last executing test programs: 16m9.715807724s ago: executing program 2 (id=38): syz_mount_image$udf(&(0x7f00000004c0), &(0x7f0000000500)='./file0\x00', 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB='\x00'], 0x1, 0x489, &(0x7f0000000580)="$eJzs29trHOUfx/HPd7K72Wz7+3XbpmmVgquCSsWaQ4/Gix5iqNCkOTQiRYWYbOLSnMimkhTR4o233ngjIgoKUkULIt54pb3zD1AQBL3wQgT3wgMIgszszM5ks2nS7iHd9v2CdifPfGfmOewzz7M7zwoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEinnjrZ2WVbnQsAANBIg6Mjnd2M/wAA3FXO8/kfAADgbmJy9L1MfSMFG/D+Lkqezc1dWh7r6698WJt5R7Z48e6/ZFd3z6HDR44eC15vfHyt3aNzo+dPZk7Pzy4sZvP57GRmbC43MT+Z3fQZqj2+3AGvAjKzFy9NTk3lM90He1btXk7/0rqtI917tOOEE8SO9fX3j0ZiYvFbvvoa683wE3K0T6bfHvrUBiU5qr4uNnjv1FubV4gDXiHG+vq9gszkxueW3J1DQUU4fll9iaCOGtAWVWmX3HxZojaf2eJydEKmjp8Ldk5SS1APj3pfDK9/YKwml79lbj6fl/SAmqDNbmOtcvSjTLM7khra+mZFg8XkaFmmP3oLNuzdD9z+5N42zz6TeXpuaj4SO2R+j2r28aGRbvN7U1KOBr07fsFGtjozaDh3svSWTHs+ftmbV8ibl+7oPfrEcE90hrF3g/O4sQf9+eNmxuS4HztkQ2ZO7csFAAAAAAAAQGo1R9/JVPgqEyamTU7kkXFSxQdDma3JIoB6MUdvyzQ8UvC+ho+uS2mJrO8pafZnf/XNf1vy9PzCymJu+qWlivtTyZMv5pcWxycq71abe59tiaZstI6lSnFzlJDpuT8/stJ1i/d/fylAmJsPnwzXzCTLr++9b/5fXM8UPEM6fmFvdLtilm/i+ah7TTNHSzKd2rXPX6uS0po6UzHuc5l+f2+/H+ck3MwHp00XzziVm8l2urFfy/T+v0GstyxK2/zY3WFslxtrMr05sDp2ux/bHsZ2u7H9Ml1/oXLsnjC2x419XaaFXzNBbMqNvc+P7QhjD07Mz0xWqkrgZrn9/yeZ3m3PWNA3YsX339r+/0o4FlwpP9E6fb7a/p+OpF3x+/UFt///tc/ry17/dyr3/zdk+uSL/X5cse8l/P07vf/D/v+sTNPfro5N+bG7wtiuTVdsk3Dbf79MZ/ZcK9WN3/5+C4StFm3/e8vfHXVq/52RtLR/3dbaFB2S8iuXL47PzGQX2WCDDTZKG1t9Z0IjuOP/Z+4s6ssfSvMdf/z3P6aEM6u/Xw3H/97yE9Vp/N8VSev1ZyPxmJRcml2I75WS+ZXLj+Vmx6ez09m5Q51HOg8fOt51/Fg8EUzuwq2q6+pO5Lb/NzL9s+1q6fPu6vlf5fl/qvxEdWr/3ZG01Kr5StVFh9/+V2W6//q10vcSN5r/B9//PPJg8bXUP+vU/u2RtLR/3f/VpugAAAAAAAAAAAAAAAAA0NTi5ugDmc48HrPgt2abWf+35gdodVr/1RFJm2zQ7xWqrlQAaAKOHL0j08Mq2GtuwnZpIPqKO9p/AQAA//9HASOO") pipe2$9p(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x8800) write$P9_RVERSION(r0, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15) r1 = dup(r0) write$FUSE_BMAP(r1, &(0x7f0000000100)={0x18, 0x0, 0x0, {0xffffffffffffffff}}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r1, &(0x7f00000000c0)={0x14c}, 0x137) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r2}, 0x10) rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8) readahead(0xffffffffffffffff, 0x1000, 0x0) 16m8.949401163s ago: executing program 2 (id=43): syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x8, &(0x7f0000000080)={[{@sb={'sb', 0x3d, 0x1}}, {@nodioread_nolock}]}, 0x2, 0x53a, &(0x7f0000000c80)="$eJzs3c9vI1cdAPDvOPHmR7NNCj0AArqUwoJW6yTeNqp6YXsBoaoSouLEYRsSN4pir6PYK5qwh+yReyVW4gT8B9w4IPXEgRs3kDj0Ug5IC6xADRIHoxlPEjexE7dJ7ST+fKTJzHszO9/34n3veV5kvwBG1o2I2I2IaxHxdkTM5vlJvsXd9pZe99HThyt7Tx+uJNFqvfXPJDuf5kXHv0k9k99zMiJ++L2InyTH4za2dzaWq9XKVp6eb9Y25xvbO7fXC3lOeWlxaeHVO6+Uz62uL9R+++S762/86Pe/+8qHf9r99s/SYs38/Hp2rrMeh4pnjpnk95npyBuPiDfOfOeLYzz//8Plk7a2z0XEi1n7n42x7NUEAK6yVms2WrOdaQDgqkuf/2ciKZTyuYCZKBRKpfYc3vMxXajWG81bs/UH91cjm8Oai2LhnfVqZSGfK5yLYpKmF7Pjw3T5Y+n3Knci4rmIeG9iKjtfWqlXV4f5xgcARtgzR8b//0y0x/9OZ/8rGABw4UwOuwAAwMB1jP9zwywHADA4nv8BYPR8gvHfpwMB4Irw/A8Ao8f4DwCj59Tx/9FgygEADMQP3nwz3Vp77e+/3v+m7turlcZGqfZgpbRS39osrdXra9VKaaXVOu1+1Xp9c/Hlg2Rje+derf7gfvPeem15rXKv4rsEAGD4nnvh/b+kg/7ua1PZFh1rORir4WorDLsAwNCMDbsAwND4PA+Mrj6e8U0DwBXXZYnetnyCIOl1wWOLv8JldfOL5v9hVJ1l/t/cAVxun27+/zvnXg5g8IzhMLparcSa/wAwYszxAz3//p/r+RUhj/u4+d1PXh4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4DGayLSmUsrXAd9OfhVIp4npEzEUxeWe9WlmIiGcj4s8TxYk0vTjsQgMAZ1T4e5Kv/3Vz9qWZo2evJf+dyPYR8dNfvvWLd5ebza3FNP9fB/nNx2n+VHOrfG0YFQAAOu2vu/nBYVY2fpfzfceD/EdPH67sb4Ms4pPXI2JyKou/l2/tM+Mxnu0noxgR0/9O8nRb+n5l7Bzi7z6KiC/s138y3u2IMJPNgbRXPj0aP419/dzjd/7+j8YvfKy+hexcui9mv4vPx5HCAad6//V2P5m3vbSJ5+2vEDeyfff2P5n1UGeX9n9pc9071v8VDvq/sWPxk6zN3zhIn1ySJy//4fvHMluz7XOPIr403i1+chA/6d7/Fl/qs44ffPmrL/Y61/pVxM2u9d9fkbqWdbPzzdrmfGN75/Z6bXmtsla5Xy4vLS4tvHrnlfJ8Nkfd/vnHbjH+8dqtZ3vFT+s/3SP+5Mn1j2/0Wf9f/+/tH3/thPjf+nr31//5E+KnY+I3+4y/PH235/LdafzVHvU/5fWPW33G//BvO6t9XgoADEBje2djuVqtbJ1ykL7XPO0aB/0fpM/2F6AY2UHsRpzXDbNJiYjoek36jvpiVPmzOkiGFv03533DYfdMwGftsNH3vuavgywQAAAAAAAAAAAAAABwTGN7Z2Oi+6e1zu1g2HUEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg6vp/AAAA//9W1cZQ") r0 = creat(&(0x7f00000000c0)='./bus\x00', 0x182) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x181242, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x141042, 0x0) read$FUSE(r0, 0x0, 0x0) fallocate(r2, 0x10, 0xfff, 0x5) fallocate(r0, 0x0, 0x1, 0x2000402) ioctl$EXT4_IOC_MOVE_EXT(r1, 0xc028660f, &(0x7f0000000040)={0xc, r0, 0x1000000000006, 0x400, 0x1000}) 16m7.662059484s ago: executing program 2 (id=47): syz_mount_image$vfat(&(0x7f0000000100), &(0x7f00000002c0)='./file1\x00', 0x0, &(0x7f0000000140)=ANY=[], 0x5, 0x1282, &(0x7f0000000300)="$eJzs3U1rY1UcB+B/pmmbduyLOo52QDzoRhHitAtXborMgFhQqh1QQbhjUy1Nm9KEQkScunIl+DFEXboTxC/QjRvXgiDSjctZiFfSpE7TpB2nNq0Mz7PJ5ZzzO+fce8qFW+7h7r3y5fraSr28kjXiUqEQxc3hKN5NkeJSDEXbTrxw6+dfnn7rnXdfn19YuLGY0s35t2dfTilNPvPDe598++yPjcu3vpv8fjR2p9/f+2Pu192ruzN7f30Tq/W0Wk8btUbK0u1arZHdrlbS8mp9rZzSm9VKVq+kUmeMe/Ur1drmZjNlG8sT45tblXo9ZRvNtFZppkYhNbaaKfswW91I5XI5TYwH/8XS13fzPI/I8+EYiTzP87EYj8vxSEzEZEzFdDwaj8XjcSWeiKvxZDwVM/utDvIjFzt9AAAAAAAAAAAAAAAAAAAAeEjcZ/9/oXf//+hFTxkAAAAAAAAAAAAAAAAAAAAeOkf3/xcjHuD7/wAAAAAAAAAAAAAAAAAAAMBZuM/3/4/s/3/R/n8AAAAAAAAAAAAAAAAAAAAYhFL7ZzGlUsT659tL20vt33b5/EqsRjUqcT2m4s/Y3/3f1j6++drCjetp33S8tH6nk7+zvTTUnZ8dnorpQt/8bDufuvOjMX44PxdTcaX/+HN986V4/rlW/rN2vhxT8dMHUYtqLEcUOme/n/90NqVX31gY685fa7U71tCAlwUAAADOUjn9o/f5fafTqG99u6rzfJ46LQsn/H/gyPN5Ma4VL+qsOVBvfryWVauVrVMejBzfz0h3yVin5anHKkRE1hWfHP9tsdXlaSd/ZgdD5zro8Mltjq7FTOnEDi8dWsEo/g8u5hkc/P7VoZJSDGqs4dafc0/VwQXNqq3757/rMHbyfKCXZaRf1ehJqePvGYUB3o84X/cW/aJnAgAAAAAAAAAAwIPo+/bfWET0vA/4UU/Jwevh3fHeno8f/YtzOEMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+ZgeOBQAAAACE+Vun0bEBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwVQAAAP//kh3BBA==") mount$nfs(&(0x7f0000000100)=' 7.', 0x0, 0x0, 0x0, 0x0) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x103042, 0x0) 16m5.19856836s ago: executing program 2 (id=58): mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000440)='./file0/file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0) mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x2125099, 0x0) syz_mount_image$ext4(&(0x7f0000000280)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x200c840, &(0x7f0000000240), 0x64, 0x537, &(0x7f0000000f80)="$eJzs3c9vI1cdAPDvOHZIdrN1Chygh1JoUXYFaycNbSMObREITpWAcl9C4kRRnDhKnHYTVTQRfwAXBEic4MIFif8AVeLCsUIqgjOIIhCCLRw4wA4ae5zNZu04G5w4JJ+PNDvvza/ve/bOjzfzMg7gynomIl6NiPtpmt6KiHI+vZAPsdcesuU+uPfWQjYkkaav/y2JJJ/W2VaSj6/nq41FxNe/EvGt5NG4Wzu7q/P1em0zz1ebaxvVrZ3d2ytr88u15dr67OzMi3Mvzb0wNz2Qet6IiJe/9Kfvf/enX375F5998w93/nLz21mxvpjPP1yPx1Q8bma76qXWZ3F4hc2IV04Z78IptmqYGz/ZOvtnWB4AAHrLrvE/HBGfiohbUY6R4y9nAQAAgP9D6SsT8e8kIu1utNvEsei5PAAAAHABFSJiIpJCJe8LMBGFQqXS7sP70biWvh3R/MxSY3t9MZsXMRmlwtJKvTad9xWejFKS5Wda6Qf559v5/fcjWvnZiHgyIr5XHm/lKwuN+uKwb34AAADAFXH9SPv/n+V2+x8AAAC4ZCaHXQAAAADgzGn/AwAAwOWn/Q8AAACX2ldfey0b0s7vXy++sbO92njj9mJta7Wytr1QWWhsblSWG43l1jv71vptr95obHwu1rfvVpu1rWZ1a2f3zlpje715Z+Whn8AGAAAAztGTn3jnd0lE7H1+vDVkRnssO3KuJQPOWvEgleTjLnv/759oj98/p0IB56LfOf035XMqCHDuisMuADA0pcdZ2N8JwKWU9Jnfs/POu/n4k4MtDwAAMHhTH+/9/L9w7Jp7x88GLjw7MVxdnef/TxzJA5df6/l/rw6/R7lYgEul5IwPV17f5/+9OgC8e9IIafp4JQIAAAZtojUkhUp+e28iCoVKJeJGq7t/KVlaqdem8+cDvy2XPpTlZ1prJn3bDAAAAAAAAAAAAAAAAAAAAAAAAABAW5omkQIAAACXWkThz8kv2+/ynyo/N3H0/sBo8q9y5D8R+uaPXv/B3flmc3Mmm/73g+nNH+bTnx/GHQwAAADgqE47vdOOBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBB+uDeWwudoTMtLZ993L9+ISImu8UvxlhrPBaliLj2jySKh9ZLImJkAPH39iPiY93iJ1mxDkJ2iz9+9vFjMv8UusW/PoD4cJW9kx1/Xs32v9GIOLz/FeKZ1rj7/leMeCh/Wq3jX3aA63L87Rz/Rnrs/zeObGuyR4yn3vt5tWf8/Yinit2PP534SY/4z56wjt/8xu5ur3npjyOmup5/kodiVZtrG9Wtnd3bK2vzy7Xl2vrs7MyLcy/NvTA3XV1aqdfyfx/ZfqlP2bL6X+sRf7JP/Z87Yf3/897dex/pUZws/s1nu8T/1U/yJR6NX8jPfZ/O09n8qU56r50+7Omf/frp4+q/2KP+/b7/myes/62vfeePEXH/0FcKAAzR1s7u6ny9Xts8NpFdtvRb5qImslb6BSiGxOkSJ/0veqrE2wPdYJqmafxve0oSQ//AO4lhH5kAAIBBe3DRP+ySAAAAAAAAAAAAAAAAAAAAwNV1Hq8TOxpz7yCVDOIV2gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/HfAAAA///xwNLS") 16m3.424539219s ago: executing program 2 (id=65): keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_new={'new ', 'default', 0x20, 'trusted:', '\x918s\x89X', 0x20, 0xffd}, 0x2f, 0x0) r0 = add_key(&(0x7f0000000140)='encrypted\x00', 0x0, &(0x7f0000000100), 0x0, 0xfffffffffffffffe) keyctl$read(0xb, r0, &(0x7f0000000240)=""/112, 0x349b7f55) 16m2.449625447s ago: executing program 2 (id=70): r0 = socket$key(0xf, 0x3, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f0000000080)='sched_switch\x00'}, 0x18) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) r2 = socket$inet6(0xa, 0x6, 0x80000001) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000fa0fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x8, 0x4, &(0x7f0000000000)=@framed={{0xffffffb4, 0x8, 0x0, 0x0, 0x0, 0x73, 0x11, 0x41}, [@exit={0x95, 0x0, 0xc2}], {0x95, 0x0, 0x1200}}, &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r5, 0x0, 0x0) r6 = bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000100), &(0x7f0000000100), 0x6c7, r6}, 0x38) bpf$MAP_LOOKUP_BATCH(0x18, 0x0, 0x0) sendmsg$key(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="020b000102"], 0x10}}, 0x0) 16m1.553183067s ago: executing program 32 (id=70): r0 = socket$key(0xf, 0x3, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f0000000080)='sched_switch\x00'}, 0x18) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) r2 = socket$inet6(0xa, 0x6, 0x80000001) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000fa0fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x8, 0x4, &(0x7f0000000000)=@framed={{0xffffffb4, 0x8, 0x0, 0x0, 0x0, 0x73, 0x11, 0x41}, [@exit={0x95, 0x0, 0xc2}], {0x95, 0x0, 0x1200}}, &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r5, 0x0, 0x0) r6 = bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000100), &(0x7f0000000100), 0x6c7, r6}, 0x38) bpf$MAP_LOOKUP_BATCH(0x18, 0x0, 0x0) sendmsg$key(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="020b000102"], 0x10}}, 0x0) 15m31.707653619s ago: executing program 3 (id=179): syz_emit_ethernet(0x83, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaf9ff030486dd601b8b97004d88c19e9ace5ffb2e9fc603dd282100000002ff02000000000000000000000000000104004e200023b0"], 0x0) 15m31.265963186s ago: executing program 3 (id=181): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000640)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, 0x0, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)={0x28, r1, 0x5, 0x70bd25, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}]}, 0x28}}, 0x0) 15m30.827944995s ago: executing program 3 (id=183): syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000000)='./file0\x00', 0x101c088, &(0x7f0000000c00)=ANY=[@ANYBLOB="757466383d302c696f636861727365743d69736f383835392d312c666d61736b3d30303030303030303030303030303030303030303036362c756e695f786c6174653d312c756e695f786c6174653d302c726f6469722c73686f72746e616d653d6c6f7765722c756e695f786c6174653d302c757466383d302c757466383d312c73686f72746e616d653d77696e39352c726f6469722c6e66733d6e6f7374616c655f726f2c726f6469722c757466383d312c73686f72746e616d653d77696e6e742c636865636b3d72656c617865642c00c63b831754d4eeec4cf38c28cf1e3409b9950bbab09abe8d407d1c7c935e034461a37ac3113829124efad15a202673b20ad011cb0f0cedb0cef9f6ec5e2634db26ef8581fd506844d0133ac021c0172b4b36a109949512e8dc6a8c7d603e3ef3cd57451eaee1b0e4804b9ea88fcad7afb59594dcfeaf8d34935fa0e54a36c57d964429e7ec869287810e5d97759017ace0c3f5"], 0x6, 0x2c3, &(0x7f0000000900)="$eJzs3T+LHGUcB/Df7M3OrlrsFlYiOKCFVciltdlDEhCvMmyhFnqYC8jtItzBgX9wTWVrY2HhKxAEX4iN70CwFeyMEHhkZmeyu5dlcxuyJyafT5MnzzzfeX7Ps8PdXHHPffzq9OROGXfvffV79PtZdEYxivtZDKMTrW9ixei7AAD+z+6nFH+luW1yWUT0d1cWALBDl/v+ny+av1xJWQDADt1+/4N3Dw4Pb75Xlv24Nf32fFz9ZF/9O79+cDc+jUkcx/UYxIOI+kWhG/XbQtW8lVKa5WVlGG9MZ+fjKjn96Nfm/gd/RtT5/RjEsO56+LZR5985vLlfzi3lZ1UdLzbzj6r8jRjEyw/DK/kba/IxLuLN15fqvxaD+O2T+CwmcacuYpH/er8s307f//3lh1V5VT6bnY979biFtHfFHw0AAAAAAAAAAAAAAAAAAAAAAM+wa83ZOb2oz++puprzd/YeVP/pRtkarp7PM89n7Y2WzwdKKc1S/Nier3O9LMvUDFzk83glXz5YEAAAAAAAAAAAAAAAAAAAAJ5fZ59/cXI0mRyfPpVGexpAHhH/3I540vuMlnpei82De82cR5NJp2mujsmXe2KvHZNFbCyjWsST7kYeW639hUdqbho//bzt7P3Hj+mun+tpNtqn6+QoW7+HvWh7+s1G/VBELMYUccm5ios9aTC/T9rqIyjWXhpsvfbipbox2zAmsk2FvfXHfOeanuziKop6V9fGu01jKX7h2bjU8xz9efzRrxWZ0zoAAAAAAAAAAAAAAAAAAGCnFr/9u+bivY3RTurtrCwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuFKLv/+/RWPWhI9Pz/LHDC7i9Ow/XiIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADPgX8DAAD//x0KWZ8=") bpf$PROG_LOAD_XDP(0x5, &(0x7f0000010340)={0xe, 0x3, &(0x7f0000000180)=@framed={{0x18, 0x2}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) open_by_handle_at(r0, &(0x7f0000000180)=ANY=[@ANYBLOB='K\x00\x00\x00q'], 0x0) 15m30.17122027s ago: executing program 3 (id=187): syz_mount_image$vfat(&(0x7f0000000100), &(0x7f0000000640)='./bus\x00', 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="009f587a31d53b5cb6077bd11087bb6e13aac56feecaaae0b009cee43814e80646ff2772abedb27f35c706ba7c624afb75f473956061ae41834d27270063fa18a3515f9ac6cd6f15a042b1edcd60bdeb55446beed1014aa13d43d399fb4f716b8a24502a8e3e697642b172841c89aecefe0cfb3c32d7c28955601f41fb90d51951d91a35a5abeb4ffceef5cf6e190ec9eb6f91a0d06882039b54dd4485b823414e06691b0244ca11ac0baeaeec1a96861d358464329c64b77e6ff2e2d8a6bb29268be3e7c46750210270d79e1054add6c2ef3f0373", @ANYRES32, @ANYRESOCT=0x0], 0x1, 0x1282, &(0x7f0000002880)="$eJzs3U1rY1UcB+B/pmmbduyLOo52QDzoRhHitAtXborMgFhQqh1QQbhjUy1Nm9KEQkScunIl+DFEXboTxC/QjRvXgiDSjctZiFfSpE7TpB2nNq0Mz7PJ5ZzzO+fce8qFW+7h7r3y5fraSr28kjXiUqEQxc3hKN5NkeJSDEXbTrxw6+dfnn7rnXdfn19YuLGY0s35t2dfTilNPvPDe598++yPjcu3vpv8fjR2p9/f+2Pu192ruzN7f30Tq/W0Wk8btUbK0u1arZHdrlbS8mp9rZzSm9VKVq+kUmeMe/Ur1drmZjNlG8sT45tblXo9ZRvNtFZppkYhNbaaKfswW91I5XI5TYwH/8XS13fzPI/I8+EYiTzP87EYj8vxSEzEZEzFdDwaj8XjcSWeiKvxZDwVM/utDvIjFzt9AAAAAAAAAAAAAAAAAAAAeEjcZ/9/oXf//+hFTxkAAAAAAAAAAAAAAAAAAAAeOkf3/xcjHuD7/wAAAAAAAAAAAAAAAAAAAMBZuM/3/4/s/3/R/n8AAAAAAAAAAAAAAAAAAAAYhFL7ZzGlUsT659tL20vt33b5/EqsRjUqcT2m4s/Y3/3f1j6++drCjetp33S8tH6nk7+zvTTUnZ8dnorpQt/8bDufuvOjMX44PxdTcaX/+HN986V4/rlW/rN2vhxT8dMHUYtqLEcUOme/n/90NqVX31gY685fa7U71tCAlwUAAADOUjn9o/f5fafTqG99u6rzfJ46LQsn/H/gyPN5Ma4VL+qsOVBvfryWVauVrVMejBzfz0h3yVin5anHKkRE1hWfHP9tsdXlaSd/ZgdD5zro8Mltjq7FTOnEDi8dWsEo/g8u5hkc/P7VoZJSDGqs4dafc0/VwQXNqq3757/rMHbyfKCXZaRf1ehJqePvGYUB3o84X/cW/aJnAgAAAAAAAAAAwIPo+/bfWET0vA/4UU/Jwevh3fHeno8f/YtzOEMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+ZgeOBQAAAACE+Vun0bEBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwVQAAAP//kh3BBA==") r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='.\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000180)=ANY=[], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xf2, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffd000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) truncate(&(0x7f0000000080)='./file1\x00', 0x400000f000) getdents64(r0, &(0x7f0000000f80)=""/4096, 0x1000) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000000380)={[{@delalloc}, {@data_err_abort}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@dioread_lock}, {@data_err_ignore}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x4007b1}}, {@data_err_ignore}, {@grpquota}, {@nobh}, {@user_xattr}, {@bh}, {@dioread_nolock}]}, 0x1, 0x553, &(0x7f0000000a40)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==") setitimer(0x2, &(0x7f0000000900)={{}, {0x0, 0x2710}}, &(0x7f0000000940)) r4 = creat(0x0, 0x0) pwrite64(0xffffffffffffffff, &(0x7f00000002c0), 0x0, 0x8080c61) socket$packet(0x11, 0x3, 0x300) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r4, 0x89f1, &(0x7f0000000180)={'ip6tnl0\x00', &(0x7f0000000100)={'ip6_vti0\x00', 0x0, 0x2b, 0x80, 0x5, 0xd41, 0x0, @empty, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0xe8, 0x40, 0xfe00000, 0x7}}) ioctl$FS_IOC_GETFSLABEL(r4, 0x81009431, &(0x7f0000000740)) getsockopt$inet_IP_XFRM_POLICY(r4, 0x0, 0x11, 0x0, &(0x7f00000002c0)) ioctl$ifreq_SIOCGIFINDEX_team(r4, 0x8933, &(0x7f0000000300)) socket(0x840000000002, 0x3, 0xff) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000080), &(0x7f00000000c0)=0xc) syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x201040, &(0x7f0000000440)={[{@errors_remount}, {@jqfmt_vfsold}, {@dioread_nolock}, {@nodioread_nolock}, {@dioread_nolock}, {@minixdf}, {@dioread_nolock}]}, 0x1, 0x573, &(0x7f0000000ec0)="$eJzs3T1sG+UbAPDnzvG/X/mTIoEEqEMFSEWq6iT9gMLUrohKlTogsUDkuFEVJ47iBJooQ7pXiA4IUJeywcAIYmBALIysLCBmpIpGIDUdwMhfaZo4wSl1XHK/n3T2vfee/bzvnZ/XvtOdHEBmHa0/pBHPRsTFJGJoXd1AtCqPNtdbXVkq3ltZKiZRq136LYkkIu6uLBXb6yet50MRsRwRz0TEd/mI4+nmuNWFxcmxcrk02yoPz03NDFcXFk9cmRqbKE2Upk+98uqZs6fPjJ4cXf+ye7X1pfzO+nr95xvvX//h9Vs3Pv/iyHLxw7EkzsVgq259Px6l5jbJx7kNy0/3IlgfJf1uAA8l18rzeio9HUORa2V9J7WhXW0a0GO1fRE1IKMS+Q8Z1f4dUD/+bU+7+fvj9vnmAUg97mpratYMNM9NxP7GscnB35MHjkzqx5uHd7Oh7EnL1yJiZGBg8+c/aX3+Ht7Io2ggPfXt+eaO2rz/07XxJzqMP4Ptc6f/Unv8W900/t2Pn9ti/LvYZYw/3/rlky3jX4t4rmP8ZC1+0iF+GhHvdBn/5ptfn92qrvZpxLHoHL8t2f788PDlK+XSSPOxY4xvjh15bbv+H9wifvOc7f7G10yn7T/TZf+/+v7L55e3if/SC9vv/07b/0BEfNBl/CfvfvbGVnW3ryV36r8Cdrr/68tudRn/5XNHf+pyVQAAAAAAAAAAYAfSxrVsSVpYm0/TQqF5D+9TcTAtV6pzxy9X5qfHm9e8HY582r7SaqhZTurl0db1uO3yyQ3lU7lWwNyBRrlQrJTH+9x3AAAAAAAAAAAAAAAAAAAAeFwc2nD//x+5xv3/G/+uGtirtv7Lb2Cvk/+QXQ/mf9K3dgC7z/c/ZFZN/kN2yX/ILvkP2SX/IbvkP2SX/Ifskv8AAAAAAAAAAAAAAAAAAAAAAAAAANATFy9cqE+1eytLxXp5fGBhfrLy7onxUnWyMDVfLBQrszOFiUplolwqFCtT//R+SaUyMxLT81eH50rVueHqwuLbU5X56fZ/ipbyPe8RAAAAAAAAAAAAAAAAAAAA/PcMNqYkLURE2phP00Ih4v8RcTjyyeUr5dJIRDwRET/m8vvq5dF+NxoAAAAAAAAAAAAAAAAAAAD2mOrC4uRYuVyazcjMwE5WjojlR9uM+jvu+FX51r56XLahmSzM9HlgAgAAAAAAAAAAAAAAAACADLp/02+3r/irtw0CAAAAAAAAAAAAAAAAAACATEp/TSKiPh0benFwY+3/ktVc4zki3rt56aOrY3Nzs6P15XfWls993Fp+sh/tB7rVztN2HgMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD3VRcWJ8fK5dJsD2f63UcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAh/F3AAAA///pCdd8") openat(0xffffffffffffff9c, 0x0, 0x141042, 0x0) r5 = syz_clone3(&(0x7f0000001880)={0x100000200, 0x0, 0x0, 0x0, {0x39}, 0x0, 0x0, 0x0, 0x0}, 0x58) tgkill(r5, r5, 0x11) 15m27.225270017s ago: executing program 3 (id=196): syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000c80)='./file1\x00', 0x210000, &(0x7f0000000580)={[{@jqfmt_vfsv1}, {@resgid}, {@nodioread_nolock}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@resgid}, {@errors_remount}, {@grpid}, {@orlov}]}, 0xfc, 0x572, &(0x7f0000003780)="$eJzs3d9rW1UcAPDvTdPup66DMdQHGezByVy6tv6YIDgfRYcDfZ+hvSuj6TKadKx14PbgXnyRIYg4EP8A330c/gP+FQMdDBlFH0So3PSmy9qkv5aZbPl84Lbn5N7bc78593t7Tm5CAhhYx7IfhYiXI+KbJOJQy7pi5CuPrW63/PD6VLYksbLy6Z9JJPljze2T/PeBvPJSRPz6VcTJwsZ2a4tLs+VKJZ3P62P1uStjtcWlU5fmyjPpTHp5YnLyzFuTE+++83bXYn39/N/ff3L3wzNfH1/+7uf7h28ncTYO5uta43gCN1orx8r/5qXhOLtuw/EuNNZPkl4fALsylOf5cGTXgEMxlGc98Pz7MiJWgAGVyH8YUM1xQHNu36V58DPjwQerE6BG7COt8RdXXxuJvY250f7l5LGZUTbfHe1C+1kbv/xx53a2xOavQ+zbog6wIzduRsTpYnHj9T/Jr3+7d7rx4vHm1rcxaP9/oJfuZuOfN9qN/wpr459oM/450CZ3d2Pr/C/c70IzHWXjv/fajn/XLl2jQ3nthcaYbzi5eKmSno6IFyPiRAzvyeqb3c85s3xvpdO61vFftmTtN8eC+XHcL+55fJ/pcr0cESNPEnfTg5sRrxTbxZ+s9X/Spv+z5+P8Nts4mt55tdO6reN/ulZ+initbf8/uqOVbH5/cqxxPow1z4qN/rp19LdO7fc6/qz/928e/2jSer+2tvM2ftz7T9pp3W7P/5Hks0a5mQTXyvX6/HjESPLxxscnHu3brDe3z+I/cXzz61+78z+bfH2+zfhvHbnVcdN+6P/pHfX/zgv3Pvrih07tb6//32yUTuSP5Ne/9vJzZbsH+KTPHwAAAAAAAPSTQkQcjKRQWisXCqXS6vs7jsT+QqVaq5+8WF24PB2Nz8qOxnCheaf7UMv7Icbz98M26xPr6pMRcTgivh3a16iXpqqV6V4HDwAAAAAAAAAAAAAAAAAAAH3iQIfP/2d+H+r10QFPXeOLDfb0+iiAXtjyK/+78U1PQF/aMv+B55b8h8El/2FwyX8YXPIfBpf8h8El/2FwyX8AAAAAAAAAAAAAAAAAAAAAAAAAAADoqvPnzmXLyvLD61NZffrq4sJs9eqp6bQ2W5pbmCpNVeevlGaq1ZlKWpqqzm319yrV6pXxiVi4NlZPa/Wx2uLShbnqwuX6hUtz5Zn0Qjr8v0QFAAAAAAAAAAAAAAAAAAAAz5ba4tJsuVJJ5xU6Ft6PvjiMpxngql3tXuyXKBQ6FG7m3buzvXp4UQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAdf4LAAD//++4Mnc=") open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r0 = open(&(0x7f00000005c0)='./bus\x00', 0x145000, 0x30) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) preadv2(r0, &(0x7f0000000040)=[{&(0x7f0000001200)=""/4096, 0xfffffdef}], 0x1, 0x0, 0x0, 0x7) 15m24.647856924s ago: executing program 3 (id=205): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg$ETHTOOL_MSG_DEBUG_SET(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f00000001c0)='./file1\x00', 0x3014850, &(0x7f00000006c0)={[{@noquota}, {@barrier_val={'barrier', 0x3d, 0x1000}}, {@grpjquota}, {@noauto_da_alloc}, {@dioread_lock}]}, 0x3, 0x4d7, &(0x7f0000001480)="$eJzs3d9rW9cdAPDvle3YSZzZ2faQBZaFLcMJWyQ7XhKzh8yDsT0FlmXvnmfLxli2jCUnsQnDYX/AYOwX61Of+lLocymU/AmlEGjfSyktoU3Shz60VZF01aSO/AtbVmJ9PnB8z/2h+/0em3uso3PRDaBjnY2I8YjoiogLETGQbs+kJdbrpXrc40d3p6oliUrl5qdJJOm2xrmSdHk8fVlfRPzpDxF/TZ6PW1pdm58sFPLL6XquvLCUK62uXZxbmJzNz+YXx0dHroxdHbs8Nrxvbb32u4/+84/Xfn/t7V/e/mDik/N/q6bVn+57th07sb7D4+pN76n9Lhq6I2J5N8FeYF1pe3ranQgAADtSfY///Yj4aUQ8+X+7swEAAABaofKb/vgyiagAAAAAh1amdg9sksmm9wL0RyaTzdbv4f1hHMsUiqXyL2aKK4vT9XtlB6MnMzNXyA+n9woPRk9SXR+p1Z+uX9qwPhoRJyPiXwNHa+vZqWJhut0ffgAAAECHOL5h/P/5QH38DwAAABwyg+1OAAAAAGg5438AAAA4/DYd/yfdB5sIAAAA0Ap/vH69WiqN519P31pdmS/eujidL81nF1amslPF5aXsbLE4W/vOvoXtzlcoFpd+FYsrd3LlfKmcK62uTSwUVxbLE7Xnek/kPScaAAAADt7Jn9x/P4mI9V8frZWqI+m+HYzVx1ubHdBKmd0dnrQqD+DgdbU7AaBt3OALnct8PLDNwP7fG9Z3+bEBAADwIhj60Z7m/80HwkvMQB46l/l/6Fzm/6Fzmf+HDte7/SF9m+14Z59zAQAAWqa/VpJMNp0L7I9MJpuNOFF7LEBPMjNXyA9HxPci4r2Bnt7q+ki7kwYAAAAAAAAAAAAAAAAAAAAAAACAl0ylkkQFAAAAONQiMh8n6YP8hwbO9W/8fOBI8sVAbRkRt1+5+d87k+Xy8kh1+2ffbi//L91+qbEFAAAAaKfGOL0xjgcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/fT40d2pRjnIuA9/GxGDzeJ3R19t2ffmQEQce5JE9zOvSyKiax/ir9+LiFPN4ifVtGIwzWJj/ExEHG1z/OP7EB862f1q/zNevf56Nlx/mThbWza//rrTslcPz27W/2Ua/V+tn2vW/53Y+tR9jcrpB2/kNo1/L+J0d/P+pxE/2WP/+5c/r61ttq/yasTQNv9/qrFy5YWlXGl17eLcwuRsfja/ODo6cmXs6tjlseHczFwhn/5sGuOfP37r663af6xp/Hr/u1X7zz1/ut5mMb56cOfRD7aIf/5nzf/+p7aIX/3d/zz9P1DdP9Sor9frzzrz+rtntmr/9Cbt3+7vf36zk25w4cbfP9zhoQDAASitrs1PFgr55ZejElF/V/6i5KOispdKV8tD3Egv9F2/vL39EgAAsP+evulvdyYAAAAAAAAAAAAAAAAAAADQuVr+PWe93/1mgb72NRUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYEvfBAAA///DTM7p") rename(&(0x7f00000034c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000f40)='./file0\x00') 15m23.876162052s ago: executing program 33 (id=205): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg$ETHTOOL_MSG_DEBUG_SET(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f00000001c0)='./file1\x00', 0x3014850, &(0x7f00000006c0)={[{@noquota}, {@barrier_val={'barrier', 0x3d, 0x1000}}, {@grpjquota}, {@noauto_da_alloc}, {@dioread_lock}]}, 0x3, 0x4d7, &(0x7f0000001480)="$eJzs3d9rW9cdAPDvle3YSZzZ2faQBZaFLcMJWyQ7XhKzh8yDsT0FlmXvnmfLxli2jCUnsQnDYX/AYOwX61Of+lLocymU/AmlEGjfSyktoU3Shz60VZF01aSO/AtbVmJ9PnB8z/2h+/0em3uso3PRDaBjnY2I8YjoiogLETGQbs+kJdbrpXrc40d3p6oliUrl5qdJJOm2xrmSdHk8fVlfRPzpDxF/TZ6PW1pdm58sFPLL6XquvLCUK62uXZxbmJzNz+YXx0dHroxdHbs8Nrxvbb32u4/+84/Xfn/t7V/e/mDik/N/q6bVn+57th07sb7D4+pN76n9Lhq6I2J5N8FeYF1pe3ranQgAADtSfY///Yj4aUQ8+X+7swEAAABaofKb/vgyiagAAAAAh1amdg9sksmm9wL0RyaTzdbv4f1hHMsUiqXyL2aKK4vT9XtlB6MnMzNXyA+n9woPRk9SXR+p1Z+uX9qwPhoRJyPiXwNHa+vZqWJhut0ffgAAAECHOL5h/P/5QH38DwAAABwyg+1OAAAAAGg5438AAAA4/DYd/yfdB5sIAAAA0Ap/vH69WiqN519P31pdmS/eujidL81nF1amslPF5aXsbLE4W/vOvoXtzlcoFpd+FYsrd3LlfKmcK62uTSwUVxbLE7Xnek/kPScaAAAADt7Jn9x/P4mI9V8frZWqI+m+HYzVx1ubHdBKmd0dnrQqD+DgdbU7AaBt3OALnct8PLDNwP7fG9Z3+bEBAADwIhj60Z7m/80HwkvMQB46l/l/6Fzm/6Fzmf+HDte7/SF9m+14Z59zAQAAWqa/VpJMNp0L7I9MJpuNOFF7LEBPMjNXyA9HxPci4r2Bnt7q+ki7kwYAAAAAAAAAAAAAAAAAAAAAAACAl0ylkkQFAAAAONQiMh8n6YP8hwbO9W/8fOBI8sVAbRkRt1+5+d87k+Xy8kh1+2ffbi//L91+qbEFAAAAaKfGOL0xjgcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/fT40d2pRjnIuA9/GxGDzeJ3R19t2ffmQEQce5JE9zOvSyKiax/ir9+LiFPN4ifVtGIwzWJj/ExEHG1z/OP7EB862f1q/zNevf56Nlx/mThbWza//rrTslcPz27W/2Ua/V+tn2vW/53Y+tR9jcrpB2/kNo1/L+J0d/P+pxE/2WP/+5c/r61ttq/yasTQNv9/qrFy5YWlXGl17eLcwuRsfja/ODo6cmXs6tjlseHczFwhn/5sGuOfP37r663af6xp/Hr/u1X7zz1/ut5mMb56cOfRD7aIf/5nzf/+p7aIX/3d/zz9P1DdP9Sor9frzzrz+rtntmr/9Cbt3+7vf36zk25w4cbfP9zhoQDAASitrs1PFgr55ZejElF/V/6i5KOispdKV8tD3Egv9F2/vL39EgAAsP+evulvdyYAAAAAAAAAAAAAAAAAAADQuVr+PWe93/1mgb72NRUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYEvfBAAA///DTM7p") rename(&(0x7f00000034c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000f40)='./file0\x00') 14m37.050377148s ago: executing program 5 (id=315): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x24}}, 0x0) getsockname$packet(r1, 0x0, &(0x7f0000000100)) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000000016000000", @ANYRES32, @ANYBLOB="0000000200000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000140)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x4) syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r3) getsockname$packet(r3, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) sendmsg$nl_route_sched(r2, &(0x7f0000000280)={0x0, 0x11, &(0x7f0000000300)={&(0x7f00000003c0)=@delchain={0x3c, 0x2c, 0xf31, 0x0, 0x2000, {0x0, 0x0, 0x0, r4, {}, {0xfff2, 0xffff}, {0xffff, 0x1}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_FLAGS={0x8, 0x16, 0x2}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4008844}, 0x4010) 14m33.235903039s ago: executing program 5 (id=321): r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="180000000100000000000000000000009500000000"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r0, 0x2, 0x0, 0x2d, 0x0, 0x0, 0x1, 0x0, 0x48, 0x0, &(0x7f0000000000)="18", 0x0}, 0x48) 14m33.04217292s ago: executing program 5 (id=322): socket$nl_route(0x10, 0x3, 0x0) r0 = syz_mount_image$ext4(&(0x7f00000001c0)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x20081e, &(0x7f00000020c0), 0x1, 0x4fb, &(0x7f0000000500)="$eJzs3U1vW1kZAODXzpeTyUwywywAIaYMAwVVdRJ3JhrNAoYVQqgSokuQ2pC4URQ7jmKnNKGL9j8gUYkVLPkBrLviJyDYsYEFEh8RqKnE4qJ7bbduajduk9hp/DzS1b3nnmu/5yS559hvEp8ARtaliLgfEZMRcSsi5lrnc60tPm9u6XWPD+6tHh7cW81Fktz4Vy6rT89Fx2NSb7WesxARP/5+xM9yL8at7+1vrlQq5Z1mcXqhUd1eqO/tX92orqyX18tbpdLy0vLip9c+KZ1aXz+oTjYPxtIGfvsXabNmW3Wd/ThNza5PPI2TGo+IH55FsCEYa/VnctgN4bXkI+K9iPgwu//nYiz7bgIAF1mSzEUy11kGAC66fJYDy+WLrVzAbOTzxWIzh/d+zOQrtXrjyu3a7tZaM1c2HxP52xuV8mIrVzgfE7m0vJQdPyuXjpSvRcS7EfHLqemsXFytVdaG+cIHAEbYW0fm//9ONed/AOCCKwy7AQDAwJn/AWD0mP8BYPSY/wFg9Jj/AWD0mP8BYPSY/wFgpPzo+vV0Sw5bn3+9dmdvd7N25+paub5ZrO6uFldrO9vF9VptPfvMnupxz1ep1baXPo7du/Pf2a43Fup7+zertd2txs3sc71vlicG0isA4GXe/eDRn3MRcf+z6WyLjrUczNVwseWH3QBgaMaG3QBgaKz2BaPrBO/xpQfgguiyRO9zChExffTqJEmSs20WcIYuf0n+H0ZVR/7fXwHDiJH/h9HVb/7/uPwA8OZJkly/a/5HvxcCAOebHD/Q4/39e63971q/HPjp2tErHp5lqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOB8a6//W2ytBT4b+XyxGPF2RMzHRO72RqW8GBHvRMSfpiam0vLSkNsMAJxU/u+51vpfl+c+mj1aO5l7MpXtI+Lnv77xq7srjcbOH9Pz/356vvGwdb40jPYDAMdpz9PZvuON/OODe6vtbZDt+cf3IqLQjH94MBmHT+OPx3i2L8RERMz8J9cqN+U6chcncf9BRHyxW/9zMZvlQJornx6Nn8Z+e6Dx88/Fz2d1zX36tfjCK0dO5k6h+fBGe5SOP593u//ycSnbd7//C9kIdXKt8S99qtXDbAx8Fr89/o31GP8u9Rvj4z/8oHk0/WLdg4gvj0e0Yx92jD/t+Lke8T/qM/5fvvLVD3vVJb+JuBzd43fGWmhUtxfqe/tXN6or6+X18laptLy0vPjptU9KC1mOeqH3bPDPz66806su7f9Mj/iFY/r/jT77/9v/3frJ114S/1tf7xY/H++/JH46J36zz/grM78v9KpL46917X9b7/5f6TP+X/+2/8Ky4QDA8NT39jdXKpXyziAP2i8kBhrUwQU4SH9qzkEzuh58d1CxJuOVHpUkrxWr14hxGlk34Dxo3utJeScingy7MQAAAAAAAAAAAAAAQFeD+I+lYfcRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAi+v/AQAA//+XC86k") truncate(0x0, 0x1fff) r1 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x107041, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) fstatfs(0xffffffffffffffff, &(0x7f0000000c40)=""/255) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) ioctl$EXT4_IOC_MOVE_EXT(r1, 0xc028660f, &(0x7f0000000280)={0x0, r0, 0xffffffffffffffff, 0xfaf0, 0xa66, 0x1}) r3 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) unshare(0x22020400) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{}, 0x0, &(0x7f0000000040)}, 0x20) r4 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x802) io_setup(0x3, &(0x7f0000000140)) readv(r4, &(0x7f0000000e00)=[{&(0x7f0000000380)=""/38, 0x26}], 0x1) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000640)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x30, 0x30, 0x5, [@typedef={0x4, 0x0, 0x0, 0x7}, @typedef={0x4, 0x0, 0x0, 0x8, 0x1}, @union={0x0, 0x1, 0x0, 0x5, 0x1, 0x0, [{0x0, 0x2}]}]}, {0x0, [0x0, 0x0, 0x0]}}, &(0x7f0000000340)=""/142, 0x4d, 0x8e, 0x1, 0x0, 0x0, @void, @value}, 0x28) r5 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_GET_FREE(r5, 0x4c82) 14m31.551249232s ago: executing program 5 (id=329): bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = dup(r0) r2 = epoll_create1(0x0) r3 = openat$vcs(0xffffffffffffff9c, &(0x7f00000020c0), 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r5, &(0x7f0000032680)=""/102400, 0x19000) bpf$PROG_LOAD(0x5, 0x0, 0x0) write$UHID_INPUT(r1, &(0x7f0000001040)={0xa, {"a2e3ad08ed6b52f99cfbf4c087f71e9b3d0963ff7fc6e5539b9b3b0a8b9b441b4552101b080d29558f0e1ac6e7049b3468959b189a242a9b4bf3988f7ef319520700ffe8d178708c523c921b1b23380a169b63d336cd3b78130daa61d8e81aea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f309f4cff7738596ecae8707ce065cd5b91cd0ae193973735b36d5b1b63e91c00305d3f46635eb016d5b1dda98e2d749be7bd1d020000000000000075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecd03aded6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801000000005b6bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27afc953854a642c57519544ae15a7e454dea05918b412435111c8f11baa500a3621c56cea8d20ff911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269caf12c31357c8219793e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a687974e7b4ab01b7f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a60560a22f1fca567e65d5e880572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5120000008213b704c7fb082ff27590678ef9f190bae979babc7041d860420c5664ba7921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da3710ac000000001a527777a5371f87d0d4aa202fd28f28381aab144a5d429a04a689b83c7068ae949ef06e288e810bac9c76600025e19c907f8ea2e2f05dd3318271a1f5f8528f227e79c1388dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eefc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f103000000416d59fdee5325928974d12dad99dac44c3f0008047096a44060bebc2420aed92fa9b6578b4779415d97b9a6d601005c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac292d9e53803ed000000009737d214060005ea6f1783e287b3bee96e3a7288afe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f48fe4eae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf02b98a269b891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efedfd71af9444e197f47e866101496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b09114edb8e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615f7084a607a7eceb6243378e0610060f02cca4051c2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c4e15a7b6eb65ca8104e1b4da1fbb67ab2fc043aead87c32ab875ee7c2e7b7019c902cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe529003d1802d5676d95f160ec97b1ad948741b2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd73643de50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c1023bf70cc77737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73c497579773767075428067e7f16f4dde374f8211fef42cb468e623daf60b3569d462f4f19eacdb3ed70eeebb4483f070077d443e8b40426db6fe29068c0ca3d3414442e863a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae44369ddb4581c55925d0f6f1ba471eba281f259152f85e654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b405177548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd84e935e00785ec27e923911fab964c271556527697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9ddbfb96d6144345f48843dd014e5c5ad8fe995754bd9cf32fce1e7027132f2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5336651b1b9bd522d60399473296b831dbd933d93994ba30b4279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee29165895ac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463181f4b87c10772d2b13f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76d57227edff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f84fad6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b30f0b932a4d02da711b757fe43c06d21e759595e4e98b27faea8aa12bc8040000000000000033eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d0000010000000000fcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cb0b3e35cb80dd349e891aef595dc4d080e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c60edddab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec014508e5247d33ae6c962d35603ff8454c16f8342856935125102bb784ed704887071f3d998efdd9923c954ab6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6ff7ffb1d62458d0741a12830052fcc460db043afe525629b40d7cee65802cb5e930ed624806c43a006dc9336d07c2b8081c188d26558f48261f7897084c2a1a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da3932ba5c04c24a560ad80a3ce654578376e599aff3565b1d531f30912b99e6619ebe93cc0b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c0ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e6491953264c7b34252600c9654e502dcea39cb0800eb69992e234b4ca7db2f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc640df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c6000064b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ff1aa7082ead01a9b03c37b0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058093fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006) r6 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0x0) write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000001040)={0xd, {"a2e3ad21ed6b0af99cfbf4c007f70eb4d04fe7ff7fc6e5539b0872fc8b546a1b4d09940f08900c878f0e1ac6e7049b4cb4956c409b3c2a0867f3988f7ef319520100ffe8d178708c523c921b1b0f5a0a169b50d336cd3b78130daa61d8f809ea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f309f4cff7738596ecae8707ce065cd5b91cd0ae193973735b36d5b1b63e91c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecd03aded6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca5b6bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27afc953854a642c57519544ae15a7e454dea05918b4124351601611c8f11baa500a3621c56cea8d20ff911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a60560a22f1fca567e65d5e880572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5120000008213b704c7fb082ff27590678ef9f190bae979babc7041d860420c5664ba7921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202fd28f28381aab144a5d429a04a689b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2f05dd3318271a1f5f8528f227e79c1388dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eefc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44060bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a7288afe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f48fe4eae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf02b98a269b891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efedfd71af9444e197f47e866101496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615f7084a607a7eceb6243378e0610060f02cca4051c2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c4e15a7b6eb65ca8104e1b4da1fbb77ab2fc043aead87c32ab875ee7c2e7b7019c902cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad948741b2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd73643de50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c1023bf70cc77737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73c497579773767075428067e7f16f4dde374f8211fef42cb468e623daf60b3569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe29068c0ca3d3414442e863a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae44369ddb4581c55925d0f6f1ba471eba281f259152f85a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e05130935e00785ec27e923911fab964c271556527697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9ddbfb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e7027132f2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5336651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee29165895ac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463181f4b87c10772d2b13f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76d57227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f84fad6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b3110b932a4d02da711b757fe43c06d21e35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc238a081ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cb0b3e35cb80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c60edddab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec014508e5247d33ae6c962d35603ff8454c16f8342856935125102bb784ed714887071f3d998efdd9923c954ab6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee658e4cb5e930ed624806c43a006dc9336d07c2b8081c128ad2706f48261f7897084c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da3932ba5c04c24a560ad80a3ce654578376e599aff3565b1d531f30912b99e6619ebe93cc0b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e6491953264d2700c838fa2c7b34252600c9654e502dcea39cb6bc3eb69992e234b4ca7db2f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ff1aa70826ad01a9b03c37b0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1010}}, 0x1b7) ioctl$SNDRV_PCM_IOCTL_FORWARD(r6, 0x40084149, &(0x7f0000000040)=0x2000001) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x0, &(0x7f0000000140), 0x1, 0x549, &(0x7f0000000540)="$eJzs3c9vI1cdAPDvTH65222zCz1ABewChQWt1t5421XVS8sFhKpKiIoD4rANiTcKseMQO6UJkUj/BpBA4gR/AgckDkg9ceDGEYkDQpQDUoEItEHiYDRjJ+smNmtqx+7Gn480O/Pmzcz3PWdn3vNz4hfA1LoeEQcRMR8Rb0TEYmd/0lnilfaSHffgcH/l6HB/JYlW6/W/J3l+ti+6zsk82blmISK+/pWIbydn4zZ29zaWq9XKdiddata2So3dvVvrteW1ylpls1y+u3T39ot3XiiPrK7Xar9478vrr37j17/65Lu/O/ji97NiXe7kdddjlNpVnzuJk5mNiFfPI9gEzHTW8xMuBx9MGhEfiYjP5Pf/Yszk/zsBgIus1VqM1mJ3GgC46NJ8DCxJixGRpp1OQLE9hvdMXEqr9Ubz5v36zuZqe6zsSsyl99erldtXF/7w3fzguSRLL+V5eX6eLp9K34mIqxHxo4Un8nRxpV5dnUyXBwCm3pPd7X9E/GshTYvFgU7t8akeAPDYKEy6AADA2Gn/AWD6aP8BYPoM0P53Puw/OPeyAADj4f0/AEwf7T8ATB/tPwBMla+99lq2tI4633+9+ubuzkb9zVurlcZGsbazUlypb28V1+r1tfw7e2qPul61Xt9aej523io1K41mqbG7d69W39ls3su/1/teZW4stQIA/per1975fRIRBy89kS/RNZeDthoutnSERwGPl5lhTtZBgMea2b5geg3UhOedhN+ee1mAyej5Zd6Fnpvv95P/I4jfM4IPlRsfH3z83xzPcLEY2Yfp9cHG/18eeTmA8TP+D9Or1UpOz/k/f5IFAFxIQ/wKX+sHo+qEABP1qMm8R/L5PwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFwwlyPiO5GkxXwu8DT7Ny0WI56KiCsxl9xfr1ZuR8TTcS0i5hay9NKkCw0ADCn9a9KZ/+vG4nOXT+fOJ/9eyNcR8b2fvv7jt5abze2lbP8/TvYvHE8fVn543hDzCgIAg/vzIAfl7Xe5s+56I//gcH/leDnHMp7x3pdOJh9dOTrcz5d2zmy0Wq1WRCHvS1z6ZxKznXMKEfFsRMyMIP7B2xHxsV71T/KxkSudmU+740cn9lNjjZ++L36a57XX2cv30RGUBabNO9nz55Ve918a1/N17/u/kD+hhpc//woRx8++o674s51IMz3iZ/f89UFjPP+br57Z2Vps570d8exsr/jJSfykT/znBoz/x0986ocv98lr/SziRvSO3x2r1KxtlRq7e7fWa8trlbXKZrl8d+nu7RfvvFAu5WPUpeOR6rP+9tLNp/uVLav/pT7xCz3rP39y7ucGrP/P//PGtz79MLlwOv4XPtv75/9Mz/htWZv4+QHjL1/6Zd/pu7P4q33q/6if/80B47/7l73VAQ8FAMagsbu3sVytVraH2sjehY7iOmc2siIOdvBxd3G4oH+KfGNEL0ufjawzNsjBc+f1qp77xuxJX3G0V/5mdsUxVycdeS2G2ngwrliTeyYB4/Hwpp90SQAAAAAAAAAAAAAAgH7G8adLk64jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF9d/AwAA//8+JMPM") setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x67, &(0x7f0000000040)=0x91, 0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x18, 0x3, &(0x7f0000000080)=@framed={{0x18, 0x8}}, &(0x7f0000000200)='GPL\x00', 0x6, 0xee, &(0x7f0000000340)=""/238, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) socket(0x10, 0x3, 0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x44000) 14m27.291824923s ago: executing program 5 (id=333): r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000010000000000000000"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r0, 0x2, 0x0, 0x2d, 0x0, 0x0, 0x1, 0x0, 0x48, 0x0, &(0x7f0000000000)="18", 0x0}, 0x48) 14m23.387855065s ago: executing program 5 (id=340): syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000c40)='./file1\x00', 0x810410, &(0x7f00000059c0)=ANY=[], 0x5, 