last executing test programs: 18.641006351s ago: executing program 1 (id=2630): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x1c, 0x0, &(0x7f00000001c0)=0x1e00) r4 = creat(&(0x7f0000000040)='./file0\x00', 0x4b) close(r4) r5 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f0000000140)={0x0, &(0x7f0000000380)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r4, 0xc06864a1, &(0x7f0000000300)={0x0, 0xfffffffffffffe7a, r6, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r4, 0xc06864ce, &(0x7f0000000600)={r7, 0x0, 0x0, 0x0, 0x3, [0x0, 0x0, 0x0, 0x0], [0x800000], [0x0, 0x1001000], [0x0, 0x0, 0xe8a6]}) ioctl$DRM_IOCTL_MODE_ADDFB2(r4, 0xc06864b8, &(0x7f00000001c0)={0x0, 0xae, 0x3ff, 0x34325241, 0x0, [r8, 0x0, 0x0, r9], [0x2b8]}) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f0000000280)={&(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) 15.794512717s ago: executing program 2 (id=2638): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, 0x0, 0x0}, 0x94) bpf$ITER_CREATE(0x21, &(0x7f0000000480), 0x8) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) openat$tcp_mem(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv4/tcp_rmem\x00', 0x1, 0x0) r4 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000280)='/dev/comedi4\x00', 0x0, 0x0) ioctl$COMEDI_CMDTEST(r4, 0x8050640a, &(0x7f0000000340)={0x0, 0x8, 0x20, 0x6, 0x80, 0x3ff, 0x3, 0xbd, 0x40, 0xb, 0x4, 0x2, 0x0, 0x0, 0x0, 0x1e}) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="120000000400000008000000"], 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000300)=ANY=[@ANYRES32=r5], 0x10) bpf$MAP_UPDATE_ELEM(0x2, 0x0, 0x0) sendmmsg$inet6(r0, 0x0, 0x0, 0x0) 14.473451153s ago: executing program 2 (id=2639): r0 = openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$IMADDTIMER(r0, 0x80044940, &(0x7f00000000c0)=0x14) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006000000"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r2, 0x0, 0xd}, 0x18) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r4 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r4) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(camellia)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5910fae9d6dcd3292ea54c7b6ef915d564c90c200", 0x18) r6 = accept4(r5, 0x0, 0x0, 0x0) sendmsg$nl_route_sched_retired(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000003100)=@newtaction={0xb40, 0x30, 0x800, 0x70bd2a, 0x25dfdbfc, {}, [{0x918, 0x1, [@m_ipt={0x278, 0x17, 0x0, 0x0, {{0x8}, {0x1bc, 0x2, 0x0, 0x1, [@TCA_IPT_TARG={0xf1, 0x6, {0x0, 'raw\x00', 0xe, 0xb3, "01df771ed4aa468d466490bb6d3a762752b0276450737133d354ea68c13a92efe99064741e04d8a20e194e30a60295d386bccda0f3007979597e6d03b954a8f914ba7b899f16c20d6d72edd9b6f52db88f3ba2e308499f6252662a51fa4b12868b58f75e27ec9103b8068b9b811e21bd2aa37e31ee1bb8e60ecb8155c8e19ea1c7fdbb9aa819059c61aa86c434a7c8da18ab573d7585bec9c1d4494956d182e7b35a526fd48659ab60beb8f339651c715661a36a876cce3dd7a98863f318caef99752c65346980"}}, @TCA_IPT_TABLE={0x24, 0x1, 'filter\x00'}, @TCA_IPT_HOOK={0x8, 0x2, 0x2}, @TCA_IPT_TABLE={0x24, 0x1, 'nat\x00'}, @TCA_IPT_TABLE={0x24, 0x1, 'mangle\x00'}, @TCA_IPT_TARG={0x3d, 0x6, {0xff3b, 'nat\x00', 0x6a, 0xfff, "ec6c358b1b02688c45d6891b8d39befc710e9c"}}, @TCA_IPT_INDEX={0x8, 0x3, 0x3ff}, @TCA_IPT_HOOK={0x8}]}, {0x95, 0x6, "33c428b1016ea0e62b6c917780554ec63a01a7382016d430730d1158d5469fa35f73d351ec348637d292a8c8699738644c304a14a0ca2e2c1422d9493ae361a88a61e76022334cc9eff1d9b15acf815ab9bf490688724773d3775e92953306fa3923bf0b3eb78ed4c4e43760fb360a12727f0000004fe4c5639595b4ce1706ccb85c9b5872240c31834297cfb06b7eaaa1"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}, @m_ipt={0x17c, 0x11, 0x0, 0x0, {{0x8}, {0xf0, 0x2, 0x0, 0x1, [@TCA_IPT_TARG={0xb5, 0x6, {0x7, 'mangle\x00', 0x4, 0x7, "852c07967e4bde8acbdebf709c7f67b435415e9fad5eed399218069c30b3db399d5bdbdffc09aa13d6aef79a3360cf4b7d5e8a92b817394560aba652eb4e4ec31470dd9b8becbf6cad6f3328aec2ac14541a30a5f89f2a6e60534a70c1deccc519f73984d6d2ae8b9fe17278f03e9f60e876c3b1fc1ef49873f24bd44137256bfd0a27e100d2162e3f7b17"}}, @TCA_IPT_HOOK={0x8, 0x2, 0x5}, @TCA_IPT_HOOK={0x8, 0x2, 0x2}, @TCA_IPT_TABLE={0x24, 0x1, 'nat\x00'}]}, {0x65, 0x6, "195244b493b69a109e343c48236a318aa067ccccb2000506f4e63246fce6276de9355aae82ccf014b3a51009a53cc597e7eec180e252560262d28e1340152b8389fc3dcbd1c60cbef5aa738a80d9582b7bf553a33208654c9b7b642eb56b8a9716"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x2, 0x3}}}}, @m_ipt={0x154, 0x17, 0x0, 0x0, {{0x8}, {0xa4, 0x2, 0x0, 0x1, [@TCA_IPT_INDEX={0x8, 0x3, 0x7}, @TCA_IPT_TABLE={0x24, 0x1, 'security\x00'}, @TCA_IPT_TABLE={0x24, 0x1, 'raw\x00'}, @TCA_IPT_TABLE={0x24, 0x1, 'mangle\x00'}, @TCA_IPT_TABLE={0x24, 0x1, 'raw\x00'}, @TCA_IPT_INDEX={0x8, 0x3, 0x4}]}, {0x89, 0x6, "828d51b8c024f3ba75276291fd744bf1d83ac94c40f59c2d7aabe5cffe85cb1235f3e723c7a0ca6f1a15a0e38afac0bc7115796816162cbc6d09aea501ff36a46772ec7a3aa4d7c60363ff8f0eeda2f3eb8c435fb1d254244779da6c44c5dc30ed21a60df465ec395bc4d898dc7104dc47d809383d1d5431371c66f76842e2571bf73ce597"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x2, 0x1}}}}, @m_ipt={0x114, 0x3, 0x0, 0x0, {{0x8}, {0x78, 0x2, 0x0, 0x1, [@TCA_IPT_HOOK={0x8, 0x2, 0x1}, @TCA_IPT_TARG={0x69, 0x6, {0x3, 'security\x00', 0x84, 0x8, "cf8102ab12c6b2198a413eaa65607ab7ca51ab206bef3fe70b20aa2e7aacfa341b2d9158773430366e3a48eb70679ab8b9759ebcd3b2636776df09c3eb7702"}}]}, {0x75, 0x6, "1d4af027bf39e92f2bc3b16061477612108c4de6dbb9dbc37f978e20a11849888f1cfa0d69961cc5b133c25b0a606d867918fd28cefd9936cea3c502ba83dbc878d09708660761105b2cb89c15f4eb2ff9ca07aba60aef01aab6097fa30bc52f5c31cbba441df32848abb9344a809a2a4c"}, {0xc}, {0xc, 0x8, {0x2, 0x1}}}}, @m_ipt={0x13c, 0x11, 0x0, 0x0, {{0x8}, {0xe0, 0x2, 0x0, 0x1, [@TCA_IPT_TARG={0xd9, 0x6, {0x2, 'mangle\x00', 0x1, 0x1, "26b28bee405c084d7d3004660f6902208128531e54ab5a1819783607be3e2e463fc401b2d641a72c11f6aea69efbc1dac1e8f34f762cbc8ee0231ffeebcb773de1e20df7f65c7029200a9570577fe540733523b10491dc5fda6c0091603360fb1b6019648c7b5ef50f8741b6670963cc5d8533f50c4a2cfbeda3e0ed5070ab41e44997bdda4c34c11413cb846041ef4060b9cb71e527a7dd8e4efb7877f6f37b7cd8648d2d22911f9fbfdd95b69e14"}}]}, {0x35, 0x6, "e7ba22f1ebc93a7960461c2acdaf1da6af842571f14f3b0700806b225899f9ba581b6cc401693affa591693a24cad555ae"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x2}}}}, @m_ipt={0x64, 0x20, 0x0, 0x0, {{0x8}, {0x28, 0x2, 0x0, 0x1, [@TCA_IPT_TABLE={0x24, 0x1, 'raw\x00'}]}, {0x15, 0x6, "a0f801aae36e077609a01908bc70dd5a7c"}, {0xc}, {0xc, 0x8, {0x2, 0x2}}}}, @m_ipt={0x118, 0x20, 0x0, 0x0, {{0x8}, {0x6c, 0x2, 0x0, 0x1, [@TCA_IPT_TARG={0x55, 0x6, {0xfffa, 'nat\x00', 0x4, 0x8, "b112d50939750fa56623826275793a59f694cdc8bda79320bfe1d4c8997abe43daace6790afb2937cfb2e0"}}, @TCA_IPT_INDEX={0x8, 0x3, 0x6}, @TCA_IPT_INDEX={0x8, 0x3, 0x6062ae06}]}, {0x85, 0x6, "080f497fef56763eb14339e04d8880b35d4fcb1f3ccd5757021fa31ef38a7d4c8fca4f32d5757fdee1a2aceaaeb6abdad810154a059435c356867b27c8df5015f90bffb81405bdefffef46fede1a8038897bb9fd967f32f04f15a8596894786759dc20093ddbffb2158f5c0591205638b11d518d459f3137f1349ab013b3b5732e"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1, 0x97dd299ab8dc81d}}}}]}, {0xb4, 0x1, [@m_ipt={0xb0, 0x3, 0x0, 0x0, {{0x8}, {0x74, 0x2, 0x0, 0x1, [@TCA_IPT_TARG={0x6d, 0x6, {0x8, 'mangle\x00', 0x80, 0xa62, "07625db7849301f3c760230789043c3c5de12e22cc8e1f5f20c97ba14d907f5a3eae7673340356d1e624a3f315c4d0b1439a387605ebd024be5895e6659813581fe54a"}}]}, {0x15, 0x6, "e2ebd2e0185a4d308803e9306ec5d2b0e6"}, {0xc}, {0xc, 0x8, {0x1, 0x3}}}}]}, {0x160, 0x1, [@m_ipt={0xf8, 0x6, 0x0, 0x0, {{0x8}, {0x28, 0x2, 0x0, 0x1, [@TCA_IPT_TABLE={0x24, 0x1, 'raw\x00'}]}, {0xa9, 0x6, "f5fcf6c5d281ac07391f35700b5786a70ee288211391aef6ec3378d7dd4a7c7445b8d3046ec059dd382a214deedda165d8663d562a47b1afb15557c5ceab4960c0442cc36ea1e65aa9650e7ac2c900fbb08da34b73b6b699463a47761daa69afd529deea7f5c97d3f950af23793139f4c0c3cea503bb9a23d2f7677c9bf150e350defce66ec3eccbaabb1e8f7fe7c49b9e91ecca113edb7f81da88a113c1065219a1d6062e"}, {0xc}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ipt={0x64, 0x1a, 0x0, 0x0, {{0x8}, {0x4}, {0x3b, 0x6, "4b6275823d714c9413915317da89818cb9f96e8938cf5d91ef0ce403d55fc9bdc74a0a5b88653980ed0af5c857ee3a0361bfe072c3d9c7"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x0, 0x3}}}}]}]}, 0xb40}}, 0x4008800) recvmmsg$unix(r6, &(0x7f0000000e00)=[{{0x0, 0x0, &(0x7f0000000700)=[{&(0x7f00000015c0)=""/4096, 0x1000}], 0x1}}], 0x1, 0x0, 0x0) sendmmsg$inet6(r6, &(0x7f0000004d00)=[{{0x0, 0x0, &(0x7f0000002600)=[{&(0x7f0000000380)="34f21e", 0x3}], 0x1}}], 0x1, 0x10) r7 = socket(0x40000000015, 0x5, 0x0) socket$rxrpc(0x21, 0x2, 0x2) syz_init_net_socket$x25(0x9, 0x5, 0x0) r8 = socket$rxrpc(0x21, 0x2, 0x2) bind$rxrpc(r8, &(0x7f0000000080)=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x4e20, 0x0, @dev={0xfe, 0x80, '\x00', 0x17}}}, 0x24) bind$inet6(r7, &(0x7f00000003c0)={0xa, 0x0, 0x0, @mcast1, 0xfffffffd}, 0x1c) sendto$inet(r1, 0x0, 0x0, 0x20000800, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10) 13.150518847s ago: executing program 2 (id=2644): socket$inet6(0xa, 0x800000000000002, 0x0) syz_open_dev$sg(&(0x7f00000060c0), 0xfffffffffffffffe, 0x545100) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xee01, 0xffffffffffffffff}}, './file0\x00'}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_MPP(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)={0x1c, r5, 0x301, 0x0, 0x0, {{0x11}, {@val={0x8, 0x3, r4}, @void}}}, 0x1c}}, 0x0) 12.813449535s ago: executing program 4 (id=2645): r0 = socket$kcm(0x29, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000340)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, &(0x7f0000000440)={0x6, @local, 0x0, 0x3, 'lblc\x00', 0x4}, 0x2c) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=ANY=[@ANYBLOB="140000001000010000000000000000000a00000a140000001100010000000000000000000000000a4e71f41a59f84bf45e43e9022b5e2c065ff1eb98995a13992eeff675378b76e3a189a3a9b30ab18d89ec16f57ccdb69370733e384898d53c552f538046804c77098663ec578c31b1510a923455592ca7bcf0ce8fff238550a4a010d4d66a557eb5ff2c0754e4f0cb9d6d1e4859c40bf04fdb5d77cffdab05f94d1d01b86a23d226e123099659b52c17a9689957bbba362cb3e94b0b130fb139ffc487f713f0ea3889c1d67f18234497b897908aee303f285ca04fcea8c4872b7492f0db2ae9c1dc9c91aa1dc570cd4eee6205888e3d7b9e2b21d42de44472eba620ba1f2872e5d0bb1310cfb4859792ba"], 0x28}}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) mkdir(&(0x7f0000000200)='./file1\x00', 0x140) setsockopt$inet_MCAST_MSFILTER(0xffffffffffffffff, 0x0, 0x30, &(0x7f0000000a40)=ANY=[@ANYBLOB="000000000000000002004e24e000000100000000000000000000000000000000000000000000000000000000000000001b00"/144], 0x90) r3 = socket$nl_crypto(0x10, 0x3, 0x15) sendmsg$netlink(r3, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000280), 0x0, 0x0, 0x0, 0x4041}, 0x4) socket$kcm(0x10, 0x3, 0x10) r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000002540), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x106}}, 0x20) write$RDMA_USER_CM_CMD_QUERY(r4, &(0x7f0000000000)={0x13, 0x10, 0xfa00, {&(0x7f00000003c0), r5, 0x2}}, 0x18) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_attach_bpf(r0, 0x1, 0xd, &(0x7f0000000080), 0x2cb) 11.446484416s ago: executing program 0 (id=2647): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0x13, &(0x7f0000000680)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000040000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41002, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f0000000180)='sys_enter\x00', r0}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000008fd8850000000400000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kmem_cache_free\x00', r1}, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x107042, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x60142, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff) r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) sendmsg$ETHTOOL_MSG_COALESCE_SET(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000180)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000000000001400000008000f00fc00000018000180140002006e657464657673696d300000000000000800060000fcffff08000900fc000000080011000700000008000e00800000000800", @ANYRES64=r4], 0x5c}, 0x1, 0x0, 0x0, 0x4000800}, 0x88010) 11.395227514s ago: executing program 4 (id=2648): r0 = bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000100)={{r0, 0xffffffffffffffff}, &(0x7f0000000240), 0x0}, 0x20) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000000)={r1}, 0x4) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r2, 0x84, 0x76, &(0x7f0000000100)={0x0, 0x7}, 0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r2, 0x84, 0x75, &(0x7f0000000040)={0x0, 0x8}, 0x8) bind$inet6(r2, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket(0x22, 0x3, 0xb) sendmmsg$inet6(r2, &(0x7f0000000200)=[{{&(0x7f00000008c0)={0xa, 0x4e23, 0x1, @loopback, 0x1}, 0x1c, &(0x7f0000000580)=[{&(0x7f0000001680)='\t', 0x1}], 0x1}}], 0x1, 0x0) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x79, &(0x7f0000000b40)=ANY=[@ANYRESDEC=r3, @ANYRESHEX=r4, @ANYRESDEC=r3, @ANYBLOB="217891fd50f884d4d91b9e7a2ef745ebcc0d2575ab", @ANYRES32=r2, @ANYRES16=r5, @ANYBLOB="e6b4cc6b6a9db5bf14d9581ad8c7827ee39d831213bdd0752a7f95640aad82b469bbe19b7956f1588a3667772c7709f4a46a04f6461bc9a5292025f98fefcc014500ad5b947df340a668d8f59e4d2edfd9091b0acae83881856a83ca525b0163d293e3bdad5e18ca9ec4def0269d49e73daa8930da1951b820a4fb28900757051c7d3566ceb79bfd7d43936d1d3302b0f55c7876a1ae0e8d92ee34a64383c57b89b93d3be29c4e81842df71a487dd388894d83f196a4f78d55e956d0772323ee37b415c86ea0089d8b3d297ef84acfe612a8b0a12a7c3ea3bae8316508f0edafe3ffdccfc2bb09dc23b42234d7c8384b82061af484", @ANYBLOB="c529e99f73bdf9746ab525d0d3d45b6d084d0555df67a9fc92f172cf122ab138cf685f40d595a4284aaf7d0d0b432ab0566f02f0ec1cff45dc182067ddf24aed2e7b978316ab043660191b93bac2976405e3c14adb9a54c49c587e80c1ba1d388e49113825b5ad2ddf80223fda7e468f61f070d8d76abcb308b3c46e8878995c349ca2bb4661733005921540464ed98aadb91fe3409164920ac1100fa2d44de7d1269361dbac526182e1b406dbfd"], 0x8) socket$inet6(0xa, 0x3, 0x1) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='fd\x00') exit(0x7) r6 = socket(0x15, 0x5, 0x0) getsockopt(r6, 0x200000000114, 0x2720, 0x0, &(0x7f0000000000)) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) 11.232696381s ago: executing program 0 (id=2649): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, 0x0, 0x0}, 0x94) bpf$ITER_CREATE(0x21, &(0x7f0000000480), 0x8) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) openat$tcp_mem(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv4/tcp_rmem\x00', 0x1, 0x0) r4 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000280)='/dev/comedi4\x00', 0x0, 0x0) ioctl$COMEDI_CMDTEST(r4, 0x8050640a, &(0x7f0000000340)={0x0, 0x8, 0x20, 0x6, 0x80, 0x3ff, 0x3, 0xbd, 0x40, 0xb, 0x4, 0x2, 0x0, 0x0, 0x0, 0x1e}) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="120000000400000008000000"], 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000300)=ANY=[@ANYRES32=r5], 0x10) bpf$MAP_UPDATE_ELEM(0x2, 0x0, 0x0) sendmmsg$inet6(r0, 0x0, 0x0, 0x0) 10.209027057s ago: executing program 0 (id=2650): r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)=ANY=[@ANYRES8], 0x50) close(r0) bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48) setsockopt$inet6_IPV6_RTHDRDSTOPTS(0xffffffffffffffff, 0x29, 0x37, 0x0, 0x0) openat$nvram(0xffffffffffffff9c, 0x0, 0x8882, 0x0) r1 = socket$kcm(0x29, 0x5, 0x0) sendmmsg$inet(r1, 0x0, 0x0, 0x40) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_MAX_BURST(r2, 0x84, 0xc, &(0x7f00000005c0)=@assoc_value, &(0x7f0000000640)=0x8) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) syz_open_dev$sndmidi(&(0x7f0000000000), 0x80000001, 0x105501) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r4, 0x0, 0x4048841) recvmsg(r3, &(0x7f0000000840)={0x0, 0x0, 0x0}, 0x10001) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xfffffffffffffff6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r5 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8) r6 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r6, &(0x7f0000000240)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2c}}, 0x10) sendmmsg$inet(r6, &(0x7f0000003cc0)=[{{&(0x7f0000000140)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB="140000000000000000000000070000009404002042303c00"], 0x18}}], 0x1, 0x44008004) write$binfmt_misc(r6, &(0x7f0000000300), 0xfdef) ioctl$IOMMU_IOAS_COPY(0xffffffffffffffff, 0x3b83, 0x0) sendmsg$inet(r4, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f00000001c0)="04", 0x1}], 0x1}, 0x1) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x2, 0x8, &(0x7f0000000740)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 9.117758278s ago: executing program 1 (id=2652): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="700200001300290a000000000000000007000000", @ANYRES32, @ANYBLOB="000000000000000010010c8013000c800ca3488008000000000000000800038064001d80050006"], 0x270}, 0x1, 0x0, 0x0, 0x20008014}, 0x4) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000bc0), r0) sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB="d0000000", @ANYRES16=r1, @ANYBLOB="010000000000000000000100000008000100000000000400048008000c8004000b800800020001000000a00008801c000780080077144ebb00000800060000000000"], 0xd0}}, 0x0) 8.401135666s ago: executing program 1 (id=2654): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x48241, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f00000001c0)=ANY=[@ANYBLOB], 0x3e) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[], 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x61, 0x14, 0x20}, [@ldst={0x5}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000700)={0x17, 0x4, &(0x7f0000000240)=ANY=[@ANYRESHEX=r5, @ANYRES32=r1], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x13}, 0x94) socketpair(0x18, 0x0, 0x2, 0x0) 7.979898296s ago: executing program 2 (id=2656): r0 = socket$kcm(0x29, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000340)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, &(0x7f0000000440)={0x6, @local, 0x0, 0x3, 'lblc\x00', 0x4}, 0x2c) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=ANY=[@ANYBLOB="140000001000010000000000000000000a00000a140000001100010000000000000000000000000a4e71f41a59f84bf45e43e9022b5e2c065ff1eb98995a13992eeff675378b76e3a189a3a9b30ab18d89ec16f57ccdb69370733e384898d53c552f538046804c77098663ec578c31b1510a923455592ca7bcf0ce8fff238550a4a010d4d66a557eb5ff2c0754e4f0cb9d6d1e4859c40bf04fdb5d77cffdab05f94d1d01b86a23d226e123099659b52c17a9689957bbba362cb3e94b0b130fb139ffc487f713f0ea3889c1d67f18234497b897908aee303f285ca04fcea8c4872b7492f0db2ae9c1dc9c91aa1dc570cd4eee6205888e3d7b9e2b21d42de44472eba620ba1f2872e5d0bb1310cfb4859792ba"], 0x28}}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) mkdir(&(0x7f0000000200)='./file1\x00', 0x140) setsockopt$inet_MCAST_MSFILTER(0xffffffffffffffff, 0x0, 0x30, &(0x7f0000000a40)=ANY=[@ANYBLOB="000000000000000002004e24e000000100000000000000000000000000000000000000000000000000000000000000001b00"/144], 0x90) r3 = socket$nl_crypto(0x10, 0x3, 0x15) sendmsg$netlink(r3, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000280), 0x0, 0x0, 0x0, 0x4041}, 0x4) r4 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)}, 0x0) r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000002540), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040), 0x106}}, 0x20) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ff1000/0xf000)=nil, 0xf000, 0x100000a, 0x32, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0x3bf4, &(0x7f0000000700)={0x0, 0x8da6, 0x4200, 0x0, 0x3f}, &(0x7f0000001dc0), &(0x7f0000000100)=0x0) syz_io_uring_submit(r6, r7, &(0x7f0000001e40)=@IORING_OP_POLL_ADD={0x6, 0x70, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, {0x40}, 0x7073d652ec901ab0}) r8 = socket$kcm(0x2b, 0x1, 0x0) close(r8) socket$inet6_tcp(0xa, 0x1, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="1200000004000000080000000b"], 0x48) setsockopt$sock_attach_bpf(r0, 0x1, 0xd, &(0x7f0000000080), 0x2cb) 6.440900668s ago: executing program 1 (id=2657): r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x1, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) io_setup(0x6, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, 0x0) sendmsg$NL80211_CMD_VENDOR(r5, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)={0x28, r4, 0x701, 0x0, 0x25dfdbfc, {{}, {@void, @val={0x8}, @val={0xc, 0x99, {0x8, 0x2c}}}}}, 0x28}}, 0x40) 5.315402577s ago: executing program 2 (id=2659): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0x13, &(0x7f0000000680)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000040000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41002, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f0000000180)='sys_enter\x00', r0}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000008fd8850000000400000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kmem_cache_free\x00', r1}, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x107042, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x60142, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff) r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) sendmsg$ETHTOOL_MSG_COALESCE_SET(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000180)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000000000001400000008000f00fc00000018000180140002006e657464657673696d300000000000000800060000fcffff08000900fc000000080011000700000008000e00800000000800", @ANYRES64=r4], 0x5c}, 0x1, 0x0, 0x0, 0x4000800}, 0x88010) 4.002492961s ago: executing program 3 (id=2661): r0 = syz_open_dev$sndctrl(&(0x7f0000000080), 0x0, 0xc8080) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f0000000000)=0x639) readv(r0, &(0x7f0000000180)=[{&(0x7f0000000200)=""/147, 0x93}], 0x1) 3.884145285s ago: executing program 2 (id=2662): sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0}, 0x18) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={&(0x7f0000000240)=@newsa={0x180, 0x10, 0x1, 0x0, 0x0, {{@in=@private=0xa010100, @in=@initdev={0xac, 0x1e, 0x1, 0x0}, 0x0, 0x0, 0x2000, 0x0, 0x2}, {@in=@empty, 0x0, 0x6c}, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, {0x200000000, 0x0, 0x7, 0x0, 0x3000000000, 0x0, 0x1000000000000000}, {0x0, 0x4}, {}, 0x70bd2a, 0x0, 0xa, 0x1, 0x6}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @algo_crypt={0x48, 0x2, {{'pcbc(fcrypt)\x00'}}}]}, 0x180}, 0x1, 0x0, 0x0, 0x1}, 0x20000000) 3.839974198s ago: executing program 0 (id=2663): ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="19000000040000000400000008"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r0}, &(0x7f00000004c0), &(0x7f0000001c40)=r1}, 0x20) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r5) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB, @ANYRES16=r6, @ANYBLOB="796e00000000001346991fc525"], 0x14}}, 0x4000054) 2.860785101s ago: executing program 3 (id=2664): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000001fc0)=@newtaction={0x334, 0x30, 0xc96f2b0dc02612b1, 0x71bd23, 0x25dfdbff, {}, [{0x320, 0x1, [@m_bpf={0x2c, 0x6, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x3}}}}, @m_csum={0xbc, 0x14, 0x0, 0x0, {{0x9}, {0x90, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x7fff, 0x2, 0x2, 0x1000, 0x8}, 0x52}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x2, 0x3, 0x8, 0x1, 0xa}, 0x33}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x0, 0x80, 0xffffffffffffffff, 0x48fe, 0x2}, 0x11}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x4, 0xfffffffa, 0xffffffffffffffff, 0xd49, 0x100}, 0x78}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x4, 0x3e5, 0x4, 0x3, 0x1}, 0x21}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x3, 0x3}}}}, @m_csum={0x15c, 0x19, 0x0, 0x0, {{0x9}, {0x4}, {0x12d, 0x6, "f0b8bf92cf8611111a0ff27fcc8825ca405600cfd0f6876d2892df6b5723118bb7d9d86de0a2706031cc8c62f7d1baf9b04f3a9ed11665c75023f87c16ce970413ede5e5f6782d0d17be877ac54c09075ed841c7daeddf3395a210eab4335ed3bcb36fe1598dc94259da01363ad59d8dc384cb8fe469869c99849bd0d19e999b2e8f62d563a2dcea91347cdc754302a566d6d8b7de1368972acbf9cfbdc3db5b71ceed91d4e9613e9cbf5e1ca71f3bf3b25cdf1ce11e5843ff89da11b01cf0b27474847e4fd8e648244e0dc6b3b99b8089d418ec3d6d27aa68b96ef236cc10ce12fb9c2fcd2426620f308c5e7fdb41bd5c78d6dfc482d978b6e7840a4280feab0b46813e74f89578a8084202486b4337e82b2790e39812421153e3352d7c704aa7333c65f298e8ce34"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}, @m_skbmod={0xd8, 0xd, 0x0, 0x0, {{0xb}, {0x90, 0x2, 0x0, 0x1, [@TCA_SKBMOD_SMAC={0xa, 0x4, @multicast}, @TCA_SKBMOD_ETYPE={0x6, 0x5, 0x5}, @TCA_SKBMOD_PARMS={0x24, 0x2, {{0x6, 0xfffffffd, 0x4, 0x9, 0x4}, 0xb}}, @TCA_SKBMOD_PARMS={0x24, 0x2, {{0xa, 0x3d5, 0x1, 0x101, 0x3ff}, 0x9}}, @TCA_SKBMOD_PARMS={0x24, 0x2, {{0xd06a, 0x3, 0x5, 0x0, 0x986}, 0xe}}, @TCA_SKBMOD_DMAC={0xa, 0x3, @broadcast}]}, {0x1d, 0x6, "8c7537c88dc5f9f594de6d41eb6b1259fbc1655d0043e27dfc"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}]}]}, 0x334}, 0x1, 0x0, 0x0, 0x4004000}, 0x0) r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x64}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/106, 0x6a}, {&(0x7f0000000980)=""/73, 0x49}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f00000007c0)=""/154, 0x9a}, {&(0x7f00000001c0)=""/17, 0x11}], 0x7, &(0x7f0000000600)=""/191, 0xbf}}], 0x1, 0x0, &(0x7f0000003700)={0x77359400}) 2.860033602s ago: executing program 4 (id=2665): r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001000000800000", @ANYRES32=0x0, @ANYBLOB='\x00'/13, @ANYRES32=0x0, @ANYRES32=0x0], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000003c0)={r2, 0xffffffffffffffff}, 0x4) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x1f, 0x1d, &(0x7f0000000700)=@framed={{0x18, 0x0, 0x0, 0x0, 0x6}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x3}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r3}}, @snprintf={{}, {0x3, 0x3, 0x6, 0xa, 0xa, 0xfff8, 0xf1}, {0x5}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r2}, {}, {0x85, 0x0, 0x0, 0x6a}}]}, &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x10, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000}, 0x94) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000008280), r4) sendmsg$DEVLINK_CMD_SB_POOL_GET(r4, &(0x7f00000084c0)={0x0, 0x0, &(0x7f0000008480)={&(0x7f00000082c0)={0x44, r5, 0x1, 0x70bd26, 0x25dfdbfd, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xfffffffffffffe51, 0xb, 0x8001}, {0x6, 0x11, 0x40}}]}, 0x44}, 0x1, 0x0, 0x0, 0x24000084}, 0x40080) listen(0xffffffffffffffff, 0x0) r6 = socket(0x28, 0x5, 0x0) connect$vsock_stream(r6, &(0x7f0000000080), 0x10) recvmsg$can_bcm(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000001500)=[{&(0x7f0000000280)=""/4096, 0x1000}], 0x1}, 0x20000100) shutdown(r6, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000002900)={0x2020}, 0x2020) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x1) 2.822454154s ago: executing program 0 (id=2666): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$VIDIOC_ENUM_FMT(0xffffffffffffffff, 0xc0405602, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) keyctl$clear(0x7, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) keyctl$KEYCTL_PKEY_SIGN(0x1b, 0x0, 0x0, &(0x7f0000002200), 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x9df6c000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, 0x0, 0x0, 0x2, 0x0) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) r5 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) mq_notify(r5, &(0x7f0000000000)={0x110c230000, 0x3, 0x2}) r6 = syz_open_dev$loop(&(0x7f0000000100), 0x6, 0x0) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) write$binfmt_misc(r7, &(0x7f0000000040), 0xe09) ioctl$LOOP_CONFIGURE(r6, 0x4c0a, &(0x7f00000002c0)={r7, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd000000801900", [0x0, 0x2000000000001]}}) bind$inet6(r4, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r4, 0x84, 0x13, &(0x7f0000000440)=0x8, 0x4) sendto$inet6(r4, &(0x7f0000847fff), 0x0, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001ac0)=@newlink={0x28, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8000}, [@IFLA_NUM_RX_QUEUES={0x8, 0x20, 0x1}]}, 0x28}}, 0x0) 2.752987424s ago: executing program 3 (id=2667): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(r1, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0x4) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000500), 0x4) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, 0x0, 0x0) sendmmsg$inet(r1, &(0x7f0000000d40), 0x0, 0xf000000) setsockopt$sock_int(r1, 0x1, 0x20, &(0x7f0000000000)=0x7fffffff, 0x4) ioctl$FBIOGET_FSCREENINFO(0xffffffffffffffff, 0x4602, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f00000004c0)='cgroup2\x00', 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) r2 = socket$can_j1939(0x1d, 0x2, 0x7) recvmsg$can_j1939(r2, &(0x7f00000003c0)={&(0x7f0000000280)=@tipc=@id, 0x80, &(0x7f0000000380)=[{&(0x7f0000000080)=""/62, 0x3e}, {&(0x7f0000000300)=""/65, 0x41}], 0x2}, 0x12102) socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$kcm(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000e40)="d8000000180081064a81f782da02b904021d080400007c09e8fe55a10a0015c0050014a603600e1208000f0000000401a00016009a00014004000000036010fab94dcf5c0461c1d6900094007134cf6ee080000190d0a2ac922353a606487ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00320db70103000040", 0xa2}], 0x1}, 0x48084) r3 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) getdents64(r3, 0x0, 0x20000) 2.500859117s ago: executing program 4 (id=2668): r0 = socket$kcm(0x10, 0x400000002, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = socket(0x400000000010, 0x3, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0x0, 0x1}, {0xffff, 0xffff}, {0xffff, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x4000) sendmsg$nl_route_sched(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=@newtfilter={0x38, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x0, 0xf}, {}, {0xf, 0x9}}, [@filter_kind_options=@f_matchall={{0xd}, {0x4}}]}, 0x38}, 0x1, 0x0, 0x0, 0x24000014}, 0x20084084) sendmsg$inet(r0, &(0x7f0000000100)={0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000140)="600000002e000d190a762d7f089e", 0xfca2}, {&(0x7f0000000280)="68cabf2dfb58fc0a1d6b689866f05d490d010088a8ffff0200258f2e4409b8f9e6aaeb88bea123dc2c6726e89b1ae2f6e8bcb5ee52dcd7298d39093c510293bca0b646a3ce904f6e6b788b3204c233e60ddc", 0x52}], 0x2}, 0x0) 2.472675467s ago: executing program 1 (id=2669): syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_WDS_PEER(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8c5}, 0x850) syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb08004c000078ac1414000a010100441405", @ANYRES32=0x41424344], 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000012c0)={0xe, 0x3, &(0x7f0000000180)=@framed, 0x0, 0x7}, 0x94) r0 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d77f10", 0x8, 0xfffffffffffffffe) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="480000001000050400", @ANYBLOB="ebffffff"], 0x48}, 0x1, 0x0, 0x0, 0x4000011}, 0x0) r1 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0) add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = dup(r3) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r3, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) 2.165052674s ago: executing program 3 (id=2670): r0 = creat(&(0x7f00000002c0)='./file0\x00', 0x0) r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003900)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b07080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf5af51d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa16509945ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000cf7b6c4ba9bec153d6834bfef080df374703a8ff56a63ec1fe5f2e05a79e3cace7283dd68d41e94420c325fe4dae144fde5ec25a87d625cab20753a77b323fa3783c8b675859b9012647885a242adfee2fe812ecbe5191e0a15142f7349e7627cc39d724e2e34e7a24154f26ae3125b36d0504965295d0453902ac7079b11a3a1e655e482331e3dc35b2e7e4e3ea99064fe5b9c8ae0ca3e5fd653f3286a99d81ce4eba765c38d097391ad4babac38ce5b4344e24a361cd54e5"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x2e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0, r2}, 0x18) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xa, 0x0, 0x0) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0) ioctl$IOMMU_IOAS_MAP$PAGES(r1, 0x3b85, &(0x7f00000000c0)={0x28, 0x3, 0x0, 0x0, &(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2}) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r1, 0x3ba0, &(0x7f00000001c0)={0x48, 0x5, 0x0, 0x0, 0xffffffffffffffff}) ioctl$IOMMU_TEST_OP_ACCESS_RW(r1, 0x3ba0, &(0x7f0000000300)={0x48, 0x8, r6, 0x0, 0x2fff, 0x2, &(0x7f0000000380)='jr', 0x1}) write$qrtrtun(r0, &(0x7f0000000300)="ca0e808bb35bda", 0x7) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r7, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)={0x1c, 0x1, 0x4, 0x101, 0x0, 0x0, {0xd, 0x0, 0x4}, [@NFULA_CFG_CMD={0x5, 0x1, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x44084) sendmsg$NFULNL_MSG_CONFIG(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x1c, 0x1, 0x4, 0x401, 0x0, 0x0, {0x3, 0x0, 0x4}, [@NFULA_CFG_FLAGS={0x6}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4040000}, 0x40) 1.928969784s ago: executing program 4 (id=2671): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0, 0x0, 0xfffffffffffffffc}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, 0x0) r4 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2) ioctl$VIDIOC_CREATE_BUFS(r4, 0xc100565c, &(0x7f00000013c0)={0x0, 0x2, 0x2, {0x5, @vbi={0x0, 0x0, 0x4, 0x0, [], [0x8200], 0x1}}}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) r5 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r5, 0x3ba0, 0x0) ioctl$IOMMU_HWPT_ALLOC$TEST(r5, 0x3b89, 0x0) ioctl$IOMMU_DESTROY$hwpt(r5, 0x3b80, 0x0) r6 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r6, 0x0, 0x0) listen(r6, 0xfffffffc) r7 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r7, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, r9, 0x7}, 0x14}}, 0x0) 806.99728ms ago: executing program 0 (id=2672): sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, 0x0) r3 = syz_init_net_socket$ax25(0x3, 0x5, 0xc4) ioctl$sock_inet_SIOCGIFADDR(r3, 0x8915, 0x0) 805.952064ms ago: executing program 3 (id=2673): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = socket$inet6(0xa, 0x3, 0x8000000003c) write$tun(0xffffffffffffffff, &(0x7f0000000180)={@val={0x4}, @void, @ipv6=@tcp={0x4, 0x6, "92c18a", 0x3c9, 0x6, 0x1, @private2, @dev={0xfe, 0x80, '\x00', 0x38}, {[@hopopts={0x87, 0x26, '\x00', [@padn={0x1, 0x3, [0x0, 0x0, 0x0]}, @calipso={0x7, 0x20, {0x1, 0x6, 0xff, 0x1, [0x0, 0x5, 0xffffffffffffffff]}}, @calipso={0x7, 0x40, {0x2, 0xe, 0x20, 0x7ff, [0xef05, 0x6, 0x2, 0x401, 0x6, 0x12000000000000, 0xb114]}}, @calipso={0x7, 0x48, {0x3, 0x10, 0x6, 0x2, [0xfffffffffffffffe, 0x2, 0x392, 0x2, 0x4, 0x6, 0x0, 0x8]}}, @padn={0x1, 0x2, [0x0, 0x0]}, @generic={0x9, 0x34, "ff63f26d0d19f9060e4c7e6237aa5a13999be762bf40dece355417f834c71a6013614ca5b9e637ae3a61560cd2c693abe2511a5c"}, @calipso={0x7, 0x38, {0x1, 0xc, 0x5, 0xdf, [0x2, 0x10, 0x5, 0x400, 0xfee, 0x3]}}, @jumbo={0xc2, 0x4, 0x5}, @ra={0x5, 0x2, 0x8}]}, @dstopts={0x0, 0x4, '\x00', [@padn={0x1, 0x4, [0x0, 0x0, 0x0, 0x0]}, @pad1, @pad1, @hao={0xc9, 0x10, @remote}, @pad1]}, @hopopts={0x5e, 0xd, '\x00', [@padn={0x1, 0x1, [0x0]}, @calipso={0x7, 0x20, {0x3, 0x6, 0x27, 0x3, [0x5, 0x6, 0x5]}}, @generic={0x9c, 0x43, "db4746635930219148a69a891531f135f255c90366a90fbe8652fea87dc37aa50afb9fef42a07201464f16e2caa54cc7aadb3424ef997cc01b7e8613fdc10359b534a4"}, @pad1]}, @routing={0x0, 0xa, 0x1, 0xc, 0x0, [@mcast1, @dev={0xfe, 0x80, '\x00', 0x20}, @dev={0xfe, 0x80, '\x00', 0x16}, @mcast2, @private0]}, @hopopts={0xff, 0x0, '\x00', [@ra={0x5, 0x2, 0x7}]}, @fragment={0x32, 0x0, 0x1, 0x1, 0x0, 0x0, 0x67}, @dstopts={0x6c, 0xc, '\x00', [@padn={0x1, 0x4, [0x0, 0x0, 0x0, 0x0]}, @jumbo={0xc2, 0x4, 0x6}, @ra={0x5, 0x2, 0x3}, @generic={0x5, 0x4d, "f8e1088de74a9736675ba6c13a9aa78e66e95e65d733e559db16368a4211d44c9e3aa72696be84b8ab0f94060de3e666a8fe30880d8f3dd372fef7105f4d7013934899ccd556b3c93428adac48"}, @padn]}, @hopopts={0x88}, @routing={0x3b, 0x6, 0x0, 0x8, 0x0, [@empty, @empty, @empty]}], {{0x4e24, 0x4e21, 0x41424344, 0x41424344, 0x0, 0x0, 0xf, 0x0, 0xed, 0x0, 0xc2, {[@generic={0x5, 0xc, "f7724179cc15d2127a37"}, @mptcp=@synack={0x1e, 0x10, 0x1, 0x2, 0x0, 0x5, 0x2}, @window={0x3, 0x3, 0x4}, @exp_smc={0xfe, 0x6}]}}, {"990026a33c4aaacccc53bdae7b6e2d9d2a9bede9bdfee8974b4f4a7c7a58c99f38dd3db87af3f1dbf34da7c69223b8ec74ee5a47cca15ea5bb9f557add2011b429415583efaca5da7492e7f62f0e4a905fe8b2640584b4c5a89b4fd7661c3abe9451e884f52935ffe6e9f732ba22fb76916e0edcf6d901acbde11f6a656613283ade375143"}}}}}, 0x3f5) connect$inet6(r1, &(0x7f0000000140)={0xa, 0x0, 0x0, @empty, 0x8}, 0x1c) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x408, 0xd0, 0xffffffff, 0xffffffff, 0xd0, 0xffffffff, 0x338, 0xffffffff, 0xffffffff, 0x338, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'dvmrp0\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00', {}, {}, 0x0, 0x0, 0x0, 0x30}, 0x0, 0x238, 0x268, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@rt={{0x138}, {0xf, [0xd, 0x4], 0x0, 0x4, 0x6, [@empty, @private0, @loopback, @ipv4={'\x00', '\xff\xff', @loopback}, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @empty, @mcast2, @empty, @dev={0xfe, 0x80, '\x00', 0x2d}, @mcast2, @mcast2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @mcast1, @loopback, @loopback, @mcast2], 0xa}}]}, @common=@unspec=@CONNMARK={0x30, 'CONNMARK\x00', 0x1, {0x0, 0x200}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x468) sendmsg(r1, &(0x7f00000000c0)={0x0, 0x9588, &(0x7f0000000100)=[{&(0x7f0000000000)="2c10", 0xffd8}], 0x1, 0x0, 0x0, 0x2c}, 0x44004) 111.099601ms ago: executing program 4 (id=2674): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeee, 0x8031, r0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './cgroup\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, 0x0, 0x0) close(0xffffffffffffffff) syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2) bpf$BPF_PROG_DETACH(0x9, 0x0, 0x0) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) fanotify_init(0x200, 0x0) r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/power/pm_test', 0x141a82, 0x0) sendfile(r4, r5, 0x0, 0x4) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 49.877149ms ago: executing program 1 (id=2675): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) syz_io_uring_setup(0x23b, 0x0, 0x0, 0x0) r2 = syz_open_dev$sndctrl(&(0x7f0000000080), 0x0, 0xc8080) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r2, 0xc0045516, &(0x7f0000000000)=0x639) syz_io_uring_setup(0x239, &(0x7f0000000200)={0x0, 0xc2d3, 0x10100, 0x2, 0x3}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) readv(r2, &(0x7f0000000180)=[{&(0x7f0000000200)=""/147, 0x93}], 0x1) 0s ago: executing program 3 (id=2676): ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="19000000040000000400000008"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r0}, &(0x7f00000004c0), &(0x7f0000001c40)=r1}, 0x20) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r5) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB, @ANYRES16=r6, @ANYBLOB="796e00000000001346991fc525"], 0x14}}, 0x4000054) kernel console output (not intermixed with test programs): 0, async page read [ 93.543368][ T6020] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 93.691462][ T6020] Buffer I/O error on dev nbd0, logical block 0, async page read [ 93.949692][ T6020] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 93.990967][ T6020] Buffer I/O error on dev nbd0, logical block 0, async page read [ 93.999638][ T6020] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 94.041037][ T6020] Buffer I/O error on dev nbd0, logical block 0, async page read [ 94.170696][ T6020] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 94.744215][ T6020] Buffer I/O error on dev nbd0, logical block 0, async page read [ 94.764212][ T6020] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 94.785123][ T6020] Buffer I/O error on dev nbd0, logical block 0, async page read [ 94.839630][ T6020] ldm_validate_partition_table(): Disk read failed. [ 94.865838][ T6020] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 94.980118][ T6020] Buffer I/O error on dev nbd0, logical block 0, async page read [ 94.990873][ T6020] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 95.001700][ T6020] Buffer I/O error on dev nbd0, logical block 0, async page read [ 95.015096][ T6020] Dev nbd0: unable to read RDB block 0 [ 95.032292][ T6020] nbd0: unable to read partition table [ 95.072363][ T5976] ldm_validate_partition_table(): Disk read failed. [ 95.079972][ T5976] Dev nbd0: unable to read RDB block 0 [ 95.082950][ T6020] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256 [ 95.112512][ T6020] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=0, location=0 [ 95.138654][ T5976] nbd0: unable to read partition table [ 95.142806][ T6020] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=1, location=1 [ 95.166783][ T6020] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512 [ 95.380037][ T6020] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256 [ 95.389885][ T5976] ldm_validate_partition_table(): Disk read failed. [ 