last executing test programs: 5.384949858s ago: executing program 3 (id=193): mremap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x400000, 0x3, &(0x7f0000c00000/0x400000)=nil) mremap(&(0x7f0000a01000/0x4000)=nil, 0x4000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) 5.075276316s ago: executing program 3 (id=196): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, 0x0, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)={{0x14}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_CT_DIRECTION={0x5, 0x3, 0x1}, @NFTA_CT_SREG={0x8, 0x4, 0x1, 0x0, 0x4}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x3}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x80}}, 0x0) 4.84230108s ago: executing program 3 (id=199): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x12, 0x1, 0x4, 0x8}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xd, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002e00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r1, 0x0, 0xe, 0x0, &(0x7f00000008c0)="7a7fa22c2aff88df53ef2a2d280f", 0x0, 0xa00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 4.463503412s ago: executing program 3 (id=201): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, 0xf}, 0x1c) listen(r1, 0x0) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x38, r4, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x24, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e23}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @multicast1=0xac1414aa}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1}]}]}, 0x38}}, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000740), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r5, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f0000000980)=ANY=[@ANYBLOB="84000000", @ANYRES16=r6, @ANYBLOB="010000000000fbdbdf250100000008000200000000000500050000000000080003000100000048000180050002002000000006000100020000000800060003000000080003"], 0x84}}, 0x20000000) r7 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000004c0)={0x30, r7, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x1c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @remote}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1}]}]}, 0x30}}, 0x0) 4.463270542s ago: executing program 2 (id=202): pipe(&(0x7f0000000500)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = fsopen(&(0x7f0000000080)='autofs\x00', 0x0) fsconfig$FSCONFIG_SET_FD(r1, 0x5, &(0x7f00000005c0)='fd', 0x0, r0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(r1, 0x0, 0x2) fchdir(r2) symlinkat(&(0x7f0000001040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00') execve(&(0x7f0000002040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0x0, 0x0) 4.175739358s ago: executing program 1 (id=205): mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0) socket$kcm(0x2b, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], 0x0, 0x2, 0x0, 0x0, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, 0x0, 0x0, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) syz_genetlink_get_family_id$l2tp(&(0x7f0000000080), 0xffffffffffffffff) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @empty, 0x7}], 0x1c) sendmsg$inet6(r3, 0x0, 0x4048043) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, 0x0, 0x0) shutdown(r3, 0x1) r4 = fsopen(&(0x7f00000001c0)='ceph\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f00000000c0)='test_dummy_encryption', &(0x7f0000000180)='v1to_da_alloc', 0x0) mount(&(0x7f0000000040)=@sr0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0)='vfat\x00', 0x81, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x1c5ed000) ioctl$HIDIOCGVERSION(0xffffffffffffffff, 0x80044801, &(0x7f0000000280)) bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[], 0x50) bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="01000000cdb60000000000000100000000000000", @ANYRES32, @ANYBLOB="ffff00"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="010000000200"/28], 0x50) 4.119493841s ago: executing program 2 (id=207): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)={{0x14}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_CT_DIRECTION={0x5, 0x3, 0x1}, @NFTA_CT_SREG={0x8, 0x4, 0x1, 0x0, 0x4}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x3}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x80}}, 0x0) 4.024339497s ago: executing program 2 (id=208): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000040)={0x11, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x2, 0x0, 'lc\x00'}, 0x2c) setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000000)={0x11, @private, 0x3, 0x0, 'lblcr\x00'}, 0x2c) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000001dc0), 0xffffffffffffffff) sendmsg$IPVS_CMD_GET_SERVICE(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000540)={0x14, r2, 0xb17, 0x70bd2a, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x20000014}, 0x4804) 3.842079877s ago: executing program 2 (id=209): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x12, 0x1, 0x4, 0x8}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xd, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002e00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r1, 0x0, 0xe, 0x0, &(0x7f00000008c0)="7a7fa22c2aff88df53ef2a2d280f", 0x0, 0xa00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 3.704535385s ago: executing program 2 (id=211): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000540)={0x50, 0x2, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x16, 0x3, 'hash:net,port,net\x00'}]}, 0x50}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000780)=ANY=[@ANYBLOB="74000000090601020000000000000000030000000900020073797a310000000005000100070000004c0007801800018014000240fe8000000000000000000300000000aa1800148014000240fc000000000000000000000000000000060004404e1f0000050007008400000006000540"], 0x74}, 0x1, 0x0, 0x0, 0x10040003}, 0x0) sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)=ANY=[@ANYBLOB="7c000000090601020000000000000000030000000900020073797a3100000000050001000700000054000780060004404e1f0000180014801400024000000000000000000000000000000000050007003a000000050015000600000008000840000000021800018014000240"], 0x7c}, 0x1, 0x0, 0x0, 0x10040003}, 0x4000) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) sendmsg$IPSET_CMD_ADD(r2, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10040003}, 0x0) 3.411396712s ago: executing program 3 (id=212): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, 0x0, 0x0) io_uring_setup(0x734c, &(0x7f0000000000)={0x0, 0x1000, 0x0, 0x0, 0xfff3fffc}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000380)=0x0) prlimit64(r1, 0xe, &(0x7f0000000140)={0x8, 0x98}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000003c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000300)=@abs={0x0, 0x0, 0x4e23}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) connect$llc(r5, &(0x7f0000000180)={0x1a, 0x0, 0xf9, 0x8, 0xff, 0x0, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3e}}, 0x10) sendmmsg(0xffffffffffffffff, &(0x7f0000001380), 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r6 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x16, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8ab8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r6, @ANYBLOB="0000000000000000b703000000000000850000006900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x66, '\x00', 0x0, @fallback=0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) chdir(&(0x7f0000000080)='./file0\x00') mount$overlay(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000480), 0x2000000, &(0x7f0000000000)={[{@upperdir={'upperdir', 0x3d, './file1'}}]}) socket$packet(0x11, 0x2, 0x300) 3.084268511s ago: executing program 0 (id=213): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, 0x0, 0x0) sendmmsg$inet(r0, &(0x7f0000000600)=[{{&(0x7f0000000c00)={0x2, 0x4e20, @multicast2}, 0x10, 0x0}}], 0x1, 0x2000c044) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 3.083483482s ago: executing program 1 (id=214): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f00000008c0)={@val={0x3, 0x800}, @val={0x1, 0x0, 0x0, 0x0, 0x14}, @ipv4=@icmp={{0x6, 0x4, 0x0, 0x0, 0x34, 0x1400, 0x0, 0x0, 0x1, 0x0, @private=0xa010100, @local, {[@rr={0x7, 0x3, 0x47}]}}, @dest_unreach={0x4, 0x0, 0x0, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x11, 0x0, 0x11, 0x0, @local, @loopback}}}}, 0x42) 2.76346375s ago: executing program 0 (id=215): r0 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x800, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x32, 0x0, &(0x7f0000000400)=[@increfs], 0xfffffcb0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x10000000000) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000540)={@fd={0x66642a85, 0x0, r2}, @ptr={0x70742a85, 0x80000, 0x0, 0x0, 0x1, 0x1c}, @fd}, &(0x7f0000000600)={0x4, 0x18, 0x40}}, 0x1000}], 0x0, 0x0, 0x0}) 2.507708875s ago: executing program 1 (id=216): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)={{0x14}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_CT_DIRECTION={0x5, 0x3, 0x1}, @NFTA_CT_SREG={0x8, 0x4, 0x1, 0x0, 0x4}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x3}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x80}}, 0x0) 