last executing test programs: 14m56.766077664s ago: executing program 4 (id=83): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) r4 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x558, 0x320, 0xffffff80, 0x178, 0x0, 0x178, 0x488, 0x22b, 0x258, 0x488, 0x258, 0x2034, 0x0, {[{{@uncond, 0x1d, 0x300, 0x320, 0x340, {0x1e0002a8, 0x7203000000000000}, [@common=@unspec=@bpf1={{0x230}, @bytecode={0x0, 0x1a, 0x64, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x6}]}}, @inet=@rpfilter={{0x28}}]}, @unspec=@NOTRACK={0x20}}, {{@ipv6={@loopback, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [], [], 'veth1_to_bridge\x00', 'geneve1\x00'}, 0x0, 0x100, 0x168, 0x0, {}, [@common=@ah={{0x30}}, @common=@ipv6header={{0x28}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x5b8) 14m55.520506641s ago: executing program 4 (id=87): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, 0x0, 0x0, 0x2, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000100)=0x800009, 0x4) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) sendto$packet(r3, &(0x7f0000000180)="02030c65420002000000ab5d71acedd7c9560385dcb1080084d7dc039806112405ce811cc352", 0xff88, 0x0, &(0x7f0000000140)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @broadcast}, 0x14) 14m53.573078466s ago: executing program 1 (id=93): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000018c0)={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}, 0x58) socketpair$tipc(0x1e, 0x2, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000001080)={0x8, 0x4087}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000380)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$nl_route(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000001c0)=ANY=[], 0xfffffe2b}}, 0x2200c840) 14m51.491166933s ago: executing program 1 (id=95): socket$pppl2tp(0x18, 0x1, 0x1) socket$inet6_udp(0xa, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet6_udp(0xa, 0x2, 0x0) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) dup(r0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000040)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="1fe8ffff0000000000003b00000008000300", @ANYRES32=r4, @ANYBLOB="21003300d0800000080211000000080211000001505050505050000000000000", @ANYRES16=r1], 0x40}}, 0x0) 14m51.007790129s ago: executing program 1 (id=99): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = userfaultfd(0x80001) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000180)) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1}) ioctl$UFFDIO_COPY(r3, 0xc028aa03, &(0x7f00000000c0)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x4000)=nil, 0x3000}) 14m50.95971163s ago: executing program 4 (id=100): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0x401) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x0, r1}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000380)={0x1, 0x0, 0x0, &(0x7f0000000280)=""/233, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f00000001c0)={0x0, 0x1, 0x0, &(0x7f0000000700)=""/88, 0x0}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000001c40)) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x20000) write$eventfd(r1, &(0x7f00000000c0)=0xfffffffffffffffe, 0x8) write(0xffffffffffffffff, 0x0, 0x0) name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x1400) syz_genetlink_get_family_id$ethtool(&(0x7f0000000400), 0xffffffffffffffff) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x200}}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) 14m49.919769614s ago: executing program 1 (id=102): bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) add_key$fscrypt_provisioning(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f00000006c0)={0xffff, 0x0, 0x0, 0x4001, 0x2}) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000100)='./bus\x00', 0x1001a, &(0x7f0000000580)={[{@user_xattr}, {@resuid={'resuid', 0x3d, 0xee01}}, {@min_batch_time={'min_batch_time', 0x3d, 0x4c3b8}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x2000000}}, {@data_journal}, {@i_version}]}, 0x1, 0x43e, &(0x7f0000000bc0)="$eJzs3EtvG0UcAPD/rpP0TUIpjz6AQEFEPJImLdADFxBIXJCQ4FCOIUmrUrdBTZBoVUFAiCuqxB1xROITcIILAk5IXPkAqFKFcmnhZLT2bmI7dhqnThzq30/admZ3nJm/d8ae3ckmgL41mv2TROyPiD8jYriWbSwwWvvv9vK1mX+Wr80kUam883dSLXdr+dpMUbR43b48M5ZGpF8kcbRFvQtXrl6YLpfnLuf5icWLH04sXLn6wvmL0+fmzs1dmjp9+tTJyZdfmnqxK3Fmbbp15JP5Y4fffO/6WzNnrr//6/dJEX9THF0yut7BpyuVLlfXWwfq0slADxtCR0oRkZ2uwer4H45SrJ684Xjj8542DthSlUqlsq/94aUKcA9LomnH7uYdwL2p+KLPrn+LbZumHjvCzVdrF0BZ3LfzrXZkINK8zGDT9W03jUbEmaV/v8m22Jr7EAAADX7M5j/Pt5r/pfFQXbn78rWhkYi4PyIORsQDEXEoIh6MqJZ9OCIe6bD+5kWStfOf9MamAtugbP73Sr621Tj/K2Z/MVLKcweq8Q8mZ8+X507k78lYDO7K8pPr1PHT63981e5Y/fwv27L6i7lg3o4bA7saXzM7vTh9NzHXu/lZxJGBVvEnKysBSUQcjogjm6zj/LPfHWt37M7xr6ML60yVbyOeqZ3/pWiKv5Csvz45sTvKcycmil6x1m+/f/l2u/rvKv4uyM7/3pb9fyX+kaR+vXahs5+/6w7HN9v/h5J3q+mhfN/H04uLlycjhi40dorq/qm1+aJ8Fv/Y8dbj/2CsvhNHIyLrxI9GxGMR8Xje9ici4smIOL5OjL+89tQHm49/a2Xxz3Z0/lcTQ9G8p3WidOHnHxoqHekk/uz8n6qmxvI9G/n820i7Ou/NAAAA8P+URsT+SNLxlXSajo/Xfl/+UOxNy/MLi8+dnf/o0mztGYGRGEyLO13DdfdDJ/PL+iI/1ZQ/md83/rq0p5ofn5kvz/Y6eOhz+9qM/8xfpV63DthynteC/mX8Q/8y/qF/Gf/Qv1qM/z29aAew/Vp9/3/ag3YA269p/Fv2gz7i+h/6l/EP/cv4h760sCfaPRtf/AWAjT1IL9FniUh3RDO2LVEZ3hHN2LZErz+ZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuuO/AAAA///gg99Z") mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x81105a, 0x0) mount$bind(&(0x7f0000000880)='./file0/../file0\x00', &(0x7f0000000440)='./file0/file0\x00', 0x0, 0x1adc11, 0x0) mount$bind(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f0000000080)='./file0/file0/file0\x00', 0x0, 0x887008, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') read$FUSE(r1, &(0x7f0000004100)={0x2020}, 0x2020) 14m49.670981997s ago: executing program 4 (id=104): chdir(0x0) r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x1c1842, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, 0x0) syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000640)='./file1\x00', 0x3000010, &(0x7f0000000000), 0x3e, 0x51b, &(0x7f0000001200)="$eJzs3c9vI1cdAPDvTOLd7G6KU0CoVKJUtGi3grU3DW0jhKBc4FQJKPclJE4UxY6j2CmbqKKp+A8QEkicOHFB4g9AQj3wB6BKleCCOCBAIARbOCABHTTjsZp17CTQrJ3Gn4/04vfm1/e9sfw8M36ZCWBqPRkRL0bETEQ8ExHVcnpaprt54bC33Nv3X13NUxJZ9vJfk0jKaf1t5eXZiLjRWyXmIuJrX474ZnI8bmf/YGul2WzsluV6t7VT7+wf3N5srWw0NhrbS0uLzy+/sPzc8p2s9J7audDP/PhLn//5p7/1u7t/vvXtvFqf+0hUYqAd56nX9EqxL/ryfbT7MIJNwEzZnsqkKwIAwJnkx/gfjIhPFMf/1ZgpjuYGzEyiZgAAAMB5yb4wH/9OIjIAAADg0kojYj6StFaOBZiPNL1SXhv4cFxPm+1O91Pr7b3ttXxexEJU0vXNZuNOOVZ4ISpJXl4sx9j2y88OlJci4tGI+F71WlGurbabaxO+9gEAAADT4sbA+f8/qmmRP92Q/xMAAAAALq6FkQUAAADgsnDKDwAAAJff4Pm/+/0DAADApfKVl17KU9Z//vXaK/t7W+1Xbq81Olu11t5qbbW9u1PbaLc3inv2tU7bXrPd3vlMbO/dq3cbnW69s39wt9Xe2+7e3XzgEdgAAADAGD368Td+nUTE4WevFSnK+wACPOAPk64AcJ4M9YPp5S7eML0qk64AMHHJKfMN3gEAgPe/mx89/vt///n/rg3A5WasDwBMH7//w/SqGAEIU2u2vAbwgV7x6qjlRv7+/8uzRsqyiDerR6e4vggAAOM1X6QkrZXnAfORprVaxCMR6UJUkvXNZuNOeX7wq2rlal5eLNZMTh0zDAAAAAAAAAAAAAAAAAAAAAAAAAD0ZFkSGQAAAHCpRaR/Soq7+UfcrD49P3h94Eryz2r8sSz88OXv31vpdncX8+l/K57ldSUiuj8opz878vFhAAAAwHlLDkfO6p2nl6+LY60VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFPg7fuvrvbTOOP+5YsRsTAs/mzMFa9zUYmI639PYvbIeklEzJxD/MPXI+KxYfGTeCfLXouyFsPiX3vI8ReKXTM8fhoRN84hPkyzN/L+58Vhn780nixeh3/+Zsv0Xo3u/9Iy8mNFPzes/3nk2NZaQ2M8/tZP671c5Xj81yMenx3e//T732RE/KeObe1fWZYdj/+Nrx8cjGp/9qOIm0O/f5IHYtW7rZ16Z//g9mZrZaOx0dheWlp8fvmF5eeW79TXN5uN8u/QGN/92M/eGRU/b//1IfF/+5te/3tS+58etdEB/3nr3v0P9bLH3oA8/q2nhn7/zsWI+Gn53ffJMp/Pv9nPH/byRz3xkzefOKn9ayP2/2nv/60ztv+Zr37n92dcFAAYg87+wdZKs9nYPSEzd4Zl3o+ZX8xdiGr8j5nstd47d1Hq8/9m8qPVd6f0W3UBKnYkk40l1tXieP6sa10ZU9sn2i0BAAAPwbsH/ZOuCQAAAAAAAAAAAAAAAAAAAEyvcdxKbTDm4WSaCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwov8GAAD//3QT3Gw=") openat(0xffffffffffffff9c, &(0x7f0000000440)='./bus\x00', 0x141842, 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r1 = open(&(0x7f0000000240)='./bus\x00', 0x1c7102, 0x1) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2, 0x28011, r1, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x408e, &(0x7f0000000540)={[{@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x2e}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x100000}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x80}}, {@stripe={'stripe', 0x3d, 0x4000}}, {@errors_remount}, {@max_batch_time={'max_batch_time', 0x3d, 0x4}}]}, 0x3, 0x446, &(0x7f0000004380)="$eJzs3MtvG8UfAPDvruP019cvoZRHH0CgICIeSZMW6IELCCQOICHBoRxDklalboOaINEqgoBQ4YYqcUcckfgLOMEFASckrnBHlSqUSwsno7V3E8e10yTYcak/H2nbmd1xZr6eHXt2J5sA+tZI9k8SsScifouIoXp2bYGR+n83lhen/1penE6iWn3jz6RW7vry4nRRtHjd7jwzmkaknyRxqEW98xcvnZ2qVGYv5PnxhXPvjs9fvPT0mXNTp2dPz56fPHHi+LGJ556dfKYjcWZtun7wg7nDB15568pr0yevvP3TN0kRf1McHTKy3sHHqtUOV9dbexvSyUAPG8KmlCIi665ybfwPRSlWO28oXv64p40DuqparVZ3tz+8VAXuYElstOTZ/PMCuDMUX/TZ9W+xbdPU47Zw7YX6BVAW943lxc9iJf6BSPMy5abr204aiYiTS39/mW3RnfsQAABrfJfNf55qNf9L496Gcv/P14aGI+KuiNgXEXdHxP6IuCeiVva+iLh/k/U3L5LcPP9Jr24psA3K5n/P52tbxZbXWxQZLuW5vbX4y8mpM5XZo/l7MhrlHVl+Yp06vn/p18/bHWuc/2VbVn8xF8zbcXVgx9rXzEwtTP2bmBtd+yji4ECr+JOVlYAkIg5ExMEt1nHmia8PtzvWLv7yRn5wB9aZql9FPF7v/6Voir+QrL8+Of6/qMweHS/Oipv9/Mvl19vVf+v+766s/3e1PP9X4h9OGtdr5zdfx+XfP217TbPV838webOWHsz3vT+1sHBhImIwebXe6Mb9k6uvLfJF+Sz+0SOtx/++WH0nDkVEdhI/EBEPRsRDedsfjohHIuLIOvH/+OKj72w9/u7K4p/ZVP+vJgajeU/rROnsD9+uqXR4M/Fn/X+8lhrN92zk828j7dra2QwAAAD/PWlE7IkkHVtJp+nYWP335ffHrrQyN7/w5Km5987P1J8RGI5yWtzpGmq4HzqRX9YX+cmm/LH8vvEXpZ21/Nj0XGWm18FDn9vdZvxn/ij1unVA13leC/qX8Q/9y/iH/mX8Q/9qMf539qIdwPZr9f3/YQ/aAWy/pvFv2Q/6iOt/6F/GP/Qv4x/60vzOuPVD8h1IFH+nYTvqktiORKS3RTMkupTo8QcTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAh/wTAAD//0oy3vc=") r2 = socket(0x10, 0x2, 0x0) ioctl$sock_SIOCETHTOOL(r2, 0x8946, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) chdir(&(0x7f0000000400)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x60840, 0x8) 14m47.980813259s ago: executing program 1 (id=108): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_BINDTODEVICE_wg(r0, 0x1, 0x19, 0x0, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x2}, 0x1c) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2b}}, 0x10) r2 = socket$inet6(0xa, 0x2, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000300)) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r4}, 0x10) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) ppoll(&(0x7f0000000500)=[{r3}], 0x1, 0x0, 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) 14m46.745502996s ago: executing program 1 (id=112): openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000080)) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000500)={0xa00, 0x18, 0xfa00, {0x100000000000000, 0x0}}, 0xfc36) r1 = syz_io_uring_setup(0x497, &(0x7f00000000c0)={0x0, 0x7079, 0x400, 0x3, 0x1b0}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x1, 0x0}) io_uring_enter(r1, 0x3516, 0x0, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) epoll_create1(0x0) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) pselect6(0x40, &(0x7f0000000600)={0x6, 0x0, 0x0, 0x40, 0x2, 0xd, 0x0, 0x7}, 0x0, &(0x7f0000000680)={0x7ff, 0x7, 0x8000000000009, 0x7, 0x7, 0x0, 0xe59, 0x7}, 0x0, 0x0) 14m46.37378201s ago: executing program 32 (id=112): openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000080)) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000500)={0xa00, 0x18, 0xfa00, {0x100000000000000, 0x0}}, 0xfc36) r1 = syz_io_uring_setup(0x497, &(0x7f00000000c0)={0x0, 0x7079, 0x400, 0x3, 0x1b0}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x1, 0x0}) io_uring_enter(r1, 0x3516, 0x0, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) epoll_create1(0x0) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) pselect6(0x40, &(0x7f0000000600)={0x6, 0x0, 0x0, 0x40, 0x2, 0xd, 0x0, 0x7}, 0x0, &(0x7f0000000680)={0x7ff, 0x7, 0x8000000000009, 0x7, 0x7, 0x0, 0xe59, 0x7}, 0x0, 0x0) 14m45.431064643s ago: executing program 4 (id=115): fanotify_init(0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003900)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b07080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf5af51d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa16509945ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000cf7b6c4ba9bec153d6834bfef080df374703a8ff56a63ec1fe5f2e05a79e3cace7283dd68d41e94420c325fe4dae144fde5ec25a87d625cab20753a77b323fa3783c8b675859b9012647885a242adfee2fe812ecbe5191e0a15142f7349e7627cc39d724e2e34e7a24154f26ae3125b36d0504965295d0453902ac7079b11a3a1e655e482331e3dc35b2e7e4e3ea99064fe5b9c8ae0ca3e5fd653f3286a99d81ce4eba765c38d097391ad4babac38ce5b4344e24a361cd54e5"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x2e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) 14m43.723749215s ago: executing program 4 (id=122): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000400)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = add_key$keyring(&(0x7f0000000000), &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff) r4 = add_key$user(&(0x7f0000000080), &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000540)="0706675823b8a37f19b37e0f9f120663b78a6a322f28cb301825eddc42c667fc68923d7df9f4c1843c5f11b63d2684fff43955079736fa4c80100487c31c09706b6bf145eb1baf416d2681491bd6a3098fe1a6741d65b085b4075db8419d9e6d17b1eec4dfb860a71d61af753459bcc5ea1f20d6c1c74afda3b0c08bf98886eaac01b08aa753b8727f25773c98cd6a78c06b758992b03b81e2e09cf103dc16a5658a3b58626b457ee4773d41b3548f2258a2e11cc22555da4ef9035cbfe8dc1e", 0xc0, r3) r5 = add_key$user(&(0x7f0000000180), &(0x7f0000000340)={'syz', 0x3}, &(0x7f0000000140)="04", 0x1, 0xfffffffffffffffe) keyctl$dh_compute(0x17, &(0x7f00000001c0)={r5, r4, r5}, &(0x7f0000000700)=""/259, 0x103, &(0x7f0000000400)={&(0x7f0000000100)={'streebog256-generic\x00'}}) 14m43.379647019s ago: executing program 33 (id=122): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000400)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = add_key$keyring(&(0x7f0000000000), &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff) r4 = add_key$user(&(0x7f0000000080), &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000540)="0706675823b8a37f19b37e0f9f120663b78a6a322f28cb301825eddc42c667fc68923d7df9f4c1843c5f11b63d2684fff43955079736fa4c80100487c31c09706b6bf145eb1baf416d2681491bd6a3098fe1a6741d65b085b4075db8419d9e6d17b1eec4dfb860a71d61af753459bcc5ea1f20d6c1c74afda3b0c08bf98886eaac01b08aa753b8727f25773c98cd6a78c06b758992b03b81e2e09cf103dc16a5658a3b58626b457ee4773d41b3548f2258a2e11cc22555da4ef9035cbfe8dc1e", 0xc0, r3) r5 = add_key$user(&(0x7f0000000180), &(0x7f0000000340)={'syz', 0x3}, &(0x7f0000000140)="04", 0x1, 0xfffffffffffffffe) keyctl$dh_compute(0x17, &(0x7f00000001c0)={r5, r4, r5}, &(0x7f0000000700)=""/259, 0x103, &(0x7f0000000400)={&(0x7f0000000100)={'streebog256-generic\x00'}}) 38.449967016s ago: executing program 6 (id=2119): socket$nl_netfilter(0x10, 0x3, 0xc) syz_open_procfs(0xffffffffffffffff, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x35, &(0x7f0000000200)=0x632a, 0x4) socket$kcm(0xa, 0x2, 0x73) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x1000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001040)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000001a300)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket$nl_netfilter(0x10, 0x3, 0xc) r4 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) r5 = fsmount(r4, 0x0, 0x0) fchdir(r5) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) open_tree(r5, &(0x7f0000000180)='./file0\x00', 0x89101) 37.273379571s ago: executing program 6 (id=2123): socket$inet_smc(0x2b, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket$isdn_base(0x22, 0x3, 0x0) r3 = socket$phonet_pipe(0x23, 0x5, 0x2) setsockopt$SO_BINDTODEVICE_wg(r3, 0x1, 0x19, &(0x7f00000000c0)='wg0\x00', 0x4) socket(0x10, 0x3, 0x0) connect$phonet_pipe(r3, &(0x7f0000000000)={0x23, 0x0, 0x7}, 0x10) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r4, 0xffffffffffffffff, 0x0) 33.063247657s ago: executing program 6 (id=2132): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, 0x0, &(0x7f0000000040)='GPL\x00', 0x6, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, 0x0, 0x800) socket$nl_route(0x10, 0x3, 0x0) r4 = socket$inet6(0xa, 0x3, 0x8000000003c) connect$inet6(r4, &(0x7f0000000080)={0xa, 0xfffe, 0x7fffffff, @local, 0x9}, 0x1c) sendmsg(r4, 0x0, 0xd) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) mkdir(&(0x7f00000000c0)='./bus\x00', 0x0) mount$bind(&(0x7f00000002c0)='.\x00', 0x0, 0x0, 0x101091, 0x0) madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe) mlock(&(0x7f0000c00000/0x400000)=nil, 0x400000) mremap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000fff000/0x1000)=nil) madvise(&(0x7f0000f0f000/0x2000)=nil, 0x2000, 0x15) 30.243625263s ago: executing program 6 (id=2136): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x3) syz_clone(0x0, 0x0, 0xfffffe11, 0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r2 = syz_open_dev$MSR(&(0x7f0000000140), 0x0, 0x0) syz_genetlink_get_family_id$netlbl_calipso(0x0, 0xffffffffffffffff) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = socket$inet6(0xa, 0x80002, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="fc0000001900674c0000000000000000e0000001000000000000000000000000e000000200000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000400000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000044000500000000000000000000000000716f0000000000"], 0xfc}}, 0x0) connect$inet6(r3, &(0x7f0000000000)={0xa, 0x4e27, 0xffffffff, @mcast2, 0x5}, 0x1c) sendmmsg$inet6(r3, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00) 26.092525688s ago: executing program 6 (id=2150): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$TIPC_NL_PEER_REMOVE(0xffffffffffffffff, &(0x7f0000000dc0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000ac0)={0x14, r2, 0x1, 0x0, 0x25dfdbff}, 0x14}}, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$BATADV_CMD_GET_MESH(r3, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0, 0x32}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB, @ANYRES32=r4, @ANYBLOB="00000016010000001800120008000100736974000c0002000800030036"], 0x38}}, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x2a, r4}) r5 = socket$nl_route(0x10, 0x3, 0x0) shutdown(0xffffffffffffffff, 0x2) r6 = socket(0x10, 0x803, 0x2) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r6) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11ffffffff000000", @ANYRES32=r7], 0x3c}}, 0x0) 21.421634429s ago: executing program 6 (id=2158): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x26) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000080), 0x4) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket$isdn(0x22, 0x3, 0x1) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_EVENTS(r4, 0x84, 0xb, &(0x7f0000000040), &(0x7f0000000080)=0xe) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) socket(0x22, 0x2, 0x24) io_setup(0xeb0, &(0x7f0000000140)=0x0) r6 = socket$xdp(0x2c, 0x3, 0x0) io_submit(r5, 0x1, &(0x7f0000001780)=[&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x5, 0x0, r6, 0x0}]) r7 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018000000000000002800000028000000020000000100000000000001e5ff0000400000000000000001000084080000000000"], 0x0, 0x42, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000980)={0x6, 0x4, 0x8, 0x1, 0x80, 0x1, 0x0, '\x00', 0x0, r7, 0x0, 0x2, 0x0, 0x0, @void, @value, @void, @value}, 0x48) write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000001040)={0xfc, {"a2e3ad09ed0d09f91b5e071887f70e09d038e7ff7fc6e5539b0d670a8b089b3f363063030890e0879b0af8c6e70a9b334a959b669a9b2f0a0af3988f7ef319520100ffe8d178708c523c921b1b5b31070d073b090acd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813491ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c513a9177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df7227dfdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006) 11.707048596s ago: executing program 5 (id=2177): openat$nullb(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socket(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={0x0}}, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x18) r4 = add_key(&(0x7f00000002c0)='keyring\x00', &(0x7f0000000300)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r4, &(0x7f00000000c0)='asymmetric\x00', &(0x7f0000000340)=@chain={'key_or_keyring:', r4}) 9.830982041s ago: executing program 2 (id=2178): openat$nullb(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socket(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={0x0}}, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x18) r4 = add_key(&(0x7f00000002c0)='keyring\x00', &(0x7f0000000300)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r4, &(0x7f00000000c0)='asymmetric\x00', &(0x7f0000000340)=@chain={'key_or_keyring:', r4}) syz_open_dev$radio(&(0x7f0000000040), 0x2, 0x2) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000600)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(r5, 0xc0a85352, &(0x7f0000000140)={{}, 'port0\x00'}) add_key$user(&(0x7f00000003c0), &(0x7f0000000500), &(0x7f0000000640)="6f326f04fae8f23ee8bad33b10489de5b25ae50b7100159e63c2d6f166910de58905f94f8866ecfa8cb81020b3ffee1128d42d4a476dfc560442c06b5d74a6658fdb63f2da3ee71788700e972053900c31ec6731a4b728dce4172dd543a0f689d7b124cd665b254fff105ff7bb3f72e1c85962c8", 0x74, 0xfffffffffffffffd) 9.250277618s ago: executing program 