last executing test programs: 6m58.555633692s ago: executing program 3 (id=541): syz_mount_image$ext4(&(0x7f0000000540)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x88, &(0x7f0000000140)={[{@nogrpid}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x68}}, {@errors_remount}, {@nodiscard}, {@quota}]}, 0x3, 0x438, &(0x7f0000000580)="$eJzs289rHFUcAPDv7GZT01+Jpf5oWjVaxeCPpElr7cGLouBBQdBDPcYkLbHbRpoItgSNIvUoBe/iUfAv8KQXUU8Fr3oXoUgurZ5WZncm2d1sfnaTrd3PByb5vpm3vPfNzNt9My8bQNcaSn8kEfsj4veI6K8VGysM1X7dXlqY/GdpYTKJSuXtv5NqvVtLC5N51fx1+/JCT0Th8ySOtmh37srVCxPl8vTlrDw6f/GD0bkrV5+fuThxfvr89KXxM2dOnRx78fT4C23JM83r1uDHs8eOvP7u9Tcnz15/75fvkjz/pjzaZGi9g09VKm1urrMO1MVJTwc7wpYUa8M0StXx3x/FWDl5/fHaZx3tHLCjKpVK5cG1Dy9WgHtYEp3uAdAZ+Qd9ev+bb7s09bgr3Hy5dgOU5n0722pHeqKQ1Sk13d+201BEnF389+t0i515DgEA0OCHdP7zXKv5XyHqnwsdzNZQBiLi/og4FBGnI+JwRDwQUa37UEQ8vMX2mxdJVs9/Dm4rr81K538vZWtbjfO/fPYXA8WsdKCafyk5N1OePpH1bDhKe9Ly2Dpt/Pjqb1+2PJA1kc//0i1tP58LZpX+6tnT+LKpifmJO8m53s1PIwZ7WuWfLK8EJBFxJCIGt9nGzDPfHlvr2NCG+a+jDetMlW8inq6d/8Voyj+XrL8+OXpflKdPjOZXxWq/3rj21lrt31H+bZCe/70tr//l/AeS+vXaua23ce2PL9a8p9k4/9bXf2/yTsO+jybm5y+PRfQmb9Q6Xb9/vKne+Er9NP/h463H/6FY+UscjYj0In4kIh6NiMeyvj8eEU9ExPHVqd3ozYKfX3ny/WpQ2k7+OyvNf2pL538l6I3mPa2D4oWfvm9odGAr+afn/1Q1Gs72bOb9bzP92t7VDAAAAP8/hYjYH0lhZDkuFEZGav/Dfzj2Fsqzc/PPnpv98NJU7TsCA1Eq5E+6+uueh45lt/V5ebypfDJ7bvxVsa9aHpmcLU91OnnocvvWGP+pP4ud7h2w43xfC7qX8Q/dy/iH7mX8Q/dqMf77OtEPYPe1+vz/pAP9AHZf0/i37AddxP0/dC/jH7qX8Q9daa4vNv6SvECwKojCXdENwQ4FnX5nAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAaI//AgAA//9Lr+a0") bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x50) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x240007fd, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000480)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6a) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = fsopen(&(0x7f0000000000)='rpc_pipefs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) r5 = dup(r4) ioctl$KDGETKEYCODE(r5, 0x4b4c, &(0x7f0000000000)={0x4, 0x40}) 6m57.266167909s ago: executing program 3 (id=544): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) openat$sysfs(0xffffffffffffff9c, 0x0, 0x400, 0x40) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000180)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket(0x10, 0x80002, 0x0) openat$ppp(0xffffffffffffff9c, 0x0, 0x161042, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001440)=ANY=[@ANYBLOB="1c0000005e0021a5553f8c6b23cbff07bbbf7f00931c07b2fd"], 0x1c}}, 0x0) recvmmsg$unix(r3, &(0x7f0000002380)=[{{0x0, 0x0, &(0x7f0000001340)=[{&(0x7f00000002c0)=""/4096, 0x1004}], 0x1}}], 0x8, 0x34000, 0x0) 6m55.53847251s ago: executing program 3 (id=546): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) socket$nl_xfrm(0x10, 0x3, 0x6) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_netfilter(0x10, 0x3, 0xc) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) getsockopt$bt_BT_SNDMTU(r6, 0x112, 0xc, 0x0, &(0x7f0000000280)) 6m54.027625169s ago: executing program 3 (id=550): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) prlimit64(0x0, 0xe, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000400)={'wlan1\x00'}) openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x42, 0x0) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000000040)=0x0) timer_settime(r2, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r3 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) listen(r3, 0x1ad72f7) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) accept4$netrom(r3, 0x0, 0x0, 0x80800) 6m52.665699646s ago: executing program 3 (id=552): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) sendmsg$key(0xffffffffffffffff, 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_LINK_RESET_STATS(r3, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x810}, 0x10040) socket$pppoe(0x18, 0x1, 0x0) r4 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_SET_IDENTITY_MAP_ADDR(r4, 0x4008ae48, &(0x7f0000000240)=0xf000) r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f00000002c0)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r5, 0xffffffffffffffff, 0x0) 6m51.401825431s ago: executing program 3 (id=553): socket$tipc(0x1e, 0x2, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x0, 0x0, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x2d) ioctl$AUTOFS_IOC_FAIL(r0, 0x4c80, 0xffffffffffffffb6) 6m35.649718737s ago: executing program 32 (id=553): socket$tipc(0x1e, 0x2, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x0, 0x0, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x2d) ioctl$AUTOFS_IOC_FAIL(r0, 0x4c80, 0xffffffffffffffb6) 18.951541396s ago: executing program 0 (id=1290): syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) capget(0x0, 0x0) recvmsg$unix(0xffffffffffffffff, &(0x7f00000038c0)={0x0, 0x0, 0x0}, 0x40012141) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0}, 0x18) syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f00000000c0)='./file1\x00', 0x200801a, &(0x7f00000005c0)=ANY=[], 0x11, 0x739, &(0x7f0000002c40)="$eJzs3U9v2+YZAPBHttO6HlAU21AUWZqyaQ8JkDqS3Dowehg0mXbYyqJBykWCHYaiSYagTjs0G7B4h66XbjvsI+zQ675Ev8Ru+wy9b5d5ICX5X2w5TRw7634/I+Yr8iHf56UFPX4digoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBrd5Waz1Yhe1t+4mRytu1zkaxO2j4/37b7FhH4jGtW/mJ2N14arXvvp7uZXq2+X4sLw0YWYrRazsfWjV195/yczU+P9JyT0ff17+wl2evBw69OPNzfvfHGCifwvWU37WZlna53VNMnKPFlaXGxeu7FSJitZLy1vlYN0LekWaWeQF8nl7pWktbS0kKTzt/KN/upyp5eOV15/p91sLiYfzK+nnaLM+9c+mC+7N7JeL+uv1jHV5irmevLrz4sPs0EySDtrSXL33uadheOSrIJajxPUPi6o3Wy3W612u7X43tJ715vNmXZzNvataB4Q+3ZJms2Z8ZM2Xhk+t4/sbOroTf84LlFO1dS+R/HHyT/ZE3vthqc1Nar/0Yss+rERNyM59Ksby1FEHmtHbB/5NuIPdeNaOrHfqn7Pjur/uMq/trv5fPXt0uzo0cWj6v8RuZze14N4GFvxaXwcm7EZd+KLM8/odL9WI41+ZFFGHlmsRadek4zWJLEUi7EYzfhV3IiVKCOJlciiF2mUcSvKGERaP6O6UUQanRhEHkUkcTm6cSWSaMVSLMVCJJHGfNyKPDaiH6uxHJ36KHfjXn3eFybkuBPUepyg9oSgUTGvnni1mUd+IWg2Z0bbDqv/13fq/9/q+vDg7VMoTjwfpseNk3vxhqe0Pa7/sb39n+3KWWcEAAAAnLRG/df3xsUXdh6vZL30l2ecFQAAAHCS6kuZLlSLc1Xr9WhU8//mbsALZ5cbAAAAcDIacXH0V4C5eGPYGr8TqmnuDwAAAD8M9f//X6wWc1XrjWjsmf+PTZ1hggAAAMBT+/PuPfa34tB77Jbr1fR/JiIaX63ffLtxv1PFde5PD/ebPnjEwcr5xsujg9SLxZnRo256oTG6++XOTTC/Gy3uHnev/0ZRnHvaBHb/kvHm7eHy9s6Wupe5layXznfz3vut6HRenhqkNwe/++ze7yOq3v/SX3u5EXfvbd6Z/+Tzzdt1Ll9VR/nq/uiOsI3vkctv4/VhzOsvxiMj3orGufqNGKN+54b9NveOfzSW8ZBeeow+vx7HXJobLuf2j3+26rM1f9To5xovjvZ/qpF/PQ5+6/Jbw8UhWbQnZFGfi/be83/gXDxWFvHW8VksjLPYvTPm/iwWnjILgLNyd6cK7a+753bq/yN19wle5U6nun8dl4cxl8/XL6wz5w95RW8eWle2pw/U2Cevbn+PK8OYK+Pgo2psNea/7vTbqvv9ptrhmyP7LXvjE3L/N3Ft6uHWO/fq2DuftdsLi813m8332nGuHsZoUWX6r9mDmb4Uag/A/7VL9fX/kz5j5/CI6d3S3Hg33qyWP9szq65q0k7F+/HOJQXz8Ul8HptxO67W7zaorzg4tN+5PZchXI1Lo2QPn7XO7fmEl6vHzOqGsePfXR4ndvjxMgDwQ3LpmDq8U//Hn8U3jqhL6HDufnXPvHt2d94doxnmgVo+eXa8t5YDAM9GWnzXmBv8qVFUD1pLS63O4EaaFHn3w6TIllfTJOsP0qJ7o9NfTZP1Ih/k3bxXNT7KltMyKTfW1/NikKzkRbKel9nNn0fWS5PRR7+X6VqnP8i65Xov7ZRp0s37g053kCxnZTdZ3/hFLyu/3N7ernYu19NutpJ1O4Ms7ydlvlF00/kkKdN0FHgjLZJsOe0PspWsavaT9SJ7MYpbyUd5b2MtTZbTcrrI1gd5UWcz7ivrr+TFWn3Y+bM+2QDwnHjwcOvTjzc373xxeGM2jtxUN/45efdh46zHCADsN6lKP3L1GQAAAAAAAAAAAAAAcCaOef/fkzcaB9ZMRcQz6Ws8kmcyijNqbH95Kn01dk7dY/10qvATTmP6OTnhjza+2bMmOcEjvxQRz8UAj2uc3WsSAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABzlvwEAAP//p89G/g==") bpf$OBJ_GET_PROG(0x7, &(0x7f0000000080)=@generic={&(0x7f0000000040)='./file1\x00', 0x0, 0x10}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000400)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = add_key$keyring(&(0x7f0000000000), &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff) add_key$user(&(0x7f0000000380), 0x0, &(0x7f0000000440), 0x0, r3) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000680)="0706675823b8a37f19b37e0f9f120663b78a6a322f28cb301825eddc42c667fc68923d7df9f4c1843c5f11b63d2684fff43955079736fa4c80100487c31c09706b6bf145eb1baf416d2681491bd6a309010000001d65b085b4075db8419d9e6d17b1", 0x62, r3) add_key$user(0x0, &(0x7f0000000340)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$dh_compute(0x17, 0x0, &(0x7f0000000240)=""/249, 0xf9, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) getdents64(r4, &(0x7f0000000f80)=""/4096, 0x1000) 17.81396148s ago: executing program 0 (id=1292): socket$netlink(0x10, 0x3, 0x0) socket$pppl2tp(0x18, 0x1, 0x1) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$kcm(0x10, 0x3, 0x10) socket$packet(0x11, 0x2, 0x300) socket(0x1e, 0x805, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$netlink(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) pipe(&(0x7f00000001c0)) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x8000a0ffffffff}, 0x0) 17.675718061s ago: executing program 0 (id=1295): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) openat$sysfs(0xffffffffffffff9c, 0x0, 0x400, 0x40) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket(0x10, 0x80002, 0x0) openat$ppp(0xffffffffffffff9c, 0x0, 0x161042, 0x0) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001440)=ANY=[@ANYBLOB="1c0000005e0021a5553f8c6b23cbff07bbbf7f00931c07b2fd"], 0x1c}}, 0x0) recvmmsg$unix(r3, &(0x7f0000002380)=[{{0x0, 0x0, &(0x7f0000001340)=[{&(0x7f00000002c0)=""/4096, 0x1004}], 0x1}}], 0x8, 0x34000, 0x0) 15.203341712s ago: executing program 1 (id=1299): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x5cda40) ioctl$DRM_IOCTL_GET_CAP(r1, 0xc010640c, &(0x7f0000000000)={0x10}) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x33, &(0x7f0000000040)=0xa, 0x4) listen(0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r5 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000000)=@nat={'nat\x00', 0x1b, 0x2, 0x5a0, 0x4d0, 0x1e0, 0xffffffff, 0x0, 0xf0, 0x4d0, 0x4d0, 0xffffffff, 0x4d0, 0x4d0, 0x5, 0x0, {[{{@ipv6={@loopback, @private2, [], [], 'veth1_virt_wifi\x00', 'tunl0\x00'}, 0x0, 0xa8, 0xf0}, @NETMAP={0x48, 'NETMAP\x00', 0x0, {0x0, @ipv6=@private0, @ipv4=@empty, @port, @icmp_id}}}, {{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @empty, [], [0x0, 0x0, 0x0, 0xff], 'dvmrp1\x00', 'netpci0\x00'}, 0x0, 0xa8, 0xf0}, @MASQUERADE={0x48, 'MASQUERADE\x00', 0x0, {0x4, @ipv6=@private2={0xfc, 0x2, '\x00', 0x1}, @ipv6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @gre_key=0xd, @icmp_id=0x65}}}, {{@uncond, 0x0, 0x1e0, 0x220, 0x0, {}, [@common=@rt={{0x138}, {0x0, [], 0x0, 0x0, 0x0, [@mcast2, @dev, @dev, @loopback, @private2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @private2={0xfc, 0x2, '\x00', 0x1}, @ipv4={'\x00', '\xff\xff', @private=0xa010101}, @local, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @private0, @dev, @mcast2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}], 0xe}}]}, @common=@unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "b10c2b32d88332bae7eeec407d5b77fe6e35fc4922b23a0007d5e70f0891"}}, {{@ipv6={@remote, @local, [], [], 'batadv_slave_0\x00', 'xfrm0\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@CLASSIFY={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x0, 0xfffffffb}}}}, 0x600) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_service_time_recursive\x00', 0x275a, 0x0) r6 = fsopen(&(0x7f0000000000)='bpf\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r6, 0x6, 0x0, 0x0, 0x0) r7 = fsmount(r6, 0x0, 0x0) symlinkat(&(0x7f0000000040)='.\x00', r7, &(0x7f0000000140)='./file0\x00') syz_genetlink_get_family_id$nl80211(0x0, r0) sendmsg$NL80211_CMD_NEW_STATION(r0, 0x0, 0x4000094) 11.33054509s ago: executing program 2 (id=1301): syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) capget(0x0, 0x0) recvmsg$unix(0xffffffffffffffff, &(0x7f00000038c0)={0x0, 0x0, 0x0}, 0x40012141) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0}, 0x18) syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f00000000c0)='./file1\x00', 0x200801a, &(0x7f00000005c0)=ANY=[], 0x11, 0x739, &(0x7f0000002c40)="$eJzs3U9v2+YZAPBHttO6HlAU21AUWZqyaQ8JkDqS3Dowehg0mXbYyqJBykWCHYaiSYagTjs0G7B4h66XbjvsI+zQ675Ev8Ru+wy9b5d5ICX5X2w5TRw7634/I+Yr8iHf56UFPX4digoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBrd5Waz1Yhe1t+4mRytu1zkaxO2j4/37b7FhH4jGtW/mJ2N14arXvvp7uZXq2+X4sLw0YWYrRazsfWjV195/yczU+P9JyT0ff17+wl2evBw69OPNzfvfHGCifwvWU37WZlna53VNMnKPFlaXGxeu7FSJitZLy1vlYN0LekWaWeQF8nl7pWktbS0kKTzt/KN/upyp5eOV15/p91sLiYfzK+nnaLM+9c+mC+7N7JeL+uv1jHV5irmevLrz4sPs0EySDtrSXL33uadheOSrIJajxPUPi6o3Wy3W612u7X43tJ715vNmXZzNvataB4Q+3ZJms2Z8ZM2Xhk+t4/sbOroTf84LlFO1dS+R/HHyT/ZE3vthqc1Nar/0Yss+rERNyM59Ksby1FEHmtHbB/5NuIPdeNaOrHfqn7Pjur/uMq/trv5fPXt0uzo0cWj6v8RuZze14N4GFvxaXwcm7EZd+KLM8/odL9WI41+ZFFGHlmsRadek4zWJLEUi7EYzfhV3IiVKCOJlciiF2mUcSvKGERaP6O6UUQanRhEHkUkcTm6cSWSaMVSLMVCJJHGfNyKPDaiH6uxHJ36KHfjXn3eFybkuBPUepyg9oSgUTGvnni1mUd+IWg2Z0bbDqv/13fq/9/q+vDg7VMoTjwfpseNk3vxhqe0Pa7/sb39n+3KWWcEAAAAnLRG/df3xsUXdh6vZL30l2ecFQAAAHCS6kuZLlSLc1Xr9WhU8//mbsALZ5cbAAAAcDIacXH0V4C5eGPYGr8TqmnuDwAAAD8M9f//X6wWc1XrjWjsmf+PTZ1hggAAAMBT+/PuPfa34tB77Jbr1fR/JiIaX63ffLtxv1PFde5PD/ebPnjEwcr5xsujg9SLxZnRo256oTG6++XOTTC/Gy3uHnev/0ZRnHvaBHb/kvHm7eHy9s6Wupe5layXznfz3vut6HRenhqkNwe/++ze7yOq3v/SX3u5EXfvbd6Z/+Tzzdt1Ll9VR/nq/uiOsI3vkctv4/VhzOsvxiMj3orGufqNGKN+54b9NveOfzSW8ZBeeow+vx7HXJobLuf2j3+26rM1f9To5xovjvZ/qpF/PQ5+6/Jbw8UhWbQnZFGfi/be83/gXDxWFvHW8VksjLPYvTPm/iwWnjILgLNyd6cK7a+753bq/yN19wle5U6nun8dl4cxl8/XL6wz5w95RW8eWle2pw/U2Cevbn+PK8OYK+Pgo2psNea/7vTbqvv9ptrhmyP7LXvjE3L/N3Ft6uHWO/fq2DuftdsLi813m8332nGuHsZoUWX6r9mDmb4Uag/A/7VL9fX/kz5j5/CI6d3S3Hg33qyWP9szq65q0k7F+/HOJQXz8Ul8HptxO67W7zaorzg4tN+5PZchXI1Lo2QPn7XO7fmEl6vHzOqGsePfXR4ndvjxMgDwQ3LpmDq8U//Hn8U3jqhL6HDufnXPvHt2d94doxnmgVo+eXa8t5YDAM9GWnzXmBv8qVFUD1pLS63O4EaaFHn3w6TIllfTJOsP0qJ7o9NfTZP1Ih/k3bxXNT7KltMyKTfW1/NikKzkRbKel9nNn0fWS5PRR7+X6VqnP8i65Xov7ZRp0s37g053kCxnZTdZ3/hFLyu/3N7ernYu19NutpJ1O4Ms7ydlvlF00/kkKdN0FHgjLZJsOe0PspWsavaT9SJ7MYpbyUd5b2MtTZbTcrrI1gd5UWcz7ivrr+TFWn3Y+bM+2QDwnHjwcOvTjzc373xxeGM2jtxUN/45efdh46zHCADsN6lKP3L1GQAAAAAAAAAAAAAAcCaOef/fkzcaB9ZMRcQz6Ws8kmcyijNqbH95Kn01dk7dY/10qvATTmP6OTnhjza+2bMmOcEjvxQRz8UAj2uc3WsSAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABzlvwEAAP//p89G/g==") bpf$OBJ_GET_PROG(0x7, &(0x7f0000000080)=@generic={&(0x7f0000000040)='./file1\x00', 0x0, 0x10}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000400)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = add_key$keyring(&(0x7f0000000000), &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff) add_key$user(&(0x7f0000000380), 0x0, &(0x7f0000000440), 0x0, r3) add_key$user(0x0, &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000680)="0706675823b8a37f19b37e0f9f120663b78a6a322f28cb301825eddc42c667fc68923d7df9f4c1843c5f11b63d2684fff43955079736fa4c80100487c31c09706b6bf145eb1baf416d2681491bd6a309010000001d65b085b4075db8419d9e6d17b1", 0x62, r3) add_key$user(0x0, &(0x7f0000000340)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$dh_compute(0x17, 0x0, &(0x7f0000000240)=""/249, 0xf9, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) getdents64(r4, &(0x7f0000000f80)=""/4096, 0x1000) 11.32900148s ago: executing program 0 (id=1311): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(r0, 0x8, &(0x7f00000002c0)=0x2) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="58000000030801030000000000000000030000013c0004800800014000000003080001400000001e08000240f7fffff9080002400000000b0800014000010001080001400000000608000240000000010500030088"], 0x58}, 0x1, 0x0, 0x0, 0x20000000}, 0x20000000) r3 = socket(0xa, 0x6, 0x0) r4 = syz_io_uring_setup(0x126b, &(0x7f00000006c0), 0x0, 0x0) io_uring_register$IORING_REGISTER_FILES_UPDATE(r4, 0x6, 0x0, 0x0) setsockopt$IP_VS_SO_SET_ADD(r3, 0x0, 0x482, 0x0, 0x0) setsockopt$IP_VS_SO_SET_FLUSH(r3, 0x0, 0x485, 0x0, 0x0) r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) getsockopt$bt_BT_CHANNEL_POLICY(r5, 0x112, 0x4, 0x0, &(0x7f00000000c0)) connect$inet6(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x40040, 0x0, 0x0) 11.32863914s ago: executing program 1 (id=1303): syz_open_dev$hiddev(&(0x7f0000000000), 0x8, 0x40000) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = open(&(0x7f00000000c0)='.\x00', 0x10000, 0x0) getdents(r0, &(0x7f0000001fc0)=""/184, 0xb8) lseek(0xffffffffffffffff, 0x9, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x20000045, 0x0, 0x0) pipe(&(0x7f0000000d00)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$inet_udp(0x2, 0x2, 0x0) lseek(r3, 0x7, 0x2) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x18) close(r3) r4 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) sendmmsg$inet(r4, &(0x7f0000000500)=[{{&(0x7f0000000080)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='p'], 0x70}}], 0x1, 0x2000c044) r5 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000001100010100"/20, @ANYRES32=r6], 0x20}}, 0x0) write$binfmt_misc(r2, &(0x7f0000000240), 0xfffffecc) splice(r1, 0x0, r3, 0x0, 0x714f, 0x0) 9.798227379s ago: executing program 4 (id=1304): socket$netlink(0x10, 0x3, 0x0) socket$pppl2tp(0x18, 0x1, 0x1) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$kcm(0x10, 0x3, 0x10) socket$packet(0x11, 0x2, 0x300) socket(0x1e, 0x805, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$netlink(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) pipe(&(0x7f00000001c0)) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x8000a0ffffffff}, 0x0) 9.753707649s ago: executing program 0 (id=1306): sendmsg$NL80211_CMD_START_NAN(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x8}, 0x4004000) syz_io_uring_setup(0x186, &(0x7f0000000080)={0x0, 0x3416, 0x13100}, &(0x7f0000000100), &(0x7f0000000000)) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f0000000100)={{0x4, 0xdddd1000, 0x0, 0x2, 0x4, 0x0, 0x0, 0x2, 0x0, 0x8, 0x9, 0x10}, {0xffff1000, 0xd000, 0xc, 0x8, 0x0, 0x0, 0x0, 0x0, 0x7, 0x7, 0x0, 0xfe}, {0x3000, 0x5000, 0xc, 0x0, 0x7, 0x4, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfc}, {0x3000, 0xd000, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0xfe, 0x0, 0x4}, {0xdddd0000, 0x3000, 0x9, 0x0, 0xff, 0x4, 0x6, 0xe, 0x0, 0x3c}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x80}, {0xdddd1000, 0x0, 0xa, 0x6, 0x0, 0x0, 0x3}, {0x0, 0x3000, 0x0, 0x0, 0x1, 0x1, 0x83, 0xa, 0x26, 0x5}, {0x80a0000}, {0xdddd1000, 0xff}, 0xddf8ffdb, 0x0, 0x0, 0x70, 0xfffffffffffffffe, 0xd801, 0x0, [0x0, 0x0, 0x1]}) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r4) r5 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r4, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c) listen(r5, 0x0) r6 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$sock_int(r6, 0x1, 0x8, &(0x7f0000000140), 0x4) connect$inet(r6, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) r7 = accept(r4, 0x0, 0x0) sendmsg$TEAM_CMD_OPTIONS_SET(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[], 0xfffffdef}}, 0x1) recvfrom(r6, &(0x7f0000000180)=""/60, 0xfffffffffffffecb, 0x4100, 0x0, 0x0) 9.752936019s ago: executing program 2 (id=1307): bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000640)=@newtaction={0x328, 0x30, 0x9, 0x0, 0x25dfdbff, {}, [{0x314}]}, 0x328}, 0x1, 0x0, 0x0, 0x814}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xb058}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) ioctl$KDGKBDIACR(0xffffffffffffffff, 0x4b4b, 0x0) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet6(0xa, 0x3, 0x6) setsockopt$inet6_buf(r3, 0x29, 0x39, &(0x7f0000000040)="ff02040000ffffffffffffffff1f2be82db1af0000000000", 0x18) connect$inet6(r3, &(0x7f0000000080)={0xa, 0x4e2b, 0x7, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x6}, 0x1c) sendmmsg$inet6(r3, &(0x7f0000002940)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}}], 0x62, 0x0) r4 = socket$rxrpc(0x21, 0x2, 0xa) bind$rxrpc(r4, &(0x7f0000000000)=@in4={0x21, 0x4, 0x2, 0x10, {0x2, 0x0, @empty}}, 0x24) listen(r4, 0x4) close_range(0xffffffffffffffff, r4, 0x0) r5 = syz_open_dev$usbfs(&(0x7f0000000000), 0x1ff, 0x402) ioctl$USBDEVFS_CONTROL(r5, 0xc0185500, &(0x7f0000000040)={0x23, 0x3, 0x5, 0x6, 0x0, 0x5, 0x0}) 7.517919787s ago: executing program 2 (id=1308): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) mremap(&(0x7f0000532000/0x3000)=nil, 0x3000, 0x1000, 0x3, &(0x7f0000190000/0x1000)=nil) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f0000000140)={'batadv0\x00', 0x0}) r5 = syz_genetlink_get_family_id$batadv(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$BATADV_CMD_SET_MESH(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000040)={0x24, r5, 0x1, 0xfffffffe, 0x25dfdbfe, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r4}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0x48000}, 0x0) socket$nl_route(0x10, 0x3, 0x0) add_key$user(0x0, &(0x7f0000000140)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffff9) socket$nl_generic(0x10, 0x3, 0x10) syz_emit_ethernet(0x82, &(0x7f0000000040)=ANY=[@ANYBLOB="ffffffffffff1704b45adbde0800450000740000000000019078ac1e0001ac1414aa0c009078e00000e0460000000000000000110000ac1414aaac141400830300070300443c0003c7010133000000"], 0x0) add_key(&(0x7f0000000180)='cifs.idmap\x00', 0x0, 0x0, 0x0, 0xfffffffffffffff9) add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, 0x0, &(0x7f00000003c0)=""/232, 0xe8, &(0x7f00000005c0)={0x0, &(0x7f0000000500)="c8c8433ce3828e571533", 0xa}) r6 = openat$binfmt_register(0xffffff9c, &(0x7f00000001c0), 0x1, 0x0) write$binfmt_register(r6, &(0x7f0000000740)={0x3a, 'syz0', 0x3a, 'M', 0x3a, 0x7, 0x3a, '#%\\h*@#Lw\x9e5\x9f6k\x886\xafm\xa0\b\x81\xdc\xd1\x8f\x93r2\x0eeu}\xf7\"\xbd&-~\xeahJ\xee\'X\x9a\xd4\xfeI6\xd9\x1b\xc8\x14.