last executing test programs: 1m31.117883461s ago: executing program 2 (id=16): syz_usb_connect$printer(0x0, 0x0, 0x0, &(0x7f00000002c0)={0x0, 0x0, 0x11, &(0x7f0000000180)=ANY=[]}) syz_emit_vhci(&(0x7f0000000180)=ANY=[], 0xec) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000108008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x7a224000) syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[], 0x48) ioctl(0xffffffffffffffff, 0x9, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000100)={@remote, 0x1, 0x1, 0x1, 0x8, 0xa5c, 0xe97c}, 0x20) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan0\x00'}) openat$sndseq(0xffffffffffffff9c, 0x0, 0x2) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x9, 0x4, 0x0, &(0x7f00000002c0)='syzkaller\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x22}, 0x94) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) ioctl$TCSETAW(0xffffffffffffffff, 0x5407, 0x0) 1m29.298596471s ago: executing program 2 (id=17): sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc000}, 0x4080) mlockall(0x7) io_setup(0x2, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20a00, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fd7000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, 0x0}], 0x1, 0x4a, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1m23.713518311s ago: executing program 2 (id=24): openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000bc0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x3}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b00"/14], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000140)='sys_enter\x00', r1}, 0x18) pselect6(0x40, &(0x7f00000001c0)={0x2, 0x0, 0x3, 0xfffffffffffffffd, 0x3, 0x0, 0x0, 0xe}, 0x0, &(0x7f0000000300)={0x3ff, 0x7e7, 0x0, 0x9, 0x4, 0x0, 0x7fffffff, 0x3f8}, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) socket$inet6(0xa, 0xb, 0x5) socket$nl_route(0x10, 0x3, 0x0) 1m22.625114048s ago: executing program 2 (id=25): syz_mount_image$vfat(&(0x7f0000001200), &(0x7f0000000080)='./bus\x00', 0x0, &(0x7f0000000dc0)=ANY=[], 0x1, 0x1207, &(0x7f0000003000)="$eJzs3E9rXFUYB+DXpDUxNX/UWm1BetCNbi5NFm4UJEgK0gGlbYRWEG7NjQ65zgxzh8CIGF259XOIS3eCuNNNNn4Gd9m47EK8kpnGdsqAlkpuDM+zmZc55zfz3jnDwBnmzMGb33y6s11l2/kgZp54K2Z6EeluihQzceTLeO2Nn3956cat29fWW62N6yldXb+5+npKaenyjx98/t3LPw3Ovf/90g9zsb/y4cHva7/tX9i/ePDnzU/aVWpXqdMdpDzd6XYH+Z2ySFvtaidL6b2yyKsitTtV0Z8Y3y67vd4w5Z2txYVev6iqlHeGaacYpkE3DfrDlH+ctzspy7K0uBA8js1v79Z1HVHXZ+PJqOu6fioW4lw8HYuxFMuxEs/Es/FcnI/n40K8EC/GxdGspvsGAAAAAAAAAAAAAAAAAACA0+Wxzv9fbrh5AAAAAAAAAAAAAAAAAAAAOCVu3Lp9bb3V2rie0nxE+fXu5u7m+HY8vr4d7SijiCuxHH/E6PT/2Li++k5r40oaWYmvyr17+b3dzdnJ/Oro7wSm5lfH+TSZn4uFB/NrsRznp+fXpubn49VXHshnsRy/fhTdKGMrDrP381+spvT2u62H8pdG8wAAAOA0yNLfpu7fs2zq+NxR/hG+H3hof30mLp1p8so5VA0/28nLsug3Xhx1NL5nLyJOSGMnoliKiP/+kc/+45z5e6tyIl6Ef1fMTryRmu/nf1o083nE8bq/6E13AgAAAAAAAAAAwKM4jp8THj7PbNMXCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPzFDhwLAAAAAAjzt06jYwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACApQIAAP//2ZfHAQ==") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0) vmsplice(r0, &(0x7f0000000040)=[{0x0}], 0x1, 0x8) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8000, 0x20000000019}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = openat$full(0xffffffffffffff9c, 0x0, 0x1, 0x0) ioctl$SNDRV_PCM_IOCTL_SYNC_PTR(r1, 0xc0884123, &(0x7f0000000040)={0x6, "f620133a8846b606e83f25d5aef55821f8885999d3c5574e7b39871aa39326a497a3f02ceadc7676504ebfa9af0dc37816acbb9fe0b75ec81b36ce28d2318a8f", {0x8000, 0x5}}) getpid() ptrace(0x10, 0x0) ptrace$PTRACE_GETSIGMASK(0x420a, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bd2) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) sendmsg$key(0xffffffffffffffff, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f00000005c0)=ANY=[@ANYBLOB="020100020a0000000000000000000000030006002b20000002004e24ac1414aa0000000000000000030005000000000002000a01000000000000000000000000020013"], 0x50}, 0x1, 0x7}, 0x20000000) r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$bt_BT_VOICE(r4, 0x112, 0x13, 0x0, 0x0) 1m19.308138435s ago: executing program 2 (id=28): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x200000087}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r0}, 0x10) rt_sigprocmask(0x0, 0x0, 0x0, 0x0) setresuid(0x0, 0x0, 0x0) getresgid(&(0x7f0000000400), &(0x7f0000000480), &(0x7f00000004c0)) 1m18.214190093s ago: executing program 2 (id=31): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r1 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r3, 0xc0a85320, &(0x7f00000005c0)={{0x80}, 'port0\x00', 0xe3, 0xe9a, 0x0, 0x8000008, 0x5, 0x4, 0x1}) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r3, 0x40505330, &(0x7f00000000c0)={0x800000, 0x80, 0xffffffb9, 0x7, 0x0, 0x55a}) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r3, 0x40505330, &(0x7f0000000bc0)={0x800080, 0x66a9, 0xb, 0x8007, 0x80a, 0x558}) r4 = syz_open_procfs(0x0, 0x0) fchdir(r4) r5 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r5, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) syz_emit_ethernet(0x46, &(0x7f0000000340)={@local, @random="fad1e048716e", @void, {@ipv4={0x800, @udp={{0xc, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty, {[@timestamp_addr={0x44, 0x1c, 0xa, 0x1, 0x8, [{@broadcast, 0x7ff}, {@remote, 0x4}, {@multicast2}]}]}}, {0x0, 0x4e20, 0x8}}}}}, 0x0) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x1, 0xb, &(0x7f00000009c0)=@framed={{0x18, 0x2, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x4000000}, [@printk={@p, {0x3, 0x3, 0x6, 0xa, 0x1, 0xfff8, 0x41}, {0x4}, {}, {}, {}, {0x85, 0x0, 0x0, 0x8c}}]}, &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0xc, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x45, 0x0, 0x0, 0x0}, 0x94) 1m15.722566928s ago: executing program 32 (id=31): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r1 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r3, 0xc0a85320, &(0x7f00000005c0)={{0x80}, 'port0\x00', 0xe3, 0xe9a, 0x0, 0x8000008, 0x5, 0x4, 0x1}) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r3, 0x40505330, &(0x7f00000000c0)={0x800000, 0x80, 0xffffffb9, 0x7, 0x0, 0x55a}) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r3, 0x40505330, &(0x7f0000000bc0)={0x800080, 0x66a9, 0xb, 0x8007, 0x80a, 0x558}) r4 = syz_open_procfs(0x0, 0x0) fchdir(r4) r5 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r5, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) syz_emit_ethernet(0x46, &(0x7f0000000340)={@local, @random="fad1e048716e", @void, {@ipv4={0x800, @udp={{0xc, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty, {[@timestamp_addr={0x44, 0x1c, 0xa, 0x1, 0x8, [{@broadcast, 0x7ff}, {@remote, 0x4}, {@multicast2}]}]}}, {0x0, 0x4e20, 0x8}}}}}, 0x0) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x1, 0xb, &(0x7f00000009c0)=@framed={{0x18, 0x2, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x4000000}, [@printk={@p, {0x3, 0x3, 0x6, 0xa, 0x1, 0xfff8, 0x41}, {0x4}, {}, {}, {}, {0x85, 0x0, 0x0, 0x8c}}]}, &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0xc, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x45, 0x0, 0x0, 0x0}, 0x94) 21.241619707s ago: executing program 4 (id=95): r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000bc0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x3}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b00"/14], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000140)='sys_enter\x00', r2}, 0x18) pselect6(0x40, &(0x7f00000001c0)={0x2, 0x0, 0x3, 0xfffffffffffffffd, 0x3, 0x0, 0x0, 0xe}, 0x0, &(0x7f0000000300)={0x3ff, 0x7e7, 0x0, 0x9, 0x4, 0x0, 0x7fffffff, 0x3f8}, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) socket$inet6(0xa, 0xb, 0x5) socket$nl_route(0x10, 0x3, 0x0) 19.430342106s ago: executing program 4 (id=99): sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@getqdisc={0x24, 0x26, 0x1, 0x70bd2c, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0xb, 0x4}, {0xa, 0xfff2}, {0xfff2, 0xa}}}, 0x24}, 0x1, 0x0, 0x0, 0xc000}, 0x4080) mlockall(0x7) io_setup(0x2, 0x0) r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x20a00, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fd7000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, 0x0}], 0x1, 0x4a, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 17.854874441s ago: executing program 4 (id=101): syz_usb_connect(0x0, 0x43, 0x0, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8000, 0x20000000019}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = getpid() unshare(0x28000600) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r1 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bd2) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000003ac0)=""/102392, 0x18ff8) bpf$PROG_LOAD(0x5, 0x0, 0x0) read$FUSE(0xffffffffffffffff, 0x0, 0x0) request_key(0x0, 0x0, 0x0, 0xffffffffffffffff) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={0x0, 0x0}, 0x28) r3 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$sock_linger(r3, 0x1, 0x3c, &(0x7f0000000100)={0x200000000000001}, 0x8) 17.118283833s ago: executing program 3 (id=102): syz_usb_connect$printer(0x0, 0x0, 0x0, &(0x7f00000002c0)={0x0, 0x0, 0x11, &(0x7f0000000180)=ANY=[]}) syz_emit_vhci(&(0x7f0000000180)=ANY=[], 0xec) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000108008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x7a224000) syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[], 0x48) ioctl(0xffffffffffffffff, 0x9, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000100)={@remote, 0x1, 0x1, 0x1, 0x8, 0xa5c, 0xe97c}, 0x20) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan0\x00'}) openat$sndseq(0xffffffffffffff9c, 0x0, 0x2) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x9, 