last executing test programs: 16.073637993s ago: executing program 0 (id=365): socket$inet6(0xa, 0x800, 0x6) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$SNDRV_PCM_IOCTL_HW_REFINE(0xffffffffffffffff, 0xc25c4110, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_usb_connect(0x0, 0x2d, &(0x7f00000000c0)=ANY=[@ANYBLOB="1201fb0019030320d812010079de01ec020109021b0001000003000904000001785ecc0009058502", @ANYRES8], 0x0) r2 = gettid() socket$nl_generic(0x10, 0x3, 0x10) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)=0x0) timer_settime(r3, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r4 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) read$char_usb(r4, &(0x7f0000000000)=""/188, 0xbc) read$char_usb(r4, &(0x7f0000000100)=""/67, 0x43) socket$nl_netfilter(0x10, 0x3, 0xc) 11.471941911s ago: executing program 2 (id=374): bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x2c) mount$tmpfs(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='huge=always']) chdir(&(0x7f0000000140)='./file0\x00') r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='freezer.parent_freezing\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x28011, r3, 0x0) 11.471481221s ago: executing program 0 (id=375): open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$nl_netfilter(0x10, 0x3, 0xc) socket$packet(0x11, 0x3, 0x300) socket(0x10, 0x803, 0x0) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)) socket$nl_route(0x10, 0x3, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cgroup.controllers\x00', 0x275a, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000580)=ANY=[@ANYBLOB="540000001000010400000000000000ffff000000", @ANYRES32=0x0, @ANYBLOB="0380000000000000240012800c0001006d6163766c616e00140002800800010008000000062102000100000008000500", @ANYRES32=r1, @ANYBLOB='\b\x00\n\x00]'], 0x54}, 0x1, 0x0, 0x0, 0x8000}, 0x0) 11.225510016s ago: executing program 0 (id=376): r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbee3, 0x8031, 0xffffffffffffffff, 0xe84df000) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) r4 = msgget$private(0x0, 0x480) msgsnd(r4, &(0x7f0000000d40)=ANY=[@ANYBLOB="03"], 0x401, 0x0) msgctl$IPC_RMID(r4, 0x0) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xc, 0x0, 0x0) 9.102440459s ago: executing program 0 (id=377): r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) openat(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup.net/devices.allow\x00', 0x189002, 0x40) r4 = syz_io_uring_setup(0x9e, &(0x7f0000000640)={0x0, 0x818f, 0x0, 0x0, 0x40000333}, &(0x7f00000006c0)=0x0, &(0x7f0000000140)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r5, r6, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000240)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1}) io_uring_enter(r4, 0x47b6, 0x800000, 0x0, 0x0, 0x0) 9.101469269s ago: executing program 2 (id=379): r0 = socket(0x10, 0x80003, 0x0) write(r0, &(0x7f0000000000)="240000001a005f0214f9f4e6ff0804000a020000fe0000000000aa0008000f00fd0000", 0x23) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$ax25_int(0xffffffffffffffff, 0x101, 0x4, &(0x7f0000000280), 0x0) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) ioctl$VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05640, &(0x7f0000000340)={0xa, @pix={0x0, 0x3, 0x0, 0x3, 0x0, 0x4, 0x9, 0xfeedcafe, 0x3, 0x0, 0x8002, 0x4}}) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4001}, 0x0) socket$kcm(0x23, 0x2, 0x0) pwritev(0xffffffffffffffff, 0x0, 0x0, 0x6, 0x2000) close_range(r0, 0xffffffffffffffff, 0x0) 8.679707453s ago: executing program 3 (id=382): socket$inet6_tcp(0xa, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) memfd_secret(0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$inet_smc(0x2b, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_io_uring_setup(0x19f2, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000140)=0x0, &(0x7f0000000100)=0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000040)={'syztnl0\x00', &(0x7f0000000180)={'syztnl0\x00', 0x0, 0x14, 0x0, 0x0, 0x0, 0x2b, @empty, @empty}}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='pids.events\x00', 0x275a, 0x0) write$UHID_CREATE2(r4, &(0x7f0000000180)=ANY=[@ANYRES64=r3], 0x118) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_EPOLL_CTL=@add={0x1d, 0x0, 0x0, 0xffffffffffffffff, 0x0}) io_uring_enter(r0, 0x2d3e, 0x0, 0x0, 0x0, 0x0) 7.929569798s ago: executing program 3 (id=384): r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000040)=0x51) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card2/oss_mixer\x00', 0x0, 0x0) dup3(r4, 0xffffffffffffffff, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000000), 0x0, 0x0) ioctl$sock_netrom_SIOCDELRT(r0, 0x890c, &(0x7f0000000300)={0x1, @default, @netrom={'nr', 0x0}, 0xe, 'syz1\x00', @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0xfffffeff, 0x0, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}]}) 5.979343021s ago: executing program 0 (id=386): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0x3) r1 = getpgrp(0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000540)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x2, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r3 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) connect$inet6(0xffffffffffffffff, 0x0, 0x0) pipe2(0x0, 0x0) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) 4.97695485s ago: executing program 1 (id=387): r0 = openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x3) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$IP_VS_SO_GET_SERVICES(r4, 0x0, 0x482, &(0x7f0000001640)=""/139, &(0x7f0000000100)=0x8) close_range(r3, 0xffffffffffffffff, 0x2) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000580)={&(0x7f0000000640)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x4, [@func_proto={0x0, 0x0, 0x0, 0x5}, @typedef={0x2, 0x0, 0x0, 0x8, 0x2}]}, {0x0, [0x30, 0x5f]}}, 0x0, 0x34}, 0x28) 4.869541826s ago: executing program 3 (id=388): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x800001000088}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f00000004c0)=0x3) creat(&(0x7f0000000200)='./file0\x00', 0x17e) bpf$MAP_CREATE(0x0, 0x0, 0x50) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x80000, 0x0, 0x0, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='status\x00') preadv(r4, &(0x7f0000000340)=[{&(0x7f0000000080)=""/122, 0x7a}], 0x1, 0x0, 0x0) 3.993875357s ago: executing program 1 (id=389): openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0xffffffffffffffb4, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0) write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000499000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f320f300f20e06635800000000f22e02b6aa6c8", 0x4a}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004840}, 0x14) sendmsg$IPCTNL_MSG_TIMEOUT_DELETE(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={0x0, 0x74}, 0x1, 0x0, 0x0, 0x20004844}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x2a7, 0x0, 0x0, 0x41100, 0x24, '\x00', 0x0, 0x0, r2, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3ff}, 0x94) ioctl$KVM_RUN(r3, 0xae80, 0x0) 3.692898145s ago: executing program 1 (id=390): socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) syz_emit_vhci(&(0x7f0000000d40)=ANY=[@ANYBLOB="042ff904aaaa"], 0x3fc) recvmsg(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{0x0}, {&(0x7f0000000200)=""/83, 0x53}], 0x2}, 0x0) syz_emit_ethernet(0x1aa, &(0x7f0000000cc0)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaa008100000086dd602e5cea01703c00"], 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x6, 0x4, 0x40, 0x5}, 0x48) 3.611804789s ago: executing program 2 (id=391): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x2a, 0xa9}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xfffff000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) symlink(0x0, &(0x7f0000000040)='./file0\x00') mkdirat(0xffffffffffffff9c, 0x0, 0x1c0) openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x200000, 0x95) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/stat\x00', 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xa, &(0x7f00000021c0)={0xffffffffffffffff, 0x0, 0x0}, 0x10) read$sequencer(r3, &(0x7f0000000780)=""/35, 0x23) 3.611200579s ago: executing program 3 (id=392): socket$inet6_tcp(0xa, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) memfd_secret(0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$inet_smc(0x2b, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_io_uring_setup(0x19f2, &(0x7f0000000080)={0x0, 0x0, 0x10100}, &(0x7f0000000140)=0x0, &(0x7f0000000100)=0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000040)={'syztnl0\x00', &(0x7f0000000180)={'syztnl0\x00', 0x0, 0x14, 0x0, 0x0, 0x0, 0x2b, @empty, @empty}}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='pids.events\x00', 0x275a, 0x0) write$UHID_CREATE2(r4, &(0x7f0000000180)=ANY=[@ANYRES64=r3], 0x118) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_EPOLL_CTL=@add={0x1d, 0x0, 0x0, 0xffffffffffffffff, 0x0}) io_uring_enter(r0, 0x2d3e, 0x0, 0x0, 0x0, 0x0) 1.923302818s ago: executing program 2 (id=393): r0 = socket$inet(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) socket(0x2, 0x80805, 0x0) r2 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10) getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, 0x0, &(0x7f0000001080)) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) bind$netlink(r4, &(0x7f0000000100)={0x10, 0x0, 0x25dfdbfd, 