2 (id=2180): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, 0x0, 0x0) r2 = socket$inet6(0xa, 0x2, 0x3a) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f00000000c0)={'batadv0\x00', 0x0}) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="5c0000000e0603000000000000000000000000070500010007000000090002"], 0x5c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000) setsockopt$inet6_IPV6_PKTINFO(r2, 0x29, 0x32, &(0x7f0000000080)={@private0, r3}, 0x14) sendmmsg$inet6(r2, 0x0, 0x0, 0x0) r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r5, 0x5423, &(0x7f00000002c0)=0x1) ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000140)=0x2) r6 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000002e80), r0) r7 = socket(0x840000000002, 0x3, 0xfa) connect$inet(r7, &(0x7f0000000080)={0x2, 0x4e20, @remote}, 0x10) getpeername$packet(r7, 0x0, &(0x7f0000000480)) setsockopt$RDS_GET_MR_FOR_DEST(r7, 0x114, 0x7, &(0x7f00000003c0)={@ax25={{0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x8}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}, {&(0x7f0000000300)=""/116, 0x74}, &(0x7f0000000180), 0x5}, 0xa0) sendmsg$NLBL_CIPSOV4_C_REMOVE(r0, &(0x7f0000003080)={0x0, 0x0, &(0x7f0000003040)={&(0x7f0000002ec0)={0x1c, r6, 0x1, 0x70bd25, 0x25dfdbfe, {}, [@NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x800) 9.242639688s ago: executing program 5 (id=2181): socket$inet_smc(0x2b, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket$isdn_base(0x22, 0x3, 0x0) r3 = socket$phonet_pipe(0x23, 0x5, 0x2) setsockopt$SO_BINDTODEVICE_wg(r3, 0x1, 0x19, &(0x7f00000000c0)='wg0\x00', 0x4) socket(0x10, 0x3, 0x0) connect$phonet_pipe(r3, &(0x7f0000000000)={0x23, 0x0, 0x7}, 0x10) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r4, 0xffffffffffffffff, 0x0) 8.148050573s ago: executing program 3 (id=2184): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x14, 0x30, 0x1}, 0x14}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(r3, 0x8946, 0x0) socket$nl_route(0x10, 0x3, 0x0) r4 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) setrlimit(0x7, &(0x7f0000000080)={0x6, 0x400}) ioctl$TIOCGPTPEER(r4, 0x5441, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$ipvs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/sys/net/ipv4/vs/sync_persist_mode\x00', 0x2, 0x0) r5 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x88b81, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='hugetlbfs\x00', 0x0, 0x0) umount2(&(0x7f0000000040)='./file0\x00', 0xb) ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000100)=0x14) socket(0x2a, 0x2, 0x4) socket$phonet_pipe(0x23, 0x5, 0x2) 8.122735953s ago: executing program 5 (id=2185): r0 = inotify_init1(0x0) r1 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r1, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x41}}, 0x10) listen(r1, 0x0) r2 = socket$tipc(0x1e, 0x5, 0x0) sendmsg$tipc(r2, &(0x7f0000000240)={&(0x7f0000000080)=@name={0x1e, 0x2, 0x0, {{0x41}}}, 0x10, &(0x7f00000001c0)=[{&(0x7f0000000040)}], 0x1}, 0x0) accept4(r1, 0x0, 0x0, 0x800) close_range(r0, 0xffffffffffffffff, 0x0) 8.108918744s ago: executing program 0 (id=2186): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_setup(0x4ee6, &(0x7f0000000180)={0x0, 0xd294, 0x20, 0x3, 0x314}, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x11, 0x2, 0xdaac) tkill(0x0, 0x12) sched_setscheduler(0x0, 0x0, &(0x7f0000000240)=0xe) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(r2, 0x84, 0x5, 0x0, 0x0) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42032, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x1000, 0x0, &(0x7f00008b5000/0x1000)=nil) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002ac0)={0x1a, 0x3, &(0x7f0000000180)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x19, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x2008, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r3 = socket$inet6(0xa, 0x2, 0x0) r4 = syz_open_dev$vbi(&(0x7f00000001c0), 0x1, 0x2) r5 = fcntl$dupfd(r4, 0x0, r4) write$binfmt_script(r5, &(0x7f0000000100), 0xfffffd9d) write$FUSE_INIT(r5, &(0x7f00000003c0)={0x50, 0x0, 0x0, {0x7, 0x29, 0x9, 0xc00020, 0x9, 0x4, 0xffff856e, 0x9, 0x0, 0x0, 0x8, 0x7}}, 0x50) r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000009a80)='/proc/crypto\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x1000000003fffff) 8.108270304s ago: executing program 2 (id=2187): ioperm(0x5, 0xbbc, 0x9) r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000080), 0x800, 0x0) readv(r0, 0x0, 0x0) read$rfkill(r0, &(0x7f0000000000), 0x8) socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = syz_open_dev$vcsa(&(0x7f00000000c0), 0x3, 0x1a1300) lseek(r1, 0x8000, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r2, 0x0, 0x27, &(0x7f0000000180)={@multicast1, @loopback}, 0xc) r3 = socket$netlink(0x10, 0x3, 0x0) fstat(r3, &(0x7f0000000000)) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r5 = getpid() sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[], 0x50) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r6, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1) 7.033867477s ago: executing program 0 (id=2188): openat$vmci(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket$inet_udp(0x2, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xe, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bind$llc(0xffffffffffffffff, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x81, 0x42}, 0x10) r3 = syz_init_net_socket$llc(0x1a, 0x801, 0x0) bind$llc(r3, 0x0, 0x0) r4 = syz_init_net_socket$llc(0x1a, 0x801, 0x0) r5 = openat$uhid(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0) r6 = landlock_create_ruleset(&(0x7f0000000040)={0x0, 0x3}, 0x10, 0x0) landlock_restrict_self(r6, 0x0) write$UHID_CREATE(r5, &(0x7f00000002c0)={0x0, {'syz1\x00', 'syz0\x00', 'syz0\x00', 0x0, 0x0, 0x6, 0x3, 0x103, 0x0, 0xa0}}, 0x120) bind$llc(r4, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x10, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000008002b000000000000000018040000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x18, 0x0, 0x0, 0x0, 0xe, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000003c0)='sched_switch\x00', r7}, 0x10) mbind(&(0x7f00002ad000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x0, 0x0) r8 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="38000000031401002abd7000fedbdf25090002007308000000000000080041007369770014003300626f6e643000"/56], 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x20000000) 6.764589141s ago: executing program 5 (id=2189): syz_genetlink_get_family_id$ipvs(0x0, 0xffffffffffffffff) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() ptrace$ARCH_GET_MAX_TAG_BITS(0x1e, r1, 0x0, 0x4003) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(r1, 0x5, 0x0) syz_init_net_socket$rose(0xb, 0x5, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) mbind(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x4001, &(0x7f0000000000)=0x1, 0x7, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1d00000007"], 0x50) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r4, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r4, &(0x7f0000000000), 0xd) r5 = socket$phonet_pipe(0x23, 0x5, 0x2) bpf$TOKEN_CREATE(0x24, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) setsockopt$PNPIPE_ENCAP(r5, 0x113, 0x1, &(0x7f0000000140)=0x1, 0x4) 6.719240862s ago: executing program 3 (id=2190): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) semget$private(0x0, 0x6, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'bridge0\x00'}) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r4 = socket$pppl2tp(0x18, 0x1, 0x1) r5 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r4, &(0x7f0000000040)=@pppol2tp={0x18, 0x1, {0x0, r5, {0x2, 0x0, @local}, 0x2}}, 0x26) r6 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_SESSION_GET(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYRES16=r6, @ANYBLOB], 0x28}, 0x1, 0x0, 0x0, 0x20040000}, 0x4044000) sendmsg$nl_route(r3, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x0) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)={0x48, 0x2, 0x6, 0x3, 0x0, 0x0, {0x5}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:net\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}]}, 0x48}}, 0x0) r9 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x44, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @empty=0xfffffffe}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @loopback}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000050) 6.594180163s ago: executing program 2 (id=2191): openat$nullb(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socket(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={0x0}}, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x18) r4 = add_key(&(0x7f00000002c0)='keyring\x00', &(0x7f0000000300)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r4, &(0x7f00000000c0)='asymmetric\x00', &(0x7f0000000340)=@chain={'key_or_keyring:', r4}) syz_open_dev$radio(&(0x7f0000000040), 0x2, 0x2) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000600)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(r5, 0xc0a85352, &(0x7f0000000140)={{}, 'port0\x00'}) add_key$user(&(0x7f00000003c0), &(0x7f0000000500), &(0x7f0000000640)="6f326f04fae8f23ee8bad33b10489de5b25ae50b7100159e63c2d6f166910de58905f94f8866ecfa8cb81020b3ffee1128d42d4a476dfc560442c06b5d74a6658fdb63f2da3ee71788700e972053900c31ec6731a4b728dce4172dd543a0f689d7b124cd665b254fff105ff7bb3f72e1c85962c8", 0x74, 0xfffffffffffffffd) 4.086546896s ago: executing program 5 (id=2192): openat$nullb(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socket(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={0x0}}, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x18) r4 = add_key(&(0x7f00000002c0)='keyring\x00', &(0x7f0000000300)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r4, &(0x7f00000000c0)='asymmetric\x00', &(0x7f0000000340)=@chain={'key_or_keyring:', r4}) 4.064991806s ago: executing program 34 (id=2158): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x26) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000080), 0x4) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket$isdn(0x22, 0x3, 0x1) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_EVENTS(r4, 0x84, 0xb, &(0x7f0000000040), &(0x7f0000000080)=0xe) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) socket(0x22, 0x2, 0x24) io_setup(0xeb0, &(0x7f0000000140)=0x0) r6 = socket$xdp(0x2c, 0x3, 0x0) io_submit(r5, 0x1, &(0x7f0000001780)=[&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x5, 0x0, r6, 0x0}]) r7 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018000000000000002800000028000000020000000100000000000001e5ff0000400000000000000001000084080000000000"], 0x0, 0x42, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000980)={0x6, 0x4, 0x8, 0x1, 0x80, 0x1, 0x0, '\x00', 0x0, r7, 0x0, 0x2, 0x0, 0x0, @void, @value, @void, @value}, 0x48) write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000001040)={0xfc, {"a2e3ad09ed0d09f91b5e071887f70e09d038e7ff7fc6e5539b0d670a8b089b3f363063030890e0879b0af8c6e70a9b334a959b669a9b2f0a0af3988f7ef319520100ffe8d178708c523c921b1b5b31070d073b090acd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813491ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c513a9177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df7227dfdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006) 4.038788186s ago: executing program 0 (id=2194): r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301) r1 = socket$packet(0x11, 0x3, 0x300) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x18, 0x10, &(0x7f0000000340)=ANY=[@ANYRES64=r1, @ANYRES16=r0], &(0x7f0000000000)='GPL\x00', 0x8, 0xa2, &(0x7f0000000140)=""/162, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) ioctl$I2C_SMBUS(0xffffffffffffffff, 0x720, &(0x7f0000003080)={0x1, 0x0, 0x6, &(0x7f0000003040)={0x0, "f4e1a230be8f46463fb1a5f1b44f44eaa65e485b747aa95df8c01eaf07677d18bc"}}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000400)={0x0, 0x0}) rseq(&(0x7f00000004c0), 0x20, 0x0, 0x0) r5 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$EBT_SO_GET_INFO(r5, 0x0, 0x80, 0x0, &(0x7f0000000280)) shutdown(r5, 0x1) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) getsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0xa, 0x0, &(0x7f0000000080)) ioctl$sock_SIOCGIFINDEX(r1, 0x89a0, &(0x7f0000000040)={'syzkaller0\x00'}) ioctl$USBDEVFS_CONTROL(r0, 0xc0105500, &(0x7f0000000000)={0x80, 0xa, 0xf, 0xd, 0x0, 0xb021, 0x0}) socket$nl_netfilter(0x10, 0x3, 0xc) r6 = openat$full(0xffffff9c, &(0x7f0000000100), 0x400042, 0x0) sendmsg$nl_generic(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)={0x74, 0x28, 0x800, 0x70bd2b, 0x25dfdbfb, {0x19}, [@generic="e4d341a084718e574a2446307ccf8ef990c08b7248f0856202193683f859983cde31cb903db45562dda59f66c6b0d0f77fe3bc80f5bf9e5120d70e4baa1ac8732db9f50b4f9d037498e1", @typed={0x8, 0xbd, 0x0, 0x0, @uid}, @typed={0xc, 0x128, 0x0, 0x0, @u64=0x8000000000000001}]}, 0x74}, 0x1, 0x0, 0x0, 0x408c4}, 0x880) 3.896989748s ago: executing program 2 (id=2195): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x3) syz_clone(0x0, 0x0, 0xfffffe11, 0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r2 = syz_open_dev$MSR(&(0x7f0000000140), 0x0, 0x0) syz_genetlink_get_family_id$netlbl_calipso(0x0, 0xffffffffffffffff) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = socket$inet6(0xa, 0x80002, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="fc0000001900674c0000000000000000e0000001000000000000000000000000e000000200000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000400000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000044000500000000000000000000000000716f000000000000"], 0xfc}}, 0x0) connect$inet6(r3, &(0x7f0000000000)={0xa, 0x4e27, 0xffffffff, @mcast2, 0x5}, 0x1c) sendmmsg$inet6(r3, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00) 3.874554549s ago: executing program 3 (id=2196): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3) syz_clone(0x0, 0x0, 0xfffffe11, 0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) read$msr(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x80002, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="fc0000001900674c0000000000000000e0000001000000000000000000000000e000000200"/48, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000400000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000044000500000000000000000000000000716f00000000000033"], 0xfc}}, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e27, 0xffffffff, @mcast2, 0x5}, 0x1c) sendmmsg$inet6(r1, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00) 2.623235025s ago: executing program 0 (id=2197): socket$inet_smc(0x2b, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket$isdn_base(0x22, 0x3, 0x0) r3 = socket$phonet_pipe(0x23, 0x5, 0x2) setsockopt$SO_BINDTODEVICE_wg(r3, 0x1, 0x19, &(0x7f00000000c0)='wg0\x00', 0x4) socket(0x10, 0x3, 0x0) connect$phonet_pipe(r3, &(0x7f0000000000)={0x23, 0x0, 0x7}, 0x10) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r4, 0xffffffffffffffff, 0x0) 2.622073375s ago: executing program 2 (id=2198): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_io_uring_setup(0x4ee6, &(0x7f0000000180)={0x0, 0xd294, 0x20, 0x3, 0x314}, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket(0x11, 0x2, 0xdaac) tkill(0x0, 0x12) sched_setscheduler(0x0, 0x0, &(0x7f0000000240)=0xe) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(r2, 0x84, 0x5, 0x0, 0x0) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42032, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x1000, 0x0, &(0x7f00008b5000/0x1000)=nil) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002ac0)={0x1a, 0x3, &(0x7f0000000180)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x19, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x2008, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r3 = socket$inet6(0xa, 0x2, 0x0) r4 = syz_open_dev$vbi(&(0x7f00000001c0), 0x1, 0x2) r5 = fcntl$dupfd(r4, 0x0, r4) write$binfmt_script(r5, &(0x7f0000000100), 0xfffffd9d) write$FUSE_INIT(r5, &(0x7f00000003c0)={0x50, 0x0, 0x0, {0x7, 0x29, 0x9, 0xc00020, 0x9, 0x4, 0xffff856e, 0x9, 0x0, 0x0, 0x8, 0x7}}, 0x50) r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000009a80)='/proc/crypto\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0x1000000003fffff) 2.575650446s ago: executing program 5 (id=2199): syz_usb_connect(0x2, 0x35, &(0x7f0000000900)=ANY=[@ANYBLOB="12010002faad9508d0532415c3b30102030109022700010303200c090474080108066203"], &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0}) r0 = socket$netlink(0x10, 0x3, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) mount$nfs(0x0, 0x0, &(0x7f0000000680), 0x0, 0x0) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000180)=0x7fd, 0x4) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r0) r4 = socket$pppl2tp(0x18, 0x1, 0x1) r5 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r4, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r5, {0x2, 0x2, @multicast2}, 0x2, 0x0, 0x4}}, 0x2e) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000d00)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYRES32=r7, @ANYBLOB], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r8 = syz_genetlink_get_family_id$l2tp(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$L2TP_CMD_SESSION_GET(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000300)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="0100000000000000000006000000140008"], 0x28}}, 0x8000) 2.474332297s ago: executing program 3 (id=2200): openat$urandom(0xffffff9c, &(0x7f0000000040), 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x46, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) ptrace$getsig(0x4202, r0, 0x6, &(0x7f0000000400)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xb, 0x1f, 0x2, 0xbf22, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000300), &(0x7f0000000400), 0x401, r3, 0x0, 0xa002a0}, 0x38) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000200), &(0x7f0000001540), 0xfffffffe, r3, 0x0, 0x1500}, 0x38) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) symlink(&(0x7f0000000200)='./file0\x00', 0x0) symlink(&(0x7f0000004500)='./file1/file0\x00', &(0x7f0000004540)='./file0\x00') r5 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r6, r7, &(0x7f0000000300)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, &(0x7f0000000480)='./file0\x00', 0x0, 0x80}) io_uring_enter(r5, 0x3516, 0x0, 0x0, 0x0, 0xfffffdcf) sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x44, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:net,net\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}]}, 0x44}}, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, 0x0) socket$packet(0x11, 0x2, 0x300) 1.424551131s ago: executing program 0 (id=2201): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r3, 0x0, 0x80, &(0x7f0000000040)=@nat={'nat\x00', 0x19, 0x0, 0x90, [0x400000000200, 0x0, 0x0, 0x400000000230, 0x400000000260], 0x0, 0x0, &(0x7f0000000200)=[{0x0, '\x00', 0x0, 0xffffffffffffffff}, {0x0, '\x00', 0x0, 0xffffffffffffffff}, {0x0, '\x00', 0x0, 0xffffffffffffffff}]}, 0x108) listen(0xffffffffffffffff, 0x2) r4 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f00000000c0), 0xe0000, 0x0) ioctl$FUSE_DEV_IOC_BACKING_OPEN(r4, 0x4010e501, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000180)=@ipv4_deladdr={0x17, 0x15, 0x1}, 0x18}}, 0x0) r6 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$inet6_int(r6, 0x29, 0x1a, 0x0, 0x0) syz_open_dev$usbfs(0x0, 0x70, 0x101301) ioctl$sock_bt_hidp_HIDPGETCONNINFO(0xffffffffffffffff, 0x800448d3, &(0x7f0000000640)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x1, 0x2, 0xff00, 0x7, 0xffff, "23be843482b28934afdb71230fbda328a0542ba23f7bffff5879a163123ecf5964b60448e1dc271a08b2597ac0f4803aec67c1a72259b1f19951a383831b9e4230650c6a9e1704cb46c7c3040d9cc6bbe4f866b65625d36568eee84306ec9c2cf1b32adf06ac14d870d7155ff246c274c522c4440ea7a67baab8c59020bff015"}) r7 = syz_open_procfs(0x0, &(0x7f0000002180)='net/mcfilter\x00') preadv(r7, &(0x7f0000000080)=[{0x0}], 0x1, 0x2f, 0x0) r8 = socket$tipc(0x1e, 0x5, 0x0) sendmsg$tipc(r8, &(0x7f0000000540)={&(0x7f00000002c0)=@id={0x1e, 0x3, 0x1, {0x4e24}}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000300)="e0f180", 0x3}, {0x0}], 0x2, 0x0, 0x0, 0x4800}, 0x1) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB, @ANYRES32=0x0], 0x2c}}, 0x40) 1.227802434s ago: executing program 3 (id=2202): sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='cgroup.events\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000000), 0xfea7) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0xbcb07b29f486204c, 0x10012, r3, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount$9p_fd(0x0, 0x0, &(0x7f0000000180), 0x0, 0x0) 987.441497ms ago: executing program 0 (id=2203): syz_genetlink_get_family_id$ipvs(0x0, 0xffffffffffffffff) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() ptrace$ARCH_GET_MAX_TAG_BITS(0x1e, r1, 0x0, 0x4003) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(r1, 0x5, 0x0) syz_init_net_socket$rose(0xb, 0x5, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) mbind(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x4001, &(0x7f0000000000)=0x1, 