last executing test programs: 18.368987698s ago: executing program 0 (id=94): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000080fcdbdf254400000008000300", @ANYRES32=r3, @ANYBLOB="0a00180003030303030300000400238008000c006400"], 0x44}}, 0x0) 18.149911522s ago: executing program 0 (id=96): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000480)={'wlan0\x00', 0x0}) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000f40)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-aes-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r5 = accept4(r4, 0x0, 0x0, 0x80000) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), r5) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000400)=@mangle={'mangle\x00', 0x44, 0x6, 0x398, 0x98, 0x1d0, 0x0, 0x138, 0x1d0, 0x300, 0x300, 0x300, 0x300, 0x300, 0x6, 0x0, {[{{@ip={@broadcast, @dev, 0x0, 0x0, 'geneve1\x00', 'ip6gre0\x00'}, 0x0, 0x70, 0x98}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0x268}}, {{@uncond, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x7, 0x0, @multicast2, 0xffff}}}, {{@uncond, 0x0, 0x70, 0x98}, @ECN={0x28}}, {{@ip={@rand_addr, @multicast2, 0x0, 0x0, 'syzkaller0\x00', 'bond0\x00'}, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}, {{@uncond, 0x0, 0x70, 0x98}, @inet=@DSCP={0x28, 'DSCP\x00', 0x0, {0x1a}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3f8) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000000000003700000008000300", @ANYRES32=r2, @ANYBLOB="08002600901500000800570080"], 0x2c}}, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan0\x00'}) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, 0x0, 0x0) sendmsg$NL80211_CMD_SET_INTERFACE(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x24, r7, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) 17.173325011s ago: executing program 0 (id=104): openat(0xffffffffffffff9c, 0x0, 0xe2341, 0x85) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x1f, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11}, 0x94) r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x6cb, 0x81a7, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x30, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x3, 0x0, 0x2, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0xb}}, {{{0x9, 0x5, 0x81, 0x3, 0x20, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) syz_emit_ethernet(0x3a, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000100)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00220b000000a1"], 0x0}, 0x0) 13.658230378s ago: executing program 0 (id=115): write$FUSE_WRITE(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$udf(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000001940)=ANY=[], 0x0, 0xc25, &(0x7f0000002580)="$eJzs3V9oXNl9B/DfmStZY22aaLOJN2mz6UBKYpTa+F9sBZcgZxW1AccbIit0n6LRHzvDyiMjyY03bYPakhb6ErovpS9FNF1ayEPpQ7ePVZotJJRCCXlIHwqCJss+9EEPgdKWjcK9c0Ya2fJau15ZsvfzMePvnTu/OzrnntGdO6AzNwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAiM9+7tKp0+mgWwEAPExXJr506myKgYNuBwDw8Fz1+R8AAAAAAAAAAAAAAA67FEUcixSDr2ykqep+R/1yq33r9uTY+O6bHU2RohZFVV/e6qfPnD33qfMXRrr55tu/0z4cz01cvdR4duHGzcW5paW52cZkuzWzMDu352d40O3vNFztgMaNF27NXru21Dhz8uyOh28PvTbwxLGhixdOnB/p1k6OjY9P9NT09b/tn36Xe83wOBJFNCPFG0Ovp2ZE1OLB98V9Xjv77WjVieGqE5Nj41VH5lvN9nL5YKrlqlpEo2ej0e4+eghj8UBGI1bK5pcNHi67N3Gzudicnp9rfLG5uNxabi20U63T2rI/jajFSIpYjYj1XSb59kcRH40UL53aSNMRUXT3wyericH3b09tH/q4B2U7G/0Rq7VHYMwOsYEo4kqk+Nmrx2Om3Gf5Fh+P+EKZr0S8XOZnIlL5wjgX8VOTxR8bfVHEv0WKhbSRZqvjQfe4cvnLjc+3ry301HaPK4/8+8PDdMiPTfUoYro64m+kt3+yAwAAAAAAAAAAAAAAAMA77WgU8e1I8UfP/E41rziqeenvuzjynud/s3fO+NP3eZ6y9mRErNT2Nie3P08dTrXy3z50jD2pRxHfyPP//uCgGwMAAAAAAAAAAAAAAAAAAPCuVsTzkeIrJ46n1aiu/XskqmuKt9rXG1eb0/Odq8J2r/3bvWb65ubmZiN1cjTnVM6VnKs513Ku54xa3j7naM6pnCs5V3Ou5VzPGUXePudozqmcKzlXc67lXM8ZfXn7nKM5p3Ku5FzNuZZzPWcckmv3AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8TmpRxM8jxbe+tpEiRcRoxFR0cm3goFsHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJTqqYiTkWLt+Xp1f7UWcTUifr65udm9RcRGmQ/qoPsKAAAAAAAAAAAAAAAAAAAAh1Yq4mOR4qn/20iNiLg99NrAE8eGLl44cX6kiCJSWdJb/9zE1UuNZxdu3FycW1qam21MtlszC7Nze/1x9cut9q3bk2Pj+9KZ+zq6z+0/Wn924eaLi63rX13e9fHB+qXppeXF5szuD8fRqEVM9a4Zrho8OTZeNXq+1WxXm6baPRpYixjda2cAAAAAAAAAAAAAAAAAAAA4NAZTEZ+LFD/5z3OpO2+8rzPn/5c694qt2pd/b/u7AObvyK7e7w/Yy3Laa0OHq4n3jcmx8fGJntV9/XeXlm1KqYinI8UnXvpQNR8+xeCuc+PLuveWdTfO5bqhXynrVnZU1Ycnx8YbVxbaJy7Nzy/MNJeb0/NzjYmbzZn8xQEre+0GAAAAAAAAAAAAAAAAAAAA7GYwFfGjSPHff/vvqXvd+Tz/v69zr2f+/29UU+gr9bQzt1Rz+99bze3vLL/v4sjgR5+51/r9mP9ftimlIr4ZKc7+6EPV9fS78/+n7qgt6/4kUrz+zEdyXe1IWdfsdqfzjNda83Onytq/jBS/+ka3Nqra67n2qe3a02Xt0Ujx5xs7a7+aaz+wXXumrD0eKb73X7vXfnC79mxZ+5NI8Y9/0+jWDpa1v5trj23XnpxZmJ+9324tx/87keKvr/xW6vb5nuPf8/0PK3fklrvG/M2X36nxH+pZt5LH9Y/z+DfvM/7nI8V36h/JdZ19P50ff7L6f3v8PxEp/uNfd9Zey7Xv3649vdduHbRy/L8dKb77Fz/e6nMe//74+/+N7RHfOf6/3Lczt14lBzT+T/asG8rtmnnru+NdZ+nFr7/QnJ+fW7RgwYKFrYWDPjLxMJTv/38aKf7/WJG65zH5/f89nXvb53//843t9/+Ld+SWA3r/f3/Puov5rKW/L6K+fONm/9MR9aUXv36idaN5fe76XPvM6VOf/vT506dOn+8/0j25217a8757HJTj/4NI8cO/++HW55it87/K7uf/g3fklgMa/6d6+7TjvGbPu+JdqRz/v4oUT372x1ufN3eO/87z/+7n/+Mf25lbv38HNP4f6Fk3lNvVeov7AgAAAAAAAAAA4FEymIr4s0jx23/466k7h2gvf/83e0duOaC//zrWs272Ic1r2PNOBgA4RMrzvw9Gin/a/P7WXO6d53/xa93a3vO/ezkM1/8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBHXYoifj9SDL6ykdYGyvsd9cut9q3bk2Pju292NEWKWhRVfXmrnz5z9tynzl8Y6eabb/9O+3A8N3H1UuPZhRs3F+eWluZmG5Pt1szC7Nyen+FBt7/TcLUDGjdeuDV77dpS48zJszsevj302sATx4YuXjhxfqRTO9CYHBsfn+ip6et/2z/9Luke649EEd+PFG8MvZ6+OxBRiwffF/d57ey3o1UnhqtOTI6NVx2ZbzXby+WDqZarahGNno1Gu/soj9t+jsUDGY1YKZtfNni47N7EzeZic3p+rvHF5uJya7m10E61TmvL/jSiFiMpYjUi1gfufrr+KOKbkeKlUxvpnwciiu5++OSViS+dOnv/9tT2oY97ULaz0R+xWnsExuwQG4gi/iFS/OzV4/G9gYi+6Nzi4xFfKPOViJfL/ExEKl8Y5yJ+usvriEdTXxRxLlIspI306kB5POgeVy5/ufH59rWFntruceWRf394mA75sakeRfygOuJvpH/xew0AAAAAAAAAAAAAAABwiBSxGim+cuJ4quYHb80pbrWvN642p+c70/q6c/+6c6Y3Nzc3G6mTozmncq7kXM25lnM9Z9Ty9jlHc07lXMm5mnMt53rOKPL2OUdzTuVcybmacy3nes7oy9vnHM05lXMl52rOtZzrOeOQzN0DAAAAAAAAAAAAAAAAAAAeL7Uoqqu4f+trG2lzoHN96ano5JrrgT72fhEAAP//gMd2Mw==") mount$tmpfs(0x0, &(0x7f0000000540)='./file0\x00', 0x0, 0x3200034, 0x0) ioctl$TIOCSIG(0xffffffffffffffff, 0x40045436, 0x33) syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000340)='./file1\x00', 0x1000040, &(0x7f0000000000)={[{@errors_remount}]}, 0x1, 0x599, &(0x7f0000000540)="$eJzs3T9sG2UbAPDnznHTP/m+9JO+T/pAHSpAKlJVJ+kfKEztiqhUqQMSC0SOG1Vx4ipOoIkike4VogMC1KVsMDCCGBgQCyMrC4gZqaIRSE0HMHJ8TtPULk6I4xL/ftLZ73t39vO+d35e+053cgB962j9IY14KiIuJhHDG5YNRLbwaGO91ZWl4v2VpWIStdqlX5JIIuLeylKxuX6SPR+KiOWI+H9EfJOPOJ6uv+W+ZqG6sDg1Xi6XZrP6yNz01ZHqwuKJK9Pjk6XJ0sypF186c/b0mbGTYxube7+2sZbfWl9v/Hjz3RvfvXL75qefHVkuvj+exLkYypZt7MdOamyTfJzbNP90N4L1UNLrBrAtuSzP66n0vxiOXJb1rdQ2Dg6Du9I8oItqgxE1oE8l8h/6VPN3QP34tznt5u+PO+cbByD1uKsrS8V3ohl/oHFuIvavHZsc/DV56Mikfrx5eDcbyp60fD0iRgcGHv38J9nnb/tGd6KBdNXX5xs76tH9n66PP9Fi/Blqnjv9m5rj32o2/q22iJ9rM/5d7DDG76//9FHb+NcH4+mW8ZP1+EmL+GlEvNlh/FuvfXm23bLaxxHHonX8puTx54dHLl8pl0Ybjy1jfHXsyMvt+x9xsE38xjnb/WtfMxv7vy9rU9ph/7/49vNnlh8T//lnH7//W23/AxHxXofx/3Pvk1fbLbtzPblb/xWw1f2fRD5udxj/hXNHf8iKzhoCAAAAAAAAAMAOSteuZUvSwno5TQuFxj28/42DablSnTt+uTI/M9G45u1w5NPmlVbDjXpSr49l1+M26yc31U/lsoC5A2v1QrFSnuhx3wEAAAAAAAAAAAAAAAAAAOBJcWjT/f+/5dbu/9/8d9XAXtX+L7+BvU7+Q/96OP+TnrUD2H2+/6Fv1eQ/9C/5D/1L/kP/kv/Qv+Q/9C/5D/1L/gMAAAAAAAAAAAAAAAAAAAAAAAAAQFdcvHChPtXurywV6/WJgYX5qcpbJyZK1anC9HyxUKzMXi1MViqT5VKhWJn+q/dLKpWrozEzf21krlSdG6kuLL4xXZmfaf6naCnf9R4BAAAAAAAAAAAAAAAAAADAP8/Q2pSkhYh8o56mhULEvyLicBLJ5Svl0mhE/Dsivs/lB+v1sV43GgAAAAAAAAAAAAAAAAAAAPaY6sLi1Hi5XJrtXmEgC9XFEJ0XBrayckQs72wz6u+45Vflsw3Y4023Nwq5J+Nz+OQXejgoAQAAAAAAAAAAAAAAAABAn3pw02+nr/ijuw0CAAAAAAAAAAAAAAAAAACAvpT+nEREfTo2/NzQ5qX7ktXc2nNEvH3r0gfXxufmZsfq8++uz5/7MJt/shftBzrVzNM0Iup5DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADxQXVicGi+XS7PbLAx2sE6v+wgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwHX8GAAD//xLkz18=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r0, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r1) ptrace$setregs(0xd, r1, 0xfffffffffffffffc, 0x0) 12.570478429s ago: executing program 0 (id=119): write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000cc0)={'syz1\x00', {0xfff9, 0x2, 0x240, 0x9b99}, 0x9, [0x7, 0x8, 0x5, 0x9, 0x8, 0x155f, 0x6, 0x5, 0x25cd, 0x3, 0xa4, 0x6, 0xa2b9, 0x6, 0x7, 0xe4, 0x9, 0x868, 0x24d, 0xbbf, 0x4a732f64, 0x8, 0x9, 0xd, 0x2, 0x12a0, 0x6, 0x1, 0x2, 0x4, 0x7, 0x81, 0x8a, 0x79, 0x558e0d31, 0x7, 0x0, 0x91, 0x4, 0x4, 0x7, 0x2, 0x5, 0x101, 0x7fff, 0x5, 0xa7, 0x81, 0xa, 0xf9a2, 0x80000001, 0xff, 0x3, 0x2, 0x7, 0x3, 0x3, 0x1, 0x7ff, 0x4, 0x4007f, 0xffffffff, 0x6, 0x6], [0x9, 0x3, 0x2, 0x5f, 0x4, 0xc66, 0xa8a9, 0x73, 0x8e, 0x10001, 0x8000, 0x5, 0x2, 0x9, 0x80000c1, 0x5, 0x1000, 0x0, 0x200b398, 0x400000, 0x0, 0x2, 0x1c, 0x7, 0x1, 0x2, 0x54f5bad8, 0x8, 0xfffffffd, 0x400, 0xffff58b9, 0x4c2336d3, 0x4, 0x20000001, 0xfffffff8, 0x401, 0x46, 0xf1, 0x4, 0xab00000, 0x4, 0x6, 0x2, 0x5, 0x3ff, 0x1ff, 0x1, 0x7faf, 0x35db, 0x1cb, 0x1, 0x4, 0x6, 0x438, 0x2, 0x9, 0x95, 0x8000, 0x5, 0xfffffff9, 0x200004, 0x1000, 0xfffff801, 0x5], [0x2, 0x1, 0xffff, 0x3, 0x5, 0x2e6bf783, 0x80000001, 0xb, 0x5, 0x800, 0x8d3, 0x6, 0x8, 0x3ff, 0x2, 0x400, 0x40, 0xe35, 0x10007, 0x7, 0x5, 0x4, 0x5, 0x9, 0xffffde84, 0x3, 0x9, 0x3, 0xc7, 0xfff, 0x100006, 0x8000, 0x400, 0x3e55, 0xff, 0xffffffff, 0x7, 0x3435, 0x3, 0x9, 0xfd, 0x401, 0x101, 0xdd83, 0x60a2, 0x17fc, 0x9d26, 0x5, 0x8, 0x2, 0x2, 0x6, 0x8000, 0xf45, 0x2, 0xd500, 0x8, 0x77, 0x9, 0xfffffffc, 0x10000, 0x1, 0x8, 0x1], [0xa772, 0x1, 0x5, 0x1afa, 0x20bfc, 0x8, 0x7c81, 0x7f, 0xfffffff8, 0x5, 0xff, 0x5, 0x7fffffff, 0x7, 0x4, 0xb, 0x81, 0x3, 0x9, 0x9, 0xfffffff7, 0x8, 0x40f1, 0x2, 0x3, 0x101, 0x80000001, 0x7777, 0xfff, 0x2, 0x100, 0xd8ce, 0x7fffffff, 0x624dfaee, 0xc, 0x7f, 0x1000, 0x1ff, 0x2000004, 0xffffffff, 0x10000, 0x0, 0x8001, 0x7fff, 0x1000, 0x6, 0xf, 0xe, 0x5337, 0x26d, 0x6, 0xfffffff9, 0x4, 0xfffffff9, 0x9, 0x4, 0x463f, 0x4, 0xdab, 0x1, 0x8, 0x5393, 0x1, 0x1b1a]}, 0x45c) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000480)='task\x00') syz_open_procfs$userns(0x0, &(0x7f0000000ac0)) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_CAP_HYPERV_ENLIGHTENED_VMCS(r3, 0x4068aea3, &(0x7f0000000280)={0xa3, 0x0, 0x0}) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_IRQCHIP(r2, 0x8208ae63, &(0x7f0000000880)={0x0, 0x0, @pic={0x2a, 0xc0, 0x7, 0x6, 0xfb, 0x2, 0xf, 0x4, 0x3, 0x0, 0x3, 0x58, 0x9e, 0x6, 0x6, 0x7f}}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xfff, 0x0, 0x180, 0x4, 0x14, 0xf1, 0x0, 0x7fffffffffffe, 0x5, 0x4005, 0x6, 0x0, 0x45, 0x1, 0xbdb], 0x1, 0x1c4213}) ioctl$KVM_RUN(r3, 0xae80, 0x0) r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r5 = dup(r4) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil}) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f00000000c0)="c20000361e0f01c3660fd2eff30f10f1b961020000b80e000000ba000000000f30b98d0200000f320b99f3530000660f6af7c4e2f91d20", 0x37}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r4, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) 12.02045795s ago: executing program 0 (id=124): r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x27}}, 0x10) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x40002000, 0x0) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005240), 