last executing test programs: 5m58.240339179s ago: executing program 4 (id=11): mkdirat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/fscaps', 0x101000, 0x0) fchmod(r1, 0x3) socketpair$unix(0x1, 0x3, 0x0, 0x0) getpgrp(0x0) syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="180100001700000000000000ff000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000002007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008002010b7040000000000008500000001000000"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000780)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='kmem_cache_free\x00', r2}, 0x18) fchownat(0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x1000) syz_usb_connect$uac1(0x1, 0x8a, &(0x7f0000000000)=ANY=[@ANYBLOB="eb010000000000086b1d01014000010203010902780003010000000904000000010300000a240100000002010208240800000000700904"], &(0x7f0000011700)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]}) 5m52.886162489s ago: executing program 4 (id=19): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000040)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r3, &(0x7f0000000480)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) r4 = dup2(r3, r3) sendmmsg$unix(r4, &(0x7f0000008380), 0x400000000000174, 0x4008890) 5m51.212362183s ago: executing program 4 (id=22): prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000840)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000480)='./file1\x00', 0x8004, &(0x7f0000000080)={[{@discard}, {@bh}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}]}, 0x1, 0x7b9, &(0x7f00000007c0)="$eJzs3d9rHNUeAPDvbJLmR3tvcuFy7+1b4EJvoHRzU2Or4EPFBxEsFPTZNmy2oWaTLdlNaULAFhF8EVR8EPSlz/6ob776A3zS/8IHaamaFis+SGR2Z5M02c2vJtloPh+YzDkzsznnO+fMzNmdYTeAQ2sw/ZOLOB4RbycR/dnyJCK6aqnOiHP17R4uLvRERCGJpaWXfkpq2zxYXCjEqtekjmaZ/0TEV29EnMytL7cyNz85VioVZ7L8cHXq6nBlbv7UlamxieJEcfrMyOjo6bNPnj2ze7H+8t38sbvvPP+/T8/99vq/b7/1dRLn4li2bnUcu2UwBrN90pXuwkc8t9uFtVnS7gqwI+mh2VE/yuN49EdHLdVC737WDADYK69FxBIAcMgkrv8AcMg0Pgd4sLhQaEzt/URif917NiJ66vE/zKb6ms7snl1P7T5o34PkkTsjSUQM7EL5gxHx4eevnOjI8mk93EsD9sONmxFxaWBw/fk/WffMwnb9f6OVS9212eCaxYft+gPt9EU6/nmq2fgvtzz+iSbjn+76sfuvxy1/8+M/d+dxy9hIOv57pv5s25rx3/JDawMdWe5vtTFfV3L5SqmYntv+HhFD0dWd5kdqmzYfuQ3d//1+q/Kz8d/H6fTzu69+lJafzle2yN3p7H70NeNj1c5vHjfwzL2b0Zcl18SfLLd/0mL8e2GLZbzw9JsftFqXxp/G25jWx7+3lm5FnGja/ittmWz4fOJwrTsMNzpFE599/35fq/JXt386peWn892PtLl7N6PWAZJkZR/U1yzHP5Csfl6zsv0yvr3V/2WrdZvH37T/jx1JXq6lj2TLro9VqzMjEUeSF9cvP73y2ka+sX0a/9B/mx//9WKb9//0PeGlLcbfeffHT3Ye/95K4x/fuP+vaf+ebPHKks0Stx9OdrQqf2vtP1pLDWVL0vbfLK6t1GtnvRkAAAAAAAAAAAAAAAAAAAAAAAAAti8XEcciyeWX07lcPl//De9/Rl+uVK5UT14uz06PR+23sgeiK9f4qsv+Vd+HOpJ9H34jf3pN/omI+EdEvNfdW8vnC+XSeLuDBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDM0Ra//5/6obvdtQMA9kxPuysAAOw7138AOHy2d/3v3bN6AAD7x/t/ADh8tnz9v7S39QAA9o/3/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOyxC+fPp9PSr4sLhTQ/fm1udrJ87dR4sTKZn5ot5Avlmav5iXJ5olTMF8pTLf/RjfqsVC5fHY3p2evD1WKlOlyZm784VZ6drl68MjU2UbxY7Nq3yAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABg6ypz85NjpVJx5i+RuLES2C7/5962xtV3MHbvqkRnHIhqHOhEdxyIauwwsfos0duGMxMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAn8MfAQAA//94WBdi") r3 = open(&(0x7f0000000080)='./file1\x00', 0x64842, 0x86) pwritev2(r3, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x140000}], 0x1, 0x7800, 0x0, 0x3) 5m47.76478508s ago: executing program 4 (id=25): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) setresuid(0xee01, 0x0, 0x0) sendmmsg$unix(r0, &(0x7f0000007cc0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001780)=[@cred={{0x1c}}], 0x20}}], 0x1, 0x0) syz_mount_image$vfat(&(0x7f0000000040), &(0x7f00000000c0)='./file0\x00', 0x845, &(0x7f00000005c0)={[{@shortname_winnt}, {@shortname_winnt}, {@shortname_lower}, {@shortname_winnt}, {@shortname_winnt}, {@fat=@discard}, {@fat=@check_strict}, {@shortname_mixed}, {@shortname_winnt}, {@rodir}, {@shortname_win95}, {@fat=@sys_immutable}, {@utf8}]}, 0x0, 0x274, &(0x7f0000000780)="$eJzs3MGLG1UYAPDPbNvdbmmzBxEUxIde9BLa9S8I0oK4oKyNqAdh6mY17JgsmbgSEdubV/+O4tGboP4De/HmXbwsguClBzHSJONm10BbaZzV/H4Q5su8+fLeTGbCNwN5R29/+dHebtHYzQZRW0tRi7gT9yI27kdTT0yXtXF8IWbdiZcu/fbjs2++8+5rza2t69sp3WjefHkzpXTluW8/+eyr578fXHrr6yvfrMbhxntHv27+dPjU4dNHf9wsP703SFm61esNslt5O+10ir1GSm/k7axop063aPdPtO/mvf39Ycq6O5fX9/vtokhZd5j22sM06KVBf5iyD7JONzUajXR5PZbNyiNntO5ub2fNhQyGKlyct7Lfb2Yrcxtbd/+NQQEAZ0tV9f+HnSJ1itR9UP1fC/X/4qj/l8H9+n99ev2epP4HAAAAAAAAAAAAAID/gnujUX00GtXLZflajYi1iCjfVz1OFsP3v9xm/ri3FpF/cdA6aE2Wk/bmbnQij3ZcPR/x+/h8mJrEN17dun41jW3Ed/ntaf7tg9ZKrJb5pY35+dcm+elk/vlYn+1/M+rx5Pz8zbn5F+LFF2byG1GPH96PXuSxMz6vj/M/v5bSK69vncq/ON4OAAAA/g8a6S9/u38ftzdSOW3IqfbJyuPnA1F/wPOBU/fX5+KZc9XtNwAAACyTYvjpXpbn7b7g0QKHbuFBLSIq6v2XiDgbB+GxBj9/PLnqH2bjqn+ZAACAx+246K96JAAAAAAAAAAAAAAAAAAAALC8HnbysHL7fzL32Ex3K9XsJQAAAAAAAAAAAAAAAAAAAAAAAJwNfwYAAP//xsMhSw==") r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='mounts\x00') mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000500)='./file0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x1333404, 0x0) mount$bind(&(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x11080, 0x0) mount$bind(&(0x7f0000000240)='.\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x1005848, 0x0) read$FUSE(r1, &(0x7f0000002140)={0x2020}, 0x2100) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0) fcntl$lock(r2, 0x26, &(0x7f0000000380)={0x300, 0x0, 0x103ff}) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18020000fcffffff000000000000210085000000360000009500070000000000b83f3584230b8f5ec8921327291cf4880dd3a91af830f8a476ba1b51d4eb67103b000000000000000000000000000000640f9922d207e93470686f20ad"], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, '\x00', 0x0, @xdp}, 0x70) 5m46.224965829s ago: executing program 4 (id=31): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeeb, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000140)=0x2, 0x4) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) r1 = syz_open_dev$dri(&(0x7f0000000040), 0xd21, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000000)={0x0, &(0x7f00000001c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r1, 0xc06864a1, &(0x7f0000000240)={0x0, 0x0, r2, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r1, 0xc06864ce, &(0x7f0000000380)={r3, 0x0, 0x1ff, 0x0, 0x0, [0x0], [0x9, 0x0, 0x0, 0x8], [0x3, 0x20000000, 0x100, 0xd], [0x1000010000000, 0x0, 0x7fffffffffffffff]}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r1, 0xc00c642d, &(0x7f0000000080)={r4, 0x0, 0xffffffffffffffff}) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x4, 0x13, r5, 0x0) sendto(r0, &(0x7f0000000080)='\"', 0x1, 0x805, 0x0, 0x0) 5m45.222625814s ago: executing program 4 (id=32): r0 = memfd_create(&(0x7f0000000280)='%\x00', 0x4) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x200000f, 0x4002012, r0, 0x0) r1 = io_uring_setup(0x3eae, &(0x7f0000000080)) io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) io_uring_setup(0x2524, 0x0) openat$mice(0xffffffffffffff9c, 0x0, 0x0) landlock_create_ruleset(0x0, 0x0, 0x0) r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) landlock_create_ruleset(&(0x7f0000000100)={0x100}, 0x10, 0x0) ptrace(0x10, r2) bpf$MAP_CREATE(0x2000000000000000, &(0x7f0000000140)=@base={0x6, 0x4, 0x37b0, 0x5c, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x4}, 0x48) migrate_pages(0x0, 0x3, &(0x7f00000002c0)=0x7f, &(0x7f0000000300)=0xa) 5m43.87427556s ago: executing program 32 (id=32): r0 = memfd_create(&(0x7f0000000280)='%\x00', 0x4) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x200000f, 0x4002012, r0, 0x0) r1 = io_uring_setup(0x3eae, &(0x7f0000000080)) io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) io_uring_setup(0x2524, 0x0) openat$mice(0xffffffffffffff9c, 0x0, 0x0) landlock_create_ruleset(0x0, 0x0, 0x0) r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) landlock_create_ruleset(&(0x7f0000000100)={0x100}, 0x10, 0x0) ptrace(0x10, r2) bpf$MAP_CREATE(0x2000000000000000, &(0x7f0000000140)=@base={0x6, 0x4, 0x37b0, 0x5c, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x4}, 0x48) migrate_pages(0x0, 0x3, &(0x7f00000002c0)=0x7f, &(0x7f0000000300)=0xa) 2m8.845929544s ago: executing program 3 (id=472): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$chown(0x4, r4, 0xee01, 0x0) 2m7.584220828s ago: executing program 3 (id=477): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$sock_FIOSETOWN(r0, 0x8901, 0x0) sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0xb, 0x0, 0x0) recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0xc9100120, 0x0, 0xfffffffffffffd25) 13.775850307s ago: executing program 1 (id=689): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) syz_mount_image$exfat(&(0x7f0000000000), &(0x7f0000000380)='./file1\x00', 0x818802, &(0x7f0000000700)=ANY=[], 0x21, 0x1508, &(0x7f0000002080)="$eJzs3AvYTdX2MPAx5pyLl6Sd5D7HHIudXkySJJckuSRJcuRIbglJkiRJ5X5LckvIPck9JLeQ3O+33JMkSZKE5JbM79Hf+XRO53yd8/+f/+P5zjt+z7Oed4691phrrD3286619n72/q7dgEp1KpevxczwP4L/9aczAKQAQG8AuA4AIgAonqV4lkvrM2js/D/bifj3enjK1a5AXE3S/7RN+p+2Sf/TNul/2ib9T9uk/2mb9D9tk/4LkZZtmZrzelnS7iLv/6dlcv7/D3Ko8Kiv1hW+sf2/kCL9T9uk/2mb9D9tk/6nbdL/tE36n7ZJ/9M26b8Qadl//71j+ezgP2G52q8/IYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBpw9lwhQGAv4yvdl1CCCGEEEIIIYT49wnpr3YFQgghhBBCCCGE+N+HoECDgQjSQXpIgQyQEa6BTHAtZIbrIAHXQxa4AbLCjZANskMOyAm5IDfkAQsEDhhiyAv5IAk3QX64GVKhABSEQuChMBSBW6Ao3ArF4DYoDrdDCbgDSkIpKA1l4E4oC3dBObgbysM9UAEqQiWoDPdCFbgPqsL9UA0egOrwINSAh6Am/AlqwcNQG/4MdeARqAuPQj2oDw2gITT6b+W/BC/DK9AROkFn6AJdoRt0hx7QE3pBb3gV+kDK5eemPwyAgTAI3oDB8CYMgaEwDN6C4TACRsIoGA1jYCy8DePgHRgP78IEmAiTYDJMgakwDd6D6TADZsL7MAs+gNkwB+bCPJgPH8ICWAiL4CNYDB/DElgKy2A5rICVsApWwxpYC+tgPWyAjbAJNsMW+AS2wjbYDjtgJ+yC3fAp7IHPYC98Dvvgi38x/8zf5LdHQECFCg0aTIfpMAVTMCNmxEyYCTNjZkxgArNgFsyKWTEbZrs5B+bAXJgL82AeJCQAZMyLeTGJScyP+TEVU7EgFkSPHotgESyKt2IxLIbFsTiWwBJYEkthKSyDZbAslsVyWA7LY3msgBWwElbCe/FevA+rYlWshtWwOlbHGlgDD+WuibWwFtbG2lgH62BdrIv1sB42wAbYCBthY2yMTbAJNsNm2BybYwtsgS2xJbbCVtgaW2MbbINtsS22w3bYHl/EF/ElfAlfwVewE1ZQXbArdsXu2B17Yi/sha9iH3wNX8PXsR/2xwE4EAfiGzgYT+MQHIrDcBiWVSNwJI5CVmNwLI7FcTgOx+N4nIATcSJOxik4FafhNJyOM3AGvo+z8AP8AOfgHJyH83E+LsCFAy+/wnAJLsVluBxX4EpcgatxDa7Gdbge1+FG3IibcTN+gp/gNtyGO3AH7kIDgJ/iZ/gZ9sN9uA/34348gAfwIB7EQ3gID+NhPIJH8CgexWN4DI/jCTyJJ/AUnsLTeAbP4lk8j+fxAj6f65vauwqs7QfqEqOMSqfSqRSVojKqjCqTyqQyq8wqoRIqi8qisqqsKpvKpnKoHCqXyqXyqHOKFClWscqr8qqkSqr8Kr9KVamqoCqovPKqiCqiiqqiqpgqpoqr21UJdYcqqUqppr6MKqPKqma+nLpblVflVQVVUVVSlVVlVUVVUVVVVVVNVVPVVXVVQz2kaqou2BMfVpc6U0f1x7pqANZT9VUD1VC9gY+pxmowNlFNVTP1hBqKQ7CFauxbqqdVKzUSW6tn1Sh8TrVVY7CdekG1Vy+qDipSL6smvqPqpCZgF9VVTcbuqofqqXqp6VhRXepYJfW66qf6qwFqoJqHb6jB6k01RA1Vw9RbargaoUaqUWq0GqPGqrfVOPWOGq/eVRPURDVJTVZT1FQ1Tb2npqsZaqZ6X81SH6jZao6aq+ap+epDtUAtVIvUR2qx+lgtUUvVMrVcrVAr1Sq1Wq1Ra9U6tV5tUBvVJrVZbVGfqK1qm9qudqidapfarT5Ve9Rnaq/6XO1TX6j96kt1QH2lDqqv1SH1jTqsvlVH1HfqqPpeHVM/qOPqhDqpflSn1E/qtDqjzqpz6rz6WV1Qv6iLKijQqJXW2uhIp9PpdYrOoDPqa3Qmfa3OrK/TCX29zqJv0Fn1jTqbzq5z6Jw6l86t82irSTvNOtZ5dT6d1Dfp/PpmnaoL6IK6kPa6sC6ib9FF9a26mL5NF9e36xL6Dl1Sl9KldRl9py6r79Ll9N26vL5HV9AVdSVdWd+rq+j7dFV9v66mH9DV9YO6hn5I19R/0rX0w7q2/rOuox/RdfWjup6urxvohrqRfkw31o/rJrqpbqaf0M31k7qFfkq31E/rVvoZ3Vo/q9vo53Rb/bxup1/Q7fWLuoP+RV/UQXfUnXRn3UV31d10d91D99S9dG/9qu6jX9N99eu6n+6vB+iBepB+Qw/Wb+oheqgept/Sw/UIPVKP0qP1GD1Wv63H6Xf0eP2unqAn6kl6sp6ip+qel2ea+U/kv/N38vv+uvfNeov+RG/V2/R2vUPv1Lv0br1b79F79F69V+/T+/R+vV8f0Af0QX1QH9KH9GF9WB/RR/RRfVQf08f0cX1Cn9M/6lP6J31an9Fn9Dl9Xp/XFy4/B2DQKKONMZFJZ9KbFJPBZDTXmEzmWpPZXGcS5nqTxdxgspobTTaT3eQwOU0uk9vkMdaQcYZNbPKafCZpbsLLJ01T0BQy3hQ2Rcwt/0q+yW9uNqmmwF/l/1F9jUwj09g0Nk1ME9PMNDPNTXPTwrS49VIdrUwr09q0Nm1MG9PWtDXtTDvT3rQ3HUwH87J52XQ0HU1n09l0Nd1Md9PD9DS9TG/zqulj+pi+pq/pZ/qZAWaAGWQGmcFmsBlihphhZpgZboabkWakGW1Gm7FmrBlnxpnxZryZYCaYSWaSmWKmmGlmmpluppuZZqaZZWaZ2Wa2mWvmmvlmvllgFphFZpFZbBabJWapWWqWm+VmpVlpVpvVZq1Za9ab9Waj2WiWpN9itpitZqvZbrabnWan2W12mz1mj9lr9pp9Zp/Zb/abA+aAOWgOmkPmkDlsDpsj5og5ao6aY+aYOW6Om5PmpDllTpnT5rQ5a86a8+a8uWAumIvm4qXLvkhFKjKRidJF6aKUKCXKGGWMMkWZosxR5igRJaIsUZYoa3RjlC3KHuWIcka5otxRnshGFLmIozjKG+WLktFNUf7o5ig1KhAVjApFPiocFYluiYpGt0bFotui4tHtUYnojqhkVCoqHZWJ7ozKRndF5aK7o/LRPVGFqGJUKaoc3RtVie6Lqkb3R9WiB6Lq0YNRjeihqGb0p6hW9HBUO/pzVCd6JKobPRrVi+pHDaKGUaN/6/whnM7+uO9oO9nOtovtarvZ7raH7Wl72d72VdvHvmb72tdtP9vfDrAD7SD7hh1s37RD7FA7zL5lh9sRdqQdZUfbMXasfduOs+/Y8fZdO8FOtJPsZDvFTrXT7Ht2up1hZ9r37Sz7gZ1t59i5dp6dbz+0C+xCu8h+ZBfbj+0Su9Qus8vtCrvSrrKr7Rq71q6z6+0Gu9FuspvtFvuJ3Wq32e12h91pd9nd9lO7x35m99rP7T77hd1vv7QH7Ff2oP3aHrLf2MP2W3vEfmeP2u/tMfuDPW5P2JP2R3vK/mRP2zP2rD1nz9uf7QX7i71ow6WL+0undzJkKB2loxRKoYyUkTJRJspMmSlBCcpCWSgrZaVslI1yUA7KRbkoD+WhS5iY8lJeSlKS8lN+SqVUKkgFyZOnIlSEilJRKkbFqDgVpxJUgkpSSSpNpelOupPuorvobrqb7qF7qCJVpMpUmapQFapKVakaVaPqVJ1qUA2qSTWpFtWi2lSb6lAdqkt1qR7VowbUgBpRI2pMjakJNaFm1IyaU3NqQS2oJbWkVtSKWlNrakNtqC21pXbUjtpTe+pAHehlepk6UkfqTJ2pK3Wl7tSdelJP6k29qQ/1ob7Ul/pRPxpAA2gQDaLBNJiG0FAaRm/RcBpBI2kUjaYxNJbG0jgaR+NpPE2gCTSJJtEUmkLTaBpNp+k0k2bSLJpFs2k2zaW5NJ/m0wJaQItoES2mxbSEltAyWkYraAWtolW0htbQOlpHG2gDbaJNtIW20FbaSttpO+2knbSbdtMe2kN7aS/to320n/bTATpAB+kgHaJDdJgO0xE6QkfpKB2jY3ScjtNJOkmn6BSdptN0ls7SefqZLtAvdJECpbgMLqO7xmVy17rM7jr3t3EOl9PlcrldHmddNpf9r2JyzqW6Aq6gK+S8K+yKuFtc6qUL3t/EJV0pV9qVcXe6su4uV+53cRV3n6vq7nfV3AOusrv3r+Lq7kFXwz3iarpHXS1X39V2DV0d94ir6x519Vx918A1dM3dk66Fe8q1dE+7Vu6Z38UL3EK3xq1169x6t8d95s66c+6I+86ddz+7jq6T6+1edX3ca66ve931c/1/Fw9zb7nhboQb6Ua50W7M7+JJbrKb4qa6ae49N93N+F08333oZrlFbrab4+a6eb/Gl2pa5D5yi93Hbolb6pa55W6FW+lWudX/t9blbqPb5Da73e5Tt9Vtc9vdDrfT7fo1vnQce93nbp/7wh1237oD7it30B11h9w3v8aXju+o+94dcz+44+6EO+l+dKfcT+60O/Pr8V869h/dL+6iCw4YWbFmwxGn4/Scwhk4I1/DmfhazszXcYKv5yx8A2flGzkbZ+ccnJNzcW7Ow5aJHTPHnJfzcZJv4vx8M6dyAS7IhdhzYS7Ct3BRvpWL8W1cnG/nEnwHl+RSXJrL8J1clu/icnw3l+d7uAJX5Epcme/lKnwfV+X7uRo/wNX5Qa7BD3FN/hPX4oe5Nv+Z6/AjXJcf5XpcnxtwQ27Ej3FjfpybcFNuxk9wc36SW/BT3JKf5lb8DLfmZ7kNP8dt+Xluxy9we36RO/BL/DK/wh25E3fmLtyVu3F37sE9uRf35le5D7/Gffl17sf9eQAP5EH8Bg/mN3kID+Vh/BYP5xE8kkfxaB7DY/ltHsfv8Hh+lyfwRJ7Ek3kKT+Vp/B5P5xk8k9/nWfwBz+Y5PJfn8Xz+kBfwQl7EH/Fi/piX8FJexst5Ba/kVbya1/BaXsfreQNv5E28mbfwJ7yVt/F23sE7eRfv5k95D3/Ge/lz3sdf8H7+kg/wV3yQv+ZD/A0f5m/5CH/HR/l7PsY/8HE+wSf5Rz7FP/FpPsNn+Ryf55/5Av/CFzkwxBirWMcmjuJ0cfo4Jc4QZ4yviTPF18aZ4+viRHx9nCW+Ic4a3xhni7PHOeKcca44d5wntjHFLuY4jvPG+eJkfFOcP745To0LxAXjQrGPC8dF4lviovGtcbH4trh4fHtcIr4jLhmXih95oEx8Z1w2visuF98dl4/viSvEFeNKceX43rhKfF9cNb4/rhY/EBeLH4xrxA/FcPn7KrXjP8d14kfiuvGjcb24ftwgbhg3ih+LG8ePx03ipnGz+Im4efxk3CJ+Km4ZPx23ip/5w/Wd4y5x17hb3C0O4X49NzkvOT/5YXJBcmFyUfKj5OLkx8klyaXJZcnlyRXJlclVydXJNcm1yXXJ9ckNyY3JTcnNyRAqpwePXnntjY98Op/ep/gMPqO/xmfy1/rM/jqf8Nf7LP4Gn9Xf6LP57D6Hz+lz+dw+j7eevPPsY5/X5/NJf5PP72/2qb6AL+gLee8L+yK+oW/kG/nG/nHfxDf1zfwT/gn/pH/SP+Wf8k/7Vv4Z39o/69v453xb/7x/3r/g2/sXfQf/kn/Zv+I7+k6+s+/su/quvrvv7nv6nr637+37+D6+r+/r+/l+foAf4Af5QX6wH+yH+CF+mB/mh/vhfqQf6Uf70X6sH+vH+XF+vB/vJ/gJfpKf5Kf4KX6an+an++l+pp/pZ6XO8rP9bD/Xz/Xz/Xy/wC/wi/wiv9gv9kv8Er/ML/Mr/Aq/yq/ya/wav86v8xv8Br/Jb/Jb/Ba/1W/12/12v9Pv9Lv9br/H7/F7/V6/z+/z+/1+f8Af8Af91/6Q/8Yf9t/6I/47f9R/74/5H/xxf8Kf9D/6U/4nf9qf8Wf9OX/e/+wv+F/8RR/82MTbiXGJdxLjE+8mJiQmJiYlJiemJKYmpiXeS0xPzEjMTLyfmJX4IDE7MScxNzEvMT/xYWJBYmFiUeKjxOLEx4kliaWJZYnliRWJlYkQcm+NQ96QLyTDTSF/uDmkhgKhYCgUfCgcioRbQtFwaygWbgvFw+2hRLgjlAylQunwaKgX6ocGoWFoFB4LjcPjoUloGpqFJ0Lz8GRoEZ4KLcPToVV4JrQOz4Y24bnQNjwf2oUXQvu/3HGFV0LH0Cl0Dl1C19AtdA89Qs/QK/QOr4Y+4bXQN7we+oX+YUAYGAaFN8Lg8GYYEoaGYeGtMDyMCCPDqDA6jAljw9thXHgnjA/vhglhYpgUJocpYWqYFt4L08OMMDO8H2aFD8LsMCfMDfPC/PBhWBAWhkXho7A4fByWhKVhWVgeVoSVYVVYHdaEtWFdWB82hI1hU9gctoRPwtawLWwPO8LOsCvsDp+GPeGzsDd8HvaFL8L+8GU4EL4KB8PX4VD4JhwO34Yj4btwNHwfjoUfwvFwIpwMP4ZT4adwOpwJZ8O5cD78HC6EX8JF+c6aEEIIIcQ/pdsfrO/ydx4zAKAuj7sCwLXbch767XoNABuy/de4h8rVPAEAT3dq9/BflgoVOnfufHnbJRqifHMAIPE3O7gcL4Vm8CS0hKZQ9O/W10O9eJ7/YP7k7QAZf5OTAlfiK/N/+Q/mf+yJYQtKxGez/D/mnwOQmu9KTga4Ei+FZl+8AgBNodg/mD974z+oP8NXYwGa/CYnE1yJr9RfBB6HZ6DlX235Nx645h+vE0IIIYQQQgjxH62HKt3mj+6fL92f5zJXctLDlfiP7s+FEEIIIYQQQghx9T33YoenHmvZsmmbf36Q/l/ZWAYykMH/j4Or/Z9JCCGEEEII8e925aL/ymMZrmZBQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCFEGvSbH/3KAAD/Kz8ndrWPUQghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhLja/k8AAAD//3BjMQc=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x141042, 0x83) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) pwritev2(r0, &(0x7f00000001c0)=[{&(0x7f0000000080)="ff", 0xfdef}], 0x1, 0xe7b, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0/file0\x00', 0x1c0) setresuid(0xee01, 0x0, 0xffffffffffffffff) 13.456159465s ago: executing program 5 (id=690): socket(0x10, 0x80002, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYRESDEC, @ANYBLOB, @ANYRESDEC=0x0, @ANYRESDEC=0x0]) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_new={'new ', 'default', 0x20, 'user:', 'syz', 0x20, 0xffd}, 0x2a, 0x0) r2 = add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe) add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000002c0)="ae", 0x1, 0xfffffffffffffffd) keyctl$read(0xb, r2, &(0x7f0000000240)=""/112, 0x349b7f55) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x84) 11.781321137s ago: executing program 2 (id=693): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10) r4 = socket$netlink(0x10, 0x3, 0x0) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000080)=0x9, 0x12) bind$netlink(r4, &(0x7f0000000100)={0x10, 0x0, 0x25dfdbfb, 0x4000000}, 0xc) getsockopt$netlink(r4, 0x10e, 0x9, &(0x7f0000001100)=""/4096, &(0x7f0000000040)=0x1000) 10.588977236s ago: executing program 2 (id=694): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c) bind$inet6(r4, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r4, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) close_range(r3, 0xffffffffffffffff, 0x0) 9.552288764s ago: executing program 2 (id=695): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) semctl$SETALL(0x0, 0x0, 0x11, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000940)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) r2 = accept$alg(r1, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) sendmsg$alg(r2, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=[@assoc={0x18, 0x117, 0x4, 0xd4e5}, @op={0x18, 0x117, 0x3, 0x1}], 0x30}, 0x0) recvmmsg(r2, 0x0, 0x0, 0xcb, &(0x7f0000008000)={0x0, 0x989680}) r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0) connect$rose(r3, 0x0, 0x0) 9.520368683s ago: executing program 0 (id=696): bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x28, 0x33, 0x107, 0x0, 0x0, {0x1, 0x7c}, [@nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\xd8'}]}, @nested={0x8, 0x2, 0x0, 0x1, [@nested={0x4, 0x72}]}]}, 0x28}, 0x1, 0x0, 0x0, 0xc000}, 0xc010) 8.353086879s ago: executing program 0 (id=697): r0 = openat(0xffffffffffffff9c, &(0x7f0000002300)='./file1\x00', 0x141842, 0x100) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_percpu\x00', 0x275a, 0x0) ftruncate(r1, 0x2007ff3) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) sendmsg$NL80211_CMD_DEL_TX_TS(r2, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000001380)={0x0}, 0x1, 0x0, 0x0, 0x4800}, 0x2000c860) copy_file_range(r1, 0x0, r0, 0x0, 0xffffffffa003e459, 0x700000000000000) r3 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x80082, 0x0) ppoll(&(0x7f00000000c0)=[{r3, 0x18}], 0x1, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$team(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000240)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="8c000000", @ANYBLOB="01002abd7000fcdb", @ANYRES32=r4, @ANYBLOB="7000028038000100240001"], 0x8c}, 0x1, 0x0, 0x0, 0x24004000}, 0x24044880) write$vga_arbiter(r3, &(0x7f0000000040)=@other={'lock', ' ', 'io+mem'}, 0xc) write$vga_arbiter(r3, &(0x7f0000000080)=@other={'decodes', ' ', 'none'}, 0xd) 8.117856053s ago: executing program 2 (id=698): prlimit64(0x0, 0xe, &(0x7f0000000380)={0xb, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0x13, 0x0, 0x0) r1 = socket$inet6(0xa, 0x80002, 0x0) getsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000000)=""/40, 