0x7, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1d00000007"], 0x50) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r4, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r4, &(0x7f0000000000), 0xd) r5 = socket$phonet_pipe(0x23, 0x5, 0x2) bpf$TOKEN_CREATE(0x24, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) setsockopt$PNPIPE_ENCAP(r5, 0x113, 0x1, &(0x7f0000000140)=0x1, 0x4) 0s ago: executing program 3 (id=2204): openat$nullb(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socket(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={0x0}}, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x18) r4 = add_key(&(0x7f00000002c0)='keyring\x00', &(0x7f0000000300)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r4, &(0x7f00000000c0)='asymmetric\x00', &(0x7f0000000340)=@chain={'key_or_keyring:', r4}) syz_open_dev$radio(&(0x7f0000000040), 0x2, 0x2) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000600)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(r5, 0xc0a85352, &(0x7f0000000140)={{}, 'port0\x00'}) add_key$user(&(0x7f00000003c0), &(0x7f0000000500), &(0x7f0000000640)="6f326f04fae8f23ee8bad33b10489de5b25ae50b7100159e63c2d6f166910de58905f94f8866ecfa8cb81020b3ffee1128d42d4a476dfc560442c06b5d74a6658fdb63f2da3ee71788700e972053900c31ec6731a4b728dce4172dd543a0f689d7b124cd665b254fff105ff7bb3f72e1c85962c8", 0x74, 0xfffffffffffffffd) kernel console output (not intermixed with test programs): GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 101.409956][ T4158] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 102.369719][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 102.378064][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 102.700748][ T4643] loop2: detected capacity change from 0 to 40427 [ 102.715970][ T4212] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 102.970354][ T4643] ======================================================= [ 102.970354][ T4643] WARNING: The mand mount option has been deprecated and [ 102.970354][ T4643] and is ignored by this kernel. Remove the mand [ 102.970354][ T4643] option from the mount to silence this warning. [ 102.970354][ T4643] ======================================================= [ 103.420104][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 103.428431][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 103.732450][ T7] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 103.941823][ T7] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 104.042136][ T4643] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 104.050352][ T4643] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 104.187715][ T4666] loop1: detected capacity change from 0 to 512 [ 104.203733][ T4643] F2FS-fs (loop2): invalid crc value [ 104.584944][ T4643] F2FS-fs (loop2): Found nat_bits in checkpoint [ 104.813771][ T4666] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 104.835827][ T4675] loop4: detected capacity change from 0 to 512 [ 104.895874][ T4666] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 104.931391][ T4643] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 104.939915][ T4643] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 105.007106][ T4666] EXT4-fs (loop1): 1 truncate cleaned up [ 105.018889][ T4666] EXT4-fs (loop1): mounted filesystem without journal. Opts: user_xattr,resuid=0x000000000000ee01,min_batch_time=0x000000000004c3b8,inode_readahead_blks=0x0000000002000000,data=journal,i_version,,errors=continue. Quota mode: none. [ 105.433052][ T4643] attempt to access beyond end of device [ 105.433052][ T4643] loop2: rw=2049, want=81920, limit=40427 [ 105.474397][ T4643] attempt to access beyond end of device [ 105.474397][ T4643] loop2: rw=2049, want=53248, limit=40427 [ 105.626590][ T4643] attempt to access beyond end of device [ 105.626590][ T4643] loop2: rw=2049, want=77824, limit=40427 [ 105.691000][ T4643] attempt to access beyond end of device [ 105.691000][ T4643] loop2: rw=2049, want=85872, limit=40427 [ 105.925302][ T4642] attempt to access beyond end of device [ 105.925302][ T4642] loop2: rw=524288, want=78080, limit=40427 [ 105.946352][ T4158] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 105.987068][ T4642] attempt to access beyond end of device [ 105.987068][ T4642] loop2: rw=0, want=77832, limit=40427 [ 106.001742][ T4642] attempt to access beyond end of device [ 106.001742][ T4642] loop2: rw=0, want=77832, limit=40427 [ 106.016225][ T4642] attempt to access beyond end of device [ 106.016225][ T4642] loop2: rw=0, want=77832, limit=40427 [ 106.042778][ T4642] attempt to access beyond end of device [ 106.042778][ T4642] loop2: rw=0, want=77832, limit=40427 [ 106.057751][ T4694] loop0: detected capacity change from 0 to 1024 [ 106.065878][ T4642] attempt to access beyond end of device [ 106.065878][ T4642] loop2: rw=0, want=77832, limit=40427 [ 106.232067][ T4675] EXT4-fs error (device loop4): ext4_do_update_inode:5174: inode #16: comm syz.4.104: corrupted inode contents [ 106.280588][ T4675] EXT4-fs error (device loop4): ext4_dirty_inode:6010: inode #16: comm syz.4.104: mark_inode_dirty error [ 106.323996][ T4694] EXT4-fs (loop0): mounted filesystem without journal. Opts: nombcache,abort,dioread_lock,norecovery,discard,lazytime,noload,usrquota,noauto_da_alloc,,errors=continue. Quota mode: writeback. [ 106.351139][ T4675] EXT4-fs error (device loop4): ext4_do_update_inode:5174: inode #16: comm syz.4.104: corrupted inode contents [ 106.380509][ T4158] usb 4-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 106.409175][ T4158] usb 4-1: New USB device found, idVendor=0582, idProduct=0000, bcdDevice= 0.00 [ 106.456431][ T4158] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 106.465073][ T4675] EXT4-fs error (device loop4): __ext4_ext_dirty:183: inode #16: comm syz.4.104: mark_inode_dirty error [ 106.512497][ T4675] EXT4-fs error (device loop4): ext4_do_update_inode:5174: inode #16: comm syz.4.104: corrupted inode contents [ 106.529705][ C1] net_ratelimit: 7 callbacks suppressed [ 106.529725][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 106.543639][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 106.613605][ T4675] EXT4-fs error (device loop4) in ext4_orphan_del:305: Corrupt filesystem [ 106.696020][ T4675] EXT4-fs error (device loop4): ext4_do_update_inode:5174: inode #16: comm syz.4.104: corrupted inode contents [ 106.722568][ T4158] snd-usb-audio: probe of 4-1:27.0 failed with error -22 [ 106.743665][ T4675] EXT4-fs error (device loop4): ext4_truncate:4272: inode #16: comm syz.4.104: mark_inode_dirty error [ 106.776024][ T4613] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 106.777311][ T4510] udevd[4510]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 106.829609][ T4675] EXT4-fs error (device loop4) in ext4_process_orphan:347: Corrupt filesystem [ 106.866821][ T4212] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 106.895019][ T4675] EXT4-fs (loop4): 1 truncate cleaned up [ 106.916441][ T4675] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 106.959005][ T4675] ext4 filesystem being mounted at /19/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 107.148263][ T4700] netlink: 4 bytes leftover after parsing attributes in process `syz.0.111'. [ 107.169711][ T4212] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 107.371175][ T4675] EXT4-fs error (device loop4): ext4_get_group_desc:277: comm syz.4.104: block_group >= groups_count - block_group = 1048576, groups_count = 1 [ 107.467516][ T4675] EXT4-fs error (device loop4): __ext4_get_inode_loc_noinmem:4438: inode #33554445: comm syz.4.104: unable to read itable block [ 107.570026][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 107.578299][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 107.768663][ T4616] usb 4-1: USB disconnect, device number 2 [ 108.538897][ T4158] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 108.609802][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 108.618101][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 108.812232][ T4710] lo speed is unknown, defaulting to 1000 [ 109.957156][ T4728] loop0: detected capacity change from 0 to 512 [ 110.161910][ T4732] loop3: detected capacity change from 0 to 256 [ 110.212377][ T4710] chnl_net:caif_netlink_parms(): no params data found [ 110.313709][ T4728] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz.0.119: bg 0: block 248: padding at end of block bitmap is not set [ 110.353591][ T4710] bridge0: port 1(bridge_slave_0) entered blocking state [ 110.369582][ T4710] bridge0: port 1(bridge_slave_0) entered disabled state [ 110.392327][ T4728] Quota error (device loop0): write_blk: dquota write failed [ 110.408757][ T4728] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 110.420396][ T4710] device bridge_slave_0 entered promiscuous mode [ 110.468083][ T4728] EXT4-fs error (device loop0): ext4_acquire_dquot:6204: comm syz.0.119: Failed to acquire dquot type 1 [ 110.473542][ T4710] bridge0: port 2(bridge_slave_1) entered blocking state [ 110.494765][ T4710] bridge0: port 2(bridge_slave_1) entered disabled state [ 110.503372][ T4710] device bridge_slave_1 entered promiscuous mode [ 110.552673][ T4728] EXT4-fs (loop0): 1 truncate cleaned up [ 110.558677][ T4728] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 110.609705][ T4728] ext4 filesystem being mounted at /28/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 110.634101][ T4710] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 110.693380][ T4710] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 110.709642][ T4158] Bluetooth: hci0: command 0x0409 tx timeout [ 110.733207][ T4728] tipc: Failed to obtain node identity [ 110.738735][ T4728] tipc: Enabling of bearer rejected, failed to enable media [ 110.840347][ T4710] team0: Port device team_slave_0 added [ 110.883882][ T4710] team0: Port device team_slave_1 added [ 110.914432][ T4728] syz.0.119 (4728) used greatest stack depth: 20832 bytes left [ 110.948882][ T449] Quota error (device loop0): remove_tree: Getting block too big (0 >= 6) [ 110.973645][ T449] EXT4-fs error (device loop0): ext4_release_dquot:6227: comm kworker/u4:3: Failed to release dquot type 1 [ 110.995686][ T4742] lo speed is unknown, defaulting to 1000 [ 111.237239][ T4710] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 111.249818][ T4710] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 111.379626][ T4710] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 111.477914][ T4747] lo speed is unknown, defaulting to 1000 [ 111.481592][ T4755] loop0: detected capacity change from 0 to 512 [ 111.484342][ T4710] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 111.529588][ T4710] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 111.637281][ T4710] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 111.649171][ T4755] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 111.730307][ C1] net_ratelimit: 7 callbacks suppressed [ 111.730324][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 111.744194][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 111.773768][ T4755] EXT4-fs (loop0): 1 truncate cleaned up [ 111.781783][ T4755] EXT4-fs (loop0): mounted filesystem without journal. Opts: quota,,errors=continue. Quota mode: writeback. [ 111.820608][ T4213] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 111.963037][ T4710] device hsr_slave_0 entered promiscuous mode [ 112.072682][ T4710] device hsr_slave_1 entered promiscuous mode [ 112.123047][ T4710] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 112.157962][ T4710] Cannot create hsr debugfs directory [ 112.769692][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 112.777937][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 112.793735][ T4616] Bluetooth: hci0: command 0x041b tx timeout [ 112.857470][ T4158] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 112.864099][ T4616] Bluetooth: hci4: command 0x0409 tx timeout [ 112.964010][ T4742] chnl_net:caif_netlink_parms(): no params data found [ 113.251624][ T4767] device syz_tun entered promiscuous mode [ 113.257395][ T4618] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 113.317816][ T4767] device macsec1 entered promiscuous mode [ 113.359100][ T4767] device syz_tun left promiscuous mode [ 113.537291][ T4771] netlink: 'syz.3.131': attribute type 10 has an invalid length. [ 113.621808][ T4771] 8021q: adding VLAN 0 to HW filter on device team0 [ 113.677759][ T4771] bond0: (slave team0): Enslaving as an active interface with an up link [ 113.733908][ T4742] bridge0: port 1(bridge_slave_0) entered blocking state [ 113.741695][ T4742] bridge0: port 1(bridge_slave_0) entered disabled state [ 113.782613][ T4742] device bridge_slave_0 entered promiscuous mode [ 113.818438][ T4766] delete_channel: no stack [ 113.823862][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 113.823960][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 113.832966][ T4742] bridge0: port 2(bridge_slave_1) entered blocking state [ 113.847759][ T4742] bridge0: port 2(bridge_slave_1) entered disabled state [ 113.886851][ T4742] device bridge_slave_1 entered promiscuous mode [ 113.907501][ T4158] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 113.932265][ T4710] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 114.752479][ T4710] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 114.891699][ T4616] Bluetooth: hci0: command 0x040f tx timeout [ 114.933918][ T4742] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 114.969330][ T4618] Bluetooth: hci4: command 0x041b tx timeout [ 115.015677][ T4710] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 115.050352][ T4742] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 115.079984][ T4710] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 115.172162][ T4742] team0: Port device team_slave_0 added [ 115.226027][ T4742] team0: Port device team_slave_1 added [ 115.293196][ T4261] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 115.295495][ T4618] usb 3-1: new full-speed USB device number 2 using dummy_hcd [ 115.405666][ T4261] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 115.431843][ T4742] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 115.438826][ T4742] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 115.467561][ T4742] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 115.491851][ T4742] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 115.500301][ T4742] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 115.526985][ T4742] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 115.560490][ T4261] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 115.624196][ T4710] 8021q: adding VLAN 0 to HW filter on device bond0 [ 115.665478][ T4261] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 115.693697][ T4742] device hsr_slave_0 entered promiscuous mode [ 115.706769][ T4742] device hsr_slave_1 entered promiscuous mode [ 115.716820][ T4742] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 115.719463][ T4618] usb 3-1: config 7 has an invalid interface number: 101 but max is 0 [ 115.725186][ T4742] Cannot create hsr debugfs directory [ 115.742080][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 115.745052][ T4618] usb 3-1: config 7 has no interface number 0 [ 115.751306][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 115.767918][ T4710] 8021q: adding VLAN 0 to HW filter on device team0 [ 115.904694][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 115.945230][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 115.954638][ T4618] usb 3-1: New USB device found, idVendor=0fd9, idProduct=002c, bcdDevice= 6.6b [ 115.967371][ T144] bridge0: port 1(bridge_slave_0) entered blocking state [ 115.967451][ T144] bridge0: port 1(bridge_slave_0) entered forwarding state [ 115.968044][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 115.968771][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 115.969335][ T144] bridge0: port 2(bridge_slave_1) entered blocking state [ 115.969373][ T144] bridge0: port 2(bridge_slave_1) entered forwarding state [ 115.977357][ T4618] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 115.977386][ T4618] usb 3-1: Product: syz [ 115.977402][ T4618] usb 3-1: Manufacturer: syz [ 115.977418][ T4618] usb 3-1: SerialNumber: syz [ 116.348158][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 116.431845][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 116.660932][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 116.706494][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 116.803005][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 116.897476][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 116.929816][ C1] net_ratelimit: 6 callbacks suppressed [ 116.929834][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 116.943641][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 116.983623][ T7] Bluetooth: hci0: command 0x0419 tx timeout [ 116.990533][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 117.015743][ T7] Bluetooth: hci4: command 0x040f tx timeout [ 117.210126][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 117.223484][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 117.258225][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 118.181567][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 118.189742][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 118.213086][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 118.270844][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 118.303541][ T4710] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 118.335315][ T4618] as10x_usb: device has been detected [ 118.393479][ T4618] dvbdev: DVB: registering new adapter (Elgato EyeTV DTT Deluxe) [ 118.608019][ T4261] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 119.019475][ T4805] lo speed is unknown, defaulting to 1000 [ 119.260263][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 119.268540][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 119.380192][ T4618] usb 3-1: DVB: registering adapter 1 frontend 0 (Elgato EyeTV DTT Deluxe)... [ 119.414336][ T7] Bluetooth: hci4: command 0x0419 tx timeout [ 119.491666][ T4618] as10x_usb: error during firmware upload part1 [ 119.498389][ T4618] Registered device Elgato EyeTV DTT Deluxe [ 119.588009][ T4261] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 119.661055][ T4618] usb 3-1: USB disconnect, device number 2 [ 119.867137][ T4618] Unregistered device Elgato EyeTV DTT Deluxe [ 119.996144][ T4618] as10x_usb: device has been disconnected [ 120.289971][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 120.298194][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 120.495736][ T4710] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 120.546472][ T4721] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 120.554107][ T4721] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 120.750506][ T4261] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 121.421183][ T4847] loop2: detected capacity change from 0 to 16 [ 122.494590][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 122.502972][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 122.523420][ T4845] xt_hashlimit: overflow, rate too high: 0 [ 123.570203][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 123.578517][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 124.694415][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 124.702749][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 125.417078][ T4721] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 125.427275][ T4721] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 125.618447][ T4261] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 125.785185][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 125.793456][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 126.833200][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 126.850819][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 126.859870][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 126.868077][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 126.909263][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 126.951479][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 126.987973][ T4710] device veth0_vlan entered promiscuous mode [ 127.899908][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 127.908129][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 127.959338][ T4710] device veth1_vlan entered promiscuous mode [ 128.454239][ T449] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 128.506916][ T449] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 128.625392][ T4710] device veth0_macvtap entered promiscuous mode [ 128.783502][ T4710] device veth1_macvtap entered promiscuous mode [ 128.899676][ T4261] tipc: Disabling bearer [ 128.912040][ T4261] tipc: Disabling bearer [ 128.941185][ T4261] tipc: Left network mode [ 129.026114][ T4742] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 129.102328][ T4742] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 129.508863][ T4710] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 