last executing test programs: 2.215475474s ago: executing program 2 (id=114): r0 = openat$kvm(0x0, &(0x7f00000005c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$x86(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$x86(r2, &(0x7f0000000100)={0x0, &(0x7f0000000200)=[@enable_nested={0x12c, 0x18}, @nested_create_vm={0x12d, 0x18}, @nested_load_code={0x12e, 0x1b, {0x0, "f40f08"}}, @nested_vmlaunch={0x12f, 0x18, 0x1}, @nested_amd_vmcb_write_mask={0x17c, 0x38, {0x0, @control_area=0x8, 0x0, 0x1000000, 0xfffffffffffffffe}}, @nested_vmresume={0x130, 0x18}], 0xb3}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_GUEST_DEBUG_x86(r3, 0x4048ae9b, &(0x7f0000000000)={0x40001, 0x0, {[0x9, 0xa, 0x4, 0x42, 0x4, 0x79, 0xd2f, 0xd]}}) ioctl$KVM_GET_VCPU_EVENTS(r3, 0x8040ae9f, &(0x7f0000000000)=@arm64) 1.945893368s ago: executing program 3 (id=118): ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, &(0x7f0000000140)={0x1, 0x0, @ioapic={0x8080000, 0xffff, 0x0, 0x4, 0x0, [{0xf1, 0x8, 0xa, '\x00', 0x5}, {0x81, 0x7, 0x1c, '\x00', 0x4e}, {0x5, 0x1, 0x9, '\x00', 0x75}, {0x3, 0x7, 0x48, '\x00', 0xd}, {0xc, 0x2, 0x89, '\x00', 0x2}, {0x9, 0x1, 0x1, '\x00', 0xc3}, {0xf, 0x13, 0xab, '\x00', 0x8}, {0xfa, 0x9a, 0x3, '\x00', 0x9}, {0x4, 0x9c, 0xbe, '\x00', 0x5}, {0x7, 0x7, 0x8b, '\x00', 0x3f}, {0xd, 0x24, 0x2, '\x00', 0x8}, {0x0, 0x3, 0x6, '\x00', 0xb}, {0x7, 0x0, 0x4, '\x00', 0x6}, {0x2e, 0x3, 0x2, '\x00', 0x10}, {0xc, 0x8, 0x40, '\x00', 0x2}, {0xc9, 0x8, 0x0, '\x00', 0x7f}, {0x8, 0x80, 0x6, '\x00', 0x4}, {0x7a, 0x7, 0x4, '\x00', 0x7}, {0xe, 0x5, 0xfc, '\x00', 0xfb}, {0x3, 0x2, 0x4, '\x00', 0x7f}, {0x2, 0x6, 0x1, '\x00', 0xc}, {0x9, 0x2, 0x7, '\x00', 0x99}, {0x80, 0x80, 0x8}, {0x2, 0xfa, 0x7, '\x00', 0xa}]}}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)={0x1, 0x0, [{0x470f}]}) r3 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xffffffffffffffed, 0x0, 0x1004000000001, 0x4000000000000, 0x4002004c8, 0x1007, 0x1, 0xc595, 0x5, 0x60c43c3b, 0x3ff, 0x2000000000000000, 0x80000004000000, 0x8d], 0xeeee8000, 0x2010d3}) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000280)={{0x1, 0x8080000, 0xc, 0x6, 0x4, 0xa, 0x1, 0xe, 0x0, 0x1, 0xc, 0x3}, {0x1000, 0x3000, 0xe, 0x13, 0x1, 0x8, 0x7, 0x8, 0x0, 0x42, 0x2}, {0x2, 0x5001, 0x4, 0xf, 0x5, 0x6, 0xc3, 0x6, 0x3, 0x4, 0x5, 0xb}, {0x2, 0x0, 0x1a, 0xc, 0x7f, 0x6, 0x8, 0x7f, 0x5, 0x2, 0x1, 0x6}, {0x1, 0x8000000, 0x9, 0xd, 0x59, 0x2d, 0x5, 0xc, 0xfc, 0x0, 0xf8, 0xe5}, {0x2, 0x373ae001, 0x10, 0xbe, 0x6, 0x9, 0x10, 0x1, 0xbf, 0x18, 0x2, 0x4}, {0x5000, 0x4, 0x4, 0x9, 0x0, 0xf, 0x10, 0x3, 0x8, 0x4, 0x80, 0xc}, {0xdddd0000, 0xeeee0000, 0x10, 0x4, 0x64, 0x8, 0x0, 0xf9, 0x1, 0x8, 0x0, 0xfe}, {0x2, 0xedd8}, {0xffff1000, 0x17}, 0x40010, 0x0, 0x100000, 0x202, 0x100000002, 0x0, 0x2000, [0x5, 0x4, 0x4000000000000009, 0x3]}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000010c0)={[0x60000000003, 0x2001000000000, 0x0, 0x10, 0x2000001, 0x0, 0x2004cb, 0xa000000000000000, 0xffff, 0xfffffffffffffffb, 0x5, 0xffffffffffffffff, 0x7fffffffffffffff, 0x0, 0x0, 0xffffffffffff7ffc], 0x1, 0x202}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1.831533578s ago: executing program 2 (id=119): openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x0) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x882) r0 = syz_io_uring_setup(0xbd9, &(0x7f0000000300)={0x0, 0x1ad1, 0x3400, 0x1, 0x3bf}, &(0x7f0000000080)=0x0, &(0x7f00000001c0)=0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) sync_file_range(0xffffffffffffffff, 0x4, 0x8, 0x7) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f00000003c0)=[{&(0x7f0000001800)=""/216, 0xd8}, {0x0}], 0x2}) io_uring_enter(r0, 0x847ba, 0x0, 0xe, 0x0, 0x0) 1.600548508s ago: executing program 2 (id=122): openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000100)={0x0, &(0x7f0000000140)=[@nested_amd_vmcb_write_mask={0x17c, 0x38, {0x0, @control_area=0x8b, 0x0, 0x1000000, 0xfffffffffffffffd}}, @nested_vmresume={0x130, 0x18}], 0x50}) syz_kvm_add_vcpu$x86(0x0, &(0x7f00000000c0)={0x0, &(0x7f0000000980)=[@wr_crn={0x46, 0x20, {0x8, 0x4}}, @code={0xa, 0x60, {"b805000000b9e8d100000f01c1f045802bbdc4417f5edd66b8dc008ed8660f104c878766460f38802cf26764440f01df266743250000008066baf80cb8289d308fef66bafc0cb81c350000ef660f08"}}, @cpuid={0x14, 0x18, {0x3, 0x3}}, @rdmsr={0x32, 0x18, {0x4b564d00}}, @rdmsr={0x32, 0x18, {0x316}}, @nested_create_vm={0x12d, 0x18, 0x1}, @wr_crn={0x46, 0x20, {0x0, 0x8}}, @wr_crn={0x46, 0x20, {0x4}}, @nested_vmresume={0x130, 0x18, 0x3}, @cpuid={0x14, 0x18, {0x401, 0x7}}, @uexit={0x0, 0x18, 0xfffffffffffff701}, @rdmsr={0x32, 0x18, {0x8b2}}, @rdmsr={0x32, 0x18, {0xbae}}], 0x198}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r7 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r6, 0xae04) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, r7, 0x300000b, 0x11, r5, 0x0) 1.508027937s ago: executing program 1 (id=123): openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x478c02, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0xe01, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_EXIT_HYPERCALL(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000340)) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_GET_FPU(r2, 0x81a0ae8c, &(0x7f00000003c0)) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000600)={0x0, 0x0, @pic={0x2a, 0xc0, 0x7, 0x6, 0xfb, 0x0, 0xf, 0x4, 0x3, 0x0, 0x3, 0x58, 0x90, 0x5, 0x9, 0x7f}}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) r3 = eventfd2(0x200000, 0x0) ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f0000000900)={0x0, 0x0, 0x1, r3, 0x1}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[0x400035, 0xfff, 0x8010, 0x180, 0x4, 0x1400000000000, 0xf1, 0x0, 0x7fffffffffffe, 0x5, 0x4, 0x9, 0x0, 0x5, 0x0, 0xbdb], 0x1, 0x3c4210}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1.391678667s ago: executing program 3 (id=124): ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8}) ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, &(0x7f00000001c0)=@x86={0xd, 0x5, 0xb, 0x0, 0x2, 0x6, 0x6, 0x9, 0x8, 0x89, 0x6, 0x2, 0x0, 0x6, 0x6, 0xe2, 0x3, 0x29, 0x0, '\x00', 0x10, 0x6}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4, 0xffffffffffffffff, 0x1}) write$eventfd(r2, &(0x7f00000001c0)=0x3, 0x10) 1.378678038s ago: executing program 0 (id=125): syz_emit_ethernet(0x3e, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "6410a6", 0x8, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}, @local, {[@routing={0x84}]}}}}}, 0x0) 1.223640392s ago: executing program 0 (id=126): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$KVM_SET_DEBUGREGS(0xffffffffffffffff, 0x4080aea2, &(0x7f0000000080)={[0x80a0000, 0xeeef0000, 0xddcd0004, 0xb000], 0xdb, 0xc}) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x35, 0x8000000000000006, 0x8000000, 0x41, 0xa000001, 0xffffffffffffffff, 0x6, 0xffffffffffffffff, 0x0, 0x100000000, 0x3, 0x0, 0x3, 0x2], 0xffff1000, 0x202}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1.063339056s ago: executing program 3 (id=127): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000280)={{0x1, 0x4, 0xc, 0x6, 0x4, 0xa, 0x3, 0xe, 0x0, 0x1, 0xc, 0x3}, {0x2, 0x1000, 0xe, 0x11, 0x1, 0xbd, 0x3, 0xa, 0x0, 0x42, 0x2}, {0x2, 0xdddd0000, 0x4, 0xf, 0x5, 0x3, 0xc3, 0x6, 0x3, 0x6, 0x5, 0x3}, {0x3000, 0x3000, 0x1a, 0xc, 0x7f, 0x6, 0x8, 0x7f, 0x9, 0x2, 0x2, 0x6}, {0x1, 0x8000000, 0x0, 0xd, 0x59, 0x2d, 0x5, 0xc, 0xfc, 0x0, 0xf8, 0xff}, {0x2, 0x8092000, 0x8, 0xbd, 0x6, 0x7, 0x10, 0x1, 0xbf, 0x15, 0x2, 0x4}, {0x5000, 0x58000, 0xc, 0x9, 0x0, 0xf, 0x10, 0x3, 0x54, 0x0, 0x80, 0x9}, {0xdddd0000, 0xffff, 0x10, 0x4, 0x3, 0x3, 0x0, 0x4, 0x1, 0x8, 0x0, 0xfe}, {0x2b2bb042d133895d, 0xedd4}, {0xffff1000, 0x17}, 0x40019, 0x0, 0xd000, 0x0, 0x100000002, 0x0, 0xdddd1000, [0x5, 0x3, 0x9, 0x7]}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_syzos_vm$x86(r1, &(0x7f0000000000/0x400000)=nil) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_SREGS(r5, 0x4138ae84, &(0x7f0000000280)={{0x1, 0x5000, 0xc, 0x6, 0xf4, 0xa, 0x5, 0xd, 0x0, 0x1, 0xc, 0x3}, {0x2, 0x3000, 0x3, 0x13, 0x1, 0x8, 0x3, 0x8, 0x0, 0x46, 0x2}, {0x5000, 0x5001, 0xb, 0xf, 0x5, 0x3, 0xc3, 0x6, 0x3, 0x6, 0x7, 0x5}, {0x3000, 0x0, 0x1a, 0xc, 0x7f, 0x6, 0x8, 0x7e, 0x9, 0x2, 0x1, 0x2}, {0xf000, 0x4000, 0x0, 0xd, 0x59, 0x2d, 0x5, 0x3, 0xfc, 0x0, 0xf8, 0xe5}, {0x25000, 0x8092000, 0x10, 0xbd, 0x6, 0x10, 0x10, 0x1, 0xbf, 0x18, 0x6, 0x4}, {0x8000000, 0xeeee8000, 0xd, 0x9, 0x0, 0xf, 0x10, 0x3, 0x8, 0x1, 0x2, 0x8}, {0xdddd0000, 0x4, 0x10, 0xc, 0x7, 0x3, 0x0, 0xf9, 0x1, 0x8, 0x0, 0xfe}, {0x40000, 0xedda}, {0xffff1000, 0x17}, 0x40019, 0x0, 0x2, 0x0, 0x100000002, 0x0, 0xdddd1000, [0x5, 0x4, 0xc000000002000009, 0x7]}) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000010c0)={[0x60000000003, 0x1000000000, 0x2, 0x10, 0x2000001, 0x0, 0x2004cb, 0xa000000000000000, 0xffff, 0xfffffffffffffff7, 0x5, 0xffffffffffffffff, 0x7fffffffffffffff, 0xfffffffffffffffc, 0x0, 0xfffffffffffffffc], 0x1, 0x202}) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000010c0)={[0x60000000003, 0x1000000000, 0x0, 0x10, 0x1ffffff, 0x0, 0x2004cb, 0xa000000000000000, 0xffff, 0xfffffffffffffffb, 0x5, 0xffffffffffffffff, 0x7fffffffffffffff, 0x0, 0x0, 0xfffffffffffffffc], 0x1, 0x202}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1.060775626s ago: executing program 1 (id=128): ioctl$KVM_CAP_SPLIT_IRQCHIP(0xffffffffffffffff, 