last executing test programs: 2m38.281595313s ago: executing program 3 (id=4): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r0, 0x0, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x0, 0x0, 0x0) sendmmsg$inet(r0, 0x0, 0x0, 0x0) r1 = userfaultfd(0x80001) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)) timerfd_create(0x0, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) io_uring_setup(0x7, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f0000000080)={@ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x1}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) 2m37.891759117s ago: executing program 3 (id=13): bind$alg(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$packet(0x11, 0x2, 0x300) syz_emit_ethernet(0x32, &(0x7f0000000080)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @random="13d9887cfd24", @val={@val={0x88a8, 0x5, 0x1, 0x3}, {0x8100, 0x5}}, {@arp={0x806, @ether_ipv4={0x1, 0x800, 0x6, 0x4, 0xe, @remote, @multicast2, @broadcast, @multicast2}}}}, 0x0) recvmmsg(r3, &(0x7f0000000480)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=""/11, 0x17}}], 0x400000000000179, 0x10022, 0x0) 2m36.153170476s ago: executing program 3 (id=15): prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) ioctl$IOMMU_HWPT_ALLOC$NONE(0xffffffffffffffff, 0x3b89, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) socket$kcm(0x10, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000500)=ANY=[@ANYBLOB="200000001a00010000000000000000000a00fc003a2a1f3cb4b3ac6578361b8008250035dafb3e87eff0fea069b447aa5e6a38d9c5a1"], 0x20}], 0x1}, 0x0) 2m33.479880998s ago: executing program 3 (id=19): syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000480)='./file0\x00', 0x0, &(0x7f00000004c0)={[{@noload}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x1}}, {@bh}, {@noload}, {@data_err_ignore}, {@usrjquota}]}, 0xff, 0x44d, &(0x7f0000000900)="$eJzs3MtvG8UfAPDvrp30/Ut+UB4tLQQKouKRNOnzwKUIJA4gIcGhiFNI0qrUbaAJEq0qKBzKEVXijjgi8RdwggsCTkhc4Y4qVaiXFiQko13vpsa107hx6rb+fKRNZrzjzHx3d+zZGTsBDKyx7EcSsTkifouIkUb2vwXGGr+uXTk389eVczNJ1Otv/Jnk5a5eOTdTFi2ft6mRqdeL/Lo29V54O2K6Vps7XeQnFk++N7Fw5uzzx09OH5s7Nndq6tChfXt3Dh+Y2t+TOLO4rm7/aH7HtlfeuvjazJGL7/z0TdbezcX+5jh6ZaxxdNt6qteV9dmWpnRS7WND6EolIrLTNZT3/5GoxIalfSPx8qd9bRywpur1er3d+3PhfB24hyXR7xYA/VG+0Wf3v+V2m4Yed4TLhyPeP9iI/1qxNfZUIy3KDLXc3/bSWEQcOf/3l9kWazQPAQDQ7LvDEfFcu/FfGg82lftfsYYyGhH/j4j7IuL+iNgaEQ9E5GUfioiHu6y/dYXkxvFPeumWAluhbPz3QrG2tTT++6eex18YrRS5LXn8Q8nR47W5PcUx2R1D67L85DJ1fP/Sr5932tc8/su2rP5yLNiQXqq2TNDNTi9OrzLsJZc/idhebYk/l0S5jJNExLaI2N7VX75+h3H8ma93dCp18/iX0YN1pvpXEU83zv/5aIm/lHRcn5w8eGBq/8T6qM3tmSivihv9/MuF1zvVv6r4eyA7/xtbr//cUvyjyfqIhTNnT+TrtQvd13Hh98863tPc6vU/nLyZp4eLxz6cXlw8PRkxnLx64+NT159b5svyWfy7d7WLP81f48oj8UhEZBfxzoh4NCIeK9r+eEQ8ERG7lon/xxeffLf7+JeZle+hLP7Zm53/aD7/3ScqJ374tvv4S9n535endhePrOT1b6UNXM2xAwAAgLtFmn8GPknHl9JpOj7e+Az/1tiY1uYXFp89Ov/BqdnGZ+VHYygtZ7pGmuZDJ4u54TI/1ZLfW8wbf1HZkOfHZ+Zrs/0OHgbcpg79P/NHpd+tA9ac72vB4NL/YXDp/zC49H8YXPo/DK52/f/jPrQDuP28/8Pg0v9hcOn/MLj0fxhIHb8bn67qK/8S93wi0u6fVY07pPF3U6K64n9mcYuJdW139fuVCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoDf+DQAA//9X4u4v") r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000400)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) lseek(r0, 0x851, 0x1) open(&(0x7f0000000280)='./file0/file0\x00', 0x14337f, 0x0) 2m30.059330632s ago: executing program 3 (id=26): ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f00000000c0)={0x1, @pix={0x0, 0xcf6, 0x38414761, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_io_uring_setup(0x49a, &(0x7f00000000c0)={0x0, 0x79af, 0x3180, 0x8000, 0x40024e}, &(0x7f0000000340)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f00000004c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_ctr_aes256\x00'}, 0x58) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, 0x0, 0x0) r6 = accept4(r5, 0x0, 0x0, 0x800) syz_io_uring_submit(r3, r4, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x40, 0x6000, @fd=r6, 0xffffffffffffffff, &(0x7f00000006c0)=""/210, 0xd2, 0x2, 0x1}) io_uring_enter(r2, 0x627, 0x4c1, 0x43, 0x0, 0x30) 2m28.464138932s ago: executing program 2 (id=29): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = semget$private(0x0, 0x6, 0x0) semtimedop(r3, &(0x7f00000003c0)=[{0x2, 0x4, 0x1800}], 0x1, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000200)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x94) 2m27.050846682s ago: executing program 2 (id=30): socket$inet6_tcp(0xa, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8e}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) quotactl$Q_GETINFO(0xffffffff80000500, &(0x7f0000000000)=@loop={'/dev/loop', 0x0}, 0x0, 0x0) process_vm_writev(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) brk(0x1e) 2m24.910667525s ago: executing program 2 (id=34): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r3, 0x0, 0x2a, &(0x7f0000000180)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88) setsockopt$inet_MCAST_MSFILTER(r3, 0x0, 0x30, &(0x7f0000000940)=ANY=[@ANYBLOB="020000000000000002000000e0000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000500000002000000e00000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000064010102000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000e000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002"], 0x310) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/mcfilter\x00') preadv(r4, &(0x7f0000000100)=[{&(0x7f0000000240)=""/249, 0xf9}], 0x1, 0x5e, 0xfffffff8) 2m22.30606956s ago: executing program 2 (id=37): finit_module(0xffffffffffffffff, 0x0, 0x1) lseek(0xffffffffffffffff, 0x7f, 0x4) bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0) r0 = fsopen(&(0x7f0000000040)='cgroup2\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x82) fchdir(r1) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) unlinkat(r1, &(0x7f0000000140)='./file0\x00', 0x200) r2 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_SET_BINARY(r2, 0x6, 0x0, 0x0, 0x0) r3 = fsmount(r2, 0x0, 0x0) r4 = openat$cgroup_subtree(r3, &(0x7f0000000040), 0x2, 0x0) write$cgroup_subtree(r4, &(0x7f0000000080)={[{0x2d, 'pids'}]}, 0x6) 2m18.638433837s ago: executing program 2 (id=41): socket$alg(0x26, 0x5, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) modify_ldt$write(0x1, &(0x7f00000000c0)={0x8, 0x20000800, 0xffffffffffffffff, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1}, 0xffffffffffffff2a) r1 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r1) ptrace$setregs(0xd, r1, 0x20000000002, &(0x7f0000000040)) ptrace$cont(0x9, r1, 0x80000003, 0x4) 2m13.94977139s ago: executing program 2 (id=44): pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = fsopen(&(0x7f0000000080)='autofs\x00', 0x0) fsconfig$FSCONFIG_SET_FD(r1, 0x5, &(0x7f00000005c0)='fd', 0x0, r0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(r1, 0x0, 0x2) r3 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) setpgid(r3, r3) setpgid(0x0, r3) fchdir(r2) r4 = socket$unix(0x1, 0x2, 0x0) connect$unix(r4, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) ptrace$poke(0x5, r3, 0x0, 0x3) execveat(0xffffffffffffff9c, &(0x7f0000000280)='./file2\x00', 0x0, 0x0, 0x0) mknod$loop(&(0x7f0000000140)='./file0\x00', 0x2000, 0x0) 2m13.253112053s ago: executing program 32 (id=26): ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f00000000c0)={0x1, @pix={0x0, 0xcf6, 0x38414761, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_io_uring_setup(0x49a, &(0x7f00000000c0)={0x0, 0x79af, 0x3180, 0x8000, 0x40024e}, &(0x7f0000000340)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f00000004c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_ctr_aes256\x00'}, 0x58) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, 0x0, 0x0) r6 = accept4(r5, 0x0, 0x0, 0x800) syz_io_uring_submit(r3, r4, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x40, 0x6000, @fd=r6, 0xffffffffffffffff, &(0x7f00000006c0)=""/210, 0xd2, 0x2, 0x1}) io_uring_enter(r2, 0x627, 0x4c1, 0x43, 0x0, 0x30) 1m58.297777818s ago: executing program 33 (id=44): pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = fsopen(&(0x7f0000000080)='autofs\x00', 0x0) fsconfig$FSCONFIG_SET_FD(r1, 0x5, &(0x7f00000005c0)='fd', 0x0, r0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(r1, 0x0, 0x2) r3 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) setpgid(r3, r3) setpgid(0x0, r3) fchdir(r2) r4 = socket$unix(0x1, 0x2, 0x0) connect$unix(r4, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) ptrace$poke(0x5, r3, 0x0, 0x3) execveat(0xffffffffffffff9c, &(0x7f0000000280)='./file2\x00', 0x0, 0x0, 0x0) mknod$loop(&(0x7f0000000140)='./file0\x00', 0x2000, 0x0) 26.046904304s ago: executing program 4 (id=184): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000500), 0x40, 0x0) close(r1) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000900)={&(0x7f0000000140)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xe}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x5, 0x7, 0xb3}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=@newqdisc={0x58, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xffffbddc, {0x0, 0x0, 0x0, r5, {0x10}, {}, {0xe, 0x1}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0x200000, 0xe, 0x7, 0x7, 0x9, 0x40, 0xffffffff, 0x2}}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x4040098}, 0x4000) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r7 = socket$packet(0x11, 0x2, 0x300) sendto$packet(r7, 0x0, 0x0, 0x40, &(0x7f00000001c0)={0x11, 0x1a, r6, 0x1, 0xd8, 0x6, @random="98c8ca7122df"}, 0x14) sendto$packet(r7, 0x0, 0x0, 0x40000, &(0x7f0000000240)={0x11, 0xf8, r6, 0x1, 0x5, 0x6, @local}, 0x14) 21.15165448s ago: executing program 4 (id=193): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) socketpair$unix(0x1, 0x5, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = syz_init_net_socket$ax25(0x3, 0x3, 0x0) accept(r0, 0x0, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000000600)=""/102400, 0x19000) bind$inet6(0xffffffffffffffff, 0x0, 0x0) bind$bt_l2cap(0xffffffffffffffff, &(0x7f0000000000)={0x1f, 0x21, @none}, 0xe) socket$nl_route(0x10, 0x3, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=@newlink={0x34, 0x10, 0x401, 0x20000, 0x0, {0x0, 0x0, 0x0, 0x0, 0x8003}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @ipvlan={{0xb}, {0x4}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x240008c4}, 0x4054) 17.288836805s ago: executing program 4 (id=197): r0 = socket$inet6(0xa, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r1 = syz_open_dev$MSR(&(0x7f0000000280), 0x0, 0x0) read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8) r2 = syz_open_dev$dvb_frontend(0x0, 0x0, 0x141000) ioctl$FE_GET_PROPERTY(r2, 0x80106f53, 0x0) r3 = socket$rds(0x15, 0x5, 0x0) sendmsg$rds(r3, 0x0, 0x0) setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f0000000040)=0x2, 0x4) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) openat$mice(0xffffffffffffff9c, 0x0, 0x101) r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x1c0102, 0x0) write$vga_arbiter(r4, &(0x7f0000000280)=ANY=[@ANYBLOB], 0xc) 13.549879286s ago: executing program 0 (id=202): msgctl$MSG_INFO(0x0, 0xc, &(0x7f0000000400)=""/85) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$inet_int(r0, 0x0, 0x31, 0x0, 0x0) socket$packet(0x11, 0x2, 0x300) read$FUSE(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = gettid() timer_create(0x1, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0) futex(&(0x7f000000cffc)=0x1, 0xd, 0x0, &(0x7f0000000000)={0x77359400}, 0x0, 0x0) timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)) 11.933284125s ago: executing program 4 (id=204): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r1 = socket$nl_rdma(0x10, 0x3, 0x14) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000700)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r5, 0x0, 0xc004) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r1, 0x0, 0x4000) sendmsg$netlink(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000500)={0x114, 0x14, 0x1, 0x70bd2d, 0x25dfdbfc, "", [@nested={0x102, 0x4e, 0x0, 0x1, [@typed={0xc, 0x2, 0x0, 0x0, @u64=0x8}, @typed={0x14, 0x2001, 0x0, 0x0, @ipv6=@mcast1}, @generic="2a725624d55e18f54ca5798d3fe7955ef9868c011de6a6d4494d7aba163930e7a6d17e0b2db61f06be12a8fe12bf5df24b2807a60c94c81f539deb8a1f987eb7669e1395c2ce8f7c2854902221ce978006451bd593aa73c50e0dfd544fd4fa321cbe1ddd38f2dfb0cec37543dac9e03b4dc38a9d937e23023ab86a8ce5f7a6d9772d2c9b91825cd6f77be8203cbe17d83dbb0590b1ef553211edef00ead1ebbe1b58e5b323435a913a2e5ce557c4ec021c723d2022c694102308a8fb6114ab4d007089b6a2816f689a565d4e70637725b2ff732144f7", @typed={0x8, 0x11a, 0x0, 0x0, @uid=0xee00}]}]}, 0x114}], 0x1, 0x0, 0x0, 0x40004}, 0x0) 11.777992453s ago: executing program 1 (id=205): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0) syz_open_procfs(0x0, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) r1 = openat$tun(0xffffffffffffff9c, 0x0, 0x35451d7003000c0b, 0x0) ioctl$TUNSETGROUP(r1, 0x400454ce, 0xee01) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000000002, 0x0) io_setup(0x5, &(0x7f0000000140)=0x0) r4 = eventfd2(0x4, 0x0) io_submit(r3, 0x1, &(0x7f0000001640)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0xb, r2, 0x0, 0x0, 0x3, 0x0, 0x1, r4}]) 11.722109925s ago: executing program 0 (id=206): openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r0 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0) read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8) socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x1, 0x0, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000480)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-serpent-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, 0x0, 0x0) r2 = accept4(r1, 0x0, 0x0, 0x80800) sendmmsg$alg(r2, &(0x7f0000000400)=[{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe1a}], 0x1, &(0x7f0000000380)=[@op={0x18}], 0x18}], 0x4924924924924b9, 0x0) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x10, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x1f}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2, 0x0, 0x0, 0xf5000000}, 0x0) 10.090033616s ago: executing program 4 (id=207): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) syz_open_dev$vim2m(0x0, 0x800, 0x2) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x20004000) r3 = socket$kcm(0x29, 0x5, 0x0) setsockopt$kcm_KCM_RECV_DISABLE(r3, 0x119, 0x1, &(0x7f0000000380)=0x9, 0x4) setsockopt$kcm_KCM_RECV_DISABLE(r3, 0x119, 0x1, 0x0, 0x0) 9.985778075s ago: executing program 5 (id=208): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) splice(r0, 0x0, 0xffffffffffffffff, 0x0, 0xc, 0x0) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x30}, 0x1, 0x0, 0x0, 0xaa34a4cfdf933201}, 0x10) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0) close(r1) r2 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r2, 0x6f6) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="0100000000000000000007000000140001800500020001000000080006001a"], 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x8) 9.916488613s ago: executing program 0 (id=209): syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) dup(0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f00000000c0)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = io_uring_setup(0x401, &(0x7f0000000300)={0x0, 0x77ae, 0x402, 0x8000002, 0x3d7}) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040)) close_range(r3, 0xffffffffffffffff, 0x0) 8.668834119s ago: executing program 0 (id=210): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x44) r3 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_int(r3, &(0x7f00000005c0)='cgroup.max.descendants\x00', 0x2, 0x0) io_getevents(0x0, 0x6, 0x0, &(0x7f00000003c0), &(0x7f0000000040)) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x3, 0x3, &(0x7f0000000480)=@framed, &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000140)={@map=0x1, r4, 0x2f, 0x8, 0xffffffffffffffff, @void, @value=0x0}, 0x20) 8.614125694s ago: executing program 1 (id=211): socketpair$unix(0x1, 0x3, 0x0, 0x0) unshare(0x24020400) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000000)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f00000002c0)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x149002, 0x0) write$P9_RSTATu(r1, &(0x7f00000004c0)={0x293, 0x7d, 0x0, {{0x500, 0xf0, 0x0, 0x5000000, {}, 0x0, 0x0, 0x0, 0x0, 0x1f, '\x04nodev{cvfox\x92\xff\xff\xff\x81\x02\x00\x00\x00\x00\x001\xff\xce\xbc\x92\x00\x00\x00', 0x38, 'pJ\x86\xce\xc6\x02\x00}\xfag>\xff\xeb\t\xb55\x1f[\xde\x05\xf7\x00\x00\x00\x00\x18{\x82\x00\xb5\x00\x00;Y_\xcb\x14\x03CT\xb9\xfd\x9e\xf1\x96\xa5\x1c\xd5\x15z\xdc\x81\x06\xb4\x94\xe1', 0x12, '\xcf\xc2\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf3\x13\xf6\x00', 0x55, '\xf8\xf6i\xfbqm\xcf1^\xca\xf3\x85@\x9a\xc6[\x94\bg\x8c,;\x9e\x1dR\xc3l\xde{\xa4\xa4\x00\xb4\xb0\xb4\xf1t\xa6f\xa8R\x9aE\x1b4\a\xdb\xda\xb2\x88K\xaf\x05\x00\x00\x00\x00\x00\x00\x00G\xec!\xca\xbf\xf2\x0f\x9c\x1c\xbe6\xf4\xfd\x1aL\xc2\x80\xe8\xd4\x89\xdad\x9a7\x00'}, 0x12c, 'odev-n\xb1{#\x00\xf9\xda\xa5\xee#&n\xcf\x85\xfe\xa6^B\xd9y\xa3\xfd\xe5\xf4u\xda\xf0;\x11r\xd9{\xad\xc7\tZ\xfdv\xfeO\x04A\xf7\xf7t\x1e\xac\x03\x00\x00\xec\xff\x00\x00\xdb\xa0\xc2\xf7\xf0\x9f\xf5<~M\x1a\xd6n-\a\x01\x98\x01\x9f0\x11\x84G\xaa\x9at\xf5\x16\x85\xf5\x06\xae\x89H\x06\x87\x82g\xd5\xa1)\x8dy,J7\xf2\xe1\xcb\xbd$\x82\x92\x9a\r\x89r\xb5\xcfs.\xa5\xb0\xd7#\x85\x9d\xba?\x93\xae\xd3\xb4.\xe7\xca\xc0}\xe0\x9d\x1dh\xa6\x033\xa8\x82F}+1\xaa\xcd\xf9\x18\x85I\xb1\x12]lL\x9b\x18\xc2\xfbV\xc5}}\xc6&\xe49\a\x96\xa1\xebH\'Fi\xab\x13\xf8\xb1\x1d\x14`Y\xf3\x10\xe2cMY?\xece\xd5)\xf3\x82\x06fd\xdf$NL\x90W\np\x04\x9f9\x9f\x06\x1fu\xb7y|\xe1\xfe\x11\xea\x91\x96\t\xd5\x1aA\xdd=\xe3\x04\xbd|~\xd0\xa4V\xf0\xae\x12Qa\x05\xc9\xce\x88}\xf5\xa6\xe0\xb6\xa7}Yl\xf8\x8b\xa6\xe5\xc69|}P!\xd7\x98\x95(\xfd\x179\xe1\xc2\xd8\x7f\xff\x00'/300}}, 0x232) r2 = socket$rxrpc(0x21, 0x2, 0xa) connect$rxrpc(r2, &(0x7f0000000000)=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x0, 0x0, @mcast1}}, 0x24) sendmsg$inet(r2, &(0x7f0000000180)={0x0, 0xfffffffffffffd6b, 0x0, 0x0, &(0x7f00000000c0)=[@ip_tos_int={{0x18, 0x110}}], 0x18, 0x4c00}, 0x0) r3 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$NL802154_CMD_GET_SEC_LEVEL(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0xfffffffffffffd90, &(0x7f0000000380)={&(0x7f0000000240)={0x14, r3, 0x701, 0x74bd2b, 0x0, {0x5}}, 0x14}, 0x1, 0x0, 0x0, 0x20004074}, 0x0) 8.491613256s ago: executing program 5 (id=212): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000340)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setxattr$system_posix_acl(&(0x7f0000002a00)='.\x00', &(0x7f0000002a40)='system.posix_acl_default\x00', &(0x7f0000002b40), 0x24, 0x0) r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000021c0)='./file0\x00', 0x3a) r4 = syz_open_procfs(0x0, &(0x7f0000000540)='mounts\x00') read$FUSE(r4, &(0x7f0000002c00)={0x2020}, 0x2020) 6.549204278s ago: executing program 5 (id=213): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) listen(r0, 0x7d4165c9) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) listen(r3, 0x7d4165c9) listen(r2, 0x0) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) listen(r4, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r2, 0x6, 0xe, &(0x7f0000000780)={@in6={{0xa, 0x4e24, 0x2, @empty, 0xc}}, 0x0, 0x0, 0x20, 0x0, "9c0fe2154aa786d10084ecfbe8e86f7d312fcc8fde38d5823d22fbbb55a7837e5f2329f4d662f2185f18fae43e09d661d12a01669d6eef2e4733c2c29a3c3d16ef45c7c1c8ecfcc76b47d9ab9a573f11"}, 0xd8) listen(r5, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r5, 0x6, 0xe, &(0x7f0000000680)={@in6={{0xa, 0x4e21, 0x1, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x81}}, 0x0, 0x0, 0x40, 0x0, "2b20a1a47cddc63b223be606d7303a4d4d11e10450d766feb63b382d54bab577021cad5de4fe7630a33b6deca160b1267ff02123bc27830000000000ffff40000000000000b5b29049cb65f00300"}, 0xd8) r6 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r6, &(0x7f0000000540)=[{&(0x7f0000000180)="580000001400192340834b80040d8c560a066f0200ff000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0effeffe809005300fff5dd00000010000100080c10000000000000000000", 0x58}], 0x1) 5.830122732s ago: executing program 0 (id=214): socket(0x10, 0x2, 0x0) setresuid(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000580)={'wlan0\x00'}) r0 = socket$qrtr(0x2a, 0x2, 0x0) connect$qrtr(r0, &(0x7f0000000200)={0x2a, 0xffffffffffffffff, 0xfffffffe}, 0xc) r1 = syz_io_uring_setup(0x497, &(0x7f0000000680)={0x0, 0x465d, 0x400, 0x3, 0x285}, &(0x7f00000004c0)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x6000, @fd=r0, 0x0, 0x0, 0x0, 0x0, 0x1}) syz_io_uring_setup(0x7dc9, 0x0, &(0x7f0000000140), 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = signalfd(0xffffffffffffffff, &(0x7f00000002c0)={[0x7fffffff]}, 0x8) r5 = gettid() timer_create(0x0, &(0x7f0000000180)={0x0, 0x11, 0x4, @tid=r5}, &(0x7f0000000080)) timer_settime(0x0, 0x0, &(0x7f0000000300)={{0x0, 0x1}, {0x0, 0xe4c}}, 0x0) poll(&(0x7f00000000c0)=[{r4, 0x400}], 0x1, 0xfffffffa) io_uring_enter(r1, 0x40f8, 0x2cf2, 0xa5, 0x0, 0x0) 5.705836662s ago: executing program 1 (id=215): mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x81c0, 0x0) mknodat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x81c0, 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x1, 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x1, 0x0) r2 = landlock_create_ruleset(&(0x7f0000000140)={0x4000}, 0x18, 0x0) landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r2, 0x1, &(0x7f0000000180)={0x4000, r1}, 0x0) prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1) landlock_restrict_self(r2, 0x0) r3 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x1, 0x0) r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x1, 0x0) truncate(&(0x7f0000000240)='./file0\x00', 0x1) ftruncate(r3, 0x1) truncate(&(0x7f0000000280)='./file1\x00', 0x1) ftruncate(r0, 0x1) ftruncate(r1, 0x1) ftruncate(r4, 0x1) 5.68223484s ago: executing program 4 (id=216): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0x8, 0xc}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x4, &(0x7f0000000280)=@framed={{}, [@call={0x85, 0x0, 0x0, 0xf}]}, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_DELETE_BATCH(0x1b, &(0x7f0000000240)={&(0x7f0000000180)="484a1e9f0a296a1edda568735b175adba4a3682cabf4e8373bb7e7daf0dce87850ec769df0796230b08ed89fce6abe202dec401a3a8e7b87d7eaa3fda0984550f74589859ef7a5f516a584fa15cfcb2e45c1bb2c33905d9b03fec894fdb285c03c99a80e1e8f4a0401b76c6328d378f237ee3370dd0d60ffabbca116eb882e12e042b371f637108a6b2bbb5fd7e8464ed528b333bf1d959d3b92511f72de2f6990a0e22652b82e3d17a4bbe4fa89a8e783fe4ceec3d0bb", &(0x7f0000000300)=""/137, &(0x7f00000003c0), 0x0, 0x1, r0}, 0x38) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000940)=[{&(0x7f00000007c0)="d8000000180081064e81f782db4cb904021d080006007c09e8fe55a10a0015000500142603600e1208000f0000000401a80016002000014004000000035c1f61c1d600", 0x43}], 0x1}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x20, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000001"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f0000000700)="ef16", 0x0}, 0x50) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r4 = accept4(r3, 0x0, 0x0, 