last executing test programs: 2m25.208514731s ago: executing program 1 (id=124): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x8000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fd7000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, &(0x7f0000000240)="c4c2fd997220b805000000b9008000000f01c1c4e198596bdcc744240009000000c744240200480000c7442406000000000f011c240f01c90fb30d00000000362e3e0f01cbc4c1b914b38cc071170f01c9f2e000", 0x54}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_NESTED_STATE(r2, 0x4080aebf, &(0x7f0000003680)=@vmx={0x0, 0x0, 0x2080, {0x0, 0x0, {}, 0x1, 0xffffffffffffffff}}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text16={0x10, &(0x7f0000000180)="660f388084000072baf80c66b860b4498c66efbafc0c66b80e00000066ef64f30fc7b000100f850100f30fc7b1030066b9800000c00f326635000400000f30d2bc0a000f23c80f21f86635040040000f23f8b8f4008ee0", 0x57}], 0x1, 0x48, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2m24.676185756s ago: executing program 1 (id=127): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000700)=ANY=[@ANYBLOB="1201000000000010711e0920000000000001090224000100000000090400090103000100092105000001220500090581030002"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB='\x00\x00\b\x00\x00'], 0x0, 0x0, 0x0, 0x0}, 0x0) syz_open_dev$hidraw(&(0x7f0000000100), 0x0, 0x0) syz_open_dev$hidraw(&(0x7f0000000080), 0x0, 0x0) syz_usb_connect(0x0, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB, @ANYRES32], 0x0) syz_usb_ep_write(r0, 0x81, 0x1, &(0x7f0000000000)='0') r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0026}]}) close_range(r1, 0xffffffffffffffff, 0x0) 2m21.43239845s ago: executing program 1 (id=138): setsockopt$ARPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x60, &(0x7f00000001c0)={'filter\x00', 0x5, 0x4, 0x3f0, 0x110, 0x0, 0x220, 0x220, 0x308, 0x308, 0x4, 0x0, {[{{@uncond, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @empty, @private, @empty}}}, {{@uncond, 0xc0, 0x220}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @empty, @local, @private}}}, {{@uncond, 0xc0, 0xe8}, @unspec=@STANDARD={0x28, '\x00', 0x0, 0xffffffffffffffff}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x440) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000600)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x3, 0x6361, 0x5, 0xffffffff, 0x3}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000006c0)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x70b926, 0x25dfdc01, {0x0, 0x0, 0x0, 0x0, {0x0, 0xd}, {0xffff, 0xb}, {0xffff, 0xffe0}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_CE_THRESHOLD={0x8, 0x7, 0xfffffff9}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x240040e0}, 0x4890) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000100)=0x207, 0x4) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'syzkaller0\x00', 0x0}) sendto$packet(r3, &(0x7f00000002c0)="05031c00d3fc140000004788031c09102c28", 0xfdef, 0x4, &(0x7f0000000140)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @multicast}, 0x14) 2m20.757722228s ago: executing program 1 (id=140): syz_mount_image$squashfs(&(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0xc04, &(0x7f0000001180)=ANY=[], 0xfd, 0x198, &(0x7f0000000280)="$eJzskr9O21AUxr9rO3ZapVErdcqSDJHaDm0cp626NWM6dGNjwUpMiHCA2JFIogxGCGVgQIw8QV4DiReAAbGwZc4QMSOje++xMeERuL/hfjp/7rnnHHsnHIQWgMfVtI0mBDqKuGEMBoAyk76lJvWc9Jb0TAquKe8f+Y9JS+F4YlJOBZ+kQ3NN3wsqAB6ELxxPdl3f94Lw75GGpSh1R5e2AMRxHAMaOgBPRyHJWU3bOoBBmgOUDOCzGCJOc/gg3PgCoDbsH9TC8eR7r+92va635+iN3/ZP2/7l1LZ7vmfLk2WeoFHA9RsAK08OtyDiOQAn5HqPl7Cktf9pnL3DJpLaZrLDIsM6WmasRBku074sJN8L2GgCvK3DiGW8VVHFgBipBQadjDpfiUn9ybfyIvCjve93ZmBgybU5jLRGfYFcajhZo/EnwgdZakYlq6QtKdac7AVpee2XMSJ+npL1NeINjtzhMKjzRkduDohp5PsgFvCo8zGiacXC+KsX2vPyOVfaq90qFAqFQqFQKBQKxVvjKQAA///nTHgr") r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) 2m19.933016907s ago: executing program 1 (id=143): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) fsopen(0x0, 0x1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) r3 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r3, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x2f) connect$inet(r3, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10) sendto$inet(r3, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0) recvfrom$inet(r3, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={0x0}}, 0x0) 2m18.524142382s ago: executing program 1 (id=146): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) accept4$bt_l2cap(r0, 0x0, 0x0, 0x80000) 2m18.157975306s ago: executing program 32 (id=146): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) accept4$bt_l2cap(r0, 0x0, 0x0, 0x80000) 48.881807768s ago: executing program 4 (id=399): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000080)='./file2\x00', 0x404, &(0x7f00000002c0)={[{@init_itable_val={'init_itable', 0x3d, 0x400}}, {@nobh}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x68}}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@max_batch_time={'max_batch_time', 0x3d, 0x7}}, {@dioread_lock}], [{@seclabel}]}, 0x3, 0x439, &(0x7f0000002380)="$eJzs3MtvG0UYAPBv105LXyRU5dEHECiIikfSpKX0wAUEEgeQkOBQjiFJq1K3QU2QaFVBQKgcUSXuiCMSfwEnuCDghMQV7qhShXJp4WS09m5iO3aauE5c8O8nrTuzO9bM592xZ3a6CWBgjWYvScTuiPg9Iobr2eYCo/V/bi1dmf576cp0EtXqW38ltXI3l65MF0WL9+0qMuWI9LMkDrapd/7S5XNTlcrsxTw/vnD+/fH5S5efO3t+6szsmdkLkydPHj828cKJyed7EmcW180DH80d2v/aO9femD517d2fv02K+Fvi6JHRtQ4+Wa32uLr+2tOQTsp9bAgbUqp30xiq9f/hKMXKyRuOVz/ta+OATVWtVqsPdD68WAX+x5LodwuA/ih+6LP5b7Ft0dDjrnDjpfoEKIv7Vr7Vj5QjzcsMtcxve2k0Ik4t/vNVtsXm3IcAAGjyfTb+ebbd+C+NxvtC9+ZrKCMRcV9E7I2IExGxLyLuj6iVfTAiHtpg/a2LJKvHP+n1rgJbp2z892K+ttU8/itGfzFSynN7avEPJafPVmaP5p/JkRjanuUn1qjjh1d++6LTscbxX7Zl9Rdjwbwd18vbm98zM7UwdScxN7rxScSBcrv4k+WVgCQi9kfEgS7rOPv0N4c6Hbt9/GvowTpT9euIp+rnfzFa4i8ka69Pjt8Tldmj48VVsdovv159s1P9dxR/D2Tnf2fb6385/pGkcb12fuN1XP3j845zmm6v/23J2037PpxaWLg4EbEteb3e6JX9pYuTLeUmV8pn8R853L7/742VT+JgRGQX8cMR8UhEPJq3/bGIeDwiDq8R/08vP/Fe9/Fvriz+mQ2d/5XEtmjd0z5ROvfjd02Vjmwk/uz8H6+ljuR71vP9t552dXc1AwAAwH9PGhG7I0nHltNpOjZW/z/8+2JnWpmbX3jm9NwHF2bqzwiMxFBa3OkabrgfOpFP64v8ZEv+WH7f+MvSjlp+bHquMtPv4GHA7erQ/zN/lvrdOmDTdbeOlva8HcDW87wmDC79HwaX/g+Dq03/39GPdgBbr93v/8d9aAew9coNr/nfBAMGhPk/DC79HwaX/g8DaX5H3P4heQmJVYlI74pmSGxSot/fTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAL3xbwAAAP//1Xjmag==") syz_mount_image$hfsplus(&(0x7f0000000600), &(0x7f0000000200)='./file0\x00', 0xa00010, &(0x7f0000000840)=ANY=[@ANYBLOB='nodecompose,decompose,nobarrier,gid=', @ANYRESHEX=0xee01, @ANYBLOB="2c6e6c733d69736f383835392d310000000072726965722c00bcd0f0b5c4e2957974ff5d7ea3c3dcee087e4983684e8a4c4e4e87b134e30ce77162b12885b964b3506ff3eae0f3599447b17861d19be78079e5dd7bdc7f1eb36e31ac14de48349767164f5f6431bbdeaef96a4f2bce64b5cfa76ce3a2c4302374bc5535d7e2eb8dfb2e5d58a37b7e37836597c21f51bcdf6df4cad825cfd9ef5ee9e89e04b15cd3cea9e152d67b9a7eedc5dfe6d85a3ce7c342da8cc969b552197cb8bcc4a1009f38f4a85b7c742101ba5bc03115feca2b994c699812"], 0x6, 0x635, &(0x7f0000000c80)="$eJzs3c1rHOcdB/DvrFZryQVHSezELYGKGNJSUVsvKK16iVtK0SGUkB56FrYcC6+VIClFCaWo79BTD/kD0oNuPRV6N6Tn9parjoFCLznppjKzs9LaWil6s1ZqPx/z7PM888w888xvZ2Zndi0mwP+t+Yk0n6TI/MTb62V9a3OmvbU5c6Vubicpy42k2clSLCfFZ8nddFK+Xk6s5y8OWs8nS3Pvfv7l1hedWrNO1fyNw5Y7mo06ZTzJUJ0/o/Wn4/Q33CmU/dzr398xFLtbWAbsVjdwMGg7+2wcZ/FTHrfARVB0Pjf3GUuuJhmprwNSnx0a5zu6s3essxwAAABcUi9sZzvruTbocQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBlUj//v6hTo1seT9F9/n+rnpa6fKk9GfQAAAAAAAAAAOAMfHM721nPtW59p6h+83+9qlyvXr+WD7OaxazkdtazkLWsZSVTScZ6OmqtL6ytrUwdYcnpvktOn8/2AgAAAAAAAMD/qN9kfu/3fwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGKShOi86xaJO17vlsTSaSUaStMr5NpJ/dcuXRNFv4pPzHwcAAACcysgJlnlhO9tZz7Vufaeo7vlfqe6XR/JhlrOWpaylncXcr++hy7v+xtbmTHtrc+Zxmfb3+8P/HGsYVY+7X0P0W/PNao7RPMhSNeV27lWDuZ9GtWTpZnc8/cf163JMxVu1I47sfp2XK/vzQd8iDMRYFZHh3YhM1mMro/Hi4ZH4yneneeiaptLY/ebn+nOI+dU6L7fnDxcz5o1UkZju2fteOTwSybf+/tefP2wvP3r4YHXi4mzSCT27T8z0ROLVSx2J5jHnn6wicWO3Pp+f5GeZyHjeyUqW8ossZC2L2anbF+r9uXwdOzxSd5+qvfNVI2nV70vnLHqUMY3nx1VpIa9Xy17LUoq8n/tZzJvVv+lM5XuZzWzmet7hGweOu9q26qhvHO+ov/XtujCa5I91Pmidj9Qyri/2xLX3nDtWtfVO2YvSS2d/bmx+oy6U6/htnV8Mz0ZiqicSLx8eib9Ux8Zqe/nRysOFDw7of+OZ+ht1Xu5xv79QnxLl/vJSRuozydN7R9n28u5Z5ul4tepfXDptjX1tN6q2ougeqT898Eht1ddw+3uartpe7ds2U7Xd7Gl76nor76e9ez0EwAV29TtXW6P/Hv3n6Kejvxt9OPr2yI+ufP/Ka60M/2P4B83JoTcarxV/y6f51d79PwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcHKrH338aKHdXlzpX2gc3HS2haJ+kM95rEth0IXuQwRP3eHdC7E5l7owlKRfU/0WneThosClcGft8Qd3Vj/6+LtLjxfeW3xvcXl4dnZucm72zZk7D5bai5Od10GPEnge9j70+7cXF+oBmwAAAAAAAAAAAECO9vc2O/X//zvxXxoMehsBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAy21+Is0nKTI1eXuyrG9tzrTL1C3vzdlM0mgkxS+T4rPkbjopYz3dFW8dsJ5Plube/fzLrS/2+mpW85ed1vkpbNQp40mG6vys+rt36v6K3S0sA3arGzgYtP8GAAD//+IHAOM=") prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x4c4ac000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) pwritev2(0xffffffffffffffff, 0x0, 0x0, 0x1000, 0x0, 0x0) r3 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_HOPOPTS(r3, 0x29, 0x48, &(0x7f0000000100)={0x88, 0x18, '\x00', [@generic={0x0, 0xc3, "3fcd12ae2d9c9963ffb743e2dc2590debefb8792a8a8a7a9100c141fbc325fdc59ccddb656c92b648d84372e3af700d668a0884914b47dc9b771533934535b72f4bc03f7505fc9d443698785659827a9d7af52a2b4b91ecb98478515108dd6c6e425b6e82ef1a8b3a619e4add83e6cf3e1d84b02b2877b09db81a458473c0e842e3500b5d133d83d3724bce1fee3ea4d4f1ed85f2a2ea4cdeb6f95b864d7d2a288465fccf155b11f0264e3142b72a2d0165f7daa384e2b3542b495f4bf061530b5e0f1"}]}, 0xd0) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x80200) r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x88000) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r4, 0xc0505350, &(0x7f0000000940)) rename(0x0, 0x0) 43.524170865s ago: executing program 4 (id=407): bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x17, 0x6, &(0x7f00000002c0)=ANY=[@ANYBLOB="b4090000000000007111060000000000851000000200000085000000660000009500000000000000950000000000000095cbc62d4f9d01"], &(0x7f0000000080)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sysctl, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0xe}, 0x94) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0) openat$null(0xffffffffffffff9c, 0x0, 0x2c0001, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x0, 0x1000, 0x4, 0x6, 0x40100, 0xffffffffffffffff, 0x6, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x0, 0x4}, 0x50) r0 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'sit0\x00', 0x0}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) setsockopt$inet6_IPV6_RTHDR(0xffffffffffffffff, 0x29, 0x39, 0x0, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="28000000680001000000000000000000020000000000000008000600f200000008000500", @ANYRES32=r1], 0x28}}, 0x0) 40.613359046s ago: executing program 4 (id=410): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da0700000000000109022400010000000009040000090300000009210000000122220009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000180)={0x2c, &(0x7f0000000000)={0x20, 0x6, 0x25, {0x25, 0x2d, "1bce3bd7c54e569c16fc6ccb580d7b3922b0b343219b31598320747591ea4283b7289d"}}, &(0x7f0000000080)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x42b}}, 0x0, 0x0, 0x0}, 0x0) ioctl$EVIOCSKEYCODE_V2(0xffffffffffffffff, 0x40284504, 0x0) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0) write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0) write$FUSE_POLL(0xffffffffffffffff, 0x0, 0x0) 36.799077857s ago: executing program 4 (id=416): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000080)='./file2\x00', 0x404, &(0x7f00000002c0)={[{@init_itable_val={'init_itable', 0x3d, 0x400}}, {@nobh}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x68}}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@max_batch_time={'max_batch_time', 0x3d, 0x7}}, {@dioread_lock}], [{@seclabel}]}, 0x3, 0x439, &(0x7f0000002380)="$eJzs3MtvG0UYAPBv105LXyRU5dEHECiIikfSpKX0wAUEEgeQkOBQjiFJq1K3QU2QaFVBQKgcUSXuiCMSfwEnuCDghMQV7qhShXJp4WS09m5iO3aauE5c8O8nrTuzO9bM592xZ3a6CWBgjWYvScTuiPg9Iobr2eYCo/V/bi1dmf576cp0EtXqW38ltXI3l65MF0WL9+0qMuWI9LMkDrapd/7S5XNTlcrsxTw/vnD+/fH5S5efO3t+6szsmdkLkydPHj828cKJyed7EmcW180DH80d2v/aO9femD517d2fv02K+Fvi6JHRtQ4+Wa32uLr+2tOQTsp9bAgbUqp30xiq9f/hKMXKyRuOVz/ta+OATVWtVqsPdD68WAX+x5LodwuA/ih+6LP5b7Ft0dDjrnDjpfoEKIv7Vr7Vj5QjzcsMtcxve2k0Ik4t/vNVtsXm3IcAAGjyfTb+ebbd+C+NxvtC9+ZrKCMRcV9E7I2IExGxLyLuj6iVfTAiHtpg/a2LJKvHP+n1rgJbp2z892K+ttU8/itGfzFSynN7avEPJafPVmaP5p/JkRjanuUn1qjjh1d++6LTscbxX7Zl9Rdjwbwd18vbm98zM7UwdScxN7rxScSBcrv4k+WVgCQi9kfEgS7rOPv0N4c6Hbt9/GvowTpT9euIp+rnfzFa4i8ka69Pjt8Tldmj48VVsdovv159s1P9dxR/D2Tnf2fb6385/pGkcb12fuN1XP3j845zmm6v/23J2037PpxaWLg4EbEteb3e6JX9pYuTLeUmV8pn8R853L7/742VT+JgRGQX8cMR8UhEPJq3/bGIeDwiDq8R/08vP/Fe9/Fvriz+mQ2d/5XEtmjd0z5ROvfjd02Vjmwk/uz8H6+ljuR71vP9t552dXc1AwAAwH9PGhG7I0nHltNpOjZW/z/8+2JnWpmbX3jm9NwHF2bqzwiMxFBa3OkabrgfOpFP64v8ZEv+WH7f+MvSjlp+bHquMtPv4GHA7erQ/zN/lvrdOmDTdbeOlva8HcDW87wmDC79HwaX/g+Dq03/39GPdgBbr93v/8d9aAew9coNr/nfBAMGhPk/DC79HwaX/g8DaX5H3P4heQmJVYlI74pmSGxSot/fTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAL3xbwAAAP//1Xjmag==") syz_mount_image$hfsplus(&(0x7f0000000600), &(0x7f0000000200)='./file0\x00', 0xa00010, &(0x7f0000000840)=ANY=[@ANYBLOB='nodecompose,decompose,nobarrier,gid=', @ANYRESHEX=0xee01, @ANYBLOB="2c6e6c733d69736f383835392d310000000072726965722c00bcd0f0b5c4e2957974ff5d7ea3c3dcee087e4983684e8a4c4e4e87b134e30ce77162b12885b964b3506ff3eae0f3599447b17861d19be78079e5dd7bdc7f1eb36e31ac14de48349767164f5f6431bbdeaef96a4f2bce64b5cfa76ce3a2c4302374bc5535d7e2eb8dfb2e5d58a37b7e37836597c21f51bcdf6df4cad825cfd9ef5ee9e89e04b15cd3cea9e152d67b9a7eedc5dfe6d85a3ce7c342da8cc969b552197cb8bcc4a1009f38f4a85b7c742101ba5bc03115feca2b994c699812"], 0x6, 0x635, &(0x7f0000000c80)="$eJzs3c1rHOcdB/DvrFZryQVHSezELYGKGNJSUVsvKK16iVtK0SGUkB56FrYcC6+VIClFCaWo79BTD/kD0oNuPRV6N6Tn9parjoFCLznppjKzs9LaWil6s1ZqPx/z7PM888w888xvZ2Zndi0mwP+t+Yk0n6TI/MTb62V9a3OmvbU5c6Vubicpy42k2clSLCfFZ8nddFK+Xk6s5y8OWs8nS3Pvfv7l1hedWrNO1fyNw5Y7mo06ZTzJUJ0/o/Wn4/Q33CmU/dzr398xFLtbWAbsVjdwMGg7+2wcZ/FTHrfARVB0Pjf3GUuuJhmprwNSnx0a5zu6s3essxwAAABcUi9sZzvruTbocQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBlUj//v6hTo1seT9F9/n+rnpa6fKk9GfQAAAAAAAAAAOAMfHM721nPtW59p6h+83+9qlyvXr+WD7OaxazkdtazkLWsZSVTScZ6OmqtL6ytrUwdYcnpvktOn8/2AgAAAAAAAMD/qN9kfu/3fwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGKShOi86xaJO17vlsTSaSUaStMr5NpJ/dcuXRNFv4pPzHwcAAACcysgJlnlhO9tZz7Vufaeo7vlfqe6XR/JhlrOWpaylncXcr++hy7v+xtbmTHtrc+Zxmfb3+8P/HGsYVY+7X0P0W/PNao7RPMhSNeV27lWDuZ9GtWTpZnc8/cf163JMxVu1I47sfp2XK/vzQd8iDMRYFZHh3YhM1mMro/Hi4ZH4yneneeiaptLY/ebn+nOI+dU6L7fnDxcz5o1UkZju2fteOTwSybf+/tefP2wvP3r4YHXi4mzSCT27T8z0ROLVSx2J5jHnn6wicWO3Pp+f5GeZyHjeyUqW8ossZC2L2anbF+r9uXwdOzxSd5+qvfNVI2nV70vnLHqUMY3nx1VpIa9Xy17LUoq8n/tZzJvVv+lM5XuZzWzmet7hGweOu9q26qhvHO+ov/XtujCa5I91Pmidj9Qyri/2xLX3nDtWtfVO2YvSS2d/bmx+oy6U6/htnV8Mz0ZiqicSLx8eib9Ux8Zqe/nRysOFDw7of+OZ+ht1Xu5xv79QnxLl/vJSRuozydN7R9n28u5Z5ul4tepfXDptjX1tN6q2ougeqT898Eht1ddw+3uartpe7ds2U7Xd7Gl76nor76e9ez0EwAV29TtXW6P/Hv3n6Kejvxt9OPr2yI+ufP/Ka60M/2P4B83JoTcarxV/y6f51d79PwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcHKrH338aKHdXlzpX2gc3HS2haJ+kM95rEth0IXuQwRP3eHdC7E5l7owlKRfU/0WneThosClcGft8Qd3Vj/6+LtLjxfeW3xvcXl4dnZucm72zZk7D5bai5Od10GPEnge9j70+7cXF+oBmwAAAAAAAAAAAECO9vc2O/X//zvxXxoMehsBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAy21+Is0nKTI1eXuyrG9tzrTL1C3vzdlM0mgkxS+T4rPkbjopYz3dFW8dsJ5Plube/fzLrS/2+mpW85ed1vkpbNQp40mG6vys+rt36v6K3S0sA3arGzgYtP8GAAD//+IHAOM=") prlimit64(0x0, 0xe, 0x0, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x4c4ac000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) pwritev2(0xffffffffffffffff, 0x0, 0x0, 0x1000, 0x0, 0x0) r3 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_HOPOPTS(r3, 0x29, 0x48, &(0x7f0000000100)={0x88, 0x18, '\x00', [@generic={0x0, 0xc3, "3fcd12ae2d9c9963ffb743e2dc2590debefb8792a8a8a7a9100c141fbc325fdc59ccddb656c92b648d84372e3af700d668a0884914b47dc9b771533934535b72f4bc03f7505fc9d443698785659827a9d7af52a2b4b91ecb98478515108dd6c6e425b6e82ef1a8b3a619e4add83e6cf3e1d84b02b2877b09db81a458473c0e842e3500b5d133d83d3724bce1fee3ea4d4f1ed85f2a2ea4cdeb6f95b864d7d2a288465fccf155b11f0264e3142b72a2d0165f7daa384e2b3542b495f4bf061530b5e0f1"}]}, 0xd0) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x80200) r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x88000) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r4, 0xc0505350, &(0x7f0000000940)) rename(0x0, 0x0) 33.485191752s ago: executing program 4 (id=417): r0 = socket$inet6(0xa, 0x3, 0x8000000003c) connect$inet6(r0, &(0x7f0000000300)={0xa, 0x4e21, 0x0, @local, 0x1}, 