0x4, &(0x7f00000000c0)=ANY=[@ANYRESHEX=0x0], 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x22}, 0x94) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) ioctl$TCSETAW(0xffffffffffffffff, 0x5407, 0x0) 15.056485206s ago: executing program 3 (id=104): bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x48) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x3000008, 0x1010, 0xffffffffffffffff, 0xffffc000) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) syz_open_procfs(0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) write(r0, &(0x7f0000000100)="07000000010000", 0x7) 14.938411458s ago: executing program 4 (id=105): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000007, 0x8031, 0xffffffffffffffff, 0xf6bf000) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) socket$inet6_tcp(0xa, 0x1, 0x0) dup(0xffffffffffffffff) ioctl$TCGETS2(r0, 0x802c542a, &(0x7f00000000c0)) 13.988264022s ago: executing program 1 (id=106): syz_usb_connect(0x5, 0x24, &(0x7f0000000140)=ANY=[@ANYBLOB="120110010928fc10ac059102254301020201090212000100004000090484000003e10200"], 0x0) syz_emit_ethernet(0x4e, 0x0, 0x0) socket$inet6(0xa, 0x3, 0x8000000003c) syz_open_dev$evdev(&(0x7f00000000c0), 0x40, 0x0) ioctl$SNDRV_TIMER_IOCTL_PARAMS(0xffffffffffffffff, 0x40505412, 0x0) 10.722395673s ago: executing program 1 (id=111): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000000c0)='sched_switch\x00', r0}, 0x18) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_RESUME(r4, 0x4147, 0x0) 9.711654793s ago: executing program 0 (id=112): creat(&(0x7f00000000c0)='./file0\x00', 0xf4) syz_mount_image$hfsplus(&(0x7f00000000c0), &(0x7f0000000980)='./file0\x00', 0x0, &(0x7f0000000a40)=ANY=[@ANYBLOB="6e6f626172726965722c706172743d3078303030303030303030303030303030392c756d61736b3d30303030303030303030303030303030343030302c626172726965722c747970653df268d6512c6e6c733d69736f383835392d312c756d61736b3d30303030303030303030303030303030303030303030372c00000000"], 0x3, 0x6b8, &(0x7f0000000ac0)="$eJzs3UGIXHcdB/Dvm2xmMxHSbZumUYQsDRRtMNnNUBNBaBSRHIIEvfS6JJtmySYtm62kRczEWgVPnqQHDxWJh4ogIkI9FetZELx4yj3gzUMO6sp782Z3dnaymc1md7bt5wNv3v8////7/3/vl/fezLzJMgE+s86/mv2dFDl/4sKtsn7vbnvx3t329V45yWSSRjLRXaVoJcXHybl0l3y+fLIernjYPC/f/7CYeO+Ddrc2US9V/8Zm220wtGcnObBa2Zdkulv8z8jDbhivWqpxLq2N95iK1bjLhB3vJQ7GbWWDzlpj45Gbj37eAnvW7e7r5gZTycF0X13L9wGprw6PvjKMQ2tdbdNrU2enYwEAAICdN/SzfL+nHuRBbuXQ7oQDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnw5F9zcDi3pp9MrTKXq//9/s+0395pjD3aZ3r1Sr7z417kAAAAAAAAAAYFuOPciD3MqhXn2lqL7zf6GqHK4eP5c3czPzWcrJ3MpclrOcpcwmmeobqHlrbnl5aXbjlr9IueXKysrtesvTQ7c8vT6uzmCgw/6nwYZOAAAAAAAAAPCZ9aOcX/v+HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9oIi2dddVcvhXnkqjYkkB5I0i+nV7s2xBrst3dA/GncYAAAAsHsOFf/rFlaK6jP/kepz/4G8mRtZzkKWs5j5XK7uBXQ/Ojf+3mkv3rvbvl4uGwf8xr+2NH81Yrr3HobPPFP1eG51i/P5dr6XE5nOxSxlId/PXJYzn+l8qyrNpchUffdi6t7dVnqxboz33LraxcHYjvWVy/iOVpG0ciULVWwnc6nZC71R9zvaN9ufmsnAjHfK7BSv1EbM0eV6Xe7Rz+v13jBV7fn+1YzM1Lkvs/F0f9435n6Lx8ngTLNprN6DOrw2S1kdnOmxcn6wXu9Crrd4K219Jjo/K2u9o+/I5jlPvvyPv1y82rhx7eqVmyf2zmH0mAaPiXZfJp4fKROLZSY628jEge3E/+Q062x0r6Jbu1q+UG17KAv5Tl7P5cznTGYym7OZyddyOu2c7svrc5vntTrXGls7145/qS60kvy0Xu+qyYc1lHl9ui+v/Ve6qaqt/5m1LD0zQpaKZoZn6Z9DQ5n4Ql0o53in7xVn/AYzMduXiWc3z8Sv/ruS5ObijWtLV+feGHG+F+t1edq+u/4a/esnskNbV+9uebw8U/5jlZWfZN3RUbY922sbyFez/sZloh5sXVsz1fncbXvUmVqOdOTOsJG6bc8PnaVdtR3ta1v3LievZ3H1XQgAe1YjB1862Gzdb/2t9X7rx62rrQsHvjl5dvKLzez/68Sf9/2+8ZvG14uX8n5+mEPjjhUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4Nbr719rW5xcX5pT1YSGOEzr/L6APeGdrUS0X3meZO71d3so9+O/b0PtFC70Ca3OyI+kOSTcZpjiP4VpKdneLYaJ0zsQu7PJkhTRdWn2kljdV4klzbIz9wB+yEU8vX3zh18623v7Jwfe61+dfmb5w+e+aVM+2vzt4+dWVhcX6m+zjuKIGdMPi+FAAAAAAAAAAAANj7duOvLIZMW3TGsK8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAJ9P5V7O/kyKzMydnyvq9u+3FcumV13pOJGkkKX6QFB8n59JdMtU3XPGweV6+/+EvX3zvg/baWBO9/o2B7f7475WV0YJ/p1fo1Eumk+yr1482+bCGdeNd6huvM1pgA4rVPSwTdryXOBi3/wcAAP//fbEE8Q==") getxattr(&(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)=@random={'osx.', 'user.incfs.metadata\x00'}, 0x0, 0x0) 9.293333364s ago: executing program 4 (id=113): syz_usb_connect$printer(0x0, 0x0, 0x0, &(0x7f00000002c0)={0x0, 0x0, 0x11, &(0x7f0000000180)=ANY=[]}) syz_emit_vhci(&(0x7f0000000180)=ANY=[], 0xec) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000108008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x7a224000) syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[], 0x48) ioctl(0xffffffffffffffff, 0x9, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000100)={@remote, 0x1, 0x1, 0x1, 0x8, 0xa5c, 0xe97c}, 0x20) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan0\x00'}) openat$sndseq(0xffffffffffffff9c, 0x0, 0x2) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x9, 0x4, &(0x7f00000000c0)=ANY=[@ANYRESHEX=0x0], &(0x7f00000002c0)='syzkaller\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x22, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x20}, 0x94) r2 = openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) ioctl$TCSETAW(0xffffffffffffffff, 0x5407, 0x0) 9.194378534s ago: executing program 3 (id=114): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x12, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800"/16], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x94) r0 = io_uring_setup(0x67bb, &(0x7f00000000c0)={0x0, 0xfffffefe, 0x3000, 0x0, 0xfffffffc}) io_uring_enter(r0, 0x0, 0xcb, 0xf, &(0x7f0000000000), 0x18) 9.171278336s ago: executing program 0 (id=115): syz_usb_connect(0x0, 0x43, 0x0, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8000, 0x20000000019}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = getpid() unshare(0x28000600) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r1 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bd2) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000003ac0)=""/102392, 0x18ff8) bpf$PROG_LOAD(0x5, 0x0, 0x0) read$FUSE(0xffffffffffffffff, 0x0, 0x0) request_key(0x0, 0x0, 0x0, 0xffffffffffffffff) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={0x0, 0x0}, 0x28) r3 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$sock_linger(r3, 0x1, 0x3c, &(0x7f0000000100)={0x200000000000001}, 0x8) 7.526346948s ago: executing program 0 (id=116): r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000bc0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x3}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b00"/14], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000140)='sys_enter\x00', r2}, 0x18) pselect6(0x40, &(0x7f00000001c0)={0x2, 0x0, 0x3, 0xfffffffffffffffd, 0x3, 0x0, 0x0, 0xe}, 0x0, &(0x7f0000000300)={0x3ff, 0x7e7, 0x0, 0x9, 0x4, 0x0, 0x7fffffff, 0x3f8}, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) socket$inet6(0xa, 0xb, 0x5) socket$nl_route(0x10, 0x3, 0x0) 5.810406237s ago: executing program 3 (id=117): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000008c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_INTERFACE(r3, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000180)={0x38, r4, 0x1, 0x70bd2d, 0x0, {{}, {@void, @val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'ip6_vti0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0xb}]}, 0x38}}, 0x4) 5.810165567s ago: executing program 4 (id=118): sendto$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=@getqdisc={0x24, 0x26, 0x1, 0x70bd2c, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0xb, 0x4}, {0xa, 0xfff2}, {0xfff2, 0xa}}}, 0x24}, 0x1, 0x0, 0x0, 0xc000}, 0x4080) mlockall(0x7) io_setup(0x2, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20a00, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fd7000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, 0x0}], 0x1, 0x4a, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 5.651308483s ago: executing program 1 (id=119): bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x12, 0x4, &(0x7f0000001300)=ANY=[@ANYBLOB="18000000000000000000000000000000711228040000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xe}, 0x94) 5.337036974s ago: executing program 1 (id=120): r0 = socket(0x1, 0x3, 0x0) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x3f, &(0x7f0000000cc0)=0x800004, 0x4) getsockopt$SO_TIMESTAMP(r0, 0x1, 0x1d, 0x0, &(0x7f00000000c0)) 5.138450294s ago: executing program 1 (id=121): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000007, 0x8031, 0xffffffffffffffff, 0xf6bf000) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) socket$inet6_tcp(0xa, 0x1, 0x0) dup(0xffffffffffffffff) ioctl$TCGETS2(r0, 0x802c542a, &(0x7f00000000c0)) 3.491279336s ago: executing program 1 (id=122): bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYBLOB], 0x48) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, 0x0, 0x0) mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x3000008, 0x1010, 0xffffffffffffffff, 0xffffc000) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) syz_open_procfs(0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) write(r0, &(0x7f0000000100)="07000000010000", 0x7) 2.400080783s ago: executing program 0 (id=123): r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x1, &(0x7f00000000c0)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f00000004c0)=@filter={'filter\x00', 0x2, 0x4, 0x350, 0xffffffff, 0x1b0, 0x1b0, 0x0, 0xfeffffff, 0xffffffff, 0x280, 0x280, 0x280, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@remote, @mcast1, [0x0, 0xff], [0xff000000], 'macsec0\x00', 'wg0\x00', {}, {0xff}, 0x133, 0x0, 0x5}, 0x2f2, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x6}}}, {{@uncond, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00', 0x3, {{0x0, 0x5, 0x5}, {0xffffffffffffffff, 0x4, 0x4}, {0x0, 0x4, 0x4}, 0x5, 0x3c1d}}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00', 0x3, {0x0, 0x0, 