last executing test programs: 19.218621403s ago: executing program 4 (id=1448): socket(0x2, 0x2, 0x0) r0 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r0, &(0x7f0000000440), 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x1e, 0x0, 0x6, 0x1, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x39, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r1}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0xa, 0x4, 0x3, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) syz_emit_vhci(&(0x7f00000003c0)=ANY=[@ANYBLOB="04040a00000000000054679202"], 0xd) syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="042c1110"], 0x14) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_SET_GSI_ROUTING(r3, 0xc008ae67, &(0x7f0000003e80)=ANY=[]) 18.846333914s ago: executing program 4 (id=1450): setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f0000000200)={@in6={{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}}, 0x0, 0x0, 0x48, 0x0, "6afba69ff292f3ea05bcff1de335fb62fe0333b311700b245c7d8a551d17b813c170dea77aaa43e011c11c0a0303425d0b98e32b2098c16feaba4171575d7507b9d3ed416ed96731d8b17781f44fc01f"}, 0xd8) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000240), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r2, 0x0) r3 = dup(r1) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000}) ioctl$KVM_NMI(r4, 0xae9a) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x400003, &(0x7f0000000400)={[{@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x5}}, {@noblock_validity}, {@dax_always}, {@grpjquota}, {@nogrpid}, {@errors_remount}, {@noinit_itable}, {@inode_readahead_blks}, {@resuid, 0x32}]}, 0x1b, 0x4f0, &(0x7f0000000a40)="$eJzs3V1rW+cdAPD/ObaSOHFmh+0iCywLS4Ydtkh2vCRmF1k2xnYV2JZdL/Ns2RjLlrHkJDZhc9gHGIyxDQaDXvWm0A9QKPkIpRBo70tbWkqbtBe5aKOit7w4kq0Q2Qr27wfH53nOi///R0JHes55OCeAfetURJyOiEeVSuVsRAw1lqeN6Uq1slHf7sH929PVKYlK5drnSURSX1bdZPSp/3mkvksciog//DbiL8nzcUtr6wtThUJ+pVHPlReXc6W19XPzi1Nz+bn80sTE+MXJS5MXJse60s7BiLj864///Y/Xf3P57Z/e/OD6p6N/TRrLI560o9vqTc/UXoum/ohY2YlgPdDXaE+m14kAANCR5u/8H0XE2RiKvtqvOQAAAGAvqfxiML5OIioAAADAnpXWxsAmabYxDmAw0jSbrY/h/V4cTgvFUvkns8XVpZn6WNnhyKSz84X8WGOs8HBkkmp9vFZ+Uj+/qT4REcci4l9DA7V6drpYmOn1yQ8AAADYJ45s6v9/NVTv/wMAAAB7zHCvEwAAAAB2nP4/AAAA7H36/wAAALCn/e7q1epUaT7/eubG2upC8ca5mXxpIbu4Op2dLq4sZ+eKxbnaPfsWt/t/hWJx+WextHorV86XyrnS2vr1xeLqUvn6/DOPwAYAAAB20bEf3n0/iYiNnw/UpqoDvU4K2BX9L7LxRzuXB7D7+nqdANAzL/T9D+wpmV4nAPRcEhH/32J928E77+xMPgAAQPeNfL/19f9k23MDG+kupQjsEOf/YP9y/R/2L9f/Yf/KRF903pEf2NFcgN5Itln/8tf/K5UXSggAAOi6wdqUpNmI2nmAwUjTbDbiaO2xAJlkdr6QH4uI70TEe0OZg9X6eG3PZNs+AwAAAAAAAAAAAAAAAAAAAAAAAABQV6kkUQEAAAD2tIj0k6Tx/K+RoTODm88PHEgeDtXmEXHzf9f+c2uqXF4Zry7/4vHy8n8by8/34gwGAAAAsFmzn97sxwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABANz24f3u6Oe1m3M9+GRHDreL3x6Ha/FBkIuLwl0n0P7VfEhF9XYi/cScifvWnFvGTalox3MiiVfyBbsU/3qr9W8dPI+JIF+LDfna3evy50urzl8ap2nzz5+/g4337uxC//fEvfXz862tz/DnaYYwT997MtY1/J+JEf+vjTzN+0ib+6Q7j//mP6+vt1lVeixhp+f2TPBMrV15czpXW1s/NL07N5efySxMT4xcnL01emBzLzc4X8o2/LWP88wdvPdqq/YfbxB/epv1nOmz/N/du3f9uvZhpFX/0dOv3/3ib+Gnju+/HjXJ1/UizvFEvP+3kG++e3Kr9M23av937P9ph+8/+/u8fdrgpALALSmvrC1OFQn5lXxde6tWo/izqbOO0EeZVaLJCfqX0t1cjjVey0PxMPOzJcQkAAOi+5/vAAAAAAAAAAAAAAAAAAAAAwG7rzj3DmvfE3vruek0b9dlz90IGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOilbwMAAP//lRTPYg==") ioctl$KVM_RUN(r4, 0xae80, 0x0) 17.153108348s ago: executing program 4 (id=1455): r0 = openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=@framed, &(0x7f00000003c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r1}, 0x10) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0}, 0x0) socket(0x2b, 0x0, 0x20000000) syz_usb_connect(0x0, 0x24, &(0x7f0000000c80)={{0x12, 0x1, 0x0, 0xa1, 0x3d, 0xe3, 0x8, 0x2040, 0x2950, 0x85f1, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xf2, 0x38, 0xb5}}]}}]}}, 0x0) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(0xffffffffffffffff, 0x84, 0x75, 0x0, 0x0) r2 = fanotify_init(0x200, 0x0) fanotify_mark(r2, 0x1, 0x4800003e, r0, 0x0) r3 = socket$key(0xf, 0x3, 0x2) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$SO_TIMESTAMP(r4, 0x1, 0x23, 0x0, 0x0) sendmsg$key(r3, &(0x7f0000000000)={0x3, 0x0, 0x0, 0x1, 0x7}, 0x0) symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0xffffffffffffffff, 0x0) 12.316862508s ago: executing program 4 (id=1466): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x49, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0, 0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20) pipe2(&(0x7f0000000200)={0x0, 0x0}, 0x0) pipe2(&(0x7f0000000040)={0x0, 0x0}, 0x10800) splice(r4, 0x0, r3, 0x0, 0xe4, 0x8) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) syz_io_uring_setup(0x35da, &(0x7f00000000c0)={0x0, 0x19dd, 0x80, 0x1, 0x2e1, 0x0, r2}, &(0x7f0000000340), &(0x7f0000000380)) socket$nl_route(0x10, 0x3, 0x0) r5 = syz_open_procfs$pagemap(0x0, &(0x7f0000000000)) fcntl$setlease(r5, 0x400, 0x1) r6 = gettid() timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x800000000004, @tid=r6}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) syz_open_procfs$pagemap(0x0, &(0x7f0000001440)) 11.123909459s ago: executing program 4 (id=1470): pwrite64(0xffffffffffffffff, &(0x7f0000000140)='2', 0xfdef, 0xfecc) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) openat$nci(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioperm(0x0, 0xb2, 0x4) socket(0x11, 0x80a, 0x0) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local}) write$tun(r0, &(0x7f0000000140)={@val, @void, @eth={@broadcast, @local, @void, {@ipv4={0x86dd, @udp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x600, 0x0, 0x4, 0x0, @empty=0xd4b6, @multicast1}, {0x0, 0x0, 0x14, 0x0, @opaque="6f841fcaf955c253e28c7ab3"}}}}}}, 0x3a) sendmsg$IEEE802154_ADD_IFACE(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x20, 0x0, 0x200, 0x70bd27, 0x25dfdbfd, {}, [@IEEE802154_ATTR_PHY_NAME={0x9, 0x1f, 'phy1\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x24000000) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) sendmsg$IPCTNL_MSG_CT_DELETE(0xffffffffffffffff, 0x0, 0x0) syz_read_part_table(0x105c, &(0x7f0000001080)="$eJzsz71Rw0AQBeCnQ0gioBUSOqAHEopBKZUQ0Ae9uAaPPeuR/NeB7eD7gpt7N+9mZ8N9tWxr8V+pLsmwHHPLW6bkJW0tffRTltynxlQyX77XuD91fp6/h7RNxjV9vXe7quuY1+TpePvtz29dPv9utSYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPLJDAAAA//+4SRWs") epoll_create1(0x0) 10.077262867s ago: executing program 3 (id=1473): r0 = socket(0x2000000000000021, 0x2, 0x10000000000002) connect$rxrpc(r0, &(0x7f0000000140)=@in4={0x21, 0x0, 0x2, 0x10}, 0x24) sendmmsg(r0, &(0x7f0000005c00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001f80)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18}}], 0x1, 0x0) sendmmsg(r0, &(0x7f0000005c00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[{0x18, 0x110, 0x1, "ec"}], 0x18, 0x7000000}, 0xf401}], 0x1, 0x0) sendmmsg(r0, &(0x7f0000005c00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=[{0x18, 0x110, 0x1, '/'}], 0x18, 0x7000000}, 0xf401}], 0x1, 0x0) r1 = socket(0x2000000000000021, 0x2, 0x10000000000002) connect$rxrpc(r1, &(0x7f0000000140)=@in4={0x21, 0x0, 0x2, 0x10}, 0x24) sendmmsg(r1, &(0x7f0000005c00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001f80)=ANY=[], 0x18}}], 0x1, 0x0) sendmmsg(r1, &(0x7f0000005c00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000b80)=ANY=[@ANYBLOB="18000000000000001001000001000000ec"], 0x18, 0x7000000}, 0xf401}], 0x1, 0x0) sendmmsg(r1, &(0x7f0000005c00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=[{0x18, 0x110, 0x1, '/'}], 0x18, 0x7000000}, 0xf401}], 0x1, 0x0) r2 = socket(0x2000000000000021, 0x2, 0x10000000000002) connect$rxrpc(r2, &(0x7f0000000140)=@in4={0x21, 0x0, 0x2, 0x10}, 0x24) sendmmsg(r2, &(0x7f0000005c00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001f80)=ANY=[], 0x18}}], 0x1, 0x0) sendmmsg(r2, &(0x7f0000005c00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[{0x18, 0x110, 0x1, "ec"}], 0x18, 0x7000000}, 0xf401}], 0x1, 0x0) sendmmsg(r2, &(0x7f0000005c00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=[{0x18, 0x110, 0x1, '/'}], 0x18, 0x7000000}, 0xf401}], 0x1, 0xc000) 9.09380626s ago: executing program 3 (id=1474): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000400)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="640000000206010200000000000000000000000015000300686173683a69702c706f72742c6e6574000000000900020073797a32000000000500040000000000140007800800124000000000050015002200000005000500020000000500010006"], 0x64}}, 0x0) sendmsg$IPSET_CMD_LIST(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c00000007060103000000000000200000000000050001000e000000a5"], 0x1c}}, 0x0) sendmsg$NFT_MSG_GETCHAIN(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)=ANY=[@ANYBLOB="14000000040a0102"], 0x14}}, 0x0) 9.057837403s ago: executing program 2 (id=1475): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x88, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) pselect6(0xfffffffffffffe5e, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) getrlimit(0x2, 0x0) sendto(0xffffffffffffffff, 0x0, 0x34000, 0x0, 0x0, 0x0) r3 = socket$igmp(0x2, 0x3, 0x2) getsockopt$bt_hci(r3, 0x0, 0x1, 0x0, &(0x7f0000000680)) 8.85737388s ago: executing program 1 (id=1476): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x3}, 0x4) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x3}, 0x4) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f00000001c0)=0x5b40, 0x4) sendto$inet(r2, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r2, &(0x7f0000000100)='\t', 0x1, 0x4008041, 0x0, 0x0) socket$igmp(0x2, 0x3, 0x2) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000c80)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d64050000000000650404000100000004040000fb007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d83923dd29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e1a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2ca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080e71113610e10d858e8327edb1fb6c86adac12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18c65ae1bd4f4390af9a9ceafd07ed00b0000002cab154ad029a1090000002780870014f51c3c975d5aec84222fff0d7216fdb0d3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a2a71bc85018e5ff2c910496f18afc9ffc2cc788bee1b47683db01a469398685211bbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2acb72c7ead0509d380578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9624d37c10223fdae7ed04935c3c9068000000bc8619d73415cda2130f5011e4845500a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b40000000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b60c2499d16d7d9158ffffffff00000000ef069dc42749289f854797f2f900c2a12d8c38a967c1bbe09315c29877a331bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a9e90d7676074a0bde4471414c99d4894ee7f8139dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1038debd64cbe359454a3f2239cfe35f81b7aded448859968ff0e90500d0b07c0dd00490f167e6d5c1109681739dc33f75b2042b8ff8c21ad702cca54728acad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd20785f653b621491dc6aaee0d409731091f4fb94c06006e3c1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e1590bab105b0cb578af7dc7d5e87d48d376444e2de02f47c61e8e84ff828de453f34c2b08660b080efc707e676e1fb4d5865c0ca177a4c7fbb4e829ab0894a1062b445c00f576b2b5cc7f819abd0f885cc4806f47ffb966fcf1e54f5a2d38708194cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d3676329bb8cda690d192a070886df42b2708398773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169cdfaa4252d4ea6b8f6216ff202b5b5a182cb5e8380100632d03a7ca6f6d0339f9953c30930804fdc3690d10ecb65dc5b47481edbf1eee2e8893e903054d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026def743f1213bf817becd9e5a225d67521d1128eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979030000007081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f324661351df747aa6a65872dfdcfa68f65bd06b4082d43e121861b5cc09b986bf56c747d9a1cc5b506892c3a16ff10feea20bdac89bfb758cf3500000000000000000000000000000098e6db5a96055e764a3bfd4ccb20d2e800994f4b602d25b2c076f21c7102687e054bb93b2d013be6227fd99902b074c0de00733128c81c48c5e140b17d71ac48f137d10798c4272826d2ba55bbda0059636528c132ed06759d880d1bc291beea56ed7ee8bcb392fdf886dbc74879ec4b831904d7c101ebbaef3c0ae6d0cf0000000000000000000000000000000011cb735f66a559ef0cdb5163a15c0bb986474bf5d9542e3e48805ce53127e4c076d69d868df543717aaaa07d7aca056f7f036c2bcba0795d1a64868a29ac5321b3cd6ef5b1a741afc7124e16b64a5d1d68b45fcfd7e531090ceae2f05536a4d5d6a4081e743827fb9c031d1fc9f195c2da189c49eaed6c30c71da0452e502ef393efeb02ebe82b1851cae5fa7c958ba23110b5e0e5b890803f28a356b2920e74564e0f8377b0ba515d4cc28d702287fed2882b4780a1bcb583f1cb1470003ef9b592b9461328cfc01ebfce0ecdcea714a517dc40000000000000000000000000006bd0561e1cc72880cc3ec1bdf35eb670a9040e3b53cd826b94ad8aeb014e74787fe89fb3247a87d8bfb6d400142369f88964708d1d4d"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r3, 0x18000000000002a0, 0xfe, 0x60000004, &(0x7f0000000100)="b9ff03076044238cb89e14f008000de0ffff00184000633277fbac141412e000002062079f4b4d2f87e5feca6aab845013f2325f1a3903050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0xfe, 0x60000000, 0x0, 0x25, &(0x7f0000000040)="ded6e0966ec1cf6ba4b897a54e4e062b311453dcbb62932a01105d0a8066ca8e5e1f2f575d0d6e996b57fd408d420abb7337934e59815d75b4eb3e7206afce", &(0x7f0000000380)="af5fa441b438b5156d8a9fcc090f586e979858f64170cde36889dcc8539ffcca62621a4c3ea3f7acee366e6fb0b94314f90931dec60fed6c9fee64af416c29f65e47110b81f6b4da06db5e1aad1f627acb", 0x0, 0x3}, 0x2c) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x4, 0x7fe2, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000440)=@base={0xa, 0x9, 0x8, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f0000000080)={0x3ff}, 0x0, 0x0) 7.989556274s ago: executing program 3 (id=1477): mremap(&(0x7f0000df6000/0x4000)=nil, 0x4000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) sendmmsg$inet6(r3, &(0x7f0000005180)=[{{0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000001300)}], 0x1}}, {{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000140)="d2", 0x1}], 0x1, &(0x7f00000012c0)=ANY=[], 0x18}}], 0x2, 0x4404c000) r4 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(r4, 0xc0485661, &(0x7f0000000080)) 7.44315752s ago: executing program 2 (id=1478): ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x26, 0x4, 0x0, 0x0, 0x98, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast, @remote, {[@timestamp={0x44, 0x1c, 0x0, 0x0, 0x0, [0x401, 0x1000, 0x5, 0x0, 0x5, 0x0]}, @timestamp_prespec={0x44, 0x34, 0xc0, 0x3, 0x0, [{@multicast1, 0x5}, {@dev, 0x659}, {@broadcast, 0x8000}, {@empty}, {@multicast1, 0xffd200}, {@private=0xfffffffd, 0x7}]}, @timestamp_prespec={0x44, 0x24, 0x0, 0x3, 0x0, [{@multicast2, 0x3}, {@private=0xa010101}, {}, {@broadcast}]}, @noop, @noop, @lsrr={0x83, 0xb, 0x0, [@private, @rand_addr]}]}}}}}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000240), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r2, 0x0) r3 = dup(r1) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000}) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_RUN(r4, 0xae80, 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000f00)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB="2c726f6f746d6f64653d30303030303030303030303030303030303130303030302c757365725f69643da29f160223b7ae5d4b8413ddd30d6bb0a0723e3dea0d94585eaa350c216303364e32dfbe23c0c9f66ee179886043b7f152cc3322d94a32601f42bde39ac8ec9829beb7", @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC, @ANYBLOB=',default_permissions,default_permissions,allow_other,blksize=0x0000000000000200,blksize=0x0000000000001400,max_read=0x0000000000000007,audit,', @ANYRESDEC]) 6.649974047s ago: executing program 1 (id=1479): socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_route(0x10, 0x3, 0x0) syz_usb_connect(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="120100009c147010861246205bb4018203010902240001000000000904000002ff0401"], 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001500)=ANY=[@ANYBLOB], 0x20}}, 0x0) r1 = socket$inet6_sctp(0xa, 0x0, 0x84) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r1, 0x84, 0x1a, &(0x7f0000000080), &(0x7f0000000100)=0x8) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpuacct.usage_all\x00', 0x275a, 0x0) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) write$dsp(r2, &(0x7f00000001c0)="5cba91a4", 0xffffffd9) bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100", 0x7) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$SNDCTL_DSP_SYNC(r2, 0x5001, 0x0) ioctl$SNDCTL_DSP_STEREO(r2, 0x40045010, &(0x7f0000000080)) 6.648565647s ago: executing program 3 (id=1489): bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) r3 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r3, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r2, {0x2, 0x0, @loopback}, 0x1, 0x0, 0x4000}}, 0x2e) 6.559225845s ago: executing program 2 (id=1480): socket$key(0xf, 0x3, 0x2) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) socket$unix(0x1, 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_mount_image$hfsplus(&(0x7f0000000040), &(0x7f0000000980)='./file3\x00', 0x2000014, &(0x7f0000000100)=ANY=[], 0x1, 0x6b9, &(0x7f0000001540)="$eJzs3c1vHGcdB/DvrNcbb6iC0yY0QkVYiVSQIhInVgrhgkEI5VChqhw4W4nTWNkkleOitELgAoITEof+AQXJN05I3IPCudx69bESEpeIQ9TLopmdddbedfz+Uvr5ROPnmX2eeea3v3lmxrvOagN8ad24mObjFLlx8c1H5frqykxndWXmRN3cSVLWG0mzV6S4nxRPktmyvRhYMlAO+Wjh+tufPl39rLfWrJeq/9iLththRN/leslUPd7UyC3Ht7uL5Tq8vJTkZl2u19ruWOs6lkm7UJdw5LpDlney+U7OW+CY6d+dit59c8hkcjLJRP17QOqrQ+PwIjwYO7rKAQAAwBfUJw+OOgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD44qm//7+ol0ZdZipF//v/W/3H6voxNLvtno8PNA4AAAAAAAAAOBzffJZneZRT/fVuUf3N/3y1ciafd5Ov5L08zHwWcymPMpelLGUxV5JMDgzUejS3tLR4ZW3L0ugtr47c8uphPWMAAAAAAAAA+L/0m7Sf//0fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACOgyIZ6xXVcqYuM5lGM8/bspz8K0nrqOPdgWLUg48PPw4AAADYk4ldbPPVZ3mWRznVf33cLarX/F+r1ifyXu5nKQtZSifzuVW/hi5f9TdWV2Y6qysz98pleNwf/mdHYVQj1u8vjN7zuapHO7ezUD1yKTerYG6lUW2ZC8m5fjyj4/qwjKn4QW2bkTXrtJY7+9Nm7yLsi52+FTFZBpesZWS6jq3MxuleBorqjZpkYya2PDrNjXtKI+Nre7qSxto7P2f2MefLdXmyLsvn8/sDzflOrWWikSoTV/uzrzxnXpyJ5Ft//+vP73Tut5NcPD5PaQtjmzy+cU7MDGTi1W1m4u6d2w+PXyaaO+w/XWXi7Nr6jfwkP8vFTOWtLGYhv8hcljKfbt0+V8/n8ufkizM1u27tra0iadXHpXfMthPTVH5c1eZyvtr2VBZS5EFuZT5vVP+u5kq+m2u5lusDR/jspnFXz6066xsbz/r+kf7HyOAvfLuulOfHH+pyKAcbbDY790vv2l/m9fRAXnuz/ular9MD58H0QJZe7mdnfOTgu7kfNb9eV8p9/LYuj4fJOhPlCdS/S/Sje6WXiWZ1Lxqe53/ultulc//u4p25dzcZf3nD+ut1WU6rlW9sN8rRh2J/lfPl5UzUV5L1s6Nse2XtKnN63V21Vf/FpdfWGGo7W7UVRf9M/WkeVBNg+Ext1b/DDY90tWp7dWTbTNV2bqBt3e9beZBObh1C/gDYo8mcbLX/3f6k/XH7d+077TcnfnTieydea2X8n+Pfb06Pvd54rfhbPs6vqtf/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAHj18/4O7c53O/OLoSmPzpi0qW428oVLUX+izq30dw8pEknWPVN9zdOhhtDeGMVTp/jrZ0NQ68FD7XyI4us8fy0ozLxhnoh/h7Fb7+vDIZ8Jxr4xlaAJUlSO+MAEH7vLSvXcvP3z/g+8s3Jt7Z/6d+fvj165dn75+7Y2Zy7cXOvPTvZ9HHSVwEJ7f9I86EgAAAAAAAAAAAGC7Rn0w4PxLW31oZFuf8fA/CwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB9ceNimo9T5Mr0pelyfXVlplMu/frzns0kjUZS/DIpniSz6S2ZHBiuyF+epDtiPx8tXH/706ernz0fq9nrnzTqcg+W6yVTScZObNatO7ab8W7W5e4V/+0/wzJhn3e73dk9jQf75H8BAAD//5nu8zI=") syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000005000/0x18000)=nil, &(0x7f0000000380)=[@text32={0x20, &(0x7f00000001c0)="b8050000000f01c10f46a78900000066ba2100b067ee66ba2000b000ee6d2f2f800000c00f3266bac0000f3066b808008ed0660f38806f008ee0", 0x3a}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}]}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x3f53, 0x0, 0x0, 0x0, 0x2004cb, 0x0, 0xb08, 0x0, 0xffffffffffffffff], 0x0, 0x200}) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 6.471874292s ago: executing program 0 (id=1481): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev, 0x7}, 0x1c) setsockopt$inet6_int(r0, 0x29, 0x3e, &(0x7f0000000040)=0x3, 0x4) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x12, 0x4, &(0x7f0000001300)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x2, 0x1, 0x7}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x8, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0xc, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000500000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='ext4_evict_inode\x00', r3}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{r2}, 0x0, &(0x7f00000003c0)=r1}, 0x20) syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x2800480, &(0x7f00000001c0), 0x1, 0x774, &(0x7f00000007c0)="$eJzs3d1rW+UfAPDvSdt17fb7tYKg86ogaGEstbNuCl5MvBDBwUCv3UKaldm0GU061lJwQwRvBBUvBL3ZtS/zzltfbvW/8EI2pnbDiRdSOWmyZWvSpWuTDPL5wNM+zzkneZ5vnnOe8yTnkATQtybSP5mIQxHxURIxVlueRMRQNTcYcWJzu9vra/k0JbGx8eYfSXWbW+tr+Wh4TOpArfBkRPz4fsThzNZ6yyur87lisbBUK09VFs5PlVdWj5xbyM0V5gqLx6ZnZo4ef+H4sb2L9a9fVg9e//i1Z7858c97T1z98KckTsTB2rrGOPbKREzUXpOh9CW8x6t7XVmPJb1uAA8lPTQHNo/yOBRjMVDNtTDSzZYBAJ3ybkRsAAB9JnH+B4A+U/8c4Nb6Wr6eevuJRHfdeCUi9m/GX7++ublmsHbNbn/1OujoreSeKyNJRIzvQf0TEfHFd29/labo0HVIgGYuXY6IM+MTW8f/ZMs9Czv1XBvbTNxXNv5B93yfzn9ebDb/y9yZ/0ST+c9wk2P3YTz4+M9c24NqWkrnfy833Nt2uyH+mvGBWul/1TnfUHL2XLGQjm3/j4jJGBpOy9Pb1DF589+brdY1zv/+/OSdL9P60/93t8hcGxy+9zGzuUpuNzE3unE54qnBZvEnd/o/aTH/PdVmHa+/9MHnrdal8afx1tPW+Dtr40rEM037/+4dbcm29ydOVXeHqfpO0cS3v3422qr+xv5PU1p//b1AN6T9P7p9/ONJ4/2a5Z3X8fOVsR9arXtw/M33/33JW9X8vtqyi7lKZWk6Yl/yxtblR+8+tl6ub5/GP/l08+N/u/0/fU94ps34B6///vXDx99ZafyzO+r/nWeu3p4faFV/e/0/U81N1pa0M/6128DdvHYAAAAAAAAAAAAAAAAAAAAAAAAA0K5MRByMJJO9k89kstnN3/B+PEYzxVK5cvhsaXlxNqq/lT0eQ5n6V12ONXwf6nTt+/Dr5aP3lZ+PiMci4tPhkWo5my8VZ3sdPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADUHGjx+/+p34Z73ToAoGP297oBAEDXOf8DQP/Z2fl/pGPtAAC6x/t/AOg/zv8A0H+c/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOiwUydPpmnj7/W1fFqevbCyPF+6cGS2UJ7PLizns/nS0vnsXKk0Vyxk86WFlk90afNfsVQ6PxOLyxenKoVyZaq8snp6obS8WDl9biE3VzhdGOpaZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQvvLK6nyuWCws7SaTPtFePI+MjMwjkmkcJUZ6Nj4BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPOr+CwAA///vXCkU") mkdir(&(0x7f0000000300)='./bus\x00', 