last executing test programs: 2m47.273280708s ago: executing program 4 (id=5): r0 = open(&(0x7f0000000180)='.\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x0, 0x1, 0x401, 0x0, 0xa9, 0x8000000000000000, 0x8, 0x7, 0x8000003}, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x0, 0x0}) pipe2$watch_queue(0x0, 0x80) openat$sysctl(0xffffffffffffff9c, 0x0, 0x1, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) shmctl$IPC_RMID(0x0, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x20, &(0x7f0000000000)=[0xffffffffffffffff], 0x1) flock(r0, 0x2) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/meminfo\x00', 0x0, 0x0) read$FUSE(r3, &(0x7f0000000180)={0x2020}, 0x2020) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000002200)={&(0x7f0000002240)=ANY=[@ANYRES16], 0xe4}, 0x1, 0x0, 0x0, 0x8001}, 0x20050840) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000040), 0xe09) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="4c0000001800dd8d000000000000000002000000000000050400000006001500050000002800168024000100010000dd"], 0x4c}}, 0x0) ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x9, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00000000170000000400", "f4bd000000801900", [0x100000000, 0x8000000000000000]}}) 2m31.115573701s ago: executing program 32 (id=5): r0 = open(&(0x7f0000000180)='.\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x0, 0x1, 0x401, 0x0, 0xa9, 0x8000000000000000, 0x8, 0x7, 0x8000003}, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x0, 0x0}) pipe2$watch_queue(0x0, 0x80) openat$sysctl(0xffffffffffffff9c, 0x0, 0x1, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) shmctl$IPC_RMID(0x0, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x20, &(0x7f0000000000)=[0xffffffffffffffff], 0x1) flock(r0, 0x2) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/meminfo\x00', 0x0, 0x0) read$FUSE(r3, &(0x7f0000000180)={0x2020}, 0x2020) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000002200)={&(0x7f0000002240)=ANY=[@ANYRES16], 0xe4}, 0x1, 0x0, 0x0, 0x8001}, 0x20050840) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000040), 0xe09) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="4c0000001800dd8d000000000000000002000000000000050400000006001500050000002800168024000100010000dd"], 0x4c}}, 0x0) ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x9, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00000000170000000400", "f4bd000000801900", [0x100000000, 0x8000000000000000]}}) 29.14303395s ago: executing program 3 (id=320): r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x109842, 0x0) mmap$dsp(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x2000009, 0x8012, r0, 0xf0000000000000) r1 = socket$kcm(0x2a, 0x2, 0x0) r2 = socket$kcm(0x2a, 0x2, 0x0) sendmsg$kcm(r2, &(0x7f0000001f80)={&(0x7f0000001d00)=@qipcrtr={0x2a, 0xffffffffffffffff, 0x3fff}, 0x80, 0x0}, 0x40000) recvmsg(r2, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x40002182) r3 = syz_io_uring_setup(0x22f, &(0x7f0000000080)={0x0, 0x5325, 0x10000, 0x0, 0x100002cf}, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x2, 0x7}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x10, &(0x7f0000001280), 0x4) r6 = getpid() sendmsg$unix(0xffffffffffffffff, &(0x7f0000000e40)={0x0, 0x0, &(0x7f0000000dc0)=[{&(0x7f0000000200)="87c01a91", 0x4}], 0x1, &(0x7f0000000e00)=[@cred={{0x1c, 0x1, 0x2, {r6}}}], 0x20, 0x40090}, 0x2000080) recvmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x2002) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r7, &(0x7f0000005580)=""/102392, 0x18ff8) syz_io_uring_submit(r4, r5, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xffffffffffffff31}) io_uring_enter(r3, 0x7a98, 0x0, 0x0, 0x0, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000340)={0xffffffffffffffff, &(0x7f0000000280), &(0x7f0000001840)=@udp6}, 0x20) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x8918, 0x0) sendmsg$kcm(r1, &(0x7f0000001540)={&(0x7f0000000040)=@qipcrtr={0x2a, 0x1, 0x4000}, 0x80, 0x0}, 0x0) 26.800575606s ago: executing program 3 (id=325): syz_usb_connect(0x0, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) madvise(&(0x7f0000000000/0x4000)=nil, 0x0, 0x12) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) prctl$PR_SET_IO_FLUSHER(0x43, 0x1) mremap(&(0x7f0000000000/0x9000)=nil, 0x600000, 0x200000, 0x3, &(0x7f0000a00000/0x600000)=nil) r2 = socket$rxrpc(0x21, 0x2, 0x2) setsockopt$RXRPC_SECURITY_KEY(r2, 0x110, 0x1, &(0x7f0000000040)='\x04]{!\x00', 0x5) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000380)=ANY=[], &(0x7f00000001c0)='GPL\x00'}, 0x94) close(0xffffffffffffffff) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x1, 0x5, 0x9fd, 0x84, 0x105}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0xffffffffffffffff, 0x0, &(0x7f00000000c0), 0x0, 0x800, r3}, 0x38) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) 20.751894188s ago: executing program 0 (id=343): sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0x40081c4}, 0x44000) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x5, &(0x7f0000000d80)=ANY=[@ANYRESOCT], &(0x7f0000000140)='GPL\x00'}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x1d, 0xc, &(0x7f0000000fc0)=ANY=[], &(0x7f0000000440)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x64, '\x00', 0x0, @lsm=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa2af}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000980)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa10000000000", @ANYRESHEX], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f00000000c0)={0x0, 0x120c000, 0x1000, 0x0, 0x7}, 0x20) sendmsg$IPVS_CMD_GET_DEST(r0, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10805}, 0x44049) r2 = accept4(r1, 0x0, 0x0, 0x800) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0) 19.960290498s ago: executing program 0 (id=345): syz_usb_connect(0x0, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) madvise(&(0x7f0000000000/0x4000)=nil, 0x0, 0x12) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) prctl$PR_SET_IO_FLUSHER(0x43, 0x1) r2 = creat(0x0, 0xecf86c37d53049cc) mremap(&(0x7f0000000000/0x9000)=nil, 0x600000, 0x200000, 0x3, &(0x7f0000a00000/0x600000)=nil) setsockopt$RXRPC_SECURITY_KEY(0xffffffffffffffff, 0x110, 0x1, &(0x7f0000000040)='\x04]{!\x00', 0x5) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000380)=ANY=[], &(0x7f00000001c0)='GPL\x00'}, 0x94) close(r2) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x1, 0x5, 0x9fd, 0x84, 0x105}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0xffffffffffffffff, 0x0, &(0x7f00000000c0), 0x0, 0x800, r3}, 0x38) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) 19.414607799s ago: executing program 3 (id=348): r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x109842, 0x0) mmap$dsp(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x2000009, 0x8012, r0, 0xf0000000000000) r1 = socket$kcm(0x2a, 0x2, 0x0) r2 = socket$kcm(0x2a, 0x2, 0x0) sendmsg$kcm(r2, &(0x7f0000001f80)={&(0x7f0000001d00)=@qipcrtr={0x2a, 0xffffffffffffffff, 0x3fff}, 0x80, 0x0}, 0x40000) recvmsg(r2, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x40002182) r3 = syz_io_uring_setup(0x22f, &(0x7f0000000080)={0x0, 0x5325, 0x10000, 0x0, 0x100002cf}, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x2, 0x7}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x10, &(0x7f0000001280), 0x4) r6 = getpid() sendmsg$unix(0xffffffffffffffff, &(0x7f0000000e40)={0x0, 0x0, &(0x7f0000000dc0)=[{&(0x7f0000000200)="87c01a91", 0x4}], 0x1, &(0x7f0000000e00)=[@cred={{0x1c, 0x1, 0x2, {r6}}}], 0x20, 0x40090}, 0x2000080) recvmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x2002) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r7, &(0x7f0000005580)=""/102392, 0x18ff8) syz_io_uring_submit(r4, r5, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xffffffffffffff31}) io_uring_enter(r3, 0x7a98, 0x0, 0x0, 0x0, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000340)={0xffffffffffffffff, &(0x7f0000000280), &(0x7f0000001840)=@udp6}, 0x20) sendmsg$kcm(r1, &(0x7f0000001540)={&(0x7f0000000040)=@qipcrtr={0x2a, 0x1, 0x4000}, 0x80, 0x0}, 0x0) 17.509423125s ago: executing program 3 (id=353): mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) r0 = io_uring_setup(0x1694, &(0x7f0000000080)) io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f00000002c0)=[{0x0}], 0x1) madvise(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x147040, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32, @ANYBLOB="00000000040000090000000000000000850000006a00"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x94) r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000040)=ANY=[], 0x48) socket$inet_sctp(0x2, 0x1, 0x84) mkdir(0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_mount_image$nilfs2(&(0x7f0000000a40), &(0x7f0000000200)='./file0\x00', 0x10, &(0x7f0000000480)=ANY=[], 0x5, 0xa5a, &(0x7f0000001b40)="$eJzs3U1sHFcBAOA3a6/z22ZTHGrS0CYU2vJTu3FM+ImAVM2FqKm4Vaq4RElaIpyASCVI1UOSEzdaVeHK76mX8qNK5IKinrhUopG49FQ4cCAKUiUO0JC48vq99e7zbmbt2J6s9/uk2bdv3tt9b3ZnZmdn5r0XgKFVaz7OzEwUIVy+8saRfz32zy0hXBlfzNFoPo62xeohhCLGR7P3+2BkIbz14asnuoVFmG4+pnh47kbrtdtCCBfC3nA1NMLuy9def3f62WMXj17a996bh66vzdIDAMBw+c7VQzO7/v7Xh3Z+9NbDh8Om1vx0fN6I8e3xuP9wPPBPx/+10Bkv2qZ2Y1m+0TjVsnwjXfK1l1PP8o32KH8se996j3ybSsofaZvXbblhkKX1uBGK2mRHvFabnFz4Tx6a/+vHismzp2dfPFdRRYFV959HQgh7Taahny42N4jq67Gu09yOqvdAAAvy64VLXMjPLNyd1ruN9lf+jadr3V8Pq2C913/lD1b5v71oj8Pq2ahrU1qutB1tj/G26whnQpf7l/Ltby5/42z7T++XX4+o91nPXtcRBuX6Qq96jqxzPVaqV/3z9WKj+kYM0+fwzSy9ffvJv9NB+Y6B7v7r/L/JNLTTkuPbO8jvlQE2tvy+ubkopef39eXpm0rSN5ekbylJ39qRa2n6tpLXwzD748s/C68Vi//z8//0yz0fns6z3RfD+5dZn/x85HLLH7tDbD3Kd4zEIPnT8edPffXkC9cW7v8vWuv/7bi+743xRtyarsYM6Xxhfl69de9/o7OcWo98D2T1ua9L/ubz8c58xfji+4S2/cySekx0vm5Hr3x7OvM1snxb4rQ5q29+fLI1e106/kj71fR5jWbLW8+WYyyrR9qv7IxhXg9YibQ+9rr/P62fE6FevHh69tRTMZ7W07+M1DfNz99fXtTvVrvuwN3pt/3PROhs/7O9Nb9ea98v7FicX7TvFxrZ/Oke8w/EePqd+97Ilub8yRM/mD252gsPQ+7c+Ve+f3x29tSPPPHEE09aT6reMwFrberlMz+cOnf+lSdPnzn+0qmXTp09cPDggenpg187MDPVPK6faj+6BzaSxR/9qmsCAAAAAAAAAAAA9OvHR49c+9s7X3l/of3/Yvu/1P4/3fmb2v//tFho615rmx+6jAOY2gHu7JLezJN1sDqW5avH6RNZfcezcnZlr/tkDFvj+MX2/6m4vF/XVJ8Hs/l5/70pX9adwJL+UsayXkfy8QI/E8NLMfx1gAoVW7rPjmFZ/9ZpXU/9UyyjX4ruBVOJ9L2lLyX1Y5Laf/fq1ynt/3euQx1ZfevRnLDqZQS6+/cQ9//dPHZZw/f/zf3VL+Pm3mmbqq6bqfppbs4oHsC9oerxP9N5zxSe/fO3N89PKduNpzv3l3n/pXA37vXxJ5W/scb/bI1/19f+7+bS0RMaKyv3f7+4/n5bsWF3v/vffPlTP9DjeQl3PhP90Xz5NxcX5fHQX/lzv8rKzy8I9elmXP70+W/ts/wly7+nrKTzb3eb+/9YfvrYnni03/IXalzUOuuRnzdO1//y88bJrWz5T650+Vc4UOPtWD4Ms0EZZ3a5+hj/t6ls/N8lVnn8317y+zC+HONpR5juc8hHOFlm/VuR9DuwK3v/ouT3zfi/g+3rMSzbHtL4v2l9bHSJ19ri9S6f7Ubd18Cg+uDevf63+ENVfV1M/X5f1dfDtIxpbm5ubU9olai0cCr//Kv+n1B1+VV//mXy8X/zY/h8/N88PR//N0/Px//N0/Px9fL0rVl6/nnm4//m6Q9m75uPDzyR/cHO0z9V8vrdJekPlaTvKUn/dEn6vpL0h0vSHylJf6Ak/dGS9M+WpH+uJP2xkvQnStI/X5K+0aX2KMO6/DDM8vZ5tn8YHql9ba/tf7wkHRhcP39r/zMv/OG7jYX2/2Ot8yHpOt7hGK/H/84/ifH8undoi8+nvRPj/8jS7/XzHTBM8v4z8t/3x0vSgcGV7vOyfcMQKrq3k+i336pex/kMli/E8Isx/FIMn4zhZAynYrg/htPrVD/WxjO/f/vQa8Xi//0dWXq/95Pn7YHyfqIO9Fmf/PzAcu/Hz/vxW667LX+FzcEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAqU2s+zsxMFCFcvvLGkeePnZ6an/OtVo5G83G0LVZvvS6Ep2I4EsNfxie3Pnz1RHt4O4ZFmA5FKFrzw3M3WiVtCyFcCHvD1dAIuy9fe/3d6WePXTx6ad97bx66vnafAAAAAGx8HwcAAP//V88c0Q==") r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r4, 0x80186e84, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x1f, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b70800000c300000638af8ff00000000b5080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa4000000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x16, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r5, 0x5, 0x0, 0x0, &(0x7f00000000c0), 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x50) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x5, 0x11, r1, 0x0) ioctl$VIDIOC_SUBDEV_DV_TIMINGS_CAP(r1, 0xc0905664, &(0x7f0000000100)={0x0, 0x0, '\x00', @bt={0x3, 0x3, 0x8000, 0x4cd4, 0xffffffff, 0x200, 0x10, 0xc}}) 14.192777613s ago: executing program 3 (id=357): r0 = getpgrp(0xffffffffffffffff) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x7, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) syz_pidfd_open(r0, 0x0) openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) r4 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) r5 = fsmount(r4, 0x0, 0x6) fchdir(r5) syz_mount_image$fuse(0x0, &(0x7f0000000140)='./file0\x00', 0x2a0000a, 0x0, 0x0, 0x0, 0x0) openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0) r6 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x40000, 0x0) mknodat(r6, &(0x7f0000000100)='./file0/file0\x00', 0x8910, 0x4) rmdir(&(0x7f0000010280)='./file0\x00') 14.188033133s ago: executing program 2 (id=358): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) r1 = socket$inet6_udp(0xa, 0x2, 0x0) io_setup(0x9, 0x0) madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x3) syz_emit_ethernet(0x0, 0x0, 0x0) r2 = socket$inet(0x2, 0x3, 0x4) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r3 = getpid() syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000840)='./bus\x00', 0x11, &(0x7f0000000100), 0x1, 