0x0) connect$inet6(r1, 0x0, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x4080, &(0x7f0000000140)={0xa, 0x4e22, 0x4d, @empty, 0x3}, 0x1c) sync() sync() bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) setsockopt$MRT6_DEL_MFC(0xffffffffffffffff, 0x29, 0xcd, 0x0, 0x0) 7.727377838s ago: executing program 5 (id=699): mkdir(&(0x7f0000000280)='./file0\x00', 0x1) r0 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) mkdirat(r0, &(0x7f0000000340)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file0\x00', 0x0) mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000280)='./file1/file0\x00', 0x0, 0x201008, 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000000), 0x0, &(0x7f00000004c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1/file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000001180)='./bus\x00') mkdirat(r1, &(0x7f0000000440)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//file0\x00', 0x0) r2 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) renameat2(r2, &(0x7f0000000100)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//file0\x00', r2, &(0x7f00000002c0)='./file0\x00', 0x2) rmdir(&(0x7f0000000000)='./file0\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) 7.391345354s ago: executing program 1 (id=700): syz_usb_connect(0x0, 0x1cb, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000122f0d4071040403dfe4000000010902b901010000003f09"], 0x0) r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000000f478ef8"]) r2 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000200)={[0xc45, 0x9, 0xfffffffffffffffd, 0x10000000, 0x10000, 0x3, 0x4002004c2, 0x1000, 0x9, 0x0, 0x0, 0x0, 0x3, 0x0, 0x8, 0x8d], 0x100000, 0x2011c0}) ioctl$KVM_RUN(r4, 0xae80, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000001c0)={[0x5, 0x6, 0x0, 0x0, 0x10003, 0x0, 0x400200cc4, 0xffe, 0x4, 0x0, 0x0, 0x0, 0x2, 0x0, 0x6a, 0x8d], 0xeeee8000, 0x2011c0}) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 7.291514493s ago: executing program 5 (id=701): syz_mount_image$vfat(&(0x7f0000000100), &(0x7f0000000080)='./file0\x00', 0x321c40a, &(0x7f0000000980)=ANY=[@ANYBLOB="726f6469722c73686f72746e616d653d77696e39352c6e6f6e756d7461696c3d302c757466383d302c696f636861727365743d63703836362c726f6469722c756e695f786c6174653d302c73686f72746e616d653d6d697865642c73686f72746e616d653d6c6f7765722c636f6465706167653d3835322c756e695f786c6174653d312c726f6469722c756e695f786c6174653d302c726f6469722c696f636861727365743d6b6f69382d722c646973636172642c756e695f786c6174653d312c636865636b3d7374726963742c008435ae54b8699bcfa6fed1ecee851cd1dac5d822b62e2daebe709ab379260baa5aec7bdc23c853749194271da239e023d8ad9380ec090591f1f41158a942fe7f8700cbadb39ee0d09fd42d25f25bb38436d410d9d80f15a0a1b8683803f8d3ab0688a699efa6d114681b34f4281658f1506faa2d4ccd3529baebf8b900c1dc27b1"], 0x6, 0x2d5, &(0x7f0000000680)="$eJzs3T+LHGUcB/Df7O3tTrTYLaxEcEALq5BLa7OHJCBeZdhCLfQwCcjtIiRw4B+cTWUl2FhY+AoEwRdi4zsQbAU7IwRGZnYmM5vbXPbk9sTc59PcM8883+f5zdxwO1fccx+9Mj+6ncXdB1/+FmmaRG8Sk3iYxDh60VgUS/nycPJtAAD/Zw+LIv6sP9/PkksiIt1eWQDAFm32+d9vmz9fSFkAwBbdeu/9d/YPDm68m2Vp3Jx/fTwtf7Mvvy7P79+NT2IWd+JajOJRRPWisBvV20LZvFkURd7PSuN4fZ4fT8vk/MNf6vn3/4io8nsxinHV9fhto8q/fXBjL1vq5POyjhfq9Sdl/nqM4qXH4ZX89TX5mA7ijdc69V+NUfz6cXwas7hdFdHmv9rLsreK7/764oOyvDKf5MfTYTWuVex0j65czLcHAAAAAAAAAAAAAAAAAAAAAIDn1NV675xhVPv3lF31/js7j8qD3cga49X9eZb5pJmouz9QURR5ET80++tcy7KsqAe2+X683O9uLAgAAAAAAAAAAAAAAAAAAACX1/3PPj86nM3u3DuXRrMbQD8i/r4V8W/nmXR6Xo3TBw/rNQ9ns17dXB3T7/bETjMmiTi1jPIizum2PKtx5UTNdePHnzaaJ4lY1D3psxfdXb/WeTaap+voMFl/D4fR9KT1Q/L9IKIdM4inLbFY7Rk8rYwizvL4DdaeGm0W/6a+2nKeF6uevDm1OJmK5InCkqQz5s3fl3PVPcmTVzGo7uq6MiJtGm18dUy60fMc6TJ+8mdFYrcOAAAAAAAAAAAAAAAAAADYqvavf9ecfHBqtFcMt1YWAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFyo9v//n6GR1+ENBg/i3v3/+BIBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4BP4JAAD//47KXt4=") socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x10000}, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) ioctl$sock_bt_bnep_BNEPCONNDEL(0xffffffffffffffff, 0x400442c9, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x80a053, 0x0, 0xfc, 0x0, &(0x7f00000000c0)) 6.11246843s ago: executing program 5 (id=702): write(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x900, 0x0) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = gettid() timer_create(0xb, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) recvmmsg(r0, &(0x7f00000039c0)=[{{0x0, 0x0, &(0x7f0000000540)=[{0x0}, {0x0}], 0x2}, 0x7061ab3a}], 0x1, 0x0, 0x0) 6.036243186s ago: executing program 0 (id=703): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='sched_switch\x00', 0xffffffffffffffff, 0x0, 0xfff7fffffffffff5}, 0x18) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000300)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000002c0)='mmap_lock_acquire_returned\x00', r3}, 0x10) prctl$PR_SET_IO_FLUSHER(0x43, 0xfffffffffffffffd) mremap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000fff000/0x1000)=nil) 5.838766763s ago: executing program 3 (id=477): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$sock_FIOSETOWN(r0, 0x8901, 0x0) sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0xb, 0x0, 0x0) recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0xc9100120, 0x0, 0xfffffffffffffd25) 4.450190058s ago: executing program 0 (id=704): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r0 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9", 0x5, 0xfffffffffffffffe) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="4800000010"], 0x48}, 0x1, 0x0, 0x0, 0x4000011}, 0x0) r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0) add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = dup(r3) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r3, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 3.905261221s ago: executing program 3 (id=705): socket$inet6_udplite(0xa, 0x2, 0x88) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000100)=@bpf_lsm={0x7, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x20, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffff0}, 0x94) r0 = socket$packet(0x11, 0x3, 0x300) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r1) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000000c0)=ANY=[@ANYBLOB="98030000", @ANYRES16=r2, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r3, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff080211000001"], 0x398}}, 0x0) r4 = socket(0x9, 0x803, 0x1) ioctl$sock_SIOCETHTOOL(r4, 0x8946, 0x0) connect$rxrpc(r4, &(0x7f00000001c0)=@in4={0x21, 0x1, 0x2, 0x10, {0x2, 0x4e23, @broadcast}}, 0x24) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000440)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x50) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xa, 0x101, 0x7fff, 0xcc}, 0x50) socket$nl_netfilter(0x10, 0x3, 0xc) recvfrom$rxrpc(r4, &(0x7f0000000400)=""/15, 0xf, 0x40010003, &(0x7f0000000580)=@in6={0x21, 0x4, 0x2, 0x1c, {0xa, 0x4e22, 0x3, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x5}}, 0x24) 3.808072006s ago: executing program 5 (id=706): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) syz_mount_image$exfat(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000600)=ANY=[], 0x2, 0x14fe, &(0x7f0000002180)="$eJzs3Au0ztXWMPA511p/NklPkvuaa/55kssiSXJJSCRJkiS5JSRJkoTEJrckJCH3JPeQ3GIn9/st9yQ5kiQJCUnWN3Q6n/e8nfftnO+c7/V9Z8/fGGvsNff/mfNZa889nv9ljL2/7Ti4av1qlesyM/xT8M9fUgEgBQD6AcA1ABABQKlspbIBDoNMGlP/uTcR/1oPTbvSKxBXkvQ/fZP+p2/S//RN+p++Sf/TN+l/+ib9T9+k/0KkZ1un575WRvod/3PP/0Ge//8/R87//0YOFxvz5fpi13f6B1Kk/+mb9D99k/6nb9L/9E36n75J///NRQCV/pvD0v/0TfovRHp2pZ8/y7iy40r//gkhhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGESB/OhcsMAPxlfqXXJYQQQgghhBBCiH+dkPFKr0AIIYQQQgghhBD/9yEo0GAgggyQEVIgE2SGqyALXA1Z4RpIwLWQDa6D7HA95ICckAtyQx7IC/nAAoEDhhjyQwFIwg1QEG6EQlAYikBR8FAMisNNUAJuhpJwC5SCW6E03AZloCyUg/JwO1SAO6AiVILKcCdUgbugKlSDu6E63AM14F6oCfdBLbgfasMDUAcehLrwENSDh6E+PAIN4FFoCI2gMTSBpv9H+S9CV3gJukF3SIUe0BNehl7QG/pAX+gHr0B/eBUGwGswEAbBYHgdhsAbMBTehGEwHEbAWzASRsFoGANjYRyMh7dhArwDE+FdmASTYQpMhWkwHWbAezATZsFseB/mwAcwF+bBfFgAC+FDWASLIQ0+giXwMSyFZbAcVsBKWAWrYQ2shXWwHjbARtgEm2ELbIVPYBtshx2wE3bBbtgDn8Je+Az2weewH774B/PP/qf8TggIqFChQYMZMAOmYApmxsyYBbNgVsyKCUxgNsyG2TE75sAcmAtzYR7Mg/kwHxISMjLmx/yYxCQWxIJYCAthESyCHj0Wx+JYAm/GklgSS2EpLI2lsQyWxbJYHstjBayAFbEiVsbKWAWrYFWsinfj3XgP1sAaWBNrYi2shbWxNtbBOlgX62I9rIf1sT42wAbYEBtiY2yMTbEpNsNm2BybY0tsia2wFbbG1tgG22BbbIvtsB22x/bYATtgR+yInbAzdsYX8UV8CV/C7lhF9cCe2BN7YS/sg32xL76C/fFVfBVfw4E4CAfj6/g6voFD8QwOw+E4AkdgBTUKR+MYZDUOx+N4nIATcCJOxEk4GSfjVJyG03EGzsCZOAtn4fs4Bz/AD3AezsMFuBAX4iJcjGmYhkvwLC7FZbgcV+BKXIUrcQ2uxTW4HjfgetyEm3ALbsFP8BPcjttxJ+7E3bgbP8VP8TP8DAfiftyPB/AAHsSDeAgP4WE8jEfwCB7Fo3gMj+FxPI4n8CSewpN4Gk/jGTyL5/AcnsfzeAGfz/N1vd2F1w0EdYlRRmVQGVSKSlGZVWaVRWVRWVVWlVAJlU1lU9lVdpVD5VC5VC6VR+VR+VQ+RYoUq1jlV/lVUiVVQVVQFVKFVBFVRHnlVXFVXJVQJVRJVVKVUreq0uo2VUaVVS18eVVeVVAtfUVVSVVWlVUVdZeqqqqpaqq6qq5qqBqqpqqpaqlaqrZ6QNVRPbAPPqQudaa+GoQN1GBsqBqpxqqJegMfU83UUGyuWqiW6gk1HIdha9XMt1FPq7ZqNLZTz6ox+JzqoMZhR/WC6qQ6qy7qRdVVNffdMvz2EaimYi/VW/VRfdVMvEtd6lhV9ZoaqAapwep1tQDfUEPVm2qYGq5GqLfUSDVKjVZj1Fg1To1Xb6sJ6h01Ub2rJqnJaoqaqqap6WqGek/NVLPUbPW+mqM+UHPVPDVfLVAL1YdqkVqs0tRHaon6WC1Vy9RytUKtVKvUarVGrVXr1Hq1QW1Um9RmtUVtVZ+obWq72qF2ql1qt9qjPlV71Wdqn/pc7VdfqAPqT+qg+lIdUl+pw+prdUR9o46qb9Ux9Z06rr5XJ9RJdUr9oE6rH9UZdVadUz+p8+pndUH9oi6qoECjVlproyOdQWfUKTqTzqyv0ln01TqrvkYn9LU6m75OZ9fX6xw6p86lc+s8Oq/Op60m7TTrWOfXBXRS36AL6ht1IV1YF9FFtdfFdHF9ky6hb9Yl9S26lL5Vl9a36TK6rC6ny+vbdQV9h66oK+nK+k5dRd+lq+pq+m5dXd+ja+h7dU19n66l79e19QO6jn5Q19UP6Xr6YV1fP6Ib6Ed1Q91IN9ZNdFP9mG6mH9fNdQvdUj+hW+kndWv9lG6jn9Zt9TO6nX5Wt9fP6Q76ed1Rv6A76c66i/5FX9RBd9PddaruoXvql3Uv3Vv30X11P/2K7q9f1QP0a3qgHqQH69f1EP2GHqrf1MP0cD1Cv6VH6lF6tB6jx+pxerx+W0/Q7+iJ+l09SU/WU/RUPU1P131+qzT778h/52/kD/j13bforfoTvU1v1zv0Tr1L79Z79B69V+/V+/Q+vV/v1wf0AX1QH9SH9CF9WB/WR/QRfVQf1cf0MX1cH9cn9En9k/5Bn9Y/6jP6rD6rf9Ln9Xl94befARg0ymhjTGQymIwmxWQymc1VJou52mQ115iEudZkM9eZ7OZ6k8PkNLlMbpPH5DX5jDVknGETm/ymgEmaG0xBc6MpZAqbIqao8aaYKW5u+qfz/2h9TU1T08w0M81Nc9PStDStTCvT2rQ2bUwb09a0Ne1MO9PetDcdTAfT0XQ0nUwn08V0MV1NV9PNdDOpJtX0NC+bXqa36WP6mn7mFdPf9DcDzAAz0Aw0g81gM8QMMUPNUDPMDDMjzAgz0ow0o81oM9aMNePNeDPBTDATzUQzyUwyU8wUM81MMzPMDDPTzDSzzWwzx8wxc81cM9/MNwvNQrPILDJpJs0sMUvMUrPMLDMrzAqzyqwya8was86sMxvMBrPJbDJLzVaz1Wwz28wOs8PsMrvMHrPH7DV7zT6zz+w3+80Bc8AcNAfNIXPIHDaHzRFzxBw1R80xc8wcN8fNCXPCnDKnzGlz2pwxZ8w5c86cN+fNBXPBXDQXL132RSpSkYlMlCHKEKVEKVHmKHOUJcoSZY2yRokoEWWLskXZo+ujHFHOKFeUO8oT5Y1SwUYUuYijOMofFYiS0Q1RwejGqFBUOCoSFY18VCwqHt0UlYhujkpGt0Sloluj0tFtUZmobFQuKh/dHlWI7ogqRpWiytGdUZXorqhqVC26O6oe3RPViO6Nakb3RbWi+6Pa0QNRnejBqG70UFQvejiqHz0SNYgejRpGjaLGUZOo6b+0fghncj7uu9nuNtX2sD3ty7aX7W372L62n33F9rev2gH2NTvQDrKD7et2iH3DDrVv2mF2uB1h37Ij7Sg72o6xY+04O96+bSfYd+xE+66dZCfbKXaqnWan2xn2PTvTzrKz7ft2jv3AzrXz7Hy7wC60H9pFdrFNsx/ZJfZju9Qus8vtCrvSrrKr7Rq71q6z6+0Gu9FuspvtFrvVfmK32e12h91pd9nddo/91O61n9l99nO7335hD9g/2YP2S3vIfmUP26/tEfuNPWq/tcfsd/a4/d6esCftKfuDPW1/tGfsWXvO/mTP25/tBfuLvWjDpYv7S6d3MmQoA2WgFEqhzJSZslAWykpZKUEJykbZKDtlpxyUg3JRLspDeSgf5aNLmJjyU35KUpIKUkEqRIWoCBUhT56KU3EqQSWoJJWkUlSKSlNpKkNlqByVo9vpdrqD7qBKVInupDvpLrqLqlE1qk7VqQbVoJpUk2pRLapNtakO1aG6VJfqUT2qT/WpATWghtSQGlNjakpNqRk1o+bUnFpSS2pFrag1taY21IbaUltqR+2oPbWnDtSBOlJH6kSdqAt1oa7UlbpRN0qlVOpJPakX9aI+1If6UT/qT/1pAA2ggTSQBtNgGkJDaCgNpWE0nEbQWzSSRtFoGkNjaRyNp/E0gSbQRJpIk2gSTaEpNI2m0QyaQTNpJs2m2TSH5tBcmkvzaT4tpIW0iBZRGqXRElpCS2kpLafltJJW0mpaTWtpLa2n9bSRNtJm2kxbaStto220g3bQLtpFe2gP7aW9tI/20X7aTwfoAB2kg3SIDtFhOkxH6AgdpaN0jI7RcTpOJ+gEnaJTdJpO0xk6Q+foHJ2nn+kC/UIXKVCKU5DZXeWyuKtdVneNS3GZ3KU4AoBLcS6X2+VxeV0+Z10Ol/OvYnLOFXKFXRFX1HlXzBV3N/0uLuPKunKuvLvdVXB3uIq/i6u7e1wNd6+r6e5z1dzdfxXXcve72u4RV8c96uq6Rq6ea+Lqu0dcA/eoa+gaucauiWvlnnSt3VOujXvatXXP/C5e5Ba7tW6dW+82uL3uM3fO/eSOum/defez6+a6u37uFdffveoGuNfcQDfod/EI95Yb6Ua50W6MG+vG/S6e4qa6aW66m+HeczPdrN/FC92Hbo5Lc3PdPDffLfg1vrSmNPeRW+I+dkvdMrfcrXAr3Sq32q3532td4Ta5zW6L2+M+ddvcdrfD7XS73O5f40v72Oc+d/vdF+6I+8YddF+6Q+6YO+y+/jW+tL9j7jt33H3vTriT7pT7wZ12P7oz7uyv+7+09x/cL+6iCw4YWbFmwxFn4Iycwpk4M1/FWfhqzsrXcIKv5Wx8HWfn6zkH5+RcnJvzcF7Ox5aJHTPHnJ8LcJJv4IJ8IxfiwlyEi7LnYlycb+ISfDOX5Fu4FN/Kpfk2LsNluRyX59u5At/BFbkSV+Y7uUoIXJWr8d1cne/hGnwv1+T7uBbfz7X5Aa7DD3Jdfojr8cNcnx/hBvwoN+RG3JibcFN+jJvx49ycW3BLfoJb8ZPcmp/iNvw0t+VnuB0/y+35Oe7Az3NHfoE7cWfuwi9yV36Ju3F3TuUe3JNf5l7cm/twX+7Hr3B/fpUH8Gs8kAfxYH6dh/AbPJTf5GE8nEfwWzySR/FoHsNjeRyP57d5Ar/DE/ldnsSTeQpP5Wk8nWfwezyTZ/Fsfp/n8Ac8l+fxfF7AC/lDXsSLOY0/4iX8MS/lZbycV/BKXsWreQ2v5XW8njfwRt7Em3kLb+VPeBtv5x28k3fxbt7Dn/Je/oz38ee8n7/gA/wnPshf8iH+ig/z13yEv+Gj/C0f4+/4OH/PJ/gkn+If+DT/yGf4LJ/jn/g8/8wX+Be+yIEhxljFOjZxFGeIM8YpcaY4c3xVnCW+Os4aXxMn4mvjbPF1cfb4+jhHnDPOFeeO88R543yxjSl2McdxnD8uECfjG+KC8Y1xobhwXCQuGvu4WFw8vikuEd8cl4xviUvFt8al49viMnHZ+JH7yse3xxXiO+KKcaW4cnxnXCW+K64aV4vvjqvH98Q14nvjmvF9ccn4/rh2/EBcJ34wrhs/FNeLH47rx4/EDeJH44Zxo7hx3CRuGj8WN4sfj5vHLeKW8RNxq/jJuHX8VNwmfjpuGz/zh8dT4x5xz/jl+OU4hHv1/OSC5MLkh8lFycXJtORHySXJj5NLk8uSy5MrkiuTq5Krk2uSa5PrkuuTG5Ibk5uSm5NbkiFUywgevfLaGx/5DD6jT/GZfGZ/lc/ir/ZZ/TU+4a/12fx1Pru/3ufwOX0un9vn8Xl9Pm89eefZxz6/L+CT/gZf0N/oC/nCvogv6r0v5ov7Jr6pb+qb+cd9c9/Ct/RP+Cf8k/5J/5R/yj/t2/pnfDv/rG/vn/Md/PP+ef+C7+Q7+y7+Rd/Vv+S7+e4+1af6nr6n7+V7+T6+j+/n+/n+vr8f4Af4gX6gH+wH+yF+iB/qh/phfpgf4Uf4kX6kH+1H+7F+rB/vx/sJfoKf6Cf6SX6Sn+Kn+Gl+mp/hZ/iZfqaf7Wf7OYXm+Ll+rp/v5/uFfqFf5Bf5NJ/ml/glfqlf6pf75X6lX+lX+9V+rV/r1/v1fqPf6Df7zX6r3+q3+W1+h9/hd/ldfo/f4/f6vX6f3+f3+/3+gD/gD/qD/pD/yh/2X/sj/ht/1H/rj/nv/HH/vT/hT/pT/gd/2v/oz/iz/pz/yZ/3P/sL/hd/0Qc/PvF2YkLincTExLuJSYnJiSmJqYlpiemJGYn3EjMTsxKzE+8n5iQ+SMxNzEvMTyxILEx8mFiUWJxIS3yUWJL4OLE0sSyxPLEisTKxKhFC3m1xyB8KhGS4IRQMN4ZCoXAoEooGH4qF4uGmUCLcHEqGW0KpcGsoHW4LZULZUC48GhqGRqFxaBKahsdCs/B4aB5ahJbhidAqPBlah6dCm/B0aBueCe3Cs6F9eC50CM+HjuGF0Cl0Dl3Ci6FreCl0C91DaugReoaXQ6/QO/QJfUO/8EroH14NA8JrYWAYFAaH18OQ8EYYGt4Mw8LwMCK8FUaGUWF0GBPGhnFhfHg7TAjvhInh3TApTA5TwtQwLUwPM8J7YWaYFWaH98Oc8EGYG+aF+WFBWBg+DIvC4pAWPgpLwsdhaVgWlocVYWVYFVaHNWFtWBfWhw1hY9gUNoctYWv4JGwL28OOsDPsCrvDnvBp2Bs+C/vC52F/+CIcCH8KB8OX4VD4KhwOX4cj4ZtwNHwbjoXvwvHwfTgRToZT4YdwOvwYzoSz4Vz4KZwPP4cL4ZdwUf5mTQghhBDi76L/4HiPv/G9DACgfpv3BICrt+c+/J9rbszx53lvladVAgCe7t7xob+MKlVSU1N/e+1SDVGBeQCQ+Ov6f4mXQUt4EtpACyjxN9fXW3U+z39QP3krQOb/kJMCl+PL9W/+L+o/9sSIRaXjc9n+m/rzAAoVuJyTCS7Hl+uX/C/q52z2B+vP9OV4gOb/IScLXI4v1y8Oj8Mz0OavXimEEEIIIYQQQvxZb1Wu/R/dP1+6P89jLudkhMvxH92fCyGEEEIIIYQQ4sp7rnOXpx5r06ZF+79vgr89F/jHsmQiE5n8fza50p9MQgghhBBCiH+1yxf9V3olQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCFE+vU/8e/ErvQehRBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCiCvtfwUAAP//luw5aQ==") r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.bfq.io_serviced_recursive\x00', 0x275a, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f0000000580), 0xa, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/partitions\x00', 0x0, 0x0) openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/compact_memory\x00', 0x1, 0x0) setxattr(0x0, &(0x7f0000000300)=ANY=[], 0x0, 0x0, 0x0) write$binfmt_script(r2, &(0x7f0000000080), 0x10010) 3.732728389s ago: executing program 1 (id=707): syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaa", @ANYBLOB='\\'], 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0) ioctl$USBDEVFS_CONTROL(0xffffffffffffffff, 0xc0185500, &(0x7f0000000180)={0x1, 0x14, 0x4, 0xfffd, 0x6a, 0x40, &(0x7f0000000480)="c9ea87d1c0e550f1a28fbc590fe3489fc3b1fa4828b551545d337b76b362d12de25d965d8ebc69c08ff64b72f94c9fde5b730f488f9a6f961aead38ece4e5a72e772805d1e5192819db1d15a6571e6c30246899c933f27eb61a36c978d828f5b691493d08ade579aa4dd"}) r0 = add_key$keyring(&(0x7f0000000280), &(0x7f00000002c0)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff) r1 = add_key$user(&(0x7f00000001c0), &(0x7f0000000300)={'syz', 0x1}, &(0x7f0000000080)="bc5d", 0x2, r0) r2 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={r1, r2, r1}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0) add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = dup(r4) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r4, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) 2.814581111s ago: executing program 0 (id=708): openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, &(0x7f0000000600)={0x0, 0x0, @pic={0x9, 0xcc, 0x1, 0x4, 0x2, 0x1, 0x1, 0xff, 0x5, 0x1, 0xe, 0x9, 0xa, 0x2, 0xd, 0x5}}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x68040, 0x0) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x0, 0x7, 0xfffffffffffffffe, 0x40, 0x0, 0x7, 0x2000000000044, 0x0, 0x8000000000000, 0x5, 0x0, 0x9, 0x0, 0x0, 0x7, 0x1], 0x6000, 0x3c2a10}) syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000340)={0x0, &(0x7f0000000480)=ANY=[], 0x6e}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000000)={0x0, &(0x7f0000000940)=ANY=[@ANYBLOB="010000000000000000000000000000000f20e035000010000f22e066baa00066b8080066ef66440ff23746a80265410f30"], 0x1d6}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000100)={[{0x6c6, 0x5, 0x40, 0x8, 0xe7, 0x9, 0xa, 0xff, 0x1, 0x0, 0xc, 0xe, 0x1}, {0x3, 0x7, 0x0, 0x4, 0x8, 0x6, 0x9, 0x3f, 0x86, 0x0, 0x7, 0x9, 0xd}, {0xa0, 0x4, 0x14, 0x9c, 0xff, 0x5, 0x6, 0x0, 0xd, 0x80, 0x1c, 0x7, 0xd}], 0x5}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000040)={0x0, 0x12000, 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2.814386158s ago: executing program 2 (id=709): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000040)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x70, 0x4) bind$inet(r3, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000640)=[{0x6, 0x0, 0x0, 0xea}]}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @empty}, 0x10) sendmmsg$inet(r3, &(0x7f0000000040)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000280)="ea6d177f4bca9fdd116cfe98efd4953a9819c23df89e1915ca87034640e03a455bc243e90b1abb18f2907a0741170177e74f7c883ffacb823f2db3515b8e6aa8a863eae7ac1773e9dd0213bd2742121b65b50995549076c9053cda2e6e3ddbb32ccf7e412a918d9678f0c14dceff81869199bbb78b0924f83081c310971a9f7022b66741f1d374e0288348a3669c277bc4da04fe3b113afe9ca8e5d085795d3b78d4cb78f48d37b113e200bcd56a2f892326882a27f6ecf8a3ab9db8f1d61f4131cbb288ce3e8c8aaefd6265105cc62631ef81713a0cf71da0", 0xd9}], 0x1}}], 0x1, 0x0) sendto$inet(r3, &(0x7f0000000700)="09268a60fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88ff4f90b1a7511bf746bec66ba1fe92e8615fc3f7af9c3310b39cc2dc3616dcdfaebc65ca325fd99357ed9d11b266a7c88722db6e38df1089394f438cb9fbc08e62754c233cced4a4d4d05a3e5029a01298d3ee87d8a0803a2d26906f42f5b5aaf47d2752a8b23954f309cae13ef250cf76775ddfd153eef2b1a8458a3cb6dc764f19b41c8c61c7305a51a4bfa0c897c7c1f438a851222a5560c0e77b0b5934296bc6f28af87d651f7348a2ba2ca67f930cc655afe0220cbeb79a2a87bba6be2de3e756e674c405bcc51843b4cc75ff7ec38a34d1a2a61f0a1223e69484b5d922b5590758c33317df18c401ff910f9b3f0eaef8b9d928392097a025b0459", 0xfe6a, 0x40040, 0x0, 0xfffffffffffffe93) 2.6123399s ago: executing program 1 (id=710): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8f}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000240)=0x1) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000180)={0x26, 'rng\x00', 0x0, 0x0, 'stdrng\x00'}, 0x58) r5 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0xb423, 0x0, 0x5, 0x199}, &(0x7f0000000340)=0x0, &(0x7f0000000000)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r6, r7, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x40, 0x3, r4, 0x0, 0x0, 0x0, 0x80800}) io_uring_enter(r5, 0x3516, 0x3e44, 0x8, 0x0, 0x0) close_range(r3, 0xffffffffffffffff, 0x0) 1.506825342s ago: executing program 2 (id=711): bpf$MAP_CREATE(0x0, 0x0, 0x48) getsockname$packet(0xffffffffffffffff, &(0x7f0000000440)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000480)=0x14) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r3, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r4, @ANYBLOB="01000000020000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0) sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000540)=ANY=[@ANYBLOB="6c00000010001fff109e00008000000000000000", @ANYRES32=0x0, @ANYBLOB="00000000003f0000440012800b00010067656e6576650000340002800500030003000000060005004e20000005000400ab000000050009000100000005000a0001000000050009000100000008000a00", @ANYRES32=r4], 0x6c}, 0x1, 0x0, 0x0, 0x1}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000003c0)={'wlan0\x00'}) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), 0xffffffffffffffff) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="540000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000002c0012800e0001006970366772657461700000001800028014000700fc00000000000000000000000000000008000a00", @ANYRES32=r7], 0x54}}, 0x0) 1.38335745s ago: executing program 1 (id=712): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r4 = accept4(r3, 0x0, 0x0, 0x800) sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5b", 0x30}], 0x1}], 0x1, 0x40800) recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1}, 0x0) 1.346916653s ago: executing program 3 (id=713): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000180)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) creat(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) r4 = syz_open_dev$video4linux(&(0x7f0000000080), 0x6d6b, 0x480) ioctl$VIDIOC_QUERYMENU(r4, 0xc008561c, &(0x7f0000000000)={0x980900, 0x5, @value=0x327}) 1.31470531s ago: executing program 5 (id=714): r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000580)='.