0x0) chdir(&(0x7f00000003c0)='./bus\x00') openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x123340, 0x0) renameat2(0xffffffffffffffff, &(0x7f0000000140)='./file1\x00', 0xffffffffffffffff, &(0x7f0000000980)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x4) write$binfmt_misc(r0, &(0x7f0000000040), 0xfe46) 6.444719575s ago: executing program 4 (id=1482): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$usbfs(&(0x7f0000000140), 0x207, 0x0) syz_open_procfs(0x0, &(0x7f0000000380)='net/igmp\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x11a, 0x1, &(0x7f0000000180)=@gcm_128={{0x303}, "8ef719eb419d56f4", "983dd3a6449639deb818d7799ddee700", "c250785f", "47744d2b38a6a78d"}, 0x28) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = syz_open_dev$sndctrl(&(0x7f0000000300), 0x0, 0x0) ioctl$FICLONERANGE(0xffffffffffffffff, 0x4020940d, &(0x7f00000001c0)={{r0}, 0x20000000008}) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000100), 0xfecc) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r3, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r2, 0xc1105517, &(0x7f0000000080)={{0x204, 0x0, 0x0, 0x0, 'syz1\x00'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz0\x00', 0x0}) 5.476123087s ago: executing program 3 (id=1483): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x10, &(0x7f0000000200), 0x1, 0x489, &(0x7f00000004c0)="$eJzs3M1vFOUfAPDvzLbwKy+/VsQXXtQqGhtfWlpQOXjRaMLFxEQPeKylEKRQQ2sihNhqDFfDX6AeTfQP0JNejHrSeMW7MSGGi+jBjJndmVLa3e22y3aB/XyShefZeXae5zszD/PM8+wSQM8azv9IInZExJWIGKxlby4wXPvr+rWLU39fuziVRJa98WdSLffXtYtTZdHyc9uLzEgakX6cxL469c6dv3B6cmZm+lyRH5s/8+7Y3PkLz546M3ly+uT02YkjRw4fGn/h+YnnWgmjf60CO/O27v1gdv+eo29dfm3q2OW3f/wyb++OYvvyOGqGWqm3qeEYvvlYLhmIJ9re++1l57J00tfFhrAulYjoKzrQlRiMStw4eYPx6kddbRzQUVmWZVtXvVspE4vZkoUMuNsk0e0WAN1R3ujz59/yFQObOADpsqsv1R6A8rivF6/alr5IizL9K55vb6XhiDi2+M+n+SvqzkMAANxa3+bjn2dWjP+q0rh/2UzQ/4u1oaGIuCcidkXEvRGxOyLui6iWfSAiHlxn/cMr8qvHP790dDSaj/9eLNa2bh7/laO/GKoUuZ3V+PuTE6dmpg8Wx2Qk+rfm+fEmdXz3yq+fVBN1VqmWj//yV15/ORYs2vFH34oJuuOT85Ptxl26+mHE3r568SdLKwFJROyJiL0b2H9+zE499cX++luT6vJY8/ibuAXrTNnnEU/Wzv9irIh/qZXN1yfH/hcz0wfHyqtitZ9+vvR6o/rXPv+dlZ//bXWv/6X4h5Ll67Vz66/j0m9Zw2eajV7/W5I3q+ktxXvvT87PnxuP2JIsrn5/4sZny3xZPo9/5ED9/r8r4t/Pis/ti4j8In4oIh6OiEeKtj8aEY9FxIEm8f/w8uPvbDz+zsrjP56f//IYr3n+myTSqLupcvr7bxrV39r5P1xNjRTvtPLv3xotbeNqBgAAgDtP7TvwSTpazHHuiDQdHa19h393bEtnZufmnz4x+97Z47Xvyg9Ff1rOdA0umw8dL+aGy/zEivyh6rxxlmXZQDU/OjU706k1daA12xv0/9zvlW63Dui4da2j1f9FG3CH8ntN6F36P/SuOv3/ajfaAWyuAfd/6Gn1+v9CxPUuNAXYZO7/0Lsa9v90c9sBbD73f+hd+j/0pJZ+JN8g8dXX5f+ysLrMrqPt7PkOSWQLtfDb2k+l21FsMBHpbdGMjSXS26MZtcTWiGi18EJ7F1srCQ/9AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAXeW/AAAA//976tt9") syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000001540)='./file0\x00', 0x2000004c, &(0x7f00000002c0)=ANY=[@ANYRES64, @ANYRESDEC, @ANYRES8, @ANYRESHEX=0x0, @ANYBLOB=',me=00000000000000000000007,discard,\x00'/46], 0x1, 0x14f5, &(0x7f0000001580)="$eJzs3AuYjlXXOPC99t43Y5r0NMlh2GuvmycNtkmSHBJySJIkSXJKSJokSUgMOSUNSchxkhyGkBymMWmcz4eckyavNEkSklPY/0vv+33e9+v9vr7v//b/u65v1u+69jV7zf2s9ax71lzz3PdzXfP80HNUvRb1azcjIvEvgb9+SRFCxAghhgkhbhBCBEKISvGV4q8cL6Ag5V97EvbnejT9WnfAriWef97G88/beP55G88/b+P55208/7yN55+38fwZy8u2zyl2I6+8u/j9/7yMX///F8ktP/mbjeVv7vU/SOH55208/7yN55+38fzzNp5/3sbz/9+v1n9xjOeft/H8GcvLrvX7z7yu7brWv3+MMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxvKGc/4qLYT4t/217osxxhhjjDHGGGN/Hp//WnfAGGOMMcYYY4yx//dASKGEFoHIJ/KLGFFAxIrrRJy4XhQUN4iIuFHEi5tEIXGzKCyKiKKimEgQxUUJYQQKK0iEoqQoJaLiFlFa3CoSRRlRVpQTTpQXSeI2UUHcLiqKO0QlcaeoLO4SVURVUU1UF3eLGuIeUVPUErXFvaKOqCvqifriPtFA3C8aigdEI/GgaCweEk3Ew6KpeEQ0E4+K5uIx0UI8LlqKJ0Qr0Vq0EW1Fu/+r/FdEX/Gq6Cf6ixQxQAwUr4lBYrAYIoaKYeJ1MVy8IUaIN0WqGClGibfEaPG2GCPeEWPFODFevCsmiIlikpgspoipIk28J6aJ98V08YGYIWaKWWK2SBdzxFzxoZgn5osF4iOxUHwsFonFYolYKjLEJyJTLBNZ4lOxXHwmssUKsVKsEqvFGrFWrBPrxQaxUWwSm8UWsVVsE9vF52KH2Cl2id1ij9gr9okvxH7xpTggvhI54uv/Yf7Z/5DfCwQIkCBBg4Z8kA9iIAZiIRbiIA4KQkGIQATiIR4KQSEoDIWhKBSFBEiAElACEBAICEpCSYhCFEpDaUiERCgLZcGBgyRIggpwO1SEilAJKkFlqAxVoCpUhepQHWpADagJNaE21IY6UAfqQT24D+6D+6EhNIRG0AgaQ2NoAk2gKTSFZtAMmkNzaAEtoCW0hFbQCtpAG2gH7aA9tIcO0AE6QSfoDJ2hC3SBZEiGrtAVukE36A7doQf0gJ7QE3pBb+gNr8Ar8Cq8Cv2hjhwAA2EgDIJBMASGwlB4HYbDG/AGvAmpMBJGwVvwFrwNY+AMjIVxMB7GQw05ESbBZCA5FdIgDabBNJgO02EGzISZMBvSYQ7MhbkwD+bDfPgIFsLH8DEshsWwFDIgAzJhGWRBFiyHs5ANK2AlrILVsAZWwzpYD+tgI2yCjbAFtsA22Aafw+ewE3bCbtgNe2EvfAFfwJfwJaRCDuTAQTgIh+AQHIbDkAu5cASOwFE4CsfgGByH43ACTsIpOAmn4TScgbNwDs7BBbgAF+GlhO+a7y2zIVXIK7TUMp/MJ2NkjIyVsTJOxsmCsqCMyIiMl/GykCwkC8vCsqgsKhNkgiwhS0iUKEmGsqQsKaMyKkvL0jJRJsqysqx00skkmSQryAqyoqwoK8k7ZWV5l6wiq8qOrrqsLmvITq6mrCVry9qyjqwr68n6sr5sIBvIhrKhbCQbycaysWwiH5ZN5QAYAo/KK5NpIUdCSzkKWsnWso1sK9+GJ2V7OQY6yI6yk3xajoOx0EW2d8nyOdlVToJu8gU5GV6UPeRU6Clflr1kb9lHviL7yg6un+wvZ8AAOVDOhkFysBwih8p5UFdemVg9+aZMlSPlKPmWXApvyzHyHTlWjpPj5btygpwoJ8nJcoqcKtPke3KafF9Olx/IGXKmnCVny3Q5R86VH8p5cr5cID+SC+XHcpFcLJfIpTJDfiIz5TKZJT+Vy+VnMluukCvlKrlarpFr5Tq5Xm6QG+UmuVlukVvlNrldfi53yJ1yl9wt98i9cp/8Qu6XX8oD8iuZI7+WB+Vf5CH5jTwsv5W58jt5RH4vj8of5DH5ozwuf5In5El5Sv4sT8tf5Bl5Vp6T5+UF+au8KC/Jy9JLoUBJpZRWgcqn8qsYVUDFqutUnLpeFVQ3qIi6UcWrm1QhdbMqrIqooqqYSlDFVQllFCqrSIWqpCqlouoWVVrdqhJVGVVWlVNOlVdJ6jZVQd2uKqo7VCV1p6qs7lJVVFVVTVVXd6sa6h5VU9VStdW9qo6qq+qp+uo+1UDdrxqqB1Qj9aBqrB5STdTDqql6RDVTj6rm6jHVQj2uWqonVCvVWrVRbVU79aRqr55SHVRH1Uk9rTqrZ1QX9axKVs+prup51U29oLqrF1UP9ZLqqV5WvVRv1UddUpeVV/1Uf5WiBqiB6jU1SA1WQ9RQNUy9roarN9QI9aZKVSPVKPWWGq3eVmPUO2qsGqfGq3fVBDVRTVKT1RQ1VaWp99Q09b6arj5QM9RMNUvNVulqjhryt0oL/hv57/+T/BG/Pfs2tV19rnaonWqX2q32qL1qn9qn9qv96oA6oHJUjjqoDqpD6pA6rA6rXJWrjqgj6qg6qo6pY+q4Oq5OqJPqvPpZnVa/qDPqrDqrzqsL6oK6+LefgdCgpVZa60Dn0/l1jC6gY/V1Ok5frwvqG3RE36jj9U26kL5ZF9ZFdFFdTCfo4rqENhq11aRDXVKX0lF9iy6tb9WJuowuq8tpp8vrJH3bv5z/R/210+10e91ed9AddCfdSXfWnXUX3UUn62TdVXfV3XQ33V131z10D91T99S9dC/dR/fRfXVf3U/30yk6RQ/Ur+lBerAeoofqYfp1PVwP1yP0CJ2qU/UoPUqP1qP1GD1Gj9Vj9Xg9Xk/QE/QkPUlP0VN0mk7T0/Q0PV1P1zP0DD1Lz9LpOl3P1XP1PD1PL9AL9EK9UC/Si/QSvURn6AydqTN1ls7Sy/Vyna1X6BV6lV6l1+g1ep1epzfoDXqT3qS36C06W2/X2/UOvUPv0rv0Hr1H79P79H69Xx/QB3SOztEH9UF9SB/Sh/Vhnatz9RF9RB/VR/UxfUwf18f1CX1Cn9Kn9Gl9Wp/RZ/Q5fU5f0Bf0RX1RX9aXr1z2BTKQgQ50kC/IF8QEMUFsEBvEBXFBwaBgEAkiQXwQHxQKbg4KB0WCokGxICEoHpQITICBDSgIg5JBqSAa3BKUDm4NEoMyQdmgXOCC8kFScFtQIbg9qBjcEVQK7gwqB3cFVYKqQbWgenB3UCO4J6gZ1ApqB/cGdYK6Qb2gfnBf0CC4P2gYPBA0Ch4MGgcPBU2Ch4OmwSNBs+DRoHnwWNAieDxoGTwRtApaB22CtkG7P7W+92eKPOX6mf4mxQwwA81rZpAZbIaYoWaYed0MN2+YEeZNk2pGmlHmLTPavG3GmHfMWDPOjDfvmglmoplkJpspZqpJM++ZaeZ9M918YGaYmWaWmW3SzRwz13xo5pn5ZoH5yCw0H5tFZrFZYpaaDPOJyTTLTJb51Cw3n5lss8KsNKvMarPGrDXrzHqzwWw0m8xms8VsNdvMdvO52WF2ml1mt9lj9pp95guz33xpDpivTI752hw0fzGHzDfmsPnW5JrvzBHzvTlqfjDHzI/muPnJnDAnzSnzszltfjFnzFlzzpw3F8yv5qK5ZC4bf+Xi/srLO2rUmA/zYQzGYCzGYhzGYUEsiBGMYDzGYyEshIWxMBbFopiACVgCS+AVhIQlsSRGMYqlsTQmYiKWxbLo0GESJmEFrIAVsSJWwkpYGStjFayC1bAa3o134z14D9bCWngv3ot1sS7Wx/rYABtgQ2yIjbARNsbG2ASbYFNsis2wGTbH5tgCW2BLbImtsBW2wTbYDtthe2yPHbADdsJO2Bk7YxfsgsmYjF2xK3bDbtgdu2MP7IE9sSf2wl7YB/tgX+yL/bAfpmAKDsSBOAgH4RAcgsNwGA7H4TgCR2AqpuIoHIWjcTSOwTE4FsfheHwXJ+BEnISTcQpOxTRMw2k4DafjdJyBM3AWzsJ0TMe5OBfn4TxcgAtwIS7ERbgIl+ASzMAMzMRMzMIsXI7LMRuzcSWuxNW4GtfiWlyP63EjbsTNuBm34lbcjttxB+7AXbgL9+Ae3If7cD/uxwN4AHMwBw/iQTyEh/AwHsZczMUjeASP4lE8hsfwOB7HE3gCT+EpPI2n8QyewXN4Di/gr3gRL+Fl9BhjpYi119k4e70taG+wMbaA/fu4qC1mE2xxW8IaW9gW+YcYrbWJtowta8tZZ8vbJHvb7+IqtqqtZqvbu20Ne4+t+bu4gb3fNrQP2Eb2QVvf3vcPcWP7kG1iH7dN7RO2mW1tm9u2toV93La0T9hWtrVtY9vazvYZ28U+a5Ptc7arff53caZdZtfbDXaj3WT32y/tOXveHrU/2Av2V9vP9rfD7Ot2uH3DjrBv2lQ78nfxePuunWAn2kl2sp1ip/4unmVn23Q7x861H9p5dv7v4gz7iV1os+wiu9gusUt/i6/0lGU/tcvtZzbbrrAr7Sq72q6xa+26f+91ld1it9ptdp/9wu6wO+0uu9vusXt/i6+cxwH7lc2xX9sj9nt7yH5jD9tjNtd+91t85fyO2R/tcfuTPWFP2lP2Z3va/mLP2LO/nf+Vc//ZXrKXrbeCgCQp0hRQPspPMVSAYuk6iqPrqSDdQBG6keLpJipEN1NhKkJFqRglUHEqQYaQLBGFVJJKUZRuodJ0KyVSGSpL5chReUqi26gC3U4V6Q6qRHdSZbqLqlBVqkbV6W6qQfdQTapFteleqkN1qR7Vp/uoAd1PDekBakQPUmN6iJrQw9SUHqFm9Cg1p8eoBT1OLekJakWtqQ21pXb0JLWnp6gDdaRO9DR1pmeoCz1LyfQcdaXnqRu9QN3pRepBL1FPepl6UW/qQ69QX3qV+lF/SqEBNJBeo0E0mIbQUBpGr9NweoNG0JuUSiNpFL1Fo+ltGkPv0FgaR+PpXZpAE2kSTaYpNJXS6D2aRu/TdPqAZtBMmkWzKZ3m0Fz6kObRfFpAH9FC+pgW0WJaQkspgz6hTFpGWfQpLafPKJtW0EpaRatpDa2ldbSeNtBG2kSbaQttpW20nT6nHbSTdtFu2kN7aR99QfvpSzpAX1EOfU0H6S90iL6hw/Qt5dJ3dIS+p6P0Ax2jH+k4/UQn6CSdop/pNP1CZ+gsnaPzdIF+pYt0iS6TJxFCKEMV6jAI84X5w5iwQBgbXhfGhdeHBcMbwkh4Yxgf3hQWCm8OC4dFwqJhsTAhLB6WCE2IoQ0pDMOSYakwGt4Slg5vDRPDMmHZsFzowvJhUnhbWCG8PawY3hFWCu8MK4d3hVXCquHjD1YP7w5rhPeENcNaYe3w3rBOWDesF9YP7wsbhPeHDcMHwkbhg2HF8KGwSfhw2DR8JGwWPho2Dx8LW4SPhy3DJ8JWYeuwTdg2bBc+GbYPnwo7hB3DTuHTYefwmbBL+GyYHD4Xdg2f/8PjKeGAcGD4Wvha6P0Dakl0aTQj+kk0M7osmhX9NLo8+lk0O7oiujK6Kro6uia6Nrouuj66Iboxuim6ObolujW6Lep9/fzCgZNOOe0Cl8/ldzGugIt117k4d70r6G5wEXeji3c3uULuZlfYFXFFXTGX4Iq7Es44dNaRC11JV8pF3S2utLvVJboyrqwr55wr75JcW9fOtXPt3VOug+voOrmn3dPuGfeMe9Y9655zXd3zrpt7wXV3L7oe7iX3knvZ9XK9XR/3iuvrXnX9XH+X4lLcQDfQDXKD3BA3xA1zw9xwN9yNcCNcqkt1o9woN9qNdmPcGDfWjXXj3Xg3wU1wk9wkN8VNcWkuzU1z09x0N93NcDPcLDfLpbt0N9fNdfPcPLfALXALExe6RW6RW+KWuAyX4TJdpstyWW65W+6yXbZb6Va61W61W+vWuvVuvdvoNrrNbrPb6ra67W672+F2uF1ul9vj9rh9bp/b7/a7A+6Ay3E57qA76A65Q+6w+9bluu/cEfe9O+p+cMfcj+64+8mdcCfdKfezO+1+cWfcWXfOnXcX3K/uorvkLjvv0iLvRaZF3o9Mj3wQmRGZGZkVmR1Jj8yJzI18GJkXmR9ZEPkosjDycWRRZHFkSWRpJCPySSQzsiySFfk0sjzyWSQ7siKyMrIqsjqyJuJ98R2hL+lL+ai/xZf2t/pEX8aX9eW88+V9kr/NV/C3+4r+Dl/J3+kr+7t8FV/VV/NP+Fa+tW/j2/p2/knf3j/lO/iOvpN/2nf2z/gu/lmf7J/zXf3zvpt/wXf3L/oe/iXf07/se/nevo9/xff1r/p+vr9P8QP8QP+aH+QH+yF+qB/mX/fD/Rt+hH/Tp/qRfpR/y4/2b/sx/h0/1o/z4/27foKf6Cf5yX6Kn+rT/Ht+mn/fT/cf+Bl+pp/lZ/t0P8fP9R/6eX6+X+A/8gv9x36RX+yX+KU+w3/iM/0yn+U/9cv9Zz7br/Ar/Sq/2q/xa/06v95v8Bv9Jr/Zb/Fb/Ta/3X/ud/idfpff7ff4vX6f/8Lv91/6A/4rn+O/9gf9X/wh/40/7L/1uf47f8R/74/6H/wx/6M/7n/yJ/xJf8r/7E/7X/wZf9af8+f9Bf+rv+gv+cv8P2uMMcYYY/8t6g+OD/gn35N/W1cMFEJcv7NY7n+subnwX/eDZULniBDiuf49H/23VadOSkrK3x6brURQarEQInI1P5+4Gq8QncQzIll0FBX+aX+DZe8L9Af1o3cKEft3OTHiany1/u3/Sf0nnx6fWTk8F/9f1F8sRGKpqzkFxNX4av2K/0n9Iu3/oP8C36QJ0eHvcuLE1fhq/STxlHheJP/DIxljjDHGGGOMsb8aLKt1/6P75yv35wn6ak5+cTX+o/tzxhhjjDHGGGOMXXsv9u7z7JPJyR2784Y3vOHNv2+u9V8mxhhjjDHG2J/t6kX/te6EMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhjLu/5/fJzYtT5HxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhj7Fr7PwEAAP//SOc8Mw==") connect$inet6(0xffffffffffffffff, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)={0x4000659}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_mount_image$ext4(&(0x7f0000000380)='ext3\x00', &(0x7f0000000080)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xc8000, &(0x7f0000000f00)={[{@data_writeback}, {@init_itable_val={'init_itable', 0x3d, 0xf30}}], [{@context={'context', 0x3d, 'user_u'}}, {@euid_lt}]}, 0x6, 0x51f, &(0x7f00000009c0)="$eJzs3c9vI1cdAPDvOHab7QacFg6lUtul3SpFsM6m6Y+IQ+lKQE+VEOWeXRIniuLEq8RpN9GKesUfUEAVIHHixAWJPwAJ+icgpEpw6xXQCrL0wAUZzXi8SRw7OKw3ZuPPR3qeN+955vt9dmzP84ziAMbWpYh4KyKmI+KliCjn7YW8RLNd0vvd27+9lJYkWq13/55Ekrd17/Nivlnqu29HfD85Hnd7d2+9utjKHGreu7K2cWO1ulrdnJ+fe33hjYXXFq4OOJKkeFLvVES8+c3Pfvrhr7795u++9v6ni397+QdpWtfz/oNxzPxlwICDZZXdlmKy09Ac5t5HbyIiitkIAQB4FFyOiKci4oWI+EqUYyJOPIwGAAAAHkGtb0w93qkCAAAA51MhuzY2KVSy632LMRWFQqXSvob3i/FEoVbfbnx1pb6zudy+hnY6SoWVtVr1an6t8HSUknR9Lr+GuLP+Stf6fEQ8GREflS+k61kfAAAAcDYuHpn/R3xWbs//AQAAgHPGyXgAAAA4/wac///+YecBAAAAPDzO/wMAAMC59p133klL697+7ex3AJbf291Zr793Zbm6vV7Z2FmqLNW3blZW6/XVWrUy0dmq/6891+r1m6/G5s6t2UZxuzG7vbu3uFHf2WwsZr/rvVh96ozGBQAAABx48vmP/5xERPPrF7KSeizv6z/LB8ZMUuxquP7lEWUCDMXEaTe4tPNwEgHOXPdnOjA+SoVRZwCMWtLd0HVgMJm1fPjjYxv+4fSxHHMAAMBozHzJ+X8YV77+g/H1o1EnAIxM0WE+jK3S6a8ABM6Zt/9L/2S/joHP/7dap0oIAAAYuqn2ohn5ucCpKBQqlfunBZOVtVr1akR8PiL+VC49nq7PjTBfAAAAAAAAAAAAAAAAAAAAAAAAAHgUtVpJtAAAAIBzLaLw1yQi0jJTvjzV/f3AY8m/ytkyIt7/xbs/u3Wj0diaS9v/cb+98fO8/ZVRfIMBAAAA46h0Ym9nnt6ZxwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAMN3bv73UKWcZ9+61uBDTveIXYzJbTkYpIp74ZxLFQ9slETExhPjNOxHxdK/4SZpWTOdZHIr/bHpTiIgLo4kfnfgXhxAfxtnH1yLirV6vv0Jcypa9X3/FvDyou9eyF3nP+J33v4k+73+fGzDGM5/8Zra77YeTefw7Ec8Ue7//dOInfeK/2C9g6ejq9e/t7fW7a+uXETM9P3+SI7FmGxs3Z7d3966sbdxYra5WN+fn515feGPhtYWrsytrtWp+2zPGT579bfOjPvHv3ilky8PxO+Ocbmf4wZHxP32Q0+V+g+ry709u7X+hXS0djx/x8ou9n/92qN6Pf/o38VL+OZD2z3TqzXb9sOd+/cfn+uWWxl/u8/i3n/9yq9/zP6BjYz7wweB7AQCGZnt3b/1GrVbdOoPKC68Ob4fJGeWs0qcy+f+RxllXvvVgm0d1q3M4/CD7+TSttJIhjCudM2SJ5Uf0h1IFAADOmYP5wKgzAQAAAAAAAAAAAAAAAAAAgPH1P/3zsOdPt1V3zOZohgoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcKL/BAAA///5RM24") write$binfmt_script(0xffffffffffffffff, &(0x7f0000000080), 0x208e24b) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(0xffffffffffffffff, 0x40086607, &(0x7f0000000000)={@desc={0x1, 0x0, @auto='\x00\x00&\x00'}}) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000180)="66ba4300b006ee0f01c40f009b27000000b9800000c00f3235008000000f30b80e0000000f23d80f21f835800000a00f23f8c9b9490300000f60b932c00a000000328fe858b660002fb90d090000b800680000ba000000000f30", 0x5a}], 0x1, 0x11, 0x0, 0x0) open(&(0x7f0000000040)='./bus\x00', 0x46342, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 5.106103668s ago: executing program 0 (id=1484): prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x420000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000003c0)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10) ioctl$VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05640, 0x0) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000140)=0x15) ppoll(&(0x7f00000001c0)=[{r4}], 0x1, 0x0, 0x0, 0x0) 4.070053706s ago: executing program 0 (id=1485): syz_open_procfs(0x0, &(0x7f0000000040)='projid_map\x00') prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_new={'new ', 'default', 0x20, 'user:', 'syz', 0x20, 0xffd}, 0x2a, 0x0) r3 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) ioctl$EVIOCGREP(r3, 0x80084503, &(0x7f0000000480)=""/197) r4 = add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe) add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0x5ba8, 0xfffffffffffffffd) keyctl$read(0xb, r4, &(0x7f0000000240)=""/112, 0x349b7f55) 4.016476801s ago: executing program 2 (id=1486): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x5a, &(0x7f0000000100)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x2172, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) fstat(0xffffffffffffffff, &(0x7f0000000480)) r1 = socket$inet6(0xa, 0x5, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) close_range(r1, r2, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x3, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0xefc}, [], {0x95, 0x0, 0x0, 0x1a03d3}}, &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1000070, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x0) 3.035779594s ago: executing program 0 (id=1487): bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xf, &(0x7f0000000000)=@ringbuf={{}, {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0xf4240}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x10, 0x6, &(0x7f0000000000)=ANY=[@ANYBLOB="050000000000000071113100000000008510000002000000850000000000000095000000000000009500a5050000003f"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xfffffffffffffef5, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f0000000200)=ANY=[@ANYBLOB="1802000000000000000000000000000085000000270000001801000020756c2500000000002020207b1af8ff00000000bfa100000800000007010000f8ffffffb702000008000000b70300000000000085000000060000009500000000000000"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffe4, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'pim6reg1\x00', 0x1a003}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x306) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000140)={'pim6reg1\x00', @link_local}) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000140)={'pim6reg1\x00', @dev}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000100)={'pim6reg1\x00', @broadcast}) 2.653272876s ago: executing program 3 (id=1488): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000010700000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x46d, 0xc293, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}}}]}}]}}, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r3, 0xc008ae88, &(0x7f0000000080)=ANY=[@ANYBLOB="0100000000000000020201c0"]) syz_usb_control_io$hid(r0, 0x0, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5, 0x1000, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r4], 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000080000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x4, 0x7fe4, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000004c0)="c8", &(0x7f00000009c0), 0x5, r5}, 0x38) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r6}, 0x10) syz_usb_control_io(r0, &(0x7f0000000840)={0x2c, &(0x7f0000000200)={0x0, 0x0, 0x7, {0x7, 0x0, "a358457294"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) 2.411628046s ago: executing program 1 (id=1499): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="040983dbc890606bbcd37d8f6bf9ec96"], 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000002180), 0xe98}}, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000640)={0xffffffffffffffff, 0x74, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280), ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x8, &(0x7f0000000500)}}, 0x10) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x14, 0x0, 0x8, 0x5, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000040)={r3, 0x0, &(0x7f0000000200)=""/71}, 0x20) bpf$MAP_CREATE(0x0, 0x0, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000000000000000000000ed000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r4}, 0x10) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000040)={@cgroup=r5, 0x8, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) 2.13376441s ago: executing program 2 (id=1490): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x3}, 0x4) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x3}, 0x4) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f00000001c0)=0x5b40, 0x4) sendto$inet(r2, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r2, &(0x7f0000000100)='\t', 0x1, 0x4008041, 0x0, 0x0) socket$igmp(0x2, 0x3, 0x2) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000c80)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d64050000000000650404000100000004040000fb007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d83923dd29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e1a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2ca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080e71113610e10d858e8327edb1fb6c86adac12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18c65ae1bd4f4390af9a9ceafd07ed00b0000002cab154ad029a1090000002780870014f51c3c975d5aec84222fff0d7216fdb0d3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a2a71bc85018e5ff2c910496f18afc9ffc2cc788bee1b47683db01a469398685211bbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2acb72c7ead0509d380578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9624d37c10223fdae7ed04935c3c9068000000bc8619d73415cda2130f5011e4845500a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b40000000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b60c2499d16d7d9158ffffffff00000000ef069dc42749289f854797f2f900c2a12d8c38a967c1bbe09315c29877a331bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a9e90d7676074a0bde4471414c99d4894ee7f8139dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1038debd64cbe359454a3f2239cfe35f81b7aded448859968ff0e90500d0b07c0dd00490f167e6d5c1109681739dc33f75b2042b8ff8c21ad702cca54728acad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd20785f653b621491dc6aaee0d409731091f4fb94c06006e3c1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e1590bab105b0cb578af7dc7d5e87d48d376444e2de02f47c61e8e84ff828de453f34c2b08660b080efc707e676e1fb4d5865c0ca177a4c7fbb4e829ab0894a1062b445c00f576b2b5cc7f819abd0f885cc4806f47ffb966fcf1e54f5a2d38708194cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d3676329bb8cda690d192a070886df42b2708398773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169cdfaa4252d4ea6b8f6216ff202b5b5a182cb5e8380100632d03a7ca6f6d0339f9953c30930804fdc3690d10ecb65dc5b47481edbf1eee2e8893e903054d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026def743f1213bf817becd9e5a225d67521d1128eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979030000007081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f324661351df747aa6a65872dfdcfa68f65bd06b4082d43e121861b5cc09b986bf56c747d9a1cc5b506892c3a16ff10feea20bdac89bfb758cf3500000000000000000000000000000098e6db5a96055e764a3bfd4ccb20d2e800994f4b602d25b2c076f21c7102687e054bb93b2d013be6227fd99902b074c0de00733128c81c48c5e140b17d71ac48f137d10798c4272826d2ba55bbda0059636528c132ed06759d880d1bc291beea56ed7ee8bcb392fdf886dbc74879ec4b831904d7c101ebbaef3c0ae6d0cf0000000000000000000000000000000011cb735f66a559ef0cdb5163a15c0bb986474bf5d9542e3e48805ce53127e4c076d69d868df543717aaaa07d7aca056f7f036c2bcba0795d1a64868a29ac5321b3cd6ef5b1a741afc7124e16b64a5d1d68b45fcfd7e531090ceae2f05536a4d5d6a4081e743827fb9c031d1fc9f195c2da189c49eaed6c30c71da0452e502ef393efeb02ebe82b1851cae5fa7c958ba23110b5e0e5b890803f28a356b2920e74564e0f8377b0ba515d4cc28d702287fed2882b4780a1bcb583f1cb1470003ef9b592b9461328cfc01ebfce0ecdcea714a517dc40000000000000000000000000006bd0561e1cc72880cc3ec1bdf35eb670a9040e3b53cd826b94ad8aeb014e74787fe89fb3247a87d8bfb6d400142369f88964708d1d4d"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r3, 0x18000000000002a0, 0xfe, 0x60000004, &(0x7f0000000100)="b9ff03076044238cb89e14f008000de0ffff00184000633277fbac141412e000002062079f4b4d2f87e5feca6aab845013f2325f1a3903050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0xfe, 0x60000000, 0x0, 0x25, &(0x7f0000000040)="ded6e0966ec1cf6ba4b897a54e4e062b311453dcbb62932a01105d0a8066ca8e5e1f2f575d0d6e996b57fd408d420abb7337934e59815d75b4eb3e7206afce", &(0x7f0000000380)="af5fa441b438b5156d8a9fcc090f586e979858f64170cde36889dcc8539ffcca62621a4c3ea3f7acee366e6fb0b94314f90931dec60fed6c9fee64af416c29f65e47110b81f6b4da06db5e1aad1f627acb", 0x0, 0x3}, 0x2c) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x4, 0x7fe2, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000440)=@base={0xa, 0x9, 0x8, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f0000000080)={0x3ff}, 