0x616, &(0x7f0000000b40)="$eJzs3ctvVNUfAPDvnU7f/H4txKi4kCbGQKK0tIIhRiPsCcHHzlWlhSCFElqjIIklwY2JcePCxJUL8b9QErcs3Lpw48qQEGNYiBIZc6d32ss8Sl8zU2Y+n+Qy557L3HMu9Ntz7plz7gTQtcbSPwoReyPiUhIxkjtWjOzg2PLfu/fntdPplkSp9M4fSVz7NFnKnyvJXoezN/87EsnPhYg9PbXlLly5en56bm72crY/sXjh0sTClasHz12YPjt7dvbi1KtTR48cPnJ08tCWrm8glz5x44OPRj4/+d533zxIJr//9WQSx+JhVrf0uqrf27+lktN/s7EoLbufzy/Grji6xXPvFH+NVH5OViXVGexYZ7I4/39EPBMj0ZP73xyJz95qa+WApiolUWmjgK6TbCr+B7a/IkCLVfoBlXv7evfBtQpN7pUArXD3+PIAwHLs90ZEJf6Ly2ODMRBp7tC95JFxniQitjYytywt4/ZPJ2+kWzQYhwOaY+l6ZZS7uv1PyrE5mo2gD90rPBL/hdyW5r+9yfLHqvbFP7TO0vWIeDZr//tiQ/E/lov/9zdZvvgHAAAAAACA7XPreES8nH3+NxgRK5+/FVbm//TVmf8zHBHHtqH8x3/+V7iTJZJtKA7IuXs84vW6839X5viO9mR7/yvPB+hNzpybmz2UrRk8EL396f5k1XnzM4QPfrHn60bl5+f/pVtafmUuYHamO8Wqhbgz04vTW71uIOLu9YjnyvN/92U5j87/Sdv/pE77n8b3pXWWsefFm6caHXt8/APNUvo2Yn/d9n+1u52s/XyOiXJ/YKLSK6j1/Cdf/lCTebt3NSn+oS3S9n9o7fjvT/LP61nY2Pn7ImIwiqVGxzfb/+9L3u2pnD/18fTi4uXJiL7kRG3+1MbqDJ2qEg+VeEnj/8AL9e//a/r/uTgcjIildZb59MPh3xod0/+H9knjf2aN9v+f7DkBq+3/xhNTN0d/bFT+qXrxP1Dd/h8ut+kHshzjf5BX+zyO9QZoW6oLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAE+4QkTsiqQwvpIuFMbHI4Yj4qkYKszNLyy+dGb+w4sz6bHy9/8XKt/0O7K8n1S+/380tz9Vtf9KROyOiK96Bsv746fn52baffEAAAAAAAAAAAAAAAAAAACwQwyX1/yX+qvX/6d+72l37YCmK2av4h26T3HT7yz1b2tFgJbbfPwDT7r1x39vU+sBtF45/uuG9v0HpbKWVwloEf1/6F6bjH8fF0AH0P5Dt1rnmN5As+sBtIP2HwAAAAAAOsrufbd+SSJi6bXB8pbqy46Z7A+drdDuCgBtYw4vdK/ifPnljXbXA2g99/hAspL6u+5i/8az/5PmVAgAAAAAAAAAAAAAqLF/r/X/0K3WXv9vbj90sjXW/9cLfo8LgA7S+Ks/tP3Q6dZxj+8RYdDhHtfaW/8PAAAAAAAAAAAAADvAwNXz03Nzs5cXrjx5iTd3RjU2llia3hHV2NbEw+acuTcidsYFtjpReQRHG6ux9q8NC4EBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKB1/gsAAP//BfwsWg==") sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r4 = syz_open_procfs(0x0, &(0x7f00000003c0)='net/mcfilter6\x00') preadv(r4, &(0x7f0000000380), 0x0, 0x5b, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SET_PTRACER(0x59616d61, r3) mremap(&(0x7f0000321000/0x4000)=nil, 0x4000, 0x1000, 0x3, &(0x7f00004d3000/0x1000)=nil) setsockopt$inet_msfilter(r2, 0x0, 0x23, &(0x7f0000004b00)=ANY=[], 0x10) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000bc0)=@raw={'raw\x00', 0x3c1, 0x3, 0x380, 0x0, 0x4c, 0x1a, 0x160, 0x73, 0x2b0, 0x258, 0x258, 0x2b0, 0x258, 0x3, 0x0, {[{{@ipv6={@private0, @local, [], [], 'dvmrp1\x00', 'macvlan1\x00', {}, {}, 0x73}, 0x0, 0x118, 0x160, 0x0, {}, [@common=@inet=@l2tp={{0x30}, {0x0, 0x0, 0x3, 0x0, 0x7}}, @common=@unspec=@connlimit={{0x40}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x1, 0x0, 0x0, 0x0, 'syz0\x00'}}}, {{@uncond, 0x0, 0x120, 0x150, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@inet=@multiport={{0x50}, {0x1, 0x4, [0x4e22, 0x4e20, 0x4e24, 0x8, 0x4e21, 0x4e22, 0x4e23, 0x4e21, 0x4e21, 0x4e23, 0x4e22, 0x4e20, 0x4e23, 0x4e21, 0x4e24], [0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1], 0x1}}]}, @common=@inet=@SET2={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0, 0x0, {0x0, 0x5400}}, {0x28}}}}, 0x3e0) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) 12.914298907s ago: executing program 3 (id=359): syz_usb_connect(0x0, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) madvise(&(0x7f0000000000/0x4000)=nil, 0x0, 0x12) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) prctl$PR_SET_IO_FLUSHER(0x43, 0x1) mremap(&(0x7f0000000000/0x9000)=nil, 0x600000, 0x200000, 0x3, &(0x7f0000a00000/0x600000)=nil) r2 = socket$rxrpc(0x21, 0x2, 0x2) setsockopt$RXRPC_SECURITY_KEY(r2, 0x110, 0x1, &(0x7f0000000040)='\x04]{!\x00', 0x5) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000380)=ANY=[], &(0x7f00000001c0)='GPL\x00'}, 0x94) close(0xffffffffffffffff) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x1, 0x5, 0x9fd, 0x84, 0x105}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0xffffffffffffffff, 0x0, &(0x7f00000000c0), 0x0, 0x800, r3}, 0x38) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) 11.342471737s ago: executing program 0 (id=364): r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x109842, 0x0) mmap$dsp(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x2000009, 0x8012, r0, 0xf0000000000000) r1 = socket$kcm(0x2a, 0x2, 0x0) r2 = socket$kcm(0x2a, 0x2, 0x0) sendmsg$kcm(r2, &(0x7f0000001f80)={&(0x7f0000001d00)=@qipcrtr={0x2a, 0xffffffffffffffff, 0x3fff}, 0x80, 0x0}, 0x40000) recvmsg(r2, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x40002182) syz_io_uring_setup(0x22f, &(0x7f0000000080)={0x0, 0x5325, 0x10000, 0x0, 0x100002cf}, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x2, 0x7}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x10, &(0x7f0000001280), 0x4) r5 = getpid() sendmsg$unix(0xffffffffffffffff, &(0x7f0000000e40)={0x0, 0x0, &(0x7f0000000dc0)=[{&(0x7f0000000200)="87c01a91", 0x4}], 0x1, &(0x7f0000000e00)=[@cred={{0x1c, 0x1, 0x2, {r5}}}], 0x20, 0x40090}, 0x2000080) recvmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x2002) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r6, &(0x7f0000005580)=""/102392, 0x18ff8) syz_io_uring_submit(r3, r4, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xffffffffffffff31}) r7 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000440)=@base={0x14, 0x4, 0x8, 0x6, 0x0, 0x1}, 0x48) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000340)={r7, &(0x7f0000000280), &(0x7f0000001840)=@udp6}, 0x20) sendmsg$kcm(r1, &(0x7f0000001540)={&(0x7f0000000040)=@qipcrtr={0x2a, 0x1, 0x4000}, 0x80, 0x0}, 0x0) 10.318713748s ago: executing program 0 (id=367): r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x109842, 0x0) mmap$dsp(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x2000009, 0x8012, r0, 0xf0000000000000) r1 = socket$kcm(0x2a, 0x2, 0x0) r2 = socket$kcm(0x2a, 0x2, 0x0) sendmsg$kcm(r2, &(0x7f0000001f80)={&(0x7f0000001d00)=@qipcrtr={0x2a, 0xffffffffffffffff, 0x3fff}, 0x80, 0x0}, 0x40000) recvmsg(r2, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x40002182) r3 = syz_io_uring_setup(0x22f, &(0x7f0000000080)={0x0, 0x5325, 0x10000, 0x0, 0x100002cf}, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x2, 0x7}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x10, &(0x7f0000001280), 0x4) r6 = getpid() sendmsg$unix(0xffffffffffffffff, &(0x7f0000000e40)={0x0, 0x0, &(0x7f0000000dc0)=[{&(0x7f0000000200)="87c01a91", 0x4}], 0x1, &(0x7f0000000e00)=[@cred={{0x1c, 0x1, 0x2, {r6}}}], 0x20, 0x40090}, 0x2000080) recvmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x2002) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r7, &(0x7f0000005580)=""/102392, 0x18ff8) syz_io_uring_submit(r4, r5, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xffffffffffffff31}) io_uring_enter(r3, 0x7a98, 0x0, 0x0, 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000440)=@base={0x14, 0x4, 0x8, 0x6, 0x0, 0x1}, 0x48) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x8918, 0x0) sendmsg$kcm(r1, &(0x7f0000001540)={&(0x7f0000000040)=@qipcrtr={0x2a, 0x1, 0x4000}, 0x80, 0x0}, 0x0) 8.139660012s ago: executing program 5 (id=370): r0 = socket(0x2, 0x80805, 0x0) r1 = socket$igmp(0x2, 0x3, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x1, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e) r5 = socket$alg(0x26, 0x5, 0x0) close_range(r5, r5, 0x6) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f0000000440)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x50, 0x2, 0x3, 0x401, 0x0, 0x0, {0x2, 0x0, 0xa}, [@NFQA_CFG_CMD={0x8, 0x1, {0x3, 0x0, 0x9}}, @NFQA_CFG_PARAMS={0x9, 0x2, {0x1b, 0x1}}, @NFQA_CFG_QUEUE_MAXLEN={0x8, 0x3, 0x1, 0x0, 0xa}, @NFQA_CFG_CMD={0x8, 0x1, {0x3, 0x0, 0x1a}}, @NFQA_CFG_MASK={0x8, 0x4, 0x1, 0x0, 0x21}, @NFQA_CFG_QUEUE_MAXLEN={0x8, 0x3, 0x1, 0x0, 0x4}, @NFQA_CFG_QUEUE_MAXLEN={0x8, 0x3, 0x1, 0x0, 0x4}]}, 0x50}, 0x1, 0x0, 0x0, 0x24040000}, 0x8e0a9dab0346ad5f) prctl$PR_SET_THP_DISABLE(0x29, 0x1) r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) write(r6, &(0x7f0000000000), 0x0) setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, &(0x7f0000000040)={0x84, @rand_addr=0x640100ff, 0x4e20, 0x3, 'lblc\x00', 0x1, 0xa7e, 0x6c}, 0x2c) setsockopt$IP_VS_SO_SET_ADDDEST(r0, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010102, 0x4e21, 0x3, 'lc\x00', 0x0, 0x8, 0x77}, {@remote, 0x4e20, 0x1, 0xcd}}, 0x44) r7 = socket$kcm(0xa, 0x2, 0x0) sendmsg$sock(r7, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e20, 0x0, @dev}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0) 8.075945799s ago: executing program 2 (id=371): r0 = socket$kcm(0x2a, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000001f80)={0x0, 0x0, 0x0}, 0x40000) recvmsg(r0, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x40002182) ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x8918, 0x0) 8.073636028s ago: executing program 0 (id=372): socket$kcm(0x10, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) ioctl$SNDRV_TIMER_IOCTL_START(0xffffffffffffffff, 0x54a0) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000000680)=""/102400, 0x19000) bind$bt_hci(0xffffffffffffffff, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) r1 = openat$ptp0(0xffffffffffffff9c, &(0x7f00000003c0), 0x40001, 0x0) dup(r1) syz_emit_ethernet(0x4e, &(0x7f0000000f80)=ANY=[], 0x0) r2 = syz_open_dev$dri(0x0, 0x1ff, 0x0) ioctl$DRM_IOCTL_GET_MAGIC(r2, 0x80046402, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r2, 0xc01864c6, &(0x7f00000003c0)={0x0, 0x0, 0x80800, 0x0, 0xffffffffffffffff}) dup3(r3, r2, 0x80000) socket$inet6_tcp(0xa, 0x1, 0x0) 7.018222054s ago: executing program 5 (id=374): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$kcm(0x10, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, &(0x7f0000000100)={{0x1, 0x0, 0x0, 0x3}}) ioctl$SNDRV_TIMER_IOCTL_START(0xffffffffffffffff, 0x54a0) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000000680)=""/102400, 0x19000) bind$bt_hci(r0, 0x0, 0x0) r2 = openat$ptp0(0xffffffffffffff9c, &(0x7f00000003c0), 0x40001, 0x0) dup(r2) r3 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000380), 0xffffffffffffffff) sendmsg$NLBL_MGMT_C_REMOVE(0xffffffffffffffff, 0x0, 0x10) sendmsg$NLBL_MGMT_C_ADDDEF(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x24, r3, 0x8, 0x70bd28, 0x25dfdbfc, {}, [@NLBL_MGMT_A_DOMAIN={0x5, 0x1, '\x00'}, @NLBL_MGMT_A_CV4DOI={0x8, 0x4, 0x3}]}, 0x24}, 0x1, 0x0, 0x0, 0x20040884}, 0x0) syz_emit_ethernet(0x4e, &(0x7f0000000f80)=ANY=[@ANYBLOB], 0x0) r4 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) ioctl$DRM_IOCTL_GET_MAGIC(r4, 0x80046402, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r4, 0xc01864c6, &(0x7f00000003c0)={0x0, 0x0, 0x80800, 0x0, 0xffffffffffffffff}) dup3(r5, r4, 0x80000) socket$inet6_tcp(0xa, 0x1, 0x0) 6.914042374s ago: executing program 2 (id=375): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) r4 = socket$kcm(0x29, 0x2, 0x0) syz_open_dev$sg(0x0, 0x0, 0x8002) write$sndseq(0xffffffffffffffff, &(0x7f00000002c0)=[{0xff, 0x0, 0x0, 0x6, @time={0x9, 0x7}, {}, {}, @time=@time={0x5, 0x3}}], 0x1c) ioctl$sock_kcm_SIOCKCMCLONE(r4, 0x89e2, 0x0) close(r4) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="60000000020601046c0001000000000000000000050005000a000000050001000600000005000400000000000900020073797a300000000014000300686173683a6970"], 0x60}}, 0x0) mprotect(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1) sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) ioctl$COMEDI_DEVCONFIG(0xffffffffffffffff, 0x40946400, 0x0) 6.357813929s ago: executing program 0 (id=376): syz_usb_connect(0x0, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) madvise(&(0x7f0000000000/0x4000)=nil, 0x0, 0x12) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) prctl$PR_SET_IO_FLUSHER(0x43, 0x1) r2 = creat(0x0, 0xecf86c37d53049cc) r3 = socket$rxrpc(0x21, 0x2, 0x2) setsockopt$RXRPC_SECURITY_KEY(r3, 0x110, 0x1, &(0x7f0000000040)='\x04]{!\x00', 0x5) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000380)=ANY=[], &(0x7f00000001c0)='GPL\x00'}, 0x94) close(r2) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x1, 0x5, 0x9fd, 0x84, 0x105}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0xffffffffffffffff, 0x0, &(0x7f00000000c0), 0x0, 0x800, r4}, 0x38) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) 5.89904869s ago: executing program 1 (id=377): r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x109842, 0x0) mmap$dsp(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x2000009, 0x8012, r0, 0xf0000000000000) r1 = socket$kcm(0x2a, 0x2, 0x0) r2 = socket$kcm(0x2a, 0x2, 0x0) sendmsg$kcm(r2, &(0x7f0000001f80)={&(0x7f0000001d00)=@qipcrtr={0x2a, 0xffffffffffffffff, 0x3fff}, 0x80, 0x0}, 0x40000) recvmsg(r2, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x40002182) r3 = syz_io_uring_setup(0x22f, &(0x7f0000000080)={0x0, 0x5325, 0x10000, 0x0, 0x100002cf}, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x2, 0x7}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x10, &(0x7f0000001280), 0x4) r6 = getpid() sendmsg$unix(0xffffffffffffffff, &(0x7f0000000e40)={0x0, 0x0, &(0x7f0000000dc0)=[{&(0x7f0000000200)="87c01a91", 0x4}], 0x1, &(0x7f0000000e00)=[@cred={{0x1c, 0x1, 0x2, {r6}}}], 0x20, 0x40090}, 0x2000080) recvmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x2002) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r7, &(0x7f0000005580)=""/102392, 0x18ff8) syz_io_uring_submit(r4, r5, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xffffffffffffff31}) io_uring_enter(r3, 0x7a98, 0x0, 0x0, 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000440)=@base={0x14, 0x4, 0x8, 0x6, 0x0, 0x1}, 0x48) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x8918, 0x0) sendmsg$kcm(r1, &(0x7f0000001540)={&(0x7f0000000040)=@qipcrtr={0x2a, 0x1, 0x4000}, 0x80, 0x0}, 0x0) 5.854716333s ago: executing program 5 (id=378): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) r4 = socket$kcm(0x29, 0x2, 0x0) syz_open_dev$sg(0x0, 0x0, 0x8002) write$sndseq(0xffffffffffffffff, &(0x7f00000002c0), 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r4, 0x89e2, 0x0) close(r4) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="60000000020601046c0001000000000000000000050005000a000000050001000600000005000400000000000900020073797a300000000014000300686173683a6970"], 0x60}}, 0x0) mprotect(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1) sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) ioctl$COMEDI_DEVCONFIG(0xffffffffffffffff, 0x40946400, 0x0) 5.008433438s ago: executing program 2 (id=379): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socket$kcm(0x10, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, &(0x7f0000000100)={{0x1, 0x0, 0x0, 0x3}}) ioctl$SNDRV_TIMER_IOCTL_START(0xffffffffffffffff, 0x54a0) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000000680)=""/102400, 0x19000) bind$bt_hci(r0, 0x0, 0x0) r2 = openat$ptp0(0xffffffffffffff9c, &(0x7f00000003c0), 0x40001, 0x0) dup(r2) r3 