last executing test programs: 46.658553679s ago: executing program 2 (id=369): creat(&(0x7f0000000ac0)='./file0\x00', 0x0) syz_open_dev$evdev(&(0x7f0000000080), 0x2, 0x842) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = socket$inet6(0xa, 0x3, 0x8000000003c) connect$inet6(r3, &(0x7f0000000080)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) sendmsg(r3, &(0x7f00000000c0)={0x0, 0x9504, &(0x7f0000000100)=[{&(0x7f0000000000)="2b10", 0xffbd}], 0x1, 0x0, 0x0, 0x2c}, 0x4) 45.664225617s ago: executing program 2 (id=370): syz_emit_ethernet(0x256, &(0x7f0000000780)=ANY=[@ANYBLOB="ffffffffffffffffffffffff86dd60b8192302200000fe8000000000000000000000000000aafe8000000000000000000000000000aa2c0800fd00000000fe8000000000000000000000000000bbfe80000000000000000000000000003eff010000000000001e0000000000000001fe80000000000000000000000000003c0012040907080000fe880000000000000000000000000160374a4d212e01fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000000000000000000000000000010000000000000000000000000000000120010000000000000000000000000000fe88000000000000000000000000000100000000000000000000000000000001ff010000000000000000000000000001ff0604030510ff7ffe88000000000000000000000000010100000000000000000000ffff7f000001000000000000000000000000000000ffff0e040708588100ff010000000000000000000000000001fc000000000000000000000000000000fc010000000000000000040000000001ff020000000000000000000000000001fe880000000000000000000000000001fe800000000000000000000000000035ff01000000000000000000000000000187020000000000000105000000000004018004011201060000000000000000001d000000000000000502000500000000060040e166000000330a0405de20860dfc010000000000000000000000000001fc02000000000000000000000000000100000000000000000000000000000000ff010000000000000000000000000001fc0200"/604], 0x0) capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff}) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) r0 = openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000001240), 0x0, 0x0) faccessat2(r0, &(0x7f00000000c0)='./cgroup\x00', 0x7, 0x1000) r1 = syz_clone(0x22180, 0x0, 0xa42f, 0x0, 0x0, 0x0) setfsgid(0xee00) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r2) mount(0x0, &(0x7f0000000140)='.\x00', &(0x7f0000000080)='proc\x00', 0x189, 0x0) r3 = syz_open_procfs(r1, &(0x7f0000000040)='stat\x00') pread64(r3, &(0x7f0000000140)=""/15, 0xf, 0x4) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f0000000200)={0x0, 0x0}) 45.42705308s ago: executing program 2 (id=371): r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x48283, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, 0x0) syz_usb_connect(0x5, 0x24, &(0x7f00000001c0)={{0x12, 0x1, 0x0, 0x43, 0x4e, 0xc, 0x20, 0x5215, 0x1103, 0xe3da, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0xfe, 0x0, 0x0, 0x8, 0x1, 0x1}}]}}]}}, 0x0) ioctl$TUNSETOFFLOAD(r0, 0x400454c9, 0xb) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, &(0x7f0000002140)={0x0, 0x0, 0xe16, 0x6}) accept4$packet(r1, &(0x7f00000020c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000002100)=0x14, 0xc0000) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/dev_mcast\x00') read$FUSE(r2, &(0x7f0000000080)={0x2020}, 0x2020) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x16, 0x4, &(0x7f00000021c0)=ANY=[@ANYBLOB="b452f61459d278fb8b10900000000000630000000000000095000000000000002f643a25458033ee26d88ccdbfd3fc18784a8efccc32d53a37e362bd51649a15"], 0x0, 0x5, 0xc3, &(0x7f0000002240)=""/195, 0x0, 0x0, '\x00', 0x0, @flow_dissector}, 0x94) sendmsg$tipc(r4, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0) recvmmsg(r3, &(0x7f00000003c0)=[{{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000540)=""/140, 0x8c}], 0x1}, 0xaad}], 0x1, 0x40000101, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000002380)=@generic={&(0x7f0000002340)='./file0\x00', 0x0, 0x10}, 0x18) 41.42429829s ago: executing program 2 (id=378): writev(0xffffffffffffffff, 0x0, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000003c0)='./bus\x00', 0xe, &(0x7f0000000240)={[{@resuid}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x1df}}, {@stripe}, {@noblock_validity}]}, 0x3, 0x451, &(0x7f0000000f80)="$eJzs3M2PU1UbAPDn3k6HlxdwRsQPPtRRNE78mGEAlYULNZq4wMREF7qczAwEKYxhxkQIUTAGV8aYuDcu/Rdc6cYYVyZudW9IiGEDuKq57b1MW9rCdFqq098vuXDOvedyztNzT3vuPS0BjKyp7I8kYntE/B4RE/Vsc4Gp+l/Xr55fuHH1/EIS1erbfyW1cteunl8oihbnbcsz02lE+lkSe9vUu3L23Mn5SmXpTJ6fXT31wezK2XPPnTg1f3zp+NLpg0eOHD409+ILB5/vS5xZm67t+Xh53+433vvqzaNfNMXfEkefTHU7+GS12ufqhmtHQzoZG2JDWJdSRGTdVa6N/4koxVrnTcTrnw61ccBAVavV6rbOhy9UgU0siea8IQ+jovigz+5/i611EvDy4KYfQ3fllfoNUBb39XyrHxmLNC9Tbrm/7aepiHj3wt/fZFsM5jkEAECTH7L5z7Pt5n9pPNBQ7p58bWgyIu6NiJ0RcV9E7IqI+yNqZR+MiIfWWX/rIsmt85/0ck+B3aFs/vdSvrbVPP8rZn8xWcpzO2rxl5NjJypLB/LXZDrKW7L8XJc6fnztty87HWuc/2VbVn8xF8zbcXlsS/M5i/Or8xuJudGVixF7xtrFn9xcCUgiYndE7OmxjhNPf7ev07Hbx99FH9aZqt9GPFXv/wvREn8h6b4+Ofu/qCwdmC2uilv98uultzrVv6H4+yDr//+3vf5vxj+ZNK7Xrqy/jkt/fN7xnqbX6388eaeWHs/3fTS/unpmLmI8OVpvdOP+g2vnFvmifBb/9P72439nrL0SeyMiu4gfjohHIuLRvO2PRcTjEbG/S/w/v/rE+73HP1hZ/Ivr6v+1xHi07mmfKJ386fumSidvif9G9/4/XEtN53vu5P3vTtrV29UMAAAA/z1pRGyPJJ25mU7TmZn69+V3RaSV5ZXVZ44tf3h6sf4bgckop8WTromG56Fz+W19PX8xIupfLSiOH8qfG39d2lrLzywsVxaHHTyMuG0dxn/mz9KwWwcMnN9rwegy/mF0Gf8wuox/GF1txv/WYbQDuPvaff5/MoR2AHdfy/i37AcjxP0/jK6O438z/88/QI3PfxhJK1vj9j+S75oo/qUeT9+0iSj/K5qx8UQ1adu5kQ67YRKDTAz3fQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKBf/gkAAP//qmHgTw==") mlock2(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file2\x00', 0x181) mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c}) chdir(&(0x7f0000000140)='./file0\x00') sync() r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4000010) r1 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x107b42, 0x32) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e24, @remote}, 0x10) write$binfmt_script(r1, &(0x7f00000000c0)={'#! ', './file1', [{0x20, '\x00'}, {0x20, '\x00'}, {0x20, 'noblock_validity'}]}, 0x20) 39.601270745s ago: executing program 2 (id=385): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000480)={0x73622a85, 0x1100, 0x40}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000bc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000300)={@flat=@weak_binder={0x77622a85, 0x100a, 0x8000000000}, @flat=@weak_binder={0x77622a85, 0x1100, 0x3}, @flat=@binder={0x73622a85, 0x0, 0x1}}, &(0x7f0000000200)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r0, 0x10000000000) poll(&(0x7f0000000180)=[{r1, 0x2188}], 0x1, 0x8001) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000004a40)={0x44, 0x0, &(0x7f00000049c0)=[@transaction={0x40406300, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 38.780869792s ago: executing program 2 (id=388): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000005e00)) sendmsg$NLBL_UNLABEL_C_STATICADD(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x8, 0x3000000000002, 0x0, 0x80}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) openat$mice(0xffffffffffffff9c, 0x0, 0x400000) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000180)={'vxcan0\x00'}) r2 = socket$can_bcm(0x1d, 0x2, 0x2) r3 = socket(0x1d, 0x2, 0x6) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000000)={'vxcan0\x00'}) bind$can_j1939(0xffffffffffffffff, &(0x7f0000000380)={0x1d, 0x0, 0x1, {0x0, 0x0, 0x1}, 0xfd}, 0x18) bind$can_j1939(r3, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000100)={'vxcan0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=@getchain={0x24, 0x11, 0x1, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, r4, {0x8}, {0x7, 0xf}, {0x0, 0xe}}}, 0x24}, 0x1, 0x0, 0x0, 0x44060}, 0x98) 38.375662025s ago: executing program 32 (id=388): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000005e00)) sendmsg$NLBL_UNLABEL_C_STATICADD(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x8, 0x3000000000002, 0x0, 0x80}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) openat$mice(0xffffffffffffff9c, 0x0, 0x400000) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000180)={'vxcan0\x00'}) r2 = socket$can_bcm(0x1d, 0x2, 0x2) r3 = socket(0x1d, 0x2, 0x6) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000000)={'vxcan0\x00'}) bind$can_j1939(0xffffffffffffffff, &(0x7f0000000380)={0x1d, 0x0, 0x1, {0x0, 0x0, 0x1}, 0xfd}, 0x18) bind$can_j1939(r3, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000100)={'vxcan0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=@getchain={0x24, 0x11, 0x1, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, r4, {0x8}, {0x7, 0xf}, {0x0, 0xe}}}, 0x24}, 0x1, 0x0, 0x0, 0x44060}, 0x98) 14.45437486s ago: executing program 1 (id=428): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000640)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd29, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x100, 0xe}}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x4}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000740)=@newtfilter={0x40, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r3, {0xfff5, 0x4}, {}, {0x8, 0xc}}, [@filter_kind_options=@f_matchall={{0xd}, {0xc, 0x2, [@TCA_MATCHALL_CLASSID={0x8, 0x1, {0x1, 0x3}}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x20000010}, 0x20000000) r4 = openat$tun(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) close(r4) socket$unix(0x1, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r5 = socket$kcm(0x11, 0x3, 0x0) setsockopt$sock_attach_bpf(r5, 0x107, 0xf, &(0x7f0000000600), 0x56) sendmsg$kcm(r5, &(0x7f00000000c0)={&(0x7f0000000500)=@xdp={0x2c, 0x0, r3, 0xc}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000180)="27030200590214000600002fb96dbcf706e10500000086ddffff1144ee163cd4b8bf", 0x22}, {&(0x7f0000000c00)="4307ed2e", 0x4}], 0x2}, 0x4) 13.733449841s ago: executing program 1 (id=439): sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) getpid() connect$unix(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) mount(&(0x7f0000000300), 0x0, 0x0, 0x2200892, 0x0) read$FUSE(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_buf(r0, 0x0, 0x8008000000010, 0x0, 0x0) r1 = socket$igmp(0x2, 0x3, 0x2) ioctl$sock_inet_SIOCSARP(r1, 0x8955, &(0x7f0000000a80)={{0x2, 0x4e23, @empty}, {0x0, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}, 0x4a, {0x2, 0x0, @rand_addr=0x64010101}, 'lo\x00'}) ioctl$sock_inet_SIOCSARP(r1, 0x8955, &(0x7f00000002c0)={{0x2, 0x0, @multicast1}, {0x0, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x32}}, 0x8, {0x2, 0x0, @empty}, 'lo\x00'}) r2 = socket$netlink(0x10, 0x3, 0x0) writev(r2, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1) 13.024133392s ago: executing program 0 (id=432): syz_mount_image$exfat(&(0x7f0000000280), &(0x7f0000001900)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x14090, &(0x7f0000001800)=ANY=[@ANYRES32=0x0, @ANYRESHEX, @ANYRESOCT=0x0, @ANYRESHEX, @ANYRES32], 0xfd, 0x1501, &(0x7f00000002c0)="$eJzs3Am4T1X3OPC19t6H62b4JpnP2uvwTYZNkoSSZEiSJCRzQpIkSZK4ZEpCEjLeJHPInG665nnInHTzSpIkJCTZ/+c2/P16h5/3fX/9/vq/d32e5zz2cs7aZ+27nu89w/Pc79ddh1VvVKNKfWaGf4f+bYC//JMEAAkAMBAAcgBAAABlc5bNmb4/i8akf+sk4n9JgxlXugJxJUn/Mzbpf8Ym/c/YpP8Zm/Q/Y5P+Z2zS/4xN+i9EhjYr39WyZdxN3v//f079T5Ll+p8h4D/aIf3/T6P/paOl/xmb9D9jk/5nbNL/jCy40gWIK0w+/xmb9F+IDO0Pf6e84dyVfqct27+wCSGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQ/w+c85cYAPhtfKXrEkIIIYQQQgghxB/Hv3ulKxBCCCGEEEIIIcT/PgQFGgwEkAkyQwJkgUS4CrJCNsgOOSAGV0NOuAZywbWQG/JAXsgH+aEAFIQQCCwwRFAICkMcroMicD0UhWJQHEqAg5JQCm6A0nAjlIGboCzcDOXgFigPFX4+Z7rboTLcAVXgTqgK1aA61IC7oCbcDbXgHqgN90IduA/qwv1QDx6A+tAAGsKD0AgegsbQBJpCM2gOLaDlZfKTc/y9/OehB7wAPaEXJEFv6AMvQl/oB/1hAAyEl2AQvAyD4RUYAkNhGLwKw+E1GAGvw0gYBaPhDRgDY2EcjIcJMBGS4U2YBG/BZHj7oWwwFabBdJgBM2EWvAOzYQ7MhXdhHsyHBZCcZREshiXwHiyF9yEFPoBl8CGkwnJYASthFayGNbAW1sF62AAbYRNshi2wFbbBR7AddsBO2AW7YQ/shY9hH3wC++FTSMPP/sX8s7/Ph24ICKhQoUGDmTATJmACJmIiZsWsmB2zYwxjmBNzYi7MhbkxN+bFvJiE+bEgFkRCQkbGQlgI4xjHIlgEi2JRLI7F0aHDUlgKS+ONWAbLYFksi+WwHJbHClgBb8VbsRJWwspYGatgFayKVbE6Vse78C68G2thLayNtbEO1sG6WBfrYT2sj/WxITbERtgIG2NjbIpNsTk2x5bYElthK2yNrbEttsV22A7bY3vsgB2wI3bETtgJO2Nn7IJdsCt2xW74HD6Hz+Pz+AK+gL2wquqNfbAP9sW+2B8H4AB8CQfhy/gyvoJDcCgOw1fxVXwNR+AZHImjcDSOxkpqLI7D8chqIiZjMmaGSTgZJ+MUnIpTcTrOwJk4C2fhbJyDc/BdnIfzcT4uxIW4GJfgElyK72MKpuAyPIupuBxX4EpchatxFa7FdbgWN+BG3ICbcTNuxa34EX6EO3AH7sJduAf34Mf4MX6Cn+AQTMM0PIAH8CAexEN4CA/jYTyCR/AoHsVjeAyP43E8gSfxFJ7E03gaz+BZPAcA5/E8XsALeBEvpn/4VTqjjMqkMqkElaASVaLKqrKq7Cq7iqmYyqlyqlwql8qtcqu8Kq/Kr/KrgqqgIkWKVaQKqUIqruKqiCqiiqqiqrgqrpxyqpQqpUqr0qqMKqPKqptVOXWLKq8qqDbuVnWrqqTausrqDlVFVVFVVTVVXdVQNVRNVVPVUrVUbVVb1VF1VF11v6qnemN/bKDSO9NIDcXGahg2Vc1Uc9VCvYYPq1ZqBLZWbVRb9agahSOxvWrlOqgnVEc1Djupp9R4fFp1UROxq3pWdVPPqe7qedVDtXY9VS81BXurPmo69lX9VH81QM3Gaiq9Y9XVK+r5zEPVMPWqWoyvqRHqdTVSjVKj1RtqjBqrxqnxaoKaqJLVm2qSektNVm+rKWqqmqamqxlqppql3lGz1Rw1V72r5qn5aoFaqBapxWqJek8tVe+rFPWBWqY+VKlquVqhVqpVarVao9aqdWq92qA2qk1qs9qitqpt6iO1Xe1QO9UutVvtUXvVx2qf+kTtV5+qNPWZOqD+og6qz9Uh9YU6rL5UR9RX6qj6Wh1T36jj6lt1Qp1Up9R36rT6Xp1RZ9U59YM6r35UF9RP6qLyCjRqpbU2OtCZdGadoLPoRH2Vzqqz6ew6h47pq3VOfY3Opa/VuXUendfk0/l1AV1Qh5q01awjXUgX1nF9nS6ir9dFdTFdXJfQTpfUpfQNurS+UZfRN+my+mZdTt+iy+sKuqIHfZuupG/XlfUduoq+U1fV1XR1XUPfpWvqu3UtfY+ure/VdfR9uq6+X9fTD+j6uoFuqB/UjfRDurFuopvqZrq5bqFb6od1K/2Ibq3b6Lb6Ud1OP6bb68d1B/2E7qif1J30U7qzflp30c/orvpZ3U0/p7vrn/RF7XVP3Usn6d66j35R99X9dH89QA/UL+lB+mU9WL+ih+iheph+VQ/Xr+kR+nU9Uo/So/Ubeoweq8fp8XqCnqiT9Zt6kn5LT9Zv6yl6qp6mp+sZeqbu/+tMc/+J/Lf+Tv7gn8++VW/TH+nteofeqXfp3XqP3qv36n16n96v9+s0naYP6AP6oD6oD+lD+rA+rI/oI/qoPqqP6WP6uD6uT+iT+gf9nT6tv9dn9Fl9Vv+gz+vz+sKvPwMwaJTRxpjAZDKZTYLJYhLNVSaryWaymxwmZq42Oc01Jpe51uQ2eUxek8/kNwVMQRMaMtawiUwhU9jEzXWmiLneFDXFTHFTwjhT0pQyN/yP8y9XX0vT0rQyrUxr09q0NW1NO9POtDftTQfTwXQ0HU0n08l0Np1NF9PFdDVdTTfTzXQ33U0P08P0ND1NkkkyfcyLpq/pZ/qbAWageckMMoPMYDPYDDFDzDAzzAw3w80IM8KMNCPNaDPajDFjzDgzzkwwE0yyz2EmmUlmsplsppgpZtrAHGaGmWFmmVlmtplt5pq5Zp6ZZxaYBWaRWWSWmCVmqVlqUkyKWWaWmVSz3Cw3K81Ks9qsNmvNWrPerDcbzUaz2Ww2qWab2Wa2m+1mp9lpdpvdZq/Za/aZfWa/2W/STJo5YA6Yg+agOWQOmcPmsDlijpij5qg5Zo6Z4+a4OWFOmFPmlDltTpsz5ow5Z86Z8+a8uWAumIvmYvptX6ACFZjABJmCTEFCkBAkBolB1iBrkD3IHsSCWJAzyBnkCq4Ncgd5grxBviB/UCAoGIQBBTbgIAoKBYWDeHBdUCS4PigaFAuKByUCF5QMSgU3BKWDG4MywU1B2eDmoFxwS1A+qBBUDG4NbgsqBbcHlYM7girBnUHVoFpQPagR3BXUDO4OagX3BLWDe4M6wX1B3eD+oF7wQFA/aBA0DB4MGgUPBY2DJkHToFnQPGgRtPxD5/f+TJ5HXM+wV5gU9g77hC+GfcN+Yf9wQDgwfCkcFL4cDg5fCYeEQ8Nh4avh8PC1cET4ejgyHBWODt8Ix4Rjw3Hh+HBCODFMDt8MJ4VvhZPDt8Mp4dRwWjA9nBHODGeF74Szwznh3PDdcF44P1wQLgwXhYtD/OWWGFLCD8Jl4Ydharg8XBGuDFeFq8M14dpwXbg+3BBuDDeFm8sO+uXQcHu4I9wZ7gp3h3vCveHH4b7wk3B/+GmYFn4WHgj/Eh4MPw8PhV+Eh8MvwyPhV+HR8OvwWPhNeDz8NjwRngxPhd+Fp8PvwzPh2fBc+EN4PvwxvBD+FF4MffrNffrlnQwZykSZKIESKJESKStlpeyUnWIUo5yUk3JRLspNuSkv5aX8lJ8KUkFKx8RUiApRnOJUhIpQUSpKxak4OXJUikpRaSpNZagMlaWyVI7KUXkqTxWpIt1Gt9HtdDvdQXfQnXQnVaNqVINqUE2qSbWoFtWm2lSH6lBdqkv1qB7Vp/rUkBpSI2pEjakxNaWm1JyaU0tqSa2oFbWm1tSW2lI7akftqT11oA7UkTpSJ+pEnakzdaEu1JW6UjfqRt2pO/WgHtSTelISJVEf6kN9qS/1p/40kAbSIBpEg2kwDaEhNIyG0XAaTiNoBI2kUTSa3qAxNJbG0XiaQBMpmZJpEk2iyTSZptAUmkbTaAbNoFk0i2bTbJpLc2kezaMFtIAW0SJaQktoKS2lFEqhZbSMUimVVtAKWkWraA2toXW0jjbQBtpEm2gLbaFttI2203baSTtpN+2mvbSX9tE+2k/7KY3S6AAdoIN0kA7RITpMh+kIHaGjdJSO0TE6TsfpBJ2gU3SKTtNpOkNn6Bydo/P0I12gn+gieUqwWWyivcpmtdlsdpvD/nWc1+az+W0BW9CGNrfN87uYrLVFbTFb3Jawzpa0pewNfxOXtxVsRXurvc1Wsrfbyra8zQL/Na5p77a17D22tr3X1rB3/S6uY++zde1Dtp5tYuvbZrahbWEb2YdsY9vENrXNbHPbwrazj9n29nHbwT5hO9on/yZeat+36+x6u8FutPvsJ/ac/cEetV/b8/ZH29P2sgPtS3aQfdkOtq/YIXbo72MAO9q+YcfYsXacHW8n2Il/E0+z0+0MO9POsu/Y2XbO38RL7Ht2nk2xC+xCu8gu/jlOrynFfmCX2Q9tql1uV9iVdpVdbdfYtf+31pV2s91it9q99mO73e6wO+0uu9vu+TlOX8d++6lNs5/ZI/Yre9B+bg/ZY/aw/fLnOH19x+w39rj91p6wJ+0p+509bb+3Z+zZn9efvvbv7E/2ovUWGFmxZsMBZ+LMnMBZOJGv4qycjbNzDo7x1ZyTr+FcfC3n5jycl/Nxfi7ABTlkYsvMERfiwhzn67gIX89FuRgX5xLsuCSX4hu4NN/IZfgmLss3czm+hctzBa7It/JtXIlv58p8B1fhO7kqV+PqXIPv4pp8N9fie7g238t1+D6uy/dzPX6A63MDbsgPciN+iBtzE27Kzbg5t+CW/DC34ke4Nbfhtvwot+PHuD0/zh34Ce7IT3Infoo789PchZ/hrvwsd+PnuDs/zz34Be7JvTiJe3MffpH7cj/uzwN4IL/Eg/hlHsyv8BAeysP4VR7Or/EIfp1H8igezW/wGB7L43g8T+CJnMxv8iR+iyfz2zyFp/I0ns4zeCbP4nd4Ns/hufwuz+P5vIAX8iJezEv4PV7K73MKf8DL+ENO5eW8glfyKl7Na3gtr+P1vIE38ibezFt4K2/jj3g77+CdvIt38x7eyx/zPv6E9/OnnMaf8QH+Cx/kz/kQf8GH+Us+wl/xUf6aj/E3fJy/5RN8kk/xd3yav+czfJbP8Q98nn/kC/wTX2TPEGGkIh2ZKIgyRZmjhChLlBhdFWWNskXZoxxRLLo6yhldE+WKro1yR3mivFG+KH9UICoYhRFFNuIoigpFhaN4dF1UJLo+KhoVi4pHJSIXlYxKRTdEpaMbozLRTVHZ6OaoXHRLVD6qEFWMbo1uiypFt0eVozuiKtGdUdWoWlQ9qhHdFdWM7o5qRfdEtaN7ozLRfVHd6P6oXvRAVD9qEDWMHowaRQ9FjaMmUdOoWdQ8ahG1jB6OWkWPRK2jNlHb6NGoXfRY1D56POoQPRF1jJ68tL9Y8MvV9K/2J0W9I/3rG7J79KL44viS+HvxpfH34ynxD+LL4h/GU+PL4yviK+Or4qvja+Jr4+vi6+Mb4hvjm+Kb41viW+Pe18gMDtMfhMG4wGVymV2Cy+IS3VUuq8vmsrscLuaudjndNS6Xu9bldnlcXpfP5XcFXEEXOnLWsYtcIVfYxd11roi73hV1xVxxV8I5V9KVci1cS9fStXKPuNaujWvrHnWPusfcY+7xhF8Ld53cU66ze9p1cc+4Z9yzrpt7znV3z7se7gXX0/VySS7J9XF9XF/X1/V3/d1AN9ANcoPcYDfYDXFD3DA3zA13w90IN8KNdCPdaDfajXFj3Dg3zk1wE1yyS3aT3CQ32U12U9wUN81NczPcDDfLzXKz3Ww3181189w8t8AtcIvcIrfELXFL3VKX4lLcMrfMpbpUt8KtcKvcKrfGrXHr3Dq3wW1wm9wmt8VtcdvcNrfdbXc73U632+12e91et8/tc/vdfpfm0twBd8AddAfdIfeFO+y+dEfcV+6o+9odc9+44+5bd8KddKec16fd9+6MO+vOuR/cefeju+B+chedd8mxN2OTYm/FJsfejk2JTY1Ni02PzYjNjM2KvRObHZsTmxt7NzYvNj+2ILYwtii2OLYk9l5saez9WErsg9iy2Iex1Njy2IrYytiq2OqY9wW2R76QL+zj/jpfxF/vi/pivrgv4Z0v6Uv5G3xpf6Mv42/yZf3Nvpy/xZf3FXxF38Q39c18c9/Ct/QP+1b+Ed/at/Ft/aO+nX/Mt/eP+w7+Cd/RP+k7+ad8Z/+07+Kf8V39s/N/7bLv4V/wPX0vn+R7+z7+Rd/X9/P9/QA/0L/kB/mX/WD/ih/ih/ph/lU/3L/mR/jX/Ug/yo/2b/gxfqwf58f7CX6iT/Zv+kn+LT/Zv+2n+Kl+mp/uZ/iZfpZ/x8/2c/xc/66f5+f7BX6hX+QX+yX+Pb/Uv+9T/Ad+mf/Qp/rlfoVf6Vf51X6NX+vX+fV+g9/oN/nNfovf6rf5j/x2v8Pv9Lv8br/H7/Uf+33+E7/ff+rT/Gf+gP+LP+g/94f8F/6w/9If8V/5o/5rf8x/44/7b/0Jf9Kf8t/50/57f8af9ef8D/68/9Ff8D/5i/I3a0IIIYQQ/xR9mf29/87/qV+3dH0AINuOfIf/es5NuX8Z91P7OsYA4IleXRv8tjVokJSU9OuxqRqCwgsBIHYp/+fvH/g1Xg5t4THoAG2g9N+tr5+q+PN93383f/xmgESALL/lpD8eJcJfz3/jP5i/yXt8ufkXAhQtfCkn/US/xZfmL/MP5t/T7jLzZ/k8GaD1f8nJCpfiS/OXgkfgSejwuyOFEEIIIYQQQohf9FPnu13u+Tb9+Ty/uZSTGS7Fl3s+v4zKf8QahBBCCCGEEEII8d97+rnujz/coUObzv/Jg8x/jjL+BAMEgD9BGTL48w+u9G8mIYQQQgghxB/t0k3/la5ECCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYTIuP79bwhT//TBV3qNQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghxJX2fwIAAP//5g1V0w==") prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0xf32}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeea, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42032, 0xffffffffffffffff, 