0x1e5, &(0x7f00000001c0)="$eJxiGAWjYBSMWPDo4dcHvU4WIToMDAw8DCoM7FDxF8wINUxI6u/MLNWeaus6Z9PtpUfy+Gp3IWR2ffQJI91+kNkHHJkZSqD8/////0eWV4HSIQxMIDYLTFwTSoczMDKoQtkJf/jh+lIZGBkioewsJHY+J5SRk6qXnJ+TkpaZk2oAIgxBhBGIMEa2H2Th20ZGhhQGBgYOqPsYkeSLK6uyE3NyUovQGaz/YfZgSJHKwBd+YPc5MjHYIoUfKEwjOpobQXw9qLgBJPzAwJCBicEQyjZmYGQIhrItGNgZ9PT0EEGC5H8pFoT5zMT4fzAwBHUHhTNwM5gYaGEyIwNDA7IIA8nm/IcWAzTxO/tAJxtGdBFQhoaLiL3ddRpT11PKbWccqCwDLrgYGBgwpC5xUWYyG9RHWNUgyidGFgYGdaTyiQVRjDPol+QW6BdXVulm5iamp6an5hkZGZsZmBgYmBrpgwsiCImn/OMAl09cSOazIskj111sjGwMFYklJUWGFQwMJUWGcL4RhEQqcYO35b+B63/byMSgoQwxAxSJYG+zY3cPIwQjyWow43T8KBgFo2AUjIJRMApGwSgYBaNgFIyCUTAKRsEoGAWjYBSQBOQZGMGjoNCJqv84gFEAWDUgAAD//6kpX/Y=") r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB="24000000240001052dbd7000fedbdf250030"], 0x24}, 0x1, 0x0, 0x0, 0x8004}, 0x800) 14m22.451199844s ago: executing program 34 (id=340): syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000c40)='./file1\x00', 0x810410, &(0x7f00000059c0)=ANY=[], 0x5, 0x1e5, &(0x7f00000001c0)="$eJxiGAWjYBSMWPDo4dcHvU4WIToMDAw8DCoM7FDxF8wINUxI6u/MLNWeaus6Z9PtpUfy+Gp3IWR2ffQJI91+kNkHHJkZSqD8/////0eWV4HSIQxMIDYLTFwTSoczMDKoQtkJf/jh+lIZGBkioewsJHY+J5SRk6qXnJ+TkpaZk2oAIgxBhBGIMEa2H2Th20ZGhhQGBgYOqPsYkeSLK6uyE3NyUovQGaz/YfZgSJHKwBd+YPc5MjHYIoUfKEwjOpobQXw9qLgBJPzAwJCBicEQyjZmYGQIhrItGNgZ9PT0EEGC5H8pFoT5zMT4fzAwBHUHhTNwM5gYaGEyIwNDA7IIA8nm/IcWAzTxO/tAJxtGdBFQhoaLiL3ddRpT11PKbWccqCwDLrgYGBgwpC5xUWYyG9RHWNUgyidGFgYGdaTyiQVRjDPol+QW6BdXVulm5iamp6an5hkZGZsZmBgYmBrpgwsiCImn/OMAl09cSOazIskj111sjGwMFYklJUWGFQwMJUWGcL4RhEQqcYO35b+B63/byMSgoQwxAxSJYG+zY3cPIwQjyWow43T8KBgFo2AUjIJRMApGwSgYBaNgFIyCUTAKRsEoGAWjYBSQBOQZGMGjoNCJqv84gFEAWDUgAAD//6kpX/Y=") r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB="24000000240001052dbd7000fedbdf250030"], 0x24}, 0x1, 0x0, 0x0, 0x8004}, 0x800) 9m6.05178176s ago: executing program 0 (id=903): r0 = socket$netlink(0x10, 0x3, 0xb) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, 0x0, 0x0) sendto$inet(r1, 0x0, 0x0, 0x20000800, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_script(r3, 0x0, 0xb) write$binfmt_misc(r5, &(0x7f00000000c0), 0xfdef) splice(r2, 0x0, r5, 0x0, 0x80, 0x0) syz_fuse_handle_req(r2, &(0x7f0000004480)="b9c26168d753599e11c910d43bfb11c3f029c92f600145162f146948ff83649e20214d4f493d4878d43a0850a7a52157c2850bf22cf7ac86506c76d2b6e68b3a92418afc0e8d751c0847e2ab29567bc9ac154e9129c2f8f6ecdf3b1e01d4153c3d6ddd081d2f52da81f741c393f576537555e77e32c01d4c24ed95acc2a91344a5ac71a9b538a73a8b539054fd78477ffcc092b9565149571839141d559775bb730e45bda25239a212fdb05e0a289a37d09aa97c1b2d0e7beeba532fff5b3fd8ea38779140788d19da2e73fb9735b93b04fbfd71d528faf16fb3e44f68ecfa66ecc0b1bf206081c85d35966722e50189af5bf5764757809fe5b0f71fcd3ef0682c18407b30fdba9cc7738eaf8384c299ac1601174371400692ef393dab5605c076c5f8f63be1728e5097a7a7c4500f5e7d695456ca7d199e2452dfea678eb8ed5d5338c204a45ce552cd1c784caf99394b626b182c517647ac66678ac18f8eaf717833cd03172a13bdd72ae1adfd5bef7de1b014f0ff561cbcea00cbf128c0708499849adafd365f5449ccac4813bd4245e73be52c03042d05774702172ab7be4b5d02a58139b0940f74e461291eb660c97116046fc6f37626d8c074ac496b5fb7411f185ed5f3628cba30ea5001eafdd777c90fad6523ff3e351bceb2e632f05bc3e047ca08033d25570a8f6126564687f08b2b163da584f72527b36d889f832d08cc372dbd28e4ac5d01f928b3ecc4f8c70ad8d8740b8946f970bc1d0d55cfae389f9042a4f3154fd04b27d933cd99ead2249b50c4cb24e8669a01f80f04a56fa4cfbedd22e85e6ab5303b199a9c11226ce652bc6b8a0c100ae2bcc5dcda53fcadcb426c85ef8811bd3aa386d2527fd93aa794ce482e5928261f2a64119c7c10cb31fa5138772a57c43ba871137f82f58f8cb091868487cbca1c8393d44d5083cfe34a73a1200c75e822705892f363d399ee2b677a309d734b93e5353e5bf3cda67a3434c1a1756e689b546a229ce1b49ec051d87b21174f2267f39363468fa948207f4755a0af52cf8a1846f9662eb1ee7d369913601b7739745f26d6e2c955ccad2e7d50dfb782a78332dc07c0701dd784e7653c39169fff8c0154678bd6fc6f594a51658de6b7baf407f2d6485acaaba974b83c9562c83420b313d49aba5a9b9245fbd18d28597ecdbce6f998b301641a17155dc2ce0e62d4fd7a0a02c82a62e816507708527f9fb965418775876afdc50fb3ac8c82784afae6f98b92c944d130e37541d77ef0cfcee47a74701ae66421fc776bd79c7c36afa2362901ddd62e519055ee6cd654e84268322c0e99b3efe8109ceae8cd73dd72e300e74164db0766f143928eed749e2c40e2912dd9d57ebb6a348bde5d606e338c7d2a92207b39399a4f0fda75601cceb00651a68b76e52e4d834c82a5269ad1a242fdb8b18cb393ff7049a86f905b9a9e7edc37ab3b6cd11df571c7068f431c2f7b486777b23cf0e3bd589ec6d0cfeadc023f64634ec67e07b07565cc1bd288a6ee24c7a41eabf3747cbb7abbbad3c381da6a1b21abe5c6a882a155844d81323a45867dc6bbce9c48d53d426f2b105bfcb166cefa90343bc08b5b004f4bf05bd773975624bf098e07b3a7c1db53c372d41ac7257c9b696c80a74165bfe48bd0c6f37e1ae0beb523ff1f5fc94152ad71c93cd33b234abc800efcdffb7ce037a407440c800a467e3154968b72fa8aae80f8b653661a9e839c353a72ebb61393c991527f0d3ea406780da2acb635229c16a49ffdad88b007e9cb20d396a63f7c9f618454a2295b5a30a1eea359f88d490b2a3436608c4a7adffa7aa0e61cbb2340d0dcdad00552b5a006de96e7356f2b98865218291b16728ec95ede6feee838c27e4049cf0eab6f46c65c5024b89ba6ebcfa0545378929be28d88dcd7f1f42e33ea58bc3370ee591344f96259d82cd1b30e4205f69a9d40b601840e54e16eb711b0643c3dcb6ae97f8d261842b80a3ff84eadbbf121d0697d4744490a8a0f737786a8b4817f172eae68523569bf3db248b7c08b321b45d8cd385de22ed8a327abebd33f9c658632d2d18505317b1b9a9ce68eba93ea080b8ee400220dea4584947984491cabeccf66127611f0dc85e2784305c399f4a3c602f0787a49326bd23e4dcea0db83b601983fb98daaeb8f82e5d28e92ed5519436bcc8cd770ccd5002d0b12769a3c93b16c238d088d5bbbe86423610ab3a6840d1fd591bdf348a3a2b715b1e539a5544f0dddd83954d00ab6e8c9cfe6d446f4d9bcc912dff54b526d482ecc5805df2c259b52d6314c684c8fcdb2c790686edcc07608b5c068e91b48002f57a97ca8d78d23735a23d425b1599314f0c99f8c91e8f02f028be55e8b92e6e67375600fccc3ddfa02be04c45dd3f451f0c3d62d65ded63109a7b9b7406fed8d3e3d52eee9e120a276a05159e8ff235c52a23a2d9ac1f35d2d86557d6b7771107de5df52f49612418cc2fe60adb758ae40aac5b81559500e53dcd0d56856a86bc21fa357aac6c5215042bb9be0dc9b7a210ac4253f3710951fb5098b2233892ade0f9d33d44a980157fed2fb7a55f9e35f789139c02fe7a69578bea1ef8479b7a26f4957acfd1ac28147f215e4ba4757125e6de9ac3e1a2db16edf944daa186d1d72102fa1247bab6d6bd783945d977d642de5505a0c2015f2bd4d078c8c5faa8c9895bb247dc6559f9cf5d814b3cf534781c5931b66568252c911bc5d74d7d35dc0d84bfbd7af4c7f264380047661873bc6eef2abae5165d7daaff9f390bd4d0e2333c5867822d093627fe688f47e309235d8ef2ea0e3a5b0ca81c011fab088998f6da416194e19766f3f5fbc64c61fcb6e06afbb72dd578a964d0dd4243d0063c22adde6c4c1a243bc9c0d88b00e69f7f43be83077ff23037e1a5fc28bc86fbabd6f4a571209969b51302526bf1a18e472faa53f622f992465e9177f0fce7d2c7c247e0927415eb78655448367c77e7b3b63ec1dafed933cca7a5de7220716f8ede224eb457ed4bb5c596f16337da7000bc729730cf00783de38ac84c169a9f3ff6a7801c630ad1d801808f0f1afc1b43f3e1ac84352571292e5997bcbc9803881261ae228432fbba69a1c73463da7ba3206cc24b8a0c12b757196ed4ca52ee041a61b18460127962442fb88c04284dd77921085fc81d790fc4b9b2e8923d5d90fddb07d52133dc885f03219a50fa152391bfe8d064850a55ccdcaf2a34b39942c7ed373996ce0158f5aaae1c9762ec439ef8fbbbdf5ca4afd73dd7d753d4ca749e225ca511976c354d8035fe6e71a11f4ea0a0b4a70361cf0ce9b9d97cf97fdc4c5ee3c52a4bb5b22c696ced8be0e28f23539d75935943a885cbd9b2cd2899e1f920eb3e3d13dd5f8665a3a839d2920bc13215bfbda9d89c4e87ca3a05d5cb69d3e9c730b0e480655d9b2017da5c82285382aa8e96dc526dc21088d69a85130fd97eb17e306d49f04a8c953c223dcdfa56ad259fd56f59e9b3be8c78cb35b19ca61a7f0a0630e2d02f805f385c90a5cc5910128395bf4e5e42cce87e86acf1c7332b68d4b52207485d45f4ffedc6b569fa3f916d4d46507d9424da6f1796c612a8417d63c53c877e9ddd141532a8600831e2982c4ff43bbc4884e3b9f168552f8ff7508dd8d892dcae3fbd1fba5d0817f3911c5adf6ca414515e9fd0f6e80aa7f9901235a64e7a55c508b0064b79a060473816019a92e52a9309abb0cd921d052d01bfd98fc7951d795e46ea996ca7ed908c385b206d5bbf05728e503f257e78f066a34649175eebaea0e3bbdb942ceb0427efea3a532adef6c58c2cffbd24546034151ea47244c7c20a56f54e8248c94eab49b0577429f196290eb5bd81bcac1ca5618d7d21152f80a521b4433b366e1f3d5b4e0a8e6ec65af7cc75c2ebd09c63d93c758e67974feed1cc037aa1f0e5b8efbfae0a365b3591e4f2b187e14ec7cb986215a038f0ba1f6b593e498339e67f6a9cf77fe7f3de87fcb1ee7820ac7a79e377084ec9567fdc0110e7e23f4fde408847289b51e8578651284f5d07fe05f30b663d8ebbe4f31772e8f0db0c1b9c67e26086cab0a437326422e4b9d4cc684d8e71acdfabebeac531163323b9d5bc0e18bd9f2634676c5b4135aabf63d1460fed2149f28ca2a94f3b70ecd1e044cd29a12b5a49bae66bd5588a60a54b706949f7ed0a25e015474863b3180de23c57a7fda9b877e81aca83abbd242de87431fa29d976c434c3b05749d148984f8d7dde32552f2755cd63a74adf278a0ea50a57d66e1c328ae3bc618b0fa6d25514342f1e67c341e0d5596067a856888da1da646a6df00b5426a5b2372124ef55dba574f1384774fa22b478abd41473fb2fd000fe64933852b8236ee7350e8f1decf59a8c770cc78d17a94cc48fa794e40672f9b96d0c5aa2aa45ad8b5106160261f8359468b373df298917e1e1f087911eb3ede54635c3522f32045689659d29ecfe5ae5aab1a10b58346fa8fb07ab88d955a35e969677b90115ac1860e007c78bd4d71c4800b69690f3f7df1c67d4ec884e5d3be6c1a8c400ab64856ec5da45bbb7916ff9879d1b0aa840f42480aa1af7695967c739800d059428ca865680c5d604be2284f9e42ff3c922e5aa007e16b88de48178ae4676416c049af6aacbb6f9a93237c0986f5d69ea81fda80f5406b97468443d0c3596a89763c76cf6e8d156f075ae1ab5643555cccec0fcdeb69bf1f84ad67eb5688a19a3599a50175faa594f1d5c4c7f219729031b3b5d07fa6fba50dec701f5745edd067b08c7fa4985d9bf62b9677732a5d84c3aa04ce8f764ca3d9097aa18fc749948e471202b83b1879e1e7adcb61db720a73eb634f186499456e1c1fde97af78b34457090ed46eb5719edea8731f850109776d457bdf805cd8ed04d49c6bc9b99a866d0cfe773e088f020bdb2a1724cfb431f877a18aa96bdf936031cc92388f5dfe96737583a7fc6f57216f6fd6df77950d56e7545ca620bd5f1ef7c778686c9330493c27be0b2d3d23f0febc2592ce216c49efb9bf63c1043912f31e68874a4b24e4505a5e1905e5162120ca4f450613c3310eb8aef5d03412a5f24eeea37e5ad169009852e4419c02aa005a60b35fdc0ee38b1ea25f4b4b1157b687f0a05538a8e2ad23f5d0e93d96f368a43e649b83d7e235f5087eb603e29c0a962cb694b9a735bc52c3ed31a4f2ec8df2f031f2901e4b8959426b391989c831e0508c5da9f8e63b4c40f633f2ed358deb57692a0c7f8c51825c14d6e50d34af6d1d4a2a5be22c7da7db069fe031348f0cda5e624a19a58d15788929466d566e37603918eff9998fd0732879518eee0c4bdd48bcd6588d46ed2d103d56a5418bd7eb67f0d2569464e7d0d5636e2f249f0230e277ab112110ba76878f1211e15c1848669d846ac2364c5e1a1f3b1a39aa6df01932cf5a672d5afc0e8f9b7b9394b8cb1f9e49a06c9777c50b551c173af59090eddf11882b090779bd6d1fe41935e4c1c5ca2025bd4d38d912fade6e8e613d7dc73ffe578362a26361672fc1d9c42cfea9ee11c04db1a3821deebd5dc34761da811360a5b603a8bc820cb6525ad8e47b92cb2829c34dfe54e8ff2aee4d9023fac31c8f5caeb6bbf23b9c41df5d55e431443a91bd0c0cf61bb9b0cc10a3ab22977bceed06e6fa0d1d28a979e9acd51ed323f2f0912ca7465190020b2e1b21d013d3448cdb5de8a7340d6ee76eaecda4fa56fb002e629c1a5be282db354db5aa5dec70673f9c0f44672dae517204c00bcce97dfe191e2088f87e16911eed0b743d181bce7de164c0f6cafab39c4b053da580763065cddcb002f87de7bceb026b9742b5ac9f87c0f41de6c9b53a0f016df8fc81105bc553c713a6fb9010e2d65b768fe6376914760d9b9b1634f062adcac5c81263e2a7ddc1bc69467e51e1a4137105bcb243cf065f98535200634f11360459dce4caa64f558cfe1f0e6052b43898da6fda0bb5e2f05e9f331182a5d580c44ffbc57109d1ac8cdb79323548029348ccc81174f2021474d1bc92681b3ad8d92c347623c339bdfa4fcc9c65779ec650c6b4103c1b85eab28ba98cd460fc725c717c3d7217a9299e68005b1dfb9a240e25637b8c80e5f82f32c79010e4bad2f487485293bd43eb4a070ddf8501119b692e3496a3a733981122c584e88d256cae550714680cb2d8e96f1b89a1a896e3856156cfbeabba0ac13f4f222848c2edd287150b40046e91ca8154f9d9d911324f70a892316c7fc94fa3b90d716dfb1fc2141450fa9f61d427bad6306e9bcf9de3f7976ccb1001d9cf4b04c211e69a6f33104e5c1edb47cb6bee6f6a3a58e0a224e36a650fd4aec813f91e0328963676fd62fa949758edbb02597ea29fe4e35247034e5248d4ac350ef30b3b0cfa74013d37dd885f25968432638f1a56b07c145aed8dda2c266bf64006051ff73d5b19591ceeded48a19dad2b2b598d96484f6357900d8eb29d29b653aaadfb972dfcb6848b72087987600b2dffed833bc07524dc3754e388eca6114f480f78b5a20e4bf5b1fc6c34bee8529142ef4a0095d383ff2e1e27150b3e6e557578a376f4c9139806184315ac616ed441b8570ddf220da43ee54a85048d5be78d2c7fd9ae4dd1ccd6ec2b052f478486535d7fa7de13837dde391325e60579f226e727b73d8741d5a27fc3aa8c003d24d32c1ae145131b2e8bcede3decf65b234a4aa793cc6d99ea5f4c62a639cc16f0f892ee6fef2ad06e49963a90e668957188d6f044caea81b5a6731f92695689e54725c1db10de606f9e9215865852fd78563f26968e7806d37d157807c7bf7f45f146671ab76f3f3c8f6f993b77a787a05c3383eaee54846303e72e2bdd65e76de6de027bb062898315a2b1389adebd26f7267f36d94e17e82399811724cc5b0e191e56e2a2171ab736c5be14835a010d3a002549c7cb9a9bb3054fa1a79524fe6b37485d1935ab69dfbee041653f548b5d42b6a2ab0e7a722958212ec3c93ddcc5757c80e354e0c5163126ae4ea069b0eea1d641fe9908d3ef14b9de4374ac7baab0f1b11575dd6732ae5a7f5b2824322705b09710224b8c7f4fdf2526f99e6062d7e838b6f164947382533aa2ceb64291cfa9be21db4c11a3593030be28d432d49fb0ad4ea929fb2c63241fb0065b4a2178442b72140f6545507fc9f30f01d47f09e4b4a0a0b64d89ce12b2e458ff112633dfca7227456ed5d8d5281727dd1f8a8631c21012c4c948387468ef2e45282197ada9cbc435f76b9b950a90ee04e6189c8176f82efce0b5c66bf7c688cccb6008823ca437a8d995141e5fb230852c56b7a67d992b232aa941c7eccb6de8dfac56ce7659dfca36dbd83877a1705d5478d08e7727dfeaa1c71ce11dd4e50875dc3e3b2e9f3f4aa2b18265d5869131bca028a27c25828836f21639b51cb1da11e45e27f68a291de37f85b406e0b9fc75ea8e039fc91dd67a71c9c4d3a282e11b8cd2b1968698ce3b809e877282375519a0016777d1a5492a4ac67f2646381afb19fc46fe34807edc6ae01db02ffd3b2e763c59994e8d329b34239e6cb04e225c2f16adb1123a9b1589fc744c8efb49e7a414a3bef552859f051079bb80ac9955f67acb0cbc91c86b4c67daedcf79139c4de362be782c23d4997121ed5d8e566b254f330fef0ef26a063dce23b745cece11c71349abe36438392e5f85f749d0e16fea9294c22d9e2711d76d9552b2dbdfadaed27ed8e352dfd98d00c3465e97448ae81757c53fb80e4b582405da2ff311943320dd35a9e681786f96f93f879e6bccc5726a37b02e4b3c41b7e15a41a035492cab412c2592eda26fc72936354549b89130beae339fffd2a2f8889ce05fa6910963a4eb775dd47cb73cd622ebf833bb76536610da89384ef4a4c29ae2a3c5bc1bbd6c7411f7b17ac56f68d8543f622436d379bb8a19b1db0348c5665eae9524075f54a276df0e97ed27271b354ddbb75dd2c59a316438e8354127e464ef7de5b72809a5e69ce4de70778ae41ac34504921ee4c287817935193b14ec6f62d56519f3d3a0954c8c3818e0b27ca656f4f1e1919560e1424a111e5676bdc4595b6791acb2a786e6e66f96405cc397dafd775b489e431eeace7b6e97a1a15b34afe10c5f0f76b2206dc4a74ffa9ea6fb532a166fd514ee738ba586cf5939b4b3f52363330b956aeac78cf42e834f43114c9c07930510f66c6eb5dad768999399be2a4718588e88e5671cc3b0cd6da5662be4dc3802d4361a1f56d29cc36764a8985c6df278e899018b5e78b9c17474f48813d412379581f567372edc4022d4ca19e027c69c8782048b8b9fe6fb48477a3b77e5ade5fd60a26fad2f5fa96e604efded1ed5a46ae35bbeff676b87500f60097a3cb55c9a24b307d4ec20a7882f4939716e2b5d620522b59cc375fb531ebb81ec02cb061e4bbac688bc556fbdc69e0b19959086e7f670475a8ac9d723572a5fd632ae69447ff2234e3a740fd5e73428d0ea09c0ca76e3743f9d4bf53007b659ff141c4e0e792c26ab92daf7405d650d2a4d501bc87916bcaa051cc6930a9613dfc608052923920c9eea9981362b12ceeb7e867bf873d645fbc69e1dc720e814a6319edd88369720bf40d98afd50c6fa5f15b96daccac7828efddbcc5b05c0655dded83a3916d44dcd166a040324aa4db4cf154e6d286f97c6fe581285781e82bb10e674c01781e73e742873db97fe1b44eb8a895d4b451f16e9f5829556a40a644084e68ee41b9ab3a42a067a03d51c252799296e81d62dcd3454f8fbb7816d6054d7e6e77bb6fdc8d588ec5a01b3ef993b677d8ced4a52a3afd370a50ba24558ec6b3ac85c3f688c9bb2be4c02c510070e3c444fe164d093b5c5682a992c48baefcedc584be0288d7aa2385492dd1b73e2e7cce35b05643f8c4547ad975266eebbd2c10d1ab327cb007bca9afc65fdb58c78bf8c1009f1a2ef476d1901188a1a341cd99ad33241a483784f78fbd0d920f541158fb8a46bd80f3b6821e8b3e110ceeace4c20466d194e5715810efaf3d890da7d9523de6131fba9b9572461365547d43634c9972562ae66e1b61f3648c9c379650db57eaeaaef31962941b3d2f77cee6ecf676a9bf1b3ad6ce73def006856c97d8f906f7a136d659e7b6e8be8f0375f2eab63f90d5ca97477cdb5d1719536e16f78ec07329dafc0d123d43d2bc5371154ee3f5cf772035941e0e3f98f643e90c61e141b3ecff82312bdac1c4f5ccc5ad67902e939ccb45d4d9763d2ada6e64d20d17b017cec037605571024c92e3ef8f6089e118e1094fbf31e3ba26c0c7f42cac78d521db284d79f21b55c4c3063e5cd2f8e33582c26ef1d444d39f97423f4d7408e5771eef088a8572f55cfed3d334f9ebbdf4ffea2f68bc596e5de3e70dab34762dcf0622604ea102722cac9d09603a127307d4bdb7cdfd479e35cb4dbc3ccaa0b0f82fc00cc2e02ae33dc7a6891019b94d63def846a3ef6e03c12f8a0ea9b3986f9e999dd8ff862b7a34cdf4080f28463de3c907d7168b325bc30b81575bc570afbc00ba4bbf9ffec388c927baba176fac335a6c623ac6921ff82174fc06ea0234e73d17785ee9884fe5dcfe9251fba39beced2fa0e9d1682c83166e5e5c9684f30a67e11bd490518c132f28ecd24ac8878ca4274efd0071affcdf485ac85e352e0c53df415a0feb0710b4867ba0b26f6e5eeb9654323a1f6d5634a7cb835ae945ed71de19f09a66085f4e932f04d1320a6e4fc9138ed3b343ac9b2c50a169aa4101edc43eaa41317fdc48a0131e7ce0a9a97f0ede09fe67624e85732802213bb18d35c833895e0fd040d90c1b56eafdc5cb41664403529e37754c1bb7e20ba4ff0ae3d2aec9c27aad14cd1e37f36bb7ff40327e0e301075dab7beda9be262662c510283a26c89d246c01888c4bba85ee306e6e62966219262502400bd0a966f5a97e14e85c4cee2d04e6fef5ae9fd60acf40278ee46d2c879556b48966a4b029b3d23c38987a0ba27bb878c614812d615c8d4fe2998b0ed69a6679d3ee3600b3cb066a135613a44436b4f515ea8ab5404a62c89735f694e83fd539e92dc82f3225b5e6dc87f0dfbe36222fa543213887de2b9b6b3f267d890e3cdb2653c1b824ad92e872969ffd6ffd6908bbcb02b4bc3220a3d836f8dfb573fa43ccdbf96520184d2cd88d125532c2554c3d0fbfb05703450a4ba07cd31ae678218598f5ed075e3bb4af0ca7548fb35492050b1cdc899fff4133a6b2331d890fbdbc96c699987056393ccb03382a28655c83ad5f4d56e010eba50a0b42708110ed5c58f5c585712c7f2a90a9004cf29f6ae10d7c4e3d2388f28f27433d2a4ffd97d980d816dff4592da7874724cfc46497458beb188e56444fbda15b9fb7d333ddfe726b9c292168320bec896747532ce215856530d3e961cc8dcfcf4593d65e04c5749abe03b41bda5e85ce8b83460fbe5ef8d7f1de00f8afe579ae8397ff9d18056ebb70693e4c3d58b4343f4ebbf0cba84b005a20fef017d842adaafd2de1feb531be6595717014b97935b940b0cc520dd7f2f05b0ec1b27ffc2f093a960cc1f472be441f2e1126995556dd690fcfab21d2bc2693ec4acced8c47db9f4966299c2ba5c0ec986c333bd7c9ca30d20310ff9454d12430714419dcb1795d027fa7ecb5c10a563a3ca4143afaf8468e11d292bb08d212499780cf5fba8c77a1c45ae901b7cc3eeb50a3ef2b4efe0e7721d117104c580ad31c3a00b88ea4c04ba21e556ba25dedae8e7e76763e7ffbc96bc019a90859cc979fdad86e05af9c49a328b2ceec6ada420e5a28dabdec4a8ac543b3555a957d43dbaabecba24610ea0a892503b901a5a03d31386f85410f4078633c969c1cccf68e3ed6d3c30ac9a535c4b9ee5bb4153759036dfbf6f1e1b212f7d93fe6feaff84a074ab00e2de915faa58fc5f7351600f5ae3a60dbed3f6cb5b21515bb46123ac98c55bfc2dfdba5eaf60ef39ad0c426d4bd637d89a7c8f85221f4aed051f30d4c446a34a77f4e3b25dfecf90974f9715d49c12c21f44bb25ebcb7ac66180d9b348844911e15debebfa76b88a810204dfe368d66a43a4fdc33d955f5de415c2e3c944aa16e5c771e24de67dda9d4d8610c490503e0b8dd35a835cba4a9093e0e9a238881c8bf010ca6b8290f6e8dcaf906ba6b716e42a22ba484363f0d298e63449d717c07d83c3812aed49b7c2a89c661732205e0721a75814015002c4757f9ffeae283ff4d24331e66d5a822c54e35388a1b503b0a6df6875b5a2f2f3fad8703e6d32d319ac83fb6e87c63fdeaa2cbd2a88d194b8173e8d459ae67c7c5361eb0db27d8f463ecdc74cb10c08624846e78123099ff119bcc7193410f4dcbcfb43ebd00111876c5bae70753a30475d3632205cdafede8300a8d23a7efe95483cb23cd45e0256c8a4874433f75f085461ec1dddd9b6e8725ae59d17a17bf3c0c6b1adbb2c5324383b5f5dff4fbc6cad9c851786c146b9f3e8a2f2472ccaede0549a52615b68d3dcb5ced84eb8caf0f337aa2be6e737a0f4d22ef397321e180c", 0x2000, &(0x7f0000003280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) read$FUSE(r4, &(0x7f00000002c0)={0x2020}, 0x2020) close_range(r0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) r6 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x42002) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_INFO(r6, 0xc08c5334, &(0x7f0000000100)={0x0, 0x5, 0x0, 'queue0\x00', 0xfffffff5}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x44080) 9m5.477468603s ago: executing program 0 (id=905): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x4976a000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) close(r3) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f00000007c0)=ANY=[@ANYRES32=r7, @ANYRES32=r6, @ANYBLOB='&'], 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r7}, &(0x7f0000000000), &(0x7f00000002c0)=r3}, 0x20) sendmsg$inet(r5, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000280)='>', 0x22fe0}], 0x1}, 0x0) recvmsg$unix(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000800)=""/229, 0x8ec1}], 0x1}, 0x2002) 9m3.582587652s ago: executing program 0 (id=907): openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='rdma.current\x00', 0x275a, 0x0) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040e04070620"], 0x7) ioctl$TIOCL_GETMOUSEREPORTING(0xffffffffffffffff, 0x5412, 0x0) 9m3.243939434s ago: executing program 0 (id=909): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000180)='./bus\x00', 0xe, &(0x7f0000000200)={[{@max_batch_time={'max_batch_time', 0x3d, 0x358}}, {@resuid}, {@stripe={'stripe', 0x3d, 0x9}}]}, 0x3, 0x44b, &(0x7f00000004c0)="$eJzs282PU1UbAPDn3k6HlxdwRsQPPtRRNE78mGEAlYULNZq4wMREF7qczAwEKYxhxkQIUTAGV8aYuDcu/Rdc6cYYVyZudW9IiGEDuKq57b1MW9rClJYO9PdLLpxz77lzztN7T3vOPW0AI2sq+yeJ2BoRf0bERD3bXGCq/t/Vy2cXrl0+u5BEtfruP0mt3JXLZxeKosV5W/LMdBqRfpHE7jb1rpw+c3y+Ulk6lednV098NLty+swLx07MH106unRy/6FDBw/MvfzS/hf7EmfWpiu7Pl3es/OtD755+/BXTfG3xNEnU90OPl2t9rm64drWkE7GhtgQ1qUUEdnlKtf6/0SUYu3iTcSbnw+1ccBAVavV6pbOh89VgXtYEs15XR5GRfFBn81/i611EPDq4IYfQ3fptfoEKIv7ar7Vj4xFmpcpt8xv+2kqIt4/9+932RaDeQ4BANDkp2z883y78V8aDzWUuy9fG5qMiPsjYntEPBAROyLiwYha2Ycj4pF11t+6SHLj+Ce92FNgtygb/72Sr201j/+K0V9MlvLctlr85eTIscrSvvw1mY7ypiw/16WOn9/44+tOxxrHf9mW1V+MBfN2XBzb1HzO4vzq/O3E3OjS+YhdY+3iT66vBCQRsTMidvVYx7Fnf9jT6djN4++iD+tM1e8jnqlf/3PREn8h6b4+Ofu/qCztmy3uihv99vuFdzrVf1vx90F2/f/f9v6/Hv9k0rheu7L+Oi789WXHOU2v9/948l4tPZ7v+2R+dfXUXMR4crje6Mb9+9fOLfJF+Sz+6b3t+//2WHsldkdEdhM/GhGPRcTjedufiIgnI2Jvl/h/ff2pD3uPf7Cy+BfXdf3XEuPRuqd9onT8lx+bKp28If5r3a//wVpqOt9zK+9/t9Ku3u5mAAAAuPukEbE1knTmejpNZ2bq35ffEZFWlldWnzuy/PHJxfpvBCYj0uJJ10TD89C5fFpfz5+PiPpXC4rjB/Lnxt+WNtfyMwvLlcVhBw8jbkuH/p/5uzTs1gED5/daMLr0fxhd+j+MLv0fRleb/r95GO0A7rx2n/+fDaEdwJ3X0v8t+8EIMf+H0aX/w+jS/2EkrWyOm/9Ivmui+Es9nn7PJqK8IZoxsESkG6IZGzZRvsv7xfDekwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPrpvwAAAP//9gndaw==") creat(&(0x7f00000000c0)='./bus\x00', 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, @void, @value}, 0x94) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x201000, 0x0) r0 = open(&(0x7f0000000540)='./bus\x00', 0x4000, 0x0) preadv2(r0, &(0x7f00000000c0)=[{&(0x7f0000001200)=""/4096, 0x1000}], 0x100000000000000d, 0x0, 0x0, 0x0) 9m2.643837614s ago: executing program 0 (id=912): ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f00000000c0)={0x0, 0x0}) prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8) r2 = shmget(0x1, 0x4000, 0x200, &(0x7f0000ff8000/0x4000)=nil) shmat(r2, &(0x7f0000ff8000/0x5000)=nil, 0x7000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000e00)=ANY=[@ANYBLOB="0f0000000400000004000000", @ANYRES16=r3], 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r5, 0xffffffffffffffff}, &(0x7f00000006c0), &(0x7f0000000700)=r4}, 0x20) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000580)={r6, &(0x7f0000000440)}, 0x20) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000040)='ns/cgroup\x00') shmctl$IPC_RMID(r2, 0x0) syz_mount_image$ext4(&(0x7f0000000ac0)='ext4\x00', &(0x7f0000000440)='./file0\x00', 0x3810744, &(0x7f0000000700)={[{@discard}, {@user_xattr}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x9}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x40000}}, {@jqfmt_vfsv0}, {@delalloc}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x400000}}, {@noauto_da_alloc}, {@test_dummy_encryption}]}, 0xfe, 0x461, &(0x7f0000002180)="$eJzs289vFFUcAPDvTHcBAWlF/AGCVtHY+KOlBZWDF40mHjQx0QMea1sIslBDayKE6GoMHg2Jd+LRxL/Akyejnky86t2QECUmIBfXzO5M6W53C223bGE/n2ThvZk38943b97s23mdAPrWcPZPErE9In6PiMFGtrnAcOO/a1fOTf175dxUErXaO38l9XJXr5ybKooWx23LMyNpRPpFklfSbO7M2ROTlcrM6Tw/Nn/yw7G5M2efP35y8tjMsZlTE4cPHzo4/tKLEy90Jc6sTVf3fDK7d/cb7114a+rIhfd//i5r74P7GvsXx9Etw1ngf9fqWvc91e3Keuy/2o04k1KvW8OtGoiIrLvK9fE/GANxo/MG4/XPe9o4YF1l9+zNrRvLC6lqDbiLJbGqw2J1hwEbR/FFn/3+LT63cfrRc5dfafwAyuK+ln8ae0qR5mXK61j/cEQcqV6/mH2i5TlErc1zAwCAtfohm/88t3T+V18bWVQuydeGhiLivojYGRH3R8SuiHggL/tQRDy8wvpbl4aWzj/TS6sM7ZZk87+X87Wt5vlfMfuLoYE8d289/nJy9Hhl5kBE7IiIkShvzvLj7U5enOK1377qVP/i+d+RaqMdxVwwP8mlUssDuunJ+cluTUovfxaxp9Qu/mRhJSDr+90RsWdlp95RJI4/8+3eToWa479+cWn8y+jCOlPtm4inG/1fjZb4C8ny65NjW6Iyc2CsuCqW+uXX8293qn9N8XdB1v9bm6//lhKD/ySL12vnVl7H+T++7PibsnTT+Ntf/5uSd+tr1pvybR9Pzs+fHo/YlLxZzzdtn7hxbJEvymfxj+xvP/535sdk8T8SEdlFvC8iHo2Ix/K+ezwinoiI/cvE/9OrT37Qad9G6P/ptve/het/qLn/V54YOPHj953qv3n8Wf8fqqdG8i31+99NdG7OlrzEaq9mAAAAuPOkEbE9knR0IZ2mo6ONv5ffFVvTyuzc/LNHZz86Nd14R2AoymnxpGtw0fPQ8aSan7GRn8ifFRf7D+bPjb8euKeeH52arUz3OHbod9s6jP/MnwO9bh2w7ryvBf2rdfynPWoHcPv5/of+ZfxD/zL+oX+1G/+ftuStBcDdyfc/9C/jH/qX8Q/9y/iHvrSW9/rXK1Fa5u19iY2SiHTdqqhuiADv4ESpC6O7xzcmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACALvk/AAD//+Pz7ng=") 9m1.647426052s ago: executing program 0 (id=916): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x4976a000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r2 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) close(r2) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f00000007c0)=ANY=[@ANYRES32=r6, @ANYRES32=r5, @ANYBLOB='&'], 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r6}, &(0x7f0000000000), &(0x7f00000002c0)=r2}, 0x20) sendmsg$inet(r4, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000280)='>', 0x22fe0}], 0x1}, 0x0) recvmsg$unix(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000800)=""/229, 0x8ec1}], 0x1}, 0x2002) 9m0.838041268s ago: executing program 35 (id=916): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x4976a000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r2 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) close(r2) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f00000007c0)=ANY=[@ANYRES32=r6, @ANYRES32=r5, @ANYBLOB='&'], 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r6}, &(0x7f0000000000), &(0x7f00000002c0)=r2}, 0x20) sendmsg$inet(r4, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000280)='>', 0x22fe0}], 0x1}, 0x0) recvmsg$unix(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000800)=""/229, 0x8ec1}], 0x1}, 0x2002) 49.778938467s ago: executing program 4 (id=2516): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) r1 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85513, &(0x7f0000000b00)={{0x2, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, [0x400000, 0x0, 0x100000001, 0x0, 0x0, 0x10001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0xc6c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x81, 0x0, 0x0, 0xfffffffffffffffd, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x8838, 0x0, 0x0, 0x4, 0x0, 0x2, 0x0, 0x3, 0x800000000000000, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9]}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, 0x0, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0) madvise(&(0x7f0000678000/0x14000)=nil, 0x14000, 0x12) fcntl$lock(r4, 0x26, 0x0) fcntl$lock(r4, 0x7, 0x0) syz_mount_image$ext4(&(0x7f00000001c0)='ext4\x00', &(0x7f0000000200)='./bus\x00', 0x1400c, &(0x7f0000000680)={[{@test_dummy_encryption}, {@init_itable}, {@noload}]}, 0x3, 0x470, &(0x7f0000001240)="$eJzs3MtvG1UXAPAzkzj98qUloZRXyyNQEBWPpGkLdMECEEgsioQEC1haSVqVpi1qjESrSKQsygohJPaIJf8CK9ggxAqJLexRpQp1Q8vKaOyZxHZsp2nsuMW/n+T23Hn43uOZa9+ZayeAoTWd/ZNE7I6I3yNisl5s3mC6/t+N6yvzN6+vzCdRrb77V1Lb7u/rK/PFpsV+E42FSOJAm3qXL146U15aWryQl2crZz+aXb546YXTZ8unFk8tnjty/Pixo3Mvv3TkxZ7kORFpHr31wVdvn/iiKf+WPHpkutvKp6vVHlc3WHsa4tEBtoOtGcmPV6nW/ydjpOHoTcabn60VPh1QA4G+qVar1YnOq1erwH9YEs1lXR6GRfFBX1z/trsOfrVvo4/Bu/Za/QIoy/tG/qivGV27Y1Bqub7tpemIeH/1n2+yR/TnPgQAQJMfsvHP89loZ2U+G3usjz/SeKBhu3vyuaGpiLg3IvZGxH1xLvZFxP0RtW0fjIiHtlh/6yTJxvFPevW2ErtF2fjvlXxuq3n8V4z+YmokL+2p5V9KTp5eWjycvyaHorQrK891qePHN377stO6xvFf9sjqL8aCeTuuju5q3mehXClvJ+dG1y5H7B9tl3+yNhOQRMTDEbG/3ROkm9dx+tnvHum0bvP8u+jBRFP124hn6sd/NVryLyTd5ydn/xdLi4dni7Nio19+vfJOp/q3lX8PZMf//23P/7X8p5LG+drlrddx5Y/PO17TTJfyYAvn/2q5Uh5L3qvFY/myT8qVyoW5iLHkRL3RjcuPrO9blIvts/wPHWzf//fG+itxICKyk/jRiHgsIh7Pj90TEfFkRBzskv/Prz/1Yeuy8SL/O+D4L2zp+K8HY9G6pH0wcuan75sqnVoP8/xvdn//O1aLDuVLbuX971badXtnMwAAANx90ojYHUk6sxan6cxM/Tv8+yLSpfPLledOnv/43EL9NwJTUUqLO12TDfdD5/LL+nr5ckTUv1pQrD8aae2+8dcj47XyzPz5pYVBJw9DbqJD/8/8OTLo1gF95wdbMLz0fxheXft/aefaAey8Df2/a5/f1de2ADurzef/+CDaAey8duN/f+8HhkNL/zftB0PE/X8YXvo/DC/9H4bS8nhs/iP5rkHxTLe5+2bBZMR2WziYIEp3RDP6FkTa9yrG+ntq9S1I7sI2bwgG954EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQS/8GAAD//3hZ0MA=") munmap(&(0x7f0000bff000/0x400000)=nil, 0x400000) r5 = syz_open_procfs(0x0, &(0x7f00000001c0)='pagemap\x00') pread64(r5, &(0x7f0000001240)=""/102400, 0x19000, 0x1000000000) r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) fchown(r6, 0x0, 0xee01) fchmodat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0xfffffffb) r7 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) openat(r7, &(0x7f00000000c0)='.\x00', 0x515401, 0x408) syz_usbip_server_init(0x0) chdir(0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x10, 0x0, 0x7fff7ffc}]}) r8 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000002c0), 0x1) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r8, 0xc08c5332, &(0x7f0000000300)={0x0, 0x0, 0x0, 'queue1\x00'}) 47.962057351s ago: executing program 4 (id=2525): openat(0xffffffffffffff9c, 0x0, 0x143042, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file1\x00', &(0x7f0000000140), 0x2, &(0x7f0000002400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f0000000200)={0x2020, 0x0, 0x0}, 0x2020) r2 = open(&(0x7f00000000c0)='./file1\x00', 0x0, 0x0) write$FUSE_INIT(r0, &(0x7f0000002300)={0x50, 0x0, r1, {0x7, 0x9, 0x0, 0x1030002}}, 0x50) read$FUSE(r0, &(0x7f0000004580)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r0, &(0x7f0000002240)={0x10, 0xffffffffffffffda, r3}, 0x10) r4 = mq_open(&(0x7f0000000040)='!\x7f\x00\xca\x00\x00\x00\f\x00\x00\x01E!Tnux\x00', 0x6e93ebbbcc0884f2, 0x0, &(0x7f0000000000)={0x0, 0x1, 0x8}) mq_timedreceive(r4, &(0x7f0000000180)=""/196, 0xc4, 0x0, 0x0) dup3(r4, r0, 0x0) ioctl$FS_IOC_SETFLAGS(r2, 0x40086602, &(0x7f0000000000)=0x100) 46.151500687s ago: executing program 4 (id=2531): r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000100)={0x80000000, 0x0, 0xfffffffc}, 0x10) write(r0, &(0x7f0000000000)="240000001a005f0214f9f407000904001f000000fe0000000000000008000f00", 0x20) 45.759006552s ago: executing program 4 (id=2533): mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) syz_mount_image$exfat(0x0, &(0x7f0000000100)='./bus\x00', 0x4800, 0x0, 0x3, 0x0, &(0x7f0000000080)) mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000140)='./file1/file1\x00', 0x125) syz_mount_image$fuse(0x0, &(0x7f0000000180)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f00000002c0)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c}) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000040)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x40086602, &(0x7f0000000140)={0x10}) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000200)='./bus\x00', 0x100000, &(0x7f0000000200)=ANY=[], 0x1, 0x0, 0x0) mkdir(&(0x7f00000002c0)='./file1/file1\x00', 0x0) 45.226844475s ago: executing program 4 (id=2535): mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='ramfs\x00', 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@metacopy_on}]}) chdir(&(0x7f00000003c0)='./bus\x00') mkdir(&(0x7f0000000300)='./bus\x00', 0x0) rename(&(0x7f0000000000)='./file1\x00', &(0x7f0000000100)='./bus/../file0\x00') 43.740704455s ago: executing program 4 (id=2539): creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff04800000080039503230"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000540)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) truncate(&(0x7f0000000240)='./file0\x00', 0x206b12) openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xa2f3f, 0xa3) 42.591863732s ago: executing program 36 (id=2539): creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff04800000080039503230"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000540)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) truncate(&(0x7f0000000240)='./file0\x00', 0x206b12) openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xa2f3f, 0xa3) 42.583366964s ago: executing program 7 (id=2546): r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$int_in(r2, 0x40000000af01, 0x0) ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f00000007c0)) r3 = socket$packet(0x11, 0x2, 0x300) r4 = dup(r1) r5 = fcntl$dupfd(r2, 0x406, r3) read$FUSE(r4, &(0x7f0000001180)={0x2020}, 0x2020) ioctl$VHOST_SET_VRING_ADDR(r5, 0x4028af11, &(0x7f0000000100)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/251, 0x0, 0x4000}) ioctl$VHOST_NET_SET_BACKEND(r5, 0x4008af30, &(0x7f0000000080)={0x0, r4}) r6 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) close_range(r0, 0xffffffffffffffff, 0x0) 41.75377997s ago: executing program 7 (id=2550): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_CHANNEL(r0, 0x0, 0xc004) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) write(0xffffffffffffffff, 0x0, 0x0) nanosleep(&(0x7f0000000280), &(0x7f0000000300)) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$inet_sctp(0x2, 0x800000000000001, 0x84) getpid() openat$fb0(0xffffff9c, 0x0, 0x8000, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000340)=0x4, 0x12) setsockopt$IP_VS_SO_SET_STARTDAEMON(r2, 0x0, 0x48b, &(0x7f0000000000)={0x2, 'hsr0\x00', 0x4}, 0x18) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IEEE802154_LLSEC_DEL_KEY(r3, &(0x7f0000005bc0)={0x0, 0x0, &(0x7f0000005b80)={&(0x7f0000000000)={0x14, 0x0, 0x1, 0x70bd27, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x20000044) 40.571462845s ago: executing program 7 (id=2555): socket$inet6_tcp(0xa, 0x1, 0x0) r0 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_ENUM_FRAMESIZES(r0, 0xc02c564a, &(0x7f0000000040)={0x2, 0x6469620a, 0x3, @discrete={0xfffffff8, 0x9183}}) r1 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_INIT(r1, 0x0, 0xc8, &(0x7f0000003d40), 0x4) setsockopt$MRT_ADD_VIF(r1, 0x0, 0xca, &(0x7f00000001c0)={0x1, 0x1, 0x74, 0x101, @vifc_lcl_addr=@broadcast, @dev={0xac, 0x14, 0x14, 0xe}}, 0x10) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_mreq(r2, 0x0, 0x23, &(0x7f0000000000)={@multicast1=0xe0000300, @local}, 0x8) syz_emit_ethernet(0x3e, &(0x7f0000000040)={@local, @remote, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x20, 0xfc, 0x2, 0x0, @rand_addr=0x1c, @multicast1=0xe0000300}, @dest_unreach={0x3, 0x6, 0x0, 0x0, 0xfa, 0x9, {0x5, 0x4, 0x0, 0x3d, 0xfff6, 0x65, 0x5, 0x1, 0x4, 0x3, @private=0xa010102, @local}}}}}}, 0x0) r3 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_MFC_PROXY(r3, 0x0, 0xd2, &(0x7f00000000c0)={@multicast1=0x1c, @empty=0xe0000300, 0x0, "8a79348df081496d0420922f45a71c1daa8b610468cd140526c41efcd3a4a422", 0x3, 0x1, 0x85}, 0x3c) 36.700850627s ago: executing program 7 (id=2560): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) sched_setaffinity(0x0, 0x0, 0x0) sendmsg$ETHTOOL_MSG_COALESCE_GET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x44804}, 0x4044044) bpf$BPF_GET_PROG_INFO(0xa, 0x0, 0x0) mount$binder(0x0, 0x0, &(0x7f0000000080), 0xc00040, &(0x7f00000001c0)=ANY=[@ANYBLOB='stats=global,max=000']) 35.341859445s ago: executing program 7 (id=2565): mkdir(0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='ramfs\x00', 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@metacopy_on}]}) chdir(&(0x7f00000003c0)='./bus\x00') mkdir(&(0x7f0000000300)='./bus\x00', 0x0) rename(&(0x7f0000000000)='./file1\x00', &(0x7f0000000100)='./bus/../file0\x00') 33.999454956s ago: executing program 7 (id=2569): socket$inet_icmp_raw(0x2, 0x3, 0x1) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) close(0x4) syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/ipc\x00') unshare(0x6a040000) r0 = socket(0x8, 0x3, 0x0) ioctl$PPPIOCGL2TPSTATS(r0, 0x40106183, &(0x7f0000000000)="8970a3e172") 33.968413193s ago: executing program 6 (id=2570): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000003c0)=@updpolicy={0xfc, 0x19, 0xfd3649826d894c67, 0x0, 0x0, {{@in6=@mcast1, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x4, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0x1}, [@tmpl={0x44, 0x5, [{{@in6=@private2, 0x0, 0x33}, 0x0, @in=@initdev={0xac, 0x1e, 0x0, 0x0}}]}]}, 0xfc}}, 0x0) r1 = socket$pppl2tp(0x18, 0x1, 0x1) ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000000)={'lo\x00'}) bind$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000ec0)=[{{&(0x7f00000000c0)={0x2, 0x4e24, @multicast1}, 0x10, 0x0}}], 0x1, 0x0) 33.327901237s ago: executing program 6 (id=2573): r0 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000040)=@req={0x3fc, 0x0, 0x0, 0x5}, 0x10) r1 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10) sendmmsg(r1, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000) recvmmsg$unix(r0, &(0x7f00000004c0)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000000)=""/14, 0xe}], 0x1}}], 0x1, 0x1, 0x0) r2 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f0000000100)=@req={0x3fc, 0x4000}, 0x10) r3 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10) sendmmsg(r3, 0x0, 0x0, 0x9200000000000000) 31.759873672s ago: executing program 6 (id=2575): openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000040)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$inet(0x2, 0x3, 0x2) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000002c00)=ANY=[@ANYBLOB="bf16000000000000b70700000900f0ff4070000000000000500000000000000095000000000000002ba728041598d6fbd30cb599e8c73d24a3aa81d36bb3019c13bd23212fb56fa54f26fb0b71d0e6adfefc41d86bd917487960717142fa9ea4318123741c0a0e168c1886d0d4d94f2f4e345c652ebc1626e3a2a2ad35806150ae0209e62f51ee988e6e0dc8ce974a22a550d6fd70800c86ae3b3e05df3ceb9fc474c2a100c788b277beee1cbf9b0a4def23d410f6296b32a8343881dcc7b1b85f3c3d44aeaccd3641110bec4e90a6341965c39e4b3449abe802f5ab3e89cf6c662ed4048d3b3e22278d00031e5388ee6f867ddd58211d6ececb0cd2b6d357b8580218ce740068725837074e468ee23fd2f73902ebcfcf49822775985bf31b715f5888b2c81f96a810b946855c9fc52ac17cbc97a616811a4c2dc3470009b966abaf41939aeca3e7b00c2e9d5db7a34fe2a29ac88c360a878a2b9ab9440c1961e80477166f3f847e855cdddc941d996d61ea0ce23b37e9d21c849d1e1e53087a3b109012e3a3ecbd219265048bf5c72b7ba2806b73323301b4bc94d0e4afde44867d71049a7c89bc615e215571ac910d80a58b5169576ff9906c34d2342806960b6bcb00000000000000000000000000113ee640b9ed1e04a0bfb125204d30990361bf45ef45277a167cd2c2e6ce9138143aa5ea7ee6f7c6d8b00437e070b004c5aa90766538b4fe45a16f14b270904d36eaa87508ac6d46639b3971ac6a88dc531fcc5ffc6b76b334795d88156336a9a452a9022485bb572dacb7aa25f748bc75918a16d9d5ae21004cd799ac4951beb2c6c9b5baf60081b86cc2e31c49f4ea055fb3639036c95c69b1ae60e685d486dbd1d5e7d0daacd73acfc80b9c9c92"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000100)={0x0, 0x7}, 0x4) setsockopt$packet_int(r3, 0x107, 0x16, &(0x7f0000000000)=0x4, 0x4) socket$nl_xfrm(0x10, 0x3, 0x6) socket$packet(0x11, 0x2, 0x300) syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff) syz_open_dev$tty1(0xc, 0x4, 0x2) 27.397478987s ago: executing program 6 (id=2583): syz_io_uring_setup(0x95, &(0x7f0000000140), 0x0, &(0x7f0000000100)) r0 = syz_io_uring_setup(0x10c, &(0x7f00000000c0)={0x0, 0x8006d89, 0x400, 0x2, 0x66}, &(0x7f0000000400)=0x0, &(0x7f0000000040)=0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x11, 0xb, &(0x7f0000000980)=ANY=[@ANYBLOB="180000000000000000000000a9000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000180)='io_uring_poll_arm\x00', r3}, 0x18) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f00000004c0)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, r4, 0x0, 0x0, 0x0, 0x100}) io_uring_enter(r0, 0x8aa, 0x0, 0x0, 0x0, 0x0) 26.903779647s ago: executing program 6 (id=2587): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) r1 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85513, &(0x7f0000000b00)={{0x2, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, [0x400000, 0x0, 0x100000001, 0x0, 0x0, 0x10001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0xc6c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x81, 0x0, 0x0, 0xfffffffffffffffd, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x8838, 0x0, 0x0, 0x4, 0x0, 0x2, 0x0, 0x3, 0x800000000000000, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9]}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0) madvise(&(0x7f0000678000/0x14000)=nil, 0x14000, 0x12) fcntl$lock(r4, 0x26, 0x0) fcntl$lock(r4, 0x7, 0x0) syz_mount_image$ext4(&(0x7f00000001c0)='ext4\x00', &(0x7f0000000200)='./bus\x00', 0x1400c, &(0x7f0000000680)={[{@test_dummy_encryption}, {@init_itable}, {@noload}]}, 0x3, 0x470, &(0x7f0000001240)="$eJzs3MtvG1UXAPAzkzj98qUloZRXyyNQEBWPpGkLdMECEEgsioQEC1haSVqVpi1qjESrSKQsygohJPaIJf8CK9ggxAqJLexRpQp1Q8vKaOyZxHZsp2nsuMW/n+T23Hn43uOZa9+ZayeAoTWd/ZNE7I6I3yNisl5s3mC6/t+N6yvzN6+vzCdRrb77V1Lb7u/rK/PFpsV+E42FSOJAm3qXL146U15aWryQl2crZz+aXb546YXTZ8unFk8tnjty/Pixo3Mvv3TkxZ7kORFpHr31wVdvn/iiKf+WPHpkutvKp6vVHlc3WHsa4tEBtoOtGcmPV6nW/ydjpOHoTcabn60VPh1QA4G+qVar1YnOq1erwH9YEs1lXR6GRfFBX1z/trsOfrVvo4/Bu/Za/QIoy/tG/qivGV27Y1Bqub7tpemIeH/1n2+yR/TnPgQAQJMfsvHP89loZ2U+G3usjz/SeKBhu3vyuaGpiLg3IvZGxH1xLvZFxP0RtW0fjIiHtlh/6yTJxvFPevW2ErtF2fjvlXxuq3n8V4z+YmokL+2p5V9KTp5eWjycvyaHorQrK891qePHN377stO6xvFf9sjqL8aCeTuuju5q3mehXClvJ+dG1y5H7B9tl3+yNhOQRMTDEbG/3ROkm9dx+tnvHum0bvP8u+jBRFP124hn6sd/NVryLyTd5ydn/xdLi4dni7Nio19+vfJOp/q3lX8PZMf//23P/7X8p5LG+drlrddx5Y/PO17TTJfyYAvn/2q5Uh5L3qvFY/myT8qVyoW5iLHkRL3RjcuPrO9blIvts/wPHWzf//fG+itxICKyk/jRiHgsIh7Pj90TEfFkRBzskv/Prz/1Yeuy8SL/O+D4L2zp+K8HY9G6pH0wcuan75sqnVoP8/xvdn//O1aLDuVLbuX971badXtnMwAAANx90ojYHUk6sxan6cxM/Tv8+yLSpfPLledOnv/43EL9NwJTUUqLO12TDfdD5/LL+nr5ckTUv1pQrD8aae2+8dcj47XyzPz5pYVBJw9DbqJD/8/8OTLo1gF95wdbMLz0fxheXft/aefaAey8Df2/a5/f1de2ADurzef/+CDaAey8duN/f+8HhkNL/zftB0PE/X8YXvo/DC/9H4bS8nhs/iP5rkHxTLe5+2bBZMR2WziYIEp3RDP6FkTa9yrG+ntq9S1I7sI2bwgG954EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQS/8GAAD//3hZ0MA=") munmap(&(0x7f0000bff000/0x400000)=nil, 0x400000) r5 = syz_open_procfs(0x0, &(0x7f00000001c0)='pagemap\x00') pread64(r5, &(0x7f0000001240)=""/102400, 0x19000, 0x1000000000) r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) fchown(r6, 0x0, 0xee01) fchmodat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0xfffffffb) r7 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) openat(r7, &(0x7f00000000c0)='.