0x4068aea3, &(0x7f00000001c0)) syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000040)={0x0, &(0x7f0000000200)=[@code={0xa, 0x56, {"f36e400f0d3e48b8fcff0000000000000f23c80f21f8350800d0000f23f8420f69d8470f011f2e66460fc7b497464c69020f01f866b813010f00d0430f01c466baa10066ed"}}], 0x56}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x101000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x1fd, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$KVM_MEMORY_ENCRYPT_UNREG_REGION(0xffffffffffffffff, 0x8010aebc, &(0x7f0000000100)={0x70000, 0xa000}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[0x71, 0x0, 0x81, 0x20, 0x13, 0x7, 0x106c, 0x8, 0x8000000000000, 0x8000000400007f, 0x3, 0x1006, 0x0, 0x204, 0x0, 0x8001], 0xeeee0000, 0x2c0290}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 822.725407ms ago: executing program 0 (id=129): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_GUEST_MEMFD(r1, 0xc040aed4, &(0x7f0000000080)={0x200001fe0000, 0x3}) ioctl$KVM_SET_USER_MEMORY_REGION2(r1, 0x40a0ae49, &(0x7f0000000180)={0x4, 0x4, 0x6000, 0xa7000, &(0x7f0000ffc000/0x2000)=nil, 0x0, r2}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) close(r2) ioctl$KVM_PRE_FAULT_MEMORY(r3, 0xc040aed5, &(0x7f0000000000)={0x9000, 0x8000}) 695.361789ms ago: executing program 1 (id=130): openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x0) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x882) r0 = syz_io_uring_setup(0xbd9, &(0x7f0000000300)={0x0, 0x1ad1, 0x3400, 0x1, 0x3bf}, &(0x7f0000000080)=0x0, &(0x7f00000001c0)=0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) sync_file_range(0xffffffffffffffff, 0x4, 0x8, 0x7) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f00000003c0)=[{&(0x7f0000001800)=""/216, 0xd8}, {0x0}], 0x2}) io_uring_enter(r0, 0x847ba, 0x0, 0xe, 0x0, 0x0) 555.450071ms ago: executing program 0 (id=132): syz_emit_ethernet(0x2a, &(0x7f0000000000)={@local, @empty, @void, {@arp={0x806, @ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x1, @broadcast, @multicast1, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @dev={0xac, 0x14, 0x14, 0xe}}}}}, 0x0) 550.149681ms ago: executing program 1 (id=133): open$dir(&(0x7f00000008c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x40000, 0x4) 509.462305ms ago: executing program 2 (id=134): socket(0x0, 0x3, 0x5) 439.529161ms ago: executing program 3 (id=135): syz_emit_ethernet(0x60, &(0x7f0000000000)={@local, @dev, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "6410a6", 0x2a, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}, @local, {[@routing={0x84}], "223427d5c9a46b9fa14172170a013589317d2af31ba55431762f462a5abc3f46494e"}}}}}, 0x0) 412.027974ms ago: executing program 0 (id=136): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfa, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3) sendmmsg$inet(r0, &(0x7f0000002980)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000640)="985e44efeabe001cabcf3d8673c3a254a9a2d3197970cb347b70a243bf77139a94bc3ae91684aaf7b7dff691deb8f8aef2d915fb3a0794a9a9b431a819bca6122c350637808dde804a048fd8696e524b2934126c443ce93d82e931eb9918e6c0827686e59209d2e02c9210fd8048f04ad6c42200fd9232f5aa6a361816bf21afb8473a064f1988536d4b5888807b3aaafaf59f53121782a0a9370dc0feae13c8c2a1dcc8a3122aaa3dcd5b9247a915378e6492e5b94073dcdc87e7c794fb262a7e9ee0b9432f74331c6e9412ac6557c54c6ac72bc24ff70ca2f8ef53773c5cbdf4a583f81fdc8719dbe967b0690a3ed3f314c3e2ceebb3e29d00c2c1053d1e8b32d8a8be1bb9786746e0ee564306c80d7045747165005fa3528b5ac1e35e03b69cb54111dfcebc6d585aacdd57c351ef1aa8050274b122a21b47432f17a0cacfd9524d9cb09029e4daefaea47f8cd5a4f1dee71093ebc076363e14f78dd3b129b4b3ae5a7a085297416f1f1a8aeefa517ed1525ec76469b8b469851cc56c6016d9067dac3de3818856014c98ce8f36dac4d8cdb1f25e3c5de7bdab78066d2418c12e0acde73c05fc80a0658c7fbc52812a8423323a80e8a968e0ace13290fe8f862c1e7233c26f73ca24e5e441dd406e136df3a3996865e0693d955c691c675c3f6191b225d82ea4c6a7b2c1ed690c17768cd2b21ab0ac2ca7673eb9c00d635e146555db84b8a9061c3ca8bbefd2ae2b80f4a09561a098815c1357c4a7bca2071283", 0x222}], 0x1}}, {{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000003c0)="e2", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000a00)="449f6aed247d197178d7f0a82e1deae14825b22ab6c0ec1ca0c27cd21d8a48637cb781581aac75a2f848f285c99133f0435497bf6ae25625c64f82ecc0a7", 0x3e}, {&(0x7f0000000cc0)="cc5a4dbac0affd0a979c63ea8352d608a51fc8625318716ddf62b7752be4540c4ac7d344c53a3ad28313abc2437b60b03c0e587cafcf9a435bf90c618351f70a828238fdf90bc5d36c7d614b82552649954e0185662defd28f78449f073bad544f586136c5076a6f0f1b6fc9adf80557eb44db1b41824e9ef104c95e999766bbf27d74ad5d8fa63210cde65d384dd3e87c3fedaec3144d1ee66a0eb0750363e346cb9556a649fb246dd788930dae6109df6b9955bf8af119b5c9a86622af4ff8b5949fb90f8edbde416d046d61512fe4c453bb601a780e1bbc00dbedc5e50d3cd9bc920810eaefd5f9a171e9d32ab46b42e3e78c60087318bab42e94653cbd9e52fba37c5a31d095500e91d02256f101e82447e34733220cdaaabc947f5b815080b5214c94a06fe96450ea42f48006c032b24d9e8d722841b7c7244b1d2cc012fcda1f7472fdbabb673ef862e349359fad715b3f5cef6ef951abab80a4a0f5f8574395c5820fa25d07a119e23b39a87cb3b763fbfb0491121eec3e05eacbe7835e79e76881d1179013622a2a6421d51c974e6abd48a9882c8fcadbcee369346a9ad948fd5dd8f87496a30a9d888cdbcee8f3592dd69165358c4cd474639fc13300317b7fed115fb9818b20b877a39157101dbd8e23bc9ed32efed96c410a103d35336fb4ee4000bfb3d32b0181ff3d726a7dc6432a336a42b50b2c6877cb63b410d746b35fc721", 0x207}], 0x2}}], 0x3, 0x54004) socket$packet(0x11, 0x2, 0x300) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4) sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0) 375.541687ms ago: executing program 1 (id=137): r0 = socket$inet_icmp(0x2, 0x2, 0x1) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000200)=@nat={'nat\x00', 0x19, 0x0, 0x90, [0x200000000140, 0x0, 0x0, 0x200000000170, 0x2000000001a0], 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000100000000000000000000000000000000000000000000000000000feffffff0000000000000000000020000000000000000000000000000000000000000000000000000000000000000000ffffffff00000000"]}, 0x108) 266.933446ms ago: executing program 2 (id=138): r0 = socket$kcm(0x29, 0x7, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='blkio.bfq.io_queued\x00', 0x275a, 0x0) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x9, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) ioctl$sock_ifreq(r2, 0x89f0, &(0x7f0000000040)={'bond0\x00', @ifru_names='lo\x00'}) sendfile(r0, r1, 0x0, 0xffffffff000) r3 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TIOCSTI(r3, 0x5412, 0x0) ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, 0x0) 266.147267ms ago: executing program 3 (id=139): r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000180)={&(0x7f0000000040)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f00000001c0)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$VHOST_SET_VRING_CALL(0xffffffffffffffff, 0x8001af85, 0x0) ioctl$DRM_IOCTL_MODE_SETCRTC(r0, 0xc06864a2, &(0x7f0000000500)={0x0, 0x0, r2, r3, 0x5, 0x2001, 0x4, 0x5, {0x200004, 0x5, 0x5, 0xa, 0x8000, 0x9, 0xed, 0x5, 0x9, 0xd25, 0x7, 0x60b, 0x6d, 0xfffb, "6f4f1b1330d057b30bd15586b7445443c528a97436419c2cd5ae7297dceeb0be"}}) 143.477538ms ago: executing program 0 (id=140): r0 = syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x30000c6, &(0x7f0000000080), 0x1, 0x569, &(0x7f00000002c0)="$eJzs3U1rXFUfAPD/nWT6/jxNoRQVkYALK7WTJvGlgou61mJB93VIbkPJpFMyk9LEgu3CrqW4EQviXly7LH4BF36GghaKlKALN5E7uTOdJDPJtJ0mU+f3g1vOuS8598y5/9NzcmYyAQyt8eyfQsTLEfF1EnE0IpL82GjkB8fXz1t9dGMm25JYW/v0z6RxXpZv/qzmdYfzzEsR8ctXEacKW8utLa/MlyuVdDHPT9QXrk7UlldOX14oz6Vz6ZWp6emz70xPvf/eu32r65sX/v72k3sjee7YnSTOxZE8116PZ3CzPTMe4/lrUoxzm06c7ENhgyTpuPenXb8PnsxIHufFyPqAozGSRz3w3/dlRKwBQyp54vj/rfh87gTYXc1xQHNu36d58Avj4YfrE6Ct9R9d/91IHGjMjQ6tJhtmRtl8d6wP5Wdl/PzH3TvZFv37PQTAjm7eiogzo6Nb+78k7/+e3pkeztlchv4Pds+9bPzzVqfxT6E1/okO45/DHWL3aewc/4UHfSimq2z890HH8W9r0WpsJM/9rzHmKyaXLlfSrG/7f0ScjOL+LL/des7Z1ftr3Y61j/+yLSu/ORbM7+PB6P6N18yW6+VnqXO7h7ciXuk4/k1a7Z90aP/s9bjQYxkn0ruvdTu2c/2fr7UfIt7o2P6PV7SS7dcnJxrPw0Tzqdjqr9snfu1W/l7XP2v/Q9vXfyxpX6+ttV890lMZ3x/4J43WevJGG+ofvT//+5LPGul9+b7r5Xp9cTJiX/Jxa3+huX/q8bXNfPP8rP4nX9++/+v0/B+MiM97qn3E7eM/vtrt2CC0/2zH9m/Nbje1/5Mn7n/0xXfdyu+t/3u7kTqZ7+ml/+v1Bp/ltQMAAAAAAIBBU4iII5EUSq10oVAqrb+/43gcKlSqtfqpS9WlK7PR+KzsWBQLzZXuo23vh5jMVwyb+alN+emIOBYR34wcbORLM9XK7F5XHgAAAAAAAAAAAAAAAAAAAAbE4S6f/8/8vvXPux/Y/TsEnitf+Q3Da8f478c3PQEDyf//MLzEPwwv8Q/DS/zD8BL/MLzEPwwv8Q/DS/wDAAAAAAAAAAAAAAAAAAAAAAAAAABAX104fz7b1lYf3ZjJ8rPXlpfmq9dOz6a1+dLC0kxpprp4tTRXrc5V0tJMdWGnn1epVq9OTsXS9Yl6WqtP1JZXLi5Ul67UL15eKM+lF9PirtQKAAAAAAAAAAAAAAAAAAAAXiy15ZX5cqWSLkpIPFVidDBuQ6LPib3umQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgsX8DAAD//welMww=") lsetxattr$trusted_overlay_upper(&(0x7f00000001c0)='./file1\x00', &(0x7f0000000180), &(0x7f0000000940)=ANY=[], 0x361, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="1801000001ffffeb00000000eb658e0d850000007b00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) setxattr$security_ima(&(0x7f0000000100)='./file1\x00', &(0x7f0000000140), &(0x7f00000013c0)=ANY=[], 0x700, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x12, &(0x7f00000001c0)={&(0x7f0000000240)=@getchain={0x24, 0x11, 0x1, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0x8, 0xf}, {0xfff3, 0xf}, {0x0, 0xf}}}, 0x24}, 0x1, 0x0, 0x0, 0x44060}, 0x98) lsetxattr$trusted_overlay_upper(&(0x7f0000000280)='./file1\x00', &(0x7f00000000c0), &(0x7f0000000100)=ANY=[@ANYRESHEX=r0, @ANYRESHEX], 