last executing test programs: 13.210618974s ago: executing program 0 (id=156): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000280)=ANY=[@ANYBLOB="12010000d3750820c80a2103be6f000000010902120001000000000904"], 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000540)={0x1c, &(0x7f0000000040)=ANY=[], 0x0, 0x0}) syz_usb_control_io$sierra_net(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) 10.543358378s ago: executing program 0 (id=178): r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000240)=0x2) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0) r2 = syz_open_dev$sndpcmp(&(0x7f0000000200), 0x0, 0xa2c65) ioctl$SNDCTL_DSP_GETOSPACE(r1, 0x8010500c, &(0x7f0000000040)) ioctl$SNDRV_PCM_IOCTL_HW_FREE(r2, 0x4112, 0x0) ioctl$SNDCTL_DSP_SETTRIGGER(r1, 0x40045010, &(0x7f00000001c0)=0xff) 10.305403422s ago: executing program 0 (id=180): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x8000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_usb_connect(0x0, 0x24, &(0x7f0000000440)=ANY=[@ANYBLOB="120101025b0e8c10ef170c729051010203010902120001000000000904000000e39ccb007648945edf539e1fa720799b28ff613a766c79536e19a676e0f46aaf8d177fa8f6"], 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x4000000000000000) ioctl$KVM_RUN(r2, 0xae80, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 8.999428478s ago: executing program 2 (id=184): r0 = socket$unix(0x1, 0x2, 0x0) bind$unix(r0, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000027c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x2d, 0x20040040) recvmmsg$unix(r1, &(0x7f0000003d40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40012000, 0x0) connect$unix(r1, &(0x7f0000000000)=@abs={0x0, 0x0, 0x4e21}, 0x6e) 8.219773233s ago: executing program 0 (id=188): mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000440)='./file0/file0\x00', &(0x7f0000000500)='./file0/file0\x00', 0x0, 0x8b101a, 0x0) mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bind(&(0x7f0000000400)='./file0\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x18d883, 0x0) mount$bind(&(0x7f0000000140)='./file0/file0\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x10a78c0, 0x0) 8.029401005s ago: executing program 0 (id=189): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="05000000070000000800000005"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x6f) r1 = socket$packet(0x11, 0x2, 0x300) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000180)=r2, 0x4) r3 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000340)='\\', 0x1}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0) 7.950573009s ago: executing program 2 (id=190): prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) syz_clone(0x1144280, &(0x7f0000000000), 0x0, 0x0, 0x0, 0x0) mlock(&(0x7f0000ffb000/0x3000)=nil, 0x3000) move_pages(0x0, 0x1, &(0x7f0000000300)=[&(0x7f0000ffc000/0x4000)=nil], &(0x7f0000000540)=[0x1], &(0x7f0000001680), 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) io_setup(0x2, 0x0) 7.682148054s ago: executing program 0 (id=191): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x1ec) syz_mount_image$fuse(0x0, &(0x7f0000001040)='./file2\x00', 0x18, 0x0, 0x0, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c}) syz_mount_image$fuse(&(0x7f00000000c0), &(0x7f00000001c0)='./file0\x00', 0x40000, &(0x7f0000000c00)=ANY=[], 0x1, 0x0, 0x0) setrlimit(0x1, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x61) copy_file_range(r0, 0x0, r0, 0x0, 0x9, 0x0) 6.865832181s ago: executing program 32 (id=191): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x1ec) syz_mount_image$fuse(0x0, &(0x7f0000001040)='./file2\x00', 0x18, 0x0, 0x0, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c}) syz_mount_image$fuse(&(0x7f00000000c0), &(0x7f00000001c0)='./file0\x00', 0x40000, &(0x7f0000000c00)=ANY=[], 0x1, 0x0, 0x0) setrlimit(0x1, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x61) copy_file_range(r0, 0x0, r0, 0x0, 0x9, 0x0) 5.940816115s ago: executing program 2 (id=197): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x11, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) fcntl$lock(0xffffffffffffffff, 0x26, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x1}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(0x0, 0x1, &(0x7f0000000040)={{0x77359400}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000f40)={0x1, &(0x7f0000000f00)=[{0x6}]}) 3.700750025s ago: executing program 3 (id=207): r0 = syz_usb_connect$printer(0x5, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x10, 0x4b8, 0x202, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0xff, 0x2, 0x7, 0x1, 0x1, 0x0, "", {{{0x9, 0x5, 0x1, 0x2, 0x0, 0x13}}}}}]}}]}}, 0x0) syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000040)={0x34, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001180)={0x20, 0x0, 0x1, 0x99}}) syz_open_dev$char_usb(0xc, 0xb4, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="9feb010018000000000000004c0000004c00000002000000000000000000000903000000000000000000000105000000080000000000000000000003000000000200000002000000000200000000000000000003000000000100000002"], 0x0, 0x66}, 0x20) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) pselect6(0x40, &(0x7f00000000c0)={0xff, 0x9a, 0x0, 0x1, 0xd, 0xffffffffffffffc0, 0x7cb, 0x8}, 0x0, 0x0, 0x0, 0x0) 3.585689402s ago: executing program 2 (id=208): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000040)) r2 = syz_genetlink_get_family_id$team(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$TEAM_CMD_OPTIONS_SET(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB='`\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="0100"], 0x60}, 0x1, 0xf000, 0x0, 0x4008000}, 0x4800) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) sendmsg$DEVLINK_CMD_GET(r0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x800}, 0x2000c010) 3.295579179s ago: executing program 2 (id=209): openat(0xffffffffffffff9c, &(0x7f0000000040)='./file2\x00', 0x42, 0x0) syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x8a0c40, 0x0, 0x0, 0x0, 0x0) syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x21, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000440), 0x8, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) chdir(&(0x7f00000003c0)='./bus\x00') r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x40040, 0xc0) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000100)=ANY=[]) 3.047606663s ago: executing program 2 (id=210): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@gettaction={0x50, 0x32, 0x20, 0x70bd25, 0x25dfdbfe, {}, [@action_gd=@TCA_ACT_TAB={0x1c, 0x1, [{0xc, 0x1c, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'bpf\x00'}}, {0xc, 0x1d, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ife\x00'}}]}, @action_gd=@TCA_ACT_TAB={0x20, 0x1, [{0x10, 0xb, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'mirred\x00'}}, {0xc, 0x17, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x40}}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x40000}, 0x4048840) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x1, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x5}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="3c0000001000daf3715ede9ef24200007a000000", @ANYRES32=0x0, @ANYBLOB="00000000081000001c0012800b00010062726964676500000c000280040018"], 0x3c}, 0x1, 0x0, 0x0, 0x34001843}, 0x4004000) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840) r0 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 2.720045192s ago: executing program 1 (id=211): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) close(0x3) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r0, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8) setsockopt(r1, 0x84, 0x80, &(0x7f0000000000)="1400000009000000", 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c) sendto$inet6(r0, &(0x7f00000004c0)="b0", 0x1, 0x0, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c) 1.816045035s ago: executing program 3 (id=212): r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r1) ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=0x0) sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000740)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="010026bd70003c0200000200000008000100", @ANYRES32=r3], 0x1c}}, 0x0) write$nci(r0, &(0x7f0000001800)=ANY=[@ANYBLOB="7240082b0102020681055a03997713fa06070202267a"], 0x16) write$nci(r0, &(0x7f0000000240)=@NCI_OP_CORE_SET_CONFIG_RSP={0x0, 0x0, 0x2, 0x2, 0x4, {0x2, 0x2, "cd42"}}, 0x7) 1.72543275s ago: executing program 1 (id=213): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0x8, &(0x7f0000000780)=ANY=[@ANYBLOB="7a0af8ff75257000bfa100000000000007010000f8ffffffb702000005000000bf130000000000008500000006000000b700000000000000950000ff00000000b25952850a84a70002b2ab3d6ffaa6ead0169191d54f8196217fc563e2fc91f6da4dad4fdc2eb1b5986fc44bc25fb591cf77b9dfb379a3f611dbc2a364916f098dab10b1a297cf528666d1ddd73f30f2382f6cda4bfdd45be583823c0f092248a57d48621f3c1c65ee19ee875daf45006a4c4ea5e15b2f9618d547244a22000000000800db583620ce7243d1aebdb638d91dbef6619358399aa9c2acd068c03efefd8bc77edf2d34b12cd48a1b20fb7dd843267e0331759f4ec6b5b0af58e604f494eff289026d5045ef08000000000000007718a09f4886afc26abba34635d0e8b598a51bc742135a6e1d33fe226c944bc76be40d435aa8b5202db761014b1b999a12df6bee431a6681000000263b6233e1c0fe30e384c3cb07b74a72291a1a2b523dd81b6651b1ee48e999bb004823ebcd8c65743f31f84b263ab9b3426692d01ad194f302d7a658e9e54687d3c56d7bedb6b2f25ddb8c640bb321a402058c9221b6870814cf4ee23ddb79fff5eb156e0a000000000000f2bd1d4a178d86d6935eb8b75bc4eb680d10e8b6a54c6c8674caf63ff76622939a20d4aadf85db40179c2cf83ee07e30a279d8f9f3bc282deb43a03409f8e6972f3f720d045923702cede0f3e91411f3f1b16f065624f280a7dcce8db910f93c49b9e0b6dd7356aa79d5fabb5c0d0da6d719d7e0efb2bb713d18242cd5df6ca53307a4cdd91be4587f90e317c8de5e5c3933fd5d5bf38f6b9fc39fc829dcfe4af8ac5fbb7314a7a433e0182767d1786eda2b20"], &(0x7f0000000100)='GPL\x00'}, 