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000380), 0xffffffffffffffff) sendmsg$NLBL_MGMT_C_REMOVE(0xffffffffffffffff, 0x0, 0x10) sendmsg$NLBL_MGMT_C_ADDDEF(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x24, r3, 0x8, 0x70bd28, 0x25dfdbfc, {}, [@NLBL_MGMT_A_DOMAIN={0x5, 0x1, '\x00'}, @NLBL_MGMT_A_CV4DOI={0x8, 0x4, 0x3}]}, 0x24}, 0x1, 0x0, 0x0, 0x20040884}, 0x0) syz_emit_ethernet(0x4e, &(0x7f0000000f80)=ANY=[@ANYBLOB], 0x0) r4 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) ioctl$DRM_IOCTL_GET_MAGIC(r4, 0x80046402, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r4, 0xc01864c6, &(0x7f00000003c0)={0x0, 0x0, 0x80800, 0x0, 0xffffffffffffffff}) dup3(r5, r4, 0x80000) socket$inet6_tcp(0xa, 0x1, 0x0) 4.742196762s ago: executing program 1 (id=380): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x5c, 0x30, 0x1, 0x0, 0x0, {}, [{0x48, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9c, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x4}, 0x50) write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, &(0x7f0000000300)={0x3, 0x40, 0xfa00, {{0xa, 0x4e28, 0x711, @loopback, 0x206}, {0xa, 0x4e21, 0x0, @empty, 0x8}, 0xffffffffffffffff, 0x8}}, 0x48) write$RDMA_USER_CM_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000380)={0x6, 0x118, 0xfa00, {{0xfffffffd, 0xffff, "4ca4625e00b5aa95a443d782d859cb2df816a3bc9bd3bf1d11d8b4a7ba9fc6dfb72a8a253215874b349abc806123fd11b1d23eb79cf0385a4cd7b494621f0b26b593bbccdfdf13dbc79be9e9f18b5fb46b9d5a74d7a6dd151c0f37b9e89825f2f99217fb0091568ce14c98b5b462555908260a0e7c7c33fc1ba12df6d0d8fc11847c4b29bd4752fa53802767e26e11475a905215a4d1cfb8a8cc88d605e68145d97c3c2836b7935b66b3583d6633efe51a9cb5426092d85d47a8ca52fe5b7c2083596186c5b4e98f1052759d2233c3fb1e62e4333f0898f89b770b6abe57c92ba6f0e1c64a714686c6f22f7c8f6f79ee56c56d09e95001654229a197d0462e6f", 0x2, 0x4, 0x5, 0x3, 0xfe, 0x0, 0x0, 0x1}}}, 0x120) bpf$PROG_LOAD(0x5, &(0x7f00000039c0)={0x7, 0xc, &(0x7f0000000000)=@framed={{}, [@ringbuf_output={{0x18, 0x5, 0x1, 0x0, r3}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1d790000}, {0x3, 0x3, 0x3, 0xa, 0x5}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x43}}]}, &(0x7f0000003a80)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) r4 = socket$alg(0x26, 0x5, 0x0) r5 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0xbcb5, 0x3f00, 0x5, 0x1000}, &(0x7f0000000340)=0x0, &(0x7f0000000300)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r6, r7, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x40, 0x3, r4, 0x0}) io_uring_enter(r5, 0x3516, 0x3e44, 0x8, 0x0, 0x0) 4.473398395s ago: executing program 5 (id=381): sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0x40081c4}, 0x44000) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x5, &(0x7f0000000d80)=ANY=[@ANYRESOCT], &(0x7f0000000140)='GPL\x00'}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x1d, 0xc, &(0x7f0000000fc0)=ANY=[], &(0x7f0000000440)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x64, '\x00', 0x0, @lsm=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa2af}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000980)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa10000000000", @ANYRESHEX], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f00000000c0)={0x0, 0x120c000, 0x1000, 0x0, 0x7}, 0x20) sendmsg$IPVS_CMD_GET_DEST(r0, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10805}, 0x44049) r2 = accept4(r1, 0x0, 0x0, 0x800) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB, @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0) 3.403178456s ago: executing program 1 (id=382): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000c40), r0) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f0000000d40)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)={0x34, r1, 0x1, 0x0, 0x0, {0x6, 0x0, 0x900}, [@NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @empty}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1=0xe0000002}, @NLBL_UNLABEL_A_SECCTX={0xf, 0x7, 'unconfined\x00'}]}, 0x34}, 0x2, 0x34005, 0x0, 0x24080040}, 0x24040000) socket$inet6_sctp(0xa, 0x1, 0x84) syz_mount_image$squashfs(&(0x7f0000000040), &(0x7f0000000240)='./bus\x00', 0x880, &(0x7f00000000c0)=ANY=[], 0x1, 0x1cf, &(0x7f0000000780)="$eJzKKC4sZmdgYPj7sSaZQYABDBgZeBguMDAysDAwMKgzQsQYmCDUeij/BZSeCZW2gfKbofRCKF1xS3vdmlN+Z0566motk2VmaPXUlkcWk0vtMXKTXMwjwcwQmnpkUXFlVXZiTk5qUfFChopbyUkVp08wsFy3v6bSLMHp8EeewyFJ00GH6YiPR9aMxhLOSVKaYmxsmQpnz3yQX8emcYTh0QrmjXWeeY11halT89LykqqyqrLmTZy4cWZjZ2Pjyol1UWl+qxhbUlw2NXUyMjlsURPYzGyoPslGe8K79lUPkxxYezz8mk8ZK71OZb5kvLBI6tSKqpkTvijNZjT8znCHp2yFhIaGk8QVCYsGE4YjdbYNriAnpjQwpCmEMSapsYm1bTkzJ4SZn81tgUJL8gmm0KMcS2dKWBwQqjr501LzrUOi24xtTx3YzvAcPs6zpqBP0Oi4BIPTQsH/MiBjEhoayjTWMi21XfClSOOvhNdqY6cMBnd7pmWwAGVpAJEroTxZsJ6E5BUeOpqaRinJCQ2bJBKS3AoMlRm27uFcLdDAgBRtKgwMDNsZYXELAddgjFEwCkbBKBgFo2AUjIJRMApGwSgYBSMCAAIAAP//QJCYyw==") openat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x8) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x8081) setuid(0xee00) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socket$phonet_pipe(0x23, 0x5, 0x2) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x20000000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0x0, 0x9, 0x0, 0xf, 0x80000002}, 0x0, 0x0) close_range(r2, 0xffffffffffffffff, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e21, 0x3ff, @loopback={0x12, 0xa8aaaafffeaaaa1e}, 0x8000}, 0x1c) r4 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000001c0), r0) sendmsg$NLBL_UNLABEL_C_STATICREMOVE(r0, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000300)={&(0x7f0000000280)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="000429bd7000ffdbdf250400000008000414621414aa14000600736974300000000000000000000000004d7c8e274d084fe9ffa138323762f4"], 0x30}, 0x1, 0x0, 0x0, 0x20004000}, 0x8080) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) 3.345735054s ago: executing program 2 (id=383): r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x109842, 0x0) mmap$dsp(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x2000009, 0x8012, r0, 0xf0000000000000) r1 = socket$kcm(0x2a, 0x2, 0x0) r2 = socket$kcm(0x2a, 0x2, 0x0) sendmsg$kcm(r2, &(0x7f0000001f80)={&(0x7f0000001d00)=@qipcrtr={0x2a, 0xffffffffffffffff, 0x3fff}, 0x80, 0x0}, 0x40000) recvmsg(r2, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x40002182) r3 = syz_io_uring_setup(0x22f, &(0x7f0000000080)={0x0, 0x5325, 0x10000, 0x0, 0x100002cf}, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x2, 0x7}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x10, &(0x7f0000001280), 0x4) r6 = getpid() sendmsg$unix(0xffffffffffffffff, &(0x7f0000000e40)={0x0, 0x0, &(0x7f0000000dc0)=[{&(0x7f0000000200)="87c01a91", 0x4}], 0x1, &(0x7f0000000e00)=[@cred={{0x1c, 0x1, 0x2, {r6}}}], 0x20, 0x40090}, 0x2000080) recvmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x2002) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r7, &(0x7f0000005580)=""/102392, 0x18ff8) syz_io_uring_submit(r4, r5, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xffffffffffffff31}) io_uring_enter(r3, 0x7a98, 0x0, 0x0, 0x0, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000340)={0xffffffffffffffff, &(0x7f0000000280), &(0x7f0000001840)=@udp6}, 0x20) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x8918, 0x0) sendmsg$kcm(r1, &(0x7f0000001540)={&(0x7f0000000040)=@qipcrtr={0x2a, 0x1, 0x4000}, 0x80, 0x0}, 0x0) 3.285367559s ago: executing program 5 (id=384): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x10b200, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2) ioctl$KVM_SET_ONE_REG(r3, 0x4048aecb, &(0x7f00000002c0)=@arm64_ccsidr={0x602000000011000b, 0x0}) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) r5 = syz_open_dev$vim2m(&(0x7f0000000080), 0x3fe, 0x2) ioctl$vim2m_VIDIOC_STREAMOFF(r5, 0x40045612, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r6, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, 0x0) openat$audio1(0xffffffffffffff9c, 0x0, 0x0, 0x0) renameat2(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x0) syz_open_dev$swradio(&(0x7f0000000000), 0x1, 0x2) syz_init_net_socket$ax25(0x3, 0x5, 0xcb) sendmsg$NFNL_MSG_CTHELPER_NEW(r4, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x10) sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x2}}, [], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x28}, 0x1, 0x0, 0x0, 0x8890}, 0x24000000) socket$nl_route(0x10, 0x3, 0x0) syz_kvm_setup_syzos_vm$x86(r2, &(0x7f0000c00000/0x400000)=nil) 1.919973818s ago: executing program 1 (id=385): r0 = socket$kcm(0x2a, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000001f80)={&(0x7f0000001d00)=@qipcrtr={0x2a, 0xffffffffffffffff, 0x3fff}, 0x80, 0x0}, 0x40000) recvmsg(r0, 0x0, 0x40002182) ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x8918, 0x0) 1.917894635s ago: executing program 2 (id=386): socket$kcm(0x10, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) ioctl$SNDRV_TIMER_IOCTL_START(0xffffffffffffffff, 0x54a0) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000000680)=""/102400, 0x19000) bind$bt_hci(0xffffffffffffffff, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) r1 = openat$ptp0(0xffffffffffffff9c, &(0x7f00000003c0), 0x40001, 0x0) dup(r1) syz_emit_ethernet(0x4e, &(0x7f0000000f80)=ANY=[], 0x0) r2 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) ioctl$DRM_IOCTL_GET_MAGIC(r2, 0x80046402, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r2, 0xc01864c6, 0x0) dup3(0xffffffffffffffff, r2, 0x80000) socket$inet6_tcp(0xa, 0x1, 0x0) 1.750698975s ago: executing program 1 (id=387): socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x800001000087}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r1 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) socket$nl_route(0x10, 0x3, 0x0) r3 = socket$can_raw(0x1d, 0x3, 0x1) setsockopt$CAN_RAW_FILTER(r3, 0x65, 0x1, &(0x7f0000000140)=[{{0x0, 0x0, 0x1}, {0x0, 0x0, 0x1, 0x1}}], 0x8) setsockopt$CAN_RAW_FILTER(r3, 0x65, 0x1, 0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="14000000150001030ec00000fcdbdf2505"], 0x14}}, 0x0) socket$inet_udp(0x2, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r5 = getpid() process_vm_readv(r5, &(0x7f0000008400)=[{0x0}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, 0x0, 0x0, 0x0) 1.700414667s ago: executing program 5 (id=388): socket$nl_generic(0x10, 0x3, 0x10) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) ptrace$ARCH_ENABLE_TAGGED_ADDR(0x1e, r0, 0x3, 0x4002) r3 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x70, 0x103301) ioctl$USBDEVFS_IOCTL(r3, 0xc0105512, &(0x7f0000000200)) ioctl$USBDEVFS_IOCTL(r3, 0xc0105512, &(0x7f0000000040)=@usbdevfs_connect) r4 = syz_genetlink_get_family_id$ieee802154(0x0, 0xffffffffffffffff) select(0x40, &(0x7f0000000080)={0x0, 0x0, 0xfffffffffffffff2}, &(0x7f00000000c0)={0x4}, 0x0, &(0x7f0000000100)={0x7fffffffffffffff}) sendmsg$IEEE802154_ADD_IFACE(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x14, r4, 0xa5456c2fe1cd7aeb, 0x70bd2b, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x4000010}, 0x40882) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000f00)={{r5}, &(0x7f0000000d80), 0x0}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 0s ago: executing program 1 (id=389): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) r4 = socket$kcm(0x29, 0x2, 0x0) syz_open_dev$sg(0x0, 0x0, 0x8002) write$sndseq(0xffffffffffffffff, &(0x7f00000002c0)=[{0xff, 0x0, 0x0, 0x6, @time={0x9, 0x7}, {}, {}, @time=@time={0x5, 0x3}}], 0x1c) ioctl$sock_kcm_SIOCKCMCLONE(r4, 0x89e2, 0x0) close(r4) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="60000000020601046c0001000000000000000000050005000a000000050001000600000005000400000000000900020073797a300000000014000300686173683a6970"], 0x60}}, 0x0) mprotect(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1) sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) ioctl$COMEDI_DEVCONFIG(0xffffffffffffffff, 0x40946400, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.201' (ED25519) to the list of known hosts. [ 63.997321][ T5824] cgroup: Unknown subsys name 'net' [ 64.130931][ T5824] cgroup: Unknown subsys name 'cpuset' [ 64.139287][ T5824] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 65.457233][ T5824] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 67.746643][ T5843] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 67.756729][ T5844] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 67.767933][ T5845] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 67.776363][ T5845] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 67.786870][ T5849] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 67.787070][ T5845] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 67.798101][ T5849] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 67.802173][ T5845] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 67.811245][ T5849] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 67.818460][ T5845] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 67.825734][ T5849] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 67.840122][ T5851] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 67.851110][ T5162] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 67.851605][ T5845] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 67.864435][ T5849] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 67.867942][ T5845] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 67.873005][ T5849] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 67.879544][ T5845] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 67.904206][ T5845] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 67.912011][ T5845] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 67.946681][ T5845] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 67.959210][ T5845] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 67.968593][ T5845] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 67.977055][ T5845] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 67.988328][ T5845] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 68.551968][ T5837] chnl_net:caif_netlink_parms(): no params data found [ 68.651166][ T5839] chnl_net:caif_netlink_parms(): no params data found [ 68.744788][ T5838] chnl_net:caif_netlink_parms(): no params data found [ 68.788304][ T5842] chnl_net:caif_netlink_parms(): no params data found [ 68.814988][ T5854] chnl_net:caif_netlink_parms(): no params data found [ 68.889850][ T5837] bridge0: port 1(bridge_slave_0) entered blocking state [ 68.897753][ T5837] bridge0: port 1(bridge_slave_0) entered disabled state [ 68.905075][ T5837] bridge_slave_0: entered allmulticast mode [ 68.913325][ T5837] bridge_slave_0: entered promiscuous mode [ 68.960222][ T5837] bridge0: port 2(bridge_slave_1) entered blocking state [ 68.967666][ T5837] bridge0: port 2(bridge_slave_1) entered disabled state [ 68.974893][ T5837] bridge_slave_1: entered allmulticast mode [ 68.982444][ T5837] bridge_slave_1: entered promiscuous mode [ 69.048229][ T5839] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.055515][ T5839] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.062816][ T5839] bridge_slave_0: entered allmulticast mode [ 69.070107][ T5839] bridge_slave_0: entered promiscuous mode [ 69.121194][ T5839] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.128459][ T5839] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.135664][ T5839] bridge_slave_1: entered allmulticast mode [ 69.143276][ T5839] bridge_slave_1: entered promiscuous mode [ 69.154367][ T5837] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 69.205799][ T5837] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 69.239734][ T5838] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.247021][ T5838] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.254434][ T5838] bridge_slave_0: entered allmulticast mode [ 69.261856][ T5838] bridge_slave_0: entered promiscuous mode [ 69.269580][ T5842] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.276822][ T5842] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.284242][ T5842] bridge_slave_0: entered allmulticast mode [ 69.291612][ T5842] bridge_slave_0: entered promiscuous mode [ 69.333816][ T5838] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.342365][ T5838] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.350119][ T5838] bridge_slave_1: entered allmulticast mode [ 69.357350][ T5838] bridge_slave_1: entered promiscuous mode [ 69.364751][ T5842] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.372136][ T5842] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.379956][ T5842] bridge_slave_1: entered allmulticast mode [ 69.387235][ T5842] bridge_slave_1: entered promiscuous mode [ 69.398096][ T5839] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 69.410148][ T5837] team0: Port device team_slave_0 added [ 69.416018][ T5854] bridge0: port 1(bridge_slave_0) entered blocking state [ 69.423433][ T5854] bridge0: port 1(bridge_slave_0) entered disabled state [ 69.431037][ T5854] bridge_slave_0: entered allmulticast mode [ 69.438658][ T5854] bridge_slave_0: entered promiscuous mode [ 69.469698][ T5839] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 69.481590][ T5837] team0: Port device team_slave_1 added [ 69.487627][ T5854] bridge0: port 2(bridge_slave_1) entered blocking state [ 69.494880][ T5854] bridge0: port 2(bridge_slave_1) entered disabled state [ 69.502431][ T5854] bridge_slave_1: entered allmulticast mode [ 69.509808][ T5854] bridge_slave_1: entered promiscuous mode [ 69.576611][ T5838] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 69.589983][ T5842] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 69.635522][ T5838] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 69.648322][ T5842] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 69.660406][ T5839] team0: Port device team_slave_0 added [ 69.668204][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 69.675148][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 69.701208][ T5837] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 69.717376][ T5854] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 69.748340][ T5839] team0: Port device team_slave_1 added [ 69.755368][ T5837] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 69.762496][ T5837] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 69.789731][ T5837] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 69.804490][ T5854] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 69.865882][ T5838] team0: Port device team_slave_0 added [ 69.872179][ T5845] Bluetooth: hci0: command tx timeout [ 69.880911][ T5842] team0: Port device team_slave_0 added [ 69.911936][ T5838] team0: Port device team_slave_1 added [ 69.920707][ T5842] team0: Port device team_slave_1 added [ 69.928166][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 69.935117][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 69.948371][ T5845] Bluetooth: hci1: command tx timeout [ 69.961467][ T5839] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 69.967450][ T5843] Bluetooth: hci3: command tx timeout [ 69.977709][ T5844] Bluetooth: hci2: command tx timeout [ 69.988729][ T5839] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 69.995728][ T5839] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 70.021650][ T5839] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 70.032265][ T5844] Bluetooth: hci4: command tx timeout [ 70.041503][ T5854] team0: Port device team_slave_0 added [ 70.086198][ T5854] team0: Port device team_slave_1 added [ 70.115523][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 70.122726][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 70.148733][ T5842] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 70.162407][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 70.169506][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 70.195577][ T5842] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 70.227103][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 70.235151][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 70.261210][ T5838] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 70.274500][ T5838] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 70.281560][ T5838] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 70.307576][ T5838] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 70.331993][ T5837] hsr_slave_0: entered promiscuous mode [ 70.338797][ T5837] hsr_slave_1: entered promiscuous mode [ 70.387313][ T5854] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 70.394562][ T5854] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 70.420667][ T5854] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 70.466423][ T5854] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 70.473526][ T5854] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 70.499694][ T5854] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 70.516900][ T5839] hsr_slave_0: entered promiscuous mode [ 70.523681][ T5839] hsr_slave_1: entered promiscuous mode [ 70.530373][ T5839] debugfs: 'hsr0' already exists in 'hsr' [ 70.536169][ T5839] Cannot create hsr debugfs directory [ 70.570576][ T5838] hsr_slave_0: entered promiscuous mode [ 70.577933][ T5838] hsr_slave_1: entered promiscuous mode [ 70.584312][ T5838] debugfs: 'hsr0' already exists in 'hsr' [ 70.590504][ T5838] Cannot create hsr debugfs directory [ 70.618274][ T5842] hsr_slave_0: entered promiscuous mode [ 70.624952][ T5842] hsr_slave_1: entered promiscuous mode [ 70.631644][ T5842] debugfs: 'hsr0' already exists in 'hsr' [ 70.637854][ T5842] Cannot create hsr debugfs directory [ 70.791208][ T5854] hsr_slave_0: entered promiscuous mode [ 70.798328][ T5854] hsr_slave_1: entered promiscuous mode [ 70.804697][ T5854] debugfs: 'hsr0' already exists in 'hsr' [ 70.810479][ T5854] Cannot create hsr debugfs directory [ 71.298246][ T5837] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 71.313408][ T5837] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 71.324220][ T5837] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 71.346104][ T5837] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 71.417113][ T5839] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 71.429655][ T5839] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 71.443768][ T5839] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 71.474996][ T1314] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.482766][ T1314] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.494028][ T5839] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 71.578107][ T5842] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 71.589927][ T5842] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 71.613903][ T5842] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 71.626369][ T5842] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 71.749795][ T5854] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 71.774842][ T5854] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 71.785650][ T5854] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 71.814061][ T5854] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 71.844629][ T5837] 8021q: adding VLAN 0 to HW filter on device bond0 [ 71.942336][ T5838] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 71.949196][ T5844] Bluetooth: hci0: command tx timeout [ 71.961218][ T5838] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 71.973941][ T5838] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 71.984990][ T5838] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 72.006883][ T5837] 8021q: adding VLAN 0 to HW filter on device team0 [ 72.028006][ T5844] Bluetooth: hci2: command tx timeout [ 72.028395][ T5845] Bluetooth: hci1: command tx timeout [ 72.039398][ T5843] Bluetooth: hci3: command tx timeout [ 72.066029][ T5839] 8021q: adding VLAN 0 to HW filter on device bond0 [ 72.077719][ T63] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.085537][ T63] bridge0: port 1(bridge_slave_0) entered forwarding state [ 72.108717][ T5845] Bluetooth: hci4: command tx timeout [ 72.130441][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.137640][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 72.206353][ T5842] 8021q: adding VLAN 0 to HW filter on device bond0 [ 72.218525][ T5839] 8021q: adding VLAN 0 to HW filter on device team0 [ 72.246231][ T63] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.253424][ T63] bridge0: port 1(bridge_slave_0) entered forwarding state [ 72.321138][ T63] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.328391][ T63] bridge0: port 2(bridge_slave_1) entered forwarding state [ 72.342538][ T5842] 8021q: adding VLAN 0 to HW filter on device team0 [ 72.377296][ T63] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.384487][ T63] bridge0: port 1(bridge_slave_0) entered forwarding state [ 72.412577][ T63] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.419799][ T63] bridge0: port 2(bridge_slave_1) entered forwarding state [ 72.463774][ T5854] 8021q: adding VLAN 0 to HW filter on device bond0 [ 72.571891][ T5854] 8021q: adding VLAN 0 to HW filter on device team0 [ 72.633042][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.640278][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 72.659321][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.666528][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 72.702337][ T5838] 8021q: adding VLAN 0 to HW filter on device bond0 [ 72.815377][ T5838] 8021q: adding VLAN 0 to HW filter on device team0 [ 72.831378][ T5837] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 72.880274][ T3486] bridge0: port 1(bridge_slave_0) entered blocking state [ 72.888058][ T3486] bridge0: port 1(bridge_slave_0) entered forwarding state [ 72.940976][ T33] bridge0: port 2(bridge_slave_1) entered blocking state [ 72.948190][ T33] bridge0: port 2(bridge_slave_1) entered forwarding state [ 73.129957][ T5842] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 73.167250][ T5839] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 73.199761][ T5837] veth0_vlan: entered promiscuous mode [ 73.266036][ T5837] veth1_vlan: entered promiscuous mode [ 73.341014][ T5854] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 73.431906][ T5839] veth0_vlan: entered promiscuous mode [ 73.451699][ T5842] veth0_vlan: entered promiscuous mode [ 73.486968][ T5842] veth1_vlan: entered promiscuous mode [ 73.502446][ T5838] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 73.511721][ T5839] veth1_vlan: entered promiscuous mode [ 73.525954][ T5837] veth0_macvtap: entered promiscuous mode [ 73.559555][ T5837] veth1_macvtap: entered promiscuous mode [ 73.664884][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 73.695854][ T5837] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 73.719885][ T5854] veth0_vlan: entered promiscuous mode [ 73.746511][ T5842] veth0_macvtap: entered promiscuous mode [ 73.764879][ T13] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.783644][ T5839] veth0_macvtap: entered promiscuous mode [ 73.794711][ T13] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.806513][ T5842] veth1_macvtap: entered promiscuous mode [ 73.830817][ T13] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.840881][ T13] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 73.855237][ T5854] veth1_vlan: entered promiscuous mode [ 73.871878][ T5839] veth1_macvtap: entered promiscuous mode [ 73.938587][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 73.963876][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 73.978189][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 73.999261][ T5839] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 74.029450][ T5845] Bluetooth: hci0: command tx timeout [ 74.042513][ T1162] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.051398][ T1162] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.086931][ T1162] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.108501][ T5845] Bluetooth: hci1: command tx timeout [ 74.112419][ T5843] Bluetooth: hci3: command tx timeout [ 74.119810][ T5845] Bluetooth: hci2: command tx timeout [ 74.131395][ T1162] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.141587][ T1162] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.155812][ T3486] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.169814][ T1162] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.179619][ T3486] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.182384][ T1162] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.199752][ T5845] Bluetooth: hci4: command tx timeout [ 74.222525][ T1162] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.272642][ T5854] veth0_macvtap: entered promiscuous mode [ 74.295198][ T5838] veth0_vlan: entered promiscuous mode [ 74.323959][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.324689][ T5854] veth1_macvtap: entered promiscuous mode [ 74.335759][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.374369][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.389993][ T5854] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 74.400695][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.413258][ T5838] veth1_vlan: entered promiscuous mode [ 74.456698][ T5837] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 74.493638][ T48] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.496579][ T5854] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 74.503456][ T48] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.631557][ T33] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.643168][ T33] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.675613][ T33] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.719128][ T48] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.736239][ T48] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.751632][ T48] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 74.775043][ T3486] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 74.790628][ T3486] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 74.793474][ T5838] veth0_macvtap: entered promiscuous mode [ 75.397223][ T5838] veth1_macvtap: entered promiscuous mode [ 76.109701][ T5845] Bluetooth: hci0: command tx timeout [ 76.187571][ T5845] Bluetooth: hci2: command tx timeout [ 76.193079][ T5845] Bluetooth: hci1: command tx timeout [ 76.199236][ T5845] Bluetooth: hci3: command tx timeout [ 76.353636][ T5843] Bluetooth: hci4: command tx timeout [ 76.366297][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 76.461294][ T5965] faux_driver vgem: [drm] Unknown color mode 9; guessing buffer size. [ 76.685353][ T5967] Zero length message leads to an empty skb [ 76.910094][ T48] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.924348][ T48] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.927031][ T5838] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 77.429945][ T63] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.474748][ T63] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 77.725814][ T5979] loop0: detected capacity change from 0 to 4096 [ 77.738595][ T5979] ntfs3: Unknown parameter 'noh(SZ[a?iddn' [ 77.840415][ T48] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.254416][ T48] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.398622][ T1007] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 78.409523][ T1007] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 78.496502][ T5986] process 'syz.3.8' launched './file0' with NULL argv: empty string added [ 79.234241][ T63] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.257349][ T63] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.319887][ T63] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.448500][ T63] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 82.308051][ T6013] warning: `syz.2.15' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 82.801781][ T6020] netlink: 4 bytes leftover after parsing attributes in process `syz.0.14'. [ 82.955743][ T6021] overlayfs: failed to resolve './bus': -2 [ 83.425888][ T6027] loop1: detected capacity change from 0 to 32768 [ 83.435960][ T6027] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.16 (6027) [ 83.455795][ T6027] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 83.466198][ T6027] BTRFS info (device loop1): using sha256 checksum algorithm [ 83.899565][ T6046] netlink: 8 bytes leftover after parsing attributes in process `syz.3.17'. [ 84.479689][ T6046] loop3: detected capacity change from 0 to 32768 [ 84.823968][ T6027] BTRFS info (device loop1): rebuilding free space tree [ 85.004237][ T6027] BTRFS info (device loop1): disabling free space tree [ 85.011386][ T6027] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 85.021777][ T6027] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 85.037157][ T6046] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 85.042512][ T6027] BTRFS info (device loop1): setting nodatasum [ 85.053303][ T6027] BTRFS info (device loop1): setting nodatacow [ 85.059549][ T6027] BTRFS info (device loop1): turning off barriers [ 85.065989][ T6027] BTRFS info (device loop1): turning on sync discard [ 85.073047][ T6027] BTRFS info (device loop1): force clearing of disk cache [ 85.160716][ T6046] XFS (loop3): Ending clean mount [ 85.483033][ T5837] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 85.648008][ T6062] BTRFS info (device loop1): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 86.855404][ T10] cfg80211: failed to load regulatory.db [ 86.990998][ T5842] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 87.160567][ T6069] loop3: detected capacity change from 0 to 512 [ 87.316691][ T6069] ======================================================= [ 87.316691][ T6069] WARNING: The mand mount option has been deprecated and [ 87.316691][ T6069] and is ignored by this kernel. Remove the mand [ 87.316691][ T6069] option from the mount to silence this warning. [ 87.316691][ T6069] ======================================================= [ 87.394788][ T6074] loop0: detected capacity change from 0 to 2048 [ 87.479494][ T6074] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 87.760225][ T6076] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 88.086147][ T6073] loop8: detected capacity change from 0 to 7 [ 88.404073][ T6069] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 88.611946][ T6069] EXT4-fs (loop3): blocks per group (95) and clusters per group (32768) inconsistent [ 89.406629][ T29] audit: type=1800 audit(1773867190.749:2): pid=6074 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.32" name="file0" dev="tmpfs" ino=40 res=0 errno=0 [ 89.897678][ T0] NOHZ tick-stop error: local softirq work is pending, handler #c2!!! [ 89.982063][ T6073] Dev loop8: unable to read RDB block 7 [ 90.007883][ T6073] loop8: AHDI p1 p2 [ 90.585270][ T6073] loop8: partition table partially beyond EOD, truncated [ 90.641648][ T6073] loop8: p1 start 1702000233 is beyond EOD, truncated [ 90.880313][ T6088] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 91.675379][ T5901] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 92.732540][ T5901] usb 2-1: device descriptor read/64, error -71 [ 94.318294][ T6106] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 95.017842][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 95.804475][ T6115] loop1: detected capacity change from 0 to 1024 [ 96.615592][ T6120] overlayfs: failed to resolve './file1': -2 [ 98.045599][ T48] hfsplus: b-tree write err: -5, ino 25 [ 98.126243][ T48] hfsplus: b-tree write err: -5, ino 4 [ 98.199596][ T48] hfsplus: b-tree write err: -5, ino 2 [ 99.727831][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 100.115494][ T5845] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 100.128583][ T5845] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 100.142467][ T5845] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 100.150459][ T5845] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 100.158485][ T5845] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 103.091866][ T5845] Bluetooth: hci5: command tx timeout [ 104.426700][ T6133] chnl_net:caif_netlink_parms(): no params data found [ 104.531277][ T6155] loop3: detected capacity change from 0 to 1024 [ 104.633246][ T6155] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 105.166083][ T5845] Bluetooth: hci5: command tx timeout [ 106.167151][ T6133] bridge0: port 1(bridge_slave_0) entered blocking state [ 106.222832][ T6133] bridge0: port 1(bridge_slave_0) entered disabled state [ 106.244053][ T6133] bridge_slave_0: entered allmulticast mode [ 106.295197][ T6133] bridge_slave_0: entered promiscuous mode [ 106.427784][ T6133] bridge0: port 2(bridge_slave_1) entered blocking state [ 106.445422][ T6133] bridge0: port 2(bridge_slave_1) entered disabled state [ 106.463074][ T6133] bridge_slave_1: entered allmulticast mode [ 106.988539][ T6133] bridge_slave_1: entered promiscuous mode [ 107.199461][ T5837] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 107.227599][ T5845] Bluetooth: hci5: command tx timeout [ 107.327697][ T6179] loop1: detected capacity change from 0 to 512 [ 107.365080][ T6133] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 107.379215][ T6133] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 107.654485][ T6181] loop2: detected capacity change from 0 to 40427 [ 107.699535][ T6184] loop0: detected capacity change from 0 to 512 [ 107.706635][ T6184] EXT4-fs: Ignoring removed nomblk_io_submit option [ 107.713645][ T6184] EXT4-fs: Conflicting test_dummy_encryption options [ 107.758472][ T6181] F2FS-fs (loop2): invalid crc value [ 107.861760][ T6179] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 107.865320][ T6181] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 1 [ 107.885666][ T6181] F2FS-fs (loop2): Start checkpoint disabled! [ 107.901685][ T6181] F2FS-fs (loop2): f2fs_disable_checkpoint() finish, err:0 [ 107.905934][ T6133] team0: Port device team_slave_0 added [ 107.916454][ T6181] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 107.921686][ T6179] ext4 filesystem being mounted at /12/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 108.156869][ T6191] loop3: detected capacity change from 0 to 32768 [ 108.161685][ T6133] team0: Port device team_slave_1 added [ 108.170015][ T6191] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.46 (6191) [ 108.306930][ T6191] BTRFS info (device loop3): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 108.318376][ T6191] BTRFS info (device loop3): using crc32c checksum algorithm [ 108.326414][ T6191] BTRFS warning (device loop3): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 109.210441][ T29] audit: type=1800 audit(1773867210.629:3): pid=6203 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.44" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 109.252228][ T6133] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 109.318042][ T6212] binder: 6198:6212 ioctl c0306201 0 returned -14 [ 109.414371][ T5845] Bluetooth: hci5: command tx timeout [ 109.727988][ T5842] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 109.747363][ T6133] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 109.777450][ T6191] BTRFS info (device loop3): rebuilding free space tree [ 109.789015][ T6133] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 109.790778][ T3486] kworker/u8:8: attempt to access beyond end of device [ 109.790778][ T3486] loop2: rw=2049, sector=40960, nr_sectors = 24 limit=40427 [ 109.802985][ T6133] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 109.837689][ T6191] BTRFS info (device loop3): disabling free space tree [ 109.844710][ T6191] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 109.854601][ T6191] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 109.856872][ T3486] CPU: 0 UID: 0 PID: 3486 Comm: kworker/u8:8 Tainted: G L syzkaller #0 PREEMPT(full) [ 109.856899][ T3486] Tainted: [L]=SOFTLOCKUP [ 109.856905][ T3486] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 109.856915][ T3486] Workqueue: writeback wb_workfn (flush-7:2) [ 109.856950][ T3486] Call Trace: [ 109.856961][ T3486] [ 109.856968][ T3486] dump_stack_lvl+0xe8/0x150 [ 109.856998][ T3486] f2fs_handle_critical_error+0x37c/0x540 [ 109.857027][ T3486] f2fs_write_end_io+0x1274/0x1740 [ 109.857064][ T3486] __submit_merged_bio+0x256/0x700 [ 109.857092][ T3486] f2fs_submit_merged_write+0x284/0x390 [ 109.857118][ T3486] ? __pfx_f2fs_submit_merged_write+0x10/0x10 [ 109.857154][ T3486] f2fs_sync_node_pages+0x14bf/0x1680 [ 109.857192][ T3486] ? __pfx_f2fs_sync_node_pages+0x10/0x10 [ 109.857212][ T3486] ? __percpu_counter_sum+0x1c2/0x1e0 [ 109.857270][ T3486] ? blk_start_plug+0x51/0x1b0 [ 109.857291][ T3486] f2fs_write_node_pages+0x312/0x700 [ 109.857316][ T3486] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 109.857345][ T3486] ? unwind_next_frame+0xa5/0x23c0 [ 109.857360][ T3486] ? unwind_next_frame+0x1aaf/0x23c0 [ 109.857377][ T3486] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 109.857397][ T3486] do_writepages+0x32e/0x550 [ 109.857423][ T3486] ? reacquire_held_locks+0x104/0x190 [ 109.857440][ T3486] ? writeback_sb_inodes+0x477/0x1a20 [ 109.857465][ T3486] __writeback_single_inode+0x133/0x11a0 [ 109.857486][ T3486] ? do_raw_spin_unlock+0xf5/0x210 [ 109.857510][ T3486] writeback_sb_inodes+0x992/0x1a20 [ 109.857560][ T3486] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 109.857576][ T3486] ? do_raw_spin_lock+0x12b/0x2f0 [ 109.857642][ T3486] ? rcu_is_watching+0x15/0xb0 [ 109.857669][ T3486] wb_writeback+0x456/0xb70 [ 109.857691][ T3486] ? queue_io+0x1d1/0x4a0 [ 