last executing test programs: 14.747162824s ago: executing program 0 (id=454): socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff) socket$key(0xf, 0x3, 0x2) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$BTRFS_IOC_SUBVOL_SETFLAGS(r0, 0x4008941a, 0x0) sendmsg$nl_xfrm(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="fc0000001900674c0000000000000000e0000001000000000000000000000000e000000200000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000400000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000044000500000000000000000000000000000000000000000033"], 0xfc}}, 0x0) bind$rds(0xffffffffffffffff, 0x0, 0x0) sendmsg$rds(0xffffffffffffffff, 0x0, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r3, &(0x7f00000002c0)={0xa, 0x4e24, 0x0, @rand_addr, 0x8000}, 0x1c) sendmmsg(r3, &(0x7f00000092c0), 0x4ff, 0xfdff) 12.677380461s ago: executing program 1 (id=456): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) ioctl$sock_bt_hci(0xffffffffffffffff, 0x0, &(0x7f0000000f80)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000940)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10) r4 = accept$alg(r3, 0x0, 0x0) sendmsg$alg(r4, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=[@assoc={0x18, 0x117, 0x4, 0xd4e5}, @op={0x18, 0x117, 0x3, 0x1}], 0x30}, 0x0) recvmmsg(r4, &(0x7f00000008c0)=[{{&(0x7f00000000c0)=@pptp={0x18, 0x2, {0x0, @initdev}}, 0x80, &(0x7f00000005c0)=[{&(0x7f00000001c0)=""/200, 0x6}, {&(0x7f0000000140)=""/9, 0xa}, {&(0x7f0000000300)=""/225, 0x2}, {&(0x7f0000000400)=""/41, 0xfeb2}, {&(0x7f0000000440)=""/123, 0x7b}, {&(0x7f00000004c0)=""/203, 0xcb}], 0x6, &(0x7f0000000640)=""/123, 0x7b, 0x2000000}}, {{&(0x7f00000006c0), 0x80, &(0x7f0000000840), 0x0, &(0x7f0000000880)=""/24, 0xffffffffffffffe0}}], 0x2, 0xcb, &(0x7f0000008000)={0x0, 0x989680}) 11.582597246s ago: executing program 1 (id=457): socket$inet_icmp_raw(0x2, 0x3, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0xe, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0xeb, 0x0, 0x0, 0x0, 0x153}, [@ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) r4 = fsopen(&(0x7f0000000080)='cgroup2\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) r5 = fsmount(r4, 0x0, 0x0) r6 = openat$cgroup_procs(r5, &(0x7f0000000040)='cgroup.threads\x00', 0x2, 0x0) sendfile(r4, r6, 0x0, 0x3) 11.22083915s ago: executing program 0 (id=458): prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$TOKEN_CREATE(0x24, &(0x7f0000000240)={0x0, r2}, 0x8) r3 = getpid() r4 = syz_pidfd_open(r3, 0x0) setns(r4, 0x24020000) r5 = syz_clone(0x16040000, 0x0, 0x0, 0x0, 0x0, 0x0) setuid(0xee00) r6 = syz_pidfd_open(r5, 0x0) setns(r6, 0x10000000) 9.791158633s ago: executing program 4 (id=464): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000009780)={0x2020}, 0x2020) r3 = socket(0x22, 0x2, 0x24) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) close(r3) syz_mount_image$romfs(&(0x7f0000000140), &(0x7f0000000180)='./file0\x00', 0x0, &(0x7f00000001c0), 0x1, 0x12d, &(0x7f0000000200)="$eJzs2r9Kw1AUBvCjCEIfwamQgHXIf62DuyA4+QSG9t704o23JIK0U/EFFIfrI7i6iW4+QmafQN/AKZI2sTZ316Hfb7kfOZeTZDnTcTKVBjx3iPZm92cfm5lKu/3ocMADHtPCCRF1q1CU5YNLhvOfelHOXOOC9VqfvUSfvnAhWWj2AAAAAAAAAAAAAAAAAAAAAABYE9ZnHTojrR65kCz4Vc0n04tYSpblzROb6h0d4lodVfejlX69LyJ7vr8j9PFNVfdX6nbTaXek1Ub7fd5VOvbyydQRaZywhF2GYdT3933/IPTmvbx2R/uu/iYqyuexuU9kPy33id59c5+IOotja0fo2+t29+X/IyAgIDShPT9ouB1Zb9X8cAdKDv9wfhgTDeCffAcAAP//NHw5bA==") 8.413468958s ago: executing program 1 (id=467): socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={0xffffffffffffffff, 0xfca804a0, 0x0, 0x8, &(0x7f00000002c0), &(0x7f0000000300)=""/8, 0x500, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r1, 0x0) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x30, r4, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x1c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @multicast1=0xac1414aa}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x3}]}]}, 0x30}}, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000740), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)={0x14, r6, 0x1, 0x70bd2c, 0x25dfdbff}, 0x14}}, 0x800) 8.366806342s ago: executing program 2 (id=468): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) ioctl$sock_bt_hci(0xffffffffffffffff, 0x0, &(0x7f0000000f80)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000940)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10) r4 = accept$alg(r3, 0x0, 0x0) sendmsg$alg(r4, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=[@assoc={0x18, 0x117, 0x4, 0xd4e5}, @op={0x18, 0x117, 0x3, 0x1}], 0x30}, 0x0) recvmmsg(r4, &(0x7f00000008c0)=[{{&(0x7f00000000c0)=@pptp={0x18, 0x2, {0x0, @initdev}}, 0x80, &(0x7f00000005c0)=[{&(0x7f00000001c0)=""/200, 0x6}, {&(0x7f0000000140)=""/9, 0xa}, {&(0x7f0000000300)=""/225, 0x2}, {&(0x7f0000000400)=""/41, 0xfeb2}, {&(0x7f0000000440)=""/123, 0x7b}, {&(0x7f00000004c0)=""/203, 0xcb}], 0x6, &(0x7f0000000640)=""/123, 0x7b, 0x2000000}}, {{&(0x7f00000006c0), 0x80, &(0x7f0000000840), 0x0, &(0x7f0000000880)=""/24, 0xffffffffffffffe0}}], 0x2, 0xcb, &(0x7f0000008000)={0x0, 0x989680}) 8.235713915s ago: executing program 0 (id=469): openat(0xffffffffffffff9c, &(0x7f0000000180)='.\x00', 0x0, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000300)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(0xffffffffffffffff, 0x3ba0, &(0x7f00000004c0)={0x48, 0x5, 0x0, 0x0, 0xffffffffffffffff, 0x1}) ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(0xffffffffffffffff, 0x3ba0, &(0x7f0000000540)={0x48, 0x7, r4, 0x0, 0x0, 0x0, 0x0, 0x1e4224, 0x1598cc}) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) mlock2(&(0x7f0000627000/0x3000)=nil, 0x3000, 0x0) r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0xd, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bf8100000000000007080000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018210000", @ANYRES32=r5, @ANYBLOB="0000000002000000b705000008000000850000005d00000095"], &(0x7f00000000c0)='syzkaller\x00', 0x4, 0x1002, &(0x7f0000000880)=""/4121, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x30, 0x0, 0x0, 0xfffffffffffffe65}, 0x23) 7.541530654s ago: executing program 1 (id=470): socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff) socket$key(0xf, 0x3, 0x2) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$BTRFS_IOC_SUBVOL_SETFLAGS(r0, 0x4008941a, 0x0) sendmsg$nl_xfrm(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="fc0000001900674c0000000000000000e0000001000000000000000000000000e000000200000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000400000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000044000500000000000000000000000000000000000000000033"], 0xfc}}, 0x0) bind$rds(0xffffffffffffffff, 0x0, 0x0) sendmsg$rds(0xffffffffffffffff, 0x0, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r3, &(0x7f00000002c0)={0xa, 0x4e24, 0x0, @rand_addr, 0x8000}, 0x1c) sendmmsg(r3, &(0x7f00000092c0), 0x4ff, 0xfdff) 7.356866531s ago: executing program 2 (id=471): pwritev(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, 0x0) socket(0x400000000010, 0x3, 0x0) r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) dup(r0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r2 = dup(r1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r2, 0x2000) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, 0x0, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x50, 0x0, 0x0) shmget(0x1, 0x4000, 0x200, &(0x7f0000ffb000/0x4000)=nil) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x9) 7.211259401s ago: executing program 0 (id=472): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$TOKEN_CREATE(0x24, &(0x7f0000000240), 0x8) r1 = getpid() r2 = syz_pidfd_open(r1, 0x0) setns(r2, 0x24020000) r3 = syz_clone(0x16040000, 0x0, 0x0, 0x0, 0x0, 0x0) setuid(0xee00) r4 = syz_pidfd_open(r3, 0x0) setns(r4, 0x10000000) 7.121542443s ago: executing program 4 (id=473): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="fc0000001900674c0000000000000000e0000001000000000000000000000000e000000200000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000400000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000044000500000000000000000000000000000000000000000033"], 0xfc}}, 0x0) bind$rds(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f00000002c0)={0xa, 0x4e24, 0x0, @rand_addr, 0x8000}, 0x1c) 6.635027055s ago: executing program 4 (id=475): r0 = syz_usb_connect$hid(0x0, 0x0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f0000000040), 0x0}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000080)="f78d9ca38fff", 0x6}], 0x1}], 0x1, 0x40845) recvmsg(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, 0x0}, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x89f1, 0x0) r5 = openat$binfmt_register(0xffffff9c, &(0x7f0000000040), 0x1, 0x0) write$binfmt_register(r5, &(0x7f0000000d00)={0x3a, 'syz1', 0x3a, 'M', 0x3a, 0x0, 0x3a, '\xfc\xec\xd1\xcb\x9a\x964\xf4\xa2\x89v\x12\x11\fG\\x00#\x00f\xe1>8\x94\x02O\x9b\xfc\xe8\xffTioP6\xfa\x9b#\xc4H\xbf\'\x18\x89\xd1^a\xf6\xccrS\x1d\xd7\xc3\xcb9\x02\x00\x00\x00+\xb5\x81\xbe\xc4\v\xe2?\xa8\xc4\x9f\xd84\xdd\x84\xf7\xe4H\xeb1a=1\xf7\x99\x9a042\x15\xeb\xe1\xa7\x05\x8f\xc4\xc3\xd3da\xef>#\xb92\x82\x06\xbb\x19\xf6\x92\x83\\AU\x17\xbaf\xc7\xb7h\xf8\xd2\"\xce\xc8UB\xe5\xf3\xaa\x05Y\xc0\xe1\xe3\\\xc4K\xc2\x97\xb2\x10\x03\x14m=\xd8z,\x8dSo\x99H\x87Y|)\x82`R\xe1\xe5I\xbf}\x06\xb3\aD\xff\x10\x91\xc8\xc0^f\xc7\xb8jN\x9a8\xab\xc6\x86\xab\xdbWyNd,\x97\xea\xb4(\x97x\x98#\xca\xf0N%X\x01.\xc4M\x9ajWT\xf2\xf7\xbb8\xb2\xcc<]\x06\b\xc4\xd5\xde\xf4\xb5\xdd\x7f\xf2\xf8S}q\xe7\xcdZ\xee\xe5\x9f\x19\x11S\x9fVzv\xf7\x04\xe8\xeb\x10z\xd7qy\x17r\x1bV\xb1\xd8\xdb\x061h\xc6\xfb\x84\b\x1a\xd6\x10\xdd\x95$$\xa1\x91=\xa67\xb6\xd8\x12\x88c\xa1\xbe[\xe4\xe0\xc7G\xca\xe3U\xde\xa9\xafU\x15\x93\xed},\xcaE\xba;\xc7yk\xaf8\xa4*Je\x13J\x88\x8bR2\xc0LV\xc1P\\\xe3\xec\x954\x8e>\xa4\xd80\x97\x963f\xdd\x8e\xc5\xdf\x9a.F\x06\x82\xcfg\xe8\xb6V\x92\x944K9F#\xdc\xf4\"', 0x3a, './file0'}, 0x2b0) 5.037491382s ago: executing program 3 (id=478): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r1 = getpid() r2 = syz_pidfd_open(r1, 0x0) setns(r2, 0x24020000) r3 = syz_clone(0x16040000, 0x0, 0x0, 0x0, 0x0, 0x0) setuid(0xee00) r4 = syz_pidfd_open(r3, 0x0) setns(r4, 0x10000000) 4.873200345s ago: executing program 3 (id=479): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x9, &(0x7f00000000c0)=0x7b, 0x4) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xb, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020700000000000002030207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000100850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='sched_switch\x00', r4}, 0x10) connect$inet6(0xffffffffffffffff, 0x0, 0x0) ioctl$vim2m_VIDIOC_ENUM_FMT(0xffffffffffffffff, 0xc0405602, &(0x7f0000000000)={0x26, 0x1, 0x1, "3a8e07000034b52ba75088c27891ca55e21f0000000000b2b679d200", 0x41414770}) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r5, &(0x7f0000000040)=ANY=[], 0x118) clock_gettime(0x0, &(0x7f0000000040)) mq_timedsend(r5, &(0x7f0000000480), 0x0, 0x3, &(0x7f0000000100)) 3.917189224s ago: executing program 3 (id=480): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000580)='contention_begin\x00', 0xffffffffffffffff, 0x0, 0x9}, 0x18) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)=[{0x0}], 0x1}, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x144}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000096c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newtaction={0x6c, 0x30, 0x1, 0x0, 0x0, {}, [{0x58, 0x1, [@m_vlan={0x54, 0x1, 0x0, 0x0, {{0x9}, {0x28, 0x2, 0x0, 0x1, [@TCA_VLAN_PUSH_VLAN_PROTOCOL={0x6, 0x4, 0x8100}, @TCA_VLAN_PARMS={0x1c, 0x2, {{0x0, 0x0, 0x0, 0xfffffffe}, 0x2}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x6c}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x3, 0x5}, {0xffff, 0xffff}, {0x0, 0xa}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x14, 0x2, [@TCA_FQ_FLOW_DEFAULT_RATE={0x8, 0x6, 0x40004}, @TCA_FQ_TIMER_SLACK={0x8, 0xd, 0x2b3}]}}]}, 0x40}}, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x3, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000140)={r0, 0x0, 0xd, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5b", 0x0, 0x2f, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) openat$tun(0xffffffffffffff9c, &(0x7f0000000580), 0x802, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58) sendmmsg(r1, &(0x7f0000000740)=[{{&(0x7f00000002c0)=@l2tp={0x2, 