last executing test programs: 6m53.598001968s ago: executing program 3 (id=2877): socket$inet6_tcp(0xa, 0x1, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r2 = getpid() semctl$SETVAL(0x0, 0x0, 0x10, 0x0) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f00000008c0)={&(0x7f00000007c0), 0xc, 0x0, 0x1, 0x0, 0x0, 0x20004000}, 0x800) openat$vcs(0xffffffffffffff9c, 0x0, 0x171000, 0x0) syz_genetlink_get_family_id$mptcp(0x0, r1) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) openat$nullb(0xffffffffffffff9c, 0x0, 0x4000, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000021c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x282, 0x0) sendfile(r5, r5, 0x0, 0x40008) 6m51.356268099s ago: executing program 3 (id=2883): bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x17, 0x8, 0x40, 0x42, 0x1}, 0x48) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) syz_open_dev$usbfs(0x0, 0x76, 0x101b01) socket$nl_route(0x10, 0x3, 0x0) bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0) 6m50.405242493s ago: executing program 3 (id=2887): ioprio_set$uid(0x3, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x24002de8) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x1000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = io_uring_setup(0xdac, &(0x7f0000000180)) timerfd_settime(0xffffffffffffffff, 0x0, &(0x7f0000000040)={{0x77359400}, {0x0, 0x989680}}, 0x0) r4 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bind$bt_hci(r4, &(0x7f0000000000)={0x27}, 0x74) sendmmsg$unix(r4, &(0x7f0000000b00)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000000e80)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000740)=[{0x0}], 0x1}}], 0x2, 0x0) close_range(r3, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48) syz_usb_connect(0x0, 0x36, 0x0, 0x0) 6m44.449078605s ago: executing program 3 (id=2894): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) setsockopt$bt_l2cap_L2CAP_OPTIONS(r0, 0x6, 0x1, &(0x7f0000000000)={0x2000, 0x747, 0x0, 0x3, 0x0, 0x0, 0x9}, 0xc) connect$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) accept4$llc(0xffffffffffffffff, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @random}, &(0x7f0000000040)=0x10, 0x0) setsockopt$inet6_IPV6_RTHDR(r1, 0x29, 0x39, &(0x7f0000000080)=ANY=[@ANYBLOB="00020201"], 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket$nl_xfrm(0x10, 0x3, 0x6) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="3c010000190001000000000000000000e0000001000000000000000000000000fe8000000000000000000000000000aa4e220000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000104000000000000feffffffffffffff030000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000008400050020010000000000000000000000000000000000002b00000000000000000000000000000000000000000500000000000002000700000000000000000000000000e00000020000000000000000000000004000000033"], 0x13c}}, 0x20040880) sendmmsg$inet6(r1, &(0x7f0000000a80)=[{{&(0x7f0000000200)={0xa, 0x4e20, 0x4d7, @private0={0xfc, 0x0, '\x00', 0x1}, 0x3}, 0x1c, &(0x7f0000000900)=[{&(0x7f0000000400)="fc", 0x1}], 0x1}}], 0x1, 0x4c040) 6m43.473511839s ago: executing program 3 (id=2898): r0 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000580)=@raw={'raw\x00', 0x4001, 0x3, 0x238, 0xd0, 0x720d, 0x148, 0xd0, 0x148, 0x1c8, 0x240, 0x240, 0x1c8, 0x240, 0x7fffffe, 0x0, {[{{@ip={@remote, @remote, 0x0, 0xffffffff, 'team0\x00', 'veth1_macvtap\x00', {}, {}, 0x67, 0x0, 0x21}, 0x0, 0x70, 0xd0}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @remote, 0xe800, 0xa, [0x12, 0x40, 0xa, 0x14, 0x19, 0x2c, 0x13, 0x8, 0x1a, 0xc, 0x17, 0x40, 0x1a, 0x3a, 0x21, 0x400c], 0x2, 0x4, 0xbc}}}, {{@ip={@broadcast, @multicast1, 0xff000000, 0xffffffff, 'sit0\x00', 'vlan1\x00', {0xff}, {}, 0x1, 0x3, 0x40}, 0x0, 0x70, 0xd0}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x3, [0x6, 0x4, 0x7, 0x3, 0x0, 0x2], 0x1, 0x1}, {0x2, [0x0, 0x5, 0x2, 0x0, 0x1, 0x4], 0x2, 0x1}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x298) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001c40)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2ed0300000000000000af99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14008c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000006da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c4159b364a4fd7013f34db173a4fdacf15229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4978ea8e4aa37014191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be867a28f09c5877fc2355ecdc9c30dcb2d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff3a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb357b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50265a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d9a0e06da200481cde8bf475bc3e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a00"/3590], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x2e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000380)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = syz_io_uring_setup(0x10a, &(0x7f0000000140)={0x0, 0x5883, 0x8, 0x0, 0xfffffdfc}, &(0x7f0000000040)=0x0, &(0x7f0000000280)=0x0) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$PROG_LOAD(0x5, 0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r6, r7, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0}) io_uring_enter(r5, 0x3516, 0x0, 0x0, 0x0, 0x0) 6m41.590806925s ago: executing program 3 (id=2903): r0 = socket$inet_udp(0x2, 0x2, 0x0) openat$audio(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8) syz_open_dev$tty1(0xc, 0x4, 0x1) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) futex(0x0, 0x9, 0x0, 0x0, 0x0, 0x2) mount$afs(&(0x7f0000000300), &(0x7f0000000340)='.\x00', &(0x7f0000000380), 0x0, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000b80)=@raw={'raw\x00', 0x8, 0x3, 0x3a0, 0x0, 0xffffffff, 0xffffffff, 0x238, 0xffffffff, 0x308, 0xffffffff, 0xffffffff, 0x308, 0xffffffff, 0x3, 0x0, {[{{@ip={@multicast1, @local, 0x0, 0x0, 'veth1_to_batadv\x00', 'netdevsim0\x00'}, 0x0, 0x1f0, 0x238, 0x0, {}, [@common=@inet=@hashlimit2={{0x150}, {'vcan0\x00', {0x4386, 0x0, 0x6a, 0x0, 0x0, 0xfe5, 0x20}}}, @common=@addrtype={{0x30}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@multicast1, 'vcan0\x00'}}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @local}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x400) bpf$MAP_CREATE(0x0, 0x0, 0x50) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'veth0_virt_wifi\x00'}) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) 6m26.237193948s ago: executing program 32 (id=2903): r0 = socket$inet_udp(0x2, 0x2, 0x0) openat$audio(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8) syz_open_dev$tty1(0xc, 0x4, 0x1) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) futex(0x0, 0x9, 0x0, 0x0, 0x0, 0x2) mount$afs(&(0x7f0000000300), &(0x7f0000000340)='.\x00', &(0x7f0000000380), 0x0, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000b80)=@raw={'raw\x00', 0x8, 0x3, 0x3a0, 0x0, 0xffffffff, 0xffffffff, 0x238, 0xffffffff, 0x308, 0xffffffff, 0xffffffff, 0x308, 0xffffffff, 0x3, 0x0, {[{{@ip={@multicast1, @local, 0x0, 0x0, 'veth1_to_batadv\x00', 'netdevsim0\x00'}, 0x0, 0x1f0, 0x238, 0x0, {}, [@common=@inet=@hashlimit2={{0x150}, {'vcan0\x00', {0x4386, 0x0, 0x6a, 0x0, 0x0, 0xfe5, 0x20}}}, @common=@addrtype={{0x30}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@multicast1, 'vcan0\x00'}}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @local}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x400) bpf$MAP_CREATE(0x0, 0x0, 0x50) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'veth0_virt_wifi\x00'}) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) 15.190777399s ago: executing program 0 (id=3561): syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000280)='sched_switch\x00', r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) waitid$P_PIDFD(0x3, 0xffffffffffffffff, 0x0, 0x20000000, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) epoll_create(0x281) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x6) r4 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000080)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r4, &(0x7f0000000640)='asymmetric\x00', &(0x7f00000004c0)) add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), 0x0, 0x0, r4) socket$inet_sctp(0x2, 0x5, 0x84) write$UHID_CREATE(0xffffffffffffffff, &(0x7f0000002a00)={0x0, {'syz1\x00', 'syz0\x00', 'syz0\x00', &(0x7f00000000c0)=""/43, 0x2b, 0x0, 0x7f, 0xfffffffe}}, 0x120) write$UHID_DESTROY(0xffffffffffffffff, &(0x7f0000000080), 0x4) writev(0xffffffffffffffff, &(0x7f00000001c0)=[{&(0x7f0000000500)="dfa1434f7c88d9058558875d3c5b2d8bfcb162669be95907caaefae569dbdfd596ee5166c13ffbf8cf6ed8fdc62bdadeb4a4c7a4178136107341cdb989e91c482deee66260b9b301880c08445aeb9c3c5c1d0f60b8df6ccba1780293af8f34f15c56d1610f28aebbba8c57a5eca437309fce6ed67366d3edaaf4a62ec44ec8feb49df5c73f25a55b01c41665757a33fe732cabcff1319d6d3b92403898a277d1677670c01bc8f9fe1bae44c57caba0eb495cc2b96957f1a4335d212d30cfdf342c7fbd8355dc15b29207790bb82af66f05e4a72570c9891567", 0xd9}, {&(0x7f0000000680)="1fef362428895a754caecb8211ca3a50eb6d41bb1ed7a8424c07c3677c76f553d01ea40dc315d955801597c80de9d3f722e32bccc636548d68fc13cd44be7a5ee8f2a4a4ba76999b3d1ec899a148ee0edcc8162d395583af5500d2c3fb7cc7e6306122b94419597a6689d058b51a874ccf9d1cd99a2c64911761e181c32aadc9a8116382ded27778aa0d3339101feef0daf309bb284918e98e163360e3dc9bb48f7b6356e69dae0549c7505cf5b4b6654255ce0ab5ca95adb2f883217e9e007354aef098c66bb15bd235777887a29570c875026716686a700e", 0xd9}, {&(0x7f0000000780)="5510e0cfd9f4177a2a4ac222f9a7fc721e6d66b49238273a03c25dd9b3343f2909f3bc2b8e4058067ef8fe2f481121fe418be6c46cb48a192c6b51f5540c8935c6175a2faaaf1a401d1363ceae43dfa28a7ee4e59be78bb06ddc441abdfb28e71a93bfcfe0356034f8a8484f5dca9a83d42d42871b28acaa7d2f7f8ead18631b0016005d26dd72ba0c73a023ba9dcae211a95e3b720faa0bf8496497dec7f7b24b3b898dd9a8af12ed425874c1c8de6b4d2e31df8dc6ed", 0xb7}], 0x3) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000000140)) 14.174050613s ago: executing program 0 (id=3564): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) setresgid(0xee00, 0xee01, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) mount(&(0x7f00000000c0)=@nbd={'/dev/nbd', 0x0}, 0x0, &(0x7f0000000080)='adfs\x00', 0x8000, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r3, 0x84, 0x15, &(0x7f00000000c0), 0x1) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000000000), 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff000000000200000009000100"], 0x7c}}, 0x10) sendto$inet6(r3, &(0x7f0000000080)="b1", 0x1, 0x400c0d4, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c) prlimit64(0x0, 0x3, &(0x7f0000000140)={0x928, 0x200000008b}, 0x0) r5 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000200)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) r6 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000300)={'syz', 0x1}, 0x0, 0x0, r5) add_key(&(0x7f0000000000)='rxrpc\x00', 0x0, &(0x7f00000002c0)="0000000000000002ff690000000000010000001800000006000200861f4104bfeacdd5a9007d16dcdc2850b5", 0x2c, r6) openat$ipvs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/sys/net/ipv4/vs/drop_packet\x00', 0x2, 0x0) 12.466166167s ago: executing program 0 (id=3574): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000300)=@abs={0x0, 0x0, 0xb}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18060000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x2172, 0xffffffffffffffff, 0x0) r4 = socket(0x10, 0x3, 0x0) r5 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r5, 0x0, 0x0) getsockopt$sock_buf(r5, 0x1, 0x1c, 0x0, &(0x7f0000000240)) dup(0xffffffffffffffff) sendmsg$nl_generic(r4, 0x0, 0x0) mremap(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000ff9000/0x4000)=nil) socketpair(0x1e, 0x1, 0x0, &(0x7f0000000040)={0x0, 0x0}) r6 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r6, 0x0, 0x0) 9.36946367s ago: executing program 1 (id=3568): prctl$PR_SET_MM_AUXV(0x23, 0xc, &(0x7f0000000080)="111a992cef0aeb1e11ed4f48", 0xc) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x600, 0x0) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x100000000000000, 0x80, &(0x7f00000001c0)=@broute={'broute\x00', 0x4000, 0x0, 0x90, [], 0x2, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='\x00'/68]}, 0xbc) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48) r0 = socket$vsock_stream(0x28, 0x1, 0x0) ioctl$int_in(r0, 0x5421, 0x0) connect$vsock_stream(r0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$IOCTL_VMCI_DATAGRAM_SEND(0xffffffffffffffff, 0x7ab, 0x0) chdir(&(0x7f0000000300)='./file0\x00') socket$xdp(0x2c, 0x3, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000b40)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f00000005c0)=ANY=[@ANYBLOB="14000000100001ff00000000000000000000000a2c00000048a6540319e0b58500000000020000000900030073797a32000002000900010073797a300000000014000000020a031747d21400000000000000000014000000110001"], 0x68}}, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000540)=ANY=[@ANYBLOB="14000000100001000b000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000044000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000001f28000340000000045c0000000c0a01020000000000000000010000000900020073797a32000000000900010073797a3000000000300003802c000080280001802300"], 0xe8}}, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000540)=ANY=[], 0xe8}}, 0x0) getrandom(&(0x7f0000000040)=""/133, 0xfffffffffffffdde, 0x2) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x44880, 0x0) 9.320251351s ago: executing program 4 (id=3569): socket$nl_generic(0x10, 0x3, 0x10) syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file2\x00', 0x2000410, &(0x7f0000000080)={[{@delalloc}, {@errors_remount}]}, 0x81, 0x7d2, &(0x7f00000007c0)="$eJzs3ctrXNcZAPDvjh4jyW6lQqG1V4JCKzAeVa5qt9CFSxelUIOhXdcWo7FwNdIYzchYQmB5Ueim0JYuCsnG6zycRSDbPLbJPxGyCDYmkUWcVZhwr2b0nJElSzMS6PeDq3vOfZ3z6Z577pHuZSaAM2s0/ZGLuBAR/04ihhvLk4joy1K9Edc3tnu5tlJMpyTq9b98lWTbvH9u61hJY36ukflpRHz8j4hLub3lVpeWZ6fK5dJCIz9em7s3Xl1avnx3bmqmNFOavzoxOXnl2q+vXd3aZ/CIsX7z2fL5Z//54y/evd4bP3nyr0+SuB7nG+vW11aKRzz8HqMx2vid9KW/wh3+cNyFnbDkpCvAa0kvzZ6NqzwuxHD0ZKk2jnoBAgCnwsOIqAMAZ0zi/g8AZ0zz/wDrayvF5nSy/5Horue/j4iBjfibzzc31vQ2ntkNZM9Bh9aTHU9GkogYOYbyRyPizQ/+9nY6RYeeQwK0svooIm6PjK6v5Xf1/0na//Uf5di/3G9lPZ/NRnct1v9B93yYjn9+s3f8d3HzhZ6B7Oeu8c9AvsW1+zpeff3nnrbZ9Uh9U1M6/vvdtnfbtsZ/my+tjfQ0cj/Ixnx9yZ275VLat/0wIsaiL5/mJ7JNW78FNfbiuxftyt8+/vv6v39/Ky0/nW9tkXvam4/68LZ9pqdqU8cQeub5o4iLva3iTzbHv0mb8e/NA5bxp9/+841269L403ib0974O6v+OOLnLc//1rlM9n0/cTxrDuPNRtHCe1/8f6hd+VvnP5/N0/Kbfwt0Q3r+h/aPfyTZ/r5m9fBlfPp4+KN267a3/9bxZ+1/h7T99yd/zdLNTuDBVK22MBHRn/x57/IrW/s2883t0/jHftb6+m/X/nONd2Nvb+b21/us/53GoVrGn1ltF39npfFPH+r875OoN/bZterJy9meduUf7PxPZqmxxpKD9H+vqOkRWjMAAAAAAAAAAAAAAAAAAAAAAAAAHF4uIs5HkitspnO5QmHjO7x/HEO5cqVau3Snsjg/Hdl3ZY9EX675UZfD2z4PdaLxefjN/JVd+V9FxI8i4n/5wSxfKFbK0ycdPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0nNv5/f8P01mhsLHuy/xJ1w4A6JiBk64AANB17v8AcPYc7v4/2LF6AADdc+i//+tJZyoCAHTNge//tztbDwCgezz/BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoMNu3riRTvVv11aKaX76/tLibOX+5elSdbYwt1gsFCsL9wozlcpMuVQoVubaHmh1Y1auVO5Nxvzig/FaqVobry4t35qrLM7Xbt2dm5op3Sr1dS0yAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADi46tLy7FS5XFqQ2CcxWBo8DdU4RYneOBXV2JNY/bwva9enpT5HTfTvs01ynGUN7l6yvZcYPKnuCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAODU+z4AAP//3zAeLQ==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000e00)='.\x00', 0x0, 0x0) timer_create(0x0, 0x0, 0x0) timer_settime(0x0, 0x1, &(0x7f0000000340), 0x0) socketpair$nbd(0x1, 0x1, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) mknod(0x0, 0x8000, 0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f000001b000)=""/102400, 0x19000) bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000380)) r2 = fsopen(&(0x7f0000000040)='sysfs\x00', 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3d, 0xc, &(0x7f0000000400)=ANY=[@ANYRES8=0x0, @ANYRESHEX, @ANYRES32], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, r3, 0x0, 0xffffffffffffffff}, 0x18) gettid() fsconfig$FSCONFIG_SET_STRING(r2, 0x6, 0x0, 0x0, 0x0) fsmount(r2, 0x0, 0x5) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(0xffffffffffffffff, 0xc0185879, &(0x7f0000001740)={@desc={0x1, 0x0, @auto="27b0fcba1948c076"}}) mmap$IORING_OFF_SQ_RING(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x300000f, 0x1010, r0, 0x0) 9.228881912s ago: executing program 0 (id=3571): openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0) syz_open_dev$evdev(&(0x7f0000000080), 0x2, 0x842) r0 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x1) ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT(r0, 0x40a85321, &(0x7f0000000580)={{0x6, 0x5}, 'port0\x00', 0x10, 0xa0021, 0x89aa, 0x9, 0x2, 0x4, 0x8, 0x0, 0x0, 0x4}) bpf$ITER_CREATE(0x21, 0x0, 0x0) syz_mount_image$iso9660(&(0x7f0000000cc0), &(0x7f0000000180)='./file1\x00', 0x1004081, &(0x7f0000000040)=ANY=[], 0x2, 0x7f4, &(0x7f0000000d80)="$eJzs3U9oHOfZAPBnFMl2FD5/Id9HPmMcZ2znA5s6ymqVKBU5pJvVSJ5ktSt2V8WmlMTEcjCWk5AQ0pjS1JekLS2lpx7TXEMuubUUWuih7anQHHrpoRDIpSUtLZSWUnDZ2V1r9Wcl/5HlNP39RPadfeeZd953drLPznpnJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACASKqzpdJkErW8vnQ6Ha4622wsbDG/395P1xRbrDci6fwX+/bFgW7Vgf9dnX1/5+FoHOo+OxT7OsW+uHzP/fc+8T+jI/3lt+jQzToyfNbY4JMk4uudTl08u7Ky/Mpt6Mgu+taPexP7rnuRv1/tPM5n9bzVyBcq81matxrpzPR06ZFTc610Lq9lrTOtdraQVptZpd1opserJ9LJmZmpNJs401iqz89Walm/8vGHy6XSdPr0xGJWabYa9UeenmhVT+W1Wl6fL2LKpdejE/N4Z0d8Jm+n7ayykKbnL6wsT23X1U7Q5JqavWt2nEMP3fvxax/95cJyZ4cc1kjS2zHLk5Pl8uT0YzOPPV4qjZZL5bUVpXXiWkSMRHQibstOy511zyZ1o709ZsOMiKv/vTNv3nCLRnr5P2qRRz2W4nSkkcZI8bj6NxbVmI1mNGKh8/w3Y+vmb8j////IH3+11XoH838/yx9YnX0wivx/uPvs8LD8v6EXO/A3OqzV+vvd3gzWvRpvxOW4GGdjJVZiOV65mTXuWd/qbfwb2dn25iOLeuTRikbksRCVoibt1aQxE9MxHaV4Nk7FXLQijbnIoxZZtOJMtKIdWbFHVaMZWVSiHY1oRhrHoxonIo3JmImZmIo0spiIM9GIpajHfMxGpWjlfFwotvvUun7d/7XnfvTCrz9+pzN9LWhyi4EknQ9znaA/bxG0Id3fQP7vRIz09u5dyUnskn03+Kru0Ds33LqrRf4fvdPdAAAAAG6jpPj2PYmIsXigmJrLa9mX7nS3AAAAgB1U/K75UKcY60w9EEnn+L+0SeSHu943AAAAYGckxTl2SUSMx4Pdqf7pUpt9CQAAAAD8Gyr+/f9wpxiPeLOocPwPAAAAnzHfGHaN/Y/29K6x21rcm/zkT9FsjiVXFk8/lFyqdOIql+7qLtcrvnitxfbcwWR/r5GimB69fE8SEaPV7FDSv/rlP/d2y0+Kx4OrFyAcdq3/ZJsOxNYdKJ7Ft+NIN+bIuW55rj+nu5bxubyWTVQbtScmk96XI+3XXrzwlSiG/836wv4kzl9YWZ54/qWVc0VfrnRauXKpd3n4pL9URPeEii36crW3BeKBzUc8VpyI0VvveHe9pcHx964mO7L1+JPBdb4VR7sxR8e75fja8e/rrHNy4onJqFT2j7Sz0+3Xrg6MvteLydWR7+2PNrmBV+GtONaNOXb8WLfYpBflNb14cWMvyoPb//q2xXX34p0jb57+688bSTa1XS+mbrEXAHfK+eKqP6tZ6O4iC/3jalcnoa3Lu3f3l7yRd7nzq58y+ssP5LrR2JDd05vJ7m/F8W7M8e7nidGDm+SV0ibv6C9fePkXvXf0R9/7/g++fPiXH6zL6zfQi/fiRDemV8R9PxuSYztj/s66rPpuZ4l3h663VSsnr++dGku6Nx+Kyw9fuHT2heUXll8sl6emS4+WSo+VY6z4qNArhvRU5gH4z7bdPXY++Oq10GF34Uke3eao+r5rPymYiOfjpViJc3GyONsgIh7cvNXxgZ8hnNzmqHV84A4vJ7c5tlyNLa+P3XssiSGxUwNb7P++VxR/u00vCADsgqPb5OEk7u3Of/2/ekusi7grSU5uc9y9Npef6N44t390HMNz+aDf98rP3/YtAgCffVnzk2S8/XbSbOaLz07OzExW2qeytNmoPpM289n5LM3r7axZPVWpz2fpYrPRblT7Xx3PZq20tbS42Gi207lGM11stPLTxZ3f096t31vZQqXezqutxVpWaWVptVFvV6rtdDZvVdPFpadqeetU1iwWbi1m1Xwur1baeaOethpLzWo2kaatLBsIzGezejufy7OxNK+ni818odK8EhG1pYUsnc1a1Wa+2G50G+yvK6/PNZoLRbMTG4f/h93e3gDwafDqG5cvnl1ZWX7l5iZ+ez3Bd3qMAMBasjQAAAAAAAAAAAAAAHz6bTxdr1N7QycCjsVNnz746t64lbMPP3sTn3u/+7LsRIO30s7da17TPb2d5c5vnxueeO7JJy+u1iSjg5v3qTcPnPpdFv3RbdHO5v+nbHaq69v7I/b88Lvdmi8MCU5Gd3ikH0bETSx+NdkiZvffiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgO/8KAAD//wifUTs=") prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) getdents(0xffffffffffffffff, &(0x7f0000001fc0)=""/176, 0xb0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='pids.current\x00', 0x275a, 0x0) r4 = syz_open_dev$vbi(&(0x7f0000000000), 0x3, 0x2) ioctl$VIDIOC_TRY_FMT(r4, 0xc0d05640, &(0x7f0000000080)={0x5, @raw_data="a8d2912ddb0764dbe14b787f1bbc4a0f05ea54f0be9b1b11fe73974b7b0b018d66c2bd912f75caa796eca1d089e4fba15a53db7612b9f179cb98200b361932ead7bbb865369b33543fa204a3feea1350ff3206613ba0f85e0e9c48a6e1dbd9227c51f477eb21853b40db5a8bbc6b6315be0168318705d54d93645f0e9b6290d14b609894bfb2d32de9dcfc7c4d000e2cb46cb59ecc4c1b09ce625a7f2f68b571ff13717053cf9920c9761b4f8d12ac7ab29d6e40ad7c88651495db7936848b3fcba04076fac2a59c"}) 7.521011956s ago: executing program 2 (id=3572): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000080000000000000000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000005c0)='sys_enter\x00', r0}, 0x18) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) mkdir(&(0x7f0000000140)='./file1\x00', 0x89) mount(0x0, &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0)='tmpfs\x00', 0x8, &(0x7f0000000300)='usrquota') chdir(&(0x7f0000000280)='./file1\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) 7.429027427s ago: executing program 1 (id=3573): socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000007c0)=ANY=[], 0x48) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0xf59}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x3) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x6) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000032680)=""/102392, 0x18ff8) r1 = io_uring_setup(0x1abf, &(0x7f0000000000)={0x0, 0xa4ec, 0x400, 0x1, 0x102a8}) io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(r1, 0x13, &(0x7f0000000080)=[0xfff, 0x6], 0x2) r2 = timerfd_create(0x7, 0x81000) timerfd_settime(r2, 0x2, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$inet_udp(0x2, 0x2, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f0000000d80)={0xffffffffffffffff, 0x0, 0x0}, 0x20) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x100, 0x0) r3 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', &(0x7f0000000000)=@ethtool_channels={0x3d, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2}}) r4 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f0000000140)={'veth0_to_team\x00', &(0x7f0000000280)=@ethtool_channels={0x3d, 0x100, 0x0, 0x0, 0x4, 0x2, 0x1}}) socket$nl_netfilter(0x10, 0x3, 0xc) 6.708209847s ago: executing program 1 (id=3575): pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80880) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000d00)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x94) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400010bce) r2 = syz_open_dev$MSR(&(0x7f0000000380), 0x0, 0x0) syz_open_procfs(0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) write(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x10122, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x7, 0x6, &(0x7f0000000100)=ANY=[@ANYBLOB="c60a0100000000006111b400000000008510000002000000850000000700000095000e000000000095000000000000003764e7be95cd1b051a0f3cd983c673d1cc389e632d686ff6bfc1884d28861b616a4e21cc0c6b735256c1d8389642393b41331d67072eac14cc61e5392e2bfdb6c35de43684005670f403f1fc05a286a2029fb37849d0ec6f224dd3578c7a5f29bfec9c769e5eb33f3737ee2f36d9d6bd53f70c048c0985405510c8994db5"], &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195}, 0x70) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x2e80, 0x0) ioperm(0x0, 0x1, 0x1) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000380)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, 0x0, 0x26}, 0x20) ioctl$TCSETS(r3, 0x5402, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, "fe94b89fc43c3328eae0cae1f5eba329e6f216"}) r4 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000003c0)={0x3, 0x4, 0x4, 0xa, 0x0, r0, 0xfffffffa, '\x00', 0x0, r0, 0x4, 0x5}, 0x50) r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) setsockopt$bt_BT_DEFER_SETUP(r5, 0x112, 0xf, &(0x7f0000000080)=0x3, 0x4) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x6, 0x0, 0x0, &(0x7f0000000040)='syzkaller\x00', 0x40, 0x0, 0x0, 0x41100, 0x7, '\x00', 0x0, 0x25, r0, 0x8, &(0x7f00000002c0)={0x5, 0x4}, 0x8, 0x10, &(0x7f0000000300)={0x4, 0x2, 0xff, 0x3}, 0x10, 0x0, 0x0, 0x7, &(0x7f0000000440)=[r0, 0xffffffffffffffff, r4], &(0x7f0000000480)=[{0x4, 0x1, 0x0, 0x9}, {0x4, 0x4, 0xb, 0x2}, {0x2, 0x4, 0xc, 0x8}, {0x4, 0x1, 0xc, 0x7}, {0x1, 0x5, 0xd, 0xb}, {0x5, 0x1, 0xe, 0x8}, {0x0, 0x3, 0x2, 0x4}], 0x10, 0xfffffffd}, 0x94) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000680)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000640)={&(0x7f0000000600)={0x28, 0x2, 0x6, 0x505, 0x0, 0x0, {0x3, 0x0, 0x9}, [@IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:net,net\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x24000800}, 0xc8c0) io_setup(0x3, &(0x7f0000000700)) splice(r3, 0x0, r1, 0x0, 0x4, 0x0) 6.677293117s ago: executing program 4 (id=3576): r0 = mq_open(&(0x7f0000000a00)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xd3\xa7\xd8J\xfd\x94#KT\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\x88N\xb8\xde\xeb)\xcd\xc56m\n\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88|0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc\x02\xea\x91\xe8\xd8\x01YZy\xe6!