last executing test programs: 12m19.249971601s ago: executing program 1 (id=166): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000540)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x94) r0 = socket(0x200000000000011, 0x2, 0x1) bind$packet(r0, &(0x7f0000000080)={0x11, 0x800, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x14) socket$inet(0x2, 0xa, 0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000000)={0x3, 0x7, 0x3, 0x8001, 0x8, 0x6, 0x5, 0x8}, 0x0) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000100)={0x0, 0x8000}, 0x4) syz_emit_ethernet(0x6a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaa424e1aa2e0d4080045"], 0x0) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0xf5ffffff, &(0x7f0000000000)='%', 0x0, 0xd01, 0xbe02, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) 12m18.66633733s ago: executing program 1 (id=174): openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000380)={0x0, 0x28}, 0x1, 0x0, 0x0, 0x20000040}, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000000240)=@sack_info={0x0, 0x5, 0x7fff}, &(0x7f0000000400)=0xc) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0, 0xffffffffffffff2c}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r1 = io_uring_setup(0x4fed, &(0x7f0000000040)={0x0, 0x3cb1, 0x1c080, 0xa, 0x20002f3}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x5, 0x7, 0x7ffc0001}]}) io_uring_enter(r1, 0x528, 0x7724, 0x16, 0x0, 0x0) 12m18.164281055s ago: executing program 1 (id=178): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f0000000040)='./bus\x00', 0x1208002, &(0x7f0000000380)={[{@grpquota}, {@delalloc}, {@resuid}, {@test_dummy_encryption_v1}, {@dioread_nolock}, {}, {@nomblk_io_submit}, {@noauto_da_alloc}]}, 0x1, 0x5e1, &(0x7f0000000bc0)="$eJzs3c1vFVUbAPBnbj9oKe/bQt68igtpYgwkSksLGGJcwNaQBj/ixo2VFkQKNLRGiyaUBDcmxo0xJq5ciP+FEtmy0pULN64MCVHD0sRr5nam9LZz+0V7pzK/X3LpzJw7nGd6+/Sce3rO3AAqazD9pxaxPyKmk4j+ZH6xrDOywsGF5z3486Oz6SOJev2135NIsmP585Psa192ck9E/PhDEvs6VtY7M3ft4vjU1OTVbH949tL08MzctcMXLo2fnzw/eXn0hdETx48dPzFyZFPXdb3g2Omb777f/8nYm9989Vcy8u0vY0mcjJezJy69jq0yGION70mysqjvxFZXVpKO7Odk6UucdJYYEBuSv35dEfFE9EdHPHzx+uPjV0oNDthW9SSiDlRUIv+hovJ+QP7efvn74FopvRKgHe6fWhgAWJn/nQtjg9HTGBvY/SCJpcM6SURsbmSu2Z6IuHtn7Oa5O2M3Y5vG4YBi8zci4smi/E8a+T8QPTHQyP9aU/6n/YIz2df0+KubrH/5ULH8h/ZZyP+eVfM/WuT/W0vy/+1N1j/4cPOd3qb8793sJQEAAAAAAEBl3T4VEc8X/f2/tjj/Jwrm//RFxMktqH9w2f7Kv//X7m1BNUCB+6ciXiqc/1vLZ/8OdGRb/2nMB+hKzl2YmjwSEf+NiEPRtSvdH1mljsOf7vuyVdlgNv8vf6T1383mAmZx3Ovc1XzOxPjs+KNeNxBx/0bEU4Xzf5PF9j8paP/T3wfT66xj37O3zrQqWzv/ge1S/zriYGH7//CuFcnq9+cYbvQHhvNewUpPf/jZd63q32z+u8UEPLq0/d+9ev4PJEvv1zOz8TqOznXWW5Vttv/fnbzeuOVMd3bsg/HZ2asjEd3J6Y70aNPx0Y3HDI+jPB/yfEnz/9Azq4//FfX/eyNiftn/nfzRvKY49/+/+35tFY/+P5Qnzf+JDbX/G98YvTXwfav619f+H2u09YeyI8b/YMEXeZp2Nx8vSMfOoqJ2xwsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAj4NaROyJpDa0uF2rDQ1F9EXE/2J3berKzOxz5668d3kiLWt8/n8t/6Tf/oX9JP/8/4El+6PL9o9GxN6I+Lyjt7E/dPbK1ETZFw8AAAAAAAAAAAAAAAAAAAA7RF+L9f+p3zrKjg7Ydp1lBwCUpiD/fyojDqD9tP9QXfIfqkv+Q3XJf6iudeb/ye2OA2g/7T9Ul/yH6pL/AAAAAADwWNl74PbPSUTMv9jbeKS6s7KuUiMDtlut7ACA0rjFD1SXqT9QXd7jA8ka5T0tT1rrzNVMn32EkwEAAAAAAAAAAACgcg7ut/4fqsr6f6gu6/+huvL1/wdKjgNoP+/xgVhjJX/h+v81zwIAAAAAAAAAAAAAttLM3LWL41NTk1dtvLEzwmjnRr1ev57+FOyUeP7lG/lU+J0Sz7KNfK3f+s4q73cSAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQ7J8AAAD//yTpJQU=") r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) mmap(&(0x7f00009c5000/0x4000)=nil, 0x4000, 0x3, 0x28012, r1, 0x0) mmap(&(0x7f00009c7000/0x3000)=nil, 0x3000, 0x3000002, 0x28012, r1, 0xe1b49000) syz_mount_image$ext4(&(0x7f0000000280)='ext4\x00', &(0x7f0000000680)='./file0\x00', 0x0, &(0x7f0000000b80)={[{@usrquota}, {@norecovery}], [{@seclabel}]}, 0x21, 0x4bd, &(0x7f00000006c0)="$eJzs3c9vVFsdAPDvvf1JKbQoCzUqiCgawkw7QENY4UZjCImRuHIBtR2apjOdpjNFWlmU/8FEElf6J7gwcWHCyr073bnBhQkq0Udf8hbzcu9MS1+Zgb7QN0M6n09ycu+5p8z3nLm55wxf6JwABtb5iNiOiNGIuB8RU+3rSbvErVbJfu7Vy8cLOy8fLyTRbN79T5K3Z9di35/JnGy/5nhE/PRHEb9I3oxb39xama9UyuvterFRXSvWN7euLFfnl8pL5dVSaW52bubG1eulIxvrueofXvxw+fbP/vynbzz/6/b3f5V1a7Ldtn8cR6k19JG9OJnhiLj9RQTrg6H2eEYPXO9wy/kApRHxpYi4kD//UzGU300A4DhrNqeiObW/DgAcd2meA0vSQjsXMBlpWii0cnhnYyKt1OqNyw9qG6uLrVzZdIykD5Yr5Zl2rnA6RpKsPpufv66XDtSvRsSZiPj12Im8XlioVRb7+cEHAAbYyQPr///HWus/AHDMjfe7AwBAz1n/AWDwWP8BYPBY/wFg8Fj/AWDwWP8BYPBY/wFgoPzkzp2sNHfa33+9+HBzY6X28Mpiub5SqG4sFBZq62uFpVptKf/Onuq7Xq9Sq63NXouNR8VGud4o1je37lVrG6uNe/n3et8rj/RkVADA25w59+zvSURs3zyRl9i3l4O1Go63tN8dAPpmqN8dAPrGbl8wuPwdH3jXfq1d/4vQ06PvC9Abl74q/w+DSv4fBpf8Pwwu+X8YXM1mYs9/ABgwcvyAf/8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAz28yL0laaO8FPhlpWihEnIqI6RhJHixXyjMRcToi/jY2MpbVZ/vdaQDgPaX/SuKj9jaAFycPto4mH4/lx4j45W/v/ubRfKOxPptd/+/e9cbT9vVSzzsPABzC7jq9u47vevXy8cJu6WV/XvygtbloFnenXVotwzGcH8cj+3Ay8b+kXW9JImLoCOJvP4mIr3Qaf5LnRqbbO58ejJ/FPtXT+Oln4qd5W+uYvRdfPoK+wKB5ls0/tzo9f2mcz4+dn//xfIZ6f7vz384b81+6N/8NdZn/zh82xrW//Hi0W9uTiK8Nd4qf7MVPusS/eMj4//j6Ny90a2v+LuJSdI6/P1axUV0r1je3rixX55fKS+XVUmludm7mxtXrpWKeoy7uZqrf9O+bl093i5+Nf6JL/PzO35nsOv7vHHL8v//k/s+/9Zb43/t25/t/Nj92fv+zNfG7h4w/P/HHrtt3Z/EXu4z/Xff/8iHjP//n1uIhfxQA6IH65tbKfKVSXnfiZO9k95Peh9Kf7ifNqVZPP5T+HJ+Tfs5KQC+8fuj73RMAAAAAAAAAAAAAAKCbXvw6Ub/HCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwPH1aQAAAP//sHnUnw==") openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) fallocate(r0, 0x3, 0x5000000, 0x8000c62) 12m17.373692245s ago: executing program 1 (id=181): setns(0xffffffffffffffff, 0x8020000) openat(0xffffffffffffff9c, 0x0, 0x141042, 0x0) mount_setattr(0xffffffffffffff9c, 0x0, 0x8000, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000740)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xc000, &(0x7f00000006c0), 0x2, 0x246, &(0x7f0000000ac0)="$eJzs3T9oM2UcB/DvXRJf+75BXnURxD8gIloor5vg8rooFKQUEUGFioiL0gq1xa1xcnHQWaWTSxE3q6N0KS6K4FS1Q10ELQ4WBx0iybVS24ja1Jz0Ph+43l3vee73HLnvkyyXBGisq0muJ2klmU7SSVIcb3B3tVw93F2f2l5I+v0nfiqG7ar9ylG/K0l6SR5KslUWeamdrG4+s/fLzmP3vbnSuff9zaenJnqRh/b3dh8/eG/ujY9mH1z94qsf5opcT/dP13X+ihH/axfJLf9Fsf+Jol33CPgn5l/78OtB7m9Ncs8w/52UqV68t5Zv2OrkgXf/qu/bP355+yTHCpy/fr8zeA/s9YHGKZN0U5QzSartspyZqT7Df9O6XL68tPzq9ItLK4sv1D1TAeelm+w++smlj6+cyP/3rSr/wMU1yP+T8xvfDrYPWnWPBpiIO6rVIP/Tz63dH/mHxpF/aC75h+aSf2gu+Yfmkn9oLvmHC6xztNEbeVj+obnkH5pL/qG5jucfAGiW/qW6n0AG6lL3/AMAAAAAAAAAAAAAAAAAAJy2PrW9cLRMquZn7yT7jyRpj6rfGv4ecXLj8O/ln4tBsz8UVbexPHvXmCcY0wc1P31903f11v/8znrrry0mvdeTXGu3T99/xeH9d3Y3/83xzvNjFviXihP7Dz812fon/bZRb/3ZneTTwfxzbdT8U+a24Xr0/NM9/hXLZ/TKr2OeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIn5PQAA//8PK23M") r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace(0x4208, r0) ioprio_set$pid(0x2, r0, 0x4004) mkdir(&(0x7f00000020c0)='./file0\x00', 0x0) 12m16.912802958s ago: executing program 1 (id=186): r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0) syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000480)={0x34, &(0x7f0000000200), 0x0, 0x0, 0x0, 0x0, 0x0}) syz_open_dev$char_usb(0xc, 0xb4, 0x0) unshare(0x2a020480) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r1 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0xc1}) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="02080000040000000100000009000100000000", @ANYRES32, @ANYBLOB='\x00\x00'], 0x48) io_uring_enter(r1, 0x2219, 0x7721, 0x16, 0x0, 0x0) 12m15.518505217s ago: executing program 1 (id=200): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x7, @ipv4={'\x00', '\xff\xff', @local}, 0x1}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000002c0), 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000200)=0x2, 0x4) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f00000000c0)=@gcm_128={{0x303}, "9913d4ab2de66f9c", "dd79ff97261d7098a0723ec49ab4cfdc", 'i}oz', "ffca69dbc7b44302"}, 0x28) syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), r0) readv(r0, &(0x7f0000000000)=[{&(0x7f0000000300)=""/157, 0x9d}], 0x1) shutdown(r0, 0x0) 12m15.244166981s ago: executing program 32 (id=200): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x7, @ipv4={'\x00', '\xff\xff', @local}, 0x1}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000002c0), 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000200)=0x2, 0x4) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f00000000c0)=@gcm_128={{0x303}, "9913d4ab2de66f9c", "dd79ff97261d7098a0723ec49ab4cfdc", 'i}oz', "ffca69dbc7b44302"}, 0x28) syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), r0) readv(r0, &(0x7f0000000000)=[{&(0x7f0000000300)=""/157, 0x9d}], 0x1) shutdown(r0, 0x0) 11m56.396770867s ago: executing program 3 (id=296): creat(&(0x7f00000002c0)='./file0\x00', 0x0) r0 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x488c4}, 0xc000) r1 = creat(&(0x7f00000002c0)='./file0\x00', 0x0) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0xc402, 0x0) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000003bc0)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000}, 0x94) write$P9_RVERSION(r1, &(0x7f0000000c40)=ANY=[], 0x13) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000003c0)={r3, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000280)='./file0\x00', &(0x7f0000000300)=[0x5, 0x7], &(0x7f0000000180)=[0x2], 0x0, 0x2, 0x1}}, 0x40) mmap$xdp(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2000006, 0x12, r0, 0x100000000000000) 11m56.081736022s ago: executing program 3 (id=299): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = userfaultfd(0x801) timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r1, 0x1, &(0x7f0000000040)={{}, {0x77359400}}, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2, 0x5031, 0xffffffffffffffff, 0xc2dcc000) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000001c0)={0xaa, 0x428}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000140)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa04, &(0x7f0000000000)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x0, 0x2}) 11m54.281056952s ago: executing program 3 (id=307): set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x5) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xffffffffffffff5b, 0xb67387bf2abb21f7}, {0x0, [0x0]}}, &(0x7f0000001f80)=""/226, 0x18, 0x81, 0x2}, 0x20) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000400)=@raw={'raw\x00', 0x3c1, 0x3, 0x2e8, 0x0, 0xc8, 0x8, 0x128, 0x5803, 0x218, 0x2e8, 0x2e8, 0x218, 0x2e8, 0x3, 0x0, {[{{@ipv6={@private0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', [], [], 'batadv0\x00', 'wlan0\x00'}, 0x0, 0x108, 0x128, 0x0, {0x0, 0x2000000000000}, [@common=@unspec=@quota={{0x38}}, @common=@inet=@socket1={{0x28}, 0x4c}]}, @unspec=@NOTRACK={0x20}}, {{@uncond, 0x0, 0xa8, 0xf0}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'snmp_trap\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x348) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r1, &(0x7f0000001bc0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000e80)={0x18, 0x1d, 0x601, 0x70bd2d, 0x0, "", [@typed={0x7, 0x0, 0x0, 0x0, @str='\x00\x00\x00'}]}, 0x18}], 0x1, 0x0, 0x0, 0x8c0}, 0x4080) r2 = socket(0x10, 0x803, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000c80)={0x4c, 0x9, 0x6, 0x801, 0x0, 0x0, {0x7}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x24, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0x18, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @remote}}, @IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x100}]}]}, 0x4c}, 0x1, 0x0, 0x0, 0x10000042}, 0x90) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) 11m54.097706531s ago: executing program 3 (id=310): syz_mount_image$vfat(&(0x7f0000000340), &(0x7f0000000040)='./file0\x00', 0x2000800, &(0x7f0000000080)=ANY=[@ANYRES64=0x0, @ANYRESOCT, @ANYRES64=0x0], 0x1, 0x296, &(0x7f0000000740)="$eJzs3U9qU0EcB/Bf0rSJ3SSgK+nigRs3hqY3CFJBDAiRLOoqwbYgTSikENCF7c67uPIO3sBjeAGzKETSF03SxuK/+jT5fCDMD+Z9YSaLzCxm8tpbvaP945PDvdufolRKohBx9v48IiIfa5F68CFt1yMiFxsx6ywAgP9Ns9mpZz0Gbla/X++M927FKz2td5kMCAAAAAAAAAAAgN/W3ipeOf8fw4jKzPn/3KTNO/8PAEvB+f/l1+/XO5uT/ds85/8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA7AxHo/Lomk/W4wMA/jzrPwCsHus/AKye4dxanwvrPwAsv2d7z5/UG43dZpKUInpvB61BK23T/vphvIxuHMR2lOM8xvuDibR+9Lixu51cqES7dzrJnw5aa/P5WpSjsjhfS/PJfH49NmfzO1GOO4vzOwvzG3H/XkT+60SrUY6PL+I4urEf4+w0/6aWJA+fNi7lixfPAQAAAAAAAAAAAAAAAAAAwN9QTb5ZeH+/Wv1ef5r/if8HuHS/vhB3C9nOHQAAAAAAAAAAAAAAAAAAAP4VJ69eH3W63YP+wuLz5C7/dc8opsWtH/pWf60oRETmE1SsTJHxDxMAAAAAAAAAAAAAAAAAAKyg6aXfrEcCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANmZvv//5oqs5wgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACshi8BAAD//2dk6nI=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) add_key$fscrypt_provisioning(0x0, 0x0, 0x0, 0xffffffffffffffce, 0x0) r1 = syz_clone(0x30a400, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r1) ptrace$cont(0x1f, r1, 0xfd9, 0x4) r2 = getpgrp(r1) process_vm_readv(r2, &(0x7f0000000040)=[{&(0x7f00000002c0)=""/4096, 0x1000}], 0x1, &(0x7f0000000180)=[{0x0}], 0x1, 0x0) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x9) ioctl$FITRIM(r0, 0xc0185879, &(0x7f0000000080)={0x0, 0x8000}) 11m53.606145885s ago: executing program 3 (id=314): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c) listen(r1, 0x0) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) r3 = accept(r0, 0x0, 0x0) sendmsg$TEAM_CMD_OPTIONS_SET(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[], 0xfffffdef}}, 0x10) recvfrom(r2, &(0x7f0000000180)=""/60, 0xfffffffffffffecb, 0x4112, 0x0, 0x0) 11m52.234382443s ago: executing program 3 (id=319): r0 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000540)={0x42, 0x4, 0x1}, 0x10) r1 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r1, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x1, {0x42, 0x2, 0xfffffffd}}, 0x10) bind$tipc(r1, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0x2}}, 0x10) r2 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r2, &(0x7f00000000c0)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10) bind$tipc(r2, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x2, 0x4}}, 0x10) bind$tipc(r2, &(0x7f0000000440)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x2, 0x3}}, 0x10) bind$tipc(r1, 0x0, 0x0) 11m51.878622311s ago: executing program 33 (id=319): r0 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000540)={0x42, 0x4, 0x1}, 0x10) r1 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r1, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x1, {0x42, 0x2, 0xfffffffd}}, 0x10) bind$tipc(r1, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0x2}}, 0x10) r2 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r2, &(0x7f00000000c0)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10) bind$tipc(r2, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x2, 0x4}}, 0x10) bind$tipc(r2, &(0x7f0000000440)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x2, 0x3}}, 0x10) bind$tipc(r1, 0x0, 0x0) 9m2.502458514s ago: executing program 5 (id=1720): r0 = creat(&(0x7f00000002c0)='./file0\x00', 0x0) write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0x20) r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x4, 0x12, r1, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000003c0)={r2, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000280)='./file0\x00', &(0x7f0000000300)=[0x5], 0x0, 0x0, 0x200000000000026f, 0x1}}, 0x40) mbind(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x4002, &(0x7f0000000000)=0x1, 0x7, 0x0) mbind(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x2, &(0x7f0000000080)=0x3, 0x8, 0x0) r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) setsockopt$WPAN_SECURITY(r3, 0x0, 0x1, &(0x7f0000000240)=0x2, 0x4) sendmsg$802154_dgram(r3, &(0x7f0000000040)={&(0x7f0000000200)={0x24, @none={0x0, 0x3}}, 0x14, &(0x7f0000001880)={0x0}, 0x1, 0x0, 0x0, 0x8004}, 0x20040000) 9m2.329746153s ago: executing program 5 (id=1725): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000fc0)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000f40)=ANY=[@ANYBLOB="50000000480011012abd7000fedbdf250a006000", @ANYRES32=0x0, @ANYBLOB="0200000008000200070000000800020007000000080002000000000014000100"], 0x50}, 0x1, 0x0, 0x0, 0x20000040}, 0x10) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_sys\x00', 0x275a, 0x0) fcntl$lock(r1, 0x6, &(0x7f0000000000)={0x0, 0x0, 0x8}) fcntl$lock(r1, 0x26, &(0x7f0000000080)={0x1, 0x0, 0x2007, 0x1fd}) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0xfe, 0x37, 0x7fffffff}]}) write$cgroup_devices(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB='a *'], 0x8) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f00000000c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x30, 0x30, 0x2, [@struct={0x0, 0x1, 0x0, 0x4, 0x0, 0x0, [{0x0, 0x3}]}, @func_proto, @restrict={0x0, 0x0, 0x0, 0x4}]}}, 0x0, 0x4a}, 0x28) openat$cgroup_devices(r3, &(0x7f00000000c0)='devices.allow\x00', 0x2, 0x0) close_range(r2, 0xffffffffffffffff, 0x0) 9m2.116664383s ago: executing program 5 (id=1726): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt(r0, 0x84, 0x81, &(0x7f0000000000)="0000000000000002", 0x8) sendmmsg$inet_sctp(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000000000)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x20, 0x0}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4}], 0x1, 0x0) r1 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000280)=0x8) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) dup2(r0, r3) sendto$inet6(r3, &(0x7f0000000040)='l', 0x1, 0x4001, &(0x7f0000000100)={0xa, 0x4e24, 0x2, @private2={0xfc, 0x2, '\x00', 0x1}, 0xffffffff}, 0x1c) connect$inet6(r3, &(0x7f00000000c0)={0xa, 0x4e24, 0x9, @remote, 0xa}, 0x1c) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r0, 0x84, 0x17, &(0x7f0000000340)=ANY=[@ANYRES32=r2], 0x9) 9m1.060426915s ago: executing program 5 (id=1729): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ramfs\x00', 0x10, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x400a8, &(0x7f0000000380)=ANY=[], 0x5, 0x0, 0x0) symlinkat(&(0x7f0000000080)='.\x00', 0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00') mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x104000, 0x0) mount$bind(&(0x7f0000000480)='./file0/file0\x00', &(0x7f0000000340)='./file0/file0/../file0\x00', 0x0, 0xa1c08, 0x0) syz_clone(0x5062011, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) mount$fuse(0x0, &(0x7f00000005c0)='./file0/file0\x00', 0x0, 0x88000, 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2125099, 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0) 9m0.783983569s ago: executing program 5 (id=1737): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = dup(r0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f00000000c0)=[@in={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x22}}], 0x10) sendmsg$inet6(r0, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0x8, @loopback, 0x4}, 0x1c, &(0x7f0000000180)=[{&(0x7f00000004c0)="99", 0x1}], 0x1}, 0x4048043) r2 = socket(0xa, 0x5, 0x0) r3 = socket(0xa, 0x5, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000000000)=[@in={0x2, 0x4e24, @remote}], 0x10) sendto$inet6(r3, &(0x7f0000000040)='\x00', 0x1, 0x44004, &(0x7f0000000100)={0xa, 0x4e24, 0xb, @loopback, 0xc5f}, 0x1c) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000000200)=[@in={0x2, 0x4e24, @local}], 0x10) sendto$inet6(r2, &(0x7f0000000040)='\x00', 0x1, 0x44004, &(0x7f0000000100)={0xa, 0x4e24, 0xb, @loopback, 0xc5f}, 0x1c) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000ac0)={0x0, 0x1c, &(0x7f0000000a40)=[@in6={0xa, 0x4e24, 0x100, @loopback, 0x8}]}, &(0x7f0000000b00)=0x10) 8m58.814226917s ago: executing program 5 (id=1752): r0 = socket$inet6(0xa, 0x2, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000240)={0xa, 0x4e20, 0x0, @mcast2}, 0x1c) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50) r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000040)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x50) r3 = socket$igmp(0x2, 0x3, 0x2) getsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000140)={@ipv4={""/10, ""/2, @multicast1}, 0x0}, &(0x7f0000000180)=0x14) setsockopt$inet_mreqn(r3, 0x0, 0x23, &(0x7f00000001c0)={@loopback, @initdev={0xac, 0x1e, 0x0, 0x0}, r4}, 0xc) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r1}, &(0x7f0000000200), &(0x7f0000000280)}, 0x20) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000400), 0x4) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x16, 0x14, &(0x7f0000000cc0)=@framed={{0x18, 0x5, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x3}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x590b}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r2}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r1}}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r5, 0xfffff000, 0xe, 0x0, &(0x7f0000000300)="882f1242a03c3f98722780b605a7", 0x0, 0x990d, 0x7000000, 0x0, 0x0, 0x0, 0x0}, 0x50) 8m58.53854547s ago: executing program 34 (id=1752): r0 = socket$inet6(0xa, 0x2, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000240)={0xa, 0x4e20, 0x0, @mcast2}, 0x1c) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50) r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000040)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x50) r3 = socket$igmp(0x2, 0x3, 0x2) getsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000140)={@ipv4={""/10, ""/2, @multicast1}, 0x0}, &(0x7f0000000180)=0x14) setsockopt$inet_mreqn(r3, 0x0, 0x23, &(0x7f00000001c0)={@loopback, @initdev={0xac, 0x1e, 0x0, 0x0}, r4}, 0xc) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r1}, &(0x7f0000000200), &(0x7f0000000280)}, 0x20) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000400), 0x4) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x16, 0x14, &(0x7f0000000cc0)=@framed={{0x18, 0x5, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x3}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x590b}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r2}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r1}}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r5, 0xfffff000, 0xe, 0x0, &(0x7f0000000300)="882f1242a03c3f98722780b605a7", 0x0, 0x990d, 0x7000000, 0x0, 0x0, 0x0, 0x0}, 0x50) 6m16.714618978s ago: executing program 0 (id=2527): r0 = fsopen(&(0x7f0000000240)='sysfs\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x1) fchdir(r1) r2 = inotify_init() inotify_add_watch(r2, &(0x7f0000000100)='./bus\x00', 0x4000423) r3 = inotify_init() inotify_add_watch(r3, &(0x7f00000001c0)='.