\x00', 0x0, 0x80) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r1}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x1, 0x5, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_mount_image$hfsplus(&(0x7f0000000040), &(0x7f00000004c0)='./file1\x00', 0x1804810, &(0x7f0000000140)=ANY=[], 0xfb, 0x69d, &(0x7f0000000640)="$eJzs3c1vHGcdB/DvrDd2Ni0hSZM2oEq1GgkQEYkTKy3mQkAI5VBVVTlwthKnseKkxXGRWyHi8HrtoX9AOeSCOCFx4hKpcOBCb70hH5GQuJQD4cKimZ211971Zt0mXpt+PtHs8zrPPPObl32xognwuXXlbJoPUuTK2VdWy/L6/dml9fuztzr5V5tJppKsJWW2kaT4d7vd/jC5nBQbwxTb0j7vL869/vEn63/vlJr1UvVvDFtvm7rf2rbqtW7ddJKJOv0Mtox39TOPV2zM/HKSM3UKY3coSXuLH/3l6Y2WHq1Bax/ekzkCT1bRed/scyw5Ul/o5eeA7jtvY29nN7qpEftt/wQBAAAAB031HbjZV72l5osP8zCrxdE9nBYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcaGubz/8v6qXRzU+n6D7/f7KuS53fX17YXfcHT2oeAAAAAAAAALCHXniYh1nN0W65XVR/83+xKpysXp/K27mThSznXFYzn5WsZDkXkhzrGWhydX5lZapbGrbmxUFrLl98xES7Q7cew04DAAAAAAAAwP+fn+XK5t//AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgPyiSiU6S4l5P9bE0mkkOJ5ksK9aSj7r5g+zBuCcAAAAAe2AqeZjVHO2W20VOJnm2+g3gcN7O7axkMStZykKuVb8LdL71N9bvzy6t35+9VS79437nn7uaRjViOr89DN7y6apHK9ezWNWcy9W8maVcS6Nas3S6nk931G3zulfOqfh27eXRZnatTss9f69O+9zd1c7uZJc/phyrInKoE5GJZKaeWxmN490jM/gI7fLobNlSFnIhjY3Jnty2pcmtO7M15ptDNoZt70idlvvzq51iPhadSPy33bGQiz1n37PDY5589Q+/++FMnd8/uzSaiTptV6+t/nNiticSz40SiRtLt2/euH7n7EGLRJ+ZKhKnNspX8v38IGczndeynMX8OPNZyUKm870qN18f/KLnkt8hUpe3lF571Ewm6zO0c7B2N6cXq3WPZjGv5s1cy0Jeqv5dzIW8nEu5lLmeI3xq+BGurvpG/1VfaX9h4OTPfK3OtJL8uk73hzKux3viunnWz1TxPr6lZjNKJ0aI0oB74zDNL9eZchs/f9SNdE9tj8SFnkg8MzwSv6luK3eWbt9cvjH/1mibO/FenSmvo18m0/vnRlKeLyfKg1WVpracHWXbMxttW+NVtp3caGv0tZ3KH9NsdreymLUdr9TJ+jNc/0gXq7bnBrbNVm2ne9oGfd4CYN878vUjk61/tP7a+qD1i9aN1iuHvzv1zannJ3PoT4e+1ZyZ+Erj+eL3+SA/3fz+DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfHp33nn35vzS0sLytky73b770eCmETPd59V8ytW3Z7pPhRqhc6b/9lTZdUDTRNp3d2h6UpkvPZ3s1bb2b+Y/7Xa7ril26PPbP28P1FTGFLr6OX/tfRG6MWXGdksC9sj5lVtvnb/zzrvfWLw1/8bCGwu35y5dmpuZu/TS7Pnri0sLM53Xcc8SeBI23/THPRMAAAAAAAAAAABgVI/5/wysDWoa9z4CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB9uVs2k+SJELM+dmyvL6/dmlcunmN3s2kzSSFD9Jig+Ty+ksOdYzXLHTdt5fnHv940/W/9XuqMer+jeGrTeatXrJdJKJTnrvcY13tU6HKobtQrGxh2XAznQDB+P2vwAAAP//eL8QGw==") link(&(0x7f00000001c0)='./file1\x00', &(0x7f0000000240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') sync() unlink(&(0x7f0000000300)='./file1\x00') sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000000420029170000"], 0x14}}, 0x40004) r2 = socket(0x10, 0x3, 0x0) fcntl$setsig(0xffffffffffffffff, 0xa, 0x21) ioctl$FITRIM(r0, 0xc0185879, &(0x7f0000000140)={0xe, 0x5, 0xffffffffffffffff}) openat$snapshot(0xffffffffffffff9c, 0x0, 0x4000, 0x0) sendmmsg(r2, &(0x7f0000000000), 0x4000000000001f2, 0x0) getdents64(r0, &(0x7f0000000f80)=""/4096, 0x1000) 1.247760466s ago: executing program 0 (id=715): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000002}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_io_uring_setup(0x49f, 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x2, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) userfaultfd(0x801) r0 = getpid() process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x15) 189.745665ms ago: executing program 1 (id=716): socket$nl_sock_diag(0x10, 0x3, 0x4) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$igmp(0x2, 0x3, 0x2) socket$inet6(0xa, 0x1, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="6c0000001000010400d201000072f60000020000", @ANYRES32=r0, @ANYBLOB="0524060000000000300012800b0001006272696467650000200002800c002e00fffff6ffffffffff050007001f"], 0x6c}}, 0x840) r1 = socket$kcm(0x10, 0x2, 0x0) socket$rds(0x15, 0x5, 0x0) sendmsg$kcm(r1, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000000c0)="2e00000010008188040f46ecdb4cb9cca7480ef410000000e3bd6efb440009000e000a000d000000ba8000001201", 0x2e}], 0x1}, 0x0) 0s ago: executing program 3 (id=717): socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee6, 0x8031, 0xffffffffffffffff, 0x6770c000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) recvmmsg(r3, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}], 0x40000000000012d, 0x2, 0x0) setsockopt$inet_int(r3, 0x0, 0x7, &(0x7f0000000140)=0x30, 0x4) bind$inet(r3, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) syz_emit_ethernet(0x2e, &(0x7f0000002840)={@broadcast, @link_local, @void, {@ipv4={0x800, @udp={{0x6, 0x4, 0x0, 0x3, 0x20, 0x68, 0x0, 0x0, 0x11, 0x0, @empty, @empty, {[@rr={0x7, 0x3, 0xc7}]}}, {0x0, 0x4e20, 0x8}}}}}, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.119' (ED25519) to the list of known hosts. [ 81.628573][ T5819] cgroup: Unknown subsys name 'net' [ 81.743953][ T5819] cgroup: Unknown subsys name 'cpuset' [ 81.753918][ T5819] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 83.377878][ T5819] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 87.566684][ T5838] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 87.576496][ T5840] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 87.585767][ T5840] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 87.593947][ T5840] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 87.602091][ T5840] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 87.613092][ T5849] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 87.631636][ T5152] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 87.636931][ T5842] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 87.639191][ T5152] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 87.651787][ T5849] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 87.655475][ T5152] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 87.661348][ T5849] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 87.674883][ T5855] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 87.680914][ T5152] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 87.689517][ T5152] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 87.698696][ T5855] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 87.707370][ T5152] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 87.725354][ T5855] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 87.733202][ T5152] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 87.742116][ T5840] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 87.753075][ T5855] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 87.762194][ T5850] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 87.781611][ T5850] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 87.789390][ T5850] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 87.795293][ T5856] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 88.352994][ T5836] chnl_net:caif_netlink_parms(): no params data found [ 88.457753][ T5841] chnl_net:caif_netlink_parms(): no params data found [ 88.540873][ T5836] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.548058][ T5836] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.555735][ T5836] bridge_slave_0: entered allmulticast mode [ 88.563366][ T5836] bridge_slave_0: entered promiscuous mode [ 88.575879][ T5836] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.583508][ T5836] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.591395][ T5836] bridge_slave_1: entered allmulticast mode [ 88.598533][ T5836] bridge_slave_1: entered promiscuous mode [ 88.606247][ T5835] chnl_net:caif_netlink_parms(): no params data found [ 88.769631][ T5836] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 88.787457][ T5836] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.874378][ T5834] chnl_net:caif_netlink_parms(): no params data found [ 88.959907][ T5841] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.967620][ T5841] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.975295][ T5841] bridge_slave_0: entered allmulticast mode [ 88.983136][ T5841] bridge_slave_0: entered promiscuous mode [ 88.991578][ T5841] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.998712][ T5841] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.005944][ T5841] bridge_slave_1: entered allmulticast mode [ 89.013490][ T5841] bridge_slave_1: entered promiscuous mode [ 89.022164][ T5836] team0: Port device team_slave_0 added [ 89.047558][ T5843] chnl_net:caif_netlink_parms(): no params data found [ 89.073976][ T5835] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.081302][ T5835] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.088436][ T5835] bridge_slave_0: entered allmulticast mode [ 89.095862][ T5835] bridge_slave_0: entered promiscuous mode [ 89.105371][ T5836] team0: Port device team_slave_1 added [ 89.134983][ T5835] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.142225][ T5835] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.149358][ T5835] bridge_slave_1: entered allmulticast mode [ 89.157287][ T5835] bridge_slave_1: entered promiscuous mode [ 89.179379][ T5841] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.235369][ T5841] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.276440][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 89.283705][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.309792][ T5836] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 89.323517][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 89.330806][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.356970][ T5836] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 89.418217][ T5835] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.437336][ T5841] team0: Port device team_slave_0 added [ 89.463998][ T5835] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.503830][ T5841] team0: Port device team_slave_1 added [ 89.509876][ T5834] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.517400][ T5834] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.524778][ T5834] bridge_slave_0: entered allmulticast mode [ 89.532175][ T5834] bridge_slave_0: entered promiscuous mode [ 89.550675][ T5835] team0: Port device team_slave_0 added [ 89.570059][ T5834] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.577639][ T5834] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.585853][ T5834] bridge_slave_1: entered allmulticast mode [ 89.593799][ T5834] bridge_slave_1: entered promiscuous mode [ 89.641668][ T5835] team0: Port device team_slave_1 added [ 89.733470][ T5836] hsr_slave_0: entered promiscuous mode [ 89.740094][ T5836] hsr_slave_1: entered promiscuous mode [ 89.747647][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 89.751268][ T5838] Bluetooth: hci0: command tx timeout [ 89.754907][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.786306][ T5841] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 89.799413][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 89.806807][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.833118][ T5838] Bluetooth: hci3: command tx timeout [ 89.833127][ T5856] Bluetooth: hci4: command tx timeout [ 89.834289][ T5841] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 89.844488][ T5838] Bluetooth: hci2: command tx timeout [ 89.855194][ T5856] Bluetooth: hci1: command tx timeout [ 89.870067][ T5834] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.879457][ T5843] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.886956][ T5843] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.894307][ T5843] bridge_slave_0: entered allmulticast mode [ 89.903264][ T5843] bridge_slave_0: entered promiscuous mode [ 89.911934][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 89.918904][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.945273][ T5835] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 89.957765][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 89.964933][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.991548][ T5835] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.011743][ T5834] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.021141][ T5843] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.028327][ T5843] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.036203][ T5843] bridge_slave_1: entered allmulticast mode [ 90.043419][ T5843] bridge_slave_1: entered promiscuous mode [ 90.164073][ T5843] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.206798][ T5835] hsr_slave_0: entered promiscuous mode [ 90.215654][ T5835] hsr_slave_1: entered promiscuous mode [ 90.222181][ T5835] debugfs: 'hsr0' already exists in 'hsr' [ 90.227990][ T5835] Cannot create hsr debugfs directory [ 90.249578][ T5834] team0: Port device team_slave_0 added [ 90.258969][ T5834] team0: Port device team_slave_1 added [ 90.266917][ T5843] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.342393][ T5841] hsr_slave_0: entered promiscuous mode [ 90.348860][ T5841] hsr_slave_1: entered promiscuous mode [ 90.357479][ T5841] debugfs: 'hsr0' already exists in 'hsr' [ 90.363307][ T5841] Cannot create hsr debugfs directory [ 90.405532][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.412598][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.438757][ T5834] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.466423][ T5843] team0: Port device team_slave_0 added [ 90.485894][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.493437][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.519668][ T5834] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.532495][ T5843] team0: Port device team_slave_1 added [ 90.645303][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.652336][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.678781][ T5843] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.737677][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.745134][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.771123][ T5843] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.829948][ T5834] hsr_slave_0: entered promiscuous mode [ 90.837486][ T5834] hsr_slave_1: entered promiscuous mode [ 90.843989][ T5834] debugfs: 'hsr0' already exists in 'hsr' [ 90.849734][ T5834] Cannot create hsr debugfs directory [ 90.992150][ T5843] hsr_slave_0: entered promiscuous mode [ 90.998419][ T5843] hsr_slave_1: entered promiscuous mode [ 91.006391][ T5843] debugfs: 'hsr0' already exists in 'hsr' [ 91.012563][ T5843] Cannot create hsr debugfs directory [ 91.184825][ T5836] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 91.223257][ T5836] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 91.244142][ T5836] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 91.274531][ T5836] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 91.392736][ T5835] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 91.404746][ T5835] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 91.415760][ T5835] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 91.429130][ T5835] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 91.542993][ T5841] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 91.554436][ T5841] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 91.566722][ T5841] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 91.577387][ T5841] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 91.687163][ T5834] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 91.706375][ T5836] 8021q: adding VLAN 0 to HW filter on device bond0 [ 91.733780][ T5834] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 91.746282][ T5834] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 91.759237][ T48] cfg80211: failed to load regulatory.db [ 91.781105][ T5834] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 91.813979][ T5836] 8021q: adding VLAN 0 to HW filter on device team0 [ 91.830826][ T5856] Bluetooth: hci0: command tx timeout [ 91.866593][ T5843] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 91.893033][ T5843] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 91.905722][ T1113] bridge0: port 1(bridge_slave_0) entered blocking state [ 91.912960][ T1113] bridge0: port 1(bridge_slave_0) entered forwarding state [ 91.920726][ T5856] Bluetooth: hci1: command tx timeout [ 91.921480][ T5838] Bluetooth: hci4: command tx timeout [ 91.926152][ T51] Bluetooth: hci3: command tx timeout [ 91.936973][ T5840] Bluetooth: hci2: command tx timeout [ 91.948117][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 91.955303][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 91.981016][ T5843] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 92.022186][ T5841] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.037184][ T5835] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.045511][ T5843] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 92.108894][ T5841] 8021q: adding VLAN 0 to HW filter on device team0 [ 92.138018][ T5835] 8021q: adding VLAN 0 to HW filter on device team0 [ 92.166043][ T1113] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.173314][ T1113] bridge0: port 1(bridge_slave_0) entered forwarding state [ 92.184188][ T1113] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.191336][ T1113] bridge0: port 1(bridge_slave_0) entered forwarding state [ 92.242421][ T1113] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.249589][ T1113] bridge0: port 2(bridge_slave_1) entered forwarding state [ 92.278915][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.286101][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 92.546006][ T5834] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.586391][ T5843] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.665020][ T5843] 8021q: adding VLAN 0 to HW filter on device team0 [ 92.686425][ T5836] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 92.724596][ T5834] 8021q: adding VLAN 0 to HW filter on device team0 [ 92.752499][ T1113] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.759721][ T1113] bridge0: port 1(bridge_slave_0) entered forwarding state [ 92.800220][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.807714][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 92.823495][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.830688][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 92.864999][ T1148] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.872162][ T1148] bridge0: port 2(bridge_slave_1) entered forwarding state [ 92.898766][ T5835] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 93.000084][ T5841] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 93.102657][ T5834] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 93.128088][ T5835] veth0_vlan: entered promiscuous mode [ 93.175493][ T5835] veth1_vlan: entered promiscuous mode [ 93.211378][ T5841] veth0_vlan: entered promiscuous mode [ 93.246203][ T5841] veth1_vlan: entered promiscuous mode [ 93.296809][ T5835] veth0_macvtap: entered promiscuous mode [ 93.319279][ T5835] veth1_macvtap: entered promiscuous mode [ 93.426966][ T5841] veth0_macvtap: entered promiscuous mode [ 93.445237][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 93.478698][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 93.514061][ T5841] veth1_macvtap: entered promiscuous mode [ 93.524030][ T5836] veth0_vlan: entered promiscuous mode [ 93.540202][ T1113] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.584040][ T5836] veth1_vlan: entered promiscuous mode [ 93.598323][ T1113] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.615031][ T1113] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.640961][ T1113] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.690155][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 93.707444][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 93.738164][ T5843] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 93.759421][ T1113] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.784497][ T5834] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 93.803308][ T1113] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.815025][ T1113] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.838369][ T1113] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.859104][ T5836] veth0_macvtap: entered promiscuous mode [ 93.902016][ T5836] veth1_macvtap: entered promiscuous mode [ 93.916453][ T51] Bluetooth: hci0: command tx timeout [ 93.931548][ T1113] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.939494][ T1113] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.990877][ T51] Bluetooth: hci3: command tx timeout [ 94.001277][ T5856] Bluetooth: hci1: command tx timeout [ 94.006725][ T5856] Bluetooth: hci2: command tx timeout [ 94.010945][ T5840] Bluetooth: hci4: command tx timeout [ 94.027598][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 94.051118][ T5834] veth0_vlan: entered promiscuous mode [ 94.078720][ T1113] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.093182][ T1113] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.115590][ T5834] veth1_vlan: entered promiscuous mode [ 94.139904][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 94.154882][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.174678][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.195181][ T12] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.207983][ T12] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.227809][ T5835] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 94.257905][ T12] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.287508][ T12] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.297076][ T5843] veth0_vlan: entered promiscuous mode [ 94.323938][ T1113] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.346964][ T1113] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.430911][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 94.439844][ T0] NOHZ tick-stop error: local softirq work is pending, handler #240!!! [ 94.448736][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 94.461257][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 94.505278][ T5843] veth1_vlan: entered promiscuous mode [ 94.796522][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.868291][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.560809][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 95.570502][ T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!! [ 95.579305][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 95.984311][ T5834] veth0_macvtap: entered promiscuous mode [ 96.017314][ T5856] Bluetooth: hci0: command tx timeout [ 96.022246][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.037182][ T5834] veth1_macvtap: entered promiscuous mode [ 96.052762][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.127779][ T5973] xt_TPROXY: Can be used only with -p tcp or -p udp [ 96.157065][ T5856] Bluetooth: hci3: command tx timeout [ 96.164679][ T5856] Bluetooth: hci2: command tx timeout [ 96.173077][ T51] Bluetooth: hci4: command tx timeout [ 96.179992][ T5856] Bluetooth: hci1: command tx timeout [ 96.209765][ T5843] veth0_macvtap: entered promiscuous mode [ 96.812622][ T5843] veth1_macvtap: entered promiscuous mode [ 96.823853][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.949499][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.078335][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.121076][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.204954][ T1113] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.188155][ T1113] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.208101][ T1113] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.279926][ T6012] capability: warning: `syz.3.8' uses deprecated v2 capabilities in a way that may be insecure [ 98.318292][ T1113] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.332583][ T1113] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.403454][ T1113] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.799761][ T1113] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.819742][ T1113] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.849061][ T30] audit: type=1326 audit(1751468012.612:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6025 comm="syz.4.11" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff920b8e929 code=0x7ffc0000 [ 99.892407][ T30] audit: type=1326 audit(1751468012.652:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6025 comm="syz.4.11" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff920b8e929 code=0x7ffc0000 [ 99.915119][ T5976] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.035547][ T5976] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.056900][ T30] audit: type=1326 audit(1751468012.652:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6025 comm="syz.4.11" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff920b8e929 code=0x7ffc0000 [ 100.089487][ T30] audit: type=1326 audit(1751468012.652:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6025 comm="syz.4.11" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff920b8e929 code=0x7ffc0000 [ 100.144943][ T30] audit: type=1326 audit(1751468012.652:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6025 comm="syz.4.11" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff920b8e929 code=0x7ffc0000 [ 100.177206][ T5971] usb 5-1: new low-speed USB device number 2 using dummy_hcd [ 100.196844][ T30] audit: type=1326 audit(1751468012.652:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6025 comm="syz.4.11" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff920b8e929 code=0x7ffc0000 [ 100.235897][ T30] audit: type=1326 audit(1751468012.652:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6025 comm="syz.4.11" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff920b8e929 code=0x7ffc0000 [ 100.258847][ T30] audit: type=1326 audit(1751468012.652:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6025 comm="syz.4.11" exe="/root/syz-executor" sig=0 arch=c000003e syscall=260 compat=0 ip=0x7ff920b8e929 code=0x7ffc0000 [ 100.294188][ T30] audit: type=1326 audit(1751468012.662:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6025 comm="syz.4.11" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff920b8e929 code=0x7ffc0000 [ 100.317843][ T30] audit: type=1326 audit(1751468012.662:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6025 comm="syz.4.11" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff920b8e929 code=0x7ffc0000 [ 100.467052][ T5989] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.480161][ T5989] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.782194][ T5971] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 100.899683][ T5971] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 101.146125][ T5971] usb 5-1: string descriptor 0 read error: -22 [ 101.160752][ T5971] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 101.170088][ T5971] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 101.181991][ T5992] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.232850][ T5992] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.254167][ T1148] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.286387][ T1148] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.325902][ T5971] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 101.515892][ T5971] usb 5-1: USB disconnect, device number 2 [ 104.632160][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 104.640834][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 104.649117][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 105.299561][ T6053] syz.3.16 (6053) used greatest stack depth: 19808 bytes left [ 106.979338][ T6111] loop4: detected capacity change from 0 to 2048 [ 106.991840][ T6111] EXT4-fs: Ignoring removed bh option [ 108.338854][ T6111] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 108.568227][ T6111] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 108.584558][ T6111] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 15 with max blocks 640 with error 28 [ 108.597220][ T6111] EXT4-fs (loop4): This should not happen!! Data will be lost [ 108.597220][ T6111] [ 108.606991][ T6111] EXT4-fs (loop4): Total free blocks count 0 [ 108.613244][ T6111] EXT4-fs (loop4): Free/Dirty block details [ 108.619924][ T6111] EXT4-fs (loop4): free_blocks=2415919104 [ 108.625803][ T6111] EXT4-fs (loop4): dirty_blocks=656 [ 108.631097][ T6111] EXT4-fs (loop4): Block reservation details [ 108.637138][ T6111] EXT4-fs (loop4): i_reserved_data_blocks=41 [ 108.702718][ T30] kauditd_printk_skb: 35 callbacks suppressed [ 108.702765][ T30] audit: type=1800 audit(1751468021.242:47): pid=6111 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.22" name="file1" dev="loop4" ino=15 res=0 errno=0 [ 109.679332][ T6132] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 109.707292][ T6132] xt_CT: You must specify a L4 protocol and not use inversions on it [ 110.317553][ T6117] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 111.082344][ T6145] loop4: detected capacity change from 0 to 128 [ 111.111078][ T6145] ======================================================= [ 111.111078][ T6145] WARNING: The mand mount option has been deprecated and [ 111.111078][ T6145] and is ignored by this kernel. Remove the mand [ 111.111078][ T6145] option from the mount to silence this warning. [ 111.111078][ T6145] ======================================================= [ 111.634673][ T6157] loop0: detected capacity change from 0 to 512 [ 112.338148][ T6157] EXT4-fs error (device loop0): ext4_orphan_get:1393: inode #15: comm syz.0.30: casefold flag without casefold feature [ 112.419717][ T6002] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 112.460082][ T6157] EXT4-fs error (device loop0): ext4_orphan_get:1398: comm syz.0.30: couldn't read orphan inode 15 (err -117) [ 112.534898][ T6157] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 112.872351][ T6170] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 113.526768][ T6002] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 113.726989][ T6002] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 113.873745][ T5834] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 113.905815][ T6176] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 114.127901][ T6002] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 114.242501][ T6186] loop2: detected capacity change from 0 to 256 [ 114.412688][ T6192] loop1: detected capacity change from 0 to 8 [ 115.169336][ T30] audit: type=1800 audit(1751468027.942:48): pid=6191 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.39" name="file1" dev="loop1" ino=5 res=0 errno=0 [ 115.194707][ T6191] SQUASHFS error: Failed to read block 0x2fc: -5 [ 115.201261][ T6191] SQUASHFS error: Unable to read metadata cache entry [2fa] [ 115.208540][ T6191] SQUASHFS error: read_indexes: reading block [2fa:0] [ 115.216031][ T6191] SQUASHFS error: Failed to read block 0xfc: -5 [ 115.223979][ T6191] SQUASHFS error: Unable to read metadata cache entry [2fa] [ 115.231328][ T6191] SQUASHFS error: read_indexes: reading block [2fa:0] [ 115.238373][ T6191] SQUASHFS error: Unable to read metadata cache entry [2fa] [ 115.245873][ T6191] SQUASHFS error: read_indexes: reading block [2fa:0] [ 116.551667][ T6002] bridge_slave_1: left allmulticast mode [ 116.600481][ T6002] bridge_slave_1: left promiscuous mode [ 116.606966][ T6002] bridge0: port 2(bridge_slave_1) entered disabled state [ 116.684355][ T6207] ptrace attach of "./syz-executor exec"[5835] was attempted by " eth0 #uu0*iƇ޿_k.\x22#p/yLa~+>3l{@!2!9k\x0b8I$Q=r\x09/vӧJ#KT_$A=z/XmOX)s޾_N)6m\x0a\x0b뻑z|d\x1byx\x1bLTrw|0\x09\x5c[ ]V:Þ\x07x.TTϿa%QCuTYZy!Ѧ7vs\x07j*I{]*5JtsĪ~0fۮG:Q\x1b㣤}`eL\x0dyg1\x09i/!,u~)\x1b2jNTh\x1bo:\x0bq7SHLBq([aF*q v ANTeL+u^\x07sha 넙LD7DQ2!8,%$֜yKƴ%:0dLWՐl\x1b\x0bh=m.\x0bhQ}8/P+:E\x5cԬטլCRr^gQ(>⺨=\x0c04*@vTځg:hzW6s)x\x [ 117.335381][ T6211] loop3: detected capacity change from 0 to 8 [ 117.342183][ T6002] bridge_slave_0: left allmulticast mode [ 117.426611][ C1] vkms_vblank_simulate: vblank timer overrun [ 117.592516][ T6002] bridge_slave_0: left promiscuous mode [ 117.598448][ T6002] bridge0: port 1(bridge_slave_0) entered disabled state [ 117.617346][ T6211] SQUASHFS error: Unknown LZ4 version [ 117.637552][ T6211] squashfs image failed sanity check [ 117.813580][ T5838] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 117.828177][ T5838] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 117.837332][ T5838] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 117.850888][ T5838] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 118.051648][ T5971] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 118.210414][ T5971] usb 1-1: Using ep0 maxpacket: 8 [ 118.536186][ T5971] usb 1-1: config 0 has an invalid interface number: 99 but max is 0 [ 118.615225][ T5838] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 118.653254][ T5971] usb 1-1: config 0 has no interface number 0 [ 119.388479][ T5971] usb 1-1: New USB device found, idVendor=12d1, idProduct=88d5, bcdDevice=1d.2a [ 119.410427][ T5971] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 119.418550][ T5971] usb 1-1: Product: syz [ 119.426910][ T5971] usb 1-1: Manufacturer: syz [ 119.431796][ T5971] usb 1-1: SerialNumber: syz [ 119.440085][ T5971] usb 1-1: config 0 descriptor?? [ 119.540590][ T6231] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 120.127735][ T5971] option 1-1:0.99: GSM modem (1-port) converter detected [ 120.556251][ T6247] loop3: detected capacity change from 0 to 512 [ 120.598052][ T6247] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 120.650835][ T6247] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 120.710438][ T5838] Bluetooth: hci2: command tx timeout [ 120.727360][ T6247] EXT4-fs (loop3): 1 truncate cleaned up [ 120.777947][ T6247] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 120.829869][ T6247] syz.3.50 (pid 6247) is setting deprecated v1 encryption policy; recommend upgrading to v2. [ 120.830949][ T6002] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 120.887246][ T6002] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 120.914203][ T6002] bond0 (unregistering): Released all slaves [ 120.948614][ T6263] netlink: 12 bytes leftover after parsing attributes in process `syz.3.50'. [ 121.269133][ T5841] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 121.381669][ T6274] loop2: detected capacity change from 0 to 512 [ 121.474805][ T6274] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e842c11c, mo2=0002] [ 121.520902][ T6274] System zones: 0-2, 18-18, 34-34 [ 121.623572][ T6274] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.53: bg 0: block 248: padding at end of block bitmap is not set [ 121.678705][ T6274] Quota error (device loop2): write_blk: dquota write failed [ 121.737648][ T6274] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 121.799793][ T6274] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.53: Failed to acquire dquot type 1 [ 121.879341][ T6274] EXT4-fs (loop2): 1 truncate cleaned up [ 121.902243][ T6274] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 121.947513][ T6274] ext4 filesystem being mounted at /13/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 122.041011][ T6274] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 122.125300][ T6002] hsr_slave_0: left promiscuous mode [ 122.158859][ T6002] hsr_slave_1: left promiscuous mode [ 122.198214][ T6002] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 122.243403][ T6002] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 122.293678][ T6002] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 122.319554][ T6002] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 122.397022][ T6002] veth1_macvtap: left promiscuous mode [ 122.418262][ T6002] veth0_macvtap: left promiscuous mode [ 122.424132][ T6002] veth1_vlan: left promiscuous mode [ 122.429603][ T6002] veth0_vlan: left promiscuous mode [ 122.495680][ T5999] usb 1-1: USB disconnect, device number 2 [ 122.514900][ T5999] option 1-1:0.99: device disconnected [ 123.212245][ T5838] Bluetooth: hci2: command tx timeout [ 124.284565][ T6305] loop3: detected capacity change from 0 to 40427 [ 124.310489][ T6305] F2FS-fs (loop3): invalid crc value [ 124.407755][ T6305] F2FS-fs (loop3): Start checkpoint disabled! [ 124.420025][ T6305] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 124.941550][ T6325] loop0: detected capacity change from 0 to 256 [ 125.024368][ T6325] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 125.107611][ T6325] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 125.681077][ T5838] Bluetooth: hci2: command tx timeout [ 125.779663][ T6320] F2FS-fs (loop3): ino:10, start:0, end:8192, need to trigger GC to reclaim enough free segment when checkpoint is enabled [ 125.878229][ T6325] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000ff98, chksum : 0xc64c1d22, utbl_chksum : 0xe619d30d) [ 126.165698][ T5985] kworker/u8:13: attempt to access beyond end of device [ 126.165698][ T5985] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 126.240184][ T5985] CPU: 1 UID: 0 PID: 5985 Comm: kworker/u8:13 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) [ 126.240213][ T5985] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 126.240226][ T5985] Workqueue: writeback wb_workfn (flush-7:3) [ 126.240288][ T5985] Call Trace: [ 126.240297][ T5985] [ 126.240306][ T5985] dump_stack_lvl+0x189/0x250 [ 126.240342][ T5985] ? __pfx_dump_stack_lvl+0x10/0x10 [ 126.240380][ T5985] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 126.240408][ T5985] ? __pfx_queue_work_on+0x10/0x10 [ 126.240435][ T5985] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 126.240462][ T5985] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 126.240500][ T5985] ? f2fs_hw_is_readonly+0x39b/0x470 [ 126.240528][ T5985] f2fs_handle_critical_error+0x37c/0x540 [ 126.240558][ T5985] f2fs_write_end_io+0x495/0x810 [ 126.240580][ T5985] ? blkg_put+0x22/0x240 [ 126.240619][ T5985] __submit_merged_bio+0x27a/0x6a0 [ 126.240649][ T5985] __submit_merged_write_cond+0x255/0x530 [ 126.240679][ T5985] f2fs_write_data_pages+0x261d/0x3000 [ 126.240741][ T5985] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 126.240855][ T5985] ? f2fs_write_meta_pages+0x357/0x450 [ 126.240889][ T5985] ? __lock_acquire+0xab9/0xd20 [ 126.240916][ T5985] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 126.240942][ T5985] do_writepages+0x32e/0x550 [ 126.240973][ T5985] ? reacquire_held_locks+0x127/0x1d0 [ 126.240996][ T5985] ? writeback_sb_inodes+0x384/0x1010 [ 126.241031][ T5985] __writeback_single_inode+0x145/0xff0 [ 126.241056][ T5985] ? do_raw_spin_unlock+0x122/0x240 [ 126.241079][ T5985] writeback_sb_inodes+0x6c7/0x1010 [ 126.241134][ T5985] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 126.241213][ T5985] ? rcu_is_watching+0x15/0xb0 [ 126.241249][ T5985] wb_writeback+0x43b/0xaf0 [ 126.241283][ T5985] ? queue_io+0x3d1/0x590 [ 126.241311][ T5985] ? __pfx_wb_writeback+0x10/0x10 [ 126.241345][ T5985] ? _raw_spin_unlock_irq+0x23/0x50 [ 126.241375][ T5985] wb_workfn+0x409/0xef0 [ 126.241414][ T5985] ? __pfx_wb_workfn+0x10/0x10 [ 126.241440][ T5985] ? __lock_acquire+0xab9/0xd20 [ 126.241474][ T5985] ? process_scheduled_works+0x9ef/0x17b0 [ 126.241507][ T5985] ? process_scheduled_works+0x9ef/0x17b0 [ 126.241528][ T5985] ? process_scheduled_works+0x9ef/0x17b0 [ 126.241553][ T5985] process_scheduled_works+0xae1/0x17b0 [ 126.241611][ T5985] ? __pfx_process_scheduled_works+0x10/0x10 [ 126.241654][ T5985] worker_thread+0x8a0/0xda0 [ 126.241709][ T5985] kthread+0x70e/0x8a0 [ 126.241730][ T5985] ? __pfx_worker_thread+0x10/0x10 [ 126.241753][ T5985] ? __pfx_kthread+0x10/0x10 [ 126.241772][ T5985] ? _raw_spin_unlock_irq+0x23/0x50 [ 126.241796][ T5985] ? lockdep_hardirqs_on+0x9c/0x150 [ 126.241821][ T5985] ? __pfx_kthread+0x10/0x10 [ 126.241839][ T5985] ret_from_fork+0x3fc/0x770 [ 126.241865][ T5985] ? __pfx_ret_from_fork+0x10/0x10 [ 126.241896][ T5985] ? __switch_to_asm+0x39/0x70 [ 126.241911][ T5985] ? __switch_to_asm+0x33/0x70 [ 126.241926][ T5985] ? __pfx_kthread+0x10/0x10 [ 126.241945][ T5985] ret_from_fork_asm+0x1a/0x30 [ 126.241981][ T5985] [ 126.625633][ T6327] syz.2.62 (6327): drop_caches: 2 [ 126.678327][ T5985] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 127.952791][ T5838] Bluetooth: hci2: command tx timeout [ 129.600704][ T6002] team0 (unregistering): Port device team_slave_1 removed [ 129.650924][ T6002] team0 (unregistering): Port device team_slave_0 removed [ 130.390687][ T5971] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 130.768145][ T5971] usb 2-1: Using ep0 maxpacket: 32 [ 130.778405][ T5971] usb 2-1: config 0 has an invalid interface number: 67 but max is 0 [ 130.788432][ T5971] usb 2-1: config 0 has no interface number 0 [ 130.808885][ T5971] usb 2-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 130.825527][ T5971] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 130.843629][ T5971] usb 2-1: Product: syz [ 130.848087][ T5971] usb 2-1: Manufacturer: syz [ 130.853240][ T5971] usb 2-1: SerialNumber: syz [ 130.864951][ T5971] usb 2-1: config 0 descriptor?? [ 131.452976][ T5971] smsc95xx v2.0.0 [ 131.456666][ T5971] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 131.473719][ T5971] smsc95xx 2-1:0.67: probe with driver smsc95xx failed with error -22 [ 131.587792][ T6215] chnl_net:caif_netlink_parms(): no params data found [ 132.664478][ T6034] usb 2-1: USB disconnect, device number 2 [ 132.716863][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.723562][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.918573][ T5999] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 133.228060][ T5999] usb 3-1: Using ep0 maxpacket: 16 [ 133.389379][ T5999] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 133.439706][ T5999] usb 3-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00 [ 133.481037][ T5999] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 133.866579][ T5999] usb 3-1: config 0 descriptor?? [ 134.278321][ T6215] bridge0: port 1(bridge_slave_0) entered blocking state [ 134.446800][ T6388] loop1: detected capacity change from 0 to 1024 [ 134.582960][ T6388] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 134.636816][ T6388] ext4 filesystem being mounted at /15/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 134.640444][ T6215] bridge0: port 1(bridge_slave_0) entered disabled state [ 134.664640][ T6215] bridge_slave_0: entered allmulticast mode [ 134.673531][ T6215] bridge_slave_0: entered promiscuous mode [ 134.804657][ T6215] bridge0: port 2(bridge_slave_1) entered blocking state [ 134.816815][ T6215] bridge0: port 2(bridge_slave_1) entered disabled state [ 134.827826][ T6215] bridge_slave_1: entered allmulticast mode [ 134.925438][ T6388] EXT4-fs error (device loop1): ext4_map_blocks:816: inode #15: block 3: comm syz.1.77: lblock 3 mapped to illegal pblock 3 (length 13) [ 134.944433][ T6215] bridge_slave_1: entered promiscuous mode [ 134.992985][ T6388] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 13 with error 117 [ 135.041118][ T10] usb 3-1: USB disconnect, device number 2 [ 135.078065][ T6388] EXT4-fs (loop1): This should not happen!! Data will be lost [ 135.078065][ T6388] [ 135.117278][ T6399] EXT4-fs error (device loop1): ext4_map_blocks:780: inode #15: block 3: comm syz.1.77: lblock 3 mapped to illegal pblock 3 (length 1) [ 135.259184][ T6399] EXT4-fs error (device loop1): ext4_map_blocks:780: inode #15: block 3: comm syz.1.77: lblock 3 mapped to illegal pblock 3 (length 1) [ 135.277775][ T6399] EXT4-fs error (device loop1): ext4_map_blocks:780: inode #15: block 3: comm syz.1.77: lblock 3 mapped to illegal pblock 3 (length 1) [ 135.303758][ T6387] EXT4-fs error (device loop1): ext4_map_blocks:780: inode #15: block 3: comm syz.1.77: lblock 3 mapped to illegal pblock 3 (length 1) [ 135.319962][ T6399] EXT4-fs error (device loop1): ext4_map_blocks:780: inode #15: block 3: comm syz.1.77: lblock 3 mapped to illegal pblock 3 (length 1) [ 135.486383][ T6387] EXT4-fs error (device loop1): ext4_map_blocks:780: inode #15: block 3: comm syz.1.77: lblock 3 mapped to illegal pblock 3 (length 1) [ 135.870726][ T6408] orangefs_mount: mount request failed with -4 [ 135.937397][ T6399] EXT4-fs error (device loop1): ext4_map_blocks:780: inode #15: block 3: comm syz.1.77: lblock 3 mapped to illegal pblock 3 (length 1) [ 136.021156][ T6399] EXT4-fs error (device loop1): ext4_map_blocks:780: inode #15: block 3: comm syz.1.77: lblock 3 mapped to illegal pblock 3 (length 1) [ 136.044881][ T6399] EXT4-fs error (device loop1): ext4_map_blocks:780: inode #15: block 3: comm syz.1.77: lblock 3 mapped to illegal pblock 3 (length 1) [ 136.326439][ T6397] loop3: detected capacity change from 0 to 8192 [ 137.409969][ T6215] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 137.470068][ T6215] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 138.648367][ T6117] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 16 with max blocks 16 with error 28 [ 138.664504][ T6215] team0: Port device team_slave_0 added [ 138.712975][ T6117] EXT4-fs (loop1): This should not happen!! Data will be lost [ 138.712975][ T6117] [ 138.729641][ T6215] team0: Port device team_slave_1 added [ 138.771622][ T6117] EXT4-fs (loop1): Total free blocks count 0 [ 138.797698][ T6117] EXT4-fs (loop1): Free/Dirty block details [ 138.820364][ T6117] EXT4-fs (loop1): free_blocks=4293918720 [ 138.826134][ T6117] EXT4-fs (loop1): dirty_blocks=32 [ 138.863889][ T6117] EXT4-fs (loop1): Block reservation details [ 138.937155][ T6215] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 138.983099][ T6215] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 139.793197][ T6215] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 139.893181][ T6440] bridge0: port 1(bridge_slave_0) entered disabled state [ 139.918156][ T6215] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 140.091678][ T6215] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 140.119449][ T6215] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 140.833432][ T6447] netlink: 'syz.0.89': attribute type 3 has an invalid length. [ 140.851931][ T6447] netlink: 8 bytes leftover after parsing attributes in process `syz.0.89'. [ 141.022637][ T6215] hsr_slave_0: entered promiscuous mode [ 141.439558][ T6451] loop1: detected capacity change from 0 to 32768 [ 141.447735][ T6451] XFS: ikeep mount option is deprecated. [ 141.562437][ T6451] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 142.178230][ T6215] hsr_slave_1: entered promiscuous mode [ 142.422004][ T6451] XFS (loop1): Ending clean mount [ 142.852478][ T6451] XFS (loop1): Quotacheck needed: Please wait. [ 142.981533][ T6451] XFS (loop1): Quotacheck: Done. [ 144.298113][ T5843] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 145.675693][ T6484] loop2: detected capacity change from 0 to 128 [ 145.718620][ T6484] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 145.771937][ T6484] ext4 filesystem being mounted at /25/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 146.006354][ T6215] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 146.067250][ T6215] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 146.126677][ T5835] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 146.126738][ T6215] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 146.232304][ T6215] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 147.096138][ T6215] 8021q: adding VLAN 0 to HW filter on device bond0 [ 147.188324][ T6215] 8021q: adding VLAN 0 to HW filter on device team0 [ 147.254662][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 147.261857][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 147.346447][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 147.353684][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 147.574559][ T6523] loop2: detected capacity change from 0 to 512 [ 147.625530][ T6491] loop3: detected capacity change from 0 to 40427 [ 147.646627][ T6523] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 147.672754][ T6215] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 147.713644][ T6527] Cannot find set identified by id 0 to match [ 147.756758][ T6523] ext4 filesystem being mounted at /27/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 147.905567][ T6491] F2FS-fs (loop3): Small segment_count (9 < 1 * 24) [ 148.220940][ T6491] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 148.472340][ T6523] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 148.554368][ T6523] Quota error (device loop2): write_blk: dquota write failed [ 148.591943][ T6523] Quota error (device loop2): qtree_write_dquot: Error -28 occurred while creating quota [ 148.652389][ T6523] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.104: Failed to acquire dquot type 1 [ 148.702946][ T6536] Quota error (device loop2): write_blk: dquota write failed [ 148.747900][ T6536] Quota error (device loop2): qtree_write_dquot: Error -28 occurred while creating quota [ 149.018066][ T6491] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 149.741188][ T6491] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 149.770885][ T6536] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.104: Failed to acquire dquot type 0 [ 150.143663][ T5835] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 150.702094][ T6215] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 153.845105][ T6595] macsec0: entered promiscuous mode [ 153.851591][ T6595] macsec0: entered allmulticast mode [ 153.856949][ T6595] veth1_macvtap: entered allmulticast mode [ 155.630169][ T6215] veth0_vlan: entered promiscuous mode [ 155.776718][ T6215] veth1_vlan: entered promiscuous mode [ 156.717170][ T6215] veth0_macvtap: entered promiscuous mode [ 157.332263][ T6607] kvm: pic: non byte read [ 157.337431][ T6607] kvm: pic: non byte read [ 157.342015][ T6607] kvm: pic: non byte read [ 157.346512][ T6607] kvm: pic: non byte read [ 157.352541][ T6607] kvm: pic: non byte read [ 157.357488][ T6607] kvm: pic: non byte read [ 157.362861][ T6607] kvm: pic: non byte read [ 157.399132][ T6215] veth1_macvtap: entered promiscuous mode [ 157.608084][ T6215] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 157.678728][ T6215] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 157.744913][ T6002] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 157.785780][ T6113] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 157.862585][ T6113] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 157.898197][ T6113] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 159.112811][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 159.196945][ T6642] xt_CT: You must specify a L4 protocol and not use inversions on it [ 159.861056][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 161.030098][ T5981] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 161.064374][ T5981] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 167.763925][ T6705] xt_CT: You must specify a L4 protocol and not use inversions on it [ 168.836206][ T6707] macsec0: left allmulticast mode [ 168.842140][ T6707] veth1_macvtap: left allmulticast mode [ 168.951902][ T30] audit: type=1326 audit(1751468081.722:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6709 comm="syz.3.137" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f058b98e929 code=0x7ffc0000 [ 169.105580][ T30] audit: type=1326 audit(1751468081.722:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6709 comm="syz.3.137" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f058b98e929 code=0x7ffc0000 [ 169.554513][ T6043] IPVS: starting estimator thread 0... [ 169.570801][ T30] audit: type=1326 audit(1751468081.732:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6709 comm="syz.3.137" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f058b98e929 code=0x7ffc0000 [ 169.598620][ T30] audit: type=1326 audit(1751468081.732:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6709 comm="syz.3.137" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f058b98e929 code=0x7ffc0000 [ 169.623402][ T30] audit: type=1326 audit(1751468081.732:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6709 comm="syz.3.137" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f058b98e929 code=0x7ffc0000 [ 169.703425][ T6716] IPVS: using max 28 ests per chain, 67200 per kthread [ 169.706136][ T30] audit: type=1326 audit(1751468081.742:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6709 comm="syz.3.137" exe="/root/syz-executor" sig=0 arch=c000003e syscall=206 compat=0 ip=0x7f058b98e929 code=0x7ffc0000 [ 169.805728][ T30] audit: type=1326 audit(1751468081.752:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6709 comm="syz.3.137" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f058b98e929 code=0x7ffc0000 [ 170.915231][ T30] audit: type=1326 audit(1751468081.752:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6709 comm="syz.3.137" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f058b98e929 code=0x7ffc0000 [ 170.949623][ T30] audit: type=1326 audit(1751468081.772:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6709 comm="syz.3.137" exe="/root/syz-executor" sig=0 arch=c000003e syscall=290 compat=0 ip=0x7f058b98e929 code=0x7ffc0000 [ 170.972158][ T30] audit: type=1326 audit(1751468081.772:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6709 comm="syz.3.137" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f058b98e929 code=0x7ffc0000 [ 171.085348][ T6730] loop3: detected capacity change from 0 to 512 [ 171.779152][ T6730] EXT4-fs error (device loop3): ext4_orphan_get:1393: inode #15: comm syz.3.143: iget: bad extended attribute block 1 [ 171.811284][ T6730] EXT4-fs error (device loop3): ext4_orphan_get:1398: comm syz.3.143: couldn't read orphan inode 15 (err -117) [ 172.143137][ T6730] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 173.956170][ T6748] EXT4-fs warning (device loop3): ext4_resize_begin:82: There are errors in the filesystem, so online resizing is not allowed [ 174.246069][ T6740] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 7952 vs 220 free clusters [ 174.645728][ T6747] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(7) [ 174.652474][ T6747] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 174.661302][ T6747] vhci_hcd vhci_hcd.0: Device attached [ 175.041329][ T5971] vhci_hcd: vhci_device speed not set [ 175.458900][ T6769] xt_TCPMSS: Only works on TCP SYN packets [ 176.429957][ T5841] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 176.640357][ T5971] usb 37-1: new full-speed USB device number 2 using vhci_hcd [ 176.823284][ T6762] vhci_hcd: connection closed [ 176.843597][ T6117] vhci_hcd: stop threads [ 177.636382][ T6117] vhci_hcd: release socket [ 177.671659][ T6117] vhci_hcd: disconnect device [ 177.763699][ T6781] trusted_key: syz.3.151 sent an empty control message without MSG_MORE. [ 179.643145][ T6792] loop3: detected capacity change from 0 to 64 [ 180.877235][ T6802] syz.0.155 (6802) used greatest stack depth: 16496 bytes left [ 182.540887][ T5971] vhci_hcd: vhci_device speed not set [ 184.268225][ T30] kauditd_printk_skb: 18 callbacks suppressed [ 184.268245][ T30] audit: type=1326 audit(1751468097.042:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6815 comm="syz.3.159" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f058b98e929 code=0x7fc00000 [ 184.511955][ T30] audit: type=1326 audit(1751468097.292:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6815 comm="syz.3.159" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f058b98e929 code=0x7fc00000 [ 184.787477][ T6835] loop1: detected capacity change from 0 to 16 [ 184.838451][ T6835] erofs: Unknown parameter '' [ 184.859851][ T6842] loop5: detected capacity change from 0 to 128 [ 184.879641][ T6842] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=256, location=256 [ 185.023842][ T6842] nftables ruleset with unbound chain [ 185.151415][ T6842] UDF-fs: error (device loop5): udf_bitmap_new_block: bitmap for partition 0 corrupted (block 264 marked as free, partition length is 40) [ 185.201423][ T6848] syz.5.165(6848): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored. [ 186.433442][ T6866] Zero length message leads to an empty skb [ 186.657443][ T6866] netlink: 12 bytes leftover after parsing attributes in process `syz.2.169'. [ 186.790372][ T5856] Bluetooth: hci2: command 0x0405 tx timeout [ 187.871498][ T6873] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 187.971444][ T6883] loop5: detected capacity change from 0 to 512 [ 188.120074][ T6883] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 188.215484][ T6883] ext4 filesystem being mounted at /3/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 188.590805][ T6898] mmap: syz.1.176 (6898) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 191.581251][ T6215] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 191.781999][ T6950] loop0: detected capacity change from 0 to 16 [ 191.832468][ T6950] erofs (device loop0): mounted with root inode @ nid 36. [ 192.078874][ T6950] erofs (device loop0): bogus lookback distance 1388 @ lcn 42 of nid 36 [ 192.255161][ T6950] erofs (device loop0): failed to decompress -23 in[64, 4032] out[1851] [ 192.300378][ T6950] erofs (device loop0): read error -117 @ 43 of nid 36 [ 192.726421][ T6960] erofs (device loop0): bogus lookback distance 1388 @ lcn 42 of nid 36 [ 192.753974][ T6959] loop5: detected capacity change from 0 to 1024 [ 192.809298][ T6959] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 192.830347][ T6960] erofs (device loop0): failed to decompress -23 in[64, 4032] out[1851] [ 193.000460][ T6960] erofs (device