\x89\x9c\xd1\xa6\x167\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1[\x84\x10aF\x9b\xda\xeb\xc4*\x02q\xb2\x92\x00\x8cv\xac AN\xb9\xaa\x81W\x97Te\x81\x98L\xfe\x97+u\xd3^\xb1\xf0\xe0\x1f\xbd\a\xbb\xe5\x18\x9ds\x12ha\x00\xeb\x84\x99\xc6\x0f\xf1\xd5LD\xa87\xa0DQ\x8a2\x16!8,\xbc%$\xf1\xf2\xd6\x9cy\xecK\xda\xc5\xdc\xfa\xdd\xf6\b\xc6\xb4\x14\x16\x9c\x7f\x92\x85\xb0\xa2%:\xf0\xf4\x150\x0f\xb4\xa6d\xb4\xe4L\x19W\xd5\x90\xf7l\x1b\xfe\xde\vh\x97=m\x82.\xac\vh\xfe\x84Q}\x838/\x83\xebP\xbe\xd6+:\xceE\\\x95\xd4\xac\x92\x87\xd7\x98\x97\xe3\xec\xad\xd5\xac\x80C\x84R\x88r^g\xbaQ(\x9a>\xe2\xba\xa8=\x17\f04\x8f\x1f\xf2\x88*@v\xe7\xd1\xee\xb3\xc2\x8dT\xda\x81g\xd9\x1a:hzW6s)x\x06\xae\x11\xf2\x1e\xcd\v\xe5L\x19\x96s\xbc\x9e\xf4\x10$\r\xa4\xd8\xa2\xa2\xfcM\xc5R3~$\xc0\xa5n\x9a W\xb1e\xcc<$\xf5#G\xce\xaf\x88U\xfa\x80\xf24\xf6\xb5\xef\xe2z\xcf\x9eN\x92\xac\x81{\xe6\xbd\xd7\x16\xe6F\xe2\x9e\x91%\x94\v\xb9\xdc\xd6\x87\x8f\xcd\xc1\xb05\x81\x81\xf8\xe9X\xe8Kt9@\xf4\xe1\xa6=\xc9\xe1:p4\nP[f\x1d\xfd\xfa\x839\x8d\x0e\xd1\xf9\xa0\xd2^E\xe5\xedo.\xaa\xf2\xb4\xcdn\x14\f\xcd\x83_yk\xda\xc5\x89\xf0Z\xea\x1d\xbd\xc00\v\xa3\xb3\xbe\xe6\x8b\x18/\xa8\xaaY\xf2\x89\x0f\x9enOOr\x00\xb2\x01\x1f:Z\xb8\xee;\xe3;\x8aPV\xce\xee\xf8[\x16\n\xe6:z\xb8\x1dvk\a{\xc1\x14\xd9+\xdb\t\x11\x90y\xe8\\\xe6\xfc\xca\xb4\xcbC\xd6\xd0\xbeC\xce\xc0L\xdb\xcd\xb3\x907c\xb4\xa6\xce\xdb[\xce\x122N\xa3\xc7Q<\x1a\xa5\xb3)\xc5\x98\x84\x8a\x82\x19\xb0\t\xac\x10\\\x8c\xbe\xcb\raIYe[\xa8\xc4\xac\x0e\xbb\x0f\b^\xdag\xe2\xa9\"\xf5h\'\xcf\xd9\x1b\xef\xe3\xe7y\x82\x1e\xca\x7f\x02 \xcf\x9e\xe0\xd9TM\xb9\n\xa9\xad3\x91\xa5\xe6!\xcd\xa2\xa4\x14\x12\xf9\xbf\xa8b\xcec:\xd7\'\f\f\x957\xc9}\r\xa6\xaa\x0f\xca\x96\xeb\x00\x00\x00\x00\x00', 0x42, 0x1f0, 0x0) mq_unlink(0x0) close(r0) read$FUSE(0xffffffffffffffff, &(0x7f0000000180)={0x2020}, 0x2024) lseek(0xffffffffffffffff, 0xfffffffffffffff5, 0x1) r1 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi1\x00', 0x2180, 0x0) ioctl$COMEDI_DEVCONFIG(r1, 0x40946400, &(0x7f0000000080)={'pcl812\x00', [0x2f00, 0x5, 0x1, 0x2, 0x0, 0xfffffffe, 0x1, 0x6, 0xffe, 0x1, 0xc, 0x1, 0x4, 0x6, 0xffff, 0x6, 0xffffffa7, 0x40000009, 0x832, 0x30000, 0x3ff, 0x9, 0x800, 0xe2df, 0x2, 0x1, 0x9, 0x3, 0x4, 0x5, 0x70f]}) r2 = syz_usb_connect(0x2, 0x3f, 0x0, 0x0) creat(0x0, 0xd931d3864d39ddd8) socket$l2tp(0x2, 0x2, 0x73) bpf$PROG_LOAD(0x5, 0x0, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$BPF_LINK_CREATE_XDP(0x1c, 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$int_in(0xffffffffffffffff, 0x5452, 0x0) writev(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io(r2, 0x0, 0x0) syz_usb_control_io(r2, 0x0, 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) syz_usb_ep_read(r2, 0x1, 0x97, &(0x7f0000000000)=""/151) syz_open_dev$evdev(0x0, 0x3, 0x101001) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) 6.531885429s ago: executing program 2 (id=3577): syz_mount_image$hfs(&(0x7f0000000180), &(0x7f0000000100)='./file1\x00', 0x2000040, &(0x7f0000000000)={[{@codepage={'codepage', 0x3d, 'cp949'}}, {@uid}, {@iocharset={'iocharset', 0x3d, 'cp936'}}]}, 0x1, 0x302, &(0x7f00000008c0)="$eJzs3c9qE0EcB/DvTDZt+oe6thXBi6Va0Eux6qF4iUiu3j2J2qQQXCq2FdSLrXgUH8C7r+DFN/Ci+AJ6EgQfoLeR+e1sskl2J6Yk2bT9fiDpZnZm9zfsbHZ+C82CiM6se7Wfn279ti8FlFACcAfQACpAAOACLlZe7Ow396NG3behkrSwL4W4peqps7XTyGpq20kLJ7SfAsyny9JU75bpmIwxd38VHQQVTs7+DBqYduehrK+MOa5ROQAuFx3DuKUPsDrCEV5iocBwiIhoArjrv3aXiXkpUtAaWHOX/VN1/T8qOoDhuh31FBlvg9T1X2Z3Rtnje05WtfM9SbTsep1kif0CseOj3FU2hXhkdUwwVb+sUmLRM9vNAOtbh6hrvEXVSVVblvd6PHQTfaJdzchNPfK3Vsb92bg3MqPsloS03Ywa03YhFX8SwdJge/T44l/9x/1VX9V39VCF+Ih6a/4XGGUPkxypsOtI6bKN/0b+luekla0F17Fqtao7qpyXnVxye3D69LKSnZGkt5ncIDhoReCLU/a9iM7bCnHvNvq0WspqFbY+5bRa7mhVciNhfetZ5L2VMhpJF9UH9UCt4i8+o5aa/2sb3xpSZ6bvq15JTTcy4v5MZdcMpGbYc+Vony4rrQic6YH7RkDe3bIc7/EEm1jYe/X6aSmKGrt24XHGwvP5XeVKyu+AzDpDXgiize5VJXha4aBdYqw3xvzvvswou3N9qBu03x+7G4hL7OmTVdmeZa0SPdLDdIYXat/gG5CTtXCYHhJdC8YAOatG9j1FE2RPJQddPgaYKToiGjM771Jx/iczeTerkwTFvoWeebo/yUTHFjdaGVznVHBR3mcHyuDm8jM4t0fVjBo3c3JGybmuXAOupgoVvHsMXZynhKrhBx7x/j8RERERERERERERERERERERERER0Ukzjn9CKLqPREREREREREREREREREREREREREREREQn3bGe/5v1G/Hy/N9wwOf/xk+Kkp8DX2mX9nv+LxENx78AAAD//1Lod7w=") r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x40001e0, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r4 = socket(0x40000000015, 0x5, 0x0) connect$inet(r4, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) bind$inet(r4, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57) sendmsg$NL80211_CMD_JOIN_MESH(r4, &(0x7f00000001c0)={0x0, 0x3d, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[], 0x1a000}}, 0x0) mount$nfs(&(0x7f00000001c0)='\xb2\x83\x87J9I\xc3i\xe4\x81\xc5:\xccLD\x9d\xd8\xc7\x90v\x8b\x82\x90\xa4\xdd\x98\xb8\rQh#\xfacl\x01\x8cC\x1f|\xa5\xcb\x8f\xe5WJ\x00>\xf2\xd6\t\xf4IE\xcb\x15A\xb5\xbbG\xa0\xea\xc4\x03\xf2\xf5\xf4\xa1\x98', &(0x7f0000000240)='./file0\x00', 0x0, 0x201008, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) ioctl$SNDCTL_SEQ_THRESHOLD(0xffffffffffffffff, 0x4004510d, 0xffffffffffffffff) r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r5, 0xffffffffffffffff, 0x0) 6.230446974s ago: executing program 1 (id=3578): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000200)={0x0, 0x7}, 0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000340)={0x0, 0xcc}, 0x8) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='fsi_master_gpio_cmd_rel_addr\x00', r1, 0x0, 0x200}, 0xfffffd8b) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x8b1fb000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) close(0xffffffffffffffff) socket$inet6(0xa, 0x802, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000280)=[@in6={0xa, 0x4e23, 0x0, @loopback, 0x7}], 0x1c) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmmsg$inet6(r0, 0x0, 0x0, 0x3404c8d4) mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0) lstat(&(0x7f0000000200)='./file0\x00', &(0x7f0000000340)) 5.403675705s ago: executing program 2 (id=3579): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r2 = dup(r1) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) setsockopt$ARPT_SO_SET_REPLACE(r2, 0x0, 0x60, &(0x7f0000000500)={'filter\x00', 0x7, 0x4, 0x3f0, 0x0, 0x220, 0x220, 0x308, 0x308, 0x308, 0x4, &(0x7f00000003c0), {[{{@arp={@dev={0xac, 0x14, 0x14, 0x37}, @loopback, 0xff, 0xffffffff, 0x0, 0xb, {@mac=@broadcast, {[0xff, 0xff, 0xff, 0xff, 0xff, 0xff]}}, {@mac=@multicast, {[0xff, 0x0, 0xff, 0xff, 0xff]}}, 0xb64, 0x8, 0x0, 0x2, 0x9, 0x2, 'gretap0\x00', 'virt_wifi0\x00', {0xff}, {0xff}, 0x0, 0x18}, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @mac=@local, @private=0xa010102, @broadcast, 0x8, 0x1}}}, {{@arp={@multicast1, @local, 0xffffffff, 0xff000000, 0xa, 0xc, {@empty, {[0xff, 0xff, 0xff, 0x0, 0x0, 0xff]}}, {@empty, {[0x0, 0xff, 0x0, 0xff, 0xff]}}, 0x81, 0x8, 0x81, 0xfffa, 0xa24a, 0x0, 'macvlan0\x00', 'veth0_to_batadv\x00', {0xff}, {0xff}, 0x0, 0x50}, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@remote, @mac=@local, @broadcast, @multicast2, 0x1, 0x1}}}, {{@uncond, 0xc0, 0xe8}, @unspec=@CLASSIFY={0x28, 'CLASSIFY\x00', 0x0, {0x8001}}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x440) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r6 = fsopen(&(0x7f0000000400)='cramfs\x00', 0x0) fsconfig$FSCONFIG_SET_BINARY(r6, 0x2, &(0x7f00000001c0)='acl', &(0x7f0000001840)=']', 0x1) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) syz_init_net_socket$x25(0x9, 0x5, 0x0) r7 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r7, 0x541c, &(0x7f00000000c0)={0x2, {0x2, 0x3bf, 0x4, 0x14c}}) ioctl$TCSETS2(r7, 0x402c542b, &(0x7f0000000040)={0x7f1, 0x84, 0xefcc, 0x10b, 0x5, "f06fca79266e82a74b6c5e443a04683cc267a0", 0x6, 0xc}) ioctl$TIOCL_PASTESEL(r7, 0x541c, &(0x7f0000000100)) 5.402647795s ago: executing program 4 (id=3580): syz_open_dev$vcsa(&(0x7f0000000300), 0x1, 0x102) socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x8000000000088}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = socket$alg(0x26, 0x5, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="1b0000000000000000000000000004", @ANYBLOB], 0x48) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r5}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x2d) bind$alg(r1, &(0x7f00000001c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha256\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, 0x0, 0x0) bind$alg(r1, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(sha256)\x00'}, 0x58) 3.376304603s ago: executing program 2 (id=3581): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000280)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) sendmsg$nl_xfrm(r0, 0x0, 0x20008000) r5 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_RES_CM_ID_GET(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="180000000b148b0a28bd7001fbdbdfa508"], 0x18}, 0x1, 0x0, 0x0, 0x48010}, 0x20004000) syz_genetlink_get_family_id$nl80211(0x0, r4) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff) r8 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000040)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_DEAUTHENTICATE(r6, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)={0x1c, r7, 0xfc5, 0x0, 0x0, {{0x11}, {@val={0x8, 0x3, r9}, @void}}}, 0x1c}}, 0x0) 3.366272524s ago: executing program 1 (id=3582): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) r0 = socket(0x15, 0x5, 0x0) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000180)={0x0, &(0x7f0000000140)}, 0x10) connect$l2tp6(r0, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f00001d8000/0x2000)=nil, 0x2000, 0x0, 0x12, r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r2) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x200}, 0x1c) listen(r3, 0x0) r4 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r4, 0x0, 0x0) r5 = accept(r3, 0x0, 0x0) r6 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000180)=@bpf_lsm={0x6, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x94) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newlink={0x34, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2031}, [@IFLA_XDP={0xc, 0x2b, 0x0, 0x1, [@IFLA_XDP_FD={0x8, 0x1, r6}]}, @IFLA_GROUP={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x20048054}, 0x0) sendmsg$TEAM_CMD_OPTIONS_SET(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)=ANY=[], 0xfffffdef}, 0x1, 0x0, 0x0, 0x2400c840}, 0x0) connect$unix(r5, &(0x7f0000000140)=@file={0x0, './file0\x00'}, 0x6e) 3.262910735s ago: executing program 4 (id=3583): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) ioctl$SNDCTL_DSP_SPEED(0xffffffffffffffff, 0xc0045002, 0x0) write$dsp(0xffffffffffffffff, 0x0, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000040), 0x0) mount$fuse(0x0, 0x0, 0x0, 0x1000000, &(0x7f0000000540)=ANY=[@ANYBLOB='fd=', @ANYBLOB=',rootmode=00000000000000000140000,', @ANYRESDEC=0x0, @ANYRESDEC=0x0, @ANYBLOB="2c646f53495b0570707261697365"]) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48) r5 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x80082, 0x0) write$vga_arbiter(r5, &(0x7f0000000040)=ANY=[@ANYBLOB='target PC'], 0x13) r6 = socket$inet(0xa, 0x801, 0x84) connect$inet(r6, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r6, 0x8) 2.331780398s ago: executing program 2 (id=3584): r0 = openat$sequencer(0xffffffffffffff9c, 0x0, 0x8002, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000001a40)=""/102392, 0x18ff8) add_key(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x6}]}, 0x10) sendmmsg(r2, &(0x7f0000000180), 0x4000190, 0x0) write$P9_RSTATu(r0, 0x0, 0x230) timer_create(0x2, 0x0, &(0x7f00000008c0)=0x0) timer_settime(r4, 0x0, 0x0, 0x0) timer_delete(r4) timer_delete(r4) creat(&(0x7f00000002c0)='./file0\x00', 0x0) open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x8) bpf$PROG_LOAD(0x5, 0x0, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18010000120000000000000000000000850000006d000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb7020000080000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x40, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfbff}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000280)='f2fs_shutdown\x00', r5, 0x0, 0x9}, 0x18) bpf$BPF_LINK_CREATE_XDP(0x1c, 0x0, 0x0) mmap$xdp(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1f, 0x12, 0xffffffffffffffff, 0x0) 2.255559339s ago: executing program 2 (id=3585): openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0) syz_open_dev$evdev(&(0x7f0000000080), 0x2, 0x842) r0 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x1) ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT(r0, 0x40a85321, &(0x7f0000000580)={{0x6, 0x5}, 'port0\x00', 0x10, 0xa0021, 0x89aa, 0x9, 0x2, 0x4, 0x8, 0x0, 0x0, 0x4}) bpf$ITER_CREATE(0x21, 0x0, 0x0) syz_mount_image$iso9660(&(0x7f0000000cc0), &(0x7f0000000180)='./file1\x00', 0x1004081, &(0x7f0000000040)=ANY=[], 0x2, 0x7f4, &(0x7f0000000d80)="$eJzs3U9oHOfZAPBnFMl2FD5/Id9HPmMcZ2znA5s6ymqVKBU5pJvVSJ5ktSt2V8WmlMTEcjCWk5AQ0pjS1JekLS2lpx7TXEMuubUUWuih7anQHHrpoRDIpSUtLZSWUnDZ2V1r9Wcl/5HlNP39RPadfeeZd953drLPznpnJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACASKqzpdJkErW8vnQ6Ha4622wsbDG/395P1xRbrDci6fwX+/bFgW7Vgf9dnX1/5+FoHOo+OxT7OsW+uHzP/fc+8T+jI/3lt+jQzToyfNbY4JMk4uudTl08u7Ky/Mpt6Mgu+taPexP7rnuRv1/tPM5n9bzVyBcq81matxrpzPR06ZFTc610Lq9lrTOtdraQVptZpd1opserJ9LJmZmpNJs401iqz89Walm/8vGHy6XSdPr0xGJWabYa9UeenmhVT+W1Wl6fL2LKpdejE/N4Z0d8Jm+n7ayykKbnL6wsT23X1U7Q5JqavWt2nEMP3fvxax/95cJyZ4cc1kjS2zHLk5Pl8uT0YzOPPV4qjZZL5bUVpXXiWkSMRHQibstOy511zyZ1o709ZsOMiKv/vTNv3nCLRnr5P2qRRz2W4nSkkcZI8bj6NxbVmI1mNGKh8/w3Y+vmb8j////IH3+11XoH838/yx9YnX0wivx/uPvs8LD8v6EXO/A3OqzV+vvd3gzWvRpvxOW4GGdjJVZiOV65mTXuWd/qbfwb2dn25iOLeuTRikbksRCVoibt1aQxE9MxHaV4Nk7FXLQijbnIoxZZtOJMtKIdWbFHVaMZWVSiHY1oRhrHoxonIo3JmImZmIo0spiIM9GIpajHfMxGpWjlfFwotvvUun7d/7XnfvTCrz9+pzN9LWhyi4EknQ9znaA/bxG0Id3fQP7vRIz09u5dyUnskn03+Kru0Ds33LqrRf4fvdPdAAAAAG6jpPj2PYmIsXigmJrLa9mX7nS3AAAAgB1U/K75UKcY60w9EEnn+L+0SeSHu943AAAAYGckxTl2SUSMx4Pdqf7pUpt9CQAAAAD8Gyr+/f9wpxiPeLOocPwPAAAAnzHfGHaN/Y/29K6x21rcm/zkT9FsjiVXFk8/lFyqdOIql+7qLtcrvnitxfbcwWR/r5GimB69fE8SEaPV7FDSv/rlP/d2y0+Kx4OrFyAcdq3/ZJsOxNYdKJ7Ft+NIN+bIuW55rj+nu5bxubyWTVQbtScmk96XI+3XXrzwlSiG/836wv4kzl9YWZ54/qWVc0VfrnRauXKpd3n4pL9URPeEii36crW3BeKBzUc8VpyI0VvveHe9pcHx964mO7L1+JPBdb4VR7sxR8e75fja8e/rrHNy4onJqFT2j7Sz0+3Xrg6MvteLydWR7+2PNrmBV+GtONaNOXb8WLfYpBflNb14cWMvyoPb//q2xXX34p0jb57+688bSTa1XS+mbrEXAHfK+eKqP6tZ6O4iC/3jalcnoa3Lu3f3l7yRd7nzq58y+ssP5LrR2JDd05vJ7m/F8W7M8e7nidGDm+SV0ibv6C9fePkXvXf0R9/7/g++fPiXH6zL6zfQi/fiRDemV8R9PxuSYztj/s66rPpuZ4l3h663VSsnr++dGku6Nx+Kyw9fuHT2heUXll8sl6emS4+WSo+VY6z4qNArhvRU5gH4z7bdPXY++Oq10GF34Uke3eao+r5rPymYiOfjpViJc3GyONsgIh7cvNXxgZ8hnNzmqHV84A4vJ7c5tlyNLa+P3XssiSGxUwNb7P++VxR/u00vCADsgqPb5OEk7u3Of/2/ekusi7grSU5uc9y9Npef6N44t390HMNz+aDf98rP3/YtAgCffVnzk2S8/XbSbOaLz07OzExW2qeytNmoPpM289n5LM3r7axZPVWpz2fpYrPRblT7Xx3PZq20tbS42Gi207lGM11stPLTxZ3f096t31vZQqXezqutxVpWaWVptVFvV6rtdDZvVdPFpadqeetU1iwWbi1m1Xwur1baeaOethpLzWo2kaatLBsIzGezejufy7OxNK+ni818odK8EhG1pYUsnc1a1Wa+2G50G+yvK6/PNZoLRbMTG4f/h93e3gDwafDqG5cvnl1ZWX7l5iZ+ez3Bd3qMAMBasjQAAAAAAAAAAAAAAHz6bTxdr1N7QycCjsVNnz746t64lbMPP3sTn3u/+7LsRIO30s7da17TPb2d5c5vnxueeO7JJy+u1iSjg5v3qTcPnPpdFv3RbdHO5v+nbHaq69v7I/b88Lvdmi8MCU5Gd3ikH0bETSx+NdkiZvffiwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgO/8KAAD//wifUTs=") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) getdents(0xffffffffffffffff, &(0x7f0000001fc0)=""/176, 0xb0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='pids.current\x00', 0x275a, 0x0) 2.254400959s ago: executing program 0 (id=3586): r0 = getpid() sched_setscheduler(r0, 0x2, 0x0) prlimit64(r0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) r4 = socket$kcm(0x2, 0x200000000000001, 0x106) r5 = msgget$private(0x0, 0x1c0) msgctl$IPC_SET(r5, 0x1, &(0x7f0000258f88)={{0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x96}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}) msgsnd(r5, &(0x7f0000000080)=ANY=[@ANYRES8], 0x0, 0x0) msgsnd(r5, &(0x7f00000000c0)=ANY=[@ANYBLOB="01"], 0x8, 0x0) msgctl$IPC_SET(r5, 0x1, &(0x7f0000258f88)={{0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x9, 0xff, 0x5, 0xe8}) msgrcv(r5, &(0x7f0000000340)={0x0, ""/158}, 0xa6, 0x3, 0x3000) sendmsg$inet(r4, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x0, @remote}, 0x10, 0x0}, 0x3000c041) r6 = socket$kcm(0x10, 0x2, 0x4) recvmsg$kcm(r4, &(0x7f00000000c0)={0x0, 0xfffffffffffffe71, 0x0}, 0x0) sendmsg$kcm(r6, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) 2.046932362s ago: executing program 4 (id=3587): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0xc4300, 0x180) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$nl_route(0x10, 0x3, 0x0) rseq(0x0, 0x0, 0x1, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xd3, 0x800000000000000, &(0x7f0000000280)) bpf$MAP_CREATE(0x0, 0x0, 0x50) r4 = socket$kcm(0x2, 0x5, 0x84) sendmsg$inet(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000001400)=[{&(0x7f0000001800)}], 0x1}, 0xf4) sendmsg$inet(0xffffffffffffffff, 0x0, 0x7e8166965e22236a) setsockopt$sock_attach_bpf(r4, 0x84, 0x1e, &(0x7f0000000000), 0x10) socket$nl_route(0x10, 0x3, 0x0) r5 = socket$inet6(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000300)={'virt_wifi0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000004c0)=@newtclass={0x24, 0x28, 0x200, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r6, {0xf, 0xfff3}, {0xe, 0x3}, {0x10, 0xffe0}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x30004804}, 0x4004844) 1.975401333s ago: executing program 1 (id=3588): r0 = syz_mount_image$iso9660(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x2000c12, &(0x7f0000000a00)=ANY=[@ANYBLOB='hide,dmode=0x0000000000000009,overriderockperm,utf8,map=acorn,iocharset=iso8859-1,mode=0x00000000000000c9,cruft,map=off,check=strict,overriderockperm,block=0x0000000000000200,cruft,nocompress,cruft,session=0x000000000000002e,gid=', @ANYRESHEX=0x0, @ANYBLOB="2c7362736563746f723d3078303030303030303030303030303030332c00d4215a15701bca521647652b2623aac16363b7c886c8e01c34c1be48fac31ff64fd975416483f623de07f461566ca6ee1f45ee43de3a417c9f293dce66ea364d3d2e284b815c568722445db6e7bc85745e23605586296a7c3b961a6202dc4d36efbb967e286625378fc6af8ffdc648cbda4797ab0d6ad05169b0e2236e6cbf8f752dbf0496b0ba34761d90d049f3be85f3c0c0e38b6daad6f29cb7ee0f1aea54884f0983e098cd5497ff80c97d0fcc"], 0x1, 