last executing test programs: 21.4278345s ago: executing program 3 (id=101): creat(&(0x7f00000000c0)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018004000800395032303030"], 0x15) r2 = dup(r1) write$P9_RLERRORu(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES8=0x0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20) write$binfmt_elf64(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) creat(&(0x7f0000000380)='./file0\x00', 0x80) 21.090121218s ago: executing program 3 (id=103): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62181) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000004c0)='/proc/asound/seq/clients\x00', 0x0, 0x0) lseek(r3, 0x9, 0x0) 18.737281912s ago: executing program 2 (id=108): syz_mount_image$hfsplus(&(0x7f0000000380), &(0x7f0000000640)='./file0\x00', 0x40, &(0x7f0000000000)=ANY=[@ANYBLOB="000b9240c8aee6631ad071808fe5ec25c497c626f69d02a71d1d27602d048db08101209e5e4cce0e9628b0636f3baa"], 0x1, 0x610, &(0x7f0000000c80)="$eJzs3c1vHGcdB/DvrN8DStw2aQsCYZIDqBGJ19umPiAICCEfKlSJSy89WInTWNm4lb2t3AqhhNcr/0HLwTlz4oA4RCpn/gVLHHpA4m5OQTM7a69f6thuzK6Vz0d69nmeeWae55lfZmZ3Zh1tgOfWwjsZe5wiC1ffWi/rmxut9uZG636vnGSikTSS0VRZipWk+Dy5mW7KN8qFdXfFl43z7qdvzn/RfPSwWxutU7V+47DtjuZBnTKTZKTOn1V/t75yf8X2HpYBu9ILHAzak30eHGfzr3jeAsOg6L5v7jOdnEsyWX4OSO9dsfuefaYd6yoHAAAAZ8PX9y64sJWtrOf8YKYDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZ1P9+/9FnRq98kyK3u//j9fLUpfPtMeDngAAAAAAAAAAPAPf2cpW1nO+V39SVN/5X64qF6vXr+XDrGUpq7mW9Symk05W00wy3dfR+Ppip7PaPMKWcwduOdf94wIAAAAAAAAA4ER+k4Wd7/8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAYFMlIN6vSxV55Oo3RJJNJxsv1HiR/75XPsseDngAAAAD8H1zYylbWc75Xf1JU9/wvV/f9k/kwK+lkOZ20s5Tb1bOA7l1/Y3Oj1d7caN0v0/5+f/KfY02j6jHdZw8HjzxbrXFpe4uF/Dy/zNXM5O2sZjkfZTGdLGUmmZxMJ4spMl0/vZjuzfPg+d7cVXv7aXN9tZrJVO5kuZrbtdzK+2nndhrVPlTrHD7iwzI6xY9rR4zR7Tov9+hPdT4cpquIjG1HZLaOfRmNFw6KxM5jo2MeJ3tHaqax3dnFU4j5uTovY/2HAcd8YldtbyTm+o6+lw+PRHL5X9/+6932yr27d9auDs9hdEJ7I9Hqi8Qrz1UkxutodK+iR7ta/qwqLeZyte35LOcXeT+3s5Q3Mp83MpfX83pmM58bfXG9tLnR+u9TzrXG8c61K9+vC1NJ/ljnw6GM6wt9ce2/0k1Xbf1LdqL04rO/Io1+sy6UY/y2zofD3kg0+yLx0uGR+POT8nWtvXJv9e7iB0cc73t1Xp62vz/Otbn/wDqVLzDKTl8s/7Gq2u6jo2x76cC2ZtV2cbutsa/t0nbb087U8foz3P6e5qq2Vw5sa1Vtr/a1HfQpB4Chd+61c+NT/57659RnU7+bujv11uRPJ+YnvjWesX+M/m3kL41HjR8Wr+Wz/Hrn/h8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAADi5tY8/ubfYbi+tKuwuTGT3krEMycQUnr/Cdwcw6KCvTMBpu965/8H1tY8/+cHy/cX3lt5bWmm1mjfm5m/Mz924fme5vTTbfR30NIFTsPOmv7NsZJATAgAAAAAAAAAAAJ6q+vu/Rk71vxMMeh8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAs23hnYw9TpHm7LXZsr650WqXqVfeWXM0SSNJ8auk+Dy5mW7KdF93xZeN8+6nb85/0Xz0cLuvydHe+o3DtjuaB3XKTJKROt/vRxdO0t+tvv7GPzrJ9IrtPSwDdqUXOBi0/wUAAP//E9AMfw==") munmap(&(0x7f0000001000/0x4000)=nil, 0x4000) openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x2042, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x20040080) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) getdents64(r1, &(0x7f0000000f80)=""/4095, 0xfff) 16.324133608s ago: executing program 5 (id=114): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10) flock(0xffffffffffffffff, 0x2) close(0xffffffffffffffff) syz_extract_tcp_res$synack(0x0, 0x1, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x8001}, 0x4) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_emit_ethernet(0x32, &(0x7f0000000880)={@local, @multicast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x2, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x0, 0x10, 0x0, @gue={{0x2}}}}}}}, 0x0) syz_emit_ethernet(0x32, &(0x7f0000000000)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @random="e43f6642531e", @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0xe000, 0x2, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x10, 0x0, @gue={{0x2, 0x1, 0x1, 0x10}}}}}}}, 0x0) 15.856160312s ago: executing program 2 (id=117): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) ioctl$UI_SET_EVBIT(r3, 0x40045564, 0x3) write$uinput_user_dev(r3, &(0x7f0000000080)={'syz1\x00', {0x1b10, 0x0, 0x1, 0x2}, 0x2f, [0x2, 0x4, 0x704d, 0x1, 0x5, 0x1, 0x2, 0x7db, 0x4, 0xfffffc01, 0xfffffffb, 0x8, 0x1, 0x100, 0xfe, 0x48, 0x7, 0x5, 0x2ca, 0x8, 0x76, 0x8, 0x0, 0x81, 0x40, 0x19b1, 0x8000, 0x7, 0x7fff, 0x4000000, 0x7, 0x3, 0xe, 0x7, 0x1, 0x1, 0x5, 0xf, 0x7, 0x10001, 0x9, 0x7f, 0x8, 0x6, 0xb, 0x5, 0x6, 0x40, 0x7f, 0x9, 0x1, 0x6, 0x3, 0x2284919, 0x4, 0x5643fa73, 0xfffeffff, 0x6, 0x800, 0x2, 0x8a, 0x6, 0x1, 0x6], [0xffffffd2, 0x7fffffff, 0xffff, 0x8, 0xe62, 0x3, 0x0, 0x9, 0xc33, 0x3, 0x7, 0x800, 0x6c368000, 0x4, 0x7, 0x0, 0x10, 0x5, 0x8, 0x8001, 0x3, 0x7fff, 0x9, 0x0, 0x5, 0x4, 0x7, 0x8, 0x40, 0xc10, 0x80000001, 0x3, 0x3, 0x3, 0x7, 0x8, 0x8, 0x7, 0x4, 0x9, 0x5, 0x3, 0x2, 0x0, 0x0, 0x11e, 0xa4, 0x4, 0x5, 0xd69, 0x9, 0xf404, 0xf1, 0x3, 0x3, 0x1, 0x6, 0x6, 0x0, 0x6, 0x8, 0x6, 0x4, 0x68], [0x3, 0x1, 0x4, 0xfffffffc, 0x0, 0x7fff, 0x401, 0x9, 0x2, 0xffc, 0x7, 0x4, 0xc, 0x7, 0x6, 0xa, 0x6, 0x4, 0x5, 0x5, 0x2, 0x30000000, 0x644, 0x2, 0xfffffffd, 0x7, 0x5, 0x7f, 0x7ff, 0xd, 0x400, 0xf, 0x41, 0x81, 0xc99, 0x25a, 0x2, 0x0, 0x2, 0x5d9fffa, 0x3ff, 0xff, 0x1, 0x8, 0x10000, 0xe7, 0x200, 0x7af5, 0x2, 0xb, 0x0, 0xffff, 0x7, 0x6, 0x2, 0x81, 0x8, 0x2, 0x7, 0x100, 0x8, 0x0, 0x6, 0x10], [0xffffff80, 0xd5800000, 0x0, 0x4, 0x2, 0x62a, 0x3, 0x7, 0xb343, 0x4, 0x1, 0x8, 0x8000, 0x8, 0xffffff81, 0x80000000, 0x5, 0x3, 0x200, 0xfff, 0x3, 0xfffffffd, 0x3c63, 0x7, 0x6, 0xe6, 0xffffffff, 0x3, 0x2, 0x7, 0x1, 0x7, 0x7, 0x8, 0x1, 0xf, 0x9, 0x17ce, 0x0, 0x3, 0x6fe, 0xe, 0x7, 0x13a, 0x7, 0x0, 0xb757, 0x2, 0xba, 0x996, 0x50, 0x8c1, 0x0, 0x5, 0x4, 0xf, 0x100, 0x10000400, 0x9, 0x7fff, 0x3, 0xfffffffb, 0xc, 0x2]}, 0x45c) ioctl$UI_SET_ABSBIT(r3, 0x40045567, 0x0) ioctl$UI_DEV_CREATE(r3, 0x5501) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_opts(r4, 0x29, 0x4d, &(0x7f0000000140)=ANY=[], 0x8) setsockopt$inet6_int(r4, 0x29, 0x4a, &(0x7f0000000040)=0x7, 0x4) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="1400000010000173c2e5864a2fad65000000000a28000000000a010400000000000000000100004008000240000000020900010073797a300000000014000000110001689b2d8a34d4f6e2ed81529cc3bd67fb918b960b73d57807d6eb210309d1020d32d0a1278620bec91d7749d881a25f2c1555397aa424"], 0x50}}, 0x0) sendmsg$NFT_BATCH(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="140000001000009006000000000000000000000a3c000000090a050600001900000000000100000008000a40000000000900020073797a32000000000900010073797a300000000008000540000000141400000011"], 0x64}}, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETSETELEM(r6, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="2c0000000d0a010e0000000000000000010000000900010073797a30000000000900020073797a3200000000cb97d6513e5986c29fe24fffb436f3144d8b419c1118e495d11031278cdf691ed1c927eb85f567223772542f5b3ee45adbbed11d0e24f729d09ad57307776bef6b40eb5871f3a93015684942000000000000000810a9b1ab216e8cbbc0c4ffbdb873193c0bc449b3375050f820795426ec0cce6a13a91825ea7a"], 0x2c}}, 0x0) 15.846338183s ago: executing program 5 (id=118): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r0, 0x9) r1 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) sendto$inet(r1, &(0x7f0000000040)="a6", 0xffffff4c, 0x0, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)={0x28, r3, 0x7, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @local}]}]}, 0x28}}, 0x0) sendmsg$MPTCP_PM_CMD_ADD_ADDR(0xffffffffffffffff, 0x0, 0x0) 15.786461106s ago: executing program 4 (id=119): socket$nl_generic(0x10, 0x3, 0x10) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_QUEUE_SEQ(r1, 0x6, 0xd, 0xfffffffffffffffe, 0x10) getsockopt$ARPT_SO_GET_ENTRIES(r1, 0x0, 0x61, &(0x7f0000000040), &(0x7f0000000080)=0x24) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x4, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r2, 0x2000000, 0xe, 0x0, &(0x7f0000000500)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x10001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 15.695563975s ago: executing program 0 (id=120): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_rx_ring(r0, 0x107, 0x5, 0x0, 0x0) socket$igmp(0x2, 0x3, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$vim2m(0xffffff9c, 0x0, 0x2, 0x0) r4 = socket$alg(0x26, 0x5, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000001c0), 0x0, &(0x7f0000002340)={[{@quota}, {@huge_always}]}) syz_open_procfs(0x0, &(0x7f0000000040)='mountinfo\x00') bind$alg(r4, &(0x7f0000000000)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha384\x00'}, 0x58) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, 0x0, 0x0) r5 = accept4(r4, 0x0, 0x0, 0x0) recvmsg(r5, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000080)=""/101, 0x65}], 0x1}, 0x0) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000480)=ANY=[], 0x48) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x4, r6, 0x0, 0x700}, 0x38) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r7 = io_uring_setup(0x2237, &(0x7f0000000080)={0x0, 0xfffffffc, 0x1, 0x0, 0xfffffffe}) io_uring_register$IORING_REGISTER_FILES_UPDATE2(r7, 0xe, &(0x7f0000001180)={0x0, 0x0, 0x0, 0x0}, 0x20) 14.312190889s ago: executing program 5 (id=122): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001700)=@base={0x16, 0x0, 0xb161, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0, 0xffffffffffffffff}, 0x0}, 0x20) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_LOOKUP_ELEM(0x15, &(0x7f0000000200)={r1, 0x0, &(0x7f0000001780)=""/4096}, 0x20) 13.955160954s ago: executing program 3 (id=123): creat(&(0x7f0000000240)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) chmod(&(0x7f0000000140)='./file0\x00', 0x0) r3 = creat(&(0x7f0000000300)='./file0\x00', 0x0) write$binfmt_aout(r3, &(0x7f0000000540)={{0x108, 0x1, 0x7f, 0xb2, 0x370, 0x80000001, 0xb, 0xfff}, "", ['\x00']}, 0x120) 13.954946295s ago: executing program 4 (id=124): syz_emit_vhci(&(0x7f0000000580)=@HCI_EVENT_PKT={0x4, @hci_ev_role_change={{0x12, 0x8}, {0x5, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x5}}}, 0xb) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0x0, 0x0) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42f82, 0x0) ioctl$SNDCTL_DSP_SPEED(r2, 0xc0045002, &(0x7f0000000180)) write$dsp(r2, &(0x7f00000001c0)="5cba91a4", 0xffffffd9) 13.954415359s ago: executing program 2 (id=135): syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000840)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, &(0x7f0000000200)={[{@jqfmt_vfsold}, {@max_batch_time={'max_batch_time', 0x3d, 0x1}}, {@debug}, {@noload}, {@nombcache}, {@noblock_validity}, {@init_itable_val={'init_itable', 0x3d, 0x601}}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x2}}]}, 0xfe, 0x46c, &(0x7f0000001380)="$eJzs3M1vFOUfAPDvTF94+/FrRXwBQapoJL60tLzIwYtGEw6amOgB46m2hVQWamhNhBCtHvBoSLwb/wvjSS9GvWjiVe+GhBguoF7WzM4MLMtu2aXbLrCfTzLd55l5us/znZln95l5djeAvjWW/Uki/hcRv0fESJ69ucBY/nDtyvmZv6+cn0miWn3rr6RW7uqV8zNl0fL/tuSZarXIb2hS74V3I6YrlbkzRX5i6dQHE4tnz70wf2r6xNyJudNTR44cPLB7+PDUoa7EmcV1defHC7t2HH3n4hszxy6+91OSRh53NMTRLWP53m3q6W5X1mNb69LJYP2WPb/cSDc7E+ilgYjIDtdQrf+PxEBsur5tJF77rKeNA9ZUtVqtrvCqvFwF7mNJ9LoFQG+Ub/TZ9W+5rNPQ465w+eX8AiiL+1qx5FsGI80Te4Yarm+7aSwiji3/81W2xBrdhwAAqPddNv55vtn4L42H88Rw9uf/xRzKaEQ8EBHbIuLBiNgeEQ9F1Mo+EhGPdlh/4wzJreOf9NIdB9eGbPz3UjG3dfP4Ly2LjA4Uua21+IeS4/OVuf3FPtkXQxuOzydzkyvU8f2rv33Ralv9+C9bsvrLsWDRjkuDDTfoZqeXplcTc73Ln0bsHGwWfxLlNE4SETsiYucd1jH/7GDLbbePfwWtn7Zt1a8jnsmP/3I0xF9KWs5PTr54eOrQxMaozO2fKM+KW/3864U3W9W/qvi7IDv+m5ue/9fjH002RiyePXeyNl+72HkdF/74vOU1TYfn/9Gtxfk/nLxdWzFcbPhoemnpzGTEcPL6reunbjxbmS/LZ/Hv29u8/2+LG3visYjYFRG7I+Lx7KKwaPsTEfFkROxdIf4fX3nq/c7jX5+50iz+2dsd/6g//p0nBk7+8O3t498YEa2O/8Faal+xpp3Xv3YbuJp9BwAAAPeK/DPwSTp+PZ2m4+P5Z/i3x+a0srC49NzxhQ9Pz+aflR+NobS80zVSdz90srg3XOanGvIHivvGXw5squXHZxYqs70OHvrclhb9P/PnQK9bB6y5LsyjAfco/R/6l/4P/SnR/6Gv6f/Qv5r1/09alh7/Zk0bA6wr7//Qv9ro/8v5Q+tRAXBv8v4P/Uv/h77U8rvx6aq+8r/uiX+L3zO8W9pz/ycivSuacf8nBtv+MYsOEtWRvP9nazY0LdPrVyYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDu+C8AAP//F0nluw==") creat(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1) creat(&(0x7f0000000100)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x194) rename(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000f40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) mknodat(0xffffffffffffff9c, &(0x7f0000000140)='./file4\x00', 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='blkio.bfq.io_service_time_recursive\x00', 0x275a, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpu.stat\x00', 0x275a, 0x0) openat$cgroup_ro(r0, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) 12.698650501s ago: executing program 5 (id=125): socket$inet(0x2, 0x4000000000000001, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/timer_list\x00', 0x0, 0x0) r3 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x41, 0x0) ioctl$TCSETS(r3, 0x40045431, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, 0x0, 0x0) sendmsg$NFT_BATCH(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={{0x14}, [@NFT_MSG_NEWRULE={0x4c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x20, 0x4, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, @queue={{0xa}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_QUEUE_SREG_QNUM={0x8, 0x4, 0x1, 0x0, 0x10}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x74}}, 0x0) r5 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) fcntl$notify(r5, 0x402, 0x80000034) fcntl$setsig(r5, 0xa, 0x21) openat$snapshot(0xffffffffffffff9c, &(0x7f00000002c0), 0x1c5100, 0x0) creat(0x0, 0x80) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000340)=@ipv6_delroute={0x34, 0x19, 0x800, 0x0, 0x0, {0xa, 0x0, 0x80, 0x0, 0x0, 0x4, 0xc8, 0xa, 0x3100}, [@RTA_PREF={0x5, 0x14, 0x1}, @RTA_EXPIRES={0x8, 0x17, 0x5}, @RTA_PREF={0x5, 0x14, 0xb}]}, 0x34}}, 0x0) 12.693348837s ago: executing program 1 (id=126): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x7a, 0x1000, 0x6, 0xbb}, 0xfffffffffffffed8) r1 = socket$igmp(0x2, 0x3, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$vim2m(0xffffff9c, &(0x7f0000000180), 0x2, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000001c0), 0x0, &(0x7f0000002340)={[{@quota}, {@huge_always}]}) syz_open_procfs(0x0, &(0x7f0000000040)='mountinfo\x00') bind$alg(r3, &(0x7f0000000000)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha384\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, 0x0, 0x0) r4 = accept4(r3, 0x0, 0x0, 0x0) recvmsg(r4, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000080)=""/101, 0x65}], 0x1}, 0x0) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x4, 0xffffffffffffffff, 0x0, 0x700}, 0x38) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'syz_tun\x00'}) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r5 = io_uring_setup(0x2237, &(0x7f0000000080)={0x0, 0xfffffffc, 0x1, 0x0, 0xfffffffe}) io_uring_register$IORING_REGISTER_FILES_UPDATE2(r5, 0xe, &(0x7f0000001180)={0x0, 0x0, 0x0, 0x0}, 0x20) 11.336428612s ago: executing program 1 (id=127): prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x420000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket(0x40000000002, 0x3, 0x9) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) chdir(&(0x7f0000000480)='./cgroup\x00') select(0x40, &(0x7f0000000000), 0x0, &(0x7f0000000080)={0x6}, &(0x7f00000000c0)={0x0, 0x2}) ioctl$SNDRV_PCM_IOCTL_PREPARE(0xffffffffffffffff, 0x4140, 0x0) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r5, 0x6, 0xe, 0x0, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r5, 0x6, 0xe, &(0x7f0000000200)={@in6={{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @multicast2}}}, 0x0, 0x0, 0x1, 0x0, "a0aad30a8b1350f2461250f9e5b2fc536fd0861c38349b6f6ad8c6f78a18d8576ba9bcd139acd078c1207e7b717cd1c8e723c17364efbae56931f838ecf65aba7e990fe8a4a01b3302b27fe7c991a9cb"}, 0xd8) close_range(r4, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x101c08a, &(0x7f0000000380)={[{@utf8no}, {@iocharset={'iocharset', 