129.627007][ T4710] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 129.842394][ T4710] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 129.873364][ T4710] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 129.919607][ T4710] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 129.931189][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 130.239267][ T4710] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 130.321850][ T4710] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 130.375075][ T4710] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 130.428780][ T4710] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 130.502010][ T4710] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 130.539706][ T4710] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 131.361862][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 131.414514][ T1278] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 131.432785][ T1278] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 131.471121][ T1278] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 131.558173][ T1278] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 131.567434][ T4742] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 131.586937][ T4742] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 131.749572][ T4898] tipc: Started in network mode [ 131.754487][ T4898] tipc: Node identity 7f000001, cluster identity 4711 [ 132.253142][ T4898] tipc: Enabled bearer , priority 10 [ 132.291582][ T4905] tipc: Enabled bearer , priority 0 [ 132.377884][ T4710] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 132.437728][ T4710] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 132.455168][ T4710] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 132.481919][ T4710] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 132.585964][ T4710] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 132.639714][ T4710] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 132.668883][ T4710] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 132.679841][ T4710] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 132.725602][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.731966][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.762299][ T4710] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 132.799382][ T4710] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 133.524090][ T4290] tipc: Node number set to 2130706433 [ 133.606726][ T4710] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 133.710481][ T4721] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 133.760825][ T4721] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 133.808735][ T4710] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 133.839684][ T4710] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 133.858700][ T4710] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 133.879609][ T4710] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 134.788708][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 135.006532][ T4721] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 135.053385][ T4721] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 135.355479][ T4224] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 135.376922][ T4945] device bond_slave_0 entered promiscuous mode [ 135.383632][ T4945] device bond_slave_1 entered promiscuous mode [ 135.389887][ T4945] device team_slave_0 entered promiscuous mode [ 135.396511][ T4945] device team_slave_1 entered promiscuous mode [ 135.409005][ T4945] device vlan2 entered promiscuous mode [ 135.429321][ T4945] device bond0 entered promiscuous mode [ 135.457328][ T26] audit: type=1326 audit(1746119343.395:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4934 comm="syz.2.166" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46c9610969 code=0x7ffc0000 [ 135.479250][ T4945] device team0 entered promiscuous mode [ 136.070029][ T26] audit: type=1326 audit(1746119343.395:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4934 comm="syz.2.166" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46c9610969 code=0x7ffc0000 [ 136.219664][ T4945] device bond0 left promiscuous mode [ 136.225263][ T4945] device team0 left promiscuous mode [ 136.261446][ T4945] device bond_slave_0 left promiscuous mode [ 136.267414][ T4945] device bond_slave_1 left promiscuous mode [ 136.273453][ T4945] device team_slave_0 left promiscuous mode [ 136.279397][ T4945] device team_slave_1 left promiscuous mode [ 136.468468][ T4742] 8021q: adding VLAN 0 to HW filter on device bond0 [ 136.538249][ T4721] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 136.595379][ T4721] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 136.957793][ T4742] 8021q: adding VLAN 0 to HW filter on device team0 [ 137.217099][ T4337] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 137.247762][ T4337] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 137.284731][ T4337] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 138.638218][ T4969] loop0: detected capacity change from 0 to 8 [ 138.800122][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 138.819717][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 138.830529][ T154] bridge0: port 1(bridge_slave_0) entered blocking state [ 138.837638][ T154] bridge0: port 1(bridge_slave_0) entered forwarding state [ 138.848731][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 138.921446][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 138.936984][ T154] bridge0: port 2(bridge_slave_1) entered blocking state [ 138.944186][ T154] bridge0: port 2(bridge_slave_1) entered forwarding state [ 140.162195][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 140.196002][ T4973] tipc: Started in network mode [ 140.211439][ T4973] tipc: Node identity 7f000001, cluster identity 4711 [ 140.218269][ T4973] tipc: Enabling of bearer rejected, failed to enable media [ 140.420056][ T4986] loop0: detected capacity change from 0 to 512 [ 140.436627][ T4212] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 140.498405][ T4980] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 140.524898][ T4986] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem [ 140.541119][ T4980] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 140.638285][ T4978] tipc: Enabled bearer , priority 0 [ 140.827295][ T4986] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8002c119, mo2=0002] [ 140.860494][ T4212] usb 4-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 140.898639][ T4212] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 140.984200][ T4986] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2219: inode #15: comm syz.0.176: corrupted in-inode xattr [ 141.170231][ T4212] usb 4-1: config 0 descriptor?? [ 141.222806][ T4986] EXT4-fs error (device loop0): ext4_orphan_get:1406: comm syz.0.176: couldn't read orphan inode 15 (err -117) [ 141.288836][ T4986] EXT4-fs (loop0): mounted filesystem without journal. Opts: jqfmt=vfsold,max_batch_time=0x0000000000000001,debug,noload,nombcache,noblock_validity,init_itable=0x0000000000000601,inode_readahead_blks=0x0000000000008000,,errors=continue. Quota mode: none. [ 141.371765][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 141.466707][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 141.521915][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 141.612243][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 141.638999][ T4742] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 141.651112][ T1111] tipc: Node number set to 2130706433 [ 143.036194][ T4742] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 145.218353][ T5010] loop2: detected capacity change from 0 to 64 [ 145.383087][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 145.461832][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 145.645312][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 145.760506][ T4212] usb 4-1: Cannot set autoneg [ 145.768841][ T4212] MOSCHIP usb-ethernet driver: probe of 4-1:0.0 failed with error -71 [ 145.789299][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 145.895456][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 145.958450][ T4212] usb 4-1: USB disconnect, device number 3 [ 146.033156][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 146.212098][ T5013] process 'syz.5.184' launched './file1' with NULL argv: empty string added [ 149.540988][ T26] audit: type=1326 audit(1746119357.485:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5032 comm="syz.0.188" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3d1258969 code=0x7ffc0000 [ 149.672762][ T26] audit: type=1326 audit(1746119357.505:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5032 comm="syz.0.188" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7fb3d1258969 code=0x7ffc0000 [ 149.704262][ T5042] cgroup: Unknown subsys name 'obj_role' [ 149.803419][ T4721] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 149.818681][ T4721] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 149.925182][ T4742] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 149.979744][ T21] usb 4-1: new full-speed USB device number 4 using dummy_hcd [ 150.017263][ T26] audit: type=1326 audit(1746119357.505:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5032 comm="syz.0.188" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3d1258969 code=0x7ffc0000 [ 150.390441][ T21] usb 4-1: not running at top speed; connect to a high speed hub [ 150.563925][ T26] audit: type=1326 audit(1746119357.505:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5032 comm="syz.0.188" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3d1258969 code=0x7ffc0000 [ 150.586585][ T21] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 150.659739][ T21] usb 4-1: config 1 has no interface number 1 [ 150.714543][ T5053] loop0: detected capacity change from 0 to 512 [ 150.736258][ T26] audit: type=1326 audit(1746119357.505:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5032 comm="syz.0.188" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7fb3d1258969 code=0x7ffc0000 [ 150.792248][ T5057] netlink: 60 bytes leftover after parsing attributes in process `syz.2.192'. [ 150.837426][ T5057] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 150.863832][ T26] audit: type=1326 audit(1746119357.505:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5032 comm="syz.0.188" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3d1258969 code=0x7ffc0000 [ 150.918765][ T26] audit: type=1326 audit(1746119357.505:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5032 comm="syz.0.188" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3d1258969 code=0x7ffc0000 [ 150.920165][ T21] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 151.024574][ T21] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 151.032592][ T26] audit: type=1326 audit(1746119357.545:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5032 comm="syz.0.188" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb3d1258969 code=0x7ffc0000 [ 151.032864][ T26] audit: type=1326 audit(1746119357.555:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5032 comm="syz.0.188" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3d1258969 code=0x7ffc0000 [ 151.032903][ T26] audit: type=1326 audit(1746119357.575:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5032 comm="syz.0.188" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb3d1258969 code=0x7ffc0000 [ 151.254514][ T4616] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 151.282684][ T5053] EXT4-fs (loop0): Ignoring removed nobh option [ 151.355800][ T21] usb 4-1: Product: syz [ 151.360543][ T21] usb 4-1: Manufacturer: syz [ 151.365164][ T21] usb 4-1: SerialNumber: syz [ 152.308237][ T5053] EXT4-fs (loop0): mounted filesystem without journal. Opts: barrier=0x0000000000000004,bsddf,nobh,init_itable=0x0000000000000003,data_err=ignore,,errors=continue. Quota mode: none. [ 152.569074][ T4616] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 152.597426][ T4616] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 5 [ 152.699684][ T4616] usb 3-1: New USB device found, idVendor=05ac, idProduct=0232, bcdDevice= 0.00 [ 152.875591][ T21] usb 4-1: 2:1 : UAC_AS_GENERAL descriptor not found [ 153.569100][ T4721] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 153.598674][ T4721] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 153.619384][ T4616] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 153.680230][ T4721] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 153.688601][ T21] usb 4-1: USB disconnect, device number 4 [ 153.721932][ T4616] usb 3-1: config 0 descriptor?? [ 153.753798][ T4721] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 153.787796][ T4616] usb 3-1: can't set config #0, error -71 [ 153.822975][ T4742] device veth0_vlan entered promiscuous mode [ 153.855789][ T4616] usb 3-1: USB disconnect, device number 3 [ 153.867935][ T4721] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 153.876011][ T4721] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 153.962172][ T4510] udevd[4510]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 153.979341][ T4742] device veth1_vlan entered promiscuous mode [ 155.514055][ T1278] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 155.584769][ T5088] loop5: detected capacity change from 0 to 2048 [ 155.595854][ T1278] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 155.700212][ T1278] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 155.700466][ T5092] loop3: detected capacity change from 0 to 512 [ 155.710173][ T1278] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 155.751690][ T5102] loop0: detected capacity change from 0 to 512 [ 155.782141][ T4742] device veth0_macvtap entered promiscuous mode [ 155.832423][ T4742] device veth1_macvtap entered promiscuous mode [ 155.839419][ T5102] EXT4-fs (loop0): Ignoring removed oldalloc option [ 155.952813][ T4742] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 155.989256][ T5092] EXT4-fs error (device loop3): ext4_quota_enable:6391: comm syz.3.199: Bad quota inum: 1, type: 2 [ 156.053789][ T4742] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 156.074962][ T4742] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 156.087332][ T5102] EXT4-fs error (device loop0): ext4_xattr_inode_iget:400: comm syz.0.200: Parent and EA inode have the same ino 15 [ 156.098094][ T4742] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 156.113646][ T5092] EXT4-fs warning (device loop3): ext4_enable_quotas:6439: Failed to enable quota tracking (type=2, err=-117, ino=1). Please run e2fsck to fix. [ 156.163490][ T5092] EXT4-fs (loop3): mount failed [ 156.237444][ T5088] EXT4-fs (loop5): mounted filesystem without journal. Opts: dioread_nolock,minixdf,nolazytime,bsddf,,errors=continue. Quota mode: none. [ 156.310891][ T5102] EXT4-fs (loop0): Remounting filesystem read-only [ 156.334778][ T5102] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2816: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 156.361638][ T4742] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 156.423134][ T5088] ext4 filesystem being mounted at /8/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 156.503791][ T4742] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 156.526136][ T5102] EXT4-fs error (device loop0): ext4_xattr_inode_iget:400: comm syz.0.200: Parent and EA inode have the same ino 15 [ 156.671672][ T4742] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 156.682330][ T4742] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 156.699581][ T4742] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 156.711053][ T4742] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 156.797775][ T4742] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 156.835825][ T4742] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 156.847930][ T4742] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 156.858642][ T4742] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 156.869570][ T5102] EXT4-fs (loop0): Remounting filesystem read-only [ 156.869631][ T5102] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: comm syz.0.200: inode #261888: comm syz.0.200: iget: illegal inode # [ 156.901382][ T5102] EXT4-fs (loop0): Remounting filesystem read-only [ 156.911052][ T5102] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.200: error while reading EA inode 261888 err=-117 [ 156.957356][ T5123] xt_policy: too many policy elements [ 157.054562][ T5102] EXT4-fs (loop0): Remounting filesystem read-only [ 157.066748][ T5102] EXT4-fs (loop0): 1 orphan inode deleted [ 157.081663][ T4742] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 157.131531][ T5102] EXT4-fs (loop0): mounted filesystem without journal. Opts: errors=remount-ro,bsdgroups,debug_want_extra_isize=0x0000000000000040,noauto_da_alloc,max_dir_size_kb=0x0000000000000003,oldalloc,init_itable,. Quota mode: none. [ 157.220995][ T4742] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 157.333294][ T4742] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 157.488538][ T4742] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 157.581397][ T4742] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 157.591728][ T4742] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 157.602342][ T4742] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 157.612857][ T4742] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 157.623916][ T4742] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 157.634353][ T4742] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 157.644999][ T4742] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 157.660113][ T4742] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 157.788024][ T5126] loop2: detected capacity change from 0 to 512 [ 157.852337][ T5024] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 157.874487][ T5024] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 157.898157][ T5126] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 157.933014][ T5024] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 158.670707][ T5024] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 158.707243][ T5024] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 158.743426][ T5126] EXT4-fs (loop2): 1 truncate cleaned up [ 158.751478][ T5126] EXT4-fs (loop2): mounted filesystem without journal. Opts: init_itable=0x0000000000000000,jqfmt=vfsold,debug_want_extra_isize=0x000000000000006a,user_xattr,errors=remount-ro,quota,. Quota mode: writeback. [ 158.779969][ T5024] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 158.867916][ T5088] tipc: Started in network mode [ 158.873258][ T5088] tipc: Node identity ac14140f, cluster identity 4711 [ 158.928636][ T5088] tipc: New replicast peer: 10.1.1.2 [ 158.946027][ T5088] tipc: Enabled bearer , priority 10 [ 158.958034][ T26] kauditd_printk_skb: 16 callbacks suppressed [ 158.958050][ T26] audit: type=1804 audit(1746119366.895:33): pid=5126 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.204" name="/newroot/47/file2/bus" dev="loop2" ino=18 res=1 errno=0 [ 158.977223][ T4742] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 159.037934][ T4742] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 159.039565][ T26] audit: type=1800 audit(1746119366.935:34): pid=5126 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.204" name="bus" dev="loop2" ino=18 res=0 errno=0 [ 159.050861][ T4742] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 159.919888][ T4742] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 160.064793][ T5110] EXT4-fs error (device loop5): ext4_validate_block_bitmap:438: comm ext4lazyinit: bg 0: block 345: padding at end of block bitmap is not set [ 160.066531][ T4216] tipc: Node number set to 2886997007 [ 160.156852][ T5139] netlink: 4 bytes leftover after parsing attributes in process `syz.2.204'. [ 160.231134][ T5139] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 160.238816][ T5139] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 160.294369][ T5139] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 160.350594][ T5139] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 160.728761][ T4305] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 160.745415][ T4305] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 161.633200][ T4721] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 161.690908][ T144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 161.699510][ T144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 161.819255][ T4224] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 165.675451][ T5187] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 165.766141][ T5194] loop6: detected capacity change from 0 to 512 [ 167.710125][ T5218] loop3: detected capacity change from 0 to 2048 [ 168.505981][ T5194] EXT4-fs (loop6): Ignoring removed nobh option [ 168.577222][ T5218] EXT4-fs (loop3): mounted filesystem without journal. Opts: min_batch_time=0x000000000000000d,mb_optimize_scan=0x0000000000000001,noblock_validity,,errors=continue. Quota mode: none. [ 168.600308][ T5194] EXT4-fs (loop6): mounted filesystem