last executing test programs: 2m11.815857216s ago: executing program 2 (id=142): syz_mount_image$ext4(&(0x7f0000000700)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x8042, &(0x7f0000000380)={[{@grpjquota}, {@init_itable_val={'init_itable', 0x3d, 0x7}}, {@dioread_nolock}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x7fffffff}}]}, 0x1, 0x4f8, &(0x7f0000001900)="$eJzs3E1oXNUeAPD/nXz26zXvvb6+176+Z2oVg8WkTavNQpCKggsFsYK6DElaatNGmhRsqTIFqUspuBeXbl24VTdFXAlu61KQQpFu2griyJ25dzIzmUmaSTJjmt8Pbuace2fuOeeee+6ce07mBrBlDad/kkr4VkTsjohC4xuGKy/3716denD36lQUS6VTvyblj91L45lsN7Eji4wUIgofJYsbasxfvnJucnZ25mIWH1s4/97Y/OUrz5wdzNZMTCS9bRaqSXppue7t/3DuwL5X3rnx2lR1z3lqteVYL8Mx3CwrZU+ud2Jdtqsm3Ha90XHp+Z9WV1+5/e+Onliu8oodzBmw0UqlUmmg9eZiqdG1JWuATSsGu50DoDvyL/r0/jdfmnUE+jem+9F1d05WboDSct/PlojHyivzcZC+hvvb9TQcEW8Xf/ssXWKDxiEAAGp9czLvCTb0/4YqMyO/X7r5Qvr6t2wOZSgi/h4R/4iIf0bEnoj4V0TsjYh/R8R/GvbfExGlZdIfbohX069OQhVur1NRm0r7f89nc1vpsjj3VQ0N9WSxXRF5h3nmSHZMRqJv4PTZ2Zmjy6Tx7Us/ftJqW23/L13SPOR9wSwft3sbBuimJxcm2yvtUneuRezvXSx/pf+b9EYk1ZmAJCL2RcT+Vex3qCZ89ukvDlQjffXvW7n8ZaWm82jrMM9U+jziqUr9F6Na/qibREzq5ifPT56ZOTNzYXxi4vixoyeeG392bDBmZ46MpWfBkaZpfP/D9ddbpb9i+b/6ufEjL5/4+lTWstYurf/tNed/5PO3i+UfSiKS6nzt/OrTuP7Txy3vado9//uTN8vh/L70/cmFhYtHI/qTV5euH1/8bB5PX6NYKf/Iocbzv5xu+RqXH4n/RkR6Ev8vIv4flTvENO8HI+LxiDi0TPm/e/GJd9sv/8ZKyz8d9eWv1Hxd/S/O17cKJNncYN2m/kgDPecO3nrQ4uLxcPV/vBwaydY0v/4ldZeIVjnNv+3SNX+s+egBAADA5lCIiJ01Y0k7o1AYHa2MAe2J7YXZufmFw6fnLl2YTrdFDEVfIR/pqowH9yX5+OdQTXy8IX4sGzf+tGdbOT46NTc73dWSAzvKbT4pjEa81VPT/lO/rM8QM/BX5vdasHUt1/7TTvzeGx3MDNBRD//9f/ODDc0I0HE17b/VL/yLbfzfF7AJPPT3f9LyeTbAI2PlB/0YM4TNr6Qtw5a2qvZ/2EMA4VHSG29Uw4Wu5gToNP1/2JJW/F3/mgKlgeabBmPpm2Nw+R32RHvZ2NYkra4E0p5VV1Lf1s6n8omelu+Jwup2OBD1a/rbrNPTazwaxYvzZ/Yunvz5s0XWeJxL2f/Kr3cNftmRdtos0PFLEQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwIb4MwAA///GJdfC") ioctl$EVIOCGBITSND(0xffffffffffffffff, 0x40044591, 0x0) creat(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) creat(&(0x7f0000000e00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1) rename(&(0x7f0000000600)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000f40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') 2m5.523117618s ago: executing program 2 (id=155): r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = getpgrp(0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000140)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) bind$vsock_stream(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x2, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, r0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000800)={'syz1\x00', {0x0, 0x10, 0x2, 0xffff}, 0x0, [0x0, 0x0, 0x0, 0x40000, 0x1, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x4000, 0x24, 0x400, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x10000002, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x296, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x2, 0x5f1, 0x6], [0x0, 0x0, 0x8, 0x0, 0x0, 0x5, 0x0, 0x80, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0xfffffffe, 0x7, 0xfffffffc, 0x0, 0x0, 0x7, 0x0, 0xfffffffc, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x400, 0x0, 0x200, 0x0, 0x2, 0x0, 0x3, 0x5, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x80000, 0x0, 0xfffffffd, 0x0, 0x8, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0xffff], [0x4, 0xfc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x1, 0x0, 0x0, 0x0, 0x4, 0x1000, 0x80, 0x0, 0x200, 0x0, 0xffffffff, 0x0, 0xfffffffc, 0x0, 0xfffffffd, 0xffffffff, 0x2, 0x0, 0x9fa, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x2, 0x0, 0x6, 0x3ff, 0x0, 0xbda6, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xfff, 0x6, 0x0, 0x0, 0x0, 0x0, 0x8], [0x40000000, 0x0, 0x74e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x40, 0x0, 0x0, 0xbd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x6, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcaa, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x4]}, 0x45c) r4 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r4, 0xc0285700, &(0x7f0000000140)={0xfe, "7bb9595931028deda525e19bdeffafde2500f6d15c9e31df9454310ad7c18e65", 0xffffffffffffffff}) ppoll(&(0x7f00000000c0)=[{0xffffffffffffffff, 0xe259}, {r5, 0x1020}], 0x2, 0x0, 0x0, 0x0) close_range(r4, 0xffffffffffffffff, 0x0) 2m4.506983891s ago: executing program 2 (id=157): mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000001c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x50) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000300)={r0}, 0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x11, 0x3, &(0x7f00000003c0)=@framed, &(0x7f0000000240)='GPL\x00', 0x4, 0x1009, &(0x7f0000002500)=""/4105, 0x0, 0x68}, 0x94) 2m4.235756526s ago: executing program 2 (id=160): syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000480)='./file0\x00', 0x8080, &(0x7f0000000500)={[{@norecovery}, {@grpquota}, {@sysvgroups}, {@lazytime}]}, 0xee, 0x49b, &(0x7f0000000a40)="$eJzs3EtsG0UYAOB/HefVBw2lPFpaCJRHBTRp0gc9cAGBxAEkJDgUcQppWpWmDWqCRKsICodyRJW4I45I3JE4wQUBB4TEFe6oUoVyaeG0aO1d10ls5+XGLf4+yc7M7joz/85OdjJjO4CuNZw9JRHbIuKPiNhRzS4+YLj64+bC/OQ/C/OTSaTpm38nleNuLMxPFocWr9tazaRpRH+W7G9Q7pV3Iiamp6cu5PnRuXPvj85evHTwzLmJ01Onp86PHz9+5PC+vmPjRyv70yb1710hvlL+M4vrxp6PZvbufvXtq69Pnrj67s/fZPXdlu+vj2Nd0uU1HK6e3aUezZ6e3FBhd5Rfs6ftdRuScvODRzahQqxeT0SUa/0oiZ4YrO3bEa982sGqAbdZmqZpo/tz1N23U+B/KtG/oUsV9/rs/9/isTkjjzvD9Rcj4mCeWZifvFmLv1ybO+hd8v9tOw1HxInL/36ZPaId8xAAACv4Phv/PNdo/FeKB+qOuydfQxmKiHsjYmdE3BcRuyLi/ojKsQ9GnHtojeUvXSFZPv4pXVtXYKuUjf9eyNe2bi4a/xWjvxjqyXPbK/H3JqfOTE8dys/Jgejtz/JjLcr44eXfPy/SA0v21Y//skdWfjEWzOtxrbxkgu7kxNxEJZGm6ccbCz+ufxKxp9wo/iSKZZwkInZHxJ51lnHmma/3Ntu3cvwttFhnWq30q4inq+1/efH4/1ZTJfXrk4MRUVufHHv+2PjR0YGYnjo0WlwVy/3y25U3mpW/ofjbIGv/LQ2v/9oq8FAyEDF78dLZynrt7NrLuPLnZ3V9etHqchZ/6duINV//fclblXRfvu3Dibm5C2MRfclry7eP33ptkS+Oz+I/sL9x/99ZV+OHIyK7iPdFxCP5Im7Wdo9FxOMRsb9F/D+99MR7zfY1b/9ms/LtdT0/US3bP+rbf+2JnrM/ftes/OF8DTLy89C4/Y9UUgfyLbW/fy2stoLrOmkAAABwlylV3gOflEZq6VJpZKT6Hv5dsaU0PTM79+ypmQ/On6y+V34oekvFTNeOuvnQsXxuuMiPL8kfzueNv+gZrORHJmemT3Y6eOhyW5v0/8xfPZ2uHXDbtWEdDbhL6f/QvfR/6F76P3Qv/R+6V6P+v9EPFgB3B/d/6F6V/v/U5U5XA+gA93/oXvo/dKWmn40vbegj/00TSbt/YcNE8d0Jm1HWyoniuyg2vfTBdb98YOVTF6XOntWuSZSXtUWU21pEf8NdHfyjBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0Eb/BQAA///i5tKw") syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x108c10, 0x0, 0x0, 0x0, &(0x7f0000000000)) 2m3.628957241s ago: executing program 2 (id=163): bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xf, 0x4, 0x8, 0x1, 0x0, 0xffffffffffffffff, 0x3}, 0x50) 2m1.430239901s ago: executing program 2 (id=170): r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = getpgrp(0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000140)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) bind$vsock_stream(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x2, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, r0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000800)={'syz1\x00', {0x0, 0x10, 0x2, 0xffff}, 0x0, [0x0, 0x0, 0x0, 0x40000, 0x1, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x4000, 0x24, 0x400, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x10000002, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x296, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x2, 0x5f1, 0x6], [0x0, 0x0, 0x8, 0x0, 0x0, 0x5, 0x0, 0x80, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0xfffffffe, 0x7, 0xfffffffc, 0x0, 0x0, 0x7, 0x0, 0xfffffffc, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x400, 0x0, 0x200, 0x0, 0x2, 0x0, 0x3, 0x5, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x80000, 0x0, 0xfffffffd, 0x0, 0x8, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0xffff], [0x4, 0xfc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x1, 0x0, 0x0, 0x0, 0x4, 0x1000, 0x80, 0x0, 0x200, 0x0, 0xffffffff, 0x0, 0xfffffffc, 0x0, 0xfffffffd, 0xffffffff, 0x2, 0x0, 0x9fa, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x2, 0x0, 0x6, 0x3ff, 0x0, 0xbda6, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xfff, 0x6, 0x0, 0x0, 0x0, 0x0, 0x8], [0x40000000, 0x0, 0x74e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x40, 0x0, 0x0, 0xbd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x6, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcaa, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x4]}, 0x45c) ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f0000000300)) syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0) r4 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r4, 0xc0285700, &(0x7f0000000140)={0xfe, "7bb9595931028deda525e19bdeffafde2500f6d15c9e31df9454310ad7c18e65", 0xffffffffffffffff}) ppoll(&(0x7f00000000c0)=[{0xffffffffffffffff, 0xe259}, {r5, 0x1020}], 0x2, 0x0, 0x0, 0x0) close_range(r4, 0xffffffffffffffff, 0x0) write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, 0xffffffffffffffff, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(0xffffffffffffffff, 0xc1105517, 0x0) 2m0.361237488s ago: executing program 32 (id=170): r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = getpgrp(0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000140)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) bind$vsock_stream(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x2, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, r0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000800)={'syz1\x00', {0x0, 0x10, 0x2, 0xffff}, 0x0, [0x0, 0x0, 0x0, 0x40000, 0x1, 0x2, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x4000, 0x24, 0x400, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x10000002, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x296, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x2, 0x5f1, 0x6], [0x0, 0x0, 0x8, 0x0, 0x0, 0x5, 0x0, 0x80, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0xfffffffe, 0x7, 0xfffffffc, 0x0, 0x0, 0x7, 0x0, 0xfffffffc, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x400, 0x0, 0x200, 0x0, 0x2, 0x0, 0x3, 0x5, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x80000, 0x0, 0xfffffffd, 0x0, 0x8, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0xffff], [0x4, 0xfc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x1, 0x0, 0x0, 0x0, 0x4, 0x1000, 0x80, 0x0, 0x200, 0x0, 0xffffffff, 0x0, 0xfffffffc, 0x0, 0xfffffffd, 0xffffffff, 0x2, 0x0, 0x9fa, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x2, 0x0, 0x6, 0x3ff, 0x0, 0xbda6, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xfff, 0x6, 0x0, 0x0, 0x0, 0x0, 0x8], [0x40000000, 0x0, 0x74e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x40, 0x0, 0x0, 0xbd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x6, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xcaa, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x4]}, 0x45c) ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f0000000300)) syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0) r4 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r4, 0xc0285700, &(0x7f0000000140)={0xfe, "7bb9595931028deda525e19bdeffafde2500f6d15c9e31df9454310ad7c18e65", 0xffffffffffffffff}) ppoll(&(0x7f00000000c0)=[{0xffffffffffffffff, 0xe259}, {r5, 0x1020}], 0x2, 0x0, 0x0, 0x0) close_range(r4, 0xffffffffffffffff, 0x0) write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, 0xffffffffffffffff, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(0xffffffffffffffff, 0xc1105517, 0x0) 1m14.577620404s ago: executing program 1 (id=278): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = memfd_create(&(0x7f0000000780)='-B\xd5NI\xc5j\x9a\b\x00\x00\x00\b\x84\xa2{\x00\v\x18\x004\x03\x96\x00\x00\xd7Uw\x00\xbc\xfa2\xb3\xbb\x8d\xac\xacvN}\xdanh#\xcf)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8b&6\xb8G\xd1c\xe1$\xff\x97k\xde\xc5\xe96\xddU)\xc98M\xcd\xfb\x003\x12\xd7\xdb\x93\xcc]x\xaa\x8f~\xb90a\xa9\xb2\x04=\xabQ\xf7\x05\x81\x01\xe5\x98\r\x1d\xa1\xce\x8b\x19\xea\xef\xe3\x00\x00\x90\xcf\xb5\x7f\x00\x00\x00\x8d\xf0I{\xf0:\xd7\x802\xf3\r|\x86\x82\xf1\xb2\x06\xb0\x06\xbe\xb1\x0f\xa2\xa6\xedA\xb7\x0f\xda\x9d<\xd6l\xbcF\xcb\xec\x83#?\xf4\x81\x16+\x14\xc0\xb8\x88`W\xa9\xef\'\xe1\xee[\xac^\x00\x00\x00\x98a\xdaM\xfe\t\xfc\xfd\xb8S\x81\xe3', 0x1) syz_emit_vhci(0x0, 0x7) dup(r0) r1 = getpgrp(0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$MAP_CREATE(0x0, 0x0, 0x50) r4 = syz_open_dev$sndctrl(&(0x7f0000000600), 0x0, 0x8801) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r4, 0xc1105517, &(0x7f0000001340)={{0x0, 0x0, 0x0, 0x8, 'syz0\x00'}, 0x3, 0x0, 0x8, 0x0, 0x3, 0x0, 'syz1\x00', &(0x7f0000000180)=['\x00', '-[\'\x00', 'r\x0e\x81|\x0f\xa3\x8a\xb9\x8c\x94\x04\x17\v\rh\x10'], 0xc15c}) 1m11.677925748s ago: executing program 1 (id=282): msgctl$IPC_SET(0x0, 0x1, 0x0) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80000) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) write$P9_RGETLOCK(r1, &(0x7f00000000c0)=ANY=[], 0xffffff6a) pipe2(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x84000) tee(r0, r3, 0xfffffffffffffc01, 0x0) tee(r0, r3, 0x60000000000, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x41, &(0x7f0000000100)=0x83f, 0x4) bind$inet(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) msgget$private(0x0, 0x80) 1m3.899678476s ago: executing program 1 (id=301): r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/vmstat\x00', 0x0, 0x0) r1 = getpgrp(0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000200)=0x1000000000005) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r3 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) read$FUSE(r0, 0x0, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r6 = add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe) add_key$user(0x0, 0x0, 0x0, 0x0, r6) ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r0, 0xc0506617, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, 0x0) syz_mount_image$iso9660(&(0x7f0000000780), &(0x7f0000000040)='./file0\x00', 0x80448, &(0x7f0000000800)=ANY=[@ANYRESDEC=r5, @ANYRES16=0x0], 0x2, 0x688, &(0x7f0000000080)="$eJzs3V1v29Ydx/EfZdmWvSEotqEIsjQ+TVbAwTKFkhsHRnYxjaJsdpIokPJgAwOKrLGLIHK6JRnQ+Cb1zR6A7g3srje72GsYNvR672KXA4rtrsBuNPBJkq0HP8nxln0/QkuK/POc/yEVHtASDwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGQ5VdsuWap7zc0tM55TDfzGhPVJabO6LenP340nk+uVrOg/FQq6miy6+p3+6rej/93U9eTddRWiSUH733j7rQffzuey7SckdBY6bYHPX+4/edjp7DybciKXaD7dB8qdIHjdbXqh7zUq667xQt+sra7adzdqoal5dTfcDttuwziBm2v7gVl2bpvS2trKN93itr/ZXK9W6m628P4Pyra9aj6YTw//3Q+KofOlV697zfU4Jlodxdw3n/8sCXErDWN2H3d2Vo5LMgoqnSSofFxQ2S6XS6VyubR6b+3efdvODy2wj9BQxNQ/tPgfM9XzN3Aeuaj//7sl1VVQU5vakhn5clRVIF+NMetTacd/+7277sR6B/v/rJe/2l99TXH/fyN5d2Nc/z8mFyNjRRuMWmONWX6213O91L6e6KE66mhHz6ZT7tL0Mhz1mptaSetSXvIUypenhipalyuTLjFa06pWZetDbaimUEY1earLVahthWrLVSM+JoFcVdSWr0BGy3J0W0YlrWlNKzJyVdS2fG2qqXVVVdHX3W53V4/j/b4yIUdlQaWTBJXTBQsDn5PsszSu///5q+RzauftuC3R7Kj+P4qg/3+TZeevk8RE5s9x6gbOrZte/5/S0sVkAwAAAAAALoIV//Xdir+7f0dSVzWv7tqXnRYAAAAAAJii+Jv/69FkNpp7R9aY6//u688NAAAAAABMhxXfY2dJWtSS3koWJndCneRHADMXnR8AAAAAADi/+Pv/G3NSNx6KYklWbyQUbgIAAAAAAOAN8duBMfbz2Ri73exr/ZyksDVv/eWfrxTMWgetre9Ze5VoTWVvJtlw6BcA7do160o6UG88mZMUv3Pc61Y6PnA6CKaVDOwrfbWbUy8PjRrr1wqOJDA3k/35ImONSWA1n77T53o3iXk3rffRfk7xmqSWxZpXd4uOX39QUqVyJdd2t9q/evo4N9jO3cedneJHn3QexbkcRIsO9qKqXx1KJ3dcLi/i8Rbiey5GtXhBtazK3zUbi1Zcr521f0aVvdxgRZMOQL/OX+tmEnNzMZku7mdHIG5/IWp/qRgfsl7rP41Hh7D6WZSOtvzogZiQRSHO4lYSc2v5VjLJ8kuz+P6MVC4ePgafStEnoJ9FeTCL4/eF9a+hfXFMFtG+WImy+DIqaEwWK6fLYuiIAMBl2e33QvEg5sNj7B/td89yltud9CSfXNS7/+hwLS/+0E1uOJyR8ul3ExNrKSg6oy8nMXOKT6z5ayPO6HbarxQ05oxun6N3i+r6U+8ZCNno3kNZ/Lvb7T4oxfX+/kiv+kW0wRdj6w3r5ZloF959sfeLeAD8yMc7H+88LZdXVu33bfteWbNxM9IJfQ8AYITjn7FzbIT1fu+q+tE/3kvmDvV43+r9pKCoj/SJOgvSnewRAktZqZF+qYvpNp8pih26ao3KX5AOx+6opDtjr+rivnQgttyLnVW2yeGeuh+7cqHHAACA1+3mUD98+v7/TnbdvXxt5HX34sBPCu/0r45T42JLr3lPAADw/8MNvrIW27+xgsBrfVhaWytV2huuCXznJybwquuu8ZptN3A2Ks1117QCv+07ft20As17VTc04War5QdtU/MD0/JDbyt+8rtJH/0euo1Ks+05YavuVkLXOH6zXXHapuqFjmlt/rjuhRtuEG8ctlzHiy7E257fNKG/GThu0ZjQdQcCvarbbHs1L5ptmlbgNSrBtvmpX99suKbqhk7gtdp+UmBWl9es+UGjEhVbVPfUDzoEAOBN9Pzl/pOHnc7OswkzBzo+Jp2ZG1VgVtfC5TYVAACkhntpAAAAAAAAAAAAAAAAAAAAAADw32b8LX3Z6LInue1vYGZ21M2CUm/JL6+cqBxLp6l02jO5s2/+twkxC70l2e4fjDkYs9XXf01iL6KlSmbyZy/nM41etSCd/LbRKcz8cDfZS2NjopUjV833jkX+RLfDnnrm6R/7SwqDuyX65zV58/nD+3BuUgMPz+QlPZs7xyG4hJMRgNfqPwEAAP//7TpAXA==") r7 = socket$inet6(0xa, 0x800000000000002, 0x0) connect$inet6(r7, 0x0, 0x0) sendto$inet6(r7, 0x0, 0x0, 0x4004800, &(0x7f0000000180)={0xa, 0x4e22, 0x10003, @mcast2={0xff, 0x5}, 0xfffffffc}, 0x1c) ioctl$F2FS_IOC_RESERVE_COMPRESS_BLOCKS(0xffffffffffffffff, 0x8008f513, 0x0) 1m1.704567455s ago: executing program 1 (id=302): mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000040)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x23e9c9e, 0x0) mount$bind(0x0, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x28a5291, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000140)='tracefs\x00', 0x800000, 0x0) syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x80078b, &(0x7f00000000c0)={[{@usrjquota}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x4}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5c}}, {@bh}, {@nobh}, {@min_batch_time={'min_batch_time', 0x3d, 0xb656}}, {@init_itable_val={'init_itable', 0x3d, 0x8d55}}]}, 0x0, 0x46f, &(0x7f0000000bc0)="$eJzs281rHGUYAPBnJh9t7UdirR+tVaNFCIpJk1btwYui4KGioId6jMm2hG4baaLYUmwqUi+CFPQsHgX/Am8iiHoSvOrFkxSK9tLqKTKzM+1mm02N2WRi9veDzb7vzrs7z5P5eud9dwPoWkPZnyRiR0T8EhEDjeriBkONpxvXzk/+de38ZBILC6//keTtrl87P1k2Ld+3vagMpxHph0mxksVmz547OVGv184U9dG5U2+Pzp4999S7pyZO1E7UTo8fOXL40Nizz4w/3ZE8s7yu73t/Zv/el9+8/Mrksctv/fBVFu+OYnlzHp0ylCX+50KuddnjnV5ZxXY2lZPeCgNhRXoiIttcffnxPxA9cWvjDcRLH1QaHLCmsmvTlvaL5xeATSyJqiMAqlFe6LP73/KxTl2PDeHq840boCzvG8WjsaQ30qJNX8v9bScNRcSx+b8/zx6xRuMQAADNPp787Gg54ru4/5fGffnzb/nfXcUcymBE3B0RuyPinojYExH3RuRt74+IB1YZz+39n/TKKj9yWVn/77libmtx/6/s/cVgT1HbmefflxyfrtcOFv+T4ejbktXHllnHNy/+/Em7Zc39v+yRrb/sCxZxXOltGaCbmpibyDulHXD1YsS+3qXyT27OBCQRsTci9q3so3eVheknvtzfrtGd819GB+aZFr7I0pvP8p+PlvxLSfP85PRt85OjW6NeOzha7hW3+/GnS6+1W/+q8u+Aq7XGc9P2b20ymDTP186ufB2Xfv2o7T3Nf9z/0/7kjXyeub947b2JubkzYxH9ydG8vuj18VvvLetl+2z/Hz6w9PG/u3hPlv+DEZHtxA9FxMMR8UgR+6MR8VhEHFgm/+9faL+szD/Sirb/xYipJc9/N/f/lu2/8kLPye++brf+f7f9D+el4eKV/Px3B0uFk50uWgNczf8OAAAA/i/S/DvwSTpys5ymIyON7/DvibvS+szs3JPHZ945PdX4rvxg9KXlSNdAMR5an67XxpL54hMb46PjxVhxOV56qBg3/rRnW14fmZypT1WcO3S77W2O/8zvPVVHB6yxbUu+Ot6/7oEAFWidR08XVy+8Gk4GsFn5vTZ0rzsc/+l6xQGsP9d/6F5LHf8XWurmAmBzcv2H7uX4hy6Vflt1BECFXP+hK63md/1rWNi6McKoprBRN0peiCgL6YaIR2GNClWfmQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADrjnwAAAP//fhbpGw==") 59.888128251s ago: executing program 1 (id=305): bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'sha1-ssse3\x00'}, 0x58) r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000014da2108ab1204000000000000010902240001b30000040904410c17ff5d810009050f1f05e13f000009058303", @ANYRESDEC], 0x0) syz_usb_ep_write$ath9k_ep2(r0, 0x83, 0x3b, &(0x7f0000000000)=ANY=[]) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x24004045) 58.408326845s ago: executing program 1 (id=310): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1}, 0x28) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000004c0)={[{@delalloc}, {@data_err_abort}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@usrquota}, {@data_err_ignore}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@oldalloc}, {@grpquota}, {@noload}, {@user_xattr}, {@bh}, {@dioread_nolock}]}, 0x1, 0x557, &(0x7f0000000600)="$eJzs3c9rHFUcAPDvbDb9rU2hFBWRQA9WajdN4o8KHupRtFjQe12SbSjZdEt2U5pYsD3YixcpgogF8a53j8V/wL+ioIUiJerBS2Q2M2ma3STbdOsG5/OBCe/tzO6btzPfl+/s22UCKKzR9E8p4sWI+CqJOBwRSbauHNnK0dXtlh9en0qXJFZWPv4jaW+X1vPXyp93MKu8EBG/fBFxstTZbnNxabZar9fms/pYa+7KWHNx6dSluepMbaZ2eWJy8sybkxPvvP1W3/r62vm/v/3o7vtnvjy+/M1P94/cTuJsHOrbq7fdWF8ZjdHsPRmOsxs2HO9vuwOXDHoH2JGhLM6HIx0DDsdQFvXA/9/nEbECFFQi/qGg8jwgv7Zffz1fBA/eW70A6ux/efWzkdjXvjY6sJw8dmWUXu+O9KH9tI2ff79zO11iw+cpAM/SjZsRcbpc7hz/kmz827nTPWyzsQ3jH/x37qb5z+vd8p/SWv4TXfKfg11idye2j//S/T40s6k0/3u3a/67Nmk1MpTVnmvnfMPJxUv1Wjq2PR8RJ2J4b1rfaj7nzPK91Tx7f+e69flfuqTt57lgth/3y3sff850tVV92n7nHtyMeKlr/pusHf+ky/FP34/zPbZxrHbnlc3Wbd//Z2vlh4hXux7/RzNaydbzk2Pt82EsPys6/XXr2K+btT/o/qfHf2jr/o8k6+drm0/exvf7/qlttu6x/kfv5/+e5JN2eU/22LVqqzU/HrEn+bDz8YlHz83r+fZp/08c33r863b+p6H8aY/9v3X0x5d76v+Ajv/0Ex3/Jy/c++Cz7zZrv7fx74126UT2SC/jX687+DTvHQAAAAAAAOw2pYg4FEmpslYulSqV1e93HI0DpXqj2Tp5sbFweTrav5UdieFSPtN9eN33Icaz78Pm9YkN9cmIOBIRXw/tb9crU4369KA7DwAAAAAAAAAAAAAAAAAAALvEwU1+/5/6bWjQewc8c275DcW1bfz3405PwK7k/z8UVzna97gGCsj/fygu8Q/FJf6huMQ/FJf4h+IS/wAAAAAAAAAAAAAAAAAAAAAAAAAAANBX58+dS5eV5YfXp9L69NXFhdnG1VPTteZsZW5hqjLVmL9SmWk0Zuq1ylRjbrvXqzcaV8YnYuHaWKvWbI01F5cuzDUWLrcuXJqrztQu1NxnEAAAAAAAAAAAAAAAAAAAADo1F5dmq/V6bV5BYUeFcl74c3fsj0J/CoMemQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgkX8DAAD//yRANW8=") r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './cgroup\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) getdents64(0xffffffffffffffff, &(0x7f0000000540)=""/92, 0x5c) r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="1b00000000000000000000000000040000000000", @ANYRES32=0x0, @ANYBLOB="05e7ffffff000000000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000680)={0x6, 0x11, &(0x7f0000000000)=@ringbuf={{0x18, 0x0, 0x6}, {{0x18, 0x1, 0x1, 0x0, r5}}, {}, [@map_idx={0x18, 0xa}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000600)=[r4]}, 0x94) r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r7 = socket$inet6(0xa, 0x400000000001, 0x0) bind$inet6(r7, &(0x7f0000fa0fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r7, 0x0, 0x0, 0x20000808, &(0x7f00000001c0)={0xa, 0x4e20, 0x8, @loopback}, 0x1c) sendto$inet6(r7, &(0x7f0000000000)="8d", 0x1, 0x0, 0x0, 0x0) write(r6, &(0x7f0000000040)="09000000010001", 0x7) 56.289940808s ago: executing program 33 (id=310): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1}, 0x28) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x0, &(0x7f00000004c0)={[{@delalloc}, {@data_err_abort}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@usrquota}, {@data_err_ignore}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@oldalloc}, {@grpquota}, {@noload}, {@user_xattr}, {@bh}, {@dioread_nolock}]}, 0x1, 0x557, &(0x7f0000000600)="$eJzs3c9rHFUcAPDvbDb9rU2hFBWRQA9WajdN4o8KHupRtFjQe12SbSjZdEt2U5pYsD3YixcpgogF8a53j8V/wL+ioIUiJerBS2Q2M2ma3STbdOsG5/OBCe/tzO6btzPfl+/s22UCKKzR9E8p4sWI+CqJOBwRSbauHNnK0dXtlh9en0qXJFZWPv4jaW+X1vPXyp93MKu8EBG/fBFxstTZbnNxabZar9fms/pYa+7KWHNx6dSluepMbaZ2eWJy8sybkxPvvP1W3/r62vm/v/3o7vtnvjy+/M1P94/cTuJsHOrbq7fdWF8ZjdHsPRmOsxs2HO9vuwOXDHoH2JGhLM6HIx0DDsdQFvXA/9/nEbECFFQi/qGg8jwgv7Zffz1fBA/eW70A6ux/efWzkdjXvjY6sJw8dmWUXu+O9KH9tI2ff79zO11iw+cpAM/SjZsRcbpc7hz/kmz827nTPWyzsQ3jH/x37qb5z+vd8p/SWv4TXfKfg11idye2j//S/T40s6k0/3u3a/67Nmk1MpTVnmvnfMPJxUv1Wjq2PR8RJ2J4b1rfaj7nzPK91Tx7f+e69flfuqTt57lgth/3y3sff850tVV92n7nHtyMeKlr/pusHf+ky/FP34/zPbZxrHbnlc3Wbd//Z2vlh4hXux7/RzNaydbzk2Pt82EsPys6/XXr2K+btT/o/qfHf2jr/o8k6+drm0/exvf7/qlttu6x/kfv5/+e5JN2eU/22LVqqzU/HrEn+bDz8YlHz83r+fZp/08c33r863b+p6H8aY/9v3X0x5d76v+Ajv/0Ex3/Jy/c++Cz7zZrv7fx74126UT2SC/jX687+DTvHQAAAAAAAOw2pYg4FEmpslYulSqV1e93HI0DpXqj2Tp5sbFweTrav5UdieFSPtN9eN33Icaz78Pm9YkN9cmIOBIRXw/tb9crU4369KA7DwAAAAAAAAAAAAAAAAAAALvEwU1+/5/6bWjQewc8c275DcW1bfz3405PwK7k/z8UVzna97gGCsj/fygu8Q/FJf6huMQ/FJf4h+IS/wAAAAAAAAAAAAAAAAAAAAAAAAAAANBX58+dS5eV5YfXp9L69NXFhdnG1VPTteZsZW5hqjLVmL9SmWk0Zuq1ylRjbrvXqzcaV8YnYuHaWKvWbI01F5cuzDUWLrcuXJqrztQu1NxnEAAAAAAAAAAAAAAAAAAAADo1F5dmq/V6bV5BYUeFcl74c3fsj0J/CoMemQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgkX8DAAD//yRANW8=") r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './cgroup\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) getdents64(0xffffffffffffffff, &(0x7f0000000540)=""/92, 0x5c) r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="1b00000000000000000000000000040000000000", @ANYRES32=0x0, @ANYBLOB="05e7ffffff000000000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000680)={0x6, 0x11, &(0x7f0000000000)=@ringbuf={{0x18, 0x0, 0x6}, {{0x18, 0x1, 0x1, 0x0, r5}}, {}, [@map_idx={0x18, 0xa}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000600)=[r4]}, 0x94) r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r7 = socket$inet6(0xa, 0x400000000001, 0x0) bind$inet6(r7, &(0x7f0000fa0fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r7, 0x0, 0x0, 0x20000808, &(0x7f00000001c0)={0xa, 0x4e20, 0x8, @loopback}, 0x1c) sendto$inet6(r7, &(0x7f0000000000)="8d", 0x1, 0x0, 0x0, 0x0) write(r6, &(0x7f0000000040)="09000000010001", 0x7) 56.060567149s ago: executing program 3 (id=314): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000040)={0x3, &(0x7f0000000000)=[{0x35, 0x1, 0x1, 0x81}, {0x61}, {0x6}]}) prctl$PR_SET_MM_MAP(0x23, 0xe, 0x0, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f0000000100)=[{{0x0, 0x2d, &(0x7f00000000c0)=[{&(0x7f0000000000)="1b", 0x40000}], 0x1}}], 0x51, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2}) 55.481731612s ago: executing program 3 (id=316): socket$inet_tcp(0x2, 0x1, 0x0) r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000140)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) bind$vsock_stream(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f0000000300)) r3 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r3, 0xc0285700, &(0x7f0000000140)={0xfe, "7bb9595931028deda525e19bdeffafde2500f6d15c9e31df9454310ad7c18e65", 0xffffffffffffffff}) ppoll(&(0x7f00000000c0)=[{0xffffffffffffffff, 0xe259}, {r4, 0x1020}], 0x2, 0x0, 0x0, 0x0) close_range(r3, 0xffffffffffffffff, 0x0) 52.981002479s ago: executing program 3 (id=318): socket$nl_xfrm(0x10, 0x3, 0x6) chown(0x0, 0x0, 0x0) r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000000c0)='sched_switch\x00', r1}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[], 0x48}, 0x1, 0x0, 0x0, 0x20040884}, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r6 = openat$cgroup_ro(r5, &(0x7f00000000c0)='cpu.stat\x00', 0x275a, 0x0) preadv(r6, 0x0, 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r7 = getpid() fcntl$setownex(0xffffffffffffffff, 0xf, &(0x7f0000000000)={0x2, r7}) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) read$FUSE(0xffffffffffffffff, &(0x7f0000000a00)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_WRITE(r0, &(0x7f0000000100)={0x18, 0x0, r8, {0x4}}, 0x18) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r9 = io_uring_setup(0x899, &(0x7f0000000040)={0x0, 0x3cb1, 0x1c080, 0xa, 0x20002f7}) io_uring_enter(r9, 0x2219, 0x7721, 0x16, 0x0, 0x0) timer_create(0x0, 0x0, 0x0) 51.799367297s ago: executing program 3 (id=319): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0xc0100, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'pimreg\x00', 0x2}) ioctl$TUNSETDEBUG(r0, 0x400454c9, 0xffffffffffffffff) ioctl$TUNSETLINK(r0, 0x400454cd, 0x0) syz_mount_image$vfat(&(0x7f0000000200), &(0x7f0000000340)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x400, &(0x7f0000000100)=ANY=[@ANYBLOB="6572726f72733d72656d6f756e742d726f2c757466383d302c757365667265652c646973636172642c757466383d312c756e695f786c6174653d302c73686f72746e616d653d77696e39352c756e695f786c6174653d302c756e695f786c6174653d302c0008442895b66131b4e4d54b2ba6ae54dabaa5206d4a2a060b5ccc774b3ec4c81a1a9852327ff871d16d0d9344e764c68194b9d9d0be76c595bac1fc5a0a8256a7b77e071e9bdd6100f9aeb8576d329be6e4bb168f1434000000", @ANYRESHEX=0x0], 0xfd, 0x296, &(0x7f0000001080)="$eJzs3M1qE1EUwPFj0o80tU0WIiiIB92oi6GNL2CQFsSAUhtRF8LUTjRkTMrMWImI7c6tz1FcuhPUF+jGnQt30k0XCm66UCOdjzatQ6u2yYTm/4Myp3Pvydz5CmcGctfvvHpcq7hGxfQklVFJiSzLhkh+MwodC5cpPx6SdstycfT7pzO37t67XiyVpmZUp4uzlwuqOn723dPnr8998EZvvxl/Oyyr+fvr3wpfVk+unlr/NRt9esNTU+caDc+csy2dr7o1Q/WmbZmupdW6azk72it2Y2GhqWZ9fiy74Fiuq2a9qTWrqV5DPaep5kOzWlfDMHQsK/0m/c8Z5ZWZGbPYkcEgCSNxKx2naKZjG8sr3RgUAADoLUnV/4+qrlZdre9X/6eE+r9zqP+PkuNrEvsUuFn/Z8P7d8uln10cGQAAAAAAAAAAAAAAAAAAAAAAOIiNVivXarVy0TL6GxaRjIhE/yc9TnTGQc7/cPeHi0PW9sO9jIj9crG8WA6WQXuxIlWxxZKJQZEf/vUQCuLpa6WpCfXl5b29FOYvLZbT/vXh50fy8fmTQb7uzB+UbPv2C5KTE/I5Lr8Qmz8kF8635RuSk48PpCG2zPvX9Xb+i0nVqzdKu/JH/H4AAAAAABwFhm754/ndbzc0mjZkV3uwcvv9gOT2eT+w6/l6QE4PJLffAAAAAAD0E7f5rGbatuUQ7AiuiMiefZI+dCM9cqA6GKQ2z0HXt/41ujV64yAcarD2JNi1v+mc4JcSAAAAgI7YLvqTHgkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP1rj2nAMmEXf03U/3/mHmvbXLr7ewgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD0jt8BAAD//ysQG/U=") mount(&(0x7f0000000ac0)=@loop={'/dev/loop', 0x0}, &(0x7f0000000b00)='./file1\x00', 0x0, 0x1000, 0x0) r1 = openat(0xffffffffffffff9c, 0x0, 0x441, 0x104) fallocate(r1, 0x10, 0x4000, 0x4000) sched_setscheduler(0x0, 0x1, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x3) r3 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ptrace$ARCH_SHSTK_ENABLE(0x1e, r3, 0x0, 0x5001) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r4 = syz_open_dev$MSR(&(0x7f0000000240), 0xfffffffffffffffa, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) keyctl$chown(0x4, 0x0, 0xee01, 0x0) r5 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000280), 0x42000, 0x0) read$FUSE(r5, &(0x7f0000002600)={0x2020, 0x0, 0x0, 0x0}, 0x2020) setreuid(r6, r6) shmctl$IPC_SET(0x0, 0x1, &(0x7f0000000380)={{0x2, 0x0, 0x0, r6, 0x0, 0x0, 0xc270}, 0x7, 0x9, 0x88a, 0xa, 0x0, 0x0, 0x401}) unshare(0x2020600) 50.186612293s ago: executing program 3 (id=321): syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r0 = getpgrp(0x0) sched_setaffinity(r0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x2042, 0x0) seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x1, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0xf8, 0x7fff0010}]}) times(0x0) ioctl$AUTOFS_IOC_FAIL(r4, 0x4c80, 0x7000000) 49.639207333s ago: executing program 3 (id=322): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x404, &(0x7f0000000580)={[{@max_batch_time={'max_batch_time', 0x3d, 0x4}}, {@max_batch_time={'max_batch_time', 0x3d, 0x2}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x6a}}, {@block_validity}, {@errors_remount}, {@nombcache}]}, 0x1, 0x44f, &(0x7f0000000640)="$eJzs28tvG8UfAPDvrpP219cvoSqPPoBAQVQ8kiYtpQcuIJA4gIQEh3IMSVqVug1qgkSrCAJC5YgqcUcckfgLOMEFASckrnBHlSoUIbVwMlp7N7Ed23nUiaH+fKRtZ3bXnfl6drwzO90A+tZI9kcSsTcifo2IoVq28YSR2l+3lxam/lpamEqiUnnjj6R63q2lhani1OJze4rMQET6SRKHW5Q7d+XqhclyeeZynh+bv/ju2NyVq8+cvzh5bubczKWJ06dPnhh/7tTEs12JM4vr1qEPZo8cfOWt669Nnbn+9o9fJ0X8TXF0yUing49XKl0urrf21aWTgR5WhA0p1bppDFb7/1CUYqXxhuLlj3taOWBLVSqVyn3tDy9WgLtYEr2uAdAbxY0+m//mW3Hr34bRR+/dfKE2Acpiv51vtSMDkebnDDbNb7tpJCLOLP79RbbFRp9DpFtUKQDgrvZtNv55umH8l48/0qh/LvT/fA1lOCLuiYj9EXEqIg5ExL0R1XPvj4gHWhWStC+/eZFk9fgnvbHp4NYhG/89n69tNY7/lgdXw6U8t68a/2By9nx55nj+nRyLwZ1ZfrxDGd+99Mtn7Y7Vj/+yLSu/GAvm9bgxsLPxM9OT85N3EnO9mx9FHBpoFX+yvBKQNd/BiDi0yTLOP/nVkSJ9uNR4bO34O+jCOlPly4gnau2/GE3xF5LO65Nj/4vyzPGx4qpY7aefr73ervw7ir8Lsvbf3fL6X45/OKlfr53beBnXfvu07Zxms9f/juTNhn3vT87PXx6P2JG8Wqt0/f6JpvMmVs7P4j92tHX/3x8r38Th7PpPIx6MiIci4uG87o9ExKMRcbRD/D+8+Ng7HeP/s138Ozv8q92RxT/d0P7FD1+79l9J7IjmPa0TpQvff9NQ6HBT/Gu2/8lq6li+Zz2/f+up1+auZgAAAPjvySb7eyNJR5fTaTo6Wvs//Adid1qenZt/6uzse5ema+8IDMdgWjzpGqp7HjqeT+uL/ERT/kT+3Pjz0q5qfnRqtjzd6+Chz+1p0/8zv5d6XTtgy3lfC/qX/g99q/49AKDPuP9D/2rR/3f1oh7A9mt1//+wB/UAtl9T/7fsB33E/B/6l/4P/Uv/h740tyvWfkleQmJVItJ/RTUktijR618mAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA7vgnAAD//wW66qg=") bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = memfd_create(&(0x7f00000001c0)='/duv/udmabuf\x00', 0x0) fsetxattr$trusted_overlay_origin(r3, &(0x7f0000000080), 0x0, 0x0, 0x0) fsetxattr$trusted_overlay_opaque(r3, 0x0, 0x0, 0x0, 0x1) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) close_range(r4, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='rdma.current\x00', 0x275a, 0x0) fsetxattr(r5, &(0x7f0000000000)=@known='security.selinux\x00', &(0x7f0000000080)=':\x00', 0xffdf, 0x0) 48.91027541s ago: executing program 34 (id=322): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x404, &(0x7f0000000580)={[{@max_batch_time={'max_batch_time', 0x3d, 0x4}}, {@max_batch_time={'max_batch_time', 0x3d, 0x2}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x6a}}, {@block_validity}, {@errors_remount}, {@nombcache}]}, 0x1, 0x44f, &(0x7f0000000640)="$eJzs28tvG8UfAPDvrpP219cvoSqPPoBAQVQ8kiYtpQcuIJA4gIQEh3IMSVqVug1qgkSrCAJC5YgqcUcckfgLOMEFASckrnBHlSoUIbVwMlp7N7Ed23nUiaH+fKRtZ3bXnfl6drwzO90A+tZI9kcSsTcifo2IoVq28YSR2l+3lxam/lpamEqiUnnjj6R63q2lhani1OJze4rMQET6SRKHW5Q7d+XqhclyeeZynh+bv/ju2NyVq8+cvzh5bubczKWJ06dPnhh/7tTEs12JM4vr1qEPZo8cfOWt669Nnbn+9o9fJ0X8TXF0yUing49XKl0urrf21aWTgR5WhA0p1bppDFb7/1CUYqXxhuLlj3taOWBLVSqVyn3tDy9WgLtYEr2uAdAbxY0+m//mW3Hr34bRR+/dfKE2Acpiv51vtSMDkebnDDbNb7tpJCLOLP79RbbFRp9DpFtUKQDgrvZtNv55umH8l48/0qh/LvT/fA1lOCLuiYj9EXEqIg5ExL0R1XPvj4gHWhWStC+/eZFk9fgnvbHp4NYhG/89n69tNY7/lgdXw6U8t68a/2By9nx55nj+nRyLwZ1ZfrxDGd+99Mtn7Y7Vj/+yLSu/GAvm9bgxsLPxM9OT85N3EnO9mx9FHBpoFX+yvBKQNd/BiDi0yTLOP/nVkSJ9uNR4bO34O+jCOlPly4gnau2/GE3xF5LO65Nj/4vyzPGx4qpY7aefr73ervw7ir8Lsvbf3fL6X45/OKlfr53beBnXfvu07Zxms9f/juTNhn3vT87PXx6P2JG8Wqt0/f6JpvMmVs7P4j92tHX/3x8r38Th7PpPIx6MiIci4uG87o9ExKMRcbRD/D+8+Ng7HeP/s138Ozv8q92RxT/d0P7FD1+79l9J7IjmPa0TpQvff9NQ6HBT/Gu2/8lq6li+Zz2/f+up1+auZgAAAPjvySb7eyNJR5fTaTo6Wvs//Adid1qenZt/6uzse5ema+8IDMdgWjzpGqp7HjqeT+uL/ERT/kT+3Pjz0q5qfnRqtjzd6+Chz+1p0/8zv5d6XTtgy3lfC/qX/g99q/49AKDPuP9D/2rR/3f1oh7A9mt1//+wB/UAtl9T/7fsB33E/B/6l/4P/Uv/h740tyvWfkleQmJVItJ/RTUktijR618mAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA7vgnAAD//wW66qg=") bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = memfd_create(&(0x7f00000001c0)='/duv/udmabuf\x00', 0x0) fsetxattr$trusted_overlay_origin(r3, &(0x7f0000000080), 0x0, 0x0, 0x0) fsetxattr$trusted_overlay_opaque(r3, 0x0, 0x0, 0x0, 0x1) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) close_range(r4, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='rdma.current\x00', 0x275a, 0x0) fsetxattr(r5, &(0x7f0000000000)=@known='security.selinux\x00', &(0x7f0000000080)=':\x00', 0xffdf, 0x0) 18.172054367s ago: executing program 0 (id=367): clock_gettime(0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, 0x0) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000100)={[0xd4b, 0x1000009, 0xffffeffffffffffb, 0x10000000, 0x10000, 0x3, 0x4002004c1, 0xa, 0x8, 0xc82, 0x100001, 0x0, 0x2, 0x0, 0x8, 0x1000100000089], 0x200000, 0x100102}) r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) wait4(0x0, 0x0, 0x40000000, 0x0) readv(0xffffffffffffffff, &(0x7f0000000200)=[{&(0x7f0000000100)=""/35, 0x2e}], 0x1) ptrace$setregs(0xd, r0, 0x2, &(0x7f0000000180)) ptrace$cont(0x21, r0, 0x80000001, 0x4) 18.171690317s ago: executing program 5 (id=311): r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000340)={{0x1, 0x3}}) ioctl$SNDRV_TIMER_IOCTL_START(r0, 0x54a0) syz_usb_connect$cdc_ncm(0x0, 0x76, &(0x7f0000000240)=ANY=[@ANYBLOB="12015002020000082505a1a4400001020301090264000201fdf0030904000001020d0000052406000105240036000d240f01d30c000009000400fc06241a86003b042406", @ANYRESOCT], &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0}) readv(r0, &(0x7f0000000200)=[{&(0x7f0000003140)=""/4096, 0x8}], 0x2) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r2, 0x2000002, 0xe, 0x0, &(0x7f0000000200)="df33c9f7b9a60000000000020000", 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 15.570576923s ago: executing program 5 (id=374): r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$MAP_CREATE(0x0, 0x0, 0x50) close(0xffffffffffffffff) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_cred(r5, 0x1, 0x11, 0x0, 0x0) sendmmsg$unix(r5, &(0x7f00000001c0)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000480)='14U', 0x3}], 0xfd, &(0x7f0000000140)=[@cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [r4]}}], 0x38, 0x40044}}], 0x1, 0x4) r6 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r6, &(0x7f0000000580)={0x0, 0x0, 0x0}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000001500)=ANY=[@ANYBLOB="0100000001001000090000000500000041"], 0x50) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x1008002, &(0x7f0000000200)={[{@grpquota}, {@sysvgroups}, {@nomblk_io_submit}, {}, {@dioread_nolock}, {@jqfmt_vfsv0}, {@debug}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x100000}}]}, 0x0, 0x5e0, &(0x7f00000005c0)="$eJzs3c1vVFUbAPDnTj9oKe/bQt68igtpYgwkSksLGGJcwNaQBj/ixo2VFkQKNLRGiyaUBDcmxo0xJq5ciP+FEtmy0pULN64MCVHD0sQxd3pv6bR3+kU7t3J/v2TouefM5Zzb6dNz5vScOwFU1mD6Ty1if0RMJxH9yfxiWWdkhYMLz3vw50dn00cS9fprvyeRZHn585Psa192ck9E/PhDEvs6VtY7M3ft4vjU1OTV7Hh49tL08MzctcMXLo2fnzw/eXn0hdETx48dPzFyZFPXdb0g7/TNd9/v/2TszW+++isZ+faXsSROxsvZE5dex1YZjMHG9yRZWdR3YqsrK0lH9nOy9CVOOoue2dW+RrFu+euXvjpPRH90xMMXrz8+fqXUxgHbqp5E1IGKSsQ/VFQ+Dsjf2y9/H1wrZVQCtMP9UwsTACvjv3NhbjB6GnMDux8ksXRaJ4mIzc3MNdsTEXfvjN08d2fsZmzTPBxQbP5GRDxZFP9JI/4HoicGGvFfa4r/dFxwJvua5r+6yfqXTxWLf2ifhfjvWTX+o0X8v7Uk/t/eZP2DD5Pv9DbFf+9mLwkAAAAAAAAq6/apiHi+6O//tcX1P1Gw/qcvIk5uQf2Dy45X/v2/dm8LqgEK3D8V8VLh+t9avvp3oCNL/aexHqArOXdhavJIRPw3Ig5F1670eGSVOg5/uu/LVmWD2fq//JHWfzdbC5i1417nruZzJsZnxx/1uoGI+zcinipc/5ss9v9JQf+f/j6YXmcd+569daZV2drxD2yX+tcRBwv7/4d3rUhWvz/HcGM8MJyPClZ6+sPPvmtV/2bjv/AWE8CGpP3/7tXjfyBZer+emY3XcXSus96qbLPj/+7k9cYtZ7qzvA/GZ2evjkR0J6c70tym/NGNtxkeR3k85PGSxv+hZ1af/ysa//dGxPyy/zv5o3lPce7/f/f92qo9xv9QnjT+JzbU/288MXpr4PtW9a+v/z/W6OsPZTnm/2DBF3mYdjfnF4RjZ1FRu9sLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAI+DWkTsiaQ2tJiu1YaGIvoi4n+xuzZ1ZWb2uXNX3rs8kZY1Pv+/ln/Sb//CcZJ//v/AkuPRZcdHI2JvRHze0ds4Hjp7ZWqi7IsHAAAAAAAAAAAAAAAAAACAHaKvxf7/1G8dZbcO2HadZTcAKE1B/P9URjuA9tP/Q3WJf6gu8Q/VJf6husQ/VJf4h+oS/1Bd4h8AAAAAAB4rew/c/jmJiPkXexuPVHdW1lVqy4DtViu7AUBp3OIHqsvSH6gu7/GBZI3ynpYnrXXmaqbPPsLJAAAAAAAAAAAAAFA5B/fb/w9VZf8/VJf9/1Bd+f7/AyW3A2g/7/GBWGMnf+H+/zXPAgAAAAAAAAAAAAC20szctYvjU1OTVyXe2BnNaGeiXq9fT38Kdkp7/uWJfCn8TmnPskS+1299Z5X3OwkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGj2TwAAAP//+Ekkyg==") 