last executing test programs: 1m37.432073417s ago: executing program 2 (id=215): r0 = socket$inet_udp(0x2, 0x2, 0x0) sendmmsg$unix(r0, &(0x7f00000029c0)=[{{&(0x7f0000000600)=@file={0x0, './file0\x00'}, 0x6e, 0x0, 0x0, &(0x7f0000000c00)=[@cred={{0x1c, 0x1, 0x24}}], 0x20, 0x24000010}}], 0x1, 0x0) recvmmsg(r0, 0x0, 0x0, 0x40010062, 0x0) syz_genetlink_get_family_id$ipvs(0x0, 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPVS_CMD_NEW_DAEMON(r1, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) sched_setattr(0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0) socket$tipc(0x1e, 0x5, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)) socketpair$nbd(0x1, 0x1, 0x0, 0x0) socket$can_bcm(0x1d, 0x2, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r3, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)={0x38, 0x1403, 0x1, 0x70bd2a, 0x25dfdbfc, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'wg1\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x20000000) socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, 0x0, 0x0) mremap(&(0x7f000020e000/0x2000)=nil, 0x2000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000180)=@newlink={0x64, 0x10, 0x437, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x44, 0x12, 0x0, 0x1, @ip6erspan={{0xe}, {0x30, 0x2, 0x0, 0x1, [@IFLA_GRE_LOCAL={0x14, 0x6, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, @IFLA_GRE_REMOTE={0x14, 0x7, @private2}, @IFLA_GRE_COLLECT_METADATA={0x4}]}}}]}, 0x64}}, 0x0) 1m36.335360588s ago: executing program 2 (id=217): socketpair$nbd(0x1, 0x1, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00'}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbee6, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000180)='debugfs\x00', 0x0, 0x0) sendmsg$tipc(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x810100, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1, 0x0, 0x0, 0x3}, 0x40000000) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080), r3) sendmsg$TIPC_CMD_SHOW_PORTS(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001680)={&(0x7f0000001640)={0x1c, r4, 0x1}, 0x1c}, 0x1, 0x0, 0x0, 0x10}, 0x0) 1m34.057615852s ago: executing program 2 (id=220): socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4004000}, 0xc044) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000fdffffff850000002d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xa, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff) r4 = syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0xa401) ioctl$USBDEVFS_DISCONNECT_CLAIM(r4, 0x8108551b, &(0x7f0000000000)={0x0, 0x0, "ec9fe44d4dbe56a60274fcffffffffffffff14e315eeb406bfdd73835e57efa94b1a0275781c647aa7e3470c6028643b17832b10b386a6f73791011c26a9aa141f406e312295ee620a9a46577b9249b738fe7750bec83bf6ed5b67213fa7d6c0823fd154ed29ede1ff379742c3f0b46caa357d70ee438f901d7645c3f87e4b21482b76f2ad8eaac090272081f98fd2e3e5a63e008104df635e731a5bfcd942f4529517454618de595cd179445b4bdbf698b9986356f0ebf7d25a57774ef474f86a3ad24ae9f0bf94b99e6b87de5f79d383d05bb32701daed400785a49788f08caecc9e0c48a3740bbe6e1c1fd4f6cfdfe756bc00d08e36655c00"}) ioctl$USBDEVFS_CONTROL(r4, 0xc0185500, &(0x7f00000006c0)={0x2, 0xf, 0x4, 0x1, 0x0, 0x5, 0x0}) 1m32.648614759s ago: executing program 2 (id=221): readv(0xffffffffffffffff, 0x0, 0x0) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x10, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000510700140000000000000001b7080000000000007b8af8ff00000000b7080000fcffffff7b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$sysfs(0xffffffffffffff9c, 0x0, 0x101a02, 0x0) r5 = bpf$MAP_CREATE(0x0, 0x0, 0x48) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r5}, &(0x7f0000000000), &(0x7f00000005c0)=r6}, 0x20) r7 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r7, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00', 0x0}) sendmsg$ETHTOOL_MSG_LINKMODES_GET(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000180)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16, @ANYBLOB="010328bd7000fedbdf251c0000000c00018008000100", @ANYRES32=r8], 0x20}}, 0x10) 1m31.54773618s ago: executing program 2 (id=222): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) connect$inet(r0, &(0x7f0000000200)={0x2, 0x0, @multicast2}, 0x10) setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000080)={{{@in6=@dev, @in6=@dev={0xfe, 0x80, '\x00', 0x10}, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x1, 0x0, 0x0, 0x3}, {0xfffffffffffffffc}, 0x0, 0x0, 0x1}, {{@in=@empty, 0x0, 0x33}, 0x0, @in=@dev={0xac, 0x14, 0x14, 0x10}, 0x0, 0x0, 0x0, 0xb7, 0xffffffff}}, 0xe8) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0) 1m30.193222626s ago: executing program 2 (id=226): socketpair$nbd(0x1, 0x1, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="1801000001ffffeb00000000eb658e0d850000007b00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbee6, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) getxattr(0x0, &(0x7f0000000840)=@random={'os2.', '\x00'}, 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080), r3) sendmsg$TIPC_CMD_SHOW_PORTS(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001680)={&(0x7f0000001640)={0x1c, r4, 0x1}, 0x1c}, 0x1, 0x0, 0x0, 0x10}, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r5, 0xfffffffe) eventfd2(0x20000, 0x0) 1m13.637653135s ago: executing program 32 (id=226): socketpair$nbd(0x1, 0x1, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="1801000001ffffeb00000000eb658e0d850000007b00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbee6, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) getxattr(0x0, &(0x7f0000000840)=@random={'os2.', '\x00'}, 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080), r3) sendmsg$TIPC_CMD_SHOW_PORTS(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000001680)={&(0x7f0000001640)={0x1c, r4, 0x1}, 0x1c}, 0x1, 0x0, 0x0, 0x10}, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r5, 0xfffffffe) eventfd2(0x20000, 0x0) 38.443262901s ago: executing program 0 (id=296): mkdir(&(0x7f00000002c0)='./file0/file0\x00', 0x2) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r0, 0x0, 0x15) r1 = dup(r0) write$FUSE_BMAP(r1, &(0x7f0000000100)={0x18, 0xffffffffffffffda}, 0x18) utime(0x0, &(0x7f0000000280)={0xd3, 0x8}) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=ANY=[]) socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000280)='sched_switch\x00', r5}, 0x18) socket$igmp(0x2, 0x3, 0x2) r6 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000700)=@getsa={0x10c, 0x12, 0x1, 0x70bd27, 0x25dfdbff, {@in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x4d3, 0xa, 0xff}, [@sa={0xe4, 0x6, {{@in6=@loopback, @in6=@remote, 0x4e24, 0x0, 0x4e22, 0x7b5f, 0xa, 0x80, 0x20, 0x3b}, {@in=@multicast1, 0x4d5, 0x5e}, @in6=@private2={0xfc, 0x2, '\x00', 0x1}, {0x8000, 0x5, 0x9, 0x1000, 0x36e, 0x7fffffffffffffff, 0x4, 0x3}, {0x0, 0x0, 0x8, 0x8}, {0x1, 0x1, 0x8}, 0x70bd25, 0x0, 0x2, 0x0, 0x2, 0x65}}]}, 0x10c}}, 0x0) 29.192874138s ago: executing program 1 (id=311): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a48000000060a010400000000000000000a0000010900010073797a31000000002800040100000000000000b14fcf4a17f600717565756500000014000280080004400000001206000140000e0000bf8500001100010000000000000000000100000ae52773c15aa0deaa86371bb7606d20c1bacf22a796232848427176ccbd2e1fcfbc3d06f0d8e412cca8133041aab584e0d11d5e9d272e3491c9273f29a5ffcb56e828f8dec9756dff18ac3a888b73b9d5d59211e187c0f9f878"], 0x70}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000000) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000080)={0x5, 0x1000086}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x4002) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) r4 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSARP(r4, 0x8955, &(0x7f0000000340)={{0x2, 0x4e23, @empty}, {0x0, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}, 0x0, {0x2, 0x0, @empty}}) connect$inet6(r3, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback, 0x5}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4) sendto$inet6(r3, &(0x7f00000003c0)="d963c9f4e85e727c5964e3143f0f99d23f309eef0a1296e6c7c3704cf6deb8acb341b47e1a60a4a00d725fff3e721fdddd4879fe34dfb940c7e0849e8f3915e8ae01004b9e756c98388bb387ed9f4aa6186f04f561ff629425615736d8b42877970000c03cf51f85a9fbf99e695e98733b538a9dbde6ffa337c9b26bdc72695f05003ec9de5f807dc76e91a7a3db133a8bb5ae4a3c44819aaf56496fbad213f21b1a0a32e2ac17d5069fde917155cb8b1208cd8e08a7c0f480000000", 0x11c259e35b9f2599, 0x0, 0x0, 0x3000137) ioctl$SIOCSIFHWADDR(r1, 0x8931, &(0x7f0000000000)={'wlan0\x00'}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@newqdisc={0x44, 0x24, 0x8, 0x13, 0x0, {0x0, 0x0, 0x0, 0x0, {0x4, 0xd}, {0xe, 0xffff}, {0x0, 0x1}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x14, 0x8002, [@TCA_FQ_PIE_QUANTUM={0x8, 0x7, 0x1000}, @TCA_FQ_PIE_MEMORY_LIMIT={0x8, 0x8, 0x3}]}}]}, 0x44}}, 0x0) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000008c0)=@newsa={0xf0, 0x10, 0x1, 0x8000000, 0x0, {{@in=@private=0xa010101, @in6=@empty}, {@in=@local, 0x0, 0x33}, @in=@local, {}, {}, {0x10, 0xd29}, 0x70bd26, 0x0, 0xa, 0x1}}, 0xf0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e00"], 0x50}}, 0x4008840) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000480)={{0x4, 0x0, 0xfffc, 0x805}, 'syz0\x00', 0x40}) ioctl$UI_DEV_CREATE(r0, 0x5501) 26.971766891s ago: executing program 1 (id=315): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90) getpid() sendmmsg$unix(0xffffffffffffffff, &(0x7f0000002fc0), 0x0, 0x200008c0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/timer_list\x00', 0x0, 0x0) close(r2) r3 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc)=0x0) timer_settime(r4, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0) 26.792220775s ago: executing program 0 (id=317): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a48000000060a010400000000000000000a0000010900010073797a31000000002800040100000000000000b14fcf4a17f600717565756500000014000280080004400000001206000140000e0000bf8500001100010000000000000000000100000ae52773c15aa0deaa86371bb7606d20c1bacf22a796232848427176ccbd2e1fcfbc3d06f0d8e412cca8133041aab584e0d11d5e9d272e3491c9273f29a5ffcb56e828f8dec9756dff18ac3a888b73b9d5d59211e187c0f9f8787b4dfbad2dec9b93cb5aaf122ad4c8620304d6c0e3831c706539f88ea69ab8b02447c4f4abd2105240ac29244fb5053ccf2e57ea071345632383e455704b8854d376"], 0x70}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000000) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000080)={0x5, 0x1000086}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x4002) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) r4 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSARP(r4, 0x8955, &(0x7f0000000340)={{0x2, 0x4e23, @empty}, {0x0, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}, 0x0, {0x2, 0x0, @empty}}) connect$inet6(r3, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback, 0x5}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4) setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x1, &(0x7f00000002c0)=@gcm_128={{0x304}, "45542f745866c700", "7ffdfd042f0fef2e31eea67362f87200", "960ffc3d", "faffffffffffffff"}, 0x28) sendto$inet6(r3, &(0x7f00000003c0)="d963c9f4e85e727c5964e3143f0f99d23f309eef0a1296e6c7c3704cf6deb8acb341b47e1a60a4a00d725fff3e721fdddd4879fe34dfb940c7e0849e8f3915e8ae01004b9e756c98388bb387ed9f4aa6186f04f561ff629425615736d8b42877970000c03cf51f85a9fbf99e695e98733b538a9dbde6ffa337c9b26bdc72695f05003ec9de5f807dc76e91a7a3db133a8bb5ae4a3c44819aaf56496fbad213f21b1a0a32e2ac17d5069fde917155cb8b1208cd8e08a7c0f480000000", 0x11c259e35b9f2599, 0x0, 0x0, 0x3000137) ioctl$SIOCSIFHWADDR(r1, 0x8931, &(0x7f0000000000)={'wlan0\x00'}) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@newqdisc={0x44, 0x24, 0x8, 0x13, 0x0, {0x0, 0x0, 0x0, 0x0, {0x4, 0xd}, {0xe, 0xffff}, {0x0, 0x1}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x14, 0x8002, [@TCA_FQ_PIE_QUANTUM={0x8, 0x7, 0x1000}, @TCA_FQ_PIE_MEMORY_LIMIT={0x8, 0x8, 0x3}]}}]}, 0x44}}, 0x0) r6 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r6, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000008c0)=@newsa={0xf0, 0x10, 0x1, 0x8000000, 0x0, {{@in=@private=0xa010101, @in6=@empty}, {@in=@local, 0x0, 0x33}, @in=@local, {}, {}, {0x10, 0xd29}, 0x70bd26, 0x0, 0xa, 0x1}}, 0xf0}}, 0x0) sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e00"], 0x50}}, 0x4008840) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000480)={{0x4, 0x0, 0xfffc, 0x805}, 'syz0\x00', 0x40}) ioctl$UI_DEV_CREATE(r0, 0x5501) write$input_event(r0, &(0x7f0000000000)={{0x77359400}, 0x15}, 0xfe4f) 26.716804846s ago: executing program 1 (id=318): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x4, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000008850000007600"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)=@newtaction={0x64, 0x30, 0xffffffffffffffff, 0x0, 0x0, {}, [{0x50, 0x1, [@m_bpf={0x4c, 0x1, 0x0, 0x0, {{0x8}, {0x24, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_PARMS={0x18, 0x2, {0x1}}, @TCA_ACT_BPF_FD={0x8, 0x5, r1}, @TCA_ACT_BPF_OPS_LEN={0x0, 0x3, 0x5}, @TCA_ACT_BPF_NAME={0x0, 0x6, './file0\x00'}, @TCA_ACT_BPF_NAME={0x0, 0x6, './file0\x00'}, @TCA_ACT_BPF_OPS_LEN={0x0, 0x3, 0x9}, @TCA_ACT_BPF_FD={0x0, 0x5, r1}]}, {0x4}, {0xffffffffffffffae}, {0xc}}}]}]}, 0x64}}, 0x0) 25.803579274s ago: executing program 1 (id=320): bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4050000200000006110600000000000c60000000000000095000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x12, 0x4, 0x4, 0x15}, 0x48) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$mptcp(&(0x7f0000000140), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'vxcan0\x00'}) r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[], 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10) syz_usb_connect$cdc_ncm(0x6, 0x0, 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000100)={0xa000000d}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000400)={0xa}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000040)='contention_end\x00'}, 0x18) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]}) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r3, 0xc0502100, &(0x7f0000000180)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_SEND(r3, 0xc0182101, &(0x7f00000000c0)={r4}) 25.457387131s ago: executing program 0 (id=324): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000800)=ANY=[], 0x50) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f0000000480), 0x400034f, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYRES32=0x0, @ANYRES32], 0x50) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000000040000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r4}, 0x10) clock_nanosleep(0x2, 0x0, &(0x7f0000000080)={0x0, 0x989680}, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_REGISTER_FRAME(r5, &(0x7f0000000900)={&(0x7f0000000800)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000008c0)={0x0}, 0x1, 0x0, 0x0, 0x40040}, 0x4c0c5) sendmsg$IPVS_CMD_GET_SERVICE(0xffffffffffffffff, 0x0, 0x4000000) syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f00000007c0)='./file1\x00', 0x2804458, &(0x7f0000000000)={[{@resgid={'resgid', 0x3d, 0xee00}}]}, 0x1, 