\xfa\xb8\x03\x16\x96\x11\xa8\x90{\xc5\xe2\xf1u\xd1\xca\x8a>\xc3\x84\xd3\xcf\xa7\x1f\xc1\xb5\x12\xd0\x1e\x98\xce+\x12\xaex{\x91\xc7bw\xcaC\xe1/\x19\xfei\xf0\xa2\x9c3\xee/\xcf\xdew \x1c\xc7=\xfb\xb8\x88\x132\xf9\xbf7K\x8d\x16\xa6\xbf4\v\xces\xa4\x13\xb1\x14\x89\xa0\x14P\x97\x81%)\xa1\x0e)2a2\xa2\xef\f\xef\x8a\x95\xdd\xac\xab\xff#T}`\x88r\xb3\xd8\x19\x06\xde\xb7\xf0GR.?i|\xafhs\x1d\xdc\x12\x85!\xaaqg\x10\xec\x1b\xcb\xfc6\xba\xde\x13\xdf\xc6Z+\r\xb4\x9a\xe8V1\x82\xce\xdd\xddx\xe7H\xa3N\x92\xdb\xaa\xdbe\xc1\x05P\b<\x1e\xd6\x92\x89\xaa\xbe\xda\\|\xcf\xaf$.\x10\x8d\x9aie\xd3W\x1e\xd2L\xfa\xcc\xfb\xc2\x90\x99\xa9\x9f\xcd\xfasX\x9d\xbb\x8f\x1a\xdd\x05\xdc\xb8\xc7\xb4v\x1f\xe3\xb6)\x1dM\x1e\xf9\x97\xffLW\x82\t\xf7\xb4\xe2fP\b\n\xdd\x03\x9d&\xd2\xce0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r6, 0x0, 0x0, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r7 = syz_genetlink_get_family_id$ethtool(&(0x7f00000002c0), r3) sendmsg$ETHTOOL_MSG_CHANNELS_GET(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)={0x20, r7, 0x3e8c4ddb697c9f8f, 0x2, 0x0, {0x4}, [@HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}]}, 0x20}}, 0x2000c090) 7.139659441s ago: executing program 4 (id=1310): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000080)='sched_switch\x00', r3, 0x0, 0x7}, 0x18) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(0xffffffffffffffff, 0x4058534c, &(0x7f0000000300)={0xfffffffd, 0x0, 0x99, 0x1, 0x0, 0x6}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x3, &(0x7f00000002c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x3, &(0x7f00000002c0)=ANY=[], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r4 = socket$kcm(0x21, 0x2, 0xa) sendmsg$kcm(r4, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in6={0x21, 0xfffc, 0x2, 0x1c, {0xa, 0x0, 0x4, @dev}}, 0x80, 0x0, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000001001000001000000dc00000037"], 0x18, 0x11000000}, 0xfc00) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x0, &(0x7f0000000040)}) r5 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r5}, 0x18) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f00000003c0)={0x0, 0x0}, 0x10) r6 = socket(0x10, 0x3, 0x0) chmod(0x0, 0x25) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=@newqdisc={0x34, 0x24, 0x3fe3aa0262d8c583, 0x70bd2c, 0x0, {0x0, 0x0, 0x0, r7, {0x0, 0xf}, {0xffff, 0xffff}, {0x6}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x4, 0x8002}}]}, 0x34}, 0x1, 0x0, 0x0, 0x2}, 0x2000400c) 4.234899228s ago: executing program 1 (id=1312): r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000080), 0x22002, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r1, 0x0, 0x0) syz_open_procfs(0x0, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001c40)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2ed0300000000000000af99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14008c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000006da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c4159b364a4fd7013f34db173a4fdacf15229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4978ea8e4aa37014191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be867a28f09c5877fc2355ecdc9c30dcb2d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff3a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb357b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50265a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d9a0e06da200481cde8bf475bc3e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a00"/3590], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x2e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r2}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f0000000380)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdir(&(0x7f0000000440)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f00000004c0)='cgroup2\x00', 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mount$overlay(0x0, 0x0, &(0x7f0000000080), 0x0, &(0x7f0000000480)={[{@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000000140)='./bus\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.controllers\x00', 0x275a, 0x0) ioctl$FBIOBLANK(r0, 0x4611, 0x2) 4.234688868s ago: executing program 4 (id=1313): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000040)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) r3 = memfd_secret(0x0) setresuid(0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0xa, 0x11, r3, 0x0) ftruncate(r3, 0x51a9497) pipe(&(0x7f0000000000)) socket$tipc(0x1e, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x50) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000e, 0x20c44fb6edc09a38, 0xffffffffffffffff, 0xfffff000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00'}, 0x10) r4 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000240)={0x14, 0x2d, 0x1, 0x0, 0x0, "", [@nested={0x4, 0x11}]}, 0x14}], 0x1}, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'lo\x00'}) 4.233959168s ago: executing program 0 (id=1321): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f0000000040)=0x1, 0x4) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000280)={0xffffffffffffffff, 0x58, &(0x7f0000000400)}, 0x10) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x880) connect$inet(r3, &(0x7f0000001980)={0x2, 0x1, @loopback}, 0x10) r4 = socket(0x40000000015, 0x5, 0x0) sendto$inet(r4, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x2, 0x10, @rand_addr=0x64010106}, 0x10) ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f00000000c0)={0x7ff, 0x4, {r0}, {0xee01}, 0x9, 0x9}) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r5 = syz_open_procfs(0x0, &(0x7f0000000580)='net/tcp6\x00') write$FUSE_NOTIFY_DELETE(r5, &(0x7f00000003c0)=ANY=[@ANYRESDEC=0x0], 0x2b) ioctl$VIDIOC_SUBDEV_G_EDID(0xffffffffffffffff, 0xc0285628, &(0x7f0000000080)={0x0, 0x1, 0x3, '\x00', &(0x7f0000000040)}) r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r6, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x11, 0x9, 0x0, &(0x7f0000000640)='syzkaller\x00', 0xfffffff6, 0x71, &(0x7f0000000680)=""/113, 0x41100, 0x38, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000700)={0x3, 0x3}, 0x8, 0x10, &(0x7f0000000740)={0x3, 0x8000009, 0x2a211361, 0x2}, 0x10, 0x0, 0x0, 0x4, &(0x7f0000000780)=[0xffffffffffffffff, 0xffffffffffffffff, 0x1], &(0x7f00000007c0)=[{0x4, 0x1, 0xe, 0x9}, {0x0, 0x5, 0x3, 0x3}, {0x0, 0x8, 0xd, 0xa}, {0x4, 0x2, 0x4003, 0x1}], 0x10, 0x0, @void, @value}, 0x94) 4.233206298s ago: executing program 2 (id=1314): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000040)={0x100000011, @multicast2, 0x0, 0x0, 'lblc\x00', 0x28, 0x85, 0x68}, 0x2c) io_uring_setup(0x7884, &(0x7f0000000a40)={0x0, 0xe18a, 0x2, 0xfffffffe, 0x3bd}) r1 = syz_init_net_socket$ax25(0x3, 0x5, 0xce) bind$vsock_stream(r1, 0x0, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(0xffffffffffffffff, 0xc01064b5, 0x0) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) ioctl$DRM_IOCTL_MODE_SETCRTC(0xffffffffffffffff, 0xc06864a2, &(0x7f0000001300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x3, {0x8001, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffd, 0x7fff, 0x0, 0x0, 0x0, 0x0, 0x0, "b4bc323ef77d1f000071849800000000deff00000000e6ffffff00"}}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x1400200bce) ioctl$sock_ipv6_tunnel_SIOCDEL6RD(0xffffffffffffffff, 0x89fa, &(0x7f0000000280)={'sit0\x00', 0x0}) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000001240)={{r2}, &(0x7f00000001c0), &(0x7f0000001200)='%pI4 \x00'}, 0x20) r3 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0) read$msr(r3, &(0x7f0000002700)=""/102392, 0x18ff8) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001700)=ANY=[@ANYBLOB="1800000024000103000000000000000001"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r4, &(0x7f00000029c0)={0x0, 0x31000000, &(0x7f0000000100)={&(0x7f0000000040)={0x1c, 0x10, 0x701, 0x0, 0x0, {0xa}, [@typed={0x6, 0x1, 0x0, 0x0, @str='\x15\x00'}]}, 0x1c}}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000000200), 0x0, 0x2000, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(0xffffffffffffffff, 0xc01064b5, &(0x7f0000000180)={&(0x7f00000000c0)=[0x0], 0x1}) 3.798665023s ago: executing program 2 (id=1315): r0 = socket$inet_sctp(0x2, 0x1, 0x84) syz_mount_image$udf(&(0x7f0000000080), &(0x7f0000000180)='./file1\x00', 0x4040, &(0x7f00000015c0)=ANY=[@ANYBLOB='lastblock=00000000000000000000,umask=00000000000000000000002,dmode=00000000000000000077777,novrs,shortad,shortad,undelete,iocharset=cp437,shortad,umask=00000000000000000000006,dmode=00000000000000000000011,fileset=00000000000000000011,uid=', @ANYRES8=0x0, @ANYRESDEC=0x0, @ANYBLOB="cdf7c0c4ada580d5d36bd90806b670b73bb5112f75ca483652cf9b8a22555c3af34a84c5747ac51aa890ca205a0f27d7dde81ad3a01f21810b6de2d56be05416c54e1c6e8459e1643b129327581f7716b38db3d3f3bbeb6d1b846a2aad654e1795850a1f82ac738387d9c3009d18eb2a78258fcc4ac4eb6a12a5650e10ebf077d9ab33f24de7cbffe0", @ANYRESHEX], 0x2, 0xc3f, &(0x7f0000001780)="$eJzs3U9sHNd9B/DfGy3FpdxWTOwoThoXm7ZIZcVy9S+mYhXuqqbZBpBlIRRzC8CVSKkLUyRBUo1spAXTSw89BCiKHnIi0BoFUjQwmiLokWldILn4UOTUE9HCRlD0wBYBcgoYzOxbcUWRNi3+EWV9Prb43Z19b+a9eesZWdCbFwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAxB+8cvHU6fSwWwEA7KfLo189dcb9HwAeK1f9/z8AAAAAAAAAAAAAABx0KYp4MlLMXl5N49X7jvqldt/tO2PDI5tXG0hVzUNV+fJX/fSZs+e+9MLQ+W5eak9/QP3d9tl4bfTqxcbLM7dm5ybn5ycnGmPT7eszE5Pb3sNO6290ojoBjVuv3564cWO+ceb5s/d8fGfw/f4njg1eGHr25DPdsmPDIyOj60XqveVrD9yQjq1meByOIk5Giue+99PUiogidn4u6vs79hsNVJ04UXVibHik6shUuzW9UH54pXsiiohGT6Vm9xxtPhZR69vXPmytGbFYNr9s8Imye6OzrbnWtanJxpXW3EJ7oT0zfSV1Wlv2pxFFnE8RSxGx0n//7vqiiFqk+M7R1XQtIg51z8MXq4nBW7ej2MM+bkPZzkZfxFLxCIzZAdYfRbwaKX72zvG4nq8z1bXmCxGvlvmDiLfKfCkilV+McxHvbfI94tFUiyL+shz/C6tporoedK8rl77W+Mr0jZmest3ryke8P9x3pXhI94eBDbk/7rs2Ha1+HpRrUz2KaFVX/NX04L/ZAQAAAAAAAAAAAAAAAGC3DUQRn4kUr/zHn1TziqOal370wtAfDv5q75zxpz9kP2XZ5yNisdjenNzDeWLglXQlpYc8l/hxVo8i/jTP//vWw24MAAAAAAAAAAAAAAAAAADAY62In0SKF989npaid03x9vTNxtXWtanOqrDdtX+7a6avra2tNVInmznHcy7mXMq5nHMlZxS5fs5mzvGcizmXci7nXMkZh3L9nM2c4zkXcy7lXM65kjNquX7OZs7xnIs5l3Iu51zJGQdk7V4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgI+TIor4RaT49jdWU6SIaEaMRyeX+x926wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAUn8q4vuRovFHzbvbahGRqn87jpc/zkXzcJmfjOZQmS9F82LOVpW15rceQvvZmb5UxI8jRX/97bsDnse/r/Pu7tcg3vrm+rvP1jp5qPvh4Pv9Txw7emFo5Dee3up12qwBJy61p2/faYwNj4yM9myu5aN/smfbYD5usTtdJyLm33jz9dbU1OTcg78ovwIPUr0c4Z0ffT9fpNqD9dSLR/RF1A5EMx5O33kMlPf/9yLF7777n90bfuf+X49f6by7e4ePn//Z+v3/xY072ub9v7axXr7/l/f0ze7/T/ZsezH/bqSvFlFfuDXbdyyiPv/Gmyfbt1o3J29OTp87derLQ0NfPnuq73BE/UZ7arLn1a6cLgAAAAAAAAAAAAAAAID9k4r4/UjR+vFqakTEnWq+1uCFoWdPPnMoDlXzre6Zt/3a6NWLjZdnbs3OTc7PT040xqbb12cmJrd7uHo13WtseGRPOvOhBva4/QP1l2dm35hr3/zjhU0/P1K/eG1+Ya51ffOPYyCKiGbvlhNVg8eGR6pGT7Vb01XVK5tOpv/o+lIR/xUprp9rpM/nbXn+/8YZ/vfM/1/cuKM9mv//iZ5t5TFTKuLnkeJ3/urp+HzVziNx3znL5f4uUpw4/7lcLg6X5bpt6DxXoDMzsCz7f5Hin35xb9nufMgn18ue3vaJfUSU4380Unz/L74bv5m33fv8h83H/8jGHe3R+D/Vs+3IPc8r2HHXyeN/MlK89OTb8Vt52wc9/6P77I3jufDd53Ps0fh/qmfbYD7ub+9O1wEAAAAAAAAAAB5pfamIv48UPxyppRfytu38/b+JjTvao7//9emebRO7s17Rh77Y8UkFAAAAgAOiLxXxk0hxc+Htu3Oo753/3TP/8/fW538Opw2fVn/O92vVcwN288//eg3m447vvNsAAAAAAAAAAAAAAAAAAABwoKRUxAt5PfXxaj7/xJbrqS9Hilf+57lcLh0ry3XXgR+sftYvz0yfvDg1NXO9tdC6NjXZGJ1tXZ8s6z4VKVb/9nO5blGtr95db76zxvv6WuxzkWLkH7plO2uxd9cmf2q97Omy7CcixX//471lu+tYf2q97Jmy7N9Eiq//y+Zlj62XPVuW/W6k+NHXG92yR8qy3eejfnq97PPXZ4o9GBUAAAAAAAAAAAAAAAAAAAAeN32piD+PFP97a+nuXP68/n9fz9vKW9/sWe9/gzvVOv+D1fr/W71+kPX/q+cKLG51VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+HhKUcSbkWL28mpa7i/fd9Qvtadv3xkbHtm82kCqah6qype/6qfPnD33pReGznfzg+vvts/Ea6NXLzZenrk1Ozc5Pz850Ribbl+fmZjc9h52Wn+jE9UJaNx6/fbEjRvzjTPPn73n4zuD7/c/cWzwwtCzJ5/plh0bHhkZ7SlT63vgo98nbbH9cBTx15Hiue/9NP2wP6KInZ+L+747u9iPbRioOnGi6sTY8EjVkal2a3qh/PBK90QUEY2eSs3uOdqHsdiRZsRi2fyywSfK7o3OtuZa16YmG1dacwvthfbM9JXUaW3Zn0YUcT5FLEXESv/9u+uLIl6PFN85upr+tT/iUPc8fPHy6FdPndm6HcUe9nEbynY2+iKWikdgzA6w/ijinyPFz945Hv/WH1GLzq/4QsSrZf4g4q3ojHcqvxjnIt7b5HvEo6kWRfx/Of4XVtM7/flSXV1XLn2t8ZXpGzM9ZbvXlV2/P+yvgX092gG/NtWjiB9VV/zV9O/+uwYAAAAAAAAAAAAAAAA4QIr49Ujx4rvHUzU/+O6c4vb0zcbV1rWpzrS+7ty/7pzptbW1tUbqZDPneM7FnEs5l3Ou5Iwi18/ZLLO+tjae3y/mXMq5nHMlZxzK9XM2c47nXMy5lHM550rOqOX6OZs5x3Mu5lzKuZxzJec+z2cHAAAAAAAAAAAAAAAAAAAeE0X1T4pvf2M1rfV31pcej04uWw/0Y++XAQAA//8acfcO") prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)={0x2c, 0x9, 0x6, 0x201, 0x0, 0x0, {0x2}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x4}]}, 0x2c}, 0x1, 0x0, 0x0, 0x10000082}, 0x80) prctl$PR_SET_IO_FLUSHER(0x43, 0x1) gettid() r3 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r3, 0x84, 0x10, &(0x7f0000000080)=@sack_info={0x0, 0x6, 0x1}, 0xc) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r4, 0x84, 0x76, &(0x7f00000003c0)={0x0, 0x7}, 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) sendmmsg$inet6(r4, &(0x7f0000000b40)=[{{&(0x7f0000000180)={0xa, 0x4e23, 0x7, @loopback}, 0x1c, &(0x7f0000002180)=[{&(0x7f0000000140)="e9", 0x1}], 0x1}}], 0x1, 0x600c000) syz_open_procfs(0x0, &(0x7f0000000240)='mountinfo\x00') mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) umount2(&(0x7f0000000040)='.\x00', 0x2) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r4, 0x84, 0x77, &(0x7f0000000100)=ANY=[@ANYBLOB], 0xc) r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) getsockopt$inet_IP_IPSEC_POLICY(r5, 0x0, 0x10, 0x0, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) 3.581399196s ago: executing program 4 (id=1316): syz_open_dev$video(&(0x7f0000000000), 0x9, 0x40400) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$rds(0x15, 0x5, 0x0) bind$rds(r3, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) sendmsg$rds(r3, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000240), 0x0, 0x400c8c5}, 0x0) r4 = add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mkdir(0x0, 0x0) mount$overlay(0x0, 0x0, &(0x7f0000000340), 0x0, &(0x7f0000000240)) setgroups(0x0, 0x0) close(r3) mkdirat(0xffffffffffffff9c, 0x0, 0x0) keyctl$get_persistent(0x16, 0x0, r4) r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) fcntl$notify(r5, 0x402, 0x4) 2.072945834s ago: executing program 1 (id=1317): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(r0, 0x8, &(0x7f00000002c0)=0x2) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="58000000030801030000000000000000030000013c0004800800014000000003080001400000001e08000240f7fffff9080002400000000b0800014000010001080001400000000608000240000000010500030088"], 0x58}, 0x1, 0x0, 0x0, 0x20000000}, 0x20000000) r3 = socket(0xa, 0x6, 0x0) r4 = syz_io_uring_setup(0x126b, &(0x7f00000006c0), 0x0, 0x0) io_uring_register$IORING_REGISTER_FILES_UPDATE(r4, 0x6, 0x0, 0x0) setsockopt$IP_VS_SO_SET_ADD(r3, 0x0, 0x482, 0x0, 0x0) setsockopt$IP_VS_SO_SET_FLUSH(r3, 0x0, 0x485, 0x0, 0x0) r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) getsockopt$bt_BT_CHANNEL_POLICY(r5, 0x112, 0x4, 0x0, &(0x7f00000000c0)) connect$inet6(0xffffffffffffffff, 0x0, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x40040, 0x0, 0x0) 2.062806245s ago: executing program 4 (id=1318): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000040)) sendmsg$NFC_CMD_DEV_DOWN(r1, 0x0, 0x40000) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000380)=0x7) r3 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) setsockopt$RDS_RECVERR(0xffffffffffffffff, 0x114, 0x1d, 0x0, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r6 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r6}, 0x10) r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r7, 0x800448d2, &(0x7f00000000c0)="fc") sendmsg$ETHTOOL_MSG_LINKINFO_SET(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000080)={0x3c, r2, 0x1, 0x70bd28, 0x25dfdbfc, {}, [@ETHTOOL_A_LINKINFO_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_LINKINFO_PHYADDR={0x5}, @ETHTOOL_A_LINKINFO_PORT={0x5, 0x2, 0x7}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20009005}, 0x4000080) r8 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f0000000480), r0) lseek(r8, 0x851, 0x0) 1.751677998s ago: executing program 2 (id=1319): syz_open_dev$hiddev(&(0x7f0000000000), 0x8, 0x40000) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = open(&(0x7f00000000c0)='.\x00', 0x10000, 0x0) getdents(r0, &(0x7f0000001fc0)=""/184, 0xb8) lseek(0xffffffffffffffff, 0x9, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x20000045, 0x0, 0x0) pipe(&(0x7f0000000d00)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$inet_udp(0x2, 0x2, 0x0) lseek(r3, 0x7, 0x2) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x18) close(r3) socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000001100010100"/20, @ANYRES32=r6], 0x20}}, 0x0) write$binfmt_misc(r2, &(0x7f0000000240), 0xfffffecc) splice(r1, 0x0, r3, 0x0, 0x714f, 0x0) 814.76686ms ago: executing program 1 (id=1320): socket$netlink(0x10, 0x3, 0x0) socket$pppl2tp(0x18, 0x1, 0x1) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$kcm(0x10, 0x3, 0x10) socket$packet(0x11, 0x2, 0x300) socket(0x1e, 0x805, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$netlink(0x10, 0x3, 0x10) socket$nl_route(0x10, 0x3, 0x0) pipe(&(0x7f00000001c0)) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x8000a0ffffffff}, 0x0) 0s ago: executing program 4 (id=1322): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0xb, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000240), 0xaaa43, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) setrlimit(0x1, 0x0) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = syz_open_dev$tty1(0xc, 0x4, 0x4) ioctl$VT_ACTIVATE(r2, 0x5606, 0x4) ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, &(0x7f0000000000)={0x1, 0x2}) ioctl$DRM_IOCTL_MODE_SETPLANE(0xffffffffffffffff, 0xc03064b7, 0x0) syz_open_dev$dri(0x0, 0x1ff, 0x0) setxattr$incfs_size(&(0x7f0000000100)='./file0/file0\x00', &(0x7f0000000200), 0x0, 0x0, 0x3) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, 0x0) r3 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x2a82) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='cpuset.effective_cpus\x00', 0x275a, 0x0) ioctl$LOOP_CONFIGURE(r3, 0x4c0a, &(0x7f00000005c0)={r4, 0x800, {0x2a00, 0x80010000, 0x0, 0x5, 0x0, 0x0, 0x0, 0x20, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd6447a4b4e00d9683dda1af1ea09de2b7fb0a0100000000000000000300", "2809e8dbe108598927875397bab22d0000b420a9c81f40f05f819e01177d3d458dac00000000000000000000003b00000000000000000200", "90be8b1c5512406c7f00", [0x4, 0x40000000000000]}}) syz_open_dev$loop(0x0, 0x5, 0x88000) dup2(r4, r3) mount(&(0x7f00000000c0)=@nullb, &(0x7f0000000040)='.