0xfe37, 0x0) 143.181998ms ago: executing program 1 (id=141): openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x0) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x882) r0 = syz_io_uring_setup(0xbd9, &(0x7f0000000300)={0x0, 0x1ad1, 0x3400, 0x1, 0x3bf}, &(0x7f0000000080)=0x0, &(0x7f00000001c0)=0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f00000003c0)=[{&(0x7f0000001800)=""/216, 0xd8}, {0x0}], 0x2}) io_uring_enter(r0, 0x847ba, 0x0, 0xe, 0x0, 0x0) 41.580327ms ago: executing program 3 (id=142): syz_mount_image$ext4(&(0x7f00000001c0)='ext4\x00', &(0x7f0000000340)='./file1\x00', 0x210002, &(0x7f0000002f40)={[{@nodelalloc}, {@dioread_lock}, {@barrier_val={'barrier', 0x3d, 0x4}}, {@nolazytime}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@lazytime}, {@errors_remount}, {@stripe={'stripe', 0x3d, 0x5}}, {@bh}, {@init_itable}]}, 0xfc, 0x56f, &(0x7f0000003780)="$eJzs3d9rW1UcAPDvTdPup66DMdQHGezByVy6tv6YIDgfRYcDfZ+hzcpouowmHWsduD24F19kCCIOxD/Adx+H/4B/xUAHQ0bRBxEiN73psjZp2i4z2fL5wG3Pyb23535z7vf2nNyEBDC0jqU/chEvR8Q3ScShlnX5yFYeW9tu9eH1mXRJol7/9M8kkuyx5vZJ9vtAVnkpIn79KuJkbnO71eWV+WK5XFrM6hO1hSsT1eWVU5cWinOludLlqenpM29NT737zts9i/X1839//8ndD898fXz1u5/vH76dxNk4mK1rjeMJ3GitHCv+m5VG4+yGDSd70NggSfp9AOzKSJbno5FeAw7FSJb1wPPvy4ioA0Mqkf8wpJrjgObcvkfz4GfGgw/WJkCN2Mda48+vvTYSextzo/2ryWMzo3S+O96D9tM2fvnjzu10ia1fh9jXpQ6wIzduRsTpfH7z9T/Jrn+7d7rx4vHWNrYxbP9/oJ/upuOfN9qN/3Lr459oM/450CZ3d6N7/ufu96CZjtLx33ttx7/rl67xkaz2QmPMN5pcvFQunY6IFyPiRNS73vo4s3qv3mld6/gvXdL2m2PB7Dju5/c8vs9ssVaMiLFdhvyYBzcjXsm3iz9Z7/+kTf+nz8f5bbZxtHTn1U7rusf/dNV/initbf8/6tZk6/uTE43zYaJ5Vmz2162jv3Vqv9/xp/2/f+v4x5PW+7XVnbfx495/Sp3W7fb8H0s+a5SbSXCtWKstTkaMJR9vfnzq0b7NenP7NP4Tx7e+/rU7/9PJ1+fbjP/WkVsdNx2E/p/dUf/vvHDvoy9+6NT+9vr/zUbpRPZIdv1rLztXtnuAT/r8AQAAAAAAwCDJRcTBSHKF9XIuVyisvb/jSOzPlSvV2smLlaXLs9H4rOx4jOaad7oPtbwfYjJ7P2yzPrWhPh0RhyPi25F9jXphplKe7XfwAAAAAAAAAAAAAAAAAAAAMCAOdPj8f+r3kX4fHfDUNb7YYE+/jwLoh65f+d+Lb3oCBlLX/AeeW/Ifhpf8h+El/2F4yX8YXvIfhpf8h+El/wEAAAAAAAAAAAAAAAAAAAAAAAAAAKCnzp87ly711YfXZ9L67NXlpfnK1VOzpep8YWFppjBTWbxSmKtU5sqlwkxlodvfK1cqVyanYunaRK1UrU1Ul1cuLFSWLtcuXFoozpUulEb/l6gAAAAAAAAAAAAAAAAAAADg2VJdXpkvlsulRYWOhfdjIA7jaQa4Zle75wclCoUOhZtZ9+5srz5elAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgg/8CAAD//4yLMZo=") syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3001009, 0x0, 0x1, 0x0, 0x0) setxattr(&(0x7f0000000000)='./bus\x00', &(0x7f0000000040)=@known='security.apparmor\x00', &(0x7f0000000080)=')\'\x00', 0x3, 0x1) 0s ago: executing program 2 (id=143): r0 = socket$packet(0x11, 0x3, 0x300) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=@newqdisc={0x70, 0x24, 0xe0b, 0x70bd25, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0x9}, {0xffff, 0xffff}, {0xfff1, 0x9}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x40, 0x2, {{0x1ff, 0x4, 0x0, 0x0, 0xfffffffd, 0x8}, [@TCA_NETEM_ECN={0x8, 0x7, 0x1}, @TCA_NETEM_LOSS={0x1c, 0x5, 0x0, 0x1, [@NETEM_LOSS_GI={0x18, 0x1, {0x80000001, 0x31, 0x3, 0x5, 0x7}}]}]}}}]}, 0x70}}, 0x0) sendto$packet(r0, &(0x7f0000000080)="44c33b69ebc9e05e9bdec0c286dd", 0xe, 0x830, &(0x7f0000000440)={0x11, 0x0, r3, 0x1, 0x2, 0x6, @local}, 0x14) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.14' (ED25519) to the list of known hosts. [ 72.983810][ T5753] cgroup: Unknown subsys name 'net' [ 73.131317][ T5753] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 74.780437][ T5753] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 76.672203][ T5770] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 76.679706][ T5768] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 76.687686][ T5768] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 76.696278][ T5770] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 76.704049][ T5776] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 76.705511][ T5768] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 76.715985][ T5776] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 76.725550][ T5768] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 76.727041][ T5776] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 76.733733][ T5768] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 76.742019][ T5776] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 76.754703][ T5768] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 76.755318][ T5779] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 76.764104][ T5768] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 76.776879][ T5768] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 76.778119][ T5776] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 76.785550][ T5779] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 76.797239][ T5776] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 76.807081][ T5779] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 76.807447][ T5776] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 76.814679][ T5779] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 76.829267][ T5776] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 76.829386][ T5768] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 76.843932][ T5776] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 77.277430][ T5764] chnl_net:caif_netlink_parms(): no params data found [ 77.337365][ T5763] chnl_net:caif_netlink_parms(): no params data found [ 77.533568][ T5764] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.540783][ T5764] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.555456][ T5764] bridge_slave_0: entered allmulticast mode [ 77.564362][ T5764] bridge_slave_0: entered promiscuous mode [ 77.579874][ T5764] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.587465][ T5764] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.594988][ T5764] bridge_slave_1: entered allmulticast mode [ 77.602003][ T5764] bridge_slave_1: entered promiscuous mode [ 77.654546][ T5775] chnl_net:caif_netlink_parms(): no params data found [ 77.676997][ T5766] chnl_net:caif_netlink_parms(): no params data found [ 77.690053][ T5764] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 77.705150][ T5763] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.712869][ T5763] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.720076][ T5763] bridge_slave_0: entered allmulticast mode [ 77.728103][ T5763] bridge_slave_0: entered promiscuous mode [ 77.736961][ T5763] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.744177][ T5763] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.751352][ T5763] bridge_slave_1: entered allmulticast mode [ 77.758700][ T5763] bridge_slave_1: entered promiscuous mode [ 77.784364][ T5764] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 77.890714][ T5763] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 77.904635][ T5763] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 77.916973][ T5764] team0: Port device team_slave_0 added [ 77.926110][ T5764] team0: Port device team_slave_1 added [ 78.039013][ T5763] team0: Port device team_slave_0 added [ 78.048048][ T5763] team0: Port device team_slave_1 added [ 78.056338][ T5764] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.063552][ T5764] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.089532][ T5764] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.101881][ T5775] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.109425][ T5775] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.116778][ T5775] bridge_slave_0: entered allmulticast mode [ 78.123921][ T5775] bridge_slave_0: entered promiscuous mode [ 78.167173][ T5764] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.174853][ T5764] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.201814][ T5764] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.219468][ T5775] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.226860][ T5775] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.234346][ T5775] bridge_slave_1: entered allmulticast mode [ 78.241350][ T5775] bridge_slave_1: entered promiscuous mode [ 78.248605][ T5766] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.255993][ T5766] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.263449][ T5766] bridge_slave_0: entered allmulticast mode [ 78.270586][ T5766] bridge_slave_0: entered promiscuous mode [ 78.279325][ T5763] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.286483][ T5763] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.312480][ T5763] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.325406][ T5763] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.332500][ T5763] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.358593][ T5763] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.403789][ T5766] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.410980][ T5766] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.418493][ T5766] bridge_slave_1: entered allmulticast mode [ 78.425898][ T5766] bridge_slave_1: entered promiscuous mode [ 78.494211][ T5775] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.506802][ T5766] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.519857][ T5766] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.535193][ T5764] hsr_slave_0: entered promiscuous mode [ 78.541654][ T5764] hsr_slave_1: entered promiscuous mode [ 78.564273][ T5775] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.636763][ T5775] team0: Port device team_slave_0 added [ 