0x0, 0x0) 2.13298751s ago: executing program 1 (id=1501): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000400)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="640000000206010200000000000000000000000015000300686173683a69702c706f72742c6e6574000000000900020073797a32000000000500040000000000140007800800124000000000050015002200000005000500020000000500010006"], 0x64}}, 0x0) sendmsg$IPSET_CMD_LIST(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c00000007060103000000000000200000000000050001000e000000a5"], 0x1c}}, 0x0) sendmsg$NFT_MSG_GETCHAIN(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)=ANY=[@ANYBLOB="14000000040a0102"], 0x14}}, 0x0) 2.02126403s ago: executing program 0 (id=1491): mremap(&(0x7f0000df6000/0x4000)=nil, 0x4000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) sendmmsg$inet6(r3, &(0x7f0000005180)=[{{0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000001300)}], 0x1}}, {{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000140)="d2", 0x1}], 0x1, &(0x7f00000012c0)=ANY=[], 0x18}}], 0x2, 0x4404c000) r4 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(r4, 0xc0485661, &(0x7f0000000080)) 1.190773s ago: executing program 1 (id=1492): socket$nl_route(0x10, 0x3, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000540)={0x14, 0x3, 0x1, 0x5}, 0x14}}, 0x0) r1 = syz_open_dev$evdev(0x0, 0x0, 0x0) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000680)={0x40000004}) epoll_pwait(r2, &(0x7f00000001c0)=[{}], 0x1, 0x0, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$TIPC_NL_MEDIA_GET(r4, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x51) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ieee802154(0x0, 0xffffffffffffffff) r5 = fcntl$dupfd(r3, 0x0, r3) setsockopt$IPT_SO_SET_REPLACE(r5, 0x4000000000000, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0xc08, 0x3, 0x468, 0xc, 0x5002004a, 0xb, 0x310, 0xea02, 0x3d0, 0x3c8, 0x3c8, 0x3d0, 0x3c8, 0x3, 0x0, {[{{@ip={@rand_addr, @local, 0x0, 0x0, 'erspan0\x00', 'ip6tnl0\x00'}, 0x0, 0x2c8, 0x310, 0x0, {}, [@common=@unspec=@bpf1={{0x230}, @bytecode={0x0, 0x2, 0x0, [{0x61}, {0x16}]}}, @common=@ttl={{0x28}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'pptp\x00'}}}, {{@uncond, 0x0, 0x98, 0xc0, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @common=@unspec=@NFQUEUE2={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x4c8) 110.492111ms ago: executing program 0 (id=1493): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0xc0802, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f00000000c0)) r1 = socket$pptp(0x18, 0x1, 0x2) bind$pptp(r1, &(0x7f0000000000)={0x18, 0x2, {0x0, @dev={0xac, 0x14, 0x14, 0x10}}}, 0x1e) connect$pptp(r1, &(0x7f0000000700)={0x18, 0x2, {0x0, @multicast1}}, 0x1e) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$EVIOCGPROP(r2, 0x40047438, &(0x7f0000000180)=""/246) ioctl$PPPIOCSFLAGS1(r2, 0x4004743a, &(0x7f0000000300)) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001c40)={0x8, 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000001200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) r4 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) r5 = fsmount(r4, 0x0, 0x0) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000200)={r3, r5, 0x1, 0x0, @void}, 0x10) pwritev(r0, &(0x7f0000000180)=[{&(0x7f00000002c0)='\x00!', 0x2}], 0x1, 0xfffffffe, 0x0) 51.317376ms ago: executing program 1 (id=1494): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) mremap(&(0x7f0000000000/0x9000)=nil, 0x600000, 0x600000, 0x3, &(0x7f0000a00000/0x600000)=nil) 0s ago: executing program 2 (id=1495): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) ioctl$VHOST_SET_VRING_BASE(r0, 0x4008af12, &(0x7f0000000080)={0x1, 0x7f}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000540)={0x0, 0x0, 0x0, &(0x7f00000002c0)=""/138, 0x0}) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000740)=r1) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000ac0)={0x2, 0x0, [{0x4, 0x3f, &(0x7f0000000180)=""/63}, {0x0, 0xc, &(0x7f0000000140)=""/12}]}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x20000) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r2, &(0x7f00000001c0)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) kernel console output (not intermixed with test programs): 39][ T8830] loop4: detected capacity change from 0 to 2048 [ 524.599076][ T8823] EXT4-fs (loop3): orphan cleanup on readonly fs [ 524.693073][ T8823] Quota error (device loop3): v2_read_header: Failed header read: expected=8 got=0 [ 524.719023][ T8830] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 524.788147][ T8823] EXT4-fs warning (device loop3): ext4_enable_quotas:7035: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 524.803230][ T8823] EXT4-fs (loop3): Cannot turn on quotas: error -22 [ 524.813873][ T8823] EXT4-fs error (device loop3): ext4_orphan_get:1422: comm syz.3.1025: bad orphan inode 16 [ 524.893891][ T8823] ext4_test_bit(bit=15, block=18) = 1 [ 524.908963][ T8823] is_bad_inode(inode)=0 [ 524.913444][ T8823] NEXT_ORPHAN(inode)=0 [ 524.932496][ T8823] max_ino=32 [ 524.935768][ T8823] i_nlink=2 [ 524.940169][ T8823] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 525.125953][ T7721] EXT4-fs (loop3): unmounting filesystem. [ 526.496332][ T7655] EXT4-fs (loop4): unmounting filesystem. [ 529.483588][ T8872] loop4: detected capacity change from 0 to 512 [ 531.261781][ T8872] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 531.271134][ T8872] ext4 filesystem being mounted at /43/bus supports timestamps until 2038 (0x7fffffff) [ 531.594758][ T7655] EXT4-fs (loop4): unmounting filesystem. [ 531.798818][ T3722] team0 (unregistering): Port device team_slave_1 removed [ 531.812219][ T8880] loop3: detected capacity change from 0 to 2048 [ 532.033479][ T3763] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 533.816389][ T3722] team0 (unregistering): Port device team_slave_0 removed [ 534.034705][ T3722] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 535.044717][ T3722] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 535.058101][ T7090] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 535.438257][ T7090] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 535.454307][ T7090] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 535.469554][ T7090] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 535.478806][ T7090] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 535.531908][ T8893] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 535.814638][ T7090] usb 5-1: USB disconnect, device number 7 [ 535.938919][ T3722] bond0 (unregistering): Released all slaves [ 536.031019][ T11] smc: removing ib device syz0 [ 536.087178][ T8537] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 536.118560][ T8537] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 536.156038][ T8537] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 536.188333][ T8537] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 536.447312][ T8537] 8021q: adding VLAN 0 to HW filter on device bond0 [ 536.472667][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 536.483578][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 536.513930][ T8537] 8021q: adding VLAN 0 to HW filter on device team0 [ 536.527585][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 536.537615][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 536.578511][ T56] bridge0: port 1(bridge_slave_0) entered blocking state [ 536.585682][ T56] bridge0: port 1(bridge_slave_0) entered forwarding state [ 536.642799][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 536.936512][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 539.353368][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 539.362737][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 539.369909][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 539.495620][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 539.504944][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 539.520022][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 539.656451][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 540.453546][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 540.500103][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 540.540882][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 540.563375][ T8923] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3832186367 (490519854976 ns) > initial count (268435456 ns). Using initial count to start timer. [ 540.600474][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 540.638692][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 540.657198][ T8537] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 540.693744][ T8537] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 540.712943][ T8952] loop2: detected capacity change from 0 to 4096 [ 540.784004][ T8952] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 541.093124][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 541.124154][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 541.347950][ T3651] Bluetooth: hci2: command 0x0c1a tx timeout [ 544.013222][ T8985] loop3: detected capacity change from 0 to 2048 [ 544.843297][ T8985] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 544.942310][ T8537] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 544.958327][ T4730] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 544.968084][ T4730] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 545.110229][ T3722] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 545.120788][ T3722] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 545.687709][ T3701] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 545.718647][ T3722] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 545.737477][ T3722] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 545.758593][ T3722] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 545.774239][ T3701] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 33 with error 28 [ 545.798378][ T3722] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 545.815051][ T8537] device veth0_vlan entered promiscuous mode [ 545.822921][ T9010] netlink: 'syz.1.1064': attribute type 2 has an invalid length. [ 545.825375][ T3701] EXT4-fs (loop3): This should not happen!! Data will be lost [ 545.825375][ T3701] [ 545.852482][ T8537] device veth1_vlan entered promiscuous mode [ 545.865300][ T3701] EXT4-fs (loop3): Total free blocks count 0 [ 545.879962][ T3701] EXT4-fs (loop3): Free/Dirty block details [ 545.895850][ T3701] EXT4-fs (loop3): free_blocks=2415919104 [ 545.910164][ T3722] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 545.931675][ T3722] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 545.944765][ T3701] EXT4-fs (loop3): dirty_blocks=48 [ 545.950520][ T3701] EXT4-fs (loop3): Block reservation details [ 545.959387][ T3722] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 545.977705][ T3701] EXT4-fs (loop3): i_reserved_data_blocks=3 [ 545.989798][ T3722] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 546.027178][ T7721] EXT4-fs (loop3): unmounting filesystem. [ 546.037210][ T8537] device veth0_macvtap entered promiscuous mode [ 546.059590][ T3722] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 546.072461][ T8537] device veth1_macvtap entered promiscuous mode [ 546.232721][ T8537] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 546.343506][ T8537] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 546.369691][ T8537] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 547.907875][ T8537] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 547.974749][ T8537] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 548.036443][ T8537] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 548.088568][ T8537] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 548.145619][ T8537] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 548.209343][ T8537] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 548.219291][ T8537] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 548.241445][ T8537] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 548.258130][ T8537] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 548.270937][ T8537] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 548.297109][ T8537] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 548.322814][ T4730] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 548.358994][ T4730] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 548.378778][ T4730] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 548.399412][ T4730] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 548.424138][ T8537] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 548.457849][ T8537] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 548.497215][ T8537] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 548.543979][ T8537] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 550.666082][ T9055] 9pnet_fd: Insufficient options for proto=fd [ 551.293114][ T9060] loop2: detected capacity change from 0 to 2048 [ 551.663347][ T9070] netlink: 'syz.4.1068': attribute type 2 has an invalid length. [ 551.844461][ T9060] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 552.730405][ T3651] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 552.749556][ T3651] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 552.759008][ T3651] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 552.767725][ T3651] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 552.778194][ T3651] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 552.786588][ T3651] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 553.953960][ T3808] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 554.023064][ T3808] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 33 with error 28 [ 554.052756][ T3808] EXT4-fs (loop2): This should not happen!! Data will be lost [ 554.052756][ T3808] [ 554.064199][ T3808] EXT4-fs (loop2): Total free blocks count 0 [ 554.079468][ T3808] EXT4-fs (loop2): Free/Dirty block details [ 554.107961][ T3808] EXT4-fs (loop2): free_blocks=2415919104 [ 554.118343][ T3808] EXT4-fs (loop2): dirty_blocks=48 [ 554.123499][ T3808] EXT4-fs (loop2): Block reservation details [ 554.148770][ T3808] EXT4-fs (loop2): i_reserved_data_blocks=3 [ 554.169457][ T6534] EXT4-fs (loop2): unmounting filesystem. [ 554.184107][ T3880] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 554.225515][ T9100] loop4: detected capacity change from 0 to 4096 [ 554.344968][ T9100] ntfs3: loop4: Mark volume as dirty due to NTFS errors [ 554.423806][ T3880] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 555.209031][ T3651] Bluetooth: hci1: command tx timeout [ 555.874871][ T3880] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 555.992820][ T3880] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 556.012163][ T9079] chnl_net:caif_netlink_parms(): no params data found [ 556.047095][ T9121] loop4: detected capacity change from 0 to 1024 [ 556.097845][ T8547] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 556.124900][ T3763] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 556.266688][ T9129] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3832186367 (490519854976 ns) > initial count (268435456 ns). Using initial count to start timer. [ 556.338023][ T8547] usb 4-1: Using ep0 maxpacket: 16 [ 556.399168][ T9079] bridge0: port 1(bridge_slave_0) entered blocking state [ 556.410209][ T9079] bridge0: port 1(bridge_slave_0) entered disabled state [ 556.439322][ T9079] device bridge_slave_0 entered promiscuous mode [ 556.467719][ T8547] usb 4-1: config 0 has an invalid descriptor of length 169, skipping remainder of the config [ 556.478496][ T8547] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 556.489606][ T8547] usb 4-1: New USB device found, idVendor=1e7d, idProduct=31ce, bcdDevice= 0.00 [ 556.499067][ T8547] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 556.517336][ T8547] usb 4-1: config 0 descriptor?? [ 556.576928][ T9079] bridge0: port 2(bridge_slave_1) entered blocking state [ 556.584512][ T9079] bridge0: port 2(bridge_slave_1) entered disabled state [ 556.593990][ T9079] device bridge_slave_1 entered promiscuous mode [ 556.744795][ T9079] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 556.778726][ T9117] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 556.809412][ T9079] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 556.823756][ T9117] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 557.675192][ T3651] Bluetooth: hci1: command tx timeout [ 557.818067][ T8547] usb 4-1: string descriptor 0 read error: -71 [ 557.835460][ T8547] usb 4-1: USB disconnect, device number 5 [ 557.887178][ T9079] team0: Port device team_slave_0 added [ 557.984107][ T9079] team0: Port device team_slave_1 added [ 558.116778][ T9079] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 558.138375][ T9079] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 558.167410][ T9079] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 558.225681][ T9079] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 558.239597][ T9079] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 558.266367][ T9079] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 558.334090][ T9155] IPv6: ADDRCONF(NETDEV_CHANGE): syzkaller0: link becomes ready [ 558.463369][ T9159] loop4: detected capacity change from 0 to 2048 [ 558.569899][ T9163] autofs4:pid:9163:autofs_fill_super: called with bogus options [ 558.692169][ T9079] device hsr_slave_0 entered promiscuous mode [ 558.776140][ T9159] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 558.799277][ T9079] device hsr_slave_1 entered promiscuous mode [ 558.903892][ T9079] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 559.016082][ T9079] Cannot create hsr debugfs directory [ 559.793376][ T3661] Bluetooth: hci1: command tx timeout [ 560.022321][ T4730] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 560.308193][ T4730] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 33 with error 28 [ 560.323714][ T4730] EXT4-fs (loop4): This should not happen!! Data will be lost [ 560.323714][ T4730] [ 560.355582][ T4730] EXT4-fs (loop4): Total free blocks count 0 [ 560.391591][ T4730] EXT4-fs (loop4): Free/Dirty block details [ 561.652956][ T4730] EXT4-fs (loop4): free_blocks=2415919104 [ 561.659037][ T4730] EXT4-fs (loop4): dirty_blocks=48 [ 561.664263][ T4730] EXT4-fs (loop4): Block reservation details [ 561.673036][ T4730] EXT4-fs (loop4): i_reserved_data_blocks=3 [ 562.618673][ T3661] Bluetooth: hci1: command tx timeout [ 562.642590][ T3880] device hsr_slave_0 left promiscuous mode [ 562.650615][ T3880] device hsr_slave_1 left promiscuous mode [ 562.665241][ T7655] EXT4-fs (loop4): unmounting filesystem. [ 562.685281][ T3880] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 562.710735][ T3880] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 562.849762][ T1271] ieee802154 phy0 wpan0: encryption failed: -22 [ 562.856130][ T1271] ieee802154 phy1 wpan1: encryption failed: -22 [ 562.886103][ T3880] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 562.938385][ T3880] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 562.946347][ T3880] device bridge_slave_1 left promiscuous mode [ 563.033462][ T3880] bridge0: port 2(bridge_slave_1) entered disabled state [ 563.150690][ T9182] loop3: detected capacity change from 0 to 256 [ 563.302106][ T3880] device bridge_slave_0 left promiscuous mode [ 563.440978][ T3880] bridge0: port 1(bridge_slave_0) entered disabled state [ 563.773717][ T9182] FAT-fs (loop3): Directory bread(block 64) failed [ 563.787982][ T9182] FAT-fs (loop3): Directory bread(block 65) failed [ 563.794639][ T9182] FAT-fs (loop3): Directory bread(block 66) failed [ 563.801396][ T9182] FAT-fs (loop3): Directory bread(block 67) failed [ 563.808286][ T9182] FAT-fs (loop3): Directory bread(block 68) failed [ 563.822699][ T9182] FAT-fs (loop3): Directory bread(block 69) failed [ 563.839602][ T9182] FAT-fs (loop3): Directory bread(block 70) failed [ 563.846204][ T9182] FAT-fs (loop3): Directory bread(block 71) failed [ 563.855333][ T3880] device veth1_macvtap left promiscuous mode [ 563.867471][ T3880] device veth0_macvtap left promiscuous mode [ 563.873796][ T9182] FAT-fs (loop3): Directory bread(block 72) failed [ 563.880569][ T3880] device veth1_vlan left promiscuous mode [ 563.886421][ T9182] FAT-fs (loop3): Directory bread(block 73) failed [ 563.893164][ T3880] device veth0_vlan left promiscuous mode [ 564.759751][ T9205] syz.3.1097: attempt to access beyond end of device [ 564.759751][ T9205] loop3: rw=524288, sector=1160, nr_sectors = 4 limit=256 [ 564.775440][ T9205] syz.3.1097: attempt to access beyond end of device [ 564.775440][ T9205] loop3: rw=0, sector=1160, nr_sectors = 4 limit=256 [ 564.868799][ T3661] Bluetooth: hci0: command 0x040f tx timeout [ 565.837983][ T7093] usb 4-1: new full-speed USB device number 6 using dummy_hcd [ 566.037261][ T26] audit: type=1326 audit(1728649243.455:152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9209 comm="syz.4.1091" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fc6b7dff9 code=0x7ffc0000 [ 566.114331][ T26] audit: type=1326 audit(1728649243.455:153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9209 comm="syz.4.1091" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fc6b7dff9 code=0x7ffc0000 [ 566.356346][ T26] audit: type=1326 audit(1728649243.485:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9209 comm="syz.4.1091" exe="/root/syz-executor" sig=0 arch=c000003e syscall=0 compat=0 ip=0x7f3fc6b7dff9 code=0x7ffc0000 [ 566.527785][ T7093] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 567.270963][ T26] audit: type=1326 audit(1728649243.485:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9209 