0x0) syz_usb_connect$hid(0x59c7271563034cba, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x103042, 0x0) mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1) 12.024036479s ago: executing program 1 (id=434): sendmsg$NL80211_CMD_GET_KEY(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)={0x1c, 0x0, 0x200, 0x70bd2c, 0x25dfdbfc, {{}, {@val={0x8}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x41) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) pipe2$9p(0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'pim6reg\x00'}) socket$nl_route(0x10, 0x3, 0x0) syz_open_procfs(0x0, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_SEND(0xffffffffffffffff, 0xc0502103, 0x0) r1 = syz_usb_connect(0x0, 0x62, 0x0, 0x0) syz_usb_control_io$rtl8150(r1, &(0x7f0000000180)={0x14, 0x0, 0x0}, 0x0) r2 = syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000001240)='./file0\x00', 0x1014552, &(0x7f0000000b40)=ANY=[], 0x0, 0x121f, &(0x7f0000002280)="$eJzs3E1rXFUYB/An6Uva1LyotdqCeNCNboYmCze6MEgK0gGlbYRWEG7NjQ5znRnmDoERMXXl1s8hggjuBHGnm2z8BoK7bFxWEK/MjJ10ZAQj0inN77e5D5z7h3Pm3rM4hzn34NXPP2zulLWdrBfzc3Mx34lId1OkmI977sRLr/zw47PXb966ulGvb15L6crGjbWXU0rLz333zsdfPv9979zb3yx/uxD7q+8e/Lr+y/6F/YsHf9z4oFGmRpla7V7K0u12u5fdLvK03SibtZTeKvKszFOjVebdifadot3p9FPW2l5a7HTzskxZq5+aeT/12qnX7afs/azRSrVaLS0tBkd3clxtfXG3qqqIqjoVp6OqqupsLMa5eCyWYjlWYjUejyfiyTgfT70W8XQ8E1///FV/kAAAAAAAAAAAAAAAAAAAAAD+P//6/H9cGJ7/vzi8a9a9BgAAAAAAAAAAAAAAAAAAgEfL9Zu3rm7U65vXUjoTUXy2u7W7NbqO2jd2ohFF5HE5VuL3GJ7+HxnVV96ob15OQ6vxabE3yO9FxO7Wicn82vBzAlPza6N8upePGFwXYvH+/HqsxPnp+fWp+TPx4gv35WuxEj+9F+0oYjsG2cP8J2spvf5m/W/5S8P7AAAA4FFQS2Ork+vfEzFebe9Nax/lp+8PnJq2PzCxvh5kL52c8eCJsv9RMyuKvHtsi/hPqbMR8aC7enq2P9RvVVU9BM9rNsU/z5SFwzdh6civxFxEDIq/ZuOdh2Ck43nBMXD40GfdEwAAAAAAAAAAAI7iQfydcNZjBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA/2YFjAQAAAABh/tZpdGwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAVwEAAP//UE/SpQ==") r3 = openat(r2, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) ioctl$VFAT_IOCTL_READDIR_BOTH(r3, 0x82307201, &(0x7f0000000f40)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) 11.506247339s ago: executing program 3 (id=436): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000440)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cipher_null\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) r2 = dup(r1) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0, 0xffffffffffffff2c}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r3 = io_uring_setup(0x4fef, &(0x7f0000000040)={0x0, 0xc8df, 0xc000, 0xa, 0x20002f7}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000093c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@deltfilter={0x24, 0x2d, 0x10, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x1}, {0xe}, {0xe, 0x5}}}, 0x24}, 0x1, 0x0, 0x0, 0x40005}, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3, &(0x7f0000000000)=0x6, 0x4) r4 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r4, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8) io_uring_enter(r3, 0x2219, 0x7721, 0x16, 0x0, 0x0) fcntl$setstatus(r1, 0x4, 0x2c00) syz_genetlink_get_family_id$ipvs(&(0x7f0000000140), r2) 10.716571045s ago: executing program 4 (id=437): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) syz_pidfd_open(r0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0x8, &(0x7f0000000dc0)=ANY=[@ANYBLOB="7a0af8ff7525707cbfa100000000000007010000f8ffffffb702000005000000bf130000000000008500000006000000b700000000000000950000ff00000000b2595285faa6ead0169191d54f8196217fc563e2fc91f6da4dad4fdc2eb1b5986fc4a3f611a7c80000040000000000b1a297cfddd73f30f2382f6cda4bfdd45be583823c0f092248a57d48621f3c1c65ee19ee875daf45006a4c4ea5e15b2f9618d547244a22000000000800db583620ce7243d1ae9f2cfe401dbef6619358399aa9c2acd068c03efefd8bc77edf2d34b12cd48a1b20fb7dd843267e0331759f4ec6b5b0af58e604f494eff289026d5045ef08000000000000007718a09f4800afc26abba34635d0e8b598a51bc742135a6e1d33fe226c944bc70bb30d435aa8b5202db761014b1b999a12df6bee431a6681000000263b6233e1c0fe30e384c3cb07b74a72291a1a2b523dd81b6651b1ee48e999bb004823ebcd8c65743f31f84b263ab9b3426692f01ad194f302d7a658e90000000001000000b6b2f25ddb8c640ab321a402058c9221b6870814cf4ee23ddb79fff5eb156e0a000000000000f2bd1d4a178d86d6935eb8b75bc4eb680d10e8b6a54c5c5b011cf63ff76622939a20d4aadf85db40179c2cf83ee07e30a279d8f9f3bc282deb53a03409f8e6972f3f720d045923702cede0f3e91411f3f1b16f065624f280a7dcce8db910f93c49b9e0aa390d0da6972ed719d7e0efb2bb713d1890e317c8de105c3933fd5d5bf38f6b9fc39fc829dcfe4af8ac5fbb7314a7a433e0182767d1376eda2b9c66200349e62d4d0ab1a1dc51907c9800000000"], &(0x7f0000000100)='GPL\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r3, 0x200000e, 0xe, 0x55, &(0x7f0000000140)="a06ad876d56a0064d082778c3938", &(0x7f0000000380)=""/85, 0x600, 0x4000000}, 0x28) bpf$PROG_LOAD(0x5, 0x0, 0x0) 10.491909787s ago: executing program 3 (id=438): openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_RECVMSG={0xa, 0x34, 0x3, 0xffffffffffffffff, 0x0, &(0x7f00000010c0)={0x0, 0x0, &(0x7f0000000240)}, 0x0, 0x40000000}) r1 = syz_io_uring_setup(0x487, &(0x7f0000000100)={0x0, 0x59c4, 0x80, 0x1000, 0xc1}, &(0x7f0000000080)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x0, &(0x7f0000000740)=[{0x0}], 0x1) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000000200)=[{0x30, 0x4, 0x0, 0x2}]}, 0x8) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_EPOLL_CTL=@add={0x1d, 0x0, 0x0, 0xffffffffffffffff, 0x0, r1}) io_uring_enter(r1, 0x749f, 0x4, 0x0, 0x0, 0xfffffffffffffef5) 8.52294573s ago: executing program 0 (id=440): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket(0x2, 0x805, 0x0) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000100)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x4e20, @rand_addr=0x64010102}]}, &(0x7f00000007c0)=0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x1d, &(0x7f0000000480)={0x1, [0x0]}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp_SCTP_ASSOCINFO(r3, 0x84, 0x1, &(0x7f00000000c0)={r4, 0x2, 0x200, 0x80000000, 0x6, 0x8}, &(0x7f00000001c0)=0x14) 8.522491511s ago: executing program 4 (id=441): prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r3, &(0x7f0000000100)='X', 0x1, 0x20008040, &(0x7f000005ffe4)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @private=0xa010100}, 0x4}, 0x1c) setsockopt$inet_sctp6_SCTP_EVENTS(r3, 0x84, 0xb, &(0x7f0000000040)={0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd, 0x88, 0x1, 0x0, 0x3}, 0xe) shutdown(r3, 0x1) setsockopt$inet_sctp6_SCTP_RECVRCVINFO(r3, 0x84, 0x20, &(0x7f00000000c0)=0x8a7, 0x4) recvmmsg(r3, &(0x7f0000000840)=[{{0x0, 0x41, 0x0}}], 0x414, 0x406, 0x0) 8.486144022s ago: executing program 1 (id=442): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x2802, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, r2, {0x0, 0x1}, {0xffff, 0xffff}, {0xffe0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000004c0)=@newtfilter={0x5c, 0x2c, 0xf3f, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r2, {0xb, 0x4}, {}, {0x7, 0x300}}, [@filter_kind_options=@f_basic={{0xa}, {0x2c, 0x2, [@TCA_BASIC_EMATCHES={0x28, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x1}}, @TCA_EMATCH_TREE_LIST={0x1c, 0x2, 0x0, 0x1, [@TCF_EM_CMP={0x18, 0x1, 0x0, 0x0, {{0x6, 0x1, 0xff82}, {0x0, 0x3, 0x78, 0x4, 0x3, 0x0, 0x2}}}]}]}]}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x20041090}, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) r4 = socket$kcm(0x11, 0x3, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r5) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(r4, &(0x7f00000000c0)={&(0x7f0000000440)=@xdp={0x2c, 0x7, r6, 0x4003e}, 0x80, &(0x7f0000000380)=[{&(0x7f00000002c0)="a2", 0x5dc}], 0x1}, 0x4) 8.485662142s ago: executing program 3 (id=443): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x50) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xb}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x2}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x84}, 0x0) socket(0x400000000010, 0x3, 0x0) r4 = socket(0x400000000010, 0x3, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtfilter={0x84, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r6, {0xffe0, 0xfff1}, {}, {0x8, 0xf}}, [@filter_kind_options=@f_matchall={{0xd}, {0x50, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_gact={0x48, 0x1, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x9, 0x400, 0x20000008, 0x6, 0x7}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x3}}}}]}]}}]}, 0x84}, 0x1, 0x0, 0x0, 0x20000010}, 0x4040) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r7, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=@newtaction={0xd8, 0x30, 0xffff, 0x0, 0x0, {}, [{0xc4, 0x1, [@m_police={0x6c, 0x1, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0xfffffffe, 0x0, 0x0, 0x0, 0x0, {}, {0x0, 0x1}}}]]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}, @m_gact={0x54, 0x2, 0x0, 0x0, {{0x9}, {0x28, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x9, 0x6, 0xfffffffffffffffc, 0x57d, 0x3}}, @TCA_GACT_PROB={0xc, 0x3, {0x1, 0x18a0, 0x6}}]}, {0x9495838e73e14d0d}, {0xc, 0x3}, {0xc}}}]}]}, 0xd8}}, 0x0) 7.224045065s ago: executing program 0 (id=444): r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000000)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f00000002c0)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x24008800) socket$nl_generic(0x10, 0x3, 0x10) socket$inet_tcp(0x2, 0x1, 0x0) ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f00000000c0)={0xc}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(0xffffffffffffffff, 0x3ba0, 0x0) connect$bt_sco(r0, &(0x7f0000000000)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}}, 0x8) 6.945223181s ago: executing program 4 (id=445): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000005c0)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x4003, 0x3, 0x6361, 0x7, 0xffffffff, 0x3}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000440)=@newqdisc={0x30, 0x24, 0x4ee4e6a52ff56541, 0x70b928, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xd}, {0xffff, 0xb}, {0xffff, 0xffe0}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x240040e0}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) ioctl$TUNSETVNETLE(r0, 0x400454dc, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r6 = socket$packet(0x11, 0x3, 0x300) sendto$packet(r6, &(0x7f00000000c0)="800000800000210ee7decd7a0000", 0xe, 0x48d4, &(0x7f00000001c0)={0x11, 0x8, r5, 0x1, 0xd8, 0x6, @broadcast}, 0x14) 6.278605989s ago: executing program 3 (id=446): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = getpgrp(0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r3 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000440)) 4.88468847s ago: executing program 0 (id=447): add_key(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe) mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x1) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x80, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f0000006300)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0x34014c40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}}, 0x50) syz_fuse_handle_req(r0, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000001d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20, 0x0, 0x0, {0x0, 0x1a}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x80101, 0x101) dup2(r2, r0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff0000/0xd000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000fec000/0x14000)=nil, &(0x7f0000fe9000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffe000/0x1000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r3 = io_uring_setup(0x1c79, &(0x7f0000000040)={0x0, 0xc8a0, 0xc000, 0x8, 0x23}) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x17, 0x3, 0x0, 0x0, 0x8000000, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) io_uring_enter(r3, 0x2219, 0x7721, 0x16, 0x0, 0x0) 4.88203049s ago: executing program 3 (id=448): prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000340)=0x5) prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) setrlimit(0xf, &(0x7f0000000000)={0x0, 0xffffffffffffffff}) syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) 4.8805547s ago: executing program 1 (id=449): syz_clone(0x8021000, 0x0, 0x0, &(0x7f0000000100), 0x0, 0x0) openat$cuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) socket$can_raw(0x1d, 0x3, 0x1) socket$nl_netfilter(0x10, 0x3, 0xc) openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) socket$kcm(0x2, 0xa, 0x2) socket$inet(0x2, 0x4000000000000001, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) r0 = syz_open_dev$dri(&(0x7f0000000440), 0x1, 0x48240) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000040)={&(0x7f0000000100)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000180)={0x1, 0x1, &(0x7f00000000c0)=[r1], &(0x7f0000000180), &(0x7f0000000200), &(0x7f00000001c0)=[0x7fffffff], 0x0, 0x4}) 4.557016559s ago: executing program 1 (id=450): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x284402, 0x0) close(r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000300)) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r2) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)) ioctl$SIOCSIFHWADDR(r2, 0x8943, &(0x7f0000002280)={'syzkaller0\x00', @random="0100"}) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r3) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)) ioctl$SIOCSIFHWADDR(r3, 0x8943, &(0x7f0000002280)={'syzkaller0\x00', @random="200000000102"}) 4.555406529s ago: executing program 4 (id=451): r0 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r0, &(0x7f0000000080)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10) r1 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r1, &(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{0x42}}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000040)={0x42, 0x0, 0x3}, 0x10) r2 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000180)={0x42}, 0x10) sendmsg$tipc(r2, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) setsockopt$TIPC_DEST_DROPPABLE(r2, 0x10f, 0x81, &(0x7f0000000000), 0x4) r3 = dup3(r1, r2, 0x0) sendmsg$tipc(r1, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) setsockopt$TIPC_GROUP_LEAVE(r3, 0x10f, 0x88) r4 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000040)={0x42}, 0x10) bind$tipc(r0, 0x0, 0x0) 4.466881574s ago: executing program 0 (id=452): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000006c0)=ANY=[@ANYBLOB="800000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c000280050001000000000008000740000000011c00108008000140000000000800024000000000080003"], 0x80}}, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)={0x38, 0x3, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x38}}, 0x0) 4.268152065s ago: executing program 4 (id=453): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x10) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$sock_linger(r3, 0x1, 0x3c, &(0x7f0000000100)={0x200000000000001}, 0x8) connect$inet6(r3, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback={0xff00000000000000}, 0x2000400}, 0x1c) sendmmsg$inet6(r3, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x176}}], 0x400000000000172, 0x4000000) 3.263978473s ago: executing program 4 (id=454): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000500), 0x40, 0x0) close(r1) socket$packet(0x11, 0x2, 0x300) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x0, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xb}, {0xffff, 0xffff}, {0xb}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0xa, 0x7f61, 0xfffffffd, 0xc5, 0xe23, 0x1, 0x1, 0x7fff, 0x1}}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x20008001}, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newqdisc={0x30, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x80000, {0x0, 0x0, 0x0, r5, {0x0, 0x7}, {0xffe6, 0xb}, {0xfff2, 0x3}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x2000c061}, 0x4048080) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r7 = socket$packet(0x11, 0x3, 0x300) sendto$packet(r7, &(0x7f0000000380)="c1858aec1d0a06756f6608f23687", 0xe, 0x24080000, &(0x7f0000000240)={0x11, 0x19, r6, 0x1, 0x5, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}, 0x14) 3.203956806s ago: executing program 0 (id=455): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) socket$inet6(0xa, 0x80001, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r2 = socket$unix(0x1, 0x1, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000740)=@newqdisc={0x68, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x12, {0x0, 0x0, 0x0, r4, {0x0, 0xb}, {0xffff, 0xffff}, {0x0, 0xfff1}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x3c, 0x2, [@TCA_TBF_PBURST={0x8, 0x7, 0xb86}, @TCA_TBF_PARMS={0x28, 0x1, {{0xa, 0x2, 0xffff, 0x7, 0xcc, 0x3}, {0x0, 0x1, 0x7, 0x8, 0x7f, 0x9}, 0xa6, 0x7, 0x1bb6}}, @TCA_TBF_BURST={0x8, 0x6, 0x7f}]}}]}, 0x68}, 0x1, 0x0, 0x0, 0x4048000}, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000080)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56547, 0x70bd2a, 0x25dfdc01, {0x0, 0x0, 0x0, r6, {0x0, 0x9}, {0x1b, 0xb}, {0xffff, 0xffe0}}, [@qdisc_kind_options=@q_skbprio={{0xc}, {0x8}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4044060}, 0x4010) r7 = socket$packet(0x11, 0x3, 0x300) sendto$packet(r7, &(0x7f00000005c0)="bad330fbc9b55400040000ea0756", 0xe, 0x40, &(0x7f00000001c0)={0x11, 0x88a8, r6, 0x1, 0xd8, 0x6, @multicast}, 0x14) 0s ago: executing program 3 (id=456): syz_clone(0x8021000, 0x0, 0x0, &(0x7f0000000100), 0x0, 0x0) openat$cuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) socket$can_raw(0x1d, 0x3, 0x1) socket$nl_netfilter(0x10, 0x3, 0xc) openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) socket$kcm(0x2, 0xa, 0x2) socket$inet(0x2, 0x4000000000000001, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_open_dev$tty1(0xc, 0x4, 0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) r0 = syz_open_dev$dri(&(0x7f0000000440), 0x1, 0x48240) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000040)={&(0x7f0000000100)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000180)={0x1, 