2.408546631s ago: executing program 0 (id=217): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000040)={0x11, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x2, 0x0, 'lc\x00'}, 0x2c) setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000000)={0x11, @private, 0x3, 0x0, 'lblcr\x00'}, 0x2c) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000001dc0), 0xffffffffffffffff) sendmsg$IPVS_CMD_GET_SERVICE(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000540)={0x14, r2, 0xb17, 0x70bd2a, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x20000014}, 0x4804) 2.274378519s ago: executing program 0 (id=218): r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000020000000000000000ee000095"], &(0x7f00000002c0)='syzkaller\x00'}, 0x80) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.swap.events\x00', 0x26e1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000001800)={0x6, 0x3, &(0x7f00000006c0)=ANY=[@ANYBLOB="1800000000680000000000000000000095"], &(0x7f0000000300)='GPL\x00'}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000040)={r1, 0x0, 0x25, 0x8, @void}, 0x10) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000200)={r0, 0x0, 0x25, 0x0, @val=@tcx}, 0x1c) 2.273986679s ago: executing program 1 (id=219): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x12, 0x1, 0x4, 0x8}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xd, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002e00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r1, 0x0, 0xe, 0x0, &(0x7f00000008c0)="7a7fa22c2aff88df53ef2a2d280f", 0x0, 0xa00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 1.991629085s ago: executing program 1 (id=220): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, 0xf}, 0x1c) listen(r1, 0x0) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x38, r4, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x24, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e23}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @multicast1=0xac1414aa}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1}]}]}, 0x38}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$mptcp(&(0x7f0000000740), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000004c0)={0x30, r6, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x1c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @remote}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1}]}]}, 0x30}}, 0x0) 1.945423178s ago: executing program 0 (id=221): r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) socket$igmp6(0xa, 0x3, 0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$inet6(0xa, 0x802, 0x0) setsockopt$inet6_buf(r4, 0x29, 0x39, 0x0, 0x0) connect$inet6(r4, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback, 0x3}, 0x31) ioctl$FBIOPUT_VSCREENINFO(0xffffffffffffffff, 0x4601, 0x0) futimesat(r0, &(0x7f0000000300)='./bus\x00', &(0x7f0000000440)={{}, {0x0, 0xea60}}) socket$inet6_sctp(0xa, 0x1, 0x84) r5 = syz_open_dev$vbi(&(0x7f0000000180), 0x2, 0x2) ioctl$VIDIOC_ENUMSTD(r5, 0xc0405619, &(0x7f00000001c0)={0x685, 0x38b485eac21ffe77, "6192826bef962c4d6022cd1ccc75bd0f312115882ac601da", {0x0, 0x4}, 0x400040}) mount(&(0x7f0000000240)=@filename='./bus\x00', &(0x7f0000000280)='./bus\x00', &(0x7f00000002c0)='9p\x00', 0x0, 0x0) prctl$PR_GET_NAME(0x25, 0x0) 1.628213006s ago: executing program 1 (id=222): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f00000000c0)=@file={0x0, './bus\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r5 = syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_SET(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000500)={0x44, r5, 0x801, 0x70bd2a, 0x0, {0x2a}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x58}, @DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x2}, @handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x44}, 0x1, 0x0, 0x0, 0xd4209235c937efa7}, 0x0) r6 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r6, 0x6, 0x0, 0x0, 0x0) fchdir(0xffffffffffffffff) ftruncate(0xffffffffffffffff, 0x2007ffb) close(0xffffffffffffffff) creat(0x0, 0x0) ioctl$SG_BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x20000000) r7 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(r8, 0x0, 0x0) ioctl$KVM_SET_MSRS(r7, 0x4008ae89, &(0x7f0000000140)={0x1, 0x0, [{0x40000107}]}) sendmsg$IPSET_CMD_CREATE(r0, 0x0, 0x8000) sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x28, 0x3, 0x6, 0x5, 0x0, 0x0, {0x2, 0x0, 0x8}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x20000000}, 0x800) 833.918242ms ago: executing program 3 (id=223): socket$packet(0x11, 0x3, 0x300) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet6_IPV6_RTHDR(r0, 0x29, 0x39, &(0x7f0000000080)=ANY=[@ANYBLOB="00020201"], 0x18) socket$inet_udplite(0x2, 0x2, 0x88) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8004, 0x0, 0x9, 0x7, 0xfffffdffffffffff, 0xfa11, 0xffffffff}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) fsopen(0x0, 0x0) syz_open_dev$vim2m(&(0x7f0000000200), 0x8, 0x2) r3 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0) writev(r3, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="3c010000190001000000000000000000e0000001000000000000000000000000fe8000000000000000000000000000aa4e220000000000000a0000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB], 0x13c}, 0x1, 0x0, 0x0, 0x20000000}, 0x20040880) r5 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) write$rfkill(r5, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8) sendmmsg$inet6(r0, &(0x7f0000000380), 0x0, 0x4c040) bind$unix(0xffffffffffffffff, &(0x7f0000000180)=@file={0x1}, 0x6e) listen(0xffffffffffffffff, 0x6) r6 = socket$unix(0x1, 0x1, 0x0) connect$unix(r6, &(0x7f0000000000)=@file={0x1}, 0x6e) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000002180)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) setsockopt$inet_mreq(0xffffffffffffffff, 0x0, 0x23, &(0x7f0000000000)={@multicast1=0xe0000300, @local}, 0x8) syz_emit_ethernet(0x7a, &(0x7f00000000c0)={@local, @empty, @void, {@ipv6={0x86dd, @gre_packet={0x1, 0x6, "10fcff", 0x44, 0x2f, 0x0, @remote, @local, {[], {{0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x88be, 0x0, 0x1}, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x88a8}, {}, {0x8, 0x88be, 0x3, {{0xc, 0x1, 0x8, 0x1, 0x1, 0x0, 0x4, 0x10}, 0x1, {0x7b40}}}, {0x8, 0x22eb, 0x2, {{0x3, 0x2, 0x2, 0x3, 0x0, 0x0, 0x1, 0x9}, 0x2, {0x5, 0xeb, 0x0, 0xd, 0x1, 0x1, 0x1, 0x1, 0x1}}}, {0x8, 0x6558, 0x2}}}}}}}, 0x0) 609.610495ms ago: executing program 2 (id=224): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000a00)={{0x14}, [@NFT_MSG_NEWRULE={0x2c, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x18, 0x4, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, @numgen={{0xb}, @val={0x4}}}]}]}], {0x14}}, 0x54}}, 0x0) syz_usb_connect(0x2, 0x2d, &(0x7f0000000a00)=ANY=[@ANYBLOB="120100000c9768405e0483020b9901e4020109021b000100000000090400fb015c291d00090509"], 0x0) r0 = syz_open_dev$audion(&(0x7f0000000000), 0x3, 0x1) write$P9_RVERSION(r0, &(0x7f0000000640)={0x15, 0x65, 0xffff, 0x0, 0x8, '9P2000.L'}, 0x5ce) 0s ago: executing program 0 (id=225): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x240, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0xfffffffd, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x22, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x9}, 0x80}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_usbip_server_init(0x6) socket$netlink(0x10, 0x3, 0x15) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000710000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94) pipe(0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r4, 0x0, 0x0, 0x22004001, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c) shutdown(r4, 0x1) r5 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) preadv(r5, &(0x7f00000000c0)=[{&(0x7f0000000040)=""/98, 0x62}], 0x1, 0x0, 0x0) r6 = socket$pppoe(0x18, 0x1, 0x0) pwritev(r5, &(0x7f00000003c0)=[{&(0x7f0000000440)="07fd468efdb2b168c92b960743e2c888f73fd05f5cac7697e564d933784ce06b526d14a1c86a4d483c499f07b768851638606d6f990234dc97c976761e7505c91c50b0c01dc95db90a1fd46f5722636cbf65871219c3191f083cfda7c675980485faf2ffda68fe865e5674804940e716ce1030402f1dec00b19c77880935adff0e2d39c975e69179bd569c80a5ece8d97a6c101766b189b12bcd1f200fa12d95e791021862476abcd3d958d3de83015adafac8a124", 0xb5}, {&(0x7f0000000500)="604f6400eb842b6043beff1471a5823456e8ddf3814c65ac641917a765e0d3b1dd5bc64425b84010203cc2b774127b90549da5a92b02a5f90876c1ee9292be8c73726d9750dc3682832380f0bdcd50b1feb36ef98c1c19c61adbafa435f1297a3592d8136ccc59fba73fd7", 0x6b}, {&(0x7f00000001c0)}, {&(0x7f0000000300)="63ad4a9e70e0142836682ce42fcb67115b92eccf0a744962f078a7affd51dff1d51f2f9602eac9e098ace812e2c76ac972eba799b959ba606c60057d5936c73244055c06cea5cc4004b3fd7a", 0x4c}, {&(0x7f00000005c0)="882683cbf7c168b033bc98cad9943635c161864a13567505fbfb7cf76de64c2b0a13d9e3f6b69501ac924015639817ca41e31c9bbdba07a81a33b389721713fddf2baa563f9c19be1845c691555758a0365b1dad0d1d4912afe67f47fc40986015f8342ab9739c38534c5729a907821aac51948797a8a416cf681160a5f99490ea0b733c620a939c274d90a65cdf24652f8b4d088856a3544ef0ca2a94f8e4c795db8a1d7933ea3e476610f8c3fa0a43daeb39fe72b9711f8f4451e253a89d1f75398b41dc42fff6c06c1f485654b4b45e8c4877689e272d1ebf364e6a6fdf19f91958", 