0x0, @broadcast, 0x4}, 0x80, &(0x7f0000000340)=[{&(0x7f00000006c0)="cc5c84001214dbd9e5943aa8a315357330c56529d6b619a78687eea13ea02981afbb0fab70e8c3ab037cd82bd48f4947702a177974e7eff5f2ccdec909645f69e3dea5153157374459f6a21ba8609552d9ada54e81b0f19b55b77cf382ad229baa9decce1ea639a300f1fa65b945a0e29d36cb8ed369e91698c0e9", 0x7b}, {&(0x7f00000007c0)="a960e57530b65741465247b839c49f83cc481ed3da8592b928d8e20971659d8e3ca392643af5fa7ae0e3455099a5f7b857afa34cbf9962bdc9db46a15e7dcf9412a2b98b6ae75ca1bd7eae82d94855e9ced28430f77527b7c0b999eab05883ce32fa9b99187b196d53939db62b2b37c0cd0dea2a1be6f97dbcd0937bb416c3fb74a9d08d9afa4c86a507485b0e681734eccbc5659567aa08b5b93be09bc2a6d6319acbd1aeb751f8e9b7ce9e2f", 0xad}, {&(0x7f0000001400)="9af390e2aadb61017e08249a2485ad46a590a90910858e1ceefc66db2ed8f32bf6be0e2f94e7e4db6454393a128402ed26580c7c5ebc85db639da17c927c23dbde640ab030889e8b61f26d270bc73b21c9ac8ba542e6b4ad2cd147059128ba038e4b9ebb20537f437b23b46ec790720e1fb74cef3c677e9978662a84cf2fcf73c73a5e763358496737af6284226bad34fb9083f87d853ab78c816cf32c90bd5c40ff6446214552d29745d34e0c4bfa623d00e5cbb393972371503122a0f44135db5654ace67cddb85a12df91fcf994fc680afe5d34268b23447589ef3f5383d152bf6dd104984297180f896ec8b1ba50952c5ab76e144f5636692d7cf17922c9b447ed6d59553ec6085e07413034875c1ae0947280e1a6f0d5e7f23b32e56ead8590d3269fdcb624cc870968b2f100bf3bc3d2ab105a5f61456d4969181fbd207b6f4d6d9ca0a1920daabec06d0c5e276d18f2571e88373dd41af9080d72aa88b10f8900b48acb61a61007dd4dd0e9240af5382a26f68bd706a83d8df76a4a5d02b39d07f97c4f86dad9e14eb957cc4be52b027a462262589929e3d035188dd9f0561e3ba2de6bafe743d9ae397e9aa423644fba8b2d6425ac1cd78c76e52e04d3a29e74075625fb5e674bab02843991ce804e0d04961f2978f3749c5ad83f355ae5da936fd6e0178d2bd12aacbe0205aa9a15579fd61d738f8d36412e814ba500edaf28ea68b0e96fb1839acf8416d8f5df7fad3b663f68e2ee5784fd01c7021130a490e629b1348acf3479e0392ecabbeeb18ec421c26e76f6f5c480e7decc85a0583a56180f199d26090b10ee5057ec4c1e04be948a5960acda014d646cf91bfdfb9d327f8ab545f8b41e8dbab94f195b189a8642a6b95e0ceb36b640fbdfe21925cc110bd2ef2c3fe24f12f95771b60e2ffbc47e58b2237b5574cadc32aab0f0db3202e4adc44a0651ef97703957857cfb6022578c97802f486bd7f48129f0c120700d0b70e048618a9f1de9f34dbb1f92dadc86f09e6288eb1bdbd1f700cc2df781654dfd57d9da779607080d3bc6dede5818aa8d6c99fa1ffdbb6a1a43040fe1379cf2a8b4b862db428c29e388a6e6b863bc818c2139a0d4238f10baf22f498b6629181f997ac280547e92fe300d0f8dd8b6724df5aa14be73cd630b808a29bfb52707b8db7d0065bd753b3773f8df58c74ea56f4582caa2fa8532b8049fd9ba775afc5b92b767ed0b35d4c086d9af6f7b7ed96f5f9d3734e703fc683fe0ed82b7763c67734067759e27b60036a3b4c53526716c175d75a9fa6ed019d3e1047bcb9c6510665de23cc2802804a0c3a347faba392282df430e5e6141f9eb660f7cb0eaedb832a7880c953bc0188c1f28eb466799e2768886ef81096847f50159278b572b0cca7744d6a572a81ddd2bcea73da3c8a59680bcaaadaf95e1fe91e41a8036835975b072a9587c560e3da854c96c64011755d08fef5228bb2db62a445bc0b9e17dea88854cd6a7c8a288727d5690fc4941978dee5eda2dbdc85915e7a2fdae978adb217b3f6b31cf69b51b9f805f8b447a4868b442933fc0e03860a7084230ff8fdff70665717f9c0bade31f87f5de99643e800feceb0dfdd6d1b67d4056a52f0efa2ed2b1142132c6242d917b46d939aade6a362bf586058385d7fcef1b4e358a093d6781b9e9bf280520ff083a6026bf701237e38927ed21209dbf407a7944ef687b93619b181b9112477fa902f391a7163f93bec2d6369ffba644f4fd5139890fb66bd6017a61d9fd043154eb0ab0de3046cdb8a182a553cece0701a922518cf09cd1ab421ee8ec677a8d453cd8c21bdaa5f8dd804dfe80fffec8c4d778d5e260b65a2f0d3c1b09e9d6bd1f3746aa7fe07374a028a89fc96eb66affbcddfaa01a72058566e33af88e37f43fbba73c0423d54079fad54c136ec5fcd61d5134f833ab44f6cfbc2348871f190ac4c4bc20c97fcb29f4823a8e3bf76f85b10dfd33df0001646a7e0b2ee3e14455f6c8f225b80eed457e772cb2504ded46a24e911428decff4a130be797b6530c33ec1be7b0dd4df6206ec227e6e9050c1efa1a1c4c8dfda776336bcb876d80043195de773fbcf0d3abe53e9a38da0af7a6598815a71ffc937203f5a04e87eb532e579d66d42b06b791b6ebd50e7855f6645d29434bb0280fdf1511b163b12838f39ca864516711501bbe345d46b34ab2f0d8317d45376f73e302a90f5c362b18e1840668a9f27e90f2b715b4b6ae7a6dc387583110a42fd4977635275f7244a1912d0c67cf53d5da8a384839020d71db234fcc4388a735275763f01b2b4967e99f551e489bcc28f693a1e688ac8c39a971f8ae9d973cc7adac4a642a7a84ecca2d0bd24c300b94dff82fa4f95c1ce5fdb9128466443cb8442048e53cd46334d59774de0e2ceefcd4cd2e6c9da7cdc2162346111f7da236d72f33d509d73133951e1a3f84fa7e767cf56fc9bfb3986c5ec501634b92a780f63e0ee61e3d25f51c39b975ea587027a101059e9386f1eaaaab8ebfd5c453e9f86c851f9c78e4e06184f04fa9a54ba0bba5d18108c2973f50cb626eca6e3d5b2907b00d2ad4fff9546482815291bd220fa31c1d1a735562174644fe06131e31ce66064fa6a02d5bda756994f81163b97e854274183bbc4ddeb9bb823944afc3e07caf510732df2835fd11de82cb318b88f4d385adb57ac73ffe7f3d1e387848766e11000c94123f2a7d33a93d3b030ebb1206f26221a1ceef44a708693796ab80add7d9b6907c653c6becc21d49c380b3fea419276a387ad482fc3614fa7cac6ea9d07dffc85c1d3f01f57aa9816f32e3237b05d191c3f3d2ed31c313346176d18dc53307afc3aea306a5b44189b6fce062cd21319f1c0a5cf3bc84aaff275491d5fa26d12173e134bdb776478c27502dd4786cc079b6eb00d05f1c8c27a2e326ef11ad1866529b60e6a9e9ae776f01071e364a4604dfe79fbdfc9828628e50940398cc6b925ea8806ee3bbd22129c5d37551eb5e1ef613b027aebce0a83963888396f3e7c953e5416b522fd3a0660fefaea0fc97ca7d82191e2e8f23ca2aa56e8b9de2e1d3e093b8c3f4d7e700b7193b3d83c5b6bb1e7ff2a1c574c9d15ad79631573e41d46653601c510ec7cd0d6125c8e600ebb41247988c28305ac47eead817fecf4460c2221a399134d1d11363401090691a7bf1f58f27a09311d6591cef3d879570667e9e10eebf7df32ec9417f0132be9f1485b167b58b0bf88e31fb2d3957fa05a4d3f191c1d1caa189fc0c11c04287ceaee39a147aced6e3e9c2fe8f51a9823401ad4bf92b0fd4070aae1fe886b8c160a0d2a1507259e58c5608654f05f444877bf9ec215933d6f0a89a3f6199a23c535d8cf9541f2eb970261b12325884fe64330f67a8b07748522c58e5096a04afc67f08b4b0b3da2c9e010b8f079fabdbd187b3d1f69b9f8110e0ec3a488aa8b8563745f7e9fdc1faeaf542858f417d3a75d416e8f55c46cd962d9ac96ce8b56f7a0e22350d2b9e8a537780edddd519fd43baec4834aa6abb0b8c4007dfbb9dac74bf3802108966bf7d5a2999d16110ad0d2cab1c72c2d0ddce14e5043ee62fe9b722355dd2b7e728a589da59ef46dae95f1b89c22d5487a855bc1ee5f9d1427f643e2fa8748e07e6b51e365ab5e23e32401acc229c09f56868532ca611fa678b13f7f580392aee230878817f9da", 0xa4b}], 0x3}}, {{0x0, 0x0, &(0x7f0000000600)=[{0x0}, {&(0x7f0000000f80)="90b9f79fecb3ad0dc00ca95fb148a3ba4355cee5ce27d2c10d8474464a37dea0c1ab2a961404f5aa5493cdadb4b6bf4131e96c0aef0f89065db2aa551c68ce3fa911638fd608ff9e30cce409b6e516e59c272cdbbb88c83dc61199d70f8f7e05d9639d278d53151a6720a51979ffd78dcc1a000929160435bd61e3f36c78b9bd5baef79be54e537dfc26029f52cfd5b4dd3416fc140fce45c077ab5ee206763130ccdaedd3bff9b7a20b6b02e558fd", 0xaf}, {&(0x7f0000000880)}], 0x3}}], 0x2, 0x11) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r2 = accept4(r1, 0x0, 0x0, 0x800) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000540)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 3.851547299s ago: executing program 0 (id=481): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) ioctl$sock_bt_hci(0xffffffffffffffff, 0x0, &(0x7f0000000f80)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000940)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10) r4 = accept$alg(r3, 0x0, 0x0) write$binfmt_script(r4, &(0x7f0000000600), 0xfec8) recvmmsg(r4, &(0x7f00000008c0)=[{{&(0x7f00000000c0)=@pptp={0x18, 0x2, {0x0, @initdev}}, 0x80, &(0x7f00000005c0)=[{&(0x7f00000001c0)=""/200, 0x6}, {&(0x7f0000000140)=""/9, 0xa}, {&(0x7f0000000300)=""/225, 0x2}, {&(0x7f0000000400)=""/41, 0xfeb2}, {&(0x7f0000000440)=""/123, 0x7b}, {&(0x7f00000004c0)=""/203, 0xcb}], 0x6, &(0x7f0000000640)=""/123, 0x7b, 0x2000000}}, {{&(0x7f00000006c0), 0x80, &(0x7f0000000840), 0x0, &(0x7f0000000880)=""/24, 0xffffffffffffffe0}}], 0x2, 0xcb, &(0x7f0000008000)={0x0, 0x989680}) 2.945535635s ago: executing program 3 (id=482): openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) openat$vimc0(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) syz_emit_ethernet(0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x1000000000002) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000dc0)={0x0, 0x3, 0x1000002, 0x0, 0xff, "d4e9002b2c000000ff00"}) r2 = fsopen(&(0x7f0000000000)='jfs\x00', 0x1) fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f00000000c0)='resize', 0x0, 0x0) r3 = dup(0xffffffffffffffff) ioctl$TIOCSETD(r3, 0x5423, &(0x7f00000000c0)=0x3) dup3(r1, r3, 0x0) mbind(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0xc003, 0x0, 0x6, 0x7) dup3(0xffffffffffffffff, r1, 0x0) ioctl$TCFLSH(r1, 0x540b, 0x1) 2.825467578s ago: executing program 0 (id=483): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000009780)={0x2020}, 0x2020) r3 = socket(0x22, 0x2, 0x24) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) close(r3) syz_mount_image$romfs(&(0x7f0000000140), &(0x7f0000000180)='./file0\x00', 0x0, &(0x7f00000001c0), 0x1, 0x12d, &(0x7f0000000200)="$eJzs2r9Kw1AUBvCjCEIfwamQgHXIf62DuyA4+QSG9t704o23JIK0U/EFFIfrI7i6iW4+QmafQN/AKZI2sTZ316Hfb7kfOZeTZDnTcTKVBjx3iPZm92cfm5lKu/3ocMADHtPCCRF1q1CU5YNLhvOfelHOXOOC9VqfvUSfvnAhWWj2AAAAAAAAAAAAAAAAAAAAAABYE9ZnHTojrR65kCz4Vc0n04tYSpblzROb6h0d4lodVfejlX69LyJ7vr8j9PFNVfdX6nbTaXek1Ub7fd5VOvbyydQRaZywhF2GYdT3933/IPTmvbx2R/uu/iYqyuexuU9kPy33id59c5+IOotja0fo2+t29+X/IyAgIDShPT9ouB1Zb9X8cAdKDv9wfhgTDeCffAcAAP//NHw5bA==") 2.669443752s ago: executing program 4 (id=484): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{0xffffffffffffffff, 0xffffffffffffffff}, 0x0, &(0x7f0000000300)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0xe, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0xeb}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) mount(0x0, 0x0, 0x0, 0x1000, 0x0) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000100)={'vlan0\x00', 0x400}) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETRULE(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000700)={0x2c, 0x7, 0xa, 0x201, 0x0, 0x0, {0x2, 0x0, 0x6}, [@NFTA_RULE_EXPRESSIONS={0x4}, @NFTA_RULE_POSITION={0xc, 0x6, 0x1, 0x0, 0x2}, @NFTA_RULE_POSITION_ID={0x8, 0xa, 0x1, 0x0, 0x2}]}, 0x2c}, 0x1, 0x0, 0x0, 0x200008e6}, 0x40) 2.205617333s ago: executing program 2 (id=485): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="fc0000001900674c0000000000000000e0000001000000000000000000000000e000000200000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000400000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000044000500000000000000000000000000000000000000000033"], 0xfc}}, 0x0) bind$rds(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f00000002c0)={0xa, 0x4e24, 0x0, @rand_addr, 0x8000}, 0x1c) 1.945273299s ago: executing program 1 (id=486): syz_mount_image$vfat(&(0x7f0000000240), &(0x7f0000000180)='./bus\x00', 0x200000, &(0x7f0000000140)=ANY=[], 0xfb, 0x2b0, &(0x7f0000000540)="$eJzs3E1rE10UwPHTtOlLSpssHh5QEA+60c3Qxk8QpAUxoNRGtAvh1k40ZExKJkYiYrtz6+coLt0J1i9QEHfuxU0RBDddSEc6L3Zaom1j22mb/w/C3My9Z+6dyUw4MzB3/d7rJ9Wya5VNU1LDKimRZdkQyW2VQn3hMuWXByVuWa6O/vh84c79uZuFYnFqRnW6MHstr6rjF98/e/Hm0ofm6N234++GZC33YP17/sva/2vn1jdno63Xm2p0vl5vmnnH1oWKW7VUbzu2cW2t1Fy7saO+7NQXF9tqagtjmcWG7bpqam2t2m1t1rXZaKt5ZCo1tSxLxzLSa/oPHFFamZkxhSMZDJIw0mllo1Ew/R0rSyvHMSgAAHCydJv/z30M1nWb/z+uuFpxtbZX/p+SA+X/ffKH/H/4+A7pKeLn/5sdk0acDemtG4CCyYTX707k/wAAAAAAAAAAAAAAAAAAAAAAnAYbnpf1PC8bLaPPUPjOTPQ96XHiaHTx+/clOFwcstiLe8MizqtWqVUKlkF9oSwVccSWibTIT/98CAXl6RvFqQn15WTVWQrj/ZcEh6L4SK5z/GQQr7H4pVYpLZl4/3nJyn+d4/O74tMi0ioNypXLsXhLsvLpodTFkQX/vN6Ofzmpev1WcVf/I347AAAAAADOAkt/y+28/w1mk7QsjaYN2VUfrFyW6PmAZPd4PqCyOijb8QNyfiC5/QYAAAAAoJe47edV4zh2g8LBCr146KxwFuW/NvY8b2mr0b93mhKRhPb0m4icgAMeK6QP44L9+jTYyH4aJ/WPBAAAAOCobCf9SY8EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDetd/Jw6L23cw9FuuuP5m9BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAE6GXwEAAP//2MgYNQ==") openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x260140, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) umount2(&(0x7f00000001c0)='./file0\x00', 0x2) r4 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r4, 0x0, 0x4040) 1.408761236s ago: executing program 3 (id=487): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, 0x0, 0x0, 0x2, 0x0) bpf$TOKEN_CREATE(0x24, &(0x7f0000000240)={0x0, r2}, 0x8) r3 = getpid() syz_pidfd_open(r3, 0x0) 899.166911ms ago: executing program 2 (id=488): r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) fchdir(r1) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x9) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000000)={[{@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@metacopy_on}]}) 853.456005ms ago: executing program 4 (id=489): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r1 = getpid() r2 = syz_pidfd_open(r1, 0x0) setns(r2, 0x24020000) r3 = syz_clone(0x16040000, 0x0, 0x0, 0x0, 0x0, 0x0) setuid(0xee00) r4 = syz_pidfd_open(r3, 0x0) setns(r4, 0x10000000) 707.534687ms ago: executing program 1 (id=490): syz_io_uring_setup(0x23b, &(0x7f0000000380)={0x0, 0xce0d, 0x10100, 0x3, 0x371}, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0a00000004000000dd0000000a"], 0x50) socket$can_bcm(0x1d, 0x2, 0x2) socket$inet6_tcp(0xa, 0x1, 0x0) socket$nl_rdma(0x10, 0x3, 0x14) eventfd2(0x8, 0x80001) epoll_create(0xa) socket$kcm(0xa, 0x2, 0x73) socket$key(0xf, 0x3, 0x2) socket$inet(0x2, 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) socket$nl_route(0x10, 0x3, 0x0) open(&(0x7f0000000280)='.