0x2}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3b0) 1.374963944s ago: executing program 3 (id=124): sendmsg$key(0xffffffffffffffff, &(0x7f0000000440)={0x900, 0x0, &(0x7f0000000400)={&(0x7f0000000040)=ANY=[@ANYBLOB], 0x38}}, 0x40408c0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) socket$nl_sock_diag(0x10, 0x3, 0x4) r3 = socket$unix(0x1, 0x1, 0x0) socket(0x0, 0x9f5faa811eea84c5, 0x0) syz_mount_image$erofs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x3008003, &(0x7f0000002ac0)=ANY=[], 0x2, 0x200, &(0x7f00000002c0)="$eJzsmbFrFEEUxr+Z3ds7gwRtLGwsDBjR7O3uqaSJEMFSEKKo5WHWEN3k5LJC7kDwsLHRzkKwtbG0sLCy8C+w1UIFwcIrBQthZGZnd4e93fMOTwXzfpDJN/PezLz3YF6xB4Ig9iyfPn778PDc8qWTAPZjAXW9/sXKfbjh//7JnROPV84/ffHu2Zvt+buviucxAEJUXve9aHIAvF61EIPZyYoQmM/tC0YIWuMyOI5rfQUMbiJ/CEUyCcFwTfvcNHRnnxZR6F7vROs3NqPQk4Mvh0AOLTM+GdRwwLAOoKGiE4IZ9p1e/1Y7isJuUdREes+IaVrBK8up41vlWEFaPSGk/9UH9wdyrmsDDzyrnw8OX+sWGNa0XkYdruvmJTHyP2zn51uT5D9jcVbd9WjSXc+VOLj05wNLRPpGptkly/g3SvcfidpMzmHFFfmgs5VDw7QHmj6f/1nu+LVPY/xjhLaPmN7ORdGF34jQKSlUJvL+JDv7MaM/2bCz/tGMt243d3r9pc2t9ka4EW4HQeuMd8rzTgdN1YiScUz/a6j+NGecX6vwdZiD3XYcd/1dIO762TxIxjwBrL3sfJVbDkD1P47Fo+oI1VNV2vXyO5j+4+q/VItWuee9ypwIgiAIgiAIgiAIgiAIgiDKOQKG5JcwwfQH0TKCi+oL5c8AAAD//40vYXw=") creat(&(0x7f00000000c0)='./file0\x00', 0xf4) unshare(0x400) r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) fadvise64(r4, 0xe0ffff, 0x19, 0x3) bind$unix(r3, &(0x7f00000002c0)=@file={0x1, './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'}, 0x6e) inotify_add_watch(0xffffffffffffffff, 0x0, 0x40000800) syz_mount_image$hfsplus(&(0x7f00000000c0), &(0x7f0000000980)='./file0\x00', 0x0, &(0x7f0000000a40)=ANY=[@ANYBLOB="6e6f626172726965722c706172743d3078303030303030303030303030303030392c756d61736b3d30303030303030303030303030303030343030302c626172726965722c747970653df268d6512c6e6c733d69736f383835392d312c756d61736b3d30303030303030303030303030303030303030303030372c00000000"], 0x3, 0x6b8, &(0x7f0000000ac0)="$eJzs3UGIXHcdB/Dvm2xmMxHSbZumUYQsDRRtMNnNUBNBaBSRHIIEvfS6JJtmySYtm62kRczEWgVPnqQHDxWJh4ogIkI9FetZELx4yj3gzUMO6sp782Z3dnaymc1md7bt5wNv3v8////7/3/vl/fezLzJMgE+s86/mv2dFDl/4sKtsn7vbnvx3t329V45yWSSRjLRXaVoJcXHybl0l3y+fLIernjYPC/f/7CYeO+Ddrc2US9V/8Zm220wtGcnObBa2Zdkulv8z8jDbhivWqpxLq2N95iK1bjLhB3vJQ7GbWWDzlpj45Gbj37eAnvW7e7r5gZTycF0X13L9wGprw6PvjKMQ2tdbdNrU2enYwEAAICdN/SzfL+nHuRBbuXQ7oQDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnw5F9zcDi3pp9MrTKXq//9/s+0395pjD3aZ3r1Sr7z417kAAAAAAAAAAYFuOPciD3MqhXn2lqL7zf6GqHK4eP5c3czPzWcrJ3MpclrOcpcwmmeobqHlrbnl5aXbjlr9IueXKysrtesvTQ7c8vT6uzmCgw/6nwYZOAAAAAAAAAPCZ9aOcX/v+HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9oIi2dddVcvhXnkqjYkkB5I0i+nV7s2xBrst3dA/GncYAAAAsHsOFf/rFlaK6jP/kepz/4G8mRtZzkKWs5j5XK7uBXQ/Ojf+3mkv3rvbvl4uGwf8xr+2NH81Yrr3HobPPFP1eG51i/P5dr6XE5nOxSxlId/PXJYzn+l8qyrNpchUffdi6t7dVnqxboz33LraxcHYjvWVy/iOVpG0ciULVWwnc6nZC71R9zvaN9ufmsnAjHfK7BSv1EbM0eV6Xe7Rz+v13jBV7fn+1YzM1Lkvs/F0f9435n6Lx8ngTLNprN6DOrw2S1kdnOmxcn6wXu9Crrd4K219Jjo/K2u9o+/I5jlPvvyPv1y82rhx7eqVmyf2zmH0mAaPiXZfJp4fKROLZSY628jEge3E/+Q062x0r6Jbu1q+UG17KAv5Tl7P5cznTGYym7OZyddyOu2c7svrc5vntTrXGls7145/qS60kvy0Xu+qyYc1lHl9ui+v/Ve6qaqt/5m1LD0zQpaKZoZn6Z9DQ5n4Ql0o53in7xVn/AYzMduXiWc3z8Sv/ruS5ObijWtLV+feGHG+F+t1edq+u/4a/esnskNbV+9uebw8U/5jlZWfZN3RUbY922sbyFez/sZloh5sXVsz1fncbXvUmVqOdOTOsJG6bc8PnaVdtR3ta1v3LievZ3H1XQgAe1YjB1862Gzdb/2t9X7rx62rrQsHvjl5dvKLzez/68Sf9/2+8ZvG14uX8n5+mEPjjhUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4Nbr719rW5xcX5pT1YSGOEzr/L6APeGdrUS0X3meZO71d3so9+O/b0PtFC70Ca3OyI+kOSTcZpjiP4VpKdneLYaJ0zsQu7PJkhTRdWn2kljdV4klzbIz9wB+yEU8vX3zh18623v7Jwfe61+dfmb5w+e+aVM+2vzt4+dWVhcX6m+zjuKIGdMPi+FAAAAAAAAAAAANj7duOvLIZMW3TGsK8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAJ9P5V7O/kyKzMydnyvq9u+3FcumV13pOJGkkKX6QFB8n59JdMtU3XPGweV6+/+EvX3zvg/baWBO9/o2B7f7475WV0YJ/p1fo1Eumk+yr1482+bCGdeNd6huvM1pgA4rVPSwTdryXOBi3/wcAAP//fbEE8Q==") getxattr(&(0x7f0000000040)='./file0\x00', &(0x7f00000001c0)=@random={'osx.', 'user.incfs.metadata\x00'}, 0x0, 0x0) 1.285129893s ago: executing program 0 (id=125): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x12, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000079"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x94) r0 = io_uring_setup(0x67bb, &(0x7f00000000c0)={0x0, 0xfffffefe, 0x3000, 0x0, 0xfffffffc}) io_uring_enter(r0, 0x0, 0xcb, 0xf, &(0x7f0000000000), 0x18) 138.373176ms ago: executing program 0 (id=126): syz_usb_connect(0x0, 0x43, 0x0, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8000, 0x20000000019}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = getpid() unshare(0x28000600) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r1 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bd2) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000003ac0)=""/102392, 0x18ff8) bpf$PROG_LOAD(0x5, 0x0, 0x0) read$FUSE(0xffffffffffffffff, 0x0, 0x0) request_key(0x0, 0x0, 0x0, 0xffffffffffffffff) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={0x0, 0x0}, 0x28) r3 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$sock_linger(r3, 0x1, 0x3c, &(0x7f0000000100)={0x200000000000001}, 0x8) 0s ago: executing program 3 (id=127): syz_usb_connect$printer(0x0, 0x0, 0x0, &(0x7f00000002c0)={0x0, 0x0, 0x11, &(0x7f0000000180)=ANY=[]}) syz_emit_vhci(&(0x7f0000000180)=ANY=[], 0xec) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000108008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x7a224000) syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[], 0x48) ioctl(0xffffffffffffffff, 0x9, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000100)={@remote, 0x1, 0x1, 0x1, 0x8, 0xa5c, 0xe97c}, 0x20) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan0\x00'}) openat$sndseq(0xffffffffffffff9c, 0x0, 0x2) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x9, 0x4, &(0x7f00000000c0)=ANY=[@ANYRESHEX=0x0], &(0x7f00000002c0)='syzkaller\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x22, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x20}, 0x94) r2 = openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) ioctl$TCSETAW(0xffffffffffffffff, 0x5407, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.7' (ED25519) to the list of known hosts. [ 72.867635][ T5777] cgroup: Unknown subsys name 'net' [ 73.042121][ T5777] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 74.588267][ T5777] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 76.657375][ T5790] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 76.673759][ T5790] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 76.674751][ T5793] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 76.681542][ T5790] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 76.696163][ T5790] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 76.705387][ T5790] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 76.713733][ T5790] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 76.713784][ T5798] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 76.721387][ T5790] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 76.735409][ T5790] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 76.735734][ T5792] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 76.751624][ T5792] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 76.763494][ T5792] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 76.765649][ T5790] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 76.772250][ T5792] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 76.785214][ T5790] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 76.792749][ T5792] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 76.792896][ T5790] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 76.814967][ T5790] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 76.834939][ T5790] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 76.835236][ T5802] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 76.850680][ T5802] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 76.858606][ T5802] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 76.866509][ T5802] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 77.397668][ T5799] chnl_net:caif_netlink_parms(): no params data found [ 77.408900][ T5787] chnl_net:caif_netlink_parms(): no params data found [ 77.492928][ T5796] chnl_net:caif_netlink_parms(): no params data found [ 77.558124][ T5791] chnl_net:caif_netlink_parms(): no params data found [ 77.655737][ T5799] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.662898][ T5799] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.670576][ T5799] bridge_slave_0: entered allmulticast mode [ 77.678083][ T5799] bridge_slave_0: entered promiscuous mode [ 77.699722][ T5787] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.706906][ T5787] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.714054][ T5787] bridge_slave_0: entered allmulticast mode [ 77.722893][ T5787] bridge_slave_0: entered promiscuous mode [ 77.730797][ T5787] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.738237][ T5787] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.745921][ T5787] bridge_slave_1: entered allmulticast mode [ 77.753803][ T5787] bridge_slave_1: entered promiscuous mode [ 77.773884][ T5799] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.781146][ T5799] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.788533][ T5799] bridge_slave_1: entered allmulticast mode [ 77.795556][ T5799] bridge_slave_1: entered promiscuous mode [ 77.837755][ T5796] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.845126][ T5796] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.852274][ T5796] bridge_slave_0: entered allmulticast mode [ 77.859970][ T5796] bridge_slave_0: entered promiscuous mode [ 77.887791][ T5787] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 