last executing test programs: 17m38.500010686s ago: executing program 1 (id=250): sendmsg$RDMA_NLDEV_CMD_STAT_GET(0xffffffffffffffff, 0x0, 0x4004800) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000002a80)={0x0, 0x0, &(0x7f0000000180), 0x0, 0x0, 0x0, 0x20008020}, 0x8880) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$pokeuser(0x6, r0, 0x378, 0x7fffffffefff) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) read$FUSE(0xffffffffffffffff, 0x0, 0x0) r2 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r2, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)="d80000001c0081044e81f782db44b904021d08020e0000008100e0a1180002000000000000000e1208000f0100810401a8001600200001400300000803600cfab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef075c11503c6bbace8017cb090000001fb791643a5ee4001b146218a07445d6d930dfe1d9d322fe7c9fd68775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e0060000000000000080bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd68adbef3d93452a00"/216, 0xd8}], 0x1, 0x0, 0x0, 0x7400}, 0x0) 17m35.651015647s ago: executing program 1 (id=254): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000380)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r3 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000300)={0x43, 0x3, 0x3, 0x3}, 0x10) 17m34.044877109s ago: executing program 1 (id=257): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000140)) ioctl$VHOST_SET_FEATURES(r1, 0x4008af00, &(0x7f0000000040)=0x200000000) r2 = dup2(r1, r1) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f00000001c0)={0x0, 0x1, 0x0, &(0x7f0000000300)=""/107, 0x0, 0xeeef0000}) ioctl$VHOST_VSOCK_SET_RUNNING(r2, 0x4004af61, &(0x7f0000000000)=0x6) read$FUSE(r2, &(0x7f00000016c0)={0x2020}, 0x2020) write$vhost_msg_v2(r2, &(0x7f0000000200)={0x2, 0x0, {&(0x7f0000000280)=""/128, 0x80, 0x0, 0x1, 0x2}}, 0x48) ioctl$FICLONE(r0, 0x40049409, r0) creat(&(0x7f0000000300)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x8c) unlink(&(0x7f0000000080)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') 17m32.316573147s ago: executing program 1 (id=264): setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, 0x0, 0x0) setsockopt$TIPC_DEST_DROPPABLE(0xffffffffffffffff, 0x10f, 0x81, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x380470a, &(0x7f0000000080)={[{@noinit_itable}, {@bsdgroups}, {@lazytime}, {@errors_remount}, {@jqfmt_vfsv1}, {@oldalloc}, {@usrquota}]}, 0x2, 0x47d, &(0x7f0000000a80)="$eJzs3MtvVNUfAPDvvdMBfrzaH+IDRK0SY+OjpQWVhRuNJi4wmugCdVXbQgiFGloTIUSqMbgxMSS6Vpcm/gXu3BjjysTEle4NCVE2oKuae+de6AwzfdBhpnY+n+TCOXPOzDnnnnvunHvPnQbQswazf5KI7RHxW0T016L1GQZr/12/en7i76vnJ5JYWHj9zyTPd+3q+Ykya/m+bUVkKI1IP06KQurNnj13cnx6eupMER+ZO/XuyOzZc0+dODV+fOr41Omxw4cPHRx99pmxp9vSzqxd1/Z+MLNvz8tvXnpl4uild3Z+m9V3e5G+uB23ZdOtLw1mDf9rIdeY9mj8b03FrTc7FoWTvi5WhFWpRETWXdV8/PdHJW52Xn+89FFXKwfcUdl30+bWyfMLwAaWRLdrAHRH+UWfXf+WW4emHuvCledrF0BZu68XWy2lL9IiT7Xh+radBiPi6Pw/X2ZbtOM+BADAMj6d+OJIPNls/pfGPYvy7SzWUAYi4v8RsSsi7oqI3RFxd0Se996IuG+V5TcuDd06/0kv31bDViib/z1XrG3Vz/+K2V81BipFbEfe/mpy7MT01IFinwxFdXMWH12ijO9f/OWzVmmL53/ZlpVfzgWLelzua7hBNzk+N55PStvgyocRe/uatT+5sRKQRMSeiNi7uo/eWQZOPP7NvlaZlm//EtqwzrTwdcRjtf6fj4b2l5Kl1ydHtsT01IGR8qi41U8/X3ytVflran8bZP2/tf74L1K+OlsEBt5evF47G6teubz4+yctr2lu9/jflLyRn4/KZdf3x+fmzoxGbEqO5PG618duvreMl/mz9g/tbz7+dxXvyfr//ojIDuIHIuLBiHioqPvDEfFIROxfov0/vtA6bT30/2TT89+N438gqev/1QcqJ3/4rlX5K+v/Q3loqHglP/8tY6UVXMu+AwAAgP+KNH8GPkmHb4TTdHi49gz/7tiaTs/Mzj1xbOa905O1Z+UHopqWd7r6F90PHU3mi0+sxceKe8Vl+sHivvHnlcjjwxMz05Ndbjv0um0txn/mj0q3awfccc3W0caa/KAN2Hgax39aH73waicrA3TKEr/9A3rBMs/RpZ2qB9B5/l4L9K5m4/9CQ9xaAGxMvv+hdxn/0LuMf+hdDeO/Er92qyZAB63ld/0C6yVQPqtZjYhOFRrp+mj7SgIr/3sQSwa2FLt5DZ/z1jrYGysLdPGkBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0Eb/BgAA//+EBOc+") chdir(&(0x7f0000000080)='./file0\x00') openat(0xffffffffffffff9c, 0x0, 0x183341, 0x0) creat(&(0x7f0000000580)='./bus\x00', 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r0 = open(&(0x7f0000000180)='./bus\x00', 0x14113e, 0x6ceac77f206eabb9) ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, 0x0) write$binfmt_script(r0, &(0x7f0000000080), 0x208e24b) openat(0xffffffffffffff9c, 0x0, 0x20000, 0x0) r1 = open(&(0x7f00000000c0)='.\x00', 0x101000, 0x190) getdents(r1, 0x0, 0x0) 17m28.106206226s ago: executing program 1 (id=271): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000300), 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$TIPC_NL_LINK_GET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x34, r1, 0x1, 0x70bd25, 0x25dfdbfe, {}, [@TIPC_NLA_MON={0x4}, @TIPC_NLA_LINK={0x1c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x4}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x14}, 0x40080) 17m27.355907479s ago: executing program 1 (id=276): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) close(r0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) close(r1) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a4c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc080003400000001408000c4000000e45400000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000014000380100000800c00018006000100d103000014000000110001"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40000c0) sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000340)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSETELEM={0x4c, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x20, 0x3, 0x0, 0x1, [{0x1c, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, '\x00\x00'}]}, @NFTA_SET_ELEM_TIMEOUT={0xc, 0x4, 0x1, 0x0, 0x7}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x74}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r3, &(0x7f0000000080)=ANY=[], 0x10448) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r3, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[], 0x70}, 0x1, 0x0, 0x0, 0x4451099e661a63b1}, 0x0) close(0x3) 17m24.824653383s ago: executing program 32 (id=276): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) close(r0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) close(r1) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a4c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc080003400000001408000c4000000e45400000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000014000380100000800c00018006000100d103000014000000110001"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40000c0) sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000340)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSETELEM={0x4c, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x20, 0x3, 0x0, 0x1, [{0x1c, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, '\x00\x00'}]}, @NFTA_SET_ELEM_TIMEOUT={0xc, 0x4, 0x1, 0x0, 0x7}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x74}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r3, &(0x7f0000000080)=ANY=[], 0x10448) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r3, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[], 0x70}, 0x1, 0x0, 0x0, 0x4451099e661a63b1}, 0x0) close(0x3) 9.356595806s ago: executing program 4 (id=2106): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x11, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) signalfd(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f000068c000/0xc000)=nil, &(0x7f0000817000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r1 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0xc1}) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x12, 0x3, 0x0, &(0x7f0000000240)='syzkaller\x00', 0x80000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="16"], 0x50) io_uring_enter(r1, 0x2219, 0x7721, 0x16, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) futex(&(0x7f000000cffc)=0x1, 0x6, 0x0, 0x0, 0x0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 7.05567698s ago: executing program 2 (id=2110): r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x2, 0x0) r1 = getpid() creat(0x0, 0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) open(0x0, 0x143142, 0x43) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) r3 = gettid() process_vm_writev(r3, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0) 7.019756811s ago: executing program 0 (id=2111): r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x2, 0x0) r1 = getpid() creat(0x0, 0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) open(0x0, 0x143142, 0x43) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) r3 = gettid() process_vm_writev(r3, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0) 6.689214051s ago: executing program 3 (id=2112): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) setsockopt$netlink_NETLINK_NO_ENOBUFS(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)=[{0x0, 0x1c}], 0x1}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) r3 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000001440)=ANY=[@ANYBLOB="1c0000005e0021a5553ff73042486134529f62054673877e37"], 0x1c}}, 0x0) recvmmsg$unix(r3, &(0x7f0000002380)=[{{0x0, 0x0, &(0x7f0000001340)=[{&(0x7f00000002c0)=""/4096, 0x1004}], 0x1}}], 0x8, 0x34000, 0x0) r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TCSETAW(r4, 0x5407, &(0x7f0000000040)={0x6, 0x7, 0x9, 0x0, 0x1, "100056f200"}) ioctl$TIOCMSET(r4, 0x5418, &(0x7f0000000000)=0x8001) openat$ttyS3(0xffffff9c, &(0x7f0000000140), 0x20040, 0x0) 6.685858951s ago: executing program 2 (id=2113): sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000a00)=ANY=[@ANYBLOB='@'], 0x40}], 0x1, 0x0, 0x0, 0x40065}, 0x0) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000740)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000ec0)=[@hoplimit={{0x14, 0x29, 0x34, 0x4}}, @dstopts_2292={{0x80, 0x29, 0x4, {0x4, 0xc, '\x00', [@calipso={0x7, 0x10, {0x1, 0x2, 0x9, 0x9f, [0x8]}}, @generic={0xfe, 0x2b, "f4a4a3142ee1e12b9826287997a6b33d89f3d60da1641d9fe3896c3c1b6c130ef4f01be8f5836d41787454"}, @generic={0x80, 0xf, "09e12e5f0b6bdcf72f2ec7008a15fa"}, @ra={0x5, 0x2, 0xbf4}, @hao={0xc9, 0x10, @private2}]}}}, @hoplimit={{0x14}}, @hopopts={{0x30, 0x29, 0x36, {0x5e, 0x2, '\x00', [@generic={0xff}, @pad1, @pad1, @calipso={0x7, 0x8, {0x3, 0x0, 0x0, 0xfff}}]}}}], 0xe0}}], 0x1, 0x810) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000200), 0x10) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000001740)=[{{&(0x7f0000000480)={0xa, 0x4e23, 0x0, @private1={0xfc, 0x1, '\x00', 0x1}}, 0x1c, &(0x7f0000000100)=[{0x0}], 0x1}}], 0x1, 0x24088804) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000300)=[{{&(0x7f0000000280)={0xa, 0x4e20, 0x3, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c, &(0x7f00000002c0)=[{&(0x7f0000000600)="6a9ee35872dedd3fa3577ce3d64d437abb6e906ee0d0354bcc7edf38e105d37f635fbb3b9c00a3d3bc61866fb3389eff2a0443cf6c38450ce2732419a8329bbe26f4eb1c9edcbf53fb1b0df9c77d6864e90753e3800dff58b9950616473ea1e55b947db3de3ebb8f63edf11ebec9eef2da6b9f545e28273d239534a4682dc23c44a85f64d17bbf41e291f3e3092626f045d8b2b5df6e478729cc88a79aa5f7fe99e374f09c34fe5b63b6dffd256f4ab6ec553520f191b386b290ce1e7fe4c59288afbcafe11869395eaae3f556234701", 0xd0}, {&(0x7f0000002840)="33db2a1949865d5bb1c5bfb13ffb96a1cdad02489f447c9f6e61ae185cf1962c0bee82f04dfd646365d75c057a118bea734fb3f7e5bd047d4c32bf72ead3fa9aca6aeb1cc044533c24edc3e8ec198203ec244cb6b2b79bedc3a8a74e17e85b4c32c0819c4c77dcc823cb4fa659cffc6e8348b875e177f03f4378da4b36ac7df34de2f67398e62f3708bb83c1b0f505aaa85a3422cf0a710a03415896a50197b4a0624542e33fdad43547a88b0fc5d26804a2c8f54e65fbeaae715fbba862f15688e80655f3890ac49ca3ccb40cb2dd711b88d4480d20c760f12c23568c8b5fe181abc11d1f2ab914f875ba85f8355c9d248deef68e71555867160c0161a078f42d6778ee2bcc3015ccb433ff9022b312b620c18e4f4b3824d186e3051adf3a6e0332222108e63f6eda5a1517ee3765ae0677f165fde798d1917a2583aa4b52e67438cf61f0cadd336edf8b5f132d54f4ca42b3d8d39ccba6293913d4f233f29af17bcf049306e43f99ad7c321bacbfa17c2e8d8269e42c5390e279a1a1370c15bec875beb8542823f5ab28abb5d48fd5662bbf3516ef63120e56fffe7d1e86748b788f80ef4deaaaeb0815d8fa04bdd351a00618ff45c64a886de5a7b51408a1d53ce8d4d7c2891492e10d1de29d4e0ef564a859500f97048c1a0b319e1305c1f228882d02a227dea730ce09b1200813bfbf6750800d1bd8d2c264ac6063d4b0fb4cb42c1924a6fac095d848450a00dcc6a827b9d0bcc0131ff3da234568d469f1246848b71bd3dfbe767de19ffe542a0a37317d84bfc63c9449a4cc04446c859f972b77188eb5b7517540b70c5a0701c78ca108c09aadd28a91278cb6633d88cff45cfd5e30f87d6be9eb53cf89d5c047f3c36f490fa652a148c5d824b2d9cb8ffe1edb80cd48922aede8f3b22d21806572bf5b7bbcd27555b41e137eb06e5a3f514780796a2c8700d13eeb1800227298d82e42388a3aad5293562cc05650ef93d23d5290dc0de915d8143f76b2838cea8db2ca4cc802cd8d6d2c43c95f919bf0ebd7403f8047a0c010dcbc26a4bead1b274b573773ad2a2000c7730b49d5a97505024b905be151207a4d737233ccd853c4420391150e546b205181aa376088c5ccfe1b42da805cb6eca7e7d622daeff2c66d75697f7cc50ce2cc096cfedfd5d6cc5551a83dd3beb24ecf9c0160e190138e8eb9e86de71ccd5d76a258844e34683f7accd5f0b07a87be90b7ae6976f4a89183ab489754c9034eee063309f8d8f36914cc56887e80acb660b40f8960df4280641cc2199fd90d4f71923f041396b834d3af2558f04055e1133140d3a4399cf32a1a1d441056c114a5311f0a9a13ee68ddc1481ccad45bcec671d980f8cc1e2155a637bd2f9dcc8f7ab57683c841545f4c6a1e75ebf778b518e2185935f7c6b020ee30a29355f6bf0e5adaac184a25aba83aa5221d983235d8c277c81c26497c1d019056a56abf062203887bd4a1143b991ac51b2aa136793e331ef84556ec6d254e2adadf0d77c21d46fadbe3cd187bf36f18905e24f6dbeb7e2a75119f943d1cd55ec316a58116fb2f00d511ddddc7baa8dd8e67a7b2a6a5bcac586115dd8ff84a899503d06d62e1d51f82d2681811da3ac71c76133f81308e048734030f24e6988b1cc512c9518365f87c0f00776ef77cab78d0f04f4d077dec4705da22593d934ad32b7bd17c6dc9957d5b742ef8f0894b15c27c3fac6775bbf4cbe107b1d726d1ef6f6b1d20a7ea23b34b87cb3dfcd5747f4f598bb4832de298032db313bbc727f1ea41ac96c8979387b375490e3199585d2a932734ab265afc1fb12253ede0c5dfcf702c88619919c8b8aff987ceaddd9e40bb43d34599b50b07bf2fc605e5e2c8e8b70e63bc0893af943641c3ae65cf717aa01d537e44eab989fff563d22be3c6ba7e25bd4ef6c8001e87a59788ac3140143620cf8a6e62cdad64a11fca4bbdece3d3c8032850f40de027e2dbaa3b250af2babc1549b8f8fa72c52e868743ba43e183f50c8b9d8ce45d0acf64758fd65edb776199ee84c6da0d228e0627e0ea92949e4dc6ef5f023b7c6e1a9d261384fa4db33962341c330b710405b1a339209fdfc6cb2eb29a7fb3ccbe4a1c7e2daf4f6f1c227ed4b77384938d082f59bfee13585ca9fc46c232f62ebb6287c3e02018313f22c0c8096a37c1506873294ede68b3eba8cc66ca31f40f0d19ff1536fd8fb42b3ff2fa3b191194d6d04e2d056b0c3c0c4abd88bc1c7e4c5b1e7b31245acebf616d2746d461c8a75ae762b2df0862c7705f2cad59f00303afaa9d9e774d005eecb3fe80c5bee4266703c2981803d7aad43c42d312e9376fc2a03b3a9067e88e1a4c063646493a63cc95082ad51505176a7dda5b4493dbc78a4021f6a0d31868d75ee08bb6129e84f247eb3ad352ec045c8d5dc8ee5ad7b7eae948ae056f523a4745f3839cb763505afe12e8b0a988caba151b38549e06738a15dfec6a5597b31f47fbbcb622b4b6dce331b50a4a7561396da5e3cd3383840afc00ac0537bf03a8aab179330a38d15115a01b0db44c9302bc908a5d86c5acef4859fc7464a0e4f2970f4221bffdd617bff126e6256cfbd24be7dc1eee65996013cd23a184ba66c7c0cdeb6b551fab006fda43591645106cf836bed95c143df06918fc0a3c32f6eea50a5208550fb42503987e64571d718b751597998d76941feed27076b64492eea782db891df0f69e89a6211d584f9f9c7d090ec9f6dd70a590436dfa4790a534bdfc1f46fd1ddbbcee124cd9668d968d95add753b630262989cf986b146722242b17cb2bbb083b590ab4946cf25326024a6d4377a9988a3335a84e0eba9c4287cf5fd3304e11cba1119c22a6ae371aa82cd398499a80be864159c08b6925ecc3d25b2aa9a841a5131123e09697cc5e516e9a117b6e86a6ebee3bb39f0801ffcc65f1acbd69f8cab1a1ec921d144366af2049aac2d58cbc20333d1fd63695891d50209e50a281f3a1906d8d12b5dd1610c307901d6283db0e8833bb63714785332cc03f28111d64a6649267da73ef1d9ebb0bd584fd651cce2518ce7bf40c48b07d6f50b1aa224d656d1cd8db83f250ddac303ff8076a4c151abacb7ceb18b10cc3c3de6f929d3858074223765d0e0005606b550f4a00cc855a8d8a99dac57a4a8b15729638dd982aec22e79c42bf3b5f67fe2ab4632acadc954444fb54806d730880b48cb10d641f3b607e6413d106c0622ba4670c169c0bc3073cf6bf160e7989b78aaae81e7306727c2d13776d827a209a4a84805f2b8f5bbf2950e9d213a344f236c9dfbfe0a4fed7eb5d27d3bb15e89d454bc3dc83df918e57e8b4c763aeabdd00cd768b69a052e848694b97cef6c333eed2d3278cefa13c73c4d1b886c1c23c3a9a5533d4f0aea3416fb0054a42c3b61ec6eebd0cadff6106cc7b58e2b5aefd2d9482d37cdbc04cfff4e8efde9397598d3f164483613391be5d96eab911ab979c9418b26abcf05d14e1c1fc84a943829d3a84d08ea171034c60a953fca50fb373aa1ffe26cf1ed8f1e2b64b50f05f22af000ccdfc87fc5d999ee0d5ade3e1438747a55ac95482b6619c4bf41dea7d164aaa6922b2f563a95ac5f4b906c3bc8172a184e7d28a1e10e0a38455a4a326610b41da0e48fcd60be7417b9a92ad92ecc6068dbcb93543f02c1ca310d45d118869e06169f2164d4ce5a6f96a5b8b75bbcd945c8f7e947cb435051fcf6f8f8244269b4d3412aaf91374b18f385ba052eedd9613793a9d1382d30b912f0af55bd3b7a821fb1fc32c62434970afd2af33707487beb86fae9a927e1a10e20803ff58bf02213ff4b019df223589710d2fb436a930c009e513cec0a3733badfb7c183bb4fe18f3c1f3efabc18629462fb16a82aaae57e976f233d8debf50c6f2b7b1e53870103bcd4ce8ed53e5effffccd5fb0d45a235a326aa3d4381d9031b25913203b8eb2f170e30f4e324db5fd01e0ae5b86dd48a27aba37871fb7d3f4be672f1191bca2516d2c17a9aaba68ffa02fb999", 0xb2a}], 0x2, &(0x7f0000000b40)}}], 0x1, 0x4000081) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3", 0x5) r3 = accept4(r2, 0x0, 0x0, 0x800) sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0) pwritev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 6.068045287s ago: executing program 0 (id=2114): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000780)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000500)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [@NFT_MSG_NEWRULE={0x48, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_EXPRESSIONS={0x1c, 0x4, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, @synproxy={{0xd}, @val={0x4}}}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x70}, 0x1, 0x0, 0x0, 0x4000850}, 0x24044010) r3 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r3, &(0x7f0000000080)={&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @loopback={0x0, 0xac14140c}}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000140)="8bcd", 0xffe3}], 0x1, 0x0, 0x0, 0x900}, 0x60) syz_genetlink_get_family_id$fou(&(0x7f0000000100), 0xffffffffffffffff) 5.923082045s ago: executing program 2 (id=2115): setsockopt$MRT_INIT(0xffffffffffffffff, 0x0, 0xc8, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/vmstat\x00', 0x0, 0x0) read$FUSE(r3, &(0x7f0000000200)={0x2020}, 0x2020) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x5100, 0x0) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000340)="71e67a15cdf0311cfcf33a52a7d86bd1", 0x20) 5.679314899s ago: executing program 3 (id=2116): r0 = socket$nl_generic(0x10, 0x3, 0x10) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r1 = fcntl$getown(r0, 0x9) prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x21800, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r4 = openat$userio(0xffffffffffffff9c, &(0x7f0000000080), 0xa0402, 0x0) writev(r4, &(0x7f0000000400)=[{&(0x7f0000000040)="c35f", 0x2}], 0x1) openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/bus/input/devices\x00', 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="02000000040000000800"], 0x50) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x1, 0x1c, 0x0, &(0x7f00000000c0)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=@bridge_newvlan={0x24, 0x70, 0x1, 0x800000, 0x0, {0x7, 0x0, 0x0, r5}, [@BRIDGE_VLANDB_ENTRY={0xc, 0x2, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_MCAST_ROUTER={0x5, 0x6, 0x9}}]}, 0x24}, 0x1, 0x0, 0x0, 0x881}, 0x20044014) 5.561944527s ago: executing program 4 (id=2117): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x11, 0x800000000004, @tid=r0}, 0x0) signalfd(0xffffffffffffffff, &(0x7f00000002c0)={[0x7fffffff]}, 0x8) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f000068c000/0xc000)=nil, &(0x7f0000817000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r1 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0xc1}) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x12, 0x3, 0x0, &(0x7f0000000240)='syzkaller\x00', 