last executing test programs: 9m18.029227711s ago: executing program 2 (id=399): r0 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x80044940, &(0x7f0000001fc0)) socket$inet_tcp(0x2, 0x1, 0x0) ioctl$IMADDTIMER(r0, 0x80044940, &(0x7f00000000c0)=0x14) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r1, 0x0, 0xd}, 0x18) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r3 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r3) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(camellia)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5910fae9d6dcd3292ea54c7b6ef915d564c90c2", 0x17) r5 = accept4(r4, 0x0, 0x0, 0x0) sendmsg$nl_route_sched_retired(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000003100)=@newtaction={0xacc, 0x30, 0x800, 0x70bd2a, 0x25dfdbfc, {}, [{0x914, 0x1, [@m_ipt={0x278, 0x17, 0x0, 0x0, {{0x8}, {0x1bc, 0x2, 0x0, 0x1, [@TCA_IPT_TARG={0xf1, 0x6, {0x0, 'raw\x00', 0xe, 0xb3, "01df771ed4aa468d466490bb6d3a762752b0276450737133d354ea68c13a92efe99064741e04d8a20e194e30a60295d386bccda0f3007979597e6d03b954a8f914ba7b899f16c20d6d72edd9b6f52db88f3ba2e308499f6252662a51fa4b12868b58f75e27ec9103b8068b9b811e21bd2aa37e31ee1bb8e60ecb8155c8e19ea1c7fdbb9aa819059c61aa86c434a7c8da18ab573d7585bec9c1d4494956d182e7b35a526fd48659ab60beb8f339651c715661a36a876cce3dd7a98863f318caef99752c65346980"}}, @TCA_IPT_TABLE={0x24, 0x1, 'filter\x00'}, @TCA_IPT_HOOK={0x8, 0x2, 0x2}, @TCA_IPT_TABLE={0x24, 0x1, 'nat\x00'}, @TCA_IPT_TABLE={0x24, 0x1, 'mangle\x00'}, @TCA_IPT_TARG={0x3d, 0x6, {0xff3b, 'nat\x00', 0x6a, 0xfff, "ec6c358b1b02688c45d6891b8d39befc710e9c"}}, @TCA_IPT_INDEX={0x8, 0x3, 0x3ff}, @TCA_IPT_HOOK={0x8}]}, {0x95, 0x6, "33c428b1016ea0e62b6c917780554ec63a01a7382016d430730d1158d5469fa35f73d351ec348637d292a8c8699738644c304a14a0ca2e2c1422d9493ae361a88a61e76022334cc9eff1d9b15acf815ab9bf490688724773d3775e92953306fa3923bf0b3eb78ed4c4e43760fb360a12727f0000004fe4c5639595b4ce1706ccb85c9b5872240c31834297cfb06b7eaaa1"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}, @m_ipt={0x17c, 0x11, 0x0, 0x0, {{0x8}, {0xf0, 0x2, 0x0, 0x1, [@TCA_IPT_TARG={0xb5, 0x6, {0x7, 'mangle\x00', 0x4, 0x7, "852c07967e4bde8acbdebf709c7f67b435415e9fad5eed399218069c30b3db399d5bdbdffc09aa13d6aef79a3360cf4b7d5e8a92b817394560aba652eb4e4ec31470dd9b8becbf6cad6f3328aec2ac14541a30a5f89f2a6e60534a70c1deccc519f73984d6d2ae8b9fe17278f03e9f60e876c3b1fc1ef49873f24bd44137256bfd0a27e100d2162e3f7b17"}}, @TCA_IPT_HOOK={0x8, 0x2, 0x5}, @TCA_IPT_HOOK={0x8, 0x2, 0x2}, @TCA_IPT_TABLE={0x24, 0x1, 'nat\x00'}]}, {0x65, 0x6, "195244b493b69a109e343c48236a318aa067ccccb2000506f4e63246fce6276de9355aae82ccf014b3a51009a53cc597e7eec180e252560262d28e1340152b8389fc3dcbd1c60cbef5aa738a80d9582b7bf553a33208654c9b7b642eb56b8a9716"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x2, 0x3}}}}, @m_ipt={0x154, 0x17, 0x0, 0x0, {{0x8}, {0xa4, 0x2, 0x0, 0x1, [@TCA_IPT_INDEX={0x8, 0x3, 0x7}, @TCA_IPT_TABLE={0x24, 0x1, 'security\x00'}, @TCA_IPT_TABLE={0x24, 0x1, 'raw\x00'}, @TCA_IPT_TABLE={0x24, 0x1, 'mangle\x00'}, @TCA_IPT_TABLE={0x24, 0x1, 'raw\x00'}, @TCA_IPT_INDEX={0x8, 0x3, 0x4}]}, {0x89, 0x6, "828d51b8c024f3ba75276291fd744bf1d83ac94c40f59c2d7aabe5cffe85cb1235f3e723c7a0ca6f1a15a0e38afac0bc7115796816162cbc6d09aea501ff36a46772ec7a3aa4d7c60363ff8f0eeda2f3eb8c435fb1d254244779da6c44c5dc30ed21a60df465ec395bc4d898dc7104dc47d809383d1d5431371c66f76842e2571bf73ce597"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x2, 0x1}}}}, @m_ipt={0x114, 0x3, 0x0, 0x0, {{0x8}, {0x78, 0x2, 0x0, 0x1, [@TCA_IPT_HOOK={0x8, 0x2, 0x1}, @TCA_IPT_TARG={0x69, 0x6, {0x3, 'security\x00', 0x84, 0x8, "cf8102ab12c6b2198a413eaa65607ab7ca51ab206bef3fe70b20aa2e7aacfa341b2d9158773430366e3a48eb70679ab8b9759ebcd3b2636776df09c3eb7702"}}]}, {0x75, 0x6, "1d4af027bf39e92f2bc3b16061477612108c4de6dbb9dbc37f978e20a11849888f1cfa0d69961cc5b133c25b0a606d867918fd28cefd9936cea3c502ba83dbc878d09708660761105b2cb89c15f4eb2ff9ca07aba60aef01aab6097fa30bc52f5c31cbba441df32848abb9344a809a2a4c"}, {0xc}, {0xc, 0x8, {0x2, 0x1}}}}, @m_ipt={0x134, 0x11, 0x0, 0x0, {{0x8}, {0xd8, 0x2, 0x0, 0x1, [@TCA_IPT_TARG={0xd4, 0x6, {0x2, 'mangle\x00', 0x1, 0x1, "26b28bee405c084d7d3004660f6902208128531e54ab5a1819783607be3e2e463fc401b2d641a72c11f6aea69efbc1dac1e8f34f762cbc8ee0231ffeebcb773de1e20df7f65c7029200a9570577fe540733523b10491dc5fda6c0091603360fb1b6019648c7b5ef50f8741b6670963cc5d8533f50c4a2cfbeda3e0ed5070ab41e44997bdda4c34c11413cb846041ef4060b9cb71e527a7dd8e4efb7877f6f37b7cd8648d2d22911f9fbf"}}]}, {0x35, 0x6, "e7ba22f1ebc93a7960461c2acdaf1da6af842571f14f3b0700806b225899f9ba581b6cc401693affa591693a24cad555ae"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x2}}}}, @m_ipt={0x64, 0x20, 0x0, 0x0, {{0x8}, {0x28, 0x2, 0x0, 0x1, [@TCA_IPT_TABLE={0x24, 0x1, 'raw\x00'}]}, {0x15, 0x6, "a0f801aae36e077609a01908bc70dd5a7c"}, {0xc}, {0xc, 0x8, {0x2, 0x2}}}}, @m_ipt={0x11c, 0x20, 0x0, 0x0, {{0x8}, {0x6c, 0x2, 0x0, 0x1, [@TCA_IPT_TARG={0x55, 0x6, {0xfffa, 'nat\x00', 0x4, 0x8, "b112d50939750fa56623826275793a59f694cdc8bda79320bfe1d4c8997abe43daace6790afb2937cfb2e0"}}, @TCA_IPT_INDEX={0x8, 0x3, 0x6}, @TCA_IPT_INDEX={0x8, 0x3, 0x6062ae06}]}, {0x89, 0x6, "080f497fef56763eb14339e04d8880b35d4fcb1f3ccd5757021fa31ef38a7d4c8fca4f32d5757fdee1a2aceaaeb6abdad810154a059435c356867b27c8df5015f90bffb81405bdefffef46fede1a8038897bb9fd967f32f04f15a8596894786759dc20093ddbffb2158f5c0591205638b11d518d459f3137f1349ab013b3b5732e45d6b45f"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1, 0x97dd299ab8dc81d}}}}]}, {0x44, 0x1, [@m_ipt={0x40, 0x3, 0x0, 0x0, {{0x8}, {0x4}, {0x15, 0x6, "e2ebd2e0185a4d308803e9306ec5d2b0e6"}, {0xc}, {0xc, 0x8, {0x1, 0x3}}}}]}, {0x160, 0x1, [@m_ipt={0xf8, 0x6, 0x0, 0x0, {{0x8}, {0x28, 0x2, 0x0, 0x1, [@TCA_IPT_TABLE={0x24, 0x1, 'raw\x00'}]}, {0xa9, 0x6, "f5fcf6c5d281ac07391f35700b5786a70ee288211391aef6ec3378d7dd4a7c7445b8d3046ec059dd382a214deedda165d8663d562a47b1afb15557c5ceab4960c0442cc36ea1e65aa9650e7ac2c900fbb08da34b73b6b699463a47761daa69afd529deea7f5c97d3f950af23793139f4c0c3cea503bb9a23d2f7677c9bf150e350defce66ec3eccbaabb1e8f7fe7c49b9e91ecca113edb7f81da88a113c1065219a1d6062e"}, {0xc}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ipt={0x64, 0x1a, 0x0, 0x0, {{0x8}, {0x4}, {0x3b, 0x6, "4b6275823d714c9413915317da89818cb9f96e8938cf5d91ef0ce403d55fc9bdc74a0a5b88653980ed0af5c857ee3a0361bfe072c3d9c7"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x0, 0x3}}}}]}]}, 0xacc}}, 0x4008800) recvmmsg$unix(r5, &(0x7f0000000e00), 0x0, 0x0, 0x0) sendmmsg$inet6(r5, &(0x7f0000004d00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x10) socket(0x40000000015, 0x5, 0x0) socket$rxrpc(0x21, 0x2, 0x2) readv(r0, &(0x7f0000000380)=[{&(0x7f0000000440)=""/162, 0xa2}], 0x1) 9m15.993133275s ago: executing program 2 (id=403): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(0x0, 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) setitimer(0x0, 0x0, &(0x7f0000000040)) 9m14.413861915s ago: executing program 2 (id=408): socket$nl_route(0x10, 0x3, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) accept4$unix(0xffffffffffffffff, &(0x7f00000002c0), &(0x7f0000000180)=0x9a, 0x1800) ioctl$SG_GET_VERSION_NUM(0xffffffffffffffff, 0x2282, 0x0) r0 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f0000000000)=0xffb) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x3000001, 0x32, 0xffffffffffffffff, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f0000000540)=0x7b1) 9m14.339859887s ago: executing program 2 (id=409): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) openat$sndseq(0xffffffffffffff9c, 0x0, 0x80) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r1 = syz_init_net_socket$llc(0x1a, 0x801, 0x0) bind$llc(r1, 0x0, 0x0) listen(r1, 0x0) accept4$llc(r1, 0x0, 0x0, 0x0) 9m14.174142926s ago: executing program 2 (id=413): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000faffffff850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = bpf$MAP_CREATE(0x0, 0x0, 0x48) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=@bloom_filter={0x1e, 0x2, 0x8fc, 0x292, 0x20c01, r1, 0x1, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x0, 0x5, 0x1}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000680), &(0x7f0000000780), 0x6, r2}, 0x38) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r3}, 0x18) connect$netlink(r0, &(0x7f0000000000)=@proc={0x10, 0x0, 0x25dfdbfb, 0x800}, 0xc) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000380)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x50) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r4 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r4, 0x1, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f0000000400)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000fdffffff850000002d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xa, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) unlink(&(0x7f0000000000)='./cgroup.cpu/cpuset.cpus\x00') r7 = syz_open_procfs(0x0, &(0x7f0000000440)='net/if_inet6\x00') pread64(r7, &(0x7f0000000180)=""/43, 0xfd8a, 0x3c) 9m10.49984127s ago: executing program 2 (id=416): mount$binderfs(0x0, 0x0, 0x0, 0x4800, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) r0 = syz_open_dev$sndctrl(&(0x7f0000000080), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_TLV_READ(r0, 0xc008551a, &(0x7f0000001100)={0x3}) prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x20, 0x0, 0x0) setsockopt$inet6_int(r2, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) sendmsg$inet6(r2, &(0x7f0000000600)={&(0x7f0000000080)={0xa, 0x4e20, 0x1000000080000, @dev={0xfe, 0x80, '\x00', 0x25}}, 0x1c, 0x0, 0x0, &(0x7f0000000200)=ANY=[], 0x30}, 0x0) r3 = fanotify_init(0x2, 0x40000) syz_open_dev$vbi(&(0x7f0000000040), 0x0, 0x2) unshare(0x2a020480) fanotify_mark(r3, 0x1, 0x32, 0xffffffffffffffff, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f0000001380)=[{{&(0x7f0000000300)=@nfc={0x27, 0x0, 0x1, 0x6}, 0x80, &(0x7f0000000500)=[{0x0}, {&(0x7f0000000400)="c0d49b1db4d2a96b93930bb02db501f8210a823b93dc10c78feae1f0d578e143e49efa97301f5cbfae79e1b91ab546f456c6", 0x32}, {0x0}, {0x0}], 0x4, &(0x7f0000000640)=[{0x10, 0x10b, 0xeb6}, {0xa8, 0xff, 0x3, "efb137b537f1220382547e7b572ffc5ba5647e1660a7710fef125f13b199f0ab217ab0cac085983da9b7bf1fcd2de909d5e1b67a39564070365d987baf868db41f18f18b86c9b6277a087607295b32237070f609a99d1718f95697762401b4cdc02e1086ede671bfd4ff378bb2c016674693ca202cd625e4f35f067ff1a44a26a20ee32720c9898fa645eb6d77b597bdb2646c6281a2ad"}], 0xb8}}, {{&(0x7f0000000540)=@rc={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0x80, &(0x7f0000000a00)=[{0x0}, {0xfffffffffffffffe}, {&(0x7f0000000900)="77e5ccacac523a2010684ffed1844702e0454d133caa9c7c1695f8d8b0d73e95cefb026a769c78fc05c0f9e51a2ade08c95b7f2a", 0x34}], 0x3}}, {{0x0, 0x0, &(0x7f0000000cc0)=[{&(0x7f0000000bc0)}], 0x1}}, {{0x0, 0x0, &(0x7f0000001240)=[{0x0}, {&(0x7f0000001040)="00935b890d97b51613a99ecd201cc3299658644bd7", 0x15}], 0x2, &(0x7f00000012c0)=[{0x30, 0x0, 0xfffffff8, "da64718d56f2bf5fd3fe1b373bfc437e0e1d1ab81025cf7d9209f74cd328b34f"}], 0x30}}], 0x4, 0x40100) mount$9p_fd(0x0, 0x0, 0x0, 0x2004000, 0x0) syz_open_procfs(0x0, 0x0) 8m55.408474263s ago: executing program 32 (id=416): mount$binderfs(0x0, 0x0, 0x0, 0x4800, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) r0 = syz_open_dev$sndctrl(&(0x7f0000000080), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_TLV_READ(r0, 0xc008551a, &(0x7f0000001100)={0x3}) prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x20, 0x0, 0x0) setsockopt$inet6_int(r2, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) sendmsg$inet6(r2, &(0x7f0000000600)={&(0x7f0000000080)={0xa, 0x4e20, 0x1000000080000, @dev={0xfe, 0x80, '\x00', 0x25}}, 0x1c, 0x0, 0x0, &(0x7f0000000200)=ANY=[], 0x30}, 0x0) r3 = fanotify_init(0x2, 0x40000) syz_open_dev$vbi(&(0x7f0000000040), 0x0, 0x2) unshare(0x2a020480) fanotify_mark(r3, 0x1, 0x32, 0xffffffffffffffff, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f0000001380)=[{{&(0x7f0000000300)=@nfc={0x27, 0x0, 0x1, 0x6}, 0x80, &(0x7f0000000500)=[{0x0}, {&(0x7f0000000400)="c0d49b1db4d2a96b93930bb02db501f8210a823b93dc10c78feae1f0d578e143e49efa97301f5cbfae79e1b91ab546f456c6", 0x32}, {0x0}, {0x0}], 0x4, &(0x7f0000000640)=[{0x10, 0x10b, 0xeb6}, {0xa8, 0xff, 0x3, "efb137b537f1220382547e7b572ffc5ba5647e1660a7710fef125f13b199f0ab217ab0cac085983da9b7bf1fcd2de909d5e1b67a39564070365d987baf868db41f18f18b86c9b6277a087607295b32237070f609a99d1718f95697762401b4cdc02e1086ede671bfd4ff378bb2c016674693ca202cd625e4f35f067ff1a44a26a20ee32720c9898fa645eb6d77b597bdb2646c6281a2ad"}], 0xb8}}, {{&(0x7f0000000540)=@rc={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0x80, &(0x7f0000000a00)=[{0x0}, {0xfffffffffffffffe}, {&(0x7f0000000900)="77e5ccacac523a2010684ffed1844702e0454d133caa9c7c1695f8d8b0d73e95cefb026a769c78fc05c0f9e51a2ade08c95b7f2a", 0x34}], 0x3}}, {{0x0, 0x0, &(0x7f0000000cc0)=[{&(0x7f0000000bc0)}], 0x1}}, {{0x0, 0x0, &(0x7f0000001240)=[{0x0}, {&(0x7f0000001040)="00935b890d97b51613a99ecd201cc3299658644bd7", 0x15}], 0x2, &(0x7f00000012c0)=[{0x30, 0x0, 0xfffffff8, "da64718d56f2bf5fd3fe1b373bfc437e0e1d1ab81025cf7d9209f74cd328b34f"}], 0x30}}], 0x4, 0x40100) mount$9p_fd(0x0, 0x0, 0x0, 0x2004000, 0x0) syz_open_procfs(0x0, 0x0) 10.150860295s ago: executing program 0 (id=2059): rmdir(&(0x7f00000001c0)='./cgroup/cgroup.procs\x00') mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x0) lseek(0xffffffffffffffff, 0x1000000, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, 0x0, 0x0) socket$rds(0x15, 0x5, 0x0) creat(0x0, 0x4b) socket$inet6(0xa, 0x1, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a14000000000a030000000000000000000700000070000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021340011800a0001006c696d6974000000247e00000000000000000000000000030c000140000000000000010108000440000000013c0000000c0a01010000000000000000070000000900020073797a31000000000900010073797a3000000000100003800c000080080003400000000214000000100001000000000000"], 0xe8}}, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x9003000000000000, 0x40, &(0x7f0000000b40)=@raw={'raw\x00', 0x2, 0x3, 0x1b8, 0x0, 0x178, 0x178, 0x90, 0x178, 0x120, 0x230, 0x230, 0x120, 0x230, 0x3, 0x0, {[{{@ip={@loopback, @empty, 0xffffff00, 0xffffff00, 'vxcan1\x00', 'syz_tun\x00', {0xff}, {0xff}, 0xfbf422f5a6890b32, 0x1, 0x5a}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20}}, {{@ip={@rand_addr=0x64010101, @initdev={0xac, 0x1e, 0x1, 0x0}, 0xff000000, 0xff000000, 'veth0_to_bond\x00', 'veth1_macvtap\x00', {0xff}, {}, 0x6c, 0x57f22a51a5babc4c, 0x37}, 0x0, 0x70, 0x90}, @unspec=@NOTRACK={0x20}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x218) r2 = syz_io_uring_setup(0x5c0, &(0x7f00000002c0)={0x0, 0x983b, 0x10000, 0x0, 0x400025d}, &(0x7f0000000000)=0x0, &(0x7f0000000540)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffff8, 0x0, 0x4) io_uring_enter(r2, 0x6e2, 0x3900, 0x1, 0x0, 0x0) openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000080), 0x185f01, 0x0) r4 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000000)={'vxcan1\x00', 0x0}) bind$can_j1939(r4, &(0x7f00000000c0)={0x1d, r5}, 0x18) connect$can_j1939(r4, &(0x7f0000000140)={0x1d, r5, 0x0, {0x1, 0xff, 0xa8fe8ad4eea2351f}, 0x2}, 0x18) sendmmsg(r4, &(0x7f0000003e40), 0x3fffffffffffe3d, 0xf5) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000480)={'wlan0\x00'}) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan0\x00'}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000000040)={'vxcan1\x00', @remote}) ioctl$SNDCTL_MIDI_PRETIME(0xffffffffffffffff, 0xc0046d00, 0x0) 10.01648313s ago: executing program 1 (id=2060): open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f0000002100)={0x2020, 0x0, 0x0}, 0x2077) write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0x20000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000}}, 0x50) syz_fuse_handle_req(r0, &(0x7f00000041c0)="412e450a2a7b9586d1e6e9de257afc4fd60c8de430c0d6348b2cf1db8d070a539de9c1e91a178f9240dbcfe303566018f6c20c55d643a2ed46aaacf49ca491ee2f06184bdb548778a2c56e56f6b40b994419428bbbb9dfa5f9593511ca8ae1c088fb0ee5da72f505000000000000002c04754204f194ae6ceff4570d44496eeffe619998eafc7167d22e1c6aa73e89ad19224e35130a37cf68d5c41ccafe59b4b753a26e06c4306d31d78de6cede97c06e3ca2cc4af66b7548268efa91621ffca2655d2c8f1a9bb019b88fa729cb3d32f72c098c44898d42c42f39feb4faead93980726c236129acdf31c01f1cabb5ca3ec4e45eb5e6e59912792b4976e3f2b560c861d49b539d8e1870040a8cf190a8a767ec067a8048aac53336b44669d3d425843ae80681a7c02a5d5a3d90f355fd4a6ac277e75230d558f0df20cb323cc65e9b5a258cdd669c8a9534e4aff09a8fe89b124748c9e756c28789c2152a5142bc0bb205e339d43bb980b3f04a3c1a424a2a093966b20600a5410e0528fb35937c998eea19f01eaf2f39e16d85563a6737ddab3213ca1832f0afdf891e34a582f6a4ac81fda70ebc3fedac2fb3a492fdb40b91021e5d371d990064cd1f7c2c1a6472dec7505f9a4940057a3e57fd53aa3cd2eb914e073a19b6e925f8553e6875c093c7d19de25861fd9640f0eca4cda0467f12126daa2e0c6df7d4e4babe5a6e59e8391be7700790315b6b8a8aa74cd6d3f054aceaeda79430676b67fe25c9029e0894b413377fc4d8300d9f9338fadd07e4c80cac08113df8971a868458c47c06fff0c1c4bfd48ea583e9e76ef103d42c233b6de10b30612cdbeb6b60a6a4dbbe2da63cc2dd4fb93cac65af3c1279274f4af0e2c5b96e6068aa5b41f7548fb72b0c142351f64446db7425115b89132b5589ee642ebbde655adb2d7d1117456a6e4f2886879b42baf85e05d53e2aceea9c3830673bdc4d081675fe76b994651af9c3f16b7513834fce4654f84558a8308fa677d05bffcc893d9813bf87c5ec520cd66ad58dc06f0c47d253cd36dfec82980fc8dbdcd4b1c037c2b30bef455984f3e8ed19d69e185fe4fbdda2c2517ec9abfbb4841252e650b6bf56fdeca9a4ee3c311de3c6859ec14cc00e95323c57c02fa894d83ea17944f3112fc19a7e11335d7951ec6dd5b4f06fb9b637313a230341ea5da6a7a959e707d0cd5fca60a6649c8df8d6c17e9a49d230e5775df14e4b43aa3420bd0b8814ec7360ab1910e69fab8932f7646d7998bdc2e8ec354c52da21ed83fb7582cb9d37bb95f144974f72c7b0ae7b42945768fa8ec0dd6daba72d05809670506ef1054282201b00906c8af64e3e13a10f180688c96549b2d3d6b04403fd571e7b132891dd4b7cf37aec25ca1e9190c17aaefbc31e059915c12c232fb7097e9fa6f35fbb265c7102db62e2264590c583ea90f1aee3f166af81430d9084eb0c760ebbb16049c9fd1fee6ce33c8ac205e3ac9c275531feadfa4054e0c027c26beb009f54aa72b864d39bb11753f77931bb960276db33021c65671e57b3708bbf979be222e8439d71f58ca87cec7a054517af398a42735b580717377a54f139e2c46813cbb03d98e49c26f4ed54d75e48573cd06145f913f4e313eeee837496dfff75aa722fd8486c45f9c959da12ae48ba4a10712120a203e2476c7b96031d8f8773f68344e6fa21831287655aabbd594e9f272eb1a7315d2d79b8bcd5e63004cd106f80b1e40a5d9e428a01bc58264f4d63c2ee9db6efa70607a642aeb883bf4b9fe009d7f09c16b05a2c9b73573e9019e161ebbdc1fc9b9cd0c5fe1b57adcba2d0f3a767ad59aafa159b3dd181f0601ff95e8af8b5410e56c81ffb8ab35b1e04af35dabf69f08572e69260b72bfd502c5a0de627fd3fee44bf1d4a261bd356056c5739398e3ff161beec1240a089625daffbc61dc5e660c274565477a0ff1797fefff04a98704802ab0674ab72d400686229608cbfd2ca20f4e62495e8b09de9d180c47375bbad72f4474b67d56104b4b466192be60f7aa668fd0a4338b856f114311842ee806d6488ab09098ed9de0e21bcc8b42a5d5713d15eca108fcc7a65d6b414a112524a6e1418644508dd957147a92d4399d13faaf01cacef40549cd11900f9aa32a8333f55796ef25d33c554a308da9797cd0ac25888311b0ac88eff0be7a36ddedcfc2b095abb4d5a6a4edbbad67b70cdf60c7ed0c5e040ced90edb3322ef684332358942ede9191b431c99b3abf8f9c50206479f0ac118c0a99df61fb9c90d846f41caa6a2448fb7e15640965e051c2af4ee72a5cc7c962bacff7019615c10e6c3054e2e5792df3aa6e2c33425552148466a88568cc79b6edebf0107b7d3d24423a665d20c3a1c0f1a6b34eb475bf875912115914cfabcf394f8a096d64e5dc95705074fe5e985497dcf052b9f748b9d4688859c0200fa43719e4722ed6c064c0efa7e07beb2a26fd724b63537fa0eb506365d5c029cd8dce7dd0a1cb9d9058c061739734af6be9e880fe7e28a211a4c368a7babd1107110ecbb384b274cc092b9511c4abde2ddd863162e2739984a9f3c0a76e3c530a27d5e385f4a3b87607b2a944e09d28239661d27719e22c0a657ea383c30859ca29cdb8fbc79bc83e995dcb361743a7e195650c37e570b768a0a1f0b118fa5be9b3c838326343ec5b376d5ee040ee29dfd868cccf9cfa4591151f519cd6e2ae1453a58aa92f90ee5be11ceb8511ab743f399be0a190eeddfd112336866831c3255ef6520d88b2581ea3767f3df01a38d9b4656f2a89c5df41443291a795da45c8a846015cd041bea0dfbe648348b10ae73ce43d9017182792cd9172eee642c549a530cc1f537f9aa70ca63792ba4a86a713ae09b917136e5bf1506ad7f367d8d2f77f47a2318facd109bba9b1327b5db9e4aeffbdcf414db761eeacc227a15cd72aa52c8ede33bdbab9de9aa1e8f470a388013d07f08777e2131bbd4856ab5c1c38d03ef407197ccf24e8b2a8db69e78f9d6623033c453541bb79f9e0be9a55588e2e54fce65fb785467064a146c4bf218068b5e3efdafaf93a98253becaef226cd79468ff1bbe0c9d43877f5cbb5844fd8957f15d3ef208aac11816585cdccf039c36b429d3d7fb634054fd0f09c8abea3746a6b7379142abde26d998ac7e39b94746c60c09f86ddbd7497849d1ef839730672449f35a3c3253666e9fc053ac1c518e44e0b84555be507f7c00fa9e4864b4bf40ac3d93f12001eb780a779e655d0633803268c094ae161a0efd652003d6ac47f9a6c28d866b56233f371627b01e0fe9361dca611a28841968d4e12cb73d49ce08fe25de4a90b2d34607202b20e71f5e1eed38e17d0a2748f548cf61735f4c9cead1cb93b11929d906d65fc60f88e6919b7b5a1014e6d408bce9c8cc832eecf9147708fe451891717d2ed99dee70773feaa97985102abd3dd05c904c28898afe060621db6564887bc4afe158fbe1d819136a1ac1dc9d8674798a93daf5255460b50c34496205834c668db4c764e76ebb6cdaf5fc44b881cc2ae87b4a7cc045143f96b1620abfd0f116e673b335beefdafa1e58d9194e010cb78956044646da5ba853ce981667f2b8e5001c2df437c9d597ccd2be7d2887f5cb7aad0539abb3f9db1c8f5cd4d7d831946ba1c1aa8737c114fec1ac9a82519f57cb48c49b7f62e9eaa89f448df33fb307cd0036c70b490ac340f7d04e14f32bfeebb08a9d5bc7bbef8f231ea09311d4c82cc55c90eb53c6c003cc98a34dd3c4ec2d8b3a655a78e16e908f368733d0a02b36fe963e2d80b5e6f7b2e3aae3013c900c76e4d56e8348bef221f8a642e692c23b12520fb68c793e789eeeceb4efb2097a4d5952d144094cd7be6edc933d257f6230e962d70ba42e1b07ad9eca0ccd60d3d9a6e06b73ccf96a8aa490ed3bd58bf4d79db65355ae145b54be004e464f4dd23fb8b1bf15e13838116083da67186513652608e37c8f847b2bcafb57bcefc7efc8c8182c7d708cce5d14695b4e618e77f8e7be81f27a05e415fd37ac21507a665b2558daee5c0b0859fedfede8c03f181ef5e0ec0da6caa3edf402dd73bcb4026c489a7cca8ab700d3e9f050006c36768a16e8a48e48ed5750b8cdb7ad1fd12d4cc8333d324d6c83905303fa7013fc02553b587544affe38f1a95e0c4c39740d63b6d387fc89b30bd5fd745cb64844b13897ccf5cca135f7d39e03ce8adcda919d86b25b52764b0a0c4f07f88df68868415de13863df84a7e8d355b09cf90e482eb4174fd01f1b371a4dc52f3c89fc3a70c71657aa5d7573ef9acf4d2b0b321c41ff2640515bb43637ba2288ca0bff2e2a3a998ad8294c52f9edfe0a4ee0a3f8ed5b4b5c43319bb9c58dd07ea3237d7bb62cb086e7ea4a81cba2cdeb28794a09c275a704963110b64720bd089e3737ee1a91e348b5e97b63e1724de1fa9f49961d653bbb47b6fa993b035cf59659bcd0306180645162568abf51127845cbe6e37cc3c19b9d69657db4258fa5e8428a73eff6506bff474c2e302ad5559ac8de44c6f0baba5e2e579e7d7f9d9ebf540674432ac11d92bfc9abdc24126888b533f43bd6f293b0bc315915743114a35308a0ee2e710522137918a2b09ddbbc7a2313a2a6b85a1ad26f14dd70072651c8300ddf6de29704b716ce1bc431c66ccc96731f46359a9f6850976c96dcb5e0ee47446f50b6b3ba90d45224066e123ad3854d877c0cdd9325000ac0d6813c30cd43d3e150335601724ca3666458dc4c04f6562296982353e155d5255c9008c0b46d21a678c8fcb3aa8d6574476e0458eb0a76a6cb50f929ed218cc4654cb4f95fb3afbc2548b74acc312563375a19e55d488599488dfed4dd31b39f29ad61dad343dfca3b45b316a34e7a7bebd2b0f562a9e69848d13fc80a4fa52d0f17bd15d9e1fd39a7dcc86128d14493805d105a745673bddea68ca74ac09d95cc7412d5be2cbd0a247a81dc9e148111e22cdf3375805469226ca3538f960a6ba6aa0eeeb87c784ffb1bfc09180a61be3c7c535fc6d593c3b3f4de21b8c3eccc9021e80fb07dce0aeb3b023bd55f24356f646791ba80e5ca21ac092a069ae0a22cfefc08c23cc7aa69b570bd17cce9de15871d363f167288f99f04761caa67f12c949466493f661d39ee4280c955446ff5a9bb14f2d1ae21cdb91a5868e0c52097cf380f571935b140562922763f1b79c3709b949c57a00b08828ce9e685f6b234b5fe3c62d9feb249ce75e81f5efd556c14d5da24dc0554723fdbe52659969a39f470e82c50c4777c908628436e31177af1125d5f70ff627462247e5bc20c47ef75f369174586d43d42f7eefdd47fefa745badebca2a881ccc018ea411cc8a7a0881422bee8704bb98e6bea9fbec63441fb45d7ccfd436909b57a2b60b788e15bda3ca7663b19bd84d0879deb639f10def9a99d42a4b9a4fd7fecbf6d2e7598678307ba9a5b6f143c27cf1ca41e3c904007bb762cd5df6e63c4cf422c2ba959e53bd8e5664cf5df6a91a4bc8cebc52b22f30060fcbc5ead53d38eabd160c1da4cab8aa95c3640ffd78074aa2cbb05cb8ea90a0c95a4a1b2be1ee94f238000f1faffa069d87039f13f5f84ff368aec5a0b10020232b9fc954a6c22573ef48459e574d48a4845837e1d6ef386738ccedd093d4d5bf3a3f790c875ba7449d03397642feb71100f2c25ab2cadf0b0802544a2095a51b19cdece623b17d420b173a99c081f8e229b6de3c680d6bb39bb98b479517d77cca581b81cf856753a44ebd64cff111fb8ca37ea45d217a3