last executing test programs: 14.875473986s ago: executing program 3 (id=357): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x81c0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0) mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1/file2\x00', 0x81c0, 0x0) r4 = landlock_create_ruleset(&(0x7f0000000140)={0x615d}, 0x18, 0x0) landlock_restrict_self(r4, 0x0) renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./file1/file2\x00', 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x2) 12.35589397s ago: executing program 0 (id=361): openat$sysctl(0xffffffffffffff9c, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r2, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d8000000100081044e81f782db44b904021d080c30000000e8fe55a1190015000600142603600e1209004000f8ff0700a80016000a0004400a080000036010fab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9701", 0xd8}], 0x1}, 0x4) bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e21, @empty}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000440)='vegas\x00', 0x6) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000040)={@mcast1, 0x1, 0x0, 0x2, 0x3, 0x9}, 0x20) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$kcm(0x29, 0x5, 0x0) r5 = syz_io_uring_setup(0x10c, &(0x7f0000000380)={0x0, 0x5885, 0x10, 0x0, 0x2c1}, &(0x7f0000000040)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r6, r7, &(0x7f00000002c0)=@IORING_OP_SEND={0x1a, 0x40, 0x0, r4, 0x0, 0x0, 0x5c, 0x10}) io_uring_enter(r5, 0x3516, 0x0, 0x0, 0x0, 0x0) ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, &(0x7f0000000040)={'virt_wifi0\x00', 0x2}) ioctl(r3, 0x8b32, &(0x7f0000000040)) recvfrom$inet(r1, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0xc9100120, 0x0, 0xfffffffffffffd25) 12.008161866s ago: executing program 2 (id=363): prctl$PR_SET_SECCOMP(0x16, 0x0, 0x0) r0 = accept4$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x0, @private}, 0x0, 0x800) shutdown(r0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x2, 0x40000086}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000032680)=""/102392, 0x18ff8) r2 = syz_open_procfs(0x0, &(0x7f0000000080)='mounts\x00') read$FUSE(r2, &(0x7f0000007100)={0x2020}, 0x941f) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, r2, 0x0) r3 = userfaultfd(0x80801) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4}) pipe2$9p(0x0, 0x800) r4 = syz_open_dev$ptys(0xc, 0x3, 0x0) writev(0xffffffffffffffff, &(0x7f0000000000), 0x0) ioctl$TIOCSTI(r4, 0x5412, &(0x7f0000000100)=0xa) ioctl$UFFDIO_COPY(r3, 0xc028aa03, &(0x7f0000000100)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000339000/0x1000)=nil, 0x800000}) 11.466217906s ago: executing program 3 (id=364): socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = syz_io_uring_setup(0x49a, 0x0, &(0x7f0000000340)=0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, 0x0, 0x0, 0x4) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) pipe2(&(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r4 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) sendfile(r3, r5, 0x0, 0x10ffff) io_uring_enter(r1, 0x627, 0xc1040100, 0x43, 0x0, 0x0) 10.640150871s ago: executing program 2 (id=365): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000280)=0x9) r1 = getpid() bpf$MAP_CREATE(0x0, 0x0, 0x48) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r4 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r4, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xa}}, 0x2}}, 0x2e) r5 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r5, &(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, r5, {0x2, 0xfffc}, 0x2, 0x4}}, 0x26) r6 = bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000004440)=@base={0x9, 0x4, 0x4, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, r6, 0x2, 0x1}, 0x50) ioctl$PPPIOCGL2TPSTATS(r5, 0x8004745a, 0x0) r7 = dup(0xffffffffffffffff) read$msr(r7, 0x0, 0x0) sendmsg$IPCTNL_MSG_CT_DELETE(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000000201050000001594453a01fe9a143b00"], 0x14}, 0x1, 0x0, 0x0, 0x20044804}, 0x40040) syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="041d0507c8007b20"], 0x8) 10.610985841s ago: executing program 0 (id=366): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x23, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = openat$fb0(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r4, 0x4601, &(0x7f0000000380)={0x3c0, 0x78, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x8, 0x3, 0x1ff, 0x3d, 0x963, 0x3, 0x53, 0x202, 0x1, 0xc}) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000000)=ANY=[], 0x0, 0x26}, 0x28) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="150000000051090000000000007590000000950000e983d7aeff"], 0x0, 0x5, 0xa8, &(0x7f00000002c0)=""/168, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000200), 0x10}, 0x94) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000004c0)={r5, 0xc0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x42400) sendmsg$inet(0xffffffffffffffff, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x128}, 0x0) recvmsg$unix(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)}, 0x2000) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r6, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0xffffffea}, 0x0) 9.456124262s ago: executing program 1 (id=367): mkdirat(0xffffffffffffff9c, 0x0, 0x0) inotify_add_watch(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x2000018) open(&(0x7f00000000c0)='./file0\x00', 0x14000, 0x50) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sched_switch\x00'}, 0x18) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdir(0x0, 0x21) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'}) r3 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) ioctl(r3, 0x8b2c, &(0x7f0000000040)) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', 0x0, 0x0, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './bus'}}]}) chroot(&(0x7f0000000000)='./bus\x00') 8.537565868s ago: executing program 2 (id=368): r0 = openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f0000000540), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x42031, 0xffffffffffffffff, 0x0) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x5) r3 = socket$inet6(0xa, 0x2, 0x3a) recvmmsg(r3, &(0x7f0000005640)=[{{0x0, 0x0, 0x0}, 0x6}], 0x1, 0x40010000, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x0, 0x6, @mcast2, 0x6}, 0x1c) sendto$inet6(r3, &(0x7f0000000080)="800037bbfa9ba1ce", 0xffd8, 0x0, 0x0, 0x0) syz_open_dev$vim2m(&(0x7f0000000040), 0x4000010001ff, 0x2) sendmmsg$inet(r2, 0x0, 0x0, 0x20008000) setsockopt$inet_tcp_TLS_TX(r2, 0x6, 0x1, &(0x7f0000000080)=@ccm_128={{0x303}, "f1a0f9fff9e440b4", "881aae83544dfa6412f91b9057e3f415", "9dca43b6", "9ecb592c6ee49fbd"}, 0x28) openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) 7.771747172s ago: executing program 0 (id=369): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r1 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r1, &(0x7f0000000200)={0xa, 0x0, 0xfffffffd, @local, 0x1}, 0x1c) r2 = dup(r1) r3 = open(&(0x7f00000000c0)='./file0\x00', 0x16f8c2, 0x0) ftruncate(r3, 0x200004) sendfile(r2, r3, 0x0, 0x80001d00c0d1) 6.71857456s ago: executing program 1 (id=370): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) socket$nl_xfrm(0x10, 0x3, 0x6) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000000)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) syz_mount_image$fuse(0x0, &(0x7f0000000580)='./file0\x00', 0x0, 0x0, 0x8, 0x0, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000280)={0x0}, &(0x7f0000000300)=0xc) times(0x0) rt_tgsigqueueinfo(r0, r3, 0x11, &(0x7f0000000340)={0x18, 0xfffffff9}) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0xd, 0x0, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)='tmpfs\x00', 0x0, &(0x7f0000000240)='nolazytime') sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000440)=@framed={{}, [@printk={@llx, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xfffffffe}, {0x85, 0x0, 0x0, 0x2d}}]}, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="240000006800019f00000000000000000a000000000000000800010001000000040004"], 0x24}, 0x1, 0x0, 0x0, 0x4}, 0x0) 6.71742901s ago: executing program 3 (id=371): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x8001, 0x0) ioctl$TUNGETFEATURES(r0, 0x800454cf, 0x0) syz_fuse_handle_req(0xffffffffffffffff, &(0x7f0000001a80)="5a384a217a2d82c5ec7bde148b403544b4bdb579f3e3fbf170a3469a03b7ba2a91da2bb5fefdfb5ee8c9a765bd0aa2e8b8b401f3b58de521f3e6db76caf7b9ea41905fac2631a75e5d2e09e06515ff14b80da52516075f57e7407448ffbd076beeb37ba4a5553141482cafea7fcf5fb2b03efdf1b49c8c8170587ce2a60a85024c7adbc4b334ecb3167e533aa35d2741012c718c73d8650095eed7a7569fa74c352893ad1a22c5a77af8f2e7970aed14104738b5cd78bf4f9227f55d2ffb78093c957d1bff072137969865ccfca5afbe63fe8f1a6684bb1eaecbf9172186d97535ff934b122eb8e8262e97bd6fad21d3a14a3786585270769d87b6477cfe0740555c6da4d5e600ae4d5af479dc1ffef196e1332ad95c1c58bc9d1cdac91ef22c1c8f32008601d4fe42493b4cf49166688aa5ed31c4b0dd072f6e4209d418914c3df34c2bbf7726603ffa60954980a1de421eb16f23729f3d9c822089d1f5ed131be61fae0e87ed82495a55162fef5ec693639d3772513e0e1dd42f674da3c9e7dd19bcacd8c68f39e7c51b3b021b1c88b3044a33b28781c3b945b720000587415401aa2187cf293f6e1f0877262954823a45e40630d06b6bb31d1fabd80fbdbcf9ebc9b8dd416dbc156eae3bd7926994196f9fa280c6642db7906dcfc4f5aacfe58f7798742b134e98faf62d2dddd2503240ed38d50809662fcb3f6086b01aa8fc52d0eaf04d3d2a36beaee875fc3d2cb2b97496ac90ea79d279ab0cc8a442df0859765930d95bd82f8282144d1d8dd8eab0285c7743b776421010d7b74acf7bcc6c6e9d38713de9c99df8ac8469590b23ae358de52a6f2d7e00286675b4e2fc168d3f2b9ca6388cb87b97acc90639a1d1d16013910a795d2590f559ceea19f0a0be189c346eaf27d8c53aed71ef8c819cdf0d7239bde7831fc23be532bc065d1812b070655ae6dff2c3261d35ff1a404ef927c028e726107fe26808352e944335b6e9895c6112b49862089e7b37c16efbf7dd7d5569c2dd14915154465c94b50ff43452d66c797bac0acb102cec36acfc561beb71d92ba83d6fa24ccdd5290779c5ee075b9baf835f21b2d76a74c42af035079e62b09ccf512b1cdde4ed0679c230d4739ecec880123845a8b17762a5dd9873dcdeebf809a42899a49b2693c2d87efb3b8a2f2bdda5dacd8084d91d71c603f2c7f0a9e8db7080e575aa8baaae6791530b74e6d9bd887379058673a579de4ab71988b8fef429d45560cabc32553103d1e7156608bba760dde9ea3452a4958ef0dc4d1176de951ace0e05033cc974e80bcde9601e267d80578565d49a497cc981d4e304978262124cf712231335266ea736481669706bd5f997f793f428a7d3ee5bda9b702f88c8c95541441f9f88b7a3b643e4a3aaa32fcc537063e447ba5928e7da583033c1642acc16b42d8baea677a2ba9a189ac745e6c8762257644c5dcc1ed8c60663a17ecd8be62830bd16b9eee4dfcf6cb13d0067f36f4d811fe961d2553a02fb7f117f07099d5c4747345531e807f13a90049a56c7816d76c503c5b7d04394955ba8e53a54309e811ac396ede3142dd41f9a1f695b72e8b75d68db27ff9c5e5fac36337f41aac853add254a4e8f2e3912d77ace9a27e58951d055a5f492accdd4bccb7379533b9b01f10042c294e8afb407c8dc752785f0e6078aa76f0f8598d9c26a6e6cd3948d1b1d6bcf51d7a1b9050fef9be16fe4bc4e40686813940c1748e00602ec782118395e7c07022ca8ac248f5c3b53a45cec6bb7f962add742b68c36cde15ff0f76c1fc596bca8d42c03722f6e78260cb30f47c84d567a089e1ab987c304e1bf70b668d1a35e72980ea7b9ec5a91c49c2a8962bb5f337434ea2ad80438f55ae50040390141eb4a9c2b47ea88adc9034f6d308449e4f40a2c1339a77ffa6e7239dab74f08bf1cc126bf318f47d5bbca4c9f4c9724fca344f93b0fc264ab7fc4d487861798e3d4fc5ce64de71e47bdb31b90d6e3046463082d3eaed3556115084c9111b6d9b0195ea7856aa83259a37bc6e512b762203cb1cd337666bc0620272de220e76f1cbb6ead7d1161610a0ac6c41dec1affb8ed57dd67910ba24545a89d230a1f6e8d86d979f497d1beede4918fbd4b61923d89dbd3440685863c4d1bb3d81973ba48a63133d9251e643c4647ad4aac03dc6db40ad92da439a3543df9483df651aea2c0bafb7f351166d75c746afeb330d610891c1c4f01a04668eff5e8ee2481ee358aa7b28f14c50b010e2c511354cbdea3c058f01f2e83f0db5a8a6e8235eb6eb15f2fb3dd9cd62bce66e5e46f50fc14e5710a4d97256ba724ae7a3cdfab2df2c3eaf131fff623a26b2aa6c9bca974bdb61938ac8cae4f0f1ec85788d0054a386772e38740d7bf1d0acd9d2f140d71e3353d2d97e0eb153685fef685bf06bee0c10e6df49a757018a29bd745a9680775219cb5248367e4c4990e25735948c94039f76c86168a687660ef7d8e2684ea650472198637c944ad226737dd2abf3c71d4f01eb482f80e5e62a16491a4ce110e51a7b5b6dcb2f788d2a929dc3a55b97f9bbf9bac9232a4193f359dde048c46ca16c654c712b8152779b3c495733801bcdd12b5b4b87380fc71cc9442c549dc7b40d351ea690b4b92ec510f23cd232a528b4ca474f3915df278f1574d6dda0e38c52b67cdce8724a920a026569ac8229f73580908e54111b638f93a94c632667d36381fdb6cc7fa6c97c60fb719e5aab698f0a553f47726ecd81207b4c9545f3f3c719ef6c0e847b97b8d0767d66306210ff653ecc97032eaf2504b85d2562bbb94160799046cda1b8877706ecbc100eb4a1de99b727a863c825c19b64a3c5d2db34224ab34e9efc99b792c0eafdd5eaa8e5319aee0effb9e40ae3e1cefd2216cae96cd423ae9b4048e89cf56c28c2d3dc9b05522d84e13f193a96d37c85545625ce39cf33d9de4f96ed7d2c0e813eac440f030595ef467030c1b3381e0e4ca4f36a8e5f9cb4e09bd398d707c5c38f4252182173b1f877f87e933fe59cfc10f88169625c2293d34a22062399543cf88a1097026d6f2effdfc05a50b1519dbae43289f64580a85978aa63ed218c958209c07ddfa9ee021c30b6ac427230bd5b45e86f1e0c47278680237527099fab4c3009e5c356c93a7041610616166b8c287eba20a43eb02351767996c9d1b20f058ff969547f79f381f45463f412d08407eb6f472ca7639c17994f4d9d4e9cb9464b4a096c96582e406ea972898400c11b083d7abfb0a8a0616819d4723fd23aec2e26b1c8b57c7ab0256a055df78beca014eca7ee4d88acd12bd0fb91cc68081958f69c969a37da61445d8dc65f945c288ff465a7678129391997a33e86e412d56af4f556d68f1c9ac6c6eae2f153a7d4755ccd748f3ee17104221030038bf79309b37a232b804cd5673e7ce403e118a899f776e37499f180777bfca4a8e4d2b987b55de542cdb9b8209473a719762a5d3717f69c8539a3bc4bf5c79e7e45626384f9b2b76e465c06ad0f39eafde6408ed883bf629f3f3c84024c636c7fc3eeb61fb33bb03393c23eb5050d401535d877d8f37a660b4bf9994b71b55e65b02a30717b799d6beed60ae51a70c9eae4e1ac391363f9d9a5dda9d82679e906ea31242b08a2b88b48abcf108d1d8ccf6435f5a66f862a59fb4a1c68ade20b4ab39bfb54b6cb41a675310f99509197f56f2ddbf58c18e749e9d5d7fafcf04db05c6a46d0752500957580e31e247a850c8306299f5360ca7a852a5de2ae63df4f1a167ab010621fa21320218a3eb9e3ad88e04eb9d8ed4a57055e9c6b55bba9f28520c5eca8fa7b7863df61b1382f35c2b63076acf244bc81f6ad558bb96c7b6ddd066caf5039694e7db19b3ade35ac3b7b555ae4ed5c0fd90219a729b433d23f39deca9f70852dd1ce3e1b445c9d14be1d7dd3e8a9aa8031dcec3ae918f22eccabb7e23856d223550d672950f7b3278e230c7019e19a86e59275562e5b427968953011b51fd6bac313151f0adf3d90559312afde4cace169ae9a2148a756ef3fdf69c4ef0fc406a44c7d3f70cca1f5dccfbb876a9ce272a4428dcb5fe7eedf34aeb67925fef9af40782944806d85744d727873844a34d6a836d6e9fcf296ba5747703550501b1546f43650c8e80c5a6a3bba2b6657ffafa84ee54bf186d0854cb6a23844566e87823266a3f9f81b1b3e4fadafb9524f61fda29df9f85577b51ad58c9b6ba2491b4c9e91731b769b5ecf14b17bc87cc4c8a82feeb6be4a0f3837330f5e0e5f11888f26d781e5a69837b457e278c21553fac6c34fb597410045f991d60488468eec4dea940dcf5dc00ba5f608effa2ef3575df8c9b31e1796326df0879169cb9808cc4199236667453f5fa9240995748176f9ff98186b6e4cbd53444a32631