0x502, &(0x7f0000000240)="$eJzs3d9rY1kdAPDvvW26nZmuyaoP64K7i7vSWXSSduruFh92VxB9WlDX91rbtJSmTWnSdVoG7eAfIIio4JNPvgj+AYLMnyDCgL6LiiI6o4/OXElyq9M2aTPbtJlJPx+4zTn31/ecS3Pur0NOAJfWqxHxXkSMRcQbEVHM56f5tNDK7HfWe3D/9lJrSiLLPvhHEkk+72Bfrfx4RFzrbBKTEfGNr0Z8Ozket7G7t75Yq1W383ylubFVaezu3VjbWFytrlY35+Zm35p/e/7N+Zksd6Z6liLinS//5cc/+MVX3vnN57/zx4W/Xf9uq1hZsVPuiFg6U4AeOvsutI/FgdYx2j6PYEMwltenMDbskgAA0I/WNf7HI+Iz7ev/Yoy1r+YAAACAUZK9OxX/SSIyAAAAYGSlETEVSVrO+wJMRZqWy50+vJ+Mq2mt3mh+bqW+s7ncWhZRikK6slarzuR9hUtRSFr52byP7UH+5pH8XES8EBE/Kl5p58tL9drysB9+AAAAwCVx7ZXD9///LqbtNAAAADBiSj0zAAAAwKhwyw8AAACjz/0/AAAAjLSvvf9+a8oOxvFe/nB3Z73+4Y3lamO9vLGzVF6qb2+VV+v11fZv9m2ctr9avb71hdjcuVVpVhvNSmN3b2GjvrPZXFg7NAQ2AAAAcIFeeOXuH5KI2P/ilfYU+e8AAhzy52EXABiksWEXABia8X5XTM63HMDFK5y6Rt8tBPCMOu303rPzzm8HXxYAAOB8TH/q+Pv/iXzZ6c8GgGeZvj4AcPl4uweXV+HUHoA6/sCo+1jn47ley8/+/j/LnrhQAADAQE21pyQt5+8CpyJNy+WI59vDAhSSlbVadSa/P/h9sfBcKz/b3jLxZAAAAAAAAAAAAAAAAAAAAAAAAAAA+pRlSWQAAADASItI/5rko/xNF1+f6jwVeJiP1XVk1K+fffCTW4vN5vZsxETyz2Jr1kRENH/amb9zMzMkAAAAADwF2vfvN/PP2WGXBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBR8+D+7aWD6SLj/v1LEVHqFn88Jtufk1GIiKv/SmL8se2SiBgbQPz9OxHxYrf4STzKsqyUl6Jb/CvnHL/UPjTd46cRcW0A8eEyu9tqf97r9v1L49X2Z/fv33g+nVXv9i/9X/s31qP9eb7PGC/d+1WlZ/w7ES+Nd29/DuInnfhJHIn/Wp/xv/XNvb1ey7KfR0x3Pf8kh2JVmhtblcbu3o21jcXV6mp1c25u9q35t+ffnJ+prKzVqvnfrjF++OlfPzqp/ld7xC8drv+x4/96n/V/eO/W/U90koVu8a+/1v38+2KP+Gl+7vtsnm4tnz5I73fSj3v5l797+aT6L/eo/+Qp9b/eZ/3f+Pr3/9TnqgDABWjs7q0v1mrV7RMSk32sc8GJd5+OYkgMKpF9r/P/eLb9nHHzY4nsLJuPxwCKMfEE39PBJobZKgEAAOfh/xf9wy4JAAAAAAAAAAAAAAAAAAAAXF4f8RfCJiOi75WPxtwfTlUBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAE703wAAAP//jl/Y1w==") 17.089952271s ago: executing program 3 (id=326): mkdir(&(0x7f00000002c0)='./file0/file0\x00', 0x2) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r0, 0x0, 0x15) r1 = dup(r0) write$FUSE_BMAP(r1, &(0x7f0000000100)={0x18, 0xffffffffffffffda}, 0x18) utime(0x0, &(0x7f0000000280)={0xd3, 0x8}) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=ANY=[]) socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000280)='sched_switch\x00', r5}, 0x18) socket$igmp(0x2, 0x3, 0x2) r6 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000700)=@getsa={0x10c, 0x12, 0x1, 0x70bd27, 0x25dfdbff, {@in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x4d3, 0xa, 0xff}, [@sa={0xe4, 0x6, {{@in6=@loopback, @in6=@remote, 0x4e24, 0x0, 0x4e22, 0x7b5f, 0xa, 0x80, 0x20, 0x3b}, {@in=@multicast1, 0x4d5, 0x5e}, @in6=@private2={0xfc, 0x2, '\x00', 0x1}, {0x8000, 0x5, 0x9, 0x1000, 0x36e, 0x7fffffffffffffff, 0x4, 0x3}, {0x0, 0x0, 0x8, 0x8}, {0x1, 0x1, 0x8}, 0x70bd25, 0x0, 0x2, 0x0, 0x2, 0x65}}]}, 0x10c}}, 0x0) 16.933082674s ago: executing program 1 (id=328): r0 = socket$inet_udp(0x2, 0x2, 0x0) socket$key(0xf, 0x3, 0x2) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) connect$inet(r0, &(0x7f0000000200)={0x2, 0x0, @multicast2}, 0x10) setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000080)={{{@in6=@dev, @in6=@dev={0xfe, 0x80, '\x00', 0x10}, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x1, 0x0, 0x0, 0x3}, {0xfffffffffffffffc}, 0x0, 0x0, 0x1}, {{@in=@empty, 0x0, 0x33}, 0x0, @in=@dev={0xac, 0x14, 0x14, 0x10}, 0x0, 0x0, 0x0, 0xb7, 0xffffffff}}, 0xe8) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0100000001000000e27f000001"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000005700)={{r4}, &(0x7f0000005680), &(0x7f00000056c0)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0) 15.045920071s ago: executing program 0 (id=329): r0 = socket$inet_udp(0x2, 0x2, 0x0) sendmmsg$unix(r0, &(0x7f00000029c0)=[{{&(0x7f0000000600)=@file={0x0, './file0\x00'}, 0x6e, 0x0, 0x0, &(0x7f0000000c00)=[@cred={{0x1c, 0x1, 0x24}}], 0x20, 0x24000010}}], 0x1, 0x0) recvmmsg(r0, 0x0, 0x0, 0x40010062, 0x0) r1 = syz_genetlink_get_family_id$ipvs(0x0, 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPVS_CMD_NEW_DAEMON(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r1], 0x58}}, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) sched_setattr(0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0) socket$tipc(0x1e, 0x5, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)) socketpair$nbd(0x1, 0x1, 0x0, 0x0) socket$can_bcm(0x1d, 0x2, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) r4 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r4, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)={0x38, 0x1403, 0x1, 0x70bd2a, 0x25dfdbfc, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'wg1\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x20000000) socket$nl_route(0x10, 0x3, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, 0x0, 0x0) mremap(&(0x7f000020e000/0x2000)=nil, 0x2000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000180)=@newlink={0x64, 0x10, 0x437, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x44, 0x12, 0x0, 0x1, @ip6erspan={{0xe}, {0x30, 0x2, 0x0, 0x1, [@IFLA_GRE_LOCAL={0x14, 0x6, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, @IFLA_GRE_REMOTE={0x14, 0x7, @private2}, @IFLA_GRE_COLLECT_METADATA={0x4}]}}}]}, 0x64}}, 0x0) 14.864902264s ago: executing program 1 (id=331): syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000200)='./file0\x00', 0x800, &(0x7f00000002c0)=ANY=[@ANYRES32=0x0, @ANYBLOB="df55466f67e64dd419b8ec2b1f2b69464e4b310cd6a82e1d05b8559ad73f2036d305a8284153ead4f28c21b7d30634452415f844782dcd3d0ff4afc3f28c1e1cf5677f8c2fb6ca2c99cb13854daa7609a08b2e08636399a8bf147f77f407fc91464d81e5d40faa0e3dce41b7b5664bf8d6e63cd0c6b3", @ANYRES32, @ANYRES16], 0x1, 0x36e, &(0x7f0000000c00)="$eJzs3c9rI2UYwPEnaZpMumyTgygK0ge96GVoq2c1yC6IAZfuRtwVhNntREPGpMyESERsPXkVb/4DgsseFzwsqP9AL97WixdP9iIIuog4Mr/SJJ00aTZL0/b7gTZP8r7PzPvmF88byJuD9776uFn3zLrVkayhkhEReSRSlqwkMtFFXlLsycuX/nz4/PWbt96uVKtXtlSvVm68sqmqq2s/fPJZMe72oCD75Q8OxPht/+n9Zw/+u/FRw9OGp612Ry293f61Y912bN1ueE1T9ZpjW56tjZZnu1F7O2qvO+2dnZ5are3LKzuu7XlqtXratHvaaWvH7an1odVoqWmaenklbbjnmDFDTu3u1pZVmfGEd2bMw7z94/v+Mc2uW7GWRMzikZba3Sc6LgAAsJBG6v9vkhqhLNl+QZmJ1wL5MB5eBgT1fxKH9X+wWDis/++98FPn0rv3V+P6/0E+rf5/9Zcof6j+D84+9/r/u5HrRyuiM2/3JJ0fq/7HYlgbfkX+frhijwX1f/Bq6K/ov3j/3noYUP8DAAAAAAAAAAAAAAAAAAAAAHAWPPL9ku/7peQy+Tv8CkF8Pbl23BeNceaMe/wL8Y4C/ecDzqXrN2+JEX5xL7cq4nzZrXVr0WXcnnRcl5L8Gz4fYtGGE3thowbK8qOz260txwlL4f+KiIojtmxIScpD+WF89a3qlQ2NRPnh+Xe7tUxuJcivSyPM35SSPJWev5man5eXXhzIN6UkP9+RtjiyHb+PJfmfb6i++U51JL8Y9kvz+pN9SAAAAAAAmDtT1YiXz+Xh9W+0fjdN1bT2YC0vg+vzo58P9NfX66nr81zpudzpzh0AAAAAgIvCy3/atBzHdr3e2KAok/oU4qONNOVkwpGDIDdFn6HgYRgsH9dnaWCG0x45H/+CxrTDcL2eTD3mJPirIKl3ZrKF61CTkX6vThkk85+is3HSh8D1siefu+16a8F4dKbpDATJx0bj+si1WY88Lkh2zp3U+Zmvv/17tlNk4l17B5teu29MmGkYZEZu2ZvwpP3D9yeOZzn93eL7WX5kBgAAAMCCSIr+opfc8sbpDggAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAtortukjQlOe44AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAovg/AAD//5h69bA=") open(&(0x7f0000000780)='./bus\x00', 0x14507e, 0x0) io_setup(0x5ff, &(0x7f0000000400)=0x0) io_submit(r0, 0x1, &(0x7f0000001d00)=[0x0]) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1}, 0x50) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8004}, 0x0) sched_setaffinity(0x0, 0x4c, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001e80)=@newtaction={0x48, 0x31, 0x1, 0xfffffffd, 0x25dfdbfb, {0x0, 0x0, 0x11}, [{0x34, 0x1, [@m_police={0x30, 0x1, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc, 0x3, {0x1}}, {0xc}}}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x8800}, 0x0) 13.051795919s ago: executing program 3 (id=332): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x19, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020097b1af8ff00000000bfa100000000000007010000b8ffffffb702000000000000b7030000000000008500000070"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r2 = inotify_init1(0x0) read(r2, 0x0, 0x0) 12.794453034s ago: executing program 4 (id=333): readv(0xffffffffffffffff, 0x0, 0x0) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x10, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000510700140000000000000001b7080000000000007b8af8ff00000000b7080000fcffffff7b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$sysfs(0xffffffffffffff9c, 0x0, 0x101a02, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r5, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00', 0x0}) sendmsg$ETHTOOL_MSG_LINKMODES_GET(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000180)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010328bd7000fedbdf251c0000000c00018008000100", @ANYRES32=r7], 0x20}}, 0x10) 11.642371046s ago: executing program 4 (id=334): bpf$MAP_CREATE(0x0, 0x0, 0x48) r0 = bpf$TOKEN_CREATE(0x24, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00'}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x75b08000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x18) pipe2$9p(0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0) mkdir(&(0x7f0000000200)='./bus\x00', 0x10) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) r5 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2) mmap(&(0x7f00007f5000/0x1000)=nil, 0x1000, 0xf, 0x11012, r0, 0x0) ioctl$USBDEVFS_SUBMITURB(r5, 0x8038550a, &(0x7f0000000a40)=@urb_type_iso={0x0, {0xa, 0x1}, 0xdd6, 0x20, &(0x7f00000003c0)="4440364d6574d24cbafb35cacd3d873197abcbd2d7195c737113086632487463766ffe0f1035204900a17bb80f68230e88dc07202ea6b8861fd3b40bb22cb1577e92bbb80bfe378192b489ab5bc61511de8ddbde", 0x54, 0x1, 0x91, 0x66, 0x4, 0x5, &(0x7f0000000540)="5f0823a4172828d9f40211ab6e9ffeb4e35c867483fa35f6f3e128e20f98853f59163b7222e7f4ab8445b92ab032325a392801d0e402044e1670338bca0603b254ca4273b033ed3226d0aa2bf8df5cb3e491e4279d030377b24e373e15bdda6d7166bfea2bf38b72f78182755e08d5c4636be92acd588fbf276cafefeda70928ccd7fb1997721504f9c3fd2c653b1a8ad8ba68dad017eb11f92c85bf0d6c0cdc190809206821028f653b8658ac15f79e7e44646d280609afda687e669d42cc06053dd4bffae772b88945374c3db59c65b4a3", [{0xfffff737, 0x10001, 0x8000}, {0x5b2, 0x401, 0x7}, {0x4, 0xa, 0x3}, {0x3, 0x8, 0xfffffffe}, {0x2, 0x4, 0x5}, {0xb26, 0x3ff, 0x101}, {0x8, 0x0, 0x980000}, {0x1c0, 0x6, 0x6}, {0xfe01, 0x3, 0x1ff}, {0x3, 0xf, 0x3}, {0x9, 0xdb1, 0x8}, {0x6, 0x5, 0x5}, {0xfffffffe, 0x7d, 0x1}, {0x0, 0x1, 0x2}, {0x0, 0x5, 0x1000000}, {0x0, 0x522, 0x7}, {0x2, 0x4, 0x7}, {0x8001, 0x6, 0x829e}, {0x0, 0x9, 0x113f}, {0xff, 0x6, 0x5}, {0x5, 0xd, 0x3}, {0x10001, 0x6, 0x81}, {0x2, 0x8, 0x1}, {0x200, 0x1, 0x1}, {0x3, 0x32, 0x80}, {0x4, 0x0, 0x4}, {0x3, 0x0, 0x9}, {0x2, 0x4, 0x88}, {0x9, 0x8}, {0x9, 0xb, 0x2}, {0x2, 0x3, 0x80000001}, {0xf, 0x4, 0x1}, {0x9, 0x40, 0x7f}, {0x4, 0x5, 0x9}, {0xde, 0x135, 0x8}, {0x8001, 0xe086, 0x7}, {0x0, 0x2, 0x5}, {0x10001, 0xe, 0xfffffffb}, {0x3, 0x9, 0xff}, {0x0, 0x3b, 0xcd0f}, {0x4, 0x9, 0x1ff}, {0x5, 0x2, 0x91f}, {0x0, 0x8, 0x3}, {0x2, 0xfffffff7, 0x2}, {0x5, 0x5, 0xb}, {0x0, 0x1, 0x9}, {0x8, 0x10, 0x800}, {0x4, 0x9, 0xf}, {0x3, 0x8, 0xffff07e8}, {0x2, 0x2, 0x2}, {0x1, 0x69, 0x7b01}, {0x8, 0x5, 0x8000}, {0x97, 0x1, 0x8001}, {0xe2a, 0x6, 0xb}, {0x1, 0x1ff, 0x8}, {0x1, 0x2}, {0x8000, 0x2, 0x8}, {0xb4, 0x6, 0x1}, {0x6, 0xffffffff, 0x2}, {0x7, 0xffffffff, 0x8}, {0x67f3, 0x9, 0x924}, {0x0, 0x6, 0x7}, {0x591, 0x8, 0xd89}, {0x6, 0x2, 0x1}, {0xb5b2, 0xfffffffe, 0x7}, {0x6f1, 0x5, 0x5}, {0x5, 0x67, 0x4}, {0x331, 0x8, 0x8001}, {0xa3, 0x6e, 0x1}, {0x4, 0x1, 0x8d}, {0x5, 0x8}, {0x0, 0x0, 0x1}, {0x8e, 0x80000001, 0x1}, {0x0, 0x3, 0x6}, {0xbee1, 0x7fffffff, 0x482}, {0x3ff, 0xfc9, 0x100000}, {0x5b9, 0x7, 0x401}, {0x80000001, 0xf9, 0x1}, {0x200, 0x22, 0x8000}, {0x5, 0x4, 0x4000}, {0x2, 0x72f2, 0x6}, {0x6, 0x9, 0x7153}, {0x7f, 0x5, 0x8001}, {0x5, 0xa000000, 0xffffff01}, {0x3480, 0x0, 0xfffffffe}, {0x3, 0xffffddde, 0xb}, {0x1, 0x4, 0x2}, {0x1, 0xfffffffe, 0x6}, {0x8, 0x97, 0xf}, {0x1, 0x8000, 0x3}, {0x12f, 0x7, 0x1ff}, {0x3, 0x2392, 0x6}, {0xfff, 0x7, 0x1f}, {0xfff, 0x6, 0x4}, {0x549d, 0x15, 0xecf}, {0x0, 0x9, 0x80000000}, {0x3, 0xc1f, 0xc}, {0x7, 0x7ff, 0xff}, {0x4, 0xe, 0x80000000}, {0x5, 0x5, 0xffff8000}, {0x8, 0x8000, 0xfff}, {0x5, 0x8, 0x4}]}) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000900)={'bridge0\x00', @remote}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)) 11.555130958s ago: executing program 3 (id=335): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a48000000060a010400000000000000000a0000010900010073797a31000000002800040100000000000000b14fcf4a17f600717565756500000014000280080004400000001206000140000e0000bf8500001100010000000000000000000100000ae52773c15aa0deaa86371bb7606d20c1bacf22a796232848427176ccbd2e1fcfbc3d06f0d8e412cca8133041aab584e0d11d5e9d272e3491c9273f29a5ffcb56e828f8dec9756dff18ac3a888b73b9d5d59211e187c0f9f8787b4d"], 0x70}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000000) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000080)={0x5, 0x1000086}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x4002) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) r4 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSARP(r4, 0x8955, &(0x7f0000000340)={{0x2, 0x4e23, @empty}, {0x0, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}, 0x0, {0x2, 0x0, @empty}}) connect$inet6(r3, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback, 0x5}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4) sendto$inet6(r3, &(0x7f00000003c0)="d963c9f4e85e727c5964e3143f0f99d23f309eef0a1296e6c7c3704cf6deb8acb341b47e1a60a4a00d725fff3e721fdddd4879fe34dfb940c7e0849e8f3915e8ae01004b9e756c98388bb387ed9f4aa6186f04f561ff629425615736d8b42877970000c03cf51f85a9fbf99e695e98733b538a9dbde6ffa337c9b26bdc72695f05003ec9de5f807dc76e91a7a3db133a8bb5ae4a3c44819aaf56496fbad213f21b1a0a32e2ac17d5069fde917155cb8b1208cd8e08a7c0f480000000", 0x11c259e35b9f2599, 0x0, 0x0, 0x3000137) ioctl$SIOCSIFHWADDR(r1, 0x8931, &(0x7f0000000000)={'wlan0\x00'}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@newqdisc={0x44, 0x24, 0x8, 0x13, 0x0, {0x0, 0x0, 0x0, 0x0, {0x4, 0xd}, {0xe, 0xffff}, {0x0, 0x1}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x14, 0x8002, [@TCA_FQ_PIE_QUANTUM={0x8, 0x7, 0x1000}, @TCA_FQ_PIE_MEMORY_LIMIT={0x8, 0x8, 0x3}]}}]}, 0x44}}, 0x0) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000008c0)=@newsa={0xf0, 0x10, 0x1, 0x8000000, 0x0, {{@in=@private=0xa010101, @in6=@empty}, {@in=@local, 0x0, 0x33}, @in=@local, {}, {}, {0x10, 0xd29}, 0x70bd26, 0x0, 0xa, 0x1}}, 0xf0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e00"], 0x50}}, 0x4008840) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000480)={{0x4, 0x0, 0xfffc, 0x805}, 'syz0\x00', 0x40}) ioctl$UI_DEV_CREATE(r0, 0x5501) 10.598651626s ago: executing program 4 (id=336): bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4050000200000006110600000000000c60000000000000095000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x12, 0x4, 0x4, 0x15}, 0x48) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$mptcp(&(0x7f0000000140), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'vxcan0\x00'}) r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10) syz_usb_connect$cdc_ncm(0x6, 0x0, 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000100)={0xa000000d}) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, 0xffffffffffffffff, &(0x7f0000000400)={0xa}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000040)='contention_end\x00'}, 0x18) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]}) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r3, 0xc0502100, &(0x7f0000000180)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_SEND(r3, 0xc0182101, &(0x7f00000000c0)={r4}) 9.931432699s ago: executing program 3 (id=337): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000800)=ANY=[], 0x50) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f0000000480), 0x400034f, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYRES32=0x0, @ANYRES32], 0x50) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000000040000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r4}, 0x10) unshare(0x64000600) clock_nanosleep(0x2, 0x0, &(0x7f0000000080)={0x0, 0x989680}, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_REGISTER_FRAME(r5, &(0x7f0000000900)={&(0x7f0000000800)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000008c0)={0x0}, 0x1, 0x0, 0x0, 0x40040}, 0x4c0c5) sendmsg$IPVS_CMD_GET_SERVICE(0xffffffffffffffff, 0x0, 0x4000000) sendmsg$IPVS_CMD_SET_CONFIG(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4004cc0}, 0x40) syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f00000007c0)='./file1\x00', 0x2804458, &(0x7f0000000000)={[{@resgid={'resgid', 0x3d, 0xee00}}]}, 0x1, 