0x4000095, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan0\x00'}) sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r1}, 0xc) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r3, &(0x7f0000000040), 0x6) ioctl$sock_bt_hci(r3, 0x400448e7, 0x0) prctl$PR_SET_NAME(0xf, 0x0) ioctl$KDFONTOP_SET(0xffffffffffffffff, 0x4b72, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r4, &(0x7f0000000040)={0x1f, 0x0, 0x1}, 0x6) 10.746260374s ago: executing program 32 (id=124): r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x27}}, 0x10) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x40002000, 0x0) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005240), 0x4000095, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan0\x00'}) sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r1}, 0xc) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r3, &(0x7f0000000040), 0x6) ioctl$sock_bt_hci(r3, 0x400448e7, 0x0) prctl$PR_SET_NAME(0xf, 0x0) ioctl$KDFONTOP_SET(0xffffffffffffffff, 0x4b72, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r4, &(0x7f0000000040)={0x1f, 0x0, 0x1}, 0x6) 10.665443696s ago: executing program 3 (id=127): syz_mount_image$ext4(&(0x7f00000002c0)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800702, &(0x7f0000000100)={[{@discard}, {@bsdgroups}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x40}}, {@noauto_da_alloc}, {@noload}, {@oldalloc}, {@resuid}]}, 0x2, 0x470, &(0x7f0000000dc0)="$eJzs209sFNUfAPDvTLuFH//an+IfELVKjI1/WlpQOXjRqPGA0UQPeKxtIYRCDa0JECLVGLyYGBL1ajyaePDszYtRTyZeNfFoSIhyAfVSM7Mz7XbplpZud2v380kG3tt52/e+++bNvJm3G0DH6s/+SSJ2RMQvEdFbzS4u0F/978a1C2N/XbswlsTc3Ot/JHm569cujJVFy/dtLzIDaUT6QVJUstj0ufMnRycnJ84U+aGZU28PTZ87/+SJU6PHJ45PnB45fPjQweFnnh55qilxZnFd3/vu1L49L795+ZWxo5ff+uGrrL07iv21cTRLfxb4n3O5+n2PNLuyNttZk06629gQVqUrIrLuquTjvze6YqHzeuPF99vaOGBdZdemLY13z84Bm1gS7W4B0B7lhT67/y23Fk09NoSrz1VvgLK4bxRbdU93pEWZSt39bTP1R8TR2b8/z7ZYp+cQAAC1Phr79Eg8sdT8Lz19d025XcUaSl9E/D8i7oiIOyNid0TcFRFZ2Xsi4t5V1l+/NHTz/Ce9cluBrVA2/3s24qUbN83/ytlf9HUVuZ15/JXk2InJiQPFZzIQlS1ZfniZOr594eePG+2rnf9lW1Z/ORcs2nGlu+4B3fjozGg+KW2Cq+9F7O2uru0tjj+ZXwlIImJPROxd3Z/eVSZOPPblvkaFbh3/MpqwzjT3RcSj1bXN2aiLv5Qsvz45tDUmJw4MlUfFzX786dJrjepfU/xNkPX/tljU//VF+pLa9drp1ddx6dcPG97T3O7x35O8kZ+PeorXzo7OzJwZjuhJjuT5Ra+PLLy3zJ8drczHP7B/qeM/zc9xUfT/fRGRHcT3R8QDEfFg0faHIuLhiNi/TPzfP99430bo//FYevwX6vp/9Ymuk99906j+lfX/oTw1ULySn/9uYaUNXMtnBwAAAP8Vaf4d+CQdnE+n6eBg9Tv8u2NbOjk1PfP4sal3To9XvyvfF5W0fNLVW/M8dDiZLf5iNT9SPCsu9x8snht/0vW/PD84NjU53ubYodNtbzD+M793tbt1wLpbah1tpKcNDQFarn78p4uzF19t+M7f1qdBQMv4vTZ0rluM/4XpwD/r3xagtVz/oXMtjP/P5lMX68pYC4DNyfUfOteKx781Qdh0XP+hcxn/0JHW8rv+liUqW6uN3SjtkZg+dz7SDdEMiXVKLHGy+Dpt9ekJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgzf4NAAD//7Rs7dg=") r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000380)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="02000000040000000814000001"], 0x50) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="1e00000000"], 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r4}, 0x0, &(0x7f00000002c0)}, 0x20) setxattr$trusted_overlay_upper(&(0x7f0000000280)='./file0\x00', &(0x7f00000001c0), &(0x7f0000000440)=ANY=[], 0x835, 0x1) mount$nfs(0x0, &(0x7f00000000c0)='./file1\x00', 0x0, 0x1a29143, 0x0) 9.313848622s ago: executing program 3 (id=131): r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$inet_group_source_req(r0, 0x0, 0x2e, &(0x7f0000000080)={0x9, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @loopback}}}, 0x108) setsockopt$inet_group_source_req(r0, 0x0, 0x2e, &(0x7f0000000080)={0x9, {{0x2, 0x0, @multicast2}}, {{0x2, 0x4e1d, @rand_addr=0x64010102}}}, 0x108) 8.85793552s ago: executing program 3 (id=134): sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000100)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16, @ANYBLOB="050000000000000000", @ANYRES32, @ANYBLOB="3d000e0080000000ffffffffffff080211000000ffffffffffff0000feffffffffffffff070001000406f0027f0006a7000c006400000008000d000000000073f68ac399765b7ab289a21d254ebf1c30920188d7e0527bff31151da7c57628327841e9134f4b1b378bcbf5a202"], 0x70}, 0x1, 0x0, 0x0, 0x20004090}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb08004c00", @ANYRES32=0x41424344], 0x0) r0 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850", 0x4, 0xfffffffffffffffe) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="4800000010000504"], 0x48}, 0x1, 0x0, 0x0, 0x4000011}, 0x0) r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0) add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = dup(r3) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r3, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 6.848474329s ago: executing program 3 (id=140): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x20, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_usb_connect$cdc_ncm(0x0, 0x0, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000400)=ANY=[@ANYBLOB="040e066a250c00e1c971e7"], 0x9) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000080)={r0, 0xffffffffffffffff, 0x2d, 0x0, @val=@netfilter={0x2, 0x1, 0x6, 0x1}}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32=0x0], 0x0, 0x0, 0x0, 0x0, 0x41100, 0xc, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x7, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={0x0, r1}, 0x18) removexattr(&(0x7f00000002c0)='./cgroup.cpu/cgroup.procs\x00', &(0x7f0000000000)=@known='security.apparmor\x00') syz_emit_ethernet(0x86, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c200000e0800450000780000000000119078000000000000000000004e20006490780200000000000000010000008ea9a454f02c901fd1e9524fb526e79840e1195b957b6416810cc7f6120458ef4b34c7009631f47b3a8b4d0e3723c074d0a63798f4eb9bbba86950d2d725df005d827a2ae3bc508cd32690f3383c3de9"], 0x0) ioperm(0x0, 0x33, 0x3) clock_nanosleep(0x8, 0x1, 0x0, 0x0) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x141600, 0x0) ioctl$TCXONC(r2, 0x540a, 0x3) 6.363358278s ago: executing program 2 (id=142): syz_usb_connect(0x4, 0x126, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e0b06c9000c0010"], 0xe) 6.012889745s ago: executing program 3 (id=143): syz_emit_ethernet(0xbe, &(0x7f00000000c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa0000000000000800450000b00000000000119078000000000000000000004e22009c90780100000000000000000000000000000000000000000000000000000d00"/190], 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)) fsetxattr$security_capability(0xffffffffffffffff, &(0x7f0000000240), &(0x7f0000000580)=@v1={0x1000000, [{0x40, 0x6}]}, 0xc, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="240000001e0001000000000001000000026000000000"], 0x24}, 0x1, 0x0, 0x0, 0x4040}, 0x8000) openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) syz_open_dev$mouse(&(0x7f0000000400), 0x5c3b, 0x400202) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x1000040, &(0x7f00000002c0)={[{@barrier}, {@nodioread_nolock}, {@noquota}, {@barrier}, {@auto_da_alloc}, {@nodioread_nolock}]}, 0x1, 0x599, &(0x7f0000001280)="$eJzs3T9sG2UbAPDnznHTP/m+9JO+T/pAHSpAKlJVJ+kfKEztiqhUqQMSC0SOG1Vx4ipOoIkike4VogMC1KVsMDCCGBgQCyMrC4gZqaIRSE0HMHJ8TtPULk6I4xL/ftLZ73t39vO+d35e+053cgB962j9IY14KiIuJhHDG5YNRLbwaGO91ZWl4v2VpWIStdqlX5JIIuLeylKxuX6SPR+KiOWI+H9EfJOPOJ6uv+W+ZqG6sDg1Xi6XZrP6yNz01ZHqwuKJK9Pjk6XJ0sypF186c/b0mbGTYxube7+2sZbfWl9v/Hjz3RvfvXL75qefHVkuvj+exLkYypZt7MdOamyTfJzbNP90N4L1UNLrBrAtuSzP66n0vxiOXJb1rdQ2Dg6Du9I8oItqgxE1oE8l8h/6VPN3QP34tznt5u+PO+cbByD1uKsrS8V3ohl/oHFuIvavHZsc/DV56Mikfrx5eDcbyp60fD0iRgcGHv38J9nnb/tGd6KBdNXX5xs76tH9n66PP9Fi/Blqnjv9m5rj32o2/q22iJ9rM/5d7DDG76//9FHb+NcH4+mW8ZP1+EmL+GlEvNlh/FuvfXm23bLaxxHHonX8puTx54dHLl8pl0Ybjy1jfHXsyMvt+x9xsE38xjnb/WtfMxv7vy9rU9ph/7/49vNnlh8T//lnH7//W23/AxHxXofx/3Pvk1fbLbtzPblb/xWw1f2fRD5udxj/hXNHf8iKzhoCAAAAAAAAAMAOSteuZUvSwno5TQuFxj28/42DablSnTt+uTI/M9G45u1w5NPmlVbDjXpSr49l1+M26yc31U/lsoC5A2v1QrFSnuhx3wEAAAAAAAAAAAAAAAAAAOBJcWjT/f+/5dbu/9/8d9XAXtX+L7+BvU7+Q/96OP+TnrUD2H2+/6Fv1eQ/9C/5D/1L/kP/kv/Qv+Q/9C/5D/1L/gMAAAAAAAAAAAAAAAAAAAAAAAAAQFdcvHChPtXurywV6/WJgYX5qcpbJyZK1anC9HyxUKzMXi1MViqT5VKhWJn+q/dLKpWrozEzf21krlSdG6kuLL4xXZmfaf6naCnf9R4BAAAAAAAAAAAAAAAAAADAP8/Q2pSkhYh8o56mhULEvyLicBLJ5Svl0mhE/Dsivs/lB+v1sV43GgAAAAAAAAAAAAAAAAAAAPaY6sLi1Hi5XJrtXmEgC9XFEJ0XBrayckQs72wz6u+45Vflsw3Y4023Nwq5J+Nz+OQXejgoAQAAAAAAAAAAAAAAAABAn3pw02+nr/ijuw0CAAAAAAAAAAAAAAAAAACAvpT+nEREfTo2/NzQ5qX7ktXc2nNEvH3r0gfXxufmZsfq8++uz5/7MJt/shftBzrVzNM0Iup5DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADxQXVicGi+XS7PbLAx2sE6v+wgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwHX8GAAD//xLkz18=") 6.012464735s ago: executing program 1 (id=144): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f00000000c0)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) prctl$PR_SCHED_CORE(0x3e, 0xe, r0, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$sock_timeval(r3, 0x1, 0x43, &(0x7f0000000340), 0x10) r4 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r4, &(0x7f00000000c0)={0xa, 0x0, 0x52c, @loopback}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f0000000340)={{{@in=@local, @in=@multicast1, 0xffff, 0x7, 0x1, 0x4, 0xa, 0x0, 0x0, 0x3a}, {0x2000000000000bd1, 0xe, 0x3, 0xfffffffffffffffe}, {0x81, 0x9, 0x200000000000}, 0x2000000, 0x0, 0x1, 0x0, 0x1, 0x2}, {{@in6=@private2={0xfc, 0x2, '\x00', 0x1}, 0x8000, 0x33}, 0x0, @in6=@loopback, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0xe7}}, 0xe8) write(0xffffffffffffffff, 0x0, 0x0) r5 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_int(r5, 0x1, 0x2a, &(0x7f0000000000)=0xb6, 0x4) bind$inet(r5, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) recvfrom(r5, 0x0, 0x0, 0x32, 0x0, 0x0) syz_emit_ethernet(0x2e, &(0x7f0000000380)={@multicast, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0xc, 0x0, @gue={{0x1, 0x0, 0x0, 0x40, 0x100, @void}}}}}}}, 0x0) 3.967960874s ago: executing program 2 (id=145): r0 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x800000001fe, 0x82) ioctl$USBDEVFS_RELEASEINTERFACE(r0, 0x80045510, &(0x7f0000000800)=0x4) 3.577350091s ago: executing program 3 (id=146): iopl(0x3) syz_mount_image$erofs(&(0x7f0000000180), &(0x7f00000000c0)='./file1\x00', 0x1000803, &(0x7f0000000080)=ANY=[], 0x0, 0x1fb, &(0x7f0000000b00)="$eJzsmb+L1EAUx78z+bHnIQc2FjYWHniil02yKtdccYKlIJyilsGLx2nuVvYi3B0ILjY22lkItjaWFhZWFv4FtlqoIFq4pZ0wMpNJMsTskl1Xm30f2NnvTN6+mffYfIsEBEHMLF8+//z0+MLKlTMADmMRLb3+3SpjuBH/8dm9009XLz5/9eHFu52F+2+q+RgAIZrv7wJ4u2YhBbOzFSGwUF5fLLKWXAXHKa2vgcHL5C+hyCYxGG7omNuG7h7SIom9m91k49ZWEvtyCOQQyqFj7iUPNegzbACYU6cTwjzN7v7BnShJ4l5VOCLf549L4wo+on/qfGscq8i7J4SMv/7oYV/OdW/gg+teAgE4Aq07YFjXegUteJ5XtsSo/5hd5rea1P9PxJOmwS+VOLLcLLOji5n8YPk98l+7MXvCmUoeVl2RN3SxcnSQe6AZ83XsvdxJT/jNnXLrlHEBiJzKP/z9fJJc+ovMbk2jClH6k3T2k4Y/2bAL/2in23fbu/sHy1vb0Wa8Ge+EYee8f9b3z4VtZUTZOML/5pQ/zRv5nSGxLnOxF6VpL9gD0l5QzMNsLAvA+uvuD/UbrvzPxtIJNVWeqspu1e/B9Ierb6mWrPrIB0NrIgiCIAiCIAiCIAiCIAiCqOc4GLI3YYLpB6J1hJfVE8rfAQAA//9DhGHK") syz_mount_image$ext4(&(0x7f0000000040)='ext2\x00', &(0x7f0000000000)='./bus\x00', 0x404e, &(0x7f0000000200), 0x1, 