afddf752bed4f2755e76c24185742b76976cf519de5c8b0262a07a506002d02e43a4d617b4d72e6cfb0d8c4155aef8d89f8d3541d21026bfa578c5f7e97a47b2603bf1f5405e776197f661e8d3c16a4d77b741191119efdaaf4560d06370fe13199a525da5e7e9b821ec5f5799297c45c3eb8715809619fe945cc78a8967e24df52e5d67e85bc1d73db843921fe2beecb6cc3a076fb73227e55eb78e58f618c2a9c66dcc85079f4772ebcc11781c936fba9698deec242d6a14f8bbcd51cce20bc91cc5ea62400eec677c3fc2a0883f7cd030fe3fb3f20c63bd82de9ab62b73f339741d50f94049153c3d1adc24b6b7fc6db720ae6e9c3d8993a85793e73c4791ba25344381bdd7508830adad11732db0e9a2ebc6266d7681984b318dcfa8f99898dcbddb9c635bf634db92bb277190e9c6b1fe0d7d27ccd2848196ef427100f6343bce66a3c2ce1a88aac1f722e75f128086c6eb9764e8fcd08bf4688512b2669dd1fc18ed0816b9f9fd026c88da2acc4a43ee8b2a5bd6689625273abf3b796be0c7e319a9c89cf255e933ff11b1ac859b5fb1bad6781afb42d33cba9564f7c0ae1b3b7d6c6c45b2ed8c0273310f5b98bda44b5c11341ffc5fc7a72634fc620a5832c9cf491bb3bf2bd8edb6a84d521701e8e6ffb9f1d55657b919988c5732540e84fae746e5a966299a7429a262b3403fb3f70c4c5524ea18cfb04bd2159cb914e6a98e267ce6971d0efdc5bb636d9cd15681693edb21f764e7c9bb0d5a07869fae818506f353428252aaa20cbf4bd8ce1ebc4a76ce54c5595bba9b244e0e4a7a537607afa38e41368a8c293fdbd8490d93dbb7f82a89a2d65def069a49290ee087d985c099da3763a2dd79dcb09959c392ebda65680a895a745d726f59086e61106b90900000016622668ce9a80418e91609c529c088326b1bd12d6959741cc19d44f2095dd9b2f1b4cc007c0fb26f77ff244c875c46f4f85e6c65e43f2275331001e1440afc31d8af2f404fb14235e5ef484a55631a581be353672e8a9b47455f50cf4b8bd9030e9b4b298b4b43e920389c5aae890d9ec4d128dd1fcb256d06ad807c03dbac97d5d4d128687585574fbdc595b253e70b9fc8dc4f92ad7f36a9a730e3b94db7897394ba7a334cd6d7b79dee3577035700c560ed50cd70a2855ceb7fa58abfe381027437df41ec4a7bf19b01d4a3dd2d11e98e1e6365777d826e41e75d75df7b11e383faf089c7fa02b1cc4dffe3371b7282a5209d22d6593226716e784db16e3f54ed2f84e3f042df105f2dd8bb2f2b3d530d01a90deaae4854a78cad97e7eb00ed3d12f414c86bf4938878ec66f24aba4ee61d41133e66503174081144ae0630f1fabae5400f0b6cc9119b3c4d1a7382570fe9de7bc91d32fdc8f8f212f25560414fe27528db1026a6f71a373766771bd63b45d09e730be1f46bb608c6e43bfb1ac74469ec6b63e3114209a1b023d7fc6f7d0b0624ca7fed9a197d0ea1760302d47d8f749cf4b4711f9096fae58e941f428d3d46c17590d55cb275352b207970ab498a9fc380c0e23943e7bbfaafa9fc50b2b019f4ee955f52ab2938518a643a20e753d9d6c3144ed8ffbb2638a7d6dff9ad3f085a815e99b1334144e33679add52d473d4c7eaf1740e2bbd5469286b78b1f8853d2e24abd329666cd8c496051b7df363184d633abdc206f84d8119ab15ecc43bd4d3dc75c7c7d0e49764139be5d1c6ffa01ac8829e32d5e6d795f2760b55f6d2a4e487d6c8d24a4fd84f5ebd9b4cd8cd3868fe20658f79e22c29b34c07c127d4bde9cf7d1c3fbf92395012968c0923bc1e040d283d128a84d651de93459773d28990ee096f313334dacac65b09b8ecd5ab776f065ccd253c261bbce2ef637e4be0f384bf9d0705fe276be81a2aa8db6b882055ec11df91d13be28bf3e51c4269a6af8edc79fc9cffb97a7477fd121eb188f7a35e50d1830db8c388604030d26e67745f9cdf609d36463f0214a74b4277245215916379f78c8584a474f1eb28e14bdfef3fc02c09846952a23993bc2eeda301d6e4c58346b0a9ab96b59dfd6429bb90258a1fdc38de55443237e3559cccd7547307918ba6cf18091b3bc538da982c05adebeab41a59c2ee78e8c5dd4d4411a91179dcbaafd602ca0333ee6c6668abe24c836bdd5a5261aadac11fd8f1682044a819b6a3cd85015efcb685eede35ef046a11407e939fcfb7b4edb3f046c7d27947ba9a89e4f7068103ebcb0855d4923c4b9ee3ec5d476c4b72c1f6ed8ad1d991f6ef2f0eaa78758fdca67ede06e552b9df7532cc3f1d407fa23d9f5962e0305cedbff19a96b801f6f93a6fcec281fd30f57cffe8a26e2419f4b6a819281b3eb3bc7195e8cf4b8f3080f73c7b1fae8e7e606b5c8bcc493f8c1cae298995241957ee13d4fea8c92e63f16744bebdce3b8c57cb0f7716ccc950ef38c3133a0296ecd512191b8e9b68d3b232d2b7462174ed3d0f1bc6a0f5027fa4f88e99abaf6017f722f916726ec3eb59f19abd628b733654e4a24227889a99d01fb1e1cf7fb60f1d0a4671d5a7d47b56efaee313c53bfcb970e0878865e914f9e1884bee7f4fb787084315656b34c22dbf42aac3ebac5a500f8ce5d9bc47653f9e37a4d58e3c905db02e5ccf89701f9879831ec147baa80f122eeea1e3c9872669b0a29a24ea60e21d87bd51156f1e13e7d5132cec711f665df124cf7182c75103f35ba36ef96d36524a2525c88ae1fbe4192664080fc2735a789ae7f7b7774aaa9f18e6a8cfe46b714aed5d082ccb8001ca6bf33bd3a833681071fe6143a2daef7a637046c5dfeaa89d9285cf9052b02f699681a276f688b473b751d4da6be75a7d142e6b74897ea18812532579a7f495e4b77af68f5057b74e039adbc16624ecaec8aa058c491a1968e9f3d133304e6e1c150b8b10db993ce67e502bec06b239454ab0eb19af034afb8756a06e0550be1a63e31a85fda372bc5d6f2759adabf29d90eed494bed32cca3cbcdb874a982e0a9e0d81708814c88d88ae30344ae1b7527486e18c63c1c5b6fc74a241c63eab588ed78a295471229b1b5c20cc230bc6d81cdbff66b8d901e6d61cd5f385b31d0b492f36ab440b193fa86c9114fca2f2d1a4f73d9a05b1a26822135c86941ec989a6fd3962af599d3e8a0b9d87cf08205a2d4c2498c1682402a629ff583cdd4abd3ce46e76bb5cea903f01a9e88408584991b2bf5633671d9c4303e1045a6224d59dc3bdead4f4db2c555c92b296551d1f79db944d7e632bb6f6ccc93fb3cd69ab6b97e592e41529917fb5bc21226912815717a277e5edb3577519b8fe9f3885f08c6b24d957be1e119b7d592012fedf58c51344317c209d882fcc3212b39f45b0001b620ae8a3756ff1c5567557694a10da1ec3918d935a3a632f82ab8a3a909b663ac2de45d4a24c3e625eb73ba7c6f6460e2742b05cb438008691e2fae34e709b078759b7c766e7c093633b3224ebc2e1d76bc708f439760f31ddb1ac76251093ecb2e6a917e0910a06dde3acfdce6c24cae79944cce15a8fa07abc9ab6de33861abd43ff1e5948d217acc7aa3fd1a561abdddbad0ea60fb5088c8be468227fae9ac182c98de0b8833aba584f05023cbc4593a155463fc98a5e895d3297208913b4af3c81e7749db4580f6b19a247cc1cb15dc57d8cb2bc164f450fd252d2a903fa8e99ff99616ba949f323e6f9b69a1ff7e0ae57f9473164c1f60014a8e296d3bca29488346ea0220b8d9937a04d0e5a06a8ac25020c5e63c3f887c3c586601b652f9e2bc97ad88a8f1b895ec380da4b525472e290cf29a3ded06308fac229da619325e5221912a828e03e8ded81df5f709b452ce392a3a39c1aadd4612f8acf6247f4dcd082c1253f65279364c99a97757816a86ecddc05ad48a32158565d44aef33c0a6768fcb7af6c9ec8618efa0e8680761d00052f65a80a327bc74a1ad5975621e6c74e4e7b471c882ed63ac777eb34c6346cf603cbdfc14e76198fa83af5a742fbf385c9d528e6586653f24ed5374d70a4a5ea1ac7b4b04b49635f84b18a281921671df2bdc037ca182b9b645bc250c2001c36a46e8a4e4e850acf535edde1b4a233269d8ef7738d5532c75c71670921f8b4ea656ceb4a4066a04bb8a540988cc14e938b141fe51bf0d647de78bedd148cde21eff2428ebac2e4b40c466f2bac3100a16ba6fcffe361e752873c1e92104582ab48dedb3b93ddd29d81fac27b84e9a2538468f91172171e710aa992f3d488360be5f1a8ebf06223ff30d55953beea4abb0b3f6364834be74e9c6b6cf1a498bea069834892678217d12a0196df373e84e7c5c3c8e33d5666892bf2405f5f16203d5d8058f9c9ff54e7cdb429d2dddd14fd0009a9c36e4c4585b373228eec0fdc4d156950e4810f44867968937b4c8efeeebc32737b5a8a1a09c0308e65d528c877d3fa494b1c323baa49fe1c451a4fe1d4badf29e39d5387478b99f17f37fbe2fcb0fb1855a62476bcda1121a38a086c529fbe7b5764e2ae6c686a02051619740baada5a2fb76dc37f4ad80757dcaded49cb38e56674b4797ed403261d83a57832062c9dfc138c447d2543dfb21b44b423ce536b7472342ae0f788a36ea087f500b6476181d5379d7e8d70d8311e9e020f95750d314ab4e2fd4b8229cb354eba745eea10c66c7d0d1128fdfe91d6c7b1d0489264861f5404f6319a9ddc0b1bd0288b62dd76b79f86f0588e3a353b3098e1629de6808c2dc8ee7e432d3f7a4cabf102ad524ce4c6a3a2c962675e985378d904c4d6efade29e3f95ffe80a984d932e53643da5f622d535de5887b04c9c7616f31a16d279f26c02213532e3798645e4a09aa0785ab6e330818140347a2a80abd1d8e271bbf916c492125e914830f28619536ec7a1c842331ef2921b267e3666c96a122447e30928db0d29c958f9e492b8568734eb7f84ccddb1e5dbc0b6cc16c1fda02a524654a0ef8d4d01aad02f1a8fba9dacdb1380e38637203030ef1a8115d62c7c72ac7f7bf74b4decbefdc0f101d804c7f42e68ee44bbaed6fc36f0251b5ae9f42853d0954e46900fd75972f9af23cdf864f2f285f0f31521c5ad6e549084734f8dd510919aeb820ebd723b7ed30a89d6e2af2df8c4d796eb29c508b7306512d698cc153f0d35540bf757f3e25d4c573e71c4b4c8402bde20481d3459f11b477bfc5dab01281fb8e6c76cdad4974c14e0d2cdd93ab64b0810c18e8346ee495d0fc49f3b97a3a40f2d445777951521bd638000808f2c258daa20461eaeb98ccfc952bcd10364ac586843eef5096113b62e57828e5326f752431839cd9e71e13a248873c61065cf311cd6a3b37c12d952474fc8022fb11031d8091622ced80b12018f8a80e84d883c3749a5fac55c6f05e4ea352bc954fea3299aab478c2ae73e787c6dad3df26bd9317c7569f752b956fd806dd1f6d82df9ac538b7c404d1b97402c8ed3e90e9462b6a8bbae259cf20648872b549e01721da0adc082d0f4e03cd38ac5ad787beea3cc3ae43966a1402c7e54a5dd3d3d0cc62ad3a8283b74c2d3779375bae563de07ea3b1945c0bbce91fe1a824e04906255f4165f4e3d727ecca00e9abc587de38b825c6c7f86f4409642d6684205f90a03a880bd317c5aec106a461f3f158f152f26f7b4747213f631c5eb27f2b05ceb5da505ba05e82478e53021c484b08859dbccca5e1e6e38115995db6ba34891a604ab46574f8455f44a0e40658d944110a27908fc9d3b2147d2b3cad2bd9edae0a463b5800cc32f6f944cc7f35e06d67dc7fb227e3dffe2b11c29f8003a8aefd7469ae7488b2af5f3e4a843d40ec183262fa37d82a50cfbebc77253ac7259212fc492a6c33cc4fbc86e78f506a74be94e5edb9e6eb283a9f8a83101f3b3f13429c4a0032a0954c18b3455d2243a2c84ce1c9e8345a2d75f42ba376985fbabd979ffcd97aa6ed6452f1e1fd42a13e8f01271136652de2148fb54af4f3b93813014cfb5476423b0ec06172e0eeba8503a4e16faff749f8fc9b12a822ffae780416d3678432c0d658d5a712d2397291acf14d12412df8e9c353858b7fefbfe3bfb90699c5a4ea50cb895211e35170247eca1d44803beed64a61357cb0fc1f5babacfbac2c027ab56c7f010246f9bd5214b3349e751ab8a6dd7e69eebcf564684fe29c1e035f01caee11cd6a49dbe11a05920f41d3d9ac59d03483a33714603c0d1b5fe38ba9f517d170ded57fcd394bfe25e660e38a089993301ad58ae20cffb4a8d78f987e5fadc6be770249eae31a65c0d5b40156c225c0e1889b5c3a41b13597d7b6f290086f0f2f682e7c63c6f0a3f3b2fa88846cf0ac84b78a54a29c8155a0db21ed3e823d20284cedf75fdb40f6fd3e1099981cbc5f119846bd4ec29e55d0178e9a227b013519c28bdf8e9e04b5e4957719188ecc9331f598bb0719cb97c2408e884601c011b01d86652ba537c1f8713c608dad4994d4ed7f786771cfc51f0495406353b4850b77e9dea4fd684cfeaf6b2763499be4df9b6fb4c624b320da8d84ea25793aee5bd16bfaf5406cfded9f58c3f535f54c03bb1b20f4106a2465dcc3a758c1f1a924e567b99feda45d0742f073558db72c4eac0b729ba726fa086c21b8f4464b908c84e744c0c27a67911889b77c5e5dd8e87106825d939207da3a74289a197174ff2c1cd89d1659f398821f8f2cf0c81dbba69d6933896913904ced56cc50acbd337c36dacf175b264b9e9518d856ccccaaab6d0d329eee8383474e434a2d68c51256f57900e18adb4799ffc2f45fe0f550cd49242f494b9c45e16ef1c005e31f8523f2eb6c4598ccbed376f3a638264fc6fb128a2e63c8490ee3c5b2b2c8ac19f647de6e22ec7574a67ea49c9a5c404fa7b39ad98d2d017f2056239df839a2719be27d993767c1b46decdea2e31f4c8e73d7514bbae8f026048754fdae46017eae25ae6ca1288f3441aa6d0f962f1c62eea19663c8fb895148b36ef2ee1afa363d50f3053ffdcbda2e96e13c619b13b9fa6b31dca929126cf3bf1be8c9374c6fa652bae273679924172c1e4dd4e3f9a5f892532138d91375438c1dc98434d238ec81166aa28f878ef9f130676f55e3ecc808f718e7cedbf40dcb270368762d8", 0x2000, 0x0) prctl$PR_SET_MM(0x23, 0x8, &(0x7f0000001000/0x4000)=nil) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0) socket$l2tp(0x2, 0x2, 0x73) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYBLOB], 0x48) syz_mount_image$udf(&(0x7f0000000080), &(0x7f0000000500)='./bus\x00', 0x18418, &(0x7f0000000040)=ANY=[@ANYRES8=0x0, @ANYRES32=0x0], 0xfe, 0x4b1, &(0x7f0000001d00)="$eJzs201sVNUbx/HfM3c6TIf+/5YXCxgCTTSxgkBfsEBqYnix0YQXLVQj8SWVTrHSdkinKCUgLNWdC5Yu3bpwZdwaEpfGhcEYFibIxs2sxB3m3LlvM5TOjG1nKP1+CJx7zzx3OOc8c+ecM5kRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACQjrx6uLfPWt0KAADQTCdPj/QOMP8DALCmnGH/DwAAsJaYPP0u054LJTvhn5dlj0/OXLo8emx44cvaTaaUPD/e/c329Q/sf2nwwMGwXPz65bZNp06fOdx9tDB9cTZfLObHu0dnJs8VxvN1P8NSr6+2yx+A7ukLl8YnJord/XsHKh6+3Hlv3fquzqHB945mwtjRY8PDpxMx6bb//L8/5FEr/Iw8vSDTx99/ayclpbT0sajx2llp7X4ndvmdGD027HdkanJsZs49aKkgKlU5JplwjJqQiyVJSa5dllmePVubPP0g05F9JTslyQvHYbf/wXBd7WmFtNu6SurRKsjZY2ydPH0g0619nXojGFc//xnpaqsbhxWXDu7/gpXsTf/9wN1P7m3z+Fvdr89MFBKxlgruqNU+PzTTY/7elJWnU/4dX7IR7Wx1c9Bk7fI0LVPmq0/8dYX8delTQwd27DyUXGFsqfE8LnZvcHPVMye3BUsHS7k/y98v1Cdrnv6U6f5vWf+8J5wDpBsPFrvwj6Y0DyvNPE3J9M+1klnVvtRL7O8jq33uX9n2t2ePFi7Oz06e/2huwcdz2cMfFudmx84t/HB57+ola2rtY6ulGtuS5ay84/v801J0XbAH+F/5LG7NN1fj10JPVRlKvn7qOa57F9vAOsq1yczTXZkm3t9anmeUa3hs1gKX/2GZiqWfLcx0kP90+SyR/5fj8ctaZRnxc/v/8uda4Vpi29nNj6pfify7Nrn8vyPTkb+3Bp9plPPvVcW6uC6Z3r25PYhLZVxcOuxO+RknJqfyvS72gUwbfwpj5cfmgthNcWyfiy3K9MWtytj1QezmOLbfxd6W6c6vC8c+HccOuNh5l6873WFszsXuCGK74ti95wpT47WG1eW/X6a3r79mYZ8fmf/E/X+jqow8lPPFj5cr/52JuhtBXs8G+U/XyP+XMs3/tT3stz/24ctqg/9vnH+3Vv7uZmVsuKHcGMf21dutVnP53yDTvVduR30O+hacxhlK5v+ZdGUZjWuL8r8hUdcZtCvT4FisRcX5KxfGpqbysxxwwAEH0UGr35nQDG7+H3Gz+qBn4TommP87ymfxiun+Z/H8P1RVRlo0/29M1A0Fq5a2tJSdm77YtkXKFuev7JmcHjufP5+fGdg/2Nt/aH/vwMG2TLi4i4/qHrsngcv/bpmu/fhLtI+pXP8tvP7PVZWRFuV/U7JPFeuauodiTXL575Bp8O7taL+52Po/3P/3PFtZRvdfi/K/OVHXGbSro8GxAAAAAAAAAAAAAAAAAIDVJGeenpPp8siLFv6GqJ7v/41XlZHl//5X+YfJNb7/1ZWoG2/S7xoaGmgAAAAAAAAAAIAmScnT1zI9r5JddxUd0olkiSfavwEAAP//G6xIAA==") getpeername$packet(0xffffffffffffffff, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000340)=0x14) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, r2, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_TEST(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="640000000906010800000000000000000600000505000100070000003c0007801800148014000240fc0000000000000000000000000000011800018014000240ff01000000000000000000000000000105000300070000000900020073797a31"], 0x64}}, 0x4800) 6.123802401s ago: executing program 0 (id=372): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x81c0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0) mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1/file2\x00', 0x81c0, 0x0) r4 = landlock_create_ruleset(&(0x7f0000000140)={0x615d}, 0x18, 0x0) landlock_restrict_self(r4, 0x0) renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./file1/file2\x00', 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x2) 5.306412906s ago: executing program 1 (id=373): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = socket$inet_udp(0x2, 0x2, 0x0) close(r5) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff) r8 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000480)={'wlan1\x00', 0x0}) r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r10, @ANYBLOB="010000000000000000003700000008000300", @ANYRES32=r9, @ANYBLOB="08002600901500000800570080"], 0x2c}}, 0x80) ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r6, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000000)=ANY=[@ANYBLOB="98030000", @ANYRES16=r7, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r11, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c090000560333"], 0x398}}, 0x0) write$binfmt_misc(r4, &(0x7f0000000000), 0xfffffecc) splice(r3, 0x0, r5, 0x0, 0x4ffe6, 0x0) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) 5.219249367s ago: executing program 2 (id=374): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x81c0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0) mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1/file2\x00', 0x81c0, 0x0) r4 = landlock_create_ruleset(&(0x7f0000000140)={0x615d}, 0x18, 0x0) landlock_restrict_self(r4, 0x0) renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./file1/file2\x00', 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x2) 4.136483177s ago: executing program 0 (id=375): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = socket$inet_udp(0x2, 0x2, 0x0) close(r5) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff) r8 = socket$nl_route(0x10, 