\x00', 0x0, 0x0) creat(&(0x7f0000000300)='./bus\x00', 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000009a40)={&(0x7f0000000400)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000010000040900010073797a30000000002c000000030a01080000000000000000010000000900030073797a32000000000900010073797a300000000050000000060a010400000000000000000100000008000b40000000000900010073797a30000000002800048024000180090001006d6574610000000014000280080001400000001208000240000000", @ANYRES16=r0], 0xc4}}, 0x0) 360.820543ms ago: executing program 2 (id=491): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$TOKEN_CREATE(0x24, &(0x7f0000000240), 0x8) r1 = getpid() r2 = syz_pidfd_open(r1, 0x0) setns(r2, 0x24020000) r3 = syz_clone(0x16040000, 0x0, 0x0, 0x0, 0x0, 0x0) setuid(0xee00) r4 = syz_pidfd_open(r3, 0x0) setns(r4, 0x10000000) 35.356987ms ago: executing program 3 (id=492): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet6(0xa, 0x3, 0x3c) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a3200000000140000001100"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) syz_open_dev$video4linux(0x0, 0x0, 0x0) r4 = socket$inet6(0x10, 0x3, 0x0) sendmsg(r4, 0x0, 0x0) write(r4, &(0x7f0000000040)="2400000021002551241c0165ff00fc020200000003100f000ee1000c08000b00000000", 0x23) syz_pidfd_open(r0, 0x0) connect$inet6(r3, &(0x7f0000000040)={0xa, 0x4000, 0x0, @mcast2, 0x5}, 0x1c) writev(r3, &(0x7f00000000c0)=[{&(0x7f0000000100)=',', 0xffdf}], 0x1) 34.631561ms ago: executing program 4 (id=493): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000300)=0x8) socket$nl_generic(0x10, 0x3, 0x10) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x2d) prctl$PR_TASK_PERF_EVENTS_ENABLE(0x20) socket$nl_route(0x10, 0x3, 0x0) setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2e, 0x0, 0x0) setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2e, &(0x7f0000000480)={0x5, {{0x2, 0x0, @multicast1}}, {{0x2, 0x0, @multicast2}}}, 0x108) fsopen(&(0x7f0000000740)='cgroup2\x00', 0x1) 0s ago: executing program 2 (id=494): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) ioctl$sock_bt_hci(0xffffffffffffffff, 0x0, &(0x7f0000000f80)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000940)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10) r4 = accept$alg(r3, 0x0, 0x0) write$binfmt_script(r4, &(0x7f0000000600), 0xfec8) recvmmsg(r4, &(0x7f00000008c0)=[{{&(0x7f00000000c0)=@pptp={0x18, 0x2, {0x0, @initdev}}, 0x80, &(0x7f00000005c0)=[{&(0x7f00000001c0)=""/200, 0x6}, {&(0x7f0000000140)=""/9, 0xa}, {&(0x7f0000000300)=""/225, 0x2}, {&(0x7f0000000400)=""/41, 0xfeb2}, {&(0x7f0000000440)=""/123, 0x7b}, {&(0x7f00000004c0)=""/203, 0xcb}], 0x6, &(0x7f0000000640)=""/123, 0x7b, 0x2000000}}, {{&(0x7f00000006c0), 0x80, &(0x7f0000000840), 0x0, &(0x7f0000000880)=""/24, 0xffffffffffffffe0}}], 0x2, 0xcb, &(0x7f0000008000)={0x0, 0x989680}) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.25' (ED25519) to the list of known hosts. [ 74.050383][ T5811] cgroup: Unknown subsys name 'net' [ 74.171270][ T5811] cgroup: Unknown subsys name 'cpuset' [ 74.180115][ T5811] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 75.654482][ T5811] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 79.306352][ T5833] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 79.315557][ T5833] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 79.319363][ T5839] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 79.324812][ T5833] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 79.334435][ T5839] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 79.350837][ T5833] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 79.352200][ T5839] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 79.361588][ T5833] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 79.370747][ T5839] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 79.376114][ T5833] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 79.384542][ T5839] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 79.395899][ T5833] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 79.402652][ T5839] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 79.410071][ T5833] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 79.426339][ T5833] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 79.434818][ T5842] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 79.436005][ T5833] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 79.451137][ T5833] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 79.459161][ T5841] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 79.467659][ T5842] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 79.477023][ T5841] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 79.489288][ T5841] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 79.499859][ T5841] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 79.509307][ T5841] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 79.516489][ T5144] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 80.204062][ T5824] chnl_net:caif_netlink_parms(): no params data found [ 80.247537][ T5821] chnl_net:caif_netlink_parms(): no params data found [ 80.271202][ T5823] chnl_net:caif_netlink_parms(): no params data found [ 80.358994][ T5822] chnl_net:caif_netlink_parms(): no params data found [ 80.574258][ T5824] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.581668][ T5824] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.591414][ T5824] bridge_slave_0: entered allmulticast mode [ 80.599192][ T5824] bridge_slave_0: entered promiscuous mode [ 80.612648][ T5835] chnl_net:caif_netlink_parms(): no params data found [ 80.651658][ T5824] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.659517][ T5824] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.667058][ T5824] bridge_slave_1: entered allmulticast mode [ 80.674698][ T5824] bridge_slave_1: entered promiscuous mode [ 80.710201][ T5823] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.717568][ T5823] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.725203][ T5823] bridge_slave_0: entered allmulticast mode [ 80.732924][ T5823] bridge_slave_0: entered promiscuous mode [ 80.783977][ T5823] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.791651][ T5823] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.799983][ T5823] bridge_slave_1: entered allmulticast mode [ 80.807641][ T5823] bridge_slave_1: entered promiscuous mode [ 80.815812][ T5822] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.823158][ T5822] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.830605][ T5822] bridge_slave_0: entered allmulticast mode [ 80.837802][ T5822] bridge_slave_0: entered promiscuous mode [ 80.856312][ T5821] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.863655][ T5821] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.871394][ T5821] bridge_slave_0: entered allmulticast mode [ 80.878965][ T5821] bridge_slave_0: entered promiscuous mode [ 80.916149][ T5822] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.924080][ T5822] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.931332][ T5822] bridge_slave_1: entered allmulticast mode [ 80.939074][ T5822] bridge_slave_1: entered promiscuous mode [ 80.949568][ T5824] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 80.958931][ T5821] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.966106][ T5821] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.974274][ T5821] bridge_slave_1: entered allmulticast mode [ 80.981501][ T5821] bridge_slave_1: entered promiscuous mode [ 81.009379][ T5823] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 81.034211][ T5824] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 81.085077][ T5823] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 81.170053][ T5822] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 81.182603][ T5824] team0: Port device team_slave_0 added [ 81.191970][ T5821] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 81.201558][ T5835] bridge0: port 1(bridge_slave_0) entered blocking state [ 81.209620][ T5835] bridge0: port 1(bridge_slave_0) entered disabled state [ 81.216927][ T5835] bridge_slave_0: entered allmulticast mode [ 81.224303][ T5835] bridge_slave_0: entered promiscuous mode [ 81.234040][ T5823] team0: Port device team_slave_0 added [ 81.242351][ T5822] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 81.253461][ T5824] team0: Port device team_slave_1 added [ 81.261217][ T5821] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 81.270658][ T5835] bridge0: port 2(bridge_slave_1) entered blocking state [ 81.278057][ T5835] bridge0: port 2(bridge_slave_1) entered disabled state [ 81.285237][ T5835] bridge_slave_1: entered allmulticast mode [ 81.292772][ T5835] bridge_slave_1: entered promiscuous mode [ 81.301513][ T5823] team0: Port device team_slave_1 added [ 81.418910][ T5837] Bluetooth: hci0: command tx timeout [ 81.440739][ T5822] team0: Port device team_slave_0 added [ 81.447640][ T5823] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 81.455173][ T5823] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 81.481505][ T5823] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 81.494789][ T5824] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 81.498406][ T5837] Bluetooth: hci2: command tx timeout [ 81.501980][ T5824] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 81.533500][ T5824] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 81.547190][ T5821] team0: Port device team_slave_0 added [ 81.555890][ T5835] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 81.567197][ T5822] team0: Port device team_slave_1 added [ 81.573909][ T5823] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 81.578161][ T5837] Bluetooth: hci4: command tx timeout [ 81.581256][ T5841] Bluetooth: hci3: command tx timeout [ 81.586684][ T5837] Bluetooth: hci1: command tx timeout [ 81.594289][ T5823] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 81.625799][ T5823] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 81.637795][ T5824] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 81.644745][ T5824] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 81.671757][ T5824] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 81.684996][ T5821] team0: Port device team_slave_1 added [ 81.693039][ T5835] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 81.846205][ T5822] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 81.853713][ T5822] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 81.880206][ T5822] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 81.897115][ T5824] hsr_slave_0: entered promiscuous mode [ 81.904177][ T5824] hsr_slave_1: entered promiscuous mode [ 81.916671][ T5823] hsr_slave_0: entered promiscuous mode [ 81.923571][ T5823] hsr_slave_1: entered promiscuous mode [ 81.929882][ T5823] debugfs: 'hsr0' already exists in 'hsr' [ 81.935679][ T5823] Cannot create hsr debugfs directory [ 81.942262][ T5821] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 81.949705][ T5821] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 81.975988][ T5821] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 81.990105][ T5835] team0: Port device team_slave_0 added [ 81.996684][ T5822] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 82.003796][ T5822] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 82.029797][ T5822] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 82.068397][ T5821] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 82.075381][ T5821] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 82.101850][ T5821] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 