77.900033][ T5787] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 77.909461][ T5796] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.916825][ T5796] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.923956][ T5796] bridge_slave_1: entered allmulticast mode [ 77.931090][ T5796] bridge_slave_1: entered promiscuous mode [ 77.999508][ T5799] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.020748][ T5791] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.028216][ T5791] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.035511][ T5791] bridge_slave_0: entered allmulticast mode [ 78.042478][ T5791] bridge_slave_0: entered promiscuous mode [ 78.054388][ T5787] team0: Port device team_slave_0 added [ 78.063889][ T5787] team0: Port device team_slave_1 added [ 78.091459][ T5796] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.105001][ T5799] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.114372][ T5791] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.121987][ T5791] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.129463][ T5791] bridge_slave_1: entered allmulticast mode [ 78.137873][ T5791] bridge_slave_1: entered promiscuous mode [ 78.156385][ T5796] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.236601][ T5799] team0: Port device team_slave_0 added [ 78.254174][ T5787] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.261756][ T5787] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.287870][ T5787] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.301935][ T5787] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.308989][ T5787] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.335454][ T5787] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.350147][ T5796] team0: Port device team_slave_0 added [ 78.363636][ T5799] team0: Port device team_slave_1 added [ 78.383429][ T5791] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.400178][ T5796] team0: Port device team_slave_1 added [ 78.432167][ T5791] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.475418][ T5799] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.482391][ T5799] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.508518][ T5799] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.541644][ T5796] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.549182][ T5796] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.575540][ T5796] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.587797][ T5799] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.594943][ T5799] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.620935][ T5799] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.640100][ T5791] team0: Port device team_slave_0 added [ 78.650498][ T5787] hsr_slave_0: entered promiscuous mode [ 78.657308][ T5787] hsr_slave_1: entered promiscuous mode [ 78.664835][ T5796] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.671799][ T5796] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.697875][ T5796] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.717209][ T5791] team0: Port device team_slave_1 added [ 78.798047][ T5799] hsr_slave_0: entered promiscuous mode [ 78.806384][ T5799] hsr_slave_1: entered promiscuous mode [ 78.812537][ T5799] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 78.820973][ T5799] Cannot create hsr debugfs directory [ 78.845266][ T5796] hsr_slave_0: entered promiscuous mode [ 78.851490][ T5796] hsr_slave_1: entered promiscuous mode [ 78.857858][ T5796] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 78.865963][ T5796] Cannot create hsr debugfs directory [ 78.872127][ T5791] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.879767][ T5791] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.885678][ T5798] Bluetooth: hci0: command tx timeout [ 78.911638][ T5791] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.924270][ T5791] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.931362][ T5791] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.957438][ T5798] Bluetooth: hci2: command tx timeout [ 78.957485][ T5793] Bluetooth: hci3: command tx timeout [ 78.963055][ T5798] Bluetooth: hci1: command tx timeout [ 78.974810][ T5791] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 79.138972][ T5791] hsr_slave_0: entered promiscuous mode [ 79.146653][ T5791] hsr_slave_1: entered promiscuous mode [ 79.152701][ T5791] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 79.161497][ T5791] Cannot create hsr debugfs directory [ 79.420593][ T5787] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 79.434459][ T5787] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 79.455332][ T5787] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 79.486544][ T5787] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 79.547050][ T5799] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 79.558216][ T5799] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 79.568325][ T5799] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 79.579049][ T5799] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 79.648638][ T5796] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 79.663864][ T5796] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 79.676339][ T5796] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 79.695067][ T5796] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 79.842554][ T5791] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 79.852736][ T5791] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 79.875847][ T5791] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 79.886416][ T5791] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 79.965176][ T5787] 8021q: adding VLAN 0 to HW filter on device bond0 [ 79.986653][ T5799] 8021q: adding VLAN 0 to HW filter on device bond0 [ 80.011446][ T5787] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.043174][ T1320] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.050674][ T1320] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.084449][ T5796] 8021q: adding VLAN 0 to HW filter on device bond0 [ 80.096812][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.103961][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 80.127821][ T5799] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.147141][ T5796] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.161823][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.168991][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.193716][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.200875][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.240885][ T1143] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.248102][ T1143] bridge0: port 2(bridge_slave_1) entered forwarding state [ 80.279280][ T994] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.286478][ T994] bridge0: port 2(bridge_slave_1) entered forwarding state [ 80.368767][ T5791] 8021q: adding VLAN 0 to HW filter on device bond0 [ 80.447527][ T5791] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.501117][ T64] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.508361][ T64] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.556240][ T64] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.563438][ T64] bridge0: port 2(bridge_slave_1) entered forwarding state [ 80.673584][ T5787] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 80.838799][ T5787] veth0_vlan: entered promiscuous mode [ 80.902305][ T5799] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 80.926779][ T5787] veth1_vlan: entered promiscuous mode [ 80.959454][ T5798] Bluetooth: hci0: command tx timeout [ 80.981195][ T5796] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 81.034873][ T5798] Bluetooth: hci3: command tx timeout [ 81.035942][ T5793] Bluetooth: hci1: command tx timeout [ 81.040298][ T5798] Bluetooth: hci2: command tx timeout [ 81.094436][ T5787] veth0_macvtap: entered promiscuous mode [ 81.103337][ T5799] veth0_vlan: entered promiscuous mode [ 81.121332][ T5787] veth1_macvtap: entered promiscuous mode [ 81.151126][ T5796] veth0_vlan: entered promiscuous mode [ 81.159669][ T5799] veth1_vlan: entered promiscuous mode [ 81.176920][ T5791] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 81.190413][ T5796] veth1_vlan: entered promiscuous mode [ 81.217431][ T5787] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 81.229716][ T5787] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 81.253789][ T5787] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.263028][ T5787] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.271994][ T5787] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.281171][ T5787] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.333636][ T5799] veth0_macvtap: entered promiscuous mode [ 81.382383][ T5796] veth0_macvtap: entered promiscuous mode [ 81.400067][ T5799] veth1_macvtap: entered promiscuous mode [ 81.417986][ T5796] veth1_macvtap: entered promiscuous mode [ 81.445934][ T1143] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 81.453938][ T1143] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 81.480607][ T5791] veth0_vlan: entered promiscuous mode [ 81.512932][ T5799] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 81.524407][ T5799] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 81.537106][ T5799] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 81.552491][ T5791] veth1_vlan: entered promiscuous mode [ 81.568979][ T5796] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 81.579908][ T5796] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 81.590699][ T5796] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 81.602706][ T5796] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 