last executing test programs: 1m47.31367376s ago: executing program 0 (id=7): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.time\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000001100)={0x6, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b7030000fcffffff850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="19000000040000000800000001"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x8, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000400)={r1, &(0x7f0000000380), &(0x7f0000000280)=@tcp=r0, 0x2}, 0x20) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000200)={r1, &(0x7f0000000280), &(0x7f0000000000)=""/10, 0x2}, 0x20) 1m47.164083241s ago: executing program 0 (id=8): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x4, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180200008000000000000000000000008500000027000000850000007d00000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r0, 0xfca804a0, 0x81, 0x0, &(0x7f00000002c0)="535d725dee62f874b85735b1b566d8eefb515ce48392d35f0905601700108acd07d1786d9ffa85515e06fc6fb2e43b9b30ff0124e453daf56c8ae2fb8ac2adc0819e968c2f92965c2043e118f6b5afb8bc2ceb840682cd9f11a4e3688b9fbbaa0cbd6cffe4bb0096ebbf6abc447f6104aacf8d16c1e5995a116c39ea925bde7dcb", 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 1m46.814569383s ago: executing program 0 (id=11): openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_serviced_recursive\x00', 0x275a, 0x0) sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x8000) timer_create(0x0, &(0x7f0000000680)={0x0, 0x21}, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0) clock_nanosleep(0x2, 0x0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file0\x00', 0x0) mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000280)='./file1/file0\x00', 0x0, 0x1085408, 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f00000003c0), 0x0, &(0x7f00000004c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1/file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f00000001c0)='./bus\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='blkio.bfq.sectors_recursive\x00', 0x275a, 0x0) ioctl$FS_IOC_RESVSP(r0, 0xc0189436, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x7, 0x3}) 1m43.800508303s ago: executing program 0 (id=26): syz_mount_image$udf(&(0x7f0000001940), &(0x7f0000001980)='./file0\x00', 0x0, &(0x7f0000003340)=ANY=[@ANYBLOB="00e9c655ee4708d304c5a20d854fb29bc0815156d4a1c8c5e67b11054a016a1c8a5af527a4a5b6ffb6bc35a4a6f709bc361489eff75209e3297e9f2194a0fdb2bf3993ba8ec61a7ad684860088ed6c765bc3013ad5fdcc6fb1be44c2e460b8ce295d59cfbaa4175da1f5d9b3f9ca3c91a1f5790ae208ce2044fc8fb3f70de141152bf726b3838587d24802992b3995624fd7705f2d64c6524d9cea8cc909d0f727154985464ac46e974449dcef0b41b4465f50223fdb36bcae080bd6c92083765c0fa49fe536a392caf67f"], 0x1, 0x1905, &(0x7f0000001a00)="$eJzs3E9oXOe1APDzaWYsWc6LJ06sOA8vJsnj2U/5gyy99yKjFuREHhIQzh9ZLcEby9bYnUYeqZJd5BBShyzaTamhm9KVKbhQSiGlXRVKQumigRbcUGi7KJgSnG4SVChkU+pyr66ksSzXSmJZdfL7RdH57pnz3Tl3BIZzNZoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACKePHigb1/a7C4AAACAjXRo7IW+AfM/AAAAfKod9vt/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICNkKIUj0SKv/9xIR3Njxd1jTZbZ+bHR+prb9uaIkVHlPL67P+uff0D//t////E4FL81/tvtQfi2bHDB2pPTZ+amW3MzTUma+Ot5vHpyca6z/BJ96/Wm78AtVMvnZk8cWKu1v/4wDUPz1evdG7rqQ4NHjk4ulQ7PlKvj7XVlCsf+9mvk27dqQAAALgDbYlS7I0UtZ/+JU1EREd88ln4JvcONtrWqGbzd34R4yP1/EKmmhOt09mDqaOoquZfy4aXZuTbMIt/MinOZT+nrOHe7PLGZiZmJ45NNWrPTcyebp5uTrdSx2K3Kb/MjhhMETMRsVDa7N4BAADYLJUoxZuR4rtvL6RjEVFamoMfOTT2Qt/AjTdWb2OTayhnLZQiLsWdMLMDAADA5uqMUjwTKbZ+ry+OF3N1PjYPV+KuLC5EfKWoPF8cpxQRlyP+6vfJAAAAcEcoRyl+Eymm00KaXJr98/eVj36h9kzrxHRb7dL7yu/4vw+4nbw3AQAAgH8DXVGKY/k7/hfSx/+wOwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADYaKX4WaR449TeNJMd9o6P1GtjMxOzzdbJ2uGJY1ONvCp1lCtZrBW7rl69erWaFmOtiH1FHC7ic0U8WsSZIp4r4vkiXijiG0V8q4iXini5iAtFjI7i+YtYK2JfEYeL+FwRjxZxpojnini+iBeK+EYR3yripSJeLuJCEaO0iT8uAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACADbI1SjEdKb72/lfjXJaoXunc1rN9aP//3L0ltdXtusl5strHI+IXEXEpS/SONltn5mvjI/X6WFtdubIYt0RER7avI/vv1l8XAAAAsKIrSvFqPr0vpNc2uxkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOCO1BGleD9SfL21kCJlmRRHYzFeLm12dwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB8VnSmUqRIMfn88HKuHBEp/1q0N/u2EMN54lIM35vFczG8lN+Xx67hA5vQPwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALdIKsXrkeKH7yykakTMV690buupDg0eOThailKkrKS9/tmxwwdqT02fmpltzM01Jmvjrebx6cnGep+ua7TZOjM/PlLfkIu5qa0b3P/WrqemZ87ONk9+6fSaj3d3HTg2d3p24vjaD8fWqEb0tWd684bHR+p501PNiVa+NXXcoMFqRG29FwMAAMBnRncqxWSk+NNrfy7fU+TKizN/ZfGotFx78ZWVewH/Wb42LsvvH2wf2r+nv3c967TeRnvzwTsbhOtjbely0eWOtlzW09zZl1+amJpqzFpYWFgsLz7CP44AAPApk83/P4oUTz6d0tIMXcz/dy0ercz/H766Mv/vXxWXbdL8f29bbn/xnoVKOaLr9KmZys6IrrmzLz/WPDVxsnGy0ep/on9gYHBgsLIloutEc6rRt7Ja9ysHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQLtKKsVcpPjg27+KWpErR0SK+I/Fo9Jy7cVX8nxu76rzzFevdG7rqQ4NHjk4eqN1WquB3tFm68x8bXykXh9rS5cr15dmz5lSKY5Eihd/uSvvN0V3RDWWewcAAACu151KsTtS7P/y0+nBIlfM/+XFo7Xn/3Or4rJ83t8+tH9Pf+961mveE1jLTe4T3NOWO1fcJzgbKcbe2xUPtt0n6Ft12qyuEike+MHuoi62ZHVL59uRf+860Zxq9GW1b0aK77x7be2Oovbeldp9670sAAAAuB2y+f9CpPjw++/EQ0WumP+LyXrt+b97VVy2SfP/fe3XFBFzZ19+aWJqqjE7t+6XAgAAAD61svn/H5HiwE/+EA8XuWvn/5UJPZv/O4r13oevjct3CTZp/t/ZlqsWff3XR3wtAAAAAAAAAAAAAAAAAAAAYLN0p1L8LVL87uePpj1Fbj2f/ze5Ki7bpL//v78tN3nN5/9t3GLdLzIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJuukkqxI1J8a/Ld1FfkyhGRFkNElJZrL34uoqNYj6RVJ6pe6dzWc/fQ4JGDo4vr7UP79/T3tq9Xb8n1jjZbZ+Zr4yP1+lhbuly5vjR7zpRK8Y1IMfberujL++yOqEb0rarN6nZHil9/8GhRl3qyuuGldvPvXYemW48dmJqaPj5xeuLYVKM2NjNxvJHtHYoU51/cXezt2JJteLDYe8/i3hPNqUZfVvt2pPjv55dqI699qKi9b6V2X1b7aKR4/YvX1j5c1O5cqe3Pan8bKT7/5Nq1PSu1A1ntjyPFznptqbY7q91T1N6/Uvv48empybV+DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJVUikOR4pu/vxDDRa4cESmi0naYu/hKnl/TfPVK57ae6tDgkYOjN1qvubd3tNk6M18bH6nXx9rS5eLZq7fmMgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgn+zbvU9kVRjA4ffMAXeJFlOZ2N3SYGJw8YPEmKAiiQlRIouNDbMCZiIMI7DJlnS21FYbWxND4R+wrYkFrR1+rLEy194Ecy9nzKrrRwSZJXme7OaXYc6ZOReql7kAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADnlCLH55Hil6/rdJKbx2euL/UHt++sLiw+fNtUihSdyO365v/1527MPv/Ciy/Njfr3+y/aU/H2ys1Xq9d3toe7G3t7G+vV6qD//s76xr9+hfPu/6Pp9htQbX94e31zc6+68ezs756+0/3h2uNPdl+ee++NpdHa1YXFxZUH1kxM/ud3/5N0cS8FAADAFfRY5PgsUlRf/Ji+yRGdOP8s/A+/O/i/TUW3mb/bi1hdWGwvZKvfG+w3T6ZOWdVt//1mfjQjX8Isfj4pDiKi0xx4urm8lWFvt3dra6Na7u3u9/f7O4PUOTttai+zE3MpYhgRdR732QEAABiXycjxWqT45Ms6fZsj8mgOfuatlXdmZv96Y/cSD/kQE80RcsRxXIWZHQAAAMbrWuT4KlJMfToT3+Wzubodm+cn44mmdcRHZeVheZxSRJxE/OzzZAAAALgSJiLHcqTYSXX6PpfZv72vfOnd6s3B5s4Da0f3lV/5vw+4TO5NAAAA4BFwPXLcb+/4r9N9n+cDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8MjK8UqkONp+OtU5IqZXFxarlWFvtz/4oLrZu7W10a5KnYnJplXZdXp6etpNZ61KZ0rnS5dL10qHpQelh6V3S49K75Uel56U1qXRKe9fWpXOlM6XLpeulQ5LD0oPS++WHpXeKz0uPSmtSyOP8+cFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAencjxU6T4eFCn09x8JcVanPUkj/t0AAAAwEX4NQAA//9ohSnw") creat(&(0x7f0000000580)='./bus\x00', 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r0 = open(&(0x7f0000000180)='./bus\x00', 0x14113e, 0x6ceac77f206eabb9) write$binfmt_script(r0, &(0x7f0000000080), 0x208e24b) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x90) getdents(r1, &(0x7f0000000040)=""/61, 0x3d) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) 1m42.195116623s ago: executing program 0 (id=32): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r1 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) setpgid(r1, r1) setpgid(0x0, r1) rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x9c000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) poll(&(0x7f0000000040)=[{0xffffffffffffffff, 0x80cd}], 0x1, 0x7) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r3, &(0x7f0000000040)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x12, r3, 0x0) ioctl$KVM_X86_SETUP_MCE(r3, 0x4008ae9c, &(0x7f0000000000)={0x2c, 0xa7f084dd5657bbbf, 0x14}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x1c, 0x0}}], 0x1, 0x840) ioctl$TIOCSCTTY(r0, 0x540e, 0x5) ioctl$TIOCSCTTY(r0, 0x540e, 0x4e) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x72, 0x0, 0x0) 1m41.521466957s ago: executing program 0 (id=35): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) sendmsg$inet(r0, &(0x7f0000000780)={&(0x7f0000000100)={0x2, 0x0, @multicast1}, 0x10, &(0x7f00000001c0)=[{0x0}], 0x1, &(0x7f0000000080)=ANY=[@ANYBLOB="1c00000000000000", @ANYRES8=r0, @ANYBLOB="ac1414aaac14140000000b001400000000000000000000000700000007038b"], 0x38}, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000000)={@private0={0xfc, 0x0, '\x00', 0x1}, 0xd18, 0x1, 0x0, 0x3, 0x9, 0xff3b}, 0x20) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x40) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000000)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) memfd_create(&(0x7f0000000040)='/dev/kvm\x00', 0x4) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000000f478ef8ed"]) r4 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000100)='blkio.bfq.sectors\x00', 0x0, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r6, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x0, 0x2, 0x0, 0x4002004c4, 0x1004, 0xffffffffffffffff, 0xc595, 0x0, 0x1, 0xffffffffffffffff, 0x2000000000000000, 0x80000004000000, 0x8d], 0xeeee8000, 0x2010d3}) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 1m40.478961514s ago: executing program 32 (id=35): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) sendmsg$inet(r0, &(0x7f0000000780)={&(0x7f0000000100)={0x2, 0x0, @multicast1}, 0x10, &(0x7f00000001c0)=[{0x0}], 0x1, &(0x7f0000000080)=ANY=[@ANYBLOB="1c00000000000000", @ANYRES8=r0, @ANYBLOB="ac1414aaac14140000000b001400000000000000000000000700000007038b"], 0x38}, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000000)={@private0={0xfc, 0x0, '\x00', 0x1}, 0xd18, 0x1, 0x0, 0x3, 0x9, 0xff3b}, 0x20) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x40) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000000)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) memfd_create(&(0x7f0000000040)='/dev/kvm\x00', 0x4) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000000f478ef8ed"]) r4 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000100)='blkio.bfq.sectors\x00', 0x0, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r6, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x0, 0x2, 0x0, 0x4002004c4, 0x1004, 0xffffffffffffffff, 0xc595, 0x0, 0x1, 0xffffffffffffffff, 0x2000000000000000, 0x80000004000000, 0x8d], 0xeeee8000, 0x2010d3}) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 18.78829585s ago: executing program 1 (id=348): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) write(r0, &(0x7f0000000000)="2d000000010001", 0x7) 18.629329171s ago: executing program 1 (id=350): io_setup(0x3, &(0x7f0000001540)=0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() timer_create(0x0, &(0x7f0000000680)={0x0, 0x21}, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r2, 0x0, r3, 0x0, 0x7, 0x0) creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) io_pgetevents(r0, 0x3, 0x3, &(0x7f0000001580)=[{}, {}, {}], &(0x7f0000000000), &(0x7f0000001740)={&(0x7f0000001700)={[0xa5]}, 0x8}) 15.56978618s ago: executing program 1 (id=359): r0 = socket$packet(0x11, 0x2, 0x300) sendmmsg$sock(r0, &(0x7f0000002c00)=[{{&(0x7f0000000500)=@ieee802154={0x24, @long={0x3, 0x0, {0xaaaaaaaaaaaa0002}}}, 0x80, 0x0, 0x0, &(0x7f0000000040)=[@txtime={{0x14, 0x1, 0x3d, 0x1000000000003}}], 0x14}}], 0x1, 0x8845) 15.512882781s ago: executing program 3 (id=361): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f0000000740)=ANY=[@ANYBLOB="fc000000190001002dbd70000000000000000000000000000000000000000001fe8000000000000000000000000000bb00000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000009a5ab6e10c00000000000000040000000000000000000000000000000000000000000000ffffffffffffffff000000000020000000000000000000000000000000000000000a000000000000feffffffff7f40000200000000000008000000000000000001000000000000004400050000000000000000000000000000000000000000003c00000002000000ffffffff0002000000000000000000000600000004"], 0xfc}}, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r1, 0x2) syz_emit_ethernet(0x4a, &(0x7f00000002c0)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0) syz_emit_ethernet(0x4a, &(0x7f00000004c0)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0) 15.247978132s ago: executing program 1 (id=362): syz_mount_image$iso9660(&(0x7f0000000380), &(0x7f00000000c0)='./file0\x00', 0x204818, &(0x7f0000000480)=ANY=[@ANYBLOB="686964652c7344a773696f6e3d3078303030303030303030303030303030332c6f76657272696465726f636b7065726d2c6d61703d6f66662c756e686964652c696f636861727365743d63703433372c6d61703d6f66662c6d6f64653d3078303030303030303030303030303438332c00"], 0x1, 0x544, &(0x7f0000001000)="$eJzs3V9v01YfwPGfS/sQ5ZGqRw8TQlWBQ9mkIpXgJBAUceU5J+mBxI5sB7VXqKIpqkhhokxae8O4YZu0vQh2uRexd4T2EjbZTvqHJjHQv6u+nwjOiX3s8zup5Z/cxscCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADEcmu2XbSkabzOkhrNrQV+a/dtf+sDC+TWvmJMvyJW/E9yObmSLrry1e7qy/F/czKbvpuVXFzkZPu/l//34NLkxGD7MQF/lt+/cE+bW9vPV3q97qujCuQMunpx9LqG9kzom5bT0MqEvqpWKvadxXqo6qapw+Uw0i3lBtqJ/EDNu7dUsVotK11Y9jteo+Y09WDh/dsl266oh4W2doLQ9+48LITuomk2jddI2sSr4zb34wPxkYlUpJ2WUmvrvW45awBxo+KnNCplNSrZpVKxWCoVK/eq9+7b9uSBBfZH5ECLozto8e90hGdv4HAm+vlfmmLEk44siRr6cqUmgfjSGrG+b5D/v7mjx/a7N/8PsvyV3dUzkuT/a+m7a6Py/4hYTu61KVuyLc9lRXrSk668OvWITvbVEC2eGAnFFyMtcZIlqr9ESVUqUhFbnsii1CUUJXUx0hQtoSxLKJHo5IhyJRAtjkTiSyBK5sWVW6KkKFWpSlmUaCnIsvjSEU8aUhMn2cuarCefe1mUNSrGnUbFkcPID467rpTGjJb8j8M70vM3cBh/D/I/AAAAAAA4t6zkt+/x9f+UXE1qddPU9mmHBQAAAAAAjlDyl//ZuJiKa1fF4vofAAAAAIDzxkrusbNEJC/X09qaWMntUvwSAAAAAACAcyL5+/+1uEjmQLku1s50KVz/AwAAAABwTvycOcd+2L5o/fmXBMGU9ba99LW1kczN62xcSLe78PEeo/qMNd3fSVJU0mJy0tWzVi5ttDMJ5od+sZYVh7UbgLMTwI+fE8ClSflVbqRtbqym5epgTdpLvm6auuD6zQdFcZzpiUgvRd+/WP9BkuH/4rWmrZys97qFpy97q0ksb+O9vN3oT6B4YB7FMbG8TuZbSO65GDriqeRGjH6/eUvW1ntde+/4J9LNJ/b3+GZ6TJ/vZC5tNdef8Ta/f/y5uM9iYdTo+1EUDznyd3IzbXNz/mZaDImilBVFaW8Uwz+Lw0dRzoqifMgoAOC0rGVkIUsO5N0vOMt9WXaXz8zu72Q+bTM/k5xYJ2eGnNHtrDO6fcjs9seBZyCNyrFxv799lFXfxxu8H9lv2CxZ8Ud44fXGd3J5c2v79vrGyrPus+6LUqlcse/a9r2STCXD6BfkHgDAEHufsWMNzf+ZT+Gx7mZcVf9/5ysFBXkqL6Unq7KQ3G2QfONg6F7ze76GsJBx1ZpP0mT6hJeFMVd1/0nuchjstzS27f4YyifwkwAA4OTMZeThT8n/CxnX3ftz+fir4/yep7UBAIDjoYMPVj76yQoC035SrFaLTrSoVeC7j1Rgag2tjBfpwF10vIZW7cCPfNdvxpXHpqZDFXbabT+IVN0PVNsPzVIyfaDqP/o91C3Hi4wbtpvaCbVyfS9y3EjVTOiqdufbpgkXdZBsHLa1a+rGdSLjeyr0O4GrC0qFWu9paGrai0zdxFVPtQPTcoKceuw3Oy2tajp0A9OO/HSHg76MV/eDVrLbwml/2AAAnBGbW9vPV3q97qtjrAztOHfiQwUAAH0ZWRoAAAAAAAAAAAAAAAAAAAAAAJwBJ3H/H5VzXhlMBX1W4qFyBJXMU8ebYz85AThW/wQAAP//rVVPjw==") mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x109041, 0x0) mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000080)='./file0/file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x99501e, 0x0) mount$bind(&(0x7f0000000880)='./file0/../file0\x00', &(0x7f0000000440)='./file0/file0\x00', 0x0, 0x1adc11, 0x0) mount$bind(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000000)='./file0/file0\x00', 0x0, 0x887008, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f0000006b40)={0x2020}, 0x2020) 14.368131048s ago: executing program 3 (id=365): syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000e80)='./bus\x00', 0x0, &(0x7f0000000080)={[{@user_xattr}, {@nojournal_checksum}]}, 0x21, 0x4a6, &(0x7f0000003840)="$eJzs3cFPG9kZAPBvBgiEkEDaHNqqbdI0bVpFscFJUJRTemlVRZGqRj31kFBwEMLGCJs00BzI/1CpkXpq/4QeKvVQKae97233tpfsYaXsbrSrsNIevJqxIYRgYDcES/j3k55m3jzj7z2sec98gF8APetcRKxFxLGIuBcRo+3rSbvEzVbJHvfyxaPp9RePppNoNu98luTt2bXY8jWZE+3nHIqIP/4u4i/Jm3HrK6vzU5VKealdLzaqi8X6yurluerUbHm2vFAqTU5Mjl+/cq10YGM9W/3P89/O3frT///3k2fvr/36b1m3RtptW8dxkFpDH9iMk+mPiFvvIlgX9LXHc6zbHeE7SSPiexFxPr//R6MvfzUBgKOs2RyN5ujWOgBw1KV5DixJC+1cwEikaaHQyuGdieG0Uqs3Lt2vLS/MtHJlYzGQ3p+rlMfbucKxGEiy+kR+/qpe2la/EhGnI+Lvg8fzemG6Vpnp5hsfAOhhJ7at/18OttZ/AOCIG+p2BwCAQ2f9B4DeY/0HgN5j/QeA3mP9B4DeY/0HgN5j/QeAnvKH27ez0lxvf/71zIOV5fnag8sz5fp8obo8XZiuLS0WZmu12fwze6p7PV+lVlucuBrLD4uNcr1RrK+s3q3Wlhcad/PP9b5bHjiUUQEAuzl99umHSUSs3Tiel9iyl4O1Go62tNsdALqmr9sdALrGbl/Qu/yMD+ywRe9rOv6J0JOD7wtwOC7+UP4fepX8P/Qu+X/oXfL/0LuazcSe/wDQY+T4Ab//BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgG9vJC9JWmjvBT4SaVooRJyMiLEYSO7PVcrjEXEqIj4YHBjM6hPd7jQA8JbST5L2/l8XRy+MbG89lnw1mB8j4q//vPOPh1ONxtJEdv3zzeuNJ+3rpW70HwDYy8Y6vbGOb3j54tH0RjnM/jz/TWtz0Szueru0WvqjPz8OxUBEDH+RtOst2fuVvgOIv/Y4In6w0/iTPDcy1t75dHv8LPbJQ42fvhY/zdtax+x78f0D6Av0mqfZ/HNzp/svjXP5cef7fyifod7exvy3/sb8l27Of30d5r9z+41x9b3fd2x7HPGj/p3iJ5vxkw7xL+wz/kc//un5Tm3Nf0VcjJ3jb41VbFQXi/WV1ctz1anZ8mx5oVSanJgcv37lWqmY56iLG5nqN31649Kp3cY/3CH+0B7j/8U+x//vr+/9+We7xP/Vz3d+/c/sEj9bE3+5z/hTw//tuH13Fn+mw/j3ev0v7TP+s49XZ/b5UADgENRXVuenKpXykhMnTpxsnnR7ZgLetVc3fbd7AgAAAAAAAAAAAAAAdHIY/07U7TECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwdH0TAAD//yyP2UE=") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0) r1 = syz_open_dev$loop(&(0x7f0000000040), 0x40000000008d, 0x20001) ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f0000001280)={r0, 0x0, {0x2a12, 0x80010000, 0x0, 0x10000000000000, 0x4, 0x0, 0x0, 0x20, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea80000000000000000000000deff0000100000000000000000000000000800", "2809e8dbe108038948224ad54afac11d875397bdb22d0000b420a1a93c7540f4767f9e01177d3dd40600000061ac00", "90be8b1c55f96400", [0x8a2]}}) ioctl$LOOP_GET_STATUS(r1, 0x4c03, &(0x7f0000000200)) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) mount$bind(0x0, &(0x7f0000000100)='.