82.115152][ T5835] team0: Port device team_slave_1 added [ 82.191574][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 82.198872][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 82.225179][ T5835] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 82.281957][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 82.289155][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 82.316503][ T5835] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 82.333644][ T5822] hsr_slave_0: entered promiscuous mode [ 82.340179][ T5822] hsr_slave_1: entered promiscuous mode [ 82.346274][ T5822] debugfs: 'hsr0' already exists in 'hsr' [ 82.352199][ T5822] Cannot create hsr debugfs directory [ 82.466100][ T5821] hsr_slave_0: entered promiscuous mode [ 82.474556][ T5821] hsr_slave_1: entered promiscuous mode [ 82.480986][ T5821] debugfs: 'hsr0' already exists in 'hsr' [ 82.486727][ T5821] Cannot create hsr debugfs directory [ 82.600154][ T5835] hsr_slave_0: entered promiscuous mode [ 82.606771][ T5835] hsr_slave_1: entered promiscuous mode [ 82.613372][ T5835] debugfs: 'hsr0' already exists in 'hsr' [ 82.619178][ T5835] Cannot create hsr debugfs directory [ 83.028180][ T5823] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 83.055260][ T5823] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 83.065879][ T5823] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 83.084425][ T5823] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 83.147967][ T5824] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 83.160394][ T5824] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 83.172855][ T5824] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 83.189000][ T5824] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 83.283683][ T5822] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 83.294344][ T5822] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 83.310512][ T5822] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 83.323835][ T5822] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 83.452318][ T5821] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 83.463114][ T5821] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 83.492804][ T5821] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 83.500126][ T5837] Bluetooth: hci0: command tx timeout [ 83.535429][ T5821] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 83.567073][ T5823] 8021q: adding VLAN 0 to HW filter on device bond0 [ 83.580336][ T5837] Bluetooth: hci2: command tx timeout [ 83.638450][ T5835] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 83.649536][ T5835] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 83.657878][ T5837] Bluetooth: hci1: command tx timeout [ 83.657922][ T5144] Bluetooth: hci4: command tx timeout [ 83.668141][ T5841] Bluetooth: hci3: command tx timeout [ 83.682839][ T5835] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 83.696129][ T5835] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 83.713647][ T5823] 8021q: adding VLAN 0 to HW filter on device team0 [ 83.734428][ T5824] 8021q: adding VLAN 0 to HW filter on device bond0 [ 83.761202][ T5822] 8021q: adding VLAN 0 to HW filter on device bond0 [ 83.792654][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.799925][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.810247][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.817345][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.867664][ T5822] 8021q: adding VLAN 0 to HW filter on device team0 [ 83.898375][ T5824] 8021q: adding VLAN 0 to HW filter on device team0 [ 83.909625][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.916773][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.939108][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.946399][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.983801][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.991033][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 84.021274][ T79] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.028487][ T79] bridge0: port 2(bridge_slave_1) entered forwarding state [ 84.236323][ T5835] 8021q: adding VLAN 0 to HW filter on device bond0 [ 84.310717][ T5821] 8021q: adding VLAN 0 to HW filter on device bond0 [ 84.370575][ T5835] 8021q: adding VLAN 0 to HW filter on device team0 [ 84.471498][ T42] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.478718][ T42] bridge0: port 1(bridge_slave_0) entered forwarding state [ 84.502074][ T42] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.509315][ T42] bridge0: port 2(bridge_slave_1) entered forwarding state [ 84.553551][ T5821] 8021q: adding VLAN 0 to HW filter on device team0 [ 84.603400][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.610800][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 84.659186][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.666438][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 84.687589][ T5824] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.715967][ T5822] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.742599][ T5823] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.905538][ T5822] veth0_vlan: entered promiscuous mode [ 84.951293][ T5824] veth0_vlan: entered promiscuous mode [ 84.987648][ T5822] veth1_vlan: entered promiscuous mode [ 85.031004][ T5824] veth1_vlan: entered promiscuous mode [ 85.121245][ T5822] veth0_macvtap: entered promiscuous mode [ 85.167305][ T5822] veth1_macvtap: entered promiscuous mode [ 85.201165][ T5824] veth0_macvtap: entered promiscuous mode [ 85.240044][ T5824] veth1_macvtap: entered promiscuous mode [ 85.272497][ T5822] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 85.313910][ T5822] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 85.351853][ T12] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.379988][ T12] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.388992][ T12] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.398478][ T12] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.414668][ T5824] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 85.451114][ T5824] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 85.484130][ T36] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.501275][ T42] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.510755][ T42] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.522526][ T42] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.537565][ T5835] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 85.555163][ T5821] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 85.579165][ T5841] Bluetooth: hci0: command tx timeout [ 85.659073][ T5841] Bluetooth: hci2: command tx timeout [ 85.675473][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.695101][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.724449][ T5821] veth0_vlan: entered promiscuous mode [ 85.739031][ T5841] Bluetooth: hci4: command tx timeout [ 85.739329][ T5144] Bluetooth: hci3: command tx timeout [ 85.744468][ T5841] Bluetooth: hci1: command tx timeout [ 85.794234][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.803122][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.816773][ T5823] veth0_vlan: entered promiscuous mode [ 85.836817][ T5821] veth1_vlan: entered promiscuous mode [ 85.865294][ T5835] veth0_vlan: entered promiscuous mode [ 85.904157][ T5823] veth1_vlan: entered promiscuous mode [ 85.927483][ T5822] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 85.957336][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.972973][ T5835] veth1_vlan: entered promiscuous mode [ 85.981723][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.083992][ T5821] veth0_macvtap: entered promiscuous mode [ 86.131400][ T79] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.131770][ T5821] veth1_macvtap: entered promiscuous mode [ 86.147661][ T79] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.195181][ T5823] veth0_macvtap: entered promiscuous mode [ 86.992988][ T5823] veth1_macvtap: entered promiscuous mode [ 87.070333][ T5835] veth0_macvtap: entered promiscuous mode [ 87.131274][ T5835] veth1_macvtap: entered promiscuous mode [ 87.177604][ T5821] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 87.246182][ T5821] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 87.287097][ T5823] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 87.574862][ T5823] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 88.307669][ T5841] Bluetooth: hci0: command tx timeout [ 88.313590][ T5841] Bluetooth: hci2: command tx timeout [ 88.337828][ T5837] Bluetooth: hci3: command tx timeout [ 88.343911][ T5837] Bluetooth: hci4: command tx timeout [ 88.349596][ T5837] Bluetooth: hci1: command tx timeout [ 88.459040][ T5958] loop1: detected capacity change from 0 to 2048 [ 88.580545][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 88.741853][ T5958] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 89.157158][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 89.223196][ T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.277859][ T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.286619][ T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 89.506047][ T5965] loop2: detected capacity change from 0 to 4096 [ 89.977326][ T5965] ntfs3(loop2): ino=1, mi_enum_attr [ 89.984171][ T5965] ntfs3(loop2): Mark volume as dirty due to NTFS errors [ 90.006551][ T5965] ntfs3(loop2): Failed to load $MFTMirr (-22). [ 90.449862][ T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.465523][ T12] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.478037][ T12] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.563937][ T2983] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.622041][ T2983] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.645912][ T2983] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.895709][ T2983] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.915585][ T2983] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.950662][ T36] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.594803][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.619353][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.693767][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.704482][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.931699][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.948691][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.179628][ T24] cfg80211: failed to load regulatory.db [ 92.897399][ T42] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.986942][ T5992] ======================================================= [ 92.986942][ T5992] WARNING: The mand mount option has been deprecated and [ 92.986942][ T5992] and is ignored by this kernel. Remove the mand [ 92.986942][ T5992] option from the mount to silence this warning. [ 92.986942][ T5992] ======================================================= [ 93.738713][ T5992] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 93.814620][ T42] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.074604][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.088222][ T3441] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.097006][ T3441] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.171278][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 94.180701][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 94.221489][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.478363][ T0] NOHZ tick-stop error: local softirq work is pending, handler #1c0!!! [ 94.716810][ T0] NOHZ tick-stop error: local softirq work is pending, handler #8a!!! [ 94.887971][ T0] NOHZ tick-stop error: local softirq work is pending, handler #142!!! [ 95.298115][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 95.681449][ T36] Bluetooth: hci5: Frame reassembly failed (-84) [ 95.742227][ T6003] Bluetooth: received HCILL_WAKE_UP_IND in state 2 [ 95.818640][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 95.892332][ T6006] Invalid ELF header magic: != ELF [ 96.058411][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 96.219165][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 96.507924][ T6006] bridge1: entered promiscuous mode [ 96.515795][ T6006] bridge1: entered allmulticast mode [ 96.524741][ T6010] x_tables: duplicate underflow at hook 1 [ 96.538700][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 