78.663678][ T5766] team0: Port device team_slave_0 added [ 78.675656][ T5763] hsr_slave_0: entered promiscuous mode [ 78.682388][ T5763] hsr_slave_1: entered promiscuous mode [ 78.688543][ T5763] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 78.696632][ T5763] Cannot create hsr debugfs directory [ 78.704299][ T5775] team0: Port device team_slave_1 added [ 78.744407][ T5766] team0: Port device team_slave_1 added [ 78.807649][ T5775] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.815549][ T5775] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.841609][ T5775] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.854574][ T5766] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.861559][ T5766] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.887785][ T5766] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.915187][ T5775] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.922186][ T5775] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.945642][ T5771] Bluetooth: hci1: command tx timeout [ 78.948835][ T5081] Bluetooth: hci3: command tx timeout [ 78.954513][ T5774] Bluetooth: hci0: command tx timeout [ 78.962428][ T5775] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.965932][ T5776] Bluetooth: hci2: command tx timeout [ 78.987970][ T5766] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.995099][ T5766] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 79.021119][ T5766] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 79.213127][ T5775] hsr_slave_0: entered promiscuous mode [ 79.219410][ T5775] hsr_slave_1: entered promiscuous mode [ 79.228687][ T5775] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 79.236366][ T5775] Cannot create hsr debugfs directory [ 79.246244][ T5766] hsr_slave_0: entered promiscuous mode [ 79.253039][ T5766] hsr_slave_1: entered promiscuous mode [ 79.259397][ T5766] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 79.267541][ T5766] Cannot create hsr debugfs directory [ 79.485876][ T5764] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 79.517693][ T5764] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 79.528409][ T5764] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 79.551237][ T5764] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 79.623584][ T5763] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 79.634637][ T5763] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 79.647980][ T5763] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 79.670476][ T5763] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 79.748120][ T5766] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 79.763650][ T5766] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 79.805972][ T5766] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 79.818259][ T5766] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 79.868629][ T5775] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 79.884301][ T5775] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 79.897992][ T5775] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 79.909646][ T5775] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 80.005025][ T5764] 8021q: adding VLAN 0 to HW filter on device bond0 [ 80.056533][ T5764] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.088886][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.096520][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.117574][ T5763] 8021q: adding VLAN 0 to HW filter on device bond0 [ 80.131145][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.138283][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 80.221289][ T5763] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.240986][ T5766] 8021q: adding VLAN 0 to HW filter on device bond0 [ 80.283170][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.290692][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.319725][ T5766] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.343359][ T5775] 8021q: adding VLAN 0 to HW filter on device bond0 [ 80.367168][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.374371][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.386153][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.393354][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 80.430477][ T5775] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.450729][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.457953][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 80.504762][ T3454] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.512057][ T3454] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.585304][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.592504][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 80.697239][ T5775] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 80.731406][ T5763] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 80.751791][ T5764] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 80.880457][ T5764] veth0_vlan: entered promiscuous mode [ 80.911301][ T5764] veth1_vlan: entered promiscuous mode [ 81.029520][ T5764] veth0_macvtap: entered promiscuous mode [ 81.032567][ T5774] Bluetooth: hci0: command tx timeout [ 81.039450][ T5776] Bluetooth: hci3: command tx timeout [ 81.040869][ T5774] Bluetooth: hci2: command tx timeout [ 81.048659][ T5771] Bluetooth: hci1: command tx timeout [ 81.089360][ T5764] veth1_macvtap: entered promiscuous mode [ 81.160232][ T5766] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 81.185621][ T5764] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 81.223645][ T5764] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 81.250646][ T5764] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.261590][ T5764] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.271385][ T5764] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.281446][ T5764] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.298839][ T5775] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 81.365087][ T5763] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 81.387636][ T5766] veth0_vlan: entered promiscuous mode [ 81.438488][ T5766] veth1_vlan: entered promiscuous mode [ 81.490055][ T5775] veth0_vlan: entered promiscuous mode [ 81.511901][ T1140] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 81.533224][ T1140] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 81.551101][ T5775] veth1_vlan: entered promiscuous mode [ 81.629838][ T1079] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 81.638140][ T1079] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 81.669525][ T5766] veth0_macvtap: entered promiscuous mode [ 81.686289][ T5766] veth1_macvtap: entered promiscuous mode [ 81.697418][ T5763] veth0_vlan: entered promiscuous mode [ 81.744629][ T5766] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 81.761430][ T5766] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 81.777772][ T5766] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 81.788349][ T5763] veth1_vlan: entered promiscuous mode [ 81.797257][ T5775] veth0_macvtap: entered promiscuous mode [ 81.808465][ T5775] veth1_macvtap: entered promiscuous mode [ 81.820769][ T5766] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 81.863078][ T5766] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 81.883933][ T5766] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 81.936285][ T5766] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.948753][ T5766] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.957602][ T5766] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.967025][ T5766] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.992195][ T5763] veth0_macvtap: entered promiscuous mode [ 82.034612][ T5775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 82.047174][ T5775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.061905][ T5775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 82.074046][ T5775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.094778][ T5775] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 82.103476][ T5763] veth1_macvtap: entered promiscuous mode [ 82.138336][ T5775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 82.171105][ T5775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.192478][ T5775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 82.206197][ T5775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.222210][ T5775] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 82.277884][ T5775] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.293280][ T5775] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.309721][ T5775] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.340371][ T5775] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.396942][ T5763] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 82.428964][ T5763] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.449183][ T5763] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 82.480672][ T5763] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.508075][ T5763] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 82.534201][ T5763] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.574271][ T5763] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 82.651508][ T5763] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 82.679892][ T5763] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.722512][ T5763] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 82.758311][ T5763] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.777149][ T5763] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 82.842514][ T5763] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.871910][ T5763] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 82.988252][ T5763] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.007733][ T5763] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.033200][ T5763] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.052143][ T5763] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 83.078201][ T1140] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.090533][ T1140] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.105799][ T5771] Bluetooth: hci1: command tx timeout [ 83.111246][ T5776] Bluetooth: hci3: command tx timeout [ 83.111329][ T5081] Bluetooth: hci0: command tx timeout [ 83.123620][ T5774] Bluetooth: hci2: command tx timeout [ 83.270889][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.278850][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.461413][ T1140] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.504235][ T1140] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.585095][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.602865][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.730471][ T3454] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.783993][ T3454] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 83.851896][ T1079] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 83.879936][ T1079] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.030466][ T27] audit: type=1326 audit(1767839871.192:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5866 comm="syz.1.5" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbb698f749 code=0x7ffc0000 [ 84.062895][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 84.164060][ T27] audit: type=1326 audit(1767839871.262:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5866 comm="syz.1.5" exe="/root/syz-executor" sig=0 arch=c000003e syscall=277 compat=0 ip=0x7fcbb698f749 code=0x7ffc0000 [ 84.212713][ T5871] Zero length message leads to an empty skb [ 84.251068][ T27] audit: type=1326 audit(1767839871.262:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5866 comm="syz.1.5" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbb698f749 code=0x7ffc0000 [ 84.295105][ T27] audit: type=1326 audit(1767839871.262:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5866 comm="syz.1.5" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbb698f749 code=0x7ffc0000 [ 84.327524][ T27] audit: type=1326 audit(1767839871.262:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5866 comm="syz.1.5" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbb698f749 code=0x7ffc0000 [ 84.353188][ T27] audit: type=1326 audit(1767839871.262:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5866 comm="syz.1.5" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbb698f749 code=0x7ffc0000 [ 84.375982][ T27] audit: type=1326 audit(1767839871.262:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5866 comm="syz.1.5" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbb698f749 code=0x7ffc0000 [ 84.400534][ T27] audit: type=1326 audit(1767839871.262:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5866 comm="syz.1.5" exe="/root/syz-executor" sig=0 arch=c000003e syscall=426 compat=0 ip=0x7fcbb698f749 code=0x7ffc0000 [ 84.426844][ T5832] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 84.429040][ T5874] process 'syz.0.1' launched './file0' with NULL argv: empty string added [ 84.513334][ T5811] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 84.622038][ T27] audit: type=1326 audit(1767839871.782:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5866 comm="syz.1.5" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbb698f749 code=0x7ffc0000 [ 84.675477][ T5832] usb 3-1: Using ep0 maxpacket: 8 [ 84.692157][ T27] audit: type=1326 audit(1767839871.812:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5866 comm="syz.1.5" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbb698f749 code=0x7ffc0000 [ 84.722679][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 84.731939][ T5832] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xE has invalid wMaxPacketSize 0 [ 84.753179][ T5811] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 84.763334][ T5832] usb 3-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xB3, skipping [ 84.777535][ T5832] usb 3-1: New USB device found, idVendor=077d, idProduct=627a, bcdDevice= 0.01 [ 84.794864][ T5832] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 84.804740][ T5832] usb 3-1: Product: syz [ 84.809553][ T5832] usb 3-1: Manufacturer: syz [ 84.814877][ T5832] usb 3-1: SerialNumber: syz [ 84.838972][ T5811] usb 4-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping [ 84.839652][ T5832] usb 3-1: config 0 descriptor?? [ 84.886540][ T5832] radioshark 3-1:0.0: Invalid radioSHARK device [ 84.900072][ T5832] radioshark: probe of 3-1:0.0 failed with error -22 [ 84.910266][ T5832] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 84.922676][ T5811] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 84.948237][ T5811] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 85.046392][ T5811] usb 4-1: Product: syz [ 85.059868][ T5811] usb 4-1: Manufacturer: syz [ 85.067609][ T5811] usb 4-1: SerialNumber: syz [ 85.143315][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 85.153645][ T5811] usb 4-1: selecting invalid altsetting 1 [ 85.182842][ T5774] Bluetooth: hci1: command tx timeout [ 85.191411][ T5081] Bluetooth: hci3: command tx timeout [ 85.191725][ T5771] Bluetooth: hci2: command tx timeout [ 85.202664][ T5081] Bluetooth: hci0: command tx timeout [ 85.536967][ T5865] netlink: set zone limit has 8 unknown bytes [ 85.552408][ T5811] cdc_ncm 4-1:1.0: failed GET_NTB_PARAMETERS [ 85.563572][ T5811] cdc_ncm 4-1:1.0: bind() failure [ 85.591561][ T5811] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found [ 85.601114][ T5811] cdc_ncm 4-1:1.1: bind() failure [ 85.642167][ T5884] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 85.975616][ T5832] usb 3-1: USB disconnect, device number 2 [ 86.324307][ T5879] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 86.337195][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 86.637572][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 86.826472][ T5904] netlink: 12 bytes leftover after parsing attributes in process `syz.1.10'. [ 87.192698][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 87.250805][ T23] usb 4-1: USB disconnect, device number 2 [ 87.272731][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 87.523603][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 87.531941][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 87.613958][ T5912] syz.0.11[5912]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 87.654525][ T5912] veth1_to_bond: entered allmulticast mode [ 87.743529][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 88.539344][ T5906] veth1_to_bond: left allmulticast mode [ 88.772478][ T5831] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 88.801195][ T5932] kvm: requested 181028 ns i8254 timer period limited to 200000 ns [ 88.824374][ T5932] kvm: requested 12571 ns i8254 timer period limited to 200000 ns [ 88.844854][ T5932] kvm: requested 119009 ns i8254 timer period limited to 200000 ns [ 88.871551][ T5932] kvm: requested 60342 ns i8254 timer period limited to 200000 ns [ 88.969926][ T5831] usb 4-1: config 247 has too many interfaces: 66, using maximum allowed: 32 [ 88.996931][ T5932] kvm: requested 15923 ns i8254 timer period limited to 200000 ns [ 89.027583][ T5831] usb 4-1: config 247 has an invalid descriptor of length 0, skipping remainder of the config [ 89.052141][ T5932] kvm: requested 38552 ns i8254 timer period limited to 200000 ns [ 89.064562][ T5831] usb 4-1: config 247 has 0 interfaces, different from the descriptor's value: 66 [ 89.080284][ T5932] kvm: requested 20114 ns i8254 timer period limited to 200000 ns [ 89.085537][ T5831] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 89.102727][ T5831] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 89.111134][ T5932] kvm: requested 41066 ns i8254 timer period limited to 200000 ns [ 89.122141][ T5831] usb 4-1: Product: syz [ 89.134233][ T5831] usb 4-1: Manufacturer: syz [ 89.180722][ T5932] kvm: requested 187733 ns i8254 timer period limited to 200000 ns [ 89.231503][ T5932] kvm: requested 52800 ns i8254 timer period limited to 200000 ns [ 89.599328][ T5936] netlink: 'syz.3.15': attribute type 9 has an invalid length. [ 89.623597][ T5936] netlink: 'syz.3.15': attribute type 7 has an invalid length. [ 89.631362][ T5936] netlink: 'syz.3.15': attribute type 8 has an invalid length. [ 91.617331][ T5832] usb 4-1: USB disconnect, device number 3 [ 91.644106][ T9] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 91.714593][ T5954] netlink: 12 bytes leftover after parsing attributes in process `syz.3.22'. [ 91.874110][ T9] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 91.900980][ T9] usb 2-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping [ 91.945378][ T9] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 