95.408490][ T6020] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=2147483647, location=2147483647 [ 95.518973][ T6045] openvswitch: netlink: VXLAN extension message has 201 unknown bytes. [ 95.831870][ T5976] Dev nbd0: unable to read RDB block 0 [ 95.922285][ T6020] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=2147483391, location=2147483391 [ 95.930383][ T5976] nbd0: unable to read partition table [ 95.971057][ T6020] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=2147483646, location=2147483646 [ 96.057853][ T6020] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=2147483390, location=2147483390 [ 96.087906][ T5976] ldm_validate_partition_table(): Disk read failed. [ 96.334393][ T5976] Dev nbd0: unable to read RDB block 0 [ 96.341874][ T5976] nbd0: unable to read partition table [ 96.370085][ T6020] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=2147483645, location=2147483645 [ 97.230985][ T6020] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=2147483389, location=2147483389 [ 97.375392][ T6020] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=2147483497, location=2147483497 [ 97.389557][ T6020] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=2147483241, location=2147483241 [ 97.390100][ T5976] ldm_validate_partition_table(): Disk read failed. [ 97.429344][ T5976] Dev nbd0: unable to read RDB block 0 [ 97.445278][ T6020] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=2147483495, location=2147483495 [ 97.473126][ T5976] nbd0: unable to read partition table [ 97.480926][ T6020] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=2147483239, location=2147483239 [ 97.548902][ T6020] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512 [ 97.715134][ T6020] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=256, location=256 [ 97.727083][ T6020] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=1073741823, location=1073741823 [ 98.797038][ T6020] blk_print_req_error: 173 callbacks suppressed [ 98.797072][ T6020] I/O error, dev nbd0, sector 8589932536 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 98.907498][ T6020] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=1073741567, location=1073741567 [ 98.920524][ T6020] I/O error, dev nbd0, sector 8589934576 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 98.930778][ T6020] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=1073741822, location=1073741822 [ 99.023163][ T6020] I/O error, dev nbd0, sector 8589932528 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 99.249334][ T6020] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=1073741566, location=1073741566 [ 99.261132][ T6020] I/O error, dev nbd0, sector 8589934568 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 99.273033][ T6020] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=1073741821, location=1073741821 [ 99.284775][ T6020] I/O error, dev nbd0, sector 8589932520 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 99.296422][ T6020] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=1073741565, location=1073741565 [ 99.307633][ T6020] I/O error, dev nbd0, sector 8589933384 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 99.317869][ T6020] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=1073741673, location=1073741673 [ 99.329065][ T6020] I/O error, dev nbd0, sector 8589931336 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 99.339367][ T6020] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=1073741417, location=1073741417 [ 99.351448][ T6020] I/O error, dev nbd0, sector 8589933368 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 99.361587][ T6020] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=1073741671, location=1073741671 [ 99.372622][ T6020] I/O error, dev nbd0, sector 8589931320 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 99.383424][ T6020] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=1073741415, location=1073741415 [ 99.507209][ T6020] I/O error, dev nbd0, sector 4096 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 99.587360][ T6020] UDF-fs: error (device nbd0): udf_read_tagged: read failed, block=512, location=512 [ 99.681313][ T6073] loop6: detected capacity change from 0 to 7 [ 99.826058][ T6020] UDF-fs: warning (device nbd0): udf_fill_super: No partition found (1) [ 99.871989][ T6073] Dev loop6: unable to read RDB block 7 [ 99.877768][ T6073] loop6: AHDI p1 p2 p3 [ 99.882246][ T6073] loop6: partition table partially beyond EOD, truncated [ 99.892079][ T6073] loop6: p1 start 1601398130 is beyond EOD, truncated [ 99.899285][ T6073] loop6: p2 start 1702059890 is beyond EOD, truncated [ 100.363737][ T6069] kvm: kvm [6068]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0xc880 [ 100.372739][ T6069] kvm: kvm [6068]: vcpu0, guest rIP: 0x1b8 Unhandled WRMSR(0x11e) = 0xbe702111 [ 100.425598][ T6069] kvm: kvm [6068]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x187) = 0xa088 [ 100.461233][ T6069] kvm: kvm [6068]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0xd1a8 [ 100.760822][ T6089] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 103.127610][ T6107] loop4: detected capacity change from 0 to 1024 [ 103.212100][ T6107] EXT4-fs: Ignoring removed orlov option [ 103.358794][ T6107] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 103.581558][ T30] audit: type=1800 audit(1752635233.748:2): pid=6107 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.37" name="file1" dev="loop4" ino=15 res=0 errno=0 [ 104.421239][ T5846] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 104.828787][ T6125] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 105.913100][ T6125] blkio.reset_stats is deprecated [ 109.255771][ T6156] loop8: detected capacity change from 0 to 7 [ 109.286409][ T6154] loop0: detected capacity change from 0 to 1024 [ 109.312539][ T5976] Dev loop8: unable to read RDB block 7 [ 109.319882][ T5976] loop8: AHDI p1 p3 p4 [ 109.329334][ T5976] loop8: partition table partially beyond EOD, truncated [ 109.346955][ T5976] loop8: p1 start 975770946 is beyond EOD, truncated [ 109.354864][ T5976] loop8: p3 start 6514546 is beyond EOD, truncated [ 109.366021][ T6156] Dev loop8: unable to read RDB block 7 [ 109.383397][ T6154] EXT4-fs: Ignoring removed orlov option [ 109.388158][ T6156] loop8: AHDI p1 p3 p4 [ 109.416451][ T6156] loop8: partition table partially beyond EOD, truncated [ 109.481774][ T6156] loop8: p1 start 975770946 is beyond EOD, truncated [ 109.489596][ T6156] loop8: p3 start 6514546 is beyond EOD, truncated [ 109.531199][ T6154] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 109.642548][ T30] audit: type=1800 audit(1752635239.828:3): pid=6154 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.50" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 110.011728][ T5844] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 110.173059][ T5850] hid (null): unknown global tag 0xe [ 110.655483][ T5850] hid (null): unknown global tag 0xe [ 110.683622][ T5850] hid (null): unknown global tag 0xe [ 110.693953][ T5850] hid (null): invalid report_count 617643861 [ 110.709993][ T5850] hid-generic 0DD1:B19E:FFFFFF00.0001: unknown global tag 0xe [ 110.748832][ T5850] hid-generic 0DD1:B19E:FFFFFF00.0001: item 0 0 1 14 parsing failed [ 110.784697][ T5850] hid-generic 0DD1:B19E:FFFFFF00.0001: probe with driver hid-generic failed with error -22 [ 113.145954][ T6208] loop0: detected capacity change from 0 to 1024 [ 113.171689][ T6208] EXT4-fs: Ignoring removed orlov option [ 113.325250][ T6208] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 113.360744][ T30] audit: type=1800 audit(1752635243.558:4): pid=6208 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.67" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 114.797218][ T5844] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 115.199684][ T6229] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 116.762502][ T5850] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 116.940631][ T5850] usb 1-1: Using ep0 maxpacket: 16 [ 116.953764][ T5850] usb 1-1: config 0 has no interfaces? [ 116.981876][ T5850] usb 1-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 117.014538][ T5850] usb 1-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 117.056548][ T5850] usb 1-1: Product: syz [ 117.165538][ T5850] usb 1-1: SerialNumber: syz [ 117.194329][ T5850] usb 1-1: config 0 descriptor?? [ 117.288078][ T6254] kAFS: No cell specified [ 118.574112][ T6259] loop3: detected capacity change from 0 to 1024 [ 118.590283][ T6259] EXT4-fs: Ignoring removed orlov option [ 118.683823][ T6259] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 118.699397][ T43] usb 1-1: USB disconnect, device number 2 [ 118.874981][ T5856] Bluetooth: hci0: command 0x0406 tx timeout [ 118.913099][ T6265] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 119.253211][ T30] audit: type=1800 audit(1752635249.438:5): pid=6259 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.82" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 119.440201][ T5847] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 121.577029][ T6299] loop0: detected capacity change from 0 to 1024 [ 121.642810][ T6299] EXT4-fs: Ignoring removed orlov option [ 121.648526][ T6304] loop2: detected capacity change from 0 to 1024 [ 121.661620][ T6304] ======================================================= [ 121.661620][ T6304] WARNING: The mand mount option has been deprecated and [ 121.661620][ T6304] and is ignored by this kernel. Remove the mand [ 121.661620][ T6304] option from the mount to silence this warning. [ 121.661620][ T6304] ======================================================= [ 121.775312][ T6299] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 121.806908][ T6304] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 121.820566][ T6304] ext4 filesystem being mounted at /21/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 121.844045][ T6304] EXT4-fs error (device loop2): ext4_map_blocks:814: inode #15: block 3: comm syz.2.98: lblock 3 mapped to illegal pblock 3 (length 13) [ 121.898950][ T6304] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 13 with error 117 [ 122.370521][ T30] audit: type=1800 audit(1752635252.158:6): pid=6299 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.97" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 122.398526][ T6304] EXT4-fs (loop2): This should not happen!! Data will be lost [ 122.398526][ T6304] [ 122.490871][ T6311] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #15: block 3: comm syz.2.98: lblock 3 mapped to illegal pblock 3 (length 1) [ 122.578266][ T6302] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #15: block 3: comm syz.2.98: lblock 3 mapped to illegal pblock 3 (length 1) [ 122.842335][ T6311] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #15: block 3: comm syz.2.98: lblock 3 mapped to illegal pblock 3 (length 1) [ 123.110545][ T6302] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #15: block 3: comm syz.2.98: lblock 3 mapped to illegal pblock 3 (length 1) [ 123.152154][ T5844] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 123.307961][ T6311] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #15: block 3: comm syz.2.98: lblock 3 mapped to illegal pblock 3 (length 1) [ 123.387236][ T6302] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #15: block 3: comm syz.2.98: lblock 3 mapped to illegal pblock 3 (length 1) [ 123.431440][ T6311] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #15: block 3: comm syz.2.98: lblock 3 mapped to illegal pblock 3 (length 1) [ 123.556646][ T6302] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #15: block 3: comm syz.2.98: lblock 3 mapped to illegal pblock 3 (length 1) [ 123.629402][ T6311] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #15: block 3: comm syz.2.98: lblock 3 mapped to illegal pblock 3 (length 1) [ 124.206815][ T6334] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 125.134424][ T5858] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 126.688162][ T6351] loop0: detected capacity change from 0 to 1024 [ 126.717156][ T6351] EXT4-fs: Ignoring removed orlov option [ 126.883429][ T6351] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 126.998791][ T6366] random: crng reseeded on system resumption [ 127.022550][ T30] audit: type=1800 audit(1752635257.218:7): pid=6351 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.112" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 127.159074][ T5844] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 127.478788][ T6379] netlink: 188 bytes leftover after parsing attributes in process `syz.4.121'. [ 128.750952][ T10] delete_channel: no stack [ 129.263465][ T6383] loop0: detected capacity change from 0 to 1024 [ 129.405175][ T6383] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 129.519787][ T6383] ext4 filesystem being mounted at /23/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 129.561377][ T123] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 129.761710][ T123] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 129.875946][ T123] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 129.984349][ T6394] EXT4-fs error (device loop0): ext4_map_blocks:814: inode #15: block 3: comm syz.0.120: lblock 3 mapped to illegal pblock 3 (length 13) [ 129.999159][ T123] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00 [ 130.037744][ T123] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 130.070273][ T6394] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 13 with error 117 [ 130.091982][ T123] usb 2-1: config 0 descriptor?? [ 130.173302][ T6394] EXT4-fs (loop0): This should not happen!! Data will be lost [ 130.173302][ T6394] [ 130.362276][ T6397] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 130.418792][ T6383] EXT4-fs error (device loop0): ext4_map_blocks:778: inode #15: block 3: comm syz.0.120: lblock 3 mapped to illegal pblock 3 (length 1) [ 130.472605][ T6391] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters [ 130.807575][ T6381] EXT4-fs error (device loop0): ext4_map_blocks:778: inode #15: block 3: comm syz.0.120: lblock 3 mapped to illegal pblock 3 (length 1) [ 130.845152][ T6383] EXT4-fs error (device loop0): ext4_map_blocks:778: inode #15: block 3: comm syz.0.120: lblock 3 mapped to illegal pblock 3 (length 1) [ 130.864518][ T6383] EXT4-fs error (device loop0): ext4_map_blocks:778: inode #15: block 3: comm syz.0.120: lblock 3 mapped to illegal pblock 3 (length 1) [ 131.077555][ T6383] EXT4-fs error (device loop0): ext4_map_blocks:778: inode #15: block 3: comm syz.0.120: lblock 3 mapped to illegal pblock 3 (length 1) [ 131.203276][ T6402] kernel read not supported for file /blkio.throttle.io_service_bytes_recursive (pid: 6402 comm: syz.1.125) [ 131.294275][ T30] audit: type=1800 audit(1752635261.408:8): pid=6402 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.125" name="blkio.throttle.io_service_bytes_recursive" dev="mqueue" ino=8746 res=0 errno=0 [ 131.957268][ T5844] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 132.810060][ T6408] loop2: detected capacity change from 0 to 1024 [ 132.827183][ T123] usbhid 2-1:0.0: can't add hid device: -71 [ 132.838404][ T123] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 132.855010][ T123] usb 2-1: USB disconnect, device number 2 [ 132.870275][ T6408] EXT4-fs: Ignoring removed orlov option [ 132.942645][ T6408] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 132.964539][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.967499][ T30] audit: type=1800 audit(1752635263.158:9): pid=6408 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.130" name="file1" dev="loop2" ino=15 res=0 errno=0 [ 132.980553][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.359862][ T5858] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 134.923625][ T6438] loop0: detected capacity change from 0 to 1024 [ 136.283550][ T6438] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 136.302929][ T6438] ext4 filesystem being mounted at /26/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 136.506252][ T6438] EXT4-fs error (device loop0): ext4_map_blocks:814: inode #15: block 3: comm syz.0.141: lblock 3 mapped to illegal pblock 3 (length 13) [ 136.588644][ T6456] Zero length message leads to an empty skb [ 136.829478][ T6438] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 13 with error 117 [ 136.860594][ T6438] EXT4-fs (loop0): This should not happen!! Data will be lost [ 136.860594][ T6438] [ 136.890738][ T6457] EXT4-fs error (device loop0): ext4_map_blocks:778: inode #15: block 3: comm syz.0.141: lblock 3 mapped to illegal pblock 3 (length 1) [ 136.963808][ T6437] EXT4-fs error (device loop0): ext4_map_blocks:778: inode #15: block 3: comm syz.0.141: lblock 3 mapped to illegal pblock 3 (length 1) [ 137.108431][ T6457] EXT4-fs error (device loop0): ext4_map_blocks:778: inode #15: block 3: comm syz.0.141: lblock 3 mapped to illegal pblock 3 (length 1) [ 137.127400][ T6437] EXT4-fs error (device loop0): ext4_map_blocks:778: inode #15: block 3: comm syz.0.141: lblock 3 mapped to illegal pblock 3 (length 1) [ 137.155926][ T6457] EXT4-fs error (device loop0): ext4_map_blocks:778: inode #15: block 3: comm syz.0.141: lblock 3 mapped to illegal pblock 3 (length 1) [ 137.175320][ T6437] EXT4-fs error (device loop0): ext4_map_blocks:778: inode #15: block 3: comm syz.0.141: lblock 3 mapped to illegal pblock 3 (length 1) [ 137.211089][ T6457] EXT4-fs error (device loop0): ext4_map_blocks:778: inode #15: block 3: comm syz.0.141: lblock 3 mapped to illegal pblock 3 (length 1) [ 137.285241][ T6437] EXT4-fs error (device loop0): ext4_map_blocks:778: inode #15: block 3: comm syz.0.141: lblock 3 mapped to illegal pblock 3 (length 1) [ 137.382506][ T6437] EXT4-fs error (device loop0): ext4_map_blocks:778: inode #15: block 3: comm syz.0.141: lblock 3 mapped to illegal pblock 3 (length 1) [ 137.987712][ T6472] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 138.571193][ T5844] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 139.837594][ T6492] netlink: 16 bytes leftover after parsing attributes in process `syz.2.153'. [ 140.899293][ T6503] tty tty28: ldisc open failed (-12), clearing slot 27 [ 143.089943][ T30] audit: type=1326 audit(1752635272.728:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6517 comm="syz.2.165" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcd76d8e929 code=0x7ffc0000 [ 143.682126][ T30] audit: type=1326 audit(1752635272.728:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6517 comm="syz.2.165" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcd76d8e929 code=0x7ffc0000 [ 143.704217][ C0] vkms_vblank_simulate: vblank timer overrun [ 143.717158][ T30] audit: type=1326 audit(1752635272.728:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6517 comm="syz.2.165" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fcd76d8e929 code=0x7ffc0000 [ 143.739237][ C0] vkms_vblank_simulate: vblank timer overrun [ 143.749272][ T30] audit: type=1326 audit(1752635272.728:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6517 comm="syz.2.165" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcd76d8e929 code=0x7ffc0000 [ 143.771353][ C0] vkms_vblank_simulate: vblank timer overrun [ 143.782121][ T30] audit: type=1326 audit(1752635272.728:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6517 comm="syz.2.165" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcd76d8e929 code=0x7ffc0000 [ 143.804187][ C0] vkms_vblank_simulate: vblank timer overrun [ 143.810889][ T30] audit: type=1326 audit(1752635272.728:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6517 comm="syz.2.165" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fcd76d8d58a code=0x7ffc0000 [ 143.852194][ T30] audit: type=1326 audit(1752635272.728:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6517 comm="syz.2.165" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fcd76dc11e5 code=0x7ffc0000 [ 143.923705][ T6531] netlink: 8 bytes leftover after parsing attributes in process `syz.1.169'. [ 143.965693][ T6531] netlink: 8 bytes leftover after parsing attributes in process `syz.1.169'. [ 143.974845][ T30] audit: type=1326 audit(1752635272.938:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6517 comm="syz.2.165" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcd76d8e929 code=0x7ffc0000 [ 144.052243][ T30] audit: type=1326 audit(1752635272.968:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6517 comm="syz.2.165" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcd76d8e929 code=0x7ffc0000 [ 144.174337][ T30] audit: type=1326 audit(1752635272.998:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6517 comm="syz.2.165" exe="/root/syz-executor" sig=0 arch=c000003e syscall=254 compat=0 ip=0x7fcd76d8e929 code=0x7ffc0000 [ 151.414299][ T6621] netlink: 48 bytes leftover after parsing attributes in process `syz.0.192'. [ 151.423686][ T6621] netlink: 48 bytes leftover after parsing attributes in process `syz.0.192'. [ 151.434172][ T6621] netlink: 48 bytes leftover after parsing attributes in process `syz.0.192'. [ 154.534621][ T5950] IPVS: starting estimator thread 0... [ 154.981057][ T6662] IPVS: using max 33 ests per chain, 79200 per kthread [ 155.911322][ T5856] Bluetooth: hci5: command 0x1003 tx timeout [ 155.935589][ T5848] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 161.043661][ T6733] openvswitch: netlink: Flow actions attr not present in new flow. [ 161.926286][ T6750] netlink: 28 bytes leftover after parsing attributes in process `syz.0.234'. [ 161.939954][ T6750] netlink: 28 bytes leftover after parsing attributes in process `syz.0.234'. [ 162.047470][ T6746] netlink: 8 bytes leftover after parsing attributes in process `syz.4.227'. [ 163.840567][ T93] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 164.397085][ T93] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 164.421297][ T93] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 164.431873][ T93] usb 3-1: New USB device found, idVendor=0079, idProduct=1846, bcdDevice= 0.00 [ 164.441501][ T93] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 164.485351][ T93] usb 3-1: config 0 descriptor?? [ 166.052187][ T93] usbhid 3-1:0.0: can't add hid device: -71 [ 166.069271][ T93] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 166.092170][ T93] usb 3-1: USB disconnect, device number 2 [ 166.254777][ T6800] sctp: [Deprecated]: syz.2.252 (pid 6800) Use of struct sctp_assoc_value in delayed_ack socket option. [ 166.254777][ T6800] Use struct sctp_sack_info instead [ 166.704831][ T6805] Set syz1 is full, maxelem 1038 reached [ 166.859324][ T6809] trusted_key: encrypted_key: insufficient parameters specified [ 166.888229][ T6809] trusted_key: encrypted_key: insufficient parameters specified [ 167.798390][ T6816] No buffer was provided with the request [ 168.313905][ T6826] hub 8-0:1.0: USB hub found [ 168.321462][ T6826] hub 8-0:1.0: 1 port detected [ 168.350309][ T6826] capability: warning: `syz.4.259' uses 32-bit capabilities (legacy support in use) [ 170.421763][ T6854] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 172.165897][ T6862] netlink: 'syz.1.272': attribute type 1 has an invalid length. [ 172.635057][ T30] kauditd_printk_skb: 8 callbacks suppressed [ 172.635093][ T30] audit: type=1326 audit(1752635302.818:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6858 comm="syz.3.271" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd1c1d8e929 code=0x7ffc0000 [ 173.053115][ T30] audit: type=1326 audit(1752635302.818:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6858 comm="syz.3.271" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd1c1d8e929 code=0x7ffc0000 [ 173.082657][ T30] audit: type=1326 audit(1752635302.818:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6858 comm="syz.3.271" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd1c1d8e929 code=0x7ffc0000 [ 173.186132][ T30] audit: type=1326 audit(1752635302.818:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6858 comm="syz.3.271" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd1c1d8e929 code=0x7ffc0000 [ 173.209565][ T30] audit: type=1326 audit(1752635302.828:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6858 comm="syz.3.271" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd1c1d8e929 code=0x7ffc0000 [ 173.283126][ T30] audit: type=1326 audit(1752635302.828:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6858 comm="syz.3.271" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fd1c1d8d58a code=0x7ffc0000 [ 173.309397][ T30] audit: type=1326 audit(1752635302.828:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6858 comm="syz.3.271" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fd1c1dc11e5 code=0x7ffc0000 [ 173.406849][ T30] audit: type=1326 audit(1752635303.028:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6858 comm="syz.3.271" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd1c1d8e929 code=0x7ffc0000 [ 173.438540][ T30] audit: type=1326 audit(1752635303.028:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6858 comm="syz.3.271" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd1c1d8e929 code=0x7ffc0000 [ 173.628085][ T6875] netlink: 12 bytes leftover after parsing attributes in process `syz.4.273'. [ 173.980580][ T30] audit: type=1326 audit(1752635303.028:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6858 comm="syz.3.271" exe="/root/syz-executor" sig=0 arch=c000003e syscall=254 compat=0 ip=0x7fd1c1d8e929 code=0x7ffc0000 [ 174.030315][ T6874] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 177.727126][ T30] kauditd_printk_skb: 8 callbacks suppressed [ 178.196676][ T30] audit: type=1326 audit(1752635307.778:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6910 comm="syz.0.287" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c62b8e929 code=0x7ffc0000 [ 178.274226][ T30] audit: type=1326 audit(1752635307.778:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6910 comm="syz.0.287" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c62b8e929 code=0x7ffc0000 [ 178.340670][ T30] audit: type=1326 audit(1752635307.778:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6910 comm="syz.0.287" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9c62b8e929 code=0x7ffc0000 [ 178.445055][ T30] audit: type=1326 audit(1752635307.778:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6910 comm="syz.0.287" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c62b8e929 code=0x7ffc0000 [ 178.516488][ T30] audit: type=1326 audit(1752635307.778:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6910 comm="syz.0.287" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c62b8e929 code=0x7ffc0000 [ 178.540233][ T30] audit: type=1326 audit(1752635307.778:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6910 comm="syz.0.287" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f9c62b8d58a code=0x7ffc0000 [ 178.568907][ T30] audit: type=1326 audit(1752635307.778:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6910 comm="syz.0.287" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f9c62bc11e5 code=0x7ffc0000 [ 178.655996][ T30] audit: type=1326 audit(1752635307.978:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6910 comm="syz.0.287" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c62b8e929 code=0x7ffc0000 [ 179.401739][ T30] audit: type=1326 audit(1752635307.988:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6910 comm="syz.0.287" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c62b8e929 code=0x7ffc0000 [ 179.475341][ T30] audit: type=1326 audit(1752635307.988:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6910 comm="syz.0.287" exe="/root/syz-executor" sig=0 arch=c000003e syscall=254 compat=0 ip=0x7f9c62b8e929 code=0x7ffc0000 [ 180.441238][ T6933] syz.2.289 (6933) used greatest stack depth: 16856 bytes left [ 180.672799][ T6943] process 'syz.2.293' launched './file2' with NULL argv: empty string added [ 184.614134][ T6983] syz.2.303 uses obsolete (PF_INET,SOCK_PACKET) [ 184.750173][ T6985] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 185.210402][ T7002] loop8: detected capacity change from 0 to 7 [ 185.250423][ T7002] Dev loop8: unable to read RDB block 7 [ 185.271173][ T7002] loop8: AHDI p1 p3 p4 [ 185.308820][ T7002] loop8: partition table partially beyond EOD, truncated [ 185.319546][ T7002] loop8: p1 start 975770946 is beyond EOD, truncated [ 185.327063][ T7002] loop8: p3 start 6514546 is beyond EOD, truncated [ 185.688978][ T7009] warning: `syz.1.307' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 188.976708][ T7034] bridge0: port 2(bridge_slave_1) entered disabled state [ 188.985447][ T7034] bridge0: port 1(bridge_slave_0) entered disabled state [ 189.005820][ T7034] netlink: 32 bytes leftover after parsing attributes in process `syz.3.320'. [ 189.019179][ T7034] netlink: 32 bytes leftover after parsing attributes in process `syz.3.320'. [ 189.623447][ T93] IPVS: starting estimator thread 0... [ 190.009363][ T7058] IPVS: using max 25 ests per chain, 60000 per kthread [ 193.290651][ T7104] netlink: 28 bytes leftover after parsing attributes in process `syz.4.348'. [ 193.330226][ T7106] IPVS: sync thread started: state = BACKUP, mcast_ifn = vcan0, syncid = 0, id = 0 [ 194.398825][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.405411][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 196.448225][ T7141] netlink: 20 bytes leftover after parsing attributes in process `syz.4.359'. [ 201.045823][ T7198] netlink: 8 bytes leftover after parsing attributes in process `syz.2.379'. [ 201.056255][ T7198] netlink: 8 bytes leftover after parsing attributes in process `syz.2.379'. [ 203.804651][ T7221] openvswitch: netlink: IP tunnel dst address not specified [ 206.730985][ T5167] Bluetooth: hci3: command 0x0406 tx timeout [ 206.737900][ T5848] Bluetooth: hci2: command 0x0406 tx timeout [ 206.744420][ T5167] Bluetooth: hci1: command 0x0406 tx timeout [ 206.745230][ T5865] Bluetooth: hci4: command 0x0406 tx timeout [ 212.515269][ T7295] 9pnet: p9_errstr2errno: server reported unknown error 184467440737095 [ 214.711631][ T7328] netlink: 8 bytes leftover after parsing attributes in process `syz.0.420'. [ 214.720580][ T7328] netlink: 'syz.0.420': attribute type 30 has an invalid length. [ 214.836944][ T7328] netlink: 8 bytes leftover after parsing attributes in process `syz.0.420'. [ 214.839358][ T49] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 214.845869][ T7328] netlink: 'syz.0.420': attribute type 30 has an invalid length. [ 215.492826][ T49] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 215.631743][ T49] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 215.690672][ T4553] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 217.054075][ T7356] netlink: 129704 bytes leftover after parsing attributes in process `syz.4.430'. [ 217.092329][ T7356] netlink: 16 bytes leftover after parsing attributes in process `syz.4.430'. [ 217.644565][ T30] kauditd_printk_skb: 8 callbacks suppressed [ 217.644581][ T30] audit: type=1326 audit(1752635347.818:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7358 comm="syz.3.432" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd1c1d8e929 code=0x7ffc0000 [ 217.682996][ T30] audit: type=1326 audit(1752635347.818:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7358 comm="syz.3.432" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd1c1d8e929 code=0x7ffc0000 [ 217.790594][ T30] audit: type=1326 audit(1752635347.818:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7358 comm="syz.3.432" exe="/root/syz-executor" sig=0 arch=c000003e syscall=273 compat=0 ip=0x7fd1c1d45647 code=0x7ffc0000 [ 217.961389][ T30] audit: type=1326 audit(1752635347.818:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7358 comm="syz.3.432" exe="/root/syz-executor" sig=0 arch=c000003e syscall=14 compat=0 ip=0x7fd1c1d456a6 code=0x7ffc0000 [ 218.623348][ T30] audit: type=1326 audit(1752635347.818:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7358 comm="syz.3.432" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fd1c1d8e52b code=0x7ffc0000 [ 218.773605][ T30] audit: type=1326 audit(1752635347.818:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7358 comm="syz.3.432" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7fd1c1d8e929 code=0x7ffc0000 [ 219.112418][ T30] audit: type=1326 audit(1752635347.818:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7358 comm="syz.3.432" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd1c1d8e929 code=0x7ffc0000 [ 219.216557][ T30] audit: type=1326 audit(1752635347.828:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7358 comm="syz.3.432" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd1c1d8e929 code=0x7ffc0000 [ 219.238803][ T30] audit: type=1326 audit(1752635347.878:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7358 comm="syz.3.432" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd1c1d8e929 code=0x7ffc0000 [ 219.261137][ T30] audit: type=1326 audit(1752635347.898:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7358 comm="syz.3.432" exe="/root/syz-executor" sig=0 arch=c000003e syscall=427 compat=0 ip=0x7fd1c1d8e929 code=0x7ffc0000 [ 219.538224][ T7391] loop8: detected capacity change from 0 to 7 [ 219.555981][ T7391] Dev loop8: unable to read RDB block 7 [ 219.572416][ T7391] loop8: unable to read partition table [ 219.579162][ T7391] loop8: partition table beyond EOD, truncated [ 219.590626][ T7391] loop_reread_partitions: partition scan of loop8 (þ被xüŸÑø éÚ¬§½dƤ´à–ƒÝ¡¯¨â·û [ 219.590626][ T7391] ) failed (rc=-5) [ 224.541889][ T7449] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 226.658467][ T7455] loop8: detected capacity change from 0 to 79 [ 228.266431][ T7492] loop6: detected capacity change from 0 to 7 [ 228.439592][ T7492] Dev loop6: unable to read RDB block 7 [ 228.445487][ T7492] loop6: AHDI p1 p2 p3 [ 228.449908][ T7492] loop6: partition table partially beyond EOD, truncated [ 228.458452][ T7492] loop6: p1 start 1601398130 is beyond EOD, truncated [ 228.465449][ T7492] loop6: p2 start 1702059890 is beyond EOD, truncated [ 228.969801][ T7502] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 229.579496][ T7499] bridge_slave_1: left allmulticast mode [ 229.610605][ T7499] bridge_slave_1: left promiscuous mode [ 229.616519][ T7499] bridge0: port 2(bridge_slave_1) entered disabled state [ 229.645552][ T7499] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check. [ 229.839097][ T7517] netlink: 132 bytes leftover after parsing attributes in process `syz.2.481'. [ 232.670170][ T7559] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 236.597540][ T7598] netlink: 172 bytes leftover after parsing attributes in process `syz.4.506'. [ 236.614332][ T7599] loop6: detected capacity change from 0 to 7 [ 236.675397][ T7599] Dev loop6: unable to read RDB block 7 [ 236.715819][ T7599] loop6: AHDI p1 p2 p3 [ 236.731512][ T7599] loop6: partition table partially beyond EOD, truncated [ 236.748598][ T7599] loop6: p1 start 1601398130 is beyond EOD, truncated [ 236.792416][ T7599] loop6: p2 start 1702059890 is beyond EOD, truncated [ 238.246238][ T7621] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 241.405842][ T30] kauditd_printk_skb: 5 callbacks suppressed [ 241.405878][ T30] audit: type=1326 audit(1752635371.588:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7633 comm="syz.2.518" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcd76d8e929 code=0x7ffc0000 [ 241.896231][ T30] audit: type=1326 audit(1752635371.588:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7633 comm="syz.2.518" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcd76d8e929 code=0x7ffc0000 [ 241.919045][ T30] audit: type=1326 audit(1752635371.588:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7633 comm="syz.2.518" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fcd76d8e929 code=0x7ffc0000 [ 242.000870][ T30] audit: type=1326 audit(1752635371.588:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7633 comm="syz.2.518" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcd76d8e929 code=0x7ffc0000 [ 242.053852][ T30] audit: type=1326 audit(1752635371.588:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7633 comm="syz.2.518" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcd76d8e929 code=0x7ffc0000 [ 242.158701][ T30] audit: type=1326 audit(1752635371.588:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7633 comm="syz.2.518" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fcd76d8d58a code=0x7ffc0000 [ 242.212785][ T30] audit: type=1326 audit(1752635371.588:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7633 comm="syz.2.518" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fcd76dc11e5 code=0x7ffc0000 [ 242.236690][ T7657] netlink: 'syz.3.525': attribute type 1 has an invalid length. [ 242.246430][ T7654] xt_l2tp: v2 tid > 0xffff: 4294967295 [ 242.329955][ T30] audit: type=1326 audit(1752635371.798:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7633 comm="syz.2.518" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcd76d8e929 code=0x7ffc0000 [ 242.634528][ T30] audit: type=1326 audit(1752635371.798:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7633 comm="syz.2.518" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcd76d8e929 code=0x7ffc0000 [ 242.670219][ T30] audit: type=1326 audit(1752635371.798:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7633 comm="syz.2.518" exe="/root/syz-executor" sig=0 arch=c000003e syscall=254 compat=0 ip=0x7fcd76d8e929 code=0x7ffc0000 [ 244.484088][ T10] IPVS: starting estimator thread 0... [ 244.870844][ T7682] IPVS: using max 27 ests per chain, 64800 per kthread [ 248.350183][ T7711] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 248.373056][ T7711] Bluetooth: hci1: Error when powering off device on rfkill (-4) [ 248.534889][ T7711] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 248.600608][ T7711] Bluetooth: hci2: Error when powering off device on rfkill (-4) [ 248.699488][ T7711] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 248.845135][ T7711] Bluetooth: hci4: Error when powering off device on rfkill (-4) [ 249.237604][ T7711] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 249.257568][ T7711] Bluetooth: hci3: Error when powering off device on rfkill (-4) [ 249.735087][ T123] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 250.398463][ T123] usb 2-1: Using ep0 maxpacket: 16 [ 250.498561][ T123] usb 2-1: config 0 has no interfaces? [ 250.682224][ T123] usb 2-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 250.727836][ T123] usb 2-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 250.763986][ T123] usb 2-1: Product: syz [ 250.954430][ T123] usb 2-1: SerialNumber: syz [ 250.968291][ T123] usb 2-1: config 0 descriptor?? [ 252.977389][ T10] usb 2-1: USB disconnect, device number 3 [ 253.064520][ T7795] loop6: detected capacity change from 0 to 7 [ 253.578919][ T7795] Dev loop6: unable to read RDB block 7 [ 253.587227][ T7795] loop6: AHDI p1 p2 p3 [ 253.592428][ T7795] loop6: partition table partially beyond EOD, truncated [ 253.599690][ T7795] loop6: p1 start 1601398130 is beyond EOD, truncated [ 253.606592][ T7795] loop6: p2 start 1702059890 is beyond EOD, truncated [ 256.149427][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.344252][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 258.510646][ T10] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 258.521243][ T5850] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 258.660690][ T10] usb 5-1: device descriptor read/64, error -71 [ 258.682252][ T5850] usb 2-1: Using ep0 maxpacket: 16 [ 258.689447][ T5850] usb 2-1: config 0 has no interfaces? [ 258.702588][ T5850] usb 2-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 258.719318][ T5850] usb 2-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 258.759674][ T5850] usb 2-1: Product: syz [ 258.782992][ T5850] usb 2-1: SerialNumber: syz [ 258.835238][ T5850] usb 2-1: config 0 descriptor?? [ 259.418418][ T10] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 259.724330][ T10] usb 5-1: device descriptor read/64, error -71 [ 260.057726][ T7870] netlink: 20 bytes leftover after parsing attributes in process `syz.2.579'. [ 260.071004][ T10] usb usb5-port1: attempt power cycle [ 260.970271][ T10] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 261.547636][ T43] usb 2-1: USB disconnect, device number 4 [ 261.998802][ T10] usb 5-1: device descriptor read/8, error -71 [ 264.445400][ T7915] o2cb: This node has not been configured. [ 264.452277][ T7915] o2cb: Cluster check failed. Fix errors before retrying. [ 264.459533][ T7915] (syz.3.587,7915,1):user_dlm_register:674 ERROR: status = -22 [ 264.468371][ T7915] (syz.3.587,7915,1):dlmfs_mkdir:438 ERROR: Error -22 could not register domain "file1" [ 265.335030][ T7927] netlink: 20 bytes leftover after parsing attributes in process `syz.2.593'. [ 265.431041][ T5850] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 265.610598][ T5850] usb 4-1: Using ep0 maxpacket: 16 [ 266.352484][ T5850] usb 4-1: config 0 has no interfaces? [ 266.359931][ T5850] usb 