last executing test programs: 4m2.283825468s ago: executing program 2 (id=59): sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_mount_image$hfsplus(&(0x7f0000000600), &(0x7f0000000200)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x800, &(0x7f0000000040)=ANY=[@ANYRES16=0x0, @ANYRES32=0x0, @ANYRES32, @ANYRESDEC, @ANYRES8=0x0, @ANYRES64, @ANYRESHEX], 0x1, 0x65f, &(0x7f0000000640)="$eJzs3c1vHGcdB/DvbBwnm5bUTZM2oEq1GgkQFolf5IK5EBBCPlSoKgfOVuI0VjZpsV3kVog6vF576B9QDr4gTkjcIxUOXODWG/KxEhKXXjCnRTM7a2/WL123jXdTPp9o9nmeeWae+T2/2Zl9saIN8H9rcSpjD1JkcerljbK9vTXX2t6au9utJzmTZDMZS9JIUvyn3W5/kFxPit1hir5yn/dWFl798OPtjzqtsXqptm8ctV+fervNvtWb3XWTSU7V5Wfw0Hg3PvN4xW7k15NcqUsYutNJ2g/56d+e3O3p0Txo77MnEiPwaBWd1819JpJz9YVevg/ovvI2Tja6wZ0ZcLv+dxAAAADwuBnkM/BTO9nJRnH+BMIBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAL4TNvd//L+ql0a1Ppuj+/v94vS51fbS8cLzNHzyqOAAAAAAAAADgBL2wk51s5Hy33S6qv/m/WDUuVo9P5M2sZTmruZqNLGU961nNTJKJnoHGN5bW11dnBthz9sA9Zz8h0DN12fx85g0AAAAAAAAAXzC/zOLe3/8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAUFMmpTpHifs/qiTTGkpxNMl6u2Ez+0a0/zh4MOwAAAAA4AU/tZCcbOd9tt4tcTPJs9R3A2byZe1nPStbTynJuVt8LdD71N7a35lrbW3N3y2X/uN/797HCqEZM57uHg498udqimVtZqdZczY28nlZuplHtWbpcx9MdtS+u+2VMxXdrA0Z2sy7Lmb9bl/u8c6zJHuaYX6ZMVBk5vZuR6Tq2MhtPd8/MwWfomGen/0gzaewGe7HvSH2T+FQ5P1eX5Xx+e1jOh6I/E7M9z75nj8558rU///En03V9dKY0mFN12a4em/szMdeTiecGycTt1r07t2+tTT1umdhnusrEpd32Yn6YH2cqk3klq1nJz7KU9SxnMj+oakv1yS96LvlDMnX9odYrnxTJeP0M7Zys48X0YrXv+azkR3k9N7Ocl6p/s5nJtzKf+Sz0nOFLR5/h6qpvHHLVt790YPBXvl5Xmkl+V5ejoczr0z157b3nTlR9vWv2snRhgCwd89449pW6Uh7jV3U5GvozMdOTiWeOzsTvq9vKWuvendXbS28MdrgL79aV8jr6zUjdUsvny4XyZFWth58dZd8zB/bNVH0Xd/sa+/ou7fZ1rtTNQ6/U8fo93P6RZqu+5w7sm6v6Lvf0HfR+C4CRd+4b58ab/2r+vfl+89fN282Xz37/zLfPPD+e0385/Z2x6VNfbTxf/Cnv5xd7n/8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBPb+2tt+8stVrLq32Vdrv9ziFdI1/J5D+fKOd2QFf358xOMJ4vP5mMRFqGWvlvu92u1xSHbPOHv45Motq1kUjdkCrDvS8Bj9619btvXFt76+1vrtxdem35teV7C/PzC9ML8y/NXbu10lqe7jwOO0rgUdh70R92JAAAAAAAAAAAAMCgTuK/Ewx7jgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDjbXEqYw9SZGb66nTZ3t6aa5VLt7635ViSRpLi50nxQXI9nSUTPcMVhx3nvZWFVz/8ePujvbHGuts3jtpvMJv1kskkpzrl/c9rvBt1eaTiqCkUuzMsE3almzgYtv8FAAD//z3RCsM=") creat(&(0x7f0000000300)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) unlink(&(0x7f0000000080)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) socket$netlink(0x10, 0x3, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x6, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="1802000020a000000000000000000000850000001700"], &(0x7f0000000140)='syzkaller\x00', 0x1, 0x98, &(0x7f0000000000)=""/152}, 0x94) syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='mnt\x00', 0x4, &(0x7f0000000000), 0x0, 0x236, &(0x7f0000000300)="$eJzs3TFoM2UcBvDnLomf/b4gVRdBUEFEtFDqJrjURaEgpYgIKlREXJRWqC1urZOLg84qnVyKuFkdpUtxUQSnqh3qImhxsDjoELlcK9VGFFNz8t3vB5fcJe97//e4e95kOS5Aa00nmU/SSTKTpJekON/grnqZPt3cntpfTgaDx38shu3q7dpZv2tJtpI8mGSvLPJiN9nYffro54NH731jvXfPe7tPTU30IE8dHx0+dvLu4usfLjyw8fmX3y8WmU//D8d1+YoRn3WL5Jb/otj/RNFtegT8E0uvfvBVlftbk9w9zH8vZeqT9+baDXu93P/OX/V964cvbp/kWIHLNxj0qt/ArQHQOmWSfopyNkm9Xpazs/V/+K87V8uXVtdemXlhdX3l+aZnKuCy9JPDRz6+8tG1P+X/u06df+D6VeX/iaWdb6r1k07TowEmqcr/zLOb90X+oXXkH9pL/qG95B/aS/6hveQf2kv+ob3kH9pL/qG95B/a63z+AYB2GVxp+g5koClNzz8AAAAAAAAAAAAAAAAAAMBF21P7y2fLpGp++nZy/HCS7qj6neHziJMbh69XfyqqZr8r6m5jeebOMXcwpvcbvvv6pm+brf/ZHc3W31xJtl5LMtftXrz+itPr79+7+W++7z03ZoExPfRks/V/3Wm2/sJB8kk1/8yNmn/K3DZ8Hz3/9KvzN2b9l38ZcwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABMzG8BAAD//8n0bSk=") mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) r1 = dup(r0) ioctl$TIOCL_BLANKSCREEN(r1, 0x541c, &(0x7f0000000080)) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_FLUSH(r2, 0x29, 0xd4, &(0x7f00000000c0)=0x7, 0x4) 4m1.25529157s ago: executing program 2 (id=64): r0 = socket$kcm(0x10, 0x2, 0x4) close(r0) r1 = socket$kcm(0x2, 0x200000000000001, 0x0) r2 = socket$kcm(0x11, 0xa, 0x300) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001540)=ANY=[@ANYBLOB="bf16000000000000b7070000000100004870000000000000500000000000000095000000000000002ba728041598fbd30cb599e83d24a3aa81d36bb3019c13bd23212fb56fa54f2641d8b02c3815e79c1414eb07eae6f0711e6bd917487960717142fa9ea4318123f602000000000080de89e661168c1886d0d4d94f204e34ff65c26e278ef5b915395b19284a1a4bc72fbc1626e3a2a2ad358061d0ae0209e62f51ee988e6ea604ce974a22a550d6f97080980400003e05df3ceb9f1feae5737ecaa80a666963c474c2a100c788b277beee1cbf9b0a4d3881dcc7b1b85f3c3d44aeaccd3641110bec4e90a6341965c39e4b3431abe802f5ab3e89cf6c662ed4048d3b3e22278d00ce00000000d3a02762c2951257b85802189d74005d2a1bcf9436e192e23fd275985bf31b714f000bcab6fcd610f25f5888000000003f11afc9bd08c6ebfbb89432fb465bc52f49129b9b6150e320c9901de2ebb9000000018e3095c4c5c7a156cec33a667dccaff950ca1e5efdd4c968dacf81baa3a509b1041d06f6b0097c430481824a3f4fddd3c643f630ba175d876defd3541772f26e27c44cfdb2d85d6d29983e830a9cdd79837b3468e8c67a571d0a017c100344c52a570dd39877dfb2ff1ae66e1ce917474b2e650ae630afd086004c4a56c6cce6e51723257c872c5255f20100000000000000f041b665ab21372c8d8b7bac5b5c784d20a4a24d8dbd75062e1daef9dead619cc6e7baa72707157791c3d2a286ffb8d35452bb5d36c2a8682bf7ecbd53f950ef4709ec01e230d2f53594ef4839c6130c4c13a0cca84b9935f771fd49e480cd9d48aeb12b1d6acabd38a817bcd222614d1f62734d679039a97d2b74f9e8e997ccd314000f7477137f4e8e7025123e783df8b8a17e3aa9fe1f662aef87a065b03cfb65b4dfe4f1b56e1f23128d743753a1de172d683d5892ce9414a1d98ea93e3d35dbb6c23b90cf36e83b8a434a97d09343d7f83079ccb02e69d384146056d125cfa788237874dd42dae334bda042819a2aa24dba1c25be2794448b4f63483026b5e34d44705b76ef29241adab0dd7d68bf975e02069f6f2425e1bc97a3d588085f16bef63a06578d4f5de7bfb6aaa75f16996d536256c02284cb1d3a6fb8cae87691fae365a70c3fc69e1565bba8dd8a8ca049f798abe646f738bebd69413afc9d8a5edd7aaa000000000000001e6c2f2a287c5278a218dbfaffffff00a14db5cfa6819eb1d39c48cfdc80d215c9e16e0c4736c819363154cca4e2f89800d18c89d7f46f679df6c9e2952ae1ebfd0ca88368ee6ce139e8b5822c22cf2e9dde943d34c432e1001171792c65986146666a5490928441f47e0fe5eac41824ca1fd0eb71aa243c88d5480efd8329d9a733d8f9ffffff5f912ac4e34bf6ea8a86da707b03bddb491ba0cc98f6be92c50008a2b50025419d1476c73132ca7ca26ce8a7e3ffb700f09e157f9b844051f1a642aca9ff98c9036471ccff0522903e7bcf62e18f7696bbc280b95e8e0d6fd5644b0ebde3a95b06548862de809d3dae3cccf109f7c78e8479a345e800000000000000000000009455bf417627ce723a5d9103706aba69279500bb82f6b5a3ddc0bd9856712945b70c75ce5b722578820820d010d7a3cffc99fc647d0b82ef26ab708c0b19ed144be51c3b398f0e6bb7a30006000000cba12953d58cff0f0378740fe6662f377b97d8e7cdb047acd083d3cd3856476a60a49ad127ba6570bafc2bbcf9ee721fd9cb467ff071e5604fbf0491245c0000007d932d7a64de4c4aa433fc0840aff7c47da3a4c6966d0000000000000000f6bfbae29e8a6e2a889f6ef6869d82d6bd73eb76b65c7a35a54a4a6b8ad4600e3a972a0bb5971a5f16590b0a03dafa3fd1118765cc8ab9fccf3b51c41a339f200f2fa33006910a679a9ae0187b4d750c4bd244cb0cbfd23b265f4d4da448a7a0d19c5e430a31609dfa2dde267551467eb6475293dd7012cc449009981f22820e57a0eff234ccfe21d7a2302e000669753d3c3432cc14ee1abe724adb6b5431befedd3e22971118f0e21aed1823cb7dde8212a8531bd9691dd4cc6a370e9eb56b3d790b98f2bd0db1e5de6a146597b2cbb7103040d2a39d7965d34df524b760ab92efcce7dd1574052c735935bf6a752c015c7f5ffee9ff66e5dd2866b15b6e0d17618cb1f5c1ee4b051f47db7aa110f499f840a5c965443d725556351ee25fe09f69494b053678dcadcf02e063dff2fa4bef1ac3bbbebe6c74d71ec3b23e29895eff1d1017024fe3e8cc759b05785adc346b7ffd05963f92c1d0d7d90ba878ad89e490f3e29ac51d30632869a534418f916bf6fe8167827a8e6c8f8b391c822805cb0adf1b8bd6947ff208753eb0d208ce14f7b206b2e02c21e963abc5ceb735c1b3c46b0a843de52a903375dfb663a8d8ee9c2b2705c1a81d9d3b9656b219c8cd99c9cafcd0d0540884d97aecb19983fc6af29ab44a82aff9cba921192c665b877af6539bdb1b567f481ba07982e7ad758f4e1eac69e7e88a63960975f490e161e371ec8534791e3b61c685d900a9c0839208356b53750e76fcc3c2d1bddcbd83897921414d0c02e8188f3df79ea2a5c5444004830e6cb227ca1bdafb977c00000000003a417193b8c5d793687335a930867094fd6a78218218e04b705ec62f1608cb569b81914e68f175b392af6bc4fd2121d7fd276af2c97a441b56e7a0687d98b8e76d8d0d231e4fe00be1de76bd19cc12e2bd938eb681ed6bc951c1b4f7c51af59eea4d40c6000000000200778a677b72786311153271a3313da02645e11761699e4d04ac86dd14ff7b9a10d3fa74696fe3953a5b7706bf5d1faba4b18808d9cb0e9db696dec4e0820ee4028d7225a2c9c427cf64cbde6fba056b2006b7a37c1181d530fb865e235cd302f3b4071ee5237ada986b9e5e3144bf479f277f10656ad3744037ccc9c63685a6f1109d2ea73773d3635f61497f1fa1ea4a16f601800bf3e59141fbf05a96113320c445f9ba8596970d5254727e804fbd99ccefb7c09269dd2c5c25e56e169ac15980f3f85f7ca36dd5950ef5b64fd46f123311829534a82940994199b3cf7a8fabea9930952f5da9b909c1946e55289f668c423fcbb31ae91864c882313151741a67538c9689dc8ecc9903c7041e5c0704e2fa55a756487517a7445cbd9e3f5175e41c0000000000000000000a000000bf98efd587fffe326f474b0b089c017b16c0062cbce96f5adebec52a79f9363909842f79c50a1520be46d87003137e4c5031f00123e812a5e37cd52c9eb7336281cb8c6ce9934b157d7875a70eaf103cb3938e2361c51cd1eab8a26b232acf6bf0ab829c26dab637538b2eb1420d812d2b80c777710ba0f18e4661681aa218d9ba54023ab4305d77eb15611ae2545835e9d30e9f6d4fb43a291c69545a1eea0f8720431132d8549f99bf6c5cb060da70cbb59d0a000000000034d083fc37d2449f72de0cbea4bc1dc89c136cdbc504f849d5502d77a95c7bfff4cd9c03058d0d4d07ea64824f1acf2b39389f675f39d01719cdbab3f1ce10609c8d7b3e37cb99b41da5e485a441b6a103549f55ab09dc98767763d1f2fafd45bb7d2b40050d1f8292f4d9ec6d0000000000003932062290f4996fdd55b06023437e9e2072daf7f5d82f6f1b5b89a41134f4dc2e65bb11272fdf8c8141f41d6160b3d8b6ecd16d14267f61b4881adee7f07f3d6af5ae79e16fe2c3f55ac7a6392d2e1d9b4286b6c3e1f5a76b85ed6e1f0000c67e6c5fcdc8c39381be4799b8cb2d08b8262c807dd755e22b801162381aa9d1af2bbc9cfd497585337eac408b8475b47a392a10cae349160f128e5f873a58064eb400c36a90624f6aed398a215e9ce64522ab249f67c38a656d32ecff5cdb2b039c4abf349d2c0f88a42e9189bbfa7f5cf35b6e7ef8f9d33163b7ea875583e3aec4714c9c4ca3ecb04f2720237615a28bf310b58ffa2a103216fdcc8c2d8f5d55e5e7ebf147105272aaae56e86d856b3cf79a3f7306436762dd1a08ce873e07cebc7892ec6f9f696da38feed3dc0001500e34adae1ba89a32bad2af9030f840f1ba46cdadd5cbacc59352c290f55d971b65953533668c25f21d8d62d849e9058eaa97c63491568887548f668cdbca2abf01a361a0b64d8b523e669da350e3ec7445dfbf366b0b3bc5e76824a1e43eaaeca70db90f2fa39596443447671933079a24fe3681ad9ac361f71ac279a688f10a1cc4df1112105edebc5e3bbc394c8305ab129ca2dfb9b7c5e9d097bd01b495cccefddce569117f7f5d6a6270ff0f0f4c371029ca8489571b55841bf3dd003bc81460eee57ceb3c33f4e9300b0144fe040cf5fcfcbb616c2070237881afdb314cecd1623f3e55ab8b7627fa1be349145a8d6313cbc790eefe2020138e82fb9d351be4ddcbcc9bc048dd3db5828d16baec6e07a007f0030f34ea3cfd524d6fa1d45da5641d6c94e1d3ae7fba1c85035d2a60ef1696e0d96aa1c60019f73ae0aa6113cd66ef26b5777337c26e1461405d86fdf091edd526f25cada439bb3609ed5c35ab60a539ade786bd6004d0ea3edbd6c4da0d8e8be8c771c8c8a0b07d9859e04adb18964dcce9bce546074c26dffbc2df372a016e8c845d4257000000000000000000000000000000000000f29657697d9c2b132b2dc2f5ea5122836582a7e85fe2bc166f17aefd9d861de0191f5277d4a3b5afb6f23d9eea2459f7844606e1202768d83c24cc791bde44a448022bbfa571fe029a7b2d5152639ee283894ab6168992ff0acc01b39a078f285ce615351f262019586eb9447bb3eaffd7b53d8f37ca6c5f1027dd5b7592996c8a7789ba108979cc9ad07ed86682843e2eaa855dd01443ee6ffde1811f10039d5d14458177096e15cc4d8f2582a1bea5ccb9f10f615c87c441dc50a244bc138a1cae9868c3079bafe69769000000000000000000e99b63029d219cd3545a8426b56554a9f265d3557eefb3602894507c256cb8ee9ebadfecb6afeb84ba757bfa8d00a5af0dd6aa1e8144ef8ef04410d52204c335408941b8eccc5c734cc6a05247142ed647f89bcb5c043acfb382b9cc918bc3cdc368983157851cdf678800aa7eb2a6cbc12c7ae23bc88b8f10223ab2a093429f3f6965bc5af0114cf6f246e891e20ecaad7059866506c3000000000c3230e901e885b7a4a36bdfdb5ce7a2e5807a0f4c1d461d1243fccf51b875b49490cd7d044e7a1e1a4c013fae1f070a8a37ab90da2efc6c875b3aab34b75a252072691fc97bef0fed8ee597ab83bb53f89c36bc2ee3ad54904542f66dc94132df75fc9944882d6f2e13b7057e0000000000000000000000000000000000001b726c0ccd24000000000000cfd2f4d005578b9ed06e1c41ef3b411066739de953d39b968caaca1507928d68c8f052"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffe89}, 0x48) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f0000000000)=r3, 0x4) sendmsg$inet(r1, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @local}, 0x10, 0x0}, 0x30004081) sendmsg$inet(r0, &(0x7f0000000540)={0x0, 0xc027, &(0x7f0000000340)=[{&(0x7f00000000c0)="97eb000014006bcd9e", 0xeb97}], 0x1, 0x0, 0x0, 0x1f000000}, 0x600) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_GET(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000380)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000000000004900000008007300000000000e0001006e657464657673696d0000000f0002006e657464657673696d300000080003000100001248be6962fcdcd9c8b27257c7fdcfbdefbef58c83dea3804ad6c4e71c8045431e7e2ec57653587e9165c97d08"], 0x44}}, 0x0) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$nl802154(&(0x7f0000007e00), r6) ioctl$sock_SIOCGIFINDEX_802154(r6, 0x8933, &(0x7f00000001c0)={'wpan3\x00', 0x0}) sendmsg$NL802154_CMD_SET_SEC_PARAMS(r6, &(0x7f0000007f80)={0x0, 0x0, &(0x7f0000007f40)={&(0x7f0000000200)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="010029bd7000fbdbdf251500000900000300", @ANYRES32=r8, @ANYBLOB="0c002b800800010002000000"], 0x28}, 0x1, 0x0, 0x0, 0x40040}, 0x40000) r9 = socket$netlink(0x10, 0x3, 0xa) r10 = dup(r9) r11 = io_uring_setup(0x5856, &(0x7f0000000280)={0x0, 0x0, 0x4, 0x0, 0x3}) poll(&(0x7f0000000200)=[{r11}], 0x1, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r12 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r12}, 0xc) bpf$PROG_BIND_MAP(0xa, 0x0, 0x0) r13 = open(&(0x7f0000000040)='./file1\x00', 0x1850c2, 0x14c) ftruncate(r13, 0x200004) sendfile(r10, r13, 0x0, 0x80001d00c0d1) r14 = fsopen(&(0x7f0000000180)='virtiofs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r14, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040)='c:::\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r14, 0x6, 0x0, 0x0, 0x0) 4m0.169118739s ago: executing program 2 (id=69): openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4080c}, 0x2000c845) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000001280)=ANY=[], 0x17) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() r1 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, 0x0, &(0x7f0000000540)) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) unshare(0x10000000) sched_setaffinity(r0, 0x8, &(0x7f0000000400)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = openat$binfmt_format(0xffffffffffffff9c, &(0x7f0000001580)='/proc/sys/fs/binfmt_misc/syz0\x00', 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) read(r4, 0x0, 0x0) r5 = syz_open_dev$I2C(&(0x7f0000000000), 0x0, 0x0) ioctl$I2C_PEC(r5, 0x708, 0xffffffffffffffff) ioctl$I2C_SMBUS(r5, 0x720, &(0x7f0000000100)={0x1, 0x2, 0x7, &(0x7f00000000c0)={0x10, "fe385d991361090495d58c490b6a1ffd1b5343fba6170247e804aefad6fdbba137"}}) setxattr$incfs_metadata(&(0x7f0000000800)='./cgroup\x00', &(0x7f0000000840), &(0x7f0000000880), 0x0, 0x1) removexattr(&(0x7f0000000200)='./cgroup\x00', &(0x7f0000000000)=@known='security.selinux\x00') ioctl$sock_ifreq(0xffffffffffffffff, 0x89a2, &(0x7f0000000280)={'bridge0\x00', @ifru_settings={0x43, 0x0, @sync=&(0x7f0000000340)={0xc, 0x3, 0x4}}}) 3m59.013844828s ago: executing program 2 (id=75): mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101097, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000440)='./file0/file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0) mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000300)='./file0\x00', 0x0, 0x2125099, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x42, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000100)=@newlink={0x3c, 0x10, 0x400, 0x0, 0x10, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_AD_LACP_RATE={0x5, 0x15, 0xff}]}}}]}, 0x3c}}, 0x41) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e"], 0x50}}, 0x4000000) socket$nl_generic(0x10, 0x3, 0x10) socket$packet(0x11, 0x3, 0x300) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) getsockopt$inet6_mptcp_buf(r1, 0x11c, 0x3, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './cgroup\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r5 = socket(0x40000000015, 0x5, 0x0) setsockopt$SO_RDS_TRANSPORT(r5, 0x114, 0x8, 0x0, 0x0) close(r5) openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x20000, 0x0) 3m57.549889462s ago: executing program 2 (id=78): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="380000006c0015000000d9fece23b82004000000", @ANYRES32=r0, @ANYBLOB="000080000000"], 0x38}, 0x1, 0x300}, 0x0) r1 = socket(0x10, 0x3, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x4924b68, 0x0) 3m57.18081398s ago: executing program 2 (id=79): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000010c0)=ANY=[@ANYBLOB="4000000010003b0c00"/20, @ANYRES32=0x0, @ANYBLOB="0000000005000000200012800b00010065727370616e000000000000000008000500130001"], 0x40}}, 0x40080c0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SNDRV_CTL_IOCTL_TLV_READ(0xffffffffffffffff, 0xc008551a, &(0x7f0000000040)={0x7}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@gettaction={0x14, 0x32, 0x801, 0x70bd29, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x880e) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000440)=[@text64={0x40, &(0x7f0000000180)="66baa000ecc744240011000000c7442402b16e0000ff2c2443f466baf80cb8f2c96789ef66bafc0c66ed0f072e0f01c248b820450000000000000f23d00f21f835000000010f23f8c46289900cabb9f9080000b8c93c0000ba000000000f30c4816857a601000000", 0x68}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000880)={0x1, 0x0, @pic={0x8, 0x7, 0x8, 0x14, 0x2, 0x1, 0xc5, 0x9, 0x28, 0x2, 0x1, 0x95, 0xb, 0x8, 0x8e, 0x4}}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 3m56.793946461s ago: executing program 32 (id=79): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000010c0)=ANY=[@ANYBLOB="4000000010003b0c00"/20, @ANYRES32=0x0, @ANYBLOB="0000000005000000200012800b00010065727370616e000000000000000008000500130001"], 0x40}}, 0x40080c0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$SNDRV_CTL_IOCTL_TLV_READ(0xffffffffffffffff, 0xc008551a, &(0x7f0000000040)={0x7}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@gettaction={0x14, 0x32, 0x801, 0x70bd29, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x880e) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000440)=[@text64={0x40, &(0x7f0000000180)="66baa000ecc744240011000000c7442402b16e0000ff2c2443f466baf80cb8f2c96789ef66bafc0c66ed0f072e0f01c248b820450000000000000f23d00f21f835000000010f23f8c46289900cabb9f9080000b8c93c0000ba000000000f30c4816857a601000000", 0x68}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000880)={0x1, 0x0, @pic={0x8, 0x7, 0x8, 0x14, 0x2, 0x1, 0xc5, 0x9, 0x28, 0x2, 0x1, 0x95, 0xb, 0x8, 0x8e, 0x4}}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2m12.933913848s ago: executing program 5 (id=356): bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock}, 0x70) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)=ANY=[@ANYRES32=r0, @ANYRES32=r1, @ANYBLOB="02"], 0x10) socket$kcm(0xa, 0x2, 0x88) 2m12.768555653s ago: executing program 5 (id=357): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da0700000000000109022400010000000009040000090300000009210000000122220009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) r1 = syz_usb_connect(0x0, 0x24, &(0x7f0000001080)={{0x12, 0x1, 0x0, 0x78, 0x82, 0xb7, 0x40, 0x2c42, 0x1709, 0xcab7, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xbf, 0x60, 0xe7}}]}}]}}, 0x0) syz_usb_control_io(r1, 0x0, &(0x7f0000000980)={0x84, &(0x7f0000000440)={0x40, 0x18, 0x1, "8e"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(r1, 0x0, 0x0) syz_usb_control_io$uac1(r1, 0x0, &(0x7f0000000380)={0x44, &(0x7f0000000000)=ANY=[@ANYBLOB='\x000\v'], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0) syz_usb_control_io$printer(r1, 0x0, &(0x7f0000000480)={0x34, &(0x7f0000000540)={0x0, 0xb3765c6765b39a42, 0x1, "d0"}, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, &(0x7f0000000bc0)={0x24, &(0x7f0000000a40)={0x20, 0xb, 0x4c, {0x4c, 0x23, "76ebe5960f28ceeb4bddd09b6d323960e8990c9a6a320aa4c7e76c0b7522bebfd51ba3f7ab5f55b2916205f60fb97159827ed1ea6e6172510c7d0e46773091cbc909d4ec79d29e1328cd"}}, &(0x7f0000000ac0)={0x0, 0x3, 0xa2, @string={0xa2, 0x3, "5e6cabea9fa382093ad4bf339a4c4eb9f27596986b3ccb63c196beb6842c0db4101550235744445a1c5262eefcc323de6d54dc0a7668690aaaec28a07423e55f4104fc833684182298f0203ed3875d57dbd100055585a732a2a3337af72463bae952e4d70ba08574da05528c6207cce7e35d3400a68047ac92db2a7f785c219f411ed5c42b048229147f0dadf6922c4d2c7aecb947ed16e96a6f2f6c78ed1a55"}}, &(0x7f0000000940)={0x0, 0x22, 0x1d, {[@global=@item_012={0x1, 0x1, 0x8, "cf"}, @local=@item_012={0x2, 0x2, 0x0, "1690"}, @local=@item_4={0x3, 0x2, 0x4, "da9593c6"}, @local=@item_012={0x2, 0x2, 0x9, "0d7f"}, @global=@item_012={0x1, 0x1, 0x2, "94"}, @main=@item_012={0x0, 0x0, 0x8}, @local=@item_012={0x1, 0x2, 0x8, "e4"}, @global=@item_4={0x3, 0x1, 0xb, "ebc72918"}, @global=@item_4={0x3, 0x1, 0x2, "1480b2c7"}, @main=@item_012={0x0, 0x0, 0xa}]}}, &(0x7f0000000b80)={0x0, 0x21, 0x9, {0x9, 0x21, 0x5, 0x8, 0x1, {0x22, 0xd5c}}}}, &(0x7f0000000e80)={0x2c, &(0x7f0000000cc0)={0x0, 0x30, 0xed, "7edcd05aa522e19def7d847c9d7d429c6a66077f6b2efe77d7ea0bdfaf45d4cf21564b34601f070f2113f88445bab8df75f6751539317675938885aeb3e16b181e7b3cceb9bdcbc98e70a57c6be8707c8d0680e99a1dc0bcd255dc1a573ad89809305ffad4e124214b197a0fa76ec762dcf6eee80a0075befe510a445424fae06771c8b3ccafa01f1b0af12c74f2b10cd136c1a7c345371e2ae0183c4cd29eaddd326da91df8e3b8c41710bfae39e0425fe99e87db1f8c5c2d58b01acaf121e85382ac21fdae08d31aac47105c3e3777659887f187beefd42848d69fb250503216a17e88d8054cc2aa90da96e1"}, &(0x7f0000000c00)={0x0, 0xa, 0x1, 0xd6}, &(0x7f0000000c40)={0x0, 0x8, 0x1, 0x1}, &(0x7f0000000dc0)={0x20, 0x1, 0x43, "b0a8753d5c3fea06ea15c34c825428828a478d9642b428a1b3885edff7ceaafa51e2e297994b3438d26350bda9f2d813f24018276593cdcaf2aec49502be1979ec79c2"}, &(0x7f0000000e40)={0x20, 0x3, 0x1, 0x3}}) syz_usb_control_io$uac1(r1, 0x0, &(0x7f00000004c0)={0x24, &(0x7f00000002c0)={0x40, 0x15, 0x1, "af"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000ec0), 0x2400, 0x0) syz_usb_control_io$uac1(r1, &(0x7f0000000140)={0x14, &(0x7f0000000540)={0x40, 0x24, 0x95, {0x95, 0xf, "c5a4413c4f92242bea10ff62cf074619b359e7fd6fb7860f80b943ca7ef2099ce291f38ffc1a434df1eb24947ef2473aa72713abf796176499bbfdc7a94733988a10ed0f410c7066bf4c41e19aacc1416ced588589a9c08b86a62d17c914d410dd9a5bb7453478a352baa0330fc3d38ccbdb8bf0b8145e85f44ebc12730e6f4a65f9ea86ec5e6a23a18aa09ff62939b8a09b4b"}}, &(0x7f0000000600)={0x0, 0x3, 0xac, @string={0xac, 0x3, "02228e8b9066c86c1feb28acc81f82841dcaba07d232b43db181d46ca6d869b31e766ffa1d431bc3fbd0dec20860a1b8508e404c1c32f60291e6908430b580bda9d8e827430d3293f623f858ba1026ae0b1cdab552d08437cd28b6e972127709af75ecd5d9ec5f898ea6df8b6525a9dca956b45ea9e81aa3d2b282cdf31fa2666dd346a50059c7a5e9d818aa16d75ecf114b77dedb7c45720a129423b8b5c4dcc5f79aa95225b4ea09c8"}}}, &(0x7f00000008c0)={0x44, &(0x7f00000006c0)={0x0, 0x1, 0xa0, "bdc4babf264c2e986ed1889f5a2c385923264908780bbb484f9122fae09476463b2ae2f9b6d6107bbfc60a258fc2ff2c9820ee55b8a18edcda9aa492832f280caec874ea0044a95603e176a99899dbe67495763a791ee1ce36dd5f9e5435990f8d45bcdeb0e79db241e30375554e0b2444b3e2ce49f856ddb248431298c3573e3a907138054fc5b159376caa5c3a2265b640b2266649545a11721befe1e325bc"}, &(0x7f0000000200)={0x0, 0xa, 0x1, 0xd1}, &(0x7f0000000240)={0x0, 0x8, 0x1, 0x80}, &(0x7f0000000300)={0x20, 0x81, 0x1, 'T'}, &(0x7f00000004c0)={0x20, 0x82, 0x3, "494cd0"}, &(0x7f0000000800)={0x20, 0x83, 