comm="syz.4.1091" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fc6b7dff9 code=0x7ffc0000 [ 567.317815][ T7093] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 567.326084][ T26] audit: type=1326 audit(1728649243.485:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9209 comm="syz.4.1091" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fc6b7dff9 code=0x7ffc0000 [ 567.367454][ T7093] usb 4-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 567.412718][ T7093] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 567.415169][ T26] audit: type=1326 audit(1728649243.485:157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9209 comm="syz.4.1091" exe="/root/syz-executor" sig=0 arch=c000003e syscall=40 compat=0 ip=0x7f3fc6b7dff9 code=0x7ffc0000 [ 567.450916][ T26] audit: type=1326 audit(1728649243.485:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9209 comm="syz.4.1091" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fc6b7dff9 code=0x7ffc0000 [ 567.485812][ T7093] usb 4-1: config 0 descriptor?? [ 567.487460][ T26] audit: type=1326 audit(1728649243.485:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9209 comm="syz.4.1091" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fc6b7dff9 code=0x7ffc0000 [ 567.538528][ T9224] loop2: detected capacity change from 0 to 2048 [ 567.584405][ T7093] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 567.614488][ T26] audit: type=1326 audit(1728649243.505:160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9209 comm="syz.4.1091" exe="/root/syz-executor" sig=0 arch=c000003e syscall=141 compat=0 ip=0x7f3fc6b7dff9 code=0x7ffc0000 [ 567.640436][ T7093] dvb-usb: bulk message failed: -22 (3/0) [ 567.645667][ T26] audit: type=1326 audit(1728649243.535:161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9209 comm="syz.4.1091" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fc6b7dff9 code=0x7ffc0000 [ 567.707631][ T7093] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 567.757611][ T7093] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 567.787488][ T9224] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 567.797145][ T7093] usb 4-1: media controller created [ 567.808868][ T9214] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 567.860130][ T7093] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 567.879007][ T9214] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 568.105322][ T7093] dvb-usb: bulk message failed: -22 (6/0) [ 568.564694][ T7093] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 568.693641][ T7093] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input14 [ 568.756755][ T7093] dvb-usb: schedule remote query interval to 150 msecs. [ 568.777480][ T7093] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 568.809733][ T7093] usb 4-1: USB disconnect, device number 6 [ 568.832781][ T37] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 568.893804][ T37] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 33 with error 28 [ 568.914057][ T7093] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 568.952218][ T37] EXT4-fs (loop2): This should not happen!! Data will be lost [ 568.952218][ T37] [ 569.011907][ T37] EXT4-fs (loop2): Total free blocks count 0 [ 569.051326][ T37] EXT4-fs (loop2): Free/Dirty block details [ 569.063534][ T37] EXT4-fs (loop2): free_blocks=2415919104 [ 569.087924][ T37] EXT4-fs (loop2): dirty_blocks=48 [ 569.097882][ T37] EXT4-fs (loop2): Block reservation details [ 569.155872][ T37] EXT4-fs (loop2): i_reserved_data_blocks=3 [ 569.174207][ T6534] EXT4-fs (loop2): unmounting filesystem. [ 569.174676][ T3651] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 569.191031][ T3651] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 569.204945][ T3651] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 569.213982][ T3651] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 569.221855][ T3651] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 569.229320][ T3651] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 569.561323][ T9235] loop2: detected capacity change from 0 to 1024 [ 569.638647][ T9235] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 569.906054][ T3880] team0 (unregistering): Port device team_slave_1 removed [ 570.993753][ T3880] team0 (unregistering): Port device team_slave_0 removed [ 571.360480][ T3661] Bluetooth: hci4: command tx timeout [ 571.901497][ T3880] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 572.074274][ T3880] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 573.435201][ T3658] Bluetooth: hci4: command tx timeout [ 574.495315][ T3880] bond0 (unregistering): Released all slaves [ 575.104298][ T9266] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1107'. [ 575.923378][ T3658] Bluetooth: hci4: command tx timeout [ 577.988146][ T3658] Bluetooth: hci4: command tx timeout [ 577.996631][ T9232] chnl_net:caif_netlink_parms(): no params data found [ 578.158707][ T9232] bridge0: port 1(bridge_slave_0) entered blocking state [ 578.165899][ T9232] bridge0: port 1(bridge_slave_0) entered disabled state [ 578.189108][ T9232] device bridge_slave_0 entered promiscuous mode [ 578.232935][ T9232] bridge0: port 2(bridge_slave_1) entered blocking state [ 578.240689][ T9232] bridge0: port 2(bridge_slave_1) entered disabled state [ 578.251787][ T9232] device bridge_slave_1 entered promiscuous mode [ 578.350811][ T9232] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 578.366677][ T9232] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 578.443065][ T9232] team0: Port device team_slave_0 added [ 578.474471][ T3880] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 578.500455][ T9079] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 578.521966][ T9232] team0: Port device team_slave_1 added [ 578.534430][ T9079] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 578.580679][ T3880] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 578.592975][ T9079] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 578.616240][ T9079] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 578.639060][ T3880] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 578.655237][ T9232] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 578.662402][ T9232] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 578.689774][ T9232] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 578.711684][ T3880] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 578.732750][ T9232] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 578.740397][ T9232] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 578.768155][ T9232] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 578.830116][ T9232] device hsr_slave_0 entered promiscuous mode [ 578.836894][ T9232] device hsr_slave_1 entered promiscuous mode [ 578.845340][ T9232] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 578.853507][ T9232] Cannot create hsr debugfs directory [ 578.976228][ T9079] 8021q: adding VLAN 0 to HW filter on device bond0 [ 579.105492][ T9079] 8021q: adding VLAN 0 to HW filter on device team0 [ 579.131209][ T3836] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 579.142197][ T3836] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 579.224204][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 579.252329][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 579.261396][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 579.268634][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 579.277011][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 579.286881][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 579.296620][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 579.303785][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 579.361895][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 579.372531][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 579.383312][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 579.396772][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 579.413921][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 579.424252][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 579.434384][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 579.443888][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 579.494810][ T9079] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 579.506642][ T9079] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 579.586312][ T3722] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 579.610210][ T3722] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 579.620866][ T3722] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 579.632820][ T3722] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 579.642992][ T3722] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 579.883903][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 579.911828][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 579.947412][ T9079] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 580.027241][ T3722] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 580.043819][ T3722] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 580.107539][ T9232] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 580.130205][ T3722] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 580.144560][ T3722] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 580.177113][ T9232] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 580.205996][ T3722] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 580.215185][ T3722] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 580.226669][ T9079] device veth0_vlan entered promiscuous mode [ 580.259226][ T9232] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 580.282733][ T9079] device veth1_vlan entered promiscuous mode [ 580.361245][ T9232] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 580.420274][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 580.432656][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 580.441932][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 580.451842][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 580.562231][ T9079] device veth0_macvtap entered promiscuous mode [ 580.574214][ T9079] device veth1_macvtap entered promiscuous mode [ 580.590505][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 580.603851][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 580.626634][ T9079] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 580.648605][ T9079] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 580.667789][ T9079] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 580.679070][ T9079] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 580.689180][ T9079] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 580.699947][ T9079] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 580.712319][ T9079] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 580.752766][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 580.761936][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 580.777486][ T9079] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 580.788903][ T9079] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 580.805015][ T9079] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 580.815589][ T9079] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 580.825637][ T9079] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 580.837625][ T9079] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 580.849711][ T9079] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 580.863028][ T3880] device hsr_slave_0 left promiscuous mode [ 580.870426][ T3880] device hsr_slave_1 left promiscuous mode [ 580.877125][ T3880] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 580.886116][ T3880] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 580.894372][ T3880] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 580.901931][ T3880] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 580.909990][ T3880] device bridge_slave_1 left promiscuous mode [ 580.916234][ T3880] bridge0: port 2(bridge_slave_1) entered disabled state [ 580.925486][ T3880] device bridge_slave_0 left promiscuous mode [ 580.932171][ T3880] bridge0: port 1(bridge_slave_0) entered disabled state [ 580.966444][ T3880] device veth1_macvtap left promiscuous mode [ 580.977573][ T3880] device veth0_macvtap left promiscuous mode [ 580.984074][ T3880] device veth1_vlan left promiscuous mode [ 580.991862][ T3880] device veth0_vlan left promiscuous mode [ 581.534447][ T3880] team0 (unregistering): Port device team_slave_1 removed [ 581.580428][ T3880] team0 (unregistering): Port device team_slave_0 removed [ 581.631526][ T3880] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 581.691395][ T3880] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 582.244698][ T3880] bond0 (unregistering): Released all slaves [ 582.373608][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 582.382532][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 582.394770][ T9079] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 582.404661][ T9079] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 582.415546][ T9079] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 582.425939][ T9079] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 582.607482][ T9232] 8021q: adding VLAN 0 to HW filter on device bond0 [ 582.666145][ T3750] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 582.668156][ T3836] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 582.685495][ T3750] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 582.693223][ T3836] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 582.709387][ T3750] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 582.738298][ T37] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 582.746957][ T37] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 582.761171][ T9232] 8021q: adding VLAN 0 to HW filter on device team0 [ 582.804458][ T3750] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 582.817031][ T3750] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 582.826252][ T3750] bridge0: port 1(bridge_slave_0) entered blocking state [ 582.833452][ T3750] bridge0: port 1(bridge_slave_0) entered forwarding state [ 582.853392][ T3750] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 582.871814][ T3750] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 582.881495][ T3750] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 582.891165][ T3750] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 582.901199][ T3750] bridge0: port 2(bridge_slave_1) entered blocking state [ 582.908369][ T3750] bridge0: port 2(bridge_slave_1) entered forwarding state [ 582.936395][ T3750] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 582.978741][ T3750] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 583.023312][ T3750] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 583.087124][ T3750] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 583.114434][ T3750] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 583.137215][ T3750] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 583.160178][ T3750] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 583.172581][ T3750] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 583.193715][ T9232] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 583.209593][ T9232] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 583.220929][ T3750] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 583.251864][ T3750] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 583.368613][ T9375] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 583.814071][ T3750] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 586.984353][ T9412] loop2: detected capacity change from 0 to 128 [ 587.033739][ T7093] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 587.798114][ T7093] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 587.806798][ T7093] usb 1-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 587.837520][ T7093] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 587.857853][ T7093] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 587.885980][ T7093] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 588.032363][ T7093] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 588.063540][ T7093] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 588.084991][ T7093] usb 1-1: Product: syz [ 588.101566][ T7093] usb 1-1: Manufacturer: syz [ 588.169677][ T7093] usb 1-1: can't set config #1, error -71 [ 588.175530][ T5607] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 588.196436][ T7093] usb 1-1: USB disconnect, device number 8 [ 588.212527][ T5607] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 588.256990][ T9232] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 588.385739][ T9426] device syzkaller0 entered promiscuous mode [ 588.419091][ T153] syzkaller0: tun_net_xmit 48 [ 588.432888][ T9426] syzkaller0: tun_chr_ioctl cmd 2147767520 [ 588.451875][ T9426] syzkaller0: tun_net_xmit 1280 [ 588.652437][ T3722] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 588.684786][ T3722] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 590.294706][ T9445] loop2: detected capacity change from 0 to 2048 [ 590.366758][ T26] kauditd_printk_skb: 1 callbacks suppressed [ 590.366774][ T26] audit: type=1326 audit(1728649267.785:163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9446 comm="syz.3.1124" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efee617dff9 code=0x7ffc0000 [ 590.396039][ T9445] loop2: p1 < > p3 p4 < > [ 590.415415][ T9445] loop2: p3 start 4284289 is beyond EOD, truncated [ 590.504803][ T26] audit: type=1326 audit(1728649267.855:164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9446 comm="syz.3.1124" exe="/root/syz-executor" sig=0 arch=c000003e syscall=0 compat=0 ip=0x7efee617dff9 code=0x7ffc0000 [ 590.562522][ T26] audit: type=1326 audit(1728649267.855:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9446 comm="syz.3.1124" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efee617dff9 code=0x7ffc0000 [ 590.605638][ T26] audit: type=1326 audit(1728649267.885:166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9446 comm="syz.3.1124" exe="/root/syz-executor" sig=0 arch=c000003e syscall=40 compat=0 ip=0x7efee617dff9 code=0x7ffc0000 [ 590.631985][ T9448] loop4: detected capacity change from 0 to 256 [ 590.685132][ T9448] FAT-fs (loop4): bogus logical sector size 256 [ 590.685820][ T26] audit: type=1326 audit(1728649267.915:167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9446 comm="syz.3.1124" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efee617dff9 code=0x7ffc0000 [ 590.766609][ T9448] FAT-fs (loop4): Can't find a valid FAT filesystem [ 590.788261][ T26] audit: type=1326 audit(1728649267.915:168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9446 comm="syz.3.1124" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efee617dff9 code=0x7ffc0000 [ 590.812199][ T26] audit: type=1326 audit(1728649267.935:169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9446 comm="syz.3.1124" exe="/root/syz-executor" sig=0 arch=c000003e syscall=141 compat=0 ip=0x7efee617dff9 code=0x7ffc0000 [ 590.880396][ T26] audit: type=1326 audit(1728649267.965:170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9446 comm="syz.3.1124" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efee617dff9 code=0x7ffc0000 [ 590.993587][ T26] audit: type=1326 audit(1728649268.005:171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9446 comm="syz.3.1124" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efee617dff9 code=0x7ffc0000 [ 591.119894][ T9451] loop2: detected capacity change from 0 to 4096 [ 591.166245][ T9451] ntfs: (device loop2): parse_options(): Unrecognized mount option disablÄsparse. [ 591.389454][ T9451] loop2: detected capacity change from 0 to 64 [ 591.758021][ T9453] loop4: detected capacity change from 0 to 512 [ 591.776927][ T9453] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 591.859052][ T9453] EXT4-fs (loop4): 1 truncate cleaned up [ 591.864788][ T9453] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 592.009313][ T7655] EXT4-fs (loop4): unmounting filesystem. [ 592.104814][ T9462] loop4: detected capacity change from 0 to 256 [ 592.183342][ T9462] FAT-fs (loop4): Directory bread(block 64) failed [ 592.190065][ T9462] FAT-fs (loop4): Directory bread(block 65) failed [ 592.197602][ T9462] FAT-fs (loop4): Directory bread(block 66) failed [ 592.216679][ T9462] FAT-fs (loop4): Directory bread(block 67) failed [ 592.225333][ T9462] FAT-fs (loop4): Directory bread(block 68) failed [ 592.242476][ T9462] FAT-fs (loop4): Directory bread(block 69) failed [ 592.249244][ T9462] FAT-fs (loop4): Directory bread(block 70) failed [ 592.255858][ T9462] FAT-fs (loop4): Directory bread(block 71) failed [ 592.270394][ T9462] FAT-fs (loop4): Directory bread(block 72) failed [ 592.277140][ T9462] FAT-fs (loop4): Directory bread(block 73) failed [ 592.690971][ T9464] syz.4.1130: attempt to access beyond end of device [ 592.690971][ T9464] loop4: rw=524288, sector=1160, nr_sectors = 4 limit=256 [ 592.705086][ T9464] syz.4.1130: attempt to access beyond end of device [ 592.705086][ T9464] loop4: rw=0, sector=1160, nr_sectors = 4 limit=256 [ 594.386036][ T9473] loop4: detected capacity change from 0 to 256 [ 594.445755][ T9473] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1133'. [ 594.976830][ T5607] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 594.985309][ T5607] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 594.995639][ T9471] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1132'. [ 595.066614][ T9232] device veth0_vlan entered promiscuous mode [ 595.107946][ T5607] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 595.146258][ T5607] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 