4-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 266.407323][ T5850] usb 4-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 266.504866][ T5850] usb 4-1: Product: syz [ 266.509078][ T5850] usb 4-1: SerialNumber: syz [ 266.857637][ T5850] usb 4-1: config 0 descriptor?? [ 269.536882][ T5968] usb 4-1: USB disconnect, device number 2 [ 269.942151][ T7964] xt_CT: You must specify a L4 protocol and not use inversions on it [ 272.704628][ T8001] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 275.658376][ T43] kernel write not supported for file /372/oom_adj (pid: 43 comm: kworker/1:1) [ 278.071755][ T8040] netlink: 'syz.4.619': attribute type 4 has an invalid length. [ 278.294612][ T30] kauditd_printk_skb: 8 callbacks suppressed [ 278.294629][ T30] audit: type=1326 audit(1752635407.958:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8032 comm="syz.0.620" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c62b8e929 code=0x7ffc0000 [ 278.336790][ T30] audit: type=1326 audit(1752635407.958:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8032 comm="syz.0.620" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c62b8e929 code=0x7ffc0000 [ 278.359361][ T30] audit: type=1326 audit(1752635407.958:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8032 comm="syz.0.620" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9c62b8e929 code=0x7ffc0000 [ 278.399875][ T30] audit: type=1326 audit(1752635407.958:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8032 comm="syz.0.620" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c62b8e929 code=0x7ffc0000 [ 278.485323][ T30] audit: type=1326 audit(1752635407.958:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8032 comm="syz.0.620" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c62b8e929 code=0x7ffc0000 [ 278.595705][ T30] audit: type=1326 audit(1752635407.958:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8032 comm="syz.0.620" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f9c62b8d58a code=0x7ffc0000 [ 278.707482][ T30] audit: type=1326 audit(1752635407.958:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8032 comm="syz.0.620" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f9c62bc11e5 code=0x7ffc0000 [ 278.790867][ T30] audit: type=1326 audit(1752635408.188:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8032 comm="syz.0.620" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c62b8e929 code=0x7ffc0000 [ 278.817085][ T30] audit: type=1326 audit(1752635408.188:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8032 comm="syz.0.620" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c62b8e929 code=0x7ffc0000 [ 278.898495][ T30] audit: type=1326 audit(1752635408.278:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8032 comm="syz.0.620" exe="/root/syz-executor" sig=0 arch=c000003e syscall=254 compat=0 ip=0x7f9c62b8e929 code=0x7ffc0000 [ 284.271238][ T8116] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 286.965549][ T8144] capability: warning: `syz.3.648' uses deprecated v2 capabilities in a way that may be insecure [ 290.487198][ T5850] IPVS: starting estimator thread 0... [ 290.790733][ T8151] IPVS: using max 52 ests per chain, 124800 per kthread [ 294.088383][ T8186] netlink: 152 bytes leftover after parsing attributes in process `syz.0.659'. [ 294.100793][ T8186] tipc: Started in network mode [ 294.105701][ T8186] tipc: Node identity fe80000000000000000000000000002a, cluster identity 4711 [ 294.122325][ T8186] tipc: Enabling of bearer rejected, failed to enable media [ 296.620057][ T8208] netlink: 'syz.3.666': attribute type 2 has an invalid length. [ 296.670917][ T8208] netlink: 'syz.3.666': attribute type 1 has an invalid length. [ 296.828313][ T8205] netlink: 20 bytes leftover after parsing attributes in process `syz.1.665'. [ 300.272943][ T8232] input: syz1 as /devices/virtual/input/input9 [ 301.261834][ T8245] netlink: 28 bytes leftover after parsing attributes in process `syz.1.678'. [ 301.298198][ T8245] netlink: 28 bytes leftover after parsing attributes in process `syz.1.678'. [ 301.317510][ T8245] dummy0: entered promiscuous mode [ 301.700990][ T8245] team0: entered promiscuous mode [ 301.806468][ T8245] team_slave_0: entered promiscuous mode [ 301.820282][ T8245] team_slave_1: entered promiscuous mode [ 301.843005][ T8254] tipc: Enabling of bearer rejected, failed to enable media [ 301.854459][ T8253] 9pnet: p9_errstr2errno: server reported unknown error 184467440737 [ 302.447078][ T8275] loop6: detected capacity change from 0 to 7 [ 302.946975][ T8275] Dev loop6: unable to read RDB block 7 [ 302.952834][ T8275] loop6: AHDI p1 p2 p3 [ 302.957045][ T8275] loop6: partition table partially beyond EOD, truncated [ 302.964350][ T8275] loop6: p1 start 1601398130 is beyond EOD, truncated [ 302.971182][ T8275] loop6: p2 start 1702059890 is beyond EOD, truncated [ 302.990313][ T8270] sp0: Synchronizing with TNC [ 304.860672][ T123] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 304.957894][ T8303] netlink: 40 bytes leftover after parsing attributes in process `syz.4.695'. [ 304.975876][ T8303] netlink: 40 bytes leftover after parsing attributes in process `syz.4.695'. [ 305.111023][ T123] usb 3-1: Using ep0 maxpacket: 16 [ 305.467851][ T123] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 305.513754][ T123] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 305.637770][ T123] usb 3-1: New USB device found, idVendor=05ac, idProduct=024b, bcdDevice= 0.00 [ 305.821291][ T123] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 305.967183][ T123] usb 3-1: config 0 descriptor?? [ 307.771603][ T123] apple 0003:05AC:024B.0002: unknown main item tag 0x6 [ 307.795285][ T123] apple 0003:05AC:024B.0002: ignoring exceeding usage max [ 307.957333][ T123] apple 0003:05AC:024B.0002: invalid report_size 16640 [ 307.988677][ T123] apple 0003:05AC:024B.0002: item 0 2 1 7 parsing failed [ 308.031623][ T123] apple 0003:05AC:024B.0002: parse failed [ 308.054516][ T123] apple 0003:05AC:024B.0002: probe with driver apple failed with error -22 [ 308.083979][ T8338] netlink: 20 bytes leftover after parsing attributes in process `syz.2.705'. [ 308.147683][ T123] usb 3-1: USB disconnect, device number 3 [ 309.299013][ T8348] loop1: detected capacity change from 0 to 1024 [ 309.452914][ T8348] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 309.513592][ T8348] ext4 filesystem being mounted at /138/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 309.618722][ T8348] EXT4-fs error (device loop1): ext4_map_blocks:814: inode #15: block 3: comm syz.1.707: lblock 3 mapped to illegal pblock 3 (length 13) [ 309.646427][ T8348] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 13 with error 117 [ 309.689907][ T8348] EXT4-fs (loop1): This should not happen!! Data will be lost [ 309.689907][ T8348] [ 309.690975][ T5968] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 309.737368][ T8367] EXT4-fs error (device loop1): ext4_map_blocks:778: inode #15: block 3: comm syz.1.707: lblock 3 mapped to illegal pblock 3 (length 1) [ 309.787614][ T8367] EXT4-fs error (device loop1): ext4_map_blocks:778: inode #15: block 3: comm syz.1.707: lblock 3 mapped to illegal pblock 3 (length 1) [ 309.910786][ T8344] EXT4-fs error (device loop1): ext4_map_blocks:778: inode #15: block 3: comm syz.1.707: lblock 3 mapped to illegal pblock 3 (length 1) [ 309.931192][ T5968] usb 4-1: Using ep0 maxpacket: 16 [ 309.933262][ T8370] Illegal XDP return value 4294967274 on prog (id 129) dev N/A, expect packet loss! [ 309.967000][ T5968] usb 4-1: config 0 has no interfaces? [ 310.036732][ T8367] EXT4-fs error (device loop1): ext4_map_blocks:778: inode #15: block 3: comm syz.1.707: lblock 3 mapped to illegal pblock 3 (length 1) [ 310.048481][ T5968] usb 4-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 310.100637][ T8344] EXT4-fs error (device loop1): ext4_map_blocks:778: inode #15: block 3: comm syz.1.707: lblock 3 mapped to illegal pblock 3 (length 1) [ 310.110564][ T5968] usb 4-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 310.129925][ T8367] EXT4-fs error (device loop1): ext4_map_blocks:778: inode #15: block 3: comm syz.1.707: lblock 3 mapped to illegal pblock 3 (length 1) [ 310.133980][ T5968] usb 4-1: Product: syz [ 310.200596][ T8344] EXT4-fs error (device loop1): ext4_map_blocks:778: inode #15: block 3: comm syz.1.707: lblock 3 mapped to illegal pblock 3 (length 1) [ 310.231784][ T8362] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters [ 310.320587][ T5968] usb 4-1: SerialNumber: syz [ 310.341246][ T8367] EXT4-fs error (device loop1): ext4_map_blocks:778: inode #15: block 3: comm syz.1.707: lblock 3 mapped to illegal pblock 3 (length 1) [ 310.393064][ T5968] usb 4-1: config 0 descriptor?? [ 310.503173][ T30] kauditd_printk_skb: 8 callbacks suppressed [ 310.503229][ T30] audit: type=1800 audit(1752635440.648:115): pid=8374 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.714" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0 [ 311.537235][ T5968] usb 4-1: USB disconnect, device number 3 [ 311.684959][ T5849] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 312.220128][ T8383] netlink: 20 bytes leftover after parsing attributes in process `syz.0.718'. [ 313.446484][ T8412] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 313.792629][ T8416] loop2: detected capacity change from 0 to 1024 [ 313.842043][ T8416] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 313.871558][ T8416] ext4 filesystem being mounted at /152/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 313.972950][ T8416] EXT4-fs error (device loop2): ext4_map_blocks:814: inode #15: block 3: comm syz.2.727: lblock 3 mapped to illegal pblock 3 (length 13) [ 313.989628][ T8424] netlink: 20 bytes leftover after parsing attributes in process `syz.0.731'. [ 314.046889][ T8416] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 13 with error 117 [ 314.090199][ T8428] netlink: 4 bytes leftover after parsing attributes in process `syz.0.733'. [ 314.099833][ T8416] EXT4-fs (loop2): This should not happen!! Data will be lost [ 314.099833][ T8416] [ 314.129306][ T8413] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #15: block 3: comm syz.2.727: lblock 3 mapped to illegal pblock 3 (length 1) [ 314.190188][ T8426] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #15: block 3: comm syz.2.727: lblock 3 mapped to illegal pblock 3 (length 1) [ 314.233736][ T8413] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #15: block 3: comm syz.2.727: lblock 3 mapped to illegal pblock 3 (length 1) [ 314.263047][ T8426] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #15: block 3: comm syz.2.727: lblock 3 mapped to illegal pblock 3 (length 1) [ 314.283171][ T8426] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #15: block 3: comm syz.2.727: lblock 3 mapped to illegal pblock 3 (length 1) [ 314.300318][ T8413] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #15: block 3: comm syz.2.727: lblock 3 mapped to illegal pblock 3 (length 1) [ 314.863429][ T8426] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #15: block 3: comm syz.2.727: lblock 3 mapped to illegal pblock 3 (length 1) [ 314.914767][ T8413] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #15: block 3: comm syz.2.727: lblock 3 mapped to illegal pblock 3 (length 1) [ 314.946015][ T8413] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #15: block 3: comm syz.2.727: lblock 3 mapped to illegal pblock 3 (length 1) [ 314.960615][ T5968] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 315.251261][ T5968] usb 1-1: Using ep0 maxpacket: 16 [ 315.262381][ T5968] usb 1-1: config 0 has no interfaces? [ 315.287738][ T5968] usb 1-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 315.317898][ T5968] usb 1-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 315.327238][ T5968] usb 1-1: Product: syz [ 315.332287][ T5968] usb 1-1: SerialNumber: syz [ 315.353632][ T5968] usb 1-1: config 0 descriptor?? [ 315.820730][ T5914] usb 4-1: new full-speed USB device number 4 using dummy_hcd [ 316.819083][ T5914] usb 4-1: unable to get BOS descriptor or descriptor too short [ 316.862103][ T5914] usb 4-1: unable to read config index 0 descriptor/start: -71 [ 316.981982][ T5914] usb 4-1: can't read configurations, error -71 [ 316.993141][ T10] usb 1-1: USB disconnect, device number 3 [ 317.078894][ T5858] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 317.275911][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.282472][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.545827][ T8464] netlink: 20 bytes leftover after parsing attributes in process `syz.3.744'. [ 317.866497][ T8472] netlink: 16 bytes leftover after parsing attributes in process `syz.1.745'. [ 322.644524][ T8506] netlink: 8 bytes leftover after parsing attributes in process `syz.2.755'. [ 322.832255][ T8509] netlink: 20 bytes leftover after parsing attributes in process `syz.0.756'. [ 323.421124][ T8528] netlink: 16 bytes leftover after parsing attributes in process `syz.4.759'. [ 326.976818][ T8569] netlink: 20 bytes leftover after parsing attributes in process `syz.0.773'. [ 333.850670][ T8631] netlink: 16 bytes leftover after parsing attributes in process `syz.2.794'. [ 335.827419][ T8649] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 336.464046][ T8654] IPv6: addrconf: prefix option has invalid lifetime [ 336.471031][ T8654] IPv6: addrconf: prefix option has invalid lifetime [ 340.700858][ T8690] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 346.064402][ T8719] delete_channel: no stack [ 347.846846][ T8738] overlayfs: overlapping lowerdir path [ 348.274158][ T8741] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 349.461348][ T8758] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 349.487537][ C1] vkms_vblank_simulate: vblank timer overrun [ 349.494114][ T8758] CIFS mount error: No usable UNC path provided in device string! [ 349.494114][ T8758] [ 349.504461][ T8758] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 353.360589][ T93] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 354.349231][ T93] usb 1-1: Using ep0 maxpacket: 16 [ 354.441148][ T93] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 354.802007][ T93] usb 1-1: New USB device found, idVendor=046d, idProduct=c531, bcdDevice= 0.00 [ 354.811471][ T93] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 354.902189][ T8800] netlink: 16 bytes leftover after parsing attributes in process `syz.2.845'. [ 355.258762][ T93] usb 1-1: config 0 descriptor?? [ 355.328674][ T93] usbhid 1-1:0.0: can't add hid device: -71 [ 355.351593][ T93] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 355.377313][ T93] usb 1-1: USB disconnect, device number 4 [ 356.340841][ T8811] block device autoloading is deprecated and will be removed. [ 357.360105][ T8827] loop2: detected capacity change from 0 to 1024 [ 359.224571][ T8827] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 359.534763][ T8827] ext4 filesystem being mounted at /175/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 359.717801][ T8827] EXT4-fs error (device loop2): ext4_map_blocks:814: inode #15: block 3: comm syz.2.855: lblock 3 mapped to illegal pblock 3 (length 13) [ 359.841860][ T8848] netlink: 16 bytes leftover after parsing attributes in process `syz.3.859'. [ 360.428755][ T8827] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 13 with error 117 [ 360.677675][ T8827] EXT4-fs (loop2): This should not happen!! Data will be lost [ 360.677675][ T8827] [ 360.989381][ T5858] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 363.636451][ T8900] netlink: 16 bytes leftover after parsing attributes in process `syz.2.877'. [ 364.697107][ T8898] loop1: detected capacity change from 0 to 1024 [ 364.786741][ T8898] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 364.855991][ T8898] ext4 filesystem being mounted at /170/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 364.970066][ T8898] EXT4-fs error (device loop1): ext4_map_blocks:814: inode #15: block 3: comm syz.1.876: lblock 3 mapped to illegal pblock 3 (length 13) [ 365.074720][ T8898] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 13 with error 117 [ 365.146512][ T8898] EXT4-fs (loop1): This should not happen!! Data will be lost [ 365.146512][ T8898] [ 365.280788][ T8901] EXT4-fs error (device loop1): ext4_map_blocks:778: inode #15: block 3: comm syz.1.876: lblock 3 mapped to illegal pblock 3 (length 1) [ 365.341235][ T8896] EXT4-fs error (device loop1): ext4_map_blocks:778: inode #15: block 3: comm syz.1.876: lblock 3 mapped to illegal pblock 3 (length 1) [ 365.379209][ T8901] EXT4-fs error (device loop1): ext4_map_blocks:778: inode #15: block 3: comm syz.1.876: lblock 3 mapped to illegal pblock 3 (length 1) [ 365.419413][ T8896] EXT4-fs error (device loop1): ext4_map_blocks:778: inode #15: block 3: comm syz.1.876: lblock 3 mapped to illegal pblock 3 (length 1) [ 365.465080][ T8901] EXT4-fs error (device loop1): ext4_map_blocks:778: inode #15: block 3: comm syz.1.876: lblock 3 mapped to illegal pblock 3 (length 1) [ 365.500332][ T8896] EXT4-fs error (device loop1): ext4_map_blocks:778: inode #15: block 3: comm syz.1.876: lblock 3 mapped to illegal pblock 3 (length 1) [ 365.539062][ T8901] EXT4-fs error (device loop1): ext4_map_blocks:778: inode #15: block 3: comm syz.1.876: lblock 3 mapped to illegal pblock 3 (length 1) [ 365.691579][ T8896] EXT4-fs error (device loop1): ext4_map_blocks:778: inode #15: block 3: comm syz.1.876: lblock 3 mapped to illegal pblock 3 (length 1) [ 365.743850][ T8896] EXT4-fs error (device loop1): ext4_map_blocks:778: inode #15: block 3: comm syz.1.876: lblock 3 mapped to illegal pblock 3 (length 1) [ 366.973987][ T8929] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 367.017509][ T5849] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 367.606705][ T8951] netlink: 20 bytes leftover after parsing attributes in process `syz.1.891'. [ 371.740688][ T30] audit: type=1326 audit(1752635501.658:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8977 comm="syz.4.900" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f43a058e929 code=0x0 [ 377.082338][ T9034] netlink: 28 bytes leftover after parsing attributes in process `syz.2.913'. [ 377.134824][ T9034] netlink: 28 bytes leftover after parsing attributes in process `syz.2.913'. [ 378.935205][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.942011][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 380.129170][ T9063] netlink: 20 bytes leftover after parsing attributes in process `syz.0.923'. [ 383.913804][ T30] audit: type=1326 audit(1752635513.468:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9082 comm="syz.1.930" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f951358e929 code=0x0 [ 384.317977][ T9100] netlink: 22 bytes leftover after parsing attributes in process `syz.1.935'. [ 389.510276][ T9140] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 390.282115][ T9149] loop2: detected capacity change from 0 to 1024 [ 390.413761][ T9149] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 390.500734][ T9149] ext4 filesystem being mounted at /190/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 390.579806][ T9152] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters [ 390.638876][ T9149] EXT4-fs error (device loop2): ext4_map_blocks:814: inode #15: block 3: comm syz.2.951: lblock 3 mapped to illegal pblock 3 (length 13) [ 390.733264][ T9149] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 13 with error 117 [ 390.920823][ T30] audit: type=1326 audit(1752635521.098:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9157 comm="syz.0.954" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f9c62b8e929 code=0x0 [ 391.211790][ T9149] EXT4-fs (loop2): This should not happen!! Data will be lost [ 391.211790][ T9149] [ 391.379818][ T9148] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #15: block 3: comm syz.2.951: lblock 3 mapped to illegal pblock 3 (length 1) [ 392.735620][ T9161] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #15: block 3: comm syz.2.951: lblock 3 mapped to illegal pblock 3 (length 1) [ 392.826887][ T9173] xt_hashlimit: size too large, truncated to 1048576 [ 393.691929][ T5858] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 393.845452][ T9186] netlink: 20 bytes leftover after parsing attributes in process `syz.0.962'. [ 395.254559][ T9205] loop4: detected capacity change from 0 to 1024 [ 396.169994][ T9205] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 396.813882][ T9205] ext4 filesystem being mounted at /195/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 