0xe3}], 0x5, 0xfffffffe, 0x4) connect$pppoe(r6, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@newlink={0x30, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_MTU={0x8, 0x4, 0x600}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0x11) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.31' (ED25519) to the list of known hosts. [ 82.962032][ T5756] cgroup: Unknown subsys name 'net' [ 83.125664][ T5756] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 84.865353][ T5756] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 86.598745][ T5780] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 86.607592][ T5780] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 86.617806][ T5780] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 86.625547][ T5780] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 86.633475][ T5780] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 86.648274][ T5780] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 86.660465][ T5779] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 86.668313][ T5778] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 86.676650][ T5780] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 86.685881][ T5778] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 86.689416][ T5780] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 86.695347][ T5778] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 86.708326][ T5778] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 86.716310][ T5778] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 86.719251][ T5780] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 86.725139][ T5778] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 86.740925][ T51] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 86.760087][ T5781] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 86.770430][ T51] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 86.779383][ T51] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 86.787441][ T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 86.795106][ T51] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 86.804107][ T51] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 86.812618][ T5082] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 87.339521][ T5767] chnl_net:caif_netlink_parms(): no params data found [ 87.363463][ T5770] chnl_net:caif_netlink_parms(): no params data found [ 87.453850][ T5769] chnl_net:caif_netlink_parms(): no params data found [ 87.482088][ T5768] chnl_net:caif_netlink_parms(): no params data found [ 87.692744][ T5767] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.700978][ T5767] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.713991][ T5767] bridge_slave_0: entered allmulticast mode [ 87.722365][ T5767] bridge_slave_0: entered promiscuous mode [ 87.732976][ T5767] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.740665][ T5767] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.748255][ T5767] bridge_slave_1: entered allmulticast mode [ 87.755750][ T5767] bridge_slave_1: entered promiscuous mode [ 87.779169][ T5770] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.786369][ T5770] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.794394][ T5770] bridge_slave_0: entered allmulticast mode [ 87.802336][ T5770] bridge_slave_0: entered promiscuous mode [ 87.905580][ T5770] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.913009][ T5770] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.920976][ T5770] bridge_slave_1: entered allmulticast mode [ 87.928488][ T5770] bridge_slave_1: entered promiscuous mode [ 87.985631][ T5767] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.999010][ T5767] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.036893][ T5768] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.044259][ T5768] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.058112][ T5768] bridge_slave_0: entered allmulticast mode [ 88.066213][ T5768] bridge_slave_0: entered promiscuous mode [ 88.079782][ T5768] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.091729][ T5768] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.099396][ T5768] bridge_slave_1: entered allmulticast mode [ 88.107371][ T5768] bridge_slave_1: entered promiscuous mode [ 88.114622][ T5769] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.121985][ T5769] bridge0: port 1(bridge_slave_0) entered disabled state [ 88.136885][ T5769] bridge_slave_0: entered allmulticast mode [ 88.144101][ T5769] bridge_slave_0: entered promiscuous mode [ 88.164153][ T5769] bridge0: port 2(bridge_slave_1) entered blocking state [ 88.171850][ T5769] bridge0: port 2(bridge_slave_1) entered disabled state [ 88.185270][ T5769] bridge_slave_1: entered allmulticast mode [ 88.193246][ T5769] bridge_slave_1: entered promiscuous mode [ 88.234638][ T5770] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 88.282897][ T5770] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.318280][ T5767] team0: Port device team_slave_0 added [ 88.327529][ T5769] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 88.349260][ T5769] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.363028][ T5768] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 88.374543][ T5767] team0: Port device team_slave_1 added [ 88.415960][ T5768] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.449590][ T5767] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.456792][ T5767] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.482972][ T5767] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.501491][ T5770] team0: Port device team_slave_0 added [ 88.511309][ T5770] team0: Port device team_slave_1 added [ 88.549831][ T5769] team0: Port device team_slave_0 added [ 88.557987][ T5767] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.564987][ T5767] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.591142][ T5767] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.625997][ T5768] team0: Port device team_slave_0 added [ 88.636186][ T5768] team0: Port device team_slave_1 added [ 88.645060][ T5769] team0: Port device team_slave_1 added [ 88.707560][ T5769] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.714548][ T5769] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.743727][ T5769] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.755749][ T5770] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.763924][ T5770] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.790194][ T5770] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.813815][ T5768] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.823957][ T5768] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.840102][ T51] Bluetooth: hci3: command tx timeout [ 88.856104][ T51] Bluetooth: hci2: command tx timeout [ 88.862102][ T5768] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.876941][ T5768] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.884026][ T5768] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.910587][ T5768] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.917303][ T5772] Bluetooth: hci1: command tx timeout [ 88.928388][ T51] Bluetooth: hci0: command tx timeout [ 88.934951][ T5769] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.942499][ T5769] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.968636][ T5769] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.981634][ T5770] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.988687][ T5770] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.015412][ T5770] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 89.056918][ T5767] hsr_slave_0: entered promiscuous mode [ 89.063705][ T5767] hsr_slave_1: entered promiscuous mode [ 89.109937][ T5769] hsr_slave_0: entered promiscuous mode [ 89.116821][ T5769] hsr_slave_1: entered promiscuous mode [ 89.123661][ T5769] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 89.131699][ T5769] Cannot create hsr debugfs directory [ 89.168730][ T5770] hsr_slave_0: entered promiscuous mode [ 89.175487][ T5770] hsr_slave_1: entered promiscuous mode [ 89.182418][ T5770] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 89.190681][ T5770] Cannot create hsr debugfs directory [ 89.249547][ T5768] hsr_slave_0: entered promiscuous mode [ 89.255993][ T5768] hsr_slave_1: entered promiscuous mode [ 89.262504][ T5768] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 89.270285][ T5768] Cannot create hsr debugfs directory [ 89.757186][ T5769] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 89.777350][ T5769] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 89.792865][ T5769] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 89.815104][ T5769] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 89.877827][ T5767] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 89.890466][ T5767] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 89.921673][ T5767] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 89.933704][ T5767] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 89.990508][ T5770] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 90.021399][ T5770] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 90.044071][ T5770] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 90.056165][ T5770] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 90.164159][ T5768] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 90.175795][ T5768] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 90.200252][ T5768] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 90.215265][ T5768] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 90.319137][ T5767] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.405324][ T5767] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.421604][ T5769] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.451655][ T5769] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.471585][ T2895] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.479276][ T2895] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.504968][ T2895] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.512209][ T2895] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.541791][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.549144][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.568057][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.575271][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.612308][ T5770] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.678738][ T5770] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.691987][ T5768] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.722130][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.729335][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.743631][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.750838][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.824727][ T5768] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.861340][ T60] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.868605][ T60] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.902906][ T1094] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.910119][ T1094] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.927411][ T51] Bluetooth: hci3: command tx timeout [ 90.927424][ T5772] Bluetooth: hci2: command tx timeout [ 90.998161][ T5772] Bluetooth: hci0: command tx timeout [ 91.003776][ T5772] Bluetooth: hci1: command tx timeout [ 91.253565][ T5769] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.424121][ T5769] veth0_vlan: entered promiscuous mode [ 91.482352][ T5767] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.508515][ T5769] veth1_vlan: entered promiscuous mode [ 91.620041][ T5769] veth0_macvtap: entered promiscuous mode [ 91.672326][ T5769] veth1_macvtap: entered promiscuous mode [ 91.705172][ T5767] veth0_vlan: entered promiscuous mode [ 91.735195][ T5767] veth1_vlan: entered promiscuous mode [ 91.762291][ T5769] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.782750][ T5770] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.804411][ T5769] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.822933][ T5768] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.845538][ T5769] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.854781][ T5769] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.864483][ T5769] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.873565][ T5769] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.940874][ T5767] veth0_macvtap: entered promiscuous mode [ 91.954980][ T5767] veth1_macvtap: entered promiscuous mode [ 92.033925][ T5770] veth0_vlan: entered promiscuous mode [ 92.074198][ T5770] veth1_vlan: entered promiscuous mode [ 92.092616][ T5768] veth0_vlan: entered promiscuous mode [ 92.142251][ T5767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 92.155289][ T5767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.169102][ T5767] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 92.186338][ T5768] veth1_vlan: entered promiscuous mode [ 92.205496][ T3438] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.220362][ T3438] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.223149][ T5770] veth0_macvtap: entered promiscuous mode [ 92.249951][ T5767] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 92.261013][ T5767] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.277281][ T5767] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 92.296959][ T5770] veth1_macvtap: entered promiscuous mode [ 92.331233][ T5767] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.341129][ T5767] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.351869][ T5767] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.361943][ T5767] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.387631][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 92.398955][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.409499][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 92.420314][ T60] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.421319][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.441940][ T5770] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 92.450147][ T60] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.485273][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 92.502396][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.512552][ T5770] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 92.526515][ T5770] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.538349][ T5770] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 92.584979][ T5770] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.610972][ T967] cfg80211: failed to load regulatory.db [ 92.617985][ T5770] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.628380][ T5770] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.638021][ T5770] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.665566][ T5768] veth0_macvtap: entered promiscuous mode [ 92.691894][ T5768] veth1_macvtap: entered promiscuous mode [ 92.826865][ T1094] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.836079][ T1094] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.871715][ T5768] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 92.884293][ T5768] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.896355][ T5768] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 92.911281][ T5768] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.924275][ T5768] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 92.936593][ T5768] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.951728][ T5864] block device autoloading is deprecated and will be removed. [ 92.961707][ T5768] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 92.979697][ T5768] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 92.993198][ T5768] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.004325][ T5772] Bluetooth: hci2: command tx timeout [ 93.012832][ T5772] Bluetooth: hci3: command tx timeout [ 93.030614][ T5768] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 93.043884][ T5768] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.053939][ T5768] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 93.064644][ T5768] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 93.076317][ T5768] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 93.086345][ T5772] Bluetooth: hci1: command tx timeout [ 93.092047][ T5772] Bluetooth: hci0: command tx timeout [ 93.144942][ T5768] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.153910][ T5768] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.168855][ T5768] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.177986][ T5768] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.253098][ T5866] syz.2.5[5866]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 93.290034][ T60] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.310667][ T60] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.344337][ T60] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.356866][ T60] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.478375][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.486359][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.496891][ T1094] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.504418][ T1094] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.701627][ T3438] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.717334][ T3438] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.855805][ T5868] loop0: detected capacity change from 0 to 4096 [ 94.102926][ T5868] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 94.158833][ T5872] netlink: 'syz.3.4': attribute type 4 has an invalid length. [ 94.247919][ T5868] ntfs3: loop0: Failed to load $Extend (-22). [ 94.266817][ T23] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 94.293766][ T5868] ntfs3: loop0: Failed to initialize $Extend. [ 94.488068][ T23] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 94.517146][ T23] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 94.546808][ T23] usb 2-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 94.567454][ T23] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 94.606122][ T23] usb 2-1: config 0 descriptor?? [ 95.018383][ T5866] loop2: detected capacity change from 0 to 65536 [ 95.077418][ T51] Bluetooth: hci3: command tx timeout [ 95.087946][ T51] Bluetooth: hci2: command tx timeout [ 95.100658][ T23] cm6533_jd 0003:0D8C:0022.0001: unknown main item tag 0x0 [ 95.108858][ T23] cm6533_jd 0003:0D8C:0022.0001: unknown main item tag 0x0 [ 95.123268][ T23] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0D8C:0022.0001/input/input5 [ 95.157279][ T51] Bluetooth: hci0: command tx timeout [ 95.159301][ T5772] Bluetooth: hci1: command tx timeout [ 95.184822][ T5866] XFS (loop2): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 95.227122][ T23] cm6533_jd 0003:0D8C:0022.0001: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.1-1/input0 [ 95.300304][ T23] usb 2-1: USB disconnect, device number 2 [ 95.434151][ T5866] XFS (loop2): Ending clean mount [ 95.481102][ T5866] XFS (loop2): Quotacheck needed: Please wait. [ 95.563298][ T5889] XFS (loop2): Metadata CRC error detected at xfs_allocbt_read_verify+0x42/0xd0, xfs_bnobt block 0x4 [ 95.607023][ T5889] XFS (loop2): Unmount and run xfs_repair [ 95.612826][ T5889] XFS (loop2): First 128 bytes of corrupted metadata buffer: [ 95.652164][ T5889] 00000000: 41 42 33 42 00 00 00 02 ff ff ff ff ff ff ff ff AB3B............ [ 95.687376][ T5889] 00000010: 00 00 00 00 00 00 00 04 00 00 00 01 00 00 00 10 ................ [ 95.703181][ T5888] fido_id[5888]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 95.720930][ T5889] 00000020: 9b 73 48 e5 2f a0 41 a5 95 26 c5 3a 67 8b 01 f3 .sH./.A..&.:g... [ 95.736465][ T5889] 00000030: 00 00 00 00 ac fb 87 b1 00 00 00 0d 00 00 00 03 ................ [ 95.772901][ T5889] 00000040: 00 00 00 39 00 00 3f c7 00 00 00 00 00 00 00 00 ...9..?......... [ 95.790591][ T5889] 00000050: 00 00 00 00 00 00 08 00 00 00 00 00 00 00 00 00 ................ [ 95.806005][ T5889] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 95.819704][ T5889] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 95.830518][ T3438] XFS (loop2): metadata I/O error in "xfs_btree_read_buf_block+0x1df/0x2e0" at daddr 0x4 len 2 error 74 [ 95.851259][ T5879] loop3: detected capacity change from 0 to 40427 [ 95.872467][ T5866] XFS (loop2): Quotacheck: Unsuccessful (Error -117): Disabling quotas. [ 95.880886][ T5879] F2FS-fs (loop3): build fault injection attr: rate: 771, type: 0x7ffff [ 95.914776][ T5879] F2FS-fs (loop3): invalid crc value [ 95.934652][ T5879] F2FS-fs (loop3): Found nat_bits in checkpoint [ 96.110605][ T5152] XFS (loop2): Metadata CRC error detected at xfs_allocbt_read_verify+0x42/0xd0, xfs_bnobt block 0x4 [ 96.138787][ T5879] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 96.172815][ T5152] XFS (loop2): Unmount and run xfs_repair [ 96.192120][ T5152] XFS (loop2): First 128 bytes of corrupted metadata buffer: [ 96.236455][ T5152] 00000000: 41 42 33 42 00 00 00 02 ff ff ff ff ff ff ff ff AB3B............ [ 96.245661][ T5152] 00000010: 00 00 00 00 00 00 00 04 00 00 00 01 00 00 00 10 ................ [ 96.308144][ T5152] 00000020: 9b 73 48 e5 2f a0 41 a5 95 26 c5 3a 67 8b 01 f3 .sH./.A..&.:g... [ 96.336576][ T5152] 00000030: 00 00 00 00 ac fb 87 b1 00 00 00 0d 00 00 00 03 ................ [ 96.345606][ T5152] 00000040: 00 00 00 39 00 00 3f c7 00 00 00 00 00 00 00 00 ...9..?......... [ 96.405841][ T5152] 00000050: 00 00 00 00 00 00 08 00 00 00 00 00 00 00 00 00 ................ [ 96.447038][ T5152] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 96.455976][ T5152] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 96.506527][ T9] XFS (loop2): metadata I/O error in "xfs_btree_read_buf_block+0x1df/0x2e0" at daddr 0x4 len 2 error 74 [ 96.534914][ T5879] F2FS-fs (loop3): inject no more block in inc_valid_block_count of f2fs_map_blocks+0x12c0/0x3e60 [ 96.562014][ T9] XFS (loop2): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0x183c/0x1e00 (fs/xfs/libxfs/xfs_defer.c:598). Shutting down filesystem. [ 96.601831][ T28] audit: type=1326 audit(1769848301.879:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5867 comm="syz.0.1" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f369359aeb9 code=0x0 [ 96.606920][ T9] XFS (loop2): Please unmount the filesystem and rectify the problem(s) [ 97.077350][ T967] IPVS: starting estimator thread 0... [ 97.207794][ T5898] IPVS: using max 18 ests per chain, 43200 per kthread [ 97.456043][ T5769] XFS (loop2): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 97.968604][ T5768] syz-executor: attempt to access beyond end of device [ 97.968604][ T5768] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 97.992091][ T5768] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 98.337468][ T5894] loop1: detected capacity change from 0 to 65536 [ 98.611151][ T5906] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 98.617743][ T5906] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 98.666767][ T5894] XFS (loop1): DAX unsupported by block device. Turning off DAX. [ 99.439202][ T5894] XFS (loop1): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 99.453494][ T5906] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 99.493861][ T5894] workqueue: Failed to create a rescuer kthread for wq "xfs-log/loop1": -EINTR [ 99.494694][ T5894] XFS (loop1): log mount failed [ 99.606851][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 99.628407][ T5906] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 99.637007][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 99.833769][ T5906] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 100.771996][ T5772] Bluetooth: hci1: command 0x0c1a tx timeout [ 100.859503][ T5906] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 100.958071][ T5906] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 100.958379][ T5906] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 100.967826][ T5906] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 100.986142][ T5906] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 100.986592][ T5906] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 101.014614][ T5906] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 101.073923][ T5931] loop3: detected capacity change from 0 to 256 [ 101.125022][ T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!! [ 101.307169][ T5931] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 101.636985][ T5772] Bluetooth: hci3: command 0x0c1a tx timeout [ 101.714535][ T5935] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 101.816709][ T5824] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 102.076641][ T5824] usb 3-1: Using ep0 maxpacket: 32 [ 102.155768][ T5824] usb 3-1: config index 0 descriptor too short (expected 29220, got 36) [ 102.177190][ T5824] usb 3-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 102.349464][ T5824] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 102.358986][ T5824] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 102.369139][ T5824] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 102.384499][ T5824] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 14385, setting to 1024 [ 102.388201][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 102.418786][ T5824] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 1024 [ 102.431528][ T5824] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 102.448294][ T5824] usb 3-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 102.460846][ T5824] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 102.476058][ T5824] usb 3-1: config 0 descriptor?? [ 102.534964][ T5933] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 102.671492][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 102.827419][ T5824] usblp 3-1:0.0: usblp0: USB Bidirectional printer dev 2 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 102.840572][ T5772] Bluetooth: hci1: command 0x0c1a tx timeout [ 103.006769][ T5772] Bluetooth: hci2: command 0x0c1a tx timeout [ 103.012947][ T51] Bluetooth: hci0: command 0x0c1a tx timeout [ 103.029042][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 103.164935][ C0] usblp0: nonzero read bulk status received: -71 [ 103.188582][ T5152] usb 3-1: USB disconnect, device number 2 [ 103.459915][ T5932] usblp0: removed [ 103.717198][ T51] Bluetooth: hci3: command 0x0c1a tx timeout [ 104.703748][ T5958] loop3: detected capacity change from 0 to 4096 [ 104.724803][ T5958] ntfs3: loop3: Different NTFS sector size (4096) and media sector size (512). [ 104.736687][ T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!! [ 104.788064][ T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!! [ 104.904029][ T5958] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 104.926792][ T51] Bluetooth: hci1: command 0x0c1a tx timeout [ 104.932895][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 104.943771][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 104.962404][ T5958] ntfs3: loop3: Failed to initialize $Extend/$ObjId. [ 105.086924][ T51] Bluetooth: hci0: command 0x0c1a tx timeout [ 105.093237][ T51] Bluetooth: hci2: command 0x0c1a tx timeout [ 105.159291][ T28] audit: type=1800 audit(1769848310.449:3): pid=5958 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.24" name="file1" dev="loop3" ino=24 res=0 errno=0 [ 105.799723][ T51] Bluetooth: hci3: command 0x0c1a tx timeout [ 107.407063][ T5980] sched: RT throttling activated [ 107.416882][ T51] Bluetooth: hci2: command 0x0c1a tx timeout [ 107.427746][ T5772] Bluetooth: hci0: command 0x0c1a tx timeout [ 107.836772][ T5984] loop2: detected capacity change from 0 to 64 [ 108.633758][ T5988] loop3: detected capacity change from 0 to 32768 [ 108.654432][ T5988] ======================================================= [ 108.654432][ T5988] WARNING: The mand mount option has been deprecated and [ 108.654432][ T5988] and is ignored by this kernel. Remove the mand [ 108.654432][ T5988] option from the mount to silence this warning. [ 108.654432][ T5988] ======================================================= [ 108.691791][ T5972] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 108.701669][ T5972] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 108.708988][ T5972] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 108.715390][ T5972] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 108.880767][ T5988] JBD2: Ignoring recovery information on journal [ 109.388871][ T5988] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 110.366519][ T5772] Bluetooth: hci1: command 0x0c1a tx timeout [ 110.766686][ T5772] Bluetooth: hci2: command 0x0c1a tx timeout [ 110.772868][ T51] Bluetooth: hci0: command 0x0c1a tx timeout [ 110.772890][ T5082] Bluetooth: hci3: command 0x0c1a tx timeout [ 111.750665][ T5768] ocfs2: Unmounting device (7,3) on (node local) [ 112.818047][ T6001] loop0: detected capacity change from 0 to 32768 [ 112.961872][ T6001] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 113.305772][ T6001] XFS (loop0): Ending clean mount [ 113.446975][ T5767] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 114.044809][ T6026] loop1: detected capacity change from 0 to 32768 [ 114.104836][ T6026] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 114.134749][ T6026] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 114.413713][ T6026] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 0ms [ 114.434954][ T5152] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 114.456070][ T5152] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 114.630434][ T5152] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 174ms [ 114.681437][ T5152] gfs2: fsid=syz:syz.0: jid=0: Done [ 114.702560][ T6026] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 117.316614][ T5837] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 117.536512][ T5837] usb 1-1: Using ep0 maxpacket: 8 [ 117.558520][ T5837] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 117.587124][ T5837] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 117.614477][ T5837] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 117.637441][ T5837] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 117.687022][ T5837] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 117.696155][ T5837] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 117.926626][ T5837] usb 1-1: GET_CAPABILITIES returned 0 [ 117.932227][ T5837] usbtmc 1-1:16.0: can't read capabilities [ 118.914976][ T5824] usb 1-1: USB disconnect, device number 2 [ 120.879271][ T6090] 8021q: adding VLAN 0 to HW filter on device bond0 [ 120.979314][ T6090] bond0: (slave rose0): Enslaving as an active interface with an up link [ 122.801653][ T6129] bridge0: port 3(syz_tun) entered blocking state [ 122.854700][ T6129] bridge0: port 3(syz_tun) entered disabled state [ 122.883244][ T6129] syz_tun: entered allmulticast mode [ 122.943919][ T6129] syz_tun: entered promiscuous mode [ 122.980118][ T6129] bridge0: port 3(syz_tun) entered blocking state [ 122.987374][ T6129] bridge0: port 3(syz_tun) entered forwarding state [ 128.490216][ T6212] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus [ 129.089525][ T6225] usb usb7: selecting invalid altsetting 6 [ 129.203419][ T6212] can0: slcan on ptm0. [ 131.010461][ T6191] can0 (unregistered): slcan off ptm0. [ 131.109508][ T6250] loop1: detected capacity change from 0 to 1024 [ 131.176888][ T6250] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors [ 131.196693][ T6250] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (38281!=20869) [ 131.342641][ T6250] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 131.437299][ T6250] EXT4-fs error (device loop1): ext4_get_journal_inode:5816: comm syz.1.107: inode #63: comm syz.1.107: iget: illegal inode # [ 131.667918][ T6250] EXT4-fs (loop1): no journal found [ 131.673298][ T6250] EXT4-fs (loop1): can't get journal size [ 131.702912][ T6250] EXT4-fs (loop1): failed to initialize system zone (-22) [ 131.711747][ T6250] EXT4-fs (loop1): mount failed [ 133.561375][ T1279] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.568466][ T1279] ieee802154 phy1 wpan1: encryption failed: -22 [ 135.680896][ T6290] loop2: detected capacity change from 0 to 256 [ 135.775471][ T6292] usb usb7: selecting invalid altsetting 6 [ 135.824633][ T6290] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 138.426931][ T6309] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus [ 138.642351][ T6309] can0: slcan on ptm0. [ 139.837657][ T6298] can0 (unregistered): slcan off ptm0. [ 141.341809][ T6343] usb usb7: selecting invalid altsetting 6 [ 141.876665][ T6351] loop3: detected capacity change from 0 to 512 [ 142.048534][ T6351] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF [ 142.101226][ T6351] FAT-fs (loop3): Filesystem has been set read-only [ 144.337622][ T6380] usb usb7: selecting invalid altsetting 6 [ 144.541424][ T6377] netlink: 36 bytes leftover after parsing attributes in process `syz.3.136'. [ 144.906341][ T6397] loop0: detected capacity change from 0 to 512 [ 145.136686][ T6397] EXT4-fs error (device loop0): ext4_iget_extra_inode:4732: inode #15: comm syz.0.142: corrupted in-inode xattr: invalid ea_ino [ 145.161482][ T6397] EXT4-fs error (device loop0): ext4_orphan_get:1403: comm syz.0.142: couldn't read orphan inode 15 (err -117) [ 145.291157][ T6397] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 145.510084][ T5767] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 145.652189][ T6404] (null): rxe_set_mtu: Set mtu to 256 [ 146.097668][ T6412] usb usb7: usbfs: process 6412 (syz.0.148) did not claim interface 0 before use [ 146.134108][ T6412] usb usb7: selecting invalid altsetting 6 [ 146.711657][ T6404] infiniband syz1: set active [ 146.723187][ T6404] infiniband syz1: added syz_tun [ 146.839449][ T6421] netlink: 'syz.1.152': attribute type 1 has an invalid length. [ 146.876572][ T6421] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 146.884257][ T6421] IPv6: NLM_F_CREATE should be set when creating new route [ 146.926128][ T6426] usb usb6: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 147.018158][ T6424] netlink: 36 bytes leftover after parsing attributes in process `syz.0.151'. [ 147.033665][ T6428] loop2: detected capacity change from 0 to 4096 [ 147.189106][ T6404] RDS/IB: syz1: added [ 147.194155][ T6404] smc: adding ib device syz1 with port count 1 [ 147.206643][ T6429] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 147.307869][ T6404] smc: ib device syz1 port 1 has pnetid [ 147.447311][ T28] audit: type=1800 audit(1769848352.719:4): pid=6428 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.154" name="bus" dev="loop2" ino=18 res=0 errno=0 [ 149.520932][ T6468] md: array md2 already has disks! [ 149.762851][ T6472] netlink: 36 bytes leftover after parsing attributes in process `syz.0.164'. [ 150.281010][ T6465] loop2: detected capacity change from 0 to 32768 [ 150.327767][ T6465] XFS (loop2): Mounting V5 Filesystem ed37bf6e-74ea-4e01-afba-5fee274b0f3a [ 150.518750][ T6465] XFS (loop2): Ending clean mount [ 150.590439][ T23] XFS (loop2): Metadata CRC error detected at xfs_allocbt_read_verify+0x42/0xd0, xfs_bnobt block 0x4 [ 150.624172][ T23] XFS (loop2): Unmount and run xfs_repair [ 150.664617][ T23] XFS (loop2): First 128 bytes of corrupted metadata buffer: [ 150.692593][ T23] 00000000: 41 42 33 42 00 00 00 03 ff ff ff ff ff ff ff ff AB3B............ [ 150.727304][ T23] 00000010: 00 00 00 00 00 00 00 04 00 00 00 01 00 00 00 10 ................ [ 150.760579][ T23] 00000020: ed 37 bf 6e 74 ea 4e 01 f8 ba 5f ee 27 4b 0f 3a .7.nt.N..._.'K.: [ 150.786520][ T23] 00000030: 00 00 00 00 f6 3b 25 b5 00 00 00 07 00 00 00 01 .....;%......... [ 150.816062][ T23] 00000040: 00 00 0b fe 00 00 00 02 00 00 0c 20 00 00 13 e0 ........... .... [ 150.977374][ T23] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 150.996498][ T23] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 151.005433][ T23] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 151.021631][ T5874] XFS (loop2): metadata I/O error in "xfs_btree_read_buf_block+0x1df/0x2e0" at daddr 0x4 len 4 error 74 [ 151.047075][ T5874] XFS (loop2): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0x183c/0x1e00 (fs/xfs/libxfs/xfs_defer.c:598). Shutting down filesystem. [ 151.116684][ T5874] XFS (loop2): Please unmount the filesystem and rectify the problem(s) [ 151.189586][ T5769] XFS (loop2): Unmounting Filesystem ed37bf6e-74ea-4e01-afba-5fee274b0f3a [ 151.816543][ T5847] IPVS: starting estimator thread 0... [ 151.926584][ T6507] IPVS: using max 19 ests per chain, 45600 per kthread [ 152.175557][ T6513] netlink: 36 bytes leftover after parsing attributes in process `syz.3.174'. [ 152.444142][ T6516] loop2: detected capacity change from 0 to 128 [ 152.862027][ T6498] loop1: detected capacity change from 0 to 32768 [ 152.912978][ T6498] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 scanned by syz.1.170 (6498) [ 153.027646][ T6524] usb usb8: usbfs: process 6524 (syz.0.180) did not claim interface 0 before use [ 153.116955][ T6498] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 153.171113][ T6498] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 153.215188][ T6498] BTRFS warning (device loop1): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 153.265679][ T6498] BTRFS info (device loop1): trying to use backup root at mount time [ 153.398551][ T5837] IPVS: starting estimator thread 0... [ 153.416541][ T6498] BTRFS info (device loop1): using free space tree [ 153.472322][ T6498] workqueue: Failed to create a rescuer kthread for wq "btrfs-fixup": -EINTR [ 153.497095][ T6498] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio": -EINTR [ 153.506087][ T6534] IPVS: using max 17 ests per chain, 40800 per kthread [ 153.542660][ T6540] loop2: detected capacity change from 0 to 512 [ 153.567227][ T6498] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-meta": -EINTR [ 153.567830][ T6498] workqueue: Failed to create a rescuer kthread for wq "btrfs-rmw": -EINTR [ 153.629143][ T6540] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 153.835301][ T6498] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-write": -EINTR [ 153.835992][ T6498] workqueue: Failed to create a rescuer kthread for wq "btrfs-compressed-write": -EINTR [ 153.902818][ T6498] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR [ 153.918199][ T6498] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR [ 154.025858][ T6498] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR [ 154.058243][ T6540] EXT4-fs error (device loop2): ext4_orphan_get:1403: comm syz.2.185: couldn't read orphan inode 26 (err -116) [ 154.182434][ T6498] BTRFS error (device loop1): open_ctree failed: -12 [ 154.240452][ T6540] EXT4-fs (loop2): Remounting filesystem read-only [ 154.248776][ T6540] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 154.300770][ T6540] ext4 filesystem being mounted at /56/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 154.539578][ T6565] netlink: 36 bytes leftover after parsing attributes in process `syz.3.189'. [ 154.564598][ T5771] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 scanned by udevd (5771) [ 154.663711][ T5769] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 155.861277][ T5874] IPVS: starting estimator thread 0... [ 155.939460][ T6588] capability: warning: `syz.2.198' uses deprecated v2 capabilities in a way that may be insecure [ 155.986682][ T6584] IPVS: using max 18 ests per chain, 43200 per kthread [ 156.251489][ T6594] netlink: 36 bytes leftover after parsing attributes in process `syz.3.201'. [ 156.313745][ T6596] autofs4:pid:6596:autofs_fill_super: called with bogus options [ 156.350400][ T6596] process 'syz.2.202' launched './file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 156.920222][ T6615] loop0: detected capacity change from 0 to 512 [ 157.146498][ T6615] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 157.160174][ T6615] ext4 filesystem being mounted at /47/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 157.526826][ T5767] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 157.636941][ T6626] syz.1.214 uses obsolete (PF_INET,SOCK_PACKET) [ 157.965727][ T6631] binder: 6630:6631 unknown command 0 [ 157.997631][ T6631] binder: 6630:6631 ioctl c0306201 200000000080 returned -22 [ 159.324135][ T6651] 9pnet_virtio: no channels available for device ./bus [ 160.038518][ T6655] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 160.238933][ T6660] netlink: 132 bytes leftover after parsing attributes in process `syz.3.223'. [ 160.466714][ T5847] usb 3-1: new full-speed USB device number 3 using dummy_hcd [ 160.668582][ T5847] usb 3-1: config 0 interface 0 has no altsetting 0 [ 160.700848][ T5847] usb 3-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 160.733769][ T5847] usb 3-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 160.826042][ T5847] usb 3-1: Product: syz [ 160.848586][ T5847] usb 3-1: Manufacturer: syz [ 160.855931][ T5847] usb 3-1: SerialNumber: syz [ 160.889142][ T5847] usb 3-1: config 0 descriptor?? [ 160.924216][ T5847] usb 3-1: selecting invalid altsetting 0 [ 161.199911][ T6658] ================================================================== [ 161.208063][ T6658] BUG: KASAN: slab-out-of-bounds in copy_to_urb+0x255/0x440 [ 161.215406][ T6658] Write of size 264 at addr ffff88802a657600 by task syz.2.224/6658 [ 161.223433][ T6658] [ 161.225813][ T6658] CPU: 0 PID: 6658 Comm: syz.2.224 Not tainted syzkaller #0 [ 161.233140][ T6658] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 161.243362][ T6658] Call Trace: [ 161.246664][ T6658] [ 161.249633][ T6658] dump_stack_lvl+0x18c/0x250 [ 161.254370][ T6658] ? read_lock_is_recursive+0x20/0x20 [ 161.259793][ T6658] ? show_regs_print_info+0x20/0x20 [ 161.265054][ T6658] ? load_image+0x400/0x400 [ 161.269611][ T6658] ? _raw_spin_lock_irqsave+0xc0/0x100 [ 161.275131][ T6658] ? __virt_addr_valid+0x18c/0x540 [ 161.280296][ T6658] ? __virt_addr_valid+0x469/0x540 [ 161.285467][ T6658] print_report+0xa8/0x210 [ 161.289935][ T6658] ? copy_to_urb+0x255/0x440 [ 161.294575][ T6658] kasan_report+0x117/0x150 [ 161.299133][ T6658] ? copy_to_urb+0x255/0x440 [ 161.303787][ T6658] kasan_check_range+0x241/0x290 [ 161.308789][ T6658] ? copy_to_urb+0x255/0x440 [ 161.313508][ T6658] __asan_memcpy+0x40/0x70 [ 161.317942][ T6658] copy_to_urb+0x255/0x440 [ 161.322376][ T6658] ? snd_usb_endpoint_next_packet_size+0x333/0x520 [ 161.328889][ T6658] prepare_playback_urb+0x932/0x1380 [ 161.334191][ T6658] ? verify_lock_unused+0x140/0x140 [ 161.339407][ T6658] ? start_endpoints+0x270/0x270 [ 161.344374][ T6658] ? __lock_acquire+0x7d40/0x7d40 [ 161.349445][ T6658] ? start_endpoints+0x270/0x270 [ 161.354440][ T6658] prepare_outbound_urb+0x372/0xc60 [ 161.359704][ T6658] ? verify_lock_unused+0x140/0x140 [ 161.364958][ T6658] ? __asan_memcpy+0x40/0x70 [ 161.369765][ T6658] ? snd_usb_queue_pending_output_urbs+0xd00/0xd00 [ 161.376429][ T6658] ? _copy_from_iter+0xe79/0x12e0 [ 161.381591][ T6658] ? find_vmap_area+0xfc/0x110 [ 161.386411][ T6658] ? snd_usb_endpoint_start_quirk+0x1f7/0x310 [ 161.392544][ T6658] snd_usb_endpoint_start+0x4f1/0x1450 [ 161.398062][ T6658] ? snd_usb_endpoint_get_clock_rate+0x100/0x100 [ 161.404444][ T6658] ? do_raw_spin_lock+0x11f/0x2c0 [ 161.409527][ T6658] start_endpoints+0xa1/0x270 [ 161.414310][ T6658] ? snd_usb_substream_playback_trigger+0x3ce/0x790 [ 161.420962][ T6658] snd_usb_substream_playback_trigger+0x3e0/0x790 [ 161.427424][ T6658] snd_pcm_do_start+0xb1/0x170 [ 161.432223][ T6658] snd_pcm_action+0xda/0x230 [ 161.436880][ T6658] __snd_pcm_lib_xfer+0x16f7/0x1c50 [ 161.442130][ T6658] ? __lock_acquire+0x7d40/0x7d40 [ 161.447216][ T6658] ? verify_lock_unused+0x140/0x140 [ 161.452477][ T6658] ? __snd_pcm_lib_xfer+0x1c50/0x1c50 [ 161.457897][ T6658] ? fill_silence+0x240/0x240 [ 161.462629][ T6658] ? __mutex_unlock_slowpath+0x1b4/0x6c0 [ 161.468317][ T6658] ? resample_expand+0x7e6/0x860 [ 161.473264][ T6658] ? pcm_lib_apply_appl_ptr+0x510/0x510 [ 161.478841][ T6658] snd_pcm_oss_write3+0x1bc/0x320 [ 161.483920][ T6658] snd_pcm_plug_write_transfer+0x2be/0x4b0 [ 161.489784][ T6658] ? __lock_acquire+0x7d40/0x7d40 [ 161.495024][ T6658] ? snd_pcm_plug_client_channels_buf+0x610/0x610 [ 161.501463][ T6658] ? snd_pcm_plug_client_channels_buf+0x46a/0x610 [ 161.507895][ T6658] snd_pcm_oss_write2+0x1a9/0x410 [ 161.512932][ T6658] ? snd_pcm_hw_param_max+0x6a0/0x6a0 [ 161.518316][ T6658] ? snd_pcm_do_prepare+0x230/0x230 [ 161.523527][ T6658] ? snd_pcm_action_nonatomic+0x24a/0x2a0 [ 161.529300][ T6658] snd_pcm_oss_write+0x6ae/0xaf0 [ 161.534314][ T6658] ? snd_pcm_oss_read+0x8c0/0x8c0 [ 161.539387][ T6658] vfs_write+0x296/0x990 [ 161.543689][ T6658] ? file_end_write+0x250/0x250 [ 161.548589][ T6658] ? __fget_files+0x28/0x4b0 [ 161.553234][ T6658] ? __fget_files+0x28/0x4b0 [ 161.557877][ T6658] ? __fget_files+0x43d/0x4b0 [ 161.562605][ T6658] ? __fdget_pos+0x1d8/0x330 [ 161.567252][ T6658] ? ksys_write+0x75/0x260 [ 161.571719][ T6658] ksys_write+0x150/0x260 [ 161.576119][ T6658] ? __ia32_sys_read+0x90/0x90 [ 161.580935][ T6658] ? lockdep_hardirqs_on+0x98/0x150 [ 161.586278][ T6658] do_syscall_64+0x55/0xa0 [ 161.590754][ T6658] ? clear_bhb_loop+0x40/0x90 [ 161.595483][ T6658] ? clear_bhb_loop+0x40/0x90 [ 161.600218][ T6658] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 161.606160][ T6658] RIP: 0033:0x7ff773f9aeb9 [ 161.610599][ T6658] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 161.630231][ T6658] RSP: 002b:00007ff774f3d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 161.638707][ T6658] RAX: ffffffffffffffda RBX: 00007ff774215fa0 RCX: 00007ff773f9aeb9 [ 161.646701][ T6658] RDX: 00000000000005ce RSI: 0000200000000640 RDI: 0000000000000004 [ 161.654735][ T6658] RBP: 00007ff774008c1f R08: 0000000000000000 R09: 0000000000000000 [ 161.662815][ T6658] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 161.670906][ T6658] R13: 00007ff774216038 R14: 00007ff774215fa0 R15: 00007fffea3b6538 [ 161.678911][ T6658] [ 161.681943][ T6658] [ 161.684289][ T6658] Allocated by task 6658: [ 161.688623][ T6658] kasan_set_track+0x4e/0x70 [ 161.693240][ T6658] __kasan_kmalloc+0x8f/0xa0 [ 161.697844][ T6658] __kmalloc+0xb4/0x230 [ 161.702189][ T6658] snd_usb_endpoint_set_params+0x163e/0x2b40 [ 161.708193][ T6658] snd_usb_hw_params+0x123d/0x19d0 [ 161.713338][ T6658] snd_pcm_hw_params+0x8a6/0x1ce0 [ 161.718634][ T6658] snd_pcm_oss_change_params_locked+0x2042/0x3cf0 [ 161.725055][ T6658] snd_pcm_oss_write+0x27e/0xaf0 [ 161.730007][ T6658] vfs_write+0x296/0x990 [ 161.734283][ T6658] ksys_write+0x150/0x260 [ 161.738633][ T6658] do_syscall_64+0x55/0xa0 [ 161.743060][ T6658] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 161.749004][ T6658] [ 161.751362][ T6658] The buggy address belongs to the object at ffff88802a657600 [ 161.751362][ T6658] which belongs to the cache kmalloc-192 of size 192 [ 161.765437][ T6658] The buggy address is located 0 bytes inside of [ 161.765437][ T6658] allocated 144-byte region [ffff88802a657600, ffff88802a657690) [ 161.779510][ T6658] [ 161.781850][ T6658] The buggy address belongs to the physical page: [ 161.788283][ T6658] page:ffffea0000a995c0 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2a657 [ 161.798448][ T6658] flags: 0xfff00000000800(slab|node=0|zone=1|lastcpupid=0x7ff) [ 161.806191][ T6658] page_type: 0xffffffff() [ 161.810594][ T6658] raw: 00fff00000000800 ffff888017c41a00 dead000000000122 0000000000000000 [ 161.819194][ T6658] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 161.827880][ T6658] page dumped because: kasan: bad access detected [ 161.834334][ T6658] page_owner tracks the page as allocated [ 161.840054][ T6658] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112c00(GFP_NOIO|__GFP_NOWARN|__GFP_NORETRY|__GFP_HARDWALL), pid 5847, tgid 5847 (kworker/0:6), ts 160694994563, free_ts 159974984900 [ 161.859864][ T6658] post_alloc_hook+0x1c1/0x200 [ 161.864650][ T6658] get_page_from_freelist+0x1951/0x19e0 [ 161.870256][ T6658] __alloc_pages+0x1f0/0x460 [ 161.874859][ T6658] alloc_slab_page+0x5d/0x160 [ 161.879550][ T6658] new_slab+0x87/0x2d0 [ 161.883727][ T6658] ___slab_alloc+0xc5d/0x12f0 [ 161.888508][ T6658] __kmem_cache_alloc_node+0x19e/0x250 [ 161.893992][ T6658] __kmalloc+0xa4/0x230 [ 161.898180][ T6658] usb_alloc_urb+0x46/0x140 [ 161.902727][ T6658] usb_control_msg+0x119/0x3e0 [ 161.907502][ T6658] usb_get_string+0xa1/0x3c0 [ 161.912108][ T6658] usb_string_sub+0x76/0x420 [ 161.916710][ T6658] usb_string+0x1d1/0x760 [ 161.921050][ T6658] usb_cache_string+0x80/0x130 [ 161.925826][ T6658] usb_new_device+0x297/0x1660 [ 161.930608][ T6658] hub_event+0x29bf/0x49f0 [ 161.935125][ T6658] page last free stack trace: [ 161.939812][ T6658] free_unref_page_prepare+0x7b2/0x8c0 [ 161.945294][ T6658] free_unref_page_list+0xbe/0x860 [ 161.950424][ T6658] release_pages+0x1f7a/0x2200 [ 161.955201][ T6658] tlb_flush_mmu+0x377/0x510 [ 161.959829][ T6658] tlb_finish_mmu+0xc3/0x1d0 [ 161.964695][ T6658] exit_mmap+0x428/0xb90 [ 161.969129][ T6658] __mmput+0x118/0x3c0 [ 161.973215][ T6658] exit_mm+0x1f2/0x2c0 [ 161.977332][ T6658] do_exit+0x8dd/0x2460 [ 161.981536][ T6658] do_group_exit+0x21b/0x2d0 [ 161.986156][ T6658] get_signal+0x12fc/0x13f0 [ 161.990682][ T6658] arch_do_signal_or_restart+0xc2/0x800 [ 161.996271][ T6658] exit_to_user_mode_loop+0x70/0x110 [ 162.001584][ T6658] exit_to_user_mode_prepare+0xee/0x180 [ 162.007148][ T6658] syscall_exit_to_user_mode+0x1a/0x50 [ 162.012634][ T6658] do_syscall_64+0x61/0xa0 [ 162.017073][ T6658] [ 162.019397][ T6658] Memory state around the buggy address: [ 162.025026][ T6658] ffff88802a657580: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 162.033091][ T6658] ffff88802a657600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 162.041273][ T6658] >ffff88802a657680: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 162.049364][ T6658] ^ [ 162.053977][ T6658] ffff88802a657700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 162.062059][ T6658] ffff88802a657780: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 162.070130][ T6658] ================================================================== [ 162.078206][ T6658] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 162.085406][ T6658] CPU: 0 PID: 6658 Comm: syz.2.224 Not tainted syzkaller #0 [ 162.092699][ T6658] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 162.102855][ T6658] Call Trace: [ 162.106143][ T6658] [ 162.109082][ T6658] dump_stack_lvl+0x18c/0x250 [ 162.113798][ T6658] ? show_regs_print_info+0x20/0x20 [ 162.119134][ T6658] ? load_image+0x400/0x400 [ 162.123650][ T6658] panic+0x2dc/0x730 [ 162.127552][ T6658] ? __lock_acquire+0x7d40/0x7d40 [ 162.132668][ T6658] ? bpf_jit_dump+0xd0/0xd0 [ 162.137190][ T6658] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 162.143122][ T6658] ? _raw_spin_unlock+0x40/0x40 [ 162.147979][ T6658] ? copy_to_urb+0x255/0x440 [ 162.152587][ T6658] check_panic_on_warn+0x84/0xa0 [ 162.157539][ T6658] ? copy_to_urb+0x255/0x440 [ 162.162136][ T6658] end_report+0x6f/0x130 [ 162.166407][ T6658] kasan_report+0x128/0x150 [ 162.170932][ T6658] ? copy_to_urb+0x255/0x440 [ 162.175536][ T6658] kasan_check_range+0x241/0x290 [ 162.180486][ T6658] ? copy_to_urb+0x255/0x440 [ 162.185088][ T6658] __asan_memcpy+0x40/0x70 [ 162.189521][ T6658] copy_to_urb+0x255/0x440 [ 162.193951][ T6658] ? snd_usb_endpoint_next_packet_size+0x333/0x520 [ 162.200477][ T6658] prepare_playback_urb+0x932/0x1380 [ 162.205783][ T6658] ? verify_lock_unused+0x140/0x140 [ 162.211001][ T6658] ? start_endpoints+0x270/0x270 [ 162.215974][ T6658] ? __lock_acquire+0x7d40/0x7d40 [ 162.221046][ T6658] ? start_endpoints+0x270/0x270 [ 162.225995][ T6658] prepare_outbound_urb+0x372/0xc60 [ 162.231219][ T6658] ? verify_lock_unused+0x140/0x140 [ 162.236434][ T6658] ? __asan_memcpy+0x40/0x70 [ 162.241049][ T6658] ? snd_usb_queue_pending_output_urbs+0xd00/0xd00 [ 162.247572][ T6658] ? _copy_from_iter+0xe79/0x12e0 [ 162.252616][ T6658] ? find_vmap_area+0xfc/0x110 [ 162.257390][ T6658] ? snd_usb_endpoint_start_quirk+0x1f7/0x310 [ 162.263648][ T6658] snd_usb_endpoint_start+0x4f1/0x1450 [ 162.269218][ T6658] ? snd_usb_endpoint_get_clock_rate+0x100/0x100 [ 162.275558][ T6658] ? do_raw_spin_lock+0x11f/0x2c0 [ 162.280614][ T6658] start_endpoints+0xa1/0x270 [ 162.285303][ T6658] ? snd_usb_substream_playback_trigger+0x3ce/0x790 [ 162.291954][ T6658] snd_usb_substream_playback_trigger+0x3e0/0x790 [ 162.298403][ T6658] snd_pcm_do_start+0xb1/0x170 [ 162.303196][ T6658] snd_pcm_action+0xda/0x230 [ 162.307806][ T6658] __snd_pcm_lib_xfer+0x16f7/0x1c50 [ 162.313105][ T6658] ? __lock_acquire+0x7d40/0x7d40 [ 162.318153][ T6658] ? verify_lock_unused+0x140/0x140 [ 162.323478][ T6658] ? __snd_pcm_lib_xfer+0x1c50/0x1c50 [ 162.328864][ T6658] ? fill_silence+0x240/0x240 [ 162.333561][ T6658] ? __mutex_unlock_slowpath+0x1b4/0x6c0 [ 162.339212][ T6658] ? resample_expand+0x7e6/0x860 [ 162.344155][ T6658] ? pcm_lib_apply_appl_ptr+0x510/0x510 [ 162.349724][ T6658] snd_pcm_oss_write3+0x1bc/0x320 [ 162.354765][ T6658] snd_pcm_plug_write_transfer+0x2be/0x4b0 [ 162.360680][ T6658] ? __lock_acquire+0x7d40/0x7d40 [ 162.365712][ T6658] ? snd_pcm_plug_client_channels_buf+0x610/0x610 [ 162.372155][ T6658] ? snd_pcm_plug_client_channels_buf+0x46a/0x610 [ 162.378619][ T6658] snd_pcm_oss_write2+0x1a9/0x410 [ 162.383741][ T6658] ? snd_pcm_hw_param_max+0x6a0/0x6a0 [ 162.389119][ T6658] ? snd_pcm_do_prepare+0x230/0x230 [ 162.394326][ T6658] ? snd_pcm_action_nonatomic+0x24a/0x2a0 [ 162.400064][ T6658] snd_pcm_oss_write+0x6ae/0xaf0 [ 162.405016][ T6658] ? snd_pcm_oss_read+0x8c0/0x8c0 [ 162.410049][ T6658] vfs_write+0x296/0x990 [ 162.414325][ T6658] ? file_end_write+0x250/0x250 [ 162.419191][ T6658] ? __fget_files+0x28/0x4b0 [ 162.423791][ T6658] ? __fget_files+0x28/0x4b0 [ 162.428390][ T6658] ? __fget_files+0x43d/0x4b0 [ 162.433084][ T6658] ? __fdget_pos+0x1d8/0x330 [ 162.437725][ T6658] ? ksys_write+0x75/0x260 [ 162.442164][ T6658] ksys_write+0x150/0x260 [ 162.446552][ T6658] ? __ia32_sys_read+0x90/0x90 [ 162.451424][ T6658] ? lockdep_hardirqs_on+0x98/0x150 [ 162.456629][ T6658] do_syscall_64+0x55/0xa0 [ 162.461057][ T6658] ? clear_bhb_loop+0x40/0x90 [ 162.465828][ T6658] ? clear_bhb_loop+0x40/0x90 [ 162.470515][ T6658] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 162.476590][ T6658] RIP: 0033:0x7ff773f9aeb9 [ 162.481116][ T6658] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 162.500750][ T6658] RSP: 002b:00007ff774f3d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 162.509184][ T6658] RAX: ffffffffffffffda RBX: 00007ff774215fa0 RCX: 00007ff773f9aeb9 [ 162.517187][ T6658] RDX: 00000000000005ce RSI: 0000200000000640 RDI: 0000000000000004 [ 162.525191][ T6658] RBP: 00007ff774008c1f R08: 0000000000000000 R09: 0000000000000000 [ 162.533174][ T6658] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 162.541164][ T6658] R13: 00007ff774216038 R14: 00007ff774215fa0 R15: 00007fffea3b6538 [ 162.549198][ T6658] [ 162.552822][ T6658] Kernel Offset: disabled [ 162.557160][ T6658] Rebooting in 86400 seconds..