0x1, '^'}, &(0x7f0000000840)={0x20, 0x84, 0x3, "b4b062"}, &(0x7f0000000880)={0x20, 0x85, 0x3, "dc456e"}}) syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="002223000000177bea6fed05e5870c0000002a9000070900be0083000000000b09007a1580"], 0x0}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x2000002, &(0x7f0000000280)={[{@user_xattr}]}, 0x9, 0x537, &(0x7f0000000fc0)="$eJzs3c9vI1cdAPCvJ4mTbtNmF3qACtgFCgtarb3xtlHVC90LCFWVEIgD4rANiTcKseMQO1UTIpH+DXDgCn8CByQOSD1x4MYRiQNCKgekBSLQBgkkoxlPUm/idL2Nf0D8+UijmTfPM9/3ksy8mefJvAAm1o2IOIiIYkS8FREL+fpCPsXrnSn93KPD/ZWjw/2VQrTb3/pbIctP10XXNqln833ORcQ3vxbxvcLZuM3dvY3lWq26nafLrfpWubm7d3u9vrxWXatuVipLi0t3Xr37SmVgdb1e/8XDr66/8e1f/+rT7//u4Ms/TIs1n+d112OQOlWfOYmTmo6IN4YRbAym8nlxzOXgo0ki4mMR8bns+F+IqeyvEwC4zNrthWgvdKcBgMsuyfrACkkp7wuYjyQplTp9eC/ElaTWaLZuPWjsbK52+squxkzyYL1WvXNt9g8/yK4YZgppejHLy/KzdOVU+m5EXIuIn8w+k6VLK43a6vguewBgoj17qv3/52yn/e9Dj2/1AID/G3PjLgAAMHLafwCYPNp/AJg8fbT/+Zf9B0MvCwAwGk9x/58MsxwAwOjo/weAyaP9B4CJ8o0330yn9lH+/uvVt3d3Nhpv316tNjdK9Z2V0kpje6u01misZe/sqT9pf7VGY2vx5dh5p9yqNlvl5u7e/XpjZ7N1P3uv9/3qzEhqBQB8mGvX3/t9ISIOXnsmm6JrLAdtNVxunueByeUlfjC5jPYFk6v/e/zfDrUcwPj0vA+Y67n4uJ8+RRDPGcH/lJuf7L//3xjPcLno/4fJNfWRtpodeDmA0dP/D5Or3S6cHvO/eJIFAFxKF3jGv/2jQV2EAGP1pOeAB/L9PwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFwy8xHx/SgkpXws8PlIklIp4rmIuBozhQfrteqdiHg+rkfEzGyaXhx3oQGAC0r+UsjH/7q58NL86dxi4V/ZYP/FtPXP120vpuv/frJ+9nj4sMoH211gXEEAYMDeWW61tiv5vOtG/tHh/srxNMryPLwX/8mHIl45OtzPpk7OdExn87nsWuLKPwp5ujMW6YsRMTWA+AfvRsQnetW/kPWNXM1HPu2OH3ns50YaP3ksfpLldebpxdfHB1AWmDTv3YuI13sdf0ncyOa9j/+57Ax1cQ/vdXZ2fO47OtwvHsc/Pv9N9YifHvM3+o3x8m++fmZle6GT927Ei9OPxT85/xzHL5wT/6U+4//xU5/58VfOyWv/LOJm9I7fHavcqm+Vm7t7t9fry2vVtepmpbK0uHTn1buvVMpZH3X5uKf6rL++duv588qW1v/KOfHneta/eLLtF/qs/8///dZ3P/sh8b/0+V7xk3ihZ/yOtE38Yp/xl6/88tzhu9P4q+fU/0m//1t9xn//z3urfX4UABiB5u7exnKtVt2+0EJ6FzqI/ZxZSIs40B32WCh2Ff5PMdxYT7UwM6yf6tAXpk+uFQe75++kexxxdZKB1+JCC49GFWu85yVg+D446MddEgAAAAAAAAAAAAAA4Dyj+NelcdcRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAy+u/AQAA//9xkcaD") r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r4 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}) writev(r3, &(0x7f0000000400)=[{&(0x7f0000000080)="2e9b3d0007e03dd65193dfb6c575963f86ddf06712e9001c2f8db0049d90491ceaebfd26d4eef23248000000f858dbb8a19052343f", 0x35}, {&(0x7f0000000100)="051a00000e80006558", 0x9}, {&(0x7f0000001200)="8d09327c", 0x4}], 0x3) lstat(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0}) chown(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) r6 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000180)={'wlan1\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=@newqdisc={0xa8, 0x24, 0xf0b, 0x70bd2b, 0xfffffffd, {0x0, 0x0, 0x0, r7, {0x0, 0x5}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x78, 0x2, {{0x7ffd, 0x7f, 0x192, 0xf, 0x7fff, 0x205}, [@TCA_NETEM_LOSS={0x30, 0x5, 0x0, 0x1, [@NETEM_LOSS_GE={0x14, 0x2, {0x9, 0x4, 0xffffffff, 0x40}}, @NETEM_LOSS_GI={0x18, 0x1, {0x7, 0x6, 0x6d1, 0x40, 0x304}}]}, @TCA_NETEM_SLOT={0x2c, 0xc, {0x5, 0x1, 0x0, 0x0, 0x1bb, 0x4}}]}}}]}, 0xa8}}, 0x0) quotactl$Q_SETQUOTA(0xffffffff80000900, &(0x7f0000000c80)=@loop={'/dev/loop', 0x0}, r5, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c000000340001002dbd7000fedbdb2501000000080007000200007ba2f463d1156d9035a37014cf093c53f2abc319f433b4f46d8b691599383fbd77a37edf0dff9103a329dda2faecd2ec200573a722ceb10e05d2dbb4ad0d0a74d4ac8825017d85773f7bab13bf75e66276d40ff28b24264f9d29d7bd2989d465d07d8895ac0f22e013dfcb24a2761979097a361e5db0e42599fa98a559136232d61f3a942638ee482ff258e9902fc2a91c8c9c67814812a4ee1ca15d0b1ba69db8d02ec6e4cd354f626294e80c2eb0a3dba6bc68e8"], 0x1c}, 0x1, 0x0, 0x0, 0x50}, 0x4000040) 2m10.90466396s ago: executing program 5 (id=363): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000140)=@gcm_128={{0x303}, "00000100ebffffff", "2607080d7f4fcf00fd4ef2dece6c7c58", '\x00', "006e34e400"}, 0x28) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r1, 0x0, 0xd}, 0x18) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f00000001c0), 0x80280, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) read$msr(0xffffffffffffffff, &(0x7f0000000300)=""/124, 0x7c) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff}) r4 = syz_io_uring_setup(0x117, &(0x7f0000000100)={0x0, 0x0, 0x800, 0x0, 0x3a6}, &(0x7f0000000000)=0x0, &(0x7f0000000200)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffc00, 0x0, 0x4) syz_io_uring_submit(r5, r6, &(0x7f00000000c0)=@IORING_OP_SENDMSG={0x9, 0x40, 0x0, r3, 0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x18}, 0x0, 0x20040000}) r7 = socket$rds(0x15, 0x5, 0x0) bind$rds(r7, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) sendmsg$rds(r7, &(0x7f0000000180)={&(0x7f0000000040)={0x2, 0x0, @private=0xa010102}, 0x10, 0x0, 0x0, &(0x7f0000000680)=[@rdma_map={0x30, 0x10c, 0x3, {{0x0}, 0x0}}, @rdma_map={0x30, 0x114, 0x3, {{0x0}, 0x0}}], 0x60}, 0x0) io_uring_enter(r4, 0x47f6, 0x80ffff, 0x0, 0x0, 0x0) sendto$inet6(r0, &(0x7f00000001c0), 0xfffffffffffffede, 0x0, 0x0, 0x3000137) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(r0, 0x6, 0x15, &(0x7f0000000040)=0x2, 0x4) 1m37.805601721s ago: executing program 5 (id=363): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000140)=@gcm_128={{0x303}, "00000100ebffffff", "2607080d7f4fcf00fd4ef2dece6c7c58", '\x00', "006e34e400"}, 0x28) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r1, 0x0, 0xd}, 0x18) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f00000001c0), 0x80280, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) read$msr(0xffffffffffffffff, &(0x7f0000000300)=""/124, 0x7c) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff}) r4 = syz_io_uring_setup(0x117, &(0x7f0000000100)={0x0, 0x0, 0x800, 0x0, 0x3a6}, &(0x7f0000000000)=0x0, &(0x7f0000000200)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffc00, 0x0, 0x4) syz_io_uring_submit(r5, r6, &(0x7f00000000c0)=@IORING_OP_SENDMSG={0x9, 0x40, 0x0, r3, 0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x18}, 0x0, 0x20040000}) r7 = socket$rds(0x15, 0x5, 0x0) bind$rds(r7, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) sendmsg$rds(r7, &(0x7f0000000180)={&(0x7f0000000040)={0x2, 0x0, @private=0xa010102}, 0x10, 0x0, 0x0, &(0x7f0000000680)=[@rdma_map={0x30, 0x10c, 0x3, {{0x0}, 0x0}}, @rdma_map={0x30, 0x114, 0x3, {{0x0}, 0x0}}], 0x60}, 0x0) io_uring_enter(r4, 0x47f6, 0x80ffff, 0x0, 0x0, 0x0) sendto$inet6(r0, &(0x7f00000001c0), 0xfffffffffffffede, 0x0, 0x0, 0x3000137) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(r0, 0x6, 0x15, &(0x7f0000000040)=0x2, 0x4) 51.25239495s ago: executing program 5 (id=363): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000140)=@gcm_128={{0x303}, "00000100ebffffff", "2607080d7f4fcf00fd4ef2dece6c7c58", '\x00', "006e34e400"}, 0x28) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r1, 0x0, 0xd}, 0x18) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f00000001c0), 0x80280, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) read$msr(0xffffffffffffffff, &(0x7f0000000300)=""/124, 0x7c) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff}) r4 = syz_io_uring_setup(0x117, &(0x7f0000000100)={0x0, 0x0, 0x800, 0x0, 0x3a6}, &(0x7f0000000000)=0x0, &(0x7f0000000200)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffc00, 0x0, 0x4) syz_io_uring_submit(r5, r6, &(0x7f00000000c0)=@IORING_OP_SENDMSG={0x9, 0x40, 0x0, r3, 0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x18}, 0x0, 0x20040000}) r7 = socket$rds(0x15, 0x5, 0x0) bind$rds(r7, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) sendmsg$rds(r7, &(0x7f0000000180)={&(0x7f0000000040)={0x2, 0x0, @private=0xa010102}, 0x10, 0x0, 0x0, &(0x7f0000000680)=[@rdma_map={0x30, 0x10c, 0x3, {{0x0}, 0x0}}, @rdma_map={0x30, 0x114, 0x3, {{0x0}, 0x0}}], 0x60}, 0x0) io_uring_enter(r4, 0x47f6, 0x80ffff, 0x0, 0x0, 0x0) sendto$inet6(r0, &(0x7f00000001c0), 0xfffffffffffffede, 0x0, 0x0, 0x3000137) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(r0, 0x6, 0x15, &(0x7f0000000040)=0x2, 0x4) 9.044565482s ago: executing program 1 (id=665): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x20020084, &(0x7f00000018c0)={0x2, 0x4e20}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x50) r2 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000440)=@base={0xa, 0x9, 0x8, 0x2}, 0x48) r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x6, &(0x7f0000000180)=@framed={{0x18, 0x2}, [@map_fd={0x18, 0x3, 0x1, 0x0, r2}, @call={0x85, 0x0, 0x0, 0x26}]}, &(0x7f0000000080)='GPL\x00'}, 0x94) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000280)=ANY=[@ANYRES32=r1, @ANYRES32=r3, @ANYBLOB="05"], 0x10) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r1, &(0x7f0000000340), &(0x7f0000000040)=@tcp=r0}, 0x20) sendto$inet(r0, &(0x7f00000004c0)="aafa20", 0x3, 0x44080, 0x0, 0x0) 7.668256792s ago: executing program 1 (id=671): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x0, 0x0, &(0x7f0000000000)='syzkaller\x00'}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TCFLSH(r5, 0x540b, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'}) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl(r6, 0x8b2a, &(0x7f0000000040)) 6.568760298s ago: executing program 1 (id=675): openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000600)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) socket(0x840000000002, 0x3, 0xff) openat$uhid(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) setns(r1, 0x24020000) syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0) move_mount(0xffffffffffffffff, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, 0x0, 0x0) syz_clone(0x498144ee5f62e149, 0x0, 0x17, 0x0, 0x0, 0x0) umount2(&(0x7f0000000040)='.\x00', 0x2) mkdirat(0xffffffffffffff9c, &(0x7f0000001dc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) rename(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000200)='./file0\x00') 4.754730789s ago: executing program 0 (id=685): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000200)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d0ff0f1d0dbd30", 0x10) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000005dc0)=[{0x0, 0x0, &(0x7f0000001b40)=[{&(0x7f0000001d40)="d8750288189987d0fabb09b23867772c615b8004f5071a7715f73be32aea3bb1ecc3e0814fb9b752a6d48b1d4d68a4282f76c2c6535ec3ec0fe9843311a22b58a46ed495465703756e040dd9002584b5f9ae54dd851daed0c915d40f3a3fb324415ea188556f05a94c5a063dcf7be1743c393ed5fd0563366b67", 0x7a}], 0x1}], 0x1, 0x0) recvmmsg(r1, &(0x7f0000006680)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000006880)=""/121, 0x79}], 0x1}, 0x401}, {{0x0, 0x0, &(0x7f0000001740)=[{&(0x7f00000004c0)=""/4096, 0x1000}], 0x1}, 0xaf7}], 0x2, 0x63, 0x0) 4.564302302s ago: executing program 4 (id=686): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) io_uring_enter(0xffffffffffffffff, 0x2ded, 0x4000, 0x0, 0x0, 0x0) r0 = getpid() bind$inet6(0xffffffffffffffff, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mount(0x0, &(0x7f0000000200)='.\x00', &(0x7f00000000c0)='hugetlbfs\x00', 0x108, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000040)='mountinfo\x00') read$FUSE(r3, &(0x7f0000000300)={0x2020}, 0x2020) fcntl$getownex(r2, 0x10, &(0x7f0000000180)) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000001080)={0x0, 0x0, 0x0}, 0x0) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)=0x1c9, 0x12) 4.492825567s ago: executing program 0 (id=687): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'macvlan1\x00'}) socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="02000000040000000402000008"], 0x48) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0xd, 0x4, 0x4, 0x7, 0x0, r4}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r5}, &(0x7f0000000180), &(0x7f00000001c0)=r4}, 0x20) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x1, r5}, 0x38) 3.711460292s ago: executing program 0 (id=689): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = socket$inet6(0x10, 0x3, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r1, &(0x7f00000000c0)={0x4000000b}) r2 = dup3(r1, r0, 0x80000) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r2, &(0x7f0000000000)={0x30000010}) 3.456785844s ago: executing program 3 (id=690): socket$pptp(0x18, 0x1, 0x2) r0 = socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=@newlink={0x28, 0x10, 0x801, 0x0, 0x4, {0x0, 0x0, 0x0, 0x0, 0x4000, 0x4a080}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'netdevsim0\x00', 0x0}) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x3, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r5}, 0x90) 3.456159006s ago: executing program 0 (id=691): pipe2(0x0, 0x800) socket$pppl2tp(0x18, 0x1, 0x1) tee(0xffffffffffffffff, 0xffffffffffffffff, 0xfffffffffffffc01, 0x0) openat$sndtimer(0xffffffffffffff9c, 0x0, 0x2000) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0xc0042, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x34, r3, 0x101, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x17, {0x18, 0xe68, @l2={'ib', 0x3a, 'pimreg\x00'}}}}}, 0x34}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x100000000, 0x5, 0x81, 0x100000, 0x0, 0x2004c8, 0x8000000, 0xfffffffffffffffe, 0x1, 0xfffffffffffffffe, 0x0, 0x4, 0x0, 0x2], 0xeeee8000, 0x143640}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000640)={[0x202a4, 0x7, 0x8000, 0x800000000005, 0x2, 0x5, 0xefffffffffffffff, 0xb, 0x0, 0x7fffffffffffffff, 0x0, 0x9, 0x3, 0x1, 0x8000000000000000, 0xff], 0x0, 0x41845}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2.670833916s ago: executing program 0 (id=692): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000034c0)={0x34, r0, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x1685}], @NL80211_ATTR_CH_SWITCH_COUNT={0x8, 0xb7, 0x1e}, @chandef_params=[@NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x2}]]}, 0x34}}, 0x0) 2.299315345s ago: executing program 3 (id=693): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000440)=0x1, 0x4) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000003180)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x7ff, 0xf84, 0x3}, 0x1c) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, 0x0, 0x0) connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x2d, 0x0) 2.192320582s ago: executing program 4 (id=694): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001b40)={&(0x7f0000000100)='kfree\x00', r0}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_GET(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000680)={&(0x7f00000003c0)={0x2c, r2, 0x1, 0x0, 0x0, {0x1c}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'tunl0\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000840}, 0x4000000) 2.087669423s ago: executing program 3 (id=695): close(0x3) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x10, 0x4, 0x8, 0x5}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0xa, &(0x7f0000000080)=@framed={{0x18, 0x3, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x8}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd, @generic={0x66}, @initr0={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, @exit]}, &(0x7f0000001300)='GPL\x00'}, 0x94) 2.065268749s ago: executing program 0 (id=696): syz_clone(0x44044000, 0x0, 0x0, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0xffffffffffffffff, 0x87}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) recvmmsg$unix(0xffffffffffffffff, &(0x7f0000001780)=[{{&(0x7f00000003c0)=@abs, 0x6e, &(0x7f00000006c0)=[{&(0x7f0000000200)}], 0x1}}, {{0x0, 0x0, 0x0}}, {{&(0x7f0000000f80)=@abs, 0x6e, &(0x7f0000000a00)=[{&(0x7f0000001000)=""/174, 0xae}], 0x1, &(0x7f00000010c0)=[@cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x10}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0xe0}}, {{&(0x7f0000001200)=@abs, 0x6e, &(0x7f0000001680)=[{&(0x7f0000001280)=""/141, 0x8d}, {&(0x7f0000001340)=""/180, 0xb4}, {&(0x7f0000001400)=""/162, 0xa2}, {&(0x7f00000014c0)=""/190, 0xbe}], 0x4, &(0x7f0000001700)=[@cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}], 0x60}}], 0x4, 0x40000101, 0x0) r3 = openat$cgroup_int(r2, &(0x7f0000000100)='cpuset.cpus\x00', 0x2, 0x0) r4 = openat$cgroup_procs(r2, &(0x7f0000001a80)='tasks\x00', 0x2, 0x0) r5 = epoll_create(0x7) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, 0xffffffffffffffff, &(0x7f0000000180)={0x50000006}) write$cgroup_pid(r4, &(0x7f0000000380), 0x12) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000000f0000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) write$cgroup_int(r3, &(0x7f0000000040), 0x1) 1.918677212s ago: executing program 4 (id=697): socket(0x2d, 0x3, 0x5) socket$can_bcm(0x1d, 0x2, 0x2) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141121) r2 = dup(r1) write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) getsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x43, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) sched_setscheduler(0x0, 0x1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000000140)=ANY=[@ANYBLOB="61154c000000000061138c0000000000bfa000000000000015030000088d4e002d3501000000000095000000000000006916160000000000bf67000000000000350605000fff07206706000005000000160302000ee60060bf500000000000000f650000000000006507f9ff0100000007070000cddfffff1e75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd3997f9c9c4f6f3be4b369289aa6812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a81426104000000000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546ccd3f1d5ab2af27546e7c070000000000000095cb202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc8da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6916dfec85eeeb83ccaec388158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc2300000008ac86d8a297dff0445a15f21dce4de9f29eff65aadc841848c9b562a31e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076eb685d0800e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67ab93716d20000009f0f53acbb40b4f8e2738270b31562ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb400f692f374dfab73f90000000000000000000000004000bc00f679629709e7e78f4d08000000ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253880800000000000000690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc47287cd31cc43000000207b40407d000000210000000000000000005f37d83f84e98a523d80bd970d703f37ca364a601ae899a56715a0a62a34c6c94cce6994521629ab028acfc1d926a0f6a5489af8dc2f17923f3c40dfd1970a55c22fe3a5ac000000000000000000000000000000c1eb2d91fb79ea00000000000000bb0d0000000000000000b712c1e47be511fe32fbc90e2364a55e9bb609c64423d2d00fea2594e190deae46e26c596f84eba9000000000000003cc3aa39ee4b1386bab561cda886fa642994cacd4722a11dc3c693962895496d4f6e9cc54db6c7205a6b068fff496d2da7d632bd1f61b007e1d913c3fd6edc9b9bfc8c6a14ff595eff5f1be1969a1ba791ad46d800000000c7f26a0337302f3b41eae59809fd05d12f6186f117b062df67d3a63f3265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b3042065acaa10856e858d27adee7daf32903d3fc78700d429a2d4c835d803eb83eecfe4c7ff9e6ab5a52e83d089dad7a8710e0254f1b11cced7bc3c8da0c44d2ebf9f6f3ff3be4d1458077c2253b0c7c7a0a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631dbaa74f22bad050e9856b48ae3a0397c37758537650fe6db88aa3c41fdc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0afa1e1c758a0079b747067312e9815a21cb3f1f8150d999d788535a4d3114dbc7e2bf2402a75fd7a55733360040855ed551c0d634fb9fb38f84d9d87b27f8a5d91217b728f13e3ee20e69e0ffb2780b1a7af137ff7b4ff139604faf0a4da65396174b4563d54b52f06c870edf0c5d744b5272b44c23488b2bdbff947c4dfa108cbb88202eeb81f428a5b3c299848649e1a6bff5af657a67463d7dbf85ae9321fad16ee751cd7dde94ec97549c2b517dc4a29b9cba8ded5de8206c812439ab129ae818837ee1562078fc524b3baf49a0be9bb7d958d5e87c6c09bf71a894bad62934782cc308e936d7637e07c4a2a3bc87b0da23c00d9ef418cf19e7a8c4c328be0ce95798adc2dca871073f6bd61dc18402cde8bf377b2eaa45c940aabc86b94f8cbde4d470667bee722a6a2af483ad0d3415ed0f9db059a6cffb92e2a0cfd81434e00000000000000000000d154ba10a8e51489a614e69722bac30000000000000000000000000000c5c4d188ff555285b9743d3aac000583f42d168613151d681a2f71373f20d92c9048407c91fabecfe8b3f2d5454d127edab14ba61ba1cfc4336324c86f3dcb43e9a58208077e90f6ec1c7ac756f61dcc372cdd30b82507489f0bbfbd3c3f21752e81319c0161e154ceb16e00bc7f5a6962dff317f4d014786e432817064874d69a39cb0da31bcc5f81894d8a5cbb8be3f7741b18007dff12eb95f9ddf30e066cc6bc256f0a12282224bb031bbee6d23cef7074f6d718b06ca80b57aa183dd0c3eee45891441f2b89b4c67aa9882281393954972046974f18df232cd7fca610e33f51c2d062020f403d85ff36c26e2f6bd1d82f4d3ceb3472d9a77e0057a3bfe697d9ab7585f4a1b381343d2cf855689232f4fc5135790662dc1419a374be9d7b3e5be2886d23add90d862f1a682ff11c798e338af3e5bb0f9d3952b15bf3e0c618c89d20ca1e18a031397693bf3cfbd8417e5b55e641c898c280356f2da222d5d68919d98158578dcf18efa404e508bcbbb8cfcf70086821ebdf34c9a1dff45af873d0ecdf904c2bdbef81f246d26f4b40df949e12bdac18092f4e11c608cc31d60cb591c40a7b386fa1c753336d7220a35118d4919b45eff32aab684e62c6691de14e97aa7e9dc8ecf0cd50540246d2b746e41e5b4e2c095039dfe0f71db6265f7580d098be40ef36faee5d1695830d4242a23e541e6ce9fa1998d8961cf4fe3c8e8fbb566f148c8befc229614a4b7f80d237b8abc6fd0407de31d6e5532f360d379f20f054e5deb27f7922fe6c14eba96c9af409da03290e4009f872d5aac263dbe239efb1e02dd4fc07f8c5b070e2ddeb4b5afa6df2e7e162962e334d85fa4373d5b5"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x94) sendmsg$nl_xfrm(r0, 0x0, 0x4c050) r4 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r4, 0x0, 0x40010) socket$nl_generic(0x10, 0x3, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xe, 0x4, 0x4, 0x3}, 0x50) ioctl$UI_SET_PROPBIT(0xffffffffffffffff, 0x4004556e, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) setrlimit(0x7, &(0x7f0000000000)={0x4, 0x6}) syz_io_uring_setup(0xd2, &(0x7f0000000480)={0x0, 0x7f80, 0x80, 0x0, 0x34f}, 0x0, 0x0) socket(0x2a, 0x2, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) wait4(0xffffffffffffffff, &(0x7f0000000080), 0x8, 0x0) 1.917786452s ago: executing program 3 (id=698): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x89}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socket$vsock_stream(0x28, 0x1, 0x0) r2 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0xc8c7, 0x0, 0xfffffffd, 0x2}, &(0x7f0000000340)=0x0, &(0x7f00000002c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f0000000380)=@IORING_OP_STATX={0x15, 0x2, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000003c0)='./file0\x00', 0x400, 0x2000, 0x1}) sendmsg$NLBL_MGMT_C_ADDDEF(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) io_uring_enter(r2, 0x47f9, 0x0, 0x0, 0x0, 0x0) openat$cgroup_devices(0xffffffffffffffff, &(0x7f00000000c0)='devices.deny\x00', 0x2, 0x0) pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) getpid() 1.321944055s ago: executing program 4 (id=699): openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) r0 = open(&(0x7f00000002c0)='./file0\x00', 0x143044, 0x0) prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, r0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700) syz_open_dev$loop(&(0x7f00000001c0), 0x0, 0x103382) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff) prctl$PR_GET_ENDIAN(0x13, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) syz_mount_image$ext4(&(0x7f0000000440)='ext4\x00', &(0x7f0000000480)='./bus\x00', 0x0, &(0x7f00000003c0)={[], [], 0x2e}, 0x84, 