0x800) sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r5, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r6, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0) 5.551565883s ago: executing program 5 (id=217): syz_io_uring_setup(0x1104, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r3, 0x1, 0x25, &(0x7f0000000200)=0x67f4, 0x4) bind$inet(r3, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r3, &(0x7f0000000480)={0x2, 0x4e22, @multicast1}, 0x10) sendmmsg(r3, &(0x7f0000007fc0), 0x800001d, 0x0) recvmmsg(r3, &(0x7f0000000040), 0x291962b, 0x45833af92e4b39ff, 0x0) 5.340413003s ago: executing program 1 (id=218): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r1 = socket$nl_rdma(0x10, 0x3, 0x14) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000700)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r5, 0x0, 0xc004) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r1, 0x0, 0x4000) sendmsg$netlink(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000500)={0x114, 0x14, 0x1, 0x70bd2d, 0x25dfdbfc, "", [@nested={0x102, 0x4e, 0x0, 0x1, [@typed={0xc, 0x2, 0x0, 0x0, @u64=0x8}, @typed={0x14, 0x2001, 0x0, 0x0, @ipv6=@mcast1}, @generic="2a725624d55e18f54ca5798d3fe7955ef9868c011de6a6d4494d7aba163930e7a6d17e0b2db61f06be12a8fe12bf5df24b2807a60c94c81f539deb8a1f987eb7669e1395c2ce8f7c2854902221ce978006451bd593aa73c50e0dfd544fd4fa321cbe1ddd38f2dfb0cec37543dac9e03b4dc38a9d937e23023ab86a8ce5f7a6d9772d2c9b91825cd6f77be8203cbe17d83dbb0590b1ef553211edef00ead1ebbe1b58e5b323435a913a2e5ce557c4ec021c723d2022c694102308a8fb6114ab4d007089b6a2816f689a565d4e70637725b2ff732144f7", @typed={0x8, 0x11a, 0x0, 0x0, @uid=0xee00}]}]}, 0x114}], 0x1, 0x0, 0x0, 0x40004}, 0x0) 3.996077289s ago: executing program 5 (id=219): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0x8, 0xc}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x4, &(0x7f0000000280)=@framed={{}, [@call={0x85, 0x0, 0x0, 0xf}]}, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_DELETE_BATCH(0x1b, &(0x7f0000000240)={&(0x7f0000000180)="484a1e9f0a296a1edda568735b175adba4a3682cabf4e8373bb7e7daf0dce87850ec769df0796230b08ed89fce6abe202dec401a3a8e7b87d7eaa3fda0984550f74589859ef7a5f516a584fa15cfcb2e45c1bb2c33905d9b03fec894fdb285c03c99a80e1e8f4a0401b76c6328d378f237ee3370dd0d60ffabbca116eb882e12e042b371f637108a6b2bbb5fd7e8464ed528b333bf1d959d3b92511f72de2f6990a0e22652b82e3d17a4bbe4fa89a8e783fe4ceec3d0bb", &(0x7f0000000300)=""/137, &(0x7f00000003c0), 0x0, 0x1, r0}, 0x38) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000940)=[{&(0x7f00000007c0)="d8000000180081064e81f782db4cb904021d080006007c09e8fe55a10a0015000500142603600e1208000f0000000401a80016002000014004000000035c1f61c1d60008000000000000fb8000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cee0090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4", 0x86}], 0x1}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x20, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000001"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r3 = accept4(r2, 0x0, 0x0, 0x800) sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0) 2.799060654s ago: executing program 1 (id=220): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x800001000088}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) r1 = getpgrp(0x0) sched_setaffinity(r1, 0x5, &(0x7f0000000040)=0x29) prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x2, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x0) r3 = syz_clone(0x80000, 0x0, 0x0, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) r5 = syz_open_dev$sndpcmp(&(0x7f0000000b00), 0x0, 0x14b000) close(r5) 2.430455636s ago: executing program 0 (id=221): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f00000000c0)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(r0, 0x1, &(0x7f0000000180)=0x3) r3 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, 0x0) socket$inet_mptcp(0x2, 0x1, 0x106) r4 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) ioctl$COMEDI_DEVCONFIG(r4, 0x40946400, 0x0) ioctl$COMEDI_DEVCONFIG(r4, 0x40946400, &(0x7f00000000c0)={'mpc624\x00', [0x4fa7, 0x105, 0x2, 0x10000421, 0x0, 0xcc7, 0x7ffffffe, 0x5c952398, 0x5, 0x3ff, 0x2, 0x300, 0x1, 0x1, 0x9, 0x0, 0x100, 0x8, 0x48f3, 0x5, 0x80000089, 0xa, 0x1400000, 0x8001, 0xffffeadb, 0x3, 0x3d, 0x8, 0x4, 0x7ffffff, 0x485f]}) 1.450769ms ago: executing program 5 (id=222): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0) syz_open_procfs(0x0, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) r1 = openat$tun(0xffffffffffffff9c, 0x0, 0x35451d7003000c0b, 0x0) ioctl$TUNSETGROUP(r1, 0x400454ce, 0xee01) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000000002, 0x0) io_setup(0x5, &(0x7f0000000140)=0x0) r4 = eventfd2(0x4, 0x0) io_submit(r3, 0x1, &(0x7f0000001640)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0xb, r2, 0x0, 0x0, 0x3, 0x0, 0x1, r4}]) 0s ago: executing program 1 (id=232): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)={0x44, r4, 0x211, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x30, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e21}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @loopback}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}]}]}, 0x44}}, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.246' (ED25519) to the list of known hosts. [ 86.678112][ T5802] cgroup: Unknown subsys name 'net' [ 86.828306][ T5802] cgroup: Unknown subsys name 'cpuset' [ 86.837984][ T5802] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 88.483396][ T5802] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 90.915083][ T5832] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 90.922808][ T5832] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 90.932536][ T5834] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 90.941387][ T5837] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 90.941479][ T5833] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 90.954284][ T5837] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 90.962887][ T5837] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 90.964308][ T5833] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 90.971161][ T5837] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 90.978888][ T5833] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 90.985565][ T5837] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 90.992649][ T5833] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 90.999319][ T5837] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 91.007238][ T5833] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 91.019992][ T5837] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 91.030046][ T5837] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 91.030458][ T5833] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 91.049094][ T5833] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 91.049509][ T5136] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 91.072852][ T5837] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 91.080517][ T5837] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 91.090632][ T5826] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 91.103021][ T5837] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 91.123053][ T5826] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 91.131981][ T5824] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 91.139171][ T5824] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 91.152952][ T5826] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 91.160673][ T5826] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 91.170119][ T5136] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 91.190876][ T5136] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 91.267362][ T30] cfg80211: failed to load regulatory.db [ 91.936184][ T5825] chnl_net:caif_netlink_parms(): no params data found [ 92.046286][ T5821] chnl_net:caif_netlink_parms(): no params data found [ 92.175088][ T5822] chnl_net:caif_netlink_parms(): no params data found [ 92.259644][ T5823] chnl_net:caif_netlink_parms(): no params data found [ 92.436723][ T5840] chnl_net:caif_netlink_parms(): no params data found [ 92.464091][ T5835] chnl_net:caif_netlink_parms(): no params data found [ 92.500053][ T5825] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.507905][ T5825] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.515156][ T5825] bridge_slave_0: entered allmulticast mode [ 92.523045][ T5825] bridge_slave_0: entered promiscuous mode [ 92.592850][ T5825] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.600971][ T5825] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.608265][ T5825] bridge_slave_1: entered allmulticast mode [ 92.616034][ T5825] bridge_slave_1: entered promiscuous mode [ 92.637288][ T5821] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.644494][ T5821] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.651639][ T5821] bridge_slave_0: entered allmulticast mode [ 92.659520][ T5821] bridge_slave_0: entered promiscuous mode [ 92.679891][ T5822] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.687109][ T5822] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.694372][ T5822] bridge_slave_0: entered allmulticast mode [ 92.701968][ T5822] bridge_slave_0: entered promiscuous mode [ 92.750237][ T5821] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.757519][ T5821] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.764980][ T5821] bridge_slave_1: entered allmulticast mode [ 92.772519][ T5821] bridge_slave_1: entered promiscuous mode [ 92.792460][ T5822] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.799646][ T5822] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.806947][ T5822] bridge_slave_1: entered allmulticast mode [ 92.814669][ T5822] bridge_slave_1: entered promiscuous mode [ 92.821887][ T5823] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.829722][ T5823] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.837532][ T5823] bridge_slave_0: entered allmulticast mode [ 92.845240][ T5823] bridge_slave_0: entered promiscuous mode [ 92.927700][ T5823] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.935014][ T5823] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.942394][ T5823] bridge_slave_1: entered allmulticast mode [ 92.950174][ T5823] bridge_slave_1: entered promiscuous mode [ 92.960783][ T5825] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 93.001666][ T5822] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 93.026165][ T5825] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 93.051860][ T5821] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 93.064605][ T5136] Bluetooth: hci1: command tx timeout [ 93.071569][ T5821] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 93.090834][ T5822] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 93.144674][ T5136] Bluetooth: hci2: command tx timeout [ 93.144730][ T5824] Bluetooth: hci0: command tx timeout [ 93.155930][ T5837] Bluetooth: hci3: command tx timeout [ 93.210090][ T5823] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 93.223872][ T5824] Bluetooth: hci4: command tx timeout [ 93.229623][ T5837] Bluetooth: hci5: command tx timeout [ 93.238076][ T5823] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 93.247397][ T5840] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.254959][ T5840] bridge0: port 1(bridge_slave_0) entered disabled state [ 93.262397][ T5840] bridge_slave_0: entered allmulticast mode [ 93.270286][ T5840] bridge_slave_0: entered promiscuous mode [ 93.309565][ T5822] team0: Port device team_slave_0 added [ 93.317709][ T5825] team0: Port device team_slave_0 added [ 93.337564][ T5840] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.344861][ T5840] bridge0: port 2(bridge_slave_1) entered disabled state [ 93.352451][ T5840] bridge_slave_1: entered allmulticast mode [ 93.360585][ T5840] bridge_slave_1: entered promiscuous mode [ 93.370220][ T5821] team0: Port device team_slave_0 added [ 93.380248][ T5821] team0: Port device team_slave_1 added [ 93.386369][ T5835] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.393510][ T5835] bridge0: port 1(bridge_slave_0) entered disabled state [ 93.401031][ T5835] bridge_slave_0: entered allmulticast mode [ 93.408793][ T5835] bridge_slave_0: entered promiscuous mode [ 93.418936][ T5822] team0: Port device team_slave_1 added [ 93.439973][ T5825] team0: Port device team_slave_1 added [ 93.475812][ T5823] team0: Port device team_slave_0 added [ 93.494063][ T5835] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.501285][ T5835] bridge0: port 2(bridge_slave_1) entered disabled state [ 93.508572][ T5835] bridge_slave_1: entered allmulticast mode [ 93.516311][ T5835] bridge_slave_1: entered promiscuous mode [ 93.579127][ T5823] team0: Port device team_slave_1 added [ 93.611147][ T5822] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 93.618514][ T5822] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 93.645017][ T5822] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 93.658296][ T5822] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.665300][ T5822] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 93.691561][ T5822] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 93.718682][ T5840] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 93.742134][ T5821] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 93.749405][ T5821] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 93.775413][ T5821] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 93.788323][ T5821] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.795398][ T5821] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 93.821433][ T5821] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 93.836252][ T5835] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 93.848837][ T5835] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 93.869116][ T5825] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 93.876120][ T5825] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 93.902326][ T5825] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 93.916391][ T5840] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 93.982482][ T5825] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.989675][ T5825] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 94.016087][ T5825] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 94.041571][ T5823] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 94.049057][ T5823] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 94.075207][ T5823] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 94.087983][ T5823] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 94.095296][ T5823] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 94.121450][ T5823] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 94.146024][ T5835] team0: Port device team_slave_0 added [ 94.234267][ T5835] team0: Port device team_slave_1 added [ 94.261165][ T5822] hsr_slave_0: entered promiscuous mode [ 94.267955][ T5822] hsr_slave_1: entered promiscuous mode [ 94.291643][ T5840] team0: Port device team_slave_0 added [ 94.304629][ T5821] hsr_slave_0: entered promiscuous mode [ 94.311407][ T5821] hsr_slave_1: entered promiscuous mode [ 94.317861][ T5821] debugfs: 'hsr0' already exists in 'hsr' [ 94.323737][ T5821] Cannot create hsr debugfs directory [ 94.345518][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 94.352674][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 94.378858][ T5835] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 94.405742][ T5840] team0: Port device team_slave_1 added [ 94.509289][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 94.518278][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 94.545468][ T5835] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 94.563676][ T5823] hsr_slave_0: entered promiscuous mode [ 94.570277][ T5823] hsr_slave_1: entered promiscuous mode [ 94.576781][ T5823] debugfs: 'hsr0' already exists in 'hsr' [ 94.582613][ T5823] Cannot create hsr debugfs directory [ 94.628088][ T5825] hsr_slave_0: entered promiscuous mode [ 94.634629][ T5825] hsr_slave_1: entered promiscuous mode [ 94.640849][ T5825] debugfs: 'hsr0' already exists in 'hsr' [ 94.646752][ T5825] Cannot create hsr debugfs directory [ 94.666656][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 94.673725][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 94.703692][ T5840] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 94.767483][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 94.774823][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 94.801096][ T5840] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 94.966629][ T5835] hsr_slave_0: entered promiscuous mode [ 94.973132][ T5835] hsr_slave_1: entered promiscuous mode [ 94.979584][ T5835] debugfs: 'hsr0' already exists in 'hsr' [ 94.985475][ T5835] Cannot create hsr debugfs directory [ 95.144963][ T5837] Bluetooth: hci1: command tx timeout [ 95.179311][ T5840] hsr_slave_0: entered promiscuous mode [ 95.185965][ T5840] hsr_slave_1: entered promiscuous mode [ 95.192152][ T5840] debugfs: 'hsr0' already exists in 'hsr' [ 95.197956][ T5840] Cannot create hsr debugfs directory [ 95.224791][ T5837] Bluetooth: hci3: command tx timeout [ 95.230219][ T5837] Bluetooth: hci0: command tx timeout [ 95.236047][ T5824] Bluetooth: hci2: command tx timeout [ 95.313877][ T5837] Bluetooth: hci5: command tx timeout [ 95.319325][ T5837] Bluetooth: hci4: command tx timeout [ 95.656404][ T5822] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 95.670391][ T5822] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 95.707420][ T5822] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 95.719443][ T5822] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 95.780367][ T5821] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 95.800740][ T5821] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 95.826979][ T5821] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 95.838962][ T5821] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 95.907922][ T5825] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 95.927774][ T5825] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 95.942383][ T5825] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 95.965712][ T5825] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 96.072103][ T5840] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 96.088089][ T5840] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 96.101036][ T5840] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 96.113005][ T5840] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 96.183013][ T5822] 8021q: adding VLAN 0 to HW filter on device bond0 [ 96.240552][ T5822] 8021q: adding VLAN 0 to HW filter on device team0 [ 96.280906][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.288219][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.328236][ T5835] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 96.354679][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.361840][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.383592][ T5835] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 96.402166][ T5821] 8021q: adding VLAN 0 to HW filter on device bond0 [ 96.427376][ T5835] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 96.475374][ T5835] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 96.507844][ T5821] 8021q: adding VLAN 0 to HW filter on device team0 [ 96.578106][ T5823] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 96.590861][ T5823] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 96.604708][ T5823] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 96.622436][ T5823] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 96.637136][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.644285][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.690410][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.697582][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.716422][ T5825] 8021q: adding VLAN 0 to HW filter on device bond0 [ 96.819604][ T5825] 8021q: adding VLAN 0 to HW filter on device team0 [ 96.874704][ T5840] 8021q: adding VLAN 0 to HW filter on device bond0 [ 96.913279][ T156] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.920456][ T156] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.957080][ T156] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.964289][ T156] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.987357][ T5840] 8021q: adding VLAN 0 to HW filter on device team0 [ 97.050642][ T50] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.057860][ T50] bridge0: port 1(bridge_slave_0) entered forwarding state [ 97.148353][ T50] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.155580][ T50] bridge0: port 2(bridge_slave_1) entered forwarding state [ 97.216596][ T5835] 8021q: adding VLAN 0 to HW filter on device bond0 [ 97.225792][ T5837] Bluetooth: hci1: command tx timeout [ 97.304016][ T5837] Bluetooth: hci3: command tx timeout [ 97.314997][ T5824] Bluetooth: hci2: command tx timeout [ 97.320472][ T5837] Bluetooth: hci0: command tx timeout [ 97.341091][ T5822] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 97.373880][ T5840] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 97.388757][ T5837] Bluetooth: hci4: command tx timeout [ 97.394263][ T5824] Bluetooth: hci5: command tx timeout [ 97.406082][ T5835] 8021q: adding VLAN 0 to HW filter on device team0 [ 97.498996][ T84] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.506240][ T84] bridge0: port 1(bridge_slave_0) entered forwarding state [ 97.535926][ T84] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.543117][ T84] bridge0: port 2(bridge_slave_1) entered forwarding state [ 97.600550][ T5821] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 97.662562][ T5823] 8021q: adding VLAN 0 to HW filter on device bond0 [ 97.757262][ T5823] 8021q: adding VLAN 0 to HW filter on device team0 [ 97.800831][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.808119][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 97.835435][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.842797][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 97.948596][ T5835] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 97.996419][ T5821] veth0_vlan: entered promiscuous mode [ 98.078849][ T5823] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 98.114573][ T5821] veth1_vlan: entered promiscuous mode [ 98.141679][ T5825] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 98.258973][ T5840] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 98.379712][ T5821] veth0_macvtap: entered promiscuous mode [ 98.420357][ T5822] veth0_vlan: entered promiscuous mode [ 98.463222][ T5821] veth1_macvtap: entered promiscuous mode [ 98.500065][ T5822] veth1_vlan: entered promiscuous mode [ 98.607911][ T5821] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 98.693210][ T5821] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 98.708189][ T5840] veth0_vlan: entered promiscuous mode [ 98.734870][ T5822] veth0_macvtap: entered promiscuous mode [ 98.771914][ T156] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.784025][ T156] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.792973][ T156] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.805648][ T5835] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 98.813231][ T5822] veth1_macvtap: entered promiscuous mode [ 98.832339][ T5823] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 98.841565][ T50] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.867085][ T5840] veth1_vlan: entered promiscuous mode [ 98.918863][ T5822] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 98.971931][ T5822] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 99.072011][ T50] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.082457][ T50] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.093136][ T5825] veth0_vlan: entered promiscuous mode [ 99.109267][ T50] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.120497][ T50] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.149573][ T5825] veth1_vlan: entered promiscuous mode [ 99.161767][ T50] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.179817][ T50] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.190642][ T5840] veth0_macvtap: entered promiscuous mode [ 99.242122][ T5840] veth1_macvtap: entered promiscuous mode [ 99.255308][ T5835] veth0_vlan: entered promiscuous mode [ 99.267019][ T5823] veth0_vlan: entered promiscuous mode [ 99.275110][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.282942][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.304557][ T5837] Bluetooth: hci1: command tx timeout [ 99.384179][ T5837] Bluetooth: hci0: command tx timeout [ 99.389624][ T5837] Bluetooth: hci2: command tx timeout [ 99.395966][ T5824] Bluetooth: hci3: command tx timeout [ 99.402347][ T5823] veth1_vlan: entered promiscuous mode [ 99.416481][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 99.431543][ T5835] veth1_vlan: entered promiscuous mode [ 99.433886][ T5821] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 99.466353][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.473894][ T5837] Bluetooth: hci4: command tx timeout [ 99.474307][ T5824] Bluetooth: hci5: command tx timeout [ 99.485509][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.485931][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 99.561452][ T13] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.592014][ T5825] veth0_macvtap: entered promiscuous mode [ 99.630345][ T13] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.659240][ T156] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.675644][ T13] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.686618][ T156] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.694750][ T13] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.727214][ T5825] veth1_macvtap: entered promiscuous mode [ 99.780212][ T5835] veth0_macvtap: entered promiscuous mode [ 99.810137][ T5823] veth0_macvtap: entered promiscuous mode [ 99.829878][ T5823] veth1_macvtap: entered promiscuous mode [ 99.849863][ T5835] veth1_macvtap: entered promiscuous mode [ 100.167379][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 100.209137][ T5825] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 101.248370][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 101.401712][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.443578][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.480867][ T5825] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 101.796938][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 101.899272][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 102.585111][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 102.710703][ T156] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.732207][ T156] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.823289][ T156] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.844328][ T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.901051][ T5823] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 102.916712][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.928791][ T12] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.937688][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.945473][ T12] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.954619][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 103.010418][ T12] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.091542][ T5823] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 103.290058][ T12] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.083951][ T12] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.114079][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 104.124678][ T12] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.239061][ T12] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.664057][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 104.664747][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 104.672288][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 104.736851][ T12] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 104.977403][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.998881][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 105.040413][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.092219][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 105.281527][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.313653][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 105.636162][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 105.657005][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.549589][ T5998] slcan: can't register candev [ 106.622603][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 106.650937][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 106.960638][ T84] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 107.224205][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 107.233268][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 107.677836][ T84] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 107.985587][ T6006] netlink: 4 bytes leftover after parsing attributes in process `syz.3.15'. [ 109.821840][ T6017] faux_driver vkms: [drm] Unknown color mode 524; guessing buffer size. [ 109.861605][ T6021] loop3: detected capacity change from 0 to 512 [ 109.934382][ T6021] EXT4-fs: Ignoring removed bh option [ 109.973063][ T6023] syz.1.2 (6023): attempted to duplicate a private mapping with mremap. This is not supported. [ 109.978711][ T6021] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem [ 110.335641][ T6021] EXT4-fs (loop3): 1 truncate cleaned up [ 111.280603][ T6021] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 112.684535][ T31] audit: type=1800 audit(1772514371.600:2): pid=6044 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.19" name="file0" dev="loop3" ino=13 res=0 errno=0 [ 112.779647][ T6044] EXT4-fs error (device loop3): ext4_free_branches:1020: inode #13: comm syz.3.19: invalid indirect mapped block 4294901760 (level 0) [ 112.796820][ T6045] syzkaller0: entered promiscuous mode [ 112.802310][ T6045] syzkaller0: entered allmulticast mode [ 112.810232][ T6044] EXT4-fs error (device loop3): ext4_free_branches:1020: inode #13: comm syz.3.19: invalid indirect mapped block 4294967295 (level 1) [ 112.835774][ T6044] EXT4-fs error (device loop3): ext4_free_branches:1020: inode #13: comm syz.3.19: invalid indirect mapped block 65535 (level 2) [ 112.893795][ T6043] tipc: Started in network mode [ 112.898984][ T6043] tipc: Node identity 8a70580b0178, cluster identity 4711 [ 112.966757][ T6043] tipc: Enabled bearer , priority 0 [ 113.135656][ T5840] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 114.376546][ T6040] tipc: Resetting bearer [ 114.401080][ T1218] tipc: Node number set to 2332579851 [ 114.581525][ T6039] tipc: Resetting bearer [ 114.718795][ T6064] loop0: detected capacity change from 0 to 512 [ 114.781992][ T6064] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 114.797404][ T6039] tipc: Disabling bearer [ 114.804686][ T6064] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 114.914317][ T6064] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2857: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 114.915321][ T6065] loop1: detected capacity change from 0 to 4096 [ 115.047145][ T6064] EXT4-fs (loop0): 1 truncate cleaned up [ 115.121252][ T6064] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 116.058508][ T6065] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 118.134649][ T5835] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 118.523277][ T6086] netlink: 277 bytes leftover after parsing attributes in process `syz.5.31'. [ 121.696984][ T5823] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 122.895714][ T6118] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 129.830574][ T6129] NFSD: Failed to start, no listeners configured. [ 132.218504][ T1294] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.283611][ T1294] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.424298][ T5837] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 132.441249][ T5837] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 132.453806][ T5837] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 132.461969][ T5837] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 132.483994][ T5837] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 134.507781][ T6162] loop1: detected capacity change from 0 to 512 [ 134.585007][ T5824] Bluetooth: hci6: command tx timeout [ 134.746354][ T6162] EXT4-fs error (device loop1): ext4_orphan_get:1391: inode #15: comm syz.1.48: inode has both inline data and extents flags [ 134.759628][ T6162] loop1: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 134.762137][ T6162] EXT4-fs error (device loop1): ext4_orphan_get:1394: comm syz.1.48: couldn't read orphan inode 15 (err -117) [ 134.771383][ C1] EXT4-fs (loop1): error count since last fsck: 1 [ 134.771479][ C1] EXT4-fs (loop1): initial error at time 1772514393: ext4_orphan_get:1391: inode 15 [ 134.771532][ C1] EXT4-fs (loop1): last error at time 1772514393: ext4_orphan_get:1391: inode 15 [ 134.810135][ T6162] loop1: lost filesystem error report for type 5 error -117 [ 135.315157][ T6162] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 135.526316][ T6169] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 136.897677][ T5824] Bluetooth: hci6: command tx timeout [ 136.955735][ T5823] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 138.993937][ T5824] Bluetooth: hci6: command tx timeout [ 139.264968][ T6146] chnl_net:caif_netlink_parms(): no params data found [ 141.233672][ T5824] Bluetooth: hci6: command tx timeout [ 141.943241][ T6146] bridge0: port 1(bridge_slave_0) entered blocking state [ 141.950560][ T6146] bridge0: port 1(bridge_slave_0) entered disabled state [ 141.958177][ T6146] bridge_slave_0: entered allmulticast mode [ 141.975569][ T6146] bridge_slave_0: entered promiscuous mode [ 142.011476][ T6146] bridge0: port 2(bridge_slave_1) entered blocking state [ 142.019969][ T6146] bridge0: port 2(bridge_slave_1) entered disabled state [ 142.028169][ T6146] bridge_slave_1: entered allmulticast mode [ 142.043819][ T6146] bridge_slave_1: entered promiscuous mode [ 142.600968][ T6193] loop1: detected capacity change from 0 to 512 [ 142.992143][ T6193] EXT4-fs (loop1): Test dummy encryption mode enabled [ 143.173875][ T6193] EXT4-fs error (device loop1): __ext4_fill_super:5563: inode #2: comm syz.1.53: casefold flag without casefold feature [ 143.263630][ T6193] loop1: lost file I/O error report for ino 2 type 5 pos 0x0 len 0x0 error -117 [ 143.273564][ C0] EXT4-fs (loop1): error count since last fsck: 1 [ 143.289589][ C0] EXT4-fs (loop1): initial error at time 1772514402: __ext4_fill_super:5563: inode 2 [ 143.299212][ C0] EXT4-fs (loop1): last error at time 1772514402: __ext4_fill_super:5563: inode 2 [ 143.314278][ T6193] EXT4-fs (loop1): get root inode failed [ 143.320025][ T6193] EXT4-fs (loop1): mount failed [ 143.409184][ T6146] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 143.503330][ T6146] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 145.819297][ T156] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 146.005217][ T6212] nbd: must specify at least one socket [ 146.120959][ T5824] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 146.129697][ T5824] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 146.146359][ T5824] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 146.906990][ T5824] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 146.914738][ T5824] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 148.455127][ T156] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 148.720855][ T6146] team0: Port device team_slave_0 added [ 149.064527][ T5824] Bluetooth: hci5: command tx timeout [ 149.481407][ T6146] team0: Port device team_slave_1 added [ 149.808419][ T156] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 151.496967][ T6232] syz.0.66 (6232): drop_caches: 2 [ 152.033757][ T5824] Bluetooth: hci5: command tx timeout [ 154.103764][ T5824] Bluetooth: hci5: command tx timeout [ 155.424681][ T156] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 155.786115][ T6247] loop1: detected capacity change from 0 to 40427 [ 155.848350][ T6247] F2FS-fs (loop1): invalid crc value [ 155.996811][ T6247] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 156.208106][ T5824] Bluetooth: hci5: command tx timeout [ 156.314633][ T6247] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 156.327416][ T6146] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 156.345429][ T6146] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 156.414911][ T6146] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 156.533643][ T31] audit: type=1800 audit(1772514415.450:3): pid=6247 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.71" name="file1" dev="loop1" ino=10 res=0 errno=0 [ 156.621637][ T6146] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 156.717258][ T6146] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 156.744110][ T6146] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 156.768092][ T6258] loop5: detected capacity change from 0 to 4096 [ 156.840324][ T6258] ntfs3(loop5): Different NTFS sector size (4096) and media sector size (512). [ 156.885183][ T6146] hsr_slave_0: entered promiscuous mode [ 156.925905][ T6146] hsr_slave_1: entered promiscuous mode [ 156.932564][ T6146] debugfs: 'hsr0' already exists in 'hsr' [ 157.164476][ T6146] Cannot create hsr debugfs directory [ 158.205120][ T6258] ntfs3(loop5): ino=1a, mi_enum_attr [ 158.293980][ T6258] ntfs3(loop5): Mark volume as dirty due to NTFS errors [ 158.467533][ T6258] ntfs3(loop5): ino=1a, mi_enum_attr [ 158.472861][ T6258] ntfs3(loop5): Failed to initialize $Extend/$Reparse. [ 158.751078][ T5823] syz-executor: attempt to access beyond end of device [ 158.751078][ T5823] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 159.189204][ T5823] CPU: 0 UID: 0 PID: 5823 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) [ 159.189253][ T5823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 159.189274][ T5823] Call Trace: [ 159.189285][ T5823] [ 159.189298][ T5823] dump_stack_lvl+0x100/0x190 [ 159.189360][ T5823] f2fs_handle_critical_error+0x5d7/0x970 [ 159.189418][ T5823] ? srso_alias_return_thunk+0x5/0xfbef5 [ 159.189463][ T5823] ? f2fs_build_fault_attr+0x53/0x280 [ 159.189521][ T5823] f2fs_write_end_io+0xc3f/0xf30 [ 159.189584][ T5823] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 159.189650][ T5823] ? srso_alias_return_thunk+0x5/0xfbef5 [ 159.189703][ T5823] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 159.189762][ T5823] bio_endio+0x7a3/0x910 [ 159.189818][ T5823] submit_bio_noacct+0x64c/0x2010 [ 159.189870][ T5823] f2fs_submit_write_bio+0x133/0x350 [ 159.189927][ T5823] __submit_merged_bio+0x331/0x7b0 [ 159.189993][ T5823] __submit_merged_write_cond+0x3fe/0x510 [ 159.190063][ T5823] ? __pfx___submit_merged_write_cond+0x10/0x10 [ 159.190141][ T5823] ? __pfx___might_resched+0x10/0x10 [ 159.190178][ T5823] ? srso_alias_return_thunk+0x5/0xfbef5 [ 159.190232][ T5823] f2fs_write_cache_pages+0x21c0/0x2720 [ 159.190296][ T5823] ? __pfx_f2fs_write_cache_pages+0x10/0x10 [ 159.190345][ T5823] ? __kasan_check_byte+0x13/0x50 [ 159.190394][ T5823] ? srso_alias_return_thunk+0x5/0xfbef5 [ 159.190438][ T5823] ? __kasan_check_byte+0x13/0x50 [ 159.190485][ T5823] ? srso_alias_return_thunk+0x5/0xfbef5 [ 159.190530][ T5823] ? unwind_next_frame+0x3be/0x1ea0 [ 159.190569][ T5823] ? srso_alias_return_thunk+0x5/0xfbef5 [ 159.190614][ T5823] ? rcu_is_watching+0x12/0xc0 [ 159.190652][ T5823] ? srso_alias_return_thunk+0x5/0xfbef5 [ 159.190732][ T5823] ? lock_acquire+0x1cf/0x380 [ 159.190786][ T5823] ? srso_alias_return_thunk+0x5/0xfbef5 [ 159.190831][ T5823] ? find_held_lock+0x2b/0x80 [ 159.190913][ T5823] ? srso_alias_return_thunk+0x5/0xfbef5 [ 159.190958][ T5823] ? rcu_is_watching+0x12/0xc0 [ 159.191002][ T5823] f2fs_write_data_pages+0x799/0x16d0 [ 159.191056][ T5823] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 159.191106][ T5823] ? srso_alias_return_thunk+0x5/0xfbef5 [ 159.191156][ T5823] ? preempt_schedule_thunk+0x16/0x30 [ 159.191208][ T5823] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 159.191253][ T5823] do_writepages+0x278/0x600 [ 159.191312][ T5823] ? __pfx_do_writepages+0x10/0x10 [ 159.191366][ T5823] ? srso_alias_return_thunk+0x5/0xfbef5 [ 159.191409][ T5823] ? _raw_spin_unlock+0x3e/0x50 [ 159.191452][ T5823] filemap_writeback+0x22d/0x2e0 [ 159.191509][ T5823] ? __pfx_filemap_writeback+0x10/0x10 [ 159.191562][ T5823] ? srso_alias_return_thunk+0x5/0xfbef5 [ 159.191606][ T5823] ? trace_sched_exit_tp+0x13a/0x180 [ 159.191705][ T5823] ? srso_alias_return_thunk+0x5/0xfbef5 [ 159.191750][ T5823] ? preempt_schedule_common+0x42/0xc0 [ 159.191793][ T5823] ? srso_alias_return_thunk+0x5/0xfbef5 [ 159.191837][ T5823] ? preempt_schedule_thunk+0x16/0x30 [ 159.191893][ T5823] f2fs_sync_dirty_inodes+0x452/0x990 [ 159.191953][ T5823] block_operations+0x2a6/0xfc0 [ 159.192006][ T5823] ? __pfx_block_operations+0x10/0x10 [ 159.192047][ T5823] ? check_noncircular+0x97/0x160 [ 159.192150][ T5823] ? ktime_get+0x212/0x300 [ 159.192196][ T5823] ? ktime_get+0x221/0x300 [ 159.192241][ T5823] ? ktime_get+0xad/0x300 [ 159.192286][ T5823] ? srso_alias_return_thunk+0x5/0xfbef5 [ 159.192330][ T5823] ? rcu_is_watching+0x12/0xc0 [ 159.192374][ T5823] f2fs_write_checkpoint+0x582/0x5550 [ 159.192426][ T5823] ? srso_alias_return_thunk+0x5/0xfbef5 [ 159.192470][ T5823] ? _raw_spin_unlock_irq+0x2e/0x50 [ 159.192506][ T5823] ? srso_alias_return_thunk+0x5/0xfbef5 [ 159.192551][ T5823] ? __wait_for_common+0x1f3/0x4c0 [ 159.192594][ T5823] ? __pfx_schedule_timeout+0x10/0x10 [ 159.192661][ T5823] ? __pfx___wait_for_common+0x10/0x10 [ 159.192703][ T5823] ? kasan_quarantine_put+0x104/0x240 [ 159.192746][ T5823] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 159.192789][ T5823] ? srso_alias_return_thunk+0x5/0xfbef5 [ 159.192843][ T5823] ? srso_alias_return_thunk+0x5/0xfbef5 [ 159.192886][ T5823] ? rcu_is_watching+0x12/0xc0 [ 159.192923][ T5823] ? srso_alias_return_thunk+0x5/0xfbef5 [ 159.192967][ T5823] ? kthread_stop+0x280/0x680 [ 159.193027][ T5823] kill_f2fs_super+0x3e5/0x490 [ 159.193070][ T5823] ? __pfx_kill_f2fs_super+0x10/0x10 [ 159.193138][ T5823] ? lockdep_hardirqs_on+0x78/0x100 [ 159.193180][ T5823] ? srso_alias_return_thunk+0x5/0xfbef5 [ 159.193225][ T5823] ? srso_alias_return_thunk+0x5/0xfbef5 [ 159.193284][ T5823] deactivate_locked_super+0xc1/0x1b0 [ 159.193328][ T5823] deactivate_super+0xe7/0x110 [ 159.193372][ T5823] cleanup_mnt+0x21f/0x450 [ 159.193425][ T5823] task_work_run+0x150/0x240 [ 159.193462][ T5823] ? __pfx_task_work_run+0x10/0x10 [ 159.193498][ T5823] ? srso_alias_return_thunk+0x5/0xfbef5 [ 159.193549][ T5823] ? srso_alias_return_thunk+0x5/0xfbef5 [ 159.193602][ T5823] exit_to_user_mode_loop+0x100/0x4a0 [ 159.193664][ T5823] do_syscall_64+0x67c/0xf80 [ 159.193707][ T5823] ? irqentry_exit+0x138/0x670 [ 159.193754][ T5823] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 159.193792][ T5823] RIP: 0033:0x7f1ccd99d9d7 [ 159.193820][ T5823] Code: a2 c7 05 1c ed 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 [ 159.193855][ T5823] RSP: 002b:00007fff021ee228 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 159.193887][ T5823] RAX: 0000000000000000 RBX: 00007f1ccda31f90 RCX: 00007f1ccd99d9d7 [ 159.193910][ T5823] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff021ee2e0 [ 159.193932][ T5823] RBP: 00007fff021ee2e0 R08: 00007fff021ef2e0 R09: 00000000ffffffff [ 159.193955][ T5823] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff021ef370 [ 159.193978][ T5823] R13: 00007f1ccda31f90 R14: 00000000000265da R15: 00007fff021ef3b0 [ 159.194025][ T5823] [ 159.868941][ T5823] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 160.944268][ T6275] hfs: can't find a HFS filesystem on dev nullb0 [ 161.859398][ T6282] qnx6: unable to read the first superblock [ 161.868072][ T6282] qnx6: unable to read the first superblock [ 161.874246][ T6282] qnx6: unable to read the first superblock [ 163.756825][ T6291] loop0: detected capacity change from 0 to 512 [ 163.827269][ T6291] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 163.894092][ T6291] EXT4-fs (loop0): 1 truncate cleaned up [ 164.162613][ T156] bridge_slave_1: left allmulticast mode [ 164.173613][ T156] bridge_slave_1: left promiscuous mode [ 164.180862][ T156] bridge0: port 2(bridge_slave_1) entered disabled state [ 164.224269][ T6291] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 165.031428][ T156] bridge_slave_0: left allmulticast mode [ 165.083642][ T156] bridge_slave_0: left promiscuous mode [ 165.089591][ T156] bridge0: port 1(bridge_slave_0) entered disabled state [ 167.400378][ T6324] loop5: detected capacity change from 0 to 1764 [ 168.386160][ T5835] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 169.137462][ T5824] Bluetooth: hci2: hcon ffff88807c63c000 sent 0 < count 137 [ 169.146666][ T5824] Bluetooth: hci2: hcon ffff88807c63c000 sent 0 < count 6 [ 169.154257][ T5824] Bluetooth: hci2: hcon ffff88807c63c000 sent 0 < count 255 [ 169.330854][ T5902] IPVS: starting estimator thread 0... [ 169.594807][ T6340] IPVS: using max 23 ests per chain, 55200 per kthread [ 170.181003][ T6348] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 170.181003][ T6348] program syz.4.91 not setting count and/or reply_len properly [ 172.256391][ T156] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 172.312179][ T156] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 172.356163][ T156] bond0 (unregistering): Released all slaves [ 172.470851][ T6213] chnl_net:caif_netlink_parms(): no params data found [ 178.928308][ T6213] bridge0: port 1(bridge_slave_0) entered blocking state [ 178.943829][ T6213] bridge0: port 1(bridge_slave_0) entered disabled state [ 178.951606][ T6213] bridge_slave_0: entered allmulticast mode [ 178.959800][ T6213] bridge_slave_0: entered promiscuous mode [ 178.975494][ T6146] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 179.034226][ T6146] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 179.293808][ T6213] bridge0: port 2(bridge_slave_1) entered blocking state [ 179.300937][ T6213] bridge0: port 2(bridge_slave_1) entered disabled state [ 179.324904][ T6213] bridge_slave_1: entered allmulticast mode [ 179.334331][ T6213] bridge_slave_1: entered promiscuous mode [ 179.511295][ T6146] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 179.827489][ T6146] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 179.936447][ T6213] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 179.991305][ T6213] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 180.131345][ T156] hsr_slave_0: left promiscuous mode [ 181.258122][ T156] hsr_slave_1: left promiscuous mode [ 181.266251][ T156] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 181.293750][ T156] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 182.265345][ T156] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 182.308724][ T156] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 184.266330][ T156] veth1_macvtap: left promiscuous mode [ 184.305904][ T156] veth0_macvtap: left promiscuous mode [ 184.311550][ T156] veth1_vlan: left promiscuous mode [ 184.555625][ T156] veth0_vlan: left promiscuous mode [ 188.063615][ T6474] mmap: syz.4.118 (6474) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 191.655915][ T156] team0 (unregistering): Port device team_slave_1 removed [ 191.734425][ T5837] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 191.743417][ T5837] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 191.751633][ T5837] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 191.764467][ T156] team0 (unregistering): Port device team_slave_0 removed [ 191.771875][ T5837] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 191.783823][ T5837] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 192.171095][ T6493] process 'syz.5.122' launched './file1' with NULL argv: empty string added [ 193.678497][ T1294] ieee802154 phy0 wpan0: encryption failed: -22 [ 193.685477][ T1294] ieee802154 phy1 wpan1: encryption failed: -22 [ 193.914916][ T5837] Bluetooth: hci0: command tx timeout [ 194.486479][ T6213] team0: Port device team_slave_0 added [ 194.497287][ T6213] team0: Port device team_slave_1 added [ 196.051317][ T5837] Bluetooth: hci0: command tx timeout [ 196.119038][ T6213] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 196.126113][ T6213] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 196.256636][ T6213] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 196.285419][ T6213] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 196.302305][ T6213] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 196.331235][ T6213] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 197.340295][ T6213] hsr_slave_0: entered promiscuous mode [ 197.371079][ T6213] hsr_slave_1: entered promiscuous mode [ 197.396240][ T5987] hid (null): unknown global tag 0xd [ 197.401714][ T5987] hid (null): unknown global tag 0xd [ 197.409107][ T6213] debugfs: 'hsr0' already exists in 'hsr' [ 197.420573][ T5987] hid-generic 0005:0005:0001.0001: unknown global tag 0xd [ 197.428069][ T5987] hid-generic 0005:0005:0001.0001: item 0 2 1 13 parsing failed [ 197.436459][ T5987] hid-generic 0005:0005:0001.0001: probe with driver hid-generic failed with error -22 [ 197.479880][ T6213] Cannot create hsr debugfs directory [ 197.605806][ T6531] loop1: detected capacity change from 0 to 1024 [ 197.638938][ T6531] EXT4-fs: Ignoring removed nomblk_io_submit option [ 197.826869][ T6531] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 198.103818][ T5837] Bluetooth: hci0: command tx timeout [ 199.659485][ T5823] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 201.073845][ T5837] Bluetooth: hci0: command tx timeout [ 207.748855][ T6597] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 208.495732][ T5824] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 208.506241][ T5824] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 208.514999][ T5824] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 208.551602][ T5824] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 208.585993][ T5824] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 210.049282][ T6608] serio: Serial port ttyS3 [ 210.685793][ T5837] Bluetooth: hci6: command tx timeout [ 210.875715][ T6488] chnl_net:caif_netlink_parms(): no params data found [ 212.793764][ T5837] Bluetooth: hci6: command tx timeout [ 214.870353][ T52] Bluetooth: hci6: command tx timeout [ 216.244099][ T6646] ======================================================= [ 216.244099][ T6646] WARNING: The mand mount option has been deprecated and [ 216.244099][ T6646] and is ignored by this kernel. Remove the mand [ 216.244099][ T6646] option from the mount to silence this warning. [ 216.244099][ T6646] ======================================================= [ 216.952180][ T52] Bluetooth: hci1: command 0x0406 tx timeout [ 216.958523][ T5833] Bluetooth: hci2: command 0x0406 tx timeout [ 216.965470][ T5834] Bluetooth: hci3: command 0x0406 tx timeout [ 216.965503][ T52] Bluetooth: hci4: command 0x0406 tx timeout [ 216.971509][ T5834] Bluetooth: hci6: command tx timeout [ 219.533041][ T6488] bridge0: port 1(bridge_slave_0) entered blocking state [ 219.547879][ T6488] bridge0: port 1(bridge_slave_0) entered disabled state [ 219.579005][ T6488] bridge_slave_0: entered allmulticast mode [ 219.599606][ T6488] bridge_slave_0: entered promiscuous mode [ 219.927188][ T6655] 8021q: adding VLAN 0 to HW filter on device bond1 [ 220.108107][ T6657] bond1: (slave ip6gretap1): making interface the new active one [ 220.988183][ T6657] bond1: (slave ip6gretap1): Enslaving as an active interface with an up link [ 221.433424][ T6488] bridge0: port 2(bridge_slave_1) entered blocking state [ 221.474749][ T6488] bridge0: port 2(bridge_slave_1) entered disabled state [ 221.512885][ T6488] bridge_slave_1: entered allmulticast mode [ 222.674186][ T6488] bridge_slave_1: entered promiscuous mode [ 223.183269][ T6488] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 223.205974][ T6701] loop0: detected capacity change from 0 to 1024 [ 223.513124][ T6488] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 224.874368][ T6701] EXT4-fs error (device loop0): ext4_ext_check_inode:521: inode #4: comm syz.0.163: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 2, max 4(4), depth 0(0) [ 224.902815][ T6701] loop0: lost file I/O error report for ino 4 type 5 pos 0x0 len 0x0 error -117 [ 224.903328][ T6701] EXT4-fs error (device loop0): ext4_quota_enable:7194: comm syz.0.163: Bad quota inode: 4, type: 1 [ 224.912472][ C0] EXT4-fs (loop0): error count since last fsck: 1 [ 224.912504][ C0] EXT4-fs (loop0): initial error at time 2000000005: ext4_ext_check_inode:521: inode 4 [ 224.912564][ C0] EXT4-fs (loop0): last error at time 2000000005: ext4_ext_check_inode:521: inode 4 [ 225.023704][ T6701] loop0: lost filesystem error report for type 5 error -117 [ 225.024411][ T6701] EXT4-fs warning (device loop0): ext4_enable_quotas:7232: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 225.093055][ T6701] EXT4-fs (loop0): mount failed [ 227.079094][ T156] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 228.476047][ T6488] team0: Port device team_slave_0 added [ 228.520812][ T6488] team0: Port device team_slave_1 added [ 228.932191][ T156] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 231.192593][ T6488] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 231.804064][ T6488] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 232.296064][ T6488] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 232.774483][ T6488] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 232.781451][ T6488] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 232.922072][ T6488] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 232.947608][ T6765] loop5: detected capacity change from 0 to 764 [ 233.889607][ T156] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 235.873935][ T6598] chnl_net:caif_netlink_parms(): no params data found [ 237.255584][ T156] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 237.908382][ T6488] hsr_slave_0: entered promiscuous mode [ 237.945246][ T6488] hsr_slave_1: entered promiscuous mode [ 237.962987][ T6488] debugfs: 'hsr0' already exists in 'hsr' [ 237.994782][ T6488] Cannot create hsr debugfs directory [ 239.935234][ T6795] syzkaller0: entered promiscuous mode [ 239.940760][ T6795] syzkaller0: entered allmulticast mode [ 241.774290][ T156] bridge_slave_1: left allmulticast mode [ 241.787532][ T156] bridge_slave_1: left promiscuous mode [ 241.845972][ T156] bridge0: port 2(bridge_slave_1) entered disabled state [ 241.985379][ T156] bridge_slave_0: left allmulticast mode [ 242.033687][ T156] bridge_slave_0: left promiscuous mode [ 242.083805][ T156] bridge0: port 1(bridge_slave_0) entered disabled state [ 242.556973][ T6837] loop1: detected capacity change from 0 to 512 [ 243.288752][ T156] bridge_slave_1: left allmulticast mode [ 243.326514][ T156] bridge_slave_1: left promiscuous mode [ 243.343823][ T156] bridge0: port 2(bridge_slave_1) entered disabled state [ 243.530353][ T156] bridge_slave_0: left allmulticast mode [ 243.672276][ T156] bridge_slave_0: left promiscuous mode [ 243.934160][ T156] bridge0: port 1(bridge_slave_0) entered disabled state [ 248.718365][ T156] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 249.554145][ T156] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 249.815403][ T6868] loop5: detected capacity change from 0 to 512 [ 249.844754][ T6868] EXT4-fs: Ignoring removed bh option [ 250.078783][ T6868] EXT4-fs (loop5): mounting ext3 file system using the ext4 subsystem [ 250.115606][ T156] bond0 (unregistering): Released all slaves [ 250.444699][ T6868] EXT4-fs (loop5): 1 truncate cleaned up [ 251.252613][ T6868] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 251.787775][ T6886] netlink: 'syz.4.204': attribute type 2 has an invalid length. [ 251.796115][ T6886] netlink: 224 bytes leftover after parsing attributes in process `syz.4.204'. [ 253.150942][ T5825] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 253.264466][ T5826] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 253.278590][ T5826] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 253.286781][ T5826] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 253.308920][ T5826] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 253.334699][ T5826] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 254.409867][ T156] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 254.724300][ T156] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 255.465476][ T5826] Bluetooth: hci5: command tx timeout [ 255.471665][ T1294] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.480113][ T156] bond0 (unregistering): Released all slaves [ 255.486176][ T1294] ieee802154 phy1 wpan1: encryption failed: -22 [ 257.075091][ T6598] bridge0: port 1(bridge_slave_0) entered blocking state [ 257.109969][ T6598] bridge0: port 1(bridge_slave_0) entered disabled state [ 257.322369][ T6598] bridge_slave_0: entered allmulticast mode [ 257.387130][ T6598] bridge_slave_0: entered promiscuous mode [ 257.428311][ T6598] bridge0: port 2(bridge_slave_1) entered blocking state [ 257.469644][ T6598] bridge0: port 2(bridge_slave_1) entered disabled state [ 257.491686][ T6598] bridge_slave_1: entered allmulticast mode [ 257.543705][ T5826] Bluetooth: hci5: command tx timeout [ 257.549155][ T6598] bridge_slave_1: entered promiscuous mode [ 259.476581][ T6933] netlink: 'syz.1.218': attribute type 2 has an invalid length. [ 