last executing test programs: 4.495723556s ago: executing program 0 (id=185): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000003005740ed0b0011c3ec000000010902120001000000000904"], 0x0) syz_usb_control_io(0xffffffffffffffff, 0x0, &(0x7f0000000780)={0x84, &(0x7f0000000000)=ANY=[@ANYBLOB="00000100000022"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac1(r0, 0x0, &(0x7f00000004c0)={0x44, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000300)={0x1c, &(0x7f00000001c0)={0x20, 0xc, 0x3, "e2bc03"}, 0x0, 0x0}) 2.591546281s ago: executing program 0 (id=203): r0 = syz_io_uring_setup(0x3b, &(0x7f0000000040)={0x0, 0x2, 0x10100, 0x40000000, 0x2b5}, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) syz_io_uring_submit(r1, r2, &(0x7f0000000600)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r3, 0x0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000019c0)=[{&(0x7f00000002c0)=""/183, 0xb7}], 0x1, 0x0, 0x26}, 0x0, 0x80002101}) io_uring_enter(r0, 0xd81, 0x0, 0x0, 0x0, 0x0) 2.335767466s ago: executing program 0 (id=205): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000080)=0xb0000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@my=0x0}) ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r0, 0x7a5, &(0x7f0000000180)={{@any, 0xffffffff}, 0x1, 0x0, 0x7}) 2.092138981s ago: executing program 0 (id=207): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f00000000c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x10, 0x10, 0x2, [@int={0x0, 0x0, 0x0, 0x1, 0x5, 0x3}]}}, 0x0, 0x2a, 0x0, 0x1}, 0x28) sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000000)=ANY=[@ANYBLOB="ec000000", @ANYRES16, @ANYBLOB="01000000000000000000010000000800050001000000140002007767310000000000000000000000000024000300a0cb879a47f5bc644c0e693fa6d031c74a1553b6e901b9ff2f518c78042fb5420800050000000000900008808c00008024000100975c9d81c983c8209ee781254b899f8ed925ae9f0923c23c62f53c57cdbf691c640009801c000080060001000200000008000200ffffffff050003"], 0xec}, 0x1, 0x0, 0x0, 0x4084}, 0x20000010) syz_usb_connect$cdc_ncm(0x4, 0xd1, &(0x7f0000000040)=ANY=[@ANYBLOB="12011003020000182505a1a44000010203010902bf0002010650000900000000020d00000524060001082400a9b30d240f010a0000000300ff000606241a05001407240a050905580c240c00000000a90c0900030424020204240200042406024424"], 0x0) syz_usb_connect(0x3, 0xf5, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000772aed408680070bb96c010203010902e30003dc2000000904003f000e01000505a40600010524007f000d240f0104000000080000000006241a03000a05240101070424020a1524120009a317a88b045e4f01a607c0ffcb7e392a09044c03003a92a2010a240109000102010205240401050c2402"], 0x0) 1.314950906s ago: executing program 3 (id=215): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000280)={@mcast2, 0x800, 0x0, 0x103, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f0000000040)=0x5, 0x4) sendmsg$inet6(r0, &(0x7f0000000140)={&(0x7f00000000c0)={0xa, 0x4e22, 0x80000, @mcast2, 0x3}, 0x1c, 0x0, 0x0, &(0x7f0000000000)=[@tclass={{0x10, 0x29, 0x43, 0x1001ff}}], 0x10}, 0x20040091) 1.209977657s ago: executing program 3 (id=216): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x22000406, &(0x7f00000001c0)={[{@dioread_lock}, {@noblock_validity}, {@abort}, {@init_itable}, {@dax_inode}, {@grpjquota, 0x2e}, {@i_version}, {@errors_remount}, {@jqfmt_vfsv1}, {@grpid}], [], 0x2c}, 0x84, 0x4c2, &(0x7f0000000980)="$eJzs3M1vG0UbAPBnN02afibtW73QD6ihICIKSZMW6IEDIJB6ASHBoRxDGqrStEVNkGhV0YBQOSL+AuCIhMSJCyeQEAIugLjCHSFVqJcWDiho7d3EbmzHdpqY1r+ftPbM7uzOPrM79nrHdgA9q5Q9JBFbI+LXiBiqZGsLlCpPN65dmvrr2qWpJBYWXvozKZe7fu3SVFG0WG9LnhlJI9L3kthbp97ZCxdPT87MTJ/P82NzZ94Ym71w8dFTZyZPTp+cPjtx9OiRw+NPPD7xWEtxXF5heRbX9T1vn9u3+9grHz4/tRCvfv9Ztr9b8+XVcVQMt1RvM6UoxUJuae5A+fHBVW/9v2VbVTrZ0MUdoS19EZEdrv5y/x+Kvlg6eEPx3LuLmW+6tIPAmsnem3Ysm9uXP6eL71/AnSjRx6FHFe/42effYlrP649uu/p09jhdjv9GPv34QqVt0uyz7HDlE3tfg/X/X2feYJFIKvcdmtkaEcfn//4om6LufYgmkpZLAgAs+iq7/nmk3vVfWnNtsz0fQxmOiIMRsTMi/hcRuyJdLHNXRNzdZv2lm/LLr39+3tTmJtuSXf89mY9tFVNlSRFXspjbVo6/P3nt1Mz0obxNRqJ/Y5Yfb1LH18/+8kGjZaWq679syuovrgXz/fhjw8badU5Mzk2uIuQaV9+J2LOhXvzJ4khA1gK7I2JPB9vP2uzUw5/uy9LbtyxfvnL8TdyCcaaFTyIeqhz/+bgp/kJSqanR+OTYYMxMHxorzorlfvjpyovV+f6qdE38g63FNNhpsHVkx39z3fM/j7/oBsV47Wz7dVz57f2Gn2mWH/8kjs9Xl8jP/01LzZad/wPJy+X0QD7vrcm5ufPjEQP5jJr5E0tbK/JF+Sz+kQP1+//OiH8+ztfbGxHZSXxPRNwbEfvzfb8vIu6PiANN4v/umQdeb95CHZ7/t0AW/4lmxz9iOKker+8g0Xf62y8b1d/a69+Rcmokn9PK61+rO7iatgMAAIDbRVoeg07S0SJddXNqV2xOZ87Nzh0sxZtnT1TGqoejPy3udA1V3Q8dz+8NF/mJm/KHI2JH+ZtGm8r50alzM9u6GThQ/q1OTf+PNB0drSz7vdGXXoA7R1vjaNVfOvv8i1u/M8C68ntN6F36P/Qu/R96l/4Pvate/78ccaMLuwKsM+//0Lv0f+hd+j/0Lv0fetLyn8QXf7fSyS/9lxI7j61q9TVPLAytyZbn21+rb40ijeo/7WiYSCKisyoibV5moIXau5ZIVyzz1ErN0r+q/8TIEvvzxMaIaHWty+vWqsUrROJfJgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgNvavwEAAP//+pPjiA==") r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000440)='mountinfo\x00') sendfile(r0, r1, 0x0, 0x1000) 894.436524ms ago: executing program 2 (id=217): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=@newqdisc={0x6c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cbs={{0x8}, {0xfffffffffffffff7, 0x2, @TCA_CBS_PARMS={0xffffffffffffffd8}}}, @TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c}, {0x4}}]}]}, 0x6c}}, 0x0) 859.193614ms ago: executing program 1 (id=218): rt_sigprocmask(0x0, &(0x7f0000000000)={[0xffffffff7ffffffd]}, 0x0, 0x8) r0 = gettid() tkill(r0, 0x12) rt_sigtimedwait(&(0x7f0000000040)={[0xffffffffffff7ff8]}, 0x0, 0x0, 0x8) 764.116466ms ago: executing program 2 (id=219): syz_mount_image$hfs(&(0x7f0000000040), &(0x7f0000000100)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="747970653d4fc1f9cb2c636f6465706167653d69736f383835392d362c696f636861727365743d63703835372c71756965742c706172743d3078303030303030303030303030303030352c00"], 0x11, 0x2b6, &(0x7f0000000200)="$eJzs3U9rE0EYx/HfbNI22lK3tiJ4rBb0Ilov4iUieRGeRG0iFENFrfjnVMWTiN69+xZ8EV4U34CePPkC6mllZifZJLvZTUOTber3Aw2b7D47z2T/zDyBsgLw37rV+Pn52m/7Z6SKKtK7G1IgqSZVJZ3R2dqznd3t3Xarmbejiouwf0ZxpElts7XTygq1cS7CC+27qpZ6P8NkRFF081fZSaB07urPEEgL/up062tTzyzf6zHj9g45j1lj9rWvF1ouOw8AQLn8+B/4cX7Jz9+DQNrww/6RHP/HtV92AhMX5a7tGf9dlRUZe3xPuVVJvedKOLs+6FSJo7Q8N/B+XvGZ1TfBNEVVpcslOPFgu926vPWo3Qz0RnWvZ7M199qMT92OgmzXM2rTHCP03WTPKBddH+ZsHzbj/J9L6st/dcwWx2a+mu/mjgn1Sc3u/K8aGXuY3JEKB45UnP+V4Xt0vQztVvK3jXq9HvRtsuIaOedb8Ap6WcuuSNQ5o1bU/wNBWJSnizo9EBX37mpB1Gpm1Gbn3ZCotb4o25vu2Ty8vUkzH8xts64/+qJGz/w/sPltKPfKTK4asxEPBe4bj/szn91c1e0zTI0c6cul+y0uDEv9b/49DQfwXvd1XctPX756WGm3W0/swr2MhcdL3U/m3kqZ25S8oL3kkwVFTmrjzqA0zcQuHeoO7f2jcGN7lR2Jg3KsFxrfpnsilbFQ8v0JU5Ec9LIzQUnsvMvE9V9Sr1TjyZ59CTPn6SP+EOD3GNk5dreCS2KjeEYu6eSBKrjF4RVcuuZK1Yyu5jp/Uboweouhz/OYMA390F1+/wcAAAAAAAAAAAAAAAAAAJg10/h3grL7CAAAAAAAAAAAAAAAAAAAAADArOs+/1ed5/9qtOf/Dj6K5TCf//txRzz/F5i8fwEAAP//FZd8vg==") syz_mount_image$fuse(0x0, &(0x7f0000000280)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000540)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0, 0x90) getdents64(r0, &(0x7f0000000f80)=""/4096, 0x1000) 754.404096ms ago: executing program 1 (id=220): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x28, 0x1, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000c40)={&(0x7f0000000040)=@newtfilter={0x24, 0x2c, 0xb27, 0x80000004, 0x25dfdbfd, {0x0, 0x0, 0x0, r2, {0x0, 0xd}, {0xffe0, 0x2}, {0xb, 0xffdb}}}, 0x24}, 0x1, 0x0, 0x0, 0x40015}, 0x4004844) 721.121317ms ago: executing program 3 (id=221): r0 = socket(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000005c0)=@newqdisc={0x3c, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0xc, 0x8002, [@TCA_FQ_PIE_TUPDATE={0x8, 0xb1e0, 0x4}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4008005}, 0x0) 650.127998ms ago: executing program 1 (id=222): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000002540)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$unix(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000000)='\"', 0x1}], 0x1, &(0x7f0000000300)=ANY=[@ANYBLOB="14000000000000000100000001000000", @ANYRES32=r0], 0x18}, 0x0) close(r0) recvmsg$unix(r1, &(0x7f0000002500)={0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x2000) 591.231609ms ago: executing program 2 (id=223): ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0xc0189436, 0x56ed03a1fb7a6df) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0b000000080000000c0000000300000001"], 0x48) munmap(&(0x7f0000002000/0x1000)=nil, 0x1000) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1f, 0x7, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}]}, &(0x7f0000000040)='syzkaller\x00', 0x5, 0xc0, &(0x7f00000020c0)=""/192, 0x0, 0x10}, 0x94) 559.538119ms ago: executing program 1 (id=224): socket$netlink(0x10, 0x3, 0xc) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="4400000001010102000000000000000002000000240002800c000280040001003a00000014000180080001cd4bde2a0192000000000000000c001980080002"], 0x44}, 0x1, 0x0, 0x0, 0x80}, 0x0) 508.70658ms ago: executing program 3 (id=225): openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x40, 0x10) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}) write$FUSE_NOTIFY_INVAL_INODE(r0, &(0x7f0000000000)={0x28, 0x2, 0x0, {0x1, 0xfffffffffffffffd}}, 0x28) 481.268531ms ago: executing program 2 (id=226): r0 = socket$netlink(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000020301040000000000000000000040200800010001"], 0x1c}}, 0x0) sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f0000000a40)={0x0, 0x0, &(0x7f0000000a00)={&(0x7f0000000fc0)=ANY=[@ANYBLOB="1c000000020301020000000000000000000000000800010001"], 0x1c}}, 0x0) close(r0) 430.837162ms ago: executing program 0 (id=227): syz_mount_image$ext4(&(0x7f0000000680)='ext2\x00', &(0x7f0000000040)='./file2\x00', 0x10000, &(0x7f00000000c0)={[{@jqfmt_vfsv1}]}, 0x1, 0x559, &(0x7f0000000100)="$eJzs3U9vI2cZAPBnHDu76QYSoIeC1D+ilbIV1N50aRtxaIuEuFUClfsSZb1RtE68ip2yiVaw+wFQJYSg4tYTFyQ+ABLqjStCqgQXThwQqMAuHCoEHTTjyQZnx43Tje3F/v2kN/N/nue1PePxzJuZAGbWMxHxekTMRcTzEbFUjK8UJW73Sjbfvbu3NrKSRJq++bckkmJcNltSlMyFYrHzvU6pzv7B9fVWq7lbDDe62zcanf2DF7a21zebm82dy5dXX157Ze2ltUslS1eHqNmdvqGsXq9+/U8/fvtn33j1V1/+7h+v/OXi97J8F4vph/UodXGIcAP0XpNa9lrcl2W/+8lX+UiZK+pTO3HOhbHkAwDAx8uO8T8bEV/Mj/+XYm6oY+ueZKSZAQAAAGclfW0x/p1EpAAAAMDUquRtYJNKvWgLsBiVSr3ea8P7eDxWabU73S9da+/tXO21lV2OWuXaVqt5ab7XpnY5akk2vJr3Hw2/eH846WsD/KOlhXx6faPdujq50x4AAAAwUy4c+/3/z6Xe7/+PcSdN03RsCQIAAABnY3nSCQAAAAAj9+Dv/3cnkgcAAAAwOq7/AwAAwFT75htvZCW9d/fWxlxEXH1rf+96+61fR7Nzvb69t1HfaO/eqG+225ut9FzE9knra7XbN74SO3s3G91mp9vo7B9c2W7v7XSvbPU9AhsAAAAYo888/d7vk4i4/dWFvGTmsz9zAxbotRWojC9DYFSG35Bt8jBtBn3NP6g60jyA8bNVw+yq9TrJyXP+yz3/YUqdtAMY2HjnNw8V1oNEAABgjFY+X379v3p0bgCYUq7qw+wqvf5vpwAzwfV/mF21U7QABKbPwhDznO9vAnDUXGDo6/+Hl/rn3QgEAAAmZDEvSaVenPZfjMqHaU8sRy25ttVqXoqIT0fE75Zq57Lh1XzJZJh/GgAAAAAAAAAAAAAAAAAAAAAAAAAA8rtyJ5ECAAAAUy2i8uekeKDXytJzi8fPD8wnHy7l3fzpAG/+5OZ6t7u7mo3/ezE+ovtOMf7F05x58JBhAAAAGJX8d/oPiu7qpLMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYNrcu3tr47CMM+4HX4uI5bL41Tifd89HLSIe+0cS1cOFno5IImLuDOLfvhMRT5TFT7K0YrnIoi9+RFQiYiHPYuTxn0zTtDT+hYeODrPtvWz/83rZ9leJZ/Ju+fZfLcrDGrz/q9zf/82VxM/2PJ8aMsYX3v9Fo3zKud70avn+5zB+MiD+s2WrLHlRvvPtg4NBuaXvRqyUfv8kfbEa3e0bjc7+wQtb2+ubzc3mzuXLqy+vvbL20tqlxrWtVrP4Wxrjh0/+8qNB8fPvlgHxl/vrv368/s8druAE/3n/5t3PHYX731XEB3ciLj4bH6Xpg+//E/3x+17aufh+MVdvRSsRb/+1mLZyLP5TP//tU4Nyy+JfHVD/k97/iydXPff8t+73pkMuAgCMUGf/4Pp6q9XcPX3PwumWeidN008c65Q92RHzgEl/+Gmv4mcQKzs+OoOcHx+U6qPc89ppZk7PlX3YzuIt+P/sqT78x6Yy+BN+Rj0T3S0BAAAjcHTQP+lMAAAAAAAAAAAAAAAAAAAAYHaN44Znx2Pe7nXmJ1BdAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICB/hsAAP//Nj3bgA==") r0 = socket$inet6(0xa, 0x80002, 0x88) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x0, @mcast2, 0x6}, 0x1c) syz_emit_ethernet(0x83, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaf9ff030086dd601b8b97004d88c19edace00000000000000002100000002ff02000000000000000000000000000104004e20004d"], 0x0) 384.028283ms ago: executing program 1 (id=228): r0 = syz_io_uring_setup(0x17af, &(0x7f0000000380)={0x0, 0xa112, 0x13290}, &(0x7f0000000300), &(0x7f00000000c0)) r1 = eventfd2(0x6, 0x0) io_uring_register$IORING_REGISTER_EVENTFD(r0, 0x4, &(0x7f0000000200)=r1, 0x1) io_uring_enter(r0, 0x20, 0x3, 0x1, 0x0, 0x0) 306.761484ms ago: executing program 2 (id=229): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000080)=0xb0000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@my=0x0}) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000040)={@any, 0x2}) 272.460785ms ago: executing program 3 (id=230): r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000140)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa04, &(0x7f0000000000)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x0, 0x2}) 225.631886ms ago: executing program 1 (id=231): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @any, 0x0, 0x1}, 0xe) setsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0xf, &(0x7f0000000080)=0x4, 0x4) recvfrom(r0, 0x0, 0x0, 0x40, 0x0, 0x0) 134.698738ms ago: executing program 0 (id=232): r0 = syz_usb_connect$uac1(0x0, 0xa2, &(0x7f0000000140)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x90, 0x3, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{}, [@extension_unit={0x9, 0x24, 0x8, 0x0, 0x0, 0x0, 'LX'}, @mixer_unit={0x6, 0x24, 0x4, 0x0, 0x0, 'R'}, @selector_unit={0x7, 0x24, 0x5, 0x0, 0x0, "53f1"}, @selector_unit={0xb, 0x24, 0x5, 0x0, 0x0, "133b9bda531c"}, @selector_unit={0x9, 0x24, 0x5, 0x0, 0x5, "96efc259"}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x0, 0x0, 0x0, 0x0, {0x7, 0x25, 0x1, 0x82}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@as_header={0x7, 0x24, 0x1, 0x0, 0x4}]}, {{0x9, 0x5, 0x82, 0x9, 0x10, 0x0, 0x0, 0x0, {0x7, 0x25, 0x1, 0x3}}}}}}}]}}, 0x0) syz_usb_control_io$uac1(r0, &(0x7f0000001100)={0x14, 0x0, &(0x7f0000001040)={0x0, 0x3, 0x2, @string={0x2}}}, 0x0) syz_usb_control_io(r0, &(0x7f00000021c0)={0x2c, 0x0, &(0x7f0000002080)={0x0, 0x3, 0x4, @lang_id={0x4}}, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) 100.158218ms ago: executing program 2 (id=233): r0 = timerfd_create(0x0, 0x0) timerfd_settime(r0, 0x3, &(0x7f0000000140), 0x0) clock_adjtime(0x0, &(0x7f0000000000)={0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x639252a7, 0x3b9ac9ff, 0x4, 0x0, 0x200000000000, 0x0, 0x6, 0x0, 0x1, 0xffffffffffffffff}) timerfd_settime(r0, 0x3, &(0x7f0000000000)={{0x77359400}, {0x77359400}}, 0x0) 0s ago: executing program 3 (id=234): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x18, &(0x7f0000000640)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x10000}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000180)='signal_generate\x00', r1}, 0x18) syz_open_procfs$namespace(0x0, 0xfffffffffffffffe) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.254' (ED25519) to the list of known hosts. [ 81.950218][ T5775] cgroup: Unknown subsys name 'net' [ 82.090563][ T5775] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 83.794049][ T5775] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 85.910420][ T5788] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 85.931844][ T5788] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 85.950476][ T5788] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 85.969488][ T5788] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 85.977496][ T5802] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 85.995029][ T5793] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 85.996441][ T5801] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 86.005054][ T5793] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 86.011809][ T5801] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 86.017059][ T5793] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 86.031654][ T5802] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 86.032107][ T5801] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 86.040624][ T5802] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 86.048904][ T5801] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 86.060335][ T5802] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 86.061051][ T5793] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 86.068508][ T5802] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 86.082885][ T5102] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 86.091542][ T5102] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 86.099590][ T5793] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 86.108216][ T50] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 86.108214][ T5793] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 86.108680][ T50] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 86.129568][ T5793] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 86.631226][ T5789] chnl_net:caif_netlink_parms(): no params data found [ 86.742518][ T5784] chnl_net:caif_netlink_parms(): no params data found [ 86.824822][ T5785] chnl_net:caif_netlink_parms(): no params data found [ 86.836340][ T5789] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.844466][ T5789] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.852608][ T5789] bridge_slave_0: entered allmulticast mode [ 86.860041][ T5789] bridge_slave_0: entered promiscuous mode [ 86.928964][ T5789] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.938562][ T5789] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.946288][ T5789] bridge_slave_1: entered allmulticast mode [ 86.953899][ T5789] bridge_slave_1: entered promiscuous mode [ 87.047505][ T5798] chnl_net:caif_netlink_parms(): no params data found [ 87.068949][ T5789] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.080482][ T5784] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.087693][ T5784] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.109352][ T5784] bridge_slave_0: entered allmulticast mode [ 87.116860][ T5784] bridge_slave_0: entered promiscuous mode [ 87.130435][ T5784] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.137610][ T5784] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.149278][ T5784] bridge_slave_1: entered allmulticast mode [ 87.157977][ T5784] bridge_slave_1: entered promiscuous mode [ 87.247635][ T5789] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.305624][ T5785] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.313957][ T5785] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.322225][ T5785] bridge_slave_0: entered allmulticast mode [ 87.330260][ T5785] bridge_slave_0: entered promiscuous mode [ 87.373629][ T5785] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.382079][ T5785] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.390780][ T5785] bridge_slave_1: entered allmulticast mode [ 87.398262][ T5785] bridge_slave_1: entered promiscuous mode [ 87.415994][ T5789] team0: Port device team_slave_0 added [ 87.429502][ T5784] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.500175][ T5789] team0: Port device team_slave_1 added [ 87.508726][ T5784] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.548433][ T5785] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.615966][ T5785] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.656124][ T5798] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.664436][ T5798] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.672663][ T5798] bridge_slave_0: entered allmulticast mode [ 87.680689][ T5798] bridge_slave_0: entered promiscuous mode [ 87.689987][ T5789] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.697159][ T5789] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.724266][ T5789] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.738533][ T5789] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.750549][ T5789] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.776799][ T5789] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.802815][ T5784] team0: Port device team_slave_0 added [ 87.822159][ T5798] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.829827][ T5798] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.837028][ T5798] bridge_slave_1: entered allmulticast mode [ 87.844325][ T5798] bridge_slave_1: entered promiscuous mode [ 87.887128][ T5784] team0: Port device team_slave_1 added [ 87.910645][ T5785] team0: Port device team_slave_0 added [ 87.956650][ T5785] team0: Port device team_slave_1 added [ 87.965109][ T5798] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.978982][ T5798] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.993917][ T5789] hsr_slave_0: entered promiscuous mode [ 88.000918][ T5789] hsr_slave_1: entered promiscuous mode [ 88.008388][ T5784] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.019164][ T5784] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.045306][ T5784] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.094438][ T5784] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.102021][ T5784] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.128511][ T5784] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.142519][ T50] Bluetooth: hci0: command tx timeout [ 88.148023][ T5785] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.155966][ T5785] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.182211][ T5785] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.209335][ T5796] Bluetooth: hci2: command tx timeout [ 88.209437][ T5793] Bluetooth: hci1: command tx timeout [ 88.215170][ T50] Bluetooth: hci3: command tx timeout [ 88.241071][ T5785] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.248149][ T5785] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.274576][ T5785] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.290059][ T5798] team0: Port device team_slave_0 added [ 88.298627][ T5798] team0: Port device team_slave_1 added [ 88.408360][ T5784] hsr_slave_0: entered promiscuous mode [ 88.415122][ T5784] hsr_slave_1: entered promiscuous mode [ 88.422142][ T5784] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 88.433952][ T5784] Cannot create hsr debugfs directory [ 88.441515][ T5798] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.448501][ T5798] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.474910][ T5798] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.533308][ T5785] hsr_slave_0: entered promiscuous mode [ 88.540181][ T5785] hsr_slave_1: entered promiscuous mode [ 88.546484][ T5785] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 88.555807][ T5785] Cannot create hsr debugfs directory [ 88.562331][ T5798] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.569736][ T5798] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.595842][ T5798] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.840302][ T5798] hsr_slave_0: entered promiscuous mode [ 88.846904][ T5798] hsr_slave_1: entered promiscuous mode [ 88.854182][ T5798] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 88.865052][ T5798] Cannot create hsr debugfs directory [ 88.963079][ T5789] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 89.008219][ T5789] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 89.056085][ T5789] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 89.102268][ T5789] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 89.123951][ T5784] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 89.167260][ T5784] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 89.202693][ T5784] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 89.215950][ T5784] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 89.337482][ T5785] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 89.352800][ T5785] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 89.380138][ T5785] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 89.394995][ T5785] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 89.457446][ T5798] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 89.482409][ T5798] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 89.494662][ T5798] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 89.506485][ T5798] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 89.628327][ T5789] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.707848][ T5789] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.725851][ T5784] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.773168][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.780685][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.797037][ T5784] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.810498][ T2908] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.817677][ T2908] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.837511][ T5785] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.878269][ T2937] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.885560][ T2937] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.918655][ T5785] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.942128][ T5798] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.954938][ T2937] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.962423][ T2937] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.990689][ T1121] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.997872][ T1121] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.026879][ T1121] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.034129][ T1121] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.133237][ T5784] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 90.160565][ T5784] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 90.196754][ T5798] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.212225][ T50] Bluetooth: hci0: command tx timeout [ 90.251678][ T2908] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.258857][ T2908] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.289402][ T50] Bluetooth: hci1: command tx timeout [ 90.292708][ T5793] Bluetooth: hci3: command tx timeout [ 90.294855][ T50] Bluetooth: hci2: command tx timeout [ 90.351134][ T2908] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.358344][ T2908] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.604501][ T5789] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.679295][ T5784] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.728445][ T5789] veth0_vlan: entered promiscuous mode [ 90.795906][ T5789] veth1_vlan: entered promiscuous mode [ 90.867937][ T5784] veth0_vlan: entered promiscuous mode [ 90.908990][ T5789] veth0_macvtap: entered promiscuous mode [ 90.932542][ T5784] veth1_vlan: entered promiscuous mode [ 90.950524][ T5789] veth1_macvtap: entered promiscuous mode [ 90.991996][ T5785] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.042568][ T5789] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.056719][ T5789] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.078907][ T5798] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.101575][ T5784] veth0_macvtap: entered promiscuous mode [ 91.116540][ T5789] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.125932][ T5789] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.136874][ T5789] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.148323][ T5789] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.185626][ T5784] veth1_macvtap: entered promiscuous mode [ 91.228622][ T5785] veth0_vlan: entered promiscuous mode [ 91.261420][ T5784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.272349][ T5784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.283915][ T5784] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.299868][ T5784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.310591][ T5784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.323523][ T5784] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.360246][ T5785] veth1_vlan: entered promiscuous mode [ 91.404779][ T5784] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.417083][ T5784] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.425973][ T5784] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.435082][ T5784] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.500573][ T5798] veth0_vlan: entered promiscuous mode [ 91.564893][ T5798] veth1_vlan: entered promiscuous mode [ 91.636410][ T58] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.652544][ T58] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.673181][ T5785] veth0_macvtap: entered promiscuous mode [ 91.687208][ T1121] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.690922][ T5785] veth1_macvtap: entered promiscuous mode [ 91.710701][ T1121] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.777798][ T5785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.790115][ T48] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.798749][ T48] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.806781][ T5785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.818196][ T5785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.829215][ T5785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.847160][ T5785] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.877296][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.904776][ T5785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.919125][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.930080][ T5785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.945689][ T5785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.956289][ T5785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.968979][ T5785] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.996746][ T5798] veth0_macvtap: entered promiscuous mode [ 92.035470][ T5785] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.053658][ T5785] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.063204][ T5785] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.072272][ T5785] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.088794][ T5798] veth1_macvtap: entered promiscuous mode [ 92.222831][ T1185] cfg80211: failed to load regulatory.db [ 92.230128][ T5798] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 92.254007][ T5881] syz.1.2[5881]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 92.264674][ T5798] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.289343][ T50] Bluetooth: hci0: command tx timeout [ 92.305083][ T5798] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 92.320027][ T5798] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.334425][ T5798] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 92.345950][ T5798] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.358849][ T5798] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 92.369466][ T50] Bluetooth: hci2: command tx timeout [ 92.374927][ T50] Bluetooth: hci3: command tx timeout [ 92.380729][ T5796] Bluetooth: hci1: command tx timeout [ 92.432017][ T5798] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 92.446225][ T5798] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.471158][ T5798] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 92.484815][ T5798] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.499261][ T5798] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 92.514535][ T5798] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.528774][ T5798] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 92.587756][ T5798] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.619483][ T5798] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.628352][ T5798] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.649190][ T5798] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.727103][ T48] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.752274][ T48] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.820125][ T5881] loop1: detected capacity change from 0 to 32768 [ 92.860498][ T2913] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.924511][ T2913] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.004776][ T5881] MetaData crosses page boundary!! [ 93.025258][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.042133][ T5881] lblock = 60b00, size = 8908800 [ 93.063666][ T5881] CPU: 0 PID: 5881 Comm: syz.1.2 Not tainted 6.6.96-syzkaller #0 [ 93.071476][ T5881] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 93.079279][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.081567][ T5881] Call Trace: [ 93.092203][ T5881] [ 93.095165][ T5881] dump_stack_lvl+0x16c/0x230 [ 93.099880][ T5881] ? show_regs_print_info+0x20/0x20 [ 93.105107][ T5881] ? load_image+0x3b0/0x3b0 [ 93.109650][ T5881] ? folio_unlock+0x118/0x2e0 [ 93.114370][ T5881] __get_metapage+0xaac/0xfa0 [ 93.119170][ T5881] dtSearch+0x591/0x21b0 [ 93.123459][ T5881] jfs_lookup+0x156/0x380 [ 93.127823][ T5881] ? jfs_get_parent+0xb0/0xb0 [ 93.132600][ T5881] ? __lock_acquire+0x7c80/0x7c80 [ 93.137703][ T5881] ? __rwlock_init+0x150/0x150 [ 93.142523][ T5881] ? _raw_spin_unlock+0x28/0x40 [ 93.147413][ T5881] ? d_alloc+0x173/0x1b0 [ 93.151698][ T5881] lookup_one_qstr_excl+0x112/0x250 [ 93.156946][ T5881] filename_create+0x222/0x460 [ 93.161749][ T5881] ? kern_path_create+0x50/0x50 [ 93.166645][ T5881] ? __virt_addr_valid+0x18c/0x540 [ 93.172480][ T5881] ? __virt_addr_valid+0x469/0x540 [ 93.177633][ T5881] do_mkdirat+0xa1/0x440 [ 93.181901][ T5881] ? vfs_mkdir+0x440/0x440 [ 93.186345][ T5881] __x64_sys_mkdirat+0x89/0xa0 [ 93.191132][ T5881] do_syscall_64+0x55/0xb0 [ 93.195573][ T5881] ? clear_bhb_loop+0x40/0x90 [ 93.200267][ T5881] ? clear_bhb_loop+0x40/0x90 [ 93.204967][ T5881] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 93.210887][ T5881] RIP: 0033:0x7f242618e929 [ 93.215333][ T5881] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 93.235056][ T5881] RSP: 002b:00007f2426f53038 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 93.243543][ T5881] RAX: ffffffffffffffda RBX: 00007f24263b5fa0 RCX: 00007f242618e929 [ 93.251636][ T5881] RDX: 0000000000000000 RSI: 0000200000002040 RDI: ffffffffffffff9c [ 93.259772][ T5881] RBP: 00007f2426210b39 R08: 0000000000000000 R09: 0000000000000000 [ 93.267796][ T5881] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 93.275820][ T5881] R13: 0000000000000000 R14: 00007f24263b5fa0 R15: 00007fffff7fbc48 [ 93.283843][ T5881] [ 93.303651][ T5881] bread failed! [ 93.307207][ T5881] jfs_lookup: dtSearch returned -5 [ 93.367167][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.376126][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.475850][ T112] blkno = 8ed2c, nblocks = 1 [ 93.494378][ T112] ERROR: (device loop1): dbUpdatePMap: blocks are outside the map [ 93.494378][ T112] [ 93.561765][ T112] ERROR: (device loop1): remounting filesystem as read-only [ 93.599705][ T112] JFS: metapage_get_blocks failed [ 93.611951][ T112] ERROR: (device loop1): release_metapage: metapage_write_one() failed [ 93.611951][ T112] [ 93.659749][ T112] blkno = 8ed2c, nblocks = 1 [ 93.664413][ T112] ERROR: (device loop1): dbUpdatePMap: blocks are outside the map [ 93.664413][ T112] [ 93.911099][ T5894] loop3: detected capacity change from 0 to 2048 [ 93.960086][ T5896] process 'syz.2.9' launched './file0' with NULL argv: empty string added [ 94.004718][ T5899] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 94.181727][ T27] audit: type=1800 audit(1751804471.888:2): pid=5894 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.8" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 94.374824][ T50] Bluetooth: hci0: command tx timeout [ 94.449715][ T50] Bluetooth: hci2: command tx timeout [ 94.455832][ T5796] Bluetooth: hci3: command tx timeout [ 94.455848][ T5793] Bluetooth: hci1: command tx timeout [ 94.789590][ T5912] Bluetooth: MGMT ver 1.22 [ 94.820324][ T5914] input: syz1 as /devices/virtual/input/input5 [ 94.898667][ T5919] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 95.299270][ T5926] loop2: detected capacity change from 0 to 4096 [ 95.355576][ T5931] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 95.961541][ T5946] netlink: 8 bytes leftover after parsing attributes in process `syz.0.29'. [ 96.043717][ T5953] loop1: detected capacity change from 0 to 24 [ 96.256613][ T5959] netlink: 104 bytes leftover after parsing attributes in process `syz.2.35'. [ 96.460505][ T5963] netlink: 20 bytes leftover after parsing attributes in process `syz.0.37'. [ 96.716756][ T5973] loop0: detected capacity change from 0 to 512 [ 96.916983][ T5973] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 96.948482][ T5973] ext4 filesystem being mounted at /10/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 97.077461][ T5973] EXT4-fs (loop0): shut down requested (2) [ 97.196643][ T5784] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 97.221620][ T5985] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 97.244271][ T5985] netlink: 12 bytes leftover after parsing attributes in process `syz.3.46'. [ 97.262292][ T5987] loop1: detected capacity change from 0 to 256 [ 97.562929][ T5992] bridge0: port 2(bridge_slave_1) entered disabled state [ 97.622827][ T5995] loop3: detected capacity change from 0 to 512 [ 97.688983][ T5995] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem [ 97.724645][ T5995] EXT4-fs (loop3): invalid journal inode [ 97.743378][ T5995] EXT4-fs (loop3): can't get journal size [ 97.877445][ T5995] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=e016c118, mo2=0002] [ 97.914771][ T5995] System zones: 1-12, 13-13 [ 97.962822][ T5995] EXT4-fs (loop3): 1 truncate cleaned up [ 97.973371][ T5995] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 98.144494][ T5785] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 98.547821][ T6019] loop3: detected capacity change from 0 to 512 [ 98.568324][ T6019] EXT4-fs: Ignoring removed mblk_io_submit option [ 98.607672][ T6019] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2244: inode #15: comm syz.3.58: corrupted in-inode xattr: overlapping e_value [ 98.677946][ T6019] EXT4-fs error (device loop3): ext4_orphan_get:1404: comm syz.3.58: couldn't read orphan inode 15 (err -117) [ 98.763529][ T6019] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 98.916253][ T6019] EXT4-fs error (device loop3): ext4_add_entry:2486: inode #2: comm syz.3.58: Directory hole found for htree leaf block 0 [ 98.939906][ T6025] loop1: detected capacity change from 0 to 4096 [ 98.969374][ T6025] ntfs3: loop1: Different NTFS sector size (1024) and media sector size (512). [ 99.044080][ T5785] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 99.683230][ T6024] loop0: detected capacity change from 0 to 40427 [ 99.713483][ T6024] F2FS-fs (loop0): build fault injection attr: rate: 771, type: 0x7ffff [ 99.746471][ T6024] F2FS-fs (loop0): invalid crc value [ 99.798432][ T6024] F2FS-fs (loop0): Found nat_bits in checkpoint [ 100.019585][ T6024] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 100.255260][ T6058] netlink: 40 bytes leftover after parsing attributes in process `syz.2.74'. [ 100.315727][ T5784] syz-executor: attempt to access beyond end of device [ 100.315727][ T5784] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 100.364943][ T5784] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 100.922691][ T6070] loop1: detected capacity change from 0 to 1024 [ 100.962742][ T6070] ======================================================= [ 100.962742][ T6070] WARNING: The mand mount option has been deprecated and [ 100.962742][ T6070] and is ignored by this kernel. Remove the mand [ 100.962742][ T6070] option from the mount to silence this warning. [ 100.962742][ T6070] ======================================================= [ 101.090965][ T6074] netlink: 12 bytes leftover after parsing attributes in process `syz.2.83'. [ 101.196776][ T27] audit: type=1326 audit(1751804478.908:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6080 comm="syz.0.75" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa14a78e929 code=0x7ffc0000 [ 101.200586][ T6070] EXT4-fs (loop1): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 101.269714][ T27] audit: type=1326 audit(1751804478.938:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6080 comm="syz.0.75" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa14a78e929 code=0x7ffc0000 [ 101.312827][ T6070] ext4 filesystem being mounted at /21/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 101.349211][ T27] audit: type=1326 audit(1751804478.938:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6080 comm="syz.0.75" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa14a78e929 code=0x7ffc0000 [ 101.355276][ T6081] mmap: syz.0.75 (6081) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 101.426670][ T27] audit: type=1326 audit(1751804478.938:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6080 comm="syz.0.75" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa14a78e929 code=0x7ffc0000 [ 101.479493][ T6070] EXT4-fs error (device loop1): ext4_map_blocks:718: inode #15: block 3: comm syz.1.80: lblock 3 mapped to illegal pblock 3 (length 1) [ 101.482148][ T27] audit: type=1326 audit(1751804478.938:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6080 comm="syz.0.75" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa14a78e929 code=0x7ffc0000 [ 101.502574][ T6070] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 1 with error 117 [ 101.527025][ T27] audit: type=1326 audit(1751804478.938:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6080 comm="syz.0.75" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa14a78e929 code=0x7ffc0000 [ 101.529818][ T6070] EXT4-fs (loop1): This should not happen!! Data will be lost [ 101.529818][ T6070] [ 101.555446][ T27] audit: type=1326 audit(1751804478.948:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6080 comm="syz.0.75" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa14a78e929 code=0x7ffc0000 [ 101.597243][ T27] audit: type=1326 audit(1751804478.958:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6080 comm="syz.0.75" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fa14a7858e7 code=0x7ffc0000 [ 101.598491][ T6088] EXT4-fs error (device loop1): ext4_map_blocks:608: inode #15: block 3: comm syz.1.80: lblock 3 mapped to illegal pblock 3 (length 1) [ 101.626706][ T27] audit: type=1326 audit(1751804478.958:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6080 comm="syz.0.75" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa14a72ab19 code=0x7ffc0000 [ 101.662664][ T27] audit: type=1326 audit(1751804478.958:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6080 comm="syz.0.75" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fa14a7858e7 code=0x7ffc0000 [ 101.788786][ T5789] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 102.013711][ T6098] netlink: 4 bytes leftover after parsing attributes in process `syz.3.91'. [ 102.164548][ T6108] loop0: detected capacity change from 0 to 1024 [ 102.174578][ T6108] ext4: Unknown parameter 'nouser_xattr' [ 102.260224][ T6108] netlink: 43 bytes leftover after parsing attributes in process `syz.0.95'. [ 102.960759][ T6118] loop0: detected capacity change from 0 to 32768 [ 102.992530][ T6118] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 103.083376][ T6134] loop1: detected capacity change from 0 to 4096 [ 103.099144][ T6134] ntfs3: loop1: Different NTFS sector size (2048) and media sector size (512). [ 103.140038][ T6139] netlink: 'syz.3.105': attribute type 2 has an invalid length. [ 103.147867][ T6139] netlink: 84 bytes leftover after parsing attributes in process `syz.3.105'. [ 103.182159][ T6118] XFS (loop0): Ending clean mount [ 103.194493][ T6134] ntfs3: loop1: Mark volume as dirty due to NTFS errors [ 103.262410][ T6142] loop3: detected capacity change from 0 to 64 [ 103.536019][ T6150] binder: 6149:6150 ioctl 40046205 0 returned -22 [ 103.556442][ T5784] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 103.780243][ T786] usb 2-1: new full-speed USB device number 2 using dummy_hcd [ 103.923760][ T6159] Illegal XDP return value 4294967274 on prog (id 11) dev N/A, expect packet loss! [ 103.984949][ T786] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 104.001891][ T786] usb 2-1: New USB device found, idVendor=056a, idProduct=00de, bcdDevice= 0.00 [ 104.030228][ T786] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 104.054653][ T786] usb 2-1: config 0 descriptor?? [ 104.065930][ T6148] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 104.065959][ T6165] loop0: detected capacity change from 0 to 1024 [ 104.236298][ T11] hfsplus: b-tree write err: -5, ino 4 [ 104.547730][ T786] wacom 0003:056A:00DE.0001: unknown main item tag 0x0 [ 104.578838][ T786] wacom 0003:056A:00DE.0001: unknown main item tag 0x0 [ 104.598814][ T786] wacom 0003:056A:00DE.0001: unknown main item tag 0x0 [ 104.606058][ T786] wacom 0003:056A:00DE.0001: unknown main item tag 0x0 [ 104.623463][ T786] wacom 0003:056A:00DE.0001: unknown main item tag 0x0 [ 104.636930][ T786] wacom 0003:056A:00DE.0001: Unknown device_type for 'HID 056a:00de'. Assuming pen. [ 104.677965][ T786] wacom 0003:056A:00DE.0001: hidraw0: USB HID v1.01 Device [HID 056a:00de] on usb-dummy_hcd.1-1/input0 [ 104.703036][ T786] input: Wacom Bamboo 16FG 4x5 Pen as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:056A:00DE.0001/input/input6 [ 104.824094][ T786] usb 2-1: USB disconnect, device number 2 [ 105.114559][ T6198] loop0: detected capacity change from 0 to 64 [ 105.124554][ T6198] hfs: unable to locate alternate MDB [ 105.130658][ T6198] hfs: continuing without an alternate MDB [ 105.146837][ T6198] hfs: filesystem was not cleanly unmounted, running fsck.hfs is recommended. mounting read-only. [ 105.362590][ T6206] loop2: detected capacity change from 0 to 2048 [ 105.370108][ T6206] EXT4-fs: Ignoring removed nobh option [ 105.428119][ T6206] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 105.463894][ T6206] ext4 filesystem being mounted at /35/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 105.535287][ T6213] input: syz1 as /devices/virtual/input/input9 [ 105.640709][ T5798] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 105.692841][ T6216] netlink: 12 bytes leftover after parsing attributes in process `syz.0.138'. [ 105.805622][ T6221] netlink: 40 bytes leftover after parsing attributes in process `syz.2.137'. [ 105.815666][ T6221] netlink: 3 bytes leftover after parsing attributes in process `syz.2.137'. [ 105.835069][ T23] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 106.035102][ T23] usb 2-1: config 0 has no interfaces? [ 106.049371][ T23] usb 2-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 106.077461][ T23] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 106.102840][ T23] usb 2-1: config 0 descriptor?? [ 106.358105][ T8] usb 2-1: USB disconnect, device number 3 [ 106.570933][ T27] kauditd_printk_skb: 62 callbacks suppressed [ 106.570948][ T27] audit: type=1326 audit(1751804484.288:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6248 comm="syz.0.153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa14a78e929 code=0x7ffc0000 [ 106.625746][ T27] audit: type=1326 audit(1751804484.288:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6248 comm="syz.0.153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa14a78e929 code=0x7ffc0000 [ 106.661051][ T27] audit: type=1326 audit(1751804484.288:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6248 comm="syz.0.153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa14a78e929 code=0x7ffc0000 [ 106.684996][ T27] audit: type=1326 audit(1751804484.318:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6248 comm="syz.0.153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa14a78e929 code=0x7ffc0000 [ 106.707453][ T27] audit: type=1326 audit(1751804484.318:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6248 comm="syz.0.153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fa14a7858e7 code=0x7ffc0000 [ 106.731542][ T27] audit: type=1326 audit(1751804484.318:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6248 comm="syz.0.153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa14a72ab19 code=0x7ffc0000 [ 106.756092][ T27] audit: type=1326 audit(1751804484.318:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6248 comm="syz.0.153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fa14a7858e7 code=0x7ffc0000 [ 106.778697][ T27] audit: type=1326 audit(1751804484.318:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6248 comm="syz.0.153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa14a72ab19 code=0x7ffc0000 [ 106.802061][ T27] audit: type=1326 audit(1751804484.318:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6248 comm="syz.0.153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fa14a7858e7 code=0x7ffc0000 [ 106.824677][ T27] audit: type=1326 audit(1751804484.318:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6248 comm="syz.0.153" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fa14a72ab19 code=0x7ffc0000 [ 107.124338][ T6260] loop0: detected capacity change from 0 to 256 [ 107.138645][ T6260] exfat: Deprecated parameter 'utf8' [ 107.147702][ T6260] exfat: Deprecated parameter 'namecase' [ 107.178100][ T6260] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xfa2e39b7, utbl_chksum : 0xe619d30d) [ 107.286832][ T6263] loop1: detected capacity change from 0 to 128 [ 107.372778][ T6263] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 107.439010][ T6263] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 107.540986][ T6269] netlink: 52 bytes leftover after parsing attributes in process `syz.0.162'. [ 107.778335][ T6279] loop1: detected capacity change from 0 to 512 [ 107.812857][ T6279] EXT4-fs: Ignoring removed i_version option [ 107.818946][ T6279] EXT4-fs: Ignoring removed mblk_io_submit option [ 107.919609][ T8] usb 3-1: new full-speed USB device number 2 using dummy_hcd [ 108.004955][ T6279] EXT4-fs (loop1): Test dummy encryption mode enabled [ 108.030659][ T6279] EXT4-fs error (device loop1): ext4_orphan_get:1399: comm syz.1.167: inode #13: comm syz.1.167: iget: illegal inode # [ 108.053931][ T6279] EXT4-fs error (device loop1): ext4_orphan_get:1404: comm syz.1.167: couldn't read orphan inode 13 (err -117) [ 108.074220][ T6279] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 108.132415][ T8] usb 3-1: config 0 has an invalid interface number: 214 but max is 0 [ 108.141211][ T6279] EXT4-fs error (device loop1): htree_dirblock_to_tree:1112: inode #2: block 13: comm syz.1.167: bad entry in directory: rec_len is smaller than minimal - offset=76, inode=0, rec_len=0, size=1024 fake=0 [ 108.167025][ T8] usb 3-1: config 0 has no interface number 0 [ 108.173302][ T8] usb 3-1: config 0 interface 214 altsetting 0 endpoint 0x83 has invalid maxpacket 1023, setting to 64 [ 108.203212][ T8] usb 3-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5 [ 108.237686][ T8] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 108.259448][ T8] usb 3-1: Product: syz [ 108.263704][ T8] usb 3-1: Manufacturer: syz [ 108.268345][ T8] usb 3-1: SerialNumber: syz [ 108.307859][ T5789] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 108.318450][ T8] usb 3-1: config 0 descriptor?? [ 108.544843][ T6304] loop3: detected capacity change from 0 to 1024 [ 108.578097][ T6304] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 108.638789][ T6304] EXT4-fs error (device loop3): ext4_map_blocks:718: inode #3: block 1: comm syz.3.177: lblock 1 mapped to illegal pblock 1 (length 1) [ 108.661585][ T6304] EXT4-fs error (device loop3): ext4_acquire_dquot:6938: comm syz.3.177: Failed to acquire dquot type 0 [ 108.684654][ T6304] EXT4-fs error (device loop3): ext4_free_blocks:6681: comm syz.3.177: Freeing blocks not in datazone - block = 0, count = 4096 [ 108.733899][ T6304] EXT4-fs error (device loop3): ext4_read_inode_bitmap:140: comm syz.3.177: Invalid inode bitmap blk 0 in block_group 0 [ 108.755614][ T6304] EXT4-fs error (device loop3) in ext4_free_inode:363: Corrupt filesystem [ 108.775162][ T6304] EXT4-fs (loop3): 1 orphan inode deleted [ 108.785218][ T12] EXT4-fs error (device loop3): ext4_map_blocks:608: inode #3: block 1: comm kworker/u4:1: lblock 1 mapped to illegal pblock 1 (length 1) [ 108.806914][ T6304] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 108.826015][ T12] EXT4-fs error (device loop3): ext4_release_dquot:6974: comm kworker/u4:1: Failed to release dquot type 0 [ 108.876220][ T6304] EXT4-fs (loop3): shut down requested (1) [ 108.926968][ T5785] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 108.963584][ T8] input: syz syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.214/input/input10 [ 109.160301][ T6316] loop1: detected capacity change from 0 to 32768 [ 109.175677][ T6316] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 109.192175][ T8] usb 3-1: USB disconnect, device number 2 [ 109.246523][ T6316] XFS (loop1): Ending clean mount [ 109.258929][ T6316] XFS (loop1): Quotacheck needed: Please wait. [ 109.279393][ T28] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 109.302839][ T6316] XFS (loop1): Quotacheck: Done. [ 109.390210][ T5789] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 109.471544][ T28] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 109.508123][ T28] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 109.519532][ T28] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00 [ 109.528642][ T28] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 109.550921][ T28] usb 4-1: config 0 descriptor?? [ 109.899199][ T8] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 109.998004][ T28] pyra 0003:1E7D:2CF6.0002: hidraw0: USB HID v0.00 Device [HID 1e7d:2cf6] on usb-dummy_hcd.3-1/input0 [ 110.050372][ T6343] loop2: detected capacity change from 0 to 512 [ 110.078307][ T6343] EXT4-fs error (device loop2): ext4_orphan_get:1399: inode #15: comm syz.2.191: casefold flag without casefold feature [ 110.097280][ T6343] EXT4-fs error (device loop2): ext4_orphan_get:1404: comm syz.2.191: couldn't read orphan inode 15 (err -117) [ 110.117509][ T6343] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 110.143482][ T8] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 110.155654][ T8] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 110.168436][ T8] usb 1-1: config 0 descriptor?? [ 110.178446][ T8] cp210x 1-1:0.0: cp210x converter detected [ 110.200390][ T6348] netlink: 20 bytes leftover after parsing attributes in process `syz.1.193'. [ 110.238515][ T6348] nbd: socks must be embedded in a SOCK_ITEM attr [ 110.340415][ T5798] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 110.402490][ T28] pyra 0003:1E7D:2CF6.0002: couldn't init struct pyra_device [ 110.423758][ T6351] netlink: 20 bytes leftover after parsing attributes in process `syz.1.194'. [ 110.429520][ T28] pyra 0003:1E7D:2CF6.0002: couldn't install mouse [ 110.438141][ T6351] netem: invalid attributes len -18 [ 110.445401][ T6351] netem: change failed [ 110.457750][ T28] pyra: probe of 0003:1E7D:2CF6.0002 failed with error -71 [ 110.488259][ T28] usb 4-1: USB disconnect, device number 2 [ 110.819461][ T8] cp210x 1-1:0.0: failed to get vendor val 0x000e size 678: -71 [ 110.837454][ T8] cp210x 1-1:0.0: GPIO initialisation failed: -71 [ 110.865636][ T8] usb 1-1: cp210x converter now attached to ttyUSB0 [ 110.905663][ T8] usb 1-1: USB disconnect, device number 2 [ 110.943396][ T8] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 110.990133][ T8] cp210x 1-1:0.0: device disconnected [ 111.529049][ C1] sched: RT throttling activated [ 111.786974][ T6355] loop1: detected capacity change from 0 to 131072 [ 111.798279][ T6355] F2FS-fs (loop1): Wrong CP boundary, start(512) end(1536) blocks(0) [ 111.807576][ T6355] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 111.820552][ T6355] F2FS-fs (loop1): invalid crc value [ 111.853734][ T6355] F2FS-fs (loop1): Found nat_bits in checkpoint [ 111.939744][ T6355] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 111.946863][ T6355] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4 [ 112.105471][ T6363] loop3: detected capacity change from 0 to 32768 [ 112.141700][ T6363] XFS (loop3): Mounting V5 Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a [ 112.202344][ T6363] XFS (loop3): Ending clean mount [ 112.272638][ T5785] XFS (loop3): Unmounting Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a [ 112.339635][ T5786] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 112.526805][ T5786] usb 1-1: config 220 has an invalid interface number: 76 but max is 2 [ 112.539821][ T5786] usb 1-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 112.566209][ T5786] usb 1-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 112.586959][ T5786] usb 1-1: config 220 has no interface number 2 [ 112.607295][ T5786] usb 1-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 112.647807][ T5786] usb 1-1: config 220 interface 0 has no altsetting 0 [ 112.665073][ T5786] usb 1-1: config 220 interface 76 has no altsetting 0 [ 112.677611][ T5786] usb 1-1: config 220 interface 1 has no altsetting 0 [ 112.697987][ T5786] usb 1-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 112.711190][ T5786] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 112.729259][ T5786] usb 1-1: Product: syz [ 112.739252][ T5786] usb 1-1: Manufacturer: syz [ 112.744063][ T5786] usb 1-1: SerialNumber: syz [ 112.953162][ T6407] loop3: detected capacity change from 0 to 512 [ 112.983287][ T5786] usb 1-1: Found UVC 7.01 device syz (8086:0b07) [ 112.993738][ T5786] usb 1-1: No valid video chain found. [ 113.003148][ T5786] usb 1-1: selecting invalid altsetting 0 [ 113.028889][ T5786] usb 1-1: selecting invalid altsetting 0 [ 113.037214][ T5786] usbtest: probe of 1-1:220.1 failed with error -22 [ 113.059186][ T6407] EXT4-fs warning (device loop3): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 113.059771][ T5786] usb 1-1: USB disconnect, device number 3 [ 113.089249][ T6407] EXT4-fs warning (device loop3): dx_probe:881: Enable large directory feature to access it [ 113.109341][ T6407] EXT4-fs warning (device loop3): dx_probe:966: inode #2: comm syz.3.216: Corrupt directory, running e2fsck is recommended [ 113.171014][ T6407] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -12 [ 113.189337][ T6407] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2244: inode #15: comm syz.3.216: corrupted in-inode xattr: invalid ea_ino [ 113.222958][ T6407] EXT4-fs (loop3): Remounting filesystem read-only [ 113.228523][ T6413] netlink: 64 bytes leftover after parsing attributes in process `syz.2.217'. [ 113.240588][ T6407] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 113.351877][ T5785] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 113.360665][ T6417] loop2: detected capacity change from 0 to 64 [ 113.611459][ T6427] netlink: 8 bytes leftover after parsing attributes in process `syz.1.224'. [ 113.733650][ T6433] loop0: detected capacity change from 0 to 512 [ 113.771543][ T6433] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem [ 113.824716][ T6433] EXT4-fs error (device loop0): ext4_orphan_get:1399: inode #15: comm syz.0.227: iget: bogus i_mode (5) [ 113.845218][ T6433] EXT4-fs error (device loop0): ext4_orphan_get:1404: comm syz.0.227: couldn't read orphan inode 15 (err -117) [ 113.868155][ T6433] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 113.881559][ T6433] ext2 filesystem being mounted at /53/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 113.952851][ T5784] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 219.139017][ C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 219.146081][ C0] rcu: 1-...!: (1 GPs behind) idle=129c/1/0x4000000000000000 softirq=13386/13387 fqs=0 [ 219.156845][ C0] rcu: (detected by 0, t=10505 jiffies, g=14033, q=408 ncpus=2) [ 219.164616][ C0] Sending NMI from CPU 0 to CPUs 1: [ 219.169864][ C1] NMI backtrace for cpu 1 [ 219.169892][ C1] CPU: 1 PID: 6442 Comm: syz.1.231 Not tainted 6.6.96-syzkaller #0 [ 219.169908][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 219.169921][ C1] RIP: 0010:__hrtimer_run_queues+0x507/0xc40 [ 219.169963][ C1] Code: 24 50 41 89 c6 eb 56 e8 17 e9 0f 00 4c 89 eb 65 4c 8b 2d ac 0c 8e 7e 49 81 c5 c8 0a 00 00 4d 89 ef 49 c1 ef 03 41 0f b6 04 1f <84> c0 0f 85 28 03 00 00 41 c7 45 00 01 00 00 00 4c 89 e7 ff 54 24 [ 219.169977][ C1] RSP: 0018:ffffc900001f0d40 EFLAGS: 00000806 [ 219.169995][ C1] RAX: 0000000000000000 RBX: dffffc0000000000 RCX: ffff88802d510000 [ 219.170006][ C1] RDX: 0000000000010000 RSI: 0000000000000000 RDI: 0000000000000000 [ 219.170016][ C1] RBP: ffffc900001f0e90 R08: ffffffff8e4a7faf R09: 1ffffffff1c94ff5 [ 219.170027][ C1] R10: dffffc0000000000 R11: fffffbfff1c94ff6 R12: ffff88801a6b4340 [ 219.170039][ C1] R13: ffff88802d510ac8 R14: 0000000000000000 R15: 1ffff11005aa2159 [ 219.170050][ C1] FS: 0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 [ 219.170064][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 219.170075][ C1] CR2: 0000200000000140 CR3: 00000000799d5000 CR4: 00000000003506e0 [ 219.170089][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 219.170098][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 219.170108][ C1] Call Trace: [ 219.170116][ C1] [ 219.170128][ C1] ? taprio_dequeue_from_txq+0x8f0/0x8f0 [ 219.170156][ C1] ? hrtimer_interrupt+0x9c0/0x9c0 [ 219.170173][ C1] ? ktime_get_update_offsets_now+0x3d2/0x3f0 [ 219.170199][ C1] hrtimer_interrupt+0x3c9/0x9c0 [ 219.170231][ C1] __sysvec_apic_timer_interrupt+0xfb/0x3b0 [ 219.170254][ C1] sysvec_apic_timer_interrupt+0x9f/0xc0 [ 219.170272][ C1] [ 219.170277][ C1] [ 219.170282][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 219.170303][ C1] RIP: 0010:lock_acquire+0x1f2/0x410 [ 219.170322][ C1] Code: 00 9c 8f 84 24 80 00 00 00 f6 84 24 81 00 00 00 02 0f 85 f5 00 00 00 41 f7 c6 00 02 00 00 74 01 fb 48 c7 44 24 60 0e 36 e0 45 <4b> c7 04 3c 00 00 00 00 66 43 c7 44 3c 09 00 00 43 c6 44 3c 0b 00 [ 219.170335][ C1] RSP: 0018:ffffc9000fb6f320 EFLAGS: 00000206 [ 219.170348][ C1] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 6893ad39792d3c00 [ 219.170358][ C1] RDX: 0000000000000000 RSI: ffffffff8aaac440 RDI: ffffffff8afc6d00 [ 219.170369][ C1] RBP: ffffc9000fb6f430 R08: dffffc0000000000 R09: 1ffffffff21b4aa4 [ 219.170381][ C1] R10: dffffc0000000000 R11: fffffbfff21b4aa5 R12: 1ffff92001f6de70 [ 219.170392][ C1] R13: ffffffff8cd2f760 R14: 0000000000000246 R15: dffffc0000000000 [ 219.170416][ C1] ? pfn_valid+0xcd/0x420 [ 219.170442][ C1] ? read_lock_is_recursive+0x20/0x20 [ 219.170463][ C1] ? page_ext_put+0x9c/0xb0 [ 219.170485][ C1] ? pfn_valid+0xcd/0x420 [ 219.170506][ C1] ? page_ext_get+0x22/0x2b0 [ 219.170530][ C1] page_ext_get+0x3e/0x2b0 [ 219.170552][ C1] ? page_ext_get+0x22/0x2b0 [ 219.170575][ C1] page_table_check_clear+0x4a/0x6a0 [ 219.170598][ C1] ? __page_table_check_pte_clear+0x43/0x70 [ 219.170624][ C1] unmap_page_range+0x1ad1/0x2fe0 [ 219.170657][ C1] ? copy_page_range+0x3600/0x3600 [ 219.170675][ C1] ? unmap_single_vma+0x1b0/0x2a0 [ 219.170695][ C1] unmap_vmas+0x25e/0x3a0 [ 219.170713][ C1] ? unmap_page_range+0x2fe0/0x2fe0 [ 219.170731][ C1] ? __lock_acquire+0x7c80/0x7c80 [ 219.170759][ C1] exit_mmap+0x200/0xb50 [ 219.170784][ C1] ? exit_mm_release+0x1a/0x30 [ 219.170802][ C1] ? vm_brk+0x30/0x30 [ 219.170824][ C1] ? __mutex_unlock_slowpath+0x1a2/0x6a0 [ 219.170863][ C1] ? uprobe_clear_state+0x278/0x290 [ 219.170884][ C1] ? mm_update_next_owner+0x562/0x6c0 [ 219.170910][ C1] __mmput+0x118/0x3c0 [ 219.170926][ C1] exit_mm+0x1da/0x2c0 [ 219.170950][ C1] ? do_exit+0x23c0/0x23c0 [ 219.170981][ C1] ? taskstats_exit+0x35e/0x9e0 [ 219.171010][ C1] do_exit+0x88e/0x23c0 [ 219.171037][ C1] ? put_task_struct+0xc0/0xc0 [ 219.171062][ C1] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 219.171080][ C1] ? get_signal+0x1068/0x1400 [ 219.171106][ C1] ? lock_chain_count+0x20/0x20 [ 219.171124][ C1] ? _raw_spin_lock_irq+0xaf/0xe0 [ 219.171143][ C1] do_group_exit+0x21b/0x2d0 [ 219.171166][ C1] ? lockdep_hardirqs_on+0x98/0x150 [ 219.171184][ C1] get_signal+0x12fc/0x1400 [ 219.171221][ C1] arch_do_signal_or_restart+0x96/0x780 [ 219.171247][ C1] ? l2cap_sock_shutdown+0x10a0/0x10a0 [ 219.171268][ C1] ? do_sock_setsockopt+0x261/0x3e0 [ 219.171294][ C1] ? get_sigframe_size+0x20/0x20 [ 219.171326][ C1] ? exit_to_user_mode_loop+0x3b/0x110 [ 219.171352][ C1] exit_to_user_mode_loop+0x70/0x110 [ 219.171375][ C1] exit_to_user_mode_prepare+0xb1/0x140 [ 219.171398][ C1] syscall_exit_to_user_mode+0x1a/0x50 [ 219.171415][ C1] do_syscall_64+0x61/0xb0 [ 219.171436][ C1] ? clear_bhb_loop+0x40/0x90 [ 219.171455][ C1] ? clear_bhb_loop+0x40/0x90 [ 219.171475][ C1] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 219.171493][ C1] RIP: 0033:0x7f242618e929 [ 219.171513][ C1] Code: Unable to access opcode bytes at 0x7f242618e8ff. [ 219.171521][ C1] RSP: 002b:00007f2426f530e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 219.171536][ C1] RAX: 0000000000000001 RBX: 00007f24263b5fa8 RCX: 00007f242618e929 [ 219.171546][ C1] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f24263b5fac [ 219.171557][ C1] RBP: 00007f24263b5fa0 R08: 0000000000745d1e R09: 0000000000000000 [ 219.171567][ C1] R10: ffffffffffffffff R11: 0000000000000246 R12: 00007f24263b5fac [ 219.171578][ C1] R13: 0000000000000000 R14: 00007fffff7fbb60 R15: 00007fffff7fbc48 [ 219.171597][ C1] [ 219.171853][ C0] rcu: rcu_preempt kthread starved for 10505 jiffies! g14033 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0 [ 219.728567][ C0] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 219.738562][ C0] rcu: RCU grace-period kthread stack dump: [ 219.744479][ C0] task:rcu_preempt state:R running task stack:27464 pid:17 ppid:2 flags:0x00004000 [ 219.755307][ C0] Call Trace: [ 219.758613][ C0] [ 219.761575][ C0] __schedule+0x14e2/0x4580 [ 219.766145][ C0] ? _raw_spin_unlock_irqrestore+0x86/0x110 [ 219.772081][ C0] ? lockdep_hardirqs_on+0x98/0x150 [ 219.777312][ C0] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 219.783243][ C0] ? asan.module_dtor+0x20/0x20 [ 219.788193][ C0] ? enqueue_timer+0x225/0x530 [ 219.793008][ C0] ? __mod_timer+0x984/0xdb0 [ 219.797800][ C0] schedule+0xbd/0x170 [ 219.801914][ C0] schedule_timeout+0x160/0x280 [ 219.806794][ C0] ? console_conditional_schedule+0x40/0x40 [ 219.812725][ C0] ? update_process_times+0x1b0/0x1b0 [ 219.818225][ C0] ? prepare_to_swait_event+0x339/0x360 [ 219.823810][ C0] rcu_gp_fqs_loop+0x302/0x1560 [ 219.828694][ C0] ? rcu_gp_init+0x110e/0x1510 [ 219.833590][ C0] ? rcu_gp_kthread+0x380/0x380 [ 219.838485][ C0] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 219.844523][ C0] ? rcu_gp_init+0x1510/0x1510 [ 219.849324][ C0] ? rcu_gp_cleanup+0xb4c/0xca0 [ 219.854215][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 219.859454][ C0] ? lockdep_hardirqs_on+0x98/0x150 [ 219.864688][ C0] rcu_gp_kthread+0x99/0x380 [ 219.869332][ C0] ? rcu_report_qs_rsp+0x1a0/0x1a0 [ 219.874503][ C0] ? __kthread_parkme+0x7a/0x1c0 [ 219.879482][ C0] ? __kthread_parkme+0x162/0x1c0 [ 219.884556][ C0] kthread+0x2fa/0x390 [ 219.888672][ C0] ? rcu_report_qs_rsp+0x1a0/0x1a0 [ 219.893835][ C0] ? kthread_blkcg+0xd0/0xd0 [ 219.898461][ C0] ret_from_fork+0x48/0x80 [ 219.902914][ C0] ? kthread_blkcg+0xd0/0xd0 [ 219.907529][ C0] ret_from_fork_asm+0x11/0x20 [ 219.912354][ C0] [ 219.915417][ C0] rcu: Stack dump where RCU GP kthread last ran: [ 219.921761][ C0] CPU: 0 PID: 6443 Comm: syz.2.233 Not tainted 6.6.96-syzkaller #0 [ 219.929692][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 219.939776][ C0] RIP: 0010:smp_call_function_many_cond+0xde8/0x1130 [ 219.946500][ C0] Code: 01 31 ff e8 2a e7 0a 00 41 83 e5 01 49 bd 00 00 00 00 00 fc ff df 75 07 e8 65 e3 0a 00 eb 38 f3 90 42 0f b6 04 2b 84 c0 75 11 <41> f7 04 24 01 00 00 00 74 1e e8 49 e3 0a 00 eb e4 44 89 e1 80 e1 [ 219.966143][ C0] RSP: 0018:ffffc9000bf27760 EFLAGS: 00000246 [ 219.972255][ C0] RAX: 0000000000000000 RBX: 1ffff110171e82f5 RCX: ffff888030585a00 [ 219.980253][ C0] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 219.988250][ C0] RBP: ffffc9000bf278e0 R08: ffffffff8e4a7faf R09: 1ffffffff1c94ff5 [ 219.996253][ C0] R10: dffffc0000000000 R11: fffffbfff1c94ff6 R12: ffff8880b8f417a8 [ 220.004259][ C0] R13: dffffc0000000000 R14: ffff8880b8e3d588 R15: 0000000000000001 [ 220.012259][ C0] FS: 0000000000000000(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 [ 220.021220][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 220.027924][ C0] CR2: 00005555714b4808 CR3: 0000000063359000 CR4: 00000000003506f0 [ 220.035927][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 220.044017][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 220.052019][ C0] Call Trace: [ 220.055331][ C0] [ 220.058300][ C0] ? native_flush_tlb_multi+0xd0/0xd0 [ 220.063739][ C0] ? smp_call_function_many+0x40/0x40 [ 220.069142][ C0] ? slab_free_freelist_hook+0x130/0x1b0 [ 220.074820][ C0] ? __tlb_remove_page_size+0x1ed/0x490 [ 220.080399][ C0] ? rcu_is_watching+0x15/0xb0 [ 220.085290][ C0] ? native_flush_tlb_multi+0xd0/0xd0 [ 220.090699][ C0] on_each_cpu_cond_mask+0x3f/0x80 [ 220.095850][ C0] flush_tlb_mm_range+0x41e/0x690 [ 220.100930][ C0] ? flush_tlb_multi+0x50/0x50 [ 220.105745][ C0] tlb_flush_mmu+0x1b7/0x4f0 [ 220.110372][ C0] tlb_finish_mmu+0xc3/0x1d0 [ 220.114991][ C0] ? free_pgtables+0x743/0x770 [ 220.119787][ C0] exit_mmap+0x3f0/0xb50 [ 220.124072][ C0] ? exit_mm_release+0x1a/0x30 [ 220.128874][ C0] ? vm_brk+0x30/0x30 [ 220.132986][ C0] ? __mutex_unlock_slowpath+0x1a2/0x6a0 [ 220.138686][ C0] ? uprobe_clear_state+0x278/0x290 [ 220.143927][ C0] ? mm_update_next_owner+0x562/0x6c0 [ 220.149348][ C0] __mmput+0x118/0x3c0 [ 220.153454][ C0] exit_mm+0x1da/0x2c0 [ 220.157568][ C0] ? do_exit+0x23c0/0x23c0 [ 220.162029][ C0] ? taskstats_exit+0x35e/0x9e0 [ 220.166943][ C0] do_exit+0x88e/0x23c0 [ 220.171152][ C0] ? preempt_schedule+0xab/0xc0 [ 220.176043][ C0] ? put_task_struct+0xc0/0xc0 [ 220.180930][ C0] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 220.186951][ C0] ? lock_chain_count+0x20/0x20 [ 220.191847][ C0] ? preempt_schedule_thunk+0x1a/0x30 [ 220.197279][ C0] do_group_exit+0x21b/0x2d0 [ 220.201918][ C0] __x64_sys_exit_group+0x3f/0x40 [ 220.207000][ C0] do_syscall_64+0x55/0xb0 [ 220.211466][ C0] ? clear_bhb_loop+0x40/0x90 [ 220.216183][ C0] ? clear_bhb_loop+0x40/0x90 [ 220.220901][ C0] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 220.226828][ C0] RIP: 0033:0x7fe21578e929 [ 220.231272][ C0] Code: Unable to access opcode bytes at 0x7fe21578e8ff. [ 220.238328][ C0] RSP: 002b:00007ffdfe659bb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 220.246796][ C0] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fe21578e929 [ 220.254806][ C0] RDX: 0000000000000064 RSI: 0000000000000000 RDI: 0000000000000000 [ 220.262810][ C0] RBP: 00007ffdfe659c1c R08: 00000004fe659caf R09: 00000000000927c0 [ 220.270910][ C0] R10: 0000000000000001 R11: 0000000000000246 R12: 000000000000003f [ 220.278945][ C0] R13: 00000000000927c0 R14: 000000000001bcc7 R15: 00007ffdfe659c70 [ 220.287148][ C0]