0x3, 0x0) r9 = socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r9, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r10, @ANYBLOB="010000000000000000003700000008000300", @ANYRES32, @ANYBLOB="08002600901500000800570080"], 0x2c}}, 0x80) ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r6, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000000)=ANY=[@ANYBLOB="98030000", @ANYRES16=r7, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r11, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c090000560333"], 0x398}}, 0x0) write$binfmt_misc(r4, &(0x7f0000000000), 0xfffffecc) splice(r3, 0x0, r5, 0x0, 0x4ffe6, 0x0) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) 4.135321876s ago: executing program 2 (id=376): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = bpf$MAP_CREATE(0x0, 0x0, 0x50) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000140)={'veth1_to_hsr\x00', &(0x7f00000000c0)=@ethtool_link_settings={0x4d, 0x4, 0xe, 0x4b, 0x6b, 0x5, 0x4d, 0x7, 0x4, 0x2, [0x2, 0x8, 0x7, 0xd45b, 0x5, 0x8001, 0x40], [0x4, 0x87, 0x3, 0x9, 0x7, 0x80f]}}) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r0}, &(0x7f0000000080), &(0x7f0000000240)}, 0x20) ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000040)={@private1, 0x60}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r3, 0x0, 0xd}, 0x18) socket$nl_generic(0x10, 0x3, 0x10) openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0) syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff) sendmsg$DEVLINK_CMD_GET(r2, &(0x7f00000003c0)={0x0, 0x0, 0x0}, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x20042, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x0) syz_genetlink_get_family_id$devlink(&(0x7f0000000080), 0xffffffffffffffff) 4.003710528s ago: executing program 1 (id=377): sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x4000000) socketpair$unix(0x1, 0x3, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) removexattr(0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) pipe2$watch_queue(0x0, 0x80) dup(r0) set_mempolicy(0x2, &(0x7f0000000080)=0x51e1, 0x3ff) r1 = getpid() prlimit64(r1, 0x4, 0x0, &(0x7f0000000040)) r2 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x401c2, 0x0) ftruncate(r2, 0x8800000) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r4, 0x0, 0x0, 0x700, 0x0) sendfile(r3, r2, 0x0, 0x578410eb) socket$kcm(0x29, 0x5, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) 3.542341567s ago: executing program 3 (id=378): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000500)='sys_exit\x00'}, 0x10) openat$vimc0(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/key-users\x00', 0x0, 0x0) close(0x3) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r1, 0x84, 0x1, &(0x7f0000000000)={0x0, 0x1f}, 0x14) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) request_key(0x0, 0x0, 0x0, 0x0) r3 = socket$inet(0x2, 0x1, 0x0) setsockopt$sock_int(r3, 0x1, 0x2, 0x0, 0x0) listen(r3, 0x0) futex(0x0, 0xc, 0x1, 0x0, &(0x7f0000048000)=0xf2, 0x0) r4 = syz_open_dev$video4linux(&(0x7f0000000480), 0x5, 0x0) r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) write(r5, &(0x7f0000000000)="2e000300", 0x4) ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r4, 0xc040564a, &(0x7f0000000280)={0x8008, 0x0, 0x2002, 0x2b, 0x7, 0x0, 0x80, 0x1}) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0xffad, &(0x7f00000002c0)=[@in={0x2, 0x4e20, @local}]}, &(0x7f0000000100)=0x10) 1.492176184s ago: executing program 0 (id=379): mq_open(&(0x7f0000000080)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|', 0x42, 0x0, 0x0) socket$key(0xf, 0x3, 0x2) socket$kcm(0x2, 0x1000000000000002, 0x0) socket$xdp(0x2c, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xb, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='mm_page_alloc\x00', r0}, 0x18) socket$nl_route(0x10, 0x3, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) socket$inet_udplite(0x2, 0x2, 0x88) socket$netlink(0x10, 0x3, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f3bbb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68000000000000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465a932b77a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900ff0000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80af740b5b7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48bc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1f001b2cd3170400000085be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890cec55bf404e4e1f74b7eed82571be54c72d978cf906df08f11f1c4042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9f0390a6f01e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5eaff07000000000000b99c9cc0ad1857216f000000009191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a798de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270b939b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf01cfaed9ef0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546bb2e51935ab9067ec3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f626602111b40e761fd21081920382f14d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df902aeec50e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd6d89f80a4377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f000000000100000000d77480e0345effff6413258d1f6eb190aa28cbb4bafe3436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fb03b84f63e022fe755f4007a4a899eaf52c4f491f1e97c862e29e4570600000091c691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104d74dc07748f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c7167d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c2499ce3ffe2fef03f7cdd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426cfce471fef821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ada08f5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba3c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63e4581d5cc41cbde2ba66adc1168070c8c6e18a6a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c514b37c668554d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c3340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a39938613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b909006f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f1400010000ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1b0100448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae05025040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483d02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e918d685a7b099a4f8ed654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732ab916a781b9912160a3fd2a2e74dd690c57bdfdc1f069f949170ef8cb9c13c12138116bca7a8c59363799be7005c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2c74664d60a4b9423f3297bc8eb91b4ee1d73272abbef3e7a828a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece58e752b47e6f677eff7c5c568a89d6e36b165c39132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae1676384ff799783f55d7e5a1a0920300000000000000d98440c355927629f2bcf9dc405a18ca0264400abf38e90000000000000000008faf2cddffbfa69bf32eb718e88ec75603ed7c7a8825ce0f27a114bd7a4ab74d0c7b8d90ccc1c3ca6620def782e24d75aed70eb676437f62677a69e0994cd82d72e95493c830fe9515329f40b7025326dec33a527c5d999298eaa3690fd0d38a02fc6e0bc16dbe19f353027edc014411e1138087221492f5d5e5cc9d0a1acd3f581eda9a807aa0e609f935f626d96351e0ff116686cbeb8939feecd5dac8cf45101942cc7cec21b7f337df5431bcf7e504b7c427f70a10e1cb8993a661306a0576b638a0171e6800b5b35589d676eb30ed1a72e8f7b057eb281c4504195635b6b285ebaba019913a2520e43ed790231f047f7d3789c10ae7d724929f77aec1d33d9587580268ee14396f71e7ef588cb2560d6bd0795a9b97281229eb16de086553469fad7214ffc3e416f8b8e442dce1d37f9b1c88a5d8a8d9f2fe45bd8df213ecb4194c8554aea13cadcd502e51f6fec80418e772b5bd8d0228949058038b185909ee542848680f9ad43f4057d676d5e21ae3d7e0e4a28c04f112a94707f032b35915e42993ff148291b8babe026646ee41905992db217561b90811c4702a14f312fe5d2ae7257db6be1034cc1c346b76a853ce274bf0435e18f7e86c660c18c80f30505dd4cf2ae2a1893b83c62d61bfeadc1f913e4cab2b897e096dd3fe3525090410cb23bab36cdf200a36014032cf6e5121803c5a0c4a273a19f340163fc6265425d513a1294b8439276394945d94a589708e32a1cb30f1fa4b2f08e01dc5e8c6732e6dc59b5c8cb400000000000000592c9b68f09c8f5ddb20b4ae08b4d9df548e5ed6cd47b91a4bea8b6aa52edf64576aef1e43f2958437fdc20fbbd0d4e13d8cce1193b2f9b4f107e25af178d056e1b1e40bd75b013f7484fae0bc447b1ffaf34819fe3ad1a634c94345e26e1e68dec08723a37b05d1594a66a4718a51d4d67fc880c9d640f4eacc509873f1a103c87f69"], &(0x7f0000000100)='GPL\x00'}, 0x41) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r3}, 0x10) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0xe, 0x4, 0x8, 0x1}, 0x50) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r5}, &(0x7f0000000240), &(0x7f00000003c0)=r7}, 0x20) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r6, r2, 0x25, 0x2, @void}, 0x10) syz_emit_ethernet(0x1a, &(0x7f0000000040)={@local, @remote, @val={@void, {0x8100, 0x0, 0x1, 0x4}}, {@llc_tr={0x11, {@snap={0x1, 0xaa, "a7", "bab435", 0x16}}}}}, 0x0) 1.487860683s ago: executing program 1 (id=380): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r1 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r1, &(0x7f0000000200)={0xa, 0x0, 0xfffffffd, @local, 0x1}, 0x1c) r2 = dup(r1) r3 = open(&(0x7f00000000c0)='./file0\x00', 0x16f8c2, 0x0) ftruncate(r3, 0x200004) sendfile(r2, r3, 0x0, 0x80001d00c0d1) 1.462161834s ago: executing program 2 (id=381): r0 = syz_open_dev$vim2m(0x0, 0x800, 0x2) ioctl$VIDIOC_CROPCAP(r0, 0xc02c563a, &(0x7f0000000080)={0x9, {0x4, 0x3, 0xc000, 0x401}, {0x0, 0x2, 0x26, 0x1000}, {0xfffffffa, 0x80}}) r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$int_in(r1, 0x40000000af01, 0x0) r2 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) sendmsg$nl_route_sched(r2, 0x0, 0x20040080) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r3 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000680)=ANY=[@ANYBLOB, @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000000000000000000400000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000500000ac4010000060a0b040000000000000000020000004c000480340001800b000100746172676574000024000280090001004d41524b000000000c00030002b51112d439c5920800024000000002140001800b0001006c6f6f6b75700000040002800900010073797a30000000000900020073797a3200000000f70007404884b24b02a8a7758a688958ed60ecfd057e10926ba77e5596b13e43cd4488e4aa68af5f72"], 0x1ec}}, 0x0) socket$inet_sctp(0x2, 0x5, 0x84) ioperm(0x2, 0x7, 0x13) r5 = openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) preadv(r5, 0x0, 0x0, 0x0, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=@newqdisc={0x34, 0x24, 0xd0f, 0x70bd27, 0x0, {0x60, 0x0, 0x0, 0x0, {}, {0xffe0, 0xa}, {0x1, 0x10}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x55}, 0x4000) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, 0x0) 1.460993234s ago: executing program 3 (id=382): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) socket$nl_xfrm(0x10, 0x3, 0x6) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000000)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) syz_mount_image$fuse(0x0, &(0x7f0000000580)='./file0\x00', 0x0, 0x0, 0x8, 0x0, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000280)={0x0}, &(0x7f0000000300)=0xc) times(0x0) rt_tgsigqueueinfo(r0, r3, 0x11, &(0x7f0000000340)={0x18, 0xfffffff9}) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0xd, 0x0, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)='tmpfs\x00', 0x0, &(0x7f0000000240)='nolazytime') sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000440)=@framed={{}, [@printk={@llx, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xfffffffe}, {0x85, 0x0, 0x0, 0x2d}}]}, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="240000006800019f00000000000000000a000000000000000800010001000000040004"], 0x24}, 0x1, 0x0, 0x0, 0x4}, 0x0) 247.025205ms ago: executing program 1 (id=383): r0 = openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f0000000540), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x42031, 0xffffffffffffffff, 0x0) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x5) r3 = socket$inet6(0xa, 0x2, 0x3a) recvmmsg(r3, &(0x7f0000005640)=[{{0x0, 0x0, 0x0}, 0x6}], 0x1, 0x40010000, 0x0) connect$inet6(r3, &(0x7f0000000180)={0xa, 0x0, 0x6, @mcast2, 0x6}, 0x1c) sendto$inet6(r3, &(0x7f0000000080)="800037bbfa9ba1ce", 0xffd8, 0x0, 0x0, 0x0) syz_open_dev$vim2m(&(0x7f0000000040), 0x4000010001ff, 0x2) sendmmsg$inet(r2, 0x0, 0x0, 0x20008000) setsockopt$inet_tcp_TLS_TX(r2, 0x6, 0x1, &(0x7f0000000080)=@ccm_128={{0x303}, "f1a0f9fff9e440b4", "881aae83544dfa6412f91b9057e3f415", "9dca43b6", "9ecb592c6ee49fbd"}, 0x28) openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) 0s ago: executing program 3 (id=384): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeef, 0x8031, 0xffffffffffffffff, 0x55779000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r4) r5 = socket$inet6_mptcp(0xa, 0x1, 0x106) madvise(&(0x7f0000304000/0x3000)=nil, 0x3000, 0x9) bind$inet6(r4, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c) listen(r5, 0x0) r6 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r6, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) r7 = accept(r4, 0x0, 0x0) sendmsg$TEAM_CMD_OPTIONS_SET(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[], 0xfffffdef}, 0x1, 0x0, 0x0, 0xc000}, 0x10) recvfrom(r6, &(0x7f0000000180)=""/60, 0xfffffffffffffecb, 0x4100, 0x0, 0x0) kernel console output (not intermixed with test programs): no interfaces have a carrier [ 56.236028][ T5453] 8021q: adding VLAN 0 to HW filter on device bond0 [ 56.246502][ T5453] eql: remember to turn off Van-Jacobson compression on your slave devices Starting crond: OK Starting sshd: OK syzkaller Warning: Permanently added '10.128.0.182' (ED25519) to the list of known hosts. syzkaller login: [ 82.279944][ T5775] cgroup: Unknown subsys name 'net' [ 82.416421][ T5775] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 84.128322][ T5775] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 85.801457][ T5790] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 85.819001][ T5790] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 85.826870][ T5796] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 85.835747][ T5790] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 85.836440][ T5796] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 85.851049][ T5790] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 85.853990][ T5796] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 85.866644][ T5796] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 85.874604][ T5796] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 85.882145][ T5796] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 85.885250][ T5800] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 