\x00', 0x515401, 0x408) syz_usbip_server_init(0x0) chdir(0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x10, 0x0, 0x7fff7ffc}]}) r8 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000002c0), 0x1) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r8, 0xc08c5332, &(0x7f0000000300)={0x0, 0x0, 0x0, 'queue1\x00'}) 25.253876425s ago: executing program 6 (id=2588): openat(0xffffffffffffff9c, 0x0, 0x0, 0x47) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="540000000206010300000000000000000000020005000100070000000900020073797a300000299d0c00078008001240040000020d000300686173683a6e657400000000050005000a000000050004"], 0x54}}, 0x0) 18.71676439s ago: executing program 37 (id=2569): socket$inet_icmp_raw(0x2, 0x3, 0x1) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) close(0x4) syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/ipc\x00') unshare(0x6a040000) r0 = socket(0x8, 0x3, 0x0) ioctl$PPPIOCGL2TPSTATS(r0, 0x40106183, &(0x7f0000000000)="8970a3e172") 8.761567163s ago: executing program 38 (id=2588): openat(0xffffffffffffff9c, 0x0, 0x0, 0x47) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="540000000206010300000000000000000000020005000100070000000900020073797a300000299d0c00078008001240040000020d000300686173683a6e657400000000050005000a000000050004"], 0x54}}, 0x0) 6.53952483s ago: executing program 9 (id=2639): openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000040)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$inet(0x2, 0x3, 0x2) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000002c00)=ANY=[@ANYBLOB="bf16000000000000b70700000900f0ff4070000000000000500000000000000095000000000000002ba728041598d6fbd30cb599e8c73d24a3aa81d36bb3019c13bd23212fb56fa54f26fb0b71d0e6adfefc41d86bd917487960717142fa9ea4318123741c0a0e168c1886d0d4d94f2f4e345c652ebc1626e3a2a2ad35806150ae0209e62f51ee988e6e0dc8ce974a22a550d6fd70800c86ae3b3e05df3ceb9fc474c2a100c788b277beee1cbf9b0a4def23d410f6296b32a8343881dcc7b1b85f3c3d44aeaccd3641110bec4e90a6341965c39e4b3449abe802f5ab3e89cf6c662ed4048d3b3e22278d00031e5388ee6f867ddd58211d6ececb0cd2b6d357b8580218ce740068725837074e468ee23fd2f73902ebcfcf49822775985bf31b715f5888b2c81f96a810b946855c9fc52ac17cbc97a616811a4c2dc3470009b966abaf41939aeca3e7b00c2e9d5db7a34fe2a29ac88c360a878a2b9ab9440c1961e80477166f3f847e855cdddc941d996d61ea0ce23b37e9d21c849d1e1e53087a3b109012e3a3ecbd219265048bf5c72b7ba2806b73323301b4bc94d0e4afde44867d71049a7c89bc615e215571ac910d80a58b5169576ff9906c34d2342806960b6bcb00000000000000000000000000113ee640b9ed1e04a0bfb125204d30990361bf45ef45277a167cd2c2e6ce9138143aa5ea7ee6f7c6d8b00437e070b004c5aa90766538b4fe45a16f14b270904d36eaa87508ac6d46639b3971ac6a88dc531fcc5ffc6b76b334795d88156336a9a452a9022485bb572dacb7aa25f748bc75918a16d9d5ae21004cd799ac4951beb2c6c9b5baf60081b86cc2e31c49f4ea055fb3639036c95c69b1ae60e685d486dbd1d5e7d0daacd73acfc80b9c9c92"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000100)={0x0, 0x7}, 0x4) setsockopt$packet_int(r3, 0x107, 0x16, &(0x7f0000000000)=0x4, 0x4) socket$nl_xfrm(0x10, 0x3, 0x6) socket$packet(0x11, 0x2, 0x300) syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff) syz_open_dev$tty1(0xc, 0x4, 0x2) 6.487551272s ago: executing program 8 (id=2640): r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000100)={0x80000000, 0x0, 0xfffffffc}, 0x10) write(r0, &(0x7f0000000000)="240000001a005f0214f9f407000904001f000000fe0000000000000008000f00fd0000", 0x23) 6.18696175s ago: executing program 8 (id=2642): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) r1 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85513, &(0x7f0000000b00)={{0x2, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, [0x400000, 0x0, 0x100000001, 0x0, 0x0, 0x10001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0xc6c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x81, 0x0, 0x0, 0xfffffffffffffffd, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x8838, 0x0, 0x0, 0x4, 0x0, 0x2, 0x0, 0x3, 0x800000000000000, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9]}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) madvise(&(0x7f0000678000/0x14000)=nil, 0x14000, 0x12) fcntl$lock(r4, 0x26, 0x0) fcntl$lock(r4, 0x7, 0x0) syz_mount_image$ext4(&(0x7f00000001c0)='ext4\x00', &(0x7f0000000200)='./bus\x00', 0x1400c, &(0x7f0000000680)={[{@test_dummy_encryption}, {@init_itable}, {@noload}]}, 0x3, 0x470, &(0x7f0000001240)="$eJzs3MtvG1UXAPAzkzj98qUloZRXyyNQEBWPpGkLdMECEEgsioQEC1haSVqVpi1qjESrSKQsygohJPaIJf8CK9ggxAqJLexRpQp1Q8vKaOyZxHZsp2nsuMW/n+T23Hn43uOZa9+ZayeAoTWd/ZNE7I6I3yNisl5s3mC6/t+N6yvzN6+vzCdRrb77V1Lb7u/rK/PFpsV+E42FSOJAm3qXL146U15aWryQl2crZz+aXb546YXTZ8unFk8tnjty/Pixo3Mvv3TkxZ7kORFpHr31wVdvn/iiKf+WPHpkutvKp6vVHlc3WHsa4tEBtoOtGcmPV6nW/ydjpOHoTcabn60VPh1QA4G+qVar1YnOq1erwH9YEs1lXR6GRfFBX1z/trsOfrVvo4/Bu/Za/QIoy/tG/qivGV27Y1Bqub7tpemIeH/1n2+yR/TnPgQAQJMfsvHP89loZ2U+G3usjz/SeKBhu3vyuaGpiLg3IvZGxH1xLvZFxP0RtW0fjIiHtlh/6yTJxvFPevW2ErtF2fjvlXxuq3n8V4z+YmokL+2p5V9KTp5eWjycvyaHorQrK891qePHN377stO6xvFf9sjqL8aCeTuuju5q3mehXClvJ+dG1y5H7B9tl3+yNhOQRMTDEbG/3ROkm9dx+tnvHum0bvP8u+jBRFP124hn6sd/NVryLyTd5ydn/xdLi4dni7Nio19+vfJOp/q3lX8PZMf//23P/7X8p5LG+drlrddx5Y/PO17TTJfyYAvn/2q5Uh5L3qvFY/myT8qVyoW5iLHkRL3RjcuPrO9blIvts/wPHWzf//fG+itxICKyk/jRiHgsIh7Pj90TEfFkRBzskv/Prz/1Yeuy8SL/O+D4L2zp+K8HY9G6pH0wcuan75sqnVoP8/xvdn//O1aLDuVLbuX971badXtnMwAAANx90ojYHUk6sxan6cxM/Tv8+yLSpfPLledOnv/43EL9NwJTUUqLO12TDfdD5/LL+nr5ckTUv1pQrD8aae2+8dcj47XyzPz5pYVBJw9DbqJD/8/8OTLo1gF95wdbMLz0fxheXft/aefaAey8Df2/a5/f1de2ADurzef/+CDaAey8duN/f+8HhkNL/zftB0PE/X8YXvo/DC/9H4bS8nhs/iP5rkHxTLe5+2bBZMR2WziYIEp3RDP6FkTa9yrG+ntq9S1I7sI2bwgG954EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQS/8GAAD//3hZ0MA=") munmap(&(0x7f0000bff000/0x400000)=nil, 0x400000) r5 = syz_open_procfs(0x0, &(0x7f00000001c0)='pagemap\x00') pread64(r5, &(0x7f0000001240)=""/102400, 0x19000, 0x1000000000) r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) fchown(r6, 0x0, 0xee01) fchmodat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0xfffffffb) r7 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) openat(r7, &(0x7f00000000c0)='.\x00', 0x515401, 0x408) syz_usbip_server_init(0x0) chdir(0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x10, 0x0, 0x7fff7ffc}]}) r8 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000002c0), 0x1) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r8, 0xc08c5332, &(0x7f0000000300)={0x0, 0x0, 0x0, 'queue1\x00'}) 4.871394013s ago: executing program 1 (id=2643): r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) write$dsp(r0, 0x0, 0x0) r1 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r1, 0x40045532, &(0x7f0000000140)) r2 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65) ioctl$SNDRV_PCM_IOCTL_REWIND(r2, 0xc0844123, &(0x7f0000000180)=0x4) ioctl$SNDRV_PCM_IOCTL_DRAIN(r2, 0x4144, 0x0) 4.580596097s ago: executing program 8 (id=2644): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) syz_open_dev$sndctrl(&(0x7f0000000000), 0x1, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0) madvise(&(0x7f0000678000/0x14000)=nil, 0x14000, 0x12) fcntl$lock(r3, 0x26, 0x0) syz_mount_image$ext4(&(0x7f00000001c0)='ext4\x00', &(0x7f0000000200)='./bus\x00', 0x1400c, &(0x7f0000000680)={[{@test_dummy_encryption}, {@init_itable}, {@noload}]}, 0x3, 0x470, &(0x7f0000001240)="$eJzs3MtvG1UXAPAzkzj98qUloZRXyyNQEBWPpGkLdMECEEgsioQEC1haSVqVpi1qjESrSKQsygohJPaIJf8CK9ggxAqJLexRpQp1Q8vKaOyZxHZsp2nsuMW/n+T23Hn43uOZa9+ZayeAoTWd/ZNE7I6I3yNisl5s3mC6/t+N6yvzN6+vzCdRrb77V1Lb7u/rK/PFpsV+E42FSOJAm3qXL146U15aWryQl2crZz+aXb546YXTZ8unFk8tnjty/Pixo3Mvv3TkxZ7kORFpHr31wVdvn/iiKf+WPHpkutvKp6vVHlc3WHsa4tEBtoOtGcmPV6nW/ydjpOHoTcabn60VPh1QA4G+qVar1YnOq1erwH9YEs1lXR6GRfFBX1z/trsOfrVvo4/Bu/Za/QIoy/tG/qivGV27Y1Bqub7tpemIeH/1n2+yR/TnPgQAQJMfsvHP89loZ2U+G3usjz/SeKBhu3vyuaGpiLg3IvZGxH1xLvZFxP0RtW0fjIiHtlh/6yTJxvFPevW2ErtF2fjvlXxuq3n8V4z+YmokL+2p5V9KTp5eWjycvyaHorQrK891qePHN377stO6xvFf9sjqL8aCeTuuju5q3mehXClvJ+dG1y5H7B9tl3+yNhOQRMTDEbG/3ROkm9dx+tnvHum0bvP8u+jBRFP124hn6sd/NVryLyTd5ydn/xdLi4dni7Nio19+vfJOp/q3lX8PZMf//23P/7X8p5LG+drlrddx5Y/PO17TTJfyYAvn/2q5Uh5L3qvFY/myT8qVyoW5iLHkRL3RjcuPrO9blIvts/wPHWzf//fG+itxICKyk/jRiHgsIh7Pj90TEfFkRBzskv/Prz/1Yeuy8SL/O+D4L2zp+K8HY9G6pH0wcuan75sqnVoP8/xvdn//O1aLDuVLbuX971badXtnMwAAANx90ojYHUk6sxan6cxM/Tv8+yLSpfPLledOnv/43EL9NwJTUUqLO12TDfdD5/LL+nr5ckTUv1pQrD8aae2+8dcj47XyzPz5pYVBJw9DbqJD/8/8OTLo1gF95wdbMLz0fxheXft/aefaAey8Df2/a5/f1de2ADurzef/+CDaAey8duN/f+8HhkNL/zftB0PE/X8YXvo/DC/9H4bS8nhs/iP5rkHxTLe5+2bBZMR2WziYIEp3RDP6FkTa9yrG+ntq9S1I7sI2bwgG954EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQS/8GAAD//3hZ0MA=") r4 = syz_open_procfs(0x0, &(0x7f00000001c0)='pagemap\x00') pread64(r4, 0x0, 0x0, 0x1000000000) r5 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) fchown(r5, 0x0, 0xee01) r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) openat(r6, &(0x7f00000000c0)='.\x00', 0x515401, 0x408) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) r7 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000002c0), 0x1) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r7, 0xc08c5332, &(0x7f0000000300)={0x0, 0x0, 0x0, 'queue1\x00'}) 4.13129126s ago: executing program 1 (id=2645): mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@metacopy_on}]}) chdir(&(0x7f00000003c0)='./bus\x00') mkdir(&(0x7f0000000300)='./bus\x00', 0x0) rename(&(0x7f0000000000)='./file1\x00', &(0x7f0000000100)='./bus/../file0\x00') 3.289885454s ago: executing program 8 (id=2646): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}) read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000004200)={0x50, 0x0, r1}, 0x50) r2 = openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_fuse_handle_req(r0, &(0x7f00000042c0), 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006380)={0x20, 0x0, 0x0, {0x0, 0x8}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getdents64(r2, 0x0, 0x0) syz_fuse_handle_req(r0, &(0x7f00000067c0), 0x2000, &(0x7f00000087c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000008880)={0x10}, 0x0, 0x0, 0x0, 0x0}) getdents(r2, 0x0, 0x0) 3.081468303s ago: executing program 9 (id=2647): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000010000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d83923dd29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e1a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2ca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080e71113610e10d858e8327edb1fb6c86adac12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18c65ae1bd4f4390af9a9ceafd07ed00b0000002cab154ad029a1090000002780870014f51c3c975d5aec84222fff0d7216fdb0d3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a891588d818a0afc0b3116a130974cac0615232f5e16c1b30c3a2a71bc85018e5ff2c910496f18afc9ffc2cc788bee1b47683db01a469398685211bbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2acb72c7ead0509d380578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9624d37c10223fdae7ed04935c3c9068000000bc8619d73415cda2130f5011e48455b5a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b40000000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f3ca1664fe2f3ced8416dc180604b60c2499d16d7d9158ffffffff00000000ef069dc42749289f854797f2f900c2a12d8c38a967c1bbe09315c29877a331bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a9e90d7676074a0bde4471414c99d4894ee7f8139dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8070000001fa83ee830548f11e1038debd64cbe359454a3f2239cfe35f81b7aded448859968ff0e90500d0b07c0dd00490f167e6d5c1109681739dc33f75b2042b8ff8c21ad702cca54728acad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd20785f653b621491d04aaee0d409731091f4fb94c06006e3c1be2f633c1d987591ec3db58a7bb3042ec3f84e4272d2cc72d4e771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e1590bab105b0cb578af7dc7d5e87d48d376444e2de02f47c61e8e84ff828de457f34c2b08660b080efc707e676e1fb4d5865c0ca177a4c7fbb4e829ab0894a1062b445c00f576b2b5cc7f819abd0f885cc4806f47ffb966fcf1e54f5a2d38708194cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d3676329bb8cda690d192a070886df42b2708398773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169cdfaa4252d4ea6b8f6216ff202b5bfc182cb5e8380100632d03a7ca6f6d0339f9953c30930804fdc3690d10ecb65dc5b47481edbf1eee2e8893e903054d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026def743f1213bf817becd9e5a225d67521d1128eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979030000007081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f324661351df747aa6a65872dfdcfa68f65bd06b4082d43e121861b5cc09b986bf56c747d9a1cc5b506892c3a16ff10feea20bdac89bfb758cf3500000000000000000000000000000098e6db5a96055e764a3bfd4ccb20d2e800994f4b602d25b2c076f21c7102687e054bb93b2d013be6227fd99902b074c0de00733128c81c48c5e140b17d71ac48f137d10798c4272826d2ba55bbda0059636528c132ed06759d880d1bc291a76456cd7ee8bcb392fdf886dbc74879ec4b831904d7c101ebbaef3c0ae6d0cf0000000000000000000000000000000011cb735f66a559ef0cdb5163a15c0bb986474bf5d9542e3e48805ce53127e4c076d69d868df543717aaaa07d7aca056f7f036c2bcba0795d1a64868a29ac5321b3cd6ef5b1a741afc7124ee3df3a35e8014d6cb5fd6c054a10bb2146174c1d68b45fcfd7e531090ceae2f05536a4d5d6a4081e743827fb9c031d1fc9f195c2da189c49eaed6c30c71da0452e502ef393efeb02ebe82b1851cae5fa7c958ba23110b5e0e5b890803f28a356b2920e74564e0f8377b0ba5187fed2882b4780a1bcb583f1cb1470003ef9b592b9461328cfc01ebfce0ecdcea714a517dc40000000000000000000000000006bd0561e1cc72880cc3ec1bdf35eb670a9040e3b53cd826b94ad8aeb014e74787fe89fb3247a87d8bfb6d400142369f88964708d1d4db5a5df9d62ea6d805dfce568b885a50ed8e2eaf8a932287a1d3bfac17774e58875a63b77e07298e4b4f515189c6fcac3cd35dac9240e633219bb6a5a25865e6ed8e16caa5406b56702afe0befcabbc9a2a772a1a087f0d633d457bceb695b2cba3a1a2daa2dda796373cc0fe0a53236d028fc1076bb746b2717c8b6052f58c91bb8cc19474ab9d4d2160773829f078727f6c684ca749136a7f46ca28b00bb4237695b4"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x2e0, 0x5ee, 0x60000004, &(0x7f0000000100)="b9ff03076044238cb89e14f008000de0ffff00184000633c77fbac14140ce000000d62079f4b4d2f87e505ca6aab845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0xfe, 0x60000000, 0x0, 0x25, &(0x7f0000000040)="ded6e0966ec1cf6ba4b897a54e4e062b311453dcbb62932a01105d0a8066ca8e5e1f2f575d0d6e996b57fd408d420abb7337934e59815d75b4eb3e7206afce", &(0x7f0000000380)="af5fa441b438b5156d8a9fcc090f586e979858f64170cde36889dcc8539ffcca62621a4c3ea3f7acee366e6fb0b94314f91731dec60fed6c9fee64af416c29f65e47110b81f6b4da06db5e1aad1f627acb", 0x0, 0x3}, 0x2c) 3.031893702s ago: executing program 1 (id=2648): timer_create(0x2, 0x0, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) clock_nanosleep(0x2, 0x0, &(0x7f0000000040)={0x0, 0x989680}, 0x0) r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000240)=ANY=[@ANYBLOB], 0x114}], 0x1, 0x0, 0x0, 0x1}, 0x0) 2.903786464s ago: executing program 8 (id=2649): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL802154_CMD_SET_CHANNEL(r0, 0x0, 0xc004) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) write(0xffffffffffffffff, 0x0, 0x0) nanosleep(&(0x7f0000000280), &(0x7f0000000300)) r1 = socket$inet_sctp(0x2, 0x800000000000001, 0x84) r2 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/sync_sock_size\x00', 0x2, 0x0) openat$fb0(0xffffff9c, 0x0, 0x8000, 0x0) write$cgroup_int(r2, &(0x7f0000000340)=0x4, 0x12) setsockopt$IP_VS_SO_SET_STARTDAEMON(r1, 0x0, 0x48b, &(0x7f0000000000)={0x2, 'hsr0\x00', 0x4}, 0x18) 2.750981212s ago: executing program 9 (id=2650): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c) listen(r0, 0xfffffffc) bind$netlink(0xffffffffffffffff, &(0x7f0000000000)={0x10, 0x0, 0x2ddfdbff, 0x2ffffffff}, 0xc) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r1, &(0x7f0000000400)={0x0, 0x1802, &(0x7f00000003c0)={&(0x7f00000004c0)={0x30, 0x0, 0x1, 0x70bd2c, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x1c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @dev={0xac, 0x14, 0x14, 0x1c}}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x3}]}]}, 0x30}, 0x1, 0xff07}, 0x2000000) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) 2.197085226s ago: executing program 1 (id=2651): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000003c0)=@updpolicy={0xfc, 0x19, 0xfd3649826d894c67, 0x0, 0x0, {{@in6=@mcast1, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x4, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0x1}, [@tmpl={0x44, 0x5, [{{@in6=@private2, 0x0, 0x33}, 0x0, @in=@initdev={0xac, 0x1e, 0x0, 0x0}}]}]}, 0xfc}}, 0x0) socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10) sendmmsg$inet(r1, &(0x7f0000000ec0)=[{{&(0x7f00000000c0)={0x2, 0x4e24, @multicast1}, 0x10, 0x0}}], 0x1, 0x0) 2.001395667s ago: executing program 1 (id=2652): mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='ramfs\x00', 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', 0x0, 0x0, &(0x7f0000000400)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@metacopy_on}]}) r0 = open(&(0x7f0000000040)='./file0\x00', 0x400, 0x43) mknodat$loop(r0, &(0x7f00000001c0)='./file1\x00', 0x10, 0x0) chdir(&(0x7f00000003c0)='./bus\x00') linkat(r0, &(0x7f0000000100)='./file1\x00', r0, &(0x7f0000000240)='./file0\x00', 0x0) renameat2(0xffffffffffffff9c, &(0x7f0000000a00)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000600)='./file1\x00', 0x2) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) rename(&(0x7f0000000000)='./file1\x00', &(0x7f0000000100)='./bus/../file0\x00') 1.682146052s ago: executing program 9 (id=2653): openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file1\x00', 0x0, 0x2, &(0x7f0000002400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f0000000200)={0x2020, 0x0, 0x0}, 0x2020) r2 = open(&(0x7f00000000c0)='./file1\x00', 0x0, 0x0) write$FUSE_INIT(r0, &(0x7f0000002300)={0x50, 0x0, r1, {0x7, 0x9, 0x0, 0x1030002}}, 0x50) read$FUSE(r0, &(0x7f0000004580)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r0, &(0x7f0000002240)={0x10, 0xffffffffffffffda, r3}, 0x10) r4 = mq_open(&(0x7f0000000040)='!\x7f\x00\xca\x00\x00\x00\f\x00\x00\x01E!Tnux\x00', 0x6e93ebbbcc0884f2, 0x0, &(0x7f0000000000)={0x0, 0x1, 0x8}) mq_timedreceive(r4, &(0x7f0000000180)=""/196, 0xc4, 0x0, 0x0) dup3(r4, r0, 0x0) ioctl$FS_IOC_SETFLAGS(r2, 0x40086602, &(0x7f0000000000)=0x100) 1.579508747s ago: executing program 1 (id=2654): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r2, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r3, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f00000002c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x0, 0x0, 0x2}}, 0x0, 0x1a, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x1, 0x803, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=@newlink={0x3c, 0x10, 0x403, 0x70bd25, 0x0, {0x0, 0x0, 0x0, 0x0, 0x500}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @veth={{0x9}, {0x4, 0x2, 0x0, 0x1, @void}}}, @IFLA_MASTER={0x8, 0xa, r6}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000804}, 0x8000) r7 = socket(0x1, 0x803, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=@newlink={0x4c, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x90646}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6, 0x1, 0x1}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r8}]}, 0x4c}, 0x1, 0x0, 0x0, 0x600}, 0x0) 1.300382889s ago: executing program 9 (id=2655): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) syz_open_dev$sndctrl(&(0x7f0000000000), 0x1, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0) madvise(&(0x7f0000678000/0x14000)=nil, 0x14000, 0x12) fcntl$lock(r3, 0x26, 0x0) syz_mount_image$ext4(&(0x7f00000001c0)='ext4\x00', &(0x7f0000000200)='./bus\x00', 0x1400c, &(0x7f0000000680)={[{@test_dummy_encryption}, {@init_itable}, {@noload}]}, 0x3, 0x470, &(0x7f0000001240)="$eJzs3MtvG1UXAPAzkzj98qUloZRXyyNQEBWPpGkLdMECEEgsioQEC1haSVqVpi1qjESrSKQsygohJPaIJf8CK9ggxAqJLexRpQp1Q8vKaOyZxHZsp2nsuMW/n+T23Hn43uOZa9+ZayeAoTWd/ZNE7I6I3yNisl5s3mC6/t+N6yvzN6+vzCdRrb77V1Lb7u/rK/PFpsV+E42FSOJAm3qXL146U15aWryQl2crZz+aXb546YXTZ8unFk8tnjty/Pixo3Mvv3TkxZ7kORFpHr31wVdvn/iiKf+WPHpkutvKp6vVHlc3WHsa4tEBtoOtGcmPV6nW/ydjpOHoTcabn60VPh1QA4G+qVar1YnOq1erwH9YEs1lXR6GRfFBX1z/trsOfrVvo4/Bu/Za/QIoy/tG/qivGV27Y1Bqub7tpemIeH/1n2+yR/TnPgQAQJMfsvHP89loZ2U+G3usjz/SeKBhu3vyuaGpiLg3IvZGxH1xLvZFxP0RtW0fjIiHtlh/6yTJxvFPevW2ErtF2fjvlXxuq3n8V4z+YmokL+2p5V9KTp5eWjycvyaHorQrK891qePHN377stO6xvFf9sjqL8aCeTuuju5q3mehXClvJ+dG1y5H7B9tl3+yNhOQRMTDEbG/3ROkm9dx+tnvHum0bvP8u+jBRFP124hn6sd/NVryLyTd5ydn/xdLi4dni7Nio19+vfJOp/q3lX8PZMf//23P/7X8p5LG+drlrddx5Y/PO17TTJfyYAvn/2q5Uh5L3qvFY/myT8qVyoW5iLHkRL3RjcuPrO9blIvts/wPHWzf//fG+itxICKyk/jRiHgsIh7Pj90TEfFkRBzskv/Prz/1Yeuy8SL/O+D4L2zp+K8HY9G6pH0wcuan75sqnVoP8/xvdn//O1aLDuVLbuX971badXtnMwAAANx90ojYHUk6sxan6cxM/Tv8+yLSpfPLledOnv/43EL9NwJTUUqLO12TDfdD5/LL+nr5ckTUv1pQrD8aae2+8dcj47XyzPz5pYVBJw9DbqJD/8/8OTLo1gF95wdbMLz0fxheXft/aefaAey8Df2/a5/f1de2ADurzef/+CDaAey8duN/f+8HhkNL/zftB0PE/X8YXvo/DC/9H4bS8nhs/iP5rkHxTLe5+2bBZMR2WziYIEp3RDP6FkTa9yrG+ntq9S1I7sI2bwgG954EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQS/8GAAD//3hZ0MA=") r4 = syz_open_procfs(0x0, &(0x7f00000001c0)='pagemap\x00') pread64(r4, 0x0, 0x0, 0x1000000000) r5 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) fchown(r5, 0x0, 0xee01) r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) openat(r6, &(0x7f00000000c0)='.\x00', 0x515401, 0x408) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) r7 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000002c0), 0x1) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r7, 0xc08c5332, &(0x7f0000000300)={0x0, 0x0, 0x0, 'queue1\x00'}) 86.057831ms ago: executing program 9 (id=2656): openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$inet(0x2, 0x3, 0x2) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000002c00)=ANY=[@ANYBLOB="bf16000000000000b70700000900f0ff4070000000000000500000000000000095000000000000002ba728041598d6fbd30cb599e8c73d24a3aa81d36bb3019c13bd23212fb56fa54f26fb0b71d0e6adfefc41d86bd917487960717142fa9ea4318123741c0a0e168c1886d0d4d94f2f4e345c652ebc1626e3a2a2ad35806150ae0209e62f51ee988e6e0dc8ce974a22a550d6fd70800c86ae3b3e05df3ceb9fc474c2a100c788b277beee1cbf9b0a4def23d410f6296b32a8343881dcc7b1b85f3c3d44aeaccd3641110bec4e90a6341965c39e4b3449abe802f5ab3e89cf6c662ed4048d3b3e22278d00031e5388ee6f867ddd58211d6ececb0cd2b6d357b8580218ce740068725837074e468ee23fd2f73902ebcfcf49822775985bf31b715f5888b2c81f96a810b946855c9fc52ac17cbc97a616811a4c2dc3470009b966abaf41939aeca3e7b00c2e9d5db7a34fe2a29ac88c360a878a2b9ab9440c1961e80477166f3f847e855cdddc941d996d61ea0ce23b37e9d21c849d1e1e53087a3b109012e3a3ecbd219265048bf5c72b7ba2806b73323301b4bc94d0e4afde44867d71049a7c89bc615e215571ac910d80a58b5169576ff9906c34d2342806960b6bcb00000000000000000000000000113ee640b9ed1e04a0bfb125204d30990361bf45ef45277a167cd2c2e6ce9138143aa5ea7ee6f7c6d8b00437e070b004c5aa90766538b4fe45a16f14b270904d36eaa87508ac6d46639b3971ac6a88dc531fcc5ffc6b76b334795d88156336a9a452a9022485bb572dacb7aa25f748bc75918a16d9d5ae21004cd799ac4951beb2c6c9b5baf60081b86cc2e31c49f4ea055fb3639036c95c69b1ae60e685d486dbd1d5e7d0daacd73acfc80b9c9c92"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000100)={0x0, 0x7}, 0x4) setsockopt$packet_int(r3, 0x107, 0x16, &(0x7f0000000000)=0x4, 0x4) socket$nl_xfrm(0x10, 0x3, 0x6) socket$packet(0x11, 0x2, 0x300) syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff) syz_open_dev$tty1(0xc, 0x4, 0x2) 0s ago: executing program 8 (id=2657): mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@metacopy_on}]}) chdir(&(0x7f00000003c0)='./bus\x00') mkdir(&(0x7f0000000300)='./bus\x00', 0x0) rename(&(0x7f0000000000)='./file1\x00', &(0x7f0000000100)='./bus/../file0\x00') kernel console output (not intermixed with test programs): ot active [ 625.992808][ T6728] bridge0: port 1(bridge_slave_0) entered blocking state [ 626.000126][ T6728] bridge0: port 1(bridge_slave_0) entered forwarding state [ 626.040190][ T9814] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 626.057871][ T9814] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 626.113174][ T9814] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 626.133017][ T9814] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 626.143375][ T9814] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 626.170493][ T9814] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 626.398650][ T5835] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 626.412213][ T5835] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 626.534220][ T5835] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 626.550504][ T5835] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 626.565224][ T5835] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 627.394950][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 627.402255][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 627.445123][ T9831] hsr_slave_0: entered promiscuous mode [ 627.453070][ T9831] hsr_slave_1: entered promiscuous mode [ 627.543389][ T9972] fuse: Unknown parameter 'user_i00000000000000000000' [ 628.725467][ T55] Bluetooth: hci0: command tx timeout [ 629.135803][ T9980] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1046'. [ 629.264695][ T9814] hsr_slave_0: entered promiscuous mode [ 629.283304][ T9814] hsr_slave_1: entered promiscuous mode [ 629.309216][ T9814] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 629.328138][ T9814] Cannot create hsr debugfs directory [ 630.806430][ T55] Bluetooth: hci0: command tx timeout [ 631.139578][ T3452] bridge_slave_1: left allmulticast mode [ 631.151633][ T3452] bridge_slave_1: left promiscuous mode [ 631.174525][ T3452] bridge0: port 2(bridge_slave_1) entered disabled state [ 631.199912][ T3452] bridge_slave_0: left allmulticast mode [ 631.213451][ T3452] bridge_slave_0: left promiscuous mode [ 631.226886][ T3452] bridge0: port 1(bridge_slave_0) entered disabled state [ 631.301238][ T3452] bridge_slave_1: left allmulticast mode [ 631.307333][ T3452] bridge_slave_1: left promiscuous mode [ 631.313183][ T3452] bridge0: port 2(bridge_slave_1) entered disabled state [ 631.375983][ T3452] bridge_slave_0: left allmulticast mode [ 631.402220][ T3452] bridge_slave_0: left promiscuous mode [ 631.415228][ T3452] bridge0: port 1(bridge_slave_0) entered disabled state [ 631.505250][ T9998] fuse: Unknown parameter 'user_i00000000000000000000' [ 631.591451][ T5835] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 631.782805][ T5835] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 631.846419][ T5835] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 631.865542][ T5835] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 631.881876][ T5835] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 632.901711][ T5835] Bluetooth: hci0: command tx timeout [ 633.068229][ T3452] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 633.102886][ T3452] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 633.123944][ T3452] bond0 (unregistering): Released all slaves [ 634.014528][ T3452] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 634.037231][ T3452] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 634.068867][ T3452] bond0 (unregistering): Released all slaves [ 634.169256][ T55] Bluetooth: hci1: command tx timeout [ 634.593574][ T3452] hsr_slave_0: left promiscuous mode [ 634.616123][ T3452] hsr_slave_1: left promiscuous mode [ 634.627535][ T3452] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 634.651406][ T3452] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 634.730961][ T3452] hsr_slave_0: left promiscuous mode [ 634.741688][ T3452] hsr_slave_1: left promiscuous mode [ 634.755692][ T3452] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 634.784105][ T3452] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 634.810643][ T1290] ieee802154 phy0 wpan0: encryption failed: -22 [ 634.822307][ T1290] ieee802154 phy1 wpan1: encryption failed: -22 [ 634.970243][ T55] Bluetooth: hci0: command tx timeout [ 634.993893][T10028] capability: warning: `syz.4.1063' uses 32-bit capabilities (legacy support in use) [ 635.023216][T10027] fuse: Unknown parameter 'user_id00000000000000000000' [ 635.508526][ T3452] team0 (unregistering): Port device team_slave_1 removed [ 636.329364][ T55] Bluetooth: hci1: command tx timeout [ 636.464814][ T3452] team0 (unregistering): Port device team_slave_0 removed [ 638.185961][T10051] fuse: Unknown parameter 'user_id00000000000000000000' [ 638.311955][ T3452] team0 (unregistering): Port device team_slave_1 removed [ 638.406295][ T55] Bluetooth: hci1: command tx timeout [ 638.431052][ T3452] team0 (unregistering): Port device team_slave_0 removed [ 640.491364][ T55] Bluetooth: hci1: command tx timeout [ 641.324840][ T9961] chnl_net:caif_netlink_parms(): no params data found [ 641.555079][T10087] fuse: Unknown parameter 'user_id00000000000000000000' [ 641.865799][ T9961] bridge0: port 1(bridge_slave_0) entered blocking state [ 641.878945][ T9961] bridge0: port 1(bridge_slave_0) entered disabled state [ 641.909045][ T9961] bridge_slave_0: entered allmulticast mode [ 641.917409][ T9961] bridge_slave_0: entered promiscuous mode [ 641.934293][ T9961] bridge0: port 2(bridge_slave_1) entered blocking state [ 641.941738][ T9961] bridge0: port 2(bridge_slave_1) entered disabled state [ 641.949360][ T9961] bridge_slave_1: entered allmulticast mode [ 641.958116][ T9961] bridge_slave_1: entered promiscuous mode [ 643.552118][ T9961] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 644.476991][T10100] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 644.675435][ T9961] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 644.864820][ T9961] team0: Port device team_slave_0 added [ 644.895094][ T9831] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 644.990661][ T9961] team0: Port device team_slave_1 added [ 645.084606][ T9831] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 646.227338][ T9831] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 646.251507][ T9831] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 646.378190][ T9961] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 646.409067][ T9961] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 646.456161][ T9961] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 646.474011][ T9961] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 646.481994][ T9961] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 646.509687][ T9961] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 646.536001][T10000] chnl_net:caif_netlink_parms(): no params data found [ 647.446416][ T9961] hsr_slave_0: entered promiscuous mode [ 647.454084][ T9961] hsr_slave_1: entered promiscuous mode [ 647.463557][ T9961] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 647.471616][ T9961] Cannot create hsr debugfs directory [ 650.892638][T10129] fuse: Bad value for 'fd' [ 651.087153][T10000] bridge0: port 1(bridge_slave_0) entered blocking state [ 651.104593][T10000] bridge0: port 1(bridge_slave_0) entered disabled state [ 651.112027][T10000] bridge_slave_0: entered allmulticast mode [ 651.136866][T10000] bridge_slave_0: entered promiscuous mode [ 651.343498][T10000] bridge0: port 2(bridge_slave_1) entered blocking state [ 651.359899][T10000] bridge0: port 2(bridge_slave_1) entered disabled state [ 651.380787][T10000] bridge_slave_1: entered allmulticast mode [ 651.396370][T10000] bridge_slave_1: entered promiscuous mode [ 651.899516][ T9814] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 651.913349][ T9814] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 651.926743][ T9814] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 651.961713][ T9814] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 653.195976][T10000] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 653.263917][T10000] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 655.075431][T10000] team0: Port device team_slave_0 added [ 655.146238][T10159] fuse: Bad value for 'fd' [ 655.276860][T10000] team0: Port device team_slave_1 added [ 655.723519][T10000] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 655.730743][T10000] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 655.802025][T10000] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 655.833821][T10000] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 655.840866][T10000] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 655.917044][T10000] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 655.970233][ T9831] 8021q: adding VLAN 0 to HW filter on device bond0 [ 656.440129][T10000] hsr_slave_0: entered promiscuous mode [ 656.449148][T10000] hsr_slave_1: entered promiscuous mode [ 656.457804][T10000] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 656.466131][T10000] Cannot create hsr debugfs directory [ 656.480899][ T9831] 8021q: adding VLAN 0 to HW filter on device team0 [ 657.957097][ T745] bridge0: port 1(bridge_slave_0) entered blocking state [ 657.964385][ T745] bridge0: port 1(bridge_slave_0) entered forwarding state [ 657.996250][T10186] fuse: Bad value for 'fd' [ 658.074711][ T1333] bridge0: port 2(bridge_slave_1) entered blocking state [ 658.082023][ T1333] bridge0: port 2(bridge_slave_1) entered forwarding state [ 658.162811][ T9814] 8021q: adding VLAN 0 to HW filter on device bond0 [ 658.337223][ T1085] bridge_slave_1: left allmulticast mode [ 658.350575][ T1085] bridge_slave_1: left promiscuous mode [ 658.356520][ T1085] bridge0: port 2(bridge_slave_1) entered disabled state [ 658.374168][T10192] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1116'. [ 658.387411][ T1085] bridge_slave_0: left allmulticast mode [ 658.404478][ T1085] bridge_slave_0: left promiscuous mode [ 658.422733][ T1085] bridge0: port 1(bridge_slave_0) entered disabled state [ 658.457049][ T1085] bridge_slave_1: left allmulticast mode [ 658.485450][ T1085] bridge_slave_1: left promiscuous mode [ 658.491519][ T1085] bridge0: port 2(bridge_slave_1) entered disabled state [ 658.527073][ T1085] bridge_slave_0: left allmulticast mode [ 658.558552][ T1085] bridge_slave_0: left promiscuous mode [ 658.565189][ T1085] bridge0: port 1(bridge_slave_0) entered disabled state [ 660.063502][ T1085] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 660.076622][ T1085] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 660.087248][ T1085] bond0 (unregistering): Released all slaves [ 660.527005][ T1085] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 660.540763][ T1085] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 660.552646][ T1085] bond0 (unregistering): Released all slaves [ 661.660412][ T9814] 8021q: adding VLAN 0 to HW filter on device team0 [ 661.737698][T10213] fuse: Unknown parameter '0x0000000000000004' [ 661.974387][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 661.981761][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 662.008128][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 662.015468][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 662.131991][ T1085] hsr_slave_0: left promiscuous mode [ 662.148402][ T1085] hsr_slave_1: left promiscuous mode [ 662.156675][ T1085] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 662.168053][ T1085] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 662.195591][ T1085] hsr_slave_0: left promiscuous mode [ 662.206713][ T1085] hsr_slave_1: left promiscuous mode [ 662.213226][ T1085] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 662.223646][ T1085] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 663.321273][ T1085] team0 (unregistering): Port device team_slave_1 removed [ 663.513699][ T1085] team0 (unregistering): Port device team_slave_0 removed [ 665.185559][ T1085] team0 (unregistering): Port device team_slave_1 removed [ 665.330462][ T1085] team0 (unregistering): Port device team_slave_0 removed [ 666.423873][ T9961] netdevsim netdevsim9 netdevsim0: renamed from eth0 [ 666.491904][ T9961] netdevsim netdevsim9 netdevsim1: renamed from eth1 [ 666.524432][ T9961] netdevsim netdevsim9 netdevsim2: renamed from eth2 [ 666.583326][ T9961] netdevsim netdevsim9 netdevsim3: renamed from eth3 [ 668.241750][ T9831] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 668.320816][T10248] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1131'. [ 668.644884][ T9961] 8021q: adding VLAN 0 to HW filter on device bond0 [ 668.863138][ T9961] 8021q: adding VLAN 0 to HW filter on device team0 [ 668.891548][T10000] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 669.017403][T10000] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 669.056751][T10258] fuse: Unknown parameter '0x0000000000000004' [ 669.244358][T10000] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 669.439139][ T3452] bridge0: port 1(bridge_slave_0) entered blocking state [ 669.446489][ T3452] bridge0: port 1(bridge_slave_0) entered forwarding state [ 669.624441][T10260] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 670.369126][ T3452] bridge0: port 2(bridge_slave_1) entered blocking state [ 670.376428][ T3452] bridge0: port 2(bridge_slave_1) entered forwarding state [ 670.389608][T10000] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 671.051943][ T5835] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 671.068996][ T5835] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 671.082194][ T5835] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 671.104744][ T5835] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 671.159969][ T5835] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 672.465951][ T55] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 672.482961][ T55] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 672.493594][ T55] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 672.503021][ T55] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 672.523805][ T55] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 672.534861][T10290] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1140'. [ 673.343390][ T5835] Bluetooth: hci2: command tx timeout [ 673.775370][T10000] 8021q: adding VLAN 0 to HW filter on device bond0 [ 674.246422][ T9961] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 674.324665][T10000] 8021q: adding VLAN 0 to HW filter on device team0 [ 674.445398][ T67] bridge_slave_1: left allmulticast mode [ 674.451966][ T67] bridge_slave_1: left promiscuous mode [ 674.484381][ T67] bridge0: port 2(bridge_slave_1) entered disabled state [ 674.504402][ T67] bridge_slave_0: left allmulticast mode [ 674.530709][ T67] bridge_slave_0: left promiscuous mode [ 674.537244][ T67] bridge0: port 1(bridge_slave_0) entered disabled state [ 674.640545][ T5835] Bluetooth: hci4: command tx timeout [ 675.176002][ T67] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 675.190299][ T67] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 675.204215][ T67] bond0 (unregistering): Released all slaves [ 675.223195][ T6728] bridge0: port 1(bridge_slave_0) entered blocking state [ 675.230378][ T6728] bridge0: port 1(bridge_slave_0) entered forwarding state [ 675.335545][ T6728] bridge0: port 2(bridge_slave_1) entered blocking state [ 675.342799][ T6728] bridge0: port 2(bridge_slave_1) entered forwarding state [ 675.422216][ T5835] Bluetooth: hci2: command tx timeout [ 675.463172][ T67] hsr_slave_0: left promiscuous mode [ 675.482880][ T67] hsr_slave_1: left promiscuous mode [ 675.489169][ T67] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 675.532858][ T67] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 675.890905][ T67] team0 (unregistering): Port device team_slave_1 removed [ 675.940053][ T67] team0 (unregistering): Port device team_slave_0 removed [ 676.506788][T10264] chnl_net:caif_netlink_parms(): no params data found [ 676.563994][T10285] chnl_net:caif_netlink_parms(): no params data found [ 676.709451][ T5835] Bluetooth: hci4: command tx timeout [ 677.039574][T10264] bridge0: port 1(bridge_slave_0) entered blocking state [ 677.047007][T10264] bridge0: port 1(bridge_slave_0) entered disabled state [ 677.054692][T10264] bridge_slave_0: entered allmulticast mode [ 677.063372][T10264] bridge_slave_0: entered promiscuous mode [ 677.130487][T10264] bridge0: port 2(bridge_slave_1) entered blocking state [ 677.152108][T10264] bridge0: port 2(bridge_slave_1) entered disabled state [ 677.159847][T10264] bridge_slave_1: entered allmulticast mode [ 677.177840][T10264] bridge_slave_1: entered promiscuous mode [ 677.293405][T10285] bridge0: port 1(bridge_slave_0) entered blocking state [ 677.300751][T10285] bridge0: port 1(bridge_slave_0) entered disabled state [ 677.310279][T10285] bridge_slave_0: entered allmulticast mode [ 677.320576][T10285] bridge_slave_0: entered promiscuous mode [ 677.359717][T10264] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 677.395448][T10264] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 677.422603][T10285] bridge0: port 2(bridge_slave_1) entered blocking state [ 677.429854][T10285] bridge0: port 2(bridge_slave_1) entered disabled state [ 677.448397][T10285] bridge_slave_1: entered allmulticast mode [ 677.458571][T10285] bridge_slave_1: entered promiscuous mode [ 677.502347][ T5835] Bluetooth: hci2: command tx timeout [ 677.547071][ T9961] veth0_vlan: entered promiscuous mode [ 677.568962][T10264] team0: Port device team_slave_0 added [ 677.656667][T10285] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 677.683427][T10264] team0: Port device team_slave_1 added [ 677.774920][T10285] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 677.818747][ T9961] veth1_vlan: entered promiscuous mode [ 677.895453][T10285] team0: Port device team_slave_0 added [ 677.978717][T10285] team0: Port device team_slave_1 added [ 677.998652][T10264] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 678.006708][T10264] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 678.033879][T10264] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 678.050056][T10264] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 678.060320][T10264] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 678.093608][T10264] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 678.160421][T10285] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 678.167554][T10285] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 678.194518][T10285] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 678.329716][T10285] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 678.337915][T10285] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 678.365498][T10285] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 678.500128][T10264] hsr_slave_0: entered promiscuous mode [ 678.509695][T10264] hsr_slave_1: entered promiscuous mode [ 678.530671][T10264] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 678.543326][T10264] Cannot create hsr debugfs directory [ 678.635656][T10000] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 678.783667][ T5835] Bluetooth: hci4: command tx timeout [ 678.807710][T10285] hsr_slave_0: entered promiscuous mode [ 678.831777][T10285] hsr_slave_1: entered promiscuous mode [ 678.838290][T10285] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 678.880436][T10285] Cannot create hsr debugfs directory [ 678.925500][ T9961] veth0_macvtap: entered promiscuous mode [ 679.263722][ T9961] veth1_macvtap: entered promiscuous mode [ 679.457030][ T9961] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 679.495503][ T9961] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 679.580511][ T5835] Bluetooth: hci2: command tx timeout [ 679.625956][ T67] bridge_slave_1: left allmulticast mode [ 679.641357][ T67] bridge_slave_1: left promiscuous mode [ 679.647262][ T67] bridge0: port 2(bridge_slave_1) entered disabled state [ 679.675749][ T67] bridge_slave_0: left allmulticast mode [ 679.685716][ T67] bridge_slave_0: left promiscuous mode [ 679.696429][ T67] bridge0: port 1(bridge_slave_0) entered disabled state [ 680.679412][ T67] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 680.695409][ T67] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 680.706891][ T67] bond0 (unregistering): Released all slaves [ 680.860131][ T9961] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 680.874916][ T5835] Bluetooth: hci4: command tx timeout [ 680.880875][ T9961] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 680.916577][ T9961] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 680.937211][ T9961] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 680.986902][ T67] hsr_slave_0: left promiscuous mode [ 680.997000][ T67] hsr_slave_1: left promiscuous mode [ 681.005435][ T67] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 681.018773][ T67] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 681.352927][ T67] team0 (unregistering): Port device team_slave_1 removed [ 681.392667][ T67] team0 (unregistering): Port device team_slave_0 removed [ 681.992128][T10000] veth0_vlan: entered promiscuous mode [ 682.145946][ T6652] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 682.184225][ T6652] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 682.225677][T10000] veth1_vlan: entered promiscuous mode [ 682.280873][ T6652] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 682.294456][ T6652] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 682.460424][T10000] veth0_macvtap: entered promiscuous mode [ 682.562711][T10000] veth1_macvtap: entered promiscuous mode [ 682.791890][T10000] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 682.864228][T10000] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 683.714776][T10424] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 684.705752][T10000] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 684.769118][T10000] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 684.794436][T10000] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 684.817465][T10000] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 686.288729][T10447] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1149'. [ 686.489650][ T67] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 686.540644][ T67] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 686.685955][T10285] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 686.723562][T10285] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 686.810608][ T53] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 686.865234][ T53] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 686.890299][T10285] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 687.003944][T10285] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 687.285755][T10459] loop9: detected capacity change from 0 to 8 [ 687.300377][T10264] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 687.998952][T10459] SQUASHFS error: lzo decompression failed, data probably corrupt [ 688.075744][T10459] SQUASHFS error: Failed to read block 0x91: -5 [ 688.082254][T10459] SQUASHFS error: Unable to read metadata cache entry [8f] [ 688.152176][T10459] SQUASHFS error: Unable to read inode 0x11f [ 688.219853][T10264] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 688.323835][T10467] loop6: detected capacity change from 0 to 512 [ 688.349842][T10264] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 688.392423][T10264] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 688.399763][T10467] EXT4-fs: Ignoring removed mblk_io_submit option [ 688.498027][T10467] EXT4-fs (loop6): blocks per group (255) and clusters per group (8192) inconsistent [ 688.649359][T10476] xt_hashlimit: max too large, truncated to 1048576 [ 689.110564][T10285] 8021q: adding VLAN 0 to HW filter on device bond0 [ 689.152039][ T5835] Bluetooth: hci1: unexpected event 0x10 length: 7 > 1 [ 689.153859][ T55] Bluetooth: hci1: hardware error 0x00 [ 689.483335][T10264] 8021q: adding VLAN 0 to HW filter on device bond0 [ 689.525844][T10285] 8021q: adding VLAN 0 to HW filter on device team0 [ 689.552868][T10264] 8021q: adding VLAN 0 to HW filter on device team0 [ 689.589512][ T6652] bridge0: port 1(bridge_slave_0) entered blocking state [ 689.596847][ T6652] bridge0: port 1(bridge_slave_0) entered forwarding state [ 689.646885][ T6652] bridge0: port 2(bridge_slave_1) entered blocking state [ 689.654197][ T6652] bridge0: port 2(bridge_slave_1) entered forwarding state [ 689.682721][T10496] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1164'. [ 689.738162][ T6652] bridge0: port 1(bridge_slave_0) entered blocking state [ 689.745576][ T6652] bridge0: port 1(bridge_slave_0) entered forwarding state [ 689.923189][ T6728] bridge0: port 2(bridge_slave_1) entered blocking state [ 689.930556][ T6728] bridge0: port 2(bridge_slave_1) entered forwarding state [ 690.439414][T10506] loop9: detected capacity change from 0 to 128 [ 690.498791][T10506] EXT4-fs: Ignoring removed nobh option [ 690.509296][T10264] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 690.625207][ T59] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 690.668679][T10506] EXT4-fs (loop9): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 690.767545][T10506] ext4 filesystem being mounted at /5/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 690.910036][ T59] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 690.946069][ T59] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 690.977170][ T59] usb 7-1: config 1 has no interface number 0 [ 690.983441][ T59] usb 7-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 691.060375][ T59] usb 7-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping [ 691.124772][ T59] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 691.165883][ T59] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 691.206267][ T59] usb 7-1: Product: syz [ 691.210551][ T59] usb 7-1: Manufacturer: syz [ 691.234380][ T59] usb 7-1: SerialNumber: syz [ 691.327465][ T9961] EXT4-fs (loop9): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 691.574989][ T55] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 691.633636][T10529] loop9: detected capacity change from 0 to 512 [ 691.641917][T10529] EXT4-fs: Ignoring removed mblk_io_submit option [ 691.685457][T10529] EXT4-fs: Ignoring removed bh option [ 691.754665][T10529] EXT4-fs (loop9): encrypted files will use data=ordered instead of data journaling mode [ 691.777982][T10264] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 691.835144][T10529] EXT4-fs (loop9): 1 truncate cleaned up [ 691.843332][T10529] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 691.919307][T10285] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 692.130868][ T59] cdc_ncm 7-1:1.1: bind() failure [ 692.243870][ T59] usb 7-1: USB disconnect, device number 2 [ 692.345601][ T9961] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 693.698677][T10553] loop9: detected capacity change from 0 to 128 [ 694.032083][T10553] UDF-fs: error (device loop9): udf_read_tagged: read failed, block=256, location=256 [ 694.895671][T10567] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1177'. [ 695.461354][T10264] veth0_vlan: entered promiscuous mode [ 695.579640][T10264] veth1_vlan: entered promiscuous mode [ 695.796836][T10285] veth0_vlan: entered promiscuous mode [ 695.871065][T10285] veth1_vlan: entered promiscuous mode [ 695.904807][T10264] veth0_macvtap: entered promiscuous mode [ 695.972793][T10264] veth1_macvtap: entered promiscuous mode [ 696.140785][T10264] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 696.191095][T10285] veth0_macvtap: entered promiscuous mode [ 696.227729][ T1290] ieee802154 phy0 wpan0: encryption failed: -22 [ 696.234692][ T1290] ieee802154 phy1 wpan1: encryption failed: -22 [ 696.298940][T10264] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 696.376022][T10285] veth1_macvtap: entered promiscuous mode [ 696.407438][T10264] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 696.446809][T10264] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 696.487194][T10264] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 696.541463][T10264] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 698.019043][T10285] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 698.738377][T10603] futex_wake_op: syz.9.1187 tries to shift op by 144; fix this program [ 698.878950][T10603] loop9: detected capacity change from 0 to 128 [ 699.175031][T10285] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 699.218688][T10603] EXT4-fs (loop9): Test dummy encryption mode enabled [ 700.224683][T10603] EXT4-fs (loop9): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 700.276940][T10603] ext4 filesystem being mounted at /11/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 700.416587][T10285] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 700.467539][T10285] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 700.506566][T10285] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 700.530710][T10285] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 701.959135][ T9961] EXT4-fs (loop9): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 702.109919][ T3452] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 702.117847][ T3452] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 702.406787][ T3452] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 702.497504][ T3452] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 702.516502][T10623] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1192'. [ 702.568225][ T3452] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 702.576362][ T3452] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 702.752463][T10628] loop6: detected capacity change from 0 to 1024 [ 702.869513][T10628] EXT4-fs (loop6): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 702.952378][T10628] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 703.122527][ T7441] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 703.146486][ T7441] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 703.302510][T10637] loop7: detected capacity change from 0 to 256 [ 703.341391][T10000] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 703.560176][T10637] FAT-fs (loop7): Directory bread(block 64) failed [ 703.566824][T10637] FAT-fs (loop7): Directory bread(block 65) failed [ 703.656594][T10637] FAT-fs (loop7): Directory bread(block 66) failed [ 703.687964][T10637] FAT-fs (loop7): Directory bread(block 67) failed [ 703.723722][T10637] FAT-fs (loop7): Directory bread(block 68) failed [ 703.777092][T10637] FAT-fs (loop7): Directory bread(block 69) failed [ 704.641131][T10644] futex_wake_op: syz.6.1195 tries to shift op by 144; fix this program [ 705.790016][T10643] loop8: detected capacity change from 0 to 512 [ 706.046877][T10637] FAT-fs (loop7): Directory bread(block 70) failed [ 706.053551][T10637] FAT-fs (loop7): Directory bread(block 71) failed [ 706.128581][T10637] FAT-fs (loop7): Directory bread(block 72) failed [ 706.135225][T10637] FAT-fs (loop7): Directory bread(block 73) failed [ 706.404964][T10643] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 706.506575][T10643] ext4 filesystem being mounted at /0/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 707.949628][T10661] loop7: detected capacity change from 0 to 128 [ 707.994034][T10661] EXT4-fs (loop7): Test dummy encryption mode enabled [ 708.075264][T10661] EXT4-fs (loop7): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 708.205854][T10661] ext4 filesystem being mounted at /1/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 708.285880][T10285] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 709.605170][T10675] loop8: detected capacity change from 0 to 256 [ 709.773318][T10680] loop9: detected capacity change from 0 to 256 [ 709.782324][T10264] EXT4-fs (loop7): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 709.884197][T10675] exFAT-fs (loop8): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x89cb6648, utbl_chksum : 0xe619d30d) [ 709.938498][T10680] exFAT-fs (loop9): failed to load upcase table (idx : 0x00011a39, chksum : 0xd7c18d7b, utbl_chksum : 0xe619d30d) [ 710.467030][T10690] exFAT-fs (loop8): start_clu is invalid cluster(0xffffffff) [ 711.122666][ T30] audit: type=1800 audit(1748327943.641:309): pid=10691 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.8.1201" name="bus" dev="loop8" ino=1048726 res=0 errno=0 [ 711.519497][T10696] loop7: detected capacity change from 0 to 512 [ 711.528690][T10696] EXT4-fs (loop7): Test dummy encryption mode enabled [ 711.535635][T10696] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode [ 711.547444][T10695] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1206'. [ 711.733915][T10696] EXT4-fs error (device loop7): ext4_orphan_get:1417: comm syz.7.1204: bad orphan inode 131083 [ 711.748340][T10696] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 711.784242][T10696] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 712.323580][ T10] usb 9-1: new high-speed USB device number 2 using dummy_hcd [ 712.503427][ T10] usb 9-1: Using ep0 maxpacket: 32 [ 712.554121][ T10] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 712.604052][ T10] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 712.656345][T10264] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 712.686099][ T10] usb 9-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 712.742006][ T10] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 712.745288][T10715] loop9: detected capacity change from 0 to 512 [ 712.811035][ T10] usb 9-1: config 0 descriptor?? [ 712.833964][T10715] EXT4-fs (loop9): encrypted files will use data=ordered instead of data journaling mode [ 712.956256][T10715] EXT4-fs error (device loop9): __ext4_iget:5025: inode #2: block 3072: comm syz.9.1211: invalid block [ 713.046955][T10715] EXT4-fs (loop9): get root inode failed [ 713.052723][T10715] EXT4-fs (loop9): mount failed [ 713.261467][T10724] loop7: detected capacity change from 0 to 512 [ 713.657487][T10724] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 714.129122][T10724] ext4 filesystem being mounted at /3/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 715.807213][ T10] savu 0003:1E7D:2D5A.0008: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.8-1/input0 [ 715.901726][ T10] usb 9-1: USB disconnect, device number 2 [ 717.137529][T10759] loop9: detected capacity change from 0 to 256 [ 718.248191][T10750] fido_id[10750]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.8/usb9/report_descriptor': No such file or directory [ 718.418062][T10264] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 718.906328][T10768] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1219'. [ 719.269566][T10770] loop7: detected capacity change from 0 to 1024 [ 720.442722][T10776] batadv_slave_1: entered promiscuous mode [ 720.523157][T10274] usb 10-1: new full-speed USB device number 2 using dummy_hcd [ 720.552162][ T7445] hfsplus: b-tree write err: -5, ino 4 [ 720.730648][T10776] veth3: entered promiscuous mode [ 720.743533][T10274] usb 10-1: unable to get BOS descriptor or descriptor too short [ 720.775991][T10274] usb 10-1: not running at top speed; connect to a high speed hub [ 720.849660][T10274] usb 10-1: config 129 has an invalid interface number: 135 but max is 0 [ 720.881173][T10274] usb 10-1: config 129 has an invalid interface number: 5 but max is 0 [ 720.929290][T10274] usb 10-1: config 129 descriptor has 1 excess byte, ignoring [ 720.936114][T10775] batadv_slave_1: left promiscuous mode [ 720.936885][T10274] usb 10-1: config 129 has 2 interfaces, different from the descriptor's value: 1 [ 720.957666][T10778] netlink: 4 bytes leftover after parsing attributes in process `syz.7.1222'. [ 721.021965][T10274] usb 10-1: config 129 has no interface number 0 [ 721.054525][T10274] usb 10-1: config 129 has no interface number 1 [ 721.069133][T10274] usb 10-1: config 129 interface 135 altsetting 6 has 0 endpoint descriptors, different from the interface descriptor's value: 9 [ 721.123678][T10274] usb 10-1: too many endpoints for config 129 interface 5 altsetting 7: 37, using maximum allowed: 30 [ 721.165233][T10781] loop7: detected capacity change from 0 to 1024 [ 721.165614][T10274] usb 10-1: config 129 interface 5 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 37 [ 721.239054][T10274] usb 10-1: config 129 interface 135 has no altsetting 0 [ 721.246392][T10274] usb 10-1: config 129 interface 5 has no altsetting 0 [ 721.270654][T10781] EXT4-fs (loop7): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 721.308261][T10274] usb 10-1: New USB device found, idVendor=2040, idProduct=721f, bcdDevice=f2.62 [ 721.339030][T10274] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 721.347236][T10274] usb 10-1: Product: syz [ 721.388986][T10274] usb 10-1: Manufacturer: syz [ 721.393864][T10274] usb 10-1: SerialNumber: syz [ 721.512303][T10781] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 722.105260][T10791] loop6: detected capacity change from 0 to 512 [ 722.194549][T10274] usb 10-1: Quirk or no altset; falling back to MIDI 1.0 [ 722.253104][T10274] usb 10-1: MIDIStreaming interface descriptor not found [ 722.343403][T10791] Quota error (device loop6): do_check_range: Getting dqdh_prev_free 1536 out of range 0-5 [ 722.477961][T10791] Quota error (device loop6): qtree_write_dquot: Error -117 occurred while creating quota [ 722.559716][T10791] EXT4-fs error (device loop6): ext4_acquire_dquot:6933: comm syz.6.1226: Failed to acquire dquot type 1 [ 722.749155][T10274] usb 10-1: USB disconnect, device number 2 [ 722.854787][T10791] EXT4-fs (loop6): 1 truncate cleaned up [ 723.029857][T10791] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 723.125548][T10709] udevd[10709]: error opening ATTR{/sys/devices/platform/dummy_hcd.9/usb10/10-1/10-1:129.5/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 723.228307][T10791] ext4 filesystem being mounted at /14/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 723.869921][T10264] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 723.902902][T10735] EXT4-fs error (device loop6): ext4_validate_block_bitmap:440: comm ext4lazyinit: bg 0: block 248: padding at end of block bitmap is not set [ 724.743450][T10791] Quota error (device loop6): do_check_range: Getting dqdh_prev_free 1536 out of range 0-5 [ 724.878093][T10791] Quota error (device loop6): qtree_write_dquot: Error -117 occurred while creating quota [ 724.985522][T10791] EXT4-fs error (device loop6): ext4_acquire_dquot:6933: comm syz.6.1226: Failed to acquire dquot type 1 [ 725.594307][T10000] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 726.451892][T10825] netlink: 4 bytes leftover after parsing attributes in process `syz.7.1239'. [ 726.590909][T10825] loop7: detected capacity change from 0 to 1024 [ 726.613210][T10831] loop9: detected capacity change from 0 to 256 [ 726.699301][T10825] EXT4-fs (loop7): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 726.728101][T10831] FAT-fs (loop9): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 726.847829][T10825] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 727.397950][T10264] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 731.161951][T10886] loop9: detected capacity change from 0 to 512 [ 731.547136][T10886] EXT4-fs (loop9): Test dummy encryption mode enabled [ 731.554704][T10886] EXT4-fs (loop9): encrypted files will use data=ordered instead of data journaling mode [ 731.628139][T10886] EXT4-fs error (device loop9): ext4_orphan_get:1417: comm syz.9.1254: bad orphan inode 131083 [ 731.646547][T10886] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 732.235644][ T9961] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 732.797915][T10901] netlink: 4 bytes leftover after parsing attributes in process `syz.7.1255'. [ 732.911862][T10901] loop7: detected capacity change from 0 to 1024 [ 732.947141][T10901] EXT4-fs (loop7): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 733.086134][T10903] loop9: detected capacity change from 0 to 512 [ 733.167882][T10903] EXT4-fs: inline encryption not supported [ 733.259810][T10903] EXT4-fs (loop9): blocks per group (255) and clusters per group (8192) inconsistent [ 733.284270][T10901] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 733.848038][T10264] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 735.326147][T10930] loop9: detected capacity change from 0 to 1024 [ 737.949607][T10955] loop8: detected capacity change from 0 to 8 [ 737.989742][T10955] squashfs: Unknown parameter '0xffffffffffffffffÿÿÿÿÿÿÿÿ18446744073709551615' [ 738.137669][T10955] loop8: detected capacity change from 0 to 512 [ 738.176690][T10955] ext4: Unknown parameter 'smackfsdef' [ 739.657647][T10967] loop9: detected capacity change from 0 to 1024 [ 740.453093][T10967] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 741.627438][T10986] loop8: detected capacity change from 0 to 512 [ 741.649464][T10967] EXT4-fs error (device loop9): ext4_lookup:1781: inode #2: comm syz.9.1274: bad inode number: 15 [ 741.671582][T10986] EXT4-fs (loop8): Test dummy encryption mode enabled [ 741.678533][T10986] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode [ 742.118225][T10967] EXT4-fs (loop9): Remounting filesystem read-only [ 742.483245][T10986] EXT4-fs error (device loop8): ext4_orphan_get:1417: comm syz.8.1279: bad orphan inode 131083 [ 742.501292][T10986] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 742.556056][T10986] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 742.812192][T10998] loop7: detected capacity change from 0 to 512 [ 743.011655][T10998] Quota error (device loop7): do_check_range: Getting dqdh_prev_free 1536 out of range 0-5 [ 743.123576][T10998] Quota error (device loop7): qtree_write_dquot: Error -117 occurred while creating quota [ 743.375941][T10998] EXT4-fs error (device loop7): ext4_acquire_dquot:6933: comm syz.7.1283: Failed to acquire dquot type 1 [ 743.468145][T10998] EXT4-fs (loop7): 1 truncate cleaned up [ 743.602693][ T9961] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 743.606673][T10285] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 743.616424][T10998] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 743.690993][T11003] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1284'. [ 743.719737][T10998] ext4 filesystem being mounted at /16/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 744.072068][T10998] Quota error (device loop7): do_check_range: Getting dqdh_prev_free 1536 out of range 0-5 [ 744.093955][T11015] loop8: detected capacity change from 0 to 1024 [ 744.167739][T10998] Quota error (device loop7): qtree_write_dquot: Error -117 occurred while creating quota [ 744.207249][T10998] EXT4-fs error (device loop7): ext4_acquire_dquot:6933: comm syz.7.1283: Failed to acquire dquot type 1 [ 745.443700][ T24] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 745.671572][T10993] EXT4-fs error (device loop7): ext4_validate_block_bitmap:440: comm ext4lazyinit: bg 0: block 248: padding at end of block bitmap is not set [ 746.366689][ T24] usb 7-1: Using ep0 maxpacket: 16 [ 746.391770][ T24] usb 7-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 9.00 [ 746.446248][ T24] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 746.506067][ T24] usb 7-1: Product: syz [ 746.531764][ T24] usb 7-1: Manufacturer: syz [ 746.565442][ T24] usb 7-1: SerialNumber: syz [ 746.761008][T10264] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 746.804266][ T24] usb 7-1: config 0 descriptor?? [ 746.860564][ T24] ftdi_sio 7-1:0.0: FTDI USB Serial Device converter detected [ 746.890331][T11040] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1297'. [ 746.957629][ T24] usb 7-1: Detected FT232H [ 747.305661][ T24] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 747.407119][ T24] ftdi_sio 7-1:0.0: GPIO initialisation failed: -71 [ 747.564256][ T24] usb 7-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 747.732214][ T24] usb 7-1: USB disconnect, device number 3 [ 747.990651][ T24] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 748.071251][ T24] ftdi_sio 7-1:0.0: device disconnected [ 748.352489][T11055] loop8: detected capacity change from 0 to 512 [ 748.556017][T11055] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode [ 748.658623][T11055] EXT4-fs error (device loop8): __ext4_iget:5025: inode #2: block 3072: comm syz.8.1300: invalid block [ 748.795304][T11055] EXT4-fs (loop8): get root inode failed [ 748.811403][T11055] EXT4-fs (loop8): mount failed [ 749.621514][ T5835] Bluetooth: hci0: command 0x0406 tx timeout [ 750.992669][T11081] loop9: detected capacity change from 0 to 8 [ 753.047007][T11102] netlink: 4 bytes leftover after parsing attributes in process `syz.9.1313'. [ 753.382377][T11109] loop9: detected capacity change from 0 to 1024 [ 754.341062][T11109] EXT4-fs (loop9): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 755.056790][T11123] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 755.841216][T11109] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 756.399567][T11139] netlink: 40 bytes leftover after parsing attributes in process `syz.6.1322'. [ 756.444889][ T9961] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 757.791236][ T1290] ieee802154 phy0 wpan0: encryption failed: -22 [ 757.797634][ T1290] ieee802154 phy1 wpan1: encryption failed: -22 [ 758.897815][T11140] 9pnet_fd: p9_fd_create_tcp (11140): problem connecting socket to 127.0.0.1 [ 762.107290][T11171] loop9: detected capacity change from 0 to 8 [ 762.176108][T11171] squashfs: Unknown parameter '0xffffffffffffffffÿÿÿÿÿÿÿÿ18446744073709551615' [ 762.570903][T11178] loop7: detected capacity change from 0 to 256 [ 762.900528][T11183] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 763.360216][T11178] vfat: Unknown parameter 'ÿ' [ 763.366887][T11171] loop9: detected capacity change from 0 to 512 [ 763.379328][T11171] ext4: Unknown parameter 'smackfsdef' [ 764.205724][T11192] netlink: 40 bytes leftover after parsing attributes in process `syz.8.1340'. [ 764.561816][T11197] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1338'. [ 766.997374][T11212] Bluetooth: MGMT ver 1.23 [ 767.465031][T11226] loop8: detected capacity change from 0 to 512 [ 767.659536][T11226] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 767.776845][T11226] ext4 filesystem being mounted at /24/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 769.752737][T10285] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 769.871349][T11252] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1355'. [ 770.722751][T11268] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1359'. [ 771.212303][ T24] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 771.387680][ T24] usb 7-1: Using ep0 maxpacket: 32 [ 771.437953][ T24] usb 7-1: unable to get BOS descriptor or descriptor too short [ 771.495802][ T24] usb 7-1: config 128 has an invalid interface number: 127 but max is 3 [ 771.542835][ T24] usb 7-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config [ 771.609903][T11288] loop8: detected capacity change from 0 to 256 [ 771.615349][ T24] usb 7-1: config 128 has 1 interface, different from the descriptor's value: 4 [ 771.888125][ T24] usb 7-1: config 128 has no interface number 0 [ 771.894565][ T24] usb 7-1: config 128 interface 127 altsetting 14 endpoint 0x5 has an invalid bInterval 0, changing to 7 [ 771.946110][ T24] usb 7-1: config 128 interface 127 altsetting 14 endpoint 0x5 has invalid wMaxPacketSize 0 [ 772.964675][ T24] usb 7-1: config 128 interface 127 has no altsetting 0 [ 773.020905][ T24] usb 7-1: language id specifier not provided by device, defaulting to English [ 773.068545][ T24] usb 7-1: New USB device found, idVendor=0582, idProduct=295c, bcdDevice=d4.55 [ 773.126639][ T24] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 773.186322][ T24] usb 7-1: Product: syz [ 773.201183][ T24] usb 7-1: Manufacturer: syz [ 773.231360][ T24] usb 7-1: SerialNumber: syz [ 773.748660][ T24] usb 7-1: USB disconnect, device number 4 [ 774.111589][T10804] udevd[10804]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:128.127/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 774.207541][T11312] netlink: 40 bytes leftover after parsing attributes in process `syz.8.1371'. [ 774.751410][T10383] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 775.147617][T10383] usb 8-1: Using ep0 maxpacket: 16 [ 775.175774][T11318] loop8: detected capacity change from 0 to 512 [ 775.227274][T10383] usb 8-1: config 0 interface 0 has no altsetting 0 [ 775.234056][T10383] usb 8-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 775.251538][T11318] EXT4-fs (loop8): Test dummy encryption mode enabled [ 775.258559][T11318] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode [ 775.317868][T11318] EXT4-fs error (device loop8): ext4_orphan_get:1417: comm syz.8.1373: bad orphan inode 131083 [ 775.332081][T11318] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 775.389154][T10383] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 775.411370][T11323] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 775.530882][T10383] usb 8-1: config 0 descriptor?? [ 775.974392][T10383] hid (null): report_id 27651 is invalid [ 776.620352][T10383] hid (null): report_id 0 is invalid [ 776.655379][T10285] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 776.693147][T10383] usb 8-1: USB disconnect, device number 2 [ 778.324187][T11343] netlink: 4 bytes leftover after parsing attributes in process `syz.8.1379'. [ 778.589041][T11350] loop8: detected capacity change from 0 to 1024 [ 778.654699][T11355] loop9: detected capacity change from 0 to 512 [ 778.715820][T11350] EXT4-fs (loop8): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 778.908126][T11355] EXT4-fs error (device loop9): ext4_orphan_get:1391: inode #15: comm syz.9.1384: iget: bad extended attribute block 1 [ 779.065728][T11355] EXT4-fs error (device loop9): ext4_orphan_get:1394: comm syz.9.1384: couldn't read orphan inode 15 (err -117) [ 779.518107][T11355] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 779.522127][T11350] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 779.631923][T11364] netlink: 40 bytes leftover after parsing attributes in process `syz.6.1385'. [ 779.849534][T10285] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 780.341170][T11355] EXT4-fs error (device loop9): ext4_lookup:1789: inode #15: comm syz.9.1384: iget: bad extended attribute block 1 [ 780.421118][T11355] EXT4-fs error (device loop9): ext4_mb_generate_buddy:1217: group 0, block bitmap and bg descriptor inconsistent: 7934 vs 220 free clusters [ 780.553128][ T9961] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 782.043099][ T55] Bluetooth: hci4: command tx timeout [ 783.088071][T11410] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1399'. [ 786.917778][T11447] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1410'. [ 787.026408][T11447] bridge0: port 2(bridge_slave_1) entered disabled state [ 787.253091][T11447] bridge_slave_1 (unregistering): left allmulticast mode [ 787.288547][T11447] bridge_slave_1 (unregistering): left promiscuous mode [ 787.336432][T11447] bridge0: port 2(bridge_slave_1) entered disabled state [ 787.675878][ T5903] usb 10-1: new high-speed USB device number 3 using dummy_hcd [ 788.267279][ T5903] usb 10-1: Using ep0 maxpacket: 32 [ 788.343615][ T5903] usb 10-1: config 0 has an invalid interface number: 67 but max is 0 [ 788.383078][ T5903] usb 10-1: config 0 has no interface number 0 [ 788.406661][ T5903] usb 10-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 788.450954][ T5903] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 788.523840][ T5903] usb 10-1: Product: syz [ 788.528183][ T5903] usb 10-1: Manufacturer: syz [ 788.575193][ T5903] usb 10-1: SerialNumber: syz [ 788.622326][ T5903] usb 10-1: config 0 descriptor?? [ 788.779818][ T5903] smsc95xx v2.0.0 [ 789.727569][ T5903] smsc95xx 10-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 789.745841][ T5903] smsc95xx 10-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 790.248434][ T5903] smsc95xx 10-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000104: -71 [ 790.346265][ T5903] smsc95xx 10-1:0.67: probe with driver smsc95xx failed with error -71 [ 790.494127][T11486] netlink: 40 bytes leftover after parsing attributes in process `syz.7.1402'. [ 790.512702][ T5903] usb 10-1: USB disconnect, device number 3 [ 795.355682][ T47] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 796.425521][ T5835] Bluetooth: hci2: command 0x0406 tx timeout [ 