109.857718][ T3486] ? __pfx_wb_writeback+0x10/0x10 [ 109.857735][ T3486] ? do_raw_spin_lock+0x12b/0x2f0 [ 109.857770][ T3486] wb_workfn+0x414/0xf50 [ 109.857790][ T3486] ? look_up_lock_class+0x57/0x110 [ 109.857823][ T3486] ? __pfx_wb_workfn+0x10/0x10 [ 109.857843][ T3486] ? do_raw_spin_lock+0x12b/0x2f0 [ 109.857865][ T3486] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 109.857906][ T3486] ? process_one_work+0x8bb/0x1780 [ 109.857927][ T3486] process_one_work+0x9ab/0x1780 [ 109.857972][ T3486] ? __pfx_process_one_work+0x10/0x10 [ 109.857991][ T3486] ? do_raw_spin_lock+0x12b/0x2f0 [ 109.858027][ T3486] worker_thread+0xba8/0x11e0 [ 109.858069][ T3486] kthread+0x388/0x470 [ 109.858088][ T3486] ? __pfx_worker_thread+0x10/0x10 [ 109.858101][ T3486] ? __pfx_kthread+0x10/0x10 [ 109.858121][ T3486] ret_from_fork+0x51e/0xb90 [ 109.858146][ T3486] ? __pfx_ret_from_fork+0x10/0x10 [ 109.858165][ T3486] ? __switch_to+0xc7d/0x1450 [ 109.858188][ T3486] ? __pfx_kthread+0x10/0x10 [ 109.858208][ T3486] ret_from_fork_asm+0x1a/0x30 [ 109.858241][ T3486] [ 109.860859][ T3486] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 109.877002][ T6191] BTRFS info (device loop3): enabling ssd optimizations [ 109.877027][ T6191] BTRFS info (device loop3): turning on async discard [ 109.877042][ T6191] BTRFS info (device loop3): enabling disk space caching [ 109.877056][ T6191] BTRFS info (device loop3): force clearing of disk cache [ 109.877072][ T6191] BTRFS info (device loop3): use zstd compression, level 3 [ 109.899111][ T6133] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 110.223624][ T3486] CPU: 0 UID: 0 PID: 3486 Comm: kworker/u8:8 Tainted: G L syzkaller #0 PREEMPT(full) [ 110.223650][ T3486] Tainted: [L]=SOFTLOCKUP [ 110.223655][ T3486] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 110.223664][ T3486] Workqueue: writeback wb_workfn (flush-7:2) [ 110.223691][ T3486] Call Trace: [ 110.223697][ T3486] [ 110.223703][ T3486] dump_stack_lvl+0xe8/0x150 [ 110.223727][ T3486] f2fs_handle_critical_error+0x37c/0x540 [ 110.223753][ T3486] f2fs_write_end_io+0x1274/0x1740 [ 110.223787][ T3486] __submit_merged_bio+0x256/0x700 [ 110.223813][ T3486] f2fs_submit_merged_write+0x284/0x390 [ 110.223836][ T3486] ? __pfx_f2fs_submit_merged_write+0x10/0x10 [ 110.223869][ T3486] f2fs_sync_node_pages+0x14bf/0x1680 [ 110.223905][ T3486] ? __pfx_f2fs_sync_node_pages+0x10/0x10 [ 110.223922][ T3486] ? __percpu_counter_sum+0x1c2/0x1e0 [ 110.223978][ T3486] ? blk_start_plug+0x51/0x1b0 [ 110.223999][ T3486] f2fs_write_node_pages+0x312/0x700 [ 110.224023][ T3486] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 110.224047][ T3486] ? unwind_next_frame+0xa5/0x23c0 [ 110.224061][ T3486] ? unwind_next_frame+0x1aaf/0x23c0 [ 110.224078][ T3486] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 110.224107][ T3486] do_writepages+0x32e/0x550 [ 110.224133][ T3486] ? reacquire_held_locks+0x104/0x190 [ 110.224150][ T3486] ? writeback_sb_inodes+0x477/0x1a20 [ 110.224175][ T3486] __writeback_single_inode+0x133/0x11a0 [ 110.224197][ T3486] ? do_raw_spin_unlock+0xf5/0x210 [ 110.224219][ T3486] writeback_sb_inodes+0x992/0x1a20 [ 110.224267][ T3486] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 110.224286][ T3486] ? do_raw_spin_lock+0x12b/0x2f0 [ 110.224343][ T3486] ? rcu_is_watching+0x15/0xb0 [ 110.224370][ T3486] wb_writeback+0x456/0xb70 [ 110.224393][ T3486] ? queue_io+0x1d1/0x4a0 [ 110.224421][ T3486] ? __pfx_wb_writeback+0x10/0x10 [ 110.224438][ T3486] ? do_raw_spin_lock+0x12b/0x2f0 [ 110.224474][ T3486] wb_workfn+0x414/0xf50 [ 110.224493][ T3486] ? look_up_lock_class+0x57/0x110 [ 110.224525][ T3486] ? __pfx_wb_workfn+0x10/0x10 [ 110.224546][ T3486] ? do_raw_spin_lock+0x12b/0x2f0 [ 110.224568][ T3486] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 110.224605][ T3486] ? process_one_work+0x8bb/0x1780 [ 110.224625][ T3486] process_one_work+0x9ab/0x1780 [ 110.224667][ T3486] ? __pfx_process_one_work+0x10/0x10 [ 110.224685][ T3486] ? do_raw_spin_lock+0x12b/0x2f0 [ 110.224722][ T3486] worker_thread+0xba8/0x11e0 [ 110.224764][ T3486] kthread+0x388/0x470 [ 110.224784][ T3486] ? __pfx_worker_thread+0x10/0x10 [ 110.224797][ T3486] ? __pfx_kthread+0x10/0x10 [ 110.224817][ T3486] ret_from_fork+0x51e/0xb90 [ 110.224843][ T3486] ? __pfx_ret_from_fork+0x10/0x10 [ 110.224864][ T3486] ? __switch_to+0xc7d/0x1450 [ 110.224888][ T3486] ? __pfx_kthread+0x10/0x10 [ 110.224909][ T3486] ret_from_fork_asm+0x1a/0x30 [ 110.224944][ T3486] [ 110.501788][ T3486] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 110.512938][ T3486] CPU: 0 UID: 0 PID: 3486 Comm: kworker/u8:8 Tainted: G L syzkaller #0 PREEMPT(full) [ 110.512965][ T3486] Tainted: [L]=SOFTLOCKUP [ 110.512970][ T3486] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 110.512980][ T3486] Workqueue: writeback wb_workfn (flush-7:2) [ 110.513010][ T3486] Call Trace: [ 110.513017][ T3486] [ 110.513024][ T3486] dump_stack_lvl+0xe8/0x150 [ 110.513049][ T3486] f2fs_handle_critical_error+0x37c/0x540 [ 110.513076][ T3486] f2fs_write_end_io+0x1274/0x1740 [ 110.513110][ T3486] __submit_merged_bio+0x256/0x700 [ 110.513138][ T3486] f2fs_submit_merged_write+0x284/0x390 [ 110.513163][ T3486] ? __pfx_f2fs_submit_merged_write+0x10/0x10 [ 110.513197][ T3486] f2fs_sync_node_pages+0x14bf/0x1680 [ 110.513235][ T3486] ? __pfx_f2fs_sync_node_pages+0x10/0x10 [ 110.513255][ T3486] ? __percpu_counter_sum+0x1c2/0x1e0 [ 110.513308][ T3486] ? blk_start_plug+0x51/0x1b0 [ 110.513330][ T3486] f2fs_write_node_pages+0x312/0x700 [ 110.513355][ T3486] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 110.513383][ T3486] ? unwind_next_frame+0xa5/0x23c0 [ 110.513397][ T3486] ? unwind_next_frame+0x1aaf/0x23c0 [ 110.513414][ T3486] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 110.513434][ T3486] do_writepages+0x32e/0x550 [ 110.513458][ T3486] ? reacquire_held_locks+0x104/0x190 [ 110.513475][ T3486] ? writeback_sb_inodes+0x477/0x1a20 [ 110.513498][ T3486] __writeback_single_inode+0x133/0x11a0 [ 110.513517][ T3486] ? do_raw_spin_unlock+0xf5/0x210 [ 110.513536][ T3486] writeback_sb_inodes+0x992/0x1a20 [ 110.513579][ T3486] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 110.513594][ T3486] ? do_raw_spin_lock+0x12b/0x2f0 [ 110.513644][ T3486] ? rcu_is_watching+0x15/0xb0 [ 110.513669][ T3486] wb_writeback+0x456/0xb70 [ 110.513699][ T3486] ? queue_io+0x1d1/0x4a0 [ 110.513727][ T3486] ? __pfx_wb_writeback+0x10/0x10 [ 110.513743][ T3486] ? do_raw_spin_lock+0x12b/0x2f0 [ 110.513775][ T3486] wb_workfn+0x414/0xf50 [ 110.513793][ T3486] ? look_up_lock_class+0x57/0x110 [ 110.513822][ T3486] ? __pfx_wb_workfn+0x10/0x10 [ 110.513841][ T3486] ? do_raw_spin_lock+0x12b/0x2f0 [ 110.513861][ T3486] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 110.513895][ T3486] ? process_one_work+0x8bb/0x1780 [ 110.513915][ T3486] process_one_work+0x9ab/0x1780 [ 110.513953][ T3486] ? __pfx_process_one_work+0x10/0x10 [ 110.513972][ T3486] ? do_raw_spin_lock+0x12b/0x2f0 [ 110.514006][ T3486] worker_thread+0xba8/0x11e0 [ 110.514044][ T3486] kthread+0x388/0x470 [ 110.514063][ T3486] ? __pfx_worker_thread+0x10/0x10 [ 110.514076][ T3486] ? __pfx_kthread+0x10/0x10 [ 110.514094][ T3486] ret_from_fork+0x51e/0xb90 [ 110.514119][ T3486] ? __pfx_ret_from_fork+0x10/0x10 [ 110.514138][ T3486] ? __switch_to+0xc7d/0x1450 [ 110.514162][ T3486] ? __pfx_kthread+0x10/0x10 [ 110.514181][ T3486] ret_from_fork_asm+0x1a/0x30 [ 110.514211][ T3486] [ 110.514983][ T3486] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 110.520684][ T6133] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 110.966974][ T6222] loop1: detected capacity change from 0 to 1024 [ 111.644627][ T29] audit: type=1804 audit(1773867212.799:4): pid=6227 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.46" name="/newroot/9/file1/bus" dev="loop3" ino=263 res=1 errno=0 [ 111.918442][ T5837] BTRFS info (device loop3): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 113.531735][ T6133] hsr_slave_0: entered promiscuous mode [ 113.918874][ T6133] hsr_slave_1: entered promiscuous mode [ 113.931188][ T6133] debugfs: 'hsr0' already exists in 'hsr' [ 113.966027][ T6133] Cannot create hsr debugfs directory [ 114.970285][ T6260] openvswitch: netlink: IP tunnel dst address not specified [ 115.917255][ T6271] Bluetooth: MGMT ver 1.23 [ 117.751954][ T6284] loop3: detected capacity change from 0 to 32768 [ 117.767936][ T6284] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.63 (6284) [ 117.801410][ T6284] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 117.811545][ T6284] BTRFS info (device loop3): using sha256 checksum algorithm [ 117.906213][ T6284] BTRFS info (device loop3): enabling ssd optimizations [ 117.913284][ T6284] BTRFS info (device loop3): turning on async discard [ 117.920118][ T6284] BTRFS info (device loop3): enabling free space tree [ 118.471769][ T6133] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 118.489890][ T6133] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 119.068085][ T6133] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 119.077034][ T5837] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 119.130799][ T6133] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 121.043858][ T6133] 8021q: adding VLAN 0 to HW filter on device bond0 [ 121.622845][ T6024] IPVS: starting estimator thread 0... [ 121.651147][ T6133] 8021q: adding VLAN 0 to HW filter on device team0 [ 121.795655][ T6047] bridge0: port 1(bridge_slave_0) entered blocking state [ 121.802879][ T6047] bridge0: port 1(bridge_slave_0) entered forwarding state [ 122.190469][ T6334] IPVS: using max 29 ests per chain, 69600 per kthread [ 122.348362][ T6047] bridge0: port 2(bridge_slave_1) entered blocking state [ 122.355579][ T6047] bridge0: port 2(bridge_slave_1) entered forwarding state [ 122.513196][ T6340] loop0: detected capacity change from 0 to 256 [ 122.530843][ T6340] vfat: Unknown parameter 'nonumtHil' [ 123.291403][ T6348] netlink: 840 bytes leftover after parsing attributes in process `syz.0.72'. [ 123.957492][ T9] usb 3-1: new full-speed USB device number 2 using dummy_hcd [ 124.128101][ T9] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0xD has invalid maxpacket 1023, setting to 64 [ 124.152117][ T9] usb 3-1: New USB device found, idVendor=1430, idProduct=474b, bcdDevice= 0.40 [ 124.164541][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 124.195037][ T9] usb 3-1: Product: syz [ 124.215730][ T9] usb 3-1: Manufacturer: syz [ 124.250710][ T9] usb 3-1: SerialNumber: syz [ 124.337216][ T6133] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 124.381988][ T6343] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 126.520170][ T9] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 126.545994][ T9] usb 3-1: MIDIStreaming interface descriptor not found [ 126.676054][ T6372] netlink: 20 bytes leftover after parsing attributes in process `syz.2.78'. [ 126.686792][ T6372] netlink: 20 bytes leftover after parsing attributes in process `syz.2.78'. [ 127.725225][ T6386] netlink: 12 bytes leftover after parsing attributes in process `syz.2.80'. [ 128.070504][ T6394] vhci_hcd vhci_hcd.0: pdev(3) rhport(1) sockfd(15) [ 128.077317][ T6394] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 128.117151][ T9] usb 3-1: USB disconnect, device number 2 [ 128.189715][ T6398] loop1: detected capacity change from 0 to 512 [ 128.575124][ T6398] EXT4-fs: test_dummy_encryption requires encrypt feature [ 128.654826][ T6388] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(12) [ 128.661493][ T6388] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 128.672740][ T6399] vhci_hcd vhci_hcd.0: pdev(3) rhport(2) sockfd(18) [ 128.679373][ T6399] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 128.708909][ T6388] vhci_hcd vhci_hcd.0: Device attached [ 128.784480][ T6394] vhci_hcd vhci_hcd.0: Device attached [ 128.900606][ T6403] vhci_hcd vhci_hcd.0: pdev(3) rhport(3) sockfd(21) [ 128.907251][ T6403] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 128.921636][ T5853] udevd[5853]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 128.939167][ T6399] vhci_hcd vhci_hcd.0: Device attached [ 128.951485][ T24] usb 39-2: new low-speed USB device number 2 using vhci_hcd [ 129.031549][ T6403] vhci_hcd vhci_hcd.0: Device attached [ 129.487763][ T6133] veth0_vlan: entered promiscuous mode [ 129.501835][ T6388] vhci_hcd vhci_hcd.0: pdev(3) rhport(4) sockfd(14) [ 129.508449][ T6388] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 129.540641][ T6133] veth1_vlan: entered promiscuous mode [ 129.553340][ T6399] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 129.577817][ T6394] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(23) [ 129.584454][ T6394] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 129.665490][ T6388] vhci_hcd vhci_hcd.0: Device attached [ 129.767504][ T6394] vhci_hcd vhci_hcd.0: Device attached [ 129.852170][ T6394] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 129.864093][ T6133] veth0_macvtap: entered promiscuous mode [ 130.026960][ T6133] veth1_macvtap: entered promiscuous mode [ 130.051396][ T6399] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 130.274896][ T6430] netlink: 8 bytes leftover after parsing attributes in process `syz.1.86'. [ 130.283712][ T6430] netlink: 12 bytes leftover after parsing attributes in process `syz.1.86'. [ 130.292818][ T6430] netlink: 'syz.1.86': attribute type 20 has an invalid length. [ 130.690623][ T6404] vhci_hcd: connection closed [ 130.693143][ T6401] vhci_hcd: connection closed [ 130.702350][ T6413] vhci_hcd: connection closed [ 130.727482][ T6418] vhci_hcd: connection closed [ 130.773718][ T6396] vhci_hcd: connection reset by peer [ 130.793474][ T6395] vhci_hcd: connection closed [ 130.794181][ T5968] vhci_hcd vhci_hcd.3: stop threads [ 130.832288][ T6133] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 