0x400}, 0xc) getsockname$packet(r4, &(0x7f0000000600)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r3, &(0x7f0000024c80)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000024d40)=@newlink={0x3c, 0x10, 0x40d, 0x70bd2a, 0x0, {0x0, 0x0, 0x0, r5, 0x1}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_MODE={0x5, 0x1, 0x6}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x200400c1}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) socket$inet6(0xa, 0x1, 0x0) socket$key(0xf, 0x3, 0x2) r7 = socket(0x1, 0x803, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001400)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r1}, @IFLA_MASTER={0x8, 0xa, r8}]}, 0x44}}, 0x0) 1.865436581s ago: executing program 0 (id=394): r0 = socket(0x840000000002, 0x3, 0xff) connect$inet(r0, &(0x7f0000000540)={0x2, 0x0, @dev}, 0x10) r1 = socket$packet(0x11, 0x3, 0x300) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x20, 0x3, &(0x7f0000000200)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x99ee}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000002380)={r2, 0x0, 0x2d, 0x0, @val=@netfilter={0x2, 0x4, 0x600, 0x1}}, 0x20) bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000d00), 0x8) r3 = bpf$LINK_GET_FD_BY_ID(0x1e, 0x0, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000001c0)={r3, 0x0, 0x0}, 0x10) setsockopt$packet_int(r1, 0x107, 0x14, &(0x7f0000000040)=0x46c, 0x4) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r5, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0) getsockname$packet(r5, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000400)=0x14) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000001c0)=@newlink={0x38, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0x0, r6, 0x9801}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @gre={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_REMOTE={0x8, 0x7, @remote}]}}}]}, 0x38}}, 0x0) sendto$packet(r1, &(0x7f0000000180)="280320000a0014000000fbf719143baa111f43c851ffab286e16195ecf3d77cc32b6d78839980700e666", 0x2a, 0x4000840, &(0x7f00000000c0)={0x11, 0x86dd, r6, 0x1, 0x2, 0x6, @local}, 0x14) 1.865002651s ago: executing program 1 (id=395): socket$nl_netfilter(0x10, 0x3, 0xc) socket$alg(0x26, 0x5, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x5, 0x1000086}, 0x0) sched_setaffinity(0x0, 0x43, &(0x7f0000000040)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) r1 = add_key(0x0, 0x0, &(0x7f0000002240)="d7", 0x1, 0xfffffffffffffffe) keyctl$update(0x2, r1, 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = socket(0x11, 0x3, 0x0) bind$packet(r2, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, 0x14) getrlimit(0x5, &(0x7f0000000500)) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x61, '\x00', 0x0, @fallback=0x2f}, 0x94) sendmsg$TIPC_NL_PEER_REMOVE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)={0x18, 0x0, 0x20, 0x70bd2b, 0x25dfdbfb, {}, [@TIPC_NLA_NODE={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x4000001}, 0x40) sendmsg$netlink(r2, &(0x7f0000002ac0)={0x0, 0x0, &(0x7f0000000800)=[{&(0x7f0000000280)=ANY=[@ANYBLOB], 0xdd12}], 0x1, 0x0, 0x0, 0x8887}, 0x0) r3 = syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x1) ioctl$CEC_ADAP_S_LOG_ADDRS(r3, 0xc05c6104, &(0x7f0000000040)={"e70e0a4c", 0x9, 0x9, 0xff, 0x1, 0xe, "7b3f4e4bb2b188a614c929244374d5", "78835a02", "0e1d2379", "f669361f", ["4258ff966837d974642a76f6", "4f500bb19fd11bc9b1219989", "588190ceafc9d6ca37a99e4f", "c625b371413e217d9c9fa3b6"]}) 1.853829322s ago: executing program 3 (id=396): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) connect$unix(0xffffffffffffffff, 0x0, 0x0) ioprio_get$pid(0x1, r0) socket$nl_netfilter(0x10, 0x3, 0xc) openat$binfmt(0xffffffffffffff9c, 0x0, 0x41, 0x1ff) prlimit64(0x0, 0x7, &(0x7f0000000140), 0x0) socket(0x25, 0x5, 0x0) io_uring_setup(0x789f, 0x0) 1.687966401s ago: executing program 1 (id=397): syz_mount_image$hfsplus(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, &(0x7f0000000140)=ANY=[], 0x2, 0x638, &(0x7f0000000ac0)="$eJzs3c1rHOcdB/DvrGRZssFRGttxSyAihrRU1NYLSqte6pZSVAglpIeehS1j4bWTSkpRQmnUN3rtIX9AetCtp0IvhYIgPbe3XHUMFHrJST1tmdlZvVjydjdeeWXn8zEz8zzzzDzze347L7trxAb40lqazuhOiixNv7lZ1ne355u72/MPOuUk55M0ktH2IsXDpPgkuZX2lK+WK+vuiscd56PVxbc//Xz3s3ZttJ6q7Rvd9uvNVj1lKslIvRxUf7efuL9if4Rlwq53EgfDdi5J64ifXz1o6e7CE1+3wFlQtJ+b+1r1lT1ZXeYZr98HtJ+K7Wf2M21r2AEAAADAoI0fX/XCXvaymUvDCAcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACeVfXv/1e/+j++vyrFVIrO7/+PddqTXBxiqN2N9bbZTuO0AwEAAAAAAACA0/fqXvaymUudeqtII8lrVeVyNb+Y97KelazlRjaznI1sZC2zSSYPdTS2ubyxsTbbw55zJ+4512PAE08+ZgAAAAAAAAB4Dv0mSwf//w8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGdBkYy0F9V0uVOeTGM0yXiSsXK7reRfnfKzbGfYAQAAAMBT8MJe9rKZS516q6g+81+tPveP5708zEZWs5FmVnKn+i6g/am/sbs939zdnn9QTsf7/f5/+gqj6jHt7x5OPvK1aouJ3M1qteZGbuedNHMnjWrP0rVOPCfH9esypuJ7tR4ju1Mvy5H/sV6evpEetpmsMnJuPyMzdWxlNl7snomjr85Wv0eaTWP/m5/Lp5DzC/WySC7++KnlvBd1Jl5NnYm5Q2ff1e6ZSL7+1z//7F7z4f17d9enz86Q+nC+1Wp1yo+eE/OHMvHyc5+Jw2aqTFzZry/lR/lppjOVt7KW1fwiy9nISqbyw6q0XJ/P5Xyye6ZuHam9Vc0nHh/JWP26tO8e/cX0WrXvpazmJ3knd7KSN6p/c5nNt7OQhSweeoWv9HDVN/q76q9/oy6UA/xD94E+ZWVeX6zz+mFy5J47WbUdXnOQpRQZ9L1x9Gt1oTzGb+vl2fBoJmYPZeKl7ufLn6rbynrz4f21e8vv9ni81+tleR39/kw9Jcrz5Svli1XVjp4dZdtLJ7bNVm2X99sax9qu7Lf9vyt1rH4Pd7ynuart5RPb5qu2a4faTnq/BcCZd+GbF8Ym/j3xz4mPJ343cW/izfEfnP/O+VfGcu4f5747OjPyeuOV4i/5OL86+PwPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB8cevvf3B/udlcWXuk0Gq1PnxM0xctjKSfvf7+t0EevfN7RAMczmAL4/1s3DobMfdT+G+r1RpIh1tdTtqBFVq1M5G6IRWGfGMCTt3NjQfv3lx//4NvrXYekQsLizOLC2/M37y72lyZac+HHCRwKg4e+sOOBAAAAAAAAAAAAOjV0/hzgmGPEQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHi2LU1ndCdFZmduzJT13e35Zjl1ygdbjiZpJCl+mRSfJLfSnjJ5qLvi+BF2qvlHq4tvf/r57mcHfY12tm+cvF8/tuopU0lG6uWg+rv9xP0V+yMsE3a9kzgYtv8FAAD//ywaEHk=") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) pipe(0x0) syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000b40)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x1802a53, 0x0, 0xfa, 0x0, &(0x7f00000000c0)) r3 = open(&(0x7f0000000000)='./file1\x00', 0x143142, 0x80) ftruncate(r3, 0x2007ffb) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) sendmsg$MPTCP_PM_CMD_REMOVE(r3, 0x0, 0x20004000) 965.462264ms ago: executing program 2 (id=398): openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.numa_stat\x00', 0x26e1, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)) socket$pppl2tp(0x18, 0x1, 0x1) socket$inet6_udp(0xa, 0x2, 0x0) socket(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_netfilter(0x10, 0x3, 0xc) socket$unix(0x1, 0x2, 0x0) openat$audio1(0xffffffffffffff9c, &(0x7f0000000280), 0x129202, 0x0) socket$inet_mptcp(0x2, 0x1, 0x106) socket$inet6(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) r0 = syz_open_dev$dri(&(0x7f0000000440), 0x1, 0x48240) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000100)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000001380)={&(0x7f0000001340)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000180)={0x1, 0x1, &(0x7f00000000c0)=[r1], &(0x7f0000000180), &(0x7f0000000200), &(0x7f00000001c0), 0x0, 0x1}) 788.366634ms ago: executing program 3 (id=399): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r1, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000200)={0x0, 0x1c, &(0x7f00000001c0)=[@in6={0xa, 0x0, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, 0xfffffffb}]}, &(0x7f0000000140)=0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r1, 0x84, 0x7a, &(0x7f0000000340)={r2, @in6={{0xa, 0x4e21, 0x0, @dev={0xfe, 0x80, '\x00', 0x14}}}}, &(0x7f0000000040)=0x84) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000080)={r6, 0x8004}, 0xffc4) getsockopt$bt_hci(r0, 0x84, 0x7f, &(0x7f0000000080)=""/4057, &(0x7f0000000000)=0xfd9) 120.735503ms ago: executing program 2 (id=400): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) timer_create(0x0, &(0x7f0000000680)={0x0, 0x21}, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1c, 0x4, &(0x7f0000000100)=ANY=[@ANYBLOB], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3e}, 0x94) socketpair$unix(0x1, 0x1, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$packet_fanout(r0, 0x107, 0x12, 0x0, 0x0) splice(0xffffffffffffffff, 0x0, r0, 0x0, 0x7, 0x0) syz_mount_image$tmpfs(&(0x7f0000000140), &(0x7f00000000c0)='./file0\x00', 0x21408, 0x0, 0x1, 0x0, &(0x7f0000006380)) openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat2$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$binder_debug(0xffffffffffffff9c, 0x0, 0x0, 0x0) setresuid(0x0, 0xee01, 0xee00) r1 = shmget$private(0x0, 0x4000, 0x0, &(0x7f0000002000/0x4000)=nil) shmctl$SHM_LOCK(r1, 0xb) 0s ago: executing program 1 (id=401): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r1 = dup(r0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r1, 0x2000) mmap(&(0x7f0000003000/0x3000)=nil, 0x3000, 0x0, 0x2172, 0xffffffffffffffff, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r3, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x800) bind$inet(r2, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) connect$inet(r2, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) r4 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) connect$inet(r4, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) setsockopt$inet_IP_XFRM_POLICY(r4, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@dev, @in6=@mcast1, 0x0, 0x0, 0xffff, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x1}, {}, 0x0, 0x0, 0x1}, {{@in=@rand_addr=0x64010102, 0x0, 0x33}, 0x0, @in6=@loopback, 0x0, 0x3, 