0x502, &(0x7f0000000240)="$eJzs3d9rY1kdAPDvvW26nZmuyaoP64K7i7vSWXSSduruFh92VxB9WlDX91rbtJSmTWnSdVoG7eAfIIio4JNPvgj+AYLMnyDCgL6LiiI6o4/OXElyq9M2aTPbtJlJPx+4zTn31/ecS3Pur0NOAJfWqxHxXkSMRcQbEVHM56f5tNDK7HfWe3D/9lJrSiLLPvhHEkk+72Bfrfx4RFzrbBKTEfGNr0Z8Ozket7G7t75Yq1W383ylubFVaezu3VjbWFytrlY35+Zm35p/e/7N+Zksd6Z6liLinS//5cc/+MVX3vnN57/zx4W/Xf9uq1hZsVPuiFg6U4AeOvsutI/FgdYx2j6PYEMwltenMDbskgAA0I/WNf7HI+Iz7ev/Yoy1r+YAAACAUZK9OxX/SSIyAAAAYGSlETEVSVrO+wJMRZqWy50+vJ+Mq2mt3mh+bqW+s7ncWhZRikK6slarzuR9hUtRSFr52byP7UH+5pH8XES8EBE/Kl5p58tL9drysB9+AAAAwCVx7ZXD9///LqbtNAAAADBiSj0zAAAAwKhwyw8AAACjz/0/AAAAjLSvvf9+a8oOxvFe/nB3Z73+4Y3lamO9vLGzVF6qb2+VV+v11fZv9m2ctr9avb71hdjcuVVpVhvNSmN3b2GjvrPZXFg7NAQ2AAAAcIFeeOXuH5KI2P/ilfYU+e8AAhzy52EXABiksWEXABia8X5XTM63HMDFK5y6Rt8tBPCMOu303rPzzm8HXxYAAOB8TH/q+Pv/iXzZ6c8GgGeZvj4AcPl4uweXV+HUHoA6/sCo+1jn47ley8/+/j/LnrhQAADAQE21pyQt5+8CpyJNy+WI59vDAhSSlbVadSa/P/h9sfBcKz/b3jLxZAAAAAAAAAAAAAAAAAAAAAAAAAAA+pRlSWQAAADASItI/5rko/xNF1+f6jwVeJiP1XVk1K+fffCTW4vN5vZsxETyz2Jr1kRENH/amb9zMzMkAAAAADwF2vfvN/PP2WGXBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBR8+D+7aWD6SLj/v1LEVHqFn88Jtufk1GIiKv/SmL8se2SiBgbQPz9OxHxYrf4STzKsqyUl6Jb/CvnHL/UPjTd46cRcW0A8eEyu9tqf97r9v1L49X2Z/fv33g+nVXv9i/9X/s31qP9eb7PGC/d+1WlZ/w7ES+Nd29/DuInnfhJHIn/Wp/xv/XNvb1ey7KfR0x3Pf8kh2JVmhtblcbu3o21jcXV6mp1c25u9q35t+ffnJ+prKzVqvnfrjF++OlfPzqp/ld7xC8drv+x4/96n/V/eO/W/U90koVu8a+/1v38+2KP+Gl+7vtsnm4tnz5I73fSj3v5l797+aT6L/eo/+Qp9b/eZ/3f+Pr3/9TnqgDABWjs7q0v1mrV7RMSk32sc8GJd5+OYkgMKpF9r/P/eLb9nHHzY4nsLJuPxwCKMfEE39PBJobZKgEAAOfh/xf9wy4JAAAAAAAAAAAAAAAAAAAAXF4f8RfCJiOi75WPxtwfTlUBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAE703wAAAP//jl/Y1w==") setxattr$trusted_overlay_upper(&(0x7f0000000200)='./file1\x00', &(0x7f00000001c0), &(0x7f0000001400)=ANY=[], 0x835, 0x0) setxattr$trusted_overlay_upper(&(0x7f0000000100)='./file1\x00', &(0x7f0000000240), 0x0, 0x0, 0x0) 6.581983483s ago: executing program 4 (id=338): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000800)=ANY=[], 0x50) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f0000000480), 0x400034f, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYRES32=0x0, @ANYRES32], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000000040000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) unshare(0x64000600) clock_nanosleep(0x2, 0x0, &(0x7f0000000080)={0x0, 0x989680}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_REGISTER_FRAME(r4, &(0x7f0000000900)={&(0x7f0000000800)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000008c0)={0x0}, 0x1, 0x0, 0x0, 0x40040}, 0x4c0c5) sendmsg$IPVS_CMD_GET_SERVICE(0xffffffffffffffff, 0x0, 0x4000000) syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f00000007c0)='./file1\x00', 0x2804458, &(0x7f0000000000)={[{@resgid={'resgid', 0x3d, 0xee00}}]}, 0x1, 0x502, &(0x7f0000000240)="$eJzs3d9rY1kdAPDvvW26nZmuyaoP64K7i7vSWXSSduruFh92VxB9WlDX91rbtJSmTWnSdVoG7eAfIIio4JNPvgj+AYLMnyDCgL6LiiI6o4/OXElyq9M2aTPbtJlJPx+4zTn31/ecS3Pur0NOAJfWqxHxXkSMRcQbEVHM56f5tNDK7HfWe3D/9lJrSiLLPvhHEkk+72Bfrfx4RFzrbBKTEfGNr0Z8Ozket7G7t75Yq1W383ylubFVaezu3VjbWFytrlY35+Zm35p/e/7N+Zksd6Z6liLinS//5cc/+MVX3vnN57/zx4W/Xf9uq1hZsVPuiFg6U4AeOvsutI/FgdYx2j6PYEMwltenMDbskgAA0I/WNf7HI+Iz7ev/Yoy1r+YAAACAUZK9OxX/SSIyAAAAYGSlETEVSVrO+wJMRZqWy50+vJ+Mq2mt3mh+bqW+s7ncWhZRikK6slarzuR9hUtRSFr52byP7UH+5pH8XES8EBE/Kl5p58tL9drysB9+AAAAwCVx7ZXD9///LqbtNAAAADBiSj0zAAAAwKhwyw8AAACjz/0/AAAAjLSvvf9+a8oOxvFe/nB3Z73+4Y3lamO9vLGzVF6qb2+VV+v11fZv9m2ctr9avb71hdjcuVVpVhvNSmN3b2GjvrPZXFg7NAQ2AAAAcIFeeOXuH5KI2P/ilfYU+e8AAhzy52EXABiksWEXABia8X5XTM63HMDFK5y6Rt8tBPCMOu303rPzzm8HXxYAAOB8TH/q+Pv/iXzZ6c8GgGeZvj4AcPl4uweXV+HUHoA6/sCo+1jn47ley8/+/j/LnrhQAADAQE21pyQt5+8CpyJNy+WI59vDAhSSlbVadSa/P/h9sfBcKz/b3jLxZAAAAAAAAAAAAAAAAAAAAAAAAAAA+pRlSWQAAADASItI/5rko/xNF1+f6jwVeJiP1XVk1K+fffCTW4vN5vZsxETyz2Jr1kRENH/amb9zMzMkAAAAADwF2vfvN/PP2WGXBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBR8+D+7aWD6SLj/v1LEVHqFn88Jtufk1GIiKv/SmL8se2SiBgbQPz9OxHxYrf4STzKsqyUl6Jb/CvnHL/UPjTd46cRcW0A8eEyu9tqf97r9v1L49X2Z/fv33g+nVXv9i/9X/s31qP9eb7PGC/d+1WlZ/w7ES+Nd29/DuInnfhJHIn/Wp/xv/XNvb1ey7KfR0x3Pf8kh2JVmhtblcbu3o21jcXV6mp1c25u9q35t+ffnJ+prKzVqvnfrjF++OlfPzqp/ld7xC8drv+x4/96n/V/eO/W/U90koVu8a+/1v38+2KP+Gl+7vtsnm4tnz5I73fSj3v5l797+aT6L/eo/+Qp9b/eZ/3f+Pr3/9TnqgDABWjs7q0v1mrV7RMSk32sc8GJd5+OYkgMKpF9r/P/eLb9nHHzY4nsLJuPxwCKMfEE39PBJobZKgEAAOfh/xf9wy4JAAAAAAAAAAAAAAAAAAAAXF4f8RfCJiOi75WPxtwfTlUBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAE703wAAAP//jl/Y1w==") 2.851530725s ago: executing program 0 (id=339): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000010005000900000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r1}, 0x10) socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0xffffffb3, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c) r5 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r5, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10) connect$inet(r5, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) sendto$inet(r5, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) recvfrom$inet(r5, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25) 2.672041868s ago: executing program 3 (id=340): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="18010000210000000000000100000000850000006d0000108500"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffff7f}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8) getpid() r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e850000000700000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10) open(&(0x7f0000000000)='./cgroup.cpu/cpuset.cpus\x00', 0x1a1342, 0x0) r4 = socket$can_raw(0x1d, 0x3, 0x1) setsockopt$CAN_RAW_ERR_FILTER(r4, 0x65, 0x2, &(0x7f0000000040)=0x7, 0x4) 1.612938199s ago: executing program 0 (id=341): prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f0000000480), 0x400034f, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000400007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='sched_switch\x00', r4}, 0x10) epoll_create1(0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)) socket$inet6(0x10, 0x3, 0x0) capset(&(0x7f00000003c0)={0x19980330}, &(0x7f0000000400)={0x3, 0x1007, 0x1, 0x3, 0x8001, 0x401}) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r6 = openat$cgroup_procs(r5, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r6, &(0x7f00000000c0), 0x12) 662.227137ms ago: executing program 3 (id=342): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_ADD_COUNTERS(r0, 0x29, 0x41, &(0x7f00000002c0)=ANY=[@ANYRES16=r0], 0x48) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) ptrace(0x10, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x109100, 0x0) readv(r1, &(0x7f0000001340)=[{&(0x7f0000000580)=""/148, 0x94}], 0x1) readv(r1, &(0x7f0000000100)=[{&(0x7f00000002c0)=""/215, 0xd7}], 0x1) r2 = syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000100)='./file1\x00', 0x1000803, &(0x7f0000002ac0)=ANY=[], 0x0, 0x1fb, &(0x7f0000000b00)="$eJzsmb+L1EAUx78z+bHnIQc2FjYWHniil02yKtdccYKlIJyilsGLx2nuVvYi3B0ILjY22lkItjaWFhZWFv4FtlqoIFq4pZ0wMpNJMsTskl1Xm30f2NnvTN6+mffYfIsEBEHMLF8+//z0+MLKlTMADmMRLb3+3SpjuBH/8dm9009XLz5/9eHFu52F+2+q+RgAIZrv7wJ4u2YhBbOzFSGwUF5fLLKWXAXHKa2vgcHL5C+hyCYxGG7omNuG7h7SIom9m91k49ZWEvtyCOQQyqFj7iUPNegzbACYU6cTwjzN7v7BnShJ4l5VOCLf549L4wo+on/qfGscq8i7J4SMv/7oYV/OdW/gg+teAgE4Aq07YFjXegUteJ5XtsSo/5hd5rea1P9PxJOmwS+VOLLcLLOji5n8YPk98l+7MXvCmUoeVl2RN3SxcnSQe6AZ83XsvdxJT/jNnXLrlHEBiJzKP/z9fJJc+ovMbk2jClH6k3T2k4Y/2bAL/2in23fbu/sHy1vb0Wa8Ge+EYee8f9b3z4VtZUTZOML/5pQ/zRv5nSGxLnOxF6VpL9gD0l5QzMNsLAvA+uvuD/UbrvzPxtIJNVWeqspu1e/B9Ierb6mWrPrIB0NrIgiCIAiCIAiCIAiCIAiCqOc4GLI3YYLpB6J1hJfVE8rfAQAA//9DhGHK") r3 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x0, 0x0) fadvise64(r3, 0xaa17, 0xff39, 0x3) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$FUSE_NOTIFY_RETRIEVE(r3, &(0x7f0000000140)={0x30, 0x5, 0x0, {0x0, 0x6, 0xac38, 0x9}}, 0x30) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x240000, 0x0) r4 = openat$incfs(r2, &(0x7f0000000040)='.log\x00', 0x103000, 0x40) ioctl$FS_IOC_READ_VERITY_METADATA(r4, 0xc0286687, &(0x7f00000001c0)={0x3, 0x7ff, 0x13, &(0x7f0000000080)=""/19}) 400.746642ms ago: executing program 4 (id=343): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x4, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000000000000000000000000088500000076000000"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)=@newtaction={0x64, 0x30, 0xffffffffffffffff, 0x0, 0x0, {}, [{0x50, 0x1, [@m_bpf={0x4c, 0x1, 0x0, 0x0, {{0x8}, {0x24, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_PARMS={0x18, 0x2, {0x1}}, @TCA_ACT_BPF_FD={0x8, 0x5, r1}, @TCA_ACT_BPF_OPS_LEN={0x0, 0x3, 0x5}, @TCA_ACT_BPF_NAME={0x0, 0x6, './file0\x00'}, @TCA_ACT_BPF_NAME={0x0, 0x6, './file0\x00'}, @TCA_ACT_BPF_OPS_LEN={0x0, 0x3, 0x9}, @TCA_ACT_BPF_FD={0x0, 0x5, r1}]}, {0x4}, {0xffffffffffffffae}, {0xc}}}]}]}, 0x64}}, 0x0) 0s ago: executing program 4 (id=344): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) getpid() sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="01000000040000000800000008"], 0x50) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00'}, 0x10) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000780)=@base={0x12, 0x4, 0x4, 0x12}, 0x50) r1 = socket$inet6_udp(0xa, 0x2, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000a80)={r0, &(0x7f0000000540), &(0x7f0000000a40)=@udp6=r1, 0x2}, 0x20) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.241' (ED25519) to the list of known hosts. [ 62.255281][ T5772] cgroup: Unknown subsys name 'net' [ 62.389043][ T5772] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 63.771233][ T5772] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 65.263867][ T5787] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 65.271957][ T5789] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 65.278704][ T5791] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 65.279900][ T5789] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 65.287834][ T5791] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 65.294402][ T5789] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 65.309236][ T5791] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 65.309270][ T5789] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 65.323636][ T5791] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 65.324268][ T5789] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 65.338135][ T5791] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 65.338656][ T5789] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 65.353307][ T5789] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 65.363480][ T5789] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 65.365787][ T5796] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 65.370744][ T5099] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 65.386434][ T5099] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 65.393536][ T5789] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 65.400010][ T5796] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 65.408946][ T5796] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 65.413788][ T5099] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 65.417235][ T5796] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 65.423262][ T5099] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 65.431075][ T5796] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 65.941878][ T5782] chnl_net:caif_netlink_parms(): no params data found [ 65.958625][ T5784] chnl_net:caif_netlink_parms(): no params data found [ 66.012755][ T5783] chnl_net:caif_netlink_parms(): no params data found [ 66.034312][ T5785] chnl_net:caif_netlink_parms(): no params data found [ 66.153588][ T5782] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.160731][ T5782] bridge0: port 1(bridge_slave_0) entered disabled state [ 66.168963][ T5782] bridge_slave_0: entered allmulticast mode [ 66.176485][ T5782] bridge_slave_0: entered promiscuous mode [ 66.201332][ T5782] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.208756][ T5782] bridge0: port 2(bridge_slave_1) entered disabled state [ 66.216082][ T5782] bridge_slave_1: entered allmulticast mode [ 66.223216][ T5782] bridge_slave_1: entered promiscuous mode [ 66.254223][ T5784] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.261367][ T5784] bridge0: port 1(bridge_slave_0) entered disabled state [ 66.268710][ T5784] bridge_slave_0: entered allmulticast mode [ 66.276158][ T5784] bridge_slave_0: entered promiscuous mode [ 66.327528][ T5783] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.335467][ T5783] bridge0: port 1(bridge_slave_0) entered disabled state [ 66.342644][ T5783] bridge_slave_0: entered allmulticast mode [ 66.350086][ T5783] bridge_slave_0: entered promiscuous mode [ 66.357781][ T5784] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.365326][ T5784] bridge0: port 2(bridge_slave_1) entered disabled state [ 66.372465][ T5784] bridge_slave_1: entered allmulticast mode [ 66.379866][ T5784] bridge_slave_1: entered promiscuous mode [ 66.389080][ T5782] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 66.398788][ T5785] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.407407][ T5785] bridge0: port 1(bridge_slave_0) entered disabled state [ 66.414770][ T5785] bridge_slave_0: entered allmulticast mode [ 66.421445][ T5785] bridge_slave_0: entered promiscuous mode [ 66.429279][ T5783] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.436657][ T5783] bridge0: port 2(bridge_slave_1) entered disabled state [ 66.443937][ T5783] bridge_slave_1: entered allmulticast mode [ 66.450638][ T5783] bridge_slave_1: entered promiscuous mode [ 66.469895][ T5782] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 66.503321][ T5785] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.510471][ T5785] bridge0: port 2(bridge_slave_1) entered disabled state [ 66.518525][ T5785] bridge_slave_1: entered allmulticast mode [ 66.525417][ T5785] bridge_slave_1: entered promiscuous mode [ 66.569757][ T5782] team0: Port device team_slave_0 added [ 66.599746][ T5783] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 66.611195][ T5784] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 66.621909][ T5782] team0: Port device team_slave_1 added [ 66.641400][ T5785] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 66.652490][ T5783] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 66.674899][ T5784] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 66.708080][ T5782] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 66.715168][ T5782] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 66.741502][ T5782] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 66.757106][ T5785] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 66.797375][ T5782] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 66.804468][ T5782] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 66.831253][ T5782] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 66.857828][ T5785] team0: Port device team_slave_0 added [ 66.871065][ T5783] team0: Port device team_slave_0 added [ 66.879975][ T5784] team0: Port device team_slave_0 added [ 66.888330][ T5784] team0: Port device team_slave_1 added [ 66.911820][ T5785] team0: Port device team_slave_1 added [ 66.919577][ T5783] team0: Port device team_slave_1 added [ 66.948437][ T5784] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 66.955542][ T5784] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 66.981848][ T5784] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 67.020998][ T5784] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 67.028465][ T5784] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 67.054725][ T5784] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 67.077453][ T5783] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 67.084528][ T5783] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 67.111043][ T5783] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 67.139593][ T5782] hsr_slave_0: entered promiscuous mode [ 67.146190][ T5782] hsr_slave_1: entered promiscuous mode [ 67.171290][ T5785] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 67.178481][ T5785] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 67.204489][ T5785] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 67.217598][ T5785] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 67.224645][ T5785] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 67.250599][ T5785] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 67.263545][ T5783] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 67.271167][ T5783] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 67.297103][ T5783] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 67.365134][ T5784] hsr_slave_0: entered promiscuous mode [ 67.371680][ T5784] hsr_slave_1: entered promiscuous mode [ 67.378450][ T5784] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 67.386470][ T5784] Cannot create hsr debugfs directory [ 67.423695][ T5796] Bluetooth: hci1: command tx timeout [ 67.458631][ T5785] hsr_slave_0: entered promiscuous mode [ 67.465064][ T5785] hsr_slave_1: entered promiscuous mode [ 67.471053][ T5785] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 67.478875][ T5785] Cannot create hsr debugfs directory [ 67.503342][ T5787] Bluetooth: hci3: command tx timeout [ 67.503521][ T50] Bluetooth: hci2: command tx timeout [ 67.509119][ T5796] Bluetooth: hci0: command tx timeout [ 67.534292][ T5783] hsr_slave_0: entered promiscuous mode [ 67.540526][ T5783] hsr_slave_1: entered promiscuous mode [ 67.546980][ T5783] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 67.554790][ T5783] Cannot create hsr debugfs directory [ 67.871074][ T5782] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 67.895877][ T5782] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 67.908528][ T5782] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 67.929585][ T5782] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 67.969661][ T5784] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 67.979888][ T5784] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 68.006335][ T5784] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 68.017780][ T5784] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 68.100878][ T5785] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 68.118593][ T5785] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 68.146118][ T5785] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 68.156261][ T5785] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 68.172291][ T5783] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 68.184674][ T5783] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 68.205658][ T5783] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 68.222633][ T5783] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 68.306182][ T5782] 8021q: adding VLAN 0 to HW filter on device bond0 [ 68.361839][ T5782] 8021q: adding VLAN 0 to HW filter on device team0 [ 68.391398][ T2885] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.398784][ T2885] bridge0: port 1(bridge_slave_0) entered forwarding state [ 68.415009][ T5784] 8021q: adding VLAN 0 to HW filter on device bond0 [ 68.438410][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.445573][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 68.489704][ T5784] 8021q: adding VLAN 0 to HW filter on device team0 [ 68.509144][ T5783] 8021q: adding VLAN 0 to HW filter on device bond0 [ 68.539814][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.546930][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 68.556410][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.563553][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 68.586851][ T5785] 8021q: adding VLAN 0 to HW filter on device bond0 [ 68.624407][ T5783] 8021q: adding VLAN 0 to HW filter on device team0 [ 68.655892][ T2885] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.663062][ T2885] bridge0: port 1(bridge_slave_0) entered forwarding state [ 68.675784][ T2885] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.682941][ T2885] bridge0: port 2(bridge_slave_1) entered forwarding state [ 68.699601][ T5785] 8021q: adding VLAN 0 to HW filter on device team0 [ 68.716402][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.723551][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 68.782322][ T42] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.789763][ T42] bridge0: port 2(bridge_slave_1) entered forwarding state [ 69.171544][ T5784] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 69.192396][ T5782] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 69.287974][ T5785] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 69.329893][ T5782] veth0_vlan: entered promiscuous mode [ 69.341897][ T5783] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 69.356114][ T5784] veth0_vlan: entered promiscuous mode [ 69.370772][ T5782] veth1_vlan: entered promiscuous mode [ 69.395708][ T5784] veth1_vlan: entered promiscuous mode [ 69.450682][ T5785] veth0_vlan: entered promiscuous mode [ 69.481603][ T5782] veth0_macvtap: entered promiscuous mode [ 69.496417][ T5785] veth1_vlan: entered promiscuous mode [ 69.507556][ T5783] veth0_vlan: entered promiscuous mode [ 69.513548][ T5796] Bluetooth: hci1: command tx timeout [ 69.521322][ T5784] veth0_macvtap: entered promiscuous mode [ 69.529707][ T5782] veth1_macvtap: entered promiscuous mode [ 69.548760][ T5783] veth1_vlan: entered promiscuous mode [ 69.556709][ T5784] veth1_macvtap: entered promiscuous mode [ 69.579976][ T5784] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 69.591926][ T50] Bluetooth: hci3: command tx timeout [ 69.592118][ T5787] Bluetooth: hci2: command tx timeout [ 69.598024][ T5796] Bluetooth: hci0: command tx timeout [ 69.624532][ T5784] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 69.655158][ T5784] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.667204][ T5784] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.676434][ T5784] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.686513][ T5784] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.696964][ T5782] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 69.708302][ T5782] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 69.719648][ T5782] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 69.752765][ T5783] veth0_macvtap: entered promiscuous mode [ 69.760736][ T5782] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 69.772193][ T5782] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 69.785393][ T5782] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 69.798582][ T5785] veth0_macvtap: entered promiscuous mode [ 69.818066][ T5785] veth1_macvtap: entered promiscuous mode [ 69.835506][ T5783] veth1_macvtap: entered promiscuous mode [ 69.842726][ T5782] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.851960][ T5782] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.860980][ T5782] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.873012][ T5782] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 69.926730][ T42] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 69.944411][ T42] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 69.969716][ T5785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 69.982198][ T5785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 69.997491][ T5785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 70.008300][ T5785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 70.020988][ T5785] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 70.044813][ T5783] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 70.056080][ T5783] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 70.067040][ T5783] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 70.078201][ T5783] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 70.089156][ T5783] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 70.099993][ T5783] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 70.112095][ T5783] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 70.120498][ T5785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 70.131391][ T5785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 70.141748][ T5785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 70.153777][ T5785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 70.165449][ T5785] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 70.185032][ T42] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 70.197589][ T42] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 70.217255][ T5783] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 70.237031][ T5783] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 70.246973][ T5783] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 70.257762][ T5783] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 70.267682][ T5783] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 70.278129][ T5783] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 70.289241][ T5783] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 70.301699][ T5785] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.310930][ T5785] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.322486][ T5785] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.331744][ T5785] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.361487][ T5783] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.370464][ T5783] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.379783][ T5783] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.389926][ T5783] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.468203][ T42] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 70.480281][ T42] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 70.556867][ T48] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 70.575041][ T48] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 70.626447][ T42] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 70.646847][ T42] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 70.772725][ T42] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 70.793518][ T2885] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 70.801366][ T2885] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 70.819015][ T42] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 70.937809][ T42] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 70.982599][ T42] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 71.419865][ T5884] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6'. [ 71.583283][ T5796] Bluetooth: hci1: command tx timeout [ 71.602405][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.630041][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.663585][ T5796] Bluetooth: hci2: command tx timeout [ 71.673621][ T50] Bluetooth: hci3: command tx timeout [ 71.679175][ T5787] Bluetooth: hci0: command tx timeout [ 72.592072][ T5900] Zero length message leads to an empty skb [ 72.966659][ T9] cfg80211: failed to load regulatory.db [ 73.065686][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 73.862485][ T5796] Bluetooth: hci1: command tx timeout [ 73.862581][ T5793] Bluetooth: hci3: command tx timeout [ 73.873464][ T50] Bluetooth: hci0: command tx timeout [ 73.879586][ T5787] Bluetooth: hci2: command tx timeout [ 75.670282][ T5896] input: syz0 as /devices/virtual/input/input5 [ 76.036861][ T5909] usb 2-1: new full-speed USB device number 2 using dummy_hcd [ 76.693461][ T5931] ip6gretap1: entered allmulticast mode [ 76.706314][ T5931] bridge0: port 3(syz_tun) entered blocking state [ 76.713249][ T5931] bridge0: port 3(syz_tun) entered disabled state [ 76.720630][ T5931] syz_tun: entered allmulticast mode [ 76.728030][ T5931] syz_tun: entered promiscuous mode [ 76.734860][ T5931] bridge0: port 3(syz_tun) entered blocking state [ 76.742152][ T5931] bridge0: port 3(syz_tun) entered forwarding state [ 76.934078][ T5933] syz.2.16[5933]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 76.960400][ T5933] loop2: detected capacity change from 0 to 512 [ 76.973225][ T5909] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 76.994529][ T5909] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1088, setting to 64 [ 77.000938][ T5933] ======================================================= [ 77.000938][ T5933] WARNING: The mand mount option has been deprecated and [ 77.000938][ T5933] and is ignored by this kernel. Remove the mand [ 77.000938][ T5933] option from the mount to silence this warning. [ 77.000938][ T5933] ======================================================= [ 77.022850][ T5909] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 77.082864][ T5909] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 77.119952][ T5933] EXT4-fs error (device loop2): ext4_orphan_get:1399: inode #15: comm syz.2.16: iget: bad extended attribute block 1 [ 77.134927][ T5909] usb 2-1: New USB device found, idVendor=1e71, idProduct=2019, bcdDevice= 0.00 [ 77.153145][ T5909] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 77.170195][ T5933] EXT4-fs error (device loop2): ext4_orphan_get:1404: comm syz.2.16: couldn't read orphan inode 15 (err -117) [ 77.191500][ T5909] usb 2-1: config 0 descriptor?? [ 77.221689][ T5933] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 77.348042][ T5916] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 77.356861][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 77.366419][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 77.527223][ T5940] loop3: detected capacity change from 0 to 512 [ 77.767567][ T5940] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 77.782133][ T5940] ext4 filesystem being mounted at /6/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 79.052828][ C0] sched: RT throttling activated [ 79.173469][ T0] NOHZ tick-stop error: local softirq work is pending, handler #300!!! [ 79.232658][ T5943] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 7934 vs 220 free clusters [ 79.293228][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 79.302009][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 79.353278][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 79.417534][ T5784] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 79.477907][ T5909] usbhid 2-1:0.0: can't add hid device: -71 [ 79.484617][ T5785] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 79.563071][ T5909] usbhid: probe of 2-1:0.0 failed with error -71 [ 79.600361][ T5909] usb 2-1: USB disconnect, device number 2 [ 79.847906][ T5953] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 80.765128][ T5959] loop2: detected capacity change from 0 to 512 [ 80.991849][ T5959] [EXT4 FS bs=4096, gc=1, bpg=95, ipg=32, mo=e040e01c, mo2=0000] [ 81.000329][ T5959] System zones: 0-2, 18-18, 34-34 [ 81.029002][ T5959] EXT4-fs error (device loop2): ext4_do_update_inode:5230: inode #3: comm syz.2.19: corrupted inode contents [ 81.044625][ T5959] EXT4-fs error (device loop2): ext4_dirty_inode:6106: inode #3: comm syz.2.19: mark_inode_dirty error [ 81.059792][ T5959] EXT4-fs error (device loop2): ext4_do_update_inode:5230: inode #3: comm syz.2.19: corrupted inode contents [ 81.200919][ T5959] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #3: comm syz.2.19: mark_inode_dirty error [ 81.236582][ T5959] Quota error (device loop2): write_blk: dquota write failed [ 81.245588][ T5959] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 81.255932][ T5959] EXT4-fs error (device loop2): ext4_acquire_dquot:6938: comm syz.2.19: Failed to acquire dquot type 0 [ 