0xd7c18d7b, utbl_chksum : 0xe619d30d) [ 100.654707][ T24] usb 4-1: USB disconnect, device number 3 [ 100.706528][ T30] udl 4-1:0.0: [drm] Cannot find any crtc or sizes [ 100.832176][ T6117] exFAT-fs (loop0): error, data valid size is invalid(-9223372036854774758) [ 100.870653][ T6117] exFAT-fs (loop0): Filesystem has been set read-only [ 100.902539][ T6121] exFAT-fs (loop0): error, data valid size is invalid(-9223372036854774758) [ 101.238759][ T6129] loop0: detected capacity change from 0 to 128 [ 101.714209][ T5821] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 101.783465][ T597] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 102.000206][ T597] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 102.106447][ T597] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 102.198356][ T597] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 102.442093][ T5828] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 102.451500][ T5828] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 102.459174][ T5828] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 102.468389][ T5828] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 102.476136][ T5828] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 102.695894][ T597] bridge_slave_1: left allmulticast mode [ 102.721053][ T597] bridge_slave_1: left promiscuous mode [ 102.733263][ T597] bridge0: port 2(bridge_slave_1) entered disabled state [ 102.770855][ T597] bridge_slave_0: left allmulticast mode [ 102.791403][ T597] bridge_slave_0: left promiscuous mode [ 102.826288][ T597] bridge0: port 1(bridge_slave_0) entered disabled state [ 103.331651][ T6150] loop1: detected capacity change from 0 to 40427 [ 103.370315][ T6130] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 103.375698][ T6150] F2FS-fs (loop1): build fault injection rate: 25 [ 103.386939][ T6150] F2FS-fs (loop1): build fault injection type: 0x7698c [ 103.400806][ T6150] F2FS-fs (loop1): invalid crc value [ 103.417630][ T6150] F2FS-fs (loop1): inject invalid blkaddr in f2fs_is_valid_blkaddr of f2fs_ra_meta_pages+0x21c/0xd60 [ 103.501090][ T6150] F2FS-fs (loop1): inject page alloc in f2fs_grab_cache_folio of f2fs_build_free_nids+0x756/0x1260 [ 103.598408][ T6184] netlink: 8 bytes leftover after parsing attributes in process `syz.3.73'. [ 103.785805][ T6150] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 103.799968][ T6166] loop0: detected capacity change from 0 to 32768 [ 103.814546][ T6150] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 103.826550][ T6166] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.69 (6166) [ 103.863300][ T6150] F2FS-fs (loop1): inject dquot initialize in f2fs_dquot_initialize of f2fs_new_inode+0x525/0xff0 [ 103.878703][ T597] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 103.894353][ T6166] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 103.967528][ T6166] BTRFS info (device loop0): using crc32c (crc32c-lib) checksum algorithm [ 103.976700][ T597] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 103.997329][ T597] bond0 (unregistering): Released all slaves [ 103.998023][ T5832] F2FS-fs (loop1): inject invalid blkaddr in f2fs_is_valid_blkaddr of f2fs_submit_page_write+0x591/0x2190 [ 104.071383][ T6200] loop2: detected capacity change from 0 to 512 [ 104.096529][ T5832] F2FS-fs (loop1): invalid blkaddr: 4102, type: 7, run fsck to fix. [ 104.108909][ T6200] EXT4-fs error (device loop2): ext4_orphan_get:1391: inode #15: comm syz.2.75: inode has both inline data and extents flags [ 104.149134][ T5832] F2FS-fs (loop1): inject invalid blkaddr in f2fs_is_valid_blkaddr of f2fs_submit_page_write+0x4fb/0x2190 [ 104.173537][ T6200] EXT4-fs error (device loop2): ext4_orphan_get:1396: comm syz.2.75: couldn't read orphan inode 15 (err -117) [ 104.186261][ T5832] F2FS-fs (loop1): invalid blkaddr: 514, type: 10, run fsck to fix. [ 104.211267][ T6166] BTRFS info (device loop0): rebuilding free space tree [ 104.224135][ T6200] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 104.291673][ T5832] F2FS-fs (loop1): inject invalid blkaddr in f2fs_is_valid_blkaddr of f2fs_submit_page_write+0x4fb/0x2190 [ 104.346702][ T6166] BTRFS info (device loop0): checking UUID tree [ 104.361653][ T6200] capability: warning: `syz.2.75' uses deprecated v2 capabilities in a way that may be insecure [ 104.390646][ T5832] F2FS-fs (loop1): invalid blkaddr: 512, type: 10, run fsck to fix. [ 104.434019][ T6166] BTRFS info (device loop0): allowing degraded mounts [ 104.475883][ T6166] BTRFS info (device loop0): enabling ssd optimizations [ 104.531807][ T6166] BTRFS info (device loop0): enabling free space tree [ 104.580347][ T5833] Bluetooth: hci1: command tx timeout [ 104.630397][ T6166] BTRFS info (device loop0): force clearing of disk cache [ 104.637581][ T6166] BTRFS info (device loop0): force zlib compression, level 3 [ 104.744239][ T5829] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 105.172216][ T5823] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 105.282260][ T6229] geneve0: entered promiscuous mode [ 105.299478][ T6229] macvtap1: entered promiscuous mode [ 105.348472][ T6229] geneve0: left promiscuous mode [ 105.524081][ T6234] loop5: detected capacity change from 0 to 4096 [ 105.575300][ T6234] ntfs3(loop5): Different NTFS sector size (2048) and media sector size (512). [ 105.594375][ T6239] loop3: detected capacity change from 0 to 512 [ 105.662932][ T6239] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 105.734828][ T6239] EXT4-fs (loop3): 1 truncate cleaned up [ 105.799369][ T6239] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 105.831404][ T31] kauditd_printk_skb: 16 callbacks suppressed [ 105.831424][ T31] audit: type=1800 audit(1769986988.599:28): pid=6239 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.86" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 105.907806][ T5820] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 106.118317][ T6246] loop1: detected capacity change from 0 to 2048 [ 106.222707][ T597] hsr_slave_0: left promiscuous mode [ 106.244473][ T6254] loop3: detected capacity change from 0 to 65 [ 106.260463][ T5948] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 106.260798][ T6246] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 