without journal. Opts: barrier=0x0000000000000004,bsddf,nobh,init_itable=0x0000000000000003,data_err=ignore,,errors=continue. Quota mode: none. [ 169.900452][ T26] audit: type=1800 audit(1746119377.645:35): pid=5245 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.217" name="file1" dev="loop6" ino=15 res=0 errno=0 [ 170.346919][ T5249] delete_channel: no stack [ 172.865158][ T5284] loop3: detected capacity change from 0 to 1024 [ 173.050680][ T5284] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 173.366745][ T5297] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 173.503867][ T4261] device hsr_slave_0 left promiscuous mode [ 173.620677][ T4261] device hsr_slave_1 left promiscuous mode [ 173.733362][ T4261] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 173.879930][ T4261] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 173.947797][ T4261] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 174.128973][ T4261] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 174.462764][ T4261] device bridge_slave_1 left promiscuous mode [ 174.865710][ T4261] bridge0: port 2(bridge_slave_1) entered disabled state [ 174.971852][ T4261] device bridge_slave_0 left promiscuous mode [ 174.993587][ T4261] bridge0: port 1(bridge_slave_0) entered disabled state [ 175.071046][ T4261] device hsr_slave_0 left promiscuous mode [ 175.121823][ T4261] device hsr_slave_1 left promiscuous mode [ 175.128865][ T4261] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 175.148298][ T4261] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 175.173494][ T4261] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 175.181062][ T4261] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 175.197914][ T4261] device bridge_slave_1 left promiscuous mode [ 175.222085][ T4261] bridge0: port 2(bridge_slave_1) entered disabled state [ 175.265797][ T4261] device bridge_slave_0 left promiscuous mode [ 175.311456][ T4261] bridge0: port 1(bridge_slave_0) entered disabled state [ 175.382969][ T5318] loop5: detected capacity change from 0 to 512 [ 175.398457][ T4261] device veth1_macvtap left promiscuous mode [ 175.436285][ T4261] device veth0_macvtap left promiscuous mode [ 175.469596][ T5318] EXT4-fs (loop5): Ignoring removed nobh option [ 175.471916][ T4261] device veth1_vlan left promiscuous mode [ 175.502740][ T5318] EXT4-fs (loop5): mounted filesystem without journal. Opts: barrier=0x0000000000000004,bsddf,nobh,init_itable=0x0000000000000003,data_err=ignore,,errors=continue. Quota mode: none. [ 175.593731][ T4261] device veth0_vlan left promiscuous mode [ 175.777153][ T4261] device veth1_vlan left promiscuous mode [ 175.849752][ T4261] device veth0_vlan left promiscuous mode [ 177.469636][ T26] audit: type=1800 audit(1746119385.365:36): pid=5325 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.236" name="file1" dev="loop5" ino=15 res=0 errno=0 [ 178.276794][ T5339] x_tables: ip6_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 179.575154][ T4261] team0 (unregistering): Port device team_slave_1 removed [ 179.898192][ T4261] team0 (unregistering): Port device team_slave_0 removed [ 179.995244][ T4261] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 180.111835][ T4261] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 180.433723][ T4261] bond0 (unregistering): Released all slaves [ 180.494156][ T5357] loop2: detected capacity change from 0 to 16 [ 180.653924][ T5357] erofs: (device loop2): mounted with root inode @ nid 36. [ 181.817686][ T4185] erofs: (device loop2): z_erofs_lz4_decompress: failed to decompress -26 in[46, 4050] out[9000] [ 181.852272][ T5357] erofs: (device loop2): z_erofs_lz4_decompress: failed to decompress -26 in[46, 4050] out[8192] [ 181.903286][ T26] audit: type=1800 audit(1746119389.815:37): pid=5357 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.245" name="file2" dev="loop2" ino=89 res=0 errno=0 [ 182.644803][ T4261] team0 (unregistering): Port device team_slave_1 removed [ 182.838657][ T4261] team0 (unregistering): Port device team_slave_0 removed [ 182.914565][ T4261] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 183.578981][ T4261] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 183.884149][ T5371] loop5: detected capacity change from 0 to 256 [ 184.900193][ T4261] bond0 (unregistering): Released all slaves [ 185.101930][ T5375] loop5: detected capacity change from 0 to 64 [ 185.241459][ T5378] input: syz1 as /devices/virtual/input/input5 [ 185.630998][ T5375] hfs: walked past end of dir [ 185.691783][ T23] lo speed is unknown, defaulting to 1000 [ 185.979833][ T1111] Bluetooth: hci2: command 0x0406 tx timeout [ 185.983691][ T4613] Bluetooth: hci1: command 0x0406 tx timeout [ 185.986961][ T1111] Bluetooth: hci3: command 0x0406 tx timeout [ 186.070239][ T5391] netlink: 8 bytes leftover after parsing attributes in process `syz.2.256'. [ 186.445376][ C1] MPTCP: addr_signal error, add_addr=2, echo=1 [ 190.979780][ T5441] loop2: detected capacity change from 0 to 1024 [ 192.571814][ T5449] input: syz1 as /devices/virtual/input/input6 [ 193.267296][ T5441] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 195.723086][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 196.145999][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 204.636410][ T5560] overlayfs: failed to clone upperpath [ 204.889713][ T5565] netlink: 28 bytes leftover after parsing attributes in process `syz.3.294'. [ 206.238377][ T5565] syz.3.294 (5565) used greatest stack depth: 19680 bytes left [ 213.545656][ T5642] netlink: 4 bytes leftover after parsing attributes in process `syz.2.313'. [ 213.577968][ T5641] delete_channel: no stack [ 213.646364][ T5648] netlink: 'syz.5.312': attribute type 4 has an invalid length. [ 216.468857][ T5675] loop3: detected capacity change from 0 to 128 [ 216.711718][ T5675] FAT-fs (loop3): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1) [ 218.162133][ T5693] loop0: detected capacity change from 0 to 1024 [ 219.814353][ T5703] loop5: detected capacity change from 0 to 2048 [ 227.403889][ T5747] syz.3.335 uses obsolete (PF_INET,SOCK_PACKET) [ 230.812783][ T5760] nbd2: detected capacity change from 0 to 8589934592 [ 230.813126][ T4177] block nbd2: Receive control failed (result -107) [ 230.861133][ T150] block nbd2: Dead connection, failed to find a fallback [ 230.868716][ T150] block nbd2: shutting down sockets [ 230.875759][ T150] blk_update_request: I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 230.887320][ T150] Buffer I/O error on dev nbd2, logical block 0, async page read [ 230.902456][ T150] blk_update_request: I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 230.913310][ T150] Buffer I/O error on dev nbd2, logical block 0, async page read [ 230.932035][ T150] blk_update_request: I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 230.943032][ T150] Buffer I/O error on dev nbd2, logical block 0, async page read [ 230.952357][ T150] blk_update_request: I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 230.963221][ T150] Buffer I/O error on dev nbd2, logical block 0, async page read [ 230.971274][ T150] blk_update_request: I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 230.982141][ T150] Buffer I/O error on dev nbd2, logical block 0, async page read [ 230.990219][ T150] blk_update_request: I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 231.001864][ T150] Buffer I/O error on dev nbd2, logical block 0, async page read [ 231.010529][ T150] blk_update_request: I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 231.021392][ T150] Buffer I/O error on dev nbd2, logical block 0, async page read [ 231.029327][ T150] blk_update_request: I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 231.040196][ T150] Buffer I/O error on dev nbd2, logical block 0, async page read [ 231.047993][ T4512] ldm_validate_partition_table(): Disk read failed. [ 231.060872][ T150] blk_update_request: I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 231.071844][ T150] Buffer I/O error on dev nbd2, logical block 0, async page read [ 231.080742][ T150] blk_update_request: I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 231.091591][ T150] Buffer I/O error on dev nbd2, logical block 0, async page read [ 231.099738][ T4512] Dev nbd2: unable to read RDB block 0 [ 231.107305][ T4512] nbd2: unable to read partition table [ 231.129584][ T4512] ldm_validate_partition_table(): Disk read failed. [ 231.154191][ T5772] overlayfs: failed to clone upperpath [ 231.170047][ T4512] Dev nbd2: unable to read RDB block 0 [ 231.239688][ T4512] nbd2: unable to read partition table [ 231.257221][ T26] audit: type=1326 audit(1746119439.195:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5775 comm="syz.3.341" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65e77c0969 code=0x7ffc0000 [ 231.355769][ T4510] ldm_validate_partition_table(): Disk read failed. [ 231.392705][ T4510] Dev nbd2: unable to read RDB block 0 [ 232.320364][ T4510] nbd2: unable to read partition table [ 232.459581][ T26] audit: type=1326 audit(1746119439.305:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5775 comm="syz.3.341" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7f65e77c0969 code=0x7ffc0000 [ 232.731962][ T4510] ldm_validate_partition_table(): Disk read failed. [ 232.769061][ T4510] Dev nbd2: unable to read RDB block 0 [ 232.829518][ T26] audit: type=1326 audit(1746119439.305:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5775 comm="syz.3.341" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65e77c0969 code=0x7ffc0000 [ 232.853733][ T4616] Bluetooth: hci0: command 0x0406 tx timeout [ 232.916791][ T4510] nbd2: unable to read partition table [ 233.121460][ T5807] x_tables: ip6_tables: NETMAP.0 target: invalid size 40 (kernel) != (user) 0 [ 234.104769][ T5808] ODEBUG: Out of memory. ODEBUG disabled [ 234.704960][ T26] audit: type=1326 audit(1746119439.305:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5775 comm="syz.3.341" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65e77c0969 code=0x7ffc0000 [ 234.884779][ T26] audit: type=1326 audit(1746119439.315:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5775 comm="syz.3.341" exe="/root/syz-executor" sig=0 arch=c000003e syscall=5 compat=0 ip=0x7f65e77c0969 code=0x7ffc0000 [ 234.911244][ T5808] syz.5.344 (5808): drop_caches: 2 [ 235.069622][ T26] audit: type=1326 audit(1746119439.315:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5775 comm="syz.3.341" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65e77c0969 code=0x7ffc0000 [ 235.314866][ T26] audit: type=1326 audit(1746119439.315:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5775 comm="syz.3.341" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65e77c0969 code=0x7ffc0000 [ 235.481637][ T26] audit: type=1326 audit(1746119439.315:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5775 comm="syz.3.341" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f65e77c0969 code=0x7ffc0000 [ 235.711074][ T26] audit: type=1326 audit(1746119439.315:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5775 comm="syz.3.341" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65e77c0969 code=0x7ffc0000 [ 236.418773][ T26] audit: type=1326 audit(1746119439.315:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5775 comm="syz.3.341" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65e77c0969 code=0x7ffc0000 [ 236.529559][ T26] audit: type=1326 audit(1746119439.325:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5775 comm="syz.3.341" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f65e77bf2d0 code=0x7ffc0000 [ 236.555889][ T5837] device bond_slave_0 entered promiscuous mode [ 236.562695][ T5837] device bond_slave_1 entered promiscuous mode [ 236.727307][ T26] audit: type=1326 audit(1746119439.325:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5775 comm="syz.3.341" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65e77c0969 code=0x7ffc0000 [ 236.772711][ T26] audit: type=1326 audit(1746119439.325:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5775 comm="syz.3.341" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65e77c0969 code=0x7ffc0000 [ 236.845814][ T5839] device bond_slave_0 left promiscuous mode [ 236.852204][ T5839] device bond_slave_1 left promiscuous mode [ 237.203931][ T26] audit: type=1326 audit(1746119439.325:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5775 comm="syz.3.341" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f65e77c0969 code=0x7ffc0000 [ 237.221453][ T4616] Bluetooth: hci4: command 0x0406 tx timeout [ 237.240326][ T5846] loop3: detected capacity change from 0 to 128 [ 237.450523][ T26] audit: type=1326 audit(1746119439.325:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5775 comm="syz.3.341" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65e77c0969 code=0x7ffc0000 [ 237.508935][ T26] audit: type=1326 audit(1746119439.325:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5775 comm="syz.3.341" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65e77c0969 code=0x7ffc0000 [ 237.799587][ T26] audit: type=1326 audit(1746119439.325:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5775 comm="syz.3.341" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f65e77c2887 code=0x7ffc0000 [ 238.456962][ T26] audit: type=1326 audit(1746119439.325:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5775 comm="syz.3.341" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7f65e77c27fc code=0x7ffc0000 [ 238.525236][ T5863] sctp: failed to load transform for md5: -4 [ 238.525562][ T5853] sctp: failed to load transform for md5: -4 [ 238.625712][ T26] audit: type=1326 audit(1746119439.325:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5775 comm="syz.3.341" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7f65e77c2734 code=0x7ffc0000 [ 238.626026][ T5881] tmpfs: Unknown parameter 'usrquota' [ 238.687463][ T5886] loop0: detected capacity change from 0 to 128 [ 242.109706][ T5846] EXT4-fs: failed to create workqueue [ 242.115156][ T5846] EXT4-fs (loop3): mount failed [ 245.201193][ T5949] print_req_error: 58 callbacks suppressed [ 245.201213][ T5949] blk_update_request: I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 245.218724][ T5949] FAT-fs (loop5): unable to read boot sector [ 250.032076][ T6001] loop5: detected capacity change from 0 to 16 [ 250.057355][ T6003] netlink: 4 bytes leftover after parsing attributes in process `syz.2.389'. [ 250.106867][ T6001] erofs: (device loop5): mounted with root inode @ nid 36. [ 255.150356][ T6051] device wg2 entered promiscuous mode [ 255.166111][ T6054] loop0: detected capacity change from 0 to 1024 [ 255.357300][ T6064] loop3: detected capacity change from 0 to 512 [ 256.234342][ T154] hfsplus: b-tree write err: -5, ino 4 [ 256.366161][ T6064] EXT4-fs (loop3): 1 orphan inode deleted [ 256.467083][ T6064] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 256.514465][ T6064] ext4 filesystem being mounted at /84/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 259.166297][ T6088] netlink: 64985 bytes leftover after parsing attributes in process `syz.0.406'. [ 259.214505][ T6096] loop2: detected capacity change from 0 to 512 [ 259.325152][ T6096] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 259.690224][ T6108] capability: warning: `syz.0.412' uses 32-bit capabilities (legacy support in use) [ 260.813025][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 260.819347][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 262.549309][ T6096] EXT4-fs: error -4 creating inode table initialization thread [ 262.581069][ T6096] EXT4-fs (loop2): mount failed [ 263.150630][ T6142] xt_addrtype: both incoming and outgoing interface limitation cannot be selected [ 263.864546][ T6140] loop3: detected capacity change from 0 to 8192 [ 265.619501][ T6158] loop0: detected capacity change from 0 to 40427 [ 267.979549][ T6169] syz.6.426 sent an empty control message without MSG_MORE. [ 274.866572][ T6275] loop0: detected capacity change from 0 to 512 [ 276.050033][ T6275] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 276.059703][ T6275] EXT4-fs (loop0): group descriptors corrupted! [ 276.163261][ T6286] loop2: detected capacity change from 0 to 1024 [ 277.317065][ T6306] loop3: detected capacity change from 0 to 64 [ 278.680441][ T6332] netlink: 20 bytes leftover after parsing attributes in process `syz.6.455'. [ 278.716816][ T6286] EXT4-fs (loop2): mounted filesystem without journal. Opts: jqfmt=vfsv1,bsddf,barrier=0x0000000000000000,norecovery,debug_want_extra_isize=0x0000000000000080,resuid=0x0000000000000000,nodelalloc,acl,noinit_itable,,errors=continue. Quota mode: none. [ 278.993318][ T6286] EXT4-fs error (device loop2): __ext4_new_inode:1076: comm syz.2.446: reserved inode found cleared - inode=1 [ 279.469371][ T6346] xt_SECMARK: invalid mode: 2 [ 280.712298][ T6333] EXT4-fs error (device loop2): ext4_validate_block_bitmap:429: comm ext4lazyinit: bg 0: block 260: invalid block bitmap [ 285.761784][ T6409] binder: 6392:6409 ioctl c0306201 200000000680 returned -14 [ 285.883816][ T6410] netdevsim netdevsim6 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 285.893137][ T6410] netdevsim netdevsim6 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 285.901898][ T6410] netdevsim netdevsim6 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 285.910623][ T6410] netdevsim netdevsim6 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 286.067291][ T6410] team0: Port device vxlan0 added [ 293.243016][ T6454] loop3: detected capacity change from 0 to 256 [ 293.376209][ T6455] loop2: detected capacity change from 0 to 128 [ 295.552901][ T5847] handle_bad_sector: 12 callbacks suppressed [ 295.552921][ T5847] attempt to access beyond end of device [ 295.552921][ T5847] loop2: rw=1, want=207, limit=128 [ 295.765417][ C1] MPTCP: addr_signal error, add_addr=2, echo=1 [ 295.766221][ C1] MPTCP: addr_signal error, add_addr=2, echo=1 [ 297.953146][ T6492] kvm: pic: non byte read [ 298.019812][ T6492] kvm: pic: non byte read [ 298.024492][ T6492] kvm: pic: non byte read [ 298.029090][ T6492] kvm: pic: non byte read [ 298.142858][ T6508] No such timeout policy "syz1" [ 298.182769][ T6492] kvm: pic: non byte read [ 298.187267][ T6492] kvm: pic: non byte read [ 300.260788][ T6536] loop2: detected capacity change from 0 to 64 [ 303.977119][ T6561] netlink: 4 bytes leftover after parsing attributes in process `syz.3.504'. [ 304.108747][ T6578] netlink: 4 bytes leftover after parsing attributes in process `syz.5.511'. [ 304.142804][ T6570] delete_channel: no stack [ 304.323807][ T6578] netlink: 4 bytes leftover after parsing attributes in process `syz.5.511'. [ 305.510392][ T6596] loop3: detected capacity change from 0 to 40427 [ 310.275264][ T6646] loop0: detected capacity change from 0 to 1024 [ 314.050074][ T6701] netlink: 28 bytes leftover after parsing attributes in process `syz.0.534'. [ 314.148857][ T6701] netlink: 8 bytes leftover after parsing attributes in process `syz.0.534'. [ 316.717176][ T6744] netlink: 8 bytes leftover after parsing attributes in process `syz.5.549'. [ 321.334976][ T6787] loop2: detected capacity change from 0 to 512 [ 322.415198][ T6797] loop0: detected capacity change from 0 to 2048 [ 322.795606][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 322.804582][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 323.211815][ T6787] EXT4-fs (loop2): Ignoring removed oldalloc option [ 323.433695][ T6787] EXT4-fs error (device loop2): ext4_xattr_inode_iget:400: comm syz.2.546: Parent and EA inode have the same ino 15 [ 323.487918][ T6787] EXT4-fs (loop2): Remounting filesystem read-only [ 323.495028][ T6787] EXT4-fs error (device loop2): ext4_xattr_inode_iget:400: comm syz.2.546: Parent and EA inode have the same ino 15 [ 324.509029][ T6787] EXT4-fs (loop2): Remounting filesystem read-only [ 324.515791][ T6787] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: comm syz.2.546: inode #261888: comm syz.2.546: iget: illegal inode # [ 324.587393][ T6787] EXT4-fs (loop2): Remounting filesystem read-only [ 324.612894][ T6787] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz.2.546: error while reading EA inode 261888 err=-117 [ 324.733287][ T6787] EXT4-fs (loop2): Remounting filesystem read-only [ 324.918533][ T6787] EXT4-fs (loop2): 1 orphan inode deleted [ 324.985231][ T6787] EXT4-fs (loop2): mounted filesystem without journal. Opts: errors=remount-ro,bsdgroups,debug_want_extra_isize=0x0000000000000040,noauto_da_alloc,max_dir_size_kb=0x0000000000000003,oldalloc,init_itable,. Quota mode: none. [ 327.055470][ T6829] gfs2: path_lookup on /dev/net/tun returned error -2 [ 327.851990][ T6841] IPv6: ADDRCONF(NETDEV_CHANGE): bpq0: link becomes ready [ 328.357534][ T6854] netlink: 'syz.2.562': attribute type 9 has an invalid length. [ 328.460750][ T6850] loop2: detected capacity change from 0 to 1024 [ 328.667168][ T6850] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 328.671984][ T6860] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 329.292384][ T6876] ecryptfs_parse_options: eCryptfs: unrecognized option [³(] [ 329.299889][ T6876] ecryptfs_parse_options: eCryptfs: unrecognized option [{\)] [ 329.307470][ T6876] ecryptfs_parse_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README [ 329.322548][ T6876] Error parsing options; rc = [-22] [ 333.604794][ T6914] io-wq is not configured for unbound workers [ 335.748240][ T6938] x_tables: ip6_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 342.342459][ T6986] loop3: detected capacity change from 0 to 256 [ 342.422408][ T6986] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 342.433563][ T6990] loop0: detected capacity change from 0 to 512 [ 343.203274][ T6990] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 344.133622][ T7007] o2cb: This node has not been configured. [ 344.145557][ T6990] EXT4-fs (loop0): 1 truncate cleaned up [ 344.159480][ T7007] o2cb: Cluster check failed. Fix errors before retrying. [ 344.166673][ T6990] EXT4-fs (loop0): mounted filesystem without journal. Opts: quota,,errors=continue. Quota mode: writeback. [ 344.196563][ T7007] (syz.2.596,7007,1):user_dlm_register:675 ERROR: status = -22 [ 344.207691][ T7007] (syz.2.596,7007,0):dlmfs_mkdir:430 ERROR: Error -22 could not register domain "file1" [ 345.139995][ T7030] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 345.167174][ T7030] CIFS: Unable to determine destination address [ 355.462268][ T7141] input: syz0 as /devices/virtual/input/input8 [ 357.778042][ T7175] loop2: detected capacity change from 0 to 128 [ 358.894598][ T7175] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 358.953165][ T7175] ext4 filesystem being mounted at /120/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 363.827218][ T7243] overlayfs: failed to clone upperpath [ 372.408666][ T7324] loop0: detected capacity change from 0 to 512 [ 372.523779][ T7326] tipc: Started in network mode [ 372.598129][ T7326] tipc: Node identity 4, cluster identity 4711 [ 372.609576][ T7326] tipc: Node number set to 4 [ 372.633956][ T7324] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 372.829540][ T7324] ext4 filesystem being mounted at /127/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 376.212680][ T7357] netlink: 52 bytes leftover after parsing attributes in process `syz.3.681'. [ 377.310966][ T7379] netlink: 71 bytes leftover after parsing attributes in process `syz.3.684'. [ 377.322590][ T7365] netlink: 4 bytes leftover after parsing attributes in process `syz.0.677'. [ 380.110621][ T7407] netlink: 256 bytes leftover after parsing attributes in process `syz.2.692'. [ 383.581222][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 383.587542][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 385.813814][ T7455] device wg2 entered promiscuous mode [ 390.535149][ T7511] netlink: 12 bytes leftover after parsing attributes in process `syz.5.725'. [ 390.578902][ T7510] loop3: detected capacity change from 0 to 128 [ 392.026966][ T7533] netlink: 28 bytes leftover after parsing attributes in process `syz.6.732'. [ 392.273042][ T7537] loop2: detected capacity change from 0 to 256 [ 394.189392][ T7537] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 394.270656][ T7547] loop0: detected capacity change from 0 to 16 [ 395.515537][ T7547] erofs: (device loop0): mounted with root inode @ nid 36. [ 395.887540][ T7565] netlink: 28 bytes leftover after parsing attributes in process `syz.6.745'. [ 400.562339][ T7624] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 401.350695][ T7629] loop3: detected capacity change from 0 to 256 [ 401.483289][ T7623] loop0: detected capacity change from 0 to 8192 [ 401.505155][ T7631] overlayfs: failed to clone upperpath [ 401.574548][ T7634] kvm: emulating exchange as write [ 404.698880][ T7663] netlink: 28 bytes leftover after parsing attributes in process `syz.0.771'. [ 408.782881][ T7710] netlink: 28 bytes leftover after parsing attributes in process `syz.0.784'. [ 412.717346][ T7756] netlink: 28 bytes leftover after parsing attributes in process `syz.6.799'. [ 412.956366][ T7760] overlayfs: failed to clone upperpath [ 415.726643][ T7781] netlink: 52 bytes leftover after parsing attributes in process `syz.5.807'. [ 415.788162][ T7782] netlink: 4 bytes leftover after parsing attributes in process `syz.6.806'. [ 416.106297][ T7787] netlink: 52 bytes leftover after parsing attributes in process `syz.5.808'. [ 416.442443][ T7796] netlink: 28 bytes leftover after parsing attributes in process `syz.0.811'. [ 419.641450][ T7814] loop3: detected capacity change from 0 to 32768 [ 420.640209][ T7821] netlink: 52 bytes leftover after parsing attributes in process `syz.6.819'. [ 422.968011][ T7836] netlink: 28 bytes leftover after parsing attributes in process `syz.0.823'. [ 423.690089][ T7814] (syz.3.817,7814,1):ocfs2_initialize_super:2310 ERROR: status = -12 [ 423.900772][ T7814] (syz.3.817,7814,1):ocfs2_fill_super:1177 ERROR: status = -12 [ 426.201877][ T7868] loop0: detected capacity change from 0 to 256 [ 426.844944][ T7878] netlink: 28 bytes leftover after parsing attributes in process `syz.6.835'. [ 427.082128][ T7868] exFAT-fs (loop0): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 427.820488][ T7894] exFAT-fs (loop0): hint_cluster is invalid (17) [ 428.053311][ T7894] exFAT-fs (loop0): error, broken FAT chain. [ 428.060038][ T7894] exFAT-fs (loop0): Filesystem has been set read-only [ 428.067133][ T7894] exFAT-fs (loop0): error, failed to bmap (inode : ffff88805eac87e0 iblock : 8, err : -5) [ 428.135335][ T26] kauditd_printk_skb: 16 callbacks suppressed [ 428.135356][ T26] audit: type=1800 audit(1746119635.773:73): pid=7894 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.833" name="file1" dev="loop0" ino=1048612 res=0 errno=0 [ 428.212612][ T7899] netlink: 52 bytes leftover after parsing attributes in process `syz.5.842'. [ 430.498790][ T7922] device macsec0 entered promiscuous mode [ 431.950551][ T7932] netlink: 28 bytes leftover after parsing attributes in process `syz.0.850'. [ 432.413629][ T7929] Process accounting resumed [ 432.637136][ T7952] netlink: 52 bytes leftover after parsing attributes in process `syz.6.858'. [ 435.075821][ T7983] binder: 7964:7983 ioctl 4018620d 0 returned -22 [ 435.896190][ T7986] netlink: 28 bytes leftover after parsing attributes in process `syz.6.865'. [ 435.944511][ T7988] loop3: detected capacity change from 0 to 512 [ 436.033118][ T7988] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 436.133986][ T7999] loop2: detected capacity change from 0 to 1024 [ 436.174133][ T7988] EXT4-fs (loop3): 1 truncate cleaned up [ 436.180046][ T7988] EXT4-fs (loop3): mounted filesystem without journal. Opts: abort,errors=remount-ro,. Quota mode: none. [ 436.526693][ T8013] netlink: 277 bytes leftover after parsing attributes in process `syz.3.867'. [ 439.716262][ T8047] netlink: 12 bytes leftover after parsing attributes in process `syz.6.885'. [ 445.047313][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 445.055572][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 457.579574][ T8222] loop3: detected capacity change from 0 to 4096 [ 457.664338][ T8228] xt_CT: You must specify a L4 protocol and not use inversions on it [ 461.453160][ T8231] loop2: detected capacity change from 0 to 32768 [ 465.153528][ T8275] loop0: detected capacity change from 0 to 128 [ 465.228874][ T8277] overlayfs: failed to clone upperpath [ 466.534953][ T8282] bridge0: port 3(vlan2) entered blocking state [ 466.541614][ T8282] bridge0: port 3(vlan2) entered disabled state [ 466.550426][ T8282] device vlan2 entered promiscuous mode [ 466.556172][ T8282] device bond0 entered promiscuous mode [ 466.562290][ T8282] device bond_slave_0 entered promiscuous mode [ 466.568798][ T8282] device bond_slave_1 entered promiscuous mode [ 466.581676][ T8282] bridge0: port 3(vlan2) entered blocking state [ 466.588714][ T8282] bridge0: port 3(vlan2) entered forwarding state [ 473.471123][ T8355] loop3: detected capacity change from 0 to 128 [ 475.531108][ T8371] syz.3.976 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 475.542712][ T8371] attempt to access beyond end of device [ 475.542712][ T8371] loop3: rw=3, want=152, limit=128 [ 475.554190][ T8371] attempt to access beyond end of device [ 475.554190][ T8371] loop3: rw=2051, want=1041, limit=128 [ 481.752813][ T8418] loop0: detected capacity change from 0 to 1024 [ 481.863272][ T8423] netlink: 52 bytes leftover after parsing attributes in process `syz.2.994'. [ 485.093861][ T8447] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 485.112121][ C1] vkms_vblank_simulate: vblank timer overrun [ 486.638474][ T8451] overlayfs: failed to clone upperpath [ 487.453489][ T8469] netlink: 16 bytes leftover after parsing attributes in process `syz.6.1001'. [ 488.681900][ T8486] xt_CT: You must specify a L4 protocol and not use inversions on it [ 492.210725][ T8512] bridge0: port 3(gretap0) entered blocking state [ 492.217771][ T8512] bridge0: port 3(gretap0) entered disabled state [ 492.227270][ T8512] device gretap0 entered promiscuous mode [ 492.235201][ T8512] bridge0: port 3(gretap0) entered blocking state [ 492.242197][ T8512] bridge0: port 3(gretap0) entered forwarding state [ 492.349725][ T8512] device gretap0 left promiscuous mode [ 492.355402][ T8512] bridge0: port 3(gretap0) entered disabled state [ 497.149455][ T8558] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 497.907152][ T8567] netlink: 'syz.6.1029': attribute type 11 has an invalid length. [ 498.759804][ T8575] netlink: 52 bytes leftover after parsing attributes in process `syz.5.1030'. [ 500.184697][ T8599] IPv6: ADDRCONF(NETDEV_CHANGE): rose3: link becomes ready [ 503.451289][ T8639] loop3: detected capacity change from 0 to 1024 [ 506.471838][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 506.478159][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 510.464527][ T8687] loop2: detected capacity change from 0 to 128 [ 510.525368][ T8692] UBIFS error (pid: 8692): cannot open "(null)", error -22 [ 512.027587][ T8703] netlink: 52 bytes leftover after parsing attributes in process `syz.6.1059'. [ 514.213079][ T8728] loop3: detected capacity change from 0 to 512 [ 515.380910][ T8734] UBIFS error (pid: 8734): cannot open "(null)", error -22 [ 517.574441][ T8728] EXT4-fs warning (device loop3): ext4_multi_mount_protect:403: Unable to create kmmpd thread for loop3. [ 526.330146][ T8847] loop3: detected capacity change from 0 to 512 [ 527.362528][ T8848] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 527.774137][ T8854] loop0: detected capacity change from 0 to 256 [ 530.245881][ T8854] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 531.850719][ T8888] Cannot find del_set index 4 as target [ 532.449389][ T8888] syz.2.1114 uses old SIOCAX25GETINFO [ 535.261112][ T8904] loop2: detected capacity change from 0 to 32768 [ 536.408658][ T8904] gfs2: Unknown parameter 'statfs_quaotum' [ 540.312999][ T8952] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1133'. [ 542.049968][ T8963] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1137'. [ 542.063202][ T8963] loop2: detected capacity change from 0 to 128 [ 544.066046][ T8989] xt_CT: You must specify a L4 protocol and not use inversions on it [ 544.468065][ T8986] netlink: 52 bytes leftover after parsing attributes in process `syz.6.1145'. [ 548.114478][ T9031] netlink: 52 bytes leftover after parsing attributes in process `syz.3.1160'. [ 548.783630][ T9037] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 553.432906][ T9106] loop3: detected capacity change from 0 to 1024 [ 556.402497][ T9150] loop0: detected capacity change from 0 to 512 [ 556.424616][ T9153] netlink: 52 bytes leftover after parsing attributes in process `syz.5.1182'. [ 556.664094][ T9158] xt_CT: You must specify a L4 protocol and not use inversions on it [ 557.564893][ T9150] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 557.576206][ T9150] ext4 filesystem being mounted at /206/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 557.916897][ T26] audit: type=1800 audit(1746119765.853:74): pid=9172 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1180" name="file2" dev="loop0" ino=16 res=0 errno=0 [ 560.560562][ T9199] netlink: 52 bytes leftover after parsing attributes in process `syz.6.1194'. [ 566.186060][ T9246] netlink: 52 bytes leftover after parsing attributes in process `syz.6.1208'. [ 566.265060][ T9244] overlayfs: missing 'lowerdir' [ 567.991345][ T9263] xt_hashlimit: max too large, truncated to 1048576 [ 568.095379][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 568.101736][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 570.148643][ T9276] dlm: no local IP address has been set [ 570.154854][ T9276] dlm: cannot start dlm midcomms -107 [ 571.910176][ T9288] netlink: 52 bytes leftover after parsing attributes in process `syz.5.1220'. [ 575.541640][ T9314] netlink: 'syz.0.1224': attribute type 1 has an invalid length. [ 576.150956][ T9314] 8021q: adding VLAN 0 to HW filter on device bond1 [ 576.700811][ T9318] bond1: (slave veth3): Enslaving as an active interface with a down link [ 577.576943][ T9322] device veth1 entered promiscuous mode [ 577.649821][ T9322] device veth1 left promiscuous mode [ 577.657159][ T9322] bond1: (slave vlan2): making interface the new active one [ 577.787226][ T9322] device veth1 entered promiscuous mode [ 577.809566][ T9322] device vlan2 entered promiscuous mode [ 577.832540][ T9322] bond1: (slave vlan2): Enslaving as an active interface with an up link [ 577.882827][ T6245] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready [ 578.883974][ T9343] netlink: 52 bytes leftover after parsing attributes in process `syz.0.1233'. [ 580.684630][ T9360] loop2: detected capacity change from 0 to 512 [ 584.476148][ T9360] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 584.513782][ T9360] EXT4-fs: failed to create workqueue [ 584.696666][ T9360] EXT4-fs (loop2): mount failed [ 590.043429][ T9461] loop2: detected capacity change from 0 to 16 [ 590.754251][ T9461] erofs: (device loop2): mounted with root inode @ nid 36. [ 592.081549][ T9480] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 595.042983][ T9502] loop3: detected capacity change from 0 to 32768 [ 595.268339][ T9502] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 scanned by syz.3.1276 (9502) [ 595.840603][ T9508] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1275'. [ 595.849630][ T9508] netlink: 108 bytes leftover after parsing attributes in process `syz.6.1275'. [ 595.860884][ T9508] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1275'. [ 595.870713][ T9508] netlink: 108 bytes leftover after parsing attributes in process `syz.6.1275'. [ 595.879796][ T9508] netlink: 84 bytes leftover after parsing attributes in process `syz.6.1275'. [ 597.693078][ T9502] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 597.702388][ T9502] BTRFS info (device loop3): setting nodatacow, compression disabled [ 597.711588][ T9502] BTRFS info (device loop3): turning off barriers [ 597.718034][ T9502] BTRFS info (device loop3): force clearing of disk cache [ 597.725290][ T9502] BTRFS info (device loop3): enabling ssd optimizations [ 597.732472][ T9502] BTRFS info (device loop3): using spread ssd allocation scheme [ 597.740161][ T9502] BTRFS info (device loop3): doing ref verification [ 597.746817][ T9502] BTRFS info (device loop3): not using ssd optimizations [ 597.753904][ T9502] BTRFS info (device loop3): not using spread ssd allocation scheme [ 597.761930][ T9502] BTRFS info (device loop3): using free space tree [ 597.768468][ T9502] BTRFS info (device loop3): has skinny extents [ 597.891452][ T9502] BTRFS error (device loop3): open_ctree failed: -12 [ 600.770843][ T9594] loop2: detected capacity change from 0 to 164 [ 606.943226][ T9614] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1297'. [ 608.412011][ T9627] IPv6: NLM_F_REPLACE set, but no existing node found! [ 615.158221][ T9674] loop0: detected capacity change from 0 to 512 [ 615.198186][ T9675] loop3: detected capacity change from 0 to 512 [ 616.529249][ T9674] EXT4-fs (loop0): 1 orphan inode deleted [ 616.553814][ T9675] EXT4-fs (loop3): 1 orphan inode deleted [ 616.618238][ T9694] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1300'. [ 616.734441][ T9675] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 616.744574][ T9674] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 617.152415][ T9675] ext4 filesystem being mounted at /233/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 617.263487][ T9674] ext4 filesystem being mounted at /234/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 623.104719][ T9739] netlink: 52 bytes leftover after parsing attributes in process `syz.2.1327'. [ 628.023445][ T4305] device vlan2 left promiscuous mode [ 628.162024][ T9808] netlink: 'syz.2.1342': attribute type 1 has an invalid length. [ 629.771063][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 629.777387][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 629.969054][ T9808] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1342'. [ 633.034778][ T9859] vivid-006: disconnect [ 633.074634][ T9859] vivid-006: reconnect [ 633.966660][ T9872] blk_update_request: I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 633.978444][ T9872] F2FS-fs (loop7): Unable to read 1th superblock [ 633.986386][ T9872] blk_update_request: I/O error, dev loop7, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 633.997563][ T9872] F2FS-fs (loop7): Unable to read 2th superblock [ 635.309352][ T9887] loop0: detected capacity change from 0 to 1024 [ 636.591997][ T4305] hfsplus: b-tree write err: -5, ino 4 [ 647.458187][T10019] netlink: 52 bytes leftover after parsing attributes in process `syz.5.1392'. [ 652.206185][T10071] netlink: 52 bytes leftover after parsing attributes in process `syz.3.1405'. [ 652.979186][ C0] hrtimer: interrupt took 64309 ns [ 657.315538][T10150] netlink: 52 bytes leftover after parsing attributes in process `syz.5.1422'. [ 659.863167][T10171] loop2: detected capacity change from 0 to 2048 [ 661.226290][T10171] UDF-fs: error (device loop2): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 661.474783][T10171] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 663.310719][T10214] netlink: 52 bytes leftover after parsing attributes in process `syz.2.1433'. [ 663.481847][T10217] loop0: detected capacity change from 0 to 256 [ 667.264587][T10280] overlayfs: failed to clone upperpath [ 670.528448][T10322] loop2: detected capacity change from 0 to 40427 [ 670.629631][T10322] F2FS-fs (loop2): invalid crc value [ 670.731057][T10322] F2FS-fs (loop2): Found nat_bits in checkpoint [ 670.809947][T10322] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 671.315270][T10339] attempt to access beyond end of device [ 671.315270][T10339] loop2: rw=2049, want=53504, limit=40427 [ 672.271948][T10346] netlink: 52 bytes leftover after parsing attributes in process `syz.0.1465'. [ 676.203845][T10407] netlink: 52 bytes leftover after parsing attributes in process `syz.2.1479'. [ 676.323066][T10408] lo speed is unknown, defaulting to 1000 [ 676.329011][T10408] lo speed is unknown, defaulting to 1000 [ 676.335913][T10408] lo speed is unknown, defaulting to 1000 [ 676.350936][T10408] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 676.373616][T10408] lo speed is unknown, defaulting to 1000 [ 676.380397][T10408] lo speed is unknown, defaulting to 1000 [ 676.387063][T10408] lo speed is unknown, defaulting to 1000 [ 676.395475][T10408] lo speed is unknown, defaulting to 1000 [ 676.404782][T10408] lo speed is unknown, defaulting to 1000 [ 677.882286][T10423] loop0: detected capacity change from 0 to 256 [ 690.994628][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 691.001825][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 694.860630][T10596] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 694.877925][T10596] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 694.886395][T10596] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 695.913049][ T26] audit: type=1326 audit(1746119903.853:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10601 comm="syz.2.1529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46c9610969 code=0x7ffc0000 [ 695.999068][ T26] audit: type=1326 audit(1746119903.903:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10601 comm="syz.2.1529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f46c9610969 code=0x7ffc0000 [ 696.022350][ T26] audit: type=1326 audit(1746119903.903:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10601 comm="syz.2.1529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46c9610969 code=0x7ffc0000 [ 696.313660][ T26] audit: type=1326 audit(1746119903.903:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10601 comm="syz.2.1529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f46c9610969 code=0x7ffc0000 [ 696.986850][ T26] audit: type=1326 audit(1746119903.903:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10601 comm="syz.2.1529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46c9610969 code=0x7ffc0000 [ 697.023781][ T26] audit: type=1326 audit(1746119903.913:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10601 comm="syz.2.1529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=0 