\x00', 0x4000423) chdir(0x0) socket$inet_tcp(0x2, 0x1, 0x0) r4 = open(&(0x7f0000000000)='./bus\x00', 0x40000, 0x0) getdents(r4, 0x0, 0x0) 6m16.46542478s ago: executing program 0 (id=2528): ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, 0x0) socket$inet_sctp(0x2, 0x5, 0x84) memfd_create(&(0x7f00000000c0)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec', 0x3) r0 = socket$nl_sock_diag(0x10, 0x3, 0x4) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000280)={0xa, 0x4e22, 0x9, @loopback, 0x6}, 0x1c) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r2, 0x29, 0x4e, &(0x7f0000000000)=0x6, 0x4) bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e22, 0xfe1d, @loopback={0xe0}, 0x1848ade0}, 0x1c) sendto$inet6(r2, 0x0, 0x0, 0x20004000, &(0x7f00000001c0)={0xa, 0x4e22, 0x40000000, @empty, 0x1}, 0x1c) connect$inet6(r1, &(0x7f0000000140)={0xa, 0x4e22, 0x23, @loopback, 0x23}, 0x1c) sendmsg$TCPDIAG_GETSOCK(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002280)={&(0x7f00000000c0)=ANY=[@ANYBLOB="4c0000001200050926bd7000fddbdf253f"], 0xae}, 0x1, 0x0, 0x0, 0x22004014}, 0x800) 6m16.295455829s ago: executing program 0 (id=2530): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x88) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) r0 = open(&(0x7f0000000480)='./file0\x00', 0x0, 0x718bb647156ec3b7) mknodat$loop(r0, &(0x7f0000001600)='./file1\x00', 0x200, 0x0) chdir(&(0x7f0000000140)='./bus\x00') link(&(0x7f0000000000)='./file1\x00', &(0x7f00000001c0)='./file0\x00') r1 = open(&(0x7f0000000140)='.\x00', 0x0, 0x112) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='.\x02\x00', 0x49) getdents(r1, 0x0, 0x0) 6m16.062347851s ago: executing program 0 (id=2531): unshare(0x22060600) bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x9, 0x4, &(0x7f00000005c0)=ANY=[@ANYBLOB="1800000000000000000000000000000071183b000000000095"], &(0x7f00000003c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @cgroup_sock=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000002c0)=0x20) r1 = signalfd(0xffffffffffffffff, &(0x7f00000002c0)={[0x7fffffff]}, 0x8) r2 = gettid() timer_create(0x0, &(0x7f0000000180)={0x0, 0x11, 0x4, @tid=r2}, &(0x7f0000000080)) read$FUSE(r1, &(0x7f00000008c0)={0x2020}, 0xfffffef0) timer_settime(0x0, 0x0, &(0x7f0000000300)={{0x0, 0x1}, {0x0, 0xe4c}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x9a974000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) madvise(&(0x7f00001c1000/0x3000)=nil, 0x40000, 0x9) 6m13.86794495s ago: executing program 0 (id=2543): sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8811}, 0xd000) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0) write$cgroup_subtree(r2, &(0x7f0000000100)=ANY=[], 0x9) write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 6m8.410421411s ago: executing program 0 (id=2553): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$OSF_MSG_ADD(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000008c0)=ANY=[@ANYBLOB="0815000000051104000000000000000001000005540201"], 0x1508}}, 0x0) 6m7.977444902s ago: executing program 35 (id=2553): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$OSF_MSG_ADD(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000008c0)=ANY=[@ANYBLOB="0815000000051104000000000000000001000005540201"], 0x1508}}, 0x0) 14.54232632s ago: executing program 2 (id=3712): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = add_key$keyring(&(0x7f0000000200), &(0x7f0000000140)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r3, &(0x7f0000000040)='asymmetric\x00', &(0x7f0000000000)=@chain) add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000040)={'fscrypt:', @auto=[0x0, 0x30, 0x38, 0x38, 0x38, 0x61, 0x63, 0x57, 0x36, 0x35, 0x61, 0x34, 0x30, 0x64, 0x62, 0x62]}, &(0x7f0000000080)={0x0, "739c4a104d84060f9774dc8b0e71e834f99c5b1da6d906441593a3e9981991c785d3026eb4451bbf62b72f2c0dd3514c58dfabf78bc4662c780a87a5c767914f", 0x29}, 0x48, r3) add_key$user(0x0, &(0x7f00000000c0)={'syz', 0x0}, &(0x7f0000000080)="ff", 0x1, r3) 13.026323285s ago: executing program 2 (id=3714): socket$kcm(0x10, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000200)={'erspan0\x00'}) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCBRDELBR(r2, 0x89a2, &(0x7f0000000200)='bridge0\x00') 12.695896701s ago: executing program 2 (id=3718): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) sendmsg$IEEE802154_START_REQ(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) r3 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000000)={r3, r3, r3}, &(0x7f0000000040)=""/72, 0x48, &(0x7f0000000280)={&(0x7f00000000c0)={'sm3\x00'}}) 11.473413162s ago: executing program 2 (id=3722): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) mq_open(&(0x7f0000000000)='batadv_slave_1\xbb', 0x8c3, 0x30, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0) write$cgroup_subtree(r2, &(0x7f0000000100)=ANY=[], 0x9) write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r2, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x800}, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 10.594212775s ago: executing program 2 (id=3727): sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0) getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0) write$cgroup_int(r0, &(0x7f0000000540), 0xfffffdd8) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) madvise(&(0x7f0000000000/0x400000)=nil, 0x40001e, 0x15) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) setuid(0xee01) write$binfmt_register(0xffffffffffffffff, &(0x7f00000001c0)={0x3a, 'syz3', 0x3a, 'M', 0x3a, 0x7fffffff, 0x3a, '/_', 0x3a, '\\x@K-^{', 0x3a, './file0'}, 0x30) ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(0xffffffffffffffff, 0x8982, 0x0) syz_clone(0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0) 10.49765523s ago: executing program 7 (id=3728): socket$kcm(0x10, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000200)={'erspan0\x00'}) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCBRDELBR(r2, 0x89a2, &(0x7f0000000200)='bridge0\x00') 8.89742636s ago: executing program 7 (id=3740): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x760c0000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = open(&(0x7f00000000c0)='.\x00', 0x10000, 0x0) mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x2, 0x2172, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x2000, 0x3, &(0x7f0000ffb000/0x2000)=nil) getdents(r3, &(0x7f0000001fc0)=""/184, 0xb8) 7.634382922s ago: executing program 7 (id=3743): mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x10000, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) ioctl$EXT4_IOC_SETFSUUID(0xffffffffffffffff, 0x4008662c, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000440)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f00000001c0)=ANY=[@ANYBLOB="9feb010018000000000000003400000034000000020000000000000002000004000000000000000002000000000000000000000002000000000000000100000000000001"], 0x0, 0x4e}, 0x20) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000002c0)={0x1b, 0x0, 0x0, 0x1000, 0x0, 0x1, 0x0, '\x00', 0x0, r3, 0x1, 0x1}, 0x50) 6.194141743s ago: executing program 4 (id=3737): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000300)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r1 = openat$ppp(0xffffffffffffff9c, 0x0, 0x161042, 0x0) ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, 0x0) ioctl$PPPIOCSPASS(r1, 0x40107447, &(0x7f0000000180)={0x20, 0x0}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) syz_emit_vhci(&(0x7f0000000340)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x0, 0x0, 0xc}, @l2cap_cid_le_signaling={{0x8}, @l2cap_le_credits={{0x16, 0xf, 0x4}, {0xfff, 0x5}}}}, 0x11) ioctl$BTRFS_IOC_GET_FEATURES(r1, 0x80189439, &(0x7f00000001c0)) 6.188836154s ago: executing program 7 (id=3739): socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x4) madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17) 5.043333381s ago: executing program 4 (id=3744): syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x3, &(0x7f0000000000)={[{@user_xattr}, {@nobarrier}, {@norecovery}, {@errors_remount}, {@grpid}]}, 0x8, 0x638, &(0x7f0000000940)="$eJzs3c9rVNceAPDvnZn8MHnvJcrjvedbPAOPh8KriYlapBSqexH7Y9dVaqJYo5EkpY0VGsFuCqWbFgpddVH7D3TdCoWuuui2i266KoIUyaIWqVPunR9OJpn8GGdyY/L54HXuuWfmnnOTfHPOnJxzJ4A9ayT9rxBxMCKuJxFDDXmlqGaOVJ63/ODmheUH6bFy+dVfk7j5XrLUeK6k+jhYffEfQ5H8UIg4UFxd7vzijSuTMzPTc9X02MLV62PzizeOXr46eWn60vS1iecnTp08cfLU+LH2L66Y/as7e/vNt4c+OPf6F589Ssa//OlcEqfjcfUJ6bU1v7yv/ZIzIzES5YqHjcfTr+uppzz3TvHbUO3n5Imk+QA71sXqz2NPRPwzhqLY8N0civdfzrVyQFeVk6i1UcCek7QV//2drwiwzWr9gMp7+8q2ca+h0OVeCbAd7p+pDABUYr8nImrxX6qMDUZ/NjYwsJysGOdJIuIpRubq0jK+//bc7XSLpnG4FcOGn3SgMGCFpVvZKHct1Bra/ySLzeHoz1IDy4UV8V9o2NLjr7RZ/khTenP9D6ATlm5FxL+q7X/v1uJ/pCH+32izfPEPAAAAAAAAnXP3TEQ8t9b8v0J9/s93X5XLzfN/BiPidAfK3/jvf4V71Z2kA8UBDe6fiXhxzfm/9Tm+w8Vq6q/ZfICe5OLlmeljEfG3iDgSPX1perzpvI0zhI9+eODTVuU3zv9Lt7T82lzA6pnulZoW4k5NLkw+7XUDEfdvRfw7m/97qHpk5fyftP1P1pj/m8b39U2WceB/d863yts4/oFuKX8ecXjN9v9JdztZ//4cY1l/YKzWK1jtP+9+9HWr8sU/5Cdt/wcq8d8ba8d/X9J4v575rZ2/NyKOL5bKrfLb7f/3Jq8VYyk7f20R48LceERvcrZYKzf1zuTCwtzE1uoMu1UtHrLH8Ur8H/nv+uN/9f5/Qxzui4ilTZb5j8eDP7fK0/5DftL4n1q//z+8sv3f+s7EneFvWhSfnN9U+38ia9OPVI8Y/4NGq+/HsdkAzaW6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPCMK0TEXyIpjNb3C4XR0YjBiPh7DBRmZucX/n9x9q1rU2le9vn/hdon/Q5V0knt8/+HI6InItL0RDVdyz8eEfsj4uPiviw9emF2ZirviwcAAAAAAAAAAAAAAAAAAIAdYjBb81/ua17/n/qlmHftgK4rVR/FO+w9pbZfWe7raEWAbdd+/APPus3Hf09X6wFsv9bx//BRObOt1QG2kf4/7F1txr8/F8AuoP2HvWqTY3r93a4HkAftPwAAAAAA7Cr7D939MYmIpRf2ZVuqt5pnsj/sboW8KwDkxhxe2LtKs3nXAMhLO+/xB7pQDyA/SX3v9zUX+7ee/Z90p0IAAAAAAAAAAAAAwCqHD1r/D3vV+uv/ze2H3Wyd9f9rBb/bBcAu0vqjP7T9sNt5jw8kG/wisP4fAAAAAAAAAAAAAHaA/htXJmdmpufmF5+9nZfaeFVf3pVfmtwJX7rO7jzuzpl7ImJnXGCndpKIqB2JUusn127BkWNVc/69BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1P0ZAAD//07JJFQ=") r0 = open(&(0x7f0000000140)='.\x00', 0x8000, 0x112) r1 = semget$private(0x0, 0x5, 0x480) semctl$IPC_RMID(r1, 0x0, 0x0) getdents64(r0, 0x0, 0x0) r2 = eventfd2(0x8000, 0x800) write$eventfd(r2, &(0x7f0000000080)=0xfffffffffffffffb, 0x65) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020001000900010073797a300000000008000240000000032c000000030a01030000e6ff00000027020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={{0x14}, [@NFT_MSG_NEWRULE={0x54, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x28, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @queue={{0xa}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_QUEUE_TOTAL={0x6, 0x2, 0x1, 0x0, 0xffff}, @NFTA_QUEUE_NUM={0x6, 0x1, 0x1, 0x0, 0x6}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x7c}}, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a40000000060a090400040000000000000200000014000480100001800c0001007061796c6f6164000c00034000000000000000040900020073797a3200000000140002001100014000000000000000000000000a"], 0x68}}, 0x0) getdents(r0, &(0x7f0000001fc0)=""/184, 0xb8) 4.381351863s ago: executing program 2 (id=3745): r0 = socket$unix(0x1, 0x2, 0x0) bind$unix(r0, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r1 = socket$unix(0x1, 0x2, 0x0) r2 = socket$unix(0x1, 0x2, 0x0) connect$unix(r2, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) sendmmsg(r2, &(0x7f0000002dc0), 0x307017fdb7a66cb, 0x0) connect$unix(r1, &(0x7f0000000200)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) ppoll(&(0x7f0000000380)=[{r2, 0x3328}, {r1, 0x4236}], 0x2, 0x0, 0x0, 0x0) unshare(0x22020400) close(r0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) recvmsg(r2, &(0x7f0000001480)={0x0, 0x0, 0x0}, 0x100) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) 4.380834843s ago: executing program 6 (id=3746): r0 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00') openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='devices.list\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b) openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) lseek(r2, 0x7, 0x4) 4.157793644s ago: executing program 4 (id=3747): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000540)=0x6) setuid(0xee00) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000cc0)=ANY=[@ANYBLOB="b700000012edfffebfa30000000000000703000028feffff620af0fff8ffffff61a4f0ff000000001d040000000000007f000000000000005504000001ed0a002500000017ffffffdd40000000000000730a00fe000000007704000000000000c6000000000000009500000000000000023bc065b7a379d17cf9333379fc9e84af69912435f1b6a693002e7f3be361917adef6ee1c8a2b4f8ef1e50b91f32050e436fe275daf51efd601b6482a0800000098efefb202ee010400006e7a1de4a21f379dbf01de00b1b564fef3bef70548aed0d600c095199fe3ff3128e599b0eaebbdbd7359a48f5b0afc646cb7798b3e6440c2fbdb00a3e35208b0bbf12cd8dff0c710e4000000000000009fbe4b61a615c6c57a2b649dc74a1a610643b08d9ec21ead2ed51b104d4d91af25b8123deda8a3658d42ecbf1dbf6d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31a76e42f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0800d9b3a69b37caa964e4b7000000000000d5f728d236619074d6ebdf098bc908f50ae728a40f9411fe7226a4040bef29b66e3858d051c096e37c4f46010400000000c3da29faf75ddd1aa96960bca97af13382cb881cc1f62c0f8f8f0e8d76b86f9c45636614786f5a2cb77230a874640dcbe0b20bb77c022d4cab080078fce8c5c81b7037181fc2f18f781aaa6e2957d7e39cc1baddcb7ec6667e699f24e41697ee7ea23e4b29a8b6cc9a1f5a7b3caae05f13792292cb949b3aab06b1e042ff2164d80c605532b18ab1c156b97e5889685a96949e4cb40df77b8bb84b0e733a63784ccc214d930cbb7e090df9a2867b3acec439c163fcd7071b53ac29df826f8ae6d6e18c1eacf5bf870768d5217e9bb5a05d9e22ce67f1231bd236486727d970acc546087acbf30f2f8165b47ba56dfadd14b306e98931485747292c6fe6e188750cf4f87cce2aa7d67c7133a9f05954cde298a35ea6d715ba80aee63300000000000000000000000000000000000040000000000000000386000000b854adb4f8080064e8407c6bdb37114c80fbaa4a0ec5aaf4b0ac6f2128668279eb6fc144344e2d461c9a1be8fa0061ea9d55ee4716bea8e1cebf9ed39325a904514d8e90131bfc00000000000000d7c5af73c683625aaad5eda5004a76c9f8975ed4c5e4eb3e77e9885769754932609f19e2f615a01cb6d17fbf5cb539403cb0572534f054d5514ad8269b2bdf2ca4958a62a6e744f9a4c1e646e1dd2ca19583f0f8b0dc53debd7d44f334e6ed7445a9580f970e483b307c4b3c018bc194b23d37e6a2e52d8288e5aab6fec586d52386e8c07a88c88e8faec5f1b16b2014f6952ce7d6be12c6bdb9651ca6fc907061be311d1354e6295698594a73136237bee068d3819400e43544830a3f74b7942f22336953978a5b2032da4238cc61162c04c1297395b73e18c9387615a2bc87d9e2445f3d323d3fac347932a4bac694c55fe9d145906d410f58f1951405d10504efe402cae085afef5dbd617e87ddbd23834a50d7eb8e327fb5db12cbd6a9efe8e671c4f251fe3bf440cabdfe3400a670d14b9b3cd8d86e492997a0168c022ef3536bd1dc731f4f9f8cb6c3857fb8aaaa95024f8da775f72950212b84fc6133ae14d1429cd4905dabb52e43af7e65acf97b4951fa1e967d16a5ed642efc855a4a46b85cd079934ad3188276efae9387eaa2c910fb8de24b5d4fded86c3811ccd00520150b16000080122965558074956da5e4c3bbefcb64aa8be4456ed2caf0f49e4dcc1b7af0b51b9cafeda067b6bbf3aa4371f5e76ab3f60afea80bb066aafb7517f787b090f419a20278a3c779e03afd9a6af6fd518e5dce030f88ec5a5cb7601a161da0f8089322d84ac523040d13e1f1300c2c6555bce60d95dd3288e53435713f03add23f14c8db5555c62de4f626483632a2ab547f88dd6efec73a0271a19ca3aa860aa4dcaeeb9bd91a0cb429efae2a5fcc08b3a572969bbe91c921ac1476027772c87d1767e38ba49e3e57fafea83e495a6a1d1a4ebf83434986091dd66ffe3ffed0c39552a312e2db596d9c828c02f6fc13c8ddbb50bfd7dd8aa2f35f259fc83e007f00a292dd3b856faa4b7e66e1b64505f65900839df71a97d4d05d37f7ecf8ed9a22da26ae674bba16c204f6b2f8f74fc56b7126d7c11ece6e88ec41192aaee75415c58d264a2b6adae02c821b62428902aad499825ab85a348638384cd12e61dbde5c47056f0a20b4e2a2328d5db5cfe56557a129e6be231acf5f57995c60d9fca5f63a0dfd18054717120bda466d04774b530500d8b022719ca77a4e0a66b4708f791d849a5e2aaa0074a9560ede2600df5a5c41392fe9460080fcb1e65233fb8dbeec4c86dbcf6a0673e38d2d3615e5bfbde44afe0fa7564231fff7e7f1f3ad68492dd2ccb1decb15b5d7d3e37e8b7d28921c4b9280979521173f322df408d9818b6cc400098abb860600911480a876fbba698801937e8b4264eb6f5137bd9b075f1488d22230592a79000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002f316aa0886c174b73decb46c1c85edf50d8fcbac5ff76b365611666da86a8e65b30e55ac1275e938706bd7c000000000000003f7cd4d5cb9076b81b7741ec03877afb5237ea1694addebc14c3ae49f88c462aa2050acf2d9a97d3be29a5614d1eba2c98cf0236401e02d7c445e50f76419ab4f78f67a09e63dd4faa2e7b59399f055f2fa278783fefb0a5ef0b41e14a6fe6ba306206670b84894e901a523fcbadfeff0492df6b53002514bc834e876810d9a6a78e70a9e22860c36a724770b4185de44db6bf21fef32a8d5b36d9014f38fee012365f963b2a85e7d8075c333475b9f0284405e3127dde7e41285fbe0bdd37220e316f2297743dd4731614a50c16c6a41744c3d24eab511317f97b7b4a1c2ec33fedc46e9bf0fa640eebd3d58f0ebdb7cb8ccffd6d6ab7e0e843591d2618e2d2cdc7081c8fafffe9c350a5c554a387de4ee7aac6478d99de7dd82bef044a6d33c789d566c90c46ad581aa250bc93b233a2291b5b10eebc49b6882f910547a77d55e26bf19f1d4661550b177ef53933a305e69b8a95119dcf5bda599d625054776151b2cd1fcde238bdc527594a6c17aa9728af7a3830e7092b01b119ea4e7e7f0e21527d622cc29c9f0c8720195368f8a9d3374337ab4d130619d93c5ef37e7ddd0b2da147e6e513455b88753446de959a6cbfa1ffbc7ad5d8c3b48017fd31dcf72f337b639253f44cb27a12174bc4c191e21015d0c431a71906eb9c6a14c8a060459ef26787ce3d1cbfd5cc459f0048b5d06f6cbd3e9b34c89f3fb2f951ae81d7fcc8bc0000000000000000000000000000000000010000009231feef3117197c7963c2ba910969f776c8b2ea3970f358107945d9e74e9bdfa58e68b65a9201bc4b73b431df5aa29f363917f90e3fa1eaf553db1c761dd9b634a9c4d7c21d24fe6d953ed9438cad0f8dfe03e5e2f73019352f1fb682a5a6ebbf24ebc49e3d7058e696eb3f4b642f36c9006c0067e24a64aa8c53dd824a4ee271e35ed9eed636338f1835fc957729d63dc1bfc7b772cbe536c2d3aff27c22f9a2f876512616a5bdaf22a16e19d1b5f52abb40b433983d0cf50234de659c1a397ce901000000caae1bcfdce33dae6adc260321702f239c25ab181390e7dc8c1e5b1cf3b4fef1cd5c44a89b5e5d8314e02f4673ded90bce9a4025b0232eec970f7aa17f175a14e8dc8de9bac0006b98a8283eee5665f3aede28228e0468db"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x1e}, 0x48) 3.146547174s ago: executing program 6 (id=3748): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) sendmsg$IEEE802154_START_REQ(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) r3 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000000)={r3, r3, r3}, &(0x7f0000000040)=""/72, 0x48, &(0x7f0000000280)={&(0x7f00000000c0)={'sm3\x00'}}) 2.538827485s ago: executing program 4 (id=3749): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000200)=0x474c, 0x4) bind$inet(r0, &(0x7f0000000240)={0x2, 0x0, @local}, 0x6f) connect$inet(r0, &(0x7f0000000180)={0x2, 0x0, @multicast1}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x300) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x9, 0xf, &(0x7f0000000240)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, {{}, {}, {0x7, 0x0, 0xb, 0x2}, {0x85, 0x0, 0x0, 0x51}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x5d}}}, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x1}, 0x94) setsockopt$inet_int(r0, 0x0, 0xd, &(0x7f0000000040)=0x5, 0x4) setsockopt$inet_int(r0, 0x0, 0x8, &(0x7f0000000140)=0xba, 0x4) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0, 0xffffffffffffff22}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r1 = io_uring_setup(0x2525, &(0x7f0000000040)={0x0, 0x36d, 0xd800, 0x2c, 0x216}) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x12, 0x3, 0x0, &(0x7f0000000240)='syzkaller\x00', 0x80000000, 0xfffffffffffffda2, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x24, &(0x7f0000000000)=0xa, 0x4) io_uring_enter(r1, 0x2219, 0x7721, 0x16, 0x0, 0x0) 1.913673376s ago: executing program 7 (id=3750): r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000772904202404019957c2010203010902240001000010000904430002317d5500090502020002020000090582020002"], 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000400)={0x44, &(0x7f0000000200)=ANY=[@ANYBLOB="401504"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$rtl8150(r0, 0x0, &(0x7f0000000480)={0x2c, &(0x7f00000002c0)={0x40, 0x14, 0x4, "b4865713"}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000980)={0x84, &(0x7f0000000e40)=ANY=[@ANYBLOB="00036c"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$rtl8150(r0, 0x0, 0x0) syz_usb_control_io$rtl8150(r0, 0x0, &(0x7f00000007c0)={0x2c, &(0x7f0000000680)={0x40, 0x7}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$rtl8150(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) 1.715746485s ago: executing program 4 (id=3751): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet6(0xa, 0x3, 0x6) setsockopt$inet6_buf(r3, 0x29, 0x39, &(0x7f0000000040)="ff02040000b5ffffffffffffffff2e2be82db1af00000000", 0x18) connect$inet6(r3, &(0x7f0000000080)={0xa, 0x4e20, 0x1000040, @private1={0xfc, 0x1, '\x00', 0xa}, 0xae3c}, 0x1c) sendmmsg$inet6(r3, &(0x7f0000002940)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}}], 0x62, 0x0) 1.690709466s ago: executing program 6 (id=3752): r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x4001}, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x1c, 0x16, 0x6b4e12c8a09f3155, 0x0, 0x0, {0xa}, [@nested={0x8, 0x0, 0x0, 0x1, [@typed={0x4, 0xa}]}]}, 0x1c}}, 0x0) pipe(&(0x7f0000000640)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000000)="fc0000001d000724ab09254ec100070007ab08001b000000f0ffff002100057e0000000000000e000039000000039815fad151ba0101099cecb94b46fe0000000a00020025", 0xffffff0c) r3 = socket$inet_udp(0x2, 0x2, 0x0) pipe(&(0x7f0000000500)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$IP_SET_OP_GET_BYINDEX(0xffffffffffffffff, 0x1, 0x53, 0x0, &(0x7f0000000300)) splice(r4, 0x0, r2, 0x0, 0xfffffff7ffff8000, 0x4) close(r5) close(r3) writev(r1, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) splice(r1, 0x0, r3, 0x0, 0x1100000000f336, 0x0) 480.582086ms ago: executing program 7 (id=3753): syz_mount_image$iso9660(&(0x7f0000000040), &(0x7f0000000140)='./bus\x00', 0x0, &(0x7f0000000340)=ANY=[], 0x1, 