0x0, 0xb7, 0x0, 0x8000000}}, 0xe8) sendmmsg(r4, &(0x7f0000007fc0), 0x800001d, 0x0) setsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f00000002c0)={{{@in=@dev={0xac, 0x14, 0x14, 0x12}, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {}, 0x5, 0x0, 0x1, 0x0, 0x0, 0x2}, {{@in6=@ipv4={'\x00', '\xff\xff', @rand_addr=0x64010101}, 0x1, 0x6c}, 0x0, @in6=@loopback, 0x0, 0x0, 0x0, 0xb7}}, 0xe8) sendmmsg(r2, &(0x7f0000007fc0), 0x800001d, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.92' (ED25519) to the list of known hosts. [ 63.191225][ T5754] cgroup: Unknown subsys name 'net' [ 63.353021][ T5754] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 64.730190][ T5754] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 66.098903][ T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 66.107591][ T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 66.119433][ T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 66.131251][ T5773] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 66.140219][ T5773] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 66.147983][ T5773] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 66.168583][ T5768] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 66.177387][ T5768] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 66.185234][ T5768] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 66.194252][ T5768] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 66.201979][ T5774] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 66.210051][ T5774] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 66.218594][ T5768] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 66.227629][ T5774] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 66.235875][ T5768] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 66.243480][ T5774] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 66.251292][ T5768] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 66.267367][ T5768] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 66.277008][ T5768] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 66.285218][ T5768] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 66.291182][ T5778] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 66.299727][ T5768] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 66.309259][ T51] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 66.316898][ T51] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 66.580673][ T5766] chnl_net:caif_netlink_parms(): no params data found [ 66.723917][ T5766] bridge0: port 1(bridge_slave_0) entered blocking state [ 66.731213][ T5766] bridge0: port 1(bridge_slave_0) entered disabled state [ 66.738729][ T5766] bridge_slave_0: entered allmulticast mode [ 66.745757][ T5766] bridge_slave_0: entered promiscuous mode [ 66.773235][ T5766] bridge0: port 2(bridge_slave_1) entered blocking state [ 66.786856][ T5766] bridge0: port 2(bridge_slave_1) entered disabled state [ 66.794183][ T5766] bridge_slave_1: entered allmulticast mode [ 66.817846][ T5766] bridge_slave_1: entered promiscuous mode [ 66.859686][ T5766] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 66.869537][ T5771] chnl_net:caif_netlink_parms(): no params data found [ 66.880745][ T5769] chnl_net:caif_netlink_parms(): no params data found [ 66.900642][ T5766] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 66.973056][ T5770] chnl_net:caif_netlink_parms(): no params data found [ 66.986452][ T5766] team0: Port device team_slave_0 added [ 67.016047][ T5766] team0: Port device team_slave_1 added [ 67.089904][ T5766] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 67.097052][ T5766] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 67.123728][ T5766] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 67.144889][ T5766] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 67.151941][ T5766] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 67.177896][ T5766] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 67.190290][ T5769] bridge0: port 1(bridge_slave_0) entered blocking state [ 67.197571][ T5769] bridge0: port 1(bridge_slave_0) entered disabled state [ 67.204695][ T5769] bridge_slave_0: entered allmulticast mode [ 67.213790][ T5769] bridge_slave_0: entered promiscuous mode [ 67.221767][ T5769] bridge0: port 2(bridge_slave_1) entered blocking state [ 67.229271][ T5769] bridge0: port 2(bridge_slave_1) entered disabled state [ 67.236847][ T5769] bridge_slave_1: entered allmulticast mode [ 67.243546][ T5769] bridge_slave_1: entered promiscuous mode [ 67.294682][ T5771] bridge0: port 1(bridge_slave_0) entered blocking state [ 67.302700][ T5771] bridge0: port 1(bridge_slave_0) entered disabled state [ 67.311851][ T5771] bridge_slave_0: entered allmulticast mode [ 67.319343][ T5771] bridge_slave_0: entered promiscuous mode [ 67.328210][ T5771] bridge0: port 2(bridge_slave_1) entered blocking state [ 67.335331][ T5771] bridge0: port 2(bridge_slave_1) entered disabled state [ 67.342714][ T5771] bridge_slave_1: entered allmulticast mode [ 67.349868][ T5771] bridge_slave_1: entered promiscuous mode [ 67.370390][ T5769] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 67.406199][ T5770] bridge0: port 1(bridge_slave_0) entered blocking state [ 67.415805][ T5770] bridge0: port 1(bridge_slave_0) entered disabled state [ 67.423167][ T5770] bridge_slave_0: entered allmulticast mode [ 67.430585][ T5770] bridge_slave_0: entered promiscuous mode [ 67.440456][ T5769] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 67.473348][ T5771] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 67.483451][ T5770] bridge0: port 2(bridge_slave_1) entered blocking state [ 67.491444][ T5770] bridge0: port 2(bridge_slave_1) entered disabled state [ 67.498860][ T5770] bridge_slave_1: entered allmulticast mode [ 67.505538][ T5770] bridge_slave_1: entered promiscuous mode [ 67.525920][ T5766] hsr_slave_0: entered promiscuous mode [ 67.532299][ T5766] hsr_slave_1: entered promiscuous mode [ 67.543056][ T5771] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 67.569103][ T5769] team0: Port device team_slave_0 added [ 67.611195][ T5769] team0: Port device team_slave_1 added [ 67.619430][ T5770] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 67.632220][ T5770] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 67.663846][ T5771] team0: Port device team_slave_0 added [ 67.704940][ T5770] team0: Port device team_slave_0 added [ 67.712931][ T5771] team0: Port device team_slave_1 added [ 67.735053][ T5769] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 67.742286][ T5769] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 67.770131][ T5769] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 67.784093][ T5770] team0: Port device team_slave_1 added [ 67.815832][ T5769] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 67.823075][ T5769] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 67.852057][ T5769] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 67.873327][ T5771] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 67.880501][ T5771] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 67.909093][ T5771] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 67.925751][ T5771] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 67.932907][ T5771] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 67.958927][ T5771] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 67.989323][ T5770] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 67.996319][ T5770] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 68.022736][ T5770] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 68.035272][ T5770] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 68.042557][ T5770] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 68.068572][ T5770] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 68.145579][ T5769] hsr_slave_0: entered promiscuous mode [ 68.152401][ T5769] hsr_slave_1: entered promiscuous mode [ 68.159828][ T5769] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 68.168244][ T5769] Cannot create hsr debugfs directory [ 68.188764][ T5773] Bluetooth: hci0: command tx timeout [ 68.244438][ T5771] hsr_slave_0: entered promiscuous mode [ 68.251364][ T5771] hsr_slave_1: entered promiscuous mode [ 68.257940][ T5771] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 68.265510][ T5771] Cannot create hsr debugfs directory [ 68.289533][ T5770] hsr_slave_0: entered promiscuous mode [ 68.295904][ T5770] hsr_slave_1: entered promiscuous mode [ 68.302446][ T5770] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 68.310402][ T5770] Cannot create hsr debugfs directory [ 68.346667][ T5773] Bluetooth: hci1: command tx timeout [ 68.347705][ T5778] Bluetooth: hci3: command tx timeout [ 68.352304][ T5773] Bluetooth: hci2: command tx timeout [ 68.483075][ T5766] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 68.529896][ T5766] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 68.540065][ T5766] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 68.577793][ T5766] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 68.721986][ T5769] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 68.734561][ T5769] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 68.758786][ T5769] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 68.780884][ T5769] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 68.830187][ T5771] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 68.853734][ T5771] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 68.865541][ T5771] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 68.882230][ T5771] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 68.954571][ T5770] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 68.984075][ T5770] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 68.994179][ T5770] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 69.005724][ T5770] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 69.033542][ T5766] 8021q: adding VLAN 0 to HW filter on device bond0 [ 69.097726][ T5769] 8021q: adding VLAN 0 to HW filter on device bond0 [ 69.117670][ T5766] 8021q: adding VLAN 0 to HW filter on device team0 [ 69.151998][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.159326][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 69.184581][ T3519] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.191758][ T3519] bridge0: port 2(bridge_slave_1) entered forwarding state [ 69.203005][ T5769] 8021q: adding VLAN 0 to HW filter on device team0 [ 69.223795][ T3519] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.230966][ T3519] bridge0: port 1(bridge_slave_0) entered forwarding state [ 69.275765][ T3519] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.282946][ T3519] bridge0: port 2(bridge_slave_1) entered forwarding state [ 69.310574][ T5771] 8021q: adding VLAN 0 to HW filter on device bond0 [ 69.328551][ T5770] 8021q: adding VLAN 0 to HW filter on device bond0 [ 69.361247][ T5771] 8021q: adding VLAN 0 to HW filter on device team0 [ 69.379440][ T3519] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.386650][ T3519] bridge0: port 1(bridge_slave_0) entered forwarding state [ 69.411780][ T5770] 8021q: adding VLAN 0 to HW filter on device team0 [ 69.440574][ T3519] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.447754][ T3519] bridge0: port 2(bridge_slave_1) entered forwarding state [ 69.478322][ T3519] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.485515][ T3519] bridge0: port 1(bridge_slave_0) entered forwarding state [ 69.495895][ T3519] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.503084][ T3519] bridge0: port 2(bridge_slave_1) entered forwarding state [ 69.693853][ T5770] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 69.879871][ T5766] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 70.003903][ T5766] veth0_vlan: entered promiscuous mode [ 70.038965][ T5771] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 70.063661][ T5769] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 70.082687][ T5766] veth1_vlan: entered promiscuous mode [ 70.121415][ T5770] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 70.183986][ T5766] veth0_macvtap: entered promiscuous mode [ 70.195548][ T5766] veth1_macvtap: entered promiscuous mode [ 70.238884][ T5769] veth0_vlan: entered promiscuous mode [ 70.246399][ T5771] veth0_vlan: entered promiscuous mode [ 70.266270][ T5771] veth1_vlan: entered promiscuous mode [ 70.272259][ T5773] Bluetooth: hci0: command tx timeout [ 70.281871][ T5769] veth1_vlan: entered promiscuous mode [ 70.299619][ T5766] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 70.324947][ T5766] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 70.341381][ T5770] veth0_vlan: entered promiscuous mode [ 70.359503][ T5766] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.370824][ T5766] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.379776][ T5766] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.391625][ T5766] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.423998][ T5770] veth1_vlan: entered promiscuous mode [ 70.432739][ T5773] Bluetooth: hci3: command tx timeout [ 70.432756][ T51] Bluetooth: hci1: command tx timeout [ 70.439128][ T5778] Bluetooth: hci2: command tx timeout [ 70.452274][ T5769] veth0_macvtap: entered promiscuous mode [ 70.477755][ T5771] veth0_macvtap: entered promiscuous mode [ 70.513901][ T5769] veth1_macvtap: entered promiscuous mode [ 70.542225][ T5771] veth1_macvtap: entered promiscuous mode [ 70.564490][ T5769] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 70.575586][ T5769] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 70.588846][ T5769] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 70.641065][ T5771] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 70.651800][ T5771] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 70.662201][ T5771] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 70.673063][ T5771] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 70.687161][ T5771] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 70.708235][ T5769] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 70.719784][ T5769] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 70.731983][ T5769] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 70.745085][ T3501] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 70.755005][ T5769] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.764505][ T3501] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 70.772675][ T5769] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.784483][ T5769] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.793333][ T5769] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.805171][ T5771] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 70.816683][ T5771] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 70.827445][ T5771] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 70.837934][ T5771] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 70.849334][ T5771] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 70.889838][ T5770] veth0_macvtap: entered promiscuous mode [ 70.899749][ T5771] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.909375][ T5771] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.919087][ T5771] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.928028][ T5771] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 70.951882][ T5770] veth1_macvtap: entered promiscuous mode [ 70.970687][ T42] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 70.988531][ T42] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 71.034393][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 71.052786][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 71.064685][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 71.076116][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 71.086530][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 71.097152][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 71.109228][ T5770] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 71.158282][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 71.169592][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 71.180757][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 71.191410][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 71.202401][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 71.213040][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 71.224465][ T5770] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 71.235380][ T5770] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.245433][ T5770] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.254265][ T5770] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.263768][ T5770] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 71.375885][ T3501] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 71.385951][ T3501] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 71.471680][ T2920] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 71.489801][ T2920] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 71.522922][ T42] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 71.551665][ T4507] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 71.551871][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.569307][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.583551][ T42] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 71.593771][ T4507] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 71.689540][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 71.700929][ T5858] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 71.725270][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 71.800625][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 71.815739][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 72.347658][ T5778] Bluetooth: hci0: command tx timeout [ 72.506889][ T5778] Bluetooth: hci1: command tx timeout [ 72.512628][ T5778] Bluetooth: hci2: command tx timeout [ 72.520468][ T5773] Bluetooth: hci3: command tx timeout [ 73.204065][ T5880] syz.1.9[5880]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 73.302930][ T5880] loop1: detected capacity change from 0 to 512 [ 74.058374][ T5880] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 74.202855][ T5880] EXT4-fs error (device loop1): ext4_validate_block_bitmap:439: comm syz.1.9: bg 0: block 255: padding at end of block bitmap is not set [ 74.236680][ T5880] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6653: Corrupt filesystem [ 74.249419][ T5880] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #11: comm syz.1.9: invalid indirect mapped block 1 (level 1) [ 74.265071][ T5880] EXT4-fs (loop1): 1 truncate cleaned up [ 74.273037][ T5880] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 74.318589][ T5880] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 74.438492][ T51] Bluetooth: hci0: command tx timeout [ 74.589993][ T5773] Bluetooth: hci2: command tx timeout [ 74.595618][ T5778] Bluetooth: hci1: command tx timeout [ 74.602672][ T51] Bluetooth: hci3: command tx timeout [ 75.070694][ T5880] syz.1.9: vmalloc error: size 8392704, failed to allocated page array size 16392, mode:0xcc2(GFP_KERNEL|__GFP_HIGHMEM), nodemask=(null),cpuset=syz1,mems_allowed=0-1 [ 75.088268][ T5880] CPU: 1 PID: 5880 Comm: syz.1.9 Not tainted syzkaller #0 [ 75.095420][ T5880] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 75.105525][ T5880] Call Trace: [ 75.108816][ T5880] [ 75.111747][ T5880] dump_stack_lvl+0x18c/0x250 [ 75.116438][ T5880] ? show_regs_print_info+0x20/0x20 [ 75.121659][ T5880] ? load_image+0x400/0x400 [ 75.126170][ T5880] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 75.132589][ T5880] ? cpuset_print_current_mems_allowed+0x2e7/0x360 [ 75.139095][ T5880] warn_alloc+0x246/0x340 [ 75.143434][ T5880] ? zone_watermark_ok_safe+0x230/0x230 [ 75.149076][ T5880] ? _raw_spin_unlock+0x28/0x40 [ 75.153930][ T5880] __vmalloc_node_range+0x662/0x1330 [ 75.159235][ T5880] ? free_vm_area+0x50/0x50 [ 75.163743][ T5880] ? hashlimit_pernet+0x23/0x230 [ 75.168677][ T5880] ? htable_create+0xf2/0x790 [ 75.173351][ T5880] vmalloc+0x79/0x90 [ 75.177249][ T5880] ? htable_create+0xf2/0x790 [ 75.181920][ T5880] htable_create+0xf2/0x790 [ 75.186425][ T5880] hashlimit_mt_check_common+0x6ca/0x9e0 [ 75.192062][ T5880] hashlimit_mt_check_v1+0x237/0x380 [ 75.197348][ T5880] ? hashlimit_mt_v1+0x2d0/0x2d0 [ 75.202308][ T5880] ? trace_contention_end+0x39/0xe0 [ 75.207528][ T5880] ? __mutex_lock+0x315/0xcc0 [ 75.212219][ T5880] ? trace_raw_output_percpu_destroy_chunk+0xc0/0xc0 [ 75.218906][ T5880] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 75.224809][ T5880] xt_check_match+0x429/0xaf0 [ 75.229501][ T5880] ? xt_check_proc_name+0x270/0x270 [ 75.234792][ T5880] ? pcpu_alloc+0x11db/0x1860 [ 75.239468][ T5880] ? xt_percpu_counter_alloc+0x155/0x210 [ 75.245108][ T5880] ? xt_find_match+0x1f1/0x230 [ 75.249877][ T5880] translate_table+0x1553/0x20f0 [ 75.254836][ T5880] ? ipt_register_table+0x7d0/0x7d0 [ 75.260035][ T5880] ? __might_fault+0xaa/0x120 [ 75.264712][ T5880] ? __lock_acquire+0x7d40/0x7d40 [ 75.269735][ T5880] ? __virt_addr_valid+0x18c/0x540 [ 75.274854][ T5880] ? __might_fault+0xc6/0x120 [ 75.279529][ T5880] ? __might_fault+0xaa/0x120 [ 75.284218][ T5880] do_ipt_set_ctl+0x9f3/0xe00 [ 75.288906][ T5880] ? ipt_unregister_table_exit+0x230/0x230 [ 75.294715][ T5880] ? __lock_acquire+0x7d40/0x7d40 [ 75.299743][ T5880] ? rcu_is_watching+0x15/0xb0 [ 75.304506][ T5880] ? trace_contention_end+0x39/0xe0 [ 75.309721][ T5880] ? __mutex_unlock_slowpath+0x1b4/0x6c0 [ 75.315369][ T5880] ? mutex_unlock+0x10/0x10 [ 75.319902][ T5880] ? aa_af_perm+0x330/0x330 [ 75.324410][ T5880] ? __fget_files+0x28/0x4b0 [ 75.329004][ T5880] nf_setsockopt+0x263/0x280 [ 75.333595][ T5880] ? sock_common_recvmsg+0x190/0x190 [ 75.338880][ T5880] do_sock_setsockopt+0x175/0x1a0 [ 75.343912][ T5880] ? __fdget+0x180/0x210 [ 75.348152][ T5880] __x64_sys_setsockopt+0x182/0x200 [ 75.353379][ T5880] do_syscall_64+0x55/0xa0 [ 75.357809][ T5880] ? clear_bhb_loop+0x40/0x90 [ 75.362488][ T5880] ? clear_bhb_loop+0x40/0x90 [ 75.367168][ T5880] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 75.373060][ T5880] RIP: 0033:0x7ffa7499bf79 [ 75.377485][ T5880] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 75.397105][ T5880] RSP: 002b:00007ffa75777028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 75.405523][ T5880] RAX: ffffffffffffffda RBX: 00007ffa74c15fa0 RCX: 00007ffa7499bf79 [ 75.413494][ T5880] RDX: 0000000000000040 RSI: 0004000000000000 RDI: 0000000000000004 [ 75.421464][ T5880] RBP: 00007ffa74a327e0 R08: 0000000000000448 R09: 0000000000000000 [ 75.429430][ T5880] R10: 00002000000006c0 R11: 0000000000000246 R12: 0000000000000000 [ 75.437396][ T5880] R13: 00007ffa74c16038 R14: 00007ffa74c15fa0 R15: 00007ffc4b289b48 [ 75.445389][ T5880] [ 75.482023][ T5880] Mem-Info: [ 75.485245][ T5880] active_anon:6223 inactive_anon:0 isolated_anon:0 [ 75.485245][ T5880] active_file:1009 inactive_file:39935 isolated_file:0 [ 75.485245][ T5880] unevictable:768 dirty:1756 writeback:0 [ 75.485245][ T5880] slab_reclaimable:9963 slab_unreclaimable:90430 [ 75.485245][ T5880] mapped:25176 shmem:1425 pagetables:586 [ 75.485245][ T5880] sec_pagetables:0 bounce:0 [ 75.485245][ T5880] kernel_misc_reclaimable:0 [ 75.485245][ T5880] free:1363989 free_pcp:11793 free_cma:0 [ 75.532046][ T5880] Node 0 active_anon:22692kB inactive_anon:0kB active_file:4036kB inactive_file:159536kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:100704kB dirty:7016kB writeback:0kB shmem:4164kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11392kB pagetables:2244kB sec_pagetables:0kB all_unreclaimable? no [ 75.578867][ T5880] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:8kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 75.613179][ T5880] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 75.636247][ T5903] 8021q: adding VLAN 0 to HW filter on device bond0 [ 75.646564][ T5880] lowmem_reserve[]: 0 2521 2522 2522 2522 [ 75.652966][ T5880] Node 0 DMA32 free:1570312kB boost:0kB min:34644kB low:43304kB high:51964kB reserved_highatomic:0KB active_anon:22752kB inactive_anon:0kB active_file:4036kB inactive_file:158712kB unevictable:1536kB writepending:7004kB present:3129332kB managed:2586972kB mlocked:0kB bounce:0kB free_pcp:10688kB local_pcp:9952kB free_cma:0kB [ 75.659793][ T5903] team0: Port device bond0 added [ 75.690030][ T5880] lowmem_reserve[]: 0 0 0 0 0 [ 75.711081][ T5880] Node 0 Normal free:8kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:40kB inactive_anon:0kB active_file:0kB inactive_file:824kB unevictable:0kB writepending:12kB present:1048576kB managed:872kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 75.713562][ T5904] bridge0: port 1(bridge_slave_0) entered disabled state [ 75.739404][ T5880] lowmem_reserve[]: 0 0 0 0 0 [ 75.755519][ T5880] Node 1 Normal free:3891320kB boost:0kB min:55244kB low:69052kB high:82860kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:8kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:19656kB local_pcp:7812kB free_cma:0kB [ 75.777100][ T5904] bridge0: port 2(bridge_slave_1) entered disabled state [ 75.792187][ T5880] lowmem_reserve[]: 0 0 0 0 0 [ 75.805039][ T5880] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 75.822243][ T5880] Node 0 DMA32: 200*4kB (UM) 417*8kB (UME) 74*16kB (UME) 22*32kB (UME) 21*64kB (UME) 11*128kB (UM) 12*256kB (M) 7*512kB (M) 8*1024kB (M) 7*2048kB (M) 374*4096kB (UME) = 1569864kB [ 75.854087][ T5880] Node 0 Normal: 0*4kB 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB [ 75.863789][ T5903] syz.3.15 (5903) used greatest stack depth: 18160 bytes left [ 75.867121][ T5880] Node 1 Normal: 240*4kB (UME) 57*8kB (UME) 27*16kB (UME) 44*32kB (UME) 19*64kB (UE) 8*128kB (UME) 1*256kB (E) 1*512kB (M) 2*1024kB (UE) 2*2048kB (UE) 947*4096kB (M) = 3891320kB [ 75.900535][ T5880] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 75.918314][ T5880] Node 0 hugepages_total=2 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 75.931774][ T5880] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 75.943952][ T5880] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 75.954862][ T5880] 42389 total pagecache pages [ 75.959892][ T5880] 0 pages in swap cache [ 75.964173][ T5880] Free swap = 124996kB [ 75.968498][ T5880] Total swap = 124996kB [ 75.972875][ T5880] 2097051 pages RAM [ 75.977160][ T5880] 0 pages HighMem/MovableOnly [ 75.981924][ T5880] 416922 pages reserved [ 75.986205][ T5880] 0 pages cma reserved [ 76.034657][ T5766] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 77.125361][ T5919] netlink: 'syz.3.19': attribute type 27 has an invalid length. [ 77.134455][ T5919] netlink: 'syz.3.19': attribute type 4 has an invalid length. [ 77.145690][ T5919] netlink: 144 bytes leftover after parsing attributes in process `syz.3.19'. [ 77.918211][ T5934] bridge0: entered promiscuous mode [ 77.923928][ T5934] vlan2: entered promiscuous mode [ 78.025140][ T5924] loop3: detected capacity change from 0 to 32768 [ 78.098129][ T5924] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 scanned by syz.3.22 (5924) [ 78.848546][ T5924] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 78.876971][ T5924] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 78.885781][ T5924] BTRFS info (device loop3): setting nodatacow, compression disabled [ 78.895164][ T5924] BTRFS info (device loop3): force clearing of disk cache [ 78.903620][ T5924] BTRFS info (device loop3): setting datacow [ 78.914114][ T5924] BTRFS info (device loop3): turning off barriers [ 78.940491][ T5924] BTRFS info (device loop3): disabling free space tree [ 78.947711][ T5924] BTRFS info (device loop3): enabling ssd optimizations [ 78.954779][ T5924] BTRFS info (device loop3): using spread ssd allocation scheme [ 79.125934][ T5924] BTRFS info (device loop3): not using ssd optimizations [ 79.144459][ T5924] BTRFS info (device loop3): not using spread ssd allocation scheme [ 79.276092][ T5924] BTRFS info (device loop3): rebuilding free space tree [ 79.340971][ T5956] overlayfs: bad index found (index=index/00fb2100015d8d709fa3ed4cd69852b6a1df1f47fe85be67964000000000000000, ftype=2000, origin ftype=a000). [ 79.361370][ T5924] BTRFS info (device loop3): disabling free space tree [ 79.369141][ T5924] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 79.379775][ T5924] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 79.506364][ T5970] netlink: 20 bytes leftover after parsing attributes in process `syz.1.30'. [ 79.837110][ T5769] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 80.007446][ T5832] usb 2-1: new full-speed USB device number 2 using dummy_hcd [ 80.216930][ T5832] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 80.245722][ T5832] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 80.264521][ T5832] usb 2-1: Product: syz [ 80.274375][ T5832] usb 2-1: Manufacturer: syz [ 80.289758][ T5832] usb 2-1: SerialNumber: syz [ 80.339818][ T5832] usb 2-1: config 0 descriptor?? [ 81.018399][ T5832] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 81.189810][ T5990] netlink: 'syz.3.36': attribute type 1 has an invalid length. [ 81.290723][ T5992] netlink: 24 bytes leftover after parsing attributes in process `syz.0.37'. [ 81.451579][ T5999] binder: 5997:5999 ioctl c0306201 200000000240 returned -14 [ 81.789848][ T788] cfg80211: failed to load regulatory.db [ 82.363324][ T9] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 83.136431][ T5832] dvb_usb_rtl28xxu: probe of 2-1:0.0 failed with error -71 [ 83.149685][ T5832] usb 2-1: USB disconnect, device number 2 [ 83.239532][ T9] usb 4-1: config 0 has no interfaces? [ 83.255273][ T9] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 83.286165][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 83.311908][ T9] usb 4-1: config 0 descriptor?? [ 83.717148][ T28] usb 4-1: USB disconnect, device number 2 [ 84.418923][ T6038] loop0: detected capacity change from 0 to 8192 [ 84.445887][ T6038] ======================================================= [ 84.445887][ T6038] WARNING: The mand mount option has been deprecated and [ 84.445887][ T6038] and is ignored by this kernel. Remove the mand [ 84.445887][ T6038] option from the mount to silence this warning. [ 84.445887][ T6038] ======================================================= [ 87.766717][ T27] audit: type=1326 audit(2000000001.430:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6072 comm="syz.0.63" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fedba39bf79 code=0x0 [ 87.986981][ T5832] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 88.862506][ T5832] usb 4-1: Using ep0 maxpacket: 32 [ 88.878314][ T5832] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 88.945027][ T5832] usb 4-1: too many endpoints for config 0 interface 0 altsetting 9: 33, using maximum allowed: 30 [ 88.957034][ T5832] usb 4-1: config 0 interface 0 altsetting 9 has 0 endpoint descriptors, different from the interface descriptor's value: 33 [ 88.971065][ T5832] usb 4-1: config 0 interface 0 has no altsetting 0 [ 88.976838][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 88.978575][ T5832] usb 4-1: New USB device found, idVendor=1b1c, idProduct=0c10, bcdDevice= 0.00 [ 88.999614][ T5832] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 88.999721][ T6087] netlink: 4 bytes leftover after parsing attributes in process `syz.2.66'. [ 89.016421][ T6087] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 89.024027][ T6087] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 89.041111][ T6087] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 89.048633][ T6087] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 89.088807][ T5832] usb 4-1: config 0 descriptor?? [ 89.754959][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 90.880377][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 90.982758][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 91.637034][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 91.689498][ T6071] loop3: detected capacity change from 0 to 8192 [ 92.517626][ T9] usb 4-1: USB disconnect, device number 3 [ 92.916782][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 93.076942][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 94.329089][ T6137] loop0: detected capacity change from 0 to 512 [ 95.013906][ T6137] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 95.031332][ T6137] ext4 filesystem being mounted at /20/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 95.274029][ T5770] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 95.302128][ T5770] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5920: Out of memory [ 95.335616][ T5770] EXT4-fs error (device loop0): ext4_quota_off:7233: inode #4: comm syz-executor: mark_inode_dirty error [ 95.346990][ T6150] binder_alloc: 6149: pid 6149 spamming oneway? 2 buffers allocated for a total size of 5120 [ 95.364129][ T5770] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5920: Out of memory [ 95.374155][ T5770] EXT4-fs error (device loop0): ext4_quota_off:7233: inode #3: comm syz-executor: mark_inode_dirty error [ 95.375130][ T6150] binder_alloc: 6149: pid 6149 spamming oneway? 3 buffers allocated for a total size of 5128 [ 95.605165][ T6158] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 96.717186][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 97.126706][ T0] NOHZ tick-stop error: local softirq work is pending, handler #342!!! [ 97.367223][ T6185] loop1: detected capacity change from 0 to 512 [ 97.404905][ T6185] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 97.447876][ T6185] EXT4-fs (loop1): 1 truncate cleaned up [ 97.449008][ T6185] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 97.548050][ T6188] syzkaller0: entered promiscuous mode [ 97.569637][ T6188] syzkaller0: entered allmulticast mode [ 98.355605][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 98.666951][ T5766] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 98.705107][ T6196] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 98.812048][ T6203] loop1: detected capacity change from 0 to 512 [ 98.832460][ T6203] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 98.899360][ T6203] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2853: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 98.919219][ T6203] EXT4-fs (loop1): 1 truncate cleaned up [ 98.933755][ T6203] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 99.087315][ T6203] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 99.356581][ T5913] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 99.557046][ T5913] usb 1-1: Using ep0 maxpacket: 16 [ 99.644621][ T5913] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 99.754357][ T5913] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 99.855307][ T5913] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 99.936161][ T5913] usb 1-1: Product: syz [ 99.979005][ T5913] usb 1-1: Manufacturer: syz [ 100.021390][ T5913] usb 1-1: SerialNumber: syz [ 100.130607][ T5913] usb 1-1: config 0 descriptor?? [ 100.169453][ T5913] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 100.207639][ T5913] em28xx 1-1:0.0: DVB interface 0 found: bulk [ 100.508612][ T5832] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 100.707631][ T5832] usb 4-1: Using ep0 maxpacket: 32 [ 100.728849][ T5832] usb 4-1: config 0 has an invalid interface number: 188 but max is 0 [ 100.737265][ T5832] usb 4-1: config 0 has no interface number 0 [ 100.743398][ T5832] usb 4-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [ 100.779432][ T5832] usb 4-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36 [ 100.788888][ T5832] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 100.803787][ T5913] em28xx 1-1:0.0: unknown em28xx chip ID (0) [ 100.807066][ T5832] usb 4-1: Product: syz [ 100.826913][ T5832] usb 4-1: Manufacturer: syz [ 100.831564][ T5832] usb 4-1: SerialNumber: syz [ 100.849164][ T5832] usb 4-1: config 0 descriptor?? [ 100.855009][ T6232] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 101.099973][ T6232] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 101.251783][ T5913] em28xx 1-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 101.260249][ T5913] em28xx 1-1:0.0: board has no eeprom [ 103.337531][ T6215] em28xx 1-1:0.0: reading from i2c device at 0x1a4 failed (error=-5) [ 103.397940][ T5913] em28xx 1-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 103.405833][ T5913] em28xx 1-1:0.0: dvb set to bulk mode. [ 103.452880][ T5832] asix 4-1:0.188 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 103.476961][ T23] em28xx 1-1:0.0: Binding DVB extension [ 103.519949][ T5832] asix: probe of 4-1:0.188 failed with error -71 [ 103.541508][ T5756] usb 1-1: USB disconnect, device number 2 [ 103.708049][ T5756] em28xx 1-1:0.0: Disconnecting em28xx [ 103.715616][ T5832] usb 4-1: USB disconnect, device number 4 [ 103.903396][ T6271] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic [ 104.943597][ T23] em28xx 1-1:0.0: Registering input extension [ 104.962564][ T5756] em28xx 1-1:0.0: Closing input extension [ 105.022005][ T5756] em28xx 1-1:0.0: Freeing device [ 105.396631][ T5756] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 105.897105][ T5756] usb 1-1: Using ep0 maxpacket: 8 [ 106.202998][ T5756] usb 1-1: unable to get BOS descriptor or descriptor too short [ 106.470762][ T5756] usb 1-1: unable to read config index 0 descriptor/start: -71 [ 106.486674][ T5756] usb 1-1: can't read configurations, error -71 [ 107.116900][ T5832] IPVS: starting estimator thread 0... [ 107.226955][ T6296] IPVS: using max 17 ests per chain, 40800 per kthread [ 107.430061][ T6300] loop0: detected capacity change from 0 to 1024 [ 107.496124][ T6300] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 