106.280338][ T597] hsr_slave_1: left promiscuous mode [ 106.288397][ T597] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 106.298025][ T597] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 106.325548][ T6254] BFS-fs: bfs_fill_super(): NOTE: filesystem loop3 was created with 512 inodes, the real maximum is 511, mounting anyway [ 106.329358][ T6246] EXT4-fs (loop1): shut down requested (0) [ 106.360805][ T597] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 106.374696][ T6262] comedi comedi3: comedi_test: 38 microvolt, 2047 microsecond waveform attached [ 106.409059][ T597] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 106.448314][ T5948] usb 1-1: New USB device found, idVendor=2770, idProduct=9052, bcdDevice=15.f5 [ 106.509675][ T5948] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 106.510690][ T597] veth1_macvtap: left promiscuous mode [ 106.544008][ T597] veth0_macvtap: left promiscuous mode [ 106.549975][ T597] veth1_vlan: left promiscuous mode [ 106.553250][ T5948] usb 1-1: Product: syz [ 106.578155][ T5948] usb 1-1: Manufacturer: syz [ 106.590922][ T597] veth0_vlan: left promiscuous mode [ 106.610797][ T5948] usb 1-1: SerialNumber: syz [ 106.636121][ T5832] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 106.649889][ T5948] usb 1-1: config 0 descriptor?? [ 106.650513][ T5833] Bluetooth: hci1: command tx timeout [ 106.666642][ T5948] gspca_main: sq905c-2.14.0 probing 2770:9052 [ 106.849289][ T6268] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.92'. [ 106.907581][ T6268] ksmbd: Unknown IPC event: 3, ignore. [ 107.346019][ T6278] loop3: detected capacity change from 0 to 512 [ 107.382244][ T6278] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 107.413613][ T6280] netlink: 'syz.5.97': attribute type 1 has an invalid length. [ 107.434319][ T6280] netlink: 236 bytes leftover after parsing attributes in process `syz.5.97'. [ 107.452692][ T6278] EXT4-fs error (device loop3): ext4_orphan_get:1417: comm syz.3.96: bad orphan inode 131083 [ 107.498042][ T6278] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 107.533455][ T24] usb 1-1: USB disconnect, device number 2 [ 107.974052][ T5820] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 108.020710][ T6290] loop5: detected capacity change from 0 to 256 [ 108.035368][ T6290] exfat: Deprecated parameter 'utf8' [ 108.051480][ T6290] exfat: Deprecated parameter 'utf8' [ 108.058047][ T6290] exfat: Deprecated parameter 'utf8' [ 108.087406][ T6290] exFAT-fs (loop5): failed to load upcase table (idx : 0x00011f3f, chksum : 0x96b62a4c, utbl_chksum : 0xe619d30d) [ 108.147668][ T6294] loop9: detected capacity change from 0 to 8 [ 108.180095][ T6294] Dev loop9: unable to read RDB block 8 [ 108.192123][ T6294] loop9: unable to read partition table [ 108.207507][ T6294] loop9: partition table beyond EOD, truncated [ 108.215218][ T6294] loop_reread_partitions: partition scan of loop9 (■швлx№        ) failed (rc=-5) [ 108.246236][ T5948] hid-generic 0005:10CF:5505.0001: item fetching failed at offset 0/1 [ 108.255726][ T5948] hid-generic 0005:10CF:5505.0001: probe with driver hid-generic failed with error -22 [ 108.698294][ T6305] capability: warning: `syz.5.107' uses 32-bit capabilities (legacy support in use) [ 108.731780][ T5833] Bluetooth: hci1: command tx timeout [ 108.731812][ T6305] program syz.5.107 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 109.003734][ T6311] loop1: detected capacity change from 0 to 512 [ 109.035249][ T597] team0 (unregistering): Port device team_slave_1 removed [ 109.156283][ T6299] loop3: detected capacity change from 0 to 32768 [ 109.174900][ T597] team0 (unregistering): Port device team_slave_0 removed [ 109.227795][ T6299] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 109.364626][ T6299] XFS (loop3): Ending clean mount [ 109.380944][ T6299] XFS (loop3): Quotacheck needed: Please wait. [ 109.552055][ T6299] XFS (loop3): Quotacheck: Done. [ 109.597821][ T6325] loop0: detected capacity change from 0 to 4096 [ 109.720152][ T5820] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 110.053152][ T6311] loop1: detected capacity change from 0 to 32768 [ 110.107973][ T6311] XFS (loop1): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 110.168599][ T6311] XFS (loop1): Ending clean mount [ 110.181265][ T6337] mmap: syz.3.113 (6337) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 110.299001][ T5832] XFS (loop1): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 110.736312][ T6327] Zero length message leads to an empty skb [ 110.753457][ T6153] chnl_net:caif_netlink_parms(): no params data found [ 110.811042][ T5833] Bluetooth: hci1: command tx timeout [ 111.145788][ T6362] program syz.0.122 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 111.270930][ T6365] use of bytesused == 0 is deprecated and will be removed in the future, [ 111.302409][ T6365] use the actual size instead. [ 111.322372][ T6153] bridge0: port 1(bridge_slave_0) entered blocking state [ 111.340029][ T6153] bridge0: port 1(bridge_slave_0) entered disabled state [ 111.354836][ T6153] bridge_slave_0: entered allmulticast mode [ 111.395227][ T6153] bridge_slave_0: entered promiscuous mode [ 111.438781][ T6153] bridge0: port 2(bridge_slave_1) entered blocking state [ 111.471954][ T6153] bridge0: port 2(bridge_slave_1) entered disabled state [ 111.508094][ T6153] bridge_slave_1: entered allmulticast mode [ 111.530462][ T6153] bridge_slave_1: entered promiscuous mode [ 111.667650][ T6153] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 111.714506][ T6153] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 111.939111][ T6153] team0: Port device team_slave_0 added [ 112.046176][ T6153] team0: Port device team_slave_1 added [ 112.163429][ T6153] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 112.200580][ T6153] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 112.266249][ T6385] loop2: detected capacity change from 0 to 8192 [ 112.277897][ T6389] loop1: detected capacity change from 0 to 4096 [ 112.331342][ T6153] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 112.408849][ T6153] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 112.465467][ T6153] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 