last executing test programs: 7m44.974357175s ago: executing program 1 (id=2): gettid() syz_mount_image$ext4(&(0x7f0000001040)='ext2\x00', &(0x7f00000001c0)='./file1\x00', 0x800714, &(0x7f0000001080)={[{@bsdgroups}]}, 0xfe, 0x494, &(0x7f0000000840)="$eJzs3M1vFOUfAPDvTFugvLU/foiCoFU0El9aWlA5eFCjiQdNTPSAx9oWRBZqaE2ENFqNwaMh8W48mvgXePNi1IMx8aqJR0NCtDGheKqZnRm6bHf7RtuF7ueTLPs8M8/0eb4z8+w+Mw+zAbStvuyfJGJnRPwWET159tYCffnb7MzUyI2ZqZEk5ube+Cuplrs+MzVSFi2321FkjqQR6adJPJ8srHfi4qWzw5XK2IUiPzB57r2BiYuXnjpzbvj02Omx80MnThw/NvjsM0NPr0mcWVzXD3w4fnD/K29deW3k5JW3f/wma9a+Q/n62jiWdKNBQA30ZXvt77mq+nWPrqDtd4NdNemks4UNYUU6IiI7XF3V/t8THTF/8Hri5U9a2jhgXWXfTVubr56eAzaxJFrdAqA1yi/67Pq3fG3Q0OOOcO2FiC1FenZmamT2ZvydkRbLu9ax/r6IODn975fZK1Z6HwIAYBWqY5snG43/0thXfc/nOnYXcyi9EfG/iNgTEf+PiL0RcU9Etey9EXFfvvFczzLr76vLLxz/pFcbtnmNZOO/52rGfrM18RdvvR1Fblc1/q7k1JnK2NFinxyJrq1ZfnCROr576dfPm62rHf9lr6z+cixYNOBqZ90NutHhyeG12gnXPo440Nko/uTmTEB2BuyPiAMr+9O7oztPnHn864PNCi0d/yLWYJ5p7quIx/LjPx118ZeSxecnB7ZFZezoQHlWLPTTL5dfb1b/bcW/BrLjv/3W87+uRM8/ST5f2xWVytiFiZXXcfn3z5pe06z2/N+SvFmds/75nXzZB8OTkxcGI7Ykr1bz5TVddfnQ/LZlviyfxX/kcOP+v6fYJov//ojITuJDEfFARDxYtP2hiHg4Ig4vEv8PLz7y7iLxJ5FES4//aMPPv5vnf29SO1+/ikTH2e+/bTZjvrzjfzymq5+1uern3xKW28Db3H0AAABwV0gjYmckaX+e7tsZadrfn/8f/r2xPa2MT0w+cWr8/fOj+TMCvdGVlne6emruhw4m08VfzPNDxb3icv2x4r7xFx3d1Xz/yHhltMWxQ7vbcWv/j7L/Z/7saHXrgHXneS1oX/X9P21RO4CNt5zvf9cCsDk16P/drWgHsPFc/0P7atT/P6rLG//D5rSw///R4CfrgM3I+B/al/4P7Uv/h7Z0O8/1L5FIm1dRPiyw+iq2LfsJ/3VOdEXEHdCMylj5ixfrWVd3zC+JtOUht1Ei6zEbW+n8b6gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADczf4LAAD//3344cc=") openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000880)=ANY=[@ANYBLOB="1c0000005e0025899e96c39681267d46dd12", @ANYRES32, @ANYBLOB="04000080"], 0x1c}], 0x1}, 0x0) 7m41.947611256s ago: executing program 3 (id=4): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b708000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000200)={{r0}, &(0x7f0000000140), &(0x7f0000000040)='%pI4 \x00'}, 0x2a) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r1}, 0x10) mremap(&(0x7f0000000000/0x9000)=nil, 0x600600, 0x200000, 0x3, &(0x7f0000a00000/0x600000)=nil) 7m41.362312392s ago: executing program 3 (id=16): ioctl$TCSETS(0xffffffffffffffff, 0x5402, 0x0) syz_open_dev$sndctrl(0x0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) recvmmsg(r0, &(0x7f0000001dc0)=[{{0x0, 0x0, &(0x7f0000000b40), 0x0, &(0x7f0000000bc0)=""/81, 0x51}, 0xff}, {{0x0, 0x0, 0x0}, 0xfe64}, {{&(0x7f0000001600)=@pptp={0x18, 0x2, {0x0, @initdev}}, 0x80, &(0x7f0000001c80)=[{0x0}, {0x0}, {&(0x7f0000001880)=""/58, 0x3a}, {0x0}, {0x0}, {0x0}, {0x0}], 0x7}, 0x9}], 0x3, 0x2080, 0x0) syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0) write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0) r1 = socket(0x10, 0x3, 0x6) r2 = socket(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newqdisc={0x88, 0x24, 0xf0b, 0x70bd26, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0xffff}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0x2, [], 0x0, [0x4, 0x2, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c4, 0x0, 0x0, 0x0, 0x3dc], [0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000]}}}}]}, 0x88}}, 0x20000000) 7m37.127906128s ago: executing program 3 (id=25): mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), 0x0, 0x5, r0}, 0x38) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x18, 0xd, &(0x7f0000000240)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x7) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000010000000000000000030000850000007b000000"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000000c0)='sched_switch\x00', r2}, 0x10) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f0000000480), 0x400034f, 0x2, 0x0) r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='mounts\x00') mount_setattr(0xffffffffffffffff, 0x0, 0x100, &(0x7f0000000740)={0x2, 0x100000, 0x180000, {r6}}, 0x20) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x900, 0x4064}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'veth0_vlan\x00', 0x0}) sendmsg$nl_route_sched(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x43d, 0x0, 0x0, {0x0, 0x0, 0x0, r8}}, 0x24}, 0x1, 0x0, 0x0, 0x8080}, 0x0) 7m29.146346335s ago: executing program 32 (id=2): gettid() syz_mount_image$ext4(&(0x7f0000001040)='ext2\x00', &(0x7f00000001c0)='./file1\x00', 0x800714, &(0x7f0000001080)={[{@bsdgroups}]}, 0xfe, 0x494, &(0x7f0000000840)="$eJzs3M1vFOUfAPDvTFugvLU/foiCoFU0El9aWlA5eFCjiQdNTPSAx9oWRBZqaE2ENFqNwaMh8W48mvgXePNi1IMx8aqJR0NCtDGheKqZnRm6bHf7RtuF7ueTLPs8M8/0eb4z8+w+Mw+zAbStvuyfJGJnRPwWET159tYCffnb7MzUyI2ZqZEk5ube+Cuplrs+MzVSFi2321FkjqQR6adJPJ8srHfi4qWzw5XK2IUiPzB57r2BiYuXnjpzbvj02Omx80MnThw/NvjsM0NPr0mcWVzXD3w4fnD/K29deW3k5JW3f/wma9a+Q/n62jiWdKNBQA30ZXvt77mq+nWPrqDtd4NdNemks4UNYUU6IiI7XF3V/t8THTF/8Hri5U9a2jhgXWXfTVubr56eAzaxJFrdAqA1yi/67Pq3fG3Q0OOOcO2FiC1FenZmamT2ZvydkRbLu9ax/r6IODn975fZK1Z6HwIAYBWqY5snG43/0thXfc/nOnYXcyi9EfG/iNgTEf+PiL0RcU9Etey9EXFfvvFczzLr76vLLxz/pFcbtnmNZOO/52rGfrM18RdvvR1Fblc1/q7k1JnK2NFinxyJrq1ZfnCROr576dfPm62rHf9lr6z+cixYNOBqZ90NutHhyeG12gnXPo440Nko/uTmTEB2BuyPiAMr+9O7oztPnHn864PNCi0d/yLWYJ5p7quIx/LjPx118ZeSxecnB7ZFZezoQHlWLPTTL5dfb1b/bcW/BrLjv/3W87+uRM8/ST5f2xWVytiFiZXXcfn3z5pe06z2/N+SvFmds/75nXzZB8OTkxcGI7Ykr1bz5TVddfnQ/LZlviyfxX/kcOP+v6fYJov//ojITuJDEfFARDxYtP2hiHg4Ig4vEv8PLz7y7iLxJ5FES4//aMPPv5vnf29SO1+/ikTH2e+/bTZjvrzjfzymq5+1uern3xKW28Db3H0AAABwV0gjYmckaX+e7tsZadrfn/8f/r2xPa2MT0w+cWr8/fOj+TMCvdGVlne6emruhw4m08VfzPNDxb3icv2x4r7xFx3d1Xz/yHhltMWxQ7vbcWv/j7L/Z/7saHXrgHXneS1oX/X9P21RO4CNt5zvf9cCsDk16P/drWgHsPFc/0P7atT/P6rLG//D5rSw///R4CfrgM3I+B/al/4P7Uv/h7Z0O8/1L5FIm1dRPiyw+iq2LfsJ/3VOdEXEHdCMylj5ixfrWVd3zC+JtOUht1Ei6zEbW+n8b6gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADczf4LAAD//3344cc=") openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000880)=ANY=[@ANYBLOB="1c0000005e0025899e96c39681267d46dd12", @ANYRES32, @ANYBLOB="04000080"], 0x1c}], 0x1}, 0x0) 7m21.636343941s ago: executing program 33 (id=25): mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), 0x0, 0x5, r0}, 0x38) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x18, 0xd, &(0x7f0000000240)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x7) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000010000000000000000030000850000007b000000"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000000c0)='sched_switch\x00', r2}, 0x10) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f0000000480), 0x400034f, 0x2, 0x0) r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='mounts\x00') mount_setattr(0xffffffffffffffff, 0x0, 0x100, &(0x7f0000000740)={0x2, 0x100000, 0x180000, {r6}}, 0x20) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x900, 0x4064}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'veth0_vlan\x00', 0x0}) sendmsg$nl_route_sched(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x43d, 0x0, 0x0, {0x0, 0x0, 0x0, r8}}, 0x24}, 0x1, 0x0, 0x0, 0x8080}, 0x0) 16.658697553s ago: executing program 6 (id=1018): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) socket$nl_xfrm(0x10, 0x3, 0x6) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2182, 0x0) ioctl$TCXONC(r3, 0x540a, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) 15.544914676s ago: executing program 6 (id=1020): socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffd}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x28}, 0x1, 0x0, 0x0, 0x4000804}, 0x80) r3 = socket$nl_route(0x10, 0x3, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0xc) r4 = openat$6lowpan_enable(0xffffffffffffff9c, &(0x7f0000002580), 0x2, 0x0) sendmsg$IPCTNL_MSG_CT_GET_STATS_CPU(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x4, 0x1, 0x101, 0x0, 0x0, {0x7, 0x0, 0x7}, ["", "", "", "", ""]}, 0x14}}, 0x8081) read(r4, 0x0, 0x0) fsopen(&(0x7f0000000200)='sysv\x00', 0x1) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) syz_clone3(&(0x7f00000004c0)={0xe12d480, &(0x7f0000000480), 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) 11.102538783s ago: executing program 4 (id=1028): syz_mount_image$iso9660(&(0x7f0000000240), &(0x7f0000000140)='./file1\x00', 0x1000c01, &(0x7f0000000040)=ANY=[], 0x5, 0x811, &(0x7f0000002380)="$eJzs3U1sHHcVAPA3rp04jkirgkoUpekkKVIiUndtty5WD2W7HjvT2rvW7holqlAbNU6J4vRTVWmEaHNpASEhThxLOVa99AZCAokDcEKiBy4ckCr1hAoCCYEAyWhnd+O1Y6/z5Vi0v5/Vndn/vJl5/9npvJ3NzmwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJFUpkulsSTm8uriqXRzlel6bb7P9O7yfrlm0Ge9EUnrvxgejv3tpv1fWJ18T+vhSBxsPzsYw63BcFzae89dj35+cKA7f5+EbtThzScN9T5JIt5sJXXhzPLy0svbkMht9L2fd0aGexp3RfTZvv9aaT3OZtW8Ucvny7NZmjdq6dTkZOnBkzONdCafyxqnG81sPq3Us3KzVk+PVY6nY1NTE2k2erq2WJ2dLs9l3cZHHhgvlSbTJ0YXsnK9Uas++MRoo3Iyn5vLq7NFzHjptWjFPNLaEZ/Mm2kzK8+n6bnzy0sTW/WuFTS2pmX3mo4dvP+uj1/96O/nl1o75GYLSTo75vjY2Pj42OTDUw8/UioNjpfG1zaU1okrETEQ0YrYlp2WnbV3g7bBzh5z1YSIlTtvzcEbbtJAp/7HXORRjcU4FWmkMVA8rv4NRSWmox61mG89/8PQuulpdA6Q3fr/pQf/8rt+6+2t/90qv3918oEo6v+h9rNDm9X/q7K4/r+xO681svp+O5vetlfi9bgUF+JMLMdyLMXLN5LDrvVL3ca/gVu7vNnIohp5NKIWecxHuWhJOy1pTMVkTEYpno6TMRN7Io2ZyGMusmjE6WhEM7Jij6pEPbIoRzNqUY80jkUljrdenZiKqZiINLIYjdNRi8WoxmxMR7lYyrk4X2z3iXV53fPtZ3723O8/fqc1fiVorE9HktabuVbQ3/oEXVXur6P+dyPU/0+b4c4x61rjb+nxG27GSlH/B699hv/8ZDvTAQAAALZBUnz6nkTEUNxbjM3kc9lTO50WAAAAcAsVX9s72BoMtcbujaR1/l/aIPLD254bAAAAcGskxTV2SUSMxH3tse7lUht9CAAAAAD8Hyr+/f9QazAS8UbR4PwfAAAAPmW+s9k99j/a1bnHbmNhd/KLv0a9PpRcXrkyX/niHe2RzuBrV6Y0Zw4k+zoLKQaTg5f2JhExWMkOJt27X/53d3v4SfF4YPUGhJvd6z8pElg4dX9ysbxRAtE/geJZfD8Ot2MOn20Pz3antNcyMpPPZaOV2tyjY0nnw5Hmq8+f/2YU3f9udX5fEufOLy+NPvvC8tkil8utpVy+2Ln7cdKdK6J9QUWfXFY6WyDu3bjHQ8WFGJ31jrTXW+rt/0B79oH+/U961/lWHGnHHBlpD0fW9n+4tc6x0UfHolzeN9DMTjVfXenpfSeLsXbP31zT8+t4Fd6Ko+2Yo8eOtgcbZDG+Jovnr85ivHf7X9u2uOYs3jn8xql//LqWZBNbZTFxk1kA7JRzxV1/VqvQnqIK/XulrVXQ1tXdPd05r+cod271XUZ3/p5aNxhXVff0Rqr7W3GsHXOs/X5i8MAGdaW0wRH9xfMv/qZzRH/ovR/9+OuHfvvBurp+HVm8F8fbMZ1B3P2rTWpsfeXO5BtPra2q77bmeHfT9TbmxpO4o7URix8fiksPnL945rml55aeHx+fmCw9VCo9PB5DxVuFzmCTTFUegM+2Pr+x0yq9yQffuhK62a/wJA9tcVZ995WvFIzGs/FCLMfZOFFcbRAR92281JGeryGc2OKsdaTnF15ObHFuuRo7vj5299Ek9kbEBrETPVvsiz8sBv/cphcEAG6DI1vU4aT7DuG1z3XmWBdxR5Kc2OK8e20tP94+d+2eHcfmtXwjX9nm7QEAnwVZ/ZNkpPl2Uq/nC0+PTU2NlZsns7ReqzyZ1vPp2SzNq82sXjlZrs5m6UK91qxVuh8dT2eNtLG4sFCrN9OZWj1dqDXyU8Uvv6edn35vZPPlajOvNBbmsnIjSyu1arNcaabTeaOSLiw+Ppc3Tmb1YubGQlbJZ/JKuZnXqmmjtlivZKNp2siynsB8Oqs285k8G0rzarpQz+fL9csRMbc4n6XTWaNSzxeatfYCu+vKqzO1+nyx2NEi7Zd6u//nndjmALDTXnn90oUzy8tLL9/YyB+vJXin+wgArLVBld6zowkBAAAAAAAAAAAAAABXufpyvVbrmpbh6H+R31Dc8OWDr+yOm7n68NM38uX32y/LzS/wvpduZjl7YnnXasuuzs6y89vnukeeeeyxC6styWDv5n38jf0n/5RFt3d9lrPx/ykbXer69r6IXT/9Qbvlq5sEJ4O3uKcfRsQNzL6S9Im5/cciAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANjK/wIAAP//BPFR5w==") madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe) madvise(&(0x7f00004ba000/0x2000)=nil, 0x2000, 0xc) syz_clone(0x20223000, 0x0, 0x0, 0x0, 0x0, 0x0) 10.963496177s ago: executing program 2 (id=1030): write$proc_mixer(0xffffffffffffffff, &(0x7f0000000180)=ANY=[@ANYBLOB='SYNTH \'Mic\' 00000000000000000000\nIGAIN \'Capture Volume\' 00000000000000000000\nVOLUME\nLINE\nMONITOR\nCD \'CD Capture\' 8'], 0x86) r0 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card0/oss_mixer\x00', 0x0, 0x0) dup3(r0, 0xffffffffffffffff, 0x0) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) r2 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r2, 0xc0184800, &(0x7f0000000080)={0x10001, r1}) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) recvmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x10140, 0x0) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000001b80), r5) sendmsg$IEEE802154_LIST_IFACE(r5, &(0x7f0000001c80)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000001bc0)={0x14, r6, 0x50be6fea6f3bdfbb, 0x70bd26, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x20000000) 10.815978153s ago: executing program 0 (id=1031): openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000007c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(sm4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) openat$cuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}}, 0x0) socket$inet(0x2, 0x4000000000000001, 0x0) socket$tipc(0x1e, 0x5, 0x0) pipe2(&(0x7f0000000200)={0x0, 0x0}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_io_uring_setup(0x10d2, &(0x7f0000000480)={0x0, 0x7734, 0x80, 0x3, 0x34f}, &(0x7f00000000c0)=0x0, &(0x7f0000000000)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x15523ea56aa22b9a, 0x0, 0x0, 0x0, 0x12345}) io_uring_enter(r2, 0x47bc, 0x0, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2, 0xc3072, 0xffffffffffffffff, 0x200000) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) 10.286551918s ago: executing program 6 (id=1032): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) socket$nl_xfrm(0x10, 0x3, 0x6) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2182, 0x0) ioctl$TCXONC(r3, 0x540a, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) 10.217983186s ago: executing program 4 (id=1033): r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/address_bits', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_open_dev$cec(0x0, 0x0, 0x80) ioctl$CEC_ADAP_S_LOG_ADDRS(r3, 0xc05c6104, &(0x7f00000000c0)={"fbffffff", 0x0, 0x5, 0x4, 0xf, 0x0, "000000ff00070000000900", '\x00', "05030400", "e86eade4", ['\x00', "00000012184eb81f43d83ba1", "0c000004dd372a9000"]}) sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x5, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x7, 0x81}, 0x0) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(0xffffffffffffffff, 0x0, 0x0) brk(0x400000ffc000) keyctl$get_keyring_id(0x0, 0x0, 0x2) io_uring_enter(0xffffffffffffffff, 0x567, 0x0, 0x8, 0x0, 0x0) r4 = inotify_init1(0x0) r5 = socket$igmp6(0xa, 0x3, 0x2) bind$inet6(r5, 0x0, 0x0) fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f0000000300)='\x00', &(0x7f0000000340)='?', 0x1) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_GET(0xffffffffffffffff, 0x0, 0x0) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) inotify_add_watch(r4, &(0x7f0000000080)='.\x00', 0x2000434) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0) symlinkat(&(0x7f0000000140)='./file0\x00', r0, &(0x7f00000001c0)='./file0\x00') r6 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r6, 0xc1105517, &(0x7f0000000340)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x6, 0x0, 0x4, 0x0, 0x59, 0x0, 'syz1\x00', 0x0}) ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r6, 0xc1105518, &(0x7f0000000040)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaa, 0x0, 0x8000000000000000, 0x0, 0xfffffffffffffffe, 0xb, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d67, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x800000, 0x0, 0x101, 0x0, 0xd721, 0x0, 0x4, 0x0, 0x0, 0x1, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x3, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6fd]}) 9.223435422s ago: executing program 6 (id=1034): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000000cc0)={[{@noauto_da_alloc}, {@nojournal_checksum}, {@barrier_val={'barrier', 0x3d, 0x10002}}, {@dioread_lock}, {@data_err_ignore}, {@mb_optimize_scan}, {@noquota}, {@nobarrier}, {@abort}, {@user_xattr}, {@norecovery}, {@errors_remount}]}, 0x1, 0x577, &(0x7f0000000740)="$eJzs3c1rHOUfAPDvbN769vs1hVJURAI9WNFumsSXCh7qUbRY0HtdkjGUbLoluylNLLQ92IsXKYKIBfHgTe8ei/+Af0VBi0VK0IOXyOzOpttkN9mm2yR1Px+Y8Dwzs/s835l5njyzzywbQN8ay/4UIp6PiC+TiMMRkeTbBiPfONbYb+XB1elsSWJ19aM/k/p+Wb75Xs3XHcwzz0XEL59HvFrYWG51aXmuVC6nC3l+vDZ/aby6tHzywnxpNp1NL05OTZ1+Y2ry7bfe7Fmsr5z7+5sP77x3+ovjK1//dO/IrSTOxKF8W2scT+B6a2YsxvJjMhRn1u040YPC9pJktyvAtgzk7Xwosj7gcAzkrR7477sWEatAn0q0f+hTzXFA896+R/fBz4z77zZugDbGP9j4bCT21e+NDqwkj9wZZfe7oz0oPyvj599v38qW6N3nEABbun4jIk4NDm7s/5K8/9u+U13ss74M/R/snDvZ+Oe1duOfwtr4J9qMfw62abvbsXX7L9zrQTEdZeO/d9qOf9cmrUYH8tz/6mO+oeTTC+U069v+X1+GRrL8ZvM5p1furnba1jr+y5as/OZYMK/HvcGRR18zU6qVniTmVvdvRLzQdvybrJ3/pM35z47HuS7LOJbefqnTtq3jf7pWv494ue35fzijlWw+Pzlevx7Gm1fFRn/dPPZrp/I3xj8cOxl/dv4PbB7/aNI6X1t9/DK+2/dP2mnbI/FH99f/cPJxPT2cr7tSqtUWJiKGkw82rp98+Npmvrl/Fv+J45v3f+2u//0R8UmX8d88+uOLXcXfuP4Hdvr8zzzW+X/8xN33P/u2U/nd9X+v11Mn8jXr+r/97d632wo+6fEDAAAAAACAvaQQEYciKRTX0oVCsdh4vuNoHCiURxvPf8RM1L8rOxpDheZM9+GW5yEm8udhm/nJdfmpiDgSEV8N7K/ni9OV8sxuBw8AAAAAAAAAAAAAAAAAAAB7xMEO3//P/Daw27UDnjo/+Q39a8v234tfegL2JP//oX9p/9C/tH/oX9o/9K+W9j+ym/UAdp7//9C/tH/oX9o/AAAAAAAAAAAAAAAAAAAAAAAAAAAA9NS5s2ezZXXlwdXpLD9zeWlxrnL55ExanSvOL04XpysLl4qzlcpsOS1OV+a3er9ypXJpYjIWr4zX0mptvLq0fH6+snixdv7CfGk2PZ8O7UhUAAAAAAAAAAAAAAAAAAAA8GypLi3PlcrldEFCYluJwb1RjUYiu6Rb1lzb7fpslvjjhz1RjZbESOua3e6ZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOChfwMAAP//sWsxug==") mount(0x0, &(0x7f00000002c0)='.\x00', 0x0, 0xc22, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x810, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0xd, 0xc, 0x0, 0x0, 0x18, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = syz_open_dev$usbfs(&(0x7f0000000140), 0x77, 0x1501) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$USBDEVFS_REAPURB(r1, 0x4008550c, 0x0) 8.417826756s ago: executing program 0 (id=1036): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0xc) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000080)={0x0, r1}) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000c40)) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1) 8.122010674s ago: executing program 5 (id=1038): r0 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0xc, &(0x7f0000000000)=0x201, 0x4) r1 = socket(0x200000000000011, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'bridge0\x00'}) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0}}, 0x0) 7.874617562s ago: executing program 0 (id=1039): socket(0x200000000000011, 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$nl_netfilter(0x10, 0x3, 0xc) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)) socket$nl_route(0x10, 0x3, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_route(0x10, 0x3, 0x0) socket$packet(0x11, 0x3, 0x300) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x1, 0x100007, 0x4, 0x25, 0x1, 0xffffffffffffffff, 0x400000}, 0x50) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="9000000010000305000000000000000000000700", @ANYRES32=0x0, @ANYBLOB="996e06004d4c0700540012800800010068737200480002800500030008000000050003000500000005000300fd00000008000200", @ANYRES32=r0, @ANYBLOB="08000100", @ANYRES32=r1], 0x90}}, 0x0) 7.725421402s ago: executing program 5 (id=1041): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x8000000000000001, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0xc000) mount(0x0, &(0x7f0000000040)='.\x00', &(0x7f0000000300)='romfs\x00', 0x5, 0x0) 7.686135417s ago: executing program 6 (id=1042): getpid() open_by_handle_at(0xffffffffffffffff, &(0x7f0000000180)=ANY=[@ANYBLOB="150000"], 0x1) 6.674750722s ago: executing program 0 (id=1045): r0 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="1b010000000000407e050e2000000000000109022400010000100309040000010300000009210000080122"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000001080)={0x24, 0x0, 0x0, &(0x7f0000001000)={0x0, 0x22, 0x7, {[@main=@item_012={0x2, 0x0, 0xb, "a5ec"}, @global=@item_012={0x2, 0x1, 0x0, "f061"}, @global=@item_012={0x0, 0x1, 0x7}]}}, 0x0}, 0x0) 6.593831626s ago: executing program 5 (id=1046): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) socket$nl_xfrm(0x10, 0x3, 0x6) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2182, 0x0) ioctl$TCXONC(r3, 0x540a, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)=@newsa={0xf0, 0x10, 0x713, 0x70bd25, 0x0, {{@in6=@mcast2, @in6=@rand_addr=' \x01\x00', 0x0, 0x8, 0x0, 0x2, 0x2, 0x0, 0x0, 0x3b, 0x0, 0xee00}, {@in=@loopback, 0x4d2, 0x32}, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, {0x2, 0x0, 0x0, 0x2, 0x0, 0x1c00000000000}, {0x11df, 0x0, 0x0, 0xffffffffffffffff}, {}, 0x70bd29, 0x0, 0xa, 0x1}}, 0xf0}}, 0x0) 5.316698316s ago: executing program 5 (id=1047): socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KIOCSOUND(r0, 0x4b2f, 0x2) syz_genetlink_get_family_id$ethtool(&(0x7f00000003c0), 0xffffffffffffffff) r1 = socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xfec8d000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000400)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000820004000000000000000c00850000000f00000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000600)=@bridge_getneigh={0x20, 0x1e, 0xb7b6511a36acb75d}, 0x20}}, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x891c, &(0x7f0000000540)={'batadv_slave_1\x00', {0x2, 0x0, @broadcast}}) 5.082738509s ago: executing program 6 (id=1048): openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000007c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(sm4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) openat$cuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}}, 0x0) socket$inet(0x2, 0x4000000000000001, 0x0) socket$tipc(0x1e, 0x5, 0x0) pipe2(&(0x7f0000000200)={0x0, 0x0}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_io_uring_setup(0x10d2, &(0x7f0000000480)={0x0, 0x7734, 0x80, 0x3, 0x34f}, &(0x7f00000000c0)=0x0, &(0x7f0000000000)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x15523ea56aa22b9a, 0x0, 0x0, 0x0, 0x12345}) io_uring_enter(r2, 0x47bc, 0x0, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2, 0xc3072, 0xffffffffffffffff, 0x200000) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) 3.932320135s ago: executing program 34 (id=1048): openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000007c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(sm4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) openat$cuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}}, 0x0) socket$inet(0x2, 0x4000000000000001, 0x0) socket$tipc(0x1e, 0x5, 0x0) pipe2(&(0x7f0000000200)={0x0, 0x0}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_io_uring_setup(0x10d2, &(0x7f0000000480)={0x0, 0x7734, 0x80, 0x3, 0x34f}, &(0x7f00000000c0)=0x0, &(0x7f0000000000)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x15523ea56aa22b9a, 0x0, 0x0, 0x0, 0x12345}) io_uring_enter(r2, 0x47bc, 0x0, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2, 0xc3072, 0xffffffffffffffff, 0x200000) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) 3.923236633s ago: executing program 2 (id=1050): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r1, 0x0) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000140), 0x4) connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) r3 = accept(r0, 0x0, 0x0) sendmsg$AUDIT_USER_AVC(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000740)=ANY=[], 0x454}}, 0x0) shutdown(r3, 0x1) 3.922569783s ago: executing program 4 (id=1051): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={0x0}}, 0x0) pipe2$9p(0x0, 0x0) r0 = dup(0xffffffffffffffff) write$FUSE_BMAP(r0, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000280)=ANY=[]) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB="4800000010001fff0000056842bb002552d215f6", @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800a00010076786c616e", @ANYRESDEC=0x0, @ANYBLOB="42eb8ef302aa3994796bdfba7df39ad4697698f9782838815f28200164df31ddf30ababe5b1870f8278ae2896713a27230e3c73770df51e22ad1cf5754e2d9a861f79370b505c60b9a795188b9920f26554ddfea8975fcfe84a0f8c2905a192008a292d0f5d82f751f", @ANYRES8], 