259.484391][ T6933] netlink: 224 bytes leftover after parsing attributes in process `syz.1.218'. [ 259.653680][ T5826] Bluetooth: hci5: command tx timeout [ 260.501762][ T6598] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 260.613849][ T6938] binder: 6937:6938 ioctl c0306201 0 returned -14 [ 262.306695][ T5826] Bluetooth: hci5: command tx timeout [ 263.029495][ T6598] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 264.464800][ T6528] ================================================================== [ 264.472912][ T6528] BUG: KASAN: use-after-free in __mutex_lock+0x1861/0x1b90 [ 264.480190][ T6528] Read of size 8 at addr ffff88805adbc0a8 by task khidpd_00050001/6528 [ 264.488444][ T6528] [ 264.490778][ T6528] CPU: 0 UID: 0 PID: 6528 Comm: khidpd_00050001 Not tainted syzkaller #0 PREEMPT(full) [ 264.490823][ T6528] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 264.490846][ T6528] Call Trace: [ 264.490857][ T6528] [ 264.490869][ T6528] dump_stack_lvl+0x100/0x190 [ 264.490927][ T6528] print_report+0x156/0x4c9 [ 264.490980][ T6528] ? srso_alias_return_thunk+0x5/0xfbef5 [ 264.491025][ T6528] ? srso_alias_return_thunk+0x5/0xfbef5 [ 264.491069][ T6528] ? __phys_addr+0xe8/0x180 [ 264.491121][ T6528] ? __mutex_lock+0x1861/0x1b90 [ 264.491167][ T6528] kasan_report+0xdf/0x1e0 [ 264.491218][ T6528] ? __mutex_lock+0x1861/0x1b90 [ 264.491270][ T6528] __mutex_lock+0x1861/0x1b90 [ 264.491314][ T6528] ? __pfx_debug_object_deactivate+0x10/0x10 [ 264.491377][ T6528] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 264.491415][ T6528] ? l2cap_unregister_user+0x71/0x240 [ 264.491466][ T6528] ? _raw_spin_lock_irqsave+0x52/0x60 [ 264.491505][ T6528] ? __pfx___mutex_lock+0x10/0x10 [ 264.491549][ T6528] ? __try_to_del_timer_sync+0x107/0x160 [ 264.491597][ T6528] ? srso_alias_return_thunk+0x5/0xfbef5 [ 264.491642][ T6528] ? rcu_is_watching+0x12/0xc0 [ 264.491681][ T6528] ? srso_alias_return_thunk+0x5/0xfbef5 [ 264.491725][ T6528] ? lockdep_hardirqs_on+0x78/0x100 [ 264.491770][ T6528] ? __try_to_del_timer_sync+0x107/0x160 [ 264.491817][ T6528] ? __pfx___try_to_del_timer_sync+0x10/0x10 [ 264.491871][ T6528] ? l2cap_unregister_user+0x71/0x240 [ 264.491918][ T6528] l2cap_unregister_user+0x71/0x240 [ 264.491969][ T6528] hidp_session_thread+0x459/0x680 [ 264.492006][ T6528] ? __pfx_hidp_session_thread+0x10/0x10 [ 264.492043][ T6528] ? __pfx_hidp_session_wake_function+0x10/0x10 [ 264.492106][ T6528] ? srso_alias_return_thunk+0x5/0xfbef5 [ 264.492151][ T6528] ? rcu_is_watching+0x12/0xc0 [ 264.492189][ T6528] ? __pfx_hidp_session_wake_function+0x10/0x10 [ 264.492249][ T6528] ? srso_alias_return_thunk+0x5/0xfbef5 [ 264.492295][ T6528] ? srso_alias_return_thunk+0x5/0xfbef5 [ 264.492339][ T6528] ? __kthread_parkme+0x18c/0x230 [ 264.492396][ T6528] ? kthread+0x13a/0x450 [ 264.492450][ T6528] ? __pfx_hidp_session_thread+0x10/0x10 [ 264.492485][ T6528] kthread+0x370/0x450 [ 264.492539][ T6528] ? __pfx_kthread+0x10/0x10 [ 264.492596][ T6528] ret_from_fork+0x754/0xd80 [ 264.492655][ T6528] ? __pfx_ret_from_fork+0x10/0x10 [ 264.492711][ T6528] ? srso_alias_return_thunk+0x5/0xfbef5 [ 264.492756][ T6528] ? rcu_is_watching+0x12/0xc0 [ 264.492793][ T6528] ? srso_alias_return_thunk+0x5/0xfbef5 [ 264.492837][ T6528] ? __switch_to+0x7b4/0x1120 [ 264.492878][ T6528] ? __pfx_kthread+0x10/0x10 [ 264.492935][ T6528] ret_from_fork_asm+0x1a/0x30 [ 264.492988][ T6528] [ 264.493000][ T6528] [ 264.752223][ T6528] The buggy address belongs to the physical page: [ 264.758630][ T6528] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88805adbe000 pfn:0x5adbc [ 264.768699][ T6528] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 264.775820][ T6528] raw: 00fff00000000000 ffffea000162f608 ffffea0001526a08 0000000000000000 [ 264.784498][ T6528] raw: ffff88805adbe000 0000000000000000 00000000ffffffff 0000000000000000 [ 264.793093][ T6528] page dumped because: kasan: bad access detected [ 264.799499][ T6528] page_owner tracks the page as freed [ 264.804858][ T6528] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x40dc0(GFP_KERNEL|__GFP_ZERO|__GFP_COMP), pid 6488, tgid 6488 (syz-executor), ts 191690736743, free_ts 264442563562 [ 264.822940][ T6528] post_alloc_hook+0x153/0x170 [ 264.827744][ T6528] get_page_from_freelist+0x111d/0x3140 [ 264.833304][ T6528] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 264.839205][ T6528] alloc_pages_mpol+0x1fb/0x550 [ 264.844242][ T6528] ___kmalloc_large_node+0x104/0x150 [ 264.849637][ T6528] __kmalloc_large_node_noprof+0x1c/0x70 [ 264.855299][ T6528] __kmalloc_noprof+0x5be/0x850 [ 264.860157][ T6528] hci_alloc_dev_priv+0x1d/0x28a0 [ 264.865188][ T6528] __vhci_create_device+0xf0/0x880 [ 264.870322][ T6528] vhci_write+0x2c4/0x490 [ 264.874758][ T6528] vfs_write+0x6ac/0x1070 [ 264.879100][ T6528] ksys_write+0x12a/0x250 [ 264.883434][ T6528] do_syscall_64+0x106/0xf80 [ 264.888032][ T6528] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 264.893932][ T6528] page last free pid 6488 tgid 6488 stack trace: [ 264.900343][ T6528] __free_frozen_pages+0x7e1/0x10d0 [ 264.905570][ T6528] hci_release_dev+0x4ef/0x630 [ 264.910367][ T6528] bt_host_release+0x6a/0xb0 [ 264.914961][ T6528] device_release+0xa4/0x240 [ 264.919556][ T6528] kobject_put+0x1f7/0x640 [ 264.923991][ T6528] put_device+0x1f/0x30 [ 264.928154][ T6528] vhci_release+0x185/0x230 [ 264.932677][ T6528] __fput+0x3ff/0xb40 [ 264.936851][ T6528] task_work_run+0x150/0x240 [ 264.941444][ T6528] do_exit+0x829/0x2aa0 [ 264.945612][ T6528] do_group_exit+0xd5/0x2a0 [ 264.950189][ T6528] get_signal+0x1ec7/0x21e0 [ 264.954703][ T6528] arch_do_signal_or_restart+0x91/0x7a0 [ 264.960270][ T6528] exit_to_user_mode_loop+0x86/0x4a0 [ 264.965580][ T6528] do_syscall_64+0x67c/0xf80 [ 264.970183][ T6528] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 264.976091][ T6528] [ 264.978408][ T6528] Memory state around the buggy address: [ 264.984029][ T6528] ffff88805adbbf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 264.992112][ T6528] ffff88805adbc000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 265.000176][ T6528] >ffff88805adbc080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 265.008407][ T6528] ^ [ 265.013863][ T6528] ffff88805adbc100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 265.021926][ T6528] ffff88805adbc180: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 265.029985][ T6528] ================================================================== [ 265.039923][ T6528] Disabling lock debugging due to kernel taint [ 265.047829][ T6528] non-slab/vmalloc memory [ 265.052246][ T6528] list_del corruption. prev->next should be ffffc900043c7c50, but was 0000000000000000. (prev=ffff88805adbc0a8) [ 265.064859][ T6528] ------------[ cut here ]------------ [ 265.070301][ T6528] kernel BUG at lib/list_debug.c:62! [ 265.075580][ T6528] Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI [ 265.082079][ T6528] CPU: 0 UID: 0 PID: 6528 Comm: khidpd_00050001 Tainted: G B syzkaller #0 PREEMPT(full) [ 265.093373][ T6528] Tainted: [B]=BAD_PAGE [ 265.097513][ T6528] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 265.107559][ T6528] RIP: 0010:__list_del_entry_valid_or_report+0x14a/0x1d0 [ 265.114622][ T6528] Code: 00 00 fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 8d 00 00 00 48 8b 55 00 48 89 e9 48 89 de 48 c7 c7 40 fa 1a 8c e8 87 c2 25 fc 90 <0f> 0b 4c 89 e7 e8 fc 7c 52 fd 48 89 ea 48 b8 00 00 00 00 00 fc ff [ 265.134414][ T6528] RSP: 0018:ffffc900043c7b20 EFLAGS: 00010082 [ 265.140485][ T6528] RAX: 000000000000006d RBX: ffffc900043c7c50 RCX: 0000000000000000 [ 265.148455][ T6528] RDX: 000000000000006d RSI: ffffffff81e77f29 RDI: fffff52000878f55 [ 265.156423][ T6528] RBP: ffff88805adbc0a8 R08: 0000000000000005 R09: 0000000000000000 [ 265.164390][ T6528] R10: 0000000000000002 R11: 6c65645f7473696c R12: ffff88805adbc0a8 [ 265.172390][ T6528] R13: 0000000000000246 R14: ffffc900043c7c50 R15: ffff888031e80000 [ 265.180368][ T6528] FS: 0000000000000000(0000) GS:ffff888124345000(0000) knlGS:0000000000000000 [ 265.189293][ T6528] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 265.195945][ T6528] CR2: 000000110c3784c2 CR3: 000000005cf94000 CR4: 0000000000350ef0 [ 265.203912][ T6528] Call Trace: [ 265.207181][ T6528] [ 265.210188][ T6528] __mutex_remove_waiter+0x1a/0x1a0 [ 265.215406][ T6528] ? __mutex_lock+0x7ca/0x1b90 [ 265.220173][ T6528] __mutex_lock+0x828/0x1b90 [ 265.224872][ T6528] ? __pfx_debug_object_deactivate+0x10/0x10 [ 265.231063][ T6528] ? l2cap_unregister_user+0x71/0x240 [ 265.236446][ T6528] ? __pfx___mutex_lock+0x10/0x10 [ 265.241474][ T6528] ? __try_to_del_timer_sync+0x107/0x160 [ 265.247152][ T6528] ? srso_alias_return_thunk+0x5/0xfbef5 [ 265.252789][ T6528] ? rcu_is_watching+0x12/0xc0 [ 265.257552][ T6528] ? srso_alias_return_thunk+0x5/0xfbef5 [ 265.263186][ T6528] ? lockdep_hardirqs_on+0x78/0x100 [ 265.268395][ T6528] ? __try_to_del_timer_sync+0x107/0x160 [ 265.274517][ T6528] ? __pfx___try_to_del_timer_sync+0x10/0x10 [ 265.280594][ T6528] ? l2cap_unregister_user+0x71/0x240 [ 265.285988][ T6528] l2cap_unregister_user+0x71/0x240 [ 265.291196][ T6528] hidp_session_thread+0x459/0x680 [ 265.296305][ T6528] ? __pfx_hidp_session_thread+0x10/0x10 [ 265.302194][ T6528] ? __pfx_hidp_session_wake_function+0x10/0x10 [ 265.308447][ T6528] ? srso_alias_return_thunk+0x5/0xfbef5 [ 265.314083][ T6528] ? rcu_is_watching+0x12/0xc0 [ 265.318854][ T6528] ? __pfx_hidp_session_wake_function+0x10/0x10 [ 265.325193][ T6528] ? srso_alias_return_thunk+0x5/0xfbef5 [ 265.330837][ T6528] ? srso_alias_return_thunk+0x5/0xfbef5 [ 265.336738][ T6528] ? __kthread_parkme+0x18c/0x230 [ 265.341773][ T6528] ? kthread+0x13a/0x450 [ 265.346171][ T6528] ? __pfx_hidp_session_thread+0x10/0x10 [ 265.351822][ T6528] kthread+0x370/0x450 [ 265.355906][ T6528] ? __pfx_kthread+0x10/0x10 [ 265.360600][ T6528] ret_from_fork+0x754/0xd80 [ 265.365203][ T6528] ? __pfx_ret_from_fork+0x10/0x10 [ 265.370324][ T6528] ? srso_alias_return_thunk+0x5/0xfbef5 [ 265.376306][ T6528] ? rcu_is_watching+0x12/0xc0 [ 265.381065][ T6528] ? srso_alias_return_thunk+0x5/0xfbef5 [ 265.386693][ T6528] ? __switch_to+0x7b4/0x1120 [ 265.391366][ T6528] ? __pfx_kthread+0x10/0x10 [ 265.395966][ T6528] ret_from_fork_asm+0x1a/0x30 [ 265.400736][ T6528] [ 265.403737][ T6528] Modules linked in: [ 265.407623][ T6528] ---[ end trace 0000000000000000 ]--- [ 265.413060][ T6528] RIP: 0010:__list_del_entry_valid_or_report+0x14a/0x1d0 [ 265.420091][ T6528] Code: 00 00 fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 8d 00 00 00 48 8b 55 00 48 89 e9 48 89 de 48 c7 c7 40 fa 1a 8c e8 87 c2 25 fc 90 <0f> 0b 4c 89 e7 e8 fc 7c 52 fd 48 89 ea 48 b8 00 00 00 00 00 fc ff [ 265.439711][ T6528] RSP: 0018:ffffc900043c7b20 EFLAGS: 00010082 [ 265.445995][ T6528] RAX: 000000000000006d RBX: ffffc900043c7c50 RCX: 0000000000000000 [ 265.453982][ T6528] RDX: 000000000000006d RSI: ffffffff81e77f29 RDI: fffff52000878f55 [ 265.462031][ T6528] RBP: ffff88805adbc0a8 R08: 0000000000000005 R09: 0000000000000000 [ 265.469991][ T6528] R10: 0000000000000002 R11: 6c65645f7473696c R12: ffff88805adbc0a8 [ 265.477957][ T6528] R13: 0000000000000246 R14: ffffc900043c7c50 R15: ffff888031e80000 [ 265.486044][ T6528] FS: 0000000000000000(0000) GS:ffff888124345000(0000) knlGS:0000000000000000 [ 265.494967][ T6528] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 265.501545][ T6528] CR2: 000000110c3784c2 CR3: 000000005cf94000 CR4: 0000000000350ef0 [ 265.509639][ T6528] Kernel panic - not syncing: Fatal exception [ 265.516477][ T6528] Kernel Offset: disabled [ 265.520842][ T6528] Rebooting in 86400 seconds..