0x463, &(0x7f0000002e00)="$eJzs20tvG1UbAOB3xkn79fYllHLpBQgURMQladICXbABgdQNEhIsyjKkaVXqNqgJEq0qGhAqS9RfACyR+AWsYIOAFYglsEdIFeqGwgINGnumdVI72LFTp/XzSE7OsY993ndmjn1mjh3AwBrL/yQR2yPil4gYqVeXNxir/7t29cLsX1cvzCaRZa/9kdTa/Xn1wmzZNPm5/n9b8ZrjaUT6YRJ7m/S7cO78qZlqde5sUZ9cPP325MK580+fPD1zYu7E3Jnpw4cPHZx67tnpZ3qS54481j3vze/bfeSNy6/MHr385ndf5PFvLx5vzKNutOs+x2Js+bZs8FjXr76x7GgoJ0N9DISOVCIi313DtfE/EpW4sfNG4uUP+hocsK6yLMs233RvpSwsZcAdLIl+RwD0R/lBn5//lrdbOP3ouysv1E+A8ryvFbf6I0ORFm2GV5zf9tJYRBxd+vuT/BZNr0MAAPTWV/n856lm87807m1o9/9ibWg0Iu6KiJ0RcXdE7IqIeyJqbe+LiPs77H9sRX35/Cefef24Zc3JtSGf/z1frG0tn/+Vs78YrRS1HbX8h5PjJ6tzB4ptMh7Dm/P61Cp9fP3STx+3eqxx/pff8v7LuWARx+9DKy7QHZtZnOkm50ZX3o/YM9Qs/+T6SkASEbsjYs8aXj/fZief+Hxfq8f/O/9V9GCdKfss4vH6/l+KFfmXktXXJyf/F9W5A5PlUXGz73+49Gqr/rvKvwfy/b+16fF/Pf/RpHG9dqHzPi79+lHLc5q1Hv+bktdr5U3Ffe/OLC6enYrYlCzdfP/0jeeW9bJ9nv/4/ubjf2fEP58Wz9sbEflB/EBEPBgRDxWxPxwRj0TE/lXy//bFR99ae/7rK8//WEf7v/NC5dQ3X7bqv739f6hWGi/uaef9r90Au9l2AAAAcLtIa9+BT9KJ6+U0nZiof4d/V2xNq/MLi08en3/nzLH6d+VHYzgtr3SNNFwPnSquDZf16RX1g7XrxlmWZVtq9YnZ+ep6rakD7dnWYvznfqv0Ozpg3XW0jtbqF23AbcnvNWFw1ca/yT4MpI4//00Y4I5hOMPgajb+L0Zc60MowC3m8x8Gl/EPg8v4h8Fl/MNA6uZ3/asVdh7p6FlJxNJ6hHEbFCobI4yOC5FuiDDWVkg3Rhj1wuaIaLfxxbhVgfX7nQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKA3/g0AAP//VSHodQ==") r1 = fspick(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0) fsconfig$FSCONFIG_SET_FLAG(r1, 0x0, 0x0, 0x0, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x0, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_emit_vhci(&(0x7f0000000480)=ANY=[@ANYBLOB="0404"], 0xd) syz_emit_vhci(0x0, 0x14) bpf$MAP_CREATE(0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) 1.321069611s ago: executing program 1 (id=700): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) syz_emit_ethernet(0x74, &(0x7f0000000000)={@link_local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x73, 0x0, @private, @multicast1}, {0x0, 0x0, 0xfffffe9a, 0x0, @gue={{0x2}}}}}}}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) modify_ldt$write(0x1, 0x0, 0xfffffffffffffe8a) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x2) close(0xffffffffffffffff) pipe2$watch_queue(&(0x7f0000000100)={0xffffffffffffffff}, 0x80) r3 = add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe) add_key(&(0x7f0000000100)='asymmetric\x00', 0x0, &(0x7f0000000b00)="10", 0x1, r3) r4 = add_key$keyring(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x1}, 0x0, 0x0, r3) keyctl$KEYCTL_WATCH_KEY(0x20, r4, r2, 0x0) r5 = syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0) ioctl$VIDIOC_S_PARM(r5, 0xc0cc5616, &(0x7f0000000080)={0x1, @capture={0x0, 0x0, {}, 0x0, 0x33}}) 1.110966586s ago: executing program 4 (id=701): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) setsockopt$inet6_IPV6_DSTOPTS(0xffffffffffffffff, 0x29, 0x3b, 0x0, 0x8) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000500)='percpu_free_percpu\x00'}, 0x10) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r1, 0x89f2, &(0x7f0000000780)={'syztnl2\x00', &(0x7f00000008c0)={'syztnl2\x00', 0x0, 0x7, 0x700, 0xfffffff0, 0x6, {{0x5, 0x4, 0x1, 0x38, 0x14, 0x65, 0x0, 0xea, 0x2f, 0x0, @broadcast, @rand_addr=0x64010101}}}}) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f00000003c0)={'ip6tnl0\x00', &(0x7f0000000340)={'syztnl2\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @remote, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x0, 0x0, 0x0, 0xd66}}) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f0000000000)={'ip6tnl0\x00', &(0x7f0000000100)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @remote, @empty}}) 1.107499853s ago: executing program 1 (id=702): r0 = mq_open(&(0x7f0000000480)='!sel\x00\x00\x00\x10\x00\x00\x00\x00\xd7\\P\xc1\xde.O\xcb]0y\x00\x00\x00\x00\x00\x00\x00\x00', 0x6e93ebbbcc0884f2, 0x186, 0x0) r1 = syz_io_uring_setup(0x186, &(0x7f0000000080)={0x0, 0x3416, 0x13100}, &(0x7f0000000100)=0x0, &(0x7f0000000000)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r1, 0x2def, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, 0x0, 0x101042, 0x0) mq_timedsend(r0, 0x0, 0x0, 0x0, 0x0) 1.001644995s ago: executing program 5 (id=363): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000140)=@gcm_128={{0x303}, "00000100ebffffff", "2607080d7f4fcf00fd4ef2dece6c7c58", '\x00', "006e34e400"}, 0x28) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r1, 0x0, 0xd}, 0x18) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f00000001c0), 0x80280, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) read$msr(0xffffffffffffffff, &(0x7f0000000300)=""/124, 0x7c) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff}) r4 = syz_io_uring_setup(0x117, &(0x7f0000000100)={0x0, 0x0, 0x800, 0x0, 0x3a6}, &(0x7f0000000000)=0x0, &(0x7f0000000200)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffc00, 0x0, 0x4) syz_io_uring_submit(r5, r6, &(0x7f00000000c0)=@IORING_OP_SENDMSG={0x9, 0x40, 0x0, r3, 0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x18}, 0x0, 0x20040000}) r7 = socket$rds(0x15, 0x5, 0x0) bind$rds(r7, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) sendmsg$rds(r7, &(0x7f0000000180)={&(0x7f0000000040)={0x2, 0x0, @private=0xa010102}, 0x10, 0x0, 0x0, &(0x7f0000000680)=[@rdma_map={0x30, 0x10c, 0x3, {{0x0}, 0x0}}, @rdma_map={0x30, 0x114, 0x3, {{0x0}, 0x0}}], 0x60}, 0x0) io_uring_enter(r4, 0x47f6, 0x80ffff, 0x0, 0x0, 0x0) sendto$inet6(r0, &(0x7f00000001c0), 0xfffffffffffffede, 0x0, 0x0, 0x3000137) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(r0, 0x6, 0x15, &(0x7f0000000040)=0x2, 0x4) 967.816611ms ago: executing program 3 (id=703): syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x301c40a, &(0x7f0000000980)={[{@rodir}, {@utf8no}, {@numtail}, {@shortname_win95}, {@iocharset={'iocharset', 0x3d, 'cp866'}}, {@utf8}, {@uni_xlateno}, {@shortname_mixed}, {@shortname_lower}, {@fat=@codepage={'codepage', 0x3d, '852'}}, {@uni_xlate}, {@rodir}, {@uni_xlateno}, {@iocharset={'iocharset', 0x3d, 'cp862'}}, {@iocharset={'iocharset', 0x3d, 'koi8-r'}}, {@fat=@errors_continue}, {@uni_xlateno}, {@fat=@check_strict}, {@uni_xlate}, {@shortname_lower}]}, 0x6, 0x2d5, &(0x7f0000000680)="$eJzs3T+LHGUcB/Df7O3tTrTYLaxEcEALq5BLa7OHJCBeZdhCLfQwCcjtIiRw4B+cTWUl2FhY+AoEwRdi4zsQbAU7IwRGZnYmM5vbXPbk9sTc59PcM8883+f5zdxwO1fccx+9Mj+6ncXdB1/+FmmaRG8Sk3iYxDh60VgUS/nycPJtAAD/Zw+LIv6sP9/PkksiIt1eWQDAFm32+d9vmz9fSFkAwBbdeu/9d/YPDm68m2Vp3Jx/fTwtf7Mvvy7P79+NT2IWd+JajOJRRPWisBvV20LZvFkURd7PSuN4fZ4fT8vk/MNf6vn3/4io8nsxinHV9fhto8q/fXBjL1vq5POyjhfq9Sdl/nqM4qXH4ZX89TX5mA7ijdc69V+NUfz6cXwas7hdFdHmv9rLsreK7/764oOyvDKf5MfTYTWuVex0j65czLcHAAAAAAAAAAAAAAAAAAAAAIDn1NV675xhVPv3lF31/js7j8qD3cga49X9eZb5pJmouz9QURR5ET80++tcy7KsqAe2+X683O9uLAgAAAAAAAAAAAAAAAAAAACX1/3PPj86nM3u3DuXRrMbQD8i/r4V8W/nmXR6Xo3TBw/rNQ9ns17dXB3T7/bETjMmiTi1jPIizum2PKtx5UTNdePHnzaaJ4lY1D3psxfdXb/WeTaap+voMFl/D4fR9KT1Q/L9IKIdM4inLbFY7Rk8rYwizvL4DdaeGm0W/6a+2nKeF6uevDm1OJmK5InCkqQz5s3fl3PVPcmTVzGo7uq6MiJtGm18dUy60fMc6TJ+8mdFYrcOAAAAAAAAAAAAAAAAAADYqvavf9ecfHBqtFcMt1YWAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFyo9v//n6GR1+ENBg/i3v3/+BIBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4BP4JAAD//47KXt4=") mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', 0x0, 0x80, 0x0) 798.911µs ago: executing program 1 (id=704): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) r1 = dup(0xffffffffffffffff) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f0000000340)=ANY=[@ANYBLOB="f0000000100013070000000000000000fc020000000000000000000000000000fe8000000000000000000000000000100004000000000000000000202c000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe80"], 0xf0}, 0x1, 0xe}, 0x10) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x40) r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r2, 0xaf01, 0x0) r3 = eventfd(0xffffffff) ioctl$VHOST_SET_LOG_FD(r2, 0x4004af07, &(0x7f0000000240)=r3) ioctl$VHOST_SET_VRING_KICK(r2, 0x4008af20, &(0x7f0000000040)={0x1, r3}) ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74}) ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0xfffffeac, &(0x7f00000001c0)=""/115}]}) ioctl$VHOST_VSOCK_SET_RUNNING(r2, 0x4004af61, &(0x7f0000000000)=0x1) sync() unshare(0x64000600) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[], 0x48) 385.285µs ago: executing program 3 (id=705): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000300)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, 0x0, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = socket(0x200000000000011, 0x4000000000080002, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) bind$packet(r4, &(0x7f0000001100)={0x11, 0x3, r6, 0x1, 0x0, 0x6, @multicast}, 0x14) r7 = dup2(r4, r4) sendmmsg$unix(r7, &(0x7f0000008380), 0x400000000000174, 0x4008890) 0s ago: executing program 4 (id=706): ioperm(0x4, 0x7cd, 0x1) clock_settime(0x0, &(0x7f0000000240)={0x77359400}) kernel console output (not intermixed with test programs): end of device [ 113.552858][ T6205] loop0: rw=34817, sector=39, nr_sectors = 30 limit=64 [ 113.571478][ T6205] syz.0.72: attempt to access beyond end of device [ 113.571478][ T6205] loop0: rw=34817, sector=72, nr_sectors = 2 limit=64 [ 113.743014][ T6205] syz.0.72: attempt to access beyond end of device [ 113.743014][ T6205] loop0: rw=34817, sector=76, nr_sectors = 978 limit=64 [ 113.770049][ T6208] netlink: 8 bytes leftover after parsing attributes in process `syz.2.75'. [ 113.798826][ T43] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 113.809251][ T6208] netlink: 12 bytes leftover after parsing attributes in process `syz.2.75'. [ 114.248857][ T43] usb 5-1: no configurations [ 114.254982][ T43] usb 5-1: can't read configurations, error -22 [ 114.453775][ T43] usb usb5-port1: attempt power cycle [ 114.587224][ T55] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 114.800290][ T55] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 114.817172][ T55] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 114.831810][ T43] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 114.863299][ T55] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 114.887932][ T55] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 114.898013][ T43] usb 5-1: no configurations [ 114.902795][ T43] usb 5-1: can't read configurations, error -22 [ 114.911140][ T55] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 114.962808][ T55] usb 2-1: config 0 descriptor?? [ 115.037578][ T43] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 115.072538][ T43] usb 5-1: no configurations [ 115.078744][ T43] usb 5-1: can't read configurations, error -22 [ 115.085498][ T43] usb usb5-port1: unable to enumerate USB device [ 115.184349][ T12] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 115.205490][ T12] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 115.444538][ T55] plantronics 0003:047F:FFFF.0002: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 115.701039][ T12] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 115.754014][ T12] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 115.831863][ T6227] fuse: Bad value for 'fd' [ 116.075460][ T12] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 116.217016][ T12] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 116.686320][ T12] netdevsim netdevsim2 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 116.743261][ T12] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 116.769414][ T9] usb 2-1: reset high-speed USB device number 3 using dummy_hcd [ 117.027695][ T5152] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 117.053018][ T5152] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 117.061090][ T5152] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 117.069945][ T5152] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 117.080035][ T5152] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 117.486897][ T10] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 117.681655][ T6261] loop4: detected capacity change from 0 to 8 [ 118.006023][ T940] usb 2-1: USB disconnect, device number 3 [ 118.025163][ T10] usb 1-1: Using ep0 maxpacket: 16 [ 118.054575][ T10] usb 1-1: config 0 has no interfaces? [ 118.070956][ T10] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 118.202775][ T6264] x_tables: duplicate underflow at hook 3 [ 118.222262][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 118.254120][ T10] usb 1-1: SerialNumber: syz [ 118.254147][ T12] bridge_slave_1: left allmulticast mode [ 118.288650][ T10] usb 1-1: config 0 descriptor?? [ 118.309623][ T12] bridge_slave_1: left promiscuous mode [ 118.334008][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 118.368540][ T12] bridge_slave_0: left allmulticast mode [ 118.374212][ T12] bridge_slave_0: left promiscuous mode [ 118.386056][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 119.158056][ T5834] Bluetooth: hci1: command tx timeout [ 119.276414][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 119.295898][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 119.333193][ T12] bond0 (unregistering): Released all slaves [ 119.657262][ T55] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 119.999472][ T55] usb 5-1: Using ep0 maxpacket: 16 [ 120.016987][ T55] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 120.092359][ T55] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 120.217159][ T55] usb 5-1: config 0 interface 0 has no altsetting 0 [ 120.244563][ T12] hsr_slave_0: left promiscuous mode [ 120.265675][ T55] usb 5-1: New USB device found, idVendor=060b, idProduct=500a, bcdDevice= 0.00 [ 120.282596][ T12] hsr_slave_1: left promiscuous mode [ 120.292295][ T55] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 120.301031][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 120.328166][ T6294] ./file0: Can't lookup blockdev [ 120.334846][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 120.335563][ T55] usb 5-1: config 0 descriptor?? [ 120.391848][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 120.451319][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 120.514389][ T12] veth1_macvtap: left promiscuous mode [ 120.913118][ T12] veth0_macvtap: left promiscuous mode [ 120.950681][ T12] veth1_vlan: left promiscuous mode [ 120.982401][ T940] usb 1-1: USB disconnect, device number 3 [ 120.997536][ T12] veth0_vlan: left promiscuous mode [ 121.247691][ T5834] Bluetooth: hci1: command tx timeout [ 121.267284][ T55] usbhid 5-1:0.0: can't add hid device: -71 [ 121.273276][ T55] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 121.299455][ T55] usb 5-1: USB disconnect, device number 8 [ 122.825955][ T6329] loop4: detected capacity change from 0 to 1024 [ 123.109845][ T12] team0 (unregistering): Port device team_slave_1 removed [ 123.141809][ T12] team0 (unregistering): Port device team_slave_0 removed [ 123.327297][ T5834] Bluetooth: hci1: command tx timeout [ 123.916732][ T6246] chnl_net:caif_netlink_parms(): no params data found [ 124.708276][ T6246] bridge0: port 1(bridge_slave_0) entered blocking state [ 124.715518][ T6246] bridge0: port 1(bridge_slave_0) entered disabled state [ 124.725951][ T6246] bridge_slave_0: entered allmulticast mode [ 124.736447][ T6246] bridge_slave_0: entered promiscuous mode [ 124.748231][ T6246] bridge0: port 2(bridge_slave_1) entered blocking state [ 124.755412][ T6246] bridge0: port 2(bridge_slave_1) entered disabled state [ 124.773055][ T6246] bridge_slave_1: entered allmulticast mode [ 124.788872][ T6246] bridge_slave_1: entered promiscuous mode [ 124.915290][ T6246] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 124.943239][ T6246] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 125.063013][ T6246] team0: Port device team_slave_0 added [ 125.074373][ T6246] team0: Port device team_slave_1 added [ 125.257298][ T6246] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 125.264340][ T6246] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 125.323590][ T6246] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 125.379167][ T6246] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 125.396354][ T6246] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 125.436653][ T5834] Bluetooth: hci1: command tx timeout [ 125.450471][ T6246] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 125.596533][ T6246] hsr_slave_0: entered promiscuous mode [ 125.605087][ T6246] hsr_slave_1: entered promiscuous mode [ 125.612121][ T6246] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 125.622032][ T6246] Cannot create hsr debugfs directory [ 125.785558][ T6383] (unnamed net_device) (uninitialized): Removing last ns target with arp_interval on [ 127.888279][ T6246] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 128.118838][ T6246] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 128.977077][ T6246] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 129.144718][ T6246] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 129.188909][ T6417] loop0: detected capacity change from 0 to 1024 [ 129.280553][ T6417] hfsplus: write access to a journaled filesystem is not supported, use the force option at your own risk, mounting read-only. [ 129.440284][ T6417] hfsplus: xattr searching failed [ 129.539631][ T6417] netlink: 4 bytes leftover after parsing attributes in process `syz.0.121'. [ 129.843566][ T6445] loop4: detected capacity change from 0 to 64 [ 129.893179][ T6441] loop1: detected capacity change from 0 to 4096 [ 130.054976][ T6441] ntfs3(loop1): Different NTFS sector size (2048) and media sector size (512). [ 130.478943][ T6246] 8021q: adding VLAN 0 to HW filter on device bond0 [ 130.591426][ T6246] 8021q: adding VLAN 0 to HW filter on device team0 [ 130.672904][ T6452] netlink: 12 bytes leftover after parsing attributes in process `syz.1.125'. [ 130.770430][ T6450] netlink: 'syz.0.127': attribute type 1 has an invalid length. [ 130.909114][ T3068] bridge0: port 1(bridge_slave_0) entered blocking state [ 130.916329][ T3068] bridge0: port 1(bridge_slave_0) entered forwarding state [ 131.078936][ T3068] bridge0: port 2(bridge_slave_1) entered blocking state [ 131.086091][ T3068] bridge0: port 2(bridge_slave_1) entered forwarding state [ 131.157182][ T55] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 131.407211][ T55] usb 2-1: Using ep0 maxpacket: 8 [ 131.527344][ T55] usb 2-1: New USB device found, idVendor=0471, idProduct=0313, bcdDevice=81.d5 [ 131.536423][ T55] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 131.549629][ T6246] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 131.686323][ T55] usb 2-1: Product: syz [ 131.743331][ T55] usb 2-1: Manufacturer: syz [ 131.767347][ T55] usb 2-1: SerialNumber: syz [ 131.842129][ T55] usb 2-1: config 0 descriptor?? [ 131.880672][ T55] pwc: Philips PCVC720K/40 (ToUCam XS) USB webcam detected. [ 132.357335][ T55] pwc: send_video_command error -71 [ 132.362587][ T55] pwc: Failed to set video mode VGA@30 fps; return code = -71 [ 132.411160][ T55] Philips webcam 2-1:0.0: probe with driver Philips webcam failed with error -71 [ 132.450626][ T55] usb 2-1: USB disconnect, device number 4 [ 132.638977][ T6246] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 132.776660][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.783445][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.009202][ T6492] loop0: detected capacity change from 0 to 64 [ 134.907606][ T1171] kworker/u8:6: attempt to access beyond end of device [ 134.907606][ T1171] loop4: rw=1, sector=65, nr_sectors = 1 limit=64 [ 134.936342][ T1171] Buffer I/O error on dev loop4, logical block 65, lost async page write [ 134.951842][ T1171] kworker/u8:6: attempt to access beyond end of device [ 134.951842][ T1171] loop4: rw=1, sector=66, nr_sectors = 1 limit=64 [ 134.996045][ T6508] loop1: detected capacity change from 0 to 256 [ 135.077240][ T1171] Buffer I/O error on dev loop4, logical block 66, lost async page write [ 135.089401][ T1171] kworker/u8:6: attempt to access beyond end of device [ 135.089401][ T1171] loop4: rw=1, sector=67, nr_sectors = 1 limit=64 [ 135.102749][ T1171] Buffer I/O error on dev loop4, logical block 67, lost async page write [ 135.117614][ T6508] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 135.135735][ T1171] kworker/u8:6: attempt to access beyond end of device [ 135.135735][ T1171] loop4: rw=1, sector=68, nr_sectors = 1 limit=64 [ 135.156060][ T6508] exFAT-fs (loop1): Medium has reported failures. Some data may be lost. [ 135.208496][ T1171] Buffer I/O error on dev loop4, logical block 68, lost async page write [ 135.252000][ T1171] kworker/u8:6: attempt to access beyond end of device [ 135.252000][ T1171] loop4: rw=1, sector=72, nr_sectors = 1 limit=64 [ 135.279905][ T6508] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 135.323578][ T1171] Buffer I/O error on dev loop4, logical block 72, lost async page write [ 135.352728][ T1171] kworker/u8:6: attempt to access beyond end of device [ 135.352728][ T1171] loop4: rw=1, sector=73, nr_sectors = 1 limit=64 [ 135.413297][ T1171] Buffer I/O error on dev loop4, logical block 73, lost async page write [ 135.437422][ T6515] loop0: detected capacity change from 0 to 1764 [ 135.443944][ T1171] kworker/u8:6: attempt to access beyond end of device [ 135.443944][ T1171] loop4: rw=1, sector=76, nr_sectors = 1 limit=64 [ 135.460165][ T6246] veth0_vlan: entered promiscuous mode [ 135.505100][ T6246] veth1_vlan: entered promiscuous mode [ 135.510123][ T1171] Buffer I/O error on dev loop4, logical block 76, lost async page write [ 135.547210][ T30] audit: type=1804 audit(1750915851.202:2): pid=6515 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.138" name="/newroot/23/file0" dev="tmpfs" ino=149 res=1 errno=0 [ 135.569319][ T1171] kworker/u8:6: attempt to access beyond end of device [ 135.569319][ T1171] loop4: rw=1, sector=77, nr_sectors = 1 limit=64 [ 135.584390][ T6246] veth0_macvtap: entered promiscuous mode [ 135.608768][ T1171] Buffer I/O error on dev loop4, logical block 77, lost async page write [ 135.625123][ T6246] veth1_macvtap: entered promiscuous mode [ 135.654157][ T1171] kworker/u8:6: attempt to access beyond end of device [ 135.654157][ T1171] loop4: rw=1, sector=78, nr_sectors = 976 limit=64 [ 135.668101][ T43] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 135.735873][ T6246] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 135.782477][ T6246] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 135.826068][ T36] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 135.864569][ T36] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 135.873736][ T43] usb 2-1: Using ep0 maxpacket: 32 [ 135.911886][ T43] usb 2-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 135.928814][ T36] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 135.946542][ T43] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 135.960530][ T36] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 135.988113][ T43] usb 2-1: config 0 descriptor?? [ 136.013525][ T30] audit: type=1326 audit(1750915851.672:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6533 comm="syz.3.142" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fea34f8e929 code=0x0 [ 136.199967][ T43] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 136.218506][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 136.226336][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 136.261422][ T43] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 136.290365][ T43] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 