15.533808206s ago: executing program 4 (id=375): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) io_uring_setup(0x4, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_key_refresh_complete={{0x30, 0x3}, {0x6, 0xc9}}}, 0x6) r4 = accept4$inet(0xffffffffffffffff, 0x0, 0x0, 0x80800) setsockopt$inet_MCAST_MSFILTER(r4, 0x0, 0x30, 0x0, 0x0) getsockopt$inet_mtu(r4, 0x0, 0xa, 0x0, 0x0) ioctl$EXT4_IOC_GETSTATE(r4, 0x40046629, 0x0) close(0xffffffffffffffff) setsockopt$inet_MCAST_MSFILTER(0xffffffffffffffff, 0x0, 0x30, 0x0, 0x0) sendmsg$GTP_CMD_ECHOREQ(0xffffffffffffffff, 0x0, 0x800) socketpair$unix(0x1, 0x1, 0x0, 0x0) stat(0x0, 0x0) stat(&(0x7f0000005f40)='./file0\x00', 0x0) lstat(0x0, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, 0x0) bind$netlink(r3, &(0x7f0000000080)={0x10, 0x0, 0x0, 0xfffffffffffffffd}, 0xc) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@private0={0xfc, 0x0, '\x00', 0x1}, @in6=@mcast2, 0x1, 0x4, 0x0, 0x0, 0xa}, {0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x3}, 0x0, 0x6e6bb4, 0x1}, {{@in=@dev={0xac, 0x14, 0x14, 0x33}, 0xfffffffd, 0x33}, 0x0, @in6=@dev={0xfe, 0x80, '\x00', 0x2}, 0x0, 0x0, 0x2, 0xfd, 0x5, 0x0, 0xfffffffe}}, 0xe8) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) 11.304038382s ago: executing program 0 (id=377): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x8082, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f0000000240)={[{@minixdf}, {}, {@barrier_val={'barrier', 0x3d, 0x9}}, {@commit={'commit', 0x3d, 0x9}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@dioread_nolock}, {@nodelalloc}, {@noblock_validity}, {@nomblk_io_submit}]}, 0xfe, 0x566, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9GajdN4o8KgvUiiBYLeq9LMg0lm27JbkoTC20P9uJFiiBiQfwDvHss/gP+FQUtFClBD14is5lNt81ukqYbN3U+H5j2vZnZvPnum+/bNzu7bACFNZL9U4p4OSK+SSIOt20bjHzjyOp+yw+vTWVLEisrn/2ZRJKva+2f5P8fzCsvRcSvX0WcKK1vt764NFupVtP5vD7WmLs8Vl9cOnlxrjKTzqSXJiYnT781OfHuO2/3LNbXz/39/ad3Pzr99fHl736+f+R2EmfiUL6tPY5ncKO9MhIj+XMyFGee2HG8B43tJkm/D4BtGcjzfCiyMeBwDORZD/z/XY+IFaCgEvkPBdWaB7Su7Xt0HfzcePDB6gXQ+vgHV98biX3Na6MDy8ljV0bZ9e5wD9rP2vjljzu3syU2eR/ieg/aA2i5cTMiTg0Orh//knz8275TzTePN/ZkG0V7/YF+upvNf97oNP8prc1/osP852CH3N2OzfO/dL8HzXSVzf/e6zj/XRu6hgfy2gvNOd9QcuFiNT0VES9GxGgM7c3qG93POb18b6Xbtvb5X7Zk7bfmgvlx3B/c+/hjpiuNyrPE3O7BzYhXOs5/k7X+Tzr0f/Z8nNtiG8fSO69227Z5/Dtr5aeI1zr2/6M7WsnG9yfHmufDWOusWO+vW8d+69b+6If9jT/r/wMbxz+ctN+vrT99Gz/u+yfttm275/+e5PNmeU++7mql0Zgfj9iTfLJ+/cSjx7bqrf2z+EePbzz+dTr/90fEF1uM/9bRW1137ff5n8U//VT9//SFex9/+UO39rfW/282S6P5mq2Mf1s9wGd57gAAAAAAAGC3KUXEoUhK5bVyqVQur36+42gcKFVr9caJC7WFS9PR/K7scAyVWne6D7d9HmI8/zxsqz7xRH0yIo5ExLcD+5v18lStOt3v4AEAAAAAAAAAAAAAAAAAAGCXONjl+/+Z3wf6fXTAjvOT31Bcm+Z/L37pCdiVvP5Dccl/KC75D8Ul/6G45D8Ul/yH4pL/UFzyHwAAAAAAAAAAAAAAAAAAAAAAAAAAAHrq3Nmz2bKy/PDaVFafvrK4MFu7cnI6rc+W5xamylO1+cvlmVptppqWp2pzm/29aq12eXwiFq6ONdJ6Y6y+uHR+rrZwqXH+4lxlJj2fDv0nUQEAAAAAAAAAAAAAAAAAAMDzpb64NFupVtN5ha6F92NXHMZOBrhqWw8f3C1RKHQt7NtG5/Z5YAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACANv8GAAD//04mM/E=") r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="19000000040000000400000008"], 0x48) r4 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r3}, 0x0, &(0x7f0000001c40)=r4}, 0x20) ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f00000000c0)={0x29}) 10.967041583s ago: executing program 4 (id=378): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) dup(r0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x2000800001000088}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) r1 = getpgrp(0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000040)=0x5) prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x2, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r3 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000100080000000008030000000000"], &(0x7f0000000f40)=""/4089, 0x26, 0xff9, 0xa}, 0x28) r4 = socket$unix(0x1, 0x1, 0x0) getpeername(r4, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8) r6 = request_key(&(0x7f0000000980)='encrypted\x00', &(0x7f00000009c0)={'syz', 0x1}, &(0x7f0000000a00)='})\x00', 0x0) request_key(&(0x7f0000000000)='encrypted\x00', &(0x7f0000000040)={'syz', 0x1}, 0x0, r6) r7 = open(&(0x7f0000000000)='./bus\x00', 0x1a1043, 0xc5) ioctl$FS_IOC_FSSETXATTR(r7, 0x401c5820, &(0x7f00000003c0)={0xd8, 0x0, 0x200}) socket$netlink(0x10, 0x3, 0x0) io_uring_setup(0x27d1, 0x0) ptrace$ARCH_ENABLE_TAGGED_ADDR(0x1e, r2, 0x1, 0x4002) bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="3800000020000104000000000000000002000000", @ANYRES32=0x0, @ANYBLOB="280002030c000e0000000000800008000a00000000000000004ebdb8f79a0000000000000052a59f1a83ea81008dc056965cd420d70153fd7238da81ee4d6d339608dcd2f92a177d4f4b23e7c2fe66484137d25fed57b1f3b6ac54fcd83731b3feb77ffbc9e9b4baadd4d96d1520755e33310843acf7286afc4e8c5049704320153ce9cfe896828ebd3a1649acbbfd9204ec519ac2483ebf1fdc030fa447284936b53affee62b9103c"], 0x38}}, 0x0) r8 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_buf(r8, 0x0, 0x10, &(0x7f0000000580)="17000000020001000003be8c5e687a8a6a002b00020100ecff3f0000000300000a0001000098fc5a53d3f5b7e4a96c6b06169da9c0f8d9485bbb6a880a00243c5197b29f9368bdd6c8db0000dba67e06000000e289c46f8ab8b4028a7a63c900000200df0180000000000100000000000080c457681f009cee4a5acb3dac00001fb7315033bf79ac2df5bc080236e2b68c8eec25a02aff06011500000000010000000affff02dfccebf6ba00085d024f0298e9e90554062a991ab9a2498e1253898676db7be8b79edf9e53066bbddd7f51727c79f683b45bb98d5d7ce7", 0xdd) 10.965690652s ago: executing program 5 (id=379): r0 = socket$nl_route(0x10, 0x3, 0x0) openat(0xffffffffffffff9c, 0x0, 0x107740, 0x179) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) bpf$BPF_LINK_CREATE_XDP(0x1c, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'}) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000840)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x20}, 0x1, 0x0, 0x0, 0x2000c824}, 0x4000000) sendmsg$nl_route(r0, &(0x7f0000004380)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=@ipv6_newrule={0x24, 0x18, 0x409, 0x0, 0x0, {0xa, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, [@FIB_RULE_POLICY=@FRA_GOTO={0x8, 0x1e, 0x1}]}, 0x24}}, 0x20004000) 9.068380405s ago: executing program 4 (id=380): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[], 0x4c}, 0x1, 0x0, 0x0, 0x40080}, 0x0) syz_open_dev$sndpcmp(0x0, 0xb, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(0xffffffffffffffff, 0xc4c85512, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r2, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000040)={0x1, 0x3, 0x6000, 0x2000, &(0x7f0000fa3000/0x2000)=nil}) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_SET_FPU(r2, 0x41a0ae8d, &(0x7f0000000240)={'\x00', 0x4, 0x9, 0xbd, 0x0, 0xffff, 0x2, 0x2, '\x00', 0x654}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 8.956151845s ago: executing program 0 (id=381): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x81, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_EXIT_HYPERCALL(r1, 0x4068aea3, &(0x7f0000000040)={0x79, 0x0, 0xc}) ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f0000000640)) 8.516198985s ago: executing program 0 (id=382): r0 = getpgrp(0x0) sched_setaffinity(r0, 0x49, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x1000) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) ptrace$getregs(0xc, 0x0, 0x80000098, 0x0) close_range(r4, 0xffffffffffffffff, 0x0) dup(0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) syz_mount_image$udf(&(0x7f0000000100), &(0x7f0000000080)='./file0\x00', 0x14444, &(0x7f0000000f40)=ANY=[@ANYBLOB="696f636861727365743d61736369692c6e6f6164696e696362000064696e6963622c6769643d69676e6f72652c7569643d666f726765742c756d61736b3d30303030303030303030303030303030303030303030322c076f6e6761642c6769643d771d0f4d30dc61469a581342d98a7a4c3534a971c3e26de72edc9ec3db403d8b2e970b9dcea448ddbb5a116ce6f67d99a77aa50bce7fc5451bcf5b13e9698d80385c54fff77d38aa9703314cd19a075893a1648dd8ef78a118122ee7a0e400"/203, @ANYRESDEC=0x0, @ANYBLOB=',nostrict,\x00'], 0xfe, 0xc22, &(0x7f00000002c0)="$eJzs3UFsHNd9B+D/Gy1FSm4rJk5Uu43bTVukMmO5sqSYilW4q5pmG0CWiVDMLQBX5EpdmCIJkmpkI22YXnroIUBR9JATgdYokKKB0RRBj2zrAsnFhyKnnogWNoKiB7YIkFPAYGbfikuKsmhTpCj7+2zqNzvz3sx7M+sZWdCbFwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAxO+/fOnMc+lhtwIAOEhXxr985qznPwB8rFz1//8AAAAAAAAAAAAAAHDYpSji8Ugxf2U9TVafOwYut2dv3Z4YGd252rFU1TxSlS9/Bp47e+78F54fvtDN96//oD0Zr45fvVR/ae7m/EJrcbE1XZ+YbU/NTbd2vYe91t9uqDoB9Zuv3Zq+fn2xfvbZc1s23x58r/+xk4MXh58+/VS37MTI6Oh4T5la34c++l3uNcLjaBRxOlI8890fp2ZEFLH3c3Gf785+O1Z1YqjqxMTIaNWRmXZzdqncONY9EUVEvadSo3uODuBa7EkjYrlsftngobJ74/PNhea1mVZ9rLmw1F5qz82OpU5ry/7Uo4gLKWIlItb6795dXxRRixTfPrGerkXEke55+Hw1MPje7Sj2sY+7ULaz3hexUjwC1+wQ648iXokUP3m7iKnynOWf+FzEK2V+P+LNMl+MSOUX43zEuzt8j3g01aKIvyiv/8X1NB0RGyc660frl79S/9Ls9bmest37yiP/fDhIh/zeNBBFNKs7/nr68L/ZAQAAAAAAAAAAAAAAAOBBOxZFPBkpXv6PP67GFUc1Lv3ExeE/GPzF3jHjT9xnP2XZZyNiudjdmNyjeQjxWBpL6SGPJf44G4gi/iSP//vmw24MAAAAAAAAAAAAAAAAAADAx1oRP4oUL7xzKq1E75zi7dkb9avNazOdWWG7c/9250zf2NjYqKdONnJO5lzOuZJzNedazihy/ZyNnJM5l3Ou5FzNuZYzjuT6ORs5J3Mu51zJuZpzLWfUcv2cjZyTOZdzruRczbmWMw7J3L0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB8lRRTxs0jxra+tp0gR0YiYjE6u9nfLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPU38q4nuRov6HjTvrahGRqn87TpW/nI/G0TI/GY3hMl+MxqWczSprjW/e92hpX/rAh9eXivhhpOgfeOvO1cnXv6/zafOavfn1zU+/Uuvkke7Gwff6Hzt54uLw6K89ca/lHa/+0OX27K3b9YmR0dHxntW1fPRP9qwbzMctHkzXiYjF1994rTkz01qw8PFYqHUWanFI2nNQC/l+FYelPdsXGoejGZsLD/nGxIEon//vRorfeec/uw/87vP/Fzqf7jzh46d/uvn8f2H7jvbp+f94z7oX8u9G+moRA0s35/tORgwsvv7G6fbN5o3Wjdbs+TNnvjg8/MVzZ/qORgxcb8+0epb2fKoAAAAAAAAAAAAAAAAADlYq4vciRfOH66keEber8VqDF4efPv3UkThSjbfaMm7r1fGrl+ovzd2cX2gtLram6xOz7am56dZuDzdQDfeaGBndl87c17F9bv+xgZfm5l9faN/4o6Udtx8fuHRtcWmhObXz5jgWRUSjd81Q1eCJkdGq0TPt5mxVdewBvUqhLxXxX5Fi6nw9fTavy+P/to/w3zL+f3n7jvZp/N8netaVx0ypiJ9Git/+yyfis1U7j8dd5yyX+9tIMXThM7lcHC3LddvQea9AZ2RgWfb/IsU//mxr2e54yMc3yz636xP7iCiv/4lI8b0//078Rl639f0PO1//49t3tE/X/1M9645veV/BnrtOvv6nI8WLj78Vv5nXvd/7P4rY2Nj4RsSpXPjO+zn26fp/umfdYHSO+1sPrvsAAAAAAAAAAACPrL5UxN9FiqdGa+n5vG43f/9vevuO9unvf/1yz7rpA5qvaM8nFQAAAAAOib5UxI8ixY2lt+6Mod46/rtn/Ofvbs69PpK2ba3+nO+XqvcGPMg//+s1mI87ufduAwAAAAAAAAAAAAAAAAAAwKGSUhHP5/nUJ+8zn/pqpHj5f57J5dLJslx3HvjB6teBK3Ozpy/NzMxNNZea12Za9fH55lSrrPupSLH+N5/JdYtqfvXufPOdOd4HNrpzsS9EitG/75btzMXenZu8Mx94Zy72suwnIsV//8PWst15rD+9WfZsWfavI8VX/3nnsic3y54ry34nUvzgq/Vu2eNl2e77UTvvJB2oxUzr2am5mbtehQoAAAAAAAAAAAAAAAAAAAAfVF8q4s8ixf/eXInlPOw/z//fnYG/1i375td75vvf5nY1z/9gNf//vZY/zPz/gw+spwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8OhIUcQbkWL+ynpa7S8/dwxcbs/euj0xMrpztWOpqnmkKl/+DDx39tz5Lzw/fKGb71//QXsyXh2/eqn+0tzN+YXW4mJruj4x256am27teg97rb956jqGqhNQv/narenr1xfrZ589t2Xz7cH3+h87OXhx+OnTT3XLToyMjo73lKn1fYCjf6DGbToaRfxVpHjmuz9O/9IfUcTez8V9vjv77VjViaGqExMjo1VHZtrN2aVy41j3RBQR9Z5Kje45OoBrsSeNiOWy+WWDh8rujc83F5rXZlr1sebCUnupPTc7ljqtLftTjyIupIiViFjrv3t3fVHEa5Hi2yfW07/2RxzpnofPXxn/8pmz925HsY993IWynfW+iJXiEbhmh1h/FPFPkeInb5+Kf+uPqEXnJz4X8UqZ3494s8wXI1KK2PhGxLs7fI94NNWiiP8vr//F9fR2f3k/6N5XLn+l/qXZ63M9Zbv3lV09H3793sd86M+Hg3TI700DUcQPqjv+evp3/10DAAAAAAAAAAAAAAAAHCJF/GqkeOGdU6kaH3xnTHF79kb9avPaTGdYX3fsX3fM9MbGxkY9dbKRczLncs6VnKs513JGkevnbOSczLmccyXnas61nHEk18/ZyDmZcznnSs7VnGs5o5br52zknMy5nHMl52rOtZxxSMbuAQAAAAAAAAAAAAAAAAAAHy1F9U+Kb31tPW30d+aXnoxOrpoP9CPv5wEAAP//N4D+uw==") r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r5, 0x0, 0x20040084) r6 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, 0x0) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_IPV6_HOPOPTS(r7, 0x29, 0x36, &(0x7f00000001c0)=ANY=[], 0x8) 6.737223847s ago: executing program 0 (id=383): r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = getpgrp(0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000140)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) bind$vsock_stream(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, r0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f0000000300)) r3 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r3, 0xc0285700, &(0x7f0000000140)={0xfe, "7bb9595931028deda525e19bdeffafde2500f6d15c9e31df9454310ad7c18e65", 0xffffffffffffffff}) ppoll(&(0x7f00000000c0)=[{0xffffffffffffffff, 0xe259}, {r4, 0x1020}], 0x2, 0x0, 0x0, 0x0) close_range(r3, 0xffffffffffffffff, 0x0) 5.676062893s ago: executing program 5 (id=384): r0 = getpgrp(0x0) sched_setaffinity(r0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x1b5cb000) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) close(0xffffffffffffffff) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r4, 0xffffffffffffffff, 0x26}, 0x10) r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bind$bt_sco(r5, &(0x7f00000001c0), 0x8) 3.867213398s ago: executing program 5 (id=385): syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000040)='./file1\x00', 0x400, &(0x7f0000000140)=ANY=[], 0x0, 0x695, &(0x7f0000001100)="$eJzs3U1sHGcdB+DfbnbX3oBSp03SgCphNVJBRCROrKSYSwNCKBIVqsoBcbQSp7GySSvHRU6EwHwfuHDojQNFwjcuIHEPKmfg1KuPlZC49BRAYtHMztprxx+7If5Snyeanfed92Pe9z8zO7uzihzgE+v6+TQepZbr519fKvKrK9Od1ZXpu/10krEk9aTRW6V2L6l9kFxLb8lnio1Vd7Xt9vPe/MybH368+lEv16iWsn59U7tjOw74an2LjcvVksmq/eSocdihvxub+muN3F1tbYZFwM71AwcHrZmku8F3z6yX7Grb6x04OmrVfXfzBT2RHK/u0aXl3mqrm/CRsnzQAwAAAIB98Nwvy6/wJw56HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHCUVH//v1Yt9X56MrXjScaTtKptqdJH2qODHgAAAAAAAAAAjO6bn9604XOP8zhLOdHPd2vlb/4vl5lT5eun8m7uZy4LuZClzGYxi1nIpSQTZXmzfG0tzS4uLlwaouXltZYZaHl5yBm0n37yAAAAAAAAAHBUNEZv8uNcX//9HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADoNacqy3KpdT/fRE6o0k40laRb3l5G/99KH0mz8P5rr/6ZaeqPZoP8cEAAAAB+S5x3mcpZzo57u18jv/mfJ7/3jezb0sZj6L6WQuN8tnAb1v/fXVlenO6sr03WJ5st+v/nOkYZQ9pvfsYes9ny1rtHMr8+WWC7mRt9PJzdTLloWz/fFsPa4fFWOqvVYZcmQ3q3Ux81+lOdKsnkZt6JoTZUSKEfUiMlW1LaJxcudIjHh0+nvqx/5S6mtPfk49y5gv9Vav/q63Lubz85Fistc2R+LywNl3ZudIJJ//0++/c7tz787YrfvnD8+URjA28ARtcySmByLx4rCRuH1UIzFoqozE6bX89Xwj3875TOaNLGQ+38tsFjOXyXw9szmW2ep8Ll4ndo7UtQ25N3YbSas8Ls3qXXT4MS1mNi+XbU9kPt/K27mZuVwt/13OpbyaK7mSmYEjfHqIq74+2jvtuS8MPEz+RZL2cO32QTGwk2t3p8Gzfqq8Dk5u2LIepeef/f2o8dkqUezjJ9X6cNgciUsDkXhh50j8tnxbud+5d2fh9uw7Q+7vlWpdXEc/O1R3ieJ8eb44WGVu49lRlL2wuWy8F69W9YtLr2zjHbcoO71WttuV2qo+wz3Z0+Wy7MUty6bLsrMDZRs+b13rfd4C4NA7/sXjrfY/2n9tv9/+aft2+/Xxr419eeylVpp/aX6lMXXslfpLtT/m/fxg/fs/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAADw9O4/eHhnttOZW9iU6Ha7P9ymaA8T7ST9LclurZrZvc7eJFpJykSjnxitn7GhKrfWj85rf/h/xtwctVXyTALVqE6yBw/v/Kvb7e77Ydoi0dzhnF9PdCtPFHWHaj6QaO7rBP/dfXYdHvAbE7DnLi7efefi/QcPvzR/d/atubfm7s1cuTIzNXPl6t8v3prvzE31Xg96lMBeWL/pH/RIAAAAAAAAAAAAgGHtx39L2GbX/93nqQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABH1PXzY1XqwlTxuroy3SmWfnqtYlmtnqT2/aT2QXItvSUTA93VttvPe/Mzb3748epHvVyjWsr69Q3tmgONfj3sLJarJZNJjlXrQePD9rRFfzeqdXO0PgbU1mZYBOxcP3Bw0P4XAAD//wXoEbw=") quotactl$Q_QUOTAON(0xffffffff80000200, &(0x7f0000000180)=@loop={'/dev/loop', 0x0}, 0xffffffffffffffff, 0x0) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x9) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r0, 0x0) read$FUSE(r0, &(0x7f0000002240)={0x2020}, 0x2020) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x9) 3.817001362s ago: executing program 6 (id=386): syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0) r0 = socket$inet(0x2, 0x3, 0x4) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000000c0)='xfrm0\x00', 0x10) sendmmsg$inet(r0, &(0x7f0000003040)=[{{&(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10, 0x0}}], 0x1, 0x0) ioctl$sock_TIOCINQ(r0, 0x541b, &(0x7f0000000080)) 3.544048758s ago: executing program 6 (id=387): r0 = signalfd4(0xffffffffffffffff, &(0x7f0000000140), 0x8, 0x0) ppoll(&(0x7f00000004c0)=[{r0, 0x1007}, {r0, 0x4004}], 0x2, 0x0, 0x0, 0x0) signalfd4(r0, &(0x7f0000000340)={[0x2]}, 0x8, 0x80800) 3.342941456s ago: executing program 4 (id=388): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f00000005c0)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@nogrpid}, {@noauto_da_alloc}, {@user_xattr}]}, 0x3, 0x56a, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH") quotactl$Q_QUOTAON(0xffffffff80000202, &(0x7f0000000180)=@loop={'/dev/loop', 0x0}, 0xffffffffffffffff, 0x0) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x9) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r0, 0x0) syz_mount_image$squashfs(&(0x7f00000000c0), &(0x7f0000001800)='./file0/file0\x00', 0x8000, &(0x7f0000001c80)=ANY=[@ANYRESOCT, @ANYRES16, @ANYRES16=r0, @ANYBLOB="a92fe8de136908e852768595aa546296821087e5b1bbc32156ada61f7c8a700880fe17c721514fd66f6d073702603f43f39d10ed62b784f0ea603a459b42f61a2174a30374bec0296612104179832730d5741398231d9ffd1e9995a06bb5ada99b9f2d4a71c519a6dea2485a8ef6042e0d96839465522c03ac9b1e3e4be07bd09a1568add843860228063e6e4a59adc27ad98e26260605e1df1bd5e5dcc1735af362ce57237d4455a267daeea0b2368f8c69ed577f4849d608dcd60b0dabe1d6dada51feb6b1751dfa136da4ab1a73a25bcfba9ba846676558290f27b2a256c2257003da000000d61533a6ab986cfadf588ec2dc99f5edc40ea5cc07e51eb2c26a8219f10aa9e6b6909d4e106869ec7b9e5a42aa4c0908989c703717859913fb85ef6fc6eb431fdcb4ca79c9711baf28bf29ec4fdb34aec3bdb179629065da62053498f3d4f31e4abc69984f4a247e2b6988c2883d78b697fcf58789ec894120b016231f1801bcfd1997e60d83cd8894ffca7912ff6b4672155034131652d7c4c4830b886a0e6dbcd1c4cd84c3fd1eb2550706c53cf08202070d1d426c8f2670d07787c727354943e62be63c3bdce0ccd2f833c5dbb55c80b62bb9865b9572ae8f1a9d89ddbbe64c2a83c514a20230490369e0cd18d3b62d7966ff7dcf87c45354aa00c380f29514a7ba1b0d0d1aa0361f3035c4bb8527394a8954048c16b865c7ee9c200b0f0a376f498489f59abf78ae380a9f9bb7243633e9", @ANYRES16, @ANYRESHEX, @ANYRES16=0x0, @ANYRESOCT, @ANYRESDEC=r0, @ANYRES32, @ANYBLOB="7abec0c9fe6122a21412c614e430852e2aeca68b448de7997ff79fc0b70e66252aa21d9d07f1cf", @ANYRESDEC], 0x10, 0x1d2, &(0x7f0000000e80)="$eJzsVb3OEkEUPXcZWFATsLWVCJXA2vgCRh7AB5As609c/9hNFEKx2tBYGF+CxKew0GhvYYyJDRaaaIElidHMzJ1lgC38gfh9yZyE3HPPnXtn7uwwcyO5n/gAfiynIRpQIJzCByIIAC3S2qqi7Xe2PxmfhfZ7rD9n+4ltMp68faLp5NYgjqNRMi4gGMShHoWYCCgaw6S+oxRW/Hvy5vGmQtgm+5vr30ha4i3bCT3dUPyiMZyL/97F/khpux3PnKkv+56rfOnQ7QC5Qr+R9f6ZbvWofIsDEe+PshLw9ZVcfuThm3LeLaehJFf5FpPaUP/MX0KNkc5LHznOCCADPHuMULcl0ALQSW/f67ziay+6Ht0JAmTd1yf5BEbdzrWbcdQlaxmqllhPIWerWfEygI/reAYLZC1f4gRAdq5ciLmc22etxJruweTaNXTdF3kN073ciis4hyqAB5kMB6w2IasJqNb6IJyuQzk9wdupP8AKHqoqcD68Gw9nIJBJm0PkNXoLlKVDGRAF7KjIhYtVs8QZ2ybbPts52wVb83aZN0lksvOv7LUzoIKHgzQdqcdLs1wLci1o5Bvv8azmNSSzEh8ODg4ODg4ODscEvwIAAP//dCtE4A==") r1 = openat(0xffffffffffffff9c, &(0x7f0000000980)='./file1\x00', 0x42, 0xc2) pwrite64(r1, &(0x7f0000000080)="cc", 0x1, 0x200980) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(r2, 0x6611) 2.321030609s ago: executing program 6 (id=389): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x44000}, 0x20040844) syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="040e04d64020"], 0x7) 2.235917787s ago: executing program 4 (id=390): unshare(0x2040400) pipe2(&(0x7f0000001440)={0xffffffffffffffff}, 0x0) r1 = getpgrp(0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f00000000c0)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r3 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000001f40)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r6 = openat$cgroup_subtree(r5, &(0x7f0000000200), 0x2, 0x0) write$cgroup_subtree(r6, &(0x7f0000000080)={[{0x2b, 'cpu'}]}, 0x5) sync_file_range(r0, 0x100, 0x6, 0x4) 2.152010544s ago: executing program 6 (id=391): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000280)=[@increfs], 0x0, 0x0, 0x0}) openat2(r2, 0x0, 0x0, 0x0) 388.007215ms ago: executing program 4 (id=392): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f00000000c0), 0xf9, 0x577, &(0x7f00000017c0)="$eJzs3c9rHFUcAPDvbJI2/aFJoRT1IIEerNRumsQfFTzUk4gWC3qvS7INJZtuyW5KEwu2B3vxIkUQsSB69+6x+A/4VxS0UKQEPXiJzGY2XZPZJLtNmjT7+cC0782bzXtv33zfvtnZZQPoWSPpP4WIlyPimyRiqKWsP7LCkZXjlh7fnEy3JJaXP/0riSTb1zw+yf4/kmVeiojfvoo4XVhfb21hcaZUqZTnsvxoffbaaG1h8cyV2dJ0ebp8dXxi4txbE+PvvvP2tvX19Yv/fP/J/Q/PfX1y6btfHh67m8T5OJqVtfZjMwfbF91qzYzESPacDMT5NQeOddLw50Cy2w2gK31ZnA9EOgcMRV8W9bmWh55l04Ad9mUa1kCPSsQ/9KjmOqB5bd/JdfB+8Oj9lQug9f3vX3lvJAYb10aHl5L/XRml17vD21B/Wsevf967m27R7n2IDd5wAOjWrdsRcba/f/38l2TzX/fObuGYtXX02usP7Kb76frnjbz1T2F1/RM5658jObHbjc3jv/BwG6ppK13/vZe7/l29aTXcl+VeaKz5BpLLVyrldG57MSJOxcDBND8WER/k3wT5vLD0YLld/a3rv3RL62+uBbN2POxfs/6bKtVLT9/zFY9uR7ySu/5NVsc/yRn/9Pm4uMU6TpTvvdqubPP+76zlnyJeyx3/J4OZbHx/crRxPow2z4r1/r5z4vd29e92/9PxP7xx/4eT1vu1tc7r+HHw33K7sm7P/wPJZ430gWzfjVK9PjcWcSD5eP3+8SePbeabx6f9P3Vy4/kv7/w/lAb2Fvt/5/id1kMHO+v/zkr7P9XR+HeeePDRFz+0q39r4/9mI3Uq27OV+W+rDXya5w4AAAAAAAD2mkJEHI2kUFxNFwrF4srnO47H4UKlWqufvlydvzoVje/KDsdAoXmne6jl8xBj2edhm/nxNfmJiDgWEd/2HWrki5PVytRudx4AAAAAAAAAAAAAAAAAAAD2iCMRg3nf/0/90Zf/mDa7gefRBj/5Dexz7eM/K9mOX3oC9iSv/9C7xD/0LvEPvUv8Q+8S/9C7xD/0LvEPvauT+P/5wg42BAAAAAAAAAAAAAAAAAAAAAAAAAAAAPaHixcupNvy0uObk2l+6vrC/Ez1+pmpcm2mODs/WZyszl0rTler05VycbI6u9nfq1Sr18bGY/7GaL1cq4/WFhYvzVbnr9YvXZktTZcvlQeeSa8AAAAAAAAAAAAAAAAAAADg+VJbWJwpVSrlOQmJrhL9e6MZezBR2BvN6DKx2zMTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADzxXwAAAP//nz064Q==") quotactl$Q_QUOTAON(0xffffffff80000201, &(0x7f0000000180)=@loop={'/dev/loop', 0x0}, 0x0, 0x0) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x9) signalfd(0xffffffffffffffff, &(0x7f00000006c0), 0x8) mount$9p_fd(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000100), 0x0, &(0x7f0000000440)=ANY=[]) syz_io_uring_setup(0x3c5f, 0x0, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) getpid() prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="380000001800290200000800000080028008000000b1e7366c9bbd9508b00dbbb8bfb5215f53308d0de8fd9ea5981f020500000000000000c33bc58a09da9c080000000000000044bac79c4d23c81700"/94, @ANYRES32=0x0], 0x38}}, 0x0) syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000300)='./file1\x00', 0x8, &(0x7f0000000080)={[{@sb={'sb', 0x3d, 0x1}}, {@grpquota}]}, 0x4, 0x511, &(0x7f0000000540)="$eJzs3cFvVE8dAPDv23Zp6a/8CspBjQoiioawbRdoCBfhojGExEg8eYDaLk3TXbbpLpFWDuXonUQST/onePNgwsmDN29684IHE1SioSYe1ry327K023b9dduF7ueTvL43M8t+Z7rMzL6B3QlgYJ2PiPWIOBERDyJiopWftI641TzSx71983Ru483TuSQajXv/SLLyNC/a/kzqk9ZzjkbED78X8ZNkZ9za6trSbLlcWmmlJ+uV5cna6tqVxVwrpzgzPTN14+r1Ys/aeq7ym9ffXbzzo9/99iuv/rj+7Z+l1Rr/+amsrL0dvdRsej7G2/KGI+LOYQTrk+HW3x8+Pmlv+1xEXMj6/0QMZa8mAHCcNRoT0ZhoTwMAx116/z8eSa7QWgsYj1yuUGiu4Z2NsVy5Wqtfnqg+fjQf2RrW6cjnHi6WS1OttcLTkU/S9HR2/S5dfC/9vHQ1Is5ExPORk1l5Ya5anu/nGx8AGGCfbJv//z3SnP8BgGNutN8VAACOnPkfAAaP+R8ABs//Mf/7dCAAHBPu/wFg8Jj/AWDw7Dv/PzuaegAAR+IHd++mR2Oj+f3Xm9/UfWW+VFsqVB7PFeaqK8uFhWp1oVwqzDUa+z1fuVpdnr62laytrt2vVB8/qt9frMwulO6X8ofZGACgK2fOvfxzOumv3zyZHdG2l4O5Go63XL8rAPTNUL8rAPSNz/PA4OriHt8yABxzHbbofc+u/0Xohc1f4WN16YvW/2FQHWT939oBfNw+2/r/d3peD+DomcNhcDUaiT3/AWDAWOMHDvTv/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADCgxrMjyRWyvcDX05+5QiHiVEScjnzycLFcmoqITyPiTyP5kTQ93e9KAwAHlPtb0tr/69LExfHtpSeS/4xk54j46S/v/eLJbL2+Mp3m/3Mrv/4izT9ZXyme6EcDAIB2t3ZmZfN3sXVuu5F/++bp3OZxlFV8fbu5uWgad6N1NEuGYzg7j0Y+Isb+lbTSTen7laEexF9/FhFf2Gz/aDxpizCerYE0dz7dHj+Nfarn8dt//9vj595rby4rS8/57Hfx+R7UBQbNy9vNcbLV99Iu3up/uTifnTv3/9FshDq4dPxL+/XGjvEvtzX+De2In2R9/vxWeu+avL72++/vyGxMNMueRXxpuFP8ZCt+0nn8zV/sso1/+fJXL+xW1vhVxKWO7d/ckbqSDbOT9cryZG117cpiZXahtFB6VCzOTM9M3bh6vTiZrVE3f/6hU4y/37z86W7x0/aP7RJ/dO/2xze6bP+v//vgx1/bI/63vt759T+7R/x0Tvxml/Fnx27tun13Gn9+l/bv8/rH5S7jv/rr2nyXDwUAjkBtdW1ptlwurexzkb7X3O8xLrq/SO/tP4BqZBexHtGrJ8wWJSKi42PSd9QfRpMP6yL5MKrRi4t+j0zAYXvX6ftdEwAAAAAAAAAAAAAAYDe11bWlkc6f1urZRb/bCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwPH1vwAAAP//tBrD+w==") 200.102702ms ago: executing program 6 (id=393): mkdirat(0xffffffffffffff9c, &(0x7f0000002000)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f00000005c0)=ANY=[@ANYBLOB="1500000065ffff0010002d08003950323030302e75"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18, 0x0, 0x0, {0x2}}, 0x18) write$FUSE_INIT(r2, &(0x7f0000000280)={0x50, 0x0, 0x0, {0x7, 0x21, 0x0, 0x0, 0xfff9, 0x1000, 0x0, 0x7, 0x0, 0x0, 0x20, 0x8}}, 0x50) mount$9p_fd(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000080), 0x4000, &(0x7f0000000440)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@aname={'aname', 0x3d, '\x00\x00\x00\x00\x00\x00\x00\x01\xf8B\x05%GN\x05P\xf7\x8a\x8dkp\"\x15\xae\x00f*BH\x04\xdf\x93!\x1eP\xfb\xd8\xc9%\xb1\xbe\xa4\xaf\x1f\x9c\x8d\xfa2<\x81\xc7\x1a\xe0B\xa5\x8f\xdc\x102Q#\xfd\xb3\xec\xbc\x80\xbaN\x13j<\xe0\x8e\xca\xe7\v\x9f\xd0\xb8\xe6\xaf2\n\x8f<\xc0c\xbfU@\xa0\x15\v\xa7t6\xc4\a\xc1\x0f3\xfd\x8c\xbd\x1a\xfc\xbc\x88\x8cn\x9f\xb1\xa3\xa4\xdb\xa3\a\xe7J\x02\xc8y\x85E\x10\xfa\xeaN0\x06\xe3\x9fA\x9c\x1dd\x1a4Xr\v9\x92\xd3\xb0)\nk\xa7'}}]}}) 39.748837ms ago: executing program 6 (id=394): msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88)={{0x1, 0x0, 0x0, 0x0, 0x0, 0x80}, 0x0, 0x0, 0x6b, 0x0, 0x0, 0x0, 0x5}) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x80000) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) pipe2(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x84000) tee(r0, r2, 0xfffffffffffffc01, 0x0) tee(r0, r2, 0x60000000000, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) 0s ago: executing program 0 (id=395): unshare(0x2040400) gettid() timer_create(0x0, 0x0, &(0x7f0000bbdffc)) r0 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r0, &(0x7f0000000440), 0x10) listen(r0, 0xf) accept4$unix(r0, 0x0, 0x0, 0x0) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.50' (ED25519) to the list of known hosts. [ 72.262237][ T5759] cgroup: Unknown subsys name 'net' [ 72.455896][ T5759] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 74.081465][ T5759] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 75.895329][ T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 75.915717][ T5784] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 75.923517][ T5784] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 75.931614][ T51] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 75.931872][ T5784] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 75.939037][ T5782] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 75.954538][ T5782] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 75.954586][ T5787] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 75.961843][ T5786] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 75.970540][ T5787] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 75.985976][ T5786] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 75.991527][ T5787] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 75.993251][ T5782] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 76.000826][ T5787] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 76.009805][ T5786] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 76.017847][ T5787] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 76.024892][ T5786] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 76.030810][ T5787] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 76.037016][ T5786] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 76.042955][ T5787] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 76.049959][ T5786] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 76.062010][ T5787] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 76.070975][ T5787] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 76.079402][ T5779] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 76.531159][ T5769] chnl_net:caif_netlink_parms(): no params data found [ 76.686783][ T5771] chnl_net:caif_netlink_parms(): no params data found [ 76.698558][ T5772] chnl_net:caif_netlink_parms(): no params data found [ 76.776486][ T5769] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.785482][ T5769] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.794101][ T5769] bridge_slave_0: entered allmulticast mode [ 76.801729][ T5769] bridge_slave_0: entered promiscuous mode [ 76.831330][ T5769] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.838590][ T5769] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.845907][ T5769] bridge_slave_1: entered allmulticast mode [ 76.854428][ T5769] bridge_slave_1: entered promiscuous mode [ 76.901289][ T5770] chnl_net:caif_netlink_parms(): no params data found [ 76.971453][ T5771] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.978812][ T5771] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.985993][ T5771] bridge_slave_0: entered allmulticast mode [ 76.994380][ T5771] bridge_slave_0: entered promiscuous mode [ 77.004687][ T5769] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 77.017195][ T5769] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 77.033747][ T5772] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.041192][ T5772] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.048442][ T5772] bridge_slave_0: entered allmulticast mode [ 77.055317][ T5772] bridge_slave_0: entered promiscuous mode [ 77.063492][ T5771] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.070889][ T5771] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.078217][ T5771] bridge_slave_1: entered allmulticast mode [ 77.085593][ T5771] bridge_slave_1: entered promiscuous mode [ 77.135504][ T5772] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.142694][ T5772] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.150147][ T5772] bridge_slave_1: entered allmulticast mode [ 77.157627][ T5772] bridge_slave_1: entered promiscuous mode [ 77.180388][ T5769] team0: Port device team_slave_0 added [ 77.217695][ T5769] team0: Port device team_slave_1 added [ 77.254693][ T5771] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 77.268702][ T5771] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 77.303598][ T5772] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 77.316179][ T5772] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 77.350843][ T5770] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.358218][ T5770] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.365548][ T5770] bridge_slave_0: entered allmulticast mode [ 77.373420][ T5770] bridge_slave_0: entered promiscuous mode [ 77.403605][ T5769] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 77.410771][ T5769] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 77.436910][ T5769] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 77.455851][ T5770] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.463531][ T5770] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.471831][ T5770] bridge_slave_1: entered allmulticast mode [ 77.478978][ T5770] bridge_slave_1: entered promiscuous mode [ 77.498654][ T5771] team0: Port device team_slave_0 added [ 77.508451][ T5772] team0: Port device team_slave_0 added [ 77.514976][ T5769] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 77.522064][ T5769] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 77.548322][ T5769] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 77.578788][ T5771] team0: Port device team_slave_1 added [ 77.586429][ T5772] team0: Port device team_slave_1 added [ 77.618809][ T5772] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 77.625821][ T5772] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 77.652176][ T5772] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 77.702184][ T5772] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 77.709828][ T5772] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 77.736584][ T5772] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 77.751086][ T5770] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 77.763591][ T5770] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 77.773614][ T5771] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 77.780634][ T5771] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 77.806678][ T5771] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 77.819363][ T5771] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 77.826372][ T5771] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 77.852396][ T5771] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 77.909115][ T5770] team0: Port device team_slave_0 added [ 77.918078][ T5770] team0: Port device team_slave_1 added [ 77.941680][ T5769] hsr_slave_0: entered promiscuous mode [ 77.948379][ T5769] hsr_slave_1: entered promiscuous mode [ 78.007375][ T5770] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.014377][ T5770] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.040698][ T5770] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.067328][ T5771] hsr_slave_0: entered promiscuous mode [ 78.074010][ T5771] hsr_slave_1: entered promiscuous mode [ 78.080665][ T5771] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 78.088665][ T5771] Cannot create hsr debugfs directory [ 78.107925][ T5770] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.114931][ T5770] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.141943][ T5787] Bluetooth: hci1: command tx timeout [ 78.143138][ T5770] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.148701][ T5787] Bluetooth: hci0: command tx timeout [ 78.163754][ T5787] Bluetooth: hci3: command tx timeout [ 78.169309][ T5786] Bluetooth: hci2: command tx timeout [ 78.197449][ T5772] hsr_slave_0: entered promiscuous mode [ 78.204144][ T5772] hsr_slave_1: entered promiscuous mode [ 78.210855][ T5772] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 78.219219][ T5772] Cannot create hsr debugfs directory [ 78.365933][ T5770] hsr_slave_0: entered promiscuous mode [ 78.372763][ T5770] hsr_slave_1: entered promiscuous mode [ 78.380449][ T5770] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 78.388356][ T5770] Cannot create hsr debugfs directory [ 78.682049][ T5769] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 78.701181][ T5769] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 78.724036][ T5769] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 78.734727][ T5769] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 78.814316][ T5772] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 78.838344][ T5772] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 78.866325][ T5772] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 78.878160][ T5772] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 78.937393][ T5771] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 78.951455][ T5771] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 78.973648][ T5771] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 78.984823][ T5771] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 79.069277][ T5770] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 79.081361][ T5770] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 79.092760][ T5770] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 79.109455][ T5770] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 79.192373][ T5769] 8021q: adding VLAN 0 to HW filter on device bond0 [ 79.251707][ T5769] 8021q: adding VLAN 0 to HW filter on device team0 [ 79.285739][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.293185][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 79.323383][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.330577][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 79.365714][ T5772] 8021q: adding VLAN 0 to HW filter on device bond0 [ 79.435590][ T5771] 8021q: adding VLAN 0 to HW filter on device bond0 [ 79.464684][ T5772] 8021q: adding VLAN 0 to HW filter on device team0 [ 79.499315][ T5770] 8021q: adding VLAN 0 to HW filter on device bond0 [ 79.529759][ T5771] 8021q: adding VLAN 0 to HW filter on device team0 [ 79.543725][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.551051][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 79.595518][ T5770] 8021q: adding VLAN 0 to HW filter on device team0 [ 79.610662][ T2985] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.617990][ T2985] bridge0: port 2(bridge_slave_1) entered forwarding state [ 79.634781][ T2985] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.641945][ T2985] bridge0: port 1(bridge_slave_0) entered forwarding state [ 79.659100][ T3485] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.666588][ T3485] bridge0: port 2(bridge_slave_1) entered forwarding state [ 79.704359][ T77] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.711598][ T77] bridge0: port 1(bridge_slave_0) entered forwarding state [ 79.753179][ T77] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.760391][ T77] bridge0: port 2(bridge_slave_1) entered forwarding state [ 79.878837][ T5772] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 79.963766][ T5769] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 80.109736][ T5769] veth0_vlan: entered promiscuous mode [ 80.143252][ T5769] veth1_vlan: entered promiscuous mode [ 80.217522][ T5786] Bluetooth: hci2: command tx timeout [ 80.222792][ T5787] Bluetooth: hci3: command tx timeout [ 80.223083][ T5786] Bluetooth: hci0: command tx timeout [ 80.228578][ T5787] Bluetooth: hci1: command tx timeout [ 80.259253][ T5769] veth0_macvtap: entered promiscuous mode [ 80.299595][ T5769] veth1_macvtap: entered promiscuous mode [ 80.387863][ T5769] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 80.404763][ T5772] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 80.415029][ T5769] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 80.442520][ T5771] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 80.461712][ T5769] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.470788][ T5769] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.479846][ T5769] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.488697][ T5769] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.536051][ T5770] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 80.608587][ T5772] veth0_vlan: entered promiscuous mode [ 80.644820][ T5771] veth0_vlan: entered promiscuous mode [ 80.663701][ T5771] veth1_vlan: entered promiscuous mode [ 80.694450][ T5772] veth1_vlan: entered promiscuous mode [ 80.718559][ T2973] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 80.741102][ T2973] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 80.797027][ T3485] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 80.804918][ T3485] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 80.814874][ T5770] veth0_vlan: entered promiscuous mode [ 80.843656][ T5771] veth0_macvtap: entered promiscuous mode [ 80.884062][ T5770] veth1_vlan: entered promiscuous mode [ 80.899720][ T5771] veth1_macvtap: entered promiscuous mode [ 80.935308][ T5771] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 80.948886][ T5771] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 80.961466][ T5771] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 80.981374][ T5771] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 80.992850][ T5771] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 81.005270][ T5771] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 81.024919][ T5772] veth0_macvtap: entered promiscuous mode [ 81.048107][ T5771] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.059381][ T5771] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.070215][ T5771] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.079291][ T5771] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.093864][ T5772] veth1_macvtap: entered promiscuous mode [ 81.154439][ T5770] veth0_macvtap: entered promiscuous mode [ 81.167015][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 81.177631][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 81.352346][ T5770] veth1_macvtap: entered promiscuous mode [ 81.414932][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 81.436000][ T5861] Invalid ELF header type: 3 != 1 [ 81.507333][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 81.539397][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 81.553944][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 81.565198][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 81.592429][ T5770] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 81.663472][ T5772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 81.681038][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 81.724736][ T5772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 81.781913][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 81.789802][ T5772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 81.851353][ T5772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 81.883794][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 81.908708][ T5772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 82.026972][ T5772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.059992][ T5772] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 82.092737][ T5772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 82.126802][ T5772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.171030][ T5772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 82.206809][ T5772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.239231][ T5772] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 82.297055][ T5786] Bluetooth: hci1: command tx timeout [ 82.302541][ T5786] Bluetooth: hci0: command tx timeout [ 82.309370][ T5786] Bluetooth: hci3: command tx timeout [ 82.314861][ T5786] Bluetooth: hci2: command tx timeout [ 82.343435][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 82.391541][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.432012][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 82.442588][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.452897][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 82.463480][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.475916][ T5770] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 82.539104][ T5772] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.566821][ T5772] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.575609][ T5772] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.600121][ T5772] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.650807][ T5770] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.677790][ T5770] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.686597][ T5770] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.696204][ T5770] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.737592][ T2985] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 82.745496][ T2985] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 82.836074][ T2985] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 82.847237][ T2985] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.038782][ T77] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.056073][ T77] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.194412][ T5874] syz.1.2[5874]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 83.216223][ T3551] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.241631][ T3551] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.298959][ T5874] loop1: detected capacity change from 0 to 2048 [ 83.335560][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.361972][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.369783][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 83.378528][ T0] NOHZ tick-stop error: local softirq work is pending, handler #210!!! [ 83.406461][ T2985] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.429120][ T2985] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.462729][ T5874] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 83.587913][ T5874] EXT4-fs error (device loop1): ext4_find_dest_de:2115: inode #2: block 16: comm syz.1.2: bad entry in directory: directory entry overrun - offset=128, inode=18, rec_len=1920, size=2036 fake=0 [ 83.755912][ T5771] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 84.377109][ T5779] Bluetooth: hci2: command tx timeout [ 84.382753][ T5779] Bluetooth: hci3: command tx timeout [ 84.391813][ T5779] Bluetooth: hci0: command tx timeout [ 84.397455][ T5779] Bluetooth: hci1: command tx timeout [ 85.510728][ T5891] loop3: detected capacity change from 0 to 1024 [ 85.606357][ T5891] hfsplus: invalid length 32517 has been corrected to 255 [ 86.526556][ T5905] cgroup: release_agent respecified [ 86.587606][ T3476] hfsplus: b-tree write err: -5, ino 4 [ 86.667187][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 87.002561][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 87.632122][ T23] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 87.846889][ T23] usb 1-1: Using ep0 maxpacket: 16 [ 87.903947][ T23] usb 1-1: config 0 interface 0 altsetting 16 endpoint 0x81 has an invalid bInterval 249, changing to 11 [ 87.966805][ T23] usb 1-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid maxpacket 41212, setting to 1024 [ 88.011056][ T23] usb 1-1: config 0 interface 0 altsetting 16 has 1 endpoint descriptor, different from the interface descriptor's value: 28 [ 88.178149][ T23] usb 1-1: config 0 interface 0 has no altsetting 0 [ 88.184944][ T23] usb 1-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 88.195692][ T23] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 88.232987][ T23] usb 1-1: config 0 descriptor?? [ 88.301636][ T5916] "syz.2.17" (5916) uses obsolete ecb(arc4) skcipher [ 88.313931][ T5916] trusted_key: syz.2.17 sent an empty control message without MSG_MORE. [ 88.991121][ T23] usb 1-1: USB disconnect, device number 2 [ 90.089299][ T23] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 90.126689][ C0] sched: RT throttling activated [ 90.256845][ T23] usb 3-1: device descriptor read/64, error -71 [ 92.143282][ T1968] cfg80211: failed to load regulatory.db [ 92.211713][ T23] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 92.406795][ T23] usb 3-1: device descriptor read/64, error -71 [ 92.539334][ T23] usb usb3-port1: attempt power cycle [ 92.792507][ T5938] loop3: detected capacity change from 0 to 1024 [ 92.821742][ T5938] hfsplus: invalid length 32517 has been corrected to 255 [ 92.946811][ T23] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 92.988020][ T23] usb 3-1: device descriptor read/8, error -71 [ 94.195478][ T12] hfsplus: b-tree write err: -5, ino 4 [ 94.505404][ T5953] Invalid ELF header type: 3 != 1 [ 95.719210][ T5956] loop0: detected capacity change from 0 to 2048 [ 96.155250][ T5956] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 96.289903][ T5956] EXT4-fs error (device loop0): ext4_find_dest_de:2115: inode #2: block 16: comm syz.0.31: bad entry in directory: directory entry overrun - offset=128, inode=18, rec_len=1920, size=2036 fake=0 [ 96.356785][ T5968] EXT4-fs error (device loop0): ext4_validate_block_bitmap:421: comm ext4lazyinit: bg 0: bad block bitmap checksum [ 96.431005][ T5772] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 96.473859][ T5973] loop2: detected capacity change from 0 to 512 [ 96.520154][ T5973] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 96.527781][ T5973] IPv6: NLM_F_CREATE should be set when creating new route [ 96.577826][ T5975] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 96.608526][ T5976] netlink: 4 bytes leftover after parsing attributes in process `syz.2.35'. [ 96.831161][ T5982] loop1: detected capacity change from 0 to 1024 [ 96.879296][ T5982] hfsplus: invalid length 32517 has been corrected to 255 [ 97.712542][ T3485] hfsplus: b-tree write err: -5, ino 4 [ 97.814524][ T5994] Invalid ELF header type: 3 != 1 [ 98.471653][ T5996] netlink: 12 bytes leftover after parsing attributes in process `syz.3.44'. [ 98.488843][ T6000] loop1: detected capacity change from 0 to 8 [ 98.525888][ T6000] SQUASHFS error: Failed to read block 0x6de: -5 [ 98.554221][ T6000] SQUASHFS error: Unable to read metadata cache entry [6dc] [ 98.730700][ T6000] SQUASHFS error: Failed to read block 0x63a: -5 [ 98.739024][ T6000] SQUASHFS error: Unable to read metadata cache entry [638] [ 98.746487][ T6000] SQUASHFS error: Unable to read directory block [26067d:ffff] [ 101.148637][ T6009] netlink: 'syz.3.46': attribute type 4 has an invalid length. [ 101.176742][ T6009] netlink: 17 bytes leftover after parsing attributes in process `syz.3.46'. [ 101.754673][ T6021] loop3: detected capacity change from 0 to 1024 [ 102.035171][ T6021] hfsplus: invalid length 32517 has been corrected to 255 [ 102.384459][ T3508] hfsplus: b-tree write err: -5, ino 4 [ 102.695617][ T6030] loop1: detected capacity change from 0 to 1024 [ 102.706409][ T6030] hfsplus: unable to parse mount options [ 102.802798][ T6033] Invalid ELF header type: 3 != 1 [ 108.121783][ T6051] loop1: detected capacity change from 0 to 1024 [ 108.155571][ T6051] hfsplus: invalid length 32517 has been corrected to 255 [ 108.439098][ T6053] loop0: detected capacity change from 0 to 1024 [ 108.469030][ T6053] EXT4-fs: inline encryption not supported [ 108.524181][ T6053] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (52289!=20869) [ 108.577146][ T6053] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 108.588162][ T3551] hfsplus: b-tree write err: -5, ino 4 [ 108.622179][ T6053] EXT4-fs (loop0): invalid journal inode [ 108.647117][ T6053] EXT4-fs (loop0): can't get journal size [ 108.690755][ T6053] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 109.087891][ T6060] Invalid ELF header type: 3 != 1 [ 109.914397][ T5772] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 110.747976][ T6076] loop1: detected capacity change from 0 to 2048 [ 110.793273][ T6076] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 110.815984][ T6077] loop3: detected capacity change from 0 to 2364 [ 110.838992][ T6077] ======================================================= [ 110.838992][ T6077] WARNING: The mand mount option has been deprecated and [ 110.838992][ T6077] and is ignored by this kernel. Remove the mand [ 110.838992][ T6077] option from the mount to silence this warning. [ 110.838992][ T6077] ======================================================= [ 112.095378][ T6087] loop0: detected capacity change from 0 to 1024 [ 112.155308][ T6087] hfsplus: invalid length 32517 has been corrected to 255 [ 112.569156][ T6096] Invalid ELF header type: 3 != 1 [ 113.566703][ T3508] hfsplus: b-tree write err: -5, ino 4 [ 114.028755][ T6085] loop2: detected capacity change from 0 to 128 [ 114.037915][ T6085] FAT-fs (loop2): Unrecognized mount option "nonUmtail=0" or missing value [ 115.072572][ T5788] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 115.340594][ T6119] Invalid ELF header magic: != ELF [ 117.346919][ T6135] loop0: detected capacity change from 0 to 1024 [ 117.377650][ T6135] hfsplus: invalid length 32517 has been corrected to 255 [ 119.399045][ T3508] hfsplus: b-tree write err: -5, ino 4 [ 119.487587][ T6146] Invalid ELF header type: 3 != 1 [ 120.481265][ T6150] loop0: detected capacity change from 0 to 128 [ 120.652051][ T6150] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 120.691047][ T6153] loop1: detected capacity change from 0 to 512 [ 120.713350][ T6150] ext4 filesystem being mounted at /19/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 120.749674][ T6153] EXT4-fs: Ignoring removed nobh option [ 120.812379][ T6153] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -13 [ 120.855760][ T6153] EXT4-fs error (device loop1): ext4_clear_blocks:883: inode #13: comm syz.1.91: attempt to clear invalid blocks 1 len 1 [ 120.859626][ T5772] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 120.914581][ T6153] EXT4-fs (loop1): Remounting filesystem read-only [ 120.945216][ T6153] EXT4-fs (loop1): 1 truncate cleaned up [ 120.986304][ T6153] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 121.177104][ T5771] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 122.638030][ T6169] loop1: detected capacity change from 0 to 1024 [ 122.650293][ T6169] EXT4-fs: inline encryption not supported [ 122.672272][ T6169] EXT4-fs: inline encryption not supported [ 122.689593][ T6169] EXT4-fs: Ignoring removed oldalloc option [ 122.706076][ T6169] EXT4-fs: Ignoring removed nobh option [ 122.718433][ T6169] EXT4-fs: Ignoring removed bh option [ 122.724640][ T6169] ext4: Unknown parameter 'seclabel' [ 123.674056][ T6181] loop0: detected capacity change from 0 to 512 [ 123.765048][ T6181] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 124.566550][ T6188] syz.1.101: attempt to access beyond end of device [ 124.566550][ T6188] loop3: rw=0, sector=0, nr_sectors = 1 limit=0 [ 124.579390][ T6188] FAT-fs (loop3): unable to read boot sector [ 125.543541][ T6181] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 125.563189][ T6181] ext4 filesystem being mounted at /23/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 125.636829][ T6181] Zero length message leads to an empty skb [ 125.644344][ T27] audit: type=1800 audit(1767066724.468:2): pid=6181 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.99" name="D" dev="loop0" ino=18 res=0 errno=0 [ 126.636282][ T5772] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 126.980297][ T6206] loop2: detected capacity change from 0 to 128 [ 127.178936][ T6206] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 127.228456][ T6206] ext4 filesystem being mounted at /25/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 127.906844][ T6217] loop0: detected capacity change from 0 to 16 [ 127.963987][ T6206] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:478: comm syz.2.108: Invalid block bitmap block 0 in block_group 0 [ 128.022211][ T6217] erofs: (device loop0): mounted with root inode @ nid 36. [ 128.051822][ T6206] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:478: comm syz.2.108: Invalid block bitmap block 0 in block_group 0 [ 128.115288][ T6206] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:478: comm syz.2.108: Invalid block bitmap block 0 in block_group 0 [ 128.388243][ T6212] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:478: comm ext4lazyinit: Invalid block bitmap block 0 in block_group 0 [ 128.845758][ T5770] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 129.080963][ T6224] netlink: 552 bytes leftover after parsing attributes in process `syz.2.113'. [ 129.094217][ T6224] netlink: 16 bytes leftover after parsing attributes in process `syz.2.113'. [ 132.631361][ T6238] loop2: detected capacity change from 0 to 512 [ 132.666896][ T6238] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 132.709831][ T6238] EXT4-fs (loop2): invalid journal inode [ 132.780972][ T6238] futex_wake_op: syz.2.119 tries to shift op by -1; fix this program [ 132.862717][ T1276] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.878222][ T1276] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.029504][ T6244] loop2: detected capacity change from 0 to 1024 [ 133.314606][ T6244] sockfs: Unknown parameter '+[' [ 133.397263][ T6249] loop0: detected capacity change from 0 to 256 [ 137.303180][ T6271] loop0: detected capacity change from 0 to 2048 [ 137.397018][ T6274] loop3: detected capacity change from 0 to 16 [ 138.242610][ T6274] erofs: (device loop3): mounted with root inode @ nid 36. [ 138.285456][ T6271] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 138.438441][ T6271] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 141.402919][ T6285] Bluetooth: MGMT ver 1.22 [ 144.685144][ T6305] loop3: detected capacity change from 0 to 1024 [ 146.984150][ T5781] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 147.161289][ T6303] loop3: detected capacity change from 0 to 128 [ 148.344937][ T6319] netlink: 16 bytes leftover after parsing attributes in process `syz.3.143'. [ 149.426131][ T6330] loop3: detected capacity change from 0 to 2048 [ 149.470045][ T6331] netlink: 12 bytes leftover after parsing attributes in process `syz.1.137'. [ 149.496380][ T6330] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 149.512961][ T6331] xfrm1: entered promiscuous mode [ 149.549595][ T6331] xfrm1: entered allmulticast mode [ 149.599771][ T6332] loop1: detected capacity change from 0 to 2048 [ 149.877070][ T6328] syz.1.137 (6328) used greatest stack depth: 17960 bytes left [ 150.317444][ T6340] Invalid ELF header type: 3 != 1 [ 150.749812][ T6342] loop2: detected capacity change from 0 to 512 [ 150.894885][ T6342] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 150.956422][ T6342] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 151.093584][ T6346] loop3: detected capacity change from 0 to 2048 [ 151.101628][ T6346] UDF-fs: bad mount option "0xffffffffffffffff" or missing value [ 151.159484][ T6342] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.142: invalid indirect mapped block 4294967295 (level 1) [ 151.232997][ T6342] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.142: invalid indirect mapped block 4294967295 (level 1) [ 151.260505][ T6342] EXT4-fs (loop2): 2 truncates cleaned up [ 151.270843][ T6342] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 151.337530][ T5781] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 151.417714][ T6342] EXT4-fs error (device loop2): ext4_check_dx_root:2266: inode #2: comm syz.2.142: Corrupt dir, invalid name_len for '.', running e2fsck is recommended [ 153.349635][ T5770] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 153.962376][ T6358] loop3: detected capacity change from 0 to 1024 [ 154.257422][ T6358] hfsplus: failed to extend attributes file [ 154.614050][ T6367] loop3: detected capacity change from 0 to 256 [ 154.740404][ T6369] loop2: detected capacity change from 0 to 512 [ 154.750110][ T6366] loop0: detected capacity change from 0 to 2048 [ 154.760855][ T6369] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 154.798598][ T6369] EXT4-fs (loop2): invalid journal inode [ 154.804397][ T6369] EXT4-fs (loop2): can't get journal size [ 154.857295][ T6366] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 154.875742][ T27] audit: type=1326 audit(1767066753.708:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6365 comm="syz.0.159" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f5edcd8f749 code=0x0 [ 154.885788][ T6369] EXT4-fs (loop2): 1 truncate cleaned up [ 154.957878][ T6374] EXT4-fs error (device loop0): empty_inline_dir:1857: inode #12: block 5: comm syz.0.159: bad entry in directory: directory entry overrun - offset=4, inode=13, rec_len=7952, size=60 fake=0 [ 154.999092][ T6369] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 155.026757][ T6374] EXT4-fs warning (device loop0): empty_inline_dir:1864: bad inline directory (dir #12) - inode 13, rec_len 7952, name_len 0inline size 60 [ 155.241084][ T5770] EXT4-fs error (device loop2): __ext4_iget:5067: inode #11: block 1828716567: comm syz-executor: invalid block [ 155.263246][ T5770] EXT4-fs error (device loop2): __ext4_iget:5067: inode #11: block 1828716567: comm syz-executor: invalid block [ 155.561443][ T5772] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 157.163275][ T5770] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 157.291015][ T6395] loop1: detected capacity change from 0 to 512 [ 157.321246][ T6395] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 157.351460][ T6395] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 157.438007][ T6395] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:4031: comm syz.1.168: Allocating blocks 41-42 which overlap fs metadata [ 157.463355][ T6395] Quota error (device loop1): write_blk: dquota write failed [ 157.483490][ T6395] Quota error (device loop1): find_free_dqentry: Can't write quota data block 5 [ 157.574365][ T6395] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:4031: comm syz.1.168: Allocating blocks 41-42 which overlap fs metadata [ 157.743751][ T11] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 157.809441][ T6395] Quota error (device loop1): write_blk: dquota write failed [ 157.822344][ T6395] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 157.877520][ T6395] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.168: Failed to acquire dquot type 1 [ 158.018706][ T6395] EXT4-fs error (device loop1): mb_free_blocks:1938: group 0, inode 12: block 14:freeing already freed block (bit 14); block bitmap corrupt. [ 158.147797][ T6395] EXT4-fs error (device loop1): ext4_do_update_inode:5244: inode #12: comm syz.1.168: corrupted inode contents [ 158.193258][ T6395] EXT4-fs error (device loop1): ext4_dirty_inode:6120: inode #12: comm syz.1.168: mark_inode_dirty error [ 158.257422][ T11] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 158.273602][ T6395] EXT4-fs error (device loop1): ext4_do_update_inode:5244: inode #12: comm syz.1.168: corrupted inode contents [ 158.291569][ T6395] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #12: comm syz.1.168: mark_inode_dirty error [ 158.306141][ T6395] EXT4-fs error (device loop1): ext4_do_update_inode:5244: inode #12: comm syz.1.168: corrupted inode contents [ 158.326030][ T6395] EXT4-fs error (device loop1) in ext4_orphan_del:301: Corrupt filesystem [ 158.335649][ T6395] EXT4-fs error (device loop1): ext4_do_update_inode:5244: inode #12: comm syz.1.168: corrupted inode contents [ 158.389453][ T6395] EXT4-fs error (device loop1): ext4_truncate:4294: inode #12: comm syz.1.168: mark_inode_dirty error [ 158.397037][ T9] usb 4-1: new full-speed USB device number 2 using dummy_hcd [ 158.431486][ T6395] EXT4-fs error (device loop1) in ext4_process_orphan:343: Corrupt filesystem [ 158.446299][ T11] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 158.460877][ T6395] EXT4-fs (loop1): 1 truncate cleaned up [ 158.468014][ T6395] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 158.558824][ T11] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 158.603068][ T5771] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 158.624453][ T9] usb 4-1: config 1 has an invalid interface number: 105 but max is 0 [ 158.637326][ T6405] loop0: detected capacity change from 0 to 1024 [ 158.654743][ T6405] hfsplus: invalid length 32517 has been corrected to 255 [ 158.662032][ T9] usb 4-1: config 1 has no interface number 0 [ 158.662117][ T9] usb 4-1: config 1 interface 105 has no altsetting 0 [ 158.679291][ T9] usb 4-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d [ 158.715589][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 158.754259][ T9] usb 4-1: Product: syz [ 158.768045][ T9] usb 4-1: Manufacturer: syz [ 158.786793][ T9] usb 4-1: SerialNumber: syz [ 159.479798][ T9] aqc111 4-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x20) reg index 0x0000: -71 [ 159.580369][ T9] aqc111: probe of 4-1:1.105 failed with error -71 [ 159.694647][ T9] usb 4-1: USB disconnect, device number 2 [ 159.763433][ T2973] hfsplus: b-tree write err: -5, ino 4 [ 161.035167][ T6437] warning: `syz.0.178' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 161.107418][ T5779] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 161.120218][ T5779] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 161.134255][ T5779] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 161.150173][ T5779] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 161.161000][ T5779] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 161.168850][ T5779] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 161.536042][ T6449] veth0_to_team: entered promiscuous mode [ 163.326035][ T5786] Bluetooth: hci2: command tx timeout [ 164.743235][ T6470] loop0: detected capacity change from 0 to 4096 [ 164.751003][ T6470] EXT4-fs: Ignoring removed nomblk_io_submit option [ 164.808020][ T6470] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 165.110906][ T5772] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 165.218987][ T6439] chnl_net:caif_netlink_parms(): no params data found [ 165.322116][ T6484] loop3: detected capacity change from 0 to 1024 [ 165.337046][ T5786] Bluetooth: hci2: command tx timeout [ 165.400687][ T6484] hfsplus: Filesystem was not cleanly unmounted, running fsck.hfsplus is recommended. mounting read-only. [ 165.479102][ T6484] hfsplus: filesystem was not cleanly unmounted, running fsck.hfsplus is recommended. leaving read-only. [ 165.767293][ T11] hsr_slave_0: left promiscuous mode [ 165.857034][ T11] hsr_slave_1: left promiscuous mode [ 165.874177][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 165.886751][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 165.904067][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 166.055837][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 166.184278][ T11] bridge_slave_1: left allmulticast mode [ 166.296976][ T11] bridge_slave_1: left promiscuous mode [ 166.324896][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 166.395115][ T1968] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 166.409461][ T11] bridge_slave_0: left allmulticast mode [ 166.424520][ T11] bridge_slave_0: left promiscuous mode [ 166.440749][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 166.687419][ T11] veth1_macvtap: left promiscuous mode [ 166.714118][ T11] veth0_macvtap: left promiscuous mode [ 167.215639][ T11] veth1_vlan: left promiscuous mode [ 167.226751][ T11] veth0_vlan: left promiscuous mode [ 167.232664][ T1968] usb 4-1: unable to get BOS descriptor or descriptor too short [ 167.242980][ T1968] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 167.261628][ T1968] usb 4-1: New USB device found, idVendor=04da, idProduct=104d, bcdDevice= 0.40 [ 167.370110][ T1968] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 167.417506][ T5786] Bluetooth: hci2: command tx timeout [ 167.496500][ T1968] usb 4-1: Product: syz [ 167.501519][ T1968] usb 4-1: Manufacturer: syz [ 167.506210][ T1968] usb 4-1: SerialNumber: syz [ 167.526590][ T1968] usbhid 4-1:1.0: couldn't find an input interrupt endpoint [ 167.564725][ T6514] capability: warning: `syz.1.197' uses 32-bit capabilities (legacy support in use) [ 169.788310][ T5786] Bluetooth: hci2: command tx timeout [ 169.796425][ T8] usb 4-1: USB disconnect, device number 3 [ 170.414138][ T6536] loop0: detected capacity change from 0 to 512 [ 170.425348][ T6536] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem [ 170.441332][ T6536] EXT4-fs (loop0): invalid journal inode [ 170.449529][ T6536] EXT4-fs (loop0): can't get journal size [ 170.488285][ T6536] EXT4-fs (loop0): 1 truncate cleaned up [ 170.527465][ T6536] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 170.884025][ T6539] Bluetooth: MGMT ver 1.22 [ 171.445605][ T5772] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 172.032690][ T11] team0 (unregistering): Port device team_slave_1 removed [ 172.103026][ T11] team0 (unregistering): Port device team_slave_0 removed [ 172.150487][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 172.206143][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 173.273496][ T6553] loop0: detected capacity change from 0 to 1024 [ 173.424096][ T6555] loop3: detected capacity change from 0 to 1024 [ 173.518047][ T6557] loop0: detected capacity change from 0 to 16 [ 173.535938][ T3551] hfsplus: b-tree write err: -5, ino 4 [ 173.540475][ T6557] erofs: (device loop0): mounted with root inode @ nid 36. [ 173.566875][ T27] audit: type=1800 audit(1767067028.396:4): pid=6557 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.207" name="file1" dev="loop0" ino=86 res=0 errno=0 [ 175.771504][ T11] bond0 (unregistering): Released all slaves [ 175.916903][ T6571] loop3: detected capacity change from 0 to 512 [ 175.932954][ T6571] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 175.978352][ T6571] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 176.022258][ T6571] ext4 filesystem being mounted at /56/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 176.107546][ T6571] EXT4-fs error (device loop3): ext4_do_update_inode:5244: inode #2: comm syz.3.213: corrupted inode contents [ 176.180523][ T6571] EXT4-fs error (device loop3): ext4_dirty_inode:6120: inode #2: comm syz.3.213: mark_inode_dirty error [ 176.249726][ T6571] EXT4-fs error (device loop3): ext4_do_update_inode:5244: inode #2: comm syz.3.213: corrupted inode contents [ 176.269866][ T6530] netlink: 'syz.1.200': attribute type 4 has an invalid length. [ 176.303459][ T6571] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #2: comm syz.3.213: mark_inode_dirty error [ 176.374120][ T6532] netlink: 'syz.1.200': attribute type 4 has an invalid length. [ 176.408208][ T5769] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 176.451675][ T6439] bridge0: port 1(bridge_slave_0) entered blocking state [ 176.477301][ T6439] bridge0: port 1(bridge_slave_0) entered disabled state [ 176.484697][ T6439] bridge_slave_0: entered allmulticast mode [ 176.536584][ T6439] bridge_slave_0: entered promiscuous mode [ 176.567955][ T6439] bridge0: port 2(bridge_slave_1) entered blocking state [ 176.575291][ T6439] bridge0: port 2(bridge_slave_1) entered disabled state [ 176.613874][ T6439] bridge_slave_1: entered allmulticast mode [ 176.648475][ T6439] bridge_slave_1: entered promiscuous mode [ 176.948385][ T6439] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 177.000266][ T6439] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 177.123665][ T6439] team0: Port device team_slave_0 added [ 177.136354][ T6439] team0: Port device team_slave_1 added [ 177.924214][ T6439] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 177.971047][ T6439] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 178.028069][ T6605] loop3: detected capacity change from 0 to 2048 [ 178.152779][ T6605] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 178.165280][ T6439] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 178.260259][ T6439] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 178.323938][ T6439] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 178.561297][ T6439] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 178.827933][ T5769] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 178.922460][ T6439] hsr_slave_0: entered promiscuous mode [ 178.950016][ T6439] hsr_slave_1: entered promiscuous mode [ 178.967586][ T6439] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 178.975222][ T6439] Cannot create hsr debugfs directory [ 179.009280][ T8] usb 1-1: new full-speed USB device number 3 using dummy_hcd [ 182.874903][ T6634] loop0: detected capacity change from 0 to 512 [ 183.049089][ T6634] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 183.121632][ T6634] ext4 filesystem being mounted at /68/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 183.269397][ T5772] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 183.421585][ T6439] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 183.481175][ T6439] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 183.506251][ T6439] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 183.584893][ T6439] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 184.088079][ T6659] fuse: root generation should be zero [ 184.142454][ T6439] 8021q: adding VLAN 0 to HW filter on device bond0 [ 184.175756][ T6439] 8021q: adding VLAN 0 to HW filter on device team0 [ 184.201131][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 184.208365][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 184.229035][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 184.236190][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 185.130844][ T6439] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 186.544424][ T6704] loop3: detected capacity change from 0 to 512 [ 186.658704][ T6704] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2 [ 186.786741][ T6704] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -2 [ 186.861152][ T6439] veth0_vlan: entered promiscuous mode [ 186.875467][ T6439] veth1_vlan: entered promiscuous mode [ 186.903295][ T6439] veth0_macvtap: entered promiscuous mode [ 187.042018][ T6439] veth1_macvtap: entered promiscuous mode [ 187.069906][ T6704] EXT4-fs (loop3): 1 truncate cleaned up [ 187.094090][ T6704] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 187.137370][ T6704] EXT4-fs error (device loop3): ext4_map_blocks:608: inode #2: block 4: comm syz.3.237: lblock 0 mapped to illegal pblock 4 (length 1) [ 187.334125][ T6439] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 187.356965][ T6715] loop1: detected capacity change from 0 to 128 [ 187.392918][ T6439] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 187.403760][ T6439] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 187.421102][ T6439] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 187.432269][ T6439] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 187.445622][ T6439] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 187.463802][ T5769] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 187.489596][ T6439] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 187.581605][ T6715] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 187.627427][ T6439] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 187.704990][ T6439] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 187.716561][ T6715] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 187.776874][ T6439] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 187.817053][ T5786] Bluetooth: hci1: command tx timeout [ 187.899908][ T6439] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 187.923938][ T6439] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 187.991730][ T6439] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 188.105472][ T6439] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 188.195766][ T6439] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 188.246583][ T6439] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 188.275207][ T6439] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 188.579398][ T6439] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 189.066859][ T6737] loop1: detected capacity change from 0 to 8 [ 189.127895][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 189.258292][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 189.291269][ T6737] SQUASHFS error: lzo decompression failed, data probably corrupt [ 189.299215][ T6737] SQUASHFS error: Failed to read block 0x29f: -5 [ 189.306007][ T6737] SQUASHFS error: Unable to read metadata cache entry [29d] [ 189.442497][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 189.520822][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 189.659065][ T6745] netlink: 'syz.3.246': attribute type 12 has an invalid length. [ 189.961195][ T6750] Invalid ELF header type: 3 != 1 [ 191.622813][ T6766] loop4: detected capacity change from 0 to 16 [ 192.120727][ T6766] erofs: (device loop4): mounted with root inode @ nid 36. [ 192.643634][ T6773] loop0: detected capacity change from 0 to 2048 [ 192.789765][ T6631] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 194.170175][ T6782] loop4: detected capacity change from 0 to 512 [ 194.444935][ T1276] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.454626][ T1276] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.484503][ T6782] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 194.570997][ T6791] Invalid ELF header type: 3 != 1 [ 194.718687][ T6782] ext4 filesystem being mounted at /2/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 195.556724][ T6796] IPv6: NLM_F_REPLACE set, but no existing node found! [ 195.780945][ T6802] loop0: detected capacity change from 0 to 16 [ 195.837876][ T6802] erofs: DAX enabled. Warning: EXPERIMENTAL, use at your own risk [ 197.083843][ T6439] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 197.752956][ T6824] loop0: detected capacity change from 0 to 2048 [ 198.234206][ T6630] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 198.763415][ T6840] binder: 6838:6840 unknown command 0 [ 198.799851][ T6840] binder: 6838:6840 ioctl c0306201 200000000080 returned -22 [ 198.856864][ T6840] binder: 6838:6840 ioctl c0306201 2000000003c0 returned -14 [ 198.967030][ T787] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 199.146442][ T6847] loop3: detected capacity change from 0 to 1024 [ 199.231096][ T6849] Invalid ELF header type: 3 != 1 [ 199.678663][ T6847] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (7780!