0x1c) sendmsg(r0, 0x0, 0x44004) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/address_bits', 0x8002, 0x8) write$FUSE_LSEEK(r5, &(0x7f0000000000)={0x18, 0xf5f55b0767514bbe, 0x0, {0x3}}, 0x18) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x2, 0x3, &(0x7f0000000500)=@framed={{0x18, 0x8}}, &(0x7f0000000000)='GPL\x00', 0x4, 0xef, &(0x7f0000000580)=""/239}, 0x94) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'bridge_slave_1\x00', 0x0}) sendmsg$nl_route(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="440000001000010029bd7000ffdbdf2500000000", @ANYRES32=r8, @ANYBLOB="100804002010000024001280110001006272696467655f736c618c65000000000c000580050019"], 0x44}, 0x1, 0x0, 0x0, 0x404c1}, 0x40040d4) timer_create(0x7, 0x0, &(0x7f0000000080)) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) sendmsg$nl_route(r6, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x24044040) setsockopt$packet_rx_ring(r1, 0x107, 0xd, &(0x7f0000000040)=@req={0x8000, 0x0, 0x300, 0x1daf6}, 0x10) 31.954862799s ago: executing program 4 (id=418): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket$packet(0x11, 0x3, 0x300) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r2) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'}) sendmsg$nl_route_sched(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={0x0}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040084) r5 = socket(0x400000000010, 0x3, 0x0) r6 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000022c0)=@newtfilter={0x38, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {}, {0x8, 0xf}}, [@filter_kind_options=@f_matchall={{0xd}, {0x4}}]}, 0x38}, 0x1, 0x0, 0x0, 0xf7513c36066f8950}, 0x20000010) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0x207, 0x4) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'syzkaller0\x00', 0x0}) sendto$packet(r1, &(0x7f00000002c0)="05031600d3fc140000004788031c09102c28", 0xfd1e, 0x4, &(0x7f0000000140)={0x11, 0x0, r8, 0x1, 0x0, 0x6, @multicast}, 0x14) 26.021696792s ago: executing program 2 (id=427): socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xc, 0x16, &(0x7f0000000200)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000180000003d030100000000009500f000000000006926000000000000bf67000000000000560602000f0200006706000020000000620a00fe0ee60000bf250000000000002d350000000000006507000002080000070700004c0000001f75000000000000bf54000000000000070400000400f9ffcd35010000000000ce040000000000001c000000000000009500000000000000db13d5d8b741f2cdaabc8383c8f56bb5df3083d20f8c2bf304000000815dcf0066d7ded3c5c49a08a503ea6d54f7f3125a8200578ac0836d6454745e70a27444003c5b20451b624db6f5320e9befc1e00b8b32917c4d30d16b7edb732bc3ac330b16c442aff70d27659bc58e296b16750c5577c848754b4894b07f15bab1c640a5c0c4fd62f9db829b301ef67fd2b2736f3af0c54af2412313b17c4c8081c4ed0572261960e227d34cfbfdb247bc2351c9d8363a8cb18b7330604da78b0aba47545f9a25a80dd7d28a5ae41824f611dd2de6dd581c52698f9542a444a8a3969946faded5275c00"/420], &(0x7f0000000100)='GPL\x00'}, 0x48) 24.712337046s ago: executing program 2 (id=428): bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x5, 0x2, 0x4}, 0x48) socket$nl_route(0x10, 0x3, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) r0 = getpgrp(0x0) fanotify_init(0x0, 0x101000) read$FUSE(0xffffffffffffffff, 0x0, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000032680)=""/102392, 0x18ff8) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000500)='cpuset.sched_relax_domain_level\x00', 0x2, 0x0) syz_clone(0xb21e0000, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = socket$key(0xf, 0x3, 0x2) recvmmsg(r4, &(0x7f0000000440), 0x6f5, 0x2000000022, &(0x7f0000000480)={0x77359400}) sendmsg$key(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0) 22.905345105s ago: executing program 2 (id=429): bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x5, 0x2, 0x4}, 0x48) socket$nl_route(0x10, 0x3, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) r0 = getpgrp(0x0) fanotify_init(0x0, 0x101000) read$FUSE(0xffffffffffffffff, 0x0, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000032680)=""/102392, 0x18ff8) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_int(r4, &(0x7f0000000500)='cpuset.sched_relax_domain_level\x00', 0x2, 0x0) r5 = socket$key(0xf, 0x3, 0x2) recvmmsg(r5, &(0x7f0000000440), 0x6f5, 0x2000000022, &(0x7f0000000480)={0x77359400}) sendmsg$key(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, 0x0) 18.880731648s ago: executing program 2 (id=435): syz_mount_image$udf(&(0x7f00000000c0), &(0x7f0000000180)='./file1\x00', 0x804000, &(0x7f0000000f00)=ANY=[@ANYBLOB="6c617374626c6f636b3d30303030303030303030303030303030303030302c756d61736b3d30303030303030303030303030303030303030303030302c756e64656c6574652c6c6f6e6761642c73686f727461642c7569643d666f726765742c756e64656c6574652c696f636861727365743d757466382c73686f727461642c696f636861727365743d64656661756c742c7569643d666f726765742c6e6f7374726963742c73657373696f6e3d30303030303030303030303030303030303030302c706172746974696f6e3d30303030303030303030303030303030303030362c00b2e01f5c0b5c8fb2623d8f888e41dfceb3ecf959d23d90b071660660b17884bd109d37086024cf83fa"], 0x2, 0xc2d, &(0x7f00000001c0)="$eJzs3U9sHNd9B/DfGy3FldxWTOwoThoXm7ZIZcVy9S+mYhXuqqbZBpBlIhRzC8AVSakLUyRBUo1spAXTSw89BCiKHnIi0BoFUjQwmiLokWldILn4UOTUE9HCRlD0wBYBcgoYzOxbcUmRNi2KEmV9Pjb13Z19b+a9eesZWdCbFwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAxB+8cun0mfSwWwEAPEhXRr96+qz7PwA8Vq76/38AAAAAAAAAAAAAADjoUhTxZKSYu7KWxqv3HfXL7b5bt8eGhrevdiRVNQ9V5cuf+pmz585/6YXBC9283J75gPr322fjtdGrlxovz96cm59aWJiabIzNtCdmJ6d2vYe91t/qZHUCGjdfvzV5/fpC4+zz5zZ9fHvg/f4njg9cHHz21DPdsmNDw8OjG0XqveVr99yQjp1meByOIk5Fiue+99PUiogi9n4u6g927Lc6UnXiZNWJsaHhqiPT7dbMYvnhSPdEFBGNnkrN7jnafiyi1vdA+7CzZsRS2fyywSfL7o3OteZb16anGiOt+cX2Ynt2ZiR1Wlv2pxFFXEgRyxGx2n/37vqiiFqk+M6xtXQtIg51z8MXq4nBO7ej2Mc+7kLZzkZfxHLxCIzZAdYfRbwaKX72zomYyNeZ6lrzhYhXy/xBxFtlvhSRyi/G+Yj3tvke8WiqRRF/WY7/xbU0WV0PuteVy19rfGXm+mxP2e515SPeH+66Ujyk+8ORLflgHPBrUz2KaFVX/LV077/ZAQAAAAAAAAAAAAAAAOB+OxJFfCZSvPIff1LNK45qXvqxi4N/OPCrvXPGn/6Q/ZRln4+IpWJ3c3IP54mBI2kkpYc8l/hxVo8i/jTP//vWw24MAAAAAAAAAAAAAAAAAADAY62In0SKF989kZajd03x9syNxtXWtenOqrDdtX+7a6avr6+vN1InmznHcy7lXM65knM1ZxS5fs5mzvGcSzmXc67kXM0Zh3L9nM2c4zmXci7nXMm5mjNquX7OZs7xnEs5l3Ou5FzNGQdk7V4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgI+TIor4RaT49jfWUqSIaEaMRydX+h926wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAUn8q4vuRovFHzTvbahGRqn87TpS/nI/m4TI/Gc3BMl+K5qWcrSprzW89hPazN32piB9Hiv7623cGPI9/X+fdna9BvPXNjXefrXXyUPfDgff7nzh+7OLg8G88vdPrtF0DTl5uz9y63RgbGh4e7dlcy0f/ZM+2gXzc4v50nYhYeOPN11vT01Pz9/6i/Arsofoj9CLVHpeeelG9iNqBaMbD6TuPgfL+/16k+N13/7N7w+/c/+vxK513d+7w8fM/27j/v7h1R7u8/9e21sv3//Kevt39/8mebS/m34301SLqizfn+o5H1BfeePNU+2brxtSNqZnzp09/eXDwy+dO9x2OqF9vT0/1vLovpwsAAAAAAAAAAAAAAADgwUlF/H6kaP14LTUi4nY1X2vg4uCzp545FIeq+Vab5m2/Nnr1UuPl2Ztz81MLC1OTjbGZ9sTs5NRuD1evpnuNDQ3vS2c+1JF9bv+R+suzc2/Mt2/88eK2nx+tX7q2sDjfmtj+4zgSRUSzd8vJqsFjQ8NVo6fbrZmq6si2k+k/ur5UxH9FionzjfT5vC3P/986w3/T/P+lrTvap/n/n+jZVh4zpSJ+Hil+56+ejs9X7Twad52zXO7vIsXJC5/L5eJwWa7bhs5zBTozA8uy/xcp/ukXm8t250M+uVH2zK5P7COiHP9jkeL7f/Hd+M28bfPzH7Yf/6Nbd7RP4/9Uz7ajm55XsOeuk8f/VKR46cm347fytg96/kf32RsncuE7z+fYp/H/VM+2gXzc374/XQcAAAAAAAAAAHik9aUi/j5S/HC4ll7I23bz9/8mt+5on/7+16d7tk3en/WKPvTFnk8qAAAAABwQfamIn0SKG4tv35lDvXn+d8/8z9/bmP85lLZ8Wv05369Vzw24n3/+12sgH3d8790GAAAAAAAAAAAAAAAAAACAAyWlIl7I66mPV/P5J3dcT30lUrzyP8/lcul4Wa67DvxA9Wv9yuzMqUvT07MTrcXWtempxuhca2KqrPtUpFj728/lukW1vnp3vfnOGu8ba7HPR4rhf+iW7azF3l2b/KmNsmfKsp+IFP/9j5vLdtex/tRG2bNl2b+JFF//l+3LHt8oe64s+91I8aOvN7plj5Zlu89H/fRG2ecnZot9GBUAAAAAAAAAAAAAAAAAAAAeN32piD+PFP97c/nOXP68/n9fz9vKW9/sWe9/i9vVOv8D1fr/O72+l/X/q+cKLO10VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+HhKUcSbkWLuylpa6S/fd9Qvt2du3R4bGt6+2pFU1TxUlS9/6mfOnjv/pRcGL3Tzg+vfb5+J10avXmq8PHtzbn5qYWFqsjE2056YnZza9R72Wn+rk9UJaNx8/dbk9esLjbPPn9v08e2B9/ufOD5wcfDZU890y44NDQ+P9pSp9d3z0e+Sdth+OIr460jx3Pd+mn7YH1HE3s/Fh3x39tuRqhMnq06MDQ1XHZlut2YWyw9HuieiiGj0VGp2z9EDGIs9aUYslc0vG3yy7N7oXGu+dW16qjHSml9sL7ZnZ0ZSp7VlfxpRxIUUsRwRq/13764ving9Unzn2Fr61/6IQ93z8MUro189fXbndhT72MddKNvZ6ItYLh6BMTvA+qOIf44UP3vnRPxbf0QtOj/xhYhXy/xBxFvRGe9UfjHOR7y3zfeIR1Mtivj/cvwvrqV3+svrQfe6cvlrja/MXJ/tKdu9rjzy94cH6YBfm+pRxI+qK/5a+nf/XQMAAAAAAAAAAAAAAAAcIEX8eqR48d0TqZoffGdOcXvmRuNq69p0Z1pfd+5fd870+vr6eiN1splzPOdSzuWcKzlXc0aR6+dslllfXx/P75dyLudcybmaMw7l+jmbOcdzLuVczrmSczVn1HL9nM2c4zmXci7nXMm5mjMOyNw9AAAAAAAAAAAAAAAAAADg46Wo/knx7W+spfX+zvrS49HJFeuBfuz9MgAA//8hX/ir") openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.swap.events\x00', 0x275a, 0x0) modify_ldt$write(0x1, &(0x7f0000000a40)={0x476, 0x20000000, 0x1000, 0x0, 0x1, 0x0, 0x1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r1 = syz_clone(0x80008000, 0x0, 0x0, 0x0, 0x0, 0x0) process_vm_readv(r1, &(0x7f00000000c0)=[{&(0x7f0000000040)=""/65, 0x41}], 0x1, &(0x7f0000000200)=[{&(0x7f0000000100)=""/193, 0xc1}], 0x1, 0x0) 15.853712471s ago: executing program 33 (id=418): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket$packet(0x11, 0x3, 0x300) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r2) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'}) sendmsg$nl_route_sched(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={0x0}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040084) r5 = socket(0x400000000010, 0x3, 0x0) r6 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000022c0)=@newtfilter={0x38, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {}, {0x8, 0xf}}, [@filter_kind_options=@f_matchall={{0xd}, {0x4}}]}, 0x38}, 0x1, 0x0, 0x0, 0xf7513c36066f8950}, 0x20000010) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0x207, 0x4) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'syzkaller0\x00', 0x0}) sendto$packet(r1, &(0x7f00000002c0)="05031600d3fc140000004788031c09102c28", 0xfd1e, 0x4, &(0x7f0000000140)={0x11, 0x0, r8, 0x1, 0x0, 0x6, @multicast}, 0x14) 15.828006371s ago: executing program 2 (id=440): mlock(&(0x7f00008dc000/0x1000)=nil, 0x1000) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) getpid() r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f000042f000/0x800000)=nil, 0x800000, 0x15) 14.988001229s ago: executing program 0 (id=441): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x40040, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$kcm(0x11, 0x3, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x8, 0x4}}]}}]}, 0x48}}, 0x20040084) sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={0x0}, 0x1, 0x0, 0x0, 0x400dc}, 0x8080) r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r8) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r8, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(r2, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0x7, r9, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000002300)="81", 0x1}], 0x1}, 0x4) 13.767169163s ago: executing program 2 (id=443): bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x5, 0x2, 0x4}, 0x48) socket$nl_route(0x10, 0x3, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) r0 = getpgrp(0x0) fanotify_init(0x0, 0x101000) read$FUSE(0xffffffffffffffff, 0x0, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000032680)=""/102392, 0x18ff8) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_int(r4, &(0x7f0000000500)='cpuset.sched_relax_domain_level\x00', 0x2, 0x0) r5 = socket$key(0xf, 0x3, 0x2) recvmmsg(r5, &(0x7f0000000440), 0x6f5, 0x2000000022, &(0x7f0000000480)={0x77359400}) sendmsg$key(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, 0x0) 12.18363662s ago: executing program 34 (id=443): bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x5, 0x2, 0x4}, 0x48) socket$nl_route(0x10, 0x3, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) r0 = getpgrp(0x0) fanotify_init(0x0, 0x101000) read$FUSE(0xffffffffffffffff, 0x0, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000032680)=""/102392, 0x18ff8) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_int(r4, &(0x7f0000000500)='cpuset.sched_relax_domain_level\x00', 0x2, 0x0) r5 = socket$key(0xf, 0x3, 0x2) recvmmsg(r5, &(0x7f0000000440), 0x6f5, 0x2000000022, &(0x7f0000000480)={0x77359400}) sendmsg$key(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, 0x0) 12.17545034s ago: executing program 0 (id=446): bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x5, 0x2, 0x4}, 0x48) socket$nl_route(0x10, 0x3, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) r0 = getpgrp(0x0) fanotify_init(0x0, 0x101000) read$FUSE(0xffffffffffffffff, 0x0, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000032680)=""/102392, 0x18ff8) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000500)='cpuset.sched_relax_domain_level\x00', 0x2, 0x0) syz_clone(0xb21e0000, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = socket$key(0xf, 0x3, 0x2) recvmmsg(r4, &(0x7f0000000440), 0x6f5, 0x2000000022, &(0x7f0000000480)={0x77359400}) sendmsg$key(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0) 10.926134063s ago: executing program 0 (id=449): syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x3, &(0x7f0000000000)={[{@user_xattr}, {@nobarrier}, {@norecovery}, {@nouser_xattr}, {@grpid}]}, 0x8, 0x645, &(0x7f0000000ac0)="$eJzs3c9rXNUeAPDvvTP50eS9l7Q83nt9i9fAQ1rQJk3aShHBdl9K/bFzFZu01KZNSSKaWjCFuhHEjYLgyoX1H3CtBcGVC7cu3LiSQpGShZViR+7M3HQmyeTHOJNJM58PXueec+/cc26ab86ZM+fMBNC1RrL/pREHI+J6EjFUc6wY1YMjlfOWH9y8sPwgyyuVXv01iZvvJUu110qqj4PZU4sRfwxF8kMacaCwttz5xRtXJmdmpueq6bGFq9fH5hdvHL18dfLS9KXpaxPPT5w6eeLkqfFj27mdgbqzC+X/Vpy9/ebbQx+ce/2Lzx4l41/+dC6J0/G4ekJ2b6sv1redktcxEiNRqnhYm5/9XE/9xWvvFr8N5b8nTySrM9i10urvY09E/DuGolDzrzkU77/c0coBbVVKIm+jgK6TNBX//a2vCLDD8n5A5bV9Zdu815Aut7lbAuyA+2cqAwCV2O+JiDz+i5WxwYiJLHdgOakb50kiYlsjcw1kZXz/7bnb2RarxuHqhg0/aUFhQJ2lW+VR7jzUatr/pBybw9FfTg0sp3Xxn9ZsWf4rTZY/siq9tf4H0ApLtyLiP9X2v3d78T9SE/9vNFm++AcAAAAAAIDWuXsmIp5bb/5fWn1vrj+++6pUWj3/ZzAiTreg/M3f/0vvVXeSFhQH1Lh/JuLFlfm//TXz/9L8lOFCNfX38nyAnuTi5ZnpYxHxj4g4Ej19WXo86ifspTVlHP3wwKeNyq+d/5dtWT3yuYDVK90rrlqIOzW5MNmKe4dud/9WxH/L838PVXPq5/9k7X+yzvzfLL6vb7GMA8/cOd/o2ObxD7RL6fOIw+uu/3nS3U42/nyOsXJ/YCzvFaz1v3c/+rpR+eIfOidr/wcq8d8b68d/X1L7eT3z27t+b0QcXyyWGh1vtv/fm7xWiKXy9fNFjAtz4xG9ydlCXm7mncmFhbmJ7dUZ9qo8HsqP45X4P/L/jcf/Vvr/NXG4LyKWtljmvx4P/tzomPYfOieL/6mN+//D9e3/9ncm7gx/06D45PyW2v8T5Tb9SDXH+B/UStfkbDVAO1JdAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHjKpRHxt0jS0ZX9NB0djRiMiH/GQDozO7/w7MXZt65NZcfK3/+f5t/0O1RJJ/n3/w9HRE9EZOmJajo/fjwi9kfEx4V95fTohdmZqU7fPAAAAAAAAAAAAAAAAAAAAOwSg+U1/6W+1ev/M78UOl07oO2K1UfxDt2n2PQzS30trQiw45qPf+Bpt/X472lrPYCd1zj+Hz4qle1odYAdpP8P3avJ+Pd2AewB2n/oVlsc0+tvdz2ATtD+AwAAAADAnrL/0N0fk4hYemFfecv0Vo+Z7A97W9rpCgAdYw4vdK/ibKdrAHRKM6/xB9pQD6BzkpW939dd7N949n/SngoBAAAAAAAAAAAAAGscPmj9P3Srjdf/m9sPe9kG6//XC34fFwB7SOOv/tD2w17nNT6QbPKHwPp/AAAAAAAAAAAAANgF+m9cmZyZmZ6bX3z6dl5q4ll9na780uRu+NG1dudxe67cExG74wZbtZNERJ4TxcYn5x/B0cGqdvjvEgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsOLPAAAA//+BOyKT") 9.756999725s ago: executing program 0 (id=451): syz_usb_connect$midi(0x5, 0x4a, &(0x7f0000000100)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x20, 0x1235, 0x8210, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x38, 0x1, 0x1, 0x5, 0x60, 0x1, "", {{{0x9, 0x4, 0x0, 0x0, 0x2, 0x1, 0x3, 0x0, 0x10, [@midi_in_jack={0x6, 0x24, 0x2, 0x1, 0x0, 0x2}], [{{0x9, 0x5, 0x3, 0x3, 0x400, 0x9, 0xfc, 0x5, {0xa, 0x25, 0x1, 0x6, "d0938e03af46"}}}, {{0x9, 0x5, 0xa9d060b85e36b355, 0x0, 0x3ff, 0x9, 0x80, 0x8, {0x4}}}]}}}}}]}}, &(0x7f0000000580)={0x0, 0x0, 0x5, &(0x7f0000000200)={0x5, 0xf, 0x5}}) 8.047245024s ago: executing program 3 (id=453): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) socket(0x2, 0x2, 0x1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) fsopen(&(0x7f0000001340)='cgroup2\x00', 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/diskstats\x00', 0x0, 0x0) read$FUSE(r3, &(0x7f0000000480)={0x2020}, 0x2020) lseek(r3, 0xfffffffffffffff5, 0x1) openat$cgroup_procs(0xffffffffffffffff, &(0x7f00000002c0)='cgroup.procs\x00', 0x2, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) 7.228196963s ago: executing program 0 (id=454): r0 = syz_open_procfs$pagemap(0xffffffffffffffff, &(0x7f0000000600)) readv(r0, 0x0, 0x0) 6.478141s ago: executing program 3 (id=455): bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x5, 0x2, 0x4}, 0x48) socket$nl_route(0x10, 0x3, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) r0 = getpgrp(0x0) fanotify_init(0x0, 0x101000) read$FUSE(0xffffffffffffffff, 0x0, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000032680)=""/102392, 0x18ff8) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_int(r4, &(0x7f0000000500)='cpuset.sched_relax_domain_level\x00', 0x2, 