136.330396][ T43] usb 2-1: media controller created [ 136.352296][ T6544] netlink: 60 bytes leftover after parsing attributes in process `syz.4.144'. [ 136.361051][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 136.379964][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 136.488517][ T43] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 136.558236][ T6542] loop0: detected capacity change from 0 to 4096 [ 136.816847][ T6554] loop5: detected capacity change from 0 to 16 [ 137.221614][ T6563] 9pnet_fd: Insufficient options for proto=fd [ 137.296308][ T6567] FAULT_INJECTION: forcing a failure. [ 137.296308][ T6567] name failslab, interval 1, probability 0, space 0, times 0 [ 137.357418][ T6567] CPU: 0 UID: 0 PID: 6567 Comm: syz.5.148 Not tainted 6.16.0-rc3-next-20250625-syzkaller #0 PREEMPT(full) [ 137.357446][ T6567] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 137.357462][ T6567] Call Trace: [ 137.357470][ T6567] [ 137.357479][ T6567] dump_stack_lvl+0x189/0x250 [ 137.357523][ T6567] ? __pfx____ratelimit+0x10/0x10 [ 137.357550][ T6567] ? __pfx_dump_stack_lvl+0x10/0x10 [ 137.357579][ T6567] ? __pfx__printk+0x10/0x10 [ 137.357606][ T6567] ? __pfx___might_resched+0x10/0x10 [ 137.357631][ T6567] ? fs_reclaim_acquire+0x7d/0x100 [ 137.357655][ T6567] should_fail_ex+0x414/0x560 [ 137.357685][ T6567] should_failslab+0xa8/0x100 [ 137.357716][ T6567] __kmalloc_noprof+0xcb/0x4f0 [ 137.357741][ T6567] ? p9_client_prepare_req+0x383/0xeb0 [ 137.357765][ T6567] ? p9_msg_buf_size+0x16aa/0x1ee0 [ 137.357794][ T6567] p9_client_prepare_req+0x383/0xeb0 [ 137.357824][ T6567] ? stack_depot_save_flags+0x40/0x900 [ 137.357851][ T6567] ? try_get_folio+0xec/0x660 [ 137.357876][ T6567] ? __pfx_p9_client_prepare_req+0x10/0x10 [ 137.357910][ T6567] ? __lock_acquire+0xab9/0xd20 [ 137.357941][ T6567] p9_client_rpc+0x188/0xa70 [ 137.357961][ T6567] ? percpu_ref_get_many+0x19/0x140 [ 137.357986][ T6567] ? percpu_ref_get_many+0x19/0x140 [ 137.358007][ T6567] ? __pfx_p9_client_rpc+0x10/0x10 [ 137.358034][ T6567] ? __lock_acquire+0xab9/0xd20 [ 137.358066][ T6567] ? do_raw_spin_lock+0x121/0x290 [ 137.358088][ T6567] p9_client_write+0x33b/0x740 [ 137.358112][ T6567] ? look_up_lock_class+0x74/0x170 [ 137.358156][ T6567] ? __lock_acquire+0xab9/0xd20 [ 137.358185][ T6567] ? __pfx_p9_client_write+0x10/0x10 [ 137.358209][ T6567] ? do_raw_spin_lock+0x121/0x290 [ 137.358234][ T6567] v9fs_issue_write+0xdd/0x180 [ 137.358254][ T6567] ? __pfx_v9fs_issue_write+0x10/0x10 [ 137.358281][ T6567] ? do_raw_spin_unlock+0x122/0x240 [ 137.358305][ T6567] ? rcu_is_watching+0x15/0xb0 [ 137.358359][ T6567] netfs_end_issue_write+0x17d/0x410 [ 137.358384][ T6567] netfs_unbuffered_write+0x20f/0x240 [ 137.358414][ T6567] netfs_unbuffered_write_iter_locked+0x454/0x910 [ 137.358458][ T6567] netfs_unbuffered_write_iter+0x4c4/0x660 [ 137.358496][ T6567] vfs_write+0x54b/0xa90 [ 137.358528][ T6567] ? __pfx_v9fs_file_write_iter+0x10/0x10 [ 137.358551][ T6567] ? __pfx_vfs_write+0x10/0x10 [ 137.358590][ T6567] ? __fget_files+0x2a/0x420 [ 137.358618][ T6567] ksys_write+0x145/0x250 [ 137.358648][ T6567] ? __pfx_ksys_write+0x10/0x10 [ 137.358672][ T6567] ? rcu_is_watching+0x15/0xb0 [ 137.358706][ T6567] ? do_syscall_64+0xbe/0x3b0 [ 137.358739][ T6567] do_syscall_64+0xfa/0x3b0 [ 137.358767][ T6567] ? lockdep_hardirqs_on+0x9c/0x150 [ 137.358794][ T6567] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 137.358813][ T6567] ? clear_bhb_loop+0x60/0xb0 [ 137.358838][ T6567] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 137.358857][ T6567] RIP: 0033:0x7fb00eb8e929 [ 137.358880][ T6567] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 137.358897][ T6567] RSP: 002b:00007fb00fa73038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 137.358925][ T6567] RAX: ffffffffffffffda RBX: 00007fb00edb5fa0 RCX: 00007fb00eb8e929 [ 137.358939][ T6567] RDX: 0000000000000030 RSI: 0000200000000380 RDI: 0000000000000007 [ 137.358952][ T6567] RBP: 00007fb00fa73090 R08: 0000000000000000 R09: 0000000000000000 [ 137.358964][ T6567] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 137.358975][ T6567] R13: 0000000000000000 R14: 00007fb00edb5fa0 R15: 00007ffdf27f82d8 [ 137.359007][ T6567] [ 137.712666][ C0] vkms_vblank_simulate: vblank timer overrun [ 137.725550][ T6565] loop4: detected capacity change from 0 to 32768 [ 138.113963][ T6569] loop0: detected capacity change from 0 to 2048 [ 138.711065][ T6569] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 138.744587][ T43] az6027: usb out operation failed. (-110) [ 138.751226][ T43] az6027: usb out operation failed. (-32) [ 138.766312][ T43] stb0899_attach: Driver disabled by Kconfig [ 138.778079][ T43] az6027: no front-end attached [ 138.778079][ T43] [ 138.797192][ T43] az6027: usb out operation failed. (-32) [ 138.802942][ T43] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 138.813120][ T6569] NILFS (loop0): mounting unchecked fs [ 138.921065][ T5829] udevd[5829]: incorrect nilfs2 checksum on /dev/loop0 [ 138.973745][ T6569] NILFS (loop0): recovery required for readonly filesystem [ 139.299024][ T43] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb2/2-1/input/input7 [ 139.433097][ T6569] NILFS (loop0): write access will be enabled during recovery [ 139.453340][ T6572] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 139.464375][ T43] dvb-usb: schedule remote query interval to 400 msecs. [ 139.471448][ T43] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 139.534689][ T6572] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 139.618722][ T6569] NILFS (loop0): norecovery option specified, skipping roll-forward recovery [ 139.856758][ T5902] usb 2-1: USB disconnect, device number 5 [ 140.720045][ T6600] loop5: detected capacity change from 0 to 128 [ 140.784467][ T6600] FAT-fs (loop5): bogus number of reserved sectors [ 140.826120][ T5902] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 140.830134][ T6600] FAT-fs (loop5): This doesn't look like a DOS 1.x volume; DOS 2.x BPB is non-zero [ 140.882035][ T6600] FAT-fs (loop5): Can't find a valid FAT filesystem [ 140.945334][ T6603] (unnamed net_device) (uninitialized): option lacp_active: mode dependency failed, not supported in mode balance-rr(0) [ 140.993100][ T6600] loop5: detected capacity change from 0 to 8 [ 142.115623][ T6612] syz.5.157 (6612) used greatest stack depth: 19752 bytes left [ 142.461914][ T6586] loop4: detected capacity change from 0 to 32768 [ 142.840703][ T6586] bcachefs (loop4): starting version 1.7: mi_btree_bitmap opts=journal_flush_disabled,norecovery,nojournal_transaction_names,read_only [ 142.840751][ T6586] allowing incompatible features above 0.0: (unknown version) [ 142.840763][ T6586] features: new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 142.856573][ T6631] netlink: 96 bytes leftover after parsing attributes in process `syz.5.164'. [ 143.125693][ T6586] bcachefs (loop4): Using encoding defined by superblock: utf8-12.1.0 [ 143.175635][ T6586] bcachefs (loop4): recovering from clean shutdown, journal seq 10 [ 143.197222][ T43] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 143.215169][ T6586] bcachefs (loop4): Doing compatible version upgrade from 1.7: mi_btree_bitmap to 1.28: inode_has_case_insensitive [ 143.215169][ T6586] running recovery passes: check_allocations,check_extents_to_backpointers,check_inodes [ 143.526469][ T6586] syz.4.153: vmalloc error: size 8388608, failed to allocated page array size 16384, mode:0xcc2(GFP_KERNEL|__GFP_HIGHMEM), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 143.527199][ T43] usb 6-1: Using ep0 maxpacket: 8 [ 143.580424][ T6586] CPU: 0 UID: 0 PID: 6586 Comm: syz.4.153 Not tainted 6.16.0-rc3-next-20250625-syzkaller #0 PREEMPT(full) [ 143.580452][ T6586] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 143.580464][ T6586] Call Trace: [ 143.580472][ T6586] [ 143.580480][ T6586] dump_stack_lvl+0x189/0x250 [ 143.580517][ T6586] ? __pfx_dump_stack_lvl+0x10/0x10 [ 143.580546][ T6586] ? __pfx__printk+0x10/0x10 [ 143.580567][ T6586] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 143.580596][ T6586] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 143.580627][ T6586] ? cpuset_print_current_mems_allowed+0x2ee/0x360 [ 143.580659][ T6586] warn_alloc+0x214/0x310 [ 143.580704][ T6586] ? __pfx_warn_alloc+0x10/0x10 [ 143.580730][ T6586] ? __get_vm_area_node+0x28f/0x300 [ 143.580758][ T6586] ? bch2_fs_journal_start+0x2b4/0x12b0 [ 143.580790][ T6586] __vmalloc_node_range_noprof+0x67e/0x12f0 [ 143.580842][ T6586] ? alloc_pages_mpol+0x3cd/0x4a0 [ 143.580871][ T6586] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 143.580904][ T6586] ? rcu_is_watching+0x15/0xb0 [ 143.580932][ T6586] ? bch2_fs_journal_start+0x2b4/0x12b0 [ 143.580959][ T6586] ? bch2_fs_journal_start+0x2b4/0x12b0 [ 143.580982][ T6586] __kvmalloc_node_noprof+0x3b8/0x5f0 [ 143.581006][ T6586] ? bch2_fs_journal_start+0x2b4/0x12b0 [ 143.581041][ T6586] bch2_fs_journal_start+0x2b4/0x12b0 [ 143.581084][ T6586] ? bch2_journal_log_msg+0xd9/0x120 [ 143.581117][ T6586] ? __pfx_bch2_fs_journal_start+0x10/0x10 [ 143.581144][ T6586] ? __pfx_bch2_journal_log_msg+0x10/0x10 [ 143.581176][ T6586] ? bch2_fs_resize_on_mount+0x404/0x4d0 [ 143.581209][ T6586] bch2_fs_recovery+0x2298/0x3a50 [ 143.581226][ T6586] ? check_noncircular+0xe0/0x160 [ 143.581272][ T6586] ? __pfx_bch2_fs_recovery+0x10/0x10 [ 143.581305][ T6586] ? __lock_acquire+0xab9/0xd20 [ 143.581340][ T6586] ? __lock_acquire+0xab9/0xd20 [ 143.581373][ T6586] ? __lock_acquire+0xab9/0xd20 [ 143.581418][ T6586] ? bch2_fs_start+0x9fe/0xd90 [ 143.581444][ T6586] ? up_write+0x1c4/0x420 [ 143.581458][ T6586] ? bch2_fs_start+0x5c4/0xd90 [ 143.581483][ T6586] bch2_fs_start+0xa99/0xd90 [ 143.581505][ T6586] ? bch2_fs_start+0x5c4/0xd90 [ 143.581530][ T6586] ? __pfx_bch2_fs_start+0x10/0x10 [ 143.581572][ T6586] ? sget+0x267/0x620 [ 143.581601][ T6586] bch2_fs_get_tree+0xafc/0x14f0 [ 143.581675][ T6586] ? __pfx_bch2_fs_get_tree+0x10/0x10 [ 143.581716][ T6586] ? aa_get_newest_label+0xf7/0x5d0 [ 143.581751][ T6586] ? vfs_parse_monolithic_sep+0x2df/0x310 [ 143.581794][ T6586] ? apparmor_capable+0x137/0x1b0 [ 143.581822][ T6586] vfs_get_tree+0x92/0x2b0 [ 143.581854][ T6586] do_new_mount+0x24a/0xa40 [ 143.581895][ T6586] __se_sys_mount+0x317/0x410 [ 143.581919][ T6586] ? __pfx___se_sys_mount+0x10/0x10 [ 143.581943][ T6586] ? do_syscall_64+0xbe/0x3b0 [ 143.581972][ T6586] ? __x64_sys_mount+0x20/0xc0 [ 143.581993][ T6586] do_syscall_64+0xfa/0x3b0 [ 143.582021][ T6586] ? lockdep_hardirqs_on+0x9c/0x150 [ 143.582048][ T6586] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 143.582068][ T6586] ? clear_bhb_loop+0x60/0xb0 [ 143.582092][ T6586] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 143.582111][ T6586] RIP: 0033:0x7f66c37900ca [ 143.582129][ T6586] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 143.582146][ T6586] RSP: 002b:00007f66c462ee68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 143.582167][ T6586] RAX: ffffffffffffffda RBX: 00007f66c462eef0 RCX: 00007f66c37900ca [ 143.582182][ T6586] RDX: 00002000000059c0 RSI: 0000200000005a00 RDI: 00007f66c462eeb0 [ 143.582196][ T6586] RBP: 00002000000059c0 R08: 00007f66c462eef0 R09: 0000000000000001 [ 143.582209][ T6586] R10: 0000000000000001 R11: 0000000000000246 R12: 0000200000005a00 [ 143.582221][ T6586] R13: 00007f66c462eeb0 R14: 00000000000059ba R15: 0000200000000500 [ 143.582252][ T6586] [ 143.582311][ T6586] Mem-Info: [ 144.081839][ T43] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 144.112715][ T43] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 144.208340][ T43] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 144.237181][ T6586] active_anon:13490 inactive_anon:0 isolated_anon:0 [ 144.237181][ T6586] active_file:1757 inactive_file:39965 isolated_file:0 [ 144.237181][ T6586] unevictable:768 dirty:105 writeback:0 [ 144.237181][ T6586] slab_reclaimable:10883 slab_unreclaimable:99916 [ 144.237181][ T6586] mapped:30051 shmem:8024 pagetables:1324 [ 144.237181][ T6586] sec_pagetables:0 bounce:0 [ 144.237181][ T6586] kernel_misc_reclaimable:0 [ 144.237181][ T6586] free:1319189 free_pcp:18292 free_cma:0 [ 144.248514][ T43] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 144.319041][ T43] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 144.330090][ T43] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 144.339839][ T6586] Node 0 active_anon:55960kB inactive_anon:0kB active_file:7028kB inactive_file:159656kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:120204kB dirty:420kB writeback:0kB shmem:32460kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12196kB pagetables:5048kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 144.375125][ T6586] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:148kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 144.497964][ T6586] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 144.579811][ T6586] lowmem_reserve[]: 0 2498 2500 2500 2500 [ 144.585724][ T6586] Node 0 DMA32 free:1370952kB boost:0kB min:34248kB low:42808kB high:51368kB reserved_highatomic:0KB free_highatomic:0KB active_anon:61112kB inactive_anon:0kB active_file:7028kB inactive_file:158080kB unevictable:1536kB writepending:420kB present:3129332kB managed:2558496kB mlocked:0kB bounce:0kB free_pcp:55804kB local_pcp:34980kB free_cma:0kB [ 144.593586][ T6629] loop1: detected capacity change from 0 to 32768 [ 144.659144][ T43] usb 6-1: GET_CAPABILITIES returned 0 [ 144.664762][ T43] usbtmc 6-1:16.0: can't read capabilities [ 144.740931][ T6586] lowmem_reserve[]: 0 0 1 1 1 [ 144.748115][ T6586] Node 0 Normal free:12kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB free_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1576kB unevictable:0kB writepending:0kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB [ 144.808222][ T6654] loop0: detected capacity change from 0 to 1024 [ 144.856310][ T6586] lowmem_reserve[]: 0 0 0 0 0 [ 144.925626][ T6634] process 'syz.5.164' launched './file0' with NULL argv: empty string added [ 145.006147][ T6586] Node 1 Normal free:3881832kB boost:0kB min:55632kB low:69540kB high:83448kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:18692kB local_pcp:12644kB free_cma:0kB [ 145.938608][ T6586] lowmem_reserve[]: 0 0 0 0 0 [ 145.944277][ T6586] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 145.992894][ T5902] usb 6-1: USB disconnect, device number 2 [ 146.012037][ T6586] Node 0 DMA32: 561*4kB (UME) 138*8kB (UM) 295*16kB (UME) 121*32kB (UM) 15*64kB (UM) 2*128kB (UM) 1*256kB (E) 2*512kB (UE) 1*1024kB (E) 3*2048kB (UM) 323*4096kB (UM) = 1344612kB [ 146.067189][ T6586] Node 0 Normal: 1*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 146.135272][ T6586] Node 1 Normal: 190*4kB (U) 50*8kB (UME) 31*16kB (UME) 80*32kB (UME) 27*64kB (UME) 9*128kB (UME) 4*256kB (UME) 4*512kB (UME) 1*1024kB (M) 2*2048kB (UE) 944*4096kB (M) = 3881912kB [ 146.346642][ T6586] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 146.378206][ T6586] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 146.442106][ T6586] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 146.500503][ T6586] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 146.538062][ T6586] 51760 total pagecache pages [ 146.542791][ T6586] 0 pages in swap cache [ 146.572908][ T6586] Free swap = 124996kB [ 146.599271][ T6586] Total swap = 124996kB [ 146.603620][ T6586] 2097051 pages RAM [ 146.637204][ T6586] 0 pages HighMem/MovableOnly [ 146.641907][ T6586] 425385 pages reserved [ 146.658760][ T6586] 0 pages cma reserved [ 146.680169][ T6586] bcachefs (loop4): error reallocating journal fifo (32768 open entries) [ 146.710802][ T6586] bcachefs (loop4): error in recovery: ENOMEM_journal_pin_fifo [ 146.710817][ T6586] emergency read only at seq 0 [ 146.737536][ T6586] bcachefs (loop4): bch2_fs_start(): error starting filesystem ENOMEM_journal_pin_fifo [ 146.774970][ T6586] bcachefs (loop4): shutting down [ 146.844495][ T6586] bcachefs (loop4): shutdown complete [ 146.980250][ T6680] xt_hashlimit: size too large, truncated to 1048576 [ 148.809294][ T6708] loop0: detected capacity change from 0 to 64 [ 148.967368][ T6715] FAULT_INJECTION: forcing a failure. [ 148.967368][ T6715] name failslab, interval 1, probability 0, space 0, times 0 [ 149.072400][ T6715] CPU: 0 UID: 0 PID: 6715 Comm: syz.5.176 Not tainted 6.16.0-rc3-next-20250625-syzkaller #0 PREEMPT(full) [ 149.072433][ T6715] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 149.072446][ T6715] Call Trace: [ 149.072455][ T6715] [ 149.072464][ T6715] dump_stack_lvl+0x189/0x250 [ 149.072512][ T6715] ? __pfx____ratelimit+0x10/0x10 [ 149.072544][ T6715] ? __pfx_dump_stack_lvl+0x10/0x10 [ 149.072577][ T6715] ? __pfx__printk+0x10/0x10 [ 149.072608][ T6715] ? __pfx___might_resched+0x10/0x10 [ 149.072638][ T6715] ? fs_reclaim_acquire+0x7d/0x100 [ 149.072665][ T6715] should_fail_ex+0x414/0x560 [ 149.072701][ T6715] should_failslab+0xa8/0x100 [ 149.072736][ T6715] __kmalloc_cache_noprof+0x70/0x3d0 [ 149.072767][ T6715] ? genl_start+0x1c9/0x6c0 [ 149.072797][ T6715] genl_start+0x1c9/0x6c0 [ 149.072820][ T6715] ? netlink_lookup+0x30/0x200 [ 149.072859][ T6715] __netlink_dump_start+0x469/0x7e0 [ 149.072900][ T6715] genl_family_rcv_msg_dumpit+0x1e7/0x2c0 [ 149.072931][ T6715] ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10 [ 149.072956][ T6715] ? genl_get_cmd+0x7d9/0x910 [ 149.072986][ T6715] ? __pfx_genl_start+0x10/0x10 [ 149.073008][ T6715] ? __pfx_genl_dumpit+0x10/0x10 [ 149.073030][ T6715] ? __pfx_genl_done+0x10/0x10 [ 149.073072][ T6715] genl_rcv_msg+0x5da/0x790 [ 149.073105][ T6715] ? __pfx_genl_rcv_msg+0x10/0x10 [ 149.073127][ T6715] ? ref_tracker_free+0x63a/0x7d0 [ 149.073156][ T6715] ? __pfx_nl80211_dump_interface+0x10/0x10 [ 149.073186][ T6715] ? __pfx_ref_tracker_free+0x10/0x10 [ 149.073230][ T6715] netlink_rcv_skb+0x208/0x470 [ 149.073264][ T6715] ? __pfx_genl_rcv_msg+0x10/0x10 [ 149.073294][ T6715] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 149.073347][ T6715] ? down_read+0x1ad/0x2e0 [ 149.073370][ T6715] genl_rcv+0x28/0x40 [ 149.073392][ T6715] netlink_unicast+0x75b/0x8d0 [ 149.073444][ T6715] netlink_sendmsg+0x805/0xb30 [ 149.073487][ T6715] ? __pfx_netlink_sendmsg+0x10/0x10 [ 149.073519][ T6715] ? aa_sock_msg_perm+0xf1/0x1d0 [ 149.073548][ T6715] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 149.073569][ T6715] ? __pfx_netlink_sendmsg+0x10/0x10 [ 149.073598][ T6715] __sock_sendmsg+0x219/0x270 [ 149.073628][ T6715] ____sys_sendmsg+0x505/0x830 [ 149.073654][ T6715] ? __pfx_____sys_sendmsg+0x10/0x10 [ 149.073683][ T6715] ? import_iovec+0x74/0xa0 [ 149.073712][ T6715] ___sys_sendmsg+0x21f/0x2a0 [ 149.073734][ T6715] ? __pfx____sys_sendmsg+0x10/0x10 [ 149.073791][ T6715] ? __fget_files+0x2a/0x420 [ 149.073807][ T6715] ? __fget_files+0x3a0/0x420 [ 149.073835][ T6715] __x64_sys_sendmsg+0x19b/0x260 [ 149.073858][ T6715] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 149.073888][ T6715] ? __pfx_ksys_write+0x10/0x10 [ 149.073910][ T6715] ? rcu_is_watching+0x15/0xb0 [ 149.073942][ T6715] ? do_syscall_64+0xbe/0x3b0 [ 149.073972][ T6715] do_syscall_64+0xfa/0x3b0 [ 149.073998][ T6715] ? lockdep_hardirqs_on+0x9c/0x150 [ 149.074023][ T6715] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 149.074041][ T6715] ? clear_bhb_loop+0x60/0xb0 [ 149.074064][ T6715] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 149.074082][ T6715] RIP: 0033:0x7fb00eb8e929 [ 149.074098][ T6715] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 149.074113][ T6715] RSP: 002b:00007fb00fa73038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 149.074133][ T6715] RAX: ffffffffffffffda RBX: 00007fb00edb5fa0 RCX: 00007fb00eb8e929 [ 149.074146][ T6715] RDX: 0000000000004000 RSI: 0000200000000000 RDI: 0000000000000003 [ 149.074158][ T6715] RBP: 00007fb00fa73090 R08: 0000000000000000 R09: 0000000000000000 [ 149.074169][ T6715] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 149.074180][ T6715] R13: 0000000000000000 R14: 00007fb00edb5fa0 R15: 00007ffdf27f82d8 [ 149.074209][ T6715] [ 149.867415][ T36] kworker/u8:2: attempt to access beyond end of device [ 149.867415][ T36] loop0: rw=1, sector=65, nr_sectors = 1 limit=64 [ 149.897771][ T36] Buffer I/O error on dev loop0, logical block 65, lost async page write [ 149.916506][ T36] kworker/u8:2: attempt to access beyond end of device [ 149.916506][ T36] loop0: rw=1, sector=66, nr_sectors = 1 limit=64 [ 149.941174][ T6586] bcachefs: bch2_fs_get_tree() error: ENOMEM_journal_pin_fifo [ 149.980780][ T36] Buffer I/O error on dev loop0, logical block 66, lost async page write [ 150.000583][ T36] kworker/u8:2: attempt to access beyond end of device [ 150.000583][ T36] loop0: rw=1, sector=67, nr_sectors = 1 limit=64 [ 150.047157][ T36] Buffer I/O error on dev loop0, logical block 67, lost async page write [ 150.093320][ T36] kworker/u8:2: attempt to access beyond end of device [ 150.093320][ T36] loop0: rw=1, sector=68, nr_sectors = 1 limit=64 [ 150.128179][ T36] Buffer I/O error on dev loop0, logical block 68, lost async page write [ 150.147074][ T36] kworker/u8:2: attempt to access beyond end of device [ 150.147074][ T36] loop0: rw=1, sector=72, nr_sectors = 1 limit=64 [ 150.181620][ T36] Buffer I/O error on dev loop0, logical block 72, lost async page write [ 150.203816][ T36] kworker/u8:2: attempt to access beyond end of device [ 150.203816][ T36] loop0: rw=1, sector=73, nr_sectors = 1 limit=64 [ 150.230875][ T36] Buffer I/O error on dev loop0, logical block 73, lost async page write [ 150.250554][ T36] kworker/u8:2: attempt to access beyond end of device [ 150.250554][ T36] loop0: rw=1, sector=76, nr_sectors = 1 limit=64 [ 150.332867][ T36] Buffer I/O error on dev loop0, logical block 76, lost async page write [ 150.391491][ T36] kworker/u8:2: attempt to access beyond end of device [ 150.391491][ T36] loop0: rw=1, sector=77, nr_sectors = 1 limit=64 [ 150.445745][ T36] Buffer I/O error on dev loop0, logical block 77, lost async page write [ 150.478319][ T36] kworker/u8:2: attempt to access beyond end of device [ 150.478319][ T36] loop0: rw=1, sector=78, nr_sectors = 432 limit=64 [ 151.057354][ T24] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 151.397188][ T24] usb 1-1: Using ep0 maxpacket: 8 [ 151.410826][ T6723] loop5: detected capacity change from 0 to 32768 [ 151.416685][ T24] usb 1-1: config index 0 descriptor too short (expected 63, got 34) [ 151.452539][ T24] usb 1-1: New USB device found, idVendor=2833, idProduct=0201, bcdDevice=2a.d5 [ 151.504649][ T6723] jfs_mount: dbMount failed w/rc = -22 [ 151.524914][ T6723] Mount JFS Failure: -22 [ 151.652824][ T6748] loop1: detected capacity change from 0 to 32768 [ 151.695588][ T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 151.720706][ T6723] jfs_mount failed w/return code = -22 [ 151.787297][ T24] usb 1-1: config 0 descriptor?? [ 151.887765][ T6748] bcachefs (loop1): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names [ 151.887790][ T6748] allowing incompatible features above 0.0: (unknown version) [ 151.887802][ T6748] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 151.930098][ T6748] bcachefs (loop1): Using encoding defined by superblock: utf8-12.1.0 [ 151.938367][ T6748] bcachefs (loop1): initializing new filesystem [ 151.955115][ T6748] bcachefs (loop1): going read-write [ 152.006847][ T6737] loop0: detected capacity change from 0 to 512 [ 152.059600][ T6748] bcachefs (loop1): marking superblocks [ 152.081539][ T6748] bcachefs (loop1): initializing freespace [ 152.094645][ T6748] bcachefs (loop1): done initializing freespace [ 152.104850][ T6748] bcachefs (loop1): reading snapshots table [ 152.110945][ T6748] bcachefs (loop1): reading snapshots done [ 152.135892][ T6737] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 152.194065][ T6748] bcachefs (loop1): done starting filesystem [ 152.273020][ T6737] EXT4-fs (loop0): orphan cleanup on readonly fs [ 152.281309][ T6770] netlink: 'syz.4.189': attribute type 1 has an invalid length. [ 152.322474][ T6737] EXT4-fs error (device loop0): ext4_ext_check_inode:523: inode #3: comm syz.0.181: pblk 0 bad header/extent: invalid eh_max - magic f30a, entries 7, max 0(0), depth 0(0) [ 152.423910][ T6737] EXT4-fs error (device loop0): ext4_quota_enable:7127: comm syz.0.181: Bad quota inode: 3, type: 0 [ 152.491461][ T6737] EXT4-fs warning (device loop0): ext4_enable_quotas:7168: Failed to enable quota tracking (type=0, err=-117, ino=3). Please run e2fsck to fix. [ 152.518933][ T43] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 152.538727][ T6737] EXT4-fs (loop0): Cannot turn on quotas: error -117 [ 152.635184][ T6737] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 152.671438][ T6765] netlink: 292 bytes leftover after parsing attributes in process `syz.4.189'. [ 152.707883][ T43] usb 2-1: Using ep0 maxpacket: 32 [ 152.725479][ T43] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 152.736596][ T6765] netlink: 144 bytes leftover after parsing attributes in process `syz.4.189'. [ 152.745970][ T43] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 152.763259][ T43] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 152.774075][ T6781] netlink: 76 bytes leftover after parsing attributes in process `syz.4.189'. [ 152.783579][ T43] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 152.802942][ T6722] loop5: detected capacity change from 0 to 1024 [ 152.823664][ T43] usb 2-1: config 0 descriptor?? [ 152.848437][ T43] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 153.307249][ T9] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 153.433929][ T6795] bcachefs (loop1): going read-only [ 153.503207][ T9] usb 6-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config [ 153.658592][ T6795] bcachefs (loop1): finished waiting for writes to stop [ 153.730510][ T9] usb 6-1: config 7 has 1 interface, different from the descriptor's value: 2 [ 153.815926][ T6795] bcachefs (loop1): flushing journal and stopping allocators, journal seq 3 [ 154.238520][ T9] usb 6-1: string descriptor 0 read error: -71 [ 154.245671][ T9] usb 6-1: New USB device found, idVendor=19d2, idProduct=1275, bcdDevice= 0.84 [ 154.254966][ T9] usb 6-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3 [ 154.285556][ T9] usb 6-1: can't set config #7, error -71 [ 154.321512][ T9] usb 6-1: USB disconnect, device number 3 [ 154.381649][ T6748] syz.1.187 (6748) used greatest stack depth: 17800 bytes left [ 154.389516][ T24] usb 1-1: string descriptor 0 read error: -71 [ 154.397988][ T24] usb 1-1: Found UVC 0.00 device (2833:0201) [ 154.411574][ T24] usb 1-1: No valid video chain found. [ 154.429884][ T5828] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 154.448787][ T24] usb 1-1: USB disconnect, device number 4 [ 154.456637][ T6795] bcachefs (loop1): flushing journal and stopping allocators complete, journal seq 4 [ 154.584927][ T6795] bcachefs (loop1): clean shutdown complete, journal seq 5 [ 154.658179][ T6795] bcachefs (loop1): marking filesystem clean [ 154.801801][ T9] usb 2-1: USB disconnect, device number 6 [ 154.895298][ T5836] bcachefs (loop1): shutting down [ 155.059378][ T5836] bcachefs (loop1): shutdown complete [ 156.070256][ T6822] loop0: detected capacity change from 0 to 32768 [ 156.370808][ T6820] loop5: detected capacity change from 0 to 32768 [ 156.564428][ T6825] openvswitch: netlink: Unexpected mask (mask=20040, allowed=10048) [ 156.893930][ T6820] ocfs2: Slot 0 on device (7,5) was already allocated to this node! [ 157.021360][ T6820] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode. [ 157.925680][ T6839] fuse: Bad value for 'group_id' [ 157.937408][ T6839] fuse: Bad value for 'group_id' [ 158.109283][ T6844] netlink: 8 bytes leftover after parsing attributes in process `syz.3.204'. [ 158.174696][ T6246] ocfs2: Unmounting device (7,5) on (node local) [ 158.477450][ T6848] openvswitch: netlink: IP tunnel dst address not specified [ 159.128059][ T6857] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 163.503891][ T6868] loop5: detected capacity change from 0 to 32768 [ 163.566625][ T6868] read_mapping_page failed! [ 163.598115][ T6868] jfs_mount: Failed to read FILESYSTEM_I [ 163.624480][ T6868] Mount JFS Failure: -5 [ 163.778320][ T6868] jfs_mount failed w/return code = -5 [ 164.162428][ T6912] netlink: 'syz.4.216': attribute type 2 has an invalid length. [ 164.227461][ T6915] loop4: detected capacity change from 0 to 64 [ 164.477525][ T24] usb 6-1: new full-speed USB device number 4 using dummy_hcd [ 164.580733][ T6921] loop8: detected capacity change from 0 to 16384 [ 164.667197][ T24] usb 6-1: New USB device found, idVendor=13d3, idProduct=3224, bcdDevice=cb.0d [ 164.706811][ T24] usb 6-1: New USB device strings: Mfr=1, Product=12, SerialNumber=3 [ 164.737345][ T24] usb 6-1: Product: syz [ 164.741545][ T24] usb 6-1: Manufacturer: syz [ 164.746150][ T24] usb 6-1: SerialNumber: syz [ 164.791787][ T24] dvb-usb: found a 'DigitalNow TinyUSB 2 DVB-t Receiver' in warm state. [ 164.899971][ T6921] loop8: detected capacity change from 16384 to 0 [ 164.900715][ C0] I/O error, dev loop8, sector 16376 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 164.946078][ C1] I/O error, dev loop8, sector 2560 op 0x0:(READ) flags 0x80700 phys_seg 8 prio class 0 [ 165.614214][ T24] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 165.637430][ T24] dvb-usb: DigitalNow TinyUSB 2 DVB-t Receiver error while loading driver (-19) [ 165.732094][ T6927] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 165.750026][ T6927] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 166.049592][ T940] usb 6-1: USB disconnect, device number 4 [ 166.171691][ T6946] openvswitch: netlink: Unexpected mask (mask=20040, allowed=10048) [ 166.874673][ T6923] loop1: detected capacity change from 0 to 32768 [ 167.837400][ T6923] workqueue: Failed to create a rescuer kthread for wq "ocfs2_wq": -EINTR [ 167.838402][ T6923] (syz.1.220,6923,0):ocfs2_initialize_super:2227 ERROR: status = -12 [ 168.127491][ T6923] (syz.1.220,6923,1):ocfs2_fill_super:1177 ERROR: status = -12 [ 168.271921][ T6963] loop5: detected capacity change from 0 to 64 [ 168.653086][ T6965] syz.5.227: attempt to access beyond end of device [ 168.653086][ T6965] loop5: rw=34817, sector=39, nr_sectors = 30 limit=64 [ 168.956829][ T6965] syz.5.227: attempt to access beyond end of device [ 168.956829][ T6965] loop5: rw=34817, sector=72, nr_sectors = 2 limit=64 [ 168.988231][ T6965] syz.5.227: attempt to access beyond end of device [ 168.988231][ T6965] loop5: rw=34817, sector=76, nr_sectors = 978 limit=64 [ 170.514321][ T6983] loop4: detected capacity change from 0 to 32768 [ 172.703668][ T7012] 9pnet_fd: Insufficient options for proto=fd [ 172.928809][ T7000] loop5: detected capacity change from 0 to 32768 [ 172.956846][ T7000] jfs_mount: Mount Failure: File System Dirty. [ 173.003532][ T7000] Mount JFS Failure: -22 [ 173.037521][ T30] audit: type=1800 audit(1750915888.672:4): pid=7012 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.237" name="/" dev="9p" ino=2 res=0 errno=0 [ 173.449863][ T5202] udevd[5202]: worker [6136] terminated by signal 33 (Unknown signal 33) [ 173.529225][ T5202] udevd[5202]: worker [6136] failed while handling '/devices/virtual/bdi/9p-4' [ 173.562651][ T7026] loop0: detected capacity change from 0 to 256 [ 173.595881][ T7005] loop1: detected capacity change from 0 to 40427 [ 174.047604][ T7005] F2FS-fs (loop1): Insane cp_payload (553648128 >= 504) [ 174.151522][ T7005] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 174.470923][ T7026] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 174.486035][ T7005] F2FS-fs (loop1): build fault injection type: 0x0 [ 174.523343][ T7005] F2FS-fs (loop1): heap/no_heap options were deprecated [ 174.577222][ T7026] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 174.644341][ T7005] F2FS-fs (loop1): invalid crc value [ 174.970110][ T7026] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 175.185125][ T7043] openvswitch: netlink: Unexpected mask (mask=20040, allowed=10048) [ 176.067705][ T940] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 176.427473][ T940] usb 1-1: Using ep0 maxpacket: 32 [ 176.463493][ T940] usb 1-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 176.508173][ T940] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 176.548639][ T940] usb 1-1: config 0 descriptor?? [ 176.737186][ T9] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 176.811674][ T940] dvb-usb: found a 'Elgato EyeTV Sat' in cold state, will try to load a firmware [ 177.092176][ T7060] loop4: detected capacity change from 0 to 32768 [ 177.106591][ T940] usb 1-1: Direct firmware load for dvb-usb-az6027-03.fw failed with error -2 [ 177.116223][ T940] usb 1-1: Falling back to sysfs fallback for: dvb-usb-az6027-03.fw [ 177.124352][ T9] usb 6-1: Using ep0 maxpacket: 32 [ 177.132518][ T9] usb 6-1: config index 0 descriptor too short (expected 156, got 27) [ 177.144019][ T9] usb 6-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 177.155564][ T9] usb 6-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 177.289363][ T7065] loop0: detected capacity change from 0 to 64 [ 177.376069][ T9] usb 6-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 177.390778][ T9] usb 6-1: config 0 interface 0 has no altsetting 0 [ 177.399739][ T9] usb 6-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 177.419638][ T9] usb 6-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 177.440003][ T9] usb 6-1: Product: syz [ 177.444331][ T9] usb 6-1: Manufacturer: syz [ 177.755729][ T9] usb 6-1: SerialNumber: syz [ 178.222640][ T7070] syz.0.248: attempt to access beyond end of device [ 178.222640][ T7070] loop0: rw=34817, sector=39, nr_sectors = 30 limit=64 [ 178.293190][ T9] usb 6-1: config 0 descriptor?? [ 178.312766][ T9] ldusb 6-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 178.325433][ T9] ldusb 6-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 178.344080][ T7070] syz.0.248: attempt to access beyond end of device [ 178.344080][ T7070] loop0: rw=34817, sector=72, nr_sectors = 2 limit=64 [ 178.405510][ T7070] syz.0.248: attempt to access beyond end of device [ 178.405510][ T7070] loop0: rw=34817, sector=76, nr_sectors = 474 limit=64 [ 178.599555][ T5887] usb 6-1: USB disconnect, device number 5 [ 178.605498][ C1] ldusb 6-1:0.0: usb_submit_urb failed (-19) [ 178.617412][ T7051] ldusb 6-1:0.0: Couldn't submit HID_REQ_SET_REPORT -71 [ 178.631830][ T7073] loop1: detected capacity change from 0 to 32768 [ 178.667327][ T5887] ldusb 6-1:0.0: LD USB Device #0 now disconnected [ 178.871766][ T7051] CIFS: VFS: Malformed UNC in devname [ 181.396878][ T7105] loop4: detected capacity change from 0 to 16 [ 181.526503][ T7109] loop5: detected capacity change from 0 to 256 [ 181.999480][ T7107] loop0: detected capacity change from 0 to 256 [ 182.006105][ T7105] erofs (device loop4): unidentified algorithms fff0, please upgrade kernel [ 182.069360][ T7112] FAULT_INJECTION: forcing a failure. [ 182.069360][ T7112] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 182.105478][ T7107] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 182.174443][ T7107] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 182.183264][ T7112] CPU: 1 UID: 0 PID: 7112 Comm: syz.1.257 Not tainted 6.16.0-rc3-next-20250625-syzkaller #0 PREEMPT(full) [ 182.183292][ T7112] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 182.183305][ T7112] Call Trace: [ 182.183314][ T7112] [ 182.183323][ T7112] dump_stack_lvl+0x189/0x250 [ 182.183362][ T7112] ? __pfx____ratelimit+0x10/0x10 [ 182.183393][ T7112] ? __pfx_dump_stack_lvl+0x10/0x10 [ 182.183425][ T7112] ? __pfx__printk+0x10/0x10 [ 182.183462][ T7112] should_fail_ex+0x414/0x560 [ 182.183498][ T7112] _copy_to_user+0x31/0xb0 [ 182.183543][ T7112] simple_read_from_buffer+0xe1/0x170 [ 182.183579][ T7112] proc_fail_nth_read+0x1df/0x250 [ 182.183614][ T7112] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 182.183638][ T7112] ? rw_verify_area+0x258/0x650 [ 182.183662][ T7112] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 182.183684][ T7112] vfs_read+0x1fd/0x980 [ 182.183713][ T7112] ? __pfx___mutex_lock+0x10/0x10 [ 182.183751][ T7112] ? __pfx_vfs_read+0x10/0x10 [ 182.183777][ T7112] ? __fget_files+0x2a/0x420 [ 182.183800][ T7112] ? __fget_files+0x3a0/0x420 [ 182.183815][ T7112] ? __fget_files+0x2a/0x420 [ 182.183842][ T7112] ksys_read+0x145/0x250 [ 182.183881][ T7112] ? __pfx_ksys_read+0x10/0x10 [ 182.183911][ T7112] ? do_syscall_64+0xbe/0x3b0 [ 182.183942][ T7112] do_syscall_64+0xfa/0x3b0 [ 182.183976][ T7112] ? lockdep_hardirqs_on+0x9c/0x150 [ 182.184001][ T7112] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 182.184019][ T7112] ? clear_bhb_loop+0x60/0xb0 [ 182.184042][ T7112] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 182.184060][ T7112] RIP: 0033:0x7fbffb98d33c [ 182.184076][ T7112] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 182.184092][ T7112] RSP: 002b:00007fbffc733030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 182.184111][ T7112] RAX: ffffffffffffffda RBX: 00007fbffbbb5fa0 RCX: 00007fbffb98d33c [ 182.184124][ T7112] RDX: 000000000000000f RSI: 00007fbffc7330a0 RDI: 0000000000000004 [ 182.184135][ T7112] RBP: 00007fbffc733090 R08: 0000000000000000 R09: 0000000000000000 [ 182.184146][ T7112] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 182.184157][ T7112] R13: 0000000000000000 R14: 00007fbffbbb5fa0 R15: 00007ffd42b03368 [ 182.184186][ T7112] [ 182.593680][ T7107] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 183.557047][ T7122] loop4: detected capacity change from 0 to 256 [ 183.597816][ T7122] exfat: Deprecated parameter 'utf8' [ 183.724340][ T7122] exfat: Bad value for 'allow_utime' [ 185.513713][ T7163] loop4: detected capacity change from 0 to 1764 [ 186.436572][ T7182] loop4: detected capacity change from 0 to 128 [ 186.488919][ T7182] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 186.514262][ T7187] loop1: detected capacity change from 0 to 256 [ 186.544418][ T7187] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 186.583579][ T7182] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 186.609997][ T7187] exFAT-fs (loop1): Medium has reported failures. Some data may be lost. [ 186.718452][ T7187] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 187.696605][ T12] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 187.747166][ T55] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 187.828861][ T7201] loop4: detected capacity change from 0 to 64 [ 187.897933][ T55] usb 2-1: Using ep0 maxpacket: 32 [ 187.915578][ T55] usb 2-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 187.936978][ T55] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 187.957462][ T5834] Bluetooth: hci1: command 0x0405 tx timeout [ 188.064364][ T55] usb 2-1: config 0 descriptor?? [ 188.272081][ T55] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 188.309375][ T55] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 188.339527][ T55] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 188.367161][ T55] usb 2-1: media controller created [ 188.442633][ T55] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 189.566707][ T55] az6027: usb out operation failed. (-71) [ 189.573063][ T55] az6027: usb out operation failed. (-71) [ 189.601672][ T55] stb0899_attach: Driver disabled by Kconfig [ 189.628199][ T55] az6027: no front-end attached [ 189.628199][ T55] [ 189.668347][ T3068] kworker/u8:7: attempt to access beyond end of device [ 189.668347][ T3068] loop4: rw=1, sector=65, nr_sectors = 1 limit=64 [ 189.687488][ T3068] Buffer I/O error on dev loop4, logical block 65, lost async page write [ 189.697787][ T55] az6027: usb out operation failed. (-71) [ 189.703559][ T55] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 189.727306][ T3068] kworker/u8:7: attempt to access beyond end of device [ 189.727306][ T3068] loop4: rw=1, sector=66, nr_sectors = 1 limit=64 [ 189.749020][ T55] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb2/2-1/input/input8 [ 189.792291][ T3068] Buffer I/O error on dev loop4, logical block 66, lost async page write [ 189.801988][ T55] dvb-usb: schedule remote query interval to 400 msecs. [ 189.845082][ T3068] kworker/u8:7: attempt to access beyond end of device [ 189.845082][ T3068] loop4: rw=1, sector=67, nr_sectors = 1 limit=64 [ 189.858913][ T55] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 189.889082][ T55] usb 2-1: USB disconnect, device number 7 [ 189.898708][ T3068] Buffer I/O error on dev loop4, logical block 67, lost async page write [ 189.909571][ T3068] kworker/u8:7: attempt to access beyond end of device [ 189.909571][ T3068] loop4: rw=1, sector=68, nr_sectors = 1 limit=64 [ 189.961564][ T3068] Buffer I/O error on dev loop4, logical block 68, lost async page write [ 190.037268][ T3068] kworker/u8:7: attempt to access beyond end of device [ 190.037268][ T3068] loop4: rw=1, sector=72, nr_sectors = 1 limit=64 [ 190.087500][ T3068] Buffer I/O error on dev loop4, logical block 72, lost async page write [ 190.130381][ T3068] kworker/u8:7: attempt to access beyond end of device [ 190.130381][ T3068] loop4: rw=1, sector=73, nr_sectors = 1 limit=64 [ 190.156076][ T55] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 191.264437][ T3068] Buffer I/O error on dev loop4, logical block 73, lost async page write [ 191.485281][ T3068] kworker/u8:7: attempt to access beyond end of device [ 191.485281][ T3068] loop4: rw=1, sector=76, nr_sectors = 1 limit=64 [ 191.576374][ T3068] Buffer I/O error on dev loop4, logical block 76, lost async page write [ 191.667885][ T3068] kworker/u8:7: attempt to access beyond end of device [ 191.667885][ T3068] loop4: rw=1, sector=77, nr_sectors = 1 limit=64 [ 191.681905][ T3068] Buffer I/O error on dev loop4, logical block 77, lost async page write [ 191.692074][ T3068] kworker/u8:7: attempt to access beyond end of device [ 191.692074][ T3068] loop4: rw=1, sector=78, nr_sectors = 976 limit=64 [ 192.554636][ T7231] loop4: detected capacity change from 0 to 8192 [ 192.668730][ T5829] loop4: p3 p4 < > [ 192.680035][ T5829] loop4: p3 start 18548 is beyond EOD, truncated [ 192.753530][ T7231] loop4: p3 p4 < > [ 192.762469][ T7231] loop4: p3 start 18548 is beyond EOD, truncated [ 192.987001][ T7229] loop1: detected capacity change from 0 to 32768 [ 193.094152][ T7229] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 193.220143][ T5829] udevd[5829]: inotify_add_watch(7, /dev/loop4p4, 10) failed: No such file or directory [ 193.323364][ T7233] loop0: detected capacity change from 0 to 32768 [ 193.442528][ T7233] jfs_mount: Mount Failure: File System Dirty. [ 193.466016][ T5829] udevd[5829]: inotify_add_watch(7, /dev/loop4p4, 10) failed: No such file or directory [ 193.613476][ T7250] loop4: detected capacity change from 0 to 256 [ 194.130540][ T7233] Mount JFS Failure: -22 [ 194.202246][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.210825][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.578170][ T5202] udevd[5202]: worker [5847] terminated by signal 33 (Unknown signal 33) [ 194.600936][ T7229] XFS (loop1): Ending clean mount [ 194.626044][ T7255] loop4: detected capacity change from 0 to 1024 [ 194.627202][ T5202] udevd[5202]: worker [5847] failed while handling '/devices/virtual/block/loop5' [ 194.675790][ T7229] XFS (loop1): Quotacheck needed: Please wait. [ 194.945692][ T7229] XFS (loop1): Quotacheck: Done. [ 194.963625][ T7259] Bluetooth: MGMT ver 1.23 [ 195.040372][ T7259] loop0: detected capacity change from 0 to 1024 [ 195.098346][ T7259] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 195.395217][ T5836] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 196.325224][ T5828] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 196.668823][ T7275] netlink: 'syz.4.296': attribute type 1 has an invalid length. [ 196.698910][ T24] IPVS: starting estimator thread 0... [ 196.742123][ T7277] netlink: 4 bytes leftover after parsing attributes in process `syz.4.296'. [ 196.811868][ T7275] 8021q: adding VLAN 0 to HW filter on device bond1 [ 196.818611][ T7280] IPVS: using max 42 ests per chain, 100800 per kthread [ 197.078428][ T7283] loop5: detected capacity change from 0 to 32768 [ 197.335177][ T7286] loop1: detected capacity change from 0 to 256 [ 197.455362][ T7287] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 198.088661][ T7286] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 198.147212][ T7286] exFAT-fs (loop1): Medium has reported failures. Some data may be lost. [ 198.181412][ T7286] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 198.241272][ T7291] netlink: 22 bytes leftover after parsing attributes in process `syz.5.300'. [ 198.456187][ T7292] 9pnet_fd: p9_fd_create_tcp (7292): problem connecting socket to 127.0.0.1 [ 198.497365][ T5887] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 198.679168][ T5887] usb 2-1: Using ep0 maxpacket: 32 [ 199.179759][ T5887] usb 2-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 199.207614][ T5887] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 199.250179][ T5887] usb 2-1: config 0 descriptor?? [ 199.458308][ T5887] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 199.571410][ T7297] loop5: detected capacity change from 0 to 32768 [ 199.635765][ T7277] bond1 (unregistering): Released all slaves [ 199.662512][ T5887] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 199.704692][ T5887] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 199.755694][ T5887] usb 2-1: media controller created [ 199.894199][ T7301] FAULT_INJECTION: forcing a failure. [ 199.894199][ T7301] name failslab, interval 1, probability 0, space 0, times 0 [ 200.017785][ T7301] CPU: 0 UID: 0 PID: 7301 Comm: syz.0.303 Not tainted 6.16.0-rc3-next-20250625-syzkaller #0 PREEMPT(full) [ 200.017812][ T7301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 200.017824][ T7301] Call Trace: [ 200.017831][ T7301] [ 200.017839][ T7301] dump_stack_lvl+0x189/0x250 [ 200.017872][ T7301] ? __pfx____ratelimit+0x10/0x10 [ 200.017899][ T7301] ? __pfx_dump_stack_lvl+0x10/0x10 [ 200.017927][ T7301] ? __pfx__printk+0x10/0x10 [ 200.017953][ T7301] ? __pfx___might_resched+0x10/0x10 [ 200.017985][ T7301] should_fail_ex+0x414/0x560 [ 200.018023][ T7301] should_failslab+0xa8/0x100 [ 200.018053][ T7301] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 