\x00', 0x0, 0x21, 0x0) r2 = syz_clone(0x100411, 0x0, 0x0, 0x0, 0x0, 0x0) prctl$PR_SET_SECUREBITS(0x1c, 0x1d) setuid(0xee01) tkill(r2, 0x12) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000300)) r4 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, 0x0) r5 = dup3(r4, r3, 0x0) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, 0x0) 14.236590499s ago: executing program 1 (id=366): r0 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r0, &(0x7f0000000000)={0x18, 0x0, {0x2, @local, 'tunl0\x00'}}, 0x1e) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000001400), 0x0, 0x0, 0x0, 0x4000800}], 0x1, 0x0) ioctl$FS_IOC_SETFSLABEL(r0, 0x41009432, &(0x7f0000000080)="13ff8d38f8d742171aed86a514446a5ad31cab8d6000df486df2ef638e17afaa3eed06f802b678efcca55273a9191cb83bc5dd4d9e171c22c3c99b8ecc1467fbb1dcd4d33a4da6377c68530825452ec79a3a0f1aebbb6273d8c3a3507ba7e3228917a01e4a373ee374109a1be39f7c053026b3d7103cdca8f3216686622630cb69a8373e68d8a154c70cea6fab977d034da2b5a2141f6b1d0543d8638b8c7f1ec52b785f1c518db9fc35c84605c45718a31a010f76703501a77cca155e66522108b2641c543d0c2476ff344446c325d00b3fca0a50a38de58b9a75437fcacf2343441312809903440aea05a740ea9c0a963608546439f411ca9d7cd1ffa86261") r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c) listen(r1, 0xfffffffc) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)=[@ip_retopts={{0x10}}], 0x10}, 0x4080) r2 = io_uring_setup(0x115c, &(0x7f0000000440)={0x0, 0x8270, 0x40, 0x3, 0x117}) io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f0000000640)=[{0x0}], 0x178) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x3, 0x3, &(0x7f0000000000)=@framed={{0x6a, 0xa, 0x0, 0xffc4, 0x2, 0x71, 0x10, 0x69, 0x3}}, 0x0}, 0x94) io_uring_register$IORING_REGISTER_FILES(r2, 0x1e, &(0x7f0000000000)=[r2], 0x1) socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)={0x4c, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x3}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:net,net\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4040000}, 0x0) sendmsg$IPSET_CMD_TEST(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="640000000906010800000000000000000600000505000100070000003c0007801800148014000240fc0000000000000000000000000000011800018014000240ff01000000000000000000000000000105000300070000000900020073797a31"], 0x64}}, 0x4800) r4 = userfaultfd(0x80001) ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) ioctl$UFFDIO_REGISTER(r4, 0xc020aa07, &(0x7f0000000000)={{&(0x7f00006f0000/0x1000)=nil, 0x1000}, 0x3, 0x2}) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00'}, 0x10) sendmsg$IPSET_CMD_DESTROY(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x1c, 0x3, 0x6, 0x201, 0x0, 0x0, {0x7, 0x0, 0xa}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x40814) 11.516027106s ago: executing program 1 (id=369): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r1 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) setpgid(r1, r1) setpgid(0x0, r1) rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x9c000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) poll(&(0x7f0000000040)=[{0xffffffffffffffff, 0x80cd}], 0x1, 0x7) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x12, r3, 0x0) ioctl$KVM_X86_SETUP_MCE(r3, 0x4008ae9c, &(0x7f0000000000)={0x2c, 0xa7f084dd5657bbbf, 0x14}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x1c, 0x0}}], 0x1, 0x840) ioctl$TIOCSCTTY(r0, 0x540e, 0x5) ioctl$TIOCSCTTY(r0, 0x540e, 0x4e) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x72, 0x0, 0x0) 10.864189461s ago: executing program 33 (id=369): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r1 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) setpgid(r1, r1) setpgid(0x0, r1) rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x9c000004, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) poll(&(0x7f0000000040)=[{0xffffffffffffffff, 0x80cd}], 0x1, 0x7) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x12, r3, 0x0) ioctl$KVM_X86_SETUP_MCE(r3, 0x4008ae9c, &(0x7f0000000000)={0x2c, 0xa7f084dd5657bbbf, 0x14}) sendmmsg$inet6(r2, &(0x7f0000003c00)=[{{0x0, 0x1c, 0x0}}], 0x1, 0x840) ioctl$TIOCSCTTY(r0, 0x540e, 0x5) ioctl$TIOCSCTTY(r0, 0x540e, 0x4e) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x72, 0x0, 0x0) 10.84911595s ago: executing program 3 (id=372): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0xa, 0x5, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f00000004c0)=[@in={0x2, 0x4e24, @remote}, @in={0x2, 0x4e24, @loopback}], 0x20) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000200)=[@in6={0xa, 0x4e24, 0x4, @loopback}], 0x1c) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_REM(r1, 0x84, 0x65, &(0x7f0000000140)=[@in={0x2, 0x4e24, @loopback}, @in6={0xa, 0x4e24, 0x1967, @private1={0xfc, 0x1, '\x00', 0x1}, 0x80000000}], 0x2c) syz_usb_connect(0x3, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000d3ccb510b1134200292b0102030109021b0081fc00000009040f0001e711e100090583010003"], 0x0) r2 = socket(0x10, 0x3, 0x0) write(r2, &(0x7f00000000c0)="1b0000001e005f0214fffffffffffff80700000001000000000000", 0x1b) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000040)={'vcan0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x58, 0x10, 0x401, 0x0, 0x3, {0x0, 0x0, 0x0, r3, 0xe59bca127d81b0fa, 0xc574450d1af3b5bc}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge_slave={{0x11}, {0xc, 0x5, 0x0, 0x1, [@IFLA_BRPORT_GROUP_FWD_MASK={0x6, 0x1f, 0xd5}]}}}, @IFLA_IFNAME={0x14, 0x3, 'bridge_slave_0\x00'}]}, 0x58}, 0x1, 0x0, 0x0, 0x20044010}, 0xc040) 8.696011844s ago: executing program 3 (id=379): syz_mount_image$iso9660(&(0x7f0000000380), &(0x7f00000000c0)='./file0\x00', 0x204818, &(0x7f0000000480)=ANY=[@ANYBLOB="686964652c7344a773696f6e3d3078303030303030303030303030303030332c6f76657272696465726f636b7065726d2c6d61703d6f66662c756e686964652c696f636861727365743d63703433372c6d61703d6f66662c6d6f64653d3078303030303030303030303030303438332c00"], 0x1, 0x544, &(0x7f0000001000)="$eJzs3V9v01YfwPGfS/sQ5ZGqRw8TQlWBQ9mkIpXgJBAUceU5J+mBxI5sB7VXqKIpqkhhokxae8O4YZu0vQh2uRexd4T2EjbZTvqHJjHQv6u+nwjOiX3s8zup5Z/cxscCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADEcmu2XbSkabzOkhrNrQV+a/dtf+sDC+TWvmJMvyJW/E9yObmSLrry1e7qy/F/czKbvpuVXFzkZPu/l//34NLkxGD7MQF/lt+/cE+bW9vPV3q97qujCuQMunpx9LqG9kzom5bT0MqEvqpWKvadxXqo6qapw+Uw0i3lBtqJ/EDNu7dUsVotK11Y9jteo+Y09WDh/dsl266oh4W2doLQ9+48LITuomk2jddI2sSr4zb34wPxkYlUpJ2WUmvrvW45awBxo+KnNCplNSrZpVKxWCoVK/eq9+7b9uSBBfZH5ECLozto8e90hGdv4HAm+vlfmmLEk44siRr6cqUmgfjSGrG+b5D/v7mjx/a7N/8PsvyV3dUzkuT/a+m7a6Py/4hYTu61KVuyLc9lRXrSk668OvWITvbVEC2eGAnFFyMtcZIlqr9ESVUqUhFbnsii1CUUJXUx0hQtoSxLKJHo5IhyJRAtjkTiSyBK5sWVW6KkKFWpSlmUaCnIsvjSEU8aUhMn2cuarCefe1mUNSrGnUbFkcPID467rpTGjJb8j8M70vM3cBh/D/I/AAAAAAA4t6zkt+/x9f+UXE1qddPU9mmHBQAAAAAAjlDyl//ZuJiKa1fF4vofAAAAAIDzxkrusbNEJC/X09qaWMntUvwSAAAAAACAcyL5+/+1uEjmQLku1s50KVz/AwAAAABwTvycOcd+2L5o/fmXBMGU9ba99LW1kczN62xcSLe78PEeo/qMNd3fSVJU0mJy0tWzVi5ttDMJ5od+sZYVh7UbgLMTwI+fE8ClSflVbqRtbqym5epgTdpLvm6auuD6zQdFcZzpiUgvRd+/WP9BkuH/4rWmrZys97qFpy97q0ksb+O9vN3oT6B4YB7FMbG8TuZbSO65GDriqeRGjH6/eUvW1ntde+/4J9LNJ/b3+GZ6TJ/vZC5tNdef8Ta/f/y5uM9iYdTo+1EUDznyd3IzbXNz/mZaDImilBVFaW8Uwz+Lw0dRzoqifMgoAOC0rGVkIUsO5N0vOMt9WXaXz8zu72Q+bTM/k5xYJ2eGnNHtrDO6fcjs9seBZyCNyrFxv799lFXfxxu8H9lv2CxZ8Ud44fXGd3J5c2v79vrGyrPus+6LUqlcse/a9r2STCXD6BfkHgDAEHufsWMNzf+ZT+Gx7mZcVf9/5ysFBXkqL6Unq7KQ3G2QfONg6F7ze76GsJBx1ZpP0mT6hJeFMVd1/0nuchjstzS27f4YyifwkwAA4OTMZeThT8n/CxnX3ftz+fir4/yep7UBAIDjoYMPVj76yQoC035SrFaLTrSoVeC7j1Rgag2tjBfpwF10vIZW7cCPfNdvxpXHpqZDFXbabT+IVN0PVNsPzVIyfaDqP/o91C3Hi4wbtpvaCbVyfS9y3EjVTOiqdufbpgkXdZBsHLa1a+rGdSLjeyr0O4GrC0qFWu9paGrai0zdxFVPtQPTcoKceuw3Oy2tajp0A9OO/HSHg76MV/eDVrLbwml/2AAAnBGbW9vPV3q97qtjrAztOHfiQwUAAH0ZWRoAAAAAAAAAAAAAAAAAAAAAAJwBJ3H/H5VzXhlMBX1W4qFyBJXMU8ebYz85AThW/wQAAP//rVVPjw==") mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x109041, 0x0) mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000080)='./file0/file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x99501e, 0x0) mount$bind(&(0x7f0000000880)='./file0/../file0\x00', &(0x7f0000000440)='./file0/file0\x00', 0x0, 0x1adc11, 0x0) mount$bind(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000000)='./file0/file0\x00', 0x0, 0x887008, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f0000006b40)={0x2020}, 0x2020) 8.240446517s ago: executing program 3 (id=380): r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_S_SELECTION(r0, 0xc040565f, &(0x7f00000000c0)={0x2, 0x0, 0x1, {0x9, 0x0, 0x6, 0x7fffffff}}) 6.959953376s ago: executing program 3 (id=385): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) msgctl$MSG_STAT(0x0, 0xb, 0x0) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) ioctl$MON_IOCX_MFETCH(0xffffffffffffffff, 0xc0109207, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r3 = socket(0x10, 0x803, 0x0) r4 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x4, 0xc00}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4048810}, 0x0) sendmsg$nl_route_sched(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newtfilter={0x78, 0x2c, 0xd27, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, r5, {0x9, 0xfff1}, {}, {0x8, 0xf}}, [@filter_kind_options=@f_flow={{0x9}, {0x48, 0x2, [@TCA_FLOW_EMATCHES={0x44, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0xfffb}}, @TCA_EMATCH_TREE_LIST={0x38, 0x2, 0x0, 0x1, [@TCF_EM_CANID={0x34, 0x1, 0x0, 0x0, {{0x7, 0x7, 0x2}, {{0x0, 0x1, 0x0, 0x1}, {0x0, 0x1, 0x1, 0x1}}}}, @TCF_EM_META={0x20, 0x2, 0x0, 0x0, {{0xfffb, 0x4, 0x2}, [@TCA_EM_META_HDR={0xc, 0x1, {{0x5, 0xe, 0x2}, {0x0, 0x7, 0x2}}}, @TCA_EM_META_LVALUE={0x5, 0x2, [@TCF_META_TYPE_VAR="d7"]}]}}]}]}]}}]}, 0x78}, 0x1, 0x0, 0x0, 0x51}, 0x20040054) r6 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_GET_ONE_REG(r6, 0x4018aee3, &(0x7f0000000140)=@arm64_core={0x0, 0x0}) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x50) rseq(&(0x7f0000000040), 0xfffffffffffffdb2, 0x0, 0x0) rseq(&(0x7f0000000040)={0x0, 0x0, 0x0, 0x5}, 0x20, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) 6.367534399s ago: executing program 34 (id=385): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) msgctl$MSG_STAT(0x0, 0xb, 0x0) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) ioctl$MON_IOCX_MFETCH(0xffffffffffffffff, 0xc0109207, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r3 = socket(0x10, 0x803, 0x0) r4 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x4, 0xc00}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4048810}, 0x0) sendmsg$nl_route_sched(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newtfilter={0x78, 0x2c, 0xd27, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, r5, {0x9, 0xfff1}, {}, {0x8, 0xf}}, [@filter_kind_options=@f_flow={{0x9}, {0x48, 0x2, [@TCA_FLOW_EMATCHES={0x44, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0xfffb}}, @TCA_EMATCH_TREE_LIST={0x38, 0x2, 0x0, 0x1, [@TCF_EM_CANID={0x34, 0x1, 0x0, 0x0, {{0x7, 0x7, 0x2}, {{0x0, 0x1, 0x0, 0x1}, {0x0, 0x1, 0x1, 0x1}}}}, @TCF_EM_META={0x20, 0x2, 0x0, 0x0, {{0xfffb, 0x4, 0x2}, [@TCA_EM_META_HDR={0xc, 0x1, {{0x5, 0xe, 0x2}, {0x0, 0x7, 0x2}}}, @TCA_EM_META_LVALUE={0x5, 0x2, [@TCF_META_TYPE_VAR="d7"]}]}}]}]}]}}]}, 0x78}, 0x1, 0x0, 0x0, 0x51}, 0x20040054) r6 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_GET_ONE_REG(r6, 0x4018aee3, &(0x7f0000000140)=@arm64_core={0x0, 0x0}) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x50) rseq(&(0x7f0000000040), 0xfffffffffffffdb2, 0x0, 0x0) rseq(&(0x7f0000000040)={0x0, 0x0, 0x0, 0x5}, 0x20, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) 6.045727231s ago: executing program 2 (id=387): prlimit64(0x0, 0xe, &(0x7f0000000340)={0xa, 0x400000000008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs={0x0, 0x0, 0x8000}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002078316e00000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b7030000000000008500000006000000850000000500000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r3}, 0x10) rt_sigaction(0xd, &(0x7f00000002c0)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) poll(&(0x7f0000000040)=[{0xffffffffffffffff, 0x80cd}], 0x1, 0x7) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r5, &(0x7f0000000040)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r5, 0x0) ioctl$KVM_X86_SETUP_MCE(r5, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x41624800ab11328e, 0x4}) sendmmsg$inet6(r4, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) 4.872142809s ago: executing program 4 (id=388): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000a00)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWRULE={0x2d8, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x2b8, 0x4, 0x0, 0x1, [{0x2b4, 0x1, 0x0, 0x1, @cmp={{0x8}, @val={0x2a8, 0x2, 0x0, 0x1, [@NFTA_CMP_DATA={0x10, 0x3, 0x0, 0x1, [@NFTA_DATA_VALUE={0x9, 0x1, "63ee0d3f5e"}]}, @NFTA_CMP_SREG={0x8, 0x1, 0x1, 0x0, 0xf}, @NFTA_CMP_DATA={0x1b8, 0x3, 0x0, 0x1, [@NFTA_DATA_VALUE={0x30, 0x1, "3f04f34e0409257ad1248552a65587fdaa0b3d1bfd567260d18801f0b4949e4930045a4a971c85c43859bd2b"}, @NFTA_DATA_VALUE={0x7f, 0x1, "f5c4eabd9874c30c797e4ce05a963cd0575f1648b2fe7a08631b8c23b16a3cf82324a55945eceaaa10fc702322bd5d788283be11dbf4e3bf1e25868726a637fd80f561656e43c6ae08810652d3d4650986b50b788918f04bf8625b5f2ba5341000de1a8f8b16b7bb058ee94d446e31c63f123049beefd519f1cdf0"}, @NFTA_DATA_VALUE={0xb2, 0x1, "12b2fc705ccb2d44c96dcc56f210ca054ba72b2f303fa84a51968c8a220fc2f10de1d43874b6634904ebe199d19d7c2033d93afe907a962bc54adba14f708ddd2d50fc99175d5135c657e2be1e90803bf814dfdd27957d26bca0629c7dacc4f503220ac3242aec6f07a48931dfd911b544a8996e3d0b5824efd112dee9af2465c7dfb7d5312bcc0a0c12baab0432fcedad72c05490aa725709867806f6da1685fbad293f51ddce766da1d0398f8b"}, @NFTA_DATA_VERDICT={0x50, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CHAIN_ID={0x8, 0x3, 0x1, 0x0, 0x3}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz0\x00'}, @NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz1\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffe}]}]}, @NFTA_CMP_DATA={0xd4, 0x3, 0x0, 0x1, [@NFTA_DATA_VALUE={0x2f, 0x1, "17d1ef9e47cedf9f8988f4c93cbd02d870ace33b10480690a947b1869b60d820ff8a417e25593e0bf8cd51"}, @NFTA_DATA_VERDICT={0x4}, @NFTA_DATA_VALUE={0x4d, 0x1, "ac3b23e3bfe92d006b757893df2d1a51faad328a079283afcaa8b0d7b1c89ef15dd1653f6d6f44dadeebacda120c51e2dcfd296eec5989fab77d7360931064b7424efa4420d291dd91"}, @NFTA_DATA_VALUE={0x48, 0x1, "25aea1817262990f08c6f8fff92fb47762c86a7be23a05e47d0652b78f62de3917c6dd0b861220c5aecfc08fbfd9280edca769aef8f06c3ee565bb6895fcad68e7e2d916"}, @NFTA_DATA_VERDICT={0x4}]}]}}}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x300}, 0x1, 0x0, 0x0, 0x40}, 0x24000840) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r1) socket$rxrpc(0x21, 0x2, 0xa) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x60140, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_SET_TSC_KHZ_vm(r5, 0xaea2, 0x2069af) ioctl$KVM_SET_LAPIC(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000440)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e38e06c5fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b53606000000000000007c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df1001000000000694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34cf2645cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6424923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f580968af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff0000f5620000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb010100000000000001a047526865c888c9ff36056cc4ad258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe656c9c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d819164300"}) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f00000000c0)={0x0, @private, @initdev}, &(0x7f0000000100)=0xc) sendmsg$ETHTOOL_MSG_LINKINFO_GET(r1, &(0x7f0000000300)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000002c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="64010000", @ANYRES16=r3, @ANYBLOB="00012abd7000fddbdf2502000000180001801400020070696d726567310000000000000000007c000180140002006e65747063693000000000000000000014000200697036677265300000000000000000001400020064766d7270300000000000000000000008000100", @ANYRES32=r6, @ANYBLOB="080003000100000008000100", @ANYRES32=0x0, @ANYBLOB="140002006e696376663000000000000000000000080003000300000008000300030000006c000180080003000300000014000200626f6e645f736c6176655f30000000001400020070696d367265673100000000000000001404000000000000006c6c657230000000b4354f490003000100040008000100", @ANYRES32=0x0, @ANYBLOB="14000200626f6e645f736c6176655f300000000050000180080003000200000014000200626f6e645f736c6176655f31000000001400020076657468315f746f5f6873720000000008000100", @ANYRES32=0x0, @ANYBLOB="1400020074756e6c3000"/20], 0x164}}, 0x44800) syz_emit_ethernet(0xba, &(0x7f0000000940)={@multicast, @random="0000fc00", @void, {@mpls_mc={0x8848, {[{0x9}, {0x2}, {0x1}, {0x2, 0x0, 0x1}], @ipv4=@tipc={{0x8, 0x4, 0x3, 0x18, 0x9c, 0x68, 0x0, 0x6, 0x6, 0x0, @empty, @multicast1, {[@noop, @timestamp={0x44, 0x4, 0x80, 0x0, 0x3}, @ra={0x94, 0x4}]}}, @name_distributor={{0x7c, 0x0, 0x0, 0x0, 0x1, 0xa, 0xb, 0x2, 0x3, 0x0, 0x1, 0x2010, 0x6, 0x3, 0x4e23, 0x4e24, 0x1}, [{0x9, 0x8, 0x1, 0xfffffff9, 0x4, 0x3, 0xa}, {0x3, 0x42a, 0x7, 0x7, 0xd3, 0x2, 0x1, 0x7}, {0x2, 0x8e, 0x4, 0x2, 0xff, 0x5, 0x2, 0x3}]}}}}}}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000540)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r2, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r7, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 4.864275489s ago: executing program 2 (id=389): syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) syz_emit_ethernet(0x4e, &(0x7f0000000600)=ANY=[@ANYBLOB="aaaaaaaaaaaa1780d206050086dd6018232500182c00fe8000000000000000000000000000bbfe8000000000000000000000000000aa620202"], 0x0) syz_emit_ethernet(0x3e, &(0x7f00000001c0)={@local, @link_local={0x17, 0x80, 0xc2, 0x6, 0x5}, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "182325", 