0x0) syz_clone(0xb21e0000, 0x0, 0x0, 0x0, 0x0, 0x0) r5 = socket$key(0xf, 0x3, 0x2) recvmmsg(r5, &(0x7f0000000440), 0x6f5, 0x2000000022, &(0x7f0000000480)={0x77359400}) sendmsg$key(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0) 6.383821512s ago: executing program 0 (id=456): unshare(0x62040200) 4.705693419s ago: executing program 3 (id=457): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000005c0)=@newtfilter={0x24, 0x2c, 0xd27, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0xb, 0xfff3}, {0x1}, {0x7}}}, 0x24}, 0x1, 0x0, 0x0, 0x810}, 0x0) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000600)={0x90, 0x0, 0x4000000000000, {0x0, 0x200000000, 0x20000000, 0x4, 0x6, 0x4, {0x0, 0x0, 0x0, 0xd, 0x0, 0x100, 0x10000, 0x2, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x7}}}, 0x0, 0x0, 0x0, 0x0, 0x0}) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="14d556a62676ae36e1d165"], 0x14}, 0x1, 0x0, 0x0, 0x4048011}, 0xe2bf268aaf6847d0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000cc0)={'syz1\x00', {0xfff9, 0x2, 0x248, 0x9b99}, 0x37, [0xfffffff8, 0x8, 0x5, 0x9, 0x8, 0x155f, 0x6, 0x4, 0x25cd, 0x1, 0xb4, 0xa, 0xa2b9, 0x6, 0x7, 0xe4, 0x6, 0xfc000000, 0x3, 0xbbf, 0x4a732f64, 0x1, 0x8, 0xd, 0x4, 0x12a3, 0x6, 0x1, 0x2, 0x6, 0x7, 0x81, 0x8a, 0x79, 0x2, 0x4, 0x0, 0x91, 0x4, 0x4, 0x16, 0x2, 0x5, 0x401, 0xfffffff7, 0x405, 0xa7, 0x81, 0x9, 0xf9a2, 0x80000001, 0xff, 0x0, 0x2, 0x2, 0x2, 0x3, 0x1, 0x7ff, 0x4, 0x4007f, 0xffffffff, 0x9, 0x4], [0x9, 0x3, 0x6, 0x9, 0x4, 0xc66, 0xa8a9, 0x20000073, 0x8e, 0xd50, 0x7, 0x5, 0x2, 0x809, 0x4, 0xa7, 0x1000, 0x0, 0x200b398, 0x400000, 0x0, 0x4, 0x1c, 0x7, 0x1, 0x2, 0x3, 0x8, 0xffffff7f, 0x400, 0x6, 0x4c2336d3, 0x4, 0x0, 0xfffffff8, 0x401, 0x46, 0xf1, 0x4, 0xab00060, 0x5, 0x6, 0x2, 0x5, 0x3ff, 0x1ff, 0x1, 0x7fff, 0x1, 0x1cb, 0x1, 0x80000004, 0x6, 0x438, 0x2, 0x9, 0x95, 0x7fffffff, 0x4, 0xfffffff9, 0x1, 0x1000, 0xfffff801, 0x5], [0x2, 0xfffffffe, 0xffff, 0x3, 0x2, 0x2e6bf783, 0x80000001, 0x5, 0x5, 0x491, 0x8d3, 0x200006, 0x8, 0x400, 0x2, 0x400, 0x41, 0x6, 0xee4b, 0x2000004, 0x1, 0x8000003, 0x5, 0x9, 0x3, 0x3, 0x9, 0x3, 0xc7, 0xfff, 0x10000a, 0x8000, 0x400, 0x0, 0x5, 0xd3, 0x8, 0x3437, 0x3, 0xd, 0xfd, 0x601, 0x101, 0xdd80, 0x60a0, 0x7f, 0x9d26, 0x10000, 0x1, 0x2, 0x2, 0x6, 0x8000, 0xf45, 0x3, 0xd500, 0x8, 0xffffffff, 0x9, 0x6, 0x10000, 0xfffffffd, 0x8, 0x1], [0xa772, 0x6, 0x5, 0x1afa, 0xbfc, 0x8, 0x5, 0x7f, 0x55, 0x40, 0xff, 0x1005, 0x1, 0x7, 0x1e, 0x9, 0x81, 0x3, 0x9d86, 0xd, 0xfffffff7, 0x8, 0x140f2, 0x5396, 0x3, 0x6, 0x80008001, 0x7777, 0x1, 0x2, 0x100, 0xd8ce, 0x7fffffff, 0x9, 0xc, 0x32d, 0x3, 0x1ff, 0x2000803, 0xffffffff, 0x10000, 0x0, 0x8004, 0x0, 0x3, 0x6, 0xf, 0xe, 0x5337, 0x26d, 0x6, 0xfffffff9, 0x4, 0xfffffff9, 0x9, 0x4, 0x463f, 0x4, 0xdab, 0x3, 0x8, 0x14000, 0x1, 0x9]}, 0x45c) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xfff, 0x0, 0x40000000000180, 0x2, 0x80000000, 0xf2, 0xd, 0x7fffffffffffe, 0x7, 0x5, 0x7, 0x0, 0x5, 0x4, 0x8], 0x25000, 0x304}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) r4 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r5 = dup(r4) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil}) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f00000000c0)="c20000361e0f01c3660fd2eff30f10f1b961020000b80e000000ba000000000f30b98d0200000f320b99f3530000660f6af7c4e2f91d20", 0x37}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r4, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) 2.206783576s ago: executing program 3 (id=458): mlock(&(0x7f00008dc000/0x1000)=nil, 0x1000) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) getpid() openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f000042f000/0x800000)=nil, 0x800000, 0x15) 1.437197634s ago: executing program 3 (id=459): setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc) setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, 0x0, 0x0) pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) io_setup(0x9b6, &(0x7f0000000000)=0x0) io_pgetevents(r0, 0x1, 0x0, 0x0, &(0x7f0000000080)={0x0, 0x989680}, 0x0) symlink(&(0x7f0000000340)='./file1\x00', &(0x7f0000000200)='./file0\x00') chmod(&(0x7f0000000180)='./file0\x00', 0x234) lchown(0x0, 0xee00, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r1, 0x10e, 0x8, &(0x7f0000000000)=0x2, 0x4) bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r2, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)=ANY=[@ANYBLOB="3c0000001000010000000000000000002c00000020000000ff0f00000000000008001c00c900"], 0x3c}], 0x1, 0x0, 0x0, 0xb305e06d8ab48273}, 0x48800) 0s ago: executing program 3 (id=460): r0 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000400)={'veth0_to_hsr\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x0, r1, {0x0, 0xffe1}, {0xffff, 0xffff}, {0xffe0}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x4, 0x9}}]}}]}, 0x48}}, 0xc840) sendmsg$nl_route_sched(r0, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000800)=@newtfilter={0x54, 0x2c, 0xd2b, 0x70bd2b, 0x25dfdbfb, {0x0, 0x0, 0x0, r1, {0x6}, {}, {0x7, 0xfff1}}, [@filter_kind_options=@f_u32={{0x8}, {0x28, 0x2, [@TCA_U32_SEL={0x24, 0x5, {0xd, 0x7, 0x1, 0x3d3f, 0x0, 0xfff, 0xb709, 0x58f, [{0x0, 0x20008000, 0x4, 0x1}]}}]}}]}, 0x54}, 0x1, 0x0, 0x0, 0x4084}, 0x24040084) recvmmsg$unix(r0, &(0x7f0000000580)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000002c0)=""/219, 0xdb}], 0x1}}], 0x1, 0x60, 0x0) sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)={0x30, 0x0, 0x1, 0x3, 0x0, {}, [@GTPA_LINK={0x8}, @GTPA_I_TEI={0x8, 0x8, 0x2}, @GTPA_TID={0xc}]}, 0x30}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[], 0xc3}, 0x1, 0x100000000000000, 0x0, 0x2000}, 0x40400c0) r2 = socket(0x10, 0x3, 0x0) sendmmsg(r2, &(0x7f0000000000), 0x4000000000001f2, 0x0) kernel console output (not intermixed with test programs): [ 57.957463][ T5435] 8021q: adding VLAN 0 to HW filter on device bond0 [ 57.972700][ T5435] eql: remember to turn off Van-Jacobson compression on your slave devices Starting crond: OK Starting sshd: [ 58.726279][ T5524] sshd (5524) used greatest stack depth: 20720 bytes left OK syzkaller Warning: Permanently added '10.128.1.152' (ED25519) to the list of known hosts. syzkaller login: [ 77.589353][ T5763] cgroup: Unknown subsys name 'net' [ 77.757965][ T5763] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 79.415589][ T5763] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 81.163575][ T5779] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 81.182225][ T5784] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 81.193286][ T5784] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 81.193676][ T5788] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 81.202498][ T5784] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 81.212483][ T5788] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 81.217251][ T5784] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 81.224083][ T5788] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 81.231351][ T5784] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 81.242232][ T5788] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 81.250561][ T5788] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 81.252523][ T5784] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 81.259012][ T5788] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 81.275157][ T5790] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 81.289899][ T5790] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 81.309370][ T5790] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 81.339008][ T5790] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 81.340073][ T5791] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 81.354431][ T5791] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 81.362446][ T5791] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 81.365867][ T5790] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 81.376760][ T5789] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 81.385734][ T5789] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 81.394129][ T5789] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 81.897799][ T5775] chnl_net:caif_netlink_parms(): no params data found [ 81.933648][ T5774] chnl_net:caif_netlink_parms(): no params data found [ 82.056189][ T5780] chnl_net:caif_netlink_parms(): no params data found [ 82.100215][ T5782] chnl_net:caif_netlink_parms(): no params data found [ 82.142766][ T5774] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.150705][ T5774] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.158041][ T5774] bridge_slave_0: entered allmulticast mode [ 82.165468][ T5774] bridge_slave_0: entered promiscuous mode [ 82.182650][ T5775] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.190004][ T5775] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.197212][ T5775] bridge_slave_0: entered allmulticast mode [ 82.206087][ T5775] bridge_slave_0: entered promiscuous mode [ 82.226160][ T5774] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.235086][ T5774] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.243920][ T5774] bridge_slave_1: entered allmulticast mode [ 82.252538][ T5774] bridge_slave_1: entered promiscuous mode [ 82.279220][ T5775] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.286428][ T5775] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.293971][ T5775] bridge_slave_1: entered allmulticast mode [ 82.301611][ T5775] bridge_slave_1: entered promiscuous mode [ 82.369493][ T5775] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 82.387497][ T5775] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 82.423871][ T5774] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 82.436550][ T5774] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 82.464317][ T5780] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.471981][ T5780] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.479296][ T5780] bridge_slave_0: entered allmulticast mode [ 82.486307][ T5780] bridge_slave_0: entered promiscuous mode [ 82.531077][ T5780] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.538362][ T5780] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.545853][ T5780] bridge_slave_1: entered allmulticast mode [ 82.553598][ T5780] bridge_slave_1: entered promiscuous mode [ 82.584915][ T5775] team0: Port device team_slave_0 added [ 82.606150][ T5774] team0: Port device team_slave_0 added [ 82.613075][ T5782] bridge0: port 1(bridge_slave_0) entered blocking state [ 82.621025][ T5782] bridge0: port 1(bridge_slave_0) entered disabled state [ 82.628250][ T5782] bridge_slave_0: entered allmulticast mode [ 82.635490][ T5782] bridge_slave_0: entered promiscuous mode [ 82.645558][ T5775] team0: Port device team_slave_1 added [ 82.673592][ T5774] team0: Port device team_slave_1 added [ 82.691655][ T5782] bridge0: port 2(bridge_slave_1) entered blocking state [ 82.699245][ T5782] bridge0: port 2(bridge_slave_1) entered disabled state [ 82.706495][ T5782] bridge_slave_1: entered allmulticast mode [ 82.713940][ T5782] bridge_slave_1: entered promiscuous mode [ 82.723172][ T5780] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 82.736285][ T5780] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 82.757637][ T5775] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 82.764675][ T5775] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 82.790822][ T5775] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 82.852881][ T5775] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 82.859994][ T5775] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 82.886148][ T5775] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 82.898170][ T5774] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 82.905529][ T5774] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 82.931940][ T5774] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 82.956849][ T5782] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 82.985758][ T5774] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 82.992971][ T5774] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 83.019198][ T5774] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 83.040960][ T5780] team0: Port device team_slave_0 added [ 83.049946][ T5782] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 83.099322][ T5780] team0: Port device team_slave_1 added [ 83.111572][ T5775] hsr_slave_0: entered promiscuous mode [ 83.118110][ T5775] hsr_slave_1: entered promiscuous mode [ 83.127995][ T5782] team0: Port device team_slave_0 added [ 83.171449][ T5782] team0: Port device team_slave_1 added [ 83.194777][ T5774] hsr_slave_0: entered promiscuous mode [ 83.201944][ T5774] hsr_slave_1: entered promiscuous mode [ 83.208366][ T5774] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 83.216477][ T5774] Cannot create hsr debugfs directory [ 83.244588][ T5780] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 83.253833][ T5780] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 83.280284][ T5780] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 83.292921][ T5780] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 83.299985][ T5780] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 83.326060][ T5780] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 83.393985][ T5782] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 83.401076][ T5782] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 83.427235][ T5782] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 83.447198][ T5782] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 83.454340][ T5782] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 83.481082][ T5085] Bluetooth: hci2: command tx timeout [ 83.486817][ T5085] Bluetooth: hci1: command tx timeout [ 83.493054][ T5789] Bluetooth: hci0: command tx timeout [ 83.493102][ T51] Bluetooth: hci3: command tx timeout [ 83.500913][ T5782] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 83.601859][ T5780] hsr_slave_0: entered promiscuous mode [ 83.612327][ T5780] hsr_slave_1: entered promiscuous mode [ 83.618681][ T5780] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 83.627149][ T5780] Cannot create hsr debugfs directory [ 83.697458][ T5782] hsr_slave_0: entered promiscuous mode [ 83.703961][ T5782] hsr_slave_1: entered promiscuous mode [ 83.710727][ T5782] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 83.718348][ T5782] Cannot create hsr debugfs directory [ 83.998535][ T5775] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 84.037010][ T5775] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 84.047817][ T5775] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 84.065749][ T5775] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 84.151155][ T5774] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 84.176097][ T5774] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 84.191979][ T5774] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 84.202944][ T5774] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 84.320370][ T5780] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 84.343359][ T5780] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 84.360750][ T5780] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 84.373149][ T5780] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 84.476870][ T5782] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 84.503632][ T5775] 8021q: adding VLAN 0 to HW filter on device bond0 [ 84.510935][ T5782] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 84.525004][ T5782] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 84.550245][ T5782] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 84.601765][ T5775] 8021q: adding VLAN 0 to HW filter on device team0 [ 84.625960][ T5774] 8021q: adding VLAN 0 to HW filter on device bond0 [ 84.660225][ T5774] 8021q: adding VLAN 0 to HW filter on device team0 [ 84.676892][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.684284][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 84.713630][ T1328] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.720843][ T1328] bridge0: port 2(bridge_slave_1) entered forwarding state [ 84.755045][ T5780] 8021q: adding VLAN 0 to HW filter on device bond0 [ 84.773022][ T2946] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.780238][ T2946] bridge0: port 1(bridge_slave_0) entered forwarding state [ 84.854416][ T42] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.861658][ T42] bridge0: port 2(bridge_slave_1) entered forwarding