last executing test programs: 14m7.889511303s ago: executing program 32 (id=34): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r3, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r4, @ANYBLOB="01030003000000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0) sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@newqdisc={0x24, 0x10, 0x1, 0x70bd29, 0x10000000, {0x0, 0x0, 0x0, r4, {0xc, 0x1b}, {}, {0xe, 0xd}}}, 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x0) sendto(r0, &(0x7f0000000180), 0x0, 0x14081, &(0x7f0000000240)=@generic={0x2b, "02e4c6d96364a891773967674b461d810f85d77272b04acc8e5851f20537c59214f268a78fa5c129df41e4a14f7fbe775fa41f4f1cc1e7dde649265ee58ccc0feff0ead1f7788a078b2bad809572811cbaf36ec85dd7c37c5fac08c33976cae0b17e3a9133947a0dacbc7c6a7862ef3be19a11b909af3640c9354fc93d5c"}, 0x80) 13m45.160254882s ago: executing program 33 (id=138): futex(&(0x7f000000cffc)=0x1, 0xd, 0x0, 0x0, 0x0, 0x0) futex(&(0x7f000000cffc)=0x1, 0xd, 0x0, &(0x7f0000000000)={0x77359400}, 0x0, 0x2) timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) syz_clone3(0x0, 0x0) r0 = syz_open_procfs(0x0, 0x0) pread64(r0, 0x0, 0x0, 0x96) preadv(r0, 0x0, 0x0, 0x3, 0x5) 13m29.054780742s ago: executing program 34 (id=149): r0 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r0, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x2, 0x4}}, 0x10) r1 = socket$tipc(0x1e, 0x5, 0x0) r2 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r2, &(0x7f0000000140)=@name={0x1e, 0x2, 0x0, {{0x42}}}, 0x10) bind$tipc(r2, &(0x7f0000000240)=@name={0x1e, 0x2, 0x0, {{0x42, 0x1}}}, 0x10) bind$tipc(r2, &(0x7f00000000c0)=@name={0x1e, 0x2, 0x0, {{0x42, 0x3}, 0x2}}, 0x10) r3 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r3, &(0x7f00000001c0)=@nameseq={0x1e, 0x1, 0x2, {0x42, 0x3, 0x7}}, 0x10) sendmsg$tipc(r1, &(0x7f0000000380)={&(0x7f0000000140)=@name={0x1e, 0x2, 0x3, {{0x42, 0x2}}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4000884}, 0x48004) 13m2.672308755s ago: executing program 35 (id=288): r0 = epoll_create1(0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r2, &(0x7f0000000100)={0x20000014}) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r0, &(0x7f0000000000)={0xa0000001}) ppoll(&(0x7f0000000980)=[{r3, 0x1}], 0x1, 0x0, 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000000140)={0x4}) 12m14.623517033s ago: executing program 36 (id=457): r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_INIT(r0, 0x0, 0xc8, &(0x7f0000000100), 0x4) rename(0x0, 0x0) setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f0000003d80)={0x0, 0x0, 0x0, 0x0, @vifc_lcl_addr=@local, @dev}, 0x10) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_VIF(r2, 0x0, 0xca, &(0x7f00000000c0)={0x8, 0x0, 0x0, 0x0, @vifc_lcl_addr=@local, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10) setsockopt$inet_mreq(r1, 0x0, 0x23, &(0x7f0000000000)={@multicast1=0xe0000300, @local}, 0x8) syz_emit_ethernet(0x42, &(0x7f0000000040)={@local, @multicast, @void, {@ipv4={0x800, @icmp={{0x6, 0x4, 0x0, 0x0, 0x34, 0x0, 0x0, 0x80, 0x2, 0x0, @empty, @multicast1=0xe0000300, {[@generic={0x88, 0x2}]}}, @dest_unreach={0x3, 0x4, 0x0, 0x0, 0x3, 0xc58, {0x5, 0x4, 0x0, 0x7, 0x0, 0x65, 0xe, 0x4e, 0x24, 0xc, @empty, @dev={0xac, 0x14, 0x14, 0x44}}}}}}}, 0x0) setsockopt$MRT_ADD_MFC_PROXY(r2, 0x0, 0xd2, &(0x7f0000000200)={@empty, @multicast2=0xe0000300, 0x0, "028a3f6c58b274e6d8451697efe42811ee1df06e9264f7d866b1970548fc3c7b", 0xb2, 0xfffffff7, 0x4, 0x40000006}, 0x3c) 11m1.988829712s ago: executing program 37 (id=721): socket$kcm(0x10, 0x2, 0x0) socket$tipc(0x1e, 0x1, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ff8000/0x1000)=nil, &(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r0 = io_uring_setup(0xd9f, &(0x7f0000000040)={0x0, 0xc8df, 0xc000, 0xa, 0x20002f7}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000093c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@deltfilter={0x24, 0x2d, 0x10, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x1}, {0xe, 0xa}, {0xe, 0xa}}}, 0x24}, 0x1, 0x0, 0x0, 0xc0c1}, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3, &(0x7f0000000000)=0x6, 0x4) r1 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x43) io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0) 11m1.426163968s ago: executing program 38 (id=723): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0b00000005000000000400000900000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000400007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x20, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000680)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r4}, &(0x7f0000000280), &(0x7f0000000240)=r1}, 0x20) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000bc0)=ANY=[@ANYBLOB="1808000000000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b703000000000000850000000c000000b7000000000000001801000000082c2500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000000c0)=r5, 0x4) sendmsg$inet(r3, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) 10m41.783241891s ago: executing program 0 (id=777): socket$kcm(0x10, 0x2, 0x0) socketpair(0x1, 0x1, 0x0, &(0x7f0000000180)) socket$kcm(0x2, 0x3, 0x2) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x6, 0x4, 0x4, 0x5}, 0x50) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) close(0x3) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0a000000040000000600000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000000000000850000008600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="240000001000010700930000ffffffff0a000000060001001000000008000a00", @ANYRES32=r2], 0x24}}, 0x24008000) 10m41.588019943s ago: executing program 0 (id=779): r0 = gettid() socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$int_in(r1, 0x5452, &(0x7f0000000180)=0xffffffffffffffff) setresuid(0xee01, 0xee00, 0x0) fcntl$setsig(r1, 0xa, 0x12) ppoll(&(0x7f0000000100)=[{r2}], 0x1, 0x0, 0x0, 0x0) dup2(r1, r2) setreuid(0x0, 0xee01) fcntl$setown(r2, 0x8, r0) tkill(r0, 0x13) 10m41.256103497s ago: executing program 0 (id=781): openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x82042, 0x19d) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) r2 = fanotify_init(0xf00, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) chdir(&(0x7f0000000140)='./bus\x00') fanotify_mark(r2, 0x1, 0x10001043, r1, 0x0) openat(0xffffffffffffff9c, &(0x7f00000002c0)='./bus\x00', 0x42, 0x58) renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./bus\x00', r1, &(0x7f00000004c0)='./file0\x00', 0x2) renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./bus\x00', r0, &(0x7f00000004c0)='./file0\x00', 0x2) 10m40.925462051s ago: executing program 0 (id=784): ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'ipvlan0\x00'}) r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="0b00000008000000010001000900000001"], 0x50) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r1, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xa000000}, 0x94) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r3, r2, 0x25, 0x0, @void}, 0x10) syz_emit_ethernet(0xd81, &(0x7f0000001440)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x2b}, @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x9, 0x6, "25c38c", 0xd4b, 0x3a, 0x1, @private0={0xfc, 0x0, '\x00', 0x1}, @ipv4={'\x00', '\xff\xff', @loopback}, {[@routing={0x0, 0x2, 0x2, 0x6, 0x0, [@local]}], @pkt_toobig={0x2, 0x0, 0x0, 0xb, {0x8, 0x6, "fbb39e", 0x6, 0x2e, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @rand_addr=' \x01\x00', [@hopopts={0x4}], "f0d056565837ed015a70b4dec8fa4a52d943e7ea08c5b3b01d7a161bd8376e1daba85442d6b6177c2391cb11ea42f5655bdf233305aaf1cd64a426da12beae5059a904181c35fb8d2e6e401f78b4a4a3b0ca3e4249c1605eaab78927422fa43c5de9e01bbea8b7321be620a97ed1cc618d6779de5157346ce3d61a3f00b8847545e6e59114b7e115047e60cd80b43186bf5410716f2ade06fbac87956e1c2e81b92559fea81c023c410d7ca7a68680bbd1016fc04516bfa87c6048b74acd2e263268658395c4d314bf8308cb69c3bce4196cea7ca9fc175deca05d680b33dfdacd381becf27712282f830fcba55f765e102eddc095ecff349802153d89a3256d0afdf6d079067bdbbf14cbb670e6b5de72940a1143231ee0c81ef93f3faa0be2ca6b32f40fcc525084682f4487a8a3b059812cb054b9ad1916ebcdd178d56c928d9f9ac3c4dc25a1ac9e62b0aabf3ae3f7246ef1f6fca4a4297869f4bdfa597e1a47f364fefbf84a7fdd21a1ff53767782eab3035c1e5c0552dc9e379a92532c621c4e0292c0234875ba8db4eb18241e838b602e666d2e0c71e695836d0f96bb10dbe0d8fe156d9f0f5550a99b2eab2356b8ef4ffbf00a713a35f0ea2a7a91d2d5022b5648d71a4ea26dd083ab5ebd49a5ade61d071c082cddf7af877289fe6b994b65408488ab8e73ed7ed77ff763733d0cef0d65c24784863091732bed9cab3f648bf73d8a5a725f4885caa69c81bf4588dd4119ad3c65cfd72671b510fe01ba7c7bc8485a49497b608a414e215a7d05df2bec82d5ef22cfe760384a85cd6749e33ad3e3b89c9086223ff9642c78b0cdee1da22c6711eaa6134abb69c77a2bb44e7bc629e4fdff15dd5632ee084d32c10231fc2ab1ab15c495f9f9d86e712220d62c89ba739a80961ded89798ff7ae0b865054ad838e88ec9c959f7299697dc787a37d6462fa5d7ab2050e3811b346864e1e29995e731756997d92d93f6b080c37d3adf7b32325575bdf6ebcf7db1e394fe07cad7c44fd25bdacd03c30d4032f8a3efbd4e9310dab3ec52f3ca310bdbfaabdd56a628ea73bfa82ecf3ae781c99960a982967fe899102d737f9aca86dadae25d00efd33d6d3a7ffcf97d5c2b427aa0c7205ecc1fbe8d7a38f3471f5186da4f924c45fb735e9d9c995752efc27b621cb1e6495fe1ea6dfb30598c1e3dd9627a4cfc0e3ed35939c60c99d8a9983adc4bf97a8a743d1fe72c9baa21ea5ecbfbf5fbeea47c4c51d0e1c96dcfaeb179ef4f641c87c02307ef4da80a17b1ecba34c878143688db16c64ee655ee622844da6491431d3253a264f4d405fad7d61a135799a79090723d5e4a6c3099190ce8e79b31c2592a9f2f4773a7de64fb6edf3bf3a30cb54b87502f69279000f233e3a8851723dd1c5bab8b27297e9604e578e90b8a56803f5a3f340c1323fd25f2099a082bbead8019efc8ba41d1a9ed1cfd588e5068833d939bf81ed02b18a7e7e6fd8046da8284bd543a32aaa2e551e68610ec7138f0d199ff3985f161932dc8e63d3e47dad70ee2b2267b0488dd8a13934a52f31e0ac19844f3752dff3346d2342211fe25a1a554c7d186607651e49df0c8b05d844e50d12a824e37fcba0205f693a87a71833914026a8506bb73677f1f7c9e07816b79fd217de2d25066ee368afdd206b3adff914d4ac5d5391d797ef736b48757c42bdcc4d700bb607d9d832af1dfca27e77081c012c1695cc56c452d0c075ddced1a86e88ee7112eb5871d7c42049f5a466d54f92ef7f0c09f8bd2ec48addfff6cb59b2574d51e53152dd16de320d1d0762607056f84ef943f318e66eb7ca1c1a5eef58387a1d7d5d86a7de06a935ddbaab5930949ef0a9f98da9b7cd4f54b2eaec267093f07466db03594df2a0099cfdc11ac4ddb8c89bba29f09c3820a84fe03b172925a554a3f606f53ad03f3d5899de35ab86276f4c8b9ca21ad168f12ddf8df128f37ce8fedc28d2708919fd0bc506e0f6ea4cb417f1c0b98e04625e4b07d0687a19f03dc59ab35d2d12c3e7450d14d645b1cbe4c6e7ea4c798f53ade14e27158cb03475fadd2b5b44b43302f11dbf14bc3f172aadd5acc697f10fdbe6ea433d262a1dc2f28fb76d6246c6013e5ad1012662636e138e0a2315244ba18c5d311841b38155ddf22b7d0bd50e9f0ed31c057f01a48eb092afb47f4b58cc86260e863654fcbc578bd3c1a75f22d4efaec350e4d072f704cc14749b9d41d9013272215b262718f0b91ccce3401fc29184afa6df2205875dc7295ae7ddab45719ff2640e059eeb076d1a49893cbbdc9327e2da13b4cac36f42c8d5cbc3b645c68c7218f52d742921d7091a11f2d6d699562a6335cb1e271754fb90347f512d8c19dfa5d48e4962cd4ace4e1c61e8df0bbcf6fb8be2c939cb9e3bed91d341f4c7f12798257d04aad7fb540d8f9aaf3507fba47392a5163cdb19260a68cfba0c46d62ad1bde02296f54ef50c2fd178b7f41a7b8364ce7b897a2907a8642c273f18f6f9a31905908875827272d3f244b6dc6c5645eced10d5e7b58a1bf1771e831b5190e953f00c5a958a6ae1639c48fa4bfe2f2a87636a9288ae4f269167d5ffa3c15632d9d24185e25d3eeb38bbe7367e6707c2b44ba53322e9774b906e1d1eb95ddd61fd2d73eab9b0a53f3919ebc84cd40062bb0753982efb8600b84106d7f6f1163a128dd24720f5eaa6db74f893ff72e6a3ad941d1e22ae80c1e7614788c0867d9af6253f85031aad4982d488ed2a4d34a3828d56e41cf73a6a873d0a38c047d31f2130366d30d19376bdd0119a8ea627d21f4cec5036739d6fdff78cdc1494edcc670f8e151903eb979381cdc5d14db721bb09943a88b50784119130c4bfc582f69d540c40232e8635bb27136c4d2ccc3f55e5e956705fceec02269f25050381e3f621630ab21210cfcf24790fa1db654c286a1ab92f425002d373782fe48e3b5655a4255d22401bb26c5869145974c27d943c405414ed81530f845c7394b080487535a083264d6683219e0e2bf1d5635d62a2bb247d6864258b91e671ef5b5a37b7b7c3ab2402bc2d60db16f685ba42fb0b8585d714346985441d4ef9c6729342c9d4ac0ed73f7b64010623d80c702d5cbdfbad9d4c2c7495272e1afa8d1db242a821785e513640c4a742199e5fa222e7d3ebf3a6b0f8a65e397316d82700bf1cff94750d273f8dae62b5ce26333ff722988637a56914932017e5ae5adeb0f28baf056b6284560424e5fa713c80b5c10ed8668dd7de5f1b1809fd1cdb5e75c5f1bc598fc152c56d5e87b15ca721a97714880d5e3e23d91c789e8930c0e6ccac232d4b011008254f7fd44b2a6d4960129f24d02da08629e880de9498810a5318dc8225c5b6d6875f5446533b38dfebf56d36850a8738b16957fa3f222a7d82bfb64d6efc51aee74ac8c2d48c31701f86e19a224a4c5973294e9435dab9b7dcec1bcd4d0b6834521fa2402b53cc61cd34478e6f08cef74e8b0bd31e25dd36ead12b8931e6664ef26caeaf12f766ce8e806d49fcbaa759d836f906ad1a108f76dd3575a633139b9a9f82d33207164b0ea36cb01db298bca801750fa93e8fadb0daee47d80b3abf175d16f59fd3d8a71254741806ea8859bfc18c61f032318354d4e33e0fd4bda972d6d8e91b97aa818548e53ea9aac534ef344c56138e713b0e76df24172277410f71b0f96c4f020d9ded682cc28589c60fa960100410e933cc56aff4311151ce0d5fa4a8f201e6aed6926dc16c7b3616a573627be679403c61cfeb8f9990bd9a4980397c744ec405e3cfe72168282b93ffea1d3b3b0371c0ab75dc86c0806c8c742695a6fe4a342e7a5981580ea21f55b5a62f269d9fe87ce216aa7d2ff32f1c5dd2acaae14a16b2994734cd455563cfb217f8409584e7c228c637250da7deaa160596d41da49fcad271e8bafa7d47480520e49f212ccd89df516d405d2b89d7370c037b33824bffda0d97e9f476586734ac84450f9a60f65a54fd9691653cbe9a8468ce7b8e92d3a63ba8cf32b584b650d0104b00f3bfab41a14879b3b6d205c29e9702243ac1b133300e655bbc8c8bd5308896a8c62db200299d6e98240ae0cb348f5a8141919ff4da2f168109f0b0e92668a1c4cd5f5b73c84fc7512dcdfb8304fa13d88d9ae9b37658f9edd7b497b7c11fc3ac353590b206fc3323793151e37ebe6966a84dd1d34b9aadb361069675f504293f7f54874657dba61ec479a6b509ed8361d67fd4724f4c3088b62be086b5ccebcd0cc799725095a2c996044a197ad9ccccc7f4064909605970590151d3649accafd65b7cb7ee3e35c562b19a67a7610ff3ee8d9abe26dfdc492b22d86243e022a010b836d00596c8cf5ac44bd4e35b963c7668ef76c79efa5038bf14f5948b15e88b1e08b0dbb04e0246511f55d2a34252163ece4ead52652b4c737a0737ae4040b3e7728b2177e771967ba3e9ec252869816e3f077541a358217dcaa157957f8cb3c5e573d7193eea3fb26286c21083396e4fe4a35906f8711762bd30d05a0ea249c9a95f939a6f1b6419c40968bb8b12af43d27e1b33beb8ac3f40fa438fc3794fdb1a27823fcbbe052f14f6199df62a252d2b1ab418482254da1f191785d3fca212e0a35edee5c046517560bf31413a9211aa685a71fecbf52a043436b614d03e879f7b258f21d9dce5"}}}}}}}, 0x0) 10m40.683730704s ago: executing program 0 (id=786): mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0xb18094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f00000001c0)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000140)='./file1\x00') r0 = open(&(0x7f0000000640)='.\x00', 0x0, 0xdd) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), 0x1010408, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x400, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) ioctl$AUTOFS_IOC_PROTOSUBVER(r0, 0x40049366, 0x0) 10m40.314251078s ago: executing program 0 (id=789): prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008e}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58) r2 = accept$alg(r1, 0x0, 0x0) r3 = fcntl$dupfd(r2, 0x406, r2) read$FUSE(r3, &(0x7f00000040c0)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x29bb9) write$FUSE_ATTR(r3, &(0x7f0000000280)={0x78, 0xfffffffffffffff5, 0x0, {0x2, 0x3, 0x0, {0x0, 0x6, 0x400000000000000b, 0x0, 0x7ff, 0x2, 0x2, 0xd, 0x5, 0xa000, 0xa40, 0x0, r4, 0x3001, 0x2}}}, 0xffffff03) read$FUSE(r3, &(0x7f0000006100)={0x2020}, 0x2020) 10m38.947315894s ago: executing program 39 (id=793): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f0000000240)) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x1, 0x2}, 0x28) ioctl$KVM_RUN(r2, 0xae80, 0x0) setrlimit(0xf, &(0x7f0000000000)={0x1, 0x5}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'}) 10m24.886134821s ago: executing program 40 (id=789): prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008e}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58) r2 = accept$alg(r1, 0x0, 0x0) r3 = fcntl$dupfd(r2, 0x406, r2) read$FUSE(r3, &(0x7f00000040c0)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x29bb9) write$FUSE_ATTR(r3, &(0x7f0000000280)={0x78, 0xfffffffffffffff5, 0x0, {0x2, 0x3, 0x0, {0x0, 0x6, 0x400000000000000b, 0x0, 0x7ff, 0x2, 0x2, 0xd, 0x5, 0xa000, 0xa40, 0x0, r4, 0x3001, 0x2}}}, 0xffffff03) read$FUSE(r3, &(0x7f0000006100)={0x2020}, 0x2020) 10m17.517147168s ago: executing program 7 (id=845): socket$nl_xfrm(0x10, 0x3, 0x6) syz_kvm_setup_syzos_vm$x86(0xffffffffffffffff, &(0x7f0000bfe000/0x400000)=nil) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) pipe2(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) vmsplice(r0, &(0x7f0000e79000)=[{&(0x7f00003fb000)="f7", 0x7ffff000}], 0x1, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) mremap(&(0x7f000020e000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000800000/0x800000)=nil) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) madvise(&(0x7f000042f000/0x800000)=nil, 0x80fd00, 0x15) 10m15.853148547s ago: executing program 7 (id=849): r0 = userfaultfd(0x80801) r1 = creat(&(0x7f00000002c0)='./file0\x00', 0x0) write$fb(r1, &(0x7f0000000100)="732f64bd01d8958d", 0x8) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x40000, 0x19b) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r3, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)=[0x7], 0x0, 0x0, 0x1}}, 0x40) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x100}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000180)={{&(0x7f0000ffc000/0x4000)=nil, 0x4000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f00000001c0)={{&(0x7f0000ffc000/0x4000)=nil, 0x4000}, 0x1}) 10m15.577657461s ago: executing program 7 (id=851): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0) fcntl$lock(r1, 0x25, &(0x7f00000000c0)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0) fcntl$lock(r2, 0x26, &(0x7f0000000000)={0x1}) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0) fcntl$lock(r3, 0x26, &(0x7f0000000000)={0x1}) fcntl$lock(r3, 0x26, &(0x7f0000000300)={0x1, 0x0, 0x1, 0xffffffffffffffff}) fcntl$lock(r2, 0x25, &(0x7f0000000140)={0x0, 0x1, 0x9, 0x17}) close_range(r0, 0xffffffffffffffff, 0x0) 10m15.158697536s ago: executing program 7 (id=854): syz_mount_image$vfat(&(0x7f0000000240), &(0x7f0000000280)='./file0\x00', 0x1800010, &(0x7f00000002c0)=ANY=[@ANYBLOB="636865636b3d7374726963742c757466383d312c757466383d312c6e66732c6572726f72733d72656d6f756e742d726f2c73686f72746e616d653d77696e6e742c00043518f9aad8a4f2c1cdb3e993cf0444d9d2d40bb509d4da042c2c85e3650de97db42c38cafa7a9d7503c3c985486cf7fc80515e9bef7e9e56fb346de370b3eb3ecbc59d343c36bf04efc3d68033308b0014b0c677eef7536f8115edae5ef2932cc05f566112668fa4f6844dcf823618a2993da771384e8fc12467a56b33e3b00030dbfd82ea2f8ddbeb1d04bac86815ebe0b9d084d60edf56b15e74589892dce86962f611a4313120b738dddfd38d20b443570197dc795020ecf541601ef9a5618869febf769dd50261849a47e170ba166b97e76a0261d0dc1fb3e2646595f1c8b49057d94f10f7b5e35ead0a38", @ANYBLOB="5490f41e89db5c6987bb89944e3ce8a9d74aa557beeb12bf7bf4a19bec956b719f048f1e043475577b7adb3114dbb00a614a03808dfe14f5f5c2dd1b71c4d5a6a09435057b932b0b"], 0x3, 0x240, &(0x7f0000000500)="$eJzs2s9rHGUYB/Bn0tbGlHQj/qIF8UUP6mVocvbQIC2IAUW7QhWkUzPRZcfdsLMsrIjJqV79EzyLR2+C9OglF/8CD14klxx7EEe6u5pG4iGI3ZJ+Ppd94N0vzzPMy8t7mP3Xv/6su1XnW8UwFrIsFq7GbtzLYiUW4i+78dorN3964b2bH7y1vrFx7d2Urq/fWF1LKV188ccPv/jupbvDC+9/f/GH87G38tH+wdqve8/tXdr/48annTp16tTrD1ORbvf7w+J2VabNTt3NU3qnKou6TJ1eXQ6OrG9V/e3tcSp6m8tL24OyrlPRG6duOU7DfhoOxqn4pOj0Up7naXkp+C/a395rmjhozt2Kpmme/CYu3I3lX6IV2VMpe/pq9uyt7Pnd7NJB07TmPSr/C+//8fbAob4YUX01ao/a09/p+vpWdKKKMq5EK36P+9tkZlpff3Pj2pU0sRJ3qp1ZfmfUPnM0vxqtWDk+vzrNp7hT/fbEtO3OqH0+liLORczya9GKZ47Prx3mJ/3PTPovxqsvP9A/j1b8/HH0o4rNuJ89zH+5mtIbb2+ko/NfnvwPAOC0ydPfjr2/5fm/rU/zJ7gf/uN+dTYun53vsxNRjz/vFlVVDhRVOVh8NMY4DUVENtlg2WyjzXsexQmLuR5LPCSHL33ekwAAAAAAAAAAAHASD+Nzwnk/IwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8Gj7MwAA//+3Ycw+") openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000b40)={0xffffffffffffffff, 0x0, 0x25, 0x0, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6fc}}, 0x40) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x109041, 0x0) mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x81105a, 0x0) mount$bind(&(0x7f0000000880)='./file0/../file0\x00', &(0x7f0000000440)='./file0/file0\x00', 0x0, 0x1adc11, 0x0) mount$bind(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f0000000080)='./file0/file0/file0\x00', 0x0, 0x887008, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') read$FUSE(r0, &(0x7f0000006b40)={0x2020}, 0x2020) 10m14.81232193s ago: executing program 7 (id=855): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2}) r2 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'pimreg0\x00', 0x0}) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x6, 0x3, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x100}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000140)={r4, r3, 0x25, 0x0, @val=@netfilter={0x1, 0x0, 0x7}}, 0x20) r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000002180)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) close_range(r5, 0xffffffffffffffff, 0x0) 10m10.104266765s ago: executing program 7 (id=867): madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x15) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x24004045) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x40, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000003, 0x13, r2, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000000c0)={[0x1, 0xfffffffffffffffe, 0x4, 0x20000e695, 0x9, 0x400, 0x6, 0x0, 0xfffffffffffffffe, 0x0, 0x1000000200d4, 0xfffffffffffffffc, 0x6, 0x4, 0x0, 0xfffffffffffffe], 0x0, 0x8340}) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f0000000200)={{0x50000, 0x1, 0x9, 0x1, 0xcd, 0x9, 0x6, 0x1, 0x0, 0x3, 0x5, 0xeb}, {0x3000, 0x80a0000, 0xd, 0xe, 0x5, 0x7, 0x4, 0x14, 0x4, 0x9, 0x0, 0x1}, {0x8000000, 0x102f8000, 0x1e, 0x5, 0x6, 0x7, 0x97, 0x3, 0x80, 0x4, 0xe, 0x70}, {0xeeef0000, 0x6000, 0x0, 0x3, 0x6, 0x9, 0xc3, 0x0, 0x0, 0x0, 0x80, 0x2e}, {0x2, 0x2000, 0xa, 0xff, 0x8, 0xad, 0x6, 0x7, 0x8, 0x6, 0x4, 0xfc}, {0x10d000, 0x0, 0x9, 0xb9, 0x6, 0x5, 0x42, 0x6, 0x5, 0x1, 0xd, 0xd}, {0xdddd1000, 0x9000, 0x0, 0x6, 0xa, 0x8, 0x4, 0x63, 0x1c, 0x5, 0x1, 0xd}, {0xdddd1000, 0x4000, 0xa, 0x23, 0xc, 0x6, 0x9, 0x4a, 0x7, 0xc, 0x42, 0x3}, {0xeeee0000, 0x5}, {0xffff1000}, 0x0, 0x0, 0xdddd0000, 0x4003, 0x0, 0x4000, 0xeeee0c00, [0x1, 0x1004, 0x4, 0x1000]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 10m9.730345319s ago: executing program 41 (id=867): madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x15) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x24004045) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x40, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000003, 0x13, r2, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000000c0)={[0x1, 0xfffffffffffffffe, 0x4, 0x20000e695, 0x9, 0x400, 0x6, 0x0, 0xfffffffffffffffe, 0x0, 0x1000000200d4, 0xfffffffffffffffc, 0x6, 0x4, 0x0, 0xfffffffffffffe], 0x0, 0x8340}) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f0000000200)={{0x50000, 0x1, 0x9, 0x1, 0xcd, 0x9, 0x6, 0x1, 0x0, 0x3, 0x5, 0xeb}, {0x3000, 0x80a0000, 0xd, 0xe, 0x5, 0x7, 0x4, 0x14, 0x4, 0x9, 0x0, 0x1}, {0x8000000, 0x102f8000, 0x1e, 0x5, 0x6, 0x7, 0x97, 0x3, 0x80, 0x4, 0xe, 0x70}, {0xeeef0000, 0x6000, 0x0, 0x3, 0x6, 0x9, 0xc3, 0x0, 0x0, 0x0, 0x80, 0x2e}, {0x2, 0x2000, 0xa, 0xff, 0x8, 0xad, 0x6, 0x7, 0x8, 0x6, 0x4, 0xfc}, {0x10d000, 0x0, 0x9, 0xb9, 0x6, 0x5, 0x42, 0x6, 0x5, 0x1, 0xd, 0xd}, {0xdddd1000, 0x9000, 0x0, 0x6, 0xa, 0x8, 0x4, 0x63, 0x1c, 0x5, 0x1, 0xd}, {0xdddd1000, 0x4000, 0xa, 0x23, 0xc, 0x6, 0x9, 0x4a, 0x7, 0xc, 0x42, 0x3}, {0xeeee0000, 0x5}, {0xffff1000}, 0x0, 0x0, 0xdddd0000, 0x4003, 0x0, 0x4000, 0xeeee0c00, [0x1, 0x1004, 0x4, 0x1000]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 9m54.61840162s ago: executing program 9 (id=892): setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000000)=@filter={'filter\x00', 0x4, 0x4, 0x340, 0xffffffff, 0xf8, 0xf8, 0x0, 0xfeffffff, 0xffffffff, 0x298, 0x298, 0x298, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@dev={0xfe, 0x80, '\x00', 0x33}, @loopback, [0xff000000, 0xffffff00, 0xffffff00, 0xffffff00], [0xff000000, 0xffffffff, 0x0, 0xffffffff], 'syzkaller1\x00', 'sit0\x00', {0xff}, {}, 0x2, 0x3, 0x4, 0x75}, 0x2f2, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x5}}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@MARK={0x28, 'MARK\x00', 0x2, {0xfffffffa, 0x6}}}, {{@ipv6={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, [0xff, 0x0, 0xff000000], [0x0, 0xff, 0xff000000, 0xffffff00], 'vlan0\x00', 'batadv_slave_0\x00', {0xff}, {}, 0x32, 0x79, 0x5, 0x44}, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x2}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3a0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x45}, 0x20000050) r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x35, &(0x7f0000000000)=0x8000, 0x4) setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000140)=ANY=[], 0x8) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000000080)=ANY=[@ANYBLOB="3e000000000000000a004e220000000200"/32], 0x110) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x7ff, @empty, 0x9}, 0x1c) setsockopt$inet6_IPV6_DSTOPTS(r0, 0x29, 0x3b, &(0x7f0000000080)=ANY=[], 0x8) recvmmsg(r0, &(0x7f0000000040), 0x400000000000284, 0x2, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x20004184, &(0x7f0000000200)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) 9m53.455011944s ago: executing program 9 (id=895): bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x16, 0x5, &(0x7f0000000340)=ANY=[@ANYBLOB="180000000040000000000000090000008500000011000000850000000700000095"], &(0x7f0000000000)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = socket(0x10, 0x3, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0xfffffffffffffe07, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r3, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0xea, 0x0, 0x0, 0x1, 0x1009, 0x7f}, {0x12, 0x2, 0x1000, 0x401, 0x8001}, 0x40000, 0x4000005, 0x10000000}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}}, 0x44080) sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=@newqdisc={0x4c, 0x24, 0xd0f, 0x70bd29, 0x0, {0x60, 0x0, 0x0, r3, {}, {0xfff1, 0xa}, {0x1, 0x10}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x7, 0x9, 0x6, 0xfffffffa, 0xfffffff6, 0x2}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4000814}, 0x10) bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000847fff)='X', 0x34000, 0xe0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) 9m52.536276135s ago: executing program 9 (id=897): mknod(&(0x7f0000000040)='./file0\x00', 0x1000, 0x1) r0 = creat(&(0x7f00000000c0)='./file1\x00', 0x24) close(r0) r1 = inotify_init1(0x80000) inotify_add_watch(r1, &(0x7f0000000240)='.