0xa2f, &(0x7f00000018c0)="$eJzs3c1vXFdfB/DvHduJH/chydOGUqK2nqQkdVvj2A5NiLooiT1JXPyCbEdqxKIpjYOiGAotSG2F1FRCrFqBBGIBu4oVq0rdUBaoGwQ7umKBhPovVKzCyujOjO2xPeNxjGO76edjzcx9+d1zfnfuy/HM3JkTflxWjm8YW1mp33Y5fvMf9yFjDrGrk99/+dUX5e2zBzmSnrxe/FPSn6Sa9CZ5LumbmJyfm+lS0P3kdpJvkyLJ0TQed+R2ir/Mz9fHv03x92W9HR3Zacl0s8JP2kHvfwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcBgVE5Ojo2PFkUzN3ny72pBUt5iYnJ8rsrKydc7qMg3f1Hv9Lr7pWm9SlLf096929f3cyfXZzyapnsnzjbHn6x2Spz+fPPXsiTee6a2sLt8pm/+Xozsv9sOPP7n/7vLy0gdt5xbFHmZ1yDT2keu12amFuamZK9dr1amFuerlixdHz9+4tlC9NjVdW7i1sFibqU7M164szs1XhyZeqY5dvnyhWhu5NXdz9vrkyHRtdeKlXx8fHb1YfWvkd2pX5hfmZs+/NbIwcWNqenpq9no9ppxdxlwqd8TfnlqsLtauzFSrd+8tL13YlFlPNu2/ZdBYt/Upg8a7BY2Pjo+PjY2Pj33W7D17bcLF1y+/fml0tHd0k2yJeEw7LYfLzzpv5r0/icMuVRrtfzKdqczmZt5Ote3fRCYzn7nMdJjftNr+nz1f27batLT/zVa+t2X+qfLuTF5sjvZ3aP875LJ/fx/m43yS+3k3y1nOUj448Iz29+96apnNVBYyl6nM5Ep9SrU5pZrLuZiLGc07uZHBLKQ31zKV6dSykFtZyGJq9T1qIvOp5UoWM5f5VDOUibySasZyOZdzIdXUMpJbmcvNzOZ6JnOlXsrd3Ks/7xe2yXEtaGwnQePbBG1pzB+5/a9t/ueEJ1Bl2638GM7isDsrzfb/SPfQoYn9SAgAAADYc7/67zl28ul/+++kyAv1z+WvTU3XRg86LQAAAGAP1S/Xe7586CuHXkjh9T8AAAA8aYr6d+yKJAMZbAytfhPKmwAAAADwhKh//v9iisH1CV7/AwAAwBOm+2/sd40ohld//rd6p/F4pxnRGCsGrk1N10Ym5qbfGMu5+q8M1L9psKW0nqToq3/94NWcbkSdHmg8DqyXWNbZX0aNjbwxlldzprkiQy+VDy8NtYkcb0S+3Ih8uTWyJxsiL5SRAPCkO7NNe7zT9v/VDDcihk/Vm/zeUxva4J56yzqqZQWAw2Ktj53/bXZp1qb9b0a82Kn9/41tXv+XEU/n7mDjkoKRvJf3s5w7GU7zioPBdqWu9kbQuAxhuMu7AQPNSxa+u1TJ8Jb3A/rX1rU1dinjGW77jkBLucVqDhcacT2PZxsAwH47s207vNb+927X/g9v//q/pc11SSEAHAZrPdg/6sDgzoMPeh0BgI200gAAAAAAAAAAAAAAAAAAAAAAAAAAALD3dvQD/v9xLlleXkp221lAm4Hv/vWff6ljzOdPJf2PkuH2A5XsTc6Hf6AnyUHV/mYeealyGx+Wp87AxoEDPjEBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwL4qkp930SnI0yWiS8/uf1ePz4KAT2CvV3S1WPMzDfJRje50OAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBPXfP3/ytpPD7VmJTeSnI2ye0kv3vQOT6K/i7zH+5THofPH9TvW37/v5L0ZaVIb2Ozp+ibmJyfmyl3heJoOf/7L7/6orx1LPLT1YGtvSqUBZQ1bOhcollDy5S+jUv9or7UwOTSh/f/5P0/qk5ere+YVxevTU/OXJ//rfXAZ4uvG10gtHaDsJrvn539l79qmXykWfnX5Zq2t7nea/V6J7fW+yvtlu5Q7w7cW14aL2tarL29+Kd/WGmd9XROJy8NJUMba/r98tahptObn8+Nih+KvyiO5W9zu779y2ejWCnKTXS8vv4/u3tveWnkvfeX76zl9Om9j1oKOJHBJHc2HmVdchqsn0/aqu91lb6y1tF6UHl3skt522opcWz9ed2wDr+o7zIDj7QO1c7rUNfleW9mdGFzRivlQfLXf/xMzm27pY+2KfFclxrbKn4o/qu4kf/Mn7f0/1Ept//ZtD062xRRj2zZU1rnbTi8KmfX13y8dcY7m8vseFTyGHye38tvrm3/Ssv5v7mtOhw3a+ejN1smdjhuVg+tbY6Llhq3HBdN3Y6LrUfqPxzf0qKsqx9GJze1SM2zT6dlmnmebER1yPOX81rSe+qRziivdTmjdFt+t8f/3xVD+Z880P8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABw+BVJT7vpleRskhNJjpfj1WRlc8yDXdRXGSh2k+ae2U3OPz5FxxUtHuZhPsqx/c4IAAAAAAAAgMfj6uT3X371RXmrfx7fk1+rNOdUk94kJ4q/6ZuYnJ+b6VJQX3J79SP9/vYhHSbndnn38/Xxb8ux57rUd7CXDwDAj9r/BQAA//+CGm1g") dup3(r0, r0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000180)="1400000016000b63d25a80648c2594f90224fc60", 0x14}], 0x1}, 0x80) clock_settime(0x0, &(0x7f0000000240)={0x77359400}) clock_adjtime(0x0, &(0x7f0000000640)={0x7, 0x9, 0x380000, 0x8, 0xfffffffffffffff9, 0xfffffffffffffff7, 0x9, 0x0, 0xae, 0x6, 0x7, 0x4, 0xfffffffffffff04f, 0x7, 0x80000000, 0xfffffffffffffff4, 0xffffffffffffffff, 0x6, 0x0, 0x100, 0x4, 0x2, 0x5, 0x3, 0x8, 0x8}) clock_adjtime(0x0, &(0x7f0000000900)={0x400000000006, 0x20000000b, 0x200000f, 0x0, 0xf, 0x8000000000000000, 0xa, 0x2, 0x9, 0x4, 0x5, 0x8000000000000000, 0xc, 0x9, 0x7, 0x9, 0x8, 0x3, 0x50, 0x80000000, 0x0, 0x5, 0x7, 0x7, 0x3, 0x6}) ioctl$EVIOCSABS3F(0xffffffffffffffff, 0x401845ff, 0x0) getpid() ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) 243.172177ms ago: executing program 4 (id=3589): getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xa, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x2, 0x0, 0x0, 0x0, 0x61, 0x19, 0x4c}, [@ldst={0x5, 0x0, 0x4, 0x0, 0x0, 0x0, 0x27}]}, &(0x7f0000000080)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffffbf, 0x10, &(0x7f0000000000), 0x3}, 0x28) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SET_MM(0x23, 0xa, &(0x7f00002d5000/0x2000)=nil) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='environ\x00') preadv(r3, &(0x7f0000001400)=[{&(0x7f0000000040)=""/113, 0x200000b1}], 0x1, 0xc002a0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x18) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) dup(r4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r4, 0x0, 0x0, 0x0, {}, 0x1}) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount$afs(&(0x7f0000000040)=ANY=[@ANYBLOB="2373797a313a73797a302e729461fb6d6e6c7900"], &(0x7f0000000280)='./file0\x00', 0x0, 0x0, 0x0) 0s ago: executing program 0 (id=3590): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480), 0x22401, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000071000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10) r6 = socket$inet_udp(0x2, 0x2, 0x0) r7 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r7, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) syz_genetlink_get_family_id$nl80211(0x0, r7) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f00000000c0)={'sit0\x00', 0x0}) setsockopt$inet_mreq(r6, 0x0, 0x23, &(0x7f0000000200)={@multicast2, @dev={0xac, 0x14, 0x14, 0x24}}, 0x8) close_range(r6, 0xffffffffffffffff, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, 0x0, 0x3f}], 0x1, 0x0, 0x0, 0x0) kernel console output (not intermixed with test programs): 13021] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 20000 - 0 [ 742.562939][T13021] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 20000 - 0 [ 742.651780][T13021] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 20000 - 0 [ 742.679537][T13021] bond2: (slave geneve2): making interface the new active one [ 742.711211][T13021] bond2: (slave geneve2): Enslaving as an active interface with an up link [ 742.750468][T13019] bond2: (slave ip6gretap1): Enslaving as an active interface with an up link [ 742.761234][T13024] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1910'. [ 742.862097][T13024] 8021q: adding VLAN 0 to HW filter on device bond2 [ 743.888815][T13032] xt_time: unknown flags 0xc [ 744.463466][T13046] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1916'. [ 746.740889][T13079] loop0: detected capacity change from 0 to 2048 [ 746.771292][T13079] EXT4-fs (loop0): mounted filesystem 00000800-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 747.039176][ T5787] EXT4-fs (loop0): unmounting filesystem 00000800-0000-0000-0000-000000000000. [ 747.354281][T13099] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1929'. [ 747.443927][T13101] trusted_key: encrypted_key: key user:syz not found [ 747.563678][ T1281] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.591457][ T1281] ieee802154 phy1 wpan1: encryption failed: -22 [ 747.845041][T13104] loop0: detected capacity change from 0 to 8192 [ 750.528731][T13128] hugetlbfs: syz.1.1937 (13128): Using mlock ulimits for SHM_HUGETLB is obsolete [ 752.338866][T13146] loop0: detected capacity change from 0 to 8192 [ 753.396006][T13158] bridge_slave_0: left allmulticast mode [ 753.402453][T13158] bridge_slave_0: left promiscuous mode [ 753.411553][T13158] bridge0: port 1(bridge_slave_0) entered disabled state [ 753.427525][T13158] bridge_slave_1: left allmulticast mode [ 753.435032][T13158] bridge_slave_1: left promiscuous mode [ 753.445145][T13158] bridge0: port 2(bridge_slave_1) entered disabled state [ 753.485894][T13158] bond0: (slave bond_slave_0): Releasing backup interface [ 753.517997][T13158] bond_slave_0: left promiscuous mode [ 753.559175][T13158] bond0: (slave bond_slave_1): Releasing backup interface [ 753.569502][T13158] bond_slave_1: left promiscuous mode [ 753.642806][T13158] team0: Failed to send options change via netlink (err -105) [ 753.660612][T13158] team0: Failed to send port change of device team_slave_0 via netlink (err -105) [ 753.680884][T13158] team0: Port device team_slave_0 removed [ 753.817617][T13158] team0: Failed to send options change via netlink (err -105) [ 753.842665][T13158] team0: Failed to send port change of device team_slave_1 via netlink (err -105) [ 753.853605][T13158] team0: Port device team_slave_1 removed [ 753.870590][T13158] bond0: (slave wlan1): Releasing backup interface [ 753.884319][T13158] mac80211_hwsim hwsim3 wlan1: left promiscuous mode [ 753.914301][T13158] bond0: (slave vxlan0): Releasing backup interface [ 753.929342][T13158] vxlan0: left promiscuous mode [ 753.936852][T13158] netdevsim netdevsim2 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 753.946152][T13158] netdevsim netdevsim2 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 753.955159][T13158] netdevsim netdevsim2 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 753.964484][T13158] netdevsim netdevsim2 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 753.991341][T13158] bond1: (slave veth5): Releasing active interface [ 754.022838][T13158] bond2: (slave ip6erspan0): Releasing active interface [ 754.031869][T13158] bond2: (slave ip6erspan0): the permanent HWaddr of slave - 26:1b:c1:12:42:0b - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts [ 754.051197][T13158] bond2: (slave gretap1): making interface the new active one [ 754.075212][T13158] bond2: (slave gretap1): Releasing active interface [ 754.105788][T13158] bond3: (slave bond4): Releasing backup interface [ 754.113220][T13158] bond3: (slave bond4): the permanent HWaddr of slave - 8a:94:79:81:81:7b - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts [ 754.134090][T13158] bond3: (slave gretap2): making interface the new active one [ 754.160747][T13158] bond3: (slave gretap2): Releasing backup interface [ 754.198579][T13158] syz.2.1946 (13158) used greatest stack depth: 17488 bytes left [ 754.238151][T13161] team0: Mode changed to "loadbalance" [ 755.353211][T13178] futex_wake_op: syz.3.1951 tries to shift op by -1; fix this program [ 759.782849][T13201] loop0: detected capacity change from 0 to 8192 [ 761.460767][T13223] overlayfs: failed to clone upperpath [ 765.835956][T13253] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(4) [ 765.842494][T13253] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 765.870190][T13253] vhci_hcd vhci_hcd.0: Device attached [ 765.900543][T13257] vhci_hcd vhci_hcd.0: pdev(0) rhport(1) sockfd(7) [ 765.907108][T13257] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 765.927119][T13257] vhci_hcd vhci_hcd.0: Device attached [ 765.995047][T13253] vhci_hcd vhci_hcd.0: pdev(0) rhport(2) sockfd(6) [ 766.001608][T13253] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 766.030204][T13257] vhci_hcd vhci_hcd.0: pdev(0) rhport(3) sockfd(11) [ 766.036866][T13257] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 766.052534][T13253] vhci_hcd vhci_hcd.0: Device attached [ 766.052782][T13257] vhci_hcd vhci_hcd.0: Device attached [ 766.097501][T13257] vhci_hcd vhci_hcd.0: pdev(0) rhport(4) sockfd(13) [ 766.104175][T13257] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 766.124784][T13257] vhci_hcd vhci_hcd.0: Device attached [ 766.141377][T13253] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 766.172829][T13253] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 766.222682][T13257] vhci_hcd vhci_hcd.0: pdev(0) rhport(7) sockfd(19) [ 766.229353][T13257] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 766.236940][ T5831] vhci_hcd: vhci_device speed not set [ 766.276702][T13257] vhci_hcd vhci_hcd.0: Device attached [ 766.313158][ T5831] usb 33-1: new high-speed USB device number 2 using vhci_hcd [ 766.540814][T13253] vhci_hcd vhci_hcd.0: port 0 already used [ 766.762048][T13270] vhci_hcd: connection closed [ 766.765571][ T3429] vhci_hcd: stop threads [ 766.805492][T13258] vhci_hcd: connection closed [ 766.807213][T13254] vhci_hcd: connection reset by peer [ 766.830292][T13268] vhci_hcd: connection closed [ 766.837207][T13263] vhci_hcd: connection closed [ 766.970723][ T3429] vhci_hcd: release socket [ 766.991512][ T3429] vhci_hcd: disconnect device [ 767.039713][T13272] vhci_hcd: connection closed [ 767.100125][ T3429] vhci_hcd: stop threads [ 767.131892][ T3429] vhci_hcd: release socket [ 767.146759][ T3429] vhci_hcd: disconnect device [ 767.153355][ T3429] vhci_hcd: stop threads [ 767.158169][ T3429] vhci_hcd: release socket [ 767.162921][ T3429] vhci_hcd: disconnect device [ 767.168044][ T3429] vhci_hcd: stop threads [ 767.172867][ T3429] vhci_hcd: release socket [ 767.177543][ T3429] vhci_hcd: disconnect device [ 767.182896][ T3429] vhci_hcd: stop threads [ 767.187541][ T3429] vhci_hcd: release socket [ 767.253808][T13287] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1977'. [ 767.344905][ T3429] vhci_hcd: disconnect device [ 767.450756][ T3429] vhci_hcd: stop threads [ 767.494758][ T3429] vhci_hcd: release socket [ 767.587154][ T3429] vhci_hcd: disconnect device [ 768.149992][T13294] xt_TCPMSS: Only works on TCP SYN packets [ 769.451924][T13312] loop0: detected capacity change from 0 to 128 [ 769.581161][T13312] EXT4-fs warning (device loop0): ext4_init_metadata_csum:4634: metadata_csum and uninit_bg are redundant flags; please run fsck. [ 769.951661][T13312] EXT4-fs (loop0): Encoding requested by superblock is unknown [ 770.916916][ T28] audit: type=1326 audit(1752131945.817:486): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13310 comm="syz.0.1985" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d6a78e929 code=0x7ffc0000 [ 771.079927][ T28] audit: type=1326 audit(1752131945.817:487): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13310 comm="syz.0.1985" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d6a78e929 code=0x7ffc0000 [ 771.163076][ T28] audit: type=1326 audit(1752131945.847:488): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13310 comm="syz.0.1985" exe="/root/syz-executor" sig=0 arch=c000003e syscall=99 compat=0 ip=0x7f2d6a78e929 code=0x7ffc0000 [ 771.206129][ T28] audit: type=1326 audit(1752131945.847:489): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13310 comm="syz.0.1985" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d6a78e929 code=0x7ffc0000 [ 772.031455][ T28] audit: type=1326 audit(1752131945.847:490): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13310 comm="syz.0.1985" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d6a78e929 code=0x7ffc0000 [ 772.057545][ T28] audit: type=1326 audit(1752131945.847:491): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13310 comm="syz.0.1985" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7f2d6a78e929 code=0x7ffc0000 [ 772.119884][ T28] audit: type=1326 audit(1752131945.847:492): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13310 comm="syz.0.1985" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d6a78e929 code=0x7ffc0000 [ 772.122094][ T5831] vhci_hcd: vhci_device speed not set [ 772.200080][ T28] audit: type=1326 audit(1752131945.847:493): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13310 comm="syz.0.1985" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d6a78e929 code=0x7ffc0000 [ 772.289890][ T28] audit: type=1326 audit(1752131945.847:494): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13310 comm="syz.0.1985" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2d6a78e929 code=0x7ffc0000 [ 772.333955][ T28] audit: type=1326 audit(1752131945.847:495): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13310 comm="syz.0.1985" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2d6a78e929 code=0x7ffc0000 [ 776.229207][T13341] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1994'. [ 779.890544][T13384] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2005'. [ 787.167350][T13426] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2016'. [ 792.547402][T13477] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2029'. [ 793.069366][T13491] bridge_slave_0: left promiscuous mode [ 793.079006][T13491] bridge0: port 1(bridge_slave_0) entered disabled state [ 793.092445][T13491] bridge_slave_1: left promiscuous mode [ 793.093459][T13495] loop0: detected capacity change from 0 to 512 [ 793.098291][T13491] bridge0: port 2(bridge_slave_1) entered disabled state [ 793.112013][T13495] EXT4-fs: Ignoring removed bh option [ 793.128383][T13491] bond0: (slave bond_slave_0): Releasing backup interface [ 793.146979][T13491] bond0: (slave bond_slave_1): Releasing backup interface [ 793.167278][T13495] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 793.181607][T13491] team0: Failed to send port change of device team_slave_0 via netlink (err -105) [ 793.183395][T13495] ext4 filesystem being mounted at /473/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 793.231380][T13491] team0: Port device team_slave_0 removed [ 793.416986][T13491] team0: Failed to send options change via netlink (err -105) [ 793.437402][T13491] team0: Failed to send port change of device team_slave_1 via netlink (err -105) [ 793.451285][T13491] team0: Port device team_slave_1 removed [ 793.459207][T13491] bond0: (slave wlan1): Releasing backup interface [ 793.468611][T13491] mac80211_hwsim hwsim9 wlan1: left allmulticast mode [ 793.485224][T13491] bond2: (slave geneve2): Releasing active interface [ 793.492216][T13491] bond2: (slave geneve2): the permanent HWaddr of slave - f2:78:5e:e4:66:4e - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts [ 793.517967][T13491] bond2: (slave ip6gretap1): making interface the new active one [ 793.553867][T13506] ip6t_REJECT: ECHOREPLY is not supported [ 793.561618][T13491] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 20000 - 0 [ 793.571866][T13491] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 20000 - 0 [ 793.581129][T13491] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 20000 - 0 [ 793.590449][T13491] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 20000 - 0 [ 793.612482][T13491] bond2: (slave ip6gretap1): Releasing active interface [ 793.711500][T13496] team0: Failed to send options change via netlink (err -105) [ 793.750203][T13496] team0: Mode changed to "loadbalance" [ 794.148996][T13511] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 794.661690][ T5787] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 795.727294][T13534] bond0: left promiscuous mode [ 795.739272][T13534] bond_slave_0: left promiscuous mode [ 795.790788][T13534] bond_slave_1: left promiscuous mode [ 795.810570][T13534] mac80211_hwsim hwsim5 wlan1: left promiscuous mode [ 795.833515][T13534] bond0: left allmulticast mode [ 795.838431][T13534] bond_slave_0: left allmulticast mode [ 795.863182][T13534] bond_slave_1: left allmulticast mode [ 795.869024][T13532] loop0: detected capacity change from 0 to 8192 [ 795.877437][T13534] mac80211_hwsim hwsim5 wlan1: left allmulticast mode [ 795.977923][T13534] team0: Port device bond0 removed [ 795.985796][T13534] team0: left allmulticast mode [ 796.051144][T13534] team_slave_0: left allmulticast mode [ 796.157275][T13534] team_slave_1: left allmulticast mode [ 796.273923][T13534] vxlan0: left allmulticast mode [ 796.369186][T13534] team0: left promiscuous mode [ 796.462868][T13534] team_slave_0: left promiscuous mode [ 796.622951][T13534] team_slave_1: left promiscuous mode [ 796.628560][T13534] vxlan0: left promiscuous mode [ 796.685175][T13534] bridge0: port 3(team0) entered disabled state [ 796.773747][T13534] bridge_slave_0: left allmulticast mode [ 796.781837][T13534] bridge_slave_0: left promiscuous mode [ 796.787709][T13534] bridge0: port 1(bridge_slave_0) entered disabled state [ 796.799565][T13534] bridge_slave_1: left allmulticast mode [ 796.812288][T13534] bridge_slave_1: left promiscuous mode [ 796.825133][T13534] bridge0: port 2(bridge_slave_1) entered disabled state [ 796.865033][T13534] bond0: (slave bond_slave_0): Releasing backup interface [ 796.911007][T13534] bond0: (slave bond_slave_1): Releasing backup interface [ 796.966218][T13534] team0: Port device team_slave_0 removed [ 796.998346][T13534] team0: Port device team_slave_1 removed [ 797.012301][T13534] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 797.020491][T13534] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 797.037235][T13534] bond0: (slave wlan1): Releasing backup interface [ 797.057075][T13534] netdevsim netdevsim3 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 797.066718][T13534] netdevsim netdevsim3 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 797.075790][T13534] netdevsim netdevsim3 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 797.084821][T13534] netdevsim netdevsim3 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 797.137225][T13534] team0: Port device vxlan0 removed [ 797.154067][T13534] bond1: (slave gretap1): Releasing active interface [ 797.172342][T13534] bond2: (slave veth3): Releasing active interface [ 797.329708][T13538] team0: Mode changed to "loadbalance" [ 797.410285][T13545] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2048'. [ 797.691974][T13554] netlink: 'syz.1.2048': attribute type 4 has an invalid length. [ 799.786036][T13580] loop0: detected capacity change from 0 to 8192 [ 803.914369][T13601] team0: Failed to send options change via netlink (err -105) [ 804.343447][T13601] team0: Failed to send port change of device bond0 via netlink (err -105) [ 804.367135][T13601] team0: Port device bond0 removed [ 804.440537][T13607] team0: Unable to change to the same mode the team is in [ 804.455596][T13617] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2067'. [ 804.481839][T13620] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2068'. [ 804.743798][T13624] loop0: detected capacity change from 0 to 8192 [ 806.662341][T13641] netlink: 'syz.3.2074': attribute type 10 has an invalid length. [ 806.824497][T13641] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 806.833934][T13650] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2074'. [ 808.355810][T13650] bond0: (slave bridge0): Releasing backup interface [ 808.543379][T13655] macvlan2: entered promiscuous