last executing test programs: 12.748234629s ago: executing program 0 (id=1011): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r3, &(0x7f00000000c0), 0x10) sendmsg$can_bcm(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)={0x2, 0x280, 0x1, {0x0, 0x2710}, {0x77359400}, {0x3, 0x1, 0x1}, 0x1, @can={{0x1, 0x1, 0x1}, 0x6, 0x3, 0x0, 0x0, "e4720f557d78ea46"}}, 0x48}, 0x1, 0x0, 0x0, 0x800}, 0x10) 10.658934934s ago: executing program 4 (id=1018): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000380)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)={0x3c, r1, 0x1, 0x70bd2d, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_MESH_SETUP={0x14, 0x70, [@NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC={0x5}, @NL80211_MESH_SETUP_USERSPACE_AMPE={0x36}, @NL80211_MESH_SETUP_USERSPACE_AUTH]}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4000000}, 0x840) 10.404715632s ago: executing program 3 (id=1020): syz_mount_image$erofs(&(0x7f00000000c0), &(0x7f0000000140)='./file1\x00', 0x1000811, &(0x7f0000000000)=ANY=[], 0x2, 0x1da, &(0x7f00000011c0)="$eJzsmb/v0kAYxp+79gtfiTFxcXDRRBIxQmmLGhYGTNxNwF+bRCpBCxioCZA4EBcXRwcTV/8BBwcmBzc3Vx3UxMRBRueaO4725FcghoSE95NwfXp97973XuAZAARBHCw/vv/59vJ6sZoFcBJpJNX8LyOO4Vr819dPL78q3Xjz7svbj+1Tz8bz+zEAYbhx+pFI86FsIFATYfjv6rS6VsEjfQscl5S+AwZL6fvguK20B4Z7Sj/SdOeEEr5nPej49YdN37PF4IjBFUNBz28CmIwY6gCOVX1Me94bDB/XfN/rzoujcJZn4dG2Yl0DTcCclDlKWv/E+3X3xfORuJ/1xtb654DDUboAhorSRSRhWVbcEu38Z814f2OT8++DOJ1bF5PdgwoPSYTYizJ8j83PiC90NHNmMv60uOrnLgs7v9sjS+MCsPDoc+r/dk4oE1gaE/unsNyLmj+ZMCP/yAetJ/neYJhrtmoNr+G1Xbdwzb5i21fdvDSi6bjG/46lP6W0/Y9WxCZYAv1aEHSdPhB0nejenY6a41bed37LNVz6H0fmwnQP8VGRx04uz8HUi8urUBljZfEEQRAEQRAEQRAEQRAEQRBbcQ5M/gqq/qgKV+DelNF/AwAA///OPWl8") open(&(0x7f0000000180)='./file1\x00', 0x80242, 0x0) 9.855029242s ago: executing program 4 (id=1021): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) capset(0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r2, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) recvmsg$unix(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) 9.321908049s ago: executing program 4 (id=1023): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r0 = getpid() socket$nl_generic(0x10, 0x3, 0x10) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x6, 0x0, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r3 = socket(0x10, 0x803, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2b, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0x7}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) 9.154555383s ago: executing program 3 (id=1024): r0 = syz_open_dev$loop(&(0x7f00000001c0), 0x75f, 0x103382) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, 0xffffffffffffffff) read$FUSE(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f0000000140)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f0000000240)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP$PAGES(0xffffffffffffffff, 0x3b85, &(0x7f0000000280)={0x28, 0x7, r6, 0x0, &(0x7f00007ff000/0x800000)=nil, 0x800000}) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(0xffffffffffffffff, 0x3ba0, &(0x7f0000000400)={0x48, 0x5, r5, 0x0, 0xffffffffffffffff, 0x1}) r8 = socket$inet6_udp(0xa, 0x2, 0x0) mprotect(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x8941b19eafc7cf74) prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1) setsockopt$inet6_group_source_req(r8, 0x29, 0x2e, &(0x7f0000000000)={0x3, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x6, @ipv4={'\x00', '\xff\xff', @local}}}}, 0x108) getsockopt$inet6_buf(r8, 0x29, 0x30, &(0x7f0000000000)=""/40, &(0x7f0000001000)=0xf9) ioctl$IOMMU_TEST_OP_ACCESS_RW(r4, 0x3ba0, &(0x7f0000000080)={0x48, 0x8, r7, 0x0, 0x81, 0xf80, &(0x7f0000000700)="85653f453420ca7d5107cac3b1c61de0a1009492a7c67d538843c3f5ba1f143fc6f1cd155f7653e1393744f396a94d8d0becf9445701326980185d6f5cc0c2ee263914da7695c86440305aa84ad2ff0c61d29e1218e6659aedbc1cea7416b5b4a991455d2534207f281a52670d763fdb36af099158c93f565c3ec3a6eddd7ee3974954d0d20fa5635c69037286a94ddd6f1a231625bcc29bdb05b5e8fef40e9a6a30de284e26f47210a18f5b1063528c16d560d916a6c811c1bae078daa7534d43906981300cd79bddf1b6c4bb873604d671da76de5d729fcd8bd703e97bde4721558c2a43dc7d5b6208acdcd8f82f3bba8753d4136b76471bd0d8d31a9f1596a15e0e18e14005249610e97f6bf581db1a50871d65742514336bc9e1fcee7dd958da853a56757f38a1009a8f81886992d594388aa4815b168d966b71b50f87b4a6ef57b5c8b1e0ce840c244d052ddf45923a7843883431b9bc43785c0e07a24459fe47642a251f6181f8c679e6bd568213f1df3cdd59dd9bd3c6131865f11570fe242d6551dc3201eaa3705cf9096561fce1273b3b767f0ea0657acf84783f609186b63533973d5b495b5bf5e66364d035214286f56748e275d2b4df9def6e844e69ba0958a9762a9c7e278811b2cda2c1abf4530cb5c3283a8bb8024bc3ed59524c6d5283bba208769540eb9f433d7a759ca5bab28ede3f39742350b9900e94c19407394b600510d553163392189c3cd831cb014260b48ed47e15fe8f89dc4e13933bf66f00d3570158130f73d641db28ddaa3dbd06fc777bc059ab7138cb7e72120e0c45135d4bff8d68dd33cebc410f116fc8bec4317e59ed5fdf7be27b64aad180ac6453b283c187072a232be84445ed91ef2ba779a7a445ee8199fafc1c74e0073fb3313a16d317b9aac2b37e215cf76984668446b2194712cd1cbcf78c9a10bc9dd104dbc03ffb0dc4a28484a0332f98cf1b99322b176546cf0c9b180e627a7e67bb16e671fdc739c255ddcba53457fb12d39700d2695f2414668f9665ec167bc763b2191f913efe3eab99a05c737662930f46567d0e2b7d3fdfaedda8ab53c4f4e0a700efe0c8cf34b30b1c2569216d1ddf1471c7cab5ccf0dae565dfcc42b2fb0d19fb92808b42d086c68eb3c0ed0a1954e19fa1e3d85bfd8a521d6230b407ed193a625f7f289c31a3a1738505c5e62177bb5b791bd861827d48655ea01d2a5009c4e8c78e426ccad4fcbe96b532eee5208967e6ee8a680319a005411ecb28e764aadf1aa83fd46f09028cd2b0ac6babc10f48c8ad3e886fb949672410b3ac31364753cabe3e9518fafc0189c7135445d202bd9703b8571ccc44c9de9f7b94c3f43afab423dddf2c8c621e2b0042b75cc198b1b93710e09fb36b4dc9c962bc4def0598eb76d9bb1e1dccf092461351b63de3c1ba850c0d82b6ebf932e32aab962b4da19fd9692164a3447f13c9eddaba5c298a76c195a86d2421906a8f242bc5c7553f0d45f23edda3a888278bc195bfb1d142361d398d8e94731fe0ff2d408ed5f6e9163623c3fb41c8cd92fed66fba7cf8799bd3a37855c1b13634190cfe32817dcc31cd320bf39a1a843d8f6c1f6cb1bd53bd45a341fc54b14bd129f1295de6f4e1693e0299dcd95a7c2d1fc909e5ee61215bdb01ea46a7d580ffe4bfb9b0bf1f5a4756151cbc3e768b77357f7b6bf568c5acb81d1d10fb7661ac5b47c0b89885857e1f0ae27a47b5890fcb316abf6a6de29ff9115f7826897f920c07816b8dfcae84d1f1baa252328caac033e723d136b8b23288a7d8db15598ba302b122ba18a300b593d1af073b8c2d627bf9c6305d79b9041f392d00bb53e18e485495d0429a873efb57fd4aefc6c5c18a37ff5cc728a86d6a06a56c390d743d0688f972cbf0d4741b77392735d0935662c150d42b74f841b463a3a91e7078e6c3cb4f627de75964a3d72b61ded7a056872ade46f34497e69922e5d900fa518042682c86ac4fd3488874c7c3e2650bbe330b7d3f8696c44199ff232ff7bcace227b6221f50c0a08378338ee81b5a86c4cbe1316c1a98761fb7979a04a3d42b9560d0852fde3054ee25e8f20db90c16de4a2de142006b7309870dfb1b4cf6a7daf418cf694a888adfce81687ab35b303f77b3437ad6c45cc35a6074ecba569d5e6d641e6b240177f0c8a1a1d4dc9f209ef748832578b0a6b80caf9ef4d0192ca8f73eee012a119c97e34bc6901ee7532345a5162d81fcd1981e9b0b6997b890277ed72604f5b29e82288924715dcb53888fbcc6dc338576e1819e2e252167b3bd01f9ec9e75cb4d62631906e728313a65c07d2778ecf3a9ee0c10fb4cf24966c4824cf23385008a892577c58d62278512160119fdc9e26d0dd617083be3c36439ffc1e074299ccde8049540ecfc89bb8351e2331b99ec9444fbcdf4401e507492c3fd63ae394b65a82aab32b589e16498b4cd8242839b75f730213ca4588a360807a813d62369a975a264e756977a1670e3d906308aa5648cca15293dfbb240eff8277262d41d1a71e0179eeb77318c1cdad85a8631d0b9950ed89c183589fa675eb0e008aaf7cfb19b87f6537ddfe55d13b6a95be4ca0baef65b724f0fb1f35ba4b13312dc06cec253c1ee3df64279c30fa2a85dbca8e52729016439cbe86e5639b177de80333a09b230a569b14fca2fb6c8294a172ecf6c9b9019c23b09c083ba564e6a137432a5460a5aea13b70bf0fb81a9ba5c2d6df490cbe4fe9ad6658b9b0f74e5ee9e5788840f3e3d0b7619c7fb4f960ce821de814ba73e5f5c75707e4ea144b003f250371b272fd317bfa7fbbda24456f2d032feca108532afda61a600e1532e9256e4fe6cf7e41f0964496a1485e7996ce8ab4375c694de12445d3d2706f957f12b29dcbf58fd449881770bd12a948cfa4b3dd2097b1b42bfa3c7eced5f0838b685bfde7d00e656244c6744953ff2e1741e0057be97a2434a25b9d976e220f4e46fa9da305fd626ab3ff16b0ee82b09d738c92923c8ada89493a0e6282d0ecd5e3498adc8cad641d8eb86669ebcd7f08f27ec47b850257582def7c16ea4ca545bb4c5b3b8612138a98f2d0528d083d067e40d51405174f2a3a4df89c822859f6cfaaf967eb43d41caee5ef44861eca76a647fd826b33460a5be331bc0e7ee0cd73683419b518f679197da31fc751a31a4ace15d481774211c7d832948b0d5c9577d5a5876909ee75a34ed78a819de1d11ff64ba157432c7e26d9e492cf5f9103639d0afd8b6b29168cdc7af1f5a219243856f25aab4981c940d143b0935d8cdd860f3687e3b30a424233b7bb96fa18bd42c7def00baa43fe15a556feca816164b1d94a2bca6ed3abe60969db27d12ab9948fb73ef599cd2d8eb2fea93814a0027f2aaa940c2b325da21b07abe82b43f9d17c9a78665e30ccad353e5167fc582e85fd888cfafa4a355673c0a771700ae1e6763bc0f2bb130ea9dead2b75ce360d635a760122e8e6a351c68ee2c707f42475222d998e2ed0829394597a6c0406cdba56e3209cc1ce6af6fedeae4e932053ba7a31ed2b413ca70511a95874be02da6d6512768a20187d9276e7faaf26a31f7c471ea235a8e39bebfc089871cffcdbb6887e8c954b23d3efc349999c202e23114bb1b5717150e06d84c1651630b248594bd8b4cd987b0db3b09d2dd4e8bcb9e0b5ebe79036ddf7f86ca3b5c0d9e34e2b82be9e7e4d9ada32bc56af4d34282fff7610a685084007e1c9dbda3abd403d7c324bbcced9d355350f70114270d454c65c4b3245c0473c8a10e9dd9c7bb6bc55df646a76dbc07593217e825096139a1e8b6971f72f2eec80f41b2ec980be41ec841931be6515c70db08f9bae265ba99a05fcb29c0d723fdd502901c3a3dde76e000eaa46e24c6f3b09fe4547db0d094c7ed26832e429fc5a6305b8fae3e8eba015b5b80f3edbd5a9e5743650b1b4712b3289179dc95a52bb8b136a23091d62ca75af09e609c59271cb408ea74c369323b41ae9cfeb557fc7218f48187ceda18b555566de67ea6a5e109498b6b95afd166f105a2c0fba32e5f655182b318e248f863d54e17ebc8146dfe72553b2bb0334673405e1aacbc1b4174f15fede379bccfa63ac01ae2edce46cbbc18c43e188946e9ce6f650a3242688b0036edf5e6a53fcd43ee55012997041dc80d7b529097424cf6014cac9d62aea104913b20ad57358b723d0dacb14e5eacf32fff43a52d1a3c31ecb8b82a47a0c69b7a05e38dac434aa08ddce5b144ae4fc113d07adbf540878750877aef994796b66419ff992f6c4fbdd527d1970701b1a873905d5cf51dbd6a873123d85a45700e9f496bf27dba143bc00846cac194a7dda72273d9294e80f2d28c68c5936db45ac92be19f0fa06d4a7bb8e564c6ea5dfcdeb38d0981bbd3280b81b1eff7c07690946b993b86238e59a8a448d4cb9cdf1044ece50fa7bae2862fdd50a988d5f6868f5409e619bb2f3d951058ebb850da0db361cf158d78ebfe51d529e8c51a5c1c2023e9c3ac46d235a8f615e66e4b3a694ec1b993f104fe46465c3581af614079d5acaf3449c22b34dadbfa50c9271896d8d4be1fa4b840f4c3c20d2bcdeb1c4f9f04031a6951d5081e8aed0c7a3ea1dac2884a2ff271f66ffc924fae53524c2988cf3b3f38eb872ff40d8ed321b130bbc0c653a081e6036f2fc8169aa748b39e407f757c2537b0d850d88d94b4623e2af105030592dc853dfb972b44a0c424c318e500eab92a392461f7525c76335109d879fb7566fcc7f179bd57aa0bf745ecab1c41470bdd17541bf93e0c8d4e03db9cb0b3aceeafb507353d49748c7cd38141d6c311b701aa80e7cb3778c63cdee1fa53be3b225a6acb3b4a68545dd0455c95823be8cae3cf58e5d07ccfcacf64e888b5d3bb2a9d4c74f6a39a4345d39dbd1c67a4028b55d94d5e322449eeaed495b5005de37abc038a4e879716913d187884bc4d7bee4bf2000fa6afdb7298a83414de1d8c615220446e29bd2f74063fd7c7b76ff06fbfb4e5c4fdbbe6b3701a59a4da60d38185e1887ca0aaf182c3b5c2f7e073aad60d59417cdc7964f9533ce39e8325a29661689d900903d5347afeb92fd492b048dd7d121ae14970f3ef85389393c0f62a41b18aabdbe6eca40ce9b623d7122be1b6b99c184b555eabbd9fb97d09793764c8479e853fd19951fd5da22508a2306603ea75107c080a08335a7aa4b4afed6037f47d0c4f91cae57b97a70cdbf2cddc8fa5e58421af2e3ebacd240f228cbda39e0cdbda97bf748f4060f85421f05adeb9f7f4183f7866e025e4e1a902764bbc6ddb092aaedbad1fe53464eabee7769eaaf9999aa67350666c4bccda54d1dbf4da4944d6398e75f6ceb5c858fea2c9d33388c93a830f2b7baf6f8e99814b60f46d06fb42f97e6b48f3eaf006540fa996adb9bc6376f073199b598e96b500176316021c048a07475015a3dbe8a19e8ef46b6a86277e157e14d654c0427a0484223f4c79a56a909dc23f190e08cfd2f9e1b270a6973aaf089dd4c7aa7c76789411e526e9652fe5fca65f5bdf38f2859f6e15a1987713d385fb90284ea7290d350deb40e60d3bc1a8cf2df7", 0x4}) socket$key(0xf, 0x3, 0x2) 8.818097343s ago: executing program 0 (id=1025): r0 = syz_open_dev$loop(&(0x7f00000001c0), 0x75f, 0x103382) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, 0xffffffffffffffff) read$FUSE(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f0000000140)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f0000000240)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP$PAGES(r3, 0x3b85, &(0x7f0000000280)={0x28, 0x7, r6, 0x0, &(0x7f00007ff000/0x800000)=nil, 0x800000}) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r3, 0x3ba0, &(0x7f0000000400)={0x48, 0x5, r5, 0x0, 0xffffffffffffffff, 0x1}) ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r4, 0x3ba0, &(0x7f0000000180)={0x48, 0x7, r7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x749bc}) 8.817392657s ago: executing program 1 (id=1026): ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000000040)={0x9, 0x1, {0xffffffffffffffff}, {0xee00}, 0x8001, 0xffffffff}) r1 = add_key$user(&(0x7f0000000180), &(0x7f0000000340)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd) r2 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), 0x0, 0x0, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f00000000c0)={r1, r2, r1}, &(0x7f00000001c0)=""/241, 0xf1, &(0x7f0000000000)={&(0x7f0000000140)={'rmd160\x00'}}) r3 = syz_open_dev$vim2m(&(0x7f0000000100), 0x0, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r3, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1, 0x0, 0x2}) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, 0x0, &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r4, 0x0, 0xd}, 0x18) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f00000001c0), 0x80280, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r5, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r6, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x20, 0x10, 0x701, 0x0, 0x0, {0xa}, [@typed={0xc, 0x2, 0x0, 0x0, @str='nl80211\x00'}]}, 0x20}}, 0x0) recvmmsg(r6, &(0x7f0000001b40)=[{{0x0, 0x0, &(0x7f0000000000)=[{0x0}, {&(0x7f00000003c0)=""/152, 0x98}, {&(0x7f0000000480)=""/4096, 0x1000}], 0x3}}], 0x1, 0x0, 0x0) ioctl$vim2m_VIDIOC_REQBUFS(r3, 0xc0145608, &(0x7f0000000000)={0x6, 0x1, 0x1, 0x0, 0x3}) ioctl$vim2m_VIDIOC_STREAMOFF(r3, 0x40045612, &(0x7f0000000040)=0x1) ioctl$vim2m_VIDIOC_STREAMOFF(r3, 0x40045612, &(0x7f0000000080)=0x2) r7 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$int_in(r7, 0x40000000af01, 0x0) ioctl$VHOST_SET_MEM_TABLE(r7, 0x4008af03, &(0x7f0000000400)={0x2, 0x0, [{0x8000000, 0xfc, &(0x7f0000000480)=""/252}, {0x1, 0xf, &(0x7f0000000240)=""/15}]}) ioctl$VHOST_SET_FEATURES(r7, 0x4008af00, &(0x7f00000001c0)=0x304008000) ioctl$VHOST_NET_SET_BACKEND(r7, 0x4008af30, &(0x7f00000003c0)={0x1}) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) ioctl$vim2m_VIDIOC_QBUF(r3, 0xc058560f, &(0x7f0000000180)=@multiplanar_mmap={0x0, 0x2, 0x4, 0x10, 0xb, {}, {0x5, 0x8, 0x0, 0xb, 0x3, 0x10, "6e4f3cf2"}, 0x101, 0x1, {0x0}, 0x6}) mount$tmpfs(0x0, &(0x7f0000000140)='./cgroup\x00', &(0x7f0000000000), 0x830400, &(0x7f0000000200)={[{@inode32}, {@uid={'uid', 0x3d, r0}}, {@noswap}, {@size={'size', 0x3d, [0x37]}}, {@huge_always}]}) 8.675223103s ago: executing program 2 (id=1027): bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r1 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) syz_open_procfs(0x0, &(0x7f00000000c0)='net/ptype\x00') r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x4, 0x5, 0x2, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000080)={{r3, 0xffffffffffffffff}, &(0x7f0000000000), &(0x7f0000000040)='%ps \x00'}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r5, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x3800, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 7.343310951s ago: executing program 4 (id=1028): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000005c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0xffffffff) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680)) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1) syz_mount_image$squashfs(&(0x7f0000000180), &(0x7f0000000280)='./file1\x00', 0x0, &(0x7f0000000500)=ANY=[], 0x9, 0x201, &(0x7f0000000f40)="$eJzsVUtrU0EU/s7NJLfRLAru3BpsN9rmFsS1G7vXH2BIr7WY+OhENKFgdNONgvgnCv4JXQi6dyEiuNGFgi4qrioSOTNnJpMH9ra+NvPB5XznPY87M1f0TZ0C+LG71cI8DAg1vCWCArBA1rZXsfKryKHgo7J6Q+xPRH4QqXv9Vw8s7V9tttv5pu79mqQgYJ+YcTJtOvf04bHi+RPk5f1xC6FIFqnD9Po90i3ZlZ12PRqzpLNiJBeTlRsX/vEsDk+qU4N35FsNCC2f/mD3Mq9mGTNjiA70r88gXMAQwLu+16a3aZK8eWw7z4wpSXoV48uyL+FT/L93mQnfRYYkB0rXkP3Q5+8l+EJAGa93t1psvSS3GLvX7OeOhMli5XkQc1wBA4BKGJqiXEdJ7AKApW7nxpLu9U9tdJrr+Xp+LctWziy/OCpHdHgX2Gjny2SGYdMTJgoefE6rgZ//tHcj/wABKBgaeF4jsy/pLufFE0FIFUiC3KCGFHjm+6diu6U7uIiTmANwe8DuTBaoDq6mcJmntgpCSZSGCgeEPSSYM47TrevttW0QyKXtQPkajfcoeyUThRvlK2f99LdF1kWuitwZ9TNwb5d7k5Sp8Fm0xQFQwZ1mt7tpHi/L2FbxFYwtm/edE+nqXkPXrJ6iII4UDYyIiIiIiIiI+Ev4GQAA//8sQT03") r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1000001, 0x11, r2, 0x3000) 6.346820811s ago: executing program 2 (id=1029): syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x0, &(0x7f0000000040)={[{@stripe={'stripe', 0x3d, 0x1}}, {@nolazytime}, {@delalloc}, {@i_version}, {@lazytime}, {@nodiscard}, {@grpjquota}, {@block_validity}, {@errors_remount}]}, 0x1, 0x549, &(0x7f0000000540)="$eJzs3c9vI1cdAPDvTH65222zCz1ABewChQWt1t5421XVS8sFhKpKiIoD4rANiTcKseMQO6UJkUj/BpBA4gR/AgckDkg9ceDGEYkDQpQDUoEItEHiYDRjJ+smNmtqx+7Gn480O/Pmzcz3PWdn3vNz4hfA1LoeEQcRMR8Rb0TEYmd/0lnilfaSHffgcH/l6HB/JYlW6/W/J3l+ti+6zsk82blmISK+/pWIbydn4zZ29zaWq9XKdiddata2So3dvVvrteW1ylpls1y+u3T39ot3XiiPrK7Xar9478vrr37j17/65Lu/O/ji97NiXe7kdddjlNpVnzuJk5mNiFfPI9gEzHTW8xMuBx9MGhEfiYjP5Pf/Yszk/zsBgIus1VqM1mJ3GgC46NJ8DCxJixGRpp1OQLE9hvdMXEqr9Ubz5v36zuZqe6zsSsyl99erldtXF/7w3fzguSRLL+V5eX6eLp9K34mIqxHxo4Un8nRxpV5dnUyXBwCm3pPd7X9E/GshTYvFgU7t8akeAPDYKEy6AADA2Gn/AWD6aP8BYPoM0P53Puw/OPeyAADj4f0/AEwf7T8ATB/tPwBMla+99lq2tI4633+9+ubuzkb9zVurlcZGsbazUlypb28V1+r1tfw7e2qPul61Xt9aej523io1K41mqbG7d69W39ls3su/1/teZW4stQIA/per1975fRIRBy89kS/RNZeDthoutnSERwGPl5lhTtZBgMea2b5geg3UhOedhN+ee1mAyej5Zd6Fnpvv95P/I4jfM4IPlRsfH3z83xzPcLEY2Yfp9cHG/18eeTmA8TP+D9Or1UpOz/k/f5IFAFxIQ/wKX+sHo+qEABP1qMm8R/L5PwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFwwlyPiO5GkxXwu8DT7Ny0WI56KiCsxl9xfr1ZuR8TTcS0i5hay9NKkCw0ADCn9a9KZ/+vG4nOXT+fOJ/9eyNcR8b2fvv7jt5abze2lbP8/TvYvHE8fVn543hDzCgIAg/vzIAfl7Xe5s+56I//gcH/leDnHMp7x3pdOJh9dOTrcz5d2zmy0Wq1WRCHvS1z6ZxKznXMKEfFsRMyMIP7B2xHxsV71T/KxkSudmU+740cn9lNjjZ++L36a57XX2cv30RGUBabNO9nz55Ve918a1/N17/u/kD+hhpc//woRx8++o674s51IMz3iZ/f89UFjPP+br57Z2Vps570d8exsr/jJSfykT/znBoz/x0986ocv98lr/SziRvSO3x2r1KxtlRq7e7fWa8trlbXKZrl8d+nu7RfvvFAu5WPUpeOR6rP+9tLNp/uVLav/pT7xCz3rP39y7ucGrP/P//PGtz79MLlwOv4XPtv75/9Mz/htWZv4+QHjL1/6Zd/pu7P4q33q/6if/80B47/7l73VAQ8FAMagsbu3sVytVraH2sjehY7iOmc2siIOdvBxd3G4oH+KfGNEL0ufjawzNsjBc+f1qp77xuxJX3G0V/5mdsUxVycdeS2G2ngwrliTeyYB4/Hwpp90SQAAAAAAAAAAAAAAgH7G8adLk64jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF9d/AwAA//8+JMPM") socket$nl_route(0x10, 0x3, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='.\x00', 0x0, 0x0) fsetxattr$system_posix_acl(r0, &(0x7f0000000180)='system.posix_acl_default\x00', &(0x7f0000000140)=ANY=[@ANYBLOB="0200000001000000280000000400000000000000100006000000000020"], 0x24, 0x2) r1 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f00000001c0)=0x80) 6.281082741s ago: executing program 1 (id=1030): sendmsg$IPSET_CMD_RENAME(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYBLOB="200000000506010200000000000000000a00000109006e"], 0x20}, 0x1, 0x0, 0x0, 0x20004000}, 0x800) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, 0x0) r1 = socket$igmp6(0xa, 0x3, 0x2) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r1, 0x8983, &(0x7f0000000300)={0x0, 'syzkaller1\x00'}) write$tun(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="06000000bbbbbbbbbbbbaaaaaaaaaabb88f5"], 0x72) 6.275999355s ago: executing program 3 (id=1031): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) prctl$PR_SET_MM(0x23, 0x8, &(0x7f0000229000/0x3000)=nil) ptrace(0x10, 0x1) 5.942802381s ago: executing program 4 (id=1032): bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x100004, 0x10003, 0x3, 0x1, 0x1, 0x1, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) socket$key(0xf, 0x3, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000003c0)}, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e1c}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f00000009c0)={&(0x7f00000000c0)={0x2, 0x4001, @empty}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x300}, 0x20044818) r3 = syz_open_dev$I2C(&(0x7f0000000d80), 0x0, 0x0) ioctl$I2C_SMBUS(r3, 0x720, &(0x7f0000000580)={0x1, 0x0, 0x0, 0x0}) r4 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000380), 0x109000, 0x0) ioctl$FBIO_WAITFORVSYNC(r4, 0x40044620, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(0xffffffffffffffff, 0x84, 0x6b, &(0x7f0000000240), 0x0) r5 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r5, &(0x7f0000000040)={0x28, 0x0, 0x2710, @local}, 0x10) listen(r5, 0x0) r6 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r6, &(0x7f0000000640)={0x28, 0x0, 0x2710}, 0x10) r7 = accept(r5, 0x0, 0x0) r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="120000000400000004000000a4"], 0x48) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r8, &(0x7f0000000300), &(0x7f00000002c0)=@tcp6=r7}, 0x47) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xb, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000080000850000001800000085000000a000000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, @void, @value}, 0x94) read$eventfd(0xffffffffffffffff, &(0x7f0000000080), 0x51) 5.942560798s ago: executing program 3 (id=1033): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() syz_usb_connect(0x3, 0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b7030000000000208500000072000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) unshare(0x2e000400) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x7, 0x4, 0x8, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000001c0)={r3, &(0x7f0000000040), 0x0}, 0xd) 4.791615916s ago: executing program 1 (id=1034): bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x100004, 0x10003, 0x3, 0x1, 0x1, 0x1, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) socket$key(0xf, 0x3, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000003c0)}, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e1c}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_open_dev$I2C(&(0x7f0000000d80), 0x0, 0x0) ioctl$I2C_SMBUS(r3, 0x720, &(0x7f0000000580)={0x1, 0x0, 0x0, 0x0}) r4 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000380), 0x109000, 0x0) ioctl$FBIO_WAITFORVSYNC(r4, 0x40044620, 0x0) r5 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r5, &(0x7f0000000040)={0x28, 0x0, 0x2710, @local}, 0x10) listen(r5, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="120000000400000004000000a4"], 0x48) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r6, &(0x7f0000000300), &(0x7f00000002c0)=@tcp6}, 0x47) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xb, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000080000850000001800000085000000a000000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, @void, @value}, 0x94) 3.628762391s ago: executing program 4 (id=1035): socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmsg$nl_xfrm(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x4f8}, 0x1, 0x0, 0x0, 0x40004}, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_ACTIVATE(r4, 0x4bfa, 0x10000000000004) 3.344799582s ago: executing program 1 (id=1036): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) socket$inet_udp(0x2, 0x2, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x89}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socket$vsock_stream(0x28, 0x1, 0x0) r2 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0xc8c7, 0x0, 0xfffffffd, 0x2}, &(0x7f0000000340)=0x0, &(0x7f00000002c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, 0x0, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f0000000380)=@IORING_OP_STATX={0x15, 0x2, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000003c0)='./file0\x00', 0x400, 0x2000, 0x1}) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000040), r5) sendmsg$NLBL_MGMT_C_ADDDEF(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x2c}}, 0x0) io_uring_enter(r2, 0x47f9, 0x0, 0x0, 0x0, 0x0) connect$vsock_stream(0xffffffffffffffff, 0x0, 0x0) r6 = openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r7 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) setsockopt$netrom_NETROM_T1(r7, 0x103, 0x1, &(0x7f0000000040), 0x4) setsockopt$inet6_int(r2, 0x29, 0x57, &(0x7f0000000400)=0x6, 0x4) openat$cgroup_devices(r6, &(0x7f00000000c0)='devices.deny\x00', 0x2, 0x0) syz_open_dev$sg(0x0, 0x0, 0x8002) pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) getpid() 2.942931131s ago: executing program 0 (id=1037): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x800000000003) rseq(&(0x7f0000000400)={0x0, 0x0, 0x0, 0x3}, 0x20, 0x0, 0x0) rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8) open_by_handle_at(0xffffffffffffff9c, 0x0, 0x0) 2.919351487s ago: executing program 2 (id=1038): r0 = syz_open_dev$loop(&(0x7f00000001c0), 0x75f, 0x103382) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, 0xffffffffffffffff) read$FUSE(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r5 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f0000000240)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP$PAGES(r4, 0x3b85, &(0x7f0000000280)={0x28, 0x7, r6, 0x0, &(0x7f00007ff000/0x800000)=nil, 0x800000}) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r4, 0x3ba0, &(0x7f0000000400)={0x48, 0x5, 0x0, 0x0, 0xffffffffffffffff, 0x1}) r8 = socket$inet6_udp(0xa, 0x2, 0x0) prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) getsockopt$inet6_buf(r8, 0x29, 0x30, &(0x7f0000000000)=""/40, &(0x7f0000001000)=0xf9) ioctl$IOMMU_TEST_OP_ACCESS_RW(r5, 0x3ba0, &(0x7f0000000080)={0x48, 0x8, r7, 0x0, 0x81, 0xf80, &(0x7f0000000700)="85653f453420ca7d5107cac3b1c61de0a1009492a7c67d538843c3f5ba1f143fc6f1cd155f7653e1393744f396a94d8d0becf9445701326980185d6f5cc0c2ee263914da7695c86440305aa84ad2ff0c61d29e1218e6659aedbc1cea7416b5b4a991455d2534207f281a52670d763fdb36af099158c93f565c3ec3a6eddd7ee3974954d0d20fa5635c69037286a94ddd6f1a231625bcc29bdb05b5e8fef40e9a6a30de284e26f47210a18f5b1063528c16d560d916a6c811c1bae078daa7534d43906981300cd79bddf1b6c4bb873604d671da76de5d729fcd8bd703e97bde4721558c2a43dc7d5b6208acdcd8f82f3bba8753d4136b76471bd0d8d31a9f1596a15e0e18e14005249610e97f6bf581db1a50871d65742514336bc9e1fcee7dd958da853a56757f38a1009a8f81886992d594388aa4815b168d966b71b50f87b4a6ef57b5c8b1e0ce840c244d052ddf45923a7843883431b9bc43785c0e07a24459fe47642a251f6181f8c679e6bd568213f1df3cdd59dd9bd3c6131865f11570fe242d6551dc3201eaa3705cf9096561fce1273b3b767f0ea0657acf84783f609186b63533973d5b495b5bf5e66364d035214286f56748e275d2b4df9def6e844e69ba0958a9762a9c7e278811b2cda2c1abf4530cb5c3283a8bb8024bc3ed59524c6d5283bba208769540eb9f433d7a759ca5bab28ede3f39742350b9900e94c19407394b600510d553163392189c3cd831cb014260b48ed47e15fe8f89dc4e13933bf66f00d3570158130f73d641db28ddaa3dbd06fc777bc059ab7138cb7e72120e0c45135d4bff8d68dd33cebc410f116fc8bec4317e59ed5fdf7be27b64aad180ac6453b283c187072a232be84445ed91ef2ba779a7a445ee8199fafc1c74e0073fb3313a16d317b9aac2b37e215cf76984668446b2194712cd1cbcf78c9a10bc9dd104dbc03ffb0dc4a28484a0332f98cf1b99322b176546cf0c9b180e627a7e67bb16e671fdc739c255ddcba53457fb12d39700d2695f2414668f9665ec167bc763b2191f913efe3eab99a05c737662930f46567d0e2b7d3fdfaedda8ab53c4f4e0a700efe0c8cf34b30b1c2569216d1ddf1471c7cab5ccf0dae565dfcc42b2fb0d19fb92808b42d086c68eb3c0ed0a1954e19fa1e3d85bfd8a521d6230b407ed193a625f7f289c31a3a1738505c5e62177bb5b791bd861827d48655ea01d2a5009c4e8c78e426ccad4fcbe96b532eee5208967e6ee8a680319a005411ecb28e764aadf1aa83fd46f09028cd2b0ac6babc10f48c8ad3e886fb949672410b3ac31364753cabe3e9518fafc0189c7135445d202bd9703b8571ccc44c9de9f7b94c3f43afab423dddf2c8c621e2b0042b75cc198b1b93710e09fb36b4dc9c962bc4def0598eb76d9bb1e1dccf092461351b63de3c1ba850c0d82b6ebf932e32aab962b4da19fd9692164a3447f13c9eddaba5c298a76c195a86d2421906a8f242bc5c7553f0d45f23edda3a888278bc195bfb1d142361d398d8e94731fe0ff2d408ed5f6e9163623c3fb41c8cd92fed66fba7cf8799bd3a37855c1b13634190cfe32817dcc31cd320bf39a1a843d8f6c1f6cb1bd53bd45a341fc54b14bd129f1295de6f4e1693e0299dcd95a7c2d1fc909e5ee61215bdb01ea46a7d580ffe4bfb9b0bf1f5a4756151cbc3e768b77357f7b6bf568c5acb81d1d10fb7661ac5b47c0b89885857e1f0ae27a47b5890fcb316abf6a6de29ff9115f7826897f920c07816b8dfcae84d1f1baa252328caac033e723d136b8b23288a7d8db15598ba302b122ba18a300b593d1af073b8c2d627bf9c6305d79b9041f392d00bb53e18e485495d0429a873efb57fd4aefc6c5c18a37ff5cc728a86d6a06a56c390d743d0688f972cbf0d4741b77392735d0935662c150d42b74f841b463a3a91e7078e6c3cb4f627de75964a3d72b61ded7a056872ade46f34497e69922e5d900fa518042682c86ac4fd3488874c7c3e2650bbe330b7d3f8696c44199ff232ff7bcace227b6221f50c0a08378338ee81b5a86c4cbe1316c1a98761fb7979a04a3d42b9560d0852fde3054ee25e8f20db90c16de4a2de142006b7309870dfb1b4cf6a7daf418cf694a888adfce81687ab35b303f77b3437ad6c45cc35a6074ecba569d5e6d641e6b240177f0c8a1a1d4dc9f209ef748832578b0a6b80caf9ef4d0192ca8f73eee012a119c97e34bc6901ee7532345a5162d81fcd1981e9b0b6997b890277ed72604f5b29e82288924715dcb53888fbcc6dc338576e1819e2e252167b3bd01f9ec9e75cb4d62631906e728313a65c07d2778ecf3a9ee0c10fb4cf24966c4824cf23385008a892577c58d62278512160119fdc9e26d0dd617083be3c36439ffc1e074299ccde8049540ecfc89bb8351e2331b99ec9444fbcdf4401e507492c3fd63ae394b65a82aab32b589e16498b4cd8242839b75f730213ca4588a360807a813d62369a975a264e756977a1670e3d906308aa5648cca15293dfbb240eff8277262d41d1a71e0179eeb77318c1cdad85a8631d0b9950ed89c183589fa675eb0e008aaf7cfb19b87f6537ddfe55d13b6a95be4ca0baef65b724f0fb1f35ba4b13312dc06cec253c1ee3df64279c30fa2a85dbca8e52729016439cbe86e5639b177de80333a09b230a569b14fca2fb6c8294a172ecf6c9b9019c23b09c083ba564e6a137432a5460a5aea13b70bf0fb81a9ba5c2d6df490cbe4fe9ad6658b9b0f74e5ee9e5788840f3e3d0b7619c7fb4f960ce821de814ba73e5f5c75707e4ea144b003f250371b272fd317bfa7fbbda24456f2d032feca108532afda61a600e1532e9256e4fe6cf7e41f0964496a1485e7996ce8ab4375c694de12445d3d2706f957f12b29dcbf58fd449881770bd12a948cfa4b3dd2097b1b42bfa3c7eced5f0838b685bfde7d00e656244c6744953ff2e1741e0057be97a2434a25b9d976e220f4e46fa9da305fd626ab3ff16b0ee82b09d738c92923c8ada89493a0e6282d0ecd5e3498adc8cad641d8eb86669ebcd7f08f27ec47b850257582def7c16ea4ca545bb4c5b3b8612138a98f2d0528d083d067e40d51405174f2a3a4df89c822859f6cfaaf967eb43d41caee5ef44861eca76a647fd826b33460a5be331bc0e7ee0cd73683419b518f679197da31fc751a31a4ace15d481774211c7d832948b0d5c9577d5a5876909ee75a34ed78a819de1d11ff64ba157432c7e26d9e492cf5f9103639d0afd8b6b29168cdc7af1f5a219243856f25aab4981c940d143b0935d8cdd860f3687e3b30a424233b7bb96fa18bd42c7def00baa43fe15a556feca816164b1d94a2bca6ed3abe60969db27d12ab9948fb73ef599cd2d8eb2fea93814a0027f2aaa940c2b325da21b07abe82b43f9d17c9a78665e30ccad353e5167fc582e85fd888cfafa4a355673c0a771700ae1e6763bc0f2bb130ea9dead2b75ce360d635a760122e8e6a351c68ee2c707f42475222d998e2ed0829394597a6c0406cdba56e3209cc1ce6af6fedeae4e932053ba7a31ed2b413ca70511a95874be02da6d6512768a20187d9276e7faaf26a31f7c471ea235a8e39bebfc089871cffcdbb6887e8c954b23d3efc349999c202e23114bb1b5717150e06d84c1651630b248594bd8b4cd987b0db3b09d2dd4e8bcb9e0b5ebe79036ddf7f86ca3b5c0d9e34e2b82be9e7e4d9ada32bc56af4d34282fff7610a685084007e1c9dbda3abd403d7c324bbcced9d355350f70114270d454c65c4b3245c0473c8a10e9dd9c7bb6bc55df646a76dbc07593217e825096139a1e8b6971f72f2eec80f41b2ec980be41ec841931be6515c70db08f9bae265ba99a05fcb29c0d723fdd502901c3a3dde76e000eaa46e24c6f3b09fe4547db0d094c7ed26832e429fc5a6305b8fae3e8eba015b5b80f3edbd5a9e5743650b1b4712b3289179dc95a52bb8b136a23091d62ca75af09e609c59271cb408ea74c369323b41ae9cfeb557fc7218f48187ceda18b555566de67ea6a5e109498b6b95afd166f105a2c0fba32e5f655182b318e248f863d54e17ebc8146dfe72553b2bb0334673405e1aacbc1b4174f15fede379bccfa63ac01ae2edce46cbbc18c43e188946e9ce6f650a3242688b0036edf5e6a53fcd43ee55012997041dc80d7b529097424cf6014cac9d62aea104913b20ad57358b723d0dacb14e5eacf32fff43a52d1a3c31ecb8b82a47a0c69b7a05e38dac434aa08ddce5b144ae4fc113d07adbf540878750877aef994796b66419ff992f6c4fbdd527d1970701b1a873905d5cf51dbd6a873123d85a45700e9f496bf27dba143bc00846cac194a7dda72273d9294e80f2d28c68c5936db45ac92be19f0fa06d4a7bb8e564c6ea5dfcdeb38d0981bbd3280b81b1eff7c07690946b993b86238e59a8a448d4cb9cdf1044ece50fa7bae2862fdd50a988d5f6868f5409e619bb2f3d951058ebb850da0db361cf158d78ebfe51d529e8c51a5c1c2023e9c3ac46d235a8f615e66e4b3a694ec1b993f104fe46465c3581af614079d5acaf3449c22b34dadbfa50c9271896d8d4be1fa4b840f4c3c20d2bcdeb1c4f9f04031a6951d5081e8aed0c7a3ea1dac2884a2ff271f66ffc924fae53524c2988cf3b3f38eb872ff40d8ed321b130bbc0c653a081e6036f2fc8169aa748b39e407f757c2537b0d850d88d94b4623e2af105030592dc853dfb972b44a0c424c318e500eab92a392461f7525c76335109d879fb7566fcc7f179bd57aa0bf745ecab1c41470bdd17541bf93e0c8d4e03db9cb0b3aceeafb507353d49748c7cd38141d6c311b701aa80e7cb3778c63cdee1fa53be3b225a6acb3b4a68545dd0455c95823be8cae3cf58e5d07ccfcacf64e888b5d3bb2a9d4c74f6a39a4345d39dbd1c67a4028b55d94d5e322449eeaed495b5005de37abc038a4e879716913d187884bc4d7bee4bf2000fa6afdb7298a83414de1d8c615220446e29bd2f74063fd7c7b76ff06fbfb4e5c4fdbbe6b3701a59a4da60d38185e1887ca0aaf182c3b5c2f7e073aad60d59417cdc7964f9533ce39e8325a29661689d900903d5347afeb92fd492b048dd7d121ae14970f3ef85389393c0f62a41b18aabdbe6eca40ce9b623d7122be1b6b99c184b555eabbd9fb97d09793764c8479e853fd19951fd5da22508a2306603ea75107c080a08335a7aa4b4afed6037f47d0c4f91cae57b97a70cdbf2cddc8fa5e58421af2e3ebacd240f228cbda39e0cdbda97bf748f4060f85421f05adeb9f7f4183f7866e025e4e1a902764bbc6ddb092aaedbad1fe53464eabee7769eaaf9999aa67350666c4bccda54d1dbf4da4944d6398e75f6ceb5c858fea2c9d33388c93a830f2b7baf6f8e99814b60f46d06fb42f97e6b48f3eaf006540fa996adb9bc6376f073199b598e96b500176316021c048a07475015a3dbe8a19e8ef46b6a86277e157e14d654c0427a0484223f4c79a56a909dc23f190e08cfd2f9e1b270a6973aaf089dd4c7aa7c76789411e526e9652fe5fca65f5bdf38f2859f6e15a1987713d385fb90284ea7290d350deb40e60d3bc1a8cf2df7", 0x4}) sendmsg$key(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x2, 0x1, 0x0, 0x2, 0x8, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @private}}, @sadb_address={0x3, 0x6, 0x6c, 0x0, 0x0, @in={0x2, 0x0, @multicast1}}]}, 0x40}}, 0x0) 2.827980268s ago: executing program 3 (id=1039): syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x3000490, &(0x7f0000000280)={[{@nombcache}, {@usrjquota}, {@errors_remount}, {@norecovery}, {@barrier_val={'barrier', 0x3d, 0x8}}, {@mblk_io_submit}, {@minixdf}, {@resuid}, {@nobh}, {}]}, 0x0, 0x7b1, &(0x7f00000004c0)="$eJzs3c9rHNcdAPDvrFY/7VYqFFr3JCi0BuNV5ap2C4Wq9FAKNRjaUw+1xWotHK20RrsylhCJTQjkEkhCbsnF5/y8hFzz45BL8n8EGyeRTRxyCAqzP6SVtCvvOtKuHX8+MNZ7M2/2ve+82TfPmtFuAE+tyfSfTMSJiHg5iRivr08iYrCaykbM1so92NzIp0sSW1v/+Sqplrm/uZGPpn1Sx+qZX0fExy9EnMrsr7e8tr44VywWVur5qcrS1any2vrpK0tzC4WFwvLZ6ZmZM+f+dO7s4cX6zefrx++88s/fvzP73fO/evelT5KYjeP1bc1xHJbJmKwfk8H0EO7yj8OurG/ef7aDQk1nQPYoG0OX0o4ZqPfKiRiPgYP6Z7SXLQMAjspzEbHVzkDbLQDAEy2pXf//1u92AAC90vg9wP3NjXxj6e9vJHrr7t8jYqQWf+P+Zm1Ltn7PbqR6H3TsfrLrzkgSEROHUP9kRLzxwf/fSpc4ovuQAK3cuBkRlyYm94//yb5nFrr1h9arF5ozk3s2Gv+gdz5M5z9/bjX/y2zPf6LF/Ge4xXv3UTz8/Z+5fQjVtJXO//7a9Gzbg6b46yYG6rmfVed8g8nlK8VCOrb9PCJOxuBwmp8+oI6T976/125b8/zv61efeTOtP/25UyJzOzu8e5/5ucrcj4m52d2bEb/Jtoo/Hf+Hq/2ftJn/Xuiwjn/95cXX221L40/jbSz74z9aW7ciftey/5PtMsmBzydOVU+HqcZJ0cJ7szHWrv7J7E7/p0taf+P/Ar2Q9v/YwfFPJM3Pa5Y7funtp8U+uzX+UbtCzed/6/hbn/9DyX+r6aH6uutzlcrKdMRQ8u/968/s7NvIN8qn8Z/8bev3f2P8a3H+/y99/UsdHojsnS/ffvT4j1Ya/3xX/d91IkYeLA60q7+z/p/ZtU8n41+nDXzU4wYAAAAAAAAAAAAAAAAAAAAAAAAA3chExPFIMrntdCaTy9W+w/uXMZYplsqVU5dLq8vzUf2u7IkYzDQ+6nK86fNQp+ufh9/In9mT/2NE/CIiXhsereZz+VJxvt/BAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDdsTbf/5/6YnhP4YF+tBAAOBIjLuwA8LRJstl+NwEA6LWRrkqPHlk7AIDe6e76DwD8FLj+A8DT5yHX/71/BgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADdunD+fLpsfbu5kU/z89fWVhdL107PF8qLuaXVfC5fWrmaWyiVFoqFXL601PaFbtR+FEulqzOxvHp9qlIoV6bKa+sXl0qry5WLV5bmFgoXC4M9iwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOldeW1+cKxYLKxJ9SSx+WuuHx6U9Et0l4kat/x6X9hxeIoZ2RonR/gxOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAE+AHwIAAP//4VQjgA==") mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000240)={[{@workdir={'workdir', 0x3d, './bus'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0/../file0'}}]}) capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff}) llistxattr(&(0x7f0000000140)='./file1\x00', 0x0, 0x0) 2.642753402s ago: executing program 0 (id=1040): ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000000040)={0x9, 0x1, {0xffffffffffffffff}, {0xee00}, 0x8001, 0xffffffff}) r1 = add_key$user(&(0x7f0000000180), &(0x7f0000000340)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd) r2 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), 0x0, 0x0, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f00000000c0)={r1, r2, r1}, &(0x7f00000001c0)=""/241, 0xf1, &(0x7f0000000000)={&(0x7f0000000140)={'rmd160\x00'}}) r3 = syz_open_dev$vim2m(&(0x7f0000000100), 0x0, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r3, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1, 0x0, 0x2}) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, 0x0, &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r4, 0x0, 0xd}, 0x18) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f00000001c0), 0x80280, 0x0) r5 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r5, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r6, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x20, 0x10, 0x701, 0x0, 0x0, {0xa}, [@typed={0xc, 0x2, 0x0, 0x0, @str='nl80211\x00'}]}, 0x20}}, 0x0) recvmmsg(r6, &(0x7f0000001b40)=[{{0x0, 0x0, &(0x7f0000000000)=[{0x0}, {&(0x7f00000003c0)=""/152, 0x98}, {&(0x7f0000000480)=""/4096, 0x1000}], 0x3}}], 0x1, 0x0, 0x0) ioctl$vim2m_VIDIOC_REQBUFS(r3, 0xc0145608, &(0x7f0000000000)={0x6, 0x1, 0x1, 0x0, 0x3}) ioctl$vim2m_VIDIOC_STREAMOFF(r3, 0x40045612, &(0x7f0000000040)=0x1) ioctl$vim2m_VIDIOC_STREAMOFF(r3, 0x40045612, &(0x7f0000000080)=0x2) r7 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$int_in(r7, 0x40000000af01, 0x0) ioctl$VHOST_SET_MEM_TABLE(r7, 0x4008af03, &(0x7f0000000400)={0x2, 0x0, [{0x8000000, 0xfc, &(0x7f0000000480)=""/252}, {0x1, 0xf, &(0x7f0000000240)=""/15}]}) ioctl$VHOST_SET_FEATURES(r7, 0x4008af00, &(0x7f00000001c0)=0x304008000) ioctl$VHOST_NET_SET_BACKEND(r7, 0x4008af30, &(0x7f00000003c0)={0x1}) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) ioctl$vim2m_VIDIOC_QBUF(r3, 0xc058560f, &(0x7f0000000180)=@multiplanar_mmap={0x0, 0x2, 0x4, 0x10, 0xb, {}, {0x5, 0x8, 0x0, 0xb, 0x3, 0x10, "6e4f3cf2"}, 0x101, 0x1, {0x0}, 0x6}) mount$tmpfs(0x0, &(0x7f0000000140)='./cgroup\x00', &(0x7f0000000000), 0x830400, &(0x7f0000000200)={[{@inode32}, {@uid={'uid', 0x3d, r0}}, {@noswap}, {@size={'size', 0x3d, [0x37]}}, {@huge_always}]}) 1.930003743s ago: executing program 1 (id=1041): r0 = syz_open_dev$loop(&(0x7f00000001c0), 0x75f, 0x103382) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, 0xffffffffffffffff) read$FUSE(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f0000000140)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f0000000240)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP$PAGES(0xffffffffffffffff, 0x3b85, &(0x7f0000000280)={0x28, 0x7, r6, 0x0, &(0x7f00007ff000/0x800000)=nil, 0x800000}) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(0xffffffffffffffff, 0x3ba0, &(0x7f0000000400)={0x48, 0x5, r5, 0x0, 0xffffffffffffffff, 0x1}) r8 = socket$inet6_udp(0xa, 0x2, 0x0) mprotect(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x8941b19eafc7cf74) prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1) setsockopt$inet6_group_source_req(r8, 0x29, 0x2e, &(0x7f0000000000)={0x3, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x6, @ipv4={'\x00', '\xff\xff', @local}}}}, 0x108) getsockopt$inet6_buf(r8, 0x29, 0x30, &(0x7f0000000000)=""/40, &(0x7f0000001000)=0xf9) ioctl$IOMMU_TEST_OP_ACCESS_RW(r4, 0x3ba0, &(0x7f0000000080)={0x48, 0x8, r7, 0x0, 0x81, 0xf80, &(0x7f0000000700)="85653f453420ca7d5107cac3b1c61de0a1009492a7c67d538843c3f5ba1f143fc6f1cd155f7653e1393744f396a94d8d0becf9445701326980185d6f5cc0c2ee263914da7695c86440305aa84ad2ff0c61d29e1218e6659aedbc1cea7416b5b4a991455d2534207f281a52670d763fdb36af099158c93f565c3ec3a6eddd7ee3974954d0d20fa5635c69037286a94ddd6f1a231625bcc29bdb05b5e8fef40e9a6a30de284e26f47210a18f5b1063528c16d560d916a6c811c1bae078daa7534d43906981300cd79bddf1b6c4bb873604d671da76de5d729fcd8bd703e97bde4721558c2a43dc7d5b6208acdcd8f82f3bba8753d4136b76471bd0d8d31a9f1596a15e0e18e14005249610e97f6bf581db1a50871d65742514336bc9e1fcee7dd958da853a56757f38a1009a8f81886992d594388aa4815b168d966b71b50f87b4a6ef57b5c8b1e0ce840c244d052ddf45923a7843883431b9bc43785c0e07a24459fe47642a251f6181f8c679e6bd568213f1df3cdd59dd9bd3c6131865f11570fe242d6551dc3201eaa3705cf9096561fce1273b3b767f0ea0657acf84783f609186b63533973d5b495b5bf5e66364d035214286f56748e275d2b4df9def6e844e69ba0958a9762a9c7e278811b2cda2c1abf4530cb5c3283a8bb8024bc3ed59524c6d5283bba208769540eb9f433d7a759ca5bab28ede3f39742350b9900e94c19407394b600510d553163392189c3cd831cb014260b48ed47e15fe8f89dc4e13933bf66f00d3570158130f73d641db28ddaa3dbd06fc777bc059ab7138cb7e72120e0c45135d4bff8d68dd33cebc410f116fc8bec4317e59ed5fdf7be27b64aad180ac6453b283c187072a232be84445ed91ef2ba779a7a445ee8199fafc1c74e0073fb3313a16d317b9aac2b37e215cf76984668446b2194712cd1cbcf78c9a10bc9dd104dbc03ffb0dc4a28484a0332f98cf1b99322b176546cf0c9b180e627a7e67bb16e671fdc739c255ddcba53457fb12d39700d2695f2414668f9665ec167bc763b2191f913efe3eab99a05c737662930f46567d0e2b7d3fdfaedda8ab53c4f4e0a700efe0c8cf34b30b1c2569216d1ddf1471c7cab5ccf0dae565dfcc42b2fb0d19fb92808b42d086c68eb3c0ed0a1954e19fa1e3d85bfd8a521d6230b407ed193a625f7f289c31a3a1738505c5e62177bb5b791bd861827d48655ea01d2a5009c4e8c78e426ccad4fcbe96b532eee5208967e6ee8a680319a005411ecb28e764aadf1aa83fd46f09028cd2b0ac6babc10f48c8ad3e886fb949672410b3ac31364753cabe3e9518fafc0189c7135445d202bd9703b8571ccc44c9de9f7b94c3f43afab423dddf2c8c621e2b0042b75cc198b1b93710e09fb36b4dc9c962bc4def0598eb76d9bb1e1dccf092461351b63de3c1ba850c0d82b6ebf932e32aab962b4da19fd9692164a3447f13c9eddaba5c298a76c195a86d2421906a8f242bc5c7553f0d45f23edda3a888278bc195bfb1d142361d398d8e94731fe0ff2d408ed5f6e9163623c3fb41c8cd92fed66fba7cf8799bd3a37855c1b13634190cfe32817dcc31cd320bf39a1a843d8f6c1f6cb1bd53bd45a341fc54b14bd129f1295de6f4e1693e0299dcd95a7c2d1fc909e5ee61215bdb01ea46a7d580ffe4bfb9b0bf1f5a4756151cbc3e768b77357f7b6bf568c5acb81d1d10fb7661ac5b47c0b89885857e1f0ae27a47b5890fcb316abf6a6de29ff9115f7826897f920c07816b8dfcae84d1f1baa252328caac033e723d136b8b23288a7d8db15598ba302b122ba18a300b593d1af073b8c2d627bf9c6305d79b9041f392d00bb53e18e485495d0429a873efb57fd4aefc6c5c18a37ff5cc728a86d6a06a56c390d743d0688f972cbf0d4741b77392735d0935662c150d42b74f841b463a3a91e7078e6c3cb4f627de75964a3d72b61ded7a056872ade46f34497e69922e5d900fa518042682c86ac4fd3488874c7c3e2650bbe330b7d3f8696c44199ff232ff7bcace227b6221f50c0a08378338ee81b5a86c4cbe1316c1a98761fb7979a04a3d42b9560d0852fde3054ee25e8f20db90c16de4a2de142006b7309870dfb1b4cf6a7daf418cf694a888adfce81687ab35b303f77b3437ad6c45cc35a6074ecba569d5e6d641e6b240177f0c8a1a1d4dc9f209ef748832578b0a6b80caf9ef4d0192ca8f73eee012a119c97e34bc6901ee7532345a5162d81fcd1981e9b0b6997b890277ed72604f5b29e82288924715dcb53888fbcc6dc338576e1819e2e252167b3bd01f9ec9e75cb4d62631906e728313a65c07d2778ecf3a9ee0c10fb4cf24966c4824cf23385008a892577c58d62278512160119fdc9e26d0dd617083be3c36439ffc1e074299ccde8049540ecfc89bb8351e2331b99ec9444fbcdf4401e507492c3fd63ae394b65a82aab32b589e16498b4cd8242839b75f730213ca4588a360807a813d62369a975a264e756977a1670e3d906308aa5648cca15293dfbb240eff8277262d41d1a71e0179eeb77318c1cdad85a8631d0b9950ed89c183589fa675eb0e008aaf7cfb19b87f6537ddfe55d13b6a95be4ca0baef65b724f0fb1f35ba4b13312dc06cec253c1ee3df64279c30fa2a85dbca8e52729016439cbe86e5639b177de80333a09b230a569b14fca2fb6c8294a172ecf6c9b9019c23b09c083ba564e6a137432a5460a5aea13b70bf0fb81a9ba5c2d6df490cbe4fe9ad6658b9b0f74e5ee9e5788840f3e3d0b7619c7fb4f960ce821de814ba73e5f5c75707e4ea144b003f250371b272fd317bfa7fbbda24456f2d032feca108532afda61a600e1532e9256e4fe6cf7e41f0964496a1485e7996ce8ab4375c694de12445d3d2706f957f12b29dcbf58fd449881770bd12a948cfa4b3dd2097b1b42bfa3c7eced5f0838b685bfde7d00e656244c6744953ff2e1741e0057be97a2434a25b9d976e220f4e46fa9da305fd626ab3ff16b0ee82b09d738c92923c8ada89493a0e6282d0ecd5e3498adc8cad641d8eb86669ebcd7f08f27ec47b850257582def7c16ea4ca545bb4c5b3b8612138a98f2d0528d083d067e40d51405174f2a3a4df89c822859f6cfaaf967eb43d41caee5ef44861eca76a647fd826b33460a5be331bc0e7ee0cd73683419b518f679197da31fc751a31a4ace15d481774211c7d832948b0d5c9577d5a5876909ee75a34ed78a819de1d11ff64ba157432c7e26d9e492cf5f9103639d0afd8b6b29168cdc7af1f5a219243856f25aab4981c940d143b0935d8cdd860f3687e3b30a424233b7bb96fa18bd42c7def00baa43fe15a556feca816164b1d94a2bca6ed3abe60969db27d12ab9948fb73ef599cd2d8eb2fea93814a0027f2aaa940c2b325da21b07abe82b43f9d17c9a78665e30ccad353e5167fc582e85fd888cfafa4a355673c0a771700ae1e6763bc0f2bb130ea9dead2b75ce360d635a760122e8e6a351c68ee2c707f42475222d998e2ed0829394597a6c0406cdba56e3209cc1ce6af6fedeae4e932053ba7a31ed2b413ca70511a95874be02da6d6512768a20187d9276e7faaf26a31f7c471ea235a8e39bebfc089871cffcdbb6887e8c954b23d3efc349999c202e23114bb1b5717150e06d84c1651630b248594bd8b4cd987b0db3b09d2dd4e8bcb9e0b5ebe79036ddf7f86ca3b5c0d9e34e2b82be9e7e4d9ada32bc56af4d34282fff7610a685084007e1c9dbda3abd403d7c324bbcced9d355350f70114270d454c65c4b3245c0473c8a10e9dd9c7bb6bc55df646a76dbc07593217e825096139a1e8b6971f72f2eec80f41b2ec980be41ec841931be6515c70db08f9bae265ba99a05fcb29c0d723fdd502901c3a3dde76e000eaa46e24c6f3b09fe4547db0d094c7ed26832e429fc5a6305b8fae3e8eba015b5b80f3edbd5a9e5743650b1b4712b3289179dc95a52bb8b136a23091d62ca75af09e609c59271cb408ea74c369323b41ae9cfeb557fc7218f48187ceda18b555566de67ea6a5e109498b6b95afd166f105a2c0fba32e5f655182b318e248f863d54e17ebc8146dfe72553b2bb0334673405e1aacbc1b4174f15fede379bccfa63ac01ae2edce46cbbc18c43e188946e9ce6f650a3242688b0036edf5e6a53fcd43ee55012997041dc80d7b529097424cf6014cac9d62aea104913b20ad57358b723d0dacb14e5eacf32fff43a52d1a3c31ecb8b82a47a0c69b7a05e38dac434aa08ddce5b144ae4fc113d07adbf540878750877aef994796b66419ff992f6c4fbdd527d1970701b1a873905d5cf51dbd6a873123d85a45700e9f496bf27dba143bc00846cac194a7dda72273d9294e80f2d28c68c5936db45ac92be19f0fa06d4a7bb8e564c6ea5dfcdeb38d0981bbd3280b81b1eff7c07690946b993b86238e59a8a448d4cb9cdf1044ece50fa7bae2862fdd50a988d5f6868f5409e619bb2f3d951058ebb850da0db361cf158d78ebfe51d529e8c51a5c1c2023e9c3ac46d235a8f615e66e4b3a694ec1b993f104fe46465c3581af614079d5acaf3449c22b34dadbfa50c9271896d8d4be1fa4b840f4c3c20d2bcdeb1c4f9f04031a6951d5081e8aed0c7a3ea1dac2884a2ff271f66ffc924fae53524c2988cf3b3f38eb872ff40d8ed321b130bbc0c653a081e6036f2fc8169aa748b39e407f757c2537b0d850d88d94b4623e2af105030592dc853dfb972b44a0c424c318e500eab92a392461f7525c76335109d879fb7566fcc7f179bd57aa0bf745ecab1c41470bdd17541bf93e0c8d4e03db9cb0b3aceeafb507353d49748c7cd38141d6c311b701aa80e7cb3778c63cdee1fa53be3b225a6acb3b4a68545dd0455c95823be8cae3cf58e5d07ccfcacf64e888b5d3bb2a9d4c74f6a39a4345d39dbd1c67a4028b55d94d5e322449eeaed495b5005de37abc038a4e879716913d187884bc4d7bee4bf2000fa6afdb7298a83414de1d8c615220446e29bd2f74063fd7c7b76ff06fbfb4e5c4fdbbe6b3701a59a4da60d38185e1887ca0aaf182c3b5c2f7e073aad60d59417cdc7964f9533ce39e8325a29661689d900903d5347afeb92fd492b048dd7d121ae14970f3ef85389393c0f62a41b18aabdbe6eca40ce9b623d7122be1b6b99c184b555eabbd9fb97d09793764c8479e853fd19951fd5da22508a2306603ea75107c080a08335a7aa4b4afed6037f47d0c4f91cae57b97a70cdbf2cddc8fa5e58421af2e3ebacd240f228cbda39e0cdbda97bf748f4060f85421f05adeb9f7f4183f7866e025e4e1a902764bbc6ddb092aaedbad1fe53464eabee7769eaaf9999aa67350666c4bccda54d1dbf4da4944d6398e75f6ceb5c858fea2c9d33388c93a830f2b7baf6f8e99814b60f46d06fb42f97e6b48f3eaf006540fa996adb9bc6376f073199b598e96b500176316021c048a07475015a3dbe8a19e8ef46b6a86277e157e14d654c0427a0484223f4c79a56a909dc23f190e08cfd2f9e1b270a6973aaf089dd4c7aa7c76789411e526e9652fe5fca65f5bdf38f2859f6e15a1987713d385fb90284ea7290d350deb40e60d3bc1a8cf2df7", 