\x00', 0x60000726) r2 = socket$unix(0x1, 0x1, 0x0) bind$unix(r2, &(0x7f0000003000)=@file={0x1}, 0xc) listen(r2, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000001200), 0x0, &(0x7f0000001240)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) open(&(0x7f0000000140)='./file0\x00', 0x2, 0x0) 9m52.235140308s ago: executing program 9 (id=900): syz_mount_image$vfat(&(0x7f0000000240), &(0x7f0000000280)='./file0\x00', 0x1800010, &(0x7f00000002c0)=ANY=[@ANYBLOB="636865636b3d7374726963742c757466383d312c757466383d312c6e66732c6572726f72733d72656d6f756e742d726f2c73686f72746e616d653d77696e6e742c00043518f9aad8a4f2c1cdb3e993cf0444d9d2d40bb509d4da042c2c85e3650de97db42c38cafa7a9d7503c3c985486cf7fc80515e9bef7e9e56fb346de370b3eb3ecbc59d343c36bf04efc3d68033308b0014b0c677eef7536f8115edae5ef2932cc05f566112668fa4f6844dcf823618a2993da771384e8fc12467a56b33e3b00030dbfd82ea2f8ddbeb1d04bac86815ebe0b9d084d60edf56b15e74589892dce86962f611a4313120b738dddfd38d20b443570197dc795020ecf541601ef9a5618869febf769dd50261849a47e170ba166b97e76a0261d0dc1fb3e2646595f1c8b49057d94f10f7b5e35ead0a38", @ANYBLOB="5490f41e89db5c6987bb89944e3ce8a9d74aa557beeb12bf7bf4a19bec956b719f048f1e043475577b7adb3114dbb00a614a03808dfe14f5f5c2dd1b71c4d5a6a09435057b932b0b"], 0x3, 0x240, &(0x7f0000000500)="$eJzs2s9rHGUYB/Bn0tbGlHQj/qIF8UUP6mVocvbQIC2IAUW7QhWkUzPRZcfdsLMsrIjJqV79EzyLR2+C9OglF/8CD14klxx7EEe6u5pG4iGI3ZJ+Ppd94N0vzzPMy8t7mP3Xv/6su1XnW8UwFrIsFq7GbtzLYiUW4i+78dorN3964b2bH7y1vrFx7d2Urq/fWF1LKV188ccPv/jupbvDC+9/f/GH87G38tH+wdqve8/tXdr/48annTp16tTrD1ORbvf7w+J2VabNTt3NU3qnKou6TJ1eXQ6OrG9V/e3tcSp6m8tL24OyrlPRG6duOU7DfhoOxqn4pOj0Up7naXkp+C/a395rmjhozt2Kpmme/CYu3I3lX6IV2VMpe/pq9uyt7Pnd7NJB07TmPSr/C+//8fbAob4YUX01ao/a09/p+vpWdKKKMq5EK36P+9tkZlpff3Pj2pU0sRJ3qp1ZfmfUPnM0vxqtWDk+vzrNp7hT/fbEtO3OqH0+liLORczya9GKZ47Prx3mJ/3PTPovxqsvP9A/j1b8/HH0o4rNuJ89zH+5mtIbb2+ko/NfnvwPAOC0ydPfjr2/5fm/rU/zJ7gf/uN+dTYun53vsxNRjz/vFlVVDhRVOVh8NMY4DUVENtlg2WyjzXsexQmLuR5LPCSHL33ekwAAAAAAAAAAAHASD+Nzwnk/IwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8Gj7MwAA//+3Ycw+") openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000b40)={0xffffffffffffffff, 0x0, 0x25, 0x0, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6fc}}, 0x40) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x109041, 0x0) mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x81105a, 0x0) mount$bind(&(0x7f0000000880)='./file0/../file0\x00', &(0x7f0000000440)='./file0/file0\x00', 0x0, 0x1adc11, 0x0) mount$bind(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f0000000080)='./file0/file0/file0\x00', 0x0, 0x887008, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') read$FUSE(r0, &(0x7f0000006b40)={0x2020}, 0x2020) 9m51.778428044s ago: executing program 9 (id=905): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x400c804) r2 = io_uring_setup(0xb, &(0x7f0000000040)={0x0, 0x6492, 0xc000, 0x8, 0xc1}) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000000)={0xffffffffffffffff, 0x0, 0x0}, 0x20) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1a00000004"], 0x50) io_uring_enter(r2, 0x2219, 0x7721, 0x16, 0x0, 0x0) 9m51.24013342s ago: executing program 9 (id=909): syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000280)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0, &(0x7f0000001080)={[{@barrier_val={'barrier', 0x3d, 0x8}}, {@user_xattr}, {@nodioread_nolock}, {@test_dummy_encryption}, {@inode_readahead_blks}, {@nodelalloc}, {@noblock_validity}, {@init_itable}, {@journal_dev={'journal_dev', 0x3d, 0x3}}, {@noinit_itable}, {@nodioread_nolock}]}, 0x4, 0xbce, &(0x7f0000002380)="$eJzs3M1rHOcZAPBnRt+22pVLKXUvVinFhrZr2UWmNoXaxaWXHgrttWAhr4zQ+gNJxZWsw6r9B0qScyCXQBKT4EN89iWBQE65JM41JoeACYqVQAiJwuyHpFi70tre3THS7wev5n33nd3neXbYnXlhRwEcWOPZnzTiaERcSiIK9cfTiBis9oYjKrX91tdWpr9aW5lOYmPjH58nkUTEo7WV6cZrJfXt4fpgOCI++HMSP/nfzrgLS8tzU+Vyab4+Prl49cbJhaXl381enbpSulK6durMHyZPT56ZODvZsVq//uT83S9/+ddPK9+8/u3tL158NYnzMVqf215Hp4zH+OZ7sl1/REx1OlhO+ur1bK8z6d/jSWmXkwIAoKV02zXcz6IQfbF18VaIdz7MNTkAAACgIzb6IjYAAACAfS6x/gcAAIB9rvE7gEdrK9ONlu8vEnrr4YWIGKvVv15vtZn+qFS3wzEQEYceJbH9ttak9rRnNh4RDz4++1bWokv3Ie+mshoRP292/JNq/WPVu7h31p9GxEQH4o8/Nn7e6v/tYOv6z3cgft71A3Aw3btQO5HtPP+lm9c/0eT819/k3PU0mp3/Rjrwuu1qXP+t77j+26q/r8X139/bjHHrtZdvtprL6v/j3b+82WhZ/Gz7TEU9gYerEb/ob1Z/sll/0qL+S23GKHx3s9RqLu/6N16JOB7N629Idv//RCdnZsulidrfpjFW35t8o1X8vOvPjv+hFvXvdfxvtBnjXxcv3mk1t3f96WeDyT+rvcH6I/+ZWlycPxUxmPxt5+On6ze0t9DYp/EaWf0nfrX7579Z/VmISv19yNYCq/VtNv7vYzH/dPvW27vVn6398jz+l5/y+P+/zRi/fveFE63mtq9/s5bFf5DU1sIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0JBGxGgkaXGzn6bFYsThiPhpHErL1xcWfzNz/d/XLmdzEWMxkM7MlksTEVGojZNsfKra3xqffmz8+4g4EhEvFUaq4+L09fLlvIsHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABg0+GIGI0kLUZEGhHrhTQtFvPOCgAAAOi4sbwTAAAAALrO+h8AAAD2P+t/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuuzIsXv3k4ionBuptsxgfW4g18yAbkvzTgDITV/eCQC56c87ASA3Tdb4yS67u1yAfWi3D31muOXMUMdzAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOD5dfzovftJRFTOjVRbZrA+N9D0Gcd6mB3QTWneCQC56dttsr93eQC95yMOB1fzNT5wkCR7zA9v7VP54cxQ13ICAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4PkzWm1JWoyItNpP02Ix4kcRMRYDycxsuTQRET+OiI8KA0PZeCjvpAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOi4haXlualyuTTf/c5w9C6Wjk7nOu/3KFbSg3KG2925jS+PSg++oAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6KmFpeW5qXK5NL+QdyYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA3haWluemyuXSfBudO0+y87ZO3jUCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJCf7wMAAP//cN8Ntw==") sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x20008005, 0x0, 0x0) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x109041, 0x0) socket$inet6(0xa, 0x1, 0x0) mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x31056, 0x0) mount$bind(&(0x7f0000000880)='./file0/../file0\x00', &(0x7f00000001c0)='./file0/../file0\x00', 0x0, 0x1adc11, 0x0) mount$bind(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f0000000080)='./file0/file0/file0\x00', 0x0, 0x887008, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') read$FUSE(r0, &(0x7f0000006b40)={0x2020}, 0x2020) 9m50.540734859s ago: executing program 42 (id=909): syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000280)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0, &(0x7f0000001080)={[{@barrier_val={'barrier', 0x3d, 0x8}}, {@user_xattr}, {@nodioread_nolock}, {@test_dummy_encryption}, {@inode_readahead_blks}, {@nodelalloc}, {@noblock_validity}, {@init_itable}, {@journal_dev={'journal_dev', 0x3d, 0x3}}, {@noinit_itable}, {@nodioread_nolock}]}, 0x4, 0xbce, &(0x7f0000002380)="$eJzs3M1rHOcZAPBnRt+22pVLKXUvVinFhrZr2UWmNoXaxaWXHgrttWAhr4zQ+gNJxZWsw6r9B0qScyCXQBKT4EN89iWBQE65JM41JoeACYqVQAiJwuyHpFi70tre3THS7wev5n33nd3neXbYnXlhRwEcWOPZnzTiaERcSiIK9cfTiBis9oYjKrX91tdWpr9aW5lOYmPjH58nkUTEo7WV6cZrJfXt4fpgOCI++HMSP/nfzrgLS8tzU+Vyab4+Prl49cbJhaXl381enbpSulK6durMHyZPT56ZODvZsVq//uT83S9/+ddPK9+8/u3tL158NYnzMVqf215Hp4zH+OZ7sl1/REx1OlhO+ur1bK8z6d/jSWmXkwIAoKV02zXcz6IQfbF18VaIdz7MNTkAAACgIzb6IjYAAACAfS6x/gcAAIB9rvE7gEdrK9ONlu8vEnrr4YWIGKvVv15vtZn+qFS3wzEQEYceJbH9ttak9rRnNh4RDz4++1bWokv3Ie+mshoRP292/JNq/WPVu7h31p9GxEQH4o8/Nn7e6v/tYOv6z3cgft71A3Aw3btQO5HtPP+lm9c/0eT819/k3PU0mp3/Rjrwuu1qXP+t77j+26q/r8X139/bjHHrtZdvtprL6v/j3b+82WhZ/Gz7TEU9gYerEb/ob1Z/sll/0qL+S23GKHx3s9RqLu/6N16JOB7N629Idv//RCdnZsulidrfpjFW35t8o1X8vOvPjv+hFvXvdfxvtBnjXxcv3mk1t3f96WeDyT+rvcH6I/+ZWlycPxUxmPxt5+On6ze0t9DYp/EaWf0nfrX7579Z/VmISv19yNYCq/VtNv7vYzH/dPvW27vVn6398jz+l5/y+P+/zRi/fveFE63mtq9/s5bFf5DU1sIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0JBGxGgkaXGzn6bFYsThiPhpHErL1xcWfzNz/d/XLmdzEWMxkM7MlksTEVGojZNsfKra3xqffmz8+4g4EhEvFUaq4+L09fLlvIsHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABg0+GIGI0kLUZEGhHrhTQtFvPOCgAAAOi4sbwTAAAAALrO+h8AAAD2P+t/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuuzIsXv3k4ionBuptsxgfW4g18yAbkvzTgDITV/eCQC56c87ASA3Tdb4yS67u1yAfWi3D31muOXMUMdzAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOD5dfzovftJRFTOjVRbZrA+N9D0Gcd6mB3QTWneCQC56dttsr93eQC95yMOB1fzNT5wkCR7zA9v7VP54cxQ13ICAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4PkzWm1JWoyItNpP02Ix4kcRMRYDycxsuTQRET+OiI8KA0PZeCjvpAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOi4haXlualyuTTf/c5w9C6Wjk7nOu/3KFbSg3KG2925jS+PSg++oAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6KmFpeW5qXK5NL+QdyYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA3haWluemyuXSfBudO0+y87ZO3jUCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJCf7wMAAP//cN8Ntw==") sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x20008005, 0x0, 0x0) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x109041, 0x0) socket$inet6(0xa, 0x1, 0x0) mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x31056, 0x0) mount$bind(&(0x7f0000000880)='./file0/../file0\x00', &(0x7f00000001c0)='./file0/../file0\x00', 0x0, 0x1adc11, 0x0) mount$bind(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f0000000080)='./file0/file0/file0\x00', 0x0, 0x887008, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') read$FUSE(r0, &(0x7f0000006b40)={0x2020}, 0x2020) 8m49.117851301s ago: executing program 4 (id=1139): timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) r1 = socket$inet_udp(0x2, 0x2, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x50) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000440)={r2, &(0x7f0000000440), &(0x7f0000000040)=@udp=r1}, 0x20) recvmmsg(r1, &(0x7f0000003280)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)=""/205, 0xcd}], 0x1}, 0x9}], 0x1, 0x7, 0x0) dup2(r1, r2) 8m47.701593278s ago: executing program 4 (id=1145): mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x50032, 0xffffffffffffffff, 0x0) mlock(&(0x7f00007d8000/0x800000)=nil, 0x800000) madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x4) r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) setns(r1, 0x24020000) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ff8000/0x3000)=nil, 0x0}, 0x68) io_uring_setup(0x24, &(0x7f0000000040)={0x0, 0x73e9, 0x1c450, 0x4, 0xb1}) syz_clone(0x16040000, 0x0, 0x0, 0x0, 0x0, 0x0) mlock(&(0x7f00007d8000/0x800000)=nil, 0x800000) 8m47.111152525s ago: executing program 4 (id=1150): syz_emit_ethernet(0x331, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd606410a602fb0000fc02000000000000000000000000000000000000000000000000000000000000223427d5c9a46b9fa14172170a013589317d2af31ba55431762f462a5abc3f46494ee91bfca594d52f8c3785143e92da5d2d81edc09f68f122fbf741257bf1319408347a17c89212dfe27a0fc653626b7e5afe673f0954f60d9d08b61276ce0b3aa520b5f30a9f52c4aa53fc003f8570383ca63530d93b78a7875338b3d7645ef2c24ab05db63cfdcde7b3cac2248c9d1c73d0d4382b3f520ad6e9be698eaa9bf5b939ce09919c9485c4725690ee2483315829a196f85a5ae552ebe19a2d6768ce2a6bf60fbb53104c7919b7cf28fa555fc9460df11e72eddebb2fc4eb6f83b16e0d65307e4210dfc209f0c68df65b57f420fd215546b798af6b6ab7bfb2fe6bd6142f877852717370b1ca39d199c149c3ead97c4e16229ce4c08a111a0fc64651c21e9174dd72442a9ae2a42d9433c7b54c8dd4b59203f9a2e227e9b043eb430e606cf98f3428ac8511928dd553bc0728c0626fbda71bd2a1d734d605e27bdb0be93b7b91284689e31fccb70c15f2c39da9011c84d36fe4b4b36ff26e45a34685fc638dbdaa068a3d3d4f5d44b74afc0fc7956e5fcc3fe405ac6d292d1d90f257f18fe14a3192d28ed369956aa2f91f9fee773cf7fb5d90705347eeadc1af86de78a498fa1a20e5b3f481a0595769654d969299506d8ffbc172a7fb9453a8a3787e80b167936863f2cc16c1d03481bd40e1abcf87a292559771572136932bf30e48174012a1d4d5f138f93140af2ceb9c821c7966ea7592d762975b5b33ef141b6b91eb388c91b924945c3231d0f299adb5a36e0c95a17872e7ebf0bc0e33baf5c46f9e2087b77bad0794d519ce7bc8674a2f164185df3b4f952b132947b75333993fd73a6bac5836dd5720e559bcb82a4926734c5c3b1287c5fec219a99f71eb398430001f007306e9232c269c2886357f75d935e8de054341ac36f1df1fc77fbc347d90660f4d5658cfeb9e289f70968a7c0b38ae34c4bfa46b47964e223ac34f472e3231e8c285add5713592c76c062c3477beb55b279846f0"], 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@text16={0x10, 0x0}], 0x1, 0x4, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000005c0)=[@text64={0x40, 0x0}], 0x1, 0x43, 0x0, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f00000000c0)=@x86={0x60, 0x4, 0x9, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x7f, 0x9, 0x1, 0x0, 0x0, 0x8, 0x0, 0xff, 0xff, 0x0, '\x00', 0x0, 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000600)={0x2, 0x0, @ioapic={0x8000000, 0x9, 0x10001, 0xfffffffe, 0x0, [{0x2, 0x4, 0x87, '\x00', 0x8}, {0x9, 0x8, 0x40, '\x00', 0xb}, {0xff, 0x7f, 0xd3, '\x00', 0x67}, {0x0, 0x5, 0xf5, '\x00', 0xf}, {0x7, 0x9, 0xc, '\x00', 0xfb}, {0x0, 0x4, 0x54, '\x00', 0xff}, {0x71, 0xd5, 0xf1, '\x00', 0x7b}, {0x3, 0x4, 0xc}, {0x7f, 0x5, 0xb, '\x00', 0xb}, {0xd7, 0xd, 0x8, '\x00', 0x6}, {0x0, 0x28, 0x80, '\x00', 0xdc}, {0xff, 0x1, 0xfe, '\x00', 0x1}, {0xfe, 0x7, 0x26}, {0xcf, 0x3, 0x1, '\x00', 0x6}, {0xf, 0xee, 0x7, '\x00', 0x3}, {0x39, 0x2, 0x6, '\x00', 0xb}, {0x9, 0x6, 0x2, '\x00', 0x8}, {0x5, 0xc, 0x5, '\x00', 0xc}, {0x7, 0xe1, 0x7, '\x00', 0xc2}, {0x0, 0x80, 0xe, '\x00', 0x7f}, {0x1, 0xc, 0x80, '\x00', 0x7f}, {0x10, 0x6, 0x3, '\x00', 0x10}, {0x1, 0x23, 0xf3, '\x00', 0x4}, {0x7, 0x6, 0x4}]}}) 8m46.519630362s ago: executing program 4 (id=1154): syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x1000410, &(0x7f0000000440)={[{@grpid}, {@grpquota}]}, 0x4, 0x4eb, &(0x7f0000000540)="$eJzs3c9vVFsdAPDvnXZoKQMFZaFGBRFFQ5j+ABqCC2GjMYTESFy5gNoOTdMZpum0SCuLsnRvIokr/RPcuTBh5cKdO925wYUJKnkv9CVvMS/3zqUd2g7te7Qd6Hw+ye2955xhvufMcM6Ze2B6AuhZZyNiNSKORMS9iBjO85P8iButI33cq5ePp9ZePp5Kotm8878kK0/zou3PpI7lzzkYET/7ccQvk61xG8src5PVamUhT48s1uZHGssrl2YLec74xNjE6LXLV8f3rK1nan968aPZWz//y5+/8fzvq9//dVqt0m+OZ2Xt7dhLraYXo9SW1x8Rt/YjWJf0539/+PCkve1LEXEu6//D0Ze9mwDAYdZsDkdzuD0NABx26f1/KZJCOV8LKEWhUC631vBOx1ChWm8sXhyuLz2YjmwN62QUC/dnq5XRfK3wZBSTND2WXW+kxzelL0fEqYj47cDRLF2eqlenu/nBBwB62LFN8//HA635HwA45Aa7XQEA4MCZ/wGg95j/AaD3fI7537cDAeCQcP8PAL3H/A8AvWfH+f/JwdQDADgQP719Oz2aa/nvv55+uLz0g9LDS9OVxly5tjRVnqovzJdn6vWZaqU81Wzu9HzVen1+7Mp6srG8crdWX3qweHe2NjlTuVsp7nN7AICdnTrz7J9JRKxeP5od0baXg7kaDrdCtysAdE1ftysAdI3v80Dv2sU9vmUAOOS22aL3DR3/i9BTm7/Ch+rCV63/Q6+y/g+964ut//9wz+sBHDzr/9C7ms3Env8A0GOs8QPv9O//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0KNK2ZEUytle4Kvpz0K5HHE8Ik5GMbk/W62MRsSJiPjHQHEgTY91u9IAwDsq/CfJ9/+6MHy+tLn0SPLJQHaOiF/9/s7vHk0uLi6Mpfn/X89ffJrnjx/pRgMAgHY3tma15un83HYj/+rl46nXx0FW8cXN1uaiady1/GiV9Ed/dh6MYkQMfZTk6Zb080rfHsRffRIRX9lo/6O2CKVsDaS18+nm+Gns4/sQf+P13xy/8Eb8QlaWnovZa/HlPagL9JpnN1vjZN730i6W979CnM3O2/f/wWyEenevx7+1LeNfYX3869sSP8n6/Nn19Ntr8uLKX3+yJbM53Cp7EvG1/u3iJ+vxkw7j7/ldtvFfX//muU5lzT9EXIjt47fUsmF2ZLE2P9JYXrk0W5ucqcxUHoyPT4xNjF67fHV8JFujbv3823Yx/nv94olO8dP2D3WIP7hD+7+zy/b/8dN7v/jWW+J/79vbv/+n3xI/nRO/u8v4k0M3Om7fncaf7tD+nd7/i7uM//zfK9O7fCgAcAAayytzk9VqZWGHi/Sz5k6PcfFhXsRqxHtQDRfv1UW3RyZgv210+m7XBAAAAAAAAAAAAAAA6KSxvDI3EPv7daJutxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDD67MAAAD//w/PzvM=") openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000200)='./bus\x00', 0x141842, 0x0) io_setup(0x200, &(0x7f0000000140)=0x0) mount$fuse(0x0, 0x0, 0x0, 0x80, 0x0) mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x8000, 0xa0) ioctl$LOOP_SET_STATUS64(r1, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0xae, 0x200, 0x0, 0x0, 0x2, 0xd, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d306e6d602000000000000000000010001", [0x204]}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x101542, 0x0) io_submit(r0, 0x1, &(0x7f0000000500)=[&(0x7f00000000c0)={0x25, 0x0, 0x2, 0x1, 0x0, r2, &(0x7f0000000380)='\\', 0x1, 0x3000}]) 8m44.201153489s ago: executing program 4 (id=1163): r0 = socket$inet(0x2, 0x2, 0x0) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x7}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) setsockopt$sock_int(r0, 0x1, 0x2e, &(0x7f0000000180)=0x7b, 0x4) shutdown(r0, 0x0) recvmmsg(r0, &(0x7f0000000980)=[{{0x0, 0x0, 0x0}, 0x1000}, {{0x0, 0x0, 0x0}, 0x81}], 0x2, 0x10002, 0x0) 8m42.332270621s ago: executing program 4 (id=1170): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)) r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) write$dsp(r0, &(0x7f00000001c0)="5cba91a4", 0xffffffd9) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x7, &(0x7f0000000040)={0x0, 0x0, 0x8000, 0x3ff}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r1, 0x1, &(0x7f0000000040)={{}, {0x77359400}}, 0x0) rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffff9]}, 0x0, 0x8) ioctl$SNDCTL_DSP_SYNC(r0, 0x5001, 0x0) ioctl$SNDCTL_DSP_STEREO(r0, 0xc0045003, &(0x7f0000000100)=0x1) 8m41.62412644s ago: executing program 43 (id=1170): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)) r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) write$dsp(r0, &(0x7f00000001c0)="5cba91a4", 0xffffffd9) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x7, &(0x7f0000000040)={0x0, 0x0, 0x8000, 0x3ff}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r1, 0x1, &(0x7f0000000040)={{}, {0x77359400}}, 0x0) rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffff9]}, 0x0, 0x8) ioctl$SNDCTL_DSP_SYNC(r0, 0x5001, 0x0) ioctl$SNDCTL_DSP_STEREO(r0, 0xc0045003, &(0x7f0000000100)=0x1) 7m46.997206316s ago: executing program 3 (id=1377): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e20, @multicast1}, 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x2, &(0x7f0000000040)=0x2800, 0x4) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x18}}, 0x10) r1 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r3, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0xea, 0x0, 0xfffd, 0x0, 0x9, 0x5}, {0x12, 0x2, 0x0, 0x401, 0x8001, 0x1400}, 0xa5, 0x5, 0x10000000}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}}, 0x44080) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000140)=@newqdisc={0x4c, 0x24, 0xd0f, 0x70bd2c, 0x25dfdbfb, {0x60, 0x0, 0x0, r3, {}, {0xffe0, 0xa}, {0xfff3, 0xe}}, [@qdisc_kind_options=@q_codel={{0xa}, {0x1c, 0x2, [@TCA_CODEL_TARGET={0x8, 0x1, 0x1000}, @TCA_CODEL_CE_THRESHOLD={0x8, 0x5, 0x6}, @TCA_CODEL_INTERVAL={0x8, 0x3, 0x6}]}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40000d5}, 0xc010) sendmsg$inet(r0, &(0x7f00000015c0)={0x0, 0x14, &(0x7f0000001600)=[{&(0x7f0000000240)=' ', 0xffffff1f}], 0x1}, 0x0) 7m45.952726839s ago: executing program 3 (id=1385): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1/file4\x00', 0x1c0) mount$tmpfs(0x0, &(0x7f0000000180)='./file1/file4\x00', &(0x7f00000001c0), 0x0, 0x0) mknodat(0xffffffffffffff9c, &(0x7f0000000200)='./file1/file4/file5\x00', 0x81c0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file1/file4/file7\x00', 0x1c0) r0 = landlock_create_ruleset(&(0x7f00000002c0)={0x2001}, 0x18, 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0x200000, 0x0) landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r0, 0x1, &(0x7f0000000340)={0x2000, r1}, 0x0) landlock_restrict_self(r0, 0x0) landlock_restrict_self(r0, 0x0) linkat(0xffffffffffffff9c, &(0x7f0000000500)='./file1/file4/file5\x00', 0xffffffffffffff9c, &(0x7f0000000540)='./file1/file4/file7/file5\x00', 0x0) 7m45.77352529s ago: executing program 3 (id=1388): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000086d7c0d6c878f064eb", @ANYRES32=r2, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_ingress={0xc}]}, 0x30}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x4) syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r4) getsockname$packet(r4, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) sendmsg$nl_route_sched(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@delchain={0x34, 0x2c, 0xf31, 0x70bd27, 0x2000, {0x0, 0x0, 0x0, r5, {0x8}, {0xfff2, 0xffff}, {0xffff, 0xffe0}}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x4008854}, 0x4010) 7m45.277911136s ago: executing program 3 (id=1391): syz_mount_image$udf(&(0x7f0000000c40), &(0x7f00000000c0)='./file1\x00', 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='noadinicb,nostrict,mode=00000000000000000000004,uid=forget,noadinicb,umask=00000000000000040002000,lastblock=00000000000000000013,undelete,partition=00000000000000000005,\x00'], 0x47, 0xc11, &(0x7f0000000d00)="$eJzs3V1oXOl5B/DnnSOtRto00WYTb9Jm04GUxCi18VdsBZcgZxW1AccbIit0r6LRh51h5ZGR5MabtkFtSQu9Cd2b0psimi4t5KJX3V5WabaQUAol5CK9KAiaLHvRC10ECi0bhXPmHWlky7ayXlvS7u+3zP7PnHnO+P0YnzkCvzoBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAER89nOXTp1OB90KAOBxujL5pVNnff8DwLvKVT//AwAAAAAAAAAAAADAYZeiiGORYujVzTRdPe+oX261b92eGp/Y+7DBFClqUVT15aN++szZc586f2G0m/c//u324Xh+8uqlxnOLN24uzS8vz881ptqt2cW5+X2/w8Mef6eRagAaN168NXft2nLjzMmzu16+Pfz6wJPHhi9eOHF+tFs7NT4xMdlT09f/lv/0u9xrhccTUUQzUrw5/EZqRkQtHn4sHvDZedQGq06MVJ2YGp+oOrLQarZXyhdTLVfVIho9B411x+gxzMVDGYtYLZtfNnik7N7kzeZSc2ZhvvHF5tJKa6W12E61TmvL/jSiFqMpYi0iNgbufrv+KOKjkeLlU5tpJiKK7jh8sloY/OD21B5BH/ehbGejP2KtdgTm7BAbiCKuRIqfvXY8Zssxy4/4eMQXynw14pUyPxORyg/GuYif7vE54mjqiyL+PVIsps00V50PuueVy19ufL59bbGntnteOfLfD4/TIT831aOImeqMv5ne+sUOAAAAAAAAAAAAAAAAAG+3wSji25HiT579vWpdcVTr0t93cfQ9L/x275rxZx7wPmXtyYhYre1vTW5/XjqcauV/j6Bj7Es9ivhGXv/3RwfdGAAAAAAAAAAAAAAAAAAAgHe1Il6IFF85cTytRe89xVvt642rzZmFzl1hu/f+7d4zfWtra6uROjmWczrnas61nOs5N3JGLR+fcyzndM7VnGs513Nu5IwiH59zLOd0ztWcaznXc27kjL58fM6xnNM5V3Ou5VzPuZEzDsm9ewEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3klqUcTPI8W3vraZIkXEWMR0dHJ94KBbBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACU6qmIk5Fi/YV69XytFnE1In6+tbXVfUTEZpkP66D7CgAAAAAAAAAAAAAAAAAAAIdWKuJjkeLp/9tMjYi4Pfz6wJPHhi9eOHF+tIgiUlnSW//85NVLjecWb9xcml9enp9rTLVbs4tz8/v94+qXW+1bt6fGJx5JZx5o8BG3f7D+3OLNl5Za17+6sufrQ/VLM8srS83ZvV+OwahFTPfuGakaPDU+UTV6odVsV4em2j0aWIsY229nAAAAAAAAAAAAAAAAAAAAODSGUhGfixQ/+a9zqbtuvK+z5v9XOs+K7dpX/mDndwEs3JFdvb8/YD/bab8NHakW3jemxicmJnt29/XfXVq2KaUinokUn3j5Q9V6+BRDe66NL+veW9bdOJfrhn+trFvdVVUfmRqfaFxZbJ+4tLCwONtcac4szDcmbzZn9/2LAwAAAAAAAAAAAAAAAAAAAOA+hlIRP4oU//P3/5G6953P6//7Os961v//VrWEvlJPu3Nbtbb/vdXa/s72+y6ODn302XvtfxTr/8s2pVTENyPF2R99qLqffnf9//QdtWXdn0WKN579SK6rPVHWNbvd6bzjtdbC/Kmy9q8jxa+/2a2NqvZ6rn16p/Z0WTsYKf5yc3ftV3PtB3Zqz5S1xyPF9/5779oP7tSeLWt/Ein+6e8a3dqhsvb3c+2xndqTs4sLcw8a1nL+vxMp/vbK76Run+85/z2//2H1jtx215zff/vtmv/hnn2reV7/NM9/8wHzfz5SfKf+kVzXGfuZ/PpT1f935v8TkeI//2137bVc+/6d2tP77dZBK+f/25Hiu3/14+0+5/nPI7szQ73z/6t9u3P7U3JA8/9Uz77h3K7ZX3Is3o2WX/r6i82FhfklGzZs2NjeOOgzE49D+f3/55Hi/48VqXsdk7//39N5tnP997/f2Pn+v3hHbjug7//39+y7mK9a+vsi6is3bvY/E1FffunrJ1o3mtfnr8+3z5w+9elPnz996vT5/ie6F3c7W/seu3eCcv5/ECl++A8/3P45Zvf1397X/0N35LYDmv+ne/u067pm30PxrlTO/99Eiqc+++Ptnzfvd/3f/fn/+Md25/bfvwOa/w/07BvO7Wr9kmMBAAAAAAAAAABwlAylIv4iUvzuH/9m6q4h2s+//5u7I7cd0L//Otazb+4xrWvY9yADABwi5fXfByPFP299f3st9+7rv/iNbm3v9d+9HIb7/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwFGXoog/jBRDr26m9YHyeUf9cqt96/bU+MTehw2mSFGLoqovH/XTZ86e+9T5C6PdvP/xb7cPx/OTVy81nlu8cXNpfnl5fq4x1W7NLs7N7/sdHvb4O41UA9C48eKtuWvXlhtnTp7d9fLt4dcHnjw2fPHCifOj3dqp8YmJyZ6avv63/KffJd1j/xNRxPcjxZvDb6TvDkTU4uHH4gGfnUdtsOrESNWJqfGJqiMLrWZ7pXwx1XJVLaLRc9BYd4wew1w8lLGI1bL5ZYNHyu5N3mwuNWcW5htfbC6ttFZai+1U67S27E8jajGaItYiYmPg7rfrjyK+GSlePrWZ/mUgouiOwyevTH7p1NkHt6f2CPq4D2U7G/0Ra7UjMGeH2EAU8Y+R4mevHY/vDUT0RecRH4/4QpmvRrxS5mciUvnBOBfx0z0+RxxNfVHEuUixmDbTawPl+aB7Xrn85cbn29cWe2q755Uj//3wOB3yc1M9ivhBdcbfTP/q7zUAAAAAAAAAAAAAAADAIVLEWqT4yonjqVofvL2muNW+3rjanFnoLOvrrv3rrpne2traaqROjuWczrmacy3nes6NnFHLx+ccyzmdczXnWs71nBs5o8jH5xzLOZ1zNedazvWcGzmjLx+fcyzndM7VnGs513Nu5IxDsnYPAAAAAAAAAAAAAAAAAAB4Z6lFUd3F/Vtf20xbA537S09HJ9fdD/Qd7xcBAAD//0kCdPc=") openat(0xffffffffffffff9c, 0x0, 0x42, 0x8) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1c1) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x109041, 0x0) mount$bind(0x0, &(0x7f0000000240)='./file0/../file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x91145a, 0x0) mount$bind(&(0x7f0000000880)='./file0/../file0\x00', &(0x7f0000000440)='./file0/file0\x00', 0x0, 0x1adc11, 0x0) mount$bind(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000000)='./file0/file0\x00', 0x0, 0x887008, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') read$FUSE(r0, &(0x7f0000004840)={0x2020}, 0x2020) 7m44.643297614s ago: executing program 3 (id=1395): syz_mount_image$erofs(&(0x7f0000000040), &(0x7f00000001c0)='./file2\x00', 0x0, &(0x7f00000000c0)=ANY=[@ANYRES16=0x0, @ANYRESOCT, @ANYRESHEX, @ANYRESOCT=0x0], 0x5, 0x191, &(0x7f00000003c0)="$eJzslT1P+lAUxp974c/LP34CFwdJxMHSFjUuJLI4OZj4QhxMJFIJWsRAByFx8BO4uzn4PXT1Qxh00QUnHU3NbS/tlYAaEsWE80s497lwejg90OeCIIix5eH+te2+5B4TACaQQly+/xQJc7iSf5d4Pr1ZXSmc71zdxttasl9N1/3+90cBXOcjcIJrP16dkusGeKA3wTErdQEMmtS74NiS2gLDttQHiq6JfE3br9iWtlezS0LoIhgimCJke/vrnDGUlP6YWOW+0WwdFm3bqv+g+Gp+nTxHTulP/b26s9GV+RngMKTOgmFd6iXEu7PxR6Lc/2Q0rK/8NX7l/kmQGDshHq4/0MbwIvQn95JhRvEn30ouvKMm41SPM41ma65SLZatsnVkmtlFfV7XF8yMZ0R+/MT/kp4//Vfq/xuQG2MxnBQdp274MdibfuznuNzzP470tL8X3h/rLfwWHlpMvri3CpWODGyeIAhihEyBeZ7p+XJXLMsP3QBzbcR9EgRBEARBEARBEAQxPO8BAAD///k7c0A=") prlimit64(0x0, 0xe, &(0x7f00000003c0)={0x6, 0x4000000007}, 0x0) sendmsg$NL80211_CMD_SET_STATION(0xffffffffffffffff, 0x0, 0x804) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000080), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r1, 0x29, 0x4a, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file2\x00', 0x0, 0x290010, 0x0) 7m44.045117981s ago: executing program 3 (id=1398): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0xa, 0x8000000000002}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x0, 0x0) r4 = mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000001040)={0x4c, 0x0, &(0x7f0000000ec0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x41, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000300)={0xc, 0x0, &(0x7f0000000240)=[@free_buffer={0x40086303, r4}], 0x0, 0x0, 0x0}) 7m43.488726288s ago: executing program 44 (id=1398): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0xa, 0x8000000000002}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x0, 0x0) r4 = mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000001040)={0x4c, 0x0, &(0x7f0000000ec0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x41, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000300)={0xc, 0x0, &(0x7f0000000240)=[@free_buffer={0x40086303, r4}], 0x0, 0x0, 0x0}) 3m48.278580522s ago: executing program 8 (id=2236): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x4c, &(0x7f0000000000)=0xc000000, 0x4) r1 = socket$inet6(0xa, 0x3, 0x7) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f00000000c0)={@dev, 0x800, 0x0, 0x2000000000903, 0x1}, 0x20) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000000)={@local, 0x10000, 0x0, 0x1, 0x1, 0x0, 0x2}, 0x20) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000100)={@private1={0xfc, 0x1, '\x00', 0x1}, 0xfffffff9, 0x0, 0x3, 0x0, 0x4, 0x6}, &(0x7f0000000140)=0x20) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000001300)=@mangle={'mangle\x00', 0x10, 0x6, 0x710, 0x0, 0x410, 0x0, 0x2f8, 0x2f8, 0x640, 0x640, 0x640, 0x640, 0x640, 0x6, 0x0, {[{{@uncond, 0x0, 0xa8, 0xd0, 0x0, {0x7a00000000000000}}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xfffffffffffffffe}}, {{@uncond, 0x0, 0x200, 0x228, 0x0, {}, [@common=@inet=@hashlimit3={{0x158}, {'veth1_to_batadv\x00', {0x8, 0x5, 0x3c, 0x97, 0x6, 0x401, 0x4, 0x120e, 0x18, 0x40}, {0x5}}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00', 0x3, {0x0, 0xfff7, 0x4}}}, {{@uncond, 0x0, 0xd0, 0x118, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @DNPT={0x48, 'DNPT\x00', 