0x3d, 'iso8859-1'}}, {@fat=@fmask}, {@uni_xlate}, {@uni_xlateno}, {@rodir}, {@shortname_mixed}, {@uni_xlateno}, {@utf8no}, {@utf8}, {@shortname_win95}, {@rodir}, {@fat=@nfs_nostale_ro}, {@rodir}, {@utf8}, {@shortname_winnt}, {}]}, 0x6, 0x2c3, &(0x7f0000000900)="$eJzs3T+LHGUcB/Df7M3OrlrsFlYiOKCFVciltdlDEhCvMmyhFnqYC8jtItzBgX9wTWVrY2HhKxAEX4iN70CwFeyMEHhkZmeyu5dlcxuyJyafT5MnzzzfeX7Ps8PdXHHPffzq9OROGXfvffV79PtZdEYxivtZDKMTrW9ixei7AAD+z+6nFH+luW1yWUT0d1cWALBDl/v+ny+av1xJWQDADt1+/4N3Dw4Pb75Xlv24Nf32fFz9ZF/9O79+cDc+jUkcx/UYxIOI+kWhG/XbQtW8lVKa5WVlGG9MZ+fjKjn96Nfm/gd/RtT5/RjEsO56+LZR5985vLlfzi3lZ1UdLzbzj6r8jRjEyw/DK/kba/IxLuLN15fqvxaD+O2T+CwmcacuYpH/er8s307f//3lh1V5VT6bnY979biFtHfFHw0AAAAAAAAAAAAAAAAAAAAAAM+wa83ZOb2oz++puprzd/YeVP/pRtkarp7PM89n7Y2WzwdKKc1S/Nier3O9LMvUDFzk83glXz5YEAAAAAAAAAAAAAAAAAAAAJ5fZ59/cXI0mRyfPpVGexpAHhH/3I540vuMlnpei82De82cR5NJp2mujsmXe2KvHZNFbCyjWsST7kYeW639hUdqbho//bzt7P3Hj+mun+tpNtqn6+QoW7+HvWh7+s1G/VBELMYUccm5ios9aTC/T9rqIyjWXhpsvfbipbox2zAmsk2FvfXHfOeanuziKop6V9fGu01jKX7h2bjU8xz9efzRrxWZ0zoAAAAAAAAAAAAAAAAAAGCnFr/9u+bivY3RTurtrCwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuFKLv/+/RWPWhI9Pz/LHDC7i9Ow/XiIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADPgX8DAAD//x0KWZ8=") socket$key(0xf, 0x3, 0x2) openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) fanotify_init(0xf00, 0x0) sendto$inet6(0xffffffffffffffff, &(0x7f0000000080)="4640d49915a2813b95ac8b6ff6b37c10325d0a028fed4f14a9fde8469a843432b7ea147e7ac5582e3d682e05bc68d2211b3faed79d40c0dc15cf9c2caaa7481fe80510ce7779996a73e2ad2f73bc6e4727544454f56c8abc5982a860bd77f6", 0x5f, 0x40041, &(0x7f0000000100)={0xa, 0x4e22, 0x9, @mcast2, 0x480000}, 0x1c) setsockopt$packet_tx_ring(r3, 0x107, 0xd, &(0x7f0000000140)=@req3={0x1, 0x3, 0x80000, 0x4, 0x7, 0x5, 0x4}, 0x1c) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000640)={0xe, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000000000000000000000000000711060000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) fanotify_init(0x28, 0x0) 11.068040597s ago: executing program 3 (id=128): socket$netlink(0x10, 0x3, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x2, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000100), 0xb) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000140)=@gcm_128={{0x304}, "35f36008c636847e", "b1528832dadd8423b4b617efc885a45d", "49d69735", "1c228c29966e0467"}, 0x28) r1 = syz_io_uring_setup(0x497, &(0x7f0000000400)={0x0, 0x7079, 0x0, 0x4, 0x288}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r1, 0x3516, 0x0, 0x0, 0x0, 0x0) 10.890448554s ago: executing program 2 (id=129): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$SNDCTL_TMR_CONTINUE(r3, 0x5404) 10.762939755s ago: executing program 0 (id=130): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x100008b}, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000340)=0x2) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) fcntl$setpipe(0xffffffffffffffff, 0x407, 0xff27) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000003c0)={'wlan0\x00'}) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0) fcntl$lock(r2, 0x25, &(0x7f0000000000)={0x1}) close_range(r1, 0xffffffffffffffff, 0x0) 10.639153784s ago: executing program 5 (id=131): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) socket$l2tp(0x2, 0x2, 0x73) geteuid() prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) pipe2$watch_queue(&(0x7f0000000280)={0xffffffffffffffff}, 0x80) r2 = add_key(&(0x7f0000000040)='cifs.spnego\x00', &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$KEYCTL_WATCH_KEY(0x20, r2, r1, 0x0) keyctl$revoke(0x3, r2) 10.428053215s ago: executing program 4 (id=132): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000000c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}) read$FUSE(r0, &(0x7f0000006380)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000000400)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0x2066012}}, 0x50) syz_fuse_handle_req(r0, &(0x7f00000042c0)="000000000000000000000000000000000000000000000000000000000000000090c400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000542d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ea8286a2fba523440000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000633956a1000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007d6ab715107fa1820000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f6ffffffffffffff0000000000000e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e1ffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f4000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000286071480000000000b13bc1e6d970884f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f3ffffffffffffff00", 0x2000, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x40) r3 = syz_io_uring_setup(0xd2, &(0x7f0000000480)={0x0, 0x3, 0x400, 0x0, 0x4}, &(0x7f0000000340)=0x0, &(0x7f0000000080)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f0000000240)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x4, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, 0x0, 0x1}) io_uring_enter(r3, 0x47ba, 0x0, 0x0, 0x0, 0x0) getdents64(r2, 0x0, 0x0) 9.786304925s ago: executing program 1 (id=133): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0e00000004000000040000000300000000000000", @ANYBLOB='\x00'/15, @ANYBLOB], 0x48) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, 0x0, 0x0) syz_open_dev$loop(&(0x7f00000001c0), 0x5749, 0x408882) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$KDSKBENT(0xffffffffffffffff, 0x4b47, &(0x7f00000002c0)={0x0, 0x0, 0x27f}) ioctl$sock_bt_hci(r3, 0x800448d3, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x0, @empty, 0x4}], 0x1c) sendto$inet6(r4, &(0x7f0000000040)='l', 0x1, 0x7ddfdbdfafa51cdd, &(0x7f0000000100)={0xa, 0x4e23, 0x2, @loopback, 0xffffffff}, 0x1c) 8.789682977s ago: executing program 0 (id=134): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x1c}}, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0x7, 0x0, &(0x7f0000000100)="e0b9547ed387db", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r0 = userfaultfd(0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f00000002c0)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = socket$inet6(0xa, 0x80002, 0x0) connect$inet6(r4, &(0x7f0000000280)={0xa, 0x0, 0x0, @dev, 0x1}, 0x1c) r5 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0) r6 = fsmount(r5, 0x0, 0x0) openat$cgroup(r6, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) ioctl$IOCTL_VMCI_VERSION2(r6, 0x7a7, &(0x7f0000000080)=0x10000) sendmmsg$inet6(r4, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4000000) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000080)) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=@base={0x16, 0x0, 0x8400, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$MAP_DELETE_ELEM(0x2, &(0x7f0000000380)={r7, 0x0, 0x20000000}, 0x20) bpf$MAP_DELETE_ELEM(0x15, &(0x7f0000000400)={r7, 0x0, 0x20000000}, 0x20) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x0) 7.857082168s ago: executing program 1 (id=136): ioctl$SIOCGSTAMP(0xffffffffffffffff, 0x8906, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) 7.736186627s ago: executing program 5 (id=137): ioctl$BINDER_SET_MAX_THREADS(0xffffffffffffffff, 0x40046205, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) openat$dir(0xffffffffffffff9c, &(0x7f0000001a00)='./file1\x00', 0x40, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$MAP_CREATE(0x0, 0x0, 0x48) mount(&(0x7f0000000080)=@loop={'/dev/loop', 0x0}, &(0x7f0000004a00)='./file1\x00', &(0x7f0000000040)='udf\x00', 0x0, 0x0) syz_create_resource$binfmt(0x0) 6.337584437s ago: executing program 1 (id=138): mmap(&(0x7f00000d5000/0x1000)=nil, 0x1000, 0x100000d, 0x3032, 0xffffffffffffffff, 0xffffe000) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) fsconfig$FSCONFIG_SET_FLAG(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0) read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8) r1 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) fallocate(r1, 0x0, 0x0, 0x1001f0) fallocate(r1, 0x3, 0x4, 0x101000) 6.247299707s ago: executing program 0 (id=139): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) bind$netrom(r3, &(0x7f0000000000)={{0x6, @rose}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @netrom, @bcast, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null]}, 0x48) 6.22439944s ago: executing program 4 (id=140): socket$packet(0x11, 0x3, 0x300) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000002c0)={&(0x7f0000000000)=""/74, 0x32a000, 0x800}, 0x20) setsockopt$XDP_UMEM_COMPLETION_RING(r1, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4) setsockopt$XDP_RX_RING(r1, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f00000006c0)={'batadv_slave_1\x00', 0x0}) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f00000002c0)='kfree\x00', r3}, 0x18) request_key(0x0, 0x0, 0x0, 0xffffffffffffffff) setsockopt$XDP_UMEM_FILL_RING(r1, 0x11b, 0x5, &(0x7f0000000140)=0x1, 0x4) bind$xdp(r1, &(0x7f0000000100)={0x2c, 0x6, r2, 0xffffff7f}, 0x10) 4.177649909s ago: executing program 1 (id=141): creat(&(0x7f0000000240)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) chmod(&(0x7f0000000140)='./file0\x00', 0x0) r3 = creat(&(0x7f0000000300)='./file0\x00', 0x0) write$binfmt_aout(r3, &(0x7f0000000540)={{0x108, 0x1, 0x7f, 0xb2, 0x370, 0x80000001, 0xb, 0xfff}, "", ['\x00']}, 0x120) 4.177278016s ago: executing program 2 (id=142): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x7a, 0x1000, 0x6, 0xbb}, 0xfffffffffffffed8) r1 = socket$igmp(0x2, 0x3, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$vim2m(0xffffff9c, &(0x7f0000000180), 0x2, 0x0) r5 = socket$alg(0x26, 0x5, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$tmpfs(0x0, 0x0, &(0x7f00000001c0), 0x0, &(0x7f0000002340)={[{@quota}, {@huge_always}]}) syz_open_procfs(0x0, &(0x7f0000000040)='mountinfo\x00') bind$alg(r5, &(0x7f0000000000)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha384\x00'}, 0x58) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, 0x0, 0x0) r6 = accept4(r5, 0x0, 0x0, 0x0) recvmsg(r6, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000080)=""/101, 0x65}], 0x1}, 0x0) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000480)=ANY=[], 0x48) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x4, r7, 0x0, 0x700}, 0x38) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'syz_tun\x00'}) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r8 = io_uring_setup(0x2237, &(0x7f0000000080)={0x0, 0xfffffffc, 0x1, 0x0, 0xfffffffe}) io_uring_register$IORING_REGISTER_FILES_UPDATE2(r8, 0xe, &(0x7f0000001180)={0x0, 0x0, 0x0, 0x0}, 0x20) 4.177076586s ago: executing program 3 (id=143): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000940)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002000000000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000deab44f4850000002d00000095"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r1 = dup(0xffffffffffffffff) write$FUSE_BMAP(r1, &(0x7f0000000100)={0x18, 0x0, 0x0, {0x9}}, 0x18) write$FUSE_DIRENTPLUS(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="b0"], 0xb0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000240), 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000000)='kfree\x00', r0}, 0x10) r2 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000180)=@newqdisc={0x30, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x4}}]}, 0x30}}, 0x0) 4.175944893s ago: executing program 0 (id=153): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) ioctl$UI_SET_EVBIT(r3, 0x40045564, 0x3) write$uinput_user_dev(r3, &(0x7f0000000080)={'syz1\x00', {0x1b10, 0x0, 0x1, 0x2}, 0x2f, [0x2, 0x4, 0x704d, 0x1, 0x5, 0x1, 0x2, 0x7db, 0x4, 0xfffffc01, 0xfffffffb, 0x8, 0x1, 0x100, 0xfe, 0x48, 0x7, 0x5, 0x2ca, 0x8, 0x76, 0x8, 0x0, 0x81, 0x40, 0x19b1, 0x8000, 0x7, 0x7fff, 0x4000000, 0x7, 0x3, 0xe, 0x7, 0x1, 0x1, 0x5, 0xf, 0x7, 0x10001, 0x9, 0x7f, 0x8, 0x6, 0xb, 0x5, 0x6, 0x40, 0x7f, 0x9, 0x1, 0x6, 0x3, 0x2284919, 0x4, 0x5643fa73, 0xfffeffff, 0x6, 0x800, 0x2, 0x8a, 0x6, 0x1, 0x6], [0xffffffd2, 0x7fffffff, 0xffff, 0x8, 0xe62, 0x3, 0x0, 0x9, 0xc33, 0x3, 0x7, 0x800, 0x6c368000, 0x4, 0x7, 0x0, 0x10, 0x5, 0x8, 0x8001, 0x3, 0x7fff, 0x9, 0x0, 0x5, 0x4, 0x7, 0x8, 0x40, 0xc10, 0x80000001, 0x3, 0x3, 0x3, 0x7, 0x8, 0x8, 0x7, 0x4, 0x9, 0x5, 0x3, 0x2, 0x0, 0x0, 0x11e, 0xa4, 0x4, 0x5, 0xd69, 0x9, 0xf404, 0xf1, 0x3, 0x3, 0x1, 0x6, 0x6, 0x0, 0x6, 0x8, 0x6, 0x4, 0x68], [0x3, 0x1, 0x4, 0xfffffffc, 0x0, 0x7fff, 0x401, 0x9, 0x2, 0xffc, 0x7, 0x4, 0xc, 0x7, 0x6, 0xa, 0x6, 0x4, 0x5, 0x5, 0x2, 0x30000000, 0x644, 0x2, 0xfffffffd, 0x7, 0x5, 0x7f, 0x7ff, 0xd, 0x400, 0xf, 0x41, 0x81, 0xc99, 0x25a, 0x2, 0x0, 0x2, 0x5d9fffa, 0x3ff, 0xff, 0x1, 0x8, 0x10000, 0xe7, 0x200, 0x7af5, 0x2, 0xb, 0x0, 0xffff, 0x7, 0x6, 0x2, 0x81, 0x8, 0x2, 0x7, 0x100, 0x8, 0x0, 0x6, 0x10], [0xffffff80, 0xd5800000, 0x0, 0x4, 0x2, 0x62a, 0x3, 0x7, 0xb343, 0x4, 0x1, 0x8, 0x8000, 0x8, 0xffffff81, 0x80000000, 0x5, 0x3, 0x200, 0xfff, 0x3, 0xfffffffd, 0x3c63, 0x7, 0x6, 0xe6, 0xffffffff, 0x3, 0x2, 0x7, 0x1, 0x7, 0x7, 0x8, 0x1, 0xf, 0x9, 0x17ce, 0x0, 0x3, 0x6fe, 0xe, 0x7, 0x13a, 0x7, 0x0, 0xb757, 0x2, 0xba, 0x996, 0x50, 0x8c1, 0x0, 0x5, 0x4, 0xf, 0x100, 0x10000400, 0x9, 0x7fff, 0x3, 0xfffffffb, 0xc, 0x2]}, 0x45c) ioctl$UI_SET_ABSBIT(r3, 0x40045567, 0x0) ioctl$UI_DEV_CREATE(r3, 0x5501) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x4a, &(0x7f0000000040)=0x7, 0x4) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="1400000010000173c2e5864a2fad65000000000a28000000000a010400000000000000000100004008000240000000020900010073797a300000000014000000110001689b2d8a34d4f6e2ed81529cc3bd67fb918b960b73d57807d6eb210309d1020d32d0a1278620bec91d7749d881a25f2c1555397aa424"], 0x50}}, 0x0) sendmsg$NFT_BATCH(r4, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETSETELEM(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="2c0000000d0a010e0000000000000000010000000900010073797a30000000000900020073797a3200000000cb97d6513e5986c29fe24fffb436f3144d8b419c1118e495d11031278cdf691ed1c927eb85f567223772542f5b3ee45adbbed11d0e24f729d09ad57307776bef6b40eb5871f3a93015684942000000000000000810a9b1ab216e8cbbc0c4ffbdb873193c0bc449b3375050f820795426ec0cce6a13a91825ea7a"], 0x2c}}, 0x0) 3.99854577s ago: executing program 4 (id=144): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0e00000004000000040000000300000000000000", @ANYBLOB='\x00'/15, @ANYBLOB], 0x48) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x0, 0x0, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) syz_open_dev$loop(&(0x7f00000001c0), 0x5749, 0x408882) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$KDSKBENT(0xffffffffffffffff, 0x4b47, &(0x7f00000002c0)={0x0, 0x0, 0x27f}) ioctl$sock_bt_hci(r3, 0x800448d3, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x0, @empty, 0x4}], 0x1c) sendto$inet6(r4, &(0x7f0000000040)='l', 0x1, 0x7ddfdbdfafa51cdd, &(0x7f0000000100)={0xa, 0x4e23, 0x2, @loopback, 0xffffffff}, 0x1c) 1.286943812s ago: executing program 2 (id=145): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x7a, 0x1000, 0x6, 0xbb}, 0xfffffffffffffed8) r1 = socket$igmp(0x2, 0x3, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$vim2m(0xffffff9c, 0x0, 0x2, 0x0) r5 = socket$alg(0x26, 0x5, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000001c0), 0x0, &(0x7f0000002340)={[{@quota}, {@huge_always}]}) syz_open_procfs(0x0, &(0x7f0000000040)='mountinfo\x00') bind$alg(r5, &(0x7f0000000000)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha384\x00'}, 0x58) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, 0x0, 0x0) r6 = accept4(r5, 0x0, 0x0, 0x0) recvmsg(r6, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000080)=""/101, 0x65}], 