fca44a083e6c35b0fed9f8f7631178d15e88f86c85f1ce68c900afdd1f7e5b8bd4ef3f58c447b77d3befc49180df7a5eb2ae8ae33b4ef573f3a425da8a60cde84d8eeae6d6399b9fbbfa0fa8d448b25c7f79b7554d0b02b0decbc74ae8560f630af596313fb33d442a410061ace0aa7a440d5e31ca8bb2cc495c4f0b672edb011b0c5f16781836df7f4af8329143d5a1a99d7b18ef9f774c4199d635848cedebac82637a03a189c65bf667503737c75b6639ac65ad424ca475285437e6f19830b36549f607ffc387c8b11a34a838159376a6335afaa045bd2bb04e279dd72436331d07dfbd72e2436b27f0df23a266fd15cf56d1a9e93aaac8901cfe49a3219ae36c5c65c75e5c708fb82cac4d6a50726509ec3a7d32d54cf584ae353a5bff75a6de77a0b240cf8a0a72817c9d37699ca89c96e0e0d96a7665ac3a7d1febca1a1d79e2cbde8025c271360e2f90048b2d9fd56f45c013e001dad4b7785be69dc01f8a954ef7a84455986fc5c9d5167d91808efdb4476ed79f99563d887cfd4e99809d9e388501dea228cbb3cf3770082dc566455251fd9c2c742963c33500618c6ec99e0bef007408a0462a081237be4c6e5db0258d4be5fc9cf63fd1ace1f4166c053b0fb84fe24917da1255cf40bbb1b45644f6a7699cf802a35a932c374b1d62013e6afca3787627469994c02f622ab877ed5491fc2a89eea60e4e1628da89e3ad600ff6442e4ebf20e47304176b6a1703c094b3cf6d7fbbddd8d8fa5a00f28b4d8f43d88487e9d4531071512f2027198714a8d1cef126775547fc74f2a35840510f325e50361be76557767560055e084f2ecaefa0dd8ca8215301a7a887d2eaddaeb1f5c3dfdbd2cc1ba5f02d4426b98c0f861c5f724405758f442560ea6cd1d953456cc4aac6642ad61c03dbaffc2364d8ec2ef9f483c70355139d1fbd9617ab3c7eedf0b8963c1cfdab769180db43c416a90d9fdf3fd0eb2f81187642b4e2a09d6462d27527fdfda31f7b262501749dcfc6c184983f9923424131d05cc811cacf5c2c87e8e6f135349e68cde0e8997bf1dde248e5124d5dca2681abdbe58d327a8edd585821f03fdd4515728f1336495ba25c9bba56a3f706d60c35cbd0b40d0ac0583a981f9af08510ed8ed0a726e5472f8995af3837fbf1e89587633d2ef944868a153919165778e963710872af12faf96c0919c638e5affa97104471ba6e178d27602f96b9546ebe52190d91be245be08742b96389080676a566d3229e593e4f56a76ae4c58113c6adc1088703b1b92dafe32a5600e14ac1e71df829dfef425911f16a2b91f693599ecabf93065c6c4f5fefca8d4ed095599113529f65d9120d5252f577af95b404979508c343df54e4d239720e7d3a861f1dcabfa69e12d655c8a026c10a4df279b139fd222e561d205ac9b45c1054f8699eca594fb23886e0de565186597766dd5e40f74a423d5708dac254f4172f1089270988fb18715813f13ee4d131b64dd517c7e77f27f804b229f5339ac2f483b14739ac33a9645044d3010bd77ed18fb117f7b11bb51c4ed683b59e28bf25a58f123dfbeb1f0f21f03d9b57d8e61d59b311037a5b757b03ca5c95e0eb73922c6918530c99de4d6733640f2b8d13bebce31d4f5e27aab201101e48cde23a0d7e87b9511949d812e3187ee5ff11bc5858c022ed7b00790eba32f9ef7e134ce5f73a01269ca971b40e62133eca9d596a768686d6390b2c74602f6dc597faec3ed9d9658102d99c9624c1a97d00d63853578afaccc7e30a77fe054ebc23eec45f608f996fd015cd6bd50a111360f0790eff6ffb1ea59d13c8e29480bd96217188f97e53a1f5d9eae0a2badb4fea52f2bb4f8cb04d0afd99e7371a978a7d7ef473f77ea6738ff84af655313a12db24cff692ec7e282245ae9a42338db814593448f7115df3dc3f4e2faa2c2fdbd68f679d6aba01a15031347bb17d8bf8f1fad0ecf365e9dcd32e69803c5c05f4b47adbf8a21af7e9fb327f267df1c914486389a9820edf0a03bde6ef388c255761e439b2f7e1f9c1c3c95bd30c502197ab37f76b52f0d0675f366e919be19329853767bba34a540fb75bcdcc9596a4cda254a660e11bed5af9d8646ac4b7d6d7aa5d7c0005879b6d08058a56c3d3a4d3d401b883153fa7f2f6a6d34dd010f6b9e7b4e457b9ff5a5802d7723abb35f9dca0afc10f6791824dbe0a7725d534e7753445b7268d90145b6438b93fc475f44d5d678d79da6c5770f3a9106f3cffbabe4b88cbe7eda9b8a495be4f6717b0fbee6fec78c86031b6d878d47e357b2089de3e6dd19a265552553d1f7da53884ef84d0eebe782791c48a9c68a28d8ea3bb70c922b01dc20b2cd05cfb276e326651398f766f5faaea54a41da597cf6b50f3d5ebc634185b99069126b8d935c6bc42c47f2109de42091ef4ade3d87cc44aeb78709255501e64f34ac2d4b2725cf7777315f8ca9424bc9d61a896a93500faa6cf5a5aee1fb888e17b47a38a667be2ffa3bae46afa88bfd8b5b6e1186d6e41b9a4e490591043372c23f36fb48d80caff74cc349adc92bb25f701738c809ccf74c47afa193795ee67bc58ea7fd85542fa7e70218490fff212163401cfde016df2f42496bae403d5391e53fe200f758bbcdead0fe72c77861889b9632a257229c35bdfe8fa78375b4f5c768b9c60cafbde1f00aff6ca1879f6472f28001f5f13d4d9d6c3a90e04d8df09873550daa8262d39efbe96a79c697fbcc9a7f27c9f6d782d5d5f6d024b291376e9cc40d902f809072e1f0f2c2ab88ce3d074e88461f5971853e7be749943ab6e25e25e8afa5042dd73407f49b50841c7782c54eece62ec2beef1f16caf1ca5989427bd2726ca0fee33e303702e9892e4382e92c3f3a03a6188f39762db81819c7e12b424be8fd964dcdbfbac00139e8c5a6200506f13f484ac34ef3d26e7cadd53cf402117419c1618205bfa5382486094bd55448f2b1aa4dbec2289189b601b1bbf5792b2a641c6f5dd19cf24abc72fc5264cf11f6b44a4929267a02cd1de1b602b9de65a6c06640aa0f76109baa90d66eeb17295b1711365b7d6835a2dd55b7fe868c59453613240643c847a5b48d27897a58dda63e579c1bba58350550e147b190f0a2c9a5ce719d627ce3302028b4b6801bbfa8cd74874ffba35817c0eca034d19210950796807125fe6065dcd47d7c870ed2db5c00cff235e4154e2d89ec2a09a87551f9b7ca25d519b5603c0c33d2cf72878199ffab567fc5e093529b89d1163587f3564ba8291d2d96cf9762e7f568e786ea90849f6312c1a10f45d61600cd45c48e6870a7d76c913f9c4497374fc04401cbd11f7710740148234fe8f041f24d0278fcfd48846e6aa49f05016fc332dc5d46b4a26574fed5c0751cebb9f7ab4cdbc1ee011d82d6ef95c52c9df8eedac3ab5cf30805f23d88d4f707601f8e6c606b58f2fe234e948d6756d430a5c4ec76a33874886c8fb484059b47a9bd198a61a1896419288a9e81d0969dec778a53e8233f0f63bd0134e5f29825e7817e7c8ccb7d9acd8f86ac9d3af78c43df3036d7934dd294f2bb12063bee52c547d27a218145befb0ca96cbfaabd39fa245b51c39f4cd4cf8db105f9dc46a7aaa8f7d06fa208120ce1ac49326179618fa2c8596c44e174eb7a141056b1d17689c10dee089c8b0867b8a757ae12251bbd68db5fba2be341275fb6ee379309f5cde9b31242b0b2bac44da74776fac141936bd96e3177161f057c820a8c22cca8cce29b158eb55aed0260253fbee70a6dd281d9fca23e0b0a38d46c76a95e1262f1cafcf0fc37b52e649a1ba1e2c0f97d10bbf4d2b5632cf340bce56736071d5885ec9b4e17910744d3e63e2ca6deb21e43fc21e89c6865d3ad424ef4a14efe8843ff3168c99ee395400dcc8755719d290c567c95a5e7d28ec1190ceee240084d444265cc801cd960f69b368359bbf06b8a4ec23b47c7bf9d4b16c701a1c4fb9e81abb55bf49d450b566ce03de939fc6f5c51291380086f8c995cdd4fa15a325601c4846a69f15c77f55c900270bc9ea5f406480cb0e3e89bc869fe8b7cec4fbef7e76283d50c25ab1b4d34d093a7df062990a925a9c44aa2661abd7d381a4d6cdb64821ef624dd51b72e99af914bca2f80c25b82ac6945df7c7582e6d0ce2cd073e35f1fc120a68ba210410db64592a9aa319b30f2b818c495750e1cea0610e27d52be31e52e501a3bd51b501bc51c2ec8592f679b6e55b9aa58d513fd2bebadc83ba76eb45e5676f130193e9a666b8c8132c9f5141681fbab324b555c5c890d488ac2dd00feead0a20fbd8a46391438e3193edc6fb89161cd864fca98f4f39a2893c933dcd13bc8c5d5a548d24862e8161c0fad7f33aca8c86791d620815fe3f0daddb5defd933d0c10097a7a98e67625420b6c0db7c3e17ab07ea64e6f0f53fdc670799e06a2e3a871d6be363a2639e35339361311e0f528cc433eacea4f79bf217108c7b1d657840253ffdea18bdd1f93cdee63e7a9b8dbcb4ee06162b253e09ea0641f2771bd9823dd210905e9ea495f43194bb471cdeb690e8890b03b50835d53dde1b572dd123ccc8507bb57a45e46c0efb8fb3d5596bddf9782d86dd911636eae2cf64b5829cf8893faf789be3fa22859accf688f5b5da6c29cacc96d477e23b63cc934f685b6e42e1655c9a9b94d6d78402de22b8d9776e3915391aa258e57467d770d65480ba2f6a94b0337965a8c659c42b4e90b14da4697d0c0a6d74774c94c52d8ecb694eee747bdaa6c3a6d60739db18c6446090eebba72e62ab88b0e8b88e728ba8cb133d8524eda89a2bff1c8414da3edfa6f83788331c8a7e5a8af2dd3682d4752190a3c689949abdad8350111373e7fb46151f54a10f79d91940e37efb05f9f157bddcfacf018b65a38ab614807c34a2786af4a1d48c4d1c1abd31815715f9d1b103992207fc664f12c82fd923c57d8e7cfb9f4af55182318d055c704865cf484206d60e34cf7fe9b6ce60b1772c5c7cdacb6695227d80da18ec1f98a434b1aaf9c6b6d082f5663aed2bf267e559dca6b93d3ce34273846fc677f529690482df0a8f782b8ad7269f344f5f2b4d320a7ce2d2fa02284f8db634dc930c3e2b9a629245364acf35d41e9a14c88efde4e742ef1ea4b43d0caf2e70d4a617278823e6403934524debbd933e7676e441a48f630dc8bcccd55d9032d6bf3dea97d1669c39fb865b0e619eeb3f5461e517000f5aee3ef2abdb87d3a76b88e140eb4644a9fbddbdc9e20972cdfacf00bffa3a1ca5f84122c2ebc54067cdaa23967eaeb7bbbfe44e5843382b834fae1f62a066688595e4ee67c7ff9858672355abf7893ebeb4bcf88a62b2237c6e6cec9aebe3f28bfc310ced3a590e88d4bd0f53289206deb9addbf6f3c02115ce4980dadfc112683ae250c2d438fd9c0f2a090dbf122a0072828db798bdb868dcd47384dd3f5eeebc0307a5b268683cd51f312e8f02b5a7746b11a97ac43287d9b9765f03c720503cfe6e0117660a4c00d67895224c4d42b032000a10d7a743054758a8f54941fd5eaf72498b678d1579b3de4e5518f90f1e3d32517d09d7f5da9d180215e66218e9dd64036819cf12638ce82712a6cc79a9ddb36e86814b797d72c2bc58b18ba439e99965f745b4fb7de2878e3186e3e7b835c746b0935f6c67e92e3770bd8d5eb4f66d8175ceb7850e418c55e574db891639aa77fc62bc45dcb734681ede8484d4d4109a9adb8c3d00", 0x2000, &(0x7f0000000e40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)={0x20, 0x0, 0x0, {0x0, 0x9}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x24c01, 0x0) io_setup(0x202, &(0x7f0000000200)=0x0) io_submit(r3, 0x2, &(0x7f0000000780)=[&(0x7f0000000440)={0xfffffffe, 0x20011004, 0x4, 0x1, 0x0, r2, &(0x7f00000000c0)='!', 0xb7f40}]) dup3(r2, r0, 0x0) 9.275210602s ago: executing program 4 (id=2063): socketpair(0x1, 0x1, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001d40)=@base={0x12, 0x5, 0x4, 0x2}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r0}, &(0x7f0000000040), &(0x7f0000000140)}, 0x20) ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{0xa4}, {0x6}]}) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000600)={{r0}, &(0x7f0000000580)=0x2, &(0x7f00000005c0)}, 0x20) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000080)={r0, &(0x7f0000000040)}, 0x20) 9.149798375s ago: executing program 1 (id=2064): r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)=ANY=[@ANYRES8], 0x50) close(r0) bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48) setsockopt$inet6_IPV6_RTHDRDSTOPTS(0xffffffffffffffff, 0x29, 0x37, 0x0, 0x0) openat$nvram(0xffffffffffffff9c, 0x0, 0x8882, 0x0) r1 = socket$kcm(0x29, 0x5, 0x0) sendmmsg$inet(r1, 0x0, 0x0, 0x40) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_MAX_BURST(r2, 0x84, 0xc, &(0x7f00000005c0)=@assoc_value, &(0x7f0000000640)=0x8) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) syz_open_dev$sndmidi(&(0x7f0000000000), 0x80000001, 0x105501) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r4, 0x0, 0x4048841) recvmsg(r3, &(0x7f0000000840)={0x0, 0x0, 0x0}, 0x10001) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xfffffffffffffff6) r5 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8) r6 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r6, &(0x7f0000000240)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2c}}, 0x10) sendmmsg$inet(r6, &(0x7f0000003cc0)=[{{&(0x7f0000000140)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB="140000000000000000000000070000009404002042303c00"], 0x18}}], 0x1, 0x44008004) write$binfmt_misc(r6, &(0x7f0000000300), 0xfdef) ioctl$IOMMU_IOAS_COPY(0xffffffffffffffff, 0x3b83, 0x0) sendmsg$inet(r4, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f00000001c0)="04", 0x1}], 0x1}, 0x1) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x2, 0x8, &(0x7f0000000740)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 9.107016237s ago: executing program 4 (id=2065): bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bind$netlink(0xffffffffffffffff, 0x0, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) socket(0x10, 0x3, 0x0) fstat(0xffffffffffffffff, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r0, 0x89f3, &(0x7f0000000940)={'syztnl0\x00', &(0x7f0000000140)={'syztnl1\x00', 0x0, 0x8, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @loopback, @local}}}}) 8.388434361s ago: executing program 1 (id=2067): ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="19000000040000000400000008"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r0}, &(0x7f00000004c0), &(0x7f0000001c40)=r1}, 0x20) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r5) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB="14000000", @ANYRES16=r6, @ANYBLOB="796e00000000001346991fc5"], 0x14}}, 0x4000054) 8.246497194s ago: executing program 4 (id=2068): r0 = socket$inet6_udplite(0xa, 0x2, 0x88) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @local, 0x5}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000007e40)=[{{&(0x7f0000000340)={0xa, 0x4e20, 0x0, @dev}, 0x18, 0x0}}], 0x6c00, 0x48) 8.243903361s ago: executing program 5 (id=2069): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0x13, &(0x7f0000000680)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000040000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41002, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f0000000180)='sys_enter\x00', r0}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000008fd8850000000400000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kmem_cache_free\x00', r1}, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x107042, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x60142, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000180)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000001400000008000f00fc00000018000180140002006e657464657673696d300000000000000800060000fcffff08000900fc000000080011000700000008000e00800000000800", @ANYRES64=r3], 0x5c}, 0x1, 0x0, 0x0, 0x4000800}, 0x88010) 8.193377067s ago: executing program 3 (id=2070): socketpair(0x1, 0x3, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={0x0, r1}, 0x18) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), 0xffffffffffffffff) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000018c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=@bridge_delneigh={0x28, 0x1e, 0x1, 0x0, 0x0, {0x7, 0x0, 0x0, r2, 0x0, 0x2}, [@NDA_LLADDR={0xa}]}, 0x28}}, 0x0) socket$nl_route(0x10, 0x3, 0x0) madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) arch_prctl$ARCH_MAP_VDSO_64(0x2003, 0x80000001) 7.993767667s ago: executing program 4 (id=2071): r0 = socket$phonet_pipe(0x23, 0x5, 0x2) connect$phonet_pipe(r0, 0x0, 0x0) r1 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000380)='/dev/comedi4\x00', 0x8000, 0x0) ioctl$COMEDI_CHANINFO(r1, 0x80306403, &(0x7f0000000040)={0x1000, 0x0, 0x0, 0x0}) socketpair(0x1, 0x805, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) sendmsg$unix(r2, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000040}, 0x40) sendmsg$BATADV_CMD_GET_HARDIF(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={0x0}, 0x1, 0x0, 0x0, 0x20000000}, 0x8000) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) pipe2$9p(&(0x7f0000000400), 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_PIT2(r4, 0x4040ae77, &(0x7f0000000280)={0x7}) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$SNDRV_TIMER_IOCTL_GSTATUS(0xffffffffffffffff, 0xc0505405, &(0x7f0000000000)={{0xffffffffffffffff, 0x0, 0x9}, 0x3}) syz_kvm_setup_cpu$x86(r4, r5, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f00000000c0)="af3e64f08189ef001601ba6100ec0f2264ba4100b80600ef660f38351d0f212666b94006000066b80000010066ba000000000f300f211a2e0f013c", 0x3b}], 0x1, 0xe, 0x0, 0x0) ioctl$TIOCSSOFTCAR(0xffffffffffffffff, 0x541a, &(0x7f0000000040)=0x3ff) socket$nl_route(0x10, 0x3, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000500)="b8010000000f01c10f22a10f20e035800000000f22e066ba610066b80a0066ef66b832000f00d0b8010000000f01c166ba4300b0beee0f793c1e2e643e2e3e650f79288fc878c15b0e3f", 0x4a}], 0x1, 0x21, 0x0, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) setsockopt$MRT_INIT(0xffffffffffffffff, 0x0, 0xc8, &(0x7f0000003d40), 0x4) setsockopt$MRT_ADD_VIF(0xffffffffffffffff, 0x0, 0xca, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, @vifc_lcl_addr=@local, @dev}, 0x10) r6 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_mreq(r6, 0x0, 0x23, &(0x7f0000000000)={@multicast1=0xe0000300, @local}, 0x8) syz_emit_ethernet(0x3e, &(0x7f0000000140)={@local, @remote, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x20, 0xfc, 0x2, 0x0, @rand_addr=0x64010102, @multicast1=0xe0000300}, @dest_unreach={0x3, 0x6, 0x0, 0x0, 0xfa, 0x9, {0x5, 0x4, 0x0, 0x3d, 0xfff6, 0x65, 0x5, 0x5, 0x4, 0x3, @rand_addr=0x64010102, @local}}}}}}, 0x0) r7 = socket$igmp(0x2, 0x3, 0x2) syz_emit_ethernet(0x2a, &(0x7f00000001c0)={@local, @remote, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x20, 0xdc, 0x2, 0x0, @rand_addr=0x1c, @multicast1=0xe0000300}, @echo_reply={0x0, 0x0, 0x0, 0x67, 0x5}}}}}, 0x0) setsockopt$MRT_ADD_MFC_PROXY(r7, 0x0, 0xd2, &(0x7f00000000c0)={@multicast1=0x64010102, @multicast2, 0x1, "8a79348df05f496d0420922f45a71c1daa8b630468cd140526c41ef8d3a4a422", 0x3, 0x1, 0x85}, 0x3c) 7.774249997s ago: executing program 5 (id=2072): r0 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x80044940, &(0x7f0000001fc0)) r1 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$IMADDTIMER(r0, 0x80044940, &(0x7f00000000c0)=0x14) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000060000"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r2, 0x0, 0xd}, 0x18) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r4 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r4) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(camellia)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5910fae9d6dcd3292ea54c7b6ef915d564c90c2", 0x17) r6 = accept4(r5, 0x0, 0x0, 0x0) sendmsg$nl_route_sched_retired(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000003100)=@newtaction={0xacc, 0x30, 0x800, 0x70bd2a, 0x25dfdbfc, {}, [{0x914, 0x1, [@m_ipt={0x278, 0x17, 0x0, 0x0, {{0x8}, {0x1bc, 0x2, 0x0, 0x1, [@TCA_IPT_TARG={0xf1, 0x6, {0x0, 'raw\x00', 0xe, 0xb3, "01df771ed4aa468d466490bb6d3a762752b0276450737133d354ea68c13a92efe99064741e04d8a20e194e30a60295d386bccda0f3007979597e6d03b954a8f914ba7b899f16c20d6d72edd9b6f52db88f3ba2e308499f6252662a51fa4b12868b58f75e27ec9103b8068b9b811e21bd2aa37e31ee1bb8e60ecb8155c8e19ea1c7fdbb9aa819059c61aa86c434a7c8da18ab573d7585bec9c1d4494956d182e7b35a526fd48659ab60beb8f339651c715661a36a876cce3dd7a98863f318caef99752c65346980"}}, @TCA_IPT_TABLE={0x24, 0x1, 'filter\x00'}, @TCA_IPT_HOOK={0x8, 0x2, 0x2}, @TCA_IPT_TABLE={0x24, 0x1, 'nat\x00'}, @TCA_IPT_TABLE={0x24, 0x1, 'mangle\x00'}, @TCA_IPT_TARG={0x3d, 0x6, {0xff3b, 'nat\x00', 0x6a, 0xfff, "ec6c358b1b02688c45d6891b8d39befc710e9c"}}, @TCA_IPT_INDEX={0x8, 0x3, 0x3ff}, @TCA_IPT_HOOK={0x8}]}, {0x95, 0x6, "33c428b1016ea0e62b6c917780554ec63a01a7382016d430730d1158d5469fa35f73d351ec348637d292a8c8699738644c304a14a0ca2e2c1422d9493ae361a88a61e76022334cc9eff1d9b15acf815ab9bf490688724773d3775e92953306fa3923bf0b3eb78ed4c4e43760fb360a12727f0000004fe4c5639595b4ce1706ccb85c9b5872240c31834297cfb06b7eaaa1"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}, @m_ipt={0x17c, 0x11, 0x0, 0x0, {{0x8}, {0xf0, 0x2, 0x0, 0x1, [@TCA_IPT_TARG={0xb5, 0x6, {0x7, 'mangle\x00', 0x4, 0x7, "852c07967e4bde8acbdebf709c7f67b435415e9fad5eed399218069c30b3db399d5bdbdffc09aa13d6aef79a3360cf4b7d5e8a92b817394560aba652eb4e4ec31470dd9b8becbf6cad6f3328aec2ac14541a30a5f89f2a6e60534a70c1deccc519f73984d6d2ae8b9fe17278f03e9f60e876c3b1fc1ef49873f24bd44137256bfd0a27e100d2162e3f7b17"}}, @TCA_IPT_HOOK={0x8, 0x2, 0x5}, @TCA_IPT_HOOK={0x8, 0x2, 0x2}, @TCA_IPT_TABLE={0x24, 0x1, 'nat\x00'}]}, {0x65, 0x6, "195244b493b69a109e343c48236a318aa067ccccb2000506f4e63246fce6276de9355aae82ccf014b3a51009a53cc597e7eec180e252560262d28e1340152b8389fc3dcbd1c60cbef5aa738a80d9582b7bf553a33208654c9b7b642eb56b8a9716"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x2, 0x3}}}}, @m_ipt={0x154, 0x17, 0x0, 0x0, {{0x8}, {0xa4, 0x2, 0x0, 0x1, [@TCA_IPT_INDEX={0x8, 0x3, 0x7}, @TCA_IPT_TABLE={0x24, 0x1, 'security\x00'}, @TCA_IPT_TABLE={0x24, 0x1, 'raw\x00'}, @TCA_IPT_TABLE={0x24, 0x1, 'mangle\x00'}, @TCA_IPT_TABLE={0x24, 0x1, 'raw\x00'}, @TCA_IPT_INDEX={0x8, 0x3, 0x4}]}, {0x89, 0x6, "828d51b8c024f3ba75276291fd744bf1d83ac94c40f59c2d7aabe5cffe85cb1235f3e723c7a0ca6f1a15a0e38afac0bc7115796816162cbc6d09aea501ff36a46772ec7a3aa4d7c60363ff8f0eeda2f3eb8c435fb1d254244779da6c44c5dc30ed21a60df465ec395bc4d898dc7104dc47d809383d1d5431371c66f76842e2571bf73ce597"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x2, 0x1}}}}, @m_ipt={0x114, 0x3, 0x0, 0x0, {{0x8}, {0x78, 0x2, 0x0, 0x1, [@TCA_IPT_HOOK={0x8, 0x2, 0x1}, @TCA_IPT_TARG={0x69, 0x6, {0x3, 'security\x00', 0x84, 0x8, "cf8102ab12c6b2198a413eaa65607ab7ca51ab206bef3fe70b20aa2e7aacfa341b2d9158773430366e3a48eb70679ab8b9759ebcd3b2636776df09c3eb7702"}}]}, {0x75, 0x6, "1d4af027bf39e92f2bc3b16061477612108c4de6dbb9dbc37f978e20a11849888f1cfa0d69961cc5b133c25b0a606d867918fd28cefd9936cea3c502ba83dbc878d09708660761105b2cb89c15f4eb2ff9ca07aba60aef01aab6097fa30bc52f5c31cbba441df32848abb9344a809a2a4c"}, {0xc}, {0xc, 0x8, {0x2, 0x1}}}}, @m_ipt={0x134, 0x11, 0x0, 0x0, {{0x8}, {0xd8, 0x2, 0x0, 0x1, [@TCA_IPT_TARG={0xd4, 0x6, {0x2, 'mangle\x00', 0x1, 0x1, "26b28bee405c084d7d3004660f6902208128531e54ab5a1819783607be3e2e463fc401b2d641a72c11f6aea69efbc1dac1e8f34f762cbc8ee0231ffeebcb773de1e20df7f65c7029200a9570577fe540733523b10491dc5fda6c0091603360fb1b6019648c7b5ef50f8741b6670963cc5d8533f50c4a2cfbeda3e0ed5070ab41e44997bdda4c34c11413cb846041ef4060b9cb71e527a7dd8e4efb7877f6f37b7cd8648d2d22911f9fbf"}}]}, {0x35, 0x6, "e7ba22f1ebc93a7960461c2acdaf1da6af842571f14f3b0700806b225899f9ba581b6cc401693affa591693a24cad555ae"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x2}}}}, @m_ipt={0x64, 0x20, 0x0, 0x0, {{0x8}, {0x28, 0x2, 0x0, 0x1, [@TCA_IPT_TABLE={0x24, 0x1, 'raw\x00'}]}, {0x15, 0x6, "a0f801aae36e077609a01908bc70dd5a7c"}, {0xc}, {0xc, 0x8, {0x2, 0x2}}}}, @m_ipt={0x11c, 0x20, 0x0, 0x0, {{0x8}, {0x6c, 0x2, 0x0, 0x1, [@TCA_IPT_TARG={0x55, 0x6, {0xfffa, 'nat\x00', 0x4, 0x8, "b112d50939750fa56623826275793a59f694cdc8bda79320bfe1d4c8997abe43daace6790afb2937cfb2e0"}}, @TCA_IPT_INDEX={0x8, 0x3, 0x6}, @TCA_IPT_INDEX={0x8, 0x3, 0x6062ae06}]}, {0x89, 0x6, "080f497fef56763eb14339e04d8880b35d4fcb1f3ccd5757021fa31ef38a7d4c8fca4f32d5757fdee1a2aceaaeb6abdad810154a059435c356867b27c8df5015f90bffb81405bdefffef46fede1a8038897bb9fd967f32f04f15a8596894786759dc20093ddbffb2158f5c0591205638b11d518d459f3137f1349ab013b3b5732e45d6b45f"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1, 0x97dd299ab8dc81d}}}}]}, {0x44, 0x1, [@m_ipt={0x40, 0x3, 0x0, 0x0, {{0x8}, {0x4}, {0x15, 0x6, "e2ebd2e0185a4d308803e9306ec5d2b0e6"}, {0xc}, {0xc, 0x8, {0x1, 0x3}}}}]}, {0x160, 0x1, [@m_ipt={0xf8, 0x6, 0x0, 0x0, {{0x8}, {0x28, 0x2, 0x0, 0x1, [@TCA_IPT_TABLE={0x24, 0x1, 'raw\x00'}]}, {0xa9, 0x6, "f5fcf6c5d281ac07391f35700b5786a70ee288211391aef6ec3378d7dd4a7c7445b8d3046ec059dd382a214deedda165d8663d562a47b1afb15557c5ceab4960c0442cc36ea1e65aa9650e7ac2c900fbb08da34b73b6b699463a47761daa69afd529deea7f5c97d3f950af23793139f4c0c3cea503bb9a23d2f7677c9bf150e350defce66ec3eccbaabb1e8f7fe7c49b9e91ecca113edb7f81da88a113c1065219a1d6062e"}, {0xc}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ipt={0x64, 0x1a, 0x0, 0x0, {{0x8}, {0x4}, {0x3b, 0x6, "4b6275823d714c9413915317da89818cb9f96e8938cf5d91ef0ce403d55fc9bdc74a0a5b88653980ed0af5c857ee3a0361bfe072c3d9c7"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x0, 0x3}}}}]}]}, 0xacc}}, 0x4008800) recvmmsg$unix(r6, &(0x7f0000000e00), 0x0, 0x0, 0x0) sendmmsg$inet6(r6, &(0x7f0000004d00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x10) r7 = socket(0x40000000015, 0x5, 0x0) socket$rxrpc(0x21, 0x2, 0x2) r8 = syz_init_net_socket$x25(0x9, 0x5, 0x0) ioctl$SIOCX25SDTEFACILITIES(r8, 0x8918, 0x0) r9 = socket$rxrpc(0x21, 0x2, 0x2) bind$rxrpc(r9, &(0x7f0000000080)=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x4e20, 0x0, @dev={0xfe, 0x80, '\x00', 0x17}}}, 0x24) bind$inet6(r7, &(0x7f00000003c0)={0xa, 0x0, 0x0, @mcast1, 0xfffffffd}, 0x1c) sendto$inet(r1, 0x0, 0x0, 0x20000800, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10) readv(r0, &(0x7f0000000380)=[{&(0x7f0000000440)=""/162, 0xa2}], 0x1) 7.215494869s ago: executing program 1 (id=2073): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, 0x0) r2 = syz_init_net_socket$ax25(0x3, 0x5, 0xc4) ioctl$sock_inet_SIOCGIFADDR(r2, 0x8915, 0x0) 6.473440395s ago: executing program 0 (id=2074): r0 = socket$kcm(0x29, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000340)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, &(0x7f0000000440)={0x6, @local, 0x0, 0x3, 'lblc\x00', 0x4}, 0x2c) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=ANY=[@ANYBLOB="140000001000010000000000000000000a00000a140000001100010000000000000000000000000a4e71f41a59f84bf45e43e9022b5e2c065ff1eb98995a13992eeff675378b76e3a189a3a9b30ab18d89ec16f57ccdb69370733e384898d53c552f538046804c77098663ec578c31b1510a923455592ca7bcf0ce8fff238550a4a010d4d66a557eb5ff2c0754e4f0cb9d6d1e4859c40bf04fdb5d77cffdab05f94d1d01b86a23d226e123099659b52c17a9689957bbba362cb3e94b0b130fb139ffc487f713f0ea3889c1d67f18234497b897908aee303f285ca04fcea8c4872b7492f0db2ae9c1dc9c91aa1dc570cd4eee6205888e3d7b9e2b21d42de44472eba620ba1f2872e5d0bb1310cfb4859792ba"], 