0x0, {@ipv6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @ipv6=@mcast1}}}, {{@ipv6={@private0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [], [], 'veth1\x00', 'ip6gretap0\x00', {}, {}, 0x0, 0x2}, 0x0, 0xf8, 0x140, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x2}}, @common=@eui64={{0x28}}]}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv4=@local, @ipv4=@multicast1}}}, {{@ipv6={@mcast1, @mcast2, [], [], 'wg1\x00', 'vxcan1\x00', {0xff}, {}, 0x2c}, 0x0, 0xa8, 0xf0}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv6=@mcast2, @ipv6=@local}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x770) mount$overlay(0x0, &(0x7f0000000040)='./file0/file0\x00', 0x0, 0x2, 0x0) syz_mount_image$exfat(0x0, &(0x7f0000000100)='./bus\x00', 0x4808, 0x0, 0x0, 0x0, &(0x7f0000000180)) syz_mount_image$ext4(0x0, &(0x7f00000000c0)='./bus/file0\x00', 0x80008, 0x0, 0xfc, 0x0, &(0x7f0000000000)) renameat2(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0xffffffffffffff9c, &(0x7f00000003c0)='./file0\x00', 0x0) 3m47.092168115s ago: executing program 8 (id=2238): socket$inet6_sctp(0xa, 0x1, 0x84) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000300)={0xa, 0x1, 0xfffffffe, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x2e}}}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000280)=@gcm_256={{0x303}, "1afc7c14d332bcc6", "a9ba0c85d68723369f51322151d9f41aaa2832bb07cc1e49ad714beac6f1ade8", "49960d8f", "bff2a81527ae4190"}, 0x38) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nbd(&(0x7f0000000200), r1) sendmsg$NBD_CMD_CONNECT(r1, &(0x7f00000027c0)={0x0, 0x0, &(0x7f0000002780)={&(0x7f00000002c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010029bd7000fbdbdf25010000000c00020000000000000000001c0007801800018008000100", @ANYBLOB="04"], 0x3c}, 0x1, 0x0, 0x0, 0x4000004}, 0x4000) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='freezer.state\x00', 0x275a, 0x0) write$cgroup_int(r3, &(0x7f0000000000), 0xffffff6a) sendfile(r0, r3, 0x0, 0x20000000002) 3m45.427846423s ago: executing program 8 (id=2244): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) r0 = socket$netlink(0x10, 0x3, 0x10) r1 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000000)=0x80, 0x4) sendmsg$nl_route_sched(r0, &(0x7f0000008240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000008200)={&(0x7f0000000280)=@delchain={0x24, 0x65, 0x400, 0x70bd27, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x10, 0x7}, {0xfff1, 0x6}, {0xfff2, 0xa}}}, 0x24}, 0x1, 0x0, 0x0, 0x240048c9}, 0x64000000) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_INTERFACE(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="e4000000", @ANYRES16=r4, @ANYBLOB="07002abd5248ffdbdf2507ff000008000300", @ANYRES32=r5, @ANYBLOB="0c00990001000c0069000000140004002f6163766c616e3100000000000000000400cc00080005000a"], 0xe4}}, 0x0) 3m44.431524194s ago: executing program 8 (id=2247): r0 = socket(0x10, 0x2, 0x0) syz_mount_image$udf(&(0x7f0000000080), &(0x7f00000000c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x4040, &(0x7f00000015c0)=ANY=[], 0x2, 0xc2d, &(0x7f00000001c0)="$eJzs3U9sHNd9B/DfGy3FldxWTOwoThoXm7ZIZcVy9S+mYhXuqqbZBpBlIhRzC8AVSakLUyRBUo1spAXTSw89BCiKHnIi0BoFUjQwmiLokWldILn4UOTUE9HCRlD0wBYBcgoYzOxbcUmRNi2KEmV9Pjb13Z19b+a9eesZWdCbFwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAxB+8cun0mfSwWwEAPEhXRr96+qz7PwA8Vq76/38AAAAAAAAAAAAAADjoUhTxZKSYu7KWxqv3HfXL7b5bt8eGhrevdiRVNQ9V5cuf+pmz585/6YXBC9283J75gPr322fjtdGrlxovz96cm59aWJiabIzNtCdmJ6d2vYe91t/qZHUCGjdfvzV5/fpC4+zz5zZ9fHvg/f4njg9cHHz21DPdsmNDw8OjG0XqveVr99yQjp1meByOIk5Fiue+99PUiogi9n4u6g927Lc6UnXiZNWJsaHhqiPT7dbMYvnhSPdEFBGNnkrN7jnafiyi1vdA+7CzZsRS2fyywSfL7o3OteZb16anGiOt+cX2Ynt2ZiR1Wlv2pxFFXEgRyxGx2n/37vqiiFqk+M6xtXQtIg51z8MXq4nBO7ej2Mc+7kLZzkZfxHLxCIzZAdYfRbwaKX72zomYyNeZ6lrzhYhXy/xBxFtlvhSRyi/G+Yj3tvke8WiqRRF/WY7/xbU0WV0PuteVy19rfGXm+mxP2e515SPeH+66Ujyk+8ORLflgHPBrUz2KaFVX/LV077/ZAQAAAAAAAAAAAAAAAOB+OxJFfCZSvPIff1LNK45qXvqxi4N/OPCrvXPGn/6Q/ZRln4+IpWJ3c3IP54mBI2kkpYc8l/hxVo8i/jTP//vWw24MAAAAAAAAAAAAAAAAAADAY62In0SKF989kZajd03x9syNxtXWtenOqrDdtX+7a6avr6+vN1InmznHcy7lXM65knM1ZxS5fs5mzvGcSzmXc67kXM0Zh3L9nM2c4zmXci7nXMm5mjNquX7OZs7xnEs5l3Ou5FzNGQdk7V4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgI+TIor4RaT49jfWUqSIaEaMRydX+h926wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAUn8q4vuRovFHzTvbahGRqn87TpS/nI/m4TI/Gc3BMl+K5qWcrSprzW89hPazN32piB9Hiv7623cGPI9/X+fdna9BvPXNjXefrXXyUPfDgff7nzh+7OLg8G88vdPrtF0DTl5uz9y63RgbGh4e7dlcy0f/ZM+2gXzc4v50nYhYeOPN11vT01Pz9/6i/Arsofoj9CLVHpeeelG9iNqBaMbD6TuPgfL+/16k+N13/7N7w+/c/+vxK513d+7w8fM/27j/v7h1R7u8/9e21sv3//Kevt39/8mebS/m34301SLqizfn+o5H1BfeePNU+2brxtSNqZnzp09/eXDwy+dO9x2OqF9vT0/1vLovpwsAAAAAAAAAAAAAAADgwUlF/H6kaP14LTUi4nY1X2vg4uCzp545FIeq+Vab5m2/Nnr1UuPl2Ztz81MLC1OTjbGZ9sTs5NRuD1evpnuNDQ3vS2c+1JF9bv+R+suzc2/Mt2/88eK2nx+tX7q2sDjfmtj+4zgSRUSzd8vJqsFjQ8NVo6fbrZmq6si2k+k/ur5UxH9FionzjfT5vC3P/986w3/T/P+lrTvap/n/n+jZVh4zpSJ+Hil+56+ejs9X7Twad52zXO7vIsXJC5/L5eJwWa7bhs5zBTozA8uy/xcp/ukXm8t250M+uVH2zK5P7COiHP9jkeL7f/Hd+M28bfPzH7Yf/6Nbd7RP4/9Uz7ajm55XsOeuk8f/VKR46cm347fytg96/kf32RsncuE7z+fYp/H/VM+2gXzc374/XQcAAAAAAAAAAHik9aUi/j5S/HC4ll7I23bz9/8mt+5on/7+16d7tk3en/WKPvTFnk8qAAAAABwQfamIn0SKG4tv35lDvXn+d8/8z9/bmP85lLZ8Wv05369Vzw24n3/+12sgH3d8790GAAAAAAAAAAAAAAAAAACAAyWlIl7I66mPV/P5J3dcT30lUrzyP8/lcul4Wa67DvxA9Wv9yuzMqUvT07MTrcXWtempxuhca2KqrPtUpFj728/lukW1vnp3vfnOGu8ba7HPR4rhf+iW7azF3l2b/KmNsmfKsp+IFP/9j5vLdtex/tRG2bNl2b+JFF//l+3LHt8oe64s+91I8aOvN7plj5Zlu89H/fRG2ecnZot9GBUAAAAAAAAAAAAAAAAAAAAeN32piD+PFP97c/nOXP68/n9fz9vKW9/sWe9/i9vVOv8D1fr/O72+l/X/q+cKLO10VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+HhKUcSbkWLuylpa6S/fd9Qvt2du3R4bGt6+2pFU1TxUlS9/6mfOnjv/pRcGL3Tzg+vfb5+J10avXmq8PHtzbn5qYWFqsjE2056YnZza9R72Wn+rk9UJaNx8/dbk9esLjbPPn9v08e2B9/ufOD5wcfDZU890y44NDQ+P9pSp9d3z0e+Sdth+OIr460jx3Pd+mn7YH1HE3s/Fh3x39tuRqhMnq06MDQ1XHZlut2YWyw9HuieiiGj0VGp2z9EDGIs9aUYslc0vG3yy7N7oXGu+dW16qjHSml9sL7ZnZ0ZSp7VlfxpRxIUUsRwRq/13764ving9Unzn2Fr61/6IQ93z8MUro189fXbndhT72MddKNvZ6ItYLh6BMTvA+qOIf44UP3vnRPxbf0QtOj/xhYhXy/xBxFvRGe9UfjHOR7y3zfeIR1Mtivj/cvwvrqV3+svrQfe6cvlrja/MXJ/tKdu9rjzy94cH6YBfm+pRxI+qK/5a+nf/XQMAAAAAAAAAAAAAAAAcIEX8eqR48d0TqZoffGdOcXvmRuNq69p0Z1pfd+5fd870+vr6eiN1splzPOdSzuWcKzlXc0aR6+dslllfXx/P75dyLudcybmaMw7l+jmbOcdzLuVczrmSczVn1HL9nM2c4zmXci7nXMm5mjMOyNw9AAAAAAAAAAAAAAAAAADg46Wo/knx7W+spfX+zvrS49HJFeuBfuz9MgAA//8hX/ir") write(r0, &(0x7f0000000040)="1c0000001a009b8a140000003b9b301f00"/28, 0x1c) recvmmsg(r0, &(0x7f0000002ec0), 0x400000000000ec0, 0x2, &(0x7f00000001c0)={0x77359400}) creat(&(0x7f0000000100)='./bus\x00', 0x44) shmat(0x0, &(0x7f0000001000/0x1000)=nil, 0x4000) lstat(&(0x7f00000001c0)='.\x00', &(0x7f00000003c0)) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x301400, 0x0) r1 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x49) pwritev2(r1, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x78c00}], 0x1, 0x7a00, 0x0, 0x3) mkdir(&(0x7f0000000e40)='./control\x00', 0x0) rmdir(&(0x7f0000000040)='./control\x00') 3m41.724181484s ago: executing program 8 (id=2252): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$ARPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x60, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x1, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="b4000000000000006910670000000000040000000000000095000000000000003070123cd65b0e25fb90cc75"], &(0x7f0000000080)='GPL\x00', 0x2, 0x3f7, &(0x7f000000cf3d)=""/195}, 0x48) 3m40.481178197s ago: executing program 8 (id=2254): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000180)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeee, 0x8031, 0xffffffffffffffff, 0x4000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_emit_ethernet(0x36, &(0x7f0000001180)={@local, @multicast, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "6410a6", 0x0, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @private=0xa010100}, @local}}}}, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETRULE(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x20, 0x7, 0xa, 0x101, 0x0, 0x0, {0x5}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x20000001}, 0x40) 3m39.994189772s ago: executing program 45 (id=2254): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000180)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeee, 0x8031, 0xffffffffffffffff, 0x4000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_emit_ethernet(0x36, &(0x7f0000001180)={@local, @multicast, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "6410a6", 0x0, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @private=0xa010100}, @local}}}}, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETRULE(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x20, 0x7, 0xa, 0x101, 0x0, 0x0, {0x5}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x20000001}, 0x40) 6.42431891s ago: executing program 2 (id=2798): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x80680, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket(0x400000000010, 0x3, 0x0) r3 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0) r5 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000280)=@newtfilter={0x34, 0x2c, 0xd27, 0x70bd2c, 0x8000, {0x0, 0x0, 0x0, r6, {0xc, 0x7}, {}, {0xa, 0x2}}, [@filter_kind_options=@f_flower={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x22044028}, 0x84) r7 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000600)=@newtfilter={0x24, 0x2c, 0xd27, 0x70bd2c, 0x8000, {0x0, 0x0, 0x0, r8, {0xc, 0xfff2}, {}, {0xa, 0x2}}}, 0x24}, 0x1, 0x0, 0x0, 0x22044028}, 0x84) 5.794344977s ago: executing program 2 (id=2800): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x50) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000100)={{r0}, &(0x7f0000000000), &(0x7f00000000c0)='%+9llu \x00'}, 0x20) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000000000085000000a500000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) syz_usb_connect$uac1(0x69a90eab3db9c902, 0x87, &(0x7f0000000300)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x40, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x75, 0x3, 0x1, 0x4, 0xa0, 0x6}}]}}, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0}) socket$nl_route(0x10, 0x3, 0x0) r1 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TCFLSH(r1, 0x4b63, 0x3) timer_create(0x2, &(0x7f0000533fa0)={0x0, 0x21, 0x1}, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000120000002400000008000000850000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x20, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000007000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000180100002020737200000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000082000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r3, 0xfca804a0, 0x10, 0x38, &(0x7f00000002c0)="b800000500000000", &(0x7f0000000300)=""/8, 0x2f00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) 5.043186165s ago: executing program 1 (id=2802): socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$inet_tcp(0x2, 0x1, 0x0) socket(0x11, 0x800000003, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet_tcp(0x2, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000580)='.\x00', 0x8880, 0x4) bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x13, 0x4, &(0x7f0000000000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x8b, 0x35}, [@call={0x85, 0x0, 0x0, 0xa4}]}, 0x0, 0x4, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2e}, 0x94) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={r0, &(0x7f0000000000), &(0x7f0000000040)=""/73}, 0x70) 5.001797095s ago: executing program 5 (id=2803): socket$inet(0x2, 0x4000000000000001, 0x0) r0 = userfaultfd(0x1) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000080)={0xaa, 0x79}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000cea000/0x1000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000257000/0x3000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r1 = io_uring_setup(0x64a, &(0x7f0000000040)={0x0, 0x8835c, 0xc000, 0x20000a, 0x33c}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000093c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@deltfilter={0x24, 0x2d, 0x8, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x1}, {0x3}, {0xe, 0xe}}}, 0x24}, 0x1, 0x0, 0x0, 0x40005}, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3, &(0x7f0000000000)=0x6, 0x4) r2 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8) io_uring_enter(r1, 0x2219, 0x7721, 0x16, 0x0, 0x0) syz_kvm_setup_syzos_vm$x86(0xffffffffffffffff, &(0x7f00008e5000/0x400000)=nil) madvise(&(0x7f00000ee000/0x2000)=nil, 0x2000, 0x8) 4.804472257s ago: executing program 6 (id=2804): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x30, 0x8b}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) r1 = socket$unix(0x1, 0x2, 0x0) bind$unix(r1, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r2 = socket$unix(0x1, 0x2, 0x0) connect$unix(r2, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) sendmmsg(r2, &(0x7f0000002dc0), 0x307017fdb7a66cb, 0x0) ppoll(&(0x7f0000000100)=[{r2, 0x3328}], 0x1, 0x0, 0x0, 0x0) unshare(0x22020400) close(r1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff}) recvmsg(r2, &(0x7f0000001480)={0x0, 0x0, 0x0}, 0x100) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) 4.764917558s ago: executing program 2 (id=2805): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.stat\x00', 0x275a, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="770000001400010029"], 0x98}, 0x1, 0x0, 0x0, 0x2000c000}, 0x4000000) syz_mount_image$vfat(&(0x7f0000001200), &(0x7f0000001240)='./file0\x00', 0x2004000, &(0x7f0000000040)=ANY=[@ANYRES64=0x0], 0xfe, 0x1227, &(0x7f00000024c0)="$eJzs3M9rHGUYB/DHTdrUxPxQa7WC9MVe9DIkOXhRkCApSBeUthFaQZiajS4Zd0NmCayI0ZNXL/4BXsWjN0G86SUe/Bu85eLRgzrSnbY2djVotRPD53PZh33nC8+7s7zwLvvO/gsfv7O5UWYb+SBaD7wYra2IyV9SpGjFLR/Es89/8+1Tl69eu7jSbq9eSunCypWl51JKc+e+ev29z5/+ejDz2hdzX07F3sIb+z8u/7B3Zu/s/q9X3u6WqVumXn+Q8nS93x/k14tOWu+Wm1lKrxadvOykbq/sbB8Y3yj6W1vDlPfWZ6e3tjtlmfLeMG12hmnQT4PtYcrfyru9lGVZmp0O7sXaZz9VVRVRVSfiZFRVVT0Y09GKh2I25mI+FuLheCQejdPxWJyJx+OJODu6qum+AQAAAAAAAAAAAAAAAAAA4HgZd/5/5q7z/59EjDv/f67h5gEAAAAAAAAAAAAAAAAAAOCYuHz12sWVdnv1UkqnIoqPdtZ21urXenxlI7pRRCcWYz5+jtHp/1pdn4z26mIaWYgPi92b+d2dtYmD+aXR4wTuyl94ub26VOfTwfxUTN+ZX475OD0+v/yH/PlR/lQ8c/6OfBbz8f2b0Y8i1uNG9vf8+0spvfRK+3b+u7167usN3hcAAAD4N2XptrH79yz7s/E6f9jvAzf214tj9/eT8eRks3Mnohy+u5kXRWe78eJWR/U7uxFxRBr7x0UrIo5AG39RnDj0mpkGGvt0JuIe4hMHvkhH4nP+PxaHrRwT/+m6xP1x86ZPNd0HAAAAAAAAAAAAf8/9+Dth03MEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Dd24FgAAAAAQJi/dRodGwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBXAQAA//+siMjP") write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r2, 0x0) preadv(r2, &(0x7f0000000940)=[{&(0x7f0000000080)=""/124, 0xffffffdd}, {&(0x7f0000000740)=""/180, 0xb4}, {&(0x7f0000000640)=""/40, 0x28}, {&(0x7f0000000800)=""/246, 0xf6}, {&(0x7f0000000900)}], 0x5, 0x0, 0x8000) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_SET_FPU(r2, 0x41a0ae8d, &(0x7f0000000240)={'\x00', 0x4, 0x4, 0xbd, 0x0, 0xffff, 0x8000000, 0xeeee8000, '\x00', 0xf}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 4.764767078s ago: executing program 1 (id=2806): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = fsopen(0x0, 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) fsmount(r0, 0x0, 0x80) bpf$BPF_LINK_CREATE(0x1c, 0x0, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r1, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x2c) r2 = fsopen(&(0x7f00000002c0)='9p\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0) truncate(0x0, 0x20fffffffc) openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file1\x00', 0x101042, 0x91) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_TID_CONFIG(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)={0x38, r4, 0xc4fc9e906872338b, 0x0, 0x0, {{0x5}, {@val={0x8}, @val={0xc, 0x99, {0x0, 0xfffffffa}}}}, [@NL80211_ATTR_TID_CONFIG={0x10, 0x11d, 0x0, 0x1, [{0x6, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x0, 0x9, 0x1}]}]}]}, 0x38}}, 0x0) 3.66139685s ago: executing program 1 (id=2807): bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @void}, 0x10) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0xffffffff) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1) munmap(&(0x7f0000001000/0x3000)=nil, 0x3000) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0xfffffeac, &(0x7f00000001c0)=""/115}]}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1) bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0000000000000000010001"], 0x50) ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f0000000100)={{0xffff0000, 0x0, 0xd, 0x0, 0x7f, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {0x0, 0xddccb000, 0xa, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x1}, {0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x81, 0x0, 0x44, 0xe, 0x0, 0x3}, {0x10b002, 0x2000, 0xc, 0xfd, 0x80, 0x0, 0x3}, {0x1000, 0x0, 0x0, 0x0, 0xff, 0x80, 0x0, 0x0, 0x0, 0xfc, 0x1a, 0xa8}, {0x10000, 0xd000, 0x0, 0x2, 0x0, 0x8f, 0x0, 0x0, 0x0, 0xfc, 0x86, 0xfe}, {0xeeee8000, 0x80a0000, 0xe, 0x0, 0x0, 0x0, 0xff, 0x80, 0x0, 0x4}, {0x4, 0x80a0000, 0x0, 0x82, 0x0, 0x10, 0x4, 0x6, 0x8}, {0x1000}, {0x1, 0xfffd}, 0x60010037, 0x0, 0x0, 0x10, 0x1, 0x0, 0x900, [0x0, 0x9, 0x10000, 0xd9c]}) bpf$PROG_LOAD(0x5, &(0x7f0000000a80)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 3.65085269s ago: executing program 6 (id=2808): accept4$alg(0xffffffffffffffff, 0x0, 0x0, 0x800) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000b40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=0x0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94) r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r3, r1, 0x25, 0x0, @void}, 0x10) ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_TSINFO_GET(0xffffffffffffffff, 0x0, 0x200405c) syz_emit_ethernet(0x0, 0x0, 0x0) sendmsg$IEEE802154_ASSOCIATE_RESP(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x850}, 0x4004000) syz_emit_ethernet(0x1066, &(0x7f0000000c00)=ANY=[], 0x0) 3.544649121s ago: executing program 5 (id=2809): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r0, 0x3) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={0xffffffffffffffff, 0xfca804a0, 0x0, 0x0, 0x0, 0x0, 0x500, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r4, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', 0x0}) socket$inet(0xa, 0x801, 0x84) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x4000045) sendmsg$nl_route(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@ipv6_newnexthop={0x20, 0x68, 0x5fb9a818fb7378e9, 0x0, 0x0, {}, [@NHA_OIF={0x8, 0x5, r5}]}, 0x20}}, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=@ipv6_newrule={0x24, 0x18, 0x409, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x2}, [@FIB_RULE_POLICY=@FRA_GOTO={0x8, 0x1e, 0x1}]}, 0x24}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000180)=@newlink={0x6c, 0x10, 0x437, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x4c, 0x12, 0x0, 0x1, @ip6erspan={{0xe}, {0x38, 0x2, 0x0, 0x1, [@IFLA_GRE_LOCAL={0x14, 0x6, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, @IFLA_GRE_REMOTE={0x14, 0x7, @private2}, @IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_LINK={0x8, 0x1, r5}]}}}]}, 0x6c}}, 0x0) 3.350045673s ago: executing program 1 (id=2810): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0) mount$bind(&(0x7f0000000100)='\x00', &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x40000, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file0\x00', 0x1c0) mount$tmpfs(0x0, &(0x7f0000000200)='./file0/file0\x00', &(0x7f0000000240), 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0/file1\x00', 0x1c0) r0 = landlock_create_ruleset(&(0x7f00000002c0)={0x1}, 0x18, 0x0) prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1) landlock_restrict_self(r0, 0x0) mount$tmpfs(0x0, &(0x7f0000000300)='./file0/file1\x00', &(0x7f0000000340), 0x0, 0x0) umount2(&(0x7f0000000380)='./file0/file0\x00', 0x0) move_mount(0xffffffffffffff9c, &(0x7f00000003c0)='./file0/file0\x00', 0xffffffffffffff9c, &(0x7f0000000400)='./file0/file0\x00', 0x0) mount$bind(&(0x7f0000000440)='\x00', &(0x7f0000000480)='./file0/file0\x00', &(0x7f00000004c0), 0x21, 0x0) pivot_root(&(0x7f0000000500)='./file0\x00', &(0x7f0000000540)='./file0/file0\x00') 3.340989024s ago: executing program 6 (id=2811): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000280)='bridge0\x00', 0x10) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r1, 0x84, 0x6e, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x8, @loopback, 0x7}, @in6={0xa, 0x4e23, 0x40000, @ipv4={'\x00', '\xff\xff', @private=0xa010101}, 0x81}], 0x38) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) setitimer(0x2, &(0x7f0000000180)={{0x0, 0x2710}, {0x0, 0x2710}}, 0x0) setrlimit(0xf, &(0x7f00000003c0)={0x4001, 0xffffffffffffffff}) timer_create(0x3, 0x0, &(0x7f0000000300)=0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x77359400}, {0x0, 0x9}}, 0x0) timer_gettime(r2, &(0x7f0000000080)) syz_mount_image$ext4(&(0x7f00000001c0)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0xa00008, &(0x7f0000000040), 0x1, 0x7ad, &(0x7f0000001740)="$eJzs3c9rG1ceAPDvyD/jZNdeWNjNngwLu4YQeZ31JruwsFn2sBQaCLTnJEZWTGrZCpYcYmNIQin00kNLD4XmknPTprdc++PaXvo39FAS0tYJTemhuIw0SmRbcpzEklL8+cBY782M9N533sybZ82gCWDfGk//5CIORwykydFsfhLZjOiPOFlf7+H6WiGdktjYeOW7pLbOg/W1QjS9J3Uwy/wxIj57I+JIbnu5lZXV+ZlSqbiU5SerCxcnKyurRy8szMwV54qLx6emp4+d+MeJ43sX6w9frh66+/b///rRyZ9e/8Ottz5P4mQcypY1x7FXxmM82yYD6Sbc5H97XViPJb2uAM8kPTT76kd5HI7R6NuhJf/T1ZoBAJ1yJSI2AIB9JnH+B4B9pvE9wIP1tUJjivr1nKs9/WKiS+79NyKG6/E3rm/Wl/TXr9l9NVy7DjryIKldI2lIImJsD8ofj4jrt8/cTKfo0HVIgFauXouIc2PjW/v/tIfbes/C0/rbLtYZ35LX/0H3fJKOf/65ffwXkcuO/+Ha363jn6EWx+6zePLxn7uzKTuwB4U2Scd//266t+1hU/yZsb4s95vamG8gOX+hVEz7tt9GxEQMDKX5qR3KmLj/8/12y5rHf9+/89oHafnp6+M1cnf6hza/Z3amOvM8MTe7dy3iT/2t4k8etX/SZvx7epdlvPSvN99vtyyNP423MW2Pv7M2bkT8pWX7P74PKtnx/sTJ2u4w2dgpWvj46/dG2pXf3P7Xb6clrRUa/wt0Q9r+IzvHP5Y0369Zefoyvrgx+mm7ZZvjP3MzLX9z/K33/8Hk1Vp6MJt3eaZaXZqKGExe3j7/2OP3NvKN9dP4J/7c+vjfaf9Pu6FzWXrjCTc/9t/99sNnj7+z0vhn0/ZPsiCe2P5Pn7j1cL6vXfm7a//pWmoim7O9/+vf9rm7reBzbTwAAAAAAAAAAAAAAAAAAAAAAAAA2KVcRByKJJd/lM7l8vn6M7x/HyO5UrlSPXK+vLw4G7VnZY/FQK7xU5ejTb+HOpX9Hn4jf2xL/u8R8buIeHfoQC2fL5RLs70OHgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyB9s8/z/1zVCvawcAdMxwrysAAHSd8z8A7D9tzv+DrWcf6GhdAIDuqJ3/k/5eVwMA6CLf/wPA/uP8DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQIedPnUqnTZ+XF8rpPnZSyvL8+VLR2eLlfn8wnIhXygvXczPlctzpWK+UF5o+0FX6y+lcvnidCwuX56sFivVycrK6tmF8vJi9eyFhZm54tniQNciAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDdq6yszs+USsUliZ0TV16IalzLmq3XW0PihUgMRUSnimjuJQ70pnMCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+BX4JQAA//9qsh/Y") getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, 0x0, &(0x7f0000000040)) 3.222230295s ago: executing program 5 (id=2812): mknod(&(0x7f0000000540)='./file1\x00', 0x0, 0x0) stat(&(0x7f0000000100)='./file1\x00', &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setuid(r0) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f00000002c0)=ANY=[@ANYBLOB="b7000000010003c3bfa30000000000000703000020feffff720af0fff8ffffff71a4f0ff0000000065040200000000ff2d400500000000003400000001ed00007b030000000000001d440000000000007a0a00fe00ffffffdb03000000000000b5000000000000009500000000000000023bc065b78111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e51815548000000000000000275daf51efd601b6bf01c8e8b1b526375ee4dd6fcd82e4fee5bef7af9aa0d7f300c095199fe3ff3128e599b0eaebbdbd732c9cc00eec36574a8f6456e2ccae25ea21714eca8cf5d803e04d83b46e21557c0afc646cb7790b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2400000000000000800643a98d9ec21ead2ed51b104d4d91af25b845b9f75dd08d123deda8ebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987af1714e72ba7616536fd9aa58f2477184b6a89adaf17b0baf587aef370a2d426a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d64364c82770c8204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee7d26b34381fcb59b854e9d5a17f4720082f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67051d355d84ce97bb0c6b4a595e487efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599ddd71063be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d96c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d38df9ba60248d9a0d61282dfb15eb6841bb64a1b3045024a982f3c48153baae2c4e7bf37548c7f1a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c3560811ea6c3560a43364d402ccdd9069bd50b994fd6a34ee18022a579dfc0229cc0dc9881610270928eaeb883418f562ae00003ea96d10f172c0374d6eed826407000000000000004a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f5c0b000000000000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea52acb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d851680f6f2f9a6a8906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f4ca2195234648e0a1ca50db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa19faf67256b56a41fd355b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145eb6dc5f6a9037d2283c42efc54fa84323a3304f41ff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f928ba7554ba583fef3ec7932f5954f31a878e2fae6691df8b4b7ecd27ce82f7df3e7d1daac43738612e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d6d0355f3be6135425f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e96735600000554f327a353511ccedde99493c31ac05a7b57f03ca91a01ba2c60ca99e8ebc15ecb4d91675767999d146aef7799738b292fd64bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d40460780000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120968308c31db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd0000000069ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a003fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b393cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9e0600f86909bc90addb7b9aee813df534aac4b32fd691b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a000000000000000000000000000006acc19808d7cf29bc974b0ea92499a419aa095e203c1bafbb9b9a7c2bca3f0a18ee4952f2d325a56390578f12205db653a536f0100e0eda300a43a13bd1b9f3322405d1efd78e578dc6b3fb84f3738a4b6caa84feda91f3edb32231ec75300000000000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a50f2d0455cf79a43746979f99f6a1527f004f1e37a3926937e84fb478199dc1020f4beb98b88b5e7885e9a617aa6c8e10d4202c5afeb06e2f9115558ea12f92d7ae630b8234fb46351f5d7d68f93d44086b3f03b20d546fa66a72e38207c9d20035ab63de71a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80eba439772bf60a1db1829f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a6a2744c46570e8f46da1ab990ca053cbfe801000000000000000000000000000000d55d7182af2ea5f8d0ad495e3eb9421963a5a683c3dcb2d300aa3b2cfe946d2348c35f5d67d68ac07c8f84b3679e77c2e629ecec7c12c35d6b6971b8ae13cc00956d2227db60c0a461ed2b3ecfb16d19037c8c88c91dda1f904fbbc864e95ad43d6dd6d5eadbcea25682ba4b91e14c3fbfdfd1d680aa1af102d97681656bf56ff0674237ce097d39008cc3257778de878bcd37467386f993be6d20c93a7791e7f2a155ce379b4cda2500108052aeb9bd03ff6d4c5dbda9ff485d6576a492d436d52edcd420e7deaa4343a0add3941ae7c5f58af43866ca64750f43e583ca1ceb3a805e46beef9dca77a4edcbb42aa0caf0bbd6cec72d85540293cb4849b0610800000000000000000000000000000000f9814d5f6c8673c143ff2f901e71b8818665b56f7a03afe3d900007656859db4cb06aaaf9f02cfab5b9e61cc00e8e19429921b8df4c4c53bddea4cc48737842952ff08aeac15685df194ca89da8cf6d29a2be9779181fd5d105af5786094d9130f5826b18b9667b971a994f3fd069629a1052f441e96884f90c91f4a974242aabfc8adbadc9ca27955b5c90f0bd9a46ed044272383d3768871a9c8cfd7948aea445c55684351002ed4a4af45341de8e5e1f33624bd2ec1591dd00bbe05000000f89a928662e9b9449db34394fc5e946fadaee576e28ac0feab4e3585ed43d206218f524083840a78b7236bb7f5e42b5376642f8ad4028d4ead407240e7467d1b37afe20690d7672c7e926fded95cf805516ad836eb730619a05af36fb28329d6feb33219cc9164461a8ba3afd5949b9a6046c53663df30a049414089c1ae8f3476236b05dde8dda4843a62c591f8d2b1a62d0db8dc826219bd87398b33e140792297d023ef52de2e75b9dbbfb8712ccc15c69cfb4c6c1bc2ae74621e536b9d3f09a15dada1561a8192d65cc59d7ed5a6bd61000000000000000000000000000000000000000000000000000000000000000000000000f637782e317d492b2392fd0ea81397a80227f271bad21d688af35a2bd02c15d20f3d62a50e20260642c25f304c8034a5f4d8e45e701dbd84294d1096e715662b8223e10e98c4c38451fc5c702084e3fa9b184e0d0fba44acf3bb8a846cf680dfbf312cddfdb2043288fa6b67fa762c8b75d4478756ef240f2b314e4d77a3afb4fcec92248327004d1dac7ac87a6f8cb04d82acc307d60e4713bd9a8f29091d3048c669a5f5439e0a906ce098d177b9579882586511cfe6a23e57c44d1654899f077b5636e4181f3de6b814bedcac5290ad8018bbe4424edc6d9b0e61b404bb7a2d4883bbc200de8332029cbc04a0bc52fa83bac200c486555ac097239cbab397527d1a861f13ecbe58245a06e3aeddf0768889a16b53d63c8af48030f16350259147edc7854bf6f8d0a9bb3391eded5c61a80fc008777fce152934970530672aa97794d4de4b596c9f3dd095286d4012d440213ae73ebe95e3c92cb3787d426963f2295df0e7be334af7822036d20cade5d0808fc19759959bb9e2789c37d7249510671873b650408ad814f0c8e287e5687b88a8c51c6ef3cb61a8cab9c6"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00}, 