81.324911][ T5959] EXT4-fs (loop2): 1 orphan inode deleted [ 81.337666][ T5959] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 81.367164][ T5959] ext4 filesystem being mounted at /5/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 82.541586][ T5785] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 82.705503][ T5974] loop2: detected capacity change from 0 to 128 [ 82.716569][ T5974] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 82.859427][ T5977] loop3: detected capacity change from 0 to 512 [ 82.941026][ T5977] EXT4-fs error (device loop3): ext4_orphan_get:1399: inode #15: comm syz.3.27: iget: bad extended attribute block 1 [ 83.027255][ T5977] EXT4-fs error (device loop3): ext4_orphan_get:1404: comm syz.3.27: couldn't read orphan inode 15 (err -117) [ 83.085140][ T5980] netlink: 'syz.2.28': attribute type 27 has an invalid length. [ 83.102493][ T5977] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 83.224804][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 83.233559][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 83.241841][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 83.287444][ T5982] loop1: detected capacity change from 0 to 512 [ 83.302609][ T5984] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 7934 vs 220 free clusters [ 83.766155][ T5982] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 0 not in group (block 34)! [ 83.779333][ T5982] EXT4-fs (loop1): group descriptors corrupted! [ 83.821101][ T5784] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 84.139221][ T5980] bridge0: port 2(bridge_slave_1) entered disabled state [ 84.148140][ T5980] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.397805][ T6001] input: syz0 as /devices/virtual/input/input6 [ 86.628785][ T5980] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 86.681482][ T5980] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 87.312125][ T5980] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 87.332303][ T5980] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 87.352554][ T5980] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 87.361747][ T5980] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 87.926438][ T6007] loop3: detected capacity change from 0 to 512 [ 88.704051][ T6007] [EXT4 FS bs=4096, gc=1, bpg=95, ipg=32, mo=e040e01c, mo2=0000] [ 88.711916][ T6007] System zones: 0-2, 18-18, 34-34 [ 88.825003][ T6007] EXT4-fs error (device loop3): ext4_do_update_inode:5230: inode #3: comm syz.3.34: corrupted inode contents [ 88.911569][ T6007] EXT4-fs error (device loop3): ext4_dirty_inode:6106: inode #3: comm syz.3.34: mark_inode_dirty error [ 89.002022][ T6007] EXT4-fs error (device loop3): ext4_do_update_inode:5230: inode #3: comm syz.3.34: corrupted inode contents [ 89.051105][ T6003] loop0: detected capacity change from 0 to 40427 [ 89.052930][ T6007] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #3: comm syz.3.34: mark_inode_dirty error [ 89.121334][ T6007] Quota error (device loop3): write_blk: dquota write failed [ 89.159175][ T6007] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 89.227909][ T6003] F2FS-fs (loop0): Found nat_bits in checkpoint [ 89.243071][ T6007] EXT4-fs error (device loop3): ext4_acquire_dquot:6938: comm syz.3.34: Failed to acquire dquot type 0 [ 89.335190][ T6007] EXT4-fs (loop3): 1 orphan inode deleted [ 89.383020][ T6007] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 89.454145][ T6007] ext4 filesystem being mounted at /13/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 89.628268][ T6003] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 89.674548][ T6018] EXT4-fs error (device loop3): ext4_lookup:1858: inode #15: comm syz.3.34: iget: bad i_size value: 360287970189639690 [ 89.760866][ T6007] EXT4-fs error (device loop3): ext4_lookup:1858: inode #15: comm syz.3.34: iget: bad i_size value: 360287970189639690 [ 89.891056][ T58] Quota error (device loop3): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 89.931883][ T58] EXT4-fs error (device loop3): ext4_release_dquot:6974: comm kworker/u4:4: Failed to release dquot type 1 [ 90.044457][ T5784] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 90.665447][ T6024] Driver unsupported XDP return value 0 on prog (id 26) dev N/A, expect packet loss! [ 90.725724][ T5782] syz-executor: attempt to access beyond end of device [ 90.725724][ T5782] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 90.767894][ T5782] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 90.876181][ T787] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 91.043061][ T5908] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 91.121231][ T787] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 91.931391][ T787] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 92.046866][ T787] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 92.060027][ T787] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 92.070247][ T787] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 92.078471][ T5908] usb 2-1: Using ep0 maxpacket: 16 [ 92.086490][ T5908] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 92.102869][ T5908] usb 2-1: config 0 has no interface number 0 [ 92.117884][ T787] usb 3-1: config 0 descriptor?? [ 92.132436][ T5908] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 92.156984][ T5908] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 92.170934][ T5908] usb 2-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00 [ 92.193109][ T5908] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 92.214798][ T5908] usb 2-1: config 0 descriptor?? [ 92.856077][ T787] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0 [ 92.881467][ T6036] input: syz0 as /devices/virtual/input/input7 [ 92.895086][ T787] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x4 [ 92.902728][ T787] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0 [ 92.918934][ T787] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0 [ 92.972888][ T787] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0 [ 92.994282][ T787] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x4 [ 93.001924][ T787] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0 [ 93.017156][ T787] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0 [ 93.044262][ T787] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0 [ 93.051768][ T787] plantronics 0003:047F:FFFF.0001: unknown main item tag 0x0 [ 93.061647][ T787] plantronics 0003:047F:FFFF.0001: No inputs registered, leaving [ 93.127612][ T787] plantronics 0003:047F:FFFF.0001: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 93.210342][ T787] usb 3-1: USB disconnect, device number 2 [ 93.289183][ T6046] fido_id[6046]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/3-1/report_descriptor': No such file or directory [ 95.050479][ T5908] input: HID 28bd:0071 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.1/0003:28BD:0071.0002/input/input8 [ 95.062271][ T8] usb 4-1: new full-speed USB device number 2 using dummy_hcd [ 97.596319][ T5908] input: HID 28bd:0071 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.1/0003:28BD:0071.0002/input/input9 [ 97.684518][ T5908] uclogic 0003:28BD:0071.0002: input,hidraw0: USB HID v0.02 Keypad [HID 28bd:0071] on usb-dummy_hcd.1-1/input1 [ 97.743849][ T5908] usb 2-1: USB disconnect, device number 3 [ 98.068098][ T6072] fido_id[6072]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 100.057454][ T6082] loop2: detected capacity change from 0 to 512 [ 100.292287][ T6082] [EXT4 FS bs=4096, gc=1, bpg=95, ipg=32, mo=e040e01c, mo2=0000] [ 100.332283][ T6082] System zones: 0-2, 18-18, 34-34 [ 100.410926][ T6082] EXT4-fs error (device loop2): ext4_do_update_inode:5230: inode #3: comm syz.2.54: corrupted inode contents [ 100.459374][ T6082] EXT4-fs error (device loop2): ext4_dirty_inode:6106: inode #3: comm syz.2.54: mark_inode_dirty error [ 100.496157][ T6082] EXT4-fs error (device loop2): ext4_do_update_inode:5230: inode #3: comm syz.2.54: corrupted inode contents [ 100.563124][ T6082] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #3: comm syz.2.54: mark_inode_dirty error [ 100.590062][ T6082] Quota error (device loop2): write_blk: dquota write failed [ 100.614969][ T6082] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 100.656052][ T6082] EXT4-fs error (device loop2): ext4_acquire_dquot:6938: comm syz.2.54: Failed to acquire dquot type 0 [ 100.707284][ T6082] EXT4-fs (loop2): 1 orphan inode deleted [ 100.719338][ T42] Quota error (device loop2): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 100.745353][ T6082] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 100.780281][ T42] EXT4-fs error (device loop2): ext4_release_dquot:6974: comm kworker/u4:2: Failed to release dquot type 1 [ 100.812480][ T6082] ext4 filesystem being mounted at /11/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 100.964958][ T5785] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 101.234184][ T6097] usb usb1: check_ctrlrecip: process 6097 (syz.2.58) requesting ep 01 but needs 81 [ 101.350052][ T6089] loop3: detected capacity change from 0 to 40427 [ 101.396191][ T6089] F2FS-fs (loop3): Fix alignment : done, start(4096) end(16896) block(12288) [ 101.450540][ T6089] F2FS-fs (loop3): invalid crc value [ 101.483746][ T6089] F2FS-fs (loop3): Found nat_bits in checkpoint [ 101.582992][ T5850] usb 2-1: new full-speed USB device number 4 using dummy_hcd [ 101.642424][ T6089] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 101.788352][ T5850] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 101.813729][ T5850] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1088, setting to 64 [ 101.826651][ T5850] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 102.018763][ T5850] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 102.061616][ T5850] usb 2-1: New USB device found, idVendor=1e71, idProduct=2019, bcdDevice= 0.00 [ 102.070975][ T5850] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 102.084142][ T5850] usb 2-1: config 0 descriptor?? [ 102.089787][ T6092] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 102.476649][ T27] audit: type=1800 audit(1753753077.079:2): pid=6110 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.56" name="file1" dev="loop3" ino=10 res=0 errno=0 [ 102.907744][ T5784] syz-executor: attempt to access beyond end of device [ 102.907744][ T5784] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 102.953270][ T5784] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 103.044692][ T5850] usbhid 2-1:0.0: can't add hid device: -71 [ 103.051510][ T5850] usbhid: probe of 2-1:0.0 failed with error -71 [ 103.066755][ T5850] usb 2-1: USB disconnect, device number 4 [ 103.208506][ T6119] netlink: 28 bytes leftover after parsing attributes in process `syz.2.63'. [ 103.217641][ T6119] netlink: 28 bytes leftover after parsing attributes in process `syz.2.63'. [ 105.759629][ T6143] xt_TPROXY: Can be used only with -p tcp or -p udp [ 110.037124][ T6162] loop2: detected capacity change from 0 to 512 [ 110.228464][ T6162] [EXT4 FS bs=4096, gc=1, bpg=95, ipg=32, mo=e040e01c, mo2=0000] [ 110.237311][ T6162] System zones: 0-2, 18-18, 34-34 [ 110.273930][ T6162] EXT4-fs error (device loop2): ext4_do_update_inode:5230: inode #3: comm syz.2.73: corrupted inode contents [ 110.289729][ T6162] EXT4-fs error (device loop2): ext4_dirty_inode:6106: inode #3: comm syz.2.73: mark_inode_dirty error [ 110.314827][ T6162] EXT4-fs error (device loop2): ext4_do_update_inode:5230: inode #3: comm syz.2.73: corrupted inode contents [ 110.327685][ T6162] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #3: comm syz.2.73: mark_inode_dirty error [ 110.346305][ T6162] Quota error (device loop2): write_blk: dquota write failed [ 110.354697][ T6162] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 110.365115][ T6162] EXT4-fs error (device loop2): ext4_acquire_dquot:6938: comm syz.2.73: Failed to acquire dquot type 0 [ 110.394148][ T6162] EXT4-fs (loop2): 1 orphan inode deleted [ 110.407029][ T6162] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 110.433958][ T6162] ext4 filesystem being mounted at /16/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 111.732510][ T5785] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 112.407968][ T6184] loop2: detected capacity change from 0 to 512 [ 112.519690][ T6184] [EXT4 FS bs=4096, gc=1, bpg=95, ipg=32, mo=e040e01c, mo2=0000] [ 112.528149][ T6184] System zones: 0-2, 18-18, 34-34 [ 112.546160][ T6184] EXT4-fs error (device loop2): ext4_do_update_inode:5230: inode #3: comm syz.2.77: corrupted inode contents [ 112.558996][ T6184] EXT4-fs error (device loop2): ext4_dirty_inode:6106: inode #3: comm syz.2.77: mark_inode_dirty error [ 112.575393][ T6184] EXT4-fs error (device loop2): ext4_do_update_inode:5230: inode #3: comm syz.2.77: corrupted inode contents [ 112.591772][ T6184] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #3: comm syz.2.77: mark_inode_dirty error [ 112.624527][ T6184] Quota error (device loop2): write_blk: dquota write failed [ 112.632700][ T6184] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 112.642912][ T6184] EXT4-fs error (device loop2): ext4_acquire_dquot:6938: comm syz.2.77: Failed to acquire dquot type 0 [ 112.681162][ T6184] EXT4-fs (loop2): 1 orphan inode deleted [ 112.694091][ T6184] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 112.717006][ T6184] ext4 filesystem being mounted at /17/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 112.969533][ T5787] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 113.063388][ T5905] Quota error (device loop2): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 113.229595][ T5905] EXT4-fs error (device loop2): ext4_release_dquot:6974: comm kworker/u4:8: Failed to release dquot type 1 [ 113.707955][ T6194] xt_TPROXY: Can be used only with -p tcp or -p udp [ 114.605911][ T6206] fuse: Bad value for 'fd' [ 115.836413][ T6214] loop1: detected capacity change from 0 to 512 [ 115.883376][ T6214] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 117.232455][ T6214] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 117.245637][ T6214] ext4 filesystem being mounted at /19/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 117.508262][ T5785] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 118.718080][ T6226] loop2: detected capacity change from 0 to 256 [ 119.498086][ T5783] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 119.618871][ T6229] loop3: detected capacity change from 0 to 128 [ 121.033501][ T6244] fuse: Bad value for 'fd' [ 121.744009][ T6245] xt_TPROXY: Can be used only with -p tcp or -p udp [ 122.357851][ T6257] netlink: 16 bytes leftover after parsing attributes in process `syz.0.93'. [ 122.917338][ T6262] overlayfs: failed to resolve './file0': -2 [ 122.980341][ T6262] bridge0: port 2(bridge_slave_1) entered disabled state [ 122.988094][ T6262] bridge0: port 1(bridge_slave_0) entered disabled state [ 123.003563][ T6262] bridge0: entered allmulticast mode [ 123.990700][ T6270] loop2: detected capacity change from 0 to 128 [ 124.971638][ T6283] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 126.082386][ T6287] fuse: Bad value for 'fd' [ 129.020035][ T6310] overlayfs: failed to resolve './file0': -2 [ 129.046207][ T6310] bridge0: port 2(bridge_slave_1) entered disabled state [ 129.054216][ T6310] bridge0: port 1(bridge_slave_0) entered disabled state [ 129.103422][ T6310] bridge0: entered allmulticast mode [ 129.804069][ T6318] loop2: detected capacity change from 0 to 256 [ 129.822516][ T6318] exfat: Unknown parameter 'fsmagic' [ 131.481263][ T6322] netlink: 16 bytes leftover after parsing attributes in process `syz.3.112'. [ 