396.964186][ T9205] EXT4-fs error (device loop4): ext4_map_blocks:814: inode #15: block 3: comm syz.4.971: lblock 3 mapped to illegal pblock 3 (length 13) [ 396.981296][ T9205] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 13 with error 117 [ 396.996482][ T9205] EXT4-fs (loop4): This should not happen!! Data will be lost [ 396.996482][ T9205] [ 397.023864][ T9225] EXT4-fs error (device loop4): ext4_map_blocks:778: inode #15: block 3: comm syz.4.971: lblock 3 mapped to illegal pblock 3 (length 1) [ 397.074433][ T9202] EXT4-fs error (device loop4): ext4_map_blocks:778: inode #15: block 3: comm syz.4.971: lblock 3 mapped to illegal pblock 3 (length 1) [ 397.260942][ T9202] EXT4-fs error (device loop4): ext4_map_blocks:778: inode #15: block 3: comm syz.4.971: lblock 3 mapped to illegal pblock 3 (length 1) [ 397.262950][ T10] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 397.293692][ T9202] EXT4-fs error (device loop4): ext4_map_blocks:778: inode #15: block 3: comm syz.4.971: lblock 3 mapped to illegal pblock 3 (length 1) [ 397.311980][ T9225] EXT4-fs error (device loop4): ext4_map_blocks:778: inode #15: block 3: comm syz.4.971: lblock 3 mapped to illegal pblock 3 (length 1) [ 397.329068][ T9202] EXT4-fs error (device loop4): ext4_map_blocks:778: inode #15: block 3: comm syz.4.971: lblock 3 mapped to illegal pblock 3 (length 1) [ 397.520152][ T9231] netlink: 16 bytes leftover after parsing attributes in process `syz.3.976'. [ 397.745233][ T9202] EXT4-fs error (device loop4): ext4_map_blocks:778: inode #15: block 3: comm syz.4.971: lblock 3 mapped to illegal pblock 3 (length 1) [ 397.763933][ T9225] EXT4-fs error (device loop4): ext4_map_blocks:778: inode #15: block 3: comm syz.4.971: lblock 3 mapped to illegal pblock 3 (length 1) [ 397.779863][ T9202] EXT4-fs error (device loop4): ext4_map_blocks:778: inode #15: block 3: comm syz.4.971: lblock 3 mapped to illegal pblock 3 (length 1) [ 397.830726][ T10] usb 3-1: Using ep0 maxpacket: 16 [ 397.837753][ T10] usb 3-1: config 0 has no interfaces? [ 397.848976][ T10] usb 3-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 397.863636][ T10] usb 3-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 397.873404][ T10] usb 3-1: Product: syz [ 397.877853][ T10] usb 3-1: SerialNumber: syz [ 397.899116][ T10] usb 3-1: config 0 descriptor?? [ 398.183690][ T5846] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 398.239373][ T5968] usb 3-1: USB disconnect, device number 4 [ 399.262120][ T9246] mmap: syz.4.980 (9246) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 399.917680][ T9255] random: crng reseeded on system resumption [ 401.175843][ T9275] netlink: 16 bytes leftover after parsing attributes in process `syz.1.990'. [ 402.575193][ T9308] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1002'. [ 405.324868][ T9337] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 405.868156][ T9343] program syz.0.1014 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 408.191491][ T5968] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 408.215517][ T9379] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 408.431460][ T5968] usb 2-1: Using ep0 maxpacket: 16 [ 408.439075][ T5968] usb 2-1: config 0 has no interfaces? [ 408.456701][ T5968] usb 2-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 408.484145][ T5968] usb 2-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 408.506177][ T5968] usb 2-1: Product: syz [ 408.518700][ T5968] usb 2-1: SerialNumber: syz [ 408.541642][ T5968] usb 2-1: config 0 descriptor?? [ 409.476115][ T5968] usb 2-1: USB disconnect, device number 5 [ 410.692334][ T9399] random: crng reseeded on system resumption [ 410.802553][ T9397] Restarting kernel threads ... [ 410.808299][ T9397] Done restarting kernel threads. [ 411.167837][ T9406] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 412.670638][ T10] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 412.970871][ T10] usb 2-1: Using ep0 maxpacket: 16 [ 413.225956][ T10] usb 2-1: config 0 has no interfaces? [ 413.255145][ T10] usb 2-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 413.320789][ T10] usb 2-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 413.350640][ T10] usb 2-1: Product: syz [ 413.357162][ T10] usb 2-1: SerialNumber: syz [ 413.392923][ T10] usb 2-1: config 0 descriptor?? [ 413.644543][ T9454] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 414.052596][ T9460] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1054'. [ 414.676718][ T123] usb 2-1: USB disconnect, device number 6 [ 417.025375][ T9494] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 419.645812][ T9537] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 421.623156][ T9571] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 423.750256][ T9616] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 425.989996][ T9651] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1119'. [ 429.128357][ T9694] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 429.136058][ T9694] IPv6: NLM_F_CREATE should be set when creating new route [ 429.143375][ T9694] IPv6: NLM_F_CREATE should be set when creating new route [ 432.071393][ T9714] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1139'. [ 432.107929][ T9717] loop1: detected capacity change from 0 to 1024 [ 432.212814][ T9717] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 432.231821][ T9717] ext4 filesystem being mounted at /233/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 432.383893][ T9717] EXT4-fs error (device loop1): ext4_map_blocks:814: inode #15: block 3: comm syz.1.1143: lblock 3 mapped to illegal pblock 3 (length 13) [ 433.108395][ T9717] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 13 with error 117 [ 433.170750][ T9717] EXT4-fs (loop1): This should not happen!! Data will be lost [ 433.170750][ T9717] [ 433.203508][ T9729] EXT4-fs error (device loop1): ext4_map_blocks:778: inode #15: block 3: comm syz.1.1143: lblock 3 mapped to illegal pblock 3 (length 1) [ 433.253851][ T9716] EXT4-fs error (device loop1): ext4_map_blocks:778: inode #15: block 3: comm syz.1.1143: lblock 3 mapped to illegal pblock 3 (length 1) [ 433.306853][ T9716] EXT4-fs error (device loop1): ext4_map_blocks:778: inode #15: block 3: comm syz.1.1143: lblock 3 mapped to illegal pblock 3 (length 1) [ 433.352668][ T9716] EXT4-fs error (device loop1): ext4_map_blocks:778: inode #15: block 3: comm syz.1.1143: lblock 3 mapped to illegal pblock 3 (length 1) [ 433.372567][ T9729] EXT4-fs error (device loop1): ext4_map_blocks:778: inode #15: block 3: comm syz.1.1143: lblock 3 mapped to illegal pblock 3 (length 1) [ 433.388756][ T9716] EXT4-fs error (device loop1): ext4_map_blocks:778: inode #15: block 3: comm syz.1.1143: lblock 3 mapped to illegal pblock 3 (length 1) [ 433.404402][ T9729] EXT4-fs error (device loop1): ext4_map_blocks:778: inode #15: block 3: comm syz.1.1143: lblock 3 mapped to illegal pblock 3 (length 1) [ 433.428667][ T9716] EXT4-fs error (device loop1): ext4_map_blocks:778: inode #15: block 3: comm syz.1.1143: lblock 3 mapped to illegal pblock 3 (length 1) [ 433.449570][ T9729] EXT4-fs error (device loop1): ext4_map_blocks:778: inode #15: block 3: comm syz.1.1143: lblock 3 mapped to illegal pblock 3 (length 1) [ 433.493504][ T9741] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1151'. [ 433.510057][ T9741] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1151'. [ 434.319978][ T5849] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 436.217952][ T9798] fuse: Bad value for 'fd' [ 437.821141][ T9814] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1169'. [ 439.129109][ T9831] overlayfs: overlapping lowerdir path [ 440.454184][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.460820][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.830156][ T9853] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 441.703920][ T9861] loop6: detected capacity change from 0 to 7 [ 441.713467][ T9861] Dev loop6: unable to read RDB block 7 [ 441.713498][ T9861] loop6: AHDI p1 p2 p3 [ 441.713526][ T9861] loop6: partition table partially beyond EOD, truncated [ 441.719924][ T9861] loop6: p1 start 1601398130 is beyond EOD, truncated [ 441.719952][ T9861] loop6: p2 start 1702059890 is beyond EOD, truncated [ 444.766083][ T9897] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 446.613070][ T9904] loop6: detected capacity change from 0 to 7 [ 446.633011][ T9904] Dev loop6: unable to read RDB block 7 [ 446.638995][ T9904] loop6: AHDI p1 p2 p3 [ 446.643848][ T9904] loop6: partition table partially beyond EOD, truncated [ 446.651923][ T9904] loop6: p1 start 1601398130 is beyond EOD, truncated [ 446.658855][ T9904] loop6: p2 start 1702059890 is beyond EOD, truncated [ 448.730690][ T9936] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 450.725700][ T9956] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1218'. [ 450.737623][ T9956] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1218'. [ 452.463849][ T9980] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 453.370558][ T5914] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 453.550992][ T5914] usb 3-1: Using ep0 maxpacket: 16 [ 453.562277][ T5914] usb 3-1: config 0 has no interfaces? [ 453.570132][ T5914] usb 3-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 453.838857][T10000] loop6: detected capacity change from 0 to 7 [ 453.866731][T10000] Dev loop6: unable to read RDB block 7 [ 453.869089][ T5914] usb 3-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 453.872612][T10000] loop6: AHDI p1 p2 p3 [ 453.884787][T10000] loop6: partition table partially beyond EOD, truncated [ 453.884819][ T5914] usb 3-1: Product: syz [ 453.892101][T10000] loop6: p1 start 1601398130 is beyond EOD, truncated [ 453.896704][ T5914] usb 3-1: SerialNumber: syz [ 453.903021][T10000] loop6: p2 start 1702059890 is beyond EOD, truncated [ 454.081473][ T5914] usb 3-1: config 0 descriptor?? [ 455.800895][ T5914] usb 3-1: USB disconnect, device number 5 [ 456.081072][T10023] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 457.014798][T10046] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1248'. [ 457.832209][T10059] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 459.924584][ T5850] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 460.230810][ T5850] usb 2-1: Using ep0 maxpacket: 16 [ 460.242366][ T5850] usb 2-1: config 0 has no interfaces? [ 460.252913][ T5850] usb 2-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 460.350827][T10088] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1262'. [ 460.787779][ T5850] usb 2-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 460.901584][ T5850] usb 2-1: Product: syz [ 460.905803][ T5850] usb 2-1: SerialNumber: syz [ 460.937418][ T5850] usb 2-1: config 0 descriptor?? [ 461.327394][T10099] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1265'. [ 462.062585][T10106] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1267'. [ 462.429464][ T123] usb 2-1: USB disconnect, device number 7 [ 463.627901][T10130] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1275'. [ 464.108547][T10124] syz_tun: entered promiscuous mode [ 464.117659][T10124] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1274'. [ 465.139700][T10147] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1281'. [ 468.567519][T10197] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1297'. [ 471.981288][T10245] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1310'. [ 473.600689][ T10] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 473.950772][ T10] usb 2-1: Using ep0 maxpacket: 32 [ 473.975853][ T10] usb 2-1: config index 0 descriptor too short (expected 29220, got 36) [ 474.000750][ T10] usb 2-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 474.055420][ T10] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 474.344422][ T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 474.640714][ T10] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 474.650409][ T10] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 474.664126][ T10] usb 2-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 474.674221][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 474.786470][ T10] usb 2-1: config 0 descriptor?? [ 475.080146][ T10] usblp 2-1:0.0: usblp0: USB Bidirectional printer dev 8 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 475.362823][ T10] usb 2-1: USB disconnect, device number 8 [ 475.387865][ T10] usblp0: removed [ 476.841821][ T10] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 477.164502][ T123] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 477.324846][T10303] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1334'. [ 477.932280][ T123] usb 1-1: Using ep0 maxpacket: 8 [ 477.962081][ T123] usb 1-1: device descriptor read/all, error -71 [ 478.244487][T10319] program syz.2.1341 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 479.278151][ T5850] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 480.021280][ T5850] usb 5-1: config 0 interface 0 altsetting 128 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 480.032508][ T5850] usb 5-1: config 0 interface 0 altsetting 128 endpoint 0x81 has invalid wMaxPacketSize 0 [ 480.042530][ T5850] usb 5-1: config 0 interface 0 has no altsetting 0 [ 480.049162][ T5850] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 480.058291][ T5850] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 480.105910][ T5850] usb 5-1: config 0 descriptor?? [ 480.480758][ T9] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 480.952035][T10359] program syz.3.1356 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 481.047506][ T5850] usb 5-1: string descriptor 0 read error: -22 [ 481.053817][ T9] usb 2-1: Using ep0 maxpacket: 16 [ 481.081317][ T9] usb 2-1: config 0 has no interfaces? [ 481.105500][ T9] usb 2-1: New USB device found, idVendor=0d49, idProduct=7010, bcdDevice= c.90 [ 481.117328][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 481.148455][ T9] usb 2-1: Product: syz [ 481.154510][ T9] usb 2-1: Manufacturer: syz [ 481.159164][ T9] usb 2-1: SerialNumber: syz [ 481.184078][ T9] usb 2-1: config 0 descriptor?? [ 481.367489][ T5850] input: HID 256c:006d as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:256C:006D.0003/input/input11 [ 481.916647][ T5850] uclogic 0003:256C:006D.0003: input,hidraw0: USB HID v0.00 Device [HID 256c:006d] on usb-dummy_hcd.4-1/input0 [ 481.955024][ T9] usb 2-1: USB disconnect, device number 10 [ 482.005808][ T5850] usb 5-1: USB disconnect, device number 6 [ 482.844919][T10370] fido_id[10370]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/5-1/report_descriptor': No such file or directory [ 484.304751][T10394] program syz.1.1367 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 488.792519][T10479] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1393'. [ 492.911781][T10523] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1409'. [ 494.443078][T10547] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1418'. [ 498.428367][T10591] program syz.3.1434 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 499.017267][T10604] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1435'. [ 500.153038][T10626] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 500.527042][T10630] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1443'. [ 501.297066][T10642] program syz.1.1448 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 501.625519][T10647] loop6: detected capacity change from 0 to 7 [ 501.637561][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.774807][T10647] Dev loop6: unable to read RDB block 7 [ 501.781071][T10647] loop6: AHDI p1 p2 p3 [ 501.785505][T10647] loop6: partition table partially beyond EOD, truncated [ 501.794020][T10647] loop6: p1 start 1601398130 is beyond EOD, truncated [ 501.800974][T10647] loop6: p2 start 1702059890 is beyond EOD, truncated [ 503.349691][T10661] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1452'. [ 503.431324][ T5968] delete_channel: no stack [ 503.655255][T10671] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1456'. [ 504.182705][T10674] program syz.1.1459 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 505.824361][ T30] audit: type=1326 audit(1752635636.018:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10692 comm="syz.1.1466" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f951358e929 code=0x0 [ 505.959100][T10704] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1467'. [ 508.156548][T10707] netlink: 92 bytes leftover after parsing attributes in process `syz.2.1470'. [ 508.323249][T10714] program syz.4.1475 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 508.888984][T10721] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1471'. [ 509.383650][T10734] tipc: Started in network mode [ 509.418419][T10734] tipc: Node identity cae3ec3608b, cluster identity 4711 [ 509.477520][T10734] tipc: Enabled bearer , priority 0 [ 509.529729][T10731] tipc: Resetting bearer [ 509.642809][T10730] tipc: Disabling bearer [ 510.573996][T10750] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 510.666060][T10754] netlink: 92 bytes leftover after parsing attributes in process `syz.4.1486'. [ 510.679029][T10755] program syz.3.1487 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 512.809743][T10788] program syz.4.1499 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 513.833714][T10810] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1505'. [ 514.583916][T10826] 9pnet: Limiting 'msize' to 1048576 as this is the maximum supported by transport fd [ 515.094206][T10831] program syz.0.1514 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 516.141984][T10844] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1516'. [ 517.037167][T10853] affs: No valid root block on device nullb0 [ 518.363381][T10859] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1523'. [ 518.741785][T10867] program syz.2.1526 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 521.568522][T10896] netlink: 'syz.0.1535': attribute type 1 has an invalid length. [ 522.107799][T10901] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1536'. [ 522.670028][T10904] random: crng reseeded on system resumption [ 524.099648][T10920] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1541'. [ 527.894137][T10945] netlink: 92 bytes leftover after parsing attributes in process `syz.1.1549'. [ 528.253444][T10952] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1553'. [ 531.548801][T10988] netlink: 92 bytes leftover after parsing attributes in process `syz.4.1564'. [ 531.786215][T10996] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1566'. [ 532.392876][T11003] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1568'. [ 532.837971][T11012] Bluetooth: MGMT ver 1.23 [ 534.360613][ T9] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 534.406110][T11023] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1574'. [ 534.654918][ C1] vcan0: j1939_tp_rxtimer: 0xffff888055d42400: rx timeout, send abort [ 535.267330][T11032] netlink: 92 bytes leftover after parsing attributes in process `syz.1.1579'. [ 535.287141][ T9] usb 4-1: Using ep0 maxpacket: 16 [ 535.294392][ T9] usb 4-1: config 0 has no interfaces? [ 535.305306][ T9] usb 4-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 535.314901][ T9] usb 4-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 535.326025][ T9] usb 4-1: Product: syz [ 535.341950][ T9] usb 4-1: SerialNumber: syz [ 535.363130][ T9] usb 4-1: config 0 descriptor?? [ 535.539269][T11036] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1580'. [ 536.111386][T11047] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1585'. [ 538.885611][T11063] mkiss: ax0: crc mode is auto. [ 539.455018][ T5950] usb 4-1: USB disconnect, device number 6 [ 539.547743][T11070] netlink: 92 bytes leftover after parsing attributes in process `syz.3.1593'. [ 539.557654][T11071] program syz.1.1592 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 540.009865][T11080] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1596'. [ 541.140614][ T10] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 541.457664][ T10] usb 1-1: Using ep0 maxpacket: 16 [ 541.504531][T11105] netlink: 92 bytes leftover after parsing attributes in process `syz.1.1606'. [ 541.514371][ T10] usb 1-1: config 0 has no interfaces? [ 541.560896][ T10] usb 1-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 541.569971][ T10] usb 1-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 541.588795][T11109] program syz.2.1607 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 