0x80000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="16"], 0x50) io_uring_enter(r1, 0x2219, 0x7721, 0x16, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) futex(&(0x7f000000cffc)=0x1, 0x6, 0x0, 0x0, 0x0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 4.796256041s ago: executing program 2 (id=2118): socket$xdp(0x2c, 0x3, 0x0) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2b, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) sendmsg$RDMA_NLDEV_CMD_STAT_DEL(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[], 0x10}, 0x1, 0x0, 0x0, 0x800}, 0x8084) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="5c00000000010104000000000000000002000000240002801400018008000100e000000108000200e00000010c0002800500010000000000080008400000000814000580080001"], 0x5c}}, 0x0) 4.731055804s ago: executing program 0 (id=2119): socket$inet_udp(0x2, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r3, 0xc0184800, &(0x7f0000000100)={0x4}) syz_open_dev$dri(&(0x7f0000000040), 0x1ff, 0x80000) r4 = socket(0x15, 0x5, 0x0) getsockopt(r4, 0x200000000114, 0x271b, 0x0, &(0x7f0000000000)) 4.693195837s ago: executing program 3 (id=2120): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r1, 0x220c) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r2, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080)) listen(r3, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r4, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r5, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r6, 0x0) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r7, 0x0) r8 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r8, &(0x7f0000000040)=[{&(0x7f0000000200)="580000001400192340834b80040d8c560a0677bc45ff810500000000000058000b480400945f64009400050028925a01000000000000008000f0fffeffe809000000fff5dd0000001000010002081000418e00000004fcff", 0x58}], 0x1) 4.353054137s ago: executing program 4 (id=2121): r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x2, 0x0) r1 = getpid() creat(0x0, 0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) open(0x0, 0x143142, 0x43) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) r3 = gettid() process_vm_writev(r3, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0) 3.803876889s ago: executing program 3 (id=2122): fsmount(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) socket$inet(0x2, 0x4000000000000001, 0x0) pipe2$9p(&(0x7f00000001c0), 0x0) r3 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0xa1001) ioctl$SNDRV_TIMER_IOCTL_SELECT(r3, 0x40345410, &(0x7f0000000300)={{0x0, 0x2}}) r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000600), 0x183c81) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r4, 0xc08c5332, &(0x7f00000004c0)={0x5, 0x0, 0x0, 'queue0\x00', 0x12}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r4, 0x40605346, &(0x7f0000000280)={0x0, 0x0, {0x3}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r3, 0x40505412, &(0x7f00000000c0)={0xc8bbf2a48522880d, 0x4, 0x40, 0x0, 0xf}) 3.425921091s ago: executing program 0 (id=2123): socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) io_setup(0x8a, 0x0) io_submit(0x0, 0x0, 0x0) write(r0, 0x0, 0x0) recvmmsg$unix(r0, &(0x7f00000031c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x180, 0x0) syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000200)='./file0\x00', 0x2048c5, &(0x7f0000000380)={[{@fat=@tz_utc}, {@fat=@flush}, {@fat=@tz_utc}, {@shortname_mixed}, {@uni_xlate}, {@uni_xlateno}, {@shortname_win95}, {@utf8no}, {@fat=@nfs_nostale_ro}, {@rodir}, {@uni_xlate}, {@shortname_lower}, {@fat=@errors_continue}]}, 0x0, 0x2a1, &(0x7f0000000840)="$eJzs3UFrE1sYxvGnSdukKW2yKBfuhYsvutHN0MZPEKQFMaDURtSFMLUTDRmTkomRiNju3Po5iktXCuoX6Made3FTBMFNF2KkScamNWBaW6ea/w/CnJxz3pkzOTPhnYFMtq4/vVcuBk7RrSuWNMWkdW1LmZ1S10h3GWuXx9VrXecmP7/7/+qNm5dy+fz8otlCbul81symT7168OjZ6Tf1yWvPp18mtJm5tfUp+37zn81/t74uhWuvSq4tV6t1d9n3bKUUlB2zK77nBp6VKoFXq1tPe9Gvrq42za2sTKVWa14QmFtpWtlrWr1q9VrT3DtuqWKO49hUSsMmfuCIwsbiops7lsEgChP9Kmu1nJvo21jY+B2DAgAAJ0tU+f/dUmClwCrVPfl9mP9LYf4f0wHyf2mo8/+DI/8fBjv5f6p7/u5F/g8AAAAAAAAAAAAAAAAAAAAAwJ9gu9VKt1qtdLgMXwlJSUnh+6jHiePB/A+3nh/uJSX/SaPQKHSWnfZcUSX58jQ7Jn1pHw9dnfLCxfz8rLVl9Npf68avNQpxJcL4UKZ//Fwn3nrj1zSmVO/2s0prpn98tk98ozCus2daie6WPTlK6+1tVeVrpX1c78Y/njO7cDm/L36i3Q8AAAAAgL+BY9/9cP3ebncsfGzIvvZO5e79AaV/cn9g3/X1qP4bjW6/AQAAAAAYJkHzYdn1fa82BIXw/w+OZIXRf3TJQTuPSurWvDgpczFIISbpsOHxX5vlj5L21MxEPt1HUfhwv3MGDNI5ym8lAAAAAMchTPpHoh4IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABDbNCHh4X9D/PssZ7NxaPZSwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBk+BYAAP//lOkWvQ==") sendmsg$ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f00000000c0)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = socket$phonet_pipe(0x23, 0x5, 0x2) ioctl$SIOCPNGETOBJECT(r4, 0x89e0, &(0x7f0000000480)) 3.425431671s ago: executing program 4 (id=2124): openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x8400, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8a}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_open_dev$vim2m(0x0, 0x7, 0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket$kcm(0x2, 0x3, 0x2) r3 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000ac0)="4c000000140097f87059ae08060c040002ff0f020000000000001a350182fa73a69d35a21429b17cd02941601d60ffc0cca84708f7abca1b4e7d06a60300000072f750375ed08a5604000000", 0x4c}], 0x1}, 0x0) 3.412897772s ago: executing program 2 (id=2125): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x11, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) signalfd(0xffffffffffffffff, &(0x7f00000002c0)={[0x7fffffff]}, 0x8) prctl$PR_SET_MM_MAP(0x23, 0xe, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r1 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0xc1}) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x12, 0x3, 0x0, &(0x7f0000000240)='syzkaller\x00', 0x80000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="16"], 0x50) io_uring_enter(r1, 0x2219, 0x7721, 0x16, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) futex(&(0x7f000000cffc)=0x1, 0x6, 0x0, 0x0, 0x0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 1.907917789s ago: executing program 2 (id=2126): setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r2 = memfd_create(&(0x7f0000000380)='+\x8b\x8a\x16\x06O\xdd\xdfk(F\x99\xdf\x92\xd5>oJ\x02u\x9b\xafa\xac\x06\x9c&\xf5\xe3j\xfa\tcR\x86\xd9\xd2.\x9f\x12\xed\x10\f\xbd\x1a|\x8a\xbb\xda\xcfY\x98gU@\xf2E\xc0\xb5\xdf\x9a\x8d\xdb,n\xae\x0eT\x80\x8c\xfd\xd7\xb0\x94\x82t\x96\rKx\xc5\x9b\x8c\x87\x96\x8bc\xbc\xee\xcc\x9f\xe3F\x89V4\x8e;M\xa9\x823\xe3\xb3mG\x8f\xdb\xed\x1b\x05\xec\xfc\xd1\xb5\xfd\xec@\xdeU\xdd\xa4\xc1\xe4L)\x8e\xe5\x91\x8e\xd4\x89\xef\x95T\x05G\xac\xb8\xc1: )mh\xc7\xf1?\xbb\x13;\xad\x95\xd70\xb6\x0e\x7f\x84r\x0e\xbf\xc5\xf6\xd4\xdd\t\x14\x18\xf7\xefi\x93\x03\xd2\xf2\bK\"\xda\xb5\xba\xb8\xc8\xe0\xac\x99\xe8su\xcd\xc3E\x80\x00\x00\x00!\x16Tu\xe3I\f\x171~\xdf\xe6\xc82\xf0\x84#R\xd9\xe3~Wj\xb0r\x87\'\xea\x85\a\xcfOeK\x9daW\xf4\x87@\x9c\xf3\xf1K\x00\x00\x00\xdfIn\x97\x0263~\xeb\xbe(i\n\xc2k4\x7f\x12\xa9e`SOs\x8c\xb4\xe7FeQ\xc6$\x92j_U\xfa\b\xea\xb0bYkW\xc0\x05\aC{\xcc\x03T\x17\xa5Sk\x87P\xc2\x97D\xb2\xfa\x1b\x9fe\xf4\x10\x1a\xad\x92\xce\x88\x1b\xbc\xe14\x19\xaa\xd3\r\xf4\xa2\xc3\x9e=\xa0 \xe6j\xe5\x85\xf8\x97\x03\x15\xaa\x920\xdcrI\xd8\b\xfb\xc7\xe7xX\x00>d\xbb\xa7\xfd\xb8O\xb9j\xb8\xf2\x9dx\xb2\x86\xad\x92\x9be\xe4\x00\x00\x00\x80\xf1\xacQ\xb9O\xd4\x14\xa1\x92\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x83nk\xd3\xc9/m\x1aT\x8f\'\xef\xa6D\xab\xcfs\x97.\xf2\xf4wK`\xa9S\x98>0\x92\xd9\xb8\xb2\x17,\xd6\xf8\n\x93\xc1\x10qk.\xf6\x9bY\xe6\x92\xef\xa2o\\\x9b\xeb\x93v\x11B\xf6', 0x6) fcntl$addseals(r2, 0x409, 0x8) fallocate(r2, 0x3, 0x9100, 0x3) 1.826160163s ago: executing program 3 (id=2127): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000780)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000500)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [@NFT_MSG_NEWRULE={0x48, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_EXPRESSIONS={0x1c, 0x4, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, @synproxy={{0xd}, @val={0x4}}}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x70}, 0x1, 0x0, 0x0, 0x4000850}, 0x24044010) r3 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r3, &(0x7f0000000080)={&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @loopback={0x0, 0xac14140c}}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000140)="8bcd", 0xffe3}], 0x1, 0x0, 0x0, 0x900}, 0x60) syz_genetlink_get_family_id$fou(&(0x7f0000000100), 0xffffffffffffffff) 1.499910333s ago: executing program 0 (id=2128): setsockopt$MRT_INIT(0xffffffffffffffff, 0x0, 0xc8, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/vmstat\x00', 0x0, 0x0) read$FUSE(r3, &(0x7f0000000200)={0x2020}, 0x2020) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x5100, 0x0) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000340)="71e67a15cdf0311cfcf33a52a7d86bd1", 0x20) 1.265507457s ago: executing program 4 (id=2129): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x11, 0x800000000004, @tid=r0}, 0x0) signalfd(0xffffffffffffffff, &(0x7f00000002c0)={[0x7fffffff]}, 0x8) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f000068c000/0xc000)=nil, &(0x7f0000817000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) r1 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0xc1}) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x12, 0x3, 0x0, &(0x7f0000000240)='syzkaller\x00', 0x80000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="16"], 0x50) io_uring_enter(r1, 0x2219, 0x7721, 0x16, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) futex(&(0x7f000000cffc)=0x1, 0x6, 0x0, 0x0, 0x0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9) 442.958334ms ago: executing program 3 (id=2130): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000780)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000500)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [@NFT_MSG_NEWRULE={0x48, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_EXPRESSIONS={0x1c, 0x4, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, @synproxy={{0xd}, @val={0x4}}}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x70}, 0x1, 0x0, 0x0, 0x4000850}, 0x24044010) r4 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r4, &(0x7f0000000080)={&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @loopback={0x0, 0xac14140c}}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000140)="8bcd", 0xffe3}], 0x1, 0x0, 0x0, 0x900}, 0x60) syz_genetlink_get_family_id$fou(&(0x7f0000000100), 0xffffffffffffffff) 415.231456ms ago: executing program 0 (id=2131): socket$nl_route(0x10, 0x3, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$get_persistent(0x16, 0xffffffffffffffff, r3) keyctl$clear(0x7, r3) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x8001}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x60, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x38, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @payload={{0xc}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_PAYLOAD_OFFSET={0x8, 0x3, 0x1, 0x0, 0x2f}, @NFTA_PAYLOAD_SREG={0x8, 0x5, 0x1, 0x0, 0x11}, @NFTA_PAYLOAD_BASE={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_PAYLOAD_LEN={0x8, 0x4, 0x1, 0x0, 0x87}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0xd4}, 0x1, 0x0, 0x0, 0x80}, 0x0) openat(0xffffffffffffff9c, 0x0, 0x101042, 0x0) 0s ago: executing program 4 (id=2132): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = getpid() ioprio_get$pid(0x2, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r1 = syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x0, 0x0) ptrace$ARCH_GET_GS(0x1e, r0, 0x0, 0x1004) sched_setaffinity(0x0, 0xc67e7be33bfcd098, &(0x7f0000000180)=0x400000bce) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000032680)=""/102400, 0x19000) r3 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r3, &(0x7f0000000100)={0x2, 0x3, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x1000c040) connect$inet(r3, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10) sendmmsg$inet(r3, &(0x7f0000004d00)=[{{0x0, 0x97, 0x0, 0x0, 0x0, 0x0, 0x30000}}], 0x300, 0xf1c) kernel console output (not intermixed with test programs): .732650][ T5861] bridge_slave_0: left allmulticast mode [ 78.744282][ T5861] bridge_slave_0: left promiscuous mode [ 78.751974][ T5861] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.773839][ T5861] bridge_slave_1: left allmulticast mode [ 78.784582][ T5861] bridge_slave_1: left promiscuous mode [ 78.791317][ T5861] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.796480][ T51] Bluetooth: hci0: command tx timeout [ 78.813448][ T5861] bond0: (slave bond_slave_0): Releasing backup interface [ 78.867465][ T51] Bluetooth: hci1: command tx timeout [ 78.873631][ T5861] bond0: (slave bond_slave_1): Releasing backup interface [ 78.908775][ T5861] team0: Port device team_slave_0 removed [ 78.928173][ T5861] team0: Port device team_slave_1 removed [ 78.934541][ T5861] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 78.946669][ T51] Bluetooth: hci2: command tx timeout [ 78.948259][ T5861] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 78.952233][ T5775] Bluetooth: hci3: command tx timeout [ 78.973928][ T5861] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 78.982389][ T5861] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 79.081830][ T5863] team0: Mode changed to "loadbalance" [ 79.093686][ T5867] vlan0: entered promiscuous mode [ 79.153027][ T5867] team0: Port device vlan0 added [ 79.161056][ T5866] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6'. [ 79.549863][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 80.038195][ T0] NOHZ tick-stop error: local softirq work is pending, handler #142!!! [ 81.293055][ T51] Bluetooth: hci0: command tx timeout [ 81.293091][ T5775] Bluetooth: hci1: command tx timeout [ 81.301213][ T51] Bluetooth: hci2: command tx timeout [ 81.304934][ T5085] Bluetooth: hci3: command tx timeout [ 81.577816][ T5891] 9pnet_fd: Insufficient options for proto=fd [ 81.588759][ T5890] netlink: 12 bytes leftover after parsing attributes in process `syz.3.9'. [ 81.904077][ T5085] block nbd0: Receive control failed (result -1) [ 81.930662][ T27] audit: type=1326 audit(1770835155.187:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5901 comm="syz.0.11" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9fe799bf79 code=0x7ffc0000 [ 82.186260][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 82.195588][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 82.467126][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 82.494432][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 82.596760][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 82.746062][ T27] audit: type=1326 audit(1770835155.357:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5901 comm="syz.0.11" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9fe799bf79 code=0x7ffc0000 [ 82.836373][ T27] audit: type=1326 audit(1770835155.357:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5901 comm="syz.0.11" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9fe799bf79 code=0x7ffc0000 [ 82.893807][ T27] audit: type=1326 audit(1770835155.367:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5901 comm="syz.0.11" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9fe799bf79 code=0x7ffc0000 [ 82.947513][ T5908] netlink: 4 bytes leftover after parsing attributes in process `syz.1.12'. [ 82.971841][ T27] audit: type=1326 audit(1770835155.377:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5901 comm="syz.0.11" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9fe799bf79 code=0x7ffc0000 [ 83.083475][ T27] audit: type=1326 audit(1770835155.377:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5901 comm="syz.0.11" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f9fe795c84e code=0x7ffc0000 [ 83.106101][ T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!! [ 83.115804][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 83.302042][ T27] audit: type=1326 audit(1770835155.927:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5901 comm="syz.0.11" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9fe799bf79 code=0x7ffc0000 [ 83.458958][ T27] audit: type=1326 audit(1770835155.927:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5901 comm="syz.0.11" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f9fe799bce2 code=0x7ffc0000 [ 83.598709][ T27] audit: type=1326 audit(1770835155.927:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5901 comm="syz.0.11" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7f9fe799bd77 code=0x7ffc0000 [ 83.660314][ T27] audit: type=1326 audit(1770835155.927:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5901 comm="syz.0.11" exe="/root/syz-executor" sig=0 arch=c000003e syscall=14 compat=0 ip=0x7f9fe7958d11 code=0x7ffc0000 [ 84.786715][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 86.228115][ T5923] tipc: Started in network mode [ 86.233273][ T5923] tipc: Node identity ac1414aa, cluster identity 4711 [ 86.298140][ T5923] tipc: Enabled bearer , priority 10 [ 87.509342][ T28] cfg80211: failed to load regulatory.db [ 87.517903][ T5759] tipc: Node number set to 2886997162 [ 87.597170][ T5923] tipc: Enabled bearer , priority 0 [ 87.832799][ T5934] syz.0.19[5934]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 87.891435][ T27] kauditd_printk_skb: 66 callbacks suppressed [ 87.891451][ T27] audit: type=1326 audit(1770835161.147:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5928 comm="syz.1.18" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46b0b9bf79 code=0x7ffc0000 [ 87.944714][ T5929] loop1: detected capacity change from 0 to 2048 [ 87.972396][ T5936] netlink: 12 bytes leftover after parsing attributes in process `syz.3.20'. [ 87.991166][ T27] audit: type=1326 audit(1770835161.147:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5928 comm="syz.1.18" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46b0b9bf79 code=0x7ffc0000 [ 88.099482][ T27] audit: type=1326 audit(1770835161.147:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5928 comm="syz.1.18" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7f46b0b9bf79 code=0x7ffc0000 [ 88.120967][ T5934] loop0: detected capacity change from 0 to 4096 [ 88.171433][ T27] audit: type=1326 audit(1770835161.147:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5928 comm="syz.1.18" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46b0b9bf79 code=0x7ffc0000 [ 88.215269][ T27] audit: type=1326 audit(1770835161.147:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5928 comm="syz.1.18" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46b0b9bf79 code=0x7ffc0000 [ 88.263454][ T5929] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none. [ 88.281810][ T27] audit: type=1326 audit(1770835161.147:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5928 comm="syz.1.18" exe="/root/syz-executor" sig=0 arch=c000003e syscall=101 compat=0 ip=0x7f46b0b9bf79 code=0x7ffc0000 [ 88.315343][ T5934] EXT4-fs: Ignoring removed mblk_io_submit option [ 88.344834][ T27] audit: type=1326 audit(1770835161.147:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5928 comm="syz.1.18" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f46b0b9bf79 code=0x7ffc0000 [ 88.367502][ T27] audit: type=1326 audit(1770835161.167:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5928 comm="syz.1.18" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f46b0b9bf79 code=0x7ffc0000 [ 88.393708][ T27] audit: type=1326 audit(1770835161.167:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5928 comm="syz.1.18" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f46b0b9bce2 