\x00', &(0x7f0000000000)='minix\x00', 0x0, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000001c0)={'wlan1\x00'}) kernel console output (not intermixed with test programs): S using preconfigured BSSID 50:50:50:50:50:50 [ 81.876127][ T4211] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 81.889194][ T4172] Bluetooth: hci3: command 0x0419 tx timeout [ 81.911375][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 81.916238][ T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 81.920149][ T4257] syz.1.6 uses obsolete (PF_INET,SOCK_PACKET) [ 81.935121][ T4233] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 81.951873][ T4172] Bluetooth: hci2: command 0x0419 tx timeout [ 81.986460][ T4258] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 82.001883][ T144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 82.014880][ T4258] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 82.044985][ T144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 82.116624][ T529] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 82.127243][ T4258] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 82.147719][ T4172] Bluetooth: hci4: command 0x0419 tx timeout [ 82.154361][ T529] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 82.182468][ T4258] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 82.206130][ T4258] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 82.215861][ T4258] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 82.237843][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 82.363874][ T4262] ODEBUG: Out of memory. ODEBUG disabled [ 83.260526][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.300940][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 84.754047][ T4278] loop0: detected capacity change from 0 to 512 [ 84.944122][ T4278] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 85.036709][ T4278] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 87.460084][ T4278] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2825: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 87.489870][ T4278] EXT4-fs (loop0): 1 truncate cleaned up [ 87.506398][ T4278] EXT4-fs (loop0): mounted filesystem without journal. Opts: max_batch_time=0x0000000000000004,jqfmt=vfsold,debug_want_extra_isize=0x000000000000006a,user_xattr,errors=remount-ro,nombcache,. Quota mode: none. [ 88.207408][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #140!!! [ 88.666768][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #18a!!! [ 88.694771][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #18a!!! [ 89.845682][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #140!!! [ 89.948890][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #40!!! [ 90.418565][ T4313] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 90.460078][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #40!!! [ 90.476847][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #202!!! [ 90.487930][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #282!!! [ 90.499736][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #282!!! [ 90.511937][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #282!!! [ 91.241772][ T4321] blk_update_request: I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 91.259027][ T4321] F2FS-fs (loop3): Unable to read 1th superblock [ 91.267540][ T4321] blk_update_request: I/O error, dev loop3, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 91.281729][ T4321] F2FS-fs (loop3): Unable to read 2th superblock [ 91.600107][ T4328] loop2: detected capacity change from 0 to 8 [ 92.297770][ T7] cfg80211: failed to load regulatory.db [ 92.869994][ T4328] SQUASHFS error: xz decompression failed, data probably corrupt [ 92.879613][ T4328] SQUASHFS error: Failed to read block 0x108: -5 [ 92.888400][ T4328] SQUASHFS error: Unable to read metadata cache entry [106] [ 92.897683][ T4328] SQUASHFS error: Unable to read inode 0x11f [ 96.155659][ T4350] loop2: detected capacity change from 0 to 64 [ 99.274588][ T4360] Zero length message leads to an empty skb [ 99.466963][ T4379] input: syz0 as /devices/virtual/input/input5 [ 102.203426][ T4408] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 106.569994][ T4436] Invalid ELF header type: 3 != 1 [ 111.044494][ T4476] loop2: detected capacity change from 0 to 16 [ 111.232399][ T4476] erofs: (device loop2): mounted with root inode @ nid 36. [ 111.489832][ T4476] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance @ nid 36 [ 113.860074][ T4476] erofs: (device loop2): z_erofs_lz4_decompress: failed to decompress -20 in[58, 4038] out[1851] [ 114.205916][ T4476] erofs: (device loop2): z_erofs_readpage: failed to read, err [-117] [ 118.126838][ T4216] usb 2-1: new full-speed USB device number 2 using dummy_hcd [ 124.057304][ T4539] ======================================================= [ 124.057304][ T4539] WARNING: The mand mount option has been deprecated and [ 124.057304][ T4539] and is ignored by this kernel. Remove the mand [ 124.057304][ T4539] option from the mount to silence this warning. [ 124.057304][ T4539] ======================================================= [ 124.290126][ T4273] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 124.527939][ T4548] netlink: 20 bytes leftover after parsing attributes in process `syz.3.73'. [ 124.724425][ T4273] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 125.864907][ T4557] sched: RT throttling activated [ 125.903730][ T4273] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 126.241653][ T4569] loop3: detected capacity change from 0 to 2048 [ 126.241922][ T4273] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 126.981201][ T4569] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 128.028335][ T4578] kvm [4577]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0xc2 data 0x4000 [ 128.159780][ T4578] kvm [4577]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0xc1 data 0x4000 [ 128.172676][ T4595] loop0: detected capacity change from 0 to 1024 [ 129.875430][ T7] Bluetooth: hci4: command 0x0409 tx timeout [ 129.904420][ T4595] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 130.600961][ T4612] device wg2 entered promiscuous mode [ 131.627565][ T4572] chnl_net:caif_netlink_parms(): no params data found [ 131.678989][ T4634] loop0: detected capacity change from 0 to 2048 [ 132.323636][ T4486] Bluetooth: hci4: command 0x041b tx timeout [ 132.425200][ T4634] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 132.850155][ T1431] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.857942][ T1431] ieee802154 phy1 wpan1: encryption failed: -22 [ 134.007477][ T4572] bridge0: port 1(bridge_slave_0) entered blocking state [ 134.109948][ T4572] bridge0: port 1(bridge_slave_0) entered disabled state [ 135.064469][ T4214] Bluetooth: hci4: command 0x040f tx timeout [ 135.096013][ T4572] device bridge_slave_0 entered promiscuous mode [ 136.642762][ T4572] bridge0: port 2(bridge_slave_1) entered blocking state [ 136.688862][ T4572] bridge0: port 2(bridge_slave_1) entered disabled state [ 136.719670][ T4572] device bridge_slave_1 entered promiscuous mode [ 137.925596][ T4255] Bluetooth: hci4: command 0x0419 tx timeout [ 138.002909][ T4572] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 138.064335][ T4572] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 138.229616][ T4572] team0: Port device team_slave_0 added [ 138.398251][ T4572] team0: Port device team_slave_1 added [ 139.167992][ T4572] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 139.174990][ T4572] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 139.386064][ T4572] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 140.693617][ T154] Bluetooth: hci5: Frame reassembly failed (-84) [ 140.729883][ T4572] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 141.804104][ T4572] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 141.977664][ T4572] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 142.110687][ T4717] loop3: detected capacity change from 0 to 1024 [ 142.233282][ T4717] kvm: emulating exchange as write [ 142.361195][ T4572] device hsr_slave_0 entered promiscuous mode [ 142.399107][ T4572] device hsr_slave_1 entered promiscuous mode [ 142.416940][ T4572] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 142.424650][ T4572] Cannot create hsr debugfs directory [ 144.049025][ T4273] device hsr_slave_0 left promiscuous mode [ 144.113468][ T4273] device hsr_slave_1 left promiscuous mode [ 144.154256][ T4273] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 144.167280][ T4214] Bluetooth: hci5: command 0x1003 tx timeout [ 144.173577][ T4185] Bluetooth: hci5: sending frame failed (-49) [ 144.200710][ T4273] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 144.287940][ T4273] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 144.318145][ T4273] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 144.360603][ T4273] device bridge_slave_1 left promiscuous mode [ 144.386527][ T4273] bridge0: port 2(bridge_slave_1) entered disabled state [ 144.454379][ T4273] device bridge_slave_0 left promiscuous mode [ 144.495842][ T4273] bridge0: port 1(bridge_slave_0) entered disabled state [ 144.568065][ T4273] device veth1_macvtap left promiscuous mode [ 144.582156][ T4273] device veth0_macvtap left promiscuous mode [ 144.589876][ T4273] device veth1_vlan left promiscuous mode [ 144.607544][ T4273] device veth0_vlan left promiscuous mode [ 145.051301][ T4273] team0 (unregistering): Port device team_slave_1 removed [ 145.070960][ T4273] team0 (unregistering): Port device team_slave_0 removed [ 145.089026][ T4273] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 145.105527][ T4273] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 145.211628][ T4273] bond0 (unregistering): Released all slaves [ 146.628232][ T4214] Bluetooth: hci5: command 0x1001 tx timeout [ 146.634343][ T4185] Bluetooth: hci5: sending frame failed (-49) [ 147.894988][ T4766] mmap: syz.1.120 (4766) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst. [ 148.726508][ T4486] Bluetooth: hci5: command 0x1009 tx timeout [ 149.068841][ T4779] syz.0.121 sent an empty control message without MSG_MORE. [ 150.171430][ T4766] xt_ecn: cannot match TCP bits for non-tcp packets [ 150.248210][ T4785] loop3: detected capacity change from 0 to 128 [ 150.264405][ T4784] netlink: 128 bytes leftover after parsing attributes in process `syz.0.123'. [ 151.320963][ T4787] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 151.920801][ T4808] delete_channel: no stack [ 152.470285][ T4819] xt_nat: multiple ranges no longer supported [ 157.172844][ T4572] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 158.136073][ T4572] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 158.231372][ T4572] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 158.300296][ T4572] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 158.556740][ T4255] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 158.846869][ T4255] usb 5-1: Using ep0 maxpacket: 32 [ 158.966954][ T4255] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 159.005517][ T4255] usb 5-1: config 0 has no interfaces? [ 159.227773][ T4572] 8021q: adding VLAN 0 to HW filter on device bond0 [ 159.541190][ T4896] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 159.598601][ T4896] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 159.712492][ T4572] 8021q: adding VLAN 0 to HW filter on device team0 [ 159.971909][ T4288] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 160.002744][ T4288] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 160.073934][ T4288] bridge0: port 1(bridge_slave_0) entered blocking state [ 160.081540][ T4288] bridge0: port 1(bridge_slave_0) entered forwarding state [ 160.117137][ T4255] usb 5-1: New USB device found, idVendor=0ccd, idProduct=0080, bcdDevice=4a.83 [ 160.137022][ T4255] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 160.169012][ T4288] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 160.183014][ T4255] usb 5-1: Product: syz [ 160.190599][ T4288] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 160.372461][ T4288] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 160.578572][ T4288] bridge0: port 2(bridge_slave_1) entered blocking state [ 160.587545][ T4288] bridge0: port 2(bridge_slave_1) entered forwarding state [ 160.800847][ T4288] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 160.809174][ T4255] usb 5-1: Manufacturer: syz [ 160.809228][ T4255] usb 5-1: SerialNumber: syz [ 160.816740][ T4255] usb 5-1: config 0 descriptor?? [ 160.919770][ T4288] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 160.949411][ T4288] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 160.961311][ T4288] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 161.000079][ T4929] binder: BINDER_SET_CONTEXT_MGR already set [ 161.023740][ T4288] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 161.225594][ T4929] binder: 4923:4929 ioctl 4018620d 2000000000c0 returned -16 [ 161.243960][ T4288] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 161.391138][ T4288] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 161.770742][ T4288] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 161.835592][ T4288] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 161.844816][ T4288] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 161.854354][ T4288] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 161.868699][ T4255] usb 5-1: USB disconnect, device number 2 [ 161.903879][ T4572] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 162.000246][ T4944] process 'syz.1.149' launched '/dev/fd/9' with NULL argv: empty string added [ 162.022705][ T4946] loop4: detected capacity change from 0 to 512 [ 162.047084][ T4943] netlink: 28 bytes leftover after parsing attributes in process `syz.3.151'. [ 162.214522][ T4946] EXT4-fs (loop4): 1 orphan inode deleted [ 162.281968][ T4946] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 162.304195][ T4946] ext4 filesystem being mounted at /23/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 162.485451][ T4896] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 162.602900][ T4961] loop0: detected capacity change from 0 to 4096 [ 162.661109][ T4896] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 162.734062][ T4572] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 164.437228][ T4974] sctp: [Deprecated]: syz.1.155 (pid 4974) Use of struct sctp_assoc_value in delayed_ack socket option. [ 164.437228][ T4974] Use struct sctp_sack_info instead [ 164.767875][ T4961] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 164.912061][ T4961] NILFS (loop0): unrecognized mount option " Ÿ÷eúZV¿Ý1d^ÜZCÂW‚ÊÿӜչè" [ 164.947274][ T4896] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 165.035643][ T4896] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 165.101717][ T4378] udevd[4378]: incorrect nilfs2 checksum on /dev/loop0 [ 165.143682][ T4572] device veth0_vlan entered promiscuous mode [ 165.217823][ T4572] device veth1_vlan entered promiscuous mode [ 165.375484][ T4896] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 165.389623][ T4896] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 165.678163][ T4896] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 165.912931][ T4896] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 166.361273][ T4896] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 166.422706][ T4896] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 166.448134][ T4896] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 166.456286][ T4896] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 167.815347][ T4572] device veth0_macvtap entered promiscuous mode [ 167.922388][ T4572] device veth1_macvtap entered promiscuous mode [ 169.350873][ T4572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 169.396674][ T4572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.097431][ T4572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 171.130907][ T4572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.186724][ T4572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 171.226678][ T4572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.262885][ T4572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 171.306733][ T4572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.352510][ T4572] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 171.409341][ T4572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 171.473744][ T4572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.484222][ T4572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 171.495427][ T4572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.507270][ T4572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 171.519591][ T4572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.538127][ T4572] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 171.564661][ T4572] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.862246][ T4572] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 172.407315][ T5023] netlink: 8 bytes leftover after parsing attributes in process `syz.3.166'. [ 172.513254][ T5027] bridge0: port 3(vlan2) entered blocking state [ 172.521473][ T5027] bridge0: port 3(vlan2) entered disabled state [ 172.529645][ T5027] device vlan2 entered promiscuous mode [ 172.535224][ T5027] device bond0 entered promiscuous mode [ 172.541009][ T5027] device bond_slave_0 entered promiscuous mode [ 172.548698][ T5027] device bond_slave_1 entered promiscuous mode [ 172.556079][ T5027] bridge0: port 3(vlan2) entered blocking state [ 172.563159][ T5027] bridge0: port 3(vlan2) entered forwarding state [ 172.580517][ T4438] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 172.603095][ T4438] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 172.638190][ T4438] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 172.665200][ T4438] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 172.697940][ T4572] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 172.746746][ T4572] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 172.779649][ T4572] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 172.810302][ T4572] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 172.840909][ T5041] netlink: 8 bytes leftover after parsing attributes in process `syz.3.170'. [ 172.952963][ T5041] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 173.017837][ T5051] netlink: 16 bytes leftover after parsing attributes in process `syz.0.171'. [ 174.014239][ T5063] loop3: detected capacity change from 0 to 512 [ 174.031498][ T4486] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 174.042197][ T4486] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 174.064776][ T5056] 9pnet: Insufficient options for proto=fd [ 174.069122][ T4255] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 174.176092][ T4288] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 174.220569][ T5063] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 174.284017][ T4486] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 174.292360][ T13] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 174.300938][ T4288] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 174.327170][ T4288] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 174.356977][ T4438] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 174.367810][ T5063] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 174.437309][ T5063] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a04ec0a8, mo2=0002] [ 174.448103][ T5063] System zones: 0-3, 34-34 [ 174.503189][ T5063] EXT4-fs (loop3): orphan cleanup on readonly fs [ 174.701106][ T4438] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 174.918567][ T5063] EXT4-fs error (device loop3): ext4_orphan_get:1427: comm syz.3.175: bad orphan inode 1039 [ 175.126006][ T5063] EXT4-fs (loop3): Remounting filesystem read-only [ 175.132618][ T4898] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 175.177645][ T5063] EXT4-fs (loop3): mounted filesystem without journal. Opts: debug,errors=remount-ro,quota,errors=remount-ro,minixdf,sb=0x0000000000000009,. Quota mode: writeback. [ 178.753067][ C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 179.716979][ T5123] loop0: detected capacity change from 0 to 512 [ 180.382263][ T5123] EXT4-fs (loop0): Cannot turn on journaled quota: type 1: error -13 [ 180.392110][ T5123] EXT4-fs warning (device loop0): ext4_block_to_path:107: block 3279945729 > max in inode 13 [ 180.403128][ T5123] EXT4-fs warning (device loop0): ext4_block_to_path:107: block 3279945730 > max in inode 13 [ 180.414153][ T5123] EXT4-fs (loop0): 1 truncate cleaned up [ 180.419914][ T5123] EXT4-fs (loop0): mounted filesystem without journal. Opts: jqfmt=vfsold,stripe=0x000000000000ffff,sysvgroups,jqfmt=vfsold,nouid32,grpjquota=.,errors=continue. Quota mode: writeback. [ 180.542597][ T21] Bluetooth: hci4: command 0x0405 tx timeout [ 186.626141][ T5209] netlink: 4 bytes leftover after parsing attributes in process `syz.4.203'. [ 187.582044][ T5209] device bond_slave_0 entered promiscuous mode [ 187.588731][ T5209] device bond_slave_1 entered promiscuous mode [ 187.721596][ T5209] device macvtap1 entered promiscuous mode [ 187.887053][ C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 187.938179][ T5209] device bond0 entered promiscuous mode [ 188.010639][ T5209] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 191.186398][ T5233] kvm [5228]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0xc1 data 0x0 [ 191.500619][ T5233] kvm [5228]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0xc1 data 0x4000 [ 192.599506][ T5233] kvm [5228]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0xc2 data 0x0 [ 192.608499][ T5233] kvm [5228]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0xc2 data 0x4000 [ 192.622269][ T5233] kvm [5228]: vcpu0, guest rIP: 0x18e ignored wrmsr: 0x11e data 0x0 [ 192.872942][ T5283] netlink: 224 bytes leftover after parsing attributes in process `syz.4.221'. [ 192.914812][ T5283] netlink: 16 bytes leftover after parsing attributes in process `syz.4.221'. [ 194.118632][ T13] libceph: connect (1)[c::]:6789 error -101 [ 194.137783][ T5296] netlink: 'syz.0.223': attribute type 9 has an invalid length. [ 194.146222][ T13] libceph: mon0 (1)[c::]:6789 connect error [ 194.162821][ T5300] loop3: detected capacity change from 0 to 1024 [ 194.176429][ T5290] ceph: No mds server is up or the cluster is laggy [ 194.181229][ T5292] loop0: detected capacity change from 0 to 1024 [ 194.292263][ T1431] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.300433][ T1431] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.324877][ T5292] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 194.765435][ T5319] netlink: 24 bytes leftover after parsing attributes in process `syz.2.228'. [ 195.246530][ T5317] netlink: 24 bytes leftover after parsing attributes in process `syz.2.228'. [ 196.598069][ T5342] loop4: detected capacity change from 0 to 1024 [ 197.758789][ T1108] Bluetooth: hci1: command 0x0406 tx timeout [ 197.765203][ T1108] Bluetooth: hci0: command 0x0406 tx timeout [ 197.776698][ T1108] Bluetooth: hci2: command 0x0406 tx timeout [ 197.783909][ T1108] Bluetooth: hci3: command 0x0406 tx timeout [ 197.806009][ T5351] loop2: detected capacity change from 0 to 2048 [ 197.900452][ T5351] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 198.033809][ T5357] io-wq is not configured for unbound workers [ 199.773631][ T5370] fuse: Bad value for 'fd' [ 199.953530][ T4212] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 200.205645][ T5383] overlayfs: failed to clone upperpath [ 201.466740][ T4212] usb 3-1: Using ep0 maxpacket: 16 [ 203.734477][ T4212] usb 3-1: unable to read config index 0 descriptor/all [ 203.742750][ T4212] usb 3-1: can't read configurations, error -71 [ 204.757765][ C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 207.608303][ T5435] loop3: detected capacity change from 0 to 256 [ 210.233011][ T5446] loop3: detected capacity change from 0 to 2048 [ 210.265123][ T5451] netlink: 8 bytes leftover after parsing attributes in process `syz.1.265'. [ 210.341546][ T5446] loop3: p1 < > p3 [ 210.381085][ T5446] loop3: p3 size 134217728 extends beyond EOD, truncated [ 210.932565][ T5457] loop4: detected capacity change from 0 to 1024 [ 211.543465][ T4378] udevd[4378]: inotify_add_watch(7, /dev/loop3p1, 10) failed: No such file or directory [ 211.562921][ T4161] udevd[4161]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory [ 211.574253][ T5474] capability: warning: `syz.2.271' uses deprecated v2 capabilities in a way that may be insecure [ 212.272210][ T4378] udevd[4378]: inotify_add_watch(7, /dev/loop3p1, 10) failed: No such file or directory [ 212.373551][ T5479] netlink: 'syz.1.272': attribute type 9 has an invalid length. [ 212.458872][ T4378] udevd[4378]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory [ 217.507048][ T5530] sp0: Synchronizing with TNC [ 217.858409][ T5524] [U] è [ 223.576807][ T4213] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 224.374281][ T5559] input: syz1 as /devices/virtual/input/input6 [ 224.846777][ T4213] usb 4-1: Using ep0 maxpacket: 16 [ 225.018335][ T4213] usb 4-1: device descriptor read/all, error -71 [ 228.234276][ T5591] netlink: 20 bytes leftover after parsing attributes in process `syz.2.303'. [ 231.743149][ T5613] input: syz1 as /devices/virtual/input/input7 [ 236.539973][ T5652] loop0: detected capacity change from 0 to 1024 [ 237.086484][ T5652] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 238.032903][ C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 238.061158][ T5652] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (42152!