200.018081][ T7301] ? __alloc_skb+0x112/0x2d0 [ 200.018103][ T7301] __alloc_skb+0x112/0x2d0 [ 200.018125][ T7301] tipc_nl_compat_dumpit+0x116/0x7b0 [ 200.018158][ T7301] tipc_nl_compat_recv+0x802/0xbe0 [ 200.018184][ T7301] ? __pfx_tipc_nl_compat_recv+0x10/0x10 [ 200.018206][ T7301] ? __pfx_tipc_nl_node_dump+0x10/0x10 [ 200.018233][ T7301] ? __pfx_tipc_nl_compat_node_dump+0x10/0x10 [ 200.018256][ T7301] ? __mutex_trylock_common+0x153/0x260 [ 200.018288][ T7301] ? __pfx___mutex_trylock_common+0x10/0x10 [ 200.018316][ T7301] ? __local_bh_enable_ip+0x12d/0x1c0 [ 200.018345][ T7301] ? rcu_is_watching+0x15/0xb0 [ 200.018383][ T7301] genl_family_rcv_msg_doit+0x212/0x300 [ 200.018414][ T7301] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 200.018461][ T7301] genl_rcv_msg+0x60e/0x790 [ 200.018490][ T7301] ? __pfx_genl_rcv_msg+0x10/0x10 [ 200.018509][ T7301] ? ref_tracker_free+0x63a/0x7d0 [ 200.018535][ T7301] ? __pfx_tipc_nl_compat_recv+0x10/0x10 [ 200.018559][ T7301] ? __pfx_ref_tracker_free+0x10/0x10 [ 200.018603][ T7301] netlink_rcv_skb+0x208/0x470 [ 200.018633][ T7301] ? __pfx_genl_rcv_msg+0x10/0x10 [ 200.018657][ T7301] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 200.018703][ T7301] ? down_read+0x1ad/0x2e0 [ 200.018724][ T7301] genl_rcv+0x28/0x40 [ 200.018743][ T7301] netlink_unicast+0x75b/0x8d0 [ 200.018779][ T7301] netlink_sendmsg+0x805/0xb30 [ 200.018818][ T7301] ? __pfx_netlink_sendmsg+0x10/0x10 [ 200.018850][ T7301] ? aa_sock_msg_perm+0xf1/0x1d0 [ 200.018880][ T7301] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 200.018901][ T7301] ? __pfx_netlink_sendmsg+0x10/0x10 [ 200.018931][ T7301] __sock_sendmsg+0x219/0x270 [ 200.018960][ T7301] ____sys_sendmsg+0x505/0x830 [ 200.018986][ T7301] ? __pfx_____sys_sendmsg+0x10/0x10 [ 200.019017][ T7301] ? import_iovec+0x74/0xa0 [ 200.019046][ T7301] ___sys_sendmsg+0x21f/0x2a0 [ 200.019069][ T7301] ? __pfx____sys_sendmsg+0x10/0x10 [ 200.019127][ T7301] ? __fget_files+0x2a/0x420 [ 200.019143][ T7301] ? __fget_files+0x3a0/0x420 [ 200.019172][ T7301] __x64_sys_sendmsg+0x19b/0x260 [ 200.019196][ T7301] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 200.019226][ T7301] ? __pfx_ksys_write+0x10/0x10 [ 200.019250][ T7301] ? rcu_is_watching+0x15/0xb0 [ 200.019281][ T7301] ? do_syscall_64+0xbe/0x3b0 [ 200.019313][ T7301] do_syscall_64+0xfa/0x3b0 [ 200.019339][ T7301] ? lockdep_hardirqs_on+0x9c/0x150 [ 200.019364][ T7301] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 200.019383][ T7301] ? clear_bhb_loop+0x60/0xb0 [ 200.019407][ T7301] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 200.019425][ T7301] RIP: 0033:0x7f48e718e929 [ 200.019442][ T7301] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 200.019459][ T7301] RSP: 002b:00007f48e7f4e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 200.019479][ T7301] RAX: ffffffffffffffda RBX: 00007f48e73b5fa0 RCX: 00007f48e718e929 [ 200.019494][ T7301] RDX: 0000000000000840 RSI: 0000200000000940 RDI: 0000000000000003 [ 200.019506][ T7301] RBP: 00007f48e7f4e090 R08: 0000000000000000 R09: 0000000000000000 [ 200.019517][ T7301] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 200.019529][ T7301] R13: 0000000000000000 R14: 00007f48e73b5fa0 R15: 00007ffcc90d3ad8 [ 200.019559][ T7301] [ 200.490798][ T5887] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 201.473154][ T7313] FAULT_INJECTION: forcing a failure. [ 201.473154][ T7313] name failslab, interval 1, probability 0, space 0, times 0 [ 201.641461][ T7313] CPU: 1 UID: 0 PID: 7313 Comm: syz.4.308 Not tainted 6.16.0-rc3-next-20250625-syzkaller #0 PREEMPT(full) [ 201.641488][ T7313] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 201.641497][ T7313] Call Trace: [ 201.641502][ T7313] [ 201.641509][ T7313] dump_stack_lvl+0x189/0x250 [ 201.641534][ T7313] ? __pfx____ratelimit+0x10/0x10 [ 201.641554][ T7313] ? __pfx_dump_stack_lvl+0x10/0x10 [ 201.641574][ T7313] ? __pfx__printk+0x10/0x10 [ 201.641592][ T7313] ? __pfx___might_resched+0x10/0x10 [ 201.641610][ T7313] ? fs_reclaim_acquire+0x7d/0x100 [ 201.641626][ T7313] should_fail_ex+0x414/0x560 [ 201.641648][ T7313] should_failslab+0xa8/0x100 [ 201.641669][ T7313] kmem_cache_alloc_noprof+0x73/0x3c0 [ 201.641688][ T7313] ? skb_clone+0x212/0x3a0 [ 201.641707][ T7313] skb_clone+0x212/0x3a0 [ 201.641720][ T7313] ? nfnetlink_rcv+0x486/0x2520 [ 201.641738][ T7313] nfnetlink_rcv+0x4b4/0x2520 [ 201.641756][ T7313] ? __dev_queue_xmit+0x1cd7/0x3a70 [ 201.641775][ T7313] ? kmem_cache_alloc_noprof+0x1c1/0x3c0 [ 201.641795][ T7313] ? __dev_queue_xmit+0x27e/0x3a70 [ 201.641810][ T7313] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 201.641830][ T7313] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 201.641857][ T7313] ? ref_tracker_free+0x63a/0x7d0 [ 201.641875][ T7313] ? __copy_skb_header+0xa7/0x550 [ 201.641891][ T7313] ? __pfx_ref_tracker_free+0x10/0x10 [ 201.641909][ T7313] ? __skb_clone+0x63/0x7a0 [ 201.641927][ T7313] ? __skb_clone+0x483/0x7a0 [ 201.641945][ T7313] ? skb_clone+0x246/0x3a0 [ 201.641962][ T7313] ? __netlink_deliver_tap+0x807/0x850 [ 201.641982][ T7313] ? netlink_deliver_tap+0x2e/0x1b0 [ 201.642006][ T7313] ? netlink_deliver_tap+0x2e/0x1b0 [ 201.642025][ T7313] ? netlink_deliver_tap+0x2e/0x1b0 [ 201.642048][ T7313] netlink_unicast+0x75b/0x8d0 [ 201.642073][ T7313] netlink_sendmsg+0x805/0xb30 [ 201.642100][ T7313] ? __pfx_netlink_sendmsg+0x10/0x10 [ 201.642122][ T7313] ? aa_sock_msg_perm+0xf1/0x1d0 [ 201.642143][ T7313] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 201.642158][ T7313] ? __pfx_netlink_sendmsg+0x10/0x10 [ 201.642178][ T7313] __sock_sendmsg+0x219/0x270 [ 201.642198][ T7313] ____sys_sendmsg+0x505/0x830 [ 201.642218][ T7313] ? __pfx_____sys_sendmsg+0x10/0x10 [ 201.642239][ T7313] ? import_iovec+0x74/0xa0 [ 201.642260][ T7313] ___sys_sendmsg+0x21f/0x2a0 [ 201.642279][ T7313] ? __pfx____sys_sendmsg+0x10/0x10 [ 201.642337][ T7313] ? __fget_files+0x2a/0x420 [ 201.642350][ T7313] ? __fget_files+0x3a0/0x420 [ 201.642390][ T7313] __x64_sys_sendmsg+0x19b/0x260 [ 201.642409][ T7313] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 201.642434][ T7313] ? __pfx_ksys_write+0x10/0x10 [ 201.642458][ T7313] ? rcu_is_watching+0x15/0xb0 [ 201.642484][ T7313] ? do_syscall_64+0xbe/0x3b0 [ 201.642511][ T7313] do_syscall_64+0xfa/0x3b0 [ 201.642533][ T7313] ? lockdep_hardirqs_on+0x9c/0x150 [ 201.642556][ T7313] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 201.642573][ T7313] ? clear_bhb_loop+0x60/0xb0 [ 201.642592][ T7313] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 201.642607][ T7313] RIP: 0033:0x7f66c378e929 [ 201.642621][ T7313] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 201.642635][ T7313] RSP: 002b:00007f66c462f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 201.642652][ T7313] RAX: ffffffffffffffda RBX: 00007f66c39b5fa0 RCX: 00007f66c378e929 [ 201.642664][ T7313] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000003 [ 201.642674][ T7313] RBP: 00007f66c462f090 R08: 0000000000000000 R09: 0000000000000000 [ 201.642683][ T7313] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 201.642693][ T7313] R13: 0000000000000000 R14: 00007f66c39b5fa0 R15: 00007ffecc548308 [ 201.642716][ T7313] [ 202.285503][ T5887] az6027: usb out operation failed. (-71) [ 202.293190][ T5887] az6027: usb out operation failed. (-71) [ 202.298985][ T5887] stb0899_attach: Driver disabled by Kconfig [ 202.319304][ T5887] az6027: no front-end attached [ 202.319304][ T5887] [ 202.326678][ T5887] az6027: usb out operation failed. (-71) [ 202.332501][ T5887] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 202.342282][ T5887] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb2/2-1/input/input9 [ 202.357457][ T5887] dvb-usb: schedule remote query interval to 400 msecs. [ 202.367274][ T5887] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 202.377463][ T5887] usb 2-1: USB disconnect, device number 8 [ 202.403734][ T7304] loop0: detected capacity change from 0 to 32768 [ 202.531820][ T7304] ocfs2: Slot 0 on device (7,0) was already allocated to this node! [ 202.556270][ T7318] netlink: 22 bytes leftover after parsing attributes in process `syz.1.312'. [ 202.559893][ T7304] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 202.847619][ T5902] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 203.347214][ T5902] usb 6-1: Using ep0 maxpacket: 32 [ 203.366456][ T5902] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 203.390169][ T5902] usb 6-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80 [ 203.406317][ T5902] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 203.446602][ T5902] usb 6-1: Product: syz [ 203.459400][ T5902] usb 6-1: Manufacturer: syz [ 203.464024][ T5902] usb 6-1: SerialNumber: syz [ 203.484686][ T5887] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 203.673666][ T5902] usb 6-1: config 0 descriptor?? [ 203.705212][ T5902] usb 6-1: bad CDC descriptors [ 203.741692][ T5902] usb 6-1: unsupported MDLM descriptors [ 203.982247][ T9] usb 6-1: USB disconnect, device number 6 [ 205.021714][ T5828] ocfs2: Unmounting device (7,0) on (node local) [ 206.196069][ T7356] loop0: detected capacity change from 0 to 1024 [ 206.520854][ T5835] Bluetooth: hci2: command 0x0406 tx timeout [ 206.520895][ T51] Bluetooth: hci4: command 0x0406 tx timeout [ 206.527228][ T5840] Bluetooth: hci0: command 0x080f tx timeout [ 206.677375][ T5843] Bluetooth: hci3: command 0x0406 tx timeout [ 206.736872][ T7368] loop0: detected capacity change from 0 to 512 [ 206.855180][ T7368] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 206.878649][ T7368] ext4 filesystem being mounted at /54/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 207.115856][ T5828] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 207.138110][ T7375] loop4: detected capacity change from 0 to 1024 [ 207.727409][ T10] page_pool_release_retry() stalled pool shutdown: id 32, 1 inflight 60 sec [ 210.317323][ T7385] loop4: detected capacity change from 0 to 1024 [ 210.707628][ T7394] loop0: detected capacity change from 0 to 256 [ 210.949804][ T7398] 9pnet_fd: Insufficient options for proto=fd [ 212.387668][ T30] audit: type=1326 audit(1750915928.012:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7399 comm="syz.5.333" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb00eb8e929 code=0x7ffc0000 [ 212.527469][ T30] audit: type=1326 audit(1750915928.012:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7399 comm="syz.5.333" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb00eb8e929 code=0x7ffc0000 [ 212.574582][ T30] audit: type=1326 audit(1750915928.132:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7399 comm="syz.5.333" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fb00eb8e929 code=0x7ffc0000 [ 212.597290][ T7416] capability: warning: `syz.4.337' uses deprecated v2 capabilities in a way that may be insecure [ 212.650697][ T30] audit: type=1326 audit(1750915928.132:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7399 comm="syz.5.333" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb00eb8e929 code=0x7ffc0000 [ 212.673831][ T7409] sctp: [Deprecated]: syz.5.333 (pid 7409) Use of int in max_burst socket option. [ 212.673831][ T7409] Use struct sctp_assoc_value instead [ 212.698509][ T7416] loop4: detected capacity change from 0 to 64 [ 212.768818][ T30] audit: type=1326 audit(1750915928.132:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7399 comm="syz.5.333" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb00eb8e929 code=0x7ffc0000 [ 212.798564][ T7411] mkiss: ax0: crc mode is auto. [ 212.855634][ T30] audit: type=1326 audit(1750915928.132:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7399 comm="syz.5.333" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fb00eb8e929 code=0x7ffc0000 [ 212.937475][ T30] audit: type=1326 audit(1750915928.132:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7399 comm="syz.5.333" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb00eb8e929 code=0x7ffc0000 [ 213.073912][ T30] audit: type=1326 audit(1750915928.132:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7399 comm="syz.5.333" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb00eb8e929 code=0x7ffc0000 [ 213.148667][ T7420] loop0: detected capacity change from 0 to 32768 [ 213.165883][ T30] audit: type=1326 audit(1750915928.132:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7399 comm="syz.5.333" exe="/root/syz-executor" sig=0 arch=c000003e syscall=28 compat=0 ip=0x7fb00eb8e929 code=0x7ffc0000 [ 213.195982][ T30] audit: type=1326 audit(1750915928.172:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7399 comm="syz.5.333" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb00eb8e929 code=0x7ffc0000 [ 216.168853][ T7454] netlink: 'syz.0.342': attribute type 1 has an invalid length. [ 216.226059][ T7459] netlink: 4 bytes leftover after parsing attributes in process `syz.0.342'. [ 216.405033][ T7463] loop4: detected capacity change from 0 to 256 [ 216.428717][ T7463] msdos: Unknown parameter '0x0000000000000004' [ 216.551258][ T7454] 8021q: adding VLAN 0 to HW filter on device bond1 [ 216.909581][ T7475] loop5: detected capacity change from 0 to 256 [ 217.179957][ T7472] loop1: detected capacity change from 0 to 1024 [ 217.914559][ T7459] bond1 (unregistering): Released all slaves [ 218.039557][ T7460] dvmrp5: entered allmulticast mode [ 218.087726][ T7461] pimreg: entered allmulticast mode [ 218.285276][ T5831] Bluetooth: hci3: unexpected event for opcode 0x0c26 [ 218.292268][ T7482] netlink: 4 bytes leftover after parsing attributes in process `syz.1.349'. [ 219.679792][ T7507] loop0: detected capacity change from 0 to 32768 [ 220.918737][ T7524] loop4: detected capacity change from 0 to 64 [ 222.323073][ T7444] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 222.698103][ T7444] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 222.716132][ T7448] kworker/u8:27: attempt to access beyond end of device [ 222.716132][ T7448] loop4: rw=1, sector=65, nr_sectors = 1 limit=64 [ 222.795518][ T7448] Buffer I/O error on dev loop4, logical block 65, lost async page write [ 222.826910][ T7448] kworker/u8:27: attempt to access beyond end of device [ 222.826910][ T7448] loop4: rw=1, sector=66, nr_sectors = 1 limit=64 [ 223.046210][ T7448] Buffer I/O error on dev loop4, logical block 66, lost async page write [ 223.072682][ T7444] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 223.107229][ T7448] kworker/u8:27: attempt to access beyond end of device [ 223.107229][ T7448] loop4: rw=1, sector=67, nr_sectors = 1 limit=64 [ 223.204965][ T7448] Buffer I/O error on dev loop4, logical block 67, lost async page write [ 223.248788][ T7448] kworker/u8:27: attempt to access beyond end of device [ 223.248788][ T7448] loop4: rw=1, sector=68, nr_sectors = 1 limit=64 [ 223.301203][ T7444] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 223.322032][ T7448] Buffer I/O error on dev loop4, logical block 68, lost async page write [ 223.360887][ T7448] kworker/u8:27: attempt to access beyond end of device [ 223.360887][ T7448] loop4: rw=1, sector=72, nr_sectors = 1 limit=64 [ 223.400700][ T7448] Buffer I/O error on dev loop4, logical block 72, lost async page write [ 223.461222][ T7448] kworker/u8:27: attempt to access beyond end of device [ 223.461222][ T7448] loop4: rw=1, sector=73, nr_sectors = 1 limit=64 [ 223.535939][ T7448] Buffer I/O error on dev loop4, logical block 73, lost async page write [ 223.572811][ T7448] kworker/u8:27: attempt to access beyond end of device [ 223.572811][ T7448] loop4: rw=1, sector=76, nr_sectors = 1 limit=64 [ 223.611706][ T7448] Buffer I/O error on dev loop4, logical block 76, lost async page write [ 223.621102][ T7538] loop1: detected capacity change from 0 to 512 [ 223.627287][ T7448] kworker/u8:27: attempt to access beyond end of device [ 223.627287][ T7448] loop4: rw=1, sector=77, nr_sectors = 1 limit=64 [ 223.629385][ T7538] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 223.725035][ T7538] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 219 vs 220 free clusters [ 223.725987][ T7448] Buffer I/O error on dev loop4, logical block 77, lost async page write [ 223.749498][ T7448] kworker/u8:27: attempt to access beyond end of device [ 223.749498][ T7448] loop4: rw=1, sector=78, nr_sectors = 608 limit=64 [ 223.764962][ T7538] EXT4-fs (loop1): Remounting filesystem read-only [ 223.774314][ T7538] EXT4-fs (loop1): 1 truncate cleaned up [ 223.781852][ T7538] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 223.910263][ T5836] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 223.946571][ T7444] bridge_slave_1: left allmulticast mode [ 223.988032][ T5843] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 223.996221][ T7444] bridge_slave_1: left promiscuous mode [ 224.002151][ T7444] bridge0: port 2(bridge_slave_1) entered disabled state [ 224.011425][ T5843] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 224.019826][ T5843] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 224.057811][ T5843] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 224.066064][ T5843] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 224.175717][ T7444] bridge_slave_0: left allmulticast mode [ 224.214159][ T7544] loop1: detected capacity change from 0 to 256 [ 224.227589][ T7444] bridge_slave_0: left promiscuous mode [ 224.239884][ T7444] bridge0: port 1(bridge_slave_0) entered disabled state [ 224.270717][ T7544] exFAT-fs (loop1): bogus sector size bits : 0 [ 224.301563][ T7544] exFAT-fs (loop1): failed to read boot sector [ 224.324672][ T7544] exFAT-fs (loop1): failed to recognize exfat type [ 224.525411][ T7536] loop0: detected capacity change from 0 to 32768 [ 224.609390][ T7536] ocfs2: Slot 0 on device (7,0) was already allocated to this node! [ 224.684309][ T7536] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 225.806973][ T7556] xt_CT: You must specify a L4 protocol and not use inversions on it [ 225.860703][ T7556] loop1: detected capacity change from 0 to 256 [ 225.892129][ T7556] exfat: Deprecated parameter 'utf8' [ 225.913076][ T7556] exfat: Deprecated parameter 'namecase' [ 225.935955][ T5828] ocfs2: Unmounting device (7,0) on (node local) [ 225.949888][ T7556] exfat: Deprecated parameter 'utf8' [ 225.978941][ T7546] loop4: detected capacity change from 0 to 32768 [ 226.014273][ T7546] ocfs2: Slot 0 on device (7,4) was already allocated to this node! [ 226.036184][ T7556] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x389acbd6, utbl_chksum : 0xe619d30d) [ 226.069818][ T7546] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 226.125447][ T5831] Bluetooth: hci1: command tx timeout [ 226.243867][ T7444] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 226.438790][ T7444] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 226.803990][ T7444] bond0 (unregistering): Released all slaves [ 227.162698][ T5837] ocfs2: Unmounting device (7,4) on (node local) [ 228.016283][ T7444] hsr_slave_0: left promiscuous mode [ 228.197172][ T5831] Bluetooth: hci1: command tx timeout [ 228.272821][ T7444] hsr_slave_1: left promiscuous mode [ 228.301169][ T7444] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 228.323398][ T7444] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 228.354670][ T7444] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 228.387399][ T7444] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 228.459658][ T7444] veth1_macvtap: left promiscuous mode [ 228.465223][ T7444] veth0_macvtap: left promiscuous mode [ 228.525742][ T7444] veth1_vlan: left promiscuous mode [ 228.555005][ T7444] veth0_vlan: left promiscuous mode [ 228.672063][ T7582] loop1: detected capacity change from 0 to 32768 [ 228.731182][ T7585] loop4: detected capacity change from 0 to 64 [ 228.860114][ T7585] hfs: request for non-existent node 1280 in B*Tree [ 228.959519][ T7585] hfs: request for non-existent node 1280 in B*Tree [ 229.205644][ T7591] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 229.859890][ T7598] loop0: detected capacity change from 0 to 64 [ 230.277269][ T5831] Bluetooth: hci1: command tx timeout [ 231.253925][ T7430] kworker/u8:11: attempt to access beyond end of device [ 231.253925][ T7430] loop0: rw=1, sector=65, nr_sectors = 1 limit=64 [ 231.267326][ T7430] Buffer I/O error on dev loop0, logical block 65, lost async page write [ 231.288314][ T7430] kworker/u8:11: attempt to access beyond end of device [ 231.288314][ T7430] loop0: rw=1, sector=66, nr_sectors = 1 limit=64 [ 231.307694][ T7430] Buffer I/O error on dev loop0, logical block 66, lost async page write [ 231.328079][ T7430] kworker/u8:11: attempt to access beyond end of device [ 231.328079][ T7430] loop0: rw=1, sector=67, nr_sectors = 1 limit=64 [ 231.343072][ T7430] Buffer I/O error on dev loop0, logical block 67, lost async page write [ 231.371316][ T7430] kworker/u8:11: attempt to access beyond end of device [ 231.371316][ T7430] loop0: rw=1, sector=68, nr_sectors = 1 limit=64 [ 231.394499][ T7430] Buffer I/O error on dev loop0, logical block 68, lost async page write [ 231.410562][ T7430] kworker/u8:11: attempt to access beyond end of device [ 231.410562][ T7430] loop0: rw=1, sector=72, nr_sectors = 1 limit=64 [ 231.424292][ T7430] Buffer I/O error on dev loop0, logical block 72, lost async page write [ 231.445686][ T7430] kworker/u8:11: attempt to access beyond end of device [ 231.445686][ T7430] loop0: rw=1, sector=73, nr_sectors = 1 limit=64 [ 231.465249][ T7430] Buffer I/O error on dev loop0, logical block 73, lost async page write [ 231.728504][ T7430] kworker/u8:11: attempt to access beyond end of device [ 231.728504][ T7430] loop0: rw=1, sector=76, nr_sectors = 1 limit=64 [ 231.742060][ T7430] Buffer I/O error on dev loop0, logical block 76, lost async page write [ 231.752356][ T7430] kworker/u8:11: attempt to access beyond end of device [ 231.752356][ T7430] loop0: rw=1, sector=77, nr_sectors = 1 limit=64 [ 231.766572][ T7430] Buffer I/O error on dev loop0, logical block 77, lost async page write [ 231.776420][ T7430] kworker/u8:11: attempt to access beyond end of device [ 231.776420][ T7430] loop0: rw=1, sector=78, nr_sectors = 976 limit=64 [ 231.796119][ T7444] team0 (unregistering): Port device team_slave_1 removed [ 232.621607][ T5831] Bluetooth: hci1: command tx timeout [ 232.697828][ T7444] team0 (unregistering): Port device team_slave_0 removed [ 236.443650][ T7541] chnl_net:caif_netlink_parms(): no params data found [ 238.198094][ T10] IPVS: starting estimator thread 0... [ 238.627254][ T7669] IPVS: using max 30 ests per chain, 72000 per kthread [ 238.871172][ T7541] bridge0: port 1(bridge_slave_0) entered blocking state [ 238.926504][ T7541] bridge0: port 1(bridge_slave_0) entered disabled state [ 238.957292][ T7541] bridge_slave_0: entered allmulticast mode [ 239.003193][ T7541] bridge_slave_0: entered promiscuous mode [ 239.068320][ T7541] bridge0: port 2(bridge_slave_1) entered blocking state [ 239.121753][ T7541] bridge0: port 2(bridge_slave_1) entered disabled state [ 239.242297][ T7541] bridge_slave_1: entered allmulticast mode [ 239.314145][ T7541] bridge_slave_1: entered promiscuous mode [ 239.671745][ T7673] orangefs_mount: mount