541.630890][ T10] usb 1-1: Product: syz [ 541.635100][ T10] usb 1-1: SerialNumber: syz [ 541.665023][ T10] usb 1-1: config 0 descriptor?? [ 541.696130][T11112] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1609'. [ 542.678551][T11123] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1612'. [ 543.583523][T11136] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1616'. [ 543.706912][ T123] usb 1-1: USB disconnect, device number 7 [ 544.694739][T11148] program syz.1.1620 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 544.827605][T11150] netlink: 92 bytes leftover after parsing attributes in process `syz.0.1621'. [ 545.035621][T11155] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1622'. [ 545.506697][T11164] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1625'. [ 546.279937][T11173] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1630'. [ 546.481412][T11180] netlink: 92 bytes leftover after parsing attributes in process `syz.1.1633'. [ 546.586220][T11182] program syz.2.1634 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 549.034286][T11225] netlink: 92 bytes leftover after parsing attributes in process `syz.4.1647'. [ 549.505949][T11228] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 549.646010][T11230] program syz.4.1649 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 550.586467][T11252] netlink: 92 bytes leftover after parsing attributes in process `syz.1.1659'. [ 550.783349][T11262] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1660'. [ 550.800901][T11263] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 550.973878][T11267] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1663'. [ 551.075858][T11273] program syz.2.1666 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 551.933826][T11291] netlink: 92 bytes leftover after parsing attributes in process `syz.0.1672'. [ 552.064018][T11297] comedi comedi1: aio_iiro_16: I/O port conflict (0x5,8) [ 552.151253][T11295] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 556.173621][T11350] loop6: detected capacity change from 0 to 7 [ 556.276056][T11350] Dev loop6: unable to read RDB block 7 [ 556.281741][T11350] loop6: AHDI p1 p2 p3 [ 556.285920][T11350] loop6: partition table partially beyond EOD, truncated [ 556.293232][T11350] loop6: p1 start 1601398130 is beyond EOD, truncated [ 556.300011][T11350] loop6: p2 start 1702059890 is beyond EOD, truncated [ 556.701411][T11353] netlink: 92 bytes leftover after parsing attributes in process `syz.2.1693'. [ 556.913713][T11362] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1694'. [ 559.391754][T11396] netlink: 92 bytes leftover after parsing attributes in process `syz.3.1708'. [ 559.624666][T11400] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1709'. [ 559.733151][ T43] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 559.974231][ T43] usb 5-1: Using ep0 maxpacket: 8 [ 559.984206][ T43] usb 5-1: no configurations [ 559.988851][ T43] usb 5-1: can't read configurations, error -22 [ 560.171622][ T43] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 560.217619][T11406] netlink: 68 bytes leftover after parsing attributes in process `syz.3.1712'. [ 560.345508][ T43] usb 5-1: Using ep0 maxpacket: 8 [ 560.365654][ T43] usb 5-1: no configurations [ 560.379647][ T43] usb 5-1: can't read configurations, error -22 [ 560.400192][ T43] usb usb5-port1: attempt power cycle [ 561.154853][ T43] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 561.869299][ T43] usb 5-1: device descriptor read/8, error -71 [ 561.928955][T11429] netlink: 92 bytes leftover after parsing attributes in process `syz.2.1720'. [ 562.268427][T11431] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 563.033150][T11435] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1721'. [ 563.041238][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.676109][T11451] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1726'. [ 564.859190][T11470] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 565.001180][T11480] fuse: Invalid rootmode [ 565.681747][T11485] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1735'. [ 566.170768][T11489] netlink: 68 bytes leftover after parsing attributes in process `syz.4.1737'. [ 568.088723][T11502] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 568.322062][T11507] loop6: detected capacity change from 0 to 7 [ 568.946805][T11507] Dev loop6: unable to read RDB block 7 [ 569.142992][T11507] loop6: AHDI p1 p2 p3 [ 569.148103][T11507] loop6: partition table partially beyond EOD, truncated [ 569.156334][T11507] loop6: p1 start 1601398130 is beyond EOD, truncated [ 569.163243][T11507] loop6: p2 start 1702059890 is beyond EOD, truncated [ 570.480769][ T9] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 570.530145][T11535] netlink: 68 bytes leftover after parsing attributes in process `syz.0.1751'. [ 570.660618][ T9] usb 3-1: Using ep0 maxpacket: 16 [ 570.703483][ T9] usb 3-1: config 0 has no interfaces? [ 570.712765][ T9] usb 3-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 570.835713][T11539] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1750'. [ 571.007654][ T9] usb 3-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 571.119194][ T9] usb 3-1: Product: syz [ 571.124101][ T9] usb 3-1: SerialNumber: syz [ 571.152250][ T9] usb 3-1: config 0 descriptor?? [ 572.449978][T11550] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 572.599875][ T43] usb 3-1: USB disconnect, device number 6 [ 572.655173][T11556] program syz.4.1758 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 575.062920][T11589] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1765'. [ 576.441424][T11612] loop6: detected capacity change from 0 to 7 [ 576.466269][T11612] Dev loop6: unable to read RDB block 7 [ 576.514888][T11612] loop6: AHDI p1 p2 p3 [ 576.636804][T11612] loop6: partition table partially beyond EOD, truncated [ 576.969536][T11612] loop6: p1 start 1601398130 is beyond EOD, truncated [ 577.076638][T11612] loop6: p2 start 1702059890 is beyond EOD, truncated [ 577.630683][ T43] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 577.830664][ T43] usb 2-1: Using ep0 maxpacket: 16 [ 577.860946][ T43] usb 2-1: config 0 has no interfaces? [ 577.910397][ T43] usb 2-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 577.948438][ T43] usb 2-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 577.967071][ T43] usb 2-1: Product: syz [ 577.981794][ T43] usb 2-1: SerialNumber: syz [ 578.000227][ T43] usb 2-1: config 0 descriptor?? [ 579.158279][T11628] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1781'. [ 580.113823][ T43] usb 2-1: USB disconnect, device number 11 [ 580.845821][T11651] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 581.843616][T11669] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1790'. [ 582.508927][T11679] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1793'. [ 582.935840][T11683] netlink: 'syz.1.1795': attribute type 3 has an invalid length. [ 582.971749][T11683] netlink: 84 bytes leftover after parsing attributes in process `syz.1.1795'. [ 584.417401][ T9] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 584.590657][ T9] usb 4-1: Using ep0 maxpacket: 16 [ 584.704195][ T9] usb 4-1: config 0 has no interfaces? [ 584.761010][ T9] usb 4-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 584.810010][ T9] usb 4-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 584.971782][ T9] usb 4-1: Product: syz [ 584.977051][ T9] usb 4-1: SerialNumber: syz [ 585.150962][ T9] usb 4-1: config 0 descriptor?? [ 585.481922][T11713] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 586.282125][ T10] usb 4-1: USB disconnect, device number 7 [ 586.450941][T11722] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1806'. [ 588.977634][T11759] loop6: detected capacity change from 0 to 7 [ 589.160345][T11759] Dev loop6: unable to read RDB block 7 [ 589.166105][T11759] loop6: AHDI p1 p2 p3 [ 589.170288][T11759] loop6: partition table partially beyond EOD, truncated [ 589.177537][T11759] loop6: p1 start 1601398130 is beyond EOD, truncated [ 589.184421][T11759] loop6: p2 start 1702059890 is beyond EOD, truncated [ 589.374287][T11761] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1818'. [ 591.712782][T11792] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 593.718746][T11810] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1832'. [ 597.010352][T11846] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1840'. [ 597.472385][T11850] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1842'. [ 597.886893][T11859] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1845'. [ 605.999980][T11965] program syz.2.1876 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 606.253227][T11969] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1875'. [ 609.351134][T12002] program syz.0.1888 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 609.989624][T12016] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1890'. [ 611.744171][T12039] program syz.0.1900 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 611.769798][T10795] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 611.960532][T10795] usb 5-1: Using ep0 maxpacket: 16 [ 611.973618][T10795] usb 5-1: config 0 has no interfaces? [ 611.982903][T10795] usb 5-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 612.005003][T10795] usb 5-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 612.014739][T10795] usb 5-1: Product: syz [ 612.020200][T10795] usb 5-1: SerialNumber: syz [ 612.224169][T12046] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1904'. [ 612.234933][T10795] usb 5-1: config 0 descriptor?? [ 613.001627][T12060] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1906'. [ 613.879267][ T10] usb 5-1: USB disconnect, device number 11 [ 614.227238][T12074] netlink: 68 bytes leftover after parsing attributes in process `syz.3.1912'. [ 616.617503][T12094] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1918'. [ 618.042931][T12115] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1924'. [ 618.196000][T12116] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1923'. [ 618.222154][T12119] netlink: 21 bytes leftover after parsing attributes in process `syz.0.1926'. [ 618.231516][T12119] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1926'. [ 622.140923][T12161] No buffer was provided with the request [ 622.205449][T12159] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1938'. [ 624.479628][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 625.127286][T12199] netlink: 68 bytes leftover after parsing attributes in process `syz.0.1952'. [ 628.970641][ T30] audit: type=1326 audit(1752635759.158:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12226 comm="syz.4.1960" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f43a058e929 code=0x7fc00000 [ 629.406473][T12250] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1965'. [ 631.303989][T12274] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 632.278214][T12286] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1975'. [ 633.623733][T12299] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1979'. [ 634.044368][T12303] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 [ 636.070758][ T51] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 636.384125][T12329] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 638.315227][T12339] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1988'. [ 638.551067][T12345] 9pnet: Limiting 'msize' to 1048576 as this is the maximum supported by transport fd [ 639.559280][T12353] tmpfs: Bad value for 'mpol' [ 639.610707][T10346] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 640.597111][T10346] usb 3-1: Using ep0 maxpacket: 16 [ 640.813992][T10346] usb 3-1: config 0 has an invalid interface number: 250 but max is 0 [ 640.824318][T10346] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 640.841043][T10346] usb 3-1: config 0 has no interface number 0 [ 640.847807][T10346] usb 3-1: config 0 interface 250 altsetting 1 bulk endpoint 0x4 has invalid maxpacket 1023 [ 640.875948][T10346] usb 3-1: config 0 interface 250 altsetting 1 has 2 endpoint descriptors, different from the interface descriptor's value: 5 [ 640.906232][T10346] usb 3-1: config 0 interface 250 has no altsetting 0 [ 640.928458][T10346] usb 3-1: New USB device found, idVendor=04e8, idProduct=689a, bcdDevice=88.04 [ 641.274506][T10346] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 641.287257][T10346] usb 3-1: Product: syz [ 641.414751][T10346] usb 3-1: Manufacturer: syz [ 641.419376][T10346] usb 3-1: SerialNumber: syz [ 641.469950][T10346] usb 3-1: config 0 descriptor?? [ 641.642826][T12349] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 642.595672][T12387] netlink: 'syz.0.2001': attribute type 1 has an invalid length. [ 642.603891][T12387] netlink: 'syz.0.2001': attribute type 2 has an invalid length. [ 642.950756][T10346] usb 3-1: USB disconnect, device number 7 [ 643.180799][T12391] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2005'. [ 643.419508][T12396] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 643.490803][T12372] vxfs: WRONG superblock magic 00000000 at 1 [ 643.499872][T12372] vxfs: WRONG superblock magic 00000000 at 8 [ 643.506026][T12372] vxfs: can't find superblock. [ 650.567870][T12475] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2035'. [ 650.825860][ T5850] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 651.170550][ T5850] usb 5-1: Using ep0 maxpacket: 16 [ 651.183313][ T5850] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 651.201652][ T5850] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 652.167044][ T5850] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 652.179294][ T5850] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 652.187367][ T5850] usb 5-1: Product: syz [ 652.191573][ T5850] usb 5-1: Manufacturer: syz [ 652.196172][ T5850] usb 5-1: SerialNumber: syz [ 652.441645][ T5850] usb 5-1: 0:2 : does not exist [ 653.150789][ T5850] usb 5-1: USB disconnect, device number 12 [ 653.377735][T12524] team0: No ports can be present during mode change [ 657.600157][T12573] loop6: detected capacity change from 0 to 7 [ 657.629348][T12573] Dev loop6: unable to read RDB block 7 [ 657.635231][T12573] loop6: AHDI p1 p2 p3 [ 657.639610][T12573] loop6: partition table partially beyond EOD, truncated [ 657.647859][T12573] loop6: p1 start 1601398130 is beyond EOD, truncated [ 657.654800][T12573] loop6: p2 start 1702059890 is beyond EOD, truncated [ 662.042275][T12608] bond_slave_1: entered promiscuous mode [ 662.048555][T12608] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2074'. [ 662.330289][T12608] bond0: (slave bond_slave_1): Releasing backup interface [ 663.155026][T12623] loop6: detected capacity change from 0 to 7 [ 663.186445][T12623] Dev loop6: unable to read RDB block 7 [ 663.192482][T12623] loop6: AHDI p1 p2 p3 [ 663.196885][T12623] loop6: partition table partially beyond EOD, truncated [ 663.205312][T12623] loop6: p1 start 1601398130 is beyond EOD, truncated [ 663.212262][T12623] loop6: p2 start 1702059890 is beyond EOD, truncated [ 663.786922][T12627] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2080'. [ 664.893357][T12634] syz.2.2081: attempt to access beyond end of device [ 664.893357][T12634] nbd2: rw=6144, sector=128, nr_sectors = 8 limit=0 [ 664.906920][T12634] gfs2: error -5 reading superblock [ 665.561755][T12647] syz.3.2083: attempt to access beyond end of device [ 665.561755][T12647] nbd3: rw=4096, sector=2, nr_sectors = 2 limit=0 [ 665.576156][T12647] EXT4-fs (nbd3): unable to read superblock [ 666.640782][T10795] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 666.850553][T10795] usb 3-1: device descriptor read/64, error -71 [ 667.120816][T10795] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 667.393534][T12660] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 667.998424][T10795] usb 3-1: device descriptor read/64, error -71 [ 668.277730][T10795] usb usb3-port1: attempt power cycle [ 669.471172][T12681] mkiss: ax0: crc mode is auto. [ 669.859245][T12679] No buffer was provided with the request [ 671.040536][T12693] 9pnet_fd: Insufficient options for proto=fd [ 671.819131][T12702] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2095'. [ 675.070649][T12740] 9pnet_fd: Insufficient options for proto=fd [ 676.079629][T12747] syz.4.2112: attempt to access beyond end of device [ 676.079629][T12747] nbd4: rw=4096, sector=2, nr_sectors = 2 limit=0 [ 676.092813][T12747] EXT4-fs (nbd4): unable to read superblock [ 679.044596][T12768] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2118'. [ 681.493082][T12795] xt_hashlimit: size too large, truncated to 1048576 [ 684.744684][T12817] syz.3.2131 (12817): drop_caches: 2 [ 685.915964][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 685.981320][T12840] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2132'. [ 690.316968][T12910] 9pnet: Limiting 'msize' to 1048576 as this is the maximum supported by transport fd [ 691.793627][T12928] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 691.800899][T12928] IPv6: NLM_F_CREATE should be set when creating new route [ 691.808209][T12928] IPv6: NLM_F_CREATE should be set when creating new route [ 696.310767][T12982] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 697.024679][T12988] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 700.618825][T13017] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2187'. [ 702.047687][T13031] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 702.169927][T13032] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 705.938717][T13071] loop6: detected capacity change from 0 to 7 [ 706.088517][T13071] Dev loop6: unable to read RDB block 7 [ 706.094137][T13071] loop6: AHDI p1 p2 p3 [ 706.098294][T13071] loop6: partition table partially beyond EOD, truncated [ 706.105604][T13071] loop6: p1 start 1601398130 is beyond EOD, truncated [ 706.112640][T13071] loop6: p2 start 1702059890 is beyond EOD, truncated [ 708.795854][T13094] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 709.398307][T13100] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2211'. [ 709.782539][T13102] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2217'. [ 710.810738][T13109] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2219'. [ 710.948923][T13112] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2222'. [ 712.485356][T13135] syz_tun: entered allmulticast mode [ 713.324944][T13123] syz_tun: left allmulticast mode [ 714.931348][T13152] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2233'. [ 715.036787][T13158] netlink: 92 bytes leftover after parsing attributes in process `syz.2.2236'. [ 715.497185][T13171] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2240'. [ 717.662313][T13192] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2234'. [ 717.881923][T13198] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2247'. [ 718.053732][T13205] netlink: 92 bytes leftover after parsing attributes in process `syz.0.2249'. [ 718.069160][T13189] syz_tun: entered allmulticast mode [ 718.162722][T13187] syz_tun: left allmulticast mode [ 718.330663][T13207] syz.1.2248: attempt to access beyond end of device [ 718.330663][T13207] nbd1: rw=4096, sector=2, nr_sectors = 2 limit=0 [ 718.344275][T13207] EXT4-fs (nbd1): unable to read superblock [ 720.462464][T13219] 9pnet: Limiting 'msize' to 1048576 as this is the maximum supported by transport fd [ 722.622821][T13255] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2262'. [ 723.277852][T13262] syz_tun: entered allmulticast mode [ 725.771773][T13287] 9pnet: Limiting 'msize' to 1048576 as this is the maximum supported by transport fd [ 726.621693][T13306] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2278'. [ 730.814817][T13339] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2287'. [ 730.903207][T13340] netlink: 68 bytes leftover after parsing attributes in process `syz.0.2288'. [ 731.135656][T13344] 9pnet: Limiting 'msize' to 1048576 as this is the maximum supported by transport fd [ 732.603434][T13362] syz.4.2295: attempt to access beyond end of device [ 732.603434][T13362] nbd4: rw=4096, sector=2, nr_sectors = 2 limit=0 [ 732.603525][T13362] EXT4-fs (nbd4): unable to read superblock [ 735.823305][T13392] 9pnet: Limiting 'msize' to 1048576 as this is the maximum supported by transport fd [ 736.714994][T13404] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 737.386115][T13414] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2308'. [ 741.075170][T13448] 