112.610413][ T6153] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 112.780579][ T6407] loop0: detected capacity change from 0 to 1024 [ 112.823649][ T6410] process 'syz.1.139' launched './file0' with NULL argv: empty string added [ 113.036687][ T6153] hsr_slave_0: entered promiscuous mode [ 113.093709][ T6153] hsr_slave_1: entered promiscuous mode [ 113.112138][ T6153] debugfs: 'hsr0' already exists in 'hsr' [ 113.114785][ T13] hfsplus: b-tree write err: -5, ino 4 [ 113.139708][ T6153] Cannot create hsr debugfs directory [ 113.395522][ T6422] usb usb6: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 113.453701][ T6425] loop3: detected capacity change from 0 to 256 [ 113.498163][ T6425] exfat: Deprecated parameter 'utf8' [ 113.524046][ T6425] exfat: Deprecated parameter 'namecase' [ 113.529942][ T6425] exfat: Deprecated parameter 'namecase' [ 113.565754][ T6425] exfat: Deprecated parameter 'utf8' [ 113.624733][ T6425] exFAT-fs (loop3): failed to load upcase table (idx : 0x00012153, chksum : 0x5270ca8d, utbl_chksum : 0xe619d30d) [ 113.662074][ T6425] exFAT-fs (loop3): failed to test first cluster bit of root dir(5) [ 113.868180][ T6435] loop0: detected capacity change from 0 to 2048 [ 113.984345][ T6435] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 114.082266][ T6435] EXT4-fs (loop0): shut down requested (0) [ 114.164570][ T6153] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 114.245431][ T6153] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 114.317542][ T6153] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 114.360889][ T5823] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 114.424791][ T6153] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 114.629398][ T6465] loop0: detected capacity change from 0 to 256 [ 114.678614][ T6465] exfat: Deprecated parameter 'namecase' [ 114.747480][ T6465] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x36bd6320, utbl_chksum : 0xe619d30d) [ 114.820766][ T6426] loop2: detected capacity change from 0 to 40427 [ 114.852700][ T6426] F2FS-fs (loop2): invalid crc value [ 114.863559][ T6153] 8021q: adding VLAN 0 to HW filter on device bond0 [ 114.918902][ T6433] loop5: detected capacity change from 0 to 32768 [ 114.973960][ T6153] 8021q: adding VLAN 0 to HW filter on device team0 [ 114.995096][ T6433] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.148 (6433) [ 115.064000][ T50] bridge0: port 1(bridge_slave_0) entered blocking state [ 115.071207][ T50] bridge0: port 1(bridge_slave_0) entered forwarding state [ 115.104433][ T6433] BTRFS info (device loop5): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 115.121614][ T6477] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 115.176493][ T6433] BTRFS info (device loop5): using crc32c (crc32c-lib) checksum algorithm [ 115.226526][ T50] bridge0: port 2(bridge_slave_1) entered blocking state [ 115.233810][ T50] bridge0: port 2(bridge_slave_1) entered forwarding state [ 115.258936][ T6480] loop0: detected capacity change from 0 to 512 [ 115.265667][ T6426] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 1 [ 115.289648][ T6426] F2FS-fs (loop2): Start checkpoint disabled! [ 115.371752][ T6426] F2FS-fs (loop2): f2fs_disable_checkpoint() finish, err:0 [ 115.447524][ T6426] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 115.459372][ T6480] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 115.534929][ T6480] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 115.574403][ T6433] BTRFS info (device loop5): turning off barriers [ 115.586102][ T6503] loop1: detected capacity change from 0 to 256 [ 115.618783][ T6433] BTRFS info (device loop5): enabling free space tree [ 115.643858][ T6426] syz.2.145: attempt to access beyond end of device [ 115.643858][ T6426] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 115.670514][ T6433] BTRFS info (device loop5): use zstd compression, level 3 [ 115.682995][ T6503] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 115.860532][ T31] audit: type=1800 audit(1769986998.609:29): pid=6433 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.148" name="file1" dev="loop5" ino=260 res=0 errno=0 [ 115.948940][ T5823] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 116.072979][ T50] kworker/u8:3: attempt to access beyond end of device [ 116.072979][ T50] loop2: rw=2049, sector=45104, nr_sectors = 8 limit=40427 [ 116.172439][ T50] CPU: 1 UID: 0 PID: 50 Comm: kworker/u8:3 Tainted: G L syzkaller #0 PREEMPT(full) [ 116.172479][ T50] Tainted: [L]=SOFTLOCKUP [ 116.172488][ T50] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 116.172504][ T50] Workqueue: writeback wb_workfn (flush-7:2) [ 116.172549][ T50] Call Trace: [ 116.172558][ T50] [ 116.172568][ T50] dump_stack_lvl+0xe8/0x150 [ 116.172602][ T50] f2fs_handle_critical_error+0x37c/0x540 [ 116.172639][ T50] f2fs_write_end_io+0xc1d/0xfd0 [ 116.172690][ T50] __submit_merged_bio+0x256/0x650 [ 116.172724][ T50] __submit_merged_write_cond+0x269/0x530 [ 116.172759][ T50] f2fs_write_data_pages+0x2806/0x3360 [ 116.172827][ T50] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 116.172873][ T50] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 116.172946][ T50] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 116.172995][ T50] ? srso_alias_return_thunk+0x5/0xfbef5 [ 116.173024][ T50] ? __lock_acquire+0x6b5/0x2cf0 [ 116.173076][ T50] ? f2fs_write_inode+0x3fb/0x5f0 [ 116.173103][ T50] ? __pfx_f2fs_balance_fs+0x10/0x10 [ 116.173133][ T50] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 116.173165][ T50] do_writepages+0x32e/0x550 [ 116.173211][ T50] ? srso_alias_return_thunk+0x5/0xfbef5 [ 116.173238][ T50] ? reacquire_held_locks+0x104/0x190 [ 116.173261][ T50] ? writeback_sb_inodes+0x42a/0x1940 [ 116.173292][ T50] __writeback_single_inode+0x133/0x1230 [ 116.173319][ T50] ? do_raw_spin_unlock+0xf5/0x210 [ 116.173353][ T50] writeback_sb_inodes+0x92e/0x1940 [ 116.173383][ T50] ? unwind_next_frame+0xa5/0x23c0 [ 116.173430][ T50] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 116.173452][ T50] ? do_raw_spin_lock+0x12b/0x2f0 [ 116.173524][ T50] ? srso_alias_return_thunk+0x5/0xfbef5 [ 116.173552][ T50] ? rcu_is_watching+0x15/0xb0 [ 116.173577][ T50] ? srso_alias_return_thunk+0x5/0xfbef5 [ 116.173614][ T50] wb_writeback+0x445/0xad0 [ 116.173642][ T50] ? queue_io+0x201/0x450 [ 116.173674][ T50] ? __pfx_wb_writeback+0x10/0x10 [ 116.173694][ T50] ? do_raw_spin_lock+0x12b/0x2f0 [ 116.173741][ T50] wb_workfn+0x3f8/0xef0 [ 116.173771][ T50] ? srso_alias_return_thunk+0x5/0xfbef5 [ 116.173799][ T50] ? look_up_lock_class+0x57/0x110 [ 116.173846][ T50] ? __pfx_wb_workfn+0x10/0x10 [ 116.173877][ T50] ? srso_alias_return_thunk+0x5/0xfbef5 [ 116.173907][ T50] ? srso_alias_return_thunk+0x5/0xfbef5 [ 116.173940][ T50] ? srso_alias_return_thunk+0x5/0xfbef5 [ 116.173967][ T50] ? do_raw_spin_unlock+0xf5/0x210 [ 116.174001][ T50] ? srso_alias_return_thunk+0x5/0xfbef5 [ 116.174032][ T50] ? srso_alias_return_thunk+0x5/0xfbef5 [ 116.174063][ T50] ? srso_alias_return_thunk+0x5/0xfbef5 [ 116.174097][ T50] ? process_scheduled_works+0xa0f/0x17a0 [ 116.174133][ T50] ? process_scheduled_works+0xa0f/0x17a0 [ 116.174172][ T50] process_scheduled_works+0xaec/0x17a0 [ 116.174247][ T50] ? __pfx_process_scheduled_works+0x10/0x10 [ 116.174282][ T50] ? do_raw_spin_lock+0x12b/0x2f0 [ 116.174313][ T50] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 116.174339][ T50] ? schedule+0x90/0x360 [ 116.174366][ T50] ? srso_alias_return_thunk+0x5/0xfbef5 [ 116.174400][ T50] worker_thread+0xda6/0x1360 [ 116.174467][ T50] kthread+0x726/0x8b0 [ 116.174499][ T50] ? __pfx_worker_thread+0x10/0x10 [ 116.174537][ T50] ? __pfx_kthread+0x10/0x10 [ 116.174562][ T50] ? srso_alias_return_thunk+0x5/0xfbef5 [ 116.174596][ T50] ? _raw_spin_unlock_irq+0x23/0x50 [ 116.174634][ T50] ? __pfx_kthread+0x10/0x10 [ 116.174663][ T50] ret_from_fork+0x51b/0xa40 [ 116.174706][ T50] ? __pfx_ret_from_fork+0x10/0x10 [ 116.174741][ T50] ? srso_alias_return_thunk+0x5/0xfbef5 [ 116.174768][ T50] ? __switch_to+0xc82/0x1410 [ 116.174808][ T50] ? __pfx_kthread+0x10/0x10 [ 116.174837][ T50] ret_from_fork_asm+0x1a/0x30 [ 116.174891][ T50] [ 116.174901][ T50] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 116.347118][ T5827] BTRFS info (device loop5): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 116.408486][ T6153] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 117.241029][ T6536] Driver unsupported XDP return value 0 on prog (id 9) dev N/A, expect packet loss! [ 117.530658][ T9] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 117.700380][ T9] usb 2-1: Using ep0 maxpacket: 32 [ 117.709591][ T9] usb 2-1: config index 0 descriptor too short (expected 35577, got 27) [ 117.730313][ T9] usb 2-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 117.738962][ T9] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 117.760638][ T9] usb 2-1: config 1 has no interface number 0 [ 117.766814][ T9] usb 2-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 117.800356][ T9] usb 2-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 117.832830][ T9] usb 2-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 117.841967][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 117.884565][ T9] snd_usb_pod 2-1:1.1: Line 6 Pocket POD found [ 118.012401][ T6554] netlink: 8 bytes leftover after parsing attributes in process `syz.0.178'. [ 118.101922][ T9] snd_usb_pod 2-1:1.1: Line 6 Pocket POD now attached [ 118.312995][ T6153] veth0_vlan: entered promiscuous mode [ 118.314684][ T6563] misc userio: Can't change port type on an already running userio instance [ 118.386388][ T6153] veth1_vlan: entered promiscuous mode [ 118.442453][ T6153] veth0_macvtap: entered promiscuous mode [ 118.456023][ T6153] veth1_macvtap: entered promiscuous mode [ 118.520578][ T6153] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 118.553823][ T5948] usb 2-1: USB disconnect, device number 2 [ 118.572700][ T5948] snd_usb_pod 2-1:1.1: Line 6 Pocket POD now disconnected [ 118.586578][ T6153] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 118.619109][ T3481] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.662607][ T3481] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.695873][ T3481] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.715760][ T3481] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 118.912358][ T3481] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 118.952282][ T3481] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.067076][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 119.111449][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 119.160976][ T6583] loop3: detected capacity change from 0 to 764 [ 120.144389][ T6581] loop0: detected capacity change from 0 to 32768 [ 120.464207][ T6612] loop3: detected capacity change from 0 to 256 [ 120.492659][ T6612] exfat: Deprecated parameter 'utf8' [ 120.498006][ T6612] exfat: Deprecated parameter 'utf8' [ 120.540659][ T6612] exfat: Deprecated parameter 'utf8' [ 120.643006][ T6612] exFAT-fs (loop3): failed to load upcase table (idx : 0x00011f3f, chksum : 0x96b62a4c, utbl_chksum : 0xe619d30d) [ 122.162155][ T6667] loop0: detected capacity change from 0 to 512 [ 122.266186][ T6667] EXT4-fs (loop0): 1 orphan inode deleted [ 122.277831][ T6667] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 122.299967][ T6667] ext4 filesystem being mounted at /44/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 122.322016][ T37] Quota error (device loop0): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 122.332759][ T37] EXT4-fs error (device loop0): ext4_release_dquot:7022: comm kworker/u8:2: Failed to release dquot type 1 [ 122.436757][ T6675] netlink: 211856 bytes leftover after parsing attributes in process `syz.1.225'. [ 122.437362][ T6674] netlink: 212368 bytes leftover after parsing attributes in process `syz.2.224'. [ 122.511536][ T5823] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 123.030964][ T6692] Bluetooth: MGMT ver 1.23 [ 123.056891][ T6692] Bluetooth: hci1: expected 19 bytes, got 2 bytes [ 123.780384][ T5828] Bluetooth: hci1: command 0x0405 tx timeout [ 123.796785][ T6700] loop3: detected capacity change from 0 to 2048 [ 123.858995][ T6689] loop2: detected capacity change from 0 to 131072 [ 123.873471][ T6689] F2FS-fs (loop2): QUOTA feature is enabled, so ignore qf_name [ 123.882688][ T6689] F2FS-fs (loop2): invalid crc value [ 123.912293][ T6700] EXT4-fs: Ignoring removed mblk_io_submit option [ 123.918757][ T6700] EXT4-fs: Ignoring removed i_version option [ 123.967535][ T6689] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 123.981142][ T6689] F2FS-fs (loop2): Mounted with checkpoint version = 753bd00b [ 124.121027][ T6700] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 124.316584][ T6685] loop0: detected capacity change from 0 to 40427 [ 124.351797][ T6685] F2FS-fs (loop0): invalid crc value [ 124.373997][ T5820] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 124.417372][ T6686] loop5: detected capacity change from 0 to 32768 [ 124.570992][ T6686] JBD2: Ignoring recovery information on journal [ 124.924769][ T6685] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 124.957648][ T6686] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode. [ 124.999790][ T6685] F2FS-fs (loop0): Start checkpoint disabled! [ 125.040834][ T6685] F2FS-fs (loop0): f2fs_disable_checkpoint() finish, err:0 [ 125.100356][ T6685] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 125.270338][ T31] audit: type=1800 audit(1769987008.029:30): pid=6685 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.227" name="file1" dev="loop0" ino=10 res=0 errno=0 [ 125.351766][ T6724] loop3: detected capacity change from 0 to 4096 [ 125.381573][ T6728] loop1: detected capacity change from 0 to 64 [ 125.404895][ T3481] kworker/u8:6: attempt to access beyond end of device [ 125.404895][ T3481] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 125.465888][ T3481] CPU: 0 UID: 0 PID: 3481 Comm: kworker/u8:6 Tainted: G L syzkaller #0 PREEMPT(full) [ 125.465929][ T3481] Tainted: [L]=SOFTLOCKUP [ 125.465938][ T3481] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 125.465953][ T3481] Workqueue: writeback wb_workfn (flush-7:0) [ 125.465996][ T3481] Call Trace: [ 125.466005][ T3481] [ 125.466015][ T3481] dump_stack_lvl+0xe8/0x150 [ 125.466050][ T3481] f2fs_handle_critical_error+0x37c/0x540 [ 125.466089][ T3481] f2fs_write_end_io+0xc1d/0xfd0 [ 125.466144][ T3481] __submit_merged_bio+0x256/0x650 [ 125.466182][ T3481] __submit_merged_write_cond+0x269/0x530 [ 125.466220][ T3481] f2fs_write_data_pages+0x2806/0x3360 [ 125.466296][ T3481] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 125.466342][ T3481] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 125.466413][ T3481] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 125.466465][ T3481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 125.466488][ T3481] ? __lock_acquire+0x6b5/0x2cf0 [ 125.466536][ T3481] ? set_shrinker_bit+0x7c/0x350 [ 125.466563][ T3481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 125.466589][ T3481] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 125.466618][ T3481] do_writepages+0x32e/0x550 [ 125.466654][ T3481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 125.466677][ T3481] ? reacquire_held_locks+0x104/0x190 [ 125.466696][ T3481] ? writeback_sb_inodes+0x42a/0x1940 [ 125.466724][ T3481] __writeback_single_inode+0x133/0x1230 [ 125.466747][ T3481] ? do_raw_spin_unlock+0xf5/0x210 [ 125.466777][ T3481] writeback_sb_inodes+0x92e/0x1940 [ 125.466803][ T3481] ? unwind_next_frame+0xa5/0x23c0 [ 125.466848][ T3481] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 125.466867][ T3481] ? do_raw_spin_lock+0x12b/0x2f0 [ 125.466945][ T3481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 125.466970][ T3481] ? rcu_is_watching+0x15/0xb0 [ 125.466992][ T3481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 125.467047][ T3481] wb_writeback+0x445/0xad0 [ 125.467075][ T3481] ? queue_io+0x201/0x450 [ 125.467106][ T3481] ? __pfx_wb_writeback+0x10/0x10 [ 125.467124][ T3481] ? do_raw_spin_lock+0x12b/0x2f0 [ 125.467171][ T3481] wb_workfn+0x3f8/0xef0 [ 125.467197][ T3481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 125.467219][ T3481] ? look_up_lock_class+0x57/0x110 [ 125.467262][ T3481] ? __pfx_wb_workfn+0x10/0x10 [ 125.467288][ T3481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 125.467316][ T3481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 125.467344][ T3481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 125.467367][ T3481] ? do_raw_spin_unlock+0xf5/0x210 [ 125.467399][ T3481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 125.467428][ T3481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 125.467463][ T3481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 125.467493][ T3481] ? process_scheduled_works+0xa0f/0x17a0 [ 125.467526][ T3481] ? process_scheduled_works+0xa0f/0x17a0 [ 125.467560][ T3481] process_scheduled_works+0xaec/0x17a0 [ 125.467625][ T3481] ? __pfx_process_scheduled_works+0x10/0x10 [ 125.467654][ T3481] ? do_raw_spin_lock+0x26c/0x2f0 [ 125.467684][ T3481] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 125.467707][ T3481] ? schedule+0x90/0x360 [ 125.467733][ T3481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 125.467764][ T3481] worker_thread+0xda6/0x1360 [ 125.467820][ T3481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 125.467845][ T3481] ? __kthread_parkme+0x19c/0x1f0 [ 125.467877][ T3481] kthread+0x726/0x8b0 [ 125.467909][ T3481] ? __pfx_worker_thread+0x10/0x10 [ 125.467941][ T3481] ? __pfx_kthread+0x10/0x10 [ 125.467961][ T3481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 125.467993][ T3481] ? _raw_spin_unlock_irq+0x23/0x50 [ 125.468029][ T3481] ? __pfx_kthread+0x10/0x10 [ 125.468055][ T3481] ret_from_fork+0x51b/0xa40 [ 125.468095][ T3481] ? __pfx_ret_from_fork+0x10/0x10 [ 125.468126][ T3481] ? srso_alias_return_thunk+0x5/0xfbef5 [ 125.468150][ T3481] ? __switch_to+0xc82/0x1410 [ 125.468188][ T3481] ? __pfx_kthread+0x10/0x10 [ 125.468213][ T3481] ret_from_fork_asm+0x1a/0x30 [ 125.468264][ T3481] [ 125.468273][ T3481] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 125.511859][ T5922] kernel read not supported for file /video37 (pid: 5922 comm: kworker/1:4) [ 125.526406][ T5827] ocfs2: Unmounting device (7,5) on (node local) [ 125.741166][ T6724] ntfs3(loop3): Failed to initialize $Extend/$ObjId. [ 126.460920][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 126.512684][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 126.590641][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 127.297901][ T6757] loop6: detected capacity change from 0 to 1024 [ 127.386050][ T6757] hfsplus: bad catalog entry type [ 128.278925][ T6771] netlink: 8 bytes leftover after parsing attributes in process `syz.1.261'. [ 128.318507][ T6771] netlink: 4 bytes leftover after parsing attributes in process `syz.1.261'. [ 128.364273][ T13] hfsplus: b-tree write err: -5, ino 4 [ 128.441607][ T6759] loop5: detected capacity change from 0 to 131072 [ 128.449698][ T6771] netlink: 4 bytes leftover after parsing attributes in process `syz.1.261'. [ 128.459455][ T6759] F2FS-fs (loop5): QUOTA feature is enabled, so ignore qf_name [ 128.468071][ T6759] F2FS-fs (loop5): invalid crc value [ 128.476765][ T6771] netlink: 4 bytes leftover after parsing attributes in process `syz.1.261'. [ 128.486184][ T6771] netlink: 4 bytes leftover after parsing attributes in process `syz.1.261'. [ 128.563291][ T6759] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 128.572936][ T6759] F2FS-fs (loop5): Mounted with checkpoint version = 753bd00b [ 129.295562][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 129.304234][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 129.340846][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 129.343560][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 129.359846][ T5819] kernel write not supported for file /input/event2 (pid: 5819 comm: kworker/0:3) [ 129.707135][ T6801] loop1: detected capacity change from 0 to 4096 [ 129.984657][ T6814] loop5: detected capacity change from 0 to 164 [ 130.062711][ T6814] Unable to read rock-ridge attributes [ 130.126523][ T6814] Unable to read rock-ridge attributes [ 130.813407][ T6807] loop3: detected capacity change from 0 to 131072 [ 130.822271][ T6807] F2FS-fs (loop3): Test dummy encryption mode enabled [ 130.842358][ T6807] F2FS-fs (loop3): invalid crc value [ 130.916396][ T6801] ntfs3(loop1): Failed to initialize $Extend/$ObjId. [ 130.950969][ T6807] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 130.977958][ T6807] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 131.047684][ T6807] fscrypt: AES-256-CBC-CTS using implementation "cts-cbc-aes-aesni" [ 131.052236][ T31] audit: type=1800 audit(1769987013.809:31): pid=6801 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.270" name="file1" dev="loop1" ino=30 res=0 errno=0 [ 131.092396][ T6801] ntfs3(loop1): ino=1e, "file1" attr_set_size [ 131.135832][ T6799] ntfs3(loop1): ino=1e, "file1" attr_set_size [ 131.489549][ T6813] loop0: detected capacity change from 0 to 32768 [ 131.610510][ T6813] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.274 (6813) [ 131.813604][ T6813] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 131.890375][ T6813] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm [ 132.095674][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.105132][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.151134][ T6813] BTRFS info (device loop0): rebuilding free space tree [ 132.183375][ T6813] BTRFS info (device loop0): disabling free space tree [ 132.240566][ T6813] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 132.296186][ T6813] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 132.313675][ T6871] loop6: detected capacity change from 0 to 2048 [ 132.384500][ T6813] BTRFS info (device loop0): setting nodatasum [ 132.404080][ T6871] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 132.404480][ T6813] BTRFS info (device loop0): setting nodatacow [ 132.416763][ T6871] ext4 filesystem being mounted at /10/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 132.512478][ T6879] IPVS: persistence engine module ip_vs_pe_@ not found [ 132.520772][ T6813] BTRFS info (device loop0): turning off barriers [ 132.527798][ T6813] BTRFS info (device loop0): force clearing of disk cache [ 132.733743][ T6153] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 133.051546][ T5819] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 133.124819][ T6893] loop6: detected capacity change from 0 to 256 [ 133.148812][ T5823] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 133.241593][ T5819] usb 3-1: Using ep0 maxpacket: 32 [ 133.283655][ T5819] usb 3-1: config 32 has an invalid interface number: 85 but max is 0 [ 133.311377][ T5819] usb 3-1: config 32 has no interface number 0 [ 133.318791][ T5819] usb 3-1: config 32 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 133.401703][ T5819] usb 3-1: config 32 interface 85 has no altsetting 0 [ 133.457404][ T5819] usb 3-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 133.490379][ T5819] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 133.499847][ T5819] usb 3-1: Product: syz [ 133.531032][ T6893] FAT-fs (loop6): Directory bread(block 64) failed [ 133.537640][ T6893] FAT-fs (loop6): Directory bread(block 65) failed [ 133.561598][ T5819] usb 3-1: Manufacturer: syz [ 133.566252][ T5819] usb 3-1: SerialNumber: syz [ 133.620813][ T6893] FAT-fs (loop6): Directory bread(block 66) failed [ 133.628631][ T6893] FAT-fs (loop6): Directory bread(block 67) failed [ 133.682013][ T6893] FAT-fs (loop6): Directory bread(block 68) failed [ 133.688562][ T6893] FAT-fs (loop6): Directory bread(block 69) failed [ 133.777029][ T6893] FAT-fs (loop6): Directory bread(block 70) failed [ 133.837371][ T6893] FAT-fs (loop6): Directory bread(block 71) failed [ 133.892272][ T6893] FAT-fs (loop6): Directory bread(block 72) failed [ 133.898891][ T6893] FAT-fs (loop6): Directory bread(block 73) failed [ 134.520299][ T5819] appletouch 3-1:32.85: Geyser mode initialized. [ 134.529138][ T5819] input: appletouch as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:32.85/input/input7 [ 134.637156][ C0] appletouch 3-1:32.85: appletouch: OVERFLOW with data length 64, actual length is 64 [ 134.859648][ T5819] usb 3-1: USB disconnect, device number 2 [ 134.859691][ C1] appletouch 3-1:32.85: atp_complete: usb_submit_urb failed with result -19 [ 135.058885][ T5819] appletouch 3-1:32.85: input: appletouch disconnected [ 135.388437][ T6936] loop5: detected capacity change from 0 to 512 [ 135.440528][ T6936] EXT4-fs (loop5): Test dummy encryption mode enabled [ 135.501498][ T6936] EXT4-fs error (device loop5): ext4_orphan_get:1391: inode #11: comm syz.5.308: iget: bad extra_isize 31 (inode size 256) [ 135.598718][ T6944] netlink: 76 bytes leftover after parsing attributes