0x48) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000180)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r3}, &(0x7f0000000200), &(0x7f0000000240)=r0}, 0x20) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000bc0)=ANY=[@ANYBLOB="1808000000000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b703000000000000850000000c000000b7000000000000001801000000082c2500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f00000000c0)=r4, 0x4) sendmmsg$sock(r2, &(0x7f0000007340)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) 1.572799228s ago: executing program 1 (id=214): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r1 = syz_io_uring_setup(0xec4, &(0x7f00000003c0)={0x0, 0xffffff7c, 0x2, 0x3, 0x34b}, &(0x7f0000000500)=0x0, &(0x7f0000000600)) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0xd3283d036ae269b3, 0x8031, 0xffffffffffffffff, 0x99cf0000) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) io_uring_enter(r1, 0x0, 0xe876, 0x3, &(0x7f0000000040)={[0xfffffffffffffffc]}, 0x8) 1.392454209s ago: executing program 3 (id=215): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x286000, 0x24) mkdirat(r0, &(0x7f0000000180)='./file0\x00', 0x4) open(&(0x7f0000000140)='./file0/file1\x00', 0x88440, 0x84) unlinkat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1f1) renameat2(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x0) 1.222291879s ago: executing program 1 (id=216): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f0000000200)=0x100000001, 0x4) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4000, @remote}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000000), 0x20000328) getsockopt$IPT_SO_GET_REVISION_MATCH(r0, 0x0, 0x42, 0x0, &(0x7f00000000c0)) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x7, 0x10012, r1, 0x0) 1.221781449s ago: executing program 3 (id=217): munmap(&(0x7f0000002000/0x1000)=nil, 0x1000) r0 = socket$inet6(0xa, 0x800000000000002, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000340)=0x63ba, 0x4) setsockopt$inet6_int(r0, 0x29, 0x31, &(0x7f0000000000)=0xb2, 0x4) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x23, &(0x7f0000000380)=0xa0, 0x4) sendmmsg$inet6(r0, &(0x7f0000000580)=[{{&(0x7f0000000080)={0xa, 0x4e20, 0x6, @ipv4={'\x00', '\xff\xff', @empty}, 0x7}, 0x1c, 0x0}}], 0x1, 0x24000000) recvmmsg(r0, &(0x7f0000000940)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001f80)=""/130, 0x82}, 0xdb30}], 0x1, 0x40002042, 0x0) 1.001818761s ago: executing program 3 (id=218): syz_mount_image$vfat(&(0x7f0000000300), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000080)=ANY=[], 0x4, 0x127d, &(0x7f00000011c0)="$eJzs3U1rJMUfB/DfJJPH/SeTv66ruyAWelGEcZODJy9BdkEMKNEsqKdeM9EhkwcyQyAi7njyJPgyRD16E8Q3kIsXz4IgkovHPYgtyUw085BsYjIJyOdz6aK6vlXV6U5DD1303itfrK2u1MsrWSOGCoUobo5E8WGKFEMxHC3NeOHeTz8//dY7774+v7BwZzGlu/Nvz76cUpp+5vv3Pv7m2R8a1+59O/3dWOzODO39PvfL7o3dm3t/fh3VeqrW0/pGI2Xp/sZGI7tfq6Tlan21nNKbtUpWr6Tqer2y1bF/pbaxubmTsvXlqcnNrUq9nrL1nbRa2UmNQmps7aTsg6y6nsrlcpqaDM5j6auHeZ5H5PlIjEae5/lETMa1+F9MxXSUYib+H4/F43E9nogb8WQ8FTcPWl31vAEAAAAAAAAAAAAAAAAAAOC/5RHr/wvW/wMAAAAAAAAAAAAAAAAAAMDgda//L0b4/j8AAAAAAAAAAAAAAAAAAABcskd8/79r/f+L1v8DAAAAAAAAAAAAAAAAAADAIIy3NospjUesfba9tL3U2rbq51eiGrWoxO0oxR9xsPq/pVW++9rCndvpwEy8tPagnX+wvTTcmZ8dKcVMoW9+diIiUkqd+bGYPJqfi1Jc7z/+XGv8rvx4PP/cfv7TVr4cpfjx/diIWixHFNpHf5D/ZDalV99YmOjM39pvd6zhAZ8WAAAAuEjl9Lfe5/dmu1Hf/a1d7efz1G5ZOOH3ga7n82LcKl7VUXOovvPRalarVbb+ZWH0+H5Gz9dzT6EQEVkcrZme/HVxf/BT9nN4uV3QfI4Uhi+6wxMLIye3Occ5jeKp/5gDKkSzuyYvRZy1n9++PFIzfub4+QpD7cssqzVPfbFFM88HOrG+/4xjJ6WOv2cUBnxP4vL8c9KveiYAAAAAAAAAAACcRd+3/yYioud9wA97ag5fD++M9/Z8/OifX8IRAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB/sQPHAgAAAADC/K3T6NgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgK8CAAD//w+Ty90=") syz_mount_image$vfat(&(0x7f00000006c0), &(0x7f0000000280)='./bus\x00', 0xdb9303c4987113b7, 0x0, 0x1, 0x0, &(0x7f0000000080)) r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x0, 0x0) mkdirat(r0, &(0x7f0000000380)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x37) chdir(&(0x7f0000001180)='./bus\x00') openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1) mount$overlay(0x0, &(0x7f0000000100)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x10000, &(0x7f0000000580)) 929.915676ms ago: executing program 1 (id=219): r0 = socket(0xa, 0x1, 0x0) r1 = socket(0xa, 0x1, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000040)=0x9, 0x4) bind$inet6(r1, &(0x7f0000000480)={0xa, 0xe64, 0x3, @ipv4={'\x00', '\xff\xff', @empty}, 0x2}, 0x1c) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000040)=0x9, 0x4) bind$inet6(r0, &(0x7f0000000140)={0xa, 0xe64, 0xb, @ipv4={'\x00', '\xff\xff', @empty}, 0x1}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000005a40)=[{{&(0x7f00000001c0)={0xa, 0x4e20, 0x0, @empty, 0x1}, 0x1c, 0x0}}], 0x1, 0x20008000) 300.260172ms ago: executing program 3 (id=220): syz_mount_image$reiserfs(&(0x7f0000000140), &(0x7f0000001140)='./file6\x00', 0x98, &(0x7f0000000280), 0x1, 0x10ef, &(0x7f00000022c0)="$eJzs2DGLE0EYBuB3dg/kqshcvx5oYSHHHfEPXKGQxsLaLljZmUrJz/HnyFX2R3pTBOyVTQwJEhDJYuB4Hlh252Vmvp1yvgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDvLPlekosmqdusSVKSrrubLJJ02/zx17ZJydv3k9mrj+PXs8209FmT0q9aj+vN01rHdVxv6suL22d19unzh3avZEmX+9V8ev5mOehR+trtoDsCAADAw/DzaKMT1wcAAAD+ZrBGAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAA6vajSVKSrrubLJJ0p/0tAAAA4EglTd6NDuWbNsDOi3wblZRHu+RH6edc58uB9QAAAMC/KXv38ec5z5O9/DJnubrajH+/srxN2iTXf+xzv5pP18/lfFr+5wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgF/swLEAAAAAgDB/6zQ6NgAAAAAAAAAAAAAAAGCqAAAA//9TGNII") openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x103a42, 0x100) truncate(&(0x7f0000000080)='./file0\x00', 0x3a6800) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1442, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) pwrite64(r1, &(0x7f000001f900)='2', 0x1, 0x8000c63) pwrite64(r0, &(0x7f0000000140)='2', 0xfdef, 0xfecc) 0s ago: executing program 1 (id=221): syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000280)='./file0\x00', 0x2800000, &(0x7f0000000380)={[{@debug}, {@delalloc}, {@bh}, {@test_dummy_encryption}, {@nodiscard}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}, {@acl}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x40}}]}, 0x1, 0xbcd, &(0x7f0000000740)="$eJzs3M1rHOcZAPBnRp+21a5cSql7sUopNpSuZReZ2hRqF5deeii0xxYs5JURWn8gqbiSdVi1/0Bpey7kEkhiEnyIz74kkGsuiXONySFggmI5EEKiMLuzkiztSrK9q1Hk3w9e7fvuMzvv8+x4d+Y1uxvAS2sk+5NGHIuIy0lEKb8/jYj+em8wotbYbmV5ceKL5cWJJFZX//xZEklEPF5enGjuK8lvj+SDwYh4/3dJ/OBfW+ednV+YHq9WKzP5+NTctZunZucXfjl1bfxq5Wrl+umzvx47M3Z29NxYx2r98uML95789A+f1L56/es7n//31SQuxFAe21hHXvULG4mRtedko96IGO/A/veDnryejXUmvTs8KO1yUgAAtJVuuIb7UZSiJ9Yv3krxzgeFJgcAAAB0xGpPxCoAAABwwCVb1v9P/pr/3wAAAABwIDQ/B/B4eXGi2Qr8OMKee3QxIoYb9a/krRHpjVr9djD6IuLw4yQ2fq01aTzshY1ExMOPzr2VtWjxPeRuqy1FxI9bHf+kXv9w/k3ozfWnETHagflHNo2/S/Vf6MD8u6h/oAPTAMBT7l9snMi2nv/SteufaHH+621x7noeRZ//m9d/K1uu/9br72lz/fenXc5x+7X/32oXy+r/zb3fv9ls2fzZ7QsV9QweLUX8pLdV/cla/Umb+i/vco7SN7cq7WJF17/6SsSJiOhpUX/T0va/T3RqcqpaGW38bTnH0ntjb7Sbv+j6s+N/OJ7v+N98ak/tf9Tnb5cu3W0X27n+9NP+5C/1Xn9+zz/G5+ZmTkf0J3/cev+Z7ettbtPcR1b/yZ9t//pvVX/2nlDLn4c0/zeS5uN/bprzt3duv71d/dnar8jjf+U5j/+/dznHz9/9z8l2sY3r36xl8z9MGmthAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGhKI2IokrQcEUm9n6blcsSRiPhhHE6rN2bnfjF54+/Xr2SxiOHoSyenqpXRiCg1xkk2Pl3vr4/PbBr/KiKORsT/Sofq4/LEjeqVoosHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgzZGIGIokLUdEGhErpTQtl4vOCgAAAOi44aITAAAAALrO+h8AAAAOPut/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuuzo8fsPkoionT9Ub5n+PNZXaGZAt6VFJwAUpqfoBIDC9BadAFCYZ1zju1yAAyjZIT7YNjLQ8VwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2L9OHLv/IImI2vlD9Zbpz2N9LR9xfA+zA7opLToBoDA92wV79y4PYO95icPLq/UaH3iZJDvEB9e3qT0dGehaTgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADsP0P1lqTliEjr/TQtlyO+FxHD0ZdMTlUroxHx/Yj4sNQ3kI0Hik4aAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAjpudX5ger1YrMy060T5USKdvf6Sho9OdTrI/0mh0in5nAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgCLPzC9Pj1WplZrboTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICizc4vTI9Xq5WZXXTuPsvGGzpF1wgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQHG+DQAA//+mqwX2") syz_mount_image$exfat(0x0, &(0x7f0000000100)='./bus\x00', 0x0, 0x0, 0x10, 0x0, &(0x7f0000000240)) chdir(&(0x7f00000003c0)='./bus\x00') mkdir(&(0x7f00000020c0)='./file0\x00', 0x0) syz_mount_image$exfat(0x0, &(0x7f0000000100)='./bus\x00', 0x4808, 0x0, 0x0, 0x0, &(0x7f0000000000)) syz_mount_image$ext4(0x0, &(0x7f00000000c0)='./bus/file0\x00', 0x80008, 0x0, 0x0, 0x0, &(0x7f0000000000)) rename(&(0x7f0000000000)='./bus/file0\x00', &(0x7f0000000080)='./file0\x00') kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.114' (ED25519) to the list of known hosts. syzkaller login: [ 81.987533][ T5760] cgroup: Unknown subsys name 'net' [ 82.123045][ T5760] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 83.816116][ T5760] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 85.541591][ T5776] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 85.559398][ T5781] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 85.568504][ T5781] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 85.569711][ T5783] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 85.580529][ T5781] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 85.589068][ T5783] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 85.596914][ T5781] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 85.599067][ T5783] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 85.607639][ T5781] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 85.615756][ T5783] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 85.620456][ T5781] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 85.627218][ T5783] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 85.639471][ T5783] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 85.643118][ T5781] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 85.648641][ T5783] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 85.663921][ T5779] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 85.671841][ T5779] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 85.679492][ T5779] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 85.705085][ T5779] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 85.714836][ T5085] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 85.728868][ T5779] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 85.745635][ T5786] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 85.759053][ T5786] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 85.767081][ T5786] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 86.237497][ T5773] chnl_net:caif_netlink_parms(): no params data found [ 86.348422][ T5775] chnl_net:caif_netlink_parms(): no params data found [ 86.398362][ T5772] chnl_net:caif_netlink_parms(): no params data found [ 86.469645][ T5774] chnl_net:caif_netlink_parms(): no params data found [ 86.517917][ T5773] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.526265][ T5773] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.533944][ T5773] bridge_slave_0: entered allmulticast mode [ 86.541468][ T5773] bridge_slave_0: entered promiscuous mode [ 86.591629][ T5773] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.599048][ T5773] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.607886][ T5773] bridge_slave_1: entered allmulticast mode [ 86.615474][ T5773] bridge_slave_1: entered promiscuous mode [ 86.677421][ T5775] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.684883][ T5775] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.692159][ T5775] bridge_slave_0: entered allmulticast mode [ 86.699667][ T5775] bridge_slave_0: entered promiscuous mode [ 86.748169][ T5775] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.755641][ T5775] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.763160][ T5775] bridge_slave_1: entered allmulticast mode [ 86.770601][ T5775] bridge_slave_1: entered promiscuous mode [ 86.777919][ T5772] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.787207][ T5772] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.795406][ T5772] bridge_slave_0: entered allmulticast mode [ 86.802493][ T5772] bridge_slave_0: entered promiscuous mode [ 86.813542][ T5773] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.823059][ T5772] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.831769][ T5772] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.839412][ T5772] bridge_slave_1: entered allmulticast mode [ 86.846984][ T5772] bridge_slave_1: entered promiscuous mode [ 86.882652][ T5773] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.914005][ T5774] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.923384][ T5774] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.931087][ T5774] bridge_slave_0: entered allmulticast mode [ 86.938664][ T5774] bridge_slave_0: entered promiscuous mode [ 86.982030][ T5774] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.989372][ T5774] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.996767][ T5774] bridge_slave_1: entered allmulticast mode [ 87.004696][ T5774] bridge_slave_1: entered promiscuous mode [ 87.013674][ T5775] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.029774][ T5773] team0: Port device team_slave_0 added [ 87.038656][ T5772] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.061964][ T5775] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.086762][ T5773] team0: Port device team_slave_1 added [ 87.096126][ T5772] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.169733][ T5774] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.181886][ T5775] team0: Port device team_slave_0 added [ 87.192642][ T5775] team0: Port device team_slave_1 added [ 87.211154][ T5772] team0: Port device team_slave_0 added [ 87.221520][ T5772] team0: Port device team_slave_1 added [ 87.229684][ T5774] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.261354][ T5773] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.268587][ T5773] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.296459][ T5773] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.310875][ T5773] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.317962][ T5773] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.343953][ T5773] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.405068][ T5774] team0: Port device team_slave_0 added [ 87.420132][ T5772] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.430045][ T5772] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.456708][ T5772] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.469084][ T5775] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.476278][ T5775] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.502477][ T5775] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.516418][ T5774] team0: Port device team_slave_1 added [ 87.522924][ T5775] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.530090][ T5775] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.556769][ T5775] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.576134][ T5772] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.583488][ T5772] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.614295][ T5772] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.675118][ T5773] hsr_slave_0: entered promiscuous mode [ 87.682949][ T5773] hsr_slave_1: entered promiscuous mode [ 87.741929][ T5774] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.749204][ T5774] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.775087][ T5776] Bluetooth: hci3: command tx timeout [ 87.775649][ T5776] Bluetooth: hci1: command tx timeout [ 87.780601][ T5774] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.796710][ T5786] Bluetooth: hci2: command tx timeout [ 87.844400][ T51] Bluetooth: hci0: command tx timeout [ 87.870511][ T5774] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.883444][ T5774] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.914605][ T5774] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.983211][ T5775] hsr_slave_0: entered promiscuous mode [ 87.995885][ T5775] hsr_slave_1: entered promiscuous mode [ 88.002688][ T5775] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 88.015319][ T5775] Cannot create hsr debugfs directory [ 88.075523][ T5772] hsr_slave_0: entered promiscuous mode [ 88.082499][ T5772] hsr_slave_1: entered promiscuous mode [ 88.094213][ T5772] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 88.102028][ T5772] Cannot create hsr debugfs directory [ 88.215257][ T5774] hsr_slave_0: entered promiscuous mode [ 88.223540][ T5774] hsr_slave_1: entered promiscuous mode [ 88.234853][ T5774] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 88.242473][ T5774] Cannot create hsr debugfs directory [ 88.634993][ T5773] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 88.653931][ T5773] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 88.667140][ T5773] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 88.679266][ T5773] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 88.768268][ T5775] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 88.804098][ T5775] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 88.831608][ T5775] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 88.853180][ T5775] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 88.911231][ T5774] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 88.922537][ T5774] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 88.937147][ T5774] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 88.950395][ T5774] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 89.053179][ T5772] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 89.063950][ T5772] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 89.078813][ T5772] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 89.092536][ T5772] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 89.109022][ T5773] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.180810][ T5773] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.230350][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.237840][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.257978][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.265221][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.412709][ T5774] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.427981][ T5775] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.472607][ T5775] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.498799][ T42] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.506123][ T42] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.548215][ T5772] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.578012][ T5774] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.608273][ T42] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.615528][ T42] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.663345][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.670656][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.692973][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.700231][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.723674][ T5772] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.787873][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.795113][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.837406][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.844645][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.853022][ T51] Bluetooth: hci1: command tx timeout [ 89.853143][ T5786] Bluetooth: hci3: command tx timeout [ 89.865800][ T5776] Bluetooth: hci2: command tx timeout [ 89.920760][ T5773] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.930036][ T5776] Bluetooth: hci0: command tx timeout [ 90.160612][ T5773] veth0_vlan: entered promiscuous mode [ 90.181517][ T5773] veth1_vlan: entered promiscuous mode [ 90.249954][ T5773] veth0_macvtap: entered promiscuous mode [ 90.285491][ T5773] veth1_macvtap: entered promiscuous mode [ 90.336668][ T5773] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.375955][ T5773] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 90.428150][ T5773] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.438480][ T5773] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.447729][ T5773] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.458451][ T5773] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.489107][ T5775] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.568585][ T5774] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.692628][ T5772] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.713810][ T993] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.736040][ T993] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.796422][ T5775] veth0_vlan: entered promiscuous mode [ 90.827457][ T993] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.851025][ T5775] veth1_vlan: entered promiscuous mode [ 90.855299][ T993] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.877604][ T5774] veth0_vlan: entered promiscuous mode [ 90.961781][ T5772] veth0_vlan: entered promiscuous mode [ 90.974143][ T5774] veth1_vlan: entered promiscuous mode [ 91.019253][ T5775] veth0_macvtap: entered promiscuous mode [ 91.032811][ T5772] veth1_vlan: entered promiscuous mode [ 91.051316][ T5775] veth1_macvtap: entered promiscuous mode [ 91.137578][ T5775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.151816][ T5775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.165386][ T5775] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.189572][ T5774] veth0_macvtap: entered promiscuous mode [ 91.203830][ T5774] veth1_macvtap: entered promiscuous mode [ 91.216304][ T5772] veth0_macvtap: entered promiscuous mode [ 91.229253][ T5775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.241648][ T5775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.259670][ T5775] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.287140][ T5772] veth1_macvtap: entered promiscuous mode [ 91.319933][ T5774] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.332246][ T5774] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.342844][ T5774] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.358259][ T5774] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.372129][ T5774] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.392502][ T5774] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.405705][ T5774] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.417542][ T5774] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.428395][ T5774] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.440423][ T5774] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.459590][ T5775] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.494396][ T5775] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.503179][ T5775] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.513682][ T5775] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.558457][ T5774] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.568951][ T5774] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.582372][ T5774] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.591282][ T5774] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.622714][ T5772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.654392][ T5772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.674315][ T5772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.699102][ T5772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.717977][ T5772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.733640][ T5772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.747504][ T5772] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.812144][ T5772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.830211][ T5772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.840662][ T5772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.851986][ T5772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.875971][ T5772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.888312][ T5772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.913387][ T5772] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.932528][ T5786] Bluetooth: hci3: command tx timeout [ 91.938085][ T5786] Bluetooth: hci1: command tx timeout [ 91.943640][ T5776] Bluetooth: hci2: command tx timeout [ 91.976132][ T5772] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.985118][ T5772] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.993867][ T5772] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.002677][ T5772] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.013820][ T51] Bluetooth: hci0: command tx timeout [ 92.277329][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.285498][ T28] audit: type=1326 audit(1769832922.623:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5861 comm="syz.2.5" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff6ddb9aeb9 code=0x0 [ 92.296953][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.443891][ T42] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.443891][ T993] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.443913][ T993] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.452553][ T42] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.611244][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.646155][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.778163][ T42] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.820275][ T42] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.944920][ T5876] syz.0.6[5876]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 93.003496][ T993] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.024996][ T993] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.134157][ T5876] loop0: detected capacity change from 0 to 4096 [ 93.414832][ T5870] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 93.623871][ T28] audit: type=1804 audit(1769832923.963:3): pid=5876 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.6" name=2F6E6577726F6F742F312F131377C5FC35D41454D5D41D29AD1A6029598146E6BE166E41AD0DBD4054033C9F33BBDA8224A2F3D772E7636E48B33CBF708372E8F1B9933EC5127743BE2206209EF02DF9CBF2F6E880D3382F66696C6531 dev="loop0" ino=33 res=1 errno=0 [ 93.752959][ T5870] usb 3-1: config 0 has no interfaces? [ 93.770215][ T5870] usb 3-1: New USB device found, idVendor=06cd, idProduct=010f, bcdDevice=d5.1b [ 93.802926][ T5888] netlink: 'syz.3.9': attribute type 10 has an invalid length. [ 93.814530][ T5870] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 93.852643][ T5888] netlink: 40 bytes leftover after parsing attributes in process `syz.3.9'. [ 93.877797][ T5870] usb 3-1: config 0 descriptor?? [ 94.004748][ T51] Bluetooth: hci2: command tx timeout [ 94.008312][ T5776] Bluetooth: hci1: command tx timeout [ 94.016541][ T51] Bluetooth: hci3: command tx timeout [ 94.026040][ T5888] team0: Port device geneve0 added [ 94.084406][ T5786] Bluetooth: hci0: command tx timeout [ 94.334704][ T5821] usb 3-1: USB disconnect, device number 2 [ 94.704068][ T5902] bridge_slave_0: default FDB implementation only supports local addresses [ 94.722818][ T5902] netlink: 8 bytes leftover after parsing attributes in process `syz.0.14'. [ 94.750461][ T5902] bridge_slave_0: default FDB implementation only supports local addresses [ 94.826059][ T5892] loop1: detected capacity change from 0 to 40427 [ 94.866410][ T5892] F2FS-fs (loop1): invalid crc value [ 94.885531][ T5892] F2FS-fs (loop1): Found nat_bits in checkpoint [ 95.040349][ T5892] F2FS-fs (loop1): Start checkpoint disabled! [ 95.078142][ T5892] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 95.203739][ T5892] syz.1.11: attempt to access beyond end of device [ 95.203739][ T5892] loop1: rw=2049, sector=77824, nr_sectors = 136 limit=40427 [ 95.546082][ T42] kworker/u4:2: attempt to access beyond end of device [ 95.546082][ T42] loop1: rw=2049, sector=40960, nr_sectors = 24 limit=40427 [ 95.567927][ T42] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 95.578590][ T42] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 95.592397][ T42] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 96.100494][ T5930] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 96.331709][ T5937] loop1: detected capacity change from 0 to 256 [ 96.362257][ T5937] ======================================================= [ 96.362257][ T5937] WARNING: The mand mount option has been deprecated and [ 96.362257][ T5937] and is ignored by this kernel. Remove the mand [ 96.362257][ T5937] option from the mount to silence this warning. [ 96.362257][ T5937] ======================================================= [ 96.445099][ T5937] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 96.480837][ T5937] exFAT-fs (loop1): Medium has reported failures. Some data may be lost. [ 96.524093][ T5937] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 96.909075][ T5947] syz.2.31 uses obsolete (PF_INET,SOCK_PACKET) [ 97.426617][ T5963] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 97.532611][ T5966] netlink: 24 bytes leftover after parsing attributes in process `syz.1.38'. [ 97.754031][ T5970] loop1: detected capacity change from 0 to 1024 [ 97.781201][ T5970] hfsplus: unable to parse mount options [ 97.855823][ T27] cfg80211: failed to load regulatory.db [ 97.880318][ T5791] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 