=20869) [ 199.859562][ T6847] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 199.927094][ T6847] EXT4-fs (loop3): invalid journal inode [ 199.948014][ T6847] EXT4-fs (loop3): can't get journal size [ 199.991282][ T6847] EXT4-fs error (device loop3): ext4_map_blocks:608: inode #3: block 17104912: comm syz.3.267: lblock 2 mapped to illegal pblock 17104912 (length 1) [ 200.089649][ T6847] EXT4-fs (loop3): failed to initialize system zone (-117) [ 200.130344][ T6847] EXT4-fs (loop3): mount failed [ 200.260180][ T787] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 200.466734][ T787] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 200.480232][ T787] usb 2-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00 [ 200.490795][ T787] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 200.505270][ T787] usb 2-1: config 0 descriptor?? [ 201.582484][ T5774] Bluetooth: hci3: command 0x0406 tx timeout [ 201.589917][ T5774] Bluetooth: hci0: command 0x0406 tx timeout [ 203.049334][ T787] usbhid 2-1:0.0: can't add hid device: -71 [ 203.057784][ T787] usbhid: probe of 2-1:0.0 failed with error -71 [ 203.119947][ T787] usb 2-1: USB disconnect, device number 2 [ 203.145308][ T6868] loop3: detected capacity change from 0 to 512 [ 203.262022][ T6876] loop0: detected capacity change from 0 to 512 [ 203.281051][ T6876] EXT4-fs: Ignoring removed i_version option [ 203.294547][ T6876] EXT4-fs: Ignoring removed bh option [ 203.473573][ T6868] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 203.638264][ T6882] loop1: detected capacity change from 0 to 256 [ 204.395464][ T5769] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 204.404790][ T6896] loop0: detected capacity change from 0 to 512 [ 214.431940][ T6973] loop3: detected capacity change from 0 to 512 [ 214.850934][ T6973] EXT4-fs (loop3): Test dummy encryption mode enabled [ 214.878677][ T6973] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 214.935028][ T6973] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 215.039313][ T6983] loop0: detected capacity change from 0 to 1024 [ 215.063410][ T6987] loop4: detected capacity change from 0 to 512 [ 215.098858][ T6983] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (7780!=20869) [ 215.126224][ T6973] EXT4-fs error (device loop3): ext4_orphan_get:1425: comm syz.3.294: bad orphan inode 131083 [ 215.199631][ T6983] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 215.221085][ T6987] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 215.251388][ T6973] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 215.287848][ T6983] EXT4-fs (loop0): invalid journal inode [ 215.293583][ T6983] EXT4-fs (loop0): can't get journal size [ 215.305517][ T6987] ext4 filesystem being mounted at /15/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 216.022230][ T6996] trusted_key: encrypted_key: insufficient parameters specified [ 216.100325][ T6996] loop1: detected capacity change from 0 to 164 [ 217.019090][ T6983] EXT4-fs error (device loop0): ext4_map_blocks:608: inode #3: block 17104912: comm syz.0.300: lblock 2 mapped to illegal pblock 17104912 (length 1) [ 217.139041][ T6630] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 217.150565][ T6973] fscrypt (loop3): Error allocating 'cts(cbc(aes))' transform: -4 [ 217.164896][ T6983] EXT4-fs (loop0): failed to initialize system zone (-117) [ 217.176857][ T6983] EXT4-fs (loop0): mount failed [ 217.341747][ T5769] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 217.353960][ T6439] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 218.518368][ T7013] loop1: detected capacity change from 0 to 512 [ 218.531639][ T7013] EXT4-fs: Ignoring removed bh option [ 218.554277][ T7013] EXT4-fs: Ignoring removed nobh option [ 218.592933][ T7013] EXT4-fs (loop1): orphan cleanup on readonly fs [ 218.616288][ T7013] EXT4-fs warning (device loop1): ext4_xattr_inode_get:549: inode #11: comm syz.1.302: ea_inode file size=4 entry size=6 [ 218.668643][ T7013] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2872: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 218.711605][ T7013] EXT4-fs error (device loop1): ext4_do_update_inode:5244: inode #15: comm syz.1.302: corrupted inode contents [ 218.733257][ T7013] EXT4-fs error (device loop1): ext4_dirty_inode:6120: inode #15: comm syz.1.302: mark_inode_dirty error [ 218.752162][ T7013] EXT4-fs error (device loop1): ext4_do_update_inode:5244: inode #15: comm syz.1.302: corrupted inode contents [ 218.765894][ T7013] EXT4-fs error (device loop1): ext4_xattr_delete_inode:3017: inode #15: comm syz.1.302: mark_inode_dirty error [ 218.784427][ T7013] EXT4-fs error (device loop1): ext4_xattr_delete_inode:3020: inode #15: comm syz.1.302: mark inode dirty (error -117) [ 218.814973][ T7013] EXT4-fs warning (device loop1): ext4_evict_inode:272: xattr delete (err -117) [ 218.825075][ T7013] EXT4-fs (loop1): 1 orphan inode deleted [ 218.836438][ T7013] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 219.819496][ T5771] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 220.127531][ T7028] loop4: detected capacity change from 0 to 1024 [ 220.206414][ T7028] hfsplus: invalid length 32517 has been corrected to 255 [ 220.258378][ T27] audit: type=1800 audit(1767067075.096:5): pid=7028 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.308" name="file1" dev="loop4" ino=20 res=0 errno=0 [ 222.241619][ T3551] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 222.455202][ T3551] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 222.642560][ T3551] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 222.881112][ T3551] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 223.496497][ T7048] loop0: detected capacity change from 0 to 512 [ 224.067197][ T5779] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 224.078537][ T5779] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 224.090016][ T5779] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 224.109922][ T5779] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 224.137111][ T5779] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 224.144642][ T5779] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 226.216961][ T5779] Bluetooth: hci1: command tx timeout [ 226.232437][ T7065] loop0: detected capacity change from 0 to 1024 [ 227.069591][ T6630] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 227.508693][ T7080] loop0: detected capacity change from 0 to 8 [ 227.890156][ T7082] loop3: detected capacity change from 0 to 128 [ 228.296773][ T5779] Bluetooth: hci1: command tx timeout [ 228.638821][ T7081] pimreg: tun_chr_ioctl cmd 1074025677 [ 228.644671][ T7081] pimreg: linktype set to 0 [ 228.698794][ T5769] FAT-fs (loop3): error, invalid access to FAT (entry 0xffff0000) [ 228.721424][ T5769] FAT-fs (loop3): Filesystem has been set read-only [ 228.755499][ T5769] FAT-fs (loop3): error, corrupted directory (invalid entries) [ 228.776203][ T5769] FAT-fs (loop3): error, corrupted directory (invalid entries) [ 229.069911][ T7094] loop4: detected capacity change from 0 to 1024 [ 229.094523][ T7094] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (7780!=20869) [ 229.109470][ T7094] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 229.141767][ T7094] EXT4-fs (loop4): invalid journal inode [ 229.154889][ T7051] chnl_net:caif_netlink_parms(): no params data found [ 229.164566][ T7094] EXT4-fs (loop4): can't get journal size [ 229.179326][ T7094] EXT4-fs error (device loop4): ext4_map_blocks:608: inode #3: block 17104912: comm syz.4.317: lblock 2 mapped to illegal pblock 17104912 (length 1) [ 229.214054][ T7094] EXT4-fs (loop4): failed to initialize system zone (-117) [ 229.222156][ T7094] EXT4-fs (loop4): mount failed [ 229.849715][ T7051] bridge0: port 1(bridge_slave_0) entered blocking state [ 229.891720][ T7051] bridge0: port 1(bridge_slave_0) entered disabled state [ 229.918339][ T7051] bridge_slave_0: entered allmulticast mode [ 229.954294][ T7051] bridge_slave_0: entered promiscuous mode [ 230.006480][ T7051] bridge0: port 2(bridge_slave_1) entered blocking state [ 230.190225][ T7051] bridge0: port 2(bridge_slave_1) entered disabled state [ 230.338117][ T7051] bridge_slave_1: entered allmulticast mode [ 230.377675][ T5779] Bluetooth: hci1: command tx timeout [ 230.625786][ T7110] loop0: detected capacity change from 0 to 256 [ 230.652597][ T7051] bridge_slave_1: entered promiscuous mode [ 230.963229][ T7051] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 231.052212][ T7051] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 231.500380][ T6630] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 231.683287][ T3551] hsr_slave_0: left promiscuous mode [ 231.754995][ T3551] hsr_slave_1: left promiscuous mode [ 231.802772][ T3551] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 231.845061][ T3551] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 231.877670][ T3551] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 231.885168][ T3551] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 231.921388][ T3551] bridge_slave_1: left allmulticast mode [ 231.935526][ T3551] bridge_slave_1: left promiscuous mode [ 231.987554][ T3551] bridge0: port 2(bridge_slave_1) entered disabled state [ 232.014612][ T3551] bridge_slave_0: left allmulticast mode [ 232.034841][ T3551] bridge_slave_0: left promiscuous mode [ 232.047524][ T3551] bridge0: port 1(bridge_slave_0) entered disabled state [ 232.194657][ T3551] veth1_macvtap: left promiscuous mode [ 232.201517][ T3551] veth0_macvtap: left promiscuous mode [ 232.216015][ T5786] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 232.219970][ T3551] veth1_vlan: left promiscuous mode [ 232.247054][ T5786] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 232.247238][ T3551] veth0_vlan: left promiscuous mode [ 232.259694][ T5786] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 232.268301][ T7126] loop0: detected capacity change from 0 to 128 [ 232.276973][ T5786] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 232.290261][ T5786] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 232.298576][ T5786] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 232.477161][ T5786] Bluetooth: hci1: command tx timeout [ 232.975957][ T7133] loop4: detected capacity change from 0 to 512 [ 233.049237][ T7133] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 233.063540][ T7133] ext4 filesystem being mounted at /22/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 233.242457][ T6439] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 233.360021][ T3551] team0 (unregistering): Port device team_slave_1 removed [ 234.672009][ T5786] Bluetooth: hci0: command tx timeout [ 235.072717][ T7144] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 236.455386][ T3551] team0 (unregistering): Port device team_slave_0 removed [ 236.585935][ T3551] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 236.661272][ T3551] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 236.696957][ T5786] Bluetooth: hci0: command tx timeout [ 237.110560][ T7147] rtc_cmos 00:00: Alarms can be up to one day in the future [ 239.215772][ T5786] Bluetooth: hci0: command tx timeout [ 239.325312][ T3551] bond0 (unregistering): Released all slaves [ 239.581895][ T7051] team0: Port device team_slave_0 added [ 239.597260][ T7051] team0: Port device team_slave_1 added [ 239.878171][ T7051] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 239.886310][ T7051] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 239.921169][ T7051] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 239.935660][ T7051] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 239.949103][ T7051] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 240.006748][ T7051] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 240.227003][ T7051] hsr_slave_0: entered promiscuous mode [ 240.235156][ T7051] hsr_slave_1: entered promiscuous mode [ 240.266844][ T7051] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 240.274487][ T7051] Cannot create hsr debugfs directory [ 240.991989][ T7051] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 241.019185][ T7051] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 241.036272][ T7123] chnl_net:caif_netlink_parms(): no params data found [ 241.054631][ T7051] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 241.066265][ T7051] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 241.256809][ T5786] Bluetooth: hci0: command tx timeout [ 241.313257][ T7192] netlink: 12 bytes leftover after parsing attributes in process `syz.0.340'. [ 241.508953][ T7123] bridge0: port 1(bridge_slave_0) entered blocking state [ 241.536927][ T7123] bridge0: port 1(bridge_slave_0) entered disabled state [ 241.544337][ T7123] bridge_slave_0: entered allmulticast mode [ 241.609049][ T7123] bridge_slave_0: entered promiscuous mode [ 241.643873][ T7123] bridge0: port 2(bridge_slave_1) entered blocking state [ 241.651154][ T7123] bridge0: port 2(bridge_slave_1) entered disabled state [ 241.659699][ T7123] bridge_slave_1: entered allmulticast mode [ 241.667303][ T7123] bridge_slave_1: entered promiscuous mode [ 242.331216][ T7123] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 242.410008][ T7123] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 242.643679][ T7123] team0: Port device team_slave_0 added [ 242.747849][ T7123] team0: Port device team_slave_1 added [ 242.966702][ T7123] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 243.000385][ T7123] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 243.113113][ T7123] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 243.170091][ T7123] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 243.195315][ T7123] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 243.282829][ T7123] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 243.325011][ T7222] netlink: 100 bytes leftover after parsing attributes in process `syz.0.345'. [ 243.492342][ T7123] hsr_slave_0: entered promiscuous mode [ 243.510490][ T7123] hsr_slave_1: entered promiscuous mode [ 243.524195][ T7123] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 243.539774][ T7123] Cannot create hsr debugfs directory [ 244.065587][ T7051] 8021q: adding VLAN 0 to HW filter on device bond0 [ 244.096761][ T7227] loop4: detected capacity change from 0 to 512 [ 244.184353][ T7227] EXT4-fs (loop4): 1 truncate cleaned up [ 244.191574][ T7227] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 244.231983][ T7227] EXT4-fs error (device loop4): ext4_validate_block_bitmap:439: comm syz.4.346: bg 0: block 465: padding at end of block bitmap is not set [ 244.268074][ T7227] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 4 with error 28 [ 244.281733][ T7227] EXT4-fs (loop4): This should not happen!! Data will be lost [ 244.281733][ T7227] [ 244.291899][ T7227] EXT4-fs (loop4): Total free blocks count 0 [ 244.298894][ T7227] EXT4-fs (loop4): Free/Dirty block details [ 244.304906][ T7227] EXT4-fs (loop4): free_blocks=0 [ 244.309999][ T7227] EXT4-fs (loop4): dirty_blocks=4 [ 244.315095][ T7227] EXT4-fs (loop4): Block reservation details [ 244.321140][ T7227] EXT4-fs (loop4): i_reserved_data_blocks=4 [ 244.579114][ T6439] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 244.728566][ T7051] 8021q: adding VLAN 0 to HW filter on device team0 [ 246.462941][ T3551] bridge0: port 1(bridge_slave_0) entered blocking state [ 246.470173][ T3551] bridge0: port 1(bridge_slave_0) entered forwarding state [ 246.543333][ T3551] bridge0: port 2(bridge_slave_1) entered blocking state [ 246.550619][ T3551] bridge0: port 2(bridge_slave_1) entered forwarding state [ 246.566957][ T7247] loop4: detected capacity change from 0 to 512 [ 246.650075][ T7123] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 246.684069][ T7123] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 246.726516][ T7247] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 246.766011][ T7123] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 246.836002][ T7123] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 247.009094][ T6439] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 247.511687][ T7123] 8021q: adding VLAN 0 to HW filter on device bond0 [ 247.635993][ T7123] 8021q: adding VLAN 0 to HW filter on device team0 [ 247.764638][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 247.771879][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 247.848690][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 247.855908][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 248.116090][ T7123] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 248.281490][ T7051] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 249.076509][ T7299] loop4: detected capacity change from 0 to 256 [ 249.178292][ T7299] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xf5596061, utbl_chksum : 0xe619d30d) [ 249.317062][ T7123] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 250.328355][ T7051] veth0_vlan: entered promiscuous mode [ 250.394715][ T27] audit: type=1804 audit(1767067105.226:6): pid=7309 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.358" name="/newroot/35/file0/file1" dev="loop4" ino=1048624 res=1 errno=0 [ 250.473082][ T7051] veth1_vlan: entered promiscuous mode [ 252.940067][ T7328] loop4: detected capacity change from 0 to 512 [ 252.950246][ T7328] EXT4-fs: Ignoring removed orlov option [ 252.956043][ T7328] EXT4-fs: Ignoring removed mblk_io_submit option [ 253.260082][ T7328] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2249: inode #15: comm syz.4.362: corrupted in-inode xattr: e_value size too large [ 253.274652][ T7328] EXT4-fs error (device loop4): ext4_orphan_get:1404: comm syz.4.362: couldn't read orphan inode 15 (err -117) [ 253.297737][ T7328] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 253.313826][ T27] audit: type=1800 audit(1767067108.146:7): pid=7326 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.362" name="bus" dev="loop4" ino=18 res=0 errno=0 [ 253.420572][ T7328] nfs4: Unknown parameter 'uid' [ 253.480176][ T7051] veth0_macvtap: entered promiscuous mode [ 253.630974][ T7051] veth1_macvtap: entered promiscuous mode [ 255.414357][ T7051] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 255.451180][ T7051] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 255.486799][ T7051] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 255.522256][ T7051] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 255.557377][ T7051] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 255.597235][ T7051] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 255.628706][ T7051] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 255.660370][ T7051] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 255.701246][ T7051] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 255.714032][ T7051] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 255.730800][ T7051] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 255.743883][ T7051] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 255.767288][ T1276] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.773656][ T1276] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.783928][ T7051] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 255.802607][ T7051] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 255.817461][ T6439] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 255.859231][ T7051] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 255.896764][ T7051] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 255.905555][ T7051] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 255.953275][ T7051] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 257.853763][ T7123] veth0_vlan: entered promiscuous mode [ 257.983900][ T7123] veth1_vlan: entered promiscuous mode [ 258.145771][ T77] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 258.164338][ T77] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 258.226208][ T7123] veth0_macvtap: entered promiscuous mode [ 258.255617][ T7123] veth1_macvtap: entered promiscuous mode [ 258.298240][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 258.306207][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 258.337164][ T7123] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 258.367427][ T7123] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 258.388301][ T7123] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 258.416685][ T7123] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 258.433429][ T7123] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 258.466664][ T7123] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 258.486638][ T7123] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 258.506925][ T7123] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 258.528981][ T7123] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 258.558890][ T7123] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 258.576721][ T7123] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 258.606620][ T7123] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 258.636749][ T7123] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 258.657241][ T7123] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 258.676928][ T7123] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 258.696671][ T7123] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 258.717136][ T7123] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 258.744508][ T7123] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 258.824794][ T7123] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 258.835932][ T7123] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 258.876776][ T7123] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 258.885559][ T7123] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 260.706702][ T2973] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 260.714682][ T2973] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 260.887543][ T2926] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 260.928997][ T2926] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 261.134918][ T5928] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 261.274106][ T7380] capability: warning: `syz.4.366' uses deprecated v2 capabilities in a way that may be insecure [ 261.305359][ T7381] netlink: 40 bytes leftover after parsing attributes in process `syz.4.366'. [ 261.356797][ T5928] usb 6-1: Using ep0 maxpacket: 8 [ 261.375392][ T5928] usb 6-1: unable to get BOS descriptor or descriptor too short [ 261.394914][ T5928] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 261.447446][ T5928] usb 6-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 261.492299][ T5928] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 261.534443][ T5928] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 261.578871][ T5928] usb 6-1: Product: syz [ 261.583132][ T5928] usb 6-1: Manufacturer: syz [ 261.602953][ T5928] usb 6-1: SerialNumber: syz [ 262.406002][ T7374] Illegal XDP return value 4294967294 on prog (id 64) dev N/A, expect packet loss! [ 262.679239][ T7398] loop6: detected capacity change from 0 to 512 [ 262.698931][ T5928] cdc_ncm 6-1:1.0: skipping garbage [ 262.704265][ T5928] cdc_ncm 6-1:1.0: CDC Union missing and no IAD found [ 262.737133][ T5928] cdc_ncm 6-1:1.0: bind() failure [ 262.770475][ T7398] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 262.825194][ T5928] usb 6-1: USB disconnect, device number 2 [ 262.836766][ T7398] ext4 filesystem being mounted at /2/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 262.973855][ T7123] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 265.874211][ T7419] loop5: detected capacity change from 0 to 1024 [ 265.891901][ T7419] EXT4-fs: Ignoring removed nomblk_io_submit option [ 266.892994][ T7419] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 266.904426][ T7419] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 266.921048][ T7419] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e054c018, mo2=0002] [ 266.929407][ T7419] System zones: 0-1, 3-36 [ 266.937621][ T7419] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 268.008729][ T7051] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 269.645493][ T5786] Bluetooth: hci2: command 0x0406 tx timeout [ 275.637380][ T7494] loop4: detected capacity change from 0 to 1024 [ 275.648606][ T7494] EXT4-fs: Ignoring removed orlov option [ 275.714148][ T7494] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 276.604339][ T6439] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 279.011504][ T7521] loop5: detected capacity change from 0 to 1024 [ 279.203785][ T7521] [ 279.206271][ T7521] ====================================================== [ 279.213308][ T7521] WARNING: possible circular locking dependency detected [ 279.220372][ T7521] syzkaller #0 Not tainted [ 279.224792][ T7521] ------------------------------------------------------ [ 279.231921][ T7521] syz.5.385/7521 is trying to acquire lock: [ 279.237817][ T7521] ffffffff8ca648e8 (bdev_lock){+.+.}-{3:3}, at: bd_prepare_to_claim+0x1ba/0x480 [ 279.246882][ T7521] [ 279.246882][ T7521] but task is already holding lock: [ 279.254270][ T7521] ffff888148c87c40 (mapping.invalidate_lock){++++}-{3:3}, at: blkdev_fallocate+0x22b/0x6a0 [ 279.264652][ T7521] [ 279.264652][ T7521] which lock already depends on the new lock. [ 279.264652][ T7521] [ 279.275089][ T7521] [ 279.275089][ T7521] the existing dependency chain (in reverse order) is: [ 279.284125][ T7521] [ 279.284125][ T7521] -> #4 (mapping.invalidate_lock){++++}-{3:3}: [ 279.292549][ T7521] down_write+0x97/0x1f0 [ 279.297348][ T7521] set_blocksize+0x249/0x4b0 [ 279.302471][ T7521] sb_min_blocksize+0xbe/0x190 [ 279.307768][ T7521] ext4_fill_super+0x6df/0x66c0 [ 279.313153][ T7521] get_tree_bdev+0x3e4/0x510 [ 279.318302][ T7521] vfs_get_tree+0x8c/0x280 [ 279.323301][ T7521] do_new_mount+0x24b/0xa40 [ 279.328346][ T7521] init_mount+0xd2/0x120 [ 279.333211][ T7521] do_mount_root+0x97/0x230 [ 279.338246][ T7521] mount_root_generic+0x195/0x3c0 [ 279.343803][ T7521] prepare_namespace+0xc2/0x100 [ 279.349194][ T7521] kernel_init_freeable+0x413/0x570 [ 279.354928][ T7521] kernel_init+0x1d/0x1c0 [ 279.359788][ T7521] ret_from_fork+0x48/0x80 [ 279.364731][ T7521] ret_from_fork_asm+0x11/0x20 [ 279.370031][ T7521] [ 279.370031][ T7521] -> #3 (&sb->s_type->i_mutex_key#8){++++}-{3:3}: [ 279.378668][ T7521] down_write+0x97/0x1f0 [ 279.383439][ T7521] set_blocksize+0x201/0x4b0 [ 279.388561][ T7521] sb_min_blocksize+0xbe/0x190 [ 279.393849][ T7521] ext4_fill_super+0x6df/0x66c0 [ 279.399226][ T7521] get_tree_bdev+0x3e4/0x510 [ 279.404346][ T7521] vfs_get_tree+0x8c/0x280 [ 279.409290][ T7521] do_new_mount+0x24b/0xa40 [ 279.414372][ T7521] init_mount+0xd2/0x120 [ 279.419154][ T7521] do_mount_root+0x97/0x230 [ 279.424196][ T7521] mount_root_generic+0x195/0x3c0 [ 279.429860][ T7521] prepare_namespace+0xc2/0x100 [ 279.435240][ T7521] kernel_init_freeable+0x413/0x570 [ 279.440971][ T7521] kernel_init+0x1d/0x1c0 [ 279.445828][ T7521] ret_from_fork+0x48/0x80 [ 279.450772][ T7521] ret_from_fork_asm+0x11/0x20 [ 279.456066][ T7521] [ 279.456066][ T7521] -> #2 (&type->s_umount_key#31){++++}-{3:3}: [ 279.464337][ T7521] down_read+0x46/0x2e0 [ 279.469020][ T7521] super_lock+0x167/0x360 [ 279.473900][ T7521] fs_bdev_sync+0xa4/0x170 [ 279.478835][ T7521] blkdev_common_ioctl+0x881/0x2460 [ 279.484569][ T7521] blkdev_ioctl+0x4eb/0x6f0 [ 279.489604][ T7521] __se_sys_ioctl+0xfd/0x170 [ 279.494722][ T7521] do_syscall_64+0x55/0xb0 [ 279.499664][ T7521] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 279.506085][ T7521] [ 279.506085][ T7521] -> #1 (&bdev->bd_holder_lock){+.+.}-{3:3}: [ 279.514300][ T7521] __mutex_lock+0x129/0xcc0 [ 279.519354][ T7521] bd_finish_claiming+0x22f/0x3f0 [ 279.524943][ T7521] blkdev_get_by_dev+0x45c/0x600 [ 279.530424][ T7521] bdev_open_by_dev+0x77/0x100 [ 279.535714][ T7521] setup_bdev_super+0x59/0x660 [ 279.541002][ T7521] mount_bdev+0x1dd/0x2d0 [ 279.545875][ T7521] legacy_get_tree+0xea/0x180 [ 279.551126][ T7521] vfs_get_tree+0x8c/0x280 [ 279.556074][ T7521] do_new_mount+0x24b/0xa40 [ 279.561142][ T7521] init_mount+0xd2/0x120 [ 279.565941][ T7521] do_mount_root+0x97/0x230 [ 279.570982][ T7521] mount_root_generic+0x195/0x3c0 [ 279.576560][ T7521] prepare_namespace+0xc2/0x100 [ 279.581953][ T7521] kernel_init_freeable+0x413/0x570 [ 279.587685][ T7521] kernel_init+0x1d/0x1c0 [ 279.592545][ T7521] ret_from_fork+0x48/0x80 [ 279.597491][ T7521] ret_from_fork_asm+0x11/0x20 [ 279.602782][ T7521] [ 279.602782][ T7521] -> #0 (bdev_lock){+.+.}-{3:3}: [ 279.609910][ T7521] __lock_acquire+0x2ddb/0x7c80 [ 279.615288][ T7521] lock_acquire+0x197/0x410 [ 279.620319][ T7521] __mutex_lock+0x129/0xcc0 [ 279.625354][ T7521] bd_prepare_to_claim+0x1ba/0x480 [ 279.630990][ T7521] truncate_bdev_range+0x4e/0x260 [ 279.636551][ T7521] blkdev_fallocate+0x428/0x6a0 [ 279.641948][ T7521] vfs_fallocate+0x58e/0x700 [ 279.647093][ T7521] do_madvise+0x15fe/0x3710 [ 279.652149][ T7521] __x64_sys_madvise+0xa6/0xc0 [ 279.657459][ T7521] do_syscall_64+0x55/0xb0 [ 279.662401][ T7521] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 279.668913][ T7521] [ 279.668913][ T7521] other info that might help us debug this: [ 279.668913][ T7521] [ 279.679151][ T7521] Chain exists of: [ 279.679151][ T7521] bdev_lock --> &sb->s_type->i_mutex_key#8 --> mapping.invalidate_lock [ 279.679151][ T7521] [ 279.693336][ T7521] Possible unsafe locking scenario: [ 279.693336][ T7521] [ 279.700800][ T7521] CPU0 CPU1 [ 279.706173][ T7521] ---- ---- [ 279.711546][ T7521] lock(mapping.invalidate_lock); [ 279.716678][ T7521] lock(&sb->s_type->i_mutex_key#8); [ 279.724586][ T7521] lock(mapping.invalidate_lock); [ 279.732244][ T7521] lock(bdev_lock); [ 279.736161][ T7521] [ 279.736161][ T7521] *** DEADLOCK *** [ 279.736161][ T7521] [ 279.744328][ T7521] 2 locks held by syz.5.385/7521: [ 279.749366][ T7521] #0: ffff888148c87ab0 (&sb->s_type->i_mutex_key#8){++++}-{3:3}, at: blkdev_fallocate+0x205/0x6a0 [ 279.760097][ T7521] #1: ffff888148c87c40 (mapping.invalidate_lock){++++}-{3:3}, at: blkdev_fallocate+0x22b/0x6a0 [ 279.770549][ T7521] [ 279.770549][ T7521] stack backtrace: [ 279.776450][ T7521] CPU: 1 PID: 7521 Comm: syz.5.385 Not tainted syzkaller #0 [ 279.783737][ T7521] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 279.793820][ T7521] Call Trace: [ 279.797117][ T7521] [ 279.800071][ T7521] dump_stack_lvl+0x16c/0x230 [ 279.804787][ T7521] ? load_image+0x3b0/0x3b0 [ 279.809302][ T7521] ? show_regs_print_info+0x20/0x20 [ 279.814523][ T7521] ? print_circular_bug+0x12b/0x1a0 [ 279.819755][ T7521] check_noncircular+0x2bd/0x3c0 [ 279.824710][ T7521] ? print_deadlock_bug+0x5d0/0x5d0 [ 279.829919][ T7521] ? lockdep_lock+0xe0/0x220 [ 279.834609][ T7521] ? _find_first_zero_bit+0xd3/0x100 [ 279.839999][ T7521] __lock_acquire+0x2ddb/0x7c80 [ 279.844863][ T7521] ? finish_task_switch+0x265/0x920 [ 279.850063][ T7521] ? lockdep_hardirqs_on+0x98/0x150 [ 279.855274][ T7521] ? finish_task_switch+0x265/0x920 [ 279.860563][ T7521] ? verify_lock_unused+0x140/0x140 [ 279.865871][ T7521] ? __schedule+0x14da/0x44d0 [ 279.870581][ T7521] lock_acquire+0x197/0x410 [ 279.875105][ T7521] ? bd_prepare_to_claim+0x1ba/0x480 [ 279.880402][ T7521] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 279.886398][ T7521] ? __might_sleep+0xe0/0xe0 [ 279.891004][ T7521] ? read_lock_is_recursive+0x20/0x20 [ 279.896402][ T7521] ? mark_lock+0x94/0x320 [ 279.900754][ T7521] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 279.906748][ T7521] __mutex_lock+0x129/0xcc0 [ 279.911263][ T7521] ? bd_prepare_to_claim+0x1ba/0x480 [ 279.916576][ T7521] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 279.922250][ T7521] ? bd_prepare_to_claim+0x1ba/0x480 [ 279.927548][ T7521] ? mutex_lock_nested+0x20/0x20 [ 279.932500][ T7521] ? lock_acquire+0x1f2/0x410 [ 279.937200][ T7521] ? invalidate_bdev+0xc0/0xc0 [ 279.941966][ T7521] bd_prepare_to_claim+0x1ba/0x480 [ 279.947112][ T7521] ? invalidate_bdev+0xc0/0xc0 [ 279.951884][ T7521] ? truncate_bdev_range+0x260/0x260 [ 279.957175][ T7521] ? lock_chain_count+0x20/0x20 [ 279.962040][ T7521] ? down_write+0x162/0x1f0 [ 279.966565][ T7521] ? down_read_killable+0x340/0x340 [ 279.971786][ T7521] ? lockdep_hardirqs_on+0x98/0x150 [ 279.976992][ T7521] truncate_bdev_range+0x4e/0x260 [ 279.982022][ T7521] blkdev_fallocate+0x428/0x6a0 [ 279.986887][ T7521] vfs_fallocate+0x58e/0x700 [ 279.991505][ T7521] do_madvise+0x15fe/0x3710 [ 279.996028][ T7521] ? madvise_set_anon_name+0x440/0x440 [ 280.001501][ T7521] ? finish_task_switch+0x265/0x920 [ 280.006727][ T7521] ? lockdep_hardirqs_on+0x98/0x150 [ 280.011935][ T7521] ? finish_task_switch+0x265/0x920 [ 280.017233][ T7521] ? __schedule+0x14da/0x44d0 [ 280.021930][ T7521] ? asan.module_dtor+0x20/0x20 [ 280.026811][ T7521] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 280.032844][ T7521] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 280.038842][ T7521] ? trace_irq_disable+0x37/0xe0 [ 280.043799][ T7521] ? lock_chain_count+0x20/0x20 [ 280.048661][ T7521] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 280.054328][ T7521] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 280.059986][ T7521] __x64_sys_madvise+0xa6/0xc0 [ 280.064766][ T7521] do_syscall_64+0x55/0xb0 [ 280.069191][ T7521] ? clear_bhb_loop+0x40/0x90 [ 280.073879][ T7521] ? clear_bhb_loop+0x40/0x90 [ 280.078588][ T7521] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 280.084529][ T7521] RIP: 0033:0x7fa75898f749 [ 280.088987][ T7521] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 280.108613][ T7521] RSP: 002b:00007fa7598ee038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 280.117039][ T7521] RAX: ffffffffffffffda RBX: 00007fa758be5fa0 RCX: 00007fa75898f749 [ 280.125025][ T7521] RDX: 0000000000000009 RSI: 0000000000600003 RDI: 0000200000000000 [ 280.133007][ T7521] RBP: 00007fa758a13f91 R08: 0000000000000000 R09: 0000000000000000 [ 280.140989][ T7521] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 280.148967][ T7521] R13: 00007fa758be6038 R14: 00007fa758be5fa0 R15: 00007ffde5823938 [ 280.156957][ T7521] [ 281.012678][ T7543] loop4: detected capacity change from 0 to 1024 [ 281.063185][ T7543] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 281.201342][ T7548] netlink: 28 bytes leftover after parsing attributes in process `syz.4.392'. [ 281.621075][ T6439] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 283.416782][ T5786] Bluetooth: hci2: command 0x0406 tx timeout