595.195766][ T9477] netlink: 25 bytes leftover after parsing attributes in process `syz.2.1144'. [ 595.210066][ T9477] device gretap0 entered promiscuous mode [ 595.271928][ T9478] netlink: 5 bytes leftover after parsing attributes in process `syz.2.1144'. [ 595.297680][ T9478] 0ªX¹¦Dö»: renamed from gretap0 [ 595.315982][ T9478] device 00ªX¹¦Dö» left promiscuous mode [ 595.354478][ T9232] device veth1_vlan entered promiscuous mode [ 595.610393][ T9232] device veth0_macvtap entered promiscuous mode [ 595.686342][ T9232] device veth1_macvtap entered promiscuous mode [ 595.860937][ T9232] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 595.916899][ T9232] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 595.964824][ T9232] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 596.123998][ T9232] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 596.137352][ T9232] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 596.168081][ T9232] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 596.184761][ T9232] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 596.193573][ T3808] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 596.238656][ T3808] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 596.254146][ T7093] kernel write not supported for file /uinput (pid: 7093 comm: kworker/1:15) [ 596.268258][ T3808] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 596.281336][ T3808] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 596.291042][ T3808] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 597.169343][ T3808] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 598.905137][ T9232] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 598.938044][ T9232] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 599.016580][ T9232] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 599.067262][ T9232] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 599.071517][ T9498] loop2: detected capacity change from 0 to 128 [ 599.087917][ T9232] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 599.104893][ T9232] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 599.163721][ T9232] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 599.194344][ T9505] netlink: 96 bytes leftover after parsing attributes in process `syz.4.1141'. [ 599.211465][ T3836] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 599.226469][ T3836] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 599.245753][ T9232] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 599.254954][ T9232] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 599.281996][ T9232] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 599.294897][ T9232] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 599.478606][ T9510] loop3: detected capacity change from 0 to 256 [ 599.546902][ T3836] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 599.555811][ T9510] FAT-fs (loop3): Directory bread(block 64) failed [ 599.576793][ T3836] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 599.729020][ T9510] FAT-fs (loop3): Directory bread(block 65) failed [ 599.791119][ T9510] FAT-fs (loop3): Directory bread(block 66) failed [ 599.975886][ T9510] FAT-fs (loop3): Directory bread(block 67) failed [ 600.027511][ T3880] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 600.105766][ T9510] FAT-fs (loop3): Directory bread(block 68) failed [ 600.313648][ T9510] FAT-fs (loop3): Directory bread(block 69) failed [ 600.328018][ T9510] FAT-fs (loop3): Directory bread(block 70) failed [ 601.091275][ T9510] FAT-fs (loop3): Directory bread(block 71) failed [ 601.100682][ T9510] FAT-fs (loop3): Directory bread(block 72) failed [ 601.107348][ T9510] FAT-fs (loop3): Directory bread(block 73) failed [ 601.218715][ T37] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 601.232356][ T37] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 601.252586][ T5607] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 602.206677][ T9510] autofs4:pid:9510:autofs_fill_super: called with bogus options [ 602.485189][ T9536] loop2: detected capacity change from 0 to 1024 [ 602.631330][ T9538] IPVS: fo: SCTP 172.20.20.187:0 - no destination available [ 602.801029][ T9539] loop4: detected capacity change from 0 to 1024 [ 602.862781][ T9539] EXT4-fs: Ignoring removed nomblk_io_submit option [ 602.918869][ T9539] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 602.943661][ T9539] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e814e01c, mo2=0003] [ 602.952805][ T9539] System zones: 0-1, 3-36 [ 602.980740][ T9539] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 605.217456][ T7655] EXT4-fs (loop4): unmounting filesystem. [ 606.283160][ T9579] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1158'. [ 608.085648][ T9595] netlink: 56 bytes leftover after parsing attributes in process `syz.4.1168'. [ 608.461158][ T3661] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 608.478367][ T3661] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 608.488101][ T3661] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 608.500749][ T3661] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 608.511221][ T3661] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 608.540266][ T3661] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 609.984633][ T9615] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 610.630628][ T3651] Bluetooth: hci3: command tx timeout [ 610.637059][ T9602] chnl_net:caif_netlink_parms(): no params data found [ 610.965947][ T9602] bridge0: port 1(bridge_slave_0) entered blocking state [ 610.977519][ T9602] bridge0: port 1(bridge_slave_0) entered disabled state [ 611.006788][ T9602] device bridge_slave_0 entered promiscuous mode [ 611.018697][ T9602] bridge0: port 2(bridge_slave_1) entered blocking state [ 611.026538][ T9602] bridge0: port 2(bridge_slave_1) entered disabled state [ 611.036804][ T9602] device bridge_slave_1 entered promiscuous mode [ 613.018677][ T3651] Bluetooth: hci3: command tx timeout [ 613.055087][ T9602] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 613.168607][ T9602] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 613.318074][ T8542] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 613.332411][ T9602] team0: Port device team_slave_0 added [ 613.356881][ T9602] team0: Port device team_slave_1 added [ 613.453220][ T9602] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 613.489356][ T9602] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 613.563898][ T9602] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 613.577234][ T9602] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 613.586539][ T9602] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 613.630109][ T9602] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 613.709331][ T8542] usb 1-1: config 0 has no interfaces? [ 613.715555][ T8542] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 613.754878][ T8542] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 613.786647][ T8542] usb 1-1: config 0 descriptor?? [ 613.806015][ T9602] device hsr_slave_0 entered promiscuous mode [ 613.815244][ T9602] device hsr_slave_1 entered promiscuous mode [ 613.827273][ T9602] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 613.861916][ T9602] Cannot create hsr debugfs directory [ 615.088150][ T3651] Bluetooth: hci3: command tx timeout [ 615.724121][ T9656] loop4: detected capacity change from 0 to 4096 [ 615.767571][ T9656] ntfs: (device loop4): parse_options(): Unrecognized mount option disablÄsparse. [ 615.888623][ T9656] loop4: detected capacity change from 0 to 64 [ 615.951431][ T9602] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 616.110646][ T8547] usb 1-1: USB disconnect, device number 9 [ 617.107926][ T3658] Bluetooth: hci3: command tx timeout [ 618.639090][ T9602] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 619.785889][ T9668] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 619.793417][ T9668] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 619.985922][ T9602] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 620.196780][ T9602] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 620.248760][ T26] audit: type=1326 audit(1728649297.675:172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9683 comm="syz.1.1189" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b7a37dff9 code=0x7ffc0000 [ 620.310665][ T26] audit: type=1326 audit(1728649297.705:173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9683 comm="syz.1.1189" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b7a37dff9 code=0x7ffc0000 [ 620.353595][ T26] audit: type=1326 audit(1728649297.715:174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9683 comm="syz.1.1189" exe="/root/syz-executor" sig=0 arch=c000003e syscall=0 compat=0 ip=0x7f9b7a37dff9 code=0x7ffc0000 [ 620.414095][ T26] audit: type=1326 audit(1728649297.715:175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9683 comm="syz.1.1189" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b7a37dff9 code=0x7ffc0000 [ 620.908986][ T9691] vivid-008: disconnect [ 620.944392][ T26] audit: type=1326 audit(1728649297.725:176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9683 comm="syz.1.1189" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b7a37dff9 code=0x7ffc0000 [ 620.998841][ T26] audit: type=1326 audit(1728649297.725:177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9683 comm="syz.1.1189" exe="/root/syz-executor" sig=0 arch=c000003e syscall=40 compat=0 ip=0x7f9b7a37dff9 code=0x7ffc0000 [ 621.041563][ T26] audit: type=1326 audit(1728649297.725:178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9683 comm="syz.1.1189" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b7a37dff9 code=0x7ffc0000 [ 621.139981][ T9687] vivid-008: reconnect [ 621.216446][ T9602] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 621.223638][ T26] audit: type=1326 audit(1728649297.765:179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9683 comm="syz.1.1189" exe="/root/syz-executor" sig=0 arch=c000003e syscall=141 compat=0 ip=0x7f9b7a37dff9 code=0x7ffc0000 [ 621.277575][ T26] audit: type=1326 audit(1728649297.765:180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9683 comm="syz.1.1189" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b7a37dff9 code=0x7ffc0000 [ 621.279103][ T9602] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 621.300832][ T26] audit: type=1326 audit(1728649297.765:181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9683 comm="syz.1.1189" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b7a37dff9 code=0x7ffc0000 [ 621.384706][ T9602] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 622.246649][ T9602] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 622.483485][ T9602] 8021q: adding VLAN 0 to HW filter on device bond0 [ 622.514863][ T5607] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 622.543325][ T5607] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 622.568171][ T9602] 8021q: adding VLAN 0 to HW filter on device team0 [ 622.651132][ T5607] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 622.683534][ T5607] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 622.714121][ T5607] bridge0: port 1(bridge_slave_0) entered blocking state [ 622.721291][ T5607] bridge0: port 1(bridge_slave_0) entered forwarding state [ 622.746302][ T5607] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 622.766596][ T5607] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 622.794818][ T5607] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 622.812472][ T5607] bridge0: port 2(bridge_slave_1) entered blocking state [ 622.819705][ T5607] bridge0: port 2(bridge_slave_1) entered forwarding state [ 622.875457][ T5607] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 622.923000][ T5607] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 622.972237][ T5607] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 623.025316][ T5607] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 623.063823][ T5607] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 623.113921][ T5607] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 623.146698][ T9602] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 623.251912][ T9602] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 623.372314][ T5607] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 623.389903][ T5607] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 623.406525][ T5607] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 623.420482][ T5607] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 623.432732][ T5607] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 624.261244][ T1271] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.267632][ T1271] ieee802154 phy1 wpan1: encryption failed: -22 [ 624.348892][ T5607] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 624.535231][ T9716] loop3: detected capacity change from 0 to 4096 [ 624.587629][ T9716] ntfs: (device loop3): parse_options(): Unrecognized mount option disablÄsparse. [ 625.521043][ T9716] loop3: detected capacity change from 0 to 64 [ 626.222777][ T5607] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 626.255160][ T5607] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 626.405895][ T9602] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 626.732940][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 626.743357][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 626.773168][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 626.800357][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 626.843122][ T9602] device veth0_vlan entered promiscuous mode [ 626.858596][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 626.867235][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 626.895309][ T9602] device veth1_vlan entered promiscuous mode [ 627.229164][ T5607] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 627.248466][ T5607] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 628.426391][ T9602] device veth0_macvtap entered promiscuous mode [ 628.429769][ T9749] loop3: detected capacity change from 0 to 256 [ 628.468121][ T9749] exfat: Unknown parameter 'ÿÿÿÿÿÿÿÿ18446744073709551615ÿ0x0000000000000000' [ 628.483409][ T5607] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 628.502879][ T5607] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 628.522679][ T9602] device veth1_macvtap entered promiscuous mode [ 628.541482][ T5607] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 628.555240][ T3763] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 628.586104][ T9602] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 628.597155][ T9602] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 628.619202][ T9747] loop3: detected capacity change from 0 to 512 [ 628.625599][ T9602] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 628.644737][ T9602] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 628.670103][ T9602] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 628.697864][ T9602] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 628.727885][ T9602] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 628.738858][ T9602] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 628.750679][ T9602] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 628.767171][ T9742] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 628.775733][ T9742] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 628.806156][ T3763] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 628.837402][ T5607] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 628.857593][ T5607] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 628.889231][ T9602] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 628.967929][ T9602] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 629.024255][ T9602] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 629.045056][ T9602] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 629.074028][ T9602] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 629.086723][ T9602] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 629.098831][ T9602] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 629.111233][ T9602] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 629.124562][ T9602] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 629.134164][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 629.159588][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 629.173290][ T9602] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 629.182656][ T9602] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 629.193840][ T9602] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 629.204365][ T9602] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 629.432096][ T3836] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 629.461602][ T3836] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 629.501966][ T3722] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 629.573289][ T37] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 629.598470][ T37] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 629.632659][ T3722] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 629.737923][ T8547] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 629.988560][ T8547] usb 1-1: Using ep0 maxpacket: 32 [ 630.108080][ T8547] usb 1-1: config 0 has no interfaces? [ 630.148226][ T8541] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 630.179311][ T7085] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 630.268246][ T8547] usb 1-1: New USB device found, idVendor=1557, idProduct=8150, bcdDevice=29.ed [ 630.287158][ T8547] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 630.305684][ T8547] usb 1-1: Product: syz [ 630.310347][ T8547] usb 1-1: Manufacturer: syz [ 630.314967][ T8547] usb 1-1: SerialNumber: syz [ 630.337475][ T8547] usb 1-1: config 0 descriptor?? [ 630.397929][ T8541] usb 4-1: Using ep0 maxpacket: 8 [ 630.467906][ T8542] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 630.517912][ T8541] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 630.531742][ T8541] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 630.541887][ T8541] usb 4-1: New USB device found, idVendor=04e7, idProduct=0009, bcdDevice= 0.00 [ 630.551158][ T8541] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 630.588040][ T7085] usb 3-1: config 252 has an invalid interface number: 254 but max is 0 [ 630.588462][ T8541] usb 4-1: config 0 descriptor?? [ 630.607231][ T7085] usb 3-1: config 252 has no interface number 0 [ 630.613608][ T7085] usb 3-1: config 252 interface 254 has no altsetting 0 [ 630.777915][ T7085] usb 3-1: New USB device found, idVendor=057c, idProduct=2200, bcdDevice=46.29 [ 630.787222][ T7085] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 630.795377][ T7085] usb 3-1: Product: syz [ 630.803561][ T7085] usb 3-1: Manufacturer: syz [ 630.808316][ T7085] usb 3-1: SerialNumber: syz [ 630.827909][ T8542] usb 5-1: config 0 has no interfaces? [ 630.834254][ T8542] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 630.850422][ T7085] bfusb: probe of 3-1:252.254 failed with error -5 [ 630.850472][ T8542] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 630.890162][ T8542] usb 5-1: config 0 descriptor?? [ 631.059832][ T9775] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 631.069686][ T9775] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 631.085610][ T9775] device bond_slave_0 entered promiscuous mode [ 631.092448][ T9775] device bond_slave_1 entered promiscuous mode [ 631.104681][ T9775] device vlan2 entered promiscuous mode [ 631.110391][ T9775] device bond0 entered promiscuous mode [ 631.120379][ T8541] elo 0003:04E7:0009.0007: unknown main item tag 0x0 [ 631.127997][ T9775] device bond0 left promiscuous mode [ 631.131415][ T8541] elo 0003:04E7:0009.0007: unknown main item tag 0x0 [ 631.134314][ T9775] device bond_slave_0 left promiscuous mode [ 631.141364][ T8541] elo 0003:04E7:0009.0007: item fetching failed at offset 2/7 [ 631.146075][ T9775] device bond_slave_1 left promiscuous mode [ 631.160010][ T8541] elo 0003:04E7:0009.0007: parse failed [ 631.165648][ T8541] elo: probe of 0003:04E7:0009.0007 failed with error -22 [ 631.258471][ T7085] usb 3-1: USB disconnect, device number 9 [ 631.343542][ T3697] usb 4-1: USB disconnect, device number 7 [ 632.868702][ T3697] usb 1-1: USB disconnect, device number 10 [ 633.023824][ T9793] loop3: detected capacity change from 0 to 1024 [ 633.082635][ T9793] EXT4-fs: Ignoring removed nomblk_io_submit option [ 633.104837][ T8541] usb 5-1: USB disconnect, device number 8 [ 633.137198][ T9793] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 633.175180][ T9793] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e814e01c, mo2=0003] [ 633.193973][ T9793] System zones: 0-1, 3-36 [ 633.197609][ T9798] loop4: detected capacity change from 0 to 1024 [ 633.213280][ T9793] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 633.227978][ T7090] usb 3-1: new full-speed USB device number 10 using dummy_hcd [ 633.364295][ T9798] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 634.903512][ T7721] EXT4-fs (loop3): unmounting filesystem. [ 635.190086][ T7655] EXT4-fs (loop4): unmounting filesystem. [ 635.278230][ T7090] usb 3-1: config 1 interface 0 has no altsetting 0 [ 635.458139][ T7090] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 635.477512][ T7090] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 635.487623][ T7090] usb 3-1: Product: syz [ 635.493858][ T7090] usb 3-1: Manufacturer: syz [ 635.498862][ T7090] usb 3-1: SerialNumber: syz [ 636.926945][ T3658] Bluetooth: hci2: unexpected event for opcode 0x0c46 [ 636.983774][ T3658] Bluetooth: hci2: unexpected event 0x03 length: 16 > 11 [ 637.140440][ T7090] usblp 3-1:1.0: usblp0: USB Unidirectional printer dev 10 if 0 alt 253 proto 1 vid 0x0525 pid 0xA4A8 [ 637.542561][ T7090] usb 3-1: USB disconnect, device number 10 [ 637.578555][ T7090] usblp0: removed [ 637.934723][ T9816] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 637.942203][ T9816] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 639.770623][ T9846] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1230'. [ 642.997575][ T9880] device syzkaller0 entered promiscuous mode [ 643.031465][ T9884] syzkaller0: tun_chr_ioctl cmd 2147767520 [ 643.055376][ T8542] syzkaller0: tun_net_xmit 48 [ 643.149718][ T9889] loop2: detected capacity change from 0 to 512 [ 643.248285][ T9889] Quota error (device loop2): find_tree_dqentry: Cycle in quota tree detected: block 1 index 0 [ 643.313468][ T9889] Quota error (device loop2): qtree_read_dquot: Can't read quota structure for id 0 [ 643.335866][ T9889] EXT4-fs error (device loop2): ext4_acquire_dquot:6800: comm syz.2.1239: Failed to acquire dquot type 0 [ 644.468073][ T9889] EXT4-fs (loop2): Remounting filesystem read-only [ 644.476229][ T9889] EXT4-fs (loop2): 1 orphan inode deleted [ 644.522802][ T9889] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 644.582402][ T9889] ext4 filesystem being mounted at /6/file1 supports timestamps until 2038 (0x7fffffff) [ 645.458545][ T9916] loop4: detected capacity change from 0 to 64 [ 648.855532][ T9602] EXT4-fs (loop2): unmounting filesystem. [ 651.085456][ T9940] loop2: detected capacity change from 0 to 512 [ 651.128447][ T9940] EXT4-fs: Ignoring removed orlov option [ 651.172081][ T9940] EXT4-fs: Ignoring removed i_version option [ 651.760250][ T9940] EXT4-fs (loop2): 1 truncate cleaned up [ 651.766160][ T9940] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 652.150376][ T9602] EXT4-fs (loop2): unmounting filesystem. [ 653.170402][ T9961] loop4: detected capacity change from 0 to 128 [ 653.462149][ T9961] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256 [ 653.907003][ T9961] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 654.908886][ T3651] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 654.931170][ T3651] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 654.939845][ T3651] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 654.964562][ T3651] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 654.972769][ T3651] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 654.980961][ T3651] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 655.289150][ T3658] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 655.316636][ T3658] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 655.502719][ T9984] loop4: detected capacity change from 0 to 2048 [ 655.541411][ T3658] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 655.562447][ T3658] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 655.579690][ T3658] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 655.594149][ T3658] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 655.616464][ T9984] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 656.129265][ T26] audit: type=1326 audit(1728649333.555:182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9985 comm="syz.1.1264" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9b7a37dff9 code=0x0 [ 656.165711][ T9989] loop4: detected capacity change from 0 to 512 [ 656.260135][ T9989] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 656.274927][ T9989] ext4 filesystem being mounted at /107/file0 supports timestamps until 2038 (0x7fffffff) [ 656.520569][ T153] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 656.558748][ T9994] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 656.777771][ T153] usb 2-1: Using ep0 maxpacket: 8 [ 656.907912][ T153] usb 2-1: config index 0 descriptor too short (expected 5924, got 36) [ 656.916294][ T153] usb 2-1: config 250 has an invalid interface number: 228 but max is -1 [ 656.930868][ T153] usb 2-1: config 250 has 1 interface, different from the descriptor's value: 0 [ 656.941775][ T153] usb 2-1: config 250 has no interface number 0 [ 656.948407][ T153] usb 2-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024 [ 656.960436][ T153] usb 2-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024 [ 656.971116][ T153] usb 2-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 26 [ 656.981645][ T153] usb 2-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17 [ 656.996651][ T153] usb 2-1: config 250 interface 228 has no altsetting 0 [ 657.029449][ T3658] Bluetooth: hci5: command tx timeout [ 657.108911][ T7655] EXT4-fs (loop4): unmounting filesystem. [ 657.223130][ T153] usb 2-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07 [ 657.237576][ T153] usb 2-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59 [ 657.246464][ T153] usb 2-1: Product: syz [ 657.257227][ T153] usb 2-1: SerialNumber: syz [ 657.314556][ T153] hub 2-1:250.228: bad descriptor, ignoring hub [ 657.323434][ T153] hub: probe of 2-1:250.228 failed with error -5 [ 657.539452][ T153] usblp 2-1:250.228: usblp0: USB Bidirectional printer dev 7 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292 [ 657.828120][ T3658] Bluetooth: hci6: command tx timeout [ 657.865723][T10004] serio: Serial port ptm0 [ 657.987959][ C0] usblp0: nonzero read bulk status received: -71 [ 658.054486][T10002] device syzkaller0 entered promiscuous mode [ 658.060726][ T3693] usb 2-1: USB disconnect, device number 7 [ 658.090080][ T3693] usblp0: removed [ 658.260669][T10008] syzkaller0: tun_chr_ioctl cmd 2147767520 [ 658.266952][ T7085] syzkaller0: tun_net_xmit 48 [ 659.117885][ T3658] Bluetooth: hci5: command tx timeout [ 659.918113][ T3658] Bluetooth: hci6: command tx timeout [ 660.760228][T10033] vivid-002: disconnect [ 661.470188][T10030] vivid-002: reconnect [ 661.526352][ T3658] Bluetooth: hci5: command tx timeout [ 661.955412][T10040] loop4: detected capacity change from 0 to 8 [ 662.000139][ T3658] Bluetooth: hci6: command tx timeout [ 662.540620][ T7085] usb 5-1: new full-speed USB device number 9 using dummy_hcd [ 663.593754][ T3658] Bluetooth: hci5: command tx timeout [ 663.683844][ T7085] usb 5-1: not running at top speed; connect to a high speed hub [ 663.798126][ T7085] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 663.801568][ T3808] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 663.814819][ T7085] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 663.853997][ T9974] chnl_net:caif_netlink_parms(): no params data found [ 663.889637][ T9981] chnl_net:caif_netlink_parms(): no params data found [ 663.989458][ T3808] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 664.008151][ T7085] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 664.024968][ T7085] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 664.031554][ T26] audit: type=1326 audit(1728649341.455:183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10049 comm="syz.2.1279" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f83d937dff9 code=0x0 [ 664.045854][ T7085] usb 5-1: Product: à°š [ 664.059224][ T7085] usb 5-1: Manufacturer: 她蕋멳î ï¤‡Ø”ë›ê¦†ë—®é½”㗘మᆤ幽åŸïŠœîª£ïŸ¾ç€·î­¹ì¬Žë£±çª›í½é»±è¦îŒè½¤ã´“犂讯à£ä‰™ë…’ⶇ扚邆镻㢗濇蕃é혣☲밉庙랸袰৽夂憬芣ç¨å½•ë¹¬æ—Ÿê¹¿ê¦‡å©žã˜³à¯´îŠ‘ﺋ࣊绾鸓ᬪ哴s [ 664.082755][ T3658] Bluetooth: hci6: command tx timeout [ 664.088752][ T7085] usb 5-1: SerialNumber: 抡֨顼ì¼âƒ‰ê«ã§¨ã™˜Ü“슪ꀡ⚃⶟墔蓼༣鴾êšå„§í™³Ú‹ìª—鸎 [ 664.163206][ T3808] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 664.306043][ T3808] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 664.357980][ T9974] bridge0: port 1(bridge_slave_0) entered blocking state [ 664.365105][ T9974] bridge0: port 1(bridge_slave_0) entered disabled state [ 664.372394][ T8542] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 664.389410][ T9974] device bridge_slave_0 entered promiscuous mode [ 664.408911][T10040] SQUASHFS error: Failed to read block 0x260685: -5 [ 664.417317][T10040] SQUASHFS error: Unable to read metadata cache entry [260685] [ 664.429128][ T9981] bridge0: port 1(bridge_slave_0) entered blocking state [ 664.436257][ T9981] bridge0: port 1(bridge_slave_0) entered disabled state [ 664.450576][T10040] SQUASHFS error: Unable to read directory block [260685:0] [ 664.459578][ T9981] device bridge_slave_0 entered promiscuous mode [ 664.480327][ T9974] bridge0: port 2(bridge_slave_1) entered blocking state [ 664.487472][ T9974] bridge0: port 2(bridge_slave_1) entered disabled state [ 664.502663][ T9974] device bridge_slave_1 entered promiscuous mode [ 664.531138][T10060] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1277'. [ 664.544735][ T9981] bridge0: port 2(bridge_slave_1) entered blocking state [ 664.562961][ T9981] bridge0: port 2(bridge_slave_1) entered disabled state [ 664.573385][ T9981] device bridge_slave_1 entered promiscuous mode [ 664.614010][ T9974] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 664.635320][ T7085] usb 5-1: 0:2 : does not exist [ 664.638558][ T8542] usb 3-1: Using ep0 maxpacket: 8 [ 664.655919][ T7085] usb 5-1: USB disconnect, device number 9 [ 664.749914][ T9974] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 664.759605][ T8542] usb 3-1: config index 0 descriptor too short (expected 5924, got 36) [ 664.770216][ T8542] usb 3-1: config 250 has an invalid interface number: 228 but max is -1 [ 664.786823][ T8542] usb 3-1: config 250 has 1 interface, different from the descriptor's value: 0 [ 664.797014][ T8542] usb 3-1: config 250 has no interface number 0 [ 664.803396][ T8542] usb 3-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024 [ 664.815261][ T8542] usb 3-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024 [ 664.834417][ T8542] usb 3-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 26 [ 664.846193][ T8542] usb 3-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17 [ 664.868222][ T8542] usb 3-1: config 250 interface 228 has no altsetting 0 [ 664.923452][ T9981] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 664.986388][ T9974] team0: Port device team_slave_0 added [ 664.994817][ T9981] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 665.004363][ T8542] usb 3-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07 [ 665.017856][ T8542] usb 3-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59 [ 665.029437][ T9974] team0: Port device team_slave_1 added [ 665.043452][ T8542] usb 3-1: Product: syz [ 665.047918][ T8542] usb 3-1: SerialNumber: syz [ 665.089587][ T8542] hub 3-1:250.228: bad descriptor, ignoring hub [ 665.098001][ T8542] hub: probe of 3-1:250.228 failed with error -5 [ 665.150021][ T9974] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 665.157020][ T9974] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 665.267836][ T9974] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 665.300040][ T8542] usblp 3-1:250.228: usblp0: USB Bidirectional printer dev 11 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292 [ 665.388535][ T9981] team0: Port device team_slave_0 added [ 665.397041][ T9981] team0: Port device team_slave_1 added [ 666.007778][ C1] usblp0: nonzero read bulk status received: -71 [ 666.290732][ T7090] usb 3-1: USB disconnect, device number 11 [ 666.307584][ T9974] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 666.308528][ T7090] usblp0: removed [ 666.344637][ T9974] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 666.390992][T10075] x_tables: ip6_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 666.413325][ T9974] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 666.496688][ T9981] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 666.505346][ T9981] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 666.539803][ T9981] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 666.591603][ T9981] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 666.603493][ T9981] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 666.664163][ T9981] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 666.693414][ T9974] device hsr_slave_0 entered promiscuous mode [ 666.703187][ T9974] device hsr_slave_1 entered promiscuous mode [ 666.720326][ T9974] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 666.731631][ T9974] Cannot create hsr debugfs directory [ 666.999184][T10088] loop4: detected capacity change from 0 to 1024 [ 667.035355][ T9981] device hsr_slave_0 entered promiscuous mode [ 667.043736][ T9981] device hsr_slave_1 entered promiscuous mode [ 667.052386][ T9981] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 667.088134][ T9981] Cannot create hsr debugfs directory [ 667.876007][ C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 668.008494][T10100] vivid-004: disconnect [ 668.709229][T10094] vivid-004: reconnect [ 669.203374][ T9974] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 669.227833][ T7085] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 669.509548][ T9974] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 669.638092][ T7085] usb 5-1: Using ep0 maxpacket: 32 [ 670.398017][ T7085] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0 [ 670.422761][ T7085] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 0 [ 670.560870][ T9974] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 670.671796][ T3808] device hsr_slave_0 left promiscuous mode [ 670.681898][ T3808] device hsr_slave_1 left promiscuous mode [ 670.688567][ T7085] usb 5-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c [ 670.708274][ T7085] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 670.717095][ T7085] usb 5-1: Product: syz [ 670.727925][ T7085] usb 5-1: Manufacturer: syz [ 670.732599][ T7085] usb 5-1: SerialNumber: syz [ 670.755096][ T7085] usb 5-1: config 0 descriptor?? [ 670.778199][ T3808] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 670.785781][ T3808] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 670.817390][ T7085] hub 5-1:0.0: bad descriptor, ignoring hub [ 670.828548][ T7085] hub: probe of 5-1:0.0 failed with error -5 [ 670.869596][ T7085] input: syz syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input16 [ 670.907149][ T7085] usbtouchscreen 5-1:0.0: usbtouch_probe - usb_submit_urb failed with result: -90 [ 670.940550][ T3808] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 670.963163][ T3808] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 670.972646][ T7085] usbtouchscreen: probe of 5-1:0.0 failed with error -90 [ 670.980701][ T3808] device bridge_slave_1 left promiscuous mode [ 670.998042][ T3808] bridge0: port 2(bridge_slave_1) entered disabled state [ 671.039269][ T7085] usb 5-1: USB disconnect, device number 10 [ 671.099485][ T3808] device bridge_slave_0 left promiscuous mode [ 671.113429][ T3808] bridge0: port 1(bridge_slave_0) entered disabled state [ 671.178622][ T3808] device veth1_macvtap left promiscuous mode [ 671.184945][ T3808] device veth0_macvtap left promiscuous mode [ 671.216188][T10134] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1294'. [ 671.230246][ T3808] device veth1_vlan left promiscuous mode [ 671.242498][ T3808] device veth0_vlan left promiscuous mode [ 672.046060][ T3808] team0 (unregistering): Port device team_slave_1 removed [ 672.103473][ T3808] team0 (unregistering): Port device team_slave_0 removed [ 672.155387][ T3808] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 672.210468][ T3808] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 672.815818][ T3808] bond0 (unregistering): Released all slaves [ 672.930767][ T9974] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 673.210273][ T26] audit: type=1326 audit(1728649350.635:184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10144 comm="syz.4.1295" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3fc6b7dff9 code=0x0 [ 673.299985][ T9974] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 673.362669][ T9974] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 673.415342][ T9974] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 673.492229][ T9974] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 673.581786][ T3697] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 673.847877][ T3697] usb 5-1: Using ep0 maxpacket: 8 [ 673.888937][ T9974] 8021q: adding VLAN 0 to HW filter on device bond0 [ 673.921099][ T3927] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 673.933190][ T3927] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 673.955842][ T9974] 8021q: adding VLAN 0 to HW filter on device team0 [ 674.005178][ T3927] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 674.005765][ T3697] usb 5-1: config index 0 descriptor too short (expected 5924, got 36) [ 674.036888][ T3697] usb 5-1: config 250 has an invalid interface number: 228 but max is -1 [ 674.042439][ T3927] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 674.073630][ T3697] usb 5-1: config 250 has 1 interface, different from the descriptor's value: 0 [ 674.091027][ T3927] bridge0: port 1(bridge_slave_0) entered blocking state [ 674.098217][ T3927] bridge0: port 1(bridge_slave_0) entered forwarding state [ 674.103318][ T3697] usb 5-1: config 250 has no interface number 0 [ 674.138150][ T3697] usb 5-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024 [ 674.177848][ T3697] usb 5-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024 [ 674.208642][ T3697] usb 5-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 26 [ 674.257203][ T3697] usb 5-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17 [ 674.286822][ T3927] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 674.291047][ T3697] usb 5-1: config 250 interface 228 has no altsetting 0 [ 674.312546][ T3927] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 674.325156][T10176] loop2: detected capacity change from 0 to 512 [ 674.337234][T10176] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 674.355568][ T3927] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 674.366962][ T3927] bridge0: port 2(bridge_slave_1) entered blocking state [ 674.374146][ T3927] bridge0: port 2(bridge_slave_1) entered forwarding state [ 674.389659][ T3927] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 674.405149][ T3927] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 674.464303][ T3697] usb 5-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07 [ 674.500130][ T3927] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 674.511325][ T3927] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 674.520173][ T3927] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 674.531802][ T3927] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 674.541801][ T3927] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 674.586306][ T9974] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 674.629278][ T3693] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 674.646468][ T9974] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 674.657443][ T3697] usb 5-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59 [ 674.657472][ T3697] usb 5-1: Product: syz [ 674.657489][ T3697] usb 5-1: SerialNumber: syz [ 674.707413][ T3697] hub 5-1:250.228: bad descriptor, ignoring hub [ 674.707455][ T3927] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 674.723258][ T3697] hub: probe of 5-1:250.228 failed with error -5 [ 674.726912][ T3927] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 675.582172][ T3927] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 675.591139][ T3927] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 675.687989][ T3693] usb 2-1: Using ep0 maxpacket: 32 [ 675.715127][T10180] loop2: detected capacity change from 0 to 40427 [ 675.739938][ T3697] usblp 5-1:250.228: usblp0: USB Bidirectional printer dev 11 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292 [ 675.756926][T10180] F2FS-fs (loop2): Unrecognized mount option "errore" or missing value [ 675.769569][ T3927] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 675.807907][ T3693] usb 2-1: config 0 has no interfaces? [ 676.016200][ T9981] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 676.039421][ T3693] usb 2-1: New USB device found, idVendor=1557, idProduct=8150, bcdDevice=29.ed [ 676.052728][ T3693] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 676.067283][ T3693] usb 2-1: Product: syz [ 676.072494][ T3693] usb 2-1: Manufacturer: syz [ 676.077117][ T3693] usb 2-1: SerialNumber: syz [ 676.087003][ T3693] usb 2-1: config 0 descriptor?? [ 676.137871][ C0] usblp0: nonzero read bulk status received: -71 [ 676.216015][ T9981] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 676.247314][ T9981] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 676.287565][T10188] loop2: detected capacity change from 0 to 128 [ 676.292914][ T9981] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 676.303750][ T3698] usb 5-1: USB disconnect, device number 11 [ 676.327191][ T3698] usblp0: removed [ 676.931638][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 676.950836][ T56] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 677.012556][ T9974] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 677.124994][ T3927] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 677.140568][ T3927] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 677.199451][T10194] loop2: detected capacity change from 0 to 512 [ 677.283260][T10194] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 677.292776][T10194] ext4 filesystem being mounted at /20/file0 supports timestamps until 2038 (0x7fffffff) [ 677.348477][ T3722] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 677.360603][ T3722] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 677.427318][ T3722] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 677.441607][ T3722] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 677.470533][ T9974] device veth0_vlan entered promiscuous mode [ 677.611424][ T3693] usb 2-1: USB disconnect, device number 8 [ 677.671397][ T9602] EXT4-fs (loop2): unmounting