98.074488][ T5972] loop2: detected capacity change from 0 to 8192 [ 98.146375][ T5972] loop2: p1 p2 p3 p4[EZD] [ 98.152222][ T5972] loop2: partition table partially beyond EOD, truncated [ 98.172550][ T5972] loop2: p3 start 331777 is beyond EOD, truncated [ 98.194649][ T5972] loop2: p4 size 262912 extends beyond EOD, truncated [ 98.578903][ T5791] udevd[5791]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 98.591691][ T5780] udevd[5780]: inotify_add_watch(7, /dev/loop2p2, 10) failed: No such file or directory [ 98.596807][ T5789] udevd[5789]: inotify_add_watch(7, /dev/loop2p4, 10) failed: No such file or directory [ 99.861651][ T6018] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 100.208378][ T6024] fuse: root generation should be zero [ 100.256402][ T6027] warning: `syz.3.65' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 100.446922][ T6011] loop2: detected capacity change from 0 to 32768 [ 100.465562][ T6031] input: syz1 as /devices/virtual/input/input5 [ 100.553520][ T6011] XFS (loop2): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 100.710551][ T6011] XFS (loop2): Ending clean mount [ 100.866113][ T6047] loop0: detected capacity change from 0 to 1024 [ 100.893959][ T6047] EXT4-fs: Ignoring removed bh option [ 100.908037][ T6047] EXT4-fs: Ignoring removed nobh option [ 100.929624][ T6047] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 100.947617][ T6051] netlink: 12 bytes leftover after parsing attributes in process `syz.1.72'. [ 100.976703][ T6051] netlink: 40 bytes leftover after parsing attributes in process `syz.1.72'. [ 101.006982][ T5773] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 101.024190][ T6047] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 101.203481][ T6047] EXT4-fs error (device loop0): __ext4_get_inode_loc:4489: comm syz.0.71: Invalid inode table block 10847238902612165993 in block_group 0 [ 101.310179][ T5775] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 101.551259][ T6061] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 101.856040][ T6069] loop2: detected capacity change from 0 to 7 [ 101.867888][ T6069] ldm_parse_privhead(): Cannot find PRIVHEAD structure. LDM database is corrupt. Aborting. [ 101.879338][ T6069] ldm_validate_privheads(): Cannot find PRIVHEAD 1. [ 101.889566][ T6069] Dev loop2: unable to read RDB block 7 [ 101.899143][ T6069] loop2: unable to read partition table [ 101.906754][ T6069] loop2: partition table beyond EOD, truncated [ 101.913125][ T6069] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 102.484151][ T6089] loop2: detected capacity change from 0 to 2048 [ 102.611098][ T6089] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 103.248881][ T6109] loop3: detected capacity change from 0 to 512 [ 103.296011][ T6109] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 103.309048][ T6109] ext4 filesystem being mounted at /23/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 103.499262][ T5772] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 103.622944][ T6113] loop1: detected capacity change from 0 to 1024 [ 103.791737][ T6117] loop3: detected capacity change from 0 to 1024 [ 103.802731][ T6113] hfsplus: keylen 65060 too large [ 103.829284][ T6113] hfsplus: xattr search failed [ 104.140903][ T6120] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 104.352480][ T6126] macvlan2: entered promiscuous mode [ 104.619082][ T6128] loop1: detected capacity change from 0 to 8192 [ 104.642530][ T6128] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 104.656256][ T6128] REISERFS (device loop1): found reiserfs format "3.6" with non-standard journal [ 104.667349][ T6128] REISERFS (device loop1): using journaled data mode [ 104.674089][ T6128] reiserfs: using flush barriers [ 104.692561][ T6128] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 104.711259][ T6128] REISERFS (device loop1): checking transaction log (loop1) [ 104.743716][ T6128] REISERFS (device loop1): Using r5 hash to sort names [ 104.759404][ T6128] REISERFS warning (device loop1): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 104.805373][ T6128] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage. [ 104.969137][ T5776] Bluetooth: hci4: command 0x1003 tx timeout [ 104.976140][ T5786] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 105.129027][ T6136] loop1: detected capacity change from 0 to 256 [ 105.160335][ T6136] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x205ab87c, utbl_chksum : 0xe619d30d) [ 105.209839][ T28] audit: type=1800 audit(1769832935.553:4): pid=6136 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.108" name="file1" dev="loop1" ino=1048593 res=0 errno=0 [ 105.249584][ T6136] exFAT-fs (loop1): error, broken FAT chain. [ 105.266577][ T6136] exFAT-fs (loop1): Filesystem has been set read-only [ 105.273772][ T6136] exFAT-fs (loop1): error, failed to bmap (inode : ffff88807f2e07e0 iblock : 276758527, err : -5) [ 105.418229][ T6140] loop1: detected capacity change from 0 to 128 [ 105.436382][ T6140] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback. [ 105.464703][ T6140] ext4 filesystem being mounted at /28/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 105.666736][ T5774] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 105.681862][ T6143] gretap0: entered promiscuous mode [ 105.714853][ T6143] netlink: 8 bytes leftover after parsing attributes in process `syz.3.111'. [ 105.735690][ T6143] gretap0: left promiscuous mode [ 106.044654][ T5821] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 106.120428][ T6138] loop2: detected capacity change from 0 to 40427 [ 106.135288][ T6138] F2FS-fs (loop2): invalid crc value [ 106.174136][ T6138] F2FS-fs (loop2): Found nat_bits in checkpoint [ 106.237837][ T5821] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 106.265275][ T5821] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 106.273137][ T6138] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 106.294805][ T5821] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 106.313630][ T5821] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 106.381834][ T5821] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 106.446131][ T5821] usb 1-1: config 0 descriptor?? [ 106.485311][ T6138] syz.2.109: attempt to access beyond end of device [ 106.485311][ T6138] loop2: rw=2049, sector=77824, nr_sectors = 256 limit=40427 [ 106.514017][ T6138] syz.2.109: attempt to access beyond end of device [ 106.514017][ T6138] loop2: rw=2049, sector=78080, nr_sectors = 592 limit=40427 [ 106.555139][ T6138] syz.2.109: attempt to access beyond end of device [ 106.555139][ T6138] loop2: rw=2049, sector=77824, nr_sectors = 256 limit=40427 [ 106.760665][ T5773] syz-executor: attempt to access beyond end of device [ 106.760665][ T5773] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 106.813828][ T5773] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 106.898079][ T6167] Illegal XDP return value 4294967282 on prog (id 11) dev syz_tun, expect packet loss! [ 106.911303][ T5821] plantronics 0003:047F:FFFF.0001: unbalanced collection at end of report description [ 106.947335][ T5821] plantronics 0003:047F:FFFF.0001: parse failed [ 106.953756][ T5821] plantronics: probe of 0003:047F:FFFF.0001 failed with error -22 [ 107.056880][ T6169] loop3: detected capacity change from 0 to 2048 [ 107.078407][ T5786] Bluetooth: Unknown BR/EDR signaling command 0x0f [ 107.087315][ T5786] Bluetooth: Wrong link type (-22) [ 107.126443][ T6169] loop3: p1 < > p4 [ 107.143287][ T6169] loop3: p4 start 42180 is beyond EOD, truncated [ 107.179680][ T5762] usb 1-1: USB disconnect, device number 2 [ 107.221847][ T5141] loop3: p1 < > p4 [ 107.244928][ T5141] loop3: p4 start 42180 is beyond EOD, truncated [ 107.461523][ T5791] udevd[5791]: inotify_add_watch(7, /dev/loop3p1, 10) failed: No such file or directory [ 107.978985][ T6187] loop2: detected capacity change from 0 to 1024 [ 108.047649][ T6187] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 108.161812][ T6193] netlink: 4 bytes leftover after parsing attributes in process `syz.0.128'. [ 108.261067][ T6177] loop3: detected capacity change from 0 to 32768 [ 108.290675][ T6187] EXT4-fs warning (device loop2): ext4_read_inode_bitmap:149: Cannot read inode bitmap - block_group = 0, inode_bitmap = 8476749877194475496 [ 108.325871][ T6177] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 scanned by syz.3.123 (6177) [ 108.430573][ T5773] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 108.473512][ T6177] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 108.500020][ T6177] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 108.532265][ T6177] BTRFS info (device loop3): using free space tree [ 108.670196][ T2974] BTRFS warning (device loop3): checksum verify failed on logical 5287936 mirror 1 wanted 0xba2f3320fe4f0dfed931d5a5c7a64dbbccc1fca522c14bbe02198145e0728966 found 0xb3a55baeeaea4006ff4e61b6d0f3bc26a653b1c668cc957cbbff06b61ff2c8cc level 0 [ 108.770671][ T6177] BTRFS warning (device loop3): failed to read root (objectid=4): -5 [ 108.847032][ T6177] BTRFS error (device loop3): open_ctree failed: -5 [ 108.912419][ T5867] kernel write not supported for file /vcs (pid: 5867 comm: kworker/0:4) [ 109.053051][ T5762] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 109.246641][ T5762] usb 2-1: Using ep0 maxpacket: 8 [ 109.262711][ T5762] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 109.283879][ T5762] usb 2-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a [ 109.309724][ T5762] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 109.329440][ T5762] usb 2-1: config 0 descriptor?? [ 109.339677][ T5762] gspca_main: vc032x-2.14.0 probing 046d:0892 [ 109.405366][ T6223] Zero length message leads to an empty skb [ 109.556616][ T6229] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 