0x48) 2.171404226s ago: executing program 2 (id=2813): r0 = socket$inet_udp(0x2, 0x2, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f00000003c0)='./file0\x00', 0x1c3040, 0x0) ioctl$BTRFS_IOC_GET_FEATURES(r0, 0x80189439, 0x0) r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) r2 = creat(&(0x7f00000002c0)='./file0\x00', 0x104) socket$nl_generic(0x10, 0x3, 0x10) r3 = open$dir(&(0x7f0000000080)='./file0\x00', 0xc402, 0x80) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x1, 0xe, &(0x7f0000000900)=ANY=[@ANYBLOB="b7020000f7ffffffbfa70000000000002402000020fe29817a0af0fff8ffffff69a4f0ff00000000b70600000018d1fe2d6405000000000075040000000000400704000000000000b7040000100000206a0700fe000000008500000005000000b70000000a00000095000000000000000000c2c62f6004ad13aa957e2af5e49a53c2868f0399d909a63796c113a80c19aab9d607000000b6c9483be3f0d3253730e714c46cc4f79fd2b316da4f0de8163f6242fa7323f1740637c48468766af540439fce41f144631ac262dcae18c3d1a1fbe96dc86035b44174f7c0620254ab6d285e6b343185089a0f119e31975e551558050800000000000000125d67857f290870093f38153608561a2128a79cce912d1f05de330800a9f5422bee8ca49166f6a587f2f593775afcd071efc5a972f757521b7b38ec273c2ad3e406f8c124f7dc1c4553229a69df4b2780e6da4420d71489fe383e0b5ce08b750502f2b8add8d2dddde19ac050537e973782b4053150580035fb2c579e1b2100000033d1ee8cab6d236f05b1f7b9f78fd5abfe033eb79f7a0b498366f5edfe311258016fbf47d9c85bf5325bf61419372be377022433e20900a262b20bb8b36de7b0e6c5ebfc5baec1ebe58d4af587d33e2935ad68da6e0fea5c21301f5d002b51a5b60fc741cb2c5d4cd5e896774f9293a6435558795043404ac6eafc8310fbcacca7f971b260fd06d4590ded8429fcd1c9a8dbbdedb32675388df363c0bc536e00448208b72405ebf27ddb402e5a2d675aaad92e183cef1eadc1661140fb567b55c72907a1aca75277a5f0022b1e957ba737f10f1161c5ae6e2cc64072ff3b4e76084922242e63d4b7806e30f786cff147e4bc819060678319a0e5534f5a0db52526c30000000000000000000000a63705b1a60525620acca06d57c055059df7651768310c9085c5f86be6ab819506961ad51f18b35fdc3fd4d0a0dbbdcd494ef168931f27748787bee95d739fef7ee67dd21c34647de82707e41d7db6d981a4fcf0bbd3d38ebb7a2489e28c6b28c0f70092ffb016b7766399555f3e6b538c2c862d17e53eaeb2036f9f0ab6e95e71bda4b5bbf53344264ad93bac1207b31d6e9c78181c7fe204c0b7582d1c762857f2a2e0c60f4a4855591a4f70f94df9629e470701103c40c8f6"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000003bc0)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000}, 0x94) write$P9_RVERSION(r2, &(0x7f0000000c40)=ANY=[], 0x13) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000003c0)={r4, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000280)='./file0\x00', &(0x7f0000000300)=[0x5], &(0x7f0000000180)=[0x2], 0x0, 0x1, 0x1}}, 0x40) mmap$xdp(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2000006, 0x12, r1, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 2.171240976s ago: executing program 6 (id=2814): bpf$MAP_CREATE(0x0, 0x0, 0x50) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_clone(0x23200100, 0x0, 0x0, 0x0, 0x0, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10003, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r2, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) ptrace(0x4206, r1) waitid(0x1, r1, 0x0, 0x4, 0x0) 2.061820858s ago: executing program 1 (id=2815): syz_mount_image$ext4(&(0x7f00000002c0)='ext4\x00', &(0x7f0000000700)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, &(0x7f00000012c0), 0xfe, 0x244, &(0x7f0000000400)="$eJzs3T9oJFUcB/DvzO565m6RUxtB/AMiooFwdoJNbBQCEoKIoEJExEZJhJhgl1jZWGitksomiJ3RUtIEG0WwipoiNoIGC4OFFiu7k0hMVqNu3Dkynw9MZibz3vzesPN9u83sBmisq0mmk7SSTCbpJCmON7i7Wq4e7q5PbM8nvd4TPxWDdtV+5ajflSRrSR5KslUWeamdrGw+s/fLzmP3vbncuff9zacnxnqRh/b3dh8/eG/2jY9mHlz54qsfZotMp/un6zp/xZD/tYvklv+j2HWiaNc9Av6Judc+/Lqf+1uT3DPIfydlqhfvraUbtjp54N2/6vv2j1/ePs6xAuev1+v03wPXekDjlEm6KcqpJNV2WU5NVZ/hv2ldLl9eXHp18sXF5YUX6p6pgPPSTXYf/eTSx1dO5P/7VpV/4OLq5//JuY1v+9sHrbpHA4zFHdWqn//J51bvj/xD48g/NJf8Q3PJPzSX/ENzyT80l/zDBdb5+8PyD80l/9Bc8g/NdTz/AECz9C7V/QQyUJe65x8AAAAAAAAAAAAAAAAAAOC09Ynt+aNlXDU/eyfZfyRJe1j91uD3iJMbB38v/1z0m/2hqLqN5Nm7RjzBiD6o+enrm76rt/7nd9Zbf3UhWXs9ybV2+/T9Vxzef//dzWcc7zw/YoF/qTix//BT461/0m8b9daf2Uk+7c8/14bNP2VuG6yHzz/ds79i+Uyv/DriCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABib3wMAAP//+kBtTA==") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f00000000c0)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c00000003000000010000000000000e0200000000000000000000000000000604000000002e"], 0x0, 0x37}, 0x20) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x2, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, r3, 0x0, 0x1}, 0x48) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="070000000400000008"], 0x50) 1.748289221s ago: executing program 5 (id=2816): bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x404, &(0x7f0000000580)={[{@max_batch_time={'max_batch_time', 0x3d, 0x4}}, {@max_batch_time={'max_batch_time', 0x3d, 0x2}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x6a}}, {@block_validity}, {@errors_remount}, {@nombcache}]}, 0x1, 0x44f, &(0x7f0000000640)="$eJzs28tvG8UfAPDvrpP219cvoSqPPoBAQVQ8kiYtpQcuIJA4gIQEh3IMSVqVug1qgkSrCAJC5YgqcUcckfgLOMEFASckrnBHlSoUIbVwMlp7N7Ed23nUiaH+fKRtZ3bXnfl6drwzO90A+tZI9kcSsTcifo2IoVq28YSR2l+3lxam/lpamEqiUnnjj6R63q2lhani1OJze4rMQET6SRKHW5Q7d+XqhclyeeZynh+bv/ju2NyVq8+cvzh5bubczKWJ06dPnhh/7tTEs12JM4vr1qEPZo8cfOWt669Nnbn+9o9fJ0X8TXF0yUing49XKl0urrf21aWTgR5WhA0p1bppDFb7/1CUYqXxhuLlj3taOWBLVSqVyn3tDy9WgLtYEr2uAdAbxY0+m//mW3Hr34bRR+/dfKE2Acpiv51vtSMDkebnDDbNb7tpJCLOLP79RbbFRp9DpFtUKQDgrvZtNv55umH8l48/0qh/LvT/fA1lOCLuiYj9EXEqIg5ExL0R1XPvj4gHWhWStC+/eZFk9fgnvbHp4NYhG/89n69tNY7/lgdXw6U8t68a/2By9nx55nj+nRyLwZ1ZfrxDGd+99Mtn7Y7Vj/+yLSu/GAvm9bgxsLPxM9OT85N3EnO9mx9FHBpoFX+yvBKQNd/BiDi0yTLOP/nVkSJ9uNR4bO34O+jCOlPly4gnau2/GE3xF5LO65Nj/4vyzPGx4qpY7aefr73ervw7ir8Lsvbf3fL6X45/OKlfr53beBnXfvu07Zxms9f/juTNhn3vT87PXx6P2JG8Wqt0/f6JpvMmVs7P4j92tHX/3x8r38Th7PpPIx6MiIci4uG87o9ExKMRcbRD/D+8+Ng7HeP/s138Ozv8q92RxT/d0P7FD1+79l9J7IjmPa0TpQvff9NQ6HBT/Gu2/8lq6li+Zz2/f+up1+auZgAAAPjvySb7eyNJR5fTaTo6Wvs//Adid1qenZt/6uzse5ema+8IDMdgWjzpGqp7HjqeT+uL/ERT/kT+3Pjz0q5qfnRqtjzd6+Chz+1p0/8zv5d6XTtgy3lfC/qX/g99q/49AKDPuP9D/2rR/3f1oh7A9mt1//+wB/UAtl9T/7fsB33E/B/6l/4P/Uv/h740tyvWfkleQmJVItJ/RTUktijR618mAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA7vgnAAD//wW66qg=") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'}) mount$nfs4(0x0, &(0x7f00000019c0)='.\x00', &(0x7f0000001a00), 0x10080, &(0x7f0000001a80)=ANY=[@ANYBLOB='noac']) 1.366427645s ago: executing program 6 (id=2817): r0 = io_uring_setup(0x61df, &(0x7f0000000300)={0x0, 0x4178, 0x40, 0x8001002, 0x3d7}) r1 = gettid() rt_sigtimedwait(&(0x7f0000000000)={[0xe]}, 0x0, 0x0, 0x8) tkill(r1, 0x4) close_range(r0, 0xffffffffffffffff, 0x0) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RGETLOCK(r4, &(0x7f0000000040)=ANY=[], 0xffffff6a) pipe2(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) tee(r3, r6, 0xfffffffffffffc01, 0x0) tee(r3, r6, 0x60000000000, 0x0) read$FUSE(r5, &(0x7f00000014c0)={0x2020}, 0x2020) 267.224107ms ago: executing program 5 (id=2818): bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f00000006c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000), 0x10}, 0x94) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000007c0)={0xa, 0x2, 0x0, @empty, 0x80000001}, 0x1c) setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4) sendto$inet6(r0, &(0x7f0000000340)="fb", 0x1, 0x20000845, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000100)={@in6={{0xa, 0x4e24, 0x0, @loopback, 0x1}}, 0x0, 0x0, 0x2, 0x0, "10baa70a93289349d889de25b87376f64276337642b890d33cb5b592266c5b98fb19402835fee1b3871b7ef6619db5b2a94edb6f73ea08b02aa3b47debd38b6d889a8c986b33eb49c3157f1f370dfd67"}, 0xd8) r1 = fsopen(&(0x7f0000000200)='fuseblk\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000040)='source', &(0x7f0000005fc0)='//\xf2/\x06\b/\xdf/o\xdc\xea\x95\x9a\x82\x10\x97W\x8f7\x98\x9b\\/\\\xf9\rmD\x94)U\xdb\x15X.I\n}\xf3\x9d\xe4_\x05\x9cqf4I^#b?9\xde\xafu\'\x83L\xe0\x97\xe1n_\xa4%\xb1\x97\x93\xafv\xce/\\\xb4L\xf2_\xa7\xfb\xf4\x84\x1fA\xeas^\xef\xa2\x85\xa3!\xfb\x93\xd7R\xab2\x1eW\xe9h\x9b\xf7ul\xf9D\xd4\x82X5\x13\xaa\x87\xf9\xba\xa9m\x14\x14R_\x9a\\>4\xce\x8e_#\xf8D\xb1\xdep\x01\xcc:\xa6\xc5n\xeb\xab\xf70\x99\xef\x8b4\xce\x8e_#\xf8D\xb1\xdep\x01\xcc:\xa6\xc5n\xeb\xab\xf70\x99\xef\x8b0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) close(r1) r2 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r2, 0x1, 0xf, &(0x7f0000000240)=0x409, 0x4) splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0) 227.722627ms ago: executing program 1 (id=2820): openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x42042, 0x85) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) r1 = fanotify_init(0xf00, 0x0) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000240)={0x1, &(0x7f0000000200)=[{0x6, 0xff, 0x7, 0x7fc00002}]}) syz_clone3(0x0, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffffffffe, 0x4031, 0xffffffffffffffff, 0x0) r3 = userfaultfd(0x80001) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, 0x0) r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x40000, 0x0) fcntl$notify(r4, 0x402, 0x1) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r2, 0xc0502100, &(0x7f0000000000)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r2, 0x40182103, &(0x7f0000000080)={r5, 0x1, r2, 0x4}) fanotify_mark(r1, 0x1, 0x10001011, r0, 0x0) 48.2374ms ago: executing program 6 (id=2821): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f00000000c0)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) timer_create(0x0, &(0x7f0000000680)={0x0, 0x21}, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r1, 0x0, r2, 0x0, 0x7, 0x0) r3 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, 0x0, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000009c0)=ANY=[@ANYBLOB="2400000001040102000000c9fd0000000000000008000340000100000500010001"], 0x24}}, 0x0) sendmsg$NFULNL_MSG_CONFIG(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)={0x1c, 0x1, 0x4, 0x3, 0x0, 0x0, {}, [@NFULA_CFG_CMD={0x5, 0x1, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x2400c010) 252.37µs ago: executing program 2 (id=2822): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r3, 0x1, &(0x7f0000000040)={{0x77359400}, {0x77359400}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_script(r2, 0x0, 0xb) splice(r4, 0x0, r2, 0x0, 0x1000, 0x0) splice(r1, 0x0, r5, 0x0, 0x80, 0x0) 0s ago: executing program 5 (id=2823): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0) write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000499000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f320f300f20e06635800000000f22e02b6aa6c8", 0x4a}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000740)={&(0x7f0000000040)=ANY=[@ANYBLOB="9feb010018000000000000001800000018000000050000000100000001000013"], 0x0, 0x35, 0x0, 0x1}, 0x28) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x2a7, 0x0, 0x0, 0x41100, 0x24, '\x00', 0x0, 0x0, r2, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3ff}, 0x94) ioctl$KVM_RUN(r3, 0xae80, 0x0) kernel console output (not intermixed with test programs): ] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 429.035545][T11563] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 429.057932][T11563] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 429.078245][T11563] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 429.087477][T11563] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 429.111251][T11563] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 429.272880][ T143] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 429.280783][ T143] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 429.378245][ T7243] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 429.387727][ T7243] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 429.593383][T11743] loop1: detected capacity change from 0 to 1024 [ 429.619914][T11743] EXT4-fs: Ignoring removed orlov option [ 429.690489][T11743] EXT4-fs (loop1): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 429.760768][T11743] ext4 filesystem being mounted at /105/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 429.973104][T11750] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters [ 430.765827][ T9564] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 430.946667][T11767] kvm: pic: non byte read [ 431.423385][T11767] kvm: pic: non byte read [ 431.545509][T11767] kvm: pic: non byte read [ 431.549969][T11767] kvm: pic: non byte read [ 431.593244][T11767] kvm: pic: non byte read [ 431.598915][T11767] kvm: pic: non byte read [ 431.643147][T11767] kvm: pic: non byte read [ 431.647688][T11767] kvm: pic: non byte read [ 431.652179][T11767] kvm: pic: non byte read [ 431.697128][T11767] kvm: pic: non byte read [ 432.326687][T11796] loop3: detected capacity change from 0 to 2048 [ 432.381983][T11796] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 432.892542][T11810] Bluetooth: MGMT ver 1.22 [ 434.039710][ T9865] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 434.234428][ T9865] usb 3-1: Using ep0 maxpacket: 16 [ 434.251017][ T9865] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 434.288704][ T9865] usb 3-1: config 1 has no interface number 1 [ 434.301037][ T9865] usb 3-1: config 1 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 434.340218][ T9865] usb 3-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0 [ 434.354450][ T9865] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 434.404595][ T9865] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 434.418462][ T9865] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 434.444776][ T9865] usb 3-1: Product: syz [ 434.451821][ T9865] usb 3-1: Manufacturer: syz [ 434.469394][ T9865] usb 3-1: SerialNumber: syz [ 434.727534][ T5817] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 434.931339][ T9865] usb 3-1: 2:1 : format type 0 is detected, processed as PCM [ 434.960333][ T5817] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 435.009353][ T5817] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 435.042892][ T5817] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 435.091778][ T5817] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 435.115739][ T5817] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 435.144227][ T5817] usb 4-1: config 0 descriptor?? [ 435.269831][T11863] netlink: 16166 bytes leftover after parsing attributes in process `syz.5.1219'. [ 435.340794][T11819] netlink: 340 bytes leftover after parsing attributes in process `syz.2.1209'. [ 435.609584][ T9865] usb 3-1: 2:1: cannot set freq 9338507 to ep 0x82 [ 435.630245][ T5817] plantronics 0003:047F:FFFF.0007: No inputs registered, leaving [ 435.634574][T11870] xt_hashlimit: max too large, truncated to 1048576 [ 435.859813][ T5817] plantronics 0003:047F:FFFF.0007: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 436.436386][ T9865] usb 3-1: USB disconnect, device number 5 [ 436.498558][ T5817] usb 4-1: USB disconnect, device number 10 [ 436.506610][T11873] plantronics 0003:047F:FFFF.0007: usb_submit_urb(ctrl) failed: -19 [ 436.584389][T11877] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1221'. [ 436.664881][T11878] udevd[11878]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 436.688453][T11872] fido_id[11872]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory [ 436.690115][T11877] ip6gre1: entered promiscuous mode [ 436.782967][T11877] ip6gre1: entered allmulticast mode [ 436.996661][T11885] netlink: 'syz.2.1221': attribute type 6 has an invalid length. [ 437.023521][T11885] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1221'. [ 437.330926][T11899] syzkaller0: entered promiscuous mode [ 437.348551][T11899] syzkaller0: entered allmulticast mode [ 438.873214][ T28] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 439.085372][ T28] usb 6-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 439.130445][ T28] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 439.154181][ T28] usb 6-1: config 0 descriptor?? [ 439.171944][ T28] cp210x 6-1:0.0: cp210x converter detected [ 440.069614][ T28] cp210x 6-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 440.194652][ T28] usb 6-1: cp210x converter now attached to ttyUSB0 [ 440.516008][ T1205] usb 6-1: USB disconnect, device number 5 [ 440.549017][ T1291] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.566132][ T1291] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.568155][ T1205] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 440.586333][ T1205] cp210x 6-1:0.0: device disconnected [ 440.807481][T11956] netlink: 'syz.3.1238': attribute type 1 has an invalid length. [ 440.879274][T11956] netlink: 16150 bytes leftover after parsing attributes in process `syz.3.1238'. [ 442.617821][T11565] Bluetooth: hci2: command 0x0406 tx timeout [ 444.443401][T12042] loop3: detected capacity change from 0 to 2048 [ 444.547165][T12042] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 444.639493][T12042] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4128793 free clusters [ 444.695577][T12042] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 34 with error 28 [ 444.728704][T12042] EXT4-fs (loop3): This should not happen!! Data will be lost [ 444.728704][T12042] [ 444.766182][T12042] EXT4-fs (loop3): Total free blocks count 0 [ 444.794841][T12042] EXT4-fs (loop3): Free/Dirty block details [ 444.800998][T12042] EXT4-fs (loop3): free_blocks=66060288 [ 444.844212][T12042] EXT4-fs (loop3): dirty_blocks=48 [ 444.849529][T12042] EXT4-fs (loop3): Block reservation details [ 444.859947][T12042] EXT4-fs (loop3): i_reserved_data_blocks=3 [ 444.967689][ T27] audit: type=1326 audit(1777940543.843:213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12041 comm="syz.3.1257" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff87419cdd9 code=0x0 [ 445.219924][ T11] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 4 with error 28 [ 445.814652][T12071] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1261'. [ 445.871936][T12076] loop3: detected capacity change from 0 to 512 [ 445.955759][T12076] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem [ 445.989345][T12076] EXT4-fs (loop3): can't mount with data=, fs mounted w/o journal [ 446.082911][T12078] netlink: 'syz.5.1261': attribute type 6 has an invalid length. [ 446.116542][T12078] netlink: 72 bytes leftover after parsing attributes in process `syz.5.1261'. [ 447.115975][ T27] audit: type=1326 audit(1777940545.993:214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12072 comm="syz.2.1262" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f56aa99cdd9 code=0x0 [ 447.557362][T12102] kvm: requested 13409 ns i8254 timer period limited to 200000 ns [ 447.623199][T12102] kvm: requested 6704 ns i8254 timer period limited to 200000 ns [ 447.657605][T12102] kvm: requested 124038 ns i8254 timer period limited to 200000 ns [ 447.692328][T12102] kvm: requested 164266 ns i8254 timer period limited to 200000 ns [ 447.727674][T12102] kvm: requested 120685 ns i8254 timer period limited to 200000 ns [ 447.748507][T12111] loop5: detected capacity change from 0 to 2048 [ 447.774374][T12102] kvm: requested 118171 ns i8254 timer period limited to 200000 ns [ 447.814862][T12102] kvm: requested 167619 ns i8254 timer period limited to 200000 ns [ 447.873847][T12111] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 447.897184][T12102] kvm: requested 139962 ns i8254 timer period limited to 200000 ns [ 447.937360][T12102] kvm: requested 113981 ns i8254 timer period limited to 200000 ns [ 447.951758][T12102] kvm: requested 100571 ns i8254 timer period limited to 200000 ns [ 447.980614][T12119] netlink: 16166 bytes leftover after parsing attributes in process `syz.1.1270'. [ 448.018283][T12111] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4128793 free clusters [ 448.073212][T12111] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 34 with error 28 [ 448.109281][T12111] EXT4-fs (loop5): This should not happen!! Data will be lost [ 448.109281][T12111] [ 448.151855][T12111] EXT4-fs (loop5): Total free blocks count 0 [ 448.180398][T12111] EXT4-fs (loop5): Free/Dirty block details [ 448.210558][T12111] EXT4-fs (loop5): free_blocks=66060288 [ 448.225633][T12111] EXT4-fs (loop5): dirty_blocks=48 [ 448.230909][ T27] audit: type=1326 audit(1777940547.103:215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12110 comm="syz.5.1269" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff8e6f9cdd9 code=0x0 [ 448.263022][T12111] EXT4-fs (loop5): Block reservation details [ 448.269660][T12111] EXT4-fs (loop5): i_reserved_data_blocks=3 [ 449.044558][ T7251] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 2 with error 28 [ 449.402222][T12146] loop5: detected capacity change from 0 to 256 [ 449.449485][T12146] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0xa05bf55d, utbl_chksum : 0xe619d30d) [ 449.793092][ T5817] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 449.923468][T12155] netlink: 'syz.2.1279': attribute type 4 has an invalid length. [ 449.992929][ T5817] usb 6-1: Using ep0 maxpacket: 16 [ 450.007351][T12157] netlink: 'syz.2.1279': attribute type 4 has an invalid length. [ 450.017509][ T5817] usb 6-1: config 1 has an invalid descriptor of length 8, skipping remainder of the config [ 450.044394][ T5817] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 450.081979][ T5817] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 450.103442][ T5817] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 450.130353][ T5817] usb 6-1: Product: syz [ 450.136614][ T5817] usb 6-1: Manufacturer: syz [ 450.141295][ T5817] usb 6-1: SerialNumber: syz [ 450.419337][ T5817] usb 6-1: 0:2 : does not exist [ 450.438006][ T5817] usb 6-1: 5:0: failed to get current value for ch 0 (-22) [ 450.561711][ T5817] usb 6-1: USB disconnect, device number 6 [ 450.677110][T10067] udevd[10067]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 451.404781][T12188] xt_hashlimit: max too large, truncated to 1048576 [ 452.857908][ T5779] Bluetooth: hci0: command 0x0406 tx timeout [ 456.167478][T12239] netlink: 'syz.3.1301': attribute type 1 has an invalid length. [ 456.188979][T12239] netlink: 'syz.3.1301': attribute type 2 has an invalid length. [ 459.073838][T12247] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 459.906292][T12287] binder: 12283:12287 ioctl c0306201 0 returned -14 [ 460.330174][T12293] fuse: Bad value for 'fd' [ 465.013039][ T5814] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 465.244535][ T5814] usb 4-1: Using ep0 maxpacket: 16 [ 465.266964][ T5814] usb 4-1: config 222 has an invalid interface number: 31 but max is 0 [ 465.286479][ T5814] usb 4-1: config 222 has no interface number 0 [ 465.312581][ T5814] usb 4-1: config 222 interface 31 altsetting 11 endpoint 0xE has an invalid bInterval 255, changing to 11 [ 465.357168][ T5814] usb 4-1: config 222 interface 31 altsetting 11 endpoint 0xE has invalid maxpacket 59391, setting to 1024 [ 465.399352][ T5814] usb 4-1: config 222 interface 31 has no altsetting 0 [ 465.427489][ T5814] usb 4-1: New USB device found, idVendor=0f11, idProduct=2030, bcdDevice=a9.fd [ 465.447387][ T5814] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 465.464199][ T5814] usb 4-1: Product: syz [ 465.472829][ T5814] usb 4-1: Manufacturer: syz [ 465.477501][ T5814] usb 4-1: SerialNumber: syz [ 465.513805][T12382] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 465.800820][ T5814] ldusb 4-1:222.31: LD USB Device #0 now attached to major 180 minor 0 [ 466.065106][ T5814] usb 4-1: USB disconnect, device number 11 [ 466.078380][ T5814] ldusb 4-1:222.31: LD USB Device #0 now disconnected [ 469.355648][T12483] tipc: Failed to remove unknown binding: 66,0,0/0:1686629177/1686629179 [ 469.374145][T12483] tipc: Failed to remove unknown binding: 66,0,0/0:1686629177/1686629178 [ 469.447865][T12483] tipc: Failed to remove unknown binding: 66,0,0/0:1686629177/1686629179 [ 469.528167][T12483] tipc: Failed to remove unknown binding: 66,0,0/0:1686629177/1686629178 [ 471.461223][T12521] netlink: 32 bytes leftover after parsing attributes in process `syz.5.1371'. [ 471.508421][T12521] netlink: 32 bytes leftover after parsing attributes in process `syz.5.1371'. [ 471.872358][T12563] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 472.074067][T12569] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1379'. [ 473.056243][T12596] autofs4:pid:12596:autofs_fill_super: called with bogus options [ 473.084480][T12598] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1388'. [ 473.161338][T12602] loop5: detected capacity change from 0 to 128 [ 473.249290][T12602] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 473.335984][T12602] ext4 filesystem being mounted at /47/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 473.656723][T11563] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 473.679650][T12619] loop3: detected capacity change from 0 to 2048 [ 473.769686][T12619] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 