mode [ 808.548813][T13655] bridge0: entered promiscuous mode [ 809.111858][ T1281] ieee802154 phy0 wpan0: encryption failed: -22 [ 809.120627][ T1281] ieee802154 phy1 wpan1: encryption failed: -22 [ 812.541619][T13699] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 812.709648][T13699] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 814.591288][T13727] lo: left allmulticast mode [ 814.607468][T13727] tunl0: left allmulticast mode [ 814.632853][T13727] gre0: left allmulticast mode [ 814.638537][T13727] gretap0: left allmulticast mode [ 814.663907][T13727] erspan0: left allmulticast mode [ 814.674057][T13727] ip_vti0: left allmulticast mode [ 814.682995][T13727] ip6_vti0: left allmulticast mode [ 814.690703][T13727] ip6tnl0: left allmulticast mode [ 814.697155][T13727] ip6gre0: left allmulticast mode [ 814.706156][T13727] ip6gretap0: left allmulticast mode [ 814.727153][T13727] bond0: left allmulticast mode [ 814.755531][T13727] 8021q: adding VLAN 0 to HW filter on device bond0 [ 814.765279][T13727] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 816.746152][T13748] gtp0: entered promiscuous mode [ 818.743759][T13764] loop0: detected capacity change from 0 to 8192 [ 827.659280][T13833] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2118'. [ 829.976843][T13861] loop0: detected capacity change from 0 to 256 [ 830.023035][T13861] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 830.127157][T13861] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=512, location=512 [ 830.136989][T13861] UDF-fs: warning (device loop0): udf_load_vrs: No anchor found [ 830.144767][T13861] UDF-fs: Scanning with blocksize 512 failed [ 830.169202][T13861] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 830.271356][T13861] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 831.255241][T13871] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2130'. [ 835.688412][T13914] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check. [ 835.859519][T13917] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2141'. [ 842.189912][T13971] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check. [ 842.261004][T13972] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2153'. [ 842.363884][T13973] netlink: 'syz.1.2152': attribute type 1 has an invalid length. [ 842.379980][T13973] netlink: 'syz.1.2152': attribute type 2 has an invalid length. [ 845.430018][T14019] A link change request failed with some changes committed already. Interface bond1 may have been left with an inconsistent configuration, please check. [ 851.653670][T14075] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2185'. [ 851.749093][T14075] bond2: (slave gretap1): Enslaving as an active interface with an up link [ 851.792827][T14075] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2185'. [ 851.806927][T14075] 8021q: adding VLAN 0 to HW filter on device bond2 [ 855.833490][T14118] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2197'. [ 858.284118][T14155] netlink: 'syz.0.2203': attribute type 1 has an invalid length. [ 858.292412][T14155] netlink: 'syz.0.2203': attribute type 2 has an invalid length. [ 858.326391][T14157] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2209'. [ 862.054325][T14182] loop0: detected capacity change from 0 to 8192 [ 862.060929][T14184] netlink: 9 bytes leftover after parsing attributes in process `syz.1.2216'. [ 862.080674][T14184] gretap0: entered promiscuous mode [ 862.622286][T14194] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2218'. [ 866.060603][T14232] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2229'. [ 867.491029][T14244] loop0: detected capacity change from 0 to 1024 [ 867.672087][T14244] hfsplus: unable to find HFS+ superblock [ 870.894479][ T1281] ieee802154 phy0 wpan0: encryption failed: -22 [ 870.905443][ T1281] ieee802154 phy1 wpan1: encryption failed: -22 [ 871.534678][T14285] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2243'. [ 875.489562][T14331] kernel read not supported for file /blkio.throttle.io_service_bytes_recursive (pid: 14331 comm: syz.2.2257) [ 875.503933][ T28] kauditd_printk_skb: 7 callbacks suppressed [ 875.503942][ T28] audit: type=1800 audit(1752132050.407:503): pid=14331 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.2257" name="blkio.throttle.io_service_bytes_recursive" dev="mqueue" ino=27075 res=0 errno=0 [ 880.312562][T14375] netlink: 'syz.3.2271': attribute type 1 has an invalid length. [ 880.320367][T14375] netlink: 'syz.3.2271': attribute type 2 has an invalid length. [ 880.345874][T14385] loop0: detected capacity change from 0 to 4096 [ 880.358814][T14385] ntfs3: Unknown parameter 'rose0' [ 883.955519][T14427] netlink: 164 bytes leftover after parsing attributes in process `syz.1.2282'. [ 888.500027][T14491] loop0: detected capacity change from 0 to 2048 [ 888.573746][T14491] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 888.741837][T14494] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 890.420587][T14521] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2311'. [ 891.630155][T14531] xt_connbytes: Forcing CT accounting to be enabled [ 891.828610][T14531] Cannot find set identified by id 0 to match [ 894.134614][T14562] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2321'. [ 899.153191][T14608] netlink: 'syz.0.2334': attribute type 10 has an invalid length. [ 904.274864][T14669] netlink: 84 bytes leftover after parsing attributes in process `syz.1.2349'. [ 908.343379][T14702] xt_l2tp: v2 sid > 0xffff: 117440512 [ 910.016749][T14713] sctp: [Deprecated]: syz.3.2362 (pid 14713) Use of struct sctp_assoc_value in delayed_ack socket option. [ 910.016749][T14713] Use struct sctp_sack_info instead [ 910.538842][T14730] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2366'. [ 915.347289][T14785] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2378'. [ 918.370084][T14813] PKCS7: Unknown OID: [4] 5.25.43183.11314.97.496.3.846527319083.2007.15776 [ 918.378911][T14813] PKCS7: Only support pkcs7_signedData type [ 919.884506][T14837] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2390'. [ 922.195327][T14867] loop0: detected capacity change from 0 to 512 [ 922.206477][T14867] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 922.346279][T14867] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2867: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 922.366324][T14867] EXT4-fs (loop0): 1 truncate cleaned up [ 922.376549][T14867] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 923.023910][ T5787] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 923.230828][T14886] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2405'. [ 923.271146][T14887] netlink: 'syz.1.2404': attribute type 1 has an invalid length. [ 925.095534][T14901] netlink: 324 bytes leftover after parsing attributes in process `syz.0.2415'. [ 925.105144][T14901] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2415'. [ 926.567765][T14911] [U]  [ 929.174833][ T5858] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 929.186260][ T5858] hid-generic 0000:0000:0000.0003: hidraw0: HID v0.00 Device [syz0] on syz0 [ 929.375417][T14931] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2416'. [ 930.493294][T14951] netlink: 324 bytes leftover after parsing attributes in process `syz.1.2420'. [ 930.502700][T14951] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2420'. [ 931.483993][T14939] fido_id[14939]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 931.645040][T14956] loop0: detected capacity change from 0 to 512 [ 931.680634][T14940] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 931.745987][T14959] vlan0: entered promiscuous mode [ 931.752037][T14959] vlan0: left allmulticast mode [ 932.215597][ T1281] ieee802154 phy0 wpan0: encryption failed: -22 [ 932.226963][ T1281] ieee802154 phy1 wpan1: encryption failed: -22 [ 933.748949][T14980] loop0: detected capacity change from 0 to 256 [ 934.772837][T14993] loop0: detected capacity change from 0 to 256 [ 937.512058][T15023] lo speed is unknown, defaulting to 1000 [ 938.931496][T15037] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma? [ 940.204118][T15039] netlink: 132 bytes leftover after parsing attributes in process `syz.1.2444'. [ 940.214281][T15028] netlink: 'syz.0.2442': attribute type 10 has an invalid length. [ 940.255974][T15028] hsr0: entered promiscuous mode [ 940.319066][T15028] bond0: (slave hsr0): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 940.331584][T15028] bond0: (slave hsr0): The slave device specified does not support setting the MAC address [ 940.341850][T15028] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets). [ 940.354339][T15028] bond0: (slave hsr0): Error -22 calling dev_set_mtu [ 942.601971][ T28] audit: type=1326 audit(1752132117.507:504): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15071 comm="syz.3.2451" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a17b8e929 code=0x7ffc0000 [ 943.185953][ T28] audit: type=1326 audit(1752132117.507:505): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15071 comm="syz.3.2451" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a17b8e929 code=0x7ffc0000 [ 943.287173][ T28] audit: type=1326 audit(1752132118.047:506): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15071 comm="syz.3.2451" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f6a17b8e929 code=0x7ffc0000 [ 943.369862][ T28] audit: type=1326 audit(1752132118.047:507): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15071 comm="syz.3.2451" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a17b8e929 code=0x7ffc0000 [ 943.470013][ T28] audit: type=1326 audit(1752132118.047:508): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15071 comm="syz.3.2451" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a17b8e929 code=0x7ffc0000 [ 943.536237][ T28] audit: type=1326 audit(1752132118.047:509): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15071 comm="syz.3.2451" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f6a17b8d290 code=0x7ffc0000 [ 943.559368][ T28] audit: type=1326 audit(1752132118.047:510): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15071 comm="syz.3.2451" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f6a17b8d290 code=0x7ffc0000 [ 943.582953][ T28] audit: type=1326 audit(1752132118.047:511): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15071 comm="syz.3.2451" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a17b8e929 code=0x7ffc0000 [ 943.808839][ T28] audit: type=1326 audit(1752132118.047:512): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15071 comm="syz.3.2451" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a17b8e929 code=0x7ffc0000 [ 944.228248][ T28] audit: type=1326 audit(1752132118.057:513): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15071 comm="syz.3.2451" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6a17b8e929 code=0x7ffc0000 [ 944.498945][T15092] program syz.0.2457 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 952.359107][T15166] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2477'. [ 955.341224][T15190] loop0: detected capacity change from 0 to 512 [ 955.524218][T15190] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #13: comm syz.0.2482: invalid indirect mapped block 10 (level 1) [ 955.552155][T15190] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #13: comm syz.0.2482: invalid indirect mapped block 8 (level 1) [ 955.574619][T15190] EXT4-fs (loop0): 1 truncate cleaned up [ 955.586001][T15190] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 957.579211][ T5787] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 963.900753][T15251] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 964.228673][T15259] RDS: rds_bind could not find a transport for fe80::1a, load rds_tcp or rds_rdma? [ 964.296128][T15260] macsec0: entered promiscuous mode [ 964.301666][T15260] macsec0: entered allmulticast mode [ 964.307253][T15260] veth1_macvtap: entered allmulticast mode [ 966.326010][T15280] loop0: detected capacity change from 0 to 512 [ 966.333005][T15280] EXT4-fs: Ignoring removed mblk_io_submit option [ 966.342457][T15280] EXT4-fs (loop0): orphan cleanup on readonly fs [ 966.349038][T15280] EXT4-fs error (device loop0): ext4_orphan_get:1399: comm syz.0.2507: inode #13: comm syz.0.2507: iget: illegal inode # [ 966.362327][T15280] EXT4-fs error (device loop0): ext4_orphan_get:1404: comm syz.0.2507: couldn't read orphan inode 13 (err -117) [ 966.379410][T15280] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 966.436880][T15284] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma? [ 967.354171][T15287] netlink: 'syz.0.2507': attribute type 10 has an invalid length. [ 967.362270][T15287] hsr0: left promiscuous mode [ 967.368589][T15287] hsr0: A HSR master's MTU cannot be greater than the smallest MTU of its slaves minus the HSR Tag length (6 octets). [ 968.543181][T15296] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2509'. [ 968.545516][ T5787] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 973.226115][T15335] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2517'. [ 973.515684][T15348] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2520'. [ 973.540569][T15348] macvtap1: entered promiscuous mode [ 973.550084][T15348] team0: entered promiscuous mode [ 973.555816][T15348] macvtap1: entered allmulticast mode [ 973.562821][T15348] team0: entered allmulticast mode [ 973.568703][T15348] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 973.622736][T15348] team0: left allmulticast mode [ 973.627656][T15348] team0: left promiscuous mode [ 974.021180][T15351] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2521'. [ 984.588979][T15426] Bluetooth: MGMT ver 1.22 [ 984.654680][T15426] loop0: detected capacity change from 0 to 1024 [ 984.679170][T15426] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 984.768169][T15426] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 984.777917][T15426] EXT4-fs (loop0): orphan cleanup on readonly fs [ 984.823993][T15426] EXT4-fs error (device loop0): ext4_validate_block_bitmap:439: comm syz.0.2541: bg 0: block 10: padding at end of block bitmap is not set [ 984.853222][T15426] __quota_error: 11 callbacks suppressed [ 984.853258][T15426] Quota error (device loop0): write_blk: dquota write failed [ 984.866775][T15426] Quota error (device loop0): find_free_dqentry: Can't write quota data block 3 [ 984.876749][T15426] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 984.887212][T15426] EXT4-fs error (device loop0): ext4_acquire_dquot:6938: comm syz.0.2541: Failed to acquire dquot type 0 [ 984.916074][T15426] Quota error (device loop0): write_blk: dquota write failed [ 984.923775][T15426] Quota error (device loop0): find_free_dqentry: Can't write quota data block 3 [ 984.934319][T15426] Quota error (device loop0): qtree_write_dquot: Error -28 occurred while creating quota [ 984.944869][T15426] EXT4-fs error (device loop0): ext4_acquire_dquot:6938: comm syz.0.2541: Failed to acquire dquot type 0 [ 984.967531][T15426] EXT4-fs error (device loop0): ext4_free_blocks:6681: comm syz.0.2541: Freeing blocks not in datazone - block = 0, count = 4096 [ 985.028175][T15426] Quota error (device loop0): write_blk: dquota write failed [ 985.036354][T15426] Quota error (device loop0): find_free_dqentry: Can't write quota data block 3 [ 985.046676][T15426] Quota error (device loop0): qtree_write_dquot: Error -28 occurred while creating quota [ 985.058418][T15426] EXT4-fs error (device loop0): ext4_acquire_dquot:6938: comm syz.0.2541: Failed to acquire dquot type 0 [ 985.101929][T15426] EXT4-fs (loop0): 1 orphan inode deleted [ 987.353448][T15426] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 989.745696][T15441] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2546'. [ 989.777206][ T5787] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 989.778025][T15441] macvtap1: entered promiscuous mode [ 989.794338][T15441] team0: entered promiscuous mode [ 989.805476][T15441] macvtap1: entered allmulticast mode [ 989.812355][T15441] team0: entered allmulticast mode [ 989.830285][T15441] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 989.938460][T15449] loop0: detected capacity change from 0 to 2048 [ 989.954053][T15449] EXT4-fs (loop0): stripe (3) is not aligned with cluster size (16), stripe is disabled [ 990.000191][T15446] team0: left allmulticast mode [ 990.033840][T15449] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 990.058112][T15446] team0: left promiscuous mode [ 990.079455][T15449] ext4 filesystem being mounted at /596/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 993.002306][ T5787] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 993.331408][ T1281] ieee802154 phy0 wpan0: encryption failed: -22 [ 993.442827][ T1281] ieee802154 phy1 wpan1: encryption failed: -22 [ 995.787479][T15494] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2560'. [ 995.807557][T15494] macvtap1: entered promiscuous mode [ 995.814311][T15494] team0: entered promiscuous mode [ 995.827164][T15494] macvtap1: entered allmulticast mode [ 995.837746][T15494] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 995.854975][T15496] team0: left promiscuous mode [ 1001.015535][T15528] overlayfs: failed to clone lowerpath [ 1001.075049][T15529] overlayfs: failed to clone upperpath [ 1002.202811][T15538] UBIFS error (pid: 15538): cannot open "(null)", error -22 [ 1004.776659][ T28] audit: type=1326 audit(1752132179.607:525): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15544 comm="syz.1.2583" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc33e18e929 code=0x0 [ 1005.176142][T15571] loop0: detected capacity change from 0 to 1764 [ 1005.294464][T15571] iso9660: Corrupted directory entry in block 0 of inode 1792 [ 1005.577253][T15584] netlink: 'syz.2.2577': attribute type 5 has an invalid length. [ 1005.585203][T15584] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2577'. [ 1006.099227][T15579] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1006.128071][T15579] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1008.146893][T15613] tmpfs: Bad value for 'mpol' [ 1008.176024][T15614] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 1008.176024][T15614] The task syz.1.2585 (15614) triggered the difference, watch for misbehavior. [ 1009.320510][T15623] dummy0: entered promiscuous mode [ 1009.326563][T15623] vlan2: entered promiscuous mode [ 1010.086238][T15627] loop0: detected capacity change from 0 to 65 [ 1010.104462][T15627] BFS-fs: bfs_fill_super(): NOTE: filesystem loop0 was created with 512 inodes, the real maximum is 511, mounting anyway [ 1012.200308][T15648] lo speed is unknown, defaulting to 1000 [ 1012.314977][T15656] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2599'. [ 1012.399234][T15656] bridge3: port 1(veth3) entered blocking state [ 1012.407153][T15656] bridge3: port 1(veth3) entered disabled state [ 1012.415234][T15656] veth3: entered allmulticast mode [ 1012.425928][T15656] veth3: entered promiscuous mode [ 1012.484060][T15656] veth0_to_bond: left allmulticast mode [ 1012.492530][T15656] bridge3: port 2(veth0_to_bond) entered blocking state [ 1012.500095][T15656] bridge3: port 2(veth0_to_bond) entered disabled state [ 1012.507285][T15656] veth0_to_bond: entered allmulticast mode [ 1012.515158][T15656] veth0_to_bond: entered promiscuous mode [ 1012.544079][T15656] vlan2: entered allmulticast mode [ 1012.550496][T15656] bridge3: port 3(vlan2) entered blocking state [ 1012.557589][T15656] bridge3: port 3(vlan2) entered disabled state [ 1012.566360][T15656] vlan2: entered promiscuous mode [ 1012.572361][T15656] veth1: entered promiscuous mode [ 1016.535780][T15719] vlan2: entered allmulticast mode [ 1016.555965][T15719] bond0: entered allmulticast mode [ 1016.605100][T15719] bridge0: port 1(vlan2) entered blocking state [ 1016.616201][T15719] bridge0: port 1(vlan2) entered disabled state [ 1016.624719][T15719] vlan2: entered promiscuous mode [ 1018.421673][T15743] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2618'. [ 1023.573186][T15790] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2627'. [ 1023.622566][T15790] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2627'. [ 1024.249182][T15803] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2637'. [ 1025.793736][T15822] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2641'. [ 1029.298754][T15861] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2647'. [ 1030.077550][T15874] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2648'. [ 1031.187188][T15885] SET target dimension over the limit! [ 1033.069529][T15907] loop0: detected capacity change from 0 to 764 [ 1033.174413][T15914] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2659'. [ 1033.305169][T15907] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 1036.669325][T15947] loop0: detected capacity change from 0 to 4096 [ 1036.693267][T15947] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 1038.341096][T15968] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2672'. [ 1039.802973][T15987] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2682'. [ 1041.039111][T15994] workqueue: Failed to create a rescuer kthread for wq "wg-crypt-:/": -EINTR [ 1042.703701][T16021] netlink: 'syz.0.2685': attribute type 2 has an invalid length. [ 1048.463041][T16046] dummy0: entered promiscuous mode [ 1048.468473][T16046] vlan3: entered promiscuous mode [ 1049.484153][T16056] xt_NFQUEUE: number of queues (65532) out of range (got 66665) [ 1053.397578][T16099] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2704'. [ 1055.803657][ T1281] ieee802154 phy0 wpan0: encryption failed: -22 [ 1056.739986][ T1281] ieee802154 phy1 wpan1: encryption failed: -22 [ 1059.599010][T16134] loop0: detected capacity change from 0 to 128 [ 1066.161666][T16182] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2729'. [ 1067.263308][T16189] bridge4: trying to set multicast query interval below minimum, setting to 100 (1000ms) [ 1067.718907][T16177] vlan2: entered allmulticast mode [ 1067.742128][T16177] bond0: entered allmulticast mode [ 1067.754560][T16177] bridge0: port 1(vlan2) entered blocking state [ 1067.788888][T16177] bridge0: port 1(vlan2) entered disabled state [ 1074.295848][T16239] syz.1.2740: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz1,mems_allowed=0-1 [ 1074.312719][T16239] CPU: 1 PID: 16239 Comm: syz.1.2740 Not tainted 6.6.96-syzkaller #0 [ 1074.320822][T16239] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1074.331000][T16239] Call Trace: [ 1074.334302][T16239] [ 1074.337255][T16239] dump_stack_lvl+0x16c/0x230 [ 1074.341988][T16239] ? show_regs_print_info+0x20/0x20 [ 1074.347222][T16239] ? load_image+0x3b0/0x3b0 [ 1074.351765][T16239] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 1074.358293][T16239] ? cpuset_print_current_mems_allowed+0x2e3/0x360 [ 1074.364823][T16239] warn_alloc+0x210/0x300 [ 1074.369265][T16239] ? stack_trace_save+0x9c/0xe0 [ 1074.374145][T16239] ? zone_watermark_ok_safe+0x230/0x230 [ 1074.379698][T16239] ? kasan_set_track+0x5f/0x70 [ 1074.384461][T16239] ? kasan_set_track+0x4e/0x70 [ 1074.389229][T16239] ? __kasan_kmalloc+0x8f/0xa0 [ 1074.394085][T16239] ? xsk_init_queue+0xb0/0x110 [ 1074.398854][T16239] ? xsk_setsockopt+0x43c/0x6f0 [ 1074.403698][T16239] ? do_sock_setsockopt+0x254/0x3e0 [ 1074.409001][T16239] ? __x64_sys_setsockopt+0x1be/0x250 [ 1074.414403][T16239] __vmalloc_node_range+0x126/0x1320 [ 1074.419733][T16239] ? free_vm_area+0x50/0x50 [ 1074.424255][T16239] vmalloc_user+0x74/0x80 [ 1074.429118][T16239] ? xskq_create+0xbf/0x170 [ 1074.433618][T16239] xskq_create+0xbf/0x170 [ 1074.437972][T16239] xsk_init_queue+0xb0/0x110 [ 1074.442557][T16239] xsk_setsockopt+0x43c/0x6f0 [ 1074.447238][T16239] ? xsk_poll+0x670/0x670 [ 1074.451564][T16239] ? aa_sock_opt_perm+0x74/0x100 [ 1074.456498][T16239] ? bpf_lsm_socket_setsockopt+0x9/0x10 [ 1074.462055][T16239] ? security_socket_setsockopt+0x7e/0xa0 [ 1074.467771][T16239] ? xsk_poll+0x670/0x670 [ 1074.472107][T16239] do_sock_setsockopt+0x254/0x3e0 [ 1074.477140][T16239] ? __ia32_sys_recv+0xb0/0xb0 [ 1074.481938][T16239] ? __fdget+0x180/0x210 [ 1074.486207][T16239] __x64_sys_setsockopt+0x1be/0x250 [ 1074.491479][T16239] do_syscall_64+0x55/0xb0 [ 1074.495909][T16239] ? clear_bhb_loop+0x40/0x90 [ 1074.500594][T16239] ? clear_bhb_loop+0x40/0x90 [ 1074.505356][T16239] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1074.511246][T16239] RIP: 0033:0x7fc33e18e929 [ 1074.515668][T16239] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1074.535288][T16239] RSP: 002b:00007fc33dfde038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 1074.543903][T16239] RAX: ffffffffffffffda RBX: 00007fc33e3b6160 RCX: 00007fc33e18e929 [ 1074.551881][T16239] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000008 [ 1074.560084][T16239] RBP: 00007fc33e210b39 R08: 0000000000000052 R09: 0000000000000000 [ 1074.568064][T16239] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1074.576063][T16239] R13: 0000000000000000 R14: 00007fc33e3b6160 R15: 00007ffd5387d8d8 [ 1074.584051][T16239] [ 1074.627797][T16244] netlink: 'syz.2.2743': attribute type 2 has an invalid length. [ 1074.649547][T16239] Mem-Info: [ 1074.654053][T16239] active_anon:53867 inactive_anon:0 isolated_anon:0 [ 1074.654053][T16239] active_file:17668 inactive_file:40608 isolated_file:0 [ 1074.654053][T16239] unevictable:0 dirty:266 writeback:0 [ 1074.654053][T16239] slab_reclaimable:11323 slab_unreclaimable:95522 [ 1074.654053][T16239] mapped:25491 shmem:48933 pagetables:716 [ 1074.654053][T16239] sec_pagetables:0 bounce:0 [ 1074.654053][T16239] kernel_misc_reclaimable:0 [ 1074.654053][T16239] free:1285291 free_pcp:11457 free_cma:0 [ 1075.885997][T16239] Node 0 active_anon:225416kB inactive_anon:0kB active_file:70672kB inactive_file:162244kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:113700kB dirty:1128kB writeback:0kB shmem:205960kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11472kB pagetables:2760kB sec_pagetables:0kB all_unreclaimable? no [ 1076.639001][T16239] Node 1 active_anon:1536kB inactive_anon:0kB active_file:0kB inactive_file:196kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 1076.816437][T16239] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1076.853446][T16239] lowmem_reserve[]: 0 2525 2526 2526 2526 [ 1076.861295][T16239] Node 0 DMA32 free:1216032kB boost:0kB min:34676kB low:43344kB high:52012kB reserved_highatomic:0KB active_anon:225604kB inactive_anon:0kB active_file:70672kB inactive_file:160924kB unevictable:0kB writepending:1132kB present:3129332kB managed:2589596kB mlocked:0kB bounce:0kB free_pcp:23440kB local_pcp:19104kB free_cma:0kB [ 1077.295411][T16239] lowmem_reserve[]: 0 0 1 1 1 [ 1077.305186][T16239] Node 0 Normal free:16kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1320kB unevictable:0kB writepending:0kB present:1048576kB managed:1384kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1077.338939][T16239] lowmem_reserve[]: 0 0 0 0 0 [ 1077.346261][T16239] Node 1 Normal free:3908368kB boost:0kB min:55208kB low:69008kB high:82808kB reserved_highatomic:0KB active_anon:1536kB inactive_anon:0kB active_file:0kB inactive_file:196kB unevictable:0kB writepending:0kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:11168kB local_pcp:4448kB free_cma:0kB [ 1077.383736][T16239] lowmem_reserve[]: 0 0 0 0 0 [ 1077.388515][T16239] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 1077.404845][T16239] Node 0 DMA32: 870*4kB (UME) 279*8kB (UME) 13*16kB (UME) 472*32kB (UME) 126*64kB (UME) 59*128kB (UM) 25*256kB (UME) 21*512kB (UME) 11*1024kB (UM) 4*2048kB (ME) 278*4096kB (UM) = 1211936kB [ 1077.437651][T16239] Node 0 Normal: 0*4kB 0*8kB 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 1077.461389][T16239] Node 1 Normal: 216*4kB (UME) 48*8kB (UME) 37*16kB (UME) 191*32kB (UME) 60*64kB (UME) 8*128kB (UE) 1*256kB (U) 2*512kB (ME) 1*1024kB (E) 1*2048kB (E) 950*4096kB (M) = 3908368kB [ 1077.489160][T16239] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1077.504754][T16239] Node 0 hugepages_total=4 hugepages_free=3 hugepages_surp=0 hugepages_size=2048kB [ 1077.515210][T16239] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1077.532346][T16239] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1077.542191][T16239] 107636 total pagecache pages [ 1077.547093][T16239] 0 pages in swap cache [ 1077.551697][T16239] Free swap = 124296kB [ 1077.555911][T16239] Total swap = 124996kB [ 1077.561599][T16239] 2097051 pages RAM [ 1077.575935][T16239] 0 pages HighMem/MovableOnly [ 1077.581564][T16239] 416138 pages reserved [ 1077.585836][T16239] 0 pages cma reserved [ 1077.721204][T16269] vlan4: entered allmulticast mode [ 1077.726473][T16269] bond0: entered allmulticast mode [ 1078.851345][T16280] netlink: 'syz.1.2754': attribute type 2 has an invalid length. [ 1089.458457][T16380] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1089.502348][T16386] netlink: 'syz.0.2780': attribute type 1 has an invalid length. [ 1089.865683][T16388] bond3: (slave ip6gretap1): Enslaving as a backup interface with an up link [ 1091.164877][T16386] veth3: entered promiscuous mode [ 1091.196486][T16386] bond3: (slave veth3): Enslaving as a backup interface with a down link [ 1094.353585][T16413] Bluetooth: hci3: command 0x0405 tx timeout [ 1098.763101][T16413] Bluetooth: hci3: unexpected cc 0x2039 length: 9 > 1 [ 1098.776372][T16413] Bluetooth: hci3: unexpected event for opcode 0x2039 [ 1099.427028][ T28] audit: type=1326 audit(1752132274.327:526): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16477 comm="syz.1.2804" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc33e18e929 code=0x0 [ 1100.341378][T16490] gretap0: left promiscuous mode [ 1100.441129][T16490] team0: left allmulticast mode [ 1100.472935][T16490] dummy0: left allmulticast mode [ 1100.504377][T16490] nlmon0: left allmulticast mode [ 1100.534717][T16490] caif0: left allmulticast mode [ 1100.577933][T16490] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1102.515595][T16500] loop0: detected capacity change from 0 to 16 [ 1102.558815][T16500] erofs: (device loop0): erofs_read_inode: unsupported i_format 128 of nid 36 [ 1102.707809][T16504] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2811'. [ 1102.839990][T16413] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 1102.850791][T16413] Bluetooth: hci3: Injecting HCI hardware error event [ 1102.861183][T16413] Bluetooth: hci3: hardware error 0x00 [ 1103.131757][T16515] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(9) [ 1103.138346][T16515] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 1103.750211][T16515] vhci_hcd vhci_hcd.0: Device attached [ 1103.769243][T16515] vhci_hcd vhci_hcd.0: pdev(0) rhport(1) sockfd(11) [ 1103.775869][T16515] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 1103.784218][T16515] vhci_hcd vhci_hcd.0: Device attached [ 1103.803962][T16515] vhci_hcd vhci_hcd.0: pdev(0) rhport(2) sockfd(13) [ 1103.810614][T16515] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 1103.863271][T16515] vhci_hcd vhci_hcd.0: Device attached [ 1103.872951][T16525] vhci_hcd vhci_hcd.0: pdev(0) rhport(3) sockfd(16) [ 1103.879595][T16525] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 1103.900173][T16525] vhci_hcd vhci_hcd.0: Device attached [ 1103.960047][ T5858] vhci_hcd: vhci_device speed not set [ 1104.019239][ T28] audit: type=1326 audit(1752132278.847:527): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16510 comm="syz.3.2822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a17b8e929 code=0x7ffc0000 [ 1104.161202][ T5858] usb 33-1: new full-speed USB device number 3 using vhci_hcd [ 1104.294965][T16515] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 1104.438396][T16525] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(19) [ 1104.445050][T16525] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 1104.457602][ T28] audit: type=1326 audit(1752132278.847:528): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16510 comm="syz.3.2822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a17b8e929 code=0x7ffc0000 [ 1104.458241][T16525] vhci_hcd vhci_hcd.0: Device attached [ 1104.512278][T16532] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 1104.543170][ T28] audit: type=1326 audit(1752132278.857:529): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16510 comm="syz.3.2822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f6a17b8e929 code=0x7ffc0000 [ 1104.571394][ T28] audit: type=1326 audit(1752132278.857:530): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16510 comm="syz.3.2822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a17b8e929 code=0x7ffc0000 [ 1104.595227][ T28] audit: type=1326 audit(1752132278.867:531): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16510 comm="syz.3.2822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a17b8e929 code=0x7ffc0000 [ 1104.620808][ T28] audit: type=1326 audit(1752132278.977:532): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16510 comm="syz.3.2822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f6a17b8e929 code=0x7ffc0000 [ 1104.646839][ T28] audit: type=1326 audit(1752132278.997:533): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16510 comm="syz.3.2822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a17b8e929 code=0x7ffc0000 [ 1104.670320][ T28] audit: type=1326 audit(1752132279.077:534): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16510 comm="syz.3.2822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a17b8e929 code=0x7ffc0000 [ 1104.715271][ T28] audit: type=1326 audit(1752132279.167:535): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16510 comm="syz.3.2822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=285 compat=0 ip=0x7f6a17b8e929 code=0x7ffc0000 [ 1104.739134][ T28] audit: type=1326 audit(1752132279.277:536): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16510 comm="syz.3.2822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=96 compat=0 ip=0xffffffffff600000 code=0x7ffc0000 [ 1104.802288][ T28] audit: type=1326 audit(1752132279.337:537): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16510 comm="syz.3.2822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6a17b8e929 code=0x7ffc0000 [ 1104.825611][T16515] vhci_hcd vhci_hcd.0: pdev(0) rhport(6) sockfd(21) [ 1104.832347][T16515] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 1104.850284][T16515] vhci_hcd vhci_hcd.0: Device attached [ 1104.864868][T16539] syz.3.2816[16539] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1104.865073][T16539] syz.3.2816[16539] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1104.882080][T16537] veth0_to_hsr: entered allmulticast mode [ 1104.913595][T16535] vhci_hcd: connection closed [ 1104.914955][ T7975] vhci_hcd: stop threads [ 1104.920390][T16413] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 1104.924132][ T7975] vhci_hcd: release socket [ 1104.939783][T16526] vhci_hcd: connection closed [ 1104.940449][T16530] vhci_hcd: connection closed [ 1104.946950][T16521] vhci_hcd: connection closed [ 1104.953291][T16516] vhci_hcd: connection reset by peer [ 1104.986097][T16519] vhci_hcd: connection closed [ 1105.005793][ T7975] vhci_hcd: disconnect device [ 1105.024432][T16534] veth0_to_hsr: left allmulticast mode [ 1105.031707][ T7975] vhci_hcd: stop threads [ 1105.036173][ T7975] vhci_hcd: release socket [ 1105.051623][ T7975] vhci_hcd: disconnect device [ 1105.070299][ T7975] vhci_hcd: stop threads [ 1105.074750][ T7975] vhci_hcd: release socket [ 1105.086228][ T7975] vhci_hcd: disconnect device [ 1105.110941][ T7975] vhci_hcd: stop threads [ 1105.136612][ T7975] vhci_hcd: release socket [ 1105.143908][ T7975] vhci_hcd: disconnect device [ 1105.196191][ T7975] vhci_hcd: stop threads [ 1105.240180][ T7975] vhci_hcd: release socket [ 1105.549146][ T7975] vhci_hcd: disconnect device [ 1105.554678][ T7975] vhci_hcd: stop threads [ 1105.560871][ T7975] vhci_hcd: release socket [ 1105.601968][ T7975] vhci_hcd: disconnect device [ 1108.943314][T16581] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1109.996178][T16571] loop0: detected capacity change from 0 to 40427 [ 1109.999798][ T5858] vhci_hcd: vhci_device speed not set [ 1110.061113][T16571] F2FS-fs (loop0): invalid crc value [ 1110.219556][T16571] F2FS-fs (loop0): Found nat_bits in checkpoint [ 1112.688355][T16611] netlink: set zone limit has 8 unknown bytes [ 1112.832578][T16613] loop0: detected capacity change from 0 to 64 [ 1112.951846][T16611] lo speed is unknown, defaulting to 1000 [ 1113.758119][T16620] lo speed is unknown, defaulting to 1000 [ 1114.049478][T16045] usb usb34-port1: attempt power cycle [ 1114.873122][T16633] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1114.886797][T16633] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1114.911507][ T787] lo speed is unknown, defaulting to 1000 [ 1115.220884][T16045] usb usb34-port1: unable to enumerate USB device [ 1116.241156][ T1281] ieee802154 phy1 wpan1: encryption failed: -22 [ 1117.512211][T16667] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2848'. [ 1117.522268][T16667] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 1117.928859][ T28] kauditd_printk_skb: 1 callbacks suppressed [ 1117.928874][ T28] audit: type=1326 audit(1752132292.797:539): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16668 comm="syz.2.2849" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3339f8e929 code=0x7ffc0000 [ 1117.964254][ T28] audit: type=1326 audit(1752132292.797:540): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16668 comm="syz.2.2849" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3339f8e929 code=0x7ffc0000 [ 1117.990204][ T28] audit: type=1326 audit(1752132292.807:541): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16668 comm="syz.2.2849" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f3339f8e929 code=0x7ffc0000 [ 1118.017320][ T28] audit: type=1326 audit(1752132292.807:542): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16668 comm="syz.2.2849" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3339f8e929 code=0x7ffc0000 [ 1118.783267][ T28] audit: type=1326 audit(1752132292.807:543): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16668 comm="syz.2.2849" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f3339f8e929 code=0x7ffc0000 [ 1119.763708][ T28] audit: type=1326 audit(1752132292.807:544): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16668 comm="syz.2.2849" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3339f8e929 code=0x7ffc0000 [ 1119.789873][ T28] audit: type=1326 audit(1752132292.807:545): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16668 comm="syz.2.2849" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3339f8e929 code=0x7ffc0000 [ 1119.819427][ T28] audit: type=1326 audit(1752132292.807:546): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16668 comm="syz.2.2849" exe="/root/syz-executor" sig=0 arch=c000003e syscall=285 compat=0 ip=0x7f3339f8e929 code=0x7ffc0000 [ 1120.128951][ T28] audit: type=1326 audit(1752132292.807:547): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16668 comm="syz.2.2849" exe="/root/syz-executor" sig=0 arch=c000003e syscall=96 compat=0 ip=0xffffffffff600000 code=0x7ffc0000 [ 1120.171623][ T28] audit: type=1326 audit(1752132292.807:548): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16668 comm="syz.2.2849" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3339f8e929 code=0x7ffc0000 [ 1120.223307][T16700] netlink: 'syz.2.2859': attribute type 1 has an invalid length. [ 1120.456145][T16704] bond5: (slave ip6gretap1): Enslaving as a backup interface with an up link [ 1121.746935][T16700] veth7: entered promiscuous mode [ 1121.756838][T16700] bond5: (slave veth7): Enslaving as a backup interface with a down link [ 1121.825184][T16715] loop0: detected capacity change from 0 to 1024 [ 1121.848531][T16715] EXT4-fs: Ignoring removed orlov option [ 1121.888209][T16715] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1123.316104][ T5787] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1125.560257][T16753] loop0: detected capacity change from 0 to 764 [ 1125.587033][T16753] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 1132.548366][T16821] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2889'. [ 1132.564315][T16821] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 1136.872393][T16849] netlink: 'syz.2.2896': attribute type 1 has an invalid length. [ 1136.907542][T16849] 8021q: adding VLAN 0 to HW filter on device bond6 [ 1137.044611][T16849] 8021q: adding VLAN 0 to HW filter on device bond6 [ 1137.667380][T16849] bond6: (slave vxcan3): The slave device specified does not support setting the MAC address [ 1137.667486][T16856] loop0: detected capacity change from 0 to 764 [ 1137.812703][T16849] bond6: (slave vxcan3): Error -95 calling set_mac_address [ 1137.829543][T16856] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 1138.171917][T16858] macvlan3: entered promiscuous mode [ 1138.177284][T16858] macvlan3: entered allmulticast mode [ 1138.190616][T16858] bond6: entered promiscuous mode [ 1138.197915][T16858] 8021q: adding VLAN 0 to HW filter on device macvlan3 [ 1138.215475][T16858] bond6: left promiscuous mode [ 1140.397471][T16884] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 1140.754331][T16889] loop0: detected capacity change from 0 to 128 [ 1150.907619][T16899] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1155.340036][T16936] binfmt_misc: register: failed to install interpreter file ./file0 [ 1157.257177][T16950] bridge4: trying to set multicast query interval below minimum, setting to 100 (1000ms) [ 1159.617237][ T7986] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1161.355912][T10846] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1161.368387][T10846] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1161.381527][T10846] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1161.393104][T10846] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1161.401514][T10846] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 1161.410892][T10846] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1161.742310][ T7986] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1162.878326][T16966] lo speed is unknown, defaulting to 1000 [ 1162.909185][ T7986] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1163.426289][T16984] tc_dump_action: action bad kind [ 1163.479868][T16413] Bluetooth: hci2: command tx timeout [ 1163.961252][T16995] loop0: detected capacity change from 0 to 764 [ 1164.165965][T16995] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 1164.215018][ T7986] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1164.619526][T16966] chnl_net:caif_netlink_parms(): no params data found [ 1165.368547][T16966] bridge0: port 1(bridge_slave_0) entered blocking state [ 1165.376347][T16966] bridge0: port 1(bridge_slave_0) entered disabled state [ 1165.384827][T16966] bridge_slave_0: entered