compat=0 ip=0x7f46c9610969 code=0x7ffc0000 [ 697.052606][ T26] audit: type=1326 audit(1746119903.913:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10601 comm="syz.2.1529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46c9610969 code=0x7ffc0000 [ 697.085462][ T26] audit: type=1326 audit(1746119903.913:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10601 comm="syz.2.1529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=93 compat=0 ip=0x7f46c9610969 code=0x7ffc0000 [ 697.289169][ T26] audit: type=1326 audit(1746119903.913:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10601 comm="syz.2.1529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46c9610969 code=0x7ffc0000 [ 697.601924][ T26] audit: type=1326 audit(1746119903.913:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10601 comm="syz.2.1529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=115 compat=0 ip=0x7f46c9610969 code=0x7ffc0000 [ 700.918579][T10654] loop2: detected capacity change from 0 to 256 [ 701.032085][T10658] mip6: mip6_destopt_init_state: spi is not 0: 1114112 [ 702.460811][ T26] kauditd_printk_skb: 28 callbacks suppressed [ 702.460877][ T26] audit: type=1800 audit(1746119910.373:113): pid=10672 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1542" name="bus" dev="loop2" ino=1048615 res=0 errno=0 [ 703.284371][T10676] binder_alloc: binder_alloc_mmap_handler: 10674 200000ffc000-200001000000 already mapped failed -16 [ 703.298283][T10676] fuse: Bad value for 'fd' [ 703.303610][T10676] xt_CT: You must specify a L4 protocol and not use inversions on it [ 703.612623][T10685] device team0 entered promiscuous mode [ 703.643548][T10685] device team_slave_0 entered promiscuous mode [ 703.680704][T10685] device team_slave_1 entered promiscuous mode [ 703.775644][T10685] team0: Port device team_slave_0 removed [ 703.904619][T10685] device team0 left promiscuous mode [ 703.945363][T10685] device team_slave_1 left promiscuous mode [ 705.212207][T10701] loop0: detected capacity change from 0 to 128 [ 706.804635][T10714] xt_connbytes: Forcing CT accounting to be enabled [ 706.811917][T10714] Cannot find add_set index 0 as target [ 706.877139][T10714] loop0: detected capacity change from 0 to 1024 [ 707.773091][T10714] Quota error (device loop0): find_block_dqentry: Quota for id 0 referenced but not present [ 707.784165][T10714] Quota error (device loop0): qtree_read_dquot: Can't read quota structure for id 0 [ 707.793633][T10714] EXT4-fs error (device loop0): ext4_acquire_dquot:6204: comm syz.0.1556: Failed to acquire dquot type 0 [ 707.883584][T10714] EXT4-fs (loop0): 1 truncate cleaned up [ 707.900148][T10714] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 709.455784][ T26] audit: type=1326 audit(1746119917.393:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10728 comm="syz.6.1561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa924ead969 code=0x7ffc0000 [ 709.665227][ T26] audit: type=1326 audit(1746119917.393:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10728 comm="syz.6.1561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa924ead969 code=0x7ffc0000 [ 709.775816][ T26] audit: type=1326 audit(1746119917.661:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10728 comm="syz.6.1561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fa924ead969 code=0x7ffc0000 [ 709.893228][ T26] audit: type=1326 audit(1746119917.661:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10728 comm="syz.6.1561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa924ead969 code=0x7ffc0000 [ 710.149645][ T26] audit: type=1326 audit(1746119917.661:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10728 comm="syz.6.1561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa924ead969 code=0x7ffc0000 [ 710.291013][ T26] audit: type=1326 audit(1746119917.661:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10728 comm="syz.6.1561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fa924ead969 code=0x7ffc0000 [ 710.315522][ T26] audit: type=1326 audit(1746119917.661:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10728 comm="syz.6.1561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa924ead969 code=0x7ffc0000 [ 710.408435][ T26] audit: type=1326 audit(1746119917.661:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10728 comm="syz.6.1561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa924ead969 code=0x7ffc0000 [ 711.925346][T10779] loop2: detected capacity change from 0 to 512 [ 711.966544][T10781] dlm: no locking on control device [ 713.044092][T10779] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 713.254602][T10779] EXT4-fs (loop2): 1 truncate cleaned up [ 713.284172][T10779] EXT4-fs (loop2): mounted filesystem without journal. Opts: init_itable=0x0000000000000000,jqfmt=vfsold,debug_want_extra_isize=0x000000000000006a,user_xattr,errors=remount-ro,quota,. Quota mode: writeback. [ 714.419295][ T1111] usb 3-1: new full-speed USB device number 4 using dummy_hcd [ 714.799441][ T1111] usb 3-1: config 0 has an invalid interface number: 20 but max is 1 [ 714.807908][ T1111] usb 3-1: config 0 has an invalid interface number: 24 but max is 1 [ 714.859185][ T1111] usb 3-1: config 0 has no interface number 0 [ 714.879142][ T1111] usb 3-1: config 0 has no interface number 1 [ 714.888270][ T1111] usb 3-1: config 0 interface 20 has no altsetting 0 [ 714.911302][ T1111] usb 3-1: New USB device found, idVendor=14aa, idProduct=0201, bcdDevice=8b.1d [ 714.947004][ T1111] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 714.990461][ T1111] usb 3-1: config 0 descriptor?? [ 715.252759][T10805] binder: 10804:10805 ioctl 4018620d 0 returned -22 [ 716.408346][ T1111] usb 3-1: string descriptor 0 read error: -71 [ 716.430855][ T1111] dvb-usb: found a 'WideView/Yuan/Yakumo/Hama/Typhoon DVB-T USB2.0 (WT-200U)' in cold state, will try to load a firmware [ 716.477681][ T1111] usb 3-1: Direct firmware load for dvb-usb-dtt200u-01.fw failed with error -2 [ 716.533682][ T1111] usb 3-1: Falling back to sysfs fallback for: dvb-usb-dtt200u-01.fw [ 719.702971][T10857] binder: 10856:10857 ioctl 4018620d 0 returned -22 [ 720.372547][T10864] loop3: detected capacity change from 0 to 1024 [ 720.694007][T10869] xt_TCPMSS: Only works on TCP SYN packets [ 721.589535][T10864] EXT4-fs (loop3): mounted filesystem without journal. Opts: user_xattr,nombcache,dioread_lock,norecovery,barrier=0x000000000000004c,lazytime,init_itable=0x0000000000000005,usrquota,errors=continue,,errors=continue. Quota mode: writeback. [ 721.697664][T10881] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 721.715192][T10881] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 721.723448][T10881] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 726.185190][T10910] 9pnet_virtio: no channels available for device 127.0.0.1 [ 729.323853][T10932] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 729.333480][T10932] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 729.341062][T10932] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 730.531767][T10937] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1611'. [ 731.662620][T10948] binder: 10946:10948 ioctl 4018620d 0 returned -22 [ 734.340217][T10958] overlayfs: failed to clone upperpath [ 735.692175][T10973] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1621'. [ 736.810978][T10990] binder: 10979:10990 ioctl 4018620d 0 returned -22 [ 740.091341][T11014] overlayfs: failed to clone upperpath [ 740.744104][T11027] loop2: detected capacity change from 0 to 128 [ 742.183930][T11032] misc userio: The device must be registered before sending interrupts [ 745.616389][T11065] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1646'. [ 745.630718][T11065] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1646'. [ 748.140451][T11080] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1650'. [ 748.565549][T11086] fuse: Bad value for 'fd' [ 748.571030][T11086] xt_CT: You must specify a L4 protocol and not use inversions on it [ 751.021048][T11096] loop2: detected capacity change from 0 to 2048 [ 751.254925][T11096] EXT4-fs (loop2): Ignoring removed bh option [ 752.491866][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 752.498279][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 752.884172][T11096] EXT4-fs (loop2): mounted filesystem without journal. Opts: discard,bh,mb_optimize_scan=0x0000000000000001,,errors=continue. Quota mode: none. [ 753.036076][ T26] kauditd_printk_skb: 45 callbacks suppressed [ 753.036093][ T26] audit: type=1800 audit(1746119960.978:167): pid=11096 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1655" name="file1" dev="loop2" ino=15 res=0 errno=0 [ 753.167580][T11123] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2219: inode #12: comm syz.2.1655: corrupted in-inode xattr [ 753.200226][T11123] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2219: inode #12: comm syz.2.1655: corrupted in-inode xattr [ 753.366005][T11123] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 753.384559][T11123] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 4 with max blocks 242 with error 28 [ 753.397867][T11123] EXT4-fs (loop2): This should not happen!! Data will be lost [ 753.397867][T11123] [ 754.263202][T11123] EXT4-fs (loop2): Total free blocks count 0 [ 754.318855][T11123] EXT4-fs (loop2): Free/Dirty block details [ 754.340544][T11123] EXT4-fs (loop2): free_blocks=2415919104 [ 754.346848][T11123] EXT4-fs (loop2): dirty_blocks=256 [ 754.498622][T11123] EXT4-fs (loop2): Block reservation details [ 754.517266][T11131] netlink: 52 bytes leftover after parsing attributes in process `syz.6.1663'. [ 754.526723][T11123] EXT4-fs (loop2): i_reserved_data_blocks=16 [ 755.424811][ T6235] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 755.505039][ T6235] EXT4-fs (loop2): This should not happen!! Data will be lost [ 755.505039][ T6235] [ 756.085680][T11150] binder: 11144:11150 ioctl 4018620d 0 returned -22 [ 757.315290][T11152] misc userio: The device must be registered before sending interrupts [ 757.468049][T11161] "syz.5.1672" (11161) uses obsolete ecb(arc4) skcipher [ 758.559135][T11167] netlink: 52 bytes leftover after parsing attributes in process `syz.5.1675'. [ 758.767067][T11170] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1676'. [ 760.013533][T11180] xt_TPROXY: Can be used only with -p tcp or -p udp [ 764.857000][T11224] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1687'. [ 765.726948][T11229] netlink: 52 bytes leftover after parsing attributes in process `syz.0.1686'. [ 770.246940][T11268] loop0: detected capacity change from 0 to 2048 [ 770.674636][T11268] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 770.809546][T11257] UDF-fs: error (device loop0): udf_fiiter_advance_blk: extent after position 232 not allocated in directory (ino 1376) [ 770.823137][T11257] UDF-fs: error (device loop0): udf_verify_fi: directory (ino 1376) has entry past directory size at pos 232 [ 771.660870][T11283] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1701'. [ 771.841666][T11285] binder: 11276:11285 ioctl 4018620d 0 returned -22 [ 772.095751][T11293] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1706'. [ 777.858060][ T1111] dvb-usb: did not find the firmware file 'dvb-usb-dtt200u-01.fw' (status -110). You can use /scripts/get_dvb_firmware to get the firmware [ 778.451054][ T1111] dvb-usb: found a 'WideView/Yuan/Yakumo/Hama/Typhoon DVB-T USB2.0 (WT-200U)' in cold state, will try to load a firmware [ 778.514716][ T1111] usb 3-1: Direct firmware load for dvb-usb-dtt200u-01.fw failed with error -2 [ 778.529705][T11325] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1714'. [ 778.564309][ T1111] usb 3-1: Falling back to sysfs fallback for: dvb-usb-dtt200u-01.fw [ 780.669717][T11347] netlink: 36 bytes leftover after parsing attributes in process `syz.6.1721'. [ 781.752715][T11360] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1726'. [ 783.910091][T11371] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6) [ 783.917222][T11371] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 783.925773][T11371] vhci_hcd vhci_hcd.0: Device attached [ 784.695204][ T23] usb 37-1: new low-speed USB device number 2 using vhci_hcd [ 785.580913][T11389] netlink: 52 bytes leftover after parsing attributes in process `syz.0.1733'. [ 785.919881][T11403] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1739'. [ 788.909880][T11441] loop2: detected capacity change from 0 to 1024 [ 789.008898][T11445] netlink: 52 bytes leftover after parsing attributes in process `syz.6.1749'. [ 789.079124][T11447] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1750'. [ 790.043938][T11441] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 791.861985][T11441] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 792.798016][T11492] netlink: 52 bytes leftover after parsing attributes in process `syz.0.1762'. [ 792.936104][T11501] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1764'. [ 793.449493][T11511] binder: 11497:11511 ioctl 4018620d 0 returned -22 [ 796.963557][T11532] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 797.847819][ T26] audit: type=1326 audit(1746120005.753:168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11552 comm="syz.2.1775" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46c9610969 code=0x7ffc0000 [ 797.877674][T11559] overlayfs: failed to clone upperpath [ 798.325762][ T26] audit: type=1326 audit(1746120005.753:169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11552 comm="syz.2.1775" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46c9610969 code=0x7ffc0000 [ 798.460411][ T26] audit: type=1326 audit(1746120005.753:170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11552 comm="syz.2.1775" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f46c9610969 code=0x7ffc0000 [ 798.564927][ T26] audit: type=1326 audit(1746120005.753:171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11552 comm="syz.2.1775" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46c9610969 code=0x7ffc0000 [ 798.587464][ C1] vkms_vblank_simulate: vblank timer overrun [ 798.621489][ T26] audit: type=1326 audit(1746120005.753:172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11552 comm="syz.2.1775" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f46c9610969 code=0x7ffc0000 [ 798.685116][ T26] audit: type=1326 audit(1746120005.753:173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11552 comm="syz.2.1775" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f46c96109a3 code=0x7ffc0000 [ 798.707301][ C1] vkms_vblank_simulate: vblank timer overrun [ 798.741514][ T26] audit: type=1326 audit(1746120005.753:174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11552 comm="syz.2.1775" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f46c96109a3 code=0x7ffc0000 [ 798.791501][ T26] audit: type=1326 audit(1746120005.753:175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11552 comm="syz.2.1775" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46c9610969 code=0x7ffc0000 [ 798.821939][ T26] audit: type=1326 audit(1746120005.753:176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11552 comm="syz.2.1775" exe="/root/syz-executor" sig=0 arch=c000003e syscall=426 compat=0 ip=0x7f46c9610969 code=0x7ffc0000 [ 798.853929][ T26] audit: type=1326 audit(1746120005.753:177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11552 comm="syz.2.1775" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46c9610969 code=0x7ffc0000 [ 798.894631][T11568] xt_NFQUEUE: number of total queues is 0 [ 798.971001][T11566] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1776'. [ 799.606498][T11570] RDS: rds_bind could not find a transport for ::ffff:100.1.1.2, load rds_tcp or rds_rdma? [ 803.139323][T11613] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1792'. [ 806.774068][T11655] IPv6: ADDRCONF(NETDEV_CHANGE): rose2: link becomes ready [ 806.875554][T11655] 8021q: adding VLAN 0 to HW filter on device bond0 [ 807.035193][T11655] bond0: (slave rose0): Enslaving as an active interface with an up link [ 807.070978][T11664] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1803'. [ 807.113994][ T5024] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 813.732915][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 813.739410][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 819.829297][ T3546] udevd[3546]: worker [9719] /devices/platform/dummy_hcd.2/usb3/3-1 is taking a long time [ 820.161996][T11783] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1828'. [ 821.010654][T11791] loop2: detected capacity change from 0 to 512 [ 821.022583][T11792] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1831'. [ 821.031825][T11792] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1831'. [ 822.252501][T11791] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: comm syz.2.1826: inode #1: comm syz.2.1826: iget: illegal inode # [ 822.325440][T11791] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz.2.1826: error while reading EA inode 1 err=-117 [ 822.347872][T11791] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: comm syz.2.1826: inode #1: comm syz.2.1826: iget: illegal inode # [ 822.383224][T11791] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz.2.1826: error while reading EA inode 1 err=-117 [ 822.407769][T11791] EXT4-fs (loop2): 1 orphan inode deleted [ 822.505062][T11791] EXT4-fs (loop2): mounted filesystem without journal. Opts: usrjquota=,journal_dev=0x0000000000008000,debug_want_extra_isize=0x000000000000005c,minixdf,resgid=0x0000000000000000,grpquota,usrjquota=,journal_dev=0x0000000000000dcc,,errors=continue. Quota mode: writeback. [ 823.927844][T11819] netlink: 68 bytes leftover after parsing attributes in process `syz.3.1837'. [ 827.976141][T11857] netlink: 20 bytes leftover after parsing attributes in process `syz.6.1846'. [ 827.985565][T11857] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1846'. [ 829.413540][T11870] netlink: 68 bytes leftover after parsing attributes in process `syz.5.1849'. [ 833.324169][T11900] loop2: detected capacity change from 0 to 128 [ 833.390994][T11901] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 834.721611][T11900] attempt to access beyond end of device [ 834.721611][T11900] loop2: rw=2049, want=713, limit=128 [ 835.370001][T11915] netlink: 68 bytes leftover after parsing attributes in process `syz.3.1861'. [ 839.293109][ T1111] dvb-usb: did not find the firmware file 'dvb-usb-dtt200u-01.fw' (status -110). You can use /scripts/get_dvb_firmware to get the firmware [ 839.331914][ T1111] usb 3-1: USB disconnect, device number 4 [ 845.342525][T11992] netlink: 68 bytes leftover after parsing attributes in process `syz.5.1877'. [ 848.333510][T12011] batman_adv: Cannot find parent device [ 848.340385][T12011] batman_adv: batadv0: Adding interface: gretap1 [ 848.346871][T12011] batman_adv: batadv0: The MTU of interface gretap1 is too small (1462) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 849.276779][T12011] batman_adv: batadv0: Not using interface gretap1 (retrying later): interface not active [ 849.865562][T12026] loop2: detected capacity change from 0 to 512 [ 851.455436][T12026] EXT4-fs (loop2): orphan cleanup on readonly fs [ 851.687398][T12026] EXT4-fs error (device loop2): ext4_ext_check_inode:501: inode #4: comm syz.2.1888: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 2048(2048) [ 852.228593][T12026] EXT4-fs error (device loop2): ext4_quota_enable:6398: comm syz.2.1888: Bad quota inode: 4, type: 1 [ 852.485026][T12026] EXT4-fs warning (device loop2): ext4_enable_quotas:6439: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 852.506515][T12026] EXT4-fs (loop2): Cannot turn on quotas: error -117 [ 852.513384][T12026] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 853.773236][T12052] netlink: 68 bytes leftover after parsing attributes in process `syz.5.1893'. [ 855.095810][T12067] xt_time: invalid argument - start or stop time greater than 23:59:59 [ 855.732409][T12071] syz.2.1896 (12071): /proc/12064/oom_adj is deprecated, please use /proc/12064/oom_score_adj instead. [ 856.592940][T12069] loop3: detected capacity change from 0 to 4096 [ 856.623777][ T1111] Bluetooth: hci4: command 0x0405 tx timeout [ 857.378801][T12069] __ntfs_warning: 1 callbacks suppressed [ 857.378819][T12069] ntfs: (device loop3): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 857.479246][T12069] ntfs: volume version 3.1. [ 857.795717][T12095] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1904'. [ 858.568462][T12073] delete_channel: no stack [ 859.399003][T12109] netlink: 68 bytes leftover after parsing attributes in process `syz.6.1908'. [ 860.562397][T12120] x_tables: ip6_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 868.382776][T12170] SET target dimension over the limit! [ 876.106437][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 876.112828][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 879.697069][T12247] loop3: detected capacity change from 0 to 2048 [ 880.079617][T12247] EXT4-fs (loop3): Unrecognized mount option "smackfshat=ext4" or missing value [ 