81.615853][ T5796] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 81.628311][ T1320] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 81.639391][ T5799] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 81.644698][ T1320] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 81.651590][ T5799] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 81.668683][ T5799] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 81.696498][ T5796] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 81.710405][ T5796] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 81.720769][ T5796] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 81.735648][ T5796] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 81.751015][ T5796] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 81.778541][ T5799] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.787421][ T5799] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.805700][ T5799] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.814433][ T5799] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.845758][ T5796] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.854968][ T5796] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.863676][ T5796] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.880938][ T5796] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.961926][ T5791] veth0_macvtap: entered promiscuous mode [ 81.990025][ T5791] veth1_macvtap: entered promiscuous mode [ 82.062343][ T5791] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 82.080191][ T5791] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.092251][ T5791] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 82.102978][ T5791] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.113312][ T5791] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 82.134752][ T5791] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.154101][ T5791] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 82.169653][ T5882] syz.1.1[5882]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 82.209819][ T5791] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 82.222502][ T5882] loop1: detected capacity change from 0 to 512 [ 82.229586][ T5791] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.244105][ T5791] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 82.256582][ T5791] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.267230][ T5791] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 82.280446][ T5791] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.290379][ T5882] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a806e02c, mo2=0002] [ 82.299037][ T5882] System zones: 1-12 [ 82.307948][ T5791] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 82.346668][ T5882] EXT4-fs error (device loop1): dx_probe:823: inode #2: comm syz.1.1: Directory hole found for htree index block 0 [ 82.365946][ T41] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 82.374233][ T64] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 82.378729][ T5791] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.394178][ T5882] EXT4-fs (loop1): Remounting filesystem read-only [ 82.405228][ T5791] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.413963][ T5791] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.428817][ T41] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 82.437983][ T64] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 82.449423][ T5882] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -117 [ 82.460650][ T5882] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -117 [ 82.483929][ T5791] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.495776][ T5882] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 82.609183][ T5787] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 82.628170][ T64] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 82.651729][ T64] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 82.768130][ T5886] loop1: detected capacity change from 0 to 256 [ 82.775137][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 82.775677][ T5886] exfat: Unknown parameter '"' [ 82.782967][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 82.824128][ T1143] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 82.832303][ T5804] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 82.845587][ T1143] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.785090][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 83.897380][ T5798] Bluetooth: hci0: command tx timeout [ 83.897604][ T5802] Bluetooth: hci1: command tx timeout [ 83.902864][ T5798] Bluetooth: hci3: command tx timeout [ 83.908997][ T5802] Bluetooth: hci2: command tx timeout [ 83.958592][ T41] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.985466][ T41] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.608671][ T5886] xt_CT: You must specify a L4 protocol and not use inversions on it [ 84.836877][ T5893] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 85.144919][ T5880] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 85.345639][ T5880] usb 4-1: Using ep0 maxpacket: 8 [ 85.358888][ T5880] usb 4-1: config 179 has an invalid interface number: 65 but max is 0 [ 85.375675][ T5880] usb 4-1: config 179 has no interface number 0 [ 85.393670][ T5880] usb 4-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9 [ 85.421033][ T5880] usb 4-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024 [ 85.449137][ T5880] usb 4-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 52, changing to 9 [ 85.480120][ T5880] usb 4-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid maxpacket 8241, setting to 1024 [ 85.510912][ T5880] usb 4-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 85.532304][ T5880] usb 4-1: config 179 interface 65 has no altsetting 0 [ 85.540917][ T5880] usb 4-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00 [ 85.559156][ T5880] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 85.632541][ T5880] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:179.65/input/input5 [ 85.741215][ T5142] input input5: unable to receive magic message: -110 [ 85.796207][ T5142] input input5: unable to receive magic message: -32 [ 85.852904][ T5142] input input5: unable to receive magic message: -32 [ 85.875394][ T5142] input input5: unable to receive magic message: -32 [ 85.890464][ T5142] input input5: unable to receive magic message: -32 [ 85.909392][ T5142] input input5: unable to receive magic message: -32 [ 85.916485][ T5802] Bluetooth: hci3: command tx timeout [ 85.916522][ T5802] Bluetooth: hci1: command tx timeout [ 85.916560][ T5802] Bluetooth: hci0: command tx timeout [ 85.928380][ T5900] loop1: detected capacity change from 0 to 1024 [ 85.948062][ T5900] ======================================================= [ 85.948062][ T5900] WARNING: The mand mount option has been deprecated and [ 85.948062][ T5900] and is ignored by this kernel. Remove the mand [ 85.948062][ T5900] option from the mount to silence this warning. [ 85.948062][ T5900] ======================================================= [ 85.998911][ T50] Bluetooth: hci2: command tx timeout [ 86.062173][ C1] xpad 4-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 86.071112][ C1] xpad 4-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 86.098627][ T5900] EXT4-fs (loop1): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 86.118197][ T42] usb 4-1: USB disconnect, device number 2 [ 86.142448][ T42] xpad 4-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 86.211940][ T5900] ext4 filesystem being mounted at /2/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 86.345195][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 86.474842][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 86.647149][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 86.657912][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 86.762312][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 86.858312][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 86.963295][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 87.138018][ T5900] syz.1.6 (5900) used greatest stack depth: 20944 bytes left [ 87.217925][ T5787] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 87.371520][ T23] cfg80211: failed to load regulatory.db [ 88.706763][ T5916] loop1: detected capacity change from 0 to 1024 [ 88.751109][ T5916] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 89.080407][ T5921] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 89.732723][ T5787] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 89.891423][ T5910] Bluetooth: MGMT ver 1.22 [ 91.362738][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 91.465221][ T0] NOHZ tick-stop error: local softirq work is pending, handler #c0!!! [ 92.940893][ T5802] Bluetooth: hci0: command 0x0c1a tx timeout [ 92.941228][ T50] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 97.988603][ T5956] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 101.637561][ T5974] loop2: detected capacity change from 0 to 8192 [ 104.183570][ T12] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 104.709387][ T12] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 106.481354][ T12] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 106.628917][ T12] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 107.111094][ T5995] loop1: detected capacity change from 0 to 2048 [ 107.339540][ T5995] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 107.515209][ T6003] EXT4-fs error (device loop1): ext4_xattr_ibody_get:653: inode #15: comm syz.1.34: corrupted in-inode xattr: bad magic number in in-inode xattr [ 107.598879][ T5798] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 