9pnet: Limiting 'msize' to 1048576 as this is the maximum supported by transport fd [ 741.554829][T13453] xt_hashlimit: size too large, truncated to 1048576 [ 746.019032][T13503] xt_hashlimit: size too large, truncated to 1048576 [ 747.146459][T13516] 9pnet: Limiting 'msize' to 1048576 as this is the maximum supported by transport fd [ 747.442557][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.776826][T13519] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2338'. [ 748.091519][T13528] syz_tun: entered allmulticast mode [ 748.108650][T13521] syz_tun: left allmulticast mode [ 751.474207][T13555] syz.3.2353: attempt to access beyond end of device [ 751.474207][T13555] nbd3: rw=4096, sector=2, nr_sectors = 2 limit=0 [ 751.487822][T13555] EXT4-fs (nbd3): unable to read superblock [ 752.579658][T13576] loop6: detected capacity change from 0 to 7 [ 752.599743][T13576] Dev loop6: unable to read RDB block 7 [ 752.627438][T13576] loop6: AHDI p1 p2 p3 [ 752.687873][T13576] loop6: partition table partially beyond EOD, truncated [ 752.713263][T13576] loop6: p1 start 1601398130 is beyond EOD, truncated [ 752.730372][T13576] loop6: p2 start 1702059890 is beyond EOD, truncated [ 757.535752][T13622] syz.3.2370: attempt to access beyond end of device [ 757.535752][T13622] nbd3: rw=4096, sector=2, nr_sectors = 2 limit=0 [ 757.548893][T13622] EXT4-fs (nbd3): unable to read superblock [ 759.148124][T13642] netlink: 'syz.2.2377': attribute type 1 has an invalid length. [ 761.745399][T13670] syz.3.2385: attempt to access beyond end of device [ 761.745399][T13670] nbd3: rw=4096, sector=2, nr_sectors = 2 limit=0 [ 761.759123][T13670] EXT4-fs (nbd3): unable to read superblock [ 762.500609][T13667] syz_tun: entered allmulticast mode [ 762.679722][T13678] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2388'. [ 762.827338][T13666] syz_tun: left allmulticast mode [ 763.080173][T13681] kvm: kvm [13679]: vcpu1, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x1 [ 763.090858][T13681] kvm: kvm [13679]: vcpu1, guest rIP: 0x1b8 Unhandled WRMSR(0xc2) = 0x1 [ 765.199546][T13711] xt_hashlimit: size too large, truncated to 1048576 [ 772.444513][T13795] syz.4.2422: attempt to access beyond end of device [ 772.444513][T13795] nbd4: rw=4096, sector=2, nr_sectors = 2 limit=0 [ 772.458144][T13795] EXT4-fs (nbd4): unable to read superblock [ 773.770708][T10795] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 773.951485][T10795] usb 2-1: too many configurations: 9, using maximum allowed: 8 [ 774.710917][T10795] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 774.720356][T10795] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 774.731981][T10795] usb 2-1: config 0 interface 0 has no altsetting 0 [ 774.745549][T10795] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 774.757732][T10795] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 774.773319][T10795] usb 2-1: config 0 interface 0 has no altsetting 0 [ 774.781701][T10795] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 774.793450][T10795] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 774.807350][T10795] usb 2-1: config 0 interface 0 has no altsetting 0 [ 774.816303][T10795] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 774.826150][T10795] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 774.848197][T10795] usb 2-1: config 0 interface 0 has no altsetting 0 [ 774.858269][T10795] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 774.873890][T10795] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 774.900756][T10795] usb 2-1: config 0 interface 0 has no altsetting 0 [ 774.914316][T10795] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 775.112484][T10795] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 775.124982][T10795] usb 2-1: config 0 interface 0 has no altsetting 0 [ 775.134386][T10795] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 775.142229][T13832] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2437'. [ 775.157394][T10795] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 775.932924][T10795] usb 2-1: config 0 interface 0 has no altsetting 0 [ 776.024754][T10795] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 776.148873][T10795] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 776.287381][T10795] usb 2-1: config 0 interface 0 has no altsetting 0 [ 776.337454][T10795] usb 2-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 776.377053][T10795] usb 2-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 776.408359][T10795] usb 2-1: Product: syz [ 776.561929][T10346] usb 3-1: new low-speed USB device number 11 using dummy_hcd [ 776.581739][T10795] usb 2-1: Manufacturer: syz [ 776.586955][T10795] usb 2-1: SerialNumber: syz [ 776.633577][T10795] usb 2-1: config 0 descriptor?? [ 776.893203][T13851] syz.0.2438: attempt to access beyond end of device [ 776.893203][T13851] nbd0: rw=4096, sector=2, nr_sectors = 2 limit=0 [ 776.908781][T13851] EXT4-fs (nbd0): unable to read superblock [ 777.411772][T10795] usb 2-1: can't set config #0, error -71 [ 777.539040][T13847] 9pnet: Limiting 'msize' to 1048576 as this is the maximum supported by transport fd [ 777.749237][T10795] usb 2-1: USB disconnect, device number 12 [ 778.076334][T10346] usb 3-1: descriptor type invalid, skip [ 778.100744][T10346] usb 3-1: No LPM exit latency info found, disabling LPM. [ 778.149743][T10346] usb 3-1: config 1 interface 0 altsetting 248 endpoint 0x82 is Bulk; changing to Interrupt [ 778.174590][T10346] usb 3-1: config 1 interface 0 altsetting 248 endpoint 0x3 is Bulk; changing to Interrupt [ 778.189133][T10346] usb 3-1: config 1 interface 0 has no altsetting 0 [ 778.427140][T10346] usb 3-1: string descriptor 0 read error: -22 [ 778.434347][T10346] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 778.444194][T10346] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 778.456384][T13842] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 778.514947][T13842] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 778.645231][T10346] cdc_ether 3-1:1.0: probe with driver cdc_ether failed with error -22 [ 778.819318][T10346] usb 3-1: USB disconnect, device number 11 [ 782.137215][T13899] syz.2.2453: attempt to access beyond end of device [ 782.137215][T13899] nbd2: rw=4096, sector=2, nr_sectors = 2 limit=0 [ 782.151612][T13899] EXT4-fs (nbd2): unable to read superblock [ 787.492521][T13951] syz.3.2467: attempt to access beyond end of device [ 787.492521][T13951] nbd3: rw=4096, sector=2, nr_sectors = 2 limit=0 [ 787.507072][T13951] EXT4-fs (nbd3): unable to read superblock [ 789.436441][T13966] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 791.856633][T13993] binder: 13992:13993 unknown command 0 [ 791.864229][T13993] binder: 13992:13993 ioctl c0306201 200000000080 returned -22 [ 797.251741][T14025] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 797.679971][T14047] 9pnet: Limiting 'msize' to 1048576 as this is the maximum supported by transport fd [ 799.515076][T14053] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2500'. [ 805.548685][T14099] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2514'. [ 806.825244][T14114] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 808.375646][T14128] netlink: 68 bytes leftover after parsing attributes in process `syz.2.2522'. [ 808.549089][T14130] xt_hashlimit: size too large, truncated to 1048576 [ 809.103638][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 810.684849][T14147] 9pnet: Limiting 'msize' to 1048576 as this is the maximum supported by transport fd [ 812.479982][T14164] netlink: 160 bytes leftover after parsing attributes in process `syz.3.2532'. [ 813.450393][T14170] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2534'. [ 815.240279][T14189] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 815.481141][T14188] 9pnet: Limiting 'msize' to 1048576 as this is the maximum supported by transport fd [ 817.114937][T14210] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2548'. [ 817.141879][T14212] loop6: detected capacity change from 0 to 7 [ 817.190936][T14212] Dev loop6: unable to read RDB block 7 [ 817.196564][T14212] loop6: AHDI p1 p2 p3 [ 817.201087][T14212] loop6: partition table partially beyond EOD, truncated [ 817.208348][T14212] loop6: p1 start 1601398130 is beyond EOD, truncated [ 817.215622][T14212] loop6: p2 start 1702059890 is beyond EOD, truncated [ 817.301060][T14215] xt_hashlimit: size too large, truncated to 1048576 [ 818.564142][T14231] 9pnet: Limiting 'msize' to 1048576 as this is the maximum supported by transport fd [ 819.246149][T14242] netlink: 'syz.3.2555': attribute type 11 has an invalid length. [ 820.321245][T14255] netlink: 68 bytes leftover after parsing attributes in process `syz.4.2558'. [ 821.579840][T14261] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2560'. [ 821.763876][T14269] loop6: detected capacity change from 0 to 7 [ 821.773690][T14269] Dev loop6: unable to read RDB block 7 [ 821.779321][T14269] loop6: AHDI p1 p2 p3 [ 821.783826][T14269] loop6: partition table partially beyond EOD, truncated [ 821.791181][T14269] loop6: p1 start 1601398130 is beyond EOD, truncated [ 821.798146][T14269] loop6: p2 start 1702059890 is beyond EOD, truncated [ 821.832841][T14273] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2564'. [ 821.845543][T14265] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2563'. [ 822.341599][T14262] vxcan1: entered allmulticast mode [ 823.905895][T14297] netlink: 'syz.0.2571': attribute type 11 has an invalid length. [ 826.612145][T14312] netlink: 68 bytes leftover after parsing attributes in process `syz.3.2574'. [ 827.803650][T14320] loop6: detected capacity change from 0 to 7 [ 827.811507][T14320] Dev loop6: unable to read RDB block 7 [ 827.817111][T14320] loop6: AHDI p1 p2 p3 [ 827.821368][T14320] loop6: partition table partially beyond EOD, truncated [ 827.828532][T14320] loop6: p1 start 1601398130 is beyond EOD, truncated [ 827.835488][T14320] loop6: p2 start 1702059890 is beyond EOD, truncated [ 827.888915][T14322] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2577'. [ 829.833299][T14339] xt_hashlimit: size too large, truncated to 1048576 [ 832.081105][T14368] loop6: detected capacity change from 0 to 7 [ 833.352142][T14368] Dev loop6: unable to read RDB block 7 [ 833.357860][T14368] loop6: AHDI p1 p2 p3 [ 833.366657][T14368] loop6: partition table partially beyond EOD, truncated [ 833.376335][T14368] loop6: p1 start 1601398130 is beyond EOD, truncated [ 833.383237][T14368] loop6: p2 start 1702059890 is beyond EOD, truncated [ 835.910856][T14378] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2592'. [ 837.227579][T14390] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2596'. [ 837.240397][T14389] xt_hashlimit: size too large, truncated to 1048576 [ 840.888392][T14422] 9pnet: Limiting 'msize' to 1048576 as this is the maximum supported by transport fd [ 846.051739][T14475] 9pnet: Limiting 'msize' to 1048576 as this is the maximum supported by transport fd [ 846.261514][T14481] xt_hashlimit: size too large, truncated to 1048576 [ 850.284222][T14517] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2629'. [ 853.974400][T14548] netlink: 120 bytes leftover after parsing attributes in process `syz.4.2637'. [ 854.980761][T14548] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2637'. [ 856.427243][T14564] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2641'. [ 857.010693][T14578] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2642'. [ 860.978171][T14606] netlink: 120 bytes leftover after parsing attributes in process `syz.1.2652'. [ 860.991461][T14606] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2652'. [ 866.840439][T14645] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2665'. [ 867.122581][T14653] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2668'. [ 867.275493][T14654] loop6: detected capacity change from 0 to 7 [ 867.301380][T14654] Dev loop6: unable to read RDB block 7 [ 867.307023][T14654] loop6: AHDI p1 p2 p3 [ 867.311916][T14654] loop6: partition table partially beyond EOD, truncated [ 867.319169][T14654] loop6: p1 start 1601398130 is beyond EOD, truncated [ 867.326040][T14654] loop6: p2 start 1702059890 is beyond EOD, truncated [ 870.471172][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 870.495740][T14685] [ 870.498115][T14685] ====================================================== [ 870.505133][T14685] WARNING: possible circular locking dependency detected [ 870.512157][T14685] 6.16.0-rc6-next-20250714-syzkaller #0 Not tainted [ 870.518728][T14685] ------------------------------------------------------ [ 870.525730][T14685] syz.4.2674/14685 is trying to acquire lock: [ 870.531783][T14685] ffff88807dcd5088 (&of->mutex){+.+.}-{4:4}, at: kernfs_seq_start+0x55/0x3c0 [ 870.540586][T14685] [ 870.540586][T14685] but task is already holding lock: [ 870.547938][T14685] ffff8880756b21c8 (&p->lock){+.+.}-{4:4}, at: seq_read_iter+0xb7/0xe10 [ 870.556283][T14685] [ 870.556283][T14685] which lock already depends on the new lock. [ 870.556283][T14685] [ 870.566674][T14685] [ 870.566674][T14685] the existing dependency chain (in reverse order) is: [ 870.575761][T14685] [ 870.575761][T14685] -> #3 (&p->lock){+.+.}-{4:4}: [ 870.582791][T14685] lock_acquire+0x120/0x360 [ 870.587807][T14685] __mutex_lock+0x182/0xe80 [ 870.592825][T14685] seq_read_iter+0xb7/0xe10 [ 870.597842][T14685] copy_splice_read+0x54f/0x9b0 [ 870.603204][T14685] splice_file_to_pipe+0x273/0x440 [ 870.608827][T14685] do_sendfile+0x475/0x7e0 [ 870.613806][T14685] __se_sys_sendfile64+0x13e/0x190 [ 870.619435][T14685] do_syscall_64+0xfa/0x3b0 [ 870.624455][T14685] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 870.630857][T14685] [ 870.630857][T14685] -> #2 (&pipe->mutex){+.+.}-{4:4}: [ 870.638232][T14685] lock_acquire+0x120/0x360 [ 870.643244][T14685] __mutex_lock+0x182/0xe80 [ 870.648262][T14685] anon_pipe_write+0x16a/0x1360 [ 870.653631][T14685] __kernel_write_iter+0x3ec/0x860 [ 870.659253][T14685] __kernel_write+0xef/0x150 [ 870.664352][T14685] autofs_notify_daemon+0x748/0xe50 [ 870.670063][T14685] autofs_wait+0x11dc/0x1870 [ 870.675166][T14685] autofs_mount_wait+0x16b/0x330 [ 870.680614][T14685] autofs_d_automount+0x393/0x720 [ 870.686150][T14685] __traverse_mounts+0x308/0x5b0 [ 870.691601][T14685] step_into+0x534/0xf30 [ 870.696362][T14685] path_lookupat+0x163/0x430 [ 870.701466][T14685] filename_lookup+0x212/0x570 [ 870.706737][T14685] kern_path+0x35/0x50 [ 870.711319][T14685] lookup_bdev+0xc0/0x280 [ 870.716156][T14685] resume_store+0x169/0x460 [ 870.721170][T14685] kernfs_fop_write_iter+0x375/0x4f0 [ 870.726968][T14685] vfs_write+0x548/0xa90 [ 870.731721][T14685] ksys_write+0x145/0x250 [ 870.736565][T14685] do_syscall_64+0xfa/0x3b0 [ 870.741583][T14685] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 870.747987][T14685] [ 870.747987][T14685] -> #1 (&sbi->pipe_mutex){+.+.}-{4:4}: [ 870.755713][T14685] lock_acquire+0x120/0x360 [ 870.760724][T14685] __mutex_lock+0x182/0xe80 [ 870.765740][T14685] autofs_notify_daemon+0x735/0xe50 [ 870.771548][T14685] autofs_wait+0x11dc/0x1870 [ 870.776652][T14685] autofs_mount_wait+0x16b/0x330 [ 870.782100][T14685] autofs_d_automount+0x393/0x720 [ 870.787635][T14685] __traverse_mounts+0x308/0x5b0 [ 870.793092][T14685] step_into+0x534/0xf30 [ 870.797849][T14685] path_lookupat+0x163/0x430 [ 870.802949][T14685] filename_lookup+0x212/0x570 [ 870.808221][T14685] kern_path+0x35/0x50 [ 870.812801][T14685] lookup_bdev+0xc0/0x280 [ 870.817640][T14685] resume_store+0x169/0x460 [ 870.822658][T14685] kernfs_fop_write_iter+0x375/0x4f0 [ 870.828458][T14685] vfs_write+0x548/0xa90 [ 870.833212][T14685] ksys_write+0x145/0x250 [ 870.838051][T14685] do_syscall_64+0xfa/0x3b0 [ 870.843068][T14685] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 870.849471][T14685] [ 870.849471][T14685] -> #0 (&of->mutex){+.+.}-{4:4}: [ 870.856667][T14685] validate_chain+0xb9b/0x2140 [ 870.861969][T14685] __lock_acquire+0xab9/0xd20 [ 870.867156][T14685] lock_acquire+0x120/0x360 [ 870.872166][T14685] __mutex_lock+0x182/0xe80 [ 870.877181][T14685] kernfs_seq_start+0x55/0x3c0 [ 870.882461][T14685] seq_read_iter+0x3f2/0xe10 [ 870.887558][T14685] copy_splice_read+0x54f/0x9b0 [ 870.892952][T14685] splice_file_to_pipe+0x273/0x440 [ 870.898575][T14685] do_sendfile+0x475/0x7e0 [ 870.903499][T14685] __se_sys_sendfile64+0x13e/0x190 [ 870.909122][T14685] do_syscall_64+0xfa/0x3b0 [ 870.914145][T14685] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 870.920546][T14685] [ 870.920546][T14685] other info that might help us debug this: [ 870.920546][T14685] [ 870.930755][T14685] Chain exists of: [ 870.930755][T14685] &of->mutex --> &pipe->mutex --> &p->lock [ 870.930755][T14685] [ 870.942479][T14685] Possible unsafe locking scenario: [ 870.942479][T14685] [ 870.949920][T14685] CPU0 CPU1 [ 870.955274][T14685] ---- ---- [ 870.960627][T14685] lock(&p->lock); [ 870.964424][T14685] lock(&pipe->mutex); [ 870.971093][T14685] lock(&p->lock); [ 870.977420][T14685] lock(&of->mutex); [ 870.981395][T14685] [ 870.981395][T14685] *** DEADLOCK *** [ 870.981395][T14685] [ 870.989523][T14685] 2 locks held by syz.4.2674/14685: [ 870.994703][T14685] #0: ffff88807a7c4c68 (&pipe->mutex){+.+.}-{4:4}, at: splice_file_to_pipe+0x2e/0x440 [ 871.004356][T14685] #1: ffff8880756b21c8 (&p->lock){+.+.}-{4:4}, at: seq_read_iter+0xb7/0xe10 [ 871.013135][T14685] [ 871.013135][T14685] stack backtrace: [ 871.019030][T14685] CPU: 1 UID: 0 PID: 14685 Comm: syz.4.2674 Not tainted 6.16.0-rc6-next-20250714-syzkaller #0 PREEMPT(full) [ 871.019049][T14685] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 871.019069][T14685] Call Trace: [ 871.019077][T14685] [ 871.019086][T14685] dump_stack_lvl+0x189/0x250 [ 871.019105][T14685] ? __pfx_dump_stack_lvl+0x10/0x10 [ 871.019129][T14685] ? __pfx__printk+0x10/0x10 [ 871.019155][T14685] ? print_lock_name+0xde/0x100 [ 871.019172][T14685] print_circular_bug+0x2ee/0x310 [ 871.019190][T14685] check_noncircular+0x134/0x160 [ 871.019206][T14685] validate_chain+0xb9b/0x2140 [ 871.019221][T14685] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 871.019237][T14685] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 871.019257][T14685] ? look_up_lock_class+0x74/0x170 [ 871.019273][T14685] ? register_lock_class+0x51/0x320 [ 871.019293][T14685] __lock_acquire+0xab9/0xd20 [ 871.019306][T14685] ? kernfs_seq_start+0x55/0x3c0 [ 871.019322][T14685] lock_acquire+0x120/0x360 [ 871.019333][T14685] ? kernfs_seq_start+0x55/0x3c0 [ 871.019353][T14685] __mutex_lock+0x182/0xe80 [ 871.019368][T14685] ? kernfs_seq_start+0x55/0x3c0 [ 871.019387][T14685] ? kernfs_seq_start+0x55/0x3c0 [ 871.019403][T14685] ? __pfx___mutex_lock+0x10/0x10 [ 871.019422][T14685] ? seq_read_iter+0x1fd/0xe10 [ 871.019436][T14685] ? rcu_is_watching+0x15/0xb0 [ 871.019449][T14685] ? seq_read_iter+0x1fd/0xe10 [ 871.019463][T14685] kernfs_seq_start+0x55/0x3c0 [ 871.019481][T14685] seq_read_iter+0x3f2/0xe10 [ 871.019501][T14685] copy_splice_read+0x54f/0x9b0 [ 871.019521][T14685] ? splice_file_to_pipe+0x2e/0x440 [ 871.019537][T14685] ? __pfx_copy_splice_read+0x10/0x10 [ 871.019559][T14685] ? __pfx_copy_splice_read+0x10/0x10 [ 871.019575][T14685] splice_file_to_pipe+0x273/0x440 [ 871.019592][T14685] do_sendfile+0x475/0x7e0 [ 871.019604][T14685] ? lockdep_hardirqs_on+0x9c/0x150 [ 871.019621][T14685] ? __pfx_do_sendfile+0x10/0x10 [ 871.019634][T14685] ? __se_sys_futex+0x36f/0x400 [ 871.019652][T14685] __se_sys_sendfile64+0x13e/0x190 [ 871.019670][T14685] ? __pfx___se_sys_sendfile64+0x10/0x10 [ 871.019688][T14685] ? __secure_computing+0xe2/0x2a0 [ 871.019704][T14685] do_syscall_64+0xfa/0x3b0 [ 871.019720][T14685] ? lockdep_hardirqs_on+0x9c/0x150 [ 871.019735][T14685] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 871.019748][T14685] ? clear_bhb_loop+0x60/0xb0 [ 871.019762][T14685] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 871.019777][T14685] RIP: 0033:0x7f43a058e929 [ 871.019794][T14685] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 871.019807][T14685] RSP: 002b:00007f43a1320038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 871.019821][T14685] RAX: ffffffffffffffda RBX: 00007f43a07b6240 RCX: 00007f43a058e929 [ 871.019831][T14685] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 0000000000000000 [ 871.019839][T14685] RBP: 00007f43a0610b39 R08: 0000000000000000 R09: 0000000000000000 [ 871.019847][T14685] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000000 [ 871.019855][T14685] R13: 0000000000000000 R14: 00007f43a07b6240 R15: 00007ffd009e4918 [ 871.019870][T14685]