0x7ec, &(0x7f0000000c40)="$eJzs3U9sHGfZAPBnXTtxXSmq+n1KqyhNJ0k/KZVSd71u3c/0ULbrsTPtene1u0aJEGqrxqmiOG3VUkFzoOTSAgIhTkhcCiek3riBkEDiAJyQ6IELt0o9oYJAQkUIKWhmZx3H/5s4fyi/nxW/s7PPvO8z68k8M2vPbAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUWnMVatTlWhmraXTyQYjEZH8bxm7mOyPjSEDw/5+eU2zzbgRlfxfjI/HA8WcfWufPph/OxaHB48Ox3jejMelew7e+9T/jI4Ml98qmxtwdJdxlYiv50ldeHFlZfn1m5DILfStn2/37OhmM/9xJf++kLayXjtbrC+kSdZrJ7MzM9XHTs33kvmsmfbO9PrpYtLopvV+u5ucaDySTM3OTifp5Jn2Umthrt5MhzOffLRWrc4kz0520nq312499uxkr3Eqazaz1kIRU6t+JfKYJ5PGXPe5rJ/00/pikpw7v7I8vdPa5UFT2zx/+OF7P3rzw7+dX843yK2CKuWGWZuaqtWmZp6YfeLJanW0Vq1dO6O6TqxGxEhEHnFTNlruHMUuc63RctMZPr7hfTbslZGy/kczsmjFUpyOZJOvsWjEXHSjHYv54z+MbYgoDev//z32599tN+7a+j+s8g9cffpQFPX/yODRka3q/6a57uXXSJnPVs+/EW/FpbgQL8ZKrMRyvH7TM7rBr5G97W8h0mhFFr1oRxaLUS/mJOWcJGZjJmaiGs/HqZiPXiQxH1k0I41enIle9CMttqhGdCONevSjHd1I4kQ04pFIYipmYzamI4k0JuNMtGMpWrEQc1EvejkX54vXfXpdXge/9sLPXv79R+/l06tBU9usSCU/mMuD/rpN0IZyv/v6fyXKiMq4A4DPqE92F7bHe3C4fleG9R8AAAD4zKoU777n5/9j8WAxNZ810y/e7rQAAACAPVT85v9w3ozlUw9GJT//r24S+cEtzw0AAADYG5XiGrtKREzEQ4Op4eVSm70JAAAAAPwHKn7/fyRvJiLeLmY4/wcAAIDPmG9sdY/9D4f32O119ld+8ZcffK47VrncOf1w5WI9j6tfvGuwXNl8YbXHffOHKuMx6KToa2b00j2ViBhtpIcrw7tf/mv/oP24+H5odHXxre71X+lem8DqEncNJ+4t2/78ocqBS+sSOFgM/O04Oog5enbQni3jyjsST8xnzXSy0W4+VdwSMf/Xf/OV81+NyEf/ZmvxQCXOnV9Znnzp1ZWzRS6X814uXyxvoLjhPoqb51KMeKV8BeLBzdd4rLgQoxx3YjBude0PoLw38cj2Y1bWjvlOHBvEHJsYtBPXrv94PubU5FNTUa8fGOmnp/tvXlmz9mUWUze45u/E8UHM8RPHB80mWdSuyeKVjVnU1maxu9dixyzGyg3rvaNvn/77r9uVdHqnLKbXZTH+KbMAuF3OFXf9uVqF7i6q0D+vDOT1v6y7o3ExGQSUyr3c/atd5Xu5YRlYt5c7F6vPDJdfU+tGY0N1X394EetG2WKPfmIQc2JwPDF6aJO6Us336MMkyj36a+df+025R3/8/e//8EtHfvuTDdXtx+Ui+1az2GKP/n48kh9WRd4U7vvVFjU2X+fvtBYnhqt2+uly4kdbVtVes1aJsYi7vnzxtTj4xluXHj1/MV5efnn5lVpteqb6eLX6RC3GikOFslF7ANjEzp+xs2NE5fEdzqrvW/2Tgsl4KV6NlTgbJ4urDSLioUGvQ8NeJ9b8GcLJOBbFyfIWZ60Taz7h5eQO55ZXY2tF7N1rxj4+PK7YEDu9Jur+7xXNJ3v8gwCAW+jYujp8PfX/5A7n3dfW8vK0eHh2HFvX8s38/019NQDgv0Pa/bgy0X+30u1mneenZmen6v1TadJtN55LutncQppkrX7abZyqtxbSpNNt99uN4RvHc2kv6S11Ou1uP5lvd5NOu5edLj75PSk/+r2XLtZb/azR6zTTei9NGu1Wv97oJ3NZr5F09j3TzHqn0m6xcK+TNrL5rFHvZ+1W0msvdRvpZJL00jTpLA0Ds7m01c/ms3yylXS62WK9ezkimkuLaTKX9hrdrNNvDzocjpW15tvdxaLbyY2r/6db/XoDwJ3gjbcuXXhxZWX59U85MRrFxB93E3y71xEAuJYqDQAAAAAAAAAAAAAAd76Nl+vlc6/nisBL++PTL7U/ruvqQxO7mMh/kHdAGrdhYvzqhv3C009f2Cr4mbcfOLW7Djf/n7LZpa7vHojY99PvDuZ8/lat8gcRcR2LX6lsE3O790wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsNG/AwAA//+OU1MU") r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e20, @multicast1}, 0x10) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x2, &(0x7f0000000040)=0x2800, 0x4) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x18}}, 0x10) r1 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r3, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0xea, 0x0, 0xfffd, 0x0, 0x9, 0x5}, {0x12, 0x2, 0x0, 0x401, 0x8001, 0x1400}, 0xa5, 0x5, 0x10000000}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}}, 0x44080) sendmsg$nl_route_sched(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000001640)=@newqdisc={0x880, 0x24, 0xd0f, 0x70bd2c, 0x25dfdbfc, {0x60, 0x0, 0x0, r3, {}, {0xffe0, 0xa}, {0xfff3, 0xe}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x854, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x4, 0x6, 0xf6a, 0x9, 0x2, 0xf, 0x8, 0xfffffff0, 0x5, 0x2, 0xa2, 0x7, 0x1, 0x1, 0x10, 0x9, 0x9, 0x2, 0x8, 0xda, 0x10000, 0x6, 0x7, 0x51f5d029, 0x655, 0x3, 0x40, 0x7fffffff, 0x0, 0x800, 0x4, 0x3, 0x5, 0x5, 0x0, 0xc3, 0x80, 0x2, 0x8, 0x3, 0x9, 0xa50, 0x51bd, 0xb93d, 0x7f, 0xff, 0xfffffffd, 0x5, 0x7, 0x9, 0x8, 0x0, 0x8, 0xfffff2af, 0x8, 0x1, 0x3, 0xd, 0x1f, 0x6, 0xd7a, 0x0, 0x8, 0x2, 0x2, 0x40, 0x6, 0xfffffffa, 0x7, 0x1, 0x7, 0x9, 0x52640bb6, 0xfbe, 0x0, 0x4b, 0x8, 0xffff7fff, 0x3, 0x96, 0x6, 0x8db5, 0xd, 0x3ff, 0x5, 0x977b, 0x7, 0xa, 0x2, 0xe12f, 0x0, 0x4, 0x5, 0x5, 0x50000, 0xda, 0x7, 0x4, 0x9, 0x2, 0x5, 0xff, 0x8, 0x8, 0xffffffff, 0x668, 0x7fff, 0x6, 0x1, 0x6, 0x8, 0x3, 0x2, 0x8, 0x7, 0xa, 0x1, 0x4, 0x5, 0xc31b, 0x4, 0x2, 0x400, 0x7, 0x7f, 0x81, 0x6, 0x6, 0x9, 0x4, 0x6, 0x9, 0x80, 0x6, 0xe, 0x8, 0x9, 0x800, 0x80, 0x6, 0xb9c3, 0x3, 0x1ff, 0x9, 0xfffffffa, 0x9, 0x8, 0x9ffc, 0x200, 0x8, 0x3, 0x7, 0x1, 0x8, 0x6, 0x3, 0x5, 0x5, 0x8, 0x8, 0x1, 0x1, 0x80000001, 0x3, 0x8, 0xfffffffb, 0x2, 0x4f33fc31, 0x3, 0x7, 0x100, 0xffff, 0x7fff, 0x0, 0x5, 0x5, 0x1, 0x1, 0x3, 0x6, 0x8, 0x8, 0x8, 0x1000, 0x7, 0x7ff, 0x10000, 0x99, 0x8, 0xa, 0x3, 0x2, 0x0, 0x8, 0x5dd8, 0x5, 0xfffffff2, 0x3, 0x0, 0x800, 0x80000000, 0x2, 0x6674, 0x2, 0x3, 0xffff, 0x400, 0x1, 0x6b, 0x5, 0x1ff, 0x1, 0x4c, 0x80000001, 0x6, 0x7ff, 0x933, 0x8f66, 0x6, 0x3, 0x0, 0x40, 0x8, 0x72, 0x1, 0x294e000, 0xb, 0x3d, 0x7fffffff, 0x0, 0x0, 0x6, 0x10001, 0xd, 0x28000, 0x1, 0x1, 0x10, 0x6, 0xfffffff7, 0x401, 0xb, 0x8, 0x7e, 0xcf, 0x4, 0x0, 0x3, 0x9, 0x2, 0x75, 0x3, 0x7ff, 0x2, 0x800, 0x100]}, @TCA_TBF_PBURST={0x8, 0x7, 0x1889}, @TCA_TBF_RTAB={0x404, 0x2, [0x4a, 0x100, 0x6f5e895f, 0xf, 0x1, 0x7, 0x4a187b7a, 0x5, 0x7, 0x6, 0x10000, 0x8, 0x1, 0xf, 0x100, 0x2, 0x0, 0x3, 0x800, 0x2c1, 0x3, 0x101, 0x7d, 0x7fff, 0x0, 0x0, 0x606, 0x5, 0x0, 0xaf3, 0x8000, 0xd, 0x80000000, 0x9, 0x10, 0x8, 0x8, 0x0, 0x2, 0x5, 0x5, 0x7, 0x6, 0x26d, 0x7, 0xfffff53b, 0x8, 0x41fe, 0x4, 0x8, 0x0, 0x9, 0x43c, 0xfffffffd, 0xffff, 0xffffff21, 0xf, 0x8, 0xfffffffc, 0x8, 0x0, 0x8, 0x0, 0xd406, 0x2, 0x7fff, 0x4, 0x4, 0x3, 0x1, 0x7, 0x4, 0xffff, 0x3, 0x3448575b, 0xca, 0x3, 0x10001, 0x7, 0x9, 0x1, 0x5, 0x200, 0x800, 0x5, 0x4, 0x4, 0x40, 0x1, 0x8, 0xe, 0x1, 0x7fffffff, 0x1, 0x0, 0x10000, 0xff, 0x5, 0xa5, 0xffffff20, 0xc79, 0x1459, 0x4, 0xff, 0x0, 0x3, 0x4, 0xe, 0x4, 0x9, 0x0, 0xe3d, 0x4, 0x0, 0xf2, 0xc, 0x80000001, 0x4, 0x7, 0x9, 0x3, 0x5, 0x7, 0x68, 0x7c, 0x8, 0xc, 0x7ff, 0x5, 0x7, 0x4, 0x2, 0x3, 0xffff, 0x8001, 0x8, 0x57, 0x4, 0x7fffffff, 0x3ff, 0x1, 0x7, 0x800, 0x8, 0x0, 0x189, 0x80, 0x3, 0x1, 0xffffffff, 0x4d, 0x0, 0xfff, 0x7, 0x0, 0x1, 0x4, 0x8670, 0xd, 0x40, 0x6, 0x3, 0x3d1f9312, 0x16, 0x499, 0x101, 0x5, 0x1, 0x9, 0x400, 0x4, 0x1ff, 0x1, 0x7, 0xa, 0x21e, 0xb8, 0xc, 0x240000, 0x1, 0x9, 0x0, 0x857e, 0x200, 0xfffffff7, 0x4, 0x7, 0x7, 0xfffffff9, 0x7, 0x3, 0x1000, 0x8, 0xffff, 0x8, 0xffffffff, 0x800000, 0x2, 0xc, 0x9, 0xd, 0x0, 0x101, 0x1000, 0x40, 0x6c, 0x5, 0x9, 0x9, 0x28478204, 0x6, 0x1284c4f0, 0x5, 0x2, 0x3f, 0x1, 0x0, 0x3, 0x2000, 0x8, 0xfffffffb, 0x8de4, 0x116d80, 0x1, 0x5, 0x8, 0x8, 0x6, 0x1, 0xa, 0x9, 0x1, 0x5, 0x10001, 0x7033, 0xe, 0xec, 0x0, 0x3, 0xf0, 0x2, 0x82b, 0x6, 0x5, 0x7fff, 0x8, 0xe, 0x1000, 0x2, 0xfffffc00, 0x4, 0x0, 0xcfd, 0x0, 0x4, 0x1a]}, @TCA_TBF_RATE64={0xc, 0x4, 0xb78fea3163f663ab}, @TCA_TBF_PARMS={0x28, 0x1, {{0x8, 0x0, 0xfffa, 0x9, 0x9, 0x4}, {0x71, 0x2, 0x4, 0x8, 0x7, 0x101}, 0x0, 0x7, 0x1aa2}}, @TCA_TBF_PRATE64={0xc, 0x5, 0xf0cda79ea301acfa}]}}]}, 0x880}, 0x1, 0x0, 0x0, 0xc5}, 0xc010) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0xb, 0x0, 0x0) sendmsg$inet(r0, &(0x7f00000015c0)={0x0, 0x14, &(0x7f0000001600)=[{&(0x7f0000000240)=' ', 0xffffff1f}], 0x1}, 0x0) 480.343226ms ago: executing program 6 (id=3754): syz_mount_image$fuse(0xfffffffffffffffe, &(0x7f0000000000)='./file0\x00', 0x8000d4, 0x0, 0x0, 0x0, 0x0) r0 = landlock_create_ruleset(&(0x7f0000000080)={0x10}, 0x10, 0x0) landlock_restrict_self(r0, 0x0) landlock_restrict_self(r0, 0x0) landlock_restrict_self(r0, 0x0) landlock_restrict_self(r0, 0x0) landlock_restrict_self(r0, 0x0) landlock_restrict_self(r0, 0x0) landlock_restrict_self(r0, 0x0) r1 = landlock_create_ruleset(&(0x7f00000000c0)={0x100}, 0x10, 0x0) landlock_restrict_self(r0, 0x0) landlock_restrict_self(r1, 0x0) syz_mount_image$vfat(&(0x7f00000002c0), &(0x7f0000000280)='./bus\x00', 0x2081c11, 0x0, 0x1, 0x0, &(0x7f0000000080)) rename(&(0x7f0000000f00)='./file0\x00', &(0x7f0000000f40)='./bus/file0\x00') 320.087494ms ago: executing program 4 (id=3755): sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0) getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0) write$cgroup_int(r0, &(0x7f0000000540), 0xfffffdd8) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) madvise(&(0x7f0000000000/0x400000)=nil, 0x40001e, 0x15) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) setuid(0xee01) write$binfmt_register(0xffffffffffffffff, &(0x7f00000001c0)={0x3a, 'syz3', 0x3a, 'M', 0x3a, 0x7fffffff, 0x3a, '/_', 0x3a, '\\x@K-^{', 0x3a, './file0'}, 0x30) ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(0xffffffffffffffff, 0x8982, 0x0) syz_clone(0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0) 254.352707ms ago: executing program 6 (id=3756): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x85, 0x7, 0x7ffc0001}]}) rseq(&(0x7f0000000180)={0x0, 0x0, 0x0, 0x1}, 0x20, 0x0, 0x0) time(0x0) r1 = open(0x0, 0x109042, 0x88) copy_file_range(0xffffffffffffffff, 0x0, r0, 0x0, 0x9, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) syz_emit_ethernet(0x46, &(0x7f00000009c0)={@link_local, @local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x10, 0x3a, 0xff, @ipv4={'\x00', '\xff\xff', @local}, @mcast2, {[], @ndisc_ra}}}}}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, 0x0) r3 = shmget$private(0x0, 0x400000, 0x184, &(0x7f0000c00000/0x400000)=nil) shmat(r3, &(0x7f0000287000/0x4000)=nil, 0x5000) read$FUSE(0xffffffffffffffff, 0x0, 0x0) fallocate(r1, 0x0, 0x8, 0xe17) 0s ago: executing program 6 (id=3757): openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2241, 0x0) mlockall(0x7) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='map_files\x00') mount$tmpfs(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0), 0x802, &(0x7f00000000c0)=ANY=[@ANYBLOB='huge=always,huge=within_size,nr_blocks=', @ANYRESDEC=r0]) chdir(&(0x7f0000000140)='./file0\x00') mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffffffffe, 0x4031, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) ftruncate(r2, 0x8008976) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000000)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000140)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x4}) ioctl$UFFDIO_COPY(r1, 0xc028aa03, &(0x7f0000000080)={&(0x7f00006c6000/0x400000)=nil, &(0x7f000018b000/0x3000)=nil, 0x400000, 0x0, 0x6040000}) kernel console output (not intermixed with test programs): 0: command tx timeout [ 303.566216][T11081] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 303.585244][T11081] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 303.649914][T11081] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 303.670524][T11081] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 303.677680][T11081] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 303.705196][T11081] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 303.775935][T11081] hsr_slave_0: entered promiscuous mode [ 303.782896][T11081] hsr_slave_1: entered promiscuous mode [ 303.802953][T11081] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 303.813921][T11081] Cannot create hsr debugfs directory [ 305.054991][T11161] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 305.166558][T11081] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 305.201543][T11081] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 305.227208][T11081] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 305.252241][T11081] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 305.498733][T11081] 8021q: adding VLAN 0 to HW filter on device bond0 [ 305.529459][T11081] 8021q: adding VLAN 0 to HW filter on device team0 [ 305.554843][ T144] bridge0: port 1(bridge_slave_0) entered blocking state [ 305.562087][ T144] bridge0: port 1(bridge_slave_0) entered forwarding state [ 305.622298][ T51] Bluetooth: hci0: command tx timeout [ 305.779219][ T144] bridge0: port 2(bridge_slave_1) entered blocking state [ 305.786446][ T144] bridge0: port 2(bridge_slave_1) entered forwarding state [ 306.057247][T11154] overlayfs: failed to clone upperpath [ 306.546356][T11081] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 307.096273][T11081] veth0_vlan: entered promiscuous mode [ 307.116842][T11081] veth1_vlan: entered promiscuous mode [ 307.194573][T11081] veth0_macvtap: entered promiscuous mode [ 307.215716][T11081] veth1_macvtap: entered promiscuous mode [ 307.273557][T11081] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 307.316319][T11081] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 307.343478][T11081] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 307.362910][T11081] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 307.376013][T11081] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 307.388190][T11081] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 307.698473][ T51] Bluetooth: hci0: command tx timeout [ 308.068789][T11166] Set syz1 is full, maxelem 65536 reached [ 308.249447][ T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 308.257693][ T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 308.325031][ T9980] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 308.333781][ T9980] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 309.695427][T11209] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1787'. [ 309.780222][ T51] Bluetooth: hci0: command tx timeout [ 310.244174][T11218] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1790'. [ 312.871332][T11230] xt_hashlimit: max too large, truncated to 1048576 [ 313.238192][T11250] netlink: 24 bytes leftover after parsing attributes in process `syz.6.1805'. [ 313.716402][T11268] xt_hashlimit: max too large, truncated to 1048576 [ 315.674363][ T27] audit: type=1804 audit(1774460549.779:177): pid=11293 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.1824" name="file0" dev="ramfs" ino=24530 res=1 errno=0 [ 317.138117][T11310] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1827'. [ 317.158792][T11310] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1827'. [ 317.544286][ T1282] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.550841][ T1282] ieee802154 phy1 wpan1: encryption failed: -22 [ 319.461315][ T27] audit: type=1326 audit(1774460553.569:178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11347 comm="syz.6.1838" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f61b0f9c799 code=0x7fc00000 [ 319.491604][ T27] audit: type=1326 audit(1774460553.599:179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11347 comm="syz.6.1838" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f61b0f9c799 code=0x7fc00000 [ 320.668221][T11364] bridge0: port 2(bridge_slave_1) entered disabled state [ 320.675470][T11364] bridge0: port 1(bridge_slave_0) entered disabled state [ 322.028794][T11364] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 322.105006][T11364] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 322.832211][T11364] netdevsim netdevsim6 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 322.850573][T11364] netdevsim netdevsim6 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 322.868047][T11364] netdevsim netdevsim6 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 322.877205][T11364] netdevsim netdevsim6 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 323.005769][T11381] VFS: Mount too revealing [ 323.409400][T11386] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1847'. [ 324.429164][ T27] audit: type=1326 audit(1774460558.539:180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11399 comm="syz.0.1851" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7a3f59c799 code=0x7fc00000 [ 324.508001][ T27] audit: type=1326 audit(1774460558.539:181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11399 comm="syz.0.1851" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f7a3f59c799 code=0x7fc00000 [ 328.398710][T11451] netlink: 'syz.0.1870': attribute type 1 has an invalid length. [ 328.475990][T11451] bond7: entered promiscuous mode [ 328.494711][T11451] bond7: entered allmulticast mode [ 328.512020][T11455] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1870'. [ 328.577588][T11455] bridge2: the hash_elasticity option has been deprecated and is always 16 [ 328.632676][T11455] bond7: (slave bridge2): making interface the new active one [ 328.688290][T11455] bridge2: entered promiscuous mode [ 328.703113][T11455] bridge2: entered allmulticast mode [ 328.719358][T11455] bond7: (slave bridge2): Enslaving as an active interface with an up link [ 328.807442][T11451] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1870'. [ 328.883371][T11451] bond7: left promiscuous mode [ 328.910341][T11451] bridge2: left promiscuous mode [ 328.915592][T11451] bond7: left allmulticast mode [ 328.939671][T11451] bridge2: left allmulticast mode [ 328.948246][T11451] 8021q: adding VLAN 0 to HW filter on device bond7 [ 328.968236][T11457] netlink: 'syz.2.1872': attribute type 1 has an invalid length. [ 329.185305][T11466] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1873'. [ 329.216068][T11459] loop6: detected capacity change from 0 to 2048 [ 329.222534][T11466] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1873'. [ 329.370255][T11459] UDF-fs: warning (device loop6): udf_load_vrs: No anchor found [ 329.385846][T11457] netdevsim netdevsim2 netdevsim0: set [1, 1] type 2 family 0 port 20004 - 0 [ 329.405014][T11459] UDF-fs: Scanning with blocksize 512 failed [ 329.417607][T11457] netdevsim netdevsim2 netdevsim1: set [1, 1] type 2 family 0 port 20004 - 0 [ 329.446981][T11459] UDF-fs: error (device loop6): udf_process_sequence: Primary Volume Descriptor not found! [ 329.453047][T11457] netdevsim netdevsim2 netdevsim2: set [1, 1] type 2 family 0 port 20004 - 0 [ 329.480361][T11459] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 329.486770][T11457] netdevsim netdevsim2 netdevsim3: set [1, 1] type 2 family 0 port 20004 - 0 [ 329.528412][T11457] bond6: (slave geneve3): making interface the new active one [ 329.547745][T11457] bond6: (slave geneve3): Enslaving as an active interface with an up link [ 329.992265][T11484] kvm: requested 139123 ns i8254 timer period limited to 200000 ns [ 330.004346][T11484] kvm: requested 199466 ns i8254 timer period limited to 200000 ns [ 330.013450][T11484] kvm: requested 105600 ns i8254 timer period limited to 200000 ns [ 330.024143][T11484] kvm: requested 87161 ns i8254 timer period limited to 200000 ns [ 330.245849][T11484] kvm: requested 176000 ns i8254 timer period limited to 200000 ns [ 330.309300][T11484] kvm: requested 56990 ns i8254 timer period limited to 200000 ns [ 330.414801][T11484] kvm: requested 51961 ns i8254 timer period limited to 200000 ns [ 330.651724][T11484] kvm: requested 63695 ns i8254 timer period limited to 200000 ns [ 330.742912][T11484] kvm: requested 172647 ns i8254 timer period limited to 200000 ns [ 330.751178][ T27] audit: type=1326 audit(1774460564.849:182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11480 comm="syz.0.1878" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7a3f59c799 code=0x7fc00000 [ 330.988255][T11484] kvm: requested 36876 ns i8254 timer period limited to 200000 ns [ 331.701793][T11503] netlink: 1319 bytes leftover after parsing attributes in process `syz.0.1884'. [ 331.907290][T11507] netlink: 'syz.2.1886': attribute type 10 has an invalid length. [ 331.950466][T11507] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 332.056248][T11517] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1892'. [ 332.077138][T11517] netdevsim netdevsim6 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 332.086587][T11517] netdevsim netdevsim6 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 332.095789][T11517] netdevsim netdevsim6 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 332.105246][T11517] netdevsim netdevsim6 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 332.126592][T11517] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1892'. [ 335.539774][T11568] 9pnet: p9_errstr2errno: server reported unknown error 0x000000000 [ 336.962421][T11602] netlink: 24 bytes leftover after parsing attributes in process `syz.6.1919'. [ 344.669034][T11740] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1968'. [ 344.678714][T11740] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1968'. [ 344.687655][T11740] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1968'. [ 344.696889][T11740] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1968'. [ 344.705953][T11740] netlink: 104 bytes leftover after parsing attributes in process `syz.4.1968'. [ 345.909252][ T27] audit: type=1326 audit(1774460580.009:183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11751 comm="syz.6.1975" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f61b0f9c799 code=0x7ffc0000 [ 345.978162][ T27] audit: type=1326 audit(1774460580.009:184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11751 comm="syz.6.1975" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f61b0f9c799 code=0x7ffc0000 [ 346.044956][ T27] audit: type=1326 audit(1774460580.019:185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11751 comm="syz.6.1975" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f61b0f9c799 code=0x7ffc0000 [ 346.124493][ T27] audit: type=1326 audit(1774460580.019:186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11751 comm="syz.6.1975" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f61b0f9c799 code=0x7ffc0000 [ 346.175264][ T27] audit: type=1326 audit(1774460580.019:187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11751 comm="syz.6.1975" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f61b0f9c799 code=0x7ffc0000 [ 346.238211][ T27] audit: type=1326 audit(1774460580.019:188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11751 comm="syz.6.1975" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f61b0f9c799 code=0x7ffc0000 [ 346.278082][ T27] audit: type=1326 audit(1774460580.049:189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11751 comm="syz.6.1975" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f61b0f9c799 code=0x7ffc0000 [ 346.545708][ T27] audit: type=1326 audit(1774460580.049:190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11751 comm="syz.6.1975" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f61b0f9c799 code=0x7ffc0000 [ 346.908596][ T27] audit: type=1326 audit(1774460580.059:191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11751 comm="syz.6.1975" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f61b0f9c799 code=0x7ffc0000 [ 346.937210][ T27] audit: type=1326 audit(1774460580.059:192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11751 comm="syz.6.1975" exe="/root/syz-executor" sig=0 arch=c000003e syscall=128 compat=0 ip=0x7f61b0f9c799 code=0x7ffc0000 [ 347.668001][ T23] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 347.875727][ T23] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 347.893332][ T23] usb 7-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 348.494873][ T23] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 348.604976][ T23] usb 7-1: config 0 descriptor?? [ 348.620126][ T23] pwc: Askey VC010 type 2 USB webcam detected. [ 349.032658][ T23] pwc: recv_control_msg error -32 req 02 val 2b00 [ 349.056236][ T23] pwc: recv_control_msg error -32 req 02 val 2700 [ 349.073596][ T23] pwc: recv_control_msg error -32 req 02 val 2c00 [ 349.088264][ T23] pwc: recv_control_msg error -32 req 04 val 1000 [ 349.118808][ T23] pwc: recv_control_msg error -32 req 04 val 1300 [ 349.139196][ T23] pwc: recv_control_msg error -32 req 04 val 1400 [ 349.157344][ T23] pwc: recv_control_msg error -32 req 02 val 2000 [ 349.169480][ T23] pwc: recv_control_msg error -32 req 02 val 2100 [ 349.390250][ T23] pwc: recv_control_msg error -71 req 02 val 2500 [ 349.403277][ T23] pwc: recv_control_msg error -71 req 02 val 2400 [ 349.418472][ T23] pwc: recv_control_msg error -71 req 02 val 2600 [ 349.426580][ T23] pwc: recv_control_msg error -71 req 02 val 2900 [ 349.443237][ T23] pwc: recv_control_msg error -71 req 02 val 2800 [ 349.458703][ T23] pwc: recv_control_msg error -71 req 04 val 1100 [ 349.470968][ T23] pwc: recv_control_msg error -71 req 04 val 1200 [ 349.514807][ T23] pwc: Registered as video103. [ 349.537329][ T23] input: PWC snapshot button as /devices/platform/dummy_hcd.6/usb7/7-1/input/input5 [ 349.791224][ T23] usb 7-1: USB disconnect, device number 2 [ 350.729701][T11826] loop6: detected capacity change from 0 to 1024 [ 350.750007][T11826] EXT4-fs: inline encryption not supported [ 350.771246][T11826] EXT4-fs (loop6): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 350.848548][T11826] EXT4-fs error (device loop6): ext4_free_blocks:6694: comm syz.6.1996: Freeing blocks not in datazone - block = 0, count = 4096 [ 350.950105][T11826] EXT4-fs (loop6): Remounting filesystem read-only [ 350.956996][T11826] EXT4-fs (loop6): 1 orphan inode deleted [ 350.989175][T11826] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 351.020345][ T3495] EXT4-fs (loop6): Quota write (off=2048, len=1024) cancelled because transaction is not started [ 351.110790][ T3495] __quota_error: 50 callbacks suppressed [ 351.110826][ T3495] Quota error (device loop6): write_blk: dquota write failed [ 351.377242][ T3495] Quota error (device loop6): remove_free_dqentry: Can't write block (2) with free entries [ 351.611565][ T3495] EXT4-fs (loop6): Quota write (off=2048, len=1024) cancelled because transaction is not started [ 351.703049][ T3495] Quota error (device loop6): write_blk: dquota write failed [ 351.737483][ T3495] Quota error (device loop6): free_dqentry: Can't move quota data block (2) to free list [ 351.778486][ T3495] EXT4-fs (loop6): Quota write (off=8, len=24) cancelled because transaction is not started [ 351.844952][ T3495] Quota error (device loop6): v2_write_file_info: Can't write info structure [ 351.931683][T11081] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 353.523208][T11881] bridge4: entered promiscuous mode [ 353.528526][T11881] bridge4: entered allmulticast mode [ 353.540288][T11881] team0: Port device bridge4 added [ 353.570843][T11881] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 353.583031][T11881] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 353.596224][T11881] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 353.608815][T11881] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 353.618749][T11881] geneve3: entered promiscuous mode [ 353.624060][T11881] geneve3: entered allmulticast mode [ 353.631969][T11881] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 353.657654][T11881] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 353.690575][T11881] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 353.709268][T11881] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 354.345190][T11902] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:24) already exists on: dummy0 [ 354.378042][T11902] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 356.435733][T11937] overlayfs: failed to clone upperpath [ 357.137046][ T5801] Process accounting resumed [ 359.172101][T11983] netlink: 'syz.0.2043': attribute type 1 has an invalid length. [ 359.204001][T11983] bond8: entered promiscuous mode [ 359.210272][T11983] 8021q: adding VLAN 0 to HW filter on device bond8 [ 359.367780][T11983] 8021q: adding VLAN 0 to HW filter on device bond8 [ 359.388362][T11983] bond8: (slave wireguard0): The slave device specified does not support setting the MAC address [ 359.399409][T11983] bond8: (slave wireguard0): Setting fail_over_mac to active for active-backup mode [ 359.428754][T11983] bond8: (slave wireguard0): making interface the new active one [ 359.456688][T11983] wireguard0: entered promiscuous mode [ 359.473491][T11983] bond8: (slave wireguard0): Enslaving as an active interface with an up link [ 359.525492][T11988] bond8: (slave wireguard1): The slave device specified does not support setting the MAC address [ 359.561207][T11988] bond8: (slave wireguard1): Enslaving as a backup interface with an up link [ 360.035114][T12010] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2049'. [ 361.008156][ T27] audit: type=1804 audit(1774460595.109:243): pid=12026 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.2058" name="bus" dev="ramfs" ino=27667 res=1 errno=0 [ 361.036095][ T27] audit: type=1804 audit(1774460595.139:244): pid=12026 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.2058" name="bus" dev="ramfs" ino=27667 res=1 errno=0 [ 363.162535][ T790] IPVS: starting estimator thread 0... [ 363.268167][T12062] IPVS: using max 21 ests per chain, 50400 per kthread [ 364.416636][T12085] sch_tbf: burst 19872 is lower than device lo mtu (11337746) ! [ 364.610546][T12096] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2083'. [ 365.640984][T12116] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 365.671936][T12116] bond0: (slave macvlan2): Enslaving as an active interface with an up link [ 365.818469][T12116] bridge0: port 3(vlan3) entered blocking state [ 365.824840][T12116] bridge0: port 3(vlan3) entered disabled state [ 365.858234][T12116] vlan3: entered allmulticast mode [ 365.863412][T12116] bond0: entered allmulticast mode [ 365.880366][T12116] bond_slave_0: entered allmulticast mode [ 365.886370][T12116] bond_slave_1: entered allmulticast mode [ 365.939558][T12123] xt_addrtype: both incoming and outgoing interface limitation cannot be selected [ 365.978282][T12116] macvlan2: entered allmulticast mode [ 366.005743][T12116] team0: entered allmulticast mode [ 366.040385][T12116] team_slave_0: entered allmulticast mode [ 366.113036][T12116] team_slave_1: entered allmulticast mode [ 366.282259][T12116] vlan3: entered promiscuous mode [ 366.360967][T12116] bond0: entered promiscuous mode [ 366.508271][T12116] bond_slave_0: entered promiscuous mode [ 366.514210][T12116] bond_slave_1: entered promiscuous mode [ 366.588144][T12116] macvlan2: entered promiscuous mode [ 366.593584][T12116] team0: entered promiscuous mode [ 366.599556][T12116] team_slave_0: entered promiscuous mode [ 366.607774][T12116] team_slave_1: entered promiscuous mode [ 367.169626][T12132] autofs4:pid:12132:autofs_fill_super: called with bogus options [ 367.213929][T12141] x_tables: duplicate underflow at hook 2 [ 367.438151][ T23] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 367.629029][ T23] usb 7-1: Using ep0 maxpacket: 8 [ 367.636069][ T23] usb 7-1: config 0 has an invalid interface number: 200 but max is 0 [ 367.651611][ T23] usb 7-1: config 0 has no interface number 0 [ 367.664697][ T23] usb 7-1: config 0 interface 200 altsetting 2 has an invalid endpoint with address 0xB5, skipping [ 367.679045][ T23] usb 7-1: config 0 interface 200 has no altsetting 0 [ 367.698700][ T23] usb 7-1: New USB device found, idVendor=0b57, idProduct=8528, bcdDevice=6d.39 [ 367.707790][ T23] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 367.756024][ T23] usb 7-1: Product: syz [ 367.760547][ T23] usb 7-1: Manufacturer: syz [ 367.765170][ T23] usb 7-1: SerialNumber: syz [ 367.780512][ T23] usb 7-1: config 0 descriptor?? [ 368.022133][ T23] usbhid 7-1:0.200: couldn't find an input interrupt endpoint [ 368.049622][ T23] usb 7-1: USB disconnect, device number 3 [ 369.222269][T12200] xt_TCPMSS: Only works on TCP SYN packets [ 369.265381][T12202] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2117'. [ 369.288421][T12202] (unnamed net_device) (uninitialized): peer notification delay (2365) is not a multiple of miimon (4), value rounded to 2364 ms [ 369.364091][T12206] capability: warning: `syz.6.2118' uses deprecated v2 capabilities in a way that may be insecure [ 369.435630][T12202] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2117'. [ 369.458315][T12202] bond5: peer notification delay (2365) is not a multiple of miimon (4), value rounded to 2364 ms [ 369.626284][T12212] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2120'. [ 374.938177][T12304] vlan3: left allmulticast mode [ 374.943764][T12304] bond0: left allmulticast mode [ 374.949456][T12304] bond_slave_0: left allmulticast mode [ 374.955022][T12304] bond_slave_1: left allmulticast mode [ 374.961809][T12304] macvlan2: left allmulticast mode [ 374.967029][T12304] team0: left allmulticast mode [ 374.972446][T12304] team_slave_0: left allmulticast mode [ 374.980275][T12304] team_slave_1: left allmulticast mode [ 374.986410][T12304] vlan3: left promiscuous mode [ 374.995813][T12304] bond0: left promiscuous mode [ 375.001145][T12304] bond_slave_0: left promiscuous mode [ 375.006866][T12304] bond_slave_1: left promiscuous mode [ 375.014005][T12304] macvlan2: left promiscuous mode [ 375.021230][T12304] team0: left promiscuous mode [ 375.026189][T12304] team_slave_0: left promiscuous mode [ 375.032791][T12304] team_slave_1: left promiscuous mode [ 375.048115][T12304] bridge0: port 3(vlan3) entered disabled state [ 375.061756][T12304] bridge_slave_1: left allmulticast mode [ 375.067671][T12304] bridge_slave_1: left promiscuous mode [ 375.086848][T12304] bridge0: port 2(bridge_slave_1) entered disabled state [ 375.114704][T12304] bridge_slave_0: left allmulticast mode [ 375.120635][T12304] bridge_slave_0: left promiscuous mode [ 375.126490][T12304] bridge0: port 1(bridge_slave_0) entered disabled state [ 376.584904][ T27] audit: type=1804 audit(1774460610.689:245): pid=12333 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.2156" name="bus" dev="ramfs" ino=28934 res=1 errno=0 [ 376.642373][ T27] audit: type=1804 audit(1774460610.689:246): pid=12333 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.2156" name="bus" dev="ramfs" ino=28934 res=1 errno=0 [ 378.984117][ T1282] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.990819][ T1282] ieee802154 phy1 wpan1: encryption failed: -22 [ 387.662365][T12514] loop6: detected capacity change from 0 to 4096 [ 387.884206][T12514] ntfs3: loop6: Failed to initialize $Extend/$ObjId. [ 389.034924][T12532] overlayfs: failed to resolve './file1': -2 [ 391.659870][T12575] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 391.686306][T12575] CIFS mount error: No usable UNC path provided in device string! [ 391.686306][T12575] [ 391.697002][T12575] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 393.321580][T12608] overlayfs: failed to clone upperpath [ 393.490602][T12616] batadv_slave_0: entered promiscuous mode [ 393.497574][T12616] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2253'. [ 393.607297][T12616] batadv_slave_0 (unregistering): left promiscuous mode [ 395.993315][T12657] overlayfs: failed to resolve './cgroup': -2 [ 397.832377][T12693] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2275'. [ 398.598297][ T23] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 398.778045][ T23] usb 7-1: Using ep0 maxpacket: 16 [ 398.805002][ T23] usb 7-1: config 222 has an invalid interface number: 31 but max is 0 [ 398.818154][ T23] usb 7-1: config 222 has no interface number 0 [ 398.824480][ T23] usb 7-1: config 222 interface 31 altsetting 11 endpoint 0xE has an invalid bInterval 255, changing to 11 [ 398.852774][ T23] usb 7-1: config 222 interface 31 altsetting 11 endpoint 0xE has invalid maxpacket 59391, setting to 1024 [ 398.892472][ T23] usb 7-1: config 222 interface 31 has no altsetting 0 [ 398.918887][ T23] usb 7-1: New USB device found, idVendor=0f11, idProduct=2030, bcdDevice=a9.fd [ 398.940022][ T23] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 398.949345][ T23] usb 7-1: Product: syz [ 398.953548][ T23] usb 7-1: Manufacturer: syz [ 398.958679][ T23] usb 7-1: SerialNumber: syz [ 398.979199][T12713] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 399.109836][T12737] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2288'. [ 399.162312][T12737] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2288'. [ 399.343348][ T23] ldusb 7-1:222.31: LD USB Device #0 now attached to major 180 minor 0 [ 399.440346][ T23] usb 7-1: USB disconnect, device number 4 [ 399.483232][ T23] ldusb 7-1:222.31: LD USB Device #0 now disconnected [ 400.650650][T12760] netlink: 'syz.4.2295': attribute type 39 has an invalid length. [ 402.940639][T12790] netlink: 'syz.4.2306': attribute type 12 has an invalid length. [ 407.375662][T12868] Invalid ELF header magic: != ELF [ 407.987609][T12881] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2337'. [ 408.007216][T12881] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2337'. [ 410.304534][T12910] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2345'. [ 410.544468][T12915] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2347'. [ 410.592004][T12915] bond0: option arp_validate: invalid value (158) [ 410.616839][T12919] Cannot find del_set index 2 as target [ 410.860190][T12923] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2351'. [ 412.016199][T12923] team1: entered promiscuous mode [ 412.029299][T12923] team1: entered allmulticast mode [ 412.035131][T12923] 8021q: adding VLAN 0 to HW filter on device team1 [ 412.055130][T12934] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2351'. [ 412.105857][T12934] team2 (uninitialized): Failed to send options change via netlink (err -105) [ 412.193435][T12934] team2: entered promiscuous mode [ 412.198583][T12934] team2: entered allmulticast mode [ 412.204176][T12934] 8021q: adding VLAN 0 to HW filter on device team2 [ 412.212249][T12933] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2355'. [ 412.984419][T12957] gretap0: entered promiscuous mode [ 413.112295][T12957] 8021q: adding VLAN 0 to HW filter on device bond0 [ 413.124876][T12957] 8021q: adding VLAN 0 to HW filter on device team0 [ 413.142410][T12957] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 413.464613][ T144] bond0: (slave bond_slave_0): link status definitely down, disabling slave [ 413.493779][ T144] bond0: (slave bond_slave_1): link status definitely down, disabling slave [ 413.527167][ T144] bond0: now running without any active interface! [ 413.888950][T12978] lo speed is unknown, defaulting to 1000 [ 413.895363][T12978] lo speed is unknown, defaulting to 1000 [ 413.905318][T12978] lo speed is unknown, defaulting to 1000 [ 413.923529][T12978] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 413.962271][T12978] lo speed is unknown, defaulting to 1000 [ 413.991330][T12978] lo speed is unknown, defaulting to 1000 [ 414.002896][T12978] lo speed is unknown, defaulting to 1000 [ 414.010990][T12978] lo speed is unknown, defaulting to 1000 [ 414.019191][T12978] lo speed is unknown, defaulting to 1000 [ 414.026363][T12978] lo speed is unknown, defaulting to 1000 [ 415.612940][T13004] vlan1: entered promiscuous mode [ 415.618217][T13004] bridge0: entered promiscuous mode [ 415.623679][T13004] vlan1: entered allmulticast mode [ 415.629082][T13004] bridge0: entered allmulticast mode [ 415.753299][T13008] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2379'. [ 416.032237][T13008] bond0: (slave team0): Releasing backup interface [ 416.202020][T13008] bond0: (slave bond_slave_0): Releasing backup interface [ 416.598028][T13010] netlink: 'syz.2.2380': attribute type 7 has an invalid length. [ 416.715989][T13008] bond0: (slave bond_slave_1): Releasing backup interface [ 416.760289][T13008] team0: Port device team_slave_0 removed [ 416.777533][T13008] team0: Port device team_slave_1 removed [ 416.786187][T13008] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 416.801684][T13008] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 416.814740][T13008] bond1: (slave veth0_virt_wifi): Releasing active interface [ 416.834588][T13008] bond0: (slave wlan1): Releasing backup interface [ 416.856896][T13008] bond1: (slave veth3): Releasing active interface [ 416.883892][T13008] bond2: (slave veth5): Releasing active interface [ 416.913656][T13008] bond3: (slave macvlan0): Releasing backup interface [ 416.964163][T13008] bond4: (slave ip6gretap1): Releasing backup interface [ 416.977572][T13008] bond6: (slave veth9): Releasing backup interface [ 416.985177][T13008] veth9: left promiscuous mode [ 417.011585][T13008] bond7: (slave bridge2): Releasing active interface [ 417.476698][T13008] team0: Port device bridge4 removed [ 417.679677][T13008] bond8: (slave wireguard0): Releasing backup interface [ 417.686869][T13008] wireguard0: left promiscuous mode [ 417.718169][T13008] bond8: (slave wireguard1): making interface the new active one [ 417.746363][T13008] wireguard1: entered promiscuous mode [ 417.793757][T13008] bond8: (slave wireguard1): Releasing backup interface [ 417.807950][T13008] wireguard1: left promiscuous mode [ 417.835083][T13012] tipc: Started in network mode [ 417.841026][T13012] tipc: Node identity 7f000001, cluster identity 4711 [ 417.859037][T13012] tipc: Enabled bearer , priority 10 [ 418.981955][ T5802] tipc: Node number set to 2130706433 [ 421.150553][T13068] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 422.465824][T13080] loop6: detected capacity change from 0 to 1024 [ 422.481428][T13080] EXT4-fs: inline encryption not supported [ 422.488874][T13080] EXT4-fs (loop6): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 422.547707][T13080] EXT4-fs error (device loop6): ext4_free_blocks:6694: comm syz.6.2401: Freeing blocks not in datazone - block = 0, count = 4096 [ 422.618183][T13080] EXT4-fs (loop6): Remounting filesystem read-only [ 422.650602][T13080] EXT4-fs (loop6): 1 orphan inode deleted [ 422.669978][T13080] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 422.687099][ T59] EXT4-fs (loop6): Quota write (off=2048, len=1024) cancelled because transaction is not started [ 422.698087][ T59] Quota error (device loop6): write_blk: dquota write failed [ 422.705503][ T59] Quota error (device loop6): remove_free_dqentry: Can't write block (2) with free entries [ 422.716043][ T59] EXT4-fs (loop6): Quota write (off=2048, len=1024) cancelled because transaction is not started [ 422.726921][ T59] Quota error (device loop6): write_blk: dquota write failed [ 422.745849][ T59] Quota error (device loop6): free_dqentry: Can't move quota data block (2) to free list [ 422.748598][T13061] overlayfs: failed to resolve './file2': -2 [ 422.767348][ T59] EXT4-fs (loop6): Quota write (off=8, len=24) cancelled because transaction is not started [ 422.810747][ T59] Quota error (device loop6): v2_write_file_info: Can't write info structure [ 422.864968][T11081] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 422.987752][T13086] tipc: Failed to remove unknown binding: 66,0,0/2130706433:1762324229/1762324231 [ 423.004682][T13086] tipc: Failed to remove unknown binding: 66,0,0/2130706433:1762324229/1762324230 [ 423.025489][T13086] tipc: Failed to remove unknown binding: 66,0,0/2130706433:1762324229/1762324231 [ 423.036114][T13086] tipc: Failed to remove unknown binding: 66,0,0/2130706433:1762324229/1762324230 [ 424.456507][T13099] tipc: Failed to remove unknown binding: 66,0,0/2886997162:4180376571/4180376573 [ 424.546272][T13099] tipc: Failed to remove unknown binding: 66,0,0/2886997162:4180376571/4180376572 [ 424.618531][T13099] tipc: Failed to remove unknown binding: 66,0,0/2886997162:4180376571/4180376573 [ 424.667879][T13099] tipc: Failed to remove unknown binding: 66,0,0/2886997162:4180376571/4180376572 [ 427.312796][ T51] Bluetooth: hci0: command 0x0406 tx timeout [ 427.478555][T13136] ip_vti0: Master is either lo or non-ether device [ 429.597937][T13155] UBIFS error (pid: 13155): cannot open "ubifs", error -22 [ 430.425903][T13162] 9pnet: p9_errstr2errno: server reported unknown error 18446744073709 [ 430.576507][T13164] loop6: detected capacity change from 0 to 4096 [ 430.663532][T13164] ntfs3: loop6: Failed to load $MFT (-22). [ 432.459214][T13194] bond9: entered allmulticast mode [ 432.770996][T13194] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2430'. [ 433.917196][T13194] bridge5: entered allmulticast mode [ 434.131685][T13194] bond9: (slave bridge5): Enslaving as an active interface with an up link [ 434.202296][T13196] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2430'. [ 434.341201][T13196] bridge6: entered allmulticast mode [ 434.428513][T13196] bond9: (slave bridge6): Enslaving as an active interface with a down link [ 434.740889][ T27] audit: type=1326 audit(1774460668.839:247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13217 comm="syz.6.2438" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f61b0f9c799 code=0x7fc00000 [ 434.814707][ T27] audit: type=1326 audit(1774460668.839:248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13217 comm="syz.6.2438" exe="/root/syz-executor" sig=0 arch=c000003e syscall=451 compat=0 ip=0x7f61b0f9c799 code=0x7fc00000 [ 434.852351][ T27] audit: type=1326 audit(1774460668.839:249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13217 comm="syz.6.2438" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f61b0f9c799 code=0x7fc00000 [ 435.092199][ T27] audit: type=1326 audit(1774460668.839:250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13217 