130.832583][ T5968] vhci_hcd vhci_hcd.3: release socket [ 130.876242][ T5968] vhci_hcd vhci_hcd.3: disconnect device [ 130.912192][ T5968] vhci_hcd vhci_hcd.3: stop threads [ 131.284650][ T6133] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 131.424666][ T5968] vhci_hcd vhci_hcd.3: release socket [ 131.441974][ T13] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 131.454261][ T13] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 131.980556][ T5968] vhci_hcd vhci_hcd.3: disconnect device [ 132.005031][ T5968] vhci_hcd vhci_hcd.3: stop threads [ 132.019015][ T13] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 132.033937][ T5968] vhci_hcd vhci_hcd.3: release socket [ 132.034042][ T13] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 132.072169][ T5968] vhci_hcd vhci_hcd.3: disconnect device [ 132.114501][ T5968] vhci_hcd vhci_hcd.3: stop threads [ 132.212912][ T5968] vhci_hcd vhci_hcd.3: release socket [ 132.254200][ T5968] vhci_hcd vhci_hcd.3: disconnect device [ 132.661232][ T5968] vhci_hcd vhci_hcd.3: stop threads [ 132.680196][ T5968] vhci_hcd vhci_hcd.3: release socket [ 132.857341][ T5968] vhci_hcd vhci_hcd.3: disconnect device [ 133.401041][ T1314] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.409734][ T1314] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.507728][ T80] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 133.531567][ T5968] vhci_hcd vhci_hcd.3: stop threads [ 133.536950][ T5968] vhci_hcd vhci_hcd.3: release socket [ 133.547598][ T5968] vhci_hcd vhci_hcd.3: disconnect device [ 133.588768][ T80] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 133.668865][ T80] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 133.686976][ T80] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 133.954057][ T6452] loop2: detected capacity change from 0 to 1024 [ 134.109240][ T24] vhci_hcd vhci_hcd.3: vhci_device speed not set [ 136.361084][ T6469] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 137.039522][ T9] usb usb40-port1: attempt power cycle [ 138.340142][ T9] usb usb40-port1: unable to enumerate USB device [ 138.972580][ T6493] comedi comedi1: dmm32at: I/O port conflict (0x3,16) [ 139.931163][ T6496] loop8: detected capacity change from 0 to 7 [ 140.213519][ T6496] Dev loop8: unable to read RDB block 7 [ 140.390974][ T6496] loop8: AHDI p1 p2 [ 140.451491][ T6496] loop8: partition table partially beyond EOD, truncated [ 140.552980][ T6496] loop8: p1 start 1702000233 is beyond EOD, truncated [ 147.135257][ T6564] loop2: detected capacity change from 0 to 128 [ 147.252278][ T6566] comedi comedi1: dmm32at: I/O port conflict (0x3,16) [ 147.389259][ T6567] loop8: detected capacity change from 0 to 7 [ 147.838089][ T6567] Dev loop8: unable to read RDB block 7 [ 147.858580][ T6567] loop8: AHDI p1 p2 [ 148.526932][ T6567] loop8: partition table partially beyond EOD, truncated [ 148.568332][ T6567] loop8: p1 start 1702000233 is beyond EOD, truncated [ 148.755412][ T6577] No control pipe specified [ 148.760165][ T5845] Bluetooth: hci4: command 0x0406 tx timeout [ 155.111595][ T6632] netlink: 20 bytes leftover after parsing attributes in process `syz.1.137'. [ 155.265920][ T6635] netlink: 20 bytes leftover after parsing attributes in process `syz.3.141'. [ 155.276270][ T6635] netlink: 20 bytes leftover after parsing attributes in process `syz.3.141'. [ 155.466114][ T6632] netlink: 20 bytes leftover after parsing attributes in process `syz.1.137'. [ 158.317941][ T6648] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 159.838358][ T6325] IPVS: starting estimator thread 0... [ 159.937549][ T6654] IPVS: using max 57 ests per chain, 136800 per kthread [ 163.927712][ T6679] comedi comedi1: dmm32at: I/O port conflict (0x3,16) [ 164.944682][ T6687] loop8: detected capacity change from 0 to 7 [ 165.076229][ T6687] Dev loop8: unable to read RDB block 7 [ 165.082070][ T6687] loop8: AHDI p1 p2 [ 165.086099][ T6687] loop8: partition table partially beyond EOD, truncated [ 165.094810][ T6687] loop8: p1 start 1702000233 is beyond EOD, truncated [ 165.564962][ T6699] netlink: 20 bytes leftover after parsing attributes in process `syz.2.158'. [ 165.576583][ T6699] netlink: 20 bytes leftover after parsing attributes in process `syz.2.158'. [ 166.148394][ T6709] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 166.170069][ T5191] IPVS: starting estimator thread 0... [ 166.288516][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 166.528568][ T6710] IPVS: using max 31 ests per chain, 74400 per kthread [ 167.456974][ T6719] netlink: 20 bytes leftover after parsing attributes in process `syz.5.161'. [ 167.467830][ T6719] netlink: 20 bytes leftover after parsing attributes in process `syz.5.161'. [ 169.325557][ T6744] netlink: 1688 bytes leftover after parsing attributes in process `syz.5.174'. [ 169.801220][ T6752] netlink: 20 bytes leftover after parsing attributes in process `syz.5.176'. [ 169.811964][ T6752] netlink: 20 bytes leftover after parsing attributes in process `syz.5.176'. [ 170.003147][ T6756] comedi comedi1: dmm32at: I/O port conflict (0x3,16) [ 170.127469][ T6757] loop8: detected capacity change from 0 to 7 [ 170.516147][ T6757] Dev loop8: unable to read RDB block 7 [ 170.537998][ T6757] loop8: AHDI p1 p2 [ 170.553590][ T6757] loop8: partition table partially beyond EOD, truncated [ 170.806093][ T6757] loop8: p1 start 1702000233 is beyond EOD, truncated [ 172.430385][ T6778] netlink: 20 bytes leftover after parsing attributes in process `syz.5.180'. [ 172.444397][ T6778] netlink: 20 bytes leftover after parsing attributes in process `syz.5.180'. [ 177.282082][ T6805] netlink: 20 bytes leftover after parsing attributes in process `syz.5.190'. [ 177.292222][ T6805] netlink: 20 bytes leftover after parsing attributes in process `syz.5.190'. [ 177.818463][ T6811] netlink: 1688 bytes leftover after parsing attributes in process `syz.2.187'. [ 178.157982][ T6820] comedi comedi1: dmm32at: I/O port conflict (0x3,16) [ 178.562307][ T6825] loop8: detected capacity change from 0 to 7 [ 178.600883][ T6825] Dev loop8: unable to read RDB block 7 [ 178.607278][ T6825] loop8: AHDI p1 p2 [ 179.018548][ T6825] loop8: partition table partially beyond EOD, truncated [ 179.040518][ T6825] loop8: p1 start 1702000233 is beyond EOD, truncated [ 180.246935][ T6838] netlink: 20 bytes leftover after parsing attributes in process `syz.1.197'. [ 180.257529][ T6838] netlink: 20 bytes leftover after parsing attributes in process `syz.1.197'. [ 182.276370][ T6851] netlink: 1688 bytes leftover after parsing attributes in process `syz.1.205'. [ 182.641243][ T6857] netlink: 20 bytes leftover after parsing attributes in process `syz.1.206'. [ 182.651530][ T6857] netlink: 20 bytes leftover after parsing attributes in process `syz.1.206'. [ 183.113075][ T808] IPVS: starting estimator thread 0... [ 183.163169][ T6835] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 183.215732][ T6861] IPVS: using max 29 ests per chain, 69600 per kthread [ 183.887123][ T6868] comedi comedi1: dmm32at: I/O port conflict (0x3,16) [ 184.060546][ T6869] loop8: detected capacity change from 0 to 7 [ 184.417331][ T6869] Dev loop8: unable to read RDB block 7 [ 184.761915][ T6869] loop8: AHDI p1 p2 [ 184.765932][ T6869] loop8: partition table partially beyond EOD, truncated [ 184.780724][ T6869] loop8: p1 start 1702000233 is beyond EOD, truncated [ 185.352932][ T6879] netlink: 20 bytes leftover after parsing attributes in process `syz.1.212'. [ 185.371732][ T6879] netlink: 20 bytes leftover after parsing attributes in process `syz.1.212'. [ 186.717888][ T6891] netlink: 'syz.2.217': attribute type 72 has an invalid length. [ 187.455082][ T6897] netlink: 20 bytes leftover after parsing attributes in process `syz.2.219'. [ 187.466150][ T6897] netlink: 20 bytes leftover after parsing attributes in process `syz.2.219'. [ 189.496119][ T6919] IPVS: wrr: UDP 224.0.0.2:0 - no destination available [ 191.026179][ T6929] netlink: 'syz.2.229': attribute type 72 has an invalid length. [ 191.456620][ T5849] Bluetooth: hci3: command 0x0406 tx timeout [ 191.460893][ T5851] Bluetooth: hci0: command 0x0406 tx timeout [ 191.462908][ T5849] Bluetooth: hci2: command 0x0406 tx timeout [ 191.477294][ T5162] Bluetooth: hci1: command 0x0406 tx timeout [ 192.606841][ T6944] netlink: 20 bytes leftover after parsing attributes in process `syz.3.233'. [ 192.617774][ T6944] netlink: 20 bytes leftover after parsing attributes in process `syz.3.233'. [ 193.145477][ T6955] netlink: 20 bytes leftover after parsing attributes in process `syz.5.235'. [ 193.165326][ T6955] netlink: 20 bytes leftover after parsing attributes in process `syz.5.235'. [ 194.355436][ T1314] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.474100][ T1314] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.776022][ T6972] netlink: 'syz.3.242': attribute type 72 has an invalid length. [ 197.063167][ T6987] netlink: 20 bytes leftover after parsing attributes in process `syz.1.247'. [ 197.073956][ T6987] netlink: 20 bytes leftover after parsing attributes in process `syz.1.247'. [ 198.440289][ T7003] netlink: 20 bytes leftover after parsing attributes in process `syz.1.261'. [ 198.451953][ T7003] netlink: 20 bytes leftover after parsing attributes in process `syz.1.261'. [ 200.672614][ T7021] netlink: 1752 bytes leftover after parsing attributes in process `syz.2.256'. [ 201.793938][ T7042] netlink: 20 bytes leftover after parsing attributes in process `syz.1.260'. [ 201.806258][ T7042] netlink: 20 bytes leftover after parsing attributes in process `syz.1.260'. [ 202.845674][ T7055] netlink: 20 bytes leftover after parsing attributes in process `syz.3.265'. [ 202.856175][ T7055] netlink: 20 bytes leftover after parsing attributes in process `syz.3.265'. [ 205.305604][ T7070] netlink: 1752 bytes leftover after parsing attributes in process `syz.0.271'. [ 207.619350][ T7099] netlink: 20 bytes leftover after parsing attributes in process `syz.3.280'. [ 207.629804][ T7099] netlink: 20 bytes leftover after parsing attributes in process `syz.3.280'. [ 208.460239][ T7103] netlink: 20 bytes leftover after parsing attributes in process `syz.0.291'. [ 208.470640][ T7103] netlink: 20 bytes leftover after parsing attributes in process `syz.0.291'. [ 210.209316][ T7119] netlink: 1752 bytes leftover after parsing attributes in process `syz.2.286'. [ 211.872132][ T7138] netlink: 20 bytes leftover after parsing attributes in process `syz.1.292'. [ 211.882883][ T7138] netlink: 20 bytes leftover after parsing attributes in process `syz.1.292'. [ 212.730253][ T7145] netlink: 20 bytes leftover after parsing attributes in process `syz.5.296'. [ 212.740499][ T7145] netlink: 20 bytes leftover after parsing attributes in process `syz.5.296'. [ 216.468833][ T7186] netlink: 20 bytes leftover after parsing attributes in process `syz.1.306'. [ 216.479296][ T7186] netlink: 20 bytes leftover after parsing attributes in process `syz.1.306'. [ 216.499613][ T7184] netlink: 20 bytes leftover after parsing attributes in process `syz.3.307'. [ 216.515068][ T7184] netlink: 20 bytes leftover after parsing attributes in process `syz.3.307'. [ 219.738050][ T7226] netlink: 20 bytes leftover after parsing attributes in process `syz.0.319'. [ 219.749593][ T7226] netlink: 20 bytes leftover after parsing attributes in process `syz.0.319'. [ 221.287498][ T7238] netlink: 20 bytes leftover after parsing attributes in process `syz.0.322'. [ 221.301231][ T7238] netlink: 20 bytes leftover after parsing attributes in process `syz.0.322'. [ 222.483329][ T7248] syz.0.326 (7248): /proc/7243/oom_adj is deprecated, please use /proc/7243/oom_score_adj instead. [ 222.719280][ T29] audit: type=1326 audit(1773867323.949:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7243 comm="syz.0.326" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fca4d79c799 code=0x7ffc0000 [ 222.824469][ T29] audit: type=1326 audit(1773867323.949:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7243 comm="syz.0.326" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fca4d79c799 code=0x7ffc0000 [ 222.960993][ T29] audit: type=1326 audit(1773867323.959:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7243 comm="syz.0.326" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fca4d75cfce code=0x7ffc0000 [ 222.983972][ T29] audit: type=1326 audit(1773867323.959:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7243 comm="syz.0.326" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fca4d79c799 code=0x7ffc0000 [ 223.103584][ T29] audit: type=1326 audit(1773867323.959:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7243 comm="syz.0.326" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fca4d79c799 code=0x7ffc0000 [ 223.461044][ T29] audit: type=1326 audit(1773867323.969:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7243 comm="syz.0.326" exe="/root/syz-executor" sig=0 arch=c000003e syscall=20 compat=0 ip=0x7fca4d79c799 code=0x7ffc0000 [ 224.070616][ T29] audit: type=1326 audit(1773867323.979:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7243 comm="syz.0.326" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fca4d79c799 code=0x7ffc0000 [ 224.190313][ T29] audit: type=1326 audit(1773867323.979:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7243 comm="syz.0.326" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fca4d79c799 code=0x7ffc0000 [ 224.409386][ T7268] netlink: 20 bytes leftover after parsing attributes in process `syz.0.332'. [ 224.419916][ T7268] netlink: 20 bytes leftover after parsing attributes in process `syz.0.332'. [ 224.856550][ T29] audit: type=1326 audit(1773867323.989:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7243 comm="syz.0.326" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fca4d79c799 code=0x7ffc0000 [ 224.978681][ T29] audit: type=1326 audit(1773867323.989:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7243 comm="syz.0.326" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fca4d79c799 code=0x7ffc0000 [ 225.350448][ T7278] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 225.688938][ T7274] binder: 7271:7274 ioctl c0306201 0 returned -14 [ 225.946733][ T7284] netlink: 20 bytes leftover after parsing attributes in process `syz.2.337'. [ 225.960170][ T7284] netlink: 20 bytes leftover after parsing attributes in process `syz.2.337'. [ 229.545900][ T7321] netlink: 20 bytes leftover after parsing attributes in process `syz.5.346'. [ 229.556415][ T7321] netlink: 20 bytes leftover after parsing attributes in process `syz.5.346'. [ 230.654202][ T7329] netlink: 20 bytes leftover after parsing attributes in process `syz.2.349'. [ 230.667802][ T7329] netlink: 20 bytes leftover after parsing attributes in process `syz.2.349'. [ 233.578477][ T7338] loop3: detected capacity change from 0 to 2048 [ 234.108783][ T7338] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024) [ 234.222481][ T7338] NILFS (loop3): error -4 creating segctord thread [ 235.407690][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 235.746233][ T7348] loop2: detected capacity change from 0 to 1024 [ 235.754131][ T7348] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (7780!