0x1}, 0x0) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000480)=ANY=[], 0x48) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x4, r7, 0x0, 0x700}, 0x38) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'syz_tun\x00'}) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r8 = io_uring_setup(0x2237, &(0x7f0000000080)={0x0, 0xfffffffc, 0x1, 0x0, 0xfffffffe}) io_uring_register$IORING_REGISTER_FILES_UPDATE2(r8, 0xe, &(0x7f0000001180)={0x0, 0x0, 0x0, 0x0}, 0x20) 1.229086585s ago: executing program 0 (id=146): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x7a, 0x1000, 0x6, 0xbb}, 0xfffffffffffffed8) r1 = socket$igmp(0x2, 0x3, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, 0x0, 0x0) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$vim2m(0xffffff9c, &(0x7f0000000180), 0x2, 0x0) r5 = socket$alg(0x26, 0x5, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000001c0), 0x0, &(0x7f0000002340)={[{@quota}, {@huge_always}]}) syz_open_procfs(0x0, &(0x7f0000000040)='mountinfo\x00') bind$alg(r5, &(0x7f0000000000)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha384\x00'}, 0x58) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, 0x0, 0x0) r6 = accept4(r5, 0x0, 0x0, 0x0) recvmsg(r6, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000080)=""/101, 0x65}], 0x1}, 0x0) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x4, 0xffffffffffffffff, 0x0, 0x700}, 0x38) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'syz_tun\x00'}) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r7 = io_uring_setup(0x2237, &(0x7f0000000080)={0x0, 0xfffffffc, 0x1, 0x0, 0xfffffffe}) io_uring_register$IORING_REGISTER_FILES_UPDATE2(r7, 0xe, &(0x7f0000001180)={0x0, 0x0, 0x0, 0x0}, 0x20) 88.173226ms ago: executing program 3 (id=147): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0e00000004000000040000000300000000000000", @ANYBLOB='\x00'/15, @ANYBLOB], 0x48) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x0, 0x0, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) syz_open_dev$loop(&(0x7f00000001c0), 0x5749, 0x408882) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$KDSKBENT(0xffffffffffffffff, 0x4b47, &(0x7f00000002c0)={0x0, 0x0, 0x27f}) ioctl$sock_bt_hci(r3, 0x800448d3, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x0, @empty, 0x4}], 0x1c) sendto$inet6(r4, &(0x7f0000000040)='l', 0x1, 0x7ddfdbdfafa51cdd, &(0x7f0000000100)={0xa, 0x4e23, 0x2, @loopback, 0xffffffff}, 0x1c) 0s ago: executing program 4 (id=148): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) ioctl$UI_SET_EVBIT(r3, 0x40045564, 0x3) write$uinput_user_dev(r3, &(0x7f0000000080)={'syz1\x00', {0x1b10, 0x0, 0x1, 0x2}, 0x2f, [0x2, 0x4, 0x704d, 0x1, 0x5, 0x1, 0x2, 0x7db, 0x4, 0xfffffc01, 0xfffffffb, 0x8, 0x1, 0x100, 0xfe, 0x48, 0x7, 0x5, 0x2ca, 0x8, 0x76, 0x8, 0x0, 0x81, 0x40, 0x19b1, 0x8000, 0x7, 0x7fff, 0x4000000, 0x7, 0x3, 0xe, 0x7, 0x1, 0x1, 0x5, 0xf, 0x7, 0x10001, 0x9, 0x7f, 0x8, 0x6, 0xb, 0x5, 0x6, 0x40, 0x7f, 0x9, 0x1, 0x6, 0x3, 0x2284919, 0x4, 0x5643fa73, 0xfffeffff, 0x6, 0x800, 0x2, 0x8a, 0x6, 0x1, 0x6], [0xffffffd2, 0x7fffffff, 0xffff, 0x8, 0xe62, 0x3, 0x0, 0x9, 0xc33, 0x3, 0x7, 0x800, 0x6c368000, 0x4, 0x7, 0x0, 0x10, 0x5, 0x8, 0x8001, 0x3, 0x7fff, 0x9, 0x0, 0x5, 0x4, 0x7, 0x8, 0x40, 0xc10, 0x80000001, 0x3, 0x3, 0x3, 0x7, 0x8, 0x8, 0x7, 0x4, 0x9, 0x5, 0x3, 0x2, 0x0, 0x0, 0x11e, 0xa4, 0x4, 0x5, 0xd69, 0x9, 0xf404, 0xf1, 0x3, 0x3, 0x1, 0x6, 0x6, 0x0, 0x6, 0x8, 0x6, 0x4, 0x68], [0x3, 0x1, 0x4, 0xfffffffc, 0x0, 0x7fff, 0x401, 0x9, 0x2, 0xffc, 0x7, 0x4, 0xc, 0x7, 0x6, 0xa, 0x6, 0x4, 0x5, 0x5, 0x2, 0x30000000, 0x644, 0x2, 0xfffffffd, 0x7, 0x5, 0x7f, 0x7ff, 0xd, 0x400, 0xf, 0x41, 0x81, 0xc99, 0x25a, 0x2, 0x0, 0x2, 0x5d9fffa, 0x3ff, 0xff, 0x1, 0x8, 0x10000, 0xe7, 0x200, 0x7af5, 0x2, 0xb, 0x0, 0xffff, 0x7, 0x6, 0x2, 0x81, 0x8, 0x2, 0x7, 0x100, 0x8, 0x0, 0x6, 0x10], [0xffffff80, 0xd5800000, 0x0, 0x4, 0x2, 0x62a, 0x3, 0x7, 0xb343, 0x4, 0x1, 0x8, 0x8000, 0x8, 0xffffff81, 0x80000000, 0x5, 0x3, 0x200, 0xfff, 0x3, 0xfffffffd, 0x3c63, 0x7, 0x6, 0xe6, 0xffffffff, 0x3, 0x2, 0x7, 0x1, 0x7, 0x7, 0x8, 0x1, 0xf, 0x9, 0x17ce, 0x0, 0x3, 0x6fe, 0xe, 0x7, 0x13a, 0x7, 0x0, 0xb757, 0x2, 0xba, 0x996, 0x50, 0x8c1, 0x0, 0x5, 0x4, 0xf, 0x100, 0x10000400, 0x9, 0x7fff, 0x3, 0xfffffffb, 0xc, 0x2]}, 0x45c) ioctl$UI_SET_ABSBIT(r3, 0x40045567, 0x0) ioctl$UI_DEV_CREATE(r3, 0x5501) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_opts(r4, 0x29, 0x4d, &(0x7f0000000140)=ANY=[], 0x8) setsockopt$inet6_int(r4, 0x29, 0x4a, &(0x7f0000000040)=0x7, 0x4) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="1400000010000173c2e5864a2fad65000000000a28000000000a010400000000000000000100004008000240000000020900010073797a300000000014000000110001689b2d8a34d4f6e2ed81529cc3bd67fb918b960b73d57807d6eb210309d1020d32d0a1278620bec91d7749d881a25f2c1555397aa424"], 0x50}}, 0x0) sendmsg$NFT_BATCH(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="140000001000009006000000000000000000000a3c000000090a050600001900000000000100000008000a40000000000900020073797a32000000000900010073797a30000000000800054000000014140000001100"], 0x64}}, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETSETELEM(r6, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="2c0000000d0a010e0000000000000000010000000900010073797a30000000000900020073797a3200000000cb97d6513e5986c29fe24fffb436f3144d8b419c1118e495d11031278cdf691ed1c927eb85f567223772542f5b3ee45adbbed11d0e24f729d09ad57307776bef6b40eb5871f3a93015684942000000000000000810a9b1ab216e8cbbc0c4ffbdb873193c0bc449b3375050f820795426ec0cce6a13a91825ea7a"], 0x2c}}, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.10.47' (ED25519) to the list of known hosts. [ 86.207152][ T5818] cgroup: Unknown subsys name 'net' [ 86.347222][ T5818] cgroup: Unknown subsys name 'cpuset' [ 86.356048][ T5818] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 87.924954][ T5818] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 90.717256][ T5845] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 90.725485][ T5845] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 90.733598][ T5845] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 90.741946][ T5845] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 90.758929][ T5850] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 90.763249][ T5845] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 90.767349][ T5850] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 90.781280][ T5850] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 90.781467][ T5845] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 90.789897][ T5850] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 90.802767][ T5850] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 90.811393][ T5850] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 90.813701][ T5845] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 90.819707][ T5850] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 90.826226][ T5853] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 90.832867][ T5850] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 90.841811][ T5845] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 90.846715][ T5850] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 90.854446][ T5853] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 90.861327][ T5850] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 90.874375][ T5845] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 90.874932][ T5850] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 90.883787][ T5853] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 90.889412][ T5854] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 90.896573][ T5845] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 90.903898][ T5854] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 90.910332][ T5845] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 90.919708][ T5854] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 90.924745][ T5845] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 90.930622][ T5854] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 90.938120][ T5845] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 90.966919][ T5842] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 90.974300][ T5842] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 90.981918][ T5842] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 90.989423][ T5842] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 91.004352][ T5842] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 91.570135][ T5837] chnl_net:caif_netlink_parms(): no params data found [ 91.599317][ T5843] chnl_net:caif_netlink_parms(): no params data found [ 91.769236][ T5830] chnl_net:caif_netlink_parms(): no params data found [ 91.795680][ T5831] chnl_net:caif_netlink_parms(): no params data found [ 91.868868][ T5832] chnl_net:caif_netlink_parms(): no params data found [ 92.107665][ T5843] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.121174][ T5843] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.128954][ T5843] bridge_slave_0: entered allmulticast mode [ 92.136109][ T5843] bridge_slave_0: entered promiscuous mode [ 92.154626][ T5829] chnl_net:caif_netlink_parms(): no params data found [ 92.204946][ T5843] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.212173][ T5843] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.219616][ T5843] bridge_slave_1: entered allmulticast mode [ 92.226724][ T5843] bridge_slave_1: entered promiscuous mode [ 92.331416][ T5837] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.339345][ T5837] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.346874][ T5837] bridge_slave_0: entered allmulticast mode [ 92.354054][ T5837] bridge_slave_0: entered promiscuous mode [ 92.382970][ T5843] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.411937][ T5830] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.419605][ T5830] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.427619][ T5830] bridge_slave_0: entered allmulticast mode [ 92.434736][ T5830] bridge_slave_0: entered promiscuous mode [ 92.441922][ T5837] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.449592][ T5837] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.457060][ T5837] bridge_slave_1: entered allmulticast mode [ 92.464005][ T5837] bridge_slave_1: entered promiscuous mode [ 92.470682][ T5831] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.482534][ T5831] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.489888][ T5831] bridge_slave_0: entered allmulticast mode [ 92.498251][ T5831] bridge_slave_0: entered promiscuous mode [ 92.507532][ T5843] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.552357][ T5830] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.562707][ T5830] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.569872][ T5830] bridge_slave_1: entered allmulticast mode [ 92.577551][ T5830] bridge_slave_1: entered promiscuous mode [ 92.612491][ T5831] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.619611][ T5831] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.626954][ T5831] bridge_slave_1: entered allmulticast mode [ 92.634196][ T5831] bridge_slave_1: entered promiscuous mode [ 92.663398][ T5843] team0: Port device team_slave_0 added [ 92.669449][ T5832] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.676836][ T5832] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.684233][ T5832] bridge_slave_0: entered allmulticast mode [ 92.691071][ T5832] bridge_slave_0: entered promiscuous mode [ 92.720406][ T5837] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.732420][ T5837] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.755070][ T5843] team0: Port device team_slave_1 added [ 92.761009][ T5832] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.768334][ T5832] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.775722][ T5832] bridge_slave_1: entered allmulticast mode [ 92.782569][ T5832] bridge_slave_1: entered promiscuous mode [ 92.801999][ T5830] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.814156][ T5830] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.833671][ T5831] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 92.846672][ T5831] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 92.883901][ T5829] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.891125][ T5829] bridge0: port 1(bridge_slave_0) entered disabled state [ 92.898947][ T5829] bridge_slave_0: entered allmulticast mode [ 92.906459][ T5829] bridge_slave_0: entered promiscuous mode [ 92.914767][ T5829] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.921899][ T5829] bridge0: port 2(bridge_slave_1) entered disabled state [ 92.929219][ T5829] bridge_slave_1: entered allmulticast mode [ 92.941841][ T5829] bridge_slave_1: entered promiscuous mode [ 92.969648][ T5837] team0: Port device team_slave_0 added [ 92.983241][ T5839] Bluetooth: hci2: command tx timeout [ 92.983248][ T5842] Bluetooth: hci0: command tx timeout [ 93.008716][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 93.016012][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.041992][ T5843] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 93.062663][ T5839] Bluetooth: hci5: command tx timeout [ 93.062670][ T5842] Bluetooth: hci1: command tx timeout [ 93.072619][ T5842] Bluetooth: hci4: command tx timeout [ 93.074362][ T5844] Bluetooth: hci3: command tx timeout [ 93.088680][ T5832] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 93.120505][ T5830] team0: Port device team_slave_0 added [ 93.127940][ T5837] team0: Port device team_slave_1 added [ 93.146090][ T5831] team0: Port device team_slave_0 added [ 93.152889][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.159849][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.186543][ T5843] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 93.205856][ T5832] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 93.237824][ T5829] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 93.249273][ T5830] team0: Port device team_slave_1 added [ 93.275995][ T5831] team0: Port device team_slave_1 added [ 93.282297][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 93.289378][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.315750][ T5837] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 93.352798][ T5832] team0: Port device team_slave_0 added [ 93.360950][ T5829] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 93.412165][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.419450][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.446484][ T5837] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 93.473096][ T5843] hsr_slave_0: entered promiscuous mode [ 93.479603][ T5843] hsr_slave_1: entered promiscuous mode [ 93.488404][ T5832] team0: Port device team_slave_1 added [ 93.513072][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 93.520056][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.546289][ T5830] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 93.559306][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.566900][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.593281][ T5830] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 93.605652][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 93.612807][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.638948][ T5831] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 93.652084][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.659331][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.686059][ T5831] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 93.715715][ T5829] team0: Port device team_slave_0 added [ 93.722083][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 