in process `syz.1.312'. [ 135.650990][ T6936] EXT4-fs error (device loop5): ext4_orphan_get:1396: comm syz.5.308: couldn't read orphan inode 11 (err -117) [ 135.688119][ T6936] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 135.768260][ T6936] EXT4-fs error (device loop5): ext4_nfs_get_inode:1542: inode #11: comm syz.5.308: iget: bad extra_isize 31 (inode size 256) [ 135.819074][ T6917] loop0: detected capacity change from 0 to 32768 [ 135.860107][ T6952] loop6: detected capacity change from 0 to 1024 [ 135.910524][ T6917] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.303 (6917) [ 135.992033][ T6917] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 136.015420][ T6917] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm [ 136.035779][ T5827] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 136.130422][ T13] hfsplus: b-tree write err: -5, ino 4 [ 136.280605][ T6917] BTRFS info (device loop0): rebuilding free space tree [ 136.376829][ T6978] loop3: detected capacity change from 0 to 512 [ 136.417666][ T6917] BTRFS info (device loop0): disabling free space tree [ 136.437183][ T6917] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 136.474656][ T6917] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 136.523373][ T6978] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 136.564156][ T6917] BTRFS info (device loop0): enabling ssd optimizations [ 136.587183][ T6917] BTRFS info (device loop0): turning on async discard [ 136.603371][ T6917] BTRFS info (device loop0): force clearing of disk cache [ 136.630543][ T6978] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 136.649497][ T6917] BTRFS info (device loop0): enabling auto defrag [ 136.690455][ T6978] ext4 filesystem being mounted at /67/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 136.703792][ T6917] BTRFS info (device loop0): max_inline set to 4096 [ 136.843319][ T31] audit: type=1800 audit(1769987019.609:32): pid=6978 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.316" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 137.239752][ T5823] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 137.289490][ T5820] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 137.895657][ T7022] loop3: detected capacity change from 0 to 1024 [ 138.145818][ T6991] loop6: detected capacity change from 0 to 32768 [ 138.274162][ T31] audit: type=1800 audit(1769987021.039:33): pid=6991 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.320" name="file2" dev="loop6" ino=7 res=0 errno=0 [ 138.446676][ T7034] A link change request failed with some changes committed already. Interface bond_slave_0 may have been left with an inconsistent configuration, please check. [ 138.594278][ T7041] xt_hashlimit: size too large, truncated to 1048576 [ 138.685418][ T7043] Ц: renamed from veth1_to_team (while UP) [ 138.893130][ T7052] loop2: detected capacity change from 0 to 128 [ 138.925450][ T7048] loop5: detected capacity change from 0 to 1764 [ 139.286022][ T7059] loop1: detected capacity change from 0 to 512 [ 139.393383][ T7059] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 139.407162][ T7059] ext4 filesystem being mounted at /71/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 139.490060][ T7059] EXT4-fs error (device loop1): ext4_empty_dir:3075: inode #12: comm syz.1.348: invalid size [ 139.610802][ T7059] EXT4-fs (loop1): Remounting filesystem read-only [ 139.808206][ T13] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 139.842136][ T13] Quota error (device loop1): write_blk: dquota write failed [ 139.849633][ T13] Quota error (device loop1): free_dqentry: Can't write quota data block 5 [ 139.864417][ T5832] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 139.886740][ T7077] loop6: detected capacity change from 0 to 1024 [ 139.933797][ T7077] EXT4-fs: inline encryption not supported [ 139.964387][ T7077] EXT4-fs: Ignoring removed i_version option [ 139.972647][ T7081] Bluetooth: MGMT ver 1.23 [ 139.993981][ T7081] Bluetooth: hci0: load_link_keys: expected 3 bytes, got 7 bytes [ 140.062724][ T7077] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 140.142602][ T7085] xt_hashlimit: size too large, truncated to 1048576 [ 140.164514][ T7092] team_slave_0: entered allmulticast mode [ 140.182152][ T7092] team_slave_0: entered promiscuous mode [ 140.420207][ T6153] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 140.438194][ T7097] netlink: 7 bytes leftover after parsing attributes in process `syz.0.362'. [ 140.804602][ T7103] syzkaller0: tun_chr_ioctl cmd 2147767521 [ 141.195273][ T7113] loop6: detected capacity change from 0 to 1024 [ 142.108515][ T6295] ================================================================== [ 142.116649][ T6295] BUG: KASAN: use-after-free in __mutex_lock+0x812/0x1300 [ 142.123781][ T6295] Read of size 8 at addr ffff88807b4640a8 by task khidpd_10cf5505/6295 [ 142.132038][ T6295] [ 142.134380][ T6295] CPU: 0 UID: 0 PID: 6295 Comm: khidpd_10cf5505 Tainted: G L syzkaller #0 PREEMPT(full) [ 142.134416][ T6295] Tainted: [L]=SOFTLOCKUP [ 142.134425][ T6295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 142.134440][ T6295] Call Trace: [ 142.134451][ T6295] [ 142.134460][ T6295] dump_stack_lvl+0xe8/0x150 [ 142.134498][ T6295] print_report+0xba/0x230 [ 142.134529][ T6295] ? __mutex_lock+0x812/0x1300 [ 142.134558][ T6295] kasan_report+0x117/0x150 [ 142.134588][ T6295] ? __mutex_lock+0x812/0x1300 [ 142.134621][ T6295] __mutex_lock+0x812/0x1300 [ 142.134651][ T6295] ? __mutex_lock+0x5ac/0x1300 [ 142.134681][ T6295] ? l2cap_unregister_user+0x6a/0x1b0 [ 142.134721][ T6295] ? __pfx___mutex_lock+0x10/0x10 [ 142.134748][ T6295] ? srso_alias_return_thunk+0x5/0xfbef5 [ 142.134783][ T6295] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 142.134824][ T6295] ? lockdep_hardirqs_on+0x7a/0x110 [ 142.134850][ T6295] ? srso_alias_return_thunk+0x5/0xfbef5 [ 142.134878][ T6295] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 142.134919][ T6295] l2cap_unregister_user+0x6a/0x1b0 [ 142.134957][ T6295] hidp_session_thread+0x3cb/0x440 [ 142.134998][ T6295] ? __pfx_hidp_session_thread+0x10/0x10 [ 142.135037][ T6295] ? __pfx_hidp_session_wake_function+0x10/0x10 [ 142.135080][ T6295] ? __pfx_hidp_session_wake_function+0x10/0x10 [ 142.135119][ T6295] ? __kthread_parkme+0x7a/0x1f0 [ 142.135143][ T6295] ? srso_alias_return_thunk+0x5/0xfbef5 [ 142.135171][ T6295] ? __kthread_parkme+0x19c/0x1f0 [ 142.135199][ T6295] kthread+0x726/0x8b0 [ 142.135229][ T6295] ? __pfx_hidp_session_thread+0x10/0x10 [ 142.135266][ T6295] ? __pfx_kthread+0x10/0x10 [ 142.135291][ T6295] ? srso_alias_return_thunk+0x5/0xfbef5 [ 142.135323][ T6295] ? _raw_spin_unlock_irq+0x23/0x50 [ 142.135360][ T6295] ? __pfx_kthread+0x10/0x10 [ 142.135388][ T6295] ret_from_fork+0x51b/0xa40 [ 142.135426][ T6295] ? __pfx_ret_from_fork+0x10/0x10 [ 142.135460][ T6295] ? srso_alias_return_thunk+0x5/0xfbef5 [ 142.135486][ T6295] ? __switch_to+0xc82/0x1410 [ 142.135526][ T6295] ? __pfx_kthread+0x10/0x10 [ 142.135553][ T6295] ret_from_fork_asm+0x1a/0x30 [ 142.135594][ T6295] [ 142.135603][ T6295] [ 142.345440][ T6295] The buggy address belongs to the physical page: [ 142.351837][ T6295] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88807b465040 pfn:0x7b464 [ 142.361891][ T6295] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 142.368998][ T6295] raw: 00fff00000000000 ffffea00014f7b08 ffff8880b8740c00 0000000000000000 [ 142.377572][ T6295] raw: ffff88807b465040 0000000000000000 00000000ffffffff 0000000000000000 [ 142.386151][ T6295] page dumped because: kasan: bad access detected [ 142.392559][ T6295] page_owner tracks the page as freed [ 142.397906][ T6295] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x40dc0(GFP_KERNEL|__GFP_ZERO|__GFP_COMP), pid 6153, tgid 6153 (syz-executor), ts 102426309747, free_ts 142097204495 [ 142.415966][ T6295] post_alloc_hook+0x228/0x280 [ 142.420730][ T6295] get_page_from_freelist+0x24dc/0x2580 [ 142.426275][ T6295] __alloc_frozen_pages_noprof+0x18d/0x380 [ 142.432078][ T6295] alloc_pages_mpol+0x232/0x4a0 [ 142.436930][ T6295] ___kmalloc_large_node+0x4e/0x150 [ 142.442120][ T6295] __kmalloc_large_node_noprof+0x18/0x90 [ 142.447743][ T6295] __kmalloc_noprof+0x4b8/0x7e0 [ 142.452582][ T6295] hci_alloc_dev_priv+0x28/0x2060 [ 142.457606][ T6295] vhci_create_device+0x120/0x650 [ 142.462631][ T6295] vhci_write+0x3ce/0x4a0 [ 142.466963][ T6295] vfs_write+0x61d/0xb90 [ 142.471205][ T6295] ksys_write+0x150/0x270 [ 142.475538][ T6295] do_syscall_64+0xe2/0xf80 [ 142.480036][ T6295] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 142.485926][ T6295] page last free pid 6153 tgid 6153 stack trace: [ 142.492243][ T6295] __free_frozen_pages+0xbf8/0xd70 [ 142.497351][ T6295] bt_host_release+0x82/0x90 [ 142.501938][ T6295] device_release+0x9e/0x1d0 [ 142.506526][ T6295] kobject_put+0x228/0x560 [ 142.510947][ T6295] vhci_release+0x15a/0x1a0 [ 142.515466][ T6295] __fput+0x44f/0xa70 [ 142.519440][ T6295] task_work_run+0x1d9/0x270 [ 142.524022][ T6295] do_exit+0x69b/0x2310 [ 142.528171][ T6295] do_group_exit+0x21b/0x2d0 [ 142.532754][ T6295] __x64_sys_exit_group+0x3f/0x40 [ 142.537775][ T6295] __pfx_syscall_get_nr+0x0/0x10 [ 142.542708][ T6295] do_syscall_64+0xe2/0xf80 [ 142.547200][ T6295] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 142.553081][ T6295] [ 142.555384][ T6295] Memory state around the buggy address: [ 142.560994][ T6295] ffff88807b463f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 142.569035][ T6295] ffff88807b464000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 142.577111][ T6295] >ffff88807b464080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 142.585181][ T6295] ^ [ 142.590552][ T6295] ffff88807b464100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 142.598598][ T6295] ffff88807b464180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 142.606641][ T6295] ================================================================== [ 142.616214][ T6295] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 142.623442][ T6295] CPU: 0 UID: 0 PID: 6295 Comm: khidpd_10cf5505 Tainted: G L syzkaller #0 PREEMPT(full) [ 142.634737][ T6295] Tainted: [L]=SOFTLOCKUP [ 142.639077][ T6295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 142.649141][ T6295] Call Trace: [ 142.652419][ T6295] [ 142.655342][ T6295] vpanic+0x1e0/0x670 [ 142.659328][ T6295] panic+0xc5/0xd0 [ 142.663048][ T6295] ? __pfx_panic+0x10/0x10 [ 142.667462][ T6295] ? __mutex_lock+0x812/0x1300 [ 142.672223][ T6295] ? __mutex_lock+0x812/0x1300 [ 142.676986][ T6295] check_panic_on_warn+0x89/0xb0 [ 142.681923][ T6295] ? __mutex_lock+0x812/0x1300 [ 142.686680][ T6295] end_report+0x6f/0x140 [ 142.690916][ T6295] kasan_report+0x128/0x150 [ 142.695415][ T6295] ? __mutex_lock+0x812/0x1300 [ 142.700197][ T6295] __mutex_lock+0x812/0x1300 [ 142.704818][ T6295] ? __mutex_lock+0x5ac/0x1300 [ 142.709586][ T6295] ? l2cap_unregister_user+0x6a/0x1b0 [ 142.714969][ T6295] ? __pfx___mutex_lock+0x10/0x10 [ 142.719995][ T6295] ? srso_alias_return_thunk+0x5/0xfbef5 [ 142.725636][ T6295] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 142.731476][ T6295] ? lockdep_hardirqs_on+0x7a/0x110 [ 142.736682][ T6295] ? srso_alias_return_thunk+0x5/0xfbef5 [ 142.742329][ T6295] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 142.748154][ T6295] l2cap_unregister_user+0x6a/0x1b0 [ 142.753362][ T6295] hidp_session_thread+0x3cb/0x440 [ 142.758484][ T6295] ? __pfx_hidp_session_thread+0x10/0x10 [ 142.764125][ T6295] ? __pfx_hidp_session_wake_function+0x10/0x10 [ 142.770385][ T6295] ? __pfx_hidp_session_wake_function+0x10/0x10 [ 142.776638][ T6295] ? __kthread_parkme+0x7a/0x1f0 [ 142.781568][ T6295] ? srso_alias_return_thunk+0x5/0xfbef5 [ 142.787198][ T6295] ? __kthread_parkme+0x19c/0x1f0 [ 142.792218][ T6295] kthread+0x726/0x8b0 [ 142.796285][ T6295] ? __pfx_hidp_session_thread+0x10/0x10 [ 142.801919][ T6295] ? __pfx_kthread+0x10/0x10 [ 142.806502][ T6295] ? srso_alias_return_thunk+0x5/0xfbef5 [ 142.812132][ T6295] ? _raw_spin_unlock_irq+0x23/0x50 [ 142.817339][ T6295] ? __pfx_kthread+0x10/0x10 [ 142.821923][ T6295] ret_from_fork+0x51b/0xa40 [ 142.826520][ T6295] ? __pfx_ret_from_fork+0x10/0x10 [ 142.831632][ T6295] ? srso_alias_return_thunk+0x5/0xfbef5 [ 142.837260][ T6295] ? __switch_to+0xc82/0x1410 [ 142.841942][ T6295] ? __pfx_kthread+0x10/0x10 [ 142.846534][ T6295] ret_from_fork_asm+0x1a/0x30 [ 142.851310][ T6295] [ 142.854635][ T6295] Kernel Offset: disabled [ 142.858949][ T6295] Rebooting in 86400 seconds..