loop0): read error -117 @ 43 of nid 36 [ 193.001011][ T6959] ext4 filesystem being mounted at /4/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 193.010332][ T6961] erofs (device loop0): bogus lookback distance 1388 @ lcn 42 of nid 36 [ 193.166897][ T6961] erofs (device loop0): failed to decompress -23 in[64, 4032] out[1851] [ 193.179089][ T6959] EXT4-fs error (device loop5): ext4_map_blocks:816: inode #15: block 3: comm syz.5.182: lblock 3 mapped to illegal pblock 3 (length 13) [ 193.202817][ T6959] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 13 with error 117 [ 193.233157][ T6974] loop2: detected capacity change from 0 to 512 [ 193.235356][ T6959] EXT4-fs (loop5): This should not happen!! Data will be lost [ 193.235356][ T6959] [ 193.306303][ T6975] EXT4-fs error (device loop5): ext4_map_blocks:780: inode #15: block 3: comm syz.5.182: lblock 3 mapped to illegal pblock 3 (length 1) [ 193.335175][ T6961] erofs (device loop0): read error -117 @ 43 of nid 36 [ 193.392922][ T6975] EXT4-fs error (device loop5): ext4_map_blocks:780: inode #15: block 3: comm syz.5.182: lblock 3 mapped to illegal pblock 3 (length 1) [ 193.422903][ T6975] EXT4-fs error (device loop5): ext4_map_blocks:780: inode #15: block 3: comm syz.5.182: lblock 3 mapped to illegal pblock 3 (length 1) [ 193.489969][ T6974] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 193.532506][ T6952] EXT4-fs error (device loop5): ext4_map_blocks:780: inode #15: block 3: comm syz.5.182: lblock 3 mapped to illegal pblock 3 (length 1) [ 193.596613][ T6974] ext4 filesystem being mounted at /40/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 193.648741][ T6975] EXT4-fs error (device loop5): ext4_map_blocks:780: inode #15: block 3: comm syz.5.182: lblock 3 mapped to illegal pblock 3 (length 1) [ 193.797161][ T6952] EXT4-fs error (device loop5): ext4_map_blocks:780: inode #15: block 3: comm syz.5.182: lblock 3 mapped to illegal pblock 3 (length 1) [ 194.201001][ T6975] EXT4-fs error (device loop5): ext4_map_blocks:780: inode #15: block 3: comm syz.5.182: lblock 3 mapped to illegal pblock 3 (length 1) [ 194.229106][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.235426][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.301710][ T6952] EXT4-fs error (device loop5): ext4_map_blocks:780: inode #15: block 3: comm syz.5.182: lblock 3 mapped to illegal pblock 3 (length 1) [ 194.440789][ T6952] EXT4-fs error (device loop5): ext4_map_blocks:780: inode #15: block 3: comm syz.5.182: lblock 3 mapped to illegal pblock 3 (length 1) [ 194.481322][ T6992] process 'syz.0.187' launched './file0' with NULL argv: empty string added [ 194.505917][ T5835] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 195.110540][ T7001] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7) [ 195.117107][ T7001] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 195.149807][ T7006] loop2: detected capacity change from 0 to 128 [ 195.158265][ T7001] vhci_hcd vhci_hcd.0: Device attached [ 195.225249][ T7006] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 195.308381][ T7006] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 195.534920][ T3079] vhci_hcd: vhci_device speed not set [ 196.469091][ T3079] usb 39-1: new full-speed USB device number 2 using vhci_hcd [ 197.650102][ T5976] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 197.749032][ T5983] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 16 with max blocks 16 with error 28 [ 197.871068][ T5983] EXT4-fs (loop5): This should not happen!! Data will be lost [ 197.871068][ T5983] [ 197.884662][ T5983] EXT4-fs (loop5): Total free blocks count 0 [ 197.891722][ T5983] EXT4-fs (loop5): Free/Dirty block details [ 197.897728][ T5983] EXT4-fs (loop5): free_blocks=4293918720 [ 197.908005][ T5983] EXT4-fs (loop5): dirty_blocks=32 [ 198.037887][ T5983] EXT4-fs (loop5): Block reservation details [ 198.044077][ T5983] EXT4-fs (loop5): i_reserved_data_blocks=2 [ 198.077342][ T6215] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 199.930360][ T5856] Bluetooth: hci2: command 0x0405 tx timeout [ 200.590423][ T7039] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 200.617301][ T7039] CIFS: Unable to determine destination address [ 201.229552][ T7042] loop1: detected capacity change from 0 to 512 [ 201.276597][ T7042] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 202.235862][ T7042] EXT4-fs (loop1): 1 truncate cleaned up [ 202.261363][ T7042] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 203.315580][ T7002] vhci_hcd: connection reset by peer [ 203.321516][ T7042] netlink: 12 bytes leftover after parsing attributes in process `syz.1.199'. [ 203.412434][ T6002] vhci_hcd: stop threads [ 203.416955][ T6002] vhci_hcd: release socket [ 203.434009][ T30] audit: type=1326 audit(1751468116.212:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7060 comm="syz.2.202" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f027ef8e929 code=0x0 [ 204.007479][ T6002] vhci_hcd: disconnect device [ 204.071053][ T3079] vhci_hcd: vhci_device speed not set [ 205.992109][ T5843] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 207.009268][ T24] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 207.186339][ T24] usb 3-1: Using ep0 maxpacket: 16 [ 207.207701][ T24] usb 3-1: config 2 has an invalid interface number: 78 but max is 0 [ 207.259295][ T24] usb 3-1: config 2 has no interface number 0 [ 207.342771][ T7109] netlink: 4 bytes leftover after parsing attributes in process `syz.5.211'. [ 207.342924][ T24] usb 3-1: config 2 interface 78 has no altsetting 0 [ 207.497556][ T24] usb 3-1: New USB device found, idVendor=19d2, idProduct=ff70, bcdDevice=82.1b [ 207.522985][ T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 207.578049][ T24] usb 3-1: Product: syz [ 207.666154][ T24] usb 3-1: Manufacturer: syz [ 207.672595][ T24] usb 3-1: SerialNumber: syz [ 209.195792][ T7120] openvswitch: netlink: IP tunnel dst address not specified [ 211.491647][ T24] option 3-1:2.78: GSM modem (1-port) converter detected [ 211.797633][ T5842] Bluetooth: hci0: command 0x0406 tx timeout [ 211.797850][ T24] usb 3-1: USB disconnect, device number 3 [ 211.803808][ T5842] Bluetooth: hci4: command 0x0406 tx timeout [ 211.809608][ T5855] Bluetooth: hci1: command 0x0406 tx timeout [ 211.821665][ T5850] Bluetooth: hci3: command 0x0406 tx timeout [ 211.833032][ T24] option 3-1:2.78: device disconnected [ 212.854764][ T7148] loop2: detected capacity change from 0 to 1764 [ 212.882471][ T7149] netlink: 156 bytes leftover after parsing attributes in process `syz.1.219'. [ 212.910994][ T7148] iso9660: Unknown parameter 'dw)mode' [ 212.942784][ T7149] netlink: 4 bytes leftover after parsing attributes in process `syz.1.219'. [ 213.700302][ T24] usb 2-1: new full-speed USB device number 3 using dummy_hcd [ 213.927353][ T24] usb 2-1: not running at top speed; connect to a high speed hub [ 214.106819][ T24] usb 2-1: config 3 has an invalid interface number: 174 but max is 0 [ 214.177267][ T24] usb 2-1: config 3 has no interface number 0 [ 214.228146][ T24] usb 2-1: config 3 interface 174 altsetting 5 endpoint 0xD has invalid maxpacket 1024, setting to 64 [ 214.335577][ T24] usb 2-1: config 3 interface 174 altsetting 5 has a duplicate endpoint with address 0xD, skipping [ 214.426389][ T24] usb 2-1: config 3 interface 174 altsetting 5 endpoint 0x86 has invalid maxpacket 23256, setting to 64 [ 214.585298][ T24] usb 2-1: config 3 interface 174 altsetting 5 has 4 endpoint descriptors, different from the interface descriptor's value: 3 [ 214.598892][ T24] usb 2-1: config 3 interface 174 has no altsetting 0 [ 214.608798][ T24] usb 2-1: New USB device found, idVendor=12d1, idProduct=9a6e, bcdDevice=e2.d9 [ 214.628635][ T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 215.416285][ T24] usb 2-1: Product: syz [ 215.436971][ T24] usb 2-1: Manufacturer: 組㘔冩꧐雋㠋ᣠ㨡⃚꫉皉陶䩛읟랊띚詗ؾ岇찋豬쵬⯏⓳맕㟂늫䔎믥䊷™漸⊟確饩꽩溍밮匶嘼舕韾끽䈚鏳罥Ơ⇜후拇픖播Ⴚ㲧ퟏ₇쨯燼䏿瘘ᴗ쳲ﭢ섃ꏄ딙ꮝ찿唼㵋腬㥤⋤暓꺆廳ᙖ틵徘᱑榄昸뢃놼怿拵緄﯌⮉碽䟢蚿⌳玫뷓䭃嚿芏뻪払㼀嫔態꒠在敠筙瀙幃䦡쩌应躿 [ 215.645401][ T24] usb 2-1: SerialNumber: syz [ 216.658050][ T24] usb 2-1: can't set config #3, error -71 [ 217.130474][ T24] usb 2-1: USB disconnect, device number 3 [ 218.817848][ T7205] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 219.565481][ T7209] loop1: detected capacity change from 0 to 128 [ 219.594330][ T7209] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 220.218575][ T7209] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 220.515257][ T7217] netlink: 104 bytes leftover after parsing attributes in process `syz.0.236'. [ 224.501093][ T7271] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 228.451996][ T7314] random: crng reseeded on system resumption [ 228.812000][ T7314] x_tables: duplicate underflow at hook 1 [ 228.818511][ T7317] loop2: detected capacity change from 0 to 1024 [ 230.956316][ T7337] netlink: 8 bytes leftover after parsing attributes in process `syz.2.259'. [ 234.140393][ T6034] usb 2-1: new full-speed USB device number 4 using dummy_hcd [ 234.704422][ T7378] unsupported nlmsg_type 40 [ 235.009752][ T6034] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 235.323873][ T6034] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 235.373981][ T6034] usb 2-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 235.561576][ T6034] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 236.357032][ T6034] usb 2-1: config 0 descriptor?? [ 237.161772][ T6034] usb 2-1: can't set config #0, error -71 [ 237.215271][ T6034] usb 2-1: USB disconnect, device number 4 [ 238.951043][ T7422] loop1: detected capacity change from 0 to 1024 [ 240.391833][ T7414] loop5: detected capacity change from 0 to 1024 [ 240.408548][ T7426] netlink: 'syz.2.279': attribute type 1 has an invalid length. [ 240.469036][ T7414] EXT4-fs error (device loop5): ext4_orphan_get:1419: comm syz.5.277: bad orphan inode 32767 [ 240.544012][ T7414] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 240.649444][ T1148] hfsplus: b-tree write err: -5, ino 4 [ 240.814528][ T6215] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 240.826469][ T7432] bond1: (slave gretap1): making interface the new active one [ 240.873748][ T7432] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 241.098058][ T7454] netlink: 28 bytes leftover after parsing attributes in process `syz.3.283'. [ 241.531832][ T7441] vlan2: entered allmulticast mode [ 241.536994][ T7441] bond1: entered allmulticast mode [ 241.597792][ T7441] gretap1: entered allmulticast mode [ 241.604900][ T7441] bond1: (slave vlan2): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened) [ 241.671795][ T7458] loop5: detected capacity change from 0 to 256 [ 241.742539][ T7460] tipc: Failed to remove unknown binding: 66,3,3/0:251942819/251942820 [ 241.770970][ T7458] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d) [ 245.916913][ T6034] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 246.209821][ T6034] usb 1-1: Using ep0 maxpacket: 16 [ 246.395624][ T6034] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 246.396048][ T6034] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 246.396898][ T6034] usb 1-1: config 0 interface 0 has no altsetting 0 [ 246.396938][ T6034] usb 1-1: New USB device found, idVendor=060b, idProduct=500a, bcdDevice= 0.00 [ 246.396962][ T6034] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 246.489083][ T7512] sctp: [Deprecated]: syz.2.295 (pid 7512) Use of struct sctp_assoc_value in delayed_ack socket option. [ 246.489083][ T7512] Use struct sctp_sack_info instead [ 246.638903][ T6034] usb 1-1: config 0 descriptor?? [ 247.584441][ T7498] netlink: 44 bytes leftover after parsing attributes in process `syz.0.294'. [ 247.620535][ T7498] netlink: 4 bytes leftover after parsing attributes in process `syz.0.294'. [ 247.964792][ T7521] kAFS: unable to lookup cell '' [ 248.434690][ T6034] usbhid 1-1:0.0: can't add hid device: -71 [ 248.456365][ T6034] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 248.499967][ T6034] usb 1-1: USB disconnect, device number 3 [ 251.680802][ T7564] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 251.704447][ T7560] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 252.241634][ T7560] kvm: pic: non byte read [ 252.246592][ T7560] kvm: pic: level sensitive irq not supported [ 252.246689][ T7560] kvm: pic: non byte read [ 252.274417][ T7560] kvm: pic: level sensitive irq not supported [ 252.274506][ T7560] kvm: pic: non byte read [ 252.311996][ T7576] netlink: 'syz.3.308': attribute type 10 has an invalid length. [ 252.327829][ T7576] 8021q: adding VLAN 0 to HW filter on device team0 [ 252.340371][ T7576] bond0: (slave team0): Enslaving as an active interface with an up link [ 252.387229][ T7576] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 252.402484][ T7576] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 254.711634][ T7598] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 255.594296][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.600811][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 257.819101][ T7640] loop3: detected capacity change from 0 to 4096 [ 257.907891][ T7640] EXT4-fs error (device loop3): ext4_quota_enable:7124: inode #4: comm syz.3.321: iget: special inode unallocated [ 258.018243][ T7640] EXT4-fs error (device loop3): ext4_quota_enable:7127: comm syz.3.321: Bad quota inode: 4, type: 1 [ 258.254025][ T7640] EXT4-fs warning (device loop3): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 258.494960][ T7640] EXT4-fs (loop3): mount failed [ 258.711455][ T7652] netlink: 8 bytes leftover after parsing attributes in process `syz.2.325'. [ 261.389966][ T7691] loop1: detected capacity change from 0 to 512 [ 261.404088][ T7691] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 262.127906][ T7691] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #11: comm syz.1.333: invalid indirect mapped block 4294967295 (level 1) [ 262.180305][ T7691] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #11: comm syz.1.333: invalid indirect mapped block 4294967295 (level 1) [ 262.279023][ T7691] EXT4-fs (loop1): 2 truncates cleaned up [ 262.328695][ T7691] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 262.349957][ T7706] loop3: detected capacity change from 0 to 16 [ 262.470878][ T7701] loop2: detected capacity change from 0 to 32768 [ 262.611750][ T7706] erofs (device loop3): mounted with root inode @ nid 36. [ 262.710439][ T7697] EXT4-fs error (device loop1): ext4_validate_block_bitmap:432: comm ext4lazyinit: bg 0: block 5: invalid block bitmap [ 262.731797][ T7701] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 263.317055][ T7691] workqueue: Failed to create a rescuer kthread for wq "wg-crypt-wireguard%d": -EINTR [ 264.670843][ T5843] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 264.751125][ T5835] ocfs2: Unmounting device (7,2) on (node local) [ 264.863824][ T7728] netlink: 4 bytes leftover after parsing attributes in process `syz.5.344'. [ 264.879510][ T7728] netlink: 12 bytes leftover after parsing attributes in process `syz.5.344'. [ 264.929438][ T7730] loop2: detected capacity change from 0 to 256 [ 264.955289][ T7730] FAT-fs (loop2): Invalid FSINFO signature: 0x00fffff8, 0x00000000 (sector = 1) [ 265.027959][ T7730] syz_tun: entered allmulticast mode [ 265.134297][ T7730] mroute: pending queue full, dropping entries [ 265.193899][ T7729] syz_tun: left allmulticast mode [ 265.368959][ T12] FAT-fs (loop2): Invalid FSINFO signature: 0x00fffff8, 0x00000000 (sector = 1) [ 267.937328][ T5838] Bluetooth: hci2: command 0x0405 tx timeout [ 270.046727][ T7773] netlink: 'syz.5.356': attribute type 4 has an invalid length. [ 270.124436][ T7775] netlink: 'syz.0.357': attribute type 4 has an invalid length. [ 272.697744][ T7787] loop0: detected capacity change from 0 to 8192 [ 272.939767][ T7787] tipc: Started in network mode [ 272.961686][ T7787] tipc: Node identity 6, cluster identity 4711 [ 272.969644][ T7787] tipc: Node number set to 6 [ 273.364957][ T7800] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 274.477694][ T7803] kvm: pic: non byte write [ 279.882028][ T7846] loop2: detected capacity change from 0 to 512 [ 279.889305][ T7846] EXT4-fs: Ignoring removed bh option [ 280.464982][ T7846] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 280.667431][ T7846] EXT4-fs (loop2): 1 truncate cleaned up [ 280.682486][ T7846] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 282.075661][ T5835] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 295.104836][ T7946] loop2: detected capacity change from 0 to 32768 [ 295.112008][ T7946] XFS: ikeep mount option is deprecated. [ 295.155877][ T7963] netlink: 36 bytes leftover after parsing attributes in process `syz.1.398'. [ 295.183785][ T7956] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 296.031049][ T7946] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 296.117885][ T7946] XFS (loop2): Ending clean mount [ 296.131245][ T7946] XFS (loop2): Quotacheck needed: Please wait. [ 296.180207][ T7946] XFS (loop2): Quotacheck: Done. [ 297.257150][ T5835] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 297.448615][ T7988] xt_bpf: check failed: parse error [ 297.480424][ T6043] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 297.755918][ T6043] usb 1-1: config 220 has an invalid interface number: 76 but max is 2 [ 297.871628][ T6043] usb 1-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 297.907741][ T6043] usb 1-1: config 220 has no interface number 2 [ 297.914371][ T7990] syz.5.408 uses obsolete (PF_INET,SOCK_PACKET) [ 297.958057][ T6043] usb 1-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 297.996986][ T6043] usb 1-1: config 220 interface 0 has no altsetting 0 [ 298.010227][ T6043] usb 1-1: config 220 interface 76 has no altsetting 0 [ 298.017129][ T6043] usb 1-1: config 220 interface 1 has no altsetting 0 [ 298.089319][ T6043] usb 1-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 298.102813][ T6043] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 298.129026][ T6043] usb 1-1: Product: syz [ 298.144062][ T6043] usb 1-1: Manufacturer: syz [ 298.164346][ T6043] usb 1-1: SerialNumber: syz [ 298.398357][ T7992] loop5: detected capacity change from 0 to 1024 [ 298.447532][ T6043] usb 1-1: selecting invalid altsetting 0 [ 298.541137][ T6043] usb 1-1: Found UVC 7.01 device syz (8086:0b07) [ 298.663056][ T6043] usb 1-1: No valid video chain found. [ 298.987998][ T7992] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 299.034100][ T6043] usb 1-1: selecting invalid altsetting 0 [ 299.150277][ T6043] usbtest 1-1:220.1: probe with driver usbtest failed with error -22 [ 299.185769][ T6043] usb 1-1: USB disconnect, device number 4 [ 301.920272][ T5971] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 302.082449][ T5971] usb 3-1: config 0 has no interfaces? [ 302.087986][ T5971] usb 3-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af [ 302.243153][ T6215] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 302.576395][ T5971] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 302.695306][ T5971] usb 3-1: config 0 descriptor?? [ 304.358110][ T6034] usb 3-1: USB disconnect, device number 4 [ 304.529887][ T8037] loop3: detected capacity change from 0 to 256 [ 304.545460][ T30] audit: type=1326 audit(1751468217.322:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8033 comm="syz.1.418" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fda23d8e929 code=0x0 [ 304.793702][ T8037] msdos: Unknown parameter 'uilH\o2E|E!7bR' [ 304.838441][ T8037] loop3: detected capacity change from 0 to 64 [ 306.383926][ T8037] hfs: unable to load codepage "none" [ 