133.540312][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.560448][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 134.194773][ T6344] loop1: detected capacity change from 0 to 512 [ 134.915500][ T6344] [EXT4 FS bs=4096, gc=1, bpg=95, ipg=32, mo=e040e01c, mo2=0000] [ 134.924013][ T6344] System zones: 0-2, 18-18, 34-34 [ 135.305396][ T6344] EXT4-fs error (device loop1): ext4_do_update_inode:5230: inode #3: comm syz.1.118: corrupted inode contents [ 135.319353][ T6344] EXT4-fs error (device loop1): ext4_dirty_inode:6106: inode #3: comm syz.1.118: mark_inode_dirty error [ 135.340293][ T6344] EXT4-fs error (device loop1): ext4_do_update_inode:5230: inode #3: comm syz.1.118: corrupted inode contents [ 135.356027][ T6344] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #3: comm syz.1.118: mark_inode_dirty error [ 135.377229][ T6344] Quota error (device loop1): write_blk: dquota write failed [ 135.385620][ T6344] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 135.395938][ T6344] EXT4-fs error (device loop1): ext4_acquire_dquot:6938: comm syz.1.118: Failed to acquire dquot type 0 [ 135.432233][ T6344] EXT4-fs (loop1): 1 orphan inode deleted [ 135.444569][ T6344] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 135.462059][ T6344] ext4 filesystem being mounted at /24/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 136.227909][ T5783] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 136.728085][ T6359] overlayfs: missing 'lowerdir' [ 137.404303][ T6369] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 137.710250][ T6372] syz.1.126[6372] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 137.710815][ T6372] syz.1.126[6372] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 137.759467][ T6372] netlink: 4 bytes leftover after parsing attributes in process `syz.1.126'. [ 137.782606][ T6372] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 139.341358][ T6372] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 144.750693][ T6393] loop1: detected capacity change from 0 to 512 [ 145.780685][ T6390] loop2: detected capacity change from 0 to 256 [ 146.301358][ T6393] EXT4-fs warning (device loop1): ext4_multi_mount_protect:398: Unable to create kmmpd thread for loop1. [ 146.369530][ T6390] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x389acbd6, utbl_chksum : 0xe619d30d) [ 146.384291][ T6390] exFAT-fs (loop2): failed to load alloc-bitmap [ 146.390670][ T6390] exFAT-fs (loop2): failed to recognize exfat type [ 147.194352][ T6401] loop3: detected capacity change from 0 to 512 [ 149.878284][ T6401] [EXT4 FS bs=4096, gc=1, bpg=95, ipg=32, mo=e040e01c, mo2=0000] [ 149.886313][ T6401] System zones: 0-2, 18-18, 34-34 [ 149.909676][ T6401] EXT4-fs error (device loop3): ext4_do_update_inode:5230: inode #3: comm syz.3.132: corrupted inode contents [ 149.924796][ T6401] EXT4-fs error (device loop3): ext4_dirty_inode:6106: inode #3: comm syz.3.132: mark_inode_dirty error [ 149.949996][ T6401] EXT4-fs error (device loop3): ext4_do_update_inode:5230: inode #3: comm syz.3.132: corrupted inode contents [ 149.964518][ T6401] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #3: comm syz.3.132: mark_inode_dirty error [ 149.982032][ T6401] Quota error (device loop3): write_blk: dquota write failed [ 149.989666][ T6401] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 149.999722][ T6401] EXT4-fs error (device loop3): ext4_acquire_dquot:6938: comm syz.3.132: Failed to acquire dquot type 0 [ 150.037789][ T6401] EXT4-fs (loop3): 1 orphan inode deleted [ 150.048547][ T6401] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 150.100958][ T12] Quota error (device loop3): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 150.120747][ T6401] ext4 filesystem being mounted at /43/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 150.143838][ T12] EXT4-fs error (device loop3): ext4_release_dquot:6974: comm kworker/u4:1: Failed to release dquot type 1 [ 150.300872][ T5784] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 153.595385][ T6432] loop1: detected capacity change from 0 to 2048 [ 153.832218][ T6432] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 155.904315][ T6406] EXT4-fs error (device loop1): ext4_validate_block_bitmap:439: comm ext4lazyinit: bg 0: block 234: padding at end of block bitmap is not set [ 159.617431][ T6465] ip6gretap1: entered allmulticast mode [ 159.653446][ T6465] bridge0: port 3(syz_tun) entered blocking state [ 159.660431][ T6465] bridge0: port 3(syz_tun) entered disabled state [ 159.670200][ T6465] syz_tun: entered allmulticast mode [ 159.685672][ T6465] syz_tun: entered promiscuous mode [ 162.646449][ T6486] syzkaller0: entered promiscuous mode [ 162.651975][ T6486] syzkaller0: entered allmulticast mode [ 163.985733][ T6494] overlayfs: missing 'lowerdir' [ 165.338795][ T6505] netlink: 28 bytes leftover after parsing attributes in process `syz.0.157'. [ 165.365070][ T6505] netlink: 28 bytes leftover after parsing attributes in process `syz.0.157'. [ 165.378974][ T5783] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 166.472109][ T6526] netlink: 4 bytes leftover after parsing attributes in process `syz.0.165'. [ 166.481305][ T6526] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 166.512498][ T6523] loop2: detected capacity change from 0 to 4096 [ 167.183401][ T6523] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 167.287354][ T6526] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 169.840817][ T6557] tty tty20: ldisc open failed (-12), clearing slot 19 [ 170.046620][ T5785] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 170.293699][ T6564] usb usb1: check_ctrlrecip: process 6564 (syz.3.173) requesting ep 01 but needs 81 [ 173.722621][ T6597] loop3: detected capacity change from 0 to 512 [ 173.905180][ T6597] [EXT4 FS bs=4096, gc=1, bpg=95, ipg=32, mo=e040e01c, mo2=0000] [ 173.913602][ T6597] System zones: 0-2, 18-18, 34-34 [ 173.951744][ T6597] EXT4-fs error (device loop3): ext4_do_update_inode:5230: inode #3: comm syz.3.181: corrupted inode contents [ 173.967768][ T6597] EXT4-fs error (device loop3): ext4_dirty_inode:6106: inode #3: comm syz.3.181: mark_inode_dirty error [ 173.988385][ T6597] EXT4-fs error (device loop3): ext4_do_update_inode:5230: inode #3: comm syz.3.181: corrupted inode contents [ 174.004293][ T6597] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #3: comm syz.3.181: mark_inode_dirty error [ 174.025544][ T6597] Quota error (device loop3): write_blk: dquota write failed [ 174.033906][ T6597] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 174.044250][ T6597] EXT4-fs error (device loop3): ext4_acquire_dquot:6938: comm syz.3.181: Failed to acquire dquot type 0 [ 174.095671][ T6597] EXT4-fs (loop3): 1 orphan inode deleted [ 174.108132][ T6597] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 174.126466][ T6597] ext4 filesystem being mounted at /59/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 175.058906][ T11] Quota error (device loop3): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 175.090229][ T11] EXT4-fs error (device loop3): ext4_release_dquot:6974: comm kworker/u4:0: Failed to release dquot type 1 [ 175.335809][ T5784] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 175.555761][ T6610] loop2: detected capacity change from 0 to 128 [ 175.673752][ T27] audit: type=1800 audit(1753753150.559:3): pid=6610 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.184" name="bus" dev="loop2" ino=1048592 res=0 errno=0 [ 175.862687][ T6613] syz.2.184: attempt to access beyond end of device [ 175.862687][ T6613] loop2: rw=0, sector=121, nr_sectors = 920 limit=128 [ 176.965308][ T6620] loop3: detected capacity change from 0 to 2048 [ 177.282139][ T6620] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 177.855569][ T5784] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 178.153113][ T6636] usb usb1: check_ctrlrecip: process 6636 (syz.3.189) requesting ep 01 but needs 81 [ 180.844736][ T6648] loop1: detected capacity change from 0 to 512 [ 180.970695][ T6648] [EXT4 FS bs=4096, gc=1, bpg=95, ipg=32, mo=e040e01c, mo2=0000] [ 180.984623][ T6648] System zones: 0-2, 18-18, 34-34 [ 181.014875][ T6648] EXT4-fs error (device loop1): ext4_do_update_inode:5230: inode #3: comm syz.1.192: corrupted inode contents [ 181.028927][ T6648] EXT4-fs error (device loop1): ext4_dirty_inode:6106: inode #3: comm syz.1.192: mark_inode_dirty error [ 181.055957][ T6648] EXT4-fs error (device loop1): ext4_do_update_inode:5230: inode #3: comm syz.1.192: corrupted inode contents [ 181.072973][ T6648] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #3: comm syz.1.192: mark_inode_dirty error [ 181.324527][ T6648] Quota error (device loop1): write_blk: dquota write failed [ 181.332740][ T6648] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 181.343226][ T6648] EXT4-fs error (device loop1): ext4_acquire_dquot:6938: comm syz.1.192: Failed to acquire dquot type 0 [ 181.396186][ T6648] EXT4-fs (loop1): 1 orphan inode deleted [ 181.409412][ T6648] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 181.426632][ T6648] ext4 filesystem being mounted at /36/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 182.041176][ T5885] Quota error (device loop1): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 182.120941][ T5885] EXT4-fs error (device loop1): ext4_release_dquot:6974: comm kworker/u4:7: Failed to release dquot type 1 [ 183.348300][ T5783] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 183.648664][ T6665] netlink: 4 bytes leftover after parsing attributes in process `syz.1.196'. [ 183.698419][ T6670] netlink: 4 bytes leftover after parsing attributes in process `syz.1.196'. [ 184.450074][ T6675] loop3: detected capacity change from 0 to 256 [ 185.281966][ T6681] usb usb1: check_ctrlrecip: process 6681 (syz.0.199) requesting ep 01 but needs 81 [ 186.438913][ T6682] (null): rxe_set_mtu: Set mtu to 1024 [ 186.557401][ T6682] wg1 speed is unknown, defaulting to 1000 [ 186.777226][ T6682] wg1 speed is unknown, defaulting to 1000 [ 186.791083][ T6682] wg1 speed is unknown, defaulting to 1000 [ 186.885404][ T6689] loop3: detected capacity change from 0 to 256 [ 186.892676][ T6689] exfat: Unknown parameter 'fsmagic' [ 189.048804][ T6689] xt_hashlimit: max too large, truncated to 1048576 [ 189.065908][ T5798] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 190.497628][ T6682] infiniband syz0: set down [ 190.503828][ T6682] infiniband syz0: added wg1 [ 190.509350][ T5830] wg1 speed is unknown, defaulting to 1000 [ 190.532321][ T6682] syz0: rxe_create_cq: returned err = -12 [ 190.558206][ T6682] infiniband syz0: Couldn't create ib_mad CQ [ 190.578007][ T6682] infiniband syz0: Couldn't open port 1 [ 190.638290][ T6682] RDS/IB: syz0: added [ 190.656739][ T6682] smc: adding ib device syz0 with port count 1 [ 190.675083][ T6682] smc: ib device syz0 port 1 has pnetid [ 190.686775][ T5830] wg1 speed is unknown, defaulting to 1000 [ 190.729488][ T6682] wg1 speed is unknown, defaulting to 1000 [ 191.114978][ T6682] wg1 speed is unknown, defaulting to 1000 [ 191.310099][ T6682] wg1 speed is unknown, defaulting to 1000 [ 191.551532][ T6682] wg1 speed is unknown, defaulting to 1000 [ 191.985519][ T5099] Bluetooth: hci2: command 0x0406 tx timeout [ 191.991699][ T5099] Bluetooth: hci3: command 0x0406 tx timeout [ 191.998181][ T5797] Bluetooth: hci0: command 0x0406 tx timeout [ 192.004297][ T5797] Bluetooth: hci1: command 0x0406 tx timeout [ 193.383824][ T6710] wg1 speed is unknown, defaulting to 1000 [ 193.396393][ T6711] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 194.353516][ T6714] loop2: detected capacity change from 0 to 512 [ 194.600789][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.611797][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.824733][ T6714] [EXT4 FS bs=4096, gc=1, bpg=95, ipg=32, mo=e040e01c, mo2=0000] [ 194.833176][ T6714] System zones: 0-2, 18-18, 34-34 [ 194.865335][ T6714] EXT4-fs error (device loop2): ext4_do_update_inode:5230: inode #3: comm syz.2.206: corrupted inode contents [ 194.878699][ T6714] EXT4-fs error (device loop2): ext4_dirty_inode:6106: inode #3: comm syz.2.206: mark_inode_dirty error [ 194.896076][ T6714] EXT4-fs error (device loop2): ext4_do_update_inode:5230: inode #3: comm syz.2.206: corrupted inode contents [ 194.916585][ T6714] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #3: comm syz.2.206: mark_inode_dirty error [ 194.939503][ T6714] Quota error (device loop2): write_blk: dquota write failed [ 194.947617][ T6714] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 194.957945][ T6714] EXT4-fs error (device loop2): ext4_acquire_dquot:6938: comm syz.2.206: Failed to acquire dquot type 0 [ 194.995472][ T6714] EXT4-fs (loop2): 1 orphan inode deleted [ 195.007172][ T6714] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 195.027742][ T6714] ext4 filesystem being mounted at /47/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 195.778003][ T5885] Quota error (device loop2): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 195.790193][ T6726] usb usb1: check_ctrlrecip: process 6726 (syz.1.210) requesting ep 01 but needs 81 [ 195.895294][ T5885] EXT4-fs error (device loop2): ext4_release_dquot:6974: comm kworker/u4:7: Failed to release dquot type 1 [ 196.036277][ T5785] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 196.704756][ T6730] loop2: detected capacity change from 0 to 1024 [ 196.733892][ T6730] EXT4-fs: Ignoring removed bh option [ 196.739337][ T6730] ext4: Unknown parameter 'nouser_xattr' [ 199.132838][ T6747] syz0: rxe_newlink: already configured on wg1 [ 199.605967][ T6740] loop1: detected capacity change from 0 to 40427 [ 199.627139][ T6740] F2FS-fs (loop1): Fix alignment : done, start(4096) end(16896) block(12288) [ 199.707723][ T6740] F2FS-fs (loop1): invalid crc value [ 199.740986][ T6740] F2FS-fs (loop1): Found nat_bits in checkpoint [ 200.014879][ T6740] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 202.036554][ T27] audit: type=1800 audit(1753753175.909:4): pid=6762 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.213" name="file1" dev="loop1" ino=10 res=0 errno=0 [ 202.094821][ T5783] syz-executor: attempt to access beyond end of device [ 202.094821][ T5783] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 202.162040][ T5783] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 202.544569][ T6770] usb usb1: check_ctrlrecip: process 6770 (syz.2.220) requesting ep 01 but needs 81 [ 203.794759][ T6764] input: syz0 as /devices/virtual/input/input10 [ 204.922937][ T6781] overlayfs: failed to resolve './file0': -2 [ 204.965334][ T6781] bridge0: port 3(syz_tun) entered disabled state [ 204.972049][ T6781] bridge0: port 2(bridge_slave_1) entered disabled state [ 204.980433][ T6781] bridge0: port 1(bridge_slave_0) entered disabled state [ 204.989618][ T6781] bridge0: entered allmulticast mode [ 206.245304][ T6791] overlayfs: missing 'lowerdir' [ 207.488522][ T6797] (null): rxe_set_mtu: Set mtu to 1024 [ 207.550888][ T6797] rdma_rxe: rxe_newlink: failed to add wg1 [ 207.763841][ T6803] usb usb1: check_ctrlrecip: process 6803 (syz.1.229) requesting ep 01 but needs 81 [ 211.583745][ T6815] netlink: 28 bytes leftover after parsing attributes in process `syz.3.232'. [ 211.658385][ T6817] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 212.271058][ T6815] netlink: 28 bytes leftover after parsing attributes in process `syz.3.232'. [ 212.378755][ T6818] input: syz0 as /devices/virtual/input/input11 [ 214.093798][ T6830] ip6gretap1: entered allmulticast mode [ 214.104102][ T6830] bridge0: port 3(syz_tun) entered blocking state [ 214.110638][ T6830] bridge0: port 3(syz_tun) entered disabled state [ 214.117376][ T6830] syz_tun: entered allmulticast mode [ 214.124094][ T6830] syz_tun: entered