97.046111][ T30] audit: type=1326 audit(1762869116.510:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6011 comm="syz.3.17" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff1b4f8f6c9 code=0x7ffc0000 [ 97.095480][ T6013] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(4) [ 97.102127][ T6013] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 97.110752][ T30] audit: type=1326 audit(1762869116.510:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6011 comm="syz.3.17" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff1b4f8f6c9 code=0x7ffc0000 [ 97.183718][ T6013] vhci_hcd vhci_hcd.0: Device attached [ 97.218145][ T30] audit: type=1326 audit(1762869116.560:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6011 comm="syz.3.17" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff1b4f8f6c9 code=0x7ffc0000 [ 97.248770][ T6016] vhci_hcd vhci_hcd.0: pdev(3) rhport(1) sockfd(7) [ 97.255383][ T6016] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 97.271862][ T6016] vhci_hcd vhci_hcd.0: Device attached [ 97.329190][ T6021] vhci_hcd vhci_hcd.0: pdev(3) rhport(2) sockfd(10) [ 97.335929][ T6021] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 97.378428][ T5826] vhci_hcd vhci_hcd.3: vhci_device speed not set [ 97.573285][ T6021] vhci_hcd vhci_hcd.0: Device attached [ 97.737944][ T5144] Bluetooth: hci5: command 0x1003 tx timeout [ 97.763395][ T5841] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 98.142847][ T6013] vhci_hcd vhci_hcd.0: pdev(3) rhport(3) sockfd(6) [ 98.149409][ T6013] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 98.316142][ T30] audit: type=1326 audit(1762869116.560:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6011 comm="syz.3.17" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff1b4f8f6c9 code=0x7ffc0000 [ 98.338629][ T30] audit: type=1326 audit(1762869116.560:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6011 comm="syz.3.17" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff1b4f8f6c9 code=0x7ffc0000 [ 98.359274][ T6013] vhci_hcd vhci_hcd.0: Device attached [ 98.360603][ T30] audit: type=1326 audit(1762869116.560:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6011 comm="syz.3.17" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff1b4f8f6c9 code=0x7ffc0000 [ 98.390700][ T5826] usb 39-1: new full-speed USB device number 2 using vhci_hcd [ 98.400424][ T30] audit: type=1326 audit(1762869116.560:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6011 comm="syz.3.17" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff1b4f8f6c9 code=0x7ffc0000 [ 98.423710][ T30] audit: type=1326 audit(1762869116.560:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6011 comm="syz.3.17" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff1b4f8f6c9 code=0x7ffc0000 [ 98.437859][ T6016] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(13) [ 98.445972][ T30] audit: type=1326 audit(1762869116.560:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6011 comm="syz.3.17" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff1b4f8f6c9 code=0x7ffc0000 [ 98.452351][ T6016] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 98.515166][ T30] audit: type=1326 audit(1762869116.560:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6011 comm="syz.3.17" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7ff1b4f9161a code=0x7ffc0000 [ 98.544758][ T6016] vhci_hcd vhci_hcd.0: Device attached [ 98.565553][ T6026] vhci_hcd: connection closed [ 98.567380][ T6014] vhci_hcd: connection reset by peer [ 98.592137][ T6017] vhci_hcd: connection closed [ 98.594826][ T2983] vhci_hcd vhci_hcd.3: stop threads [ 98.635770][ T6028] vhci_hcd: connection closed [ 98.636069][ T6022] vhci_hcd: connection closed [ 98.648946][ T2983] vhci_hcd vhci_hcd.3: release socket [ 98.817678][ T2983] vhci_hcd vhci_hcd.3: disconnect device [ 98.823852][ T2983] vhci_hcd vhci_hcd.3: stop threads [ 98.829221][ T2983] vhci_hcd vhci_hcd.3: release socket [ 98.835794][ T2983] vhci_hcd vhci_hcd.3: disconnect device [ 98.852840][ T2983] vhci_hcd vhci_hcd.3: stop threads [ 98.880152][ T2983] vhci_hcd vhci_hcd.3: release socket [ 99.439167][ T2983] vhci_hcd vhci_hcd.3: disconnect device [ 99.445194][ T2983] vhci_hcd vhci_hcd.3: stop threads [ 99.450540][ T2983] vhci_hcd vhci_hcd.3: release socket [ 99.456292][ T2983] vhci_hcd vhci_hcd.3: disconnect device [ 99.462301][ T2983] vhci_hcd vhci_hcd.3: stop threads [ 99.467538][ T2983] vhci_hcd vhci_hcd.3: release socket [ 99.473736][ T2983] vhci_hcd vhci_hcd.3: disconnect device [ 99.870709][ T6040] team_slave_0: entered promiscuous mode [ 99.876558][ T6040] team_slave_1: entered promiscuous mode [ 99.883017][ T6040] macsec1: entered promiscuous mode [ 99.888514][ T6040] team0: entered promiscuous mode [ 99.898546][ T6040] macsec1: entered allmulticast mode [ 99.904101][ T6040] team0: entered allmulticast mode [ 99.910506][ T6040] team_slave_0: entered allmulticast mode [ 99.917372][ T6040] team_slave_1: entered allmulticast mode [ 101.403621][ T6040] team0: left allmulticast mode [ 101.408898][ T6040] team_slave_0: left allmulticast mode [ 101.428267][ T6040] team_slave_1: left allmulticast mode [ 102.247880][ T6040] team0: left promiscuous mode [ 102.948387][ T6040] team_slave_0: left promiscuous mode [ 102.953836][ T6040] team_slave_1: left promiscuous mode [ 103.962583][ T6070] loop3: detected capacity change from 0 to 64 [ 104.483241][ T5826] vhci_hcd vhci_hcd.3: vhci_device speed not set [ 104.692726][ T6073] netlink: 32 bytes leftover after parsing attributes in process `syz.0.28'. [ 105.102860][ T6075] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 106.668352][ T6082] loop3: detected capacity change from 0 to 2048 [ 106.699057][ T5882] usb usb40-port1: attempt power cycle [ 106.946195][ T6094] Context (ID=0x1) not attached to queue pair (handle=0x2:0x40) [ 107.185519][ T6104] loop4: detected capacity change from 0 to 128 [ 107.441062][ T5882] usb usb40-port1: unable to enumerate USB device [ 108.303935][ T6111] FAT-fs (loop4): error, corrupted directory (invalid entries) [ 108.311817][ T6111] FAT-fs (loop4): Filesystem has been set read-only [ 109.166856][ T6121] delete_channel: no stack [ 109.865019][ T6116] delete_channel: no stack [ 110.336341][ T6129] loop4: detected capacity change from 0 to 512 [ 110.486969][ T6129] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 110.609273][ T6129] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 113.141343][ T6129] EXT4-fs: error -4 creating inode table initialization thread [ 113.169718][ T6129] EXT4-fs (loop4): mount failed [ 114.271373][ T6150] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 114.467501][ T6157] loop1: detected capacity change from 0 to 128 [ 114.556222][ T9] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 114.813569][ T9] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 114.849996][ T6163] FAT-fs (loop1): error, corrupted directory (invalid entries) [ 114.858836][ T6163] FAT-fs (loop1): Filesystem has been set read-only [ 115.315502][ T9] usb 5-1: config 0 has no interfaces? [ 115.325437][ T9] usb 5-1: New USB device found, idVendor=0c45, idProduct=6005, bcdDevice=b5.55 [ 115.344840][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 115.382376][ T9] usb 5-1: Product: syz [ 115.417181][ T9] usb 5-1: Manufacturer: syz [ 115.447785][ T9] usb 5-1: SerialNumber: syz [ 115.492756][ T9] usb 5-1: config 0 descriptor?? [ 116.279577][ T10] usb 5-1: USB disconnect, device number 2 [ 116.866690][ T6177] process 'syz.1.52' launched './file0' with NULL argv: empty string added [ 120.288476][ T6183] loop3: detected capacity change from 0 to 8 [ 121.241795][ T6193] loop4: detected capacity change from 0 to 1024 [ 123.556226][ T3441] hfsplus: b-tree write err: -5, ino 4 [ 123.645507][ T6208] loop1: detected capacity change from 0 to 1024 [ 124.947824][ T6215] Zero length message leads to an empty skb [ 125.832004][ T6221] Invalid ELF header magic: != ELF [ 126.148866][ T6214] loop2: detected capacity change from 0 to 8192 [ 126.212303][ T30] kauditd_printk_skb: 30 callbacks suppressed [ 126.212322][ T30] audit: type=1800 audit(1762869145.680:42): pid=6214 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.62" name="file1" dev="loop2" ino=1048607 res=0 errno=0 [ 127.567037][ T6221] bridge1: entered promiscuous mode [ 127.586618][ T6221] bridge1: entered allmulticast mode [ 128.737852][ T6247] loop2: detected capacity change from 0 to 4096 [ 131.312254][ T6247] ntfs3(loop2): Mark volume as dirty due to NTFS errors [ 131.859759][ T6247] ntfs3(loop2): Failed to read $UpCase (-4). [ 131.921972][ T6254] syz_tun: entered allmulticast mode [ 131.942794][ T6254] syz_tun: left allmulticast mode [ 132.828764][ T6260] loop2: detected capacity change from 0 to 512 [ 132.856253][ T6260] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 132.864581][ T6260] EXT4-fs (loop2): orphan cleanup on readonly fs [ 132.873623][ T6260] Quota error (device loop2): v2_read_file_info: Block with free entry 4294967071 out of range (1, 6). [ 132.885893][ T6260] EXT4-fs warning (device loop2): ext4_enable_quotas:7181: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 132.904438][ T6260] EXT4-fs (loop2): Cannot turn on quotas: error -117 [ 132.924249][ T6260] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.73: bg 0: block 40: padding at end of block bitmap is not set [ 132.940771][ T6260] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6667: Corrupt filesystem [ 132.951294][ T6260] EXT4-fs (loop2): 1 truncate cleaned up [ 132.958408][ T6260] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 133.129579][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.137798][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.210574][ T5824] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 136.355549][ T6286] netlink: 68 bytes leftover after parsing attributes in process `syz.3.80'. [ 136.725070][ T6290] loop4: detected capacity change from 0 to 8192 [ 136.760372][ T30] audit: type=1800 audit(1762869156.220:43): pid=6290 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.79" name="file1" dev="loop4" ino=1048608 res=0 errno=0 [ 137.680870][ T6302] netlink: 20 bytes leftover after parsing attributes in process `syz.0.84'. [ 138.380756][ T6308] loop4: detected capacity change from 0 to 4096 [ 139.278718][ T30] audit: type=1804 audit(1762869158.730:44): pid=6320 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.85" name="/newroot/18/file0/file1" dev="loop4" ino=30 res=1 errno=0 [ 139.422792][ T6321] loop1: detected capacity change from 0 to 2048 [ 139.489715][ T6321] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 142.602812][ T6340] loop2: detected capacity change from 0 to 8192 [ 142.808748][ T6349] loop1: detected capacity change from 0 to 32768 [ 142.989169][ T6349] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 143.113990][ T30] audit: type=1800 audit(1762869162.550:45): pid=6340 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.95" name="file1" dev="loop2" ino=1048609 res=0 errno=0 [ 143.601580][ T6349] XFS (loop1): Ending clean mount [ 144.683504][ T13] XFS (loop1): Metadata CRC error detected at xfs_agfl_read_verify+0x126/0x1f0, xfs_agfl block 0x3 [ 144.698975][ T13] XFS (loop1): Unmount and run xfs_repair [ 144.704824][ T13] XFS (loop1): First 128 bytes of corrupted metadata buffer: [ 144.728107][ T13] 00000000: 58 41 46 ff 07 00 00 00 bf dc 47 fc 10 d8 4e ed XAF.......G...N. [ 144.737257][ T13] 00000010: a5 62 11 a8 31 b3 f7 91 00 00 00 00 00 00 00 00 .b..1........... [ 144.747336][ T13] 00000020: a5 3b c8 8a ff ff ff ff 00 00 00 07 00 00 00 08 .;.............. [ 144.780566][ T13] 00000030: 00 00 00 09 00 00 00 0a 00 00 00 0b 00 00 00 0c ................ [ 144.790290][ T13] 00000040: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 144.807829][ T13] 00000050: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 144.837468][ T13] 00000060: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 144.858029][ T13] 00000070: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 144.885153][ T13] XFS (loop1): metadata I/O error in "xfs_alloc_read_agfl+0x202/0x410" at daddr 0x3 len 1 error 74 [ 144.914994][ T13] XFS (loop1): page discard on page ffffea000143d1c0, inode 0x2449, pos 0. [ 144.945667][ T5822] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 144.968306][ T10] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 144.989038][ C0] raw-gadget.0 gadget.3: ignoring, device is not running [ 145.094641][ T5822] XFS (loop1): Uncorrected metadata errors detected; please run xfs_repair. [ 145.148325][ T10] usb 4-1: device descriptor read/64, error -32 [ 145.234113][ T6378] loop0: detected capacity change from 0 to 256 [ 145.296145][ T6380] loop2: detected capacity change from 0 to 1024 [ 145.392502][ T6378] exFAT-fs (loop0): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18d7c, utbl_chksum : 0xe619d30d) [ 145.467869][ T10] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 145.469464][ T6380] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 145.588556][ T6378] exFAT-fs (loop0): failed to load alloc-bitmap [ 145.595001][ T6378] exFAT-fs (loop0): failed to recognize exfat type [ 145.662383][ T6380] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 148.134577][ T6396] netlink: 68 bytes leftover after parsing attributes in process `syz.2.104'. [ 148.396223][ T10] usb 4-1: device descriptor read/all, error -71 [ 148.410581][ T10] usb usb4-port1: attempt power cycle [ 148.773540][ T6404] loop2: detected capacity change from 0 to 512 [ 152.910851][ T6418] loop0: detected capacity change from 0 to 256 [ 153.988490][ T6423] netlink: 20 bytes leftover after parsing attributes in process `syz.2.110'. [ 154.741100][ T6427] loop3: detected capacity change from 0 to 2048 [ 154.779684][ T6427] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=2362, location=2362 [ 154.834050][ T6427] UDF-fs: error (device loop3): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 155.315303][ T6427] UDF-fs: error (device loop3): udf_read_tagged: tag checksum failed, block 160: 0xd2 != 0xd4 [ 155.397758][ T6427] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 156.760317][ T6447] netlink: 68 bytes leftover after parsing attributes in process `syz.4.118'. [ 156.770029][ T6443] workqueue: Failed to create a rescuer kthread for wq "xfs-inodegc/nullb0": -EINTR [ 156.774257][ T6432] loop0: detected capacity change from 0 to 4096 [ 156.922563][ T6432] ntfs3: Unknown parameter '' [ 158.880797][ T6477] loop1: detected capacity change from 0 to 256 [ 159.424086][ T6468] loop4: detected capacity change from 0 to 764 [ 159.608981][ T6470] Symlink component flag not implemented [ 159.618775][ T6470] Symlink component flag not implemented [ 159.652516][ T6470] Symlink component flag not implemented (128) [ 159.660169][ T6470] Symlink component flag not implemented (122) [ 160.097795][ T6479] loop3: detected capacity change from 0 to 128 [ 160.105001][ T6479] vxfs: Unknown parameter 'â sßgæ' [ 160.140992][ T6485] loop0: detected capacity change from 0 to 16 [ 161.966987][ T6494] loop1: detected capacity change from 0 to 4096 [ 162.919064][ T6494] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [ 163.645928][ T30] audit: type=1326 audit(1762869183.090:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6510 comm="syz.4.135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f877218f6c9 code=0x7ffc0000 [ 164.105636][ T30] audit: type=1326 audit(1762869183.090:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6510 comm="syz.4.135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f877218f6c9 code=0x7ffc0000 [ 164.191210][ T6517] sch_tbf: burst 4398 is lower than device lo mtu (65550) ! [ 164.297997][ T30] audit: type=1326 audit(1762869183.090:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6510 comm="syz.4.135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=97 compat=0 ip=0x7f877218f6c9 code=0x7ffc0000 [ 164.999929][ T6523] netlink: 'syz.3.137': attribute type 10 has an invalid length. [ 165.007763][ T6523] netlink: 40 bytes leftover after parsing attributes in process `syz.3.137'. [ 165.073663][ T6523] batman_adv: batadv0: Adding interface: virt_wifi0 [ 165.080424][ T6523] batman_adv: batadv0: The MTU of interface virt_wifi0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 165.106785][ T6523] batman_adv: batadv0: Interface activated: virt_wifi0 [ 165.207774][ T30] audit: type=1326 audit(1762869183.090:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6510 comm="syz.4.135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f877218f6c9 code=0x7ffc0000 [ 165.230066][ T30] audit: type=1326 audit(1762869183.100:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6510 comm="syz.4.135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f877218f6c9 code=0x7ffc0000 [ 165.302929][ T30] audit: type=1326 audit(1762869183.110:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6510 comm="syz.4.135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=270 compat=0 ip=0x7f877218f6c9 code=0x7ffc0000 [ 166.283397][ T30] audit: type=1326 audit(1762869183.170:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6510 comm="syz.4.135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f877218f6c9 code=0x7ffc0000 [ 166.306623][ T30] audit: type=1326 audit(1762869183.170:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6510 comm="syz.4.135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f877218f6c9 code=0x7ffc0000 [ 166.349608][ T30] audit: type=1326 audit(1762869183.180:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6510 comm="syz.4.135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f877218f6c9 code=0x7ffc0000 [ 167.320246][ T30] audit: type=1326 audit(1762869183.180:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6510 comm="syz.4.135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f877218f6c9 code=0x7ffc0000 [ 169.662151][ T6554] netlink: 68 bytes leftover after parsing attributes in process `syz.1.146'. [ 170.222610][ T6561] loop4: detected capacity change from 0 to 32768 [ 170.304658][ T6561] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.148 (6561) [ 170.394247][ T6561] BTRFS info (device loop4): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 170.405123][ T6561] BTRFS info (device loop4): using sha256 (sha256-lib) checksum algorithm [ 170.849798][ T6561] BTRFS info (device loop4): enabling ssd optimizations [ 170.856821][ T6561] BTRFS info (device loop4): turning on async discard [ 171.487969][ T6561] BTRFS info (device loop4): enabling free space tree [ 172.619742][ T6592] loop2: detected capacity change from 0 to 1024 [ 173.774045][ T5823] BTRFS info (device loop4): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 176.686349][ T6643] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 176.694016][ T6643] overlayfs: failed to set xattr on upper [ 176.700120][ T6643] overlayfs: ...falling back to redirect_dir=nofollow. [ 176.708051][ T6643] overlayfs: ...falling back to index=off. [ 176.714987][ T6643] overlayfs: ...falling back to uuid=null. [ 176.779256][ T6644] overlayfs: overlay with incompat feature 'volatile' cannot be mounted [ 178.237896][ T5903] IPVS: starting estimator thread 0... [ 178.357930][ T6655] IPVS: using max 31 ests per chain, 74400 per kthread [ 180.420384][ T6667] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 180.589387][ T6669] loop4: detected capacity change from 0 to 512 [ 180.655276][ T6669] EXT4-fs error (device loop4): ext4_orphan_get:1392: inode #15: comm syz.4.171: inode has both inline data and extents flags [ 180.696348][ T6669] EXT4-fs error (device loop4): ext4_orphan_get:1397: comm syz.4.171: couldn't read orphan inode 15 (err -117) [ 180.714642][ T6669] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 182.260904][ T5823] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 183.345814][ T6692] loop3: detected capacity change from 0 to 2048 [ 183.380617][ T6692] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 184.338234][ T6703] loop4: detected capacity change from 0 to 128 [ 184.362292][ T6703] EXT4-fs warning (device loop4): ext4_init_metadata_csum:4636: metadata_csum and uninit_bg are redundant flags; please run fsck. [ 184.378403][ T6703] EXT4-fs (loop4): Encoding requested by superblock is unknown [ 185.893125][ T6721] random: crng reseeded on system resumption [ 190.868236][ T6756] trusted_key: syz.4.188 sent an empty control message without MSG_MORE. [ 192.403067][ T6770] usb usb6: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 192.614747][ T6772] loop3: detected capacity change from 0 to 1024 [ 192.645450][ T6772] EXT4-fs: Ignoring removed orlov option [ 192.735400][ T6772] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 193.327875][ T30] kauditd_printk_skb: 7 callbacks suppressed [ 193.327889][ T30] audit: type=1804 audit(1762869212.550:63): pid=6776 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.194" name="/newroot/37/file1/file1" dev="loop3" ino=15 res=1 errno=0 [ 193.660771][ T5835] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 193.935724][ T6784] loop3: detected capacity change from 0 to 256 [ 193.969943][ T6784] exFAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 194.006364][ T6784] exFAT-fs (loop3): Medium has reported failures. Some data may be lost. [ 194.036893][ T6784] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000ff98, chksum : 0xc64c1d22, utbl_chksum : 0xe619d30d) [ 194.070815][ T6784] exFAT-fs (loop3): failed to load alloc-bitmap [ 194.091688][ T6784] exFAT-fs (loop3): failed to recognize exfat type [ 194.146788][ T6786] Bluetooth: MGMT ver 1.23 [ 194.170601][ T6786] Bluetooth: hci0: invalid length 0, exp 2 for type 17 [ 194.560996][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.568691][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 196.474541][ T6808] loop1: detected capacity change from 0 to 64 [ 197.762954][ T6808] hfs: unable to locate alternate MDB [ 197.787730][ T6808] hfs: continuing without an alternate MDB [ 199.385280][ T6827] netlink: 72 bytes leftover after parsing attributes in process `syz.3.206'. [ 199.424509][ T6827] netlink: 4 bytes leftover after parsing attributes in process `syz.3.206'. [ 201.863134][ T52] Bluetooth: hci2: command 0x0406 tx timeout [ 201.870759][ T52] Bluetooth: hci0: command 0x0406 tx timeout [ 201.876960][ T52] Bluetooth: hci3: command 0x0406 tx timeout [ 201.884453][ T52] Bluetooth: hci4: command 0x0406 tx timeout [ 201.891012][ T52] Bluetooth: hci1: command 0x0406 tx timeout [ 204.621197][ T6865] random: crng reseeded on system resumption [ 205.225924][ T6872] loop0: detected capacity change from 0 to 256 [ 207.728078][ T6889] Cannot find set identified by id 0 to match [ 209.357414][ T6893] loop0: detected capacity change from 0 to 128 [ 209.512114][ T6893] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 209.535516][ T6893] ext4 filesystem being mounted at /40/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 210.603091][ T5821] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 212.314129][ T6924] netlink: 12 bytes leftover after parsing attributes in process `syz.4.230'. [ 212.464475][ T6926] veth0_vlan: entered allmulticast mode [ 213.294651][ T6932] veth0_vlan: left promiscuous mode [ 213.328016][ T6932] veth0_vlan: entered promiscuous mode [ 216.508406][ T6953] loop2: detected capacity change from 0 to 1024 [ 216.524072][ T6953] EXT4-fs: Ignoring removed i_version option [ 216.534237][ T6953] EXT4-fs: inline encryption not supported [ 216.550909][ T6953] EXT4-fs (loop2): Test dummy encryption mode enabled [ 216.576894][ T6953] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 216.809723][ T6961] netlink: 4 bytes leftover after parsing attributes in process `syz.3.240'. [ 217.496513][ T6948] netlink: 32 bytes leftover after parsing attributes in process `syz.4.237'. [ 217.688279][ T5824] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 219.614788][ T6988] syz.2.245 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 219.656346][ T6988] random: crng reseeded on system resumption [ 219.689515][ T6989] loop4: detected capacity change from 0 to 22 [ 219.761274][ T6989] MTD: Attempt to mount non-MTD device "/dev/loop4" [ 219.781414][ T6989] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 222.337977][ T7005] loop4: detected capacity change from 0 to 1024 [ 222.361236][ T7005] EXT4-fs: Ignoring removed orlov option [ 222.595364][ T7005] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 223.103204][ T30] audit: type=1804 audit(1762869242.570:64): pid=7019 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.249" name="/newroot/51/file1/file1" dev="loop4" ino=15 