107.612705][ T27] audit: type=1800 audit(2000000021.280:3): pid=6300 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.129" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 107.718048][ T27] audit: type=1800 audit(2000000021.310:4): pid=6300 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.129" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 108.466463][ C1] sched: RT throttling activated [ 109.025029][ T6279] Set syz1 is full, maxelem 65536 reached [ 109.232570][ T6315] netlink: 16 bytes leftover after parsing attributes in process `syz.3.133'. [ 109.460265][ T5770] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 112.463349][ T6358] loop0: detected capacity change from 0 to 128 [ 112.514115][ T6358] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 54) [ 112.527956][ T6358] FAT-fs (loop0): Filesystem has been set read-only [ 112.769997][ T6361] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 54) [ 112.932525][ T6372] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 114.591053][ T6391] netlink: 201392 bytes leftover after parsing attributes in process `syz.2.156'. [ 118.306621][ T51] Bluetooth: Unknown BR/EDR signaling command 0x0f [ 118.313518][ T51] Bluetooth: Wrong link type (-22) [ 118.320518][ T51] Bluetooth: Unknown BR/EDR signaling command 0x0f [ 118.327742][ T51] Bluetooth: Wrong link type (-22) [ 118.332974][ T51] Bluetooth: Unknown BR/EDR signaling command 0x0e [ 118.339807][ T51] Bluetooth: Wrong link type (-22) [ 118.345257][ T51] Bluetooth: hci2: link tx timeout [ 118.352959][ T51] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa [ 120.101106][ T6420] ipt_REJECT: ECHOREPLY no longer supported. [ 120.261775][ T6422] fuse: Bad value for 'fd' [ 121.676615][ T51] Bluetooth: hci2: command 0x0406 tx timeout [ 121.820626][ T6368] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 121.919945][ T6368] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 122.456121][ T6368] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 122.465370][ T6368] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 122.474737][ T6368] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 122.484954][ T6368] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 124.543334][ T5778] Bluetooth: Unknown BR/EDR signaling command 0x0f [ 124.551109][ T5778] Bluetooth: Wrong link type (-22) [ 124.556917][ T5778] Bluetooth: Unknown BR/EDR signaling command 0x0f [ 124.563539][ T5778] Bluetooth: Wrong link type (-22) [ 124.568856][ T5778] Bluetooth: Unknown BR/EDR signaling command 0x0e [ 124.575841][ T5778] Bluetooth: Wrong link type (-22) [ 124.581553][ T5778] Bluetooth: hci1: link tx timeout [ 124.588043][ T5778] Bluetooth: hci1: killing stalled connection 11:aa:aa:aa:aa:aa [ 125.323745][ T6468] netlink: 60 bytes leftover after parsing attributes in process `syz.2.179'. [ 126.692182][ T51] Bluetooth: hci1: command 0x0406 tx timeout [ 133.022582][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.028988][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.199426][ T6526] netlink: 4 bytes leftover after parsing attributes in process `syz.0.203'. [ 133.392472][ T6531] syzkaller0: entered promiscuous mode [ 133.398772][ T6531] syzkaller0: entered allmulticast mode [ 135.511439][ T6566] overlayfs: failed to clone upperpath [ 139.045323][ T6583] netlink: 96 bytes leftover after parsing attributes in process `syz.2.212'. [ 142.550582][ T6608] overlayfs: failed to clone upperpath [ 142.878641][ T6612] netlink: 'syz.3.216': attribute type 9 has an invalid length. [ 142.886857][ T6612] netlink: 126588 bytes leftover after parsing attributes in process `syz.3.216'. [ 144.825409][ T6629] netlink: 12 bytes leftover after parsing attributes in process `syz.2.222'. [ 144.912797][ T6629] bridge1: port 1(veth3) entered blocking state [ 144.934412][ T6629] bridge1: port 1(veth3) entered disabled state [ 144.945361][ T6629] veth3: entered allmulticast mode [ 144.958708][ T6629] veth3: entered promiscuous mode [ 144.985879][ T6631] bridge1: port 2(veth0_to_bond) entered blocking state [ 145.000849][ T6631] bridge1: port 2(veth0_to_bond) entered disabled state [ 145.008654][ T6631] veth0_to_bond: entered allmulticast mode [ 145.016140][ T6631] veth0_to_bond: entered promiscuous mode [ 145.080981][ T6629] bridge1: port 3(veth5) entered blocking state [ 145.089876][ T6629] bridge1: port 3(veth5) entered disabled state [ 145.096398][ T6629] veth5: entered allmulticast mode [ 145.104833][ T6629] veth5: entered promiscuous mode [ 145.113937][ T6629] Zero length message leads to an empty skb [ 146.171910][ T6640] tipc: Enabling of bearer rejected, failed to enable media [ 149.777460][ T6670] netlink: 40 bytes leftover after parsing attributes in process `syz.0.232'. [ 150.020025][ T6675] netlink: 'syz.3.235': attribute type 12 has an invalid length. [ 150.306237][ T6678] netlink: 24 bytes leftover after parsing attributes in process `syz.0.236'. [ 152.465667][ T6686] netlink: 4 bytes leftover after parsing attributes in process `syz.2.233'. [ 152.509866][ T6686] syz_tun: entered promiscuous mode [ 152.515797][ T6686] macvtap1: entered promiscuous mode [ 152.537071][ T6686] macvtap1: entered allmulticast mode [ 152.548016][ T6686] syz_tun: entered allmulticast mode [ 152.579256][ T6690] syz_tun: left allmulticast mode [ 152.584705][ T6690] syz_tun: left promiscuous mode [ 152.961633][ T6700] netlink: 84 bytes leftover after parsing attributes in process `syz.0.238'. [ 156.975938][ T6731] tipc: Enabling of bearer rejected, failed to enable media [ 162.268865][ T51] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 162.286412][ T51] Bluetooth: hci3: Injecting HCI hardware error event [ 162.295708][ T5778] Bluetooth: hci3: hardware error 0x00 [ 163.673240][ T6809] netlink: 52 bytes leftover after parsing attributes in process `syz.0.271'. [ 163.704886][ T6809] bridge0: port 2(bridge_slave_1) entered disabled state [ 163.712704][ T6809] bridge0: port 1(bridge_slave_0) entered disabled state [ 163.746653][ T6812] netlink: 76 bytes leftover after parsing attributes in process `syz.0.271'. [ 163.905789][ T6812] bridge0: port 2(bridge_slave_1) entered blocking state [ 163.913092][ T6812] bridge0: port 2(bridge_slave_1) entered forwarding state [ 163.921765][ T6812] bridge0: port 1(bridge_slave_0) entered blocking state [ 163.929009][ T6812] bridge0: port 1(bridge_slave_0) entered forwarding state [ 163.980130][ T6812] netlink: 52 bytes leftover after parsing attributes in process `syz.0.271'. [ 164.251334][ T6812] bridge0: port 2(bridge_slave_1) entered disabled state [ 164.258678][ T6812] bridge0: port 1(bridge_slave_0) entered disabled state [ 164.426999][ T5778] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 164.738109][ T6821] netlink: 'syz.1.274': attribute type 1 has an invalid length. [ 167.117098][ T6819] netlink: 4 bytes leftover after parsing attributes in process `syz.1.274'. [ 169.025528][ T6851] overlayfs: failed to clone upperpath [ 169.283840][ T6850] netlink: 'syz.1.279': attribute type 16 has an invalid length. [ 169.291746][ T6850] netlink: 'syz.1.279': attribute type 17 has an invalid length. [ 170.067527][ T6850] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 172.347521][ T6892] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 175.252923][ T6907] tipc: Enabling of bearer rejected, failed to enable media [ 181.529803][ T6943] netlink: 52 bytes leftover after parsing attributes in process `syz.3.302'. [ 181.559102][ T6943] netlink: 76 bytes leftover after parsing attributes in process `syz.3.302'. [ 181.593723][ T6943] netlink: 52 bytes leftover after parsing attributes in process `syz.3.302'. [ 182.029288][ T6952] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 182.029288][ T6952] The task syz.3.306 (6952) triggered the difference, watch for misbehavior. [ 183.048114][ T6959] netlink: 4 bytes leftover after parsing attributes in process `syz.0.308'. [ 185.956225][ T6998] xt_TCPMSS: Only works on TCP SYN packets [ 186.812340][ T7001] tipc: Enabling of bearer rejected, failed to enable media [ 187.042037][ T7005] tipc: Enabling of bearer rejected, failed to enable media [ 187.413968][ T7015] Illegal XDP return value 4294967294 on prog (id 32) dev syz_tun, expect packet loss! [ 187.657330][ T7019] tipc: Enabling of bearer rejected, failed to enable media [ 191.626589][ T5778] Bluetooth: hci1: command 0x0406 tx timeout [ 191.627346][ T5768] Bluetooth: hci2: command 0x0406 tx timeout [ 191.632686][ T5778] Bluetooth: hci0: command 0x0406 tx timeout [ 192.696900][ T7078] fuse: Unknown parameter '0x0000000000000004' [ 193.507250][ T7092] tipc: Enabling of bearer rejected, failed to enable media [ 193.621390][ T7096] netlink: 12 bytes leftover after parsing attributes in process `syz.1.346'. [ 193.865013][ T7096] bridge1: port 1(veth3) entered blocking state [ 193.895690][ T7096] bridge1: port 1(veth3) entered disabled state [ 193.919931][ T7096] veth3: entered allmulticast mode [ 194.431250][ T7103] capability: warning: `syz.2.347' uses deprecated v2 capabilities in a way that may be insecure [ 194.899625][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.905980][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.978010][ T7096] veth3: entered promiscuous mode [ 195.031045][ T5913] libceph: connect (1)[c::]:6789 error -101 [ 195.049995][ T5913] libceph: mon0 (1)[c::]:6789 connect error [ 195.116602][ T7100] bridge1: port 2(veth0_to_bond) entered