0x1, &(0x7f00000000c0)=[r1], &(0x7f0000000180), &(0x7f0000000200), &(0x7f00000001c0)=[0x7fffffff], 0x0, 0x4}) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.121' (ED25519) to the list of known hosts. syzkaller login: [ 82.054373][ T5756] cgroup: Unknown subsys name 'net' [ 82.195819][ T5756] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 83.936590][ T5756] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 85.643106][ T5772] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 85.656890][ T5773] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 85.665546][ T5772] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 85.674710][ T5773] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 85.682577][ T5772] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 85.690615][ T5773] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 85.698980][ T5772] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 85.707476][ T5772] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 85.715921][ T5772] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 85.723421][ T5772] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 85.738502][ T5783] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 85.750285][ T5783] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 85.757960][ T5082] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 85.760414][ T5783] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 85.767616][ T5082] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 85.773135][ T5783] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 85.788968][ T5783] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 85.797353][ T5783] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 85.797821][ T5082] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 85.806927][ T5783] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 85.812965][ T5082] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 85.825600][ T51] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 85.833751][ T5777] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 85.855804][ T5777] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 86.298139][ T5768] chnl_net:caif_netlink_parms(): no params data found [ 86.406565][ T5775] chnl_net:caif_netlink_parms(): no params data found [ 86.431900][ T5779] chnl_net:caif_netlink_parms(): no params data found [ 86.533918][ T5768] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.542345][ T5768] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.552215][ T5768] bridge_slave_0: entered allmulticast mode [ 86.559653][ T5768] bridge_slave_0: entered promiscuous mode [ 86.585627][ T5767] chnl_net:caif_netlink_parms(): no params data found [ 86.605476][ T5768] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.612759][ T5768] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.623253][ T5768] bridge_slave_1: entered allmulticast mode [ 86.630573][ T5768] bridge_slave_1: entered promiscuous mode [ 86.730858][ T5768] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.769744][ T5779] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.777386][ T5779] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.784675][ T5779] bridge_slave_0: entered allmulticast mode [ 86.792363][ T5779] bridge_slave_0: entered promiscuous mode [ 86.802497][ T5768] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.828239][ T5775] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.835531][ T5775] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.843299][ T5775] bridge_slave_0: entered allmulticast mode [ 86.851004][ T5775] bridge_slave_0: entered promiscuous mode [ 86.859417][ T5779] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.867450][ T5779] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.874715][ T5779] bridge_slave_1: entered allmulticast mode [ 86.882871][ T5779] bridge_slave_1: entered promiscuous mode [ 86.909074][ T5775] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.916697][ T5775] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.923996][ T5775] bridge_slave_1: entered allmulticast mode [ 86.931219][ T5775] bridge_slave_1: entered promiscuous mode [ 86.963140][ T5768] team0: Port device team_slave_0 added [ 87.004050][ T5768] team0: Port device team_slave_1 added [ 87.024338][ T5775] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.036333][ T5779] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.056436][ T5767] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.063629][ T5767] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.071078][ T5767] bridge_slave_0: entered allmulticast mode [ 87.079993][ T5767] bridge_slave_0: entered promiscuous mode [ 87.088679][ T5767] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.095857][ T5767] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.103350][ T5767] bridge_slave_1: entered allmulticast mode [ 87.110855][ T5767] bridge_slave_1: entered promiscuous mode [ 87.120784][ T5775] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.144166][ T5779] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.178472][ T5768] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.185501][ T5768] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.212145][ T5768] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.258608][ T5775] team0: Port device team_slave_0 added [ 87.269098][ T5775] team0: Port device team_slave_1 added [ 87.301568][ T5779] team0: Port device team_slave_0 added [ 87.309165][ T5768] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.316160][ T5768] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.343567][ T5768] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.393064][ T5779] team0: Port device team_slave_1 added [ 87.434824][ T5767] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.461666][ T5775] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.468785][ T5775] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.495982][ T5775] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.508260][ T5779] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.515251][ T5779] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.543226][ T5779] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.556514][ T5779] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.563513][ T5779] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.594163][ T5779] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.610264][ T5767] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.620824][ T5775] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.628105][ T5775] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.654539][ T5775] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.764367][ T5767] team0: Port device team_slave_0 added [ 87.797429][ T5778] Bluetooth: hci0: command tx timeout [ 87.817876][ T5768] hsr_slave_0: entered promiscuous mode [ 87.824748][ T5768] hsr_slave_1: entered promiscuous mode [ 87.838852][ T5767] team0: Port device team_slave_1 added [ 87.864773][ T5779] hsr_slave_0: entered promiscuous mode [ 87.875130][ T5779] hsr_slave_1: entered promiscuous mode [ 87.876795][ T5778] Bluetooth: hci3: command tx timeout [ 87.887461][ T5777] Bluetooth: hci2: command tx timeout [ 87.887491][ T5082] Bluetooth: hci1: command tx timeout [ 87.899454][ T5779] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 87.910881][ T5779] Cannot create hsr debugfs directory [ 87.940496][ T5775] hsr_slave_0: entered promiscuous mode [ 87.949484][ T5775] hsr_slave_1: entered promiscuous mode [ 87.956035][ T5775] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 87.964153][ T5775] Cannot create hsr debugfs directory [ 88.045160][ T5767] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.052232][ T5767] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.078314][ T5767] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.120568][ T5767] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.127815][ T5767] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.154345][ T5767] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.326992][ T5767] hsr_slave_0: entered promiscuous mode [ 88.333771][ T5767] hsr_slave_1: entered promiscuous mode [ 88.341046][ T5767] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 88.349335][ T5767] Cannot create hsr debugfs directory [ 88.627424][ T5779] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 88.643752][ T5779] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 88.654826][ T5779] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 88.690097][ T5779] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 88.783725][ T5768] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 88.794762][ T5768] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 88.813708][ T5768] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 88.824995][ T5768] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 88.934726][ T5775] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 88.974816][ T5775] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 88.985171][ T5775] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 89.018798][ T5775] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 89.042198][ T5767] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 89.064205][ T5767] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 89.074566][ T5767] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 89.095484][ T5767] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 89.175593][ T5779] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.273351][ T5779] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.303289][ T5768] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.319790][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.327275][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.375294][ T2902] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.382542][ T2902] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.402643][ T5768] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.420036][ T2902] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.427254][ T2902] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.459019][ T5775] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.493147][ T2902] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.500372][ T2902] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.521852][ T5767] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.544367][ T5775] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.584469][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.591674][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.632816][ T4453] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.640028][ T4453] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.659195][ T5767] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.694916][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.702094][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.723079][ T5768] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 89.749352][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.756566][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.877585][ T5777] Bluetooth: hci0: command tx timeout [ 89.958365][ T5777] Bluetooth: hci2: command tx timeout [ 89.963886][ T5777] Bluetooth: hci3: command tx timeout [ 89.969823][ T5778] Bluetooth: hci1: command tx timeout [ 90.312063][ T5779] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.405514][ T5768] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.453763][ T5767] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.473246][ T5775] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.511033][ T5779] veth0_vlan: entered promiscuous mode [ 90.556756][ T5779] veth1_vlan: entered promiscuous mode [ 90.601349][ T5768] veth0_vlan: entered promiscuous mode [ 90.638011][ T5768] veth1_vlan: entered promiscuous mode [ 90.666923][ T5767] veth0_vlan: entered promiscuous mode [ 90.694031][ T5775] veth0_vlan: entered promiscuous mode [ 90.711618][ T5775] veth1_vlan: entered promiscuous mode [ 90.719784][ T5779] veth0_macvtap: entered promiscuous mode [ 90.728488][ T5767] veth1_vlan: entered promiscuous mode [ 90.744030][ T5779] veth1_macvtap: entered promiscuous mode [ 90.815432][ T5768] veth0_macvtap: entered promiscuous mode [ 90.849229][ T5779] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.865265][ T5779] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 90.875443][ T5768] veth1_macvtap: entered promiscuous mode [ 90.892881][ T5779] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.904693][ T5779] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.914290][ T5779] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.924881][ T5779] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.952828][ T5767] veth0_macvtap: entered promiscuous mode [ 90.974149][ T5768] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 90.986772][ T5768] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.999746][ T5768] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.010267][ T5775] veth0_macvtap: entered promiscuous mode [ 91.040395][ T5775] veth1_macvtap: entered promiscuous mode [ 91.050942][ T5767] veth1_macvtap: entered promiscuous mode [ 91.060308][ T5768] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.071310][ T5768] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.084101][ T5768] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.095861][ T5768] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.105169][ T5768] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.114110][ T5768] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.123282][ T5768] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.252998][ T5775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.270698][ T66] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.282079][ T66] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.291746][ T5775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.302674][ T5775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.314903][ T5775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.328604][ T5775] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.339935][ T5775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.351013][ T5775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.361134][ T5775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.371681][ T5775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.384412][ T5775] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.419355][ T5767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.434475][ T5767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.445510][ T5767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.456583][ T5767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.467686][ T5767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.478923][ T5767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.497673][ T5767] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.513362][ T5775] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.525053][ T5775] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.534895][ T5775] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.543770][ T5775] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.605586][ T2902] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.621633][ T2902] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.621927][ T5767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.642337][ T5767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.652303][ T5767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.662786][ T5767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.672776][ T5767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.683273][ T5767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.695214][ T5767] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.755964][ T5767] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.771418][ T5767] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.780384][ T5767] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.793779][ T5767] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.827830][ T66] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.835717][ T66] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.895314][ T66] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.912890][ T66] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.956890][ T5082] Bluetooth: hci0: command tx timeout [ 92.016608][ T66] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.024865][ T66] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.037617][ T5082] Bluetooth: hci3: command tx timeout [ 92.037643][ T5777] Bluetooth: hci1: command tx timeout [ 92.043192][ T5082] Bluetooth: hci2: command tx timeout [ 92.121077][ T33] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.129901][ T33] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.189653][ T33] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.219954][ T33] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.237491][ T787] cfg80211: failed to load regulatory.db [ 92.334076][ T4453] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.356974][ T4453] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.573388][ T5860] usb 1-1: new full-speed USB device number 2 using dummy_hcd [ 92.580335][ T5866] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 92.650981][ T5869] syz.2.3[5869]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 92.686126][ T5869] loop2: detected capacity change from 0 to 512 [ 92.702673][ T5869] ======================================================= [ 92.702673][ T5869] WARNING: The mand mount option has been deprecated and [ 92.702673][ T5869] and is ignored by this kernel. Remove the mand [ 92.702673][ T5869] option from the mount to silence this warning. [ 92.702673][ T5869] ======================================================= [ 92.795759][ T5869] EXT4-fs: Ignoring removed i_version option [ 92.816737][ T5869] EXT4-fs: Ignoring removed oldalloc option [ 92.825889][ T5860] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 