promiscuous mode [ 215.801711][ T6829] input: syz0 as /devices/virtual/input/input12 [ 215.859816][ T6840] usb usb1: check_ctrlrecip: process 6840 (syz.1.238) requesting ep 01 but needs 81 [ 219.208098][ T6848] (null): rxe_set_mtu: Set mtu to 1024 [ 219.346127][ T6848] rdma_rxe: rxe_newlink: failed to add wg1 [ 219.459173][ T6855] loop1: detected capacity change from 0 to 256 [ 222.775051][ T6869] loop0: detected capacity change from 0 to 2048 [ 222.867419][ T6869] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 224.547342][ T5782] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 225.387809][ T50] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 225.449315][ T50] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 225.569787][ T50] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 225.591437][ T50] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 225.601395][ T50] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 225.611661][ T50] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 225.792001][ T6881] wg1 speed is unknown, defaulting to 1000 [ 226.088980][ T6896] overlayfs: failed to resolve './file0': -2 [ 227.321613][ T6894] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 227.753059][ T5787] Bluetooth: hci4: command tx timeout [ 227.901287][ T6881] chnl_net:caif_netlink_parms(): no params data found [ 229.192110][ T6916] loop1: detected capacity change from 0 to 1024 [ 229.204210][ T6916] EXT4-fs: Ignoring removed orlov option [ 229.209972][ T6916] EXT4-fs: Ignoring removed nomblk_io_submit option [ 229.330824][ T6916] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 229.619956][ T6915] wg1 speed is unknown, defaulting to 1000 [ 230.033208][ T5787] Bluetooth: hci4: command tx timeout [ 230.223900][ T6881] bridge0: port 1(bridge_slave_0) entered blocking state [ 230.231052][ T6881] bridge0: port 1(bridge_slave_0) entered disabled state [ 230.438855][ T6881] bridge_slave_0: entered allmulticast mode [ 230.699076][ T6881] bridge_slave_0: entered promiscuous mode [ 231.473993][ T6881] bridge0: port 2(bridge_slave_1) entered blocking state [ 231.503155][ T6881] bridge0: port 2(bridge_slave_1) entered disabled state [ 231.510428][ T6881] bridge_slave_1: entered allmulticast mode [ 231.568697][ T6881] bridge_slave_1: entered promiscuous mode [ 231.834667][ T6881] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 231.867942][ T6881] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 232.163625][ T5787] Bluetooth: hci4: command tx timeout [ 232.743838][ T6881] team0: Port device team_slave_0 added [ 232.757933][ T6881] team0: Port device team_slave_1 added [ 232.805895][ T6941] loop3: detected capacity change from 0 to 256 [ 232.861153][ T6941] exFAT-fs (loop3): Invalid exboot-signature(sector = 6): 0x00000e45 [ 232.893471][ T6881] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 232.900465][ T6881] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 232.900745][ T6941] exFAT-fs (loop3): Invalid boot checksum (boot checksum : 0x1119abd0, checksum : 0xb119ab07) [ 232.961625][ T6881] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 233.020512][ T6881] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 233.032977][ T6941] exFAT-fs (loop3): invalid boot region [ 233.043345][ T6941] exFAT-fs (loop3): failed to recognize exfat type [ 233.050056][ T6881] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 233.082007][ T6881] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 233.184932][ T6881] hsr_slave_0: entered promiscuous mode [ 233.269251][ T6945] overlayfs: failed to resolve './file0': -2 [ 233.498513][ T6881] hsr_slave_1: entered promiscuous mode [ 233.612660][ T6881] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 233.698153][ T6881] Cannot create hsr debugfs directory [ 234.370765][ T5787] Bluetooth: hci4: command tx timeout [ 235.630375][ T6881] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 236.093823][ T6881] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 236.251628][ T6881] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 236.307972][ T5783] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 236.372419][ T6881] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 237.502472][ T6881] 8021q: adding VLAN 0 to HW filter on device bond0 [ 238.501152][ T6881] 8021q: adding VLAN 0 to HW filter on device team0 [ 238.516193][ T6975] input: syz0 as /devices/virtual/input/input13 [ 238.646848][ T42] bridge0: port 1(bridge_slave_0) entered blocking state [ 238.654066][ T42] bridge0: port 1(bridge_slave_0) entered forwarding state [ 238.863544][ T78] bridge0: port 2(bridge_slave_1) entered blocking state [ 238.870753][ T78] bridge0: port 2(bridge_slave_1) entered forwarding state [ 238.940420][ T6997] loop3: detected capacity change from 0 to 128 [ 241.062730][ T6997] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 242.071642][ T6997] ext4 filesystem being mounted at /87/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 242.663662][ T5784] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 243.113698][ T7016] netlink: 20 bytes leftover after parsing attributes in process `syz.3.269'. [ 244.251636][ T6881] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 244.843049][ T2885] hsr_slave_0: left promiscuous mode [ 244.923268][ T2885] hsr_slave_1: left promiscuous mode [ 244.943763][ T2885] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 244.987941][ T2885] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 245.042337][ T2885] bridge_slave_1: left allmulticast mode [ 245.063002][ T2885] bridge_slave_1: left promiscuous mode [ 245.094483][ T2885] bridge0: port 2(bridge_slave_1) entered disabled state [ 245.144160][ T2885] bridge_slave_0: left allmulticast mode [ 245.170281][ T2885] bridge_slave_0: left promiscuous mode [ 245.211503][ T2885] bridge0: port 1(bridge_slave_0) entered disabled state [ 245.317384][ T7038] loop1: detected capacity change from 0 to 256 [ 245.441576][ T7038] exFAT-fs (loop1): failed to load upcase table (idx : 0x000106cd, chksum : 0x3aeaf2c0, utbl_chksum : 0xe619d30d) [ 245.571822][ T7038] syz.1.272: attempt to access beyond end of device [ 245.571822][ T7038] loop1: rw=524288, sector=4280, nr_sectors = 1 limit=256 [ 245.625856][ T7038] syz.1.272: attempt to access beyond end of device [ 245.625856][ T7038] loop1: rw=0, sector=4280, nr_sectors = 1 limit=256 [ 245.664950][ T27] audit: type=1800 audit(1753753220.549:5): pid=7038 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.272" name="file1" dev="loop1" ino=1048593 res=0 errno=0 [ 245.698021][ T7038] exFAT-fs (loop1): invalid start cluster (520) [ 245.855681][ T8] usb 4-1: new full-speed USB device number 3 using dummy_hcd [ 246.093596][ T8] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 246.124748][ T8] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 246.134279][ T8] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 246.142291][ T8] usb 4-1: Product: syz [ 246.147510][ T8] usb 4-1: Manufacturer: syz [ 246.152156][ T8] usb 4-1: SerialNumber: syz [ 246.170669][ T7041] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 246.222232][ T2885] team0 (unregistering): Port device team_slave_1 removed [ 246.272088][ T2885] team0 (unregistering): Port device team_slave_0 removed [ 246.321750][ T2885] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 246.376607][ T2885] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 246.528919][ T78] smc: removing ib device syz0 [ 247.245396][ T8] cdc_ncm 4-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 247.263074][ T8] cdc_ncm 4-1:1.0: setting tx_max = 88 [ 247.307285][ T2885] bond0 (unregistering): Released all slaves [ 247.605057][ T8] cdc_ncm 4-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.3-1, CDC NCM (NO ZLP), 42:42:42:42:42:42 [ 247.693837][ T8] usb 4-1: USB disconnect, device number 3 [ 247.710239][ T8] cdc_ncm 4-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.3-1, CDC NCM (NO ZLP) [ 249.065158][ T6881] veth0_vlan: entered promiscuous mode [ 249.421258][ T6881] veth1_vlan: entered promiscuous mode [ 249.916419][ T6881] veth0_macvtap: entered promiscuous mode [ 249.961934][ T6881] veth1_macvtap: entered promiscuous mode [ 250.041738][ T6881] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 250.081061][ T6881] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 250.115408][ T6881] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 250.142679][ T6881] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 250.162851][ T6881] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 250.210261][ T6881] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 250.247711][ T6881] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 250.351913][ T7071] xt_TPROXY: Can be used only with -p tcp or -p udp [ 250.546964][ T6881] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 250.632606][ T6881] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 250.686529][ T6881] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 251.094534][ T7101] syz.0.283[7101] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 251.095143][ T7101] syz.0.283[7101] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 251.437321][ T7102] loop1: detected capacity change from 0 to 256 [ 251.456368][ T7101] netlink: 4 bytes leftover after parsing attributes in process `syz.0.283'. [ 251.467387][ T6881] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 251.517365][ T6881] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 251.549823][ T6881] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 251.566068][ T6881] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 251.587433][ T7102] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x36bd6320, utbl_chksum : 0xe619d30d) [ 252.947168][ T5885] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 253.714328][ T5885] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 254.787754][ T5885] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 255.545847][ T5885] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 255.889381][ T7131] loop3: detected capacity change from 0 to 512 [ 255.913352][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.919798][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.933846][ T7131] ext4: Unknown parameter 'seclabel' [ 256.661044][ T7135] input: syz0 as /devices/virtual/input/input14 [ 256.692216][ T7140] loop0: detected capacity change from 0 to 512 [ 256.727198][ T7140] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 256.823044][ T7140] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a843c018, mo2=0002] [ 256.831143][ T7140] System zones: 0-2, 18-18, 34-34 [ 256.886129][ T7140] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 256.942484][ T7140] ext4 filesystem being mounted at /71/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 257.291799][ T7152] netlink: 4 bytes leftover after parsing attributes in process `syz.1.295'. [ 257.302458][ T7156] loop3: detected capacity change from 0 to 4096 [ 257.347179][ T7156] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 257.458085][ T7156] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 257.608262][ T5782] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 259.117873][ T5784] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 259.228724][ T7182] ip6gretap1: entered allmulticast mode [ 259.262316][ T7182] bridge0: port 3(syz_tun) entered blocking state [ 259.269320][ T7182] bridge0: port 3(syz_tun) entered disabled state [ 259.276595][ T7182] syz_tun: entered allmulticast mode [ 259.289765][ T7182] syz_tun: entered promiscuous mode [ 259.297176][ T7182] bridge0: port 3(syz_tun) entered blocking state [ 259.303726][ T7182] bridge0: port 3(syz_tun) entered forwarding state [ 260.228904][ T7195] overlayfs: missing 'lowerdir' [ 261.650829][ T7202] input: syz0 as /devices/virtual/input/input15 [ 264.778582][ T7227] loop3: detected capacity change from 0 to 40427 [ 264.865024][ T7227] F2FS-fs (loop3): Fix alignment : done, start(4096) end(16896) block(12288) [ 264.950191][ T7227] F2FS-fs (loop3): invalid crc value [ 265.043026][ T5850] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 265.160058][ T7247] loop1: detected capacity change from 0 to 512 [ 265.251873][ T7247] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 265.296054][ T7227] F2FS-fs (loop3): Found nat_bits in checkpoint [ 265.424511][ T5850] usb 5-1: Using ep0 maxpacket: 8 [ 265.516469][ T7247] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 265.529692][ T7247] ext4 filesystem being mounted at /71/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 266.755421][ T5850] usb 5-1: descriptor type invalid, skip [ 266.773213][ T5850] usb 5-1: unable to read config index 0 descriptor/start: -71 [ 266.780840][ T5850] usb 5-1: can't read configurations, error -71 [ 266.907044][ T5783] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 269.049343][ T7266] input: syz0 as /devices/virtual/input/input16 [ 269.584696][ T7299] netlink: 28 bytes leftover after parsing attributes in process `syz.1.318'. [ 269.597375][ T7299] netlink: 28 bytes leftover after parsing attributes in process `syz.1.318'. [ 270.080354][ T7291] input: syz0 as /devices/virtual/input/input17 [ 271.742461][ T7319] input: syz0 as /devices/virtual/input/input18 [ 275.072875][ T7326] loop0: detected capacity change from 0 to 512 [ 277.979168][ T7328] xt_hashlimit: max too large, truncated to 1048576 [ 279.112115][ T7326] EXT4-fs warning (device loop0): ext4_multi_mount_protect:398: Unable to create kmmpd thread for loop0. [ 280.363794][ T7335] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 281.740503][ T7350] syz.4.330[7350] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 281.740630][ T7350] syz.4.330[7350] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 281.755246][ T7350] netlink: 4 bytes leftover after parsing attributes in process `syz.4.330'. [ 281.776383][ T7350] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 281.920390][ T7352] loop1: detected capacity change from 0 to 128 [ 281.936196][ T7353] (null): rxe_set_mtu: Set mtu to 1024 [ 282.109586][ T27] audit: type=1800 audit(1753753256.929:6): pid=7352 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.331" name="bus" dev="loop1" ino=1048598 res=0 errno=0 [ 283.151721][ T7350] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 283.193025][ T7353] wg1 speed is unknown, defaulting to 1000 [ 283.208231][ T7357] netlink: 'syz.1.331': attribute type 3 has an invalid length. [ 283.280064][ T7353] wg1 speed is unknown, defaulting to 1000 [ 283.327183][ T7353] wg1 speed is unknown, defaulting to 1000 [ 284.758066][ T7380] overlayfs: failed to resolve './file0': -2 [ 285.375344][ T7353] infiniband syz0: set active [ 285.380408][ T5992] wg1 speed is unknown, defaulting to 1000 [ 285.464623][ T7353] infiniband syz0: added wg1 [ 285.469611][ T7353] syz0: rxe_create_cq: returned err = -12 [ 285.499944][ T7353] infiniband syz0: Couldn't create ib_mad CQ [ 285.745201][ T7381] input: syz0 as /devices/virtual/input/input19 [ 285.963343][ T7353] infiniband syz0: Couldn't open port 1 [ 286.036757][ T7353] RDS/IB: syz0: added [ 286.040787][ T7353] smc: adding ib device syz0 with port count 1 [ 286.059964][ T7353] smc: ib device syz0 port 1 has pnetid [ 286.069799][ T5850] wg1 speed is unknown, defaulting to 1000 [ 286.079257][ T7353] wg1 speed is unknown, defaulting to 1000 [ 286.718013][ T7397] loop3: detected capacity change from 0 to 512 [ 288.132128][ T7397] [EXT4 FS bs=4096, gc=1, bpg=95, ipg=32, mo=e040e01c, mo2=0000] [ 288.140582][ T7397] System zones: 0-2, 18-18, 34-34 [ 288.160592][ T7397] EXT4-fs error (device loop3): ext4_do_update_inode:5230: inode #3: comm syz.3.337: corrupted inode contents [ 288.175444][ T7397] EXT4-fs error (device loop3): ext4_dirty_inode:6106: inode #3: comm syz.3.337: mark_inode_dirty error [ 288.191433][ T7397] EXT4-fs error (device loop3): ext4_do_update_inode:5230: inode #3: comm syz.3.337: corrupted inode contents [ 288.686358][ T7397] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #3: comm syz.3.337: mark_inode_dirty error [ 288.704031][ T7397] Quota error (device loop3): write_blk: dquota write failed [ 288.711588][ T7397] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 288.722607][ T7397] EXT4-fs error (device loop3): ext4_acquire_dquot:6938: comm syz.3.337: Failed to acquire dquot type 0 [ 289.003905][ T7397] EXT4-fs (loop3): 1 orphan inode deleted [ 289.015334][ T7397] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 289.030604][ T7397] ext4 filesystem being mounted at /110/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 289.073904][ T7397] EXT4-fs error (device loop3): ext4_lookup:1858: inode #15: comm syz.3.337: iget: bad i_size value: 360287970189639690 [ 289.098115][ T7397] EXT4-fs error (device loop3): ext4_lookup:1858: inode #15: comm syz.3.337: iget: bad i_size value: 360287970189639690 [ 289.279259][ T12] Quota error (device loop3): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 289.313469][ T12] EXT4-fs error (device loop3): ext4_release_dquot:6974: comm kworker/u4:1: Failed to release dquot type 1 [ 289.332622][ T7396] wg1 speed is unknown, defaulting to 1000 [ 289.470670][ T7353] wg1 speed is unknown, defaulting to 1000 [ 289.706886][ T7353] wg1 speed is unknown, defaulting to 1000 [ 290.210346][ T7412] loop4: detected capacity change from 0 to 512 [ 291.349815][ T7412] [EXT4 FS bs=4096, gc=1, bpg=95, ipg=32, mo=e040e01c, mo2=0000] [ 291.358225][ T7412] System zones: 0-2, 18-18, 34-34 [ 291.719147][ T7412] EXT4-fs error (device loop4): ext4_do_update_inode:5230: inode #3: comm syz.4.338: corrupted inode contents [ 291.732856][ T7412] EXT4-fs error (device loop4): ext4_dirty_inode:6106: inode #3: comm syz.4.338: mark_inode_dirty error [ 291.749631][ T7412] EXT4-fs error (device loop4): ext4_do_update_inode:5230: inode #3: comm syz.4.338: corrupted inode contents [ 292.003374][ T7412] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #3: comm syz.4.338: mark_inode_dirty error [ 292.018243][ T7412] Quota error (device loop4): write_blk: dquota write failed [ 292.026338][ T7412] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 292.036499][ T7412] EXT4-fs error (device loop4): ext4_acquire_dquot:6938: comm syz.4.338: Failed to acquire dquot type 0 [ 292.063552][ T7412] EXT4-fs (loop4): 1 orphan inode deleted [ 292.075011][ T7412] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 292.088848][ T7412] ext4 filesystem being mounted at /16/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 292.435073][ T2885] Quota error (device loop4): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 292.454555][ T2885] EXT4-fs error (device loop4): ext4_release_dquot:6974: comm kworker/u4:6: Failed to release dquot type 1 [ 292.589338][ T7411] wg1 speed is unknown, defaulting to 1000 [ 292.718137][ T7353] wg1 speed is unknown, defaulting to 1000 [ 293.460478][ T5784] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 295.679781][ T6881] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 295.680504][ T7455] loop3: detected capacity change from 0 to 16 [ 295.733171][ T7455] erofs: (device loop3): mounted with root inode @ nid 36. [ 295.745993][ T7455] erofs: (device loop3): z_erofs_readahead: readahead error at folio 26 @ nid 36 [ 295.834147][ T7455] erofs: (device loop3): z_erofs_readahead: readahead error at folio 25 @ nid 36 [ 295.865872][ T7455] erofs: (device loop3): z_erofs_readahead: readahead error at folio 24 @ nid 36 [ 295.943060][ T7455] erofs: (device loop3): z_erofs_readahead: readahead error at folio 23 @ nid 36 [ 295.945178][ T7460] netlink: 28 bytes leftover after parsing attributes in process `syz.4.343'. [ 295.952221][ T7455] erofs: (device loop3): z_erofs_readahead: readahead error at folio 22 @ nid 36 [ 295.986729][ T7460] netlink: 28 bytes leftover after parsing attributes in process `syz.4.343'. [ 296.016038][ T7458] erofs: (device loop3): erofs_find_target_block: corrupted dir block 8200 @ nid 36 [ 296.066618][ T7455] erofs: (device loop3): z_erofs_readahead: readahead error at folio 21 @ nid 36 [ 296.093055][ T7455] erofs: (device loop3): z_erofs_readahead: readahead error at folio 20 @ nid 36 [ 296.106133][ T7455] erofs: (device loop3): z_erofs_readahead: readahead error at folio 18 @ nid 36 [ 296.154812][ T7455] erofs: (device loop3): z_erofs_readahead: readahead error at folio 16 @ nid 36 [ 296.179629][ T7467] capability: warning: `syz.0.341' uses 32-bit capabilities (legacy support in use) [ 296.189454][ T7455] erofs: (device loop3): z_erofs_readahead: readahead error at folio 12 @ nid 36 [ 296.242138][ T7455] syz.3.342: attempt to access beyond end of device [ 296.242138][ T7455] loop3: rw=524288, sector=720, nr_sectors = 16 limit=16 [ 296.299465][ T7455] syz.3.342: attempt to access beyond end of device [ 296.299465][ T7455] loop3: rw=524288, sector=525144, nr_sectors = 16 limit=16 [ 296.365372][ T7455] syz.3.342: attempt to access beyond end of device [ 296.365372][ T7455] loop3: rw=524288, sector=16, nr_sectors = 8 limit=16 [ 296.424203][ T7455] syz.3.342: attempt to access beyond end of device [ 296.424203][ T7455] loop3: rw=524288, sector=13716630376, nr_sectors = 8 limit=16 [ 296.467329][ T7455] ================================================================== [ 296.475447][ T7455] BUG: KASAN: slab-out-of-bounds in z_erofs_transform_plain+0x38c/0x460 [ 296.483781][ T7455] Read of size 4095 at addr ffff88805dd18400 by task syz.3.342/7455 [ 296.491743][ T7455] [ 296.494068][ T7455] CPU: 1 PID: 7455 Comm: syz.3.342 Not tainted 6.6.100-syzkaller #0 [ 296.502031][ T7455] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 296.512087][ T7455] Call Trace: [ 296.515356][ T7455] [ 296.518284][ T7455] dump_stack_lvl+0x16c/0x230 [ 296.522979][ T7455] ? __lock_acquire+0x7c80/0x7c80 [ 296.528015][ T7455] ? show_regs_print_info+0x20/0x20 [ 296.533208][ T7455] ? load_image+0x3b0/0x3b0 [ 296.537707][ T7455] ? __virt_addr_valid+0x469/0x540 [ 296.542808][ T7455] print_report+0xac/0x200 [ 296.547217][ T7455] ? z_erofs_transform_plain+0x38c/0x460 [ 296.552836][ T7455] kasan_report+0x117/0x150 [ 296.557325][ T7455] ? z_erofs_transform_plain+0x38c/0x460 [ 296.562943][ T7455] kasan_check_range+0x288/0x290 [ 296.567865][ T7455] ? z_erofs_transform_plain+0x38c/0x460 [ 296.573490][ T7455] __asan_memcpy+0x29/0x70 [ 296.577897][ T7455] z_erofs_transform_plain+0x38c/0x460 [ 296.583346][ T7455] ? z_erofs_lz4_decompress+0x1720/0x1720 [ 296.589058][ T7455] z_erofs_decompress_queue+0x16fb/0x2650 [ 296.594771][ T7455] ? z_erofs_onlinepage_endio+0x350/0x350 [ 296.600479][ T7455] ? slab_free_freelist_hook+0x130/0x1b0 [ 296.606107][ T7455] ? bio_truncate+0x6f0/0x6f0 [ 296.610775][ T7455] ? z_erofs_decompressqueue_endio+0x5a0/0x5a0 [ 296.616920][ T7455] z_erofs_runqueue+0x18a3/0x19d0 [ 296.621949][ T7455] ? z_erofs_do_read_page+0x3680/0x3680 [ 296.627493][ T7455] ? _raw_spin_unlock+0x28/0x40 [ 296.632332][ T7455] ? lockref_put_or_lock+0x72/0xb0 [ 296.637437][ T7455] z_erofs_readahead+0xa7c/0xd50 [ 296.642371][ T7455] ? z_erofs_read_folio+0x540/0x540 [ 296.647556][ T7455] ? __mod_lruvec_page_state+0xa5/0x420 [ 296.653095][ T7455] ? folio_add_lru+0x320/0xd50 [ 296.657844][ T7455] ? blk_start_plug+0x6e/0x1a0 [ 296.662593][ T7455] read_pages+0x177/0x840 [ 296.666915][ T7455] ? __lock_acquire+0x7c80/0x7c80 [ 296.671929][ T7455] ? page_cache_ra_unbounded+0x770/0x770 [ 296.677569][ T7455] ? folio_add_lru+0xd50/0xd50 [ 296.682320][ T7455] ? folio_add_lru+0x54f/0xd50 [ 296.687069][ T7455] ? filemap_add_folio+0x192/0x3c0 [ 296.692170][ T7455] page_cache_ra_unbounded+0x692/0x770 [ 296.697626][ T7455] force_page_cache_ra+0x2c1/0x320 [ 296.702735][ T7455] generic_fadvise+0x44f/0x730 [ 296.707495][ T7455] ? dump_task+0x5f0/0x5f0 [ 296.711920][ T7455] ? __fget_files+0x28/0x4d0 [ 296.716527][ T7455] ? __fdget+0x180/0x210 [ 296.720798][ T7455] __x64_sys_fadvise64+0x140/0x180 [ 296.725906][ T7455] do_syscall_64+0x55/0xb0 [ 296.730309][ T7455] ? clear_bhb_loop+0x40/0x90 [ 296.734972][ T7455] ? clear_bhb_loop+0x40/0x90 [ 296.739642][ T7455] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 296.745527][ T7455] RIP: 0033:0x7fa38258e9a9 [ 296.749940][ T7455] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 296.769531][ T7455] RSP: 002b:00007fa3833a1038 EFLAGS: 00000246 ORIG_RAX: 00000000000000dd [ 296.777931][ T7455] RAX: ffffffffffffffda RBX: 00007fa3827b6160 RCX: 00007fa38258e9a9 [ 296.785888][ T7455] RDX: 000000000000ff39 RSI: 000000000000aa17 RDI: 0000000000000006 [ 296.793843][ T7455] RBP: 00007fa382610d69 R08: 0000000000000000 R09: 0000000000000000 [ 296.801799][ T7455] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 [ 296.809762][ T7455] R13: 0000000000000000 R14: 00007fa3827b6160 R15: 00007ffd4272d3f8 [ 296.817732][ T7455] [ 296.820740][ T7455] [ 296.823051][ T7455] The buggy address belongs to the physical page: [ 296.829456][ T7455] page:ffffea0001774600 refcount:2 mapcount:0 mapping:ffff888077b487c8 index:0x1 pfn:0x5dd18 [ 296.839593][ T7455] memcg:ffff88801ef98000 [ 296.843825][ T7455] aops:z_erofs_cache_aops ino:0 [ 296.848667][ T7455] flags: 0xfff40000008028(uptodate|lru|private|node=0|zone=1|lastcpupid=0x7ff) [ 296.857590][ T7455] page_type: 0xffffffff() [ 296.861910][ T7455] raw: 00fff40000008028 ffffea00017a8688 ffffea0001dc88c8 ffff888077b487c8 [ 296.870482][ T7455] raw: 0000000000000001 ffff88805e09a000 00000002ffffffff ffff88801ef98000 [ 296.879076][ T7455] page dumped because: kasan: bad access detected [ 296.885484][ T7455] page_owner tracks the page as allocated [ 296.891178][ T7455] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x192840(GFP_NOWAIT|__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 7458, tgid 7448 (syz.3.342), ts 296008901556, free_ts 295934047685 [ 296.913055][ T7455] post_alloc_hook+0x1cd/0x210 [ 296.917824][ T7455] get_page_from_freelist+0x195c/0x19f0 [ 296.923359][ T7455] __alloc_pages+0x1e3/0x460 [ 296.927940][ T7455] z_erofs_do_read_page+0x20c0/0x3680 [ 296.933303][ T7455] z_erofs_read_folio+0x213/0x540 [ 296.938311][ T7455] filemap_read_folio+0x167/0x760 [ 296.943335][ T7455] do_read_cache_folio+0x470/0x7e0 [ 296.948516][ T7455] erofs_bread+0x16f/0x630 [ 296.952924][ T7455] erofs_namei+0x28c/0xf00 [ 296.957330][ T7455] erofs_lookup+0x135/0x310 [ 296.961820][ T7455] path_openat+0x10b8/0x3190 [ 296.966403][ T7455] do_filp_open+0x1c5/0x3d0 [ 296.970893][ T7455] do_sys_openat2+0x12c/0x1c0 [ 296.975560][ T7455] __x64_sys_openat+0x139/0x160 [ 296.980397][ T7455] do_syscall_64+0x55/0xb0 [ 296.984812][ T7455] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 296.990692][ T7455] page last free stack trace: [ 296.995342][ T7455] free_unref_page_prepare+0x7ce/0x8e0 [ 297.000791][ T7455] free_unref_page+0x32/0x2e0 [ 297.005457][ T7455] vfree+0x1a6/0x320 [ 297.009337][ T7455] delayed_vfree_work+0x55/0x80 [ 297.014174][ T7455] process_scheduled_works+0xa45/0x15b0 [ 297.019708][ T7455] worker_thread+0xa55/0xfc0 [ 297.024283][ T7455] kthread+0x2fa/0x390 [ 297.028335][ T7455] ret_from_fork+0x48/0x80 [ 297.032738][ T7455] ret_from_fork_asm+0x11/0x20 [ 297.037491][ T7455] [ 297.039797][ T7455] Memory state around the buggy address: [ 297.045416][ T7455] ffff88805dd18f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 297.053466][ T7455] ffff88805dd18f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 297.061520][ T7455] >ffff88805dd19000: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc [ 297.069569][ T7455] ^ [ 297.074926][ T7455] ffff88805dd19080: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc [ 297.082968][ T7455] ffff88805dd19100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 297.091016][ T7455] ================================================================== [ 297.103029][ T7455] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 297.110263][ T7455] CPU: 0 PID: 7455 Comm: syz.3.342 Not tainted 6.6.100-syzkaller #0 [ 297.118259][ T7455] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 297.128325][ T7455] Call Trace: [ 297.131608][ T7455] [ 297.134543][ T7455] dump_stack_lvl+0x16c/0x230 [ 297.139237][ T7455] ? show_regs_print_info+0x20/0x20 [ 297.144450][ T7455] ? load_image+0x3b0/0x3b0 [ 297.148973][ T7455] panic+0x2c0/0x710 [ 297.152873][ T7455] ? bpf_jit_dump+0xd0/0xd0 [ 297.157380][ T7455] ? _raw_spin_unlock_irqrestore+0xfa/0x110 [ 297.163284][ T7455] ? _raw_spin_unlock+0x40/0x40 [ 297.168140][ T7455] ? print_memory_metadata+0x314/0x400 [ 297.173606][ T7455] ? z_erofs_transform_plain+0x38c/0x460 [ 297.179249][ T7455] check_panic_on_warn+0x84/0xa0 [ 297.184194][ T7455] ? z_erofs_transform_plain+0x38c/0x460 [ 297.189826][ T7455] end_report+0x6f/0x140 [ 297.194069][ T7455] kasan_report+0x128/0x150 [ 297.198562][ T7455] ? z_erofs_transform_plain+0x38c/0x460 [ 297.204186][ T7455] kasan_check_range+0x288/0x290 [ 297.209112][ T7455] ? z_erofs_transform_plain+0x38c/0x460 [ 297.214733][ T7455] __asan_memcpy+0x29/0x70 [ 297.219143][ T7455] z_erofs_transform_plain+0x38c/0x460 [ 297.224601][ T7455] ? z_erofs_lz4_decompress+0x1720/0x1720 [ 297.230314][ T7455] z_erofs_decompress_queue+0x16fb/0x2650 [ 297.236028][ T7455] ? z_erofs_onlinepage_endio+0x350/0x350 [ 297.241738][ T7455] ? slab_free_freelist_hook+0x130/0x1b0 [ 297.247374][ T7455] ? bio_truncate+0x6f0/0x6f0 [ 297.252042][ T7455] ? z_erofs_decompressqueue_endio+0x5a0/0x5a0 [ 297.258191][ T7455] z_erofs_runqueue+0x18a3/0x19d0 [ 297.263221][ T7455] ? z_erofs_do_read_page+0x3680/0x3680 [ 297.268779][ T7455] ? _raw_spin_unlock+0x28/0x40 [ 297.273622][ T7455] ? lockref_put_or_lock+0x72/0xb0 [ 297.278732][ T7455] z_erofs_readahead+0xa7c/0xd50 [ 297.283688][ T7455] ? z_erofs_read_folio+0x540/0x540 [ 297.288878][ T7455] ? __mod_lruvec_page_state+0xa5/0x420 [ 297.294434][ T7455] ? folio_add_lru+0x320/0xd50 [ 297.299190][ T7455] ? blk_start_plug+0x6e/0x1a0 [ 297.303941][ T7455] read_pages+0x177/0x840 [ 297.308270][ T7455] ? __lock_acquire+0x7c80/0x7c80 [ 297.313294][ T7455] ? page_cache_ra_unbounded+0x770/0x770 [ 297.318920][ T7455] ? folio_add_lru+0xd50/0xd50 [ 297.323675][ T7455] ? folio_add_lru+0x54f/0xd50 [ 297.328427][ T7455] ? filemap_add_folio+0x192/0x3c0 [ 297.333529][ T7455] page_cache_ra_unbounded+0x692/0x770 [ 297.338994][ T7455] force_page_cache_ra+0x2c1/0x320 [ 297.344105][ T7455] generic_fadvise+0x44f/0x730 [ 297.348863][ T7455] ? dump_task+0x5f0/0x5f0 [ 297.353272][ T7455] ? __fget_files+0x28/0x4d0 [ 297.357867][ T7455] ? __fdget+0x180/0x210 [ 297.362097][ T7455] __x64_sys_fadvise64+0x140/0x180 [ 297.367199][ T7455] do_syscall_64+0x55/0xb0 [ 297.371605][ T7455] ? clear_bhb_loop+0x40/0x90 [ 297.376293][ T7455] ? clear_bhb_loop+0x40/0x90 [ 297.380981][ T7455] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 297.386874][ T7455] RIP: 0033:0x7fa38258e9a9 [ 297.391298][ T7455] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 297.410908][ T7455] RSP: 002b:00007fa3833a1038 EFLAGS: 00000246 ORIG_RAX: 00000000000000dd [ 297.419313][ T7455] RAX: ffffffffffffffda RBX: 00007fa3827b6160 RCX: 00007fa38258e9a9 [ 297.427270][ T7455] RDX: 000000000000ff39 RSI: 000000000000aa17 RDI: 0000000000000006 [ 297.435225][ T7455] RBP: 00007fa382610d69 R08: 0000000000000000 R09: 0000000000000000 [ 297.443188][ T7455] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 [ 297.451151][ T7455] R13: 0000000000000000 R14: 00007fa3827b6160 R15: 00007ffd4272d3f8 [ 297.459114][ T7455] [ 297.462359][ T7455] Kernel Offset: disabled [ 297.466670][ T7455] Rebooting in 86400 seconds..