0x4}) socket$key(0xf, 0x3, 0x2) 1.920632362s ago: executing program 2 (id=1042): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c) bind$inet6(r0, 0x0, 0x0) sendto$inet6(r0, &(0x7f0000847fff)='X', 0x9bb0, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) readv(r0, &(0x7f0000001500)=[{&(0x7f0000000400)=""/4096, 0x1000}], 0x1) 1.612931675s ago: executing program 0 (id=1043): syz_mount_image$ext4(&(0x7f0000000040)='ext3\x00', &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000840)={[{@lazytime}, {@noblock_validity}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x1000}}, {@barrier_val}, {@journal_dev={'journal_dev', 0x3d, 0x4}}, {@dioread_lock}, {@data_err_ignore}, {@noinit_itable}, {@resgid={'resgid', 0x3d, 0xee00}, 0x32}], [{@obj_type={'obj_type', 0x3d, 'jL\xd8d\xc2\x00\x00\x00'}}, {@uid_gt}, {@pcr={'pcr', 0x3d, 0x3f}}, {@uid_eq}, {@dont_appraise}, {@fscontext={'fscontext', 0x3d, 'staff_u'}}]}, 0x9b, 0x4fc, &(0x7f0000000140)="$eJzs3U1rHOcdAPD/jLR+lSuZ9uAa6praRXJb70pWbYse3BdKezK0dS+91FallRBaaYV2ZVvCtDL9AIVS2kKh0FMvgXyAQPBHCAFDcg9JSAiJnRx8SLxh32Rb3pVkvNIa7e8Ho3meZ2b0f/677Ow+M8NMAD3rdESciYjHlUrlXEQMNtrTxvSDamW9vt7DB3emqlMSlcq1T5OIpN5WXWXkqf95tL5JHIqI3/064k/J83FLq2vzk4VCfrlRz5UXlnKl1bXzcwuTs/nZ/OL4+NilicsTFydGO5LnQERc+eWH//zb/3915c0f3Xrv+scjf04a7RFP8ui0euqZ2mvR1B8Ry7sRrAv6Gvlkmg0t3msAAF4dzd/534uIczEYfbVfcwAAAMB+UvnpQHzZF1EBAAAA9q20dg1skmYb1wEMRJpms/VreL8VR9JCsVT+4UxxZXG6fq3sUGTSmblCfrRxrfBQZJJqfaxWflK/sKk+HhHHI+Ifg4dr9exUsTDd7YMfAAAA0COObhr/fzFYH/8DAAAA+8xQtzsAAAAA7DrjfwAAANj/jP8BAABgX/vN1avVqdJ8/vX0zdWV+eLN89P50nx2YWUqO1VcXsrOFouztXv2LbT5NxsPDSwUi0s/jsWV27lyvlTOlVbXri8UVxbL1+eeeQQ2AAAAsIeOf/feu0lErP/kcG2qOtDtTgF7ov9FVv5g9/oB7L2+bncA6JoX+v4H9pVMtzsAdF0SEf/dYnnbi3fe2p3+AAAAnTf87dbn/9Ntjw2sp3vURWCXOP4Hvcv5f+hdzv9D78pEXxjIQ29Ltln+8uf/K5UX6hAAANBxA7UpSbONc/4DkabZbMSx2mMBMsnMXCE/GhHfiIh3BjMHq/Wx2pbJtmMGAAAAAAAAAAAAAAAAAAAAAAAAAKCuUkmiAgAAAOxrEelHSeP5X8ODZwc2Hx84kDwarM0j4tZ/rv3r9mS5vDxWbf9so73870b7hW4cwQAAAAA2a47Tm+N4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOikhw/uTDWnvYz7yc8jYqhV/P44VJsfikxEHPk8if6ntksioq8D8dfvRsQv/tgiflLtVgw1etEq/uFOxT/RKv+t46cRcbQD8aGX3avuf37W6vOXxunafPPn7+DGtv0diN9+/5du7P/62ux/ju0wxsn7r+faxr8bcbK/9f6nGT9pE//MDuPf+P3aWrtllf9FDLf8/kmeiZUrLyzlSqtr5+cWJmfzs/nF8fGxSxOXJy5OjOZm5gr5xt+WMf7+nTceb5X/kTbxh7bJ/+wO8//q/u0H36wXM63ij5xp/f6faBM/bXz3fb9Rri4fbpbX6+WnnXrt7VNb5T/dJv/t3v+RHeZ/7rd/fX+HqwIAe6C0ujY/WSjkl3u68FKvRvVn0SuRhcJ2hUpj8NZs+cumdZKI9Vekq10vND8Tj7qzYwIAADru+THwTtzYvQ4BAAAAAAAAAAAAAAAAAABAD+rMPcOa98T+w5Z312tar8+euxcyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEA3fR0AAP//HxDPXg==") openat$sysfs(0xffffffffffffff9c, 0x0, 0x141a82, 0x85) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000b40), 0x600, 0x0) r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) shutdown(r4, 0x1) r5 = dup3(r4, r3, 0x0) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r5, 0x0, 0xc5) syz_clone(0x8280, 0x0, 0x0, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)) 923.973323ms ago: executing program 1 (id=1044): sendmsg$IPSET_CMD_RENAME(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYBLOB="200000000506010200000000000000000a00000109006e"], 0x20}, 0x1, 0x0, 0x0, 0x20004000}, 0x800) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, 0x0) r1 = socket$igmp6(0xa, 0x3, 0x2) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r1, 0x8983, &(0x7f0000000300)={0x0, 'syzkaller1\x00'}) write$tun(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="06000000bbbbbbbbbbbbaaaaaaaaaabb88f5"], 0x72) 923.176421ms ago: executing program 3 (id=1045): bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x100004, 0x10003, 0x3, 0x1, 0x1, 0x1, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) socket$key(0xf, 0x3, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000003c0)}, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e1c}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f00000009c0)={&(0x7f00000000c0)={0x2, 0x4001, @empty}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x300}, 0x20044818) r3 = syz_open_dev$I2C(&(0x7f0000000d80), 0x0, 0x0) ioctl$I2C_SMBUS(r3, 0x720, &(0x7f0000000580)={0x1, 0x0, 0x0, 0x0}) r4 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000380), 0x109000, 0x0) ioctl$FBIO_WAITFORVSYNC(r4, 0x40044620, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(0xffffffffffffffff, 0x84, 0x6b, &(0x7f0000000240), 0x0) r5 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r5, &(0x7f0000000040)={0x28, 0x0, 0x2710, @local}, 0x10) listen(r5, 0x0) r6 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r6, &(0x7f0000000640)={0x28, 0x0, 0x2710}, 0x10) r7 = accept(r5, 0x0, 0x0) r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="120000000400000004000000a4"], 0x48) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r8, &(0x7f0000000300), &(0x7f00000002c0)=@tcp6=r7}, 0x47) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xb, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000080000850000001800000085000000a000000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, @void, @value}, 0x94) read$eventfd(0xffffffffffffffff, &(0x7f0000000080), 0x51) 838.694588ms ago: executing program 2 (id=1046): bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x7, 0x4, &(0x7f0000001300)=@framed={{}, [@ldst={0x1, 0x3, 0x3, 0x0, 0x1, 0xfffffffffffffffe}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x9, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_INIT(r1, 0x0, 0xc8, &(0x7f0000003d40), 0x4) setsockopt$MRT_ADD_VIF(r1, 0x0, 0xca, &(0x7f0000003d80)={0x0, 0x0, 0x0, 0x0, @vifc_lcl_addr=@local, @dev}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000400)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r3 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) fchdir(0xffffffffffffffff) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0) setsockopt$inet_mreq(r0, 0x0, 0x23, &(0x7f0000000000)={@multicast1=0xe0000300, @local}, 0x8) syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x2, 0x0, @empty, @multicast1=0xe0000300}, @address_request}}}}, 0x0) setsockopt$MRT_ADD_MFC_PROXY(r1, 0x0, 0xd2, &(0x7f0000000200)={@empty, @multicast2=0xe0000300, 0x0, "ff00000058b274e6d845167fefe428970548fc3c7b00000000000000fcff00", 0xb2, 0xb, 0x6, 0x6}, 0x3c) 24.912843ms ago: executing program 0 (id=1047): r0 = syz_open_dev$loop(&(0x7f00000001c0), 0x75f, 0x103382) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, 0xffffffffffffffff) read$FUSE(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r5 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r5, 0x3b81, &(0x7f0000000140)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f0000000240)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP$PAGES(r4, 0x3b85, &(0x7f0000000280)={0x28, 0x7, r7, 0x0, &(0x7f00007ff000/0x800000)=nil, 0x800000}) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r4, 0x3ba0, &(0x7f0000000400)={0x48, 0x5, r6, 0x0, 0xffffffffffffffff, 0x1}) ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r5, 0x3ba0, &(0x7f0000000180)={0x48, 0x7, r8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x749bc}) 0s ago: executing program 2 (id=1048): socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0x2, 0x4, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r1}, &(0x7f00000001c0), &(0x7f0000000140)=r0}, 0x20) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x4048010) bpf$MAP_DELETE_ELEM(0x4, &(0x7f0000000080)={r1, &(0x7f0000000040)}, 0x20) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.250' (ED25519) to the list of known hosts. [ 81.051423][ T5819] cgroup: Unknown subsys name 'net' [ 81.225436][ T5819] cgroup: Unknown subsys name 'cpuset' [ 81.234387][ T5819] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 82.748010][ T5819] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 85.349457][ T5835] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 85.357628][ T5835] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 85.365419][ T5835] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 85.372893][ T5835] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 85.380737][ T5835] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 85.387991][ T5835] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 85.395905][ T5835] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 85.412158][ T5835] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 85.420307][ T5835] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 85.438266][ T5839] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 85.443296][ T5152] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 85.446925][ T5839] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 85.454110][ T5152] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 85.460340][ T5839] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 85.466774][ T5152] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 85.485738][ T5152] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 85.493606][ T5152] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 85.504696][ T5152] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 85.512681][ T5152] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 85.532832][ T5838] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 85.575975][ T5838] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 85.590757][ T5838] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 85.600782][ T5838] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 85.609808][ T5838] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 85.618041][ T5838] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 86.060916][ T5832] chnl_net:caif_netlink_parms(): no params data found [ 86.198889][ T5840] chnl_net:caif_netlink_parms(): no params data found [ 86.368030][ T5836] chnl_net:caif_netlink_parms(): no params data found [ 86.412155][ T5846] chnl_net:caif_netlink_parms(): no params data found [ 86.428532][ T5832] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.436001][ T5832] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.443707][ T5832] bridge_slave_0: entered allmulticast mode [ 86.450853][ T5832] bridge_slave_0: entered promiscuous mode [ 86.459759][ T5832] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.466936][ T5832] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.474122][ T5832] bridge_slave_1: entered allmulticast mode [ 86.481080][ T5832] bridge_slave_1: entered promiscuous mode [ 86.495518][ T5851] chnl_net:caif_netlink_parms(): no params data found [ 86.643593][ T5840] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.650739][ T5840] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.661511][ T5840] bridge_slave_0: entered allmulticast mode [ 86.668917][ T5840] bridge_slave_0: entered promiscuous mode [ 86.681756][ T5840] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.688938][ T5840] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.699752][ T5840] bridge_slave_1: entered allmulticast mode [ 86.707512][ T5840] bridge_slave_1: entered promiscuous mode [ 86.721420][ T5832] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.811922][ T5832] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.934511][ T5851] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.945571][ T5851] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.952830][ T5851] bridge_slave_0: entered allmulticast mode [ 86.960588][ T5851] bridge_slave_0: entered promiscuous mode [ 86.998414][ T5840] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.020973][ T5851] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.028546][ T5851] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.035822][ T5851] bridge_slave_1: entered allmulticast mode [ 87.043424][ T5851] bridge_slave_1: entered promiscuous mode [ 87.050373][ T5836] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.057594][ T5836] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.064809][ T5836] bridge_slave_0: entered allmulticast mode [ 87.072006][ T5836] bridge_slave_0: entered promiscuous mode [ 87.090475][ T5846] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.097668][ T5846] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.105251][ T5846] bridge_slave_0: entered allmulticast mode [ 87.112665][ T5846] bridge_slave_0: entered promiscuous mode [ 87.122681][ T5840] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.134539][ T5832] team0: Port device team_slave_0 added [ 87.155587][ T5836] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.163011][ T5836] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.170295][ T5836] bridge_slave_1: entered allmulticast mode [ 87.177684][ T5836] bridge_slave_1: entered promiscuous mode [ 87.185174][ T5846] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.192493][ T5846] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.199624][ T5846] bridge_slave_1: entered allmulticast mode [ 87.210795][ T5846] bridge_slave_1: entered promiscuous mode [ 87.231850][ T5832] team0: Port device team_slave_1 added [ 87.316000][ T5851] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.328921][ T5851] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.354002][ T5846] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.366662][ T5846] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.378311][ T5840] team0: Port device team_slave_0 added [ 87.387882][ T5840] team0: Port device team_slave_1 added [ 87.432473][ T5836] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.478350][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.487695][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.513981][ T5832] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.525060][ T5835] Bluetooth: hci1: command tx timeout [ 87.534475][ T5851] team0: Port device team_slave_0 added [ 87.535458][ T5835] Bluetooth: hci0: command tx timeout [ 87.543309][ T5836] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.556198][ T5851] team0: Port device team_slave_1 added [ 87.565719][ T5846] team0: Port device team_slave_0 added [ 87.584261][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.591216][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.617506][ T5835] Bluetooth: hci2: command tx timeout [ 87.617515][ T5838] Bluetooth: hci3: command tx timeout [ 87.618342][ T5840] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.640877][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.647869][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.674076][ T5832] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.681996][ T5835] Bluetooth: hci4: command tx timeout [ 87.730018][ T5846] team0: Port device team_slave_1 added [ 87.737957][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.745106][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.771780][ T5840] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.805397][ T5836] team0: Port device team_slave_0 added [ 87.813126][ T5851] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.820069][ T5851] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.846325][ T5851] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.887004][ T5836] team0: Port device team_slave_1 added [ 87.906948][ T5851] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.914033][ T5851] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.939965][ T5851] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.951478][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.958459][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.985089][ T5846] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.041771][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.048775][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.076010][ T5846] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.113543][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.120518][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.147137][ T5836] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.160680][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.167937][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.193993][ T5836] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.223643][ T5840] hsr_slave_0: entered promiscuous mode [ 88.230090][ T5840] hsr_slave_1: entered promiscuous mode [ 88.243572][ T5832] hsr_slave_0: entered promiscuous mode [ 88.249879][ T5832] hsr_slave_1: entered promiscuous mode [ 88.256494][ T5832] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 88.264263][ T5832] Cannot create hsr debugfs directory [ 88.383690][ T5836] hsr_slave_0: entered promiscuous mode [ 88.390072][ T5836] hsr_slave_1: entered promiscuous mode [ 88.396371][ T5836] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 88.404359][ T5836] Cannot create hsr debugfs directory [ 88.420190][ T5851] hsr_slave_0: entered promiscuous mode [ 88.426546][ T5851] hsr_slave_1: entered promiscuous mode [ 88.432958][ T5851] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 88.440513][ T5851] Cannot create hsr debugfs directory [ 88.511251][ T5846] hsr_slave_0: entered promiscuous mode [ 88.517850][ T5846] hsr_slave_1: entered promiscuous mode [ 88.524328][ T5846] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 88.532039][ T5846] Cannot create hsr debugfs directory [ 89.060615][ T5832] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 89.079032][ T5832] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 89.089771][ T5832] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 89.110905][ T5832] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 89.176005][ T5840] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 89.215138][ T5840] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 89.225460][ T5840] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 89.237138][ T5840] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 89.303430][ T5846] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 89.324699][ T5846] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 89.337120][ T5846] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 89.364307][ T5846] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 89.447655][ T5836] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 89.462470][ T5836] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 89.490346][ T5836] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 89.526211][ T5836] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 89.553981][ T5832] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.603649][ T5835] Bluetooth: hci0: command tx timeout [ 89.603658][ T5838] Bluetooth: hci1: command tx timeout [ 89.628074][ T5851] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 89.640592][ T5851] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 89.660885][ T5832] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.681544][ T5851] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 89.689168][ T5835] Bluetooth: hci2: command tx timeout [ 89.695255][ T5838] Bluetooth: hci3: command tx timeout [ 89.713892][ T5851] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 89.748980][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.756394][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.763232][ T5835] Bluetooth: hci4: command tx timeout [ 89.789696][ T3502] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.796872][ T3502] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.847549][ T5846] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.864430][ T5840] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.934182][ T5846] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.962561][ T5840] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.007745][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.014970][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.026476][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.033660][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.050734][ T3502] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.058362][ T3502] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.090284][ T5836] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.128065][ T3502] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.135247][ T3502] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.249112][ T5836] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.281537][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.288684][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.323038][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.330153][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.346263][ T5840] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 90.419648][ T5832] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.453464][ T5851] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.560281][ T5851] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.604533][ T5832] veth0_vlan: entered promiscuous mode [ 90.626038][ T5832] veth1_vlan: entered promiscuous mode [ 90.689624][ T3002] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.696837][ T3002] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.777875][ T3002] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.785056][ T3002] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.871164][ T5832] veth0_macvtap: entered promiscuous mode [ 90.887679][ T5832] veth1_macvtap: entered promiscuous mode [ 90.913844][ T5846] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.989476][ T5840] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.004884][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.034060][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.049907][ T5836] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.099279][ T3502] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.145515][ T3502] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.155815][ T3502] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.178469][ T5846] veth0_vlan: entered promiscuous mode [ 91.192116][ T3502] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.244867][ T5846] veth1_vlan: entered promiscuous mode [ 91.284701][ T5836] veth0_vlan: entered promiscuous mode [ 91.302824][ T5840] veth0_vlan: entered promiscuous mode [ 91.315598][ T5836] veth1_vlan: entered promiscuous mode [ 91.369388][ T3502] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.369566][ T5840] veth1_vlan: entered promiscuous mode [ 91.386586][ T3502] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.433968][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.447475][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.469370][ T5846] veth0_macvtap: entered promiscuous mode [ 91.480406][ T5851] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.516737][ T5846] veth1_macvtap: entered promiscuous mode [ 91.533750][ T5836] veth0_macvtap: entered promiscuous mode [ 91.555469][ T5840] veth0_macvtap: entered promiscuous mode [ 91.563648][ T5832] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 91.578057][ T5836] veth1_macvtap: entered promiscuous mode [ 91.634881][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.660042][ T5840] veth1_macvtap: entered promiscuous mode [ 91.690406][ T5835] Bluetooth: hci1: command tx timeout [ 91.692121][ T5838] Bluetooth: hci0: command tx timeout [ 91.724906][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.754656][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.772966][ T5838] Bluetooth: hci2: command tx timeout [ 91.774719][ T5835] Bluetooth: hci3: command tx timeout [ 91.784540][ T48] cfg80211: failed to load regulatory.db [ 91.822582][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.836642][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.848607][ T5835] Bluetooth: hci4: command tx timeout [ 91.858939][ T13] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.884277][ T13] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.912309][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 91.921368][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 91.930695][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 91.939495][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 91.948127][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 91.961250][ T5952] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1'. [ 92.002189][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 92.057744][ T13] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.067881][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 92.076772][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 92.126226][ T13] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.256824][ T13] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.272639][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 92.291906][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 92.346816][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 92.389380][ T13] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.439047][ T13] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.488385][ T13] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.678130][ T13] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.751445][ T13] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.779019][ T13] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.845177][ T13] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.958288][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.968505][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.991520][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.004222][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.033690][ T5851] veth0_vlan: entered promiscuous mode [ 93.053969][ T3576] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.062182][ T3576] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.104992][ T3513] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.108595][ T5851] veth1_vlan: entered promiscuous mode [ 93.120469][ T3513] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.163733][ T3513] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.177554][ T3513] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.213969][ T3513] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.226257][ T3513] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.277298][ T5851] veth0_macvtap: entered promiscuous mode [ 93.302837][ T5851] veth1_macvtap: entered promiscuous mode [ 93.370452][ T5851] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 93.415792][ T5851] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 93.487918][ T13] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.515679][ T13] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.640202][ T13] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.681550][ T13] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.761823][ T5835] Bluetooth: hci0: command tx timeout [ 93.767366][ T5838] Bluetooth: hci1: command tx timeout [ 93.902037][ T5835] Bluetooth: hci2: command tx timeout [ 93.907627][ T5835] Bluetooth: hci3: command tx timeout [ 93.922965][ T5835] Bluetooth: hci4: command tx timeout [ 94.768074][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.638298][ T5997] loop1: detected capacity change from 0 to 2048 [ 95.722680][ T5998] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 95.731022][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.874494][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.931745][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.962489][ T5998] NILFS (loop1): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3) [ 96.172168][ T5998] NILFS error (device loop1): nilfs_bmap_propagate: broken bmap (inode number=4) [ 96.211195][ T5998] Remounting filesystem read-only [ 106.491972][ T6121] syz.2.54 uses obsolete (PF_INET,SOCK_PACKET) [ 107.000709][ T6130] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 110.661998][ T6183] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 110.715146][ T6183] No such timeout policy "syz0" [ 112.732339][ T6184] loop3: detected capacity change from 0 to 32768 [ 112.760784][ T6184] ======================================================= [ 112.760784][ T6184] WARNING: The mand mount option has been deprecated and [ 112.760784][ T6184] and is ignored by this kernel. Remove the mand [ 112.760784][ T6184] option from the mount to silence this warning. [ 112.760784][ T6184] ======================================================= [ 112.795778][ C1] vkms_vblank_simulate: vblank timer overrun [ 112.892049][ T6184] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 112.899949][ T6200] ubi31: attaching mtd0 [ 113.033734][ T6200] ubi31: scanning is finished [ 113.065572][ T6200] ubi31: empty MTD device detected [ 113.079128][ T5846] ocfs2: Unmounting device (7,3) on (node local) [ 113.207639][ T6190] loop2: detected capacity change from 0 to 32768 [ 113.508786][ T6190] (syz.2.77,6190,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 113.535467][ T6190] (syz.2.77,6190,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 113.562685][ T6200] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB) [ 113.601268][ T6200] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 113.628418][ T6200] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 113.651861][ T6200] ubi31: VID header offset: 64 (aligned 64), data offset: 128 [ 113.691224][ T6200] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 113.723380][ T6190] (syz.2.77,6190,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xcfdff595, computed 0xefed4a20. Applying ECC. [ 113.741116][ T6200] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 113.781757][ T6200] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 60833218 [ 113.821907][ T6200] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 113.835725][ T6190] JBD2: Ignoring recovery information on journal [ 113.842459][ T6210] ubi31: background thread "ubi_bgt31d" started, PID 6210 [ 114.621246][ T6190] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 115.112772][ T5840] ocfs2: Unmounting device (7,2) on (node local) [ 118.582967][ T6240] loop4: detected capacity change from 0 to 32768 [ 118.622537][ T6274] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 119.911993][ T6240] workqueue: Failed to create a rescuer kthread for wq "ocfs2_wq": -EINTR [ 119.912584][ T6240] (syz.4.91,6240,0):ocfs2_initialize_super:2227 ERROR: status = -12 [ 119.959207][ T6240] (syz.4.91,6240,0):ocfs2_fill_super:1177 ERROR: status = -12 [ 120.457778][ T6284] No such timeout policy "syz0" [ 121.757004][ T6309] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 121.850057][ T6311] ubi: mtd0 is already attached to ubi31 [ 123.612685][ T6304] loop4: detected capacity change from 0 to 32768 [ 123.694561][ T6325] loop2: detected capacity change from 0 to 1764 [ 123.707413][ T6304] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 123.831955][ T5851] ocfs2: Unmounting device (7,4) on (node local) [ 124.543033][ T6353] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 126.695972][ T6341] loop0: detected capacity change from 0 to 32768 [ 126.710110][ T6374] loop4: detected capacity change from 0 to 1024 [ 126.734006][ T6341] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.127 (6341) [ 126.779346][ T6377] loop2: detected capacity change from 0 to 164 [ 127.058660][ T6341] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 127.224578][ T6341] BTRFS info (device loop0): using sha256 (sha256-x86_64) checksum algorithm [ 127.449252][ T6341] BTRFS info (device loop0): using free-space-tree [ 127.721846][ T6341] workqueue: Failed to create a rescuer kthread for wq "btrfs-flush_delalloc": -EINTR [ 127.722872][ T6341] workqueue: Failed to create a rescuer kthread for wq "btrfs-cache": -EINTR [ 127.807557][ T6341] workqueue: Failed to create a rescuer kthread for wq "btrfs-fixup": -EINTR [ 127.817063][ T6341] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio": -EINTR [ 127.826582][ T6341] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-meta": -EINTR [ 127.835884][ T6341] workqueue: Failed to create a rescuer kthread for wq "btrfs-rmw": -EINTR [ 127.845622][ T6341] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-write": -EINTR [ 127.855402][ T6341] workqueue: Failed to create a rescuer kthread for wq "btrfs-compressed-write": -EINTR [ 127.868527][ T6341] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR [ 127.923137][ T6341] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR [ 127.980410][ T6341] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR [ 127.999678][ T6399] No such timeout policy "syz0" [ 128.043014][ T6341] BTRFS error (device loop0): open_ctree failed: -12 [ 128.115077][ T6368] loop3: detected capacity change from 0 to 32768 [ 128.188282][ T6368] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 128.528373][ T5846] ocfs2: Unmounting device (7,3) on (node local) [ 128.791307][ T6402] ubi: mtd0 is already attached to ubi31 [ 130.155897][ T6383] loop2: detected capacity change from 0 to 32768 [ 130.292155][ T6383] workqueue: Failed to create a rescuer kthread for wq "xfs-reclaim/loop2": -EINTR [ 131.362115][ T5921] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 131.755133][ T5921] usb 3-1: config index 0 descriptor too short (expected 23569, got 27) [ 131.777228][ T5921] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 131.796467][ T5921] usb 3-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 131.815299][ T6424] loop0: detected capacity change from 0 to 32768 [ 131.822007][ T5921] usb 3-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 131.830046][ T5921] usb 3-1: Manufacturer: syz [ 131.923660][ T5921] usb 3-1: config 0 descriptor?? [ 131.962258][ T5921] igorplugusb 3-1:0.0: endpoint incorrect [ 131.981031][ T6424] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 132.047123][ T13] (kworker/u8:1,13,1):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #72: rec_len % 4 != 0 - offset=16, inode=66, rec_len=491, name_len=2 [ 132.075039][ T6448] loop3: detected capacity change from 0 to 512 [ 132.122714][ T6448] EXT4-fs: Ignoring removed i_version option [ 132.194794][ T6424] (syz.0.147,6424,1):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #72: rec_len % 4 != 0 - offset=16, inode=66, rec_len=491, name_len=2 [ 132.248160][ T6424] (syz.0.147,6424,0):ocfs2_prepare_dir_for_insert:4294 ERROR: status = -2 [ 132.260261][ T6424] (syz.0.147,6424,0):__ocfs2_prepare_orphan_dir:2180 ERROR: status = -2 [ 132.291046][ T6448] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 132.339903][ T6424] (syz.0.147,6424,0):ocfs2_prepare_orphan_dir:2224 ERROR: status = -2 [ 132.371818][ T6424] (syz.0.147,6424,0):ocfs2_prepare_orphan_dir:2240 ERROR: status = -2 [ 132.380806][ T6424] (syz.0.147,6424,0):ocfs2_rename:1464 ERROR: status = -2 [ 132.457745][ T6424] (syz.0.147,6424,0):ocfs2_rename:1699 ERROR: status = -2 [ 132.556941][ T5832] ocfs2: Unmounting device (7,0) on (node local) [ 132.607965][ T5846] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 132.728873][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.737409][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.813327][ T5841] usb 3-1: USB disconnect, device number 2 [ 133.088978][ T6463] loop0: detected capacity change from 0 to 2048 [ 133.801436][ T6469] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 134.365619][ T6471] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 134.491877][ T6471] NILFS (loop0): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3) [ 134.541840][ T6471] NILFS error (device loop0): nilfs_bmap_propagate: broken bmap (inode number=4) [ 134.567924][ T6471] Remounting filesystem read-only [ 134.863508][ T6481] No such timeout policy "syz0" [ 134.927098][ T6482] netlink: 'syz.1.163': attribute type 5 has an invalid length. [ 135.580017][ T6459] loop2: detected capacity change from 0 to 32768 [ 135.716875][ T6459] XFS (loop2): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 135.784130][ T6459] XFS (loop2): Ending clean mount [ 136.055559][ T5840] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 136.926873][ T6499] loop3: detected capacity change from 0 to 40427 [ 136.947732][ T6499] F2FS-fs (loop3): heap/no_heap options were deprecated [ 136.955699][ T6499] F2FS-fs (loop3): build fault injection rate: 19 [ 136.968220][ T6499] F2FS-fs (loop3): build fault injection type: 0x3bfe8c [ 136.990410][ T6499] F2FS-fs (loop3): invalid crc value [ 137.045498][ T6499] F2FS-fs (loop3): inject page alloc in f2fs_grab_cache_folio of f2fs_ra_meta_pages+0x615/0x970 [ 137.470811][ T6521] loop2: detected capacity change from 0 to 2048 [ 137.518737][ T6523] capability: warning: `syz.1.176' uses deprecated v2 capabilities in a way that may be insecure [ 137.759565][ T6499] F2FS-fs (loop3): inject slab alloc in f2fs_kmem_cache_alloc of read_node_folio+0x20a/0x3f0 [ 138.077618][ T6534] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 138.091087][ T6499] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 138.170719][ T6536] futex_wake_op: syz.4.179 tries to shift op by -1; fix this program [ 138.486454][ T6528] sctp: failed to load transform for md5: -2 [ 138.664479][ T6499] F2FS-fs (loop3): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x1d9/0xa40 [ 138.716108][ T6499] F2FS-fs (loop3): inject checkpoint error in f2fs_balance_fs of f2fs_vm_page_mkwrite+0x459/0x1750 [ 138.746097][ T6499] CPU: 1 UID: 0 PID: 6499 Comm: syz.3.168 Not tainted 6.16.0-rc3-next-20250623-syzkaller #0 PREEMPT(full) [ 138.746126][ T6499] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 138.746145][ T6499] Call Trace: [ 138.746154][ T6499] [ 138.746164][ T6499] dump_stack_lvl+0x189/0x250 [ 138.746204][ T6499] ? __pfx_dump_stack_lvl+0x10/0x10 [ 138.746234][ T6499] ? __pfx_queue_work_on+0x10/0x10 [ 138.746260][ T6499] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 138.746283][ T6499] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 138.746309][ T6499] ? f2fs_hw_is_readonly+0x39b/0x470 [ 138.746351][ T6499] f2fs_handle_critical_error+0x37c/0x540 [ 138.746386][ T6499] f2fs_balance_fs+0x336/0x750 [ 138.746418][ T6499] ? f2fs_vm_page_mkwrite+0x459/0x1750 [ 138.746444][ T6499] ? __pfx_f2fs_balance_fs+0x10/0x10 [ 138.746471][ T6499] ? __pfx_f2fs_convert_inline_inode+0x10/0x10 [ 138.746519][ T6499] f2fs_vm_page_mkwrite+0x459/0x1750 [ 138.746543][ T6499] ? folio_contains+0x214/0x2b0 [ 138.746581][ T6499] ? __pfx_filemap_fault+0x10/0x10 [ 138.746602][ T6499] ? __pfx_f2fs_vm_page_mkwrite+0x10/0x10 [ 138.746643][ T6499] ? rcu_is_watching+0x15/0xb0 [ 138.746675][ T6499] do_page_mkwrite+0x14d/0x310 [ 138.746702][ T6499] __handle_mm_fault+0x1a60/0x5620 [ 138.746751][ T6499] ? __pfx___handle_mm_fault+0x10/0x10 [ 138.746805][ T6499] ? follow_page_pte+0x8c0/0x14c0 [ 138.746829][ T6499] ? __pfx_mtree_load+0x10/0x10 [ 138.746858][ T6499] handle_mm_fault+0x40a/0x8e0 [ 138.746895][ T6499] __get_user_pages+0x1aef/0x30b0 [ 138.746959][ T6499] ? __pfx___get_user_pages+0x10/0x10 [ 138.746994][ T6499] faultin_page_range+0x240/0x8d0 [ 138.747019][ T6499] ? __asan_memset+0x22/0x50 [ 138.747042][ T6499] ? blk_start_plug+0x6f/0x1b0 [ 138.747066][ T6499] madvise_do_behavior+0x209/0xad0 [ 138.747101][ T6499] ? __pfx_madvise_do_behavior+0x10/0x10 [ 138.747129][ T6499] ? __pfx_userfaultfd_unmap_complete+0x10/0x10 [ 138.747167][ T6499] ? down_read+0x1ad/0x2e0 [ 138.747199][ T6499] do_madvise+0x189/0x240 [ 138.747232][ T6499] ? __pfx_do_madvise+0x10/0x10 [ 138.747273][ T6499] ? rcu_is_watching+0x15/0xb0 [ 138.747329][ T6499] __x64_sys_madvise+0xa7/0xc0 [ 138.747361][ T6499] do_syscall_64+0xfa/0x3b0 [ 138.747386][ T6499] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 138.747405][ T6499] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 138.747428][ T6499] ? clear_bhb_loop+0x60/0xb0 [ 138.747464][ T6499] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 138.747481][ T6499] RIP: 0033:0x7f7cd078e929 [ 138.747502][ T6499] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 138.747517][ T6499] RSP: 002b:00007f7cd1568038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 138.747540][ T6499] RAX: ffffffffffffffda RBX: 00007f7cd09b5fa0 RCX: 00007f7cd078e929 [ 138.747554][ T6499] RDX: 0000000000000017 RSI: 0000000000600000 RDI: 0000200000000000 [ 138.747565][ T6499] RBP: 00007f7cd0810b39 R08: 0000000000000000 R09: 0000000000000000 [ 138.747576][ T6499] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 138.747586][ T6499] R13: 0000000000000000 R14: 00007f7cd09b5fa0 R15: 00007fff534926b8 [ 138.747618][ T6499] [ 139.063587][ T6499] F2FS-fs (loop3): Stopped filesystem due to reason: 1 [ 142.387714][ T6584] Cannot find set identified by id 2 to match [ 147.528767][ T6636] loop3: detected capacity change from 0 to 64 [ 148.157623][ T5846] hfs: node 4:3 still has 1 user(s)! [ 148.356984][ T6650] loop4: detected capacity change from 0 to 1024 [ 151.314314][ T6689] loop3: detected capacity change from 0 to 64 [ 151.377703][ T6691] loop4: detected capacity change from 0 to 1764 [ 151.391760][ T6689] BFS-fs: bfs_fill_super(): loop3 is unclean, continuing [ 153.037536][ T6716] loop3: detected capacity change from 0 to 1024 [ 153.167488][ T6705] loop4: detected capacity change from 0 to 32768 [ 153.379854][ T6705] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 154.387920][ T6733] capability: warning: `syz.2.248' uses 32-bit capabilities (legacy support in use) [ 154.472392][ T5851] ocfs2: Unmounting device (7,4) on (node local) [ 154.608923][ T6737] loop3: detected capacity change from 0 to 1764 [ 155.898553][ T6755] loop4: detected capacity change from 0 to 1024 [ 156.281999][ T6762] fuse: Bad value for 'rootmode' [ 156.311422][ T6763] loop3: detected capacity change from 0 to 1024 [ 157.578128][ T6785] No such timeout policy "syz0" [ 158.011502][ T6774] loop3: detected capacity change from 0 to 32768 [ 158.134489][ T6774] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 158.608256][ T6774] XFS (loop3): Ending clean mount [ 158.620712][ T6774] XFS (loop3): Quotacheck needed: Please wait. [ 158.677206][ T6774] XFS (loop3): Quotacheck: Done. [ 158.735398][ T30] audit: type=1804 audit(1750698723.721:2): pid=6774 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.265" name="/newroot/50/file0/file1" dev="loop3" ino=9286 res=1 errno=0 [ 158.778886][ T5846] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 158.902077][ T6811] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 159.018971][ T6815] fuse: Unknown parameter 'use00000000000000000000' [ 159.247830][ T6817] 9pnet_fd: Insufficient options for proto=fd [ 163.399144][ T6861] fuse: Unknown parameter 'use00000000000000000000' [ 163.437641][ T6863] 9pnet_fd: Insufficient options for proto=fd [ 163.801681][ T6874] loop3: detected capacity change from 0 to 1024 [ 164.061101][ T6878] Zero length message leads to an empty skb [ 164.587578][ T6876] No such timeout policy "syz0" [ 165.890582][ T6900] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 165.916419][ T6901] 9pnet_fd: Insufficient options for proto=fd [ 166.966008][ T6876] ubi: mtd0 is already attached to ubi31 [ 167.728828][ T6917] netlink: 4 bytes leftover after parsing attributes in process `syz.1.311'. [ 171.021998][ T6960] loop4: detected capacity change from 0 to 1024 [ 173.062436][ T6989] loop4: detected capacity change from 0 to 16 [ 173.125725][ T6989] erofs (device loop4): mounted with root inode @ nid 36. [ 179.116827][ T7055] loop4: detected capacity change from 0 to 512 [ 179.167480][ T7054] 9pnet_fd: Insufficient options for proto=fd [ 179.187309][ T7055] EXT4-fs: Ignoring removed i_version option [ 180.019483][ T7055] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 181.674575][ T5851] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 183.618233][ T7107] loop4: detected capacity change from 0 to 16 [ 184.795552][ T7107] erofs (device loop4): mounted with root inode @ nid 36. [ 184.856824][ T7110] 9pnet_fd: Insufficient options for proto=fd [ 188.028057][ T7149] 9pnet_fd: Insufficient options for proto=fd [ 193.206055][ T7195] loop4: detected capacity change from 0 to 512 [ 193.297178][ T7195] EXT4-fs: Ignoring removed i_version option [ 193.413429][ T7195] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 