109.859980][ T6238] loop2: detected capacity change from 0 to 512 [ 109.889663][ T6238] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 109.939437][ T6238] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 109.953548][ T6238] ext4 filesystem being mounted at /36/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 110.068813][ T5773] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 110.534499][ T5867] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 110.768732][ T5867] usb 3-1: Using ep0 maxpacket: 8 [ 110.790492][ T5867] usb 3-1: config 179 has an invalid interface number: 65 but max is 0 [ 110.804427][ T5867] usb 3-1: config 179 has no interface number 0 [ 110.814357][ T5867] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 110.844307][ T5867] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 110.866473][ T5894] usb 2-1: USB disconnect, device number 2 [ 110.877102][ T5867] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 110.916496][ T5867] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 110.948863][ T5867] usb 3-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 110.977291][ T5867] usb 3-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 110.997282][ T5867] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 111.030085][ T6245] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 111.299752][ T6254] loop3: detected capacity change from 0 to 32768 [ 111.345936][ T6254] XFS (loop3): DAX unsupported by block device. Turning off DAX. [ 111.396916][ T6254] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 111.500453][ T6254] XFS (loop3): Ending clean mount [ 111.615898][ T6254] XFS (loop3): Quotacheck needed: Please wait. [ 111.688181][ T5867] input: Generic X-Box pad as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:179.65/input/input6 [ 111.840921][ T6254] XFS (loop3): Quotacheck: Done. [ 112.131659][ T27] usb 3-1: USB disconnect, device number 3 [ 112.131655][ C0] xpad 3-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 112.149219][ C0] xpad 3-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 112.158732][ T5772] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 112.176635][ T27] xpad 3-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 112.678194][ T6277] loop3: detected capacity change from 0 to 1024 [ 112.705654][ T6277] EXT4-fs: inline encryption not supported [ 112.711633][ T6277] EXT4-fs: Ignoring removed nobh option [ 112.739192][ T6277] EXT4-fs: Ignoring removed bh option [ 112.760254][ T6277] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 112.815291][ T6277] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 112.970638][ T6277] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4047: comm syz.3.152: Allocating blocks 497-513 which overlap fs metadata [ 113.081031][ T6289] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4047: comm syz.3.152: Allocating blocks 497-513 which overlap fs metadata [ 113.134365][ T27] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 113.165309][ T5772] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 113.334376][ T27] usb 1-1: Using ep0 maxpacket: 32 [ 113.350200][ T27] usb 1-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be [ 113.370337][ T27] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 113.403094][ T27] usb 1-1: config 0 descriptor?? [ 113.422806][ T27] gspca_main: vc032x-2.14.0 probing 0ac8:0321 [ 113.558319][ T6296] loop3: detected capacity change from 0 to 128 [ 114.679677][ T6327] input: syz0 as /devices/virtual/input/input7 [ 114.857114][ T27] gspca_vc032x: reg_w err -71 [ 114.883383][ T27] gspca_vc032x: I2c Bus Busy Wait 00 [ 114.902446][ T27] gspca_vc032x: I2c Bus Busy Wait 00 [ 114.908358][ T27] gspca_vc032x: I2c Bus Busy Wait 00 [ 114.913701][ T27] gspca_vc032x: I2c Bus Busy Wait 00 [ 114.929400][ T27] gspca_vc032x: I2c Bus Busy Wait 00 [ 114.936962][ T27] gspca_vc032x: I2c Bus Busy Wait 00 [ 114.942554][ T27] gspca_vc032x: I2c Bus Busy Wait 00 [ 114.954042][ T27] gspca_vc032x: I2c Bus Busy Wait 00 [ 114.960093][ T27] gspca_vc032x: I2c Bus Busy Wait 00 [ 114.966336][ T27] gspca_vc032x: I2c Bus Busy Wait 00 [ 114.971803][ T27] gspca_vc032x: I2c Bus Busy Wait 00 [ 114.977624][ T27] gspca_vc032x: I2c Bus Busy Wait 00 [ 114.983337][ T27] gspca_vc032x: I2c Bus Busy Wait 00 [ 114.991535][ T27] gspca_vc032x: I2c Bus Busy Wait 00 [ 115.012169][ T27] gspca_vc032x: I2c Bus Busy Wait 00 [ 115.023826][ T27] gspca_vc032x: I2c Bus Busy Wait 00 [ 115.038502][ T27] gspca_vc032x: I2c Bus Busy Wait 00 [ 115.044091][ T27] gspca_vc032x: I2c Bus Busy Wait 00 [ 115.062870][ T27] gspca_vc032x: Unknown sensor... [ 115.069323][ T27] vc032x: probe of 1-1:0.0 failed with error -22 [ 115.079840][ T27] usb 1-1: USB disconnect, device number 3 [ 115.278306][ T6337] netlink: 188 bytes leftover after parsing attributes in process `syz.2.174'. [ 115.477172][ T6342] loop1: detected capacity change from 0 to 16 [ 115.512252][ T6342] erofs: (device loop1): mounted with root inode @ nid 36. [ 116.215262][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 116.224175][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 116.233811][ T27] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 116.242233][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 116.250955][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 116.259803][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 116.334434][ T0] NOHZ tick-stop error: local softirq work is pending, handler #c2!!! [ 116.604259][ C0] sched: RT throttling activated [ 116.684418][ T6346] loop3: detected capacity change from 0 to 131072 [ 116.702672][ T6346] F2FS-fs (loop3): invalid crc value [ 116.750019][ T6346] F2FS-fs (loop3): Found nat_bits in checkpoint [ 116.791649][ T6346] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 116.848575][ T6360] team0: Device gre1 is of different type [ 116.884670][ T27] usb 1-1: Using ep0 maxpacket: 16 [ 117.040352][ T27] usb 1-1: unable to get BOS descriptor or descriptor too short [ 117.104359][ T27] usb 1-1: unable to read config index 0 descriptor/start: -71 [ 117.112032][ T27] usb 1-1: can't read configurations, error -71 [ 117.592188][ T5867] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 117.613494][ T6369] loop1: detected capacity change from 0 to 1024 [ 117.638910][ T5867] hid-generic 0000:0000:0000.0002: hidraw0: HID v0.00 Device [syz1] on syz0 [ 118.583006][ T993] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 118.620984][ T2974] hfsplus: b-tree write err: -5, ino 4 [ 118.964609][ T993] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 119.269341][ T993] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 119.367136][ T6382] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 119.592988][ T993] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 120.167573][ T5776] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 120.186229][ T5776] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 120.196273][ T5776] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 120.211619][ T5776] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 120.240769][ T5776] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 120.254002][ T5776] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 120.922326][ T6411] loop1: detected capacity change from 0 to 1024 [ 120.955533][ T6411] EXT4-fs: Ignoring removed nomblk_io_submit option [ 121.001074][ T6411] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 121.235876][ T6419] EXT4-fs error (device loop1): ext4_map_blocks:608: inode #2: block 16: comm syz.1.201: lblock 0 mapped to illegal pblock 16 (length 1) [ 121.423461][ T5774] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 121.624168][ T28] audit: type=1326 audit(1769832951.963:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6428 comm="syz.2.197" exe="/root/syz-executor" sig=31 arch=c000003e syscall=15 compat=0 ip=0x7ff6ddb3c2d9 code=0x0 [ 121.919174][ T6394] chnl_net:caif_netlink_parms(): no params data found [ 122.287488][ T6394] bridge0: port 1(bridge_slave_0) entered blocking state [ 122.321242][ T6394] bridge0: port 1(bridge_slave_0) entered disabled state [ 122.328676][ T5786] Bluetooth: hci2: command tx timeout [ 122.348300][ T6394] bridge_slave_0: entered allmulticast mode [ 122.356967][ T6394] bridge_slave_0: entered promiscuous mode [ 122.547346][ T6453] netlink: 76 bytes leftover after parsing attributes in process `syz.2.208'. [ 122.571167][ T6394] bridge0: port 2(bridge_slave_1) entered blocking state [ 122.586490][ T6394] bridge0: port 2(bridge_slave_1) entered disabled state [ 122.593333][ T6453] netlink: 76 bytes leftover after parsing attributes in process `syz.2.208'. [ 122.610004][ T6394] bridge_slave_1: entered allmulticast mode [ 122.620697][ T5841] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 122.635969][ T6394] bridge_slave_1: entered promiscuous mode [ 122.835700][ T5841] usb 4-1: Using ep0 maxpacket: 16 [ 122.843331][ T6394] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 122.869781][ T5841] usb 4-1: config 1 interface 0 altsetting 255 endpoint 0x1 has invalid wMaxPacketSize 0 [ 122.880868][ T5841] usb 4-1: config 1 interface 0 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 0 [ 122.898135][ T6394] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 122.924815][ T5841] usb 4-1: config 1 interface 0 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 122.988191][ T5841] usb 4-1: config 1 interface 0 has no altsetting 0 [ 123.035389][ T5841] usb 4-1: New USB device found, idVendor=04b8, idProduct=0202, bcdDevice= 0.40 [ 123.054332][ T5841] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 123.062417][ T5841] usb 4-1: Product: syz [ 123.088246][ T5841] usb 4-1: Manufacturer: syz [ 123.103250][ T5841] usb 4-1: SerialNumber: syz [ 123.103608][ T993] hsr_slave_0: left promiscuous mode [ 123.138486][ T993] hsr_slave_1: left promiscuous mode [ 123.149286][ T993] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 123.164755][ T993] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 123.184089][ T993] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 123.204458][ T993] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 123.228855][ T993] bridge_slave_1: left allmulticast mode [ 123.244358][ T993] bridge_slave_1: left promiscuous mode [ 123.252503][ T993] bridge0: port 2(bridge_slave_1) entered disabled state [ 123.287279][ T993] bridge_slave_0: left allmulticast mode [ 123.308947][ T993] bridge_slave_0: left promiscuous mode [ 123.345127][ T993] bridge0: port 1(bridge_slave_0) entered disabled state [ 123.402661][ T5841] usblp 4-1:1.0: usblp0: USB Unidirectional printer dev 2 if 0 alt 255 proto 1 vid 0x04B8 pid 0x0202 [ 123.439194][ T993] veth1_macvtap: left promiscuous mode [ 123.449812][ T993] veth0_macvtap: left promiscuous mode [ 123.456235][ T993] veth1_vlan: left promiscuous mode [ 123.462082][ T993] veth0_vlan: left promiscuous mode [ 124.167051][ T5894] usb 4-1: USB disconnect, device number 2 [ 124.186443][ T5894] usblp0: removed [ 124.406663][ T5786] Bluetooth: hci2: command tx timeout [ 125.020826][ T993] team0 (unregistering): Port device team_slave_1 removed [ 125.152759][ T993] team0 (unregistering): Port device team_slave_0 removed [ 125.217810][ T6496] loop3: detected capacity change from 0 to 8192 [ 125.249458][ T993] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 125.318996][ T993] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 125.483248][ T6496] FAT-fs (loop3): error, clusters badly computed (2 != 1) [ 125.503764][ T6496] FAT-fs (loop3): Filesystem has been set read-only [ 125.925214][ T6500] loop3: detected capacity change from 0 to 8192 [ 125.947457][ T6500] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 125.981547][ T6500] REISERFS (device loop3): found reiserfs format "3.6" with non-standard journal [ 126.006141][ T6500] REISERFS (device loop3): using ordered data mode [ 126.012729][ T6500] reiserfs: using flush barriers [ 126.068555][ T6500] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 126.085769][ T6500] REISERFS (device loop3): checking transaction log (loop3) [ 126.124814][ T993] bond0 (unregistering): Released all slaves [ 126.202434][ T6503] loop1: detected capacity change from 0 to 4096 [ 126.220690][ T6503] EXT4-fs: Ignoring removed bh option [ 126.290933][ T6500] REISERFS (device loop3): Using tea hash to sort names [ 126.328993][ T6500] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage. [ 126.447121][ T6394] team0: Port device team_slave_0 added [ 126.482627][ T6394] team0: Port device team_slave_1 added [ 126.488479][ T5786] Bluetooth: hci2: command tx timeout [ 126.507348][ T6460] netlink: 12 bytes leftover after parsing attributes in process `syz.2.210'. [ 126.517951][ T6460] netlink: 4 bytes leftover after parsing attributes in process `syz.2.210'. [ 126.534403][ T6460] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 126.543575][ T6460] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 126.547118][ T6503] EXT4-fs (loop1): Test dummy encryption mode enabled [ 126.552564][ T6460] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 126.568058][ T6460] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 126.593252][ T6500] REISERFS warning (device loop3): vs-13060 reiserfs_update_sd_size: stat data of object [2 5 0x0 SD] (nlink == 1) not found (pos 2) [ 126.609420][ T6503] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003] [ 126.628517][ T6503] System zones: 0-5 [ 126.669945][ T6500] REISERFS warning (device loop3): vs-13060 reiserfs_update_sd_size: stat data of object [2 5 0x0 SD] (nlink == 1) not found (pos 2) [ 126.682606][ T6503] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 126.746916][ T6460] netlink: 12 bytes leftover after parsing attributes in process `syz.2.210'. [ 126.756585][ T6460] netlink: 4 bytes leftover after parsing attributes in process `syz.2.210'. [ 126.771408][ T6500] REISERFS warning (device loop3): vs-13060 reiserfs_update_sd_size: stat data of object [2 5 0x0 SD] (nlink == 1) not found (pos 1) [ 126.795581][ T6394] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 126.802606][ T6394] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 126.866651][ T6500] ================================================================== [ 126.874802][ T6500] BUG: KASAN: out-of-bounds in leaf_paste_in_buffer+0x1e0/0xbd0 [ 126.882515][ T6500] Read of size 18446744073709493643 at addr ffff8880547ac275 by task syz.3.220/6500 [ 126.891920][ T6500] [ 126.894299][ T6500] CPU: 1 PID: 6500 Comm: syz.3.220 Not tainted syzkaller #0 [ 126.901626][ T6500] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 126.911754][ T6500] Call Trace: [ 126.915068][ T6500] [ 126.918022][ T6500] dump_stack_lvl+0x18c/0x250 [ 126.922774][ T6500] ? __lock_acquire+0x7d40/0x7d40 [ 126.927834][ T6500] ? show_regs_print_info+0x20/0x20 [ 126.933078][ T6500] ? load_image+0x400/0x400 [ 126.937610][ T6500] ? __virt_addr_valid+0x469/0x540 [ 126.942783][ T6500] print_report+0xa8/0x210 [ 126.947233][ T6500] ? leaf_paste_in_buffer+0x1e0/0xbd0 [ 126.952646][ T6500] kasan_report+0x117/0x150 [ 126.957181][ T6500] ? leaf_paste_in_buffer+0x1e0/0xbd0 [ 126.962586][ T6500] ? leaf_paste_in_buffer+0x1e0/0xbd0 [ 126.967998][ T6500] kasan_check_range+0x241/0x290 [ 126.972972][ T6500] ? leaf_paste_in_buffer+0x1e0/0xbd0 [ 126.978414][ T6500] __asan_memmove+0x29/0x70 [ 126.982948][ T6500] leaf_paste_in_buffer+0x1e0/0xbd0 [ 126.988198][ T6500] leaf_copy_boundary_item+0xc75/0x21b0 [ 126.993781][ T6500] leaf_move_items+0x8cf/0xec0 [ 126.998581][ T6500] ? reiserfs_convert_objectid_map_v1+0x500/0x500 [ 127.005039][ T6500] leaf_shift_left+0xbd/0x450 [ 127.009748][ T6500] balance_leaf+0x2f16/0x10df0 [ 127.014549][ T6500] ? stack_trace_save+0x100/0x100 [ 127.019601][ T6500] ? arch_stack_walk+0x160/0x190 [ 127.024573][ T6500] ? do_balance+0x930/0x930 [ 127.029100][ T6500] ? __mutex_trylock_common+0x159/0x260 [ 127.034667][ T6500] ? trace_raw_output_contention_end+0xd0/0xd0 [ 127.040876][ T6500] ? rcu_is_watching+0x15/0xb0 [ 127.045709][ T6500] ? trace_contention_end+0x39/0xe0 [ 127.050935][ T6500] ? __mutex_lock+0x315/0xcc0 [ 127.055643][ T6500] ? __might_sleep+0xe0/0xe0 [ 127.060266][ T6500] ? __mutex_unlock_slowpath+0x1b4/0x6c0 [ 127.065933][ T6500] ? reiserfs_write_lock_nested+0x60/0xd0 [ 127.071682][ T6500] ? mutex_lock_nested+0x20/0x20 [ 127.076665][ T6500] ? get_empty_nodes+0x48e/0x920 [ 127.081630][ T6500] ? __wake_up+0x1a0/0x1a0 [ 127.086120][ T6500] ? indirect_is_left_mergeable+0xe5/0x180 [ 127.092052][ T6500] ? get_neighbors+0x1030/0x1030 [ 127.097025][ T6500] ? sd_create_vi+0xd/0x50 [ 127.101465][ T6500] ? sd_check_item+0x10/0x10 [ 127.106091][ T6500] ? create_virtual_node+0x1fb/0x1b60 [ 127.111513][ T6500] ? get_neighbors+0x9ba/0x1030 [ 127.116408][ T6500] ? fix_nodes+0x7bf3/0x8350 [ 127.121049][ T6500] do_balance+0x31c/0x930 [ 127.125404][ T6500] ? get_right_neighbor_position+0x210/0x210 [ 127.131412][ T6500] ? reiserfs_paste_into_item+0x3cc/0x800 [ 127.137162][ T6500] reiserfs_paste_into_item+0x6f5/0x800 [ 127.142738][ T6500] ? entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 127.148834][ T6500] ? reiserfs_cut_from_item+0x1fe0/0x1fe0 [ 127.154619][ T6500] ? reiserfs_get_block+0x156c/0x4060 [ 127.160154][ T6500] ? rcu_is_watching+0x15/0xb0 [ 127.164971][ T6500] ? reiserfs_get_block+0x156c/0x4060 [ 127.170388][ T6500] ? __kmalloc+0xe2/0x230 [ 127.174750][ T6500] reiserfs_get_block+0x1c37/0x4060 [ 127.180507][ T6500] ? make_le_item_head+0x5a0/0x5a0 [ 127.185651][ T6500] ? mod_objcg_state+0x511/0x8a0 [ 127.190618][ T6500] ? lockdep_hardirqs_on+0x98/0x150 [ 127.195849][ T6500] ? verify_lock_unused+0x140/0x140 [ 127.201087][ T6500] ? lockdep_init_map_type+0x9c/0x8e0 [ 127.206496][ T6500] ? folio_create_empty_buffers+0x538/0x720 [ 127.212446][ T6500] ? __lock_acquire+0x7d40/0x7d40 [ 127.217498][ T6500] ? __rwlock_init+0x150/0x150 [ 127.222291][ T6500] ? do_raw_spin_unlock+0x121/0x230 [ 127.227511][ T6500] ? _raw_spin_unlock+0x28/0x40 [ 127.232390][ T6500] __block_write_begin_int+0x57f/0x1af0 [ 127.237965][ T6500] ? folio_batch_add_and_move+0x168/0x2b0 [ 127.243735][ T6500] ? make_le_item_head+0x5a0/0x5a0 [ 127.248877][ T6500] ? folio_zero_new_buffers+0x550/0x550 [ 127.254454][ T6500] ? __block_write_begin+0x64/0x150 [ 127.259704][ T6500] reiserfs_write_begin+0x20a/0x4c0 [ 127.264953][ T6500] ? fault_in_iov_iter_readable+0xbf/0x2e0 [ 127.270974][ T6500] generic_perform_write+0x2fe/0x5c0 [ 127.276293][ T6500] ? generic_file_direct_write+0x3e0/0x3e0 [ 127.282128][ T6500] ? __mnt_drop_write_file+0xc3/0x100 [ 127.287527][ T6500] ? __generic_file_write_iter+0xf7/0x230 [ 127.293275][ T6500] ? generic_file_write_iter+0x9b/0x2e0 [ 127.298860][ T6500] generic_file_write_iter+0xaf/0x2e0 [ 127.304272][ T6500] vfs_write+0x46c/0x990 [ 127.308556][ T6500] ? file_end_write+0x250/0x250 [ 127.313443][ T6500] ? __fget_files+0x43d/0x4b0 [ 127.318157][ T6500] ? __fdget+0x180/0x210 [ 127.322430][ T6500] ? __x64_sys_pwrite64+0xf6/0x230 [ 127.327579][ T6500] __x64_sys_pwrite64+0x19b/0x230 [ 127.332635][ T6500] ? ksys_pwrite64+0x1c0/0x1c0 [ 127.337464][ T6500] ? lockdep_hardirqs_on+0x98/0x150 [ 127.342751][ T6500] do_syscall_64+0x55/0xa0 [ 127.347211][ T6500] ? clear_bhb_loop+0x40/0x90 [ 127.351920][ T6500] ? clear_bhb_loop+0x40/0x90 [ 127.356640][ T6500] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 127.362555][ T6500] RIP: 0033:0x7f526039aeb9 [ 127.367008][ T6500] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 127.386636][ T6500] RSP: 002b:00007f52612e0028 EFLAGS: 00000246 ORIG_RAX: 0000000000000012 [ 127.395080][ T6500] RAX: ffffffffffffffda RBX: 