state [ 84.877636][ T5780] 8021q: adding VLAN 0 to HW filter on device team0 [ 84.904691][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.911895][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 84.950899][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.958079][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 85.111865][ T5782] 8021q: adding VLAN 0 to HW filter on device bond0 [ 85.147123][ T5782] 8021q: adding VLAN 0 to HW filter on device team0 [ 85.197429][ T987] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.205209][ T987] bridge0: port 1(bridge_slave_0) entered forwarding state [ 85.246556][ T987] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.253835][ T987] bridge0: port 2(bridge_slave_1) entered forwarding state [ 85.552208][ T5775] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 85.560316][ T51] Bluetooth: hci3: command tx timeout [ 85.560344][ T5790] Bluetooth: hci0: command tx timeout [ 85.565883][ T51] Bluetooth: hci2: command tx timeout [ 85.573684][ T5085] Bluetooth: hci1: command tx timeout [ 85.654644][ T5780] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 85.791271][ T5774] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 85.802439][ T5775] veth0_vlan: entered promiscuous mode [ 85.846946][ T5782] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 85.862731][ T5780] veth0_vlan: entered promiscuous mode [ 85.877604][ T5775] veth1_vlan: entered promiscuous mode [ 85.917249][ T5780] veth1_vlan: entered promiscuous mode [ 85.956037][ T5774] veth0_vlan: entered promiscuous mode [ 85.985004][ T5775] veth0_macvtap: entered promiscuous mode [ 85.996629][ T5775] veth1_macvtap: entered promiscuous mode [ 86.024947][ T5774] veth1_vlan: entered promiscuous mode [ 86.073377][ T5775] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 86.092402][ T5782] veth0_vlan: entered promiscuous mode [ 86.104371][ T5775] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 86.116831][ T5780] veth0_macvtap: entered promiscuous mode [ 86.138437][ T5775] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.148044][ T5775] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.162417][ T5775] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.171329][ T5775] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.186449][ T5782] veth1_vlan: entered promiscuous mode [ 86.194468][ T5780] veth1_macvtap: entered promiscuous mode [ 86.267830][ T5774] veth0_macvtap: entered promiscuous mode [ 86.293213][ T5774] veth1_macvtap: entered promiscuous mode [ 86.307806][ T5780] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 86.323937][ T5780] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.339901][ T5780] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 86.382355][ T5780] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 86.393095][ T5780] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.405379][ T5780] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 86.425214][ T5774] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 86.436363][ T5774] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.449182][ T5774] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 86.459727][ T5774] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.471397][ T5774] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 86.482713][ T5774] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 86.493721][ T5774] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.505168][ T5774] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 86.516456][ T5774] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.527954][ T5774] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 86.553357][ T1328] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.567718][ T5780] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.568933][ T1328] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.587440][ T5780] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.596731][ T5780] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.606906][ T5780] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.622432][ T5782] veth0_macvtap: entered promiscuous mode [ 86.654121][ T5774] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.667034][ T5774] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.677132][ T5774] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.687949][ T5774] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.705931][ T5782] veth1_macvtap: entered promiscuous mode [ 86.759222][ T5782] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 86.763597][ T1328] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.773263][ T5782] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.788028][ T1328] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.792193][ T5782] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 86.806453][ T5782] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.816575][ T5782] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 86.827427][ T5782] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.839700][ T5782] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 86.887466][ T5782] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 86.902122][ T5782] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.913105][ T5782] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 86.926068][ T5782] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.936765][ T5782] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 86.947824][ T5782] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.960363][ T5782] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 87.051882][ T5782] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.073080][ T5782] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.088888][ T5782] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.097657][ T5782] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 87.130398][ T1328] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.138315][ T1328] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.289314][ T987] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.304828][ T987] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.383017][ T5839] syzkaller0: entered promiscuous mode [ 87.393759][ T5839] syzkaller0: entered allmulticast mode [ 87.418994][ T1134] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.426982][ T1134] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.504066][ T2946] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.541802][ T2946] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.639743][ T5085] Bluetooth: hci2: command tx timeout [ 87.645614][ T5790] Bluetooth: hci1: command tx timeout [ 87.646240][ T51] Bluetooth: hci0: command tx timeout [ 87.652118][ T5789] Bluetooth: hci3: command tx timeout [ 87.804585][ T42] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.864751][ T42] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.143353][ T987] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.169573][ T987] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.348466][ T5845] syzkaller0: entered promiscuous mode [ 88.362072][ T5845] syzkaller0: entered allmulticast mode [ 88.718737][ C1] sched: RT throttling activated [ 88.794187][ T5851] syzkaller0: entered promiscuous mode [ 88.825739][ T5851] syzkaller0: entered allmulticast mode [ 89.728870][ T5790] Bluetooth: hci1: command tx timeout [ 89.734447][ T5789] Bluetooth: hci2: command tx timeout [ 89.742016][ T5085] Bluetooth: hci3: command tx timeout [ 90.715096][ T51] Bluetooth: hci0: command tx timeout [ 92.000423][ T5880] syz.1.9 uses obsolete (PF_INET,SOCK_PACKET) [ 92.133270][ T2044] cfg80211: failed to load regulatory.db [ 93.516848][ T5891] syzkaller0: entered promiscuous mode [ 93.550437][ T5891] syzkaller0: entered allmulticast mode [ 93.936522][ T5894] syzkaller0: entered promiscuous mode [ 94.050670][ T5894] syzkaller0: entered allmulticast mode [ 94.988081][ T5907] syzkaller0: entered promiscuous mode [ 95.003631][ T5907] syzkaller0: entered allmulticast mode [ 95.670918][ T5913] Cannot find del_set index 0 as target [ 98.886752][ T5924] syzkaller0: entered promiscuous mode [ 98.930394][ T5924] syzkaller0: entered allmulticast mode [ 101.016261][ T5952] syzkaller0: entered promiscuous mode [ 101.022316][ T5952] syzkaller0: entered allmulticast mode [ 101.422640][ T5966] syz.0.27[5966]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 101.448948][ T5966] loop0: detected capacity change from 0 to 16 [ 101.633878][ T5966] erofs: (device loop0): mounted with root inode @ nid 36. [ 101.712335][ T5966] syz.0.27: attempt to access beyond end of device [ 101.712335][ T5966] loop0: rw=524288, sector=1056, nr_sectors = 16 limit=16 [ 101.749166][ T5966] syz.0.27: attempt to access beyond end of device [ 101.749166][ T5966] loop0: rw=524288, sector=16, nr_sectors = 40 limit=16 [ 101.780792][ T5966] erofs: (device loop0): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192] [ 101.905008][ T28] audit: type=1800 audit(1777956682.591:2): pid=5966 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.27" name="file2" dev="loop0" ino=89 res=0 errno=0 [ 102.387311][ T5966] syz.0.27 (5966) used greatest stack depth: 19112 bytes left [ 102.574029][ T5980] loop0: detected capacity change from 0 to 16 [ 102.708148][ T5980] erofs: (device loop0): mounted with root inode @ nid 36. [ 102.823184][ T5982] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 102.852129][ T5980] syz.0.28: attempt to access beyond end of device [ 102.852129][ T5980] loop0: rw=524288, sector=1056, nr_sectors = 16 limit=16 [ 103.490645][ T5980] syz.0.28: attempt to access beyond end of device [ 103.490645][ T5980] loop0: rw=524288, sector=16, nr_sectors = 40 limit=16 [ 103.674013][ T5980] erofs: (device loop0): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192] [ 103.755784][ T28] audit: type=1800 audit(1777956684.541:3): pid=5980 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.28" name="file2" dev="loop0" ino=89 res=0 errno=0 [ 106.079123][ T8] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 106.298821][ T8] usb 3-1: Using ep0 maxpacket: 16 [ 106.319524][ T8] usb 3-1: config 0 has no interfaces? [ 106.325365][ T8] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 106.365330][ T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 106.403282][ T8] usb 3-1: config 0 descriptor?? [ 106.714606][ T5998] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 106.723967][ T5998] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 108.150977][ T6008] Bluetooth: MGMT ver 1.22 [ 109.767879][ T6009] loop1: detected capacity change from 0 to 16 [ 109.781813][ T6009] erofs: Unknown parameter './cgroup.net/syz1' [ 110.669566][ T5618] usb 3-1: USB disconnect, device number 2 [ 111.073361][ T6013] syzkaller0: entered promiscuous mode [ 111.095525][ T6013] syzkaller0: entered allmulticast mode [ 111.670533][ T6018] syzkaller0: entered promiscuous mode [ 111.686383][ T6018] syzkaller0: entered allmulticast mode [ 114.179150][ T6048] tipc: Enabling of bearer rejected, failed to enable media [ 114.347230][ T6064] loop3: detected capacity change from 0 to 128 [ 114.382891][ T6064] FAT-fs (loop3): Unrecognized mount option "sh" or missing value [ 114.470922][ T6066] netlink: 4 bytes leftover after parsing attributes in process `syz.2.47'. [ 114.498944][ T6066] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 114.506482][ T6066] IPv6: NLM_F_CREATE should be set when creating new route [ 114.604489][ T6069] syzkaller0: entered promiscuous mode [ 114.628286][ T6069] syzkaller0: entered allmulticast mode [ 115.995452][ T6092] syzkaller0: entered promiscuous mode [ 116.006691][ T6092] syzkaller0: entered allmulticast mode [ 117.500357][ T6121] loop3: detected capacity change from 0 to 1024 [ 117.515439][ T6121] EXT4-fs: Ignoring removed bh option [ 117.559706][ T6121] EXT4-fs (loop3): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 117.605607][ T6121] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 117.683536][ T6121] EXT4-fs warning (device loop3): ext4_expand_extra_isize_ea:2853: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 117.842012][ T5780] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 118.597978][ T6108] tipc: Enabling of bearer rejected, failed to enable media [ 118.610601][ T6109] syzkaller0: entered promiscuous mode [ 118.616157][ T6109] syzkaller0: entered allmulticast mode [ 118.624233][ T6119] netlink: 4 bytes leftover after parsing attributes in process `syz.2.57'. [ 118.640222][ T6119] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 118.785219][ T6131] syzkaller0: entered promiscuous mode [ 118.791012][ T6131] syzkaller0: entered allmulticast mode [ 118.876589][ T6136] syzkaller0: entered promiscuous mode [ 118.883512][ T6136] syzkaller0: entered allmulticast mode [ 121.050902][ T6143] syzkaller0: entered promiscuous mode [ 121.056426][ T6143] syzkaller0: entered allmulticast mode [ 123.810006][ T6186] netlink: 12 bytes leftover after parsing attributes in process `syz.1.68'. [ 124.040380][ T6189] loop0: detected capacity change from 0 to 2048 [ 124.074457][ T6192] loop3: detected capacity change from 0 to 256 [ 124.136129][ T6194] loop1: detected capacity change from 0 to 512 [ 124.152399][ T6192] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x5ce678cf, utbl_chksum : 0xe619d30d) [ 124.170272][ T6194] EXT4-fs: Ignoring removed bh option [ 124.177815][ T6194] EXT4-fs: inline encryption not supported [ 124.195485][ T6192] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 0) [ 124.210840][ T6189] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 124.224145][ T6192] exFAT-fs (loop3): failed to load alloc-bitmap [ 124.230880][ T6192] exFAT-fs (loop3): failed to recognize exfat type [ 124.258974][ T6194] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 124.385224][ T6194] EXT4-fs warning (device loop1): ext4_update_dynamic_rev:1154: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 124.403209][ T5775] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 124.437098][ T6194] EXT4-fs error (device loop1): ext4_validate_block_bitmap:439: comm syz.1.71: bg 0: block 248: padding at end of block bitmap is not set [ 124.553651][ T6194] Quota error (device loop1): write_blk: dquota write failed [ 124.600388][ T6194] Quota error (device loop1): qtree_write_dquot: Error -28 occurred while creating quota [ 124.615776][ T6194] EXT4-fs error (device loop1): ext4_acquire_dquot:6953: comm syz.1.71: Failed to acquire dquot type 1 [ 124.634316][ T6194] EXT4-fs (loop1): 1 truncate cleaned up [ 124.645263][ T6194] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0008-000000000000 r/w without journal. Quota mode: writeback. [ 124.669531][ T6201] syzkaller0: entered promiscuous mode [ 124.675083][ T6201] syzkaller0: entered allmulticast mode [ 124.703282][ T6203] syzkaller0: entered promiscuous mode [ 124.712032][ T6203] syzkaller0: entered allmulticast mode [ 125.588014][ T6210] loop0: detected capacity change from 0 to 512 [ 125.605921][ T6210] EXT4-fs: Ignoring removed nobh option [ 125.636437][ T6210] ext4: Unknown parameter 'seclabel' [ 125.660606][ T5774] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0008-000000000000. [ 125.671470][ T59] Quota error (device loop1): do_check_range: Getting block 0 out of range 1-5 [ 125.683786][ T59] EXT4-fs error (device loop1): ext4_release_dquot:6989: comm kworker/u4:4: Failed to release dquot type 1 [ 125.809198][ T5618] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 126.009048][ T5618] usb 3-1: Using ep0 maxpacket: 16 [ 126.037664][ T5618] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0xD has an invalid bInterval 133, changing to 7 [ 126.073396][ T5618] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0xE has invalid maxpacket 32 [ 126.083511][ T6224] loop3: detected capacity change from 0 to 1024 [ 126.125646][ T5618] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 1024 [ 126.129930][ T6224] EXT4-fs: Ignoring removed bh option [ 126.179903][ T5618] usb 3-1: New USB device found, idVendor=0499, idProduct=1027, bcdDevice= 0.40 [ 126.202596][ T6224] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 126.212947][ T5618] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 126.254030][ T5618] usb 3-1: Product: syz [ 126.264403][ T5618] usb 3-1: Manufacturer: syz [ 126.279621][ T5618] usb 3-1: SerialNumber: syz [ 126.298035][ T6209] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 126.329240][ T6209] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 126.401118][ T5780] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 126.590370][ T6238] syzkaller0: entered promiscuous mode [ 126.608129][ T6241] loop3: detected capacity change from 0 to 512 [ 126.615357][ T6238] syzkaller0: entered allmulticast mode [ 126.639663][ T6241] EXT4-fs: Ignoring removed i_version option [ 126.660141][ C1] raw-gadget.0 gadget.2: ignoring, device is not running [ 126.667658][ T6241] EXT4-fs: Ignoring removed bh option [ 126.667700][ C1] raw-gadget.0 gadget.2: ignoring, device is not running [ 126.708489][ T5618] usb 3-1: Quirk or no altest; falling back to MIDI 1.0 [ 126.745337][ T5618] usb 3-1: invalid MIDI in EP 0 [ 126.773344][ T6241] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 126.806014][ T6241] ext4 filesystem being mounted at /19/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 126.879291][ C1] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 126.976922][ T6248] loop0: detected capacity change from 0 to 1024 [ 127.027825][ T5780] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 127.077654][ T5618] snd-usb-audio: probe of 3-1:1.0 failed with error -22 [ 127.164554][ T5618] usb 3-1: USB disconnect, device number 3 [ 127.278928][ T28] audit: type=1800 audit(1777956708.051:4): pid=6248 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.85" name="file1" dev="loop0" ino=20 res=0 errno=0 [ 127.340221][ T6252] syzkaller0: entered promiscuous mode [ 127.345772][ T6252] syzkaller0: entered allmulticast mode [ 127.441566][ T6254] udevd[6254]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 127.879444][ T6265] veth0: entered promiscuous mode [ 127.899948][ T6265] veth0: left promiscuous mode [ 128.519756][ T5085] Bluetooth: hci0: command 0x1407 tx timeout [ 128.526995][ T5790] Bluetooth: hci0: Opcode 0x1407 failed: -110 [ 128.934788][ T6296] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 129.053416][ T6279] DRBG: could not allocate digest TFM handle: hmac(sha512) [ 129.838479][ T6304] syzkaller0: entered promiscuous mode [ 129.875013][ T6304] syzkaller0: entered allmulticast mode [ 130.075660][ T6310] syzkaller0: entered promiscuous mode [ 130.096481][ T6310] syzkaller0: entered allmulticast mode [ 133.541868][ T1291] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.628878][ T8] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 133.629024][ T1291] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.904098][ T6345] loop1: detected capacity change from 0 to 256 [ 134.012396][ T6345] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 134.100155][ T6347] syzkaller0: entered promiscuous mode [ 134.114216][ T6347] syzkaller0: entered allmulticast mode [ 134.288169][ T6349] loop1: detected capacity change from 0 to 512 [ 134.309866][ T6349] EXT4-fs: Ignoring removed nobh option [ 134.316237][ T6349] ext4: Unknown parameter 'seclabel' [ 134.480990][ T6351] input: syz1 as /devices/virtual/input/input5 [ 134.890480][ T6354] syzkaller0: entered promiscuous mode [ 134.900304][ T6354] syzkaller0: entered allmulticast mode [ 136.549181][ T8] usb 3-1: new full-speed USB device number 4 using dummy_hcd [ 137.554738][ T6387] Illegal XDP return value 4294967294 on prog (id 12) dev N/A, expect packet loss! [ 137.569812][ T8] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 137.589145][ T8] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 137.622171][ T8] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 137.645526][ T8] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 137.656026][ T8] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 137.689355][ T8] usb 3-1: Product: syz [ 137.694610][ T8] usb 3-1: Manufacturer: syz [ 137.735616][ T8] usb 3-1: SerialNumber: syz [ 137.801098][ T6391] loop0: detected capacity change from 0 to 256 [ 137.814967][ T6390] syzkaller0: entered promiscuous mode [ 137.834528][ T6390] syzkaller0: entered allmulticast mode [ 137.840428][ T6391] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 137.947672][ T28] audit: type=1800 audit(1777956718.731:5): pid=6391 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.118" name="file2" dev="loop0" ino=1048595 res=0 errno=0 [ 138.002236][ T8] cdc_ncm 3-1:1.0: skipping garbage [ 138.007520][ T8] cdc_ncm 3-1:1.0: CDC Union missing and no IAD found [ 138.042857][ T8] cdc_ncm 3-1:1.0: bind() failure [ 138.070288][ T8] usb 3-1: USB disconnect, device number 4 [ 138.448336][ T6400] syzkaller0: entered promiscuous mode [ 138.459371][ T6400] syzkaller0: entered allmulticast mode [ 140.116498][ T6430] syzkaller0: entered promiscuous mode [ 140.128005][ T6430] syzkaller0: entered allmulticast mode [ 140.628809][ T8] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 142.739606][ T6448] syzkaller0: entered promiscuous mode [ 142.745463][ T6448] syzkaller0: entered allmulticast mode [ 142.767733][ T8] usb 2-1: Using ep0 maxpacket: 16 [ 142.776373][ T8] usb 2-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 142.787601][ T8] usb 2-1: config 0 interface 0 has no altsetting 0 [ 142.795801][ T8] usb 2-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00 [ 142.805442][ T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 142.820863][ T8] usb 2-1: config 0 descriptor?? [ 142.910418][ T6452] loop3: detected capacity change from 0 to 512 [ 142.923920][ T6451] loop2: detected capacity change from 0 to 512 [ 142.966685][ T6452] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 143.008481][ T6451] FAT-fs (loop2): Directory bread(block 199916) failed [ 143.040336][ T6451] FAT-fs (loop2): Directory bread(block 199917) failed [ 143.047365][ T6451] FAT-fs (loop2): Directory bread(block 199918) failed [ 143.057143][ T5780] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 143.068528][ T6451] FAT-fs (loop2): Directory bread(block 199919) failed [ 143.075633][ T6451] FAT-fs (loop2): Directory bread(block 199920) failed [ 143.091206][ T6451] FAT-fs (loop2): Directory bread(block 199921) failed [ 143.098191][ T6451] FAT-fs (loop2): Directory bread(block 199922) failed [ 143.105253][ T6451] FAT-fs (loop2): Directory bread(block 199923) failed [ 143.173879][ T8] usbhid 2-1:0.0: can't add hid device: -71 [ 143.189630][ T8] usbhid: probe of 2-1:0.0 failed with error -71 [ 143.218969][ T6451] FAT-fs (loop2): Directory bread(block 199916) failed [ 143.250102][ T8] usb 2-1: USB disconnect, device number 2 [ 143.258250][ T6456] loop3: detected capacity change from 0 to 128 [ 143.268895][ T6451] FAT-fs (loop2): Directory bread(block 199917) failed [ 143.284876][ T6456] ======================================================= [ 143.284876][ T6456] WARNING: The mand mount option has been deprecated and [ 143.284876][ T6456] and is ignored by this kernel. Remove the mand [ 143.284876][ T6456] option from the mount to silence this warning. [ 143.284876][ T6456] ======================================================= [ 143.354504][ T6459] syzkaller0: entered promiscuous mode [ 143.361892][ T6459] syzkaller0: entered allmulticast mode [ 143.447838][ T6456] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 143.509187][ T6456] ext4 filesystem being mounted at /37/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 143.856696][ T6472] xt_socket: unknown flags 0x4c [ 144.456240][ T5780] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 144.493558][ T6480] loop1: detected capacity change from 0 to 8 [ 144.691659][ T5774] SQUASHFS error: Unable to read directory block [249:c] [ 145.187742][ T5774] SQUASHFS error: Failed to read block 0x97: -5 [ 145.211197][ T5774] SQUASHFS error: Unable to read metadata cache entry [95] [ 145.228970][ T5774] SQUASHFS error: Unable to read inode 0x60000 [ 145.392792][ T5774] SQUASHFS error: Unable to read metadata cache entry [95] [ 145.453762][ T5774] SQUASHFS error: Unable to read inode 0x60000 [ 145.644901][ T6487] netlink: 8 bytes leftover after parsing attributes in process `syz.0.142'. [ 145.828176][ T6489] loop3: detected capacity change from 0 to 128 [ 145.899427][ T6489] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback. [ 145.927483][ T6492] syzkaller0: entered promiscuous mode [ 145.942752][ T6492] syzkaller0: entered allmulticast mode [ 145.950537][ T6489] ext4 filesystem being mounted at /39/file7 supports timestamps until 2038-01-19 (0x7fffffff) [ 146.067566][ T28] audit: type=1326 audit(1777956726.861:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6488 comm="syz.3.144" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f81d899cdd9 code=0x0 [ 146.577939][ T6499] tipc: Enabling of bearer rejected, failed to enable media [ 146.610628][ T6499] syzkaller0: entered promiscuous mode [ 146.616236][ T6499] syzkaller0: entered allmulticast mode [ 146.762855][ T5780] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 148.061812][ T6521] syzkaller0: entered promiscuous mode [ 148.095046][ T6521] syzkaller0: entered allmulticast mode [ 148.124907][ T5085] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 148.139128][ T5085] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 148.159834][ T5085] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 148.188979][ T5085] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 148.212553][ T5085] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 148.234221][ T5085] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 148.324023][ T6527] syzkaller0: entered promiscuous mode [ 148.334080][ T6527] syzkaller0: entered allmulticast mode [ 149.145345][ T6522] chnl_net:caif_netlink_parms(): no params data found [ 149.318889][ T6543] loop0: detected capacity change from 0 to 4096 [ 149.347740][ T6543] EXT4-fs: EXT4-fs: inode_readahead_blks must be 0 or a power of 2 smaller than 2^31 [ 149.614568][ T6522] bridge0: port 1(bridge_slave_0) entered blocking state [ 149.648972][ T6522] bridge0: port 1(bridge_slave_0) entered disabled state [ 149.676630][ T6522] bridge_slave_0: entered allmulticast mode [ 149.691447][ T6522] bridge_slave_0: entered promiscuous mode [ 149.736090][ T6522] bridge0: port 2(bridge_slave_1) entered blocking state [ 149.769132][ T6522] bridge0: port 2(bridge_slave_1) entered disabled state [ 149.777104][ T6522] bridge_slave_1: entered allmulticast mode [ 149.840148][ T6522] bridge_slave_1: entered promiscuous mode [ 150.280390][ T5790] Bluetooth: hci0: command tx timeout [ 150.666882][ T6522] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 150.717956][ T6522] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 150.920960][ T6522] team0: Port device team_slave_0 added [ 150.941608][ T6522] team0: Port device team_slave_1 added [ 151.022606][ T6522] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 151.029705][ T6522] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 151.078982][ T6522] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 151.099763][ T6553] tipc: Enabling of bearer rejected, failed to enable media [ 151.119547][ T6554] syzkaller0: entered promiscuous mode [ 151.135362][ T6554] syzkaller0: entered allmulticast mode [ 151.155207][ T6522] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 151.174638][ T6522] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 151.219991][ T6522] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 151.463886][ T6522] hsr_slave_0: entered promiscuous mode [ 151.477534][ T6522] hsr_slave_1: entered promiscuous mode [ 151.485923][ T6522] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 151.515400][ T6522] Cannot create hsr debugfs directory [ 152.368930][ T5790] Bluetooth: hci0: command tx timeout [ 152.777073][ T6565] syzkaller0: entered promiscuous mode [ 152.788134][ T6565] syzkaller0: entered allmulticast mode [ 153.031789][ T6522] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 153.131163][ T6522] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 153.200057][ T6522] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 153.242845][ T6522] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 153.340518][ T6579] syzkaller0: entered promiscuous mode [ 153.356280][ T6579] syzkaller0: entered allmulticast mode [ 154.042094][ T6584] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 154.439238][ T5790] Bluetooth: hci0: command tx timeout [ 154.466119][ T6522] 8021q: adding VLAN 0 to HW filter on device bond0 [ 154.593043][ T6522] 8021q: adding VLAN 0 to HW filter on device team0 [ 154.648219][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 154.656220][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 154.746728][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 154.754043][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 155.250799][ T6599] tipc: Enabling of bearer rejected, failed to enable media [ 155.274294][ T6599] syzkaller0: entered promiscuous mode [ 155.291102][ T6599] syzkaller0: entered allmulticast mode [ 155.470320][ T6522] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 157.237675][ T5790] Bluetooth: hci0: command tx timeout [ 157.887378][ T6621] syzkaller0: entered promiscuous mode [ 157.898904][ T6621] syzkaller0: entered allmulticast mode [ 158.100474][ T6522] veth0_vlan: entered promiscuous mode [ 158.132775][ T6522] veth1_vlan: entered promiscuous mode [ 158.240617][ T6522] veth0_macvtap: entered promiscuous mode [ 158.301739][ T6522] veth1_macvtap: entered promiscuous mode [ 158.309316][ T6630] syzkaller0: entered promiscuous mode [ 158.314847][ T6630] syzkaller0: entered allmulticast mode [ 158.370818][ T6522] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 158.389201][ T6522] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 158.399423][ T6522] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 158.410440][ T6522] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 158.452742][ T6522] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 158.489602][ T6522] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 158.501322][ T6522] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 158.512372][ T6522] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 158.525925][ T6522] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 158.610987][ T6522] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 158.642838][ T6522] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 158.677723][ T6522] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 158.722410][ T6522] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 158.732718][ T6522] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 158.744966][ T6522] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 158.755243][ T6522] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 158.776111][ T6522] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 158.796414][ T6522] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 158.813851][ T6638] loop0: detected capacity change from 0 to 512 [ 158.848544][ T6522] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 158.865801][ T6638] EXT4-fs error (device loop0): ext4_iget_extra_inode:4739: inode #15: comm syz.0.180: corrupted in-inode xattr: invalid ea_ino [ 158.917027][ T6522] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 158.938832][ T6638] EXT4-fs error (device loop0): ext4_orphan_get:1409: comm syz.0.180: couldn't read orphan inode 15 (err -117) [ 158.960725][ T6638] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 158.983300][ T6522] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 159.008542][ T6522] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 159.146454][ T6638] EXT4-fs error (device loop0): __ext4_get_inode_loc:4496: comm syz.0.180: Invalid inode table block 5 in block_group 0 [ 159.256252][ T42] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 159.297699][ T42] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 159.330716][ T5775] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 159.429539][ T1134] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 159.447026][ T1134] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 159.500657][ T6650] loop0: detected capacity change from 0 to 128 [ 159.521364][ T6650] EXT4-fs: Ignoring removed nobh option [ 159.539042][ T6650] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 159.600343][ T6650] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback. [ 159.641317][ T6650] ext4 filesystem being mounted at /54/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 159.916686][ T5775] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 160.132776][ T6661] loop0: detected capacity change from 0 to 512 [ 160.379312][ T6661] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 160.401348][ T6666] syzkaller0: entered promiscuous mode [ 160.429255][ T6666] syzkaller0: entered allmulticast mode [ 161.413737][ T5775] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 161.654582][ T6672] loop0: detected capacity change from 0 to 8192 [ 161.696263][ T6672] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 162.468443][ T6679] loop4: detected capacity change from 0 to 512 [ 162.490971][ T6680] loop2: detected capacity change from 0 to 256 [ 162.598045][ T6679] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem [ 162.678516][ T6679] EXT4-fs (loop4): invalid journal inode [ 162.684655][ T6679] EXT4-fs (loop4): can't get journal size [ 162.750030][ T6679] EXT4-fs (loop4): 1 truncate cleaned up [ 162.768451][ T6679] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 163.675548][ T6522] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 163.776368][ T6692] loop0: detected capacity change from 0 to 512 [ 163.863623][ T6692] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 164.005009][ T6692] EXT4-fs error (device loop0): ext4_orphan_get:1404: inode #15: comm syz.0.198: iget: bad i_size value: 38620345925642 [ 164.127733][ T6692] EXT4-fs error (device loop0): ext4_orphan_get:1409: comm syz.0.198: couldn't read orphan inode 15 (err -117) [ 164.278137][ T6692] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 164.380295][ T6697] syzkaller0: entered promiscuous mode [ 164.385846][ T6697] syzkaller0: entered allmulticast mode [ 164.453087][ T6692] EXT4-fs error (device loop0): ext4_validate_block_bitmap:430: comm syz.0.198: bg 0: block 5: invalid block bitmap [ 164.706694][ T5775] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 165.286591][ T966] hid-generic 0005:15C2:0003.0001: hidraw0: BLUETOOTH HID v0.0d Device [syz1] on aa:aa:aa:aa:aa:aa [ 165.509607][ T6722] loop4: detected capacity change from 0 to 1024 [ 165.770315][ T6722] hfsplus: filesystem was not cleanly unmounted, running fsck.hfsplus is recommended. leaving read-only. [ 166.950474][ T6736] loop2: detected capacity change from 0 to 512 [ 166.998302][ T6736] EXT4-fs: inline encryption not supported [ 167.019004][ T6736] EXT4-fs: Ignoring removed i_version option [ 167.050290][ T6739] loop3: detected capacity change from 0 to 128 [ 167.066332][ T6736] EXT4-fs (loop2): 1 orphan inode deleted [ 167.116756][ T6736] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 167.135159][ T6743] cgroup: subsys name conflicts with all [ 167.614465][ T6739] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 167.686999][ T6739] ext4 filesystem being mounted at /49/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 167.865374][ T5782] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 168.088818][ T966] usb 4-1: new full-speed USB device number 2 using dummy_hcd [ 168.273598][ T6759] syzkaller0: entered promiscuous mode [ 168.279755][ T966] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 168.279785][ T966] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 168.300777][ T966] usb 4-1: config 0 descriptor?? [ 168.314594][ T966] cp210x 4-1:0.0: cp210x converter detected [ 168.322963][ T6759] syzkaller0: entered allmulticast mode [ 168.739911][ T966] usb 4-1: cp210x converter now attached to ttyUSB0 [ 168.932704][ T966] usb 4-1: USB disconnect, device number 2 [ 168.967944][ T966] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 169.033243][ T966] cp210x 4-1:0.0: device disconnected [ 169.349055][ T5840] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 169.513939][ T5780] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 169.570053][ T5840] usb 5-1: Using ep0 maxpacket: 16 [ 169.580780][ T5840] usb 5-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 2.00 [ 169.608768][ T5840] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 169.649138][ T5840] usb 5-1: config 0 descriptor?? [ 169.677036][ T5840] ftdi_sio 5-1:0.0: FTDI USB Serial Device converter detected [ 169.753083][ T6783] syzkaller0: entered promiscuous mode [ 169.773104][ T6783] syzkaller0: entered allmulticast mode [ 169.907078][ T5840] usb 5-1: Detected FT232B [ 170.101347][ T5840] ftdi_sio ttyUSB0: Unable to read latency timer: -121 [ 170.317709][ T5840] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 170.342072][ T5840] usb 5-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 170.386743][ T5840] usb 5-1: USB disconnect, device number 2 [ 170.399185][ T6795] loop3: detected capacity change from 0 to 512 [ 170.423612][ T5840] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 170.439214][ T6795] EXT4-fs: Ignoring removed oldalloc option [ 170.450201][ T5840] ftdi_sio 5-1:0.0: device disconnected [ 170.475567][ T6795] EXT4-fs (loop3): 1 truncate cleaned up [ 170.488652][ T6795] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 170.798016][ T5780] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 171.144494][ T6809] syzkaller0: entered promiscuous mode [ 171.168956][ T6809] syzkaller0: entered allmulticast mode [ 171.553351][ T6823] loop2: detected capacity change from 0 to 1024 [ 171.615207][ T6823] syz.2.244: attempt to access beyond end of device [ 171.615207][ T6823] loop2: rw=0, sector=5778, nr_sectors = 2 limit=1024 [ 171.874314][ T6830] netlink: 108 bytes leftover after parsing attributes in process `syz.4.246'. [ 172.259515][ T6839] syzkaller0: entered promiscuous mode [ 172.265080][ T6839] syzkaller0: entered allmulticast mode [ 172.436542][ T6841] syzkaller0: entered promiscuous mode [ 172.450140][ T6841] syzkaller0: entered allmulticast mode [ 172.470018][ T6844] Zero length message leads to an empty skb [ 173.411381][ T6855] loop3: detected capacity change from 0 to 16 [ 173.473925][ T6855] erofs: (device loop3): mounted with root inode @ nid 36. [ 173.549153][ T6855] erofs: (device loop3): erofs_find_target_block: corrupted dir block 0 @ nid 36 [ 173.575429][ T6855] erofs: (device loop3): erofs_find_target_block: corrupted dir block 0 @ nid 36 [ 173.613371][ T6855] erofs: (device loop3): erofs_readdir: invalid de[0].nameoff 0 @ nid 36 [ 174.845123][ T6869] kvm: pic: level sensitive irq not supported [ 174.845379][ T6869] kvm: pic: non byte read [ 174.911643][ T6869] kvm: pic: level sensitive irq not supported [ 174.911716][ T6869] kvm: pic: non byte read [ 174.942921][ T6869] kvm: pic: level sensitive irq not supported [ 174.943007][ T6869] kvm: pic: non byte read [ 174.985179][ T6869] kvm: pic: level sensitive irq not supported [ 174.985250][ T6869] kvm: pic: non byte read [ 174.996218][ T6869] kvm: pic: level sensitive irq not supported [ 174.996282][ T6869] kvm: pic: non byte read [ 175.007117][ T6869] kvm: pic: level sensitive irq not supported [ 175.007183][ T6869] kvm: pic: non byte read [ 175.017940][ T6869] kvm: pic: level sensitive irq not supported [ 175.018004][ T6869] kvm: pic: non byte read [ 175.028953][ T6869] kvm: pic: level sensitive irq not supported [ 175.029018][ T6869] kvm: pic: non byte read [ 175.039837][ T6869] kvm: pic: level sensitive irq not supported [ 175.039904][ T6869] kvm: pic: non byte read [ 175.061682][ T6869] kvm: pic: level sensitive irq not supported [ 175.061761][ T6869] kvm: pic: non byte read [ 176.034114][ T6882] loop0: detected capacity change from 0 to 128 [ 176.112674][ T6882] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 176.133989][ T6882] ext4 filesystem being mounted at /71/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 176.258633][ T6889] loop2: detected capacity change from 0 to 512 [ 176.311551][ T6889] EXT4-fs: Ignoring removed nobh option [ 176.317285][ T6889] ext4: Unknown parameter 'seclabel' [ 176.387671][ T6891] loop3: detected capacity change from 0 to 16 [ 176.420840][ T6891] erofs: (device loop3): mounted with root inode @ nid 36. [ 176.445446][ T6889] loop2: detected capacity change from 0 to 1024 [ 176.452817][ T6893] loop4: detected capacity change from 0 to 256 [ 176.472512][ T6891] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36 [ 176.500865][ T6891] erofs: (device loop3): z_erofs_read_folio: read error -117 @ 43 of nid 36 [ 176.875554][ T5775] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 178.103387][ T6912] loop3: detected capacity change from 0 to 128 [ 178.196678][ T6912] syz.3.274: attempt to access beyond end of device [ 178.196678][ T6912] loop3: rw=1, sector=145, nr_sectors = 65 limit=128 [ 178.294937][ T6914] loop0: detected capacity change from 0 to 512 [ 178.369374][ T6914] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a803c198, mo2=0002] [ 178.379013][ T6914] System zones: 1-12 [ 180.057855][ T6914] EXT4-fs error (device loop0): ext4_iget_extra_inode:4739: inode #15: comm syz.0.276: corrupted in-inode xattr: e_value size too large [ 180.073714][ T6914] EXT4-fs error (device loop0): ext4_orphan_get:1409: comm syz.0.276: couldn't read orphan inode 15 (err -117) [ 180.093366][ T6914] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 180.470650][ T6923] dns_resolver: Unsupported server list version (6) [ 181.020285][ T5775] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 182.356682][ T6935] loop4: detected capacity change from 0 to 1024 [ 182.367865][ T6935] EXT4-fs: Ignoring removed orlov option [ 182.374223][ T6935] EXT4-fs: inline encryption not supported [ 182.383628][ T6935] EXT4-fs (loop4): bad geometry: bigalloc file system with non-zero first_data_block [ 182.383628][ T6935] [ 182.450631][ T5777] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 185.807213][ T6959] capability: warning: `syz.3.288' uses deprecated v2 capabilities in a way that may be insecure [ 185.924712][ T6956] input: syz1 as /devices/virtual/input/input6 [ 186.327704][ T6963] syzkaller0: entered promiscuous mode [ 186.483609][ T6963] syzkaller0: entered allmulticast mode [ 187.158490][ T6970] loop2: detected capacity change from 0 to 512 [ 187.191185][ T6970] EXT4-fs: Ignoring removed nobh option [ 187.206760][ T6970] ext4: Unknown parameter 'seclabel' [ 187.216930][ T6969] netlink: 4 bytes leftover after parsing attributes in process `syz.4.292'. [ 187.699944][ T6977] loop4: detected capacity change from 0 to 1024 [ 188.639994][ T28] audit: type=1804 audit(1777956769.261:7): pid=6983 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.296" name="/newroot/32/bus/file1" dev="loop4" ino=20 res=1 errno=0 [ 188.699930][ T6977] hfsplus: xattr searching failed [ 188.709827][ T6983] hfsplus: xattr searching failed [ 190.819164][ T5618] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 190.999122][ T6997] syzkaller0: entered promiscuous mode [ 191.004685][ T6997] syzkaller0: entered allmulticast mode [ 191.034219][ T5618] usb 1-1: config 215 has too many interfaces: 188, using maximum allowed: 32 [ 191.054212][ T5618] usb 1-1: config 215 has an invalid descriptor of length 0, skipping remainder of the config [ 191.076351][ T5618] usb 1-1: config 215 has 2 interfaces, different from the descriptor's value: 188 [ 191.115184][ T5618] usb 1-1: config 215 interface 1 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 191.146948][ T5618] usb 1-1: config 215 interface 1 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 191.190500][ T5618] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 191.200295][ T5618] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 191.208339][ T5618] usb 1-1: Product: syz [ 191.228754][ T5618] usb 1-1: Manufacturer: syz [ 191.233746][ T5618] usb 1-1: SerialNumber: syz [ 191.494014][ T6999] netlink: 4 bytes leftover after parsing attributes in process `syz.3.303'. [ 191.815950][ T7003] loop2: detected capacity change from 0 to 2048 [ 191.893159][ T7003] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 191.999696][ T7003] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters [ 192.330337][ T5618] cdc_ncm 1-1:215.0: bind() failure [ 192.498290][ T5782] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 192.634844][ T5618] cdc_ncm: probe of 1-1:215.1 failed with error -71 [ 192.692666][ T5618] cdc_mbim: probe of 1-1:215.1 failed with error -71 [ 192.732826][ T5618] usbtest: probe of 1-1:215.1 failed with error -71 [ 192.782484][ T5618] usb 1-1: USB disconnect, device number 3 [ 193.363519][ T7021] syzkaller0: entered promiscuous mode [ 193.375293][ T7021] syzkaller0: entered allmulticast mode [ 193.752207][ T7023] netlink: 4 bytes leftover after parsing attributes in process `syz.0.312'. [ 195.486189][ T1291] ieee802154 phy0 wpan0: encryption failed: -22 [ 195.497993][ T1291] ieee802154 phy1 wpan1: encryption failed: -22 [ 198.061886][ T7036] loop2: detected capacity change from 0 to 164 [ 198.214429][ T7036] Unable to read rock-ridge attributes [ 198.270636][ T7039] syzkaller0: entered promiscuous mode [ 198.276179][ T7039] syzkaller0: entered allmulticast mode [ 198.630559][ T7043] loop0: detected capacity change from 0 to 256 [ 199.107464][ T7045] Bluetooth: MGMT ver 1.22 [ 199.112428][ T7045] Bluetooth: hci0: service_discovery: too big uuid_count value 25455 [ 200.071318][ T7050] loop3: detected capacity change from 0 to 512 [ 200.088257][ T7050] EXT4-fs: Ignoring removed nobh option [ 200.111161][ T7050] ext4: Unknown parameter 'seclabel' [ 200.150769][ T7048] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 200.213499][ T7050] loop3: detected capacity change from 0 to 1024 [ 200.241632][ T7052] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 200.432528][ T5840] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 200.529112][ T7057] syzkaller0: entered promiscuous mode [ 200.536500][ T7057] syzkaller0: entered allmulticast mode [ 200.661336][ T5840] usb 1-1: Using ep0 maxpacket: 16 [ 200.673020][ T5840] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 200.706795][ T5840] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 200.746451][ T5840] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 200.799162][ T5840] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 200.817010][ T5840] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 200.831809][ T5840] usb 1-1: config 0 descriptor?? [ 201.288623][ T5840] microsoft 0003:045E:07DA.0002: unknown main item tag 0x0 [ 201.308715][ T5840] microsoft 0003:045E:07DA.0002: ignoring exceeding usage max [ 201.342744][ T7063] loop4: detected capacity change from 0 to 128 [ 201.356848][ T5840] microsoft 0003:045E:07DA.0002: No inputs registered, leaving [ 201.433202][ T5840] microsoft 0003:045E:07DA.0002: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.0-1/input0 [ 201.464987][ T5840] microsoft 0003:045E:07DA.0002: no inputs found [ 201.504116][ T5840] microsoft 0003:045E:07DA.0002: could not initialize ff, continuing anyway [ 201.585116][ T5840] usb 1-1: USB disconnect, device number 4 [ 201.730568][ T7064] fido_id[7064]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 203.727498][ T7072] syzkaller0: entered promiscuous mode [ 203.741991][ T7072] syzkaller0: entered allmulticast mode [ 204.985719][ T7078] loop0: detected capacity change from 0 to 1024 [ 205.132972][ T7078] hfsplus: invalid file type 0120411 for inode 2 [ 205.139934][ T7078] hfsplus: failed to load root directory [ 205.509863][ T7081] syzkaller0: entered promiscuous mode [ 205.539296][ T7081] syzkaller0: entered allmulticast mode [ 205.802739][ T7093] loop2: detected capacity change from 0 to 512 [ 205.857337][ T7093] EXT4-fs: Ignoring removed oldalloc option [ 207.365912][ T0] NOHZ tick-stop error: local softirq work is pending, handler #82!!! [ 207.454978][ T5790] Bluetooth: hci0: Opcode 0x1407 failed: -110 [ 207.455393][ T5781] Bluetooth: hci0: command 0x1407 tx timeout [ 207.463898][ T5790] Bluetooth: hci3: command 0x0406 tx timeout [ 207.468581][ T5791] Bluetooth: hci1: command 0x0406 tx timeout [ 207.476269][ T5784] Bluetooth: hci2: command 0x0406 tx timeout [ 207.596189][ T7093] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 207.626787][ T7093] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 207.725853][ T7093] EXT4-fs (loop2): 1 truncate cleaned up [ 207.760398][ T7093] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 208.053810][ T5782] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 208.080736][ T7113] loop0: detected capacity change from 0 to 512 [ 208.098994][ T7113] EXT4-fs: Ignoring removed nobh option [ 208.129556][ T7113] ext4: Unknown parameter 'seclabel' [ 