res=1 errno=0 [ 224.210971][ T7026] faux_driver vgem: [drm] Unknown color mode 2054; guessing buffer size. [ 224.749412][ T5823] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 225.454024][ T7038] loop2: detected capacity change from 0 to 64 [ 225.669128][ T7032] loop4: detected capacity change from 0 to 32768 [ 225.688651][ T7032] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 225.697207][ T7032] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 226.070113][ T7032] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 0ms [ 226.082547][ T9] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 226.123197][ T9] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 226.555307][ T9] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 432ms [ 226.603236][ T9] gfs2: fsid=syz:syz.0: jid=0: Done [ 226.710682][ T7032] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 228.098532][ T7060] delete_channel: no stack [ 228.700385][ T7062] loop3: detected capacity change from 0 to 22 [ 228.764153][ T7062] MTD: Attempt to mount non-MTD device "/dev/loop3" [ 228.843221][ T7062] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 234.610429][ T7091] binder: 7090:7091 unknown command 0 [ 234.615886][ T7091] binder: 7090:7091 ioctl c0306201 200000000080 returned -22 [ 234.895350][ T7094] loop4: detected capacity change from 0 to 32768 [ 234.922169][ T7094] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.272 (7094) [ 234.943317][ T7094] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 234.954163][ T7094] BTRFS info (device loop4): using sha256 (sha256-lib) checksum algorithm [ 235.009506][ T7094] BTRFS info (device loop4): enabling ssd optimizations [ 235.016509][ T7094] BTRFS info (device loop4): turning on async discard [ 235.023612][ T7094] BTRFS info (device loop4): enabling free space tree [ 235.764207][ T30] audit: type=1800 audit(1762869255.200:65): pid=7121 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.272" name="file2" dev="loop4" ino=261 res=0 errno=0 [ 236.486569][ T7122] overlayfs: missing 'lowerdir' [ 236.920268][ T5823] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 238.780628][ T7141] loop2: detected capacity change from 0 to 256 [ 238.889410][ T7141] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18d7c, utbl_chksum : 0xe619d30d) [ 238.945038][ T7141] exFAT-fs (loop2): failed to load alloc-bitmap [ 238.954726][ T7141] exFAT-fs (loop2): failed to recognize exfat type [ 239.247227][ T7147] vivid-000: disconnect [ 239.521891][ T7133] vivid-000: reconnect [ 240.534155][ T7154] loop0: detected capacity change from 0 to 1024 [ 240.662816][ T7154] EXT4-fs: Ignoring removed orlov option [ 241.639523][ T7154] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 242.287060][ T30] audit: type=1804 audit(1762869261.610:66): pid=7172 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.284" name="/newroot/51/file1/file1" dev="loop0" ino=15 res=1 errno=0 [ 242.609855][ T5821] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 249.231061][ T7245] delete_channel: no stack [ 249.252134][ T7245] loop2: detected capacity change from 0 to 22 [ 249.286748][ T7245] MTD: Attempt to mount non-MTD device "/dev/loop2" [ 249.565461][ T10] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 250.813055][ T7245] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 250.969545][ T10] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 250.986485][ T10] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41 [ 250.996393][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11 [ 251.005039][ T10] usb 2-1: Product: syz [ 251.011695][ T10] usb 2-1: Manufacturer: syz [ 251.016309][ T10] usb 2-1: SerialNumber: syz [ 251.274189][ T10] usblp 2-1:1.0: usblp0: USB Unidirectional printer dev 2 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 251.322767][ T7267] loop4: detected capacity change from 0 to 1024 [ 251.338031][ T7267] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 251.359783][ T7267] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 251.379247][ T7267] EXT4-fs (loop4): orphan cleanup on readonly fs [ 251.389833][ T7267] EXT4-fs error (device loop4): ext4_free_blocks:6706: comm syz.4.315: Freeing blocks not in datazone - block = 0, count = 4096 [ 251.418576][ T7267] EXT4-fs (loop4): 1 orphan inode deleted [ 251.433472][ T7267] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 252.334154][ T5823] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 253.441864][ T5826] usb 2-1: USB disconnect, device number 2 [ 253.457554][ T5826] usblp0: removed [ 255.982068][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.007823][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 259.387999][ T5826] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 259.793049][ T5826] usb 5-1: Using ep0 maxpacket: 8 [ 259.826847][ T5826] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 259.862408][ T5826] usb 5-1: config 0 has no interfaces? [ 259.969184][ T5826] usb 5-1: New USB device found, idVendor=05e1, idProduct=0893, bcdDevice=fd.5b [ 260.024975][ T5826] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 260.075499][ T5826] usb 5-1: Product: syz [ 260.097752][ T5826] usb 5-1: Manufacturer: syz [ 260.750211][ T5826] usb 5-1: SerialNumber: syz [ 260.997267][ T5826] usb 5-1: config 0 descriptor?? [ 261.404853][ T7355] syz.0.339 (7355): drop_caches: 2 [ 262.565791][ T7378] loop3: detected capacity change from 0 to 64 [ 262.572829][ T7378] hfs: Unknown parameter '017777777777777777777770x0000000000000000' [ 262.765796][ T7384] loop3: detected capacity change from 0 to 1024 [ 262.975481][ T7386] loop1: detected capacity change from 0 to 128 [ 263.187072][ T7389] autofs: Unknown parameter '0x0000000000000000' [ 263.747671][ T9] usb 5-1: USB disconnect, device number 3 [ 264.116932][ T7398] FAT-fs (loop1): error, corrupted directory (invalid entries) [ 264.124752][ T7398] FAT-fs (loop1): Filesystem has been set read-only [ 267.938496][ T7420] mmap: syz.0.354 (7420) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 268.184709][ T7428] delete_channel: no stack [ 268.190958][ T7428] loop2: detected capacity change from 0 to 22 [ 268.198271][ T7428] MTD: Attempt to mount non-MTD device "/dev/loop2" [ 268.205436][ T7428] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 268.774313][ T7430] loop3: detected capacity change from 0 to 40427 [ 268.825847][ T7430] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 268.834501][ T7430] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 268.847559][ T7430] F2FS-fs (loop3): invalid crc value [ 269.014525][ T7430] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 269.043524][ T7430] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 269.050712][ T7430] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 269.859362][ T30] audit: type=1800 audit(1762869288.820:67): pid=7437 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.358" name="file1" dev="loop3" ino=10 res=0 errno=0 [ 271.341901][ T7445] loop1: detected capacity change from 0 to 128 [ 271.359241][ T7446] loop0: detected capacity change from 0 to 164 [ 271.681913][ T7446] Unable to read rock-ridge attributes [ 271.737071][ T7448] FAT-fs (loop1): error, corrupted directory (invalid entries) [ 271.744877][ T7448] FAT-fs (loop1): Filesystem has been set read-only [ 272.020303][ T5835] syz-executor: attempt to access beyond end of device [ 272.020303][ T5835] loop3: rw=2049, sector=40960, nr_sectors = 8 limit=40427 [ 272.099863][ T5835] CPU: 0 UID: 0 PID: 5835 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) [ 272.099891][ T5835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 272.099910][ T5835] Call Trace: [ 272.099919][ T5835] [ 272.099928][ T5835] dump_stack_lvl+0x189/0x250 [ 272.099968][ T5835] ? __pfx_dump_stack_lvl+0x10/0x10 [ 272.099998][ T5835] ? __pfx_queue_work_on+0x10/0x10 [ 272.100021][ T5835] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 272.100050][ T5835] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 272.100094][ T5835] f2fs_handle_critical_error+0x37c/0x540 [ 272.100133][ T5835] f2fs_write_end_io+0x886/0xb60 [ 272.100179][ T5835] __submit_merged_bio+0x256/0x6a0 [ 272.100205][ T5835] ? up_write+0x1a8/0x430 [ 272.100231][ T5835] __submit_merged_write_cond+0x44c/0x530 [ 272.100270][ T5835] f2fs_sync_node_pages+0x1479/0x15e0 [ 272.100325][ T5835] ? __pfx_f2fs_sync_node_pages+0x10/0x10 [ 272.100350][ T5835] ? f2fs_write_checkpoint+0xd4c/0x2440 [ 272.100409][ T5835] ? f2fs_write_checkpoint+0xdad/0x2440 [ 272.100521][ T5835] ? up_write+0x1a8/0x430 [ 272.100535][ T5835] ? do_raw_spin_unlock+0x122/0x240 [ 272.100561][ T5835] f2fs_write_checkpoint+0xdde/0x2440 [ 272.100584][ T5835] ? __lock_acquire+0xab9/0xd20 [ 272.100646][ T5835] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 272.100740][ T5835] kill_f2fs_super+0x2cc/0x6d0 [ 272.100772][ T5835] ? __pfx_kill_f2fs_super+0x10/0x10 [ 272.100818][ T5835] ? shrinker_free+0x2ce/0x3e0 [ 272.100848][ T5835] deactivate_locked_super+0xbc/0x130 [ 272.100874][ T5835] cleanup_mnt+0x425/0x4c0 [ 272.100895][ T5835] ? lockdep_hardirqs_on+0x9c/0x150 [ 272.100929][ T5835] task_work_run+0x1d4/0x260 [ 272.100955][ T5835] ? __pfx_task_work_run+0x10/0x10 [ 272.100983][ T5835] ? exit_to_user_mode_loop+0x55/0x4f0 [ 272.101014][ T5835] exit_to_user_mode_loop+0xff/0x4f0 [ 272.101038][ T5835] ? rcu_is_watching+0x15/0xb0 [ 272.101074][ T5835] do_syscall_64+0x2e9/0xfa0 [ 272.101096][ T5835] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 272.101116][ T5835] ? clear_bhb_loop+0x60/0xb0 [ 272.101141][ T5835] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 272.101160][ T5835] RIP: 0033:0x7ff1b4f909f7 [ 272.101190][ T5835] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 272.101206][ T5835] RSP: 002b:00007fff74f97e48 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 272.101233][ T5835] RAX: 0000000000000000 RBX: 00007ff1b5011d7d RCX: 00007ff1b4f909f7 [ 272.101247][ T5835] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff74f97f00 [ 272.101259][ T5835] RBP: 00007fff74f97f00 R08: 0000000000000000 R09: 0000000000000000 [ 272.101271][ T5835] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff74f98f90 [ 272.101284][ T5835] R13: 00007ff1b5011d7d R14: 0000000000042013 R15: 00007fff74f98fd0 [ 272.101324][ T5835] [ 272.101333][ T5835] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 274.191205][ T7459] overlayfs: missing 'workdir' [ 275.988135][ T7474] loop2: detected capacity change from 0 to 8192 [ 276.578013][ T30] audit: type=1800 audit(1762869296.030:68): pid=7474 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.370" name="file1" dev="loop2" ino=1048661 res=0 errno=0 [ 278.578443][ T30] audit: type=1326 audit(1762869298.040:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7493 comm="syz.4.374" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f877218f6c9 code=0x7ffc0000 [ 278.707332][ T30] audit: type=1326 audit(1762869298.080:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7493 comm="syz.4.374" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f877218f6c9 code=0x7ffc0000 [ 278.989981][ T7500] loop0: detected capacity change from 0 to 22 [ 279.006527][ T7500] MTD: Attempt to mount non-MTD device "/dev/loop0" [ 279.024361][ T7500] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 279.171289][ T30] audit: type=1326 audit(1762869298.080:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7493 comm="syz.4.374" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f877218f6c9 code=0x7ffc0000 [ 279.755336][ T30] audit: type=1326 audit(1762869298.080:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7493 comm="syz.4.374" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f877218f6c9 code=0x7ffc0000 [ 279.806189][ T30] audit: type=1326 audit(1762869298.090:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7493 comm="syz.4.374" exe="/root/syz-executor" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7f877218f6c9 code=0x7ffc0000 [ 279.881424][ T30] audit: type=1326 audit(1762869298.100:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7493 comm="syz.4.374" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f877218f6c9 code=0x7ffc0000 [ 279.912974][ T30] audit: type=1326 audit(1762869298.100:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7493 comm="syz.4.374" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f877218f6c9 