code=0x7ffc0000 [ 88.495615][ T5945] xt_nat: multiple ranges no longer supported [ 88.665069][ T5934] EXT4-fs (loop0): Test dummy encryption mode enabled [ 88.746775][ T27] audit: type=1326 audit(1770835161.167:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5928 comm="syz.1.18" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f46b0b5c84e code=0x7ffc0000 [ 89.068416][ T5934] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 89.762352][ T5769] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000900. [ 91.034765][ T5958] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 91.090625][ T5778] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 91.155952][ C0] sched: RT throttling activated [ 91.195141][ T5961] loop3: detected capacity change from 0 to 1024 [ 91.222909][ T5961] EXT4-fs: Ignoring removed orlov option [ 91.384501][ T5961] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 91.938431][ T5975] netlink: 24 bytes leftover after parsing attributes in process `syz.2.28'. [ 91.950848][ T5975] sch_tbf: burst 88 is lower than device veth1 mtu (1514) ! [ 91.980022][ T5961] overlayfs: statfs failed on './file0' [ 92.170951][ T5773] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 92.294883][ T5978] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 92.385270][ T5983] loop3: detected capacity change from 0 to 128 [ 92.401999][ T5978] capability: warning: `syz.2.29' uses 32-bit capabilities (legacy support in use) [ 92.518302][ T5983] FAT-fs (loop3): error, fat_free: invalid cluster chain (i_pos 54) [ 92.542171][ T5983] FAT-fs (loop3): Filesystem has been set read-only [ 92.576174][ T5983] FAT-fs (loop3): error, fat_free: invalid cluster chain (i_pos 54) [ 95.758218][ T6011] loop0: detected capacity change from 0 to 2048 [ 96.340343][ T6017] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 96.660155][ T6011] debugfs: Directory 'netdev:nicvf0' with parent 'phy8' already present! [ 96.760723][ T6019] netlink: 8 bytes leftover after parsing attributes in process `syz.1.40'. [ 96.792992][ T6021] loop1: detected capacity change from 0 to 8 [ 96.824360][ T6024] loop2: detected capacity change from 0 to 512 [ 96.850011][ T6021] ======================================================= [ 96.850011][ T6021] WARNING: The mand mount option has been deprecated and [ 96.850011][ T6021] and is ignored by this kernel. Remove the mand [ 96.850011][ T6021] option from the mount to silence this warning. [ 96.850011][ T6021] ======================================================= [ 96.898922][ T6024] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 97.000484][ T6021] SQUASHFS error: Unable to read inode 0x11f [ 97.045768][ T6024] EXT4-fs (loop2): 1 orphan inode deleted [ 97.076556][ T12] __quota_error: 24 callbacks suppressed [ 97.076574][ T12] Quota error (device loop2): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 97.107629][ T6024] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 97.108023][ T6031] loop0: detected capacity change from 0 to 256 [ 97.135805][ T12] EXT4-fs error (device loop2): ext4_release_dquot:6985: comm kworker/u4:1: Failed to release dquot type 1 [ 97.168338][ T6024] ext4 filesystem being mounted at /9/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 97.228850][ T6031] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 97.286095][ T6031] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 97.354067][ T6031] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 97.517892][ T5777] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 98.777246][ T6045] netlink: 52 bytes leftover after parsing attributes in process `syz.1.48'. [ 100.208156][ T6045] bridge0: port 2(bridge_slave_1) entered disabled state [ 100.216047][ T6045] bridge0: port 1(bridge_slave_0) entered disabled state [ 100.256025][ T6050] netlink: 76 bytes leftover after parsing attributes in process `syz.1.48'. [ 100.265878][ T6050] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.273148][ T6050] bridge0: port 2(bridge_slave_1) entered forwarding state [ 100.280838][ T6050] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.288189][ T6050] bridge0: port 1(bridge_slave_0) entered forwarding state [ 100.302739][ T6050] netlink: 52 bytes leftover after parsing attributes in process `syz.1.48'. [ 100.319494][ T6050] bridge0: port 2(bridge_slave_1) entered disabled state [ 100.326828][ T6050] bridge0: port 1(bridge_slave_0) entered disabled state [ 102.731448][ T6086] netlink: 'syz.2.60': attribute type 10 has an invalid length. [ 102.756980][ T6086] 8021q: adding VLAN 0 to HW filter on device team0 [ 102.777370][ T6086] bond0: (slave team0): Enslaving as an active interface with an up link [ 103.629544][ T6087] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 103.803726][ T6087] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 105.670091][ T6112] SET target dimension over the limit! [ 106.485076][ T6121] loop0: detected capacity change from 0 to 1024 [ 106.520447][ T6121] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 106.745183][ T6121] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 107.730851][ T6131] netlink: 16 bytes leftover after parsing attributes in process `syz.2.73'. [ 107.812779][ T6121] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:4047: comm syz.0.70: Allocating blocks 497-513 which overlap fs metadata [ 107.872739][ T6121] EXT4-fs (loop0): pa ffff888076580e80: logic 256, phys. 385, len 8 [ 107.881737][ T6121] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:5388: group 0, free 0, pa_free 1 [ 108.154222][ T6120] loop1: detected capacity change from 0 to 40427 [ 108.174334][ T6120] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 108.183759][ T6120] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 108.210454][ T6120] F2FS-fs (loop1): invalid crc_offset: 33558524 [ 108.240350][ T5778] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 108.285860][ T6120] F2FS-fs (loop1): Found nat_bits in checkpoint [ 108.414648][ T6120] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 108.434040][ T6120] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 108.516412][ T6142] netlink: 12 bytes leftover after parsing attributes in process `syz.0.74'. [ 108.594780][ T6142] veth1: entered promiscuous mode [ 108.630736][ T6142] veth0_virt_wifi: entered promiscuous mode [ 108.671402][ T6142] hsr1: entered promiscuous mode [ 113.029088][ T6177] loop0: detected capacity change from 0 to 128 [ 113.054334][ T6177] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 113.071267][ T6177] hpfs: filesystem error: improperly stopped [ 113.080879][ T6177] hpfs: You really don't want any checks? You are crazy... [ 113.137631][ T6177] hpfs: hpfs_map_sector(): read error [ 113.162260][ T6177] hpfs: code page support is disabled [ 113.187107][ T6177] hpfs: hpfs_map_4sectors(): unaligned read [ 113.195712][ T6177] hpfs: hpfs_map_4sectors(): unaligned read [ 113.216682][ T6177] hpfs: filesystem error: unable to find root dir [ 113.508426][ T6181] hpfs: hpfs_map_4sectors(): unaligned read [ 117.165287][ T6209] loop0: detected capacity change from 0 to 512 [ 117.177803][ T6209] EXT4-fs: Ignoring removed i_version option [ 118.317058][ T6209] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2853: Unable to expand inode 17. Delete some EAs or run e2fsck. [ 118.330788][ T6209] EXT4-fs (loop0): 1 truncate cleaned up [ 118.338851][ T6209] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 118.827350][ T5778] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 121.887995][ T6240] netlink: 'syz.1.99': attribute type 1 has an invalid length. [ 121.981910][ T6243] netlink: 20 bytes leftover after parsing attributes in process `syz.0.98'. [ 122.916232][ T6245] netlink: 28 bytes leftover after parsing attributes in process `syz.1.99'. [ 122.993922][ T6245] 8021q: adding VLAN 0 to HW filter on device bond1 [ 123.120093][ T6246] 8021q: adding VLAN 0 to HW filter on device bond1 [ 123.135155][ T27] audit: type=1804 audit(1770835455.393:112): pid=6250 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.101" name="bus" dev="ramfs" ino=7883 res=1 errno=0 [ 123.179001][ T6246] netdevsim netdevsim1 netdevsim0: set [1, 1] type 2 family 0 port 20004 - 0 [ 123.186062][ T27] audit: type=1804 audit(1770835455.423:113): pid=6250 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.101" name="bus" dev="ramfs" ino=7883 res=1 errno=0 [ 123.233630][ T6246] netdevsim netdevsim1 netdevsim1: set [1, 1] type 2 family 0 port 20004 - 0 [ 123.252880][ T6246] netdevsim netdevsim1 netdevsim2: set [1, 1] type 2 family 0 port 20004 - 0 [ 123.262402][ T6246] netdevsim netdevsim1 netdevsim3: set [1, 1] type 2 family 0 port 20004 - 0 [ 123.289240][ T6246] bond1: (slave geneve0): making interface the new active one [ 123.309679][ T6246] bond1: (slave geneve0): Enslaving as an active interface with an up link [ 123.339383][ T5835] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 123.497495][ T6246] syz.1.99 (6246) used greatest stack depth: 20048 bytes left [ 123.553271][ T5835] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 123.620863][ T5835] usb 3-1: config 0 has no interfaces? [ 123.660471][ T5835] usb 3-1: New USB device found, idVendor=07fd, idProduct=0004, bcdDevice=26.50 [ 123.844123][ T5835] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 123.852705][ T5835] usb 3-1: Product: syz [ 123.863180][ T5835] usb 3-1: Manufacturer: syz [ 123.871802][ T5835] usb 3-1: SerialNumber: syz [ 123.993135][ T5835] usb 3-1: config 0 descriptor?? [ 124.750032][ T6248] loop2: detected capacity change from 0 to 512 [ 124.770578][ T6248] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 124.961142][ T6248] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a002c119, mo2=0002] [ 124.983394][ T6248] System zones: 1-12 [ 125.983738][ T6248] EXT4-fs: error -4 creating inode table initialization thread [ 126.032050][ T6248] EXT4-fs (loop2): mount failed [ 126.274555][ T9] usb 3-1: USB disconnect, device number 2 [ 127.617095][ T6281] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks [ 131.570490][ T6313] loop1: detected capacity change from 0 to 1024 [ 132.847429][ T6323] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 133.126627][ T49] hfsplus: b-tree write err: -5, ino 4 [ 133.349932][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.356810][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.836116][ T28] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 134.026163][ T28] usb 2-1: Using ep0 maxpacket: 32 [ 134.061599][ T28] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 134.091558][ T28] usb 2-1: too many endpoints for config 0 interface 0 altsetting 9: 33, using maximum allowed: 30 [ 134.126083][ T28] usb 2-1: config 0 interface 0 altsetting 9 has 0 endpoint descriptors, different from the interface descriptor's value: 33 [ 134.156080][ T28] usb 2-1: config 0 interface 0 has no altsetting 0 [ 134.166138][ T28] usb 2-1: New USB device found, idVendor=1b1c, idProduct=0c10, bcdDevice= 0.00 [ 134.175251][ T28] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 134.229048][ T28] usb 2-1: config 0 descriptor?? [ 135.031919][ T6342] netlink: 24 bytes leftover after parsing attributes in process `syz.0.127'. [ 135.201402][ T6340] team0 (unregistering): Failed to send options change via netlink (err -105) [ 135.252138][ T6340] team0 (unregistering): Failed to send port change of device vlan0 via netlink (err -105) [ 135.280939][ T6340] team0 (unregistering): Port device vlan0 removed [ 135.292860][ T6331] loop1: detected capacity change from 0 to 8192 [ 135.301364][ T6340] team0 (unregistering): Failed to send options change via netlink (err -105) [ 135.358891][ T6345] Zero length message leads to an empty skb [ 135.406849][ T5864] usb 2-1: USB disconnect, device number 2 [ 138.924215][ T6369] mmap: syz.3.134 (6369) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 141.406367][ T6381] bridge0: port 2(bridge_slave_1) entered disabled state [ 141.414237][ T6381] bridge0: port 1(bridge_slave_0) entered disabled state [ 141.530987][ T6381] tipc: Resetting bearer [ 142.907442][ T6403] process 'syz.1.142' launched '/proc/sys/fs/binfmt_misc/register' with NULL argv: empty string added [ 143.026640][ T6381] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 143.086418][ T6381] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 144.362804][ T6410] loop1: detected capacity change from 0 to 512 [ 144.446665][ T6410] EXT4-fs error (device loop1): ext4_iget_extra_inode:4732: inode #15: comm syz.1.144: corrupted in-inode xattr: invalid ea_ino [ 144.513265][ T6410] EXT4-fs error (device loop1): ext4_orphan_get:1403: comm syz.1.144: couldn't read orphan inode 15 (err -117) [ 144.572998][ T6410] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 144.760861][ T6381] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 144.762532][ T5769] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 144.770709][ T6381] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 144.818846][ T6381] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 144.829664][ T6381] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 145.913910][ T6418] syz.3.147 uses obsolete (PF_INET,SOCK_PACKET) [ 150.371822][ T6459] loop2: detected capacity change from 0 to 4096 [ 150.384670][ T6459] ext4: Unknown parameter 'hash' [ 153.373196][ T6474] bad cache= option: no%e [ 153.373196][ T6474] [ 153.380077][ T6474] CIFS: VFS: bad cache= option: no%e [ 163.238647][ T6558] netlink: 'syz.1.182': attribute type 4 has an invalid length. [ 165.672354][ T5834] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 166.379365][ T6583] netlink: 'syz.2.189': attribute type 1 has an invalid length. [ 166.431987][ T6583] loop2: detected capacity change from 0 to 512 [ 166.459851][ T6583] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -2 [ 166.534979][ T6583] EXT4-fs (loop2): 1 truncate cleaned up [ 166.578000][ T6583] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 166.611676][ T5834] usb 1-1: config 0 descriptor has 1 excess byte, ignoring [ 166.634214][ T5834] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 166.664988][ T5834] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 166.699500][ T5834] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 166.704018][ T6583] ext4: Unknown parameter 'ì¥YðÌÚ„yµ²Fm¤ïŠ©«±ZÉ1Ø(O[½Å [ 166.704018][ T6583] ^¥Æ+EïóªØ]0rQ#Íó{ØÌŽÎcÄpç6;æ°:ªPŸrïfè˜l¿íÐIG>Žá¦?Ï…-H"’&Fþ)ð!Iˆ|.z' [ 166.719710][ T5834] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 166.756020][ T5834] usb 1-1: Product: syz [ 166.760251][ T5834] usb 1-1: Manufacturer: syz [ 166.785838][ T5834] usb 1-1: SerialNumber: syz [ 166.819423][ T5834] usb 1-1: config 0 descriptor?? [ 166.842035][ T5834] usb 1-1: 0:0 : invalid sync pipe. bmAttributes 00, bLength 8, bSynchAddress 00 [ 167.108746][ T6565] netlink: 24 bytes leftover after parsing attributes in process `syz.0.185'. [ 167.754258][ T5835] usb 3-1: new full-speed USB device number 3 using dummy_hcd [ 167.947857][ T5835] usb 3-1: unable to get BOS descriptor or descriptor too short [ 167.968991][ T5835] usb 3-1: not running at top speed; connect to a high speed hub [ 168.018630][ T5835] usb 3-1: config 1 has an invalid descriptor of length 3, skipping remainder of the config [ 168.049814][ T5835] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 147, changing to 4 [ 168.087988][ T5835] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 168.110156][ T5835] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 168.290462][ T5835] usb 3-1: Product: syz [ 168.345375][ T5835] usb 3-1: Manufacturer: syz [ 168.430865][ T5835] usb 3-1: SerialNumber: syz [ 169.131365][ T5835] usb 3-1: 2:1 : UAC_AS_GENERAL descriptor not found [ 169.172444][ T5834] usb 1-1: USB disconnect, device number 2 [ 169.194067][ T5835] usb 3-1: unit 5 not found! [ 169.212993][ T5777] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 169.239044][ T5835] usb 3-1: USB disconnect, device number 3 [ 170.512318][ T6617] syz_tun: entered allmulticast mode [ 170.560641][ T6617] netlink: 4 bytes leftover after parsing attributes in process `syz.3.197'. [ 170.705467][ T6611] loop0: detected capacity change from 0 to 1764 [ 170.726753][ T6617] syz_tun (unregistering): left allmulticast mode [ 171.198537][ T6630] lo: entered allmulticast mode [ 171.210992][ T6630] pimreg: entered allmulticast mode [ 171.230070][ T6629] pimreg: left allmulticast mode [ 171.235802][ T6629] lo: left allmulticast mode [ 173.830727][ T27] audit: type=1326 audit(1770835506.093:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6649 comm="syz.3.207" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe039d9bf79 code=0x7ffc0000 [ 173.878012][ T27] audit: type=1326 audit(1770835506.093:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6649 comm="syz.3.207" exe="/root/syz-executor" sig=0 arch=c000003e syscall=55 compat=0 ip=0x7fe039d9bf79 code=0x7ffc0000 [ 173.950870][ T27] audit: type=1326 audit(1770835506.093:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6649 comm="syz.3.207" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe039d9bf79 code=0x7ffc0000 [ 173.986979][ T27] audit: type=1326 audit(1770835506.093:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6649 comm="syz.3.207" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe039d9bf79 code=0x7ffc0000 [ 174.248464][ T27] audit: type=1326 audit(1770835506.093:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6649 comm="syz.3.207" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fe039d9bf79 code=0x7ffc0000 [ 174.386028][ T6663] netlink: 24 bytes leftover after parsing attributes in process `syz.0.209'. [ 175.126062][ T27] audit: type=1326 audit(1770835506.093:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6649 comm="syz.3.207" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe039d9bf79 code=0x7ffc0000 [ 175.224369][ T27] audit: type=1326 audit(1770835506.093:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6649 comm="syz.3.207" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe039d9bf79 code=0x7ffc0000 [ 175.258287][ T27] audit: type=1326 audit(1770835506.093:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6649 comm="syz.3.207" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fe039d9bf79 code=0x7ffc0000 [ 175.297548][ T27] audit: type=1326 audit(1770835506.093:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6649 comm="syz.3.207" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe039d9bf79 code=0x7ffc0000 [ 175.321817][ T6666] netlink: 24 bytes leftover after parsing attributes in process `syz.0.211'. [ 175.325141][ T27] audit: type=1326 audit(1770835506.093:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6649 comm="syz.3.207" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe039d9bf79 code=0x7ffc0000 [ 175.455173][ T6669] tipc: Started in network mode [ 175.469035][ T6669] tipc: Node identity ac14140f, cluster identity 4711 [ 175.497119][ T6669] tipc: New replicast peer: 255.255.255.255 [ 175.503733][ T6669] tipc: Enabled bearer , priority 10 [ 175.529913][ T6666] netlink: 4 bytes leftover after parsing attributes in process `syz.0.211'. [ 175.555301][ T6672] netlink: 12 bytes leftover after parsing attributes in process `syz.3.212'. [ 175.579655][ T6672] tipc: Disabling bearer [ 175.847414][ T6675] loop2: detected capacity change from 0 to 4096 [ 176.058580][ T6675] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 178.768067][ T5777] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 178.865199][ T6708] bridge2: entered allmulticast mode [ 179.232244][ T6713] netlink: 'syz.0.223': attribute type 1 has an invalid length. [ 179.280864][ T6713] loop0: detected capacity change from 0 to 512 [ 179.363383][ T6713] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -2 [ 179.379765][ T6713] EXT4-fs (loop0): 1 truncate cleaned up [ 179.409188][ T6713] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 179.439922][ T6713] ext4: Unknown parameter 'ì¥YðÌÚ„yµ²Fm¤ïŠ©«±ZÉ1Ø(O[½Å [ 179.439922][ T6713] ^¥Æ+EïóªØ]0rQ#Íó{ØÌŽÎcÄpç6;æ°:ªPŸrïfè˜l¿íÐIG>Žá¦?