allmulticast mode [ 1165.406410][T16966] bridge_slave_0: entered promiscuous mode [ 1165.448118][T16966] bridge0: port 2(bridge_slave_1) entered blocking state [ 1165.465880][T16966] bridge0: port 2(bridge_slave_1) entered disabled state [ 1165.488130][T16966] bridge_slave_1: entered allmulticast mode [ 1165.516210][T16966] bridge_slave_1: entered promiscuous mode [ 1165.562872][T16966] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1165.569430][T16413] Bluetooth: hci2: command tx timeout [ 1165.588149][ T7986] tipc: Disabling bearer [ 1165.625733][ T7986] tipc: Left network mode [ 1165.632880][T16966] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1167.216011][T17021] loop0: detected capacity change from 0 to 128 [ 1167.246089][T17016] bridge4: trying to set multicast query interval below minimum, setting to 100 (1000ms) [ 1167.651828][T16413] Bluetooth: hci2: command tx timeout [ 1168.167229][T16966] team0: Port device team_slave_0 added [ 1169.729905][T16413] Bluetooth: hci2: command tx timeout [ 1169.863155][T16966] team0: Port device team_slave_1 added [ 1170.205549][T16966] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1170.230021][T16966] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1170.310864][T16966] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1171.579242][T17055] netlink: 'syz.2.2936': attribute type 3 has an invalid length. [ 1171.721720][T17058] loop0: detected capacity change from 0 to 64 [ 1174.419484][T16966] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1174.448113][T16966] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1174.475322][T16966] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1175.305695][T17068] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma? [ 1176.550401][T16966] hsr_slave_0: entered promiscuous mode [ 1176.559066][T16966] hsr_slave_1: entered promiscuous mode [ 1176.567930][T16966] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1176.577968][T16966] Cannot create hsr debugfs directory [ 1177.770237][ T1281] ieee802154 phy1 wpan1: encryption failed: -22 [ 1177.863399][T17083] netlink: 'syz.0.2953': attribute type 1 has an invalid length. [ 1178.144449][T17083] 8021q: adding VLAN 0 to HW filter on device bond4 [ 1178.412363][T17083] veth5: entered promiscuous mode [ 1178.426220][T17083] bond4: (slave veth5): Enslaving as a backup interface with a down link [ 1180.874284][T17114] loop0: detected capacity change from 0 to 1024 [ 1181.548288][ T7986] bridge0: port 1(vlan2) entered disabled state [ 1181.877860][ T7986] hsr_slave_0: left promiscuous mode [ 1181.886254][ T7986] hsr_slave_1: left promiscuous mode [ 1181.968502][ T7986] veth1_macvtap: left allmulticast mode [ 1181.982687][ T7986] veth1_macvtap: left promiscuous mode [ 1181.989470][ T7986] veth0_macvtap: left promiscuous mode [ 1181.995245][ T7986] veth1_vlan: left promiscuous mode [ 1182.060178][ T7986] veth0_vlan: left promiscuous mode [ 1183.291930][ T7986] bond3 (unregistering): Released all slaves [ 1184.928734][ T7986] bond2 (unregistering): Released all slaves [ 1185.284362][ T7986] bond1 (unregistering): Released all slaves [ 1187.209473][T17154] loop0: detected capacity change from 0 to 128 [ 1187.520469][ T7986] bond0 (unregistering): Released all slaves [ 1188.011259][T16966] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1188.053798][T17120] netlink: 'syz.2.2949': attribute type 10 has an invalid length. [ 1188.092462][T17145] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1188.129518][T16966] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1188.172779][T16966] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1188.227869][T16966] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1189.858573][T17183] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1189.915319][T16966] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1190.042231][ T7986] IPVS: stop unused estimator thread 0... [ 1190.642323][T16966] 8021q: adding VLAN 0 to HW filter on device team0 [ 1190.795102][ T48] bridge0: port 1(bridge_slave_0) entered blocking state [ 1190.802341][ T48] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1190.912674][ T48] bridge0: port 2(bridge_slave_1) entered blocking state [ 1190.919894][ T48] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1191.087807][T16966] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1191.505633][T16966] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1194.039993][T16966] veth0_vlan: entered promiscuous mode [ 1194.067360][T16966] veth1_vlan: entered promiscuous mode [ 1194.148394][T16966] veth0_macvtap: entered promiscuous mode [ 1194.171314][T16966] veth1_macvtap: entered promiscuous mode [ 1194.224541][T16966] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1194.264599][T16966] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1194.289410][T16966] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1194.312095][T16966] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1194.331332][T16966] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1194.349893][T16966] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1194.541789][ T3429] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1194.572964][ T3429] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1194.635460][ T3429] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1194.655211][ T3429] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1195.032595][T17263] xt_ecn: cannot match TCP bits for non-tcp packets [ 1195.115091][T17264] xt_socket: unknown flags 0x50 [ 1195.132900][T17264] overlayfs: missing 'lowerdir' [ 1195.893314][T17273] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1196.858071][T17283] loop0: detected capacity change from 0 to 1024 [ 1196.904869][T17283] EXT4-fs: Ignoring removed nobh option [ 1196.955330][T17283] EXT4-fs: Ignoring removed bh option [ 1197.045654][T17283] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1198.335733][ T5787] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1199.693802][T17334] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1201.220261][T17352] loop4: detected capacity change from 0 to 512 [ 1201.732717][T17352] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 1201.792564][T17352] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a002c119, mo2=0002] [ 1201.803521][T17352] System zones: 1-12 [ 1201.818858][T17352] EXT4-fs (loop4): 1 truncate cleaned up [ 1201.826159][T17352] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1202.610126][T16966] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1204.793453][T17398] fuse: Bad value for 'fd' [ 1204.988457][T17404] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1205.298234][T17411] overlayfs: failed to clone upperpath [ 1208.221871][T17432] netlink: 'syz.0.3004': attribute type 6 has an invalid length. [ 1212.196358][T17437] fuse: Unknown parameter 'grou00000000000000000000' [ 1212.468963][T17444] netlink: 'syz.0.3010': attribute type 1 has an invalid length. [ 1213.312926][T17449] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3010'. [ 1213.371045][T17449] 8021q: adding VLAN 0 to HW filter on device bond5 [ 1220.375534][T17529] loop4: detected capacity change from 0 to 256 [ 1220.952363][T17529] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0xda2184db, utbl_chksum : 0xe619d30d) [ 1222.129754][T17563] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1222.138540][T17563] overlayfs: missing 'lowerdir' [ 1229.141447][T17618] loop4: detected capacity change from 0 to 512 [ 1229.150055][T17618] journal_path: Lookup failure for './file0' [ 1229.156190][T17618] EXT4-fs: error: could not find journal device path [ 1230.390209][T17619] tipc: Failed to remove unknown binding: 66,1,1/0:1470740470/1470740472 [ 1230.399794][T17619] tipc: Failed to remove unknown binding: 66,1,1/0:1470740470/1470740472 [ 1231.518454][T17604] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1233.225174][T17637] overlayfs: failed to clone upperpath [ 1235.673367][T17660] Option 'TXƮ' to dns_resolver key: bad/missing value [ 1237.779718][T17673] random: crng reseeded on system resumption [ 1237.939239][T17675] batman_adv: batadv0: Adding interface: ip6gretap1 [ 1237.946144][T17675] batman_adv: batadv0: The MTU of interface ip6gretap1 is too small (1434) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1237.972244][T17675] batman_adv: batadv0: Not using interface ip6gretap1 (retrying later): interface not active [ 1239.084684][ T1281] ieee802154 phy1 wpan1: encryption failed: -22 [ 1239.937383][T17688] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1240.128933][T17693] loop4: detected capacity change from 0 to 64 [ 1251.399696][T17743] xt_AUDIT: Audit type out of range (valid range: 0..2) [ 1252.327461][T17764] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1253.060126][T17758] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1254.752776][T17784] IPVS: sync thread started: state = MASTER, mcast_ifn = geneve0, syncid = 10802, id = 0 [ 1255.699835][T17777] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1255.799960][T16045] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 1256.011455][T16045] usb 5-1: too many configurations: 9, using maximum allowed: 8 [ 1256.041321][T16045] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1256.069679][T16045] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1256.098718][T16045] usb 5-1: config 0 interface 0 has no altsetting 0 [ 1256.148674][T16045] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1256.179466][T16045] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1256.234186][T17810] loop0: detected capacity change from 0 to 2048 [ 1256.237400][T16045] usb 5-1: config 0 interface 0 has no altsetting 0 [ 1256.259822][T16045] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1256.305935][T16045] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1256.418969][T16045] usb 5-1: config 0 interface 0 has no altsetting 0 [ 1256.608938][T16045] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1256.647977][T17810] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1256.895187][T16045] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1256.907015][T16045] usb 5-1: config 0 interface 0 has no altsetting 0 [ 1256.927764][T16045] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1256.943950][T16045] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1257.002783][T16045] usb 5-1: config 0 interface 0 has no altsetting 0 [ 1257.034335][T17810] EXT4-fs (loop0): shut down requested (2) [ 1257.035523][T16045] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1257.128448][T17824] netlink: 'syz.1.3077': attribute type 6 has an invalid length. [ 1257.178833][T16045] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1257.189977][T17822] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3073'. [ 1257.190102][T17822] netlink: zone id is out of range [ 1257.190123][T17822] netlink: del zone limit has 4 unknown bytes [ 1257.302518][T16045] usb 5-1: config 0 interface 0 has no altsetting 0 [ 1257.325040][T16045] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1257.337136][T16045] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1257.351028][T16045] usb 5-1: config 0 interface 0 has no altsetting 0 [ 1257.417375][T16045] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1257.469939][T16045] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1257.660943][T16045] usb 5-1: config 0 interface 0 has no altsetting 0 [ 1257.692725][T16045] usb 5-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 1258.469646][T16045] usb 5-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 1258.493671][T16045] usb 5-1: Product: syz [ 1258.497885][T16045] usb 5-1: Manufacturer: syz [ 1258.503993][T16045] usb 5-1: SerialNumber: syz [ 1258.513410][T16045] usb 5-1: config 0 descriptor?? [ 1258.575606][T16045] usb 5-1: can't set config #0, error -71 [ 1258.624141][T16045] usb 5-1: USB disconnect, device number 2 [ 1259.384731][T17844] loop4: detected capacity change from 0 to 256 [ 1259.422023][T17844] exFAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 1259.446620][T17844] exFAT-fs (loop4): Medium has reported failures. Some data may be lost. [ 1259.487027][ T5787] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1259.617144][T17844] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 1259.953332][T17860] Device name cannot be null; rc = [-22] [ 1260.682159][T17872] netlink: 'syz.2.3087': attribute type 10 has an invalid length. [ 1260.724034][T17872] veth0_macvtap: left promiscuous mode [ 1261.806909][T17884] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3089'. [ 1262.334598][T17877] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1262.634252][T17895] SET target dimension over the limit! [ 1265.605954][T17931] loop0: detected capacity change from 0 to 512 [ 1265.649823][T17931] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 1265.771944][T17931] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 1265.784932][T17931] ext4 filesystem being mounted at /732/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1266.050690][T17941] overlayfs: failed to resolve './file1': -2 [ 1266.866435][T17956] loop4: detected capacity change from 0 to 128 [ 1266.875111][T17956] ADFS-fs (loop4): unrecognised mount option "uid=0x00000000000000000x0000000000000000" or missing value [ 1267.040212][T17953] loop4: detected capacity change from 0 to 128 [ 1267.047859][T17953] UDF-fs: bad mount option "1844674407370955161500000000000000000107k" or missing value [ 1267.091923][T17797] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1267.106994][ T5787] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 1268.641542][T17980] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1268.652062][T17967] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1268.674375][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1269.453771][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1269.562713][T17983] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1271.453719][T18015] tipc: Enabling of bearer rejected, failed to enable media [ 1272.613458][T18025] bridge0: entered allmulticast mode [ 1273.889146][T18046] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1278.500442][T18097] team0: Device is already in use. [ 1280.763443][T18103] loop4: detected capacity change from 0 to 4096 [ 1280.813154][T17797] I/O error, dev loop4, sector 3968 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1281.710694][T18115] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3131'. [ 1282.983208][T18125] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1283.743502][T18128] loop4: detected capacity change from 0 to 4096 [ 1283.839702][T17797] I/O error, dev loop4, sector 3968 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1284.072473][T18138] lo speed is unknown, defaulting to 1000 [ 1285.624593][T18146] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1286.067389][ T7980] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1286.112176][ T7980] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1286.157250][T18148] loop0: detected capacity change from 0 to 764 [ 1286.180261][T18148] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 1287.370346][T12523] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 1287.994527][T10846] Bluetooth: hci2: command 0x0406 tx timeout [ 1288.333959][T12523] usb 1-1: config index 0 descriptor too short (expected 23569, got 27) [ 1288.344541][T12523] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1288.362452][T12523] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1288.378709][T12523] usb 1-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 1288.421159][T12523] usb 1-1: New USB device strings: Mfr=5, Product=0, SerialNumber=225 [ 1288.429493][T12523] usb 1-1: Manufacturer: syz [ 1288.434226][T12523] usb 1-1: SerialNumber: syz [ 1288.441487][T12523] usb 1-1: config 0 descriptor?? [ 1288.659429][T18177] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1289.254318][ T23] usb 1-1: USB disconnect, device number 4 [ 1290.961049][T18194] 9pnet_fd: Insufficient options for proto=fd [ 1291.160898][T18201] loop0: detected capacity change from 0 to 764 [ 1291.314600][T18201] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 1295.239265][T18238] bridge0: port 2(batadv0) entered blocking state [ 1295.446112][T18238] bridge0: port 2(batadv0) entered disabled state [ 1295.628160][T18238] batadv0: entered allmulticast mode [ 1295.952531][T18238] batadv0: entered promiscuous mode [ 1296.138495][T18242] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3159'. [ 1296.210689][ T7986] batman_adv: batadv0: IGMP Querier appeared [ 1296.217392][ T7986] batman_adv: batadv0: MLD Querier appeared [ 1298.728951][T18256] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1300.303804][T18275] loop0: detected capacity change from 0 to 764 [ 1300.380316][T18275] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 1300.525980][ T1281] ieee802154 phy1 wpan1: encryption failed: -22 [ 1305.017619][T18317] ubi31: attaching mtd0 [ 1305.026256][T18317] ubi31: scanning is finished [ 1305.031097][T18317] ubi31: empty MTD device detected [ 1305.249803][T18317] ubi31 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt31d", error -4 [ 1305.425567][T18333] loop4: detected capacity change from 0 to 764 [ 1305.598426][T18333] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 1306.207578][T18336] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1306.555705][T18346] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3177'. [ 1307.417511][T18343] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1312.447379][T18394] loop4: detected capacity change from 0 to 764 [ 1312.463420][T18391] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1312.488765][T18394] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 1312.704401][T18397] loop0: detected capacity change from 0 to 512 [ 1312.721544][T18397] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [ 1312.760138][T18397] UDF-fs: Scanning with blocksize 512 failed [ 1312.810692][T18397] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [ 1312.818667][T18397] UDF-fs: Scanning with blocksize 1024 failed [ 1312.877250][T18397] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [ 1312.904677][T18397] UDF-fs: Scanning with blocksize 2048 failed [ 1312.927303][T18397] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 1313.067209][T18397] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1313.423237][T18406] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1315.027805][T18414] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3191'. [ 1317.082325][T18427] lo speed is unknown, defaulting to 1000 [ 1321.091228][T18455] loop0: detected capacity change from 0 to 64 [ 1321.145560][T18450] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1322.241099][T18465] loop4: detected capacity change from 0 to 764 [ 1322.261341][T18465] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 1325.324284][T18495] ubi31: attaching mtd0 [ 1325.342569][T18495] ubi31: scanning is finished [ 1325.882556][T18495] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB) [ 1325.890314][T18495] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 1325.897808][T18495] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 1325.905147][T18495] ubi31: VID header offset: 64 (aligned 64), data offset: 128 [ 1325.912767][T18495] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 1325.919946][T18495] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 1325.928059][T18495] ubi31: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2960256499 [ 1325.938378][T18495] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 1326.010033][T18496] ubi31: background thread "ubi_bgt31d" started, PID 18496 [ 1326.145574][T18499] sctp: [Deprecated]: syz.0.3211 (pid 18499) Use of int in max_burst socket option deprecated. [ 1326.145574][T18499] Use struct sctp_assoc_value instead [ 1328.335091][T18513] bridge0: port 3(batadv1) entered blocking state [ 1328.371180][T18513] bridge0: port 3(batadv1) entered disabled state [ 1328.388169][T18513] batadv1: entered allmulticast mode [ 1328.401513][T18513] batadv1: entered promiscuous mode [ 1328.529801][T18516] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3215'. [ 1328.615064][T18522] loop9: detected capacity change from 0 to 7 [ 1328.701057][ C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 1328.710827][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 1329.176905][T18516] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1329.184803][T18516] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1329.193405][ C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 1329.194775][T13117] batman_adv: batadv1: No IGMP Querier present - multicast optimizations disabled [ 1329.202918][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 1329.220623][T13117] batman_adv: batadv1: No MLD Querier present - multicast optimizations disabled [ 1329.242311][T18516] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1329.244916][ C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 1329.259438][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 1329.268618][ C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 1329.278033][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 1329.291715][ C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 1329.301066][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 