0x8, 0x2c, 0x0, @remote, @local, {[@routing={0x2b, 0x0, 0x2, 0x1}]}}}}}, 0x0) 4.6556803s ago: executing program 2 (id=390): r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) read$FUSE(0xffffffffffffffff, 0x0, 0x0) unlinkat(0xffffffffffffff9c, 0x0, 0x200) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r3 = dup3(r2, r1, 0x0) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r4, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001040)={0x4c, 0x0, &(0x7f0000000ec0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x41, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000740)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x400}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000c00)={0x44, 0x0, &(0x7f0000000a80)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000140)={0xc, 0x0, &(0x7f0000000100)=[@free_buffer], 0x0, 0x0, 0x0}) write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) openat$vnet(0xffffffffffffff9c, 0x0, 0x2, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x24, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0xa, 0x10}}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) 4.533862361s ago: executing program 4 (id=391): io_setup(0x3, &(0x7f0000001540)=0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) timer_create(0x0, &(0x7f0000000680)={0x0, 0x21}, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r2, 0x0, r3, 0x0, 0x7, 0x0) creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) io_pgetevents(r0, 0x3, 0x3, &(0x7f0000001580)=[{}, {}, {}], &(0x7f0000000000), &(0x7f0000001740)={&(0x7f0000001700)={[0xa5]}, 0x8}) 3.522158198s ago: executing program 4 (id=392): r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_S_SELECTION(r0, 0xc040565f, &(0x7f00000000c0)={0x2, 0x0, 0x1, {0x9, 0x0, 0x6, 0x7fffffff}}) 3.379993088s ago: executing program 4 (id=393): syz_mount_image$iso9660(&(0x7f0000000140), &(0x7f0000000000)='./file0\x00', 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB='map=normal,mode=0x000000000000003f,cruft,map=acorn,nocompress,cruft,utf8,nocompress,map=off,gid=', @ANYRESHEX=0x0, @ANYRESDEC], 0x1, 0x9e8, &(0x7f0000002400)="$eJzs3c1vHOd9B/Dv8EWiaUOSbdV1BdtayZVM2yxFUrVUwYdWIlcSXb4UJAVY6MFyLaoQxNat3QK2UaAyUPRUowVa9JDcjJxyMuBLfAl8S27JKYcAgf8FIyflxGBml9SSXHJJhW+WPx9id+flN8/zm53Zebi7s/OE75alo6vGlpaq2yOO3/jxHmTMAXZl/JvPv/isvH16P4fSnTeKnyR9SWpJT5Lnk96x8dmZqQ4F3UtuJfk6KZIcTuNxS26l+O889XD86xQ/LOvd0KGtlkwnS3yv7ff+BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB1ExNj48PFIcysT0jbdrDUltnbHx2ZkiS0vr5ywv0/BV1et38VXHepOivKWvb7mr7+ePP5z9XJLa6bzQGHuh6pA8ffnkyeeOvflsT9fy8htl8wc5vPViP/z4k3vvLi4ufLAriRx81+rTE3MzE1OXr9VrE3MztUsXLgyfu351rnZ1YrI+d3Nuvj5VG5utX56fma0NjL1aG7l06XytPnRz5sb0tfGhyfryxIt/Njo8fKH21tDf1C/Pzs1Mn3traG7s+sTk5MT0tSqmnF3GXCx3xL+emK/N1y9P1Wp37i4unF+TU3fW7L9l0EinNSmDRjsFjQ6Pjo6MjI6OfNrsPXtlwoU3Lr1xcXi4Z3iNrIvYpZ2Wg+WJjTfzzh/E4RF1Ndr/ZDITmc6NvJ1a27+xjGc2M5naYH7Tcvt/5lx903pb2/9mK9/TMvtEeXc6LzVH+zZo/zfIZe/+PszH+ST38m4Ws5iFfLDvGe3t37XUM52JzGUmE5nK5WpKrTmllku5kAsZzju5npOZSy1XM5HJ1DOXm5nLfOrVHjWW2dRzOfOZyWxqGchYXk0tI7mUSzmfWuoZys3M5Eamcy3juVyVcid3q+f9/CY5rgSNbCVodJOgdY35ttv/+tp/Tvje2fmDODyipWb7f6hz6MDYXiQEAAAA7Lg/+XmOHH/mZ79JirxYfS5/dWKyPrzfaQEAAAA7qDpd74XyobccejGF9/8AAADwuCmq39gVSfpzsjG0/EsoHwIAAADAY6L6/v+lFCcfTvD+HwAAAB4zna+x3zGiGFy+/G/tduPxdjOiMVb0X52YrA+NzUy+OZKz1VUGql8arCutOyl6q58fvJZTjahT/Y3H/ocllnX2lVEjQ2+O5LWcbq7IwMvlw8sDbSJHG5GvNCJfaY3szqrI82UkADzuTm/SHm+1/X8tg42IwRNVk99zok0bPKxlBYCDYqWPnd81uzRr0/43I17aqP3/803e/5cRz+TOycYpBUN5L+9nMbczmOYZByfblbrcG0HjNITBDp8G9DdPWfjlxa4Mrvs8oG9lXVtjFzKawbafCLSUWyzncL4R17072wAA9trpTdvhrbX/gx3e//c7pRAADpSVHux3cWC/1xEAWE0rDQAAAAAAAAAAAAAAAAAAAAAAAAAAADtvSxfw/8XZZHFxIdmDzgJWBvq2k+HmA13Zo5z3faA7yX7V/pfZ9lLlNj4oT52B1QP7fGACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgTxRJd7vpXcnhJMNJzu19Vrvn/n4nsFNqj7ZY8SAP8lGO7HQ6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAADfd83r/3el8fhkY1J6upIzSW4l+dv9znEnPdjvBPbNP1T3Ldf/70p6s1Skp7HZU/SOjc/OTJWbvzhczv/m8y8+K2+dy17fq0JZQFnDqs4lmjW0TOldvdTT1VL94wsf3vuX9/+pNn6l2jGvzF+dHJ+6NvtXDwOfK75sdIHQ2g3Ccr7/duan/9My+VCz8i/LNW1vbb1Xq3rH19f7x+2W3qDeLbi7uDBa1jRff3v+X//x7kcts57JqeTlgWRgdU1/X942qOnU2udzteLb4j+LI/n/3Kq2f/lsFEtFuYmOVuv/xJ27iwtD772/eHslp39fldOxnExyO+nbek4nq+NJW9Ve19Vb1jpcBZV3xzuUt6mWEkc2eF6frnaZ/m2tQ23jdah0eN6bGZ1vm9H//vOzObvtLX22Q41tFd8Wvy6u51f5j5b+P7rK7X8mbV+dbYqoIlv2lNZ5q15eXY3Ias1HW2e8s7bMDV+V7IL/yt/lL1a2f1fL8b+5rfbmeNRSY/vXRbL918WPjq5rUR6qWqTja1qk5tFno2WaeR5vRG2Q5x/l9aTnxLaOKK93OKLs1uv/B8VAfpv7+v8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOviLpbje9KzmT5FiSo+V4LVlaG3P/Eerr6i8eJc0d8yg5f/cUG65o8SAP8lGO7HVGAAAAAAAAAOyOK+PffP7FZ+Wt+j6+O3/a1ZxTS3qSHCv+r3dsfHZmqkNBvcmt5a/0+7aXw63y7qmH41+XY893WGh/Tx8AgO+03wcAAP//BZNu0Q==") socket(0x840000000002, 0x3, 0x100) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002078316e00000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b703000000000000850000000600"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r4}, 0x10) bind$inet(0xffffffffffffffff, 0x0, 0x0) write(r0, &(0x7f0000000000)="2d000000010001", 0x7) syz_usb_connect(0x0, 0x3f, &(0x7f0000000000)=ANY=[@ANYBLOB, @ANYRES16], 0x0) 1.986778487s ago: executing program 2 (id=394): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x200002, 0x0) close(r1) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0xb}, {0xffff, 0xffff}, {0x0, 0xfff3}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x100, 0x7, 0x6361, 0x5, 0xffffffed, 0x6}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=@newqdisc={0x30, 0x24, 0x4ee4e6a52ff56541, 0x70b923, 0x80000, {0x0, 0x0, 0x0, r4, {0x0, 0xd}, {0xb, 0xb}, {0xa, 0xb}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x2001c061}, 0x4008000) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r6 = socket$packet(0x11, 0x2, 0x300) sendto$packet(r6, 0x0, 0x0, 0x40, &(0x7f00000001c0)={0x11, 0x8100, r5, 0x1, 0xd8, 0x6, @random="98c8ca7122df"}, 0x14) 1.64181505s ago: executing program 5 (id=370): r0 = syz_usb_connect(0x3, 0x3f, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000016038308c5109a8146e40102230109022d0001000000000904000003030000000905be3b"], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000bc0)={0x84, &(0x7f0000000600)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f00000004c0)={0x34, &(0x7f0000000300)={0x40, 0x31}, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f00000009c0)={0x44, &(0x7f0000000500)={0x40, 0xe, 0x2, "dbf2"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 1.58005841s ago: executing program 2 (id=395): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x11, 0xffffffffffffffff, 0xdd0bb000) ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0186405, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x1, 0x2, 0x42, 0x40, 0x0, 0x1}, 0x50) bpf$MAP_LOOKUP_BATCH(0x1b, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) r2 = socket(0x10, 0x803, 0x0) sendto(r2, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x50, 0x2, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_TYPENAME={0x15, 0x3, 'hash:ip,port,net\x00'}]}, 0x50}}, 0x0) ioctl$VIDIOC_G_CROP(0xffffffffffffffff, 0xc014563b, &(0x7f0000000480)={0x2, {0x3ff, 0xd352, 0x5, 0xd143}}) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_TEST(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYBLOB="540000000906010200000000000000000500000205000100070000002c0007800c00148008000140e00000020c0001800800014064010100060004404e20000005000700840000000900020073797a31"], 0x54}, 0x1, 0x0, 0x0, 0x4010}, 0x4800) sendmsg$IPSET_CMD_FLUSH(r3, 0x0, 0x80) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000007c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCETHTOOL(r6, 0x8946, &(0x7f0000000f00)={'dummy0\x00', &(0x7f0000000140)=@ethtool_perm_addr={0x4b, 0x4a, "4b721b782a17a7b6a00d96363f7fdafd95073830fb8cfb34eb7cbd173ef6f0710ef2264f4cba5a1e6a6f0ef6c61346d54f61bd850519514421d1f305010caca7450a7e310aee20c7960c"}}) recvmmsg(r2, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380), 0x0, &(0x7f0000000600)=""/191, 0xbf}}], 0x1, 0x2040000, &(0x7f0000003700)={0x77359400}) getsockopt$inet_sctp6_SCTP_GET_ASSOC_NUMBER(r2, 0x84, 0x1c, &(0x7f0000000300), &(0x7f0000000340)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x8) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) 313.484748ms ago: executing program 4 (id=396): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4) 150.835399ms ago: executing program 4 (id=397): r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) syz_open_dev$swradio(&(0x7f0000000000), 0x1, 0x2) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$sock_inet_udp_SIOCOUTQ(0xffffffffffffffff, 0x5411, &(0x7f00000002c0)) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CAP_SPLIT_IRQCHIP(0xffffffffffffffff, 0x4068aea3, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4400ae8f, &(0x7f0000000140)=@arm64={0x8, 0x80, 0x0, '\x00', 0x5c8d}) r6 = fsopen(&(0x7f0000000100)='hpfs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r6, 0x1, &(0x7f0000000180)='gid', &(0x7f0000000440)='\x05\x00#\x00\xd0\x00 \x00\x00qS\x00\x00\x00\x00\x00\x00\x00\x00$\xf6_\xbdI\x1c\xf2\xa9]\xcc\xe0*\xef\x01\x8d\x15\xd2h\x93\xc9\xb57\xc3\xea\\Eb\xf8\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"d\xf0D-\x98\x9f\x81F\xa9sz{\xfc$\xc4\xbcF\xf8\xc8\x8d\xcb\xb8\xf2\x1e\xe4\'U\xb3\xb8\xd3\xe6\xd7\x80Y\xc2\xeb\n\xb8_\xe8\x96YY\xe3\xc7\xe6\xf28\x19\xa6\xa7\xfa\xdb\x1ce\xc1\x03\x86J\xb2fh\x19\xee#\xcc\x0f\xed\xfea\xdc\x88\xcb%bW\xd35\xda=\xac\x1d\xae\x93\xfd\'T6\x94\n\xa4\x9cU\xc4\fA~[\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\\\x0f\xef;\x03\xa4C\xbc(Vc!a\xc1\xe39\xc6b\x905\xf8\xc9@h\x01\xf5\xcb\x88\xdf9\xaf5\xc8a:z\xe4\xcbag&67\x814\xf6}\xe10v6l\xd6,\x1e\xa0\xcc\xbf\xfdkm\b?\x839\x85N\x1c\xc1\xcb\xfc\x85\xd2\n\x02\"\xf2\x81g\x90\x01n%\x7f_\xe1.f>>\xa5\xfb\"\xab\xdb\x06\x12e\x14\x11~\x9a\bR-\x85\xc3\xa9\xe6\xf6R\x11\"\xc3\xc9\xfc\x14s X\xec\xdd\xc2qB\x85\xf0\xd7\x04\xdd<\x8d\x84\'\xa3\xf1', 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) sendmsg$IPSET_CMD_RENAME(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x900, &(0x7f0000000200)={&(0x7f0000000040)={0x34, 0x5, 0x6, 0x201, 0x0, 0x0, {0x1, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_SETNAME2={0x9, 0x3, 'syz2\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0x4}, 0x40) landlock_create_ruleset(&(0x7f0000000000)={0x0, 0x1}, 0x18, 0x0) syz_usb_connect(0x4, 0x6a, &(0x7f0000000480)={{0x12, 0x1, 0x200, 0x84, 0x89, 0x46, 0xff, 0x1d4d, 0xc, 0x1197, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x58, 0x3, 0x21, 0x0, 0x10, 0x1, [{{0x9, 0x4, 0x14, 0xf, 0x0, 0xb8, 0xf, 0xb7, 0x6}}, {{0x9, 0x4, 0x7e, 0x8, 0x5, 0xc4, 0xe4, 0x13, 0x1, [], [{{0x9, 0x5, 0xd, 0x10, 0x3ff, 0x19, 0xe, 0x1d}}, {{0x9, 0x5, 0x80, 0x1, 0x3ff, 0x6, 0x0, 0x9}}, {{0x9, 0x5, 0xe, 0x4, 0x40, 0x7, 0xd, 0x5}}, {{0x9, 0x5, 0x9, 0x1, 0x10, 0xd, 0x2, 0xfb, [@uac_iso={0x7, 0x25, 0x1, 0x3, 0x1, 0x5}]}}, {{0x9, 0x5, 0xd, 0x0, 0x8, 0x6, 0x4, 0x8}}]}}, {{0x9, 0x4, 0x6, 0x81, 0x0, 0xfc, 0x5b, 0x82, 0xd7}}]}}]}}, 0x0) openat$full(0xffffffffffffff9c, 0x0, 0x2fb71da98128d4bd, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 0s ago: executing program 2 (id=398): io_setup(0x3, &(0x7f0000001540)=0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) timer_create(0x0, &(0x7f0000000680)={0x0, 0x21}, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r2, 0x0, r3, 0x0, 0x7, 0x0) creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) io_pgetevents(r0, 0x3, 0x3, &(0x7f0000001580)=[{}, {}, {}], &(0x7f0000000000), &(0x7f0000001740)={&(0x7f0000001700)={[0xa5]}, 0x8}) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.48' (ED25519) to the list of known hosts. [ 57.391173][ T5770] cgroup: Unknown subsys name 'net' [ 57.549723][ T5770] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 58.923662][ T5770] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 60.737073][ T5782] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 60.753992][ T5782] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 60.761726][ T5782] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 60.769869][ T5782] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 60.777784][ T5782] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 60.785168][ T5782] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 60.871464][ T5782] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 60.880300][ T5782] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 60.888184][ T5782] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 60.899923][ T5787] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 60.935382][ T5791] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 60.942922][ T5791] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 60.979560][ T5102] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 60.986695][ T51] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 60.987958][ T51] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 60.995621][ T5102] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 61.002550][ T51] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 61.014627][ T5102] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 61.016743][ T51] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 61.022969][ T5102] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 61.030852][ T51] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 61.037439][ T5102] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 61.043924][ T51] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 61.050853][ T5102] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 61.224795][ T5780] chnl_net:caif_netlink_parms(): no params data found [ 61.340565][ T5780] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.347834][ T5780] bridge0: port 1(bridge_slave_0) entered disabled state [ 61.355475][ T5780] bridge_slave_0: entered allmulticast mode [ 61.362180][ T5780] bridge_slave_0: entered promiscuous mode [ 61.401719][ T5780] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.409083][ T5780] bridge0: port 2(bridge_slave_1) entered disabled state [ 61.416604][ T5780] bridge_slave_1: entered allmulticast mode [ 61.423261][ T5780] bridge_slave_1: entered promiscuous mode [ 61.476187][ T5780] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 61.498281][ T5780] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 61.591065][ T5780] team0: Port device team_slave_0 added [ 61.603935][ T5780] team0: Port device team_slave_1 added [ 61.644731][ T5783] chnl_net:caif_netlink_parms(): no params data found [ 61.675378][ T5780] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 61.682431][ T5780] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 61.708460][ T5780] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 61.750594][ T5780] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 61.757930][ T5780] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 61.785864][ T5780] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 61.797573][ T5786] chnl_net:caif_netlink_parms(): no params data found [ 61.858832][ T5785] chnl_net:caif_netlink_parms(): no params data found [ 61.910416][ T5783] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.917793][ T5783] bridge0: port 1(bridge_slave_0) entered disabled state [ 61.925090][ T5783] bridge_slave_0: entered allmulticast mode [ 61.931743][ T5783] bridge_slave_0: entered promiscuous mode [ 61.951771][ T5780] hsr_slave_0: entered promiscuous mode [ 61.958136][ T5780] hsr_slave_1: entered promiscuous mode [ 61.965732][ T5783] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.972837][ T5783] bridge0: port 2(bridge_slave_1) entered disabled state [ 61.980280][ T5783] bridge_slave_1: entered allmulticast mode [ 61.987184][ T5783] bridge_slave_1: entered promiscuous mode [ 62.062435][ T5783] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 62.075619][ T5786] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.082732][ T5786] bridge0: port 1(bridge_slave_0) entered disabled state [ 62.091130][ T5786] bridge_slave_0: entered allmulticast mode [ 62.098150][ T5786] bridge_slave_0: entered promiscuous mode [ 62.110107][ T5786] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.117317][ T5786] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.124557][ T5786] bridge_slave_1: entered allmulticast mode [ 62.131574][ T5786] bridge_slave_1: entered promiscuous mode [ 62.139571][ T5783] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 62.210067][ T5783] team0: Port device team_slave_0 added [ 62.226803][ T5785] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.234102][ T5785] bridge0: port 1(bridge_slave_0) entered disabled state [ 62.241226][ T5785] bridge_slave_0: entered allmulticast mode [ 62.249394][ T5785] bridge_slave_0: entered promiscuous mode [ 62.262146][ T5785] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.269510][ T5785] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.276973][ T5785] bridge_slave_1: entered allmulticast mode [ 62.284068][ T5785] bridge_slave_1: entered promiscuous mode [ 62.302709][ T5783] team0: Port device team_slave_1 added [ 62.335774][ T5783] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 62.342740][ T5783] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.369113][ T5783] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 62.394563][ T5786] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 62.410142][ T5786] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 62.419858][ T5783] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 62.426898][ T5783] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.452904][ T5783] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 