Ï…-H"’&Fþ)ð!Iˆ|.z' [ 179.842190][ T5834] usb 1-1: new full-speed USB device number 3 using dummy_hcd [ 180.776204][ T6726] netlink: 4 bytes leftover after parsing attributes in process `syz.3.227'. [ 181.221144][ T6736] bond_slave_1: entered promiscuous mode [ 181.229560][ T6736] bond_slave_1: left promiscuous mode [ 181.232798][ T5834] usb 1-1: unable to get BOS descriptor or descriptor too short [ 181.256894][ T5834] usb 1-1: not running at top speed; connect to a high speed hub [ 181.277748][ T5834] usb 1-1: config 1 has an invalid descriptor of length 3, skipping remainder of the config [ 181.297948][ T5834] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 147, changing to 4 [ 181.329340][ T5834] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 182.003301][ T6748] batadv1: entered promiscuous mode [ 182.010831][ T6748] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 182.096488][ T5834] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 182.119423][ T5834] usb 1-1: Product: syz [ 182.134070][ T5834] usb 1-1: Manufacturer: syz [ 182.143478][ T5834] usb 1-1: SerialNumber: syz [ 182.276872][ T5778] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 182.280426][ T5834] usb 1-1: can't set config #1, error -71 [ 182.294761][ T5834] usb 1-1: USB disconnect, device number 3 [ 184.766237][ T6777] UBIFS error (pid: 6777): cannot open "./file0", error -22 [ 187.761617][ T6788] loop1: detected capacity change from 0 to 128 [ 187.803927][ T6788] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 187.896580][ T6788] ext4 filesystem being mounted at /66/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 188.969888][ T5769] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 190.221984][ T6812] loop0: detected capacity change from 0 to 1024 [ 190.255696][ T6812] EXT4-fs: Ignoring removed orlov option [ 190.418438][ T6816] netlink: 132 bytes leftover after parsing attributes in process `syz.1.250'. [ 190.466334][ T5759] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 190.696278][ T5759] usb 3-1: Using ep0 maxpacket: 32 [ 190.747632][ T5759] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 32 [ 190.822816][ T5759] usb 3-1: New USB device found, idVendor=0499, idProduct=1010, bcdDevice= 5.f5 [ 190.903420][ T5759] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 190.921074][ T6812] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 190.925844][ T5759] usb 3-1: Product: syz [ 190.967182][ T5759] usb 3-1: Manufacturer: syz [ 190.977250][ T5759] usb 3-1: SerialNumber: syz [ 191.034069][ T5759] usb 3-1: config 0 descriptor?? [ 191.207653][ T6811] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 191.219836][ T5759] usb 3-1: Quirk or no altest; falling back to MIDI 1.0 [ 191.966798][ T5778] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 192.293661][ T5759] usb 3-1: USB disconnect, device number 4 [ 194.794345][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.915469][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.393229][ T6851] loop1: detected capacity change from 0 to 512 [ 195.412929][ T6851] EXT4-fs: Ignoring removed oldalloc option [ 195.721811][ T6851] EXT4-fs (loop1): 1 truncate cleaned up [ 196.354895][ T6866] netlink: 24 bytes leftover after parsing attributes in process `syz.2.265'. [ 196.708252][ T6851] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 196.980587][ T5772] Bluetooth: hci0: command 0x0406 tx timeout [ 196.986927][ T5772] Bluetooth: hci1: command 0x0406 tx timeout [ 196.993116][ T5085] Bluetooth: hci3: command 0x0406 tx timeout [ 198.862981][ T6882] xt_TCPMSS: Only works on TCP SYN packets [ 199.458664][ T5769] EXT4-fs error (device loop1): ext4_map_blocks:608: inode #2: block 13: comm syz-executor: lblock 0 mapped to illegal pblock 13 (length 1) [ 199.577762][ T5769] EXT4-fs (loop1): Remounting filesystem read-only [ 199.698610][ T6813] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 199.812058][ T27] kauditd_printk_skb: 19 callbacks suppressed [ 199.812079][ T27] audit: type=1326 audit(1770835532.063:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6885 comm="syz.2.272" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd8bdf9bf79 code=0x0 [ 201.693596][ T1081] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 201.746105][ T1081] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 20004 - 0 [ 202.644045][ T1081] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 202.654766][ T1081] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 20004 - 0 [ 202.732674][ T1081] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 202.743333][ T1081] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 20004 - 0 [ 202.895670][ T1081] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 202.951114][ T1081] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 20004 - 0 [ 204.476963][ T5775] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 204.494992][ T5775] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 204.503843][ T5775] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 204.528647][ T5775] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 204.538403][ T5775] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 204.549898][ T5775] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 206.394665][ T6953] tipc: Cannot configure node identity twice [ 206.396070][ T6961] loop2: detected capacity change from 0 to 2048 [ 206.410740][ T6958] netlink: 'syz.0.290': attribute type 1 has an invalid length. [ 206.446936][ T6961] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 206.488126][ T6958] 8021q: adding VLAN 0 to HW filter on device bond1 [ 206.686402][ T5775] Bluetooth: hci0: command tx timeout [ 207.582994][ T6962] bond1: entered allmulticast mode [ 207.591380][ T5777] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 207.675583][ T6958] bond1: (slave ip6gretap1): making interface the new active one [ 207.713458][ T6958] ip6gretap1: entered allmulticast mode [ 207.737428][ T6958] bond1: (slave ip6gretap1): Enslaving as an active interface with an up link [ 207.762359][ T6932] chnl_net:caif_netlink_parms(): no params data found [ 208.096190][ T6981] netlink: 'syz.3.294': attribute type 1 has an invalid length. [ 208.708995][ T5775] Bluetooth: hci0: command tx timeout [ 208.785337][ T6932] bridge0: port 1(bridge_slave_0) entered blocking state [ 208.793573][ T6932] bridge0: port 1(bridge_slave_0) entered disabled state [ 208.836253][ T6932] bridge_slave_0: entered allmulticast mode [ 208.843769][ T6932] bridge_slave_0: entered promiscuous mode [ 208.883769][ T6932] bridge0: port 2(bridge_slave_1) entered blocking state [ 210.377035][ T6932] bridge0: port 2(bridge_slave_1) entered disabled state [ 210.384456][ T6932] bridge_slave_1: entered allmulticast mode [ 210.416520][ T6932] bridge_slave_1: entered promiscuous mode [ 210.423699][ T6990] siw: device registration error -23 [ 210.641278][ T6932] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 210.681795][ T6932] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 210.796170][ T5775] Bluetooth: hci0: command tx timeout [ 210.990229][ T1081] hsr_slave_0: left promiscuous mode [ 211.629026][ T1081] hsr_slave_1: left promiscuous mode [ 211.686170][ T1081] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 211.693712][ T1081] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 211.781659][ T1081] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 211.815445][ T1081] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 211.866641][ T1081] bridge_slave_1: left allmulticast mode [ 211.872361][ T1081] bridge_slave_1: left promiscuous mode [ 211.897246][ T1081] bridge0: port 2(bridge_slave_1) entered disabled state [ 211.919227][ T1081] bridge_slave_0: left allmulticast mode [ 211.926178][ T1081] bridge_slave_0: left promiscuous mode [ 211.932482][ T1081] bridge0: port 1(bridge_slave_0) entered disabled state [ 212.022962][ T1081] veth1_macvtap: left promiscuous mode [ 212.042693][ T1081] veth0_macvtap: left promiscuous mode [ 212.062214][ T1081] veth1_vlan: left promiscuous mode [ 212.077054][ T1081] veth0_vlan: left promiscuous mode [ 212.866089][ T5775] Bluetooth: hci0: command tx timeout [ 213.162596][ T1081] bond1 (unregistering): (slave geneve0): Releasing active interface [ 213.588603][ T1081] bond1 (unregistering): Released all slaves [ 214.341626][ T1081] team0 (unregistering): Port device team_slave_1 removed [ 214.434994][ T1081] team0 (unregistering): Port device team_slave_0 removed [ 214.525739][ T1081] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 214.612223][ T1081] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 215.144657][ T1081] bond0 (unregistering): Released all slaves [ 215.340790][ T6932] team0: Port device team_slave_0 added [ 215.375076][ T6932] team0: Port device team_slave_1 added [ 215.532336][ T6932] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 215.541341][ T6932] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 215.578649][ T6932] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 215.747355][ T6932] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 215.754375][ T6932] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 215.783944][ T6932] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 216.522247][ T6932] hsr_slave_0: entered promiscuous mode [ 216.590331][ T6932] hsr_slave_1: entered promiscuous mode [ 218.198704][ T6932] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 218.240889][ T6932] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 218.400239][ T6932] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 218.412426][ T6932] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 219.381016][ T6932] 8021q: adding VLAN 0 to HW filter on device bond0 [ 219.540096][ T6932] 8021q: adding VLAN 0 to HW filter on device team0 [ 219.845715][ T2904] bridge0: port 1(bridge_slave_0) entered blocking state [ 219.852993][ T2904] bridge0: port 1(bridge_slave_0) entered forwarding state [ 220.269248][ T1097] bridge0: port 2(bridge_slave_1) entered blocking state [ 220.276551][ T1097] bridge0: port 2(bridge_slave_1) entered forwarding state [ 221.077610][ T6932] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 221.185845][ T7105] siw: device registration error -23 [ 222.879104][ T7141] netlink: 'syz.0.323': attribute type 10 has an invalid length. [ 222.922410][ T7141] netlink: 40 bytes leftover after parsing attributes in process `syz.0.323'. [ 222.959801][ T7141] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 223.006058][ T7141] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 223.014841][ T7141] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 223.038634][ T7141] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 223.115693][ T7146] Illegal XDP return value 4294967274 on prog (id 41) dev N/A, expect packet loss! [ 223.244384][ T7141] team0: Port device geneve0 added [ 223.410687][ T7144] debugfs: Directory 'netdev:nicvf0' with parent 'phy8' already present! [ 223.637031][ T7141] syz.0.323 (7141) used greatest stack depth: 19816 bytes left [ 223.817429][ T6932] veth0_vlan: entered promiscuous mode [ 223.886986][ T6932] veth1_vlan: entered promiscuous mode [ 223.981108][ T6932] veth0_macvtap: entered promiscuous mode [ 224.919667][ T6932] veth1_macvtap: entered promiscuous mode [ 225.065003][ T6932] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 225.077106][ T6932] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 225.090870][ T6932] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 225.120458][ T6932] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 225.140858][ T6932] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 225.157386][ T7159] loop0: detected capacity change from 0 to 512 [ 225.168253][ T6932] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 225.194528][ T6932] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 225.221533][ T6932] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 225.232180][ T6932] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 225.244527][ T6932] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 225.270578][ T7159] Quota error (device loop0): v2_read_file_info: Free block number 1 out of range (1, 6). [ 225.322779][ T7159] EXT4-fs warning (device loop0): ext4_enable_quotas:7184: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 225.368558][ T7159] EXT4-fs (loop0): mount failed [ 225.543484][ T1081] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 225.572389][ T1081] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 225.679481][ T1081] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 225.693672][ T1081] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 225.925179][ T7177] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check. [ 226.218115][ T7177] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check. [ 226.234790][ T7186] fuse: root generation should be zero [ 231.879419][ T7214] tipc: Started in network mode [ 231.890859][ T7214] tipc: Node identity 4, cluster identity 4711 [ 231.911056][ T7214] tipc: Node number set to 4 [ 238.126429][ T7260] netlink: 4 bytes leftover after parsing attributes in process `syz.3.345'. [ 242.366009][ T7310] ipvlan2: entered allmulticast mode [ 242.392841][ T7310] dummy0: entered allmulticast mode [ 243.691592][ T7322] libceph: resolve '4..' (ret=-3): failed [ 243.776524][ T7317] loop0: detected capacity change from 0 to 8192 [ 243.836819][ T7324] xt_recent: Unsupported userspace flags (000000b1) [ 243.994385][ T7317] loop0: p1 p2 p3 p4 [ 244.018916][ T7334] loop2: detected capacity change from 0 to 16 [ 244.056964][ T7317] loop0: partition table partially beyond EOD, truncated [ 244.068548][ T7334] erofs: Unknown parameter './cgroup/syz1' [ 244.094497][ T7317] loop0: p1 start 16777216 is beyond EOD, truncated [ 244.130328][ T7329] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 244.252834][ T7317] loop0: p4 start 16777223 is beyond EOD, truncated [ 245.424282][ T7329] udevd[7329]: inotify_add_watch(7, /dev/loop0p2, 10) failed: No such file or directory [ 245.495431][ T7193] udevd[7193]: inotify_add_watch(7, /dev/loop0p3, 10) failed: No such file or directory [ 247.794726][ T7377] loop0: detected capacity change from 0 to 512 [ 252.570597][ T7404] ptrace attach of "./syz-executor exec"[7405] was attempted by "./syz-executor exec"[7404] [ 256.240005][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.252559][ T7428] loop0: detected capacity change from 0 to 1024 [ 256.259138][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.518979][ T27] audit: type=1800 audit(1770835588.773:144): pid=7428 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.379" name="file1" dev="loop0" ino=2 res=0 errno=0 [ 262.966959][ T7498] loop2: detected capacity change from 0 to 512 [ 262.988105][ T7498] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 263.825281][ T7498] EXT4-fs (loop2): 1 truncate cleaned up [ 263.855790][ T7498] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 265.401395][ T5777] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 265.561794][ T7525] netlink: 12 bytes leftover after parsing attributes in process `syz.0.396'. [ 265.572050][ T7525] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 268.897687][ T7553] netlink: 8 bytes leftover after parsing attributes in process `syz.0.404'. [ 270.028117][ T28] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 271.167253][ T28] usb 5-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 271.177685][ T28] usb 5-1: config 220 has 1 interface, different from the descriptor's value: 3 [ 271.187094][ T28] usb 5-1: config 220 interface 0 has no altsetting 0 [ 271.211086][ T28] usb 5-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 271.230515][ T28] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 271.248737][ T28] usb 5-1: Product: syz [ 271.259355][ T28] usb 5-1: Manufacturer: syz [ 271.268178][ T28] usb 5-1: SerialNumber: syz [ 271.882758][ T28] usb 5-1: Found UVC 0.00 device syz (8086:0b07) [ 271.954706][ T28] usb 5-1: No valid video chain found. [ 272.058265][ T28] usb 5-1: USB disconnect, device number 2 [ 272.462529][ T7591] tmpfs: Bad value for 'huge' [ 273.343107][ T7600] netlink: 4 bytes leftover after parsing attributes in process `syz.4.412'. [ 273.666064][ T5775] Bluetooth: hci0: command tx timeout [ 273.687840][ T7605] 9pnet: p9_errstr2errno: server reported unknown error @0xffffffffffffffff [ 275.419368][ T7626] netlink: 16 bytes leftover after parsing attributes in process `syz.3.416'. [ 276.569430][ T7632] netlink: 60 bytes leftover after parsing attributes in process `syz.3.420'. [ 276.995453][ T7644] netlink: 4 bytes leftover after parsing attributes in process `syz.3.423'. [ 279.361329][ T7668] netlink: 'syz.2.427': attribute type 11 has an invalid length. [ 279.369280][ T7668] netlink: 36 bytes leftover after parsing attributes in process `syz.2.427'. [ 280.997118][ T7674] netlink: 'syz.0.429': attribute type 5 has an invalid length. [ 286.761738][ T7733] syz.3.440 (7733) used greatest stack depth: 16336 bytes left [ 287.140751][ T7741] ipt_REJECT: ECHOREPLY no longer supported. [ 288.094554][ T7750] netlink: 'syz.3.445': attribute type 9 has an invalid length. [ 289.147484][ T5775] Bluetooth: hci1: unexpected event for opcode 0x2043 [ 290.764150][ T5835] IPVS: starting estimator thread 0... [ 290.811541][ T7775] loop2: detected capacity change from 0 to 2048 [ 291.808613][ T7782] IPVS: using max 17 ests per chain, 40800 per kthread [ 291.924644][ T7775] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 292.372705][ T7796] netlink: 'syz.0.455': attribute type 9 has an invalid length. [ 293.420179][ T5775] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 293.473122][ T5775] Bluetooth: hci1: Injecting HCI hardware error event [ 293.488629][ T5775] Bluetooth: hci1: hardware error 0x00 [ 295.533933][ T7838] ptrace attach of "./syz-executor exec"[6932] was attempted by " [ 295.757994][ T5775] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 295.875040][ T7839] 9pnet_fd: Insufficient options for proto=fd [ 297.590801][ T7876] loop0: detected capacity change from 0 to 1024 [ 297.663903][ T7876] hfsplus: invalid file type 0177777 for inode 2 [ 297.732398][ T7876] hfsplus: failed to load root directory [ 297.796230][ T5759] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 298.096226][ T5759] usb 5-1: Using ep0 maxpacket: 16 [ 298.245104][ T5759] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 299.008565][ T7876] loop0: detected capacity change from 0 to 2048 [ 299.047365][ T5759] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 299.058741][ T5759] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 299.068854][ T5759] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 299.082806][ T5759] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 299.099341][ T5759] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 299.108825][ T5759] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 299.117299][ T5759] usb 5-1: Manufacturer: syz [ 299.124644][ T5759] usb 5-1: config 0 descriptor?? [ 299.137243][ T7876] UDF-fs: warning (device loop0): udf_fill_super: No fileset found [ 300.237432][ T7898] netlink: 8 bytes leftover after parsing attributes