blocking state [ 195.164390][ T7100] bridge1: port 2(veth0_to_bond) entered disabled state [ 195.192324][ T7100] veth0_to_bond: entered allmulticast mode [ 195.217743][ T7100] veth0_to_bond: entered promiscuous mode [ 195.297217][ T7101] bridge1: port 3(veth5) entered blocking state [ 195.308265][ T7101] bridge1: port 3(veth5) entered disabled state [ 195.323478][ T7101] veth5: entered allmulticast mode [ 195.331992][ T5913] libceph: connect (1)[c::]:6789 error -101 [ 195.346348][ T5913] libceph: mon0 (1)[c::]:6789 connect error [ 195.362913][ T7101] veth5: entered promiscuous mode [ 196.305585][ T5913] libceph: connect (1)[c::]:6789 error -101 [ 196.386724][ T5913] libceph: mon0 (1)[c::]:6789 connect error [ 196.396562][ T7107] ceph: No mds server is up or the cluster is laggy [ 196.479705][ T7119] syz.3.351 uses obsolete (PF_INET,SOCK_PACKET) [ 207.580241][ T7218] warning: `syz.2.372' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 207.882673][ T7225] netlink: 8 bytes leftover after parsing attributes in process `syz.0.375'. [ 210.244036][ T7235] overlayfs: failed to clone lowerpath [ 210.408424][ T7238] syz_tun: entered allmulticast mode [ 210.444845][ T7237] syz_tun: left allmulticast mode [ 216.343619][ T5773] Bluetooth: hci0: unexpected event 0x2f length: 1017 > 260 [ 217.445068][ T7297] 8021q: adding VLAN 0 to HW filter on device bond1 [ 217.527324][ T7297] bond_slave_0: entered promiscuous mode [ 217.533383][ T7297] bond_slave_1: entered promiscuous mode [ 217.543308][ T7297] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 217.554621][ T7297] bond1: (slave macvlan2): making interface the new active one [ 217.565440][ T7297] bond1: (slave macvlan2): Enslaving as an active interface with an up link [ 255.871290][ T1287] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.877707][ T1287] ieee802154 phy1 wpan1: encryption failed: -22 [ 324.186393][ C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 324.193378][ C1] rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P5770/1:b..l [ 324.201761][ C1] rcu: (detected by 1, t=10502 jiffies, g=16897, q=176 ncpus=2) [ 324.209494][ C1] task:syz-executor state:R running task stack:21680 pid:5770 ppid:5762 flags:0x00004002 [ 324.221300][ C1] Call Trace: [ 324.224611][ C1] [ 324.227554][ C1] __schedule+0x1553/0x45a0 [ 324.232104][ C1] ? entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 324.238192][ C1] ? asan.module_dtor+0x20/0x20 [ 324.243089][ C1] ? mark_lock+0x94/0x320 [ 324.247453][ C1] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 324.253474][ C1] ? preempt_schedule_irq+0xb4/0x150 [ 324.258789][ C1] preempt_schedule_irq+0xbf/0x150 [ 324.263931][ C1] ? preempt_schedule_notrace+0x110/0x110 [ 324.269666][ C1] ? save_stack+0x149/0x230 [ 324.274189][ C1] ? rcu_irq_exit_check_preempt+0xdf/0x210 [ 324.280011][ C1] irqentry_exit+0x67/0x70 [ 324.284444][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 324.290440][ C1] RIP: 0010:__reset_page_owner+0x8c/0x190 [ 324.296188][ C1] Code: 01 00 00 00 48 89 5c 24 08 89 d9 d3 e0 45 31 f6 85 c0 44 0f 4f f0 48 c7 c3 80 09 33 97 48 c1 eb 03 eb 07 4c 03 3d f4 9a 4a 15 <66> 83 fd 1f 0f 87 8c 00 00 00 e8 15 a6 9e ff 41 83 ee 01 0f 82 ba [ 324.315809][ C1] RSP: 0018:ffffc900045af660 EFLAGS: 00000286 [ 324.321893][ C1] RAX: 0000003307559d43 RBX: 1ffffffff2e66130 RCX: ffffffff81e86eb7 [ 324.329874][ C1] RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffff88801b5280e4 [ 324.337855][ C1] RBP: 0000000000000000 R08: ffff88801b5280d7 R09: 1ffff110036a501a [ 324.345851][ C1] R10: dffffc0000000000 R11: ffffed10036a501b R12: dffffc0000000000 [ 324.353853][ C1] R13: ffff88801b5280f0 R14: 0000000000000000 R15: ffff88801b528118 [ 324.361859][ C1] ? __reset_page_owner+0xb7/0x190 [ 324.367017][ C1] free_unref_page_prepare+0x7b2/0x8c0 [ 324.372498][ C1] free_unref_page_list+0xbe/0x860 [ 324.377633][ C1] ? __folio_memcg+0x63/0x160 [ 324.382321][ C1] ? folio_memcg+0x127/0x480 [ 324.387013][ C1] release_pages+0x1f7a/0x2200 [ 324.391796][ C1] ? lru_cache_disable+0x30/0x30 [ 324.396912][ C1] ? do_raw_spin_unlock+0x121/0x230 [ 324.402133][ C1] __folio_batch_release+0x71/0xe0 [ 324.407267][ C1] shmem_undo_range+0x630/0x1b20 [ 324.412314][ C1] ? shmem_truncate_range+0xa0/0xa0 [ 324.417550][ C1] ? inode_wait_for_writeback+0x1e3/0x230 [ 324.423302][ C1] ? __lock_acquire+0x7d40/0x7d40 [ 324.428330][ C1] ? do_raw_spin_lock+0x11f/0x2c0 [ 324.433456][ C1] shmem_evict_inode+0x245/0x9e0 [ 324.438410][ C1] ? inode_wait_for_writeback+0x1e3/0x230 [ 324.444139][ C1] ? shmem_free_in_core_inode+0xb0/0xb0 [ 324.449695][ C1] ? sb_clear_inode_writeback+0x360/0x360 [ 324.455427][ C1] ? do_raw_spin_lock+0x11f/0x2c0 [ 324.460467][ C1] ? bit_waitqueue+0x30/0x30 [ 324.465071][ C1] ? do_raw_spin_unlock+0x121/0x230 [ 324.470286][ C1] ? shmem_free_in_core_inode+0xb0/0xb0 [ 324.475841][ C1] evict+0x4ca/0x8d0 [ 324.479764][ C1] ? proc_nr_inodes+0x230/0x230 [ 324.484638][ C1] ? do_raw_spin_unlock+0x121/0x230 [ 324.489866][ C1] ? _raw_spin_unlock+0x28/0x40 [ 324.494739][ C1] ? iput+0x706/0x920 [ 324.498743][ C1] do_unlinkat+0x38c/0x590 [ 324.503175][ C1] ? fsnotify_link_count+0xf0/0xf0 [ 324.508405][ C1] ? getname_flags+0x20a/0x500 [ 324.513202][ C1] __x64_sys_unlink+0x49/0x50 [ 324.517897][ C1] do_syscall_64+0x55/0xa0 [ 324.522329][ C1] ? clear_bhb_loop+0x40/0x90 [ 324.527016][ C1] ? clear_bhb_loop+0x40/0x90 [ 324.531704][ C1] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 324.537618][ C1] RIP: 0033:0x7fedba39b067 [ 324.542406][ C1] RSP: 002b:00007ffe3340a438 EFLAGS: 00000206 ORIG_RAX: 0000000000000057 [ 324.550844][ C1] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fedba39b067 [ 324.558928][ C1] RDX: 00007ffe3340a460 RSI: 00007ffe3340a4f0 RDI: 00007ffe3340a4f0 [ 324.566914][ C1] RBP: 00007ffe3340a4f0 R08: 00007ffe3340b4f0 R09: 00000000ffffffff [ 324.574897][ C1] R10: 0000000000000100 R11: 0000000000000206 R12: 00007ffe3340b580 [ 324.582878][ C1] R13: 00007fedba431c3b R14: 0000000000034db1 R15: 00007ffe3340b5c0 [ 324.590872][ C1] [ 324.593916][ C1] rcu: rcu_preempt kthread starved for 10230 jiffies! g16897 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1 [ 324.605113][ C1] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 324.615094][ C1] rcu: RCU grace-period kthread stack dump: [ 324.620990][ C1] task:rcu_preempt state:R running task stack:27720 pid:17 ppid:2 flags:0x00004000 [ 324.631793][ C1] Call Trace: [ 324.635087][ C1] [ 324.638029][ C1] __schedule+0x1553/0x45a0 [ 324.642667][ C1] ? asan.module_dtor+0x20/0x20 [ 324.647535][ C1] ? enqueue_timer+0x23d/0x550 [ 324.652312][ C1] ? __mod_timer+0x984/0xdb0 [ 324.656932][ C1] schedule+0xbd/0x170 [ 324.661027][ C1] schedule_timeout+0x188/0x2d0 [ 324.665972][ C1] ? console_conditional_schedule+0x40/0x40 [ 324.671874][ C1] ? _raw_spin_unlock_irqrestore+0x86/0x120 [ 324.677777][ C1] ? update_process_times+0x1b0/0x1b0 [ 324.683166][ C1] ? prepare_to_swait_event+0x339/0x360 [ 324.688723][ C1] rcu_gp_fqs_loop+0x313/0x1590 [ 324.693592][ C1] ? dyntick_save_progress_counter+0x2b0/0x2b0 [ 324.699766][ C1] ? rcu_gp_init+0x1560/0x1560 [ 324.704537][ C1] ? rcu_gp_cleanup+0xb41/0xc90 [ 324.709398][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 324.714601][ C1] ? lockdep_hardirqs_on+0x98/0x150 [ 324.719836][ C1] rcu_gp_kthread+0x9d/0x3b0 [ 324.724450][ C1] ? rcu_report_qs_rsp+0x1a0/0x1a0 [ 324.729653][ C1] ? __kthread_parkme+0x7a/0x1c0 [ 324.734596][ C1] ? __kthread_parkme+0x162/0x1c0 [ 324.739694][ C1] kthread+0x2fa/0x390 [ 324.743948][ C1] ? rcu_report_qs_rsp+0x1a0/0x1a0 [ 324.749064][ C1] ? kthread_blkcg+0xd0/0xd0 [ 324.753744][ C1] ret_from_fork+0x48/0x80 [ 324.758182][ C1] ? kthread_blkcg+0xd0/0xd0 [ 324.762793][ C1] ret_from_fork_asm+0x11/0x20 [ 324.767591][ C1] [ 324.770611][ C1] rcu: Stack dump where RCU GP kthread last ran: [ 324.776952][ C1] CPU: 1 PID: 0 Comm: swapper/1 Not tainted syzkaller #0 [ 324.783985][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 324.794045][ C1] RIP: 0010:pv_native_safe_halt+0xf/0x10 [ 324.799692][ C1] Code: e7 22 02 c3 cc cc cc cc cc cc cc f3 0f 1e fa 0f 0b 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 66 90 0f 00 2d 83 f1 43 00 fb f4 66 0f 1f 00 55 41 57 41 56 41 54 53 50 8b 2f eb 2e 41 89 de 80 [ 324.819663][ C1] RSP: 0018:ffffc90000187de0 EFLAGS: 000002c2 [ 324.825742][ C1] RAX: bd72758622456f00 RBX: ffffffff8162a490 RCX: bd72758622456f00 [ 324.833725][ C1] RDX: 0000000000000001 RSI: ffffffff8acac900 RDI: ffffffff8b1c81e0 [ 324.841699][ C1] RBP: ffffc90000187f20 R08: ffff8880b8f36b2b R09: 1ffff110171e6d65 [ 324.849678][ C1] R10: dffffc0000000000 R11: ffffed10171e6d66 R12: 1ffff110037cd780 [ 324.857659][ C1] R13: 1ffff92000030fc8 R14: 0000000000000001 R15: dffffc0000000000 [ 324.865638][ C1] FS: 0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 [ 324.874573][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 324.881157][ C1] CR2: 00007ffa74be42f8 CR3: 000000001c799000 CR4: 00000000003506e0 [ 324.889136][ C1] Call Trace: [ 324.892416][ C1] [ 324.895355][ C1] default_idle+0x13/0x20 [ 324.899696][ C1] default_idle_call+0x6c/0xa0 [ 324.904470][ C1] do_idle+0x1f0/0x4e0 [ 324.908551][ C1] ? idle_inject_timer_fn+0x60/0x60 [ 324.913847][ C1] ? lockdep_hardirqs_on+0x98/0x150 [ 324.919066][ C1] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 324.924723][ C1] cpu_startup_entry+0x43/0x60 [ 324.929495][ C1] start_secondary+0xee/0xf0 [ 324.934096][ C1] secondary_startup_64_no_verify+0x179/0x17b [ 324.940187][ C1]