1329.309130][T18516] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1329.318370][ C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 1329.327775][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 1329.345533][T18522] ldm_validate_partition_table(): Disk read failed. [ 1329.352692][ C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 1329.362159][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 1329.371638][ C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 1329.380892][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 1329.389960][ C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 1329.399592][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 1329.409599][ C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 1329.418924][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 1329.427189][T18522] Dev loop9: unable to read RDB block 0 [ 1329.450200][T18522] loop9: unable to read partition table [ 1329.456195][T18522] loop9: partition table beyond EOD, truncated [ 1329.462726][T18522] loop_reread_partitions: partition scan of loop9 (被xڬdGݡ [ 1329.462726][T18522] ) failed (rc=-5) [ 1329.565782][T18516] batman_adv: batadv0: Removing interface: ip6gretap1 [ 1329.585627][T18513] loop4: detected capacity change from 0 to 512 [ 1329.593521][T18513] EXT4-fs: Ignoring removed i_version option [ 1329.608799][T18513] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 1330.237460][T18513] EXT4-fs (loop4): 1 truncate cleaned up [ 1330.246170][T18513] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1330.468086][T18538] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1332.514588][T16966] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1335.062716][T18574] loop4: detected capacity change from 0 to 2048 [ 1335.074565][T18571] loop0: detected capacity change from 0 to 764 [ 1335.263707][T18575] (unnamed net_device) (uninitialized): option lp_interval: invalid value (0) [ 1335.272770][T18575] (unnamed net_device) (uninitialized): option lp_interval: allowed values 1 - 2147483647 [ 1335.577459][T18574] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024) [ 1335.794610][T18571] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 1335.891113][T18574] NILFS (loop4): mounting unchecked fs [ 1335.970524][T18464] udevd[18464]: incorrect nilfs2 checksum on /dev/loop4 [ 1336.027834][T18574] NILFS (loop4): recovery complete [ 1336.333295][T18585] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1337.335946][T18589] bridge0: port 4(macsec0) entered blocking state [ 1337.343683][T18589] bridge0: port 4(macsec0) entered disabled state [ 1337.404925][T18589] macsec0: entered allmulticast mode [ 1337.612854][T18589] veth1_macvtap: entered allmulticast mode [ 1337.992593][T18589] macsec0: entered promiscuous mode [ 1338.062163][T18589] bridge0: port 4(macsec0) entered blocking state [ 1338.069455][T18589] bridge0: port 4(macsec0) entered forwarding state [ 1338.355402][T18601] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1338.383039][T18606] loop4: detected capacity change from 0 to 64 [ 1339.408696][T18617] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1341.010425][T18629] lo speed is unknown, defaulting to 1000 [ 1344.642915][T18663] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1345.866019][T18685] netlink: 'syz.4.3255': attribute type 2 has an invalid length. [ 1348.274482][T18706] veth0: left allmulticast mode [ 1348.279687][T18706] wg1: left allmulticast mode [ 1348.284487][T18706] wg2: left allmulticast mode [ 1348.289238][T18706] veth0_to_bridge: left allmulticast mode [ 1348.295190][T18706] bridge_slave_0: left allmulticast mode [ 1348.301083][T18706] veth1_to_bridge: left allmulticast mode [ 1348.307100][T18706] bridge_slave_1: left allmulticast mode [ 1348.313078][T18706] bond_slave_0: left allmulticast mode [ 1348.318630][T18706] veth1_to_bond: left allmulticast mode [ 1348.324482][T18706] bond_slave_1: left allmulticast mode [ 1348.330144][T18706] veth0_to_team: left allmulticast mode [ 1348.335815][T18706] team_slave_0: left allmulticast mode [ 1348.341424][T18706] veth1_to_team: left allmulticast mode [ 1348.347075][T18706] team_slave_1: left allmulticast mode [ 1348.352728][T18706] veth0_to_batadv: left allmulticast mode [ 1348.358567][T18706] batadv_slave_0: left allmulticast mode [ 1348.364417][T18706] xfrm0: left allmulticast mode [ 1348.369397][T18706] veth0_to_hsr: left allmulticast mode [ 1348.375117][T18706] hsr_slave_0: left allmulticast mode [ 1348.380730][T18706] veth1_to_hsr: left allmulticast mode [ 1348.386295][T18706] hsr_slave_1: left allmulticast mode [ 1348.391988][T18706] hsr0: left allmulticast mode [ 1348.396874][T18706] veth1_virt_wifi: left allmulticast mode [ 1348.402735][T18706] veth0_virt_wifi: left allmulticast mode [ 1348.408716][T18706] net veth1_virt_wifi virt_wifi0: left allmulticast mode [ 1348.415907][T18706] veth1_vlan: left allmulticast mode [ 1348.421425][T18706] vlan1: left allmulticast mode [ 1348.426560][T18706] macvlan0: left allmulticast mode [ 1348.431848][T18706] macvlan1: left allmulticast mode [ 1348.437045][T18706] ipvlan0: left allmulticast mode [ 1348.442298][T18706] ipvlan1: left allmulticast mode [ 1348.447513][T18706] veth0_vlan: left allmulticast mode [ 1348.453405][T18706] veth0_macvtap: left allmulticast mode [ 1348.459248][T18706] macvtap0: left allmulticast mode [ 1348.464575][T18706] macsec0: left allmulticast mode [ 1348.469684][T18706] veth1_macvtap: left allmulticast mode [ 1348.476339][T18706] geneve0: left allmulticast mode [ 1348.481541][T18706] geneve1: left allmulticast mode [ 1348.486659][T18706] netdevsim netdevsim1 netdevsim0: left allmulticast mode [ 1348.493943][T18706] netdevsim netdevsim1 netdevsim1: left allmulticast mode [ 1348.501213][T18706] netdevsim netdevsim1 netdevsim2: left allmulticast mode [ 1348.508655][T18706] netdevsim netdevsim1 netdevsim3: left allmulticast mode [ 1348.516015][T18706] mac80211_hwsim hwsim8 wlan0: left allmulticast mode [ 1348.524272][T18706] macvtap1: left allmulticast mode [ 1348.643005][ T28] kauditd_printk_skb: 9 callbacks suppressed [ 1348.643021][ T28] audit: type=1326 audit(1752132523.537:558): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18698 comm="syz.2.3259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3339f8e929 code=0x7ffc0000 [ 1348.728257][ T28] audit: type=1326 audit(1752132523.537:559): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18698 comm="syz.2.3259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3339f8e929 code=0x7ffc0000 [ 1348.801521][ T28] audit: type=1326 audit(1752132523.537:560): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18698 comm="syz.2.3259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=261 compat=0 ip=0x7f3339f8e929 code=0x7ffc0000 [ 1348.856842][ T28] audit: type=1326 audit(1752132523.537:561): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18698 comm="syz.2.3259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3339f8e929 code=0x7ffc0000 [ 1348.899654][ T28] audit: type=1326 audit(1752132523.537:562): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18698 comm="syz.2.3259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3339f8e929 code=0x7ffc0000 [ 1348.929997][ T28] audit: type=1326 audit(1752132523.537:563): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18698 comm="syz.2.3259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=325 compat=0 ip=0x7f3339f8e929 code=0x7ffc0000 [ 1349.059636][ T28] audit: type=1326 audit(1752132523.537:564): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18698 comm="syz.2.3259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3339f8e929 code=0x7ffc0000 [ 1349.764128][ T28] audit: type=1326 audit(1752132523.537:565): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18698 comm="syz.2.3259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3339f8e929 code=0x7ffc0000 [ 1355.826807][T18763] (unnamed net_device) (uninitialized): option lp_interval: invalid value (0) [ 1355.835852][T18763] (unnamed net_device) (uninitialized): option lp_interval: allowed values 1 - 2147483647 [ 1355.930774][T18764] loop0: detected capacity change from 0 to 128 [ 1355.959495][T18764] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 1356.055548][T18764] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1356.250258][T18764] UDF-fs: error (device loop0): udf_bitmap_new_block: bitmap for partition 0 corrupted (block 264 marked as free, partition length is 40) [ 1356.350512][T18764] UDF-fs: error (device loop0): udf_bitmap_new_block: bitmap for partition 0 corrupted (block 264 marked as free, partition length is 40) [ 1357.406203][T18778] lo speed is unknown, defaulting to 1000 [ 1357.888951][T18789] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1358.922920][T18794] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR [ 1358.977737][T18797] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1359.084795][T18800] sctp: [Deprecated]: syz.4.3282 (pid 18800) Use of int in max_burst socket option deprecated. [ 1359.084795][T18800] Use struct sctp_assoc_value instead [ 1359.745952][ T28] audit: type=1326 audit(1752132534.617:566): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18798 comm="syz.2.3281" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f3339f8e929 code=0x0 [ 1360.578306][T18812] loop4: detected capacity change from 0 to 764 [ 1360.621789][T18812] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 1362.118026][ T1281] ieee802154 phy1 wpan1: encryption failed: -22 [ 1363.376720][T18847] loop4: detected capacity change from 0 to 64 [ 1363.388959][T18847] hfs: unable to parse mount options [ 1365.075861][T18850] loop0: detected capacity change from 0 to 128 [ 1365.101806][T18832] netlink: 'syz.1.3297': attribute type 1 has an invalid length. [ 1365.136997][T18832] netlink: 168864 bytes leftover after parsing attributes in process `syz.1.3297'. [ 1365.249297][T18850] EXT4-fs (loop0): Test dummy encryption mode enabled [ 1365.270965][T18430] blk_print_req_error: 4 callbacks suppressed [ 1365.270983][T18430] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1365.286403][T18850] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 1366.040676][T18850] ext4 filesystem being mounted at /778/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 1369.696920][T18885] kAFS: unparsable volume name [ 1369.867075][T18889] loop4: detected capacity change from 0 to 764 [ 1369.920076][T18889] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 1370.189766][ T5787] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 1372.435978][T18906] loop0: detected capacity change from 0 to 764 [ 1372.501237][T18912] loop4: detected capacity change from 0 to 256 [ 1372.582960][T18912] FAT-fs (loop4): Unrecognized mount option "18446744073709551615" or missing value [ 1372.686701][T18906] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 1374.311793][T18917] loop4: detected capacity change from 0 to 512 [ 1374.951941][T18917] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2802e018, mo2=0002] [ 1374.960663][T18917] System zones: 1-12 [ 1375.079686][T18917] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #11: comm syz.4.3305: invalid indirect mapped block 8 (level 2) [ 1375.174083][T18917] EXT4-fs (loop4): 1 truncate cleaned up [ 1375.184306][T18917] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1375.836250][T18925] lo speed is unknown, defaulting to 1000 [ 1375.972560][T16966] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1376.222010][T18936] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3307'. [ 1376.376716][T18938] loop4: detected capacity change from 0 to 2048 [ 1376.463760][T18938] loop4: p3 < > p4 < > [ 1376.475281][T18938] loop4: partition table partially beyond EOD, truncated [ 1376.519065][T18938] loop4: p3 start 4284289 is beyond EOD, truncated [ 1379.653626][T18957] overlayfs: missing 'lowerdir' [ 1382.609232][T18980] loop0: detected capacity change from 0 to 764 [ 1382.652868][T18980] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 1382.722964][ T28] audit: type=1326 audit(1752132557.627:567): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18981 comm="syz.4.3323" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8de618e929 code=0x7ffc0000 [ 1382.936526][ T28] audit: type=1326 audit(1752132557.627:568): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18981 comm="syz.4.3323" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8de618e929 code=0x7ffc0000 [ 1382.988771][ T28] audit: type=1326 audit(1752132557.647:569): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18981 comm="syz.4.3323" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f8de618e929 code=0x7ffc0000 [ 1383.014608][ T28] audit: type=1326 audit(1752132557.647:570): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18981 comm="syz.4.3323" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8de618e929 code=0x7ffc0000 [ 1383.042815][ T28] audit: type=1326 audit(1752132557.647:571): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18981 comm="syz.4.3323" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8de618e929 code=0x7ffc0000 [ 1383.103448][ T28] audit: type=1326 audit(1752132557.777:572): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18981 comm="syz.4.3323" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f8de618e929 code=0x7ffc0000 [ 1383.195608][ T28] audit: type=1326 audit(1752132557.777:573): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18981 comm="syz.4.3323" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8de618e929 code=0x7ffc0000 [ 1383.329691][ T28] audit: type=1326 audit(1752132557.777:574): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18981 comm="syz.4.3323" exe="/root/syz-executor" sig=0 arch=c000003e syscall=72 compat=0 ip=0x7f8de618e929 code=0x7ffc0000 [ 1383.491827][ T28] audit: type=1326 audit(1752132557.777:575): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18981 comm="syz.4.3323" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8de618e929 code=0x7ffc0000 [ 1384.240493][ T28] audit: type=1326 audit(1752132557.777:576): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18981 comm="syz.4.3323" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f8de618e929 code=0x7ffc0000 [ 1384.312517][T18996] loop0: detected capacity change from 0 to 2048 [ 1384.973497][T18996] NILFS (loop0): invalid segment: Inconsistency found [ 1385.051452][T18996] NILFS (loop0): trying rollback from an earlier position [ 1385.132870][T18996] NILFS (loop0): recovery complete [ 1385.158734][T19000] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1385.331135][T19002] loop4: detected capacity change from 0 to 256 [ 1385.358305][T19002] exFAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 1385.482184][T19002] exFAT-fs (loop4): Medium has reported failures. Some data may be lost. [ 1385.774791][T19002] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xe5674ec2, utbl_chksum : 0xe619d30d) [ 1388.196971][T19020] loop0: detected capacity change from 0 to 4096 [ 1389.083075][T19020] ntfs: volume version 3.1. [ 1391.242486][T19048] loop0: detected capacity change from 0 to 256 [ 1391.387511][T19048] FAT-fs (loop0): Unrecognized mount option "18446744073709551615" or missing value [ 1391.904991][T19050] loop0: detected capacity change from 0 to 512 [ 1392.181581][T19050] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2802e018, mo2=0002] [ 1392.190252][T19050] System zones: 1-12 [ 1392.221537][T19050] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #11: comm syz.0.3338: invalid indirect mapped block 8 (level 2) [ 1392.263771][T19050] EXT4-fs (loop0): 1 truncate cleaned up [ 1392.275424][T19050] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1392.819482][ T5787] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1393.557844][T19061] overlayfs: missing 'lowerdir' [ 1393.989014][T19063] loop0: detected capacity change from 0 to 256 [ 1394.009882][T19063] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 1394.020694][T19063] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 1394.046221][T19063] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe5674ec2, utbl_chksum : 0xe619d30d) [ 1395.766478][T19078] loop4: detected capacity change from 0 to 512 [ 1395.777463][T19078] EXT4-fs: Ignoring removed nomblk_io_submit option [ 1395.784454][T19078] EXT4-fs: Ignoring removed nobh option [ 1395.790232][T19078] ext2: Bad value for 'max_batch_time' [ 1396.447219][T18430] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1398.318364][T19094] loop4: detected capacity change from 0 to 4096 [ 1398.643661][T19101] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1399.403620][T19097] netlink: 'syz.1.3351': attribute type 4 has an invalid length. [ 1400.204912][T19105] NILFS error (device loop4): nilfs_readdir: zero-length directory entry [ 1402.164511][T19107] NILFS error (device loop4): nilfs_readdir: zero-length directory entry [ 1402.681577][T12523] usb 5-1: new full-speed USB device number 3 using dummy_hcd [ 1402.872128][T12523] usb 5-1: config 0 has an invalid interface number: 77 but max is 0 [ 1402.880323][T12523] usb 5-1: config 0 has no interface number 0 [ 1402.886660][T12523] usb 5-1: config 0 interface 77 altsetting 1 endpoint 0x2 has invalid maxpacket 544, setting to 64 [ 1402.897807][T12523] usb 5-1: config 0 interface 77 has no altsetting 0 [ 1402.906766][T12523] usb 5-1: New USB device found, idVendor=11ff, idProduct=9d64, bcdDevice=33.bd [ 1402.915902][T12523] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1402.924434][T12523] usb 5-1: Product: syz [ 1402.928695][T12523] usb 5-1: Manufacturer: syz [ 1402.933431][T12523] usb 5-1: SerialNumber: syz [ 1402.939803][T12523] usb 5-1: config 0 descriptor?? [ 1402.946016][T19108] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 1403.188352][T12523] usb 5-1: USB disconnect, device number 3 [ 1403.273494][T19115] bridge0: entered promiscuous mode [ 1403.287288][T19115] bridge0: entered allmulticast mode [ 1403.336124][T19115] team0: Port device bridge0 added [ 1403.354508][T19119] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3356'. [ 1403.403072][T19118] loop0: detected capacity change from 0 to 4096 [ 1403.474687][T18464] I/O error, dev loop0, sector 3968 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1403.761255][T19121] loop4: detected capacity change from 0 to 2048 [ 1403.780803][T19121] NILFS (loop4): invalid segment: Inconsistency found [ 1403.795593][T19121] NILFS (loop4): trying rollback from an earlier position [ 1403.845035][T19121] NILFS (loop4): recovery complete [ 1403.852883][T19123] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1404.597812][T19128] overlayfs: missing 'lowerdir' [ 1405.940651][T19119] team0 (unregistering): Port device bridge0 removed [ 1405.952666][T19141] loop0: detected capacity change from 0 to 764 [ 1405.983594][T19141] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 1406.003277][T19135] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3359'. [ 1406.076620][T19132] lo speed is unknown, defaulting to 1000 [ 1407.715281][T19137] block nbd4: shutting down sockets [ 1407.811176][ T28] kauditd_printk_skb: 46 callbacks suppressed [ 1407.811189][ T28] audit: type=1326 audit(1752132582.707:623): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19150 comm="syz.1.3365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc33e18e929 code=0x7ffc0000 [ 1407.883414][T19160] geneve3: entered promiscuous mode [ 1407.893132][ T28] audit: type=1326 audit(1752132582.707:624): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19150 comm="syz.1.3365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc33e18e929 code=0x7ffc0000 [ 1408.005390][ T28] audit: type=1326 audit(1752132582.717:625): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19150 comm="syz.1.3365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7fc33e1907bc code=0x7ffc0000 [ 1408.152254][ T28] audit: type=1326 audit(1752132582.717:626): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19150 comm="syz.1.3365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc33e18e929 code=0x7ffc0000 [ 1408.216304][ T28] audit: type=1326 audit(1752132582.717:627): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19150 comm="syz.1.3365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc33e18e929 code=0x7ffc0000 [ 1408.277823][T19163] loop0: detected capacity change from 0 to 1024 [ 1408.302208][ T28] audit: type=1326 audit(1752132582.757:628): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19150 comm="syz.1.3365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fc33e18e929 code=0x7ffc0000 [ 1408.448829][ T28] audit: type=1326 audit(1752132582.757:629): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19150 comm="syz.1.3365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc33e18e929 code=0x7ffc0000 [ 1408.590417][ T28] audit: type=1326 audit(1752132582.757:630): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19150 comm="syz.1.3365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fc33e18e929 code=0x7ffc0000 [ 1408.678674][ T28] audit: type=1326 audit(1752132582.757:631): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19150 comm="syz.1.3365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc33e18e929 code=0x7ffc0000 [ 1408.735913][ T28] audit: type=1326 audit(1752132582.757:632): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19150 comm="syz.1.3365" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fc33e18e929 