474.591915][T12643] syz.2.1397 (12643): attempted to duplicate a private mapping with mremap. This is not supported. [ 477.172338][T12669] loop5: detected capacity change from 0 to 8192 [ 477.210227][T12669] REISERFS warning (device loop5): super-6506 reiserfs_getopt: bad value "jou" for option "data" [ 477.210227][T12669] [ 477.665130][ T5779] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 477.678884][ T5779] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 477.688990][ T5779] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 477.725032][ T5779] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 477.739653][ T5779] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 477.747322][ T5779] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 478.477503][T12699] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 478.477503][T12699] The task syz.2.1401 (12699) triggered the difference, watch for misbehavior. [ 478.542625][T12681] chnl_net:caif_netlink_parms(): no params data found [ 478.877202][T12681] bridge0: port 1(bridge_slave_0) entered blocking state [ 478.893069][T12681] bridge0: port 1(bridge_slave_0) entered disabled state [ 478.900411][T12681] bridge_slave_0: entered allmulticast mode [ 478.925940][T12681] bridge_slave_0: entered promiscuous mode [ 478.961149][T12681] bridge0: port 2(bridge_slave_1) entered blocking state [ 478.980105][T12681] bridge0: port 2(bridge_slave_1) entered disabled state [ 478.993357][T12681] bridge_slave_1: entered allmulticast mode [ 479.011762][T12681] bridge_slave_1: entered promiscuous mode [ 479.110203][T12681] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 479.179947][T12681] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 479.421399][T12681] team0: Port device team_slave_0 added [ 479.499514][T12681] team0: Port device team_slave_1 added [ 479.659316][T12681] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 479.676688][T12681] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 479.725382][T12681] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 479.781013][T12681] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 479.804415][T12681] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 479.832886][ T5779] Bluetooth: hci0: command tx timeout [ 479.922997][T12681] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 480.080833][T12681] hsr_slave_0: entered promiscuous mode [ 480.099793][T12681] hsr_slave_1: entered promiscuous mode [ 480.108293][T12681] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 480.130121][T12681] Cannot create hsr debugfs directory [ 480.187772][T12741] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 481.893289][ T5779] Bluetooth: hci0: command tx timeout [ 483.793039][T12807] overlayfs: statfs failed on './file0' [ 483.911636][T12681] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 483.927242][T12681] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 483.947887][T12681] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 483.969157][T12681] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 483.983375][ T5779] Bluetooth: hci0: command tx timeout [ 484.359742][T12681] 8021q: adding VLAN 0 to HW filter on device bond0 [ 484.488566][T12681] 8021q: adding VLAN 0 to HW filter on device team0 [ 484.586261][ T1077] bridge0: port 1(bridge_slave_0) entered blocking state [ 484.593504][ T1077] bridge0: port 1(bridge_slave_0) entered forwarding state [ 484.675413][ T1077] bridge0: port 2(bridge_slave_1) entered blocking state [ 484.682634][ T1077] bridge0: port 2(bridge_slave_1) entered forwarding state [ 485.532008][T12681] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 485.692559][T12853] loop5: detected capacity change from 0 to 512 [ 485.740501][T12853] EXT4-fs (loop5): ext4_check_descriptors: Inode table for group 0 not in group (block 0)! [ 485.903063][T12853] EXT4-fs (loop5): group descriptors corrupted! [ 486.054435][ T5779] Bluetooth: hci0: command tx timeout [ 486.647562][T12681] veth0_vlan: entered promiscuous mode [ 486.719742][T12681] veth1_vlan: entered promiscuous mode [ 486.859468][T12681] veth0_macvtap: entered promiscuous mode [ 486.937574][T12681] veth1_macvtap: entered promiscuous mode [ 487.339742][T12681] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 487.603960][T12681] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 487.683057][T12681] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 487.762989][T12681] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 487.799851][T12681] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 487.810538][T12681] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 487.822298][T12681] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 487.854094][T12681] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 487.864696][T12681] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 487.882817][T12681] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 487.905242][T12681] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 487.945095][T12681] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 487.955448][T12681] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 487.982790][T12681] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 488.026433][T12681] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 488.117409][T12681] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 488.147553][T12681] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 488.172812][T12681] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 488.213547][T12681] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 488.230584][T12681] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 488.268354][T12681] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 488.286444][T12681] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 488.322994][T12681] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 488.359586][T12681] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 488.393666][T12681] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 488.410284][T12681] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 488.447153][T12681] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 488.459377][T12681] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 488.471013][T12681] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 488.526146][T12681] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 488.544487][T12893] netlink: 'syz.5.1444': attribute type 11 has an invalid length. [ 488.603568][T12681] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 488.635563][T12681] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 488.664214][T12681] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 488.693561][T12681] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 488.742631][T12897] tipc: Started in network mode [ 488.771893][T12897] tipc: Node identity 7f000001, cluster identity 4711 [ 488.794448][T12897] tipc: Enabled bearer , priority 10 [ 488.945679][T12897] tipc: Enabling of bearer rejected, failed to enable media [ 489.122949][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 489.138063][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 489.344546][ T7245] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 489.361301][ T7245] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 489.660236][T12922] syzkaller0: entered promiscuous mode [ 489.687829][T12922] syzkaller0: entered allmulticast mode [ 489.936768][ T28] tipc: Node number set to 2130706433 [ 492.389685][T12982] netlink: 'syz.2.1463': attribute type 1 has an invalid length. [ 492.550311][T12982] 8021q: adding VLAN 0 to HW filter on device bond3 [ 493.303452][T12984] bond3: (slave veth3): Enslaving as an active interface with a down link [ 493.726032][T12982] bond3: (slave veth5): Enslaving as an active interface with a down link [ 494.612948][ T28] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 494.815778][ T28] usb 6-1: Using ep0 maxpacket: 32 [ 494.838006][ T28] usb 6-1: config 0 has an invalid interface number: 8 but max is 0 [ 494.867639][ T28] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 494.912442][ T28] usb 6-1: config 0 has no interface number 0 [ 494.929491][ T28] usb 6-1: config 0 interface 8 altsetting 248 endpoint 0xD has invalid maxpacket 1024, setting to 64 [ 494.961233][ T28] usb 6-1: config 0 interface 8 altsetting 248 has 3 endpoint descriptors, different from the interface descriptor's value: 10 [ 495.012291][ T28] usb 6-1: config 0 interface 8 has no altsetting 0 [ 495.022928][ T28] usb 6-1: New USB device found, idVendor=04da, idProduct=390d, bcdDevice=2d.bb [ 495.032133][ T28] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 495.081120][ T28] usb 6-1: Product: syz [ 495.091265][ T28] usb 6-1: Manufacturer: syz [ 495.111618][ T28] usb 6-1: SerialNumber: syz [ 495.124197][ T28] usb 6-1: config 0 descriptor?? [ 495.415572][ T5779] Bluetooth: hci1: Malformed MSFT vendor event: 0x02 [ 495.512775][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 495.741183][ T28] ath6kl: Failed to submit usb control message: -71 [ 495.764616][ T28] ath6kl: unable to send the bmi data to the device: -71 [ 495.798424][ T28] ath6kl: Unable to send get target info: -71 [ 496.792241][ T28] ath6kl: Failed to init ath6kl core: -71 [ 496.855436][ T28] ath6kl_usb: probe of 6-1:0.8 failed with error -71 [ 496.983442][ T28] usb 6-1: USB disconnect, device number 7 [ 497.207857][T13051] netlink: 28 bytes leftover after parsing attributes in process `syz.8.1475'. [ 497.927853][T13072] xt_addrtype: both incoming and outgoing interface limitation cannot be selected [ 498.875829][ T5779] Bluetooth: hci1: Unknown advertising packet type: 0x14 [ 499.356188][T13095] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1487'. [ 502.233495][ T1291] ieee802154 phy0 wpan0: encryption failed: -22 [ 502.241477][ T1291] ieee802154 phy1 wpan1: encryption failed: -22 [ 502.542000][ T5779] Bluetooth: hci2: Unknown advertising packet type: 0x14 [ 503.653349][ T28] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 503.894222][ T28] usb 6-1: Using ep0 maxpacket: 16 [ 503.904555][ T28] usb 6-1: unable to get BOS descriptor or descriptor too short [ 503.925244][ T28] usb 6-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config [ 503.934169][T13148] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 503.954840][ T28] usb 6-1: config 8 has 0 interfaces, different from the descriptor's value: 1 [ 503.986039][ T28] usb 6-1: New USB device found, idVendor=0424, idProduct=c001, bcdDevice=e2.0c [ 504.012824][ T28] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 504.031468][ T28] usb 6-1: Product: syz [ 504.054720][ T28] usb 6-1: Manufacturer: syz [ 504.112920][ T28] usb 6-1: SerialNumber: syz [ 504.210751][T13148] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 504.367816][ T28] usb 6-1: USB disconnect, device number 8 [ 504.398449][T13165] loop8: detected capacity change from 0 to 512 [ 504.469593][T13148] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 504.501731][T13165] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 504.527022][T13165] ext4 filesystem being mounted at /16/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 504.723101][T13148] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 504.881804][T12681] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 504.903659][T13148] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 505.042311][T13148] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 505.143505][T13148] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 505.207818][T13148] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 506.921942][T13202] netlink: 'syz.8.1509': attribute type 11 has an invalid length. [ 507.774044][T13229] netlink: 8 bytes leftover after parsing attributes in process `syz.8.1518'. [ 509.592642][T13274] netlink: 'syz.1.1525': attribute type 12 has an invalid length. [ 509.656270][T13274] netlink: 'syz.1.1525': attribute type 29 has an invalid length. [ 509.720645][T13274] netlink: 148 bytes leftover after parsing attributes in process `syz.1.1525'. [ 509.731215][T13274] netlink: 59 bytes leftover after parsing attributes in process `syz.1.1525'. [ 509.926434][T13277] 9pnet: p9_errstr2errno: server reported unknown error 0x000000000 [ 510.531170][T13266] loop8: detected capacity change from 0 to 32768 [ 511.537770][T13266] JBD2: Ignoring recovery information on journal [ 511.795159][T13266] ocfs2: Mounting device (7,8) on (node local, slot 0) with ordered data mode. [ 512.246567][T12681] ocfs2: Unmounting device (7,8) on (node local) [ 512.910794][T13306] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1532'. [ 513.082846][T13312] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1532'. [ 513.303148][ T5779] Bluetooth: hci3: ACL packet for unknown connection handle 200 [ 513.328536][T13319] x_tables: duplicate underflow at hook 2 [ 515.065625][T13366] netlink: 4 bytes leftover after parsing attributes in process `syz.8.1542'. [ 515.117875][T13366] netdevsim netdevsim8 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 515.127295][T13366] netdevsim netdevsim8 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 515.136745][T13366] netdevsim netdevsim8 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 515.145707][T13366] netdevsim netdevsim8 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 515.260226][T13366] netlink: 4 bytes leftover after parsing attributes in process `syz.8.1542'. [ 515.589461][ T27] audit: type=1326 audit(1777940614.453:216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13375 comm="syz.8.1546" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c2699cdd9 code=0x7ffc0000 [ 515.819144][ T27] audit: type=1326 audit(1777940614.453:217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13375 comm="syz.8.1546" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=232 compat=0 ip=0x7f9c2699cdd9 code=0x7ffc0000 [ 515.892479][ T27] audit: type=1326 audit(1777940614.453:218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13375 comm="syz.8.1546" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c2699cdd9 code=0x7ffc0000 [ 515.917613][ T27] audit: type=1326 audit(1777940614.453:219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13375 comm="syz.8.1546" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c2699cdd9 code=0x7ffc0000 [ 515.979210][ T27] audit: type=1326 audit(1777940614.453:220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13375 comm="syz.8.1546" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=251 compat=0 ip=0x7f9c2699cdd9 code=0x7ffc0000 [ 516.570066][ T27] audit: type=1326 audit(1777940614.453:221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13375 comm="syz.8.1546" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c2699cdd9 code=0x7ffc0000 [ 516.722905][ T27] audit: type=1326 audit(1777940614.453:222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13375 comm="syz.8.1546" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c2699cdd9 code=0x7ffc0000 [ 516.851800][ T27] audit: type=1326 audit(1777940614.453:223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13375 comm="syz.8.1546" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f9c2699cdd9 code=0x7ffc0000 [ 516.962900][ T27] audit: type=1326 audit(1777940614.453:224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13375 comm="syz.8.1546" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c2699cdd9 code=0x7ffc0000 [ 517.018369][ T27] audit: type=1326 audit(1777940614.463:225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13375 comm="syz.8.1546" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f9c2695d60e code=0x7ffc0000 [ 518.601837][T13423] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1557'. [ 519.707538][T13450] create_pit_timer: 24 callbacks suppressed [ 519.707557][T13450] kvm: requested 1676 ns i8254 timer period limited to 200000 ns [ 519.770529][T13450] kvm: requested 838 ns i8254 timer period limited to 200000 ns [ 519.780936][T13438] syz.2.1561 (13438) used greatest stack depth: 17936 bytes left [ 519.800625][T13450] kvm: requested 13409 ns i8254 timer period limited to 200000 ns [ 519.827790][T13450] kvm: requested 53638 ns i8254 timer period limited to 200000 ns [ 519.856927][T13450] kvm: requested 41904 ns i8254 timer period limited to 200000 ns [ 519.876075][T13443] syz.2.1561 (13443) used greatest stack depth: 17608 bytes left [ 519.885306][T13450] kvm: requested 838 ns i8254 timer period limited to 200000 ns [ 519.924126][T13450] kvm: requested 108952 ns i8254 timer period limited to 200000 ns [ 519.944324][T13450] kvm: requested 838 ns i8254 timer period limited to 200000 ns [ 519.952198][T13450] kvm: requested 3352 ns i8254 timer period limited to 200000 ns [ 519.981478][T13450] kvm: requested 2514 ns i8254 timer period limited to 200000 ns [ 521.595256][T13489] netlink: 'syz.8.1572': attribute type 27 has an invalid length. [ 524.782852][ T0] NOHZ tick-stop error: local softirq work is pending, handler #82!!! [ 524.997227][T13548] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1584'. [ 525.296040][T13556] loop5: detected capacity change from 0 to 2048 [ 525.373172][T13556] UDF-fs: error (device loop5): udf_process_sequence: Primary Volume Descriptor not found! [ 525.413644][T13556] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 527.007644][T13586] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1590'. [ 528.122418][T13609] lo speed is unknown, defaulting to 1000 [ 528.135615][T13609] lo speed is unknown, defaulting to 1000 [ 528.147937][T13609] lo speed is unknown, defaulting to 1000 [ 528.234163][T13609] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 528.449990][T13609] lo speed is unknown, defaulting to 1000 [ 528.506526][T13619] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1598'. [ 528.527330][T13609] lo speed is unknown, defaulting to 1000 [ 528.562409][T13609] lo speed is unknown, defaulting to 1000 [ 528.591503][T13609] lo speed is unknown, defaulting to 1000 [ 528.618625][T13609] lo speed is unknown, defaulting to 1000 [ 528.649826][T13609] lo speed is unknown, defaulting to 1000 [ 528.665285][T13609] lo speed is unknown, defaulting to 1000 [ 528.681699][T13609] lo speed is unknown, defaulting to 1000 [ 528.705546][T13609] lo speed is unknown, defaulting to 1000 [ 530.263389][T13637] netlink: 40 bytes leftover after parsing attributes in process `syz.5.1603'. [ 530.303317][T13637] (unnamed net_device) (uninitialized): peer notification delay (2365) is not a multiple of miimon (4), value rounded to 2364 ms [ 530.522837][T13646] netlink: 40 bytes leftover after parsing attributes in process `syz.5.1603'. [ 530.560623][T13646] bond1: peer notification delay (2365) is not a multiple of miimon (4), value rounded to 2364 ms [ 530.750556][ T5779] Bluetooth: hci3: unexpected event for opcode 0x0404 [ 530.992664][T13664] bond1: entered allmulticast mode [ 532.256322][T13662] bond1: left allmulticast mode [ 540.221479][T13795] netem: change failed [ 540.607423][T13808] loop8: detected capacity change from 0 to 128 [ 542.771230][T13826] loop8: detected capacity change from 0 to 4096 [ 542.814820][T13826] EXT4-fs: inline encryption not supported [ 542.859784][T13826] EXT4-fs (loop8): Test dummy encryption mode enabled [ 542.904477][T13826] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a042c019, mo2=0003] [ 542.972992][T13826] System zones: 0-5 [ 543.021953][T13826] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 543.609238][T13851] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1652'. [ 543.745271][T13851] team1: entered promiscuous mode [ 543.750589][T13851] team1: entered allmulticast mode [ 543.763308][T13851] 8021q: adding VLAN 0 to HW filter on device team1 [ 543.785178][T13853] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1652'. [ 543.816496][T13853] team2 (uninitialized): Failed to send options change via netlink (err -105) [ 544.001172][T13853] team2: entered promiscuous mode [ 544.014193][T13853] team2: entered allmulticast mode [ 544.020357][T13853] 8021q: adding VLAN 0 to HW filter on device team2 [ 544.067048][T13826] netlink: 276 bytes leftover after parsing attributes in process `syz.8.1645'. [ 544.521695][T13868] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1656'. [ 544.584438][T12681] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 545.017784][T11565] Bluetooth: hci1: command 0x0406 tx timeout [ 547.104595][ T27] kauditd_printk_skb: 16 callbacks suppressed [ 547.104623][ T27] audit: type=1804 audit(1777940901.976:242): pid=13914 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.1667" name="bus" dev="ramfs" ino=41105 res=1 errno=0 [ 547.237117][ T27] audit: type=1804 audit(1777940902.066:243): pid=13916 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.1667" name="bus" dev="ramfs" ino=41105 res=1 errno=0 [ 548.167878][T13924] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1669'. [ 550.009863][T13945] overlayfs: failed to clone upperpath [ 550.108258][T13950] netlink: 'syz.1.1676': attribute type 1 has an invalid length. [ 550.290885][T13950] bond5: entered promiscuous mode [ 550.308472][T13950] 8021q: adding VLAN 0 to HW filter on device bond5 [ 550.445693][T13968] xt_TCPMSS: Only works on TCP SYN packets [ 550.458129][T13954] 8021q: adding VLAN 0 to HW filter on device bond5 [ 550.493440][T13954] bond5: (slave wireguard0): The slave device specified does not support setting the MAC address [ 550.504348][T13954] bond5: (slave wireguard0): Setting fail_over_mac to active for active-backup mode [ 550.521001][T13954] bond5: (slave wireguard0): making interface the new active one [ 550.533485][T13954] wireguard0: entered promiscuous mode [ 550.566796][T13954] bond5: (slave wireguard0): Enslaving as an active interface with an up link [ 550.665279][T13959] bond5: (slave wireguard1): The slave device specified does not support setting the MAC address [ 550.692385][T13959] bond5: (slave wireguard1): Enslaving as a backup interface with an up link [ 551.844320][T13985] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1685'. [ 551.863579][T13985] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1685'. [ 551.874866][T13985] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1685'. [ 551.884682][T13985] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1685'. [ 551.894138][T13985] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1685'. [ 552.016457][T13990] netlink: 'syz.2.1687': attribute type 12 has an invalid length. [ 552.820458][T14016] batman_adv: batadv0: Adding interface: dummy0 [ 552.827060][T14016] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 552.913297][T14016] batman_adv: batadv0: Interface activated: dummy0 [ 552.954210][T14017] batadv0: mtu less than device minimum [ 552.962323][T14017] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 552.976004][T14017] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 552.988936][T14017] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 553.001566][T14017] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 553.014453][T14017] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 553.027166][T14017] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 553.040683][T14017] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 553.053667][T14017] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 553.065504][T14017] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 554.755405][T14033] tipc: Failed to remove unknown binding: 66,1,1/0:2321941706/2321941708 [ 554.804491][T14033] tipc: Failed to remove unknown binding: 66,1,1/0:2321941706/2321941708 [ 554.879489][T14033] tipc: Failed to remove unknown binding: 66,1,1/0:2321941706/2321941708 [ 555.057740][T14040] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1698'. [ 555.191424][T14022] overlayfs: failed to clone lowerpath [ 555.547184][T14052] vlan3: entered promiscuous mode [ 555.563629][T14052] bridge0: entered promiscuous mode [ 555.613769][T14052] vlan3: entered allmulticast mode [ 555.731372][T14052] bridge0: entered allmulticast mode [ 555.843017][T14054] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1700'. [ 555.984538][T14052] bridge_slave_0: left allmulticast mode [ 556.000668][T14052] bridge_slave_0: left promiscuous mode [ 556.028691][T14052] bridge0: port 1(bridge_slave_0) entered disabled state [ 556.069271][T14052] bridge_slave_1: left allmulticast mode [ 556.110888][T14052] bridge_slave_1: left promiscuous mode [ 557.013558][T14052] bridge0: port 2(bridge_slave_1) entered disabled state [ 557.054803][T14052] bond0: (slave bond_slave_0): Releasing backup interface [ 557.100356][T14052] bond0: (slave bond_slave_1): Releasing backup interface [ 557.342084][T14052] team0: Port device team_slave_0 removed [ 557.418477][T14052] team0: Port device team_slave_1 removed [ 557.426902][T14052] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 557.440588][T14052] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 557.485351][T14052] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 557.518076][T14052] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 557.549061][T14052] bond2: (slave ip6gretap1): Removing an active aggregator [ 557.582644][T14052] bond2: (slave ip6gretap1): Releasing backup interface [ 557.598135][T14052] bond3: (slave veth3): Releasing active interface [ 557.605681][T14052] bond3: (slave veth3): the permanent HWaddr of slave - d6:c8:cb:02:46:e2 - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts [ 557.635769][T14052] bond3: (slave veth5): Releasing active interface [ 557.700416][T14061] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 557.712912][T14061] bond0: (slave macvlan2): Enslaving as an active interface with an up link [ 557.735090][T14062] bridge0: port 3(vlan2) entered blocking state [ 557.741794][T14062] bridge0: port 3(vlan2) entered disabled state [ 557.749179][T14062] vlan2: entered allmulticast mode [ 557.757479][T14062] bond0: entered allmulticast mode [ 557.767477][T14062] bond_slave_0: entered allmulticast mode [ 557.774217][T14062] bond_slave_1: entered allmulticast mode [ 557.780090][T14062] macvlan2: entered allmulticast mode [ 557.786016][T14062] team0: entered allmulticast mode [ 557.791268][T14062] team_slave_0: entered allmulticast mode [ 557.811597][T14062] team_slave_1: entered allmulticast mode [ 557.843648][T14062] vlan2: entered promiscuous mode [ 557.848944][T14062] bond0: entered promiscuous mode [ 557.867927][T14062] bond_slave_0: entered promiscuous mode [ 557.880810][T14062] bond_slave_1: entered promiscuous mode [ 557.892055][T14062] macvlan2: entered promiscuous mode [ 557.908103][T14062] team0: entered promiscuous mode [ 557.922642][T14062] team_slave_0: entered promiscuous mode [ 557.949548][T14062] team_slave_1: entered promiscuous mode [ 558.111117][T14078] ip_vti0: Master is either lo or non-ether device [ 561.659384][T14128] netlink: 'syz.8.1713': attribute type 1 has an invalid length. [ 561.837079][T14128] 8021q: adding VLAN 0 to HW filter on device bond1 [ 561.904976][T14129] netlink: 8 bytes leftover after parsing attributes in process `syz.8.1713'. [ 561.942925][T14129] bond1: up delay (136) is not a multiple of miimon (100), value rounded to 100 ms [ 562.066905][T14129] bond1: entered allmulticast mode [ 562.231541][T14128] bond1: (slave ip6gretap1): Enslaving as an active interface with an up link [ 562.757018][T14144] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 563.419217][ T1291] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.426432][ T1291] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.478355][ T9331] Process accounting resumed [ 564.685079][T14177] binder: 14176:14177 ioctl c0306201 200000000180 returned -14 [ 564.901327][ T27] audit: type=1326 audit(1777940919.776:244): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14180 comm="syz.2.1726" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f56aa99cdd9 code=0x0 [ 564.920316][T14182] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1727'. [ 565.932914][ T6547] IPVS: starting estimator thread 0... [ 566.033343][T14214] IPVS: using max 16 ests per chain, 38400 per kthread [ 567.072159][T14250] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1740'. [ 567.511024][T14248] netlink: 4 bytes leftover after parsing attributes in process `syz.8.1739'. [ 567.534893][T14248] veth0_macvtap: left promiscuous mode [ 567.846145][T14267] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1745'. [ 567.891486][T14270] netlink: 'syz.8.1746': attribute type 1 has an invalid length. [ 568.068544][T14270] bond2: (slave bridge1): Enslaving as a backup interface with an up link [ 568.288066][T14270] bond2: (slave bridge2): Enslaving as a backup interface with a down link [ 568.571147][T14286] Invalid ELF header magic: != ELF [ 571.336120][T14319] netlink: 'syz.1.1756': attribute type 3 has an invalid length. [ 571.655944][ T5779] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 571.665332][ T5779] Bluetooth: hci1: Injecting HCI hardware error event [ 571.679277][T11565] Bluetooth: hci1: hardware error 0x00 [ 572.654805][T14335] syzkaller0: entered promiscuous mode [ 572.677410][T14335] syzkaller0: entered allmulticast mode [ 573.662333][T14359] bond0: (slave rose0): refused to change device type [ 574.006239][T14373] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1772'. [ 574.187716][T14379] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1772'. [ 574.293509][T11565] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 577.696221][T14443] overlayfs: failed to clone upperpath [ 579.018876][ T27] audit: type=1326 audit(1777940933.886:245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14461 comm="syz.1.1788" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff78519cdd9 code=0x7fc00000 [ 579.123211][ T27] audit: type=1326 audit(1777940933.886:246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14461 comm="syz.1.1788" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7ff78519cdd9 code=0x7fc00000 [ 579.357496][ T27] audit: type=1326 audit(1777940934.236:247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14464 comm="syz.8.1789" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c2699cdd9 code=0x7fc00000 [ 579.734557][ T27] audit: type=1326 audit(1777940934.606:248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14464 comm="syz.8.1789" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f9c2693e159 code=0x7fc00000 [ 579.834094][T14452] bridge0: port 2(bridge_slave_1) entered disabled state [ 579.841902][T14452] bridge0: port 1(bridge_slave_0) entered disabled state [ 579.951691][T14452] batman_adv: batadv0: Interface deactivated: dummy0 [ 580.279606][T14452] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 580.300031][T14452] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 580.774673][T14452] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 580.784299][T14452] netdevsim netdevsim5 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 580.793830][T14452] netdevsim netdevsim5 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 580.805217][T14452] netdevsim netdevsim5 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 583.972474][T14529] team0: left allmulticast mode [ 583.982178][T14529] team_slave_0: left allmulticast mode [ 584.009249][T14529] team_slave_1: left allmulticast mode [ 584.025987][T14529] team0: left promiscuous mode [ 584.030945][T14529] team_slave_0: left promiscuous mode [ 584.067006][T14529] team_slave_1: left promiscuous mode [ 584.621062][T14553] vlan3: entered promiscuous mode [ 584.646859][T14553] bridge0: entered promiscuous mode [ 584.672077][T14553] vlan3: entered allmulticast mode [ 584.709229][T14553] bridge0: entered allmulticast mode [ 584.728732][T14557] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1805'. [ 584.820786][T14557] batman_adv: batadv0: Removing interface: dummy0 [ 584.857794][T14557] bridge_slave_0: left allmulticast mode [ 584.882860][T14557] bridge_slave_0: left promiscuous mode [ 584.888768][T14557] bridge0: port 1(bridge_slave_0) entered disabled state [ 585.003908][T14557] bridge_slave_1: left allmulticast mode [ 585.009649][T14557] bridge_slave_1: left promiscuous mode [ 585.063259][T14557] bridge0: port 2(bridge_slave_1) entered disabled state [ 585.111942][T14557] bond0: (slave bond_slave_0): Releasing backup interface [ 585.151699][T14557] bond0: (slave bond_slave_1): Releasing backup interface [ 585.185688][T14557] team0: Port device team_slave_0 removed [ 585.241715][T14557] team0: Port device team_slave_1 removed [ 585.272114][T14557] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 585.308073][T14557] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 586.431947][ T5779] Bluetooth: hci0: Invalid handle: 0xff00 > 0x0eff [ 586.456587][T14600] overlayfs: failed to clone upperpath [ 588.651577][T14637] vlan2: entered promiscuous mode [ 588.672857][T14637] bridge0: entered promiscuous mode [ 588.703278][T14637] vlan2: entered allmulticast mode [ 588.709136][T14637] bridge0: entered allmulticast mode [ 588.733124][T14640] netlink: 4 bytes leftover after parsing attributes in process `syz.8.1826'. [ 588.850260][T14637] bridge_slave_0: left allmulticast mode [ 588.894645][T14637] bridge_slave_0: left promiscuous mode [ 588.922820][T14637] bridge0: port 1(bridge_slave_0) entered disabled state [ 588.995627][T14637] bridge_slave_1: left allmulticast mode [ 589.001407][T14637] bridge_slave_1: left promiscuous mode [ 589.031467][T14637] bridge0: port 2(bridge_slave_1) entered disabled state [ 589.704779][T14637] bond0: (slave bond_slave_0): Releasing backup interface [ 589.790580][T14637] bond0: (slave bond_slave_1): Releasing backup interface [ 590.042524][T14637] team0: Port device team_slave_0 removed [ 590.087340][T14637] team0: Port device team_slave_1 removed [ 590.116380][T14637] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 590.155246][T14637] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 590.204303][T14637] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 590.243033][T14637] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 590.312040][T14637] bond1: (slave ip6gretap1): Releasing active interface [ 591.263966][T14637] bond2: (slave bridge1): Releasing backup interface [ 591.286965][T14637] bond2: (slave bridge1): the permanent HWaddr of slave - 06:b3:c0:39:59:b0 - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts [ 591.426537][T14637] bond2: (slave bridge2): Releasing backup interface [ 591.865690][T14676] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1837'. [ 592.306625][T14687] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1841'. [ 592.495610][ T5815] IPVS: starting estimator thread 0... [ 592.602973][T14692] IPVS: using max 19 ests per chain, 45600 per kthread [ 593.384431][T14709] netlink: 'syz.1.1846': attribute type 9 has an invalid length. [ 593.393822][T14709] netlink: 399 bytes leftover after parsing attributes in process `syz.1.1846'. [ 594.506782][T14721] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1851'. [ 594.537644][T14721] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1851'. [ 595.841222][T14750] loop8: detected capacity change from 0 to 512 [ 595.884811][T14750] EXT4-fs (loop8): 1 truncate cleaned up [ 595.891443][T14750] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 596.330875][T14769] batadv_slave_0: entered promiscuous mode [ 596.804136][T12681] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 596.866436][T14779] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 596.894046][T14779] CIFS mount error: No usable UNC path provided in device string! [ 596.894046][T14779] [ 596.904685][T14779] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 598.003137][T14789] netlink: 'syz.2.1867': attribute type 1 has an invalid length. [ 598.041693][T14789] 8021q: adding VLAN 0 to HW filter on device bond4 [ 598.250002][T14789] bond4: (slave dummy0): making interface the new active one [ 598.360807][T14789] bond4: (slave dummy0): Enslaving as an active interface with an up link [ 598.405903][T14795] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1867'. [ 601.339908][ T5779] Bluetooth: hci0: command 0x0406 tx timeout [ 602.638897][T14849] loop8: detected capacity change from 0 to 256 [ 603.028277][T14849] exFAT-fs (loop8): error, invalid dentry access beyond EOF (clu : 5, eidx : 129) [ 603.097889][T14849] exFAT-fs (loop8): Filesystem has been set read-only [ 603.125070][T14854] exFAT-fs (loop8): error, bogus directory size (clus : ondisk(2) != counted(1)) [ 603.692642][T14861] netlink: 'syz.8.1882': attribute type 1 has an invalid length. [ 604.685888][ T7241] netdevsim netdevsim9 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 606.133797][ T7241] netdevsim netdevsim9 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 606.327919][ T7241] netdevsim netdevsim9 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 606.596412][ T7241] netdevsim netdevsim9 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 606.861651][T14894] netlink: 'syz.5.1892': attribute type 1 has an invalid length. [ 607.073250][T14894] bond2: entered promiscuous mode [ 607.099724][T14894] bond2: entered allmulticast mode [ 607.108226][T14896] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1892'. [ 607.239601][T14896] bridge2: the hash_elasticity option has been deprecated and is always 16 [ 607.337413][T14896] bond2: (slave bridge2): making interface the new active one [ 607.399806][T14896] bridge2: entered promiscuous mode [ 607.413761][T14896] bridge2: entered allmulticast mode [ 607.448223][T14896] bond2: (slave bridge2): Enslaving as an active interface with an up link [ 607.491979][T14902] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 607.597807][T14900] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1892'. [ 607.639023][T14900] bond2: left promiscuous mode [ 607.654391][T14900] bridge2: left promiscuous mode [ 607.667948][T14900] bond2: left allmulticast mode [ 607.683086][T14900] bridge2: left allmulticast mode [ 607.703803][T14900] 8021q: adding VLAN 0 to HW filter on device bond2 [ 607.759020][T14907] tipc: Started in network mode [ 607.773875][T14907] tipc: Node identity ac14142f, cluster identity 4711 [ 607.791371][T14907] tipc: New replicast peer: 0.0.0.0 [ 607.814940][T14907] tipc: Enabled bearer , priority 10 [ 607.935320][T14908] tipc: New replicast peer: 0000:0000:0000:0000:0000:0000:0000:0000 [ 608.249764][ T7241] tipc: Disabling bearer [ 608.290214][ T7241] tipc: Left network mode [ 608.995854][ T9860] tipc: Node number set to 2886997039 [ 609.917455][T14947] tipc: Failed to remove unknown binding: 66,0,0/0:2795626538/2795626540 [ 609.941692][T14947] tipc: Failed to remove unknown binding: 66,0,0/0:2795626538/2795626539 [ 609.958399][T14947] tipc: Failed to remove unknown binding: 66,0,0/0:2795626538/2795626540 [ 610.001960][T14947] tipc: Failed to remove unknown binding: 66,0,0/0:2795626538/2795626539 [ 610.320835][T14956] netlink: 'syz.5.1909': attribute type 1 has an invalid length. [ 610.396051][T14956] 8021q: adding VLAN 0 to HW filter on device bond3 [ 610.461485][T14958] vlan3: entered allmulticast mode [ 610.467854][T14958] bond3: entered allmulticast mode [ 610.599996][T11565] Bluetooth: hci2: unexpected event for opcode 0x2043 [ 610.621018][T14961] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 610.658261][T14961] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 610.692904][T14961] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 610.737533][T14961] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 610.831212][T14961] bond3: (slave geneve2): making interface the new active one [ 610.912565][T14961] geneve2: entered allmulticast mode [ 610.930552][T14961] bond3: (slave geneve2): Enslaving as an active interface with an up link [ 612.700092][ T7241] hsr_slave_0: left promiscuous mode [ 613.088440][ T7241] hsr_slave_1: left promiscuous mode [ 613.157870][ T7241] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 613.241741][ T7241] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 613.413850][ T7241] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 613.421681][ T7241] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 613.601969][ T7241] bridge_slave_1: left allmulticast mode [ 613.669471][ T7241] bridge_slave_1: left promiscuous mode [ 613.779239][ T7241] bridge0: port 2(bridge_slave_1) entered disabled state [ 613.912267][ T7241] bridge_slave_0: left allmulticast mode [ 613.983231][ T7241] bridge_slave_0: left promiscuous mode [ 613.989038][ T7241] bridge0: port 1(bridge_slave_0) entered disabled state [ 614.235409][ T7241] veth1_macvtap: left promiscuous mode [ 614.241353][ T7241] veth0_macvtap: left promiscuous mode [ 614.251710][ T7241] veth0_vlan: left promiscuous mode [ 614.837017][ T7241] bond1 (unregistering): (slave geneve2): Releasing active interface [ 616.582470][ T7241] bond1 (unregistering): Released all slaves [ 617.106123][T11565] Bluetooth: hci0: ACL packet too small [ 617.579092][T15043] SET target dimension over the limit! [ 619.188735][ T7241] team0 (unregistering): Port device team_slave_1 removed [ 619.308041][ T7241] team0 (unregistering): Port device team_slave_0 removed [ 619.397765][ T7241] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 619.489767][ T7241] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 620.288027][ T7241] bond0 (unregistering): Released all slaves [ 620.461188][T15055] workqueue: Failed to create a rescuer kthread for wq "bond5": -EINTR [ 620.485697][T15056] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1935'. [ 620.848234][T15068] loop8: detected capacity change from 0 to 512 [ 620.858036][T15059] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1935'. [ 620.957850][T15068] EXT4-fs: Ignoring removed i_version option [ 620.967239][T15068] EXT4-fs: Ignoring removed bh option [ 621.628618][T15068] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 621.715628][T15068] ext4 filesystem being mounted at /111/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 622.110831][T12681] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 622.323951][T15092] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1943'. [ 623.499932][T15119] netlink: 'syz.5.1948': attribute type 1 has an invalid length. [ 623.509672][T15119] netlink: 'syz.5.1948': attribute type 4 has an invalid length. [ 623.518273][T15119] netlink: 15334 bytes leftover after parsing attributes in process `syz.5.1948'. [ 624.941227][ T1291] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.953593][ T1291] ieee802154 phy1 wpan1: encryption failed: -22 [ 625.601311][T15155] netlink: 'syz.5.1965': attribute type 4 has an invalid length. [ 629.709281][T15251] xt_HMARK: spi-set and port-set can't be combined [ 631.187659][ T27] audit: type=1326 audit(1777940986.066:249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15267 comm="syz.5.1987" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8e6f9cdd9 code=0x7fc00000 [ 631.273853][ T27] audit: type=1326 audit(1777940986.066:250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15267 comm="syz.5.1987" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7ff8e6f9cdd9 code=0x7fc00000 [ 631.306582][T15277] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 631.451830][T15277] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 631.588923][T15277] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 631.757209][T15277] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 631.836581][ T27] audit: type=1326 audit(1777940986.716:251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15289 comm="syz.1.1991" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff78519cdd9 code=0x7ffc0000 [ 631.913002][ T27] audit: type=1326 audit(1777940986.746:252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15289 comm="syz.1.1991" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff78519cdd9 code=0x7ffc0000 [ 631.991939][ T27] audit: type=1326 audit(1777940986.776:253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15289 comm="syz.1.1991" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff78519cdd9 code=0x7ffc0000 [ 632.063205][T15277] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 632.090483][ T27] audit: type=1326 audit(1777940986.776:254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15289 comm="syz.1.1991" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff78519cdd9 code=0x7ffc0000 [ 632.148928][T15277] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 632.322978][ T27] audit: type=1326 audit(1777940986.776:255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15289 comm="syz.1.1991" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff78519cdd9 code=0x7ffc0000 [ 632.375767][T15277] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 632.423274][ T27] audit: type=1326 audit(1777940986.776:256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15289 comm="syz.1.1991" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=426 compat=0 ip=0x7ff78519cdd9 code=0x7ffc0000 [ 632.470200][T15277] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 632.490667][ T27] audit: type=1326 audit(1777940986.826:257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15289 comm="syz.1.1991" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7ff78515d60e code=0x7ffc0000 [ 632.540293][ T27] audit: type=1326 audit(1777940986.836:258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15289 comm="syz.1.1991" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7ff78515d60e code=0x7ffc0000 [ 633.126673][T15315] netlink: 8 bytes leftover after parsing attributes in process `syz.8.1997'. [ 634.440244][T15332] team1: left promiscuous mode [ 634.455208][T15332] team1: left allmulticast mode [ 634.460997][T15332] team2: left promiscuous mode [ 634.467089][T15332] team2: left allmulticast mode [ 634.599081][T15332] vlan3: left allmulticast mode [ 634.606432][T15332] bond3: left allmulticast mode [ 634.616100][T15339] netlink: 'syz.2.2004': attribute type 1 has an invalid length. [ 634.624397][T15332] geneve2: left allmulticast mode [ 634.630193][T15339] netlink: 193500 bytes leftover after parsing attributes in process `syz.2.2004'. [ 634.641984][T15332] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 634.651450][T15332] netdevsim netdevsim5 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 634.672905][T15332] netdevsim netdevsim5 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 634.691890][T15332] netdevsim netdevsim5 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 635.119614][T15349] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2007'. [ 635.137706][T15349] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2007'. [ 636.793244][T15368] SET target dimension over the limit! [ 637.300544][T15375] bond4: entered allmulticast mode [ 637.326812][T15375] dvmrp8: entered allmulticast mode [ 637.381424][T15373] bond4: left allmulticast mode [ 641.577629][T15434] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2025'. [ 641.788280][T15438] bond1: left promiscuous mode [ 641.828012][T15438] veth3: left promiscuous mode [ 641.842941][T15438] bond1: left allmulticast mode [ 641.858531][T15438] veth3: left allmulticast mode [ 641.873594][T15438] bond2: left allmulticast mode [ 641.892938][T15438] bond3: left allmulticast mode [ 641.910151][T15438] bond5: left promiscuous mode [ 641.993424][T15438] wireguard0: left promiscuous mode [ 643.123842][T15446] netlink: 'syz.5.2025': attribute type 5 has an invalid length. [ 643.131688][T15446] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2025'. [ 645.262997][T15467] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2029'. [ 645.302879][T15467] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2029'. [ 645.363624][T15469] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2029'. [ 648.549178][T15512] Cannot find add_set index 0 as target [ 649.283218][T15510] netlink: 44 bytes leftover after parsing attributes in process `syz.1.2040'. [ 649.812747][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 649.873861][T15510] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2040'. [ 649.913306][T15510] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2040'. [ 651.716826][T15550] xt_TPROXY: Can be used only with -p tcp or -p udp [ 651.767683][ T7251] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 651.778870][ T7251] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 652.908164][ T7251] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 652.941867][ T7251] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 652.971498][T15567] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2054'. [ 652.983536][T15567] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2054'. [ 653.185658][ T7251] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 653.212953][ T7251] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 654.175036][ T7251] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 654.241581][ T7251] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 654.321949][T15577] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 657.999674][T15655] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2074'. [ 658.191848][T15661] netlink: 36 bytes leftover after parsing attributes in process `syz.5.2077'. [ 658.562222][T15679] netlink: 'syz.8.2080': attribute type 27 has an invalid length. [ 658.682311][T15679] net_ratelimit: 10 callbacks suppressed [ 658.682322][T15679] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 661.164789][T15695] lo speed is unknown, defaulting to 1000 [ 661.371179][T15707] syzkaller0: entered promiscuous mode [ 661.383005][T15707] syzkaller0: entered allmulticast mode [ 662.975415][ T7251] hsr_slave_0: left promiscuous mode [ 662.997270][ T7251] hsr_slave_1: left promiscuous mode [ 663.017884][ T7251] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 663.061403][ T7251] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 663.108323][ T7251] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 663.147027][ T7251] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 663.168521][ T7251] bridge_slave_1: left allmulticast mode [ 663.175083][ T7251] bridge_slave_1: left promiscuous mode [ 663.180986][ T7251] bridge0: port 2(bridge_slave_1) entered disabled state [ 663.211294][ T7251] bridge_slave_0: left allmulticast mode [ 663.219125][ T7251] bridge_slave_0: left promiscuous mode [ 663.230744][ T7251] bridge0: port 1(bridge_slave_0) entered disabled state [ 663.345564][ T7251] veth1_macvtap: left promiscuous mode [ 663.351436][ T7251] veth0_macvtap: left promiscuous mode [ 663.368429][ T7251] veth1_vlan: left promiscuous mode [ 663.378607][ T7251] veth0_vlan: left promiscuous mode [ 664.131134][ T27] kauditd_printk_skb: 53 callbacks suppressed [ 664.131177][ T27] audit: type=1107 audit(1777941018.996:312): pid=15739 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 664.966127][ T7251] bond1 (unregistering): Released all slaves [ 665.929957][ T7251] team0 (unregistering): Port device team_slave_1 removed [ 666.041437][ T7251] team0 (unregistering): Port device team_slave_0 removed [ 666.125061][ T7251] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 666.206007][ T7251] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 666.872026][ T7251] bond0 (unregistering): Released all slaves [ 667.113265][T15749] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2096'. [ 667.133841][T15749] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2096'. [ 669.688036][T15789] tipc: Enabling of bearer rejected, already enabled [ 669.887778][T15796] tipc: Enabled bearer , priority 0 [ 669.969367][T15798] gretap0: entered promiscuous mode [ 674.977386][T15860] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2121'. [ 675.018043][T15860] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2121'. [ 675.655341][T15881] netlink: 'syz.1.2126': attribute type 11 has an invalid length. [ 677.212996][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 677.715763][T15905] netlink: 4 bytes leftover after parsing attributes in process `syz.8.2131'. [ 682.642958][T15989] xt_TPROXY: Can be used only with -p tcp or -p udp [ 682.945640][T15991] openvswitch: netlink: Key 22 has unexpected len 2 expected 4 [ 683.092865][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 685.544921][T16019] netlink: 12 bytes leftover after parsing attributes in process `syz.8.2160'. [ 685.924916][T16030] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2162'. [ 685.996050][T16032] bond2: (slave bridge2): Releasing active interface [ 686.213787][T16032] bond3: (slave geneve2): Releasing active interface [ 686.310883][ T1291] ieee802154 phy0 wpan0: encryption failed: -22 [ 686.317942][ T1291] ieee802154 phy1 wpan1: encryption failed: -22 [ 687.033180][T16035] team0: Mode changed to "loadbalance" [ 689.415884][T16061] netlink: 'syz.2.2170': attribute type 4 has an invalid length. [ 689.557636][ T9860] lo speed is unknown, defaulting to 1000 [ 690.282037][T16078] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2173'. [ 694.091487][T16128] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2186'. [ 694.164697][T16128] netdevsim netdevsim5 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 694.173704][T16128] netdevsim netdevsim5 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 694.182539][T16128] netdevsim netdevsim5 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 