=20869) [ 235.763914][ T7348] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 235.775442][ T7348] EXT4-fs error (device loop2): ext4_get_journal_inode:5863: inode #8: comm syz.2.358: inode has both inline data and extents flags [ 235.789337][ T7348] loop2: lost file I/O error report for ino 8 type 5 pos 0x0 len 0x0 error -117 [ 235.791615][ T7348] EXT4-fs (loop2): no journal found [ 235.800727][ C1] EXT4-fs (loop2): error count since last fsck: 1 [ 235.800777][ C1] EXT4-fs (loop2): initial error at time 1773867337: ext4_get_journal_inode:5863: inode 8 [ 235.800795][ C1] EXT4-fs (loop2): last error at time 1773867337: ext4_get_journal_inode:5863: inode 8 [ 237.341136][ T7366] netlink: 20 bytes leftover after parsing attributes in process `syz.5.362'. [ 237.353853][ T7366] netlink: 20 bytes leftover after parsing attributes in process `syz.5.362'. [ 238.617526][ T7381] netlink: 20 bytes leftover after parsing attributes in process `syz.5.365'. [ 238.630666][ T7381] netlink: 20 bytes leftover after parsing attributes in process `syz.5.365'. [ 242.720681][ T7416] netlink: 20 bytes leftover after parsing attributes in process `syz.2.375'. [ 242.730901][ T7416] netlink: 20 bytes leftover after parsing attributes in process `syz.2.375'. [ 243.485050][ T7432] netlink: 20 bytes leftover after parsing attributes in process `syz.5.378'. [ 243.499042][ T7432] netlink: 20 bytes leftover after parsing attributes in process `syz.5.378'. [ 245.309610][ T7445] loop1: detected capacity change from 0 to 8 [ 248.207768][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 248.640109][ T30] INFO: task syz.4.5:6019 blocked for more than 143 seconds. [ 248.678238][ T30] Tainted: G L syzkaller #0 [ 248.713086][ T30] Blocked by coredump. [ 248.819142][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 248.830669][ T30] task:syz.4.5 state:D stack:27496 pid:6019 tgid:6010 ppid:5838 task_flags:0x40044c flags:0x00080002 [ 248.842799][ T30] Call Trace: [ 248.857422][ T30] [ 248.860427][ T30] __schedule+0x1665/0x5590 [ 248.864980][ T30] ? __pfx___schedule+0x10/0x10 [ 248.869914][ T30] ? schedule+0x90/0x360 [ 248.874177][ T30] schedule+0x164/0x360 [ 248.879486][ T30] schedule_preempt_disabled+0x13/0x30 [ 249.014693][ T7466] hub 2-0:1.0: USB hub found [ 249.021852][ T7466] hub 2-0:1.0: 1 port detected [ 249.396874][ T30] rwsem_down_read_slowpath+0x6d9/0x940 [ 249.421633][ T30] ? rwsem_down_read_slowpath+0x596/0x940 [ 249.438533][ T30] ? __pfx_rwsem_down_read_slowpath+0x10/0x10 [ 249.444834][ T30] ? do_futex+0x395/0x420 [ 249.449626][ T30] down_read+0x99/0x2e0 [ 249.453933][ T30] ? exit_mm+0x64/0x250 [ 249.458689][ T30] exit_mm+0x73/0x250 [ 249.462820][ T30] ? unwind_deferred_task_exit+0x67/0xa0 [ 249.477808][ T30] do_exit+0x8b9/0x2490 [ 249.482200][ T30] ? __pfx_do_exit+0x10/0x10 [ 249.486977][ T30] do_group_exit+0x21b/0x2d0 [ 249.492415][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 249.500001][ T30] get_signal+0x1284/0x1330 [ 249.504735][ T30] arch_do_signal_or_restart+0xbc/0x830 [ 249.512580][ T30] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 249.519241][ T30] exit_to_user_mode_loop+0x86/0x480 [ 249.524695][ T30] ? rcu_is_watching+0x15/0xb0 [ 249.586105][ T30] do_syscall_64+0x32d/0xf80 [ 249.591115][ T30] ? trace_irq_disable+0x3b/0x150 [ 249.596273][ T30] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 249.603227][ T30] ? clear_bhb_loop+0x40/0x90 [ 249.608434][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 249.614611][ T30] RIP: 0033:0x7f68cc39c799 [ 249.625853][ T30] RSP: 002b:00007f68cd316028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 249.634858][ T30] RAX: 000000000000000b RBX: 00007f68cc615fa0 RCX: 00007f68cc39c799 [ 249.645485][ T30] RDX: 0000000000000318 RSI: 00002000000bd000 RDI: 0000000000000005 [ 249.660022][ T30] RBP: 00007f68cc432c99 R08: 0000000000000000 R09: 0000000000000000 [ 249.672470][ T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 249.686876][ T30] R13: 00007f68cc616038 R14: 00007f68cc615fa0 R15: 00007ffefc709368 [ 249.697309][ T30] [ 249.701998][ T30] [ 249.701998][ T30] Showing all locks held in the system: [ 249.710578][ T30] 2 locks held by ksoftirqd/1/23: [ 249.715823][ T30] #0: ffff8880b863ae60 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0xb6/0x150 [ 249.726479][ T30] #1: ffff8880b8724588 (psi_seq){-.-.}-{0:0}, at: psi_task_switch+0x53/0x880 [ 249.735805][ T30] 1 lock held by khungtaskd/30: [ 249.741363][ T30] #0: ffffffff8e75d6a0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 249.753595][ T30] 4 locks held by kworker/u8:6/1007: [ 249.759280][ T30] #0: ffff8880b863ae60 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0xb6/0x150 [ 249.777439][ T30] #1: ffff8880b8724588 (psi_seq){-.-.}-{0:0}, at: psi_task_switch+0x53/0x880 [ 249.797439][ T30] #2: ffffffff9a55c2c0 (&obj_hash[i].lock){-.-.}-{2:2}, at: debug_object_activate+0x83/0x580 [ 249.811605][ T30] #3: ffffffff8e75d6a0 (rcu_read_lock){....}-{1:3}, at: ieee80211_sta_active_ibss+0xc3/0x330 [ 249.824326][ T30] 2 locks held by getty/5597: [ 249.830293][ T30] #0: ffff888037f180a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 249.840481][ T30] #1: ffffc9000322b2e8 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x45c/0x13c0 [ 249.853411][ T30] 3 locks held by syz-executor/5842: [ 249.859126][ T30] 1 lock held by syz.4.5/6019: [ 249.863980][ T30] #0: ffff88802038f3b8 (&mm->mmap_lock){++++}-{4:4}, at: exit_mm+0x73/0x250 [ 249.873803][ T30] [ 249.876227][ T30] ============================================= [ 249.876227][ T30] [ 249.900740][ T30] NMI backtrace for cpu 1 [ 249.900763][ T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Tainted: G L syzkaller #0 PREEMPT(full) [ 249.900784][ T30] Tainted: [L]=SOFTLOCKUP [ 249.900790][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 249.900798][ T30] Call Trace: [ 249.900805][ T30] [ 249.900812][ T30] dump_stack_lvl+0xe8/0x150 [ 249.900844][ T30] nmi_cpu_backtrace+0x274/0x2d0 [ 249.900867][ T30] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 249.900897][ T30] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 249.900922][ T30] sys_info+0x135/0x170 [ 249.900942][ T30] watchdog+0x1002/0x1060 [ 249.900968][ T30] ? watchdog+0x1da/0x1060 [ 249.900991][ T30] kthread+0x388/0x470 [ 249.901010][ T30] ? __pfx_watchdog+0x10/0x10 [ 249.901027][ T30] ? __pfx_kthread+0x10/0x10 [ 249.901046][ T30] ret_from_fork+0x51e/0xb90 [ 249.901070][ T30] ? __pfx_ret_from_fork+0x10/0x10 [ 249.901089][ T30] ? __switch_to+0xc7d/0x1450 [ 249.901112][ T30] ? __pfx_kthread+0x10/0x10 [ 249.901131][ T30] ret_from_fork_asm+0x1a/0x30 [ 249.901161][ T30] [ 249.901177][ T30] Sending NMI from CPU 1 to CPUs 0: [ 250.018690][ C0] NMI backtrace for cpu 0 [ 250.018709][ C0] CPU: 0 UID: 0 PID: 5842 Comm: syz-executor Tainted: G L syzkaller #0 PREEMPT(full) [ 250.018730][ C0] Tainted: [L]=SOFTLOCKUP [ 250.018736][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 250.018745][ C0] RIP: 0010:__rcu_read_lock+0x5/0x60 [ 250.018770][ C0] Code: 89 ff e8 9e ac 83 00 e9 32 fc ff ff 66 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 53 <65> 48 8b 1d 3b 1e 72 11 48 81 c3 c4 04 00 00 48 89 d8 48 c1 e8 03 [ 250.018783][ C0] RSP: 0018:ffffc90003a37208 EFLAGS: 00000202 [ 250.018797][ C0] RAX: 0000000000000001 RBX: ffffffff824a93fe RCX: 0000000000000000 [ 250.018807][ C0] RDX: dffffc0000000000 RSI: ffffffff824a93fe RDI: ffffc90003a372e8 [ 250.018819][ C0] RBP: dffffc0000000000 R08: ffffc90003a373b0 R09: 0000000000000004 [ 250.018829][ C0] R10: ffffc90003a37338 R11: ffffffff81b1db20 R12: 1ffff92000746e5d [ 250.018840][ C0] R13: ffffc90003a37320 R14: ffffc90003a372e8 R15: ffffc90003a37c80 [ 250.018852][ C0] FS: 0000555559dad500(0000) GS:ffff888125436000(0000) knlGS:0000000000000000 [ 250.018864][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 250.018875][ C0] CR2: 00007fca4d9e92f8 CR3: 0000000067bae000 CR4: 00000000003526f0 [ 250.018891][ C0] Call Trace: [ 250.018897][ C0] [ 250.018902][ C0] ? evict+0x61e/0xb10 [ 250.018918][ C0] unwind_next_frame+0x9e/0x23c0 [ 250.018938][ C0] ? unwind_next_frame+0xa5/0x23c0 [ 250.018953][ C0] ? shmem_evict_inode+0x289/0xae0 [ 250.018968][ C0] ? evict+0x61e/0xb10 [ 250.018983][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 250.019004][ C0] arch_stack_walk+0x11b/0x150 [ 250.019021][ C0] ? evict+0x61e/0xb10 [ 250.019038][ C0] stack_trace_save+0xa9/0x100 [ 250.019056][ C0] ? __pfx_stack_trace_save+0x10/0x10 [ 250.019076][ C0] ? stack_depot_save_flags+0x33/0x810 [ 250.019095][ C0] save_stack+0x122/0x230 [ 250.019111][ C0] ? __pfx_save_stack+0x10/0x10 [ 250.019124][ C0] ? free_unref_folios+0xd0c/0x1450 [ 250.019138][ C0] ? folios_put_refs+0x9ff/0xb40 [ 250.019153][ C0] ? shmem_undo_range+0x52c/0x1660 [ 250.019171][ C0] ? shmem_evict_inode+0x289/0xae0 [ 250.019184][ C0] ? evict+0x61e/0xb10 [ 250.019203][ C0] ? page_ext_put+0x97/0xc0 [ 250.019219][ C0] __reset_page_owner+0x71/0x1f0 [ 250.019234][ C0] free_unref_folios+0xd0c/0x1450 [ 250.019255][ C0] folios_put_refs+0x9ff/0xb40 [ 250.019276][ C0] ? __pfx_folios_put_refs+0x10/0x10 [ 250.019293][ C0] ? folio_batch_remove_exceptionals+0x18c/0x1f0 [ 250.019312][ C0] shmem_undo_range+0x52c/0x1660 [ 250.019337][ C0] ? __pfx_shmem_undo_range+0x10/0x10 [ 250.019372][ C0] ? arch_stack_walk+0xfb/0x150 [ 250.019399][ C0] ? kasan_save_stack+0x4d/0x60 [ 250.019421][ C0] ? kasan_save_stack+0x3e/0x60 [ 250.019442][ C0] ? kasan_record_aux_stack+0xbd/0xd0 [ 250.019461][ C0] ? call_rcu+0xee/0x890 [ 250.019477][ C0] ? __lock_acquire+0x6b5/0x2cf0 [ 250.019504][ C0] shmem_evict_inode+0x289/0xae0 [ 250.019521][ C0] ? inode_wait_for_writeback+0x16d/0x3b0 [ 250.019538][ C0] ? __pfx_shmem_evict_inode+0x10/0x10 [ 250.019552][ C0] ? __pfx_inode_wait_for_writeback+0x10/0x10 [ 250.019567][ C0] ? do_raw_spin_lock+0x12b/0x2f0 [ 250.019590][ C0] ? do_raw_spin_unlock+0xf5/0x210 [ 250.019609][ C0] ? __pfx_shmem_evict_inode+0x10/0x10 [ 250.019624][ C0] evict+0x61e/0xb10 [ 250.019643][ C0] ? __pfx_evict+0x10/0x10 [ 250.019659][ C0] ? _raw_spin_unlock+0x28/0x50 [ 250.019675][ C0] ? iput+0xb25/0xe80 [ 250.019699][ C0] filename_unlinkat+0x43f/0x610 [ 250.019719][ C0] ? __pfx_filename_unlinkat+0x10/0x10 [ 250.019739][ C0] ? do_getname+0x151/0x250 [ 250.019759][ C0] __se_sys_unlink+0x2e/0x140 [ 250.019777][ C0] do_syscall_64+0x14d/0xf80 [ 250.019795][ C0] ? trace_irq_disable+0x3b/0x150 [ 250.019813][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 250.019829][ C0] ? clear_bhb_loop+0x40/0x90 [ 250.019846][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 250.019861][ C0] RIP: 0033:0x7f6648b9b887 [ 250.019875][ C0] Code: 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 57 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 [ 250.019887][ C0] RSP: 002b:00007ffdc1454668 EFLAGS: 00000206 ORIG_RAX: 0000000000000057 [ 250.019901][ C0] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6648b9b887 [ 250.019911][ C0] RDX: 00007ffdc1454690 RSI: 00007ffdc1454720 RDI: 00007ffdc1454720 [ 250.019922][ C0] RBP: 00007ffdc1454720 R08: 00007ffdc1455720 R09: 00000000ffffffff [ 250.019932][ C0] R10: 0000000000000100 R11: 0000000000000206 R12: 00007ffdc14557b0 [ 250.019941][ C0] R13: 00007f6648c32050 R14: 000000000003c5b6 R15: 00007ffdc14557f0 [ 250.019960][ C0] [ 250.490732][ T30] Kernel panic - not syncing: hung_task: blocked tasks [ 250.497587][ T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Tainted: G L syzkaller #0 PREEMPT(full) [ 250.508255][ T30] Tainted: [L]=SOFTLOCKUP [ 250.512562][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 250.522597][ T30] Call Trace: [ 250.525896][ T30] [ 250.528830][ T30] vpanic+0x56c/0xa60 [ 250.532811][ T30] ? __pfx___schedule+0x10/0x10 [ 250.537649][ T30] ? __pfx_vpanic+0x10/0x10 [ 250.542141][ T30] ? nmi_trigger_cpumask_backtrace+0x1f4/0x300 [ 250.548288][ T30] panic+0xc5/0xd0 [ 250.552000][ T30] ? __pfx_panic+0x10/0x10 [ 250.556402][ T30] ? preempt_schedule_thunk+0x16/0x30 [ 250.561760][ T30] ? nmi_trigger_cpumask_backtrace+0x2bb/0x300 [ 250.567909][ T30] watchdog+0x105b/0x1060 [ 250.572237][ T30] ? watchdog+0x1da/0x1060 [ 250.576644][ T30] kthread+0x388/0x470 [ 250.580702][ T30] ? __pfx_watchdog+0x10/0x10 [ 250.585361][ T30] ? __pfx_kthread+0x10/0x10 [ 250.589936][ T30] ret_from_fork+0x51e/0xb90 [ 250.594522][ T30] ? __pfx_ret_from_fork+0x10/0x10 [ 250.599621][ T30] ? __switch_to+0xc7d/0x1450 [ 250.604288][ T30] ? __pfx_kthread+0x10/0x10 [ 250.608907][ T30] ret_from_fork_asm+0x1a/0x30 [ 250.613665][ T30] [ 250.617317][ T30] Kernel Offset: disabled [ 250.621639][ T30] Rebooting in 86400 seconds..