107.607718][ T5798] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 107.621703][ T5798] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 107.641945][ T5798] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 107.656949][ T5798] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 107.670589][ T5798] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 107.768321][ T6003] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5902: Corrupt filesystem [ 107.969141][ T6003] EXT4-fs error (device loop1): ext4_dirty_inode:6106: inode #15: comm syz.1.34: mark_inode_dirty error [ 108.188731][ T5787] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 109.162185][ T6004] chnl_net:caif_netlink_parms(): no params data found [ 109.174036][ T6029] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 110.807478][ T5802] Bluetooth: hci3: command tx timeout [ 110.813775][ T5798] Bluetooth: hci0: command 0x0c1a tx timeout [ 110.819881][ T50] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 112.913445][ T5798] Bluetooth: hci3: command tx timeout [ 113.119366][ T6004] bridge0: port 1(bridge_slave_0) entered blocking state [ 113.156109][ T6004] bridge0: port 1(bridge_slave_0) entered disabled state [ 113.174334][ T6004] bridge_slave_0: entered allmulticast mode [ 113.195867][ T6004] bridge_slave_0: entered promiscuous mode [ 113.226210][ T6004] bridge0: port 2(bridge_slave_1) entered blocking state [ 113.253873][ T6004] bridge0: port 2(bridge_slave_1) entered disabled state [ 113.279459][ T6004] bridge_slave_1: entered allmulticast mode [ 113.301114][ T6004] bridge_slave_1: entered promiscuous mode [ 113.684841][ T12] hsr_slave_0: left promiscuous mode [ 113.754885][ T12] hsr_slave_1: left promiscuous mode [ 113.784777][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 113.793125][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 113.843709][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 113.869327][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 113.895580][ T12] bridge_slave_1: left allmulticast mode [ 113.901276][ T12] bridge_slave_1: left promiscuous mode [ 113.941502][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 114.786972][ T12] bridge_slave_0: left allmulticast mode [ 114.800940][ T12] bridge_slave_0: left promiscuous mode [ 114.819425][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 114.957304][ T5798] Bluetooth: hci3: command tx timeout [ 115.001208][ T12] veth1_macvtap: left promiscuous mode [ 115.007456][ T12] veth0_macvtap: left promiscuous mode [ 115.013180][ T12] veth1_vlan: left promiscuous mode [ 115.019468][ T12] veth0_vlan: left promiscuous mode [ 117.034769][ T5798] Bluetooth: hci3: command tx timeout [ 117.465904][ T12] team0 (unregistering): Port device team_slave_1 removed [ 117.502845][ T6073] loop1: detected capacity change from 0 to 8192 [ 117.570127][ T12] team0 (unregistering): Port device team_slave_0 removed [ 117.710729][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 117.805010][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 118.193213][ T12] bond0 (unregistering): Released all slaves [ 118.286087][ T6004] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 118.454836][ T6004] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 119.392872][ T6084] loop1: detected capacity change from 0 to 1024 [ 120.147856][ T6084] EXT4-fs (loop1): VFS: Can't find ext4 filesystem [ 120.170525][ T6086] loop3: detected capacity change from 0 to 512 [ 120.312609][ T6086] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a806e02c, mo2=0002] [ 120.361159][ T6004] team0: Port device team_slave_0 added [ 120.384994][ T6086] System zones: 1-12 [ 120.426432][ T6086] EXT4-fs error (device loop3): dx_probe:823: inode #2: comm syz.3.45: Directory hole found for htree index block 0 [ 120.456260][ T6086] EXT4-fs (loop3): Remounting filesystem read-only [ 120.462852][ T6086] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -117 [ 120.487087][ T6004] team0: Port device team_slave_1 added [ 120.534931][ T6086] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -117 [ 120.551738][ T6086] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 120.647577][ T6004] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 120.670651][ T6004] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 120.734199][ T6004] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 120.757737][ T6004] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 120.768518][ T5796] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 120.798786][ T6004] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 120.889042][ T6004] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 121.089940][ T6004] hsr_slave_0: entered promiscuous mode [ 121.129440][ T6004] hsr_slave_1: entered promiscuous mode [ 121.174741][ T6004] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 121.209795][ T6004] Cannot create hsr debugfs directory [ 121.775634][ T6004] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 121.797926][ T6004] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 121.855228][ T6004] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 121.899724][ T6004] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 121.995019][ T6117] loop3: detected capacity change from 0 to 256 [ 122.002705][ T6117] exfat: Unknown parameter '"' [ 122.790108][ T6123] loop0: detected capacity change from 0 to 16 [ 123.191325][ T6123] erofs: (device loop0): mounted with root inode @ nid 36. [ 123.205782][ T6123] syz.0.50: attempt to access beyond end of device [ 123.205782][ T6123] loop0: rw=0, sector=8, nr_sectors = 32 limit=16 [ 123.788597][ T6128] loop1: detected capacity change from 0 to 1024 [ 123.820489][ T6004] 8021q: adding VLAN 0 to HW filter on device bond0 [ 123.858108][ T6117] xt_CT: You must specify a L4 protocol and not use inversions on it [ 123.955895][ T6128] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 123.990796][ T6004] 8021q: adding VLAN 0 to HW filter on device team0 [ 124.012732][ T2984] bridge0: port 1(bridge_slave_0) entered blocking state [ 124.019863][ T2984] bridge0: port 1(bridge_slave_0) entered forwarding state [ 124.474662][ T6138] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 125.648374][ T986] bridge0: port 2(bridge_slave_1) entered blocking state [ 125.655583][ T986] bridge0: port 2(bridge_slave_1) entered forwarding state [ 125.880490][ T6004] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 125.913855][ T5787] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 127.437723][ T6004] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 130.792434][ T6004] veth0_vlan: entered promiscuous mode [ 130.929530][ T6004] veth1_vlan: entered promiscuous mode [ 131.012765][ T6004] veth0_macvtap: entered promiscuous mode [ 131.040185][ T6004] veth1_macvtap: entered promiscuous mode [ 131.122530][ T6004] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 131.154722][ T6004] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 131.174406][ T6004] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 131.197052][ T50] Bluetooth: hci0: command 0x0c1a tx timeout [ 131.204334][ T5798] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 131.212657][ T6004] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 131.234681][ T6004] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 131.265662][ T6004] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 131.306475][ T6004] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 131.405248][ T6004] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 131.435460][ T6004] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 131.469783][ T6004] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 131.498636][ T6004] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 131.519682][ T6004] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 131.548615][ T6004] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 131.573905][ T6004] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 131.629371][ T6004] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 131.656092][ T6004] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 131.675250][ T6004] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 131.715831][ T6004] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 131.953920][ T1143] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 131.994973][ T986] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 132.010060][ T1143] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 132.033258][ T986] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 132.879133][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.894721][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.985867][ T6208] loop1: detected capacity change from 0 to 16 [ 133.157774][ T6208] erofs: (device loop1): mounted with root inode @ nid 36. [ 133.190208][ T6208] syz.1.62: attempt to access beyond end of device [ 133.190208][ T6208] loop1: rw=0, sector=8, nr_sectors = 32 limit=16 [ 134.812388][ T6215] loop4: detected capacity change from 0 to 1024 [ 135.533247][ T6215] EXT4-fs (loop4): VFS: Can't find ext4 filesystem [ 136.309633][ T6227] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 140.733171][ T6265] loop4: detected capacity change from 0 to 16 [ 141.364687][ T5798] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 141.373869][ T5798] Bluetooth: hci0: command 0x0c1a tx timeout [ 141.575212][ T6265] erofs: (device loop4): mounted with root inode @ nid 36. [ 141.589002][ T6263] syz.4.72: attempt to access beyond end of device [ 141.589002][ T6263] loop4: rw=0, sector=8, nr_sectors = 32 limit=16 [ 144.925621][ T27] audit: type=1326 audit(1760173698.244:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6277 