797.428577][T11540] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1433'. [ 797.431398][ T47] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 797.448157][ T47] usb 7-1: config 0 has no interfaces? [ 797.461889][ T47] usb 7-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 797.471040][ T47] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 797.513324][ T47] usb 7-1: config 0 descriptor?? [ 797.908889][T10383] usb 7-1: USB disconnect, device number 5 [ 802.102508][T11577] xt_hashlimit: size too large, truncated to 1048576 [ 802.110196][T11577] xt_hashlimit: invalid rate [ 818.994945][T11740] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 819.466984][ T1290] ieee802154 phy0 wpan0: encryption failed: -22 [ 819.474461][ T1290] ieee802154 phy1 wpan1: encryption failed: -22 [ 823.982144][T11780] netlink: 24 bytes leftover after parsing attributes in process `syz.9.1505'. [ 825.239408][ T55] Bluetooth: hci0: unexpected event for opcode 0x0c6d [ 829.275174][T11835] netlink: 8 bytes leftover after parsing attributes in process `syz.8.1518'. [ 829.355111][ T10] usb 7-1: new full-speed USB device number 6 using dummy_hcd [ 829.609989][ T10] usb 7-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 829.619357][ T10] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 829.658689][ T10] usb 7-1: config 0 descriptor?? [ 829.708739][ T10] cp210x 7-1:0.0: cp210x converter detected [ 830.158799][ T10] usb 7-1: cp210x converter now attached to ttyUSB0 [ 830.344265][ T10] usb 7-1: USB disconnect, device number 6 [ 830.388676][ T10] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 830.487381][ T10] cp210x 7-1:0.0: device disconnected [ 830.495847][T11863] Illegal XDP return value 1447388298 on prog (id 311) dev syz_tun, expect packet loss! [ 831.632155][T11873] input: syz0 as /devices/virtual/input/input8 [ 832.632547][T11907] 9pnet_fd: Insufficient options for proto=fd [ 836.305014][ T55] Bluetooth: hci4: link tx timeout [ 836.310995][ T55] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 838.368831][ T55] Bluetooth: hci4: command 0x0406 tx timeout [ 838.502546][ T55] Bluetooth: hci0: unexpected event for opcode 0x0c2d [ 840.366934][T12001] netlink: 'syz.4.1561': attribute type 4 has an invalid length. [ 841.104905][T10350] usb 10-1: new high-speed USB device number 4 using dummy_hcd [ 841.495266][T10350] usb 10-1: config 0 has an invalid interface number: 117 but max is 0 [ 841.512816][T10350] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 841.559939][T10350] usb 10-1: config 0 has no interface number 0 [ 841.610040][T10350] usb 10-1: config 0 interface 117 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0 [ 842.145425][T10350] usb 10-1: config 0 interface 117 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 842.162544][T10350] usb 10-1: New USB device found, idVendor=0afa, idProduct=03e8, bcdDevice=99.d0 [ 842.191491][T10350] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 842.245635][T10350] usb 10-1: Product: syz [ 842.250259][T10350] usb 10-1: Manufacturer: syz [ 842.277269][T10350] usb 10-1: SerialNumber: syz [ 842.352903][T10350] usb 10-1: config 0 descriptor?? [ 842.631629][T12035] xt_hashlimit: size too large, truncated to 1048576 [ 842.673394][T12035] xt_hashlimit: max too large, truncated to 1048576 [ 843.327737][ T47] usb 10-1: USB disconnect, device number 4 [ 844.562197][T12047] binder: 12046:12047 ioctl c0306201 200000000480 returned -14 [ 851.945029][ T30] audit: type=1326 audit(1748328340.261:310): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12149 comm="syz.7.1605" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f475358e969 code=0x7ffc0000 [ 852.030635][ T30] audit: type=1326 audit(1748328340.311:311): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12149 comm="syz.7.1605" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f475358e969 code=0x7ffc0000 [ 852.220422][ T30] audit: type=1326 audit(1748328340.311:312): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12149 comm="syz.7.1605" exe="/root/syz-executor" sig=0 arch=c000003e syscall=160 compat=0 ip=0x7f475358e969 code=0x7ffc0000 [ 852.412159][ T30] audit: type=1326 audit(1748328340.311:313): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12149 comm="syz.7.1605" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f475358e969 code=0x7ffc0000 [ 852.604930][ T30] audit: type=1326 audit(1748328340.311:314): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12149 comm="syz.7.1605" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f475358e969 code=0x7ffc0000 [ 852.831539][ T30] audit: type=1326 audit(1748328340.321:315): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12149 comm="syz.7.1605" exe="/root/syz-executor" sig=0 arch=c000003e syscall=22 compat=0 ip=0x7f475358e969 code=0x7ffc0000 [ 853.181041][ T30] audit: type=1326 audit(1748328340.321:316): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12149 comm="syz.7.1605" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f475358e969 code=0x7ffc0000 [ 853.455238][ T30] audit: type=1326 audit(1748328340.321:317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12149 comm="syz.7.1605" exe="/root/syz-executor" sig=0 arch=c000003e syscall=278 compat=0 ip=0x7f475358e969 code=0x7ffc0000 [ 853.637108][ T30] audit: type=1326 audit(1748328340.321:318): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12149 comm="syz.7.1605" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f475358e969 code=0x7ffc0000 [ 853.660233][ T30] audit: type=1326 audit(1748328340.321:319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12149 comm="syz.7.1605" exe="/root/syz-executor" sig=0 arch=c000003e syscall=33 compat=0 ip=0x7f475358e969 code=0x7ffc0000 [ 854.255222][T10383] usb 10-1: new high-speed USB device number 5 using dummy_hcd [ 854.495619][T10383] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 854.548009][T10383] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 854.594991][T10383] usb 10-1: New USB device found, idVendor=0fc5, idProduct=b080, bcdDevice= 0.00 [ 854.634942][T10383] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 854.681248][T10383] usb 10-1: config 0 descriptor?? [ 855.159591][T12168] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 855.295836][T12168] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 855.441987][T10383] hid-led 0003:0FC5:B080.000A: unknown main item tag 0x0 [ 855.519966][T10383] hid-led 0003:0FC5:B080.000A: unknown main item tag 0x0 [ 856.397887][T10383] hid-led 0003:0FC5:B080.000A: probe with driver hid-led failed with error -71 [ 856.424553][T10383] usb 10-1: USB disconnect, device number 5 [ 880.831472][T12695] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 880.931057][ T1290] ieee802154 phy0 wpan0: encryption failed: -22 [ 880.938621][ T1290] ieee802154 phy1 wpan1: encryption failed: -22 [ 890.506874][ T30] kauditd_printk_skb: 3 callbacks suppressed [ 890.506903][ T30] audit: type=1800 audit(1748328378.831:323): pid=12826 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.8.1820" name="/" dev="9p" ino=2 res=0 errno=0 [ 895.131278][T12875] overlayfs: failed to clone upperpath [ 898.084611][T12930] netlink: 256 bytes leftover after parsing attributes in process `syz.6.1847'. [ 899.325025][ T10] usb 10-1: new high-speed USB device number 6 using dummy_hcd [ 903.418404][ T5903] usb 8-1: new low-speed USB device number 3 using dummy_hcd [ 904.107471][ T5903] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 904.225081][ T5903] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 904.308392][ T5903] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 904.704977][ T5903] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 904.957835][ T5903] usb 8-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 905.447306][ T5903] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 905.498707][ T5903] hub 8-1:1.0: bad descriptor, ignoring hub [ 905.525143][ T5903] hub 8-1:1.0: probe with driver hub failed with error -5 [ 905.545967][ T5903] cdc_wdm 8-1:1.0: skipping garbage [ 905.551289][ T5903] cdc_wdm 8-1:1.0: skipping garbage [ 905.736474][ T5903] cdc_wdm 8-1:1.0: cdc-wdm0: USB WDM device [ 905.743516][ T5903] cdc_wdm 8-1:1.0: Unknown control protocol [ 906.006779][ T5903] usb 8-1: USB disconnect, device number 3 [ 906.556631][ T5903] usb 8-1: new low-speed USB device number 4 using dummy_hcd [ 906.777375][ T5903] usb 8-1: config 1 has an invalid descriptor of length 47, skipping remainder of the config [ 906.819913][ T5903] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 906.883983][ T5903] usb 8-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 906.949215][ T5903] usb 8-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 906.995614][ T5903] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 907.074558][ T5903] hub 8-1:1.0: bad descriptor, ignoring hub [ 907.107668][ T5903] hub 8-1:1.0: probe with driver hub failed with error -5 [ 907.136708][ T5903] cdc_wdm 8-1:1.0: skipping garbage [ 907.151225][ T5903] cdc_wdm 8-1:1.0: skipping garbage [ 907.183973][ T5903] cdc_wdm 8-1:1.0: probe with driver cdc_wdm failed with error -22 [ 907.313342][T13039] blkio.reset_stats is deprecated [ 907.396290][ T5903] usb 8-1: USB disconnect, device number 4 [ 907.712281][T13050] bridge0: port 1(bridge_slave_0) entered disabled state [ 910.665431][T13115] bridge0: port 1(bridge_slave_0) entered disabled state [ 910.731181][T13115] bridge0: port 2(bridge_slave_1) entered disabled state [ 911.339141][T13138] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 913.564704][T13179] netlink: 'syz.4.1924': attribute type 12 has an invalid length. [ 913.585385][T13179] netlink: 'syz.4.1924': attribute type 29 has an invalid length. [ 913.600486][T13179] netlink: 148 bytes leftover after parsing attributes in process `syz.4.1924'. [ 913.609882][T13179] netlink: 'syz.4.1924': attribute type 2 has an invalid length. [ 913.624183][T13179] netlink: 43 bytes leftover after parsing attributes in process `syz.4.1924'. [ 915.605688][T13221] netlink: 8 bytes leftover after parsing attributes in process `syz.9.1936'. [ 916.800013][T13243] netlink: 14212 bytes leftover after parsing attributes in process `syz.4.1942'. [ 918.582729][T10350] usb 8-1: new low-speed USB device number 5 using dummy_hcd [ 918.978000][T10350] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 918.992364][T10350] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 919.049472][T10350] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 919.112346][T10350] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 919.159008][T10350] usb 8-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 919.222163][T10350] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 919.302920][T10350] hub 8-1:1.0: bad descriptor, ignoring hub [ 919.327502][T10350] hub 8-1:1.0: probe with driver hub failed with error -5 [ 919.344204][T10350] cdc_wdm 8-1:1.0: skipping garbage [ 919.375458][T10350] cdc_wdm 8-1:1.0: skipping garbage [ 919.451136][T10350] cdc_wdm 8-1:1.0: cdc-wdm0: USB WDM device [ 919.479546][T10350] cdc_wdm 8-1:1.0: Unknown control protocol [ 920.535942][T13257] cdc_wdm 8-1:1.0: Error autopm - -16 [ 920.537922][T10350] usb 8-1: USB disconnect, device number 5 [ 925.686039][T13377] syz.8.1981 uses obsolete (PF_INET,SOCK_PACKET) [ 926.755253][T13406] overlayfs: failed to clone upperpath [ 927.072072][T13419] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1995'. [ 927.228283][T13419] veth1_macvtap: left promiscuous mode [ 928.408355][T13442] netlink: 256 bytes leftover after parsing attributes in process `syz.9.2001'. [ 929.176649][T13465] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 930.530094][T13487] netlink: 8 bytes leftover after parsing attributes in process `syz.8.2015'. [ 930.566588][T13487] netlink: 8 bytes leftover after parsing attributes in process `syz.8.2015'. [ 930.600580][T13487] netlink: 8 bytes leftover after parsing attributes in process `syz.8.2015'. [ 930.751251][T13494] netlink: 256 bytes leftover after parsing attributes in process `syz.9.2019'. [ 931.709275][T13506] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 933.297205][ T5903] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 933.524980][ T5903] usb 7-1: Using ep0 maxpacket: 32 [ 933.558459][ T5903] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 32 [ 933.624108][ T5903] usb 7-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c [ 933.667661][ T5903] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 933.728772][ T5903] usb 7-1: Product: syz [ 933.760243][ T5903] usb 7-1: Manufacturer: syz [ 933.789658][ T5903] usb 7-1: SerialNumber: syz [ 934.127965][ T5903] usb 7-1: config 0 descriptor?? [ 934.779069][T13524] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 934.868585][ T5903] hub 7-1:0.0: bad descriptor, ignoring hub [ 934.921198][ T5903] hub 7-1:0.0: probe with driver hub failed with error -5 [ 935.007215][ T5903] input: syz syz as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/input/input12 [ 935.185760][ T5903] usb 7-1: USB disconnect, device number 7 [ 935.185868][ C1] usbtouchscreen 7-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19 [ 935.701375][T13561] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2037'. [ 935.718345][T13561] bridge0: port 2(bridge_slave_1) entered disabled state [ 935.726093][T13561] bridge0: port 1(bridge_slave_0) entered disabled state [ 935.889797][T13569] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 936.132738][T13577] overlayfs: failed to clone upperpath [ 937.296066][T13598] 9pnet_fd: Insufficient options for proto=fd [ 938.830778][T13626] overlayfs: failed to clone upperpath [ 939.325375][T10383] usb 8-1: new high-speed USB device number 6 using dummy_hcd [ 939.526225][T10383] usb 8-1: config 0 has no interfaces? [ 939.545623][T10383] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 939.563944][T10383] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 939.842507][T10383] usb 8-1: Product: syz [ 939.846825][T10383] usb 8-1: Manufacturer: syz [ 939.851501][T10383] usb 8-1: SerialNumber: syz [ 939.874257][T10383] usb 8-1: config 0 descriptor?? [ 940.165271][T13650] 9pnet_fd: Insufficient options for proto=fd [ 940.687123][T13665] xt_hashlimit: max too large, truncated to 1048576 [ 940.731210][T13665] ip6t_rpfilter: only valid in 'raw' or 'mangle' table, not '' [ 940.963024][T13671] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 942.213218][ T1290] ieee802154 phy0 wpan0: encryption failed: -22 [ 942.219802][ T1290] ieee802154 phy1 wpan1: encryption failed: -22 [ 942.616598][ T24] usb 8-1: USB disconnect, device number 6 [ 942.635905][T13691] overlayfs: failed to clone upperpath [ 942.986538][T13703] syz_tun: entered allmulticast mode [ 943.045922][T13703] dvmrp1: entered allmulticast mode [ 943.083816][T13708] 9pnet_fd: Insufficient options for proto=fd [ 943.295854][T13699] syz_tun: left allmulticast mode [ 943.301229][T13699] dvmrp1: left allmulticast mode [ 944.142260][T13729] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 944.156048][ T5839] Bluetooth: hci0: unexpected event for opcode 0x0c7c [ 945.052635][T13734] xt_hashlimit: max too large, truncated to 1048576 [ 945.126385][T13734] ip6t_rpfilter: only valid in 'raw' or 'mangle' table, not '' [ 945.876890][T13745] netlink: 8 bytes leftover after parsing attributes in process `syz.9.2093'. [ 945.890261][T13745] bridge0: port 2(bridge_slave_1) entered disabled state [ 945.897949][T13745] bridge0: port 1(bridge_slave_0) entered disabled state [ 947.574171][T13785] IPVS: sync thread started: state = BACKUP, mcast_ifn = hsr0, syncid = 4, id = 0 [ 947.816630][T13788] overlayfs: failed to clone upperpath [ 952.855480][T13840] syz_tun: entered allmulticast mode [ 953.066102][T13839] syz_tun: left allmulticast mode [ 954.745771][T13858] syz_tun: entered allmulticast mode [ 954.825645][T13858] dvmrp1: entered allmulticast mode [ 954.986157][T13856] syz_tun: left allmulticast mode [ 954.991524][T13856] dvmrp1: left allmulticast mode [ 955.270263][ T55] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 955.281927][ T55] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 955.290716][ T55] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 955.300451][ T55] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 955.329231][ T55] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 956.846273][T10749] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 957.102309][T13899] netlink: 'syz.1.2138': attribute type 1 has an invalid length. [ 957.313929][T10749] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 957.614906][ T55] Bluetooth: hci5: command tx timeout [ 958.327791][T13899] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 958.980819][T13903] veth3: entered promiscuous mode [ 959.045808][T13922] 9pnet_fd: Insufficient options for proto=fd [ 959.500155][T10749] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 959.645048][T13909] Bluetooth: hci5: command tx timeout [ 959.652013][ T5835] Bluetooth: hci4: command 0x0406 tx timeout [ 959.918779][T10749] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 960.150627][T13932] bridge0: port 3(syz_tun) entered blocking state [ 960.238403][T13932] bridge0: port 3(syz_tun) entered disabled state [ 960.335251][T13932] syz_tun: entered allmulticast mode [ 960.397548][T13932] syz_tun: entered promiscuous mode [ 960.403929][T13932] bridge0: port 3(syz_tun) entered blocking state [ 960.412989][T13932] bridge0: port 3(syz_tun) entered forwarding state [ 961.502821][T13868] chnl_net:caif_netlink_parms(): no params data found [ 961.526247][T13960] 9pnet_fd: Insufficient options for proto=fd [ 961.749610][ T5839] Bluetooth: hci5: command tx timeout [ 961.823512][T10749] bridge_slave_1: left allmulticast mode [ 961.829799][T10749] bridge_slave_1: left promiscuous mode [ 961.837824][T10749] bridge0: port 2(bridge_slave_1) entered disabled state [ 961.945988][T10749] bridge_slave_0: left allmulticast mode [ 961.990825][T10749] bridge_slave_0: left promiscuous mode [ 962.130734][T10749] bridge0: port 1(bridge_slave_0) entered disabled state [ 963.805548][ T5839] Bluetooth: hci5: command tx timeout [ 964.853670][T13987] Falling back ldisc for ptm0. [ 965.025403][T10749] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 965.070118][T10749] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 965.104308][T10749] bond0 (unregistering): Released all slaves [ 965.255381][T13995] syz_tun: entered allmulticast mode [ 965.320377][T13994] dvmrp1: entered allmulticast mode [ 965.368729][T10749] tipc: Left network mode [ 965.473048][T14001] 9pnet_fd: Insufficient options for proto=fd [ 966.801461][T13993] syz_tun: left allmulticast mode [ 966.806861][T13993] dvmrp1: left allmulticast mode [ 967.392140][T13868] bridge0: port 1(bridge_slave_0) entered blocking state [ 967.399899][T13868] bridge0: port 1(bridge_slave_0) entered disabled state [ 967.413967][T13868] bridge_slave_0: entered allmulticast mode [ 967.431444][T13868] bridge_slave_0: entered promiscuous mode [ 967.925045][T13868] bridge0: port 2(bridge_slave_1) entered blocking state [ 967.932291][T13868] bridge0: port 2(bridge_slave_1) entered disabled state [ 967.940050][T13868] bridge_slave_1: entered allmulticast mode [ 967.950282][T13868] bridge_slave_1: entered promiscuous mode [ 968.752820][T10749] hsr_slave_0: left promiscuous mode [ 968.791977][T10749] hsr_slave_1: left promiscuous mode [ 968.824530][T10749] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 968.852535][T10749] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 968.878483][T10749] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 968.893002][T10749] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 968.960309][T10749] veth0_macvtap: left promiscuous mode [ 968.989965][T10749] veth1_vlan: left promiscuous mode [ 969.001385][T10749] veth0_vlan: left promiscuous mode [ 969.491496][T14067] binder: 14064:14067 ioctl c0306201 0 returned -14 [ 971.359357][T10749] team0 (unregistering): Port device team_slave_1 removed [ 971.484481][T10749] team0 (unregistering): Port device team_slave_0 removed [ 972.181710][T13868] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 972.320374][T13868] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 972.558947][T14092] netlink: 256 bytes leftover after parsing attributes in process `syz.8.2192'. [ 972.622261][T13868] team0: Port device team_slave_0 added [ 972.668299][T13868] team0: Port device team_slave_1 added [ 972.860868][T14100] netlink: 'syz.7.2198': attribute type 10 has an invalid length. [ 973.256769][T14109] binder: 14101:14109 ioctl c0306201 0 returned -14 [ 974.066153][T13868] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 974.073177][T13868] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 974.286037][T13868] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 974.361330][T13868] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 974.405003][T13868] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 974.504931][ T5903] usb 9-1: new high-speed USB device number 3 using dummy_hcd [ 974.597571][T13868] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 975.587125][ T5903] usb 9-1: config 0 has an invalid interface number: 50 but max is 0 [ 975.618297][ T5903] usb 9-1: config 0 has no interface number 0 [ 975.668057][T14131] netlink: 'syz.9.2206': attribute type 1 has an invalid length. [ 975.692570][T13868] hsr_slave_0: entered promiscuous mode [ 975.710940][ T5903] usb 9-1: config 0 interface 50 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 975.725836][T13868] hsr_slave_1: entered promiscuous mode [ 975.736691][ T5903] usb 9-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=e6.fc [ 975.749757][ T5903] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 975.770285][ T5903] usb 9-1: Product: syz [ 975.832255][T14131] 8021q: adding VLAN 0 to HW filter on device bond1 [ 975.858001][T14135] bond1: (slave geneve2): making interface the new active one [ 975.869663][T14135] bond1: (slave geneve2): Enslaving as an active interface with an up link [ 976.051655][ T5903] usb 9-1: Manufacturer: syz [ 976.056438][ T5903] usb 9-1: SerialNumber: syz [ 976.064963][ T5903] usb 9-1: config 0 descriptor?? [ 976.135599][ T5903] yurex 9-1:0.50: USB YUREX device now attached to Yurex #0 [ 976.366538][T14131] veth3: entered promiscuous mode [ 976.410842][T14131] bond1: (slave veth3): Enslaving as an active interface with a down link [ 976.437581][ T5903] usb 9-1: USB disconnect, device number 3 [ 976.496015][ T5903] yurex 9-1:0.50: USB YUREX #0 now disconnected [ 976.873832][T14145] netlink: 24 bytes leftover after parsing attributes in process `syz.7.2211'. [ 976.893309][T14145] netlink: 'syz.7.2211': attribute type 1 has an invalid length. [ 976.912017][T14145] netlink: 'syz.7.2211': attribute type 2 has an invalid length. [ 976.930511][T14145] netlink: 28 bytes leftover after parsing attributes in process `syz.7.2211'. [ 977.107226][T14135] vlan2: entered allmulticast mode [ 977.112710][T14135] bond1: entered allmulticast mode [ 977.189422][T14135] geneve2: entered allmulticast mode [ 977.245252][T14135] bond1: (slave vlan2): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened) [ 977.534089][T14151] 9pnet_fd: Insufficient options for proto=fd [ 978.639785][T14160] binder: 14156:14160 ioctl c0306201 0 returned -14 [ 980.889053][T14182] netlink: 256 bytes leftover after parsing attributes in process `syz.8.2221'. [ 983.789067][T13868] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 983.980202][T13868] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 984.097179][T13868] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 984.321633][T13868] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 985.044054][T14241] netlink: 256 bytes leftover after parsing attributes in process `syz.7.2240'. [ 985.131633][T13868] 8021q: adding VLAN 0 to HW filter on device bond0 [ 985.392040][T13868] 8021q: adding VLAN 0 to HW filter on device team0 [ 985.469444][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 985.476783][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 985.607025][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 985.614340][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 985.700150][ C0] vkms_vblank_simulate: vblank timer overrun [ 986.884094][T14262] fuse: Bad value for 'fd' [ 990.024446][T14294] IPVS: sync thread started: state = BACKUP, mcast_ifn = hsr0, syncid = 4, id = 0 [ 990.042093][T14293] syz_tun: entered allmulticast mode [ 990.097692][T14293] dvmrp1: entered allmulticast mode [ 990.146980][T13868] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 990.246244][T14292] syz_tun: left allmulticast mode [ 990.251510][T14292] dvmrp1: left allmulticast mode [ 993.438481][T13868] veth0_vlan: entered promiscuous mode [ 993.498610][T13868] veth1_vlan: entered promiscuous mode [ 993.723333][T13868] veth0_macvtap: entered promiscuous mode [ 993.786478][T14352] netlink: 'syz.8.2266': attribute type 1 has an invalid length. [ 993.808124][T13868] veth1_macvtap: entered promiscuous mode [ 993.991006][T14352] 8021q: adding VLAN 0 to HW filter on device bond1 [ 994.164348][T14354] bond1: (slave geneve2): making interface the new active one [ 994.232445][T14354] bond1: (slave geneve2): Enslaving as an active interface with an up link [ 994.344640][T14356] veth3: entered promiscuous mode [ 994.401395][T14356] bond1: (slave veth3): Enslaving as an active interface with a down link [ 994.620876][T13868] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 994.692354][T13868] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 994.758298][T13868] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 994.809469][T13868] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 994.842386][T13868] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 994.878997][T13868] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 995.432122][ T53] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 995.496155][ T53] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 995.735519][ T53] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 995.792126][ T53] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 996.876590][T14399] netlink: 256 bytes leftover after parsing attributes in process `syz.9.2275'. [ 997.068488][T14404] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 998.835459][T13909] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 998.885019][T13909] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 998.895111][T13909] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 998.912211][T13909] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 998.927998][T13909] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 999.027238][T14438] netlink: 'syz.8.2284': attribute type 1 has an invalid length. [ 999.364764][T14438] 8021q: adding VLAN 0 to HW filter on device bond2 [ 1000.642083][T14440] veth5: entered promiscuous mode [ 1000.672837][T14440] bond2: (slave veth5): Enslaving as an active interface with a down link [ 1000.709321][ T9680] usb 10-1: new high-speed USB device number 7 using dummy_hcd [ 1000.899807][ T9680] usb 10-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1000.977833][ T9680] usb 10-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 1001.034947][T13909] Bluetooth: hci6: command tx timeout [ 1001.394549][ T9680] usb 10-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1001.876391][ T9680] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1001.932261][ T53] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1002.168350][T14457] raw-gadget.0 gadget.9: fail, usb_ep_enable returned -22 [ 1002.815823][ T9680] usb 10-1: Quirk or no altset; falling back to MIDI 1.0 [ 1002.938849][T14473] netlink: 256 bytes leftover after parsing attributes in process `syz.8.2291'. [ 1003.008348][ T9680] usb 10-1: USB disconnect, device number 7 [ 1003.102816][T13909] Bluetooth: hci6: command tx timeout [ 1003.212135][ T53] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1003.585647][ T53] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1003.615929][T14485] Invalid logical block size (-2147483648) [ 1003.663268][ T1290] ieee802154 phy0 wpan0: encryption failed: -22 [ 1003.676598][ T1290] ieee802154 phy1 wpan1: encryption failed: -22 [ 1003.940310][ T53] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1004.796333][T14518] netlink: 'syz.9.2303': attribute type 1 has an invalid length. [ 1005.040288][T14518] 8021q: adding VLAN 0 to HW filter on device bond2 [ 1005.195344][T13909] Bluetooth: hci6: command tx timeout [ 1005.303490][T14526] veth5: entered promiscuous mode [ 1005.315813][T14526] bond2: (slave veth5): Enslaving as an active interface with a down link [ 1005.400097][T14430] chnl_net:caif_netlink_parms(): no params data found [ 1006.527686][ T53] bridge_slave_0: left allmulticast mode [ 1006.579690][ T53] bridge_slave_0: left promiscuous mode [ 1006.605261][ T53] bridge0: port 1(bridge_slave_0) entered disabled state [ 1007.245577][T13909] Bluetooth: hci6: command tx timeout [ 1007.400804][T14549] netlink: 256 bytes leftover after parsing attributes in process `syz.6.2307'. [ 1008.024447][T14565] loop4: detected capacity change from 0 to 128 [ 1008.104457][T14565] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 1008.175978][T14565] ext4 filesystem being mounted at /7/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 1008.515016][T14565] Invalid logical block size (-2147483648) [ 1008.684672][T13868] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 1009.322910][ T53] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1009.350742][ T53] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1009.370246][ T53] bond0 (unregistering): Released all slaves [ 1009.744934][ T53] tipc: Left network mode [ 1009.918831][ T53] IPVS: stopping backup sync thread 14294 ... [ 1009.924501][T14610] netlink: 'syz.4.2316': attribute type 1 has an invalid length. [ 1010.004210][T14607] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1010.071486][T14607] bond0: (slave rose0): Enslaving as an active interface with an up link [ 1010.505315][T14615] veth3: entered promiscuous mode [ 1010.533177][T14430] bridge0: port 1(bridge_slave_0) entered blocking state [ 1010.554529][T14430] bridge0: port 1(bridge_slave_0) entered disabled state [ 1010.578804][T14430] bridge_slave_0: entered allmulticast mode [ 1010.637203][T14430] bridge_slave_0: entered promiscuous mode [ 1010.675649][T14430] bridge0: port 2(bridge_slave_1) entered blocking state [ 1010.683829][T14430] bridge0: port 2(bridge_slave_1) entered disabled state [ 1010.726312][T14430] bridge_slave_1: entered allmulticast mode [ 1010.734619][T14430] bridge_slave_1: entered promiscuous mode [ 1011.188055][T14430] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1011.489460][T14650] netlink: 256 bytes leftover after parsing attributes in process `syz.4.2329'. [ 1011.684545][T14430] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1012.564043][ T53] hsr_slave_0: left promiscuous mode [ 1012.646482][ T53] hsr_slave_1: left promiscuous mode [ 1012.675056][ T53] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1012.682617][ T53] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1012.773417][ T53] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1012.794154][ T53] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1012.923393][ T53] veth1_macvtap: left promiscuous mode [ 1012.953917][ T53] veth0_macvtap: left promiscuous mode [ 1012.970255][ T53] veth1_vlan: left promiscuous mode [ 1012.991484][ T53] veth0_vlan: left promiscuous mode [ 1014.637378][T14681] loop4: detected capacity change from 0 to 32768 [ 1014.681415][T14681] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.2339 (14681) [ 1014.887189][T14681] BTRFS info (device loop4): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 1014.966482][T14681] BTRFS info (device loop4): using sha256 (sha256-ni) checksum algorithm [ 1015.034824][T14681] BTRFS info (device loop4): disk space caching is enabled [ 1015.042760][T14681] BTRFS warning (device loop4): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 1016.053750][T14681] BTRFS info (device loop4): rebuilding free space tree [ 1016.331535][T14681] BTRFS info (device loop4): disabling free space tree [ 1016.362230][T14681] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 1016.424820][T14681] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 1017.433186][T13868] BTRFS info (device loop4): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 1020.786943][ T53] team0 (unregistering): Port device team_slave_1 removed [ 1020.838534][ C1] vkms_vblank_simulate: vblank timer overrun [ 1021.088309][ C1] vkms_vblank_simulate: vblank timer overrun [ 1021.238781][ T53] team0 (unregistering): Port device team_slave_0 removed [ 1021.262636][T14781] overlayfs: failed to resolve './file0': -2 [ 1024.479022][T14813] overlayfs: failed to resolve './file0': -2 [ 1024.909912][T14430] team0: Port device team_slave_0 added [ 1024.957277][T14430] team0: Port device team_slave_1 added [ 1025.507476][T14430] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1025.555001][T14430] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1025.642735][T14430] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1025.756172][T14430] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1025.864986][T14430] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1025.938243][T14430] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1027.030893][T14430] hsr_slave_0: entered promiscuous mode [ 1027.046105][T14430] hsr_slave_1: entered promiscuous mode [ 1027.069468][T14430] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1027.112002][T14430] Cannot create hsr debugfs directory [ 1027.366324][T14846] overlayfs: failed to resolve './file0': -2 [ 1028.892573][T14860] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 1029.156954][ T5903] usb 9-1: new high-speed USB device number 4 using dummy_hcd [ 1029.598886][T14883] overlayfs: failed to resolve './file0': -2 [ 1029.644904][ T5903] usb 9-1: Using ep0 maxpacket: 16 [ 1030.373234][ T5903] usb 9-1: config 64 has an invalid interface number: 176 but max is 0 [ 1030.427386][ T5903] usb 9-1: config 64 has no interface number 0 [ 1030.497119][ T5903] usb 9-1: config 64 interface 176 has no altsetting 0 [ 1030.569212][ T5903] usb 9-1: New USB device found, idVendor=0c72, idProduct=0014, bcdDevice=14.8d [ 1030.596274][ T5903] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1030.604373][ T5903] usb 9-1: Product: syz [ 1030.629814][ T5903] usb 9-1: Manufacturer: syz [ 1030.634498][ T5903] usb 9-1: SerialNumber: syz [ 1031.996086][ T5903] peak_usb 9-1:64.176 can0: unable to request usb[type=0 value=1] err=-71 [ 1032.025493][ T5903] peak_usb 9-1:64.176: unable to read PCAN-USB X6 firmware info (err -71) [ 1032.228429][ T5903] peak_usb 9-1:64.176: probe with driver peak_usb failed with error -71 [ 1032.272711][ T5903] usb 9-1: USB disconnect, device number 4 [ 1032.346678][T14430] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1032.425502][T14430] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1032.506456][T14430] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1032.576618][T14430] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1034.027033][T14430] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1034.114212][T14430] 8021q: adding VLAN 0 to HW filter on device team0 [ 1034.295946][T14944] netlink: 'syz.6.2420': attribute type 1 has an invalid length. [ 1034.363831][T14944] 8021q: adding VLAN 0 to HW filter on device bond1 [ 1034.374632][T14808] bridge0: port 1(bridge_slave_0) entered blocking state [ 1034.381905][T14808] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1034.510679][T14946] bond1: (slave geneve2): making interface the new active one [ 1034.546881][T14946] bond1: (slave geneve2): Enslaving as an active interface with an up link [ 1035.148356][T14808] bridge0: port 2(bridge_slave_1) entered blocking state [ 1035.155632][T14808] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1035.315605][T14944] veth3: entered promiscuous mode [ 1035.354384][T14949] vlan2: entered allmulticast mode [ 1035.388404][T14949] bond1: entered allmulticast mode [ 1035.393620][T14949] geneve2: entered allmulticast mode [ 1035.407213][T14949] bond1: (slave vlan2): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened) [ 1036.725545][T14965] fuse: Bad value for 'fd' [ 1037.732371][T14430] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1038.026694][T14430] veth0_vlan: entered promiscuous mode [ 1038.110516][T14430] veth1_vlan: entered promiscuous mode [ 1038.324084][T14430] veth0_macvtap: entered promiscuous mode [ 1038.363366][T14430] veth1_macvtap: entered promiscuous mode [ 1038.444613][T14430] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1038.509244][T14430] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1038.546047][T15003] netlink: 'syz.8.2439': attribute type 1 has an invalid length. [ 1038.728326][T15003] 8021q: adding VLAN 0 to HW filter on device bond3 [ 1038.755987][T14430] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1038.769568][T14430] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1038.781332][T14430] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1038.800931][T14430] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1039.890787][T15003] veth7: entered promiscuous mode [ 1039.992035][T15006] vlan2: entered allmulticast mode [ 1040.078415][T15006] bond3: entered allmulticast mode [ 1040.477664][ T1085] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1040.503045][ T1085] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1040.615501][ T1085] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1040.658900][ T1085] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1041.283772][T15032] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 1041.713236][T15043] IPVS: sync thread started: state = BACKUP, mcast_ifn = hsr0, syncid = 4, id = 0 [ 1042.764342][T15056] netlink: 'syz.7.2456': attribute type 1 has an invalid length. [ 1043.746789][T15056] 8021q: adding VLAN 0 to HW filter on device bond1 [ 1044.004521][T15063] veth3: entered promiscuous mode [ 1044.146298][T15065] vlan2: entered allmulticast mode [ 1044.211203][T15065] bond1: entered allmulticast mode [ 1044.544490][T15079] bridge0: port 3(syz_tun) entered blocking state [ 1044.601774][T15079] bridge0: port 3(syz_tun) entered disabled state [ 1044.649931][T15079] syz_tun: entered allmulticast mode [ 1044.729149][T15079] syz_tun: entered promiscuous mode [ 1044.767533][T15079] bridge0: port 3(syz_tun) entered blocking state [ 1044.774193][T15079] bridge0: port 3(syz_tun) entered listening state [ 1045.632812][T15099] overlayfs: failed to clone upperpath [ 1046.182755][T15106] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 1047.516062][T15123] overlayfs: failed to clone upperpath [ 1047.546354][T15124] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 1048.008538][T15129] netlink: 'syz.8.2478': attribute type 1 has an invalid length. [ 1048.320409][T15129] 8021q: adding VLAN 0 to HW filter on device bond4 [ 