=20869) [ 238.350060][ T5652] EXT4-fs error (device loop0): ext4_get_journal_inode:5160: inode #5: comm syz.0.320: unexpected bad inode w/o EXT4_IGET_BAD [ 238.391147][ T5665] netlink: 4 bytes leftover after parsing attributes in process `syz.1.334'. [ 238.400873][ T5652] EXT4-fs (loop0): no journal found [ 238.406128][ T5665] device vlan2 left promiscuous mode [ 238.406147][ T5665] device bond0 left promiscuous mode [ 238.406159][ T5665] device bond_slave_0 left promiscuous mode [ 238.406330][ T5665] device bond_slave_1 left promiscuous mode [ 238.423365][ T5652] EXT4-fs (loop0): can't get journal size [ 238.442603][ T5665] bridge0: port 3(vlan2) entered disabled state [ 238.456483][ T5652] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=8800e11c, mo2=0002] [ 238.474786][ T5665] device bridge_slave_1 left promiscuous mode [ 238.483686][ T5652] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,debug,norecovery,min_batch_time=0x000000000000071d,abort,,errors=continue. Quota mode: writeback. [ 238.522884][ T5665] bridge0: port 2(bridge_slave_1) entered disabled state [ 238.538064][ T5665] device bridge_slave_0 left promiscuous mode [ 238.547722][ T5665] bridge0: port 1(bridge_slave_0) entered disabled state [ 238.575213][ T5672] loop4: detected capacity change from 0 to 1024 [ 238.631090][ T5672] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 238.923400][ T5669] netlink: 'syz.4.323': attribute type 9 has an invalid length. [ 244.166192][ T5724] loop4: detected capacity change from 0 to 2048 [ 244.217244][ T5724] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=3932051, location=3932051 [ 244.278582][ T5724] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 246.253795][ T5748] loop0: detected capacity change from 0 to 16 [ 247.673640][ T5762] loop2: detected capacity change from 0 to 8 [ 248.385221][ T5762] SQUASHFS error: xz decompression failed, data probably corrupt [ 248.393345][ T5762] SQUASHFS error: Failed to read block 0x108: -5 [ 248.399808][ T5762] SQUASHFS error: Unable to read metadata cache entry [106] [ 248.407355][ T5762] SQUASHFS error: Unable to read inode 0x11f [ 248.583525][ T5768] loop0: detected capacity change from 0 to 512 [ 248.929437][ T5778] xt_nat: multiple ranges no longer supported [ 249.646733][ T5768] EXT4-fs error (device loop0): ext4_read_inode_bitmap:140: comm syz.0.352: Invalid inode bitmap blk 4 in block_group 0 [ 249.672505][ T5768] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,resuid=0x0000000000000000,data_err=abort,noload,nobarrier,nouid32,,errors=continue. Quota mode: none. [ 250.117156][ T5789] netlink: 32 bytes leftover after parsing attributes in process `syz.1.355'. [ 250.126207][ T5789] netlink: 216 bytes leftover after parsing attributes in process `syz.1.355'. [ 250.135668][ T5789] netlink: 216 bytes leftover after parsing attributes in process `syz.1.355'. [ 250.296200][ T5791] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 250.333135][ T5789] A link change request failed with some changes committed already. Interface batadv0 may have been left with an inconsistent configuration, please check. [ 252.950248][ T13] Bluetooth: hci4: command 0x0406 tx timeout [ 253.164314][ T5819] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 253.256805][ T5828] sctp: [Deprecated]: syz.3.369 (pid 5828) Use of struct sctp_assoc_value in delayed_ack socket option. [ 253.256805][ T5828] Use struct sctp_sack_info instead [ 253.314497][ T5819] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 254.036929][ T5819] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 254.380201][ T5819] device bridge_slave_0 left promiscuous mode [ 254.394049][ T5819] bridge0: port 1(bridge_slave_0) entered disabled state [ 254.616486][ T5819] device bridge_slave_1 left promiscuous mode [ 254.703391][ T5819] bridge0: port 2(bridge_slave_1) entered disabled state [ 255.683697][ T5819] bond0: (slave bond_slave_0): Releasing backup interface [ 255.920106][ T1431] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.104730][ T5819] bond0: (slave bond_slave_1): Releasing backup interface [ 256.367877][ T1431] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.429919][ T5819] team0: Port device team_slave_0 removed [ 256.489700][ T5819] team0: Port device team_slave_1 removed [ 256.520881][ T5819] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 256.554665][ T5819] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 256.581907][ T5819] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 256.612533][ T5819] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 256.722859][ T13] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 256.854489][ T5855] tipc: Started in network mode [ 256.872518][ T5855] tipc: Node identity ac1414aa, cluster identity 4711 [ 256.902375][ T5855] tipc: Enabled bearer , priority 10 [ 257.951794][ T1111] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 257.997795][ T5859] loop0: detected capacity change from 0 to 16 [ 258.057247][ T1111] tipc: Node number set to 2886997162 [ 258.068466][ T5859] MTD: Attempt to mount non-MTD device "/dev/loop0" [ 258.335325][ T4378] udevd[4378]: incorrect cramfs checksum on /dev/loop0 [ 258.429633][ T4378] udevd[4378]: incorrect cramfs checksum on /dev/loop0 [ 261.158088][ T5898] netlink: 28 bytes leftover after parsing attributes in process `syz.4.391'. [ 263.615118][ T5919] loop2: detected capacity change from 0 to 764 [ 264.185486][ T5933] netlink: 8 bytes leftover after parsing attributes in process `syz.1.401'. [ 264.564425][ T5933] platform regulatory.0: loading /lib/firmware/regulatory.db.p7s failed with error -4 [ 264.574224][ T5933] platform regulatory.0: Direct firmware load for regulatory.db.p7s failed with error -4 [ 264.584246][ T5933] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db.p7s [ 264.598855][ T5933] syz.1.401 (5933) used greatest stack depth: 17448 bytes left [ 264.607264][ T26] audit: type=1800 audit(1748213762.878:2): pid=5933 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.401" name="regulatory.db.p7s" dev="sda1" ino=449 res=0 errno=0 [ 264.782472][ T5919] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 265.817432][ T5953] fuse: Bad value for 'fd' [ 267.166907][ T5971] netlink: 14 bytes leftover after parsing attributes in process `syz.4.412'. [ 268.304462][ T5971] device bond0 left promiscuous mode [ 268.311022][ T5971] device bond_slave_0 left promiscuous mode [ 268.319350][ T5971] device bond_slave_1 left promiscuous mode [ 268.841579][ T5971] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 269.091788][ T5987] loop0: detected capacity change from 0 to 4096 [ 269.384164][ T5988] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 269.511737][ T26] audit: type=1800 audit(1748213767.828:3): pid=5987 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.428" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 269.774186][ T5992] loop2: detected capacity change from 0 to 512 [ 270.089759][ T5992] EXT4-fs error (device loop2): ext4_read_inode_bitmap:140: comm syz.2.418: Invalid inode bitmap blk 4 in block_group 0 [ 270.118671][ T5971] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 270.232007][ T5971] bond0 (unregistering): Released all slaves [ 270.261348][ T5992] EXT4-fs (loop2): mounted filesystem without journal. Opts: noblock_validity,resuid=0x0000000000000000,data_err=abort,noload,nobarrier,nouid32,,errors=continue. Quota mode: none. [ 272.257616][ T5996] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 276.966462][ T6028] netlink: 20 bytes leftover after parsing attributes in process `syz.0.436'. [ 276.980131][ T6028] device vlan2 entered promiscuous mode [ 276.985744][ T6028] device dummy0 entered promiscuous mode [ 277.014050][ T6026] netlink: 40 bytes leftover after parsing attributes in process `syz.1.429'. [ 277.685273][ T6040] xt_CT: You must specify a L4 protocol and not use inversions on it [ 282.325836][ T6067] hub 8-0:1.0: USB hub found [ 282.333519][ T6067] hub 8-0:1.0: 1 port detected [ 287.539936][ T6111] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 287.568862][ T6111] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 287.609521][ T6111] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 287.727192][ T4213] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 288.039515][ T4213] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 289.871763][ T6136] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 289.879871][ T6136] IPv6: NLM_F_CREATE should be set when creating new route [ 294.816774][ T6136] bridge0: port 2(bridge_slave_1) entered disabled state [ 294.824295][ T6136] bridge0: port 1(bridge_slave_0) entered disabled state [ 297.274673][ T6192] blk_update_request: I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 297.286788][ T6192] FAT-fs (loop3): unable to read boot sector [ 298.161761][ T6136] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 298.221854][ T6136] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 300.815879][ T6136] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 300.825303][ T6136] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 300.840733][ T6136] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 300.851886][ T6136] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 301.863942][ T6156] netlink: 'syz.0.466': attribute type 10 has an invalid length. [ 301.881525][ T6156] netlink: 40 bytes leftover after parsing attributes in process `syz.0.466'. [ 302.210974][ T6156] team0: Port device geneve0 added [ 302.261106][ T6172] batman_adv: batadv0: Adding interface: vxlan0 [ 302.280657][ T6172] batman_adv: batadv0: The MTU of interface vxlan0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 302.310606][ T6172] batman_adv: batadv0: Not using interface vxlan0 (retrying later): interface not active [ 303.836959][ T6225] netlink: 8 bytes leftover after parsing attributes in process `syz.0.487'. [ 304.137593][ T6225] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -4 [ 304.147286][ T6225] platform regulatory.0: Direct firmware load for regulatory.db failed with error -4 [ 304.156860][ T6225] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 306.926937][ C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 309.840369][ T6242] delete_channel: no stack [ 310.071931][ T6268] overlayfs: failed to clone upperpath [ 311.503293][ T6274] loop0: detected capacity change from 0 to 128 [ 311.889441][ T6282] xt_l2tp: v2 doesn't support IP mode [ 312.581441][ T6291] device batadv0 entered promiscuous mode [ 312.607380][ T6291] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 312.647044][ T6291] bond0: (slave macvlan2): Enslaving as an active interface with an up link [ 312.687636][ T6293] netlink: 28 bytes leftover after parsing attributes in process `syz.3.506'. [ 312.696541][ T6293] netlink: 8 bytes leftover after parsing attributes in process `syz.3.506'. [ 312.761697][ T6294] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 312.846293][ T6294] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 312.947210][ T6294] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 312.969997][ T6294] device bridge_slave_0 left promiscuous mode [ 312.986937][ T6294] bridge0: port 1(bridge_slave_0) entered disabled state [ 313.023937][ T6294] device bridge_slave_1 left promiscuous mode [ 313.055173][ T6294] bridge0: port 2(bridge_slave_1) entered disabled state [ 313.120359][ T6294] bond0: (slave bond_slave_0): Releasing backup interface [ 314.000151][ T6294] bond0: (slave bond_slave_1): Releasing backup interface [ 314.203172][ T6294] team0: Port device team_slave_0 removed [ 314.270620][ T6294] team0: Port device team_slave_1 removed [ 314.293369][ T6294] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 314.416796][ T6294] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 314.437465][ T6294] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 314.464423][ T6294] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 315.284716][ T6310] loop0: detected capacity change from 0 to 512 [ 315.331767][ T6296] netlink: 120 bytes leftover after parsing attributes in process `syz.2.507'. [ 317.916713][ T1431] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.917067][ T1431] ieee802154 phy1 wpan1: encryption failed: -22 [ 320.736892][ T6355] netlink: 'syz.3.521': attribute type 10 has an invalid length. [ 320.742707][ T6352] loop0: detected capacity change from 0 to 512 [ 320.754811][ T6355] netlink: 40 bytes leftover after parsing attributes in process `syz.3.521'. [ 320.818601][ T6355] team0: Port device geneve0 added [ 321.776944][ T6352] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 321.837049][ T6352] ext4 filesystem being mounted at /97/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 326.328907][ T6388] netlink: 'syz.4.530': attribute type 11 has an invalid length. [ 327.327383][ T6394] netlink: 28 bytes leftover after parsing attributes in process `syz.2.531'. [ 327.381028][ T6394] netlink: 8 bytes leftover after parsing attributes in process `syz.2.531'. [ 327.473554][ T6399] netlink: 'syz.2.531': attribute type 10 has an invalid length. [ 327.522405][ T6399] bridge0: port 3(team0) entered blocking state [ 327.586940][ T6399] bridge0: port 3(team0) entered disabled state [ 327.710363][ T6399] device team0 entered promiscuous mode [ 327.880908][ T6399] device team_slave_0 entered promiscuous mode [ 328.023320][ T6399] device team_slave_1 entered promiscuous mode [ 328.322860][ T6399] bridge0: port 3(team0) entered blocking state [ 328.329266][ T6399] bridge0: port 3(team0) entered forwarding state [ 328.477597][ T6404] loop4: detected capacity change from 0 to 256 [ 330.489000][ T6414] loop0: detected capacity change from 0 to 128 [ 332.778532][ T4894] attempt to access beyond end of device [ 332.778532][ T4894] loop0: rw=1, want=1041, limit=128 [ 332.885987][ T6431] loop2: detected capacity change from 0 to 2048 [ 333.036909][ T6431] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 333.135875][ T6435] loop0: detected capacity change from 0 to 512 [ 334.066681][ T6435] EXT4-fs (loop0): Ignoring removed nobh option [ 335.500238][ T6435] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #11: comm syz.0.540: invalid indirect mapped block 256 (level 2) [ 335.639716][ T6435] EXT4-fs (loop0): 2 truncates cleaned up [ 335.916453][ T6435] EXT4-fs (loop0): mounted filesystem without journal. Opts: nobh,auto_da_alloc,data_err=ignore,,errors=continue. Quota mode: writeback. [ 338.837613][ T6473] rdma_op ffff88807e3501f0 conn xmit_rdma 0000000000000000 [ 338.853347][ T6469] netlink: 8 bytes leftover after parsing attributes in process `syz.2.548'. [ 342.342189][ T6504] loop2: detected capacity change from 0 to 4096 [ 343.948681][ T6504] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 344.039024][ T6504] EXT4-fs (loop2): re-mounted. Opts: (null). Quota mode: writeback. [ 345.433952][ T6536] rdma_op ffff88807e03e9f0 conn xmit_rdma 0000000000000000 [ 348.633758][ T6551] device batadv0 entered promiscuous mode [ 349.357243][ T6551] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 349.368435][ T6551] bond0: (slave macvlan2): Enslaving as an active interface with an up link [ 350.419115][ T6566] MPTCP: kernel_bind error, err=-98 [ 352.419299][ T6575] loop4: detected capacity change from 0 to 32768 [ 352.531158][ T6575] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 352.541427][ T6575] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 352.573897][ T6575] gfs2: fsid=syz:syz.s: journal 0 mapped with 5 extents in 0ms [ 352.740325][ T6575] gfs2: fsid=syz:syz.s: first mount done, others may mount [ 359.135472][ T6635] loop4: detected capacity change from 0 to 1024 [ 361.592992][ T6635] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 361.915910][ T6646] netlink: 8 bytes leftover after parsing attributes in process `syz.1.598'. [ 362.761063][ T6635] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 362.999022][ T4898] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 363.740996][ T4898] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 363.761374][ T6662] netlink: 4 bytes leftover after parsing attributes in process `syz.1.604'. [ 363.877811][ T6662] netlink: 12 bytes leftover after parsing attributes in process `syz.1.604'. [ 363.947043][ T6660] netlink: 'syz.2.603': attribute type 12 has an invalid length. [ 364.258610][ T6669] loop4: detected capacity change from 0 to 2048 [ 364.630465][ T6669] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 364.829114][ T1111] Bluetooth: hci2: command 0x0409 tx timeout [ 364.898802][ T4898] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 367.552741][ T7] Bluetooth: hci2: command 0x041b tx timeout [ 367.912838][ T4898] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 368.034006][ T6644] chnl_net:caif_netlink_parms(): no params data found [ 368.298537][ T6698] ax25_connect(): syz.0.609 uses autobind, please contact jreuter@yaina.de [ 368.442996][ T6693] IPv6: ADDRCONF(NETDEV_CHANGE): bpq0: link becomes ready [ 368.816271][ T6705] blk_update_request: I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 368.827806][ T6705] F2FS-fs (loop5): Unable to read 1th superblock [ 368.835148][ T6705] blk_update_request: I/O error, dev loop5, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 368.847333][ T6705] F2FS-fs (loop5): Unable to read 2th superblock [ 369.626868][ T1111] Bluetooth: hci2: command 0x040f tx timeout [ 370.049906][ T6699] 8021q: adding VLAN 0 to HW filter on device bond0 [ 370.320298][ T6699] bond0: (slave rose0): Enslaving as an active interface with an up link [ 370.510455][ T4317] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 371.685756][ T4214] Bluetooth: hci2: command 0x0419 tx timeout [ 371.967343][ T6644] bridge0: port 1(bridge_slave_0) entered blocking state [ 371.994052][ T6644] bridge0: port 1(bridge_slave_0) entered disabled state [ 372.152844][ T6644] device bridge_slave_0 entered promiscuous mode [ 372.408443][ T6644] bridge0: port 2(bridge_slave_1) entered blocking state [ 372.589315][ T6644] bridge0: port 2(bridge_slave_1) entered disabled state [ 372.782288][ T6644] device bridge_slave_1 entered promiscuous mode [ 372.857994][ T4898] tipc: Disabling bearer [ 372.864469][ T4898] tipc: Left network mode [ 374.785599][ T6644] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 375.674614][ T6644] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 375.732827][ T6759] loop0: detected capacity change from 0 to 256 [ 376.035105][ T6759] FAT-fs (loop0): Directory bread(block 64) failed [ 376.056717][ T6759] FAT-fs (loop0): Directory bread(block 65) failed [ 376.066372][ T6759] FAT-fs (loop0): Directory bread(block 66) failed [ 376.150121][ T6644] team0: Port device team_slave_0 added [ 376.197319][ T6644] team0: Port device team_slave_1 added [ 376.216828][ T6759] FAT-fs (loop0): Directory bread(block 67) failed [ 376.227190][ T6759] FAT-fs (loop0): Directory bread(block 68) failed [ 376.307078][ T6759] FAT-fs (loop0): Directory bread(block 69) failed [ 376.420072][ T6759] FAT-fs (loop0): Directory bread(block 70) failed [ 376.583393][ T6759] FAT-fs (loop0): Directory bread(block 71) failed [ 376.621016][ T6759] FAT-fs (loop0): Directory bread(block 72) failed [ 376.718375][ T6759] FAT-fs (loop0): Directory bread(block 73) failed [ 377.906838][ T6779] attempt to access beyond end of device [ 377.906838][ T6779] loop0: rw=524288, want=1196, limit=256 [ 377.919427][ T6779] attempt to access beyond end of device [ 377.919427][ T6779] loop0: rw=0, want=1196, limit=256 [ 377.937335][ T6779] attempt to access beyond end of device [ 377.937335][ T6779] loop0: rw=524288, want=1164, limit=256 [ 377.949190][ T6779] attempt to access beyond end of device [ 377.949190][ T6779] loop0: rw=0, want=1164, limit=256 [ 378.048881][ T26] audit: type=1800 audit(1748213876.248:4): pid=6779 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.623" name="file1" dev="loop0" ino=1048609 res=0 errno=0 [ 378.097201][ T6644] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 378.104675][ T6644] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 378.572691][ T26] audit: type=1800 audit(1748213876.278:5): pid=6779 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.623" name="memory.events" dev="loop0" ino=1048610 res=0 errno=0 [ 378.803456][ T6644] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 378.835651][ T6644] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 378.845210][ T6644] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 378.917083][ T4900] attempt to access beyond end of device [ 378.917083][ T4900] loop0: rw=1, want=1192, limit=256 [ 378.948328][ T1431] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.954931][ T1431] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.963853][ T4900] attempt to access beyond end of device [ 378.963853][ T4900] loop0: rw=1, want=1256, limit=256 [ 379.001729][ T4900] attempt to access beyond end of device [ 379.001729][ T4900] loop0: rw=1, want=1628, limit=256 [ 379.042277][ T6644] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 379.057452][ T6783] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(7) [ 379.064528][ T6783] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 379.094748][ T6783] vhci_hcd vhci_hcd.0: Device attached [ 379.187251][ T6786] vhci_hcd: connection closed [ 379.207128][ T4903] vhci_hcd: stop threads [ 379.309085][ T4903] vhci_hcd: release socket [ 380.695359][ T4903] vhci_hcd: disconnect device [ 380.966874][ T26] audit: type=1326 audit(1748213879.278:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6802 comm="syz.1.634" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f426f90c969 code=0x7ffc0000 [ 381.636909][ T26] audit: type=1326 audit(1748213879.828:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6802 comm="syz.1.634" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7f426f90c969 code=0x7ffc0000 [ 381.779400][ T6644] device hsr_slave_0 entered promiscuous mode [ 381.795833][ T26] audit: type=1326 audit(1748213879.828:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6802 comm="syz.1.634" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f426f90c969 code=0x7ffc0000 [ 382.608517][ T6644] device hsr_slave_1 entered promiscuous mode [ 382.886595][ T6644] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 382.894537][ T6644] Cannot create hsr debugfs directory [ 383.021980][ T26] audit: type=1326 audit(1748213879.828:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6802 comm="syz.1.634" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f426f90c969 code=0x7ffc0000 [ 383.250759][ T26] audit: type=1326 audit(1748213879.878:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6802 comm="syz.1.634" exe="/root/syz-executor" sig=0 arch=c000003e syscall=289 compat=0 ip=0x7f426f90c969 code=0x7ffc0000 [ 383.487322][ T26] audit: type=1326 audit(1748213879.878:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6802 comm="syz.1.634" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f426f90c969 code=0x7ffc0000 [ 383.806801][ T26] audit: type=1326 audit(1748213879.878:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6802 comm="syz.1.634" exe="/root/syz-executor" sig=0 arch=c000003e syscall=72 compat=0 ip=0x7f426f90c969 code=0x7ffc0000 [ 384.384455][ T26] audit: type=1326 audit(1748213879.878:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6802 comm="syz.1.634" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f426f90c969 code=0x7ffc0000 [ 385.416737][ T26] audit: type=1326 audit(1748213879.878:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6802 comm="syz.1.634" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f426f90c969 code=0x7ffc0000 [ 389.000041][ T4898] device hsr_slave_0 left promiscuous mode [ 389.041025][ T4898] device hsr_slave_1 left promiscuous mode [ 389.154867][ T6880] loop0: detected capacity change from 0 to 128 [ 389.176038][ T4898] device veth1_macvtap left promiscuous mode [ 389.199464][ T4898] device veth0_macvtap left promiscuous mode [ 389.241813][ T4898] device veth1_vlan left promiscuous mode [ 389.372135][ T4898] device veth0_vlan left promiscuous mode [ 389.631687][ T6886] netlink: 56 bytes leftover after parsing attributes in process `syz.0.652'. [ 393.140012][ T4898] team0 (unregistering): Port device geneve0 removed [ 396.026777][ T4331] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 396.366836][ T4331] usb 5-1: Using ep0 maxpacket: 8 [ 396.646984][ T4331] usb 5-1: config 0 interface 0 altsetting 33 endpoint 0x81 has an invalid bInterval 126, changing to 10 [ 396.695805][ T4331] usb 5-1: config 0 interface 0 has no altsetting 0 [ 396.711031][ T4331] usb 5-1: New USB device found, idVendor=18b1, idProduct=0037, bcdDevice= 0.00 [ 397.300355][ T4331] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 397.446063][ T4331] usb 5-1: config 0 descriptor?? [ 399.400124][ T4331] usbhid 5-1:0.0: can't add hid device: -71 [ 399.426723][ T4331] usbhid: probe of 5-1:0.0 failed with error -71 [ 399.467411][ T4331] usb 5-1: USB disconnect, device number 3 [ 399.494573][ T4898] bond0 (unregistering): Released all slaves [ 399.631546][ T6644] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 399.879995][ T6966] binder: BINDER_SET_CONTEXT_MGR already set [ 399.886123][ T6966] binder: 6962:6966 ioctl 4018620d 200000000040 returned -16 [ 399.900153][ T6966] binder: 6962:6966 ioctl c02c5625 200000000100 returned -22 [ 400.379020][ T6644] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 400.579977][ T6644] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 400.720481][ T6644] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 401.033650][ T6965] loop0: detected capacity change from 0 to 32768 [ 401.076873][ T4216] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 401.220865][ T6965] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 401.229249][ T6965] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 401.255367][ T6965] gfs2: fsid=syz:syz.s: journal 0 mapped with 5 extents in 0ms [ 401.775750][ T6644] 8021q: adding VLAN 0 to HW filter on device bond0 [ 401.794751][ T6644] 8021q: adding VLAN 0 to HW filter on device team0 [ 401.816394][ T4900] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 401.845959][ T4900] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 401.884550][ T6965] gfs2: fsid=syz:syz.s: first mount done, others may mount [ 401.920913][ T4900] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 401.947318][ T4900] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 401.973103][ T4900] bridge0: port 1(bridge_slave_0) entered blocking state [ 401.980805][ T4900] bridge0: port 1(bridge_slave_0) entered forwarding state [ 402.049014][ T4900] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 402.058986][ T4900] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 402.068462][ T4900] bridge0: port 2(bridge_slave_1) entered blocking state [ 402.075723][ T4900] bridge0: port 2(bridge_slave_1) entered forwarding state [ 402.082829][ T6978] netlink: 12 bytes leftover after parsing attributes in process `syz.1.678'. [ 402.125478][ T4216] usb 5-1: Using ep0 maxpacket: 8 [ 402.141654][ T4900] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 402.184192][ T4900] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 402.237073][ T4900] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 402.311974][ T4900] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 402.355707][ T4900] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 402.391027][ T4900] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 402.413417][ T4900] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 402.436953][ T4216] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 402.446729][ T4216] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 402.453039][ T6644] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 402.465440][ T4216] usb 5-1: Product: syz [ 402.470275][ T4216] usb 5-1: Manufacturer: syz [ 402.475562][ T4216] usb 5-1: SerialNumber: syz [ 402.483725][ T4216] usb 5-1: config 0 descriptor?? [ 402.495267][ T6644] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 402.508337][ T4900] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 402.519109][ T4900] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 402.531061][ T4900] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 402.558280][ T4900] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 402.624821][ T4900] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 402.659516][ T4900] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 402.797037][ T4216] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 403.860669][ T4900] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 403.878700][ T4900] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 404.518958][ T7019] netlink: get zone limit has 8 unknown bytes [ 404.668784][ T6644] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 405.572189][ T4216] dvb_usb_rtl28xxu: probe of 5-1:0.0 failed with error -71 [ 405.584968][ T4216] usb 5-1: USB disconnect, device number 4 [ 406.450064][ T4317] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 406.489801][ T4317] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 406.586791][ T4260] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 406.640111][ T4260] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 406.800263][ T6644] device veth0_vlan entered promiscuous mode [ 406.835248][ T4260] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 406.851410][ T4260] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 407.719684][ T6644] device veth1_vlan entered promiscuous mode [ 407.787792][ T4900] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 407.997349][ T4900] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 408.012812][ T4900] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 408.223237][ T6644] device veth0_macvtap entered promiscuous mode [ 409.839124][ T6644] device veth1_macvtap entered promiscuous mode [ 409.876859][ T4288] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 409.885204][ T4288] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 410.005664][ T6644] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 410.096587][ T6644] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 410.427883][ T6644] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 410.525835][ T6644] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 410.604220][ T6644] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 411.781014][ T7083] loop4: detected capacity change from 0 to 4096 [ 412.269707][ T7083] ntfs3: loop4: Different NTFS' sector size (1024) and media sector size (512) [ 412.517144][ T7080] overlayfs: missing 'lowerdir' [ 412.705131][ T4317] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 412.804009][ T4317] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 414.028444][ T6644] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 415.735629][ T6644] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 415.826612][ T6644] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 416.157577][ T6644] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 416.204693][ T6644] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 417.027120][ T7121] netlink: 20 bytes leftover after parsing attributes in process `syz.2.705'. [ 417.036418][ T7121] netlink: 4 bytes leftover after parsing attributes in process `syz.2.705'. [ 418.592089][ T7142] loop4: detected capacity change from 0 to 16 [ 418.670288][ T4288] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 418.699466][ T4288] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 418.736718][ T7142] erofs: (device loop4): mounted with root inode @ nid 36. [ 420.689335][ T7153] attempt to access beyond end of device [ 420.689335][ T7153] loop4: rw=524288, want=34359740336, limit=16 [ 421.681964][ T13] Bluetooth: hci2: command 0x0409 tx timeout [ 423.785022][ T4486] Bluetooth: hci2: command 0x041b tx timeout [ 426.321250][ T4214] Bluetooth: hci2: command 0x040f tx timeout [ 426.529357][ T7131] chnl_net:caif_netlink_parms(): no params data found [ 426.947058][ T7224] loop4: detected capacity change from 0 to 40427 [ 427.066160][ T7226] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 427.076473][ T7226] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 427.113351][ T7226] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 427.686058][ T7224] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 427.694114][ T7224] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 427.710708][ T7224] F2FS-fs (loop4): invalid crc value [ 427.781435][ T7224] F2FS-fs (loop4): Found nat_bits in checkpoint [ 427.920085][ T7224] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 427.927608][ T7224] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 428.129805][ T7239] loop0: detected capacity change from 0 to 64 [ 429.131441][ T4172] Bluetooth: hci2: command 0x0419 tx timeout [ 429.421408][ T7131] bridge0: port 1(bridge_slave_0) entered blocking state [ 429.446695][ T7131] bridge0: port 1(bridge_slave_0) entered disabled state [ 429.527835][ T7131] device bridge_slave_0 entered promiscuous mode [ 429.628384][ T7131] bridge0: port 2(bridge_slave_1) entered blocking state [ 429.777601][ T7131] bridge0: port 2(bridge_slave_1) entered disabled state [ 429.799360][ T7131] device bridge_slave_1 entered promiscuous mode [ 430.703695][ T7131] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 430.808387][ T7131] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 432.011466][ T7131] team0: Port device team_slave_0 added [ 432.030141][ T7131] team0: Port device team_slave_1 added [ 434.379460][ T7131] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 434.396650][ T7131] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 434.441533][ T7288] syz.1.741 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 434.446577][ T7131] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 434.507841][ T7131] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 434.576588][ T7131] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 434.624944][ T7288] IPVS: sh: UDP 224.0.0.2:0 - no destination available [ 434.737195][ T7131] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 436.622615][ T7311] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 436.859273][ T7131] device hsr_slave_0 entered promiscuous mode [ 437.401715][ T7131] device hsr_slave_1 entered promiscuous mode [ 438.179880][ T7131] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 438.930879][ T7131] Cannot create hsr debugfs directory [ 440.050668][ T1431] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.057392][ T1431] ieee802154 phy1 wpan1: encryption failed: -22 [ 443.907433][ T7362] xt_NFQUEUE: number of queues (65532) out of range (got 66665) [ 444.482438][ T7131] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 444.557747][ T7131] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 444.744892][ T4438] device hsr_slave_0 left promiscuous mode [ 444.753172][ T4438] device hsr_slave_1 left promiscuous mode [ 444.799173][ T4438] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 444.835970][ T4438] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 444.860283][ T4438] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 444.878156][ T4438] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 444.936003][ T4438] device bridge_slave_1 left promiscuous mode [ 444.990328][ T4438] bridge0: port 2(bridge_slave_1) entered disabled state [ 445.085874][ T4438] device bridge_slave_0 left promiscuous mode [ 445.100866][ T4438] bridge0: port 1(bridge_slave_0) entered disabled state [ 445.166988][ C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 445.221766][ T4438] device veth1_macvtap left promiscuous mode [ 445.279582][ T4438] device veth0_macvtap left promiscuous mode [ 445.285729][ T4438] device veth1_vlan left promiscuous mode [ 445.394271][ T4438] device veth0_vlan left promiscuous mode [ 446.660137][ T4438] team0 (unregistering): Port device team_slave_1 removed [ 446.713967][ T4438] team0 (unregistering): Port device team_slave_0 removed [ 446.777423][ T4438] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 446.820397][ T4438] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 447.681747][ T7398] loop4: detected capacity change from 0 to 1024 [ 447.961582][ T4438] bond0 (unregistering): Released all slaves [ 448.305596][ T7398] EXT4-fs (loop4): Ignoring removed orlov option [ 448.354903][ T7131] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 448.494661][ T7398] EXT4-fs (loop4): mounted filesystem without journal. Opts: nombcache,bsddf,grpquota,nobarrier,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,noauto_da_alloc,stripe=0x0000000000000002,,errors=continue. Quota mode: writeback. [ 448.565112][ T7131] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 450.516563][ T7422] netlink: 24 bytes leftover after parsing attributes in process `syz.1.768'. [ 450.824345][ T7131] 8021q: adding VLAN 0 to HW filter on device bond0 [ 451.172599][ T4898] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 451.197433][ T4898] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 451.264489][ T7131] 8021q: adding VLAN 0 to HW filter on device team0 [ 451.351763][ T4898] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 451.379331][ T4898] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 451.558800][ T4898] bridge0: port 1(bridge_slave_0) entered blocking state [ 451.566017][ T4898] bridge0: port 1(bridge_slave_0) entered forwarding state [ 451.796127][ T4898] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 452.299055][ T7131] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 452.309691][ T7131] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 452.324489][ T4894] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 452.348947][ T4894] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 452.398389][ T4894] bridge0: port 2(bridge_slave_1) entered blocking state [ 452.405504][ T4894] bridge0: port 2(bridge_slave_1) entered forwarding state [ 452.787159][ T4894] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 453.577505][ T4894] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 453.627625][ T4894] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 453.669744][ T4894] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 453.697519][ T4894] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 453.727356][ T4894] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 453.748874][ T4894] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 453.767486][ T4894] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 453.788495][ T4894] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 453.797498][ T4894] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 453.816454][ T4894] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 453.853002][ T4894] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 453.909444][ T7449] netlink: 8 bytes leftover after parsing attributes in process `syz.2.772'. [ 456.592399][ T7476] rdma_op ffff88807dd969f0 conn xmit_rdma 0000000000000000 [ 457.713347][ T7488] loop0: detected capacity change from 0 to 64 [ 463.337166][ T4900] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 463.345242][ T4900] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 464.893437][ T7131] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 466.867406][ T4273] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 466.934941][ T4273] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 467.767198][ T4894] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 467.776401][ T4894] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 467.849306][ T4894] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 467.885694][ T4894] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 468.729953][ T7131] device veth0_vlan entered promiscuous mode [ 468.878824][ T7131] device veth1_vlan entered promiscuous mode [ 469.137101][ T7131] device veth0_macvtap