0x460, &(0x7f0000000d00)="$eJzs3M9vFFUcAPDvzLZVftlK8Ac/lCoaiT9aWhA5eNFo4kETEz3gsbaFVBZqaE2EEEVj8GhIvBuPJvwFnvRi1JPRq3o2JMRwAT2tmd0ZurvsLtu1ZSn7+SQD78283fe+ffO6b+btNICBNZ79k0RsjYjfI2K0lm0sMF777/rVc7P/XD03m0Sl8tbfSbXctavnZouixeu2FJmhiPSzJHa3qHfpzNkTM+Xy/Ok8P7l88v3JpTNnn1s4OXN8/vj8qekjRw4dnHrh8PTzaxJnFte1XR8t7tn52jsX35g9evHdny4lRfwNcWzq6v1Kty4y3ungk5VKV/VsFNvq0slQHxvCqpRqwzSGq+N/NEqx0nmj8eqnfW0csK4qlUrlwfaHL1UL3KzUZj+woSSGMgyo4oM+u/4ttts09bgjXHmpdgGUxX0932pHhiLNyww3Xd+upfGIOHr+36+yLZrup3R5KwIAYFW+y+Y/z7aa/6VRf1/ovnwNZSwi7o+I7RFxOCJ2RMQDEdWyD0XEw6usv3mR5Ob5Z3q5p8C6lM3/XszXthrnf8XsL8ZKeW5bNf7h5NhCef5A9jP5dW+txEJ5fqpDHd+/8tsX7Y7Vz/+yLau/mAvm7bg8dE/ja+Zmlmd6DrjJlU8idg21ij+5sRKQRMTOiNjVYx0LT3+zp92xNvGPdPXGa7DOVPk64qla/5+PpvgLSef1ycl7ozx/YLI4K2728y8X3mxX/637f31l/b+55flfxP/nWFK/Xru0+jou/PF522vKXs//keTthn0fziwvn56KGEler+bH6vdPN5WbXimfxb9/X+vxvz1WfhK7IyI7iR+JiEcjYm/e9sci4vGI2Nch/h9ffuK93uNfX1n8cx37P5r6fyUxEs17WidKJ374tqHSsdXEn/X/oWpqf76nm99/3bSrt7MZAAAANp40IrZGkk7cSKfpxETtO/w7YnNaXlxafubY4gen5mrPCIzFcFrc6Rqtux86lV/WF/np/LvFRf5gft/4y9Kman5idrE81+/gYcBtaTP+M3918ZALsME1r6Nt7lM7gNvP85owuIx/GFzGPwyuFuPfo2cwIFp9/n/ch3YAt1/T+O+47GdiAHcX1/8wuIx/GFzGPwykpU1x64fk745EGhH/632GG19e/IGEfsfVp0Skd0QzJNYp0edfTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGvkvwAAAP//s33ezA==") bind$inet6(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x4, 0x0, 0x2, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x0, 0x0) fadvise64(r0, 0x3, 0xff39, 0x3) openat$cgroup_ro(r0, &(0x7f0000000480)='cpuset.memory_pressure_enabled\x00', 0x0, 0x0) statfs(0x0, 0x0) 3.477903533s ago: executing program 2 (id=147): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x50}, 0x4000040) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x1c}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xd, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000b80)={{0xeb9f, 0x1, 0x0, 0xfc5f, 0x0, 0x0, 0x0, 0x2}}, 0x0, 0xfc5f}, 0x20) sendmsg$IPCTNL_MSG_TIMEOUT_GET(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x14, 0x1, 0x8, 0x101, 0x0, 0x0, {0x0, 0x0, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x40) r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r5 = io_uring_setup(0x747f, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x80}) close(r5) ptrace(0x10, r4) waitid(0x1000000000000000, 0x0, 0x0, 0x4, 0x0) 3.330672306s ago: executing program 1 (id=148): sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000100)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16, @ANYBLOB="050000000000000000", @ANYRES32, @ANYBLOB="3d000e0080000000ffffffffffff080211000000ffffffffffff0000feffffffffffffff070001000406f0027f0006a7000c006400000008000d000000000073f68ac399765b7ab289a21d254ebf1c30920188d7e0527bff31151da7c57628327841e9134f4b1b378bcbf5a202"], 0x70}, 0x1, 0x0, 0x0, 0x20004090}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0x2}, 0x94) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb08004c00", @ANYRES32=0x41424344], 0x0) r0 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850", 0x4, 0xfffffffffffffffe) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="4800000010000504"], 0x48}, 0x1, 0x0, 0x0, 0x4000011}, 0x0) r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0) add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = dup(r3) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r3, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 2.64008514s ago: executing program 1 (id=149): mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffffffffe, 0x4031, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) getpid() socketpair$unix(0x1, 0x2, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x4, &(0x7f0000000280)=ANY=[], 0x0, 0x4, 0x0, 0x0, 0x41100, 0x43, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7fff}, 0x94) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x40001e0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r3, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) 2.59392628s ago: executing program 2 (id=150): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0) quotactl_fd$Q_GETQUOTA(0xffffffffffffffff, 0xffffffff80000701, 0x0, &(0x7f0000000380)) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000499000/0x18000)=nil, 0x0, 0x0, 0x8, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x2a7, 0x0, 0x0, 0x40f00, 0x24, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3ff}, 0x94) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1.442392332s ago: executing program 1 (id=151): fanotify_init(0x8, 0x800) syz_mount_image$hfsplus(&(0x7f0000000080), &(0x7f0000000100)='./bus\x00', 0x0, &(0x7f0000000340)=ANY=[], 0x1, 0x634, &(0x7f0000000480)="$eJzs3c1rXNfdB/DvHcmyxgZHeWI7fkogIoa0VNTWC0qrbuqWUlQIJaSLroUtY+Gxk0pKUUJp1De67SJ/QLrQrqtCN4WCIV23u2y1DBS6yUpdTbl37oxGtjwdxZJGTj8fc+ecM+fec3/nN/dlZoyYAP+zlmcy/ihFlmfe3CrbuzsLrd2dhQfdepLzSRrJeKdI8TApPklupbPk/8sn6+GKp+3no7Wltz/9fPezTmu8Xqr1G4O2G852vWQ6yVhdHtd4t595vKI3wzJh17uJg1E7l6R9wE+v7vcMduGZz1vgLCg6982edn1mT1WneSbr9wGdu2Lnnv1c2x51AAAAAHAKXtjLXrZyadRxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwPOk/v3/6lf/J3tPpZhO0f39/4luf5KLIwx1sInhVnvUOOlAAAAAAAAAAODkvbqXvWzlUrfdLtJI8lrVuFw9Xsx72chq1nMjW1nJZjaznrkkU30DTWytbG6uzw2x5fyhW84PGXDz2ecMAAAAAAAAAF9Cv8ry/v//AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAWVAkY52iWi5361NpjCeZTDJRrred/KNbf549GnUAAAAAcApe2MtetnKp224X1Wf+q9Xn/sm8l4fZzFo208pq7lTfBXQ+9Td2dxZauzsLD8rlyXG/+68jhVGNmM53D4fv+Vq1RjN3s1Y9cyO3805auZNGtWXpWjeew+P6ZRlT8Z3akJHdqcty5r+vy5M3NsQ6U1VGzvUyMlvHVmbjxcGZOPjqbB91T3Np9L75uXwCOb9Ql0Vy8YenlvNh1Jl4NXUm5vuOvquDM5F89c9//Mm91sP79+5uzJydKR3B+Xa73a0/fkws9GXi5S99JvrNVpm40msv5wf5cWYynbeynrX8LCvZzGqm8/2qtlIfz+Xj1OBM3TrQeqt6bD49kon6delcPY4W02vVtpeylh/lndzJat6o/s1nLt/MYhaz1PcKXxnirG8c7ay//rW6Uk7wd4MnesrKvL5Y5/XD5MA1d6rq639mP0spctzXxvGv1JVyH7+uy7Ph8UzM9WXipcHHyx+qy8pG6+H99Xsr7w65v9frsjyPfnum7hLl8fJ/5YtVtQ4eHWXfS4f2zVV9l3t9jSf6rvT6/tuZOlG/h3typPmq7+VD+xaqvmt9fYe93wLgzLvw9QsTzX82/978uPmb5r3mm5PfO/+t869M5Nzfzn17fHbs9cYrxZ/ycX6x//kfAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD44jbe/+D+Squ1uv5Ypd1uf/iUri9aGctRtvrrX45z793fIzrG6RxvZfIoK7fPRsxHqfy73W4fy4DbAw7aY6u0a2cidSOqjPjCBJy4m5sP3r258f4H31jr3iIXF5dmlxbfWLh5d621Ott5HHGQwInYv+mPOhIAAAAAAAAAAABgWKfx5wSjniMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwfFueyfijFJmbvTFbtnd3Flrl0q3vrzmepJGk+HlSfJLcSmfJVN9wxdP289Ha0tuffr772f5Y4931G4O2G852vWQ6yVhdHtd4t595vKI3wzJh17uJg1H7TwAAAP//UOQPsQ==") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) renameat2(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0xffffffffffffffff, &(0x7f0000000980)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) r3 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) fchdir(r3) mkdir(&(0x7f0000001c00)='./file0\x00', 0x0) syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000680)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x181d011, 0x0, 0x0, 0x0, &(0x7f0000000140)) syz_mount_image$exfat(0x0, &(0x7f0000000100)='./bus\x00', 0x4800, 0x0, 0x0, 0x0, &(0x7f0000000000)) syz_mount_image$ext4(0x0, &(0x7f00000000c0)='./bus/file0\x00', 0x84008, 0x0, 0x0, 0x0, &(0x7f0000000000)) mount(&(0x7f0000000140)=@nullb, &(0x7f0000000240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', &(0x7f00000001c0)='ceph\x00', 0x212008, &(0x7f0000000080)='trans=tcp,') r4 = socket$inet6_udp(0xa, 0x2, 0x0) getsockname$inet6(r4, 0x0, &(0x7f00000024c0)) rename(&(0x7f0000000000)='./bus/file0\x00', 0x0) 1.310577445s ago: executing program 2 (id=152): syz_mount_image$squashfs(&(0x7f0000000180), &(0x7f0000000280)='./file1\x00', 0x0, &(0x7f0000000500)=ANY=[], 0x9, 0x201, &(0x7f0000000f40)="$eJzsVUtrU0EU/s7NJLfRLAru3BpsN9rmFsS1G7vXH2BIr7WY+OhENKFgdNONgvgnCv4JXQi6dyEiuNGFgi4qrioSOTNnJpMH9ra+NvPB5XznPY87M1f0TZ0C+LG71cI8DAg1vCWCArBA1rZXsfKryKHgo7J6Q+xPRH4QqXv9Vw8s7V9tttv5pu79mqQgYJ+YcTJtOvf04bHi+RPk5f1xC6FIFqnD9Po90i3ZlZ12PRqzpLNiJBeTlRsX/vEsDk+qU4N35FsNCC2f/mD3Mq9mGTNjiA70r88gXMAQwLu+16a3aZK8eWw7z4wpSXoV48uyL+FT/L93mQnfRYYkB0rXkP3Q5+8l+EJAGa93t1psvSS3GLvX7OeOhMli5XkQc1wBA4BKGJqiXEdJ7AKApW7nxpLu9U9tdJrr+Xp+LctWziy/OCpHdHgX2Gjny2SGYdMTJgoefE6rgZ//tHcj/wABKBgaeF4jsy/pLufFE0FIFUiC3KCGFHjm+6diu6U7uIiTmANwe8DuTBaoDq6mcJmntgpCSZSGCgeEPSSYM47TrevttW0QyKXtQPkajfcoeyUThRvlK2f99LdF1kWuitwZ9TNwb5d7k5Sp8Fm0xQFQwZ1mt7tpHi/L2FbxFYwtm/edE+nqXkPXrJ6iII4UDYyIiIiIiIiI+Ev4GQAA//8sQT03") r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x8) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1000001, 0x10012, r0, 0x1000) syz_mount_image$udf(&(0x7f0000000040), &(0x7f0000000480)='./file0\x00', 0x201800a, &(0x7f0000000cc0)=ANY=[@ANYBLOB="4a1727cc3b559e5311ff6d6814d516e69ae2c8e57ee50a21d388587d3fd0fca51b3f17c4b73dfae1cfeb316419e011086ff6c53e1990b2d37fc7c027890cde924448d5e71537b4a0545b5017b29730837448d9720ccbab81200c39f4623a3202061e6acaf75519b0b18844ac5718ad2feec0a15a3b72adc97e621899cb4227dc07f1c59220b2d3da75", @ANYBLOB="2f93edc77863113d68e33456dfe3c025878b46bc73df14f991a8f7a341a10f44c05fc1c37ad73b0239a18733e7436f3b54758b4ce59af971d50e53c14277216c0bba6ad052fa7a6d77f0b19c8b2381abc46dfa7e4bc6c37bbab3f908f48d7e280000457c5d503502300a69dc517cc08b955df0d19ae4c120c512eceffbf3fc154e4ba08f2497b14e95cfdef19a2c44e453a0cfffbf23e5bf1e872ee040a582eda3d84714e82dde4c02836e5f66775f4df1bdcfbc28eb5ced2b332944d3ab2b9efe3cbb2111fe00000000000007000000000000009a9806dfda05ded85abecf8ff53f90b92fe647023baaf2bee27029d124e712acca24ddc3f67cdc22e1b9c6cfc724a6f43505a958995505a92ad815bbf46a90bda3e64161f02f1c57fc913e78298dd4c5097fd37297508a99d91ea1de524b32357aac522ffda551af6704c1a5cc7800c31b73df6916532e20a89df39e21239db55bd7e20f8a00c056f3b34b842abfd95ebcfa1eeee17ad811a4989bc0"], 0xfc, 0x4b1, &(0x7f0000001d00)="$eJzs201sVNUbx/HfM3c6TIf+/5YXCxgCTTSxgkBfsEBqYnix0YQXLVQj8SWVTrHSdkinKCUgLNWdC5Yu3bpwZdwaEpfGhcEYFibIxs2sxB3m3LlvM5TOjG1nKP1+CJx7zzx3OOc8c+ecM5kRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACQjrx6uLfPWt0KAADQTCdPj/QOMP8DALCmnGH/DwAAsJaYPP0u054LJTvhn5dlj0/OXLo8emx44cvaTaaUPD/e/c329Q/sf2nwwMGwXPz65bZNp06fOdx9tDB9cTZfLObHu0dnJs8VxvN1P8NSr6+2yx+A7ukLl8YnJord/XsHKh6+3Hlv3fquzqHB945mwtjRY8PDpxMx6bb//L8/5FEr/Iw8vSDTx99/ayclpbT0sajx2llp7X4ndvmdGD027HdkanJsZs49aKkgKlU5JplwjJqQiyVJSa5dllmePVubPP0g05F9JTslyQvHYbf/wXBd7WmFtNu6SurRKsjZY2ydPH0g0619nXojGFc//xnpaqsbhxWXDu7/gpXsTf/9wN1P7m3z+Fvdr89MFBKxlgruqNU+PzTTY/7elJWnU/4dX7IR7Wx1c9Bk7fI0LVPmq0/8dYX8delTQwd27DyUXGFsqfE8LnZvcHPVMye3BUsHS7k/y98v1Cdrnv6U6f5vWf+8J5wDpBsPFrvwj6Y0DyvNPE3J9M+1klnVvtRL7O8jq33uX9n2t2ePFi7Oz06e/2huwcdz2cMfFudmx84t/HB57+ola2rtY6ulGtuS5ay84/v801J0XbAH+F/5LG7NN1fj10JPVRlKvn7qOa57F9vAOsq1yczTXZkm3t9anmeUa3hs1gKX/2GZiqWfLcx0kP90+SyR/5fj8ctaZRnxc/v/8uda4Vpi29nNj6pfify7Nrn8vyPTkb+3Bp9plPPvVcW6uC6Z3r25PYhLZVxcOuxO+RknJqfyvS72gUwbfwpj5cfmgthNcWyfiy3K9MWtytj1QezmOLbfxd6W6c6vC8c+HccOuNh5l6873WFszsXuCGK74ti95wpT47WG1eW/X6a3r79mYZ8fmf/E/X+jqow8lPPFj5cr/52JuhtBXs8G+U/XyP+XMs3/tT3stz/24ctqg/9vnH+3Vv7uZmVsuKHcGMf21dutVnP53yDTvVduR30O+hacxhlK5v+ZdGUZjWuL8r8hUdcZtCvT4FisRcX5KxfGpqbysxxwwAEH0UGr35nQDG7+H3Gz+qBn4TommP87ymfxiun+Z/H8P1RVRlo0/29M1A0Fq5a2tJSdm77YtkXKFuev7JmcHjufP5+fGdg/2Nt/aH/vwMG2TLi4i4/qHrsngcv/bpmu/fhLtI+pXP8tvP7PVZWRFuV/U7JPFeuauodiTXL575Bp8O7taL+52Po/3P/3PFtZRvdfi/K/OVHXGbSro8GxAAAAAAAAAAAAAAAAAIDVJGeenpPp8siLFv6GqJ7v/41XlZHl//5X+YfJNb7/1ZWoG2/S7xoaGmgAAAAAAAAAAIAmScnT1zI9r5JddxUd0olkiSfavwEAAP//G6xIAA==") 266.021175ms ago: executing program 1 (id=153): r0 = landlock_create_ruleset(&(0x7f0000000080)={0x5d62}, 0x10, 0x0) landlock_restrict_self(r0, 0x0) 61.756409ms ago: executing program 2 (id=154): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x80, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000100)={0x1, 