85.898373][ T5796] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 85.898778][ T5800] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 85.911599][ T5796] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 85.919359][ T5800] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 85.920259][ T5800] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 85.927823][ T5796] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 85.934599][ T5800] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 85.944904][ T5796] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 85.955313][ T5796] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 85.964559][ T5796] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 85.972002][ T5798] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 85.982503][ T5798] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 86.003236][ T5798] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 86.501914][ T5785] chnl_net:caif_netlink_parms(): no params data found [ 86.590114][ T5795] chnl_net:caif_netlink_parms(): no params data found [ 86.700647][ T5784] chnl_net:caif_netlink_parms(): no params data found [ 86.716395][ T5785] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.725235][ T5785] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.733437][ T5785] bridge_slave_0: entered allmulticast mode [ 86.740806][ T5785] bridge_slave_0: entered promiscuous mode [ 86.749604][ T5791] chnl_net:caif_netlink_parms(): no params data found [ 86.789937][ T5785] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.797084][ T5785] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.804558][ T5785] bridge_slave_1: entered allmulticast mode [ 86.812241][ T5785] bridge_slave_1: entered promiscuous mode [ 86.881310][ T5795] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.888894][ T5795] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.896100][ T5795] bridge_slave_0: entered allmulticast mode [ 86.904027][ T5795] bridge_slave_0: entered promiscuous mode [ 86.943235][ T5795] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.950727][ T5795] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.959249][ T5795] bridge_slave_1: entered allmulticast mode [ 86.966255][ T5795] bridge_slave_1: entered promiscuous mode [ 86.976080][ T5785] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.989018][ T5785] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.067227][ T5795] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.114656][ T5791] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.126767][ T5791] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.135576][ T5791] bridge_slave_0: entered allmulticast mode [ 87.148552][ T5791] bridge_slave_0: entered promiscuous mode [ 87.164010][ T5795] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.203877][ T5785] team0: Port device team_slave_0 added [ 87.212988][ T5785] team0: Port device team_slave_1 added [ 87.244465][ T5791] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.252432][ T5791] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.266601][ T5791] bridge_slave_1: entered allmulticast mode [ 87.274678][ T5791] bridge_slave_1: entered promiscuous mode [ 87.346813][ T5784] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.354811][ T5784] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.367658][ T5784] bridge_slave_0: entered allmulticast mode [ 87.375597][ T5784] bridge_slave_0: entered promiscuous mode [ 87.405982][ T5795] team0: Port device team_slave_0 added [ 87.450076][ T5784] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.457257][ T5784] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.465018][ T5784] bridge_slave_1: entered allmulticast mode [ 87.472787][ T5784] bridge_slave_1: entered promiscuous mode [ 87.511920][ T5795] team0: Port device team_slave_1 added [ 87.535410][ T5785] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.543492][ T5785] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.577007][ T5785] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.624980][ T5791] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.662699][ T5785] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.670202][ T5785] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.696477][ T5785] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.710707][ T5784] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.722579][ T5791] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.743934][ T5795] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.751170][ T5795] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.777236][ T5795] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.798638][ T5784] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.825540][ T5795] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.832705][ T5795] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.859582][ T5795] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.896263][ T5791] team0: Port device team_slave_0 added [ 87.905700][ T5791] team0: Port device team_slave_1 added [ 87.975861][ T5784] team0: Port device team_slave_0 added [ 87.994534][ T5798] Bluetooth: hci0: command tx timeout [ 88.004118][ T5785] hsr_slave_0: entered promiscuous mode [ 88.011211][ T5785] hsr_slave_1: entered promiscuous mode [ 88.046871][ T5784] team0: Port device team_slave_1 added [ 88.053548][ T5791] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.058853][ T5798] Bluetooth: hci2: command tx timeout [ 88.060901][ T5794] Bluetooth: hci3: command tx timeout [ 88.071310][ T5791] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.071700][ T50] Bluetooth: hci1: command tx timeout [ 88.103698][ T5791] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.149708][ T5791] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.156692][ T5791] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.183329][ T5791] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.217459][ T5795] hsr_slave_0: entered promiscuous mode [ 88.224579][ T5795] hsr_slave_1: entered promiscuous mode [ 88.231271][ T5795] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 88.239351][ T5795] Cannot create hsr debugfs directory [ 88.282056][ T5784] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.289722][ T5784] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.316690][ T5784] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.329692][ T5784] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.336680][ T5784] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.362727][ T5784] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.461565][ T5791] hsr_slave_0: entered promiscuous mode [ 88.468430][ T5791] hsr_slave_1: entered promiscuous mode [ 88.475182][ T5791] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 88.484516][ T5791] Cannot create hsr debugfs directory [ 88.576307][ T5784] hsr_slave_0: entered promiscuous mode [ 88.583567][ T5784] hsr_slave_1: entered promiscuous mode [ 88.589930][ T5784] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 88.597505][ T5784] Cannot create hsr debugfs directory [ 88.907135][ T5785] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 88.928130][ T5785] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 88.938529][ T5785] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 88.959564][ T5785] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 89.018213][ T5795] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 89.031100][ T5795] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 89.043547][ T5795] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 89.066667][ T5795] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 89.156859][ T5791] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 89.184788][ T5791] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 89.208192][ T5791] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 89.223716][ T5791] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 89.306724][ T5784] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 89.334017][ T5784] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 89.346106][ T5784] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 89.369445][ T5784] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 89.402781][ T5785] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.459819][ T5785] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.485613][ T5795] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.505428][ T2900] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.512983][ T2900] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.546731][ T2900] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.554165][ T2900] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.644309][ T5795] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.680016][ T2900] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.687201][ T2900] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.719556][ T5784] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.764736][ T3495] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.772048][ T3495] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.846961][ T5784] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.872946][ T5791] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.902725][ T2900] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.910162][ T2900] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.957122][ T2900] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.964399][ T2900] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.994658][ T5791] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.046751][ T3495] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.054095][ T3495] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.062764][ T50] Bluetooth: hci0: command tx timeout [ 90.105304][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.113165][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.138278][ T50] Bluetooth: hci1: command tx timeout [ 90.139308][ T5794] Bluetooth: hci3: command tx timeout [ 90.143813][ T50] Bluetooth: hci2: command tx timeout [ 90.200223][ T5785] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.216026][ T5784] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 90.421334][ T5785] veth0_vlan: entered promiscuous mode [ 90.446761][ T5795] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.456369][ T5785] veth1_vlan: entered promiscuous mode [ 90.562632][ T5785] veth0_macvtap: entered promiscuous mode [ 90.604696][ T5785] veth1_macvtap: entered promiscuous mode [ 90.680725][ T5795] veth0_vlan: entered promiscuous mode [ 90.699627][ T5785] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.732732][ T5795] veth1_vlan: entered promiscuous mode [ 90.744018][ T5791] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.756647][ T5785] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 90.816034][ T5784] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.824919][ T5785] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.834600][ T5785] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.845051][ T5785] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.853973][ T5785] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.915410][ T5791] veth0_vlan: entered promiscuous mode [ 90.930788][ T5791] veth1_vlan: entered promiscuous mode [ 90.977081][ T5795] veth0_macvtap: entered promiscuous mode [ 91.019426][ T5795] veth1_macvtap: entered promiscuous mode [ 91.048446][ T5784] veth0_vlan: entered promiscuous mode [ 91.077337][ T5795] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.088629][ T5795] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.102883][ T5795] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.131652][ T5784] veth1_vlan: entered promiscuous mode [ 91.142105][ T5795] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.152924][ T5795] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.165458][ T5795] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.198317][ T5795] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.207070][ T5795] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.216277][ T5795] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.226239][ T5795] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.243153][ T2871] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.243885][ T5791] veth0_macvtap: entered promiscuous mode [ 91.261760][ T2871] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.288806][ T5791] veth1_macvtap: entered promiscuous mode [ 91.346870][ T34] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.357241][ T34] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.375734][ T5791] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.387506][ T5791] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.398544][ T5791] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.412955][ T5791] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.425322][ T5791] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.444148][ T5784] veth0_macvtap: entered promiscuous mode [ 91.454895][ T5784] veth1_macvtap: entered promiscuous mode [ 91.486708][ T5791] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.504561][ T5791] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.514885][ T5791] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.527620][ T5791] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.540112][ T5791] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.554698][ T5791] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.563799][ T5791] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.572878][ T5791] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.584111][ T5791] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.637998][ T2891] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.645881][ T2891] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.652385][ T5784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.666161][ T5784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.682616][ T5784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.694450][ T5784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.714172][ T5784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.747677][ T5784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.763886][ T5784] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.975834][ T5784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 92.001330][ T5784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.011293][ T5784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 92.022313][ T5784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.033106][ T5784] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 92.044219][ T5784] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.060850][ T5784] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 92.073395][ T5784] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.082544][ T5784] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.091802][ T5784] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.100606][ T5784] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.147790][ T50] Bluetooth: hci0: command tx timeout [ 92.184776][ T34] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.217890][ T50] Bluetooth: hci3: command tx timeout [ 92.218499][ T5798] Bluetooth: hci1: command tx timeout [ 92.223371][ T50] Bluetooth: hci2: command tx timeout [ 92.237910][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 92.246615][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 92.255203][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 92.263794][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 92.272347][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 92.280879][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 92.293898][ T786] cfg80211: failed to load regulatory.db [ 92.296425][ T34] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.383090][ T3495] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.417496][ T3495] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.563721][ T3495] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.817692][ T3495] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.840865][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 92.894102][ T2900] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.961440][ T2900] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.073424][ T2871] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.119020][ T2871] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.473889][ T5883] Zero length message leads to an empty skb [ 94.257745][ T50] Bluetooth: hci0: command tx timeout [ 94.298425][ T50] Bluetooth: hci1: command tx timeout [ 94.303932][ T50] Bluetooth: hci3: command tx timeout [ 94.309684][ T5798] Bluetooth: hci2: command tx timeout [ 96.695645][ T5909] syz.1.9[5909]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 96.711576][ T5909] loop1: detected capacity change from 0 to 512 [ 96.721650][ T5909] ext4: Unknown parameter 'func' [ 96.918690][ T5912] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 97.055152][ T5915] warning: `syz.1.9' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 97.828693][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 100.128656][ T5924] loop1: detected capacity change from 0 to 64 [ 100.908014][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 100.917172][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 103.601899][ T5952] loop1: detected capacity change from 0 to 256 [ 103.613851][ T5952] ======================================================= [ 103.613851][ T5952] WARNING: The mand mount option has been deprecated and [ 103.613851][ T5952] and is ignored by this kernel. Remove the mand [ 103.613851][ T5952] option from the mount to silence this warning. [ 103.613851][ T5952] ======================================================= [ 103.672476][ T5952] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 103.711496][ T5952] exFAT-fs (loop1): Medium has reported failures. Some data may be lost. [ 103.814141][ T5952] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 103.966703][ T5960] ubi31: attaching mtd0 [ 103.992206][ T5960] ubi31: scanning is finished [ 103.997006][ T5960] ubi31: empty MTD device detected [ 105.110356][ T5960] ubi31 error: ubi_attach_mtd_dev: cannot spawn "ubi_bgt31d", error -4 [ 105.806989][ T5976] loop1: detected capacity change from 0 to 64 [ 106.529543][ T5969] No buffer was provided with the request [ 113.360050][ T6020] loop0: detected capacity change from 0 to 512 [ 113.441168][ T6020] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 113.468088][ T6020] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 114.650566][ T6037] Can't find a SQUASHFS superblock on nullb0 [ 116.008549][ T6020] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a00ee018, mo2=0002] [ 116.111708][ T6020] System zones: 1-12 [ 116.203618][ T6020] EXT4-fs: error -4 creating inode table initialization thread [ 116.220631][ T6020] EXT4-fs (loop0): mount failed [ 116.306325][ T6027] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT [ 117.760579][ T6047] sched: RT throttling activated [ 118.700907][ T6060] netlink: 12 bytes leftover after parsing attributes in process `syz.1.40'. [ 121.674726][ T6075] loop3: detected capacity change from 0 to 40427 [ 122.428698][ T6075] F2FS-fs (loop3): invalid crc value [ 122.468051][ T6075] F2FS-fs (loop3): Found nat_bits in checkpoint [ 122.525290][ T6075] F2FS-fs (loop3): Start checkpoint disabled! [ 122.544098][ T6075] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 125.062247][ T2871] kworker/u4:5: attempt to access beyond end of device [ 125.062247][ T2871] loop3: rw=2049, sector=40960, nr_sectors = 24 limit=40427 [ 125.083089][ T6098] loop1: detected capacity change from 0 to 1024 [ 125.119199][ T2871] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 125.138894][ T2871] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 125.145935][ T2871] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 125.369004][ T6103] (null): rxe_set_mtu: Set mtu to 1024 [ 125.402602][ T6098] EXT4-fs (loop1): Test dummy encryption mode enabled [ 125.423791][ T6098] EXT4-fs (loop1): stripe (9) is not aligned with cluster size (16), stripe is disabled [ 125.629241][ T6098] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 126.274546][ T6103] infiniband syz1: set active [ 126.380883][ T6113] xt_bpf: check failed: parse error [ 127.002442][ T6103] infiniband syz1: added syz_tun [ 127.142933][ T5785] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 127.596619][ T6115] loop3: detected capacity change from 0 to 4096 [ 128.350265][ T6129] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 128.487937][ T6103] RDS/IB: syz1: added [ 128.548580][ T6103] smc: adding ib device syz1 with port count 1 [ 128.587425][ T6103] smc: ib device syz1 port 1 has pnetid [ 129.992315][ T6140] capability: warning: `syz.3.48' uses deprecated v2 capabilities in a way that may be insecure [ 130.649998][ T6145] loop1: detected capacity change from 0 to 512 [ 130.677272][ T6145] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 131.526032][ T6145] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 131.583270][ T6145] ext4 filesystem being mounted at /19/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 133.302169][ T1285] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.318405][ T1285] ieee802154 phy1 wpan1: encryption failed: -22 [ 134.693867][ T6165] netlink: 4 bytes leftover after parsing attributes in process `syz.0.61'. [ 134.720269][ T5785] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 135.094184][ T6169] loop1: detected capacity change from 0 to 32768 [ 135.101780][ T6169] XFS: ikeep mount option is deprecated. [ 135.236797][ T6169] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 135.327306][ T6169] XFS (loop1): Ending clean mount [ 135.347318][ T6169] XFS (loop1): Quotacheck needed: Please wait. [ 135.493060][ T6169] XFS (loop1): Quotacheck: Done. [ 137.750319][ T5785] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 139.079941][ T23] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 140.011403][ T23] usb 1-1: Using ep0 maxpacket: 8 [ 140.164170][ T23] usb 1-1: config 150 has an invalid interface number: 204 but max is 1 [ 140.527855][ T23] usb 1-1: config 150 has an invalid descriptor of length 0, skipping remainder of the config [ 140.567295][ T23] usb 1-1: config 150 has 1 interface, different from the descriptor's value: 2 [ 140.616880][ T23] usb 1-1: config 150 has no interface number 0 [ 140.627705][ T23] usb 1-1: config 150 interface 204 has no altsetting 0 [ 140.639321][ T23] usb 1-1: New USB device found, idVendor=04e2, idProduct=1424, bcdDevice=c7.eb [ 140.657898][ T23] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 140.676164][ T6200] loop2: detected capacity change from 0 to 2048 [ 140.691826][ T23] usb 1-1: Product: syz [ 140.696073][ T23] usb 1-1: Manufacturer: syz [ 140.735676][ T23] usb 1-1: SerialNumber: syz [ 141.408956][ T6205] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 141.438306][ T23] usb 1-1: USB disconnect, device number 2 [ 143.693982][ T6220] dummy0: entered promiscuous mode [ 143.738156][ T6220] vlan2: entered promiscuous mode [ 148.434175][ T6251] loop0: detected capacity change from 0 to 512 [ 148.441712][ T6251] EXT4-fs: Ignoring removed bh option [ 148.447665][ T6251] EXT4-fs: user quota file already specified [ 148.558001][ T6252] lo speed is unknown, defaulting to 1000 [ 148.567674][ T6252] lo speed is unknown, defaulting to 1000 [ 148.583554][ T6252] lo speed is unknown, defaulting to 1000 [ 148.640142][ T6252] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 148.767866][ T6252] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 149.632038][ T6252] lo speed is unknown, defaulting to 1000 [ 149.640460][ T6252] lo speed is unknown, defaulting to 1000 [ 149.649352][ T6252] lo speed is unknown, defaulting to 1000 [ 149.656745][ T6252] lo speed is unknown, defaulting to 1000 [ 150.061070][ T5989] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 150.206972][ T23] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 150.411338][ T23] usb 2-1: Using ep0 maxpacket: 8 [ 150.473954][ T6255] tipc: Enabling of bearer rejected, failed to enable media [ 150.730985][ T23] usb 2-1: device descriptor read/all, error -71 [ 153.474794][ T23] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 154.027624][ T23] usb 2-1: Using ep0 maxpacket: 16 [ 154.109235][ T6288] ptrace attach of "./syz-executor exec"[5795] was attempted by "./syz-executor exec"[6288] [ 154.149212][ T23] usb 2-1: config 0 has an invalid interface number: 13 but max is 0 [ 154.195361][ T6288] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 154.203315][ T6288] overlayfs: failed to set xattr on upper [ 154.209692][ T6288] overlayfs: ...falling back to redirect_dir=nofollow. [ 154.216576][ T6288] overlayfs: ...falling back to index=off. [ 154.223193][ T6288] overlayfs: ...falling back to uuid=null. [ 154.229643][ T6288] overlayfs: maximum fs stacking depth exceeded [ 154.293926][ T23] usb 2-1: config 0 has no interface number 0 [ 154.301713][ T23] usb 2-1: config 0 interface 13 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16 [ 154.311679][ T23] usb 2-1: config 0 interface 13 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 64 [ 154.324629][ T23] usb 2-1: New USB device found, idVendor=0e8d, idProduct=00a7, bcdDevice=b5.31 [ 154.347736][ T23] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 154.355802][ T23] usb 2-1: Product: syz [ 154.373733][ T23] usb 2-1: Manufacturer: syz [ 154.380013][ T23] usb 2-1: SerialNumber: syz [ 154.404491][ T23] usb 2-1: config 0 descriptor?? [ 154.422047][ T6272] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 154.453093][ T6272] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 154.500406][ T23] option 2-1:0.13: GSM modem (1-port) converter detected [ 155.497751][ T6297] syz.0.90 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 155.527819][ T6297] binder: 6293:6297 ioctl c0306201 0 returned -14 [ 156.176867][ T23] usb 2-1: USB disconnect, device number 3 [ 156.195392][ T23] option 2-1:0.13: device disconnected [ 156.264834][ T28] audit: type=1326 audit(1753735994.885:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6298 comm="syz.0.92" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc7698e9a9 code=0x7ffc0000 [ 156.372974][ T28] audit: type=1326 audit(1753735994.905:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6298 comm="syz.0.92" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fcc7698e9a9 code=0x7ffc0000 [ 156.508303][ T28] audit: type=1326 audit(1753735994.905:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6298 comm="syz.0.92" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc7698e9a9 code=0x7ffc0000 [ 156.590988][ T28] audit: type=1326 audit(1753735994.905:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6298 comm="syz.0.92" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc7698e9a9 code=0x7ffc0000 [ 156.616353][ T6305] loop0: detected capacity change from 0 to 2048 [ 156.660312][ T6307] capability: warning: `syz.2.93' uses 32-bit capabilities (legacy support in use) [ 156.698226][ T6307] loop2: detected capacity change from 0 to 164 [ 157.695507][ T6307] Unable to read rock-ridge attributes [ 157.741917][ T28] audit: type=1326 audit(1753735994.905:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6298 comm="syz.0.92" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fcc7698e9a9 code=0x7ffc0000 [ 157.796582][ T6304] iso9660: Corrupted directory entry in block 4 of inode 1792 [ 158.266250][ T28] audit: type=1326 audit(1753735994.905:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6298 comm="syz.0.92" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc7698e9a9 code=0x7ffc0000 [ 158.345966][ T28] audit: type=1326 audit(1753735994.905:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6298 comm="syz.0.92" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc7698e9a9 code=0x7ffc0000 [ 158.368931][ T28] audit: type=1326 audit(1753735994.915:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6298 comm="syz.0.92" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7fcc7698e9a9 code=0x7ffc0000 [ 158.420465][ T6305] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 158.431995][ T28] audit: type=1326 audit(1753735994.915:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6298 comm="syz.0.92" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc7698e9a9 code=0x7ffc0000 [ 158.504813][ T6317] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 158.676128][ T6305] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 159.025183][ T28] audit: type=1326 audit(1753735994.915:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6298 comm="syz.0.92" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc7698e9a9 code=0x7ffc0000 [ 163.955497][ T6339] loop0: detected capacity change from 0 to 128 [ 163.986953][ T6339] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 164.021911][ T6339] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 166.861822][ T11] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 167.244117][ T6361] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 168.079809][ T6372] netlink: 4 bytes leftover after parsing attributes in process `syz.2.105'. [ 168.490259][ T6375] netlink: 4 bytes leftover after parsing attributes in process `syz.0.108'. [ 168.585592][ T6381] loop3: detected capacity change from 0 to 2048 [ 168.613433][ T6381] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024) [ 168.623037][ T6383] netlink: 4 bytes leftover after parsing attributes in process `syz.0.108'. [ 168.654379][ T6384] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 168.955049][ T6381] syz.3.110: attempt to access beyond end of device [ 168.955049][ T6381] loop3: rw=524288, sector=33554430, nr_sectors = 2 limit=2048 [ 169.449922][ T6379] syz.3.110: attempt to access beyond end of device [ 169.449922][ T6379] loop3: rw=0, sector=33554430, nr_sectors = 2 limit=2048 [ 169.516287][ T6379] NILFS (loop3): I/O error reading meta-data file (ino=6, block-offset=3) [ 169.794131][ T6379] NILFS (loop3): error -5 reading inode: ino=12 [ 170.335013][ T6399] loop0: detected capacity change from 0 to 256 [ 171.697096][ T6399] FAT-fs (loop0): Directory bread(block 64) failed [ 171.703773][ T6399] FAT-fs (loop0): Directory bread(block 65) failed [ 171.710654][ T6399] FAT-fs (loop0): Directory bread(block 66) failed [ 171.717221][ T6399] FAT-fs (loop0): Directory bread(block 67) failed [ 171.724045][ T6399] FAT-fs (loop0): Directory bread(block 68) failed [ 171.730662][ T6399] FAT-fs (loop0): Directory bread(block 69) failed [ 171.737415][ T6399] FAT-fs (loop0): Directory bread(block 70) failed [ 171.744294][ T6399] FAT-fs (loop0): Directory bread(block 71) failed [ 171.751033][ T6399] FAT-fs (loop0): Directory bread(block 72) failed [ 171.757690][ T6399] FAT-fs (loop0): Directory bread(block 73) failed [ 175.492727][ T6433] loop0: detected capacity change from 0 to 128 [ 180.736273][ T6446] netlink: 4 bytes leftover after parsing attributes in process `syz.0.125'. [ 181.277071][ T6446] hsr_slave_1 (unregistering): left promiscuous mode [ 181.329490][ T6451] input: syz1 as /devices/virtual/input/input5 [ 181.539368][ T6455] tipc: Started in network mode [ 181.562372][ T6455] tipc: Node identity 4afc8a1b0975, cluster identity 4711 [ 181.819162][ T6455] tipc: Enabled bearer , priority 0 [ 182.002904][ T6457] syzkaller0: entered promiscuous mode [ 182.401562][ T6457] syzkaller0: entered allmulticast mode [ 182.929379][ T8] tipc: Node number set to 1133087259 [ 182.937475][ T6455] tipc: Resetting bearer [ 183.822778][ T6454] tipc: Resetting bearer [ 184.174172][ T6454] tipc: Disabling bearer [ 184.555728][ T6475] loop2: detected capacity change from 0 to 1024 [ 185.125879][ T6475] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 188.853736][ T5795] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 188.942864][ T6502] loop1: detected capacity change from 0 to 128 [ 189.021828][ T6502] EXT4-fs warning (device loop1): ext4_init_metadata_csum:4634: metadata_csum and uninit_bg are redundant flags; please run fsck. [ 189.057732][ T6502] EXT4-fs (loop1): Encoding requested by superblock is unknown [ 190.107307][ T6506] vlan0: entered promiscuous mode [ 193.254465][ T6534] input: syz1 as /devices/virtual/input/input6 [ 194.624120][ T1285] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.631670][ T1285] ieee802154 phy1 wpan1: encryption failed: -22 [ 196.039007][ T6543] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 196.126803][ T6543] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:bb to non-existent VLAN 2048 [ 197.754875][ T6551] binder: 6547:6551 ioctl 4018620d 0 returned -22 [ 199.388292][ T6552] input: syz1 as /devices/virtual/input/input7 [ 200.560528][ T6565] loop2: detected capacity change from 0 to 256 [ 200.621384][ T6565] exFAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 201.018047][ T6565] exFAT-fs (loop2): Medium has reported failures. Some data may be lost. [ 201.293370][ T6565] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 203.665576][ T6585] binder: 6584:6585 ioctl 4018620d 0 returned -22 [ 205.407455][ T6591] loop0: detected capacity change from 0 to 2048 [ 205.615933][ T6591] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 206.610978][ T6591] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 206.642731][ T6591] serio: Serial port ptm0 [ 206.921630][ T6606] binder: 6603:6606 ioctl 4018620d 0 returned -22 [ 207.574590][ T5791] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 210.171002][ T6621] loop0: detected capacity change from 0 to 8 [ 210.555594][ T6618] SQUASHFS error: Failed to read block 0x4e8: -5 [ 210.562449][ T6618] SQUASHFS error: Failed to read block 0x4de: -5 [ 210.568990][ T6618] SQUASHFS error: Failed to read block 0x4de: -5 [ 210.575504][ T6618] SQUASHFS error: Failed to read block 0x4de: -5 [ 210.600816][ T28] kauditd_printk_skb: 19 callbacks suppressed [ 210.600833][ T28] audit: type=1800 audit(1753736049.205:31): pid=6618 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.162" name="file1" dev="loop0" ino=5 res=0 errno=0 [ 211.567740][ T28] audit: type=1800 audit(1753736049.625:32): pid=6623 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.165" name="bus" dev="overlay" ino=252 res=0 errno=0 [ 212.137758][ T6628] loop3: detected capacity change from 0 to 32768 [ 212.914783][ T5801] Bluetooth: hci0: command 0x0406 tx timeout [ 212.921558][ T5103] Bluetooth: hci1: command 0x0406 tx timeout [ 212.921588][ T5796] Bluetooth: hci2: command 0x0406 tx timeout [ 212.928239][ T5103] Bluetooth: hci3: command 0x0406 tx timeout [ 213.685819][ T6632] read_mapping_page failed! [ 213.747949][ T6632] jfs_create: dtInsert returned -EIO [ 213.768020][ T6632] ERROR: (device loop3): jfs_create: [ 213.768020][ T6632] [ 214.437702][ T6632] ERROR: (device loop3): remounting filesystem as read-only [ 215.124252][ T6643] loop2: detected capacity change from 0 to 1024 [ 215.131828][ T6643] EXT4-fs: Ignoring removed mblk_io_submit option [ 215.138471][ T6643] EXT4-fs: Ignoring removed bh option [ 215.160600][ T6643] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 215.257456][ T6643] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 216.444582][ T6647] loop0: detected capacity change from 0 to 40427 [ 216.613267][ T5795] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 216.624319][ T6647] F2FS-fs (loop0): invalid crc value [ 216.652354][ T6647] F2FS-fs (loop0): Found nat_bits in checkpoint [ 216.720305][ T6647] F2FS-fs (loop0): Start checkpoint disabled! [ 216.760278][ T6647] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 217.420695][ T6656] Bluetooth: MGMT ver 1.22 [ 217.570770][ T6654] Bluetooth: hci0: Opcode 0x0c03 failed: -112 [ 217.667951][ T6658] netlink: 4 bytes leftover after parsing attributes in process `syz.3.171'. [ 217.702195][ T6660] loop1: detected capacity change from 0 to 128 [ 217.925165][ T11] kworker/u4:0: attempt to access beyond end of device [ 217.925165][ T11] loop0: rw=2049, sector=40960, nr_sectors = 24 limit=40427 [ 217.989844][ T11] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 217.998991][ T11] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 218.006059][ T11] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 220.417735][ T5798] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 220.492256][ T43] kworker/u4:3: attempt to access beyond end of device [ 220.492256][ T43] loop1: rw=1, sector=145, nr_sectors = 896 limit=128 [ 221.675082][ T28] audit: type=1800 audit(1753736060.295:33): pid=6675 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.176" name="bus" dev="overlay" ino=281 res=0 errno=0 [ 223.316037][ T6680] loop2: detected capacity change from 0 to 64 [ 223.632456][ T6682] bpq0: entered promiscuous mode [ 223.667819][ T6682] bpq0: entered allmulticast mode [ 223.853248][ T28] audit: type=1800 audit(1753736062.465:34): pid=6687 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.179" name="file1" dev="loop2" ino=18 res=0 errno=0 [ 224.395848][ T6684] 8021q: adding VLAN 0 to HW filter on device bond0 [ 224.422338][ T6684] bond0: (slave rose0): Enslaving as an active interface with an up link [ 224.435580][ T6691] ksmbd: Unknown IPC event: 0, ignore. [ 224.780042][ T3062] libceph: connect (1)[c::]:6789 error -101 [ 224.787226][ T3062] libceph: mon0 (1)[c::]:6789 connect error [ 225.016436][ T6691] ceph: No mds server is up or the cluster is laggy [ 225.762072][ T6706] loop2: detected capacity change from 0 to 512 [ 229.756880][ T6731] netlink: 36 bytes leftover after parsing attributes in process `syz.0.188'. [ 230.090393][ T6733] loop0: detected capacity change from 0 to 2048 [ 232.473241][ T28] audit: type=1326 audit(1753736070.565:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6730 comm="syz.3.189" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2299b8e9a9 code=0x0 [ 232.967986][ T6733] hpfs: filesystem error: invalid size in superblock: ffffffff; already mounted read-only [ 234.017035][ T6746] process 'syz.1.191' launched './file0' with NULL argv: empty string added [ 234.718490][ T6749] netlink: 4 bytes leftover after parsing attributes in process `syz.3.192'. [ 239.812981][ T6798] loop2: detected capacity change from 0 to 22 [ 239.834299][ T6798] MTD: Attempt to mount non-MTD device "/dev/loop2" [ 239.854349][ T6798] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 240.750595][ T6796] syzkaller1: entered promiscuous mode [ 240.756579][ T6796] syzkaller1: entered allmulticast mode [ 241.118194][ T5787] usb 1-1: new full-speed USB device number 3 using dummy_hcd [ 242.008278][ T28] audit: type=1326 audit(1753736079.935:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6806 comm="syz.1.200" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f533c38e9a9 code=0x7ffc0000 [ 242.094947][ T28] audit: type=1326 audit(1753736079.935:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6806 comm="syz.1.200" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f533c38e9a9 code=0x7ffc0000 [ 242.183143][ T28] audit: type=1326 audit(1753736080.065:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6806 comm="syz.1.200" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f533c38e9a9 code=0x7ffc0000 [ 242.386355][ T28] audit: type=1326 audit(1753736080.065:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6806 comm="syz.1.200" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f533c38e9a9 code=0x7ffc0000 [ 242.418237][ T5787] usb 1-1: too many configurations: 227, using maximum allowed: 8 [ 242.428198][ T28] audit: type=1326 audit(1753736080.065:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6806 comm="syz.1.200" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f533c38e9a9 code=0x7ffc0000 [ 242.440457][ T5787] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 242.457703][ T27] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 243.245970][ T5787] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 243.257769][ T28] audit: type=1326 audit(1753736080.205:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6806 comm="syz.1.200" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f533c38e9a9 code=0x7ffc0000 [ 243.326635][ T5787] usb 1-1: unable to read config index 1 descriptor/start: -71 [ 243.330587][ T28] audit: type=1326 audit(1753736080.205:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6806 comm="syz.1.200" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f533c38e9a9 code=0x7ffc0000 [ 243.522135][ T6824] netlink: 4 bytes leftover after parsing attributes in process `syz.2.202'. [ 244.049974][ T5787] usb 1-1: can't read configurations, error -71 [ 244.393381][ T28] audit: type=1326 audit(1753736080.205:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6806 comm="syz.1.200" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f533c38e9a9 code=0x7ffc0000 [ 244.528194][ T28] audit: type=1326 audit(1753736080.225:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6806 comm="syz.1.200" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f533c38d310 code=0x7ffc0000 [ 244.823214][ T28] audit: type=1326 audit(1753736080.225:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6806 comm="syz.1.200" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f533c3901d7 code=0x7ffc0000 [ 244.926056][ T6840] netlink: 12 bytes leftover after parsing attributes in process `syz.1.205'. [ 244.935580][ T6840] netlink: zone id is out of range [ 244.947566][ T6840] netlink: set zone limit has 8 unknown bytes [ 246.919225][ T6847] netlink: 28 bytes leftover after parsing attributes in process `syz.2.208'. [ 246.938445][ T6847] netlink: 8 bytes leftover after parsing attributes in process `syz.2.208'. [ 248.185662][ T6863] mmap: syz.2.211 (6863) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 248.618445][ T27] usb 4-1: device descriptor read/all, error -110 [ 248.780677][ T27] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 250.115972][ T6874] loop3: detected capacity change from 0 to 32768 [ 252.361191][ T6874] JBD2: Ignoring recovery information on journal [ 252.583752][ T6874] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 254.454051][ T6892] loop2: detected capacity change from 0 to 512 [ 254.464046][ T5784] ocfs2: Unmounting device (7,3) on (node local) [ 254.609685][ T6892] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 254.648668][ T6895] syz.1.216 uses obsolete (PF_INET,SOCK_PACKET) [ 255.339802][ T6895] batadv0: entered promiscuous mode [ 255.457866][ T6895] vlan2: entered promiscuous mode [ 255.823955][ T5795] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 256.064354][ T1285] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.072469][ T1285] ieee802154 phy1 wpan1: encryption failed: -22 [ 258.769754][ T5830] IPVS: starting estimator thread 0... [ 258.918156][ T6926] IPVS: using max 26 ests per chain, 62400 per kthread [ 262.161198][ T6949] orangefs_mount: mount request failed with -4 [ 262.650421][ T6950] loop1: detected capacity change from 0 to 32768 [ 264.735922][ T6950] JBD2: Ignoring recovery information on journal [ 266.172469][ T6950] JBD2: journal reset failed [ 266.177269][ T6950] (syz.1.227,6950,0):ocfs2_journal_load:1167 ERROR: Failed to load journal! [ 266.262641][ T6950] (syz.1.227,6950,1):ocfs2_check_volume:2434 ERROR: ocfs2 journal load failed! -4 [ 266.368036][ T6962] loop0: detected capacity change from 0 to 256 [ 266.395021][ T6962] exfat: Unknown parameter 'cid' [ 272.937363][ T6992] loop2: detected capacity change from 0 to 1024 [ 273.121009][ T6992] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 273.237886][ T6992] ext4 filesystem being mounted at /62/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 