62.485254][ T5785] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 62.520628][ T5786] team0: Port device team_slave_0 added [ 62.528837][ T5786] team0: Port device team_slave_1 added [ 62.550656][ T5785] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 62.588975][ T5785] team0: Port device team_slave_0 added [ 62.630596][ T5785] team0: Port device team_slave_1 added [ 62.636995][ T5786] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 62.644406][ T5786] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.670917][ T5786] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 62.712197][ T5786] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 62.719466][ T5786] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.745477][ T5786] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 62.767432][ T5783] hsr_slave_0: entered promiscuous mode [ 62.774108][ T5783] hsr_slave_1: entered promiscuous mode [ 62.780158][ T5783] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 62.787945][ T5783] Cannot create hsr debugfs directory [ 62.812318][ T5785] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 62.819331][ T5785] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.834229][ T5102] Bluetooth: hci0: command tx timeout [ 62.845612][ T5785] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 62.890086][ T5785] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 62.897369][ T5785] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.923828][ T5785] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 62.978370][ T5786] hsr_slave_0: entered promiscuous mode [ 62.985255][ T5786] hsr_slave_1: entered promiscuous mode [ 62.991293][ T5786] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 62.993553][ T5102] Bluetooth: hci1: command tx timeout [ 62.999777][ T5786] Cannot create hsr debugfs directory [ 63.076564][ T5102] Bluetooth: hci2: command tx timeout [ 63.124051][ T5785] hsr_slave_0: entered promiscuous mode [ 63.130233][ T5785] hsr_slave_1: entered promiscuous mode [ 63.136849][ T5785] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 63.144594][ T5785] Cannot create hsr debugfs directory [ 63.155001][ T5102] Bluetooth: hci3: command tx timeout [ 63.200574][ T5780] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 63.242654][ T5780] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 63.286026][ T5780] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 63.296922][ T5780] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 63.464815][ T5786] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 63.476640][ T5786] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 63.486575][ T5786] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 63.498292][ T5786] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 63.584558][ T5783] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 63.601100][ T5783] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 63.619117][ T5783] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 63.634362][ T5783] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 63.659835][ T5780] 8021q: adding VLAN 0 to HW filter on device bond0 [ 63.708481][ T5785] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 63.718915][ T5785] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 63.732264][ T5785] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 63.742110][ T5785] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 63.776746][ T5780] 8021q: adding VLAN 0 to HW filter on device team0 [ 63.808286][ T42] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.815648][ T42] bridge0: port 1(bridge_slave_0) entered forwarding state [ 63.828449][ T42] bridge0: port 2(bridge_slave_1) entered blocking state [ 63.835635][ T42] bridge0: port 2(bridge_slave_1) entered forwarding state [ 63.876307][ T5786] 8021q: adding VLAN 0 to HW filter on device bond0 [ 63.942501][ T5786] 8021q: adding VLAN 0 to HW filter on device team0 [ 63.989468][ T42] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.996659][ T42] bridge0: port 1(bridge_slave_0) entered forwarding state [ 64.026642][ T42] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.033829][ T42] bridge0: port 2(bridge_slave_1) entered forwarding state [ 64.072852][ T5783] 8021q: adding VLAN 0 to HW filter on device bond0 [ 64.129008][ T5783] 8021q: adding VLAN 0 to HW filter on device team0 [ 64.164991][ T5785] 8021q: adding VLAN 0 to HW filter on device bond0 [ 64.187143][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.194344][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 64.225341][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.232492][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 64.278195][ T5780] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 64.325003][ T5785] 8021q: adding VLAN 0 to HW filter on device team0 [ 64.375525][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.382665][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 64.421280][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.428470][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 64.505725][ T5780] veth0_vlan: entered promiscuous mode [ 64.551387][ T5785] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 64.574919][ T5780] veth1_vlan: entered promiscuous mode [ 64.629094][ T5786] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 64.682563][ T5780] veth0_macvtap: entered promiscuous mode [ 64.728300][ T5780] veth1_macvtap: entered promiscuous mode [ 64.792933][ T5786] veth0_vlan: entered promiscuous mode [ 64.808327][ T5786] veth1_vlan: entered promiscuous mode [ 64.831379][ T5780] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 64.858995][ T5780] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 64.878811][ T5783] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 64.897518][ T5780] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.910418][ T5780] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.925029][ T5102] Bluetooth: hci0: command tx timeout [ 64.929975][ T5780] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.939322][ T5780] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 64.957365][ T5786] veth0_macvtap: entered promiscuous mode [ 64.970616][ T5786] veth1_macvtap: entered promiscuous mode [ 65.031083][ T5785] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 65.059341][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 65.070856][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.084696][ T5102] Bluetooth: hci1: command tx timeout [ 65.086038][ T5786] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 65.113114][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 65.123827][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.135951][ T5786] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 65.154998][ T5102] Bluetooth: hci2: command tx timeout [ 65.164929][ T5783] veth0_vlan: entered promiscuous mode [ 65.188964][ T5786] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.198419][ T5786] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.207617][ T5786] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.216410][ T5786] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.243179][ T5102] Bluetooth: hci3: command tx timeout [ 65.247130][ T3541] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.274475][ T5785] veth0_vlan: entered promiscuous mode [ 65.289530][ T5785] veth1_vlan: entered promiscuous mode [ 65.296807][ T3541] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.323166][ T5783] veth1_vlan: entered promiscuous mode [ 65.367844][ T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.383187][ T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.428829][ T5783] veth0_macvtap: entered promiscuous mode [ 65.439915][ T5783] veth1_macvtap: entered promiscuous mode [ 65.449836][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.457136][ T5785] veth0_macvtap: entered promiscuous mode [ 65.464575][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.530975][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 65.533109][ T5785] veth1_macvtap: entered promiscuous mode [ 65.547968][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 65.549593][ T5783] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 65.566559][ T5783] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.576708][ T5783] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 65.587491][ T5783] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.599170][ T5783] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 65.611994][ T5783] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 65.623804][ T5783] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.635730][ T5783] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 65.646674][ T5783] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.658291][ T5783] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 65.695817][ T5783] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.706647][ T5783] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.717089][ T5783] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.727748][ T5783] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 65.747475][ T5785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 65.766731][ T5785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.772414][ T5862] syz.0.1[5862]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 65.787800][ T5785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 65.800349][ T5862] loop0: detected capacity change from 0 to 1024 [ 65.807388][ T5785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.817862][ T5785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 65.848327][ T5785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.867288][ T5785] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 65.915261][ T5785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 65.953333][ T5785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 65.963191][ T5785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 65.991247][ T5785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.003636][ T5785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 66.018212][ T5785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.030246][ T5862] EXT4-fs: Ignoring removed nomblk_io_submit option [ 66.031577][ T5785] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 66.059599][ T5862] EXT4-fs: quotafile must be on filesystem root [ 66.111567][ T5785] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.137231][ T5785] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.147096][ T5785] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.163217][ T5785] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.194826][ T5862] warning: `syz.0.1' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 66.278194][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.310605][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.368488][ T5862] loop0: detected capacity change from 0 to 4096 [ 66.387506][ T42] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.401805][ T42] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.416154][ T5862] ntfs: (device loop0): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 66.486716][ T5862] ntfs: (device loop0): ntfs_read_locked_inode(): Corrupt standard information attribute in inode. [ 66.544374][ T5862] ntfs: (device loop0): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xa as bad. Run chkdsk. [ 66.574926][ T3541] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.582780][ T3541] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.610627][ T5862] ntfs: (device loop0): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 66.649746][ T5862] ntfs: volume version 3.1. [ 66.729679][ T5862] ntfs: (device loop0): ntfs_put_super(): Volume has errors. Leaving volume marked dirty. Run chkdsk. [ 66.762272][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.791178][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.010437][ T5102] Bluetooth: hci0: command tx timeout [ 67.155667][ T5102] Bluetooth: hci1: command tx timeout [ 67.234329][ T5102] Bluetooth: hci2: command tx timeout [ 67.314806][ T5102] Bluetooth: hci3: command tx timeout [ 67.372160][ T5884] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 67.643910][ T5888] kvm: emulating exchange as write [ 68.909307][ T5914] loop3: detected capacity change from 0 to 256 [ 69.083776][ T5102] Bluetooth: hci0: command tx timeout [ 69.237574][ T5911] overlayfs: failed to resolve './file1/file0': -2 [ 69.248902][ T5102] Bluetooth: hci1: command tx timeout [ 69.313988][ T5102] Bluetooth: hci2: command tx timeout [ 69.409697][ T5102] Bluetooth: hci3: command tx timeout [ 70.757506][ T5934] loop2: detected capacity change from 0 to 1024 [ 70.938370][ T27] audit: type=1326 audit(1762670064.609:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5932 comm="syz.2.24" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2a6c78f6c9 code=0x0 [ 71.054757][ T5944] loop3: detected capacity change from 0 to 2048 [ 71.103248][ T5944] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 71.145319][ T5941] loop0: detected capacity change from 0 to 8192 [ 71.196870][ T5941] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [ 71.224027][ T5941] UDF-fs: Scanning with blocksize 512 failed [ 71.259168][ T5941] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [ 71.274647][ T5941] UDF-fs: Scanning with blocksize 1024 failed [ 71.311607][ T5941] UDF-fs: warning (device loop0): udf_load_vrs: No VRS found [ 71.311831][ T5946] loop2: detected capacity change from 0 to 2048 [ 71.347040][ T5941] UDF-fs: Scanning with blocksize 2048 failed [ 71.360215][ T5944] ======================================================= [ 71.360215][ T5944] WARNING: The mand mount option has been deprecated and [ 71.360215][ T5944] and is ignored by this kernel. Remove the mand [ 71.360215][ T5944] option from the mount to silence this warning. [ 71.360215][ T5944] ======================================================= [ 71.368590][ T5946] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 71.451292][ T5941] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 71.492409][ T1278] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.499502][ T1278] ieee802154 phy1 wpan1: encryption failed: -22 [ 72.028661][ T5780] UDF-fs: error (device loop0): udf_read_inode: (ino 817) failed !bh [ 72.054483][ T5780] UDF-fs: error (device loop0): udf_read_inode: (ino 817) failed !bh [ 72.218026][ T5956] loop2: detected capacity change from 0 to 1024 [ 72.399374][ T5956] hfsplus: failed to extend attributes file [ 72.601883][ T2975] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 72.614966][ T5965] binder_alloc: 5963: binder_alloc_buf, no vma [ 72.681455][ T5780] syz-executor (5780) used greatest stack depth: 20752 bytes left [ 72.795820][ T2975] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 72.906338][ T2975] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 73.746526][ T2975] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 74.013600][ T5979] capability: warning: `syz.2.42' uses deprecated v2 capabilities in a way that may be insecure [ 74.179172][ T5981] loop3: detected capacity change from 0 to 2048 [ 74.346071][ T5981] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 74.633751][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 75.973434][ T0] NOHZ tick-stop error: local softirq work is pending, handler #82!!! [ 76.126846][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 76.205350][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 76.393355][ T5787] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 76.409623][ T5787] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 76.417657][ T5787] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 76.433489][ T5787] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 76.448473][ T5787] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 76.455948][ T5787] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 76.807969][ T6000] loop2: detected capacity change from 0 to 2048 [ 76.829504][ T6006] loop3: detected capacity change from 0 to 2048 [ 76.915074][ T6000] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 76.966852][ T6006] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 77.058380][ T27] audit: type=1800 audit(1762670070.739:3): pid=6000 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.45" name="file1" dev="loop2" ino=15 res=0 errno=0 [ 77.163471][ T6000] EXT4-fs warning (device loop2): dx_probe:833: inode #2: comm syz.2.45: Unrecognised inode hash code 20 [ 77.207318][ T6000] EXT4-fs warning (device loop2): dx_probe:966: inode #2: comm syz.2.45: Corrupt directory, running e2fsck is recommended [ 77.279413][ T6000] EXT4-fs error (device loop2): ext4_read_inode_bitmap:168: comm syz.2.45: Inode bitmap for bg 0 marked uninitialized [ 77.307487][ T6020] loop3: detected capacity change from 0 to 512 [ 77.423251][ T6020] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 77.505397][ T27] audit: type=1800 audit(1762670071.179:4): pid=6020 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.47" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 77.586680][ T5783] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 77.673755][ T5843] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 77.772489][ T5785] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 77.882707][ T5843] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 77.906056][ T5843] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 77.923744][ T5843] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 77.959961][ T5843] usb 2-1: config 0 descriptor?? [ 78.009594][ T6032] loop2: detected capacity change from 0 to 128 [ 78.034712][ T6032] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256 [ 78.067368][ T6032] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 78.614473][ T5787] Bluetooth: hci0: command tx timeout [ 79.196309][ T5997] chnl_net:caif_netlink_parms(): no params data found [ 79.730157][ T6065] loop3: detected capacity change from 0 to 512 [ 79.762817][ T5997] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.787799][ T6065] [EXT4 FS bs=4096, gc=1, bpg=95, ipg=32, mo=e040e01c, mo2=0000] [ 79.807159][ T5997] bridge0: port 1(bridge_slave_0) entered disabled state [ 79.847393][ T5997] bridge_slave_0: entered allmulticast mode [ 79.865457][ T6065] System zones: 0-2, 18-18, 34-34 [ 79.895877][ T5997] bridge_slave_0: entered promiscuous mode [ 79.907241][ T5997] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.914414][ T5997] bridge0: port 2(bridge_slave_1) entered disabled state [ 79.921590][ T5997] bridge_slave_1: entered allmulticast mode [ 79.935610][ T5997] bridge_slave_1: entered promiscuous mode [ 79.946655][ T6065] EXT4-fs error (device loop3): ext4_do_update_inode:5244: inode #3: comm syz.3.54: corrupted inode contents [ 80.356405][ T6065] EXT4-fs error (device loop3): ext4_dirty_inode:6120: inode #3: comm syz.3.54: mark_inode_dirty error [ 80.432570][ T6065] EXT4-fs error (device loop3): ext4_do_update_inode:5244: inode #3: comm syz.3.54: corrupted inode contents [ 80.473147][ T6065] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #3: comm syz.3.54: mark_inode_dirty error [ 80.501872][ T6065] Quota error (device loop3): write_blk: dquota write failed [ 80.567676][ T6065] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 80.583446][ T6065] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.54: Failed to acquire dquot type 0 [ 80.608108][ T2975] hsr_slave_0: left promiscuous mode [ 80.622720][ T2975] hsr_slave_1: left promiscuous mode [ 80.635435][ T6065] EXT4-fs (loop3): 1 orphan inode deleted [ 80.654653][ T12] Quota error (device loop3): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 80.667477][ T6065] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 80.673904][ T12] EXT4-fs error (device loop3): ext4_release_dquot:6969: comm kworker/u4:1: Failed to release dquot type 1 [ 80.680783][ T5787] Bluetooth: hci0: command tx timeout [ 80.711488][ T2975] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 80.722614][ T2975] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 80.731670][ T6065] ext4 filesystem being mounted at /17/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 80.733234][ T2975] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 80.750314][ T2975] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 80.759447][ T2975] bridge_slave_1: left allmulticast mode [ 80.765202][ T2975] bridge_slave_1: left promiscuous mode [ 80.772333][ T2975] bridge0: port 2(bridge_slave_1) entered disabled state [ 80.787937][ T2975] bridge_slave_0: left allmulticast mode [ 80.794379][ T2975] bridge_slave_0: left promiscuous mode [ 80.800353][ T2975] bridge0: port 1(bridge_slave_0) entered disabled state [ 80.802166][ T9] usb 2-1: USB disconnect, device number 2 [ 80.932882][ T2975] veth1_macvtap: left promiscuous mode [ 80.940479][ T2975] veth0_macvtap: left promiscuous mode [ 81.008758][ T5785] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 81.031477][ T2975] veth1_vlan: left promiscuous mode [ 81.042402][ T2975] veth0_vlan: left promiscuous mode [ 81.795925][ T1185] cfg80211: failed to load regulatory.db [ 82.753892][ T5787] Bluetooth: hci0: command tx timeout [ 82.808765][ T2975] team0 (unregistering): Port device team_slave_1 removed [ 82.840792][ T2975] team0 (unregistering): Port device team_slave_0 removed [ 82.873813][ T2975] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 82.906700][ T2975] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 83.227335][ T2975] bond0 (unregistering): Released all slaves [ 83.306105][ T5997] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 83.448424][ T5997] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 84.362730][ T6102] loop3: detected capacity change from 0 to 32768 [ 84.526494][ T6102] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 84.570168][ T6104] loop1: detected capacity change from 0 to 32768 [ 84.685330][ T6104] debugfs: Directory 'B1DE653C5FFC4D88B33B244AAB9EB3E9' with parent 'ocfs2' already present! [ 84.778380][ T6102] input: syz1 as /devices/virtual/input/input5 [ 84.812654][ T6104] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 84.833611][ T5787] Bluetooth: hci0: command tx timeout [ 84.946019][ T6104] input: syz1 as /devices/virtual/input/input6 [ 85.203002][ T27] audit: type=1804 audit(1762670078.879:5): pid=6104 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.61" name="/newroot/13/file1/bus" dev="loop1" ino=17058 res=1 errno=0 [ 85.271985][ T5785] ocfs2: Unmounting device (7,3) on (node local) [ 85.441766][ T5786] ocfs2: Unmounting device (7,1) on (node local) [ 85.917105][ T6117] loop3: detected capacity change from 0 to 16 [ 86.163121][ T6117] erofs: (device loop3): mounted with root inode @ nid 36. [ 86.205989][ T6117] erofs: (device loop3): z_erofs_read_folio: read error -117 @ 0 of nid 36 [ 86.214944][ T6117] erofs: (device loop3): erofs_readdir: fail to readdir of logical block 0 of nid 36 [ 86.404717][ T6116] loop1: detected capacity change from 0 to 2048 [ 86.458269][ T6115] netlink: 16 bytes leftover after parsing attributes in process `syz.3.62'. [ 86.721990][ T6121] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 87.088732][ T6123] process 'syz.1.63' launched './file0' with NULL argv: empty string added [ 87.638540][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 87.741069][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 88.283693][ T6123] NILFS error (device loop1): nilfs_check_page: bad entry in directory #2: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, name_len=0 [ 88.403134][ T6123] Remounting filesystem read-only [ 89.232870][ T5997] team0: Port device team_slave_0 added [ 89.409322][ T5997] team0: Port device team_slave_1 added [ 89.551219][ T5997] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 89.562726][ T5997] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.640149][ T5997] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 89.741315][ T5997] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 89.757164][ T5997] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 89.805388][ T5997] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 89.902332][ T6141] loop3: detected capacity change from 0 to 256 [ 90.230676][ T5997] hsr_slave_0: entered promiscuous mode [ 90.248226][ T5997] hsr_slave_1: entered promiscuous mode [ 90.885562][ T6145] FAT-fs (loop3): error, corrupted file size (i_pos 196, 2097152) [ 91.331002][ T6136] loop2: detected capacity change from 0 to 32768 [ 91.419478][ T6136] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 91.487722][ T5997] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 91.507028][ T5997] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 91.559045][ T5997] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 91.588595][ T6136] input: syz1 as /devices/virtual/input/input7 [ 91.677377][ T5997] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 91.825142][ T27] audit: type=1804 audit(1762670085.499:6): pid=6136 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.66" name="/newroot/19/file1/bus" dev="loop2" ino=17058 res=1 errno=0 [ 92.159671][ T5783] ocfs2: Unmounting device (7,2) on (node local) [ 92.170828][ T5997] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.352621][ T5997] 8021q: adding VLAN 0 to HW filter on device team0 [ 92.446962][ T42] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.454928][ T42] bridge0: port 1(bridge_slave_0) entered forwarding state [ 92.507201][ T42] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.514387][ T42] bridge0: port 2(bridge_slave_1) entered forwarding state [ 92.734253][ T6195] loop2: detected capacity change from 0 to 4096 [ 92.793686][ T5821] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 92.802539][ T6195] EXT4-fs (loop2): Test dummy encryption mode enabled [ 92.814250][ T6195] EXT4-fs (loop2): stripe (97) is not aligned with cluster size (16), stripe is disabled [ 92.849788][ T6195] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0002] [ 92.863430][ T6195] System zones: 0-5 [ 92.878041][ T6195] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 93.005162][ T5821] usb 4-1: Using ep0 maxpacket: 8 [ 93.015024][ T5821] usb 4-1: config 179 has an invalid interface number: 65 but max is 0 [ 93.033722][ T5821] usb 4-1: config 179 has no interface number 0 [ 93.043450][ T5821] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 93.067453][ T5821] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 93.093939][ T5821] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 93.113604][ T5821] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 93.127273][ T5821] usb 4-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 93.140870][ T5821] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 93.150775][ T5821] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 93.178204][ T6188] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 93.189889][ T6195] fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-aesni" [ 93.428507][ T6195] fscrypt: AES-256-XTS using implementation "xts-aes-aesni" [ 93.441539][ T5821] input: Generic X-Box pad as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:179.65/input/input8 [ 93.572876][ T5783] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 93.721869][ T27] audit: type=1326 audit(1762670087.399:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6187 comm="syz.3.76" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff54018f6c9 code=0x0 [ 93.897528][ T5772] usb 4-1: USB disconnect, device number 2 [ 93.897589][ C0] xpad 4-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 93.897682][ C0] xpad 4-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 93.978250][ T5772] xpad 4-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 96.674225][ T6234] loop3: detected capacity change from 0 to 128 [ 96.743456][ T6234] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 96.809530][ T6234] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 96.858754][ T6234] ext2 filesystem being mounted at /26/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 97.044887][ T5997] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 97.276188][ T5785] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 97.405090][ T6263] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 97.890909][ T5997] veth0_vlan: entered promiscuous mode [ 97.932593][ T5997] veth1_vlan: entered promiscuous mode [ 98.013152][ T5997] veth0_macvtap: entered promiscuous mode [ 98.044103][ T5997] veth1_macvtap: entered promiscuous mode [ 98.116380][ T5997] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 98.233401][ T5997] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.243260][ T5997] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 98.299604][ T6285] loop3: detected capacity change from 0 to 512 [ 98.305963][ T5997] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.323520][ T6285] EXT4-fs: Ignoring removed nobh option [ 98.334373][ T5997] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 98.364207][ T5997] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.395853][ T6285] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz.3.88: invalid indirect mapped block 256 (level 2) [ 98.400134][ T6293] loop2: detected capacity change from 0 to 1024 [ 98.413103][ T5997] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 98.446387][ T5997] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 98.478967][ T5997] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.489152][ T5997] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 98.500621][ T5997] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.510917][ T5997] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 98.520022][ T6293] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 98.521523][ T5997] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.545217][ T5997] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 98.557294][ T6285] EXT4-fs (loop3): Remounting filesystem read-only [ 98.584015][ T5997] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.593043][ T6293] ext4 filesystem being mounted at /26/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 98.603981][ T6285] EXT4-fs (loop3): 2 truncates cleaned up [ 98.606031][ T6285] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 98.630655][ T5997] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.651871][ T5997] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.679041][ T5997] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.717850][ T6001] udevd[6001]: incorrect ext4 checksum on /dev/loop3 [ 98.720415][ T6293] EXT4-fs error (device loop2): ext4_lookup:1858: inode #15: comm syz.2.91: inode has both inline data and extents flags [ 98.793948][ T6301] EXT4-fs error (device loop2): ext4_lookup:1858: inode #15: comm syz.2.91: inode has both inline data and extents flags [ 98.888703][ T6305] EXT4-fs error (device loop2): ext4_lookup:1858: inode #15: comm syz.2.91: inode has both inline data and extents flags [ 98.922648][ T6119] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.935144][ T6119] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.956538][ T5785] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 99.074533][ T79] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.082399][ T79] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.095028][ T5783] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 99.127851][ T6311] syz.1.94 uses obsolete (PF_INET,SOCK_PACKET) [ 100.802879][ T6330] Bluetooth: hci0: Opcode 0x0c20 failed: -4 [ 100.859469][ T6320] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 101.658780][ T6367] netlink: 'syz.2.107': attribute type 2 has an invalid length. [ 101.746638][ T6369] loop1: detected capacity change from 0 to 4096 [ 101.883821][ T6369] EXT4-fs (loop1): Test dummy encryption mode enabled [ 101.965166][ T6369] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003] [ 102.008812][ T6369] System zones: 0-5 [ 102.410422][ T1185] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 102.437099][ T6369] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 102.635194][ T1185] usb 5-1: Using ep0 maxpacket: 16 [ 102.679935][ T1185] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 102.730292][ T1185] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 102.740635][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 102.749238][ T1185] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 102.753686][ T5787] Bluetooth: hci0: command 0x0c20 tx timeout [ 102.778530][ T1185] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 102.853931][ T1185] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 102.873259][ T1185] usb 5-1: config 0 descriptor?? [ 103.113537][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 103.283486][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 103.314355][ T0] NOHZ tick-stop error: local softirq work is pending, handler #308!!! [ 103.411179][ T1185] HID 045e:07da: Invalid code 65791 type 1 [ 104.176368][ T1185] input: HID 045e:07da as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:045E:07DA.0001/input/input9 [ 104.286202][ T1185] microsoft 0003:045E:07DA.0001: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.4-1/input0 [ 104.311424][ T1185] usb 5-1: USB disconnect, device number 2 [ 104.484304][ T5786] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 104.795258][ T6415] fido_id[6415]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory [ 105.006865][ T6424] loop2: detected capacity change from 0 to 256 [ 105.143468][ T1185] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 105.231247][ T6427] loop3: detected capacity change from 0 to 4096 [ 105.299418][ T6427] EXT4-fs (loop3): Test dummy encryption mode enabled [ 105.316702][ T6427] EXT4-fs (loop3): stripe (97) is not aligned with cluster size (16), stripe is disabled [ 105.342733][ T6427] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0002] [ 105.372029][ T1185] usb 5-1: config 220 has an invalid interface number: 76 but max is 2 [ 105.386440][ T1185] usb 5-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 105.395598][ T1185] usb 5-1: config 220 has an invalid descriptor of length 36, skipping remainder of the config [ 105.406320][ T1185] usb 5-1: config 220 has no interface number 2 [ 105.407276][ T6427] System zones: [ 105.412617][ T1185] usb 5-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 105.430345][ T1185] usb 5-1: config 220 interface 0 has no altsetting 0 [ 105.437233][ T1185] usb 5-1: config 220 interface 76 has no altsetting 0 [ 105.444304][ T1185] usb 5-1: config 220 interface 1 has no altsetting 0 [ 105.449671][ T6427] 0-5 [ 105.477623][ T1185] usb 5-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 105.493595][ T1185] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 105.501622][ T1185] usb 5-1: Product: syz [ 105.502235][ T6427] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 105.513939][ T1185] usb 5-1: Manufacturer: syz [ 105.529246][ T1185] usb 5-1: SerialNumber: syz [ 105.649670][ T6442] loop2: detected capacity change from 0 to 1024 [ 105.684600][ T6442] EXT4-fs: Ignoring removed nobh option [ 105.734219][ T6442] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 105.830257][ T5785] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 105.836948][ T1185] usb 5-1: Found UVC 7.01 device syz (8086:0b07) [ 105.850090][ T6442] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 105.879436][ T6447] loop1: detected capacity change from 0 to 1024 [ 105.887595][ T6447] EXT4-fs: Ignoring removed nobh option [ 105.893241][ T6447] EXT4-fs: Ignoring removed bh option [ 105.915536][ T1185] usb 5-1: No valid video chain found. [ 105.921170][ T1185] usb 5-1: selecting invalid altsetting 0 [ 105.943265][ T6447] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 105.946577][ T1185] usb 5-1: selecting invalid altsetting 0 [ 105.963363][ T1185] usbtest: probe of 5-1:220.1 failed with error -22 [ 105.986314][ T1185] usb 5-1: USB disconnect, device number 3 [ 106.145081][ T6447] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 106.240494][ T6454] loop3: detected capacity change from 0 to 512 [ 106.321717][ T6442] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4031: comm syz.2.123: Allocating blocks 497-513 which overlap fs metadata [ 106.360638][ T6454] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 106.370248][ T6442] EXT4-fs (loop2): pa ffff88807d0330e8: logic 256, phys. 465, len 3 [ 106.382273][ T6442] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:5372: group 0, free 0, pa_free 1 [ 106.417159][ T6454] ext4 filesystem being mounted at /37/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 106.430586][ T5786] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 106.479429][ T6454] EXT4-fs error (device loop3): ext4_xattr_block_get:600: inode #15: comm syz.3.125: corrupted xattr block 33: invalid header [ 106.539013][ T6454] fscrypt (loop3, inode 15): Error -117 getting encryption context [ 106.606320][ T5783] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 106.635782][ T5785] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 107.952010][ T6478] loop3: detected capacity change from 0 to 128 [ 108.031269][ T6478] FAT-fs (loop3): error, corrupted directory (invalid entries) [ 108.050393][ T6478] FAT-fs (loop3): Filesystem has been set read-only [ 108.089346][ T6483] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 110.328887][ T6493] loop2: detected capacity change from 0 to 2048 [ 110.533038][ T6493] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 110.610122][ T6497] loop4: detected capacity change from 0 to 1024 [ 110.611127][ T6497] EXT4-fs: Ignoring removed nobh option [ 111.036050][ T6497] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 111.255026][ T6502] hub 8-0:1.0: USB hub found [ 111.368192][ T6497] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 111.382895][ T6502] hub 8-0:1.0: 1 port detected [ 111.445611][ T6510] loop3: detected capacity change from 0 to 1024 [ 111.455030][ T6510] EXT4-fs: Ignoring removed nomblk_io_submit option [ 111.466919][ T6510] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 111.628011][ T6510] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 111.783370][ T27] audit: type=1800 audit(1762670105.459:8): pid=6510 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.140" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 111.819292][ T6510] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5916: Corrupt filesystem [ 111.831898][ T6497] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:4031: comm syz.4.137: Allocating blocks 497-513 which overlap fs metadata [ 111.846218][ T27] audit: type=1800 audit(1762670105.469:9): pid=6510 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.140" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 111.854299][ T6510] EXT4-fs error (device loop3): ext4_dirty_inode:6120: inode #15: comm syz.3.140: mark_inode_dirty error [ 111.916721][ T6510] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5916: Corrupt filesystem [ 111.922193][ T6497] EXT4-fs (loop4): pa ffff888079cc51d0: logic 256, phys. 385, len 8 [ 111.934443][ T6497] EXT4-fs error (device loop4): ext4_mb_release_inode_pa:5372: group 0, free 0, pa_free 1 [ 111.942780][ T6510] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #15: comm syz.3.140: mark_inode_dirty error [ 111.977968][ T6526] loop1: detected capacity change from 0 to 256 [ 112.284292][ T5997] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 112.393473][ T5821] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 112.409710][ T6534] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 112.577479][ T5785] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 112.598602][ T5821] usb 3-1: Using ep0 maxpacket: 32 [ 112.619736][ T5821] usb 3-1: config 0 has an invalid interface number: 85 but max is 0 [ 112.641866][ T5821] usb 3-1: config 0 has no interface number 0 [ 112.660912][ T5821] usb 3-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 112.672222][ T5821] usb 3-1: config 0 interface 85 has no altsetting 0 [ 112.693957][ T5821] usb 3-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 112.705018][ T5821] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 112.713096][ T5821] usb 3-1: Product: syz [ 112.728502][ T5821] usb 3-1: Manufacturer: syz [ 112.733157][ T5821] usb 3-1: SerialNumber: syz [ 112.862279][ T5821] usb 3-1: config 0 descriptor?? [ 113.494237][ T6528] loop2: detected capacity change from 0 to 256 [ 113.609244][ T6528] exfat: Bad value for 'uid' [ 113.764613][ T6003] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 114.064171][ T5821] appletouch 3-1:0.85: Geyser mode initialized. [ 114.086107][ T5821] input: appletouch as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.85/input/input10 [ 114.130166][ T6561] Bluetooth: MGMT ver 1.22 [ 114.269907][ T6563] netlink: 'syz.3.153': attribute type 75 has an invalid length. [ 114.296870][ T5821] usb 3-1: USB disconnect, device number 2 [ 114.322111][ T5821] appletouch 3-1:0.85: input: appletouch disconnected [ 114.991059][ T6565] loop2: detected capacity change from 0 to 8192 [ 115.042294][ T27] audit: type=1800 audit(1762670108.719:10): pid=6565 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.154" name="bus" dev="loop2" ino=1048599 res=0 errno=0 [ 115.060675][ T6565] Trying to write to read-only block-device loop2 [ 115.842309][ T5783] FAT-fs (loop2): error, invalid access to FAT (entry 0x0000e1b1) [ 115.862667][ T5783] FAT-fs (loop2): Filesystem has been set read-only [ 116.104692][ T6576] binder: BINDER_SET_CONTEXT_MGR already set [ 116.112013][ T6576] binder: 6575:6576 ioctl 4018620d 200000004a80 returned -16 [ 116.700574][ T6582] TCP: tcp_parse_options: Illegal window scaling value 71 > 14 received [ 116.748254][ T6582] loop2: detected capacity change from 0 to 128 [ 116.755751][ T6582] FAT-fs (loop2): Unrecognized mount option "utf8=1:uni_xlate=0" or missing value [ 123.624835][ T9] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 123.846529][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 123.857936][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 123.867754][ T9] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 123.881813][ T9] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 123.892039][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 123.907935][ T9] usb 2-1: config 0 descriptor?? [ 124.351931][ T9] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 124.383840][ T9] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 124.391275][ T9] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 124.409726][ T9] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 124.463563][ T9] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 124.471098][ T9] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 124.499441][ T9] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 124.532434][ T9] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 124.552874][ T9] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 124.567492][ T9] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 124.582631][ T9] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 124.590906][ T9] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 124.612055][ T9] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 124.619946][ T9] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 124.633404][ T9] plantronics 0003:047F:FFFF.0002: unknown main item tag 0x0 [ 124.641769][ T9] plantronics 0003:047F:FFFF.0002: No inputs registered, leaving [ 124.715726][ T9] plantronics 0003:047F:FFFF.0002: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 124.755108][ T6654] loop2: detected capacity change from 0 to 8 [ 124.794033][ T9] usb 2-1: USB disconnect, device number 3 [ 124.854431][ T5773] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 124.899464][ T6654] mmap: syz.2.177 (6654) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 124.940798][ T6657] fido_id[6657]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 124.966943][ T6654] loop2: detected capacity change from 0 to 512 [ 125.023170][ T6654] EXT4-fs (loop2): write access unavailable, skipping orphan cleanup [ 125.060637][ T6654] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 125.143483][ T787] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 125.253100][ T5783] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 125.267776][ T6668] loop1: detected capacity change from 0 to 256 [ 125.378632][ T787] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 125.430688][ T787] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 125.471165][ T787] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 125.491750][ T787] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 125.502083][ T787] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 125.521770][ T787] usb 5-1: config 0 descriptor?? [ 125.627083][ T6678] loop2: detected capacity change from 0 to 1024 [ 125.693498][ T6001] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 125.722167][ T6678] loop2: detected capacity change from 0 to 16 [ 125.726706][ T6001] I/O error, dev loop2, sector 8 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 125.749325][ T6678] erofs: (device loop2): z_erofs_parse_cfgs: unidentified algorithms fff8, please upgrade kernel [ 125.985476][ T787] plantronics 0003:047F:FFFF.0003: No inputs registered, leaving [ 126.034503][ T787] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 126.344497][ T787] usb 5-1: USB disconnect, device number 4 [ 126.960926][ T6704] loop4: detected capacity change from 0 to 2048 [ 127.027132][ T6704] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 127.993407][ T5997] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 128.080842][ T6711] loop4: detected capacity change from 0 to 512 [ 128.112470][ T6711] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2249: inode #15: comm syz.4.188: corrupted in-inode xattr: e_value size too large [ 128.139950][ T6711] EXT4-fs error (device loop4): ext4_orphan_get:1404: comm syz.4.188: couldn't read orphan inode 15 (err -117) [ 128.173752][ T6711] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 128.231875][ T6711] EXT4-fs error (device loop4): ext4_validate_block_bitmap:430: comm syz.4.188: bg 0: block 5: invalid block bitmap [ 128.385961][ T5997] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 128.762650][ T6722] bridge_slave_0: default FDB implementation only supports local addresses [ 128.798703][ T6722] netlink: 6 bytes leftover after parsing attributes in process `syz.3.191'. [ 128.826925][ T6722] bridge_slave_0: default FDB implementation only supports local addresses [ 129.304172][ T6738] loop3: detected capacity change from 0 to 2048 [ 129.325578][ T6738] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=4294967294, location=4294967294 [ 129.376786][ T6738] UDF-fs: error (device loop3): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 129.430484][ T6738] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found [ 129.458125][ T6738] UDF-fs: Scanning with blocksize 512 failed [ 129.478952][ T6738] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=4294967294, location=4294967294 [ 129.543993][ T6738] UDF-fs: error (device loop3): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 129.577825][ T6738] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found [ 129.613387][ T6738] UDF-fs: Scanning with blocksize 1024 failed [ 129.633519][ T27] audit: type=1326 audit(1762670123.309:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6750 comm="syz.2.199" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2a6c78f6c9 code=0x0 [ 129.636247][ T6738] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=4294967294, location=4294967294 [ 129.676269][ T6738] UDF-fs: error (device loop3): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 129.698854][ T6738] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found [ 129.713337][ T6738] UDF-fs: Scanning with blocksize 2048 failed [ 129.727834][ T6738] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=4294967294, location=4294967294 [ 129.754615][ T6738] UDF-fs: error (device loop3): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 129.762711][ T6758] loop2: detected capacity change from 0 to 256 [ 129.773702][ T6738] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found [ 129.781361][ T6738] UDF-fs: Scanning with blocksize 4096 failed [ 129.797564][ T6738] UDF-fs: warning (device loop3): udf_fill_super: No partition found (1) [ 130.484353][ T6781] loop1: detected capacity change from 0 to 1764 [ 130.573430][ T6001] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 130.867191][ T6795] loop3: detected capacity change from 0 to 8 [ 130.910460][ T6795] SQUASHFS error: lzo decompression failed, data probably corrupt [ 130.930029][ T6795] SQUASHFS error: Failed to read block 0x91: -5 [ 130.939218][ T6795] SQUASHFS error: Unable to read metadata cache entry [8f] [ 130.997725][ T6797] Bluetooth: MGMT ver 1.22 [ 131.118875][ T6795] SQUASHFS error: Unable to read inode 0x11f [ 131.343552][ T9] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 131.703468][ T9] usb 2-1: device descriptor read/64, error -71 [ 133.304586][ T1278] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.311762][ T1278] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.324513][ T9] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 133.898165][ T6832] loop4: detected capacity change from 0 to 128 [ 133.945113][ T6832] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 133.993451][ T6832] ext4 filesystem being mounted at /22/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 134.179636][ T5997] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 134.442173][ T6847] loop2: detected capacity change from 0 to 2048 [ 134.922027][ T6839] Bluetooth: hci0: Opcode 0x080f failed: -4 [ 135.680606][ T6875] loop1: detected capacity change from 0 to 2048 [ 135.809730][ T6875] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [ 135.833327][ T6875] UDF-fs: Scanning with blocksize 512 failed [ 135.858595][ T6882] loop2: detected capacity change from 0 to 128 [ 135.892044][ T6875] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 136.115810][ T5787] Bluetooth: hci0: command 0x0c20 tx timeout [ 136.317346][ T6899] loop1: detected capacity change from 0 to 512 [ 136.416144][ T23] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 136.438983][ T6899] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 136.481152][ T6899] ext4 filesystem being mounted at /66/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 136.662338][ T5786] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 136.664682][ T23] usb 5-1: Using ep0 maxpacket: 8 [ 136.718217][ T23] usb 5-1: unable to get BOS descriptor or descriptor too short [ 136.748226][ T23] usb 5-1: config 173 has an invalid interface number: 209 but max is 0 [ 136.773463][ T23] usb 5-1: config 173 has no interface number 0 [ 136.779778][ T23] usb 5-1: config 173 interface 209 has no altsetting 0 [ 136.807995][ T23] usb 5-1: New USB device found, idVendor=2451, idProduct=89f0, bcdDevice=14.44 [ 136.819833][ T23] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 136.843658][ T23] usb 5-1: Product: syz [ 136.847979][ T23] usb 5-1: Manufacturer: syz [ 136.853805][ T23] usb 5-1: SerialNumber: syz [ 137.116564][ T23] usb-storage 5-1:173.209: USB Mass Storage device detected [ 137.344557][ T6935] syz.1.242 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 138.024683][ T23] usb 5-1: USB disconnect, device number 5 [ 138.277286][ T6948] loop4: detected capacity change from 0 to 256 [ 138.825914][ T6948] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 139.021402][ T6948] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 139.073145][ T6954] loop2: detected capacity change from 0 to 512 [ 139.134982][ T6948] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 139.173714][ T27] audit: type=1800 audit(1762670132.849:12): pid=6948 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.247" name="file1" dev="loop4" ino=1048610 res=0 errno=0 [ 139.192889][ T6948] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 139.220479][ T6003] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 139.224826][ T6948] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 139.275234][ T6948] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 139.338567][ T6948] syz.4.247 (6948) used greatest stack depth: 20648 bytes left [ 139.611221][ T6963] loop1: detected capacity change from 0 to 1024 [ 139.787701][ T6972] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 139.974726][ T59] hfsplus: b-tree write err: -5, ino 8 [ 140.109021][ T6980] syzkaller0: entered promiscuous mode [ 140.123327][ T6980] syzkaller0: entered allmulticast mode [ 140.228449][ T6982] netlink: 8 bytes leftover after parsing attributes in process `syz.3.259'. [ 140.344673][ T6982] loop3: detected capacity change from 0 to 2048 [ 140.425227][ T6990] TCP: tcp_parse_options: Illegal window scaling value 71 > 14 received [ 141.012261][ T6982] loop3: p1 < > p4 [ 141.019180][ T6982] loop3: p4 size 8388608 extends beyond EOD, truncated [ 141.362262][ T7003] loop1: detected capacity change from 0 to 128 [ 141.414258][ T7003] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 141.437146][ T7003] ext4 filesystem being mounted at /73/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 141.460024][ T7007] loop4: detected capacity change from 0 to 512 [ 141.494992][ T7007] EXT4-fs: Ignoring removed bh option [ 141.518473][ T7003] EXT4-fs (loop1): shut down requested (1) [ 141.601145][ T7007] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 141.602612][ T5786] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 141.622237][ T7007] ext4 filesystem being mounted at /33/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 141.878661][ T7014] loop1: detected capacity change from 0 to 1024 [ 141.911586][ T7014] EXT4-fs (loop1): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 141.933023][ T5997] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 141.955173][ T7014] ext4 filesystem being mounted at /75/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 142.054075][ T7014] EXT4-fs error (device loop1): ext4_lookup:1858: inode #15: comm syz.1.268: inode has both inline data and extents flags [ 142.088788][ T7018] loop4: detected capacity change from 0 to 512 [ 142.121113][ T7018] EXT4-fs: Ignoring removed bh option [ 142.128805][ T5786] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 142.200375][ T7018] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 142.228119][ T7018] ext4 filesystem being mounted at /34/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 142.309537][ T6003] udevd[6003]: inotify_add_watch(7, /dev/loop3p4, 10) failed: No such file or directory [ 142.326559][ T7023] syzkaller0: entered promiscuous mode [ 142.337418][ T7023] syzkaller0: entered allmulticast mode [ 142.374443][ T5997] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 142.385473][ T6001] udevd[6001]: inotify_add_watch(7, /dev/loop3p4, 10) failed: No such file or directory [ 142.854171][ T7036] TCP: tcp_parse_options: Illegal window scaling value 71 > 14 received [ 143.647537][ T7042] loop4: detected capacity change from 0 to 1024 [ 143.648398][ T7040] loop3: detected capacity change from 0 to 1024 [ 143.660042][ T7042] EXT4-fs: Ignoring removed mblk_io_submit option [ 143.685554][ T7042] EXT4-fs: Ignoring removed oldalloc option [ 143.691907][ T7040] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 143.716259][ T7042] EXT4-fs: Ignoring removed nomblk_io_submit option [ 143.774457][ T7040] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 143.798776][ T7042] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 143.822771][ T7040] ext4 filesystem being mounted at /75/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 143.846785][ T7040] EXT4-fs error (device loop3): ext4_lookup:1858: inode #15: comm syz.3.277: inode has both inline data and extents flags [ 143.949224][ T7040] ext4: Unknown parameter '.' [ 143.996985][ T5785] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 144.173698][ T5772] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 144.386747][ T5772] usb 2-1: Using ep0 maxpacket: 32 [ 144.409396][ T5772] usb 2-1: config 0 has an invalid interface number: 85 but max is 0 [ 144.429439][ T5772] usb 2-1: config 0 has no interface number 0 [ 144.445637][ T5772] usb 2-1: config 0 interface 85 altsetting 7 endpoint 0x82 has invalid wMaxPacketSize 0 [ 144.456231][ T5772] usb 2-1: config 0 interface 85 has no altsetting 0 [ 144.467290][ T5772] usb 2-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 144.479621][ T5772] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 144.494656][ T5997] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 144.505536][ T5772] usb 2-1: Product: syz [ 144.509738][ T5772] usb 2-1: Manufacturer: syz [ 144.536595][ T5772] usb 2-1: SerialNumber: syz [ 144.553906][ T5772] usb 2-1: config 0 descriptor?? [ 144.593614][ T5772] appletouch 2-1:0.85: Could not find int-in endpoint [ 144.600750][ T5772] appletouch: probe of 2-1:0.85 failed with error -5 [ 144.620497][ T5772] usbhid 2-1:0.85: couldn't find an input interrupt endpoint [ 144.757352][ T23] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 144.891762][ T7071] TCP: tcp_parse_options: Illegal window scaling value 71 > 14 received [ 144.943487][ T23] usb 3-1: Using ep0 maxpacket: 32 [ 145.022515][ T23] usb 3-1: config 0 has an invalid interface number: 67 but max is 0 [ 145.150014][ T23] usb 3-1: config 0 has no interface number 0 [ 145.303940][ T7052] loop1: detected capacity change from 0 to 256 [ 145.357063][ T23] usb 3-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 145.452003][ T7052] exfat: Bad value for 'uid' [ 145.557010][ T23] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 145.565967][ T23] usb 3-1: Product: syz [ 145.570199][ T23] usb 3-1: Manufacturer: syz [ 145.583411][ T23] usb 3-1: SerialNumber: syz [ 145.609709][ T23] usb 3-1: config 0 descriptor?? [ 145.619868][ T23] smsc95xx v2.0.0 [ 145.629856][ T23] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 145.661761][ T23] smsc95xx: probe of 3-1:0.67 failed with error -22 [ 146.035366][ T7064] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 146.045108][ T23] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 146.045488][ T7064] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 146.065881][ T5772] usb 3-1: USB disconnect, device number 3 [ 146.235363][ T23] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 146.246443][ T23] usb 4-1: New USB device found, idVendor=046d, idProduct=c086, bcdDevice= 0.00 [ 146.256422][ T23] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 146.265957][ T23] usb 4-1: config 0 descriptor?? [ 146.688584][ T23] logitech-hidpp-device 0003:046D:C086.0004: item fetching failed at offset 0/3 [ 146.699921][ T23] logitech-hidpp-device 0003:046D:C086.0004: hidpp_probe:parse failed [ 146.712860][ T23] logitech-hidpp-device: probe of 0003:046D:C086.0004 failed with error -22 [ 146.871062][ T7093] loop2: detected capacity change from 0 to 512 [ 146.912856][ T23] usb 4-1: USB disconnect, device number 3 [ 146.955107][ T5772] usb 2-1: USB disconnect, device number 6 [ 147.472854][ T7112] TCP: tcp_parse_options: Illegal window scaling value 71 > 14 received [ 148.736084][ T7136] loop3: detected capacity change from 0 to 512 [ 148.939911][ T7143] TCP: tcp_parse_options: Illegal window scaling value 71 > 14 received [ 149.754554][ T7136] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 149.834160][ T7136] ext4 filesystem being mounted at /82/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 149.896881][ T7149] input: syz1 as /devices/virtual/input/input11 [ 150.073103][ T5785] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 150.470771][ T7163] loop4: detected capacity change from 0 to 1024 [ 150.487887][ T7163] hfsplus: unable to parse mount options [ 150.748723][ T7163] loop4: detected capacity change from 0 to 2048 [ 150.759190][ T7163] EXT4-fs: Ignoring removed i_version option [ 150.794525][ T7163] EXT4-fs (loop4): bad geometry: first data block 0 is beyond end of filesystem (0) [ 150.980791][ T7166] loop2: detected capacity change from 0 to 512 [ 150.997410][ T7166] EXT4-fs: Ignoring removed mblk_io_submit option [ 151.017796][ T6001] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 151.648918][ T7184] TCP: tcp_parse_options: Illegal window scaling value 71 > 14 received [ 151.833568][ T23] usb 4-1: new full-speed USB device number 4 using dummy_hcd [ 152.141448][ T23] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 152.239679][ T23] usb 4-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00 [ 152.271383][ T23] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 152.315163][ T23] usb 4-1: config 0 descriptor?? [ 152.354308][ T7183] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 152.633731][ T7199] netlink: 4 bytes leftover after parsing attributes in process `syz.2.330'. [ 152.828143][ T23] elan 0003:04F3:0755.0005: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.3-1/input0 [ 152.901920][ T7206] loop1: detected capacity change from 0 to 2048 [ 152.984463][ T7206] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 153.013189][ T23] usb 4-1: USB disconnect, device number 4 [ 153.264299][ T7206] EXT4-fs error (device loop1): __ext4_get_inode_loc:4489: comm syz.1.333: Invalid inode table block 17173292907531349916 in block_group 0 [ 153.341211][ T11] EXT4-fs error (device loop1): __ext4_get_inode_loc:4489: comm kworker/u4:0: Invalid inode table block 17173292907531349916 in block_group 0 [ 153.370772][ T5786] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 153.450135][ T7218] TCP: tcp_parse_options: Illegal window scaling value 71 > 14 received [ 155.302686][ T7241] Bluetooth: MGMT ver 1.22 [ 155.457596][ T7245] loop2: detected capacity change from 0 to 512 [ 155.719178][ T7254] loop4: detected capacity change from 0 to 512 [ 155.838673][ T7254] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 155.857775][ T7254] ext4 filesystem being mounted at /45/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 157.093051][ T7258] sched: RT throttling activated [ 158.083149][ T27] audit: type=1326 audit(1762670151.759:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7270 comm="syz.2.355" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2a6c78f6c9 code=0x7ffc0000 [ 158.154996][ T5997] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 158.156045][ T27] audit: type=1326 audit(1762670151.789:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7270 comm="syz.2.355" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2a6c78f6c9 code=0x7ffc0000 [ 158.188940][ T27] audit: type=1326 audit(1762670151.789:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7270 comm="syz.2.355" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f2a6c78f6c9 code=0x7ffc0000 [ 158.248320][ T27] audit: type=1326 audit(1762670151.789:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7270 comm="syz.2.355" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2a6c78f6c9 code=0x7ffc0000 [ 158.270828][ T27] audit: type=1326 audit(1762670151.789:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7270 comm="syz.2.355" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2a6c78f6c9 code=0x7ffc0000 [ 158.316470][ T27] audit: type=1326 audit(1762670151.789:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7270 comm="syz.2.355" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f2a6c78f6c9 code=0x7ffc0000 [ 158.348951][ T27] audit: type=1326 audit(1762670151.789:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7270 comm="syz.2.355" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2a6c78f6c9 code=0x7ffc0000 [ 158.383026][ T27] audit: type=1326 audit(1762670151.789:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7270 comm="syz.2.355" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f2a6c78f6c9 code=0x7ffc0000 [ 158.515221][ T27] audit: type=1326 audit(1762670151.789:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7270 comm="syz.2.355" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2a6c78f6c9 code=0x7ffc0000 [ 158.558148][ T27] audit: type=1326 audit(1762670151.789:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7270 comm="syz.2.355" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f2a6c78f6c9 code=0x7ffc0000 [ 158.748837][ T7282] loop2: detected capacity change from 0 to 1764 [ 159.637146][ T7292] loop1: detected capacity change from 0 to 164 [ 160.095728][ T7299] loop3: detected capacity change from 0 to 512 [ 162.654375][ T7299] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 162.746372][ T7299] ext4 filesystem being mounted at /92/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 162.833535][ T5821] usb 5-1: new full-speed USB device number 6 using dummy_hcd [ 163.095391][ T5821] usb 5-1: config 0 has an invalid interface number: 128 but max is 0 [ 163.123355][ T5821] usb 5-1: config 0 has no interface number 0 [ 163.137746][ T5821] usb 5-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 163.153350][ T5821] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 163.161363][ T5821] usb 5-1: Product: syz [ 163.183487][ T5821] usb 5-1: Manufacturer: syz [ 163.188114][ T5821] usb 5-1: SerialNumber: syz [ 163.215165][ T5821] usb 5-1: config 0 descriptor?? [ 163.250071][ T5785] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 163.440265][ T7315] loop2: detected capacity change from 0 to 1764 [ 163.963560][ T5772] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 164.290080][ T5821] usb 5-1: Firmware version (0.0) predates our first public release. [ 164.311210][ T5821] usb 5-1: Please update to version 0.2 or newer [ 164.333619][ T5772] usb 4-1: Using ep0 maxpacket: 16 [ 164.414144][ T5772] usb 4-1: config 252 has too many interfaces: 129, using maximum allowed: 32 [ 164.431123][ T5772] usb 4-1: config 252 has 1 interface, different from the descriptor's value: 129 [ 164.441903][ T5772] usb 4-1: config 252 has no interface number 0 [ 164.448824][ T5772] usb 4-1: config 252 interface 15 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 164.466682][ T5772] usb 4-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=2b.29 [ 164.479605][ T5821] usb 5-1: USB disconnect, device number 6 [ 164.485488][ T5772] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 164.504539][ T5772] usb 4-1: Product: syz [ 164.519348][ T5772] usb 4-1: Manufacturer: syz [ 164.538281][ T5772] usb 4-1: SerialNumber: syz [ 164.576554][ T5772] usb 4-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 164.773254][ T5772] usb 4-1: USB disconnect, device number 5 [ 164.797435][ T42] usb 4-1: Failed to submit usb control message: -71 [ 164.823414][ T5102] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 164.836591][ T42] usb 4-1: unable to send the bmi data to the device: -71 [ 164.843857][ T5102] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 164.852625][ T42] usb 4-1: unable to get target info from device [ 164.859270][ T42] usb 4-1: could not get target info (-71) [ 164.865301][ T5102] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 164.880517][ T42] usb 4-1: could not probe fw (-71) [ 164.886222][ T5102] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 164.896993][ T5102] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 164.904584][ T5102] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 165.494465][ T7329] chnl_net:caif_netlink_parms(): no params data found [ 165.587586][ T7349] loop3: detected capacity change from 0 to 164 [ 165.818179][ T7329] bridge0: port 1(bridge_slave_0) entered blocking state [ 165.829303][ T7329] bridge0: port 1(bridge_slave_0) entered disabled state [ 165.839407][ T7329] bridge_slave_0: entered allmulticast mode [ 165.857172][ T7329] bridge_slave_0: entered promiscuous mode [ 165.876524][ T7329] bridge0: port 2(bridge_slave_1) entered blocking state [ 165.886156][ T7329] bridge0: port 2(bridge_slave_1) entered disabled state [ 165.895046][ T7329] bridge_slave_1: entered allmulticast mode [ 165.920613][ T7329] bridge_slave_1: entered promiscuous mode [ 166.067039][ T7329] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 166.106381][ T7329] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 166.281078][ T7355] Zero length message leads to an empty skb [ 166.297881][ T7329] team0: Port device team_slave_0 added [ 166.327230][ T7329] team0: Port device team_slave_1 added [ 166.392493][ T7329] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 166.402902][ T7329] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 166.478159][ T7329] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 166.560852][ T7362] netdevsim netdevsim2 netdevsim0: entered promiscuous mode [ 166.581956][ T7329] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 166.623691][ T7329] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 166.782714][ T7329] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 166.803822][ T7362] netlink: 40 bytes leftover after parsing attributes in process `syz.2.382'. [ 166.856584][ T7362] netlink: 32 bytes leftover after parsing attributes in process `syz.2.382'. [ 166.964093][ T7371] netlink: 56 bytes leftover after parsing attributes in process `syz.4.384'. [ 166.993636][ T5102] Bluetooth: hci3: command tx timeout [ 167.060909][ T7329] hsr_slave_0: entered promiscuous mode [ 167.073660][ T7329] hsr_slave_1: entered promiscuous mode [ 167.116189][ T7329] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 167.137077][ T7329] Cannot create hsr debugfs directory [ 167.823908][ T7329] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 167.872883][ T7329] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 167.902219][ T7329] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 167.926177][ T7329] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 168.211238][ T7329] 8021q: adding VLAN 0 to HW filter on device bond0 [ 168.262100][ T7329] 8021q: adding VLAN 0 to HW filter on device team0 [ 168.417305][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 168.424524][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 168.519651][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 168.526820][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 169.073665][ T5787] Bluetooth: hci3: command tx timeout [ 169.206580][ T5787] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 169.289227][ T7329] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 169.327725][ T5787] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 169.337209][ T5787] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 169.348481][ T5787] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 169.358718][ T5787] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 169.366661][ T5787] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 169.658194][ T7329] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 169.863440][ T787] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 169.991167][ T7382] chnl_net:caif_netlink_parms(): no params data found [ 170.101745][ T787] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 170.122035][ T787] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 170.146302][ T787] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 170.162407][ T787] usb 3-1: Product: syz [ 170.203592][ T787] usb 3-1: Manufacturer: syz [ 170.223543][ T787] usb 3-1: SerialNumber: syz [ 170.260617][ T7382] bridge0: port 1(bridge_slave_0) entered blocking state [ 170.269378][ T7382] bridge0: port 1(bridge_slave_0) entered disabled state [ 170.284894][ T7382] bridge_slave_0: entered allmulticast mode [ 170.292143][ T7382] bridge_slave_0: entered promiscuous mode [ 170.305553][ T7382] bridge0: port 2(bridge_slave_1) entered blocking state [ 170.312694][ T7382] bridge0: port 2(bridge_slave_1) entered disabled state [ 170.374617][ T7382] bridge_slave_1: entered allmulticast mode [ 170.393173][ T7382] bridge_slave_1: entered promiscuous mode [ 170.464095][ T7395] binder_alloc: 7394: pid 7394 spamming oneway? 