entered promiscuous mode [ 469.150414][ T7131] device veth1_macvtap entered promiscuous mode [ 469.169752][ T7131] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 469.241932][ T7569] xt_CT: You must specify a L4 protocol and not use inversions on it [ 470.014951][ T7131] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 470.095654][ T7131] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 470.450525][ T7577] MPTCP: addr_signal error, add_addr=1, echo=0 [ 471.268091][ T7131] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 471.578110][ T7131] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 471.585661][ T4260] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 471.617334][ T4260] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 471.626029][ T4260] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 471.716099][ T4260] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 471.772231][ T4260] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 471.910950][ T4260] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 471.935290][ T7131] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 471.965643][ T7131] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 472.013867][ T7131] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 472.062409][ T7131] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 472.237171][ T7131] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 472.258467][ T4900] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 472.292363][ T4900] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 472.375502][ T7131] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 473.017421][ T7131] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 473.126894][ T7131] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 473.201718][ T7131] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 473.274102][ T7595] loop0: detected capacity change from 0 to 4096 [ 473.440685][ T7597] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 473.480731][ T26] audit: type=1800 audit(1748214227.802:15): pid=7595 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.797" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 477.735396][ T7612] loop0: detected capacity change from 0 to 64 [ 479.899123][ T4214] Bluetooth: hci5: command 0x0409 tx timeout [ 481.134534][ T7631] loop0: detected capacity change from 0 to 512 [ 482.862222][ T7631] EXT4-fs (loop0): 1 orphan inode deleted [ 482.878154][ T4172] Bluetooth: hci5: command 0x041b tx timeout [ 482.895486][ T7631] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 483.001169][ T7631] ext4 filesystem being mounted at /164/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 483.091577][ T4438] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 483.981839][ T4172] Bluetooth: hci3: command 0x0406 tx timeout [ 485.476372][ T1108] Bluetooth: hci5: command 0x040f tx timeout [ 486.451600][ T7608] chnl_net:caif_netlink_parms(): no params data found [ 486.579337][ T4438] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 487.462674][ T4438] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 488.267269][ T7688] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 488.366793][ T4331] Bluetooth: hci5: command 0x0419 tx timeout [ 489.223355][ T4438] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 491.336670][ T7707] overlayfs: failed to clone upperpath [ 491.563241][ T7608] bridge0: port 1(bridge_slave_0) entered blocking state [ 491.611078][ T7608] bridge0: port 1(bridge_slave_0) entered disabled state [ 491.704392][ T7608] device bridge_slave_0 entered promiscuous mode [ 493.244798][ T7717] loop4: detected capacity change from 0 to 1024 [ 493.258050][ T7608] bridge0: port 2(bridge_slave_1) entered blocking state [ 493.266890][ T7608] bridge0: port 2(bridge_slave_1) entered disabled state [ 493.275324][ T7608] device bridge_slave_1 entered promiscuous mode [ 493.336410][ T7608] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 493.363936][ T7724] netlink: 'syz.0.831': attribute type 10 has an invalid length. [ 493.376739][ T7724] netlink: 210880 bytes leftover after parsing attributes in process `syz.0.831'. [ 493.402208][ T7717] EXT4-fs (loop4): mounted filesystem without journal. Opts: errors=remount-ro,min_batch_time=0x0000000000000005,. Quota mode: none. [ 493.417852][ T7717] ext4 filesystem being mounted at /157/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 493.618191][ T7722] 9pnet: Insufficient options for proto=fd [ 494.041755][ T7737] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters [ 494.872079][ T7737] EXT4-fs (loop4): Remounting filesystem read-only [ 495.214364][ T7608] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 495.288791][ T7747] loop4: detected capacity change from 0 to 256 [ 496.211949][ T7608] team0: Port device team_slave_0 added [ 496.311160][ T7608] team0: Port device team_slave_1 added [ 497.844156][ T7608] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 497.866944][ T7608] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 498.679346][ T7608] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 498.853715][ T7608] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 498.886513][ T7608] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 498.962986][ T7608] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 499.967477][ T7608] device hsr_slave_0 entered promiscuous mode [ 500.249682][ T7608] device hsr_slave_1 entered promiscuous mode [ 500.648896][ T7608] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 501.257876][ T7608] Cannot create hsr debugfs directory [ 501.577025][ T1431] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.583773][ T1431] ieee802154 phy1 wpan1: encryption failed: -22 [ 502.542860][ T7801] ieee802154 phy0 wpan0: encryption failed: -22 [ 502.802433][ T26] audit: type=1326 audit(1748214257.122:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7800 comm="syz.4.846" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a5a0f5969 code=0x7ffc0000 [ 502.981086][ T26] audit: type=1326 audit(1748214257.152:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7800 comm="syz.4.846" exe="/root/syz-executor" sig=0 arch=c000003e syscall=325 compat=0 ip=0x7f0a5a0f5969 code=0x7ffc0000 [ 503.160188][ T26] audit: type=1326 audit(1748214257.152:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7800 comm="syz.4.846" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a5a0f5969 code=0x7ffc0000 [ 503.331362][ T26] audit: type=1326 audit(1748214257.162:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7800 comm="syz.4.846" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f0a5a0f5969 code=0x7ffc0000 [ 503.760521][ T7826] xt_CT: You must specify a L4 protocol and not use inversions on it [ 504.627722][ T26] audit: type=1326 audit(1748214258.952:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7828 comm="syz.1.851" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f426f90c969 code=0x7ffc0000 [ 504.736236][ T26] audit: type=1326 audit(1748214258.952:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7828 comm="syz.1.851" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f426f90c969 code=0x7ffc0000 [ 504.788469][ T26] audit: type=1326 audit(1748214258.952:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7828 comm="syz.1.851" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f426f90c969 code=0x7ffc0000 [ 504.819548][ T26] audit: type=1326 audit(1748214258.952:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7828 comm="syz.1.851" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f426f90c969 code=0x7ffc0000 [ 504.916396][ T26] audit: type=1326 audit(1748214258.952:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7828 comm="syz.1.851" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f426f90c969 code=0x7ffc0000 [ 504.938513][ T7830] delete_channel: no stack [ 504.944251][ T7830] delete_channel: no stack [ 505.106672][ T26] audit: type=1326 audit(1748214258.952:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7828 comm="syz.1.851" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f426f90c969 code=0x7ffc0000 [ 508.073033][ T7863] ax25_connect(): syz.4.860 uses autobind, please contact jreuter@yaina.de [ 508.329235][ T7863] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 509.381929][ T7869] syz.0.862[7869] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 509.382831][ T7869] syz.0.862[7869] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 513.349640][ T4438] device hsr_slave_0 left promiscuous mode [ 513.558426][ T4438] device hsr_slave_1 left promiscuous mode [ 513.578613][ T4438] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 513.607920][ T4438] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 513.657413][ T4438] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 513.664987][ T4438] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 513.777621][ T4438] device bridge_slave_1 left promiscuous mode [ 513.797970][ T4438] bridge0: port 2(bridge_slave_1) entered disabled state [ 513.987135][ T4438] device bridge_slave_0 left promiscuous mode [ 513.993608][ T4438] bridge0: port 1(bridge_slave_0) entered disabled state [ 514.816890][ T4438] device veth1_macvtap left promiscuous mode [ 514.823139][ T4438] device veth0_macvtap left promiscuous mode [ 514.883027][ T4438] device veth1_vlan left promiscuous mode [ 514.926642][ T4438] device veth0_vlan left promiscuous mode [ 516.406780][ T4438] team0 (unregistering): Port device team_slave_1 removed [ 516.439738][ T4438] team0 (unregistering): Port device team_slave_0 removed [ 516.471546][ T4438] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 516.521463][ T4438] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 517.676019][ T7932] loop4: detected capacity change from 0 to 32768 [ 517.795346][ T4438] bond0 (unregistering): Released all slaves [ 517.807145][ T7932] (syz.4.875,7932,1):ocfs2_load_local_alloc:338 ERROR: inconsistent detected, clean journal with unrecovered local alloc, please run fsck.ocfs2! [ 517.807145][ T7932] found = 2, set = 0, taken = 0, off = 0 [ 517.828622][ T7932] (syz.4.875,7932,1):ocfs2_load_local_alloc:355 ERROR: status = -22 [ 517.837035][ T7932] (syz.4.875,7932,1):ocfs2_check_volume:2465 ERROR: status = -22 [ 517.844911][ T7932] (syz.4.875,7932,1):ocfs2_check_volume:2493 ERROR: status = -22 [ 517.852951][ T7932] (syz.4.875,7932,1):ocfs2_mount_volume:1824 ERROR: status = -22 [ 517.871095][ T7932] (syz.4.875,7932,1):ocfs2_fill_super:1177 ERROR: status = -22 [ 518.636857][ T7608] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 518.759495][ T7608] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 518.809877][ T7608] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 519.977765][ T7608] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 526.817060][ T7608] 8021q: adding VLAN 0 to HW filter on device bond0 [ 526.846314][ T7608] 8021q: adding VLAN 0 to HW filter on device team0 [ 527.731082][ T7996] loop4: detected capacity change from 0 to 512 [ 529.063460][ T4317] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 529.095148][ T4317] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 529.269453][ T4317] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 529.356425][ T4317] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 530.168954][ T4317] bridge0: port 1(bridge_slave_0) entered blocking state [ 530.176428][ T4317] bridge0: port 1(bridge_slave_0) entered forwarding state [ 530.633365][ T8004] overlayfs: failed to clone upperpath [ 531.262246][ T4317] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 531.333935][ T4317] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 534.144598][ T4317] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 534.227647][ T8025] loop0: detected capacity change from 0 to 256 [ 535.082241][ T4317] bridge0: port 2(bridge_slave_1) entered blocking state [ 535.089988][ T4317] bridge0: port 2(bridge_slave_1) entered forwarding state [ 535.187925][ T8025] exfat: Unknown parameter 'keep_last_dots' [ 535.295396][ T4317] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 536.088063][ T8038] loop4: detected capacity change from 0 to 64 [ 536.344003][ T8038] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 536.685346][ T4894] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 537.661587][ T4317] Bluetooth: (null): Invalid header checksum [ 537.684055][ T4894] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 537.880522][ T4317] Bluetooth: (null): Invalid header checksum [ 538.389481][ T4317] Bluetooth: (null): Invalid header checksum [ 538.406745][ T4894] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 538.456891][ T4317] Bluetooth: (null): Invalid header checksum [ 538.484978][ T4894] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 538.502697][ T4317] Bluetooth: (null): Invalid header checksum [ 538.510930][ T8060] loop0: detected capacity change from 0 to 1024 [ 538.581044][ T4317] Bluetooth: (null): Invalid header checksum [ 538.588844][ T4894] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 538.677028][ T4894] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 538.713899][ T8060] EXT4-fs (loop0): mounted filesystem without journal. Opts: errors=remount-ro,min_batch_time=0x0000000000000005,. Quota mode: none. [ 538.742445][ T8060] ext4 filesystem being mounted at /190/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 539.254673][ T8077] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters [ 539.849037][ T8077] EXT4-fs (loop0): Remounting filesystem read-only [ 540.229934][ T8086] loop4: detected capacity change from 0 to 256 [ 542.106757][ T1108] Bluetooth: hci2: command 0x0409 tx timeout [ 543.460988][ T8079] chnl_net:caif_netlink_parms(): no params data found [ 544.206905][ T4212] Bluetooth: hci2: command 0x041b tx timeout [ 544.247893][ T8128] UBIFS error (pid: 8128): cannot open "./file0", error -22 [ 544.876189][ T8150] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 546.981438][ T4212] Bluetooth: hci2: command 0x040f tx timeout [ 547.147078][ T8079] bridge0: port 1(bridge_slave_0) entered blocking state [ 547.154199][ T8079] bridge0: port 1(bridge_slave_0) entered disabled state [ 547.243756][ T8079] device bridge_slave_0 entered promiscuous mode [ 547.272036][ T8079] bridge0: port 2(bridge_slave_1) entered blocking state [ 547.414594][ T8079] bridge0: port 2(bridge_slave_1) entered disabled state [ 547.462253][ T8160] loop4: detected capacity change from 0 to 4096 [ 548.338836][ T8079] device bridge_slave_1 entered promiscuous mode [ 548.449115][ T8160] __ntfs_warning: 38 callbacks suppressed [ 548.449133][ T8160] ntfs: (device loop4): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 548.521364][ T8079] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 548.561432][ T8079] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 548.688189][ T8160] ntfs: volume version 3.1. [ 549.835944][ T4213] Bluetooth: hci2: command 0x0419 tx timeout [ 551.114805][ T8079] team0: Port device team_slave_0 added [ 551.309369][ T8079] team0: Port device team_slave_1 added [ 552.093295][ T8079] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 552.118887][ T8079] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 552.246952][ T8079] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 552.338744][ T8079] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 552.366266][ T8079] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 552.482612][ T8079] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 552.708219][ T8079] device hsr_slave_0 entered promiscuous mode [ 552.794631][ T8079] device hsr_slave_1 entered promiscuous mode [ 553.688585][ T8079] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 553.696195][ T8079] Cannot create hsr debugfs directory [ 556.160213][ T8079] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 557.308822][ T8260] xt_l2tp: wrong L2TP version: 0 [ 557.915049][ T8079] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 558.014293][ T8079] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 558.397967][ T8276] block device autoloading is deprecated. It will be removed in Linux 5.19 [ 558.802026][ T8266] device dummy0 entered promiscuous mode [ 558.820768][ T8266] device macsec1 entered promiscuous mode [ 558.930921][ T8266] device dummy0 left promiscuous mode [ 559.395168][ T8079] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 559.943408][ T4183] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201' [ 559.953822][ T4183] CPU: 0 PID: 4183 Comm: kworker/u5:6 Not tainted 5.15.184-syzkaller #0 [ 559.962339][ T4183] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 559.972397][ T4183] Workqueue: hci1 hci_rx_work [ 559.977970][ T4183] Call Trace: [ 559.981804][ T4183] [ 559.984741][ T4183] dump_stack_lvl+0x168/0x230 [ 559.989459][ T4183] ? show_regs_print_info+0x20/0x20 [ 559.994660][ T4183] ? load_image+0x3b0/0x3b0 [ 559.999168][ T4183] sysfs_create_dir_ns+0x252/0x280 [ 560.004288][ T4183] ? __lock_acquire+0x7c60/0x7c60 [ 560.009323][ T4183] ? sysfs_warn_dup+0xa0/0xa0 [ 560.014045][ T4183] ? le_conn_complete_evt+0xcbc/0x1590 [ 560.019624][ T4183] ? hci_event_packet+0xe05/0x12f0 [ 560.024736][ T4183] ? process_one_work+0x863/0x1000 [ 560.029877][ T4183] ? do_raw_spin_unlock+0x11d/0x230 [ 560.035079][ T4183] kobject_add_internal+0x662/0xd00 [ 560.040287][ T4183] kobject_add+0x152/0x210 [ 560.044709][ T4183] ? kobject_init+0x1d0/0x1d0 [ 560.049403][ T4183] ? klist_children_get+0x50/0x50 [ 560.055234][ T4183] ? get_device_parent+0x121/0x3f0 [ 560.060606][ T4183] device_add+0x483/0xfb0 [ 560.065064][ T4183] hci_conn_add_sysfs+0xd1/0x1e0 [ 560.070256][ T4183] le_conn_complete_evt+0xcbc/0x1590 [ 560.075679][ T4183] ? cs_le_create_conn+0x5e0/0x5e0 [ 560.080814][ T4183] ? __mutex_trylock_common+0x14f/0x250 [ 560.087060][ T4183] hci_le_meta_evt+0x289/0x3b80 [ 560.092013][ T4183] ? hci_event_packet+0x36d/0x12f0 [ 560.097292][ T4183] ? hci_event_packet+0x2e2/0x12f0 [ 560.102703][ T4183] ? __lock_acquire+0x7c60/0x7c60 [ 560.107852][ T4183] ? hci_remote_host_features_evt+0x280/0x280 [ 560.114110][ T4183] ? __mutex_unlock_slowpath+0x19e/0x6a0 [ 560.119979][ T4183] ? mark_lock+0x94/0x320 [ 560.124415][ T4183] ? mutex_unlock+0x10/0x10 [ 560.128919][ T4183] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 560.135569][ T4183] ? lock_chain_count+0x20/0x20 [ 560.140732][ T4183] ? __rwlock_init+0x140/0x140 [ 560.145529][ T4183] hci_event_packet+0xe05/0x12f0 [ 560.150568][ T4183] ? lockdep_hardirqs_on+0x94/0x140 [ 560.155934][ T4183] ? rcu_lock_release+0x20/0x20 [ 560.160814][ T4183] ? hci_send_to_monitor+0x9c/0x4a0 [ 560.166033][ T4183] hci_rx_work+0x255/0xa10 [ 560.170524][ T4183] process_one_work+0x863/0x1000 [ 560.175570][ T4183] ? worker_detach_from_pool+0x240/0x240 [ 560.181289][ T4183] ? lockdep_hardirqs_off+0x70/0x100 [ 560.187048][ T4183] ? _raw_spin_lock_irq+0xab/0xe0 [ 560.192613][ T4183] ? _raw_spin_lock_irqsave+0xf0/0xf0 [ 560.198259][ T4183] ? wq_worker_running+0x97/0x170 [ 560.203595][ T4183] worker_thread+0xaa8/0x12a0 [ 560.208399][ T4183] kthread+0x436/0x520 [ 560.212572][ T4183] ? rcu_lock_release+0x20/0x20 [ 560.217424][ T4183] ? kthread_blkcg+0xd0/0xd0 [ 560.222016][ T4183] ret_from_fork+0x1f/0x30 [ 560.226451][ T4183] [ 560.383254][ T4183] kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 560.396775][ T4183] Bluetooth: hci1: failed to register connection device [ 564.410812][ T1431] ieee802154 phy0 wpan0: encryption failed: -22 [ 564.417195][ T1431] ieee802154 phy1 wpan1: encryption failed: -22 [ 567.549478][ T8079] 8021q: adding VLAN 0 to HW filter on device bond0 [ 569.412121][ T8079] 8021q: adding VLAN 0 to HW filter on device team0 [ 569.538648][ T4273] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 569.597445][ T4273] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 569.605866][ T4273] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 569.900905][ T4273] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 570.116198][ T4273] bridge0: port 1(bridge_slave_0) entered blocking state [ 570.123411][ T4273] bridge0: port 1(bridge_slave_0) entered forwarding state [ 570.241292][ T4273] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 570.296521][ T8371] netlink: 24 bytes leftover after parsing attributes in process `syz.4.965'. [ 570.862245][ T4273] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 571.113498][ T4273] bridge0: port 2(bridge_slave_1) entered blocking state [ 571.120910][ T4273] bridge0: port 2(bridge_slave_1) entered forwarding state [ 571.259455][ T4273] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 571.386093][ T8321] udevd[8321]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 571.386970][ T4273] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 571.444805][ T4273] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 571.563024][ T4273] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 571.589433][ T8321] udevd[8321]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 571.806521][ T8391] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 