filesystem. [ 677.726454][ T9974] device veth1_vlan entered promiscuous mode [ 678.576068][ T9981] 8021q: adding VLAN 0 to HW filter on device bond0 [ 678.664418][ T3808] device hsr_slave_0 left promiscuous mode [ 678.675922][ T3808] device hsr_slave_1 left promiscuous mode [ 678.706328][T10219] loop4: detected capacity change from 0 to 512 [ 678.757159][ T3808] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 678.784077][ T3808] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 678.813251][ T3808] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 678.837933][ T3808] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 678.868743][ T3808] device bridge_slave_1 left promiscuous mode [ 678.875009][ T3808] bridge0: port 2(bridge_slave_1) entered disabled state [ 678.905024][ T3808] device bridge_slave_0 left promiscuous mode [ 678.919213][ T3808] bridge0: port 1(bridge_slave_0) entered disabled state [ 679.056516][ T3808] device veth1_macvtap left promiscuous mode [ 679.084337][ T3808] device veth0_macvtap left promiscuous mode [ 679.091248][ T3808] device veth1_vlan left promiscuous mode [ 679.097101][ T3808] device veth0_vlan left promiscuous mode [ 679.111472][T10219] EXT4-fs (loop4): Test dummy encryption mode enabled [ 679.153401][T10219] EXT4-fs (loop4): 1 truncate cleaned up [ 679.168310][T10219] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 679.936417][ T7655] EXT4-fs (loop4): unmounting filesystem. [ 680.245560][T10238] overlayfs: option "workdir=./file1" is useless in a non-upper mount, ignore [ 680.290446][T10238] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 681.204348][T10244] loop4: detected capacity change from 0 to 1024 [ 681.265816][T10244] hfsplus: unable to parse mount options [ 681.425834][T10244] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 681.470189][T10244] kvm: pic: non byte read [ 681.490051][T10244] kvm: pic: level sensitive irq not supported [ 681.490229][T10244] kvm: pic: non byte read [ 681.522248][T10244] kvm: pic: level sensitive irq not supported [ 681.526150][T10244] kvm: pic: non byte read [ 681.548289][T10244] kvm: pic: level sensitive irq not supported [ 681.548363][T10244] kvm: pic: non byte read [ 682.913440][ T3808] team0 (unregistering): Port device team_slave_1 removed [ 683.008202][ T3808] team0 (unregistering): Port device team_slave_0 removed [ 683.077823][ T8543] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 683.136711][ T3808] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 683.216008][ T3808] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 683.335592][ T8543] usb 5-1: Using ep0 maxpacket: 32 [ 683.466434][ T8543] usb 5-1: config 0 has no interfaces? [ 683.633019][ T8543] usb 5-1: New USB device found, idVendor=1557, idProduct=8150, bcdDevice=29.ed [ 683.642358][ T8543] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 683.650480][ T8543] usb 5-1: Product: syz [ 683.654657][ T8543] usb 5-1: Manufacturer: syz [ 683.659378][ T8543] usb 5-1: SerialNumber: syz [ 683.665535][ T8543] usb 5-1: config 0 descriptor?? [ 683.920396][ T7093] usb 5-1: USB disconnect, device number 12 [ 683.958997][ T3808] bond0 (unregistering): Released all slaves [ 684.071893][ T3927] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 684.086466][ T3927] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 684.137847][ T9981] 8021q: adding VLAN 0 to HW filter on device team0 [ 684.158112][ T3927] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 684.168904][ T3927] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 684.223107][ T9974] device veth0_macvtap entered promiscuous mode [ 684.243011][ T3750] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 684.274150][ T3750] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 684.312606][ T3750] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 684.335056][ T9974] device veth1_macvtap entered promiscuous mode [ 684.358048][ T3927] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 684.366373][ T3927] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 684.398933][ T3927] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 684.423842][ T3927] bridge0: port 1(bridge_slave_0) entered blocking state [ 684.431041][ T3927] bridge0: port 1(bridge_slave_0) entered forwarding state [ 684.569412][T10269] device syzkaller0 entered promiscuous mode [ 684.780991][ T3927] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 684.818982][ T3927] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 684.838964][ T3927] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 684.856656][ T3927] bridge0: port 2(bridge_slave_1) entered blocking state [ 684.864084][ T3927] bridge0: port 2(bridge_slave_1) entered forwarding state [ 685.236720][ T3927] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 685.381504][ T3927] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 685.718833][ T1271] ieee802154 phy0 wpan0: encryption failed: -22 [ 685.725180][ T1271] ieee802154 phy1 wpan1: encryption failed: -22 [ 685.868782][ T8547] syzkaller0: tun_net_xmit 48 [ 688.839001][ T3750] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 688.848999][ T3750] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 688.869973][ T9974] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 688.881300][ T9974] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 688.892245][ T9974] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 688.904226][ T9974] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 688.914550][ T9974] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 688.932960][ T9974] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 688.947440][ T9974] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 688.980640][ T3750] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 688.993275][ T3750] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 689.040846][ T3750] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 689.059264][ T3750] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 689.074055][ T3750] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 689.083061][ T3750] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 689.098984][ T3750] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 689.161490][ T9981] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 689.180112][ T9981] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 689.198391][ T9974] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 689.216475][ T9974] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 689.227021][ T9974] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 689.243668][ T9974] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 689.254867][ T9974] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 689.286684][ T9974] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 689.308896][ T9974] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 689.321377][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 689.340545][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 689.438418][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 689.484524][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 690.121258][ T9974] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 690.197867][ T9974] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 690.256110][ T9974] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 690.289633][ T9974] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 691.607448][ C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 692.060606][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 692.103262][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 692.213440][ T3750] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 692.269896][T10368] loop2: detected capacity change from 0 to 512 [ 692.321933][ T9981] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 692.353539][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 692.365323][T10368] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 692.372268][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 692.374971][T10368] ext4 filesystem being mounted at /30/file0 supports timestamps until 2038 (0x7fffffff) [ 692.452138][ T3808] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 692.482330][ T3808] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 692.513802][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 692.529249][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 692.557282][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 692.859121][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 693.057258][ T9602] EXT4-fs (loop2): unmounting filesystem. [ 693.237159][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 693.317370][ T9981] device veth0_vlan entered promiscuous mode [ 693.413992][ T9981] device veth1_vlan entered promiscuous mode [ 693.549060][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 693.570184][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 693.669896][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 693.865832][ T3658] Bluetooth: hci4: command 0x0406 tx timeout [ 694.818602][ T9981] device veth0_macvtap entered promiscuous mode [ 694.920333][ T9981] device veth1_macvtap entered promiscuous mode [ 695.058696][ T5607] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 695.095253][ T5607] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 695.119136][ T5607] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 695.155440][ T5607] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 695.184207][ T9981] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 695.214439][ T9981] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 695.242309][ T9981] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 695.295014][ T9981] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 695.328338][ T9981] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 695.374858][ T9981] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 695.405409][ T9981] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 695.436734][ T9981] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 695.454944][ T9981] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 695.473662][ T5607] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 695.494276][ T5607] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 695.529808][ T9981] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 695.567785][ T9981] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 695.593039][ T9981] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 695.619745][ T9981] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 695.660149][ T9981] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 695.690497][ T9981] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 695.727871][ T9981] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 695.767814][ T9981] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 695.793411][ T9981] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 695.808331][T10383] loop2: detected capacity change from 0 to 32768 [ 695.817417][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 695.829995][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 695.889515][T10383] (syz.2.1332,10383,0):ocfs2_parse_options:1458 ERROR: Invalid heartbeat mount options [ 695.900758][T10383] (syz.2.1332,10383,0):ocfs2_fill_super:1176 ERROR: status = -22 [ 695.914361][ T9981] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 695.931086][ T9981] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 695.955861][ T9981] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 695.971657][ T9981] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 696.190028][ T56] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 696.206777][ T56] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 696.284805][ T3808] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 696.303491][ T3808] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 696.327351][ T3808] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 696.347983][ T5607] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 696.787257][T10424] loop2: detected capacity change from 0 to 1024 [ 698.858468][T10441] loop2: detected capacity change from 0 to 2048 [ 698.918504][T10441] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 699.098420][ T26] audit: type=1800 audit(1728649376.505:185): pid=10441 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1351" name="bus" dev="loop2" ino=1367 res=0 errno=0 [ 702.884678][T10467] netlink: 5 bytes leftover after parsing attributes in process `syz.1.1349'. [ 703.548500][T10471] loop4: detected capacity change from 0 to 4096 [ 703.685236][T10478] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 703.820089][T10482] loop3: detected capacity change from 0 to 512 [ 703.925936][T10482] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: comm syz.3.1354: inode #1: comm syz.3.1354: iget: illegal inode # [ 704.104679][T10482] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz.3.1354: error while reading EA inode 1 err=-117 [ 704.673841][T10482] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: comm syz.3.1354: inode #1: comm syz.3.1354: iget: illegal inode # [ 704.844342][T10471] syz.4.1361 (10471) used greatest stack depth: 17184 bytes left [ 705.169043][ T8543] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 705.206075][T10482] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz.3.1354: error while reading EA inode 1 err=-117 [ 705.233698][T10482] EXT4-fs (loop3): 1 orphan inode deleted [ 705.921254][T10482] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 707.137921][ T8543] usb 2-1: device descriptor read/all, error -71 [ 707.288870][ T9974] EXT4-fs (loop3): unmounting filesystem. [ 709.504787][T10546] loop2: detected capacity change from 0 to 1024 [ 710.466034][T10564] Driver unsupported XDP return value 0 on prog (id 371) dev N/A, expect packet loss! [ 710.968875][T10573] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1377'. [ 711.040935][T10573] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1377'. [ 713.429223][ T3651] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 713.438756][ T3651] Bluetooth: hci3: Injecting HCI hardware error event [ 713.457194][ T3658] Bluetooth: hci3: hardware error 0x00 [ 713.994575][T10606] loop2: detected capacity change from 0 to 512 [ 714.034432][T10606] EXT4-fs (loop2): Test dummy encryption mode enabled [ 714.096346][T10606] EXT4-fs (loop2): 1 truncate cleaned up [ 714.115726][T10606] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 715.652631][T10608] EXT4-fs error (device loop2): ext4_validate_block_bitmap:429: comm ext4lazyinit: bg 0: block 7: invalid block bitmap [ 715.678049][ T3658] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 716.215551][T10619] netlink: 'syz.0.1387': attribute type 4 has an invalid length. [ 717.170983][T10621] device syz_tun entered promiscuous mode [ 717.222601][T10621] device batadv_slave_0 entered promiscuous mode [ 717.237629][ T9602] EXT4-fs (loop2): unmounting filesystem. [ 718.823648][T10622] loop3: detected capacity change from 0 to 4096 [ 718.831604][T10622] ntfs: (device loop3): parse_ntfs_boot_sector(): Mft record size (8192) exceeds the PAGE_SIZE on your system (4096). This is not supported. Sorry. [ 718.847244][T10622] ntfs: (device loop3): ntfs_fill_super(): Unsupported NTFS filesystem. [ 718.997667][T10642] loop4: detected capacity change from 0 to 2048 [ 720.450101][ T3763] I/O error, dev loop3, sector 3968 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 720.611125][T10642] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 720.654957][ T26] audit: type=1800 audit(1728649398.075:186): pid=10641 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1392" name="bus" dev="loop4" ino=1367 res=0 errno=0 [ 724.028370][T10664] Cannot find set identified by id 0 to match [ 724.499435][T10661] loop3: detected capacity change from 0 to 1024 [ 724.546082][T10661] EXT4-fs: Ignoring removed nobh option [ 724.677501][T10661] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 725.756273][ T9974] EXT4-fs (loop3): unmounting filesystem. [ 726.082190][T10695] loop3: detected capacity change from 0 to 1024 [ 726.259377][ T9974] hfsplus: walked past end of dir [ 726.273366][ T8542] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 728.380279][ T9974] hfsplus: xattr search failed [ 728.418234][ T8542] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 728.444499][ T8542] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 728.473698][ T8542] usb 5-1: New USB device found, idVendor=056a, idProduct=0016, bcdDevice= 0.00 [ 728.512314][ T8542] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 728.560631][ T8542] usb 5-1: config 0 descriptor?? [ 729.934105][T10693] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1408'. [ 730.032935][T10693] loop4: detected capacity change from 0 to 256 [ 730.108703][ T3763] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 730.132334][ T8542] wacom 0003:056A:0016.0008: Unknown device_type for 'HID 056a:0016'. Assuming pen. [ 730.162529][T10725] loop3: detected capacity change from 0 to 128 [ 730.194214][ T8542] wacom 0003:056A:0016.0008: hidraw0: USB HID v0.00 Device [HID 056a:0016] on usb-dummy_hcd.4-1/input0 [ 730.331178][T10725] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 730.343311][ T8542] input: Wacom Graphire4 6x8 Pen as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:056A:0016.0008/input/input17 [ 730.399803][T10725] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 730.443624][T10727] netpci0: tun_chr_ioctl cmd 1074025677 [ 730.447489][ T8542] usb 5-1: USB disconnect, device number 13 [ 730.462470][T10727] netpci0: linktype set to 805 [ 731.800947][T10740] loop4: detected capacity change from 0 to 512 [ 731.846254][T10740] EXT4-fs error (device loop4): ext4_xattr_inode_iget:404: comm syz.4.1422: inode #1: comm syz.4.1422: iget: illegal inode # [ 731.875574][T10740] EXT4-fs error (device loop4): ext4_xattr_inode_iget:409: comm syz.4.1422: error while reading EA inode 1 err=-117 [ 731.894529][T10740] EXT4-fs error (device loop4): ext4_xattr_inode_iget:404: comm syz.4.1422: inode #1: comm syz.4.1422: iget: illegal inode # [ 731.915805][T10740] EXT4-fs error (device loop4): ext4_xattr_inode_iget:409: comm syz.4.1422: error while reading EA inode 1 err=-117 [ 731.942074][T10740] EXT4-fs (loop4): 1 orphan inode deleted [ 732.139955][T10740] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 732.279828][T10752] dns_resolver: Unsupported server list version (255) [ 734.337290][ T7655] EXT4-fs (loop4): unmounting filesystem. [ 734.435919][T10763] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1427'. [ 734.524486][T10763] device vlan2 entered promiscuous mode [ 734.547788][T10763] device wlan0 entered promiscuous mode [ 734.594684][T10763] device wlan0 left promiscuous mode [ 735.038123][ T8541] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 735.287827][ T8541] usb 5-1: Using ep0 maxpacket: 16 [ 735.407911][ T8541] usb 5-1: New USB device found, idVendor=0582, idProduct=007d, bcdDevice=a3.85 [ 735.432885][ T8541] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 735.483970][ T8541] usb 5-1: config 0 descriptor?? [ 735.557215][ T8541] usb 5-1: interface 1 not found [ 735.859059][T10378] usb 5-1: USB disconnect, device number 14 [ 737.143735][T10791] loop2: detected capacity change from 0 to 1024 [ 737.262670][T10791] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 737.301964][T10791] ext4 filesystem being mounted at /57/file1 supports timestamps until 2038 (0x7fffffff) [ 737.397823][ T8542] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 737.542785][T10791] xt_CT: No such helper "netbios-ns" [ 737.603108][ T9602] EXT4-fs (loop2): unmounting filesystem. [ 737.668021][ T8542] usb 5-1: Using ep0 maxpacket: 16 [ 737.794495][ T8542] usb 5-1: config 0 has no interfaces? [ 737.800306][ T8542] usb 5-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.40 [ 737.871480][T10809] Cannot find del_set index 0 as target [ 737.898411][ T8542] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 738.103191][ T8542] usb 5-1: config 0 descriptor?? [ 739.629275][T10817] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 739.646600][T10816] loop3: detected capacity change from 0 to 1024 [ 739.680988][T10817] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 739.708753][T10816] hfsplus: unable to parse mount options [ 741.969549][ T26] audit: type=1326 audit(1728649417.555:187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10823 comm="syz.2.1442" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f83d937dff9 code=0x7ffc0000 [ 742.233647][ T26] audit: type=1326 audit(1728649417.555:188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10823 comm="syz.2.1442" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f83d937dff9 code=0x7ffc0000 [ 742.348658][T10813] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 742.426779][T10813] kvm: pic: non byte read [ 742.451142][ T26] audit: type=1326 audit(1728649417.575:189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10823 comm="syz.2.1442" exe="/root/syz-executor" sig=0 arch=c000003e syscall=274 compat=0 ip=0x7f83d937dff9 code=0x7ffc0000 [ 742.478095][T10813] kvm: pic: level sensitive irq not supported [ 742.479165][T10813] kvm: pic: non byte read [ 742.518167][T10813] kvm: pic: level sensitive irq not supported [ 742.518241][T10813] kvm: pic: non byte read [ 742.531012][T10813] kvm: pic: level sensitive irq not supported [ 742.531180][T10813] kvm: pic: non byte read [ 742.587835][ T26] audit: type=1326 audit(1728649417.575:190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10823 comm="syz.2.1442" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f83d937dff9 code=0x7ffc0000 [ 742.633425][ T26] audit: type=1326 audit(1728649417.575:191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10823 comm="syz.2.1442" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f83d937dff9 code=0x7ffc0000 [ 742.827040][T10378] usb 5-1: USB disconnect, device number 15 [ 743.087953][ T8543] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 743.969075][ T8543] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 743.980985][ T8543] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 743.991643][ T8543] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 744.005018][ T8543] usb 2-1: New USB device found, idVendor=046d, idProduct=c293, bcdDevice= 0.00 [ 744.014451][ T8543] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 744.032252][ T8543] usb 2-1: config 0 descriptor?? [ 744.516777][T10848] loop4: detected capacity change from 0 to 512 [ 744.540134][ T8543] logitech 0003:046D:C293.0009: item fetching failed at offset 5/7 [ 744.550107][T10848] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 744.582675][T10848] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 744.652229][T10848] EXT4-fs (loop4): DAX unsupported by block device. [ 744.719508][T10863] (syz.2.1451,10863,1):ocfs2_fill_super:990 ERROR: superblock probe failed! [ 744.728474][T10863] (syz.2.1451,10863,1):ocfs2_fill_super:1176 ERROR: status = -22 [ 745.273999][ T8543] logitech 0003:046D:C293.0009: parse failed [ 745.280648][ T8543] logitech: probe of 0003:046D:C293.0009 failed with error -22 [ 745.333795][ T153] usb 2-1: USB disconnect, device number 11 [ 745.747974][ T3651] Bluetooth: hci2: command 0x0c1a tx timeout [ 746.077884][ T153] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 746.340414][ T153] usb 5-1: Using ep0 maxpacket: 8 [ 747.109695][ T1271] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.116503][ T1271] ieee802154 phy1 wpan1: encryption failed: -22 [ 748.057771][T10894] loop2: detected capacity change from 0 to 64 [ 748.082316][T10894] hfs: unable to parse mount options [ 748.095743][ T153] usb 5-1: New USB device found, idVendor=2040, idProduct=2950, bcdDevice=85.f1 [ 748.143274][ T153] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 748.157016][ T153] usb 5-1: Product: syz [ 748.295474][ T153] usb 5-1: Manufacturer: syz [ 748.300642][ T153] usb 5-1: SerialNumber: syz [ 748.314782][ T3763] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 748.341040][ T153] usb 5-1: config 0 descriptor?? [ 748.395078][ T153] pvrusb2: Hardware description: WinTV PVR USB2 Model 29xxx [ 748.547895][ T7093] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 748.789664][ T153] usb 5-1: USB disconnect, device number 16 [ 748.805268][ T2039] usb 5-1: Direct firmware load for v4l-pvrusb2-29xxx-01.fw failed with error -2 [ 748.820307][ T2039] usb 5-1: Falling back to sysfs fallback for: v4l-pvrusb2-29xxx-01.fw [ 750.547848][ T7093] usb 1-1: Using ep0 maxpacket: 16 [ 750.628063][ T7093] usb 1-1: device descriptor read/all, error -71 [ 750.847218][ T8543] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 751.168241][ T8543] usb 4-1: Using ep0 maxpacket: 32 [ 751.225313][T10911] loop2: detected capacity change from 0 to 1024 [ 751.288504][ T8543] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 751.401842][ T3759] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 751.472713][T10908] ebt_among: dst integrity fail: 101 [ 751.558397][ T8543] usb 4-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 751.580820][ T8543] usb 4-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 751.617941][ T8543] usb 4-1: Product: syz [ 751.622167][ T8543] usb 4-1: Manufacturer: syz [ 751.626794][ T8543] usb 4-1: SerialNumber: syz [ 751.809559][ T8543] usb 4-1: config 0 descriptor?? [ 751.939858][T10918] loop2: detected capacity change from 0 to 164 [ 752.729158][ T8543] usb 4-1: can't set config #0, error -71 [ 752.757989][ T8543] usb 4-1: USB disconnect, device number 8 [ 756.718350][ T7087] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 757.481831][T10965] loop2: detected capacity change from 0 to 1024 [ 757.526896][T10965] hfsplus: unable to parse mount options [ 757.562339][T10968] loop3: detected capacity change from 0 to 512 [ 757.620965][T10959] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 757.634838][T10968] EXT4-fs (loop3): Unsupported encryption level 9 [ 757.682272][T10959] kvm: pic: non byte read [ 757.707844][ T7087] usb 2-1: Using ep0 maxpacket: 16 [ 757.754787][T10959] kvm: pic: level sensitive irq not supported [ 757.755219][T10959] kvm: pic: non byte read [ 757.784590][T10959] kvm: pic: level sensitive irq not supported [ 757.784989][T10959] kvm: pic: non byte read [ 757.787774][T10967] loop3: detected capacity change from 0 to 256 [ 757.800201][T10959] kvm: pic: level sensitive irq not supported [ 757.816188][T10959] kvm: pic: non byte read [ 757.828597][T10967] exfat: Unknown parameter 'ÿÿÿÿÿÿÿÿ18446744073709551615ÿ0x0000000000000000' [ 757.903699][ T7087] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 757.917601][T10967] loop3: detected capacity change from 0 to 512 [ 757.964368][ T7087] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 758.015585][ T3759] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 758.168601][ T7087] usb 2-1: New USB device found, idVendor=1286, idProduct=2046, bcdDevice=b4.5b [ 758.810225][ T7087] usb 2-1: New USB device strings: Mfr=1, Product=130, SerialNumber=3 [ 758.854977][ T7087] usb 2-1: Product: syz [ 758.884742][ T7087] usb 2-1: Manufacturer: syz [ 758.907079][ T7087] usb 2-1: SerialNumber: syz [ 758.958527][ T7087] usb 2-1: config 0 descriptor?? [ 759.970698][ T7087] usb 2-1: NFC: intf ffff88805979b000 id ffffffff8dbdc6e0 [ 760.075257][ T7087] usb 2-1: USB disconnect, device number 12 [ 760.545233][ T3651] Bluetooth: hci4: unexpected event 0x09 length: 13 > 3 [ 760.621125][T10985] device pim6reg1 entered promiscuous mode [ 761.040170][T10378] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 761.804924][T10999] xt_bpf: check failed: parse error [ 762.808365][T10378] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 762.856814][T10378] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 762.869434][T10378] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 762.892113][T10378] usb 4-1: New USB device found, idVendor=046d, idProduct=c293, bcdDevice= 0.00 [ 762.909558][T11005] [ 762.911919][T11005] ===================================================== [ 762.918839][T11005] WARNING: SOFTIRQ-READ-safe -> SOFTIRQ-READ-unsafe lock order detected [ 762.927156][T11005] 6.1.112-syzkaller #0 Not tainted [ 762.932254][T11005] ----------------------------------------------------- [ 762.939190][T11005] syz.0.1493/11005 [HC0[0]:SC0[4]:HE1:SE0] is trying to acquire: [ 762.946895][T11005] ffff88806583c1e0 (&pch->downl){+.+.}-{2:2}, at: ppp_push+0xf3/0x1310 [ 762.955177][T11005] [ 762.955177][T11005] and this task is already holding: [ 762.962561][T11005] ffff88806248ce10 (&ppp->wlock){+...}-{2:2}, at: __ppp_xmit_process+0x92/0x19a0 [ 762.971700][T11005] which would create a new lock dependency: [ 762.977577][T11005] (&ppp->wlock){+...}-{2:2} -> (&pch->downl){+.+.}-{2:2} [ 762.984799][T11005] [ 762.984799][T11005] but this new dependency connects a SOFTIRQ-READ-irq-safe lock: [ 762.994667][T11005] (&pch->upl){++.-}-{2:2} [ 762.994687][T11005] [ 762.994687][T11005] ... which became SOFTIRQ-READ-irq-safe at: [ 763.007228][T11005] lock_acquire+0x1f8/0x5a0 [ 763.011821][T11005] _raw_read_lock_bh+0x39/0x50 [ 763.016692][T11005] ppp_input_error+0x5c/0x1a0 [ 763.021443][T11005] ppp_sync_process+0x86/0x170 [ 763.026303][T11005] tasklet_action_common+0x3cb/0x4a0 [ 763.031668][T11005] handle_softirqs+0x2ee/0xa40 [ 763.036519][T11005] run_ksoftirqd+0xc6/0x120 [ 763.041112][T11005] smpboot_thread_fn+0x52c/0xa30 [ 763.046137][T11005] kthread+0x28d/0x320 [ 763.050307][T11005] ret_from_fork+0x1f/0x30 [ 763.054835][T11005] [ 763.054835][T11005] to a SOFTIRQ-READ-irq-unsafe lock: [ 763.062289][T11005] (&pch->downl){+.+.}-{2:2} [ 763.062313][T11005] [ 763.062313][T11005] ... which became SOFTIRQ-READ-irq-unsafe at: [ 763.075196][T11005] ... [ 763.075202][T11005] lock_acquire+0x1f8/0x5a0 [ 763.082372][T11005] _raw_spin_lock+0x2a/0x40 [ 763.086979][T11005] ppp_input+0x185/0xa00 [ 763.091317][T11005] pppoe_rcv_core+0x112/0x300 [ 763.096070][T11005] __release_sock+0x198/0x4b0 [ 763.100851][T11005] release_sock+0x5d/0x1c0 [ 763.105345][T11005] pppoe_sendmsg+0xd1/0x740 [ 763.109931][T11005] ____sys_sendmsg+0x5a5/0x8f0 [ 763.114768][T11005] __sys_sendmmsg+0x3ab/0x730 [ 763.119548][T11005] __x64_sys_sendmmsg+0x9c/0xb0 [ 763.124489][T11005] do_syscall_64+0x3b/0xb0 [ 763.129015][T11005] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 763.135007][T11005] [ 763.135007][T11005] other info that might help us debug this: [ 763.135007][T11005] [ 763.145240][T11005] Chain exists of: [ 763.145240][T11005] &pch->upl --> &ppp->wlock --> &pch->downl [ 763.145240][T11005] [ 763.157047][T11005] Possible interrupt unsafe locking scenario: [ 763.157047][T11005] [ 763.165441][T11005] CPU0 CPU1 [ 763.170794][T11005] ---- ---- [ 763.176176][T11005] lock(&pch->downl); [ 763.180251][T11005] local_irq_disable(); [ 763.187006][T11005] lock(&pch->upl); [ 763.193406][T11005] lock(&ppp->wlock); [ 763.199978][T11005] [ 763.203448][T11005] lock(&pch->upl); [ 763.207505][T11005] [ 763.207505][T11005] *** DEADLOCK *** [ 763.207505][T11005] [ 763.215638][T11005] 1 lock held by syz.0.1493/11005: [ 763.220734][T11005] #0: ffff88806248ce10 (&ppp->wlock){+...}-{2:2}, at: __ppp_xmit_process+0x92/0x19a0 [ 763.230306][T11005] [ 763.230306][T11005] the dependencies between SOFTIRQ-READ-irq-safe lock and the holding lock: [ 763.241139][T11005] -> (&pch->upl){++.-}-{2:2} { [ 763.245991][T11005] HARDIRQ-ON-W at: [ 763.250044][T11005] lock_acquire+0x1f8/0x5a0 [ 763.256369][T11005] _raw_write_lock_bh+0x31/0x40 [ 763.263035][T11005] ppp_disconnect_channel+0x2f/0x2d0 [ 763.270144][T11005] ppp_unregister_channel+0xb5/0x2f0 [ 763.277259][T11005] ppp_asynctty_close+0xed/0x180 [ 763.284026][T11005] tty_ldisc_kill+0xa6/0x1a0 [ 763.290454][T11005] tty_ldisc_release+0x19d/0x200 [ 763.297216][T11005] tty_release_struct+0x27/0xd0 [ 763.303880][T11005] tty_release+0xcfb/0x12a0 [ 763.310193][T11005] __fput+0x3f6/0x8d0 [ 763.315991][T11005] task_work_run+0x246/0x300 [ 763.322401][T11005] exit_to_user_mode_loop+0xde/0x100 [ 763.329522][T11005] exit_to_user_mode_prepare+0xb1/0x140 [ 763.336882][T11005] syscall_exit_to_user_mode+0x60/0x270 [ 763.344246][T11005] do_syscall_64+0x47/0xb0 [ 763.350477][T11005] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 763.358225][T11005] HARDIRQ-ON-R at: [ 763.362290][T11005] lock_acquire+0x1f8/0x5a0 [ 763.368618][T11005] _raw_read_lock_bh+0x39/0x50 [ 763.375215][T11005] ppp_input_error+0x5c/0x1a0 [ 763.381722][T11005] ppp_sync_process+0x86/0x170 [ 763.388308][T11005] tasklet_action_common+0x3cb/0x4a0 [ 763.395406][T11005] handle_softirqs+0x2ee/0xa40 [ 763.401996][T11005] run_ksoftirqd+0xc6/0x120 [ 763.408356][T11005] smpboot_thread_fn+0x52c/0xa30 [ 763.415127][T11005] kthread+0x28d/0x320 [ 763.421006][T11005] ret_from_fork+0x1f/0x30 [ 763.427278][T11005] IN-SOFTIRQ-R at: [ 763.431351][T11005] lock_acquire+0x1f8/0x5a0 [ 763.437687][T11005] _raw_read_lock_bh+0x39/0x50 [ 763.444278][T11005] ppp_input_error+0x5c/0x1a0 [ 763.450767][T11005] ppp_sync_process+0x86/0x170 [ 763.457355][T11005] tasklet_action_common+0x3cb/0x4a0 [ 763.464453][T11005] handle_softirqs+0x2ee/0xa40 [ 763.471070][T11005] run_ksoftirqd+0xc6/0x120 [ 763.477381][T11005] smpboot_thread_fn+0x52c/0xa30 [ 763.484135][T11005] kthread+0x28d/0x320 [ 763.490014][T11005] ret_from_fork+0x1f/0x30 [ 763.496283][T11005] INITIAL USE at: [ 763.500249][T11005] lock_acquire+0x1f8/0x5a0 [ 763.506506][T11005] _raw_write_lock_bh+0x31/0x40 [ 763.513089][T11005] ppp_disconnect_channel+0x2f/0x2d0 [ 763.520104][T11005] ppp_unregister_channel+0xb5/0x2f0 [ 763.527215][T11005] ppp_asynctty_close+0xed/0x180 [ 763.533892][T11005] tty_ldisc_kill+0xa6/0x1a0 [ 763.540238][T11005] tty_ldisc_release+0x19d/0x200 [ 763.546935][T11005] tty_release_struct+0x27/0xd0 [ 763.553545][T11005] tty_release+0xcfb/0x12a0 [ 763.559808][T11005] __fput+0x3f6/0x8d0 [ 763.565525][T11005] task_work_run+0x246/0x300 [ 763.571849][T11005] exit_to_user_mode_loop+0xde/0x100 [ 763.578862][T11005] exit_to_user_mode_prepare+0xb1/0x140 [ 763.586148][T11005] syscall_exit_to_user_mode+0x60/0x270 [ 763.593424][T11005] do_syscall_64+0x47/0xb0 [ 763.599573][T11005] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 763.607214][T11005] INITIAL READ USE at: [ 763.611636][T11005] lock_acquire+0x1f8/0x5a0 [ 763.618308][T11005] _raw_read_lock_bh+0x39/0x50 [ 763.625243][T11005] ppp_input_error+0x5c/0x1a0 [ 763.632115][T11005] ppp_sync_process+0x86/0x170 [ 763.639046][T11005] tasklet_action_common+0x3cb/0x4a0 [ 763.646491][T11005] handle_softirqs+0x2ee/0xa40 [ 763.653426][T11005] run_ksoftirqd+0xc6/0x120 [ 763.660172][T11005] smpboot_thread_fn+0x52c/0xa30 [ 763.667274][T11005] kthread+0x28d/0x320 [ 763.673513][T11005] ret_from_fork+0x1f/0x30 [ 763.680114][T11005] } [ 763.682696][T11005] ... key at: [] ppp_register_net_channel.__key.3+0x0/0x20 [ 763.692101][T11005] -> (&ppp->wlock){+...}-{2:2} { [ 763.697052][T11005] HARDIRQ-ON-W at: [ 763.701020][T11005] lock_acquire+0x1f8/0x5a0 [ 763.707173][T11005] _raw_spin_lock_bh+0x31/0x40 [ 763.713580][T11005] ppp_get_stats64+0xbf/0x290 [ 763.719914][T11005] dev_get_stats+0xa7/0x490 [ 763.726172][T11005] rtnl_fill_stats+0x47/0x880 [ 763.732516][T11005] rtnl_fill_ifinfo+0x18aa/0x2090 [ 763.739213][T11005] rtmsg_ifinfo_build_skb+0xdc/0x180 [ 763.746149][T11005] rtmsg_ifinfo+0x71/0x120 [ 763.752218][T11005] register_netdevice+0x13dc/0x1720 [ 763.759070][T11005] ppp_dev_configure+0x850/0xab0 [ 763.765670][T11005] ppp_ioctl+0x702/0x1c90 [ 763.771661][T11005] __se_sys_ioctl+0xf1/0x160 [ 763.777890][T11005] do_syscall_64+0x3b/0xb0 [ 763.783943][T11005] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 763.791489][T11005] INITIAL USE at: [ 763.795401][T11005] lock_acquire+0x1f8/0x5a0 [ 763.801463][T11005] _raw_spin_lock_bh+0x31/0x40 [ 763.807785][T11005] ppp_get_stats64+0xbf/0x290 [ 763.814014][T11005] dev_get_stats+0xa7/0x490 [ 763.820077][T11005] rtnl_fill_stats+0x47/0x880 [ 763.826318][T11005] rtnl_fill_ifinfo+0x18aa/0x2090 [ 763.832902][T11005] rtmsg_ifinfo_build_skb+0xdc/0x180 [ 763.839749][T11005] rtmsg_ifinfo+0x71/0x120 [ 763.845720][T11005] register_netdevice+0x13dc/0x1720 [ 763.852491][T11005] ppp_dev_configure+0x850/0xab0 [ 763.858999][T11005] ppp_ioctl+0x702/0x1c90 [ 763.864901][T11005] __se_sys_ioctl+0xf1/0x160 [ 763.871045][T11005] do_syscall_64+0x3b/0xb0 [ 763.877015][T11005] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 763.884468][T11005] } [ 763.886979][T11005] ... key at: [] ppp_dev_configure.__key.65+0x0/0x20 [ 763.895907][T11005] ... acquired at: [ 763.899697][T11005] lock_acquire+0x1f8/0x5a0 [ 763.904376][T11005] _raw_spin_lock_bh+0x31/0x40 [ 763.909394][T11005] ppp_connect_channel+0x170/0x640 [ 763.914670][T11005] ppp_ioctl+0xbe5/0x1c90 [ 763.919180][T11005] __se_sys_ioctl+0xf1/0x160 [ 763.923946][T11005] do_syscall_64+0x3b/0xb0 [ 763.928523][T11005] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 763.934596][T11005] [ 763.936905][T11005] [ 763.936905][T11005] the dependencies between the lock to be acquired [ 763.936913][T11005] and SOFTIRQ-READ-irq-unsafe lock: [ 763.950836][T11005] -> (&pch->downl){+.+.}-{2:2} { [ 763.955809][T11005] HARDIRQ-ON-W at: [ 763.959778][T11005] lock_acquire+0x1f8/0x5a0 [ 763.966041][T11005] _raw_spin_lock_bh+0x31/0x40 [ 763.972451][T11005] ppp_unregister_channel+0x78/0x2f0 [ 763.979394][T11005] ppp_asynctty_close+0xed/0x180 [ 763.985987][T11005] tty_ldisc_kill+0xa6/0x1a0 [ 763.992220][T11005] tty_ldisc_release+0x19d/0x200 [ 763.998806][T11005] tty_release_struct+0x27/0xd0 [ 764.005295][T11005] tty_release+0xcfb/0x12a0 [ 764.011435][T11005] __fput+0x3f6/0x8d0 [ 764.017061][T11005] task_work_run+0x246/0x300 [ 764.023297][T11005] exit_to_user_mode_loop+0xde/0x100 [ 764.030223][T11005] exit_to_user_mode_prepare+0xb1/0x140 [ 764.037423][T11005] syscall_exit_to_user_mode+0x60/0x270 [ 764.044612][T11005] do_syscall_64+0x47/0xb0 [ 764.050685][T11005] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 764.058265][T11005] SOFTIRQ-ON-W at: [ 764.062237][T11005] lock_acquire+0x1f8/0x5a0 [ 764.068408][T11005] _raw_spin_lock+0x2a/0x40 [ 764.074551][T11005] ppp_input+0x185/0xa00 [ 764.080429][T11005] pppoe_rcv_core+0x112/0x300 [ 764.086748][T11005] __release_sock+0x198/0x4b0 [ 764.093075][T11005] release_sock+0x5d/0x1c0 [ 764.099222][T11005] pppoe_sendmsg+0xd1/0x740 [ 764.105369][T11005] ____sys_sendmsg+0x5a5/0x8f0 [ 764.111771][T11005] __sys_sendmmsg+0x3ab/0x730 [ 764.118093][T11005] __x64_sys_sendmmsg+0x9c/0xb0 [ 764.124586][T11005] do_syscall_64+0x3b/0xb0 [ 764.130644][T11005] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 764.138186][T11005] INITIAL USE at: [ 764.142087][T11005] lock_acquire+0x1f8/0x5a0 [ 764.148149][T11005] _raw_spin_lock_bh+0x31/0x40 [ 764.154482][T11005] ppp_unregister_channel+0x78/0x2f0 [ 764.161347][T11005] ppp_asynctty_close+0xed/0x180 [ 764.167837][T11005] tty_ldisc_kill+0xa6/0x1a0 [ 764.174014][T11005] tty_ldisc_release+0x19d/0x200 [ 764.180510][T11005] tty_release_struct+0x27/0xd0 [ 764.186911][T11005] tty_release+0xcfb/0x12a0 [ 764.192965][T11005] __fput+0x3f6/0x8d0 [ 764.198502][T11005] task_work_run+0x246/0x300 [ 764.204660][T11005] exit_to_user_mode_loop+0xde/0x100 [ 764.211607][T11005] exit_to_user_mode_prepare+0xb1/0x140 [ 764.218728][T11005] syscall_exit_to_user_mode+0x60/0x270 [ 764.225854][T11005] do_syscall_64+0x47/0xb0 [ 764.231839][T11005] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 764.239290][T11005] } [ 764.241781][T11005] ... key at: [] ppp_register_net_channel.__key.1+0x0/0x20 [ 764.251147][T11005] ... acquired at: [ 764.254934][T11005] lock_acquire+0x1f8/0x5a0 [ 764.259641][T11005] _raw_spin_lock+0x2a/0x40 [ 764.264320][T11005] ppp_push+0xf3/0x1310 [ 764.268657][T11005] __ppp_xmit_process+0x846/0x19a0 [ 764.274020][T11005] ppp_xmit_process+0x14b/0x310 [ 764.279037][T11005] ppp_write+0x2a9/0x3a0 [ 764.283458][T11005] do_iter_write+0x503/0xc40 [ 764.288208][T11005] do_pwritev+0x216/0x360 [ 764.292719][T11005] do_syscall_64+0x3b/0xb0 [ 764.297295][T11005] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 764.303355][T11005] [ 764.305669][T11005] [ 764.305669][T11005] stack backtrace: [ 764.311550][T11005] CPU: 0 PID: 11005 Comm: syz.0.1493 Not tainted 6.1.112-syzkaller #0 [ 764.319690][T11005] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 764.329741][T11005] Call Trace: [ 764.333016][T11005] [ 764.335938][T11005] dump_stack_lvl+0x1e3/0x2cb [ 764.340614][T11005] ? nf_tcp_handle_invalid+0x642/0x642 [ 764.346068][T11005] ? panic+0x764/0x764 [ 764.350129][T11005] ? print_shortest_lock_dependencies+0xee/0x150 [ 764.356451][T11005] validate_chain+0x4d16/0x5950 [ 764.361303][T11005] ? reacquire_held_locks+0x660/0x660 [ 764.366702][T11005] ? reacquire_held_locks+0x660/0x660 [ 764.372093][T11005] ? register_lock_class+0x100/0x990 [ 764.377402][T11005] ? mark_lock+0x9a/0x340 [ 764.381751][T11005] __lock_acquire+0x125b/0x1f80 [ 764.386633][T11005] lock_acquire+0x1f8/0x5a0 [ 764.391148][T11005] ? ppp_push+0xf3/0x1310 [ 764.395472][T11005] ? read_lock_is_recursive+0x10/0x10 [ 764.400872][T11005] ? mark_lock+0x9a/0x340 [ 764.405203][T11005] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 764.411193][T11005] ? print_irqtrace_events+0x210/0x210 [ 764.416653][T11005] _raw_spin_lock+0x2a/0x40 [ 764.421176][T11005] ? ppp_push+0xf3/0x1310 [ 764.425594][T11005] ppp_push+0xf3/0x1310 [ 764.429744][T11005] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 764.435641][T11005] ? _raw_spin_unlock+0x40/0x40 [ 764.440488][T11005] ? _raw_spin_unlock+0x40/0x40 [ 764.445337][T11005] ? skb_pull+0xbd/0x1d0 [ 764.449606][T11005] __ppp_xmit_process+0x846/0x19a0 [ 764.454719][T11005] ? __ppp_channel_push+0x1d0/0x1d0 [ 764.459912][T11005] ? __virt_addr_valid+0x17f/0x530 [ 764.465044][T11005] ppp_xmit_process+0x14b/0x310 [ 764.469894][T11005] ? ppp_xmit_process+0x2c/0x310 [ 764.474830][T11005] ppp_write+0x2a9/0x3a0 [ 764.479068][T11005] do_iter_write+0x503/0xc40 [ 764.483655][T11005] ? vfs_iter_write+0xa0/0xa0 [ 764.488328][T11005] do_pwritev+0x216/0x360 [ 764.492655][T11005] ? do_preadv+0x350/0x350 [ 764.497066][T11005] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 764.503059][T11005] ? print_irqtrace_events+0x210/0x210 [ 764.508536][T11005] ? syscall_enter_from_user_mode+0x2e/0x230 [ 764.514519][T11005] ? lockdep_hardirqs_on+0x94/0x130 [ 764.519722][T11005] ? syscall_enter_from_user_mode+0x2e/0x230 [ 764.525698][T11005] do_syscall_64+0x3b/0xb0 [ 764.530107][T11005] ? clear_bhb_loop+0x45/0xa0 [ 764.534798][T11005] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 764.540697][T11005] RIP: 0033:0x7f61bcd7dff9 [ 764.545104][T11005] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 764.564751][T11005] RSP: 002b:00007f61bdb27038 EFLAGS: 00000246 ORIG_RAX: 0000000000000128 [ 764.573175][T11005] RAX: ffffffffffffffda RBX: 00007f61bcf35f80 RCX: 00007f61bcd7dff9 [ 764.581145][T11005] RDX: 0000000000000001 RSI: 0000000020000180 RDI: 0000000000000003 [ 764.589110][T11005] RBP: 00007f61bcdf0296 R08: 0000000000000000 R09: 0000000000000000 [ 764.597091][T11005] R10: 00000000fffffffe R11: 0000000000000246 R12: 0000000000000000 [ 764.605054][T11005] R13: 0000000000000000 R14: 00007f61bcf35f80 R15: 00007ffd6396ddd8 [ 764.613045][T11005] [ 764.780634][T10378] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 764.825585][T10378] usb 4-1: config 0 descriptor?? [ 765.279589][T10378] usb 4-1: can't set config #0, error -71 [ 765.308488][T10378] usb 4-1: USB disconnect, device number 9