comm="syz.6.2438" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f61b0f9c799 code=0x7fc00000 [ 435.475220][ T27] audit: type=1326 audit(1774460668.839:251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13217 comm="syz.6.2438" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f61b0f9c799 code=0x7fc00000 [ 435.498499][ T27] audit: type=1326 audit(1774460668.839:252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13217 comm="syz.6.2438" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f61b0f9c799 code=0x7fc00000 [ 435.632581][ T27] audit: type=1326 audit(1774460668.839:253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13217 comm="syz.6.2438" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f61b0f9c799 code=0x7fc00000 [ 435.689177][ T27] audit: type=1326 audit(1774460668.839:254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13217 comm="syz.6.2438" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f61b0f9c799 code=0x7fc00000 [ 435.852763][ T27] audit: type=1326 audit(1774460668.839:255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13217 comm="syz.6.2438" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f61b0f9c799 code=0x7fc00000 [ 435.980753][ T27] audit: type=1326 audit(1774460668.839:256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13217 comm="syz.6.2438" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f61b0f9c799 code=0x7fc00000 [ 436.596800][T13241] xt_CT: No such helper "snmp_trap" [ 437.968504][T13254] Set syz1 is full, maxelem 768 reached [ 438.248880][ T3495] netdevsim netdevsim5 netdevsim0 (unregistering): left promiscuous mode [ 438.324447][T13271] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2451'. [ 438.391501][T13271] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 438.400998][T13271] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 438.410009][T13271] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 438.418990][T13271] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 438.676207][T13273] bond6: left promiscuous mode [ 438.706635][T13273] bridge4: left promiscuous mode [ 438.714794][T13273] bridge4: left allmulticast mode [ 438.721293][T13273] bond8: left promiscuous mode [ 438.737569][T13273] bond9: left allmulticast mode [ 438.749069][T13273] bridge5: left allmulticast mode [ 438.754133][T13273] bridge6: left allmulticast mode [ 438.770732][T13276] mac80211_hwsim hwsim22 wlan0: entered allmulticast mode [ 438.778882][T13276] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check. [ 438.798561][T13271] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2451'. [ 438.819731][ T5802] lo speed is unknown, defaulting to 1000 [ 439.439335][ T3495] tipc: Disabling bearer [ 439.469991][ T3495] tipc: Left network mode [ 440.425246][ T1282] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.432133][ T1282] ieee802154 phy1 wpan1: encryption failed: -22 [ 441.406817][T13318] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2466'. [ 441.456663][T13311] lo speed is unknown, defaulting to 1000 [ 441.975298][ T3495] gretap0 (unregistering): left promiscuous mode [ 442.372505][T13346] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2471'. [ 443.526592][ T3495] hsr_slave_0: left promiscuous mode [ 443.547972][ T3495] hsr_slave_1: left promiscuous mode [ 443.825009][ T3495] bond3 (unregistering): (slave bridge5): Releasing active interface [ 443.987986][ T3495] bond3 (unregistering): Released all slaves [ 445.585851][ T3495] bond2 (unregistering): Released all slaves [ 445.760765][ T3495] bond1 (unregistering): (slave veth3): Releasing active interface [ 445.984425][T13394] xt_connbytes: Forcing CT accounting to be enabled [ 449.024407][ T3495] bond1 (unregistering): Released all slaves [ 451.116752][ T5800] usb 7-1: new full-speed USB device number 5 using dummy_hcd [ 451.310182][ T5800] usb 7-1: config 0 has an invalid interface number: 2 but max is 0 [ 451.324678][ T5800] usb 7-1: config 0 has no interface number 0 [ 451.331559][ T5800] usb 7-1: config 0 interface 2 altsetting 2 endpoint 0x6 has invalid maxpacket 512, setting to 64 [ 451.345116][ T5800] usb 7-1: config 0 interface 2 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 451.356541][ T5800] usb 7-1: config 0 interface 2 altsetting 2 endpoint 0x82 has invalid maxpacket 192, setting to 64 [ 451.367645][ T5800] usb 7-1: config 0 interface 2 has no altsetting 0 [ 451.376864][ T5800] usb 7-1: New USB device found, idVendor=086a, idProduct=0003, bcdDevice=f0.3f [ 451.393664][ T5800] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 451.401950][ T5800] usb 7-1: Product: syz [ 451.406162][ T5800] usb 7-1: Manufacturer: syz [ 451.410912][ T5800] usb 7-1: SerialNumber: syz [ 451.426707][ T5800] usb 7-1: config 0 descriptor?? [ 451.433054][T13445] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 451.449331][T13445] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 452.006757][ T3495] team0 (unregistering): Port device dummy0 removed [ 452.095778][ T3495] bond0 (unregistering): Released all slaves [ 452.284134][T13440] netlink: 'syz.0.2495': attribute type 1 has an invalid length. [ 452.331055][T13440] workqueue: Failed to create a rescuer kthread for wq "bond10": -EINTR [ 452.333170][T13441] workqueue: Failed to create a rescuer kthread for wq "bond10": -EINTR [ 452.473271][T13446] workqueue: Failed to create a rescuer kthread for wq "bond10": -EINTR [ 452.543532][ T5800] usb 7-1: Quirk or no altest; falling back to MIDI 1.0 [ 453.669214][ T5800] usb 7-1: USB disconnect, device number 5 [ 455.070808][ T3495] IPVS: stop unused estimator thread 0... [ 455.492020][T13488] 9pnet: p9_errstr2errno: server reported unknown error 0x000000000 [ 456.119783][T13499] netlink: 'syz.4.2508': attribute type 11 has an invalid length. [ 462.002452][ T3495] tipc: Left network mode [ 462.582596][ T27] kauditd_printk_skb: 57 callbacks suppressed [ 462.582610][ T27] audit: type=1326 audit(1774460952.689:314): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13584 comm="syz.4.2529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f684eb9c799 code=0x7ffc0000 [ 462.652772][ T27] audit: type=1326 audit(1774460952.689:315): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13584 comm="syz.4.2529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f684eb9c799 code=0x7ffc0000 [ 462.659841][T13587] overlayfs: failed to clone upperpath [ 462.723301][ T27] audit: type=1326 audit(1774460952.689:316): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13584 comm="syz.4.2529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f684eb9c799 code=0x7ffc0000 [ 462.756789][ T27] audit: type=1326 audit(1774460952.699:317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13584 comm="syz.4.2529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f684eb5cfce code=0x7ffc0000 [ 462.787294][ T27] audit: type=1326 audit(1774460952.699:318): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13584 comm="syz.4.2529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f684eb9c799 code=0x7ffc0000 [ 462.847496][ T27] audit: type=1326 audit(1774460952.699:319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13584 comm="syz.4.2529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f684eb9c799 code=0x7ffc0000 [ 462.944061][ T27] audit: type=1326 audit(1774460952.699:321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13584 comm="syz.4.2529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=32 compat=0 ip=0x7f684eb9c799 code=0x7ffc0000 [ 463.002869][ T27] audit: type=1326 audit(1774460952.699:322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13584 comm="syz.4.2529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f684eb9c799 code=0x7ffc0000 [ 463.086106][ T27] audit: type=1326 audit(1774460952.699:323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13584 comm="syz.4.2529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f684eb9c799 code=0x7ffc0000 [ 463.163172][ T27] audit: type=1326 audit(1774460952.699:320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13584 comm="syz.4.2529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f684eb9c799 code=0x7ffc0000 [ 464.019495][T13617] batadv0: mtu less than device minimum [ 464.026379][T13617] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (0) [ 464.038444][T13617] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (0) [ 464.049821][T13617] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (0) [ 464.061348][T13617] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (0) [ 464.072746][T13617] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (0) [ 464.084139][T13617] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (0) [ 464.096306][T13617] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (0) [ 464.107747][T13617] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (0) [ 464.119126][T13617] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (0) [ 464.498886][ T3495] hsr_slave_0: left promiscuous mode [ 464.565383][ T3495] hsr_slave_1: left promiscuous mode [ 464.604967][ T3495] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 464.659026][ T3495] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 464.685642][ T3495] bridge_slave_1: left allmulticast mode [ 464.715461][ T3495] bridge_slave_1: left promiscuous mode [ 464.736076][ T3495] bridge0: port 2(bridge_slave_1) entered disabled state [ 464.745910][T13635] overlayfs: failed to clone upperpath [ 464.779579][ T3495] bridge_slave_0: left allmulticast mode [ 464.807581][ T3495] bridge_slave_0: left promiscuous mode [ 464.832067][ T3495] bridge0: port 1(bridge_slave_0) entered disabled state [ 465.096200][T13647] loop6: detected capacity change from 0 to 16 [ 465.153550][T13647] erofs: (device loop6): mounted with root inode @ nid 36. [ 465.255584][T13647] syz.6.2551: attempt to access beyond end of device [ 465.255584][T13647] loop6: rw=524288, sector=1056, nr_sectors = 16 limit=16 [ 465.311931][T13647] syz.6.2551: attempt to access beyond end of device [ 465.311931][T13647] loop6: rw=524288, sector=16, nr_sectors = 40 limit=16 [ 465.345084][T13647] erofs: (device loop6): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192] [ 468.507307][T13665] netlink: 44 bytes leftover after parsing attributes in process `syz.4.2558'. [ 468.555831][ T3495] team0 (unregistering): Port device team_slave_1 removed [ 468.629751][ T3495] team0 (unregistering): Port device team_slave_0 removed [ 468.697465][ T3495] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 468.769712][ T3495] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 469.281179][ T3495] team0 (unregistering): Port device bond0 removed [ 469.332833][ T3495] bond0 (unregistering): Released all slaves [ 469.703770][T13643] batman_adv: batadv0: Interface deactivated: dummy0 [ 469.998670][T13643] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 470.008232][T13643] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 470.017565][T13643] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 470.028901][T13643] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 470.082532][T13643] mac80211_hwsim hwsim5 wlan0: left promiscuous mode [ 470.138833][T13643] bond1: left promiscuous mode [ 470.144626][T13643] bond2: left promiscuous mode [ 470.188858][T13643] netdevsim netdevsim2 netdevsim0: unset [1, 1] type 2 family 0 port 20004 - 0 [ 470.198633][T13643] netdevsim netdevsim2 netdevsim1: unset [1, 1] type 2 family 0 port 20004 - 0 [ 470.207594][T13643] netdevsim netdevsim2 netdevsim2: unset [1, 1] type 2 family 0 port 20004 - 0 [ 470.217929][T13643] netdevsim netdevsim2 netdevsim3: unset [1, 1] type 2 family 0 port 20004 - 0 [ 470.235059][T13643] team1: left promiscuous mode [ 470.240340][T13643] team1: left allmulticast mode [ 470.252082][T13643] team2: left promiscuous mode [ 470.257160][T13643] team2: left allmulticast mode [ 470.269537][T13643] netdevsim netdevsim2 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 470.278479][T13643] netdevsim netdevsim2 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 470.287339][T13643] netdevsim netdevsim2 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 470.296451][T13643] netdevsim netdevsim2 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 470.370267][T13665] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2558'. [ 470.387962][T13665] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2558'. [ 470.955310][ T3495] IPVS: stop unused estimator thread 0... [ 471.953467][ T51] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 471.972897][ T51] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 471.984413][ T51] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 471.996441][ T51] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 472.011822][ T51] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 472.020854][ T51] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 472.259630][T13707] lo speed is unknown, defaulting to 1000 [ 472.648359][T13707] chnl_net:caif_netlink_parms(): no params data found [ 472.798572][T13707] bridge0: port 1(bridge_slave_0) entered blocking state [ 472.805887][T13707] bridge0: port 1(bridge_slave_0) entered disabled state [ 472.822689][T13707] bridge_slave_0: entered allmulticast mode [ 472.834929][T13707] bridge_slave_0: entered promiscuous mode [ 472.847119][T13707] bridge0: port 2(bridge_slave_1) entered blocking state [ 472.861020][T13707] bridge0: port 2(bridge_slave_1) entered disabled state [ 472.869408][T13707] bridge_slave_1: entered allmulticast mode [ 472.876982][T13707] bridge_slave_1: entered promiscuous mode [ 472.914580][T13707] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 472.928586][T13707] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 473.001477][T13707] team0: Port device team_slave_0 added [ 473.022996][T13707] team0: Port device team_slave_1 added [ 473.093259][T13707] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 473.119243][T13707] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 473.187848][T13707] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 473.214107][T13707] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 473.242704][T13707] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 473.294675][T13707] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 473.373624][T13707] hsr_slave_0: entered promiscuous mode [ 473.386279][T13707] hsr_slave_1: entered promiscuous mode [ 473.732241][T13707] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 473.742857][T13707] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 473.777630][T13707] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 473.803075][T13707] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 473.964157][T13707] 8021q: adding VLAN 0 to HW filter on device bond0 [ 474.019949][T13707] 8021q: adding VLAN 0 to HW filter on device team0 [ 474.072190][ T1138] bridge0: port 1(bridge_slave_0) entered blocking state [ 474.079838][ T1138] bridge0: port 1(bridge_slave_0) entered forwarding state [ 474.092496][ T1138] bridge0: port 2(bridge_slave_1) entered blocking state [ 474.100101][ T1138] bridge0: port 2(bridge_slave_1) entered forwarding state [ 474.118253][ T51] Bluetooth: hci3: command tx timeout [ 474.493243][T13707] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 475.040792][T13707] veth0_vlan: entered promiscuous mode [ 475.076519][T13707] veth1_vlan: entered promiscuous mode [ 475.137056][T13707] veth0_macvtap: entered promiscuous mode [ 475.155060][T13707] veth1_macvtap: entered promiscuous mode [ 475.201112][T13707] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 475.235887][T13707] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 475.270210][T13707] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 475.288533][T13707] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 475.297368][T13707] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 475.325658][T13707] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 475.467396][ T9982] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 475.499725][ T9982] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 475.557329][ T9982] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 475.567183][ T9982] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 475.797864][T13786] loop7: detected capacity change from 0 to 16 [ 476.906604][ T51] Bluetooth: hci3: command tx timeout [ 477.011634][T13786] erofs: (device loop7): mounted with root inode @ nid 36. [ 477.053276][T13785] syz.7.2555: attempt to access beyond end of device [ 477.053276][T13785] loop7: rw=524288, sector=1056, nr_sectors = 16 limit=16 [ 477.082367][T13785] syz.7.2555: attempt to access beyond end of device [ 477.082367][T13785] loop7: rw=524288, sector=16, nr_sectors = 40 limit=16 [ 477.100950][T13785] erofs: (device loop7): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192] [ 477.113114][ T27] kauditd_printk_skb: 53 callbacks suppressed [ 477.113128][ T27] audit: type=1800 audit(1774460967.219:377): pid=13785 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.7.2555" name="file2" dev="loop7" ino=89 res=0 errno=0 [ 478.710340][T13813] mac80211_hwsim hwsim24 wlan0: entered allmulticast mode [ 478.735415][T13813] net_ratelimit: 11 callbacks suppressed [ 478.735440][T13813] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check. [ 478.744712][T13817] tipc: Failed to remove unknown binding: 66,0,0/2886997162:803432544/803432546 [ 478.787230][T13817] tipc: Failed to remove unknown binding: 66,0,0/2886997162:803432544/803432545 [ 478.885376][T13817] tipc: Failed to remove unknown binding: 66,0,0/2886997162:803432544/803432546 [ 478.907565][T13817] tipc: Failed to remove unknown binding: 66,0,0/2886997162:803432544/803432545 [ 478.978909][ T51] Bluetooth: hci3: command tx timeout [ 479.665758][ T27] audit: type=1326 audit(1774460969.769:378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13829 comm="syz.2.2577" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0869d9c799 code=0x7ffc0000 [ 479.788003][ T27] audit: type=1326 audit(1774460969.769:379): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13829 comm="syz.2.2577" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0869d9c799 code=0x7ffc0000 [ 479.908216][ T27] audit: type=1326 audit(1774460969.799:380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13829 comm="syz.2.2577" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0869d9c799 code=0x7ffc0000 [ 479.931714][ T27] audit: type=1326 audit(1774460969.799:381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13829 comm="syz.2.2577" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0869d9c799 code=0x7ffc0000 [ 480.469906][ T27] audit: type=1326 audit(1774460969.799:382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13829 comm="syz.2.2577" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f0869d5cfce code=0x7ffc0000 [ 480.494044][ C0] vkms_vblank_simulate: vblank timer overrun [ 480.566142][ T27] audit: type=1326 audit(1774460969.799:383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13829 comm="syz.2.2577" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0869d9c799 code=0x7ffc0000 [ 480.589927][ T27] audit: type=1326 audit(1774460969.799:384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13829 comm="syz.2.2577" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0869d9c799 code=0x7ffc0000 [ 480.614781][ T27] audit: type=1326 audit(1774460969.799:385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13829 comm="syz.2.2577" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0869d9c799 code=0x7ffc0000 [ 480.653163][ T27] audit: type=1326 audit(1774460969.799:386): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13829 comm="syz.2.2577" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0869d9c799 code=0x7ffc0000 [ 480.676816][ C0] vkms_vblank_simulate: vblank timer overrun [ 481.058217][ T51] Bluetooth: hci3: command tx timeout [ 481.124277][T13856] netlink: 'syz.6.2581': attribute type 12 has an invalid length. [ 481.206082][ T51] Bluetooth: hci3: ACL packet too small [ 481.633145][T13864] Set syz1 is full, maxelem 768 reached [ 482.057330][T13871] tipc: Failed to remove unknown binding: 66,0,0/0:3719219817/3719219819 [ 482.141118][T13871] tipc: Failed to remove unknown binding: 66,0,0/0:3719219817/3719219818 [ 482.218262][T13871] tipc: Failed to remove unknown binding: 66,0,0/0:3719219817/3719219819 [ 482.275966][T13877] netlink: 'syz.2.2587': attribute type 39 has an invalid length. [ 482.301583][T13871] tipc: Failed to remove unknown binding: 66,0,0/0:3719219817/3719219818 [ 491.991465][T13975] vlan2: entered promiscuous mode [ 491.996576][T13975] bridge0: entered promiscuous mode [ 492.006227][T13975] vlan2: entered allmulticast mode [ 492.012008][T13975] bridge0: entered allmulticast mode [ 492.095604][T13975] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2617'. [ 492.158988][T13975] bridge_slave_0: left allmulticast mode [ 492.174604][T13975] bridge_slave_0: left promiscuous mode [ 492.182291][T13975] bridge0: port 1(bridge_slave_0) entered disabled state [ 492.784865][T13975] bridge_slave_1: left allmulticast mode [ 492.862657][T13975] bridge_slave_1: left promiscuous mode [ 492.906383][T13975] bridge0: port 2(bridge_slave_1) entered disabled state [ 493.214327][T13975] bond0: (slave bond_slave_0): Releasing backup interface [ 493.265632][T13975] bond0: (slave bond_slave_1): Releasing backup interface [ 493.399194][T13975] team0: Port device team_slave_0 removed [ 493.466438][T13975] team0: Port device team_slave_1 removed [ 493.493672][T13975] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 493.514184][T13975] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 493.546225][T13975] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 493.569195][T13975] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 493.623133][T13988] workqueue: Failed to create a rescuer kthread for wq "bond7": -EINTR [ 493.679895][T13989] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2612'. [ 