in process `syz.0.474'. [ 300.686120][ T5759] rc_core: IR keymap rc-hauppauge not found [ 300.708095][ T5759] Registered IR keymap rc-empty [ 300.749104][ T5759] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 300.857115][ T5759] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 300.947279][ T5759] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0 [ 303.482655][ T5759] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input5 [ 303.511131][ T5759] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 303.743459][ T5759] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 304.936083][ T5759] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 304.966331][ T5759] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 305.007023][ T5759] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 305.093723][ T5759] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 305.147229][ T5759] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 305.377115][ T5759] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 305.449914][ T5759] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 305.518266][ T5759] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 305.598528][ T5759] mceusb 5-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 305.671140][ T5759] mceusb 5-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 305.784188][ T5759] usb 5-1: USB disconnect, device number 3 [ 308.164508][ T7948] loop0: detected capacity change from 0 to 2048 [ 308.467187][ T7948] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 308.570484][ T7959] xt_TPROXY: Can be used only with -p tcp or -p udp [ 309.430339][ T7961] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 309.525549][ T5775] Bluetooth: hci2: command 0x0406 tx timeout [ 309.713299][ T5778] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 313.309563][ T7983] IPv6: NLM_F_REPLACE set, but no existing node found! [ 315.832098][ T8004] loop2: detected capacity change from 0 to 128 [ 315.856476][ T8004] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem [ 315.904409][ T8004] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 315.952011][ T8004] ext2 filesystem being mounted at /113/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 317.060080][ T5777] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 317.716909][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.723709][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.874042][ T8013] syz_tun: entered allmulticast mode [ 323.201303][ T8032] tipc: Enabled bearer , priority 10 [ 323.285250][ T8032] netlink: 104 bytes leftover after parsing attributes in process `syz.4.507'. [ 323.399415][ T8032] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb [ 323.422663][ T8032] tipc: Enabled bearer , priority 10 [ 323.677150][ T8038] netlink: 4 bytes leftover after parsing attributes in process `syz.4.509'. [ 323.718570][ T8038] syz_tun: entered promiscuous mode [ 323.734911][ T8038] macvtap1: entered promiscuous mode [ 323.757843][ T8038] macvtap1: entered allmulticast mode [ 323.779453][ T8041] syz_tun: left promiscuous mode [ 323.993495][ T8045] loop0: detected capacity change from 0 to 2048 [ 324.177349][ T8045] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 330.289234][ T5775] Bluetooth: hci0: command 0x0406 tx timeout [ 331.040144][ T8113] xt_cluster: node mask cannot exceed total number of nodes [ 334.054243][ T8122] kvm: kvm [8121]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x243 [ 334.107143][ T8122] kvm: kvm [8121]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0xaf51 [ 334.136597][ T8122] kvm: kvm [8121]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x2b60 [ 334.181689][ T8122] kvm: kvm [8121]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0xd6f8 [ 334.225125][ T8122] kvm: kvm [8121]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x108b [ 334.411278][ T8135] wireguard: wg1: Could not create IPv4 socket [ 336.537599][ T8144] netlink: 'syz.0.535': attribute type 1 has an invalid length. [ 337.614138][ T8151] 8021q: adding VLAN 0 to HW filter on device bond3 [ 337.622831][ T8151] bond2: (slave bond3): making interface the new active one [ 337.630787][ T8151] bond2: (slave bond3): Enslaving as an active interface with an up link [ 337.719602][ T8160] IPv6: NLM_F_REPLACE set, but no existing node found! [ 337.743292][ T8144] bond2: (slave gretap1): Enslaving as a backup interface with an up link [ 337.803344][ T8144] netlink: 28 bytes leftover after parsing attributes in process `syz.0.535'. [ 337.988069][ T8144] 8021q: adding VLAN 0 to HW filter on device bond2 [ 340.028772][ T8177] netlink: 201392 bytes leftover after parsing attributes in process `syz.3.540'. [ 341.697427][ T8194] loop2: detected capacity change from 0 to 512 [ 341.738278][ T8194] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 341.847293][ T8194] EXT4-fs (loop2): 1 truncate cleaned up [ 341.863417][ T8194] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 343.246635][ T8201] netlink: 8 bytes leftover after parsing attributes in process `syz.0.546'. [ 343.607566][ T5777] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 347.597229][ T51] Bluetooth: hci2: unexpected event for opcode 0x0c1c [ 351.706019][ T51] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 351.715971][ T51] Bluetooth: hci2: Injecting HCI hardware error event [ 351.724933][ T5775] Bluetooth: hci2: hardware error 0x00 [ 352.408923][ T8289] x_tables: ip6_tables: sctp match: only valid for protocol 132 [ 353.625759][ T8294] loop2: detected capacity change from 0 to 128 [ 353.664076][ T8294] FAT-fs (loop2): Unrecognized mount option "18446744073709551615ÿÿÿ" or missing value [ 353.875100][ T5775] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 353.986240][ T8298] netlink: 'syz.3.572': attribute type 1 has an invalid length. [ 354.114872][ T8300] netdevsim netdevsim3 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0 [ 354.189200][ T8300] netdevsim netdevsim3 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0 [ 354.220499][ T8300] netdevsim netdevsim3 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0 [ 354.251665][ T8300] netdevsim netdevsim3 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0 [ 354.349159][ T8300] bond1: (slave geneve2): making interface the new active one [ 354.373907][ T7329] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 354.432800][ T8300] bond1: (slave geneve2): Enslaving as an active interface with an up link [ 354.521383][ T8298] netlink: 28 bytes leftover after parsing attributes in process `syz.3.572'. [ 354.578266][ T8298] 8021q: adding VLAN 0 to HW filter on device bond1 [ 360.098966][ T8325] loop2: detected capacity change from 0 to 1024 [ 360.136036][ T8325] EXT4-fs (loop2): couldn't mount as ext3 due to feature incompatibilities [ 363.405517][ T23] IPVS: starting estimator thread 0... [ 363.506350][ T8358] IPVS: using max 18 ests per chain, 43200 per kthread [ 363.593013][ T8362] mac80211_hwsim hwsim6 wlan1: entered allmulticast mode [ 365.017087][ T8362] warning: `syz.3.593' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 368.093414][ T8371] bond1: (slave geneve2): Releasing active interface [ 368.500388][ T8382] loop2: detected capacity change from 0 to 2048 [ 369.807230][ T8371] netdevsim netdevsim3 netdevsim0: unset [1, 1] type 2 family 0 port 20000 - 0 [ 369.833820][ T8382] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 369.846834][ T8371] netdevsim netdevsim3 netdevsim1: unset [1, 1] type 2 family 0 port 20000 - 0 [ 369.857316][ T8371] netdevsim netdevsim3 netdevsim2: unset [1, 1] type 2 family 0 port 20000 - 0 [ 369.866875][ T8371] netdevsim netdevsim3 netdevsim3: unset [1, 1] type 2 family 0 port 20000 - 0 [ 369.898151][ T8362] netlink: 'syz.3.593': attribute type 10 has an invalid length. [ 369.920827][ T8362] mac80211_hwsim hwsim6 wlan1: left allmulticast mode [ 369.949132][ T8362] bond0: (slave wlan1): refused to change device type [ 370.035216][ T8375] netlink: 14 bytes leftover after parsing attributes in process `syz.3.593'. [ 370.193090][ T8375] bond0 (unregistering): Released all slaves [ 370.403728][ T8391] loop2: detected capacity change from 0 to 512 [ 370.432468][ T8391] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 370.503046][ T8391] EXT4-fs error (device loop2): ext4_orphan_get:1424: comm syz.2.600: bad orphan inode 131083 [ 370.567786][ T8391] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 372.158060][ T5777] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 372.574435][ T5775] Bluetooth: hci0: ACL packet for unknown connection handle 200 [ 379.581341][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 379.588489][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 380.066345][ T8471] netlink: 4096 bytes leftover after parsing attributes in process `syz.4.616'. [ 380.076137][ T8471] openvswitch: netlink: ct_state flags 00030000 unsupported [ 386.729658][ T8507] netlink: 8 bytes leftover after parsing attributes in process `syz.0.626'. [ 389.162537][ T27] audit: type=1326 audit(1770835721.413:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8527 comm="syz.4.633" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd854f9bf79 code=0x7ffc0000 [ 389.200423][ T27] audit: type=1326 audit(1770835721.413:146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8527 comm="syz.4.633" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd854f9bf79 code=0x7ffc0000 [ 389.223763][ T27] audit: type=1326 audit(1770835721.413:147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8527 comm="syz.4.633" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd854f9bf79 code=0x7ffc0000 [ 389.254927][ T27] audit: type=1326 audit(1770835721.413:148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8527 comm="syz.4.633" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7fd854f9bf79 code=0x7ffc0000 [ 389.487541][ T27] audit: type=1326 audit(1770835721.413:149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8527 comm="syz.4.633" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd854f9bf79 code=0x7ffc0000 [ 389.554206][ T27] audit: type=1326 audit(1770835721.413:150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8527 comm="syz.4.633" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd854f9bf79 code=0x7ffc0000 [ 390.554764][ T27] audit: type=1326 audit(1770835721.413:151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8527 comm="syz.4.633" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd854f9bf79 code=0x7ffc0000 [ 390.617502][ T8537] loop4: detected capacity change from 0 to 128 [ 390.675736][ T27] audit: type=1326 audit(1770835721.433:152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8527 comm="syz.4.633" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd854f9bf79 code=0x7ffc0000 [ 390.791325][ T8537] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 390.823613][ T27] audit: type=1326 audit(1770835721.433:153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8527 comm="syz.4.633" exe="/root/syz-executor" sig=0 arch=c000003e syscall=201 compat=0 ip=0x7fd854f9bf79 code=0x7ffc0000 [ 390.876472][ T8537] ext4 filesystem being mounted at /68/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 390.888067][ T27] audit: type=1326 audit(1770835721.433:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8527 comm="syz.4.633" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd854f9bf79 code=0x7ffc0000 [ 393.024806][ T6932] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 394.367028][ T23] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 394.595986][ T23] usb 1-1: Using ep0 maxpacket: 16 [ 394.628648][ T23] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 394.678558][ T23] usb 1-1: config 1 has no interface number 1 [ 394.710933][ T23] usb 1-1: config 1 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 394.754153][ T23] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0 [ 394.786053][ T23] usb 1-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 394.818779][ T23] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 394.845982][ T23] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 394.874447][ T23] usb 1-1: Product: syz [ 394.880310][ T23] usb 1-1: Manufacturer: syz [ 394.895195][ T23] usb 1-1: SerialNumber: syz [ 395.201102][ T5835] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 396.487289][ T23] usb 1-1: 2:1 : no UAC_FORMAT_TYPE desc [ 396.526130][ T23] usb 1-1: USB disconnect, device number 4 [ 396.574712][ T5835] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 396.585289][ T5835] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 396.591000][ T7329] udevd[7329]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 396.596525][ T5835] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 396.632038][ T5835] usb 5-1: config 0 descriptor?? [ 396.694407][ T5835] pwc: Askey VC010 type 2 USB webcam detected. [ 397.050802][ T8605] netlink: 32 bytes leftover after parsing attributes in process `syz.2.653'. [ 397.063411][ T8605] netlink: 32 bytes leftover after parsing attributes in process `syz.2.653'. [ 397.083425][ T5835] pwc: recv_control_msg error -32 req 02 val 2b00 [ 397.091840][ T5835] pwc: recv_control_msg error -32 req 02 val 2700 [ 397.100121][ T5835] pwc: recv_control_msg error -32 req 02 val 2c00 [ 397.112885][ T5835] pwc: recv_control_msg error -32 req 04 val 1000 [ 397.121686][ T5835] pwc: recv_control_msg error -32 req 04 val 1300 [ 397.129569][ T5835] pwc: recv_control_msg error -32 req 04 val 1400 [ 397.139198][ T5835] pwc: recv_control_msg error -32 req 02 val 2000 [ 397.154929][ T5835] pwc: recv_control_msg error -32 req 02 val 2100 [ 397.164364][ T5835] pwc: recv_control_msg error -32 req 04 val 1500 [ 397.176748][ T5835] pwc: recv_control_msg error -32 req 02 val 2500 [ 397.184488][ T5835] pwc: recv_control_msg error -32 req 02 val 2400 [ 397.559638][ T5835] pwc: recv_control_msg error -71 req 02 val 2900 [ 397.703803][ T5835] pwc: recv_control_msg error -71 req 02 val 2800 [ 397.825091][ T5835] pwc: recv_control_msg error -71 req 04 val 1100 [ 397.919236][ T5835] pwc: recv_control_msg error -71 req 04 val 1200 [ 398.246493][ T5835] pwc: Registered as video103. [ 398.254314][ T5835] input: PWC snapshot button as /devices/platform/dummy_hcd.4/usb5/5-1/input/input6 [ 399.415979][ T5835] usb 5-1: USB disconnect, device number 4 [ 407.244997][ T27] kauditd_printk_skb: 58 callbacks suppressed [ 407.245015][ T27] audit: type=1326 audit(1770835739.503:213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8648 comm="syz.0.665" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9fe799bf79 code=0x7ffc0000 [ 407.286206][ T27] audit: type=1326 audit(1770835739.513:214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8648 comm="syz.0.665" exe="/root/syz-executor" sig=0 arch=c000003e syscall=273 compat=0 ip=0x7f9fe795846c code=0x7ffc0000 [ 407.309491][ T27] audit: type=1326 audit(1770835739.513:215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8648 comm="syz.0.665" exe="/root/syz-executor" sig=0 arch=c000003e syscall=14 compat=0 ip=0x7f9fe79584ce code=0x7ffc0000 [ 408.726502][ T27] audit: type=1326 audit(1770835739.513:216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8648 comm="syz.0.665" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f9fe799bc0b code=0x7ffc0000 [ 409.006745][ T27] audit: type=1326 audit(1770835739.513:217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8648 comm="syz.0.665" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7f9fe799bf79 code=0x7ffc0000 [ 409.071178][ T27] audit: type=1326 audit(1770835739.513:218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8648 comm="syz.0.665" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9fe799bf79 code=0x7ffc0000 [ 409.110461][ T27] audit: type=1326 audit(1770835739.513:219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8648 comm="syz.0.665" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9fe799bf79 code=0x7ffc0000 [ 409.155516][ T27] audit: type=1326 audit(1770835739.543:220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8648 comm="syz.0.665" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9fe799bf79 code=0x7ffc0000 [ 410.485468][ T27] audit: type=1326 audit(1770835739.543:221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8648 comm="syz.0.665" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9fe799bf79 code=0x7ffc0000 [ 410.605189][ T27] audit: type=1326 audit(1770835739.543:222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8648 comm="syz.0.665" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9fe799bf79 code=0x7ffc0000 [ 410.779229][ T5775] Bluetooth: hci3: unexpected event for opcode 0x080d [ 414.192198][ T8703] netlink: 'syz.2.679': attribute type 4 has an invalid length. [ 414.786232][ T5775] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 414.796454][ T5775] Bluetooth: hci3: Injecting HCI hardware error event [ 414.807999][ T51] Bluetooth: hci3: hardware error 0x00 [ 415.573079][ T27] kauditd_printk_skb: 60 callbacks suppressed [ 415.573097][ T27] audit: type=1326 audit(1770835747.833:283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8709 comm="syz.2.681" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8bdf9bf79 code=0x7ffc0000 [ 415.626353][ T27] audit: type=1326 audit(1770835747.873:284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8709 comm="syz.2.681" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8bdf9bf79 code=0x7ffc0000 [ 415.649337][ T27] audit: type=1326 audit(1770835747.893:285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8709 comm="syz.2.681" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8bdf9bf79 code=0x7ffc0000 [ 415.862290][ T27] audit: type=1326 audit(1770835747.893:286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8709 comm="syz.2.681" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7fd8bdf9bf79 code=0x7ffc0000 [ 415.940285][ T27] audit: type=1326 audit(1770835747.893:287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8709 comm="syz.2.681" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8bdf9bf79 code=0x7ffc0000 [ 417.128877][ T27] audit: type=1326 audit(1770835747.893:288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8709 comm="syz.2.681" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8bdf9bf79 code=0x7ffc0000 [ 417.163212][ T27] audit: type=1326 audit(1770835747.893:289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8709 comm="syz.2.681" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8bdf9bf79 code=0x7ffc0000 [ 417.215657][ T27] audit: type=1326 audit(1770835747.893:290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8709 comm="syz.2.681" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8bdf9bf79 code=0x7ffc0000 [ 417.369571][ T27] audit: type=1326 audit(1770835747.893:291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8709 comm="syz.2.681" exe="/root/syz-executor" sig=0 arch=c000003e syscall=201 compat=0 ip=0x7fd8bdf9bf79 code=0x7ffc0000 [ 417.403496][ T27] audit: type=1326 audit(1770835747.893:292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8709 comm="syz.2.681" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8bdf9bf79 code=0x7ffc0000 [ 417.946403][ T51] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 419.724069][ T8741] netlink: 2 bytes leftover after parsing attributes in process `syz.2.689'. [ 420.958018][ T8758] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic [ 422.289584][ T8767] loop4: detected capacity change from 0 to 128 [ 422.304035][ T8767] FAT-fs (loop4): Unrecognized mount option "18446744073709551615ÿÿÿ" or missing value [ 424.506260][ T8788] loop4: detected capacity