694.191530][T16128] netdevsim netdevsim5 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 694.235278][T16128] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2186'. [ 694.362226][T16133] netlink: 1363 bytes leftover after parsing attributes in process `syz.1.2187'. [ 696.933557][T16176] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2196'. [ 697.508288][T16185] UBIFS error (pid: 16185): cannot open "ubifs", error -22 [ 700.969761][T16220] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2208'. [ 708.073436][T16310] 9pnet: p9_errstr2errno: server reported unknown error Àñ'IÓ$íÛ·=¼¼ [ 709.915974][T16335] loop8: detected capacity change from 0 to 1024 [ 710.302885][ T27] audit: type=1804 audit(1777941321.176:313): pid=16347 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.2233" name="file0" dev="ramfs" ino=47103 res=1 errno=0 [ 711.493335][ T27] audit: type=1326 audit(1777941322.366:314): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16354 comm="syz.1.2237" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff78519cdd9 code=0x7fc00000 [ 711.560126][ T27] audit: type=1326 audit(1777941322.366:315): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16354 comm="syz.1.2237" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7ff78519cdd9 code=0x7fc00000 [ 711.878079][T16364] netlink: 12 bytes leftover after parsing attributes in process `syz.8.2238'. [ 712.226766][T11565] block nbd0: Receive control failed (result -1) [ 713.277786][T16377] lo speed is unknown, defaulting to 1000 [ 714.074399][T16392] netlink: 156 bytes leftover after parsing attributes in process `syz.8.2244'. [ 714.479943][T16400] loop8: detected capacity change from 0 to 2048 [ 714.531231][T16400] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 714.648090][T16404] netlink: 220 bytes leftover after parsing attributes in process `syz.1.2246'. [ 716.994543][T12681] UDF-fs: error (device loop8): udf_read_inode: (ino 1) failed !bh [ 717.136478][T12681] UDF-fs: error (device loop8): udf_read_inode: (ino 1) failed !bh [ 721.964959][ T5779] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 721.981115][ T5779] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 721.991814][ T5779] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 722.001178][ T5779] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 722.010448][ T5779] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 722.018143][ T5779] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 724.053907][ T5779] Bluetooth: hci0: command tx timeout [ 725.416789][T16475] netdevsim netdevsim2 eth0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 725.439355][T16475] netdevsim netdevsim2 eth1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 725.453795][T16475] netdevsim netdevsim2 eth2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 725.462317][T16475] netdevsim netdevsim2 eth3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 726.063859][T16487] netlink: 'syz.5.2265': attribute type 39 has an invalid length. [ 726.135444][ T5779] Bluetooth: hci0: command tx timeout [ 726.266851][T16481] lo speed is unknown, defaulting to 1000 [ 726.444696][T16514] VFS: Mount too revealing [ 726.829230][T16481] chnl_net:caif_netlink_parms(): no params data found [ 727.133013][T16481] bridge0: port 1(bridge_slave_0) entered blocking state [ 727.140395][T16481] bridge0: port 1(bridge_slave_0) entered disabled state [ 727.183249][T16481] bridge_slave_0: entered allmulticast mode [ 727.215397][T16481] bridge_slave_0: entered promiscuous mode [ 727.246941][T16481] bridge0: port 2(bridge_slave_1) entered blocking state [ 727.273102][T16481] bridge0: port 2(bridge_slave_1) entered disabled state [ 727.290565][T16481] bridge_slave_1: entered allmulticast mode [ 727.311210][T16481] bridge_slave_1: entered promiscuous mode [ 727.390447][T16545] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2276'. [ 727.497010][T16481] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 727.557880][T16481] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 727.683914][T16481] team0: Port device team_slave_0 added [ 727.715219][T16481] team0: Port device team_slave_1 added [ 727.771913][T16481] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 727.792848][ T27] audit: type=1804 audit(1777941338.656:316): pid=16555 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.2277" name="file0" dev="ramfs" ino=47608 res=1 errno=0 [ 727.833117][T16481] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 727.872722][T16481] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 727.903061][T16481] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 727.920425][T16481] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 728.012744][T16481] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 728.102796][T16561] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2279'. [ 728.190621][T16570] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2279'. [ 728.280281][ T5779] Bluetooth: hci0: command tx timeout [ 728.449293][T16481] hsr_slave_0: entered promiscuous mode [ 728.471699][T16481] hsr_slave_1: entered promiscuous mode [ 728.501950][T16481] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 728.536698][T16481] Cannot create hsr debugfs directory [ 729.730997][T16481] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 730.206192][T16583] netlink: 'syz.1.2281': attribute type 10 has an invalid length. [ 730.500209][ T5779] Bluetooth: hci0: command tx timeout [ 730.681942][T16481] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 730.986086][T16481] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 731.318617][T16481] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 731.801141][T16481] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 731.831198][T16481] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 731.856847][T16481] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 731.881567][T16481] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 732.199832][T16481] 8021q: adding VLAN 0 to HW filter on device bond0 [ 732.276946][T16481] 8021q: adding VLAN 0 to HW filter on device team0 [ 732.315904][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 732.323324][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 732.439819][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 732.447144][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 733.193608][T16644] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2294'. [ 733.450486][T16638] 8021q: adding VLAN 0 to HW filter on device bond0 [ 733.490498][T16638] 8021q: adding VLAN 0 to HW filter on device team0 [ 733.532083][T16638] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 734.948380][T16649] 8021q: adding VLAN 0 to HW filter on device bond0 [ 734.994747][T16649] bridge0: port 3(vlan2) entered blocking state [ 735.001303][T16649] bridge0: port 3(vlan2) entered listening state [ 735.024629][T16649] 8021q: adding VLAN 0 to HW filter on device team0 [ 735.033706][T16649] tipc: Resetting bearer [ 735.049161][T16649] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 735.076544][T16651] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2296'. [ 736.702780][T16676] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2301'. [ 736.828041][T16481] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 738.499618][T16481] veth0_vlan: entered promiscuous mode [ 738.554614][T16481] veth1_vlan: entered promiscuous mode [ 738.677069][T16481] veth0_macvtap: entered promiscuous mode [ 738.729179][T16481] veth1_macvtap: entered promiscuous mode [ 738.817841][T16481] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 738.846117][T16481] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 739.473432][T16481] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 739.752743][T16481] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 739.787631][T16481] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 739.833931][T16481] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 739.922070][T16481] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 739.965315][T16481] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 740.002932][T16481] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 740.053400][T16481] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 740.100367][T16481] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 740.128502][T16481] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 740.173217][T16481] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 740.191790][T16481] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 740.221110][T16736] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2311'. [ 740.344868][T16737] bridge1: port 1(veth9) entered blocking state [ 740.357486][T16737] bridge1: port 1(veth9) entered disabled state [ 740.385477][T16737] veth9: entered allmulticast mode [ 740.392334][T16737] veth9: entered promiscuous mode [ 740.443735][T16740] bridge1: port 2(veth0_to_bond) entered blocking state [ 740.450989][T16740] bridge1: port 2(veth0_to_bond) entered disabled state [ 740.493902][T16740] veth0_to_bond: entered allmulticast mode [ 740.501591][T16740] veth0_to_bond: entered promiscuous mode [ 740.525038][T16481] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 740.553098][T16481] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 740.561999][T16481] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 740.589749][T16481] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 740.887335][T16762] bond4: entered allmulticast mode [ 740.925661][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 740.946857][T16762] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2317'. [ 740.983793][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 741.979342][T16760] bond4: left allmulticast mode [ 741.993234][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 742.001215][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 747.754439][ T1291] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.760821][ T1291] ieee802154 phy1 wpan1: encryption failed: -22 [ 747.820221][T16829] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2333'. [ 747.840364][T16832] batman_adv: batadv0: adding TT local entry 66:ff:f2:fc:ff:ff to non-existent VLAN 815 [ 747.864443][T16830] lo speed is unknown, defaulting to 1000 [ 747.922892][T16832] batman_adv: batadv0: adding TT local entry 66:ff:f2:fc:ff:ff to non-existent VLAN 815 [ 747.967197][T16832] batman_adv: batadv0: adding TT local entry 66:ff:f2:fc:ff:ff to non-existent VLAN 815 [ 747.996872][T16832] batman_adv: batadv0: adding TT local entry 66:ff:f2:fc:ff:ff to non-existent VLAN 815 [ 748.047405][T16832] batman_adv: batadv0: adding TT local entry 66:ff:f2:fc:ff:ff to non-existent VLAN 815 [ 748.094935][T16832] batman_adv: batadv0: adding TT local entry 66:ff:f2:fc:ff:ff to non-existent VLAN 815 [ 748.132880][T16832] batman_adv: batadv0: adding TT local entry 66:ff:f2:fc:ff:ff to non-existent VLAN 815 [ 748.176448][T16832] batman_adv: batadv0: adding TT local entry 66:ff:f2:fc:ff:ff to non-existent VLAN 815 [ 748.249948][T16832] batman_adv: batadv0: adding TT local entry 66:ff:f2:fc:ff:ff to non-existent VLAN 815 [ 748.300408][T16832] batman_adv: batadv0: adding TT local entry 66:ff:f2:fc:ff:ff to non-existent VLAN 815 [ 750.856392][T16884] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2344'. [ 751.145214][T16886] bond6: (slave gretap0): Enslaving as an active interface with an up link [ 751.290088][T16893] bond6 (unregistering): (slave gretap0): Releasing backup interface [ 751.384997][T16893] bond6 (unregistering): Released all slaves [ 752.122540][T16921] netdevsim netdevsim6 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 752.131609][T16921] netdevsim netdevsim6 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 752.140577][T16921] netdevsim netdevsim6 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 752.149516][T16921] netdevsim netdevsim6 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 752.225718][T16921] netdevsim netdevsim6 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 752.235179][T16921] netdevsim netdevsim6 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 752.244236][T16921] netdevsim netdevsim6 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 752.253221][T16921] netdevsim netdevsim6 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 752.298064][ T27] audit: type=1326 audit(1777941363.176:317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16929 comm="syz.5.2355" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8e6f9cdd9 code=0x7ffc0000 [ 752.373060][T16927] netlink: 'syz.1.2354': attribute type 1 has an invalid length. [ 752.393015][ T27] audit: type=1326 audit(1777941363.176:318): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16929 comm="syz.5.2355" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8e6f9cdd9 code=0x7ffc0000 [ 752.463185][ T27] audit: type=1326 audit(1777941363.226:319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16929 comm="syz.5.2355" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8e6f9cdd9 code=0x7ffc0000 [ 752.487987][ T27] audit: type=1326 audit(1777941363.226:320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16929 comm="syz.5.2355" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8e6f9cdd9 code=0x7ffc0000 [ 752.518269][ T27] audit: type=1326 audit(1777941363.226:321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16929 comm="syz.5.2355" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7ff8e6f5d60e code=0x7ffc0000 [ 752.564563][T16927] 8021q: adding VLAN 0 to HW filter on device bond6 [ 752.603525][ T27] audit: type=1326 audit(1777941363.226:322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16929 comm="syz.5.2355" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8e6f9cdd9 code=0x7ffc0000 [ 752.611081][T16928] netdevsim netdevsim6 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 752.638800][T16928] netdevsim netdevsim6 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 752.647745][T16928] netdevsim netdevsim6 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 752.656584][T16928] netdevsim netdevsim6 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 752.860782][ T27] audit: type=1326 audit(1777941363.226:323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16929 comm="syz.5.2355" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8e6f9cdd9 code=0x7ffc0000 [ 752.914297][ T27] audit: type=1326 audit(1777941363.236:324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16929 comm="syz.5.2355" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8e6f9cdd9 code=0x7ffc0000 [ 753.059746][T16928] netdevsim netdevsim6 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 753.068883][T16928] netdevsim netdevsim6 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 753.077941][T16928] netdevsim netdevsim6 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 753.087041][T16928] netdevsim netdevsim6 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 753.097824][ T27] audit: type=1326 audit(1777941363.236:325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16929 comm="syz.5.2355" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=32 compat=0 ip=0x7ff8e6f9cdd9 code=0x7ffc0000 [ 753.241973][ T27] audit: type=1326 audit(1777941363.236:326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16929 comm="syz.5.2355" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8e6f9cdd9 code=0x7ffc0000 [ 753.552541][T16930] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2354'. [ 753.561786][T16930] bond6: entered promiscuous mode [ 753.581325][T16930] bond6: entered allmulticast mode [ 753.639100][T16935] bond6: (slave dummy0): making interface the new active one [ 753.663132][T16935] dummy0: entered promiscuous mode [ 753.670089][T16935] dummy0: entered allmulticast mode [ 753.692497][T16935] bond6: (slave dummy0): Enslaving as an active interface with an up link [ 754.395105][T16969] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2361'. [ 754.556433][T16969] bridge4: port 1(veth9) entered blocking state [ 754.569200][T16969] bridge4: port 1(veth9) entered disabled state [ 754.605160][T16969] veth9: entered allmulticast mode [ 754.624015][T16969] veth9: entered promiscuous mode [ 754.649862][T16974] bridge4: port 2(veth0_to_bond) entered blocking state [ 754.680557][T16974] bridge4: port 2(veth0_to_bond) entered disabled state [ 754.736899][T16974] veth0_to_bond: entered allmulticast mode [ 754.806930][T16974] veth0_to_bond: entered promiscuous mode [ 755.081929][T16984] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2367'. [ 756.172039][T17013] xt_bpf: check failed: parse error [ 757.406840][ T27] kauditd_printk_skb: 86 callbacks suppressed [ 757.406859][ T27] audit: type=1326 audit(1777941368.286:413): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17001 comm="syz.6.2371" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd861f9cdd9 code=0x7ffc0000 [ 757.418427][T17027] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 757.480670][ T27] audit: type=1326 audit(1777941368.326:414): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17001 comm="syz.6.2371" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd861f9cdd9 code=0x7ffc0000 [ 757.638873][ T27] audit: type=1326 audit(1777941368.506:415): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17001 comm="syz.6.2371" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd861f9cdd9 code=0x7ffc0000 [ 757.704201][T17027] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 757.710334][ T27] audit: type=1326 audit(1777941368.516:416): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17001 comm="syz.6.2371" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fd861f9cdd9 code=0x7ffc0000 [ 757.748164][T17027] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 757.785955][ T27] audit: type=1326 audit(1777941368.516:417): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17001 comm="syz.6.2371" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd861f9cdd9 code=0x7ffc0000 [ 757.822812][ T27] audit: type=1326 audit(1777941368.516:418): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17001 comm="syz.6.2371" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd861f9cdd9 code=0x7ffc0000 [ 757.912226][ T27] audit: type=1326 audit(1777941368.516:419): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17001 comm="syz.6.2371" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd861f9cdd9 code=0x7ffc0000 [ 757.993711][ T27] audit: type=1326 audit(1777941368.516:420): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17001 comm="syz.6.2371" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd861f9cdd9 code=0x7ffc0000 [ 758.207018][ T27] audit: type=1326 audit(1777941368.516:421): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17001 comm="syz.6.2371" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=33 compat=0 ip=0x7fd861f9cdd9 code=0x7ffc0000 [ 758.266250][ T27] audit: type=1326 audit(1777941368.516:422): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17001 comm="syz.6.2371" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd861f9cdd9 code=0x7ffc0000 [ 758.395572][T17042] Device name cannot be null; rc = [-22] [ 759.156184][T17045] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2378'. [ 759.854004][ T5779] Bluetooth: hci2: Malformed LE Event: 0x0d [ 761.550566][T17080] virtio-fs: tag not found [ 762.559098][T17091] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2391'. [ 762.664340][T17093] tipc: Enabling of bearer rejected, failed to enable media [ 762.766792][T17091] bond5: (slave vcan1): refused to change device type [ 765.015243][ C1] bridge0: port 3(vlan2) entered learning state [ 765.556075][T17126] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2398'. [ 766.595679][T17135] random: crng reseeded on system resumption [ 768.053928][T17148] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2405'. [ 768.837989][T17163] vxcan0: entered allmulticast mode [ 770.303514][T17191] xt_nat: multiple ranges no longer supported [ 770.823610][T17194] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 770.911795][T17200] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 770.953792][T17194] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 771.070357][T17207] bridge_slave_0: left allmulticast mode [ 771.089572][T17207] bridge_slave_0: left promiscuous mode [ 771.095785][T17207] bridge0: port 1(bridge_slave_0) entered disabled state [ 771.115386][T17207] bridge_slave_1: left allmulticast mode [ 771.121368][T17207] bridge_slave_1: left promiscuous mode [ 771.140432][T17207] bridge0: port 2(bridge_slave_1) entered disabled state [ 771.179076][T17207] bond0: (slave bond_slave_0): Releasing backup interface [ 771.307834][T17207] bond0: (slave bond_slave_1): Releasing backup interface [ 771.427135][T17207] team0: Port device team_slave_0 removed [ 771.454323][T17207] team0: Port device team_slave_1 removed [ 771.476822][T17207] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 771.492339][T17207] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 771.518391][T17207] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 771.532551][T17207] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 775.998558][T17262] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2432'. [ 777.782384][T17286] netlink: 'syz.6.2440': attribute type 5 has an invalid length. [ 784.223066][ T7444] IPVS: starting estimator thread 0... [ 784.372902][T17366] IPVS: using max 16 ests per chain, 38400 per kthread [ 785.271980][T17373] lo speed is unknown, defaulting to 1000 [ 786.824203][T17408] netlink: 'syz.1.2463': attribute type 1 has an invalid length. [ 786.886535][T17408] bond7: entered promiscuous mode [ 786.891989][T17408] 8021q: adding VLAN 0 to HW filter on device bond7 [ 786.975370][T17408] vlan3: entered allmulticast mode [ 786.980592][T17408] bond7: entered allmulticast mode [ 787.011451][T17408] bond7: (slave bridge2): making interface the new active one [ 787.033023][T17408] bridge2: entered promiscuous mode [ 787.038490][T17408] bridge2: entered allmulticast mode [ 787.054610][T17408] bond7: (slave bridge2): Enslaving as an active interface with an up link [ 787.542261][T17418] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2465'. [ 787.641697][T17421] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2465'. [ 787.879990][T17434] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2469'. [ 787.989131][T17389] overlayfs: failed to clone upperpath [ 788.039905][T17434] netlink: 63 bytes leftover after parsing attributes in process `syz.6.2469'. [ 792.508942][T17538] netlink: 24 bytes leftover after parsing attributes in process `syz.6.2484'. [ 795.093871][ C1] bridge0: port 3(vlan2) entered forwarding state [ 795.100452][ C1] bridge0: topology change detected, propagating [ 798.234273][T17550] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2486'. [ 798.778188][T17571] tipc: Resetting bearer [ 798.794507][T17571] bond6: (slave dummy0): Releasing active interface [ 798.801297][T17571] dummy0: left promiscuous mode [ 798.823161][T17571] dummy0: left allmulticast mode [ 798.885851][T17571] bridge_slave_0: left allmulticast mode [ 798.933953][T17571] bridge_slave_0: left promiscuous mode [ 798.940805][T17571] bridge0: port 1(bridge_slave_0) entered disabled state [ 798.989690][T17571] bridge_slave_1: left allmulticast mode [ 799.011045][T17571] bridge_slave_1: left promiscuous mode [ 799.083966][T17571] bridge0: port 2(bridge_slave_1) entered disabled state [ 799.189203][T17571] vlan2: left promiscuous mode [ 799.282914][T17571] bond0: left promiscuous mode [ 799.389590][T17571] bond_slave_0: left promiscuous mode [ 799.625321][T17571] bond_slave_1: left promiscuous mode [ 799.631086][T17571] macvlan2: left promiscuous mode [ 799.785423][T17571] veth0_to_bond: left allmulticast mode [ 799.791092][T17571] veth0_to_bond: left promiscuous mode [ 799.852161][T17571] bridge1: port 2(veth0_to_bond) entered disabled state [ 799.974528][T17571] bond0: (slave bond_slave_0): Releasing backup interface [ 800.020021][T17571] bond_slave_0: left allmulticast mode [ 800.072556][T17571] bond0: (slave bond_slave_1): Releasing backup interface [ 800.176468][T17571] bond_slave_1: left allmulticast mode [ 801.535102][T17571] team0: Port device team_slave_0 removed [ 801.816420][T17571] team0: Port device team_slave_1 removed [ 801.826253][T17571] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 801.870152][T17571] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 801.954312][T17571] bond1: (slave veth3): Releasing backup interface [ 801.985757][T17571] bond2: (slave bond3): Releasing backup interface [ 801.997638][T17571] bond5: (slave wireguard0): Releasing backup interface [ 802.014158][T17571] bond5: (slave wireguard1): making interface the new active one [ 802.036001][T17571] bond5: (slave wireguard1): Releasing backup interface [ 802.046383][T17571] bond0: (slave macvlan2): Releasing backup interface [ 802.057993][T17571] macvlan2: left allmulticast mode [ 802.065525][T17571] vlan2: left allmulticast mode [ 802.070458][T17571] bond0: left allmulticast mode [ 802.076080][T17571] bridge0: port 3(vlan2) entered disabled state [ 802.087363][T17571] veth9: left allmulticast mode [ 802.092294][T17571] veth9: left promiscuous mode [ 802.098039][T17571] bridge1: port 1(veth9) entered disabled state [ 802.228155][T17571] bond7: (slave bridge2): Releasing backup interface [ 802.236495][T17571] bridge2: left promiscuous mode [ 802.241684][T17571] bridge2: left allmulticast mode [ 802.320679][T17599] xt_hashlimit: size too large, truncated to 1048576 [ 802.328489][T17599] x_tables: ip6_tables: TCPMSS target: only valid for protocol 6 [ 803.260840][T17572] team0: Mode changed to "broadcast" [ 803.432919][T17584] netlink: 'syz.6.2494': attribute type 10 has an invalid length. [ 803.526593][T17584] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 803.586881][T17602] netlink: 'syz.5.2498': attribute type 4 has an invalid length. [ 803.646554][T17602] netlink: 'syz.5.2498': attribute type 4 has an invalid length. [ 803.810417][T17601] netlink: 'syz.5.2498': attribute type 4 has an invalid length. [ 803.950117][T17613] netlink: 'syz.2.2501': attribute type 13 has an invalid length. [ 807.556283][ T143] wlan1: Trigger new scan to find an IBSS to join [ 808.123013][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 809.211774][ T1291] ieee802154 phy0 wpan0: encryption failed: -22 [ 809.218803][ T1291] ieee802154 phy1 wpan1: encryption failed: -22 [ 812.344117][T17729] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 812.353176][T17729] overlayfs: missing 'lowerdir' [ 