194.499405][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.505905][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 196.426530][ T5851] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 197.849714][ T7244] ieee802154 phy0 wpan0: encryption failed: -22 [ 202.010190][ T1216] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 202.717473][ T7291] loop3: detected capacity change from 0 to 64 [ 202.772414][ T7291] BFS-fs: bfs_fill_super(): loop3 is unclean, continuing [ 203.055142][ T1216] usb 5-1: config index 0 descriptor too short (expected 23569, got 27) [ 203.305972][ T1216] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 203.732167][ T1216] usb 5-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 203.783989][ T1216] usb 5-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 204.024949][ T1216] usb 5-1: Manufacturer: syz [ 204.311155][ T1216] usb 5-1: config 0 descriptor?? [ 205.276166][ T1216] usb 5-1: can't set config #0, error -71 [ 205.290346][ T1216] usb 5-1: USB disconnect, device number 2 [ 205.475386][ T7321] loop3: detected capacity change from 0 to 1024 [ 206.915116][ T7314] loop4: detected capacity change from 0 to 32768 [ 207.459272][ T7314] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 207.888129][ T7314] XFS (loop4): Ending clean mount [ 207.938041][ T7314] XFS (loop4): Quotacheck needed: Please wait. [ 207.996195][ T7314] XFS (loop4): Quotacheck: Done. [ 208.112476][ T30] audit: type=1804 audit(1750698773.111:3): pid=7367 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.432" name="/newroot/78/file0/file1" dev="loop4" ino=9286 res=1 errno=0 [ 208.320552][ T5851] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 210.235989][ T7386] loop4: detected capacity change from 0 to 1764 [ 210.553914][ T7396] ieee802154 phy0 wpan0: encryption failed: -22 [ 211.841934][ T5845] Bluetooth: hci0: command 0x0406 tx timeout [ 211.841950][ T5839] Bluetooth: hci1: command 0x0406 tx timeout [ 211.841984][ T5839] Bluetooth: hci2: command 0x0406 tx timeout [ 211.860578][ T5845] Bluetooth: hci3: command 0x0406 tx timeout [ 211.860597][ T5152] Bluetooth: hci4: command 0x0406 tx timeout [ 212.452173][ T7403] loop4: detected capacity change from 0 to 32768 [ 212.529371][ T7403] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 212.990578][ T7403] XFS (loop4): Ending clean mount [ 213.008394][ T7403] XFS (loop4): Quotacheck needed: Please wait. [ 213.078435][ T7403] XFS (loop4): Quotacheck: Done. [ 213.158155][ T30] audit: type=1804 audit(1750698778.151:4): pid=7403 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.456" name="/newroot/82/file0/file1" dev="loop4" ino=9286 res=1 errno=0 [ 213.248581][ T5851] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 215.339784][ T7465] loop4: detected capacity change from 0 to 16 [ 215.456425][ T7465] erofs (device loop4): mounted with root inode @ nid 36. [ 216.509998][ T7482] 9pnet_fd: Insufficient options for proto=fd [ 217.785130][ T7499] loop4: detected capacity change from 0 to 64 [ 217.801274][ T7499] BFS-fs: bfs_fill_super(): loop4 is unclean, continuing [ 218.015603][ T7469] loop3: detected capacity change from 0 to 32768 [ 218.096370][ T7469] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 218.883106][ T7469] XFS (loop3): Ending clean mount [ 218.917560][ T7469] XFS (loop3): Quotacheck needed: Please wait. [ 218.998206][ T7469] XFS (loop3): Quotacheck: Done. [ 219.019994][ T7526] 9pnet_fd: Insufficient options for proto=fd [ 219.059408][ T5846] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 220.218121][ T7540] loop4: detected capacity change from 0 to 64 [ 220.276039][ T7540] BFS-fs: bfs_fill_super(): loop4 is unclean, continuing [ 221.988603][ T7551] loop3: detected capacity change from 0 to 1764 [ 222.610494][ T7569] futex_wake_op: syz.4.510 tries to shift op by -1; fix this program [ 223.781577][ C0] hrtimer: interrupt took 30397 ns [ 224.540786][ T7590] loop3: detected capacity change from 0 to 1764 [ 226.389217][ T7610] futex_wake_op: syz.4.527 tries to shift op by -1; fix this program [ 231.077725][ T7662] loop4: detected capacity change from 0 to 1764 [ 234.000766][ T7693] loop3: detected capacity change from 0 to 1764 [ 236.817062][ T7711] loop4: detected capacity change from 0 to 32768 [ 236.962049][ T7711] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 237.942407][ T5851] ocfs2: Unmounting device (7,4) on (node local) [ 243.988208][ T7761] loop3: detected capacity change from 0 to 32768 [ 244.216045][ T7761] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 244.923164][ T5846] ocfs2: Unmounting device (7,3) on (node local) [ 249.878258][ T7834] loop3: detected capacity change from 0 to 32768 [ 250.691765][ T7834] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 250.900009][ T7834] XFS (loop3): Ending clean mount [ 251.040625][ T5846] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 255.622535][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.629080][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.723392][ T7897] loop3: detected capacity change from 0 to 32768 [ 256.159305][ T7897] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 256.785856][ T7897] XFS (loop3): Ending clean mount [ 257.605504][ T5846] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 262.861006][ T7981] loop3: detected capacity change from 0 to 64 [ 262.900217][ T7981] BFS-fs: bfs_fill_super(): loop3 is unclean, continuing [ 267.369699][ T8002] loop3: detected capacity change from 0 to 32768 [ 267.412750][ T8002] XFS: ikeep mount option is deprecated. [ 267.517161][ T8002] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 267.609695][ T8002] XFS (loop3): Ending clean mount [ 267.788386][ T8002] XFS (loop3): Quotacheck needed: Please wait. [ 268.213174][ T8002] XFS (loop3): Quotacheck: Done. [ 269.163703][ T5846] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 270.851866][ T8057] netlink: 'syz.3.657': attribute type 5 has an invalid length. [ 271.827913][ T8059] loop3: detected capacity change from 0 to 32768 [ 272.374297][ T8080] loop4: detected capacity change from 0 to 2048 [ 272.433544][ T8080] EXT4-fs: Ignoring removed mblk_io_submit option [ 272.449629][ T8080] EXT4-fs: Ignoring removed nobh option [ 272.480338][ T8059] bcachefs (loop3): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,erasure_code,no_splitbrain_check,fsck,norecovery,nojournal_transaction_names,reconstruct_alloc,nocow [ 272.480365][ T8059] allowing incompatible features above 0.0: (unknown version) [ 272.480377][ T8059] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 272.589007][ T8059] bcachefs (loop3): Using encoding defined by superblock: utf8-12.1.0 [ 272.597548][ T8059] bcachefs (loop3): recovering from clean shutdown, journal seq 10 [ 272.607744][ T8059] bcachefs (loop3): Version upgrade required: [ 272.607744][ T8059] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 272.607744][ T8059] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.28: inode_has_case_insensitive [ 272.607744][ T8059] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,check_rebalance_work,set_fs_needs_rebalance [ 272.683133][ T8080] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 272.696404][ T8059] bcachefs (loop3): dropping and reconstructing all alloc info [ 272.820787][ T8059] bcachefs (loop3): accounting_read... done [ 272.868961][ T8059] bcachefs (loop3): alloc_read... done [ 272.891684][ T8059] bcachefs (loop3): snapshots_read... done [ 272.899047][ T8059] bcachefs (loop3): done starting filesystem [ 273.160173][ T5851] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 273.217797][ T5846] bcachefs (loop3): shutting down [ 273.415849][ T5846] bcachefs (loop3): shutdown complete [ 276.320637][ T8111] loop4: detected capacity change from 0 to 32768 [ 276.529309][ T8111] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 277.522082][ T5851] ocfs2: Unmounting device (7,4) on (node local) [ 279.896781][ T8148] syz.4.677 (8148) used greatest stack depth: 19896 bytes left [ 282.038447][ T8177] loop4: detected capacity change from 0 to 64 [ 282.280721][ T8177] BFS-fs: bfs_fill_super(): loop4 is unclean, continuing [ 289.126188][ T8218] loop4: detected capacity change from 0 to 32768 [ 289.319205][ T8218] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 289.503971][ T5851] ocfs2: Unmounting device (7,4) on (node local) [ 291.063499][ T8260] loop4: detected capacity change from 0 to 8 [ 291.188955][ T8260] SQUASHFS error: Unable to read directory block [631:72] [ 291.216331][ T8260] SQUASHFS error: Unable to read directory block [631:72] [ 291.948748][ T8274] futex_wake_op: syz.3.721 tries to shift op by -1; fix this program [ 293.893232][ T8290] futex_wake_op: syz.0.724 tries to shift op by -1; fix this program [ 294.945020][ T8299] cgroup: Unknown subsys name 'cpuset' [ 295.801523][ T8283] loop3: detected capacity change from 0 to 32768 [ 296.806742][ T8283] JBD2: journal reset failed [ 296.824420][ T8308] netlink: 4 bytes leftover after parsing attributes in process `syz.2.732'. [ 296.835716][ T8283] (syz.3.723,8283,1):ocfs2_journal_load:1167 ERROR: Failed to load journal! [ 296.929788][ T8283] (syz.3.723,8283,0):ocfs2_check_volume:2374 ERROR: ocfs2 journal load failed! -4 [ 297.292716][ T8321] futex_wake_op: syz.0.733 tries to shift op by -1; fix this program [ 300.463919][ T8357] veth0_to_bond: entered allmulticast mode [ 301.068508][ T8366] futex_wake_op: syz.0.747 tries to shift op by -1; fix this program [ 303.074484][ T8378] loop3: detected capacity change from 0 to 1764 [ 307.498731][ T8424] netlink: 4 bytes leftover after parsing attributes in process `syz.3.764'. [ 308.855927][ T8438] netlink: 'syz.3.769': attribute type 5 has an invalid length. [ 313.135766][ T8462] fuse: Bad value for 'fd' [ 317.048015][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.054534][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.748836][ T8498] netlink: 4 bytes leftover after parsing attributes in process `syz.2.779'. [ 318.993945][ T8492] loop3: detected capacity change from 0 to 32768 [ 319.030868][ T8492] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 319.046418][ T8509] process 'syz.2.789' launched './file0' with NULL argv: empty string added [ 319.129326][ T8499] process '/newroot/173/file0' started with executable stack [ 319.232635][ T5846] ocfs2: Unmounting device (7,3) on (node local) [ 321.862432][ T8531] netlink: 4 bytes leftover after parsing attributes in process `syz.2.799'. [ 325.526231][ T8572] netlink: 4 bytes leftover after parsing attributes in process `syz.4.811'. [ 328.459045][ T8595] loop3: detected capacity change from 0 to 1764 [ 331.977953][ T8635] loop3: detected capacity change from 0 to 1764 [ 333.155769][ T8644] loop3: detected capacity change from 0 to 512 [ 333.230482][ T8644] ext3: Bad value for 'resgid' [ 333.241597][ T8644] ext3: Bad value for 'resgid' [ 337.491559][ T30] audit: type=1326 audit(1750698902.481:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8674 comm="syz.0.845" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f1c58e929 code=0x7ffc0000 [ 337.582107][ T30] audit: type=1326 audit(1750698902.491:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8674 comm="syz.0.845" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f1c58e929 code=0x7ffc0000 [ 337.691697][ T30] audit: type=1326 audit(1750698902.491:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8674 comm="syz.0.845" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7f0f1c58e929 code=0x7ffc0000 [ 337.721893][ T30] audit: type=1326 audit(1750698902.491:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8674 comm="syz.0.845" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f1c58e929 code=0x7ffc0000 [ 337.746659][ T30] audit: type=1326 audit(1750698902.491:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8674 comm="syz.0.845" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0f1c58e929 code=0x7ffc0000 [ 337.768651][ C1] vkms_vblank_simulate: vblank timer overrun [ 337.928727][ T30] audit: type=1326 audit(1750698902.491:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8674 comm="syz.0.845" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f1c58e929 code=0x7ffc0000 [ 337.981634][ T30] audit: type=1326 audit(1750698902.491:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8674 comm="syz.0.845" exe="/root/syz-executor" sig=0 arch=c000003e syscall=173 compat=0 ip=0x7f0f1c58e929 code=0x7ffc0000 [ 338.088472][ T30] audit: type=1326 audit(1750698902.491:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8674 comm="syz.0.845" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f1c58e929 code=0x7ffc0000 [ 338.157289][ T30] audit: type=1326 audit(1750698902.491:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8674 comm="syz.0.845" exe="/root/syz-executor" sig=0 arch=c000003e syscall=442 compat=0 ip=0x7f0f1c58e929 code=0x7ffc0000 [ 338.231030][ T30] audit: type=1326 audit(1750698902.491:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8674 comm="syz.0.845" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f1c58e929 code=0x7ffc0000 [ 342.624102][ T8737] loop3: detected capacity change from 0 to 1764 [ 343.980812][ T8748] loop3: detected capacity change from 0 to 1024 [ 345.656415][ T8748] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 345.719950][ T8748] ext4 filesystem being mounted at /161/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 347.323334][ T5846] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 347.706895][ T8782] loop3: detected capacity change from 0 to 1764 [ 350.244895][ T5839] Bluetooth: hci3: unexpected event for opcode 0x2011 [ 353.338313][ T8829] loop4: detected capacity change from 0 to 1024 [ 355.668547][ T8852] syz_tun: entered allmulticast mode [ 355.725255][ T8852] syz_tun: left allmulticast mode [ 358.937911][ T8880] loop3: detected capacity change from 0 to 164 [ 359.047963][ T8880] Unable to read rock-ridge attributes [ 359.408199][ T8883] Unable to read rock-ridge attributes [ 359.466986][ T8883] iso9660: Corrupted directory entry in block 4 of inode 1792 [ 359.999814][ T8894] loop4: detected capacity change from 0 to 128 [ 360.039590][ T8894] udf: Unknown parameter '000000000000000000000000000000000000000000000001777777777777777777777-%*I~Vʊu;{sb'cG0|.YTdk-c{p' [ 364.139321][ T30] audit: type=1326 audit(1750698929.131:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8918 comm="syz.1.916" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f136bb8e929 code=0x0 [ 370.114552][ T8966] loop4: detected capacity change from 0 to 256 [ 371.711184][ T8978] loop4: detected capacity change from 0 to 512 [ 372.239556][ T8978] ext3: Bad value for 'resgid' [ 372.256159][ T8978] ext3: Bad value for 'resgid' [ 374.938448][ T9011] loop4: detected capacity change from 0 to 512 [ 374.965051][ T9011] ext3: Bad value for 'resgid' [ 374.979504][ T9011] ext3: Bad value for 'resgid' [ 375.899462][ T30] audit: type=1326 audit(1750698940.891:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9019 comm="syz.4.944" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6c47b8e929 code=0x0 [ 377.746901][ T9033] loop4: detected capacity change from 0 to 512 [ 377.754197][ T9033] ext3: Bad value for 'resgid' [ 377.758986][ T9033] ext3: Bad value for 'resgid' [ 378.623178][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.629517][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.330633][ T9046] loop4: detected capacity change from 0 to 1764 [ 379.991138][ T9054] futex_wake_op: syz.4.953 tries to shift op by 32; fix this program [ 381.475532][ T9064] loop3: detected capacity change from 0 to 1024 [ 381.492891][ T9064] ext4: Unknown parameter 'subj_user' [ 385.886040][ T9111] loop3: detected capacity change from 0 to 1024 [ 385.910216][ T9111] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 385.938694][ T9111] ext4 filesystem being mounted at /180/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 387.394310][ T10] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 387.643015][ T5846] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 387.779318][ T10] usb 5-1: config index 0 descriptor too short (expected 23569, got 27) [ 387.872854][ T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 388.075225][ T10] usb 5-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 388.226848][ T10] usb 5-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 388.275779][ T9136] loop3: detected capacity change from 0 to 1764 [ 388.351160][ T10] usb 5-1: Manufacturer: syz [ 388.358465][ T10] usb 5-1: config 0 descriptor?? [ 388.369941][ T10] igorplugusb 5-1:0.0: endpoint incorrect [ 388.599875][ T9140] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 388.938009][ T9144] warning: `syz.3.977' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 389.670248][ T48] usb 5-1: USB disconnect, device number 3 [ 395.041942][ T9192] loop4: detected capacity change from 0 to 128 [ 395.429701][ T9198] netlink: 60 bytes leftover after parsing attributes in process `syz.4.993'. [ 396.019297][ T9207] loop3: detected capacity change from 0 to 128 [ 396.114791][ T9207] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 396.269655][ T9207] ext4 filesystem being mounted at /185/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 396.501796][ T5846] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 398.930370][ T9238] loop3: detected capacity change from 0 to 1024 [ 398.968485][ T9238] EXT4-fs: inline encryption not supported [ 398.991061][ T9238] EXT4-fs: Ignoring removed i_version option [ 399.033240][ T9238] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 399.205774][ T9238] EXT4-fs error (device loop3): ext4_map_blocks:780: inode #3: block 2: comm syz.3.1005: lblock 2 mapped to illegal pblock 2 (length 1) [ 399.224113][ T9238] Quota error (device loop3): qtree_write_dquot: dquota write failed [ 399.391258][ T9238] EXT4-fs error (device loop3): ext4_map_blocks:780: inode #3: block 48: comm syz.3.1005: lblock 0 mapped to illegal pblock 48 (length 1) [ 399.673837][ T9238] Quota error (device loop3): v2_write_file_info: Can't write info structure [ 399.759349][ T9238] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.1005: Failed to acquire dquot type 0 [ 399.774587][ T9238] EXT4-fs error (device loop3) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 399.800512][ T9238] EXT4-fs error (device loop3): ext4_evict_inode:254: inode #11: comm syz.3.1005: mark_inode_dirty error [ 399.818910][ T9238] EXT4-fs warning (device loop3): ext4_evict_inode:257: couldn't mark inode dirty (err -117) [ 399.839298][ T9238] EXT4-fs (loop3): 1 orphan inode deleted [ 399.859014][ T7283] EXT4-fs error (device loop3): ext4_map_blocks:780: inode #3: block 1: comm kworker/u8:13: lblock 1 mapped to illegal pblock 1 (length 1) [ 399.860372][ T9238] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 399.908213][ T7283] Quota error (device loop3): remove_tree: Can't read quota data block 1 [ 400.141725][ T7283] EXT4-fs error (device loop3): ext4_release_dquot:6969: comm kworker/u8:13: Failed to release dquot type 0 [ 400.293941][ T9254] EXT4-fs error (device loop3): ext4_map_blocks:780: inode #2: block 16: comm syz.3.1005: lblock 0 mapped to illegal pblock 16 (length 1) [ 400.317767][ T9254] EXT4-fs error (device loop3): ext4_map_blocks:780: inode #2: block 16: comm syz.3.1005: lblock 0 mapped to illegal pblock 16 (length 1) [ 401.896108][ T5846] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 401.940198][ T5846] EXT4-fs error (device loop3): __ext4_get_inode_loc:4792: comm syz-executor: Invalid inode table block 1 in block_group 0 [ 401.965140][ T5846] EXT4-fs error (device loop3) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 402.111532][ T5846] EXT4-fs error (device loop3): ext4_quota_off:7217: inode #3: comm syz-executor: mark_inode_dirty error [ 402.605761][ T9280] loop4: detected capacity change from 0 to 736 [ 403.281608][ T9284] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1018'. [ 403.634137][ T9288] loop3: detected capacity change from 0 to 16 [ 403.676874][ T9288] erofs (device loop3): mounted with root inode @ nid 36. [ 403.702945][ T9288] erofs (device loop3): per-inode big pcluster without sb feature for nid 36 [ 403.753647][ T9288] erofs (device loop3): read error -117 @ 0 of nid 36 [ 407.272074][ T9319] loop4: detected capacity change from 0 to 8 [ 407.316713][ T9316] SQUASHFS error: Failed to read block 0x4de: -5 [ 407.345725][ T9316] SQUASHFS error: Failed to read block 0x4de: -5 [ 407.352788][ T9323] ptrace attach of "./syz-executor exec"[5846] was attempted by ""[9323] [ 407.372727][ T30] audit: type=1800 audit(1750698972.351:17): pid=9316 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.1028" name="file1" dev="loop4" ino=5 res=0 errno=0 [ 411.598657][ T9357] loop3: detected capacity change from 0 to 2048 [ 411.620502][ T9357] EXT4-fs: Ignoring removed mblk_io_submit option [ 411.627697][ T9357] EXT4-fs: Ignoring removed nobh option [ 411.768861][ T9357] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 412.524756][ T5846] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 412.614664][ T9375] syz_tun: entered allmulticast mode [ 413.763852][ C1] ------------[ cut here ]------------ [ 413.769641][ C1] WARNING: net/ipv4/ipmr.c:2302 at ip_mr_output+0xbb1/0xe70, CPU#1: swapper/1/0 [ 413.778776][ C1] Modules linked in: [ 413.782877][ C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.16.0-rc3-next-20250623-syzkaller #0 PREEMPT(full) [ 413.794033][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 413.804149][ C1] RIP: 0010:ip_mr_output+0xbb1/0xe70 [ 413.809489][ C1] Code: df e9 63 f6 ff ff e8 7e a7 be f7 48 8b 74 24 18 45 31 f6 31 ff ba 02 00 00 00 e8 fa 09 4c ff e9 45 f6 ff ff e8 60 a7 be f7 90 <0f> 0b 90 e9 94 f5 ff ff e8 52 a7 be f7 90 0f 0b 90 42 80 3c 2b 00 [ 413.829192][ C1] RSP: 0018:ffffc90000a08900 EFLAGS: 00010246 [ 413.835415][ C1] RAX: ffffffff8a012580 RBX: ffff8880513f3a00 RCX: ffff88801ceada00 [ 413.843455][ C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000 [ 413.851461][ C1] RBP: ffffc90000a08a10 R08: ffff88801ceada00 R09: 0000000000000004 [ 413.859505][ C1] R10: 0000000000000003 R11: ffffffff8a0119d0 R12: 0000000000000010 [ 413.867526][ C1] R13: dffffc0000000000 R14: ffff88807d405900 R15: 0000000000000000 [ 413.875543][ C1] FS: 0000000000000000(0000) GS:ffff888125d25000(0000) knlGS:0000000000000000 [ 413.884510][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 413.891119][ C1] CR2: 000000110c32518b CR3: 000000002e68a000 CR4: 00000000003526f0 [ 413.899131][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 413.907153][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 413.915209][ C1] Call Trace: [ 413.918523][ C1] [ 413.921384][ C1] ? __pfx_dst_output+0x10/0x10 [ 413.926293][ C1] ? trace_kmem_cache_alloc+0x1f/0xc0 [ 413.931711][ C1] ? kmem_cache_alloc_node_noprof+0x217/0x3c0 [ 413.937808][ C1] ? __pfx_ip_mr_output+0x10/0x10 [ 413.942878][ C1] ? skb_dst+0x4f/0xd0 [ 413.946941][ C1] ? dst_output+0x177/0x1c0 [ 413.951439][ C1] igmp_send_report+0x89e/0xdb0 [ 413.956311][ C1] ? __pfx_igmp_send_report+0x10/0x10 [ 413.961686][ C1] ? do_raw_spin_lock+0x121/0x290 [ 413.966721][ C1] ? do_raw_spin_unlock+0x122/0x240 [ 413.971934][ C1] igmp_timer_expire+0x204/0x510 [ 413.976879][ C1] call_timer_fn+0x17b/0x5f0 [ 413.981459][ C1] ? __pfx_igmp_timer_expire+0x10/0x10 [ 413.986942][ C1] ? call_timer_fn+0xbe/0x5f0 [ 413.991638][ C1] ? __pfx_call_timer_fn+0x10/0x10 [ 413.996748][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 414.001954][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 414.007155][ C1] ? __pfx_igmp_timer_expire+0x10/0x10 [ 414.012627][ C1] __run_timer_base+0x61a/0x860 [ 414.017490][ C1] ? ktime_get+0x3e/0x1f0 [ 414.021855][ C1] ? __pfx___run_timer_base+0x10/0x10 [ 414.027265][ C1] ? seqcount_lockdep_reader_access+0x15f/0x1c0 [ 414.033552][ C1] run_timer_softirq+0xb7/0x180 [ 414.038404][ C1] handle_softirqs+0x283/0x870 [ 414.043190][ C1] ? __irq_exit_rcu+0xca/0x1f0 [ 414.047959][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 414.053272][ C1] ? irqtime_account_irq+0xb6/0x1c0 [ 414.058476][ C1] __irq_exit_rcu+0xca/0x1f0 [ 414.063073][ C1] ? __pfx___irq_exit_rcu+0x10/0x10 [ 414.068273][ C1] irq_exit_rcu+0x9/0x30 [ 414.072529][ C1] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 414.078166][ C1] [ 414.081090][ C1] [ 414.084024][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 414.090022][ C1] RIP: 0010:pv_native_safe_halt+0x13/0x20 [ 414.095766][ C1] Code: 43 dd 02 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 83 b5 1a 00 f3 0f 1e fa fb f4 18 dd 02 00 cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 [ 414.115397][ C1] RSP: 0018:ffffc90000197de0 EFLAGS: 000002c6 [ 414.121459][ C1] RAX: e94e3eb6f1ba7900 RBX: ffffffff8196d6a8 RCX: e94e3eb6f1ba7900 [ 414.129472][ C1] RDX: 0000000000000001 RSI: ffffffff8d991910 RDI: ffffffff8be322c0 [ 414.137454][ C1] RBP: ffffc90000197f20 R08: ffff8880b8732f1b R09: 1ffff110170e65e3 [ 414.145436][ C1] R10: dffffc0000000000 R11: ffffed10170e65e4 R12: ffffffff8fa18cf0 [ 414.153411][ C1] R13: 0000000000000001 R14: 0000000000000001 R15: 1ffff110039d5b40 [ 414.161384][ C1] ? do_idle+0x1e8/0x510 [ 414.165644][ C1] default_idle+0x13/0x20 [ 414.169971][ C1] default_idle_call+0x74/0xb0 [ 414.174754][ C1] do_idle+0x1e8/0x510 [ 414.178822][ C1] ? __pfx_do_idle+0x10/0x10 [ 414.183432][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 414.188632][ C1] cpu_startup_entry+0x44/0x60 [ 414.193412][ C1] start_secondary+0x101/0x110 [ 414.198170][ C1] common_startup_64+0x13e/0x147 [ 414.203125][ C1] [ 414.206136][ C1] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 414.213492][ C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.16.0-rc3-next-20250623-syzkaller #0 PREEMPT(full) [ 414.224584][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 414.234638][ C1] Call Trace: [ 414.237905][ C1] [ 414.240738][ C1] dump_stack_lvl+0x99/0x250 [ 414.245323][ C1] ? __asan_memcpy+0x40/0x70 [ 414.249908][ C1] ? __pfx_dump_stack_lvl+0x10/0x10 [ 414.255108][ C1] ? __pfx__printk+0x10/0x10 [ 414.259699][ C1] panic+0x2db/0x790 [ 414.263599][ C1] ? __pfx_panic+0x10/0x10 [ 414.268020][ C1] ? common_startup_64+0x13e/0x147 [ 414.273143][ C1] __warn+0x334/0x4c0 [ 414.277140][ C1] ? ip_mr_output+0xbb1/0xe70 [ 414.281820][ C1] ? ip_mr_output+0xbb1/0xe70 [ 414.286492][ C1] report_bug+0x2be/0x4f0 [ 414.290816][ C1] ? ip_mr_output+0xbb1/0xe70 [ 414.295486][ C1] ? ip_mr_output+0xbb1/0xe70 [ 414.300151][ C1] ? ip_mr_output+0xbb3/0xe70 [ 414.304830][ C1] handle_bug+0x84/0x160 [ 414.309071][ C1] exc_invalid_op+0x1a/0x50 [ 414.313591][ C1] asm_exc_invalid_op+0x1a/0x20 [ 414.318441][ C1] RIP: 0010:ip_mr_output+0xbb1/0xe70 [ 414.323728][ C1] Code: df e9 63 f6 ff ff e8 7e a7 be f7 48 8b 74 24 18 45 31 f6 31 ff ba 02 00 00 00 e8 fa 09 4c ff e9 45 f6 ff ff e8 60 a7 be f7 90 <0f> 0b 90 e9 94 f5 ff ff e8 52 a7 be f7 90 0f 0b 90 42 80 3c 2b 00 [ 414.343336][ C1] RSP: 0018:ffffc90000a08900 EFLAGS: 00010246 [ 414.349400][ C1] RAX: ffffffff8a012580 RBX: ffff8880513f3a00 RCX: ffff88801ceada00 [ 414.357377][ C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000 [ 414.365346][ C1] RBP: ffffc90000a08a10 R08: ffff88801ceada00 R09: 0000000000000004 [ 414.373310][ C1] R10: 0000000000000003 R11: ffffffff8a0119d0 R12: 0000000000000010 [ 414.381280][ C1] R13: dffffc0000000000 R14: ffff88807d405900 R15: 0000000000000000 [ 414.389268][ C1] ? __pfx_ip_mr_output+0x10/0x10 [ 414.394295][ C1] ? ip_mr_output+0xbb0/0xe70 [ 414.398984][ C1] ? __pfx_dst_output+0x10/0x10 [ 414.403831][ C1] ? trace_kmem_cache_alloc+0x1f/0xc0 [ 414.409200][ C1] ? kmem_cache_alloc_node_noprof+0x217/0x3c0 [ 414.415289][ C1] ? __pfx_ip_mr_output+0x10/0x10 [ 414.420311][ C1] ? skb_dst+0x4f/0xd0 [ 414.424379][ C1] ? dst_output+0x177/0x1c0 [ 414.428879][ C1] igmp_send_report+0x89e/0xdb0 [ 414.433725][ C1] ? __pfx_igmp_send_report+0x10/0x10 [ 414.439085][ C1] ? do_raw_spin_lock+0x121/0x290 [ 414.444112][ C1] ? do_raw_spin_unlock+0x122/0x240 [ 414.449305][ C1] igmp_timer_expire+0x204/0x510 [ 414.454254][ C1] call_timer_fn+0x17b/0x5f0 [ 414.458868][ C1] ? __pfx_igmp_timer_expire+0x10/0x10 [ 414.464346][ C1] ? call_timer_fn+0xbe/0x5f0 [ 414.469030][ C1] ? __pfx_call_timer_fn+0x10/0x10 [ 414.474147][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 414.479340][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 414.484540][ C1] ? __pfx_igmp_timer_expire+0x10/0x10 [ 414.490000][ C1] __run_timer_base+0x61a/0x860 [ 414.494859][ C1] ? ktime_get+0x3e/0x1f0 [ 414.499192][ C1] ? __pfx___run_timer_base+0x10/0x10 [ 414.504562][ C1] ? seqcount_lockdep_reader_access+0x15f/0x1c0 [ 414.510855][ C1] run_timer_softirq+0xb7/0x180 [ 414.515711][ C1] handle_softirqs+0x283/0x870 [ 414.520494][ C1] ? __irq_exit_rcu+0xca/0x1f0 [ 414.525269][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 414.530573][ C1] ? irqtime_account_irq+0xb6/0x1c0 [ 414.535771][ C1] __irq_exit_rcu+0xca/0x1f0 [ 414.540364][ C1] ? __pfx___irq_exit_rcu+0x10/0x10 [ 414.545563][ C1] irq_exit_rcu+0x9/0x30 [ 414.549805][ C1] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 414.555435][ C1] [ 414.558383][ C1] [ 414.561304][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 414.567372][ C1] RIP: 0010:pv_native_safe_halt+0x13/0x20 [ 414.573094][ C1] Code: 43 dd 02 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 83 b5 1a 00 f3 0f 1e fa fb f4 18 dd 02 00 cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 [ 414.592696][ C1] RSP: 0018:ffffc90000197de0 EFLAGS: 000002c6 [ 414.598753][ C1] RAX: e94e3eb6f1ba7900 RBX: ffffffff8196d6a8 RCX: e94e3eb6f1ba7900 [ 414.606732][ C1] RDX: 0000000000000001 RSI: ffffffff8d991910 RDI: ffffffff8be322c0 [ 414.614712][ C1] RBP: ffffc90000197f20 R08: ffff8880b8732f1b R09: 1ffff110170e65e3 [ 414.622672][ C1] R10: dffffc0000000000 R11: ffffed10170e65e4 R12: ffffffff8fa18cf0 [ 414.630655][ C1] R13: 0000000000000001 R14: 0000000000000001 R15: 1ffff110039d5b40 [ 414.638634][ C1] ? do_idle+0x1e8/0x510 [ 414.642880][ C1] default_idle+0x13/0x20 [ 414.647248][ C1] default_idle_call+0x74/0xb0 [ 414.652013][ C1] do_idle+0x1e8/0x510 [ 414.656079][ C1] ? __pfx_do_idle+0x10/0x10 [ 414.660657][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 414.665855][ C1] cpu_startup_entry+0x44/0x60 [ 414.670612][ C1] start_secondary+0x101/0x110 [ 414.675370][ C1] common_startup_64+0x13e/0x147 [ 414.680323][ C1] [ 414.683691][ C1] Kernel Offset: disabled [ 414.688022][ C1] Rebooting in 86400 seconds..