change from 0 to 2048 [ 425.401969][ T8788] UDF-fs: error (device loop4): udf_process_sequence: Primary Volume Descriptor not found! [ 425.709227][ T8788] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 433.190029][ T8845] loop4: detected capacity change from 0 to 512 [ 433.197519][ T8845] EXT4-fs: Ignoring removed i_version option [ 433.209764][ T8845] EXT4-fs (loop4): orphan cleanup on readonly fs [ 433.221999][ T8845] EXT4-fs warning (device loop4): ext4_xattr_inode_get:560: inode #11: comm syz.4.719: EA inode hash validation failed [ 433.235597][ T8845] EXT4-fs warning (device loop4): ext4_expand_extra_isize_ea:2853: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 433.249408][ T8845] EXT4-fs error (device loop4): ext4_xattr_inode_update_ref:1037: inode #11: comm syz.4.719: EA inode 11 ref wraparound: ref_count=0 ref_change=-1 [ 433.277846][ T8845] EXT4-fs (loop4): Remounting filesystem read-only [ 433.284508][ T8845] EXT4-fs warning (device loop4): ext4_xattr_inode_dec_ref_all:1231: inode #11: comm syz.4.719: ea_inode dec ref err=-117 [ 433.298538][ T8845] EXT4-fs warning (device loop4): ext4_evict_inode:272: xattr delete (err -5) [ 433.307724][ T8845] EXT4-fs (loop4): 1 orphan inode deleted [ 433.315063][ T8845] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 433.581792][ T6932] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 433.732546][ T8854] 9pnet: p9_errstr2errno: server reported unknown error aaaaaaaaaa [ 436.341859][ T8867] mac80211_hwsim hwsim9 wlan1: entered allmulticast mode [ 436.353991][ T8873] bridge_slave_0: left allmulticast mode [ 436.360108][ T8873] bridge_slave_0: left promiscuous mode [ 436.366511][ T8873] bridge0: port 1(bridge_slave_0) entered disabled state [ 436.434742][ T8873] bridge_slave_1: left allmulticast mode [ 436.457744][ T8873] bridge_slave_1: left promiscuous mode [ 436.474825][ T8873] bridge0: port 2(bridge_slave_1) entered disabled state [ 436.511713][ T8873] bond0: (slave bond_slave_0): Releasing backup interface [ 436.572108][ T8873] bond0: (slave bond_slave_1): Releasing backup interface [ 436.629987][ T8873] team0: Port device team_slave_0 removed [ 436.694523][ T8873] team0: Port device team_slave_1 removed [ 436.701298][ T8873] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 436.711407][ T8873] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 436.722031][ T8873] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 436.731564][ T8873] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 436.976148][ T8873] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 436.988558][ T8873] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 437.692405][ T8873] team0: Port device geneve0 removed [ 437.957478][ T8873] bond1: (slave ip6gretap1): Releasing active interface [ 437.964598][ T8873] ip6gretap1: left allmulticast mode [ 438.037688][ T8873] bond2: (slave bond3): Releasing backup interface [ 438.044280][ T8873] bond2: (slave bond3): the permanent HWaddr of slave - ee:c6:f9:68:42:bc - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts [ 438.266747][ T8873] bond2: (slave gretap1): making interface the new active one [ 438.687113][ T8873] bond2: (slave gretap1): Releasing backup interface [ 438.821457][ T8876] netlink: 'syz.0.721': attribute type 10 has an invalid length. [ 438.829596][ T8876] mac80211_hwsim hwsim9 wlan1: left allmulticast mode [ 438.836671][ T8876] bond0: (slave wlan1): refused to change device type [ 438.843900][ T8867] netlink: 14 bytes leftover after parsing attributes in process `syz.0.721'. [ 438.890491][ T8867] bond0 (unregistering): Released all slaves [ 440.668238][ T8929] loop4: detected capacity change from 0 to 16 [ 441.236496][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 441.242911][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 441.267840][ T8929] erofs: (device loop4): mounted with root inode @ nid 36. [ 441.290619][ T8925] erofs: (device loop4): z_erofs_read_folio: read error -117 @ 0 of nid 36 [ 441.299809][ T8925] erofs: (device loop4): erofs_readdir: fail to readdir of logical block 0 of nid 36 [ 443.757123][ T8956] atomic_op ffff88807a385198 conn xmit_atomic 0000000000000000 [ 446.576043][ T8971] hub 8-0:1.0: USB hub found [ 446.584980][ T8971] hub 8-0:1.0: 1 port detected [ 446.866728][ T8971] loop4: detected capacity change from 0 to 1024 [ 446.879416][ T8971] EXT4-fs: inline encryption not supported [ 447.233460][ T8971] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 447.347195][ T8971] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 449.560411][ T6932] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 453.226557][ T8997] loop4: detected capacity change from 0 to 128 [ 453.291475][ T8997] vfat filesystem being mounted at /96/file0 supports timestamps until 2107-12-31 (0x10391447e) [ 453.773541][ T27] kauditd_printk_skb: 68 callbacks suppressed [ 453.773585][ T27] audit: type=1804 audit(3918319433.898:361): pid=8997 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.755" name="/newroot/96/file0/bus" dev="loop4" ino=1048616 res=1 errno=0 [ 454.265939][ T27] audit: type=1804 audit(3918319434.008:362): pid=8997 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.755" name="/newroot/96/file0/bus" dev="loop4" ino=1048616 res=1 errno=0 [ 454.429429][ T27] audit: type=1804 audit(3918319434.118:363): pid=8997 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.755" name="/newroot/96/file0/bus" dev="loop4" ino=1048616 res=1 errno=0 [ 461.576530][ T9063] netlink: 3 bytes leftover after parsing attributes in process `syz.0.768'. [ 461.625463][ T9063] batadv1: entered allmulticast mode [ 466.173069][ T9086] loop4: detected capacity change from 0 to 1024 [ 466.764235][ T9086] hfsplus: Filesystem was not cleanly unmounted, running fsck.hfsplus is recommended. mounting read-only. [ 467.224293][ T9095] netlink: 12 bytes leftover after parsing attributes in process `syz.3.779'. [ 475.241085][ T9153] netlink: 4 bytes leftover after parsing attributes in process `syz.4.796'. [ 483.666684][ T9227] fuse: Bad value for 'fd' [ 490.456695][ T5759] IPVS: starting estimator thread 0... [ 490.596818][ T9292] IPVS: using max 16 ests per chain, 38400 per kthread [ 492.836718][ T9308] netlink: 'syz.0.836': attribute type 1 has an invalid length. [ 492.844432][ T9308] netlink: 'syz.0.836': attribute type 4 has an invalid length. [ 492.869909][ T9308] netlink: 15334 bytes leftover after parsing attributes in process `syz.0.836'. [ 496.467037][ T9327] netlink: 'syz.0.844': attribute type 1 has an invalid length. [ 496.552549][ T9327] 8021q: adding VLAN 0 to HW filter on device bond0 [ 496.667836][ T9329] bond0: (slave gretap2): making interface the new active one [ 496.698797][ T9329] bond0: (slave gretap2): Enslaving as an active interface with an up link [ 497.842359][ T9337] syzkaller0: entered promiscuous mode [ 497.885688][ T9337] syzkaller0: entered allmulticast mode [ 500.004219][ T9371] syzkaller0: entered promiscuous mode [ 500.009907][ T9371] syzkaller0: entered allmulticast mode [ 501.162567][ T9379] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 501.171835][ T9379] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 501.180896][ T9379] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 501.191010][ T9379] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 502.540599][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 502.547209][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 519.177225][ T9530] loop4: detected capacity change from 0 to 16 [ 519.191595][ T9530] erofs: (device loop4): mounted with root inode @ nid 36. [ 520.444381][ T9550] netlink: 40 bytes leftover after parsing attributes in process `syz.4.896'. [ 521.228421][ T9547] netlink: 4 bytes leftover after parsing attributes in process `syz.3.897'. [ 521.335952][ T9547] netlink: 4 bytes leftover after parsing attributes in process `syz.3.897'. [ 524.802900][ T9588] netlink: 20 bytes leftover after parsing attributes in process `syz.4.906'. [ 527.239503][ T5864] IPVS: starting estimator thread 0... [ 527.516058][ T9609] IPVS: using max 19 ests per chain, 45600 per kthread [ 531.234995][ T27] audit: type=1326 audit(3918319511.448:364): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9611 comm="syz.4.913" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd854f9bf79 code=0x7fc00000 [ 532.200557][ T27] audit: type=1326 audit(3918319512.448:365): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9611 comm="syz.4.913" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fd854f9bf79 code=0x7fc00000 [ 532.624219][ T9647] No such timeout policy "syz1" [ 533.595209][ T9655] netlink: 184 bytes leftover after parsing attributes in process `syz.0.923'. [ 555.983716][ T9803] Bluetooth: MGMT ver 1.22 [ 565.878734][ T9844] xt_CT: You must specify a L4 protocol and not use inversions on it [ 566.179144][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 566.185600][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 573.844212][ T9907] tipc: Enabled bearer , priority 0 [ 575.043827][ T5779] tipc: Node number set to 2886997007 [ 582.685976][ T27] audit: type=1326 audit(3918319562.868:366): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9970 comm="syz.4.1004" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd854f9bf79 code=0x7ffc0000 [ 584.126226][ T27] audit: type=1326 audit(3918319562.878:367): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9970 comm="syz.4.1004" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd854f9bf79 code=0x7ffc0000 [ 584.489861][ T9981] tipc: Started in network mode [ 584.496738][ T27] audit: type=1326 audit(3918319562.878:368): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9970 comm="syz.4.1004" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7fd854f9bf79 code=0x7ffc0000 [ 584.515795][ T9981] tipc: Node identity 4, cluster identity 4711 [ 584.532354][ T9981] tipc: Node number set to 4 [ 584.535296][ T27] audit: type=1326 audit(3918319562.878:369): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9970 comm="syz.4.1004" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd854f9bf79 code=0x7ffc0000 [ 584.584417][ T9983] tipc: Enabling of bearer rejected, already enabled [ 584.807807][ T27] audit: type=1326 audit(3918319562.878:370): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9970 comm="syz.4.1004" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd854f9bf79 code=0x7ffc0000 [ 585.675959][ T27] audit: type=1326 audit(3918319562.878:371): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9970 comm="syz.4.1004" exe="/root/syz-executor" sig=0 arch=c000003e syscall=37 compat=0 ip=0x7fd854f9bf79 code=0x7ffc0000 [ 585.785884][ T27] audit: type=1326 audit(3918319562.878:372): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9970 comm="syz.4.1004" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd854f9bf79 code=0x7ffc0000 [ 585.932734][ T27] audit: type=1326 audit(3918319562.878:373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9970 comm="syz.4.1004" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd854f9bf79 code=0x7ffc0000 [ 585.958301][ T27] audit: type=1326 audit(3918319562.878:374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9970 comm="syz.4.1004" exe="/root/syz-executor" sig=0 arch=c000003e syscall=37 compat=0 ip=0x7fd854f9bf79 code=0x7ffc0000 [ 585.982087][ T27] audit: type=1326 audit(3918319562.878:375): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9970 comm="syz.4.1004" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd854f9bf79 code=0x7ffc0000 [ 586.230365][ T9996] siw: device registration error -23 [ 589.316301][T10009] xt_TCPMSS: Only works on TCP SYN packets [ 594.686170][T10038] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 594.686170][T10038] The task syz.2.1020 (10038) triggered the difference, watch for misbehavior. [ 602.436075][T10095] overlayfs: failed to clone upperpath [ 608.597786][T10146] netlink: 'syz.4.1046': attribute type 2 has an invalid length. [ 622.622171][T10225] tipc: Enabled bearer , priority 0 [ 622.646369][T10225] syzkaller0: entered promiscuous mode [ 622.672490][T10225] syzkaller0: entered allmulticast mode [ 623.773958][T10230] tipc: Resetting bearer [ 623.922679][T10220] tipc: Resetting bearer [ 624.048574][T10220] tipc: Disabling bearer [ 624.874744][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.886079][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 627.565354][T10265] capability: warning: `syz.4.1067' uses deprecated v2 capabilities in a way that may be insecure [ 627.579260][T10265] printk: syz.4.1067 (10265): Attempt to access syslog with CAP_SYS_ADMIN but no CAP_SYSLOG (deprecated). [ 631.050906][T10300] openvswitch: netlink: ufid size 17 bytes exceeds the range (1, 16) [ 631.659050][T10310] tipc: Enabling of bearer rejected, already enabled [ 632.126306][T10318] xt_l2tp: v2 tid > 0xffff: 37482740 [ 637.924004][ T5779] usb 1-1: new full-speed USB device number 5 using dummy_hcd [ 638.251767][ T5779] usb 1-1: config 0 interface 0 altsetting 251 endpoint 0x9 has an invalid bInterval 0, changing to 4 [ 638.263355][ T5779] usb 1-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid maxpacket 15380, setting to 1023 [ 638.428674][ T5779] usb 1-1: config 0 interface 0 has no altsetting 0 [ 638.544419][ T5779] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 638.553967][ T5779] usb 1-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 638.635401][ T5779] usb 1-1: Product: syz [ 638.639672][ T5779] usb 1-1: Manufacturer: syz [ 638.671159][ T5779] usb 1-1: SerialNumber: syz [ 638.737087][ T5779] usb 1-1: config 0 descriptor?? [ 638.754664][ T5779] usb 1-1: selecting invalid altsetting 0 [ 640.241073][T10420] usb 1-1: cannot submit urb 0, error -2: endpoint not enabled [ 640.252944][ T5835] usb 1-1: USB disconnect, device number 5 [ 641.527814][T10432] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1103'. [ 650.049024][T10474] xt_TCPMSS: Only works on TCP SYN packets [ 651.961290][T10483] tipc: Enabling of bearer rejected, failed to enable media [ 653.949572][T10495] x_tables: ip6_tables: icmp6 match: only valid for protocol 58 [ 655.090023][T10524] netlink: 'syz.0.1128': attribute type 16 has an invalid length. [ 655.098494][T10524] netlink: 'syz.0.1128': attribute type 17 has an invalid length. [ 655.561475][T10524] 8021q: adding VLAN 0 to HW filter on device team0 [ 655.573488][T10524] tipc: Resetting bearer [ 655.579748][T10524] tipc: Resetting bearer [ 655.732633][T10524] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 659.417932][T10548] tipc: Enabling of bearer rejected, already enabled [ 666.327966][T10603] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1145'. [ 666.337609][T10603] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1145'. [ 668.988319][T10624] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1152'. [ 670.178196][T10631] tipc: Enabling of bearer rejected, failed to enable media [ 670.923097][T10640] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.1161'. [ 673.196049][T10662] tipc: Enabling of bearer rejected, already enabled [ 673.207052][T10662] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1159'. [ 688.950448][T10731] netlink: 68 bytes leftover after parsing attributes in process `syz.4.1181'. [ 689.049561][T10737] x_tables: ip6_tables: rpfilter match: used from hooks INPUT, but only valid from PREROUTING [ 690.365128][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 690.371636][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 696.828971][T10775] ptrace attach of "./syz-executor exec"[5773] was attempted by "./syz-executor exec"[10775] [ 700.501418][T10802] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1198'. [ 701.074240][T10808] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1198'. [ 715.939975][T10878] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1217'. [ 721.941134][T10915] ptrace attach of ""[10917] was attempted by "./syz-executor exec"[10915] [ 724.654842][T10936] netlink: 'syz.2.1231': attribute type 16 has an invalid length. [ 724.662896][T10936] netlink: 'syz.2.1231': attribute type 17 has an invalid length. [ 724.886677][T10936] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 734.834297][T10982] usb usb1: usbfs: process 10982 (syz.0.1237) did not claim interface 0 before use [ 734.845865][T10982] ptrace attach of "./syz-executor exec"[5778] was attempted by "./syz-executor exec"[10982] [ 737.618638][T11011] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1248'. [ 737.676547][T11011] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1248'. [ 743.204493][T11045] ptrace attach of "./syz-executor exec"[5777] was attempted by "./syz-executor exec"[11045] [ 756.423013][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 756.429626][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 771.174933][T11216] tipc: Enabling of bearer rejected, failed to enable media [ 772.602724][T11229] SET target dimension over the limit! [ 775.143287][T11260] netlink: set zone limit has 8 unknown bytes [ 784.944108][T11327] syz.2.1322(11327): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored. [ 785.300976][T11332] syzkaller0: entered promiscuous mode [ 785.331298][T11332] syzkaller0: entered allmulticast mode [ 787.817337][T11346] xt_TCPMSS: Only works on TCP SYN packets [ 793.917780][T11383] netlink: 'syz.2.1331': attribute type 2 has an invalid length. [ 796.808086][T11402] tipc: Enabling of bearer rejected, failed to enable media [ 801.180050][T11428] netlink: 'syz.3.1349': attribute type 2 has an invalid length. [ 808.815514][T11467] trusted_key: syz.2.1364 sent an empty control message without MSG_MORE. [ 811.307201][T11490] batman_adv: batadv0: Adding interface: dummy0 [ 811.322891][T11490] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 811.940513][T11491] orangefs_mount: mount request failed with -4 [ 812.061028][T11490] batman_adv: batadv0: Interface activated: dummy0 [ 812.109800][T11492] batadv0: mtu less than device minimum [ 812.150604][T11492] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 812.164067][T11492] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 812.176910][T11492] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 812.189859][T11492] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 812.202683][T11492] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 812.215449][T11492] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 812.228222][T11492] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 812.241121][T11492] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 812.253941][T11492] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 821.718808][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 821.725189][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 821.869522][T11536] net_ratelimit: 10 callbacks suppressed [ 821.869574][T11536] openvswitch: netlink: ufid size 17 bytes exceeds the range (1, 16) [ 829.840047][T11567] xt_l2tp: v2 tid > 0xffff: 37482740 [ 832.135821][T11575] tipc: Enabling of bearer rejected, already enabled [ 836.100719][T11592] syzkaller0: entered promiscuous mode [ 836.111217][T11592] syzkaller0: entered allmulticast mode [ 845.096150][T11639] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1400'. [ 845.389352][T11639] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1400'. [ 847.787917][T11652] openvswitch: netlink: ufid size 17 bytes exceeds the range (1, 16) [ 848.098444][T11655] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1405'. [ 848.108770][T11655] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1405'. [ 848.159215][T11655] team0: entered promiscuous mode [ 