880.981483][T12267] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1947'. [ 881.013041][T12267] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1947'. [ 881.232600][T12268] bridge0: port 3(syz_tun) entered blocking state [ 881.256369][T12268] bridge0: port 3(syz_tun) entered disabled state [ 881.318767][T12268] device syz_tun entered promiscuous mode [ 881.349187][T12268] bridge0: port 3(syz_tun) entered blocking state [ 881.355833][T12268] bridge0: port 3(syz_tun) entered forwarding state [ 881.835043][T12274] SET target dimension over the limit! [ 882.610137][T12273] loop2: detected capacity change from 0 to 1024 [ 882.868030][T12273] EXT4-fs (loop2): inline encryption not supported [ 882.874764][T12273] EXT4-fs (loop2): Ignoring removed bh option [ 884.704974][T12273] EXT4-fs (loop2): mounted filesystem without journal. Opts: dioread_nolock,data_err=abort,inlinecrypt,dioread_lock,data_err=ignore,max_dir_size_kb=0x000000000000000a,data_err=ignore,grpquota,noblock_validity,user_xattr,bh,errors=remount-ro,. Quota mode: writeback. [ 887.145142][T12315] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1958'. [ 890.743545][T12328] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1963'. [ 890.803103][T12328] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1963'. [ 896.638047][T12377] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1973'. [ 896.668711][T12377] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1973'. [ 901.429746][ T26] audit: type=1326 audit(1746120109.322:179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12417 comm="syz.3.1985" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65e77c0969 code=0x7ffc0000 [ 901.483363][ T26] audit: type=1326 audit(1746120109.332:180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12417 comm="syz.3.1985" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f65e77c0969 code=0x7ffc0000 [ 901.608885][ T26] audit: type=1326 audit(1746120109.332:181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12417 comm="syz.3.1985" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65e77c0969 code=0x7ffc0000 [ 901.688843][ T26] audit: type=1326 audit(1746120109.332:182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12417 comm="syz.3.1985" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65e77c0969 code=0x7ffc0000 [ 901.713161][ T26] audit: type=1326 audit(1746120109.342:183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12417 comm="syz.3.1985" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f65e77c0969 code=0x7ffc0000 [ 901.768085][ T26] audit: type=1326 audit(1746120109.342:184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12417 comm="syz.3.1985" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65e77c0969 code=0x7ffc0000 [ 902.157467][ T26] audit: type=1326 audit(1746120109.342:185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12417 comm="syz.3.1985" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65e77c0969 code=0x7ffc0000 [ 902.644179][ T26] audit: type=1326 audit(1746120109.342:186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12417 comm="syz.3.1985" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f65e77c0969 code=0x7ffc0000 [ 902.674235][ T26] audit: type=1326 audit(1746120109.342:187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12417 comm="syz.3.1985" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65e77c0969 code=0x7ffc0000 [ 902.733605][ T26] audit: type=1326 audit(1746120109.342:188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12417 comm="syz.3.1985" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f65e77c0969 code=0x7ffc0000 [ 905.134520][T12457] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1993'. [ 905.182257][T12457] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1993'. [ 908.655774][T12499] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2005'. [ 910.496556][T12514] netlink: 64 bytes leftover after parsing attributes in process `syz.3.2010'. [ 910.880531][T12522] x_tables: duplicate underflow at hook 1 [ 910.896046][T12522] bridge0: port 4(gretap0) entered blocking state [ 910.902752][T12522] bridge0: port 4(gretap0) entered disabled state [ 910.918158][T12522] device gretap0 entered promiscuous mode [ 910.951145][T12522] bridge0: port 4(gretap0) entered blocking state [ 910.957642][T12522] bridge0: port 4(gretap0) entered forwarding state [ 914.272830][T12548] netlink: 64 bytes leftover after parsing attributes in process `syz.2.2017'. [ 915.360439][T12563] binder: 12541:12563 ioctl 4018620d 0 returned -22 [ 915.700778][T12573] loop2: detected capacity change from 0 to 256 [ 916.272143][T12583] Cannot find add_set index 0 as target [ 917.334683][T12595] netlink: 52 bytes leftover after parsing attributes in process `syz.0.2029'. [ 919.729182][T12618] netlink: 64 bytes leftover after parsing attributes in process `syz.2.2033'. [ 923.328857][T12655] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 923.508609][T12655] x_tables: ip6_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 923.958245][T12664] netlink: 52 bytes leftover after parsing attributes in process `syz.2.2040'. [ 924.246537][T12671] netlink: 68 bytes leftover after parsing attributes in process `syz.2.2044'. [ 925.394844][T12688] netlink: 64 bytes leftover after parsing attributes in process `syz.0.2048'. [ 925.465495][T12690] loop2: detected capacity change from 0 to 1024 [ 925.579660][T12690] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 926.251633][T12712] binder: 12676:12712 ioctl 4018620d 0 returned -22 [ 926.890168][T12720] overlayfs: failed to clone upperpath [ 927.650347][T12729] netlink: 52 bytes leftover after parsing attributes in process `syz.6.2054'. [ 928.920024][T12747] netlink: 68 bytes leftover after parsing attributes in process `syz.6.2056'. [ 930.413102][T12763] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2062'. [ 930.452159][T12763] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2062'. [ 930.474088][T12763] bridge0: port 3(syz_tun) entered blocking state [ 930.492390][T12763] bridge0: port 3(syz_tun) entered disabled state [ 930.536841][T12763] device syz_tun entered promiscuous mode [ 930.548976][T12763] bridge0: port 3(syz_tun) entered blocking state [ 930.555536][T12763] bridge0: port 3(syz_tun) entered forwarding state [ 931.315177][T12777] netlink: 52 bytes leftover after parsing attributes in process `syz.3.2066'. [ 931.494921][T12784] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2068'. [ 932.481009][T12802] netlink: 68 bytes leftover after parsing attributes in process `syz.5.2070'. [ 933.640348][T12814] binder: 12795:12814 ioctl 4018620d 0 returned -22 [ 933.674912][T12784] syz.2.2068 (12784): drop_caches: 2 [ 936.579276][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 936.585715][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 937.660377][T12865] netlink: 52 bytes leftover after parsing attributes in process `syz.0.2081'. [ 939.220213][T12882] netlink: 168 bytes leftover after parsing attributes in process `syz.0.2085'. [ 941.773218][T12908] binder: 12898:12908 ioctl 4018620d 0 returned -22 [ 945.098829][T12924] x_tables: duplicate underflow at hook 1 [ 945.298933][T12924] bridge0: port 4(gretap0) entered blocking state [ 945.305536][T12924] bridge0: port 4(gretap0) entered disabled state [ 945.313173][T12924] device gretap0 entered promiscuous mode [ 945.320597][T12924] bridge0: port 4(gretap0) entered blocking state [ 945.327145][T12924] bridge0: port 4(gretap0) entered forwarding state [ 946.082209][ T4184] Bluetooth: hci3: ACL packet for unknown connection handle 3840 [ 947.264712][T12938] fuse: Bad value for 'fd' [ 947.358659][T12938] uffd: Set unprivileged_userfaultfd sysctl knob to 1 if kernel faults must be handled without obtaining CAP_SYS_PTRACE capability [ 952.678315][T12982] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2115'. [ 952.698562][T12982] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2115'. [ 952.859095][T12984] overlayfs: failed to clone lowerpath [ 952.868454][T12984] overlayfs: failed to clone upperpath [ 955.235398][T12994] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 955.372379][T13000] loop3: detected capacity change from 0 to 16 [ 955.584890][T13000] erofs: (device loop3): mounted with root inode @ nid 36. [ 960.691136][T13046] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2126'. [ 960.741159][T13046] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2126'. [ 965.642247][T13080] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2139'. [ 967.315099][T13105] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2148'. [ 967.339253][T13105] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2148'. [ 967.352515][T13106] netlink: 68 bytes leftover after parsing attributes in process `syz.2.2147'. [ 973.240086][T13147] netlink: 68 bytes leftover after parsing attributes in process `syz.3.2159'. [ 974.903211][T13142] delete_channel: no stack [ 979.014605][T13173] netlink: 68 bytes leftover after parsing attributes in process `syz.3.2165'. [ 980.141959][T13183] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2168'. [ 980.984354][T13183] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2168'. [ 981.174471][T13195] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2171'. [ 981.200897][T13196] netlink: 68 bytes leftover after parsing attributes in process `syz.0.2172'. [ 981.359066][T13195] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2171'. [ 982.511007][T13205] overlayfs: failed to clone upperpath [ 984.598926][T13229] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2182'. [ 984.621071][T13229] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2182'. [ 984.650979][T13234] netlink: 52 bytes leftover after parsing attributes in process `syz.2.2180'. [ 985.404916][T13241] netlink: 68 bytes leftover after parsing attributes in process `syz.0.2183'. [ 986.954330][T13249] netlink: 'syz.2.2187': attribute type 4 has an invalid length. [ 988.534916][T13264] infiniband s: RDMA CMA: cma_listen_on_dev, error -98 [ 991.181660][T13283] netlink: 68 bytes leftover after parsing attributes in process `syz.3.2196'. [ 991.272604][T13284] lo speed is unknown, defaulting to 1000 [ 993.198980][ T4216] Bluetooth: hci5: command 0x0409 tx timeout [ 993.793490][ T27] INFO: task kworker/1:1:23 blocked for more than 143 seconds. [ 993.817272][ T27] Not tainted 5.15.180-syzkaller #0 [ 993.849659][ T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 993.872103][ T27] task:kworker/1:1 state:D stack:24456 pid: 23 ppid: 2 flags:0x00004000 [ 993.905562][ T27] Workqueue: usb_hub_wq hub_event [ 994.010920][ T27] Call Trace: [ 994.033136][ T27] [ 994.049754][ T27] __schedule+0x11b8/0x43b0 [ 994.073524][ T27] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 994.115155][ T27] ? mark_lock+0x94/0x320 [ 994.138622][ T27] ? release_firmware_map_entry+0x190/0x190 [ 994.170521][ T27] ? try_to_wake_up+0x6cf/0x1050 [ 994.196991][ T27] ? _raw_spin_unlock_irq+0x1f/0x40 [ 994.232169][ T27] ? lockdep_hardirqs_on+0x94/0x140 [ 994.268155][ T27] schedule+0x11b/0x1e0 [ 994.290770][ T27] usb_kill_urb+0x1c6/0x2f0 [ 994.421888][ T27] ? usb_unlink_urb+0xa0/0xa0 [ 994.448423][ T27] ? _raw_spin_lock_irq+0xab/0xe0 [ 994.478530][ T27] ? init_wait_entry+0xd0/0xd0 [ 994.506368][ T27] ? usb_hcd_submit_urb+0x32c/0x19c0 [ 994.545121][ T27] ? _raw_spin_unlock_irq+0x1f/0x40 [ 994.575667][ T27] usb_start_wait_urb+0x189/0x4b0 [ 994.594713][ T27] ? usb_api_blocking_completion+0xb0/0xb0 [ 994.601602][ T27] ? memset+0x1e/0x40 [ 994.605833][ T27] usb_control_msg+0x22f/0x3e0 [ 994.611225][ T27] hub_port_init+0xb4d/0x28f0 [ 994.616954][ T27] ? mutex_unlock+0x10/0x10 [ 994.622041][ T27] hub_event+0x2535/0x4fa0 [ 994.626740][ T27] ? led_work+0x6e0/0x6e0 [ 994.631559][ T27] ? read_lock_is_recursive+0x10/0x10 [ 994.637186][ T27] ? _raw_spin_unlock_irq+0x1f/0x40 [ 994.651714][ T27] process_one_work+0x863/0x1000 [ 994.656821][ T27] ? worker_detach_from_pool+0x240/0x240 [ 994.676118][ T27] ? lockdep_hardirqs_off+0x70/0x100 [ 994.681837][ T27] ? _raw_spin_lock_irq+0xab/0xe0 [ 994.687052][ T27] ? _raw_spin_lock_irqsave+0xf0/0xf0 [ 994.697324][ T27] ? wq_worker_running+0x97/0x170 [ 994.737745][ T27] worker_thread+0xaa8/0x12a0 [ 994.743022][ T27] kthread+0x436/0x520 [ 994.747219][ T27] ? rcu_lock_release+0x20/0x20 [ 994.754475][ T27] ? kthread_blkcg+0xd0/0xd0 [ 994.760832][ T27] ret_from_fork+0x1f/0x30 [ 994.765432][ T27] [ 994.769903][ T27] [ 994.769903][ T27] Showing all locks held in the system: [ 994.778908][ T27] 2 locks held by ksoftirqd/0/14: [ 994.891426][ T27] 5 locks held by kworker/1:1/23: [ 994.896881][ T27] #0: ffff888141f83538 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x760/0x1000 [ 994.907824][ T27] #1: ffffc90000ddfd00 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x7a3/0x1000 [ 994.938722][ T27] #2: ffff888025198220 (&dev->mutex){....}-{3:3}, at: hub_event+0x18f/0x4fa0 [ 994.947677][ T27] #3: ffff88802519b5c0 (&port_dev->status_lock){+.+.}-{3:3}, at: hub_event+0x1e4d/0x4fa0 [ 994.975118][ T27] #4: ffff88802390a468 (hcd->address0_mutex){+.+.}-{3:3}, at: hub_event+0x1e7a/0x4fa0 [ 995.012098][ T27] 1 lock held by khungtaskd/27: [ 995.017262][ T27] #0: ffffffff8c11d9e0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x0/0x30 [ 995.043576][ T27] 3 locks held by kworker/u4:4/1278: [ 995.058691][ T27] #0: ffff888016879138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x760/0x1000 [ 995.093372][ T27] #1: ffffc90004dd7d00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work+0x7a3/0x1000 [ 995.118727][ T27] #2: ffffffff8d22afc8 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xa/0x50 [ 995.128316][ T27] 2 locks held by getty/3926: [ 995.153323][ T27] #0: ffff88802c254098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x21/0x70 [ 995.193159][ T27] #1: ffffc900026362e8 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x5ba/0x1a30 [ 995.205696][ T27] 3 locks held by kworker/1:7/4215: [ 995.221235][ T27] #0: ffff888016870938 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x760/0x1000 [ 995.259833][ T27] #1: ffffc9000317fd00 (deferred_process_work){+.+.}-{0:0}, at: process_one_work+0x7a3/0x1000 [ 995.271296][ T1111] Bluetooth: hci5: command 0x041b tx timeout [ 995.284253][ T27] #2: ffffffff8d22afc8 (rtnl_mutex){+.+.}-{3:3}, at: switchdev_deferred_process_work+0xa/0x20 [ 995.319596][ T27] 2 locks held by kworker/0:2/9560: [ 995.328808][ T27] #0: ffff888016872138 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: process_one_work+0x760/0x1000 [ 995.374092][ T27] #1: ffffc900030cfd00 ((work_completion)(&rew.rew_work)){+.+.}-{0:0}, at: process_one_work+0x7a3/0x1000 [ 995.413080][ T27] 2 locks held by syz.6.2158/13155: [ 995.418325][ T27] #0: ffffffff8d22afc8 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3d/0x1b0 [ 995.455250][ T27] #1: ffffffff8c122468 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x347/0x6b0 [ 995.483239][ T27] 1 lock held by syz-executor/13284: [ 995.503313][ T27] #0: ffffffff8d22afc8 (rtnl_mutex){+.+.}-{3:3}, at: rtnl_newlink+0x8b1/0x17d0 [ 995.523384][ T27] 2 locks held by syz.3.2196/13293: [ 995.538397][ T27] [ 995.544879][ T27] ============================================= [ 995.544879][ T27] [ 995.561217][T13284] chnl_net:caif_netlink_parms(): no params data found [ 995.569034][ T27] NMI backtrace for cpu 1 [ 995.573395][ T27] CPU: 1 PID: 27 Comm: khungtaskd Not tainted 5.15.180-syzkaller #0 [ 995.581389][ T27] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 995.591471][ T27] Call Trace: [ 995.594761][ T27] [ 995.597699][ T27] dump_stack_lvl+0x168/0x230 [ 995.602396][ T27] ? show_regs_print_info+0x20/0x20 [ 995.607616][ T27] ? load_image+0x3b0/0x3b0 [ 995.612146][ T27] ? tick_nohz_tick_stopped+0x7b/0xb0 [ 995.617539][ T27] ? nmi_cpu_backtrace+0x1b6/0x3d0 [ 995.622681][ T27] nmi_cpu_backtrace+0x397/0x3d0 [ 995.627642][ T27] ? nmi_trigger_cpumask_backtrace+0x280/0x280 [ 995.633819][ T27] ? _printk+0xcc/0x110 [ 995.637992][ T27] ? load_image+0x3b0/0x3b0 [ 995.642515][ T27] ? load_image+0x3b0/0x3b0 [ 995.647038][ T27] ? arch_trigger_cpumask_backtrace+0x10/0x10 [ 995.653123][ T27] nmi_trigger_cpumask_backtrace+0x163/0x280 [ 995.659122][ T27] watchdog+0xe0f/0xe50 [ 995.663306][ T27] kthread+0x436/0x520 [ 995.667388][ T27] ? hungtask_pm_notify+0x40/0x40 [ 995.672446][ T27] ? kthread_blkcg+0xd0/0xd0 [ 995.677052][ T27] ret_from_fork+0x1f/0x30 [ 995.681498][ T27] [ 995.685263][ T27] Sending NMI from CPU 1 to CPUs 0: [ 995.690632][ C0] NMI backtrace for cpu 0 [ 995.690643][ C0] CPU: 0 PID: 14 Comm: ksoftirqd/0 Not tainted 5.15.180-syzkaller #0 [ 995.690660][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 995.690676][ C0] RIP: 0010:memset+0x11/0x40 [ 995.690696][ C0] Code: d2 e9 43 ef ff ff 0f 1f 00 89 f6 48 8b 0c 24 ba 01 00 00 00 e9 30 ef ff ff 55 41 56 53 48 89 d3 89 f5 49 89 fe 48 8b 4c 24 18 <48> 89 d6 ba 01 00 00 00 e8 12 ef ff ff 84 c0 74 11 4c 89 f7 89 ee [ 995.690710][ C0] RSP: 0018:ffffc90000d37348 EFLAGS: 00000246 [ 995.690725][ C0] RAX: ffff88813fea1dc0 RBX: 0000000000000060 RCX: ffffffff81348742 [ 995.690737][ C0] RDX: 0000000000000060 RSI: 0000000000000000 RDI: ffffc90000d373c8 [ 995.690747][ C0] RBP: 0000000000000000 R08: dffffc0000000000 R09: ffffc90000d37500 [ 995.690758][ C0] R10: 0000000000000000 R11: 0000000000000040 R12: 0000000000000000 [ 995.690768][ C0] R13: ffff88813fea1dc0 R14: ffffc90000d373c8 R15: 0000000000000000 [ 995.690779][ C0] FS: 0000000000000000(0000) GS:ffff8880b9000000(0000) knlGS:0000000000000000 [ 995.690793][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 995.690804][ C0] CR2: 00007f2031120d60 CR3: 0000000074095000 CR4: 00000000003506f0 [ 995.690819][ C0] DR0: 0000000000000000 DR1: 000000000000000b DR2: 0000000000000000 [ 995.690828][ C0] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 995.690838][ C0] Call Trace: [ 995.690842][ C0] [ 995.690849][ C0] __unwind_start+0x32/0x740 [ 995.690870][ C0] ? stack_trace_save+0xe0/0xe0 [ 995.690885][ C0] arch_stack_walk+0xda/0x140 [ 995.690919][ C0] ? kfree+0xef/0x2a0 [ 995.690934][ C0] stack_trace_save+0x98/0xe0 [ 995.690948][ C0] ? stack_trace_snprint+0xf0/0xf0 [ 995.690963][ C0] ? __local_bh_enable_ip+0x12a/0x1b0 [ 995.690979][ C0] ? _local_bh_enable+0xa0/0xa0 [ 995.690995][ C0] kasan_set_track+0x4b/0x70 [ 995.691037][ C0] kasan_set_free_info+0x1f/0x40 [ 995.691051][ C0] ____kasan_slab_free+0xd5/0x110 [ 995.691069][ C0] slab_free_freelist_hook+0xea/0x170 [ 995.691087][ C0] ? skb_release_data+0x6fe/0x850 [ 995.691106][ C0] kfree+0xef/0x2a0 [ 995.691123][ C0] skb_release_data+0x6fe/0x850 [ 995.691145][ C0] consume_skb+0xa2/0x100 [ 995.691162][ C0] can_receive+0x37d/0x410 [ 995.691181][ C0] can_rcv+0x149/0x2a0 [ 995.691196][ C0] ? rcu_lock_release+0x20/0x20 [ 995.691212][ C0] __netif_receive_skb+0xcc/0x290 [ 995.691233][ C0] process_backlog+0x364/0x780 [ 995.691254][ C0] ? rps_trigger_softirq+0x210/0x210 [ 995.691268][ C0] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 995.691288][ C0] ? lock_chain_count+0x20/0x20 [ 995.691308][ C0] __napi_poll+0xc0/0x430 [ 995.691325][ C0] ? net_rx_action+0x2db/0x9c0 [ 995.691340][ C0] net_rx_action+0x4a8/0x9c0 [ 995.691358][ C0] ? net_tx_action+0x870/0x870 [ 995.691371][ C0] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 995.691389][ C0] ? detach_timer+0x2b0/0x2b0 [ 995.691407][ C0] ? lockdep_hardirqs_on_prepare+0x760/0x760 [ 995.691430][ C0] handle_softirqs+0x328/0x820 [ 995.691446][ C0] ? run_ksoftirqd+0x98/0xf0 [ 995.691464][ C0] ? do_softirq+0x200/0x200 [ 995.691478][ C0] ? run_ksoftirqd+0x75/0xf0 [ 995.691492][ C0] ? ksoftirqd_should_run+0x20/0x20 [ 995.691512][ C0] ? lockdep_hardirqs_off+0x70/0x100 [ 995.691531][ C0] ? ksoftirqd_should_run+0x20/0x20 [ 995.691546][ C0] run_ksoftirqd+0x98/0xf0 [ 995.691560][ C0] ? ksoftirqd_should_run+0x20/0x20 [ 995.691576][ C0] ? preempt_schedule_thunk+0x16/0x18 [ 995.691594][ C0] ? smpboot_thread_fn+0x5bc/0x970 [ 995.691612][ C0] smpboot_thread_fn+0x4f6/0x970 [ 995.691635][ C0] kthread+0x436/0x520 [ 995.691649][ C0] ? cpu_report_death+0x180/0x180 [ 995.691666][ C0] ? kthread_blkcg+0xd0/0xd0 [ 995.691681][ C0] ret_from_fork+0x1f/0x30 [ 995.691703][ C0] [ 995.837385][ T27] Kernel panic - not syncing: hung_task: blocked tasks [ 996.073840][ T27] CPU: 1 PID: 27 Comm: khungtaskd Not tainted 5.15.180-syzkaller #0 [ 996.081833][ T27] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 996.091904][ T27] Call Trace: [ 996.095207][ T27] [ 996.098147][ T27] dump_stack_lvl+0x168/0x230 [ 996.102848][ T27] ? show_regs_print_info+0x20/0x20 [ 996.108063][ T27] ? load_image+0x3b0/0x3b0 [ 996.112594][ T27] panic+0x2c9/0x7f0 [ 996.116507][ T27] ? schedule_preempt_disabled+0x20/0x20 [ 996.122246][ T27] ? bpf_jit_dump+0xd0/0xd0 [ 996.126773][ T27] ? __irq_work_queue_local+0x12c/0x190 [ 996.132338][ T27] ? nmi_trigger_cpumask_backtrace+0x260/0x280 [ 996.138517][ T27] watchdog+0xe4e/0xe50 [ 996.142702][ T27] kthread+0x436/0x520 [ 996.146782][ T27] ? hungtask_pm_notify+0x40/0x40 [ 996.151816][ T27] ? kthread_blkcg+0xd0/0xd0 [ 996.156426][ T27] ret_from_fork+0x1f/0x30 [ 996.160867][ T27] [ 996.164198][ T27] Kernel Offset: disabled [ 996.171261][ T27] Rebooting in 86400 seconds..