0x0, [{0xd, 0x4, 0x5, 0x6, 0x8}]}) 0s ago: executing program 1 (id=155): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000700)=ANY=[@ANYBLOB="1800000000030104"], 0x18}}, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.234' (ED25519) to the list of known hosts. [ 356.922839][ T5814] cgroup: Unknown subsys name 'net' [ 357.086593][ T5814] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 358.754002][ T5814] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 360.785231][ T5827] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 360.793916][ T5827] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 360.807270][ T5827] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 360.827672][ T5827] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 360.835811][ T5827] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 360.843701][ T5827] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 360.947768][ T5827] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 360.956112][ T5827] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 360.963999][ T5827] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 360.978047][ T5831] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 360.988030][ T5831] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 360.995677][ T5831] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 361.027538][ T50] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 361.036456][ T50] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 361.048700][ T50] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 361.049255][ T5831] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 361.064935][ T5831] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 361.073305][ T50] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 361.073314][ T5831] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 361.096026][ T5831] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 361.096684][ T50] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 361.111109][ T50] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 361.118866][ T5831] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 361.126955][ T5831] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 361.435753][ T5824] chnl_net:caif_netlink_parms(): no params data found [ 361.535126][ T5829] chnl_net:caif_netlink_parms(): no params data found [ 361.688919][ T5824] bridge0: port 1(bridge_slave_0) entered blocking state [ 361.696284][ T5824] bridge0: port 1(bridge_slave_0) entered disabled state [ 361.704635][ T5824] bridge_slave_0: entered allmulticast mode [ 361.711735][ T5824] bridge_slave_0: entered promiscuous mode [ 361.749233][ T5824] bridge0: port 2(bridge_slave_1) entered blocking state [ 361.756396][ T5824] bridge0: port 2(bridge_slave_1) entered disabled state [ 361.764019][ T5824] bridge_slave_1: entered allmulticast mode [ 361.772293][ T5824] bridge_slave_1: entered promiscuous mode [ 361.832148][ T5829] bridge0: port 1(bridge_slave_0) entered blocking state [ 361.839498][ T5829] bridge0: port 1(bridge_slave_0) entered disabled state [ 361.846661][ T5829] bridge_slave_0: entered allmulticast mode [ 361.854561][ T5829] bridge_slave_0: entered promiscuous mode [ 361.879345][ T5824] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 361.895833][ T5824] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 361.905497][ T5829] bridge0: port 2(bridge_slave_1) entered blocking state [ 361.912924][ T5829] bridge0: port 2(bridge_slave_1) entered disabled state [ 361.920295][ T5829] bridge_slave_1: entered allmulticast mode [ 361.927909][ T5829] bridge_slave_1: entered promiscuous mode [ 361.993539][ T5832] chnl_net:caif_netlink_parms(): no params data found [ 362.007760][ T5829] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 362.024689][ T5824] team0: Port device team_slave_0 added [ 362.051418][ T5829] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 362.062737][ T5824] team0: Port device team_slave_1 added [ 362.081433][ T5828] chnl_net:caif_netlink_parms(): no params data found [ 362.138012][ T5824] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 362.145019][ T5824] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 362.171137][ T5824] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 362.214477][ T5824] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 362.221858][ T5824] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 362.249390][ T5824] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 362.275890][ T5829] team0: Port device team_slave_0 added [ 362.320326][ T5832] bridge0: port 1(bridge_slave_0) entered blocking state [ 362.327704][ T5832] bridge0: port 1(bridge_slave_0) entered disabled state [ 362.334880][ T5832] bridge_slave_0: entered allmulticast mode [ 362.342622][ T5832] bridge_slave_0: entered promiscuous mode [ 362.351913][ T5829] team0: Port device team_slave_1 added [ 362.390985][ T5832] bridge0: port 2(bridge_slave_1) entered blocking state [ 362.398564][ T5832] bridge0: port 2(bridge_slave_1) entered disabled state [ 362.405730][ T5832] bridge_slave_1: entered allmulticast mode [ 362.413463][ T5832] bridge_slave_1: entered promiscuous mode [ 362.494790][ T5829] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 362.502157][ T5829] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 362.528552][ T5829] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 362.542429][ T5829] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 362.549504][ T5829] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 362.576025][ T5829] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 362.603016][ T5824] hsr_slave_0: entered promiscuous mode [ 362.609753][ T5824] hsr_slave_1: entered promiscuous mode [ 362.619315][ T5832] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 362.632220][ T5832] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 362.662366][ T5828] bridge0: port 1(bridge_slave_0) entered blocking state [ 362.669657][ T5828] bridge0: port 1(bridge_slave_0) entered disabled state [ 362.676804][ T5828] bridge_slave_0: entered allmulticast mode [ 362.684073][ T5828] bridge_slave_0: entered promiscuous mode [ 362.692818][ T5828] bridge0: port 2(bridge_slave_1) entered blocking state [ 362.700061][ T5828] bridge0: port 2(bridge_slave_1) entered disabled state [ 362.708087][ T5828] bridge_slave_1: entered allmulticast mode [ 362.715420][ T5828] bridge_slave_1: entered promiscuous mode [ 362.809269][ T5829] hsr_slave_0: entered promiscuous mode [ 362.816040][ T5829] hsr_slave_1: entered promiscuous mode [ 362.823320][ T5829] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 362.831779][ T5829] Cannot create hsr debugfs directory [ 362.867945][ T5100] Bluetooth: hci0: command tx timeout [ 362.882704][ T5832] team0: Port device team_slave_0 added [ 362.898312][ T5832] team0: Port device team_slave_1 added [ 362.906473][ T5828] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 362.918910][ T5828] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 362.999603][ T5828] team0: Port device team_slave_0 added [ 363.022207][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 363.030415][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 363.056381][ T5832] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 363.069293][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 363.076297][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 363.102455][ T5832] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 363.115772][ T5828] team0: Port device team_slave_1 added [ 363.121487][ T5100] Bluetooth: hci1: command tx timeout [ 363.187285][ T5100] Bluetooth: hci2: command tx timeout [ 363.187696][ T5831] Bluetooth: hci3: command tx timeout [ 363.214545][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 363.221890][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 363.247948][ T5828] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 363.260529][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 363.268873][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 363.295070][ T5828] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 363.390514][ T5832] hsr_slave_0: entered promiscuous mode [ 363.397603][ T5832] hsr_slave_1: entered promiscuous mode [ 363.403779][ T5832] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 363.411823][ T5832] Cannot create hsr debugfs directory [ 363.498279][ T5828] hsr_slave_0: entered promiscuous mode [ 363.505122][ T5828] hsr_slave_1: entered promiscuous mode [ 363.512834][ T5828] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 363.520481][ T5828] Cannot create hsr debugfs directory [ 363.615987][ T5829] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 363.641096][ T5829] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 363.651729][ T5829] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 363.694300][ T5829] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 363.800867][ T5824] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 363.839614][ T5824] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 363.851436][ T5824] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 363.880789][ T5824] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 363.928968][ T5832] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 363.943518][ T5832] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 363.956543][ T5832] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 363.982438][ T5832] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 364.061795][ T5828] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 364.074917][ T5828] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 364.092218][ T5828] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 364.103173][ T5828] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 364.245183][ T5829] 8021q: adding VLAN 0 to HW filter on device bond0 [ 364.328516][ T5824] 8021q: adding VLAN 0 to HW filter on device bond0 [ 364.349858][ T5829] 8021q: adding VLAN 0 to HW filter on device team0 [ 364.365472][ T5832] 8021q: adding VLAN 0 to HW filter on device bond0 [ 364.376376][ T5824] 8021q: adding VLAN 0 to HW filter on device team0 [ 364.417237][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 364.424627][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 364.436832][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 364.444005][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 364.461572][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 364.468772][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 364.484200][ T5828] 8021q: adding VLAN 0 to HW filter on device bond0 [ 364.513968][ T5832] 8021q: adding VLAN 0 to HW filter on device team0 [ 364.531510][ T5828] 8021q: adding VLAN 0 to HW filter on device team0 [ 364.541132][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 364.548303][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 364.560548][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 364.567760][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 364.595605][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 364.602794][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 