code=0x7ffc0000 [ 1410.248302][ T7990] hfsplus: b-tree write err: -5, ino 4 [ 1410.435063][T19179] lo speed is unknown, defaulting to 1000 [ 1412.720653][T19197] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3375'. [ 1412.749716][T19197] batadv0: entered promiscuous mode [ 1412.756181][T19197] macvtap1: entered promiscuous mode [ 1412.765365][T19197] macvtap1: entered allmulticast mode [ 1412.773483][T19197] batadv0: entered allmulticast mode [ 1412.783127][T19197] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 1412.882416][T19201] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1414.079857][ T5831] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 1414.342687][ T5831] usb 1-1: config index 0 descriptor too short (expected 23569, got 27) [ 1414.372773][ T5831] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1414.402399][ T5831] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1414.409196][T19220] loop4: detected capacity change from 0 to 1024 [ 1414.415109][ T5831] usb 1-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 1414.960432][T19220] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1414.976525][ T5831] usb 1-1: New USB device strings: Mfr=5, Product=0, SerialNumber=225 [ 1414.986488][ T5831] usb 1-1: Manufacturer: syz [ 1414.992391][ T5831] usb 1-1: SerialNumber: syz [ 1415.006717][T19220] ext4 filesystem being mounted at /89/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1415.009249][ T5831] usb 1-1: config 0 descriptor?? [ 1415.944549][T16966] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1416.673572][ T5831] usb 1-1: USB disconnect, device number 5 [ 1417.456923][ T28] kauditd_printk_skb: 11 callbacks suppressed [ 1420.819677][ T28] audit: type=1326 audit(1752132592.357:644): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19240 comm="syz.4.3385" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f8de618e929 code=0x0 [ 1421.418142][T19254] loop0: detected capacity change from 0 to 1024 [ 1422.143325][T19255] loop4: detected capacity change from 0 to 1764 [ 1423.460256][ T1281] ieee802154 phy1 wpan1: encryption failed: -22 [ 1423.842980][T13685] hfsplus: b-tree write err: -5, ino 4 [ 1423.848658][T19266] loop4: detected capacity change from 0 to 512 [ 1423.961190][T19266] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 1424.091261][T19266] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 1424.102074][T19266] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e000e118, mo2=0002] [ 1424.777706][T19266] System zones: 0-1, 15-15, 18-18, 34-34 [ 1424.785850][T19266] EXT4-fs (loop4): orphan cleanup on readonly fs [ 1424.793693][T19266] Quota error (device loop4): v2_read_header: Failed header read: expected=8 got=0 [ 1424.877471][T19266] EXT4-fs warning (device loop4): ext4_enable_quotas:7173: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 1424.918456][T19276] loop0: detected capacity change from 0 to 64 [ 1424.930983][T19276] hfs: unable to parse mount options [ 1425.114496][T19266] EXT4-fs (loop4): Cannot turn on quotas: error -22 [ 1425.290581][T19266] EXT4-fs error (device loop4): ext4_validate_block_bitmap:439: comm syz.4.3393: bg 0: block 40: padding at end of block bitmap is not set [ 1425.487346][T19266] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6642: Corrupt filesystem [ 1425.506606][T19266] EXT4-fs (loop4): 1 truncate cleaned up [ 1426.120932][T19266] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 1426.245820][T19285] loop0: detected capacity change from 0 to 256 [ 1426.551949][T19287] No source specified [ 1427.686412][T16966] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1428.182256][T19306] loop0: detected capacity change from 0 to 128 [ 1428.349362][T19306] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 1428.361354][T19306] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1428.385150][T19300] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1431.550346][T19323] loop0: detected capacity change from 0 to 1764 [ 1433.470726][T19340] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1434.703419][T19353] loop4: detected capacity change from 0 to 256 [ 1434.728581][T19353] exFAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 1434.739974][T19353] exFAT-fs (loop4): Medium has reported failures. Some data may be lost. [ 1434.828718][T19353] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000ff98, chksum : 0xc64c1d22, utbl_chksum : 0xe619d30d) [ 1441.267426][T19393] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1441.315232][T19392] geneve3: entered promiscuous mode [ 1444.166972][T19396] loop4: detected capacity change from 0 to 512 [ 1444.188703][T19396] EXT4-fs (loop4): external journal device major/minor numbers have changed [ 1444.989070][T19396] EXT4-fs (loop4): failed to open journal device unknown-block(11,131) -6 [ 1446.724617][T19440] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1456.167641][T16413] Bluetooth: hci2: unexpected cc 0x203e length: 2 > 1 [ 1456.175071][T16413] Bluetooth: hci2: unexpected event for opcode 0x203e [ 1457.120166][T19486] overlayfs: missing 'lowerdir' [ 1457.690411][T19487] loop0: detected capacity change from 0 to 256 [ 1458.847722][T19497] lo speed is unknown, defaulting to 1000 [ 1462.483101][T19528] loop4: detected capacity change from 0 to 128 [ 1464.462790][T19539] loop4: detected capacity change from 0 to 40427 [ 1464.480900][T19539] F2FS-fs (loop4): build fault injection attr: rate: 690, type: 0x7ffff [ 1464.489284][T19539] F2FS-fs (loop4): Image doesn't support compression [ 1464.496362][T19539] F2FS-fs (loop4): Image doesn't support compression [ 1464.503128][T19539] F2FS-fs (loop4): build fault injection attr: rate: 0, type: 0x4 [ 1464.513494][T19539] F2FS-fs (loop4): invalid crc value [ 1464.523827][T19539] F2FS-fs (loop4): Found nat_bits in checkpoint [ 1464.554417][T19539] F2FS-fs (loop4): Start checkpoint disabled! [ 1464.568133][T19539] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6 [ 1466.372399][ T7990] kworker/u4:29: attempt to access beyond end of device [ 1466.372399][ T7990] loop4: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 1466.834930][ T7990] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 1466.843181][ T7990] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 1468.240841][T19573] RDS: rds_bind could not find a transport for ::ffff:172.20.20.170, load rds_tcp or rds_rdma? [ 1471.759310][T19588] netlink: 'syz.1.3470': attribute type 11 has an invalid length. [ 1475.368321][T19618] DRBG: could not allocate CTR cipher TFM handle: ctr(aes) [ 1477.630742][T19640] lo speed is unknown, defaulting to 1000 [ 1477.907042][T19645] loop4: detected capacity change from 0 to 8 [ 1482.452182][T19688] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 1482.979319][T19689] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1484.442450][T19706] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1484.912744][ T1281] ieee802154 phy1 wpan1: encryption failed: -22 [ 1487.072658][T19724] loop0: detected capacity change from 0 to 256 [ 1490.532166][T19739] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1491.790568][ T28] audit: type=1326 audit(1752132666.687:645): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19741 comm="syz.1.3504" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fc33e18e929 code=0x0 [ 1493.825547][T19745] tty tty29: ldisc open failed (-12), clearing slot 28 [ 1497.893859][T16413] Bluetooth: hci2: unexpected event for opcode 0x204e [ 1498.062949][T19778] bond0: option active_slave: mode dependency failed, not supported in mode balance-rr(0) [ 1498.307990][T19780] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1499.018565][T19778] syz.1.3513 (19778) used greatest stack depth: 17448 bytes left [ 1499.360109][T19793] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1499.377525][T19792] loop0: detected capacity change from 0 to 4096 [ 1499.505391][T19792] ntfs3: loop0: Different NTFS sector size (1024) and media sector size (512). [ 1500.660965][T19799] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1502.679823][ T28] audit: type=1326 audit(1752132676.437:646): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19806 comm="syz.0.3518" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f2d6a78e929 code=0x0 [ 1503.966425][T19822] loop0: detected capacity change from 0 to 64 [ 1504.051868][T19824] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3519'. [ 1504.728633][T19827] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1505.137388][T19834] ip6t_REJECT: ECHOREPLY is not supported [ 1505.145324][T19834] syz.1.3525 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 1505.875066][T19837] loop4: detected capacity change from 0 to 764 [ 1505.903186][T19837] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 1510.116691][ T28] audit: type=1326 audit(1752132685.017:647): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19859 comm="syz.0.3532" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f2d6a78e929 code=0x0 [ 1512.288446][T19875] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1516.543455][T19903] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3541'. [ 1520.319167][ T28] audit: type=1326 audit(1752132695.207:648): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19907 comm="syz.4.3542" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f8de618e929 code=0x0 [ 1523.193508][T19951] loop4: detected capacity change from 0 to 4096 [ 1523.219328][T19951] ntfs3: loop4: Different NTFS sector size (1024) and media sector size (512). [ 1523.315499][T19956] loop0: detected capacity change from 0 to 8 [ 1524.499534][T19962] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1525.859067][T19979] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1526.125170][T19982] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3558'. [ 1526.750273][T19991] netdevsim netdevsim1: Direct firmware load for ./file0 failed with error -2 [ 1526.759996][T19991] netdevsim netdevsim1: Falling back to sysfs fallback for: ./file0 [ 1527.904304][T20000] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3563'. [ 1528.374829][T20006] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3564'. [ 1529.632874][T20009] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1532.066820][T20031] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3568'. [ 1532.091838][T20031] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3568'. [ 1533.618362][T20036] loop0: detected capacity change from 0 to 764 [ 1533.626745][T20030] loop4: detected capacity change from 0 to 2048 [ 1533.648093][T20036] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 1533.780465][T20030] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1534.551709][T16966] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1538.253186][T20081] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1546.281557][ T1281] ieee802154 phy1 wpan1: encryption failed: -22 [ 1607.690753][ T1281] ieee802154 phy1 wpan1: encryption failed: -22 [ 1646.596809][ C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 1646.603887][ C1] rcu: 0-...!: (1 GPs behind) idle=bad4/1/0x4000000000000000 softirq=69347/69358 fqs=76 [ 1646.615984][ C1] rcu: (detected by 1, t=10502 jiffies, g=86549, q=72 ncpus=2) [ 1646.623701][ C1] Sending NMI from CPU 1 to CPUs 0: [ 1646.628931][ C0] NMI backtrace for cpu 0 [ 1646.628947][ C0] CPU: 0 PID: 20108 Comm: syz.1.3588 Not tainted 6.6.96-syzkaller #0 [ 1646.628963][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1646.628972][ C0] RIP: 0010:check_preemption_disabled+0x47/0x110 [ 1646.628998][ C0] Code: 95 75 65 8b 0d c2 3c 95 75 f7 c1 ff ff ff 7f 74 1f 65 48 8b 0c 25 28 00 00 00 48 3b 4c 24 08 0f 85 c4 00 00 00 48 83 c4 10 5b <41> 5e 41 5f 5d c3 48 c7 04 24 00 00 00 00 9c 8f 04 24 f7 04 24 00 [ 1646.629011][ C0] RSP: 0018:ffffc90000007aa0 EFLAGS: 00000082 [ 1646.629026][ C0] RAX: 0000000000000000 RBX: 0000000000000000 RCX: c7e717330e077200 [ 1646.629036][ C0] RDX: 0000000000000000 RSI: ffffffff8afc6ce0 RDI: ffffffff8afc6ca0 [ 1646.629046][ C0] RBP: ffffc90000007bf0 R08: ffffffff8e4a7faf R09: 1ffffffff1c94ff5 [ 1646.629058][ C0] R10: dffffc0000000000 R11: fffffbfff1c94ff6 R12: ffffffff84267507 [ 1646.629069][ C0] R13: dffffc0000000000 R14: ffffffff970c3af8 R15: 1ffff92000000f68 [ 1646.629081][ C0] FS: 00007fc33dfde6c0(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 [ 1646.629095][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1646.629105][ C0] CR2: 000000110c3cabd8 CR3: 0000000031cbd000 CR4: 00000000003506f0 [ 1646.629119][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1646.629127][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1646.629136][ C0] Call Trace: [ 1646.629144][ C0] [ 1646.629155][ C0] rcu_is_watching+0x15/0xb0 [ 1646.629196][ C0] lock_release+0xba/0x8b0 [ 1646.629237][ C0] ? do_raw_spin_lock+0x121/0x2c0 [ 1646.629275][ C0] ? __lock_acquire+0x7c80/0x7c80 [ 1646.629295][ C0] ? __rwlock_init+0x150/0x150 [ 1646.629312][ C0] ? debug_object_activate+0x4b0/0x4b0 [ 1646.629339][ C0] _raw_spin_unlock_irqrestore+0x71/0x110 [ 1646.629357][ C0] ? _raw_spin_unlock+0x40/0x40 [ 1646.629372][ C0] ? advance_sched+0x9f9/0xc80 [ 1646.629389][ C0] ? advance_sched+0x9f9/0xc80 [ 1646.629409][ C0] debug_object_activate+0x2f7/0x4b0 [ 1646.629440][ C0] ? _raw_spin_lock_irqsave+0xf0/0xf0 [ 1646.629459][ C0] enqueue_hrtimer+0x30/0x370 [ 1646.629477][ C0] __hrtimer_run_queues+0x637/0xc40 [ 1646.629497][ C0] ? taprio_dequeue_from_txq+0x8f0/0x8f0 [ 1646.629520][ C0] ? hrtimer_interrupt+0x9c0/0x9c0 [ 1646.629534][ C0] ? ktime_get_update_offsets_now+0x3d2/0x3f0 [ 1646.629558][ C0] hrtimer_interrupt+0x3c9/0x9c0 [ 1646.629589][ C0] __sysvec_apic_timer_interrupt+0xfb/0x3b0 [ 1646.629608][ C0] sysvec_apic_timer_interrupt+0x9f/0xc0 [ 1646.629623][ C0] [ 1646.629628][ C0] [ 1646.629633][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1646.629651][ C0] RIP: 0010:preempt_schedule_irq+0xb0/0x140 [ 1646.629672][ C0] Code: 44 24 20 f6 44 24 21 02 74 0b 0f 0b 48 f7 03 08 00 00 00 74 63 bf 01 00 00 00 e8 2b b2 e4 f6 e8 56 49 15 f7 fb bf 01 00 00 00 2b b5 ff ff 48 c7 44 24 40 00 00 00 00 9c 8f 44 24 40 8b 44 24 [ 1646.629684][ C0] RSP: 0018:ffffc90004fe7660 EFLAGS: 00000286 [ 1646.629696][ C0] RAX: c7e717330e077200 RBX: 0000000000000000 RCX: c7e717330e077200 [ 1646.629707][ C0] RDX: dffffc0000000000 RSI: ffffffff8aaab2c0 RDI: 0000000000000001 [ 1646.629717][ C0] RBP: ffffc90004fe7710 R08: ffffffff8e4a7faf R09: 1ffffffff1c94ff5 [ 1646.629728][ C0] R10: dffffc0000000000 R11: fffffbfff1c94ff6 R12: 0000000000000000 [ 1646.629738][ C0] R13: 0000000000000000 R14: dffffc0000000000 R15: 1ffff920009fcecc [ 1646.629761][ C0] ? preempt_schedule_notrace+0x110/0x110 [ 1646.629788][ C0] ? rcu_irq_exit_check_preempt+0xdf/0x210 [ 1646.629807][ C0] irqentry_exit+0x67/0x70 [ 1646.629821][ C0] asm_sysvec_reschedule_ipi+0x1a/0x20 [ 1646.629837][ C0] RIP: 0010:try_charge_memcg+0x0/0x1810 [ 1646.629854][ C0] Code: c8 0f 85 4f ff ff ff 48 89 df 48 c7 c6 a0 d3 b6 8a e8 d4 9e e0 ff 0f 0b 48 89 df 48 c7 c6 20 d4 b6 8a e8 c3 9e e0 ff 0f 0b 90 0f 1e fa 55 48 89 e5 41 57 41 56 41 55 41 54 53 48 83 e4 e0 48 [ 1646.629865][ C0] RSP: 0018:ffffc90004fe77d8 EFLAGS: 00000246 [ 1646.629876][ C0] RAX: ffff888024bf6000 RBX: dffffc0000000000 RCX: c7e717330e077200 [ 1646.629887][ C0] RDX: 0000000000000001 RSI: 0000000000000dc0 RDI: ffff888024bf6000 [ 1646.629897][ C0] RBP: ffffc90004fe78e0 R08: ffffffff8e4a7faf R09: 1ffffffff1c94ff5 [ 1646.629908][ C0] R10: dffffc0000000000 R11: fffffbfff1c94ff6 R12: 0000000000000000 [ 1646.629918][ C0] R13: ffff888024bf6000 R14: 0000000000000001 R15: 1ffff920009fcf04 [ 1646.629939][ C0] obj_cgroup_charge+0x358/0x620 [ 1646.629957][ C0] ? get_obj_cgroup_from_current+0xd4/0x280 [ 1646.629977][ C0] ? obj_cgroup_charge+0xe6/0x620 [ 1646.629995][ C0] ? mod_objcg_mlstate+0x310/0x310 [ 1646.630013][ C0] ? percpu_ref_tryget+0x15/0x180 [ 1646.630034][ C0] ? get_obj_cgroup_from_current+0xd4/0x280 [ 1646.630052][ C0] ? get_obj_cgroup_from_current+0xd4/0x280 [ 1646.630073][ C0] slab_pre_alloc_hook+0x2eb/0x310 [ 1646.630088][ C0] ? finish_task_switch+0x265/0x920 [ 1646.630105][ C0] kmem_cache_alloc+0x5a/0x2e0 [ 1646.630119][ C0] ? alloc_empty_file+0x9e/0x1d0 [ 1646.630139][ C0] alloc_empty_file+0x9e/0x1d0 [ 1646.630155][ C0] path_openat+0x100/0x3190 [ 1646.630177][ C0] ? do_sys_openat2+0xcb/0x1c0 [ 1646.630197][ C0] ? asan.module_dtor+0x20/0x20 [ 1646.630217][ C0] ? verify_lock_unused+0x140/0x140 [ 1646.630235][ C0] ? do_filp_open+0x3d0/0x3d0 [ 1646.630249][ C0] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 1646.630271][ C0] ? preempt_schedule+0xab/0xc0 [ 1646.630295][ C0] do_filp_open+0x1c5/0x3d0 [ 1646.630311][ C0] ? vfs_tmpfile+0x490/0x490 [ 1646.630347][ C0] ? _raw_spin_unlock+0x28/0x40 [ 1646.630362][ C0] ? alloc_fd+0x58f/0x630 [ 1646.630389][ C0] do_sys_openat2+0x12c/0x1c0 [ 1646.630410][ C0] ? do_sys_open+0xe0/0xe0 [ 1646.630436][ C0] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 1646.630454][ C0] ? lock_chain_count+0x20/0x20 [ 1646.630473][ C0] __x64_sys_openat+0x139/0x160 [ 1646.630496][ C0] do_syscall_64+0x55/0xb0 [ 1646.630515][ C0] ? clear_bhb_loop+0x40/0x90 [ 1646.630531][ C0] ? clear_bhb_loop+0x40/0x90 [ 1646.630548][ C0] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1646.630564][ C0] RIP: 0033:0x7fc33e18e929 [ 1646.630578][ C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1646.630590][ C0] RSP: 002b:00007fc33dfde038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1646.630605][ C0] RAX: ffffffffffffffda RBX: 00007fc33e3b6160 RCX: 00007fc33e18e929 [ 1646.630616][ C0] RDX: 0000000000000000 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 1646.630626][ C0] RBP: 00007fc33e210b39 R08: 0000000000000000 R09: 0000000000000000 [ 1646.630636][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1646.630645][ C0] R13: 0000000000000000 R14: 00007fc33e3b6160 R15: 00007ffd5387d8d8 [ 1646.630664][ C0] [ 1646.630925][ C1] rcu: rcu_preempt kthread starved for 10350 jiffies! g86549 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1 [ 1647.298552][ C1] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 1647.308530][ C1] rcu: RCU grace-period kthread stack dump: [ 1647.314423][ C1] task:rcu_preempt state:R running task stack:27240 pid:17 ppid:2 flags:0x00004000 [ 1647.325215][ C1] Call Trace: [ 1647.328498][ C1] [ 1647.331443][ C1] __schedule+0x14e2/0x4580 [ 1647.335990][ C1] ? asan.module_dtor+0x20/0x20 [ 1647.340863][ C1] ? enqueue_timer+0x225/0x530 [ 1647.345662][ C1] ? __mod_timer+0x984/0xdb0 [ 1647.350322][ C1] schedule+0xbd/0x170 [ 1647.354570][ C1] schedule_timeout+0x160/0x280 [ 1647.359462][ C1] ? console_conditional_schedule+0x40/0x40 [ 1647.365462][ C1] ? _raw_spin_unlock_irqrestore+0x86/0x110 [ 1647.371458][ C1] ? update_process_times+0x1b0/0x1b0 [ 1647.376957][ C1] ? prepare_to_swait_event+0x339/0x360 [ 1647.382548][ C1] rcu_gp_fqs_loop+0x302/0x1560 [ 1647.387523][ C1] ? dyntick_save_progress_counter+0x2b0/0x2b0 [ 1647.393705][ C1] ? rcu_gp_init+0x1510/0x1510 [ 1647.398483][ C1] ? rcu_gp_cleanup+0xb4c/0xca0 [ 1647.403428][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 1647.408636][ C1] ? lockdep_hardirqs_on+0x98/0x150 [ 1647.413872][ C1] rcu_gp_kthread+0x99/0x380 [ 1647.418504][ C1] ? rcu_report_qs_rsp+0x1a0/0x1a0 [ 1647.423655][ C1] ? __kthread_parkme+0x7a/0x1c0 [ 1647.428749][ C1] ? __kthread_parkme+0x162/0x1c0 [ 1647.433816][ C1] kthread+0x2fa/0x390 [ 1647.437916][ C1] ? rcu_report_qs_rsp+0x1a0/0x1a0 [ 1647.443132][ C1] ? kthread_blkcg+0xd0/0xd0 [ 1647.447738][ C1] ret_from_fork+0x48/0x80 [ 1647.452167][ C1] ? kthread_blkcg+0xd0/0xd0 [ 1647.456766][ C1] ret_from_fork_asm+0x11/0x20 [ 1647.461641][ C1] [ 1647.464667][ C1] rcu: Stack dump where RCU GP kthread last ran: [ 1647.471000][ C1] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.6.96-syzkaller #0 [ 1647.479680][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1647.489767][ C1] RIP: 0010:pv_native_safe_halt+0x13/0x20 [ 1647.495501][ C1] Code: cc cc cc cc cc cc cc f3 0f 1e fa 0f 0b 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 66 90 0f 00 2d c3 bf 39 00 f3 0f 1e fa fb f4 cc cc cc cc cc cc cc cc cc cc cc cc 66 0f 1f 00 55 41 57 41 56 [ 1647.515200][ C1] RSP: 0018:ffffc90000187de0 EFLAGS: 000002c2 [ 1647.521280][ C1] RAX: 9fe3dfa50aaf5200 RBX: ffffffff81618a7b RCX: 9fe3dfa50aaf5200 [ 1647.529262][ C1] RDX: 0000000000000001 RSI: ffffffff8aaab2c0 RDI: ffffffff8afc6d00 [ 1647.537324][ C1] RBP: ffffc90000187f20 R08: ffff8880b8f36d4b R09: 1ffff110171e6da9 [ 1647.545396][ C1] R10: dffffc0000000000 R11: ffffed10171e6daa R12: ffffffff8e4a7fa8 [ 1647.553483][ C1] R13: 0000000000000001 R14: 0000000000000001 R15: 1ffff1100364e780 [ 1647.561491][ C1] FS: 0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 [ 1647.570430][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1647.577026][ C1] CR2: 0000001b2e51fffc CR3: 00000000238dc000 CR4: 00000000003506e0 [ 1647.585092][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1647.593069][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1647.601055][ C1] Call Trace: [ 1647.604336][ C1] [ 1647.607401][ C1] default_idle+0x13/0x20 [ 1647.611834][ C1] default_idle_call+0x6c/0xa0 [ 1647.616607][ C1] do_idle+0x1eb/0x510 [ 1647.620690][ C1] ? idle_inject_timer_fn+0x60/0x60 [ 1647.626067][ C1] ? asm_sysvec_call_function_single+0x1a/0x20 [ 1647.632246][ C1] cpu_startup_entry+0x43/0x60 [ 1647.637017][ C1] start_secondary+0xee/0xf0 [ 1647.641615][ C1] secondary_startup_64_no_verify+0x179/0x17b [ 1647.647793][ C1]