93.729439][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.755647][ T5832] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 93.808384][ T5829] team0: Port device team_slave_1 added [ 93.825169][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.832357][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.858765][ T5832] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 93.930631][ T5829] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 93.937695][ T5829] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 93.963867][ T5829] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 93.977584][ T5829] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.984648][ T5829] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 94.010623][ T5829] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 94.043876][ T5830] hsr_slave_0: entered promiscuous mode [ 94.050090][ T5830] hsr_slave_1: entered promiscuous mode [ 94.057095][ T5830] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 94.065011][ T5830] Cannot create hsr debugfs directory [ 94.107601][ T5831] hsr_slave_0: entered promiscuous mode [ 94.114145][ T5831] hsr_slave_1: entered promiscuous mode [ 94.120250][ T5831] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 94.150355][ T5831] Cannot create hsr debugfs directory [ 94.191212][ T5837] hsr_slave_0: entered promiscuous mode [ 94.198183][ T5837] hsr_slave_1: entered promiscuous mode [ 94.205536][ T5837] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 94.213332][ T5837] Cannot create hsr debugfs directory [ 94.346729][ T5832] hsr_slave_0: entered promiscuous mode [ 94.353764][ T5832] hsr_slave_1: entered promiscuous mode [ 94.359757][ T5832] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 94.367586][ T5832] Cannot create hsr debugfs directory [ 94.388368][ T5829] hsr_slave_0: entered promiscuous mode [ 94.394987][ T5829] hsr_slave_1: entered promiscuous mode [ 94.401054][ T5829] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 94.408704][ T5829] Cannot create hsr debugfs directory [ 94.748447][ T5843] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 94.762126][ T5843] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 94.794921][ T5843] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 94.826965][ T5843] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 94.897348][ T5831] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 94.926593][ T5831] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 94.953907][ T5831] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 94.969416][ T5831] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 94.980414][ T5830] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 95.006607][ T5830] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 95.017591][ T5830] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 95.040541][ T5830] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 95.063551][ T5844] Bluetooth: hci0: command tx timeout [ 95.063591][ T5839] Bluetooth: hci2: command tx timeout [ 95.108808][ T5837] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 95.118894][ T5837] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 95.143647][ T5839] Bluetooth: hci3: command tx timeout [ 95.143674][ T5844] Bluetooth: hci5: command tx timeout [ 95.149071][ T5842] Bluetooth: hci4: command tx timeout [ 95.154847][ T5848] Bluetooth: hci1: command tx timeout [ 95.185200][ T5837] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 95.197167][ T5837] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 95.259184][ T5832] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 95.283411][ T5832] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 95.305000][ T5832] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 95.315293][ T5832] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 95.375922][ T5843] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.431516][ T5829] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 95.444919][ T5843] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.458831][ T5829] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 95.481081][ T5829] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 95.495156][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.502415][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.521581][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.528703][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.551815][ T5829] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 95.577175][ T5831] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.643500][ T5831] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.665437][ T52] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.672567][ T52] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.682252][ T52] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.689418][ T52] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.728825][ T5832] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.746760][ T5830] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.817474][ T5830] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.836041][ T5832] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.868163][ T1156] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.875368][ T1156] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.918571][ T1156] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.925755][ T1156] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.940155][ T1156] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.947269][ T1156] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.958371][ T1156] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.965555][ T1156] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.022140][ T5837] 8021q: adding VLAN 0 to HW filter on device bond0 [ 96.218428][ T5837] 8021q: adding VLAN 0 to HW filter on device team0 [ 96.278029][ T5829] 8021q: adding VLAN 0 to HW filter on device bond0 [ 96.295796][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.303077][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.335757][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.342980][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.499365][ T5831] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.590862][ T5843] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.600672][ T904] cfg80211: failed to load regulatory.db [ 96.631156][ T5830] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.666602][ T5829] 8021q: adding VLAN 0 to HW filter on device team0 [ 96.735238][ T52] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.742374][ T52] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.851347][ T5913] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.858552][ T5913] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.899679][ T5832] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.944062][ T5831] veth0_vlan: entered promiscuous mode [ 96.988181][ T5829] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 97.035200][ T5831] veth1_vlan: entered promiscuous mode [ 97.149125][ T5848] Bluetooth: hci2: command tx timeout [ 97.155627][ T5848] Bluetooth: hci0: command tx timeout [ 97.211453][ T5831] veth0_macvtap: entered promiscuous mode [ 97.222928][ T5844] Bluetooth: hci4: command tx timeout [ 97.228395][ T5844] Bluetooth: hci3: command tx timeout [ 97.236728][ T5848] Bluetooth: hci1: command tx timeout [ 97.236755][ T5842] Bluetooth: hci5: command tx timeout [ 97.267569][ T5832] veth0_vlan: entered promiscuous mode [ 97.297357][ T5831] veth1_macvtap: entered promiscuous mode [ 97.386880][ T5837] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 97.400280][ T5832] veth1_vlan: entered promiscuous mode [ 97.425239][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.438308][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.467467][ T5831] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.476400][ T5831] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.485420][ T5831] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.494192][ T5831] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.508201][ T5843] veth0_vlan: entered promiscuous mode [ 97.545995][ T5829] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 97.561627][ T5843] veth1_vlan: entered promiscuous mode [ 97.584236][ T5832] veth0_macvtap: entered promiscuous mode [ 97.635400][ T5832] veth1_macvtap: entered promiscuous mode [ 97.645471][ T5830] veth0_vlan: entered promiscuous mode [ 97.708447][ T5830] veth1_vlan: entered promiscuous mode [ 97.717679][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 97.728761][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.739916][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.758141][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 97.769030][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 97.780215][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.791875][ T5832] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.800955][ T5832] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.810091][ T5832] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.820238][ T5832] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.845276][ T1156] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.850301][ T5843] veth0_macvtap: entered promiscuous mode [ 97.870298][ T1156] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.901739][ T5837] veth0_vlan: entered promiscuous mode [ 97.916078][ T5829] veth0_vlan: entered promiscuous mode [ 97.941486][ T5843] veth1_macvtap: entered promiscuous mode [ 97.961488][ T5837] veth1_vlan: entered promiscuous mode [ 97.975600][ T5913] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.987842][ T5913] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.989414][ T5829] veth1_vlan: entered promiscuous mode [ 98.062135][ T5843] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 98.073774][ T5843] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.084592][ T5843] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 98.095503][ T5843] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.107956][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 98.167027][ T5843] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 98.184716][ T5831] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 98.186966][ T5843] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.211103][ T5843] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 98.222232][ T5843] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.237543][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 98.258930][ T1156] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.264651][ T5843] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.282787][ T1156] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.288258][ T5843] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.332625][ T5843] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.341369][ T5843] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.359336][ T5837] veth0_macvtap: entered promiscuous mode [ 98.433354][ T5830] veth0_macvtap: entered promiscuous mode [ 98.446733][ T5829] veth0_macvtap: entered promiscuous mode [ 98.461653][ T5837] veth1_macvtap: entered promiscuous mode [ 98.485714][ T5829] veth1_macvtap: entered promiscuous mode [ 98.498659][ T5830] veth1_macvtap: entered promiscuous mode [ 98.501318][ T5913] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.513667][ T5913] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.565729][ T5837] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 98.578974][ T5837] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.589864][ T5837] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 98.600551][ T5837] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.610427][ T5837] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 98.620900][ T5837] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.632194][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 98.669675][ T5829] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 98.710679][ T5829] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.720591][ T5829] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 98.731164][ T5829] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.741072][ T5829] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 98.752149][ T5829] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.762022][ T5829] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 98.772719][ T5829] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.785237][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 98.797555][ T5837] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 98.822627][ T5837] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.834397][ T5837] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 98.852500][ T5837] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.862324][ T5837] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 98.873148][ T5837] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.885050][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 98.906435][ T5829] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 98.921264][ T5829] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.932267][ T5829] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 98.943320][ T5829] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.953887][ T5829] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 98.964716][ T5829] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.975585][ T5829] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 98.987302][ T5829] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.998762][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 99.016118][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 99.048080][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 99.083487][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 99.098080][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 99.115937][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 99.132304][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 99.151565][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 99.169304][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 99.183487][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 99.202481][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 99.222295][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 99.232385][ T5848] Bluetooth: hci0: command tx timeout [ 99.238275][ T5844] Bluetooth: hci2: command tx timeout [ 99.264799][ T5829] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.290405][ T5829] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.302713][ T5848] Bluetooth: hci1: command tx timeout [ 99.308181][ T5844] Bluetooth: hci3: command tx timeout [ 99.313648][ T5844] Bluetooth: hci5: command tx timeout [ 99.319037][ T5844] Bluetooth: hci4: command tx timeout [ 99.334405][ T5829] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.346869][ T5829] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.395060][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 99.434323][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 99.464873][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 99.481464][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 99.492955][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 99.511991][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 99.522028][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 99.544204][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 99.695665][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 