364.640514][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 364.648136][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 364.674818][ T5861] bridge0: port 2(bridge_slave_1) entered blocking state [ 364.681998][ T5861] bridge0: port 2(bridge_slave_1) entered forwarding state [ 364.806479][ T5832] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 364.822357][ T5832] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 364.844906][ T5824] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 364.967446][ T5831] Bluetooth: hci0: command tx timeout [ 365.187644][ T5831] Bluetooth: hci1: command tx timeout [ 365.268354][ T5831] Bluetooth: hci3: command tx timeout [ 365.269664][ T5100] Bluetooth: hci2: command tx timeout [ 365.285105][ T5832] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 365.314670][ T5829] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 365.413045][ T5824] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 365.448634][ T5828] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 365.485246][ T5832] veth0_vlan: entered promiscuous mode [ 365.492782][ T5829] veth0_vlan: entered promiscuous mode [ 365.508864][ T5829] veth1_vlan: entered promiscuous mode [ 365.542845][ T5832] veth1_vlan: entered promiscuous mode [ 365.604309][ T5828] veth0_vlan: entered promiscuous mode [ 365.631801][ T5824] veth0_vlan: entered promiscuous mode [ 365.665230][ T5829] veth0_macvtap: entered promiscuous mode [ 365.680493][ T5828] veth1_vlan: entered promiscuous mode [ 365.691127][ T5824] veth1_vlan: entered promiscuous mode [ 365.700115][ T5832] veth0_macvtap: entered promiscuous mode [ 365.710310][ T5829] veth1_macvtap: entered promiscuous mode [ 365.741583][ T5832] veth1_macvtap: entered promiscuous mode [ 365.774959][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 365.799540][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 365.811490][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 365.823277][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 365.836590][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 365.855135][ T5824] veth0_macvtap: entered promiscuous mode [ 365.866374][ T5824] veth1_macvtap: entered promiscuous mode [ 365.876368][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 365.889440][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 365.901449][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 365.911420][ T5829] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 365.921404][ T5829] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 365.930200][ T5829] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 365.939130][ T5829] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 365.974795][ T5824] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 365.986082][ T5824] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 366.003228][ T5824] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 366.013879][ T5824] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 366.025944][ T5824] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 366.036491][ T5832] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 366.045918][ T5832] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 366.054791][ T5832] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 366.063702][ T5832] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 366.090203][ T5828] veth0_macvtap: entered promiscuous mode [ 366.105898][ T5828] veth1_macvtap: entered promiscuous mode [ 366.126892][ T5824] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 366.140843][ T5824] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 366.154067][ T5824] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 366.165335][ T5824] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 366.176890][ T5824] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 366.237930][ T5824] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 366.246683][ T5824] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 366.255525][ T5824] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 366.264492][ T5824] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 366.298047][ T5828] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 366.310575][ T5828] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 366.320867][ T5828] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 366.332101][ T5828] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 366.343289][ T5828] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 366.354164][ T5828] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 366.366353][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 366.377419][ T5828] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 366.390146][ T5828] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 366.401416][ T5828] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 366.412049][ T5828] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 366.422434][ T5828] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 366.432966][ T5828] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 366.444503][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 366.454657][ T1001] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 366.470599][ T1001] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 366.503126][ T5828] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 366.514096][ T5828] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 366.522962][ T5828] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 366.531815][ T5828] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 366.614886][ T1001] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 366.637959][ T1001] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 366.657991][ T5897] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 366.665863][ T5897] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 366.757764][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 366.765646][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 366.924259][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 366.938589][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 366.946464][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 366.964280][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 367.077847][ T5100] Bluetooth: hci0: command tx timeout [ 367.116249][ T1001] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 367.127299][ T1001] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 367.172086][ T1001] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 367.246146][ T5914] syz.1.2[5914]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 367.282497][ T5914] loop1: detected capacity change from 0 to 128 [ 367.307818][ T5100] Bluetooth: hci1: command tx timeout [ 367.348950][ T5831] Bluetooth: hci3: command tx timeout [ 367.355482][ T5100] Bluetooth: hci2: command tx timeout [ 367.407570][ T5914] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 367.439560][ T5914] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 367.747753][ T1001] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 367.906700][ T5917] loop0: detected capacity change from 0 to 256 [ 368.115359][ T5917] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 198) [ 368.150939][ T5920] loop1: detected capacity change from 0 to 128 [ 368.164525][ T5917] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 198) [ 368.368842][ T5923] loop2: detected capacity change from 0 to 2048 [ 368.396810][ T5923] ======================================================= [ 368.396810][ T5923] WARNING: The mand mount option has been deprecated and [ 368.396810][ T5923] and is ignored by this kernel. Remove the mand [ 368.396810][ T5923] option from the mount to silence this warning. [ 368.396810][ T5923] ======================================================= [ 368.456265][ T5923] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [ 368.465409][ T5923] UDF-fs: Scanning with blocksize 512 failed [ 368.504825][ T5923] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 368.531737][ T5925] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 368.621698][ T5926] loop0: detected capacity change from 0 to 512 [ 368.731324][ T5926] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 368.762715][ T5926] ext4 filesystem being mounted at /1/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 368.796850][ T5931] loop1: detected capacity change from 128 to 0 [ 368.841814][ T5920] syz.1.5: attempt to access beyond end of device [ 368.841814][ T5920] loop1: rw=0, sector=36, nr_sectors = 1 limit=0 [ 368.856557][ T5920] FAT-fs (loop1): Directory bread(block 36) failed [ 368.883578][ T5933] loop2: detected capacity change from 0 to 1024 [ 368.917177][ T5920] syz.1.5: attempt to access beyond end of device [ 368.917177][ T5920] loop1: rw=0, sector=32, nr_sectors = 1 limit=0 [ 369.004158][ T5920] FAT-fs (loop1): FAT read failed (blocknr 32) [ 369.057415][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 369.100166][ T5920] syz.1.5: attempt to access beyond end of device [ 369.100166][ T5920] loop1: rw=0, sector=36, nr_sectors = 1 limit=0 [ 369.138506][ T5100] Bluetooth: hci0: command tx timeout [ 369.360784][ T5100] Bluetooth: hci1: command tx timeout [ 369.389905][ T5920] FAT-fs (loop1): Directory bread(block 36) failed [ 369.405756][ T5920] syz.1.5: attempt to access beyond end of device [ 369.405756][ T5920] loop1: rw=0, sector=32, nr_sectors = 1 limit=0 [ 369.417425][ T5933] syz.2.7: attempt to access beyond end of device [ 369.417425][ T5933] loop2: rw=0, sector=5778, nr_sectors = 2 limit=1024 [ 369.465687][ T5100] Bluetooth: hci2: command tx timeout [ 369.475017][ T5100] Bluetooth: hci3: command tx timeout [ 369.645464][ T5920] FAT-fs (loop1): FAT read failed (blocknr 32) [ 369.679494][ T5832] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 369.688901][ T5920] syz.1.5: attempt to access beyond end of device [ 369.688901][ T5920] loop1: rw=0, sector=36, nr_sectors = 1 limit=0 [ 369.724052][ T5920] FAT-fs (loop1): Directory bread(block 36) failed [ 369.737148][ T5920] syz.1.5: attempt to access beyond end of device [ 369.737148][ T5920] loop1: rw=0, sector=32, nr_sectors = 1 limit=0 [ 369.771937][ T5920] FAT-fs (loop1): FAT read failed (blocknr 32) [ 369.816694][ T5920] syz.1.5: attempt to access beyond end of device [ 369.816694][ T5920] loop1: rw=0, sector=32, nr_sectors = 1 limit=0 [ 369.884575][ T5920] FAT-fs (loop1): FAT read failed (blocknr 32) [ 370.144825][ T5940] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci3/hci3:200/input5 [ 370.297475][ T5943] loop0: detected capacity change from 0 to 128 [ 370.991878][ T1001] kworker/u4:7: attempt to access beyond end of device [ 370.991878][ T1001] loop1: rw=0, sector=1, nr_sectors = 1 limit=0 [ 371.045975][ T1001] FAT-fs (loop1): bread failed in fat_clusters_flush [ 371.071212][ T5945] loop3: detected capacity change from 0 to 2048 [ 371.142075][ T5945] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 371.160088][ T5829] syz-executor: attempt to access beyond end of device [ 371.160088][ T5829] loop1: rw=0, sector=0, nr_sectors = 1 limit=0 [ 371.207096][ T5829] FAT-fs (loop1): unable to read boot sector to mark fs as dirty [ 371.216062][ T5951] loop0: detected capacity change from 0 to 1024 [ 371.237433][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 371.440440][ T5951] EXT4-fs (loop0): couldn't mount as ext2 due to feature incompatibilities [ 371.907678][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 372.068208][ T5959] loop1: detected capacity change from 0 to 256 [ 372.147546][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 372.227203][ T5960] loop0: detected capacity change from 0 to 1024 [ 372.336601][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 372.537669][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 372.651591][ T5969] loop1: detected capacity change from 0 to 512 [ 372.830560][ T5969] EXT4-fs (loop1): Test dummy encryption mode enabled [ 372.850135][ T5969] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 372.908295][ T5969] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 372.931697][ T5909] usb 3-1: new full-speed USB device number 2 using dummy_hcd [ 372.932471][ T5969] EXT4-fs (loop1): 1 orphan inode deleted [ 372.953505][ T5969] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 373.074102][ T5978] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 373.267955][ T5909] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 373.289989][ T5909] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 373.763178][ T5909] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 373.846307][ T5909] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 373.887233][ T5980] fscrypt (loop1): Missing crypto API support for AES-256-XTS (API name: "xts(aes)") [ 373.970242][ T5909] usb 3-1: config 0 descriptor?? [ 374.029693][ T5909] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 374.205010][ T5829] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 374.365567][ T5996] input: syz1 as /devices/virtual/input/input6 [ 374.400843][ T5997] hsr0: entered promiscuous mode [ 374.407605][ T1188] usb 3-1: USB disconnect, device number 2 [ 374.444750][ T5997] netlink: 4 bytes leftover after parsing attributes in process `syz.1.19'. [ 374.461653][ T5997] hsr_slave_0: left promiscuous mode [ 374.484054][ T5997] hsr_slave_1: left promiscuous mode [ 374.594646][ T5997] hsr0 (unregistering): left promiscuous mode [ 374.815682][ T6006] loop1: detected capacity change from 0 to 128 [ 374.837343][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 374.892889][ T6006] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 374.943325][ T6006] ext4 filesystem being mounted at /5/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 375.048744][ T6010] netlink: 8 bytes leftover after parsing attributes in process `syz.3.26'. [ 375.231206][ T6021] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 375.304792][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 375.325656][ T6010] loop3: detected capacity change from 0 to 164 [ 375.390719][ T6006] fscrypt: AES-128-CTS-CBC using implementation "cts-cbc-aes-aesni" [ 375.498547][ T5948] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 375.525796][ T6019] fscrypt: loop1: 1 inode(s) still busy after removing key with identifier 69b2f6edeee720cce0577937eb8a6751, including ino 12 [ 375.541495][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 375.768258][ T5829] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 375.823400][ T6030] loop0: detected capacity change from 0 to 1024 [ 375.874776][ T6030] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 375.918698][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 375.937595][ T6030] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 375.947808][ T6030] EXT4-fs (loop0): orphan cleanup on readonly fs [ 375.954726][ T6030] EXT4-fs error (device loop0): ext4_free_blocks:6676: comm syz.0.28: Freeing blocks not in datazone - block = 0, count = 4096 [ 375.981594][ T6030] EXT4-fs (loop0): 1 orphan inode deleted [ 375.988833][ T6030] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 375.997504][ T6032] loop2: detected capacity change from 0 to 8 [ 376.040294][ T5832] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 377.085775][ T6044] loop1: detected capacity change from 0 to 1024 [ 377.106462][ T6044] EXT4-fs: Ignoring removed orlov option [ 377.179522][ T6044] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 377.317884][ T5829] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 377.756387][ T6064] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 378.265961][ T8] usb 2-1: new full-speed USB device number 2 using dummy_hcd [ 378.855800][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.866040][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.036179][ T8] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 379.378778][ T8] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 379.395428][ T8] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40 [ 380.267051][ T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 380.326665][ T8] usb 2-1: SerialNumber: syz [ 380.508964][ T8] usb-storage 2-1:1.0: USB Mass Storage device detected [ 380.661567][ T8] usb-storage 2-1:1.0: Quirks match for vid 0525 pid a4a5: 10000 [ 381.250603][ T9] usb 2-1: USB disconnect, device number 2 [ 382.108154][ T27] audit: type=1326 audit(1758397012.803:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6082 comm="syz.2.43" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f76bb58ec29 code=0x7ffc0000 [ 382.513536][ T27] audit: type=1326 audit(1758397012.813:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6082 comm="syz.2.43" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f76bb58ec29 code=0x7ffc0000 [ 382.653239][ T6089] loop1: detected capacity change from 0 to 2048 [ 382.681436][ T27] audit: type=1326 audit(1758397012.813:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6082 comm="syz.2.43" exe="/root/syz-executor" sig=0 arch=c000003e syscall=228 compat=0 ip=0x7f76bb58ec29 code=0x7ffc0000 [ 382.752699][ T27] audit: type=1326 audit(1758397012.813:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6082 comm="syz.2.43" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f76bb58ec29 code=0x7ffc0000 [ 382.800135][ T6089] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 382.857043][ T27] audit: type=1326 audit(1758397012.813:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6082 comm="syz.2.43" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f76bb58ec29 code=0x7ffc0000 [ 382.935873][ T27] audit: type=1326 audit(1758397012.813:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6082 comm="syz.2.43" exe="/root/syz-executor" sig=0 arch=c000003e syscall=227 compat=0 ip=0x7f76bb58ec29 code=0x7ffc0000 [ 383.023446][ T27] audit: type=1326 audit(381.261:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6082 comm="syz.2.43" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f76bb58ec29 code=0x7ffc0000 [ 383.107578][ T27] audit: type=1326 audit(381.261:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6082 comm="syz.2.43" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f76bb58ec29 code=0x7ffc0000 [ 383.456627][ T6110] loop0: detected capacity change from 0 to 512 [ 383.487984][ T6110] EXT4-fs: Ignoring removed nobh option [ 383.591577][ T6110] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 383.778161][ T5832] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 384.385028][ T6123] kvm: pic: non byte read [ 384.436697][ T6123] kvm: pic: non byte read [ 384.459383][ T6123] kvm: pic: non byte read [ 384.497458][ T6123] kvm: pic: non byte read [ 384.507563][ T6123] kvm: pic: non byte read [ 384.551200][ T6123] kvm: pic: non byte read [ 384.728836][ T6123] kvm: pic: non byte read [ 385.647615][ T6123] kvm: pic: non byte read [ 385.657715][ T6123] kvm: pic: non byte read [ 385.692247][ T6123] kvm: pic: non byte read [ 385.852520][ T6133] loop2: detected capacity change from 0 to 256 [ 385.920850][ T6133] exFAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 385.985052][ T6133] exFAT-fs (loop2): Medium has reported failures. Some data may be lost. [ 386.028213][ T6133] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000ff98, chksum : 0xc64c1d22, utbl_chksum : 0xe619d30d) [ 386.493388][ T6137] ptrace attach of "./syz-executor exec"[5828] was attempted by "./syz-executor exec"[6137] [ 386.968147][ T6137] loop2: detected capacity change from 0 to 512 [ 386.985425][ T6137] EXT4-fs: Ignoring removed nomblk_io_submit option [ 387.011057][ T6137] EXT4-fs: Ignoring removed i_version option [ 387.049218][ T6137] EXT4-fs (loop2): 1 orphan inode deleted [ 387.055944][ T6137] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 387.496704][ T6146] loop0: detected capacity change from 0 to 128 [ 387.582543][ T6146] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 387.701181][ T5828] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 387.839110][ T5832] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 388.077906][ T6156] loop1: detected capacity change from 0 to 1024 [ 388.415438][ T6159] hsr0: entered promiscuous mode [ 388.421182][ T6159] netlink: 4 bytes leftover after parsing attributes in process `syz.0.70'. [ 388.450785][ T5842] hfsplus: b-tree write err: -5, ino 4 [ 389.947196][ T6159] hsr_slave_0: left promiscuous mode [ 391.698259][ T6159] hsr_slave_1: left promiscuous mode [ 392.657085][ T9] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 393.337366][ T6174] capability: warning: `syz.0.76' uses 32-bit capabilities (legacy support in use) [ 394.631237][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 394.642523][ T9] usb 2-1: New USB device found, idVendor=0d8c, idProduct=0014, bcdDevice= 0.00 [ 394.687059][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 394.748566][ T9] usb 2-1: config 0 descriptor?? [ 394.822711][ T9] usbhid 2-1:0.0: can't add hid device: -71 [ 394.846952][ T9] usbhid: probe of 2-1:0.0 failed with error -71 [ 394.908290][ T9] usb 2-1: USB disconnect, device number 3 [ 395.185684][ T6179] loop1: detected capacity change from 0 to 1024 [ 395.216501][ T6179] syz.1.79: attempt to access beyond end of device [ 395.216501][ T6179] loop1: rw=2057, sector=262, nr_sectors = 65274 limit=1024 [ 395.240037][ T6179] syz.1.79: attempt to access beyond end of device [ 395.240037][ T6179] loop1: rw=1, sector=262, nr_sectors = 2048 limit=1024 [ 395.263482][ T6179] syz.1.79: attempt to access beyond end of device [ 395.263482][ T6179] loop1: rw=1, sector=2310, nr_sectors = 2048 limit=1024 [ 395.286810][ T6179] syz.1.79: attempt to access beyond end of device [ 395.286810][ T6179] loop1: rw=1, sector=4358, nr_sectors = 2048 limit=1024 [ 395.327285][ T6179] syz.1.79: attempt to access beyond end of device [ 395.327285][ T6179] loop1: rw=1, sector=6406, nr_sectors = 2048 limit=1024 [ 395.376944][ T6179] syz.1.79: attempt to access beyond end of device [ 395.376944][ T6179] loop1: rw=1, sector=8454, nr_sectors = 2048 limit=1024 [ 395.416760][ T6179] syz.1.79: attempt to access beyond end of device [ 395.416760][ T6179] loop1: rw=1, sector=10502, nr_sectors = 2048 limit=1024 [ 395.437223][ T6179] syz.1.79: attempt to access beyond end of device [ 395.437223][ T6179] loop1: rw=1, sector=12550, nr_sectors = 2048 limit=1024 [ 395.456220][ T6179] syz.1.79: attempt to access beyond end of device [ 395.456220][ T6179] loop1: rw=1, sector=14598, nr_sectors = 2048 limit=1024 [ 395.487343][ T6179] syz.1.79: attempt to access beyond end of device [ 395.487343][ T6179] loop1: rw=1, sector=16646, nr_sectors = 2048 limit=1024 [ 396.369578][ T6192] loop0: detected capacity change from 0 to 512 [ 396.383616][ T6192] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (57259!