209.765152][ T7134] syzkaller0: entered promiscuous mode [ 209.781899][ T7134] syzkaller0: entered allmulticast mode [ 210.083034][ T7143] syzkaller0: entered promiscuous mode [ 210.088584][ T7143] syzkaller0: entered allmulticast mode [ 210.681086][ T7173] loop2: detected capacity change from 0 to 8 [ 210.727470][ T7173] SQUASHFS error: zlib decompression failed, data probably corrupt [ 210.757645][ T7173] SQUASHFS error: Failed to read block 0x9b: -5 [ 210.763963][ T7173] SQUASHFS error: Unable to read metadata cache entry [99] [ 210.829537][ T7173] SQUASHFS error: Unable to read inode 0x127 [ 210.895901][ T6254] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 210.936106][ T7175] loop3: detected capacity change from 0 to 256 [ 210.956765][ T7175] exFAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 211.022034][ T7175] exFAT-fs (loop3): Medium has reported failures. Some data may be lost. [ 211.045766][ T7173] loop2: detected capacity change from 0 to 1024 [ 211.100977][ T7175] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 211.116733][ T7173] hfsplus: Filesystem is marked locked, mounting read-only. [ 211.656411][ T7180] loop3: detected capacity change from 0 to 512 [ 211.681222][ T7183] loop2: detected capacity change from 0 to 512 [ 211.692607][ T7180] EXT4-fs: Ignoring removed oldalloc option [ 211.703099][ T7180] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 211.717207][ T7183] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 211.744633][ T7180] EXT4-fs (loop3): 1 truncate cleaned up [ 211.760326][ T7183] EXT4-fs (loop2): 1 truncate cleaned up [ 211.780562][ T7183] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 211.805864][ T7180] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 211.899512][ T28] audit: type=1800 audit(1777956791.942:8): pid=7183 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.348" name="file1" dev="loop2" ino=15 res=0 errno=0 [ 212.051157][ T5780] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 212.158734][ T5782] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 212.316726][ T7191] syzkaller0: entered promiscuous mode [ 212.338631][ T7191] syzkaller0: entered allmulticast mode [ 212.939737][ T2044] hid-generic 0005:0006:5508.0003: hidraw0: BLUETOOTH HID vc3.36 Device [syz0] on aa:aa:aa:aa:aa:aa [ 213.308946][ T7201] syzkaller0: entered promiscuous mode [ 213.314669][ T7201] syzkaller0: entered allmulticast mode [ 213.775418][ T7207] kvm: emulating exchange as write [ 213.926578][ T7217] loop4: detected capacity change from 0 to 512 [ 213.961074][ T7217] EXT4-fs: Ignoring removed nobh option [ 213.978047][ T7217] ext4: Unknown parameter 'seclabel' [ 214.128482][ T7217] loop4: detected capacity change from 0 to 1024 [ 214.473851][ T7220] syzkaller0: entered promiscuous mode [ 214.612978][ T7220] syzkaller0: entered allmulticast mode [ 215.235421][ T7228] syzkaller0: entered promiscuous mode [ 215.241652][ T7228] syzkaller0: entered allmulticast mode [ 217.228627][ T5618] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 217.436034][ T5618] usb 4-1: Using ep0 maxpacket: 32 [ 217.458961][ T5618] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 217.572500][ T5618] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 217.712402][ T5618] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 217.932936][ T5618] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 217.978118][ T5618] usb 4-1: config 0 descriptor?? [ 218.029536][ T5618] hub 4-1:0.0: USB hub found [ 218.204799][ T7247] loop0: detected capacity change from 0 to 2048 [ 218.252395][ T7247] EXT4-fs: Ignoring removed i_version option [ 218.293212][ T5618] hub 4-1:0.0: config failed, hub doesn't have any ports! (err -19) [ 218.378296][ T7247] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 218.466152][ T7247] ext4 filesystem being mounted at /95/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 218.703072][ T7247] EXT4-fs (loop0): shut down requested (0) [ 218.816310][ T5618] hid-generic 0003:046D:C31C.0004: hidraw1: USB HID v8.00 Device [HID 046d:c31c] on usb-dummy_hcd.3-1/input0 [ 218.949216][ T5618] usb 4-1: USB disconnect, device number 3 [ 219.122667][ T5775] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 219.239317][ T7252] fido_id[7252]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory [ 219.510572][ T7254] netlink: 112 bytes leftover after parsing attributes in process `syz.0.370'. [ 219.913554][ T7268] loop2: detected capacity change from 0 to 2048 [ 220.036896][ T7268] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a840c018, mo2=0002] [ 220.078439][ T7268] System zones: 0-4 [ 220.133175][ T7268] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 220.188434][ T7276] syzkaller0: entered promiscuous mode [ 220.194244][ T7276] syzkaller0: entered allmulticast mode [ 220.243337][ T7268] ext4 filesystem being mounted at /91/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 220.400507][ T5782] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 222.556020][ T7293] xt_CT: You must specify a L4 protocol and not use inversions on it [ 223.502493][ T7297] loop2: detected capacity change from 0 to 512 [ 223.522361][ T7297] EXT4-fs: Ignoring removed nobh option [ 223.547671][ T7297] ext4: Unknown parameter 'seclabel' [ 223.630812][ T7297] loop2: detected capacity change from 0 to 1024 [ 225.417543][ T7311] loop3: detected capacity change from 0 to 2048 [ 225.521876][ T7311] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a840c018, mo2=0002] [ 225.578974][ T7311] System zones: 0-4 [ 225.631607][ T7311] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 225.728616][ T7311] ext4 filesystem being mounted at /100/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 226.058737][ T5780] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 231.381062][ T49] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 231.573938][ T49] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 231.728015][ T49] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 231.912543][ T49] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 234.508880][ T7381] loop0: detected capacity change from 0 to 2048 [ 234.764378][ T7375] Cannot find del_set index 0 as target [ 234.794523][ T7381] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a840c018, mo2=0002] [ 234.870003][ T7381] System zones: 0-4 [ 234.879209][ T7381] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 234.900827][ T7381] ext4 filesystem being mounted at /102/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 235.690292][ T5775] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 236.804593][ T0] NOHZ tick-stop error: local softirq work is pending, handler #c2!!! [ 237.406259][ T7407] loop4: detected capacity change from 0 to 512 [ 237.413640][ T7407] EXT4-fs: Ignoring removed nobh option [ 237.848388][ T7407] ext4: Unknown parameter 'seclabel' [ 238.408263][ T27] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 238.742374][ T7407] loop4: detected capacity change from 0 to 1024 [ 238.782159][ T27] usb 3-1: Using ep0 maxpacket: 16 [ 238.818952][ T27] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 238.897686][ T27] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 238.989061][ T27] usb 3-1: New USB device found, idVendor=28bd, idProduct=0078, bcdDevice= 0.00 [ 239.071681][ T27] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 240.072737][ T27] usb 3-1: config 0 descriptor?? [ 240.593481][ T27] usb 3-1: USB disconnect, device number 5 [ 244.011827][ T7457] netlink: 12 bytes leftover after parsing attributes in process `syz.3.409'. [ 244.745551][ T2044] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 245.003140][ T2044] usb 5-1: Using ep0 maxpacket: 16 [ 245.259621][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 245.398575][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 245.409242][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 245.526845][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 245.558913][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 245.687391][ T0] NOHZ tick-stop error: local softirq work is pending, handler #102!!! [ 245.804789][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 245.858238][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 246.095305][ T49] hsr_slave_0: left promiscuous mode [ 246.104254][ T2044] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 246.146354][ T2044] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 246.178286][ T49] hsr_slave_1: left promiscuous mode [ 246.199612][ T2044] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 246.246873][ T2044] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 246.273085][ T49] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 246.291288][ T2044] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 246.302774][ T49] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 246.321086][ T2044] usb 5-1: config 0 descriptor?? [ 246.348751][ T49] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 246.371688][ T49] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 246.391974][ T49] bridge_slave_1: left allmulticast mode [ 246.431481][ T49] bridge_slave_1: left promiscuous mode [ 246.444139][ T49] bridge0: port 2(bridge_slave_1) entered disabled state [ 246.548414][ T49] bridge_slave_0: left allmulticast mode [ 246.588903][ T49] bridge_slave_0: left promiscuous mode [ 246.594741][ T49] bridge0: port 1(bridge_slave_0) entered disabled state [ 246.823745][ T2044] microsoft 0003:045E:07DA.0005: unknown main item tag 0x2 [ 246.861187][ T7485] loop3: detected capacity change from 0 to 16 [ 246.871473][ T2044] microsoft 0003:045E:07DA.0005: unknown main item tag 0x4 [ 246.891675][ T49] veth1_macvtap: left promiscuous mode [ 246.901703][ T2044] microsoft 0003:045E:07DA.0005: item 0 4 0 8 parsing failed [ 246.909620][ T49] veth0_macvtap: left promiscuous mode [ 246.940741][ T49] veth1_vlan: left promiscuous mode [ 246.947346][ T49] veth0_vlan: left promiscuous mode [ 246.957832][ T2044] microsoft 0003:045E:07DA.0005: parse failed [ 246.959743][ T7485] erofs: (device loop3): mounted with root inode @ nid 36. [ 246.991957][ T2044] microsoft: probe of 0003:045E:07DA.0005 failed with error -22 [ 247.088494][ T2044] usb 5-1: USB disconnect, device number 3 [ 247.148363][ T7485] syz.3.414: attempt to access beyond end of device [ 247.148363][ T7485] loop3: rw=0, sector=34359214080, nr_sectors = 8 limit=16 [ 247.237862][ T7485] erofs: (device loop3): erofs_readdir: fail to readdir of logical block 0 of nid 46 [ 248.044829][ T7500] loop4: detected capacity change from 0 to 512 [ 248.076000][ T7500] EXT4-fs: Ignoring removed nobh option [ 248.126568][ T7500] ext4: Unknown parameter 'seclabel' [ 248.327090][ T7500] loop4: detected capacity change from 0 to 1024 [ 248.626117][ T7507] Cannot find del_set index 0 as target [ 249.934653][ T49] team0 (unregistering): Port device team_slave_1 removed [ 250.053948][ T49] team0 (unregistering): Port device team_slave_0 removed [ 250.168021][ T49] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 250.283952][ T49] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 251.531695][ T49] bond0 (unregistering): Released all slaves [ 254.594254][ T7521] syzkaller0: entered promiscuous mode [ 254.646906][ T7521] syzkaller0: entered allmulticast mode [ 258.482401][ T2044] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 258.884284][ T2044] usb 4-1: Using ep0 maxpacket: 16 [ 258.917608][ T2044] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 258.938683][ T2044] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 258.975702][ T2044] usb 4-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00 [ 258.998792][ T2044] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 259.167280][ T2044] usb 4-1: config 0 descriptor?? [ 259.829668][ T1291] ieee802154 phy0 wpan0: encryption failed: -22 [ 259.836071][ T1291] ieee802154 phy1 wpan1: encryption failed: -22 [ 259.958342][ T2044] hid-multitouch 0003:1FD2:6007.0006: unknown main item tag 0x0 [ 259.966081][ T2044] hid-multitouch 0003:1FD2:6007.0006: unknown main item tag 0x0 [ 259.974504][ T2044] hid-multitouch 0003:1FD2:6007.0006: item fetching failed at offset 2/5 [ 259.984246][ T2044] hid-multitouch: probe of 0003:1FD2:6007.0006 failed with error -22 [ 261.775276][ T5828] usb 4-1: USB disconnect, device number 4 [ 262.306418][ T7573] loop0: detected capacity change from 0 to 256 [ 266.077402][ T7595] loop0: detected capacity change from 0 to 2048 [ 266.131511][ T7595] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a840c018, mo2=0002] [ 266.162437][ T7595] System zones: 0-4 [ 266.190569][ T7595] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 266.269554][ T7595] ext4 filesystem being mounted at /110/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 268.347273][ T7606] loop2: detected capacity change from 0 to 2048 [ 268.514885][ T7606] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 268.685081][ T7606] ptrace attach of "ci2-linux-6-6-kasan/syz-executor exec"[7607] was attempted by "ci2-linux-6-6-kasan/syz-executor exec"[7606] [ 268.765109][ T5782] UDF-fs: error (device loop2): udf_read_inode: (ino 1317) failed !bh [ 268.819422][ T5782] UDF-fs: error (device loop2): udf_read_inode: (ino 1317) failed !bh [ 269.343878][ T51] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 269.371521][ T51] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 269.384275][ T51] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 269.395117][ T51] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 269.404489][ T51] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 269.412063][ T51] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 269.653494][ T5775] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 270.936511][ T7623] syzkaller0: entered promiscuous mode [ 270.942067][ T7623] syzkaller0: entered allmulticast mode [ 271.674579][ T51] Bluetooth: hci3: command tx timeout [ 272.635893][ T49] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 273.327308][ T7656] warning: `syz.3.447' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 273.625072][ T7610] chnl_net:caif_netlink_parms(): no params data found [ 273.703535][ T49] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 273.767122][ T7661] loop3: detected capacity change from 0 to 2048 [ 273.864850][ T7661] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a840c018, mo2=0002] [ 273.873058][ T7661] System zones: 0-4 [ 273.907455][ T51] Bluetooth: hci3: command tx timeout [ 273.952902][ T7661] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 273.968940][ T49] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 274.018622][ T7661] ext4 filesystem being mounted at /126/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 274.196113][ T7668] loop0: detected capacity change from 0 to 1024 [ 274.253864][ T49] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 274.268787][ T5780] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 274.313961][ T5789] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 274.325111][ T5789] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 274.335299][ T5789] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 274.344005][ T5789] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 274.352907][ T5789] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 274.360421][ T5789] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 274.377892][ T7610] bridge0: port 1(bridge_slave_0) entered blocking state [ 274.385087][ T7610] bridge0: port 1(bridge_slave_0) entered disabled state [ 274.419578][ T7668] ext4: Unknown parameter 'nouser_xattr' [ 274.426236][ T7610] bridge_slave_0: entered allmulticast mode [ 274.443923][ T7610] bridge_slave_0: entered promiscuous mode [ 274.474766][ T7610] bridge0: port 2(bridge_slave_1) entered blocking state [ 274.481944][ T7610] bridge0: port 2(bridge_slave_1) entered disabled state [ 274.489320][ T7610] bridge_slave_1: entered allmulticast mode [ 274.522613][ T7610] bridge_slave_1: entered promiscuous mode [ 274.589494][ T7345] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 274.616565][ T7610] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 274.652103][ T7610] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 274.796736][ T7610] team0: Port device team_slave_0 added [ 274.818392][ T7610] team0: Port device team_slave_1 added [ 275.005739][ T7610] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 275.029188][ T7610] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 275.157480][ T7610] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 275.209804][ T7610] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 275.238663][ T7610] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 275.293534][ T7610] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 275.435967][ T8] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 275.501645][ T7610] hsr_slave_0: entered promiscuous mode [ 275.533479][ T7610] hsr_slave_1: entered promiscuous mode [ 275.553588][ T7610] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 275.561302][ T7610] Cannot create hsr debugfs directory [ 275.692062][ T8] usb 1-1: Using ep0 maxpacket: 32 [ 275.758625][ T8] usb 1-1: config 1 interface 0 altsetting 0 has an invalid endpoint with address 0x55, skipping [ 275.833102][ T8] usb 1-1: New USB device found, idVendor=1235, idProduct=8210, bcdDevice= 0.40 [ 275.873004][ T8] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 275.911950][ T8] usb 1-1: Product: syz [ 275.916210][ T8] usb 1-1: Manufacturer: syz [ 275.937803][ T8] usb 1-1: SerialNumber: syz [ 275.996888][ T7690] loop3: detected capacity change from 0 to 512 [ 276.119967][ T5789] Bluetooth: hci3: command tx timeout [ 276.150827][ T7690] EXT4-fs error (device loop3): ext4_iget_extra_inode:4739: inode #15: comm syz.3.452: corrupted in-inode xattr: invalid ea_ino [ 276.206392][ T7690] EXT4-fs error (device loop3): ext4_orphan_get:1409: comm syz.3.452: couldn't read orphan inode 15 (err -117) [ 276.327800][ T7690] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 276.359868][ T8] usb 1-1: Quirk or no altest; falling back to MIDI 1.0 [ 276.418828][ T8] usb 1-1: MIDIStreaming interface descriptor not found [ 276.512323][ T7669] chnl_net:caif_netlink_parms(): no params data found [ 276.547171][ T5789] Bluetooth: hci0: command tx timeout [ 276.654281][ T8] usb 1-1: USB disconnect, device number 5 [ 276.704057][ T5780] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 276.924481][ T7416] udevd[7416]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 279.815745][ T51] Bluetooth: hci0: command tx timeout [ 279.825854][ T5789] Bluetooth: hci3: command tx timeout [ 280.445421][ T7669] bridge0: port 1(bridge_slave_0) entered blocking state [ 280.480768][ T7669] bridge0: port 1(bridge_slave_0) entered disabled state [ 280.488041][ T7669] bridge_slave_0: entered allmulticast mode [ 280.524554][ T7669] bridge_slave_0: entered promiscuous mode [ 280.794870][ T7610] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 280.849119][ T7610] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 280.870578][ T7669] bridge0: port 2(bridge_slave_1) entered blocking state [ 280.887105][ T7669] bridge0: port 2(bridge_slave_1) entered disabled state [ 280.894377][ T7669] bridge_slave_1: entered allmulticast mode [ 280.959504][ T7669] bridge_slave_1: entered promiscuous mode [ 281.148985][ T7610] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 281.276711][ T7610] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 281.392404][ T7669] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 281.444622][ T7669] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 281.955887][ T7669] team0: Port device team_slave_0 added [ 281.980910][ T7669] team0: Port device team_slave_1 added [ 282.022616][ T5789] Bluetooth: hci0: command tx timeout [ 282.468472][ T7669] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 282.498885][ T7669] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 282.533800][ T7669] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 282.549844][ T7669] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 282.557207][ T7669] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 282.584075][ T7669] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 282.689810][ T49] hsr_slave_0: left promiscuous mode [ 282.700075][ T49] hsr_slave_1: left promiscuous mode [ 282.710800][ T49] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 282.722783][ T49] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 282.743222][ T49] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 282.754534][ T49] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 282.766270][ T49] bridge_slave_1: left allmulticast mode [ 282.777906][ T49] bridge_slave_1: left promiscuous mode [ 282.787019][ T49] bridge0: port 2(bridge_slave_1) entered disabled state [ 282.804548][ T49] bridge_slave_0: left allmulticast mode [ 282.810386][ T49] bridge_slave_0: left promiscuous mode [ 282.821108][ T49] bridge0: port 1(bridge_slave_0) entered disabled state [ 282.895609][ T49] veth1_macvtap: left promiscuous mode [ 282.911607][ T49] veth0_macvtap: left promiscuous mode [ 282.922542][ T49] veth1_vlan: left promiscuous mode [ 282.939040][ T49] veth0_vlan: left promiscuous mode [ 283.728107][ T49] team0 (unregistering): Port device team_slave_1 removed [ 283.780337][ T49] team0 (unregistering): Port device team_slave_0 removed [ 283.831294][ T49] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 283.883163][ T49] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 284.243815][ T5789] Bluetooth: hci0: command tx timeout [ 284.258995][ T49] bond0 (unregistering): Released all slaves [ 284.374540][ T7741] netlink: 20 bytes leftover after parsing attributes in process `syz.3.459'. [ 284.494540][ T7741] veth0_to_bond: entered promiscuous mode [ 284.506213][ T7741] veth0_to_bond: entered allmulticast mode [ 284.583143][ T7669] hsr_slave_0: entered promiscuous mode [ 284.591400][ T7669] hsr_slave_1: entered promiscuous mode [ 284.602774][ T7669] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 284.610512][ T7669] Cannot create hsr debugfs directory [ 284.736648][ T7743] netlink: 'syz.3.460': attribute type 3 has an invalid length. [ 284.744381][ T7743] netlink: 24 bytes leftover after parsing attributes in process `syz.3.460'. [ 284.755695][ T7743] ------------[ cut here ]------------ [ 284.761748][ T7743] memcpy: detected field-spanning write (size 32) of single field "&new->sel" at net/sched/cls_u32.c:855 (size 16) [ 284.775232][ T7743] WARNING: CPU: 1 PID: 7743 at net/sched/cls_u32.c:855 u32_change+0x1c5a/0x24f0 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 284.784757][ T7743] Modules linked in: [ 284.788777][ T7743] CPU: 1 PID: 7743 Comm: syz.3.460 Not tainted syzkaller #0 [ 284.796124][ T7743] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 284.806414][ T7743] RIP: 0010:u32_change+0x1c5a/0x24f0 [ 284.811850][ T7743] Code: f8 eb 59 e8 48 93 d8 f8 c6 05 51 30 c7 05 01 b9 10 00 00 00 48 c7 c7 00 6b c7 8b 4c 89 f6 48 c7 c2 80 6b c7 8b e8 a6 49 a2 f8 <0f> 0b e9 86 f0 ff ff e8 1a 93 d8 f8 eb 24 e8 13 93 d8 f8 c6 05 eb [ 284.831827][ T7743] RSP: 0018:ffffc90003486d40 EFLAGS: 00010246 [ 284.837966][ T7743] RAX: 4989f2ea39f5d200 RBX: ffff88802cc78c00 RCX: 0000000000080000 [ 284.846542][ T7743] RDX: ffffc9000d2ab000 RSI: 0000000000007328 RDI: 0000000000007329 [ 284.854635][ T7743] RBP: ffffc90003486ef8 R08: ffffc90003486947 R09: 1ffff92000690d28 [ 284.863259][ T7743] R10: dffffc0000000000 R11: fffff52000690d29 R12: ffff88802cc7b400 [ 284.871294][ T7743] R13: ffff88802cc7b4e8 R14: 0000000000000020 R15: ffff8880767abb80 [ 284.879454][ T7743] FS: 00007f81d987f6c0(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 [ 284.888509][ T7743] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 284.895174][ T7743] CR2: 0000200000006040 CR3: 000000002dc72000 CR4: 00000000003506e0 [ 284.903295][ T7743] Call Trace: [ 284.906680][ T7743] [ 284.909658][ T7743] ? tc_new_tfilter+0x8f7/0x17c0 [ 284.914680][ T7743] ? u32_get+0x370/0x370 [ 284.919290][ T7743] ? u32_get+0x370/0x370 [ 284.923588][ T7743] tc_new_tfilter+0x11f9/0x17c0 [ 284.928572][ T7743] ? tcf_proto_signal_destroying+0x240/0x240 [ 284.934640][ T7743] ? rcu_read_unlock+0x8c/0xa0 [ 284.939543][ T7743] ? tcf_proto_signal_destroying+0x240/0x240 [ 284.945602][ T7743] ? rtnetlink_rcv_msg+0x221/0xfa0 [ 284.950918][ T7743] ? tcf_proto_signal_destroying+0x240/0x240 [ 284.956967][ T7743] rtnetlink_rcv_msg+0x8b8/0xfa0 [ 284.962032][ T7743] ? lockdep_hardirqs_on+0x98/0x150 [ 284.967676][ T7743] ? rtnetlink_bind+0x80/0x80 [ 284.972631][ T7743] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 284.978679][ T7743] ? lock_chain_count+0x20/0x20 [ 284.983662][ T7743] ? __local_bh_enable_ip+0x13a/0x1c0 [ 284.989094][ T7743] ? lockdep_hardirqs_on+0x98/0x150 [ 284.994402][ T7743] ? __local_bh_enable_ip+0x13a/0x1c0 [ 284.999914][ T7743] ? _local_bh_enable+0xa0/0xa0 [ 285.004947][ T7743] ? __dev_queue_xmit+0x265/0x3660 [ 285.010132][ T7743] ? __dev_queue_xmit+0x265/0x3660 [ 285.015368][ T7743] ? __dev_queue_xmit+0x1b2c/0x3660 [ 285.020902][ T7743] ? __dev_queue_xmit+0x265/0x3660 [ 285.026208][ T7743] ? ref_tracker_free+0x690/0x840 [ 285.031306][ T7743] netlink_rcv_skb+0x241/0x4d0 [ 285.036210][ T7743] ? rtnetlink_bind+0x80/0x80 [ 285.040957][ T7743] ? netlink_ack+0x1180/0x1180 [ 285.045910][ T7743] ? __lock_acquire+0x7d40/0x7d40 [ 285.051015][ T7743] ? netlink_deliver_tap+0x2e/0x1b0 [ 285.056340][ T7743] netlink_unicast+0x751/0x8d0 [ 285.061190][ T7743] netlink_sendmsg+0x8d0/0xbf0 [ 285.066048][ T7743] ? netlink_getsockopt+0x590/0x590 [ 285.071447][ T7743] ? aa_sock_msg_perm+0x94/0x150 [ 285.076812][ T7743] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 285.082310][ T7743] ? security_socket_sendmsg+0x80/0xa0 [ 285.088077][ T7743] ? netlink_getsockopt+0x590/0x590 [ 285.093349][ T7743] ____sys_sendmsg+0x5ba/0x960 [ 285.098179][ T7743] ? __asan_memset+0x22/0x40 [ 285.102961][ T7743] ? __sys_sendmsg_sock+0x30/0x30 [ 285.108034][ T7743] ? __import_iovec+0x5f2/0x850 [ 285.113038][ T7743] ? import_iovec+0x73/0xa0 [ 285.117594][ T7743] ___sys_sendmsg+0x2a6/0x360 [ 285.122395][ T7743] ? __sys_sendmsg+0x2a0/0x2a0 [ 285.127304][ T7743] __sys_sendmmsg+0x2ca/0x510 [ 285.132145][ T7743] ? __ia32_sys_sendmsg+0x90/0x90 [ 285.137243][ T7743] ? __ia32_sys_get_robust_list+0x110/0x110 [ 285.143440][ T7743] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 285.149474][ T7743] ? lock_chain_count+0x20/0x20 [ 285.154462][ T7743] __x64_sys_sendmmsg+0xa0/0xb0 [ 285.159366][ T7743] do_syscall_64+0x55/0xa0 [ 285.163879][ T7743] ? clear_bhb_loop+0x40/0x90 [ 285.168702][ T7743] ? clear_bhb_loop+0x40/0x90 [ 285.173497][ T7743] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 285.179457][ T7743] RIP: 0033:0x7f81d899cdd9 [ 285.183999][ T7743] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 285.204235][ T7743] RSP: 002b:00007f81d987f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 285.212849][ T7743] RAX: ffffffffffffffda RBX: 00007f81d8c15fa0 RCX: 00007f81d899cdd9 [ 285.220944][ T7743] RDX: 04000000000001f2 RSI: 0000200000000000 RDI: 0000000000000004 [ 285.229040][ T7743] RBP: 00007f81d8a32d69 R08: 0000000000000000 R09: 0000000000000000 [ 285.237091][ T7743] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 285.245206][ T7743] R13: 00007f81d8c16038 R14: 00007f81d8c15fa0 R15: 00007fff111df608 [ 285.253304][ T7743] [ 285.256377][ T7743] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 285.263707][ T7743] CPU: 1 PID: 7743 Comm: syz.3.460 Not tainted syzkaller #0 [ 285.271078][ T7743] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 285.281185][ T7743] Call Trace: [ 285.284511][ T7743] [ 285.287477][ T7743] dump_stack_lvl+0x18c/0x250 [ 285.292224][ T7743] ? show_regs_print_info+0x20/0x20 [ 285.297492][ T7743] ? load_image+0x420/0x420 [ 285.302060][ T7743] panic+0x2dc/0x730 [ 285.306008][ T7743] ? bpf_jit_dump+0xd0/0xd0 [ 285.310574][ T7743] __warn+0x2e0/0x470 [ 285.314607][ T7743] ? u32_change+0x1c5a/0x24f0 [ 285.319349][ T7743] ? u32_change+0x1c5a/0x24f0 [ 285.324088][ T7743] report_bug+0x2be/0x4f0 [ 285.328486][ T7743] ? u32_change+0x1c5a/0x24f0 [ 285.333226][ T7743] ? u32_change+0x1c5a/0x24f0 [ 285.337966][ T7743] ? u32_change+0x1c5c/0x24f0 [ 285.342844][ T7743] handle_bug+0xcf/0x120 [ 285.347152][ T7743] exc_invalid_op+0x1a/0x50 [ 285.351710][ T7743] asm_exc_invalid_op+0x1a/0x20 [ 285.356624][ T7743] RIP: 0010:u32_change+0x1c5a/0x24f0 [ 285.361962][ T7743] Code: f8 eb 59 e8 48 93 d8 f8 c6 05 51 30 c7 05 01 b9 10 00 00 00 48 c7 c7 00 6b c7 8b 4c 89 f6 48 c7 c2 80 6b c7 8b e8 a6 49 a2 f8 <0f> 0b e9 86 f0 ff ff e8 1a 93 d8 f8 eb 24 e8 13 93 d8 f8 c6 05 eb [ 285.381968][ T7743] RSP: 0018:ffffc90003486d40 EFLAGS: 00010246 [ 285.388112][ T7743] RAX: 4989f2ea39f5d200 RBX: ffff88802cc78c00 RCX: 0000000000080000 [ 285.396136][ T7743] RDX: ffffc9000d2ab000 RSI: 0000000000007328 RDI: 0000000000007329 [ 285.404146][ T7743] RBP: ffffc90003486ef8 R08: ffffc90003486947 R09: 1ffff92000690d28 [ 285.412196][ T7743] R10: dffffc0000000000 R11: fffff52000690d29 R12: ffff88802cc7b400 [ 285.420210][ T7743] R13: ffff88802cc7b4e8 R14: 0000000000000020 R15: ffff8880767abb80 [ 285.428251][ T7743] ? tc_new_tfilter+0x8f7/0x17c0 [ 285.433287][ T7743] ? u32_get+0x370/0x370 [ 285.437582][ T7743] ? u32_get+0x370/0x370 [ 285.441863][ T7743] tc_new_tfilter+0x11f9/0x17c0 [ 285.446777][ T7743] ? tcf_proto_signal_destroying+0x240/0x240 [ 285.452835][ T7743] ? rcu_read_unlock+0x8c/0xa0 [ 285.457638][ T7743] ? tcf_proto_signal_destroying+0x240/0x240 [ 285.463661][ T7743] ? rtnetlink_rcv_msg+0x221/0xfa0 [ 285.468813][ T7743] ? tcf_proto_signal_destroying+0x240/0x240 [ 285.474841][ T7743] rtnetlink_rcv_msg+0x8b8/0xfa0 [ 285.479903][ T7743] ? lockdep_hardirqs_on+0x98/0x150 [ 285.485148][ T7743] ? rtnetlink_bind+0x80/0x80 [ 285.489865][ T7743] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 285.495884][ T7743] ? lock_chain_count+0x20/0x20 [ 285.500781][ T7743] ? __local_bh_enable_ip+0x13a/0x1c0 [ 285.506187][ T7743] ? lockdep_hardirqs_on+0x98/0x150 [ 285.511422][ T7743] ? __local_bh_enable_ip+0x13a/0x1c0 [ 285.516840][ T7743] ? _local_bh_enable+0xa0/0xa0 [ 285.521753][ T7743] ? __dev_queue_xmit+0x265/0x3660 [ 285.526924][ T7743] ? __dev_queue_xmit+0x265/0x3660 [ 285.532087][ T7743] ? __dev_queue_xmit+0x1b2c/0x3660 [ 285.537336][ T7743] ? __dev_queue_xmit+0x265/0x3660 [ 285.542501][ T7743] ? ref_tracker_free+0x690/0x840 [ 285.547573][ T7743] netlink_rcv_skb+0x241/0x4d0 [ 285.552397][ T7743] ? rtnetlink_bind+0x80/0x80 [ 285.557111][ T7743] ? netlink_ack+0x1180/0x1180 [ 285.562016][ T7743] ? __lock_acquire+0x7d40/0x7d40 [ 285.567085][ T7743] ? netlink_deliver_tap+0x2e/0x1b0 [ 285.572329][ T7743] netlink_unicast+0x751/0x8d0 [ 285.577168][ T7743] netlink_sendmsg+0x8d0/0xbf0 [ 285.582066][ T7743] ? netlink_getsockopt+0x590/0x590 [ 285.587829][ T7743] ? aa_sock_msg_perm+0x94/0x150 [ 285.592810][ T7743] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 285.598128][ T7743] ? security_socket_sendmsg+0x80/0xa0 [ 285.603616][ T7743] ? netlink_getsockopt+0x590/0x590 [ 285.608847][ T7743] ____sys_sendmsg+0x5ba/0x960 [ 285.613645][ T7743] ? __asan_memset+0x22/0x40 [ 285.618276][ T7743] ? __sys_sendmsg_sock+0x30/0x30 [ 285.623337][ T7743] ? __import_iovec+0x5f2/0x850 [ 285.628263][ T7743] ? import_iovec+0x73/0xa0 [ 285.632806][ T7743] ___sys_sendmsg+0x2a6/0x360 [ 285.637529][ T7743] ? __sys_sendmsg+0x2a0/0x2a0 [ 285.642364][ T7743] __sys_sendmmsg+0x2ca/0x510 [ 285.647072][ T7743] ? __ia32_sys_sendmsg+0x90/0x90 [ 285.652143][ T7743] ? __ia32_sys_get_robust_list+0x110/0x110 [ 285.658608][ T7743] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 285.664630][ T7743] ? lock_chain_count+0x20/0x20 [ 285.669524][ T7743] __x64_sys_sendmmsg+0xa0/0xb0 [ 285.674415][ T7743] do_syscall_64+0x55/0xa0 [ 285.678859][ T7743] ? clear_bhb_loop+0x40/0x90 [ 285.683561][ T7743] ? clear_bhb_loop+0x40/0x90 [ 285.688264][ T7743] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 285.694187][ T7743] RIP: 0033:0x7f81d899cdd9 [ 285.698647][ T7743] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 285.718337][ T7743] RSP: 002b:00007f81d987f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 285.726883][ T7743] RAX: ffffffffffffffda RBX: 00007f81d8c15fa0 RCX: 00007f81d899cdd9 [ 285.734896][ T7743] RDX: 04000000000001f2 RSI: 0000200000000000 RDI: 0000000000000004 [ 285.742907][ T7743] RBP: 00007f81d8a32d69 R08: 0000000000000000 R09: 0000000000000000 [ 285.750915][ T7743] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 285.759280][ T7743] R13: 00007f81d8c16038 R14: 00007f81d8c15fa0 R15: 00007fff111df608 [ 285.767311][ T7743] [ 285.770937][ T7743] Kernel Offset: disabled [ 285.775280][ T7743] Rebooting in 86400 seconds..