848.172761][T11655] team_slave_0: entered promiscuous mode [ 848.316656][T11655] team_slave_1: entered promiscuous mode [ 848.324878][T11655] team0: left promiscuous mode [ 848.334202][T11655] team_slave_0: left promiscuous mode [ 848.341566][T11655] team_slave_1: left promiscuous mode [ 858.847072][T11744] xt_l2tp: v2 tid > 0xffff: 37482740 [ 860.826974][T11758] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1418'. [ 860.838877][T11758] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1418'. [ 863.890416][T11783] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1426'. [ 866.993502][T11780] overlayfs: failed to resolve './file0': -2 [ 875.899854][T11849] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1443'. [ 875.913671][T11849] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1443'. [ 875.923987][T11849] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1443'. [ 875.935024][T11849] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1443'. [ 887.234284][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 887.240876][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 887.461215][T11950] nbd1: detected capacity change from 0 to 8589934655 [ 888.315169][ T51] block nbd1: Receive control failed (result -104) [ 893.813824][T11990] DRBG: could not allocate CTR cipher TFM handle: ctr(aes) [ 898.256369][T12040] syzkaller0: entered promiscuous mode [ 898.262724][T12040] syzkaller0: entered allmulticast mode [ 899.283365][T12049] netlink: 'syz.3.1493': attribute type 3 has an invalid length. [ 904.563271][T12087] hugetlbfs: syz.0.1503 (12087): Using mlock ulimits for SHM_HUGETLB is obsolete [ 916.037690][T12185] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1523'. [ 916.161028][T12185] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1523'. [ 917.897042][ T5759] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 918.026737][T12208] netlink: 'syz.2.1527': attribute type 1 has an invalid length. [ 918.464113][ T5759] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 918.575597][ T5759] usb 1-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 919.045102][ T5759] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 919.051668][T12208] bond1: entered promiscuous mode [ 919.075185][T12208] 8021q: adding VLAN 0 to HW filter on device bond1 [ 919.084065][ T5759] usb 1-1: config 0 descriptor?? [ 919.120365][T12212] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1527'. [ 919.124455][ T5759] pwc: Askey VC010 type 2 USB webcam detected. [ 919.133690][T12212] bond1: entered allmulticast mode [ 920.693592][ T24] block nbd1: Possible stuck request ffff888021e70000: control (read@0,1024B). Runtime 30 seconds [ 920.707950][ T24] block nbd1: Possible stuck request ffff888021e70200: control (read@1024,1024B). Runtime 30 seconds [ 920.719249][ T24] block nbd1: Possible stuck request ffff888021e70400: control (read@2048,1024B). Runtime 30 seconds [ 920.730325][ T24] block nbd1: Possible stuck request ffff888021e70600: control (read@3072,1024B). Runtime 30 seconds [ 920.782769][ T5759] pwc: send_video_command error -71 [ 920.788228][ T5759] pwc: Failed to set video mode CIF@30 fps; return code = -71 [ 920.792387][T12208] bond1: (slave bridge1): making interface the new active one [ 920.796029][ T5759] Philips webcam: probe of 1-1:0.0 failed with error -71 [ 920.831120][ T5759] usb 1-1: USB disconnect, device number 6 [ 920.837813][T12226] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1532'. [ 920.926429][T12208] bridge1: entered promiscuous mode [ 920.931965][T12208] bridge1: entered allmulticast mode [ 920.987197][T12208] bond1: (slave bridge1): Enslaving as an active interface with an up link [ 936.659006][ T5759] libceph: connect (1)[c::]:6789 error -101 [ 936.667481][ T5759] libceph: mon0 (1)[c::]:6789 connect error [ 937.082539][ T5759] libceph: connect (1)[c::]:6789 error -101 [ 937.091480][ T5759] libceph: mon0 (1)[c::]:6789 connect error [ 937.716184][ T5759] libceph: connect (1)[c::]:6789 error -101 [ 937.731486][ T5759] libceph: mon0 (1)[c::]:6789 connect error [ 937.759958][T12328] ceph: No mds server is up or the cluster is laggy [ 940.492120][T12365] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1565'. [ 941.959489][T12365] vlan2: entered allmulticast mode [ 941.974211][T12365] bridge0: entered allmulticast mode [ 941.987467][T12365] bridge1: port 1(vlan2) entered blocking state [ 941.994066][T12365] bridge1: port 1(vlan2) entered disabled state [ 942.010402][T12365] vlan2: entered promiscuous mode [ 942.015954][T12365] bridge0: entered promiscuous mode [ 944.240375][T12388] syz.2.1568: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz2,mems_allowed=0-1 [ 944.256585][T12388] CPU: 0 PID: 12388 Comm: syz.2.1568 Not tainted syzkaller #0 [ 944.264091][T12388] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 944.274195][T12388] Call Trace: [ 944.277516][T12388] [ 944.280482][T12388] dump_stack_lvl+0x18c/0x250 [ 944.285223][T12388] ? show_regs_print_info+0x20/0x20 [ 944.290611][T12388] ? load_image+0x400/0x400 [ 944.295167][T12388] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 944.301801][T12388] ? cpuset_print_current_mems_allowed+0x2e7/0x360 [ 944.308340][T12388] warn_alloc+0x246/0x340 [ 944.312691][T12388] ? stack_trace_save+0xaa/0x100 [ 944.317648][T12388] ? zone_watermark_ok_safe+0x230/0x230 [ 944.323220][T12388] ? kasan_set_track+0x5f/0x70 [ 944.328778][T12388] ? kasan_set_track+0x4e/0x70 [ 944.333559][T12388] ? __kasan_kmalloc+0x8f/0xa0 [ 944.338345][T12388] ? xsk_init_queue+0xad/0x100 [ 944.343121][T12388] ? xsk_setsockopt+0x42e/0x760 [ 944.348156][T12388] ? do_sock_setsockopt+0x175/0x1a0 [ 944.353372][T12388] ? __x64_sys_setsockopt+0x182/0x200 [ 944.358766][T12388] __vmalloc_node_range+0x126/0x1330 [ 944.364181][T12388] ? free_vm_area+0x50/0x50 [ 944.368713][T12388] vmalloc_user+0x74/0x80 [ 944.373086][T12388] ? xskq_create+0xbf/0x170 [ 944.377632][T12388] xskq_create+0xbf/0x170 [ 944.382013][T12388] xsk_init_queue+0xad/0x100 [ 944.386628][T12388] xsk_setsockopt+0x42e/0x760 [ 944.391325][T12388] ? xsk_poll+0x680/0x680 [ 944.395704][T12388] ? __fget_files+0x28/0x4b0 [ 944.400325][T12388] ? __fget_files+0x28/0x4b0 [ 944.404947][T12388] ? bpf_lsm_socket_setsockopt+0x9/0x10 [ 944.410598][T12388] ? security_socket_setsockopt+0x7e/0xa0 [ 944.416342][T12388] ? xsk_poll+0x680/0x680 [ 944.420691][T12388] do_sock_setsockopt+0x175/0x1a0 [ 944.425737][T12388] ? __fdget+0x180/0x210 [ 944.430090][T12388] __x64_sys_setsockopt+0x182/0x200 [ 944.435327][T12388] do_syscall_64+0x55/0xa0 [ 944.439767][T12388] ? clear_bhb_loop+0x40/0x90 [ 944.444458][T12388] ? clear_bhb_loop+0x40/0x90 [ 944.449152][T12388] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 944.455141][T12388] RIP: 0033:0x7fd8bdf9bf79 [ 944.459581][T12388] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 944.479241][T12388] RSP: 002b:00007fd8bc1d5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 944.487680][T12388] RAX: ffffffffffffffda RBX: 00007fd8be216180 RCX: 00007fd8bdf9bf79 [ 944.495725][T12388] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000007 [ 944.503729][T12388] RBP: 00007fd8be0327e0 R08: 0000000000000004 R09: 0000000000000000 [ 944.511715][T12388] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000 [ 944.519767][T12388] R13: 00007fd8be216218 R14: 00007fd8be216180 R15: 00007ffc752f0d68 [ 944.527782][T12388] [ 944.531913][T12388] Mem-Info: [ 944.535175][T12388] active_anon:47581 inactive_anon:0 isolated_anon:0 [ 944.535175][T12388] active_file:18099 inactive_file:40709 isolated_file:0 [ 944.535175][T12388] unevictable:20601 dirty:248 writeback:0 [ 944.535175][T12388] slab_reclaimable:11476 slab_unreclaimable:94112 [ 944.535175][T12388] mapped:27420 shmem:42168 pagetables:771 [ 944.535175][T12388] sec_pagetables:0 bounce:0 [ 944.535175][T12388] kernel_misc_reclaimable:0 [ 944.535175][T12388] free:1277037 free_pcp:11213 free_cma:0 [ 944.580887][T12388] Node 0 active_anon:190324kB inactive_anon:0kB active_file:72396kB inactive_file:162632kB unevictable:80868kB isolated(anon):0kB isolated(file):0kB mapped:109680kB dirty:992kB writeback:0kB shmem:167136kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12016kB pagetables:3084kB sec_pagetables:0kB all_unreclaimable? no [ 944.614101][T12388] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 944.645813][T12388] Node 0 DMA free:15344kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 944.673089][T12388] lowmem_reserve[]: 0 2521 2522 2522 2522 [ 944.679423][T12388] Node 0 DMA32 free:1211296kB boost:0kB min:34644kB low:43304kB high:51964kB reserved_highatomic:0KB active_anon:185084kB inactive_anon:0kB active_file:72396kB inactive_file:161812kB unevictable:80868kB writepending:992kB present:3129332kB managed:2586972kB mlocked:0kB bounce:0kB free_pcp:19964kB local_pcp:4kB free_cma:0kB [ 944.709940][T12388] lowmem_reserve[]: 0 0 0 0 0 [ 944.715236][T12388] Node 0 Normal free:4kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:40kB inactive_anon:0kB active_file:0kB inactive_file:820kB unevictable:0kB writepending:0kB present:1048576kB managed:872kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB [ 944.742597][T12388] lowmem_reserve[]: 0 0 0 0 0 [ 944.747581][T12388] Node 1 Normal free:3885504kB boost:0kB min:55244kB low:69052kB high:82860kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:26236kB local_pcp:13724kB free_cma:0kB [ 944.777142][T12388] lowmem_reserve[]: 0 0 0 0 0 [ 944.782408][T12388] Node 0 DMA: 0*4kB 0*8kB 1*16kB (U) 1*32kB (U) 1*64kB (U) 1*128kB (U) 1*256kB (U) 1*512kB (U) 0*1024kB 1*2048kB (M) 3*4096kB (M) = 15344kB [ 944.797783][T12388] Node 0 DMA32: 1611*4kB (UME) 749*8kB (UME) 561*16kB (UME) 287*32kB (UME) 193*64kB (UME) 68*128kB (UME) 67*256kB (UM) 43*512kB (UM) 37*1024kB (UME) 17*2048kB (UME) 257*4096kB (UM) = 1216196kB [ 944.817029][T12388] Node 0 Normal: 1*4kB (M) 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4kB [ 944.829405][T12388] Node 1 Normal: 150*4kB (UME) 53*8kB (UME) 38*16kB (UME) 85*32kB (UME) 23*64kB (UME) 10*128kB (UME) 2*256kB (ME) 0*512kB 1*1024kB (U) 1*2048kB (E) 946*4096kB (M) = 3885504kB [ 944.847212][T12388] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 944.857019][T12388] Node 0 hugepages_total=3 hugepages_free=3 hugepages_surp=0 hugepages_size=2048kB [ 944.912192][T12388] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 944.921980][T12388] Node 1 hugepages_total=1 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB [ 944.931909][T12388] 117318 total pagecache pages [ 944.936893][T12388] 0 pages in swap cache [ 944.941091][T12388] Free swap = 124304kB [ 944.945290][T12388] Total swap = 124996kB [ 944.949563][T12388] 2097051 pages RAM [ 944.953424][T12388] 0 pages HighMem/MovableOnly [ 944.958217][T12388] 416922 pages reserved [ 944.962417][T12388] 0 pages cma reserved [ 946.223776][T12404] tipc: Enabled bearer , priority 10 [ 946.275566][T12405] 8021q: VLANs not supported on lo [ 950.546599][T12435] overlayfs: failed to clone upperpath [ 953.156588][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 953.164479][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 953.169337][ T24] block nbd1: Possible stuck request ffff888021e70000: control (read@0,1024B). Runtime 60 seconds [ 954.144155][ T24] block nbd1: Possible stuck request ffff888021e70200: control (read@1024,1024B). Runtime 60 seconds [ 954.155296][ T24] block nbd1: Possible stuck request ffff888021e70400: control (read@2048,1024B). Runtime 60 seconds [ 954.166864][ T24] block nbd1: Possible stuck request ffff888021e70600: control (read@3072,1024B). Runtime 60 seconds [ 957.145935][ T5759] usb 1-1: new full-speed USB device number 7 using dummy_hcd [ 959.101777][T12503] workqueue: Failed to create a rescuer kthread for wq "ceph-completion": -EINTR [ 959.176993][ T5759] usb 1-1: config 0 interface 0 altsetting 251 endpoint 0x9 has an invalid bInterval 0, changing to 4 [ 959.189876][ T5140] udevd[5140]: worker [11922] /devices/virtual/block/nbd1 is taking a long time [ 959.197586][ T5759] usb 1-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid maxpacket 15380, setting to 1023 [ 959.296996][ T5759] usb 1-1: config 0 interface 0 has no altsetting 0 [ 959.388486][ T5759] usb 1-1: string descriptor 0 read error: -71 [ 959.411515][ T5759] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 959.615108][ T5759] usb 1-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 959.636973][ T5759] usb 1-1: config 0 descriptor?? [ 959.659666][ T5759] usb 1-1: can't set config #0, error -71 [ 959.675880][ T5759] usb 1-1: USB disconnect, device number 7 [ 962.886633][T12529] ceph: No mds server is up or the cluster is laggy [ 979.609844][T12678] loop8: detected capacity change from 0 to 8 [ 979.642058][T12201] Dev loop8: unable to read RDB block 8 [ 979.647720][T12201] loop8: unable to read partition table [ 979.673120][T12201] loop8: partition table beyond EOD, truncated [ 979.694915][T12679] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 979.715548][T12678] Dev loop8: unable to read RDB block 8 [ 979.721205][T12678] loop8: unable to read partition table [ 979.760045][T12678] loop8: partition table beyond EOD, truncated [ 979.766430][T12678] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5) [ 982.724942][T12698] tipc: Enabling of bearer rejected, max 3 bearers permitted [ 982.906494][T12702] netlink: 'syz.2.1641': attribute type 1 has an invalid length. [ 982.914850][T12702] netlink: 168864 bytes leftover after parsing attributes in process `syz.2.1641'. [ 988.169849][ T24] block nbd1: Possible stuck request ffff888021e70000: control (read@0,1024B). Runtime 90 seconds [ 988.182133][ T24] block nbd1: Possible stuck request ffff888021e70200: control (read@1024,1024B). Runtime 90 seconds [ 988.195042][ T24] block nbd1: Possible stuck request ffff888021e70400: control (read@2048,1024B). Runtime 90 seconds [ 988.208053][ T24] block nbd1: Possible stuck request ffff888021e70600: control (read@3072,1024B). Runtime 90 seconds [ 990.289862][T12746] netlink: 'syz.2.1659': attribute type 3 has an invalid length. [ 990.300718][T12746] netlink: 'syz.2.1659': attribute type 3 has an invalid length. [ 995.911870][T12801] tipc: Resetting bearer [ 997.181667][ C0] hrtimer: interrupt took 38417 ns [ 1001.317120][T12867] tipc: Enabling of bearer rejected, already enabled [ 1010.445961][T12933] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1013.294069][T12961] orangefs_mount: mount request failed with -4 [ 1018.210268][ T27] kauditd_printk_skb: 2 callbacks suppressed [ 1018.210289][ T27] audit: type=1326 audit(3918320485.319:378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13018 comm="syz.2.1729" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd8bdf9bf79 code=0x0 [ 1018.659722][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 1018.666195][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 1020.813850][ T24] block nbd1: Possible stuck request ffff888021e70000: control (read@0,1024B). Runtime 120 seconds [ 1020.825503][ T24] block nbd1: Possible stuck request ffff888021e70200: control (read@1024,1024B). Runtime 120 seconds [ 1020.839490][ T24] block nbd1: Possible stuck request ffff888021e70400: control (read@2048,1024B). Runtime 120 seconds [ 1020.850688][ T24] block nbd1: Possible stuck request ffff888021e70600: control (read@3072,1024B). Runtime 120 seconds [ 1024.531491][T13072] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1731'. [ 1025.008297][T13074] orangefs_mount: mount request failed with -4 [ 1034.159090][T13159] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1765'. [ 1040.605710][T13207] vlan2: left promiscuous mode [ 1041.430354][T13207] bridge0: left promiscuous mode [ 1041.435748][T13207] bridge1: port 1(vlan2) entered disabled state [ 1054.195254][ T24] block nbd1: Possible stuck request ffff888021e70000: control (read@0,1024B). Runtime 150 seconds [ 1054.206264][ T24] block nbd1: Possible stuck request ffff888021e70200: control (read@1024,1024B). Runtime 150 seconds [ 1054.217813][ T24] block nbd1: Possible stuck request ffff888021e70400: control (read@2048,1024B). Runtime 150 seconds [ 1054.230016][ T24] block nbd1: Possible stuck request ffff888021e70600: control (read@3072,1024B). Runtime 150 seconds [ 1062.615231][T13358] netlink: 277 bytes leftover after parsing attributes in process `syz.4.1812'. [ 1076.017474][T13459] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1836'. [ 1076.035067][T13459] IPVS: Error joining to the multicast group [ 1077.393798][ T27] audit: type=1804 audit(3918320539.694:379): pid=13463 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.1838" name="bus" dev="ramfs" ino=25723 res=1 errno=0 [ 1077.890260][T13473] netlink: 277 bytes leftover after parsing attributes in process `syz.3.1840'. [ 1080.782289][ T5140] udevd[5140]: worker [11922] /devices/virtual/block/nbd1 timeout; kill it [ 1080.856082][ T5140] udevd[5140]: seq 12893 '/devices/virtual/block/nbd1' killed [ 1084.306513][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 1084.535852][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 1084.712350][T13515] netlink: 'syz.2.1850': attribute type 17 has an invalid length. [ 1084.769829][T13515] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1850'. [ 1086.789573][ T24] block nbd1: Possible stuck request ffff888021e70000: control (read@0,1024B). Runtime 180 seconds [ 1086.800455][ T24] block nbd1: Possible stuck request ffff888021e70200: control (read@1024,1024B). Runtime 180 seconds [ 1086.812083][ T24] block nbd1: Possible stuck request ffff888021e70400: control (read@2048,1024B). Runtime 180 seconds [ 1086.824166][ T24] block nbd1: Possible stuck request ffff888021e70600: control (read@3072,1024B). Runtime 180 seconds [ 1101.871199][T13597] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1870'. [ 1101.934096][T13597] IPVS: Error joining to the multicast group [ 1104.685924][T13621] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1877'. [ 1119.608261][ T24] block nbd1: Possible stuck request ffff888021e70000: control (read@0,1024B). Runtime 210 seconds [ 1119.608466][T13727] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1901'. [ 1119.619193][ T24] block nbd1: Possible stuck request ffff888021e70200: control (read@1024,1024B). Runtime 210 seconds [ 1119.652023][T13727] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1901'. [ 1119.661295][T13727] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1901'. [ 1119.671436][T13727] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1901'. [ 1119.681488][T13727] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1901'. [ 1119.691052][ T24] block nbd1: Possible stuck request ffff888021e70400: control (read@2048,1024B). Runtime 210 seconds [ 1119.702288][ T24] block nbd1: Possible stuck request ffff888021e70600: control (read@3072,1024B). Runtime 210 seconds [ 1122.204459][T13752] overlayfs: failed to clone lowerpath [ 1142.162674][T13892] tipc: Failed to remove unknown binding: 66,1,1/4:4272561762/4272561764 [ 1142.171929][T13892] tipc: Failed to remove unknown binding: 66,1,1/4:4272561762/4272561764 [ 1143.220729][T13897] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1945'. [ 1149.989293][T13956] overlayfs: failed to clone lowerpath [ 1150.036987][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 1150.059407][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 1151.884938][T13970] netlink: 'syz.3.1961': attribute type 1 has an invalid length. [ 1152.004464][T13973] bond0: (slave ip6gretap1): Enslaving as a backup interface with an up link [ 1152.029676][ T24] block nbd1: Possible stuck request ffff888021e70000: control (read@0,1024B). Runtime 