1048.585715][T15139] veth9: entered promiscuous mode [ 1048.645482][T15140] vlan2: entered allmulticast mode [ 1048.678618][T15140] bond4: entered allmulticast mode [ 1050.857513][T15170] overlayfs: failed to clone upperpath [ 1050.982541][T15174] IPVS: sync thread started: state = BACKUP, mcast_ifn = hsr0, syncid = 4, id = 0 [ 1051.701416][T15184] overlayfs: failed to resolve './file0': -2 [ 1052.034835][T15195] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1053.095100][T15195] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1053.494449][T10381] usb 8-1: new high-speed USB device number 7 using dummy_hcd [ 1053.573571][T15208] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2507'. [ 1053.686151][T10381] usb 8-1: Using ep0 maxpacket: 32 [ 1053.710292][T10381] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1053.775418][T10381] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1053.804765][T10381] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 1053.841506][T10381] usb 8-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00 [ 1053.904797][T10381] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1053.954380][T15213] fuse: Bad value for 'fd' [ 1053.965083][T10381] usb 8-1: config 0 descriptor?? [ 1054.657823][T10381] input: HID 0458:5011 as /devices/platform/dummy_hcd.7/usb8/8-1/8-1:0.0/0003:0458:5011.000B/input/input13 [ 1054.850384][T10381] input: HID 0458:5011 as /devices/platform/dummy_hcd.7/usb8/8-1/8-1:0.0/0003:0458:5011.000B/input/input14 [ 1054.876084][T15226] overlayfs: failed to resolve './file1': -2 [ 1055.136615][T10381] kye 0003:0458:5011.000B: input,hiddev0,hidraw0: USB HID v0.00 Mouse [HID 0458:5011] on usb-dummy_hcd.7-1/input0 [ 1055.365454][T10381] usb 8-1: USB disconnect, device number 7 [ 1055.771052][T15238] loop4: detected capacity change from 0 to 512 [ 1055.787884][T15238] EXT4-fs (loop4): Test dummy encryption mode enabled [ 1055.795161][T15238] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 1055.844089][T15238] EXT4-fs error (device loop4): ext4_orphan_get:1417: comm syz.4.2516: bad orphan inode 131083 [ 1055.859248][T15238] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1055.890190][T15238] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 1056.094406][T15235] fido_id[15235]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.7/usb8/8-1/report_descriptor': No such file or directory [ 1056.143044][T15245] dvmrp1: entered allmulticast mode [ 1056.233051][T15242] dvmrp1: left allmulticast mode [ 1056.876781][T15256] 8021q: adding VLAN 0 to HW filter on device bond2 [ 1056.941955][T15256] bond0: (slave bond2): Enslaving as an active interface with an up link [ 1056.953031][T13868] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1057.124089][T15258] bond0: (slave bond2): Error -95 calling ndo_bpf [ 1057.182064][T15258] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 1057.233586][T15262] overlayfs: failed to resolve './file0': -2 [ 1057.793970][T15273] overlayfs: failed to resolve './file1': -2 [ 1059.328901][T15286] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1059.967029][ C1] bridge0: port 3(syz_tun) entered learning state [ 1060.711411][T15295] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 1060.742866][T13868] bridge0: port 3(syz_tun) entered disabled state [ 1060.864587][T13868] syz_tun (unregistering): left allmulticast mode [ 1060.890336][T13868] syz_tun (unregistering): left promiscuous mode [ 1060.908191][T13868] bridge0: port 3(syz_tun) entered disabled state [ 1061.467667][ T1085] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1061.536547][T15302] overlayfs: failed to get inode (-116) [ 1061.565867][T15302] overlayfs: failed to get inode (-116) [ 1061.647219][T15303] dvmrp1: entered allmulticast mode [ 1061.664954][T15302] overlayfs: failed to get inode (-116) [ 1061.671475][T15302] overlayfs: failed to get inode (-116) [ 1061.705251][T15302] overlayfs: failed to get inode (-116) [ 1061.711152][T15302] overlayfs: failed to get inode (-116) [ 1061.775302][T15302] overlayfs: failed to get inode (-116) [ 1061.781037][T15302] overlayfs: failed to get inode (-116) [ 1061.818949][ T1085] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1061.879166][T15299] dvmrp1: left allmulticast mode [ 1062.178122][ T1085] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1062.488619][ T1085] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1063.667194][ T1085] bridge_slave_1: left allmulticast mode [ 1063.673698][T15333] IPVS: sync thread started: state = BACKUP, mcast_ifn = hsr0, syncid = 4, id = 0 [ 1063.732854][ T1085] bridge_slave_1: left promiscuous mode [ 1063.794622][ T1085] bridge0: port 2(bridge_slave_1) entered disabled state [ 1063.943408][ T1085] bridge_slave_0: left allmulticast mode [ 1063.963668][ T1085] bridge_slave_0: left promiscuous mode [ 1063.993644][T15336] overlayfs: failed to resolve './file0': -2 [ 1064.011447][ T1085] bridge0: port 1(bridge_slave_0) entered disabled state [ 1064.251846][ T5839] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1064.295022][ T5839] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1064.325124][ T5839] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1064.342439][ T5839] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1064.355029][ T5839] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1065.105050][ T1290] ieee802154 phy0 wpan0: encryption failed: -22 [ 1065.112659][ T1290] ieee802154 phy1 wpan1: encryption failed: -22 [ 1065.737744][ T9680] usb 9-1: new high-speed USB device number 5 using dummy_hcd [ 1065.934976][ T9680] usb 9-1: too many configurations: 9, using maximum allowed: 8 [ 1065.984912][ T9680] usb 9-1: config 0 has no interfaces? [ 1066.147391][ T9680] usb 9-1: config 0 has no interfaces? [ 1066.211350][ T9680] usb 9-1: config 0 has no interfaces? [ 1066.226155][ T9680] usb 9-1: config 0 has no interfaces? [ 1066.276739][ T9680] usb 9-1: config 0 has no interfaces? [ 1066.299030][ T9680] usb 9-1: config 0 has no interfaces? [ 1066.334851][ T9680] usb 9-1: config 0 has no interfaces? [ 1066.364526][ T9680] usb 9-1: config 0 has no interfaces? [ 1066.395200][ T9680] usb 9-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 1066.424934][ T9680] usb 9-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 1066.445130][T13909] Bluetooth: hci3: command tx timeout [ 1066.445182][ T9680] usb 9-1: Product: syz [ 1066.484817][ T9680] usb 9-1: Manufacturer: syz [ 1066.529511][ T9680] usb 9-1: SerialNumber: syz [ 1066.594254][ T9680] usb 9-1: config 0 descriptor?? [ 1066.677914][ T9680] usb 9-1: can't set config #0, error -71 [ 1066.708327][ T9680] usb 9-1: USB disconnect, device number 5 [ 1066.867271][ T1085] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1066.909859][ T1085] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1066.942288][ T1085] bond0 (unregistering): Released all slaves [ 1067.023696][T15345] dvmrp1: entered allmulticast mode [ 1067.085152][T15345] dvmrp1: left allmulticast mode [ 1067.435416][T15360] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 1067.634245][ T1085] IPVS: stopping backup sync thread 15174 ... [ 1068.525826][T13909] Bluetooth: hci3: command tx timeout [ 1069.800986][T15378] overlayfs: failed to resolve './file0': -2 [ 1070.612366][T13909] Bluetooth: hci3: command tx timeout [ 1071.056784][T15391] netlink: 'syz.9.2568': attribute type 1 has an invalid length. [ 1071.346660][T15391] 8021q: adding VLAN 0 to HW filter on device bond3 [ 1071.493737][T15402] vlan2: entered allmulticast mode [ 1071.518611][T15402] bond3: entered allmulticast mode [ 1071.623233][T15401] syz_tun: entered allmulticast mode [ 1071.911577][T15406] dvmrp1: entered allmulticast mode [ 1072.102182][ T1085] hsr_slave_0: left promiscuous mode [ 1072.253891][ T1085] hsr_slave_1: left promiscuous mode [ 1072.493240][ T1085] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1072.694850][T13909] Bluetooth: hci3: command tx timeout [ 1072.752800][ T1085] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1072.846038][ T1085] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1072.853538][ T1085] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1072.912285][ T1085] veth1_macvtap: left promiscuous mode [ 1072.918702][ T1085] veth0_macvtap: left promiscuous mode [ 1072.924443][ T1085] veth1_vlan: left promiscuous mode [ 1072.944895][ T1085] veth0_vlan: left promiscuous mode [ 1077.100708][T15438] overlayfs: failed to resolve './file0': -2 [ 1077.567075][ T1085] team0 (unregistering): Port device team_slave_1 removed [ 1077.764132][ T1085] team0 (unregistering): Port device team_slave_0 removed [ 1082.556526][T15337] chnl_net:caif_netlink_parms(): no params data found [ 1083.009432][T15455] syz.6.2588: vmalloc error: size 2101248, failed to allocated page array size 4104, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 1083.417701][T15455] CPU: 0 UID: 0 PID: 15455 Comm: syz.6.2588 Not tainted 6.15.0-syzkaller #0 PREEMPT(full) [ 1083.417753][T15455] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1083.417776][T15455] Call Trace: [ 1083.417788][T15455] [ 1083.417802][T15455] dump_stack_lvl+0x16c/0x1f0 [ 1083.417870][T15455] warn_alloc+0x248/0x3a0 [ 1083.417932][T15455] ? __pfx_warn_alloc+0x10/0x10 [ 1083.418006][T15455] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1083.418053][T15455] ? __get_vm_area_node+0x1dc/0x330 [ 1083.418097][T15455] ? __get_vm_area_node+0x208/0x330 [ 1083.418155][T15455] __vmalloc_node_range_noprof+0x1110/0x1540 [ 1083.418224][T15455] ? hash_net_create+0x3ec/0x1250 [ 1083.418288][T15455] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1083.418350][T15455] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1083.418398][T15455] ? __get_vm_area_node+0x1dc/0x330 [ 1083.418440][T15455] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1083.418486][T15455] ? __get_vm_area_node+0x208/0x330 [ 1083.418539][T15455] __vmalloc_node_range_noprof+0xd91/0x1540 [ 1083.418591][T15455] ? hash_net_create+0x3ec/0x1250 [ 1083.418638][T15455] ? nfnetlink_rcv_msg+0x9fc/0x1200 [ 1083.418698][T15455] ? netlink_rcv_skb+0x16d/0x440 [ 1083.418768][T15455] ? hash_net_create+0x3ec/0x1250 [ 1083.418830][T15455] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1083.418884][T15455] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1083.418933][T15455] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1083.418982][T15455] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1083.419037][T15455] __kvmalloc_node_noprof+0x2ff/0x600 [ 1083.419093][T15455] ? hash_net_create+0x3ec/0x1250 [ 1083.419146][T15455] ? hash_net_create+0x3ec/0x1250 [ 1083.419205][T15455] ? hash_net_create+0x3ec/0x1250 [ 1083.419252][T15455] hash_net_create+0x3ec/0x1250 [ 1083.419305][T15455] ? __nla_parse+0x5b/0x60 [ 1083.419353][T15455] ? __pfx_hash_net_create+0x10/0x10 [ 1083.419408][T15455] ip_set_create+0x7e4/0x14d0 [ 1083.419458][T15455] ? __pfx_ip_set_create+0x10/0x10 [ 1083.419532][T15455] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1083.419578][T15455] ? find_held_lock+0x2b/0x80 [ 1083.419629][T15455] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1083.419685][T15455] nfnetlink_rcv_msg+0x9fc/0x1200 [ 1083.419764][T15455] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 1083.419823][T15455] ? kmem_cache_free+0x2d4/0x4d0 [ 1083.419952][T15455] netlink_rcv_skb+0x16d/0x440 [ 1083.420007][T15455] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 1083.420073][T15455] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1083.420127][T15455] ? __pfx_aa_get_newest_label+0x10/0x10 [ 1083.420192][T15455] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1083.420238][T15455] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1083.420284][T15455] ? security_capable+0x7e/0x260 [ 1083.420325][T15455] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1083.420375][T15455] ? ns_capable+0xd7/0x110 [ 1083.420427][T15455] nfnetlink_rcv+0x1b3/0x430 [ 1083.420487][T15455] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 1083.420545][T15455] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1083.420590][T15455] ? netlink_deliver_tap+0x1ae/0xd30 [ 1083.420652][T15455] netlink_unicast+0x53d/0x7f0 [ 1083.420714][T15455] ? __pfx_netlink_unicast+0x10/0x10 [ 1083.420766][T15455] ? __lock_acquire+0xaa4/0x1ba0 [ 1083.420841][T15455] netlink_sendmsg+0x8d1/0xdd0 [ 1083.420905][T15455] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1083.420958][T15455] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1083.421026][T15455] ____sys_sendmsg+0xa98/0xc70 [ 1083.421089][T15455] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1083.421134][T15455] ? copy_msghdr_from_user+0x10a/0x160 [ 1083.421182][T15455] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1083.421251][T15455] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 1083.421307][T15455] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1083.421370][T15455] ___sys_sendmsg+0x134/0x1d0 [ 1083.421421][T15455] ? __pfx____sys_sendmsg+0x10/0x10 [ 1083.421496][T15455] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1083.421580][T15455] __sys_sendmsg+0x16d/0x220 [ 1083.421629][T15455] ? __pfx___sys_sendmsg+0x10/0x10 [ 1083.421675][T15455] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1083.421721][T15455] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1083.421782][T15455] ? rcu_is_watching+0x12/0xc0 [ 1083.421830][T15455] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1083.421889][T15455] do_syscall_64+0xcd/0x260 [ 1083.421957][T15455] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1083.421995][T15455] RIP: 0033:0x7f3e9558e969 [ 1083.422024][T15455] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1083.422061][T15455] RSP: 002b:00007f3e933f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1083.422096][T15455] RAX: ffffffffffffffda RBX: 00007f3e957b5fa0 RCX: 00007f3e9558e969 [ 1083.422122][T15455] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003 [ 1083.422145][T15455] RBP: 00007f3e95610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1083.422169][T15455] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1083.422192][T15455] R13: 0000000000000000 R14: 00007f3e957b5fa0 R15: 00007ffc53fac718 [ 1083.422243][T15455] [ 1083.785075][T15455] Mem-Info: [ 1084.048894][T15476] overlayfs: failed to clone upperpath [ 1084.205019][T15455] active_anon:9890 inactive_anon:0 isolated_anon:0 [ 1084.205019][T15455] active_file:22860 inactive_file:40746 isolated_file:0 [ 1084.205019][T15455] unevictable:768 dirty:200 writeback:0 [ 1084.205019][T15455] slab_reclaimable:11204 slab_unreclaimable:106612 [ 1084.205019][T15455] mapped:35783 shmem:3456 pagetables:1179 [ 1084.205019][T15455] sec_pagetables:0 bounce:0 [ 1084.205019][T15455] kernel_misc_reclaimable:0 [ 1084.205019][T15455] free:1265295 free_pcp:227 free_cma:0 [ 1084.366665][T15455] Node 0 active_anon:40900kB inactive_anon:0kB active_file:91440kB inactive_file:162788kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:144212kB dirty:796kB writeback:0kB shmem:13368kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:13056kB pagetables:4820kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 1084.485091][T15455] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:196kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 1084.615663][T15455] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1084.645039][T15455] lowmem_reserve[]: 0 2484 2486 2486 2486 [ 1084.651592][T15455] Node 0 DMA32 free:1105584kB boost:0kB min:34108kB low:42632kB high:51156kB reserved_highatomic:0KB active_anon:48052kB inactive_anon:0kB active_file:91440kB inactive_file:160968kB unevictable:1536kB writepending:792kB present:3129332kB managed:2544040kB mlocked:0kB bounce:0kB free_pcp:9916kB local_pcp:9176kB free_cma:0kB [ 1084.683818][T15455] lowmem_reserve[]: 0 0 1 1 1 [ 1084.743658][T15455] Node 0 Normal free:16kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1820kB unevictable:0kB writepending:4kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:16kB local_pcp:8kB free_cma:0kB [ 1084.929393][T15337] bridge0: port 1(bridge_slave_0) entered blocking state [ 1084.937526][T15455] lowmem_reserve[]: 0 0 0 0 0 [ 1085.004859][T15455] Node 1 Normal free:3921884kB boost:0kB min:55768kB low:69708kB high:83648kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:196kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:16kB local_pcp:16kB free_cma:0kB [ 1085.035962][T15337] bridge0: port 1(bridge_slave_0) entered disabled state [ 1085.106169][T15337] bridge_slave_0: entered allmulticast mode [ 1085.161831][T15337] bridge_slave_0: entered promiscuous mode [ 1085.247231][T15337] bridge0: port 2(bridge_slave_1) entered blocking state [ 1085.254502][T15455] lowmem_reserve[]: 0 0 0 0 0 [ 1085.297245][T15455] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 1085.322054][T15337] bridge0: port 2(bridge_slave_1) entered disabled state [ 1085.361710][T15455] Node 0 DMA32: 6*4kB (UME) 8*8kB (UME) 682*16kB (UME) 910*32kB (UME) 415*64kB (UME) 106*128kB (UM) 65*256kB (ME) 51*512kB (M) 15*1024kB (UME) 9*2048kB (UME) 232*4096kB (M) = 1107064kB [ 1085.368937][T15337] bridge_slave_1: entered allmulticast mode [ 1085.456522][T15455] Node 0 Normal: 0*4kB 0*8kB 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 1085.475984][T15337] bridge_slave_1: entered promiscuous mode [ 1085.500886][T15455] Node 1 Normal: 195*4kB (UME) 40*8kB (UME) 49*16kB (UME) 217*32kB (UME) 92*64kB (UME) 35*128kB (UME) 15*256kB (UME) 7*512kB (UM) 4*1024kB (UME) 2*2048kB (UE) 949*4096kB (M) = 3921916kB [ 1085.598298][T15455] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1085.630721][T15455] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 1085.682894][T15455] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1085.719272][T15455] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 1085.785077][T15455] 68407 total pagecache pages [ 1085.789837][T15455] 0 pages in swap cache [ 1085.825115][T15455] Free swap = 124996kB [ 1085.829370][T15455] Total swap = 124996kB [ 1085.833556][T15455] 2097051 pages RAM [ 1085.844577][T15337] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1085.884845][T15455] 0 pages HighMem/MovableOnly [ 1085.889604][T15455] 428935 pages reserved [ 1085.914384][T15337] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1085.953511][T15455] 0 pages cma reserved [ 1086.320508][T15337] team0: Port device team_slave_0 added [ 1086.403778][T15337] team0: Port device team_slave_1 added [ 1088.085754][T15337] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1088.092777][T15337] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1088.215209][T15337] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1088.271033][T15337] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1088.294587][T15337] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1088.428188][T15337] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1088.655924][ T5839] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1088.667322][ T5839] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1088.696164][ T5839] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1088.725354][ T5839] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1088.742108][ T5839] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1088.818465][T15519] fuse: Bad value for 'fd' [ 1088.921014][T15521] overlayfs: failed to clone upperpath [ 1089.285792][T15337] hsr_slave_0: entered promiscuous mode [ 1089.294466][T15337] hsr_slave_1: entered promiscuous mode [ 1089.412847][T15528] dvmrp1: entered allmulticast mode [ 1089.656383][T15527] syz_tun: entered allmulticast mode [ 1089.971855][ T6728] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1090.483270][ T6728] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1090.781117][T13909] Bluetooth: hci2: command tx timeout [ 1091.935111][ T6728] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1092.339604][ T6728] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1092.731900][T15557] overlayfs: failed to clone upperpath [ 1092.851007][T13909] Bluetooth: hci2: command tx timeout [ 1094.058317][T15515] chnl_net:caif_netlink_parms(): no params data found [ 1094.930696][T13909] Bluetooth: hci2: command tx timeout [ 1097.005268][T13909] Bluetooth: hci2: command tx timeout [ 1097.412539][T15595] fuse: Bad value for 'fd' [ 1098.063651][ T5839] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 1098.073836][ T5839] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 1098.081882][ T5839] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 1098.101267][ T5839] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 1098.124950][ T5839] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 1100.025632][T15515] bridge0: port 1(bridge_slave_0) entered blocking state [ 1100.047454][T15515] bridge0: port 1(bridge_slave_0) entered disabled state [ 1100.075300][T15515] bridge_slave_0: entered allmulticast mode [ 1100.095694][T15515] bridge_slave_0: entered promiscuous mode [ 1100.124603][T15515] bridge0: port 2(bridge_slave_1) entered blocking state [ 1100.148774][T15515] bridge0: port 2(bridge_slave_1) entered disabled state [ 1100.177338][T15515] bridge_slave_1: entered allmulticast mode [ 1100.204955][ T5839] Bluetooth: hci5: command tx timeout [ 1100.224963][T15515] bridge_slave_1: entered promiscuous mode [ 1100.364582][ T6728] bridge_slave_1: left allmulticast mode [ 1101.344717][ T6728] bridge_slave_1: left promiscuous mode [ 1101.350602][ T6728] bridge0: port 2(bridge_slave_1) entered disabled state [ 1101.422905][ T6728] bridge_slave_0: left allmulticast mode [ 1101.518687][ T6728] bridge_slave_0: left promiscuous mode [ 1101.527857][ T6728] bridge0: port 1(bridge_slave_0) entered disabled state [ 1101.739341][T15633] fuse: Bad value for 'fd' [ 1102.290842][ T5839] Bluetooth: hci5: command tx timeout [ 1102.931771][ T6728] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1102.953725][ T6728] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1102.987744][ T6728] bond0 (unregistering): Released all slaves [ 1103.476359][T15654] netlink: 'syz.1.2654': attribute type 1 has an invalid length. [ 1103.929309][ T6728] bond1 (unregistering): Released all slaves [ 1104.365180][ T5839] Bluetooth: hci5: command tx timeout [ 1104.619253][T15515] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1104.725757][T15654] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 1104.822422][T15655] veth3: entered promiscuous mode [ 1104.857095][ T6728] IPVS: stopping backup sync thread 15333 ... [ 1104.875529][T15655] ================================================================== [ 1104.883657][T15655] BUG: KASAN: global-out-of-bounds in fib6_ifdown+0x7f5/0x8f0 [ 1104.891173][T15655] Read of size 8 at addr ffffffff9af8cc90 by task syz.1.2654/15655 [ 1104.899096][T15655] [ 1104.901443][T15655] CPU: 1 UID: 0 PID: 15655 Comm: syz.1.2654 Not tainted 6.15.0-syzkaller #0 PREEMPT(full) [ 1104.901491][T15655] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1104.901515][T15655] Call Trace: [ 1104.901527][T15655] [ 1104.901541][T15655] dump_stack_lvl+0x116/0x1f0 [ 1104.901607][T15655] print_report+0xc3/0x670 [ 1104.901667][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1104.901715][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1104.901763][T15655] ? __phys_addr+0xc6/0x150 [ 1104.901820][T15655] ? fib6_ifdown+0x7f5/0x8f0 [ 1104.901878][T15655] kasan_report+0xe0/0x110 [ 1104.901940][T15655] ? fib6_ifdown+0x7f5/0x8f0 [ 1104.901993][T15655] fib6_ifdown+0x7f5/0x8f0 [ 1104.902041][T15655] ? __pfx_fib6_ifdown+0x10/0x10 [ 1104.902101][T15655] fib6_clean_node+0x2a7/0x5b0 [ 1104.902158][T15655] ? __pfx_fib6_clean_node+0x10/0x10 [ 1104.902217][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1104.902265][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1104.902314][T15655] fib6_walk_continue+0x452/0x8d0 [ 1104.902356][T15655] fib6_walk+0x182/0x370 [ 1104.902400][T15655] ? __pfx_fib6_ifdown+0x10/0x10 [ 1104.902442][T15655] fib6_clean_tree+0xd4/0x110 [ 1104.902478][T15655] ? __pfx_fib6_clean_tree+0x10/0x10 [ 1104.902521][T15655] ? __pfx_fib6_clean_node+0x10/0x10 [ 1104.902567][T15655] ? __pfx_fib6_ifdown+0x10/0x10 [ 1104.902615][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1104.902668][T15655] ? __pfx_fib6_ifdown+0x10/0x10 [ 1104.902714][T15655] __fib6_clean_all+0x107/0x2d0 [ 1104.902763][T15655] rt6_disable_ip+0x2ec/0x990 [ 1104.902825][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1104.902870][T15655] ? __mutex_trylock_common+0xe9/0x250 [ 1104.902934][T15655] ? __pfx___mutex_trylock_common+0x10/0x10 [ 1104.903000][T15655] ? __pfx_rt6_disable_ip+0x10/0x10 [ 1104.903064][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1104.903112][T15655] ? rcu_is_watching+0x12/0xc0 [ 1104.903161][T15655] addrconf_ifdown.isra.0+0x11d/0x1a90 [ 1104.903215][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1104.903261][T15655] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 1104.903329][T15655] ? __pfx_addrconf_ifdown.isra.0+0x10/0x10 [ 1104.903385][T15655] ? tls_dev_event+0xfd/0x10b0 [ 1104.903431][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1104.903481][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1104.903531][T15655] addrconf_notify+0x220/0x19e0 [ 1104.903588][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1104.903634][T15655] ? ip6mr_device_event+0x1bc/0x230 [ 1104.903696][T15655] notifier_call_chain+0xbc/0x410 [ 1104.903750][T15655] ? __pfx_addrconf_notify+0x10/0x10 [ 1104.903813][T15655] call_netdevice_notifiers_info+0xbe/0x140 [ 1104.903878][T15655] unregister_netdevice_many_notify+0xf9a/0x26f0 [ 1104.903944][T15655] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 1104.904003][T15655] ? __pfx___dev_notify_flags+0x10/0x10 [ 1104.904047][T15655] ? __dev_change_flags+0x3d5/0x720 [ 1104.904094][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1104.904142][T15655] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 1104.904199][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1104.904254][T15655] rtnl_newlink+0x171e/0x2000 [ 1104.904313][T15655] ? __pfx_rtnl_newlink+0x10/0x10 [ 1104.904368][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1104.904418][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1104.904469][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1104.904515][T15655] ? kfree_skbmem+0x1a4/0x1f0 [ 1104.904584][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1104.904630][T15655] ? rcu_is_watching+0x12/0xc0 [ 1104.904676][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1104.904723][T15655] ? trace_cap_capable+0x18d/0x200 [ 1104.904766][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1104.904814][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1104.904859][T15655] ? find_held_lock+0x2b/0x80 [ 1104.904902][T15655] ? __pfx_rtnl_newlink+0x10/0x10 [ 1104.904950][T15655] ? __pfx_rtnl_newlink+0x10/0x10 [ 1104.904996][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1104.905067][T15655] ? __pfx_rtnl_newlink+0x10/0x10 [ 1104.905116][T15655] rtnetlink_rcv_msg+0x95e/0xe90 [ 1104.905166][T15655] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1104.905227][T15655] netlink_rcv_skb+0x16d/0x440 [ 1104.905282][T15655] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1104.905335][T15655] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1104.905409][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1104.905455][T15655] ? netlink_deliver_tap+0x1ae/0xd30 [ 1104.905510][T15655] netlink_unicast+0x53d/0x7f0 [ 1104.905566][T15655] ? __pfx_netlink_unicast+0x10/0x10 [ 1104.905619][T15655] ? __lock_acquire+0xaa4/0x1ba0 [ 1104.905687][T15655] netlink_sendmsg+0x8d1/0xdd0 [ 1104.905745][T15655] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1104.905798][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1104.905856][T15655] ____sys_sendmsg+0xa98/0xc70 [ 1104.905916][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1104.905963][T15655] ? copy_msghdr_from_user+0x10a/0x160 [ 1104.906010][T15655] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1104.906083][T15655] ___sys_sendmsg+0x134/0x1d0 [ 1104.906129][T15655] ? __pfx____sys_sendmsg+0x10/0x10 [ 1104.906188][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1104.906253][T15655] __sys_sendmsg+0x16d/0x220 [ 1104.906300][T15655] ? __pfx___sys_sendmsg+0x10/0x10 [ 1104.906344][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1104.906398][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1104.906453][T15655] ? rcu_is_watching+0x12/0xc0 [ 1104.906499][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1104.906552][T15655] do_syscall_64+0xcd/0x260 [ 1104.906616][T15655] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1104.906653][T15655] RIP: 0033:0x7f823658e969 [ 1104.906681][T15655] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1104.906720][T15655] RSP: 002b:00007f8237348038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1104.906756][T15655] RAX: ffffffffffffffda RBX: 00007f82367b6080 RCX: 00007f823658e969 [ 1104.906783][T15655] RDX: 0000000000008000 RSI: 0000200000000280 RDI: 0000000000000006 [ 1104.906808][T15655] RBP: 00007f8236610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1104.906832][T15655] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1104.906855][T15655] R13: 0000000000000000 R14: 00007f82367b6080 R15: 00007ffc83d70d08 [ 1104.906894][T15655] [ 1104.906907][T15655] [ 1105.018359][T15669] overlayfs: failed to resolve './file1': -2 [ 1105.021120][T15655] The buggy address belongs to the variable: [ 1105.021136][T15655] __key.0+0x30/0x40 [ 1105.528731][T15655] [ 1105.531061][T15655] The buggy address belongs to the physical page: [ 1105.537473][T15655] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1af8c [ 1105.546252][T15655] flags: 0xfff00000002000(reserved|node=0|zone=1|lastcpupid=0x7ff) [ 1105.554170][T15655] raw: 00fff00000002000 ffffea00006be308 ffffea00006be308 0000000000000000 [ 1105.562772][T15655] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 1105.571374][T15655] page dumped because: kasan: bad access detected [ 1105.577801][T15655] page_owner info is not present (never set?) [ 1105.583865][T15655] [ 1105.586194][T15655] Memory state around the buggy address: [ 1105.591830][T15655] ffffffff9af8cb80: f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 [ 1105.599903][T15655] ffffffff9af8cc00: f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 00 00 f9 f9 [ 1105.607978][T15655] >ffffffff9af8cc80: f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 [ 1105.616048][T15655] ^ [ 1105.620643][T15655] ffffffff9af8cd00: 00 00 00 00 00 00 00 00 00 00 00 f9 f9 f9 f9 f9 [ 1105.628719][T15655] ffffffff9af8cd80: 00 00 f9 f9 f9 f9 f9 f9 00 00 f9 f9 f9 f9 f9 f9 [ 1105.636791][T15655] ================================================================== [ 1105.644988][T15655] Disabling lock debugging due to kernel taint [ 1105.651197][T15655] ================================================================== [ 1105.659296][T15655] BUG: KASAN: global-out-of-bounds in fib6_ifdown+0x86d/0x8f0 [ 1105.666826][T15655] Read of size 8 at addr ffffffff9af8cc98 by task syz.1.2654/15655 [ 1105.674764][T15655] [ 1105.677119][T15655] CPU: 1 UID: 0 PID: 15655 Comm: syz.1.2654 Tainted: G B 6.15.0-syzkaller #0 PREEMPT(full) [ 1105.677177][T15655] Tainted: [B]=BAD_PAGE [ 1105.677192][T15655] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1105.677216][T15655] Call Trace: [ 1105.677228][T15655] [ 1105.677242][T15655] dump_stack_lvl+0x116/0x1f0 [ 1105.677309][T15655] print_report+0xc3/0x670 [ 1105.677377][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1105.677425][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1105.677472][T15655] ? __phys_addr+0xc6/0x150 [ 1105.677530][T15655] ? fib6_ifdown+0x86d/0x8f0 [ 1105.677575][T15655] kasan_report+0xe0/0x110 [ 1105.677638][T15655] ? fib6_ifdown+0x86d/0x8f0 [ 1105.677690][T15655] fib6_ifdown+0x86d/0x8f0 [ 1105.677738][T15655] ? __pfx_fib6_ifdown+0x10/0x10 [ 1105.677787][T15655] fib6_clean_node+0x2a7/0x5b0 [ 1105.677839][T15655] ? __pfx_fib6_clean_node+0x10/0x10 [ 1105.677891][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1105.677940][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1105.677992][T15655] fib6_walk_continue+0x452/0x8d0 [ 1105.678036][T15655] fib6_walk+0x182/0x370 [ 1105.678077][T15655] ? __pfx_fib6_ifdown+0x10/0x10 [ 1105.678123][T15655] fib6_clean_tree+0xd4/0x110 [ 1105.678163][T15655] ? __pfx_fib6_clean_tree+0x10/0x10 [ 1105.678209][T15655] ? __pfx_fib6_clean_node+0x10/0x10 [ 1105.678258][T15655] ? __pfx_fib6_ifdown+0x10/0x10 [ 1105.678306][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1105.678358][T15655] ? __pfx_fib6_ifdown+0x10/0x10 [ 1105.678413][T15655] __fib6_clean_all+0x107/0x2d0 [ 1105.678460][T15655] rt6_disable_ip+0x2ec/0x990 [ 1105.678525][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1105.678572][T15655] ? __mutex_trylock_common+0xe9/0x250 [ 1105.678640][T15655] ? __pfx___mutex_trylock_common+0x10/0x10 [ 1105.678707][T15655] ? __pfx_rt6_disable_ip+0x10/0x10 [ 1105.678773][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1105.678821][T15655] ? rcu_is_watching+0x12/0xc0 [ 1105.678872][T15655] addrconf_ifdown.isra.0+0x11d/0x1a90 [ 1105.678927][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1105.678975][T15655] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 1105.679042][T15655] ? __pfx_addrconf_ifdown.isra.0+0x10/0x10 [ 1105.679094][T15655] ? tls_dev_event+0xfd/0x10b0 [ 1105.679140][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1105.679187][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1105.679238][T15655] addrconf_notify+0x220/0x19e0 [ 1105.679295][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1105.679341][T15655] ? ip6mr_device_event+0x1bc/0x230 [ 1105.679410][T15655] notifier_call_chain+0xbc/0x410 [ 1105.679467][T15655] ? __pfx_addrconf_notify+0x10/0x10 [ 1105.679529][T15655] call_netdevice_notifiers_info+0xbe/0x140 [ 1105.679595][T15655] unregister_netdevice_many_notify+0xf9a/0x26f0 [ 1105.679662][T15655] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 1105.679720][T15655] ? __pfx___dev_notify_flags+0x10/0x10 [ 1105.679765][T15655] ? __dev_change_flags+0x3d5/0x720 [ 1105.679814][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1105.679864][T15655] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 1105.679921][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1105.679976][T15655] rtnl_newlink+0x171e/0x2000 [ 1105.680035][T15655] ? __pfx_rtnl_newlink+0x10/0x10 [ 1105.680087][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1105.680138][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1105.680189][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1105.680236][T15655] ? kfree_skbmem+0x1a4/0x1f0 [ 1105.680306][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1105.680352][T15655] ? rcu_is_watching+0x12/0xc0 [ 1105.680405][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1105.680452][T15655] ? trace_cap_capable+0x18d/0x200 [ 1105.680496][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1105.680545][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1105.680593][T15655] ? find_held_lock+0x2b/0x80 [ 1105.680639][T15655] ? __pfx_rtnl_newlink+0x10/0x10 [ 1105.680689][T15655] ? __pfx_rtnl_newlink+0x10/0x10 [ 1105.680737][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1105.680786][T15655] ? __pfx_rtnl_newlink+0x10/0x10 [ 1105.680837][T15655] rtnetlink_rcv_msg+0x95e/0xe90 [ 1105.680890][T15655] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1105.680954][T15655] netlink_rcv_skb+0x16d/0x440 [ 1105.681011][T15655] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1105.681064][T15655] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1105.681133][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1105.681179][T15655] ? netlink_deliver_tap+0x1ae/0xd30 [ 1105.681235][T15655] netlink_unicast+0x53d/0x7f0 [ 1105.681293][T15655] ? __pfx_netlink_unicast+0x10/0x10 [ 1105.681347][T15655] ? __lock_acquire+0xaa4/0x1ba0 [ 1105.681420][T15655] netlink_sendmsg+0x8d1/0xdd0 [ 1105.681479][T15655] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1105.681534][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1105.681591][T15655] ____sys_sendmsg+0xa98/0xc70 [ 1105.681653][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1105.681700][T15655] ? copy_msghdr_from_user+0x10a/0x160 [ 1105.681748][T15655] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1105.681821][T15655] ___sys_sendmsg+0x134/0x1d0 [ 1105.681870][T15655] ? __pfx____sys_sendmsg+0x10/0x10 [ 1105.681930][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1105.681995][T15655] __sys_sendmsg+0x16d/0x220 [ 1105.682043][T15655] ? __pfx___sys_sendmsg+0x10/0x10 [ 1105.682090][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1105.682137][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1105.682192][T15655] ? rcu_is_watching+0x12/0xc0 [ 1105.682238][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1105.682291][T15655] do_syscall_64+0xcd/0x260 [ 1105.682356][T15655] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1105.682401][T15655] RIP: 0033:0x7f823658e969 [ 1105.682431][T15655] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1105.682470][T15655] RSP: 002b:00007f8237348038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1105.682506][T15655] RAX: ffffffffffffffda RBX: 00007f82367b6080 RCX: 00007f823658e969 [ 1105.682533][T15655] RDX: 0000000000008000 RSI: 0000200000000280 RDI: 0000000000000006 [ 1105.682558][T15655] RBP: 00007f8236610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1105.682583][T15655] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1105.682607][T15655] R13: 0000000000000000 R14: 00007f82367b6080 R15: 00007ffc83d70d08 [ 1105.682645][T15655] [ 1105.682657][T15655] [ 1106.294577][T15655] The buggy address belongs to the variable: [ 1106.300572][T15655] __key.0+0x38/0x40 [ 1106.304500][T15655] [ 1106.306838][T15655] The buggy address belongs to the physical page: [ 1106.313286][T15655] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1af8c [ 1106.322081][T15655] flags: 0xfff00000002000(reserved|node=0|zone=1|lastcpupid=0x7ff) [ 1106.330033][T15655] raw: 00fff00000002000 ffffea00006be308 ffffea00006be308 0000000000000000 [ 1106.338670][T15655] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 1106.347281][T15655] page dumped because: kasan: bad access detected [ 1106.353711][T15655] page_owner info is not present (never set?) [ 1106.359789][T15655] [ 1106.362127][T15655] Memory state around the buggy address: [ 1106.367791][T15655] ffffffff9af8cb80: f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 [ 1106.375890][T15655] ffffffff9af8cc00: f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 00 00 f9 f9 [ 1106.383975][T15655] >ffffffff9af8cc80: f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 [ 1106.392066][T15655] ^ [ 1106.396935][T15655] ffffffff9af8cd00: 00 00 00 00 00 00 00 00 00 00 00 f9 f9 f9 f9 f9 [ 1106.405045][T15655] ffffffff9af8cd80: 00 00 f9 f9 f9 f9 f9 f9 00 00 f9 f9 f9 f9 f9 f9 [ 1106.413137][T15655] ================================================================== [ 