99.734118][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 99.758179][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 99.798095][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 99.900462][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 100.064295][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 100.074888][ T5830] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.088260][ T5830] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.113403][ T5830] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.132732][ T5830] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.188396][ T212] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.215234][ T212] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.243824][ T5837] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.252900][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 100.282506][ T5837] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.309293][ T5837] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.321839][ T5837] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.532946][ T5961] netlink: 4 bytes leftover after parsing attributes in process `syz.2.10'. [ 100.535214][ T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.561163][ T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.650846][ T1156] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.667242][ T1156] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.712346][ T67] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.738066][ T67] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.772680][ T67] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.789949][ T67] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.963251][ T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.987888][ T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.013387][ T212] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.040929][ T212] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 101.304865][ T212] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 101.344972][ T212] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.485095][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 103.622662][ T0] NOHZ tick-stop error: local softirq work is pending, handler #82!!! [ 103.638510][ T0] NOHZ tick-stop error: local softirq work is pending, handler #82!!! [ 103.689859][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 104.744654][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 104.810057][ T5994] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5'. [ 105.383453][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 107.807418][ T6022] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 107.975554][ T6022] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 108.382865][ C0] vcan0: j1939_tp_rxtimer: 0xffff8880593a0000: rx timeout, send abort [ 108.392052][ C0] vcan0: j1939_tp_rxtimer: 0xffff8880591cec00: rx timeout, send abort [ 108.400514][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff8880593a0000: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 108.415465][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff8880591cec00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 112.482863][ T6081] netlink: 4 bytes leftover after parsing attributes in process `syz.3.40'. [ 112.492594][ T6081] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 112.528193][ T6082] evm: overlay not supported [ 112.551061][ T6081] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 112.633958][ T6081] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 112.682864][ T6081] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 115.136385][ T6097] netlink: 216 bytes leftover after parsing attributes in process `syz.3.47'. [ 115.476085][ T6109] netlink: 132 bytes leftover after parsing attributes in process `syz.5.52'. [ 118.030979][ T6125] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 118.193769][ T6123] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 119.683496][ C1] vcan0: j1939_tp_rxtimer: 0xffff88805751dc00: rx timeout, send abort [ 119.691892][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88805751dc00: 0x0f000: (3) A timeout occurred and this is the connection abort to close the session. [ 120.503373][ T6149] Invalid ELF header magic: != ELF [ 124.085029][ T6199] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 124.091731][ T6199] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 124.154412][ T6199] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 124.205218][ T6199] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 124.210470][ T6201] netlink: 132 bytes leftover after parsing attributes in process `syz.0.77'. [ 124.211276][ T6199] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 124.369696][ T6199] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 124.420729][ T6199] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 124.427303][ T6199] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 124.446507][ T6199] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 124.456751][ T6199] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 124.462914][ T6199] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 124.470095][ T6199] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 124.483360][ T6199] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 124.489375][ T6199] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 124.976607][ T6199] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 124.984193][ T6199] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 124.991299][ T6199] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 125.000123][ T6199] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 125.952707][ T6225] Invalid ELF header magic: != ELF [ 126.102799][ T5839] Bluetooth: hci0: command 0x0c1a tx timeout [ 126.262754][ T5839] Bluetooth: hci2: command 0x0c1a tx timeout [ 126.394939][ T5839] Bluetooth: hci5: unexpected event for opcode 0x2016 [ 126.503023][ T5839] Bluetooth: hci4: command 0x0c1a tx timeout [ 126.503075][ T5848] Bluetooth: hci3: command 0x0c1a tx timeout [ 126.515351][ T5844] Bluetooth: hci1: command 0x0c1a tx timeout [ 128.182653][ T5844] Bluetooth: hci0: command 0x0c1a tx timeout [ 128.342972][ T5844] Bluetooth: hci2: command 0x0c1a tx timeout [ 128.546083][ T6255] loop3: detected capacity change from 0 to 256 [ 128.587079][ T5844] Bluetooth: hci4: command 0x0c1a tx timeout [ 128.593314][ T5848] Bluetooth: hci1: command 0x0c1a tx timeout [ 128.593392][ T5839] Bluetooth: hci3: command 0x0c1a tx timeout [ 128.769306][ T6256] Bluetooth: MGMT ver 1.23 [ 130.263728][ T5839] Bluetooth: hci0: command 0x0c1a tx timeout [ 130.505653][ T5839] Bluetooth: hci2: command 0x0c1a tx timeout [ 130.662771][ T5848] Bluetooth: hci3: command 0x0c1a tx timeout [ 130.669625][ T5839] Bluetooth: hci1: command 0x0c1a tx timeout [ 130.675783][ T5844] Bluetooth: hci4: command 0x0c1a tx timeout [ 133.814536][ T6299] loop2: detected capacity change from 0 to 1024 [ 133.893296][ T6299] ======================================================= [ 133.893296][ T6299] WARNING: The mand mount option has been deprecated and [ 133.893296][ T6299] and is ignored by this kernel. Remove the mand [ 133.893296][ T6299] option from the mount to silence this warning. [ 133.893296][ T6299] ======================================================= [ 135.180190][ T6308] loop4: detected capacity change from 0 to 8 [ 135.375966][ T6308] process 'syz.4.112' launched './file1' with NULL argv: empty string added [ 135.695730][ T6310] loop0: detected capacity change from 0 to 256 [ 136.320565][ T6321] netlink: 28 bytes leftover after parsing attributes in process `syz.4.116'. [ 137.034027][ T6334] input: syz1 as /devices/virtual/input/input5 [ 137.545720][ T1293] ieee802154 phy1 wpan1: encryption failed: -22 [ 139.609805][ T6344] loop2: detected capacity change from 0 to 512 [ 139.669450][ T6344] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 139.881382][ T6344] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8042c119, mo2=0002] [ 139.921258][ T6344] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2240: inode #15: comm syz.2.135: corrupted in-inode xattr: e_value size too large [ 139.970012][ T6344] EXT4-fs error (device loop2): ext4_orphan_get:1392: comm syz.2.135: couldn't read orphan inode 15 (err -117) [ 139.994168][ T6344] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 141.464709][ T6362] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 141.470894][ T6362] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 141.478180][ T6362] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 141.485283][ T6362] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 141.491405][ T6362] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 141.497561][ T6362] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 141.650562][ T6368] loop1: detected capacity change from 0 to 256 [ 141.655679][ T5832] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 144.230208][ T5844] Bluetooth: hci5: command 0x0c1a tx timeout [ 144.236481][ T5844] Bluetooth: hci4: command 0x0c1a tx timeout [ 144.244785][ T5844] Bluetooth: hci1: command 0x0c1a tx timeout [ 144.250950][ T5844] Bluetooth: hci3: command 0x0c1a tx timeout [ 144.258344][ T5848] Bluetooth: hci2: command 0x0c1a tx timeout [ 144.264483][ T5848] Bluetooth: hci0: command 0x0c1a tx timeout [ 145.940276][ T6396] syz.5.137: attempt to access beyond end of device [ 145.940276][ T6396] loop5: rw=0, sector=64, nr_sectors = 1 limit=0 [ 146.034238][ T6396] syz.5.137: attempt to access beyond end of device [ 146.034238][ T6396] loop5: rw=0, sector=256, nr_sectors = 1 limit=0 [ 146.093878][ T6396] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=256, location=256 [ 146.149697][ T6396] syz.5.137: attempt to access beyond end of device [ 146.149697][ T6396] loop5: rw=0, sector=512, nr_sectors = 1 limit=0 [ 146.197313][ T6396] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=512, location=512 [ 146.222642][ T6396] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found [ 146.455982][ T5839] Bluetooth: hci5: command 0x0c1a tx timeout [ 146.464960][ T6396] UDF-fs: Scanning with blocksize 512 failed [ 147.305322][ T6396] syz.5.137: attempt to access beyond end of device [ 147.305322][ T6396] loop5: rw=0, sector=64, nr_sectors = 2 limit=0 [ 147.707963][ T6396] syz.5.137: attempt to access beyond end of device [ 147.707963][ T6396] loop5: rw=0, sector=512, nr_sectors = 2 limit=0 [ 147.954221][ T6396] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=256, location=256 [ 148.002782][ T6396] syz.5.137: attempt to access beyond end of device [ 148.002782][ T6396] loop5: rw=0, sector=1024, nr_sectors = 2 limit=0 [ 148.039353][ T6396] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=512, location=512 [ 148.050206][ T6396] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found [ 148.071278][ T6396] UDF-fs: Scanning with blocksize 1024 failed [ 148.079211][ T6396] syz.5.137: attempt to access beyond end of device [ 148.079211][ T6396] loop5: rw=0, sector=64, nr_sectors = 4 limit=0 [ 148.130682][ T6396] syz.5.137: attempt to access beyond end of device [ 148.130682][ T6396] loop5: rw=0, sector=1024, nr_sectors = 4 limit=0 [ 148.156215][ T6396] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=256, location=256 [ 148.169922][ T6396] syz.5.137: attempt to access beyond end of device [ 148.169922][ T6396] loop5: rw=0, sector=2048, nr_sectors = 4 limit=0 [ 149.132538][ T6418] input: syz1 as /devices/virtual/input/input6 [ 149.197752][ T5839] Bluetooth: hci5: command 0x0c1a tx timeout [ 150.802855][ T6396] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=512, location=512 [ 150.837545][ T6396] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found [ 150.852765][ T6396] UDF-fs: Scanning with blocksize 2048 failed [ 150.989670][ T6396] syz.5.137: attempt to access beyond end of device [ 150.989670][ T6396] loop5: rw=0, sector=64, nr_sectors = 8 limit=0 [ 151.010346][ T6396] syz.5.137: attempt to access beyond end of device [ 151.010346][ T6396] loop5: rw=0, sector=2048, nr_sectors = 8 limit=0 [ 151.067654][ T6396] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=256, location=256 [ 151.093087][ T6396] syz.5.137: attempt to access beyond end of device [ 151.093087][ T6396] loop5: rw=0, sector=4096, nr_sectors = 8 limit=0 [ 151.351155][ T6396] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=512, location=512 [ 151.395886][ T6396] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found [ 152.282781][ T6396] UDF-fs: Scanning with blocksize 4096 failed [ 152.288906][ T6396] UDF-fs: warning (device loop5): udf_fill_super: No partition found (1) [ 152.333505][ T5913] ================================================================== [ 152.341603][ T5913] BUG: KASAN: slab-out-of-bounds in iov_iter_revert+0x443/0x5a0 [ 152.349272][ T5913] Read of size 4 at addr ffff888020bab6d8 by task kworker/u8:8/5913 [ 152.357273][ T5913] [ 152.359608][ T5913] CPU: 0 UID: 0 PID: 5913 Comm: kworker/u8:8 Not tainted 6.14.0-rc2-syzkaller-00034-gfebbc555cf0f #0 [ 152.359652][ T5913] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 152.359677][ T5913] Workqueue: events_unbound netfs_write_collection_worker [ 152.359740][ T5913] Call Trace: [ 152.359751][ T5913] [ 152.359764][ T5913] dump_stack_lvl+0x116/0x1f0 [ 152.359811][ T5913] print_report+0xc3/0x620 [ 152.359872][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 152.359936][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 152.360006][ T5913] ? __phys_addr+0xc6/0x150 [ 152.360046][ T5913] kasan_report+0xd9/0x110 [ 152.360107][ T5913] ? iov_iter_revert+0x443/0x5a0 [ 152.360147][ T5913] ? iov_iter_revert+0x443/0x5a0 [ 152.360189][ T5913] iov_iter_revert+0x443/0x5a0 [ 152.360229][ T5913] netfs_retry_writes+0x163d/0x1a00 [ 152.360292][ T5913] ? __pfx___lock_acquire+0x10/0x10 [ 152.360351][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 152.360415][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 152.360482][ T5913] ? __pfx_netfs_retry_writes+0x10/0x10 [ 152.360551][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 152.360614][ T5913] ? rcu_is_watching+0x12/0xc0 [ 152.360656][ T5913] netfs_write_collection_worker+0x23de/0x37c0 [ 152.360736][ T5913] process_one_work+0x9c8/0x1ba0 [ 152.360797][ T5913] ? __pfx_batadv_iv_send_outstanding_bat_ogm_packet+0x10/0x10 [ 152.360866][ T5913] ? __pfx_process_one_work+0x10/0x10 [ 152.360918][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 152.360994][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 152.361058][ T5913] ? assign_work+0x1a0/0x250 [ 152.361107][ T5913] worker_thread+0x6c8/0xf00 [ 152.361165][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 152.361228][ T5913] ? __kthread_parkme+0x148/0x220 [ 152.361265][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 152.361329][ T5913] ? __pfx_worker_thread+0x10/0x10 [ 152.361382][ T5913] kthread+0x3b2/0x750 [ 152.361429][ T5913] ? __pfx_kthread+0x10/0x10 [ 152.361474][ T5913] ? lock_acquire+0x2f/0xb0 [ 152.361531][ T5913] ? __pfx_kthread+0x10/0x10 [ 152.361578][ T5913] ret_from_fork+0x48/0x80 [ 152.361628][ T5913] ? __pfx_kthread+0x10/0x10 [ 152.361673][ T5913] ret_from_fork_asm+0x1a/0x30 [ 152.361725][ T5913] [ 152.361737][ T5913] [ 152.579815][ T5913] Allocated by task 5843: [ 152.584241][ T5913] kasan_save_stack+0x33/0x60 [ 152.588967][ T5913] kasan_save_track+0x14/0x30 [ 152.593699][ T5913] __kasan_kmalloc+0xaa/0xb0 [ 152.598335][ T5913] __kmalloc_node_noprof+0x21f/0x510 [ 152.603673][ T5913] __kvmalloc_node_noprof+0xad/0x1a0 [ 152.609008][ T5913] xt_replace_table+0x1e3/0x940 [ 152.613901][ T5913] __do_replace+0x1d3/0x9d0 [ 152.618443][ T5913] do_ipt_set_ctl+0x956/0xbe0 [ 152.623162][ T5913] nf_setsockopt+0x8d/0xf0 [ 152.627614][ T5913] ip_setsockopt+0xcb/0xf0 [ 152.632074][ T5913] tcp_setsockopt+0xa7/0x100 [ 152.636698][ T5913] do_sock_setsockopt+0x225/0x480 [ 152.641774][ T5913] __sys_setsockopt+0x1a0/0x230 [ 152.646663][ T5913] __x64_sys_setsockopt+0xbd/0x160 [ 152.651816][ T5913] do_syscall_64+0xcd/0x250 [ 152.656354][ T5913] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 152.662292][ T5913] [ 152.664622][ T5913] Freed by task 5843: [ 152.668609][ T5913] kasan_save_stack+0x33/0x60 [ 152.673329][ T5913] kasan_save_track+0x14/0x30 [ 152.678051][ T5913] kasan_save_free_info+0x3b/0x60 [ 152.683108][ T5913] __kasan_slab_free+0x51/0x70 [ 152.687921][ T5913] kfree+0x2c4/0x4d0 [ 152.691860][ T5913] kvfree+0x47/0x50 [ 152.695702][ T5913] xt_free_table_info+0xec/0x220 [ 152.700675][ T5913] __do_replace+0x75b/0x9d0 [ 152.705219][ T5913] do_ipt_set_ctl+0x956/0xbe0 [ 152.709940][ T5913] nf_setsockopt+0x8d/0xf0 [ 152.714394][ T5913] ip_setsockopt+0xcb/0xf0 [ 152.718857][ T5913] tcp_setsockopt+0xa7/0x100 [ 152.723472][ T5913] do_sock_setsockopt+0x225/0x480 [ 152.728548][ T5913] __sys_setsockopt+0x1a0/0x230 [ 152.733435][ T5913] __x64_sys_setsockopt+0xbd/0x160 [ 152.738584][ T5913] do_syscall_64+0xcd/0x250 [ 152.743122][ T5913] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 152.749059][ T5913] [ 152.751390][ T5913] The buggy address belongs to the object at ffff888020bab6c0 [ 152.751390][ T5913] which belongs to the cache kmalloc-16 of size 16 [ 152.765288][ T5913] The buggy address is located 8 bytes to the right of [ 152.765288][ T5913] allocated 16-byte region [ffff888020bab6c0, ffff888020bab6d0) [ 152.779719][ T5913] [ 152.782053][ T5913] The buggy address belongs to the physical page: [ 152.788492][ T5913] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x20bab [ 152.797287][ T5913] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 152.804461][ T5913] page_type: f5(slab) [ 152.808478][ T5913] raw: 00fff00000000000 ffff88801b041640 dead000000000100 dead000000000122 [ 152.817091][ T5913] raw: 0000000000000000 0000000000800080 00000000f5000000 0000000000000000 [ 152.825688][ T5913] page dumped because: kasan: bad access detected [ 152.832120][ T5913] page_owner tracks the page as allocated [ 152.837842][ T5913] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x252800(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP|__GFP_THISNODE), pid 5831, tgid 5831 (syz-executor), ts 124453930742, free_ts 124446016192 [ 152.857608][ T5913] post_alloc_hook+0x181/0x1b0 [ 152.862422][ T5913] get_page_from_freelist+0xfce/0x2f80 [ 152.867956][ T5913] __alloc_frozen_pages_noprof+0x221/0x2470 [ 152.873914][ T5913] new_slab+0x94/0x330 [ 152.878059][ T5913] ___slab_alloc+0xc5d/0x1720 [ 152.882778][ T5913] __slab_alloc.constprop.0+0x56/0xb0 [ 152.888190][ T5913] __kmalloc_node_noprof+0x2f0/0x510 [ 152.893530][ T5913] __kvmalloc_node_noprof+0xad/0x1a0 [ 152.898868][ T5913] xt_replace_table+0x1e3/0x940 [ 152.903763][ T5913] __do_replace+0x1d3/0x9d0 [ 152.908301][ T5913] do_ipt_set_ctl+0x956/0xbe0 [ 152.913023][ T5913] nf_setsockopt+0x8d/0xf0 [ 152.917470][ T5913] ip_setsockopt+0xcb/0xf0 [ 152.921928][ T5913] tcp_setsockopt+0xa7/0x100 [ 152.926543][ T5913] do_sock_setsockopt+0x225/0x480 [ 152.931620][ T5913] __sys_setsockopt+0x1a0/0x230 [ 152.936511][ T5913] page last free pid 6201 tgid 6196 stack trace: [ 152.942850][ T5913] free_frozen_pages+0x6db/0xfb0 [ 152.947836][ T5913] tlb_finish_mmu+0x237/0x7b0 [ 152.952563][ T5913] exit_mmap+0x40e/0xba0 [ 152.956847][ T5913] __mmput+0x12a/0x410 [ 152.960961][ T5913] mmput+0x62/0x70 [ 152.964738][ T5913] do_exit+0x9ba/0x2d70 [ 152.968922][ T5913] do_group_exit+0xd3/0x2a0 [ 152.973539][ T5913] get_signal+0x24ed/0x26c0 [ 152.978095][ T5913] arch_do_signal_or_restart+0x90/0x7e0 [ 152.983673][ T5913] syscall_exit_to_user_mode+0x150/0x2a0 [ 152.989339][ T5913] do_syscall_64+0xda/0x250 [ 152.993878][ T5913] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 152.999818][ T5913] [ 153.002147][ T5913] Memory state around the buggy address: [ 153.007788][ T5913] ffff888020bab580: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 153.015869][ T5913] ffff888020bab600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 153.023950][ T5913] >ffff888020bab680: fa fb fc fc fa fb fc fc fa fb fc fc 00 00 fc fc [ 153.032031][ T5913] ^ [ 153.038977][ T5913] ffff888020bab700: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 153.047062][ T5913] ffff888020bab780: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 153.055136][ T5913] ================================================================== [ 154.025125][ T5913] Disabling lock debugging due to kernel taint [ 154.031334][ T5913] ================================================================== [ 154.039403][ T5913] BUG: KASAN: slab-use-after-free in iov_iter_revert+0x521/0x5a0 [ 154.047153][ T5913] Read of size 4 at addr ffff888020bab6c8 by task kworker/u8:8/5913 [ 154.055152][ T5913] [ 154.057482][ T5913] CPU: 0 UID: 0 PID: 5913 Comm: kworker/u8:8 Tainted: G B 6.14.0-rc2-syzkaller-00034-gfebbc555cf0f #0 [ 154.057531][ T5913] Tainted: [B]=BAD_PAGE [ 154.057542][ T5913] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 154.057566][ T5913] Workqueue: events_unbound netfs_write_collection_worker [ 154.057624][ T5913] Call Trace: [ 154.057635][ T5913] [ 154.057647][ T5913] dump_stack_lvl+0x116/0x1f0 [ 154.057689][ T5913] print_report+0xc3/0x620 [ 154.057744][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 154.057803][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 154.057860][ T5913] ? __phys_addr+0xc6/0x150 [ 154.057896][ T5913] kasan_report+0xd9/0x110 [ 154.057951][ T5913] ? iov_iter_revert+0x521/0x5a0 [ 154.057987][ T5913] ? iov_iter_revert+0x521/0x5a0 [ 154.058026][ T5913] iov_iter_revert+0x521/0x5a0 [ 154.058062][ T5913] netfs_retry_writes+0x163d/0x1a00 [ 154.058120][ T5913] ? __pfx___lock_acquire+0x10/0x10 [ 154.058173][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 154.058236][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 154.058296][ T5913] ? __pfx_netfs_retry_writes+0x10/0x10 [ 154.058358][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 154.058415][ T5913] ? rcu_is_watching+0x12/0xc0 [ 154.058454][ T5913] netfs_write_collection_worker+0x23de/0x37c0 [ 154.058527][ T5913] process_one_work+0x9c8/0x1ba0 [ 154.058582][ T5913] ? __pfx_batadv_iv_send_outstanding_bat_ogm_packet+0x10/0x10 [ 154.058645][ T5913] ? __pfx_process_one_work+0x10/0x10 [ 154.058693][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 154.058755][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 154.058813][ T5913] ? assign_work+0x1a0/0x250 [ 154.058857][ T5913] worker_thread+0x6c8/0xf00 [ 154.058909][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 154.058966][ T5913] ? __kthread_parkme+0x148/0x220 [ 154.059001][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 154.059058][ T5913] ? __pfx_worker_thread+0x10/0x10 [ 154.059106][ T5913] kthread+0x3b2/0x750 [ 154.059148][ T5913] ? __pfx_kthread+0x10/0x10 [ 154.059189][ T5913] ? lock_acquire+0x2f/0xb0 [ 154.059245][ T5913] ? __pfx_kthread+0x10/0x10 [ 154.059287][ T5913] ret_from_fork+0x48/0x80 [ 154.059335][ T5913] ? __pfx_kthread+0x10/0x10 [ 154.059377][ T5913] ret_from_fork_asm+0x1a/0x30 [ 154.059425][ T5913] [ 154.059437][ T5913] [ 154.284383][ T5913] Allocated by task 5843: [ 154.288724][ T5913] kasan_save_stack+0x33/0x60 [ 154.293446][ T5913] kasan_save_track+0x14/0x30 [ 154.298155][ T5913] __kasan_kmalloc+0xaa/0xb0 [ 154.302782][ T5913] __kmalloc_node_noprof+0x21f/0x510 [ 154.308106][ T5913] __kvmalloc_node_noprof+0xad/0x1a0 [ 154.313441][ T5913] xt_replace_table+0x1e3/0x940 [ 154.318323][ T5913] __do_replace+0x1d3/0x9d0 [ 154.322887][ T5913] do_ipt_set_ctl+0x956/0xbe0 [ 154.327592][ T5913] nf_setsockopt+0x8d/0xf0 [ 154.332031][ T5913] ip_setsockopt+0xcb/0xf0 [ 154.336480][ T5913] tcp_setsockopt+0xa7/0x100 [ 154.341083][ T5913] do_sock_setsockopt+0x225/0x480 [ 154.346144][ T5913] __sys_setsockopt+0x1a0/0x230 [ 154.351022][ T5913] __x64_sys_setsockopt+0xbd/0x160 [ 154.356159][ T5913] do_syscall_64+0xcd/0x250 [ 154.360683][ T5913] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 154.366607][ T5913] [ 154.368928][ T5913] Freed by task 5843: [ 154.372905][ T5913] kasan_save_stack+0x33/0x60 [ 154.377654][ T5913] kasan_save_track+0x14/0x30 [ 154.382377][ T5913] kasan_save_free_info+0x3b/0x60 [ 154.387437][ T5913] __kasan_slab_free+0x51/0x70 [ 154.392236][ T5913] kfree+0x2c4/0x4d0 [ 154.396163][ T5913] kvfree+0x47/0x50 [ 154.399999][ T5913] xt_free_table_info+0xec/0x220 [ 154.404961][ T5913] __do_replace+0x75b/0x9d0 [ 154.409498][ T5913] do_ipt_set_ctl+0x956/0xbe0 [ 154.414207][ T5913] nf_setsockopt+0x8d/0xf0 [ 154.418643][ T5913] ip_setsockopt+0xcb/0xf0 [ 154.423087][ T5913] tcp_setsockopt+0xa7/0x100 [ 154.427691][ T5913] do_sock_setsockopt+0x225/0x480 [ 154.432756][ T5913] __sys_setsockopt+0x1a0/0x230 [ 154.437632][ T5913] __x64_sys_setsockopt+0xbd/0x160 [ 154.442770][ T5913] do_syscall_64+0xcd/0x250 [ 154.447296][ T5913] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 154.453337][ T5913] [ 154.455662][ T5913] The buggy address belongs to the object at ffff888020bab6c0 [ 154.455662][ T5913] which belongs to the cache kmalloc-16 of size 16 [ 154.469551][ T5913] The buggy address is located 8 bytes inside of [ 154.469551][ T5913] freed 16-byte region [ffff888020bab6c0, ffff888020bab6d0) [ 154.483192][ T5913] [ 154.485515][ T5913] The buggy address belongs to the physical page: [ 154.491921][ T5913] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x20bab [ 154.500693][ T5913] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 154.507810][ T5913] page_type: f5(slab) [ 154.511804][ T5913] raw: 00fff00000000000 ffff88801b041640 dead000000000100 dead000000000122 [ 154.520403][ T5913] raw: 0000000000000000 0000000000800080 00000000f5000000 0000000000000000 [ 154.528998][ T5913] page dumped because: kasan: bad access detected [ 154.535412][ T5913] page_owner tracks the page as allocated [ 154.541121][ T5913] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x252800(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP|__GFP_THISNODE), pid 5831, tgid 5831 (syz-executor), ts 124453930742, free_ts 124446016192 [ 154.560880][ T5913] post_alloc_hook+0x181/0x1b0 [ 154.565689][ T5913] get_page_from_freelist+0xfce/0x2f80 [ 154.571186][ T5913] __alloc_frozen_pages_noprof+0x221/0x2470 [ 154.577117][ T5913] new_slab+0x94/0x330 [ 154.581214][ T5913] ___slab_alloc+0xc5d/0x1720 [ 154.585926][ T5913] __slab_alloc.constprop.0+0x56/0xb0 [ 154.591329][ T5913] __kmalloc_node_noprof+0x2f0/0x510 [ 154.596650][ T5913] __kvmalloc_node_noprof+0xad/0x1a0 [ 154.601972][ T5913] xt_replace_table+0x1e3/0x940 [ 154.606885][ T5913] __do_replace+0x1d3/0x9d0 [ 154.611420][ T5913] do_ipt_set_ctl+0x956/0xbe0 [ 154.616135][ T5913] nf_setsockopt+0x8d/0xf0 [ 154.620570][ T5913] ip_setsockopt+0xcb/0xf0 [ 154.625037][ T5913] tcp_setsockopt+0xa7/0x100 [ 154.629637][ T5913] do_sock_setsockopt+0x225/0x480 [ 154.634703][ T5913] __sys_setsockopt+0x1a0/0x230 [ 154.639576][ T5913] page last free pid 6201 tgid 6196 stack trace: [ 154.645902][ T5913] free_frozen_pages+0x6db/0xfb0 [ 154.650878][ T5913] tlb_finish_mmu+0x237/0x7b0 [ 154.655591][ T5913] exit_mmap+0x40e/0xba0 [ 154.659860][ T5913] __mmput+0x12a/0x410 [ 154.663967][ T5913] mmput+0x62/0x70 [ 154.667728][ T5913] do_exit+0x9ba/0x2d70 [ 154.671898][ T5913] do_group_exit+0xd3/0x2a0 [ 154.676419][ T5913] get_signal+0x24ed/0x26c0 [ 154.680954][ T5913] arch_do_signal_or_restart+0x90/0x7e0 [ 154.686549][ T5913] syscall_exit_to_user_mode+0x150/0x2a0 [ 154.692205][ T5913] do_syscall_64+0xda/0x250 [ 154.696727][ T5913] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 154.702652][ T5913] [ 154.704974][ T5913] Memory state around the buggy address: [ 154.710605][ T5913] ffff888020bab580: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 154.718670][ T5913] ffff888020bab600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 154.726740][ T5913] >ffff888020bab680: fa fb fc fc fa fb fc fc fa fb fc fc 00 00 fc fc [ 154.734802][ T5913] ^ [ 154.741215][ T5913] ffff888020bab700: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 154.749284][ T5913] ffff888020bab780: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 154.757350][ T5913] ================================================================== [ 155.250134][ T5913] ================================================================== [ 155.258251][ T5913] BUG: KASAN: slab-use-after-free in iov_iter_advance+0x652/0x6c0 [ 155.266362][ T5913] Read of size 4 at addr ffff888020bab6c8 by task kworker/u8:8/5913 [ 155.274386][ T5913] [ 155.276720][ T5913] CPU: 0 UID: 0 PID: 5913 Comm: kworker/u8:8 Tainted: G B 6.14.0-rc2-syzkaller-00034-gfebbc555cf0f #0 [ 155.276773][ T5913] Tainted: [B]=BAD_PAGE [ 155.276786][ T5913] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 155.276812][ T5913] Workqueue: events_unbound netfs_write_collection_worker [ 155.276874][ T5913] Call Trace: [ 155.276886][ T5913] [ 155.276899][ T5913] dump_stack_lvl+0x116/0x1f0 [ 155.276944][ T5913] print_report+0xc3/0x620 [ 155.277010][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 155.277073][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 155.277135][ T5913] ? __phys_addr+0xc6/0x150 [ 155.277175][ T5913] kasan_report+0xd9/0x110 [ 155.277235][ T5913] ? iov_iter_advance+0x652/0x6c0 [ 155.277274][ T5913] ? iov_iter_advance+0x652/0x6c0 [ 155.277316][ T5913] iov_iter_advance+0x652/0x6c0 [ 155.277355][ T5913] netfs_reissue_write+0x13d/0x240 [ 155.277417][ T5913] netfs_retry_writes+0x165a/0x1a00 [ 155.277479][ T5913] ? __pfx___lock_acquire+0x10/0x10 [ 155.277536][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 155.277599][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 155.277665][ T5913] ? __pfx_netfs_retry_writes+0x10/0x10 [ 155.277732][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 155.277794][ T5913] ? rcu_is_watching+0x12/0xc0 [ 155.277836][ T5913] netfs_write_collection_worker+0x23de/0x37c0 [ 155.277916][ T5913] process_one_work+0x9c8/0x1ba0 [ 155.277975][ T5913] ? __pfx_batadv_iv_send_outstanding_bat_ogm_packet+0x10/0x10 [ 155.278048][ T5913] ? __pfx_process_one_work+0x10/0x10 [ 155.278100][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 155.278167][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 155.278229][ T5913] ? assign_work+0x1a0/0x250 [ 155.278277][ T5913] worker_thread+0x6c8/0xf00 [ 155.278333][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 155.278395][ T5913] ? __kthread_parkme+0x148/0x220 [ 155.278432][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 155.278494][ T5913] ? __pfx_worker_thread+0x10/0x10 [ 155.278547][ T5913] kthread+0x3b2/0x750 [ 155.278592][ T5913] ? __pfx_kthread+0x10/0x10 [ 155.278636][ T5913] ? lock_acquire+0x2f/0xb0 [ 155.278691][ T5913] ? __pfx_kthread+0x10/0x10 [ 155.278737][ T5913] ret_from_fork+0x48/0x80 [ 155.278788][ T5913] ? __pfx_kthread+0x10/0x10 [ 155.278834][ T5913] ret_from_fork_asm+0x1a/0x30 [ 155.278886][ T5913] [ 155.278898][ T5913] [ 155.507549][ T5913] Allocated by task 5843: [ 155.511890][ T5913] kasan_save_stack+0x33/0x60 [ 155.516608][ T5913] kasan_save_track+0x14/0x30 [ 155.521315][ T5913] __kasan_kmalloc+0xaa/0xb0 [ 155.525932][ T5913] __kmalloc_node_noprof+0x21f/0x510 [ 155.531460][ T5913] __kvmalloc_node_noprof+0xad/0x1a0 [ 155.536773][ T5913] xt_replace_table+0x1e3/0x940 [ 155.541651][ T5913] __do_replace+0x1d3/0x9d0 [ 155.546177][ T5913] do_ipt_set_ctl+0x956/0xbe0 [ 