493.814836][T13992] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2612'. [ 494.615763][T14017] bond2: entered allmulticast mode [ 494.658520][T14021] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2626'. [ 494.694539][T14021] bridge0: entered allmulticast mode [ 494.716841][T14021] bond2: (slave bridge0): Enslaving as an active interface with an up link [ 494.891835][T14017] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2626'. [ 494.926399][T14017] bridge1: entered allmulticast mode [ 494.948835][T14017] bond2: (slave bridge1): Enslaving as an active interface with a down link [ 496.120335][ T27] kauditd_printk_skb: 60 callbacks suppressed [ 496.120349][ T27] audit: type=1326 audit(1774460986.229:447): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14062 comm="syz.6.2621" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f61b0f9c799 code=0x7ffc0000 [ 496.400940][T14066] openvswitch: netlink: Message has 4 unknown bytes. [ 496.679003][ T27] audit: type=1326 audit(1774460986.259:448): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14062 comm="syz.6.2621" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f61b0f9c799 code=0x7ffc0000 [ 496.820973][ T27] audit: type=1326 audit(1774460986.259:449): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14062 comm="syz.6.2621" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f61b0f9c799 code=0x7ffc0000 [ 497.117732][ T27] audit: type=1326 audit(1774460986.259:450): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14062 comm="syz.6.2621" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f61b0f9c799 code=0x7ffc0000 [ 497.263574][ T27] audit: type=1326 audit(1774460986.259:451): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14062 comm="syz.6.2621" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f61b0f5cfce code=0x7ffc0000 [ 497.392978][ T27] audit: type=1326 audit(1774460986.259:452): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14062 comm="syz.6.2621" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f61b0f9c799 code=0x7ffc0000 [ 497.491881][ T27] audit: type=1326 audit(1774460986.259:453): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14062 comm="syz.6.2621" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f61b0f9c799 code=0x7ffc0000 [ 497.515058][ T27] audit: type=1326 audit(1774460986.259:454): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14062 comm="syz.6.2621" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f61b0f9c799 code=0x7ffc0000 [ 497.549715][ T27] audit: type=1326 audit(1774460986.259:455): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14062 comm="syz.6.2621" exe="/root/syz-executor" sig=0 arch=c000003e syscall=32 compat=0 ip=0x7f61b0f9c799 code=0x7ffc0000 [ 497.943403][ T27] audit: type=1326 audit(1774460986.259:456): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14062 comm="syz.6.2621" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f61b0f9c799 code=0x7ffc0000 [ 500.440398][T14097] vlan1: entered promiscuous mode [ 500.445660][T14097] bridge0: entered promiscuous mode [ 500.501883][T14097] vlan1: entered allmulticast mode [ 500.544220][T14101] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2627'. [ 500.548143][T14097] bridge0: entered allmulticast mode [ 500.667014][T14104] bond2: (slave ip6gretap1): Removing an active aggregator [ 500.837630][T14104] bond2: (slave ip6gretap1): Releasing backup interface [ 501.003052][T14104] bond3: (slave bridge3): Releasing backup interface [ 501.862236][ T1282] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.868739][ T1282] ieee802154 phy1 wpan1: encryption failed: -22 [ 504.600279][T14158] lo speed is unknown, defaulting to 1000 [ 505.792729][T14179] loop7: detected capacity change from 0 to 512 [ 505.984340][T14179] EXT4-fs warning (device loop7): ext4_enable_quotas:7184: Failed to enable quota tracking (type=0, err=-13, ino=3). Please run e2fsck to fix. [ 506.000006][T14179] EXT4-fs (loop7): mount failed [ 506.204288][T14193] vlan4: entered promiscuous mode [ 506.212621][T14194] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2645'. [ 506.223965][T14193] bridge0: entered promiscuous mode [ 506.318073][T14193] vlan4: entered allmulticast mode [ 506.416249][T14193] bond0: (slave bond_slave_0): Releasing backup interface [ 506.455664][T14193] bond0: (slave bond_slave_1): Releasing backup interface [ 506.504317][T14193] team0: Port device team_slave_0 removed [ 506.537065][T14193] team0: Port device team_slave_1 removed [ 506.597588][T14193] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 506.681613][T14193] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 506.691858][T14193] bond0: (slave macvlan2): Releasing backup interface [ 506.852127][T14193] bond2: (slave bridge0): Releasing backup interface [ 507.058221][T14193] bond2: (slave bridge0): the permanent HWaddr of slave - 06:23:6f:11:68:c6 - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts [ 507.155001][T14193] bond2: (slave bridge1): Releasing backup interface [ 507.167084][T14193] bridge1: left allmulticast mode [ 509.080410][T14238] netlink: 'syz.2.2659': attribute type 10 has an invalid length. [ 509.237917][ T5820] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 509.471474][ T5820] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 509.712334][ T5820] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 509.811942][ T5820] usb 7-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 510.011603][ T5820] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 510.059419][ T5820] usb 7-1: config 0 descriptor?? [ 510.276604][T14234] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 510.462366][T14234] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 511.597121][ T5820] usbhid 7-1:0.0: can't add hid device: -71 [ 511.609632][ T5820] usbhid: probe of 7-1:0.0 failed with error -71 [ 511.658710][ T5820] usb 7-1: USB disconnect, device number 6 [ 513.097881][ T5820] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 514.326731][T14304] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 521.131047][T14371] netlink: 64 bytes leftover after parsing attributes in process `syz.4.2686'. [ 521.151331][T14372] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 522.414243][ T27] kauditd_printk_skb: 12 callbacks suppressed [ 522.414261][ T27] audit: type=1800 audit(1774461012.509:469): pid=14390 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.2689" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0 [ 527.903635][T14491] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2713'. [ 527.930067][T14491] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2713'. [ 532.748075][ T6596] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 533.058273][ T6596] usb 7-1: Using ep0 maxpacket: 16 [ 533.223578][ T6596] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 192, changing to 11 [ 533.375778][ T6596] usb 7-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 8 [ 533.574041][ T6596] usb 7-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 18 [ 533.698595][ T6596] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 533.707718][ T6596] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 533.716581][ T6596] usb 7-1: SerialNumber: syz [ 533.738182][ T6596] usb 7-1: can't set config #1, error -71 [ 533.746961][ T6596] usb 7-1: USB disconnect, device number 8 [ 534.588595][T14576] tipc: Enabling of bearer rejected, already enabled [ 534.771466][T14576] tipc: Enabled bearer , priority 0 [ 536.893192][T14610] netlink: 24 bytes leftover after parsing attributes in process `syz.7.2739'. [ 537.748885][T14644] netlink: 'syz.4.2745': attribute type 39 has an invalid length. [ 537.865109][ T27] audit: type=1326 audit(1774461027.969:470): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14655 comm="syz.4.2748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f684eb9c799 code=0x7ffc0000 [ 537.910795][ T27] audit: type=1326 audit(1774461027.969:471): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14655 comm="syz.4.2748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f684eb9c799 code=0x7ffc0000 [ 537.943808][ T27] audit: type=1326 audit(1774461027.969:472): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14655 comm="syz.4.2748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f684eb9c799 code=0x7ffc0000 [ 537.976287][ T27] audit: type=1326 audit(1774461027.969:473): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14655 comm="syz.4.2748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f684eb9c799 code=0x7ffc0000 [ 538.212691][ T27] audit: type=1326 audit(1774461027.969:474): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14655 comm="syz.4.2748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7f684eb9c799 code=0x7ffc0000 [ 538.247953][ T27] audit: type=1326 audit(1774461027.969:475): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14655 comm="syz.4.2748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f684eb9c799 code=0x7ffc0000 [ 538.278159][ T27] audit: type=1326 audit(1774461027.969:476): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14655 comm="syz.4.2748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f684eb9c799 code=0x7ffc0000 [ 538.308085][ T27] audit: type=1326 audit(1774461027.969:477): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14655 comm="syz.4.2748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f684eb9c799 code=0x7ffc0000 [ 538.346235][ T27] audit: type=1326 audit(1774461027.969:478): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14655 comm="syz.4.2748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f684eb9c799 code=0x7ffc0000 [ 538.398446][ T27] audit: type=1326 audit(1774461027.969:479): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14655 comm="syz.4.2748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=87 compat=0 ip=0x7f684eb9c799 code=0x7ffc0000 [ 539.932884][T14699] netlink: 'syz.7.2761': attribute type 1 has an invalid length. [ 540.073450][T14705] bond1: (slave gretap1): making interface the new active one [ 540.116957][T14705] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 540.167043][T14699] vlan3: entered allmulticast mode [ 540.173523][T14699] bond1: entered allmulticast mode [ 540.178932][T14699] gretap1: entered allmulticast mode [ 540.187062][T14699] bond1: (slave vlan3): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened) [ 540.693671][T14725] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2766'. [ 540.869579][T14735] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2768'. [ 541.226510][T14735] bond7: (slave vcan1): refused to change device type [ 543.602264][T14775] loop6: detected capacity change from 0 to 32768 [ 543.617290][T14775] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop6 scanned by syz.6.2783 (14775) [ 543.660764][T14775] BTRFS info (device loop6): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 543.671510][T14775] BTRFS info (device loop6): using sha256 (sha256-avx2) checksum algorithm [ 543.680336][T14775] BTRFS info (device loop6): using free space tree [ 544.000836][T14775] BTRFS info (device loop6): enabling ssd optimizations [ 544.008730][T14775] BTRFS info (device loop6): auto enabling async discard [ 544.958632][T11081] BTRFS info (device loop6): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 546.006527][T14817] loop7: detected capacity change from 0 to 32768 [ 546.120733][T14817] JBD2: Ignoring recovery information on journal [ 546.255119][T14817] ocfs2: Mounting device (7,7) on (node local, slot 0) with ordered data mode. [ 546.539919][T14817] ocfs2: Unmounting device (7,7) on (node local) [ 547.011398][T14869] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2791'. [ 547.104955][T14869] team1: entered promiscuous mode [ 547.119571][T14869] team1: entered allmulticast mode [ 547.130627][T14869] 8021q: adding VLAN 0 to HW filter on device team1 [ 547.141459][T14871] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2791'. [ 547.167646][T14871] team2 (uninitialized): Failed to send options change via netlink (err -105) [ 547.345626][T14871] team2: entered promiscuous mode [ 547.363155][T14871] team2: entered allmulticast mode [ 547.376696][T14871] 8021q: adding VLAN 0 to HW filter on device team2 [ 547.433263][T14880] lo speed is unknown, defaulting to 1000 [ 549.257047][T14904] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2797'. [ 549.445529][T14904] bond0 (unregistering): Released all slaves [ 550.840152][ T27] kauditd_printk_skb: 47 callbacks suppressed [ 550.840166][ T27] audit: type=1800 audit(1774461040.949:527): pid=14928 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.7.2802" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0 [ 552.890765][T14965] netlink: 'syz.2.2812': attribute type 10 has an invalid length. [ 554.447832][T14991] 9pnet: p9_errstr2errno: server reported unknown error Àñ'IÓ$íÛ·=¼ [ 554.775886][T15006] netlink: 12 bytes leftover after parsing attributes in process `syz.7.2818'. [ 555.252974][T15017] veth0: entered promiscuous mode [ 555.266375][T15017] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2829'. [ 556.227447][T15022] loop6: detected capacity change from 0 to 32768 [ 557.301893][T15035] netlink: 12 bytes leftover after parsing attributes in process `syz.7.2823'. [ 557.485178][T15035] bond2: (slave vcan1): refused to change device type [ 557.870750][T15041] SET target dimension over the limit! [ 558.583093][T15048] vxcan2: entered allmulticast mode [ 561.274400][T15088] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2837'. [ 561.352114][T15090] bond8: entered promiscuous mode [ 561.374338][T15090] ip6gretap1: entered promiscuous mode [ 561.381322][T15090] bond8: (slave ip6gretap1): Enslaving as an active interface with an up link [ 561.397086][T15090] bond8 (unregistering): (slave ip6gretap1): Releasing backup interface [ 561.410892][T15090] ip6gretap1: left promiscuous mode [ 561.424813][T15090] bond8 (unregistering): Released all slaves [ 561.447653][T15088] bond6 (unregistering): Released all slaves [ 562.749839][T15112] netlink: 41 bytes leftover after parsing attributes in process `syz.7.2845'. [ 563.303965][ T1282] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.310493][ T1282] ieee802154 phy1 wpan1: encryption failed: -22 [ 568.018745][T15177] netlink: 24 bytes leftover after parsing attributes in process `syz.7.2866'. [ 570.821300][T15212] netlink: 'syz.6.2880': attribute type 1 has an invalid length. [ 570.868664][T15212] 8021q: adding VLAN 0 to HW filter on device bond0 [ 570.912930][T15219] 8021q: adding VLAN 0 to HW filter on device bond0 [ 570.977559][T15219] bond0: (slave vti0): The slave device specified does not support setting the MAC address [ 570.989157][T15219] bond0: (slave vti0): Error -95 calling set_mac_address [ 571.046337][T15212] bond0: (slave gretap2): making interface the new active one [ 571.077592][T15212] bond0: (slave gretap2): Enslaving as an active interface with an up link [ 573.776209][T15234] overlayfs: failed to clone upperpath [ 573.853221][T15248] netlink: 'syz.4.2887': attribute type 1 has an invalid length. [ 573.895400][T15248] 8021q: adding VLAN 0 to HW filter on device bond6 [ 574.707084][T15248] bond6: (slave veth9): Enslaving as an active interface with a down link [ 574.832174][T15248] vlan1: entered allmulticast mode [ 574.838313][T15248] veth0_to_bond: entered allmulticast mode [ 574.845241][T15248] bond6: (slave vlan1): Opening slave failed [ 574.932376][T15264] loop6: detected capacity change from 0 to 16 [ 574.947108][T15264] erofs: (device loop6): mounted with root inode @ nid 36. [ 575.021208][T15268] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2896'. [ 575.115641][T15268] bridge0: port 1(veth7) entered blocking state [ 575.128386][T15268] bridge0: port 1(veth7) entered disabled state [ 575.135083][T15268] veth7: entered allmulticast mode [ 575.146816][T15268] veth7: entered promiscuous mode [ 575.196488][T15275] bridge0: port 2(veth9) entered blocking state [ 575.216045][T15275] bridge0: port 2(veth9) entered disabled state [ 575.228558][T15275] veth9: entered allmulticast mode [ 575.235452][T15275] veth9: entered promiscuous mode [ 575.899033][T15286] xt_TCPMSS: Only works on TCP SYN packets [ 578.072313][T15308] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2909'. [ 578.185035][ T27] audit: type=1804 audit(1774461068.289:528): pid=15316 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.2912" name="file0" dev="ramfs" ino=38452 res=1 errno=0 [ 578.217203][T15308] bond0 (unregistering): Released all slaves [ 578.715168][T15324] xt_socket: unknown flags 0x50 [ 580.135213][T15350] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2924'. [ 581.486288][T15374] 8021q: adding VLAN 0 to HW filter on device team0 [ 581.494055][T15374] tipc: Resetting bearer [ 581.504330][T15374] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 583.726152][T15410] block device autoloading is deprecated and will be removed. [ 583.734589][T15411] block device autoloading is deprecated and will be removed. [ 583.753860][T15410] md: superblock version 12389 not known [ 583.762338][T15410] md: couldn't set array info. -22 [ 584.661231][T15423] lo: entered allmulticast mode [ 584.972599][T15432] xt_TPROXY: Can be used only with -p tcp or -p udp [ 585.044260][T15428] vxcan0: entered allmulticast mode [ 586.150170][T15446] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2950'. [ 586.215008][T15446] bond0 (unregistering): (slave wlan1): Releasing backup interface [ 586.233804][T15446] bond0 (unregistering): Released all slaves [ 587.118935][T15434] openvswitch: netlink: Key 22 has unexpected len 2 expected 4 [ 587.392622][T15462] loop6: detected capacity change from 0 to 1024 [ 587.445250][T15462] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 587.533515][T15462] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 587.892978][T15462] EXT4-fs error (device loop6): ext4_mb_mark_diskspace_used:4059: comm syz.6.2957: Allocating blocks 497-513 which overlap fs metadata [ 588.008308][T15462] EXT4-fs (loop6): pa ffff888043638000: logic 256, phys. 385, len 8 [ 588.017327][T15462] EXT4-fs error (device loop6): ext4_mb_release_inode_pa:5393: group 0, free 0, pa_free 1 [ 589.051625][T15481] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2962'. [ 589.063476][T11081] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 589.217501][T15485] netlink: 'syz.2.2962': attribute type 5 has an invalid length. [ 589.241385][ T27] audit: type=1326 audit(1774461079.349:529): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15486 comm="syz.6.2960" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f61b0f9c799 code=0x7ffc0000 [ 589.242610][T15485] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2962'. [ 589.289689][ T27] audit: type=1326 audit(1774461079.349:530): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15486 comm="syz.6.2960" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f61b0f9c799 code=0x7ffc0000 [ 589.331833][T15489] netlink: 'syz.7.2963': attribute type 4 has an invalid length. [ 589.358071][ T27] audit: type=1326 audit(1774461079.349:531): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15486 comm="syz.6.2960" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f61b0f9c799 code=0x7ffc0000 [ 589.418809][ T27] audit: type=1326 audit(1774461079.379:532): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15486 comm="syz.6.2960" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f61b0f9c799 code=0x7ffc0000 [ 589.506443][ T27] audit: type=1326 audit(1774461079.379:533): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15486 comm="syz.6.2960" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f61b0f9c799 code=0x7ffc0000 [ 589.577945][ T27] audit: type=1326 audit(1774461079.379:534): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15486 comm="syz.6.2960" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f61b0f9c799 code=0x7ffc0000 [ 589.638656][ T27] audit: type=1326 audit(1774461079.379:535): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15486 comm="syz.6.2960" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f61b0f9c799 code=0x7ffc0000 [ 589.896051][ T27] audit: type=1326 audit(1774461079.379:536): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15486 comm="syz.6.2960" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f61b0f9c799 code=0x7ffc0000 [ 589.969228][ T27] audit: type=1326 audit(1774461079.379:537): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15486 comm="syz.6.2960" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f61b0f9c799 code=0x7ffc0000 [ 589.998571][ T27] audit: type=1326 audit(1774461079.379:538): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15486 comm="syz.6.2960" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f61b0f5cfce code=0x7ffc0000 [ 592.422018][T15524] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2976'. [ 592.431980][T15521] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2974'. [ 593.359305][T15539] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2980'. [ 593.503126][T15543] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2982'. [ 593.623176][T15545] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2983'. [ 593.672467][T15545] bond3: (slave ip_vti0): The slave device specified does not support setting the MAC address [ 593.692321][T15545] bond3: (slave ip_vti0): Error -95 calling set_mac_address [ 593.745011][T15549] trusted_key: encrypted_key: keyword 'new' not allowed when called from .update method [ 593.781650][T15551] 9pnet: p9_errstr2errno: server reported unknown error aaaaaaaaa [ 593.925951][T15557] netlink: 'syz.4.2988': attribute type 1 has an invalid length. [ 593.941275][T15557] netlink: 193500 bytes leftover after parsing attributes in process `syz.4.2988'. [ 595.218467][T15576] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2997'. [ 595.460243][T15588] xt_hashlimit: overflow, try lower: 18446744073709551615/255 [ 596.269181][T15567] Bluetooth: hci3: command 0x0406 tx timeout [ 598.693877][T15614] tipc: Resetting