1106.421364][T15655] ================================================================== [ 1106.429447][T15655] BUG: KASAN: global-out-of-bounds in fib6_clean_node+0x51c/0x5b0 [ 1106.437306][T15655] Read of size 8 at addr ffffffff9af8cbe8 by task syz.1.2654/15655 [ 1106.445241][T15655] [ 1106.447595][T15655] CPU: 1 UID: 0 PID: 15655 Comm: syz.1.2654 Tainted: G B 6.15.0-syzkaller #0 PREEMPT(full) [ 1106.447653][T15655] Tainted: [B]=BAD_PAGE [ 1106.447667][T15655] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1106.447694][T15655] Call Trace: [ 1106.447706][T15655] [ 1106.447720][T15655] dump_stack_lvl+0x116/0x1f0 [ 1106.447787][T15655] print_report+0xc3/0x670 [ 1106.447851][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1106.447899][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1106.447946][T15655] ? __phys_addr+0xc6/0x150 [ 1106.448005][T15655] ? fib6_clean_node+0x51c/0x5b0 [ 1106.448053][T15655] kasan_report+0xe0/0x110 [ 1106.448117][T15655] ? fib6_clean_node+0x51c/0x5b0 [ 1106.448172][T15655] fib6_clean_node+0x51c/0x5b0 [ 1106.448222][T15655] ? __pfx_fib6_clean_node+0x10/0x10 [ 1106.448273][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1106.448321][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1106.448381][T15655] fib6_walk_continue+0x452/0x8d0 [ 1106.448427][T15655] fib6_walk+0x182/0x370 [ 1106.448466][T15655] ? __pfx_fib6_ifdown+0x10/0x10 [ 1106.448512][T15655] fib6_clean_tree+0xd4/0x110 [ 1106.448552][T15655] ? __pfx_fib6_clean_tree+0x10/0x10 [ 1106.448597][T15655] ? __pfx_fib6_clean_node+0x10/0x10 [ 1106.448646][T15655] ? __pfx_fib6_ifdown+0x10/0x10 [ 1106.448694][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1106.448746][T15655] ? __pfx_fib6_ifdown+0x10/0x10 [ 1106.448792][T15655] __fib6_clean_all+0x107/0x2d0 [ 1106.448840][T15655] rt6_disable_ip+0x2ec/0x990 [ 1106.448903][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1106.448949][T15655] ? __mutex_trylock_common+0xe9/0x250 [ 1106.449016][T15655] ? __pfx___mutex_trylock_common+0x10/0x10 [ 1106.449081][T15655] ? __pfx_rt6_disable_ip+0x10/0x10 [ 1106.449145][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1106.449192][T15655] ? rcu_is_watching+0x12/0xc0 [ 1106.449243][T15655] addrconf_ifdown.isra.0+0x11d/0x1a90 [ 1106.449297][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1106.449344][T15655] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 1106.449418][T15655] ? __pfx_addrconf_ifdown.isra.0+0x10/0x10 [ 1106.449470][T15655] ? tls_dev_event+0xfd/0x10b0 [ 1106.449516][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1106.449565][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1106.449615][T15655] addrconf_notify+0x220/0x19e0 [ 1106.449671][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1106.449718][T15655] ? ip6mr_device_event+0x1bc/0x230 [ 1106.449781][T15655] notifier_call_chain+0xbc/0x410 [ 1106.449835][T15655] ? __pfx_addrconf_notify+0x10/0x10 [ 1106.449897][T15655] call_netdevice_notifiers_info+0xbe/0x140 [ 1106.449962][T15655] unregister_netdevice_many_notify+0xf9a/0x26f0 [ 1106.450029][T15655] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 1106.450087][T15655] ? __pfx___dev_notify_flags+0x10/0x10 [ 1106.450130][T15655] ? __dev_change_flags+0x3d5/0x720 [ 1106.450178][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1106.450228][T15655] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 1106.450285][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1106.450341][T15655] rtnl_newlink+0x171e/0x2000 [ 1106.450406][T15655] ? __pfx_rtnl_newlink+0x10/0x10 [ 1106.450458][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1106.450508][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1106.450560][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1106.450606][T15655] ? kfree_skbmem+0x1a4/0x1f0 [ 1106.450676][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1106.450723][T15655] ? rcu_is_watching+0x12/0xc0 [ 1106.450770][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1106.450816][T15655] ? trace_cap_capable+0x18d/0x200 [ 1106.450861][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1106.450910][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1106.450957][T15655] ? find_held_lock+0x2b/0x80 [ 1106.451003][T15655] ? __pfx_rtnl_newlink+0x10/0x10 [ 1106.451053][T15655] ? __pfx_rtnl_newlink+0x10/0x10 [ 1106.451101][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1106.451150][T15655] ? __pfx_rtnl_newlink+0x10/0x10 [ 1106.451201][T15655] rtnetlink_rcv_msg+0x95e/0xe90 [ 1106.451255][T15655] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1106.451320][T15655] netlink_rcv_skb+0x16d/0x440 [ 1106.451381][T15655] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1106.451432][T15655] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1106.451496][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1106.451540][T15655] ? netlink_deliver_tap+0x1ae/0xd30 [ 1106.451593][T15655] netlink_unicast+0x53d/0x7f0 [ 1106.451650][T15655] ? __pfx_netlink_unicast+0x10/0x10 [ 1106.451699][T15655] ? __lock_acquire+0xaa4/0x1ba0 [ 1106.451763][T15655] netlink_sendmsg+0x8d1/0xdd0 [ 1106.451822][T15655] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1106.451870][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1106.451922][T15655] ____sys_sendmsg+0xa98/0xc70 [ 1106.451977][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1106.452019][T15655] ? copy_msghdr_from_user+0x10a/0x160 [ 1106.452062][T15655] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1106.452129][T15655] ___sys_sendmsg+0x134/0x1d0 [ 1106.452173][T15655] ? __pfx____sys_sendmsg+0x10/0x10 [ 1106.452227][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1106.452286][T15655] __sys_sendmsg+0x16d/0x220 [ 1106.452329][T15655] ? __pfx___sys_sendmsg+0x10/0x10 [ 1106.452375][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1106.452417][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1106.452467][T15655] ? rcu_is_watching+0x12/0xc0 [ 1106.452509][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1106.452558][T15655] do_syscall_64+0xcd/0x260 [ 1106.452616][T15655] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1106.452651][T15655] RIP: 0033:0x7f823658e969 [ 1106.452677][T15655] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1106.452712][T15655] RSP: 002b:00007f8237348038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1106.452745][T15655] RAX: ffffffffffffffda RBX: 00007f82367b6080 RCX: 00007f823658e969 [ 1106.452769][T15655] RDX: 0000000000008000 RSI: 0000200000000280 RDI: 0000000000000006 [ 1106.452791][T15655] RBP: 00007f8236610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1106.452813][T15655] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1106.452835][T15655] R13: 0000000000000000 R14: 00007f82367b6080 R15: 00007ffc83d70d08 [ 1106.452870][T15655] [ 1106.452882][T15655] [ 1107.055841][T15655] The buggy address belongs to the variable: [ 1107.061818][T15655] binder_devices+0x8/0x40 [ 1107.066256][T15655] [ 1107.068578][T15655] The buggy address belongs to the physical page: [ 1107.074989][T15655] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1af8c [ 1107.083766][T15655] flags: 0xfff00000002000(reserved|node=0|zone=1|lastcpupid=0x7ff) [ 1107.091686][T15655] raw: 00fff00000002000 ffffea00006be308 ffffea00006be308 0000000000000000 [ 1107.100318][T15655] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 1107.108910][T15655] page dumped because: kasan: bad access detected [ 1107.115329][T15655] page_owner info is not present (never set?) [ 1107.121397][T15655] [ 1107.123728][T15655] Memory state around the buggy address: [ 1107.129365][T15655] ffffffff9af8ca80: f9 f9 f9 f9 04 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 [ 1107.137449][T15655] ffffffff9af8cb00: f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 [ 1107.145622][T15655] >ffffffff9af8cb80: f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 [ 1107.153688][T15655] ^ [ 1107.161149][T15655] ffffffff9af8cc00: f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 00 00 f9 f9 [ 1107.169310][T15655] ffffffff9af8cc80: f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 [ 1107.177378][T15655] ================================================================== [ 1107.185710][ T5839] Bluetooth: hci5: command tx timeout [ 1107.194439][T15655] ================================================================== [ 1107.202529][T15655] BUG: KASAN: global-out-of-bounds in fib6_ifdown+0x7f5/0x8f0 [ 1107.210036][T15655] Read of size 8 at addr ffffffff9af8cc90 by task syz.1.2654/15655 [ 1107.218557][T15655] [ 1107.220894][T15655] CPU: 0 UID: 0 PID: 15655 Comm: syz.1.2654 Tainted: G B 6.15.0-syzkaller #0 PREEMPT(full) [ 1107.220946][T15655] Tainted: [B]=BAD_PAGE [ 1107.220958][T15655] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1107.220980][T15655] Call Trace: [ 1107.220990][T15655] [ 1107.221003][T15655] dump_stack_lvl+0x116/0x1f0 [ 1107.221062][T15655] print_report+0xc3/0x670 [ 1107.221116][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1107.221164][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1107.221206][T15655] ? __phys_addr+0xc6/0x150 [ 1107.221257][T15655] ? fib6_ifdown+0x7f5/0x8f0 [ 1107.221299][T15655] kasan_report+0xe0/0x110 [ 1107.221355][T15655] ? fib6_ifdown+0x7f5/0x8f0 [ 1107.221401][T15655] fib6_ifdown+0x7f5/0x8f0 [ 1107.221444][T15655] ? __pfx_fib6_ifdown+0x10/0x10 [ 1107.221487][T15655] fib6_clean_node+0x2a7/0x5b0 [ 1107.221533][T15655] ? __pfx_fib6_clean_node+0x10/0x10 [ 1107.221581][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1107.221627][T15655] fib6_walk_continue+0x452/0x8d0 [ 1107.221666][T15655] fib6_walk+0x182/0x370 [ 1107.221703][T15655] ? __pfx_fib6_ifdown+0x10/0x10 [ 1107.221743][T15655] fib6_clean_tree+0xd4/0x110 [ 1107.221780][T15655] ? __pfx_fib6_clean_tree+0x10/0x10 [ 1107.221820][T15655] ? __pfx_fib6_clean_node+0x10/0x10 [ 1107.221864][T15655] ? __pfx_fib6_ifdown+0x10/0x10 [ 1107.221906][T15655] ? rcu_is_watching+0x12/0xc0 [ 1107.221947][T15655] ? __fib6_clean_all+0x10f/0x2d0 [ 1107.221983][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1107.222029][T15655] ? __pfx_fib6_ifdown+0x10/0x10 [ 1107.222071][T15655] __fib6_clean_all+0x107/0x2d0 [ 1107.222115][T15655] rt6_disable_ip+0x2ec/0x990 [ 1107.222175][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1107.222217][T15655] ? __mutex_trylock_common+0xe9/0x250 [ 1107.222277][T15655] ? __pfx___mutex_trylock_common+0x10/0x10 [ 1107.222336][T15655] ? __pfx_rt6_disable_ip+0x10/0x10 [ 1107.222395][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1107.222437][T15655] ? rcu_is_watching+0x12/0xc0 [ 1107.222481][T15655] addrconf_ifdown.isra.0+0x11d/0x1a90 [ 1107.222529][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1107.222571][T15655] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 1107.222628][T15655] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1107.222688][T15655] ? __pfx_addrconf_ifdown.isra.0+0x10/0x10 [ 1107.222732][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1107.222775][T15655] ? tls_dev_event+0xfd/0x10b0 [ 1107.222815][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1107.222857][T15655] ? rcu_is_watching+0x12/0xc0 [ 1107.222899][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1107.222944][T15655] addrconf_notify+0x220/0x19e0 [ 1107.222994][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1107.223036][T15655] ? ip6mr_device_event+0x1bc/0x230 [ 1107.223093][T15655] notifier_call_chain+0xbc/0x410 [ 1107.223151][T15655] ? __pfx_addrconf_notify+0x10/0x10 [ 1107.223207][T15655] call_netdevice_notifiers_info+0xbe/0x140 [ 1107.223266][T15655] unregister_netdevice_many_notify+0xf9a/0x26f0 [ 1107.223326][T15655] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 1107.223380][T15655] ? __dev_change_flags+0x3d5/0x720 [ 1107.223423][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1107.223468][T15655] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 1107.223520][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1107.223570][T15655] rtnl_newlink+0x171e/0x2000 [ 1107.223623][T15655] ? __pfx_rtnl_newlink+0x10/0x10 [ 1107.223670][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1107.223715][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1107.223762][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1107.223803][T15655] ? kfree_skbmem+0x1a4/0x1f0 [ 1107.223867][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1107.223909][T15655] ? rcu_is_watching+0x12/0xc0 [ 1107.223949][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1107.223991][T15655] ? trace_cap_capable+0x18d/0x200 [ 1107.224031][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1107.224075][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1107.224117][T15655] ? find_held_lock+0x2b/0x80 [ 1107.224162][T15655] ? __pfx_rtnl_newlink+0x10/0x10 [ 1107.224206][T15655] ? __pfx_rtnl_newlink+0x10/0x10 [ 1107.224249][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1107.224293][T15655] ? __pfx_rtnl_newlink+0x10/0x10 [ 1107.224339][T15655] rtnetlink_rcv_msg+0x95e/0xe90 [ 1107.224388][T15655] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1107.224447][T15655] netlink_rcv_skb+0x16d/0x440 [ 1107.224497][T15655] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1107.224545][T15655] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1107.224609][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1107.224650][T15655] ? netlink_deliver_tap+0x1ae/0xd30 [ 1107.224705][T15655] netlink_unicast+0x53d/0x7f0 [ 1107.224757][T15655] ? __pfx_netlink_unicast+0x10/0x10 [ 1107.224805][T15655] ? __lock_acquire+0xaa4/0x1ba0 [ 1107.224866][T15655] netlink_sendmsg+0x8d1/0xdd0 [ 1107.224920][T15655] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1107.224968][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1107.225020][T15655] ____sys_sendmsg+0xa98/0xc70 [ 1107.225096][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1107.225144][T15655] ? copy_msghdr_from_user+0x10a/0x160 [ 1107.225187][T15655] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1107.225253][T15655] ___sys_sendmsg+0x134/0x1d0 [ 1107.225296][T15655] ? __pfx____sys_sendmsg+0x10/0x10 [ 1107.225351][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1107.225410][T15655] __sys_sendmsg+0x16d/0x220 [ 1107.225453][T15655] ? __pfx___sys_sendmsg+0x10/0x10 [ 1107.225495][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1107.225536][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1107.225585][T15655] ? rcu_is_watching+0x12/0xc0 [ 1107.225626][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1107.225673][T15655] do_syscall_64+0xcd/0x260 [ 1107.225731][T15655] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1107.225766][T15655] RIP: 0033:0x7f823658e969 [ 1107.225792][T15655] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1107.225827][T15655] RSP: 002b:00007f8237348038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1107.225859][T15655] RAX: ffffffffffffffda RBX: 00007f82367b6080 RCX: 00007f823658e969 [ 1107.225883][T15655] RDX: 0000000000008000 RSI: 0000200000000280 RDI: 0000000000000006 [ 1107.225905][T15655] RBP: 00007f8236610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1107.225926][T15655] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1107.225947][T15655] R13: 0000000000000000 R14: 00007f82367b6080 R15: 00007ffc83d70d08 [ 1107.225982][T15655] [ 1107.225994][T15655] [ 1107.852164][T15655] The buggy address belongs to the variable: [ 1107.858143][T15655] __key.0+0x30/0x40 [ 1107.862060][T15655] [ 1107.864387][T15655] The buggy address belongs to the physical page: [ 1107.870800][T15655] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1af8c [ 1107.879582][T15655] flags: 0xfff00000002000(reserved|node=0|zone=1|lastcpupid=0x7ff) [ 1107.887512][T15655] raw: 00fff00000002000 ffffea00006be308 ffffea00006be308 0000000000000000 [ 1107.896214][T15655] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 1107.904807][T15655] page dumped because: kasan: bad access detected [ 1107.911229][T15655] page_owner info is not present (never set?) [ 1107.917294][T15655] [ 1107.919617][T15655] Memory state around the buggy address: [ 1107.925252][T15655] ffffffff9af8cb80: f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 [ 1107.933328][T15655] ffffffff9af8cc00: f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 00 00 f9 f9 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1107.941415][T15655] >ffffffff9af8cc80: f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 [ 1107.949486][T15655] ^ [ 1107.954081][T15655] ffffffff9af8cd00: 00 00 00 00 00 00 00 00 00 00 00 f9 f9 f9 f9 f9 [ 1107.962163][T15655] ffffffff9af8cd80: 00 00 f9 f9 f9 f9 f9 f9 00 00 f9 f9 f9 f9 f9 f9 [ 1107.970237][T15655] ================================================================== [ 1107.978401][T15655] ================================================================== [ 1107.986495][T15655] BUG: KASAN: global-out-of-bounds in fib6_ifdown+0x86d/0x8f0 [ 1107.994025][T15655] Read of size 8 at addr ffffffff9af8cc98 by task syz.1.2654/15655 [ 1108.001952][T15655] [ 1108.004293][T15655] CPU: 0 UID: 0 PID: 15655 Comm: syz.1.2654 Tainted: G B 6.15.0-syzkaller #0 PREEMPT(full) [ 1108.004345][T15655] Tainted: [B]=BAD_PAGE [ 1108.004357][T15655] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1108.004382][T15655] Call Trace: [ 1108.004394][T15655] [ 1108.004409][T15655] dump_stack_lvl+0x116/0x1f0 [ 1108.004470][T15655] print_report+0xc3/0x670 [ 1108.004526][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1108.004569][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1108.004611][T15655] ? __phys_addr+0xc6/0x150 [ 1108.004664][T15655] ? fib6_ifdown+0x86d/0x8f0 [ 1108.004705][T15655] kasan_report+0xe0/0x110 [ 1108.004766][T15655] ? fib6_ifdown+0x86d/0x8f0 [ 1108.004813][T15655] fib6_ifdown+0x86d/0x8f0 [ 1108.004857][T15655] ? __pfx_fib6_ifdown+0x10/0x10 [ 1108.004900][T15655] fib6_clean_node+0x2a7/0x5b0 [ 1108.004949][T15655] ? __pfx_fib6_clean_node+0x10/0x10 [ 1108.004997][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1108.005062][T15655] fib6_walk_continue+0x452/0x8d0 [ 1108.005102][T15655] fib6_walk+0x182/0x370 [ 1108.005139][T15655] ? __pfx_fib6_ifdown+0x10/0x10 [ 1108.005180][T15655] fib6_clean_tree+0xd4/0x110 [ 1108.005216][T15655] ? __pfx_fib6_clean_tree+0x10/0x10 [ 1108.005257][T15655] ? __pfx_fib6_clean_node+0x10/0x10 [ 1108.005301][T15655] ? __pfx_fib6_ifdown+0x10/0x10 [ 1108.005343][T15655] ? rcu_is_watching+0x12/0xc0 [ 1108.005391][T15655] ? __fib6_clean_all+0x10f/0x2d0 [ 1108.005427][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1108.005473][T15655] ? __pfx_fib6_ifdown+0x10/0x10 [ 1108.005515][T15655] __fib6_clean_all+0x107/0x2d0 [ 1108.005559][T15655] rt6_disable_ip+0x2ec/0x990 [ 1108.005617][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1108.005659][T15655] ? __mutex_trylock_common+0xe9/0x250 [ 1108.005719][T15655] ? __pfx___mutex_trylock_common+0x10/0x10 [ 1108.005777][T15655] ? __pfx_rt6_disable_ip+0x10/0x10 [ 1108.005837][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1108.005878][T15655] ? rcu_is_watching+0x12/0xc0 [ 1108.005923][T15655] addrconf_ifdown.isra.0+0x11d/0x1a90 [ 1108.005971][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1108.006013][T15655] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 1108.006071][T15655] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1108.006130][T15655] ? __pfx_addrconf_ifdown.isra.0+0x10/0x10 [ 1108.006175][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1108.006218][T15655] ? tls_dev_event+0xfd/0x10b0 [ 1108.006258][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1108.006300][T15655] ? rcu_is_watching+0x12/0xc0 [ 1108.006342][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1108.006393][T15655] addrconf_notify+0x220/0x19e0 [ 1108.006444][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1108.006485][T15655] ? ip6mr_device_event+0x1bc/0x230 [ 1108.006543][T15655] notifier_call_chain+0xbc/0x410 [ 1108.006594][T15655] ? __pfx_addrconf_notify+0x10/0x10 [ 1108.006649][T15655] call_netdevice_notifiers_info+0xbe/0x140 [ 1108.006709][T15655] unregister_netdevice_many_notify+0xf9a/0x26f0 [ 1108.006769][T15655] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 1108.006822][T15655] ? __dev_change_flags+0x3d5/0x720 [ 1108.006865][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1108.006909][T15655] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 1108.006961][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1108.007010][T15655] rtnl_newlink+0x171e/0x2000 [ 1108.007063][T15655] ? __pfx_rtnl_newlink+0x10/0x10 [ 1108.007109][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1108.007155][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1108.007202][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1108.007243][T15655] ? kfree_skbmem+0x1a4/0x1f0 [ 1108.007309][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1108.007351][T15655] ? rcu_is_watching+0x12/0xc0 [ 1108.007396][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1108.007437][T15655] ? trace_cap_capable+0x18d/0x200 [ 1108.007478][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1108.007522][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1108.007564][T15655] ? find_held_lock+0x2b/0x80 [ 1108.007605][T15655] ? __pfx_rtnl_newlink+0x10/0x10 [ 1108.007649][T15655] ? __pfx_rtnl_newlink+0x10/0x10 [ 1108.007693][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1108.007737][T15655] ? __pfx_rtnl_newlink+0x10/0x10 [ 1108.007782][T15655] rtnetlink_rcv_msg+0x95e/0xe90 [ 1108.007830][T15655] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1108.007889][T15655] netlink_rcv_skb+0x16d/0x440 [ 1108.007939][T15655] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1108.007987][T15655] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1108.008050][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1108.008092][T15655] ? netlink_deliver_tap+0x1ae/0xd30 [ 1108.008142][T15655] netlink_unicast+0x53d/0x7f0 [ 1108.008195][T15655] ? __pfx_netlink_unicast+0x10/0x10 [ 1108.008242][T15655] ? __lock_acquire+0xaa4/0x1ba0 [ 1108.008303][T15655] netlink_sendmsg+0x8d1/0xdd0 [ 1108.008356][T15655] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1108.008408][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1108.008460][T15655] ____sys_sendmsg+0xa98/0xc70 [ 1108.008516][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1108.008558][T15655] ? copy_msghdr_from_user+0x10a/0x160 [ 1108.008601][T15655] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1108.008666][T15655] ___sys_sendmsg+0x134/0x1d0 [ 1108.008710][T15655] ? __pfx____sys_sendmsg+0x10/0x10 [ 1108.008764][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1108.008824][T15655] __sys_sendmsg+0x16d/0x220 [ 1108.008866][T15655] ? __pfx___sys_sendmsg+0x10/0x10 [ 1108.008908][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1108.008950][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1108.008999][T15655] ? rcu_is_watching+0x12/0xc0 [ 1108.009040][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1108.009088][T15655] do_syscall_64+0xcd/0x260 [ 1108.009147][T15655] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1108.009182][T15655] RIP: 0033:0x7f823658e969 [ 1108.009208][T15655] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1108.009245][T15655] RSP: 002b:00007f8237348038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1108.009277][T15655] RAX: ffffffffffffffda RBX: 00007f82367b6080 RCX: 00007f823658e969 [ 1108.009301][T15655] RDX: 0000000000008000 RSI: 0000200000000280 RDI: 0000000000000006 [ 1108.009324][T15655] RBP: 00007f8236610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1108.009346][T15655] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1108.009368][T15655] R13: 0000000000000000 R14: 00007f82367b6080 R15: 00007ffc83d70d08 [ 1108.009406][T15655] [ 1108.009418][T15655] [ 1108.635344][T15655] The buggy address belongs to the variable: [ 1108.641327][T15655] __key.0+0x38/0x40 [ 1108.645251][T15655] [ 1108.647575][T15655] The buggy address belongs to the physical page: [ 1108.653983][T15655] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1af8c [ 1108.662758][T15655] flags: 0xfff00000002000(reserved|node=0|zone=1|lastcpupid=0x7ff) [ 1108.670773][T15655] raw: 00fff00000002000 ffffea00006be308 ffffea00006be308 0000000000000000 [ 1108.679383][T15655] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 1108.688003][T15655] page dumped because: kasan: bad access detected [ 1108.694423][T15655] page_owner info is not present (never set?) [ 1108.700494][T15655] [ 1108.702816][T15655] Memory state around the buggy address: [ 1108.708453][T15655] ffffffff9af8cb80: f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 [ 1108.716559][T15655] ffffffff9af8cc00: f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 00 00 f9 f9 [ 1108.724629][T15655] >ffffffff9af8cc80: f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 [ 1108.732709][T15655] ^ [ 1108.737572][T15655] ffffffff9af8cd00: 00 00 00 00 00 00 00 00 00 00 00 f9 f9 f9 f9 f9 [ 1108.745687][T15655] ffffffff9af8cd80: 00 00 f9 f9 f9 f9 f9 f9 00 00 f9 f9 f9 f9 f9 f9 [ 1108.753755][T15655] ================================================================== [ 1108.761893][T15655] ================================================================== [ 1108.769991][T15655] BUG: KASAN: global-out-of-bounds in fib6_clean_node+0x51c/0x5b0 [ 1108.777857][T15655] Read of size 8 at addr ffffffff9af8cbe8 by task syz.1.2654/15655 [ 1108.785777][T15655] [ 1108.788128][T15655] CPU: 0 UID: 0 PID: 15655 Comm: syz.1.2654 Tainted: G B 6.15.0-syzkaller #0 PREEMPT(full) [ 1108.788190][T15655] Tainted: [B]=BAD_PAGE [ 1108.788203][T15655] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1108.788227][T15655] Call Trace: [ 1108.788240][T15655] [ 1108.788254][T15655] dump_stack_lvl+0x116/0x1f0 [ 1108.788320][T15655] print_report+0xc3/0x670 [ 1108.788391][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1108.788442][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1108.788490][T15655] ? __phys_addr+0xc6/0x150 [ 1108.788553][T15655] ? fib6_clean_node+0x51c/0x5b0 [ 1108.788601][T15655] kasan_report+0xe0/0x110 [ 1108.788666][T15655] ? fib6_clean_node+0x51c/0x5b0 [ 1108.788725][T15655] fib6_clean_node+0x51c/0x5b0 [ 1108.788778][T15655] ? __pfx_fib6_clean_node+0x10/0x10 [ 1108.788834][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1108.788889][T15655] fib6_walk_continue+0x452/0x8d0 [ 1108.788935][T15655] fib6_walk+0x182/0x370 [ 1108.788976][T15655] ? __pfx_fib6_ifdown+0x10/0x10 [ 1108.789023][T15655] fib6_clean_tree+0xd4/0x110 [ 1108.789065][T15655] ? __pfx_fib6_clean_tree+0x10/0x10 [ 1108.789117][T15655] ? __pfx_fib6_clean_node+0x10/0x10 [ 1108.789166][T15655] ? __pfx_fib6_ifdown+0x10/0x10 [ 1108.789214][T15655] ? rcu_is_watching+0x12/0xc0 [ 1108.789262][T15655] ? __fib6_clean_all+0x10f/0x2d0 [ 1108.789307][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1108.789359][T15655] ? __pfx_fib6_ifdown+0x10/0x10 [ 1108.789412][T15655] __fib6_clean_all+0x107/0x2d0 [ 1108.789465][T15655] rt6_disable_ip+0x2ec/0x990 [ 1108.789530][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1108.789578][T15655] ? __mutex_trylock_common+0xe9/0x250 [ 1108.789645][T15655] ? __pfx___mutex_trylock_common+0x10/0x10 [ 1108.789711][T15655] ? __pfx_rt6_disable_ip+0x10/0x10 [ 1108.789778][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1108.789826][T15655] ? rcu_is_watching+0x12/0xc0 [ 1108.789877][T15655] addrconf_ifdown.isra.0+0x11d/0x1a90 [ 1108.789933][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1108.789981][T15655] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 1108.790047][T15655] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1108.790115][T15655] ? __pfx_addrconf_ifdown.isra.0+0x10/0x10 [ 1108.790169][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1108.790220][T15655] ? tls_dev_event+0xfd/0x10b0 [ 1108.790265][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1108.790314][T15655] ? rcu_is_watching+0x12/0xc0 [ 1108.790366][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1108.790423][T15655] addrconf_notify+0x220/0x19e0 [ 1108.790484][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1108.790531][T15655] ? ip6mr_device_event+0x1bc/0x230 [ 1108.790597][T15655] notifier_call_chain+0xbc/0x410 [ 1108.790656][T15655] ? __pfx_addrconf_notify+0x10/0x10 [ 1108.790719][T15655] call_netdevice_notifiers_info+0xbe/0x140 [ 1108.790786][T15655] unregister_netdevice_many_notify+0xf9a/0x26f0 [ 1108.790854][T15655] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 1108.790915][T15655] ? __dev_change_flags+0x3d5/0x720 [ 1108.790965][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1108.791016][T15655] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 1108.791076][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1108.791133][T15655] rtnl_newlink+0x171e/0x2000 [ 1108.791196][T15655] ? __pfx_rtnl_newlink+0x10/0x10 [ 1108.791249][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1108.791301][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1108.791355][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1108.791413][T15655] ? kfree_skbmem+0x1a4/0x1f0 [ 1108.791485][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1108.791533][T15655] ? rcu_is_watching+0x12/0xc0 [ 1108.791580][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1108.791628][T15655] ? trace_cap_capable+0x18d/0x200 [ 1108.791674][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1108.791724][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1108.791772][T15655] ? find_held_lock+0x2b/0x80 [ 1108.791820][T15655] ? __pfx_rtnl_newlink+0x10/0x10 [ 1108.791870][T15655] ? __pfx_rtnl_newlink+0x10/0x10 [ 1108.791921][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1108.791972][T15655] ? __pfx_rtnl_newlink+0x10/0x10 [ 1108.792025][T15655] rtnetlink_rcv_msg+0x95e/0xe90 [ 1108.792081][T15655] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1108.792148][T15655] netlink_rcv_skb+0x16d/0x440 [ 1108.792206][T15655] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1108.792262][T15655] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1108.792335][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1108.792428][T15655] ? netlink_deliver_tap+0x1ae/0xd30 [ 1108.792485][T15655] netlink_unicast+0x53d/0x7f0 [ 1108.792545][T15655] ? __pfx_netlink_unicast+0x10/0x10 [ 1108.792600][T15655] ? __lock_acquire+0xaa4/0x1ba0 [ 1108.792670][T15655] netlink_sendmsg+0x8d1/0xdd0 [ 1108.792731][T15655] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1108.792786][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1108.792846][T15655] ____sys_sendmsg+0xa98/0xc70 [ 1108.792909][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1108.792957][T15655] ? copy_msghdr_from_user+0x10a/0x160 [ 1108.793006][T15655] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1108.793082][T15655] ___sys_sendmsg+0x134/0x1d0 [ 1108.793132][T15655] ? __pfx____sys_sendmsg+0x10/0x10 [ 1108.793197][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1108.793265][T15655] __sys_sendmsg+0x16d/0x220 [ 1108.793314][T15655] ? __pfx___sys_sendmsg+0x10/0x10 [ 1108.793364][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1108.793419][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1108.793476][T15655] ? rcu_is_watching+0x12/0xc0 [ 1108.793527][T15655] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1108.793582][T15655] do_syscall_64+0xcd/0x260 [ 1108.793649][T15655] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1108.793689][T15655] RIP: 0033:0x7f823658e969 [ 1108.793719][T15655] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1108.793758][T15655] RSP: 002b:00007f8237348038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1108.793795][T15655] RAX: ffffffffffffffda RBX: 00007f82367b6080 RCX: 00007f823658e969 [ 1108.793822][T15655] RDX: 0000000000008000 RSI: 0000200000000280 RDI: 0000000000000006 [ 1108.793848][T15655] RBP: 00007f8236610ab1 R08: 0000000000000000 R09: 0000000000000000 [ 1108.793874][T15655] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1108.793899][T15655] R13: 0000000000000000 R14: 00007f82367b6080 R15: 00007ffc83d70d08 [ 1108.793939][T15655] [ 1108.793952][T15655] [ 1109.411707][T15655] The buggy address belongs to the variable: [ 1109.417694][T15655] binder_devices+0x8/0x40 [ 1109.422142][T15655] [ 1109.424471][T15655] The buggy address belongs to the physical page: [ 1109.430894][T15655] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1af8c [ 1109.439684][T15655] flags: 0xfff00000002000(reserved|node=0|zone=1|lastcpupid=0x7ff) [ 1109.447625][T15655] raw: 00fff00000002000 ffffea00006be308 ffffea00006be308 0000000000000000 [ 1109.456242][T15655] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 1109.464850][T15655] page dumped because: kasan: bad access detected [ 1109.471277][T15655] page_owner info is not present (never set?) [ 1109.477348][T15655] [ 1109.479683][T15655] Memory state around the buggy address: [ 1109.485326][T15655] ffffffff9af8ca80: f9 f9 f9 f9 04 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 [ 1109.493414][T15655] ffffffff9af8cb00: f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 [ 1109.501493][T15655] >ffffffff9af8cb80: f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 [ 1109.509582][T15655] ^ [ 1109.517055][T15655] ffffffff9af8cc00: f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 00 00 f9 f9 [ 1109.525140][T15655] ffffffff9af8cc80: f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 [ 1109.533221][T15655] ================================================================== [ 1109.692294][T15515] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1110.248095][ T9961] syz_tun (unregistering): left allmulticast mode [ 1110.638281][T10285] bridge0: port 3(syz_tun) entered disabled state [ 1110.675302][T10285] syz_tun (unregistering): left allmulticast mode [ 1110.681792][T10285] syz_tun (unregistering): left promiscuous mode [ 1110.694821][T10285] bridge0: port 3(syz_tun) entered disabled state [ 1110.739356][T14430] ================================================================== [ 1110.747495][T14430] BUG: KASAN: global-out-of-bounds in fib6_ifdown+0x7f5/0x8f0 [ 1110.755184][T14430] Read of size 8 at addr ffffffff9af8cc90 by task syz-executor/14430 [ 1110.763281][T14430] [ 1110.765636][T14430] CPU: 0 UID: 0 PID: 14430 Comm: syz-executor Tainted: G B 6.15.0-syzkaller #0 PREEMPT(full) [ 1110.765691][T14430] Tainted: [B]=BAD_PAGE [ 1110.765705][T14430] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1110.765728][T14430] Call Trace: [ 1110.765739][T14430] [ 1110.765753][T14430] dump_stack_lvl+0x116/0x1f0 [ 1110.765817][T14430] print_report+0xc3/0x670 [ 1110.765875][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1110.765920][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1110.765965][T14430] ? __phys_addr+0xc6/0x150 [ 1110.766020][T14430] ? fib6_ifdown+0x7f5/0x8f0 [ 1110.766064][T14430] kasan_report+0xe0/0x110 [ 1110.766130][T14430] ? fib6_ifdown+0x7f5/0x8f0 [ 1110.766180][T14430] fib6_ifdown+0x7f5/0x8f0 [ 1110.766224][T14430] ? __pfx_fib6_ifdown+0x10/0x10 [ 1110.766270][T14430] fib6_clean_node+0x2a7/0x5b0 [ 1110.766318][T14430] ? __pfx_fib6_clean_node+0x10/0x10 [ 1110.766369][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1110.766417][T14430] fib6_walk_continue+0x452/0x8d0 [ 1110.766459][T14430] fib6_walk+0x182/0x370 [ 1110.766497][T14430] ? __pfx_fib6_ifdown+0x10/0x10 [ 1110.766540][T14430] fib6_clean_tree+0xd4/0x110 [ 1110.766580][T14430] ? __pfx_fib6_clean_tree+0x10/0x10 [ 1110.766617][T14430] ? masq_device_event+0xf7/0x120 [ 1110.766656][T14430] ? notifier_call_chain+0xbc/0x410 [ 1110.766709][T14430] ? call_netdevice_notifiers_info+0xbe/0x140 [ 1110.766773][T14430] ? __pfx_fib6_clean_node+0x10/0x10 [ 1110.766819][T14430] ? __pfx_fib6_ifdown+0x10/0x10 [ 1110.766863][T14430] ? rcu_is_watching+0x12/0xc0 [ 1110.766907][T14430] ? __fib6_clean_all+0x10f/0x2d0 [ 1110.766945][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1110.766993][T14430] ? __pfx_fib6_ifdown+0x10/0x10 [ 1110.767038][T14430] __fib6_clean_all+0x107/0x2d0 [ 1110.767083][T14430] rt6_disable_ip+0x2ec/0x990 [ 1110.767151][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1110.767196][T14430] ? __mutex_trylock_common+0xe9/0x250 [ 1110.767259][T14430] ? __pfx___mutex_trylock_common+0x10/0x10 [ 1110.767321][T14430] ? __pfx_rt6_disable_ip+0x10/0x10 [ 1110.767383][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1110.767427][T14430] ? rcu_is_watching+0x12/0xc0 [ 1110.767473][T14430] addrconf_ifdown.isra.0+0x11d/0x1a90 [ 1110.767524][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1110.767568][T14430] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 1110.767631][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1110.767677][T14430] ? trace_irq_enable.constprop.0+0xd4/0x120 [ 1110.767718][T14430] ? __pfx_addrconf_ifdown.isra.0+0x10/0x10 [ 1110.767767][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1110.767814][T14430] ? tls_dev_event+0xfd/0x10b0 [ 1110.767857][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1110.767903][T14430] ? rcu_is_watching+0x12/0xc0 [ 1110.767950][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1110.767999][T14430] addrconf_notify+0x220/0x19e0 [ 1110.768055][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1110.768101][T14430] ? ip6mr_device_event+0x1bc/0x230 [ 1110.768167][T14430] notifier_call_chain+0xbc/0x410 [ 1110.768222][T14430] ? __pfx_addrconf_notify+0x10/0x10 [ 1110.768283][T14430] call_netdevice_notifiers_info+0xbe/0x140 [ 1110.768346][T14430] dev_close_many+0x319/0x630 [ 1110.768404][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1110.768450][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1110.768497][T14430] ? __pfx_dev_close_many+0x10/0x10 [ 1110.768563][T14430] unregister_netdevice_many_notify+0x578/0x26f0 [ 1110.768618][T14430] ? do_raw_spin_lock+0x12c/0x2b0 [ 1110.768662][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1110.768707][T14430] ? rcu_is_watching+0x12/0xc0 [ 1110.768751][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1110.768797][T14430] ? lock_release+0x201/0x2f0 [ 1110.768855][T14430] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 1110.768910][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1110.768955][T14430] ? do_raw_spin_unlock+0x172/0x230 [ 1110.768996][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1110.769041][T14430] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 1110.769099][T14430] ? __pfx_skb_queue_purge_reason+0x10/0x10 [ 1110.769159][T14430] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 1110.769220][T14430] ? linkwatch_fire_event+0x20c/0x270 [ 1110.769279][T14430] ? netif_carrier_off+0xa3/0xc0 [ 1110.769319][T14430] ? __tun_detach+0x1177/0x1540 [ 1110.769352][T14430] ? tun_chr_close+0xc2/0x230 [ 1110.769384][T14430] ? __fput+0x402/0xb70 [ 1110.769417][T14430] ? task_work_run+0x150/0x240 [ 1110.769456][T14430] ? do_exit+0xafb/0x2c30 [ 1110.769512][T14430] ? do_group_exit+0xd3/0x2a0 [ 1110.769571][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1110.769617][T14430] ? rcu_is_watching+0x12/0xc0 [ 1110.769665][T14430] unregister_netdevice_queue+0x305/0x3f0 [ 1110.769720][T14430] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 1110.769774][T14430] ? linkwatch_schedule_work+0x181/0x1c0 [ 1110.769835][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1110.769881][T14430] ? linkwatch_fire_event+0x6f/0x270 [ 1110.769944][T14430] __tun_detach+0x1249/0x1540 [ 1110.769985][T14430] ? __pfx_tun_chr_close+0x10/0x10 [ 1110.770019][T14430] tun_chr_close+0xc2/0x230 [ 1110.770054][T14430] __fput+0x402/0xb70 [ 1110.770093][T14430] task_work_run+0x150/0x240 [ 1110.770139][T14430] ? __pfx_task_work_run+0x10/0x10 [ 1110.770178][T14430] ? switch_task_namespaces+0xeb/0x100 [ 1110.770238][T14430] do_exit+0xafb/0x2c30 [ 1110.770297][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1110.770343][T14430] ? do_raw_spin_lock+0x12c/0x2b0 [ 1110.770383][T14430] ? __pfx_do_exit+0x10/0x10 [ 1110.770439][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1110.770485][T14430] ? rcu_is_watching+0x12/0xc0 [ 1110.770529][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1110.770575][T14430] ? rcu_is_watching+0x12/0xc0 [ 1110.770623][T14430] do_group_exit+0xd3/0x2a0 [ 1110.770684][T14430] __x64_sys_exit_group+0x3e/0x50 [ 1110.770743][T14430] x64_sys_call+0x1530/0x1730 [ 1110.770798][T14430] do_syscall_64+0xcd/0x260 [ 1110.770861][T14430] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1110.770899][T14430] RIP: 0033:0x7f823658e969 [ 1110.770927][T14430] Code: Unable to access opcode bytes at 0x7f823658e93f. [ 1110.770944][T14430] RSP: 002b:00007ffc83d70f68 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 1110.770979][T14430] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f823658e969 [ 1110.771005][T14430] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000043 [ 1110.771029][T14430] RBP: 00007f8236612053 R08: 00007ffc83d6ed06 R09: 0000555588d95590 [ 1110.771055][T14430] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000020 [ 1110.771079][T14430] R13: 0000555588d95590 R14: 000000000010d8f3 R15: 00007ffc83d71120 [ 1110.771117][T14430] [ 1110.771134][T14430] [ 1111.404382][T14430] The buggy address belongs to the variable: [ 1111.410366][T14430] __key.0+0x30/0x40 [ 1111.414281][T14430] [ 1111.416605][T14430] The buggy address belongs to the physical page: [ 1111.423016][T14430] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1af8c [ 1111.431786][T14430] flags: 0xfff00000002000(reserved|node=0|zone=1|lastcpupid=0x7ff) [ 1111.439703][T14430] raw: 00fff00000002000 ffffea00006be308 ffffea00006be308 0000000000000000 [ 1111.448304][T14430] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 1111.456893][T14430] page dumped because: kasan: bad access detected [ 1111.463309][T14430] page_owner info is not present (never set?) [ 1111.469368][T14430] [ 1111.471692][T14430] Memory state around the buggy address: [ 1111.477326][T14430] ffffffff9af8cb80: f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 [ 1111.485399][T14430] ffffffff9af8cc00: f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 00 00 f9 f9 [ 1111.493469][T14430] >ffffffff9af8cc80: f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 [ 1111.501534][T14430] ^ [ 1111.506129][T14430] ffffffff9af8cd00: 00 00 00 00 00 00 00 00 00 00 00 f9 f9 f9 f9 f9 [ 1111.514212][T14430] ffffffff9af8cd80: 00 00 f9 f9 f9 f9 f9 f9 00 00 f9 f9 f9 f9 f9 f9 [ 1111.522289][T14430] ================================================================== [ 1111.530450][T14430] ================================================================== [ 1111.538540][T14430] BUG: KASAN: global-out-of-bounds in fib6_ifdown+0x170/0x8f0 [ 1111.546145][T14430] Read of size 1 at addr ffffffff9af8cc79 by task syz-executor/14430 [ 1111.554235][T14430] [ 1111.556582][T14430] CPU: 0 UID: 0 PID: 14430 Comm: syz-executor Tainted: G B 6.15.0-syzkaller #0 PREEMPT(full) [ 1111.556640][T14430] Tainted: [B]=BAD_PAGE [ 1111.556654][T14430] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1111.556677][T14430] Call Trace: [ 1111.556690][T14430] [ 1111.556704][T14430] dump_stack_lvl+0x116/0x1f0 [ 1111.556764][T14430] print_report+0xc3/0x670 [ 1111.556821][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1111.556870][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1111.556916][T14430] ? __phys_addr+0xc6/0x150 [ 1111.556973][T14430] ? fib6_ifdown+0x170/0x8f0 [ 1111.557018][T14430] kasan_report+0xe0/0x110 [ 1111.557078][T14430] ? fib6_ifdown+0x170/0x8f0 [ 1111.557137][T14430] fib6_ifdown+0x170/0x8f0 [ 1111.557184][T14430] ? __pfx_fib6_ifdown+0x10/0x10 [ 1111.557232][T14430] fib6_clean_node+0x2a7/0x5b0 [ 1111.557281][T14430] ? __pfx_fib6_clean_node+0x10/0x10 [ 1111.557334][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1111.557384][T14430] fib6_walk_continue+0x452/0x8d0 [ 1111.557426][T14430] fib6_walk+0x182/0x370 [ 1111.557466][T14430] ? __pfx_fib6_ifdown+0x10/0x10 [ 1111.557509][T14430] fib6_clean_tree+0xd4/0x110 [ 1111.557549][T14430] ? __pfx_fib6_clean_tree+0x10/0x10 [ 1111.557588][T14430] ? masq_device_event+0xf7/0x120 [ 1111.557627][T14430] ? notifier_call_chain+0xbc/0x410 [ 1111.557682][T14430] ? call_netdevice_notifiers_info+0xbe/0x140 [ 1111.557746][T14430] ? __pfx_fib6_clean_node+0x10/0x10 [ 1111.557793][T14430] ? __pfx_fib6_ifdown+0x10/0x10 [ 1111.557840][T14430] ? rcu_is_watching+0x12/0xc0 [ 1111.557885][T14430] ? __fib6_clean_all+0x10f/0x2d0 [ 1111.557925][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1111.557975][T14430] ? __pfx_fib6_ifdown+0x10/0x10 [ 1111.558020][T14430] __fib6_clean_all+0x107/0x2d0 [ 1111.558066][T14430] rt6_disable_ip+0x2ec/0x990 [ 1111.558136][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1111.558182][T14430] ? __mutex_trylock_common+0xe9/0x250 [ 1111.558246][T14430] ? __pfx___mutex_trylock_common+0x10/0x10 [ 1111.558309][T14430] ? __pfx_rt6_disable_ip+0x10/0x10 [ 1111.558373][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1111.558418][T14430] ? rcu_is_watching+0x12/0xc0 [ 1111.558466][T14430] addrconf_ifdown.isra.0+0x11d/0x1a90 [ 1111.558519][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1111.558565][T14430] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 1111.558627][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1111.558673][T14430] ? trace_irq_enable.constprop.0+0xd4/0x120 [ 1111.558714][T14430] ? __pfx_addrconf_ifdown.isra.0+0x10/0x10 [ 1111.558762][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1111.558809][T14430] ? tls_dev_event+0xfd/0x10b0 [ 1111.558853][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1111.558898][T14430] ? rcu_is_watching+0x12/0xc0 [ 1111.558945][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1111.558993][T14430] addrconf_notify+0x220/0x19e0 [ 1111.559048][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1111.559094][T14430] ? ip6mr_device_event+0x1bc/0x230 [ 1111.559160][T14430] notifier_call_chain+0xbc/0x410 [ 1111.559214][T14430] ? __pfx_addrconf_notify+0x10/0x10 [ 1111.559275][T14430] call_netdevice_notifiers_info+0xbe/0x140 [ 1111.559337][T14430] dev_close_many+0x319/0x630 [ 1111.559394][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1111.559441][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1111.559488][T14430] ? __pfx_dev_close_many+0x10/0x10 [ 1111.559554][T14430] unregister_netdevice_many_notify+0x578/0x26f0 [ 1111.559609][T14430] ? do_raw_spin_lock+0x12c/0x2b0 [ 1111.559653][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1111.559698][T14430] ? rcu_is_watching+0x12/0xc0 [ 1111.559742][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1111.559788][T14430] ? lock_release+0x201/0x2f0 [ 1111.559845][T14430] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 1111.559901][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1111.559946][T14430] ? do_raw_spin_unlock+0x172/0x230 [ 1111.559987][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1111.560032][T14430] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 1111.560089][T14430] ? __pfx_skb_queue_purge_reason+0x10/0x10 [ 1111.560151][T14430] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 1111.560211][T14430] ? linkwatch_fire_event+0x20c/0x270 [ 1111.560270][T14430] ? netif_carrier_off+0xa3/0xc0 [ 1111.560310][T14430] ? __tun_detach+0x1177/0x1540 [ 1111.560344][T14430] ? tun_chr_close+0xc2/0x230 [ 1111.560376][T14430] ? __fput+0x402/0xb70 [ 1111.560408][T14430] ? task_work_run+0x150/0x240 [ 1111.560448][T14430] ? do_exit+0xafb/0x2c30 [ 1111.560503][T14430] ? do_group_exit+0xd3/0x2a0 [ 1111.560561][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1111.560607][T14430] ? rcu_is_watching+0x12/0xc0 [ 1111.560655][T14430] unregister_netdevice_queue+0x305/0x3f0 [ 1111.560709][T14430] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 1111.560762][T14430] ? linkwatch_schedule_work+0x181/0x1c0 [ 1111.560822][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1111.560868][T14430] ? linkwatch_fire_event+0x6f/0x270 [ 1111.560931][T14430] __tun_detach+0x1249/0x1540 [ 1111.560972][T14430] ? __pfx_tun_chr_close+0x10/0x10 [ 1111.561006][T14430] tun_chr_close+0xc2/0x230 [ 1111.561040][T14430] __fput+0x402/0xb70 [ 1111.561079][T14430] task_work_run+0x150/0x240 [ 1111.561120][T14430] ? __pfx_task_work_run+0x10/0x10 [ 1111.561163][T14430] ? switch_task_namespaces+0xeb/0x100 [ 1111.561223][T14430] do_exit+0xafb/0x2c30 [ 1111.561283][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1111.561328][T14430] ? do_raw_spin_lock+0x12c/0x2b0 [ 1111.561369][T14430] ? __pfx_do_exit+0x10/0x10 [ 1111.561424][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1111.561469][T14430] ? rcu_is_watching+0x12/0xc0 [ 1111.561514][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1111.561559][T14430] ? rcu_is_watching+0x12/0xc0 [ 1111.561606][T14430] do_group_exit+0xd3/0x2a0 [ 1111.561666][T14430] __x64_sys_exit_group+0x3e/0x50 [ 1111.561726][T14430] x64_sys_call+0x1530/0x1730 [ 1111.561781][T14430] do_syscall_64+0xcd/0x260 [ 1111.561843][T14430] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1111.561882][T14430] RIP: 0033:0x7f823658e969 [ 1111.561909][T14430] Code: Unable to access opcode bytes at 0x7f823658e93f. [ 1111.561927][T14430] RSP: 002b:00007ffc83d70f68 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 1111.561962][T14430] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f823658e969 [ 1111.561986][T14430] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000043 [ 1111.562010][T14430] RBP: 00007f8236612053 R08: 00007ffc83d6ed06 R09: 0000555588d95590 [ 1111.562035][T14430] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000020 [ 1111.562060][T14430] R13: 0000555588d95590 R14: 000000000010d8f3 R15: 00007ffc83d71120 [ 1111.562098][T14430] [ 1111.562110][T14430] [ 1112.195892][T14430] The buggy address belongs to the variable: [ 1112.201874][T14430] __key.0+0x19/0x40 [ 1112.205798][T14430] [ 1112.208127][T14430] The buggy address belongs to the physical page: [ 1112.214549][T14430] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1af8c [ 1112.223329][T14430] flags: 0xfff00000002000(reserved|node=0|zone=1|lastcpupid=0x7ff) [ 1112.231258][T14430] raw: 00fff00000002000 ffffea00006be308 ffffea00006be308 0000000000000000 [ 1112.239872][T14430] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 1112.248467][T14430] page dumped because: kasan: bad access detected [ 1112.254888][T14430] page_owner info is not present (never set?) [ 1112.260955][T14430] [ 1112.263283][T14430] Memory state around the buggy address: [ 1112.268923][T14430] ffffffff9af8cb00: f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 [ 1112.277001][T14430] ffffffff9af8cb80: f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 [ 1112.285082][T14430] >ffffffff9af8cc00: f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 00 00 f9 f9 [ 1112.293161][T14430] ^ [ 1112.301158][T14430] ffffffff9af8cc80: f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 [ 1112.309237][T14430] ffffffff9af8cd00: 00 00 00 00 00 00 00 00 00 00 00 f9 f9 f9 f9 f9 [ 1112.317312][T14430] ================================================================== [ 1112.325448][T14430] ================================================================== [ 1112.333522][T14430] BUG: KASAN: global-out-of-bounds in fib6_ifdown+0x1c4/0x8f0 [ 1112.341020][T14430] Read of size 4 at addr ffffffff9af8cc08 by task syz-executor/14430 [ 1112.349105][T14430] [ 1112.351447][T14430] CPU: 0 UID: 0 PID: 14430 Comm: syz-executor Tainted: G B 6.15.0-syzkaller #0 PREEMPT(full) [ 1112.351504][T14430] Tainted: [B]=BAD_PAGE [ 1112.351518][T14430] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1112.351541][T14430] Call Trace: [ 1112.351553][T14430] [ 1112.351567][T14430] dump_stack_lvl+0x116/0x1f0 [ 1112.351629][T14430] print_report+0xc3/0x670 [ 1112.351688][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1112.351734][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1112.351780][T14430] ? __phys_addr+0xc6/0x150 [ 1112.351837][T14430] ? fib6_ifdown+0x1c4/0x8f0 [ 1112.351882][T14430] kasan_report+0xe0/0x110 [ 1112.351942][T14430] ? fib6_ifdown+0x1c4/0x8f0 [ 1112.351993][T14430] fib6_ifdown+0x1c4/0x8f0 [ 1112.352040][T14430] ? __pfx_fib6_ifdown+0x10/0x10 [ 1112.352088][T14430] fib6_clean_node+0x2a7/0x5b0 [ 1112.352136][T14430] ? __pfx_fib6_clean_node+0x10/0x10 [ 1112.352194][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1112.352244][T14430] fib6_walk_continue+0x452/0x8d0 [ 1112.352287][T14430] fib6_walk+0x182/0x370 [ 1112.352326][T14430] ? __pfx_fib6_ifdown+0x10/0x10 [ 1112.352370][T14430] fib6_clean_tree+0xd4/0x110 [ 1112.352410][T14430] ? __pfx_fib6_clean_tree+0x10/0x10 [ 1112.352449][T14430] ? masq_device_event+0xf7/0x120 [ 1112.352489][T14430] ? notifier_call_chain+0xbc/0x410 [ 1112.352544][T14430] ? call_netdevice_notifiers_info+0xbe/0x140 [ 1112.352609][T14430] ? __pfx_fib6_clean_node+0x10/0x10 [ 1112.352656][T14430] ? __pfx_fib6_ifdown+0x10/0x10 [ 1112.352702][T14430] ? rcu_is_watching+0x12/0xc0 [ 1112.352748][T14430] ? __fib6_clean_all+0x10f/0x2d0 [ 1112.352788][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1112.352838][T14430] ? __pfx_fib6_ifdown+0x10/0x10 [ 1112.352884][T14430] __fib6_clean_all+0x107/0x2d0 [ 1112.352930][T14430] rt6_disable_ip+0x2ec/0x990 [ 1112.352992][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1112.353037][T14430] ? __mutex_trylock_common+0xe9/0x250 [ 1112.353100][T14430] ? __pfx___mutex_trylock_common+0x10/0x10 [ 1112.353168][T14430] ? __pfx_rt6_disable_ip+0x10/0x10 [ 1112.353232][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1112.353277][T14430] ? rcu_is_watching+0x12/0xc0 [ 1112.353325][T14430] addrconf_ifdown.isra.0+0x11d/0x1a90 [ 1112.353377][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1112.353422][T14430] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 1112.353486][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1112.353531][T14430] ? trace_irq_enable.constprop.0+0xd4/0x120 [ 1112.353571][T14430] ? __pfx_addrconf_ifdown.isra.0+0x10/0x10 [ 1112.353618][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1112.353666][T14430] ? tls_dev_event+0xfd/0x10b0 [ 1112.353709][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1112.353754][T14430] ? rcu_is_watching+0x12/0xc0 [ 1112.353800][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1112.353849][T14430] addrconf_notify+0x220/0x19e0 [ 1112.353904][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1112.353949][T14430] ? ip6mr_device_event+0x1bc/0x230 [ 1112.354011][T14430] notifier_call_chain+0xbc/0x410 [ 1112.354065][T14430] ? __pfx_addrconf_notify+0x10/0x10 [ 1112.354125][T14430] call_netdevice_notifiers_info+0xbe/0x140 [ 1112.354193][T14430] dev_close_many+0x319/0x630 [ 1112.354251][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1112.354298][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1112.354345][T14430] ? __pfx_dev_close_many+0x10/0x10 [ 1112.354411][T14430] unregister_netdevice_many_notify+0x578/0x26f0 [ 1112.354467][T14430] ? do_raw_spin_lock+0x12c/0x2b0 [ 1112.354510][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1112.354555][T14430] ? rcu_is_watching+0x12/0xc0 [ 1112.354600][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1112.354645][T14430] ? lock_release+0x201/0x2f0 [ 1112.354704][T14430] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 1112.354759][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1112.354805][T14430] ? do_raw_spin_unlock+0x172/0x230 [ 1112.354846][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1112.354892][T14430] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 1112.354949][T14430] ? __pfx_skb_queue_purge_reason+0x10/0x10 [ 1112.355005][T14430] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 1112.355066][T14430] ? linkwatch_fire_event+0x20c/0x270 [ 1112.355124][T14430] ? netif_carrier_off+0xa3/0xc0 [ 1112.355168][T14430] ? __tun_detach+0x1177/0x1540 [ 1112.355202][T14430] ? tun_chr_close+0xc2/0x230 [ 1112.355233][T14430] ? __fput+0x402/0xb70 [ 1112.355267][T14430] ? task_work_run+0x150/0x240 [ 1112.355306][T14430] ? do_exit+0xafb/0x2c30 [ 1112.355361][T14430] ? do_group_exit+0xd3/0x2a0 [ 1112.355419][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1112.355464][T14430] ? rcu_is_watching+0x12/0xc0 [ 1112.355512][T14430] unregister_netdevice_queue+0x305/0x3f0 [ 1112.355567][T14430] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 1112.355621][T14430] ? linkwatch_schedule_work+0x181/0x1c0 [ 1112.355681][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1112.355727][T14430] ? linkwatch_fire_event+0x6f/0x270 [ 1112.355790][T14430] __tun_detach+0x1249/0x1540 [ 1112.355832][T14430] ? __pfx_tun_chr_close+0x10/0x10 [ 1112.355866][T14430] tun_chr_close+0xc2/0x230 [ 1112.355900][T14430] __fput+0x402/0xb70 [ 1112.355940][T14430] task_work_run+0x150/0x240 [ 1112.355980][T14430] ? __pfx_task_work_run+0x10/0x10 [ 1112.356020][T14430] ? switch_task_namespaces+0xeb/0x100 [ 1112.356081][T14430] do_exit+0xafb/0x2c30 [ 1112.356140][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1112.356189][T14430] ? do_raw_spin_lock+0x12c/0x2b0 [ 1112.356229][T14430] ? __pfx_do_exit+0x10/0x10 [ 1112.356285][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1112.356331][T14430] ? rcu_is_watching+0x12/0xc0 [ 1112.356377][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1112.356422][T14430] ? rcu_is_watching+0x12/0xc0 [ 1112.356470][T14430] do_group_exit+0xd3/0x2a0 [ 1112.356531][T14430] __x64_sys_exit_group+0x3e/0x50 [ 1112.356591][T14430] x64_sys_call+0x1530/0x1730 [ 1112.356647][T14430] do_syscall_64+0xcd/0x260 [ 1112.356709][T14430] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1112.356748][T14430] RIP: 0033:0x7f823658e969 [ 1112.356775][T14430] Code: Unable to access opcode bytes at 0x7f823658e93f. [ 1112.356793][T14430] RSP: 002b:00007ffc83d70f68 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 1112.356828][T14430] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f823658e969 [ 1112.356854][T14430] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000043 [ 1112.356878][T14430] RBP: 00007f8236612053 R08: 00007ffc83d6ed06 R09: 0000555588d95590 [ 1112.356903][T14430] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000020 [ 1112.356927][T14430] R13: 0000555588d95590 R14: 000000000010d8f3 R15: 00007ffc83d71120 [ 1112.356965][T14430] [ 1112.356979][T14430] [ 1112.990046][T14430] The buggy address belongs to the variable: [ 1112.996031][T14430] binder_devices+0x28/0x40 [ 1113.000552][T14430] [ 1113.002875][T14430] The buggy address belongs to the physical page: [ 1113.009285][T14430] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1af8c [ 1113.018057][T14430] flags: 0xfff00000002000(reserved|node=0|zone=1|lastcpupid=0x7ff) [ 1113.025978][T14430] raw: 00fff00000002000 ffffea00006be308 ffffea00006be308 0000000000000000 [ 1113.034580][T14430] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 1113.043169][T14430] page dumped because: kasan: bad access detected [ 1113.049588][T14430] page_owner info is not present (never set?) [ 1113.055660][T14430] [ 1113.057984][T14430] Memory state around the buggy address: [ 1113.063619][T14430] ffffffff9af8cb00: f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 [ 1113.071695][T14430] ffffffff9af8cb80: f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 [ 1113.079772][T14430] >ffffffff9af8cc00: f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 00 00 f9 f9 [ 1113.087840][T14430] ^ [ 1113.092171][T14430] ffffffff9af8cc80: f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 [ 1113.100244][T14430] ffffffff9af8cd00: 00 00 00 00 00 00 00 00 00 00 00 f9 f9 f9 f9 f9 [ 1113.108314][T14430] ================================================================== [ 1113.116435][T14430] ================================================================== [ 1113.124511][T14430] BUG: KASAN: global-out-of-bounds in fib6_ifdown+0x877/0x8f0 [ 1113.132013][T14430] Read of size 8 at addr ffffffff9af8cc98 by task syz-executor/14430 [ 1113.140099][T14430] [ 1113.142451][T14430] CPU: 0 UID: 0 PID: 14430 Comm: syz-executor Tainted: G B 6.15.0-syzkaller #0 PREEMPT(full) [ 1113.142509][T14430] Tainted: [B]=BAD_PAGE [ 1113.142523][T14430] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1113.142546][T14430] Call Trace: [ 1113.142558][T14430] [ 1113.142572][T14430] dump_stack_lvl+0x116/0x1f0 [ 1113.142635][T14430] print_report+0xc3/0x670 [ 1113.142695][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1113.142742][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1113.142788][T14430] ? __phys_addr+0xc6/0x150 [ 1113.142845][T14430] ? fib6_ifdown+0x877/0x8f0 [ 1113.142889][T14430] kasan_report+0xe0/0x110 [ 1113.142950][T14430] ? fib6_ifdown+0x877/0x8f0 [ 1113.143000][T14430] fib6_ifdown+0x877/0x8f0 [ 1113.143047][T14430] ? __pfx_fib6_ifdown+0x10/0x10 [ 1113.143095][T14430] fib6_clean_node+0x2a7/0x5b0 [ 1113.143148][T14430] ? __pfx_fib6_clean_node+0x10/0x10 [ 1113.143200][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1113.143250][T14430] fib6_walk_continue+0x452/0x8d0 [ 1113.143292][T14430] fib6_walk+0x182/0x370 [ 1113.143331][T14430] ? __pfx_fib6_ifdown+0x10/0x10 [ 1113.143375][T14430] fib6_clean_tree+0xd4/0x110 [ 1113.143414][T14430] ? __pfx_fib6_clean_tree+0x10/0x10 [ 1113.143453][T14430] ? masq_device_event+0xf7/0x120 [ 1113.143492][T14430] ? notifier_call_chain+0xbc/0x410 [ 1113.143547][T14430] ? call_netdevice_notifiers_info+0xbe/0x140 [ 1113.143611][T14430] ? __pfx_fib6_clean_node+0x10/0x10 [ 1113.143658][T14430] ? __pfx_fib6_ifdown+0x10/0x10 [ 1113.143704][T14430] ? rcu_is_watching+0x12/0xc0 [ 1113.143749][T14430] ? __fib6_clean_all+0x10f/0x2d0 [ 1113.143788][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1113.143837][T14430] ? __pfx_fib6_ifdown+0x10/0x10 [ 1113.143883][T14430] __fib6_clean_all+0x107/0x2d0 [ 1113.143928][T14430] rt6_disable_ip+0x2ec/0x990 [ 1113.143990][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1113.144036][T14430] ? __mutex_trylock_common+0xe9/0x250 [ 1113.144100][T14430] ? __pfx___mutex_trylock_common+0x10/0x10 [ 1113.144170][T14430] ? __pfx_rt6_disable_ip+0x10/0x10 [ 1113.144233][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1113.144279][T14430] ? rcu_is_watching+0x12/0xc0 [ 1113.144328][T14430] addrconf_ifdown.isra.0+0x11d/0x1a90 [ 1113.144380][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1113.144426][T14430] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 1113.144489][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1113.144535][T14430] ? trace_irq_enable.constprop.0+0xd4/0x120 [ 1113.144576][T14430] ? __pfx_addrconf_ifdown.isra.0+0x10/0x10 [ 1113.144624][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1113.144671][T14430] ? tls_dev_event+0xfd/0x10b0 [ 1113.144716][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1113.144763][T14430] ? rcu_is_watching+0x12/0xc0 [ 1113.144809][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1113.144858][T14430] addrconf_notify+0x220/0x19e0 [ 1113.144913][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1113.144958][T14430] ? ip6mr_device_event+0x1bc/0x230 [ 1113.145020][T14430] notifier_call_chain+0xbc/0x410 [ 1113.145092][T14430] ? __pfx_addrconf_notify+0x10/0x10 [ 1113.145158][T14430] call_netdevice_notifiers_info+0xbe/0x140 [ 1113.145219][T14430] dev_close_many+0x319/0x630 [ 1113.145278][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1113.145324][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1113.145372][T14430] ? __pfx_dev_close_many+0x10/0x10 [ 1113.145437][T14430] unregister_netdevice_many_notify+0x578/0x26f0 [ 1113.145494][T14430] ? do_raw_spin_lock+0x12c/0x2b0 [ 1113.145538][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1113.145584][T14430] ? rcu_is_watching+0x12/0xc0 [ 1113.145631][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1113.145677][T14430] ? lock_release+0x201/0x2f0 [ 1113.145735][T14430] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 1113.145791][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1113.145837][T14430] ? do_raw_spin_unlock+0x172/0x230 [ 1113.145878][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1113.145924][T14430] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 1113.145981][T14430] ? __pfx_skb_queue_purge_reason+0x10/0x10 [ 1113.146038][T14430] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 1113.146099][T14430] ? linkwatch_fire_event+0x20c/0x270 [ 1113.146162][T14430] ? netif_carrier_off+0xa3/0xc0 [ 1113.146202][T14430] ? __tun_detach+0x1177/0x1540 [ 1113.146236][T14430] ? tun_chr_close+0xc2/0x230 [ 1113.146269][T14430] ? __fput+0x402/0xb70 [ 1113.146301][T14430] ? task_work_run+0x150/0x240 [ 1113.146341][T14430] ? do_exit+0xafb/0x2c30 [ 1113.146395][T14430] ? do_group_exit+0xd3/0x2a0 [ 1113.146454][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1113.146500][T14430] ? rcu_is_watching+0x12/0xc0 [ 1113.146548][T14430] unregister_netdevice_queue+0x305/0x3f0 [ 1113.146603][T14430] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 1113.146657][T14430] ? linkwatch_schedule_work+0x181/0x1c0 [ 1113.146718][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1113.146763][T14430] ? linkwatch_fire_event+0x6f/0x270 [ 1113.146827][T14430] __tun_detach+0x1249/0x1540 [ 1113.146867][T14430] ? __pfx_tun_chr_close+0x10/0x10 [ 1113.146901][T14430] tun_chr_close+0xc2/0x230 [ 1113.146935][T14430] __fput+0x402/0xb70 [ 1113.146975][T14430] task_work_run+0x150/0x240 [ 1113.147016][T14430] ? __pfx_task_work_run+0x10/0x10 [ 1113.147053][T14430] ? switch_task_namespaces+0xeb/0x100 [ 1113.147110][T14430] do_exit+0xafb/0x2c30 [ 1113.147172][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1113.147217][T14430] ? do_raw_spin_lock+0x12c/0x2b0 [ 1113.147256][T14430] ? __pfx_do_exit+0x10/0x10 [ 1113.147309][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1113.147356][T14430] ? rcu_is_watching+0x12/0xc0 [ 1113.147400][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1113.147446][T14430] ? rcu_is_watching+0x12/0xc0 [ 1113.147494][T14430] do_group_exit+0xd3/0x2a0 [ 1113.147554][T14430] __x64_sys_exit_group+0x3e/0x50 [ 1113.147614][T14430] x64_sys_call+0x1530/0x1730 [ 1113.147669][T14430] do_syscall_64+0xcd/0x260 [ 1113.147731][T14430] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1113.147769][T14430] RIP: 0033:0x7f823658e969 [ 1113.147796][T14430] Code: Unable to access opcode bytes at 0x7f823658e93f. [ 1113.147814][T14430] RSP: 002b:00007ffc83d70f68 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 1113.147849][T14430] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f823658e969 [ 1113.147875][T14430] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000043 [ 1113.147899][T14430] RBP: 00007f8236612053 R08: 00007ffc83d6ed06 R09: 0000555588d95590 [ 1113.147924][T14430] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000020 [ 1113.147948][T14430] R13: 0000555588d95590 R14: 000000000010d8f3 R15: 00007ffc83d71120 [ 1113.147987][T14430] [ 1113.147999][T14430] [ 1113.782109][T14430] The buggy address belongs to the variable: [ 1113.788115][T14430] __key.0+0x38/0x40 [ 1113.792059][T14430] [ 1113.794392][T14430] The buggy address belongs to the physical page: [ 1113.800821][T14430] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1af8c [ 1113.809624][T14430] flags: 0xfff00000002000(reserved|node=0|zone=1|lastcpupid=0x7ff) [ 1113.817563][T14430] raw: 00fff00000002000 ffffea00006be308 ffffea00006be308 0000000000000000 [ 1113.826199][T14430] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 1113.834814][T14430] page dumped because: kasan: bad access detected [ 1113.841253][T14430] page_owner info is not present (never set?) [ 1113.847337][T14430] [ 1113.849673][T14430] Memory state around the buggy address: [ 1113.855316][T14430] ffffffff9af8cb80: f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 [ 1113.863418][T14430] ffffffff9af8cc00: f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 00 00 f9 f9 [ 1113.871536][T14430] >ffffffff9af8cc80: f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 [ 1113.879717][T14430] ^ [ 1113.884585][T14430] ffffffff9af8cd00: 00 00 00 00 00 00 00 00 00 00 00 f9 f9 f9 f9 f9 [ 1113.892676][T14430] ffffffff9af8cd80: 00 00 f9 f9 f9 f9 f9 f9 00 00 f9 f9 f9 f9 f9 f9 [ 1113.900769][T14430] ================================================================== [ 1113.908917][T14430] ================================================================== [ 1113.917003][T14430] BUG: KASAN: global-out-of-bounds in fib6_clean_node+0x51c/0x5b0 [ 1113.924868][T14430] Read of size 8 at addr ffffffff9af8cbe8 by task syz-executor/14430 [ 1113.932966][T14430] [ 1113.935320][T14430] CPU: 0 UID: 0 PID: 14430 Comm: syz-executor Tainted: G B 6.15.0-syzkaller #0 PREEMPT(full) [ 1113.935376][T14430] Tainted: [B]=BAD_PAGE [ 1113.935390][T14430] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1113.935413][T14430] Call Trace: [ 1113.935424][T14430] [ 1113.935438][T14430] dump_stack_lvl+0x116/0x1f0 [ 1113.935501][T14430] print_report+0xc3/0x670 [ 1113.935560][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1113.935606][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1113.935650][T14430] ? __phys_addr+0xc6/0x150 [ 1113.935706][T14430] ? fib6_clean_node+0x51c/0x5b0 [ 1113.935751][T14430] kasan_report+0xe0/0x110 [ 1113.935811][T14430] ? fib6_clean_node+0x51c/0x5b0 [ 1113.935863][T14430] fib6_clean_node+0x51c/0x5b0 [ 1113.935912][T14430] ? __pfx_fib6_clean_node+0x10/0x10 [ 1113.935964][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1113.936014][T14430] fib6_walk_continue+0x452/0x8d0 [ 1113.936057][T14430] fib6_walk+0x182/0x370 [ 1113.936096][T14430] ? __pfx_fib6_ifdown+0x10/0x10 [ 1113.936147][T14430] fib6_clean_tree+0xd4/0x110 [ 1113.936186][T14430] ? __pfx_fib6_clean_tree+0x10/0x10 [ 1113.936224][T14430] ? masq_device_event+0xf7/0x120 [ 1113.936264][T14430] ? notifier_call_chain+0xbc/0x410 [ 1113.936318][T14430] ? call_netdevice_notifiers_info+0xbe/0x140 [ 1113.936383][T14430] ? __pfx_fib6_clean_node+0x10/0x10 [ 1113.936430][T14430] ? __pfx_fib6_ifdown+0x10/0x10 [ 1113.936475][T14430] ? rcu_is_watching+0x12/0xc0 [ 1113.936519][T14430] ? __fib6_clean_all+0x10f/0x2d0 [ 1113.936558][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1113.936608][T14430] ? __pfx_fib6_ifdown+0x10/0x10 [ 1113.936652][T14430] __fib6_clean_all+0x107/0x2d0 [ 1113.936698][T14430] rt6_disable_ip+0x2ec/0x990 [ 1113.936758][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1113.936805][T14430] ? __mutex_trylock_common+0xe9/0x250 [ 1113.936870][T14430] ? __pfx___mutex_trylock_common+0x10/0x10 [ 1113.936934][T14430] ? __pfx_rt6_disable_ip+0x10/0x10 [ 1113.936997][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1113.937042][T14430] ? rcu_is_watching+0x12/0xc0 [ 1113.937090][T14430] addrconf_ifdown.isra.0+0x11d/0x1a90 [ 1113.937148][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1113.937192][T14430] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 1113.937253][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1113.937297][T14430] ? trace_irq_enable.constprop.0+0xd4/0x120 [ 1113.937337][T14430] ? __pfx_addrconf_ifdown.isra.0+0x10/0x10 [ 1113.937384][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1113.937430][T14430] ? tls_dev_event+0xfd/0x10b0 [ 1113.937472][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1113.937516][T14430] ? rcu_is_watching+0x12/0xc0 [ 1113.937561][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1113.937609][T14430] addrconf_notify+0x220/0x19e0 [ 1113.937663][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1113.937708][T14430] ? ip6mr_device_event+0x1bc/0x230 [ 1113.937768][T14430] notifier_call_chain+0xbc/0x410 [ 1113.937822][T14430] ? __pfx_addrconf_notify+0x10/0x10 [ 1113.937882][T14430] call_netdevice_notifiers_info+0xbe/0x140 [ 1113.937943][T14430] dev_close_many+0x319/0x630 [ 1113.937999][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1113.938045][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1113.938090][T14430] ? __pfx_dev_close_many+0x10/0x10 [ 1113.938159][T14430] unregister_netdevice_many_notify+0x578/0x26f0 [ 1113.938214][T14430] ? do_raw_spin_lock+0x12c/0x2b0 [ 1113.938255][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1113.938300][T14430] ? rcu_is_watching+0x12/0xc0 [ 1113.938343][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1113.938387][T14430] ? lock_release+0x201/0x2f0 [ 1113.938443][T14430] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 1113.938497][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1113.938541][T14430] ? do_raw_spin_unlock+0x172/0x230 [ 1113.938580][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1113.938625][T14430] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 1113.938680][T14430] ? __pfx_skb_queue_purge_reason+0x10/0x10 [ 1113.938736][T14430] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 1113.938795][T14430] ? linkwatch_fire_event+0x20c/0x270 [ 1113.938854][T14430] ? netif_carrier_off+0xa3/0xc0 [ 1113.938892][T14430] ? __tun_detach+0x1177/0x1540 [ 1113.938925][T14430] ? tun_chr_close+0xc2/0x230 [ 1113.938957][T14430] ? __fput+0x402/0xb70 [ 1113.938989][T14430] ? task_work_run+0x150/0x240 [ 1113.939026][T14430] ? do_exit+0xafb/0x2c30 [ 1113.939080][T14430] ? do_group_exit+0xd3/0x2a0 [ 1113.939145][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1113.939190][T14430] ? rcu_is_watching+0x12/0xc0 [ 1113.939236][T14430] unregister_netdevice_queue+0x305/0x3f0 [ 1113.939289][T14430] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 1113.939342][T14430] ? linkwatch_schedule_work+0x181/0x1c0 [ 1113.939401][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1113.939446][T14430] ? linkwatch_fire_event+0x6f/0x270 [ 1113.939508][T14430] __tun_detach+0x1249/0x1540 [ 1113.939549][T14430] ? __pfx_tun_chr_close+0x10/0x10 [ 1113.939583][T14430] tun_chr_close+0xc2/0x230 [ 1113.939617][T14430] __fput+0x402/0xb70 [ 1113.939657][T14430] task_work_run+0x150/0x240 [ 1113.939699][T14430] ? __pfx_task_work_run+0x10/0x10 [ 1113.939737][T14430] ? switch_task_namespaces+0xeb/0x100 [ 1113.939797][T14430] do_exit+0xafb/0x2c30 [ 1113.939856][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1113.939902][T14430] ? do_raw_spin_lock+0x12c/0x2b0 [ 1113.939942][T14430] ? __pfx_do_exit+0x10/0x10 [ 1113.939998][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1113.940044][T14430] ? rcu_is_watching+0x12/0xc0 [ 1113.940089][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1113.940141][T14430] ? rcu_is_watching+0x12/0xc0 [ 1113.940189][T14430] do_group_exit+0xd3/0x2a0 [ 1113.940249][T14430] __x64_sys_exit_group+0x3e/0x50 [ 1113.940308][T14430] x64_sys_call+0x1530/0x1730 [ 1113.940362][T14430] do_syscall_64+0xcd/0x260 [ 1113.940424][T14430] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1113.940462][T14430] RIP: 0033:0x7f823658e969 [ 1113.940488][T14430] Code: Unable to access opcode bytes at 0x7f823658e93f. [ 1113.940506][T14430] RSP: 002b:00007ffc83d70f68 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 1113.940542][T14430] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f823658e969 [ 1113.940567][T14430] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000043 [ 1113.940591][T14430] RBP: 00007f8236612053 R08: 00007ffc83d6ed06 R09: 0000555588d95590 [ 1113.940616][T14430] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000020 [ 1113.940640][T14430] R13: 0000555588d95590 R14: 000000000010d8f3 R15: 00007ffc83d71120 [ 1113.940678][T14430] [ 1113.940691][T14430] [ 1114.565249][T14430] The buggy address belongs to the variable: [ 1114.571228][T14430] binder_devices+0x8/0x40 [ 1114.575666][T14430] [ 1114.577990][T14430] The buggy address belongs to the physical page: [ 1114.584404][T14430] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1af8c [ 1114.593188][T14430] flags: 0xfff00000002000(reserved|node=0|zone=1|lastcpupid=0x7ff) [ 1114.601123][T14430] raw: 00fff00000002000 ffffea00006be308 ffffea00006be308 0000000000000000 [ 1114.609743][T14430] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 1114.618339][T14430] page dumped because: kasan: bad access detected [ 1114.624761][T14430] page_owner info is not present (never set?) [ 1114.630827][T14430] [ 1114.633154][T14430] Memory state around the buggy address: [ 1114.638791][T14430] ffffffff9af8ca80: f9 f9 f9 f9 04 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 [ 1114.646869][T14430] ffffffff9af8cb00: f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 [ 1114.655388][T14430] >ffffffff9af8cb80: f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 [ 1114.663455][T14430] ^ [ 1114.670915][T14430] ffffffff9af8cc00: f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 00 00 f9 f9 [ 1114.678988][T14430] ffffffff9af8cc80: f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 [ 1114.687066][T14430] ================================================================== [ 1114.761815][T14430] syz_tun (unregistering): left allmulticast mode [ 1114.782925][T14430] ================================================================== [ 1114.791077][T14430] BUG: KASAN: global-out-of-bounds in fib6_ifdown+0x7f5/0x8f0 [ 1114.798598][T14430] Read of size 8 at addr ffffffff9af8cc90 by task syz-executor/14430 [ 1114.806740][T14430] [ 1114.809093][T14430] CPU: 0 UID: 0 PID: 14430 Comm: syz-executor Tainted: G B 6.15.0-syzkaller #0 PREEMPT(full) [ 1114.809149][T14430] Tainted: [B]=BAD_PAGE [ 1114.809162][T14430] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1114.809185][T14430] Call Trace: [ 1114.809197][T14430] [ 1114.809210][T14430] dump_stack_lvl+0x116/0x1f0 [ 1114.809275][T14430] print_report+0xc3/0x670 [ 1114.809335][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1114.809386][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1114.809433][T14430] ? __phys_addr+0xc6/0x150 [ 1114.809490][T14430] ? fib6_ifdown+0x7f5/0x8f0 [ 1114.809535][T14430] kasan_report+0xe0/0x110 [ 1114.809596][T14430] ? fib6_ifdown+0x7f5/0x8f0 [ 1114.809648][T14430] fib6_ifdown+0x7f5/0x8f0 [ 1114.809692][T14430] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1114.809739][T14430] ? llist_add_batch+0x103/0x170 [ 1114.809780][T14430] ? __pfx_fib6_ifdown+0x10/0x10 [ 1114.809827][T14430] fib6_clean_node+0x2a7/0x5b0 [ 1114.809878][T14430] ? __pfx_fib6_clean_node+0x10/0x10