0x48}}, 0x0) socket(0x10, 0x3, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) openat$userio(0xffffffffffffff9c, &(0x7f0000000040), 0x100, 0x0) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) r1 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/65, 0x328000, 0x800}, 0x20) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) 3.671303598s ago: executing program 4 (id=1052): bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x80000, 0x0, 0x0, 0x41100}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) r0 = bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/15, @ANYRES32=r0, @ANYBLOB], 0x0, 0x8, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r1}, 0x18) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000400)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0xd5b1, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) chdir(&(0x7f00000001c0)='./bus\x00') creat(&(0x7f0000001200)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xa) pread64(0xffffffffffffffff, &(0x7f0000000280)=""/4096, 0x1000, 0x0) syz_usb_connect$uac1(0x5, 0xa3, &(0x7f0000000000)={{0x12, 0x1, 0x250, 0x0, 0x0, 0x0, 0x40, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x91, 0x3, 0x1, 0x80, 0x40, 0x8, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x7, 0x50}, [@extension_unit={0x8, 0x24, 0x8, 0x13, 0xff, 0xfa, "b0"}, @mixer_unit={0x8, 0x24, 0x4, 0x3, 0xd, "82ab09"}, @input_terminal={0xc, 0x24, 0x2, 0x3, 0x205, 0x1, 0x81, 0x4, 0xc, 0x81}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x8, 0x3, 0x7c, 0x9, {0x7, 0x25, 0x1, 0x82, 0x8, 0xdcad}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_discrete={0xf, 0x24, 0x2, 0x2, 0x972, 0x7, 0x2, '\x00\x00\x00\x00\x00\x00'}, @as_header={0x7, 0x24, 0x1, 0x4, 0x12, 0x1001}]}, {{0x9, 0x5, 0x82, 0x9, 0x3ff, 0x5, 0x8e, 0x8e, {0x7, 0x25, 0x1, 0x2, 0x1, 0x5}}}}}}}]}}, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0}) 3.370511783s ago: executing program 7 (id=1054): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'michael_mic-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040)="4dc07f947163300c", 0x8) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$inet(r1, &(0x7f0000003340)=[{{0x0, 0x0, &(0x7f0000000580)=[{&(0x7f00000000c0)='K', 0x1}, {&(0x7f0000000180)="e3", 0x1}, {&(0x7f0000000680)="b6db6051d3a1d1848f67cae7aa98f670fd3a23f9242d7fc58648b9f7ad8d69cd5f82ca086db8138de47f21b1a7edb1a05ce8f2d98752aca87a5100d16f659e74ab11345d1e9c0db28e66aefc201c5d85ffb6569a36bbb7cb374f62d4fd65d4930d9411fad799038dec28996a7235a49e5ee71b9f34e7f7c61a9f3197b06c7aaa015567beca8d3d2b1fd392fa2631c2e28b54e9df466fccc87696795fbb19b1797065aad7bd351a60c6abbe7bd63d357e3a7ab1bb21f92c419b3b85ac4bb8dce30830af19591374e9b1204a23ece56d0cc5afe505819097dbc551322b07c45be8bb8dda86b49c5972f8e1", 0xea}, {&(0x7f0000000000)="576e284ccce6a44a9d3907d5bd90fdbf6c31d0c2b385e8baf03db67513e9d8", 0x1f}], 0x4}}, {{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f00000002c0)="af8d195ac29a2a0fe48238e1543d21ee817644e51046a895ff2b7e18d764b6e016752938c98161e72f7cc56a70a2967587d23dfbef4857038e1cf33269f981efe0dc9d60409b63866620856ebf18d3dc1efe26620cef44f9311cc7b4fb0aee45c1ccb941afd07c76517b7cee360ef44217cf70bfb7f34b8cef568000e6a94f0e3a2a35edbe8739bc4203acd8179229f375ff9c71210818738eabb1988fa217f608427624c073807576e4dfbc6cae39f311d1aacfd5a6ee473edeb0947459", 0xbe}], 0x1}}, {{0x0, 0x0, &(0x7f0000001bc0)=[{&(0x7f0000000a80)="c0fc27ec23129a11eb6b42fdbae11ba76778a7b68d4fd5eac6eabb8ae3fb8d929d9efc398d8fb05e07b2b90b7aada90b502e30adda417b88dd96e6eb92b60ae25ba45f67515a08877b69ac930ec6de5fe106b7a58f8e86202b461e90f1f1d1eb0954fcf5327052179f311e665ad971f2c307975d17c6c3c79f80d36374ce40c5b1025e55f870d9", 0x87}, {&(0x7f00000018c0)="c80308947503af258859e0be5946a385f4b8494e6acd7c90dc2ad0297a4dc8e29392c13b2d8c589e8e7e2bc111c01b6c3e87c59a97e57db614b4be21c101e1c5af685176986b24f636f1a77f75b6005d7c7d2580c19f6ebe3b51226b96113fcb14db1fdc7c100c9f9bf33be9a022f4ba2bfd568f1fb7ec6bc5cca808d9ca36999f4ca6818cd6d6eebe3ea9f4f846d2c548d1bb87931cff150afa35eab1b059636efbfc21dbfd41b8e4c00e28c98c60fe81cf41a4ef6e889002a191e28b09fd4dad0e42fec4e97a64190507d9718b1092eba1fcec6f", 0xd5}, {&(0x7f00000019c0)="46813196e6a84f286f5c34523818c5d6069c3d068f0c57e97d418e3566c8e2bb2b0ca8d3a16e81357c81bb47e2916311615ecdf4da8617", 0x37}, {&(0x7f0000001a80)="cc15fe0530ed7899ffef88a735d3e154c702c6a3fccffda6f61f7523150742c198aaa84e07951efd0078ec28619f6e6d0164cd62383a9fb326471c9a6664dba2315fbfd4861c1753f0c577ab5127fcbdd3545e2eecc9996e4d6de2432a8d2e73ec49702654e72ceb5f2eaf", 0x6b}, {&(0x7f0000000080)="0819f1ac7c", 0x5}], 0x5}}, {{0x0, 0x0, &(0x7f0000003080)=[{&(0x7f0000001ec0)="f6e15788a9", 0x5}], 0x1}}, {{0x0, 0x0, &(0x7f0000003300)=[{&(0x7f0000003240)="ffc74af594e3d59c35681d3ed9ed59684a2a2d84a1d60585b888797600eaa4911052cee7c5f5f210392fdb3bec0d84d4102116ae7567", 0x36}], 0x1}}], 0x5, 0x44008090) recvmmsg(r1, &(0x7f0000004ac0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 3.32983163s ago: executing program 0 (id=1055): socket$nl_xfrm(0x10, 0x3, 0x6) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) sendmsg$nl_xfrm(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYBLOB], 0xb8}}, 0x4000) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r3 = socket(0x400000000010, 0x3, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000b40)=@newqdisc={0x30, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r5, {0xd}, {0xffff, 0xffff}, {0xffe2, 0x1}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x400dc}, 0x4000080) r6 = socket(0x10, 0x803, 0x0) r7 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2b, 0xffffffff, {0x0, 0x0, 0x0, r8, {0x0, 0x7}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x2}}}]}, 0x38}}, 0x0) 3.150040002s ago: executing program 7 (id=1056): r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x94) close(r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000029c0)={0xffffffffffffffff}) r2 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd8073a46b08b94214d816f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb4147000001000000008f2b9000f22425e4097ed62cbc891061017cfa6f6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe68db8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3542646bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000380)=ANY=[@ANYRES32=r3, @ANYRES32=r2, @ANYBLOB='&'], 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r3}, &(0x7f0000000000), &(0x7f0000000080)=r0}, 0x20) close(r1) 2.852153581s ago: executing program 2 (id=1057): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000002e80)=@delchain={0x74c, 0x65, 0x20, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x2, 0x2}, {0x0, 0xe}, {0x0, 0xb}}, [@filter_kind_options=@f_flow={{0x9}, {0x5e0, 0x2, [@TCA_FLOW_MODE={0x8, 0x2, 0x8065738cbab9bcb1}, @TCA_FLOW_EMATCHES={0x5ac, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x18c, 0x2, 0x0, 0x1, [@TCF_EM_CONTAINER={0xcc, 0x2, 0x0, 0x0, {{0x4, 0x0, 0x7}, "645809825d93df900fa8fae387fbed6313a639f20b0238ccdd4da9fde2f0be34e659ba729925eff5ebd76dec200e0c6b209649b549944fb335b53ad7e5b0f72af98dbb05ee1778a3e952122289a807cd7b48f87fa52a56b8fa1ed950478a7e526d5afbe8006f3724cd7d7553d2825013cfb6f6c75b881ba76a73fc329b963abb903b4ac42a8121e56f0f0797eff1f589d9182fad8298a22229837e496f47b9bfa9a20dd16c573029e38e052ab929efd0a8118d6d909fe8070ebd08ccbfb9eb"}}, @TCF_EM_NBYTE={0x1c, 0x3, 0x0, 0x0, {{0x7, 0x2, 0x4}, {0x4, 0x9, 0x6, "ebe6c48aa90c9330f8"}}}, @TCF_EM_CONTAINER={0x84, 0x3, 0x0, 0x0, {{0x4, 0x0, 0xb}, "d0fa3d16cd50d147bab4e8cc66b89a2f2ddd8d0b788aa8b69311701d1c85ab32acb6397660ea603b182034545dd0bd1327d2665d5a78a956ac2ec9921388b37854565074bc2cf7610bacd71b29b6291a2dbc80bf91fea392ac67adb245b0a25f26f1ee3e931815552be72cdd91a079b7c6ea14bfd9"}}, @TCF_EM_U32={0x1c, 0x1, 0x0, 0x0, {{0x1, 0x3, 0x81}, {0x10, 0xe, 0x6, 0xd4c}}}]}, @TCA_EMATCH_TREE_LIST={0x324, 0x2, 0x0, 0x1, [@TCF_EM_CANID={0x14, 0x1, 0x0, 0x0, {{0x4, 0x7, 0x1}, {{0x4, 0x0, 0x0, 0x1}, {0x1, 0x1, 0x1, 0x1}}}}, @TCF_EM_META={0x6c, 0x2, 0x0, 0x0, {{0xb5, 0x4, 0x2}, [@TCA_EM_META_HDR={0xc, 0x1, {{0x6, 0xf7, 0x2}, {0x0, 0x6, 0x2}}}, @TCA_EM_META_LVALUE={0xc, 0x2, [@TCF_META_TYPE_INT=0x9, @TCF_META_TYPE_INT=0xa]}, @TCA_EM_META_HDR={0xc, 0x1, {{0x1, 0xd7}, {0x0, 0x8, 0x1}}}, @TCA_EM_META_RVALUE={0x10, 0x3, [@TCF_META_TYPE_VAR, @TCF_META_TYPE_INT=0x7, @TCF_META_TYPE_VAR="5b4293921e5bd848", @TCF_META_TYPE_VAR]}, @TCA_EM_META_LVALUE={0xa, 0x2, [@TCF_META_TYPE_VAR="320bab098f80"]}, @TCA_EM_META_RVALUE={0x12, 0x3, [@TCF_META_TYPE_INT=0x6, @TCF_META_TYPE_INT=0x1, @TCF_META_TYPE_VAR='\"I', @TCF_META_TYPE_INT=0x5]}, @TCA_EM_META_HDR={0xc, 0x1, {{0x6, 0xfb, 0x1}, {0x4, 0xfc}}}]}}, @TCF_EM_IPSET={0x10, 0x1, 0x0, 0x0, {{0x1000, 0x8, 0x5b4}, {0x2, 0x1, 0x3}}}, @TCF_EM_CMP={0x18, 0x3, 0x0, 0x0, {{0xe, 0x1, 0xfff}, {0xb6, 0x1, 0x8, 0x2, 0x1, 0x2}}}, @TCF_EM_META={0x10c, 0x3, 0x0, 0x0, {{0x4, 0x4, 0x8}, [@TCA_EM_META_RVALUE={0x19, 0x3, [@TCF_META_TYPE_VAR="07753f4957d13932", @TCF_META_TYPE_VAR="7a742fd408", @TCF_META_TYPE_VAR="8f6523", @TCF_META_TYPE_VAR="72c62cbe04"]}, @TCA_EM_META_RVALUE={0x25, 0x3, [@TCF_META_TYPE_INT=0x1, @TCF_META_TYPE_INT=0x9, @TCF_META_TYPE_INT=0x4, @TCF_META_TYPE_VAR="223aae32845e83", @TCF_META_TYPE_VAR="12a9816dc8", @TCF_META_TYPE_VAR="cf", @TCF_META_TYPE_INT=0x9, @TCF_META_TYPE_INT=0x1]}, @TCA_EM_META_LVALUE={0x25, 0x2, [@TCF_META_TYPE_INT=0x1, @TCF_META_TYPE_VAR="92a8213b588cf6", @TCF_META_TYPE_INT=0x7, @TCF_META_TYPE_VAR="1e247798", @TCF_META_TYPE_VAR='^', @TCF_META_TYPE_VAR="4ba29b5c", @TCF_META_TYPE_VAR="91e2ed63b5", @TCF_META_TYPE_INT=0xa]}, @TCA_EM_META_RVALUE={0x5, 0x3, [@TCF_META_TYPE_VAR="04"]}, @TCA_EM_META_HDR={0xc, 0x1, {{0x9, 0x2}, {0x2, 0x0, 0x2}}}, @TCA_EM_META_HDR={0xc, 0x1, {{0xbe25, 0x4, 0x1}, {0xfff8, 0x9, 0x2}}}, @TCA_EM_META_RVALUE={0x25, 0x3, [@TCF_META_TYPE_VAR="c448", @TCF_META_TYPE_VAR="ffba1ad651", @TCF_META_TYPE_INT=0x5, @TCF_META_TYPE_VAR="42ec44cd626ff4", @TCF_META_TYPE_VAR="1a0a6b6933", @TCF_META_TYPE_INT=0x9, @TCF_META_TYPE_INT=0x5, @TCF_META_TYPE_VAR='HD']}, @TCA_EM_META_RVALUE={0x11, 0x3, [@TCF_META_TYPE_INT=0x4, @TCF_META_TYPE_INT=0x9, @TCF_META_TYPE_INT=0x3, @TCF_META_TYPE_VAR='%']}, @TCA_EM_META_RVALUE={0x21, 0x3, [@TCF_META_TYPE_VAR="e13c06b6be9ef7", @TCF_META_TYPE_INT=0x2, @TCF_META_TYPE_INT=0xa, @TCF_META_TYPE_INT=0x6, @TCF_META_TYPE_VAR="1ca473966ff2", @TCF_META_TYPE_INT=0x1]}, @TCA_EM_META_RVALUE={0x11, 0x3, [@TCF_META_TYPE_VAR="a1af29ee14fe8e48d4", @TCF_META_TYPE_VAR="e7c1fa", @TCF_META_TYPE_VAR='b']}]}}, @TCF_EM_CONTAINER={0xdc, 0x2, 0x0, 0x0, {{0x4, 0x0, 0x53}, "4e91a0aea0e66fcc81a4c3fb53ed27925d1cc5cdc5d85ec6c6c20a326487fd9e9c821e96f86d87524d2d2c21f96f8a90a93626e073fca2ddee8610ff545c4a47999495615bf43ab429ce1efe12fa0882d97d5ee9e73d2d9d505c3af53e52949beecc2bc423aeb881956a95b028877824cc6db50df818d32172d894dfa67e3b125dc857ea02e1aa77be5703852f2ce30729328326b2e668d70fef2853fa2c732460e14d031bc907569f84aa06c65a305f6bb3da7964f5c5e0e9966fdb93dc87d9b6e12d4767b24288fd5a3cc1a3"}}, @TCF_EM_CMP={0x18, 0x1, 0x0, 0x0, {{0x3e, 0x1, 0x5}, {0x10000, 0x8, 0x3, 0x4, 0x9, 0x1}}}, @TCF_EM_CMP={0x18, 0x3, 0x0, 0x0, {{0x6, 0x1, 0xb66}, {0x1ff, 0x53b, 0xd405, 0x4, 0x7, 0x1, 0x1}}}, @TCF_EM_META={0x60, 0x2, 0x0, 0x0, {{0x7, 0x4, 0x9}, [@TCA_EM_META_LVALUE={0x4, 0x2, [@TCF_META_TYPE_VAR]}, @TCA_EM_META_LVALUE={0x4}, @TCA_EM_META_HDR={0xc, 0x1, {{0x101, 0x8}, {0x8, 0x5}}}, @TCA_EM_META_RVALUE={0xc, 0x3, [@TCF_META_TYPE_INT=0x7, @TCF_META_TYPE_INT=0x4]}, @TCA_EM_META_LVALUE={0x25, 0x2, [@TCF_META_TYPE_VAR="3cde2991dde3d3693d", @TCF_META_TYPE_VAR="86a24bea", @TCF_META_TYPE_INT=0x6, @TCF_META_TYPE_INT=0x6, @TCF_META_TYPE_INT=0x1, @TCF_META_TYPE_VAR='/', @TCF_META_TYPE_VAR="b4e361", @TCF_META_TYPE_INT=0x6]}, @TCA_EM_META_HDR={0xc, 0x1, {{0x7fff, 0x1}, {0x2, 0x3, 0x2}}}]}}]}, @TCA_EMATCH_TREE_HDR={0x8}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x1}}, @TCA_EMATCH_TREE_LIST={0xe8, 0x2, 0x0, 0x1, [@TCF_EM_CANID={0x14, 0x2, 0x0, 0x0, {{0x0, 0x7, 0x80}, {{0x0, 0x0, 0x1}, {0x2, 0x0, 0x1, 0x1}}}}, @TCF_EM_IPT={0xd0, 0x1, 0x0, 0x0, {{0x1}, [@TCA_EM_IPT_NFPROTO={0x5, 0x4, 0x3}, @TCA_EM_IPT_MATCH_DATA={0xad, 0x5, "717fd78d94f2ed852fef37652539cb21ceefe56bda5c9d0b2f18c424e93d93a028d331862622f23fe3e661fdee25cffc3e74149b8ebe8968a34d40966569d4d3b9bd1063aa6fb89ffeabbc9a629b4ca087aaba154e9583ed42344f62b976b4f8a83a8e13724829ffdb96479f332bd8bc9fb6717030453e1855009de4171eb9c81b2b4a8bbcb54de2f9c9758f94c397f12a65fcbfed71062fcdd7f533892bade363de35d16d96780e35"}, @TCA_EM_IPT_MATCH_NAME={0xb}]}}]}]}, @TCA_FLOW_XOR={0x8, 0x7, 0xffffff7b}, @TCA_FLOW_PERTURB={0x8}, @TCA_FLOW_DIVISOR={0x8, 0x8, 0x7fff}, @TCA_FLOW_MODE={0x8, 0x2, 0x1}, @TCA_FLOW_RSHIFT={0x8, 0x4, 0x5}]}}, @TCA_RATE={0x6, 0x5, {0x8, 0x81}}, @filter_kind_options=@f_bpf={{0x8}, {0x12c, 0x2, [@TCA_BPF_FD={0x8}, @TCA_BPF_NAME={0xc, 0x7, './file0\x00'}, @TCA_BPF_ACT={0x114, 0x1, [@m_simple={0x94, 0x18, 0x0, 0x0, {{0xb}, {0x4}, {0x65, 0x6, "20bd81bfcac75bbef87e87e02f6605b1234a2cf90e926439d204e1d46300e77a61ca1c2bc0d8261b85c79393fe5158f6043a7d261a2fb6837f491eacd478b18ce4aba46ed65487cae05188ecbd7a056448e5395b1276519371d89230f9862fd732"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ct={0x7c, 0x17, 0x0, 0x0, {{0x7}, {0x44, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xef, 0x8a, 0x0, 0xc69, 0x80000000}}, @TCA_CT_NAT_PORT_MAX={0x6, 0xe, 0x4e22}, @TCA_CT_MARK={0x8, 0x5, 0xb3b}, @TCA_CT_ZONE={0x6, 0x4, 0x3}, @TCA_CT_ZONE={0x6, 0x4, 0x8}, @TCA_CT_ACTION={0x6, 0x3, 0x2b}]}, {0x11, 0x6, "0c667158e5bd4f4c7258693ff7"}, {0xc}, {0xc, 0x8, {0x1, 0x2}}}}]}]}}]}, 0x74c}, 0x1, 0x0, 0x0, 0x80}, 0x20000080) r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0xffffffffffffff2f}}], 0x4000000000003b4, 0x2040000, &(0x7f0000003700)={0x77359400}) 2.851733222s ago: executing program 7 (id=1058): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x8000000000000001, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './cgroup\x00'}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0xc000) mount(0x0, &(0x7f0000000040)='.\x00', &(0x7f0000000300)='romfs\x00', 0x5, 0x0) 2.604002284s ago: executing program 5 (id=1059): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) socket$nl_xfrm(0x10, 0x3, 0x6) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2182, 0x0) ioctl$TCXONC(r3, 0x540a, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)=@newsa={0xf0, 0x10, 0x713, 0x70bd25, 0x0, {{@in6=@mcast2, @in6=@rand_addr=' \x01\x00', 0x0, 0x8, 0x0, 0x2, 0x2, 0x0, 0x0, 0x3b, 0x0, 0xee00}, {@in=@loopback, 0x4d2, 0x32}, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, {0x2, 0x0, 0x0, 0x2, 0x0, 0x1c00000000000}, {0x11df, 0x0, 0x0, 0xffffffffffffffff}, {}, 0x70bd29, 0x0, 0xa, 0x1}}, 0xf0}}, 0x0) 2.368522434s ago: executing program 7 (id=1060): r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x7c8}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) readv(r0, &(0x7f00000000c0)=[{&(0x7f0000000040)=""/85, 0x20}], 0x1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) 1.542409233s ago: executing program 7 (id=1061): bpf$PROG_LOAD(0x5, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000ec0000000000000000000718110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000050000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) r3 = socket$igmp(0x2, 0x3, 0x2) setsockopt$ARPT_SO_SET_REPLACE(r3, 0x0, 0x60, &(0x7f0000000700)={'filter\x00', 0x7, 0x4, 0x3f8, 0x0, 0x200, 0xf0, 0x310, 0x310, 0x310, 0x4, &(0x7f0000000400), {[{{@arp={@multicast1, @dev={0xac, 0x14, 0x14, 0x3b}, 0x7f8000ff, 0xffffff00, 0xc, 0xc, {@empty, {[0x0, 0xff, 0xff]}}, {@mac=@random="4d89f5cd4f39", {[0xff, 0x0, 0x0, 0x0, 0x0, 0xff]}}, 0x5, 0x1, 0x2, 0x101, 0x0, 0xf, 'rose0\x00', 'pim6reg0\x00', {0xff}, {}, 0x0, 0x1}, 0xc0, 0xf0}, @unspec=@CONNMARK={0x30, 'CONNMARK\x00', 0x1, {0x0, 0x3, 0x7, 0x1}}}, {{@uncond, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @mac=@local, @dev={0xac, 0x14, 0x14, 0x28}, @multicast2, 0x2, 0xffffffff}}}, {{@uncond, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@remote, @empty, @local, @remote, 0x8}}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x448) 1.54165878s ago: executing program 5 (id=1062): write$proc_mixer(0xffffffffffffffff, &(0x7f0000000180)=ANY=[@ANYBLOB='SYNTH \'Mic\' 00000000000000000000\nIGAIN \'Capture Volume\' 00000000000000000000\nVOLUME\nLINE\nMONITOR\nCD \'CD Capture\' 8'], 0x86) r0 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card0/oss_mixer\x00', 0x0, 0x0) dup3(r0, 0xffffffffffffffff, 0x0) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) r2 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r2, 0xc0184800, &(0x7f0000000080)={0x10001, r1}) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) recvmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x10140, 0x0) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000001b80), r5) sendmsg$IEEE802154_LIST_IFACE(r5, &(0x7f0000001c80)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000001bc0)={0x14, r6, 0x50be6fea6f3bdfbb, 0x70bd26, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x20000000) 1.528528828s ago: executing program 4 (id=1063): sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x0, 0x0) ppoll(0x0, 0x0, &(0x7f00000003c0), &(0x7f0000000380)={[0x8000000000000001]}, 0x8) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000b40)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) r2 = io_uring_setup(0x3eaf, &(0x7f0000000100)) io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) 394.682529ms ago: executing program 2 (id=1064): kexec_load(0x0, 0x10, &(0x7f0000000140)=[{0x0, 0x2, 0x0, 0x3e0000}], 0x5) ioctl$F2FS_IOC_GARBAGE_COLLECT_RANGE(0xffffffffffffffff, 0x4018f50b, &(0x7f0000000080)={0x1, 0xffffffff, 0x6}) ioctl$VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, &(0x7f0000000040)={0x201, 0xa, 0x2}) r0 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi3\x00', 0x2000, 0x0) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f0000000200)={'pcl726\x00', [0x4f0, 0x8, 0x102, 0x6, 0x6, 0x1, 0x0, 0x9, 0xd7, 0x7, 0x5, 0x8, 0xfffffffe, 0xf408, 0x3, 0x0, 0xa, 0x5, 0x4, 0x8, 0x79b, 0x2b5cf81d, 0x9, 0xa7b1, 0x0, 0x9, 0x7, 0xf7f, 0x4d, 0x9, 0x7]}) 328.574091ms ago: executing program 0 (id=1065): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3], 0x0}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10) r5 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0xfffffffd, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_prio={{0x9}, {0x18, 0x2, {0xf, "0000000000000000000100000e00"}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000891}, 0x0) r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r7, 0x400448cc, 0x0) 292.308027ms ago: executing program 2 (id=1066): r0 = syz_io_uring_setup(0x239, &(0x7f0000000140)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=0x0, &(0x7f00000001c0)=0x0) r3 = dup2(r0, r0) syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_MKDIRAT={0x25, 0x7b, 0x0, r3, 0x0, 0x0, 0x9a}) io_uring_enter(r0, 0x2def, 0x0, 0x0, 0x0, 0x0) 45.08418ms ago: executing program 4 (id=1067): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'michael_mic-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040)="4dc07f947163300c", 0x8) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$inet(r1, &(0x7f0000003340)=[{{0x0, 0x0, &(0x7f0000000580)=[{&(0x7f00000000c0)='K', 0x1}, {&(0x7f0000000180)="e3", 0x1}, {&(0x7f0000000680)="b6db6051d3a1d1848f67cae7aa98f670fd3a23f9242d7fc58648b9f7ad8d69cd5f82ca086db8138de47f21b1a7edb1a05ce8f2d98752aca87a5100d16f659e74ab11345d1e9c0db28e66aefc201c5d85ffb6569a36bbb7cb374f62d4fd65d4930d9411fad799038dec28996a7235a49e5ee71b9f34e7f7c61a9f3197b06c7aaa015567beca8d3d2b1fd392fa2631c2e28b54e9df466fccc87696795fbb19b1797065aad7bd351a60c6abbe7bd63d357e3a7ab1bb21f92c419b3b85ac4bb8dce30830af19591374e9b1204a23ece56d0cc5afe505819097dbc551322b07c45be8bb8dda86b49c5972f8e1", 0xea}, {&(0x7f0000000000)="576e284ccce6a44a9d3907d5bd90fdbf6c31d0c2b385e8baf03db67513e9d8", 0x1f}], 0x4}}, {{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f00000002c0)="af8d195ac29a2a0fe48238e1543d21ee817644e51046a895ff2b7e18d764b6e016752938c98161e72f7cc56a70a2967587d23dfbef4857038e1cf33269f981efe0dc9d60409b63866620856ebf18d3dc1efe26620cef44f9311cc7b4fb0aee45c1ccb941afd07c76517b7cee360ef44217cf70bfb7f34b8cef568000e6a94f0e3a2a35edbe8739bc4203acd8179229f375ff9c71210818738eabb1988fa217f608427624c073807576e4dfbc6cae39f311d1aacfd5a6ee473edeb0947459", 0xbe}], 0x1}}, {{0x0, 0x0, &(0x7f0000001bc0)=[{&(0x7f0000000a80)="c0fc27ec23129a11eb6b42fdbae11ba76778a7b68d4fd5eac6eabb8ae3fb8d929d9efc398d8fb05e07b2b90b7aada90b502e30adda417b88dd96e6eb92b60ae25ba45f67515a08877b69ac930ec6de5fe106b7a58f8e86202b461e90f1f1d1eb0954fcf5327052179f311e665ad971f2c307975d17c6c3c79f80d36374ce40c5b1025e55f870d9", 0x87}, {&(0x7f00000018c0)="c80308947503af258859e0be5946a385f4b8494e6acd7c90dc2ad0297a4dc8e29392c13b2d8c589e8e7e2bc111c01b6c3e87c59a97e57db614b4be21c101e1c5af685176986b24f636f1a77f75b6005d7c7d2580c19f6ebe3b51226b96113fcb14db1fdc7c100c9f9bf33be9a022f4ba2bfd568f1fb7ec6bc5cca808d9ca36999f4ca6818cd6d6eebe3ea9f4f846d2c548d1bb87931cff150afa35eab1b059636efbfc21dbfd41b8e4c00e28c98c60fe81cf41a4ef6e889002a191e28b09fd4dad0e42fec4e97a64190507d9718b1092eba1fcec6f", 0xd5}, {&(0x7f00000019c0)="46813196e6a84f286f5c34523818c5d6069c3d068f0c57e97d418e3566c8e2bb2b0ca8d3a16e81357c81bb47e2916311615ecdf4da861713be", 0x39}, {&(0x7f0000001a80)="cc15fe0530ed7899ffef88a735d3e154c702c6a3fccffda6f61f7523150742c198aaa84e07951efd0078ec28619f6e6d0164cd62383a9fb326471c9a6664dba2315fbfd4861c1753f0c577ab5127fcbdd3545e2eecc9996e4d6de2432a8d2e73ec49702654e72ceb5f2eaf", 0x6b}, {&(0x7f0000000080)="0819f1ac7c", 0x5}], 0x5}}, {{0x0, 0x0, &(0x7f0000003080)=[{&(0x7f0000001ec0)="f6e15788a9", 0x5}], 0x1}}, {{0x0, 0x0, &(0x7f0000003300)=[{&(0x7f0000003240)="ffc74af594e3d59c35681d3ed9ed59684a2a2d84a1d60585b888797600eaa4911052cee7c5f5f210392fdb3bec0d84d4102116ae7567", 0x36}], 0x1}}], 0x5, 0x44008090) recvmmsg(r1, &(0x7f0000004ac0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 35.083218ms ago: executing program 7 (id=1068): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x8000000000000001, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './cgroup\x00'}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) arch_prctl$ARCH_GET_XCOMP_GUEST_PERM(0x1024, &(0x7f0000000180)) 0s ago: executing program 2 (id=1069): bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x8, 0x0, 0x0, &(0x7f0000000080)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @cgroup_skb}, 0x94) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000700)={'wlan1\x00'}) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) socket$packet(0x11, 0x2, 0x300) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x0, &(0x7f0000000280)}, 0x10) read$dsp(0xffffffffffffffff, &(0x7f0000000000)=""/156, 0x9c) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) clock_settime(0x0, &(0x7f0000000240)={0x77359400}) clock_adjtime(0x0, &(0x7f0000000640)={0x7, 0x9, 0x380000, 0x8, 0xfffffffffffffff9, 0xfffffffffffffff7, 0x9, 0x0, 0xae, 0x6, 0x7, 0x4, 0xfffffffffffff04f, 0x7, 0x80000000, 0xfffffffffffffff8, 0xffffffffffffffff, 0x6, 0x0, 0x100, 0x4, 0x2, 0x5, 