7 [ 92.863324][ T5860] usb 1-1: New USB device found, idVendor=06cb, idProduct=73f6, bcdDevice= 0.00 [ 92.885965][ T5860] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 92.909632][ T5860] usb 1-1: config 0 descriptor?? [ 92.945392][ T5869] EXT4-fs (loop2): 1 truncate cleaned up [ 92.985267][ T5869] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 93.086977][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 93.173564][ T5869] EXT4-fs error (device loop2): ext4_lookup:1858: inode #13: comm syz.2.3: iget: bad extra_isize 1 (inode size 256) [ 93.229879][ T5860] usbhid 1-1:0.0: can't add hid device: -71 [ 93.259471][ T5860] usbhid: probe of 1-1:0.0 failed with error -71 [ 93.291137][ T5860] usb 1-1: USB disconnect, device number 2 [ 93.367826][ T5869] EXT4-fs error (device loop2): ext4_map_blocks:608: inode #2: block 13: comm syz.2.3: lblock 0 mapped to illegal pblock 13 (length 1) [ 93.377808][ T5828] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 93.466837][ T5775] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 93.634548][ T5888] loop2: detected capacity change from 0 to 2048 [ 93.646757][ T5828] usb 2-1: Using ep0 maxpacket: 8 [ 93.678723][ T5888] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 93.693551][ T5828] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9 [ 93.712662][ T5828] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 93.725717][ T5828] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 93.757223][ T5828] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12592, setting to 1024 [ 93.787383][ T5828] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 93.806472][ T5828] usb 2-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 93.815606][ T5828] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 93.844656][ T5828] usb 2-1: config 0 descriptor?? [ 93.853074][ T5880] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 93.947391][ T5888] EXT4-fs error (device loop2): ext4_do_update_inode:5248: inode #12: comm syz.2.7: corrupted inode contents [ 93.967837][ T5888] EXT4-fs error (device loop2): ext4_do_update_inode:5248: inode #12: comm syz.2.7: corrupted inode contents [ 93.983328][ T5888] EXT4-fs error (device loop2): ext4_try_add_inline_entry:1336: inode #12: comm syz.2.7: mark_inode_dirty error [ 94.037883][ T5777] Bluetooth: hci0: command tx timeout [ 94.047029][ T5775] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 94.117338][ T5778] Bluetooth: hci3: command tx timeout [ 94.122840][ T5778] Bluetooth: hci2: command tx timeout [ 94.130791][ T5777] Bluetooth: hci1: command tx timeout [ 94.302261][ T5777] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 94.309584][ T5777] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 94.316733][ T5777] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 94.323674][ T5777] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 94.331337][ T5777] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 94.338380][ T5777] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 94.345280][ T5777] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 94.352732][ T5777] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 94.359856][ T5777] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 94.366848][ T5777] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 94.373786][ T5777] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 94.381270][ T5777] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 94.388258][ T5777] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 94.395213][ T5777] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 94.403047][ T5777] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 94.410006][ T5777] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 94.416971][ T5777] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 94.423901][ T5777] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 94.430885][ T5777] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 94.438269][ T5777] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 94.445191][ T5777] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 94.452262][ T5777] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 94.459352][ T5777] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 94.466802][ T5777] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 94.473783][ T5777] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 94.481023][ T5777] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 94.488543][ T5777] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 94.495510][ T5777] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 94.502430][ T5777] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 94.509368][ T5777] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 94.516349][ T5777] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 94.523301][ T5777] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 94.530781][ T5777] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 94.537751][ T5777] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 94.544708][ T5777] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 94.552674][ T5777] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 94.559941][ T5777] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 94.566883][ T5777] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 94.573842][ T5777] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 94.580878][ T5777] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 94.588309][ T5777] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 94.595268][ T5777] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 94.604238][ T5777] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 94.611216][ T5777] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 94.619508][ T5777] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 94.626458][ T5777] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 94.633615][ T5777] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 94.640712][ T5777] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 94.647796][ T5770] usb 2-1: USB disconnect, device number 2 [ 94.654040][ T5777] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 94.660968][ T5777] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 94.667871][ T5777] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 94.674914][ T5777] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 94.682752][ T5777] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 94.690162][ T5777] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 94.697093][ T5777] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 94.703975][ T5777] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 94.710973][ T5777] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 94.718299][ T5777] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 94.725180][ T5777] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 94.732214][ T5777] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 94.739186][ T5777] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 94.746056][ T5777] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 94.753169][ T5777] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 94.761180][ T5777] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 94.768107][ T5777] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 94.774981][ T5777] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 94.782079][ T5777] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 94.790744][ T5082] Bluetooth: hci4: Opcode 0x0c03 failed: -71 [ 94.944463][ T5898] binder_alloc: 5897: pid 5897 spamming oneway? 2 buffers allocated for a total size of 5120 [ 94.958518][ T5898] binder_alloc: 5897: pid 5897 spamming oneway? 3 buffers allocated for a total size of 5128 [ 95.095216][ T5902] netlink: 24 bytes leftover after parsing attributes in process `syz.0.13'. [ 95.111096][ T5902] netlink: 24 bytes leftover after parsing attributes in process `syz.0.13'. [ 95.548831][ T5915] xt_hashlimit: overflow, try lower: 18446744073709551615/255 [ 97.356070][ T5932] syzkaller0: entered promiscuous mode [ 97.366572][ T5932] syzkaller0: entered allmulticast mode [ 97.392186][ T5932] tipc: Started in network mode [ 97.399015][ T5932] tipc: Node identity a6d95e3fb835, cluster identity 4711 [ 97.407386][ T5932] tipc: Enabled bearer , priority 0 [ 97.423689][ T5931] tipc: Resetting bearer [ 97.485893][ T5931] tipc: Disabling bearer [ 97.701630][ T5942] netlink: 8 bytes leftover after parsing attributes in process `syz.2.25'. [ 97.825497][ T5948] capability: warning: `syz.1.27' uses 32-bit capabilities (legacy support in use) [ 98.053515][ T5949] syzkaller0: entered promiscuous mode [ 98.108680][ T5949] syzkaller0: entered allmulticast mode [ 98.301045][ T5957] nfs: Unknown parameter 'fs' [ 99.659175][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 99.669607][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 99.679770][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 99.689777][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 99.702399][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 99.713253][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 99.723212][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 99.733148][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 99.743933][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 100.503721][ T5980] loop0: detected capacity change from 0 to 512 [ 100.511394][ T5980] EXT4-fs: inline encryption not supported [ 100.560650][ T5980] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 100.701421][ T5980] EXT4-fs (loop0): 1 orphan inode deleted [ 100.723399][ T5980] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 100.746452][ T66] Quota error (device loop0): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 100.781538][ T66] EXT4-fs error (device loop0): ext4_release_dquot:6985: comm kworker/u4:4: Failed to release dquot type 1 [ 100.794550][ T5980] ext4 filesystem being mounted at /8/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 100.822364][ T5980] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 100.890219][ T5988] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 100.979317][ T5988] kvm: pic: non byte read [ 100.984709][ T5988] kvm: pic: level sensitive irq not supported [ 100.984868][ T5988] kvm: pic: non byte read [ 101.013153][ T5988] kvm: pic: level sensitive irq not supported [ 101.013256][ T5988] kvm: pic: non byte read [ 101.029511][ T5988] kvm: pic: level sensitive irq not supported [ 101.030757][ T5988] kvm: pic: non byte read [ 101.547829][ T5998] fuse: Bad value for 'fd' [ 102.133815][ T6003] netlink: 12 bytes leftover after parsing attributes in process `syz.2.42'. [ 102.150034][ T6005] loop3: detected capacity change from 0 to 256 [ 102.240955][ T6005] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x205ab87c, utbl_chksum : 0xe619d30d) [ 102.398986][ T28] audit: type=1800 audit(1771020938.491:2): pid=6005 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.43" name="file1" dev="loop3" ino=1048592 res=0 errno=0 [ 102.727212][ T5821] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 102.916409][ T5821] usb 3-1: Using ep0 maxpacket: 32 [ 102.936773][ T5821] usb 3-1: config 0 has an invalid interface number: 89 but max is 0 [ 103.004958][ T5821] usb 3-1: config 0 has no interface number 0 [ 104.256251][ C0] sched: RT throttling activated [ 104.505912][ T5821] usb 3-1: config 0 interface 89 has no altsetting 0 [ 104.525921][ T5821] usb 3-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e [ 104.541979][ T5821] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 104.551113][ T5821] usb 3-1: Product: syz [ 104.555946][ T5821] usb 3-1: Manufacturer: syz [ 104.570431][ T5821] usb 3-1: SerialNumber: syz [ 104.593204][ T5821] usb 3-1: config 0 descriptor?? [ 104.623384][ T5821] em28xx 3-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89) [ 104.643904][ T5821] em28xx 3-1:0.89: Video interface 89 found: bulk [ 105.289690][ T5821] em28xx 3-1:0.89: unknown em28xx chip ID (0) [ 106.486747][ T5821] em28xx 3-1:0.89: write to i2c device at 0xa0 failed with unknown error (status=1) [ 106.539977][ T5821] em28xx 3-1:0.89: failed to read eeprom (err=-5) [ 106.579033][ T5821] em28xx 3-1:0.89: em28xx_i2c_register: em28xx_i2_eeprom failed! retval [-5] [ 106.766575][ T5821] em28xx 3-1:0.89: Identified as Terratec Grabby (card=67) [ 106.775775][ T5821] em28xx 3-1:0.89: analog set to bulk mode. [ 106.786777][ T5809] em28xx 3-1:0.89: Registering V4L2 extension [ 106.845495][ T5821] usb 3-1: USB disconnect, device number 2 [ 106.896784][ T5821] em28xx 3-1:0.89: Disconnecting em28xx [ 107.281281][ T5809] em28xx 3-1:0.89: Config register raw data: 0xffffffed [ 107.310535][ T5809] em28xx 3-1:0.89: AC97 chip type couldn't be determined [ 107.331180][ T5809] em28xx 3-1:0.89: No AC97 audio processor [ 107.371056][ T5809] usb 3-1: Decoder not found [ 107.375744][ T5809] em28xx 3-1:0.89: failed to create media graph [ 107.392327][ T5809] em28xx 3-1:0.89: V4L2 device video103 deregistered [ 107.408646][ T5809] em28xx 3-1:0.89: Registering snapshot button... [ 107.439649][ T5809] input: em28xx snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.89/input/input5 [ 107.534864][ T5809] em28xx 3-1:0.89: Remote control support is not available for this card. [ 107.547164][ T5821] em28xx 3-1:0.89: Closing input extension [ 107.567474][ T5821] em28xx 3-1:0.89: Deregistering snapshot button [ 107.702855][ T5821] em28xx 3-1:0.89: Freeing device [ 109.223911][ T6085] loop1: detected capacity change from 0 to 128 [ 109.272178][ T6085] FAT-fs (loop1): Directory bread(block 524322) failed [ 109.290370][ T6085] FAT-fs (loop1): Directory bread(block 524323) failed [ 109.335499][ T6085] FAT-fs (loop1): Directory bread(block 524324) failed [ 109.381235][ T6085] FAT-fs (loop1): Directory bread(block 524325) failed [ 109.410884][ T6085] FAT-fs (loop1): Directory bread(block 524326) failed [ 109.456635][ T6085] FAT-fs (loop1): Directory bread(block 524327) failed [ 109.496392][ T6085] FAT-fs (loop1): Directory bread(block 524328) failed [ 109.503359][ T6085] FAT-fs (loop1): Directory bread(block 524329) failed [ 109.585555][ T6085] FAT-fs (loop1): Directory bread(block 524322) failed [ 109.603502][ T6085] FAT-fs (loop1): Directory bread(block 524323) failed [ 111.463191][ T6103] loop0: detected capacity change from 0 to 512 [ 111.762985][ T6103] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem [ 111.808753][ T6103] EXT4-fs (loop0): invalid journal inode [ 111.817514][ T6103] EXT4-fs (loop0): can't get journal size [ 111.927625][ T6103] EXT4-fs (loop0): 1 truncate cleaned up [ 111.946620][ T6103] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 112.389776][ T5779] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 113.783591][ T28] audit: type=1804 audit(1771020949.881:3): pid=6139 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.79" name="bus" dev="ramfs" ino=8952 res=1 errno=0 [ 113.848978][ T28] audit: type=1804 audit(1771020949.921:4): pid=6139 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.79" name="bus" dev="ramfs" ino=8952 res=1 errno=0 [ 114.314491][ T6146] binder: BINDER_SET_CONTEXT_MGR already set [ 114.729178][ T6146] binder: 6145:6146 ioctl 4018620d 200000000040 returned -16 [ 115.317816][ T6159] openvswitch: netlink: Message has 4 unknown bytes. [ 116.164406][ T6163] loop3: detected capacity change from 0 to 2048 [ 116.331648][ T6163] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 116.505698][ T6173] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 116.548119][ T6175] netlink: 'syz.2.85': attribute type 39 has an invalid length. [ 116.950644][ T6163] EXT4-fs error (device loop3): ext4_validate_block_bitmap:439: comm syz.3.84: bg 0: block 234: padding at end of block bitmap is not set [ 117.037576][ T6163] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 480 with error 28 [ 117.095601][ T6163] EXT4-fs (loop3): This should not happen!! Data will be lost [ 117.095601][ T6163] [ 117.138397][ T6163] EXT4-fs (loop3): Total free blocks count 0 [ 117.178921][ T6163] EXT4-fs (loop3): Free/Dirty block details [ 117.206682][ T6163] EXT4-fs (loop3): free_blocks=0 [ 117.280397][ T6163] EXT4-fs (loop3): dirty_blocks=496 [ 117.285893][ T6163] EXT4-fs (loop3): Block reservation details [ 117.296388][ T6163] EXT4-fs (loop3): i_reserved_data_blocks=31 [ 118.076566][ T27] usb 3-1: new full-speed USB device number 3 using dummy_hcd [ 118.425233][ T5768] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 118.435734][ T27] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 118.476398][ T27] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 118.495324][ T27] usb 3-1: Product: syz [ 118.505267][ T27] usb 3-1: Manufacturer: syz [ 118.530541][ T27] usb 3-1: SerialNumber: syz [ 118.567898][ T27] usb 3-1: config 0 descriptor?? [ 118.828746][ T27] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 119.606513][ T5809] IPVS: starting estimator thread 0... [ 119.707618][ T6225] IPVS: using max 16 ests per chain, 38400 per kthread [ 119.723301][ T6227] warning: `syz.1.93' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 119.804656][ T6227] netlink: 'syz.1.93': attribute type 10 has an invalid length. [ 120.094563][ T6227] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 120.266633][ T27] dvb_usb_rtl28xxu: probe of 3-1:0.0 failed with error -71 [ 120.313253][ T27] usb 3-1: USB disconnect, device number 3 [ 120.790263][ T6244] binder: 6243:6244 ioctl c0306201 200000000240 returned -14 [ 122.134789][ T5777] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201' [ 122.145632][ T5777] CPU: 0 PID: 5777 Comm: kworker/u5:4 Not tainted syzkaller #0 [ 122.153250][ T5777] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 122.163368][ T5777] Workqueue: hci2 hci_rx_work [ 122.168097][ T5777] Call Trace: [ 122.171403][ T5777] [ 122.174350][ T5777] dump_stack_lvl+0x18c/0x250 [ 122.179089][ T5777] ? show_regs_print_info+0x20/0x20 [ 122.184363][ T5777] ? load_image+0x400/0x400 [ 122.188950][ T5777] sysfs_create_dir_ns+0x26e/0x2a0 [ 122.194125][ T5777] ? sysfs_warn_dup+0xa0/0xa0 [ 122.198848][ T5777] ? do_raw_spin_unlock+0x121/0x230 [ 122.204154][ T5777] kobject_add_internal+0x61c/0xcc0 [ 122.209408][ T5777] kobject_add+0x164/0x240 [ 122.213863][ T5777] ? __rwlock_init+0x150/0x150 [ 122.218664][ T5777] ? kobject_init+0x1e0/0x1e0 [ 122.223381][ T5777] ? _raw_spin_unlock+0x28/0x40 [ 122.228269][ T5777] ? get_device_parent+0x366/0x390 [ 122.233431][ T5777] device_add+0x408/0xc20 [ 122.237819][ T5777] hci_conn_add_sysfs+0xd5/0x1e0 [ 122.242797][ T5777] le_conn_complete_evt+0xf5d/0x1540 [ 122.248132][ T5777] ? hci_event_packet+0x4cb/0x1270 [ 122.253290][ T5777] ? hci_le_big_info_adv_report_evt+0x910/0x910 [ 122.259584][ T5777] ? __mutex_unlock_slowpath+0x1b4/0x6c0 [ 122.265257][ T5777] ? skb_pull_data+0xfb/0x200 [ 122.269972][ T5777] hci_le_conn_complete_evt+0x187/0x440 [ 122.275561][ T5777] ? hci_remote_host_features_evt+0x150/0x150 [ 122.281659][ T5777] hci_event_packet+0x7ba/0x1270 [ 122.286642][ T5777] ? bis_list+0x290/0x290 [ 122.291006][ T5777] ? lockdep_hardirqs_on+0x98/0x150 [ 122.296501][ T5777] ? hci_send_to_monitor+0xd7/0x4f0 [ 122.301760][ T5777] hci_rx_work+0x43a/0xd60 [ 122.306340][ T5777] ? process_scheduled_works+0x96f/0x15d0 [ 122.312120][ T5777] process_scheduled_works+0xa5d/0x15d0 [ 122.317737][ T5777] ? assign_work+0x430/0x430 [ 122.322367][ T5777] ? assign_work+0x3d0/0x430 [ 122.327001][ T5777] worker_thread+0xa55/0xfc0 [ 122.331818][ T5777] kthread+0x2fa/0x390 [ 122.335917][ T5777] ? pr_cont_work+0x560/0x560 [ 122.340728][ T5777] ? kthread_blkcg+0xd0/0xd0 [ 122.345388][ T5777] ret_from_fork+0x48/0x80 [ 122.349930][ T5777] ? kthread_blkcg+0xd0/0xd0 [ 122.354568][ T5777] ret_from_fork_asm+0x11/0x20 [ 122.359475][ T5777] [ 122.364707][ T5777] kobject: kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 122.378869][ T5777] Bluetooth: hci2: failed to register connection device [ 124.036831][ T6270] loop2: detected capacity change from 0 to 8192 [ 124.156288][ T786] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 124.369576][ T786] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 124.509095][ T786] usb 2-1: config 1 interface 1 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 124.547757][ T786] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 124.559421][ T786] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 124.568055][ T786] usb 2-1: Product: syz [ 124.572250][ T786] usb 2-1: Manufacturer: syz [ 124.577274][ T786] usb 2-1: SerialNumber: syz [ 124.696984][ T6284] loop0: detected capacity change from 0 to 2048 [ 124.782670][ T6284] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 124.908539][ T6284] capability: warning: `syz.0.106' uses deprecated v2 capabilities in a way that may be insecure [ 124.963820][ T6288] binder: 6287:6288 ioctl c0306201 2000000003c0 returned -14 [ 125.749181][ T786] cdc_ncm 2-1:1.0: bind() failure [ 125.794263][ T786] cdc_ncm: probe of 2-1:1.1 failed with error -71 [ 125.802120][ T6296] batman_adv: batadv0: Adding interface: dummy0 [ 125.828176][ T786] cdc_mbim: probe of 2-1:1.1 failed with error -71 [ 125.856332][ T6296] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 125.874229][ T786] usbtest: probe of 2-1:1.1 failed with error -71 [ 125.904926][ T6296] batman_adv: batadv0: Interface activated: dummy0 [ 125.945631][ T786] usb 2-1: USB disconnect, device number 3 [ 126.019539][ T6295] batadv0: mtu less than device minimum [ 126.052376][ T6295] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 126.065493][ T6295] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 126.078203][ T6295] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 126.090809][ T6295] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 126.103359][ T6295] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 126.115917][ T6295] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 126.128509][ T6295] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 126.140960][ T6295] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 126.153536][ T6295] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 126.355575][ T6298] netlink: 4 bytes leftover after parsing attributes in process `syz.3.111'. [ 126.370055][ T6298] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 126.641910][ T6298] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 128.536438][ T5777] Bluetooth: hci2: command 0x0406 tx timeout [ 128.856411][ T6321] Malformed UNC in devname [ 128.856411][ T6321] [ 128.864828][ T6321] CIFS: VFS: Malformed UNC in devname [ 130.601697][ T6340] loop2: detected capacity change from 0 to 512 [ 130.612688][ T6340] EXT4-fs: Ignoring removed nomblk_io_submit option [ 131.395104][ T6340] EXT4-fs: Ignoring removed orlov option [ 131.553851][ T6340] EXT4-fs error (device loop2): ext4_iget_extra_inode:4732: inode #15: comm syz.2.122: corrupted in-inode xattr: bad e_name length [ 131.637910][ T6340] EXT4-fs error (device loop2): ext4_orphan_get:1403: comm syz.2.122: couldn't read orphan inode 15 (err -117) [ 131.710662][ T6340] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 132.113769][ T5775] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 132.450072][ T28] audit: type=1326 audit(1771020968.551:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6344 comm="syz.0.124" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7efda4f9bf79 code=0x0 [ 132.494527][ T6354] kvm: requested 79619 ns i8254 timer period limited to 200000 ns [ 132.517027][ T6354] kvm: requested 137447 ns i8254 timer period limited to 200000 ns [ 132.534551][ T6354] kvm: requested 38552 ns i8254 timer period limited to 200000 ns [ 132.556464][ T6354] kvm: requested 59504 ns i8254 timer period limited to 200000 ns [ 132.585631][ T6354] kvm: requested 134933 ns i8254 timer period limited to 200000 ns [ 132.606792][ T6354] kvm: requested 130742 ns i8254 timer period limited to 200000 ns [ 132.636486][ T6354] kvm: requested 113981 ns i8254 timer period limited to 200000 ns [ 132.669829][ T6354] kvm: requested 80457 ns i8254 timer period limited to 200000 ns [ 132.720390][ T6354] kvm: requested 17600 ns i8254 timer period limited to 200000 ns [ 132.748412][ T6354] kvm: requested 135771 ns i8254 timer period limited to 200000 ns [ 133.270389][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.280379][ T1279] ieee802154 phy1 wpan1: encryption failed: -22 [ 135.228736][ T6352] syz.1.123 (6352) used greatest stack depth: 20200 bytes left [ 135.750235][ T6383] netlink: 24 bytes leftover after parsing attributes in process `syz.0.132'. [ 135.979930][ T6386] Zero length message leads to an empty skb [ 136.022852][ T6390] netlink: 104 bytes leftover after parsing attributes in process `syz.3.134'. [ 136.056597][ T6391] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 136.088503][ T6391] netlink: 4 bytes leftover after parsing attributes in process `syz.1.133'. [ 136.106453][ T6392] netlink: 104 bytes leftover after parsing attributes in process `syz.3.134'. [ 136.116293][ T6391] bridge_slave_1: left allmulticast mode [ 136.125106][ T6391] bridge_slave_1: left promiscuous mode [ 136.147657][ T6391] bridge0: port 2(bridge_slave_1) entered disabled state [ 136.190501][ T6391] bridge_slave_0: left allmulticast mode [ 136.200133][ T6391] bridge_slave_0: left promiscuous mode [ 136.214522][ T6391] bridge0: port 1(bridge_slave_0) entered disabled state [ 136.323950][ T6398] input: syz1 as /devices/virtual/input/input6 [ 137.706321][ T28] audit: type=1326 audit(1771020973.801:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6402 comm="syz.0.137" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7efda4f9bf79 code=0x0 [ 139.413954][ T6420] loop0: detected capacity change from 0 to 512 [ 139.766066][ T5774] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 140.662576][ T6436] syzkaller0: entered promiscuous mode [ 140.681076][ T6436] syzkaller0: entered allmulticast mode [ 141.209099][ T6457] loop1: detected capacity change from 0 to 736 [ 142.627729][ T6475] sch_tbf: burst 21990 is lower than device lo mtu (65550) ! [ 142.835574][ T6478] loop2: detected capacity change from 0 to 1024 [ 143.286836][ T6478] EXT4-fs (loop2): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 143.313043][ T6478] ext4 filesystem being mounted at /36/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 143.604181][ T6485] EXT4-fs error (device loop2): ext4_map_blocks:718: inode #15: comm syz.2.159: lblock 0 mapped to illegal pblock 0 (length 1) [ 143.986344][ T6485] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 117 [ 144.011419][ T6485] EXT4-fs (loop2): This should not happen!! Data will be lost [ 144.011419][ T6485] [ 145.167419][ T5775] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 147.187903][ T6507] netlink: 4 bytes leftover after parsing attributes in process `syz.2.166'. [ 150.553216][ T6523] netlink: 'syz.1.170': attribute type 1 has an invalid length. [ 150.561391][ T6523] netlink: 193500 bytes leftover after parsing attributes in process `syz.1.170'. [ 150.756667][ T6525] mac80211_hwsim hwsim3 wlan1: entered allmulticast mode [ 150.813191][ T6528] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 150.865225][ T6535] loop3: detected capacity change from 0 to 128 [ 150.898840][ T6529] batman_adv: batadv0: Interface deactivated: dummy0 [ 150.912458][ T6529] batman_adv: batadv0: Removing interface: dummy0 [ 150.969027][ T6529] bridge_slave_0: left allmulticast mode [ 150.980346][ T6535] FAT-fs (loop3): error, fat_free: invalid cluster chain (i_pos 54) [ 150.990739][ T6529] bridge_slave_0: left promiscuous mode [ 151.003109][ T6535] FAT-fs (loop3): Filesystem has been set read-only [ 151.011434][ T6529] bridge0: port 1(bridge_slave_0) entered disabled state [ 151.039724][ T6529] bridge_slave_1: left allmulticast mode [ 151.052892][ T6529] bridge_slave_1: left promiscuous mode [ 151.064463][ T6529] bridge0: port 2(bridge_slave_1) entered disabled state [ 151.089568][ T6535] FAT-fs (loop3): error, fat_free: invalid cluster chain (i_pos 54) [ 151.113846][ T6529] bond0: (slave bond_slave_0): Releasing backup interface [ 151.160009][ T6529] bond0: (slave bond_slave_1): Releasing backup interface [ 151.285200][ T6529] team0: Port device team_slave_0 removed [ 151.370840][ T6529] team0: Port device team_slave_1 removed [ 151.388774][ T6529] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 151.404132][ T6529] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 151.448220][ T6529] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 151.461246][ T6529] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 152.257287][ T6549] fuse: Bad value for 'fd' [ 152.287972][ T6551] tipc: Started in network mode [ 152.299163][ T6551] tipc: Node identity , cluster identity 4711 [ 152.309155][ T6551] tipc: Failed to obtain node identity [ 152.314919][ T6551] tipc: Enabling of bearer rejected, failed to enable media [ 152.332632][ T6551] netlink: 3 bytes leftover after parsing attributes in process `syz.2.178'. [ 152.342177][ T6551] 0ªX¹¦À: renamed from caif0 [ 152.349914][ T6551] 0ªX¹¦À: entered allmulticast mode [ 152.355381][ T6551] net_ratelimit: 10 callbacks suppressed [ 152.355395][ T6551] A link change request failed with some changes committed already. Interface 60ªX¹¦À may have been left with an inconsistent configuration, please check. [ 152.591862][ T6559] netlink: 28 bytes leftover after parsing attributes in process `syz.3.182'. [ 153.215147][ T6567] netlink: 'syz.0.186': attribute type 10 has an invalid length. [ 153.273265][ T6567] 8021q: adding VLAN 0 to HW filter on device bond0 [ 153.311818][ T6567] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 156.637170][ T6579] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer. [ 158.321435][ T786] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 158.644966][ T786] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 158.750332][ T786] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 158.767410][ T786] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 158.786322][ T786] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 158.803383][ T786] usb 3-1: SerialNumber: syz [ 159.094982][ T786] usb 3-1: 0:2 : does not exist [ 159.182340][ T786] usb 3-1: USB disconnect, device number 4 [ 159.332501][ T5774] udevd[5774]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 159.502619][ T6633] loop0: detected capacity change from 0 to 128 [ 159.527370][ T6633] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 54) [ 159.535446][ T6633] FAT-fs (loop0): Filesystem has been set read-only [ 159.787718][ T5779] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 54) [ 161.132077][ T6647] netlink: 'syz.0.211': attribute type 1 has an invalid length. [ 161.141034][ T6647] netlink: 193500 bytes leftover after parsing attributes in process `syz.0.211'. [ 161.637497][ T786] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 161.945326][ T786] usb 1-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 161.966737][ T786] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 161.974811][ T786] usb 1-1: Product: syz [ 161.980071][ T786] usb 1-1: Manufacturer: syz [ 161.984721][ T786] usb 1-1: SerialNumber: syz [ 161.995156][ T786] usb 1-1: config 0 descriptor?? [ 162.321655][ T5770] usb 1-1: USB disconnect, device number 3 [ 163.403088][ T6681] netlink: 12 bytes leftover after parsing attributes in process `syz.2.221'. [ 164.270530][ T6681] netlink: 63 bytes leftover after parsing attributes in process `syz.2.221'. [ 166.226523][ T27] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 166.461933][ T27] usb 2-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 166.531996][ T27] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 166.622946][ T27] usb 2-1: Product: syz [ 166.666085][ T27] usb 2-1: Manufacturer: syz [ 166.681591][ T27] usb 2-1: SerialNumber: syz [ 166.701907][ T27] usb 2-1: config 0 descriptor?? [ 167.039860][ T27] usb 2-1: USB disconnect, device number 4 [ 168.202846][ T28] audit: type=1326 audit(1771021004.301:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6737 comm="syz.1.236" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f35d9f9bf79 code=0x0 [ 172.986429][ T6773] hfsplus: unable to find HFS+ superblock [ 173.666560][ T6775] netlink: 4 bytes leftover after parsing attributes in process `syz.3.246'. [ 173.688793][ T6775] bridge_slave_1: left allmulticast mode [ 173.694523][ T6775] bridge_slave_1: left promiscuous mode [ 173.731007][ T6775] bridge0: port 2(bridge_slave_1) entered disabled state [ 173.766385][ T6775] bridge_slave_0: left allmulticast mode [ 173.774156][ T6775] bridge_slave_0: left promiscuous mode [ 173.781592][ T6775] bridge0: port 1(bridge_slave_0) entered disabled state [ 174.006417][ T27] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 174.066306][ T5859] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 174.229599][ T27] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 174.244737][ T27] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 174.263111][ T27] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 174.272776][ T27] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 174.287141][ T27] usb 2-1: SerialNumber: syz [ 174.881383][ T27] usb 2-1: 0:2 : does not exist [ 175.013761][ T27] usb 2-1: USB disconnect, device number 5 [ 175.068258][ T6120] udevd[6120]: setting mode of /dev/mixer3 to 020660 failed: No such file or directory [ 175.127542][ T5774] udevd[5774]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 175.166507][ T6120] udevd[6120]: setting owner of /dev/mixer3 to uid=0, gid=29 failed: No such file or directory [ 175.202263][ T5859] usb 3-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 175.227935][ T5859] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 175.280204][ T5859] usb 3-1: Product: syz [ 175.284465][ T5859] usb 3-1: Manufacturer: syz [ 175.321774][ T5859] usb 3-1: SerialNumber: syz [ 175.347481][ T5859] usb 3-1: config 0 descriptor?? [ 175.369336][ T6789] tipc: Started in network mode [ 175.391916][ T6789] tipc: Node identity aa2ab60623ce, cluster identity 4711 [ 175.571586][ T6789] tipc: Enabled bearer , priority 0 [ 175.604141][ T6793] syzkaller0: entered promiscuous mode [ 176.356281][ T6793] syzkaller0: entered allmulticast mode [ 176.546641][ T6789] tipc: Resetting bearer [ 177.119763][ T5859] tipc: Node number set to 2313467398 [ 177.329768][ T6788] tipc: Resetting bearer [ 177.559358][ T5770] usb 3-1: USB disconnect, device number 5 [ 177.568049][ T6788] tipc: Disabling bearer [ 178.768303][ T6803] input: syz1 as /devices/virtual/input/input7 [ 179.872838][ T6815] mmap: syz.2.255 (6815) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 182.863790][ T6843] loop0: detected capacity change from 0 to 128 [ 182.906582][ T5828] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 182.924344][ T5781] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 183.108560][ T5828] usb 3-1: config 0 has an invalid interface number: 41 but max is 0 [ 183.131082][ T5828] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 183.205010][ T5828] usb 3-1: config 0 has no interface number 0 [ 183.298501][ T5828] usb 3-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice=83.9c [ 183.352138][ T5828] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 183.402436][ T5828] usb 3-1: Product: syz [ 183.424170][ T5828] usb 3-1: Manufacturer: syz [ 183.456808][ T5828] usb 3-1: SerialNumber: syz [ 183.506480][ T5828] usb 3-1: config 0 descriptor?? [ 183.550549][ T5828] ims_pcu 3-1:0.41: Missing CDC union descriptor [ 183.559312][ T5828] ims_pcu: probe of 3-1:0.41 failed with error -22 [ 184.750972][ T6858] loop0: detected capacity change from 0 to 256 [ 187.317952][ T5828] usb 3-1: USB disconnect, device number 6 [ 189.083657][ T6887] netlink: 20 bytes leftover after parsing attributes in process `syz.1.274'. [ 189.135505][ T6887] geneve2: entered promiscuous mode [ 190.272223][ T6901] loop1: detected capacity change from 0 to 2048 [ 