274.001447][ T7000] syz.2.238 (7000) used greatest stack depth: 20712 bytes left [ 274.009234][ T28] kauditd_printk_skb: 6 callbacks suppressed [ 274.009246][ T28] audit: type=1800 audit(1753736112.626:52): pid=7000 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.238" name="file1" dev="loop2" ino=15 res=0 errno=0 [ 274.275776][ T5795] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 274.673254][ T7005] loop3: detected capacity change from 0 to 1024 [ 274.866347][ T7005] EXT4-fs: Ignoring removed bh option [ 274.991907][ T7005] EXT4-fs: Ignoring removed nomblk_io_submit option [ 275.365500][ T7005] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 275.685101][ T7005] syz.3.241[7005] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 275.685272][ T7005] syz.3.241[7005] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 276.383500][ T7005] netlink: 20 bytes leftover after parsing attributes in process `syz.3.241'. [ 279.305746][ T5784] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 280.452488][ T7039] netlink: 6 bytes leftover after parsing attributes in process `syz.0.247'. [ 280.481267][ T7039] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 280.770197][ T7047] loop3: detected capacity change from 0 to 40427 [ 280.798428][ T7047] F2FS-fs (loop3): invalid crc value [ 280.857936][ T7047] F2FS-fs (loop3): Found nat_bits in checkpoint [ 280.915688][ T7047] F2FS-fs (loop3): Start checkpoint disabled! [ 280.955086][ T7047] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 282.789110][ T2891] kworker/u4:7: attempt to access beyond end of device [ 282.789110][ T2891] loop3: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 282.878248][ T2891] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 282.885213][ T2891] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 283.000976][ T7062] bpq0: left promiscuous mode [ 283.005780][ T7062] bpq0: left allmulticast mode [ 283.061822][ T7062] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 283.263796][ T7066] loop0: detected capacity change from 0 to 1024 [ 283.379194][ T7066] EXT4-fs: Ignoring removed bh option [ 283.384700][ T7066] EXT4-fs: Ignoring removed nomblk_io_submit option [ 283.867150][ T7074] loop2: detected capacity change from 0 to 8 [ 284.241107][ T7070] lo speed is unknown, defaulting to 1000 [ 284.350336][ T7066] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 284.489245][ T7066] syz.0.256[7066] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 284.489391][ T7066] syz.0.256[7066] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 284.695260][ T7080] netlink: 20 bytes leftover after parsing attributes in process `syz.0.256'. [ 284.876751][ T7079] loop2: detected capacity change from 0 to 32768 [ 284.884657][ T7079] XFS: ikeep mount option is deprecated. [ 284.981352][ T7079] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 285.476267][ T7079] XFS (loop2): Ending clean mount [ 285.541619][ T7079] XFS (loop2): Quotacheck needed: Please wait. [ 285.704568][ T7079] XFS (loop2): Quotacheck: Done. [ 287.069685][ T5791] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 290.087421][ T5795] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 290.692395][ T7115] input: syz1 as /devices/virtual/input/input9 [ 291.284977][ T7117] loop2: detected capacity change from 0 to 256 [ 291.377167][ T7117] exfat: Unknown parameter 'cid' [ 291.418548][ T28] audit: type=1326 audit(1753736130.026:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7118 comm="syz.0.273" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc7698e9a9 code=0x7ffc0000 [ 292.235020][ T28] audit: type=1326 audit(1753736130.036:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7118 comm="syz.0.273" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc7698e9a9 code=0x7ffc0000 [ 292.268001][ T28] audit: type=1326 audit(1753736130.076:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7118 comm="syz.0.273" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7fcc7698e9a9 code=0x7ffc0000 [ 292.290627][ T28] audit: type=1326 audit(1753736130.076:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7118 comm="kfree" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc7698e9a9 code=0x7ffc0000 [ 292.312367][ C1] vkms_vblank_simulate: vblank timer overrun [ 292.319354][ T28] audit: type=1326 audit(1753736130.076:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7118 comm="kfree" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7fcc7698e9a9 code=0x7ffc0000 [ 292.330582][ T7120] loop0: detected capacity change from 0 to 512 [ 292.341990][ T28] audit: type=1326 audit(1753736130.076:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7118 comm="kfree" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc7698e9a9 code=0x7ffc0000 [ 292.342038][ T28] audit: type=1326 audit(1753736130.086:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7118 comm="kfree" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc7698e9a9 code=0x7ffc0000 [ 292.499587][ T7120] EXT4-fs (loop0): orphan cleanup on readonly fs [ 292.517659][ T28] audit: type=1326 audit(1753736130.086:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7118 comm="kfree" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fcc7698e9a9 code=0x7ffc0000 [ 292.618594][ T28] audit: type=1326 audit(1753736130.086:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7118 comm="kfree" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc7698e9a9 code=0x7ffc0000 [ 292.641358][ T28] audit: type=1326 audit(1753736130.086:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7118 comm="kfree" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc7698e9a9 code=0x7ffc0000 [ 292.705809][ T7120] EXT4-fs error (device loop0): ext4_validate_block_bitmap:439: comm kfree: bg 0: block 248: padding at end of block bitmap is not set [ 292.808742][ T7120] EXT4-fs error (device loop0): ext4_acquire_dquot:6938: comm kfree: Failed to acquire dquot type 1 [ 293.842384][ T7120] EXT4-fs (loop0): 1 truncate cleaned up [ 293.901172][ T7120] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 294.958354][ T7138] netlink: 4 bytes leftover after parsing attributes in process `syz.2.266'. [ 295.149488][ T5791] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 295.982807][ T7152] input: syz1 as /devices/virtual/input/input10 [ 298.509509][ T7164] loop3: detected capacity change from 0 to 256 [ 298.925371][ T7164] exfat: Unknown parameter 'cid' [ 300.282049][ T7171] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR [ 300.287261][ T7167] loop3: detected capacity change from 0 to 256 [ 300.328230][ T7167] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 301.745351][ T7187] netlink: 4 bytes leftover after parsing attributes in process `syz.2.280'. [ 302.364596][ T7196] netlink: 129384 bytes leftover after parsing attributes in process `syz.1.282'. [ 304.516010][ T7196] loop1: detected capacity change from 0 to 32768 [ 305.114626][ T7205] loop0: detected capacity change from 0 to 2048 [ 305.679160][ T7210] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 305.763957][ T28] kauditd_printk_skb: 53 callbacks suppressed [ 305.763972][ T28] audit: type=1800 audit(1753736144.386:114): pid=7205 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.286" name="file2" dev="loop0" ino=16 res=0 errno=0 [ 307.159118][ T7221] loop3: detected capacity change from 0 to 8 [ 311.202732][ T7242] netlink: 4 bytes leftover after parsing attributes in process `syz.0.295'. [ 311.509408][ T7248] netlink: 4 bytes leftover after parsing attributes in process `syz.0.295'. [ 317.503888][ T1285] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.510662][ T1285] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.701448][ T7276] netlink: 20 bytes leftover after parsing attributes in process `syz.2.301'. [ 320.971207][ T7276] bridge0: port 2(bridge_slave_1) entered disabled state [ 320.979093][ T7276] bridge0: port 1(bridge_slave_0) entered disabled state [ 321.699738][ T7305] netlink: 4 bytes leftover after parsing attributes in process `syz.2.304'. [ 325.791034][ T7323] netlink: 8 bytes leftover after parsing attributes in process `syz.2.309'. [ 326.453880][ T7323] syz.2.309 (7323) used greatest stack depth: 16624 bytes left [ 328.816841][ T7325] loop1: detected capacity change from 0 to 256 [ 328.853226][ T7325] FAT-fs (loop1): Directory bread(block 64) failed [ 328.867697][ T7325] FAT-fs (loop1): Directory bread(block 65) failed [ 328.874688][ T7325] FAT-fs (loop1): Directory bread(block 66) failed [ 328.967712][ T7325] FAT-fs (loop1): Directory bread(block 67) failed [ 328.974760][ T7325] FAT-fs (loop1): Directory bread(block 68) failed [ 329.017629][ T7325] FAT-fs (loop1): Directory bread(block 69) failed [ 329.038793][ T7325] FAT-fs (loop1): Directory bread(block 70) failed [ 329.066626][ T7325] FAT-fs (loop1): Directory bread(block 71) failed [ 329.088251][ T7325] FAT-fs (loop1): Directory bread(block 72) failed [ 329.118514][ T7325] FAT-fs (loop1): Directory bread(block 73) failed [ 332.070352][ T7342] netlink: 4 bytes leftover after parsing attributes in process `syz.0.315'. [ 334.324491][ T7350] netlink: 4 bytes leftover after parsing attributes in process `syz.1.317'. [ 334.844466][ T7356] netlink: 4 bytes leftover after parsing attributes in process `syz.1.317'. [ 336.016685][ T7366] netlink: 44 bytes leftover after parsing attributes in process `syz.0.319'. [ 340.365466][ T7400] loop1: detected capacity change from 0 to 40427 [ 340.378554][ T7400] F2FS-fs (loop1): Unrecognized mount option "18446744073709551615" or missing value [ 341.197528][ T7363] I/O error, dev loop1, sector 40192 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 343.664872][ T7419] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR [ 344.141669][ T7431] netlink: 4 bytes leftover after parsing attributes in process `syz.2.331'. [ 344.360870][ T7431] netlink: 4 bytes leftover after parsing attributes in process `syz.2.331'. [ 346.912500][ T7451] netlink: 4 bytes leftover after parsing attributes in process `syz.1.346'. [ 347.145202][ T7454] netlink: 4 bytes leftover after parsing attributes in process `syz.1.346'. [ 347.981018][ T7457] netlink: 129384 bytes leftover after parsing attributes in process `syz.2.338'. [ 348.317590][ T7457] loop2: detected capacity change from 0 to 32768 [ 348.369457][ T7463] netlink: 4 bytes leftover after parsing attributes in process `syz.0.349'. [ 348.470296][ T7464] netlink: 4 bytes leftover after parsing attributes in process `syz.0.349'. [ 350.652061][ T7472] netlink: 'syz.3.341': attribute type 10 has an invalid length. [ 351.453318][ T7472] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 351.465772][ T7472] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 351.901545][ T7478] loop1: detected capacity change from 0 to 128 [ 352.465615][ T7477] netlink: 4 bytes leftover after parsing attributes in process `syz.0.353'. [ 353.862814][ T7491] netlink: 4 bytes leftover after parsing attributes in process `syz.0.347'. [ 353.930305][ T7493] netlink: 4 bytes leftover after parsing attributes in process `syz.0.347'. [ 356.355365][ T7514] netlink: 20 bytes leftover after parsing attributes in process `syz.1.354'. [ 357.324847][ T7514] bridge0: port 2(bridge_slave_1) entered disabled state [ 357.332156][ T7514] bridge0: port 1(bridge_slave_0) entered disabled state [ 357.559069][ T7510] xt_CT: You must specify a L4 protocol and not use inversions on it [ 360.023979][ T7537] netdevsim netdevsim0: Direct firmware load for ./file0 failed with error -2 [ 360.034342][ T7537] netdevsim netdevsim0: Falling back to sysfs fallback for: ./file0 [ 362.321459][ T7546] netlink: 'syz.0.361': attribute type 64 has an invalid length. [ 362.329436][ T7546] netlink: 'syz.0.361': attribute type 4 has an invalid length. [ 362.337302][ T7546] netlink: 152 bytes leftover after parsing attributes in process `syz.0.361'. [ 362.800806][ T7550] netlink: 4 bytes leftover after parsing attributes in process `syz.1.362'. [ 362.913369][ T7553] netlink: 4 bytes leftover after parsing attributes in process `syz.1.362'. [ 368.355333][ T7589] netlink: 4 bytes leftover after parsing attributes in process `syz.1.373'. [ 368.416274][ T7590] loop3: detected capacity change from 0 to 128 [ 368.476111][ T7593] netlink: 4 bytes leftover after parsing attributes in process `syz.1.373'. [ 368.534560][ T7590] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 369.890272][ T7601] netlink: 4 bytes leftover after parsing attributes in process `syz.0.375'. [ 370.150737][ T7607] netlink: 4 bytes leftover after parsing attributes in process `syz.0.375'. [ 373.822405][ C0] ================================================================== [ 373.830642][ C0] BUG: KASAN: slab-use-after-free in rose_timer_expiry+0x46a/0x4b0 [ 373.838687][ C0] Read of size 2 at addr ffff88805ec2782a by task syz.2.381/7616 [ 373.846431][ C0] [ 373.848805][ C0] CPU: 0 PID: 7616 Comm: syz.2.381 Not tainted 6.6.100-syzkaller #0 [ 373.856807][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 373.867090][ C0] Call Trace: [ 373.870393][ C0] [ 373.873261][ C0] dump_stack_lvl+0x16c/0x230 [ 373.877966][ C0] ? __lock_acquire+0x7c80/0x7c80 [ 373.883020][ C0] ? show_regs_print_info+0x20/0x20 [ 373.888264][ C0] ? load_image+0x3b0/0x3b0 [ 373.892808][ C0] ? _raw_spin_lock_irqsave+0xb4/0xf0 [ 373.898211][ C0] ? __virt_addr_valid+0x18c/0x540 [ 373.903348][ C0] ? __virt_addr_valid+0x469/0x540 [ 373.908475][ C0] print_report+0xac/0x200 [ 373.912907][ C0] ? rose_timer_expiry+0x46a/0x4b0 [ 373.918032][ C0] kasan_report+0x117/0x150 [ 373.922579][ C0] ? rose_timer_expiry+0x46a/0x4b0 [ 373.927816][ C0] rose_timer_expiry+0x46a/0x4b0 [ 373.932781][ C0] call_timer_fn+0x16e/0x530 [ 373.937386][ C0] ? rose_start_t1timer+0xd0/0xd0 [ 373.942436][ C0] ? call_timer_fn+0xbf/0x530 [ 373.947146][ C0] ? __run_timers+0x7d0/0x7d0 [ 373.951844][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 373.957062][ C0] ? lockdep_hardirqs_on+0x98/0x150 [ 373.962279][ C0] ? rose_start_t1timer+0xd0/0xd0 [ 373.967326][ C0] __run_timers+0x52d/0x7d0 [ 373.971959][ C0] ? detach_timer+0x2b0/0x2b0 [ 373.976659][ C0] ? lock_chain_count+0x20/0x20 [ 373.981528][ C0] run_timer_softirq+0x67/0xf0 [ 373.986309][ C0] handle_softirqs+0x280/0x820 [ 373.991123][ C0] ? __irq_exit_rcu+0xc7/0x190 [ 373.995898][ C0] ? do_softirq+0x180/0x180 [ 374.000411][ C0] ? irqtime_account_irq+0xb6/0x1c0 [ 374.005639][ C0] __irq_exit_rcu+0xc7/0x190 [ 374.010242][ C0] ? irq_exit_rcu+0x20/0x20 [ 374.014757][ C0] irq_exit_rcu+0x9/0x20 [ 374.019009][ C0] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 374.024657][ C0] [ 374.027602][ C0] [ 374.030549][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 374.036568][ C0] RIP: 0010:raw_spin_rq_unlock_irq+0x13/0x90 [ 374.042577][ C0] Code: 0f 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 b2 51 0f 09 66 90 41 57 41 56 53 eb 11 e8 04 fa 18 09 e8 0f 33 2e 00 fb 5b <41> 5e 41 5f c3 f3 0f 1e fa 49 be 00 00 00 00 00 fc ff df 49 89 ff [ 374.062294][ C0] RSP: 0000:ffffc90003347b88 EFLAGS: 00000282 [ 374.068553][ C0] RAX: aab91117459bf100 RBX: ffff8880b8e3d188 RCX: aab91117459bf100 [ 374.076627][ C0] RDX: dffffc0000000000 RSI: ffffffff8aaaba40 RDI: ffffffff8afc6700 [ 374.084620][ C0] RBP: ffffc90003347d90 R08: ffffffff8e4a7daf R09: 1ffffffff1c94fb5 [ 374.092609][ C0] R10: dffffc0000000000 R11: fffffbfff1c94fb6 R12: dffffc0000000000 [ 374.100591][ C0] R13: ffff8880b8e3c440 R14: dffffc0000000000 R15: ffff8880b8e3d188 [ 374.108600][ C0] __schedule+0x171e/0x44d0 [ 374.113142][ C0] ? asan.module_dtor+0x20/0x20 [ 374.118008][ C0] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 374.124009][ C0] ? preempt_schedule_irq+0xaa/0x140 [ 374.129312][ C0] preempt_schedule_irq+0xb5/0x140 [ 374.134445][ C0] ? preempt_schedule_notrace+0x110/0x110 [ 374.140184][ C0] ? local_clock+0x20/0x20 [ 374.144615][ C0] ? rcu_irq_exit_check_preempt+0xdf/0x210 [ 374.150458][ C0] irqentry_exit+0x67/0x70 [ 374.154920][ C0] asm_sysvec_reschedule_ipi+0x1a/0x20 [ 374.160415][ C0] RIP: 0010:exit_to_user_mode_loop+0x40/0x110 [ 374.166515][ C0] Code: fb eb 1d e8 62 a0 fa 08 65 48 8b 05 1a 2d 91 7e 4c 8b 30 41 f7 c6 0e 30 02 00 0f 84 c4 00 00 00 e8 a5 6b 19 00 fb 41 f6 c6 08 <74> 05 e8 e9 cc 02 09 41 f7 c6 00 10 00 00 74 08 48 89 df e8 b8 e5 [ 374.186143][ C0] RSP: 0000:ffffc90003347f10 EFLAGS: 00000202 [ 374.192227][ C0] RAX: aab91117459bf100 RBX: ffffc90003347f58 RCX: aab91117459bf100 [ 374.200218][ C0] RDX: dffffc0000000000 RSI: ffffffff8aaaba40 RDI: ffffffff8afc6700 [ 374.208244][ C0] RBP: 0000000000000000 R08: ffffffff8e4a7daf R09: 1ffffffff1c94fb5 [ 374.216263][ C0] R10: dffffc0000000000 R11: fffffbfff1c94fb6 R12: 0000000000000000 [ 374.224793][ C0] R13: 0000000000000000 R14: 0000000000000008 R15: ffff8880210bbc00 [ 374.232819][ C0] exit_to_user_mode_prepare+0xb1/0x140 [ 374.238452][ C0] irqentry_exit_to_user_mode+0x9/0x40 [ 374.243960][ C0] asm_sysvec_call_function_single+0x1a/0x20 [ 374.249982][ C0] RIP: 0033:0x7fd92166e9b1 [ 374.254430][ C0] Code: 45 31 f6 44 0f b6 e6 85 c0 0f 84 9e 00 00 00 44 89 f9 49 8b 50 30 4c 89 f0 49 03 14 ca 80 3d fd 91 34 00 00 49 89 d6 48 89 d5 <74> 28 25 ff 0f 00 00 83 f0 3d 8d 04 c0 89 c5 c1 ed 04 31 c5 69 ed [ 374.274151][ C0] RSP: 002b:00007ffe04a61ac0 EFLAGS: 00000202 [ 374.280245][ C0] RAX: ffffffff813210a2 RBX: 00007fd9224e5720 RCX: 0000000000002270 [ 374.288260][ C0] RDX: ffffffff813aa13c RSI: ffffffff81321879 RDI: 0000000000000010 [ 374.296677][ C0] RBP: ffffffff813aa13c R08: 00007fd9219b6118 R09: 00007fd9219a2000 [ 374.304834][ C0] R10: 00007fd9207fd008 R11: 0000000000000010 R12: 0000000000000010 [ 374.312923][ C0] R13: 0000000000000000 R14: ffffffff813aa13c R15: 0000000000002270 [ 374.321017][ C0] ? unwind_get_return_address+0x1c/0xc0 [ 374.326691][ C0] ? unwind_get_return_address+0x1c/0xc0 [ 374.332483][ C0] ? arch_stack_walk+0x152/0x190 [ 374.337462][ C0] ? unwind_get_return_address+0x1c/0xc0 [ 374.343131][ C0] ? cacheinfo_amd_init_llc_id+0x289/0x3a0 [ 374.349047][ C0] [ 374.352073][ C0] [ 374.354436][ C0] Allocated by task 5158: [ 374.358877][ C0] kasan_set_track+0x4e/0x70 [ 374.363574][ C0] __kasan_kmalloc+0x8f/0xa0 [ 374.368197][ C0] kernfs_fop_open+0x3f5/0xcc0 [ 374.372989][ C0] do_dentry_open+0x8c6/0x1500 [ 374.377774][ C0] path_openat+0x274b/0x3190 [ 374.382432][ C0] do_filp_open+0x1c5/0x3d0 [ 374.387006][ C0] do_sys_openat2+0x12c/0x1c0 [ 374.391887][ C0] __x64_sys_openat+0x139/0x160 [ 374.396846][ C0] do_syscall_64+0x55/0xb0 [ 374.401289][ C0] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 374.407207][ C0] [ 374.409550][ C0] Freed by task 5158: [ 374.413622][ C0] kasan_set_track+0x4e/0x70 [ 374.418237][ C0] kasan_save_free_info+0x2e/0x50 [ 374.423571][ C0] ____kasan_slab_free+0x126/0x1e0 [ 374.428705][ C0] slab_free_freelist_hook+0x130/0x1b0 [ 374.434179][ C0] __kmem_cache_free+0xba/0x1f0 [ 374.439166][ C0] kernfs_fop_release+0x166/0x190 [ 374.444220][ C0] __fput+0x234/0x970 [ 374.448262][ C0] __se_sys_close+0x15f/0x220 [ 374.452954][ C0] do_syscall_64+0x55/0xb0 [ 374.457642][ C0] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 374.463555][ C0] [ 374.465891][ C0] Last potentially related work creation: [ 374.471653][ C0] kasan_save_stack+0x3e/0x60 [ 374.476341][ C0] __kasan_record_aux_stack+0xaf/0xc0 [ 374.481764][ C0] insert_work+0x3d/0x310 [ 374.486106][ C0] __queue_work+0xd2c/0x1020 [ 374.490707][ C0] call_timer_fn+0x16e/0x530 [ 374.495311][ C0] __run_timers+0x558/0x7d0 [ 374.499826][ C0] run_timer_softirq+0x67/0xf0 [ 374.504635][ C0] handle_softirqs+0x280/0x820 [ 374.509411][ C0] __irq_exit_rcu+0xc7/0x190 [ 374.514009][ C0] irq_exit_rcu+0x9/0x20 [ 374.518263][ C0] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 374.523916][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 374.529914][ C0] [ 374.532245][ C0] Second to last potentially related work creation: [ 374.538832][ C0] kasan_save_stack+0x3e/0x60 [ 374.543522][ C0] __kasan_record_aux_stack+0xaf/0xc0 [ 374.548907][ C0] call_rcu+0x158/0x930 [ 374.553079][ C0] addrconf_permanent_addr+0x354/0x980 [ 374.558554][ C0] addrconf_notify+0x996/0x1010 [ 374.563416][ C0] notifier_call_chain+0x197/0x390 [ 374.568548][ C0] __dev_notify_flags+0x18e/0x2e0 [ 374.573587][ C0] dev_change_flags+0xe8/0x1a0 [ 374.578361][ C0] do_setlink+0xc74/0x3fb0 [ 374.582797][ C0] rtnl_newlink+0x175b/0x2020 [ 374.587491][ C0] rtnetlink_rcv_msg+0x7c7/0xf10 [ 374.592446][ C0] netlink_rcv_skb+0x216/0x480 [ 374.597245][ C0] netlink_unicast+0x751/0x8d0 [ 374.602472][ C0] netlink_sendmsg+0x8c1/0xbe0 [ 374.607264][ C0] __sys_sendto+0x46a/0x620 [ 374.611793][ C0] __x64_sys_sendto+0xde/0xf0 [ 374.616573][ C0] do_syscall_64+0x55/0xb0 [ 374.621007][ C0] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 374.626919][ C0] [ 374.629249][ C0] The buggy address belongs to the object at ffff88805ec27800 [ 374.629249][ C0] which belongs to the cache kmalloc-512 of size 512 [ 374.643306][ C0] The buggy address is located 42 bytes inside of [ 374.643306][ C0] freed 512-byte region [ffff88805ec27800, ffff88805ec27a00) [ 374.657025][ C0] [ 374.659374][ C0] The buggy address belongs to the physical page: [ 374.665804][ C0] page:ffffea00017b0900 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5ec24 [ 374.675963][ C0] head:ffffea00017b0900 order:2 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 374.684909][ C0] anon flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 374.693532][ C0] page_type: 0xffffffff() [ 374.698225][ C0] raw: 00fff00000000840 ffff888017841c80 0000000000000000 dead000000000001 [ 374.706819][ C0] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 374.715405][ C0] page dumped because: kasan: bad access detected [ 374.721858][ C0] page_owner tracks the page as allocated [ 374.727594][ C0] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 3495, tgid 3495 (kworker/u4:10), ts 90280099276, free_ts 27313282697 [ 374.749085][ C0] post_alloc_hook+0x1cd/0x210 [ 374.753881][ C0] get_page_from_freelist+0x195c/0x19f0 [ 374.759473][ C0] __alloc_pages+0x1e3/0x460 [ 374.764082][ C0] alloc_slab_page+0x5d/0x170 [ 374.768790][ C0] new_slab+0x87/0x2e0 [ 374.772876][ C0] ___slab_alloc+0xc6d/0x12f0 [ 374.777566][ C0] __kmem_cache_alloc_node+0x1a2/0x260 [ 374.783041][ C0] kmalloc_trace+0x2a/0xe0 [ 374.787495][ C0] __ipv6_dev_mc_inc+0x413/0xac0 [ 374.792554][ C0] addrconf_dad_work+0x3c5/0x14e0 [ 374.797600][ C0] process_scheduled_works+0xa45/0x15b0 [ 374.803252][ C0] worker_thread+0xa55/0xfc0 [ 374.807954][ C0] kthread+0x2fa/0x390 [ 374.812026][ C0] ret_from_fork+0x48/0x80 [ 374.816464][ C0] ret_from_fork_asm+0x11/0x20 [ 374.821271][ C0] page last free stack trace: [ 374.825949][ C0] free_unref_page_prepare+0x7ce/0x8e0 [ 374.831426][ C0] free_unref_page+0x32/0x2e0 [ 374.836122][ C0] free_contig_range+0xa1/0x160 [ 374.840981][ C0] destroy_args+0x87/0x770 [ 374.845426][ C0] debug_vm_pgtable+0x3cc/0x410 [ 374.850768][ C0] do_one_initcall+0x1fd/0x750 [ 374.855567][ C0] do_initcall_level+0x137/0x1f0 [ 374.860528][ C0] do_initcalls+0x69/0xd0 [ 374.864880][ C0] kernel_init_freeable+0x3d2/0x570 [ 374.870098][ C0] kernel_init+0x1d/0x1c0 [ 374.874442][ C0] ret_from_fork+0x48/0x80 [ 374.878872][ C0] ret_from_fork_asm+0x11/0x20 [ 374.883740][ C0] [ 374.886069][ C0] Memory state around the buggy address: [ 374.891705][ C0] ffff88805ec27700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 374.899774][ C0] ffff88805ec27780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 374.907843][ C0] >ffff88805ec27800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 374.915916][ C0] ^ [ 374.921291][ C0] ffff88805ec27880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 374.929359][ C0] ffff88805ec27900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 374.937510][ C0] ================================================================== [ 374.945878][ C0] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 374.953112][ C0] CPU: 0 PID: 7616 Comm: syz.2.381 Not tainted 6.6.100-syzkaller #0 [ 374.961147][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 374.971249][ C0] Call Trace: [ 374.974899][ C0] [ 374.978055][ C0] dump_stack_lvl+0x16c/0x230 [ 374.983025][ C0] ? show_regs_print_info+0x20/0x20 [ 374.988538][ C0] ? load_image+0x3b0/0x3b0 [ 374.993193][ C0] panic+0x2c0/0x710 [ 374.997152][ C0] ? bpf_jit_dump+0xd0/0xd0 [ 375.001722][ C0] ? _raw_spin_unlock_irqrestore+0xa9/0x110 [ 375.007674][ C0] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 375.013615][ C0] ? _raw_spin_unlock+0x40/0x40 [ 375.018486][ C0] ? print_memory_metadata+0x314/0x400 [ 375.023967][ C0] ? rose_timer_expiry+0x46a/0x4b0 [ 375.029097][ C0] check_panic_on_warn+0x84/0xa0 [ 375.034156][ C0] ? rose_timer_expiry+0x46a/0x4b0 [ 375.039294][ C0] end_report+0x6f/0x140 [ 375.043564][ C0] kasan_report+0x128/0x150 [ 375.048082][ C0] ? rose_timer_expiry+0x46a/0x4b0 [ 375.053213][ C0] rose_timer_expiry+0x46a/0x4b0 [ 375.058179][ C0] call_timer_fn+0x16e/0x530 [ 375.062784][ C0] ? rose_start_t1timer+0xd0/0xd0 [ 375.067828][ C0] ? call_timer_fn+0xbf/0x530 [ 375.072534][ C0] ? __run_timers+0x7d0/0x7d0 [ 375.077487][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 375.082719][ C0] ? lockdep_hardirqs_on+0x98/0x150 [ 375.087939][ C0] ? rose_start_t1timer+0xd0/0xd0 [ 375.092978][ C0] __run_timers+0x52d/0x7d0 [ 375.097761][ C0] ? detach_timer+0x2b0/0x2b0 [ 375.102452][ C0] ? lock_chain_count+0x20/0x20 [ 375.107340][ C0] run_timer_softirq+0x67/0xf0 [ 375.112134][ C0] handle_softirqs+0x280/0x820 [ 375.117008][ C0] ? __irq_exit_rcu+0xc7/0x190 [ 375.121897][ C0] ? do_softirq+0x180/0x180 [ 375.126430][ C0] ? irqtime_account_irq+0xb6/0x1c0 [ 375.131660][ C0] __irq_exit_rcu+0xc7/0x190 [ 375.136263][ C0] ? irq_exit_rcu+0x20/0x20 [ 375.140780][ C0] irq_exit_rcu+0x9/0x20 [ 375.145031][ C0] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 375.150682][ C0] [ 375.153625][ C0] [ 375.156570][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 375.162748][ C0] RIP: 0010:raw_spin_rq_unlock_irq+0x13/0x90 [ 375.168752][ C0] Code: 0f 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 b2 51 0f 09 66 90 41 57 41 56 53 eb 11 e8 04 fa 18 09 e8 0f 33 2e 00 fb 5b <41> 5e 41 5f c3 f3 0f 1e fa 49 be 00 00 00 00 00 fc ff df 49 89 ff [ 375.188463][ C0] RSP: 0000:ffffc90003347b88 EFLAGS: 00000282 [ 375.194538][ C0] RAX: aab91117459bf100 RBX: ffff8880b8e3d188 RCX: aab91117459bf100 [ 375.202605][ C0] RDX: dffffc0000000000 RSI: ffffffff8aaaba40 RDI: ffffffff8afc6700 [ 375.210686][ C0] RBP: ffffc90003347d90 R08: ffffffff8e4a7daf R09: 1ffffffff1c94fb5 [ 375.218668][ C0] R10: dffffc0000000000 R11: fffffbfff1c94fb6 R12: dffffc0000000000 [ 375.226736][ C0] R13: ffff8880b8e3c440 R14: dffffc0000000000 R15: ffff8880b8e3d188 [ 375.234729][ C0] __schedule+0x171e/0x44d0 [ 375.239257][ C0] ? asan.module_dtor+0x20/0x20 [ 375.244119][ C0] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 375.250113][ C0] ? preempt_schedule_irq+0xaa/0x140 [ 375.255419][ C0] preempt_schedule_irq+0xb5/0x140 [ 375.260551][ C0] ? preempt_schedule_notrace+0x110/0x110 [ 375.266292][ C0] ? local_clock+0x20/0x20 [ 375.270729][ C0] ? rcu_irq_exit_check_preempt+0xdf/0x210 [ 375.276550][ C0] irqentry_exit+0x67/0x70 [ 375.280984][ C0] asm_sysvec_reschedule_ipi+0x1a/0x20 [ 375.286475][ C0] RIP: 0010:exit_to_user_mode_loop+0x40/0x110 [ 375.292574][ C0] Code: fb eb 1d e8 62 a0 fa 08 65 48 8b 05 1a 2d 91 7e 4c 8b 30 41 f7 c6 0e 30 02 00 0f 84 c4 00 00 00 e8 a5 6b 19 00 fb 41 f6 c6 08 <74> 05 e8 e9 cc 02 09 41 f7 c6 00 10 00 00 74 08 48 89 df e8 b8 e5 [ 375.312297][ C0] RSP: 0000:ffffc90003347f10 EFLAGS: 00000202 [ 375.318385][ C0] RAX: aab91117459bf100 RBX: ffffc90003347f58 RCX: aab91117459bf100 [ 375.326388][ C0] RDX: dffffc0000000000 RSI: ffffffff8aaaba40 RDI: ffffffff8afc6700 [ 375.334475][ C0] RBP: 0000000000000000 R08: ffffffff8e4a7daf R09: 1ffffffff1c94fb5 [ 375.342552][ C0] R10: dffffc0000000000 R11: fffffbfff1c94fb6 R12: 0000000000000000 [ 375.350536][ C0] R13: 0000000000000000 R14: 0000000000000008 R15: ffff8880210bbc00 [ 375.358529][ C0] exit_to_user_mode_prepare+0xb1/0x140 [ 375.364128][ C0] irqentry_exit_to_user_mode+0x9/0x40 [ 375.369694][ C0] asm_sysvec_call_function_single+0x1a/0x20 [ 375.375691][ C0] RIP: 0033:0x7fd92166e9b1 [ 375.380115][ C0] Code: 45 31 f6 44 0f b6 e6 85 c0 0f 84 9e 00 00 00 44 89 f9 49 8b 50 30 4c 89 f0 49 03 14 ca 80 3d fd 91 34 00 00 49 89 d6 48 89 d5 <74> 28 25 ff 0f 00 00 83 f0 3d 8d 04 c0 89 c5 c1 ed 04 31 c5 69 ed [ 375.399760][ C0] RSP: 002b:00007ffe04a61ac0 EFLAGS: 00000202 [ 375.405836][ C0] RAX: ffffffff813210a2 RBX: 00007fd9224e5720 RCX: 0000000000002270 [ 375.413819][ C0] RDX: ffffffff813aa13c RSI: ffffffff81321879 RDI: 0000000000000010 [ 375.421888][ C0] RBP: ffffffff813aa13c R08: 00007fd9219b6118 R09: 00007fd9219a2000 [ 375.429871][ C0] R10: 00007fd9207fd008 R11: 0000000000000010 R12: 0000000000000010 [ 375.437852][ C0] R13: 0000000000000000 R14: ffffffff813aa13c R15: 0000000000002270 [ 375.445840][ C0] ? unwind_get_return_address+0x1c/0xc0 [ 375.451493][ C0] ? unwind_get_return_address+0x1c/0xc0 [ 375.457150][ C0] ? arch_stack_walk+0x152/0x190 [ 375.462297][ C0] ? unwind_get_return_address+0x1c/0xc0 [ 375.467948][ C0] ? cacheinfo_amd_init_llc_id+0x289/0x3a0 [ 375.473766][ C0] [ 375.477059][ C0] Kernel Offset: disabled [ 375.481645][ C0] Rebooting in 86400 seconds..