request failed with -4 [ 239.849184][ T7668] loop0: detected capacity change from 0 to 32768 [ 239.938347][ T7668] (syz.0.387,7668,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xfaa975d8, computed 0x5e2cb25b. Applying ECC. [ 239.969908][ T7541] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 240.029553][ T7668] (syz.0.387,7668,0):ocfs2_block_check_validate:416 ERROR: Fixed CRC32 failed: stored: 0xfaa975d8, computed 0x913a72f0 [ 240.046771][ T7541] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 240.102663][ T7668] (syz.0.387,7668,0):ocfs2_verify_volume:2329 ERROR: status = -5 [ 240.150481][ T7668] (syz.0.387,7668,0):ocfs2_fill_super:989 ERROR: superblock probe failed! [ 240.173889][ T7668] (syz.0.387,7668,0):ocfs2_fill_super:1177 ERROR: status = -5 [ 240.229020][ T7684] Driver unsupported XDP return value 0 on prog (id 105) dev N/A, expect packet loss! [ 240.270984][ T7541] team0: Port device team_slave_0 added [ 240.291178][ T940] dvb-usb: did not find the firmware file 'dvb-usb-az6027-03.fw' (status -110). You can use /scripts/get_dvb_firmware to get the firmware [ 240.310774][ T7541] team0: Port device team_slave_1 added [ 240.327536][ T940] dvb_usb_az6027 1-1:0.0: probe with driver dvb_usb_az6027 failed with error -110 [ 240.357889][ T940] usb 1-1: USB disconnect, device number 5 [ 240.604726][ T7541] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 240.634938][ T7541] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 240.730893][ T7541] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 240.801009][ T7541] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 240.818392][ T7541] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 240.870734][ T7541] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 241.024553][ T7708] netlink: 4 bytes leftover after parsing attributes in process `syz.0.399'. [ 241.037894][ T7706] loop1: detected capacity change from 0 to 512 [ 241.110383][ T7541] hsr_slave_0: entered promiscuous mode [ 241.123063][ T7541] hsr_slave_1: entered promiscuous mode [ 241.154440][ T7541] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 241.164999][ T7541] Cannot create hsr debugfs directory [ 241.397581][ T940] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 241.579343][ T940] usb 2-1: Using ep0 maxpacket: 16 [ 241.599013][ T940] usb 2-1: too many endpoints for config 1 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 241.620286][ T940] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 241.649788][ T940] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 241.680985][ T940] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 30442, setting to 1024 [ 241.713422][ T940] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 1024 [ 241.740572][ T940] usb 2-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 255 [ 241.781619][ T940] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 241.808727][ T940] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 241.831761][ T940] usb 2-1: SerialNumber: syz [ 241.861779][ T7706] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 241.895111][ T940] cdc_acm 2-1:1.0: probe with driver cdc_acm failed with error -12 [ 242.111333][ T5887] usb 2-1: USB disconnect, device number 9 [ 243.590744][ T7746] loop1: detected capacity change from 0 to 512 [ 243.639402][ T7746] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem [ 243.680926][ T7746] EXT4-fs (loop1): invalid journal inode [ 243.687196][ T7746] EXT4-fs (loop1): can't get journal size [ 243.780504][ T7746] EXT4-fs (loop1): 1 truncate cleaned up [ 243.796007][ T7746] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 243.976898][ T7745] slcan: can't register candev [ 243.982168][ T7745] Falling back ldisc for ttyS3. [ 244.179780][ T5836] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 244.449993][ T10] usb 5-1: new full-speed USB device number 9 using dummy_hcd [ 244.634155][ T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 244.803040][ T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 244.955191][ T10] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 245.133930][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 245.180071][ T10] usb 5-1: config 0 descriptor?? [ 245.230271][ T7541] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 245.374256][ T7541] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 245.433384][ T7541] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 245.512949][ T7541] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 245.642744][ T7776] tipc: Started in network mode [ 245.663176][ T7776] tipc: Node identity 7f000001, cluster identity 4711 [ 245.681811][ T7776] tipc: Enabled bearer , priority 10 [ 245.831517][ T10] usb 5-1: string descriptor 0 read error: -22 [ 245.926076][ T7786] smb3: Unknown parameter 'acl' [ 245.944892][ T7541] 8021q: adding VLAN 0 to HW filter on device bond0 [ 246.006123][ T7541] 8021q: adding VLAN 0 to HW filter on device team0 [ 246.058856][ T7444] bridge0: port 1(bridge_slave_0) entered blocking state [ 246.066047][ T7444] bridge0: port 1(bridge_slave_0) entered forwarding state [ 246.075159][ T10] input: HID 256c:006d as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:256C:006D.0003/input/input10 [ 246.192456][ T7430] bridge0: port 2(bridge_slave_1) entered blocking state [ 246.199753][ T7430] bridge0: port 2(bridge_slave_1) entered forwarding state [ 246.214818][ T10] uclogic 0003:256C:006D.0003: input,hidraw0: USB HID v0.00 Device [HID 256c:006d] on usb-dummy_hcd.4-1/input0 [ 246.328240][ T10] usb 5-1: USB disconnect, device number 9 [ 246.552617][ T7792] fido_id[7792]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory [ 246.680984][ T9] tipc: Node number set to 2130706433 [ 247.284267][ T7541] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 247.378381][ T7818] loop4: detected capacity change from 0 to 512 [ 247.435655][ T7818] EXT4-fs (loop4): couldn't mount as ext2 due to feature incompatibilities [ 249.316407][ T7840] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks [ 250.274961][ T7541] veth0_vlan: entered promiscuous mode [ 250.326089][ T7541] veth1_vlan: entered promiscuous mode [ 250.424953][ T7541] veth0_macvtap: entered promiscuous mode [ 250.590057][ T7541] veth1_macvtap: entered promiscuous mode [ 250.631017][ T7541] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 250.652665][ T7541] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 251.574115][ T12] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 251.607807][ T12] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 251.703859][ T12] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 251.779120][ T12] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 252.012854][ T7444] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 252.021588][ T7444] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 252.932820][ T7875] loop1: detected capacity change from 0 to 128 [ 252.938730][ T7443] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 253.068343][ T7443] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 255.467960][ T12] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 255.653561][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.661582][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.766629][ T12] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 255.951841][ T12] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 256.196850][ T12] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 256.562051][ T7889] loop1: detected capacity change from 0 to 40427 [ 256.624225][ T7889] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 256.934224][ T7889] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 257.072987][ T30] kauditd_printk_skb: 13 callbacks suppressed [ 257.082876][ T30] audit: type=1326 audit(1750915972.692:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7922 comm="syz.0.444" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f48e718e929 code=0x0 [ 257.761872][ T7889] F2FS-fs (loop1): Failed to start F2FS issue_checkpoint_thread (-4) [ 257.818273][ T12] bridge_slave_1: left allmulticast mode [ 257.824036][ T12] bridge_slave_1: left promiscuous mode [ 257.866571][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 258.029045][ T12] bridge_slave_0: left allmulticast mode [ 258.034836][ T12] bridge_slave_0: left promiscuous mode [ 258.053701][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 258.924126][ T5843] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 258.937906][ T5843] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 258.945799][ T5843] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 258.955552][ T5843] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 258.964950][ T5843] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 259.895565][ T7952] overlayfs: missing 'lowerdir' [ 260.997410][ T5831] Bluetooth: hci1: command tx timeout [ 261.371099][ T7968] loop1: detected capacity change from 0 to 2048 [ 261.389929][ T7968] udf: Bad value for 'partition' [ 261.460203][ T7968] overlayfs: overlapping lowerdir path [ 261.952040][ T5831] Bluetooth: hci3: unexpected event for opcode 0x0c5b [ 262.048868][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 262.090527][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 262.105553][ T12] bond0 (unregistering): Released all slaves [ 262.424910][ T7991] loop4: detected capacity change from 0 to 16 [ 262.437280][ T7991] erofs (device loop4): mounted with root inode @ nid 36. [ 262.462666][ T5831] erofs (device loop4): failed to decompress -26 in[46, 0] out[9000] [ 262.485272][ T7991] erofs (device loop4): failed to decompress -26 in[46, 4050] out[8192] [ 262.493856][ T7991] erofs (device loop4): read error -117 @ 1 of nid 89 [ 262.502330][ T30] audit: type=1800 audit(1750915978.162:29): pid=7991 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.457" name="file2" dev="loop4" ino=89 res=0 errno=0 [ 262.959230][ T8008] xt_limit: Overflow, try lower: 687865856/40 [ 263.056194][ T8008] tty tty23: ldisc open failed (-12), clearing slot 22 [ 263.138283][ T5831] Bluetooth: hci1: command tx timeout [ 263.865171][ T12] hsr_slave_0: left promiscuous mode [ 263.931020][ T12] hsr_slave_1: left promiscuous mode [ 263.963624][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 265.157529][ T5831] Bluetooth: hci1: command tx timeout [ 265.850618][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 265.864920][ T8031] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5) [ 265.871742][ T8031] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 266.299144][ T8034] vhci_hcd: connection closed [ 266.301454][ T5831] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 266.314799][ T5831] Bluetooth: hci3: Injecting HCI hardware error event [ 266.323079][ T5831] Bluetooth: hci3: hardware error 0x00 [ 266.331213][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 266.382886][ T8031] vhci_hcd vhci_hcd.0: Device attached [ 266.390364][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 266.406534][ T7440] vhci_hcd: stop threads [ 266.421838][ T7440] vhci_hcd: release socket [ 266.451725][ T7440] vhci_hcd: disconnect device [ 266.485181][ T12] veth1_macvtap: left promiscuous mode [ 266.496710][ T12] veth0_macvtap: left promiscuous mode [ 266.508137][ T12] veth1_vlan: left promiscuous mode [ 266.514211][ T12] veth0_vlan: left promiscuous mode [ 267.433172][ T5843] Bluetooth: hci1: command tx timeout [ 267.887019][ T8055] Bluetooth: hci0: Opcode 0x0c03 failed: -112 [ 268.448064][ T5831] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 269.757721][ T8061] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 270.775930][ T12] team0 (unregistering): Port device team_slave_1 removed [ 271.523188][ T12] team0 (unregistering): Port device team_slave_0 removed [ 271.786797][ T30] audit: type=1326 audit(1750915987.432:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8081 comm="syz.1.481" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbffb98e929 code=0x0 [ 275.504982][ T7934] chnl_net:caif_netlink_parms(): no params data found [ 277.328628][ T7934] bridge0: port 1(bridge_slave_0) entered blocking state [ 277.353725][ T7934] bridge0: port 1(bridge_slave_0) entered disabled state [ 277.386974][ T7934] bridge_slave_0: entered allmulticast mode [ 277.408889][ T7934] bridge_slave_0: entered promiscuous mode [ 277.424873][ T7934] bridge0: port 2(bridge_slave_1) entered blocking state [ 277.444152][ T7934] bridge0: port 2(bridge_slave_1) entered disabled state [ 277.565070][ T7934] bridge_slave_1: entered allmulticast mode [ 277.573156][ T7934] bridge_slave_1: entered promiscuous mode [ 277.735598][ T8138] hub 6-0:1.0: USB hub found [ 277.742718][ T8138] hub 6-0:1.0: 1 port detected [ 277.780754][ T8138] netlink: 12 bytes leftover after parsing attributes in process `syz.1.491'. [ 278.306387][ T8133] loop4: detected capacity change from 0 to 4096 [ 278.368285][ T8133] nilfs2: Unknown parameter 'CdHޮ.-ȁ' [ 279.110180][ T7934] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 279.157171][ T5843] Bluetooth: hci2: command 0x0406 tx timeout [ 279.168985][ T7934] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 279.301059][ T8149] loop1: detected capacity change from 0 to 256 [ 279.350185][ T7934] team0: Port device team_slave_0 added [ 279.365949][ T7934] team0: Port device team_slave_1 added [ 279.442847][ T8149] FAT-fs (loop1): Directory bread(block 64) failed [ 279.463036][ T8149] FAT-fs (loop1): Directory bread(block 65) failed [ 279.473212][ T8149] FAT-fs (loop1): Directory bread(block 66) failed [ 279.493456][ T8149] FAT-fs (loop1): Directory bread(block 67) failed [ 279.566300][ T8149] FAT-fs (loop1): Directory bread(block 68) failed [ 279.581267][ T8149] FAT-fs (loop1): Directory bread(block 69) failed [ 279.591480][ T7934] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 279.602032][ T7934] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 279.628758][ T8149] FAT-fs (loop1): Directory bread(block 70) failed [ 279.635300][ T8149] FAT-fs (loop1): Directory bread(block 71) failed [ 279.651808][ T8149] FAT-fs (loop1): Directory bread(block 72) failed [ 279.659907][ T8149] FAT-fs (loop1): Directory bread(block 73) failed [ 279.667219][ T7934] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 279.703730][ T7934] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 279.719705][ T7934] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 279.747422][ T7934] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 279.932042][ T7934] hsr_slave_0: entered promiscuous mode [ 279.974458][ T7934] hsr_slave_1: entered promiscuous mode [ 280.498498][ T7934] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 280.506182][ T7934] Cannot create hsr debugfs directory [ 281.626999][ T8191] loop1: detected capacity change from 0 to 1024 [ 281.790711][ T8191] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 281.820283][ T30] audit: type=1800 audit(1750915997.482:31): pid=8191 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.504" name="bus" dev="loop1" ino=18 res=0 errno=0 [ 281.889977][ T8191] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:4113: comm syz.1.504: Allocating blocks 385-513 which overlap fs metadata [ 281.933935][ T8191] EXT4-fs (loop1): pa ffff888033cd6828: logic 16, phys. 129, len 24 [ 281.942281][ T8191] EXT4-fs error (device loop1): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 8 [ 282.004508][ T8191] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 2 with max blocks 3 with error 1 [ 282.052067][ T8191] EXT4-fs (loop1): This should not happen!! Data will be lost [ 282.052067][ T8191] [ 282.232834][ T5836] Trying to write to read-only block-device loop1 [ 282.250676][ T5836] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 284.004905][ T8224] loop1: detected capacity change from 0 to 64 [ 285.117956][ T8232] loop0: detected capacity change from 0 to 128 [ 285.193959][ T8232] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback. [ 285.245285][ T8232] ext4 filesystem being mounted at /96/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 285.908099][ T8236] netlink: 132 bytes leftover after parsing attributes in process `syz.1.513'. [ 285.940373][ T5828] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 286.883719][ T7934] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 287.051103][ T7934] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 287.846593][ T8254] hub 6-0:1.0: USB hub found [ 287.851564][ T8254] hub 6-0:1.0: 1 port detected [ 287.859766][ T8254] netlink: 12 bytes leftover after parsing attributes in process `syz.1.516'. [ 287.950062][ T7934] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 289.087483][ T7934] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 289.818434][ T8275] netlink: 12 bytes leftover after parsing attributes in process `syz.0.521'. [ 290.240542][ T8280] 8021q: adding VLAN 0 to HW filter on device bond1 [ 290.408972][ T7934] 8021q: adding VLAN 0 to HW filter on device bond0 [ 290.491918][ T7934] 8021q: adding VLAN 0 to HW filter on device team0 [ 290.553736][ T7444] bridge0: port 1(bridge_slave_0) entered blocking state [ 290.560932][ T7444] bridge0: port 1(bridge_slave_0) entered forwarding state [ 291.194794][ T7444] bridge0: port 2(bridge_slave_1) entered blocking state [ 291.202106][ T7444] bridge0: port 2(bridge_slave_1) entered forwarding state [ 291.459386][ T8297] infiniband syz2: set down [ 291.464037][ T8297] infiniband syz2: added ipvlan1 [ 291.470829][ T8297] syz2: rxe_create_cq: returned err = -12 [ 291.476832][ T8297] infiniband syz2: Couldn't create ib_mad CQ [ 291.483690][ T8297] infiniband syz2: Couldn't open port 1 [ 291.508974][ T8297] RDS/IB: syz2: added [ 291.513259][ T8297] smc: adding ib device syz2 with port count 1 [ 291.519531][ T8297] smc: ib device syz2 port 1 has pnetid [ 292.696091][ T8312] netlink: 152 bytes leftover after parsing attributes in process `syz.1.528'. [ 293.246644][ T8321] loop1: detected capacity change from 0 to 40427 [ 294.303940][ T7934] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 295.126643][ T8342] loop0: detected capacity change from 0 to 1764 [ 295.168341][ T8342] iso9660: Bad value for 'uid' [ 295.202689][ T8342] iso9660: Bad value for 'uid' [ 295.387484][ T8342] sd 0:0:1:0: PR command failed: 1026 [ 295.392951][ T8342] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 295.427611][ T8342] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 295.466978][ T7934] veth0_vlan: entered promiscuous mode [ 295.494534][ T7934] veth1_vlan: entered promiscuous mode [ 295.603990][ T7934] veth0_macvtap: entered promiscuous mode [ 295.635329][ T7934] veth1_macvtap: entered promiscuous mode [ 295.718783][ T7934] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 295.765427][ T7934] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 295.870137][ T7444] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 295.892823][ T7444] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 296.090343][ T7441] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 296.179240][ T7441] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 297.790385][ T1171] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 297.814913][ T1171] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 298.477992][ T7441] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 298.524681][ T8377] loop1: detected capacity change from 0 to 128 [ 298.544933][ T7441] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 298.648889][ T8377] loop1: detected capacity change from 0 to 64 [ 299.482252][ T8383] netlink: 28 bytes leftover after parsing attributes in process `syz.3.543'. [ 299.556438][ T8383] netlink: 28 bytes leftover after parsing attributes in process `syz.3.543'. [ 299.761332][ T8383] bond0: entered promiscuous mode [ 299.793255][ T8383] bond_slave_0: entered promiscuous mode [ 299.837603][ T8383] bond_slave_1: entered promiscuous mode [ 299.895982][ T8383] bond0: left promiscuous mode [ 299.927204][ T8383] bond_slave_0: left promiscuous mode [ 299.960767][ T8383] bond_slave_1: left promiscuous mode [ 301.363007][ T7437] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 301.548975][ T7437] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 301.699494][ T7437] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 302.970850][ T7437] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 304.027219][ T5831] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 304.238102][ T5831] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 304.246865][ T5831] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 304.386160][ T5831] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 304.397310][ T5831] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 305.100836][ T7437] bridge_slave_1: left allmulticast mode [ 305.106547][ T7437] bridge_slave_1: left promiscuous mode [ 305.141820][ T8444] loop1: detected capacity change from 0 to 164 [ 305.284876][ T7437] bridge0: port 2(bridge_slave_1) entered disabled state [ 305.366379][ T7437] bridge_slave_0: left allmulticast mode [ 305.380111][ T7437] bridge_slave_0: left promiscuous mode [ 305.412967][ T7437] bridge0: port 1(bridge_slave_0) entered disabled state [ 306.128760][ T8457] loop0: detected capacity change from 0 to 1024 [ 307.080266][ T5843] Bluetooth: hci1: command tx timeout [ 307.453765][ T8467] loop1: detected capacity change from 0 to 4096 [ 309.260148][ T5843] Bluetooth: hci1: command tx timeout [ 310.615193][ T7437] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 310.667931][ T7437] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 310.739300][ T7437] bond0 (unregistering): Released all slaves [ 310.966412][ T8513] loop0: detected capacity change from 0 to 64 [ 311.311908][ T8513] syz.0.580: attempt to access beyond end of device [ 311.311908][ T8513] loop0: rw=2049, sector=65, nr_sectors = 1 limit=64 [ 311.317275][ T5843] Bluetooth: hci1: command tx timeout [ 311.331241][ T8513] Buffer I/O error on dev loop0, logical block 65, lost async page write [ 311.340645][ T8513] syz.0.580: attempt to access beyond end of device [ 311.340645][ T8513] loop0: rw=2049, sector=66, nr_sectors = 1 limit=64 [ 311.353858][ T8513] Buffer I/O error on dev loop0, logical block 66, lost async page write [ 311.362862][ T8513] syz.0.580: attempt to access beyond end of device [ 311.362862][ T8513] loop0: rw=2049, sector=67, nr_sectors = 1 limit=64 [ 311.376343][ T8513] Buffer I/O error on dev loop0, logical block 67, lost async page write [ 311.385274][ T8513] syz.0.580: attempt to access beyond end of device [ 311.385274][ T8513] loop0: rw=2049, sector=68, nr_sectors = 1 limit=64 [ 311.398903][ T8513] Buffer I/O error on dev loop0, logical block 68, lost async page write [ 311.408141][ T8513] syz.0.580: attempt to access beyond end of device [ 311.408141][ T8513] loop0: rw=2049, sector=72, nr_sectors = 1 limit=64 [ 311.421801][ T8513] Buffer I/O error on dev loop0, logical block 72, lost async page write [ 311.431213][ T8513] syz.0.580: attempt to access beyond end of device [ 311.431213][ T8513] loop0: rw=2049, sector=73, nr_sectors = 1 limit=64 [ 311.444420][ T8513] Buffer I/O error on