0x3, 0x8, 0x8}) kernel console output (not intermixed with test programs): out [ 184.097220][ T5856] Bluetooth: hci3: command tx timeout [ 184.213292][ T6768] netlink: 8 bytes leftover after parsing attributes in process `syz.0.177'. [ 184.281613][ T6771] 9pnet_fd: Insufficient options for proto=fd [ 184.384595][ T6708] chnl_net:caif_netlink_parms(): no params data found [ 184.770661][ T49] bridge_slave_1: left allmulticast mode [ 184.784541][ T49] bridge_slave_1: left promiscuous mode [ 184.790444][ T49] bridge0: port 2(bridge_slave_1) entered disabled state [ 185.012241][ T49] bridge_slave_0: left allmulticast mode [ 185.017964][ T49] bridge_slave_0: left promiscuous mode [ 185.065722][ T49] bridge0: port 1(bridge_slave_0) entered disabled state [ 186.145103][ T5858] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 186.172237][ T5858] Bluetooth: hci3: command tx timeout [ 186.181386][ T5858] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 186.206426][ T5858] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 186.217635][ T5858] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 186.225622][ T5858] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 187.210682][ T49] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 187.233371][ T49] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 187.256727][ T49] bond0 (unregistering): Released all slaves [ 188.032961][ T49] hsr_slave_0: left promiscuous mode [ 188.072602][ T49] hsr_slave_1: left promiscuous mode [ 188.285231][ T49] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 188.312230][ T49] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 188.332295][ T5858] Bluetooth: hci4: command tx timeout [ 188.408366][ T6825] loop5: detected capacity change from 0 to 128 [ 189.286339][ T6825] EXT4-fs (loop5): Test dummy encryption mode enabled [ 190.274034][ T6825] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 190.294484][ T6825] ext4 filesystem being mounted at /41/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 190.412885][ T5858] Bluetooth: hci4: command tx timeout [ 191.249627][ T6832] loop2: detected capacity change from 0 to 512 [ 191.320659][ T6832] EXT4-fs: Ignoring removed bh option [ 191.399629][ T6832] EXT4-fs (loop2): external journal device major/minor numbers have changed [ 191.699905][ T6832] EXT4-fs (loop2): failed to open journal device unknown-block(0,7) -6 [ 191.956373][ T49] team0 (unregistering): Port device team_slave_1 removed [ 191.969059][ T6841] netlink: 8 bytes leftover after parsing attributes in process `syz.0.194'. [ 192.011563][ T6841] netlink: 12 bytes leftover after parsing attributes in process `syz.0.194'. [ 192.071648][ T6842] 9pnet_fd: Insufficient options for proto=fd [ 192.491739][ T5858] Bluetooth: hci4: command tx timeout [ 192.807707][ T49] team0 (unregistering): Port device team_slave_0 removed [ 193.480615][ T6852] Bluetooth: MGMT ver 1.23 [ 193.628377][ T1294] ieee802154 phy0 wpan0: encryption failed: -22 [ 193.634959][ T1294] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.122766][ T6708] bridge0: port 1(bridge_slave_0) entered blocking state [ 194.130021][ T6708] bridge0: port 1(bridge_slave_0) entered disabled state [ 194.151164][ T6708] bridge_slave_0: entered allmulticast mode [ 194.169345][ T6708] bridge_slave_0: entered promiscuous mode [ 194.274558][ T5839] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 194.455140][ T6708] bridge0: port 2(bridge_slave_1) entered blocking state [ 194.512388][ T6708] bridge0: port 2(bridge_slave_1) entered disabled state [ 194.519813][ T6708] bridge_slave_1: entered allmulticast mode [ 194.568547][ T6857] fuse: Bad value for 'fd' [ 194.573585][ T5858] Bluetooth: hci4: command tx timeout [ 194.733930][ T6708] bridge_slave_1: entered promiscuous mode [ 195.755542][ T6708] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 195.825852][ T6708] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 195.835532][ T6866] loop5: detected capacity change from 0 to 128 [ 196.046936][ T6866] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 196.161594][ T6866] ext4 filesystem being mounted at /43/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 197.257271][ T5839] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 197.299379][ T6708] team0: Port device team_slave_0 added [ 197.433913][ T6708] team0: Port device team_slave_1 added [ 197.911033][ T6888] 9pnet_fd: Insufficient options for proto=fd [ 199.090876][ T6890] loop5: detected capacity change from 0 to 40427 [ 199.311593][ T6890] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 199.529354][ T6708] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 199.628656][ T6901] netlink: 8 bytes leftover after parsing attributes in process `syz.5.207'. [ 199.686273][ T6901] syz.5.207: attempt to access beyond end of device [ 199.686273][ T6901] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 200.151123][ T6708] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 200.207889][ T6882] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 200.303737][ T6708] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 200.464511][ T6799] chnl_net:caif_netlink_parms(): no params data found [ 200.652629][ T5839] syz-executor: attempt to access beyond end of device [ 200.652629][ T5839] loop5: rw=2049, sector=45104, nr_sectors = 8 limit=40427 [ 200.673203][ T6708] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 200.681515][ T5839] CPU: 0 UID: 0 PID: 5839 Comm: syz-executor Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 200.681548][ T5839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 200.681563][ T5839] Call Trace: [ 200.681573][ T5839] [ 200.681583][ T5839] dump_stack_lvl+0x189/0x250 [ 200.681623][ T5839] ? __pfx_dump_stack_lvl+0x10/0x10 [ 200.681651][ T5839] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 200.681690][ T5839] ? __pfx_queue_work_on+0x10/0x10 [ 200.681722][ T5839] ? srso_alias_return_thunk+0x5/0xfbef5 [ 200.681751][ T5839] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 200.681788][ T5839] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 200.681826][ T5839] ? srso_alias_return_thunk+0x5/0xfbef5 [ 200.681854][ T5839] ? f2fs_hw_is_readonly+0x39b/0x470 [ 200.681897][ T5839] f2fs_handle_critical_error+0x37c/0x540 [ 200.681942][ T5839] f2fs_write_end_io+0x495/0x810 [ 200.681964][ T5839] ? blkg_put+0x22/0x240 [ 200.682014][ T5839] __submit_merged_bio+0x27a/0x6a0 [ 200.682058][ T5839] __submit_merged_write_cond+0x255/0x530 [ 200.682102][ T5839] f2fs_write_data_pages+0x261d/0x3000 [ 200.682191][ T5839] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 200.682286][ T5839] ? srso_alias_return_thunk+0x5/0xfbef5 [ 200.682315][ T5839] ? check_path+0x21/0x40 [ 200.682345][ T5839] ? srso_alias_return_thunk+0x5/0xfbef5 [ 200.682373][ T5839] ? check_noncircular+0xe0/0x160 [ 200.682463][ T5839] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 200.682506][ T5839] do_writepages+0x32e/0x550 [ 200.682540][ T5839] ? srso_alias_return_thunk+0x5/0xfbef5 [ 200.682573][ T5839] ? srso_alias_return_thunk+0x5/0xfbef5 [ 200.682601][ T5839] ? do_raw_spin_unlock+0x122/0x240 [ 200.682644][ T5839] filemap_fdatawrite+0x191/0x230 [ 200.682675][ T5839] ? __pfx_filemap_fdatawrite+0x10/0x10 [ 200.682753][ T5839] ? srso_alias_return_thunk+0x5/0xfbef5 [ 200.682788][ T5839] ? do_raw_spin_unlock+0x122/0x240 [ 200.682829][ T5839] f2fs_sync_dirty_inodes+0x31f/0x830 [ 200.682871][ T5839] f2fs_write_checkpoint+0x94a/0x1de0 [ 200.682924][ T5839] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 200.683005][ T5839] ? kill_f2fs_super+0x298/0x6c0 [ 200.683037][ T5839] kill_f2fs_super+0x2c3/0x6c0 [ 200.683070][ T5839] ? __pfx_kill_f2fs_super+0x10/0x10 [ 200.683092][ T5839] ? radix_tree_delete_item+0x2b6/0x400 [ 200.683139][ T5839] ? srso_alias_return_thunk+0x5/0xfbef5 [ 200.683173][ T5839] ? shrinker_free+0x2ce/0x3e0 [ 200.683216][ T5839] deactivate_locked_super+0xbc/0x130 [ 200.683245][ T5839] cleanup_mnt+0x425/0x4c0 [ 200.683267][ T5839] ? srso_alias_return_thunk+0x5/0xfbef5 [ 200.683296][ T5839] ? lockdep_hardirqs_on+0x9c/0x150 [ 200.683339][ T5839] task_work_run+0x1d4/0x260 [ 200.683383][ T5839] ? __pfx_task_work_run+0x10/0x10 [ 200.683420][ T5839] ? __x64_sys_umount+0x122/0x160 [ 200.683456][ T5839] ? exit_to_user_mode_loop+0x40/0x110 [ 200.683488][ T5839] exit_to_user_mode_loop+0xec/0x110 [ 200.683516][ T5839] do_syscall_64+0x2bd/0x3b0 [ 200.683539][ T5839] ? lockdep_hardirqs_on+0x9c/0x150 [ 200.683578][ T5839] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 200.683601][ T5839] ? srso_alias_return_thunk+0x5/0xfbef5 [ 200.683629][ T5839] ? exc_page_fault+0x9f/0xf0 [ 200.683670][ T5839] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 200.683694][ T5839] RIP: 0033:0x7f961738fc57 [ 200.683715][ T5839] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 200.683735][ T5839] RSP: 002b:00007ffe3f1a1608 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 200.683760][ T5839] RAX: 0000000000000000 RBX: 00007f9617410925 RCX: 00007f961738fc57 [ 200.683777][ T5839] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe3f1a16c0 [ 200.683792][ T5839] RBP: 00007ffe3f1a16c0 R08: 0000000000000000 R09: 0000000000000000 [ 200.683808][ T5839] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe3f1a2750 [ 200.683824][ T5839] R13: 00007f9617410925 R14: 0000000000030dda R15: 00007ffe3f1a2790 [ 200.683862][ T5839] [ 200.683872][ T5839] F2FS-fs (loop5): Stopped filesystem due to reason: 3 [ 200.931287][ T6708] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 201.281349][ T6708] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 201.796954][ T6913] netlink: 8 bytes leftover after parsing attributes in process `syz.0.209'. [ 201.831111][ T6913] netlink: 12 bytes leftover after parsing attributes in process `syz.0.209'. [ 201.954916][ T6708] hsr_slave_0: entered promiscuous mode [ 201.981974][ T6918] fuse: Bad value for 'fd' [ 201.987766][ T6708] hsr_slave_1: entered promiscuous mode [ 202.041551][ T6708] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 202.075433][ T6708] Cannot create hsr debugfs directory [ 203.199923][ T6940] loop5: detected capacity change from 0 to 128 [ 204.019839][ T6940] EXT4-fs (loop5): Test dummy encryption mode enabled [ 204.248015][ T6940] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 204.383479][ T6940] ext4 filesystem being mounted at /46/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 205.799660][ T5839] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 206.094907][ T6948] loop5: detected capacity change from 0 to 16 [ 206.112679][ T6799] bridge0: port 1(bridge_slave_0) entered blocking state [ 206.161127][ T6799] bridge0: port 1(bridge_slave_0) entered disabled state [ 206.168465][ T6799] bridge_slave_0: entered allmulticast mode [ 206.174807][ T6948] erofs (device loop5): unidentified algorithms fff0, please upgrade kernel [ 206.222590][ T6799] bridge_slave_0: entered promiscuous mode [ 206.253943][ T6799] bridge0: port 2(bridge_slave_1) entered blocking state [ 206.292494][ T6799] bridge0: port 2(bridge_slave_1) entered disabled state [ 206.323982][ T6799] bridge_slave_1: entered allmulticast mode [ 206.333567][ T6799] bridge_slave_1: entered promiscuous mode [ 206.858278][ T6961] input: syz1 as /devices/virtual/input/input6 [ 207.461010][ T6960] netlink: 4 bytes leftover after parsing attributes in process `syz.0.216'. [ 208.163271][ T6799] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 208.219109][ T6949] delete_channel: no stack [ 208.258214][ T6799] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 208.820597][ T6799] team0: Port device team_slave_0 added [ 208.886587][ T6986] netlink: 8 bytes leftover after parsing attributes in process `syz.4.222'. [ 208.927701][ T6799] team0: Port device team_slave_1 added [ 209.031078][ T6986] netlink: 12 bytes leftover after parsing attributes in process `syz.4.222'. [ 209.233096][ T6991] fuse: Bad value for 'fd' [ 209.443364][ T6799] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 209.455337][ T6799] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 209.487587][ T6994] loop2: detected capacity change from 0 to 256 [ 209.541830][ T6994] exFAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 209.577515][ T6994] exFAT-fs (loop2): Medium has reported failures. Some data may be lost. [ 209.596304][ T6799] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 209.829650][ T6996] loop4: detected capacity change from 0 to 40427 [ 209.940695][ T6994] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 209.972302][ T5997] bridge_slave_1: left allmulticast mode [ 209.978004][ T5997] bridge_slave_1: left promiscuous mode [ 210.054604][ T6996] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 210.281253][ T5997] bridge0: port 2(bridge_slave_1) entered disabled state [ 210.369182][ T7002] netlink: 8 bytes leftover after parsing attributes in process `syz.4.225'. [ 210.416887][ T7002] syz.4.225: attempt to access beyond end of device [ 210.416887][ T7002] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 210.893804][ T5997] bridge_slave_0: left allmulticast mode [ 210.899519][ T5997] bridge_slave_0: left promiscuous mode [ 210.937776][ T5997] bridge0: port 1(bridge_slave_0) entered disabled state [ 211.065744][ T5858] Bluetooth: hci5: command 0x0406 tx timeout [ 211.072612][ T5862] Bluetooth: hci0: command 0x0406 tx timeout [ 211.072683][ T5862] Bluetooth: hci1: command 0x0406 tx timeout [ 211.072724][ T5862] Bluetooth: hci2: command 0x0406 tx timeout [ 213.299194][ T5997] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 213.318857][ T5997] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 213.353877][ T5997] bond0 (unregistering): Released all slaves [ 213.537104][ T6799] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 213.552824][ T6799] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 213.626630][ T6799] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 213.911661][ T5997] hsr_slave_0: left promiscuous mode [ 213.911675][ T5852] syz-executor: attempt to access beyond end of device [ 213.911675][ T5852] loop4: rw=2049, sector=45104, nr_sectors = 8 limit=40427 [ 213.946722][ T5852] CPU: 0 UID: 0 PID: 5852 Comm: syz-executor Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 213.946750][ T5852] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 213.946762][ T5852] Call Trace: [ 213.946769][ T5852] [ 213.946777][ T5852] dump_stack_lvl+0x189/0x250 [ 213.946810][ T5852] ? __pfx_dump_stack_lvl+0x10/0x10 [ 213.946831][ T5852] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 213.946859][ T5852] ? __pfx_queue_work_on+0x10/0x10 [ 213.946884][ T5852] ? srso_alias_return_thunk+0x5/0xfbef5 [ 213.946905][ T5852] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 213.946932][ T5852] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 213.946960][ T5852] ? srso_alias_return_thunk+0x5/0xfbef5 [ 213.946980][ T5852] ? f2fs_hw_is_readonly+0x39b/0x470 [ 213.947014][ T5852] f2fs_handle_critical_error+0x37c/0x540 [ 213.947049][ T5852] f2fs_write_end_io+0x495/0x810 [ 213.947066][ T5852] ? blkg_put+0x22/0x240 [ 213.947107][ T5852] __submit_merged_bio+0x27a/0x6a0 [ 213.947142][ T5852] __submit_merged_write_cond+0x255/0x530 [ 213.947183][ T5852] f2fs_write_data_pages+0x261d/0x3000 [ 213.947211][ T5852] ? __lock_acquire+0xab9/0xd20 [ 213.947269][ T5852] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 213.947312][ T5852] ? srso_alias_return_thunk+0x5/0xfbef5 [ 213.947367][ T5852] ? __mod_zone_page_state+0xd7/0x140 [ 213.947410][ T5852] ? srso_alias_return_thunk+0x5/0xfbef5 [ 213.947438][ T5852] ? folios_put_refs+0x560/0x640 [ 213.947497][ T5852] ? srso_alias_return_thunk+0x5/0xfbef5 [ 213.947524][ T5852] ? __lock_acquire+0xab9/0xd20 [ 213.947563][ T5852] ? srso_alias_return_thunk+0x5/0xfbef5 [ 213.947591][ T5852] ? do_raw_spin_lock+0x121/0x290 [ 213.947636][ T5852] ? srso_alias_return_thunk+0x5/0xfbef5 [ 213.947671][ T5852] ? srso_alias_return_thunk+0x5/0xfbef5 [ 213.947699][ T5852] ? do_raw_spin_unlock+0x122/0x240 [ 213.947738][ T5852] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 213.947782][ T5852] do_writepages+0x32e/0x550 [ 213.947820][ T5852] ? srso_alias_return_thunk+0x5/0xfbef5 [ 213.947854][ T5852] ? srso_alias_return_thunk+0x5/0xfbef5 [ 213.947883][ T5852] ? do_raw_spin_unlock+0x122/0x240 [ 213.947927][ T5852] filemap_fdatawrite+0x191/0x230 [ 213.947958][ T5852] ? __pfx_filemap_fdatawrite+0x10/0x10 [ 213.948047][ T5852] ? srso_alias_return_thunk+0x5/0xfbef5 [ 213.948083][ T5852] ? do_raw_spin_unlock+0x122/0x240 [ 213.948125][ T5852] f2fs_sync_dirty_inodes+0x31f/0x830 [ 213.948173][ T5852] f2fs_write_checkpoint+0x94a/0x1de0 [ 213.948242][ T5852] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 213.948336][ T5852] ? kill_f2fs_super+0x298/0x6c0 [ 213.948371][ T5852] kill_f2fs_super+0x2c3/0x6c0 [ 213.948406][ T5852] ? __pfx_kill_f2fs_super+0x10/0x10 [ 213.948429][ T5852] ? radix_tree_delete_item+0x2b6/0x400 [ 213.948477][ T5852] ? srso_alias_return_thunk+0x5/0xfbef5 [ 213.948505][ T5852] ? shrinker_free+0x2ce/0x3e0 [ 213.948549][ T5852] deactivate_locked_super+0xbc/0x130 [ 213.948579][ T5852] cleanup_mnt+0x425/0x4c0 [ 213.948602][ T5852] ? srso_alias_return_thunk+0x5/0xfbef5 [ 213.948629][ T5852] ? lockdep_hardirqs_on+0x9c/0x150 [ 213.948674][ T5852] task_work_run+0x1d4/0x260 [ 213.948720][ T5852] ? __pfx_task_work_run+0x10/0x10 [ 213.948756][ T5852] ? __x64_sys_umount+0x122/0x160 [ 213.948794][ T5852] ? exit_to_user_mode_loop+0x40/0x110 [ 213.948828][ T5852] exit_to_user_mode_loop+0xec/0x110 [ 213.948856][ T5852] do_syscall_64+0x2bd/0x3b0 [ 213.948881][ T5852] ? lockdep_hardirqs_on+0x9c/0x150 [ 213.948920][ T5852] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 213.948943][ T5852] ? srso_alias_return_thunk+0x5/0xfbef5 [ 213.948971][ T5852] ? exc_page_fault+0x9f/0xf0 [ 213.949014][ T5852] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 213.949037][ T5852] RIP: 0033:0x7f14d058fc57 [ 213.949059][ T5852] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 213.949077][ T5852] RSP: 002b:00007ffc4c31a958 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 213.949103][ T5852] RAX: 0000000000000000 RBX: 00007f14d0610925 RCX: 00007f14d058fc57 [ 213.949119][ T5852] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc4c31aa10 [ 213.949134][ T5852] RBP: 00007ffc4c31aa10 R08: 0000000000000000 R09: 0000000000000000 [ 213.949150][ T5852] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc4c31baa0 [ 213.949166][ T5852] R13: 00007f14d0610925 R14: 000000000003376f R15: 00007ffc4c31bae0 [ 213.949217][ T5852] [ 213.949535][ T5852] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 214.131119][ T5997] hsr_slave_1: left promiscuous mode [ 214.642036][ T5997] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 214.671178][ T5997] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 216.053476][ T7030] loop4: detected capacity change from 0 to 512 [ 216.075618][ T7030] ext4: Bad value for 'debug_want_extra_isize' [ 216.545833][ T5997] team0 (unregistering): Port device team_slave_1 removed [ 216.642394][ T5997] team0 (unregistering): Port device team_slave_0 removed [ 217.222257][ T7041] netlink: 12 bytes leftover after parsing attributes in process `syz.4.235'. [ 219.670829][ T7051] netlink: 4 bytes leftover after parsing attributes in process `syz.5.238'. [ 219.719547][ T6799] hsr_slave_0: entered promiscuous mode [ 219.726976][ T6799] hsr_slave_1: entered promiscuous mode [ 219.739594][ T6799] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 219.750079][ T6799] Cannot create hsr debugfs directory [ 220.046339][ T7043] delete_channel: no stack [ 221.564183][ T7077] geneve1: mtu less than device minimum [ 221.722881][ T7078] 8021q: adding VLAN 0 to HW filter on device bond0 [ 221.871455][ T7078] bond0: (slave rose0): Enslaving as an active interface with an up link [ 221.885597][ T6708] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 222.201019][ T6708] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 222.486920][ T6708] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 222.632567][ T6708] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 223.440620][ T7106] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 224.367101][ T7108] netlink: 12 bytes leftover after parsing attributes in process `syz.2.250'. [ 224.610048][ T6708] 8021q: adding VLAN 0 to HW filter on device bond0 [ 224.714625][ T6799] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 224.857902][ T6799] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 224.889192][ T6799] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 225.114184][ T6799] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 225.952880][ T6708] 8021q: adding VLAN 0 to HW filter on device team0 [ 226.092074][ T5997] bridge0: port 1(bridge_slave_0) entered blocking state [ 226.099281][ T5997] bridge0: port 1(bridge_slave_0) entered forwarding state [ 226.239999][ T1153] bridge0: port 2(bridge_slave_1) entered blocking state [ 226.247261][ T1153] bridge0: port 2(bridge_slave_1) entered forwarding state [ 226.777793][ T7146] geneve1: mtu less than device minimum [ 226.784317][ T7147] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 227.355252][ T7160] netlink: 4 bytes leftover after parsing attributes in process `syz.2.256'. [ 229.892651][ T6799] 8021q: adding VLAN 0 to HW filter on device bond0 [ 229.957498][ T7153] delete_channel: no stack [ 230.139115][ T6799] 8021q: adding VLAN 0 to HW filter on device team0 [ 230.373334][ T6044] bridge0: port 1(bridge_slave_0) entered blocking state [ 230.380555][ T6044] bridge0: port 1(bridge_slave_0) entered forwarding state [ 230.442715][ T6044] bridge0: port 2(bridge_slave_1) entered blocking state [ 230.449930][ T6044] bridge0: port 2(bridge_slave_1) entered forwarding state [ 230.720313][ T6708] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 231.393518][ T7185] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 232.757396][ T7195] netlink: 12 bytes leftover after parsing attributes in process `syz.0.261'. [ 233.864115][ T6799] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 235.959733][ T7217] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12 [ 235.969169][ T7217] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12 [ 235.978884][ T7217] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 236.132996][ T30] audit: type=1800 audit(1752130688.956:2): pid=7217 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.263" name="regulatory.db" dev="sda1" ino=448 res=0 errno=0 [ 236.212619][ T6708] veth0_vlan: entered promiscuous mode [ 236.268804][ T6708] veth1_vlan: entered promiscuous mode [ 237.430053][ T7245] loop4: detected capacity change from 0 to 128 [ 237.502899][ T7245] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 237.575976][ T7245] ext4 filesystem being mounted at /56/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 237.956025][ T6799] veth0_vlan: entered promiscuous mode [ 238.056091][ T7254] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 