0x28}}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) mkdir(&(0x7f0000000200)='./file1\x00', 0x140) setsockopt$inet_MCAST_MSFILTER(0xffffffffffffffff, 0x0, 0x30, &(0x7f0000000a40)=ANY=[@ANYBLOB="000000000000000002004e24e000000100000000000000000000000000000000000000000000000000000000000000001b00"/144], 0x90) r3 = socket$nl_crypto(0x10, 0x3, 0x15) sendmsg$netlink(r3, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000280), 0x0, 0x0, 0x0, 0x4041}, 0x4) r4 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)}, 0x0) r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000002540), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x106}}, 0x20) write$RDMA_USER_CM_CMD_QUERY(r5, &(0x7f0000000000)={0x13, 0x10, 0xfa00, {&(0x7f00000003c0), r6, 0x2}}, 0x18) r7 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ff1000/0xf000)=nil, 0xf000, 0x100000a, 0x32, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0x3bf4, &(0x7f0000000700)={0x0, 0x8da6, 0x4200, 0x0, 0x3f}, &(0x7f0000001dc0), &(0x7f0000000100)=0x0) syz_io_uring_submit(r7, r8, &(0x7f0000001e40)=@IORING_OP_POLL_ADD={0x6, 0x70, 0x0, @fd_index=0x6, 0x0, 0x0, 0x0, {0x40}, 0x7073d652ec901ab0}) r9 = socket$kcm(0x2b, 0x1, 0x0) close(r9) socket$inet6_tcp(0xa, 0x1, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="1200000004000000080000000b"], 0x48) setsockopt$sock_attach_bpf(r0, 0x1, 0xd, &(0x7f0000000080), 0x2cb) 6.225373258s ago: executing program 4 (id=2075): socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r1}, &(0x7f0000000040), &(0x7f0000000140)=r0}, 0x20) ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{0xa4}, {0x6}]}) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000600)={{r1}, &(0x7f0000000580)=0x2, &(0x7f00000005c0)=r0}, 0x20) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000080)={r1, &(0x7f0000000040)}, 0x20) 6.169775848s ago: executing program 5 (id=2076): r0 = syz_open_dev$usbmon(&(0x7f0000000040), 0xe578, 0x4102) ioctl$F2FS_IOC_GET_COMPRESS_BLOCKS(r0, 0x8008f511, 0x0) syz_io_uring_setup(0x2380, &(0x7f0000000180)={0x0, 0x8000000, 0x400}, &(0x7f0000000380), &(0x7f0000000000)) r1 = syz_io_uring_setup(0x497, &(0x7f0000000180)={0x0, 0x38a8, 0x80, 0x4, 0x1e3}, &(0x7f0000000340)=0x0, &(0x7f0000000600)=0x0) io_uring_register$IORING_REGISTER_PBUF_RING(r1, 0x16, &(0x7f0000000040)={&(0x7f0000001000)={[{0x0, 0x0, 0x3, 0xf4}]}, 0x1, 0x7}, 0x1) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) r4 = socket$inet_mptcp(0x2, 0x1, 0x106) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x20, 0x0, r4, 0x0, 0x0, 0x0, 0x322, 0x1, {0x1}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) r5 = getpid() sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r6, &(0x7f0000000480)=@abs={0x0, 0x0, 0x8004e24}, 0x6e) sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000e8ffff05850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a00)={&(0x7f0000000d00)='sched_switch\x00', r8}, 0x10) bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000010240), 0x5a) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) io_uring_enter(r1, 0x3516, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x4, 0x8b}, 0x0) socket$inet_smc(0x2b, 0x1, 0x0) 5.453382483s ago: executing program 4 (id=2077): r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x1, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) io_setup(0x6, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, 0x0) sendmsg$NL80211_CMD_VENDOR(r5, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)={0x28, r4, 0x701, 0x0, 0x25dfdbfc, {{}, {@void, @val={0x8}, @val={0xc, 0x99, {0x8, 0x2c}}}}}, 0x28}}, 0x40) 5.043454363s ago: executing program 3 (id=2078): r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)=ANY=[@ANYRES8], 0x50) close(r0) bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48) setsockopt$inet6_IPV6_RTHDRDSTOPTS(0xffffffffffffffff, 0x29, 0x37, 0x0, 0x0) openat$nvram(0xffffffffffffff9c, 0x0, 0x8882, 0x0) r1 = socket$kcm(0x29, 0x5, 0x0) sendmmsg$inet(r1, 0x0, 0x0, 0x40) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_MAX_BURST(r2, 0x84, 0xc, &(0x7f00000005c0)=@assoc_value, &(0x7f0000000640)=0x8) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) syz_open_dev$sndmidi(&(0x7f0000000000), 0x80000001, 0x105501) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r4, 0x0, 0x4048841) recvmsg(r3, &(0x7f0000000840)={0x0, 0x0, 0x0}, 0x10001) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r5 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8) r6 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r6, &(0x7f0000000240)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2c}}, 0x10) sendmmsg$inet(r6, &(0x7f0000003cc0)=[{{&(0x7f0000000140)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB="140000000000000000000000070000009404002042303c00"], 0x18}}], 0x1, 0x44008004) write$binfmt_misc(r6, &(0x7f0000000300), 0xfdef) ioctl$IOMMU_IOAS_COPY(0xffffffffffffffff, 0x3b83, 0x0) sendmsg$inet(r4, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f00000001c0)="04", 0x1}], 0x1}, 0x1) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x2, 0x8, &(0x7f0000000740)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 4.737669762s ago: executing program 0 (id=2079): unshare(0x24060400) r0 = getpid() r1 = syz_pidfd_open(r0, 0x0) ioctl$EXT4_IOC_MIGRATE(r1, 0xff09) 4.005986023s ago: executing program 3 (id=2080): socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8d}, 0x0) syz_open_dev$sndctrl(&(0x7f0000000000), 0x2000000000020000, 0xa00) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8002, 0x0) read$msr(r0, &(0x7f0000019540)=""/102400, 0x19000) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000000500)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x10000}, {{0x18, 0x1, 0x1, 0x0, r2}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x6, 0x0, 0xb, 0x9, 0x0, 0x0, 0x8000000}, {0x3, 0x3, 0x6, 0xa, 0xa, 0xfff8, 0xa0}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {0x7, 0x0, 0xc}, {0x18, 0x2, 0x2, 0x0, r1}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000001140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 3.902526901s ago: executing program 0 (id=2081): r0 = socket$inet6_udplite(0xa, 0x2, 0x88) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @local, 0x5}, 0x1c) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) ioctl$sock_bt_hci(0xffffffffffffffff, 0x400448c9, 0x0) sendmmsg$inet6(r0, &(0x7f0000007e40)=[{{&(0x7f0000000340)={0xa, 0x4e20, 0x0, @dev}, 0x18, 0x0}}], 0x6c00, 0x48) 3.23431284s ago: executing program 5 (id=2082): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0x13, &(0x7f0000000680)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000040000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41002, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f0000000180)='sys_enter\x00', r0}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000008fd8850000000400000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kmem_cache_free\x00', r1}, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x107042, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x60142, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000180)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000001400000008000f00fc00000018000180140002006e657464657673696d300000000000000800060000fcffff08000900fc000000080011000700000008000e00800000000800", @ANYRES64=r3], 0x5c}, 0x1, 0x0, 0x0, 0x4000800}, 0x88010) 2.454044349s ago: executing program 0 (id=2083): openat$cachefiles(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) creat(&(0x7f00000002c0)='./file0\x00', 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, 0x0, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r1, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)=[0x7], 0x0, 0x0, 0xff8e}}, 0x40) 2.433214491s ago: executing program 3 (id=2084): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="700200001300290a000000000000000007000000", @ANYRES32, @ANYBLOB="000000000000000010010c8013000c800ca3488008000000000000000800038064001d80050006"], 0x270}, 0x1, 0x0, 0x0, 0x20008014}, 0x4) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000bc0), r0) sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB="d0000000", @ANYRES16=r1, @ANYBLOB="010000000000000000000100000008000100000000000400048008000c8004000b800800020001000000a00008801c000780080077144ebb00"], 0xd0}}, 0x0) 2.241866862s ago: executing program 5 (id=2085): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_open_dev$sg(0x0, 0x0, 0x802) r1 = syz_io_uring_setup(0x233, &(0x7f0000000280)={0x0, 0x0, 0x10100}, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, 0x2}) io_uring_enter(r1, 0x7a98, 0x0, 0x0, 0x0, 0x0) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x24, 0x0, 0x0) write$USERIO_CMD_SET_PORT_TYPE(0xffffffffffffffff, &(0x7f0000000040)={0x1, 0x6}, 0x2) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0xfa}, 0x2) write$binfmt_script(r0, &(0x7f0000000200), 0xfffffd9d) 2.107299901s ago: executing program 3 (id=2086): r0 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x80044940, &(0x7f0000001fc0)) r1 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$IMADDTIMER(r0, 0x80044940, &(0x7f00000000c0)=0x14) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000060000"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r2, 0x0, 0xd}, 0x18) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r4 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r4) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(camellia)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5910fae9d6dcd3292ea54c7b6ef915d564c90c2", 0x17) r6 = accept4(r5, 0x0, 0x0, 0x0) sendmsg$nl_route_sched_retired(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000003100)=@newtaction={0xacc, 0x30, 0x800, 0x70bd2a, 0x25dfdbfc, {}, [{0x914, 0x1, [@m_ipt={0x278, 0x17, 0x0, 0x0, {{0x8}, {0x1bc, 0x2, 0x0, 0x1, [@TCA_IPT_TARG={0xf1, 0x6, {0x0, 'raw\x00', 0xe, 0xb3, "01df771ed4aa468d466490bb6d3a762752b0276450737133d354ea68c13a92efe99064741e04d8a20e194e30a60295d386bccda0f3007979597e6d03b954a8f914ba7b899f16c20d6d72edd9b6f52db88f3ba2e308499f6252662a51fa4b12868b58f75e27ec9103b8068b9b811e21bd2aa37e31ee1bb8e60ecb8155c8e19ea1c7fdbb9aa819059c61aa86c434a7c8da18ab573d7585bec9c1d4494956d182e7b35a526fd48659ab60beb8f339651c715661a36a876cce3dd7a98863f318caef99752c65346980"}}, @TCA_IPT_TABLE={0x24, 0x1, 'filter\x00'}, @TCA_IPT_HOOK={0x8, 0x2, 0x2}, @TCA_IPT_TABLE={0x24, 0x1, 'nat\x00'}, @TCA_IPT_TABLE={0x24, 0x1, 'mangle\x00'}, @TCA_IPT_TARG={0x3d, 0x6, {0xff3b, 'nat\x00', 0x6a, 0xfff, "ec6c358b1b02688c45d6891b8d39befc710e9c"}}, @TCA_IPT_INDEX={0x8, 0x3, 0x3ff}, @TCA_IPT_HOOK={0x8}]}, {0x95, 0x6, "33c428b1016ea0e62b6c917780554ec63a01a7382016d430730d1158d5469fa35f73d351ec348637d292a8c8699738644c304a14a0ca2e2c1422d9493ae361a88a61e76022334cc9eff1d9b15acf815ab9bf490688724773d3775e92953306fa3923bf0b3eb78ed4c4e43760fb360a12727f0000004fe4c5639595b4ce1706ccb85c9b5872240c31834297cfb06b7eaaa1"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}, @m_ipt={0x17c, 0x11, 0x0, 0x0, {{0x8}, {0xf0, 0x2, 0x0, 0x1, [@TCA_IPT_TARG={0xb5, 0x6, {0x7, 'mangle\x00', 0x4, 0x7, "852c07967e4bde8acbdebf709c7f67b435415e9fad5eed399218069c30b3db399d5bdbdffc09aa13d6aef79a3360cf4b7d5e8a92b817394560aba652eb4e4ec31470dd9b8becbf6cad6f3328aec2ac14541a30a5f89f2a6e60534a70c1deccc519f73984d6d2ae8b9fe17278f03e9f60e876c3b1fc1ef49873f24bd44137256bfd0a27e100d2162e3f7b17"}}, @TCA_IPT_HOOK={0x8, 0x2, 0x5}, @TCA_IPT_HOOK={0x8, 0x2, 0x2}, @TCA_IPT_TABLE={0x24, 0x1, 'nat\x00'}]}, {0x65, 0x6, "195244b493b69a109e343c48236a318aa067ccccb2000506f4e63246fce6276de9355aae82ccf014b3a51009a53cc597e7eec180e252560262d28e1340152b8389fc3dcbd1c60cbef5aa738a80d9582b7bf553a33208654c9b7b642eb56b8a9716"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x2, 0x3}}}}, @m_ipt={0x154, 0x17, 0x0, 0x0, {{0x8}, {0xa4, 0x2, 0x0, 0x1, [@TCA_IPT_INDEX={0x8, 0x3, 0x7}, @TCA_IPT_TABLE={0x24, 0x1, 'security\x00'}, @TCA_IPT_TABLE={0x24, 0x1, 'raw\x00'}, @TCA_IPT_TABLE={0x24, 0x1, 'mangle\x00'}, @TCA_IPT_TABLE={0x24, 0x1, 'raw\x00'}, @TCA_IPT_INDEX={0x8, 0x3, 0x4}]}, {0x89, 0x6, "828d51b8c024f3ba75276291fd744bf1d83ac94c40f59c2d7aabe5cffe85cb1235f3e723c7a0ca6f1a15a0e38afac0bc7115796816162cbc6d09aea501ff36a46772ec7a3aa4d7c60363ff8f0eeda2f3eb8c435fb1d254244779da6c44c5dc30ed21a60df465ec395bc4d898dc7104dc47d809383d1d5431371c66f76842e2571bf73ce597"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x2, 0x1}}}}, @m_ipt={0x114, 0x3, 0x0, 0x0, {{0x8}, {0x78, 0x2, 0x0, 0x1, [@TCA_IPT_HOOK={0x8, 0x2, 0x1}, @TCA_IPT_TARG={0x69, 0x6, {0x3, 'security\x00', 0x84, 0x8, "cf8102ab12c6b2198a413eaa65607ab7ca51ab206bef3fe70b20aa2e7aacfa341b2d9158773430366e3a48eb70679ab8b9759ebcd3b2636776df09c3eb7702"}}]}, {0x75, 0x6, "1d4af027bf39e92f2bc3b16061477612108c4de6dbb9dbc37f978e20a11849888f1cfa0d69961cc5b133c25b0a606d867918fd28cefd9936cea3c502ba83dbc878d09708660761105b2cb89c15f4eb2ff9ca07aba60aef01aab6097fa30bc52f5c31cbba441df32848abb9344a809a2a4c"}, {0xc}, {0xc, 0x8, {0x2, 0x1}}}}, @m_ipt={0x134, 0x11, 0x0, 0x0, {{0x8}, {0xd8, 0x2, 0x0, 0x1, [@TCA_IPT_TARG={0xd4, 0x6, {0x2, 'mangle\x00', 0x1, 0x1, "26b28bee405c084d7d3004660f6902208128531e54ab5a1819783607be3e2e463fc401b2d641a72c11f6aea69efbc1dac1e8f34f762cbc8ee0231ffeebcb773de1e20df7f65c7029200a9570577fe540733523b10491dc5fda6c0091603360fb1b6019648c7b5ef50f8741b6670963cc5d8533f50c4a2cfbeda3e0ed5070ab41e44997bdda4c34c11413cb846041ef4060b9cb71e527a7dd8e4efb7877f6f37b7cd8648d2d22911f9fbf"}}]}, {0x35, 0x6, "e7ba22f1ebc93a7960461c2acdaf1da6af842571f14f3b0700806b225899f9ba581b6cc401693affa591693a24cad555ae"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x2}}}}, @m_ipt={0x64, 0x20, 0x0, 0x0, {{0x8}, {0x28, 0x2, 0x0, 0x1, [@TCA_IPT_TABLE={0x24, 0x1, 'raw\x00'}]}, {0x15, 0x6, "a0f801aae36e077609a01908bc70dd5a7c"}, {0xc}, {0xc, 0x8, {0x2, 0x2}}}}, @m_ipt={0x11c, 0x20, 0x0, 0x0, {{0x8}, {0x6c, 0x2, 0x0, 0x1, [@TCA_IPT_TARG={0x55, 0x6, {0xfffa, 'nat\x00', 0x4, 0x8, "b112d50939750fa56623826275793a59f694cdc8bda79320bfe1d4c8997abe43daace6790afb2937cfb2e0"}}, @TCA_IPT_INDEX={0x8, 0x3, 0x6}, @TCA_IPT_INDEX={0x8, 0x3, 0x6062ae06}]}, {0x89, 0x6, "080f497fef56763eb14339e04d8880b35d4fcb1f3ccd5757021fa31ef38a7d4c8fca4f32d5757fdee1a2aceaaeb6abdad810154a059435c356867b27c8df5015f90bffb81405bdefffef46fede1a8038897bb9fd967f32f04f15a8596894786759dc20093ddbffb2158f5c0591205638b11d518d459f3137f1349ab013b3b5732e45d6b45f"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1, 0x97dd299ab8dc81d}}}}]}, {0x44, 0x1, [@m_ipt={0x40, 0x3, 0x0, 0x0, {{0x8}, {0x4}, {0x15, 0x6, "e2ebd2e0185a4d308803e9306ec5d2b0e6"}, {0xc}, {0xc, 0x8, {0x1, 0x3}}}}]}, {0x160, 0x1, [@m_ipt={0xf8, 0x6, 0x0, 0x0, {{0x8}, {0x28, 0x2, 0x0, 0x1, [@TCA_IPT_TABLE={0x24, 0x1, 'raw\x00'}]}, {0xa9, 0x6, "f5fcf6c5d281ac07391f35700b5786a70ee288211391aef6ec3378d7dd4a7c7445b8d3046ec059dd382a214deedda165d8663d562a47b1afb15557c5ceab4960c0442cc36ea1e65aa9650e7ac2c900fbb08da34b73b6b699463a47761daa69afd529deea7f5c97d3f950af23793139f4c0c3cea503bb9a23d2f7677c9bf150e350defce66ec3eccbaabb1e8f7fe7c49b9e91ecca113edb7f81da88a113c1065219a1d6062e"}, {0xc}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ipt={0x64, 0x1a, 0x0, 0x0, {{0x8}, {0x4}, {0x3b, 0x6, "4b6275823d714c9413915317da89818cb9f96e8938cf5d91ef0ce403d55fc9bdc74a0a5b88653980ed0af5c857ee3a0361bfe072c3d9c7"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x0, 0x3}}}}]}]}, 0xacc}}, 0x4008800) recvmmsg$unix(r6, &(0x7f0000000e00), 0x0, 0x0, 0x0) sendmmsg$inet6(r6, &(0x7f0000004d00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x10) r7 = socket(0x40000000015, 0x5, 0x0) socket$rxrpc(0x21, 0x2, 0x2) r8 = syz_init_net_socket$x25(0x9, 0x5, 0x0) ioctl$SIOCX25SDTEFACILITIES(r8, 0x8918, 0x0) r9 = socket$rxrpc(0x21, 0x2, 0x2) bind$rxrpc(r9, &(0x7f0000000080)=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x4e20, 0x0, @dev={0xfe, 0x80, '\x00', 0x17}}}, 0x24) bind$inet6(r7, &(0x7f00000003c0)={0xa, 0x0, 0x0, @mcast1, 0xfffffffd}, 0x1c) sendto$inet(r1, 0x0, 0x0, 0x20000800, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10) readv(r0, &(0x7f0000000380)=[{&(0x7f0000000440)=""/162, 0xa2}], 0x1) 294.943033ms ago: executing program 1 (id=2087): socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r1}, &(0x7f0000000040), &(0x7f0000000140)=r0}, 0x20) ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{0xa4}, {0x6}]}) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000600)={{r1}, &(0x7f0000000580)=0x2, &(0x7f00000005c0)=r0}, 0x20) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000080)={r1, &(0x7f0000000040)}, 0x20) 187.088694ms ago: executing program 3 (id=2088): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f00000006c0)={'syztnl0\x00', 0x0}) r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0) read$FUSE(r4, &(0x7f00000034c0)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0xcac) fchown(r3, r5, r6) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'veth0_to_batadv\x00'}) sendmsg$can_raw(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000005c0)={0x0}}, 0x0) process_vm_writev(r0, &(0x7f0000000300)=[{&(0x7f0000000180)=""/109, 0x6d}], 0x1, &(0x7f0000000480), 0x0, 0x0) 81.84007ms ago: executing program 0 (id=2089): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, 0x0, 0x0) getsockopt$inet6_tcp_buf(r0, 0x6, 0x1a, 0x0, 0x0) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000040), r4) sendmsg$IEEE802154_LLSEC_ADD_KEY(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)={0x14, r5, 0x607, 0x70bd2b, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x20004080}, 0x24044884) 44.09389ms ago: executing program 5 (id=2090): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeee, 0x8031, r0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './cgroup\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, 0x0, 0x0) close(0xffffffffffffffff) syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2) bpf$BPF_PROG_DETACH(0x9, 0x0, 0x0) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) fanotify_init(0x200, 0x0) r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/power/pm_test', 0x141a82, 0x0) sendfile(r4, r5, 0x0, 0x4) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 0s ago: executing program 1 (id=2091): pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000240)="94", 0x1) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) vmsplice(r3, &(0x7f0000000380)=[{&(0x7f0000013580)="0dd2e7c8926dc6acd0ae6c178054e95986faff9544de5fc4c30adf404da41181a77466ac5075905ea5f50134fdd517a957fe2ee59b61f9fe8d7aabe595ea23de2723e437af0423a56686a4c2d957be1a0ab922fbbd3cb1d8c6ab0d58440a327c8eb05d445b4ac5f20abe449e4084f8b996268d0564f67980d3ed3479e0edfe5cec7b4f89bface391c9c4c58ad123b91c33173c72326d1df18804a9ea20f9ece48f784d8ca2318e3d2b316666b5dfb7295c4915989d5bcb120e8fedaa97b93a137c256ce4", 0x20013644}, {&(0x7f0000013680)="c578381bf5113dad8319d9ea5294285ae9a90384ce23866477bef9de4399237d8b3522c9c194e71edaf3332a2f169682f9d8fa271683d4d441b710409e506333e0c3b64e52e8720734b6787f4a84f5bebb046649c6c697d978affd349031b2cd874c7a8961a586a9f2d62f945e7a5bf2f5f7a31684c0503704881d2578a2a98ac3ef4e4a4b0dcdb70db735d5c1652eed3848b2dd4131bb0eb7cfadfaf5", 0x9d}], 0x2, 0x0) ioperm(0x9, 0x9, 0x7) r4 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc)=0x0) timer_settime(r5, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) tee(r0, r3, 0x8f5, 0x100000000000000) read$FUSE(r2, &(0x7f00000003c0)={0x2020}, 0x2020) kernel console output (not intermixed with test programs): ous mode [ 91.549841][ T5854] hsr_slave_1: entered promiscuous mode [ 91.556031][ T5854] debugfs: 'hsr0' already exists in 'hsr' [ 91.562532][ T5854] Cannot create hsr debugfs directory [ 91.577146][ T5857] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.584619][ T5857] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.611092][ T5857] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.742815][ T5857] hsr_slave_0: entered promiscuous mode [ 91.749772][ T5857] hsr_slave_1: entered promiscuous mode [ 91.756042][ T5857] debugfs: 'hsr0' already exists in 'hsr' [ 91.761895][ T5857] Cannot create hsr debugfs directory [ 91.886072][ T5855] hsr_slave_0: entered promiscuous mode [ 91.893644][ T5855] hsr_slave_1: entered promiscuous mode [ 91.900299][ T5855] debugfs: 'hsr0' already exists in 'hsr' [ 91.906074][ T5855] Cannot create hsr debugfs directory [ 92.380813][ T5846] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 92.396924][ T5846] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 92.410190][ T5846] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 92.436521][ T5846] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 92.514453][ T5857] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 92.548932][ T5857] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 92.573567][ T5857] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 92.587550][ T5857] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 92.645898][ T5847] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 92.672473][ T5847] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 92.680353][ T5165] Bluetooth: hci0: command tx timeout [ 92.682684][ T5852] Bluetooth: hci1: command tx timeout [ 92.693319][ T5847] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 92.705541][ T5847] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 92.760104][ T5852] Bluetooth: hci2: command tx timeout [ 92.765617][ T5852] Bluetooth: hci4: command tx timeout [ 92.771489][ T5165] Bluetooth: hci3: command tx timeout [ 92.868282][ T5854] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 92.906372][ T5846] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.926614][ T5854] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 92.938004][ T5854] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 92.963998][ T5854] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 93.027065][ T5855] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 93.039072][ T5855] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 93.056345][ T5855] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 93.067901][ T5855] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 93.100028][ T5846] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.143341][ T37] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.150804][ T37] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.203779][ T5857] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.213422][ T37] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.220748][ T37] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.313261][ T5847] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.357083][ T5857] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.394784][ T5847] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.421558][ T1109] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.428745][ T1109] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.465902][ T37] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.473405][ T37] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.483104][ T37] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.490678][ T37] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.524400][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.531572][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.571912][ T5854] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.737212][ T5854] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.756240][ T5855] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.785596][ T1145] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.793143][ T1145] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.866634][ T1145] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.873916][ T1145] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.916518][ T5855] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.955797][ T1145] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.963058][ T1145] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.985844][ T1145] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.993116][ T1145] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.017596][ T5846] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.314245][ T5846] veth0_vlan: entered promiscuous mode [ 94.366758][ T5846] veth1_vlan: entered promiscuous mode [ 94.445884][ T5847] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.582385][ T5846] veth0_macvtap: entered promiscuous mode [ 94.619553][ T5857] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.662512][ T5846] veth1_macvtap: entered promiscuous mode [ 94.746646][ T5847] veth0_vlan: entered promiscuous mode [ 94.761108][ T5165] Bluetooth: hci1: command tx timeout [ 94.766646][ T5852] Bluetooth: hci0: command tx timeout [ 94.781969][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 94.804159][ T5854] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.815230][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 94.829116][ T5847] veth1_vlan: entered promiscuous mode [ 94.841142][ T5852] Bluetooth: hci4: command tx timeout [ 94.846676][ T5852] Bluetooth: hci3: command tx timeout [ 94.850658][ T5165] Bluetooth: hci2: command tx timeout [ 94.925130][ T12] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.935959][ T12] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.956510][ T5857] veth0_vlan: entered promiscuous mode [ 94.962724][ T12] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.978230][ T12] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.048062][ T5855] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 95.096504][ T5857] veth1_vlan: entered promiscuous mode [ 95.177805][ T5847] veth0_macvtap: entered promiscuous mode [ 95.196346][ T37] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.203919][ T5847] veth1_macvtap: entered promiscuous mode [ 95.219686][ T37] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.305077][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.323339][ T1109] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.328292][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.340546][ T1109] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.348598][ T5857] veth0_macvtap: entered promiscuous mode [ 95.377283][ T5857] veth1_macvtap: entered promiscuous mode [ 95.425301][ T1109] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.435143][ T1109] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.462579][ T1109] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.472579][ T1109] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.500313][ T5846] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 95.501664][ T5855] veth0_vlan: entered promiscuous mode [ 95.550601][ T5854] veth0_vlan: entered promiscuous mode [ 95.588846][ T5857] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.643922][ T5855] veth1_vlan: entered promiscuous mode [ 95.656749][ T5854] veth1_vlan: entered promiscuous mode [ 95.694453][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 95.779491][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 95.787860][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 95.796877][ T0] NOHZ tick-stop error: local softirq work is pending, handler #340!!! [ 95.805985][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 95.819786][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 95.856616][ T5857] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.899353][ T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!! [ 95.907952][ T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!! [ 95.916777][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 96.348800][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.396338][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.461850][ T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.508387][ T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.523669][ T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.745111][ T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.799477][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 96.934214][ T5165] Bluetooth: hci0: command tx timeout [ 96.942898][ T5165] Bluetooth: hci1: command tx timeout [ 96.948466][ T5165] Bluetooth: hci2: command tx timeout [ 96.957304][ T5165] Bluetooth: hci4: command tx timeout [ 96.964659][ T5165] Bluetooth: hci3: command tx timeout [ 97.198397][ T5855] veth0_macvtap: entered promiscuous mode [ 97.212834][ T1145] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.223327][ T5854] veth0_macvtap: entered promiscuous mode [ 97.245727][ T5855] veth1_macvtap: entered promiscuous mode [ 97.256073][ T1145] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.280482][ T5854] veth1_macvtap: entered promiscuous mode [ 97.325455][ T92] cfg80211: failed to load regulatory.db [ 97.555175][ T5854] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.602240][ T5854] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.623509][ T5855] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.675741][ T12] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.687532][ T12] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.699635][ T12] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.709026][ T12] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.750513][ T5855] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.809742][ T5979] syz.1.2 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 97.828468][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.929749][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.317737][ T12] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.349613][ T5980] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.382739][ T5980] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.502936][ T5980] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.593242][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.605490][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.676942][ T60] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.701750][ T60] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.838672][ T5980] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.870774][ T5980] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.992050][ T5987] loop6: detected capacity change from 0 to 7 [ 99.132224][ T5987] Dev loop6: unable to read RDB block 7 [ 99.138192][ T5987] loop6: AHDI p1 p2 p3 [ 99.142876][ T5987] loop6: partition table partially beyond EOD, truncated [ 99.153262][ T5987] loop6: p1 start 1601398130 is beyond EOD, truncated [ 99.160532][ T5987] loop6: p2 start 1702059890 is beyond EOD, truncated [ 99.555834][ T60] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.590175][ T60] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.983635][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.095311][ T5996] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 100.609271][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.696163][ T5997] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 100.942045][ T6001] vivid-001: disconnect [ 101.128857][ T6002] input: syz0 as /devices/virtual/input/input5 [ 101.637685][ T5995] vivid-001: reconnect [ 104.526460][ T6021] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3'. [ 104.650793][ T6021] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 105.083064][ T6036] kAFS: No cell specified [ 105.302203][ T5921] IPVS: starting estimator thread 0... [ 105.847192][ T6039] IPVS: using max 27 ests per chain, 64800 per kthread [ 108.890686][ T5906] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 109.171152][ T5906] usb 1-1: config 0 has no interfaces? [ 109.200123][ T5906] usb 1-1: New USB device found, idVendor=1908, idProduct=1315, bcdDevice= 0.00 [ 109.211777][ T5906] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 109.234168][ T5906] usb 1-1: Product: syz [ 109.238746][ T5906] usb 1-1: Manufacturer: syz [ 109.247185][ T5906] usb 1-1: SerialNumber: syz [ 109.271712][ T5946] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 109.378734][ T5906] usb 1-1: config 0 descriptor?? [ 109.440687][ T5946] usb 5-1: Using ep0 maxpacket: 16 [ 109.485361][ T5946] usb 5-1: config 0 has no interfaces? [ 109.600910][ T5946] usb 5-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 109.652493][ T5946] usb 5-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 109.705424][ T5946] usb 5-1: Product: syz [ 109.725178][ T5946] usb 5-1: SerialNumber: syz [ 109.759500][ T1213] usb 1-1: USB disconnect, device number 2 [ 109.797739][ T5946] usb 5-1: config 0 descriptor?? [ 111.290400][ T6073] delete_channel: no stack [ 111.827885][ T6081] geneve2: entered promiscuous mode [ 112.026852][ T6087] netlink: 48 bytes leftover after parsing attributes in process `syz.0.32'. [ 112.037219][ T6087] netlink: 48 bytes leftover after parsing attributes in process `syz.0.32'. [ 112.055637][ T6087] netlink: 48 bytes leftover after parsing attributes in process `syz.0.32'. [ 112.490248][ T1213] usb 5-1: USB disconnect, device number 2 [ 112.611099][ T6091] capability: warning: `syz.1.34' uses deprecated v2 capabilities in a way that may be insecure [ 112.682286][ T6086] nbd2: detected capacity change from 0 to 8589934592 [ 112.774885][ T5993] block nbd2: Send control failed (result -89) [ 112.789655][ T5993] block nbd2: Request send failed, requeueing [ 112.807805][ T5852] block nbd2: Receive control failed (result -32) [ 112.817800][ T11] block nbd2: Dead connection, failed to find a fallback [ 112.825931][ T11] block nbd2: shutting down sockets [ 112.831870][ T11] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 112.842236][ T11] Buffer I/O error on dev nbd2, logical block 0, async page read [ 112.851527][ T5993] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 112.870610][ T5993] Buffer I/O error on dev nbd2, logical block 0, async page read [ 112.879081][ T5993] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 112.889359][ T5993] Buffer I/O error on dev nbd2, logical block 0, async page read [ 112.898138][ T5993] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 112.909596][ T5993] Buffer I/O error on dev nbd2, logical block 0, async page read [ 112.917777][ T5993] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 112.932588][ T5993] Buffer I/O error on dev nbd2, logical block 0, async page read [ 112.941182][ T5993] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 112.950735][ T5993] Buffer I/O error on dev nbd2, logical block 0, async page read [ 112.971450][ T5993] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 112.981211][ T5993] Buffer I/O error on dev nbd2, logical block 0, async page read [ 112.989858][ T5993] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 112.999104][ T5993] Buffer I/O error on dev nbd2, logical block 0, async page read [ 113.012705][ T5993] ldm_validate_partition_table(): Disk read failed. [ 113.020036][ T5993] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 113.767997][ T5993] Buffer I/O error on dev nbd2, logical block 0, async page read [ 113.781621][ T5993] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 113.809351][ T5993] Buffer I/O error on dev nbd2, logical block 0, async page read [ 113.889690][ T5993] Dev nbd2: unable to read RDB block 0 [ 113.895981][ T5993] nbd2: unable to read partition table [ 113.918304][ T5993] ldm_validate_partition_table(): Disk read failed. [ 113.951953][ T5993] Dev nbd2: unable to read RDB block 0 [ 113.977672][ T5993] nbd2: unable to read partition table [ 114.015536][ T6086] ldm_validate_partition_table(): Disk read failed. [ 114.036439][ T6086] Dev nbd2: unable to read RDB block 0 [ 114.043388][ T6086] nbd2: unable to read partition table [ 114.062743][ T6086] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256 [ 114.086621][ T6086] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=0, location=0 [ 114.098044][ T6086] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=1, location=1 [ 114.126866][ T6086] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512 [ 114.143453][ T6086] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256 [ 114.154998][ T6086] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=2147483647, location=2147483647 [ 114.166897][ T6086] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=2147483391, location=2147483391 [ 114.178616][ T6086] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=2147483646, location=2147483646 [ 114.195354][ T6086] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=2147483390, location=2147483390 [ 114.216117][ T6086] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=2147483645, location=2147483645 [ 114.232882][ T6086] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=2147483389, location=2147483389 [ 114.255898][ T6086] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=2147483497, location=2147483497 [ 114.291388][ T6086] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=2147483241, location=2147483241 [ 114.315321][ T6086] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=2147483495, location=2147483495 [ 114.347738][ T6086] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=2147483239, location=2147483239 [ 114.363084][ T6086] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512 [ 114.388775][ T6086] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256 [ 114.401338][ T6086] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=1073741823, location=1073741823 [ 114.413266][ T6086] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=1073741567, location=1073741567 [ 114.425185][ T6086] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=1073741822, location=1073741822 [ 114.450710][ T6086] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=1073741566, location=1073741566 [ 114.465187][ T6086] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=1073741821, location=1073741821 [ 114.477049][ T6086] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=1073741565, location=1073741565 [ 114.504037][ T6086] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=1073741673, location=1073741673 [ 114.516038][ T6086] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=1073741417, location=1073741417 [ 114.568334][ T6086] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=1073741671, location=1073741671 [ 114.587117][ T6086] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=1073741415, location=1073741415 [ 114.603750][ T6086] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512 [ 114.684303][ T6086] UDF-fs: warning (device nbd2): udf_fill_super: No partition found (1) [ 115.122813][ T6132] Zero length message leads to an empty skb [ 115.270665][ T5973] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 115.731256][ T5973] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 115.767208][ T5973] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 115.811942][ T5973] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00 [ 115.856127][ T5973] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 115.910107][ T5973] usb 2-1: config 0 descriptor?? [ 115.920673][ T6139] fuse: Bad value for 'fd' [ 117.589337][ T6150] kernel read not supported for file /blkio.throttle.io_service_bytes_recursive (pid: 6150 comm: syz.1.46) [ 117.606412][ T30] audit: type=1800 audit(1752635274.325:2): pid=6150 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.46" name="blkio.throttle.io_service_bytes_recursive" dev="mqueue" ino=9254 res=0 errno=0 [ 117.629538][ C1] vkms_vblank_simulate: vblank timer overrun [ 118.176300][ T6161] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 119.119275][ T5973] usbhid 2-1:0.0: can't add hid device: -71 [ 119.125538][ T5973] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 119.158547][ T5973] usb 2-1: USB disconnect, device number 2 [ 121.117904][ T6182] fuse: Bad value for 'fd' [ 121.802244][ T6188] netlink: 16 bytes leftover after parsing attributes in process `syz.1.66'. [ 125.576148][ T6221] fuse: Bad value for 'fd' [ 126.722961][ T6235] netlink: 104 bytes leftover after parsing attributes in process `syz.3.81'. [ 127.100899][ T6241] netlink: 28 bytes leftover after parsing attributes in process `syz.3.83'. [ 127.115440][ T6241] netlink: 28 bytes leftover after parsing attributes in process `syz.3.83'. [ 129.765425][ T6261] fuse: Unknown parameter '0x0000000000000003' [ 130.329255][ T6270] netlink: 8 bytes leftover after parsing attributes in process `syz.2.91'. [ 130.939696][ T5165] Bluetooth: hci4: command 0x0405 tx timeout [ 133.171362][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.179975][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 134.525777][ T6304] fuse: Unknown parameter '0x0000000000000003' [ 136.582876][ T1213] libceph: connect (1)[c::]:6789 error -101 [ 136.785105][ T6322] ceph: No mds server is up or the cluster is laggy [ 136.919711][ T6328] netlink: 'syz.4.107': attribute type 1 has an invalid length. [ 136.924262][ T1213] libceph: mon0 (1)[c::]:6789 connect error [ 137.014237][ T6330] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 137.050774][ T6330] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=none:owns=io+mem [ 138.026226][ T6337] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 138.622249][ T6341] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 138.715810][ T6341] blkio.reset_stats is deprecated [ 139.551433][ T6345] nvme_fabrics: missing parameter 'transport=%s' [ 139.707537][ T6345] nvme_fabrics: missing parameter 'nqn=%s' [ 139.957232][ T6349] fuse: Unknown parameter '0x0000000000000003' [ 141.807640][ T6371] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:20003 [ 142.047128][ T6377] fuse: Unknown parameter '0x0000000000000003' [ 142.865619][ T5973] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 143.061748][ T5973] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 143.084265][ T5973] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 143.127465][ T5973] usb 3-1: New USB device found, idVendor=0079, idProduct=1846, bcdDevice= 0.00 [ 143.143566][ T5973] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 143.161518][ T5973] usb 3-1: config 0 descriptor?? [ 144.122383][ T5973] usbhid 3-1:0.0: can't add hid device: -71 [ 144.216714][ T5973] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 144.316585][ T5973] usb 3-1: USB disconnect, device number 2 [ 145.285641][ T6417] syz.3.136 uses obsolete (PF_INET,SOCK_PACKET) [ 145.584454][ T6421] fuse: Unknown parameter '0x0000000000000003' [ 147.424351][ T6437] netlink: 100 bytes leftover after parsing attributes in process `syz.2.145'. [ 149.469148][ T6462] fuse: Unknown parameter '0x0000000000000003' [ 154.835634][ T6503] fuse: Unknown parameter 'fd0x0000000000000003' [ 156.745728][ T5973] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 157.275755][ T6524] process 'syz.1.171' launched './file0' with NULL argv: empty string added [ 157.935761][ T5973] usb 5-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 157.981909][ T5973] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 158.024753][ T5973] usb 5-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 158.057693][ T5973] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 158.637330][ T5973] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 160.650560][ T6541] netlink: 20 bytes leftover after parsing attributes in process `syz.3.176'. [ 161.165854][ T5973] usb 5-1: can't set config #27, error -71 [ 161.409247][ T5973] usb 5-1: USB disconnect, device number 3 [ 161.561691][ T6544] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 161.775616][ T6550] fuse: Unknown parameter 'fd0x0000000000000003' [ 162.657137][ T6557] netlink: 'syz.4.181': attribute type 10 has an invalid length. [ 163.296196][ T6564] netlink: 4 bytes leftover after parsing attributes in process `syz.2.183'. [ 165.069829][ T6564] hsr_slave_1 (unregistering): left promiscuous mode [ 165.730575][ T5852] Bluetooth: hci1: unexpected cc 0x2039 length: 9 > 1 [ 165.905178][ T6583] netlink: 200 bytes leftover after parsing attributes in process `syz.0.188'. [ 166.667017][ T6592] fuse: Unknown parameter 'fd0x0000000000000003' [ 167.158066][ T6598] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 169.814145][ T5165] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 169.824924][ T5165] Bluetooth: hci1: Injecting HCI hardware error event [ 169.841429][ T5852] Bluetooth: hci1: hardware error 0x00 [ 172.181640][ T5852] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 174.175761][ T30] audit: type=1326 audit(1752635330.763:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6652 comm="syz.4.211" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8933b8e929 code=0x7ffc0000 [ 174.175992][ T30] audit: type=1326 audit(1752635330.763:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6652 comm="syz.4.211" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8933b8e929 code=0x7ffc0000 [ 174.176162][ T30] audit: type=1326 audit(1752635330.763:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6652 comm="syz.4.211" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8933b8e929 code=0x7ffc0000 [ 174.176334][ T30] audit: type=1326 audit(1752635330.763:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6652 comm="syz.4.211" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8933b8e929 code=0x7ffc0000 [ 174.176501][ T30] audit: type=1326 audit(1752635330.763:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6652 comm="syz.4.211" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8933b8e929 code=0x7ffc0000 [ 174.176677][ T30] audit: type=1326 audit(1752635330.763:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6652 comm="syz.4.211" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f8933b8d58a code=0x7ffc0000 [ 174.176962][ T30] audit: type=1326 audit(1752635330.763:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6652 comm="syz.4.211" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f8933bc11e5 code=0x7ffc0000 [ 174.374547][ T30] audit: type=1326 audit(1752635331.123:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6652 comm="syz.4.211" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8933b8e929 code=0x7ffc0000 [ 174.399412][ T6657] Can't find ip_set type [ 174.529346][ T30] audit: type=1326 audit(1752635331.123:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6652 comm="syz.4.211" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8933b8e929 code=0x7ffc0000 [ 174.592766][ T6664] loop8: detected capacity change from 0 to 7 [ 174.631142][ T6664] Dev loop8: unable to read RDB block 7 [ 174.665289][ T6664] loop8: AHDI p1 p3 p4 [ 174.675416][ T6664] loop8: partition table partially beyond EOD, truncated [ 174.713638][ T6664] loop8: p1 start 975770946 is beyond EOD, truncated [ 174.733952][ T6666] loop0: detected capacity change from 0 to 1024 [ 174.739122][ T6664] loop8: p3 start 6514546 is beyond EOD, truncated [ 174.757187][ T6666] ======================================================= [ 174.757187][ T6666] WARNING: The mand mount option has been deprecated and [ 174.757187][ T6666] and is ignored by this kernel. Remove the mand [ 174.757187][ T6666] option from the mount to silence this warning. [ 174.757187][ T6666] ======================================================= [ 175.284093][ T6666] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 175.396775][ T6666] ext4 filesystem being mounted at /33/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 175.685980][ T6666] EXT4-fs error (device loop0): ext4_map_blocks:814: inode #15: block 3: comm syz.0.214: lblock 3 mapped to illegal pblock 3 (length 13) [ 175.895016][ T6666] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 13 with error 117 [ 175.910805][ T6666] EXT4-fs (loop0): This should not happen!! Data will be lost [ 175.910805][ T6666] [ 175.925023][ T6691] EXT4-fs error (device loop0): ext4_map_blocks:778: inode #15: block 3: comm syz.0.214: lblock 3 mapped to illegal pblock 3 (length 1) [ 