240 seconds [ 1152.044083][ T24] block nbd1: Possible stuck request ffff888021e70200: control (read@1024,1024B). Runtime 240 seconds [ 1152.055476][ T24] block nbd1: Possible stuck request ffff888021e70400: control (read@2048,1024B). Runtime 240 seconds [ 1152.066929][ T24] block nbd1: Possible stuck request ffff888021e70600: control (read@3072,1024B). Runtime 240 seconds [ 1152.386801][T13970] veth3: entered promiscuous mode [ 1152.401831][T13970] bond0: (slave veth3): Enslaving as a backup interface with a down link [ 1152.423264][T13973] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1961'. [ 1152.477969][T10401] bond0: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 1152.485233][T13973] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1152.689935][ T1081] bond0: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 1171.262788][T14091] No such timeout policy "syz1" [ 1180.910575][ T27] audit: type=1326 audit(3918320637.583:380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14132 comm="syz.3.1994" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe039d9bf79 code=0x7ffc0000 [ 1181.018938][ T27] audit: type=1326 audit(3918320637.583:381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14132 comm="syz.3.1994" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe039d9bf79 code=0x7ffc0000 [ 1181.113893][ T27] audit: type=1326 audit(3918320637.593:382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14132 comm="syz.3.1994" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fe039d9bf79 code=0x7ffc0000 [ 1181.197094][ T27] audit: type=1326 audit(3918320637.593:383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14132 comm="syz.3.1994" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe039d9bf79 code=0x7ffc0000 [ 1181.282759][ T27] audit: type=1326 audit(3918320637.593:384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14132 comm="syz.3.1994" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe039d9bf79 code=0x7ffc0000 [ 1181.364666][ T27] audit: type=1326 audit(3918320637.593:385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14132 comm="syz.3.1994" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fe039d9bf79 code=0x7ffc0000 [ 1181.445374][ T27] audit: type=1326 audit(3918320637.593:386): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14132 comm="syz.3.1994" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe039d9bf79 code=0x7ffc0000 [ 1181.505376][ T27] audit: type=1326 audit(3918320637.593:387): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14132 comm="syz.3.1994" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe039d9bf79 code=0x7ffc0000 [ 1181.567312][ T27] audit: type=1326 audit(3918320637.593:388): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14132 comm="syz.3.1994" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7fe039d9bf79 code=0x7ffc0000 [ 1181.599836][ T27] audit: type=1326 audit(3918320637.593:389): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14132 comm="syz.3.1994" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe039d9bf79 code=0x7ffc0000 [ 1186.939424][ T24] block nbd1: Possible stuck request ffff888021e70000: control (read@0,1024B). Runtime 270 seconds [ 1186.951290][ T24] block nbd1: Possible stuck request ffff888021e70200: control (read@1024,1024B). Runtime 270 seconds [ 1186.962478][ T24] block nbd1: Possible stuck request ffff888021e70400: control (read@2048,1024B). Runtime 270 seconds [ 1186.973871][ T24] block nbd1: Possible stuck request ffff888021e70600: control (read@3072,1024B). Runtime 270 seconds [ 1187.833000][T14172] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2010'. [ 1187.843676][T14172] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2010'. [ 1190.994343][ T27] kauditd_printk_skb: 446 callbacks suppressed [ 1190.994361][ T27] audit: type=1326 audit(3918320647.031:836): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14182 comm="syz.2.2012" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8bdf9bf79 code=0x7ffc0000 [ 1191.035106][ T27] audit: type=1326 audit(3918320647.059:837): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14182 comm="syz.2.2012" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8bdf9bf79 code=0x7ffc0000 [ 1191.184890][T14188] No such timeout policy "syz1" [ 1191.276543][ T27] audit: type=1326 audit(3918320647.059:838): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14182 comm="syz.2.2012" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fd8bdf9bf79 code=0x7ffc0000 [ 1191.665998][ T27] audit: type=1326 audit(3918320647.059:839): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14182 comm="syz.2.2012" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8bdf9bf79 code=0x7ffc0000 [ 1192.088912][ T27] audit: type=1326 audit(3918320647.059:840): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14182 comm="syz.2.2012" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8bdf9bf79 code=0x7ffc0000 [ 1192.348714][ T27] audit: type=1326 audit(3918320647.059:841): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14182 comm="syz.2.2012" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fd8bdf9bf79 code=0x7ffc0000 [ 1192.381821][ T27] audit: type=1326 audit(3918320647.059:842): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14182 comm="syz.2.2012" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8bdf9bf79 code=0x7ffc0000 [ 1193.717667][ T27] audit: type=1326 audit(3918320647.059:843): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14182 comm="syz.2.2012" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8bdf9bf79 code=0x7ffc0000 [ 1194.035647][ T27] audit: type=1326 audit(3918320647.059:844): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14182 comm="syz.2.2012" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7fd8bdf9bf79 code=0x7ffc0000 [ 1194.058743][ T27] audit: type=1326 audit(3918320647.059:845): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14182 comm="syz.2.2012" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd8bdf9bf79 code=0x7ffc0000 [ 1204.738312][T14279] No such timeout policy "syz1" [ 1205.811983][T14285] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2034'. [ 1205.824873][T14285] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2034'. [ 1215.859397][ T1289] ieee802154 phy0 wpan0: encryption failed: -22 [ 1216.029331][ T1289] ieee802154 phy1 wpan1: encryption failed: -22 [ 1218.295640][T14373] No such timeout policy "syz1" [ 1219.821412][ T24] block nbd1: Possible stuck request ffff888021e70000: control (read@0,1024B). Runtime 300 seconds [ 1219.835049][ T24] block nbd1: Possible stuck request ffff888021e70200: control (read@1024,1024B). Runtime 300 seconds [ 1219.846499][ T24] block nbd1: Possible stuck request ffff888021e70400: control (read@2048,1024B). Runtime 300 seconds [ 1219.866159][ T24] block nbd1: Possible stuck request ffff888021e70600: control (read@3072,1024B). Runtime 300 seconds [ 1224.168442][ T27] kauditd_printk_skb: 60 callbacks suppressed [ 1224.168461][ T27] audit: type=1800 audit(3918320678.049:906): pid=14416 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.2071" name="SYSV00000000" dev="hugetlbfs" ino=4 res=0 errno=0 [ 1225.401286][T11959] Bluetooth: hci0: unexpected event for opcode 0x0c7d [ 1233.266382][T14500] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 1233.293064][T14500] CIFS: Unable to determine destination address [ 1237.153259][T14526] netlink: 'syz.3.2102': attribute type 10 has an invalid length. [ 1237.162155][T14526] hsr0: entered promiscuous mode [ 1239.697313][T14547] Cannot find add_set index 0 as target [ 1242.059390][T14577] netlink: 'syz.3.2116': attribute type 6 has an invalid length. [ 1243.735170][T14589] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2118'. [ 1243.744291][T14589] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2118'. [ 1248.016109][ T29] INFO: task udevd:11922 blocked for more than 144 seconds. [ 1248.049634][ T29] Not tainted syzkaller #0 [ 1248.067218][ T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1248.076754][ T29] task:udevd state:D stack:24968 pid:11922 ppid:5140 flags:0x00004006 [ 1248.101229][ T29] Call Trace: [ 1248.104708][ T29] [ 1248.107749][ T29] __schedule+0x1553/0x45a0 [ 1248.112499][ T29] ? asan.module_dtor+0x20/0x20 [ 1248.117498][ T29] ? mark_lock+0x94/0x320 [ 1248.122449][ T29] ? lock_chain_count+0x20/0x20 [ 1248.127506][ T29] ? _raw_spin_lock_irq+0xbb/0xf0 [ 1248.132673][ T29] ? _raw_spin_lock_irqsave+0x100/0x100 [ 1248.138470][ T29] schedule+0xbd/0x170 [ 1248.142679][ T29] io_schedule+0x80/0xd0 [ 1248.151244][ T29] folio_wait_bit_common+0x714/0xfa0 [ 1248.158959][ T29] ? folio_wait_bit+0x30/0x30 [ 1248.163702][ T29] ? _compound_head+0x120/0x120 [ 1248.171553][ T29] ? filemap_add_folio+0x192/0x3c0 [ 1248.178024][ T29] ? __filemap_get_folio+0x704/0xbb0 [ 1248.183380][ T29] ? blkdev_writepage+0x30/0x30 [ 1248.191988][ T29] do_read_cache_folio+0x1c0/0x7d0 [ 1248.198482][ T29] ? blkdev_writepage+0x30/0x30 [ 1248.203401][ T29] read_part_sector+0xd2/0x340 [ 1248.211915][ T29] adfspart_check_POWERTEC+0x93/0xed0 [ 1248.218096][ T29] ? adfspart_check_ADFS+0x620/0x620 [ 1248.223610][ T29] ? put_partition+0x370/0x370 [ 1248.228426][ T29] ? alloc_pages+0x4dc/0x740 [ 1248.238298][ T29] bdev_disk_changed+0x740/0x1420 [ 1248.246689][ T29] ? bdev_resize_partition+0xf0/0xf0 [ 1248.252296][ T29] ? iput+0x343/0x920 [ 1248.256332][ T29] blkdev_get_whole+0x30d/0x390 [ 1248.268322][ T29] blkdev_get_by_dev+0x279/0x600 [ 1248.275702][ T29] blkdev_open+0x152/0x360 [ 1248.280534][ T29] ? blkdev_mmap+0x1b0/0x1b0 [ 1248.290425][ T29] do_dentry_open+0x8c6/0x1500 [ 1248.295418][ T29] path_openat+0x27f1/0x3230 [ 1248.300081][ T29] ? do_sys_openat2+0xda/0x1d0 [ 1248.306469][ T29] ? verify_lock_unused+0x140/0x140 [ 1248.311722][ T29] ? do_filp_open+0x430/0x430 [ 1248.321873][ T29] ? __virt_addr_valid+0x18c/0x540 [ 1248.328444][ T29] do_filp_open+0x1f5/0x430 [ 1248.333009][ T29] ? vfs_tmpfile+0x490/0x490 [ 1248.346864][ T29] ? _raw_spin_unlock+0x28/0x40 [ 1248.351809][ T29] ? alloc_fd+0x58f/0x630 [ 1248.356198][ T29] do_sys_openat2+0x134/0x1d0 [ 1248.365754][ T29] ? do_sys_open+0xe0/0xe0 [ 1248.370361][ T29] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 1248.376404][ T29] ? lock_chain_count+0x20/0x20 [ 1248.387919][ T29] __x64_sys_openat+0x139/0x160 [ 1248.395288][ T29] do_syscall_64+0x55/0xa0 [ 1248.399885][ T29] ? clear_bhb_loop+0x40/0x90 [ 1248.410572][ T29] ? clear_bhb_loop+0x40/0x90 [ 1248.415809][ T29] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1248.422467][ T29] RIP: 0033:0x7f06df2a7407 [ 1248.491598][ T29] RSP: 002b:00007ffc6943aaa0 EFLAGS: 00000202 ORIG_RAX: 0000000000000101 [ 1248.500685][ T29] RAX: ffffffffffffffda RBX: 00007f06dfa3b880 RCX: 00007f06df2a7407 [ 1248.509335][ T29] RDX: 00000000000a0800 RSI: 000055b42a8832d0 RDI: ffffffffffffff9c [ 1248.517376][ T29] RBP: 000055b42a882910 R08: 0000000000000000 R09: 0000000000000000 [ 1248.525783][ T29] R10: 0000000000000000 R11: 0000000000000202 R12: 000055b42a895260 [ 1248.534129][ T29] R13: 000055b42a89a410 R14: 0000000000000000 R15: 000055b42a895260 [ 1248.542490][ T29] [ 1248.808294][ T29] [ 1248.808294][ T29] Showing all locks held in the system: [ 1248.837651][ T29] 1 lock held by khungtaskd/29: [ 1248.846206][ T29] #0: ffffffff8d131fa0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x290 [ 1248.859851][ T29] 2 locks held by getty/5530: [ 1248.867896][ T29] #0: ffff888030e0a0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 1248.885471][ T29] #1: ffffc9000326e2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x433/0x1390 [ 1248.902893][ T29] 1 lock held by udevd/11922: [ 1248.907810][ T29] #0: ffff888021d534c8 (&disk->open_mutex){+.+.}-{3:3}, at: blkdev_get_by_dev+0x121/0x600 [ 1248.924387][ T29] 3 locks held by syz.3.2130/14632: [ 1248.929875][ T29] #0: ffff8880766e6820 (&sb->s_type->i_mutex_key#11){+.+.}-{3:3}, at: sock_close+0x9b/0x230 [ 1248.951218][ T29] #1: ffffffff8e423090 ((netlink_chain).rwsem){++++}-{3:3}, at: blocking_notifier_call_chain+0x54/0x90 [ 1248.964315][ T29] #2: ffff88814526b4b8 (&nft_net->commit_mutex){+.+.}-{3:3}, at: nft_rcv_nl_event+0x12a/0x5c0 [ 1248.980623][ T29] 2 locks held by syz.4.2132/14642: [ 1248.986117][ T29] #0: ffffffff8cfef208 (sched_core_mutex){+.+.}-{3:3}, at: sched_core_get+0x52/0x180 [ 1248.997932][ T29] #1: ffffffff8d137978 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x3da/0x880 [ 1249.021421][ T29] 1 lock held by syz.4.2132/14644: [ 1249.026926][ T29] #0: ffffffff8cfef208 (sched_core_mutex){+.+.}-{3:3}, at: sched_core_get+0x52/0x180 [ 1249.042392][ T29] 1 lock held by dhcpcd/14643: [ 1249.047813][ T29] #0: ffff8880749a4130 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcc0 [ 1249.062154][ T29] 1 lock held by dhcpcd/14645: [ 1249.068680][ T29] #0: ffff88802165e130 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcc0 [ 1249.082766][ T29] 4 locks held by syz.4.2132/14647: [ 1249.088547][ T29] [ 1249.091002][ T29] ============================================= [ 1249.091002][ T29] [ 1249.106243][ T29] NMI backtrace for cpu 1 [ 1249.110630][ T29] CPU: 1 PID: 29 Comm: khungtaskd Not tainted syzkaller #0 [ 1249.117865][ T29] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 1249.127963][ T29] Call Trace: [ 1249.131273][ T29] [ 1249.134236][ T29] dump_stack_lvl+0x18c/0x250 [ 1249.138992][ T29] ? show_regs_print_info+0x20/0x20 [ 1249.144251][ T29] ? load_image+0x400/0x400 [ 1249.148843][ T29] nmi_cpu_backtrace+0x3a6/0x3e0 [ 1249.153846][ T29] ? nmi_trigger_cpumask_backtrace+0x2f0/0x2f0 [ 1249.160050][ T29] ? _printk+0xde/0x130 [ 1249.164253][ T29] ? load_image+0x400/0x400 [ 1249.168841][ T29] ? load_image+0x400/0x400 [ 1249.173399][ T29] ? arch_trigger_cpumask_backtrace+0x10/0x10 [ 1249.179519][ T29] nmi_trigger_cpumask_backtrace+0x17a/0x2f0 [ 1249.185558][ T29] watchdog+0xf3d/0xf80 [ 1249.189761][ T29] ? watchdog+0x1e1/0xf80 [ 1249.194159][ T29] kthread+0x2fa/0x390 [ 1249.198355][ T29] ? hungtask_pm_notify+0x90/0x90 [ 1249.203429][ T29] ? kthread_blkcg+0xd0/0xd0 [ 1249.208059][ T29] ret_from_fork+0x48/0x80 [ 1249.212518][ T29] ? kthread_blkcg+0xd0/0xd0 [ 1249.217147][ T29] ret_from_fork_asm+0x11/0x20 [ 1249.221971][ T29] [ 1249.226259][ T29] Sending NMI from CPU 1 to CPUs 0: [ 1249.231524][ C0] NMI backtrace for cpu 0 [ 1249.231610][ C0] CPU: 0 PID: 14647 Comm: syz.4.2132 Not tainted syzkaller #0 [ 1249.231627][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 1249.231636][ C0] RIP: 0010:lock_is_held_type+0x6d/0x190 [ 1249.231659][ C0] Code: 8b 1d 77 56 7f 75 83 bb dc 0a 00 00 00 0f 85 df 00 00 00 41 89 f7 49 89 fe 48 c7 04 24 00 00 00 00 9c 8f 04 24 4c 8b 2c 24 fa <48> c7 c7 e0 d5 ca 8a e8 27 13 00 00 65 ff 05 68 2a 7e 75 83 bb d8 [ 1249.231672][ C0] RSP: 0000:ffffc90004136de8 EFLAGS: 00000046 [ 1249.231687][ C0] RAX: 0000000000000000 RBX: ffff888050c01e00 RCX: 8027d84ccf92c300 [ 1249.231698][ C0] RDX: ffff888050c01e00 RSI: 00000000ffffffff RDI: ffffffff8d131fa0 [ 1249.231709][ C0] RBP: 00000000ffffffff R08: ffffea000103d6f7 R09: 1ffffd4000207ade [ 1249.231720][ C0] R10: dffffc0000000000 R11: fffff94000207adf R12: ffff888076f368b8 [ 1249.231730][ C0] R13: 0000000000000246 R14: ffffffff8d131fa0 R15: 00000000ffffffff [ 1249.231741][ C0] FS: 00007fd855e116c0(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 [ 1249.231755][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1249.231765][ C0] CR2: 0000000000000030 CR3: 000000002c2ab000 CR4: 00000000003506f0 [ 1249.231791][ C0] Call Trace: [ 1249.231796][ C0] [ 1249.231806][ C0] xas_reload+0x19c/0x470 [ 1249.231824][ C0] next_uptodate_folio+0x203/0xad0 [ 1249.231844][ C0] filemap_map_pages+0xfdc/0x1980 [ 1249.231865][ C0] ? filemap_map_pages+0x18e/0x1980 [ 1249.231882][ C0] ? filemap_read_folio+0x760/0x760 [ 1249.231904][ C0] handle_mm_fault+0x3b05/0x4c00 [ 1249.231921][ C0] ? handle_mm_fault+0xe7/0x4c00 [ 1249.231940][ C0] ? numa_migrate_prep+0x350/0x350 [ 1249.231953][ C0] ? follow_page_pte+0x6d0/0x1ac0 [ 1249.231976][ C0] ? pmd_lock+0x60/0x60 [ 1249.231997][ C0] __get_user_pages+0x5d0/0x1380 [ 1249.232024][ C0] ? populate_vma_page_range+0x380/0x380 [ 1249.232042][ C0] ? get_dump_page+0xb6/0x200 [ 1249.232059][ C0] ? down_read_killable+0x1d0/0x340 [ 1249.232082][ C0] get_dump_page+0x10c/0x200 [ 1249.232102][ C0] ? fault_in_readable+0x150/0x150 [ 1249.232119][ C0] ? __asan_memset+0x22/0x40 [ 1249.232138][ C0] ? iov_iter_bvec+0xd4/0x1b0 [ 1249.232160][ C0] dump_user_range+0x127/0x860 [ 1249.232181][ C0] ? dump_skip+0x40/0x40 [ 1249.232193][ C0] ? dump_emit+0x78/0xe0 [ 1249.232213][ C0] ? dump_emit+0xa6/0xe0 [ 1249.232225][ C0] ? elf_core_dump+0x2bae/0x3770 [ 1249.232245][ C0] elf_core_dump+0x31d0/0x3770 [ 1249.232272][ C0] ? load_elf_binary+0x2860/0x2860 [ 1249.232292][ C0] ? dump_vma_snapshot+0xbe8/0x1090 [ 1249.232306][ C0] ? verify_lock_unused+0x140/0x140 [ 1249.232324][ C0] ? mas_next_slot+0x94f/0x980 [ 1249.232359][ C0] ? rcu_read_lock_any_held+0xb4/0x140 [ 1249.232375][ C0] ? 0xffffffffff600000 [ 1249.232388][ C0] ? do_raw_spin_unlock+0x121/0x230 [ 1249.232411][ C0] do_coredump+0x17cc/0x24d0 [ 1249.232435][ C0] ? nfs_stat_to_errno+0x1a0/0x1a0 [ 1249.232460][ C0] ? lock_chain_count+0x20/0x20 [ 1249.232478][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 1249.232492][ C0] ? lockdep_hardirqs_on+0x98/0x150 [ 1249.232508][ C0] get_signal+0x1133/0x13f0 [ 1249.232542][ C0] arch_do_signal_or_restart+0xc2/0x800 [ 1249.232566][ C0] ? get_sigframe_size+0x20/0x20 [ 1249.232586][ C0] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 1249.232609][ C0] ? exit_to_user_mode_loop+0x3b/0x110 [ 1249.232629][ C0] exit_to_user_mode_loop+0x70/0x110 [ 1249.232649][ C0] exit_to_user_mode_prepare+0xee/0x180 [ 1249.232668][ C0] irqentry_exit_to_user_mode+0x9/0x30 [ 1249.232683][ C0] exc_page_fault+0x8c/0x100 [ 1249.232698][ C0] asm_exc_page_fault+0x26/0x30 [ 1249.232713][ C0] RIP: 0033:0x7fd854f9bf81 [ 1249.232725][ C0] Code: 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 1249.232737][ C0] RSP: 002b:0000000000000030 EFLAGS: 00010217 [ 1249.232748][ C0] RAX: 0000000000000000 RBX: 00007fd855216180 RCX: 00007fd854f9bf79 [ 1249.232758][ C0] RDX: 0000000000000000 RSI: 0000000000000030 RDI: 0000000000000600 [ 1249.232768][ C0] RBP: 00007fd8550327e0 R08: 0000000000000000 R09: 0000000000000000 [ 1249.232777][ C0] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1249.232786][ C0] R13: 00007fd855216218 R14: 00007fd855216180 R15: 00007ffd24d54218 [ 1249.232804][ C0] [ 1249.676323][ T29] Kernel panic - not syncing: hung_task: blocked tasks [ 1249.683245][ T29] CPU: 1 PID: 29 Comm: khungtaskd Not tainted syzkaller #0 [ 1249.690555][ T29] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 1249.700648][ T29] Call Trace: [ 1249.703964][ T29] [ 1249.706920][ T29] dump_stack_lvl+0x18c/0x250 [ 1249.711650][ T29] ? show_regs_print_info+0x20/0x20 [ 1249.716891][ T29] ? load_image+0x400/0x400 [ 1249.721619][ T29] panic+0x2dc/0x730 [ 1249.725552][ T29] ? schedule_preempt_disabled+0x20/0x20 [ 1249.731232][ T29] ? bpf_jit_dump+0xd0/0xd0 [ 1249.735778][ T29] ? __irq_work_queue_local+0x13a/0x3b0 [ 1249.741368][ T29] ? nmi_trigger_cpumask_backtrace+0x2a4/0x2f0 [ 1249.747572][ T29] watchdog+0xf7c/0xf80 [ 1249.751773][ T29] ? watchdog+0x1e1/0xf80 [ 1249.756147][ T29] kthread+0x2fa/0x390 [ 1249.760248][ T29] ? hungtask_pm_notify+0x90/0x90 [ 1249.765315][ T29] ? kthread_blkcg+0xd0/0xd0 [ 1249.769939][ T29] ret_from_fork+0x48/0x80 [ 1249.774655][ T29] ? kthread_blkcg+0xd0/0xd0 [ 1249.779283][ T29] ret_from_fork_asm+0x11/0x20 [ 1249.784110][ T29] [ 1249.787578][ T29] Kernel Offset: disabled [ 1249.792005][ T29] Rebooting in 86400 seconds..