238.081180][ T7254] No such timeout policy "syz0" [ 238.596036][ T6799] veth1_vlan: entered promiscuous mode [ 238.665860][ T5852] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 238.957431][ T5161] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 238.967081][ T5161] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 238.975901][ T5161] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 238.985807][ T5161] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 238.995753][ T5161] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 239.125413][ T7261] loop5: detected capacity change from 0 to 512 [ 239.966823][ T6799] veth0_macvtap: entered promiscuous mode [ 241.100220][ T7261] EXT4-fs (loop5): 1 orphan inode deleted [ 241.118443][ T7261] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 241.134857][ T7261] ext4 filesystem being mounted at /59/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 242.046296][ T5161] Bluetooth: hci6: command tx timeout [ 242.277299][ T5839] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 242.481657][ T6799] veth1_macvtap: entered promiscuous mode [ 242.524106][ T7266] netlink: 12 bytes leftover after parsing attributes in process `syz.4.272'. [ 244.091129][ T5161] Bluetooth: hci6: command tx timeout [ 246.171578][ T5161] Bluetooth: hci6: command tx timeout [ 246.270686][ T7275] loop4: detected capacity change from 0 to 256 [ 246.510757][ T7271] nr0: tun_chr_ioctl cmd 1074025677 [ 246.701383][ T7271] nr0: linktype set to 270 [ 248.218016][ T7299] loop2: detected capacity change from 0 to 128 [ 248.251834][ T5161] Bluetooth: hci6: command tx timeout [ 248.259687][ T7299] EXT4-fs (loop2): Test dummy encryption mode enabled [ 248.381360][ T7299] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 248.441647][ T7299] ext4 filesystem being mounted at /77/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 248.551721][ T5856] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 248.563417][ T5856] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 248.575069][ T5856] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 248.586651][ T5856] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 248.596155][ T5856] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 248.598663][ T30] audit: type=1800 audit(1752130701.596:3): pid=7299 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.278" name="file1" dev="loop2" ino=12 res=0 errno=0 [ 249.376028][ T5841] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 249.950670][ T7258] chnl_net:caif_netlink_parms(): no params data found [ 250.123526][ T36] bridge_slave_1: left allmulticast mode [ 250.129297][ T36] bridge_slave_1: left promiscuous mode [ 250.153199][ T36] bridge0: port 2(bridge_slave_1) entered disabled state [ 250.171808][ T5991] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 250.209453][ T36] bridge_slave_0: left allmulticast mode [ 250.246804][ T36] bridge_slave_0: left promiscuous mode [ 250.278990][ T36] bridge0: port 1(bridge_slave_0) entered disabled state [ 250.344060][ T5991] usb 3-1: Using ep0 maxpacket: 16 [ 250.732822][ T5856] Bluetooth: hci3: command tx timeout [ 252.801552][ T7347] loop5: detected capacity change from 0 to 1024 [ 252.812517][ T5856] Bluetooth: hci3: command tx timeout [ 252.835234][ T7347] EXT4-fs: Ignoring removed nobh option [ 252.840872][ T7347] EXT4-fs: Ignoring removed oldalloc option [ 252.895041][ T7350] netlink: 12 bytes leftover after parsing attributes in process `syz.4.284'. [ 252.956671][ T7347] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 254.123773][ T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 254.145775][ T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 254.174143][ T36] bond0 (unregistering): Released all slaves [ 254.252592][ T5839] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 254.758883][ T36] hsr_slave_0: left promiscuous mode [ 254.775392][ T7365] loop5: detected capacity change from 0 to 128 [ 254.827118][ T36] hsr_slave_1: left promiscuous mode [ 254.879916][ T7365] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 254.890061][ T36] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 254.897734][ T5856] Bluetooth: hci3: command tx timeout [ 254.920028][ T36] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 254.964536][ T7365] ext4 filesystem being mounted at /64/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 255.059529][ T1294] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.067136][ T1294] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.241806][ T5991] usb 3-1: unable to get BOS descriptor or descriptor too short [ 255.252756][ T5991] usb 3-1: unable to read config index 0 descriptor/start: -71 [ 255.284286][ T5991] usb 3-1: can't read configurations, error -71 [ 255.303092][ T36] veth1_vlan: left promiscuous mode [ 255.347525][ T36] veth0_vlan: left promiscuous mode [ 255.489081][ T30] audit: type=1326 audit(1752130708.486:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7376 comm="syz.2.289" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f912f18e929 code=0x7ffc0000 [ 255.539791][ T7377] loop2: detected capacity change from 0 to 128 [ 255.561595][ T30] audit: type=1326 audit(1752130708.526:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7376 comm="syz.2.289" exe="/root/syz-executor" sig=0 arch=c000003e syscall=250 compat=0 ip=0x7f912f18e929 code=0x7ffc0000 [ 255.788834][ T30] audit: type=1326 audit(1752130708.526:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7376 comm="syz.2.289" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f912f18e929 code=0x7ffc0000 [ 255.821052][ T30] audit: type=1326 audit(1752130708.526:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7376 comm="syz.2.289" exe="/root/syz-executor" sig=0 arch=c000003e syscall=249 compat=0 ip=0x7f912f18e929 code=0x7ffc0000 [ 256.653107][ T30] audit: type=1326 audit(1752130708.526:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7376 comm="syz.2.289" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f912f18e929 code=0x7ffc0000 [ 256.857034][ T30] audit: type=1326 audit(1752130708.526:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7376 comm="syz.2.289" exe="/root/syz-executor" sig=0 arch=c000003e syscall=431 compat=0 ip=0x7f912f18e929 code=0x7ffc0000 [ 256.921220][ T30] audit: type=1326 audit(1752130708.526:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7376 comm="syz.2.289" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f912f18e929 code=0x7ffc0000 [ 256.980977][ T5856] Bluetooth: hci3: command tx timeout [ 256.986632][ T30] audit: type=1326 audit(1752130708.536:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7376 comm="syz.2.289" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f912f18e929 code=0x7ffc0000 [ 257.010803][ T30] audit: type=1326 audit(1752130708.536:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7376 comm="syz.2.289" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f912f18e929 code=0x7ffc0000 [ 257.034099][ T30] audit: type=1326 audit(1752130708.536:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7376 comm="syz.2.289" exe="/root/syz-executor" sig=0 arch=c000003e syscall=432 compat=0 ip=0x7f912f18e929 code=0x7ffc0000 [ 257.433581][ T7385] loop2: detected capacity change from 0 to 256 [ 257.447947][ T7385] exfat: Unknown parameter 'fsmagic' [ 259.481307][ T5839] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 262.825200][ T36] team0 (unregistering): Port device team_slave_1 removed [ 262.956845][ T36] team0 (unregistering): Port device team_slave_0 removed [ 263.881850][ T5960] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 264.084727][ T5960] usb 1-1: Using ep0 maxpacket: 16 [ 266.805466][ T7399] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12 [ 266.814917][ T7399] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12 [ 266.824595][ T7399] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 267.001259][ T30] kauditd_printk_skb: 43 callbacks suppressed [ 267.001283][ T30] audit: type=1800 audit(1752130719.806:57): pid=7399 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.294" name="regulatory.db" dev="sda1" ino=448 res=0 errno=0 [ 267.568415][ T5960] usb 1-1: unable to get BOS descriptor or descriptor too short [ 267.587063][ T5960] usb 1-1: unable to read config index 0 descriptor/start: -71 [ 267.598394][ T5960] usb 1-1: can't read configurations, error -71 [ 267.640435][ T7258] bridge0: port 1(bridge_slave_0) entered blocking state [ 267.648153][ T7258] bridge0: port 1(bridge_slave_0) entered disabled state [ 267.665944][ T7258] bridge_slave_0: entered allmulticast mode [ 267.676294][ T7258] bridge_slave_0: entered promiscuous mode [ 267.685588][ T7258] bridge0: port 2(bridge_slave_1) entered blocking state [ 267.694136][ T7258] bridge0: port 2(bridge_slave_1) entered disabled state [ 267.745938][ T7258] bridge_slave_1: entered allmulticast mode [ 267.756852][ T7258] bridge_slave_1: entered promiscuous mode [ 268.016636][ T7258] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 268.101861][ T7306] chnl_net:caif_netlink_parms(): no params data found [ 268.209514][ T7258] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 268.548188][ T7450] loop5: detected capacity change from 0 to 1024 [ 268.606541][ T7258] team0: Port device team_slave_0 added [ 268.642945][ T7258] team0: Port device team_slave_1 added [ 268.705934][ T7450] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 268.943190][ T7450] EXT4-fs error (device loop5): __ext4_remount:6736: comm syz.5.308: Abort forced by user [ 268.974898][ T7450] EXT4-fs (loop5): Remounting filesystem read-only [ 268.984808][ T7450] EXT4-fs (loop5): re-mounted 00000000-0000-0000-0000-000000000000. [ 269.173921][ T7258] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 269.239501][ T7258] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 269.414514][ T7258] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 269.415609][ T7461] xt_NFQUEUE: number of total queues is 0 [ 269.711656][ T7258] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 269.760290][ T5839] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 269.795488][ T7258] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 270.041127][ T7258] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 270.129483][ T7306] bridge0: port 1(bridge_slave_0) entered blocking state [ 270.156738][ T7306] bridge0: port 1(bridge_slave_0) entered disabled state [ 270.183782][ T7306] bridge_slave_0: entered allmulticast mode [ 270.257985][ T7306] bridge_slave_0: entered promiscuous mode [ 270.318416][ T7306] bridge0: port 2(bridge_slave_1) entered blocking state [ 270.343871][ T7306] bridge0: port 2(bridge_slave_1) entered disabled state [ 270.377075][ T7306] bridge_slave_1: entered allmulticast mode [ 270.404113][ T7306] bridge_slave_1: entered promiscuous mode [ 273.336141][ T7489] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 273.667648][ T7258] hsr_slave_0: entered promiscuous mode [ 273.686745][ T7258] hsr_slave_1: entered promiscuous mode [ 273.703096][ T7258] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 273.720235][ T7258] Cannot create hsr debugfs directory [ 273.744213][ T7306] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 274.225830][ T7306] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 274.961834][ T5919] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 275.030259][ T7306] team0: Port device team_slave_0 added [ 275.143821][ T5919] usb 3-1: New USB device found, idVendor=0dba, idProduct=3000, bcdDevice=26.ea [ 275.173474][ T5919] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 275.223495][ T5919] usb 3-1: config 0 descriptor?? [ 275.238991][ T7306] team0: Port device team_slave_1 added [ 275.244940][ T5919] usb 3-1: Invalid firmware size=18. [ 275.313384][ T7523] netlink: 8 bytes leftover after parsing attributes in process `syz.0.323'. [ 275.339887][ T7523] netlink: 12 bytes leftover after parsing attributes in process `syz.0.323'. [ 275.456008][ T5919] usb 3-1: USB disconnect, device number 6 [ 275.983724][ T7306] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 275.990740][ T7306] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 276.070184][ T7306] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 276.094829][ T7306] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 276.115228][ T7306] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 276.183030][ T7306] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 276.349781][ T36] bridge_slave_1: left allmulticast mode [ 276.362331][ T36] bridge_slave_1: left promiscuous mode [ 276.375045][ T36] bridge0: port 2(bridge_slave_1) entered disabled state [ 276.390789][ T36] bridge_slave_0: left allmulticast mode [ 276.398625][ T36] bridge_slave_0: left promiscuous mode [ 276.406012][ T36] bridge0: port 1(bridge_slave_0) entered disabled state [ 277.096778][ T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 277.115997][ T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 277.132842][ T36] bond0 (unregistering): Released all slaves [ 277.640782][ T36] hsr_slave_0: left promiscuous mode [ 277.667167][ T36] hsr_slave_1: left promiscuous mode [ 277.684661][ T36] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 277.724486][ T36] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 277.848458][ T36] veth1_macvtap: left promiscuous mode [ 277.887042][ T36] veth0_macvtap: left promiscuous mode [ 277.897388][ T36] veth1_vlan: left promiscuous mode [ 277.927951][ T36] veth0_vlan: left promiscuous mode [ 278.937703][ T7570] netlink: 8 bytes leftover after parsing attributes in process `syz.4.334'. [ 278.950800][ T7570] netlink: 12 bytes leftover after parsing attributes in process `syz.4.334'. [ 279.276777][ T36] team0 (unregistering): Port device team_slave_1 removed [ 279.344824][ T36] team0 (unregistering): Port device team_slave_0 removed [ 279.920023][ T7565] wg2: entered promiscuous mode [ 279.932028][ T7565] wg2: entered allmulticast mode [ 280.049280][ T7306] hsr_slave_0: entered promiscuous mode [ 280.075193][ T7306] hsr_slave_1: entered promiscuous mode [ 280.087581][ T7576] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 280.107694][ T7306] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 280.115824][ T7306] Cannot create hsr debugfs directory [ 280.121928][ T7576] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 281.316375][ T30] audit: type=1326 audit(1752130734.316:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7588 comm="syz.2.341" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f912f18e929 code=0x7ffc0000 [ 281.355410][ T7589] loop2: detected capacity change from 0 to 128 [ 281.400808][ T30] audit: type=1326 audit(1752130734.316:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7588 comm="syz.2.341" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f912f18e929 code=0x7ffc0000 [ 281.596341][ T30] audit: type=1326 audit(1752130734.316:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7588 comm="syz.2.341" exe="/root/syz-executor" sig=0 arch=c000003e syscall=250 compat=0 ip=0x7f912f18e929 code=0x7ffc0000 [ 281.619664][ T30] audit: type=1326 audit(1752130734.316:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7588 comm="syz.2.341" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f912f18e929 code=0x7ffc0000 [ 281.661114][ T30] audit: type=1326 audit(1752130734.316:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7588 comm="syz.2.341" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f912f18e929 code=0x7ffc0000 [ 281.762505][ T7593] x_tables: duplicate underflow at hook 1 [ 282.446163][ T30] audit: type=1326 audit(1752130734.316:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7588 comm="syz.2.341" exe="/root/syz-executor" sig=0 arch=c000003e syscall=249 compat=0 ip=0x7f912f18e929 code=0x7ffc0000 [ 282.520799][ T30] audit: type=1326 audit(1752130734.316:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7588 comm="syz.2.341" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f912f18e929 code=0x7ffc0000 [ 282.711312][ T30] audit: type=1326 audit(1752130734.316:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7588 comm="syz.2.341" exe="/root/syz-executor" sig=0 arch=c000003e syscall=431 compat=0 ip=0x7f912f18e929 code=0x7ffc0000 [ 283.316858][ T30] audit: type=1326 audit(1752130734.316:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7588 comm="syz.2.341" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f912f18e929 code=0x7ffc0000 [ 283.340127][ T30] audit: type=1326 audit(1752130734.316:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7588 comm="syz.2.341" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f912f18e929 code=0x7ffc0000 [ 283.599383][ T7258] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 283.627564][ T7258] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 283.656245][ T7258] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 283.818187][ T7258] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 284.125751][ T7616] netlink: 8 bytes leftover after parsing attributes in process `syz.5.348'. [ 284.137640][ T7618] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 284.161950][ T7616] netlink: 12 bytes leftover after parsing attributes in process `syz.5.348'. [ 284.180393][ T7618] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 284.515775][ T7622] overlayfs: failed to resolve './file0': -2 [ 284.822973][ T7258] 8021q: adding VLAN 0 to HW filter on device bond0 [ 284.900181][ T7306] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 284.931023][ T5919] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 284.977712][ T7306] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 285.016188][ T7258] 8021q: adding VLAN 0 to HW filter on device team0 [ 285.059291][ T7306] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 285.094872][ T7306] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 285.113534][ T7635] loop5: detected capacity change from 0 to 128 [ 285.133031][ T5919] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 285.145588][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 285.152837][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 285.408175][ T5919] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 285.420604][ T5919] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 285.428752][ T5919] usb 5-1: Product: syz [ 285.435880][ T5919] usb 5-1: Manufacturer: syz [ 285.440530][ T5919] usb 5-1: SerialNumber: syz [ 285.450679][ T5919] usb 5-1: config 0 descriptor?? [ 286.091888][ T5998] bridge0: port 2(bridge_slave_1) entered blocking state [ 286.099177][ T5998] bridge0: port 2(bridge_slave_1) entered forwarding state [ 286.898364][ T5919] usb 5-1: USB disconnect, device number 3 [ 287.073831][ T7320] udevd[7320]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 287.289490][ T7306] 8021q: adding VLAN 0 to HW filter on device bond0 [ 287.425719][ T7306] 8021q: adding VLAN 0 to HW filter on device team0 [ 287.535153][ T5997] bridge0: port 1(bridge_slave_0) entered blocking state [ 287.542380][ T5997] bridge0: port 1(bridge_slave_0) entered forwarding state [ 287.591757][ T5997] bridge0: port 2(bridge_slave_1) entered blocking state [ 287.598954][ T5997] bridge0: port 2(bridge_slave_1) entered forwarding state [ 288.089686][ T7666] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 288.427102][ T7258] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 288.720768][ T7306] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 289.246931][ T7695] pim6reg1: entered promiscuous mode [ 289.267020][ T7695] pim6reg1: entered allmulticast mode [ 289.535500][ T7702] loop4: detected capacity change from 0 to 512 [ 289.592143][ T7702] ext4: Unknown parameter 'smackfshat' [ 289.740313][ T7258] veth0_vlan: entered promiscuous mode [ 289.851809][ T7258] veth1_vlan: entered promiscuous mode [ 289.861432][ T7711] veth0_vlan: entered allmulticast mode [ 290.107594][ T7258] veth0_macvtap: entered promiscuous mode [ 290.131270][ T5991] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 290.234690][ T7258] veth1_macvtap: entered promiscuous mode [ 290.299498][ T7306] veth0_vlan: entered promiscuous mode [ 290.331704][ T5991] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 290.374968][ T5991] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 290.395100][ T7258] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 290.404707][ T5991] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 290.432123][ T5991] usb 1-1: Product: syz [ 290.438703][ T5991] usb 1-1: Manufacturer: syz [ 290.455730][ T7306] veth1_vlan: entered promiscuous mode [ 290.462306][ T5991] usb 1-1: SerialNumber: syz [ 290.490580][ T5991] usb 1-1: config 0 descriptor?? [ 290.517863][ T7258] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 290.595643][ T7258] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 290.627717][ T7258] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 290.651075][ T7258] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 290.668576][ T7258] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 290.837186][ T5991] usb 1-1: USB disconnect, device number 4 [ 290.917353][ T7306] veth0_macvtap: entered promiscuous mode [ 290.966849][ T7320] udevd[7320]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 291.014206][ T7306] veth1_macvtap: entered promiscuous mode [ 291.197777][ T7306] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 291.286181][ T7306] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 291.338201][ T6116] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 291.397759][ T6116] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 291.524319][ T7306] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 291.561023][ T7306] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 291.578323][ T7306] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 291.833373][ T7306] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 292.024377][ T6116] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 292.066175][ T6116] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 292.578095][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 292.621296][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 292.759335][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 292.787442][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 293.327700][ T7773] loop6: detected capacity change from 0 to 1024 [ 293.384459][ T7773] EXT4-fs: Ignoring removed nobh option [ 293.418802][ T7773] EXT4-fs: Ignoring removed oldalloc option [ 293.511996][ T7773] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 293.807459][ T7258] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 294.372769][ T7768] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 294.399904][ T7796] loop5: detected capacity change from 0 to 256 [ 295.787727][ T30] kauditd_printk_skb: 100 callbacks suppressed [ 295.787749][ T30] audit: type=1326 audit(1752130748.786:168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7793 