571.971021][ T4273] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 571.987851][ T8387] xt_TCPMSS: Only works on TCP SYN packets [ 571.997893][ T4273] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 572.034386][ T4273] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 572.976914][ T4273] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 572.985659][ T4273] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 573.635522][ T8412] overlayfs: failed to clone upperpath [ 574.160356][ T4273] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 574.653606][ T4273] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 574.670801][ T4273] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 575.289234][ T8079] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 575.814302][ T8440] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 576.088701][ T26] audit: type=1326 audit(1748214330.172:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8430 comm="syz.0.980" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb0a193969 code=0x7ffc0000 [ 576.677125][ T26] audit: type=1326 audit(1748214330.172:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8430 comm="syz.0.980" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb0a193969 code=0x7ffc0000 [ 576.827104][ T4217] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 576.838119][ T26] audit: type=1326 audit(1748214330.172:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8430 comm="syz.0.980" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fdb0a193969 code=0x7ffc0000 [ 576.871828][ T26] audit: type=1326 audit(1748214330.172:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8430 comm="syz.0.980" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb0a193969 code=0x7ffc0000 [ 577.149065][ T8449] loop0: detected capacity change from 0 to 764 [ 577.210243][ T26] audit: type=1326 audit(1748214330.182:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8430 comm="syz.0.980" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb0a193969 code=0x7ffc0000 [ 577.329315][ T8449] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 577.647730][ T8451] overlayfs: failed to resolve './file1': -2 [ 577.825942][ T26] audit: type=1326 audit(1748214330.182:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8430 comm="syz.0.980" exe="/root/syz-executor" sig=0 arch=c000003e syscall=72 compat=0 ip=0x7fdb0a193969 code=0x7ffc0000 [ 577.876495][ T4438] device hsr_slave_0 left promiscuous mode [ 577.956576][ T4438] device hsr_slave_1 left promiscuous mode [ 578.013861][ T4438] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 578.043096][ T26] audit: type=1326 audit(1748214330.182:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8430 comm="syz.0.980" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb0a193969 code=0x7ffc0000 [ 578.086845][ T26] audit: type=1326 audit(1748214330.182:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8430 comm="syz.0.980" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb0a193969 code=0x7ffc0000 [ 578.110377][ T4217] usb 5-1: config index 0 descriptor too short (expected 23569, got 27) [ 578.120074][ T4217] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 578.552905][ T4438] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 578.622726][ T26] audit: type=1326 audit(1748214330.182:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8430 comm="syz.0.980" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdb0a193969 code=0x7ffc0000 [ 578.736657][ T4217] usb 5-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 578.770541][ T4217] usb 5-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 578.840957][ T4217] usb 5-1: config 0 descriptor?? [ 579.071073][ T4438] device bridge_slave_1 left promiscuous mode [ 579.096712][ T4217] usb 5-1: can't set config #0, error -71 [ 579.107835][ T4438] bridge0: port 2(bridge_slave_1) entered disabled state [ 579.116607][ T26] audit: type=1326 audit(1748214330.192:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8430 comm="syz.0.980" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdb0a193969 code=0x7ffc0000 [ 579.117165][ T4217] usb 5-1: USB disconnect, device number 5 [ 580.671550][ T4438] device bridge_slave_0 left promiscuous mode [ 580.680340][ T4438] bridge0: port 1(bridge_slave_0) entered disabled state [ 583.543616][ T8496] loop4: detected capacity change from 0 to 2048 [ 583.571922][ T8496] UDF-fs: bad mount option "lastblock=000000000000000000051partition=00000€" or missing value [ 583.889543][ T4438] team0 (unregistering): Port device team_slave_1 removed [ 583.918733][ T4438] team0 (unregistering): Port device team_slave_0 removed [ 584.768744][ T4438] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 584.857078][ T4438] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 586.850486][ T4438] bond0 (unregistering): Released all slaves [ 586.893244][ T8515] capability: warning: `syz.4.998' uses 32-bit capabilities (legacy support in use) [ 587.171940][ T8493] tipc: Started in network mode [ 587.177482][ T8493] tipc: Node identity 5f4c3a21e191f5aa403a, cluster identity 4711 [ 587.405683][ T8526] loop0: detected capacity change from 0 to 64 [ 587.445872][ T8528] netlink: 20 bytes leftover after parsing attributes in process `syz.1.999'. [ 587.516127][ T8526] hfs: unable to change codepage [ 587.526600][ T8526] hfs: unable to parse mount options [ 589.702041][ T8528] team0 (unregistering): Port device team_slave_0 removed [ 589.720331][ T8549] loop0: detected capacity change from 0 to 2048 [ 589.841342][ T8549] UDF-fs: bad mount option "lastblock=000000000000000000051partition=00000€" or missing value [ 591.200357][ T8528] team0 (unregistering): Port device team_slave_1 removed [ 591.368633][ T4273] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 591.376199][ T4273] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 591.517481][ T8079] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 595.037881][ T4894] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 595.058028][ T4894] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 595.097214][ T4894] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 595.126839][ T4894] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 595.214823][ T8079] device veth0_vlan entered promiscuous mode [ 595.223196][ T4894] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 595.264116][ T4894] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 595.423600][ T8079] device veth1_vlan entered promiscuous mode [ 596.254845][ T4260] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 597.327479][ T4273] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 597.349894][ T4273] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 598.422515][ T8619] loop0: detected capacity change from 0 to 512 [ 602.526789][ T4212] Bluetooth: hci2: command 0x0409 tx timeout [ 604.484254][ T8645] chnl_net:caif_netlink_parms(): no params data found [ 605.576768][ T4216] Bluetooth: hci2: command 0x041b tx timeout [ 605.867226][ T8645] bridge0: port 1(bridge_slave_0) entered blocking state [ 605.874422][ T8645] bridge0: port 1(bridge_slave_0) entered disabled state [ 606.191179][ T8645] device bridge_slave_0 entered promiscuous mode [ 606.526305][ T8645] bridge0: port 2(bridge_slave_1) entered blocking state [ 606.642338][ T8645] bridge0: port 2(bridge_slave_1) entered disabled state [ 606.705979][ T8645] device bridge_slave_1 entered promiscuous mode [ 606.939876][ T8718] loop4: detected capacity change from 0 to 16 [ 607.018473][ T8718] erofs: (device loop4): mounted with root inode @ nid 36. [ 607.088324][ T8645] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 607.365229][ T8645] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 608.249829][ T4212] Bluetooth: hci2: command 0x040f tx timeout [ 608.492690][ T8645] team0: Port device team_slave_0 added [ 608.630886][ T8645] team0: Port device team_slave_1 added [ 609.105981][ T8739] loop4: detected capacity change from 0 to 40427 [ 609.138274][ T8645] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 609.145369][ T8645] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 609.257223][ T8739] F2FS-fs (loop4): Found nat_bits in checkpoint [ 609.327789][ T8739] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 609.387810][ T8645] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 609.518820][ T8645] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 609.550279][ T8645] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 609.844104][ T8645] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 611.104296][ T8750] attempt to access beyond end of device [ 611.104296][ T8750] loop4: rw=2049, want=45104, limit=40427 [ 611.217961][ T4212] Bluetooth: hci2: command 0x0419 tx timeout [ 611.981394][ T4170] attempt to access beyond end of device [ 611.981394][ T4170] loop4: rw=2049, want=45112, limit=40427 [ 612.174831][ T8645] device hsr_slave_0 entered promiscuous mode [ 612.267025][ T8645] device hsr_slave_1 entered promiscuous mode [ 612.336694][ T8645] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 612.344323][ T8645] Cannot create hsr debugfs directory [ 622.655278][ T8854] overlayfs: failed to clone upperpath [ 625.997686][ T8645] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 626.220465][ T8645] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 627.924737][ T8645] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 627.957949][ T8645] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 629.481193][ T4438] device hsr_slave_0 left promiscuous mode [ 629.503938][ T1431] ieee802154 phy0 wpan0: encryption failed: -22 [ 629.503989][ T1431] ieee802154 phy1 wpan1: encryption failed: -22 [ 629.604828][ T4438] device hsr_slave_1 left promiscuous mode [ 629.654130][ T4438] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 629.741168][ T4438] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 629.807121][ T4438] device bridge_slave_1 left promiscuous mode [ 629.852069][ T4438] bridge0: port 2(bridge_slave_1) entered disabled state [ 630.308062][ T4438] device bridge_slave_0 left promiscuous mode [ 630.381870][ T4438] bridge0: port 1(bridge_slave_0) entered disabled state [ 630.497154][ T4438] device veth1_vlan left promiscuous mode [ 630.516693][ T4438] device veth0_vlan left promiscuous mode [ 630.609253][ T8923] xt_TCPMSS: Only works on TCP SYN packets [ 632.371827][ T4438] team0 (unregistering): Port device team_slave_1 removed [ 632.698403][ T4438] team0 (unregistering): Port device team_slave_0 removed [ 632.820328][ T4438] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 633.265871][ T4438] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 635.484857][ T4438] bond0 (unregistering): Released all slaves [ 635.671111][ T8645] 8021q: adding VLAN 0 to HW filter on device bond0 [ 635.705701][ T8979] xt_TCPMSS: Only works on TCP SYN packets [ 635.928438][ T4898] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 637.007284][ T4898] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 637.909194][ T8645] 8021q: adding VLAN 0 to HW filter on device team0 [ 640.073961][ T9008] loop4: detected capacity change from 0 to 64 [ 640.744333][ T4896] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 640.797521][ T4896] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 640.839962][ T4896] bridge0: port 1(bridge_slave_0) entered blocking state [ 640.847392][ T4896] bridge0: port 1(bridge_slave_0) entered forwarding state [ 641.102869][ T4896] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 641.116866][ T4896] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 642.347818][ T4896] bridge0: port 2(bridge_slave_1) entered blocking state [ 642.355044][ T4896] bridge0: port 2(bridge_slave_1) entered forwarding state [ 642.388002][ T4896] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 642.426347][ T4260] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 645.157969][ T4260] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 645.189169][ T4260] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 645.291691][ T4260] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 645.302976][ T4260] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 645.481270][ T4260] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 645.548352][ T4260] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 646.179753][ T8684] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 646.220146][ T8684] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 646.341607][ T4898] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 646.381935][ T4898] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 646.412200][ T8645] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 646.615697][ T9061] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 646.628042][ T9061] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 652.540359][ T8684] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 652.567030][ T8684] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 652.589017][ T8645] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 653.942218][ T9112] IPVS: sync thread started: state = MASTER, mcast_ifn = batadv_slave_0, syncid = 0, id = 0 [ 654.051772][ T9114] tipc: Started in network mode [ 654.066532][ T9114] tipc: Node identity 4, cluster identity 4711 [ 654.113722][ T9114] tipc: Node number set to 4 [ 655.534538][ T4260] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 655.875827][ T4260] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 655.998993][ T4260] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 656.147476][ T4260] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 656.190887][ T4260] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 656.221500][ T4260] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 656.374755][ T8645] device veth0_vlan entered promiscuous mode [ 656.713041][ T8645] device veth1_vlan entered promiscuous mode [ 657.228124][ T8684] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 657.826162][ T8684] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 657.860316][ T8645] device veth0_macvtap entered promiscuous mode [ 658.615661][ T9158] overlayfs: failed to clone upperpath [ 663.646626][ T4216] Bluetooth: hci2: command 0x0409 tx timeout [ 664.910765][ C1] hrtimer: interrupt took 87407 ns [ 665.797058][ T21] Bluetooth: hci2: command 0x041b tx timeout [ 667.800260][ T9177] chnl_net:caif_netlink_parms(): no params data found [ 667.808045][ T21] Bluetooth: hci2: command 0x040f tx timeout [ 668.020960][ T9244] "syz.2.1166" (9244) uses obsolete ecb(arc4) skcipher [ 669.740769][ T9263] batman_adv: Cannot find parent device [ 669.748179][ T9263] batman_adv: batadv0: Adding interface: gretap1 [ 669.754795][ T9263] batman_adv: batadv0: The MTU of interface gretap1 is too small (1462) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 669.782046][ T9263] batman_adv: batadv0: Not using interface gretap1 (retrying later): interface not active [ 669.886721][ T21] Bluetooth: hci2: command 0x0419 tx timeout [ 669.967861][ T9177] bridge0: port 1(bridge_slave_0) entered blocking state [ 669.975499][ T9177] bridge0: port 1(bridge_slave_0) entered disabled state [ 670.111890][ T9177] device bridge_slave_0 entered promiscuous mode [ 670.158078][ T9177] bridge0: port 2(bridge_slave_1) entered blocking state [ 670.165295][ T9177] bridge0: port 2(bridge_slave_1) entered disabled state [ 670.177626][ T9177] device bridge_slave_1 entered promiscuous mode [ 670.879671][ T9177] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 671.239296][ T9177] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 671.935518][ T9177] team0: Port device team_slave_0 added [ 671.986938][ T9177] team0: Port device team_slave_1 added [ 672.769612][ T9177] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 672.800324][ T9177] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 672.952434][ T9177] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 675.189943][ T9177] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 675.949561][ T9177] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 676.136615][ T9177] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 676.319149][ T9330] xt_ecn: cannot match TCP bits for non-tcp packets [ 676.422963][ T9334] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic [ 677.658626][ T26] kauditd_printk_skb: 7 callbacks suppressed [ 677.658666][ T26] audit: type=1107 audit(1748214431.972:81): pid=9336 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='1' [ 681.712277][ T9177] device hsr_slave_0 entered promiscuous mode [ 681.751422][ T9177] device hsr_slave_1 entered promiscuous mode [ 681.768668][ T9177] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 681.777272][ T9177] Cannot create hsr debugfs directory [ 681.978737][ T4438] device hsr_slave_0 left promiscuous mode [ 681.997814][ T4438] device hsr_slave_1 left promiscuous mode [ 682.007249][ T4438] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 682.178878][ T4438] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 684.263208][ T4438] device bridge_slave_1 left promiscuous mode [ 684.269905][ T4438] bridge0: port 2(bridge_slave_1) entered disabled state [ 685.306290][ T4438] device bridge_slave_0 left promiscuous mode [ 685.315420][ T4438] bridge0: port 1(bridge_slave_0) entered disabled state [ 685.353159][ T4438] device veth0_macvtap left promiscuous mode [ 685.420423][ T4438] device veth1_vlan left promiscuous mode [ 685.460981][ T4438] device veth0_vlan left promiscuous mode [ 686.053916][ T4438] team0 (unregistering): Port device team_slave_1 removed [ 686.091942][ T4438] team0 (unregistering): Port device team_slave_0 removed [ 686.115029][ T4438] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 686.157093][ T4438] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 686.561945][ T4438] bond0 (unregistering): Released all slaves [ 687.461442][ T9388] netlink: 'syz.2.1198': attribute type 4 has an invalid length. [ 687.569018][ T9390] netlink: 'syz.2.1198': attribute type 4 has an invalid length. [ 689.122356][ T9425] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1208'. [ 690.930210][ T1431] ieee802154 phy0 wpan0: encryption failed: -22 [ 690.936637][ T1431] ieee802154 phy1 wpan1: encryption failed: -22 [ 691.308499][ T9177] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 691.832362][ T9177] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 691.931564][ T9465] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1216'. [ 692.905659][ T9177] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 693.314164][ T9177] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 699.489153][ T9177] 8021q: adding VLAN 0 to HW filter on device bond0 [ 699.726530][ T9522] loop4: detected capacity change from 0 to 64 [ 701.504095][ T4898] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 701.547809][ T4898] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 701.962122][ T9177] 8021q: adding VLAN 0 to HW filter on device team0 [ 702.054369][ T4900] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 702.096067][ T4900] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 702.126906][ T4900] bridge0: port 1(bridge_slave_0) entered blocking state [ 702.134055][ T4900] bridge0: port 1(bridge_slave_0) entered forwarding state [ 702.231535][ T4900] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 702.354694][ T4900] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 703.783061][ T4900] bridge0: port 2(bridge_slave_1) entered blocking state [ 703.790267][ T4900] bridge0: port 2(bridge_slave_1) entered forwarding state [ 703.897940][ T4900] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 703.937405][ T4900] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 704.246087][ T9560] netlink: 64 bytes leftover after parsing attributes in process `syz.0.1241'. [ 706.002934][ T4900] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 706.024207][ T4233] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 706.038067][ T4233] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 706.047846][ T4233] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 706.058561][ T4233] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 706.067641][ T4233] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 706.076197][ T4233] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 706.085422][ T4233] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 706.174971][ T9177] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 706.347754][ T9177] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 706.356366][ T4900] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 708.780781][ T4900] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 712.651870][ T9177] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 712.785836][ T8684] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 712.823030][ T8684] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 714.399155][ T9622] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1255'. [ 