307.603907][ T8054] loop2: detected capacity change from 0 to 32768 [ 307.786442][ T8054] JBD2: Ignoring recovery information on journal [ 307.794736][ T8054] JBD2: Journal too short (blocks 2-2). [ 307.800425][ T8054] JBD2: journal reset failed [ 307.805014][ T8054] (syz.2.422,8054,0):ocfs2_journal_load:1167 ERROR: Failed to load journal! [ 307.813722][ T8054] (syz.2.422,8054,0):ocfs2_check_volume:2374 ERROR: ocfs2 journal load failed! -22 [ 307.823026][ T8054] (syz.2.422,8054,0):ocfs2_check_volume:2430 ERROR: status = -22 [ 307.830801][ T8054] (syz.2.422,8054,0):ocfs2_mount_volume:1764 ERROR: status = -22 [ 307.864578][ T8054] (syz.2.422,8054,0):ocfs2_fill_super:1177 ERROR: status = -22 [ 308.053326][ T8055] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 308.242923][ T8055] overlayfs: failed to set xattr on upper [ 308.251956][ T8055] overlayfs: ...falling back to redirect_dir=nofollow. [ 308.258909][ T8055] overlayfs: ...falling back to index=off. [ 308.265148][ T8055] overlayfs: ...falling back to uuid=null. [ 308.500913][ T5856] Bluetooth: hci1: unexpected event for opcode 0x0016 [ 308.912527][ T8061] loop1: detected capacity change from 0 to 1024 [ 308.935110][ T8063] loop2: detected capacity change from 0 to 512 [ 308.956207][ T8061] EXT4-fs: Ignoring removed orlov option [ 309.009166][ T8063] EXT4-fs (loop2): Test dummy encryption mode enabled [ 309.027739][ T8063] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 309.130046][ T8063] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a00cc018, mo2=0002] [ 309.175022][ T8061] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 309.490870][ T8063] System zones: 1-12 [ 309.501133][ T8063] EXT4-fs (loop2): 1 truncate cleaned up [ 310.470931][ T8063] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 310.818959][ T8080] loop0: detected capacity change from 0 to 1024 [ 310.830148][ T8084] netlink: 28 bytes leftover after parsing attributes in process `syz.3.432'. [ 310.849277][ T8084] netlink: 8 bytes leftover after parsing attributes in process `syz.3.432'. [ 310.912871][ T5835] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 310.933502][ T8084] netlink: 'syz.3.432': attribute type 10 has an invalid length. [ 311.055414][ T8084] bond0: (slave team0): Releasing backup interface [ 311.148000][ T8084] bridge0: port 3(team0) entered blocking state [ 311.232213][ T8084] bridge0: port 3(team0) entered disabled state [ 311.233883][ T8084] team0: entered allmulticast mode [ 311.236810][ T8084] team_slave_0: entered allmulticast mode [ 311.240153][ T8084] team_slave_1: entered allmulticast mode [ 311.818203][ T8084] team0: entered promiscuous mode [ 311.882297][ T5843] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 311.909061][ T8084] team_slave_0: entered promiscuous mode [ 311.949524][ T8084] team_slave_1: entered promiscuous mode [ 312.008877][ T8093] netlink: 4 bytes leftover after parsing attributes in process `syz.2.433'. [ 312.076169][ T8094] futex_wake_op: syz.2.433 tries to shift op by -1; fix this program [ 312.201172][ T8092] fuse: root generation should be zero [ 312.414812][ T8098] netlink: 24 bytes leftover after parsing attributes in process `syz.1.434'. [ 313.568172][ T8108] netlink: 24 bytes leftover after parsing attributes in process `syz.1.434'. [ 313.799516][ T8115] xt_CONNSECMARK: invalid mode: 0 [ 316.788373][ T8140] syzkaller0: entered promiscuous mode [ 316.894635][ T8140] syzkaller0: entered allmulticast mode [ 317.048894][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.056315][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 318.153470][ T8154] 9pnet: Found fid 0 not clunked [ 319.558354][ T8164] loop0: detected capacity change from 0 to 1024 [ 319.627291][ T30] audit: type=1800 audit(1751468232.402:81): pid=8164 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.451" name="file1" dev="loop0" ino=20 res=0 errno=0 [ 319.655438][ T8165] netlink: 12 bytes leftover after parsing attributes in process `syz.3.450'. [ 320.642929][ T8178] loop2: detected capacity change from 0 to 16 [ 320.717766][ T8178] erofs (device loop2): mounted with root inode @ nid 36. [ 321.318301][ T8184] loop2: detected capacity change from 0 to 128 [ 321.328456][ T8184] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 321.366662][ T8184] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 322.335636][ T12] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 327.692057][ T8228] netlink: 4 bytes leftover after parsing attributes in process `syz.1.467'. [ 327.914683][ T8228] bridge0: entered promiscuous mode [ 327.948464][ T8228] macvtap1: entered promiscuous mode [ 328.032069][ T8228] macvtap1: entered allmulticast mode [ 328.062064][ T8228] bridge0: entered allmulticast mode [ 328.579074][ T8239] cgroup: fork rejected by pids controller in /syz3 [ 328.600021][ T8229] bridge0: left allmulticast mode [ 328.615810][ T8229] bridge0: left promiscuous mode [ 328.794487][ T8235] ip6erspan0: entered promiscuous mode [ 330.141811][ T8259] loop1: detected capacity change from 0 to 40427 [ 330.157201][ T8259] F2FS-fs (loop1): invalid crc value [ 330.187026][ T13] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 330.234210][ T8259] F2FS-fs (loop1): Start checkpoint disabled! [ 330.244350][ T8259] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 330.792995][ T13] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 331.839508][ T13] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 331.854012][ T5981] kworker/u8:11: attempt to access beyond end of device [ 331.854012][ T5981] loop1: rw=1, sector=45096, nr_sectors = 8 limit=40427 [ 331.880591][ T5981] kworker/u8:11: attempt to access beyond end of device [ 331.880591][ T5981] loop1: rw=2049, sector=45104, nr_sectors = 8 limit=40427 [ 331.943033][ T5981] CPU: 1 UID: 0 PID: 5981 Comm: kworker/u8:11 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) [ 331.943060][ T5981] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 331.943071][ T5981] Workqueue: writeback wb_workfn (flush-7:1) [ 331.943115][ T5981] Call Trace: [ 331.943122][ T5981] [ 331.943130][ T5981] dump_stack_lvl+0x189/0x250 [ 331.943164][ T5981] ? __pfx_dump_stack_lvl+0x10/0x10 [ 331.943187][ T5981] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 331.943213][ T5981] ? __pfx_queue_work_on+0x10/0x10 [ 331.943239][ T5981] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 331.943263][ T5981] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 331.943290][ T5981] ? f2fs_hw_is_readonly+0x39b/0x470 [ 331.943318][ T5981] f2fs_handle_critical_error+0x37c/0x540 [ 331.943347][ T5981] f2fs_write_end_io+0x495/0x810 [ 331.943369][ T5981] ? blkg_put+0x22/0x240 [ 331.943408][ T5981] __submit_merged_bio+0x27a/0x6a0 [ 331.943437][ T5981] __submit_merged_write_cond+0x255/0x530 [ 331.943466][ T5981] f2fs_write_data_pages+0x261d/0x3000 [ 331.943528][ T5981] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 331.943567][ T5981] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 331.943633][ T5981] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 331.943669][ T5981] ? trace_f2fs_writepages+0x7f/0x200 [ 331.943692][ T5981] ? f2fs_write_node_pages+0x478/0x6e0 [ 331.943732][ T5981] ? __lock_acquire+0xab9/0xd20 [ 331.943758][ T5981] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 331.943783][ T5981] do_writepages+0x32e/0x550 [ 331.943814][ T5981] ? reacquire_held_locks+0x127/0x1d0 [ 331.943845][ T5981] ? writeback_sb_inodes+0x384/0x1010 [ 331.943880][ T5981] __writeback_single_inode+0x145/0xff0 [ 331.943904][ T5981] ? do_raw_spin_unlock+0x122/0x240 [ 331.943927][ T5981] writeback_sb_inodes+0x6c7/0x1010 [ 331.943981][ T5981] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 331.944054][ T5981] ? rcu_is_watching+0x15/0xb0 [ 331.944089][ T5981] wb_writeback+0x43b/0xaf0 [ 331.944122][ T5981] ? queue_io+0x3d1/0x590 [ 331.944150][ T5981] ? __pfx_wb_writeback+0x10/0x10 [ 331.944184][ T5981] ? _raw_spin_unlock_irq+0x23/0x50 [ 331.944214][ T5981] wb_workfn+0x409/0xef0 [ 331.944252][ T5981] ? __pfx_wb_workfn+0x10/0x10 [ 331.944279][ T5981] ? __lock_acquire+0xab9/0xd20 [ 331.944312][ T5981] ? process_scheduled_works+0x9ef/0x17b0 [ 331.944342][ T5981] ? _raw_spin_unlock_irq+0x23/0x50 [ 331.944364][ T5981] ? process_scheduled_works+0x9ef/0x17b0 [ 331.944385][ T5981] ? process_scheduled_works+0x9ef/0x17b0 [ 331.944410][ T5981] process_scheduled_works+0xae1/0x17b0 [ 331.944466][ T5981] ? __pfx_process_scheduled_works+0x10/0x10 [ 331.944509][ T5981] worker_thread+0x8a0/0xda0 [ 331.944564][ T5981] kthread+0x70e/0x8a0 [ 331.944583][ T5981] ? __pfx_worker_thread+0x10/0x10 [ 331.944602][ T5981] ? __pfx_kthread+0x10/0x10 [ 331.944620][ T5981] ? _raw_spin_unlock_irq+0x23/0x50 [ 331.944644][ T5981] ? lockdep_hardirqs_on+0x9c/0x150 [ 331.944668][ T5981] ? __pfx_kthread+0x10/0x10 [ 331.944686][ T5981] ret_from_fork+0x3fc/0x770 [ 331.944713][ T5981] ? __pfx_ret_from_fork+0x10/0x10 [ 331.944743][ T5981] ? __switch_to_asm+0x39/0x70 [ 331.944758][ T5981] ? __switch_to_asm+0x33/0x70 [ 331.944773][ T5981] ? __pfx_kthread+0x10/0x10 [ 331.944791][ T5981] ret_from_fork_asm+0x1a/0x30 [ 331.944832][ T5981] [ 331.944840][ T5981] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 332.503583][ T13] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 333.823162][ T13] team0: left allmulticast mode [ 333.851974][ T13] team_slave_0: left allmulticast mode [ 333.857503][ T13] team_slave_1: left allmulticast mode [ 333.913662][ T13] team0: left promiscuous mode [ 333.934950][ T13] team_slave_0: left promiscuous mode [ 333.970622][ T13] team_slave_1: left promiscuous mode [ 334.007804][ T13] bridge0: port 3(team0) entered disabled state [ 334.035104][ T13] bridge_slave_1: left allmulticast mode [ 334.121245][ T13] bridge_slave_1: left promiscuous mode [ 334.155669][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 334.436101][ T5838] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 334.465513][ T5838] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 334.476430][ T5838] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 334.491332][ T5838] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 334.504233][ T5838] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 334.834761][ T13] bridge_slave_0: left allmulticast mode [ 334.886152][ T13] bridge_slave_0: left promiscuous mode [ 334.936009][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 336.553996][ T5838] Bluetooth: hci3: command tx timeout [ 336.856448][ T5971] usb 3-1: new full-speed USB device number 5 using dummy_hcd [ 337.872714][ T5971] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 337.883891][ T5971] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 337.895072][ T5971] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40 [ 337.914600][ T5971] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 337.940517][ T5971] usb 3-1: SerialNumber: syz [ 338.156129][ T5971] cdc_ether 3-1:1.0: probe with driver cdc_ether failed with error -22 [ 338.164932][ T5971] usb-storage 3-1:1.0: USB Mass Storage device detected [ 338.190934][ T5971] usb-storage 3-1:1.0: Quirks match for vid 0525 pid a4a5: 10000 [ 338.701654][ T5838] Bluetooth: hci3: command tx timeout [ 338.737324][ T5971] scsi host1: usb-storage 3-1:1.0 [ 338.900335][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 338.916841][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 338.928546][ T13] bond0 (unregistering): Released all slaves [ 339.037944][ T10] infiniband syz1: ib_query_port failed (-19) [ 339.038195][ T8331] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12 [ 339.053999][ T8331] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12 [ 339.063645][ T8331] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 339.997789][ T8339] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 340.142319][ T5971] usb 3-1: USB disconnect, device number 5 [ 341.137389][ T5838] Bluetooth: hci3: command tx timeout [ 343.190409][ T5838] Bluetooth: hci3: command tx timeout [ 343.305665][ T8394] loop1: detected capacity change from 0 to 1024 [ 344.320783][ T30] audit: type=1800 audit(1751468257.102:82): pid=8394 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.497" name="file1" dev="loop1" ino=20 res=0 errno=0 [ 345.567904][ T13] hsr_slave_0: left promiscuous mode [ 345.640685][ T13] hsr_slave_1: left promiscuous mode [ 345.683722][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 345.876291][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 346.695886][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 346.728108][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 346.999173][ T13] veth1_macvtap: left promiscuous mode [ 348.064321][ T13] veth0_macvtap: left promiscuous mode [ 348.158482][ T13] veth1_vlan: left promiscuous mode [ 348.173769][ T13] veth0_vlan: left promiscuous mode [ 353.144121][ T8465] ecryptfs_validate_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README [ 353.159285][ T8465] Error validating options; rc = [-22] [ 355.107842][ T5838] Bluetooth: hci1: unexpected cc 0x2039 length: 9 > 1 [ 355.115653][ T5838] Bluetooth: hci1: unexpected event for opcode 0x2039 [ 356.789062][ T13] team0 (unregistering): Port device team_slave_1 removed [ 357.425415][ T13] team0 (unregistering): Port device team_slave_0 removed [ 358.082975][ T8292] chnl_net:caif_netlink_parms(): no params data found [ 358.184377][ T8483] smc: net device bond0 applied user defined pnetid SYZ2 [ 358.203287][ T8484] smc: net device bond0 erased user defined pnetid SYZ2 [ 358.296223][ T8496] loop5: detected capacity change from 0 to 64 [ 358.371003][ T8496] hfs: get root inode failed [ 359.334031][ T5838] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 359.342691][ T5838] Bluetooth: hci1: Injecting HCI hardware error event [ 359.353424][ T5838] Bluetooth: hci1: hardware error 0x00 [ 361.582619][ T8292] bridge0: port 1(bridge_slave_0) entered blocking state [ 361.592203][ T8292] bridge0: port 1(bridge_slave_0) entered disabled state [ 361.600842][ T8292] bridge_slave_0: entered allmulticast mode [ 361.609635][ T8292] bridge_slave_0: entered promiscuous mode [ 361.618503][ T8292] bridge0: port 2(bridge_slave_1) entered blocking state [ 361.674415][ T5838] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 361.730659][ T8292] bridge0: port 2(bridge_slave_1) entered disabled state [ 361.739068][ T8292] bridge_slave_1: entered allmulticast mode [ 361.765958][ T8292] bridge_slave_1: entered promiscuous mode [ 361.809306][ T8525] loop2: detected capacity change from 0 to 256 [ 363.968667][ T8292] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 364.162651][ T8292] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 365.222477][ T8556] loop2: detected capacity change from 0 to 32768 [ 366.180385][ T8556] JBD2: Ignoring recovery information on journal [ 366.187275][ T8556] JBD2: Journal too short (blocks 2-2). [ 366.192975][ T8556] JBD2: journal reset failed [ 366.197572][ T8556] (syz.2.530,8556,1):ocfs2_journal_load:1167 ERROR: Failed to load journal! [ 366.207244][ T8556] (syz.2.530,8556,1):ocfs2_check_volume:2374 ERROR: ocfs2 journal load failed! -22 [ 366.216707][ T8556] (syz.2.530,8556,1):ocfs2_check_volume:2430 ERROR: status = -22 [ 366.224628][ T8556] (syz.2.530,8556,1):ocfs2_mount_volume:1764 ERROR: status = -22 [ 366.331471][ T8556] (syz.2.530,8556,1):ocfs2_fill_super:1177 ERROR: status = -22 [ 367.245712][ T8292] team0: Port device team_slave_0 added [ 367.285326][ T8292] team0: Port device team_slave_1 added [ 369.854537][ T8292] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 369.884391][ T8292] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 371.830406][ T6043] usb 6-1: new full-speed USB device number 2 using dummy_hcd [ 371.850392][ T8292] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 371.897754][ T8292] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 371.912941][ T8292] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 371.941075][ T8292] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 372.029088][ T6043] usb 6-1: config 5 has an invalid interface number: 244 but max is 0 [ 372.067147][ T6043] usb 6-1: config 5 has no interface number 0 [ 372.306926][ T6043] usb 6-1: config 5 interface 244 altsetting 0 endpoint 0x2 has an invalid bInterval 0, changing to 10 [ 373.240346][ T6043] usb 6-1: config 5 interface 244 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 373.483507][ T6043] usb 6-1: string descriptor 0 read error: -71 [ 373.512828][ T6043] usb 6-1: New USB device found, idVendor=16d6, idProduct=0001, bcdDevice=b2.cd [ 373.830827][ T8611] loop2: detected capacity change from 0 to 32768 [ 373.838129][ T8611] XFS: ikeep mount option is deprecated. [ 373.859209][ T6043] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 374.504186][ T8292] hsr_slave_0: entered promiscuous mode [ 374.512475][ T8611] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 374.532918][ T8292] hsr_slave_1: entered promiscuous mode [ 374.545897][ T6043] usb 6-1: can't set config #5, error -71 [ 374.549689][ T8292] debugfs: 'hsr0' already exists in 'hsr' [ 374.561822][ T8292] Cannot create hsr debugfs directory [ 374.593025][ T6043] usb 6-1: USB disconnect, device number 2 [ 374.875085][ T8611] XFS (loop2): Ending clean mount [ 374.897537][ T8611] XFS (loop2): Quotacheck needed: Please wait. [ 375.979443][ T8611] XFS (loop2): Quotacheck: Done. [ 376.945688][ T8645] xfs: Unknown parameter '01777777777777777777777' [ 377.543503][ T5835] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 378.245521][ T8655] capability: warning: `syz.1.550' uses 32-bit capabilities (legacy support in use) [ 378.493561][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.493637][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 380.190718][ T8676] loop1: detected capacity change from 0 to 1024 [ 380.208895][ T8676] EXT4-fs: Ignoring removed nobh option [ 380.214633][ T8676] EXT4-fs: Ignoring removed bh option [ 381.260298][ T8676] EXT4-fs error (device loop1): ext4_orphan_get:1419: comm syz.1.554: bad orphan inode 32767 [ 381.316140][ T8676] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 382.360036][ T5843] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 382.503243][ T8692] Bluetooth: MGMT ver 1.23 [ 382.555990][ T8689] Bluetooth: hci0: Opcode 0x0401 failed: -112 [ 382.836902][ T8698] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 384.641645][ T5856] Bluetooth: hci0: command 0x0406 tx timeout [ 384.649303][ T5838] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 386.599836][ T8738] netlink: 64 bytes leftover after parsing attributes in process `syz.5.569'. [ 386.777407][ T5856] Bluetooth: hci0: command 0x0406 tx timeout [ 387.415080][ T8292] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 387.468891][ T8292] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 387.489926][ T8292] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 387.516399][ T8292] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 388.761484][ T8292] 8021q: adding VLAN 0 to HW filter on device bond0 [ 389.264008][ T8292] 8021q: adding VLAN 0 to HW filter on device team0 [ 389.307594][ T5981] bridge0: port 1(bridge_slave_0) entered blocking state [ 389.314742][ T5981] bridge0: port 1(bridge_slave_0) entered forwarding state [ 389.508155][ T8292] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 389.520590][ T8292] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 390.449694][ T5981] bridge0: port 2(bridge_slave_1) entered blocking state [ 390.456890][ T5981] bridge0: port 2(bridge_slave_1) entered forwarding state [ 390.521038][ T8774] Illegal XDP return value 4294967294 on prog (id 148) dev N/A, expect packet loss! [ 390.531845][ T8774] netlink: 12 bytes leftover after parsing attributes in process `syz.1.575'. [ 390.861238][ T8779] netlink: 16 bytes leftover after parsing attributes in process `syz.5.574'. [ 401.380457][ T6043] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 401.653185][ T6043] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 401.734780][ T5838] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 401.757129][ T5838] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 401.770530][ T6043] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 401.782097][ T5838] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 401.849092][ T5838] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 401.869824][ T5838] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 401.910984][ T6043] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 401.999501][ T6043] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 402.069950][ T6043] usb 2-1: config 0 descriptor?? [ 402.096020][ T8869] loop2: detected capacity change from 0 to 1024 [ 403.128226][ T1148] hfsplus: b-tree write err: -5, ino 4 [ 403.322174][ T5999] usb 2-1: USB disconnect, device number 5 [ 403.606129][ T8883] loop5: detected capacity change from 0 to 4096 [ 403.654604][ T8883] EXT4-fs: Ignoring removed oldalloc option [ 404.330324][ T5838] Bluetooth: hci3: command tx timeout [ 404.605383][ T8883] EXT4-fs (loop5): Test dummy encryption mode enabled [ 404.746036][ T8883] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003] [ 404.786273][ T8883] System zones: 0-5 [ 404.884387][ T8883] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 405.948967][ T5981] bridge_slave_1: left allmulticast mode [ 406.133007][ T5981] bridge_slave_1: left promiscuous mode [ 406.209782][ T5981] bridge0: port 2(bridge_slave_1) entered disabled state [ 406.251733][ T6215] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 406.400681][ T5838] Bluetooth: hci3: command tx timeout [ 407.408721][ T5981] bridge_slave_0: left allmulticast mode [ 407.424935][ T5981] bridge_slave_0: left promiscuous mode [ 407.444244][ T8933] loop1: detected capacity change from 0 to 256 [ 407.477994][ T5981] bridge0: port 1(bridge_slave_0) entered disabled state [ 407.558995][ T8933] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x53fda505, utbl_chksum : 0xe619d30d) [ 407.602264][ T8933] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 408.470282][ T5838] Bluetooth: hci3: command tx timeout [ 409.287047][ T8954] IPv6: Can't replace route, no match found [ 410.550286][ T5838] Bluetooth: hci3: command tx timeout [ 411.431188][ T5981] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 411.464602][ T5981] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 411.620872][ T8974] random: crng reseeded on system resumption [ 411.871258][ T5981] bond0 (unregistering): Released all slaves [ 412.360902][ T8935] dummy0: entered promiscuous mode [ 412.366489][ T8935] vlan2: entered promiscuous mode [ 412.912911][ T8989] 9pnet_fd: Insufficient options for proto=fd [ 413.404938][ T8862] chnl_net:caif_netlink_parms(): no params data found [ 413.499030][ T5981] hsr_slave_0: left promiscuous mode [ 413.703293][ T9000] netlink: 8 bytes leftover after parsing attributes in process `syz.1.618'. [ 413.712412][ T9000] netlink: 20 bytes leftover after parsing attributes in process `syz.1.618'. [ 414.552995][ T5981] hsr_slave_1: left promiscuous mode [ 414.567812][ T5981] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 414.639216][ T5981] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 414.985802][ T9] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 415.806397][ T9] usb 1-1: Using ep0 maxpacket: 32 [ 415.816844][ T9] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA6, changing to 0x86 [ 415.846982][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x86 has an invalid bInterval 0, changing to 7 [ 415.883919][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x86 has invalid wMaxPacketSize 0 [ 415.940244][ T9] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 416.005685][ T9] usb 1-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36 [ 416.034625][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 416.097755][ T9] usb 1-1: Product: syz [ 416.127232][ T9] usb 1-1: Manufacturer: syz [ 416.238122][ T9] usb 1-1: SerialNumber: syz [ 416.408123][ T9] usb 1-1: config 0 descriptor?? [ 416.787961][ T5981] team0 (unregistering): Port device team_slave_1 removed [ 416.803218][ T9033] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 416.868416][ T9033] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 416.951250][ T3079] usb 1-1: USB disconnect, device number 5 [ 417.081590][ T5981] team0 (unregistering): Port device team_slave_0 removed [ 422.960990][ T9060] workqueue: Failed to create a rescuer kthread for wq "wg-crypt-:/": -EINTR [ 424.142620][ T8862] bridge0: port 1(bridge_slave_0) entered blocking state [ 424.206741][ T8862] bridge0: port 1(bridge_slave_0) entered disabled state [ 424.220446][ T8862] bridge_slave_0: entered allmulticast mode [ 424.244451][ T8862] bridge_slave_0: entered promiscuous mode [ 424.257973][ T8862] bridge0: port 2(bridge_slave_1) entered blocking state [ 424.273761][ T8862] bridge0: port 2(bridge_slave_1) entered disabled state [ 424.289458][ T8862] bridge_slave_1: entered allmulticast mode [ 424.342961][ T8862] bridge_slave_1: entered promiscuous mode [ 425.056285][ T8862] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 425.102977][ T8862] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 425.146955][ T9148] loop1: detected capacity change from 0 to 16 [ 425.157094][ T9148] erofs (device loop1): mounted with root inode @ nid 36. [ 425.448496][ T9152] erofs (device loop1): read error -117 @ 8200 of nid 36 [ 426.242517][ T8862] team0: Port device team_slave_0 added [ 426.289585][ T8862] team0: Port device team_slave_1 added [ 427.538511][ T8862] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 428.238527][ T8862] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 428.684395][ T8862] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 428.980918][ T8862] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 429.481682][ T9181] syz.2.654: attempt to access beyond end of device [ 429.481682][ T9181] loop5: rw=0, sector=0, nr_sectors = 1 limit=0 [ 429.495552][ T9181] FAT-fs (loop5): unable to read boot sector [ 429.881329][ T8862] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 430.295586][ T8862] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 431.784814][ T9199] loop5: detected capacity change from 0 to 256 [ 432.347260][ T8862] hsr_slave_0: entered promiscuous mode [ 432.364409][ T9188] RDS: rds_bind could not find a transport for fec0:ffff::1, load rds_tcp or rds_rdma? [ 432.453090][ T8862] hsr_slave_1: entered promiscuous mode [ 432.487031][ T8862] debugfs: 'hsr0' already exists in 'hsr' [ 432.518095][ T8862] Cannot create hsr debugfs directory [ 435.907962][ T9226] bond_slave_0: entered promiscuous mode [ 435.914100][ T9226] bond_slave_1: entered promiscuous mode [ 435.931763][ T9226] vlan2: entered promiscuous mode [ 436.208407][ T9226] bond0: entered promiscuous mode [ 437.068455][ T9240] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 437.127775][ T5908] IPVS: starting estimator thread 0... [ 438.072921][ T9247] IPVS: using max 29 ests per chain, 69600 per kthread [ 439.032933][ T9269] vlan2: entered promiscuous mode [ 439.038155][ T9269] vlan2: entered allmulticast mode [ 439.043435][ T9269] hsr_slave_1: entered allmulticast mode [ 439.225399][ T9273] netlink: 4 bytes leftover after parsing attributes in process `syz.1.678'. [ 439.868360][ T9281] loop5: detected capacity change from 0 to 128 [ 439.935365][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 439.946730][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.268082][ T9289] loop2: detected capacity change from 0 to 1024 [ 440.278702][ T9289] EXT4-fs: inline encryption not supported [ 440.285042][ T9289] EXT4-fs: Ignoring removed bh option [ 440.489831][ T9289] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 440.724777][ T9289] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4113: comm syz.2.679: Allocating blocks 497-513 which overlap fs metadata [ 440.759303][ T9289] EXT4-fs (loop2): Remounting filesystem read-only [ 440.895495][ T9295] loop0: detected capacity change from 0 to 2048 [ 440.898684][ T9282] EXT4-fs (loop2): pa ffff8880776580e8: logic 256, phys. 385, len 8 [ 441.061860][ T9295] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 441.088919][ T5835] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 441.145818][ T30] audit: type=1800 audit(1751468353.892:83): pid=9295 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.682" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 441.175806][ T9295] ip6_tunnel: non-ECT from fc00:0000:0000:0000:0000:0000:0000:0000 with DS=0x3 [ 441.374085][ T8862] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 441.856243][ T8862] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 442.222027][ T8862] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 442.249847][ T8862] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 442.278624][ T5834] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 444.455542][ T9333] loop1: detected capacity change from 0 to 256 [ 444.704292][ T9333] exFAT-fs (loop1): failed to load upcase table (idx : 0x00012153, chksum : 0xc9bffc20, utbl_chksum : 0xe619d30d) [ 445.100323][ T8862] 8021q: adding VLAN 0 to HW filter on device bond0 [ 445.626651][ T9346] exFAT-fs (loop1): start_clu is invalid cluster(0x400) [ 445.809977][ T8862] 8021q: adding VLAN 0 to HW filter on device team0 [ 445.822668][ T5992] bridge0: port 1(bridge_slave_0) entered blocking state [ 445.829948][ T5992] bridge0: port 1(bridge_slave_0) entered forwarding state [ 446.018589][ T5983] bridge0: port 2(bridge_slave_1) entered blocking state [ 446.025764][ T5983] bridge0: port 2(bridge_slave_1) entered forwarding state [ 446.927893][ T8862] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 446.938939][ T8862] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 448.477622][ T9371] netlink: 'syz.0.696': attribute type 1 has an invalid length. [ 449.490003][ T8862] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 449.775974][ T9380] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=none:owns=io+mem [ 449.802724][ T8862] veth0_vlan: entered promiscuous mode [ 449.866450][ T8862] veth1_vlan: entered promiscuous mode [ 449.972429][ T8862] veth0_macvtap: entered promiscuous mode [ 450.002018][ T8862] veth1_macvtap: entered promiscuous mode [ 450.061978][ T8862] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 450.118096][ T8862] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 450.169816][ T6002] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 450.209966][ T6002] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 450.265070][ T6002] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 450.312483][ T6002] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 450.465343][ T9389] loop5: detected capacity change from 0 to 256 [ 450.493551][ T9389] FAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 450.531334][ T10] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 450.724345][ T10] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 450.877238][ T10] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 451.024763][ T5992] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 451.089746][ T10] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 451.269840][ T5992] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 451.336651][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 451.405837][ T10] usb 2-1: config 0 descriptor?? [ 451.467750][ T6113] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 451.504419][ T6113] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 453.708784][ T6043] usb 2-1: USB disconnect, device number 6 [ 453.807714][ T9414] netlink: 4 bytes leftover after parsing attributes in process `syz.3.705'. [ 453.969333][ T9416] loop5: detected capacity change from 0 to 256 [ 454.047855][ T9416] exFAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 454.114060][ T9416] exFAT-fs (loop5): Medium has reported failures. Some data may be lost. [ 454.174718][ T9416] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 457.436316][ T9449] netlink: 'syz.2.711': attribute type 1 has an invalid length. [ 457.516086][ T9442] loop5: detected capacity change from 0 to 1024 [ 457.666126][ T9453] netlink: 28 bytes leftover after parsing attributes in process `syz.1.716'. [ 457.695286][ T9453] netlink: 8 bytes leftover after parsing attributes in process `syz.1.716'. [ 457.881744][ T9458] netlink: 'syz.1.716': attribute type 10 has an invalid length. [ 457.891023][ T9442] ------------[ cut here ]------------ [ 457.896702][ T9442] kernel BUG at fs/hfsplus/bnode.c:624! [ 457.911743][ T9442] Oops: invalid opcode: 0000 [#1] SMP KASAN PTI [ 457.918055][ T9442] CPU: 0 UID: 0 PID: 9442 Comm: syz.5.714 Not tainted 6.16.0-rc4-next-20250702-syzkaller #0 PREEMPT(full) [ 457.929474][ T9442] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 457.939570][ T9442] RIP: 0010:hfsplus_bnode_put+0x54a/0x560 [ 457.945331][ T9442] Code: 8b ff e9 b2 fe ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c f0 fe ff ff 48 89 df e8 01 c1 8b ff e9 e3 fe ff ff e8 a7 ad 27 ff 90 <0f> 0b e8 9f ad 27 ff 90 0f 0b 66 66 66 2e 0f 1f 84 00 00 00 00 00 [ 457.964960][ T9442] RSP: 0018:ffffc900046ef3a8 EFLAGS: 00010287 [ 457.971056][ T9442] RAX: ffffffff82982739 RBX: ffff888028d4b200 RCX: 0000000000080000 [ 457.979052][ T9442] RDX: ffffc9001b201000 RSI: 000000000000533e RDI: 000000000000533f [ 457.987034][ T9442] RBP: 0000000000000000 R08: ffff888028d4b283 R09: 1ffff110051a9650 [ 457.995007][ T9442] R10: dffffc0000000000 R11: ffffed10051a9651 R12: ffff888028d4b280 [ 458.002988][ T9442] R13: 1ffff920008dde88 R14: dffffc0000000000 R15: ffff888029c42000 [ 458.010970][ T9442] FS: 00007f9fb5b716c0(0000) GS:ffff888125c1d000(0000) knlGS:0000000000000000 [ 458.019901][ T9442] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 458.026490][ T9442] CR2: 0000001b30220220 CR3: 0000000051dda000 CR4: 00000000003526f0 [ 458.034464][ T9442] DR0: 0000000000000000 DR1: 0000000000000097 DR2: 0000000000000000 [ 458.042430][ T9442] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 458.050395][ T9442] Call Trace: [ 458.053672][ T9442] [ 458.056615][ T9442] ? do_raw_spin_unlock+0x122/0x240 [ 458.061840][ T9442] hfsplus_bmap_alloc+0x5a5/0x640 [ 458.066885][ T9442] ? __pfx_hfsplus_bmap_alloc+0x10/0x10 [ 458.072442][ T9442] ? hfsplus_bnode_read+0x135/0x2a0 [ 458.077647][ T9442] ? hfsplus_bnode_read+0x135/0x2a0 [ 458.082858][ T9442] hfs_bnode_split+0xcc/0xef0 [ 458.087554][ T9442] ? hfsplus_bnode_read+0x255/0x2a0 [ 458.092755][ T9442] ? hfsplus_bnode_read+0x135/0x2a0 [ 458.097956][ T9442] ? __asan_memcpy+0x40/0x70 [ 458.102561][ T9442] ? hfsplus_bnode_read_u16+0x87/0xd0 [ 458.107939][ T9442] ? __pfx_hfs_bnode_split+0x10/0x10 [ 458.113232][ T9442] hfsplus_brec_insert+0x38f/0xcc0 [ 458.118358][ T9442] ? __pfx_hfsplus_brec_insert+0x10/0x10 [ 458.124002][ T9442] ? hfsplus_find_init+0x8c/0x1d0 [ 458.129037][ T9442] hfsplus_create_cat+0x9e9/0x1000 [ 458.134156][ T9442] ? __pfx_hfsplus_create_cat+0x10/0x10 [ 458.139704][ T9442] ? __asan_memset+0x22/0x50 [ 458.144297][ T9442] ? put_dec_full8+0x11c/0x2e0 [ 458.149105][ T9442] ? __pfx_sprintf+0x10/0x10 [ 458.153709][ T9442] hfsplus_link+0x3eb/0x6a0 [ 458.158220][ T9442] ? __pfx_hfsplus_link+0x10/0x10 [ 458.163264][ T9442] ? __pfx_from_kgid+0x10/0x10 [ 458.168033][ T9442] ? down_write+0x162/0x1f0 [ 458.172542][ T9442] ? __pfx_down_write+0x10/0x10 [ 458.177400][ T9442] ? inode_permission+0x149/0x470 [ 458.182430][ T9442] ? try_break_deleg+0x79/0x130 [ 458.187290][ T9442] vfs_link+0x4ed/0x6e0 [ 458.191464][ T9442] do_linkat+0x272/0x560 [ 458.195721][ T9442] ? __pfx_do_linkat+0x10/0x10 [ 458.200490][ T9442] ? strncpy_from_user+0x150/0x290 [ 458.205608][ T9442] ? getname_flags+0x1e5/0x540 [ 458.210375][ T9442] __x64_sys_link+0x82/0x90 [ 458.214876][ T9442] do_syscall_64+0xfa/0x3b0 [ 458.219383][ T9442] ? lockdep_hardirqs_on+0x9c/0x150 [ 458.224588][ T9442] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 458.230656][ T9442] ? clear_bhb_loop+0x60/0xb0 [ 458.235335][ T9442] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 458.241228][ T9442] RIP: 0033:0x7f9fb4d8e929 [ 458.245659][ T9442] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 458.265265][ T9442] RSP: 002b:00007f9fb5b71038 EFLAGS: 00000246 ORIG_RAX: 0000000000000056 [ 458.273677][ T9442] RAX: ffffffffffffffda RBX: 00007f9fb4fb5fa0 RCX: 00007f9fb4d8e929 [ 458.281655][ T9442] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 00002000000001c0 [ 458.289642][ T9442] RBP: 00007f9fb4e10b39 R08: 0000000000000000 R09: 0000000000000000 [ 458.297610][ T9442] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 458.305575][ T9442] R13: 0000000000000000 R14: 00007f9fb4fb5fa0 R15: 00007ffc4489ea38 [ 458.313548][ T9442] [ 458.316573][ T9442] Modules linked in: [ 458.321801][ T9442] ---[ end trace 0000000000000000 ]--- [ 458.346601][ T9442] RIP: 0010:hfsplus_bnode_put+0x54a/0x560 [ 458.352528][ T9442] Code: 8b ff e9 b2 fe ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c f0 fe ff ff 48 89 df e8 01 c1 8b ff e9 e3 fe ff ff e8 a7 ad 27 ff 90 <0f> 0b e8 9f ad 27 ff 90 0f 0b 66 66 66 2e 0f 1f 84 00 00 00 00 00 [ 458.382225][ T9451] bond2: (slave geneve2): making interface the new active one [ 458.393053][ T9451] bond2: (slave geneve2): Enslaving as an active interface with an up link [ 458.425544][ T9442] RSP: 0018:ffffc900046ef3a8 EFLAGS: 00010287 [ 458.434433][ T9442] RAX: ffffffff82982739 RBX: ffff888028d4b200 RCX: 0000000000080000 [ 458.445433][ T9458] bridge0: port 3(team0) entered blocking state [ 458.452919][ T9458] bridge0: port 3(team0) entered disabled state [ 458.461146][ T9458] team0: entered allmulticast mode [ 458.479178][ T9458] team_slave_0: entered allmulticast mode [ 458.488715][ T9442] RDX: ffffc9001b201000 RSI: 000000000000533e RDI: 000000000000533f [ 458.496965][ T9458] team_slave_1: entered allmulticast mode [ 458.498768][ T9458] team0: entered promiscuous mode [ 458.508341][ T9458] team_slave_0: entered promiscuous mode [ 458.514408][ T9458] team_slave_1: entered promiscuous mode [ 458.519220][ T9442] RBP: 0000000000000000 R08: ffff888028d4b283 R09: 1ffff110051a9650 [ 458.525046][ T9458] bridge0: port 3(team0) entered blocking state [ 458.534450][ T9458] bridge0: port 3(team0) entered forwarding state [ 458.594598][ T9442] R10: dffffc0000000000 R11: ffffed10051a9651 R12: ffff888028d4b280 [ 458.611073][ T9442] R13: 1ffff920008dde88 R14: dffffc0000000000 R15: ffff888029c42000 [ 458.620543][ T9442] FS: 00007f9fb5b716c0(0000) GS:ffff888125d1d000(0000) knlGS:0000000000000000 [ 458.630202][ T9442] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 458.649299][ T9442] CR2: 0000001b2e007ff8 CR3: 0000000051dda000 CR4: 00000000003526f0 [ 458.662295][ T9442] DR0: 0000000000000000 DR1: 0000000000000097 DR2: 0000000000000000 [ 458.674169][ T9455] bond2: (slave ip6gretap1): Enslaving as an active interface with an up link [ 458.700670][ T9442] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 458.713423][ T9442] Kernel panic - not syncing: Fatal exception [ 458.719856][ T9442] Kernel Offset: disabled [ 458.724180][ T9442] Rebooting in 86400 seconds..