190.344422][ T6901] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none. [ 190.503919][ T6901] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5920: Out of memory [ 190.531366][ T6901] EXT4-fs error (device loop1): ext4_dirty_inode:6124: inode #15: comm syz.1.281: mark_inode_dirty error [ 190.562478][ T6901] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5920: Out of memory [ 190.572866][ T6901] EXT4-fs error (device loop1): ext4_dirty_inode:6124: inode #18: comm syz.1.281: mark_inode_dirty error [ 190.666458][ T786] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 190.679610][ T5767] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000900. [ 190.949370][ T6917] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 191.082252][ T6919] process 'syz.0.283' launched './file1' with NULL argv: empty string added [ 191.656941][ T6914] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 191.765825][ T786] usb 3-1: Using ep0 maxpacket: 16 [ 191.784365][ T6909] netlink: 4 bytes leftover after parsing attributes in process `syz.2.282'. [ 191.793495][ T6909] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 191.930140][ T6909] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 192.311122][ T6933] batadv1: entered promiscuous mode [ 192.323996][ T6933] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 192.596591][ T786] usb 3-1: unable to get BOS descriptor or descriptor too short [ 192.807736][ T786] usb 3-1: unable to read config index 0 descriptor/start: -71 [ 192.835941][ T786] usb 3-1: can't read configurations, error -71 [ 193.422121][ T6937] loop1: detected capacity change from 0 to 256 [ 193.792764][ T6937] FAT-fs (loop1): error, invalid access to FAT (entry 0x00000ff0) [ 193.959346][ T6944] netlink: 132 bytes leftover after parsing attributes in process `syz.3.291'. [ 194.096423][ T5859] usb 1-1: new low-speed USB device number 4 using dummy_hcd [ 194.571112][ T5859] usb 1-1: unable to get BOS descriptor or descriptor too short [ 194.601331][ T1279] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.627463][ T5859] usb 1-1: unable to read config index 0 descriptor/start: -71 [ 194.635570][ T5859] usb 1-1: can't read configurations, error -71 [ 196.339318][ T6981] netlink: 'syz.3.299': attribute type 1 has an invalid length. [ 196.385975][ T6981] 8021q: adding VLAN 0 to HW filter on device bond1 [ 196.469595][ T6983] bond1: (slave geneve2): making interface the new active one [ 196.486956][ T5859] usb 1-1: new low-speed USB device number 5 using dummy_hcd [ 196.512852][ T6983] bond1: (slave geneve2): Enslaving as an active interface with an up link [ 196.571618][ T6983] syz.3.299 (6983) used greatest stack depth: 19848 bytes left [ 196.744557][ T6992] netlink: 4 bytes leftover after parsing attributes in process `syz.3.302'. [ 198.034317][ T5770] IPVS: starting estimator thread 0... [ 198.148458][ T7000] IPVS: using max 17 ests per chain, 40800 per kthread [ 198.171409][ T7004] netlink: 76 bytes leftover after parsing attributes in process `syz.3.305'. [ 198.201634][ T5859] usb 1-1: unable to get BOS descriptor or descriptor too short [ 198.209524][ T5859] usb 1-1: no configurations [ 198.214564][ T5859] usb 1-1: can't read configurations, error -22 [ 198.221380][ T5859] usb usb1-port1: attempt power cycle [ 201.072603][ T7028] fuse: root generation should be zero [ 202.128896][ T5859] IPVS: starting estimator thread 0... [ 202.302231][ T7036] IPVS: using max 17 ests per chain, 40800 per kthread [ 205.333805][ T7051] loop0: detected capacity change from 0 to 16 [ 205.346742][ T7051] erofs: (device loop0): erofs_read_superblock: blkszbits 0 isn't supported [ 205.400315][ T5774] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 207.876082][ T7064] loop1: detected capacity change from 0 to 512 [ 207.970946][ T7064] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 207.986948][ T7064] ext4 filesystem being mounted at /79/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 208.785668][ T7071] EXT4-fs warning (device loop1): dx_probe:833: inode #2: comm syz.1.324: Unrecognised inode hash code 20 [ 208.806333][ T7071] EXT4-fs warning (device loop1): dx_probe:966: inode #2: comm syz.1.324: Corrupt directory, running e2fsck is recommended [ 208.823763][ T7071] EXT4-fs warning (device loop1): ext4_read_inode_bitmap:149: Cannot read inode bitmap - block_group = 0, inode_bitmap = 1660377580 [ 208.856841][ T7064] EXT4-fs warning (device loop1): dx_probe:833: inode #2: comm syz.1.324: Unrecognised inode hash code 20 [ 208.924549][ T7064] EXT4-fs warning (device loop1): dx_probe:966: inode #2: comm syz.1.324: Corrupt directory, running e2fsck is recommended [ 208.944177][ T7064] EXT4-fs warning (device loop1): ext4_read_inode_bitmap:149: Cannot read inode bitmap - block_group = 0, inode_bitmap = 1660377580 [ 208.971669][ T7079] EXT4-fs warning (device loop1): dx_probe:833: inode #2: comm syz.1.324: Unrecognised inode hash code 20 [ 208.985914][ T7078] loop0: detected capacity change from 0 to 512 [ 208.993214][ T7079] EXT4-fs warning (device loop1): dx_probe:966: inode #2: comm syz.1.324: Corrupt directory, running e2fsck is recommended [ 209.010861][ T7078] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 209.065244][ T7078] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1231: group 0, block bitmap and bg descriptor inconsistent: 48 vs 41 free clusters [ 209.091090][ T7076] EXT4-fs warning (device loop1): dx_probe:833: inode #2: comm syz.1.324: Unrecognised inode hash code 20 [ 209.096143][ T7078] Quota error (device loop0): write_blk: dquota write failed [ 209.111377][ T7078] Quota error (device loop0): find_free_dqentry: Can't write quota data block 5 [ 209.121166][ T7078] Quota error (device loop0): write_blk: dquota write failed [ 209.129288][ T7078] Quota error (device loop0): qtree_write_dquot: Error -28 occurred while creating quota [ 209.139976][ T7078] EXT4-fs error (device loop0): ext4_acquire_dquot:6949: comm syz.0.326: Failed to acquire dquot type 1 [ 209.156592][ T27] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 209.157084][ T7076] EXT4-fs warning (device loop1): dx_probe:966: inode #2: comm syz.1.324: Corrupt directory, running e2fsck is recommended [ 209.202121][ T7078] EXT4-fs (loop0): 1 truncate cleaned up [ 209.223730][ T7078] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 209.297796][ T5767] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 209.337046][ T5767] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5920: Out of memory [ 209.361224][ T7078] Quota error (device loop0): write_blk: dquota write failed [ 209.368968][ T27] usb 3-1: Using ep0 maxpacket: 16 [ 209.383189][ T27] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 209.388687][ T5767] EXT4-fs error (device loop1): ext4_quota_off:7233: inode #4: comm syz-executor: mark_inode_dirty error [ 209.399488][ T27] usb 3-1: config 1 has no interface number 1 [ 209.408698][ T7078] Quota error (device loop0): qtree_write_dquot: Error -28 occurred while creating quota [ 209.412987][ T27] usb 3-1: config 1 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 209.430740][ T27] usb 3-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0 [ 209.446644][ T27] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 209.459631][ T7078] EXT4-fs error (device loop0): ext4_acquire_dquot:6949: comm syz.0.326: Failed to acquire dquot type 1 [ 209.486703][ T5767] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5920: Out of memory [ 209.503018][ T5767] EXT4-fs error (device loop1): ext4_quota_off:7233: inode #3: comm syz-executor: mark_inode_dirty error [ 209.567304][ T7086] Quota error (device loop0): write_blk: dquota write failed [ 209.575357][ T7086] Quota error (device loop0): qtree_write_dquot: Error -28 occurred while creating quota [ 209.592968][ T7086] EXT4-fs error (device loop0): ext4_acquire_dquot:6949: comm syz.0.326: Failed to acquire dquot type 1 [ 209.677695][ T5779] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 209.720150][ T27] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 209.729422][ T27] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 209.737904][ T27] usb 3-1: Product: syz [ 209.742124][ T27] usb 3-1: Manufacturer: syz [ 209.746829][ T27] usb 3-1: SerialNumber: syz [ 210.560057][ T7090] syzkaller0: entered promiscuous mode [ 210.573464][ T7090] syzkaller0: entered allmulticast mode [ 210.590954][ T27] usb 3-1: 2:1 : no UAC_FORMAT_TYPE desc [ 210.646599][ T27] usb 3-1: USB disconnect, device number 9 [ 210.703998][ T5774] udevd[5774]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 212.271799][ T5783] Bluetooth: hci1: command 0x0406 tx timeout [ 212.278274][ T5783] Bluetooth: hci0: command 0x0406 tx timeout [ 212.284949][ T5783] Bluetooth: hci2: command 0x0406 tx timeout [ 212.293236][ T27] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 212.301815][ T5783] Bluetooth: hci3: command 0x0406 tx timeout [ 212.662972][ T27] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 212.693745][ T27] usb 3-1: New USB device found, idVendor=04d8, idProduct=f372, bcdDevice= 0.00 [ 212.726223][ T27] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 212.778196][ T27] usb 3-1: config 0 descriptor?? [ 213.011357][ T7109] fuse: Unknown parameter '18446744073709551615' [ 213.030799][ T27] usbhid 3-1:0.0: can't add hid device: -71 [ 213.037075][ T27] usbhid: probe of 3-1:0.0 failed with error -71 [ 213.848758][ T27] usb 3-1: USB disconnect, device number 10 [ 214.044429][ T7123] loop1: detected capacity change from 0 to 512 [ 217.498825][ T7152] loop1: detected capacity change from 0 to 1024 [ 217.590188][ T7152] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 218.024765][ T5767] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 218.244907][ T7159] overlayfs: failed to get inode (-116) [ 218.262369][ T7159] overlayfs: failed to get inode (-116) [ 219.612129][ T7165] loop1: detected capacity change from 0 to 2048 [ 219.905230][ T7171] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 220.385448][ T5828] IPVS: starting estimator thread 0... [ 220.726320][ T5783] Bluetooth: hci2: command 0x0406 tx timeout [ 220.966711][ T7174] IPVS: using max 16 ests per chain, 38400 per kthread [ 221.541994][ T7183] loop2: detected capacity change from 0 to 512 [ 221.688234][ T7165] syz.1.349: attempt to access beyond end of device [ 221.688234][ T7165] loop1: rw=0, sector=2199023255622, nr_sectors = 2 limit=2048 [ 221.704749][ T7165] NILFS (loop1): I/O error reading meta-data file (ino=6, block-offset=0) [ 222.726731][ T7171] NILFS (loop1): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3) [ 222.745519][ T7171] NILFS error (device loop1): nilfs_bmap_propagate: broken bmap (inode number=4) [ 222.766106][ T7171] Remounting filesystem read-only [ 222.773601][ T66] NILFS (loop1): discard dirty page: offset=0, ino=6 [ 222.780901][ T66] NILFS (loop1): discard dirty block: blocknr=1099511627811, size=1024 [ 222.789342][ T66] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 222.798781][ T66] NILFS (loop1): discard dirty block: blocknr=37, size=1024 [ 222.806755][ T66] NILFS (loop1): discard dirty block: blocknr=38, size=1024 [ 222.815875][ T66] NILFS (loop1): discard dirty page: offset=0, ino=3 [ 222.824780][ T66] NILFS (loop1): discard dirty block: blocknr=42, size=1024 [ 222.834552][ T66] NILFS (loop1): discard dirty block: blocknr=43, size=1024 [ 222.851751][ T66] NILFS (loop1): discard dirty block: blocknr=44, size=1024 [ 222.863287][ T66] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 222.882374][ T66] NILFS (loop1): discard dirty page: offset=131072, ino=3 [ 222.891617][ T66] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 222.906634][ T66] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 222.915736][ T66] NILFS (loop1): discard dirty block: blocknr=46, size=1024 [ 222.940800][ T66] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 222.969288][ T66] NILFS (loop1): discard dirty page: offset=196608, ino=3 [ 222.993539][ T66] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 223.013174][ T66] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 223.026289][ T66] NILFS (loop1): discard dirty block: blocknr=49, size=1024 [ 223.043815][ T66] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 223.068422][ T5767] NILFS (loop1): disposed unprocessed dirty file(s) when stopping log writer [ 223.086500][ T5767] NILFS (loop1): discard dirty page: offset=0, ino=12 [ 223.105865][ T5767] NILFS (loop1): discard dirty block: blocknr=17, size=1024 [ 223.119688][ T5767] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 223.139265][ T5767] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 223.165624][ T5767] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 223.198425][ T5767] NILFS (loop1): discard dirty page: offset=0, ino=5 [ 223.218491][ T5767] NILFS (loop1): discard dirty block: blocknr=41, size=1024 [ 223.225881][ T5767] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 223.238680][ T7195] netlink: 'syz.2.358': attribute type 1 has an invalid length. [ 223.264469][ T5767] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 223.286802][ T5767] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 223.296028][ T5767] NILFS (loop1): discard dirty page: offset=0, ino=4 [ 223.327183][ T5767] NILFS (loop1): discard dirty block: blocknr=40, size=1024 [ 223.334579][ T5767] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 223.376221][ T5767] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 223.385157][ T5767] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 223.558136][ T7195] netlink: 28 bytes leftover after parsing attributes in process `syz.2.358'. [ 223.578151][ T7195] 8021q: adding VLAN 0 to HW filter on device bond2 [ 223.646447][ T7195] 8021q: adding VLAN 0 to HW filter on device bond2 [ 223.655765][ T7195] netdevsim netdevsim2 netdevsim0: set [1, 1] type 2 family 0 port 20004 - 0 [ 223.665473][ T7195] netdevsim netdevsim2 netdevsim1: set [1, 1] type 2 family 0 port 20004 - 0 [ 223.674638][ T7195] netdevsim netdevsim2 netdevsim2: set [1, 1] type 2 family 0 port 20004 - 0 [ 223.683948][ T7195] netdevsim netdevsim2 netdevsim3: set [1, 1] type 2 family 0 port 20004 - 0 [ 223.701689][ T7195] bond2: (slave geneve2): making interface the new active one [ 223.711073][ T7195] bond2: (slave geneve2): Enslaving as an active interface with an up link [ 223.804986][ T7195] syz.2.358 (7195) used greatest stack depth: 19656 bytes left [ 225.040030][ T7208] loop2: detected capacity change from 0 to 128 [ 225.062074][ T7208] FAT-fs (loop2): Unrecognized mount option "18446744073709551615ÿÿÿ" or missing value [ 225.126892][ T7193] syz.0.356: vmalloc error: size 6291456, failed to allocated page array size 12288, mode:0x400dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=syz0,mems_allowed=0-1 [ 225.159163][ T7193] CPU: 0 PID: 7193 Comm: syz.0.356 Not tainted syzkaller #0 [ 225.166556][ T7193] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 225.176680][ T7193] Call Trace: [ 225.180022][ T7193] [ 225.183008][ T7193] dump_stack_lvl+0x18c/0x250 [ 225.187764][ T7193] ? show_regs_print_info+0x20/0x20 [ 225.193042][ T7193] ? load_image+0x400/0x400 [ 225.197620][ T7193] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 225.204107][ T7193] ? cpuset_print_current_mems_allowed+0x2e7/0x360 [ 225.210670][ T7193] warn_alloc+0x246/0x340 [ 225.215078][ T7193] ? zone_watermark_ok_safe+0x230/0x230 [ 225.220704][ T7193] ? _raw_spin_unlock+0x28/0x40 [ 225.225617][ T7193] ? netlink_rcv_skb+0x241/0x4d0 [ 225.230624][ T7193] __vmalloc_node_range+0x662/0x1330 [ 225.235977][ T7193] ? __asan_memset+0x22/0x40 [ 225.240656][ T7193] ? free_vm_area+0x50/0x50 [ 225.245235][ T7193] ? kvmalloc_node+0x70/0x180 [ 225.249971][ T7193] ? rcu_is_watching+0x15/0xb0 [ 225.254798][ T7193] ? kvmalloc_node+0x70/0x180 [ 225.259533][ T7193] ? trace_kmalloc+0x1f/0x90 [ 225.264225][ T7193] kvmalloc_node+0x13f/0x180 [ 225.268876][ T7193] ? hash_netport4_resize+0x232/0x1b40 [ 225.274398][ T7193] hash_netport4_resize+0x232/0x1b40 [ 225.279742][ T7193] ? hash_netport4_uadt+0xc99/0xf30 [ 225.285091][ T7193] ? hash_netport4_uadt+0xf30/0xf30 [ 225.290353][ T7193] ? hash_netport4_kadt+0x590/0x590 [ 225.295611][ T7193] ? _local_bh_enable+0xa0/0xa0 [ 225.300532][ T7193] call_ad+0x454/0xb40 [ 225.304662][ T7193] ? ip_set_ad+0x9c0/0x9c0 [ 225.309152][ T7193] ? __nla_parse+0x40/0x50 [ 225.313638][ T7193] ip_set_ad+0x81a/0x9c0 [ 225.317954][ T7193] ? ip_set_dump_done+0x1e0/0x1e0 [ 225.323036][ T7193] ? rcu_is_watching+0x15/0xb0 [ 225.327903][ T7193] nfnetlink_rcv_msg+0xbf0/0x12b0 [ 225.333008][ T7193] ? entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 225.339135][ T7193] ? nfnetlink_rcv_msg+0x22a/0x12b0 [ 225.344468][ T7193] ? nfnetlink_unbind+0x160/0x160 [ 225.349583][ T7193] ? __dev_queue_xmit+0x1ac2/0x36b0 [ 225.354834][ T7193] ? __netlink_deliver_tap+0x5ab/0x830 [ 225.360366][ T7193] ? netlink_deliver_tap+0x19c/0x1b0 [ 225.365720][ T7193] ? netlink_unicast+0x72c/0x8d0 [ 225.370714][ T7193] ? netlink_sendmsg+0x8d0/0xbf0 [ 225.375714][ T7193] ? ____sys_sendmsg+0x5ba/0x960 [ 225.380706][ T7193] ? ___sys_sendmsg+0x2a6/0x360 [ 225.385611][ T7193] ? __se_sys_sendmsg+0x1c2/0x2b0 [ 225.390700][ T7193] ? do_syscall_64+0x55/0xa0 [ 225.395383][ T7193] netlink_rcv_skb+0x241/0x4d0 [ 225.400264][ T7193] ? nfnetlink_unbind+0x160/0x160 [ 225.405387][ T7193] ? netlink_ack+0x1180/0x1180 [ 225.410241][ T7193] ? apparmor_capable+0x137/0x1a0 [ 225.415334][ T7193] ? bpf_lsm_capable+0x9/0x10 [ 225.420078][ T7193] ? security_capable+0x89/0xb0 [ 225.425003][ T7193] nfnetlink_rcv+0x2c9/0x24a0 [ 225.429769][ T7193] ? __local_bh_enable_ip+0x13a/0x1c0 [ 225.435197][ T7193] ? lockdep_hardirqs_on+0x98/0x150 [ 225.440447][ T7193] ? __local_bh_enable_ip+0x13a/0x1c0 [ 225.445868][ T7193] ? _local_bh_enable+0xa0/0xa0 [ 225.450776][ T7193] ? __dev_queue_xmit+0x26b/0x36b0 [ 225.455954][ T7193] ? __dev_queue_xmit+0x26b/0x36b0 [ 225.461133][ T7193] ? __dev_queue_xmit+0x124f/0x36b0 [ 225.466392][ T7193] ? nfnetlink_net_exit_batch+0xa0/0xa0 [ 225.472021][ T7193] ? __dev_queue_xmit+0x26b/0x36b0 [ 225.477215][ T7193] ? ref_tracker_free+0x690/0x840 [ 225.482313][ T7193] ? refcount_inc+0x70/0x70 [ 225.486866][ T7193] ? __asan_memcpy+0x40/0x70 [ 225.491530][ T7193] ? __skb_clone+0x63/0x790 [ 225.496104][ T7193] ? __skb_clone+0x480/0x790 [ 225.500765][ T7193] ? __netlink_deliver_tap+0x7e8/0x830 [ 225.506287][ T7193] ? netlink_deliver_tap+0x2e/0x1b0 [ 225.511548][ T7193] ? __lock_acquire+0x7d40/0x7d40 [ 225.516636][ T7193] ? netlink_deliver_tap+0x2e/0x1b0 [ 225.521997][ T7193] netlink_unicast+0x751/0x8d0 [ 225.526835][ T7193] netlink_sendmsg+0x8d0/0xbf0 [ 225.531672][ T7193] ? netlink_getsockopt+0x590/0x590 [ 225.536934][ T7193] ? aa_sock_msg_perm+0x94/0x150 [ 225.541939][ T7193] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 225.547287][ T7193] ? security_socket_sendmsg+0x80/0xa0 [ 225.552801][ T7193] ? netlink_getsockopt+0x590/0x590 [ 225.558073][ T7193] ____sys_sendmsg+0x5ba/0x960 [ 225.562897][ T7193] ? __asan_memset+0x22/0x40 [ 225.567552][ T7193] ? __sys_sendmsg_sock+0x30/0x30 [ 225.572624][ T7193] ? __import_iovec+0x5f2/0x850 [ 225.577627][ T7193] ? import_iovec+0x73/0xa0 [ 225.582177][ T7193] ___sys_sendmsg+0x2a6/0x360 [ 225.586896][ T7193] ? __sys_sendmsg+0x2a0/0x2a0 [ 225.591773][ T7193] __se_sys_sendmsg+0x1c2/0x2b0 [ 225.596677][ T7193] ? __x64_sys_sendmsg+0x80/0x80 [ 225.601682][ T7193] ? lockdep_hardirqs_on+0x98/0x150 [ 225.606920][ T7193] do_syscall_64+0x55/0xa0 [ 225.611379][ T7193] ? clear_bhb_loop+0x40/0x90 [ 225.616095][ T7193] ? clear_bhb_loop+0x40/0x90 [ 225.620810][ T7193] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 225.626744][ T7193] RIP: 0033:0x7efda4f9bf79 [ 225.631213][ T7193] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 225.650885][ T7193] RSP: 002b:00007efda5df7028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 225.659352][ T7193] RAX: ffffffffffffffda RBX: 00007efda5215fa0 RCX: 00007efda4f9bf79 [ 225.667362][ T7193] RDX: 0000000000000080 RSI: 00002000000002c0 RDI: 0000000000000006 [ 225.675367][ T7193] RBP: 00007efda50327e0 R08: 0000000000000000 R09: 0000000000000000 [ 225.683390][ T7193] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 225.691417][ T7193] R13: 00007efda5216038 R14: 00007efda5215fa0 R15: 00007fff8a63c188 [ 225.699444][ T7193] [ 225.774572][ T7193] Mem-Info: [ 225.782417][ T7193] active_anon:23159 inactive_anon:0 isolated_anon:0 [ 225.782417][ T7193] active_file:18069 inactive_file:39976 isolated_file:0 [ 225.782417][ T7193] unevictable:768 dirty:138 writeback:0 [ 225.782417][ T7193] slab_reclaimable:10364 slab_unreclaimable:94938 [ 225.782417][ T7193] mapped:24762 shmem:18320 pagetables:673 [ 225.782417][ T7193] sec_pagetables:0 bounce:0 [ 225.782417][ T7193] kernel_misc_reclaimable:0 [ 225.782417][ T7193] free:1328941 free_pcp:8418 free_cma:0 [ 225.835877][ T7193] Node 0 active_anon:92636kB inactive_anon:0kB active_file:72276kB inactive_file:159700kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:99048kB dirty:552kB writeback:0kB shmem:71744kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11812kB pagetables:2692kB sec_pagetables:0kB all_unreclaimable? no [ 225.886420][ T7193] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 225.917514][ T7193] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 225.946039][ T7193] lowmem_reserve[]: 0 2521 2522 2522 2522 [ 225.971526][ T7193] Node 0 DMA32 free:1400336kB boost:0kB min:34644kB low:43304kB high:51964kB reserved_highatomic:0KB active_anon:92596kB inactive_anon:0kB active_file:72276kB inactive_file:158876kB unevictable:1536kB writepending:552kB present:3129332kB managed:2586972kB mlocked:0kB bounce:0kB free_pcp:14244kB local_pcp:1928kB free_cma:0kB [ 226.003300][ T7193] lowmem_reserve[]: 0 0 0 0 0 [ 226.008586][ T7193] Node 0 Normal free:0kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:40kB inactive_anon:0kB active_file:0kB inactive_file:824kB unevictable:0kB writepending:0kB present:1048576kB managed:872kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB [ 226.062813][ T7193] lowmem_reserve[]: 0 0 0 0 0 [ 226.068560][ T7193] Node 1 Normal free:3899828kB boost:0kB min:55244kB low:69052kB high:82860kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:19552kB local_pcp:10784kB free_cma:0kB [ 226.112017][ T7193] lowmem_reserve[]: 0 0 0 0 0 [ 226.120858][ T7193] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 226.134030][ T7193] Node 0 DMA32: 666*4kB (ME) 1803*8kB (UME) 801*16kB (UME) 442*32kB (UME) 287*64kB (UME) 125*128kB (UME) 54*256kB (UME) 32*512kB (UM) 15*1024kB (UME) 9*2048kB (UM) 307*4096kB (M) = 1399888kB [ 226.185328][ T7193] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 226.351282][ T7193] Node 1 Normal: 249*4kB (UM) 48*8kB (UME) 39*16kB (UME) 83*32kB (UME) 18*64kB (UE) 8*128kB (UME) 1*256kB (E) 3*512kB (UME) 2*1024kB (UE) 1*2048kB (E) 949*4096kB (M) = 3899828kB [ 226.388886][ T7193] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 226.398844][ T7193] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 226.415863][ T7193] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 226.435047][ T7193] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 226.458394][ T7193] 79208 total pagecache pages [ 226.463253][ T7193] 0 pages in swap cache [ 226.476661][ T7193] Free swap = 124204kB [ 226.481364][ T7193] Total swap = 124996kB [ 226.485698][ T7193] 2097051 pages RAM [ 226.490943][ T7193] 0 pages HighMem/MovableOnly [ 226.496270][ T7193] 416922 pages reserved [ 226.500626][ T7193] 0 pages cma reserved [ 226.655796][ T7220] loop0: detected capacity change from 0 to 512 [ 229.838472][ T5770] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 230.058530][ T5770] usb 1-1: config 0 has an invalid interface number: 41 but max is 0 [ 230.076399][ T5770] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 230.095669][ T5770] usb 1-1: config 0 has no interface number 0 [ 230.115521][ T5770] usb 1-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice=83.9c [ 230.125131][ T5770] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 230.145354][ T5770] usb 1-1: Product: syz [ 230.150247][ T5770] usb 1-1: Manufacturer: syz [ 230.154920][ T5770] usb 1-1: SerialNumber: syz [ 230.177924][ T5770] usb 1-1: config 0 descriptor?? [ 230.188795][ T5770] ims_pcu 1-1:0.41: Missing CDC union descriptor [ 230.200898][ T5770] ims_pcu: probe of 1-1:0.41 failed with error -22 [ 231.358192][ T5770] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 231.550893][ T5770] usb 3-1: Using ep0 maxpacket: 32 [ 231.580557][ T5770] usb 3-1: config 0 has an invalid interface number: 254 but max is 0 [ 231.590012][ T5770] usb 3-1: config 0 has no interface number 0 [ 231.642476][ T5770] usb 3-1: New USB device found, idVendor=5215, idProduct=1103, bcdDevice=e3.da [ 231.653711][ T5770] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 231.677641][ T5770] usb 3-1: Product: syz [ 231.681905][ T5770] usb 3-1: Manufacturer: syz [ 231.695192][ T5770] usb 3-1: SerialNumber: syz [ 231.714658][ T5770] usb 3-1: config 0 descriptor?? [ 231.741148][ T5770] usb-storage 3-1:0.254: USB Mass Storage device detected [ 232.009677][ T7249] loop1: detected capacity change from 0 to 128 [ 232.031708][ T7249] FAT-fs (loop1): Unrecognized mount option "18446744073709551615ÿÿÿ" or missing value [ 233.436383][ T5809] usb 1-1: USB disconnect, device number 7 [ 233.526540][ T7262] loop1: detected capacity change from 0 to 256 [ 233.747847][ T7262] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 234.156607][ T5809] usb 3-1: USB disconnect, device number 11 [ 234.500804][ T7272] loop2: detected capacity change from 0 to 512 [ 234.510802][ T7272] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 234.565903][ T7268] syz.1.376: attempt to access beyond end of device [ 234.565903][ T7268] loop1: rw=524288, sector=280, nr_sectors = 128 limit=256 [ 234.589567][ T7268] syz.1.376: attempt to access beyond end of device [ 234.589567][ T7268] loop1: rw=524288, sector=408, nr_sectors = 256 limit=256 [ 234.604083][ T7268] syz.1.376: attempt to access beyond end of device [ 234.604083][ T7268] loop1: rw=0, sector=280, nr_sectors = 8 limit=256 [ 234.632388][ T28] audit: type=1800 audit(1771021070.721:8): pid=7268 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.376" name="file1" dev="loop1" ino=1048598 res=0 errno=0 [ 234.742728][ T7272] EXT4-fs (loop2): 1 truncate cleaned up [ 234.763094][ T7272] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 235.602384][ T7284] Bluetooth: MGMT ver 1.22 [ 236.765833][ T5775] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 236.883259][ T3427] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 236.916005][ T3427] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 20004 - 0 [ 236.957408][ T7297] netlink: 84 bytes leftover after parsing attributes in process `syz.1.386'. [ 236.972140][ T7298] netlink: 'syz.1.386': attribute type 1 has an invalid length. [ 237.091186][ T3427] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 237.121837][ T3427] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 20004 - 0 [ 237.265867][ T3427] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 237.295104][ T3427] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 20004 - 0 [ 237.472459][ T3427] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 237.515011][ T3427] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 20004 - 0 [ 237.699679][ T7305] ufs: You didn't specify the type of your ufs filesystem [ 237.699679][ T7305] [ 237.699679][ T7305] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ... [ 237.699679][ T7305] [ 237.699679][ T7305] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old [ 237.731558][ T7305] ufs: ufstype=old is supported read-only [ 237.747498][ T7305] ufs: ufs_fill_super(): bad magic number [ 238.507337][ T786] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 238.530548][ T5783] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 238.558970][ T5783] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 238.575089][ T5783] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 238.585418][ T5783] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 238.595249][ T5783] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 238.604402][ T5783] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 239.521336][ T786] usb 1-1: Using ep0 maxpacket: 8 [ 239.529027][ T786] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 239.541021][ T786] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 239.619110][ T786] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 239.697145][ T786] usb 1-1: config 0 descriptor?? [ 241.886431][ T5783] Bluetooth: hci2: command tx timeout [ 242.077976][ T786] iowarrior 1-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 242.165829][ T786] usb 1-1: USB disconnect, device number 8 [ 243.959150][ T5778] Bluetooth: hci2: command tx timeout [ 244.532825][ T7307] chnl_net:caif_netlink_parms(): no params data found [ 244.945943][ T7307] bridge0: port 1(bridge_slave_0) entered blocking state [ 244.968927][ T7307] bridge0: port 1(bridge_slave_0) entered disabled state [ 244.985033][ T7307] bridge_slave_0: entered allmulticast mode [ 245.015386][ T7307] bridge_slave_0: entered promiscuous mode [ 245.116950][ T7307] bridge0: port 2(bridge_slave_1) entered blocking state [ 245.153473][ T7307] bridge0: port 2(bridge_slave_1) entered disabled state [ 245.364620][ T7307] bridge_slave_1: entered allmulticast mode [ 245.379000][ T7307] bridge_slave_1: entered promiscuous mode [ 246.096377][ T5778] Bluetooth: hci2: command tx timeout [ 246.198541][ T3427] hsr_slave_0: left promiscuous mode [ 246.266445][ T3427] hsr_slave_1: left promiscuous mode [ 246.307449][ T3427] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 246.322799][ T3427] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 246.353872][ T3427] bridge_slave_1: left allmulticast mode [ 246.373267][ T3427] bridge_slave_1: left promiscuous mode [ 246.398176][ T3427] bridge0: port 2(bridge_slave_1) entered disabled state [ 246.479285][ T3427] bridge_slave_0: left allmulticast mode [ 246.504516][ T3427] bridge_slave_0: left promiscuous mode [ 246.525536][ T3427] bridge0: port 1(bridge_slave_0) entered disabled state [ 246.619497][ T3427] veth1_macvtap: left promiscuous mode [ 246.625839][ T3427] veth0_macvtap: left promiscuous mode [ 246.643420][ T3427] veth1_vlan: left promiscuous mode [ 246.672515][ T3427] veth0_vlan: left promiscuous mode [ 247.973170][ T3427] bond2 (unregistering): (slave geneve2): Releasing active interface [ 248.121350][ T5778] Bluetooth: hci2: command tx timeout [ 248.166282][ T3427] bond2 (unregistering): Released all slaves [ 248.186998][ T3427] bond1 (unregistering): Released all slaves [ 248.770292][ T3427] team0 (unregistering): Port device team_slave_1 removed [ 248.824207][ T3427] team0 (unregistering): Port device team_slave_0 removed [ 248.876069][ T3427] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 248.933927][ T3427] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 249.331052][ T3427] bond0 (unregistering): Released all slaves [ 249.475033][ T7307] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 249.484650][ T7383] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 249.632695][ T7383] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 250.535752][ T7307] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 250.675580][ T7415] loop0: detected capacity change from 0 to 128 [ 250.748025][ T7307] team0: Port device team_slave_0 added [ 250.798056][ T7307] team0: Port device team_slave_1 added [ 250.865339][ T7307] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 250.874869][ T7307] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 250.993822][ T7307] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 251.061093][ T7307] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 251.077661][ T7307] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 251.112680][ T7307] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 251.882069][ T7307] hsr_slave_0: entered promiscuous mode [ 251.927945][ T7307] hsr_slave_1: entered promiscuous mode [ 252.152563][ T7307] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 252.162648][ T7307] Cannot create hsr debugfs directory [ 252.194372][ T3427] IPVS: stop unused estimator thread 0... [ 252.325827][ T7429] overlayfs: overlapping lowerdir path [ 253.229015][ T7307] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 253.255911][ T7307] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 253.292614][ T7307] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 253.322966][ T7307] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 253.642436][ T7307] 8021q: adding VLAN 0 to HW filter on device bond0 [ 253.720464][ T7307] 8021q: adding VLAN 0 to HW filter on device team0 [ 253.767928][ T2902] bridge0: port 1(bridge_slave_0) entered blocking state [ 253.775221][ T2902] bridge0: port 1(bridge_slave_0) entered forwarding state [ 253.820342][ T7417] warn_alloc: 1 callbacks suppressed [ 253.820360][ T7417] syz.3.410: vmalloc error: size 6291456, failed to allocated page array size 12288, mode:0x400dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null) [ 253.845937][ T2902] bridge0: port 2(bridge_slave_1) entered blocking state [ 253.858987][ T7417] ,cpuset= [ 253.865035][ T2902] bridge0: port 2(bridge_slave_1) entered forwarding state [ 253.898603][ T7417] syz3,mems_allowed=0-1 [ 253.902898][ T7417] CPU: 0 PID: 7417 Comm: syz.3.410 Not tainted syzkaller #0 [ 253.910255][ T7417] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 253.920381][ T7417] Call Trace: [ 253.923721][ T7417] [ 253.926704][ T7417] dump_stack_lvl+0x18c/0x250 [ 253.931464][ T7417] ? show_regs_print_info+0x20/0x20 [ 253.936723][ T7417] ? load_image+0x400/0x400 [ 253.941292][ T7417] ? __rcu_read_unlock+0x7c/0xd0 [ 253.946310][ T7417] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 253.952790][ T7417] ? cpuset_print_current_mems_allowed+0x2e7/0x360 [ 253.959371][ T7417] warn_alloc+0x246/0x340 [ 253.963781][ T7417] ? zone_watermark_ok_safe+0x230/0x230 [ 253.969413][ T7417] ? _raw_spin_unlock+0x28/0x40 [ 253.974311][ T7417] ? netlink_rcv_skb+0x241/0x4d0 [ 253.979297][ T7417] __vmalloc_node_range+0x662/0x1330 [ 253.984626][ T7417] ? __asan_memset+0x22/0x40 [ 253.989321][ T7417] ? free_vm_area+0x50/0x50 [ 253.993864][ T7417] ? kvmalloc_node+0x70/0x180 [ 253.998576][ T7417] ? rcu_is_watching+0x15/0xb0 [ 254.003383][ T7417] ? kvmalloc_node+0x70/0x180 [ 254.008096][ T7417] ? trace_kmalloc+0x1f/0x90 [ 254.012737][ T7417] kvmalloc_node+0x13f/0x180 [ 254.017372][ T7417] ? hash_netport4_resize+0x232/0x1b40 [ 254.022872][ T7417] hash_netport4_resize+0x232/0x1b40 [ 254.028248][ T7417] ? hash_netport4_uadt+0xc99/0xf30 [ 254.033495][ T7417] ? hash_netport4_uadt+0xf30/0xf30 [ 254.038736][ T7417] ? hash_netport4_kadt+0x590/0x590 [ 254.043979][ T7417] ? _local_bh_enable+0xa0/0xa0 [ 254.048876][ T7417] call_ad+0x454/0xb40 [ 254.052989][ T7417] ? ip_set_ad+0x9c0/0x9c0 [ 254.057462][ T7417] ? __nla_parse+0x40/0x50 [ 254.061939][ T7417] ip_set_ad+0x81a/0x9c0 [ 254.066255][ T7417] ? ip_set_dump_done+0x1e0/0x1e0 [ 254.071328][ T7417] ? rcu_is_watching+0x15/0xb0 [ 254.076207][ T7417] nfnetlink_rcv_msg+0xbf0/0x12b0 [ 254.081279][ T7417] ? entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 254.087380][ T7417] ? nfnetlink_rcv_msg+0x22a/0x12b0 [ 254.092632][ T7417] ? nfnetlink_unbind+0x160/0x160 [ 254.097715][ T7417] ? __dev_queue_xmit+0x1ac2/0x36b0 [ 254.102955][ T7417] ? __netlink_deliver_tap+0x5ab/0x830 [ 254.108455][ T7417] ? netlink_deliver_tap+0x19c/0x1b0 [ 254.113872][ T7417] ? netlink_unicast+0x72c/0x8d0 [ 254.118856][ T7417] ? netlink_sendmsg+0x8d0/0xbf0 [ 254.123837][ T7417] ? ____sys_sendmsg+0x5ba/0x960 [ 254.128816][ T7417] ? ___sys_sendmsg+0x2a6/0x360 [ 254.133700][ T7417] ? __se_sys_sendmsg+0x1c2/0x2b0 [ 254.138786][ T7417] ? do_syscall_64+0x55/0xa0 [ 254.143470][ T7417] netlink_rcv_skb+0x241/0x4d0 [ 254.148390][ T7417] ? nfnetlink_unbind+0x160/0x160 [ 