code=0x7ffc0000 [ 279.939307][ T30] audit: type=1326 audit(1762869298.100:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7493 comm="syz.4.374" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f877218f6c9 code=0x7ffc0000 [ 280.036961][ T30] audit: type=1326 audit(1762869298.100:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7493 comm="syz.4.374" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f877218f6c9 code=0x7ffc0000 [ 281.325589][ T7526] loop1: detected capacity change from 0 to 128 [ 281.368454][ T7528] overlayfs: missing 'workdir' [ 281.707252][ T7534] FAT-fs (loop1): error, corrupted directory (invalid entries) [ 281.715041][ T7534] FAT-fs (loop1): Filesystem has been set read-only [ 282.999341][ T7533] loop0: detected capacity change from 0 to 8192 [ 283.147746][ T30] kauditd_printk_skb: 30 callbacks suppressed [ 283.147765][ T30] audit: type=1800 audit(1762869302.580:108): pid=7533 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.386" name="file1" dev="loop0" ino=1048663 res=0 errno=0 [ 284.015784][ T7551] loop2: detected capacity change from 0 to 22 [ 284.033080][ T7551] MTD: Attempt to mount non-MTD device "/dev/loop2" [ 284.055571][ T7551] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 286.465929][ T7579] loop2: detected capacity change from 0 to 128 [ 286.473455][ T7578] overlayfs: missing 'workdir' [ 286.744780][ T7586] FAT-fs (loop2): error, corrupted directory (invalid entries) [ 286.752618][ T7586] FAT-fs (loop2): Filesystem has been set read-only [ 287.847721][ T7592] loop2: detected capacity change from 0 to 8192 [ 287.891151][ T30] audit: type=1800 audit(1762869307.360:109): pid=7592 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.404" name="file1" dev="loop2" ino=1048665 res=0 errno=0 [ 291.847513][ T7629] loop3: detected capacity change from 0 to 256 [ 292.424826][ T7630] loop2: detected capacity change from 0 to 128 [ 293.257700][ T7638] FAT-fs (loop2): error, corrupted directory (invalid entries) [ 293.265450][ T7638] FAT-fs (loop2): Filesystem has been set read-only [ 294.090185][ T7649] team_slave_0: entered promiscuous mode [ 294.095961][ T7649] team_slave_1: entered promiscuous mode [ 294.102564][ T7649] macsec1: entered promiscuous mode [ 294.108063][ T7649] team0: entered promiscuous mode [ 294.116165][ T7649] macsec1: entered allmulticast mode [ 294.122419][ T7649] team0: entered allmulticast mode [ 294.128078][ T7649] team_slave_0: entered allmulticast mode [ 294.134277][ T7649] team_slave_1: entered allmulticast mode [ 295.061380][ T7651] loop3: detected capacity change from 0 to 8192 [ 295.094280][ T30] audit: type=1800 audit(1762869314.560:110): pid=7651 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.421" name="file1" dev="loop3" ino=1048691 res=0 errno=0 [ 295.668335][ T7649] team0: left allmulticast mode [ 295.674665][ T7649] team_slave_0: left allmulticast mode [ 295.683865][ T7649] team_slave_1: left allmulticast mode [ 295.693253][ T7649] team0: left promiscuous mode [ 295.718382][ T7649] team_slave_0: left promiscuous mode [ 295.723922][ T7649] team_slave_1: left promiscuous mode [ 298.382827][ T7676] loop1: detected capacity change from 0 to 128 [ 298.812867][ T7682] FAT-fs (loop1): error, corrupted directory (invalid entries) [ 298.820765][ T7682] FAT-fs (loop1): Filesystem has been set read-only [ 301.426575][ T7702] loop1: detected capacity change from 0 to 256 [ 302.369250][ T7712] delete_channel: no stack [ 302.375960][ T7712] loop2: detected capacity change from 0 to 22 [ 302.383440][ T7712] MTD: Attempt to mount non-MTD device "/dev/loop2" [ 302.871240][ T7712] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 303.245784][ T7720] loop2: detected capacity change from 0 to 128 [ 303.584585][ T7724] FAT-fs (loop2): error, corrupted directory (invalid entries) [ 303.592368][ T7724] FAT-fs (loop2): Filesystem has been set read-only [ 304.163553][ T7716] loop1: detected capacity change from 0 to 8192 [ 305.430845][ T30] audit: type=1800 audit(1762869324.900:111): pid=7716 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.436" name="file1" dev="loop1" ino=1048718 res=0 errno=0 [ 307.180625][ T7752] No such timeout policy "syz1" [ 308.683858][ T7766] delete_channel: no stack [ 308.699265][ T7766] loop0: detected capacity change from 0 to 22 [ 308.711010][ T7766] MTD: Attempt to mount non-MTD device "/dev/loop0" [ 308.771404][ T7766] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 309.299779][ T7773] loop3: detected capacity change from 0 to 128 [ 309.850673][ T7789] FAT-fs (loop3): error, corrupted directory (invalid entries) [ 309.858450][ T7789] FAT-fs (loop3): Filesystem has been set read-only [ 310.390344][ T7791] loop1: detected capacity change from 0 to 128 [ 310.847167][ T7797] FAT-fs (loop1): error, corrupted directory (invalid entries) [ 310.856033][ T7797] FAT-fs (loop1): Filesystem has been set read-only [ 314.709103][ T7840] delete_channel: no stack [ 314.734799][ T7840] loop4: detected capacity change from 0 to 22 [ 314.777945][ T7840] MTD: Attempt to mount non-MTD device "/dev/loop4" [ 314.819153][ T7840] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 317.067061][ T7865] netlink: 68 bytes leftover after parsing attributes in process `syz.4.473'. [ 317.428925][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.440412][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 322.071425][ T7908] delete_channel: no stack [ 322.157635][ T7908] loop0: detected capacity change from 0 to 22 [ 322.268555][ T7908] MTD: Attempt to mount non-MTD device "/dev/loop0" [ 322.349847][ T7908] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 322.454846][ T7911] loop1: detected capacity change from 0 to 128 [ 322.592763][ T7907] netlink: 68 bytes leftover after parsing attributes in process `syz.2.485'. [ 323.006975][ T7915] FAT-fs (loop1): error, corrupted directory (invalid entries) [ 323.014918][ T7915] FAT-fs (loop1): Filesystem has been set read-only [ 323.330483][ T7918] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 323.388593][ T7918] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 324.088549][ T7929] ------------[ cut here ]------------ [ 324.094064][ T7929] WARNING: ./include/linux/ns_common.h:311 at nsproxy_ns_active_put+0xa19/0xd30, CPU#1: syz.2.491/7929 [ 324.105372][ T7929] Modules linked in: [ 324.109468][ T7929] CPU: 1 UID: 0 PID: 7929 Comm: syz.2.491 Not tainted syzkaller #0 PREEMPT(full) [ 324.118709][ T7929] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 324.128827][ T7929] RIP: 0010:nsproxy_ns_active_put+0xa19/0xd30 [ 324.134925][ T7929] Code: 0f 0b 90 e9 71 fc ff ff e8 54 dc 76 ff 90 0f 0b 90 e9 ab fc ff ff e8 46 dc 76 ff 90 0f 0b 90 e9 41 fd ff ff e8 38 dc 76 ff 90 <0f> 0b 90 e9 64 fd ff ff e8 2a dc 76 ff 90 0f 0b 90 e9 98 fd ff ff [ 324.154957][ T7929] RSP: 0018:ffffc9000dddfcf8 EFLAGS: 00010293 [ 324.162353][ T7929] RAX: ffffffff824a4348 RBX: ffff88801c6e0b60 RCX: ffff88802691bd00 [ 324.170404][ T7929] RDX: 0000000000000000 RSI: 00000000effffff8 RDI: 00000000effffff8 [ 324.178736][ T7929] RBP: 00000000effffff8 R08: ffffffff8df6eccb R09: 1ffffffff1bedd99 [ 324.186809][ T7929] R10: dffffc0000000000 R11: fffffbfff1bedd9a R12: dffffc0000000000 [ 324.195043][ T7929] R13: 1ffffffff1bedd85 R14: ffffffff8df6ec00 R15: ffffffff8df6ec28 [ 324.203086][ T7929] FS: 0000000000000000(0000) GS:ffff888125fcc000(0000) knlGS:0000000000000000 [ 324.212278][ T7929] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 324.219080][ T7929] CR2: 0000001b30c23ffc CR3: 000000000dd38000 CR4: 00000000003526f0 [ 324.227070][ T7929] Call Trace: [ 324.230398][ T7929] [ 324.233347][ T7929] free_nsproxy+0x26/0x560 [ 324.237831][ T7929] do_exit+0x6b8/0x2300 [ 324.242051][ T7929] ? __pfx_hrtimer_wakeup+0x10/0x10 [ 324.247281][ T7929] ? __pfx_do_exit+0x10/0x10 [ 324.252133][ T7929] ? rcu_is_watching+0x15/0xb0 [ 324.256928][ T7929] __x64_sys_exit+0x40/0x40 [ 324.261450][ T7929] x64_sys_call+0x21f3/0x2210 [ 324.266788][ T7929] do_syscall_64+0xfa/0xfa0 [ 324.271345][ T7929] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 324.277400][ T7929] ? clear_bhb_loop+0x60/0xb0 [ 324.282275][ T7929] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 324.288210][ T7929] RIP: 0033:0x7fa4c438f6c9 [ 324.292914][ T7929] Code: Unable to access opcode bytes at 0x7fa4c438f69f. [ 324.300071][ T7929] RSP: 002b:00007fa4c514efe8 EFLAGS: 00000246 ORIG_RAX: 000000000000003c [ 324.308545][ T7929] RAX: ffffffffffffffda RBX: 00007fa4c45e5fa0 RCX: 00007fa4c438f6c9 [ 324.316542][ T7929] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 324.324576][ T7929] RBP: 00007fa4c4411f91 R08: 0000000000000000 R09: 0000000000000000 [ 324.332622][ T7929] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 324.340645][ T7929] R13: 00007fa4c45e6038 R14: 00007fa4c45e5fa0 R15: 00007ffdb51a9958 [ 324.348715][ T7929] [ 324.351778][ T7929] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 324.359076][ T7929] CPU: 1 UID: 0 PID: 7929 Comm: syz.2.491 Not tainted syzkaller #0 PREEMPT(full) [ 324.368291][ T7929] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 324.378362][ T7929] Call Trace: [ 324.381650][ T7929] [ 324.384580][ T7929] dump_stack_lvl+0x99/0x250 [ 324.389187][ T7929] ? __asan_memcpy+0x40/0x70 [ 324.393793][ T7929] ? __pfx_dump_stack_lvl+0x10/0x10 [ 324.399026][ T7929] ? __pfx__printk+0x10/0x10 [ 324.403638][ T7929] vpanic+0x237/0x6d0 [ 324.407617][ T7929] ? __pfx_vpanic+0x10/0x10 [ 324.412116][ T7929] ? is_bpf_text_address+0x26/0x2b0 [ 324.417325][ T7929] panic+0xb9/0xc0 [ 324.421042][ T7929] ? __pfx_panic+0x10/0x10 [ 324.425470][ T7929] __warn+0x318/0x4d0 [ 324.429451][ T7929] ? nsproxy_ns_active_put+0xa19/0xd30 [ 324.434934][ T7929] ? nsproxy_ns_active_put+0xa19/0xd30 [ 324.440600][ T7929] report_bug+0x2be/0x4f0 [ 324.444955][ T7929] ? nsproxy_ns_active_put+0xa19/0xd30 [ 324.450535][ T7929] ? nsproxy_ns_active_put+0xa19/0xd30 [ 324.456020][ T7929] ? nsproxy_ns_active_put+0xa1b/0xd30 [ 324.461492][ T7929] handle_bug+0x84/0x160 [ 324.465749][ T7929] exc_invalid_op+0x1a/0x50 [ 324.470263][ T7929] asm_exc_invalid_op+0x1a/0x20 [ 324.475119][ T7929] RIP: 0010:nsproxy_ns_active_put+0xa19/0xd30 [ 324.481208][ T7929] Code: 0f 0b 90 e9 71 fc ff ff e8 54 dc 76 ff 90 0f 0b 90 e9 ab fc ff ff e8 46 dc 76 ff 90 0f 0b 90 e9 41 fd ff ff e8 38 dc 76 ff 90 <0f> 0b 90 e9 64 fd ff ff e8 2a dc 76 ff 90 0f 0b 90 e9 98 fd ff ff [ 324.500836][ T7929] RSP: 0018:ffffc9000dddfcf8 EFLAGS: 00010293 [ 324.506940][ T7929] RAX: ffffffff824a4348 RBX: ffff88801c6e0b60 RCX: ffff88802691bd00 [ 324.515019][ T7929] RDX: 0000000000000000 RSI: 00000000effffff8 RDI: 00000000effffff8 [ 324.523090][ T7929] RBP: 00000000effffff8 R08: ffffffff8df6eccb R09: 1ffffffff1bedd99 [ 324.531077][ T7929] R10: dffffc0000000000 R11: fffffbfff1bedd9a R12: dffffc0000000000 [ 324.539061][ T7929] R13: 1ffffffff1bedd85 R14: ffffffff8df6ec00 R15: ffffffff8df6ec28 [ 324.547137][ T7929] ? nsproxy_ns_active_put+0xa18/0xd30 [ 324.552635][ T7929] ? nsproxy_ns_active_put+0xa18/0xd30 [ 324.558126][ T7929] free_nsproxy+0x26/0x560 [ 324.562571][ T7929] do_exit+0x6b8/0x2300 [ 324.566774][ T7929] ? __pfx_hrtimer_wakeup+0x10/0x10 [ 324.572086][ T7929] ? __pfx_do_exit+0x10/0x10 [ 324.576700][ T7929] ? rcu_is_watching+0x15/0xb0 [ 324.581491][ T7929] __x64_sys_exit+0x40/0x40 [ 324.586011][ T7929] x64_sys_call+0x21f3/0x2210 [ 324.590716][ T7929] do_syscall_64+0xfa/0xfa0 [ 324.595236][ T7929] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 324.601435][ T7929] ? clear_bhb_loop+0x60/0xb0 [ 324.606109][ T7929] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 324.612006][ T7929] RIP: 0033:0x7fa4c438f6c9 [ 324.616406][ T7929] Code: Unable to access opcode bytes at 0x7fa4c438f69f. [ 324.623586][ T7929] RSP: 002b:00007fa4c514efe8 EFLAGS: 00000246 ORIG_RAX: 000000000000003c [ 324.632041][ T7929] RAX: ffffffffffffffda RBX: 00007fa4c45e5fa0 RCX: 00007fa4c438f6c9 [ 324.640004][ T7929] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 324.647965][ T7929] RBP: 00007fa4c4411f91 R08: 0000000000000000 R09: 0000000000000000 [ 324.655926][ T7929] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 324.663885][ T7929] R13: 00007fa4c45e6038 R14: 00007fa4c45e5fa0 R15: 00007ffdb51a9958 [ 324.671868][ T7929] [ 324.675056][ T7929] Kernel Offset: disabled [ 324.679454][ T7929] Rebooting in 86400 seconds..