comm="syz.0.390" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2814d8e929 code=0x7ffc0000 [ 296.372999][ T30] audit: type=1326 audit(1752130748.826:169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7793 comm="syz.0.390" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2814d8e929 code=0x7ffc0000 [ 300.401874][ T7851] loop7: detected capacity change from 0 to 1024 [ 300.472595][ T7857] loop2: detected capacity change from 0 to 512 [ 300.477120][ T7851] EXT4-fs: Ignoring removed nobh option [ 300.528939][ T7851] EXT4-fs: Ignoring removed oldalloc option [ 300.541233][ T7857] ext4: Bad value for 'debug_want_extra_isize' [ 300.682330][ T7851] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 300.813927][ T7306] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 302.071630][ T7888] x_tables: duplicate underflow at hook 1 [ 302.135556][ T7890] netlink: 4 bytes leftover after parsing attributes in process `syz.2.407'. [ 302.327173][ T7894] netlink: 8 bytes leftover after parsing attributes in process `syz.2.407'. [ 310.736718][ T7977] netlink: 4 bytes leftover after parsing attributes in process `syz.4.427'. [ 312.804524][ T7983] netlink: 8 bytes leftover after parsing attributes in process `syz.4.427'. [ 313.406590][ T7991] loop6: detected capacity change from 0 to 1024 [ 313.429225][ T7991] EXT4-fs: Ignoring removed nobh option [ 313.471118][ T7991] EXT4-fs: Ignoring removed oldalloc option [ 314.179361][ T8004] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 314.582004][ T7991] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 315.235756][ T7258] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 315.863511][ T8018] loop6: detected capacity change from 0 to 40427 [ 316.001057][ T8018] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5 [ 316.339419][ T8027] netlink: 8 bytes leftover after parsing attributes in process `syz.6.437'. [ 316.386595][ T8027] syz.6.437: attempt to access beyond end of device [ 316.386595][ T8027] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 316.503334][ T1294] ieee802154 phy0 wpan0: encryption failed: -22 [ 316.510119][ T1294] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.586241][ T7258] syz-executor: attempt to access beyond end of device [ 317.586241][ T7258] loop6: rw=2049, sector=45104, nr_sectors = 8 limit=40427 [ 317.686649][ T7258] CPU: 1 UID: 0 PID: 7258 Comm: syz-executor Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 317.686676][ T7258] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 317.686688][ T7258] Call Trace: [ 317.686695][ T7258] [ 317.686703][ T7258] dump_stack_lvl+0x189/0x250 [ 317.686736][ T7258] ? __pfx_dump_stack_lvl+0x10/0x10 [ 317.686756][ T7258] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 317.686784][ T7258] ? __pfx_queue_work_on+0x10/0x10 [ 317.686810][ T7258] ? srso_alias_return_thunk+0x5/0xfbef5 [ 317.686830][ T7258] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 317.686857][ T7258] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 317.686886][ T7258] ? srso_alias_return_thunk+0x5/0xfbef5 [ 317.686906][ T7258] ? f2fs_hw_is_readonly+0x39b/0x470 [ 317.686939][ T7258] f2fs_handle_critical_error+0x37c/0x540 [ 317.686974][ T7258] f2fs_write_end_io+0x495/0x810 [ 317.686990][ T7258] ? blkg_put+0x22/0x240 [ 317.687031][ T7258] __submit_merged_bio+0x27a/0x6a0 [ 317.687066][ T7258] __submit_merged_write_cond+0x255/0x530 [ 317.687101][ T7258] f2fs_write_data_pages+0x261d/0x3000 [ 317.687128][ T7258] ? __lock_acquire+0xab9/0xd20 [ 317.687191][ T7258] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 317.687269][ T7258] ? __mod_zone_page_state+0xd7/0x140 [ 317.687302][ T7258] ? srso_alias_return_thunk+0x5/0xfbef5 [ 317.687322][ T7258] ? folios_put_refs+0x560/0x640 [ 317.687363][ T7258] ? __pfx_folios_put_refs+0x10/0x10 [ 317.687390][ T7258] ? rcu_is_watching+0x15/0xb0 [ 317.687422][ T7258] ? srso_alias_return_thunk+0x5/0xfbef5 [ 317.687442][ T7258] ? __lock_acquire+0xab9/0xd20 [ 317.687481][ T7258] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 317.687511][ T7258] do_writepages+0x32e/0x550 [ 317.687539][ T7258] ? srso_alias_return_thunk+0x5/0xfbef5 [ 317.687564][ T7258] ? srso_alias_return_thunk+0x5/0xfbef5 [ 317.687584][ T7258] ? do_raw_spin_unlock+0x122/0x240 [ 317.687617][ T7258] filemap_fdatawrite+0x191/0x230 [ 317.687643][ T7258] ? __pfx_filemap_fdatawrite+0x10/0x10 [ 317.687713][ T7258] ? srso_alias_return_thunk+0x5/0xfbef5 [ 317.687739][ T7258] ? do_raw_spin_unlock+0x122/0x240 [ 317.687772][ T7258] f2fs_sync_dirty_inodes+0x31f/0x830 [ 317.687808][ T7258] f2fs_write_checkpoint+0x94a/0x1de0 [ 317.687855][ T7258] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 317.687929][ T7258] ? kill_f2fs_super+0x298/0x6c0 [ 317.687955][ T7258] kill_f2fs_super+0x2c3/0x6c0 [ 317.687982][ T7258] ? __pfx_kill_f2fs_super+0x10/0x10 [ 317.687999][ T7258] ? radix_tree_delete_item+0x2b6/0x400 [ 317.688035][ T7258] ? srso_alias_return_thunk+0x5/0xfbef5 [ 317.688055][ T7258] ? shrinker_free+0x2ce/0x3e0 [ 317.688087][ T7258] deactivate_locked_super+0xbc/0x130 [ 317.688109][ T7258] cleanup_mnt+0x425/0x4c0 [ 317.688126][ T7258] ? srso_alias_return_thunk+0x5/0xfbef5 [ 317.688146][ T7258] ? lockdep_hardirqs_on+0x9c/0x150 [ 317.688182][ T7258] task_work_run+0x1d4/0x260 [ 317.688216][ T7258] ? __pfx_task_work_run+0x10/0x10 [ 317.688242][ T7258] ? __x64_sys_umount+0x122/0x160 [ 317.688271][ T7258] ? exit_to_user_mode_loop+0x40/0x110 [ 317.688296][ T7258] exit_to_user_mode_loop+0xec/0x110 [ 317.688316][ T7258] do_syscall_64+0x2bd/0x3b0 [ 317.688334][ T7258] ? lockdep_hardirqs_on+0x9c/0x150 [ 317.688362][ T7258] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 317.688379][ T7258] ? srso_alias_return_thunk+0x5/0xfbef5 [ 317.688399][ T7258] ? exc_page_fault+0x9f/0xf0 [ 317.688430][ T7258] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 317.688447][ T7258] RIP: 0033:0x7fb0f178fc57 [ 317.688464][ T7258] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 317.688479][ T7258] RSP: 002b:00007ffc455a6678 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 317.688498][ T7258] RAX: 0000000000000000 RBX: 00007fb0f1810925 RCX: 00007fb0f178fc57 [ 317.688510][ T7258] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc455a6730 [ 317.688521][ T7258] RBP: 00007ffc455a6730 R08: 0000000000000000 R09: 0000000000000000 [ 317.688532][ T7258] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc455a77c0 [ 317.688544][ T7258] R13: 00007fb0f1810925 R14: 000000000004d62d R15: 00007ffc455a7800 [ 317.688577][ T7258] [ 318.109210][ T7258] F2FS-fs (loop6): Stopped filesystem due to reason: 3 [ 319.059278][ T8055] loop7: detected capacity change from 0 to 1024 [ 319.076245][ T8055] EXT4-fs: Ignoring removed nobh option [ 319.144463][ T8055] EXT4-fs: Ignoring removed oldalloc option [ 319.795690][ T8069] usb usb1: usbfs: interface 0 claimed by hub while 'syz.2.451' sets config #1 [ 320.558987][ T8055] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 321.852233][ T7306] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 323.381016][ T10] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 323.686841][ T10] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 324.372013][ T10] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 324.383009][ T10] usb 8-1: New USB device found, idVendor=056a, idProduct=00b4, bcdDevice= 0.00 [ 324.406398][ T10] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 324.436021][ T10] usb 8-1: config 0 descriptor?? [ 325.572703][ T10] usbhid 8-1:0.0: can't add hid device: -71 [ 325.590240][ T10] usbhid 8-1:0.0: probe with driver usbhid failed with error -71 [ 325.642288][ T10] usb 8-1: USB disconnect, device number 2 [ 325.884086][ T8110] syz_tun: entered allmulticast mode [ 325.917889][ T8110] syz_tun: left allmulticast mode [ 327.914836][ T8141] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 327.953919][ T8143] loop4: detected capacity change from 0 to 256 [ 331.361528][ T8193] ieee802154 phy0 wpan0: encryption failed: -22 [ 332.894232][ T8212] loop5: detected capacity change from 0 to 256 [ 334.480123][ T8227] netlink: 28 bytes leftover after parsing attributes in process `syz.0.492'. [ 334.562048][ T8227] netlink: 8 bytes leftover after parsing attributes in process `syz.0.492'. [ 335.898062][ T8225] bridge0: port 2(bridge_slave_1) entered disabled state [ 335.909700][ T8225] bridge0: port 1(bridge_slave_0) entered disabled state [ 336.687714][ T8225] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 336.732253][ T8225] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 337.900672][ T8225] netdevsim netdevsim7 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 337.913678][ T8225] netdevsim netdevsim7 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 337.940993][ T8225] netdevsim netdevsim7 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 337.950086][ T8225] netdevsim netdevsim7 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 337.981982][ T8272] overlayfs: failed to resolve './file0': -2 [ 338.383221][ T5912] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 338.701808][ T5912] usb 5-1: Using ep0 maxpacket: 32 [ 338.762910][ T5912] usb 5-1: config 0 has an invalid interface number: 184 but max is 0 [ 338.771783][ T5912] usb 5-1: config 0 has no interface number 0 [ 338.778284][ T5912] usb 5-1: config 0 interface 184 has no altsetting 0 [ 339.751298][ T5912] usb 5-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 339.818189][ T5912] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 340.446548][ T8285] vivid-001: kernel_thread() failed [ 340.621110][ T5912] usb 5-1: Product: syz [ 340.625358][ T5912] usb 5-1: Manufacturer: syz [ 340.629998][ T5912] usb 5-1: SerialNumber: syz [ 340.656820][ T5912] usb 5-1: config 0 descriptor?? [ 340.828269][ T5912] smsc75xx v1.0.0 [ 340.832103][ T5912] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 340.843497][ T5912] smsc75xx 5-1:0.184: probe with driver smsc75xx failed with error -22 [ 342.030477][ T10] usb 5-1: USB disconnect, device number 4 [ 342.392813][ T30] audit: type=1326 audit(1752130795.396:170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8307 comm="syz.7.510" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f447058e929 code=0x7ffc0000 [ 342.477859][ T8308] loop7: detected capacity change from 0 to 128 [ 342.567463][ T30] audit: type=1326 audit(1752130795.416:171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8307 comm="syz.7.510" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f447058e929 code=0x7ffc0000 [ 342.645338][ T8312] loop2: detected capacity change from 0 to 1024 [ 343.375445][ T30] audit: type=1326 audit(1752130795.416:172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8307 comm="syz.7.510" exe="/root/syz-executor" sig=0 arch=c000003e syscall=250 compat=0 ip=0x7f447058e929 code=0x7ffc0000 [ 343.416782][ T30] audit: type=1326 audit(1752130795.416:173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8307 comm="syz.7.510" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f447058e929 code=0x7ffc0000 [ 343.521658][ T30] audit: type=1326 audit(1752130795.416:174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8307 comm="syz.7.510" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f447058e929 code=0x7ffc0000 [ 343.771069][ T30] audit: type=1326 audit(1752130795.426:175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8307 comm="syz.7.510" exe="/root/syz-executor" sig=0 arch=c000003e syscall=249 compat=0 ip=0x7f447058e929 code=0x7ffc0000 [ 343.794222][ T30] audit: type=1326 audit(1752130795.426:176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8307 comm="syz.7.510" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f447058e929 code=0x7ffc0000 [ 344.269336][ T8312] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 344.482530][ T30] audit: type=1326 audit(1752130795.426:177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8307 comm="syz.7.510" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f447058e929 code=0x7ffc0000 [ 344.569482][ T30] audit: type=1326 audit(1752130795.426:178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8307 comm="syz.7.510" exe="/root/syz-executor" sig=0 arch=c000003e syscall=431 compat=0 ip=0x7f447058e929 code=0x7ffc0000 [ 344.702667][ T30] audit: type=1326 audit(1752130795.426:179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8307 comm="syz.7.510" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f447058e929 code=0x7ffc0000 [ 344.792097][ T8333] 9pnet_virtio: no channels available for device syz [ 344.901081][ T8312] EXT4-fs error (device loop2): __ext4_remount:6736: comm syz.2.509: Abort forced by user [ 345.418706][ T8312] EXT4-fs (loop2): Remounting filesystem read-only [ 345.533401][ T8312] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000. [ 345.541342][ T5856] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci5/hci5:201' [ 345.552366][ T5856] CPU: 0 UID: 0 PID: 5856 Comm: kworker/u9:5 Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 345.552407][ T5856] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 345.552424][ T5856] Workqueue: hci5 hci_rx_work [ 345.552452][ T5856] Call Trace: [ 345.552462][ T5856] [ 345.552472][ T5856] dump_stack_lvl+0x189/0x250 [ 345.552507][ T5856] ? kernfs_path_from_node+0x2c/0x260 [ 345.552544][ T5856] ? __pfx_dump_stack_lvl+0x10/0x10 [ 345.552575][ T5856] ? __pfx__printk+0x10/0x10 [ 345.552611][ T5856] ? kernfs_path_from_node+0x2c/0x260 [ 345.552644][ T5856] ? kernfs_path_from_node+0x2c/0x260 [ 345.552680][ T5856] ? srso_alias_return_thunk+0x5/0xfbef5 [ 345.552709][ T5856] ? kernfs_path_from_node+0x22c/0x260 [ 345.552742][ T5856] ? kernfs_path_from_node+0x2c/0x260 [ 345.552782][ T5856] sysfs_create_dir_ns+0x259/0x280 [ 345.552821][ T5856] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 345.552862][ T5856] ? do_raw_spin_unlock+0x122/0x240 [ 345.552906][ T5856] kobject_add_internal+0x59f/0xb40 [ 345.552945][ T5856] kobject_add+0x155/0x220 [ 345.552970][ T5856] ? srso_alias_return_thunk+0x5/0xfbef5 [ 345.553006][ T5856] ? __pfx_kobject_add+0x10/0x10 [ 345.553032][ T5856] ? srso_alias_return_thunk+0x5/0xfbef5 [ 345.553060][ T5856] ? _raw_spin_unlock+0x28/0x50 [ 345.553094][ T5856] ? srso_alias_return_thunk+0x5/0xfbef5 [ 345.553127][ T5856] ? srso_alias_return_thunk+0x5/0xfbef5 [ 345.553155][ T5856] ? get_device_parent+0x366/0x3a0 [ 345.553201][ T5856] device_add+0x408/0xb50 [ 345.553239][ T5856] hci_conn_add_sysfs+0xd5/0x1e0 [ 345.553281][ T5856] le_conn_complete_evt+0xc3a/0x1220 [ 345.553330][ T5856] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 345.553361][ T5856] ? srso_alias_return_thunk+0x5/0xfbef5 [ 345.553389][ T5856] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 345.553412][ T5856] ? __asan_memcpy+0x40/0x70 [ 345.553440][ T5856] ? __pfx___mutex_lock+0x10/0x10 [ 345.553465][ T5856] ? srso_alias_return_thunk+0x5/0xfbef5 [ 345.553493][ T5856] ? skb_pull_data+0xfb/0x200 [ 345.553538][ T5856] hci_le_conn_complete_evt+0x187/0x450 [ 345.553578][ T5856] hci_event_packet+0x78f/0x1200 [ 345.553623][ T5856] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 345.553655][ T5856] ? __pfx_hci_event_packet+0x10/0x10 [ 345.553698][ T5856] ? kcov_remote_start+0x4d3/0x7f0 [ 345.553736][ T5856] ? srso_alias_return_thunk+0x5/0xfbef5 [ 345.553764][ T5856] ? __pfx_warn_bogus_irq_restore+0x10/0x10 [ 345.553807][ T5856] ? srso_alias_return_thunk+0x5/0xfbef5 [ 345.553834][ T5856] ? hci_send_to_monitor+0xe2/0x570 [ 345.553870][ T5856] hci_rx_work+0x46a/0xe80 [ 345.553904][ T5856] ? process_scheduled_works+0x9ef/0x17b0 [ 345.553938][ T5856] process_scheduled_works+0xae1/0x17b0 [ 345.554010][ T5856] ? __pfx_process_scheduled_works+0x10/0x10 [ 345.554049][ T5856] ? srso_alias_return_thunk+0x5/0xfbef5 [ 345.554089][ T5856] worker_thread+0x8a0/0xda0 [ 345.554153][ T5856] kthread+0x711/0x8a0 [ 345.554203][ T5856] ? __pfx_worker_thread+0x10/0x10 [ 345.554233][ T5856] ? __pfx_kthread+0x10/0x10 [ 345.554265][ T5856] ? srso_alias_return_thunk+0x5/0xfbef5 [ 345.554299][ T5856] ? _raw_spin_unlock_irq+0x23/0x50 [ 345.554335][ T5856] ? srso_alias_return_thunk+0x5/0xfbef5 [ 345.554363][ T5856] ? lockdep_hardirqs_on+0x9c/0x150 [ 345.554400][ T5856] ? __pfx_kthread+0x10/0x10 [ 345.554437][ T5856] ret_from_fork+0x3fc/0x770 [ 345.554469][ T5856] ? __pfx_ret_from_fork+0x10/0x10 [ 345.554503][ T5856] ? __switch_to_asm+0x39/0x70 [ 345.554536][ T5856] ? __switch_to_asm+0x33/0x70 [ 345.554569][ T5856] ? __pfx_kthread+0x10/0x10 [ 345.554607][ T5856] ret_from_fork_asm+0x1a/0x30 [ 345.554662][ T5856] [ 345.554805][ T5856] kobject: kobject_add_internal failed for hci5:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 345.923901][ T5856] Bluetooth: hci5: failed to register connection device [ 346.477408][ T8348] skbuff: bad partial csum: csum=65489/0 headroom=64 headlen=65491 [ 347.455062][ T5841] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 348.321456][ T5161] Bluetooth: hci1: unexpected event for opcode 0x2010 [ 348.782883][ T5161] Bluetooth: Unexpected continuation frame (len 12) [ 348.865440][ T8369] 9pnet_fd: Insufficient options for proto=fd [ 349.738828][ T8376] 8021q: adding VLAN 0 to HW filter on device bond0 [ 349.762441][ T8376] 8021q: adding VLAN 0 to HW filter on device team0 [ 349.869222][ T8376] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 353.190275][ T30] kauditd_printk_skb: 56 callbacks suppressed [ 353.190297][ T30] audit: type=1326 audit(1752130806.186:236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8412 comm="syz.7.534" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f447058e929 code=0x7ffc0000 [ 353.367469][ T30] audit: type=1326 audit(1752130806.226:237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8412 comm="syz.7.534" exe="/root/syz-executor" sig=0 arch=c000003e syscall=250 compat=0 ip=0x7f447058e929 code=0x7ffc0000 [ 353.393749][ T8415] loop7: detected capacity change from 0 to 128 [ 353.628958][ T30] audit: type=1326 audit(1752130806.226:238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8412 comm="syz.7.534" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f447058e929 code=0x7ffc0000 [ 353.719621][ T30] audit: type=1326 audit(1752130806.226:239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8412 comm="syz.7.534" exe="/root/syz-executor" sig=0 arch=c000003e syscall=249 compat=0 ip=0x7f447058e929 code=0x7ffc0000 [ 354.661215][ T30] audit: type=1326 audit(1752130806.226:240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8412 comm="syz.7.534" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f447058e929 code=0x7ffc0000 [ 354.835639][ T30] audit: type=1326 audit(1752130806.226:241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8412 comm="syz.7.534" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f447058e929 code=0x7ffc0000 [ 355.041091][ T30] audit: type=1326 audit(1752130806.236:242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8412 comm="syz.7.534" exe="/root/syz-executor" sig=0 arch=c000003e syscall=431 compat=0 ip=0x7f447058e929 code=0x7ffc0000 [ 355.141235][ T5971] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 355.420739][ T30] audit: type=1326 audit(1752130806.236:243): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8412 comm="syz.7.534" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f447058e929 code=0x7ffc0000 [ 355.489786][ T30] audit: type=1326 audit(1752130806.236:244): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8412 comm="syz.7.534" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f447058e929 code=0x7ffc0000 [ 355.520489][ T8443] 9pnet_fd: Insufficient options for proto=fd [ 355.748058][ T5971] usb 5-1: Using ep0 maxpacket: 16 [ 356.664747][ T30] audit: type=1326 audit(1752130806.236:245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8412 comm="syz.7.534" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f447058e929 code=0x7ffc0000 [ 358.742226][ T8468] can0: slcan on ttyS3. [ 358.854079][ T8469] capability: warning: `syz.7.545' uses 32-bit capabilities (legacy support in use) [ 359.663593][ T8468] can0 (unregistered): slcan off ttyS3. [ 359.950803][ T8476] netlink: 28 bytes leftover after parsing attributes in process `syz.0.547'. [ 361.399341][ T5971] usb 5-1: unable to get BOS descriptor or descriptor too short [ 361.449000][ T5971] usb 5-1: unable to read config index 0 descriptor/start: -71 [ 361.497279][ T5971] usb 5-1: can't read configurations, error -71 [ 363.150754][ T8517] 9pnet_fd: Insufficient options for proto=fd [ 364.271743][ T43] libceph: connect (1)[c::]:6789 error -101 [ 364.307102][ T43] libceph: mon0 (1)[c::]:6789 connect error [ 364.595168][ T8518] ceph: No mds server is up or the cluster is laggy [ 364.748293][ T5856] Bluetooth: hci6: command 0x0406 tx timeout [ 365.284945][ T8528] netlink: 4 bytes leftover after parsing attributes in process `syz.0.559'. [ 365.478493][ T8533] netlink: 8 bytes leftover after parsing attributes in process `syz.0.559'. [ 365.709413][ T8540] netlink: 4 bytes leftover after parsing attributes in process `syz.4.561'. [ 366.646505][ T5991] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 366.799184][ T8531] delete_channel: no stack [ 366.971465][ T5991] usb 7-1: unable to get BOS descriptor or descriptor too short [ 366.993021][ T5991] usb 7-1: config 1 interface 1 has no altsetting 0 [ 367.018647][ T5991] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 367.929068][ T5991] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 367.972126][ T5991] usb 7-1: Product: syz [ 367.976311][ T5991] usb 7-1: Manufacturer: syz [ 367.991776][ T5991] usb 7-1: SerialNumber: syz [ 368.428986][ T5991] usb 7-1: found format II with max.bitrate = 2418, frame size=7 [ 368.478910][ T5991] usb 7-1: 2:1: All rates were zero [ 368.759879][ T5991] usb 7-1: USB disconnect, device number 2 [ 368.934278][ T7276] udevd[7276]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 369.546133][ T8584] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 369.694372][ T8586] 9pnet_fd: Insufficient options for proto=fd [ 373.381204][ T5919] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 373.633118][ T5919] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 373.816974][ T5919] usb 8-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 373.841126][ T5919] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 373.867981][ T5919] usb 8-1: Product: syz [ 373.872939][ T5919] usb 8-1: Manufacturer: syz [ 373.877580][ T5919] usb 8-1: SerialNumber: syz [ 373.952469][ T5919] usb 8-1: config 0 descriptor?? [ 374.041395][ T8624] netlink: 4 bytes leftover after parsing attributes in process `syz.0.581'. [ 374.725915][ T5919] usb 8-1: USB disconnect, device number 3 [ 375.557726][ T5856] Bluetooth: hci3: command 0x0406 tx timeout [ 375.906998][ T8624] netlink: 8 bytes leftover after parsing attributes in process `syz.0.581'. [ 376.096992][ T8647] usb usb1: usbfs: interface 0 claimed by hub while 'syz.6.587' sets config #1 [ 376.683063][ T8654] netlink: 'syz.7.591': attribute type 39 has an invalid length. [ 378.018434][ T1294] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.401287][ T1294] ieee802154 phy1 wpan1: encryption failed: -22 [ 380.072257][ T8676] loop4: detected capacity change from 0 to 1024 [ 380.183515][ T8676] EXT4-fs: Ignoring removed nobh option [ 380.210553][ T8676] EXT4-fs: Ignoring removed oldalloc option [ 380.318756][ T8676] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 380.651709][ T9] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 380.963918][ T9] usb 3-1: Using ep0 maxpacket: 16 [ 382.217857][ T5852] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 382.267217][ T8708] ceph: No mds server is up or the cluster is laggy [ 382.420695][ T5960] libceph: connect (1)[c::]:6789 error -101 [ 382.451249][ T5960] libceph: mon0 (1)[c::]:6789 connect error [ 382.688515][ T8705] delete_channel: no stack [ 384.091582][ T5856] Bluetooth: hci3: command 0x0406 tx timeout [ 385.386546][ T8744] process 'syz.7.603' launched './file0' with NULL argv: empty string added [ 386.343084][ T9] usb 3-1: unable to get BOS descriptor or descriptor too short [ 386.921950][ T9] usb 3-1: unable to read config index 0 descriptor/start: -32 [ 387.025855][ T9] usb 3-1: chopping to 0 config(s) [ 387.041220][ T9] usb 3-1: can't read configurations, error -32 [ 387.291135][ T9] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 387.483994][ T9] usb 3-1: device descriptor read/64, error -32 [ 387.511035][ T8764] netlink: 28 bytes leftover after parsing attributes in process `syz.7.612'. [ 387.571134][ T8764] netlink: 8 bytes leftover after parsing attributes in process `syz.7.612'. [ 387.662646][ T9] usb usb3-port1: attempt power cycle [ 387.667016][ T30] kauditd_printk_skb: 52 callbacks suppressed [ 387.667056][ T30] audit: type=1326 audit(1752130840.666:298): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8767 comm="syz.5.614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f961738e929 code=0x7ffc0000 [ 388.435760][ T30] audit: type=1326 audit(1752130840.666:299): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8767 comm="syz.5.614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f961738e929 code=0x7ffc0000 [ 388.727704][ T30] audit: type=1326 audit(1752130841.236:300): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8767 comm="syz.5.614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f961738e929 code=0x7ffc0000 [ 389.063825][ T30] audit: type=1326 audit(1752130841.236:301): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8767 comm="syz.5.614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f961738e929 code=0x7ffc0000 [ 389.086864][ T30] audit: type=1326 audit(1752130841.246:302): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8767 comm="syz.5.614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f961738e929 code=0x7ffc0000 [ 389.109336][ T30] audit: type=1326 audit(1752130841.246:303): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8767 comm="syz.5.614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f961738e929 code=0x7ffc0000 [ 389.141034][ T30] audit: type=1326 audit(1752130841.246:304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8767 comm="syz.5.614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f96173858e7 code=0x7ffc0000 [ 390.090424][ T30] audit: type=1326 audit(1752130841.266:305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8767 comm="syz.5.614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f961732ab19 code=0x7ffc0000 [ 390.239588][ T30] audit: type=1326 audit(1752130841.266:306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8767 comm="syz.5.614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f96173858e7 code=0x7ffc0000 [ 390.334982][ T8788] netlink: 4 bytes leftover after parsing attributes in process `syz.2.618'. [ 390.394620][ T8782] netlink: 'syz.5.617': attribute type 4 has an invalid length. [ 390.407826][ T30] audit: type=1326 audit(1752130841.266:307): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8767 comm="syz.5.614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f961732ab19 code=0x7ffc0000 [ 391.541168][ T8796] netlink: 8 bytes leftover after parsing attributes in process `syz.2.618'. [ 395.001512][ T8820] netlink: 4 bytes leftover after parsing attributes in process `syz.0.628'. [ 395.240777][ C1] vcan0: j1939_tp_rxtimer: 0xffff88805368dc00: rx timeout, send abort [ 395.295215][ T5161] Bluetooth: hci6: unexpected event for opcode 0x2010 [ 395.868312][ T8831] loop4: detected capacity change from 0 to 1024 [ 395.946790][ T8831] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 396.305211][ T43] usb 8-1: new high-speed USB device number 4 using dummy_hcd [ 397.441091][ T43] usb 8-1: Using ep0 maxpacket: 16 [ 399.424571][ T8852] JFS: discard option not supported on device [ 399.436366][ T8852] Mount JFS Failure: -22 [ 399.441024][ T8852] jfs_mount failed w/return code = -22 [ 400.305475][ T5852] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 402.020622][ T8868] netlink: 28 bytes leftover after parsing attributes in process `syz.4.639'. [ 402.519100][ T8869] netlink: 80 bytes leftover after parsing attributes in process `syz.5.640'. [ 402.732144][ T43] usb 8-1: unable to get BOS descriptor or descriptor too short [ 402.896344][ T8853] delete_channel: no stack [ 403.121093][ T43] usb 8-1: unable to read config index 0 descriptor/start: -32 [ 403.128750][ T43] usb 8-1: chopping to 0 config(s) [ 403.137773][ T43] usb 8-1: can't read configurations, error -32 [ 403.208246][ T5960] libceph: connect (1)[c::]:6789 error -101 [ 403.231280][ T5960] libceph: mon0 (1)[c::]:6789 connect error [ 403.311120][ T43] usb 8-1: new high-speed USB device number 5 using dummy_hcd [ 403.504869][ T5919] libceph: connect (1)[c::]:6789 error -101 [ 403.511750][ T5919] libceph: mon0 (1)[c::]:6789 connect error [ 403.556184][ T43] usb 8-1: device descriptor read/64, error -32 [ 403.682880][ T43] usb usb8-port1: attempt power cycle [ 403.772451][ T8872] ceph: No mds server is up or the cluster is laggy [ 404.181020][ T43] usb 8-1: new high-speed USB device number 6 using dummy_hcd [ 405.931564][ T43] usb 8-1: device descriptor read/8, error -32 [ 406.821045][ T43] usb 8-1: new high-speed USB device number 7 using dummy_hcd [ 407.051577][ T43] usb 8-1: device not accepting address 7, error -71 [ 407.060419][ T43] usb usb8-port1: unable to enumerate USB device [ 409.095768][ T9] usb 8-1: new high-speed USB device number 8 using dummy_hcd [ 409.111885][ T24] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 409.112913][ T8915] netlink: 80 bytes leftover after parsing attributes in process `syz.6.657'. [ 409.457723][ T9] usb 8-1: Using ep0 maxpacket: 8 [ 409.468734][ T24] usb 5-1: unable to get BOS descriptor or descriptor too short [ 409.548460][ T24] usb 5-1: config 1 interface 1 has no altsetting 0 [ 409.550272][ T8917] netlink: 24 bytes leftover after parsing attributes in process `syz.5.658'. [ 409.572756][ T24] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 409.577536][ T9] usb 8-1: config index 0 descriptor too short (expected 301, got 45) [ 409.590173][ T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 409.599636][ T8917] netlink: 12 bytes leftover after parsing attributes in process `syz.5.658'. [ 409.625999][ T24] usb 5-1: Product: syz [ 409.630367][ T24] usb 5-1: Manufacturer: syz [ 409.644535][ T9] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 409.649377][ T24] usb 5-1: SerialNumber: syz [ 409.748923][ T9] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 409.771130][ T9] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 409.790491][ T9] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 409.810532][ T9] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 409.819713][ T9] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 409.978429][ T24] usb 5-1: found format II with max.bitrate = 2418, frame size=7 [ 409.987340][ T24] usb 5-1: 2:1: All rates were zero [ 409.999361][ T8923] netlink: 'syz.0.660': attribute type 1 has an invalid length. [ 410.015335][ T24] usb 5-1: USB disconnect, device number 7 [ 410.054140][ T9] usb 8-1: usb_control_msg returned -32 [ 410.059774][ T9] usbtmc 8-1:16.0: can't read capabilities [ 410.119621][ T8927] netlink: 28 bytes leftover after parsing attributes in process `syz.0.660'. [ 410.170868][ T8926] netdevsim netdevsim0 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0 [ 410.186817][ T8926] netdevsim netdevsim0 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0 [ 410.417870][ T8926] netdevsim netdevsim0 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0 [ 410.426898][ T8926] netdevsim netdevsim0 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0 [ 410.479249][ T8926] bond4: (slave geneve2): making interface the new active one [ 411.177541][ T24] libceph: connect (1)[c::]:6789 error -101 [ 411.191797][ T8935] ceph: No mds server is up or the cluster is laggy [ 411.192322][ T24] libceph: mon0 (1)[c::]:6789 connect error [ 411.200211][ T8926] bond4: (slave geneve2): Enslaving as an active interface with an up link [ 411.319709][ T8927] 8021q: adding VLAN 0 to HW filter on device bond4 [ 412.559270][ T8951] netlink: 4 bytes leftover after parsing attributes in process `syz.4.667'. [ 412.601589][ T5919] usb 8-1: USB disconnect, device number 8 [ 413.809044][ T8948] delete_channel: no stack [ 414.682236][ T8972] netlink: 24 bytes leftover after parsing attributes in process `syz.6.672'. [ 414.741058][ T8972] netlink: 12 bytes leftover after parsing attributes in process `syz.6.672'. [ 414.983827][ T8974] loop6: detected capacity change from 0 to 1024 [ 415.159761][ T8974] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 416.212224][ T8985] netlink: 80 bytes leftover after parsing attributes in process `syz.4.676'. [ 417.453868][ T8993] netlink: 24 bytes leftover after parsing attributes in process `syz.7.680'. [ 418.180488][ T9002] loop7: detected capacity change from 0 to 512 [ 418.692150][ T9002] ext4: Unknown parameter 'smackfshat' [ 418.949966][ T7258] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 418.959515][ T8993] Can't find ip_set type hash:net,por [ 419.141258][ T9012] netlink: 24 bytes leftover after parsing attributes in process `syz.2.686'. [ 419.184434][ T9012] netlink: 12 bytes leftover after parsing attributes in process `syz.2.686'. [ 421.629699][ T9043] netlink: 80 bytes leftover after parsing attributes in process `syz.7.693'. [ 422.019409][ T9049] loop2: detected capacity change from 0 to 1024 [ 422.215030][ T9049] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 423.277552][ T9064] netlink: 24 bytes leftover after parsing attributes in process `syz.4.702'. [ 423.351263][ T9064] netlink: 12 bytes leftover after parsing attributes in process `syz.4.702'. [ 423.360676][ T5841] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 424.153019][ T9080] netlink: 'syz.7.708': attribute type 1 has an invalid length. [ 424.240107][ T9085] netlink: 4 bytes leftover after parsing attributes in process `syz.0.709'. [ 424.345536][ T9080] 8021q: adding VLAN 0 to HW filter on device bond1 [ 424.435109][ T9085] netlink: 8 bytes leftover after parsing attributes in process `syz.0.709'. [ 424.564830][ T9086] bond1: (slave veth3): Enslaving as an active interface with a down link [ 424.942857][ T9085] workqueue: Failed to create a rescuer kthread for wq "bond5": -EINTR [ 426.857716][ T9105] loop5: detected capacity change from 0 to 1024 [ 427.035054][ T9105] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 428.316090][ T5991] usb 8-1: new high-speed USB device number 9 using dummy_hcd [ 428.565198][ T5991] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 428.631107][ T5991] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 428.664026][ T5991] usb 8-1: New USB device found, idVendor=056a, idProduct=00b4, bcdDevice= 0.00 [ 428.711626][ T5991] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 428.748030][ T5991] usb 8-1: config 0 descriptor?? [ 428.901229][ T5856] Bluetooth: hci0: unexpected event for opcode 0x2010 [ 429.708930][ T9136] x_tables: duplicate underflow at hook 1 [ 429.946855][ T5839] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 430.061139][ T5991] usbhid 8-1:0.0: can't add hid device: -71 [ 430.067560][ T5991] usbhid 8-1:0.0: probe with driver usbhid failed with error -71 [ 430.112165][ T5991] usb 8-1: USB disconnect, device number 9 [ 431.021526][ T5919] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 431.326317][ T5919] usb 5-1: Using ep0 maxpacket: 16 [ 434.261457][ T9171] netlink: 4 bytes leftover after parsing attributes in process `syz.7.734'. [ 434.613632][ T9173] netlink: 8 bytes leftover after parsing attributes in process `syz.7.734'. [ 435.336053][ T5856] Bluetooth: hci2: unexpected event for opcode 0x2010 [ 436.416905][ T5919] usb 5-1: unable to get BOS descriptor or descriptor too short [ 438.451967][ T5919] usb 5-1: unable to read config index 0 descriptor/start: -32 [ 438.459587][ T5919] usb 5-1: chopping to 0 config(s) [ 438.500751][ T5919] usb 5-1: can't read configurations, error -32 [ 438.584231][ T9202] x_tables: duplicate underflow at hook 1 [ 438.651172][ T5919] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 438.972078][ T5919] usb 5-1: device descriptor read/64, error -32 [ 439.086906][ T5919] usb usb5-port1: attempt power cycle [ 440.290410][ T1294] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.299308][ T1294] ieee802154 phy1 wpan1: encryption failed: -22 [ 442.021428][ T9231] netlink: 'syz.7.753': attribute type 1 has an invalid length. [ 442.234784][ T5856] Bluetooth: hci2: unexpected event for opcode 0x2010 [ 442.602310][ T9231] 8021q: adding VLAN 0 to HW filter on device bond3 [ 444.096207][ T9239] bond3: (slave veth5): Enslaving as an active interface with a down link [ 445.071183][ T5991] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 447.386105][ T9271] netlink: 28 bytes leftover after parsing attributes in process `syz.0.765'. [ 447.403213][ T9271] netlink: 8 bytes leftover after parsing attributes in process `syz.0.765'. [ 448.139182][ T9279] loop6: detected capacity change from 0 to 1024 [ 448.274104][ T9279] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 450.758659][ T7258] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 456.162382][ T9358] netlink: 12 bytes leftover after parsing attributes in process `syz.7.791'. [ 456.251675][ T9357] tipc: Started in network mode [ 456.256823][ T9357] tipc: Node identity feb995b37275, cluster identity 4711 [ 456.339892][ T9357] tipc: Enabled bearer , priority 0 [ 456.421822][ T9359] syzkaller0: entered promiscuous mode [ 456.427371][ T9359] syzkaller0: entered allmulticast mode [ 456.577292][ T9359] tipc: Resetting bearer [ 456.665095][ T9356] tipc: Resetting bearer [ 456.819294][ T9356] tipc: Disabling bearer [ 457.146996][ T9365] bridge0: port 2(bridge_slave_1) entered blocking state [ 457.154285][ T9365] bridge0: port 2(bridge_slave_1) entered listening state [ 457.163069][ T9365] bridge0: port 1(bridge_slave_0) entered blocking state [ 457.170330][ T9365] bridge0: port 1(bridge_slave_0) entered listening state [ 457.403654][ T9365] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 461.051919][ T9] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 461.082680][ T9403] netlink: 12 bytes leftover after parsing attributes in process `syz.5.804'. [ 461.255646][ T9] usb 7-1: unable to get BOS descriptor or descriptor too short [ 461.281975][ T9] usb 7-1: config 1 interface 1 has no altsetting 0 [ 461.312355][ T9] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 461.335542][ T9] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 461.347999][ T9] usb 7-1: Product: syz [ 461.355859][ T9] usb 7-1: Manufacturer: syz [ 461.366980][ T9] usb 7-1: SerialNumber: syz [ 461.795680][ T9] usb 7-1: found format II with max.bitrate = 2418, frame size=7 [ 461.803771][ T9] usb 7-1: 2:1: All rates were zero [ 461.906423][ T9] usb 7-1: USB disconnect, device number 3 [ 462.685537][ T9419] loop6: detected capacity change from 0 to 256 [ 464.293111][ T9426] loop6: detected capacity change from 0 to 40427 [ 464.495909][ T9426] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5 [ 464.803339][ T9432] netlink: 8 bytes leftover after parsing attributes in process `syz.6.810'. [ 464.852054][ T9432] syz.6.810: attempt to access beyond end of device [ 464.852054][ T9432] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 465.664243][ T7258] syz-executor: attempt to access beyond end of device [ 465.664243][ T7258] loop6: rw=2049, sector=45104, nr_sectors = 8 limit=40427 [ 465.730144][ T7258] CPU: 1 UID: 0 PID: 7258 Comm: syz-executor Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 465.730196][ T7258] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 465.730212][ T7258] Call Trace: [ 465.730222][ T7258] [ 465.730232][ T7258] dump_stack_lvl+0x189/0x250 [ 465.730277][ T7258] ? __pfx_dump_stack_lvl+0x10/0x10 [ 465.730306][ T7258] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 465.730345][ T7258] ? __pfx_queue_work_on+0x10/0x10 [ 465.730379][ T7258] ? srso_alias_return_thunk+0x5/0xfbef5 [ 465.730408][ T7258] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 465.730444][ T7258] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 465.730483][ T7258] ? srso_alias_return_thunk+0x5/0xfbef5 [ 465.730511][ T7258] ? f2fs_hw_is_readonly+0x39b/0x470 [ 465.730554][ T7258] f2fs_handle_critical_error+0x37c/0x540 [ 465.730599][ T7258] f2fs_write_end_io+0x495/0x810 [ 465.730623][ T7258] ? blkg_put+0x22/0x240 [ 465.730674][ T7258] __submit_merged_bio+0x27a/0x6a0 [ 465.730720][ T7258] __submit_merged_write_cond+0x255/0x530 [ 465.730765][ T7258] f2fs_write_data_pages+0x261d/0x3000 [ 465.730806][ T7258] ? srso_alias_return_thunk+0x5/0xfbef5 [ 465.730873][ T7258] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 465.730933][ T7258] ? arch_stack_walk+0xfc/0x150 [ 465.730996][ T7258] ? __mod_zone_page_state+0xd7/0x140 [ 465.731037][ T7258] ? srso_alias_return_thunk+0x5/0xfbef5 [ 465.731067][ T7258] ? folios_put_refs+0x560/0x640 [ 465.731117][ T7258] ? __pfx_folios_put_refs+0x10/0x10 [ 465.731155][ T7258] ? rcu_is_watching+0x15/0xb0 [ 465.731203][ T7258] ? srso_alias_return_thunk+0x5/0xfbef5 [ 465.731231][ T7258] ? __lock_acquire+0xab9/0xd20 [ 465.731278][ T7258] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 465.731321][ T7258] do_writepages+0x32e/0x550 [ 465.731355][ T7258] ? srso_alias_return_thunk+0x5/0xfbef5 [ 465.731389][ T7258] ? srso_alias_return_thunk+0x5/0xfbef5 [ 465.731417][ T7258] ? do_raw_spin_unlock+0x122/0x240 [ 465.731460][ T7258] filemap_fdatawrite+0x191/0x230 [ 465.731492][ T7258] ? __pfx_filemap_fdatawrite+0x10/0x10 [ 465.731571][ T7258] ? srso_alias_return_thunk+0x5/0xfbef5 [ 465.731606][ T7258] ? do_raw_spin_unlock+0x122/0x240 [ 465.731649][ T7258] f2fs_sync_dirty_inodes+0x31f/0x830 [ 465.731694][ T7258] f2fs_write_checkpoint+0x94a/0x1de0 [ 465.731747][ T7258] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 465.731829][ T7258] ? kill_f2fs_super+0x298/0x6c0 [ 465.731862][ T7258] kill_f2fs_super+0x2c3/0x6c0 [ 465.731896][ T7258] ? __pfx_kill_f2fs_super+0x10/0x10 [ 465.731919][ T7258] ? radix_tree_delete_item+0x2b6/0x400 [ 465.731968][ T7258] ? srso_alias_return_thunk+0x5/0xfbef5 [ 465.731996][ T7258] ? shrinker_free+0x2ce/0x3e0 [ 465.732039][ T7258] deactivate_locked_super+0xbc/0x130 [ 465.732068][ T7258] cleanup_mnt+0x425/0x4c0 [ 465.732092][ T7258] ? srso_alias_return_thunk+0x5/0xfbef5 [ 465.732120][ T7258] ? lockdep_hardirqs_on+0x9c/0x150 [ 465.732164][ T7258] task_work_run+0x1d4/0x260 [ 465.732214][ T7258] ? __pfx_task_work_run+0x10/0x10 [ 465.732251][ T7258] ? __x64_sys_umount+0x122/0x160 [ 465.732288][ T7258] ? exit_to_user_mode_loop+0x40/0x110 [ 465.732320][ T7258] exit_to_user_mode_loop+0xec/0x110 [ 465.732348][ T7258] do_syscall_64+0x2bd/0x3b0 [ 465.732371][ T7258] ? lockdep_hardirqs_on+0x9c/0x150 [ 465.732411][ T7258] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 465.732434][ T7258] ? srso_alias_return_thunk+0x5/0xfbef5 [ 465.732463][ T7258] ? exc_page_fault+0x9f/0xf0 [ 465.732504][ T7258] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 465.732529][ T7258] RIP: 0033:0x7fb0f178fc57 [ 465.732551][ T7258] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 465.732573][ T7258] RSP: 002b:00007ffc455a6678 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 465.732598][ T7258] RAX: 0000000000000000 RBX: 00007fb0f1810925 RCX: 00007fb0f178fc57 [ 465.732616][ T7258] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc455a6730 [ 465.732632][ T7258] RBP: 00007ffc455a6730 R08: 0000000000000000 R09: 0000000000000000 [ 465.732649][ T7258] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc455a77c0 [ 465.732666][ T7258] R13: 00007fb0f1810925 R14: 0000000000071a22 R15: 00007ffc455a7800 [ 465.732705][ T7258] [ 466.201101][ T7258] F2FS-fs (loop6): Stopped filesystem due to reason: 3 [ 470.183477][ T30] kauditd_printk_skb: 58 callbacks suppressed [ 470.183502][ T30] audit: type=1326 audit(1752130922.966:366): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9462 comm="syz.5.822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f961738e929 code=0x7ffc0000 [ 470.378856][ T30] audit: type=1326 audit(1752130923.276:367): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9462 comm="syz.5.822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f961738e929 code=0x7ffc0000 [ 471.640327][ T9485] loop4: detected capacity change from 0 to 1024 [ 472.144641][ T9485] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 472.288837][ T9485] EXT4-fs error (device loop4): __ext4_remount:6736: comm syz.4.828: Abort forced by user [ 472.404751][ T9485] EXT4-fs (loop4): Remounting filesystem read-only [ 472.445914][ T9485] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000. [ 472.653513][ C1] bridge0: port 1(bridge_slave_0) entered learning state [ 472.662544][ C1] bridge0: port 2(bridge_slave_1) entered learning state [ 472.905573][ T30] audit: type=1326 audit(1752130925.886:368): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9506 comm="syz.7.833" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f447058e929 code=0x7ffc0000 [ 472.949659][ T9507] loop7: detected capacity change from 0 to 128 [ 473.024904][ T30] audit: type=1326 audit(1752130925.886:369): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9506 comm="syz.7.833" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f447058e929 code=0x7ffc0000 [ 473.277530][ T30] audit: type=1326 audit(1752130925.886:370): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9506 comm="syz.7.833" exe="/root/syz-executor" sig=0 arch=c000003e syscall=250 compat=0 ip=0x7f447058e929 code=0x7ffc0000 [ 473.300715][ T30] audit: type=1326 audit(1752130925.886:371): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9506 comm="syz.7.833" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f447058e929 code=0x7ffc0000 [ 473.340843][ T5852] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 474.056314][ T30] audit: type=1326 