91.962327][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 91.970377][ T9] usb 2-1: Product: syz [ 91.994628][ T9] usb 2-1: Manufacturer: syz [ 92.011170][ T9] usb 2-1: SerialNumber: syz [ 92.031135][ T9] usb 2-1: selecting invalid altsetting 1 [ 92.086042][ T787] cfg80211: failed to load regulatory.db [ 92.444157][ T9] cdc_ncm 2-1:1.0: failed GET_NTB_PARAMETERS [ 92.481126][ T9] cdc_ncm 2-1:1.0: bind() failure [ 92.515608][ T9] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found [ 92.536276][ T9] cdc_ncm 2-1:1.1: bind() failure [ 92.942500][ T9] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 93.162389][ T9] usb 1-1: Using ep0 maxpacket: 8 [ 93.176904][ T9] usb 1-1: config 0 interface 0 altsetting 6 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 93.207482][ T9] usb 1-1: config 0 interface 0 altsetting 6 endpoint 0x81 has invalid wMaxPacketSize 0 [ 93.244603][ T9] usb 1-1: config 0 interface 0 has no altsetting 0 [ 93.268089][ T9] usb 1-1: New USB device found, idVendor=0b43, idProduct=0003, bcdDevice= 0.00 [ 93.298619][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 93.340075][ T9] usb 1-1: config 0 descriptor?? [ 93.809461][ T9] smartjoyplus 0003:0B43:0003.0001: ignoring exceeding usage max [ 93.824335][ T9] smartjoyplus 0003:0B43:0003.0001: unbalanced collection at end of report description [ 93.850386][ T9] smartjoyplus 0003:0B43:0003.0001: parse failed [ 93.856992][ T9] smartjoyplus: probe of 0003:0B43:0003.0001 failed with error -22 [ 94.017479][ T23] usb 1-1: USB disconnect, device number 2 [ 94.412592][ T9] usb 2-1: USB disconnect, device number 2 [ 94.494696][ T5811] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 94.507714][ T27] audit: type=1326 audit(1767839881.672:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5987 comm="syz.1.31" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbb698f749 code=0x7ffc0000 [ 94.571300][ T27] audit: type=1326 audit(1767839881.672:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5987 comm="syz.1.31" exe="/root/syz-executor" sig=0 arch=c000003e syscall=277 compat=0 ip=0x7fcbb698f749 code=0x7ffc0000 [ 94.607485][ T27] audit: type=1326 audit(1767839881.672:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5987 comm="syz.1.31" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbb698f749 code=0x7ffc0000 [ 94.655318][ T27] audit: type=1326 audit(1767839881.672:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5987 comm="syz.1.31" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbb698f749 code=0x7ffc0000 [ 94.717811][ T5811] usb 4-1: Using ep0 maxpacket: 16 [ 94.724994][ T5811] usb 4-1: config 0 interface 0 altsetting 16 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 94.736940][ T27] audit: type=1326 audit(1767839881.672:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5987 comm="syz.1.31" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbb698f749 code=0x7ffc0000 [ 94.772313][ T5811] usb 4-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0 [ 94.797031][ T5811] usb 4-1: config 0 interface 0 altsetting 16 has 1 endpoint descriptor, different from the interface descriptor's value: 28 [ 94.816284][ T27] audit: type=1326 audit(1767839881.672:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5987 comm="syz.1.31" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbb698f749 code=0x7ffc0000 [ 94.831248][ T5811] usb 4-1: config 0 interface 0 has no altsetting 0 [ 94.840800][ T27] audit: type=1326 audit(1767839881.672:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5987 comm="syz.1.31" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbb698f749 code=0x7ffc0000 [ 94.868304][ T5811] usb 4-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 94.872638][ T27] audit: type=1326 audit(1767839881.702:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5987 comm="syz.1.31" exe="/root/syz-executor" sig=0 arch=c000003e syscall=426 compat=0 ip=0x7fcbb698f749 code=0x7ffc0000 [ 94.907098][ T5811] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 94.923061][ T5811] usb 4-1: config 0 descriptor?? [ 94.967373][ T27] audit: type=1326 audit(1767839882.132:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5987 comm="syz.1.31" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbb698f749 code=0x7ffc0000 [ 94.990708][ T27] audit: type=1326 audit(1767839882.132:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5987 comm="syz.1.31" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcbb698f749 code=0x7ffc0000 [ 95.052359][ T9] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 95.238414][ T9] usb 1-1: config 247 has too many interfaces: 66, using maximum allowed: 32 [ 95.247334][ T9] usb 1-1: config 247 has an invalid descriptor of length 0, skipping remainder of the config [ 95.267779][ T9] usb 1-1: config 247 has 0 interfaces, different from the descriptor's value: 66 [ 95.299492][ T9] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 95.309213][ T9] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 95.317495][ T9] usb 1-1: Product: syz [ 95.321765][ T9] usb 1-1: Manufacturer: syz [ 95.352895][ T5811] hid (null): bogus close delimiter [ 95.419568][ T5997] kvm: kvm [5995]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0xc2) = 0x9d00 [ 95.432998][ T5997] kvm: kvm [5995]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0xc1) = 0x9d00 [ 95.599452][ T9] usb 4-1: USB disconnect, device number 4 [ 95.779053][ T6005] netlink: 'syz.0.33': attribute type 9 has an invalid length. [ 95.788115][ T6005] netlink: 'syz.0.33': attribute type 7 has an invalid length. [ 95.796417][ T6005] netlink: 'syz.0.33': attribute type 8 has an invalid length. [ 96.226613][ T6009] netlink: 12 bytes leftover after parsing attributes in process `syz.2.37'. [ 97.381129][ T6029] netlink: 'syz.2.44': attribute type 1 has an invalid length. [ 98.333819][ T6041] netlink: 12 bytes leftover after parsing attributes in process `syz.2.50'. [ 98.419677][ T787] usb 1-1: USB disconnect, device number 3 [ 98.902654][ T6054] netlink: 8 bytes leftover after parsing attributes in process `syz.3.54'. [ 99.697305][ T6074] netlink: 12 bytes leftover after parsing attributes in process `syz.1.61'. [ 99.793482][ T6076] veth1_to_bond: entered allmulticast mode [ 100.262783][ T5849] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 100.583698][ T5849] usb 2-1: config 247 has too many interfaces: 66, using maximum allowed: 32 [ 100.602373][ T5849] usb 2-1: config 247 has an invalid descriptor of length 0, skipping remainder of the config [ 100.660408][ T5849] usb 2-1: config 247 has 0 interfaces, different from the descriptor's value: 66 [ 100.741541][ T5849] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 100.751692][ T6070] veth1_to_bond: left allmulticast mode [ 100.798017][ T5849] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 100.820372][ T5849] usb 2-1: Product: syz [ 100.830625][ T5849] usb 2-1: Manufacturer: syz [ 101.264838][ T6082] netlink: 'syz.1.62': attribute type 9 has an invalid length. [ 101.383004][ T6082] netlink: 'syz.1.62': attribute type 7 has an invalid length. [ 101.423303][ T6082] netlink: 'syz.1.62': attribute type 8 has an invalid length. [ 101.904374][ T27] audit: type=1326 audit(1767839889.072:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6086 comm="syz.0.65" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f73f4d8f749 code=0x0 [ 102.104586][ T5771] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201' [ 102.114578][ T5771] CPU: 0 PID: 5771 Comm: kworker/u5:4 Not tainted syzkaller #0 [ 102.122136][ T5771] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 102.132193][ T5771] Workqueue: hci0 hci_rx_work [ 102.136982][ T5771] Call Trace: [ 102.140269][ T5771] [ 102.143240][ T5771] dump_stack_lvl+0x16c/0x230 [ 102.147951][ T5771] ? show_regs_print_info+0x20/0x20 [ 102.153163][ T5771] ? load_image+0x3b0/0x3b0 [ 102.157694][ T5771] sysfs_create_dir_ns+0x256/0x280 [ 102.162839][ T5771] ? hci_rx_work+0x43a/0xd80 [ 102.167447][ T5771] ? sysfs_warn_dup+0xa0/0xa0 [ 102.172142][ T5771] ? do_raw_spin_unlock+0x121/0x230 [ 102.177446][ T5771] kobject_add_internal+0x6b8/0xc70 [ 102.182678][ T5771] kobject_add+0x156/0x220 [ 102.187145][ T5771] ? __rwlock_init+0x150/0x150 [ 102.191946][ T5771] ? kobject_init+0x1e0/0x1e0 [ 102.196669][ T5771] ? _raw_spin_unlock+0x28/0x40 [ 102.201551][ T5771] ? get_device_parent+0x366/0x390 [ 102.206699][ T5771] device_add+0x408/0xc20 [ 102.211157][ T5771] hci_conn_add_sysfs+0xd5/0x1e0 [ 102.216127][ T5771] le_conn_complete_evt+0xf36/0x1500 [ 102.221447][ T5771] ? hci_event_packet+0x4a7/0x1210 [ 102.226597][ T5771] ? hci_le_big_info_adv_report_evt+0x8e0/0x8e0 [ 102.232866][ T5771] ? __copy_skb_header+0xa7/0x550 [ 102.237938][ T5771] ? __mutex_unlock_slowpath+0x1a2/0x6a0 [ 102.243618][ T5771] ? skb_pull_data+0xfb/0x200 [ 102.248339][ T5771] hci_le_enh_conn_complete_evt+0x189/0x460 [ 102.254260][ T5771] ? hci_le_remote_conn_param_req_evt+0xcc0/0xcc0 [ 102.260736][ T5771] ? hci_remote_host_features_evt+0x160/0x160 [ 102.266836][ T5771] hci_event_packet+0x795/0x1210 [ 102.271812][ T5771] ? bis_list+0x290/0x290 [ 102.276179][ T5771] ? lockdep_hardirqs_on+0x98/0x150 [ 102.281410][ T5771] ? hci_send_to_monitor+0xd7/0x4f0 [ 102.286632][ T5771] hci_rx_work+0x43a/0xd80 [ 102.291122][ T5771] ? process_scheduled_works+0x957/0x15b0 [ 102.296874][ T5771] process_scheduled_works+0xa45/0x15b0 [ 102.302477][ T5771] ? assign_work+0x400/0x400 [ 102.307100][ T5771] ? assign_work+0x39e/0x400 [ 102.311718][ T5771] worker_thread+0xa55/0xfc0 [ 102.316362][ T5771] kthread+0x2fa/0x390 [ 102.320453][ T5771] ? pr_cont_work+0x560/0x560 [ 102.325172][ T5771] ? kthread_blkcg+0xd0/0xd0 [ 102.329787][ T5771] ret_from_fork+0x48/0x80 [ 102.334267][ T5771] ? kthread_blkcg+0xd0/0xd0 [ 102.338898][ T5771] ret_from_fork_asm+0x11/0x20 [ 102.343820][ T5771] [ 102.348849][ T5771] kobject: kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 102.372433][ T5771] Bluetooth: hci0: failed to register connection device [ 103.724480][ T6103] netlink: 12 bytes leftover after parsing attributes in process `syz.2.70'. [ 103.808579][ T5849] usb 2-1: USB disconnect, device number 3 [ 103.878849][ T27] audit: type=1326 audit(1767839891.042:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6104 comm="syz.2.73" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb318b8f749 code=0x7ffc0000 [ 103.938852][ T27] audit: type=1326 audit(1767839891.072:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6104 comm="syz.2.73" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb318b8f749 code=0x7ffc0000 [ 104.010726][ T27] audit: type=1326 audit(1767839891.072:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6104 comm="syz.2.73" exe="/root/syz-executor" sig=0 arch=c000003e syscall=277 compat=0 ip=0x7fb318b8f749 code=0x7ffc0000 [ 104.060208][ T27] audit: type=1326 audit(1767839891.072:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6104 comm="syz.2.73" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb318b8f749 code=0x7ffc0000 [ 104.091657][ T27] audit: type=1326 audit(1767839891.072:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6104 comm="syz.2.73" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb318b8f749 code=0x7ffc0000 [ 104.162374][ T27] audit: type=1326 audit(1767839891.072:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6104 comm="syz.2.73" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb318b8f749 code=0x7ffc0000 [ 104.232373][ T27] audit: type=1326 audit(1767839891.072:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6104 comm="syz.2.73" exe="/root/syz-executor" sig=0 arch=c000003e syscall=426 compat=0 ip=0x7fb318b8f749 code=0x7ffc0000 [ 104.306289][ T27] audit: type=1326 audit(1767839891.222:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6104 comm="syz.2.73" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb318b8f749 code=0x7ffc0000 [ 104.391515][ T27] audit: type=1326 audit(1767839891.222:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6104 comm="syz.2.73" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb318b8f749 code=0x7ffc0000 [ 104.501209][ T6120] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=623847517 (1247695034 ns) > initial count (355614004 ns). Using initial count to start timer. [ 104.738076][ T6131] netlink: 12 bytes leftover after parsing attributes in process `syz.2.81'. [ 104.970766][ T6137] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 105.323177][ T6147] kvm: kvm [6146]: vcpu3, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010002) = 0xffffff [ 105.611928][ T6160] netlink: 12 bytes leftover after parsing attributes in process `syz.3.91'. [ 105.867866][ T6166] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 105.915762][ T6166] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 106.567491][ T6188] kvm: kvm [6186]: vcpu3, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010002) = 0xffffffffffffffff [ 107.485163][ T27] kauditd_printk_skb: 17 callbacks suppressed [ 107.485178][ T27] audit: type=1326 audit(1767839894.652:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6214 comm="syz.0.108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73f4d8f749 code=0x7ffc0000 [ 107.579925][ T27] audit: type=1326 audit(1767839894.682:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6214 comm="syz.0.108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73f4d8f749 code=0x7ffc0000 [ 107.615798][ T27] audit: type=1326 audit(1767839894.692:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6214 comm="syz.0.108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=277 compat=0 ip=0x7f73f4d8f749 code=0x7ffc0000 [ 107.678899][ T27] audit: type=1326 audit(1767839894.692:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6214 comm="syz.0.108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73f4d8f749 code=0x7ffc0000 [ 107.732402][ T27] audit: type=1326 audit(1767839894.692:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6214 comm="syz.0.108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73f4d8f749 code=0x7ffc0000 [ 107.772686][ T27] audit: type=1326 audit(1767839894.692:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6214 comm="syz.0.108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73f4d8f749 code=0x7ffc0000 [ 107.795731][ T27] audit: type=1326 audit(1767839894.692:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6214 comm="syz.0.108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=426 compat=0 ip=0x7f73f4d8f749 code=0x7ffc0000 [ 107.824454][ T27] audit: type=1326 audit(1767839894.692:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6214 comm="syz.0.108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f73f4d8f749 code=0x7ffc0000 [ 108.401540][ T6247] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 108.432399][ T27] audit: type=1326 audit(1767839895.592:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6250 comm="syz.2.119" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb318b8f749 code=0x7ffc0000 [ 108.524740][ T27] audit: type=1326 audit(1767839895.592:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6250 comm="syz.2.119" exe="/root/syz-executor" sig=0 arch=c000003e syscall=277 compat=0 ip=0x7fb318b8f749 code=0x7ffc0000 [ 109.288440][ T6280] kvm: pic: single mode not supported [ 109.288603][ T6280] kvm: pic: level sensitive irq not supported [ 109.312571][ T6280] kvm: pic: single mode not supported [ 109.318786][ T6280] kvm: pic: level sensitive irq not supported [ 109.366289][ T6279] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 110.020977][ T6306] bond0: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond. [ 110.033125][ T6306] bond0: (slave lo): Error: Device can not be enslaved while up [ 110.103592][ T6308] loop0: detected capacity change from 0 to 1024 [ 110.114113][ T6308] ======================================================= [ 110.114113][ T6308] WARNING: The mand mount option has been deprecated and [ 110.114113][ T6308] and is ignored by this kernel. Remove the mand [ 110.114113][ T6308] option from the mount to silence this warning. [ 110.114113][ T6308] ======================================================= [ 110.271419][ T6308] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 110.379425][ T6308] ================================================================== [ 110.387578][ T6308] BUG: KASAN: out-of-bounds in ext4_xattr_set_entry+0x94b/0x1e90 [ 110.395359][ T6308] Read of size 18446744073709551588 at addr ffff88807e7fa040 by task syz.0.140/6308 [ 110.404771][ T6308] [ 110.407133][ T6308] CPU: 1 PID: 6308 Comm: syz.0.140 Not tainted syzkaller #0 [ 110.414454][ T6308] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 110.424547][ T6308] Call Trace: [ 110.427881][ T6308] [ 110.430852][ T6308] dump_stack_lvl+0x16c/0x230 [ 110.435593][ T6308] ? read_lock_is_recursive+0x20/0x20 [ 110.441019][ T6308] ? show_regs_print_info+0x20/0x20 [ 110.446272][ T6308] ? load_image+0x3b0/0x3b0 [ 110.450850][ T6308] ? _raw_spin_lock_irqsave+0xb4/0xf0 [ 110.456265][ T6308] ? __virt_addr_valid+0x18c/0x540 [ 110.458607][ T6317] loop3: detected capacity change from 0 to 1024 [ 110.461411][ T6308] ? __virt_addr_valid+0x469/0x540 [ 110.471354][ T6317] EXT4-fs: Ignoring removed bh option [ 110.472891][ T6308] print_report+0xac/0x220 [ 110.472924][ T6308] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 110.472952][ T6308] kasan_report+0x117/0x150 [ 110.472975][ T6308] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 110.473003][ T6308] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 110.473029][ T6308] kasan_check_range+0x288/0x290 [ 110.473050][ T6308] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 110.473075][ T6308] __asan_memmove+0x29/0x70 [ 110.473101][ T6308] ext4_xattr_set_entry+0x94b/0x1e90 [ 110.473139][ T6308] ext4_xattr_block_set+0xae3/0x32a0 [ 110.473166][ T6308] ? ext4_destroy_inode+0x200/0x200 [ 110.534921][ T6308] ? proc_nr_inodes+0x230/0x230 [ 110.539837][ T6308] ? do_raw_spin_unlock+0x121/0x230 [ 110.545088][ T6308] ? _raw_spin_unlock+0x28/0x40 [ 110.549994][ T6308] ? ext4_xattr_block_find+0x350/0x350 [ 110.555512][ T6308] ? ext4_xattr_ibody_set+0x50d/0x6a0 [ 110.560946][ T6308] ext4_xattr_set_handle+0xbff/0x1290 [ 110.566365][ T6308] ? ext4_xattr_inode_free_quota+0x1b0/0x1b0 [ 110.572401][ T6308] ? __ext4_journal_start_sb+0x259/0x570 [ 110.578092][ T6308] ext4_xattr_set+0x22d/0x320 [ 110.582837][ T6308] ? ext4_xattr_set_credits+0x2f0/0x2f0 [ 110.588473][ T6308] ? evm_protected_xattr_common+0x170/0x190 [ 110.594432][ T6308] ? evm_protect_xattr+0x534/0x7a0 [ 110.599602][ T6308] ? ext4_xattr_security_get+0x40/0x40 [ 110.605120][ T6308] __vfs_setxattr+0x431/0x470 [ 110.609872][ T6308] __vfs_setxattr_noperm+0x12d/0x5e0 [ 110.615218][ T6308] vfs_setxattr+0x16c/0x2f0 [ 110.619782][ T6308] ? xattr_permission+0x470/0x470 [ 110.624856][ T6308] ? __mnt_want_write+0x223/0x2a0 [ 110.629931][ T6308] ? path_setxattr+0x314/0x550 [ 110.634748][ T6308] path_setxattr+0x362/0x550 [ 110.639405][ T6308] ? simple_xattrs_free+0x150/0x150 [ 110.644735][ T6308] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 110.650788][ T6308] ? lock_chain_count+0x20/0x20 [ 110.655697][ T6308] __x64_sys_setxattr+0xbb/0xd0 [ 110.660608][ T6308] do_syscall_64+0x55/0xb0 [ 110.665066][ T6308] ? clear_bhb_loop+0x40/0x90 [ 110.669790][ T6308] ? clear_bhb_loop+0x40/0x90 [ 110.674529][ T6308] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 110.680472][ T6308] RIP: 0033:0x7f73f4d8f749 [ 110.684940][ T6308] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 110.704591][ T6308] RSP: 002b:00007f73f5c41038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc [ 110.713064][ T6308] RAX: ffffffffffffffda RBX: 00007f73f4fe5fa0 RCX: 00007f73f4d8f749 [ 110.721085][ T6308] RDX: 00002000000013c0 RSI: 0000200000000140 RDI: 0000200000000100 [ 110.729105][ T6308] RBP: 00007f73f4e13f91 R08: 0000000000000000 R09: 0000000000000000 [ 110.737124][ T6308] R10: 0000000000000700 R11: 0000000000000246 R12: 0000000000000000 [ 110.745134][ T6308] R13: 00007f73f4fe6038 R14: 00007f73f4fe5fa0 R15: 00007ffeeb1dbb08 [ 110.753190][ T6308] [ 110.756257][ T6308] [ 110.758634][ T6308] Allocated by task 6308: [ 110.763005][ T6308] kasan_set_track+0x4e/0x70 [ 110.767643][ T6308] __kasan_kmalloc+0x8f/0xa0 [ 110.772280][ T6308] __kmalloc_node_track_caller+0xb2/0x230 [ 110.778059][ T6308] kmemdup+0x2b/0x70 [ 110.782013][ T6308] ext4_xattr_block_set+0x9e5/0x32a0 [ 110.787355][ T6308] ext4_xattr_set_handle+0xbff/0x1290 [ 110.792779][ T6308] ext4_xattr_set+0x22d/0x320 [ 110.797336][ T6317] EXT4-fs (loop3): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 110.797488][ T6308] __vfs_setxattr+0x431/0x470 [ 110.797511][ T6308] __vfs_setxattr_noperm+0x12d/0x5e0 [ 110.817272][ T6308] vfs_setxattr+0x16c/0x2f0 [ 110.821833][ T6308] path_setxattr+0x362/0x550 [ 110.826823][ T6308] __x64_sys_setxattr+0xbb/0xd0 [ 110.831715][ T6308] do_syscall_64+0x55/0xb0 [ 110.836159][ T6308] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 110.842105][ T6308] [ 110.844463][ T6308] The buggy address belongs to the object at ffff88807e7fa000 [ 110.844463][ T6308] which belongs to the cache kmalloc-1k of size 1024 [ 110.858555][ T6308] The buggy address is located 64 bytes inside of [ 110.858555][ T6308] 1024-byte region [ffff88807e7fa000, ffff88807e7fa400) [ 110.871957][ T6308] [ 110.874327][ T6308] The buggy address belongs to the physical page: [ 110.880781][ T6308] page:ffffea0001f9fe00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7e7f8 [ 110.890994][ T6308] head:ffffea0001f9fe00 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 110.899981][ T6308] anon flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 110.908439][ T6308] page_type: 0xffffffff() [ 110.912810][ T6308] raw: 00fff00000000840 ffff888017841dc0 0000000000000000 0000000000000001 [ 110.921438][ T6308] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 110.930056][ T6308] page dumped because: kasan: bad access detected [ 110.936513][ T6308] page_owner tracks the page as allocated [ 110.942256][ T6308] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5617, tgid 5617 (sshd-session), ts 62053923560, free_ts 62045292383 [ 110.963656][ T6308] post_alloc_hook+0x1cd/0x210 [ 110.968475][ T6308] get_page_from_freelist+0x195c/0x19f0 [ 110.974076][ T6308] __alloc_pages+0x1e3/0x460 [ 110.978736][ T6308] alloc_slab_page+0x5d/0x170 [ 110.983474][ T6308] new_slab+0x87/0x2e0 [ 110.987600][ T6308] ___slab_alloc+0xc6d/0x1300 [ 110.992332][ T6308] __kmem_cache_alloc_node+0x1a2/0x260 [ 110.997854][ T6308] __kmalloc+0xa4/0x240 [ 111.002047][ T6308] load_elf_binary+0x2cd/0x2700 [ 111.006939][ T6308] bprm_execve+0xaeb/0x16f0 [ 111.011499][ T6308] do_execveat_common+0x51b/0x6c0 [ 111.016573][ T6308] __x64_sys_execve+0x92/0xa0 [ 111.021299][ T6308] do_syscall_64+0x55/0xb0 [ 111.025751][ T6308] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 111.031685][ T6308] page last free stack trace: [ 111.036384][ T6308] free_unref_page_prepare+0x7ce/0x8e0 [ 111.041890][ T6308] free_unref_page+0x32/0x2e0 [ 111.046610][ T6308] page_to_skb+0x733/0x890 [ 111.051065][ T6308] receive_buf+0x2f5/0x3780 [ 111.055693][ T6308] virtnet_poll+0x61f/0x1180 [ 111.060326][ T6308] __napi_poll+0xc0/0x460 [ 111.064701][ T6308] net_rx_action+0x5ea/0xbf0 [ 111.069346][ T6308] handle_softirqs+0x280/0x820 [ 111.074147][ T6308] __irq_exit_rcu+0xc7/0x190 [ 111.078782][ T6308] irq_exit_rcu+0x9/0x20 [ 111.083064][ T6308] common_interrupt+0xb9/0xd0 [ 111.087778][ T6308] asm_common_interrupt+0x26/0x40 [ 111.092979][ T6308] [ 111.095336][ T6308] Memory state around the buggy address: [ 111.101004][ T6308] ffff88807e7f9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 111.109100][ T6308] ffff88807e7f9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 111.117198][ T6308] >ffff88807e7fa000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 111.125297][ T6308] ^ [ 111.131485][ T6308] ffff88807e7fa080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 111.139586][ T6308] ffff88807e7fa100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 111.147683][ T6308] ================================================================== [ 111.181735][ T6308] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 111.188989][ T6308] CPU: 1 PID: 6308 Comm: syz.0.140 Not tainted syzkaller #0 [ 111.196309][ T6308] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 111.206399][ T6308] Call Trace: [ 111.209715][ T6308] [ 111.212681][ T6308] dump_stack_lvl+0x16c/0x230 [ 111.217410][ T6308] ? show_regs_print_info+0x20/0x20 [ 111.222659][ T6308] ? load_image+0x3b0/0x3b0 [ 111.227225][ T6308] panic+0x2c0/0x710 [ 111.231179][ T6308] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 111.237396][ T6308] ? bpf_jit_dump+0xd0/0xd0 [ 111.241946][ T6308] ? _raw_spin_unlock_irqrestore+0xfa/0x110 [ 111.247888][ T6308] ? _raw_spin_unlock+0x40/0x40 [ 111.252804][ T6308] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 111.258314][ T6308] check_panic_on_warn+0x84/0xa0 [ 111.263302][ T6308] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 111.268810][ T6308] end_report+0x6f/0x140 [ 111.273103][ T6308] kasan_report+0x128/0x150 [ 111.277736][ T6308] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 111.283265][ T6308] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 111.288871][ T6308] kasan_check_range+0x288/0x290 [ 111.293860][ T6308] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 111.299361][ T6308] __asan_memmove+0x29/0x70 [ 111.303933][ T6308] ext4_xattr_set_entry+0x94b/0x1e90 [ 111.309284][ T6308] ext4_xattr_block_set+0xae3/0x32a0 [ 111.314705][ T6308] ? ext4_destroy_inode+0x200/0x200 [ 111.319984][ T6308] ? proc_nr_inodes+0x230/0x230 [ 111.324882][ T6308] ? do_raw_spin_unlock+0x121/0x230 [ 111.330127][ T6308] ? _raw_spin_unlock+0x28/0x40 [ 111.335029][ T6308] ? ext4_xattr_block_find+0x350/0x350 [ 111.340555][ T6308] ? ext4_xattr_ibody_set+0x50d/0x6a0 [ 111.345970][ T6308] ext4_xattr_set_handle+0xbff/0x1290 [ 111.351568][ T6308] ? ext4_xattr_inode_free_quota+0x1b0/0x1b0 [ 111.356240][ T6317] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 111.369593][ T6308] ? __ext4_journal_start_sb+0x259/0x570 [ 111.375286][ T6308] ext4_xattr_set+0x22d/0x320 [ 111.380022][ T6308] ? ext4_xattr_set_credits+0x2f0/0x2f0 [ 111.385619][ T6308] ? evm_protected_xattr_common+0x170/0x190 [ 111.391566][ T6308] ? evm_protect_xattr+0x534/0x7a0 [ 111.396815][ T6308] ? ext4_xattr_security_get+0x40/0x40 [ 111.402343][ T6308] __vfs_setxattr+0x431/0x470 [ 111.407075][ T6308] __vfs_setxattr_noperm+0x12d/0x5e0 [ 111.412589][ T6308] vfs_setxattr+0x16c/0x2f0 [ 111.417138][ T6308] ? xattr_permission+0x470/0x470 [ 111.422211][ T6308] ? __mnt_want_write+0x223/0x2a0 [ 111.427297][ T6308] ? path_setxattr+0x314/0x550 [ 111.432128][ T6308] path_setxattr+0x362/0x550 [ 111.436762][ T6308] ? simple_xattrs_free+0x150/0x150 [ 111.442024][ T6308] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 111.448068][ T6308] ? lock_chain_count+0x20/0x20 [ 111.452960][ T6308] __x64_sys_setxattr+0xbb/0xd0 [ 111.457872][ T6308] do_syscall_64+0x55/0xb0 [ 111.462335][ T6308] ? clear_bhb_loop+0x40/0x90 [ 111.467059][ T6308] ? clear_bhb_loop+0x40/0x90 [ 111.471791][ T6308] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 111.477735][ T6308] RIP: 0033:0x7f73f4d8f749 [ 111.482201][ T6308] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 111.501946][ T6308] RSP: 002b:00007f73f5c41038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc [ 111.510414][ T6308] RAX: ffffffffffffffda RBX: 00007f73f4fe5fa0 RCX: 00007f73f4d8f749 [ 111.518456][ T6308] RDX: 00002000000013c0 RSI: 0000200000000140 RDI: 0000200000000100 [ 111.526474][ T6308] RBP: 00007f73f4e13f91 R08: 0000000000000000 R09: 0000000000000000 [ 111.534490][ T6308] R10: 0000000000000700 R11: 0000000000000246 R12: 0000000000000000 [ 111.542500][ T6308] R13: 00007f73f4fe6038 R14: 00007f73f4fe5fa0 R15: 00007ffeeb1dbb08 [ 111.550523][ T6308] [ 111.554172][ T6308] Kernel Offset: disabled [ 111.558512][ T6308] Rebooting in 86400 seconds..