812.972256][ T143] wlan1: Trigger new scan to find an IBSS to join [ 814.200694][T17743] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2526'. [ 818.161820][T17249] wlan1: Creating new IBSS network, BSSID 32:5a:bd:63:95:0d [ 826.328276][T17863] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2548'. [ 826.390744][T17861] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2549'. [ 826.438857][T17861] bond0: option arp_validate: invalid value (191) [ 826.494990][T17863] bond6: entered promiscuous mode [ 826.500121][T17863] bond6: entered allmulticast mode [ 826.506937][T17867] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2550'. [ 826.534058][T17867] bridge3: entered promiscuous mode [ 826.545530][T17867] bridge3: entered allmulticast mode [ 826.598460][T17867] team0: Port device bridge3 added [ 826.703452][T17249] tipc: Resetting bearer [ 826.823870][T17867] bridge0: port 1(team0) entered blocking state [ 826.857179][T17867] bridge0: port 1(team0) entered disabled state [ 826.877569][T17867] team0: entered allmulticast mode [ 826.894330][T17867] team0: left allmulticast mode [ 827.063049][T17882] netlink: 'syz.6.2554': attribute type 13 has an invalid length. [ 829.118022][T17901] netlink: 'syz.1.2556': attribute type 1 has an invalid length. [ 829.309597][T17901] 8021q: adding VLAN 0 to HW filter on device bond8 [ 829.331105][T17905] macvlan3: entered promiscuous mode [ 829.384450][T17905] macvlan3: entered allmulticast mode [ 829.416321][T17905] bond8: entered promiscuous mode [ 829.433915][T17905] 8021q: adding VLAN 0 to HW filter on device macvlan3 [ 829.481522][T17905] bond8: left promiscuous mode [ 829.640636][T17908] bond8: (slave ip6gretap1): making interface the new active one [ 829.730833][T17908] bond8: (slave ip6gretap1): Enslaving as an active interface with an up link [ 829.835459][T17917] bridge0: port 1(macvlan2) entered blocking state [ 829.867710][T17917] bridge0: port 1(macvlan2) entered disabled state [ 829.898780][T17917] macvlan2: entered allmulticast mode [ 829.942885][T17917] ip6gretap0: entered allmulticast mode [ 830.044685][T17917] macvlan2: entered promiscuous mode [ 830.157821][T17917] bridge0: port 1(macvlan2) entered blocking state [ 830.164633][T17917] bridge0: port 1(macvlan2) entered forwarding state [ 830.182710][T17923] net_ratelimit: 600 callbacks suppressed [ 830.182731][T17923] openvswitch: netlink: ufid size 17 bytes exceeds the range (1, 16) [ 830.954823][ T5779] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 830.967110][ T5779] Bluetooth: hci2: Injecting HCI hardware error event [ 830.979170][ T5779] Bluetooth: hci2: hardware error 0x00 [ 831.935423][T17950] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2565'. [ 832.026247][T17954] netlink: 'syz.2.2566': attribute type 1 has an invalid length. [ 832.085444][T17950] 8021q: adding VLAN 0 to HW filter on device bond9 [ 832.211186][T17958] bond9: entered promiscuous mode [ 832.225885][T17958] bond9: entered allmulticast mode [ 832.339726][T17958] 8021q: adding VLAN 0 to HW filter on device bond9 [ 832.370523][T17958] team0: Port device bond9 added [ 833.413184][ T5779] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 833.490566][ T7253] tipc: Resetting bearer [ 833.561979][T17975] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2571'. [ 833.688294][T17950] vxcan3: entered promiscuous mode [ 833.704992][T17950] bond9: (slave vxcan3): refused to change device type [ 834.028868][T17984] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2573'. [ 834.083159][T17984] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2573'. [ 834.087697][T17989] netlink: zone id is out of range [ 834.122816][T17989] netlink: zone id is out of range [ 834.138924][T17989] netlink: zone id is out of range [ 834.149052][T17989] netlink: zone id is out of range [ 834.166100][T17989] netlink: zone id is out of range [ 834.180159][T17989] netlink: zone id is out of range [ 834.193431][T17989] netlink: zone id is out of range [ 834.201053][T17989] netlink: zone id is out of range [ 834.229461][T17989] netlink: zone id is out of range [ 835.056769][T18023] lo: Caught tx_queue_len zero misconfig [ 844.289065][T18118] IPVS: sync thread started: state = BACKUP, mcast_ifn = vcan0, syncid = 0, id = 0 [ 844.494340][T18122] veth0_to_bond: left allmulticast mode [ 844.500050][T18122] veth0_to_bond: left promiscuous mode [ 844.506216][T18122] bridge4: port 2(veth0_to_bond) entered disabled state [ 844.581872][T18122] veth9: left allmulticast mode [ 844.587042][T18122] veth9: left promiscuous mode [ 844.592107][T18122] bridge4: port 1(veth9) entered disabled state [ 847.377601][ T5779] Bluetooth: hci0: command 0x0406 tx timeout [ 847.813387][T18181] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 847.822307][T18181] overlayfs: missing 'lowerdir' [ 848.162366][ T7253] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 848.733497][T18190] 8021q: VLANs not supported on ip6gre0 [ 850.503327][T18208] netlink: 'syz.1.2618': attribute type 1 has an invalid length. [ 850.665882][T18208] 8021q: adding VLAN 0 to HW filter on device bond10 [ 853.407482][T18255] xt_TPROXY: Can be used only with -p tcp or -p udp [ 854.308404][T18254] lo speed is unknown, defaulting to 1000 [ 854.383115][T18267] netlink: 'syz.2.2627': attribute type 9 has an invalid length. [ 854.612851][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 857.084021][T18284] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2631'. [ 858.622713][T18309] netlink: 'syz.1.2636': attribute type 1 has an invalid length. [ 858.789174][T18309] 8021q: adding VLAN 0 to HW filter on device bond11 [ 859.045291][T18312] bond11: (slave veth11): Enslaving as an active interface with a down link [ 859.145922][T18316] bond11: (slave dummy0): making interface the new active one [ 859.156055][T18316] dummy0: entered promiscuous mode [ 859.161929][T18316] bond11: (slave dummy0): Enslaving as an active interface with an up link [ 859.179359][T18317] netlink: 14 bytes leftover after parsing attributes in process `syz.1.2636'. [ 859.287030][T18317] bond11: (slave dummy0): Releasing active interface [ 859.329868][T18317] dummy0 (unregistering): left promiscuous mode [ 859.573253][T18328] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2630'. [ 861.650749][T18356] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2641'. [ 861.964364][T18356] 8021q: adding VLAN 0 to HW filter on device bond4 [ 863.033268][T18357] bond4: entered promiscuous mode [ 863.038400][T18357] bond4: entered allmulticast mode [ 863.085145][T18357] 8021q: adding VLAN 0 to HW filter on device bond4 [ 863.132472][T18357] team0: Port device bond4 added [ 863.174778][T18359] vxcan1: entered promiscuous mode [ 863.180144][T18359] bond4: (slave vxcan1): refused to change device type [ 863.763470][T18368] ptrace attach of "ci2-linux-6-6-kasan/syz-executor exec"[18372] was attempted by "ci2-linux-6-6-kasan/syz-executor exec"[18368] [ 867.197698][T18402] bond4: (slave dummy0): Releasing active interface [ 868.534393][ T1205] net_ratelimit: 24 callbacks suppressed [ 868.534412][ T1205] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 869.721469][ T7444] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 869.976226][ T143] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 870.619494][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 871.086626][ T1291] ieee802154 phy0 wpan0: encryption failed: -22 [ 871.097403][ T1291] ieee802154 phy1 wpan1: encryption failed: -22 [ 871.132515][ T7444] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 871.654981][ T5815] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 871.793194][T18472] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2670'. [ 872.200672][ T7444] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 872.535955][ T143] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 872.545897][ T7444] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 874.488006][ T8] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 875.109595][ T27] kauditd_printk_skb: 18 callbacks suppressed [ 875.109612][ T27] audit: type=1326 audit(1777941741.986:441): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18494 comm="syz.2.2675" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f56aa99cdd9 code=0x0 [ 875.619330][T18498] "syz.1.2674" (18498) uses obsolete ecb(arc4) skcipher [ 875.633159][ T8] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 875.649816][ T5837] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 875.660404][ T1205] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 875.830763][ T27] audit: type=1326 audit(1777941742.606:442): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18494 comm="syz.2.2675" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f56aa99cdd9 code=0x0 [ 875.856016][ T7237] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 877.103497][ T7444] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 877.498459][T18523] lo: Caught tx_queue_len zero misconfig [ 878.299183][ T143] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 878.339967][ T1205] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 878.547466][ T8] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 878.556653][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 879.897290][ T7262] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 880.236437][ T7444] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 881.363936][ T8] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 881.653060][ T1205] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 882.772805][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 883.422197][ T7251] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 883.468502][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 883.653108][ T7241] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 883.662262][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 883.958825][ T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 884.569351][ T8] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 885.933142][ T8] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 886.504794][T18615] lo speed is unknown, defaulting to 1000 [ 887.022084][ T7444] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 887.031115][ T1205] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 888.120234][ T7444] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 888.800576][T18663] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2711'. [ 888.857737][T18657] netlink: 64 bytes leftover after parsing attributes in process `syz.5.2709'. [ 888.922501][T18663] 8021q: adding VLAN 0 to HW filter on device bond2 [ 889.081259][T18666] bond2: entered promiscuous mode [ 889.099423][T18666] bond2: entered allmulticast mode [ 889.173576][ T8] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 889.182221][ T8] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 889.190959][ T8] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 889.203141][T18666] 8021q: adding VLAN 0 to HW filter on device bond2 [ 889.217414][ T5815] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 889.229168][ T7444] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 889.292759][T18666] team0: Port device bond2 added [ 889.386129][T18663] bond0: entered promiscuous mode [ 889.438908][T18663] mac80211_hwsim hwsim38 wlan1: entered promiscuous mode [ 889.529680][T18663] 8021q: adding VLAN 0 to HW filter on device bond0 [ 889.640302][T18663] bond0: entered allmulticast mode [ 889.645742][T18663] mac80211_hwsim hwsim38 wlan1: entered allmulticast mode [ 889.662049][T18663] bond2: (slave bond0): Enslaving as an active interface with an up link [ 890.746755][ T7444] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 891.977974][ T5837] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 892.293790][ T9859] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 893.172863][ T5837] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 893.190176][T18713] netlink: 'syz.5.2721': attribute type 11 has an invalid length. [ 893.198861][T18713] netlink: 36 bytes leftover after parsing attributes in process `syz.5.2721'. [ 893.601614][T18718] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 893.614162][ T9859] IPVS: starting estimator thread 0... [ 893.764251][T18725] IPVS: using max 18 ests per chain, 43200 per kthread [ 894.578313][ T7444] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 895.091704][ T7251] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 895.155838][ T7251] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 895.169969][ T5837] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 896.537878][ T1198] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 896.546705][ T7444] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 897.645881][ T7444] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 898.741331][ T7444] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 898.828564][T18770] netlink: 24 bytes leftover after parsing attributes in process `syz.6.2736'. [ 898.983410][T18772] tipc: Enabled bearer , priority 0 [ 901.110958][ T5815] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 901.665082][ T7237] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 901.684547][ T7253] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 901.694003][ T5815] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 901.741228][ T7444] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 901.775571][ T7444] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 902.804809][ T1198] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 903.693575][T18815] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2742'. [ 904.739119][ T5837] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 905.012910][ T9859] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 905.350391][T18833] netlink: 'syz.6.2745': attribute type 1 has an invalid length. [ 905.413006][T18833] 8021q: adding VLAN 0 to HW filter on device bond3 [ 905.654622][T18839] bond3: (slave veth7): Enslaving as an active interface with a down link [ 906.273382][T18833] bond3: (slave dummy0): making interface the new active one [ 906.404989][T18833] dummy0: entered promiscuous mode [ 906.472256][T18829] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 906.481684][T18833] bond3: (slave dummy0): Enslaving as an active interface with an up link [ 906.592819][T18833] netlink: 14 bytes leftover after parsing attributes in process `syz.6.2745'. [ 907.070503][ T7243] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 907.097925][ T7245] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 907.173014][ T7444] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 907.485559][T18829] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 907.544687][T18829] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 907.564081][T18833] bond3: (slave dummy0): Releasing active interface [ 907.570984][T18833] dummy0 (unregistering): left promiscuous mode [ 907.855749][T18868] netlink: 'syz.1.2749': attribute type 21 has an invalid length. [ 907.864474][T18868] netlink: 128 bytes leftover after parsing attributes in process `syz.1.2749'. [ 907.873606][T18868] netlink: 3 bytes leftover after parsing attributes in process `syz.1.2749'. [ 907.882965][T18870] netlink: 'syz.1.2749': attribute type 21 has an invalid length. [ 907.918534][T18870] netlink: 128 bytes leftover after parsing attributes in process `syz.1.2749'. [ 907.938212][T18870] netlink: 3 bytes leftover after parsing attributes in process `syz.1.2749'. [ 909.136940][ T5837] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 910.770863][ T5815] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 910.949598][ T1198] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 911.344189][ T1077] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 912.198979][ T7444] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 915.643033][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 915.851929][T18829] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 915.883391][T18859] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 915.901726][ T1205] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 915.911762][ T9859] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 915.926210][ T1198] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 915.953247][ T7245] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 916.484583][T18939] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2765'. [ 916.975481][ T1198] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 917.041003][T18943] vlan2: entered allmulticast mode [ 917.059347][T18943] bridge2: entered allmulticast mode [ 917.194733][T18944] bridge2: port 1(erspan0) entered blocking state [ 917.201449][T18944] bridge2: port 1(erspan0) entered disabled state [ 917.406332][T18944] erspan0: entered allmulticast mode [ 917.917585][T18944] erspan0: entered promiscuous mode [ 918.010299][T18944] bridge2: port 1(erspan0) entered blocking state [ 918.017083][T18944] bridge2: port 1(erspan0) entered forwarding state [ 918.213913][T18829] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 919.696266][ T9859] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 919.716170][ T1198] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 921.095328][T18858] net_ratelimit: 1 callbacks suppressed [ 921.095347][T18858] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 921.256932][T17944] Bluetooth: hci0: unexpected event for opcode 0x080d [ 922.786855][ T5814] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 926.107789][ T5761] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 926.113002][T17944] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 926.127241][T17944] Bluetooth: hci0: Injecting HCI hardware error event [ 926.141213][ T5779] Bluetooth: hci0: hardware error 0x00 [ 926.293989][ T7245] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 926.305330][ T7243] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 928.337744][ T5779] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 929.844466][ T9859] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 932.054237][T18859] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 932.062674][T18859] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 932.075081][ T1291] ieee802154 phy0 wpan0: encryption failed: -22 [ 932.084310][ T1291] ieee802154 phy1 wpan1: encryption failed: -22 [ 932.853371][ T5761] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 933.606322][T19128] ref_ctr going negative. vaddr: 0x200000ffd002, curr val: -2360, delta: 1 [ 933.632395][T19128] ref_ctr increment failed for inode: 0x270 offset: 0x5 ref_ctr_offset: 0x2 of mm: 0xffff88802530df00 [ 933.721395][T19128] ref_ctr going negative. vaddr: 0x200000ffd002, curr val: -2360, delta: -1 [ 933.750337][T19128] ref_ctr decrement failed for inode: 0x270 offset: 0x5 ref_ctr_offset: 0x2 of mm: 0xffff88802530df00 [ 935.520274][T19164] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 935.532452][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 935.895446][ T5761] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 937.016705][T19180] ref_ctr going negative. vaddr: 0x200000ffd002, curr val: -2360, delta: 1 [ 937.098939][T19180] ref_ctr increment failed for inode: 0xa9c offset: 0x5 ref_ctr_offset: 0x2 of mm: 0xffff888017c6c280 [ 937.182511][ T7237] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 937.251170][T19188] ref_ctr going negative. vaddr: 0x200000ffd002, curr val: -2360, delta: -1 [ 937.327879][T19188] ref_ctr decrement failed for inode: 0xa9c offset: 0x5 ref_ctr_offset: 0x2 of mm: 0xffff888017c6c280 [ 938.275841][ T7237] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1003.743370][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 1043.762493][ C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 1043.769837][ C0] rcu: (detected by 0, t=10502 jiffies, g=114493, q=171 ncpus=2) [ 1043.777797][ C0] rcu: All QSes seen, last rcu_preempt kthread activity 10500 (4295041443-4295030943), jiffies_till_next_fqs=1, root ->qsmask 0x0 [ 1043.791453][ C0] rcu: rcu_preempt kthread starved for 10500 jiffies! g114493 f0x2 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1 [ 1043.802778][ C0] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 1043.812950][ C0] rcu: RCU grace-period kthread stack dump: [ 1043.818865][ C0] task:rcu_preempt state:R running task stack:27656 pid:17 ppid:2 flags:0x00004000 [ 1043.829691][ C0] Call Trace: [ 1043.833024][ C0] [ 1043.836009][ C0] __schedule+0x1553/0x45a0 [ 1043.840585][ C0] ? _raw_spin_unlock_irqrestore+0x51/0x120 [ 1043.846520][ C0] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 1043.852575][ C0] ? asan.module_dtor+0x20/0x20 [ 1043.857644][ C0] ? enqueue_timer+0x23d/0x550 [ 1043.862578][ C0] ? __mod_timer+0x984/0xdb0 [ 1043.867306][ C0] schedule+0xbd/0x170 [ 1043.871511][ C0] schedule_timeout+0x188/0x2d0 [ 1043.876462][ C0] ? console_conditional_schedule+0x40/0x40 [ 1043.882488][ C0] ? _raw_spin_unlock_irqrestore+0x86/0x120 [ 1043.888415][ C0] ? update_process_times+0x1b0/0x1b0 [ 1043.893833][ C0] ? prepare_to_swait_event+0x339/0x360 [ 1043.899686][ C0] rcu_gp_fqs_loop+0x313/0x1590 [ 1043.904653][ C0] ? rcu_gp_init+0x1162/0x1560 [ 1043.909539][ C0] ? rcu_gp_kthread+0x3b0/0x3b0 [ 1043.914416][ C0] ? dump_blkd_tasks+0x810/0x810 [ 1043.919384][ C0] ? rcu_gp_init+0x1560/0x1560 [ 1043.924259][ C0] ? rcu_gp_cleanup+0xb41/0xc90 [ 1043.929141][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 1043.934463][ C0] ? lockdep_hardirqs_on+0x98/0x150 [ 1043.939701][ C0] rcu_gp_kthread+0x9d/0x3b0 [ 1043.944406][ C0] ? rcu_report_qs_rsp+0x1a0/0x1a0 [ 1043.949919][ C0] ? __kthread_parkme+0x7a/0x1c0 [ 1043.954910][ C0] ? __kthread_parkme+0x162/0x1c0 [ 1043.959989][ C0] kthread+0x2fa/0x390 [ 1043.964146][ C0] ? rcu_report_qs_rsp+0x1a0/0x1a0 [ 1043.969553][ C0] ? kthread_blkcg+0xd0/0xd0 [ 1043.974432][ C0] ret_from_fork+0x48/0x80 [ 1043.978878][ C0] ? kthread_blkcg+0xd0/0xd0 [ 1043.983498][ C0] ret_from_fork_asm+0x11/0x20 [ 1043.988559][ C0] [ 1043.991784][ C0] rcu: Stack dump where RCU GP kthread last ran: [ 1043.998132][ C0] Sending NMI from CPU 0 to CPUs 1: [ 1044.003452][ C1] NMI backtrace for cpu 1 [ 1044.003462][ C1] CPU: 1 PID: 19211 Comm: syz.2.2822 Not tainted syzkaller #0 [ 1044.003478][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1044.003486][ C1] RIP: 0010:__this_cpu_preempt_check+0x0/0x20 [ 1044.003508][ C1] Code: 48 89 da e8 c2 5b f4 ff 48 8b 74 24 30 48 c7 c7 20 90 1c 8b e8 b1 5b f4 ff e8 4c 80 ff ff eb a8 e8 e5 e8 ff ff 0f 1f 44 00 00 0f 1e fa 48 89 fe 48 c7 c7 a0 8f 1c 8b e9 dd fe ff ff cc cc cc [ 1044.003521][ C1] RSP: 0018:ffffc900001f0bc8 EFLAGS: 00000046 [ 1044.003535][ C1] RAX: 0000000000000001 RBX: ffff888018f8da00 RCX: 0000000000000001 [ 1044.003545][ C1] RDX: ffff888018f8da00 RSI: ffff8880579d5c98 RDI: ffffffff8acadb60 [ 1044.003556][ C1] RBP: 0000000000000001 R08: ffff888018f8da00 R09: 0000000000000002 [ 1044.003565][ C1] R10: 0000000000000001 R11: 0000000000010000 R12: 0000000000000002 [ 1044.003575][ C1] R13: 0000000000000046 R14: ffff8880579d5c98 R15: ffff888018f8e530 [ 1044.003585][ C1] FS: 00007f56ab8a16c0(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 [ 1044.003605][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1044.003616][ C1] CR2: 0000200000000058 CR3: 000000002f286000 CR4: 00000000003506e0 [ 1044.003631][ C1] Call Trace: [ 1044.003639][ C1] [ 1044.003643][ C1] lock_is_held_type+0x104/0x190 [ 1044.003663][ C1] complete_signal+0x7f7/0xca0 [ 1044.003680][ C1] send_sigqueue+0x48d/0x710 [ 1044.003694][ C1] ? send_sigqueue+0x97/0x710 [ 1044.003709][ C1] posix_timer_fn+0x16e/0x3d0 [ 1044.003726][ C1] __hrtimer_run_queues+0x520/0xc40 [ 1044.003742][ C1] ? ktime_get_update_offsets_now+0x99/0x3f0 [ 1044.003762][ C1] ? common_timer_wait_running+0x10/0x10 [ 1044.003780][ C1] ? hrtimer_interrupt+0x9c0/0x9c0 [ 1044.003794][ C1] ? ktime_get_update_offsets_now+0x3d2/0x3f0 [ 1044.003814][ C1] hrtimer_interrupt+0x3c9/0x9c0 [ 1044.003838][ C1] __sysvec_apic_timer_interrupt+0xfb/0x3b0 [ 1044.003857][ C1] sysvec_apic_timer_interrupt+0x9f/0xc0 [ 1044.003874][ C1] [ 1044.003879][ C1] [ 1044.003883][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1044.003902][ C1] RIP: 0010:lock_is_held_type+0x13e/0x190 [ 1044.003920][ C1] Code: 75 40 48 c7 04 24 00 00 00 00 9c 8f 04 24 f7 04 24 00 02 00 00 75 46 41 f7 c5 00 02 00 00 74 01 fb 65 48 8b 04 25 28 00 00 00 <48> 3b 44 24 08 75 3c 89 e8 48 83 c4 10 5b 41 5c 41 5d 41 5e 41 5f [ 1044.003931][ C1] RSP: 0018:ffffc9001287fa38 EFLAGS: 00000206 [ 1044.003942][ C1] RAX: ac826a8c08a8dc00 RBX: ffff888018f8da00 RCX: ac826a8c08a8dc00 [ 1044.003952][ C1] RDX: 0000000000000000 RSI: ffffffff8acadb60 RDI: ffffffff8b1c8fa0 [ 1044.003962][ C1] RBP: 0000000000000000 R08: ffffc9001287fe2f R09: 1ffff9200250ffc5 [ 1044.003972][ C1] R10: dffffc0000000000 R11: fffff5200250ffc6 R12: dffffc0000000000 [ 1044.003982][ C1] R13: 0000000000000246 R14: ffffffff8d132140 R15: 00000000ffffffff [ 1044.004000][ C1] __might_resched+0x9f/0x630 [ 1044.004021][ C1] ? __might_sleep+0xe0/0xe0 [ 1044.004037][ C1] ? __might_fault+0xaa/0x120 [ 1044.004052][ C1] ? __lock_acquire+0x7d40/0x7d40 [ 1044.004069][ C1] ? __might_fault+0xaa/0x120 [ 1044.004084][ C1] __might_fault+0x71/0x120 [ 1044.004099][ C1] copy_siginfo_to_user+0x5b/0xa0 [ 1044.004115][ C1] x64_setup_rt_frame+0x746/0xc40 [ 1044.004143][ C1] ? sigaltstack_size_valid+0x1e0/0x1e0 [ 1044.004165][ C1] ? arch_do_signal_or_restart+0x3b1/0x800 [ 1044.004186][ C1] arch_do_signal_or_restart+0x42c/0x800 [ 1044.004207][ C1] ? get_sigframe_size+0x20/0x20 [ 1044.004232][ C1] ? exit_to_user_mode_loop+0x3b/0x110 [ 1044.004253][ C1] exit_to_user_mode_loop+0x70/0x110 [ 1044.004272][ C1] exit_to_user_mode_prepare+0xee/0x180 [ 1044.004291][ C1] syscall_exit_to_user_mode+0x1a/0x50 [ 1044.004307][ C1] do_syscall_64+0x61/0xa0 [ 1044.004320][ C1] ? clear_bhb_loop+0x40/0x90 [ 1044.004336][ C1] ? clear_bhb_loop+0x40/0x90 [ 1044.004353][ C1] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1044.004370][ C1] RIP: 0033:0x7f56aa99cdd7 [ 1044.004381][ C1] Code: 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 <0f> 05 48 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 [ 1044.004393][ C1] RSP: 002b:00007f56ab8a10e8 EFLAGS: 00000246 [ 1044.004404][ C1] RAX: 00000000000000ca RBX: 00007f56aac15fa8 RCX: 00007f56aa99cdd9 [ 1044.004413][ C1] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f56aac15fa8 [ 1044.004422][ C1] RBP: 00007f56aac15fa0 R08: 0000000000000000 R09: 0000000000000000 [ 1044.004431][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1044.004440][ C1] R13: 00007f56aac16038 R14: 00007ffc05fec6f0 R15: 00007ffc05fec7d8 [ 1044.004456][ C1]