176.608564][ T6665] EXT4-fs error (device loop0): ext4_map_blocks:778: inode #15: block 3: comm syz.0.214: lblock 3 mapped to illegal pblock 3 (length 1) [ 176.639713][ T6691] EXT4-fs error (device loop0): ext4_map_blocks:778: inode #15: block 3: comm syz.0.214: lblock 3 mapped to illegal pblock 3 (length 1) [ 176.709224][ T6691] EXT4-fs error (device loop0): ext4_map_blocks:778: inode #15: block 3: comm syz.0.214: lblock 3 mapped to illegal pblock 3 (length 1) [ 176.818670][ T6691] EXT4-fs error (device loop0): ext4_map_blocks:778: inode #15: block 3: comm syz.0.214: lblock 3 mapped to illegal pblock 3 (length 1) [ 176.835209][ T6691] EXT4-fs error (device loop0): ext4_map_blocks:778: inode #15: block 3: comm syz.0.214: lblock 3 mapped to illegal pblock 3 (length 1) [ 176.853850][ T6691] EXT4-fs error (device loop0): ext4_map_blocks:778: inode #15: block 3: comm syz.0.214: lblock 3 mapped to illegal pblock 3 (length 1) [ 178.510880][ T6676] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters [ 178.870280][ T5857] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 180.236842][ T30] audit: type=1326 audit(1752635336.376:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6714 comm="syz.0.227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f196ed8e929 code=0x7ffc0000 [ 180.476605][ T30] audit: type=1326 audit(1752635336.376:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6714 comm="syz.0.227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f196ed8e929 code=0x7ffc0000 [ 180.513918][ T30] audit: type=1326 audit(1752635336.376:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6714 comm="syz.0.227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f196ed8e929 code=0x7ffc0000 [ 180.536973][ T30] audit: type=1326 audit(1752635336.376:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6714 comm="syz.0.227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f196ed8e929 code=0x7ffc0000 [ 180.545204][ T6726] netlink: 212376 bytes leftover after parsing attributes in process `syz.3.230'. [ 180.560539][ T30] audit: type=1326 audit(1752635336.386:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6714 comm="syz.0.227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f196ed8e929 code=0x7ffc0000 [ 180.591990][ T30] audit: type=1326 audit(1752635336.386:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6714 comm="syz.0.227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f196ed8d58a code=0x7ffc0000 [ 180.687946][ T30] audit: type=1326 audit(1752635336.386:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6714 comm="syz.0.227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f196edc11e5 code=0x7ffc0000 [ 180.710839][ T30] audit: type=1326 audit(1752635336.586:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6714 comm="syz.0.227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f196ed8e929 code=0x7ffc0000 [ 181.044579][ T30] audit: type=1326 audit(1752635336.586:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6714 comm="syz.0.227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f196ed8e929 code=0x7ffc0000 [ 181.103963][ T30] audit: type=1326 audit(1752635336.586:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6714 comm="syz.0.227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=254 compat=0 ip=0x7f196ed8e929 code=0x7ffc0000 [ 182.736487][ T5165] Bluetooth: hci5: command 0x1003 tx timeout [ 182.743270][ T5852] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 183.237348][ T6749] loop2: detected capacity change from 0 to 1024 [ 183.312915][ T6749] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 183.332859][ T6749] ext4 filesystem being mounted at /39/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 183.371841][ T6749] EXT4-fs error (device loop2): ext4_map_blocks:814: inode #15: block 3: comm syz.2.237: lblock 3 mapped to illegal pblock 3 (length 13) [ 183.393685][ T6749] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 13 with error 117 [ 183.406452][ T6749] EXT4-fs (loop2): This should not happen!! Data will be lost [ 183.406452][ T6749] [ 183.526168][ T6755] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #15: block 3: comm syz.2.237: lblock 3 mapped to illegal pblock 3 (length 1) [ 183.557308][ T6755] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #15: block 3: comm syz.2.237: lblock 3 mapped to illegal pblock 3 (length 1) [ 183.659454][ T6755] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #15: block 3: comm syz.2.237: lblock 3 mapped to illegal pblock 3 (length 1) [ 183.879653][ T6755] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #15: block 3: comm syz.2.237: lblock 3 mapped to illegal pblock 3 (length 1) [ 184.707264][ T6755] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #15: block 3: comm syz.2.237: lblock 3 mapped to illegal pblock 3 (length 1) [ 185.540317][ T6753] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters [ 186.185477][ T5855] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 187.023739][ T30] kauditd_printk_skb: 8 callbacks suppressed [ 187.023832][ T30] audit: type=1326 audit(1752635343.179:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6768 comm="syz.1.243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd88898e929 code=0x7ffc0000 [ 187.142662][ T30] audit: type=1326 audit(1752635343.189:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6768 comm="syz.1.243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd88898e929 code=0x7ffc0000 [ 187.527314][ T30] audit: type=1326 audit(1752635343.189:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6768 comm="syz.1.243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd88898e929 code=0x7ffc0000 [ 187.745786][ T30] audit: type=1326 audit(1752635343.189:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6768 comm="syz.1.243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd88898e929 code=0x7ffc0000 [ 188.126219][ T30] audit: type=1326 audit(1752635343.189:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6768 comm="syz.1.243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd88898e929 code=0x7ffc0000 [ 188.312710][ T30] audit: type=1326 audit(1752635343.189:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6768 comm="syz.1.243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fd88898d58a code=0x7ffc0000 [ 188.414661][ T30] audit: type=1326 audit(1752635343.189:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6768 comm="syz.1.243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fd8889c11e5 code=0x7ffc0000 [ 188.970314][ T30] audit: type=1326 audit(1752635343.389:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6768 comm="syz.1.243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd88898e929 code=0x7ffc0000 [ 188.992905][ T30] audit: type=1326 audit(1752635343.389:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6768 comm="syz.1.243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd88898e929 code=0x7ffc0000 [ 189.028935][ T30] audit: type=1326 audit(1752635343.399:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6768 comm="syz.1.243" exe="/root/syz-executor" sig=0 arch=c000003e syscall=254 compat=0 ip=0x7fd88898e929 code=0x7ffc0000 [ 193.455438][ T30] kauditd_printk_skb: 8 callbacks suppressed [ 193.456424][ T30] audit: type=1326 audit(1752635350.202:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6826 comm="syz.1.259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd88898e929 code=0x7ffc0000 [ 194.019059][ T30] audit: type=1326 audit(1752635350.202:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6826 comm="syz.1.259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd88898e929 code=0x7ffc0000 [ 194.058170][ T6834] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 194.563575][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.570525][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.586381][ T30] audit: type=1326 audit(1752635350.212:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6826 comm="syz.1.259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd88898e929 code=0x7ffc0000 [ 194.626063][ T30] audit: type=1326 audit(1752635350.212:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6826 comm="syz.1.259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd88898e929 code=0x7ffc0000 [ 194.689547][ T30] audit: type=1326 audit(1752635350.212:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6826 comm="syz.1.259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd88898e929 code=0x7ffc0000 [ 194.761566][ T30] audit: type=1326 audit(1752635350.212:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6826 comm="syz.1.259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fd88898d58a code=0x7ffc0000 [ 194.824553][ T30] audit: type=1326 audit(1752635350.212:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6826 comm="syz.1.259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fd8889c11e5 code=0x7ffc0000 [ 194.887017][ T30] audit: type=1326 audit(1752635350.413:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6826 comm="syz.1.259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd88898e929 code=0x7ffc0000 [ 194.979365][ T30] audit: type=1326 audit(1752635350.413:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6826 comm="syz.1.259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd88898e929 code=0x7ffc0000 [ 195.052781][ T30] audit: type=1326 audit(1752635350.413:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6826 comm="syz.1.259" exe="/root/syz-executor" sig=0 arch=c000003e syscall=254 compat=0 ip=0x7fd88898e929 code=0x7ffc0000 [ 196.053769][ T6847] netlink: 129704 bytes leftover after parsing attributes in process `syz.0.267'. [ 196.094112][ T6847] netlink: 16 bytes leftover after parsing attributes in process `syz.0.267'. [ 199.849392][ T6873] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 201.920572][ T30] kauditd_printk_skb: 8 callbacks suppressed [ 201.920617][ T30] audit: type=1326 audit(1752635358.056:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6884 comm="syz.1.279" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd88898e929 code=0x7ffc0000 [ 202.014180][ T30] audit: type=1326 audit(1752635358.056:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6884 comm="syz.1.279" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd88898e929 code=0x7ffc0000 [ 202.039613][ T30] audit: type=1326 audit(1752635358.056:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6884 comm="syz.1.279" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd88898e929 code=0x7ffc0000 [ 202.324706][ T30] audit: type=1326 audit(1752635358.056:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6884 comm="syz.1.279" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd88898e929 code=0x7ffc0000 [ 202.398379][ T30] audit: type=1326 audit(1752635358.066:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6884 comm="syz.1.279" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd88898e929 code=0x7ffc0000 [ 202.435970][ T30] audit: type=1326 audit(1752635358.066:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6884 comm="syz.1.279" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fd88898d58a code=0x7ffc0000 [ 202.542647][ T30] audit: type=1326 audit(1752635358.066:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6884 comm="syz.1.279" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fd8889c11e5 code=0x7ffc0000 [ 202.674420][ T30] audit: type=1326 audit(1752635358.266:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6884 comm="syz.1.279" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd88898e929 code=0x7ffc0000 [ 202.700469][ T30] audit: type=1326 audit(1752635358.266:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6884 comm="syz.1.279" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd88898e929 code=0x7ffc0000 [ 202.749930][ T30] audit: type=1326 audit(1752635358.266:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6884 comm="syz.1.279" exe="/root/syz-executor" sig=0 arch=c000003e syscall=254 compat=0 ip=0x7fd88898e929 code=0x7ffc0000 [ 202.775464][ T92] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 202.985436][ T92] usb 4-1: Using ep0 maxpacket: 16 [ 203.003568][ T92] usb 4-1: config 0 has no interfaces? [ 203.013845][ T92] usb 4-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 203.055269][ T92] usb 4-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 203.104354][ T5973] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 203.114508][ T92] usb 4-1: Product: syz [ 203.135241][ T92] usb 4-1: SerialNumber: syz [ 203.977664][ T92] usb 4-1: config 0 descriptor?? [ 204.045268][ T5973] usb 2-1: Using ep0 maxpacket: 32 [ 204.176138][ T5973] usb 2-1: config index 0 descriptor too short (expected 156, got 27) [ 204.234891][ T5973] usb 2-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 204.309973][ T5973] usb 2-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 204.360090][ T5973] usb 2-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 204.737898][ T5973] usb 2-1: config 0 interface 0 has no altsetting 0 [ 204.771038][ T5973] usb 2-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 204.930887][ T5973] usb 2-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 205.324170][ T5973] usb 2-1: Product: syz [ 205.344204][ T5973] usb 2-1: Manufacturer: syz [ 205.355006][ T5973] usb 2-1: SerialNumber: syz [ 205.371821][ T5973] usb 2-1: config 0 descriptor?? [ 205.495958][ T6906] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 205.502446][ T6906] Bluetooth: hci0: Error when powering off device on rfkill (-4) [ 205.596917][ T5973] ldusb 2-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 205.649243][ T5973] ldusb 2-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 205.712792][ T6906] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 205.731144][ T6906] Bluetooth: hci2: Error when powering off device on rfkill (-4) [ 205.946461][ T6906] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 205.967813][ T24] usb 4-1: USB disconnect, device number 2 [ 206.724170][ T6906] Bluetooth: hci3: Error when powering off device on rfkill (-4) [ 206.757774][ T92] usb 2-1: USB disconnect, device number 3 [ 206.856300][ T6906] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 206.883423][ T6906] Bluetooth: hci4: Error when powering off device on rfkill (-4) [ 206.885215][ T92] ldusb 2-1:0.0: LD USB Device #0 now disconnected [ 207.325963][ T6933] loop8: detected capacity change from 0 to 79 [ 208.457119][ T30] kauditd_printk_skb: 8 callbacks suppressed [ 208.457159][ T30] audit: type=1326 audit(1752635365.190:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6942 comm="syz.3.295" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa00338e929 code=0x7ffc0000 [ 208.922798][ T30] audit: type=1326 audit(1752635365.190:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6942 comm="syz.3.295" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa00338e929 code=0x7ffc0000 [ 208.945098][ C1] vkms_vblank_simulate: vblank timer overrun [ 208.994413][ T30] audit: type=1326 audit(1752635365.190:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6942 comm="syz.3.295" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa00338e929 code=0x7ffc0000 [ 209.018670][ T30] audit: type=1326 audit(1752635365.190:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6942 comm="syz.3.295" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa00338e929 code=0x7ffc0000 [ 209.091831][ T30] audit: type=1326 audit(1752635365.190:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6942 comm="syz.3.295" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa00338e929 code=0x7ffc0000 [ 209.114017][ C1] vkms_vblank_simulate: vblank timer overrun [ 209.156648][ T30] audit: type=1326 audit(1752635365.190:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6942 comm="syz.3.295" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fa00338d58a code=0x7ffc0000 [ 209.178655][ C1] vkms_vblank_simulate: vblank timer overrun [ 209.235168][ T30] audit: type=1326 audit(1752635365.190:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6942 comm="syz.3.295" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fa0033c11e5 code=0x7ffc0000 [ 209.306488][ T30] audit: type=1326 audit(1752635365.390:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6942 comm="syz.3.295" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa00338e929 code=0x7ffc0000 [ 209.329033][ C1] vkms_vblank_simulate: vblank timer overrun [ 209.338304][ T30] audit: type=1326 audit(1752635365.400:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6942 comm="syz.3.295" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa00338e929 code=0x7ffc0000 [ 209.360589][ C1] vkms_vblank_simulate: vblank timer overrun [ 209.368733][ T30] audit: type=1326 audit(1752635365.400:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6942 comm="syz.3.295" exe="/root/syz-executor" sig=0 arch=c000003e syscall=254 compat=0 ip=0x7fa00338e929 code=0x7ffc0000 [ 209.401743][ T6960] netlink: 16 bytes leftover after parsing attributes in process `syz.1.300'. [ 214.767678][ T7004] loop6: detected capacity change from 0 to 7 [ 214.946697][ T7004] Dev loop6: unable to read RDB block 7 [ 214.979665][ T7004] loop6: AHDI p1 p2 p3 [ 215.013133][ T7004] loop6: partition table partially beyond EOD, truncated [ 215.699910][ T7004] loop6: p1 start 1601398130 is beyond EOD, truncated [ 215.707107][ T7004] loop6: p2 start 1702059890 is beyond EOD, truncated [ 217.946514][ T7047] loop6: detected capacity change from 0 to 7 [ 218.004468][ T7047] Dev loop6: unable to read RDB block 7 [ 218.077947][ T7047] loop6: AHDI p1 p2 p3 [ 218.095349][ T7047] loop6: partition table partially beyond EOD, truncated [ 218.122942][ T7047] loop6: p1 start 1601398130 is beyond EOD, truncated [ 218.161828][ T7047] loop6: p2 start 1702059890 is beyond EOD, truncated [ 218.313297][ T7059] bridge0: port 2(bridge_slave_1) entered disabled state [ 218.322074][ T7059] bridge0: port 1(bridge_slave_0) entered disabled state [ 218.402918][ T7059] netlink: 32 bytes leftover after parsing attributes in process `syz.2.334'. [ 218.445687][ T7059] A link change request failed with some changes committed already. Interface bridge0 may have been left with an inconsistent configuration, please check. [ 218.526268][ T7065] netlink: 32 bytes leftover after parsing attributes in process `syz.2.334'. [ 222.000284][ T7107] loop6: detected capacity change from 0 to 7 [ 222.195726][ T7107] Dev loop6: unable to read RDB block 7 [ 222.201565][ T7107] loop6: AHDI p1 p2 p3 [ 222.206116][ T7107] loop6: partition table partially beyond EOD, truncated [ 222.214741][ T7107] loop6: p1 start 1601398130 is beyond EOD, truncated [ 222.221709][ T7107] loop6: p2 start 1702059890 is beyond EOD, truncated [ 224.152231][ T7123] Bluetooth: MGMT ver 1.23 [ 233.500105][ T7202] netlink: 16 bytes leftover after parsing attributes in process `syz.0.381'. [ 252.001260][ T7349] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 254.692143][ T7360] netlink: 20 bytes leftover after parsing attributes in process `syz.1.431'. [ 255.974609][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.981287][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 258.321550][ T7402] netlink: 16 bytes leftover after parsing attributes in process `syz.4.444'. [ 260.133612][ T7416] netlink: 20 bytes leftover after parsing attributes in process `syz.1.446'. [ 262.721095][ T7452] netlink: 16 bytes leftover after parsing attributes in process `syz.1.458'. [ 264.447183][ T7459] tipc: Started in network mode [ 264.452438][ T7459] tipc: Node identity 264520c7938e, cluster identity 4711 [ 264.508605][ T7459] tipc: Enabled bearer , priority 0 [ 264.574300][ T7461] syzkaller0: entered promiscuous mode [ 264.686061][ T7461] syzkaller0: entered allmulticast mode [ 265.586326][ T7461] tipc: Resetting bearer [ 265.616523][ T92] tipc: Node number set to 3049988295 [ 265.690871][ T5165] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 265.705713][ T5165] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 265.719278][ T5165] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 265.730050][ T7458] tipc: Resetting bearer [ 265.737193][ T5165] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 265.767524][ T5165] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 265.802334][ T5852] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 265.814486][ T5852] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 265.826057][ T5852] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 265.843532][ T5852] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 265.856030][ T5852] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 265.932285][ T7458] tipc: Disabling bearer [ 267.255061][ T1145] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 268.028849][ T5165] Bluetooth: hci5: command tx timeout [ 269.709770][ T1145] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 270.052213][ T5165] Bluetooth: hci5: command tx timeout [ 270.234236][ T1145] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 270.510154][ T7531] netlink: 16 bytes leftover after parsing attributes in process `syz.1.478'. [ 270.705982][ T7533] loop6: detected capacity change from 0 to 7 [ 270.801753][ T7533] Dev loop6: unable to read RDB block 7 [ 270.807725][ T7533] loop6: AHDI p1 p2 p3 [ 270.812330][ T7533] loop6: partition table partially beyond EOD, truncated [ 270.821216][ T7533] loop6: p1 start 1601398130 is beyond EOD, truncated [ 270.828334][ T7533] loop6: p2 start 1702059890 is beyond EOD, truncated [ 271.319981][ T30] kauditd_printk_skb: 8 callbacks suppressed [ 271.320001][ T30] audit: type=1326 audit(1752635428.111:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7537 comm="syz.1.481" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd88898e929 code=0x0 [ 271.403046][ T1145] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 271.697675][ T7469] chnl_net:caif_netlink_parms(): no params data found [ 272.131178][ T5165] Bluetooth: hci5: command tx timeout [ 272.672585][ T7562] netlink: 20 bytes leftover after parsing attributes in process `syz.4.485'. [ 272.804008][ T7469] bridge0: port 1(bridge_slave_0) entered blocking state [ 272.821986][ T7469] bridge0: port 1(bridge_slave_0) entered disabled state [ 272.829404][ T7469] bridge_slave_0: entered allmulticast mode [ 272.894300][ T7469] bridge_slave_0: entered promiscuous mode [ 272.915707][ T7469] bridge0: port 2(bridge_slave_1) entered blocking state [ 272.923166][ T7469] bridge0: port 2(bridge_slave_1) entered disabled state [ 272.932299][ T7469] bridge_slave_1: entered allmulticast mode [ 272.940391][ T7469] bridge_slave_1: entered promiscuous mode [ 273.235153][ T7574] netlink: 20 bytes leftover after parsing attributes in process `syz.4.490'. [ 274.239836][ T5165] Bluetooth: hci5: command tx timeout [ 274.618040][ T7579] netlink: 16 bytes leftover after parsing attributes in process `syz.0.491'. [ 275.292684][ T7469] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 275.355375][ T7469] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 275.428419][ T1145] bridge_slave_1: left allmulticast mode [ 275.494296][ T1145] bridge_slave_1: left promiscuous mode [ 275.591022][ T1145] bridge0: port 2(bridge_slave_1) entered disabled state [ 275.887009][ T30] audit: type=1326 audit(1752635432.684:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7587 comm="syz.0.495" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f196ed8e929 code=0x7ffc0000 [ 275.956858][ T30] audit: type=1326 audit(1752635432.684:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7587 comm="syz.0.495" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f196ed8e929 code=0x7ffc0000 [ 275.986329][ T1145] bridge_slave_0: left allmulticast mode [ 275.997277][ T30] audit: type=1326 audit(1752635432.714:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7587 comm="syz.0.495" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f196ed8e929 