comm="syz.3.75" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f33cef8eec9 code=0x7ffc0000 [ 145.090995][ T27] audit: type=1326 audit(1760173698.254:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6277 comm="syz.3.75" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f33cef8eec9 code=0x7ffc0000 [ 145.217224][ T27] audit: type=1326 audit(1760173698.254:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6277 comm="syz.3.75" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f33cef8eec9 code=0x7ffc0000 [ 145.304579][ T27] audit: type=1326 audit(1760173698.254:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6277 comm="syz.3.75" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f33cef8eec9 code=0x7ffc0000 [ 145.396568][ T27] audit: type=1326 audit(1760173698.254:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6277 comm="syz.3.75" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f33cef8eec9 code=0x7ffc0000 [ 145.498288][ T27] audit: type=1326 audit(1760173698.264:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6277 comm="syz.3.75" exe="/root/syz-executor" sig=0 arch=c000003e syscall=0 compat=0 ip=0x7f33cef8eec9 code=0x7ffc0000 [ 145.591390][ T27] audit: type=1326 audit(1760173698.264:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6277 comm="syz.3.75" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f33cef8eec9 code=0x7ffc0000 [ 145.784582][ T27] audit: type=1326 audit(1760173698.264:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6277 comm="syz.3.75" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f33cef8eec9 code=0x7ffc0000 [ 150.102816][ T6327] loop1: detected capacity change from 0 to 1024 [ 150.209016][ T1320] hfsplus: b-tree write err: -5, ino 4 [ 160.186269][ T6388] loop4: detected capacity change from 0 to 256 [ 160.193952][ T6388] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 160.638816][ T6388] FAT-fs (loop4): Directory bread(block 64) failed [ 160.645429][ T6388] FAT-fs (loop4): Directory bread(block 65) failed [ 160.651984][ T6388] FAT-fs (loop4): Directory bread(block 66) failed [ 160.658539][ T6388] FAT-fs (loop4): Directory bread(block 67) failed [ 160.665131][ T6388] FAT-fs (loop4): Directory bread(block 68) failed [ 160.671643][ T6388] FAT-fs (loop4): Directory bread(block 69) failed [ 160.678324][ T6388] FAT-fs (loop4): Directory bread(block 70) failed [ 160.684871][ T6388] FAT-fs (loop4): Directory bread(block 71) failed [ 160.692037][ T6388] FAT-fs (loop4): Directory bread(block 72) failed [ 160.698602][ T6388] FAT-fs (loop4): Directory bread(block 73) failed [ 161.034637][ T5798] Bluetooth: hci0: command 0x0c1a tx timeout [ 161.036186][ T50] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 162.342454][ T6400] loop3: detected capacity change from 0 to 1024 [ 162.404134][ T64] hfsplus: b-tree write err: -5, ino 4 [ 168.664788][ T42] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 169.022415][ T42] usb 2-1: Using ep0 maxpacket: 16 [ 169.068698][ T42] usb 2-1: config 0 has an invalid interface number: 132 but max is 0 [ 170.834964][ T6467] sched: RT throttling activated [ 170.864740][ T42] usb 2-1: config 0 has no interface number 0 [ 171.146501][ T42] usb 2-1: New USB device found, idVendor=05ac, idProduct=0291, bcdDevice=43.25 [ 171.164549][ T42] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=2 [ 171.210310][ T42] usb 2-1: Product: syz [ 171.234986][ T42] usb 2-1: Manufacturer: syz [ 171.268229][ T42] usb 2-1: SerialNumber: syz [ 171.320109][ T42] usb 2-1: config 0 descriptor?? [ 171.357810][ T42] hub 2-1:0.132: bad descriptor, ignoring hub [ 171.363963][ T42] hub: probe of 2-1:0.132 failed with error -5 [ 171.445865][ T42] input: bcm5974 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.132/input/input6 [ 171.797095][ T42] usb 2-1: USB disconnect, device number 2 [ 171.859048][ T6477] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 172.701496][ T6483] loop0: detected capacity change from 0 to 1024 [ 172.887578][ T48] hfsplus: b-tree write err: -5, ino 4 [ 180.229259][ T6531] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 181.407003][ T6544] loop3: detected capacity change from 0 to 16 [ 181.908173][ T6544] erofs: (device loop3): mounted with root inode @ nid 36. [ 181.923186][ T6544] syz.3.124: attempt to access beyond end of device [ 181.923186][ T6544] loop3: rw=0, sector=8, nr_sectors = 32 limit=16 [ 181.963848][ T6544] syz.3.124: attempt to access beyond end of device [ 181.963848][ T6544] loop3: rw=524288, sector=16, nr_sectors = 32 limit=16 [ 181.978098][ T6544] syz.3.124: attempt to access beyond end of device [ 181.978098][ T6544] loop3: rw=524288, sector=8, nr_sectors = 32 limit=16 [ 182.029273][ T6544] syz.3.124: attempt to access beyond end of device [ 182.029273][ T6544] loop3: rw=0, sector=8, nr_sectors = 32 limit=16 [ 182.286310][ T5796] BUG: Bad page state in process syz-executor pfn:648cd [ 182.294910][ T5796] page:ffffea0001923340 refcount:0 mapcount:0 mapping:ffff8880569d9278 index:0x2 pfn:0x648cd [ 182.305749][ T5796] aops:z_erofs_cache_aops ino:0 [ 182.310656][ T5796] flags: 0xfff00000000001(locked|node=0|zone=1|lastcpupid=0x7ff) [ 182.318866][ T5796] page_type: 0xffffffff() [ 182.323217][ T5796] raw: 00fff00000000001 dead000000000100 dead000000000122 ffff8880569d9278 [ 182.332108][ T5796] raw: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000 [ 182.341152][ T5796] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set [ 182.348914][ T5796] page_owner tracks the page as allocated [ 182.355110][ T5796] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x192840(GFP_NOWAIT|__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 6544, tgid 6539 (syz.3.124), ts 181922191585, free_ts 181863681436 [ 182.377192][ T5796] post_alloc_hook+0x1cd/0x210 [ 182.381963][ T5796] get_page_from_freelist+0x195c/0x19f0 [ 182.387561][ T5796] __alloc_pages+0x1e3/0x460 [ 182.392159][ T5796] z_erofs_do_read_page+0x20c0/0x3680 [ 182.398166][ T5796] z_erofs_pcluster_readmore+0x2cf/0x450 [ 182.403805][ T5796] z_erofs_read_folio+0x208/0x540 [ 182.408966][ T5796] filemap_read_folio+0x167/0x760 [ 182.414011][ T5796] do_read_cache_folio+0x470/0x7e0 [ 182.419232][ T5796] erofs_bread+0x16f/0x630 [ 182.423656][ T5796] erofs_namei+0x28c/0xf00 [ 182.428102][ T5796] erofs_lookup+0x135/0x310 [ 182.432609][ T5796] path_openat+0x10b8/0x3190 [ 182.437255][ T5796] do_filp_open+0x1c5/0x3d0 [ 182.441755][ T5796] do_sys_openat2+0x12c/0x1c0 [ 182.446455][ T5796] __x64_sys_creat+0x90/0xb0 [ 182.451041][ T5796] do_syscall_64+0x55/0xb0 [ 182.455473][ T5796] page last free stack trace: [ 182.460137][ T5796] free_unref_page_prepare+0x7ce/0x8e0 [ 182.465634][ T5796] free_unref_page+0x32/0x2e0 [ 182.470311][ T5796] tlb_finish_mmu+0x112/0x1d0 [ 182.475249][ T5796] exit_mmap+0x3f0/0xb50 [ 182.479497][ T5796] __mmput+0x118/0x3c0 [ 182.483563][ T5796] exit_mm+0x1da/0x2c0 [ 182.487688][ T5796] do_exit+0x88e/0x23c0 [ 182.491845][ T5796] do_group_exit+0x21b/0x2d0 [ 182.496457][ T5796] __x64_sys_exit_group+0x3f/0x40 [ 182.502092][ T5796] do_syscall_64+0x55/0xb0 [ 182.506644][ T5796] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 182.512574][ T5796] Modules linked in: [ 182.516518][ T5796] CPU: 1 PID: 5796 Comm: syz-executor Not tainted syzkaller #0 [ 182.524147][ T5796] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 182.534218][ T5796] Call Trace: [ 182.537502][ T5796] [ 182.540521][ T5796] dump_stack_lvl+0x16c/0x230 [ 182.545292][ T5796] ? show_regs_print_info+0x20/0x20 [ 182.550495][ T5796] ? swiotlb_print_info+0x70/0x70 [ 182.555530][ T5796] bad_page+0x14b/0x170 [ 182.559685][ T5796] free_unref_page_prepare+0x887/0x8e0 [ 182.565172][ T5796] free_unref_page+0x32/0x2e0 [ 182.569849][ T5796] ? __folio_put+0xef/0x210 [ 182.574348][ T5796] erofs_try_to_free_all_cached_pages+0x295/0x600 [ 182.580772][ T5796] erofs_shrink_workstation+0x118/0x290 [ 182.586349][ T5796] ? erofs_shrinker_unregister+0x170/0x170 [ 182.592220][ T5796] ? io_schedule+0xd0/0xd0 [ 182.596731][ T5796] ? kobject_put+0x43c/0x470 [ 182.601330][ T5796] erofs_shrinker_unregister+0x5d/0x170 [ 182.606884][ T5796] erofs_put_super+0x4e/0x150 [ 182.611563][ T5796] ? erofs_free_inode+0xb0/0xb0 [ 182.616450][ T5796] generic_shutdown_super+0x134/0x2b0 [ 182.621834][ T5796] kill_block_super+0x44/0x90 [ 182.626506][ T5796] erofs_kill_sb+0x4c/0x140 [ 182.631013][ T5796] deactivate_locked_super+0x97/0x100 [ 182.636393][ T5796] cleanup_mnt+0x429/0x4c0 [ 182.640809][ T5796] task_work_run+0x1ce/0x250 [ 182.645406][ T5796] ? task_work_cancel+0x240/0x240 [ 182.650444][ T5796] ? exit_to_user_mode_loop+0x3b/0x110 [ 182.655909][ T5796] exit_to_user_mode_loop+0xe6/0x110 [ 182.661196][ T5796] exit_to_user_mode_prepare+0xf6/0x180 [ 182.666744][ T5796] syscall_exit_to_user_mode+0x1a/0x50 [ 182.672209][ T5796] do_syscall_64+0x61/0xb0 [ 182.676627][ T5796] ? clear_bhb_loop+0x40/0x90 [ 182.681320][ T5796] ? clear_bhb_loop+0x40/0x90 [ 182.686121][ T5796] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 182.692031][ T5796] RIP: 0033:0x7f33cef901f7 [ 182.696608][ T5796] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 182.716315][ T5796] RSP: 002b:00007ffd00067a58 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 182.724734][ T5796] RAX: 0000000000000000 RBX: 00007f33cf011d7d RCX: 00007f33cef901f7 [ 182.732704][ T5796] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd00067b10 [ 182.740675][ T5796] RBP: 00007ffd00067b10 R08: 0000000000000000 R09: 0000000000000000 [ 182.748646][ T5796] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd00068ba0 [ 182.756619][ T5796] R13: 00007f33cf011d7d R14: 000000000002c6f6 R15: 00007ffd00068be0 [ 182.764684][ T5796] [ 182.768638][ T5796] Disabling lock