bearer [ 598.714525][T15614] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 598.835320][T15618] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3006'. [ 599.044495][ T27] kauditd_printk_skb: 48 callbacks suppressed [ 599.044508][ T27] audit: type=1326 audit(1774461089.149:587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15621 comm="syz.7.3008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4cb019c799 code=0x7ffc0000 [ 599.073696][ T27] audit: type=1326 audit(1774461089.159:588): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15621 comm="syz.7.3008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4cb019c799 code=0x7ffc0000 [ 599.405443][ T27] audit: type=1326 audit(1774461089.159:589): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15621 comm="syz.7.3008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7f4cb019c799 code=0x7ffc0000 [ 599.754582][ T27] audit: type=1326 audit(1774461089.159:590): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15621 comm="syz.7.3008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4cb019c799 code=0x7ffc0000 [ 599.888093][ T27] audit: type=1326 audit(1774461089.159:591): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15621 comm="syz.7.3008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=101 compat=0 ip=0x7f4cb019c799 code=0x7ffc0000 [ 599.955887][ T27] audit: type=1326 audit(1774461089.159:592): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15621 comm="syz.7.3008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4cb019c799 code=0x7ffc0000 [ 600.022944][T15630] syzkaller0: entered promiscuous mode [ 600.028982][ T27] audit: type=1326 audit(1774461089.159:593): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15621 comm="syz.7.3008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4cb019c799 code=0x7ffc0000 [ 600.042092][T15630] syzkaller0: entered allmulticast mode [ 600.073878][ T27] audit: type=1326 audit(1774461089.159:594): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15621 comm="syz.7.3008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f4cb019c799 code=0x7ffc0000 [ 600.109329][ T27] audit: type=1326 audit(1774461089.159:595): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15621 comm="syz.7.3008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f4cb019c502 code=0x7ffc0000 [ 600.142672][ T27] audit: type=1326 audit(1774461089.159:596): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15621 comm="syz.7.3008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f4cb015cfce code=0x7ffc0000 [ 600.326028][T15641] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3015'. [ 603.569921][T15711] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3039'. [ 604.261981][T15739] fuse: Bad value for 'fd' [ 606.184235][T15787] sctp: [Deprecated]: syz.6.3059 (pid 15787) Use of struct sctp_assoc_value in delayed_ack socket option. [ 606.184235][T15787] Use struct sctp_sack_info instead [ 606.696897][T15801] xt_NFQUEUE: number of queues (62232) out of range (got 67565) [ 608.369021][T15810] kvm_intel: kvm [15809]: vcpu0, guest rIP: 0x0 Unhandled WRMSR(0x1d9) = 0x1 [ 608.383264][T15810] kvm_intel: kvm [15809]: vcpu0, guest rIP: 0x9100 Unhandled WRMSR(0x1d9) = 0x1 [ 608.394402][T15810] kvm_intel: kvm [15809]: vcpu0, guest rIP: 0x9100 Unhandled WRMSR(0x1d9) = 0x1 [ 612.374152][T15841] x_tables: duplicate entry at hook 3 [ 612.539296][ T23] usb 7-1: new high-speed USB device number 9 using dummy_hcd [ 612.717672][T15841] netlink: 'syz.2.3073': attribute type 16 has an invalid length. [ 612.763332][T15841] netlink: 'syz.2.3073': attribute type 17 has an invalid length. [ 612.785552][ T23] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 612.794394][ T23] usb 7-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 612.826635][ T23] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 612.850953][ T23] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 612.880578][ T23] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 612.903859][ T23] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 612.913799][ T23] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 612.922061][ T23] usb 7-1: Product: syz [ 612.942022][ T23] usb 7-1: Manufacturer: syz [ 612.967220][ T23] cdc_wdm 7-1:1.0: skipping garbage [ 612.987440][ T23] cdc_wdm 7-1:1.0: skipping garbage [ 613.011500][ T23] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device [ 613.028632][T15841] 8021q: adding VLAN 0 to HW filter on device team0 [ 613.034415][ T23] cdc_wdm 7-1:1.0: Unknown control protocol [ 613.061860][T15841] batman_adv: batadv0: Interface activated: dummy0 [ 613.082077][T15841] batadv0: mtu less than device minimum [ 613.102108][T15841] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (0) [ 613.114289][T15841] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (0) [ 613.126462][T15841] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (0) [ 613.139012][T15841] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (0) [ 613.151217][T15841] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (0) [ 613.163476][T15841] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (0) [ 613.175722][T15841] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (0) [ 613.187902][T15841] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (0) [ 613.199969][T15841] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (0) [ 613.319801][ T5801] usb 7-1: USB disconnect, device number 9 [ 613.338073][T15855] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3075'. [ 613.499816][T15858] netlink: 'syz.2.3077': attribute type 1 has an invalid length. [ 613.577010][T15858] 8021q: adding VLAN 0 to HW filter on device bond0 [ 613.584697][T15866] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3077'. [ 613.687679][T15866] bond0: entered promiscuous mode [ 613.698535][T15866] bond0: entered allmulticast mode [ 613.850537][T15858] batman_adv: batadv0: Interface deactivated: dummy0 [ 613.868031][T15858] batman_adv: batadv0: Removing interface: dummy0 [ 614.370630][T15858] bond0: (slave dummy0): making interface the new active one [ 614.487622][T15858] dummy0: entered promiscuous mode [ 614.493143][T15858] dummy0: entered allmulticast mode [ 614.500481][T15858] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 614.667798][T15875] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3083'. [ 614.949249][ T6994] tipc: Disabling bearer [ 614.957657][ T6994] tipc: Left network mode [ 618.461835][T15929] netlink: 'syz.4.3094': attribute type 10 has an invalid length. [ 618.480752][T15929] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 620.003208][T15968] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 620.011394][T15968] IPv6: NLM_F_CREATE should be set when creating new route [ 620.357784][T15968] tipc: Resetting bearer [ 620.410717][T15968] netdevsim netdevsim6 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 620.419953][T15968] netdevsim netdevsim6 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 620.428956][T15968] netdevsim netdevsim6 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 620.438299][T15968] netdevsim netdevsim6 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 620.583380][T15980] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3108'. [ 621.096543][T15988] loop6: detected capacity change from 0 to 2048 [ 621.373287][T15988] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 621.684630][T15990] EXT4-fs error (device loop6): ext4_validate_block_bitmap:439: comm vhost-15988: bg 0: block 234: padding at end of block bitmap is not set [ 622.878899][T11081] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 623.023137][ T6994] hsr_slave_0: left promiscuous mode [ 623.070284][ T6994] hsr_slave_1: left promiscuous mode [ 623.270736][ T6994] bond9 (unregistering): (slave bridge6): Releasing backup interface [ 624.572521][ T6994] bond9 (unregistering): (slave bridge5): Releasing backup interface [ 624.653020][ T6994] bond9 (unregistering): Released all slaves [ 625.184699][ T6994] bond8 (unregistering): Released all slaves [ 625.922787][ T1282] ieee802154 phy0 wpan0: encryption failed: -22 [ 625.980745][ T1282] ieee802154 phy1 wpan1: encryption failed: -22 [ 626.187169][ T6994] bond7 (unregistering): Released all slaves [ 626.619725][ T6994] bond6 (unregistering): Released all slaves [ 626.657608][ T6994] bond5 (unregistering): Released all slaves [ 626.680264][ T6994] bond4 (unregistering): Released all slaves [ 627.193204][ T6994] bond3 (unregistering): Released all slaves [ 627.580586][ T6994] bond2 (unregistering): Released all slaves [ 628.397403][ T6994] bond1 (unregistering): Released all slaves [ 630.288145][ T6994] bond0 (unregistering): Released all slaves [ 631.464979][T16098] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3136'. [ 631.699558][ T790] usb 7-1: new full-speed USB device number 10 using dummy_hcd [ 631.945364][ T790] usb 7-1: config 3 has an invalid descriptor of length 0, skipping remainder of the config [ 632.019434][ T790] usb 7-1: config 3 has 0 interfaces, different from the descriptor's value: 1 [ 632.042590][ T790] usb 7-1: New USB device found, idVendor=03f0, idProduct=0f9b, bcdDevice=d2.cf [ 632.062234][ T790] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 632.084145][ T790] usb 7-1: Product: syz [ 632.106693][ T790] usb 7-1: Manufacturer: syz [ 632.111499][ T790] usb 7-1: SerialNumber: syz [ 632.978317][ T8] usb 7-1: USB disconnect, device number 10 [ 636.180198][T16168] binder: 16167:16168 ioctl 4018620d 0 returned -22 [ 637.862555][T16191] loop6: detected capacity change from 0 to 256 [ 638.119055][T16191] FAT-fs (loop6): Directory bread(block 64) failed [ 638.152270][T16191] FAT-fs (loop6): Directory bread(block 65) failed [ 638.188460][T16191] FAT-fs (loop6): Directory bread(block 66) failed [ 638.195416][T16191] FAT-fs (loop6): Directory bread(block 67) failed [ 638.249694][T16191] FAT-fs (loop6): Directory bread(block 68) failed [ 638.284216][T16191] FAT-fs (loop6): Directory bread(block 69) failed [ 638.312063][T16191] FAT-fs (loop6): Directory bread(block 70) failed [ 638.345433][T16191] FAT-fs (loop6): Directory bread(block 71) failed [ 638.391053][T16191] FAT-fs (loop6): Directory bread(block 72) failed [ 638.397654][T16191] FAT-fs (loop6): Directory bread(block 73) failed [ 639.515474][T16211] debugfs: Directory 'netdev:nicvf0' with parent 'phy13' already present! [ 639.937881][T16221] bond_slave_1: entered promiscuous mode [ 639.989231][T16221] bond_slave_1: left promiscuous mode [ 640.934136][T16234] netlink: 'syz.6.3161': attribute type 11 has an invalid length. [ 642.190048][T16256] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3167'. [ 653.558197][T16403] bond_slave_1: entered promiscuous mode [ 653.575477][T16403] bond_slave_1: left promiscuous mode [ 656.613253][ T5802] IPVS: starting estimator thread 0... [ 656.757585][T16435] IPVS: using max 25 ests per chain, 60000 per kthread [ 657.815231][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 659.454293][T16456] netlink: 24 bytes leftover after parsing attributes in process `syz.6.3200'. [ 661.610350][T16508] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 662.103697][T16518] net_ratelimit: 11 callbacks suppressed [ 662.103715][T16518] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 662.236922][T16518] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 663.597970][T16547] syz_tun: entered allmulticast mode [ 664.695558][T16560] mac80211_hwsim hwsim22 syzkaller0: entered promiscuous mode [ 664.703771][T16560] mac80211_hwsim hwsim22 syzkaller0: entered allmulticast mode [ 664.769539][T16568] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3231'. [ 664.971535][T16567] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 666.776887][T16598] netlink: 'syz.6.3236': attribute type 4 has an invalid length. [ 666.962388][T16604] loop6: detected capacity change from 0 to 1024 [ 667.014877][T16604] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 668.508809][T16611] EXT4-fs error (device loop6): ext4_mb_mark_diskspace_used:4059: comm syz.6.3238: Allocating blocks 497-513 which overlap fs metadata [ 668.609503][T16611] EXT4-fs (loop6): pa ffff88806e913e80: logic 131104, phys. 177, len 21 [ 668.619819][T16611] EXT4-fs error (device loop6): ext4_mb_release_inode_pa:5393: group 0, free 0, pa_free 1 [ 669.781593][T16640] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3252'. [ 670.097511][T16649] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3244'. [ 670.825542][T16656] sch_tbf: burst 19872 is lower than device lo mtu (11337746) ! [ 672.202130][T11081] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 672.768988][T16700] loop6: detected capacity change from 0 to 512 [ 672.784671][T16700] EXT4-fs: Ignoring removed i_version option [ 673.020502][T16700] EXT4-fs warning (device loop6): ext4_expand_extra_isize_ea:2853: Unable to expand inode 17. Delete some EAs or run e2fsck. [ 673.037741][T16700] EXT4-fs (loop6): 1 truncate cleaned up [ 673.052891][T16700] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 674.327718][T11081] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 677.053336][T16734] team0: Port device bridge0 added [ 678.398655][T16772] netlink: 'syz.2.3270': attribute type 1 has an invalid length. [ 678.482373][T16772] 8021q: adding VLAN 0 to HW filter on device bond8 [ 678.509261][T16772] bond8: entered allmulticast mode [ 678.532591][T16772] bond8: (slave ip6gretap0): making interface the new active one [ 678.540775][T16772] ip6gretap0: entered allmulticast mode [ 678.548710][T16772] bond8: (slave ip6gretap0): Enslaving as an active interface with an up link [ 678.719016][T16781] loop6: detected capacity change from 0 to 2048 [ 679.572763][T16781] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 679.908014][T11081] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 681.150188][T16806] vhci_hcd vhci_hcd.0: pdev(6) rhport(0) sockfd(6) [ 681.157492][T16806] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 681.169991][T16806] vhci_hcd vhci_hcd.0: Device attached [ 681.591875][ T5820] usb 45-1: new low-speed USB device number 2 using vhci_hcd [ 681.766743][T16811] vhci_hcd: connection reset by peer [ 681.882692][ T165] vhci_hcd: stop threads [ 681.973229][ T165] vhci_hcd: release socket [ 682.078507][ T165] vhci_hcd: disconnect device [ 684.769858][T16848] netlink: 'syz.6.3286': attribute type 4 has an invalid length. [ 685.029253][T16839] xt_TPROXY: Can be used only with -p tcp or -p udp [ 685.127202][T16853] netlink: 'syz.7.3287': attribute type 10 has an invalid length. [ 685.652823][T16877] netlink: 'syz.7.3292': attribute type 1 has an invalid length. [ 687.210705][T16913] xt_TPROXY: Can be used only with -p tcp or -p udp [ 688.293473][ T5820] vhci_hcd: vhci_device speed not set [ 688.804776][T16102] usb 7-1: new high-speed USB device number 11 using dummy_hcd [ 690.089056][T16102] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 690.105187][T16102] usb 7-1: config 0 has no interfaces? [ 690.133418][T16102] usb 7-1: New USB device found, idVendor=07fd, idProduct=0004, bcdDevice=26.50 [ 690.382532][T16944] netlink: 72 bytes leftover after parsing attributes in process `syz.7.3306'. [ 690.396352][T16102] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 691.132546][T16102] usb 7-1: Product: syz [ 691.137248][T16102] usb 7-1: Manufacturer: syz [ 691.141979][T16102] usb 7-1: SerialNumber: syz [ 691.160169][T16102] usb 7-1: config 0 descriptor?? [ 691.245201][T16952] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3309'. [ 691.405073][T16924] loop6: detected capacity change from 0 to 512 [ 691.424793][T16924] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode [ 691.447926][T16924] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a002c119, mo2=0002] [ 691.462926][T16924] System zones: 1-12 [ 691.475426][T16924] EXT4-fs (loop6): 1 truncate cleaned up [ 691.483147][T16924] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 691.513929][T16102] usb 7-1: USB disconnect, device number 11 [ 691.575917][ T1282] ieee802154 phy0 wpan0: encryption failed: -22 [ 691.582577][ T1282] ieee802154 phy1 wpan1: encryption failed: -22 [ 692.076390][T11081] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 696.570995][T17009] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3323'. [ 701.046336][T17055] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3335'. [ 701.241943][T17058] netlink: 12 bytes leftover after parsing attributes in process `syz.7.3338'. [ 701.350479][T17058] netlink: 63 bytes leftover after parsing attributes in process `syz.7.3338'. [ 702.642196][T17068] sch_fq: defrate 0 ignored. [ 704.121972][T17091] 8021q: adding VLAN 0 to HW filter on device bond0 [ 704.146288][T17091] 8021q: adding VLAN 0 to HW filter on device team0 [ 704.186872][T17091] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 705.156225][T17101] bridge0: port 1(erspan0) entered blocking state [ 705.162769][T17101] bridge0: port 1(erspan0) entered disabled state [ 705.169434][T17101] erspan0: entered allmulticast mode [ 705.175944][T17101] erspan0: left allmulticast mode [ 707.747800][T17128] loop6: detected capacity change from 0 to 764 [ 708.077647][T17128] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 708.271142][T17134] libceph: resolve '96.' (ret=-3): failed [ 710.121410][ T5802] usb 7-1: new high-speed USB device number 12 using dummy_hcd [ 710.775295][ T5802] usb 7-1: Using ep0 maxpacket: 8 [ 710.793339][ T5802] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 710.845734][ T5802] usb 7-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 710.898713][ T5802] usb 7-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 711.173922][ T5802] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 711.188037][ T5802] usb 7-1: config 0 descriptor?? [ 713.079466][T17195] netlink: 68 bytes leftover after parsing attributes in process `syz.2.3374'. [ 713.288514][ T5802] usb 7-1: USB disconnect, device number 12 [ 717.903302][ C1] icmp: detected local route for 172.20.20.14 during ICMP sending, src 172.20.20.170 [ 718.906447][T17257] loop6: detected capacity change from 0 to 1024 [ 719.160991][T17253] hfsplus: found bad thread record in catalog [ 719.337783][T15874] hfsplus: b-tree write err: -5, ino 25 [ 719.350267][T15874] hfsplus: b-tree write err: -5, ino 4 [ 719.356348][T15874] hfsplus: b-tree write err: -5, ino 2 [ 720.303880][T17277] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3409'. [ 721.735351][T17310] netlink: 'syz.7.3407': attribute type 9 has an invalid length. [ 726.991064][T17366] netlink: 'syz.2.3424': attribute type 21 has an invalid length. [ 727.848826][T17385] debugfs: Directory 'ttyS3' with parent 'caif_serial' already present! [ 731.109722][T17423] netlink: 132 bytes leftover after parsing attributes in process `syz.4.3434'. [ 731.517520][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 731.673908][T17447] netlink: 'syz.4.3440': attribute type 10 has an invalid length. [ 731.682070][T17447] netlink: 40 bytes leftover after parsing attributes in process `syz.4.3440'. [ 731.693325][T17447] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 731.723153][T17447] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 732.617696][T17447] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 732.685664][T17447] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 732.823575][T17447] team0: Port device geneve0 added [ 732.858589][T17453] debugfs: Directory 'netdev:nicvf0' with parent 'phy13' already present! [ 732.984492][T17459] netlink: 24 bytes leftover after parsing attributes in process `syz.6.3442'. [ 733.001454][ T5802] IPVS: starting estimator thread 0... [ 733.119850][T17462] IPVS: using max 26 ests per chain, 62400 per kthread [ 733.156500][T17459] netlink: 28 bytes leftover after parsing attributes in process `syz.6.3442'. [ 733.168622][T17459] veth7: entered promiscuous mode [ 733.178519][T17459] veth7: entered allmulticast mode [ 735.135338][T17489] netlink: 'syz.6.3452': attribute type 1 has an invalid length. [ 735.400200][T17489] 8021q: adding VLAN 0 to HW filter on device bond4 [ 735.501224][T17492] bond4: (slave veth0_to_bond): Enslaving as an active interface with a down link [ 737.074170][T17513] veth1_to_team: entered allmulticast mode [ 737.116551][T17516] delete_channel: no stack [ 739.312800][ T51] Bluetooth: Wrong link type (-57) [ 741.544235][T17574] netlink: 'syz.2.3472': attribute type 2 has an invalid length. [ 741.693983][T17577] netlink: 'syz.2.3472': attribute type 2 has an invalid length. [ 741.862550][T17583] loop6: detected capacity change from 0 to 1024 [ 742.183149][T17583] hfsplus: found bad thread record in catalog [ 742.684045][ T6994] hfsplus: b-tree write err: -5, ino 25 [ 742.689945][ T6994] hfsplus: b-tree write err: -5, ino 4 [ 742.711606][T17586] netlink: 'syz.7.3474': attribute type 10 has an invalid length. [ 742.720262][ T6994] hfsplus: b-tree write err: -5, ino 2 [ 748.681392][T17664] loop6: detected capacity change from 0 to 1024 [ 749.457823][T17662] hfsplus: found bad thread record in catalog [ 749.969583][ T3495] hfsplus: b-tree write err: -5, ino 25 [ 750.025979][ T3495] hfsplus: b-tree write err: -5, ino 4 [ 750.031657][ T3495] hfsplus: b-tree write err: -5, ino 2 [ 751.015763][T17678] mac80211_hwsim hwsim13 wlan1: entered promiscuous mode [ 751.293408][T17678] vlan1: entered promiscuous mode [ 751.361655][T17678] bond0: entered promiscuous mode [ 754.671702][T17732] netlink: zone id is out of range [ 754.691472][T17732] netlink: zone id is out of range [ 754.714007][T17732] netlink: zone id is out of range [ 754.723104][T17732] netlink: zone id is out of range [ 754.734742][T17732] netlink: zone id is out of range [ 754.744272][T17732] netlink: zone id is out of range [ 754.757496][T17733] netdevsim netdevsim2: loading /lib/firmware/. failed with error -22 [ 754.771036][T17733] netdevsim netdevsim2: Direct firmware load for . failed with error -22 [ 754.781781][T17732] netlink: zone id is out of range [ 754.791795][T17732] netlink: zone id is out of range [ 754.799712][T17732] netlink: zone id is out of range [ 754.806452][T17733] netdevsim netdevsim2: Falling back to sysfs fallback for: . [ 754.815532][T17732] netlink: zone id is out of range [ 754.913987][T17736] loop6: detected capacity change from 0 to 256 [ 755.985930][T17744] loop6: detected capacity change from 0 to 256 [ 756.750540][T17744] exFAT-fs (loop6): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 757.242611][ T1282] ieee802154 phy0 wpan0: encryption failed: -22 [ 757.251833][ T1282] ieee802154 phy1 wpan1: encryption failed: -22 [ 758.276623][T17774] netlink: 24 bytes leftover after parsing attributes in process `syz.7.3531'. [ 759.093505][T17764] loop6: detected capacity change from 0 to 32768 [ 759.354713][T17764] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop6 scanned by syz.6.3530 (17764) [ 759.797257][T17764] BTRFS info (device loop6): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6 [ 759.813310][T17764] BTRFS info (device loop6): using blake2b (blake2b-256-generic) checksum algorithm [ 759.839526][T17764] BTRFS info (device loop6): using free space tree [ 760.608704][T17764] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-write": -EINTR [ 760.664421][T17764] workqueue: Failed to create a rescuer kthread for wq "btrfs-compressed-write": -EINTR [ 760.696182][T17764] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR [ 760.716804][T17764] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR [ 760.826229][T17764] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR [ 761.032112][T17764] BTRFS error (device loop6): open_ctree failed: -12 [ 761.142808][T17053] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop6 scanned by udevd (17053) [ 764.669444][T17846] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3548'. [ 764.882191][T17846] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3548'. [ 765.034463][T17853] netlink: 'syz.6.3549': attribute type 14 has an invalid length. [ 766.274938][T17859] netlink: 24 bytes leftover after parsing attributes in process `syz.6.3551'. [ 768.052996][T17879] netlink: 'syz.4.3556': attribute type 5 has an invalid length. [ 768.471879][T17883] netlink: 132 bytes leftover after parsing attributes in process `syz.6.3557'. [ 768.569762][T17887] netlink: 'syz.2.3558': attribute type 1 has an invalid length. [ 768.675697][T17887] 8021q: adding VLAN 0 to HW filter on device bond9 [ 768.742890][T17891] bond9: (slave veth0_to_bond): Enslaving as an active interface with a down link [ 768.960919][ T5828] usb 7-1: new high-speed USB device number 13 using dummy_hcd [ 769.108845][T17900] netlink: 'syz.2.3561': attribute type 1 has an invalid length. [ 769.140589][T17900] bond11: entered promiscuous mode [ 769.146733][T17900] 8021q: adding VLAN 0 to HW filter on device bond11 [ 769.196012][ T5828] usb 7-1: Using ep0 maxpacket: 32 [ 769.204538][ T5828] usb 7-1: config index 0 descriptor too short (expected 29220, got 36) [ 769.211617][T17900] macvtap0: entered allmulticast mode [ 769.242355][T17900] bond11: (slave bridge5): making interface the new active one [ 769.247379][ T5828] usb 7-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 769.251805][T17900] bridge5: entered promiscuous mode [ 769.268143][T17900] bond11: (slave bridge5): Enslaving as an active interface with an up link [ 769.306598][ T5828] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 769.332022][ T5828] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 769.356833][ T5828] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 769.370243][T17905] overlayfs: failed to clone upperpath [ 769.376956][ T5828] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 769.420326][ T5828] usb 7-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 769.440493][ T5828] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 769.540625][ T5828] usb 7-1: config 0 descriptor?? [ 769.701290][T17910] netlink: 'syz.4.3565': attribute type 39 has an invalid length. [ 770.209159][ T5828] usblp 7-1:0.0: usblp0: USB Bidirectional printer dev 13 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 770.675654][T17923] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3567'. [ 771.578768][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 772.166496][ C0] hrtimer: interrupt took 40572 ns [ 772.291601][T16102] usb 7-1: USB disconnect, device number 13 [ 772.308569][T17937] netlink: 12 bytes leftover after parsing attributes in process `syz.7.3573'. [ 772.439901][T16102] usblp0: removed [ 772.537745][T17937] 8021q: adding VLAN 0 to HW filter on device bond3 [ 772.555494][T17942] macvlan3: entered promiscuous mode [ 772.564452][T17942] macvlan3: entered allmulticast mode [ 774.038524][T17956] netlink: 24 bytes leftover after parsing attributes in process `syz.7.3579'. [ 774.196249][T17965] loop6: detected capacity change from 0 to 256 [ 774.229053][T17965] exFAT-fs (loop6): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 774.246139][T17965] exFAT-fs (loop6): Medium has reported failures. Some data may be lost. [ 774.267900][T17965] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 774.775548][T17965] exFAT-fs (loop6): error, invalid access to FAT (entry 0xffffffff) [ 774.790876][T17965] exFAT-fs (loop6): Filesystem has been set read-only [ 774.941295][T17965] exFAT-fs (loop6): error, invalid access to FAT (entry 0xffffffff) [ 777.178370][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 779.320354][T18012] netlink: 136 bytes leftover after parsing attributes in process `syz.2.3595'. [ 782.564596][T18057] 9pnet_fd: Insufficient options for proto=fd [ 782.904016][T18061] team0: Port device bridge0 added [ 782.930686][T18061] bond0: left promiscuous mode [ 782.936196][T18061] dummy0: left promiscuous mode [ 782.944120][T18061] bond11: left promiscuous mode [ 782.949483][T18061] bridge5: left promiscuous mode [ 782.954126][ T5828] IPVS: starting estimator thread 0... [ 782.960505][T18066] netlink: 'syz.4.3616': attribute type 1 has an invalid length. [ 783.046862][T18066] 8021q: adding VLAN 0 to HW filter on device bond7 [ 783.150200][T18070] bond7: entered allmulticast mode [ 783.167768][T18068] IPVS: using max 21 ests per chain, 50400 per kthread [ 783.212531][T18066] bond7: (slave ip6gretap2): making interface the new active one [ 783.236144][T18066] ip6gretap2: entered allmulticast mode [ 783.259212][T18066] bond7: (slave ip6gretap2): Enslaving as an active interface with an up link [ 784.252544][ T0] NOHZ tick-stop error: local softirq work is pending, handler #82!!! [ 790.709227][T18120] team0: Port device bridge0 added [ 790.738082][T18120] team0: Failed to send port change of device bridge0 via netlink (err -105) [ 790.750428][T18120] vlan4: left promiscuous mode [ 790.755342][T18120] bridge0: left promiscuous mode [ 790.762769][T18120] team1: left promiscuous mode [ 790.767766][T18120] team2: left promiscuous mode [ 790.775425][T18120] mac80211_hwsim hwsim22 syzkaller0: left promiscuous mode [ 790.787283][T18120] veth7: left promiscuous mode [ 790.796166][T18126] netlink: 'syz.7.3632': attribute type 1 has an invalid length. [ 790.864044][T18126] 8021q: adding VLAN 0 to HW filter on device bond4 [ 790.947099][T18127] vlan3: entered promiscuous mode [ 790.971429][T18127] bond4: entered promiscuous mode [ 790.977530][T18127] vlan3: entered allmulticast mode [ 790.983817][T18127] bond4: entered allmulticast mode [ 791.033093][T18129] bond4: (slave bridge2): making interface the new active one [ 791.042080][T18129] bridge2: entered promiscuous mode [ 791.047570][T18129] bridge2: entered allmulticast mode [ 791.062048][T18129] bond4: (slave bridge2): Enslaving as an active interface with an up link [ 794.860677][T18158] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3636'. [ 795.116178][T18167] sch_fq: defrate 0 ignored. [ 795.275493][T18171] netlink: 'syz.2.3641': attribute type 1 has an invalid length. [ 795.380240][T18171] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3641'. [ 795.395823][T18171] 8021q: adding VLAN 0 to HW filter on device bond12 [ 797.213579][T18194] 9pnet_virtio: no channels available for device ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 797.757568][T18201] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3648'. [ 798.096792][T18213] tipc: Started in network mode [ 798.108164][T18213] tipc: Node identity 7f000001, cluster identity 4711 [ 798.129731][T18213] tipc: Enabling of bearer rejected, failed to enable media [ 798.170918][T18213] netlink: 104 bytes leftover after parsing attributes in process `syz.7.3651'. [ 798.181451][T18201] netlink: 63 bytes leftover after parsing attributes in process `syz.6.3648'. [ 798.215966][T18213] tipc: Enabling of bearer rejected, failed to enable media [ 799.663158][T18231] netlink: 'syz.4.3656': attribute type 1 has an invalid length. [ 802.626694][T18253] x_tables: duplicate entry at hook 3 [ 806.879216][T18293] x_tables: ip6_tables: sctp match: only valid for protocol 132 [ 810.289040][T18323] x_tables: duplicate entry at hook 3 [ 810.329405][T18323] netlink: 'syz.4.3674': attribute type 16 has an invalid length. [ 810.350624][T18323] netlink: 'syz.4.3674': attribute type 17 has an invalid length. [ 810.562023][T18323] net_ratelimit: 23 callbacks suppressed [ 810.562032][T18323] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 815.639937][T18363] netlink: 28 bytes leftover after parsing attributes in process `syz.6.3687'. [ 815.653394][T18363] netlink: 28 bytes leftover after parsing attributes in process `syz.6.3687'. [ 815.663941][T18363] netlink: 28 bytes leftover after parsing attributes in process `syz.6.3687'. [ 815.676065][T18363] netlink: 28 bytes leftover after parsing attributes in process `syz.6.3687'. [ 815.686110][T18363] netlink: 28 bytes leftover after parsing attributes in process `syz.6.3687'. [ 815.696627][T18363] netlink: 28 bytes leftover after parsing attributes in process `syz.6.3687'. [ 815.708017][T18363] netlink: 28 bytes leftover after parsing attributes in process `syz.6.3687'. [ 815.719449][T18363] netlink: 28 bytes leftover after parsing attributes in process `syz.6.3687'. [ 815.733738][T18363] netlink: 28 bytes leftover after parsing attributes in process `syz.6.3687'. [ 815.748250][T18363] netlink: 28 bytes leftover after parsing attributes in process `syz.6.3687'. [ 816.304085][T18364] tipc: Enabling of bearer rejected, failed to enable media [ 817.109583][T18369] bridge0: port 1(erspan0) entered blocking state [ 817.116333][T18369] bridge0: port 1(erspan0) entered disabled state [ 817.123143][T18369] erspan0: entered allmulticast mode [ 817.129257][T18369] erspan0: entered promiscuous mode [ 817.361209][T18376] loop6: detected capacity change from 0 to 164 [ 818.758026][T18393] loop6: detected capacity change from 0 to 512 [ 819.270469][T18393] EXT4-fs error (device loop6): ext4_iget_extra_inode:4732: inode #15: comm syz.6.3694: corrupted in-inode xattr: invalid ea_ino [ 819.299114][T18393] EXT4-fs error (device loop6): ext4_orphan_get:1403: comm syz.6.3694: couldn't read orphan inode 15 (err -117) [ 819.326947][T18393] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 819.411219][T18400] team0: Port device bridge0 added [ 819.458568][T11081] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 820.874564][T18409] bridge0: port 1(erspan0) entered blocking state [ 820.881548][T18409] bridge0: port 1(erspan0) entered disabled state [ 820.888623][T18409] erspan0: entered allmulticast mode [ 820.895051][T18409] erspan0: entered promiscuous mode [ 822.965499][ T1282] ieee802154 phy0 wpan0: encryption failed: -22 [ 822.983779][ T1282] ieee802154 phy1 wpan1: encryption failed: -22 [ 823.119401][T18425] ref_ctr going negative. vaddr: 0x200000ffd002, curr val: -30507, delta: 1 [ 823.158600][T18425] ref_ctr increment failed for inode: 0x131f offset: 0x5 ref_ctr_offset: 0x2 of mm: 0xffff88807cf3af80 [ 823.234502][T18440] ref_ctr going negative. vaddr: 0x200000ffd002, curr val: -30507, delta: -1 [ 823.290787][T18440] ref_ctr decrement failed for inode: 0x131f offset: 0x5 ref_ctr_offset: 0x2 of mm: 0xffff88807cf3af80 [ 826.069459][T18462] bridge0: port 3(erspan0) entered blocking state [ 826.076263][T18462] bridge0: port 3(erspan0) entered disabled state [ 826.083164][T18462] erspan0: entered allmulticast mode [ 826.090012][T18462] erspan0: entered promiscuous mode [ 826.095605][ T0] NOHZ tick-stop error: local softirq work is pending, handler #82!!! [ 827.075431][T18477] netlink: 'syz.6.3721': attribute type 1 has an invalid length. [ 827.218321][T18478] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 20000 - 0 [ 827.240261][T18478] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 20000 - 0 [ 827.262000][T18478] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 20000 - 0 [ 827.294264][T18478] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 20000 - 0 [ 827.331454][T18478] bond7: (slave geneve2): making interface the new active one [ 827.341193][T18478] bond7: (slave geneve2): Enslaving as an active interface with an up link [ 827.453295][T18477] __nla_validate_parse: 11 callbacks suppressed [ 827.453316][T18477] netlink: 28 bytes leftover after parsing attributes in process `syz.6.3721'. [ 827.487658][T18477] 8021q: adding VLAN 0 to HW filter on device bond7 [ 829.216217][T15567] Bluetooth: hci3: command 0x0406 tx timeout [ 829.793463][T18501] bridge0: port 1(erspan0) entered blocking state [ 829.800696][T18501] bridge0: port 1(erspan0) entered disabled state [ 829.808582][T18501] erspan0: entered allmulticast mode [ 829.818824][T18501] erspan0: left allmulticast mode [ 830.278529][T18513] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3741'. [ 831.376577][T18527] netlink: 'syz.4.3734': attribute type 1 has an invalid length. [ 831.505018][T18527] netdevsim netdevsim4 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0 [ 831.538228][T18527] netdevsim netdevsim4 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0 [ 832.338412][T18527] netdevsim netdevsim4 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0 [ 832.361112][T18527] netdevsim netdevsim4 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0 [ 832.402407][T18527] bond8: (slave geneve3): making interface the new active one [ 832.429215][T18527] bond8: (slave geneve3): Enslaving as an active interface with an up link [ 832.478742][T18530] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3734'. [ 832.541848][T18530] 8021q: adding VLAN 0 to HW filter on device bond8 [ 837.348475][T18583] netlink: 'syz.6.3752': attribute type 10 has an invalid length. [ 837.816118][T18588] netlink: 176 bytes leftover after parsing attributes in process `syz.6.3752'. [ 838.653137][ T27] kauditd_printk_skb: 16 callbacks suppressed [ 838.653152][ T27] audit: type=1326 audit(1774461313.923:613): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18595 comm="syz.6.3756" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f61b0f9c799 code=0x7ffc0000 [ 838.724154][ T27] audit: type=1326 audit(1774461313.923:614): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18595 comm="syz.6.3756" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f61b0f9c799 code=0x7ffc0000 [ 838.777501][ T27] audit: type=1326 audit(1774461313.960:615): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18595 comm="syz.6.3756" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f61b0f9c799 code=0x7ffc0000 [ 838.858192][ T27] audit: type=1326 audit(1774461313.960:616): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18595 comm="syz.6.3756" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f61b0f9c799 code=0x7ffc0000 [ 838.930882][ T27] audit: type=1326 audit(1774461313.960:617): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18595 comm="syz.6.3756" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7f61b0f9c799 code=0x7ffc0000 [ 838.965659][ T9980] ------------[ cut here ]------------ [ 838.972107][ T9980] WARNING: CPU: 1 PID: 9980 at io_uring/io_uring.c:3214 io_ring_exit_work+0x3a7/0x820 [ 838.982297][ T9980] Modules linked in: [ 838.986390][ T9980] CPU: 1 PID: 9980 Comm: kworker/u4:12 Not tainted syzkaller #0 [ 838.994228][ T9980] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 839.004644][ T9980] Workqueue: iou_exit io_ring_exit_work [ 839.010356][ T9980] RIP: 0010:io_ring_exit_work+0x3a7/0x820 [ 839.016306][ T9980] Code: 78 23 e8 2c a4 09 f7 48 8b 7c 24 30 48 8b 74 24 08 e8 5d f4 10 00 48 85 c0 75 1d e8 13 a4 09 f7 e9 b9 fd ff ff e8 09 a4 09 f7 <0f> 0b b8 70 17 00 00 48 89 44 24 08 eb cf c7 84 24 90 00 00 00 00 [ 839.036518][ T9980] RSP: 0018:ffffc9000fe6fa40 EFLAGS: 00010293 [ 839.042773][ T9980] RAX: ffffffff8a7d7c17 RBX: ffff88805e8ec000 RCX: ffff88807bf38000 [ 839.051978][ T9980] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000000000000 [ 839.059983][ T9980] RBP: ffffc9000fe6fbb0 R08: ffffc9000fe6f9c7 R09: 1ffff92001fcdf38 [ 839.068131][ T9980] R10: dffffc0000000000 R11: fffff52001fcdf39 R12: dffffc0000000000 [ 839.076367][ T9980] R13: ffff88805e8ec288 R14: 000000010000cbe0 R15: 000000010000cbe1 [ 839.084422][ T9980] FS: 0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 [ 839.093664][ T9980] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 839.100385][ T9980] CR2: 0000200000185000 CR3: 00000000678ea000 CR4: 00000000003506e0 [ 839.109035][ T9980] Call Trace: [ 839.112538][ T9980] [ 839.115746][ T9980] ? io_ring_ctx_wait_and_kill+0x2b0/0x2b0 [ 839.121319][ T27] audit: type=1326 audit(1774461313.960:618): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18595 comm="syz.6.3756" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f61b0f9c799 code=0x7ffc0000 [ 839.121670][ T9980] ? _raw_spin_unlock_irq+0x23/0x50 [ 839.150317][ T9980] ? process_scheduled_works+0x96f/0x15d0 [ 839.156074][ T9980] ? process_scheduled_works+0x96f/0x15d0 [ 839.162250][ T9980] process_scheduled_works+0xa5d/0x15d0 [ 839.168054][ T9980] ? worker_attach_to_pool+0x380/0x380 [ 839.173672][ T9980] ? assign_work+0x3d2/0x5d0 [ 839.178363][ T9980] worker_thread+0xa55/0xfc0 [ 839.183276][ T9980] kthread+0x2fa/0x390 [ 839.187901][ T9980] ? pr_cont_work+0x560/0x560 [ 839.191651][ T27] audit: type=1326 audit(1774461313.960:619): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18595 comm="syz.6.3756" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f61b0f9c799 code=0x7ffc0000 [ 839.192948][ T9980] ? kthread_blkcg+0xd0/0xd0 [ 839.222468][ T9980] ret_from_fork+0x48/0x80 [ 839.227244][ T9980] ? kthread_blkcg+0xd0/0xd0 [ 839.232221][ T9980] ret_from_fork_asm+0x11/0x20 [ 839.237313][ T9980] [ 839.240445][ T9980] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 839.247740][ T9980] CPU: 1 PID: 9980 Comm: kworker/u4:12 Not tainted syzkaller #0 [ 839.255089][ T27] audit: type=1326 audit(1774461313.960:620): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18595 comm="syz.6.3756" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f61b0f9c799 code=0x7ffc0000 [ 839.255133][ T27] audit: type=1326 audit(1774461313.960:621): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18595 comm="syz.6.3756" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f61b0f9c799 code=0x7ffc0000 [ 839.255167][ T27] audit: type=1326 audit(1774461313.960:622): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18595 comm="syz.6.3756" exe="/root/syz-executor" sig=0 arch=c000003e syscall=201 compat=0 ip=0x7f61b0f9c799 code=0x7ffc0000 [ 839.323257][ T9980] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 839.333509][ T9980] Workqueue: iou_exit io_ring_exit_work [ 839.339556][ T9980] Call Trace: [ 839.343213][ T9980] [ 839.346476][ T9980] dump_stack_lvl+0x18c/0x250 [ 839.351372][ T9980] ? show_regs_print_info+0x20/0x20 [ 839.356777][ T9980] ? load_image+0x400/0x400 [ 839.361457][ T9980] panic+0x2dc/0x730 [ 839.365355][ T9980] ? bpf_jit_dump+0xd0/0xd0 [ 839.369891][ T9980] ? ret_from_fork_asm+0x11/0x20 [ 839.374825][ T9980] __warn+0x2e0/0x470 [ 839.378834][ T9980] ? io_ring_exit_work+0x3a7/0x820 [ 839.383949][ T9980] ? io_ring_exit_work+0x3a7/0x820 [ 839.389051][ T9980] report_bug+0x2be/0x4f0 [ 839.393623][ T9980] ? io_ring_exit_work+0x3a7/0x820 [ 839.399572][ T9980] ? io_ring_exit_work+0x3a7/0x820 [ 839.404830][ T9980] ? io_ring_exit_work+0x3a9/0x820 [ 839.409942][ T9980] handle_bug+0xcf/0x120 [ 839.414207][ T9980] exc_invalid_op+0x1a/0x50 [ 839.418741][ T9980] asm_exc_invalid_op+0x1a/0x20 [ 839.423852][ T9980] RIP: 0010:io_ring_exit_work+0x3a7/0x820 [ 839.429576][ T9980] Code: 78 23 e8 2c a4 09 f7 48 8b 7c 24 30 48 8b 74 24 08 e8 5d f4 10 00 48 85 c0 75 1d e8 13 a4 09 f7 e9 b9 fd ff ff e8 09 a4 09 f7 <0f> 0b b8 70 17 00 00 48 89 44 24 08 eb cf c7 84 24 90 00 00 00 00 [ 839.449710][ T9980] RSP: 0018:ffffc9000fe6fa40 EFLAGS: 00010293 [ 839.455894][ T9980] RAX: ffffffff8a7d7c17 RBX: ffff88805e8ec000 RCX: ffff88807bf38000 [ 839.463949][ T9980] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000000000000 [ 839.472005][ T9980] RBP: ffffc9000fe6fbb0 R08: ffffc9000fe6f9c7 R09: 1ffff92001fcdf38 [ 839.480066][ T9980] R10: dffffc0000000000 R11: fffff52001fcdf39 R12: dffffc0000000000 [ 839.488114][ T9980] R13: ffff88805e8ec288 R14: 000000010000cbe0 R15: 000000010000cbe1 [ 839.496343][ T9980] ? io_ring_exit_work+0x3a7/0x820 [ 839.501468][ T9980] ? io_ring_ctx_wait_and_kill+0x2b0/0x2b0 [ 839.507274][ T9980] ? _raw_spin_unlock_irq+0x23/0x50 [ 839.512495][ T9980] ? process_scheduled_works+0x96f/0x15d0 [ 839.518261][ T9980] ? process_scheduled_works+0x96f/0x15d0 [ 839.524014][ T9980] process_scheduled_works+0xa5d/0x15d0 [ 839.529815][ T9980] ? worker_attach_to_pool+0x380/0x380 [ 839.535460][ T9980] ? assign_work+0x3d2/0x5d0 [ 839.540280][ T9980] worker_thread+0xa55/0xfc0 [ 839.545143][ T9980] kthread+0x2fa/0x390 [ 839.549418][ T9980] ? pr_cont_work+0x560/0x560 [ 839.554112][ T9980] ? kthread_blkcg+0xd0/0xd0 [ 839.559059][ T9980] ret_from_fork+0x48/0x80 [ 839.563569][ T9980] ? kthread_blkcg+0xd0/0xd0 [ 839.568145][ T9980] ret_from_fork_asm+0x11/0x20 [ 839.572908][ T9980] [ 839.576409][ T9980] Kernel Offset: disabled [ 839.580922][ T9980] Rebooting in 86400 seconds..