code=0x7ffc0000 [ 276.030381][ T1145] bridge_slave_0: left promiscuous mode [ 276.038215][ T1145] bridge0: port 1(bridge_slave_0) entered disabled state [ 276.051579][ T30] audit: type=1326 audit(1752635432.714:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7587 comm="syz.0.495" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f196ed8e929 code=0x7ffc0000 [ 276.105910][ T30] audit: type=1326 audit(1752635432.714:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7587 comm="syz.0.495" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f196ed8e929 code=0x7ffc0000 [ 276.198941][ T30] audit: type=1326 audit(1752635432.714:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7587 comm="syz.0.495" exe="/root/syz-executor" sig=0 arch=c000003e syscall=50 compat=0 ip=0x7f196ed8e929 code=0x7ffc0000 [ 276.200538][ T7582] Illegal XDP return value 4294967274 on prog (id 103) dev N/A, expect packet loss! [ 276.317137][ T30] audit: type=1326 audit(1752635432.714:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7587 comm="syz.0.495" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f196ed8e929 code=0x7ffc0000 [ 276.417098][ T30] audit: type=1326 audit(1752635432.714:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7587 comm="syz.0.495" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f196ed8e929 code=0x7ffc0000 [ 276.502059][ T7600] netlink: 20 bytes leftover after parsing attributes in process `syz.1.499'. [ 276.621177][ T30] audit: type=1800 audit(1752635433.414:111): pid=7606 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.500" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0 [ 278.515355][ T7616] netlink: 16 bytes leftover after parsing attributes in process `syz.0.504'. [ 279.264471][ T1145] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 279.286012][ T1145] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 279.303227][ T1145] bond0 (unregistering): Released all slaves [ 279.441751][ T7469] team0: Port device team_slave_0 added [ 279.475523][ T7469] team0: Port device team_slave_1 added [ 280.976503][ T7634] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 282.510472][ T7469] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 282.575507][ T7469] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 282.649323][ T7469] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 282.789058][ T30] audit: type=1326 audit(1752635439.577:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7644 comm="syz.1.512" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd88898e929 code=0x7ffc0000 [ 283.039602][ T7469] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 283.282519][ T30] audit: type=1326 audit(1752635439.577:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7644 comm="syz.1.512" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd88898e929 code=0x7ffc0000 [ 283.295203][ T7469] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 283.330770][ T30] audit: type=1326 audit(1752635439.577:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7644 comm="syz.1.512" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd88898e929 code=0x7ffc0000 [ 283.330825][ T30] audit: type=1326 audit(1752635439.577:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7644 comm="syz.1.512" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd88898e929 code=0x7ffc0000 [ 283.330869][ T30] audit: type=1326 audit(1752635439.577:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7644 comm="syz.1.512" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd88898e929 code=0x7ffc0000 [ 283.330914][ T30] audit: type=1326 audit(1752635439.577:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7644 comm="syz.1.512" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fd88898d58a code=0x7ffc0000 [ 283.330957][ T30] audit: type=1326 audit(1752635439.587:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7644 comm="syz.1.512" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fd8889c11e5 code=0x7ffc0000 [ 283.331003][ T30] audit: type=1326 audit(1752635439.787:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7644 comm="syz.1.512" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd88898e929 code=0x7ffc0000 [ 283.331047][ T30] audit: type=1326 audit(1752635439.787:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7644 comm="syz.1.512" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd88898e929 code=0x7ffc0000 [ 283.331091][ T30] audit: type=1326 audit(1752635439.787:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7644 comm="syz.1.512" exe="/root/syz-executor" sig=0 arch=c000003e syscall=254 compat=0 ip=0x7fd88898e929 code=0x7ffc0000 [ 283.524270][ T7469] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 284.328803][ T7469] hsr_slave_0: entered promiscuous mode [ 284.349714][ T7469] hsr_slave_1: entered promiscuous mode [ 284.367361][ T7469] debugfs: 'hsr0' already exists in 'hsr' [ 284.381250][ T7469] Cannot create hsr debugfs directory [ 285.239160][ T1145] hsr_slave_0: left promiscuous mode [ 285.269051][ T1145] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 285.334389][ T1145] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 285.366004][ T1145] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 285.373456][ T1145] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 285.544071][ T1145] veth1_macvtap: left promiscuous mode [ 285.550028][ T1145] veth0_macvtap: left promiscuous mode [ 285.568377][ T1145] veth1_vlan: left promiscuous mode [ 285.799592][ T1145] veth0_vlan: left promiscuous mode [ 286.231209][ T7682] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 290.948696][ T7722] netlink: 20 bytes leftover after parsing attributes in process `syz.0.534'. [ 291.802974][ T7730] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 293.274685][ T1145] team0 (unregistering): Port device team_slave_1 removed [ 293.440655][ T1145] team0 (unregistering): Port device team_slave_0 removed [ 294.929600][ T44] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 295.110150][ T44] usb 1-1: Using ep0 maxpacket: 16 [ 295.196257][ T44] usb 1-1: config 0 has no interfaces? [ 295.372405][ T44] usb 1-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 295.485337][ T44] usb 1-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 295.607912][ T44] usb 1-1: Product: syz [ 295.617071][ T44] usb 1-1: SerialNumber: syz [ 295.650266][ T44] usb 1-1: config 0 descriptor?? [ 296.788669][ T7777] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 297.096890][ T5840] usb 1-1: USB disconnect, device number 3 [ 298.174671][ T7469] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 298.256551][ T7788] netlink: 20 bytes leftover after parsing attributes in process `syz.4.559'. [ 298.271566][ T7469] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 298.359289][ T7469] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 298.399209][ T7469] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 298.942832][ T7469] 8021q: adding VLAN 0 to HW filter on device bond0 [ 298.971972][ T7469] 8021q: adding VLAN 0 to HW filter on device team0 [ 298.998197][ T5980] bridge0: port 1(bridge_slave_0) entered blocking state [ 299.005404][ T5980] bridge0: port 1(bridge_slave_0) entered forwarding state [ 299.045555][ T7803] loop0: detected capacity change from 0 to 1024 [ 299.117494][ T6025] bridge0: port 2(bridge_slave_1) entered blocking state [ 299.124727][ T6025] bridge0: port 2(bridge_slave_1) entered forwarding state [ 299.162271][ T7803] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 299.210546][ T7469] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 299.223986][ T7469] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 299.240079][ T7803] ext4 filesystem being mounted at /107/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 299.304883][ T7803] EXT4-fs error (device loop0): ext4_map_blocks:814: inode #15: block 3: comm syz.0.562: lblock 3 mapped to illegal pblock 3 (length 13) [ 299.326138][ T7803] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 13 with error 117 [ 299.339810][ T7803] EXT4-fs (loop0): This should not happen!! Data will be lost [ 299.339810][ T7803] [ 299.355470][ T7809] EXT4-fs error (device loop0): ext4_map_blocks:778: inode #15: block 3: comm syz.0.562: lblock 3 mapped to illegal pblock 3 (length 1) [ 299.432060][ T7799] EXT4-fs error (device loop0): ext4_map_blocks:778: inode #15: block 3: comm syz.0.562: lblock 3 mapped to illegal pblock 3 (length 1) [ 299.562394][ T7799] EXT4-fs error (device loop0): ext4_map_blocks:778: inode #15: block 3: comm syz.0.562: lblock 3 mapped to illegal pblock 3 (length 1) [ 299.695147][ T7809] EXT4-fs error (device loop0): ext4_map_blocks:778: inode #15: block 3: comm syz.0.562: lblock 3 mapped to illegal pblock 3 (length 1) [ 299.764591][ T7809] EXT4-fs error (device loop0): ext4_map_blocks:778: inode #15: block 3: comm syz.0.562: lblock 3 mapped to illegal pblock 3 (length 1) [ 299.788305][ T7809] EXT4-fs error (device loop0): ext4_map_blocks:778: inode #15: block 3: comm syz.0.562: lblock 3 mapped to illegal pblock 3 (length 1) [ 299.830989][ T7799] EXT4-fs error (device loop0): ext4_map_blocks:778: inode #15: block 3: comm syz.0.562: lblock 3 mapped to illegal pblock 3 (length 1) [ 299.899059][ T7809] EXT4-fs error (device loop0): ext4_map_blocks:778: inode #15: block 3: comm syz.0.562: lblock 3 mapped to illegal pblock 3 (length 1) [ 299.948231][ T7799] EXT4-fs error (device loop0): ext4_map_blocks:778: inode #15: block 3: comm syz.0.562: lblock 3 mapped to illegal pblock 3 (length 1) [ 300.269023][ T7469] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 300.423835][ T5857] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 303.515092][ T9] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 304.060564][ T7469] veth0_vlan: entered promiscuous mode [ 304.215925][ T9] usb 2-1: Using ep0 maxpacket: 16 [ 304.251841][ T7469] veth1_vlan: entered promiscuous mode [ 304.277326][ T9] usb 2-1: config 0 has no interfaces? [ 304.434690][ T9] usb 2-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 304.461939][ T9] usb 2-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 304.539516][ T9] usb 2-1: Product: syz [ 304.566210][ T9] usb 2-1: SerialNumber: syz [ 304.946320][ T9] usb 2-1: config 0 descriptor?? [ 305.414731][ T7469] veth0_macvtap: entered promiscuous mode [ 305.433558][ T9] usb 2-1: can't set config #0, error -71 [ 305.495338][ T9] usb 2-1: USB disconnect, device number 4 [ 305.527393][ T7469] veth1_macvtap: entered promiscuous mode [ 305.645117][ T7469] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 305.679164][ T7469] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 306.153511][ T6025] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 306.165761][ T7847] sctp: failed to load transform for md5: -4 [ 306.180108][ T6025] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 306.913335][ T6025] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 306.922147][ T6025] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 307.190930][ T5980] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 307.219108][ T5980] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 307.689711][ T60] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 307.785162][ T7889] netlink: 20 bytes leftover after parsing attributes in process `syz.1.583'. [ 307.799413][ T60] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 310.966242][ T7918] netlink: 16 bytes leftover after parsing attributes in process `syz.5.589'. [ 311.720941][ T7922] delete_channel: no stack [ 312.561371][ T7933] mmap: syz.0.596 (7933) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 312.573644][ T7934] tap0: tun_chr_ioctl cmd 2147767520 [ 317.519534][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.716040][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.826754][ T7998] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 317.853674][ T7998] CIFS mount error: No usable UNC path provided in device string! [ 317.853674][ T7998] [ 317.864198][ T7998] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 318.104157][ T7994] block device autoloading is deprecated and will be removed. [ 319.331256][ T5946] usb 5-1: new full-speed USB device number 4 using dummy_hcd [ 319.387897][ T24] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 319.577112][ T24] usb 4-1: Using ep0 maxpacket: 16 [ 319.588500][ T5946] usb 5-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 319.702010][ T24] usb 4-1: config 0 has no interfaces? [ 319.712532][ T5946] usb 5-1: config 0 interface 0 has no altsetting 0 [ 319.770666][ T24] usb 4-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 319.834249][ T5946] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 319.843982][ T24] usb 4-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 319.885350][ T24] usb 4-1: Product: syz [ 319.889897][ T5946] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 319.898942][ T24] usb 4-1: SerialNumber: syz [ 319.917056][ T5946] usb 5-1: Product: syz [ 319.940456][ T5946] usb 5-1: Manufacturer: syz [ 320.001789][ T5946] usb 5-1: SerialNumber: syz [ 320.018813][ T24] usb 4-1: config 0 descriptor?? [ 320.079118][ T5946] usb 5-1: config 0 descriptor?? [ 320.111726][ T5946] usb 5-1: selecting invalid altsetting 0 [ 320.794666][ T8030] netlink: 208 bytes leftover after parsing attributes in process `syz.5.628'. [ 321.635942][ T5973] usb 5-1: USB disconnect, device number 4 [ 322.814329][ T5946] usb 4-1: USB disconnect, device number 3 [ 323.205132][ T8055] netlink: 16 bytes leftover after parsing attributes in process `syz.1.632'. [ 323.993678][ T8049] xt_NFQUEUE: number of total queues is 0 [ 325.085891][ T8069] netlink: 20 bytes leftover after parsing attributes in process `syz.4.637'. [ 326.174613][ T8090] overlayfs: overlapping lowerdir path [ 329.729668][ T8127] netlink: 16 bytes leftover after parsing attributes in process `syz.5.656'. [ 331.322039][ T8137] netlink: 20 bytes leftover after parsing attributes in process `syz.4.657'. [ 339.398702][ T9] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 339.561319][ T9] usb 4-1: Using ep0 maxpacket: 16 [ 339.778267][ T9] usb 4-1: config 0 has no interfaces? [ 339.790109][ T9] usb 4-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 339.809062][ T9] usb 4-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 339.820100][ T9] usb 4-1: Product: syz [ 339.824517][ T9] usb 4-1: SerialNumber: syz [ 341.037714][ T8265] netlink: 16 bytes leftover after parsing attributes in process `syz.0.685'. [ 341.067686][ T9] usb 4-1: config 0 descriptor?? [ 342.951066][ T5946] usb 4-1: USB disconnect, device number 4 [ 343.084571][ T8283] netlink: 16 bytes leftover after parsing attributes in process `syz.0.689'. [ 343.757392][ T8289] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 347.390435][ T8316] netlink: 20 bytes leftover after parsing attributes in process `syz.0.698'. [ 349.291641][ T8330] netlink: 16 bytes leftover after parsing attributes in process `syz.5.703'. [ 349.985177][ T8336] loop1: detected capacity change from 0 to 1024 [ 350.022736][ T9] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 350.083802][ T8336] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 350.131221][ T8336] ext4 filesystem being mounted at /165/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 350.214731][ T8336] EXT4-fs error (device loop1): ext4_map_blocks:814: inode #15: block 3: comm syz.1.706: lblock 3 mapped to illegal pblock 3 (length 13) [ 350.231697][ T9] usb 1-1: Using ep0 maxpacket: 16 [ 350.243935][ T9] usb 1-1: config 0 has no interfaces? [ 350.263047][ T8336] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 13 with error 117 [ 350.279845][ T9] usb 1-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 350.286017][ T8336] EXT4-fs (loop1): This should not happen!! Data will be lost [ 350.286017][ T8336] [ 350.302755][ T9] usb 1-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 350.310904][ T9] usb 1-1: Product: syz [ 350.337905][ T9] usb 1-1: SerialNumber: syz [ 350.339345][ T8344] EXT4-fs error (device loop1): ext4_map_blocks:778: inode #15: block 3: comm syz.1.706: lblock 3 mapped to illegal pblock 3 (length 1) [ 350.381146][ T9] usb 1-1: config 0 descriptor?? [ 350.405827][ T8344] EXT4-fs error (device loop1): ext4_map_blocks:778: inode #15: block 3: comm syz.1.706: lblock 3 mapped to illegal pblock 3 (length 1) [ 350.447023][ T8335] EXT4-fs error (device loop1): ext4_map_blocks:778: inode #15: block 3: comm syz.1.706: lblock 3 mapped to illegal pblock 3 (length 1) [ 350.486933][ T8344] EXT4-fs error (device loop1): ext4_map_blocks:778: inode #15: block 3: comm syz.1.706: lblock 3 mapped to illegal pblock 3 (length 1) [ 350.576586][ T8335] EXT4-fs error (device loop1): ext4_map_blocks:778: inode #15: block 3: comm syz.1.706: lblock 3 mapped to illegal pblock 3 (length 1) [ 350.677396][ T30] kauditd_printk_skb: 8 callbacks suppressed [ 350.677429][ T30] audit: type=1326 audit(1752635507.491:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8346 comm="syz.3.709" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa00338e929 code=0x0 [ 350.705372][ C0] vkms_vblank_simulate: vblank timer overrun [ 350.783176][ T9] usb 1-1: USB disconnect, device number 4 [ 350.800584][ T8344] EXT4-fs error (device loop1): ext4_map_blocks:778: inode #15: block 3: comm syz.1.706: lblock 3 mapped to illegal pblock 3 (length 1) [ 351.031878][ T8335] EXT4-fs error (device loop1): ext4_map_blocks:778: inode #15: block 3: comm syz.1.706: lblock 3 mapped to illegal pblock 3 (length 1) [ 351.309294][ T8350] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 351.360935][ T8335] EXT4-fs error (device loop1): ext4_map_blocks:778: inode #15: block 3: comm syz.1.706: lblock 3 mapped to illegal pblock 3 (length 1) [ 351.563906][ T8344] EXT4-fs error (device loop1): ext4_map_blocks:778: inode #15: block 3: comm syz.1.706: lblock 3 mapped to illegal pblock 3 (length 1) [ 352.119672][ T5847] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 352.715923][ T8368] loop6: detected capacity change from 0 to 7 [ 352.736064][ T8368] Dev loop6: unable to read RDB block 7 [ 352.742471][ T8368] loop6: AHDI p1 p2 p3 [ 352.746779][ T8368] loop6: partition table partially beyond EOD, truncated [ 352.755393][ T8368] loop6: p1 start 1601398130 is beyond EOD, truncated [ 352.762419][ T8368] loop6: p2 start 1702059890 is beyond EOD, truncated [ 354.019874][ T8377] netlink: 16 bytes leftover after parsing attributes in process `syz.1.718'. [ 354.993320][ T92] IPVS: starting estimator thread 0... [ 355.209299][ T8386] IPVS: using max 23 ests per chain, 55200 per kthread [ 355.389838][ T30] audit: type=1326 audit(1752635512.043:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8380 comm="syz.1.720" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd88898e929 code=0x0 [ 355.607161][ T8396] loop5: detected capacity change from 0 to 1024 [ 355.765587][ T8396] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 355.805034][ T8396] ext4 filesystem being mounted at /34/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 355.910044][ T8396] EXT4-fs error (device loop5): ext4_map_blocks:814: inode #15: block 3: comm syz.5.725: lblock 3 mapped to illegal pblock 3 (length 13) [ 355.952512][ T8396] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 13 with error 117 [ 355.984494][ T8396] EXT4-fs (loop5): This should not happen!! Data will be lost [ 355.984494][ T8396] [ 356.121829][ T8405] EXT4-fs error (device loop5): ext4_map_blocks:778: inode #15: block 3: comm syz.5.725: lblock 3 mapped to illegal pblock 3 (length 1) [ 356.445447][ T8395] EXT4-fs error (device loop5): ext4_map_blocks:778: inode #15: block 3: comm syz.5.725: lblock 3 mapped to illegal pblock 3 (length 1) [ 356.663340][ T8395] EXT4-fs error (device loop5): ext4_map_blocks:778: inode #15: block 3: comm syz.5.725: lblock 3 mapped to illegal pblock 3 (length 1) [ 356.751783][ T8414] loop6: detected capacity change from 0 to 7 [ 357.352041][ T8414] Dev loop6: unable to read RDB block 7 [ 357.357651][ T8414] loop6: AHDI p1 p2 p3 [ 357.361880][ T8414] loop6: partition table partially beyond EOD, truncated [ 357.370062][ T8414] loop6: p1 start 1601398130 is beyond EOD, truncated [ 357.376919][ T8414] loop6: p2 start 1702059890 is beyond EOD, truncated [ 357.383913][ T8405] EXT4-fs error (device loop5): ext4_map_blocks:778: inode #15: block 3: comm syz.5.725: lblock 3 mapped to illegal pblock 3 (length 1) [ 357.689830][ T8395] EXT4-fs error (device loop5): ext4_map_blocks:778: inode #15: block 3: comm syz.5.725: lblock 3 mapped to illegal pblock 3 (length 1) [ 357.891616][ T8405] EXT4-fs error (device loop5): ext4_map_blocks:778: inode #15: block 3: comm syz.5.725: lblock 3 mapped to illegal pblock 3 (length 1) [ 358.347834][ T8405] EXT4-fs error (device loop5): ext4_map_blocks:778: inode #15: block 3: comm syz.5.725: lblock 3 mapped to illegal pblock 3 (length 1) [ 358.373262][ T8405] EXT4-fs error (device loop5): ext4_map_blocks:778: inode #15: block 3: comm syz.5.725: lblock 3 mapped to illegal pblock 3 (length 1) [ 358.415709][ T8405] EXT4-fs error (device loop5): ext4_map_blocks:778: inode #15: block 3: comm syz.5.725: lblock 3 mapped to illegal pblock 3 (length 1) [ 360.559466][ T7469] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 361.437440][ T8465] loop6: detected capacity change from 0 to 7 [ 362.043349][ T8465] Dev loop6: unable to read RDB block 7 [ 362.043386][ T8465] loop6: AHDI p1 p2 p3 [ 362.043417][ T8465] loop6: partition table partially beyond EOD, truncated [ 362.043621][ T8465] loop6: p1 start 1601398130 is beyond EOD, truncated [ 362.043644][ T8465] loop6: p2 start 1702059890 is beyond EOD, truncated [ 365.973886][ T8499] netlink: 16 bytes leftover after parsing attributes in process `syz.3.751'. [ 369.352197][ T8543] netlink: 16 bytes leftover after parsing attributes in process `syz.0.762'. [ 369.957513][ T8541] netlink: 20 bytes leftover after parsing attributes in process `syz.5.764'. [ 370.575609][ T8540] tipc: Started in network mode [ 370.591966][ T8540] tipc: Node identity ce427054d9e8, cluster identity 4711 [ 370.600344][ T8540] tipc: Enabled bearer , priority 0 [ 370.638673][ T8540] tipc: Resetting bearer [ 371.062795][ T8539] tipc: Disabling bearer [ 373.504961][ T8591] netlink: 20 bytes leftover after parsing attributes in process `syz.0.781'. [ 374.288438][ T8600] netlink: 4 bytes leftover after parsing attributes in process `syz.1.784'. [ 375.730359][ T8600] team0 (unregistering): Port device team_slave_0 removed [ 375.764333][ T8600] team0 (unregistering): Port device team_slave_1 removed [ 377.145889][ T8617] netlink: 28 bytes leftover after parsing attributes in process `syz.5.789'. [ 377.187118][ T8617] netlink: 28 bytes leftover after parsing attributes in process `syz.5.789'. [ 378.632734][ T8637] random: crng reseeded on system resumption [ 378.766010][ T8637] Restarting kernel threads ... [ 378.772879][ T8637] Done restarting kernel threads. [ 379.317597][ T8635] netlink: 20 bytes leftover after parsing attributes in process `syz.4.794'. [ 379.360932][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 379.418042][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 380.212600][ T8645] netlink: 16 bytes leftover after parsing attributes in process `syz.4.798'. [ 384.461364][ T8675] netlink: 16 bytes leftover after parsing attributes in process `syz.4.805'. [ 385.195663][ T8677] program syz.3.806 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 385.428663][ T8682] netlink: 20 bytes leftover after parsing attributes in process `syz.5.808'. [ 387.561684][ T8699] netlink: 12 bytes leftover after parsing attributes in process `syz.0.814'. [ 389.352926][ T8725] netlink: 20 bytes leftover after parsing attributes in process `syz.3.821'. [ 391.242720][ T5165] Bluetooth: hci5: command 0x0406 tx timeout [ 391.347167][ T8741] loop6: detected capacity change from 0 to 7 [ 391.355947][ T8741] Dev loop6: unable