=33349) [ 396.421215][ T6192] EXT4-fs (loop0): orphan cleanup on readonly fs [ 396.436132][ T6192] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:512: comm syz.0.77: Block bitmap for bg 0 marked uninitialized [ 396.451797][ T6192] EXT4-fs (loop0): Remounting filesystem read-only [ 396.460679][ T6192] EXT4-fs (loop0): 1 orphan inode deleted [ 396.477120][ T6192] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 396.619906][ T5832] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 396.903552][ T6204] loop1: detected capacity change from 0 to 256 [ 396.939502][ T6204] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 397.098469][ T6204] exFAT-fs (loop1): error, invalid access to FAT (entry 0xffffffff) [ 397.118520][ T6204] exFAT-fs (loop1): Filesystem has been set read-only [ 397.971971][ T6222] loop2: detected capacity change from 0 to 256 [ 397.981290][ T6222] exfat: Deprecated parameter 'namecase' [ 397.997208][ T6222] exfat: Deprecated parameter 'utf8' [ 398.012701][ T6222] exFAT-fs (loop2): Medium has reported failures. Some data may be lost. [ 398.153783][ T6227] netlink: 16 bytes leftover after parsing attributes in process `syz.0.94'. [ 398.167963][ T6222] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x7f1fc68d, utbl_chksum : 0xe619d30d) [ 398.584615][ T6237] loop1: detected capacity change from 0 to 2048 [ 398.657555][ T6237] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=3932051, location=3932051 [ 398.712873][ T6237] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 398.811869][ T6244] loop2: detected capacity change from 0 to 1024 [ 398.839563][ T6244] EXT4-fs: Ignoring removed bh option [ 398.886050][ T6244] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 398.993689][ T6244] EXT4-fs error (device loop2): ext4_xattr_inode_iget:440: comm syz.2.100: inode #4: comm syz.2.100: iget: illegal inode # [ 399.012458][ T6244] EXT4-fs (loop2): Remounting filesystem read-only [ 399.024380][ T6244] EXT4-fs warning (device loop2): ext4_xattr_block_set:2202: inode #19: comm syz.2.100: dec ref error=-5 [ 399.106160][ T6252] hsr0: entered promiscuous mode [ 399.115488][ T6252] netlink: 4 bytes leftover after parsing attributes in process `syz.3.102'. [ 399.126494][ T6252] hsr_slave_0: left promiscuous mode [ 399.141574][ T6252] hsr_slave_1: left promiscuous mode [ 399.191735][ T6252] hsr0 (unregistering): left promiscuous mode [ 399.491869][ T6262] loop3: detected capacity change from 0 to 512 [ 399.520289][ T6262] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 399.637116][ T5909] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 399.656458][ T5828] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 399.666258][ T5824] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 399.813486][ T6266] Bluetooth: MGMT ver 1.22 [ 399.837371][ T5909] usb 1-1: Using ep0 maxpacket: 8 [ 399.862835][ T5909] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 399.898777][ T5909] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 399.918943][ T5909] usb 1-1: New USB device found, idVendor=06cb, idProduct=81a7, bcdDevice= 0.00 [ 399.933522][ T5909] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 399.954794][ T5909] usb 1-1: config 0 descriptor?? [ 399.992402][ T6268] loop3: detected capacity change from 0 to 128 [ 400.041361][ T6268] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 400.256511][ T5824] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 400.417946][ T5909] hid-rmi 0003:06CB:81A7.0001: unknown main item tag 0x0 [ 400.435669][ T5909] hid-rmi 0003:06CB:81A7.0001: unknown main item tag 0x0 [ 400.447119][ T5909] hid-rmi 0003:06CB:81A7.0001: unknown main item tag 0x0 [ 400.459668][ T5909] hid-rmi 0003:06CB:81A7.0001: unknown main item tag 0x0 [ 400.468146][ T6274] loop3: detected capacity change from 0 to 1024 [ 400.477410][ T5909] hid-rmi 0003:06CB:81A7.0001: unknown main item tag 0x0 [ 400.484506][ T5909] hid-rmi 0003:06CB:81A7.0001: unknown main item tag 0x0 [ 400.503641][ T6274] EXT4-fs (loop3): couldn't mount as ext2 due to feature incompatibilities [ 400.520904][ T5909] hid-rmi 0003:06CB:81A7.0001: unknown main item tag 0x0 [ 400.738214][ T5909] hid-rmi 0003:06CB:81A7.0001: unknown main item tag 0x0 [ 400.757297][ T5909] hid-rmi 0003:06CB:81A7.0001: unknown main item tag 0x0 [ 400.777377][ T5909] hid-rmi 0003:06CB:81A7.0001: unbalanced collection at end of report description [ 400.791390][ T5909] hid-rmi 0003:06CB:81A7.0001: parse failed [ 400.798153][ T5909] hid-rmi: probe of 0003:06CB:81A7.0001 failed with error -22 [ 401.328189][ T6279] loop3: detected capacity change from 0 to 1024 [ 402.018636][ T5909] usb 1-1: USB disconnect, device number 2 [ 402.909817][ T6291] hsr0: entered promiscuous mode [ 402.938274][ T6291] netlink: 4 bytes leftover after parsing attributes in process `syz.2.114'. [ 402.969652][ T6291] hsr_slave_0: left promiscuous mode [ 402.977194][ T6293] loop0: detected capacity change from 0 to 2048 [ 402.985223][ T6291] hsr_slave_1: left promiscuous mode [ 402.999418][ T6293] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 403.134926][ T6291] hsr0 (unregistering): left promiscuous mode [ 403.868742][ T5832] UDF-fs: error (device loop0): udf_read_inode: (ino 1410) failed !bh [ 403.886215][ T5832] UDF-fs: error (device loop0): udf_read_inode: (ino 1410) failed !bh [ 405.334527][ T5842] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 405.481986][ T5842] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 405.721175][ T5842] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 405.934540][ T6325] loop3: detected capacity change from 0 to 512 [ 405.951639][ T6324] loop2: detected capacity change from 0 to 256 [ 405.980374][ T5842] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 405.988955][ T6325] EXT4-fs: Ignoring removed oldalloc option [ 406.083544][ T6325] EXT4-fs error (device loop3): ext4_xattr_inode_iget:436: comm syz.3.127: Parent and EA inode have the same ino 15 [ 406.223826][ T6325] EXT4-fs (loop3): 1 orphan inode deleted [ 406.256199][ T6325] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 406.612135][ T6333] EXT4-fs error (device loop3): ext4_lookup:1858: inode #15: comm syz.3.127: unexpected EA_INODE flag [ 406.858469][ T5831] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 406.868474][ T5831] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 406.880810][ T5831] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 406.889414][ T5831] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 406.897802][ T5831] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 406.905266][ T5831] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 407.202139][ T5824] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 407.342522][ T6340] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 407.906233][ T6334] chnl_net:caif_netlink_parms(): no params data found [ 408.958912][ T5831] Bluetooth: hci3: command tx timeout [ 409.338540][ T6334] bridge0: port 1(bridge_slave_0) entered blocking state [ 409.365367][ T6334] bridge0: port 1(bridge_slave_0) entered disabled state [ 409.373845][ T6334] bridge_slave_0: entered allmulticast mode [ 409.381383][ T6334] bridge_slave_0: entered promiscuous mode [ 409.399069][ T6334] bridge0: port 2(bridge_slave_1) entered blocking state [ 409.406349][ T6334] bridge0: port 2(bridge_slave_1) entered disabled state [ 409.414230][ T6334] bridge_slave_1: entered allmulticast mode [ 409.424655][ T6334] bridge_slave_1: entered promiscuous mode [ 409.685649][ T6370] loop1: detected capacity change from 0 to 736 [ 409.739600][ T6334] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 409.760008][ T6334] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 409.979871][ T6334] team0: Port device team_slave_0 added [ 410.023564][ T6334] team0: Port device team_slave_1 added [ 410.180807][ T5831] Bluetooth: to_multiplier 0 < 10 [ 410.226274][ T6334] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 410.265921][ T6334] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 410.335378][ T6334] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 410.365071][ T6334] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 410.393935][ T6334] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 410.424062][ T6334] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 411.275903][ T6390] loop3: detected capacity change from 0 to 1024 [ 412.087440][ T5831] Bluetooth: hci3: command tx timeout [ 412.142763][ T6390] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 412.353900][ T5100] Bluetooth: hci2: command tx timeout [ 412.885909][ T5824] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 413.364550][ T6334] hsr_slave_0: entered promiscuous mode [ 413.410651][ T6334] hsr_slave_1: entered promiscuous mode [ 414.155884][ T5100] Bluetooth: hci3: command tx timeout [ 415.124746][ T6430] loop1: detected capacity change from 0 to 1024 [ 415.251272][ T6433] loop3: detected capacity change from 0 to 16 [ 415.365747][ T6433] erofs: (device loop3): mounted with root inode @ nid 36. [ 415.450401][ T6439] loop2: detected capacity change from 0 to 8 [ 415.979493][ T6433] erofs: (device loop3): z_erofs_readahead: readahead error at folio 12 @ nid 36 [ 416.008647][ T6439] SQUASHFS error: Failed to read block 0x4de: -5 [ 416.059476][ T6441] erofs: (device loop3): erofs_find_target_block: corrupted dir block 8200 @ nid 36 [ 416.074461][ T6439] SQUASHFS error: Failed to read block 0x4de: -5 [ 416.147403][ T6433] erofs: (device loop3): z_erofs_readahead: readahead error at folio 9 @ nid 36 [ 416.161492][ T6433] erofs: (device loop3): z_erofs_readahead: readahead error at folio 8 @ nid 36 [ 416.171190][ T6433] erofs: (device loop3): z_erofs_readahead: readahead error at folio 6 @ nid 36 [ 416.181350][ T6433] erofs: (device loop3): z_erofs_readahead: readahead error at folio 4 @ nid 36 [ 416.191164][ T6433] bio_check_eod: 23 callbacks suppressed [ 416.191178][ T6433] syz.3.146: attempt to access beyond end of device [ 416.191178][ T6433] loop3: rw=524288, sector=1049264, nr_sectors = 16 limit=16 [ 416.215624][ T27] audit: type=1800 audit(416.181:10): pid=6439 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.152" name="file1" dev="loop2" ino=5 res=0 errno=0 [ 416.227260][ T5100] Bluetooth: hci3: command tx timeout [ 416.245927][ T6433] syz.3.146: attempt to access beyond end of device [ 416.245927][ T6433] loop3: rw=524288, sector=376, nr_sectors = 16 limit=16 [ 416.294412][ T6433] syz.3.146: attempt to access beyond end of device [ 416.294412][ T6433] loop3: rw=524288, sector=16, nr_sectors = 8 limit=16 [ 416.322185][ T6433] syz.3.146: attempt to access beyond end of device [ 416.322185][ T6433] loop3: rw=524288, sector=720, nr_sectors = 16 limit=16 [ 416.348998][ T6334] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 416.395304][ T6334] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 416.407692][ T6433] syz.3.146: attempt to access beyond end of device [ 416.407692][ T6433] loop3: rw=524288, sector=525144, nr_sectors = 16 limit=16 [ 416.460234][ T6334] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 416.482352][ T6433] ================================================================== [ 416.490495][ T6433] BUG: KASAN: use-after-free in z_erofs_transform_plain+0x38c/0x460 [ 416.498515][ T6433] Read of size 4095 at addr ffff88805ba0d400 by task syz.3.146/6433 [ 416.506522][ T6433] [ 416.508885][ T6433] CPU: 0 PID: 6433 Comm: syz.3.146 Not tainted syzkaller #0 [ 416.516198][ T6433] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 416.526296][ T6433] Call Trace: [ 416.529606][ T6433] [ 416.532566][ T6433] dump_stack_lvl+0x16c/0x230 [ 416.537280][ T6433] ? __lock_acquire+0x7c80/0x7c80 [ 416.542341][ T6433] ? show_regs_print_info+0x20/0x20 [ 416.547583][ T6433] ? load_image+0x3b0/0x3b0 [ 416.552128][ T6433] ? __virt_addr_valid+0x469/0x540 [ 416.557280][ T6433] print_report+0xac/0x220 [ 416.561736][ T6433] ? z_erofs_transform_plain+0x38c/0x460 [ 416.567416][ T6433] kasan_report+0x117/0x150 [ 416.571961][ T6433] ? z_erofs_transform_plain+0x38c/0x460 [ 416.577645][ T6433] kasan_check_range+0x288/0x290 [ 416.582622][ T6433] ? z_erofs_transform_plain+0x38c/0x460 [ 416.588292][ T6433] __asan_memcpy+0x29/0x70 [ 416.592846][ T6433] z_erofs_transform_plain+0x38c/0x460 [ 416.598341][ T6433] ? z_erofs_lz4_decompress+0x1720/0x1720 [ 416.604110][ T6433] z_erofs_decompress_queue+0x16fb/0x2660 [ 416.609877][ T6433] ? z_erofs_onlinepage_end+0x360/0x360 [ 416.615466][ T6433] ? kasan_quarantine_put+0xd8/0x220 [ 416.620824][ T6433] ? z_erofs_decompressqueue_endio+0x5a0/0x5a0 [ 416.627033][ T6433] ? z_erofs_decompressqueue_endio+0x512/0x5a0 [ 416.633236][ T6433] z_erofs_runqueue+0x18a3/0x19d0 [ 416.638304][ T6433] ? z_erofs_do_read_page+0x3680/0x3680 [ 416.643904][ T6433] ? _raw_spin_unlock+0x28/0x40 [ 416.648817][ T6433] ? lockref_put_or_lock+0x72/0xb0 [ 416.653962][ T6433] z_erofs_readahead+0xa7c/0xd50 [ 416.658944][ T6433] ? z_erofs_read_folio+0x540/0x540 [ 416.664190][ T6433] ? folio_add_lru+0x320/0xd50 [ 416.669019][ T6433] ? blk_start_plug+0x6e/0x1a0 [ 416.673826][ T6433] read_pages+0x177/0x840 [ 416.678205][ T6433] ? __lock_acquire+0x7c80/0x7c80 [ 416.683274][ T6433] ? page_cache_ra_unbounded+0x770/0x770 [ 416.688948][ T6433] ? folio_add_lru+0xd50/0xd50 [ 416.693750][ T6433] ? folio_add_lru+0x54f/0xd50 [ 416.698568][ T6433] ? filemap_add_folio+0x192/0x3c0 [ 416.703721][ T6433] page_cache_ra_unbounded+0x692/0x770 [ 416.709227][ T6433] force_page_cache_ra+0x2c1/0x320 [ 416.714425][ T6433] generic_fadvise+0x44f/0x730 [ 416.719238][ T6433] ? dump_task+0x5f0/0x5f0 [ 416.723696][ T6433] ? __fget_files+0x28/0x4d0 [ 416.728327][ T6433] ? __fdget+0x180/0x210 [ 416.732127][ T6453] netlink: 4 bytes leftover after parsing attributes in process `syz.1.155'. [ 416.732591][ T6433] __x64_sys_fadvise64+0x140/0x180 [ 416.732624][ T6433] do_syscall_64+0x55/0xb0 [ 416.751140][ T6433] ? clear_bhb_loop+0x40/0x90 [ 416.755850][ T6433] ? clear_bhb_loop+0x40/0x90 [ 416.760554][ T6433] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 416.766496][ T6433] RIP: 0033:0x7ffabb58ec29 [ 416.770950][ T6433] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 416.790589][ T6433] RSP: 002b:00007ffabc3fe038 EFLAGS: 00000246 ORIG_RAX: 00000000000000dd [ 416.799035][ T6433] RAX: ffffffffffffffda RBX: 00007ffabb7d5fa0 RCX: 00007ffabb58ec29 [ 416.807038][ T6433] RDX: 000000000000ff39 RSI: 0000000000000003 RDI: 0000000000000004 [ 416.815048][ T6433] RBP: 00007ffabb611e41 R08: 0000000000000000 R09: 0000000000000000 [ 416.823060][ T6433] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 [ 416.831065][ T6433] R13: 00007ffabb7d6038 R14: 00007ffabb7d5fa0 R15: 00007ffefd25bf28 [ 416.839092][ T6433] [ 416.842132][ T6433] [ 416.844468][ T6433] The buggy address belongs to the physical page: [ 416.850917][ T6433] page:ffffea00016e8340 refcount:2 mapcount:0 mapping:ffff88804ac807c8 index:0x1 pfn:0x5ba0d [ 416.861125][ T6433] memcg:ffff88807bc72000 [ 416.865389][ T6433] aops:z_erofs_cache_aops ino:0 [ 416.870282][ T6433] flags: 0xfff40000008028(uptodate|lru|private|node=0|zone=1|lastcpupid=0x7ff) [ 416.879256][ T6433] page_type: 0xffffffff() [ 416.883592][ T6433] raw: 00fff40000008028 ffffea00016e8288 ffffea00006ae908 ffff88804ac807c8 [ 416.892191][ T6433] raw: 0000000000000001 ffff88804acc22f0 00000002ffffffff ffff88807bc72000 [ 416.900789][ T6433] page dumped because: kasan: bad access detected [ 416.907221][ T6433] page_owner tracks the page as allocated [ 416.912942][ T6433] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x192840(GFP_NOWAIT|__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 6441, tgid 6432 (syz.3.146), ts 416042867426, free_ts 413855910747 [ 416.934876][ T6433] post_alloc_hook+0x1cd/0x210 [ 416.939668][ T6433] get_page_from_freelist+0x195c/0x19f0 [ 416.945224][ T6433] __alloc_pages+0x1e3/0x460 [ 416.949838][ T6433] z_erofs_do_read_page+0x20c0/0x3680 [ 416.955216][ T6433] z_erofs_read_folio+0x213/0x540 [ 416.960259][ T6433] filemap_read_folio+0x167/0x760 [ 416.965284][ T6433] do_read_cache_folio+0x470/0x7e0 [ 416.970400][ T6433] erofs_bread+0x16f/0x630 [ 416.974826][ T6433] erofs_namei+0x28c/0xf00 [ 416.979255][ T6433] erofs_lookup+0x135/0x310 [ 416.983768][ T6433] path_openat+0x10b8/0x3190 [ 416.988369][ T6433] do_filp_open+0x1c5/0x3d0 [ 416.992884][ T6433] do_sys_openat2+0x12c/0x1c0 [ 416.997564][ T6433] __x64_sys_openat+0x139/0x160 [ 417.002414][ T6433] do_syscall_64+0x55/0xb0 [ 417.006836][ T6433] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 417.012738][ T6433] page last free stack trace: [ 417.017410][ T6433] free_unref_page_prepare+0x7ce/0x8e0 [ 417.022879][ T6433] free_unref_page+0x32/0x2e0 [ 417.027561][ T6433] __unfreeze_partials+0x1cf/0x210 [ 417.032686][ T6433] put_cpu_partial+0x17c/0x250 [ 417.037462][ T6433] __slab_free+0x31d/0x410 [ 417.041897][ T6433] qlist_free_all+0x75/0xe0 [ 417.046404][ T6433] kasan_quarantine_reduce+0x143/0x160 [ 417.051868][ T6433] __kasan_slab_alloc+0x22/0x80 [ 417.056727][ T6433] slab_post_alloc_hook+0x6e/0x4d0 [ 417.061842][ T6433] kmem_cache_alloc+0x11e/0x2e0 [ 417.066697][ T6433] getname_flags+0xbb/0x500 [ 417.071209][ T6433] do_sys_openat2+0xcb/0x1c0 [ 417.075805][ T6433] __x64_sys_openat+0x139/0x160 [ 417.080655][ T6433] do_syscall_64+0x55/0xb0 [ 417.085082][ T6433] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 417.090990][ T6433] [ 417.093312][ T6433] Memory state around the buggy address: [ 417.098945][ T6433] ffff88805ba0df00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 417.107016][ T6433] ffff88805ba0df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 417.115078][ T6433] >ffff88805ba0e000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 417.123136][ T6433] ^ [ 417.127211][ T6433] ffff88805ba0e080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 417.135279][ T6433] ffff88805ba0e100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 417.143338][ T6433] ================================================================== [ 417.173495][ T6433] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 417.180748][ T6433] CPU: 0 PID: 6433 Comm: syz.3.146 Not tainted syzkaller #0 [ 417.188068][ T6433] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 417.198152][ T6433] Call Trace: [ 417.201454][ T6433] [ 417.204431][ T6433] dump_stack_lvl+0x16c/0x230 [ 417.209151][ T6433] ? show_regs_print_info+0x20/0x20 [ 417.214401][ T6433] ? load_image+0x3b0/0x3b0 [ 417.218941][ T6433] panic+0x2c0/0x710 [ 417.222879][ T6433] ? bpf_jit_dump+0xd0/0xd0 [ 417.227421][ T6433] ? _raw_spin_unlock_irqrestore+0xfa/0x110 [ 417.233355][ T6433] ? _raw_spin_unlock+0x40/0x40 [ 417.238228][ T6433] ? print_memory_metadata+0x314/0x400 [ 417.243728][ T6433] ? z_erofs_transform_plain+0x38c/0x460 [ 417.249414][ T6433] check_panic_on_warn+0x84/0xa0 [ 417.254413][ T6433] ? z_erofs_transform_plain+0x38c/0x460 [ 417.260084][ T6433] end_report+0x6f/0x140 [ 417.264380][ T6433] kasan_report+0x128/0x150 [ 417.268928][ T6433] ? z_erofs_transform_plain+0x38c/0x460 [ 417.274626][ T6433] kasan_check_range+0x288/0x290 [ 417.279601][ T6433] ? z_erofs_transform_plain+0x38c/0x460 [ 417.285262][ T6433] __asan_memcpy+0x29/0x70 [ 417.289722][ T6433] z_erofs_transform_plain+0x38c/0x460 [ 417.295225][ T6433] ? z_erofs_lz4_decompress+0x1720/0x1720 [ 417.300971][ T6433] z_erofs_decompress_queue+0x16fb/0x2660 [ 417.306709][ T6433] ? z_erofs_onlinepage_end+0x360/0x360 [ 417.312299][ T6433] ? kasan_quarantine_put+0xd8/0x220 [ 417.317604][ T6433] ? z_erofs_decompressqueue_endio+0x5a0/0x5a0 [ 417.323759][ T6433] ? z_erofs_decompressqueue_endio+0x512/0x5a0 [ 417.329920][ T6433] z_erofs_runqueue+0x18a3/0x19d0 [ 417.334963][ T6433] ? z_erofs_do_read_page+0x3680/0x3680 [ 417.340527][ T6433] ? _raw_spin_unlock+0x28/0x40 [ 417.345383][ T6433] ? lockref_put_or_lock+0x72/0xb0 [ 417.350508][ T6433] z_erofs_readahead+0xa7c/0xd50 [ 417.355469][ T6433] ? z_erofs_read_folio+0x540/0x540 [ 417.360678][ T6433] ? folio_add_lru+0x320/0xd50 [ 417.365441][ T6433] ? blk_start_plug+0x6e/0x1a0 [ 417.370214][ T6433] read_pages+0x177/0x840 [ 417.374561][ T6433] ? __lock_acquire+0x7c80/0x7c80 [ 417.379599][ T6433] ? page_cache_ra_unbounded+0x770/0x770 [ 417.385260][ T6433] ? folio_add_lru+0xd50/0xd50 [ 417.390030][ T6433] ? folio_add_lru+0x54f/0xd50 [ 417.394803][ T6433] ? filemap_add_folio+0x192/0x3c0 [ 417.399931][ T6433] page_cache_ra_unbounded+0x692/0x770 [ 417.405414][ T6433] force_page_cache_ra+0x2c1/0x320 [ 417.410558][ T6433] generic_fadvise+0x44f/0x730 [ 417.415334][ T6433] ? dump_task+0x5f0/0x5f0 [ 417.419761][ T6433] ? __fget_files+0x28/0x4d0 [ 417.424380][ T6433] ? __fdget+0x180/0x210 [ 417.428732][ T6433] __x64_sys_fadvise64+0x140/0x180 [ 417.433853][ T6433] do_syscall_64+0x55/0xb0 [ 417.438277][ T6433] ? clear_bhb_loop+0x40/0x90 [ 417.442956][ T6433] ? clear_bhb_loop+0x40/0x90 [ 417.447643][ T6433] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 417.453560][ T6433] RIP: 0033:0x7ffabb58ec29 [ 417.457977][ T6433] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 417.477583][ T6433] RSP: 002b:00007ffabc3fe038 EFLAGS: 00000246 ORIG_RAX: 00000000000000dd [ 417.486084][ T6433] RAX: ffffffffffffffda RBX: 00007ffabb7d5fa0 RCX: 00007ffabb58ec29 [ 417.494060][ T6433] RDX: 000000000000ff39 RSI: 0000000000000003 RDI: 0000000000000004 [ 417.502116][ T6433] RBP: 00007ffabb611e41 R08: 0000000000000000 R09: 0000000000000000 [ 417.510087][ T6433] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 [ 417.518058][ T6433] R13: 00007ffabb7d6038 R14: 00007ffabb7d5fa0 R15: 00007ffefd25bf28 [ 417.526033][ T6433] [ 417.529373][ T6433] Kernel Offset: disabled [ 417.533711][ T6433] Rebooting in 86400 seconds..