2 buffers allocated for a total size of 5120 [ 170.494648][ T7395] binder_alloc: 7394: pid 7394 spamming oneway? 3 buffers allocated for a total size of 5128 [ 170.546832][ T7382] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 170.565764][ T7382] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 170.624362][ T7382] team0: Port device team_slave_0 added [ 170.642964][ T7382] team0: Port device team_slave_1 added [ 170.691634][ T7382] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 170.705412][ T7382] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 170.747883][ T7382] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 170.770429][ T7329] veth0_vlan: entered promiscuous mode [ 170.784996][ T7382] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 170.800687][ T7382] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 170.836101][ T7382] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 170.860575][ T7329] veth1_vlan: entered promiscuous mode [ 170.889982][ T7416] loop4: detected capacity change from 0 to 1764 [ 170.942449][ T7382] hsr_slave_0: entered promiscuous mode [ 170.950151][ T7382] hsr_slave_1: entered promiscuous mode [ 170.956943][ T7382] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 170.969594][ T7382] Cannot create hsr debugfs directory [ 170.977378][ T6001] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 171.100855][ T7329] veth0_macvtap: entered promiscuous mode [ 171.133733][ T7329] veth1_macvtap: entered promiscuous mode [ 171.164232][ T5787] Bluetooth: hci3: command tx timeout [ 171.362725][ T787] cdc_ncm 3-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 171.394744][ T5787] Bluetooth: hci2: command tx timeout [ 171.453696][ T787] cdc_ncm 3-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048 [ 171.461430][ T787] cdc_ncm 3-1:1.0: setting rx_max = 2048 [ 171.563591][ T7329] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 171.606686][ T787] cdc_ncm 3-1:1.0: setting tx_max = 88 [ 171.635507][ T6824] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 171.717206][ T7329] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.786115][ T7329] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 171.813816][ T6824] usb 5-1: device descriptor read/64, error -71 [ 171.839854][ T7329] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.852724][ T7329] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 171.863639][ T7329] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.874188][ T7329] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 171.884774][ T7329] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.896585][ T7329] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 171.932807][ T787] cdc_ncm 3-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.2-1, CDC NCM (NO ZLP), 42:42:42:42:42:42 [ 171.950459][ T7329] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 171.956033][ T787] usb 3-1: USB disconnect, device number 4 [ 171.961565][ T7329] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 171.978847][ T7329] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 171.990625][ T7329] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 172.011058][ T7329] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 172.015272][ T787] cdc_ncm 3-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.2-1, CDC NCM (NO ZLP) [ 172.031259][ T7329] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 172.041376][ T7329] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 172.051958][ T7329] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 172.063270][ T7329] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 172.111868][ T7329] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 172.121257][ T7329] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 172.130660][ T7329] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 172.136195][ T6824] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 172.153637][ T7329] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 172.229707][ T7382] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 172.267056][ T7382] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 172.300683][ T7382] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 172.314618][ T6824] usb 5-1: device descriptor read/64, error -71 [ 172.331700][ T7382] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 172.351309][ T7421] syzkaller0: entered promiscuous mode [ 172.357264][ T7421] syzkaller0: entered allmulticast mode [ 172.377718][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 172.385883][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 172.434815][ T6824] usb usb5-port1: attempt power cycle [ 172.470529][ T6119] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 172.482053][ T6119] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 172.572896][ T7382] 8021q: adding VLAN 0 to HW filter on device bond0 [ 172.640685][ T7382] 8021q: adding VLAN 0 to HW filter on device team0 [ 172.672128][ T6119] bridge0: port 1(bridge_slave_0) entered blocking state [ 172.679340][ T6119] bridge0: port 1(bridge_slave_0) entered forwarding state [ 172.699994][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 172.707183][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 172.863570][ T6824] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 172.894313][ T6824] usb 5-1: device descriptor read/8, error -71 [ 172.925318][ T787] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 172.968338][ T7382] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 173.146102][ T787] usb 6-1: Using ep0 maxpacket: 8 [ 173.168393][ T787] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 173.178669][ T6824] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 173.198971][ T787] usb 6-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xBE, skipping [ 173.220444][ T787] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 173.239459][ T5787] Bluetooth: hci3: command tx timeout [ 173.248286][ T6824] usb 5-1: device descriptor read/8, error -71 [ 173.256846][ T787] usb 6-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46 [ 173.266272][ T787] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35 [ 173.274544][ T787] usb 6-1: Product: syz [ 173.278725][ T787] usb 6-1: Manufacturer: syz [ 173.283356][ T787] usb 6-1: SerialNumber: syz [ 173.296023][ T787] usb 6-1: config 0 descriptor?? [ 173.306093][ T787] radio-si470x 6-1:0.0: could not find interrupt in endpoint [ 173.313741][ T787] radio-si470x: probe of 6-1:0.0 failed with error -5 [ 173.320701][ T787] usbhid 6-1:0.0: couldn't find an input interrupt endpoint [ 173.374093][ T6824] usb usb5-port1: unable to enumerate USB device [ 173.470941][ T7382] veth0_vlan: entered promiscuous mode [ 173.478344][ T5787] Bluetooth: hci2: command tx timeout [ 173.498620][ T7382] veth1_vlan: entered promiscuous mode [ 173.638228][ T7382] veth0_macvtap: entered promiscuous mode [ 173.666942][ T7382] veth1_macvtap: entered promiscuous mode [ 173.694356][ T7382] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 173.704954][ T7382] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 173.716224][ T7382] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 173.733895][ T7382] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 173.744098][ T7382] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 173.755067][ T7382] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 173.765763][ T7382] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 173.776578][ T7382] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 173.786936][ T7382] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 173.797790][ T7382] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 173.815160][ T7382] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 173.900075][ T7382] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 173.910876][ T7382] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 173.921157][ T7382] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 173.932018][ T7382] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 173.942151][ T7382] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 173.954608][ T7382] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 173.973558][ T7382] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 173.993380][ T7382] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 174.018049][ T7382] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 174.050092][ T7382] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 174.095890][ T7382] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 174.151526][ T7382] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 174.174091][ T7382] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 174.182850][ T7382] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 174.208557][ T7382] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 194.361568][ T1278] ieee802154 phy0 wpan0: encryption failed: -22 [ 279.803293][ C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 279.810318][ C1] rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P11/1:b..l [ 279.818392][ C1] rcu: (detected by 1, t=10502 jiffies, g=20897, q=575 ncpus=2) [ 279.826099][ C1] task:kworker/u4:0 state:R running task stack:21968 pid:11 ppid:2 flags:0x00004000 [ 279.837719][ C1] Workqueue: bat_events batadv_nc_worker [ 279.843369][ C1] Call Trace: [ 279.846645][ C1] [ 279.849564][ C1] __schedule+0x14d2/0x44d0 [ 279.854064][ C1] ? mark_lock+0x61/0x320 [ 279.858376][ C1] ? asan.module_dtor+0x20/0x20 [ 279.863203][ C1] ? mark_lock+0x94/0x320 [ 279.867511][ C1] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 279.873475][ C1] ? preempt_schedule_irq+0xaa/0x140 [ 279.878742][ C1] preempt_schedule_irq+0xb5/0x140 [ 279.883834][ C1] ? preempt_schedule_notrace+0x110/0x110 [ 279.889533][ C1] ? rcu_irq_exit_check_preempt+0xdf/0x210 [ 279.895321][ C1] irqentry_exit+0x67/0x70 [ 279.899714][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 279.905673][ C1] RIP: 0010:lock_acquire+0x1f2/0x410 [ 279.910939][ C1] Code: 00 9c 8f 84 24 80 00 00 00 f6 84 24 81 00 00 00 02 0f 85 f5 00 00 00 41 f7 c6 00 02 00 00 74 01 fb 48 c7 44 24 60 0e 36 e0 45 <4b> c7 04 3c 00 00 00 00 66 43 c7 44 3c 09 00 00 43 c6 44 3c 0b 00 [ 279.930527][ C1] RSP: 0018:ffffc90000107a40 EFLAGS: 00000206 [ 279.936574][ C1] RAX: 0000000000000001 RBX: 0000000000000000 RCX: cce85cc79f5d9b00 [ 279.944529][ C1] RDX: 0000000000000000 RSI: ffffffff8aaace60 RDI: ffffffff8afc6b00 [ 279.952511][ C1] RBP: ffffc90000107b48 R08: dffffc0000000000 R09: 1ffffffff21b50a0 [ 279.960468][ C1] R10: dffffc0000000000 R11: fffffbfff21b50a1 R12: 1ffff92000020f54 [ 279.968420][ C1] R13: ffffffff8cd2fee0 R14: 0000000000000246 R15: dffffc0000000000 [ 279.976401][ C1] ? batadv_nc_worker+0xd2/0x610 [ 279.981333][ C1] ? read_lock_is_recursive+0x20/0x20 [ 279.986698][ C1] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 279.992672][ C1] ? batadv_nc_worker+0xd2/0x610 [ 279.997627][ C1] batadv_nc_worker+0xef/0x610 [ 280.002378][ C1] ? batadv_nc_worker+0xd2/0x610 [ 280.007300][ C1] ? process_scheduled_works+0x957/0x15b0 [ 280.013056][ C1] process_scheduled_works+0xa45/0x15b0 [ 280.018614][ C1] ? assign_work+0x400/0x400 [ 280.023189][ C1] ? assign_work+0x39e/0x400 [ 280.027763][ C1] worker_thread+0xa55/0xfc0 [ 280.032350][ C1] kthread+0x2fa/0x390 [ 280.036400][ C1] ? pr_cont_work+0x560/0x560 [ 280.041064][ C1] ? kthread_blkcg+0xd0/0xd0 [ 280.045636][ C1] ret_from_fork+0x48/0x80 [ 280.050039][ C1] ? kthread_blkcg+0xd0/0xd0 [ 280.054611][ C1] ret_from_fork_asm+0x11/0x20 [ 280.059365][ C1] [ 280.062379][ C1] rcu: rcu_preempt kthread starved for 10469 jiffies! g20897 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0 [ 280.073552][ C1] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 280.083499][ C1] rcu: RCU grace-period kthread stack dump: [ 280.089362][ C1] task:rcu_preempt state:R running task stack:27624 pid:17 ppid:2 flags:0x00004000 [ 280.100111][ C1] Call Trace: [ 280.103374][ C1] [ 280.106288][ C1] __schedule+0x14d2/0x44d0 [ 280.110785][ C1] ? asan.module_dtor+0x20/0x20 [ 280.115616][ C1] ? enqueue_timer+0x4ab/0x530 [ 280.120359][ C1] ? __mod_timer+0x984/0xdb0 [ 280.124933][ C1] schedule+0xbd/0x170 [ 280.128982][ C1] schedule_timeout+0x160/0x280 [ 280.133814][ C1] ? console_conditional_schedule+0x40/0x40 [ 280.139680][ C1] ? _raw_spin_unlock_irqrestore+0x86/0x110 [ 280.145552][ C1] ? update_process_times+0x1b0/0x1b0 [ 280.150926][ C1] ? prepare_to_swait_event+0x339/0x360 [ 280.156481][ C1] rcu_gp_fqs_loop+0x302/0x1560 [ 280.161320][ C1] ? rcu_gp_init+0x110e/0x1510 [ 280.166086][ C1] ? dyntick_save_progress_counter+0x2b0/0x2b0 [ 280.172235][ C1] ? rcu_gp_init+0x1510/0x1510 [ 280.176994][ C1] ? rcu_gp_cleanup+0xb4c/0xca0 [ 280.181840][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 280.187025][ C1] ? lockdep_hardirqs_on+0x98/0x150 [ 280.192236][ C1] rcu_gp_kthread+0x99/0x380 [ 280.196825][ C1] ? rcu_report_qs_rsp+0x1a0/0x1a0 [ 280.201924][ C1] ? __kthread_parkme+0x7a/0x1c0 [ 280.206850][ C1] ? __kthread_parkme+0x162/0x1c0 [ 280.211865][ C1] kthread+0x2fa/0x390 [ 280.215920][ C1] ? rcu_report_qs_rsp+0x1a0/0x1a0 [ 280.221025][ C1] ? kthread_blkcg+0xd0/0xd0 [ 280.225594][ C1] ret_from_fork+0x48/0x80 [ 280.229991][ C1] ? kthread_blkcg+0xd0/0xd0 [ 280.234566][ C1] ret_from_fork_asm+0x11/0x20 [ 280.239320][ C1] [ 280.242318][ C1] rcu: Stack dump where RCU GP kthread last ran: [ 280.248626][ C1] Sending NMI from CPU 1 to CPUs 0: [ 280.253837][ C0] NMI backtrace for cpu 0 [ 280.253857][ C0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted syzkaller #0 [ 280.253870][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 280.253878][ C0] RIP: 0010:pv_native_safe_halt+0x13/0x20 [ 280.253904][ C0] Code: cc cc cc cc cc cc cc f3 0f 1e fa 0f 0b 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 66 90 0f 00 2d c3 64 39 00 f3 0f 1e fa fb f4 cc cc cc cc cc cc cc cc cc cc cc cc 66 0f 1f 00 55 41 57 41 56 [ 280.253915][ C0] RSP: 0018:ffffffff8ca07d80 EFLAGS: 000002c2 [ 280.253927][ C0] RAX: 8d847d3bfe461300 RBX: ffffffff816187ab RCX: 8d847d3bfe461300 [ 280.253938][ C0] RDX: 0000000000000001 RSI: ffffffff8aaabce0 RDI: ffffffff8afc6b00 [ 280.253947][ C0] RBP: ffffffff8ca07eb8 R08: ffff8880b8e36b2b R09: 1ffff110171c6d65 [ 280.253958][ C0] R10: dffffc0000000000 R11: ffffed10171c6d66 R12: ffffffff8e4a8d68 [ 280.253968][ C0] R13: 0000000000000000 R14: 0000000000000000 R15: 1ffffffff1952688 [ 280.253977][ C0] FS: 0000000000000000(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 [ 280.253988][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 280.253998][ C0] CR2: 00007fbbeffb7136 CR3: 0000000076039000 CR4: 00000000003506f0 [ 280.254009][ C0] DR0: ffffffffffffffff DR1: 00000000000001f8 DR2: 0000000000000101 [ 280.254019][ C0] DR3: ffffffffefffff15 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 280.254028][ C0] Call Trace: [ 280.254033][ C0] [ 280.254037][ C0] default_idle+0x13/0x20 [ 280.254051][ C0] default_idle_call+0x6c/0xa0 [ 280.254066][ C0] do_idle+0x1eb/0x510 [ 280.254085][ C0] ? idle_inject_timer_fn+0x60/0x60 [ 280.254101][ C0] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 280.254124][ C0] cpu_startup_entry+0x43/0x60 [ 280.254139][ C0] rest_init+0x2e2/0x300 [ 280.254153][ C0] ? time_init+0x40/0x40 [ 280.254169][ C0] arch_call_rest_init+0xe/0x10 [ 280.254187][ C0] start_kernel+0x459/0x4e0 [ 280.254206][ C0] x86_64_start_reservations+0x2a/0x30 [ 280.254221][ C0] x86_64_start_kernel+0x60/0x60 [ 280.254236][ C0] secondary_startup_64_no_verify+0x179/0x17b [ 280.254262][ C0]