to read RDB block 7 [ 391.361710][ T8741] loop6: AHDI p1 p2 p3 [ 391.365960][ T8741] loop6: partition table partially beyond EOD, truncated [ 391.373455][ T8741] loop6: p1 start 1601398130 is beyond EOD, truncated [ 391.380263][ T8741] loop6: p2 start 1702059890 is beyond EOD, truncated [ 396.544341][ T8796] netlink: 28 bytes leftover after parsing attributes in process `syz.4.843'. [ 396.845389][ T8802] loop6: detected capacity change from 0 to 7 [ 397.710765][ T8802] Dev loop6: unable to read RDB block 7 [ 397.716512][ T8802] loop6: AHDI p1 p2 p3 [ 397.722056][ T8802] loop6: partition table partially beyond EOD, truncated [ 397.729517][ T8802] loop6: p1 start 1601398130 is beyond EOD, truncated [ 397.736940][ T8802] loop6: p2 start 1702059890 is beyond EOD, truncated [ 405.404021][ C0] sched: DL replenish lagged too much [ 406.764180][ T8854] netlink: 12 bytes leftover after parsing attributes in process `syz.0.865'. [ 411.524283][ T8913] loop6: detected capacity change from 0 to 7 [ 411.563002][ T8913] Dev loop6: unable to read RDB block 7 [ 411.568752][ T8913] loop6: AHDI p1 p2 p3 [ 411.573110][ T8913] loop6: partition table partially beyond EOD, truncated [ 411.580491][ T8913] loop6: p1 start 1601398130 is beyond EOD, truncated [ 411.587558][ T8913] loop6: p2 start 1702059890 is beyond EOD, truncated [ 415.513372][ T8972] openvswitch: netlink: VXLAN extension message has 201 unknown bytes. [ 416.382557][ T8977] netlink: 16 bytes leftover after parsing attributes in process `syz.0.907'. [ 416.402676][ T8977] netlink: 16 bytes leftover after parsing attributes in process `syz.0.907'. [ 419.233620][ T9015] lo speed is unknown, defaulting to 1000 [ 419.240239][ T9015] lo speed is unknown, defaulting to 1000 [ 419.248947][ T9015] lo speed is unknown, defaulting to 1000 [ 419.262317][ T9015] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 419.280432][ T9015] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 419.320138][ T9015] lo speed is unknown, defaulting to 1000 [ 419.328724][ T9015] lo speed is unknown, defaulting to 1000 [ 419.336554][ T9015] lo speed is unknown, defaulting to 1000 [ 419.344879][ T9015] lo speed is unknown, defaulting to 1000 [ 419.352659][ T9015] lo speed is unknown, defaulting to 1000 [ 419.419475][ T9015] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7) [ 419.426379][ T9015] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 419.435696][ T9015] vhci_hcd vhci_hcd.0: Device attached [ 419.654015][ T9023] vhci_hcd: connection closed [ 419.657213][ T1109] vhci_hcd: stop threads [ 419.668247][ T1109] vhci_hcd: release socket [ 419.672710][ T1109] vhci_hcd: disconnect device [ 420.607429][ T9049] program syz.3.929 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 429.307807][ T9122] usb usb8: usbfs: process 9122 (syz.3.959) did not claim interface 0 before use [ 431.252879][ T9134] loop6: detected capacity change from 0 to 7 [ 431.559425][ T9134] Dev loop6: unable to read RDB block 7 [ 431.565709][ T9134] loop6: AHDI p1 p2 p3 [ 431.570394][ T9134] loop6: partition table partially beyond EOD, truncated [ 431.580284][ T9134] loop6: p1 start 1601398130 is beyond EOD, truncated [ 431.587276][ T9134] loop6: p2 start 1702059890 is beyond EOD, truncated [ 433.575292][ T9184] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 433.584577][ T9184] overlayfs: option "index=on" is useless in a non-upper mount, ignore [ 433.593980][ T9184] overlayfs: missing 'lowerdir' [ 434.702435][ T9193] program syz.1.982 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 437.735213][ T9236] program syz.5.998 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 437.839137][ T9232] loop6: detected capacity change from 0 to 7 [ 437.851116][ T9232] Dev loop6: unable to read RDB block 7 [ 437.856759][ T9232] loop6: AHDI p1 p2 p3 [ 437.861050][ T9232] loop6: partition table partially beyond EOD, truncated [ 437.868546][ T9232] loop6: p1 start 1601398130 is beyond EOD, truncated [ 437.875333][ T9232] loop6: p2 start 1702059890 is beyond EOD, truncated [ 438.037890][ T9238] netlink: 20 bytes leftover after parsing attributes in process `syz.1.996'. [ 438.557567][ T9241] warning: `syz.3.999' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 439.039966][ T9] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 439.349888][ T9] usb 5-1: Using ep0 maxpacket: 16 [ 439.368154][ T9] usb 5-1: config 0 has no interfaces? [ 439.378588][ T9] usb 5-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 439.393272][ T9] usb 5-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 439.402925][ T9255] syzkaller0: entered promiscuous mode [ 439.409030][ T9] usb 5-1: Product: syz [ 439.413113][ T9255] syzkaller0: entered allmulticast mode [ 439.413336][ T9] usb 5-1: SerialNumber: syz [ 439.483095][ T9265] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1008'. [ 440.013265][ T9] usb 5-1: config 0 descriptor?? [ 440.210959][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.217777][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.440501][ T1213] usb 5-1: USB disconnect, device number 5 [ 440.757187][ T9277] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1011'. [ 442.925519][ T24] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 442.975035][ T9303] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1019'. [ 443.645006][ T24] usb 1-1: Using ep0 maxpacket: 8 [ 443.653353][ T24] usb 1-1: config index 0 descriptor too short (expected 109, got 92) [ 443.681209][ T24] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 443.709370][ T24] usb 1-1: config 0 has no interfaces? [ 445.304453][ T44] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 445.474373][ T44] usb 5-1: Using ep0 maxpacket: 16 [ 445.486246][ T44] usb 5-1: config 0 has no interfaces? [ 445.493948][ T44] usb 5-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 445.505563][ T44] usb 5-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 445.513767][ T44] usb 5-1: Product: syz [ 445.519554][ T44] usb 5-1: SerialNumber: syz [ 445.528281][ T44] usb 5-1: config 0 descriptor?? [ 446.403620][ T92] usb 5-1: USB disconnect, device number 6 [ 446.916135][ T9290] netlink: 96 bytes leftover after parsing attributes in process `syz.0.1016'. [ 447.040832][ T24] usb 1-1: string descriptor 0 read error: -71 [ 447.059757][ T24] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 447.103424][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 447.156959][ T24] usb 1-1: config 0 descriptor?? [ 447.182733][ T24] usb 1-1: can't set config #0, error -71 [ 447.215316][ T24] usb 1-1: USB disconnect, device number 5 [ 447.430762][ T9340] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1025'. [ 447.942127][ T9345] overlay: ./file0 is not a directory [ 448.044580][ T92] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 448.224366][ T92] usb 1-1: Using ep0 maxpacket: 16 [ 448.241585][ T92] usb 1-1: config 0 has no interfaces? [ 448.258007][ T92] usb 1-1: New USB device found, idVendor=0d49, idProduct=7010, bcdDevice= c.90 [ 448.269713][ T92] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 448.279497][ T92] usb 1-1: Product: syz [ 448.286091][ T92] usb 1-1: Manufacturer: syz [ 448.291493][ T92] usb 1-1: SerialNumber: syz [ 448.309934][ T92] usb 1-1: config 0 descriptor?? [ 449.092654][ T92] usb 1-1: USB disconnect, device number 6 [ 450.381184][ T9376] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1041'. [ 451.029415][ T9384] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1044'. [ 451.545002][ T9381] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 452.951954][ T9397] sctp: [Deprecated]: syz.0.1050 (pid 9397) Use of int in max_burst socket option. [ 452.951954][ T9397] Use struct sctp_assoc_value instead [ 455.256716][ T9418] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1054'. [ 456.461926][ T9435] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1059'. [ 456.588928][ T9] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 456.919503][ T9] usb 1-1: Using ep0 maxpacket: 16 [ 456.926991][ T9] usb 1-1: config 0 has no interfaces? [ 456.935327][ T9] usb 1-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 457.224376][ T9] usb 1-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 457.233068][ T9] usb 1-1: Product: syz [ 457.263241][ T9] usb 1-1: SerialNumber: syz [ 457.286900][ T9] usb 1-1: config 0 descriptor?? [ 460.804278][ T24] usb 1-1: USB disconnect, device number 7 [ 464.161021][ T9487] loop6: detected capacity change from 0 to 7 [ 464.253037][ T9487] Dev loop6: unable to read RDB block 7 [ 464.259059][ T9487] loop6: AHDI p1 p2 p3 [ 464.263317][ T9487] loop6: partition table partially beyond EOD, truncated [ 464.270646][ T9487] loop6: p1 start 1601398130 is beyond EOD, truncated [ 464.277967][ T9487] loop6: p2 start 1702059890 is beyond EOD, truncated [ 468.094560][ T9522] loop6: detected capacity change from 0 to 7 [ 470.790903][ T9554] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1095'. [ 472.362483][ T9560] syz.1.1098 (9560) used greatest stack depth: 15992 bytes left [ 473.898092][ T9574] RDS: rds_bind could not find a transport for fe80::aa, load rds_tcp or rds_rdma? [ 478.888557][ T9640] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 478.913004][ T9640] sp0: Synchronizing with TNC [ 479.289992][ T9634] [U] è [ 479.757264][ T9653] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1132'. [ 483.444998][ T9687] netlink: 'syz.0.1145': attribute type 1 has an invalid length. [ 484.160650][ T9699] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 485.307115][ T9707] 9pnet: Limiting 'msize' to 1048576 as this is the maximum supported by transport fd [ 485.942118][ T9714] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1152'. [ 486.538896][ T9724] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1156'. [ 487.625145][ T9741] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 489.622471][ T9760] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1169'. [ 489.653699][ T9764] loop6: detected capacity change from 0 to 7 [ 489.677883][ T9764] Dev loop6: unable to read RDB block 7 [ 489.683763][ T9764] loop6: AHDI p1 p2 p3 [ 489.688959][ T9764] loop6: partition table partially beyond EOD, truncated [ 489.712740][ T9764] loop6: p1 start 1601398130 is beyond EOD, truncated [ 489.797154][ T9764] loop6: p2 start 1702059890 is beyond EOD, truncated [ 490.096761][ T9774] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1172'. [ 490.814798][ T9780] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 493.785546][ T9815] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1185'. [ 494.760827][ T9820] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1186'. [ 495.807335][ T9827] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 496.097821][ T9834] program syz.0.1192 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 497.285198][ T9847] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1197'. [ 498.913068][ T9864] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1202'. [ 501.995859][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 502.002239][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 502.146561][ T9878] program syz.3.1208 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 503.005023][ T9899] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1213'. [ 503.918860][ T9909] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1216'. [ 505.901451][ T9917] affs: No valid root block on device nullb0 [ 508.663106][ T9933] program syz.5.1224 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 510.990234][ T9966] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 513.376707][ T9987] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1240'. [ 517.124728][T10010] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 518.135868][T10018] bond0: entered promiscuous mode [ 518.144401][T10018] bond_slave_0: entered promiscuous mode [ 518.150442][T10018] bond_slave_1: entered promiscuous mode [ 518.174559][T10018] bond0: entered allmulticast mode [ 518.180118][T10018] bond_slave_0: entered allmulticast mode [ 518.234338][T10018] bond_slave_1: entered allmulticast mode [ 521.449346][T10056] loop6: detected capacity change from 0 to 7 [ 521.710635][T10056] Dev loop6: unable to read RDB block 7 [ 521.716648][T10056] loop6: AHDI p1 p2 p3 [ 521.720837][T10056] loop6: partition table partially beyond EOD, truncated [ 521.728360][T10056] loop6: p1 start 1601398130 is beyond EOD, truncated [ 521.735238][T10056] loop6: p2 start 1702059890 is beyond EOD, truncated [ 522.804264][ T5973] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 522.984413][ T5973] usb 2-1: Using ep0 maxpacket: 16 [ 522.998112][ T5973] usb 2-1: config 0 has no interfaces? [ 523.016227][ T5973] usb 2-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 523.172620][ T5973] usb 2-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 523.215732][ T5973] usb 2-1: Product: syz [ 523.219966][ T5973] usb 2-1: SerialNumber: syz [ 523.256644][ T5973] usb 2-1: config 0 descriptor?? [ 524.505884][ T24] usb 2-1: USB disconnect, device number 5 [ 525.262174][T10086] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1265'. [ 525.980854][T10100] netlink: 44 bytes leftover after parsing attributes in process `syz.5.1270'. [ 526.129238][T10109] program syz.1.1273 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 526.741966][T10127] netlink: 92 bytes leftover after parsing attributes in process `syz.0.1279'. [ 526.775960][T10130] comedi comedi1: aio_iiro_16: I/O port conflict (0x5,8) [ 527.014300][ T24] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 527.186920][ T24] usb 5-1: Using ep0 maxpacket: 16 [ 527.203283][ T24] usb 5-1: config 0 has no interfaces? [ 527.218607][ T24] usb 5-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 527.274230][ T24] usb 5-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 527.292674][ T24] usb 5-1: Product: syz [ 527.298998][ T24] usb 5-1: SerialNumber: syz [ 527.317183][ T24] usb 5-1: config 0 descriptor?? [ 528.251573][T10147] program syz.3.1287 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 528.313305][ T5973] usb 5-1: USB disconnect, device number 7 [ 530.355653][T10168] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 531.322243][T10177] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1296'. [ 531.731501][T10183] program syz.1.1299 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 532.712597][T10204] loop6: detected capacity change from 0 to 7 [ 532.720513][T10204] Dev loop6: unable to read RDB block 7 [ 532.728863][T10204] loop6: AHDI p1 p2 p3 [ 532.735217][T10204] loop6: partition table partially beyond EOD, truncated [ 532.751890][T10204] loop6: p1 start 1601398130 is beyond EOD, truncated [ 532.800882][T10204] loop6: p2 start 1702059890 is beyond EOD, truncated [ 534.576832][T10218] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1309'. [ 534.780867][T10224] program syz.0.1312 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 537.535530][T10258] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1323'. [ 537.684240][ T5973] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 537.971419][ T5973] usb 2-1: Using ep0 maxpacket: 16 [ 537.996531][ T5973] usb 2-1: config 0 has no interfaces? [ 538.011465][ T5973] usb 2-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 538.024244][ T5973] usb 2-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 538.042677][ T5973] usb 2-1: Product: syz [ 538.048596][ T5973] usb 2-1: SerialNumber: syz [ 538.104276][ T5973] usb 2-1: config 0 descriptor?? [ 538.906794][ T5946] usb 2-1: USB disconnect, device number 6 [ 539.003126][T10285] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1333'. [ 540.226602][T10295] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1337'. [ 541.985309][T10314] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1344'. [ 545.571215][T10361] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1359'. [ 545.749482][T10359] team0: Port device team_slave_0 removed [ 546.393332][T10367] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1361'. [ 547.075357][T10368] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 549.808266][T10394] fuse: Invalid rootmode [ 551.663666][T10409] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1377'. [ 551.987509][T10411] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1374'. [ 555.843634][T10441] program syz.1.1385 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 556.764993][T10450] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1389'. [ 558.517231][T10471] netlink: 60 bytes leftover after parsing attributes in process `syz.5.1397'. [ 561.087404][T10488] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1402'. [ 561.281428][T10496] program syz.3.1405 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 561.806485][T10514] netlink: 'syz.3.1413': attribute type 3 has an invalid length. [ 561.824280][T10514] netlink: 84 bytes leftover after parsing attributes in process `syz.3.1413'. [ 563.095073][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.109810][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 567.650325][T10560] netlink: 'syz.5.1429': attribute type 1 has an invalid length. [ 574.066081][T10600] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1440'. [ 574.166163][T10620] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1444'. [ 574.647745][T10631] 9pnet: Limiting 'msize' to 1048576 as this is the maximum supported by transport fd [ 575.308381][T10637] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1454'. [ 577.436445][T10650] loop6: detected capacity change from 0 to 7 [ 577.478975][T10555] Dev loop6: unable to read RDB block 7 [ 577.508864][T10555] loop6: AHDI p1 p2 p3 [ 577.513476][T10555] loop6: partition table partially beyond EOD, truncated [ 577.827087][T10555] loop6: p1 start 1601398130 is beyond EOD, truncated [ 577.834866][T10555] loop6: p2 start 1702059890 is beyond EOD, truncated [ 578.530627][T10650] Dev loop6: unable to read RDB block 7 [ 578.747952][T10650] loop6: AHDI p1 p2 p3 [ 578.752306][T10650] loop6: partition table partially beyond EOD, truncated [ 578.793366][T10650] loop6: p1 start 1601398130 is beyond EOD, truncated [ 579.653613][T10665] affs: No valid root block on device nullb0 [ 580.254261][T10650] loop6: p2 start 1702059890 is beyond EOD, truncated [ 582.075915][T10680] 9pnet: Limiting 'msize' to 1048576 as this is the maximum supported by transport fd [ 582.402896][T10670] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1464'. [ 582.423075][T10682] netlink: 'syz.5.1468': attribute type 3 has an invalid length. [ 582.460545][T10682] netlink: 76 bytes leftover after parsing attributes in process `syz.5.1468'. [ 583.567666][T10686] xt_CT: No such helper "snmp_trap" [ 584.389437][ T5840] IPVS: starting estimator thread 0... [ 584.495642][T10701] IPVS: using max 24 ests per chain, 57600 per kthread [ 586.685236][T10724] netlink: 92 bytes leftover after parsing attributes in process `syz.5.1479'. [ 587.148835][T10740] program syz.5.1485 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 589.087819][T10765] netlink: 92 bytes leftover after parsing attributes in process `syz.3.1495'. [ 589.705182][T10773] program syz.3.1498 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 589.705590][T10770] loop6: detected capacity change from 0 to 7 [ 590.300574][T10555] Dev loop6: unable to read RDB block 7 [ 590.464581][T10555] loop6: AHDI p1 p2 p3 [ 590.468941][T10555] loop6: partition table partially beyond EOD, truncated [ 590.507839][T10555] loop6: p1 start 1601398130 is beyond EOD, truncated [ 590.533627][T10555] loop6: p2 start 1702059890 is beyond EOD, truncated [ 591.791025][T10785] 9pnet: Limiting 'msize' to 1048576 as this is the maximum supported by transport fd [ 592.230505][T10793] netlink: 92 bytes leftover after parsing attributes in process `syz.3.1506'. [ 593.035344][T10804] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1509'. [ 593.788883][ T5946] IPVS: starting estimator thread 0... [ 594.409399][T10821] IPVS: using max 25 ests per chain, 60000 per kthread [ 595.122560][T10829] 9pnet: Limiting 'msize' to 1048576 as this is the maximum supported by transport fd [ 595.162499][T10833] netlink: 92 bytes leftover after parsing attributes in process `syz.4.1518'. [ 599.005619][T10870] netlink: 92 bytes leftover after parsing attributes in process `syz.5.1530'. [ 599.304404][ T1213] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 599.605210][ T1213] usb 5-1: Using ep0 maxpacket: 32 [ 599.704659][ T1213] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 104, changing to 10 [ 599.763900][ T1213] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 25701, setting to 1024 [ 599.875609][ T1213] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 599.887030][ T1213] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 600.064867][ T1213] usb 5-1: config 0 descriptor?? [ 600.072363][T10872] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 600.731873][ T1213] hub 5-1:0.0: USB hub found [ 600.734413][ T9] IPVS: starting estimator thread 0... [ 600.779675][ T1213] hub 5-1:0.0: 1 port detected [ 600.926889][T10890] IPVS: using max 29 ests per chain, 69600 per kthread [ 601.846355][ T5946] usb 5-1: USB disconnect, device number 8 [ 601.856797][ T1213] hub 5-1:0.0: hub_ext_port_status failed (err = -71) [ 602.158856][T10908] sg_write: data in/out 524252/17 bytes for SCSI command 0x1-- guessing data in; [ 602.158856][T10908] program syz.0.1543 not setting count and/or reply_len properly [ 616.337713][T11022] loop6: detected capacity change from 0 to 7 [ 616.385782][T11022] Dev loop6: unable to read RDB block 7 [ 616.391668][T11022] loop6: AHDI p1 p2 p3 [ 616.398931][T11022] loop6: partition table partially beyond EOD, truncated [ 616.406778][T11022] loop6: p1 start 1601398130 is beyond EOD, truncated [ 616.416656][T11022] loop6: p2 start 1702059890 is beyond EOD, truncated [ 618.644657][T11044] misc userio: The device must be registered before sending interrupts [ 619.219515][T11052] misc userio: The device must be registered before sending interrupts [ 620.998886][T11065] netlink: 'syz.1.1595': attribute type 1 has an invalid length. [ 621.006924][T11065] netlink: 'syz.1.1595': attribute type 2 has an invalid length. [ 621.020419][T11065] vxfs: WRONG superblock magic 00000000 at 1 [ 621.027140][T11065] vxfs: WRONG superblock magic 00000000 at 8 [ 621.033138][T11065] vxfs: can't find superblock. [ 621.635922][T11058] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1593'. [ 625.082091][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 625.088574][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 627.279464][T11123] netlink: 'syz.5.1612': attribute type 10 has an invalid length. [ 627.288664][T11123] netlink: 40 bytes leftover after parsing attributes in process `syz.5.1612'. [ 627.300975][T11123] team0: entered promiscuous mode [ 627.308246][T11123] team_slave_0: entered promiscuous mode [ 627.324150][T11123] team_slave_1: entered promiscuous mode [ 627.334698][T11123] team0: entered allmulticast mode [ 627.340292][T11123] team_slave_0: entered allmulticast mode [ 627.347287][T11123] team_slave_1: entered allmulticast mode [ 627.364402][T11123] bridge0: port 3(team0) entered blocking state [ 627.375146][T11123] bridge0: port 3(team0) entered disabled state [ 627.419561][T11123] bridge0: port 3(team0) entered blocking state [ 627.426700][T11123] bridge0: port 3(team0) entered forwarding state [ 627.901354][T11127] netlink: 84 bytes leftover after parsing attributes in process `syz.3.1613'. [ 629.249174][T11138] 9pnet: Limiting 'msize' to 1048576 as this is the maximum supported by transport fd [ 633.480005][T11178] 9pnet: Limiting 'msize' to 1048576 as this is the maximum supported by transport fd [ 636.717546][T11205] mkiss: ax0: crc mode is auto. [ 640.430551][T11236] netlink: 128 bytes leftover after parsing attributes in process `syz.1.1646'. [ 644.818034][T11272] random: crng