155.550877][ T5913] nf_setsockopt+0x8d/0xf0 [ 155.555312][ T5913] ip_setsockopt+0xcb/0xf0 [ 155.559753][ T5913] tcp_setsockopt+0xa7/0x100 [ 155.564351][ T5913] do_sock_setsockopt+0x225/0x480 [ 155.569414][ T5913] __sys_setsockopt+0x1a0/0x230 [ 155.574293][ T5913] __x64_sys_setsockopt+0xbd/0x160 [ 155.579438][ T5913] do_syscall_64+0xcd/0x250 [ 155.583963][ T5913] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 155.589890][ T5913] [ 155.592214][ T5913] Freed by task 5843: [ 155.596193][ T5913] kasan_save_stack+0x33/0x60 [ 155.600900][ T5913] kasan_save_track+0x14/0x30 [ 155.605618][ T5913] kasan_save_free_info+0x3b/0x60 [ 155.610673][ T5913] __kasan_slab_free+0x51/0x70 [ 155.615476][ T5913] kfree+0x2c4/0x4d0 [ 155.619400][ T5913] kvfree+0x47/0x50 [ 155.623320][ T5913] xt_free_table_info+0xec/0x220 [ 155.628316][ T5913] __do_replace+0x75b/0x9d0 [ 155.632845][ T5913] do_ipt_set_ctl+0x956/0xbe0 [ 155.637548][ T5913] nf_setsockopt+0x8d/0xf0 [ 155.641984][ T5913] ip_setsockopt+0xcb/0xf0 [ 155.646433][ T5913] tcp_setsockopt+0xa7/0x100 [ 155.651033][ T5913] do_sock_setsockopt+0x225/0x480 [ 155.656095][ T5913] __sys_setsockopt+0x1a0/0x230 [ 155.661060][ T5913] __x64_sys_setsockopt+0xbd/0x160 [ 155.666199][ T5913] do_syscall_64+0xcd/0x250 [ 155.670730][ T5913] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 155.676655][ T5913] [ 155.678979][ T5913] The buggy address belongs to the object at ffff888020bab6c0 [ 155.678979][ T5913] which belongs to the cache kmalloc-16 of size 16 [ 155.692868][ T5913] The buggy address is located 8 bytes inside of [ 155.692868][ T5913] freed 16-byte region [ffff888020bab6c0, ffff888020bab6d0) [ 155.706418][ T5913] [ 155.708746][ T5913] The buggy address belongs to the physical page: [ 155.715436][ T5913] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x20bab [ 155.724205][ T5913] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 155.731324][ T5913] page_type: f5(slab) [ 155.735315][ T5913] raw: 00fff00000000000 ffff88801b041640 dead000000000100 dead000000000122 [ 155.743911][ T5913] raw: 0000000000000000 0000000000800080 00000000f5000000 0000000000000000 [ 155.752497][ T5913] page dumped because: kasan: bad access detected [ 155.758905][ T5913] page_owner tracks the page as allocated [ 155.764615][ T5913] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x252800(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP|__GFP_THISNODE), pid 5831, tgid 5831 (syz-executor), ts 124453930742, free_ts 124446016192 [ 155.784349][ T5913] post_alloc_hook+0x181/0x1b0 [ 155.789146][ T5913] get_page_from_freelist+0xfce/0x2f80 [ 155.794640][ T5913] __alloc_frozen_pages_noprof+0x221/0x2470 [ 155.800572][ T5913] new_slab+0x94/0x330 [ 155.804666][ T5913] ___slab_alloc+0xc5d/0x1720 [ 155.809371][ T5913] __slab_alloc.constprop.0+0x56/0xb0 [ 155.814773][ T5913] __kmalloc_node_noprof+0x2f0/0x510 [ 155.820096][ T5913] __kvmalloc_node_noprof+0xad/0x1a0 [ 155.825411][ T5913] xt_replace_table+0x1e3/0x940 [ 155.830290][ T5913] __do_replace+0x1d3/0x9d0 [ 155.834816][ T5913] do_ipt_set_ctl+0x956/0xbe0 [ 155.839519][ T5913] nf_setsockopt+0x8d/0xf0 [ 155.844130][ T5913] ip_setsockopt+0xcb/0xf0 [ 155.848579][ T5913] tcp_setsockopt+0xa7/0x100 [ 155.853180][ T5913] do_sock_setsockopt+0x225/0x480 [ 155.858247][ T5913] __sys_setsockopt+0x1a0/0x230 [ 155.863124][ T5913] page last free pid 6201 tgid 6196 stack trace: [ 155.869972][ T5913] free_frozen_pages+0x6db/0xfb0 [ 155.874942][ T5913] tlb_finish_mmu+0x237/0x7b0 [ 155.879746][ T5913] exit_mmap+0x40e/0xba0 [ 155.884016][ T5913] __mmput+0x12a/0x410 [ 155.888116][ T5913] mmput+0x62/0x70 [ 155.891869][ T5913] do_exit+0x9ba/0x2d70 [ 155.896044][ T5913] do_group_exit+0xd3/0x2a0 [ 155.900563][ T5913] get_signal+0x24ed/0x26c0 [ 155.905104][ T5913] arch_do_signal_or_restart+0x90/0x7e0 [ 155.910670][ T5913] syscall_exit_to_user_mode+0x150/0x2a0 [ 155.916329][ T5913] do_syscall_64+0xda/0x250 [ 155.920857][ T5913] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 155.926785][ T5913] [ 155.929110][ T5913] Memory state around the buggy address: [ 155.934740][ T5913] ffff888020bab580: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 155.942809][ T5913] ffff888020bab600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 155.950882][ T5913] >ffff888020bab680: fa fb fc fc fa fb fc fc fa fb fc fc 00 00 fc fc [ 155.958946][ T5913] ^ [ 155.965361][ T5913] ffff888020bab700: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 155.973428][ T5913] ffff888020bab780: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 155.981580][ T5913] ================================================================== [ 156.148385][ T5913] ================================================================== [ 156.156504][ T5913] BUG: KASAN: slab-out-of-bounds in iov_iter_advance+0x652/0x6c0 [ 156.164268][ T5913] Read of size 4 at addr ffff888020bab6d8 by task kworker/u8:8/5913 [ 156.172273][ T5913] [ 156.174614][ T5913] CPU: 0 UID: 0 PID: 5913 Comm: kworker/u8:8 Tainted: G B 6.14.0-rc2-syzkaller-00034-gfebbc555cf0f #0 [ 156.174669][ T5913] Tainted: [B]=BAD_PAGE [ 156.174682][ T5913] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 156.174708][ T5913] Workqueue: events_unbound netfs_write_collection_worker [ 156.174771][ T5913] Call Trace: [ 156.174783][ T5913] [ 156.174796][ T5913] dump_stack_lvl+0x116/0x1f0 [ 156.174844][ T5913] print_report+0xc3/0x620 [ 156.174906][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 156.174972][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 156.175035][ T5913] ? __phys_addr+0xc6/0x150 [ 156.175076][ T5913] kasan_report+0xd9/0x110 [ 156.175138][ T5913] ? iov_iter_advance+0x652/0x6c0 [ 156.175178][ T5913] ? iov_iter_advance+0x652/0x6c0 [ 156.175222][ T5913] iov_iter_advance+0x652/0x6c0 [ 156.175270][ T5913] netfs_reissue_write+0x13d/0x240 [ 156.175332][ T5913] netfs_retry_writes+0x165a/0x1a00 [ 156.175396][ T5913] ? __pfx___lock_acquire+0x10/0x10 [ 156.175456][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 156.175521][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 156.175588][ T5913] ? __pfx_netfs_retry_writes+0x10/0x10 [ 156.175658][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 156.175722][ T5913] ? rcu_is_watching+0x12/0xc0 [ 156.175765][ T5913] netfs_write_collection_worker+0x23de/0x37c0 [ 156.175847][ T5913] process_one_work+0x9c8/0x1ba0 [ 156.175908][ T5913] ? __pfx_batadv_iv_send_outstanding_bat_ogm_packet+0x10/0x10 [ 156.175979][ T5913] ? __pfx_process_one_work+0x10/0x10 [ 156.176032][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 156.176102][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 156.176166][ T5913] ? assign_work+0x1a0/0x250 [ 156.176217][ T5913] worker_thread+0x6c8/0xf00 [ 156.176280][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 156.176343][ T5913] ? __kthread_parkme+0x148/0x220 [ 156.176381][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 156.176445][ T5913] ? __pfx_worker_thread+0x10/0x10 [ 156.176498][ T5913] kthread+0x3b2/0x750 [ 156.176544][ T5913] ? __pfx_kthread+0x10/0x10 [ 156.176591][ T5913] ? lock_acquire+0x2f/0xb0 [ 156.176648][ T5913] ? __pfx_kthread+0x10/0x10 [ 156.176697][ T5913] ret_from_fork+0x48/0x80 [ 156.176750][ T5913] ? __pfx_kthread+0x10/0x10 [ 156.176797][ T5913] ret_from_fork_asm+0x1a/0x30 [ 156.176852][ T5913] [ 156.176864][ T5913] [ 156.406345][ T5913] Allocated by task 5843: [ 156.410691][ T5913] kasan_save_stack+0x33/0x60 [ 156.415420][ T5913] kasan_save_track+0x14/0x30 [ 156.420148][ T5913] __kasan_kmalloc+0xaa/0xb0 [ 156.424790][ T5913] __kmalloc_node_noprof+0x21f/0x510 [ 156.430131][ T5913] __kvmalloc_node_noprof+0xad/0x1a0 [ 156.435468][ T5913] xt_replace_table+0x1e3/0x940 [ 156.440368][ T5913] __do_replace+0x1d3/0x9d0 [ 156.444933][ T5913] do_ipt_set_ctl+0x956/0xbe0 [ 156.449659][ T5913] nf_setsockopt+0x8d/0xf0 [ 156.454109][ T5913] ip_setsockopt+0xcb/0xf0 [ 156.458569][ T5913] tcp_setsockopt+0xa7/0x100 [ 156.463184][ T5913] do_sock_setsockopt+0x225/0x480 [ 156.468266][ T5913] __sys_setsockopt+0x1a0/0x230 [ 156.473163][ T5913] __x64_sys_setsockopt+0xbd/0x160 [ 156.478318][ T5913] do_syscall_64+0xcd/0x250 [ 156.482856][ T5913] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 156.488790][ T5913] [ 156.491119][ T5913] Freed by task 5843: [ 156.495106][ T5913] kasan_save_stack+0x33/0x60 [ 156.499836][ T5913] kasan_save_track+0x14/0x30 [ 156.504559][ T5913] kasan_save_free_info+0x3b/0x60 [ 156.509621][ T5913] __kasan_slab_free+0x51/0x70 [ 156.514435][ T5913] kfree+0x2c4/0x4d0 [ 156.518368][ T5913] kvfree+0x47/0x50 [ 156.522212][ T5913] xt_free_table_info+0xec/0x220 [ 156.527185][ T5913] __do_replace+0x75b/0x9d0 [ 156.531726][ T5913] do_ipt_set_ctl+0x956/0xbe0 [ 156.536445][ T5913] nf_setsockopt+0x8d/0xf0 [ 156.540891][ T5913] ip_setsockopt+0xcb/0xf0 [ 156.545349][ T5913] tcp_setsockopt+0xa7/0x100 [ 156.549965][ T5913] do_sock_setsockopt+0x225/0x480 [ 156.555043][ T5913] __sys_setsockopt+0x1a0/0x230 [ 156.559932][ T5913] __x64_sys_setsockopt+0xbd/0x160 [ 156.565090][ T5913] do_syscall_64+0xcd/0x250 [ 156.569627][ T5913] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 156.575564][ T5913] [ 156.577892][ T5913] The buggy address belongs to the object at ffff888020bab6c0 [ 156.577892][ T5913] which belongs to the cache kmalloc-16 of size 16 [ 156.591797][ T5913] The buggy address is located 8 bytes to the right of [ 156.591797][ T5913] allocated 16-byte region [ffff888020bab6c0, ffff888020bab6d0) [ 156.606238][ T5913] [ 156.608580][ T5913] The buggy address belongs to the physical page: [ 156.615018][ T5913] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888020bab780 pfn:0x20bab [ 156.625154][ T5913] flags: 0xfff00000000200(workingset|node=0|zone=1|lastcpupid=0x7ff) [ 156.633431][ T5913] page_type: f5(slab) [ 156.637538][ T5913] raw: 00fff00000000200 ffff88801b041640 ffff88801b040408 ffffea0000d10950 [ 156.646154][ T5913] raw: ffff888020bab780 0000000000800074 00000000f5000000 0000000000000000 [ 156.654875][ T5913] page dumped because: kasan: bad access detected [ 156.661640][ T5913] page_owner tracks the page as allocated [ 156.667383][ T5913] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x252800(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP|__GFP_THISNODE), pid 5831, tgid 5831 (syz-executor), ts 124453930742, free_ts 124446016192 [ 156.687229][ T5913] post_alloc_hook+0x181/0x1b0 [ 156.692030][ T5913] get_page_from_freelist+0xfce/0x2f80 [ 156.697513][ T5913] __alloc_frozen_pages_noprof+0x221/0x2470 [ 156.703431][ T5913] new_slab+0x94/0x330 [ 156.707537][ T5913] ___slab_alloc+0xc5d/0x1720 [ 156.712231][ T5913] __slab_alloc.constprop.0+0x56/0xb0 [ 156.717707][ T5913] __kmalloc_node_noprof+0x2f0/0x510 [ 156.723016][ T5913] __kvmalloc_node_noprof+0xad/0x1a0 [ 156.728337][ T5913] xt_replace_table+0x1e3/0x940 [ 156.733218][ T5913] __do_replace+0x1d3/0x9d0 [ 156.737777][ T5913] do_ipt_set_ctl+0x956/0xbe0 [ 156.742477][ T5913] nf_setsockopt+0x8d/0xf0 [ 156.746931][ T5913] ip_setsockopt+0xcb/0xf0 [ 156.751399][ T5913] tcp_setsockopt+0xa7/0x100 [ 156.756019][ T5913] do_sock_setsockopt+0x225/0x480 [ 156.761070][ T5913] __sys_setsockopt+0x1a0/0x230 [ 156.765943][ T5913] page last free pid 6201 tgid 6196 stack trace: [ 156.772269][ T5913] free_frozen_pages+0x6db/0xfb0 [ 156.777231][ T5913] tlb_finish_mmu+0x237/0x7b0 [ 156.781931][ T5913] exit_mmap+0x40e/0xba0 [ 156.786199][ T5913] __mmput+0x12a/0x410 [ 156.790293][ T5913] mmput+0x62/0x70 [ 156.794035][ T5913] do_exit+0x9ba/0x2d70 [ 156.798200][ T5913] do_group_exit+0xd3/0x2a0 [ 156.802712][ T5913] get_signal+0x24ed/0x26c0 [ 156.807240][ T5913] arch_do_signal_or_restart+0x90/0x7e0 [ 156.812805][ T5913] syscall_exit_to_user_mode+0x150/0x2a0 [ 156.818448][ T5913] do_syscall_64+0xda/0x250 [ 156.822965][ T5913] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 156.828887][ T5913] [ 156.831219][ T5913] Memory state around the buggy address: [ 156.836861][ T5913] ffff888020bab580: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 156.844941][ T5913] ffff888020bab600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 156.853013][ T5913] >ffff888020bab680: fa fb fc fc fa fb fc fc fa fb fc fc 00 00 fc fc [ 156.861070][ T5913] ^ [ 156.868008][ T5913] ffff888020bab700: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 156.876082][ T5913] ffff888020bab780: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 156.884145][ T5913] ================================================================== [ 156.906648][ T5913] ================================================================== [ 156.914751][ T5913] BUG: KASAN: slab-use-after-free in _copy_from_iter+0x1507/0x1560 [ 156.922675][ T5913] Read of size 4 at addr ffff888020bab6cc by task kworker/u8:8/5913 [ 156.930652][ T5913] [ 156.932984][ T5913] CPU: 0 UID: 0 PID: 5913 Comm: kworker/u8:8 Tainted: G B 6.14.0-rc2-syzkaller-00034-gfebbc555cf0f #0 [ 156.933023][ T5913] Tainted: [B]=BAD_PAGE [ 156.933037][ T5913] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 156.933056][ T5913] Workqueue: events_unbound netfs_write_collection_worker [ 156.933103][ T5913] Call Trace: [ 156.933112][ T5913] [ 156.933122][ T5913] dump_stack_lvl+0x116/0x1f0 [ 156.933156][ T5913] print_report+0xc3/0x620 [ 156.933201][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 156.933250][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 156.933295][ T5913] ? __phys_addr+0xc6/0x150 [ 156.933325][ T5913] kasan_report+0xd9/0x110 [ 156.933380][ T5913] ? _copy_from_iter+0x1507/0x1560 [ 156.933422][ T5913] ? _copy_from_iter+0x1507/0x1560 [ 156.933459][ T5913] _copy_from_iter+0x1507/0x1560 [ 156.933488][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 156.933535][ T5913] ? __virt_addr_valid+0x1a4/0x590 [ 156.933563][ T5913] ? __pfx__copy_from_iter+0x10/0x10 [ 156.933590][ T5913] ? __virt_addr_valid+0x1a4/0x590 [ 156.933620][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 156.933667][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 156.933714][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 156.933760][ T5913] ? __phys_addr_symbol+0x30/0x80 [ 156.933787][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 156.933834][ T5913] ? __check_object_size+0x488/0x710 [ 156.933884][ T5913] p9pdu_vwritef+0x2d0/0x1cf0 [ 156.933923][ T5913] ? p9pdu_writef+0xc4/0x100 [ 156.933958][ T5913] ? __pfx_p9pdu_vwritef+0x10/0x10 [ 156.933998][ T5913] ? __pfx_p9_tag_alloc+0x10/0x10 [ 156.934024][ T5913] ? finish_task_switch.isra.0+0x212/0xcc0 [ 156.934068][ T5913] ? rcu_is_watching+0x12/0xc0 [ 156.934096][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 156.934143][ T5913] ? rcu_is_watching+0x12/0xc0 [ 156.934172][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 156.934221][ T5913] p9_client_prepare_req+0x244/0x4d0 [ 156.934253][ T5913] ? __pfx_p9_client_prepare_req+0x10/0x10 [ 156.934282][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 156.934332][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 156.934378][ T5913] ? __schedule+0xf4b/0x5890 [ 156.934407][ T5913] p9_client_rpc+0x1c3/0xc10 [ 156.934437][ T5913] ? __pfx_p9_client_rpc+0x10/0x10 [ 156.934473][ T5913] ? __pfx___schedule+0x10/0x10 [ 156.934511][ T5913] ? __pfx_vprintk_emit+0x10/0x10 [ 156.934549][ T5913] ? rcu_is_watching+0x12/0xc0 [ 156.934577][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 156.934622][ T5913] ? trace_irq_enable.constprop.0+0xea/0x140 [ 156.934667][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 156.934717][ T5913] p9_client_write+0x31f/0x680 [ 156.934769][ T5913] ? __pfx_p9_client_write+0x10/0x10 [ 156.934815][ T5913] ? iov_iter_advance+0x652/0x6c0 [ 156.934850][ T5913] v9fs_issue_write+0xe4/0x1b0 [ 156.934896][ T5913] ? __pfx_v9fs_issue_write+0x10/0x10 [ 156.934943][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 156.934992][ T5913] ? rcu_is_watching+0x12/0xc0 [ 156.935021][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 156.935069][ T5913] netfs_do_issue_write+0x95/0x110 [ 156.935113][ T5913] netfs_retry_writes+0x165a/0x1a00 [ 156.935159][ T5913] ? __pfx___lock_acquire+0x10/0x10 [ 156.935202][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 156.935250][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 156.935303][ T5913] ? __pfx_netfs_retry_writes+0x10/0x10 [ 156.935354][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 156.935400][ T5913] ? rcu_is_watching+0x12/0xc0 [ 156.935431][ T5913] netfs_write_collection_worker+0x23de/0x37c0 [ 156.935490][ T5913] process_one_work+0x9c8/0x1ba0 [ 156.935535][ T5913] ? __pfx_batadv_iv_send_outstanding_bat_ogm_packet+0x10/0x10 [ 156.935599][ T5913] ? __pfx_process_one_work+0x10/0x10 [ 156.935647][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 156.935698][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 156.935744][ T5913] ? assign_work+0x1a0/0x250 [ 156.935781][ T5913] worker_thread+0x6c8/0xf00 [ 156.935823][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 156.935870][ T5913] ? __kthread_parkme+0x148/0x220 [ 156.935897][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 156.935944][ T5913] ? __pfx_worker_thread+0x10/0x10 [ 156.935988][ T5913] kthread+0x3b2/0x750 [ 156.936022][ T5913] ? __pfx_kthread+0x10/0x10 [ 156.936055][ T5913] ? lock_acquire+0x2f/0xb0 [ 156.936097][ T5913] ? __pfx_kthread+0x10/0x10 [ 156.936132][ T5913] ret_from_fork+0x48/0x80 [ 156.936170][ T5913] ? __pfx_kthread+0x10/0x10 [ 156.936204][ T5913] ret_from_fork_asm+0x1a/0x30 [ 156.936245][ T5913] [ 156.936254][ T5913] [ 157.374575][ T5913] Allocated by task 5843: [ 157.378996][ T5913] kasan_save_stack+0x33/0x60 [ 157.383710][ T5913] kasan_save_track+0x14/0x30 [ 157.388421][ T5913] __kasan_kmalloc+0xaa/0xb0 [ 157.393043][ T5913] __kmalloc_node_noprof+0x21f/0x510 [ 157.398362][ T5913] __kvmalloc_node_noprof+0xad/0x1a0 [ 157.403675][ T5913] xt_replace_table+0x1e3/0x940 [ 157.408556][ T5913] __do_replace+0x1d3/0x9d0 [ 157.413090][ T5913] do_ipt_set_ctl+0x956/0xbe0 [ 157.417810][ T5913] nf_setsockopt+0x8d/0xf0 [ 157.422250][ T5913] ip_setsockopt+0xcb/0xf0 [ 157.426699][ T5913] tcp_setsockopt+0xa7/0x100 [ 157.431303][ T5913] do_sock_setsockopt+0x225/0x480 [ 157.436363][ T5913] __sys_setsockopt+0x1a0/0x230 [ 157.441237][ T5913] __x64_sys_setsockopt+0xbd/0x160 [ 157.446373][ T5913] do_syscall_64+0xcd/0x250 [ 157.450902][ T5913] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 157.456829][ T5913] [ 157.459184][ T5913] Freed by task 549107360: [ 157.463598][ T5913] ------------[ cut here ]------------ [ 157.469048][ T5913] pool index 100479 out of bounds (757) for stack id ffff8880 [ 157.477401][ T5913] WARNING: CPU: 0 PID: 5913 at lib/stackdepot.c:451 depot_fetch_stack+0x95/0xc0 [ 157.486468][ T5913] Modules linked in: [ 157.490372][ T5913] CPU: 0 UID: 0 PID: 5913 Comm: kworker/u8:8 Tainted: G B 6.14.0-rc2-syzkaller-00034-gfebbc555cf0f #0 [ 157.502743][ T5913] Tainted: [B]=BAD_PAGE [ 157.506894][ T5913] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 157.516986][ T5913] Workqueue: events_unbound netfs_write_collection_worker [ 157.524229][ T5913] RIP: 0010:depot_fetch_stack+0x95/0xc0 [ 157.529811][ T5913] Code: c7 d8 8a d7 8e e8 4b d3 62 06 83 f8 01 75 b9 90 0f 0b 90 eb b3 90 48 c7 c7 d8 81 8b 8d 89 e9 44 89 ea 89 de e8 4c 8d 88 fc 90 <0f> 0b 90 90 31 c0 eb bc 90 0f 0b 90 31 c0 eb b4 90 0f 0b 90 31 c0 [ 157.549435][ T5913] RSP: 0018:ffffc90002e371d0 EFLAGS: 00010082 [ 157.555518][ T5913] RAX: 0000000000000000 RBX: 000000000001887f RCX: ffffffff817a1159 [ 157.563498][ T5913] RDX: ffff88803049bc00 RSI: ffffffff817a1166 RDI: 0000000000000001 [ 157.571477][ T5913] RBP: 00000000ffff8880 R08: 0000000000000001 R09: 0000000000000000 [ 157.579472][ T5913] R10: 0000000000000000 R11: 646e69206c6f6f70 R12: 0000000000003ff0 [ 157.587484][ T5913] R13: 00000000000002f5 R14: 0000000000000004 R15: ffff88803049bc00 [ 157.595488][ T5913] FS: 0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 157.604434][ T5913] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 157.611046][ T5913] CR2: 000000110c248b63 CR3: 000000007a594000 CR4: 0000000000350ef0 [ 157.619028][ T5913] Call Trace: [ 157.622310][ T5913] [ 157.625250][ T5913] ? __warn+0xea/0x3c0 [ 157.629344][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 157.635020][ T5913] ? depot_fetch_stack+0x95/0xc0 [ 157.640002][ T5913] ? report_bug+0x3c0/0x580 [ 157.644525][ T5913] ? handle_bug+0x54/0xa0 [ 157.648880][ T5913] ? exc_invalid_op+0x17/0x50 [ 157.653607][ T5913] ? asm_exc_invalid_op+0x1a/0x20 [ 157.658678][ T5913] ? __warn_printk+0x199/0x350 [ 157.663466][ T5913] ? __warn_printk+0x1a6/0x350 [ 157.668252][ T5913] ? depot_fetch_stack+0x95/0xc0 [ 157.673228][ T5913] stack_depot_fetch+0x28/0x60 [ 157.678031][ T5913] stack_depot_print+0x20/0x70 [ 157.682835][ T5913] print_report+0x60d/0x620 [ 157.687376][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 157.693133][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 157.698804][ T5913] ? __phys_addr+0xc6/0x150 [ 157.703326][ T5913] kasan_report+0xd9/0x110 [ 157.707785][ T5913] ? _copy_from_iter+0x1507/0x1560 [ 157.712913][ T5913] ? _copy_from_iter+0x1507/0x1560 [ 157.718046][ T5913] _copy_from_iter+0x1507/0x1560 [ 157.723006][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 157.728681][ T5913] ? __virt_addr_valid+0x1a4/0x590 [ 157.733812][ T5913] ? __pfx__copy_from_iter+0x10/0x10 [ 157.739113][ T5913] ? __virt_addr_valid+0x1a4/0x590 [ 157.744245][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 157.749917][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 157.755592][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 157.761264][ T5913] ? __phys_addr_symbol+0x30/0x80 [ 157.766307][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 157.772065][ T5913] ? __check_object_size+0x488/0x710 [ 157.777398][ T5913] p9pdu_vwritef+0x2d0/0x1cf0 [ 157.782123][ T5913] ? p9pdu_writef+0xc4/0x100 [ 157.786740][ T5913] ? __pfx_p9pdu_vwritef+0x10/0x10 [ 157.791877][ T5913] ? __pfx_p9_tag_alloc+0x10/0x10 [ 157.796916][ T5913] ? finish_task_switch.isra.0+0x212/0xcc0 [ 157.802760][ T5913] ? rcu_is_watching+0x12/0xc0 [ 157.807545][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 157.813222][ T5913] ? rcu_is_watching+0x12/0xc0 [ 157.818006][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 157.823679][ T5913] p9_client_prepare_req+0x244/0x4d0 [ 157.828988][ T5913] ? __pfx_p9_client_prepare_req+0x10/0x10 [ 157.834809][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 157.840482][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 157.846157][ T5913] ? __schedule+0xf4b/0x5890 [ 157.850765][ T5913] p9_client_rpc+0x1c3/0xc10 [ 157.855374][ T5913] ? __pfx_p9_client_rpc+0x10/0x10 [ 157.860508][ T5913] ? __pfx___schedule+0x10/0x10 [ 157.865379][ T5913] ? __pfx_vprintk_emit+0x10/0x10 [ 157.870426][ T5913] ? rcu_is_watching+0x12/0xc0 [ 157.875210][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 157.880880][ T5913] ? trace_irq_enable.constprop.0+0xea/0x140 [ 157.886896][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 157.892589][ T5913] p9_client_write+0x31f/0x680 [ 157.897382][ T5913] ? __pfx_p9_client_write+0x10/0x10 [ 157.902690][ T5913] ? iov_iter_advance+0x652/0x6c0 [ 157.907736][ T5913] v9fs_issue_write+0xe4/0x1b0 [ 157.912540][ T5913] ? __pfx_v9fs_issue_write+0x10/0x10 [ 157.917952][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 157.923629][ T5913] ? rcu_is_watching+0x12/0xc0 [ 157.928495][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 157.934169][ T5913] netfs_do_issue_write+0x95/0x110 [ 157.939317][ T5913] netfs_retry_writes+0x165a/0x1a00 [ 157.944551][ T5913] ? __pfx___lock_acquire+0x10/0x10 [ 157.949783][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 157.955461][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 157.961144][ T5913] ? __pfx_netfs_retry_writes+0x10/0x10 [ 157.966744][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 157.972425][ T5913] ? rcu_is_watching+0x12/0xc0 [ 157.977221][ T5913] netfs_write_collection_worker+0x23de/0x37c0 [ 157.983429][ T5913] process_one_work+0x9c8/0x1ba0 [ 157.988403][ T5913] ? __pfx_batadv_iv_send_outstanding_bat_ogm_packet+0x10/0x10 [ 157.995994][ T5913] ? __pfx_process_one_work+0x10/0x10 [ 158.001392][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.007067][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.012737][ T5913] ? assign_work+0x1a0/0x250 [ 158.017353][ T5913] worker_thread+0x6c8/0xf00 [ 158.021974][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.027646][ T5913] ? __kthread_parkme+0x148/0x220 [ 158.032684][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.038359][ T5913] ? __pfx_worker_thread+0x10/0x10 [ 158.043499][ T5913] kthread+0x3b2/0x750 [ 158.047589][ T5913] ? __pfx_kthread+0x10/0x10 [ 158.052199][ T5913] ? lock_acquire+0x2f/0xb0 [ 158.056755][ T5913] ? __pfx_kthread+0x10/0x10 [ 158.061367][ T5913] ret_from_fork+0x48/0x80 [ 158.065813][ T5913] ? __pfx_kthread+0x10/0x10 [ 158.070424][ T5913] ret_from_fork_asm+0x1a/0x30 [ 158.075216][ T5913] [ 158.078262][ T5913] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 158.085546][ T5913] CPU: 0 UID: 0 PID: 5913 Comm: kworker/u8:8 Tainted: G B 6.14.0-rc2-syzkaller-00034-gfebbc555cf0f #0 [ 158.097891][ T5913] Tainted: [B]=BAD_PAGE [ 158.102039][ T5913] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024 [ 158.112101][ T5913] Workqueue: events_unbound netfs_write_collection_worker [ 158.119297][ T5913] Call Trace: [ 158.122577][ T5913] [ 158.125512][ T5913] dump_stack_lvl+0x3d/0x1f0 [ 158.130144][ T5913] panic+0x71d/0x800 [ 158.134067][ T5913] ? __pfx_panic+0x10/0x10 [ 158.138507][ T5913] ? show_trace_log_lvl+0x29d/0x3d0 [ 158.143748][ T5913] ? check_panic_on_warn+0x1f/0xb0 [ 158.148887][ T5913] ? depot_fetch_stack+0x95/0xc0 [ 158.153867][ T5913] check_panic_on_warn+0xab/0xb0 [ 158.158852][ T5913] __warn+0xf6/0x3c0 [ 158.162859][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.168541][ T5913] ? depot_fetch_stack+0x95/0xc0 [ 158.173522][ T5913] report_bug+0x3c0/0x580 [ 158.177874][ T5913] handle_bug+0x54/0xa0 [ 158.182059][ T5913] exc_invalid_op+0x17/0x50 [ 158.186595][ T5913] asm_exc_invalid_op+0x1a/0x20 [ 158.191476][ T5913] RIP: 0010:depot_fetch_stack+0x95/0xc0 [ 158.197059][ T5913] Code: c7 d8 8a d7 8e e8 4b d3 62 06 83 f8 01 75 b9 90 0f 0b 90 eb b3 90 48 c7 c7 d8 81 8b 8d 89 e9 44 89 ea 89 de e8 4c 8d 88 fc 90 <0f> 0b 90 90 31 c0 eb bc 90 0f 0b 90 31 c0 eb b4 90 0f 0b 90 31 c0 [ 158.216692][ T5913] RSP: 0018:ffffc90002e371d0 EFLAGS: 00010082 [ 158.222779][ T5913] RAX: 0000000000000000 RBX: 000000000001887f RCX: ffffffff817a1159 [ 158.230769][ T5913] RDX: ffff88803049bc00 RSI: ffffffff817a1166 RDI: 0000000000000001 [ 158.238755][ T5913] RBP: 00000000ffff8880 R08: 0000000000000001 R09: 0000000000000000 [ 158.246736][ T5913] R10: 0000000000000000 R11: 646e69206c6f6f70 R12: 0000000000003ff0 [ 158.254718][ T5913] R13: 00000000000002f5 R14: 0000000000000004 R15: ffff88803049bc00 [ 158.262707][ T5913] ? __warn_printk+0x199/0x350 [ 158.267496][ T5913] ? __warn_printk+0x1a6/0x350 [ 158.272287][ T5913] stack_depot_fetch+0x28/0x60 [ 158.277095][ T5913] stack_depot_print+0x20/0x70 [ 158.281896][ T5913] print_report+0x60d/0x620 [ 158.286442][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.292117][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.297791][ T5913] ? __phys_addr+0xc6/0x150 [ 158.302341][ T5913] kasan_report+0xd9/0x110 [ 158.306885][ T5913] ? _copy_from_iter+0x1507/0x1560 [ 158.312016][ T5913] ? _copy_from_iter+0x1507/0x1560 [ 158.317151][ T5913] _copy_from_iter+0x1507/0x1560 [ 158.322107][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.327781][ T5913] ? __virt_addr_valid+0x1a4/0x590 [ 158.332910][ T5913] ? __pfx__copy_from_iter+0x10/0x10 [ 158.338215][ T5913] ? __virt_addr_valid+0x1a4/0x590 [ 158.343352][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.349027][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.354789][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.360460][ T5913] ? __phys_addr_symbol+0x30/0x80 [ 158.365500][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.371176][ T5913] ? __check_object_size+0x488/0x710 [ 158.376528][ T5913] p9pdu_vwritef+0x2d0/0x1cf0 [ 158.381242][ T5913] ? p9pdu_writef+0xc4/0x100 [ 158.385857][ T5913] ? __pfx_p9pdu_vwritef+0x10/0x10 [ 158.390993][ T5913] ? __pfx_p9_tag_alloc+0x10/0x10 [ 158.396035][ T5913] ? finish_task_switch.isra.0+0x212/0xcc0 [ 158.401882][ T5913] ? rcu_is_watching+0x12/0xc0 [ 158.406667][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.412341][ T5913] ? rcu_is_watching+0x12/0xc0 [ 158.417123][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.422890][ T5913] p9_client_prepare_req+0x244/0x4d0 [ 158.428198][ T5913] ? __pfx_p9_client_prepare_req+0x10/0x10 [ 158.434037][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.439713][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.445387][ T5913] ? __schedule+0xf4b/0x5890 [ 158.449995][ T5913] p9_client_rpc+0x1c3/0xc10 [ 158.454611][ T5913] ? __pfx_p9_client_rpc+0x10/0x10 [ 158.459740][ T5913] ? __pfx___schedule+0x10/0x10 [ 158.464608][ T5913] ? __pfx_vprintk_emit+0x10/0x10 [ 158.469653][ T5913] ? rcu_is_watching+0x12/0xc0 [ 158.474441][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.480114][ T5913] ? trace_irq_enable.constprop.0+0xea/0x140 [ 158.486136][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.491816][ T5913] p9_client_write+0x31f/0x680 [ 158.496609][ T5913] ? __pfx_p9_client_write+0x10/0x10 [ 158.501918][ T5913] ? iov_iter_advance+0x652/0x6c0 [ 158.506967][ T5913] v9fs_issue_write+0xe4/0x1b0 [ 158.511773][ T5913] ? __pfx_v9fs_issue_write+0x10/0x10 [ 158.517186][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.522863][ T5913] ? rcu_is_watching+0x12/0xc0 [ 158.527731][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.533406][ T5913] netfs_do_issue_write+0x95/0x110 [ 158.538555][ T5913] netfs_retry_writes+0x165a/0x1a00 [ 158.543879][ T5913] ? __pfx___lock_acquire+0x10/0x10 [ 158.549117][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.554789][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.560464][ T5913] ? __pfx_netfs_retry_writes+0x10/0x10 [ 158.566054][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.571727][ T5913] ? rcu_is_watching+0x12/0xc0 [ 158.576539][ T5913] netfs_write_collection_worker+0x23de/0x37c0 [ 158.582754][ T5913] process_one_work+0x9c8/0x1ba0 [ 158.587736][ T5913] ? __pfx_batadv_iv_send_outstanding_bat_ogm_packet+0x10/0x10 [ 158.595328][ T5913] ? __pfx_process_one_work+0x10/0x10 [ 158.600731][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.606410][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.612093][ T5913] ? assign_work+0x1a0/0x250 [ 158.616719][ T5913] worker_thread+0x6c8/0xf00 [ 158.621349][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.627026][ T5913] ? __kthread_parkme+0x148/0x220 [ 158.632068][ T5913] ? srso_alias_return_thunk+0x5/0xfbef5 [ 158.637743][ T5913] ? __pfx_worker_thread+0x10/0x10 [ 158.642886][ T5913] kthread+0x3b2/0x750 [ 158.646982][ T5913] ? __pfx_kthread+0x10/0x10 [ 158.651596][ T5913] ? lock_acquire+0x2f/0xb0 [ 158.656136][ T5913] ? __pfx_kthread+0x10/0x10 [ 158.660753][ T5913] ret_from_fork+0x48/0x80 [ 158.665214][ T5913] ? __pfx_kthread+0x10/0x10 [ 158.669838][ T5913] ret_from_fork_asm+0x1a/0x30 [ 158.674637][ T5913] [ 158.677864][ T5913] Kernel Offset: disabled [ 158.682196][ T5913] Rebooting in 86400 seconds..