00007f5260615fa0 RCX: 00007f526039aeb9 [ 127.403117][ T6500] RDX: 0000000000000001 RSI: 000020000001f900 RDI: 0000000000000006 [ 127.411106][ T6500] RBP: 00007f5260408c1f R08: 0000000000000000 R09: 0000000000000000 [ 127.419096][ T6500] R10: 0000000008000c63 R11: 0000000000000246 R12: 0000000000000000 [ 127.427085][ T6500] R13: 00007f5260616038 R14: 00007f5260615fa0 R15: 00007ffef4fc7b08 [ 127.435099][ T6500] [ 127.438140][ T6500] [ 127.440482][ T6500] The buggy address belongs to the physical page: [ 127.446922][ T6500] page:ffffea000151eb00 refcount:1 mapcount:0 mapping:ffff88807f1b22d8 index:0x4ae pfn:0x547ac [ 127.457270][ T6500] memcg:ffff888023ada000 [ 127.461538][ T6500] aops:ext4_da_aops ino:7ef dentry name(?):"syz.yG0Amz" [ 127.468510][ T6500] flags: 0xfff8000000002c(referenced|uptodate|lru|node=0|zone=1|lastcpupid=0x7ff) [ 127.477730][ T6500] page_type: 0xffffffff() [ 127.482085][ T6500] raw: 00fff8000000002c ffffea000151eac8 ffffea000151eb48 ffff88807f1b22d8 [ 127.490693][ T6500] raw: 00000000000004ae 0000000000000000 00000001ffffffff ffff888023ada000 [ 127.499289][ T6500] page dumped because: kasan: bad access detected [ 127.505737][ T6500] page_owner tracks the page as allocated [ 127.511473][ T6500] page last allocated via order 0, migratetype Movable, gfp_mask 0x152c4a(GFP_NOFS|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL|__GFP_MOVABLE), pid 6375, tgid 6375 (syz.2.190), ts 119327771427, free_ts 32176417884 [ 127.534085][ T6500] post_alloc_hook+0x1c1/0x200 [ 127.538884][ T6500] get_page_from_freelist+0x1951/0x19e0 [ 127.544455][ T6500] __alloc_pages+0x1f0/0x460 [ 127.549064][ T6500] folio_alloc+0x1e/0x30 [ 127.553331][ T6500] filemap_alloc_folio+0xdf/0x490 [ 127.558462][ T6500] page_cache_ra_unbounded+0x17b/0x770 [ 127.563962][ T6500] filemap_fault+0x565/0x15b0 [ 127.568687][ T6500] __do_fault+0x13b/0x4d0 [ 127.573043][ T6500] handle_mm_fault+0x2299/0x4c00 [ 127.578002][ T6500] __get_user_pages+0x5d0/0x1380 [ 127.582971][ T6500] get_dump_page+0x10c/0x200 [ 127.587622][ T6500] dump_user_range+0x127/0x860 [ 127.592409][ T6500] elf_core_dump+0x31d0/0x3770 [ 127.597201][ T6500] do_coredump+0x17cc/0x24d0 [ 127.601812][ T6500] get_signal+0x1133/0x13f0 [ 127.606430][ T6500] arch_do_signal_or_restart+0xc2/0x800 [ 127.612012][ T6500] page last free stack trace: [ 127.616711][ T6500] free_unref_page_prepare+0x7b2/0x8c0 [ 127.622210][ T6500] free_unref_page+0x32/0x2e0 [ 127.626920][ T6500] free_contig_range+0xa1/0x150 [ 127.631801][ T6500] destroy_args+0x80/0x850 [ 127.636241][ T6500] debug_vm_pgtable+0x411/0x440 [ 127.641116][ T6500] do_one_initcall+0x242/0x790 [ 127.645935][ T6500] do_initcall_level+0x137/0x1f0 [ 127.650913][ T6500] do_initcalls+0x69/0xd0 [ 127.655296][ T6500] kernel_init_freeable+0x3ed/0x580 [ 127.660537][ T6500] kernel_init+0x1d/0x1c0 [ 127.664889][ T6500] ret_from_fork+0x48/0x80 [ 127.669345][ T6500] ret_from_fork_asm+0x11/0x20 [ 127.674140][ T6500] [ 127.676502][ T6500] Memory state around the buggy address: [ 127.682183][ T6500] ffff8880547ac100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 127.690280][ T6500] ffff8880547ac180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 127.698372][ T6500] >ffff8880547ac200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 127.706467][ T6500] ^ [ 127.714203][ T6500] ffff8880547ac280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 127.722308][ T6500] ffff8880547ac300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 127.730393][ T6500] ================================================================== [ 127.748412][ T6394] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 127.766802][ T6394] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 127.773826][ T6394] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 127.851733][ T6500] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 127.859016][ T6500] CPU: 0 PID: 6500 Comm: syz.3.220 Not tainted syzkaller #0 [ 127.866440][ T6500] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 127.876567][ T6500] Call Trace: [ 127.879894][ T6500] [ 127.882868][ T6500] dump_stack_lvl+0x18c/0x250 [ 127.887612][ T6500] ? show_regs_print_info+0x20/0x20 [ 127.892882][ T6500] ? load_image+0x400/0x400 [ 127.894725][ T6394] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 127.908146][ T6500] panic+0x2dc/0x730 [ 127.912101][ T6500] ? bpf_jit_dump+0xd0/0xd0 [ 127.916660][ T6500] ? _raw_spin_unlock_irqrestore+0x111/0x120 [ 127.922698][ T6500] ? _raw_spin_unlock+0x40/0x40 [ 127.927587][ T6500] ? print_memory_metadata+0x314/0x400 [ 127.933112][ T6500] ? leaf_paste_in_buffer+0x1e0/0xbd0 [ 127.938533][ T6500] check_panic_on_warn+0x84/0xa0 [ 127.943507][ T6500] ? leaf_paste_in_buffer+0x1e0/0xbd0 [ 127.948926][ T6500] end_report+0x6f/0x130 [ 127.953202][ T6500] kasan_report+0x128/0x150 [ 127.957742][ T6500] ? leaf_paste_in_buffer+0x1e0/0xbd0 [ 127.963157][ T6500] ? leaf_paste_in_buffer+0x1e0/0xbd0 [ 127.968575][ T6500] kasan_check_range+0x241/0x290 [ 127.973545][ T6500] ? leaf_paste_in_buffer+0x1e0/0xbd0 [ 127.978948][ T6500] __asan_memmove+0x29/0x70 [ 127.983490][ T6500] leaf_paste_in_buffer+0x1e0/0xbd0 [ 127.988876][ T6500] leaf_copy_boundary_item+0xc75/0x21b0 [ 127.994475][ T6500] leaf_move_items+0x8cf/0xec0 [ 127.999296][ T6500] ? reiserfs_convert_objectid_map_v1+0x500/0x500 [ 128.005787][ T6500] leaf_shift_left+0xbd/0x450 [ 128.010542][ T6500] balance_leaf+0x2f16/0x10df0 [ 128.015377][ T6500] ? stack_trace_save+0x100/0x100 [ 128.020449][ T6500] ? arch_stack_walk+0x160/0x190 [ 128.025425][ T6500] ? do_balance+0x930/0x930 [ 128.029968][ T6500] ? __mutex_trylock_common+0x159/0x260 [ 128.035556][ T6500] ? trace_raw_output_contention_end+0xd0/0xd0 [ 128.041850][ T6500] ? rcu_is_watching+0x15/0xb0 [ 128.046651][ T6500] ? trace_contention_end+0x39/0xe0 [ 128.051888][ T6500] ? __mutex_lock+0x315/0xcc0 [ 128.056617][ T6500] ? __might_sleep+0xe0/0xe0 [ 128.061238][ T6500] ? __mutex_unlock_slowpath+0x1b4/0x6c0 [ 128.067038][ T6500] ? reiserfs_write_lock_nested+0x60/0xd0 [ 128.072797][ T6500] ? mutex_lock_nested+0x20/0x20 [ 128.077797][ T6500] ? get_empty_nodes+0x48e/0x920 [ 128.082783][ T6500] ? __wake_up+0x1a0/0x1a0 [ 128.087239][ T6500] ? indirect_is_left_mergeable+0xe5/0x180 [ 128.093094][ T6500] ? get_neighbors+0x1030/0x1030 [ 128.098081][ T6500] ? sd_create_vi+0xd/0x50 [ 128.102542][ T6500] ? sd_check_item+0x10/0x10 [ 128.107159][ T6500] ? create_virtual_node+0x1fb/0x1b60 [ 128.112572][ T6500] ? get_neighbors+0x9ba/0x1030 [ 128.117468][ T6500] ? fix_nodes+0x7bf3/0x8350 [ 128.122105][ T6500] do_balance+0x31c/0x930 [ 128.126534][ T6500] ? get_right_neighbor_position+0x210/0x210 [ 128.132575][ T6500] ? reiserfs_paste_into_item+0x3cc/0x800 [ 128.138350][ T6500] reiserfs_paste_into_item+0x6f5/0x800 [ 128.143967][ T6500] ? entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 128.150075][ T6500] ? reiserfs_cut_from_item+0x1fe0/0x1fe0 [ 128.155868][ T6500] ? reiserfs_get_block+0x156c/0x4060 [ 128.161276][ T6500] ? rcu_is_watching+0x15/0xb0 [ 128.166074][ T6500] ? reiserfs_get_block+0x156c/0x4060 [ 128.171472][ T6500] ? __kmalloc+0xe2/0x230 [ 128.175842][ T6500] reiserfs_get_block+0x1c37/0x4060 [ 128.181086][ T6500] ? make_le_item_head+0x5a0/0x5a0 [ 128.186250][ T6500] ? mod_objcg_state+0x511/0x8a0 [ 128.191218][ T6500] ? lockdep_hardirqs_on+0x98/0x150 [ 128.196445][ T6500] ? verify_lock_unused+0x140/0x140 [ 128.201679][ T6500] ? lockdep_init_map_type+0x9c/0x8e0 [ 128.207090][ T6500] ? folio_create_empty_buffers+0x538/0x720 [ 128.213108][ T6500] ? __lock_acquire+0x7d40/0x7d40 [ 128.218181][ T6500] ? __rwlock_init+0x150/0x150 [ 128.223025][ T6500] ? do_raw_spin_unlock+0x121/0x230 [ 128.228287][ T6500] ? _raw_spin_unlock+0x28/0x40 [ 128.233177][ T6500] __block_write_begin_int+0x57f/0x1af0 [ 128.238758][ T6500] ? folio_batch_add_and_move+0x168/0x2b0 [ 128.244526][ T6500] ? make_le_item_head+0x5a0/0x5a0 [ 128.249675][ T6500] ? folio_zero_new_buffers+0x550/0x550 [ 128.255260][ T6500] ? __block_write_begin+0x64/0x150 [ 128.260501][ T6500] reiserfs_write_begin+0x20a/0x4c0 [ 128.265731][ T6500] ? fault_in_iov_iter_readable+0xbf/0x2e0 [ 128.271570][ T6500] generic_perform_write+0x2fe/0x5c0 [ 128.276894][ T6500] ? generic_file_direct_write+0x3e0/0x3e0 [ 128.282723][ T6500] ? __mnt_drop_write_file+0xc3/0x100 [ 128.288222][ T6500] ? __generic_file_write_iter+0xf7/0x230 [ 128.293961][ T6500] ? generic_file_write_iter+0x9b/0x2e0 [ 128.299532][ T6500] generic_file_write_iter+0xaf/0x2e0 [ 128.304940][ T6500] vfs_write+0x46c/0x990 [ 128.309220][ T6500] ? file_end_write+0x250/0x250 [ 128.314097][ T6500] ? __fget_files+0x43d/0x4b0 [ 128.318814][ T6500] ? __fdget+0x180/0x210 [ 128.323082][ T6500] ? __x64_sys_pwrite64+0xf6/0x230 [ 128.328227][ T6500] __x64_sys_pwrite64+0x19b/0x230 [ 128.333390][ T6500] ? ksys_pwrite64+0x1c0/0x1c0 [ 128.338212][ T6500] ? lockdep_hardirqs_on+0x98/0x150 [ 128.343443][ T6500] do_syscall_64+0x55/0xa0 [ 128.347898][ T6500] ? clear_bhb_loop+0x40/0x90 [ 128.352604][ T6500] ? clear_bhb_loop+0x40/0x90 [ 128.357306][ T6500] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 128.363226][ T6500] RIP: 0033:0x7f526039aeb9 [ 128.367663][ T6500] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 128.387305][ T6500] RSP: 002b:00007f52612e0028 EFLAGS: 00000246 ORIG_RAX: 0000000000000012 [ 128.395746][ T6500] RAX: ffffffffffffffda RBX: 00007f5260615fa0 RCX: 00007f526039aeb9 [ 128.403770][ T6500] RDX: 0000000000000001 RSI: 000020000001f900 RDI: 0000000000000006 [ 128.411865][ T6500] RBP: 00007f5260408c1f R08: 0000000000000000 R09: 0000000000000000 [ 128.419971][ T6500] R10: 0000000008000c63 R11: 0000000000000246 R12: 0000000000000000 [ 128.427976][ T6500] R13: 00007f5260616038 R14: 00007f5260615fa0 R15: 00007ffef4fc7b08 [ 128.436007][ T6500] [ 128.439187][ T6500] Kernel Offset: disabled [ 128.443519][ T6500] Rebooting in 86400 seconds..