reseeded on system resumption [ 646.157936][T11285] netlink: 128 bytes leftover after parsing attributes in process `syz.1.1659'. [ 646.611338][T11288] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 647.084583][T11297] netlink: 'syz.4.1663': attribute type 11 has an invalid length. [ 650.287884][T11320] netlink: 128 bytes leftover after parsing attributes in process `syz.0.1671'. [ 650.371585][T11322] netlink: 172 bytes leftover after parsing attributes in process `syz.4.1670'. [ 650.380916][T11322] openvswitch: netlink: Message has 7 unknown bytes. [ 652.026935][T11344] 9pnet_fd: Insufficient options for proto=fd [ 653.160437][T11350] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 653.955616][T11361] netlink: 'syz.4.1681': attribute type 11 has an invalid length. [ 655.090679][T11359] syz.3.1684: vmalloc error: size 6291456, failed to allocated page array size 12288, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 655.133692][T11359] CPU: 1 UID: 0 PID: 11359 Comm: syz.3.1684 Not tainted 6.16.0-rc6-next-20250714-syzkaller #0 PREEMPT(full) [ 655.133717][T11359] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 655.133731][T11359] Call Trace: [ 655.133738][T11359] [ 655.133748][T11359] dump_stack_lvl+0x189/0x250 [ 655.133779][T11359] ? __pfx_dump_stack_lvl+0x10/0x10 [ 655.133797][T11359] ? __pfx__printk+0x10/0x10 [ 655.133819][T11359] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 655.133839][T11359] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 655.133858][T11359] ? cpuset_print_current_mems_allowed+0x2ee/0x360 [ 655.133878][T11359] warn_alloc+0x214/0x310 [ 655.133905][T11359] ? __pfx_warn_alloc+0x10/0x10 [ 655.133933][T11359] ? __get_vm_area_node+0x28f/0x300 [ 655.133953][T11359] ? bpf_uprobe_multi_link_attach+0x585/0xf10 [ 655.133979][T11359] __vmalloc_node_range_noprof+0x67e/0x12f0 [ 655.134018][T11359] ? alloc_pages_mpol+0x3cd/0x4a0 [ 655.134051][T11359] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 655.134084][T11359] ? rcu_is_watching+0x15/0xb0 [ 655.134107][T11359] ? bpf_uprobe_multi_link_attach+0x585/0xf10 [ 655.134134][T11359] ? bpf_uprobe_multi_link_attach+0x585/0xf10 [ 655.134159][T11359] __kvmalloc_node_noprof+0x3b8/0x5f0 [ 655.134186][T11359] ? bpf_uprobe_multi_link_attach+0x585/0xf10 [ 655.134214][T11359] ? bpf_uprobe_multi_link_attach+0x566/0xf10 [ 655.134247][T11359] bpf_uprobe_multi_link_attach+0x585/0xf10 [ 655.134288][T11359] ? __pfx_bpf_uprobe_multi_link_attach+0x10/0x10 [ 655.134314][T11359] ? __fget_files+0x2a/0x420 [ 655.134346][T11359] ? __fget_files+0x2a/0x420 [ 655.134374][T11359] ? __fget_files+0x2a/0x420 [ 655.134405][T11359] ? bpf_prog_attach_check_attach_type+0x453/0x540 [ 655.134432][T11359] link_create+0x70a/0x8a0 [ 655.134482][T11359] __sys_bpf+0x6dc/0x870 [ 655.134515][T11359] ? __pfx___sys_bpf+0x10/0x10 [ 655.134560][T11359] ? __pfx___se_sys_futex+0x10/0x10 [ 655.134587][T11359] ? rcu_is_watching+0x15/0xb0 [ 655.134618][T11359] __x64_sys_bpf+0x7c/0x90 [ 655.134644][T11359] do_syscall_64+0xfa/0x3b0 [ 655.134671][T11359] ? lockdep_hardirqs_on+0x9c/0x150 [ 655.134698][T11359] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 655.134719][T11359] ? clear_bhb_loop+0x60/0xb0 [ 655.134748][T11362] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 655.134744][T11359] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 655.134771][T11359] RIP: 0033:0x7fa00338e929 [ 655.134794][T11359] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 655.134809][T11359] RSP: 002b:00007fa00414d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 655.134831][T11359] RAX: ffffffffffffffda RBX: 00007fa0035b5fa0 RCX: 00007fa00338e929 [ 655.134849][T11359] RDX: 0000000000000040 RSI: 00002000000005c0 RDI: 000000000000001c [ 655.134863][T11359] RBP: 00007fa003410b39 R08: 0000000000000000 R09: 0000000000000000 [ 655.134878][T11359] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 655.134891][T11359] R13: 0000000000000000 R14: 00007fa0035b5fa0 R15: 00007ffceca8ced8 [ 655.134931][T11359] [ 655.311918][T11364] netlink: 92 bytes leftover after parsing attributes in process `syz.5.1685'. [ 655.650086][T11359] Mem-Info: [ 655.653259][T11359] active_anon:10692 inactive_anon:0 isolated_anon:0 [ 655.653259][T11359] active_file:3255 inactive_file:40061 isolated_file:0 [ 655.653259][T11359] unevictable:768 dirty:243 writeback:0 [ 655.653259][T11359] slab_reclaimable:10708 slab_unreclaimable:96654 [ 655.653259][T11359] mapped:32387 shmem:7712 pagetables:1064 [ 655.653259][T11359] sec_pagetables:0 bounce:0 [ 655.653259][T11359] kernel_misc_reclaimable:0 [ 655.653259][T11359] free:1326639 free_pcp:10612 free_cma:0 [ 655.757037][ T30] audit: type=1326 audit(1752635813.626:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11365 comm="syz.4.1686" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8933b8e929 code=0x0 [ 656.512454][T11359] Node 0 active_anon:30840kB inactive_anon:0kB active_file:13020kB inactive_file:160044kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:118064kB dirty:980kB writeback:0kB shmem:17912kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:11256kB pagetables:3892kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 656.576142][T11359] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:124kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 656.910591][T11359] Node 0 DMA free:15344kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 657.582181][T11359] lowmem_reserve[]: 0 2498 2499 2499 2499 [ 657.605699][T11359] Node 0 DMA32 free:1406276kB boost:0kB min:34248kB low:42808kB high:51368kB reserved_highatomic:0KB free_highatomic:0KB active_anon:30984kB inactive_anon:0kB active_file:13020kB inactive_file:158484kB unevictable:1536kB writepending:976kB present:3129332kB managed:2558024kB mlocked:0kB bounce:0kB free_pcp:28184kB local_pcp:12480kB free_cma:0kB [ 658.438511][T11359] lowmem_reserve[]: 0 0 1 1 1 [ 658.443425][T11359] Node 0 Normal free:24kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB free_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:1560kB unevictable:0kB writepending:0kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:16kB local_pcp:8kB free_cma:0kB [ 659.093976][T11359] lowmem_reserve[]: 0 0 0 0 0 [ 659.103384][T11359] Node 1 Normal free:3898340kB boost:0kB min:55632kB low:69540kB high:83448kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:13496kB local_pcp:9608kB free_cma:0kB [ 659.353210][T11391] 9pnet: Limiting 'msize' to 1048576 as this is the maximum supported by transport fd [ 659.647401][T11359] lowmem_reserve[]: 0 0 0 0 0 [ 659.655291][T11359] Node 0 DMA: 0*4kB 0*8kB 1*16kB (U) 1*32kB (U) 1*64kB (U) 1*128kB (U) 1*256kB (U) 1*512kB (U) 0*1024kB 1*2048kB (M) 3*4096kB (M) = 15344kB [ 659.703021][T11359] Node 0 DMA32: 488*4kB (U) 290*8kB (UE) 76*16kB (UE) 224*32kB (UME) 153*64kB (UME) 121*128kB (UM) 60*256kB (UM) 35*512kB (UME) 13*1024kB (UME) 4*2048kB (ME) 314*4096kB (UM) = 1378864kB [ 659.736643][T11359] Node 0 Normal: 0*4kB 1*8kB (M) 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 24kB [ 659.760408][T11359] Node 1 Normal: 191*4kB (UM) 49*8kB (UME) 40*16kB (UME) 173*32kB (UME) 63*64kB (UME) 17*128kB (UME) 5*256kB (UME) 5*512kB (UM) 4*1024kB (UME) 1*2048kB (E) 946*4096kB (M) = 3898340kB [ 659.946645][T11359] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 660.414301][T11359] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 660.423707][T11359] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 660.444189][T11359] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 660.489431][T11359] 49228 total pagecache pages [ 660.544198][T11359] 0 pages in swap cache [ 660.548867][T11359] Free swap = 124996kB [ 660.558880][T11359] Total swap = 124996kB [ 660.567710][T11359] 2097051 pages RAM [ 660.581239][T11359] 0 pages HighMem/MovableOnly [ 660.595534][T11359] 425503 pages reserved [ 660.662137][T11403] netlink: 'syz.5.1696': attribute type 11 has an invalid length. [ 662.472000][T11405] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 662.484756][T11359] 0 pages cma reserved [ 663.143543][T11415] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0. [ 664.005630][T11418] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 666.803775][T11436] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 670.743385][T11467] netlink: 68 bytes leftover after parsing attributes in process `syz.0.1718'. [ 670.799619][T11469] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1719'. [ 671.127716][T11475] syz.5.1720: attempt to access beyond end of device [ 671.127716][T11475] nbd5: rw=4096, sector=2, nr_sectors = 2 limit=0 [ 671.141772][T11475] EXT4-fs (nbd5): unable to read superblock [ 674.864365][T11510] netlink: 68 bytes leftover after parsing attributes in process `syz.5.1732'. [ 675.037327][T11511] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1733'. [ 675.338035][T11516] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1736'. [ 678.905294][T11561] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1751'. [ 685.170177][T11646] netlink: 92 bytes leftover after parsing attributes in process `syz.0.1777'. [ 685.244341][T11647] loop6: detected capacity change from 0 to 7 [ 685.335632][T11647] Dev loop6: unable to read RDB block 7 [ 685.341291][T11647] loop6: AHDI p1 p2 p3 [ 685.345675][T11647] loop6: partition table partially beyond EOD, truncated [ 685.352983][T11647] loop6: p1 start 1601398130 is beyond EOD, truncated [ 685.359919][T11647] loop6: p2 start 1702059890 is beyond EOD, truncated [ 685.630183][T11653] netlink: 'syz.1.1779': attribute type 11 has an invalid length. [ 685.957879][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 685.964904][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 699.784352][T11781] netlink: 68 bytes leftover after parsing attributes in process `syz.3.1821'. [ 701.532250][T11798] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1827'. [ 702.761996][T11809] netlink: 'syz.1.1829': attribute type 11 has an invalid length. [ 704.185030][T11824] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 704.640022][T11827] netlink: 40 bytes leftover after parsing attributes in process `syz.5.1834'. [ 705.988969][T11842] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1840'. [ 707.880548][T11863] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1847'. [ 710.745388][T11893] syz.3.1854: attempt to access beyond end of device [ 710.745388][T11893] nbd3: rw=4096, sector=2, nr_sectors = 2 limit=0 [ 710.759062][T11893] EXT4-fs (nbd3): unable to read superblock [ 714.834816][T11917] netlink: 40 bytes leftover after parsing attributes in process `syz.5.1863'. [ 716.912578][T11938] syz.5.1870: attempt to access beyond end of device [ 716.912578][T11938] nbd5: rw=4096, sector=2, nr_sectors = 2 limit=0 [ 716.926633][T11938] EXT4-fs (nbd5): unable to read superblock [ 720.158866][T11964] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1881'. [ 720.759891][T11982] syz.3.1885: attempt to access beyond end of device [ 720.759891][T11982] nbd3: rw=4096, sector=2, nr_sectors = 2 limit=0 [ 720.773661][T11982] EXT4-fs (nbd3): unable to read superblock [ 723.907991][T12011] xt_hashlimit: size too large, truncated to 1048576 [ 724.751516][T12018] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1896'. [ 725.059597][T12022] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1898'. [ 725.440483][T12031] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1900'. [ 727.605682][T12065] xt_hashlimit: size too large, truncated to 1048576 [ 728.875225][T12070] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1911'. [ 730.198973][T12081] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1913'. [ 732.335234][T12106] 9pnet: Limiting 'msize' to 1048576 as this is the maximum supported by transport fd [ 732.760815][T12113] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1923'. [ 733.286972][T12127] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1926'. [ 737.430037][T12149] netlink: 68 bytes leftover after parsing attributes in process `syz.4.1934'. [ 738.214674][T12157] 9pnet: Limiting 'msize' to 1048576 as this is the maximum supported by transport fd [ 738.679384][T12170] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1938'. [ 740.280093][T12184] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1942'. [ 743.328748][T12191] syz_tun: entered allmulticast mode [ 743.338897][T12190] syz_tun: left allmulticast mode [ 747.398023][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.407382][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 747.968237][T12254] netlink: 'syz.3.1960': attribute type 11 has an invalid length. [ 747.994881][T12252] delete_channel: no stack [ 750.010174][T12266] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 753.528484][T12298] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1974'. [ 756.392109][T12309] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1977'. [ 756.429402][T12308] xt_hashlimit: size too large, truncated to 1048576 [ 757.171138][T12314] netlink: 'syz.5.1975': attribute type 11 has an invalid length. [ 757.961857][T12323] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1979'. [ 759.958666][T12351] netlink: 40 bytes leftover after parsing attributes in process `syz.5.1987'. [ 760.144146][T12357] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1989'. [ 760.467982][T12358] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1991'. [ 762.299880][T12375] netlink: 'syz.0.1996': attribute type 11 has an invalid length. [ 765.639864][T12404] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2005'. [ 765.881591][T12407] netlink: 68 bytes leftover after parsing attributes in process `syz.0.2006'. [ 768.496269][T12424] xt_hashlimit: size too large, truncated to 1048576 [ 772.556937][T12454] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2019'. [ 774.837196][T12486] netlink: 68 bytes leftover after parsing attributes in process `syz.0.2027'. [ 777.560320][T12496] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2031'. [ 777.699603][T12499] 9pnet: Limiting 'msize' to 1048576 as this is the maximum supported by transport fd [ 779.247690][T12520] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2035'. [ 781.134321][ T5914] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 781.744496][ T5914] usb 4-1: Using ep0 maxpacket: 16 [ 781.791659][ T5914] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 781.857551][ T5914] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 781.979750][ T5914] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 782.073114][ T5914] usb 4-1: config 1 interface 2 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 782.261937][T12539] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2042'. [ 783.177017][ T5914] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 783.214086][ T5914] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 783.236719][ T5914] usb 4-1: Product: syz [ 783.240961][ T5914] usb 4-1: Manufacturer: syz [ 783.280140][ T5914] usb 4-1: SerialNumber: syz [ 783.579850][T12555] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2048'. [ 784.721902][ T5914] usb 4-1: USB disconnect, device number 5 [ 785.222132][T12562] udevd[12562]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 788.104838][T12603] vxcan1: entered allmulticast mode [ 795.553817][T12681] netlink: 120 bytes leftover after parsing attributes in process `syz.3.2084'. [ 795.601900][T12681] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2084'. [ 798.746937][T12704] [ 798.749345][T12704] ====================================================== [ 798.756387][T12704] WARNING: possible circular locking dependency detected [ 798.763466][T12704] 6.16.0-rc6-next-20250714-syzkaller #0 Not tainted [ 798.770079][T12704] ------------------------------------------------------ [ 798.777208][T12704] syz.5.2090/12704 is trying to acquire lock: [ 798.783285][T12704] ffff88807b141790 (&p->lock){+.+.}-{4:4}, at: seq_read_iter+0xb7/0xe10 [ 798.791749][T12704] [ 798.791749][T12704] but task is already holding lock: [ 798.799205][T12704] ffff888069521c68 (&pipe->mutex){+.+.}-{4:4}, at: splice_file_to_pipe+0x2e/0x440 [ 798.808462][T12704] [ 798.808462][T12704] which lock already depends on the new lock. [ 798.808462][T12704] [ 798.819054][T12704] [ 798.819054][T12704] the existing dependency chain (in reverse order) is: [ 798.828108][T12704] [ 798.828108][T12704] -> #3 (&pipe->mutex){+.+.}-{4:4}: [ 798.835602][T12704] lock_acquire+0x120/0x360 [ 798.840641][T12704] __mutex_lock+0x182/0xe80 [ 798.845695][T12704] anon_pipe_write+0x16a/0x1360 [ 798.851082][T12704] __kernel_write_iter+0x3ec/0x860 [ 798.856730][T12704] __kernel_write+0xef/0x150 [ 798.861859][T12704] autofs_notify_daemon+0x748/0xe50 [ 798.867597][T12704] autofs_wait+0x11dc/0x1870 [ 798.872731][T12704] autofs_mount_wait+0x16b/0x330 [ 798.878205][T12704] autofs_d_automount+0x393/0x720 [ 798.883762][T12704] __traverse_mounts+0x308/0x5b0 [ 798.889250][T12704] step_into+0x534/0xf30 [ 798.894064][T12704] path_lookupat+0x163/0x430 [ 798.899192][T12704] filename_lookup+0x212/0x570 [ 798.904573][T12704] kern_path+0x35/0x50 [ 798.909203][T12704] lookup_bdev+0xc0/0x280 [ 798.914066][T12704] resume_store+0x169/0x460 [ 798.919114][T12704] kernfs_fop_write_iter+0x375/0x4f0 [ 798.925026][T12704] vfs_write+0x548/0xa90 [ 798.929807][T12704] ksys_write+0x145/0x250 [ 798.934668][T12704] do_syscall_64+0xfa/0x3b0 [ 798.939709][T12704] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 798.946131][T12704] [ 798.946131][T12704] -> #2 (&sbi->pipe_mutex){+.+.}-{4:4}: [ 798.953879][T12704] lock_acquire+0x120/0x360 [ 798.958919][T12704] __mutex_lock+0x182/0xe80 [ 798.963959][T12704] autofs_notify_daemon+0x735/0xe50 [ 798.969900][T12704] autofs_wait+0x11dc/0x1870 [ 798.975120][T12704] autofs_mount_wait+0x16b/0x330 [ 798.980600][T12704] autofs_d_automount+0x393/0x720 [ 798.986162][T12704] __traverse_mounts+0x308/0x5b0 [ 798.991640][T12704] step_into+0x534/0xf30 [ 798.996421][T12704] path_lookupat+0x163/0x430 [ 799.001543][T12704] filename_lookup+0x212/0x570 [ 799.006836][T12704] kern_path+0x35/0x50 [ 799.011439][T12704] lookup_bdev+0xc0/0x280 [ 799.016329][T12704] resume_store+0x169/0x460 [ 799.021422][T12704] kernfs_fop_write_iter+0x375/0x4f0 [ 799.027241][T12704] vfs_write+0x548/0xa90 [ 799.032021][T12704] ksys_write+0x145/0x250 [ 799.036916][T12704] do_syscall_64+0xfa/0x3b0 [ 799.041962][T12704] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 799.048407][T12704] [ 799.048407][T12704] -> #1 (&of->mutex){+.+.}-{4:4}: [ 799.055758][T12704] lock_acquire+0x120/0x360 [ 799.060797][T12704] __mutex_lock+0x182/0xe80 [ 799.065837][T12704] kernfs_seq_start+0x55/0x3c0 [ 799.071137][T12704] seq_read_iter+0x3f2/0xe10 [ 799.076259][T12704] __io_read+0x6f9/0x14f0 [ 799.081128][T12704] io_read+0x1c/0x60 [ 799.085569][T12704] __io_issue_sqe+0x181/0x4b0 [ 799.090799][T12704] io_issue_sqe+0x165/0xfd0 [ 799.095843][T12704] io_submit_sqes+0xa13/0x1d10 [ 799.101144][T12704] __se_sys_io_uring_enter+0x2df/0x2b20 [ 799.107226][T12704] do_syscall_64+0xfa/0x3b0 [ 799.112267][T12704] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 799.118693][T12704] [ 799.118693][T12704] -> #0 (&p->lock){+.+.}-{4:4}: [ 799.125750][T12704] validate_chain+0xb9b/0x2140 [ 799.131056][T12704] __lock_acquire+0xab9/0xd20 [ 799.136270][T12704] lock_acquire+0x120/0x360 [ 799.141313][T12704] __mutex_lock+0x182/0xe80 [ 799.146351][T12704] seq_read_iter+0xb7/0xe10 [ 799.151475][T12704] copy_splice_read+0x54f/0x9b0 [ 799.156892][T12704] splice_file_to_pipe+0x273/0x440 [ 799.162541][T12704] do_sendfile+0x475/0x7e0 [ 799.167487][T12704] __se_sys_sendfile64+0x13e/0x190 [ 799.173139][T12704] do_syscall_64+0xfa/0x3b0 [ 799.178204][T12704] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 799.184656][T12704] [ 799.184656][T12704] other info that might help us debug this: [ 799.184656][T12704] [ 799.194898][T12704] Chain exists of: [ 799.194898][T12704] &p->lock --> &sbi->pipe_mutex --> &pipe->mutex [ 799.194898][T12704] [ 799.207284][T12704] Possible unsafe locking scenario: [ 799.207284][T12704] [ 799.214768][T12704] CPU0 CPU1 [ 799.220256][T12704] ---- ---- [ 799.225638][T12704] lock(&pipe->mutex); [ 799.229814][T12704] lock(&sbi->pipe_mutex); [ 799.236865][T12704] lock(&pipe->mutex); [ 799.243646][T12704] lock(&p->lock); [ 799.247497][T12704] [ 799.247497][T12704] *** DEADLOCK *** [ 799.247497][T12704] [ 799.255726][T12704] 1 lock held by syz.5.2090/12704: [ 799.260854][T12704] #0: ffff888069521c68 (&pipe->mutex){+.+.}-{4:4}, at: splice_file_to_pipe+0x2e/0x440 [ 799.270572][T12704] [ 799.270572][T12704] stack backtrace: [ 799.276472][T12704] CPU: 1 UID: 0 PID: 12704 Comm: syz.5.2090 Not tainted 6.16.0-rc6-next-20250714-syzkaller #0 PREEMPT(full) [ 799.276494][T12704] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 799.276506][T12704] Call Trace: [ 799.276516][T12704] [ 799.276524][T12704] dump_stack_lvl+0x189/0x250 [ 799.276548][T12704] ? __pfx_dump_stack_lvl+0x10/0x10 [ 799.276566][T12704] ? __pfx__printk+0x10/0x10 [ 799.276590][T12704] ? print_lock_name+0xde/0x100 [ 799.276613][T12704] print_circular_bug+0x2ee/0x310 [ 799.276635][T12704] check_noncircular+0x134/0x160 [ 799.276656][T12704] validate_chain+0xb9b/0x2140 [ 799.276674][T12704] ? __page_table_check_zero+0xba/0x530 [ 799.276699][T12704] ? post_alloc_hook+0x253/0x2a0 [ 799.276721][T12704] ? look_up_lock_class+0x74/0x170 [ 799.276743][T12704] ? register_lock_class+0x51/0x320 [ 799.276770][T12704] __lock_acquire+0xab9/0xd20 [ 799.276788][T12704] ? seq_read_iter+0xb7/0xe10 [ 799.276806][T12704] lock_acquire+0x120/0x360 [ 799.276819][T12704] ? seq_read_iter+0xb7/0xe10 [ 799.276843][T12704] __mutex_lock+0x182/0xe80 [ 799.276870][T12704] ? seq_read_iter+0xb7/0xe10 [ 799.276888][T12704] ? __pfx_get_page_from_freelist+0x10/0x10 [ 799.276916][T12704] ? seq_read_iter+0xb7/0xe10 [ 799.276932][T12704] ? rcu_is_watching+0x15/0xb0 [ 799.276950][T12704] ? __pfx___mutex_lock+0x10/0x10 [ 799.276972][T12704] ? __alloc_frozen_pages_noprof+0x1d6/0x370 [ 799.276998][T12704] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 799.277028][T12704] seq_read_iter+0xb7/0xe10 [ 799.277045][T12704] ? set_page_refcounted+0x76/0x160 [ 799.277068][T12704] ? alloc_pages_bulk_noprof+0x570/0x710 [ 799.277094][T12704] ? kernfs_fop_read_iter+0x13f/0x640 [ 799.277116][T12704] ? __asan_memset+0x22/0x50 [ 799.277134][T12704] copy_splice_read+0x54f/0x9b0 [ 799.277160][T12704] ? splice_file_to_pipe+0x2e/0x440 [ 799.277182][T12704] ? __pfx_copy_splice_read+0x10/0x10 [ 799.277212][T12704] ? __pfx_copy_splice_read+0x10/0x10 [ 799.277233][T12704] splice_file_to_pipe+0x273/0x440 [ 799.277257][T12704] do_sendfile+0x475/0x7e0 [ 799.277272][T12704] ? lockdep_hardirqs_on+0x9c/0x150 [ 799.277295][T12704] ? __pfx_do_sendfile+0x10/0x10 [ 799.277312][T12704] ? __se_sys_futex+0x36f/0x400 [ 799.277335][T12704] __se_sys_sendfile64+0x13e/0x190 [ 799.277361][T12704] ? __pfx___se_sys_sendfile64+0x10/0x10 [ 799.277386][T12704] ? __secure_computing+0xe2/0x2a0 [ 799.277405][T12704] do_syscall_64+0xfa/0x3b0 [ 799.277428][T12704] ? lockdep_hardirqs_on+0x9c/0x150 [ 799.277448][T12704] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 799.277464][T12704] ? clear_bhb_loop+0x60/0xb0 [ 799.277483][T12704] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 799.277499][T12704] RIP: 0033:0x7ff4fc98e929 [ 799.277514][T12704] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 799.277530][T12704] RSP: 002b:00007ff4fd843038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 799.277547][T12704] RAX: ffffffffffffffda RBX: 00007ff4fcbb6240 RCX: 00007ff4fc98e929 [ 799.277560][T12704] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 0000000000000000 [ 799.277569][T12704] RBP: 00007ff4fca10b39 R08: 0000000000000000 R09: 0000000000000000 [ 799.277580][T12704] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000000 [ 799.277590][T12704] R13: 0000000000000000 R14: 00007ff4fcbb6240 R15: 00007fffd96c5e18 [ 799.277608][T12704]