dev loop0, logical block 73, lost async page write [ 311.453434][ T8513] syz.0.580: attempt to access beyond end of device [ 311.453434][ T8513] loop0: rw=2049, sector=76, nr_sectors = 1 limit=64 [ 311.466899][ T8513] Buffer I/O error on dev loop0, logical block 76, lost async page write [ 311.475795][ T8513] syz.0.580: attempt to access beyond end of device [ 311.475795][ T8513] loop0: rw=2049, sector=77, nr_sectors = 1 limit=64 [ 311.489446][ T8513] Buffer I/O error on dev loop0, logical block 77, lost async page write [ 311.504655][ T8513] syz.0.580: attempt to access beyond end of device [ 311.504655][ T8513] loop0: rw=2049, sector=78, nr_sectors = 760 limit=64 [ 312.116736][ T8519] loop0: detected capacity change from 0 to 256 [ 312.280752][ T8503] loop1: detected capacity change from 0 to 40427 [ 312.450636][ T8525] virtio-fs: tag not found [ 313.233041][ T8532] futex_wake_op: syz.0.586 tries to shift op by 32; fix this program [ 313.398142][ T5843] Bluetooth: hci1: command tx timeout [ 315.235078][ T8554] netlink: 8 bytes leftover after parsing attributes in process `syz.1.592'. [ 315.605721][ T8565] loop0: detected capacity change from 0 to 512 [ 315.744270][ T8565] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 315.791089][ T8565] EXT4-fs (loop0): orphan cleanup on readonly fs [ 315.801425][ T7437] hsr_slave_0: left promiscuous mode [ 315.814767][ T7437] hsr_slave_1: left promiscuous mode [ 315.822770][ T7437] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 315.831356][ T7437] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 315.858936][ T8565] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.594: bg 0: block 248: padding at end of block bitmap is not set [ 315.875011][ T7437] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 315.891357][ T8570] loop1: detected capacity change from 0 to 256 [ 315.900726][ T7437] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 315.911037][ T8570] exfat: Unknown parameter '0xffffffffffffffff' [ 315.952912][ T8565] Quota error (device loop0): write_blk: dquota write failed [ 315.990505][ T7437] veth1_macvtap: left promiscuous mode [ 316.000761][ T8565] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 316.016057][ T7437] veth0_macvtap: left promiscuous mode [ 316.067728][ T8565] EXT4-fs error (device loop0): ext4_acquire_dquot:6933: comm syz.0.594: Failed to acquire dquot type 1 [ 316.180967][ T7437] veth1_vlan: left promiscuous mode [ 316.186342][ T7437] veth0_vlan: left promiscuous mode [ 316.264618][ T8565] EXT4-fs (loop0): 1 truncate cleaned up [ 316.979715][ T8565] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 317.081830][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.085805][ T8565] EXT4-fs error (device loop0): ext4_lookup:1791: inode #2: comm syz.0.594: deleted inode referenced: 12 [ 317.088568][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.399624][ T5828] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 319.513346][ T8597] x_tables: ip_tables: socket match: used from hooks FORWARD, but only valid from PREROUTING/INPUT [ 323.244962][ T7437] team0 (unregistering): Port device team_slave_1 removed [ 323.336507][ T7437] team0 (unregistering): Port device team_slave_0 removed [ 330.365719][ T8429] chnl_net:caif_netlink_parms(): no params data found [ 330.777790][ T8692] netlink: 12 bytes leftover after parsing attributes in process `syz.3.630'. [ 331.332034][ T8708] netlink: 20 bytes leftover after parsing attributes in process `syz.0.631'. [ 331.932356][ T8429] bridge0: port 1(bridge_slave_0) entered blocking state [ 331.962007][ T8429] bridge0: port 1(bridge_slave_0) entered disabled state [ 331.970916][ T8429] bridge_slave_0: entered allmulticast mode [ 331.980189][ T8429] bridge_slave_0: entered promiscuous mode [ 332.004607][ T8708] vlan2: entered promiscuous mode [ 332.009733][ T8708] syz_tun: entered promiscuous mode [ 332.134430][ T8429] bridge0: port 2(bridge_slave_1) entered blocking state [ 332.141728][ T8429] bridge0: port 2(bridge_slave_1) entered disabled state [ 332.150037][ T8429] bridge_slave_1: entered allmulticast mode [ 332.157789][ T8429] bridge_slave_1: entered promiscuous mode [ 332.530196][ T8429] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 332.672667][ T8716] netlink: 8 bytes leftover after parsing attributes in process `syz.4.632'. [ 332.694835][ T8716] netlink: 'syz.4.632': attribute type 5 has an invalid length. [ 332.751078][ T8429] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 332.771304][ T8716] netlink: 20 bytes leftover after parsing attributes in process `syz.4.632'. [ 334.046567][ T8716] geneve2: entered promiscuous mode [ 334.184229][ T8716] geneve2: entered allmulticast mode [ 334.311870][ T8429] team0: Port device team_slave_0 added [ 334.399883][ T7443] netdevsim netdevsim4 netdevsim0: set [1, 1] type 2 family 0 port 256 - 0 [ 334.462748][ T7443] netdevsim netdevsim4 netdevsim1: set [1, 1] type 2 family 0 port 256 - 0 [ 334.495117][ T7443] netdevsim netdevsim4 netdevsim2: set [1, 1] type 2 family 0 port 256 - 0 [ 334.519275][ T8429] team0: Port device team_slave_1 added [ 334.535112][ T7443] netdevsim netdevsim4 netdevsim3: set [1, 1] type 2 family 0 port 256 - 0 [ 334.814781][ T8751] IPVS: sync thread started: state = MASTER, mcast_ifn = geneve0, syncid = 10802, id = 0 [ 334.832192][ T8429] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 334.840746][ T8429] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 334.915004][ T8429] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 334.952355][ T8429] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 334.967045][ T8429] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 336.839476][ T8764] netlink: 16 bytes leftover after parsing attributes in process `syz.4.645'. [ 337.217123][ T8429] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 337.780194][ T8429] hsr_slave_0: entered promiscuous mode [ 337.990944][ T8429] hsr_slave_1: entered promiscuous mode [ 337.997588][ T8429] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 338.005253][ T8429] Cannot create hsr debugfs directory [ 341.918959][ T8815] IPVS: sh: UDP 224.0.0.2:0 - no destination available [ 343.311028][ T8429] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 343.369351][ T8429] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 343.411750][ T8429] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 343.486943][ T8429] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 344.545145][ T8429] 8021q: adding VLAN 0 to HW filter on device bond0 [ 344.646256][ T8429] 8021q: adding VLAN 0 to HW filter on device team0 [ 344.716995][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 344.724200][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 344.812968][ T8429] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 344.857139][ T8429] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 344.973442][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 344.980762][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 345.811796][ T8880] netlink: 20 bytes leftover after parsing attributes in process `syz.4.673'. [ 345.996945][ T8892] ip6tnl1: entered promiscuous mode [ 346.020856][ T8892] ip6tnl1: entered allmulticast mode [ 346.120916][ T8429] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 347.514171][ T8916] geneve3: entered promiscuous mode [ 348.776300][ T8429] veth0_vlan: entered promiscuous mode [ 348.815629][ T8429] veth1_vlan: entered promiscuous mode [ 349.036981][ T8429] veth0_macvtap: entered promiscuous mode [ 349.295517][ T8429] veth1_macvtap: entered promiscuous mode [ 349.324592][ T8429] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 349.358658][ T8429] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 349.936833][ T7444] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 350.027192][ T7444] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 350.128204][ T7444] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 350.144611][ T7444] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 350.326917][ T7442] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 350.345798][ T7442] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 350.448433][ T7448] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 350.491426][ T7448] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 351.161530][ T5843] Bluetooth: hci2: connection err: -111 [ 351.669269][ T7444] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 351.840124][ T7444] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 351.961047][ T7444] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 352.030279][ T7444] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 352.344087][ T7444] bridge_slave_1: left allmulticast mode [ 352.373074][ T7444] bridge_slave_1: left promiscuous mode [ 352.392827][ T7444] bridge0: port 2(bridge_slave_1) entered disabled state [ 457.616984][ C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 457.624008][ C0] rcu: 1-...!: (1 GPs behind) idle=985c/1/0x4000000000000000 softirq=48622/48625 fqs=0 [ 457.634808][ C0] rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P7435/1:b..l [ 457.642817][ C0] rcu: (detected by 0, t=10505 jiffies, g=31113, q=388 ncpus=2) [ 457.650561][ C0] Sending NMI from CPU 0 to CPUs 1: [ 457.650599][ C1] NMI backtrace for cpu 1 [ 457.650640][ C1] CPU: 1 UID: 0 PID: 9023 Comm: syz-executor Not tainted 6.16.0-rc3-next-20250625-syzkaller #0 PREEMPT(full) [ 457.650663][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 457.650681][ C1] RIP: 0010:__sanitizer_cov_trace_cmp8+0x8/0x90 [ 457.650714][ C1] Code: 48 89 44 11 20 e9 58 b3 b1 09 cc 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 8b 04 24 <65> 48 8b 0c 25 08 f0 9f 92 65 8b 15 38 31 e0 10 81 e2 00 01 ff 00 [ 457.650732][ C1] RSP: 0018:ffffc90000a08d00 EFLAGS: 00000046 [ 457.650748][ C1] RAX: ffffffff8b6aa8b8 RBX: ffff8880b8727d10 RCX: ffff888074d89e00 [ 457.650763][ C1] RDX: 0000000000010000 RSI: ffff8880290c2340 RDI: 0000000000000001 [ 457.650775][ C1] RBP: 1ffff11005218468 R08: ffffffff8fa18d37 R09: 1ffffffff1f431a6 [ 457.650789][ C1] R10: dffffc0000000000 R11: fffffbfff1f431a7 R12: ffff8880290c2340 [ 457.650803][ C1] R13: dffffc0000000000 R14: ffff8880290c2340 R15: 0000000000000001 [ 457.650816][ C1] FS: 0000555558b62500(0000) GS:ffff888125d21000(0000) knlGS:0000000000000000 [ 457.650833][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 457.650845][ C1] CR2: 00007f66c460df98 CR3: 0000000052950000 CR4: 00000000003526f0 [ 457.650861][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 457.650872][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 457.650884][ C1] Call Trace: [ 457.650892][ C1] [ 457.650899][ C1] timerqueue_del+0x48/0x100 [ 457.650925][ C1] __hrtimer_run_queues+0x364/0xc60 [ 457.650963][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 457.650988][ C1] ? read_tsc+0x9/0x20 [ 457.651015][ C1] hrtimer_interrupt+0x45b/0xaa0 [ 457.651056][ C1] __sysvec_apic_timer_interrupt+0x10b/0x410 [ 457.651087][ C1] sysvec_apic_timer_interrupt+0xa1/0xc0 [ 457.651123][ C1] [ 457.651129][ C1] [ 457.651136][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 457.651156][ C1] RIP: 0010:__page_table_check_zero+0x40d/0x530 [ 457.651184][ C1] Code: d8 98 8b be 66 03 00 00 48 c7 c2 20 d9 98 8b e8 19 e1 6e ff 48 c7 c7 60 bf 13 8e 4c 89 f6 e8 fa c6 6e ff 48 83 c4 20 5b 41 5c <41> 5d 41 5e 41 5f 5d e9 77 61 78 ff e8 e2 d7 90 ff 49 ff cf e9 47 [ 457.651199][ C1] RSP: 0018:ffffc90003c8f5b0 EFLAGS: 00000286 [ 457.651214][ C1] RAX: f083cd40a1a7da00 RBX: 0000000000000000 RCX: f083cd40a1a7da00 [ 457.651226][ C1] RDX: 0000000000000000 RSI: ffffffff8db80324 RDI: ffffffff8be31c80 [ 457.651239][ C1] RBP: 0000000000000001 R08: ffff88801e40e41f R09: 1ffff11003c81c83 [ 457.651251][ C1] R10: dffffc0000000000 R11: ffffed1003c81c84 R12: fffa8000782da000 [ 457.651265][ C1] R13: 0000000000000001 R14: ffffffff822ee13a R15: 00000000000782da [ 457.651277][ C1] ? __page_table_check_zero+0xba/0x530 [ 457.651313][ C1] post_alloc_hook+0x253/0x2a0 [ 457.651343][ C1] get_page_from_freelist+0x21e4/0x22c0 [ 457.651361][ C1] ? arch_stack_walk+0xfc/0x150 [ 457.651413][ C1] ? __pfx_get_page_from_freelist+0x10/0x10 [ 457.651433][ C1] ? prepare_alloc_pages+0x213/0x610 [ 457.651454][ C1] __alloc_frozen_pages_noprof+0x181/0x370 [ 457.651475][ C1] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 457.651504][ C1] alloc_pages_bulk_noprof+0x560/0x710 [ 457.651526][ C1] ? alloc_pages_noprof+0xbe/0x190 [ 457.651554][ C1] kasan_populate_vmalloc+0xba/0x1a0 [ 457.651580][ C1] alloc_vmap_area+0xd51/0x1490 [ 457.651614][ C1] ? __pfx_alloc_vmap_area+0x10/0x10 [ 457.651638][ C1] ? __kasan_kmalloc+0x93/0xb0 [ 457.651662][ C1] ? __kmalloc_cache_node_noprof+0x234/0x3d0 [ 457.651695][ C1] ? __get_vm_area_node+0x13f/0x300 [ 457.651737][ C1] ? kcov_ioctl+0x55/0x640 [ 457.651756][ C1] __get_vm_area_node+0x1f8/0x300 [ 457.651797][ C1] __vmalloc_node_range_noprof+0x301/0x12f0 [ 457.651825][ C1] ? kcov_ioctl+0x55/0x640 [ 457.651849][ C1] ? __pfx_locks_remove_posix+0x10/0x10 [ 457.651879][ C1] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 457.651910][ C1] ? __pfx_kcov_ioctl+0x10/0x10 [ 457.651928][ C1] vmalloc_user_noprof+0xad/0xf0 [ 457.651956][ C1] ? kcov_ioctl+0x55/0x640 [ 457.651975][ C1] kcov_ioctl+0x55/0x640 [ 457.651994][ C1] ? bpf_lsm_file_ioctl+0x9/0x20 [ 457.652017][ C1] ? __pfx_kcov_ioctl+0x10/0x10 [ 457.652035][ C1] __se_sys_ioctl+0xf9/0x170 [ 457.652059][ C1] do_syscall_64+0xfa/0x3b0 [ 457.652085][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 457.652109][ C1] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 457.652126][ C1] ? clear_bhb_loop+0x60/0xb0 [ 457.652146][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 457.652163][ C1] RIP: 0033:0x7f443d18e52b [ 457.652180][ C1] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00 [ 457.652195][ C1] RSP: 002b:00007ffd7855c780 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 457.652212][ C1] RAX: ffffffffffffffda RBX: 0000000000080000 RCX: 00007f443d18e52b [ 457.652225][ C1] RDX: 0000000000080000 RSI: ffffffff80086301 RDI: 00000000000000d9 [ 457.652237][ C1] RBP: 00007f443d3b6118 R08: 00000000000000d8 R09: 0000000000000000 [ 457.652248][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 457.652259][ C1] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000000 [ 457.652278][ C1] [ 457.652585][ C0] task:kworker/u8:16 state:R running task stack:21160 pid:7435 tgid:7435 ppid:2 task_flags:0x4208060 flags:0x00004000 [ 458.185493][ C0] Workqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet [ 458.193328][ C0] Call Trace: [ 458.196617][ C0] [ 458.199564][ C0] __schedule+0x16f5/0x4d00 [ 458.204101][ C0] ? preempt_schedule_irq+0xb5/0x150 [ 458.209411][ C0] ? __pfx___schedule+0x10/0x10 [ 458.214290][ C0] ? ret_from_fork_asm+0x1a/0x30 [ 458.219250][ C0] ? preempt_schedule_irq+0xaa/0x150 [ 458.224559][ C0] preempt_schedule_irq+0xb5/0x150 [ 458.229706][ C0] ? __pfx_preempt_schedule_irq+0x10/0x10 [ 458.235466][ C0] ? rcu_irq_exit_check_preempt+0xdf/0x210 [ 458.241289][ C0] irqentry_exit+0x6f/0x90 [ 458.245736][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 458.251729][ C0] RIP: 0010:unwind_next_frame+0xc49/0x2390 [ 458.257580][ C0] Code: 39 f8 0f 97 c1 4c 39 e0 0f 96 c0 20 c8 3c 01 0f 85 df 0c 00 00 48 89 df e8 84 23 00 00 48 89 c3 48 bd 00 00 00 00 00 fc ff df <48> 8b 44 24 30 80 3c 28 00 4c 8b 7c 24 18 74 08 4c 89 ff e8 9f 3a [ 458.277189][ C0] RSP: 0018:ffffc90003bbf538 EFLAGS: 00000202 [ 458.283294][ C0] RAX: ffffffff81696c34 RBX: ffffffff81696c34 RCX: 1ffff92000777e01 [ 458.291296][ C0] RDX: ffffffff9030e3aa RSI: 0000000000000002 RDI: ffffc90003bbf660 [ 458.299290][ C0] RBP: dffffc0000000000 R08: 0000000000000001 R09: ffffffff81728c65 [ 458.307278][ C0] R10: ffffc90003bbf668 R11: fffff52000777ed9 R12: ffffc90003bc0000 [ 458.315261][ C0] R13: 1ffff92000777ecf R14: ffffc90003bbf668 R15: ffffc90003bb8000 [ 458.323251][ C0] ? arch_stack_walk+0xe4/0x150 [ 458.328137][ C0] ? unwind_next_frame+0xa5/0x2390 [ 458.333280][ C0] ? arch_stack_walk+0xe4/0x150 [ 458.338174][ C0] ? unwind_next_frame+0xc3c/0x2390 [ 458.343403][ C0] ? unwind_next_frame+0xa5/0x2390 [ 458.348557][ C0] ? __unwind_start+0xf8/0x760 [ 458.353369][ C0] __unwind_start+0x5b9/0x760 [ 458.358080][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 458.364247][ C0] arch_stack_walk+0xe4/0x150 [ 458.368950][ C0] ? __unwind_start+0xf8/0x760 [ 458.373742][ C0] stack_trace_save+0x9c/0xe0 [ 458.378429][ C0] ? __pfx_stack_trace_save+0x10/0x10 [ 458.383822][ C0] ? __lock_acquire+0xab9/0xd20 [ 458.388694][ C0] kasan_save_track+0x3e/0x80 [ 458.393461][ C0] ? batadv_forw_packet_free+0x65/0x1f0 [ 458.399027][ C0] kasan_save_free_info+0x46/0x50 [ 458.404063][ C0] __kasan_slab_free+0x62/0x70 [ 458.408851][ C0] kmem_cache_free+0x18f/0x400 [ 458.413667][ C0] batadv_forw_packet_free+0x65/0x1f0 [ 458.419049][ C0] ? process_scheduled_works+0x9ef/0x17b0 [ 458.424801][ C0] process_scheduled_works+0xade/0x17b0 [ 458.430404][ C0] ? __pfx_process_scheduled_works+0x10/0x10 [ 458.436420][ C0] worker_thread+0x8a0/0xda0 [ 458.441055][ C0] kthread+0x711/0x8a0 [ 458.445139][ C0] ? __pfx_worker_thread+0x10/0x10 [ 458.450266][ C0] ? __pfx_kthread+0x10/0x10 [ 458.454870][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 458.460081][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 458.465289][ C0] ? __pfx_kthread+0x10/0x10 [ 458.469889][ C0] ret_from_fork+0x3fc/0x770 [ 458.474498][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 458.479703][ C0] ? __switch_to_asm+0x39/0x70 [ 458.484498][ C0] ? __switch_to_asm+0x33/0x70 [ 458.489275][ C0] ? __pfx_kthread+0x10/0x10 [ 458.493899][ C0] ret_from_fork_asm+0x1a/0x30 [ 458.498708][ C0] [ 458.501750][ C0] rcu: rcu_preempt kthread starved for 10505 jiffies! g31113 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0 [ 458.512962][ C0] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 458.522945][ C0] rcu: RCU grace-period kthread stack dump: [ 458.528852][ C0] task:rcu_preempt state:R running task stack:27128 pid:16 tgid:16 ppid:2 task_flags:0x208040 flags:0x00004000 [ 458.542378][ C0] Call Trace: [ 458.545680][ C0] [ 458.548633][ C0] __schedule+0x16f5/0x4d00 [ 458.553203][ C0] ? schedule+0x165/0x360 [ 458.557575][ C0] ? __pfx___schedule+0x10/0x10 [ 458.562498][ C0] ? schedule+0x91/0x360 [ 458.566776][ C0] schedule+0x165/0x360 [ 458.571063][ C0] schedule_timeout+0x12b/0x270 [ 458.575936][ C0] ? __pfx_schedule_timeout+0x10/0x10 [ 458.581321][ C0] ? __pfx_process_timeout+0x10/0x10 [ 458.586632][ C0] ? prepare_to_swait_event+0x341/0x380 [ 458.592197][ C0] rcu_gp_fqs_loop+0x301/0x1540 [ 458.597069][ C0] ? __pfx_rcu_gp_init+0x10/0x10 [ 458.602023][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 458.607236][ C0] ? __pfx_rcu_gp_fqs_loop+0x10/0x10 [ 458.612540][ C0] ? _raw_spin_unlock_irq+0x2e/0x50 [ 458.617775][ C0] ? finish_swait+0xcd/0x1f0 [ 458.622380][ C0] rcu_gp_kthread+0x99/0x390 [ 458.627013][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 458.632230][ C0] ? __kthread_parkme+0x7b/0x200 [ 458.637188][ C0] ? __kthread_parkme+0x1a1/0x200 [ 458.642239][ C0] kthread+0x711/0x8a0 [ 458.646320][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 458.651540][ C0] ? __pfx_kthread+0x10/0x10 [ 458.656153][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 458.661360][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 458.666568][ C0] ? __pfx_kthread+0x10/0x10 [ 458.671189][ C0] ret_from_fork+0x3fc/0x770 [ 458.675801][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 458.680944][ C0] ? __switch_to_asm+0x39/0x70 [ 458.685725][ C0] ? __switch_to_asm+0x33/0x70 [ 458.690493][ C0] ? __pfx_kthread+0x10/0x10 [ 458.695090][ C0] ret_from_fork_asm+0x1a/0x30 [ 458.699881][ C0] [ 458.702909][ C0] rcu: Stack dump where RCU GP kthread last ran: [ 458.709259][ C0] CPU: 0 UID: 0 PID: 12 Comm: kworker/u8:0 Not tainted 6.16.0-rc3-next-20250625-syzkaller #0 PREEMPT(full) [ 458.720741][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 458.730819][ C0] Workqueue: events_unbound toggle_allocation_gate [ 458.737362][ C0] RIP: 0010:smp_call_function_many_cond+0xf69/0x12d0 [ 458.744104][ C0] Code: 00 45 8b 2f 44 89 ee 83 e6 01 31 ff e8 60 69 0b 00 41 83 e5 01 49 bd 00 00 00 00 00 fc ff df 75 07 e8 0b 65 0b 00 eb 37 f3 90 <43> 0f b6 04 2c 84 c0 75 10 41 f7 07 01 00 00 00 74 1e e8 f0 64 0b [ 458.763742][ C0] RSP: 0018:ffffc900001176a0 EFLAGS: 00000293 [ 458.769851][ C0] RAX: ffffffff81b45790 RBX: ffff8880b863b180 RCX: ffff88801ce9da00 [ 458.777834][ C0] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 458.785826][ C0] RBP: ffffc90000117800 R08: ffffffff8fa18d37 R09: 1ffffffff1f431a6 [ 458.793819][ C0] R10: dffffc0000000000 R11: fffffbfff1f431a7 R12: 1ffff110170e7f59 [ 458.801828][ C0] R13: dffffc0000000000 R14: 0000000000000001 R15: ffff8880b873fac8 [ 458.809818][ C0] FS: 0000000000000000(0000) GS:ffff888125c21000(0000) knlGS:0000000000000000 [ 458.818759][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 458.825361][ C0] CR2: 00007fff00cd6010 CR3: 000000000df36000 CR4: 00000000003526f0 [ 458.833356][ C0] DR0: 0000000000000000 DR1: 0000000000000097 DR2: 0000000000000000 [ 458.841347][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 458.849326][ C0] Call Trace: [ 458.852623][ C0] [ 458.855583][ C0] ? __pfx_smp_call_function_many_cond+0x10/0x10 [ 458.861928][ C0] ? __pfx_text_poke_memcpy+0x10/0x10 [ 458.867306][ C0] ? kmem_cache_alloc_bulk_noprof+0x148/0x790 [ 458.873400][ C0] ? __pfx___text_poke+0x10/0x10 [ 458.878349][ C0] ? rcu_is_watching+0x15/0xb0 [ 458.883154][ C0] ? trace_contention_end+0x39/0x120 [ 458.888522][ C0] ? __pfx_do_sync_core+0x10/0x10 [ 458.893599][ C0] on_each_cpu_cond_mask+0x3f/0x80 [ 458.898743][ C0] smp_text_poke_batch_finish+0x5e0/0x1100 [ 458.904567][ C0] ? __pfx___mutex_lock+0x10/0x10 [ 458.909620][ C0] ? __pfx_smp_text_poke_batch_finish+0x10/0x10 [ 458.915895][ C0] ? arch_jump_label_transform_queue+0x97/0x110 [ 458.922167][ C0] arch_jump_label_transform_apply+0x1c/0x30 [ 458.928159][ C0] static_key_enable_cpuslocked+0x128/0x250 [ 458.934077][ C0] static_key_enable+0x1a/0x20 [ 458.938864][ C0] toggle_allocation_gate+0xad/0x240 [ 458.944173][ C0] ? __pfx_toggle_allocation_gate+0x10/0x10 [ 458.950090][ C0] ? process_scheduled_works+0x9ef/0x17b0 [ 458.955833][ C0] ? process_scheduled_works+0x9ef/0x17b0 [ 458.961567][ C0] ? process_scheduled_works+0x9ef/0x17b0 [ 458.967302][ C0] process_scheduled_works+0xade/0x17b0 [ 458.972900][ C0] ? __pfx_process_scheduled_works+0x10/0x10 [ 458.978928][ C0] worker_thread+0x8a0/0xda0 [ 458.983622][ C0] kthread+0x711/0x8a0 [ 458.987721][ C0] ? __pfx_worker_thread+0x10/0x10 [ 458.992865][ C0] ? __pfx_kthread+0x10/0x10 [ 458.997474][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 459.002702][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 459.007924][ C0] ? __pfx_kthread+0x10/0x10 [ 459.012531][ C0] ret_from_fork+0x3fc/0x770 [ 459.017157][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 459.022283][ C0] ? __switch_to_asm+0x39/0x70 [ 459.027047][ C0] ? __switch_to_asm+0x33/0x70 [ 459.031817][ C0] ? __pfx_kthread+0x10/0x10 [ 459.036420][ C0] ret_from_fork_asm+0x1a/0x30 [ 459.041205][ C0]