716.573991][ T9655] loop4: detected capacity change from 0 to 164 [ 717.730490][ T9661] overlayfs: failed to clone upperpath [ 718.273689][ T4260] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 718.523370][ T4260] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 718.900970][ T4260] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 719.048228][ T4260] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 719.272685][ T9669] xt_ecn: cannot match TCP bits for non-tcp packets [ 719.417182][ T4260] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 719.430780][ T4260] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 724.908927][ T26] audit: type=1400 audit(1748214734.444:82): apparmor="DENIED" operation="stack_onexec" info="label not found" error=-22 profile="unconfined" name="&" pid=9698 comm="syz.4.1273" [ 725.329159][ T9709] loop4: detected capacity change from 0 to 764 [ 725.792293][ T9723] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1278'. [ 726.180744][ T9709] rock: directory entry would overflow storage [ 726.187666][ T9709] rock: sig=0x4f50, size=4, remaining=3 [ 726.193253][ T9709] iso9660: Corrupted directory entry in block 4 of inode 1792 [ 727.646450][ T4255] Bluetooth: hci2: command 0x0409 tx timeout [ 729.761821][ T4486] Bluetooth: hci2: command 0x041b tx timeout [ 731.815749][ T4255] Bluetooth: hci2: command 0x040f tx timeout [ 732.208272][ T9716] chnl_net:caif_netlink_parms(): no params data found [ 733.320169][ T9716] bridge0: port 1(bridge_slave_0) entered blocking state [ 733.359423][ T9716] bridge0: port 1(bridge_slave_0) entered disabled state [ 733.387608][ T9716] device bridge_slave_0 entered promiscuous mode [ 734.432782][ T4255] Bluetooth: hci2: command 0x0419 tx timeout [ 735.039667][ T9716] bridge0: port 2(bridge_slave_1) entered blocking state [ 735.056277][ T9716] bridge0: port 2(bridge_slave_1) entered disabled state [ 735.585612][ T9716] device bridge_slave_1 entered promiscuous mode [ 737.006601][ C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 737.950924][ T9716] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 738.068723][ T9716] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 738.178791][ T9716] team0: Port device team_slave_0 added [ 738.219204][ T9716] team0: Port device team_slave_1 added [ 738.374510][ T9716] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 738.396432][ T9716] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 738.485535][ T9716] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 738.659423][ T9716] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 738.702994][ T9716] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 738.806348][ T9716] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 739.031771][ T9716] device hsr_slave_0 entered promiscuous mode [ 739.166945][ T9716] device hsr_slave_1 entered promiscuous mode [ 739.196747][ T9716] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 739.204361][ T9716] Cannot create hsr debugfs directory [ 743.926779][ T9899] uffd: Set unprivileged_userfaultfd sysctl knob to 1 if kernel faults must be handled without obtaining CAP_SYS_PTRACE capability [ 745.464730][ T9716] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 745.551833][ T9716] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 745.595924][ T9716] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 745.641947][ T9716] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 745.685710][ T4438] device hsr_slave_0 left promiscuous mode [ 745.710681][ T4438] device hsr_slave_1 left promiscuous mode [ 745.732100][ T4438] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 745.760684][ T4438] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 745.782054][ T4438] device bridge_slave_1 left promiscuous mode [ 745.800090][ T4438] bridge0: port 2(bridge_slave_1) entered disabled state [ 745.833208][ T4438] device bridge_slave_0 left promiscuous mode [ 745.859983][ T4438] bridge0: port 1(bridge_slave_0) entered disabled state [ 746.298204][ T4438] team0 (unregistering): Port device team_slave_1 removed [ 746.323349][ T4438] team0 (unregistering): Port device team_slave_0 removed [ 746.348569][ T4438] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 746.365442][ T4438] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 746.471544][ T4438] bond0 (unregistering): Released all slaves [ 746.833884][ T9716] 8021q: adding VLAN 0 to HW filter on device bond0 [ 746.886076][ T4898] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 746.895676][ T4898] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 746.916193][ T9716] 8021q: adding VLAN 0 to HW filter on device team0 [ 746.951685][ T4898] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 746.975669][ T4898] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 747.018331][ T4898] bridge0: port 1(bridge_slave_0) entered blocking state [ 747.025723][ T4898] bridge0: port 1(bridge_slave_0) entered forwarding state [ 749.039568][ T4898] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 749.218003][ T4898] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 749.227729][ T4898] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 749.237037][ T4898] bridge0: port 2(bridge_slave_1) entered blocking state [ 749.244506][ T4898] bridge0: port 2(bridge_slave_1) entered forwarding state [ 749.253780][ T4898] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 749.273759][ T4898] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 750.352149][ T9716] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 751.156743][ T9716] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 751.308538][ T9971] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0. [ 752.379845][ T1431] ieee802154 phy0 wpan0: encryption failed: -22 [ 752.379885][ T1431] ieee802154 phy1 wpan1: encryption failed: -22 [ 856.736255][ C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 856.736277][ C1] rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P9953/1:b..l [ 856.737217][ C1] (detected by 1, t=10502 jiffies, g=34309, q=96) [ 856.737238][ C1] task:syz.2.1319 state:R running task stack:27552 pid: 9953 ppid: 4572 flags:0x00004000 [ 856.737286][ C1] Call Trace: [ 856.737294][ C1] [ 856.737309][ C1] __schedule+0x11b8/0x43b0 [ 856.737369][ C1] ? release_firmware_map_entry+0x190/0x190 [ 856.737399][ C1] ? preempt_schedule_irq+0xa6/0x150 [ 856.737425][ C1] preempt_schedule_irq+0xb1/0x150 [ 856.737448][ C1] ? __cond_resched+0xb0/0xb0 [ 856.737471][ C1] ? rcu_is_watching+0x11/0xa0 [ 856.737495][ C1] ? rcu_irq_exit_check_preempt+0xdb/0x200 [ 856.737518][ C1] irqentry_exit+0x63/0x70 [ 856.737540][ C1] asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 856.737574][ C1] RIP: 0010:lock_acquire+0x1f2/0x3f0 [ 856.737608][ C1] Code: 00 9c 8f 84 24 80 00 00 00 f6 84 24 81 00 00 00 02 0f 85 f6 00 00 00 41 f7 c6 00 02 00 00 74 01 fb 48 c7 44 24 60 0e 36 e0 45 <4b> c7 44 3d 00 00 00 00 00 66 43 c7 44 3d 09 00 00 43 c6 44 3d 0b [ 856.737632][ C1] RSP: 0018:ffffc9000348f4a0 EFLAGS: 00000206 [ 856.737652][ C1] RAX: 0000000000000001 RBX: 0000000000000000 RCX: d2a04f67ba6e7100 [ 856.737667][ C1] RDX: 0000000000000000 RSI: ffffffff8a0b2460 RDI: ffffffff8a59a700 [ 856.737682][ C1] RBP: ffffc9000348f5c0 R08: dffffc0000000000 R09: fffffbfff1ff3619 [ 856.737699][ C1] R10: fffffbfff1ff3619 R11: 1ffffffff1ff3618 R12: ffffffff8c11c060 [ 856.737715][ C1] R13: 1ffff92000691ea0 R14: 0000000000000246 R15: dffffc0000000000 [ 856.737756][ C1] ? __kasan_slab_alloc+0x9c/0xd0 [ 856.737779][ C1] ? slab_post_alloc_hook+0x4c/0x380 [ 856.737800][ C1] ? read_lock_is_recursive+0x10/0x10 [ 856.737831][ C1] ? deref_stack_reg+0xd0/0x120 [ 856.737854][ C1] ? preempt_count_add+0x8d/0x190 [ 856.737881][ C1] rcu_lock_acquire+0x2a/0x30 [ 856.737902][ C1] ? rcu_lock_acquire+0x5/0x30 [ 856.737920][ C1] is_bpf_text_address+0x1d/0x270 [ 856.737950][ C1] __kernel_text_address+0x9a/0x100 [ 856.737976][ C1] unwind_get_return_address+0x49/0x80 [ 856.737999][ C1] ? stack_trace_save+0xe0/0xe0 [ 856.738019][ C1] arch_stack_walk+0xf2/0x140 [ 856.738055][ C1] stack_trace_save+0x98/0xe0 [ 856.738075][ C1] ? stack_trace_snprint+0xf0/0xf0 [ 856.738107][ C1] __kasan_kmalloc+0xb5/0xf0 [ 856.738129][ C1] ? __kasan_kmalloc+0xb5/0xf0 [ 856.738150][ C1] ? __vmalloc_node_range+0x2dd/0x8b0 [ 856.738172][ C1] ? __vmalloc_node_range+0x28f/0x8b0 [ 856.738193][ C1] ? vmalloc_user+0x70/0x80 [ 856.738213][ C1] ? kcov_mmap+0x27/0x120 [ 856.738232][ C1] ? mmap_file+0x5d/0xb0 [ 856.738251][ C1] ? mmap_region+0xd0d/0x15e0 [ 856.738273][ C1] ? do_mmap+0x77a/0xdf0 [ 856.738293][ C1] ? vm_mmap_pgoff+0x1b2/0x2b0 [ 856.738312][ C1] ? ksys_mmap_pgoff+0x542/0x780 [ 856.738334][ C1] ? do_syscall_64+0x4c/0xa0 [ 856.738353][ C1] ? entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 856.738423][ C1] __vmalloc_node_range+0x2dd/0x8b0 [ 856.738458][ C1] ? kcov_mmap+0x27/0x120 [ 856.738478][ C1] __vmalloc_node_range+0x28f/0x8b0 [ 856.738501][ C1] ? kcov_mmap+0x27/0x120 [ 856.738533][ C1] vmalloc_user+0x70/0x80 [ 856.738556][ C1] ? kcov_mmap+0x27/0x120 [ 856.738575][ C1] kcov_mmap+0x27/0x120 [ 856.738604][ C1] mmap_file+0x5d/0xb0 [ 856.738626][ C1] mmap_region+0xd0d/0x15e0 [ 856.738659][ C1] ? security_mmap_addr+0x6e/0x90 [ 856.738694][ C1] do_mmap+0x77a/0xdf0 [ 856.738727][ C1] vm_mmap_pgoff+0x1b2/0x2b0 [ 856.738756][ C1] ? account_locked_vm+0xe0/0xe0 [ 856.738778][ C1] ? __fget_files+0x40f/0x480 [ 856.738810][ C1] ksys_mmap_pgoff+0x542/0x780 [ 856.738840][ C1] ? mmap_region+0x15e0/0x15e0 [ 856.738868][ C1] ? lockdep_hardirqs_on+0x94/0x140 [ 856.738896][ C1] do_syscall_64+0x4c/0xa0 [ 856.738916][ C1] ? clear_bhb_loop+0x30/0x80 [ 856.738935][ C1] ? clear_bhb_loop+0x30/0x80 [ 856.738956][ C1] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 856.738981][ C1] RIP: 0033:0x7fb4651d59a3 [ 856.738999][ C1] RSP: 002b:00007ffcdeee72b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 856.739021][ C1] RAX: ffffffffffffffda RBX: 00007fb4653fd2d8 RCX: 00007fb4651d59a3 [ 856.739037][ C1] RDX: 0000000000000003 RSI: 0000000000400000 RDI: 00007fb462bda000 [ 856.739051][ C1] RBP: 00007fb4653fd240 R08: 00000000000000db R09: 0000000000000000 [ 856.739065][ C1] R10: 0000000000000011 R11: 0000000000000246 R12: 00007fb4653fcfa0 [ 856.739080][ C1] R13: 00007fb4653fd240 R14: 0000000000001c25 R15: 0000000000000006 [ 856.739111][ C1] [ 856.739119][ C1] rcu: rcu_preempt kthread starved for 9872 jiffies! g34309 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1 [ 856.739143][ C1] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 856.739153][ C1] rcu: RCU grace-period kthread stack dump: [ 856.739161][ C1] task:rcu_preempt state:R running task stack:27464 pid: 15 ppid: 2 flags:0x00004000 [ 856.739200][ C1] Call Trace: [ 856.739207][ C1] [ 856.739219][ C1] __schedule+0x11b8/0x43b0 [ 856.739267][ C1] ? release_firmware_map_entry+0x190/0x190 [ 856.739304][ C1] schedule+0x11b/0x1e0 [ 856.739327][ C1] schedule_timeout+0x15c/0x280 [ 856.739350][ C1] ? console_conditional_schedule+0x40/0x40 [ 856.739372][ C1] ? _raw_spin_unlock_irqrestore+0x82/0x100 [ 856.739397][ C1] ? update_process_times+0x200/0x200 [ 856.739427][ C1] ? prepare_to_swait_event+0x331/0x350 [ 856.739458][ C1] rcu_gp_fqs_loop+0x29e/0x11b0 [ 856.739484][ C1] ? lockdep_hardirqs_on+0x94/0x140 [ 856.739510][ C1] ? dyntick_save_progress_counter+0x230/0x230 [ 856.739536][ C1] ? rcu_gp_init+0x10e0/0x10e0 [ 856.739562][ C1] ? finish_swait+0xc0/0x1d0 [ 856.739590][ C1] rcu_gp_kthread+0x98/0x350 [ 856.739619][ C1] ? rcu_report_qs_rsp+0x1a0/0x1a0 [ 856.739642][ C1] ? _raw_spin_unlock_irqrestore+0xaa/0x100 [ 856.739670][ C1] ? __kthread_parkme+0x157/0x1b0 [ 856.739699][ C1] kthread+0x436/0x520 [ 856.739718][ C1] ? rcu_report_qs_rsp+0x1a0/0x1a0 [ 856.739737][ C1] ? kthread_blkcg+0xd0/0xd0 [ 856.739759][ C1] ret_from_fork+0x1f/0x30 [ 856.739795][ C1] [ 856.739802][ C1] rcu: Stack dump where RCU GP kthread last ran: [ 856.739811][ C1] NMI backtrace for cpu 1 [ 856.739821][ C1] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.15.184-syzkaller #0 [ 856.739840][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 856.739852][ C1] Call Trace: [ 856.739859][ C1] [ 856.739867][ C1] dump_stack_lvl+0x168/0x230 [ 856.739888][ C1] ? __printk_safe_exit+0x5/0x10 [ 856.739909][ C1] ? show_regs_print_info+0x20/0x20 [ 856.739930][ C1] ? load_image+0x3b0/0x3b0 [ 856.739955][ C1] ? irq_work_queue+0xbf/0x140 [ 856.739982][ C1] nmi_cpu_backtrace+0x397/0x3d0 [ 856.740008][ C1] ? nmi_trigger_cpumask_backtrace+0x280/0x280 [ 856.740031][ C1] ? _printk+0xcc/0x110 [ 856.740051][ C1] ? cpu_online+0x1d/0x30 [ 856.740071][ C1] ? load_image+0x3b0/0x3b0 [ 856.740093][ C1] ? arch_trigger_cpumask_backtrace+0x10/0x10 [ 856.740119][ C1] nmi_trigger_cpumask_backtrace+0x163/0x280 [ 856.740146][ C1] rcu_check_gp_kthread_starvation+0x1cd/0x250 [ 856.740173][ C1] print_other_cpu_stall+0x10c8/0x1220 [ 856.740203][ C1] ? print_cpu_stall+0x5f0/0x5f0 [ 856.740224][ C1] ? timekeeping_advance+0x7f6/0xac0 [ 856.740260][ C1] rcu_sched_clock_irq+0x831/0x1110 [ 856.740287][ C1] ? rcutree_dead_cpu+0x20/0x20 [ 856.740311][ C1] ? account_process_tick+0x227/0x3a0 [ 856.740336][ C1] update_process_times+0x193/0x200 [ 856.740361][ C1] tick_sched_timer+0x37d/0x560 [ 856.740387][ C1] __hrtimer_run_queues+0x4fe/0xc40 [ 856.740418][ C1] ? tick_setup_sched_timer+0x2c0/0x2c0 [ 856.740450][ C1] ? hrtimer_interrupt+0x8d0/0x8d0 [ 856.740474][ C1] ? ktime_get_update_offsets_now+0x3ce/0x3e0 [ 856.740503][ C1] hrtimer_interrupt+0x3bb/0x8d0 [ 856.740550][ C1] __sysvec_apic_timer_interrupt+0x137/0x4a0 [ 856.740578][ C1] sysvec_apic_timer_interrupt+0x9b/0xc0 [ 856.740609][ C1] [ 856.740615][ C1] [ 856.740624][ C1] asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 856.740644][ C1] RIP: 0010:default_idle+0xb/0x10 [ 856.740666][ C1] Code: bf 48 89 df e8 16 c9 12 f8 eb b5 e8 4f be f6 ff 00 00 cc cc 00 00 cc cc 00 00 cc cc 00 00 cc 66 90 0f 00 2d a7 53 5b 00 fb f4 0f 1f 40 00 41 57 41 56 53 49 be 00 00 00 00 00 fc ff df 65 48 [ 856.740683][ C1] RSP: 0018:ffffc90000d67d48 EFLAGS: 000002c2 [ 856.740701][ C1] RAX: c7e0669108731200 RBX: ffff88813fe28000 RCX: c7e0669108731200 [ 856.740718][ C1] RDX: 0000000000000001 RSI: ffffffff8a0b11c0 RDI: ffffffff8a59a700 [ 856.740733][ C1] RBP: ffffc90000d67e80 R08: dffffc0000000000 R09: ffffed101722765a [ 856.740749][ C1] R10: ffffed101722765a R11: 1ffff11017227659 R12: ffffffff8d68aaa8 [ 856.740765][ C1] R13: 0000000000000001 R14: 0000000000000001 R15: 1ffff11027fc5000 [ 856.740795][ C1] default_idle_call+0x81/0xc0 [ 856.740817][ C1] do_idle+0x21b/0x5b0 [ 856.740843][ C1] ? idle_inject_timer_fn+0x60/0x60 [ 856.740867][ C1] ? asm_sysvec_reschedule_ipi+0x16/0x20 [ 856.740902][ C1] cpu_startup_entry+0x14/0x20 [ 856.740923][ C1] start_secondary+0x31f/0x430 [ 856.740949][ C1] ? arch_scale_freq_tick+0x120/0x120 [ 856.740982][ C1] secondary_startup_64_no_verify+0xb1/0xbb [ 856.741019][ C1] [ 904.139205][ C0] watchdog: BUG: soft lockup - CPU#0 stuck for 144s! [aoe_tx0:1431] [ 904.139240][ C0] Modules linked in: [ 904.139252][ C0] irq event stamp: 413522099 [ 904.139258][ C0] hardirqs last enabled at (413522098): [] _raw_spin_unlock_irqrestore+0x82/0x100 [ 904.139286][ C0] hardirqs last disabled at (413522099): [] sysvec_apic_timer_interrupt+0xa/0xc0 [ 904.139307][ C0] softirqs last enabled at (16050): [] local_bh_enable+0x5/0x20 [ 904.139325][ C0] softirqs last disabled at (16054): [] local_bh_disable+0x5/0x20 [ 904.139344][ C0] CPU: 0 PID: 1431 Comm: aoe_tx0 Not tainted 5.15.184-syzkaller #0 [ 904.139358][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 904.139368][ C0] RIP: 0010:uart_write+0x9a/0x880 [ 904.139385][ C0] Code: e8 03 42 0f b6 04 20 84 c0 0f 85 22 07 00 00 44 8b 33 31 ff 44 89 f6 e8 54 b2 33 fd 45 85 f6 0f 84 c5 06 00 00 4c 89 7c 24 10 <41> 8d 4e 01 31 f6 44 89 f0 f0 0f b1 0b 41 0f 94 c7 40 0f 94 c6 41 [ 904.139398][ C0] RSP: 0018:ffffc9000539f9a0 EFLAGS: 00000202 [ 904.139410][ C0] RAX: ffffffff8444124c RBX: ffff888146f60f80 RCX: ffff8880231d5940 [ 904.139422][ C0] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 904.139430][ C0] RBP: ffff888146f60be8 R08: dffffc0000000000 R09: ffffed1028dec1f1 [ 904.139442][ C0] R10: ffffed1028dec1f1 R11: 1ffff11028dec1f0 R12: dffffc0000000000 [ 904.139453][ C0] R13: ffff888076dd7600 R14: 0000000000000001 R15: 1ffff1100edbaec0 [ 904.139464][ C0] FS: 0000000000000000(0000) GS:ffff8880b9000000(0000) knlGS:0000000000000000 [ 904.139476][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 904.139486][ C0] CR2: 0000200000008000 CR3: 0000000076d8e000 CR4: 00000000003506f0 [ 904.139499][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 904.139508][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 904.139517][ C0] Call Trace: [ 904.139524][ C0] [ 904.139546][ C0] ? uart_write_room+0x1f7/0x2c0 [ 904.139569][ C0] ? uart_close+0x1b0/0x1b0 [ 904.139588][ C0] handle_tx+0x23f/0x600 [ 904.139615][ C0] dev_hard_start_xmit+0x2a5/0x7e0 [ 904.139641][ C0] __dev_queue_xmit+0x19df/0x2ed0 [ 904.139666][ C0] ? dev_queue_xmit+0x20/0x20 [ 904.139683][ C0] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 904.139704][ C0] ? lock_chain_count+0x20/0x20 [ 904.139720][ C0] ? _raw_spin_lock_irq+0xab/0xe0 [ 904.139739][ C0] ? _raw_spin_unlock_irq+0x1f/0x40 [ 904.139760][ C0] ? lockdep_hardirqs_on+0x94/0x140 [ 904.139778][ C0] tx+0x65/0x160 [ 904.139793][ C0] ? aoenet_xmit+0x190/0x190 [ 904.139808][ C0] kthread+0x1bc/0x390 [ 904.139828][ C0] ? aoe_ktstart+0x130/0x130 [ 904.139841][ C0] ? _raw_spin_unlock_irqrestore+0x82/0x100 [ 904.139857][ C0] ? sched_dynamic_update+0x210/0x210 [ 904.139876][ C0] ? _raw_spin_unlock_irqrestore+0xaa/0x100 [ 904.139894][ C0] ? __kthread_parkme+0x157/0x1b0 [ 904.139915][ C0] kthread+0x436/0x520 [ 904.139928][ C0] ? aoe_ktstart+0x130/0x130 [ 904.139941][ C0] ? kthread_blkcg+0xd0/0xd0 [ 904.139956][ C0] ret_from_fork+0x1f/0x30 [ 904.139982][ C0] [ 904.139987][ C0] Sending NMI from CPU 0 to CPUs 1: [ 904.140024][ C1] NMI backtrace for cpu 1 skipped: idling at default_idle+0xb/0x10 [ 904.141014][ C0] Kernel panic - not syncing: softlockup: hung tasks [ 904.141025][ C0] CPU: 0 PID: 1431 Comm: aoe_tx0 Tainted: G L 5.15.184-syzkaller #0 [ 904.141040][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 904.141048][ C0] Call Trace: [ 904.141053][ C0] [ 904.141059][ C0] dump_stack_lvl+0x168/0x230 [ 904.141076][ C0] ? show_regs_print_info+0x20/0x20 [ 904.141090][ C0] ? load_image+0x3b0/0x3b0 [ 904.141112][ C0] panic+0x2c9/0x7f0 [ 904.141131][ C0] ? bpf_jit_dump+0xd0/0xd0 [ 904.141150][ C0] ? irq_work_queue+0xbf/0x140 [ 904.141173][ C0] watchdog_timer_fn+0x57f/0x580 [ 904.141191][ C0] __hrtimer_run_queues+0x4fe/0xc40 [ 904.141213][ C0] ? proc_watchdog_cpumask+0xd0/0xd0 [ 904.141235][ C0] ? hrtimer_interrupt+0x8d0/0x8d0 [ 904.141252][ C0] ? ktime_get_update_offsets_now+0x3ce/0x3e0 [ 904.141271][ C0] hrtimer_interrupt+0x3bb/0x8d0 [ 904.141303][ C0] __sysvec_apic_timer_interrupt+0x137/0x4a0 [ 904.141323][ C0] sysvec_apic_timer_interrupt+0x9b/0xc0 [ 904.141340][ C0] [ 904.141345][ C0] [ 904.141350][ C0] asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 904.141365][ C0] RIP: 0010:uart_write+0x9a/0x880 [ 904.141379][ C0] Code: e8 03 42 0f b6 04 20 84 c0 0f 85 22 07 00 00 44 8b 33 31 ff 44 89 f6 e8 54 b2 33 fd 45 85 f6 0f 84 c5 06 00 00 4c 89 7c 24 10 <41> 8d 4e 01 31 f6 44 89 f0 f0 0f b1 0b 41 0f 94 c7 40 0f 94 c6 41 [ 904.141391][ C0] RSP: 0018:ffffc9000539f9a0 EFLAGS: 00000202 [ 904.141404][ C0] RAX: ffffffff8444124c RBX: ffff888146f60f80 RCX: ffff8880231d5940 [ 904.141415][ C0] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 904.141424][ C0] RBP: ffff888146f60be8 R08: dffffc0000000000 R09: ffffed1028dec1f1 [ 904.141435][ C0] R10: ffffed1028dec1f1 R11: 1ffff11028dec1f0 R12: dffffc0000000000 [ 904.141446][ C0] R13: ffff888076dd7600 R14: 0000000000000001 R15: 1ffff1100edbaec0 [ 904.141461][ C0] ? uart_write+0x8c/0x880 [ 904.141484][ C0] ? uart_write_room+0x1f7/0x2c0 [ 904.141499][ C0] ? uart_close+0x1b0/0x1b0 [ 904.141513][ C0] handle_tx+0x23f/0x600 [ 904.141545][ C0] dev_hard_start_xmit+0x2a5/0x7e0 [ 904.141581][ C0] __dev_queue_xmit+0x19df/0x2ed0 [ 904.141606][ C0] ? dev_queue_xmit+0x20/0x20 [ 904.141622][ C0] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 904.141642][ C0] ? lock_chain_count+0x20/0x20 [ 904.141658][ C0] ? _raw_spin_lock_irq+0xab/0xe0 [ 904.141677][ C0] ? _raw_spin_unlock_irq+0x1f/0x40 [ 904.141692][ C0] ? lockdep_hardirqs_on+0x94/0x140 [ 904.141710][ C0] tx+0x65/0x160 [ 904.141723][ C0] ? aoenet_xmit+0x190/0x190 [ 904.141738][ C0] kthread+0x1bc/0x390 [ 904.141763][ C0] ? aoe_ktstart+0x130/0x130 [ 904.141776][ C0] ? _raw_spin_unlock_irqrestore+0x82/0x100 [ 904.141793][ C0] ? sched_dynamic_update+0x210/0x210 [ 904.141810][ C0] ? _raw_spin_unlock_irqrestore+0xaa/0x100 [ 904.141829][ C0] ? __kthread_parkme+0x157/0x1b0 [ 904.141848][ C0] kthread+0x436/0x520 [ 904.141861][ C0] ? aoe_ktstart+0x130/0x130 [ 904.141874][ C0] ? kthread_blkcg+0xd0/0xd0 [ 904.141888][ C0] ret_from_fork+0x1f/0x30 [ 904.141912][ C0] [ 904.142184][ C0] Kernel Offset: disabled