debugging due to kernel taint [ 182.774884][ T5796] BUG: Bad page state in process syz-executor pfn:24eb1 [ 182.781936][ T5796] page:ffffea000093ac40 refcount:0 mapcount:0 mapping:ffff8880569d9278 index:0x3 pfn:0x24eb1 [ 182.792114][ T5796] aops:z_erofs_cache_aops ino:0 [ 182.797029][ T5796] flags: 0xfff00000000001(locked|node=0|zone=1|lastcpupid=0x7ff) [ 182.804756][ T5796] page_type: 0xffffffff() [ 182.809756][ T5796] raw: 00fff00000000001 dead000000000100 dead000000000122 ffff8880569d9278 [ 182.818426][ T5796] raw: 0000000000000003 0000000000000000 00000000ffffffff 0000000000000000 [ 182.827065][ T5796] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set [ 182.834346][ T5796] page_owner tracks the page as allocated [ 182.840071][ T5796] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x192840(GFP_NOWAIT|__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 6544, tgid 6539 (syz.3.124), ts 181922282792, free_ts 181863445536 [ 182.862004][ T5796] post_alloc_hook+0x1cd/0x210 [ 182.866826][ T5796] get_page_from_freelist+0x195c/0x19f0 [ 182.872436][ T5796] __alloc_pages+0x1e3/0x460 [ 182.877344][ T5796] z_erofs_do_read_page+0x20c0/0x3680 [ 182.882737][ T5796] z_erofs_pcluster_readmore+0x2cf/0x450 [ 182.888680][ T5796] z_erofs_read_folio+0x208/0x540 [ 182.893730][ T5796] filemap_read_folio+0x167/0x760 [ 182.899053][ T5796] do_read_cache_folio+0x470/0x7e0 [ 182.904197][ T5796] erofs_bread+0x16f/0x630 [ 182.909319][ T5796] erofs_namei+0x28c/0xf00 [ 182.913744][ T5796] erofs_lookup+0x135/0x310 [ 182.918872][ T5796] path_openat+0x10b8/0x3190 [ 182.923469][ T5796] do_filp_open+0x1c5/0x3d0 [ 182.928001][ T5796] do_sys_openat2+0x12c/0x1c0 [ 182.932690][ T5796] __x64_sys_creat+0x90/0xb0 [ 182.937335][ T5796] do_syscall_64+0x55/0xb0 [ 182.941754][ T5796] page last free stack trace: [ 182.946435][ T5796] free_unref_page_prepare+0x7ce/0x8e0 [ 182.952021][ T5796] free_unref_page+0x32/0x2e0 [ 182.956742][ T5796] tlb_finish_mmu+0x112/0x1d0 [ 182.961433][ T5796] exit_mmap+0x3f0/0xb50 [ 182.965689][ T5796] __mmput+0x118/0x3c0 [ 182.969754][ T5796] exit_mm+0x1da/0x2c0 [ 182.973819][ T5796] do_exit+0x88e/0x23c0 [ 182.977993][ T5796] do_group_exit+0x21b/0x2d0 [ 182.982664][ T5796] __x64_sys_exit_group+0x3f/0x40 [ 182.987706][ T5796] do_syscall_64+0x55/0xb0 [ 182.992124][ T5796] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 182.998048][ T5796] Modules linked in: [ 183.001941][ T5796] CPU: 1 PID: 5796 Comm: syz-executor Tainted: G B syzkaller #0 [ 183.010957][ T5796] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 183.021044][ T5796] Call Trace: [ 183.024329][ T5796] [ 183.027276][ T5796] dump_stack_lvl+0x16c/0x230 [ 183.031986][ T5796] ? show_regs_print_info+0x20/0x20 [ 183.037210][ T5796] ? swiotlb_print_info+0x70/0x70 [ 183.042234][ T5796] bad_page+0x14b/0x170 [ 183.046385][ T5796] free_unref_page_prepare+0x887/0x8e0 [ 183.051845][ T5796] free_unref_page+0x32/0x2e0 [ 183.056520][ T5796] ? __folio_put+0xef/0x210 [ 183.061089][ T5796] erofs_try_to_free_all_cached_pages+0x295/0x600 [ 183.067594][ T5796] erofs_shrink_workstation+0x118/0x290 [ 183.073175][ T5796] ? erofs_shrinker_unregister+0x170/0x170 [ 183.078991][ T5796] ? io_schedule+0xd0/0xd0 [ 183.083409][ T5796] ? kobject_put+0x43c/0x470 [ 183.088023][ T5796] erofs_shrinker_unregister+0x5d/0x170 [ 183.093589][ T5796] erofs_put_super+0x4e/0x150 [ 183.098272][ T5796] ? erofs_free_inode+0xb0/0xb0 [ 183.103126][ T5796] generic_shutdown_super+0x134/0x2b0 [ 183.108528][ T5796] kill_block_super+0x44/0x90 [ 183.113222][ T5796] erofs_kill_sb+0x4c/0x140 [ 183.117765][ T5796] deactivate_locked_super+0x97/0x100 [ 183.123143][ T5796] cleanup_mnt+0x429/0x4c0 [ 183.127575][ T5796] task_work_run+0x1ce/0x250 [ 183.132170][ T5796] ? task_work_cancel+0x240/0x240 [ 183.137196][ T5796] ? exit_to_user_mode_loop+0x3b/0x110 [ 183.142652][ T5796] exit_to_user_mode_loop+0xe6/0x110 [ 183.147933][ T5796] exit_to_user_mode_prepare+0xf6/0x180 [ 183.153480][ T5796] syscall_exit_to_user_mode+0x1a/0x50 [ 183.158951][ T5796] do_syscall_64+0x61/0xb0 [ 183.163460][ T5796] ? clear_bhb_loop+0x40/0x90 [ 183.168138][ T5796] ? clear_bhb_loop+0x40/0x90 [ 183.172808][ T5796] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 183.178714][ T5796] RIP: 0033:0x7f33cef901f7 [ 183.183226][ T5796] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 183.202828][ T5796] RSP: 002b:00007ffd00067a58 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 183.211238][ T5796] RAX: 0000000000000000 RBX: 00007f33cf011d7d RCX: 00007f33cef901f7 [ 183.219208][ T5796] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd00067b10 [ 183.227183][ T5796] RBP: 00007ffd00067b10 R08: 0000000000000000 R09: 0000000000000000 [ 183.235144][ T5796] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd00068ba0 [ 183.243112][ T5796] R13: 00007f33cf011d7d R14: 000000000002c6f6 R15: 00007ffd00068be0 [ 183.251085][ T5796] [ 183.255212][ T5796] BUG: Bad page state in process syz-executor pfn:19add [ 183.262247][ T5796] page:ffffea000066b740 refcount:0 mapcount:0 mapping:ffff8880569d9278 index:0x4 pfn:0x19add [ 183.272479][ T5796] aops:z_erofs_cache_aops ino:0 [ 183.277354][ T5796] flags: 0xfff00000000001(locked|node=0|zone=1|lastcpupid=0x7ff) [ 183.285085][ T5796] page_type: 0xffffffff() [ 183.289409][ T5796] raw: 00fff00000000001 dead000000000100 dead000000000122 ffff8880569d9278 [ 183.297998][ T5796] raw: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 183.306590][ T5796] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set [ 183.313862][ T5796] page_owner tracks the page as allocated [ 183.320157][ T5796] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x192840(GFP_NOWAIT|__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 6544, tgid 6539 (syz.3.124), ts 181922390628, free_ts 181863194040 [ 183.342083][ T5796] post_alloc_hook+0x1cd/0x210 [ 183.346861][ T5796] get_page_from_freelist+0x195c/0x19f0 [ 183.352508][ T5796] __alloc_pages+0x1e3/0x460 [ 183.357107][ T5796] z_erofs_do_read_page+0x20c0/0x3680 [ 183.362471][ T5796] z_erofs_pcluster_readmore+0x2cf/0x450 [ 183.368133][ T5796] z_erofs_read_folio+0x208/0x540 [ 183.373163][ T5796] filemap_read_folio+0x167/0x760 [ 183.378204][ T5796] do_read_cache_folio+0x470/0x7e0 [ 183.383322][ T5796] erofs_bread+0x16f/0x630 [ 183.387762][ T5796] erofs_namei+0x28c/0xf00 [ 183.392177][ T5796] erofs_lookup+0x135/0x310 [ 183.396695][ T5796] path_openat+0x10b8/0x3190 [ 183.401281][ T5796] do_filp_open+0x1c5/0x3d0 [ 183.405795][ T5796] do_sys_openat2+0x12c/0x1c0 [ 183.410464][ T5796] __x64_sys_creat+0x90/0xb0 [ 183.415073][ T5796] do_syscall_64+0x55/0xb0 [ 183.419498][ T5796] page last free stack trace: [ 183.424836][ T5796] free_unref_page_prepare+0x7ce/0x8e0 [ 183.430303][ T5796] free_unref_page+0x32/0x2e0 [ 183.435273][ T5796] tlb_finish_mmu+0x112/0x1d0 [ 183.439962][ T5796] exit_mmap+0x3f0/0xb50 [ 183.444199][ T5796] __mmput+0x118/0x3c0 [ 183.448373][ T5796] exit_mm+0x1da/0x2c0 [ 183.452443][ T5796] do_exit+0x88e/0x23c0 [ 183.456613][ T5796] do_group_exit+0x21b/0x2d0 [ 183.461197][ T5796] __x64_sys_exit_group+0x3f/0x40 [ 183.466228][ T5796] do_syscall_64+0x55/0xb0 [ 183.470639][ T5796] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 183.476546][ T5796] Modules linked in: [ 183.480431][ T5796] CPU: 1 PID: 5796 Comm: syz-executor Tainted: G B syzkaller #0 [ 183.489437][ T5796] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 183.499481][ T5796] Call Trace: [ 183.502750][ T5796] [ 183.505674][ T5796] dump_stack_lvl+0x16c/0x230 [ 183.510351][ T5796] ? show_regs_print_info+0x20/0x20 [ 183.515548][ T5796] ? swiotlb_print_info+0x70/0x70 [ 183.520567][ T5796] bad_page+0x14b/0x170 [ 183.524715][ T5796] free_unref_page_prepare+0x887/0x8e0 [ 183.530179][ T5796] free_unref_page+0x32/0x2e0 [ 183.534859][ T5796] ? __folio_put+0xef/0x210 [ 183.539351][ T5796] erofs_try_to_free_all_cached_pages+0x295/0x600 [ 183.545757][ T5796] erofs_shrink_workstation+0x118/0x290 [ 183.551297][ T5796] ? erofs_shrinker_unregister+0x170/0x170 [ 183.557103][ T5796] ? io_schedule+0xd0/0xd0 [ 183.561530][ T5796] ? kobject_put+0x43c/0x470 [ 183.566124][ T5796] erofs_shrinker_unregister+0x5d/0x170 [ 183.571684][ T5796] erofs_put_super+0x4e/0x150 [ 183.576357][ T5796] ? erofs_free_inode+0xb0/0xb0 [ 183.581203][ T5796] generic_shutdown_super+0x134/0x2b0 [ 183.586580][ T5796] kill_block_super+0x44/0x90 [ 183.591252][ T5796] erofs_kill_sb+0x4c/0x140 [ 183.595768][ T5796] deactivate_locked_super+0x97/0x100 [ 183.601137][ T5796] cleanup_mnt+0x429/0x4c0 [ 183.605717][ T5796] task_work_run+0x1ce/0x250 [ 183.610304][ T5796] ? task_work_cancel+0x240/0x240 [ 183.615324][ T5796] ? exit_to_user_mode_loop+0x3b/0x110 [ 183.620776][ T5796] exit_to_user_mode_loop+0xe6/0x110 [ 183.626057][ T5796] exit_to_user_mode_prepare+0xf6/0x180 [ 183.631704][ T5796] syscall_exit_to_user_mode+0x1a/0x50 [ 183.637166][ T5796] do_syscall_64+0x61/0xb0 [ 183.641583][ T5796] ? clear_bhb_loop+0x40/0x90 [ 183.646251][ T5796] ? clear_bhb_loop+0x40/0x90 [ 183.650940][ T5796] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 183.656842][ T5796] RIP: 0033:0x7f33cef901f7 [ 183.661252][ T5796] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 183.680854][ T5796] RSP: 002b:00007ffd00067a58 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 183.689259][ T5796] RAX: 0000000000000000 RBX: 00007f33cf011d7d RCX: 00007f33cef901f7 [ 183.697225][ T5796] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd00067b10 [ 183.705189][ T5796] RBP: 00007ffd00067b10 R08: 0000000000000000 R09: 0000000000000000 [ 183.713255][ T5796] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd00068ba0 [ 183.721218][ T5796] R13: 00007f33cf011d7d R14: 000000000002c6f6 R15: 00007ffd00068be0 [ 183.729192][ T5796]