audit(1752130925.886:372): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9506 comm="syz.7.833" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f447058e929 code=0x7ffc0000 [ 474.761356][ T30] audit: type=1326 audit(1752130925.886:373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9506 comm="syz.7.833" exe="/root/syz-executor" sig=0 arch=c000003e syscall=249 compat=0 ip=0x7f447058e929 code=0x7ffc0000 [ 475.049346][ T30] audit: type=1326 audit(1752130925.886:374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9506 comm="syz.7.833" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f447058e929 code=0x7ffc0000 [ 475.083372][ T30] audit: type=1326 audit(1752130925.896:375): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9506 comm="syz.7.833" exe="/root/syz-executor" sig=0 arch=c000003e syscall=431 compat=0 ip=0x7f447058e929 code=0x7ffc0000 [ 475.177372][ T9515] sctp: failed to load transform for md5: -2 [ 475.202140][ T30] audit: type=1326 audit(1752130925.896:376): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9506 comm="syz.7.833" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f447058e929 code=0x7ffc0000 [ 475.388611][ T30] audit: type=1326 audit(1752130925.896:377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9506 comm="syz.7.833" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f447058e929 code=0x7ffc0000 [ 475.557059][ T30] audit: type=1326 audit(1752130925.896:378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9506 comm="syz.7.833" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f447058e929 code=0x7ffc0000 [ 475.757318][ T9530] 9pnet: p9_errstr2errno: server reported unknown error 18446744073709 [ 475.801206][ T30] audit: type=1326 audit(1752130925.896:379): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9506 comm="syz.7.833" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f447058e929 code=0x7ffc0000 [ 475.892082][ T30] audit: type=1326 audit(1752130925.896:380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9506 comm="syz.7.833" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f447058e929 code=0x7ffc0000 [ 476.001375][ T30] audit: type=1326 audit(1752130925.906:381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9506 comm="syz.7.833" exe="/root/syz-executor" sig=0 arch=c000003e syscall=432 compat=0 ip=0x7f447058e929 code=0x7ffc0000 [ 476.123294][ T30] audit: type=1326 audit(1752130925.906:382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9506 comm="syz.7.833" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f447058e929 code=0x7ffc0000 [ 476.266354][ T30] audit: type=1326 audit(1752130925.906:383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9506 comm="syz.7.833" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f447058e929 code=0x7ffc0000 [ 476.359992][ T30] audit: type=1326 audit(1752130925.906:384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9506 comm="syz.7.833" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f447058e929 code=0x7ffc0000 [ 476.438781][ T30] audit: type=1326 audit(1752130925.906:385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9506 comm="syz.7.833" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f447058e929 code=0x7ffc0000 [ 478.064619][ T9561] loop6: detected capacity change from 0 to 128 [ 479.605512][ T9578] tipc: Started in network mode [ 479.610834][ T9578] tipc: Node identity 6a6bba8f0d61, cluster identity 4711 [ 479.697392][ T9578] tipc: Enabled bearer , priority 0 [ 480.371695][ T9579] syzkaller0: entered promiscuous mode [ 480.401035][ T9579] syzkaller0: entered allmulticast mode [ 480.465970][ T9578] tipc: Resetting bearer [ 480.536517][ T9577] tipc: Resetting bearer [ 480.661977][ T9577] tipc: Disabling bearer [ 483.322696][ T30] kauditd_printk_skb: 104 callbacks suppressed [ 483.322719][ T30] audit: type=1326 audit(1752130936.326:490): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9609 comm="syz.0.863" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2814d8e929 code=0x7ffc0000 [ 483.737667][ T30] audit: type=1326 audit(1752130936.356:491): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9609 comm="syz.0.863" exe="/root/syz-executor" sig=0 arch=c000003e syscall=250 compat=0 ip=0x7f2814d8e929 code=0x7ffc0000 [ 484.438871][ T30] audit: type=1326 audit(1752130936.366:492): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9609 comm="syz.0.863" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2814d8e929 code=0x7ffc0000 [ 484.461256][ T30] audit: type=1326 audit(1752130936.366:493): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9609 comm="syz.0.863" exe="/root/syz-executor" sig=0 arch=c000003e syscall=249 compat=0 ip=0x7f2814d8e929 code=0x7ffc0000 [ 484.593910][ T30] audit: type=1326 audit(1752130936.366:494): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9609 comm="syz.0.863" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2814d8e929 code=0x7ffc0000 [ 484.617193][ T30] audit: type=1326 audit(1752130936.366:495): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9609 comm="syz.0.863" exe="/root/syz-executor" sig=0 arch=c000003e syscall=431 compat=0 ip=0x7f2814d8e929 code=0x7ffc0000 [ 484.676728][ T30] audit: type=1326 audit(1752130936.366:496): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9609 comm="syz.0.863" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2814d8e929 code=0x7ffc0000 [ 484.780049][ T30] audit: type=1326 audit(1752130936.476:497): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9609 comm="syz.0.863" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f2814d8e929 code=0x7ffc0000 [ 484.924223][ T30] audit: type=1326 audit(1752130936.476:498): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9609 comm="syz.0.863" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2814d8e929 code=0x7ffc0000 [ 485.651026][ T30] audit: type=1326 audit(1752130936.486:499): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9609 comm="syz.0.863" exe="/root/syz-executor" sig=0 arch=c000003e syscall=432 compat=0 ip=0x7f2814d8e929 code=0x7ffc0000 [ 486.840665][ T9639] netlink: 4 bytes leftover after parsing attributes in process `syz.5.870'. [ 487.275523][ T9646] netlink: 8 bytes leftover after parsing attributes in process `syz.5.870'. [ 488.011012][ C1] bridge0: port 2(bridge_slave_1) entered forwarding state [ 488.018308][ C1] bridge0: topology change detected, propagating [ 488.026109][ C1] bridge0: port 1(bridge_slave_0) entered forwarding state [ 488.033340][ C1] bridge0: topology change detected, propagating [ 491.529163][ T9678] netlink: 8 bytes leftover after parsing attributes in process `syz.4.880'. [ 491.561491][ T9678] bridge0: port 2(bridge_slave_1) entered disabled state [ 491.570583][ T9678] bridge0: port 1(bridge_slave_0) entered disabled state [ 493.577926][ T43] libceph: connect (1)[c::]:6789 error -101 [ 493.605368][ T9692] ceph: No mds server is up or the cluster is laggy [ 493.621233][ T43] libceph: mon0 (1)[c::]:6789 connect error [ 495.341112][ T5161] Bluetooth: hci3: command 0x0406 tx timeout [ 496.183515][ T9712] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 496.536260][ T9722] netlink: 4 bytes leftover after parsing attributes in process `syz.5.893'. [ 496.767988][ T9728] netlink: 'syz.4.895': attribute type 1 has an invalid length. [ 496.785326][ T9730] netlink: 8 bytes leftover after parsing attributes in process `syz.5.893'. [ 497.097926][ T9728] 8021q: adding VLAN 0 to HW filter on device bond2 [ 497.275137][ T9733] bond2: (slave veth3): Enslaving as an active interface with a down link [ 497.299342][ T9736] loop2: detected capacity change from 0 to 512 [ 497.356479][ T9734] vlan2: entered allmulticast mode [ 497.361911][ T9736] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 497.371254][ T9734] veth1: entered allmulticast mode [ 497.410130][ T9736] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 497.432552][ T9736] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e000e118, mo2=0002] [ 497.441463][ T9736] System zones: 0-1, 15-15, 18-18, 34-34 [ 497.447740][ T9736] EXT4-fs (loop2): orphan cleanup on readonly fs [ 497.456318][ T9736] __quota_error: 39 callbacks suppressed [ 497.456340][ T9736] Quota error (device loop2): v2_read_header: Failed header read: expected=8 got=0 [ 497.471614][ T9736] EXT4-fs warning (device loop2): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 497.486751][ T9736] EXT4-fs (loop2): Cannot turn on quotas: error -22 [ 497.506599][ T9736] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.896: bg 0: block 40: padding at end of block bitmap is not set [ 497.540414][ T9736] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6548: Corrupt filesystem [ 497.572772][ T9736] EXT4-fs (loop2): 1 truncate cleaned up [ 497.612787][ T9736] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 498.513474][ T5841] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 500.907789][ T1294] ieee802154 phy0 wpan0: encryption failed: -22 [ 500.988828][ T1294] ieee802154 phy1 wpan1: encryption failed: -22 [ 503.527895][ T9775] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 507.044530][ T30] audit: type=1326 audit(1752130959.826:539): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9801 comm="syz.2.914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f912f18e929 code=0x7ffc0000 [ 507.510768][ T9804] loop2: detected capacity change from 0 to 128 [ 507.811266][ T30] audit: type=1326 audit(1752130959.826:540): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9801 comm="syz.2.914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f912f18e929 code=0x7ffc0000 [ 508.609797][ T30] audit: type=1326 audit(1752130959.826:541): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9801 comm="syz.2.914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=250 compat=0 ip=0x7f912f18e929 code=0x7ffc0000 [ 509.127481][ T30] audit: type=1326 audit(1752130959.836:542): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9801 comm="syz.2.914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f912f18e929 code=0x7ffc0000 [ 509.276232][ T30] audit: type=1326 audit(1752130959.836:543): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9801 comm="syz.2.914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=249 compat=0 ip=0x7f912f18e929 code=0x7ffc0000 [ 509.650002][ T30] audit: type=1326 audit(1752130959.836:544): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9801 comm="syz.2.914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f912f18e929 code=0x7ffc0000 [ 509.909194][ T30] audit: type=1326 audit(1752130959.946:545): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9801 comm="syz.2.914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=431 compat=0 ip=0x7f912f18e929 code=0x7ffc0000 [ 509.932279][ T30] audit: type=1326 audit(1752130959.946:546): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9801 comm="syz.2.914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f912f18e929 code=0x7ffc0000 [ 509.954737][ T30] audit: type=1326 audit(1752130959.946:547): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9801 comm="syz.2.914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f912f18e929 code=0x7ffc0000 [ 510.985852][ T9828] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 511.249635][ T30] audit: type=1326 audit(1752130959.946:548): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9801 comm="syz.2.914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f912f18e929 code=0x7ffc0000 [ 511.744811][ T9844] netlink: 4 bytes leftover after parsing attributes in process `syz.4.922'. [ 512.045756][ T9844] netlink: 8 bytes leftover after parsing attributes in process `syz.4.922'. [ 514.303365][ T9861] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 514.581079][ T30] kauditd_printk_skb: 48 callbacks suppressed [ 514.581101][ T30] audit: type=1326 audit(1752130967.566:597): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9866 comm="syz.0.931" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2814d8e929 code=0x7ffc0000 [ 515.554466][ T30] audit: type=1326 audit(1752130967.576:598): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9866 comm="syz.0.931" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2814d8e929 code=0x7ffc0000 [ 515.581220][ T30] audit: type=1326 audit(1752130967.576:599): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9866 comm="syz.0.931" exe="/root/syz-executor" sig=0 arch=c000003e syscall=250 compat=0 ip=0x7f2814d8e929 code=0x7ffc0000 [ 515.761312][ T30] audit: type=1326 audit(1752130967.576:600): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9866 comm="syz.0.931" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2814d8e929 code=0x7ffc0000 [ 515.831097][ T30] audit: type=1326 audit(1752130967.576:601): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9866 comm="syz.0.931" exe="/root/syz-executor" sig=0 arch=c000003e syscall=249 compat=0 ip=0x7f2814d8e929 code=0x7ffc0000 [ 515.906446][ T30] audit: type=1326 audit(1752130967.576:602): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9866 comm="syz.0.931" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2814d8e929 code=0x7ffc0000 [ 516.074525][ T30] audit: type=1326 audit(1752130967.576:603): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9866 comm="syz.0.931" exe="/root/syz-executor" sig=0 arch=c000003e syscall=431 compat=0 ip=0x7f2814d8e929 code=0x7ffc0000 [ 516.241114][ T30] audit: type=1326 audit(1752130967.576:604): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9866 comm="syz.0.931" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2814d8e929 code=0x7ffc0000 [ 516.427005][ T30] audit: type=1326 audit(1752130967.576:605): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9866 comm="syz.0.931" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f2814d8e929 code=0x7ffc0000 [ 516.562001][ T30] audit: type=1326 audit(1752130967.576:606): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9866 comm="syz.0.931" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2814d8e929 code=0x7ffc0000 [ 519.305584][ T9905] netlink: 28 bytes leftover after parsing attributes in process `syz.2.940'. [ 519.321178][ T9905] netlink: 8 bytes leftover after parsing attributes in process `syz.2.940'. [ 519.804505][ T30] kauditd_printk_skb: 39 callbacks suppressed [ 519.804528][ T30] audit: type=1326 audit(1752130972.806:646): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9911 comm="syz.5.944" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f961738e929 code=0x7ffc0000 [ 519.852832][ T9912] loop5: detected capacity change from 0 to 128 [ 519.919661][ T30] audit: type=1326 audit(1752130972.846:647): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9911 comm="syz.5.944" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f961738e929 code=0x7ffc0000 [ 520.027169][ T30] audit: type=1326 audit(1752130972.846:648): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9911 comm="syz.5.944" exe="/root/syz-executor" sig=0 arch=c000003e syscall=250 compat=0 ip=0x7f961738e929 code=0x7ffc0000 [ 520.109296][ T30] audit: type=1326 audit(1752130972.846:649): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9911 comm="syz.5.944" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f961738e929 code=0x7ffc0000 [ 521.006809][ T30] audit: type=1326 audit(1752130972.846:650): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9911 comm="syz.5.944" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f961738e929 code=0x7ffc0000 [ 521.196433][ T30] audit: type=1326 audit(1752130972.846:651): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9911 comm="syz.5.944" exe="/root/syz-executor" sig=0 arch=c000003e syscall=249 compat=0 ip=0x7f961738e929 code=0x7ffc0000 [ 521.255249][ T9922] loop5: detected capacity change from 0 to 1024 [ 521.316948][ T30] audit: type=1326 audit(1752130972.846:652): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9911 comm="syz.5.944" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f961738e929 code=0x7ffc0000 [ 521.444999][ T30] audit: type=1326 audit(1752130972.846:653): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9911 comm="syz.5.944" exe="/root/syz-executor" sig=0 arch=c000003e syscall=431 compat=0 ip=0x7f961738e929 code=0x7ffc0000 [ 521.604865][ T30] audit: type=1326 audit(1752130972.846:654): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9911 comm="syz.5.944" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f961738e929 code=0x7ffc0000 [ 521.682564][ T6044] hfsplus: b-tree write err: -5, ino 4 [ 522.080365][ T30] audit: type=1326 audit(1752130972.846:655): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9911 comm="syz.5.944" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f961738e929 code=0x7ffc0000 [ 524.160450][ T9947] netlink: 28 bytes leftover after parsing attributes in process `syz.5.956'. [ 524.300625][ T9947] netlink: 8 bytes leftover after parsing attributes in process `syz.5.956'. [ 525.349884][ T30] kauditd_printk_skb: 47 callbacks suppressed [ 525.349907][ T30] audit: type=1326 audit(1752130978.346:703): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9960 comm="syz.7.960" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f447058e929 code=0x7ffc0000 [ 525.402747][ T9961] loop7: detected capacity change from 0 to 128 [ 525.477728][ T30] audit: type=1326 audit(1752130978.346:704): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9960 comm="syz.7.960" exe="/root/syz-executor" sig=0 arch=c000003e syscall=250 compat=0 ip=0x7f447058e929 code=0x7ffc0000 [ 525.665053][ T30] audit: type=1326 audit(1752130978.346:705): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9960 comm="syz.7.960" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f447058e929 code=0x7ffc0000 [ 525.763234][ T30] audit: type=1326 audit(1752130978.346:706): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9960 comm="syz.7.960" exe="/root/syz-executor" sig=0 arch=c000003e syscall=249 compat=0 ip=0x7f447058e929 code=0x7ffc0000 [ 526.490506][ T30] audit: type=1326 audit(1752130978.356:707): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9960 comm="syz.7.960" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f447058e929 code=0x7ffc0000 [ 526.579912][ T30] audit: type=1326 audit(1752130978.356:708): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9960 comm="syz.7.960" exe="/root/syz-executor" sig=0 arch=c000003e syscall=431 compat=0 ip=0x7f447058e929 code=0x7ffc0000 [ 526.610128][ T30] audit: type=1326 audit(1752130978.356:709): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9960 comm="syz.7.960" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f447058e929 code=0x7ffc0000 [ 526.641045][ T30] audit: type=1326 audit(1752130978.356:710): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9960 comm="syz.7.960" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f447058e929 code=0x7ffc0000 [ 526.663757][ T30] audit: type=1326 audit(1752130978.356:711): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9960 comm="syz.7.960" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f447058e929 code=0x7ffc0000 [ 526.686722][ T30] audit: type=1326 audit(1752130978.366:712): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9960 comm="syz.7.960" exe="/root/syz-executor" sig=0 arch=c000003e syscall=432 compat=0 ip=0x7f447058e929 code=0x7ffc0000 [ 528.681816][ T9990] comedi comedi3: mpc624: I/O port conflict (0xffffffffffffffff,16) [ 528.773855][ T9993] netlink: 28 bytes leftover after parsing attributes in process `syz.6.970'. [ 528.790587][ T9993] netlink: 8 bytes leftover after parsing attributes in process `syz.6.970'. [ 529.918095][T10001] netlink: 'syz.4.973': attribute type 1 has an invalid length. [ 530.020184][T10001] 8021q: adding VLAN 0 to HW filter on device bond4 [ 530.681592][T10007] bond4: (slave veth5): Enslaving as an active interface with a down link [ 531.182653][T10018] netlink: 8 bytes leftover after parsing attributes in process `syz.7.977'. [ 543.792334][T10121] loop2: detected capacity change from 0 to 2048 [ 545.594056][T10121] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 545.692795][T10121] netlink: 'syz.2.1006': attribute type 4 has an invalid length. [ 546.914322][ T5841] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 548.339897][T10166] loop4: detected capacity change from 0 to 512 [ 548.340711][T10166] ext4: Unknown parameter 'smackfshat' [ 552.426529][T10198] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 552.929808][T10207] loop4: detected capacity change from 0 to 764 [ 554.963453][T10224] loop6: detected capacity change from 0 to 1024 [ 555.126295][T10224] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 555.308324][T10232] loop7: detected capacity change from 0 to 512 [ 555.338066][T10232] ext4: Unknown parameter 'smackfshat' [ 555.485706][T10224] EXT4-fs error (device loop6): __ext4_remount:6736: comm syz.6.1034: Abort forced by user [ 555.721061][T10224] EXT4-fs (loop6): Remounting filesystem read-only [ 555.792651][T10224] EXT4-fs (loop6): re-mounted 00000000-0000-0000-0000-000000000000. [ 556.201775][T10247] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1039'. [ 556.211085][T10247] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1039'. [ 556.284309][T10247] team0: entered promiscuous mode [ 556.342482][T10247] team_slave_0: entered promiscuous mode [ 556.373754][T10247] team_slave_1: entered promiscuous mode [ 556.586853][T10247] bond0: entered promiscuous mode [ 556.697952][T10247] bond_slave_0: entered promiscuous mode [ 556.923274][T10247] bond_slave_1: entered promiscuous mode [ 556.931921][T10247] 8021q: adding VLAN 0 to HW filter on device hsr1 [ 558.611066][ T10] usb 1-1: new full-speed USB device number 5 using dummy_hcd [ 558.637927][ T7258] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 558.773867][ T10] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 558.829702][ T10] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 559.051407][ T10] usb 1-1: New USB device found, idVendor=057e, idProduct=200e, bcdDevice= 0.00 [ 559.101437][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 559.167646][ T10] usb 1-1: config 0 descriptor?? [ 559.182998][ T6115] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 559.219236][ T10] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 559.413159][ T6115] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 559.596488][ T6115] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 559.895819][ T6115] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 560.312633][ T6115] bridge_slave_1: left allmulticast mode [ 560.336016][ T6115] bridge_slave_1: left promiscuous mode [ 560.355703][ T6115] bridge0: port 2(bridge_slave_1) entered disabled state [ 560.381500][ T6115] bridge_slave_0: left allmulticast mode [ 560.398582][ T6115] bridge_slave_0: left promiscuous mode [ 560.412564][ T6115] bridge0: port 1(bridge_slave_0) entered disabled state [ 560.546316][ T5971] usb 1-1: USB disconnect, device number 5 [ 560.631775][ T5832] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 560.805735][ T5832] usb 5-1: unable to get