254.153491][ T7417] ? netlink_ack+0x1180/0x1180 [ 254.158321][ T7417] ? apparmor_capable+0x137/0x1a0 [ 254.163398][ T7417] ? bpf_lsm_capable+0x9/0x10 [ 254.168121][ T7417] ? security_capable+0x89/0xb0 [ 254.173019][ T7417] nfnetlink_rcv+0x2c9/0x24a0 [ 254.177762][ T7417] ? __local_bh_enable_ip+0x13a/0x1c0 [ 254.183167][ T7417] ? lockdep_hardirqs_on+0x98/0x150 [ 254.188404][ T7417] ? __local_bh_enable_ip+0x13a/0x1c0 [ 254.193808][ T7417] ? _local_bh_enable+0xa0/0xa0 [ 254.198691][ T7417] ? __dev_queue_xmit+0x26b/0x36b0 [ 254.203836][ T7417] ? __dev_queue_xmit+0x26b/0x36b0 [ 254.208983][ T7417] ? __dev_queue_xmit+0x124f/0x36b0 [ 254.214229][ T7417] ? nfnetlink_net_exit_batch+0xa0/0xa0 [ 254.219816][ T7417] ? __dev_queue_xmit+0x26b/0x36b0 [ 254.224984][ T7417] ? ref_tracker_free+0x690/0x840 [ 254.230052][ T7417] ? refcount_inc+0x70/0x70 [ 254.234595][ T7417] ? __asan_memcpy+0x40/0x70 [ 254.239247][ T7417] ? __skb_clone+0x63/0x790 [ 254.243787][ T7417] ? __skb_clone+0x480/0x790 [ 254.248427][ T7417] ? __netlink_deliver_tap+0x7e8/0x830 [ 254.253943][ T7417] ? netlink_deliver_tap+0x2e/0x1b0 [ 254.259188][ T7417] ? __lock_acquire+0x7d40/0x7d40 [ 254.264261][ T7417] ? netlink_deliver_tap+0x2e/0x1b0 [ 254.269505][ T7417] netlink_unicast+0x751/0x8d0 [ 254.274322][ T7417] netlink_sendmsg+0x8d0/0xbf0 [ 254.279136][ T7417] ? netlink_getsockopt+0x590/0x590 [ 254.284377][ T7417] ? aa_sock_msg_perm+0x94/0x150 [ 254.289361][ T7417] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 254.294773][ T7417] ? security_socket_sendmsg+0x80/0xa0 [ 254.300363][ T7417] ? netlink_getsockopt+0x590/0x590 [ 254.305599][ T7417] ____sys_sendmsg+0x5ba/0x960 [ 254.310396][ T7417] ? __asan_memset+0x22/0x40 [ 254.315125][ T7417] ? __sys_sendmsg_sock+0x30/0x30 [ 254.320175][ T7417] ? __import_iovec+0x5f2/0x850 [ 254.325121][ T7417] ? import_iovec+0x73/0xa0 [ 254.329677][ T7417] ___sys_sendmsg+0x2a6/0x360 [ 254.334400][ T7417] ? __sys_sendmsg+0x2a0/0x2a0 [ 254.339268][ T7417] __se_sys_sendmsg+0x1c2/0x2b0 [ 254.344156][ T7417] ? __x64_sys_sendmsg+0x80/0x80 [ 254.349134][ T7417] ? lockdep_hardirqs_on+0x98/0x150 [ 254.354367][ T7417] do_syscall_64+0x55/0xa0 [ 254.358830][ T7417] ? clear_bhb_loop+0x40/0x90 [ 254.363549][ T7417] ? clear_bhb_loop+0x40/0x90 [ 254.368265][ T7417] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 254.374198][ T7417] RIP: 0033:0x7fdbf459bf79 [ 254.378672][ T7417] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 254.398312][ T7417] RSP: 002b:00007fdbf5548028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 254.406789][ T7417] RAX: ffffffffffffffda RBX: 00007fdbf4815fa0 RCX: 00007fdbf459bf79 [ 254.414836][ T7417] RDX: 0000000000000080 RSI: 00002000000002c0 RDI: 0000000000000006 [ 254.422841][ T7417] RBP: 00007fdbf46327e0 R08: 0000000000000000 R09: 0000000000000000 [ 254.430846][ T7417] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 254.438941][ T7417] R13: 00007fdbf4816038 R14: 00007fdbf4815fa0 R15: 00007ffca3958368 [ 254.446962][ T7417] [ 254.469366][ T7417] Mem-Info: [ 254.472567][ T7417] active_anon:23596 inactive_anon:0 isolated_anon:0 [ 254.472567][ T7417] active_file:18086 inactive_file:39989 isolated_file:0 [ 254.472567][ T7417] unevictable:768 dirty:105 writeback:0 [ 254.472567][ T7417] slab_reclaimable:10317 slab_unreclaimable:93084 [ 254.472567][ T7417] mapped:26537 shmem:19027 pagetables:649 [ 254.472567][ T7417] sec_pagetables:0 bounce:0 [ 254.472567][ T7417] kernel_misc_reclaimable:0 [ 254.472567][ T7417] free:1325071 free_pcp:13437 free_cma:0 [ 254.518074][ C1] vkms_vblank_simulate: vblank timer overrun [ 254.525860][ T7417] Node 0 active_anon:94384kB inactive_anon:0kB active_file:72344kB inactive_file:159752kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:106148kB dirty:420kB writeback:0kB shmem:74572kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11920kB pagetables:2596kB sec_pagetables:0kB all_unreclaimable? no [ 254.558294][ C1] vkms_vblank_simulate: vblank timer overrun [ 254.620078][ T7417] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 254.650394][ C1] vkms_vblank_simulate: vblank timer overrun [ 254.741307][ T7417] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 254.883395][ T7417] lowmem_reserve[]: 0 2521 2522 2522 2522 [ 254.924285][ T7417] Node 0 DMA32 free:1383592kB boost:0kB min:34644kB low:43304kB high:51964kB reserved_highatomic:0KB active_anon:95820kB inactive_anon:0kB active_file:72344kB inactive_file:158928kB unevictable:1536kB writepending:420kB present:3129332kB managed:2586972kB mlocked:0kB bounce:0kB free_pcp:35732kB local_pcp:17912kB free_cma:0kB [ 256.580098][ T1279] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.626233][ T7417] lowmem_reserve[]: 0 0 0 0 0 [ 256.631251][ T7417] Node 0 Normal free:0kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:40kB inactive_anon:0kB active_file:0kB inactive_file:824kB unevictable:0kB writepending:0kB present:1048576kB managed:872kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB [ 256.658587][ C1] vkms_vblank_simulate: vblank timer overrun [ 256.678337][ T7417] lowmem_reserve[]: 0 0 0 0 0 [ 256.684345][ T7417] Node 1 Normal free:3900340kB boost:0kB min:55244kB low:69052kB high:82860kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:19072kB local_pcp:8544kB free_cma:0kB [ 256.723011][ T7417] lowmem_reserve[]: 0 0 0 0 0 [ 256.728218][ T7417] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 256.742088][ T7417] Node 0 DMA32: 849*4kB (UME) 203*8kB (UME) 77*16kB (UME) 327*32kB (UME) 240*64kB (UME) 165*128kB (UME) 47*256kB (UME) 22*512kB (UM) 12*1024kB (UME) 3*2048kB (UM) 302*4096kB (M) = 1331916kB [ 256.762746][ T7417] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 256.774723][ T7417] Node 1 Normal: 249*4kB (UM) 48*8kB (UME) 39*16kB (UME) 91*32kB (UME) 22*64kB (UE) 8*128kB (UME) 1*256kB (E) 3*512kB (UME) 2*1024kB (UE) 1*2048kB (E) 949*4096kB (M) = 3900340kB [ 256.805954][ T7417] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 256.820014][ T7417] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 256.843914][ T7417] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 256.881432][ T7417] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 256.926370][ T7417] 93915 total pagecache pages [ 256.931136][ T7417] 0 pages in swap cache [ 256.935386][ T7417] Free swap = 124204kB [ 256.970999][ T7417] Total swap = 124996kB [ 256.975247][ T7417] 2097051 pages RAM [ 257.012097][ T7417] 0 pages HighMem/MovableOnly [ 257.037621][ T7417] 416922 pages reserved [ 257.042275][ T7417] 0 pages cma reserved [ 257.577450][ T7307] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 258.208205][ T7485] fuse: Bad value for 'fd' [ 258.426952][ T7492] overlayfs: failed to clone upperpath [ 258.601618][ T7480] kvm: kvm [7479]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x86e [ 258.640407][ T7480] kvm: kvm [7479]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x821 [ 258.661662][ T7480] kvm: kvm [7479]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x80c [ 258.721913][ T7480] kvm: kvm [7479]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x8b6 [ 258.832738][ T7480] kvm: kvm [7479]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x1d [ 258.862813][ T7480] kvm: kvm [7479]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x8db [ 258.895982][ T7307] veth0_vlan: entered promiscuous mode [ 258.906018][ T7480] kvm: kvm [7479]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x97 [ 258.942124][ T7307] veth1_vlan: entered promiscuous mode [ 258.955986][ T7480] kvm: kvm [7479]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x896 [ 259.071619][ T7307] veth0_macvtap: entered promiscuous mode [ 259.111222][ T7307] veth1_macvtap: entered promiscuous mode [ 259.175242][ T7307] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 259.205492][ T7307] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 259.384647][ T7307] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 259.575592][ T7307] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 259.610167][ T7307] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 259.677176][ T7307] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 259.760277][ T7307] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 259.845823][ T7307] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 259.918272][ T7307] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 259.957933][ T7307] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 259.989922][ T7516] loop0: detected capacity change from 0 to 128 [ 260.031623][ T7516] FAT-fs (loop0): Unrecognized mount option "18446744073709551615ÿÿÿ" or missing value [ 260.143987][ T6117] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 260.402537][ T797] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 260.414130][ T797] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 261.188252][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 261.209805][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 261.282973][ T7529] syzkaller0: entered promiscuous mode [ 261.296097][ T7529] syzkaller0: entered allmulticast mode [ 261.516509][ T7534] netlink: 'syz.3.430': attribute type 4 has an invalid length. [ 262.797839][ T7550] netlink: 'syz.1.439': attribute type 4 has an invalid length. [ 263.250317][ T7552] loop0: detected capacity change from 0 to 256 [ 263.371325][ T7554] netlink: 4 bytes leftover after parsing attributes in process `syz.3.433'. [ 263.394045][ T7552] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 263.549882][ T7554] syz_tun: entered promiscuous mode [ 263.594942][ T7554] macvtap1: entered promiscuous mode [ 263.600608][ T7554] macvtap1: entered allmulticast mode [ 263.606044][ T7554] syz_tun: entered allmulticast mode [ 263.745766][ T7556] syz_tun: left allmulticast mode [ 263.858106][ T7556] syz_tun: left promiscuous mode [ 263.919714][ T7560] syz.0.432: attempt to access beyond end of device [ 263.919714][ T7560] loop0: rw=524288, sector=280, nr_sectors = 128 limit=256 [ 263.937931][ T7560] syz.0.432: attempt to access beyond end of device [ 263.937931][ T7560] loop0: rw=524288, sector=408, nr_sectors = 256 limit=256 [ 263.951986][ T7560] syz.0.432: attempt to access beyond end of device [ 263.951986][ T7560] loop0: rw=0, sector=280, nr_sectors = 8 limit=256 [ 263.982491][ T28] audit: type=1800 audit(1771021100.071:9): pid=7560 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.432" name="file1" dev="loop0" ino=1048604 res=0 errno=0 [ 265.066776][ T7569] loop1: detected capacity change from 0 to 8192 [ 268.393747][ T7601] netlink: 28 bytes leftover after parsing attributes in process `syz.3.443'. [ 268.507592][ T7601] netlink: 28 bytes leftover after parsing attributes in process `syz.3.443'. [ 268.575137][ T7592] syzkaller0: entered promiscuous mode [ 268.619007][ T7592] syzkaller0: entered allmulticast mode [ 269.440081][ T7609] syzkaller0: entered promiscuous mode [ 269.445745][ T7609] syzkaller0: entered allmulticast mode [ 270.849537][ T7617] syz.1.449 uses obsolete (PF_INET,SOCK_PACKET) [ 270.916334][ T5783] Bluetooth: hci2: command 0x0405 tx timeout [ 271.423977][ T7626] syzkaller0: entered promiscuous mode [ 271.810760][ T7626] syzkaller0: entered allmulticast mode [ 277.852415][ T7652] [ 277.854855][ T7652] ============================= [ 277.859978][ T7652] WARNING: suspicious RCU usage [ 277.864875][ T7652] syzkaller #0 Not tainted [ 277.869808][ T7652] ----------------------------- [ 277.874712][ T7652] net/mac80211/iface.c:378 suspicious rcu_dereference_protected() usage! [ 277.883848][ T7652] [ 277.883848][ T7652] other info that might help us debug this: [ 277.883848][ T7652] [ 277.894582][ T7652] [ 277.894582][ T7652] rcu_scheduler_active = 2, debug_locks = 1 [ 277.902813][ T7652] 1 lock held by syz.0.455/7652: [ 277.907896][ T7652] #0: ffffffff8e3c0208 (rtnl_mutex){+.+.}-{3:3}, at: dev_ioctl+0x7a4/0x1140 [ 277.916885][ T7652] [ 277.916885][ T7652] stack backtrace: [ 277.922821][ T7652] CPU: 0 PID: 7652 Comm: syz.0.455 Not tainted syzkaller #0 [ 277.930161][ T7652] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 277.940271][ T7652] Call Trace: [ 277.943601][ T7652] [ 277.946587][ T7652] dump_stack_lvl+0x18c/0x250 [ 277.951336][ T7652] ? show_regs_print_info+0x20/0x20 [ 277.956629][ T7652] ? load_image+0x400/0x400 [ 277.961206][ T7652] lockdep_rcu_suspicious+0x1e1/0x300 [ 277.966652][ T7652] ieee80211_check_concurrent_iface+0x475/0x950 [ 277.972958][ T7652] ieee80211_open+0xc1/0x200 [ 277.977609][ T7652] __dev_open+0x2cb/0x430 [ 277.981999][ T7652] ? dev_open+0x190/0x190 [ 277.986403][ T7652] __dev_change_flags+0x211/0x6a0 [ 277.991497][ T7652] ? __mutex_lock+0x4f9/0xcc0 [ 277.996244][ T7652] ? dev_get_flags+0x1c0/0x1c0 [ 278.001069][ T7652] ? mutex_lock_nested+0x20/0x20 [ 278.006070][ T7652] dev_change_flags+0x88/0x1a0 [ 278.010902][ T7652] dev_ioctl+0x7b4/0x1140 [ 278.015294][ T7652] sock_do_ioctl+0x239/0x310 [ 278.019954][ T7652] ? sock_show_fdinfo+0xb0/0xb0 [ 278.024868][ T7652] sock_ioctl+0x5ba/0x7e0 [ 278.029261][ T7652] ? sock_poll+0x3e0/0x3e0 [ 278.033735][ T7652] ? bpf_lsm_file_ioctl+0x9/0x10 [ 278.038814][ T7652] ? security_file_ioctl+0x80/0xa0 [ 278.043967][ T7652] ? sock_poll+0x3e0/0x3e0 [ 278.048423][ T7652] __se_sys_ioctl+0xfd/0x170 [ 278.053064][ T7652] do_syscall_64+0x55/0xa0 [ 278.057534][ T7652] ? clear_bhb_loop+0x40/0x90 [ 278.062248][ T7652] ? clear_bhb_loop+0x40/0x90 [ 278.066957][ T7652] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 278.072914][ T7652] RIP: 0033:0x7efda4f9bf79 [ 278.077367][ T7652] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 278.097024][ T7652] RSP: 002b:00007efda5db5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 278.105490][ T7652] RAX: ffffffffffffffda RBX: 00007efda5216180 RCX: 00007efda4f9bf79 [ 278.113633][ T7652] RDX: 0000200000002280 RSI: 0000000000008914 RDI: 0000000000000004 [ 278.121659][ T7652] RBP: 00007efda50327e0 R08: 0000000000000000 R09: 0000000000000000 [ 278.129683][ T7652] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 278.137704][ T7652] R13: 00007efda5216218 R14: 00007efda5216180 R15: 00007fff8a63c188 [ 278.145738][ T7652] [ 278.167898][ T7652] mac80211_hwsim hwsim2 syzkaller0: entered promiscuous mode [ 278.218039][ T7652] mac80211_hwsim hwsim2 syzkaller0: entered allmulticast mode [ 278.271766][ T7656] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 278.290558][ T7647] syzkaller0: entered promiscuous mode [ 278.306931][ T7647] syzkaller0: entered allmulticast mode [ 279.783259][ T33] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 279.938049][ T33] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 280.109759][ T33] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 280.247514][ T33] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 281.349479][ T33] bond0: (slave wlan1): Releasing backup interface [ 281.560848][ T33] hsr_slave_0: left promiscuous mode [ 281.569541][ T33] hsr_slave_1: left promiscuous mode [ 281.575863][ T33] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 281.584880][ T33] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 281.593444][ T33] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 281.601469][ T33] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 281.625979][ T33] veth1_macvtap: left promiscuous mode [ 281.631740][ T33] veth0_macvtap: left promiscuous mode [ 281.638016][ T33] veth1_vlan: left promiscuous mode [ 281.644000][ T33] veth0_vlan: left promiscuous mode [ 282.342769][ T33] team0 (unregistering): Port device team_slave_1 removed [ 282.401087][ T33] team0 (unregistering): Port device team_slave_0 removed [ 282.452336][ T33] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 282.506757][ T33] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 282.901115][ T33] bond0 (unregistering): Released all slaves [ 283.278558][ T33] IPVS: stop unused estimator thread 0... [ 283.383296][ T33] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 283.461897][ T33] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 283.532999][ T33] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 283.603198][ T33] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 283.823964][ T33] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 283.892988][ T33] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 283.998625][ T33] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 284.097898][ T33] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 284.283879][ T33] tipc: Left network mode [ 285.279761][ T33] bond0: (slave wlan1): Releasing backup interface [ 285.293554][ T33] bond0: Destroying bond [ 285.335092][ T33] bond0 (unregistering): Released all slaves [ 285.786470][ T33] hsr_slave_0: left promiscuous mode [ 285.792669][ T33] hsr_slave_1: left promiscuous mode [ 285.813041][ T33] hsr_slave_0: left promiscuous mode [ 285.819380][ T33] hsr_slave_1: left promiscuous mode [ 285.825355][ T33] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 285.834991][ T33] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 285.843795][ T33] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 285.851611][ T33] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 285.861179][ T33] bridge_slave_1: left allmulticast mode [ 285.867820][ T33] bridge_slave_1: left promiscuous mode [ 285.874876][ T33] bridge0: port 2(bridge_slave_1) entered disabled state [ 285.884940][ T33] bridge_slave_0: left allmulticast mode [ 285.891273][ T33] bridge_slave_0: left promiscuous mode [ 285.897325][ T33] bridge0: port 1(bridge_slave_0) entered disabled state [ 285.938575][ T33] veth1_macvtap: left promiscuous mode [ 285.944246][ T33] veth0_macvtap: left promiscuous mode [ 285.951013][ T33] veth1_vlan: left promiscuous mode [ 285.957128][ T33] veth0_vlan: left promiscuous mode [ 285.964973][ T33] veth1_macvtap: left promiscuous mode [ 285.972318][ T33] veth0_macvtap: left promiscuous mode [ 285.978588][ T33] veth1_vlan: left promiscuous mode [ 285.983920][ T33] veth0_vlan: left promiscuous mode [ 287.829956][ T33] team0 (unregistering): Port device team_slave_1 removed