BOS descriptor or descriptor too short [ 560.862803][ T5832] usb 5-1: config 1 interface 1 has no altsetting 0 [ 560.873010][ T5832] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 560.893613][ T5832] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 560.921120][ T5832] usb 5-1: Product: syz [ 560.935687][ T5832] usb 5-1: Manufacturer: syz [ 560.941159][ T5832] usb 5-1: SerialNumber: syz [ 561.050089][ T5856] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 561.071335][ T5856] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 561.082981][ T5856] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 561.098505][ T5856] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 561.111171][ T5856] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 561.371200][ T5832] usb 5-1: found format II with max.bitrate = 2418, frame size=7 [ 561.391066][ T5832] usb 5-1: 2:1: All rates were zero [ 561.441844][ T5832] usb 5-1: USB disconnect, device number 11 [ 562.259411][ T1294] ieee802154 phy0 wpan0: encryption failed: -22 [ 562.266353][ T1294] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.027398][ T6115] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 563.098151][ T6115] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 563.162362][ T6115] bond0 (unregistering): Released all slaves [ 563.211361][ T5161] Bluetooth: hci4: command tx timeout [ 563.218063][T10325] x_tables: duplicate underflow at hook 1 [ 669.600928][ C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 669.607929][ C1] rcu: 0-...!: (2 ticks this GP) idle=be84/1/0x4000000000000000 softirq=52558/52559 fqs=0 [ 669.619063][ C1] rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P6115/1:b..l P5997/1:b..l [ 669.628146][ C1] rcu: (detected by 1, t=10502 jiffies, g=40529, q=86 ncpus=2) [ 669.635781][ C1] Sending NMI from CPU 1 to CPUs 0: [ 669.635816][ C0] NMI backtrace for cpu 0 [ 669.635834][ C0] CPU: 0 UID: 0 PID: 10337 Comm: syz.2.1069 Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 669.635861][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 669.635876][ C0] RIP: 0010:memset+0xf/0x20 [ 669.635904][ C0] Code: 44 88 1f e9 0e 14 a1 f5 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 49 89 f9 40 88 f0 48 89 d1 aa 4c 89 c8 e9 e2 13 a1 f5 90 90 90 90 90 90 90 90 90 90 90 90 [ 669.635924][ C0] RSP: 0018:ffffc90000007ce8 EFLAGS: 00000002 [ 669.635942][ C0] RAX: ffffffff8b6b1700 RBX: 1ffff110170c4f82 RCX: 0000000000000010 [ 669.635959][ C0] RDX: 0000000000000018 RSI: 0000000000000000 RDI: ffff88801faed348 [ 669.635973][ C0] RBP: 0000000000000000 R08: ffff88801faed357 R09: ffff88801faed340 [ 669.635989][ C0] R10: dffffc0000000000 R11: ffffed1003f5da6b R12: ffff88801faed340 [ 669.636006][ C0] R13: dffffc0000000000 R14: ffff8880b8627c10 R15: ffff88801faed340 [ 669.636026][ C0] FS: 00007f91300646c0(0000) GS:ffff888125c1b000(0000) knlGS:0000000000000000 [ 669.636046][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 669.636061][ C0] CR2: 00007f44707a4fe8 CR3: 0000000064755000 CR4: 0000000000350ef0 [ 669.636079][ C0] Call Trace: [ 669.636090][ C0] [ 669.636098][ C0] timerqueue_add+0x186/0x200 [ 669.636131][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 669.636163][ C0] __hrtimer_run_queues+0x656/0xc60 [ 669.636192][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 669.636232][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 669.636258][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 669.636285][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 669.636318][ C0] hrtimer_interrupt+0x45b/0xaa0 [ 669.636365][ C0] __sysvec_apic_timer_interrupt+0x10b/0x410 [ 669.636397][ C0] sysvec_apic_timer_interrupt+0xa1/0xc0 [ 669.636439][ C0] [ 669.636447][ C0] [ 669.636455][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 669.636479][ C0] RIP: 0010:_raw_spin_unlock_irqrestore+0xa8/0x110 [ 669.636518][ C0] Code: 74 05 e8 3b 1d 56 f6 48 c7 44 24 20 00 00 00 00 9c 8f 44 24 20 f6 44 24 21 02 75 4f f7 c3 00 02 00 00 74 01 fb bf 01 00 00 00 03 3e 1f f6 65 8b 05 ac ba 2e 07 85 c0 74 40 48 c7 04 24 0e 36 [ 669.636537][ C0] RSP: 0018:ffffc90004d7fb60 EFLAGS: 00000206 [ 669.636555][ C0] RAX: bb2516f06b45f400 RBX: 0000000000000216 RCX: bb2516f06b45f400 [ 669.636572][ C0] RDX: 0000000000000007 RSI: ffffffff8d998685 RDI: 0000000000000001 [ 669.636586][ C0] RBP: ffffc90004d7fbf0 R08: ffffffff8fa1eff7 R09: 1ffffffff1f43dfe [ 669.636603][ C0] R10: dffffc0000000000 R11: fffffbfff1f43dff R12: dffffc0000000000 [ 669.636620][ C0] R13: ffff8880b8627ac0 R14: ffff8880b8627ac0 R15: 1ffff920009aff6c [ 669.636651][ C0] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 669.636683][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 669.636718][ C0] clock_was_set+0x63b/0x7c0 [ 669.636751][ C0] ? __pfx_clock_was_set+0x10/0x10 [ 669.636772][ C0] ? do_settimeofday64+0x2d1/0x5e0 [ 669.636808][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 669.636834][ C0] ? timekeeping_update_from_shadow+0x2b1/0x350 [ 669.636871][ C0] do_settimeofday64+0x2ec/0x5e0 [ 669.636909][ C0] ? __pfx_do_settimeofday64+0x10/0x10 [ 669.636941][ C0] ? wacom_initialize_remotes+0x474/0x6a0 [ 669.636970][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 669.636995][ C0] ? security_settime64+0x76/0x290 [ 669.637031][ C0] ? srso_alias_return_thunk+0x5/0xfbef5 [ 669.637056][ C0] ? do_sys_settimeofday64+0x163/0x260 [ 669.637094][ C0] __x64_sys_clock_settime+0x22c/0x280 [ 669.637133][ C0] ? __pfx___x64_sys_clock_settime+0x10/0x10 [ 669.637169][ C0] ? rcu_is_watching+0x15/0xb0 [ 669.637200][ C0] ? do_syscall_64+0xbe/0x3b0 [ 669.637225][ C0] do_syscall_64+0xfa/0x3b0 [ 669.637248][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 669.637269][ C0] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 669.637296][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 669.637317][ C0] RIP: 0033:0x7f912f18e929 [ 669.637337][ C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 669.637355][ C0] RSP: 002b:00007f9130064038 EFLAGS: 00000246 ORIG_RAX: 00000000000000e3 [ 669.637376][ C0] RAX: ffffffffffffffda RBX: 00007f912f3b5fa0 RCX: 00007f912f18e929 [ 669.637393][ C0] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000000 [ 669.637406][ C0] RBP: 00007f912f210b39 R08: 0000000000000000 R09: 0000000000000000 [ 669.637421][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 669.637440][ C0] R13: 0000000000000000 R14: 00007f912f3b5fa0 R15: 00007ffeeec4ecf8 [ 669.637468][ C0] [ 669.637806][ C1] task:kworker/u8:9 state:R running task stack:22912 pid:5997 tgid:5997 ppid:2 task_flags:0x4208060 flags:0x00004000 [ 670.115348][ C1] Workqueue: bat_events batadv_nc_worker [ 670.121027][ C1] Call Trace: [ 670.124307][ C1] [ 670.127252][ C1] __schedule+0x16f5/0x4d00 [ 670.131794][ C1] ? ret_from_fork_asm+0x1a/0x30 [ 670.136774][ C1] ? __lock_acquire+0xab9/0xd20 [ 670.141648][ C1] ? preempt_schedule_irq+0xb5/0x150 [ 670.146966][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 670.152625][ C1] ? __pfx___schedule+0x10/0x10 [ 670.157508][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 670.163170][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 670.168836][ C1] ? do_raw_spin_unlock+0x122/0x240 [ 670.174097][ C1] ? preempt_schedule_irq+0xaa/0x150 [ 670.179446][ C1] preempt_schedule_irq+0xb5/0x150 [ 670.184591][ C1] ? __pfx_preempt_schedule_irq+0x10/0x10 [ 670.190358][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 670.196021][ C1] ? rcu_irq_exit_check_preempt+0xdf/0x210 [ 670.201859][ C1] irqentry_exit+0x6f/0x90 [ 670.206299][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 670.212306][ C1] RIP: 0010:lock_acquire+0x175/0x360 [ 670.217613][ C1] Code: 00 00 00 00 9c 8f 44 24 30 f7 44 24 30 00 02 00 00 0f 85 cd 00 00 00 f7 44 24 08 00 02 00 00 74 01 fb 65 48 8b 05 9b 20 02 11 <48> 3b 44 24 58 0f 85 f2 00 00 00 48 83 c4 60 5b 41 5c 41 5d 41 5e [ 670.237249][ C1] RSP: 0018:ffffc90003007980 EFLAGS: 00000206 [ 670.243337][ C1] RAX: 1e67e6eb2aea4800 RBX: 0000000000000000 RCX: 1e67e6eb2aea4800 [ 670.251374][ C1] RDX: 0000000000000000 RSI: ffffffff8db86104 RDI: ffffffff8be29dc0 [ 670.259375][ C1] RBP: ffffffff8b3cd5d2 R08: 0000000000000000 R09: ffffffff8b3cd5d2 [ 670.267445][ C1] R10: dffffc0000000000 R11: ffffffff8b3cd500 R12: 0000000000000002 [ 670.275441][ C1] R13: ffffffff8e13f160 R14: 0000000000000000 R15: 0000000000000246 [ 670.283427][ C1] ? batadv_nc_worker+0xd2/0x610 [ 670.288388][ C1] ? __pfx_batadv_nc_worker+0x10/0x10 [ 670.293774][ C1] ? batadv_nc_worker+0xd2/0x610 [ 670.298744][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 670.304389][ C1] ? batadv_nc_worker+0xd2/0x610 [ 670.309341][ C1] ? batadv_nc_worker+0xd2/0x610 [ 670.314292][ C1] batadv_nc_worker+0xef/0x610 [ 670.319256][ C1] ? batadv_nc_worker+0xd2/0x610 [ 670.324219][ C1] ? process_scheduled_works+0x9ef/0x17b0 [ 670.329956][ C1] process_scheduled_works+0xae1/0x17b0 [ 670.335581][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 670.341580][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 670.347240][ C1] worker_thread+0x8a0/0xda0 [ 670.351847][ C1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 670.358210][ C1] ? __kthread_parkme+0x7b/0x200 [ 670.363172][ C1] kthread+0x711/0x8a0 [ 670.367267][ C1] ? __pfx_worker_thread+0x10/0x10 [ 670.372391][ C1] ? __pfx_kthread+0x10/0x10 [ 670.376993][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 670.382644][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 670.387861][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 670.393502][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 670.398714][ C1] ? __pfx_kthread+0x10/0x10 [ 670.403322][ C1] ret_from_fork+0x3fc/0x770 [ 670.407932][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 670.413063][ C1] ? __switch_to_asm+0x39/0x70 [ 670.417844][ C1] ? __switch_to_asm+0x33/0x70 [ 670.422621][ C1] ? __pfx_kthread+0x10/0x10 [ 670.427241][ C1] ret_from_fork_asm+0x1a/0x30 [ 670.432039][ C1] [ 670.435059][ C1] task:kworker/u8:14 state:R running task stack:21160 pid:6115 tgid:6115 ppid:2 task_flags:0x4208060 flags:0x00004000 [ 670.448668][ C1] Workqueue: netns cleanup_net [ 670.453483][ C1] Call Trace: [ 670.456762][ C1] [ 670.459700][ C1] __schedule+0x16f5/0x4d00 [ 670.464238][ C1] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 670.470166][ C1] ? preempt_schedule_irq+0xb5/0x150 [ 670.475478][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 670.481121][ C1] ? __pfx___schedule+0x10/0x10 [ 670.486016][ C1] ? preempt_schedule_irq+0xaa/0x150 [ 670.491357][ C1] preempt_schedule_irq+0xb5/0x150 [ 670.496486][ C1] ? __pfx_preempt_schedule_irq+0x10/0x10 [ 670.502234][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 670.507872][ C1] ? rcu_irq_exit_check_preempt+0xdf/0x210 [ 670.513693][ C1] irqentry_exit+0x6f/0x90 [ 670.518128][ C1] asm_sysvec_reschedule_ipi+0x1a/0x20 [ 670.523591][ C1] RIP: 0010:memset+0xf/0x20 [ 670.528098][ C1] Code: 44 88 1f e9 0e 14 a1 f5 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 49 89 f9 40 88 f0 48 89 d1 aa 4c 89 c8 e9 e2 13 a1 f5 90 90 90 90 90 90 90 90 90 90 90 90 [ 670.547824][ C1] RSP: 0018:ffffc900044eec90 EFLAGS: 00000202 [ 670.554016][ C1] RAX: 1ffff9200089dd00 RBX: ffffc900044eeda0 RCX: 0000000000000001 [ 670.561990][ C1] RDX: 0000000000000010 RSI: 0000000000000000 RDI: ffffc900044eedc7 [ 670.569959][ C1] RBP: dffffc0000000000 R08: ffffc900044eedc7 R09: ffffc900044eedb8 [ 670.577931][ C1] R10: dffffc0000000000 R11: fffff5200089ddb9 R12: ffffc900044ef160 [ 670.585910][ C1] R13: ffffc900044eedb8 R14: ffffc900044eed68 R15: ffffc900044eedb0 [ 670.593928][ C1] unwind_next_frame+0xc98/0x2390 [ 670.598990][ C1] ? unwind_next_frame+0xa5/0x2390 [ 670.604118][ C1] ? kfree+0x18e/0x440 [ 670.608217][ C1] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 670.614412][ C1] arch_stack_walk+0x11c/0x150 [ 670.619215][ C1] ? addrconf_ifdown+0x152d/0x1880 [ 670.624366][ C1] stack_trace_save+0x9c/0xe0 [ 670.629084][ C1] ? __pfx_stack_trace_save+0x10/0x10 [ 670.634483][ C1] ? __schedule+0x1713/0x4d00 [ 670.639205][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 670.644862][ C1] ? __lock_acquire+0xab9/0xd20 [ 670.649758][ C1] kasan_save_track+0x3e/0x80 [ 670.654459][ C1] ? kasan_save_track+0x3e/0x80 [ 670.659327][ C1] ? kasan_save_free_info+0x46/0x50 [ 670.664551][ C1] ? __kasan_slab_free+0x62/0x70 [ 670.669505][ C1] ? kfree+0x18e/0x440 [ 670.673671][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 670.679329][ C1] kasan_save_free_info+0x46/0x50 [ 670.684380][ C1] __kasan_slab_free+0x62/0x70 [ 670.689170][ C1] ? addrconf_ifdown+0x152d/0x1880 [ 670.694304][ C1] kfree+0x18e/0x440 [ 670.698223][ C1] addrconf_ifdown+0x152d/0x1880 [ 670.703201][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 670.708874][ C1] ? tls_dev_event+0x717/0xec0 [ 670.713666][ C1] ? __pfx_addrconf_ifdown+0x10/0x10 [ 670.718994][ C1] addrconf_notify+0x1bc/0x1010 [ 670.723879][ C1] notifier_call_chain+0x1b6/0x3e0 [ 670.729025][ C1] unregister_netdevice_many_notify+0x15d8/0x2320 [ 670.735497][ C1] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 670.742290][ C1] ? call_rcu+0x73e/0x9c0 [ 670.746644][ C1] ? preempt_schedule+0xae/0xc0 [ 670.751529][ C1] ? preempt_schedule+0xae/0xc0 [ 670.756433][ C1] unregister_netdevice_queue+0x33c/0x380 [ 670.762300][ C1] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 670.768591][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 670.774253][ C1] _cfg80211_unregister_wdev+0x165/0x590 [ 670.779912][ C1] ieee80211_remove_interfaces+0x49a/0x6d0 [ 670.785739][ C1] ? __pfx_synchronize_rcu+0x10/0x10 [ 670.791059][ C1] ? __pfx_ieee80211_remove_interfaces+0x10/0x10 [ 670.797422][ C1] ? rcu_is_watching+0x15/0xb0 [ 670.802262][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 670.807928][ C1] ieee80211_unregister_hw+0x5d/0x2c0 [ 670.813346][ C1] mac80211_hwsim_del_radio+0x275/0x460 [ 670.818931][ C1] ? __pfx_mac80211_hwsim_del_radio+0x10/0x10 [ 670.825056][ C1] hwsim_exit_net+0x584/0x640 [ 670.829771][ C1] ? __pfx_hwsim_exit_net+0x10/0x10 [ 670.834991][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 670.840662][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 670.846337][ C1] ? __ip_vs_dev_cleanup_batch+0x238/0x260 [ 670.852176][ C1] ops_undo_list+0x49a/0x990 [ 670.856815][ C1] ? __pfx_ops_undo_list+0x10/0x10 [ 670.861978][ C1] cleanup_net+0x4c5/0x800 [ 670.866424][ C1] ? __pfx_cleanup_net+0x10/0x10 [ 670.871382][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 670.877045][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 670.882264][ C1] ? process_scheduled_works+0x9ef/0x17b0 [ 670.888000][ C1] ? process_scheduled_works+0x9ef/0x17b0 [ 670.893830][ C1] process_scheduled_works+0xae1/0x17b0 [ 670.899432][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 670.905441][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 670.911105][ C1] worker_thread+0x8a0/0xda0 [ 670.915728][ C1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 670.922117][ C1] ? __kthread_parkme+0x7b/0x200 [ 670.927090][ C1] kthread+0x711/0x8a0 [ 670.931195][ C1] ? __pfx_worker_thread+0x10/0x10 [ 670.936331][ C1] ? __pfx_kthread+0x10/0x10 [ 670.940945][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 670.946601][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 670.951853][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 670.957506][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 670.962731][ C1] ? __pfx_kthread+0x10/0x10 [ 670.967353][ C1] ret_from_fork+0x3fc/0x770 [ 670.971992][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 670.977143][ C1] ? __switch_to_asm+0x39/0x70 [ 670.981942][ C1] ? __switch_to_asm+0x33/0x70 [ 670.986733][ C1] ? __pfx_kthread+0x10/0x10 [ 670.991350][ C1] ret_from_fork_asm+0x1a/0x30 [ 670.996153][ C1] [ 670.999174][ C1] rcu: rcu_preempt kthread starved for 10502 jiffies! g40529 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1 [ 671.010396][ C1] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 671.020398][ C1] rcu: RCU grace-period kthread stack dump: [ 671.026339][ C1] task:rcu_preempt state:R running task stack:27128 pid:16 tgid:16 ppid:2 task_flags:0x208040 flags:0x00004000 [ 671.039884][ C1] Call Trace: [ 671.043168][ C1] [ 671.046108][ C1] __schedule+0x16f5/0x4d00 [ 671.050655][ C1] ? do_raw_spin_unlock+0x122/0x240 [ 671.055900][ C1] ? schedule+0x165/0x360 [ 671.060266][ C1] ? __lock_acquire+0xab9/0xd20 [ 671.065137][ C1] ? __pfx___schedule+0x10/0x10 [ 671.070076][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 671.075769][ C1] ? schedule+0x91/0x360 [ 671.080131][ C1] schedule+0x165/0x360 [ 671.084325][ C1] schedule_timeout+0x12b/0x270 [ 671.089199][ C1] ? __pfx_schedule_timeout+0x10/0x10 [ 671.094596][ C1] ? __pfx_process_timeout+0x10/0x10 [ 671.099937][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 671.105585][ C1] ? prepare_to_swait_event+0x341/0x380 [ 671.111163][ C1] rcu_gp_fqs_loop+0x301/0x1540 [ 671.116044][ C1] ? __pfx_rcu_gp_init+0x10/0x10 [ 671.121000][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 671.126261][ C1] ? __pfx_rcu_gp_fqs_loop+0x10/0x10 [ 671.131568][ C1] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 671.137506][ C1] ? finish_swait+0xcd/0x1f0 [ 671.142124][ C1] rcu_gp_kthread+0x99/0x390 [ 671.146738][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 671.151953][ C1] ? __kthread_parkme+0x7b/0x200 [ 671.156909][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 671.162555][ C1] ? __kthread_parkme+0x1a1/0x200 [ 671.167606][ C1] kthread+0x711/0x8a0 [ 671.171708][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 671.176921][ C1] ? __pfx_kthread+0x10/0x10 [ 671.181531][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 671.187187][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 671.192406][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 671.198070][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 671.203327][ C1] ? __pfx_kthread+0x10/0x10 [ 671.207948][ C1] ret_from_fork+0x3fc/0x770 [ 671.212561][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 671.217696][ C1] ? __switch_to_asm+0x39/0x70 [ 671.222503][ C1] ? __switch_to_asm+0x33/0x70 [ 671.227287][ C1] ? __pfx_kthread+0x10/0x10 [ 671.231905][ C1] ret_from_fork_asm+0x1a/0x30 [ 671.236710][ C1] [ 671.239732][ C1] rcu: Stack dump where RCU GP kthread last ran: [ 671.246068][ C1] CPU: 1 UID: 0 PID: 10340 Comm: syz.7.1068 Not tainted 6.16.0-rc5-syzkaller-00053-g8c2e52ebbe88 #0 PREEMPT(full) [ 671.258166][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 671.268236][ C1] RIP: 0010:smp_call_function_many_cond+0xf6e/0x12d0 [ 671.274942][ C1] Code: 89 ee 83 e6 01 31 ff e8 d0 78 0b 00 41 83 e5 01 49 bd 00 00 00 00 00 fc ff df 75 07 e8 7b 74 0b 00 eb 37 f3 90 43 0f b6 04 2c <84> c0 75 10 41 f7 07 01 00 00 00 74 1e e8 60 74 0b 00 eb e5 44 89 [ 671.294656][ C1] RSP: 0018:ffffc9000c0575e0 EFLAGS: 00000246 [ 671.300739][ C1] RAX: 0000000000000000 RBX: ffff8880b873b1c0 RCX: 0000000000080000 [ 671.308718][ C1] RDX: ffffc9000c0c9000 RSI: 000000000007ffff RDI: 0000000000080000 [ 671.316709][ C1] RBP: ffffc9000c057740 R08: ffffffff8fa1eff7 R09: 1ffffffff1f43dfe [ 671.324721][ C1] R10: dffffc0000000000 R11: fffffbfff1f43dff R12: 1ffff110170c8385 [ 671.332716][ C1] R13: dffffc0000000000 R14: 0000000000000000 R15: ffff8880b8641c28 [ 671.340700][ C1] FS: 00007f44714df6c0(0000) GS:ffff888125d1b000(0000) knlGS:0000000000000000 [ 671.349641][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 671.356248][ C1] CR2: 0000200000004ac0 CR3: 000000007b0a3000 CR4: 0000000000350ef0 [ 671.364265][ C1] Call Trace: [ 671.367561][ C1] [ 671.370525][ C1] ? __pfx_smp_call_function_many_cond+0x10/0x10 [ 671.376886][ C1] ? __pfx_text_poke_memcpy+0x10/0x10 [ 671.382293][ C1] ? __SCT__tp_func_sched_wakeup_new+0x8/0x8 [ 671.388305][ C1] ? __pfx___text_poke+0x10/0x10 [ 671.393276][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 671.398937][ C1] ? __pfx_do_sync_core+0x10/0x10 [ 671.404066][ C1] on_each_cpu_cond_mask+0x3f/0x80 [ 671.409228][ C1] smp_text_poke_batch_finish+0x5e0/0x1100 [ 671.415078][ C1] ? __pfx_smp_text_poke_batch_finish+0x10/0x10 [ 671.421351][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 671.427005][ C1] ? __mutex_lock+0x330/0xe80 [ 671.431697][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 671.437355][ C1] ? arch_static_call_transform+0x2d/0xc0 [ 671.443086][ C1] ? __SCT__tp_func_sched_wakeup_new+0x8/0x8 [ 671.449096][ C1] __static_call_transform+0x4eb/0x750 [ 671.454580][ C1] ? __SCT__tp_func_sched_wakeup_new+0x8/0x8 [ 671.460590][ C1] ? __pfx___static_call_transform+0x10/0x10 [ 671.466590][ C1] ? __SCT__tp_func_sched_wakeup_new+0x8/0x8 [ 671.472618][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 671.478264][ C1] ? __static_call_validate+0x148/0x240 [ 671.483823][ C1] ? __pfx___traceiter_sched_switch+0x10/0x10 [ 671.489935][ C1] ? __SCT__tp_func_sched_wakeup_new+0x8/0x8 [ 671.495948][ C1] arch_static_call_transform+0x98/0xc0 [ 671.501509][ C1] __static_call_update+0xe4/0x5d0 [ 671.506644][ C1] ? __pfx___traceiter_sched_switch+0x10/0x10 [ 671.512765][ C1] ? __SCT__tp_func_sched_wakeup_new+0x8/0x8 [ 671.518789][ C1] ? __pfx___static_call_update+0x10/0x10 [ 671.524543][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 671.530192][ C1] ? rcu_is_watching+0x15/0xb0 [ 671.534981][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 671.540628][ C1] ? tracepoint_add_func+0x568/0xa10 [ 671.545973][ C1] ? __pfx___traceiter_sched_switch+0x10/0x10 [ 671.552083][ C1] tracepoint_add_func+0x6f7/0xa10 [ 671.557232][ C1] ? __pfx___bpf_trace_sched_switch+0x10/0x10 [ 671.563321][ C1] tracepoint_probe_register_prio_may_exist+0x5f/0xa0 [ 671.570112][ C1] ? __pfx___bpf_trace_sched_switch+0x10/0x10 [ 671.576330][ C1] bpf_raw_tp_link_attach+0x4ff/0x6b0 [ 671.581740][ C1] ? __pfx_bpf_raw_tp_link_attach+0x10/0x10 [ 671.587667][ C1] ? __fget_files+0x2a/0x420 [ 671.592293][ C1] bpf_raw_tracepoint_open+0x19b/0x1f0 [ 671.597856][ C1] __sys_bpf+0x3cd/0x860 [ 671.602131][ C1] ? __pfx___sys_bpf+0x10/0x10 [ 671.606909][ C1] ? preempt_schedule_irq+0xde/0x150 [ 671.612254][ C1] ? srso_alias_return_thunk+0x5/0xfbef5 [ 671.617895][ C1] ? rcu_is_watching+0x15/0xb0 [ 671.622680][ C1] __x64_sys_bpf+0x7c/0x90 [ 671.627116][ C1] do_syscall_64+0xfa/0x3b0 [ 671.631630][ C1] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 671.637699][ C1] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 671.643340][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 671.649237][ C1] RIP: 0033:0x7f447058e929 [ 671.653654][ C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 671.673284][ C1] RSP: 002b:00007f44714df038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 671.681714][ C1] RAX: ffffffffffffffda RBX: 00007f44707b5fa0 RCX: 00007f447058e929 [ 671.689692][ C1] RDX: 0000000000000010 RSI: 0000200000000080 RDI: 0000000000000011 [ 671.697666][ C1] RBP: 00007f4470610b39 R08: 0000000000000000 R09: 0000000000000000 [ 671.705638][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 671.713618][ C1] R13: 0000000000000000 R14: 00007f44707b5fa0 R15: 00007ffd870b6718 [ 671.721622][ C1]