last executing test programs: 16.232351815s ago: executing program 3 (id=1041): bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x15, 0x4, &(0x7f00000001c0)=ANY=[], 0x0, 0x4}, 0x90) socket$inet6(0xa, 0x2, 0x3a) readv(0xffffffffffffffff, 0x0, 0x0) syz_open_dev$tty1(0xc, 0x4, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000400)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) getsockopt$bt_l2cap_L2CAP_CONNINFO(r0, 0x6, 0x2, 0x0, &(0x7f0000000040)) 15.752222771s ago: executing program 3 (id=1044): mq_open(0x0, 0x0, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) add_key$user(0x0, 0x0, &(0x7f0000000000)='\x00', 0x1, 0xfffffffffffffffe) r0 = syz_open_dev$video4linux(&(0x7f0000000000), 0x0, 0x0) ioctl$VIDIOC_G_STD(r0, 0x80085617, 0x0) process_vm_readv(0x0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x36}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000000000)=""/95, 0x5f}], 0x1, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_open_dev$sg(&(0x7f0000000140), 0x7, 0x1) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f000021b000/0x18000)=nil, &(0x7f0000000100)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0) r4 = dup(r3) ioctl$KVM_SET_MSRS(r4, 0x4048aecb, &(0x7f0000000040)=ANY=[]) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) ioctl$KVM_RUN(r3, 0xae80, 0x0) 14.757530775s ago: executing program 3 (id=1046): syz_mount_image$udf(&(0x7f0000000f00), &(0x7f00000000c0)='./file1\x00', 0x210008, &(0x7f0000001040)=ANY=[@ANYBLOB='uid=', @ANYRESDEC=0x0, @ANYBLOB="2c756e64656c6574652c6e6f7672732c6164696e6963622c766f6c756d653d30303030303030303030303030303030303030322c7569643d666f726765742c6769643d666f726765742c6e6f7374726963742c6e6f7672732c0085f95733019d784ca386da1fd41ffabd4b47acca2b8d488be702157dd8711c31732d"], 0xff, 0xc2d, &(0x7f00000001c0)="$eJzs3U9sHNd9B/DfGy3FldxWTOwoThoXm7ZIZcVy9S+mYhXuqqbZBpBlIhRzC8AVSakLUyRBUo1spAXTSw89BCiKHnIi0BoFUjQwmiLokWldILn4UOTUE9HCRlD0wBYBcgoYzOxbcUmRNi2KEmV9Pjb13Z19b+a9eesZWdCbFwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAxB+8cun0mfSwWwEAPEhXRr96+qz7PwA8Vq76/38AAAAAAAAAAAAAADjoUhTxZKSYu7KWxqv3HfXL7b5bt8eGhrevdiRVNQ9V5cuf+pmz585/6YXBC9283J75gPr322fjtdGrlxovz96cm59aWJiabIzNtCdmJ6d2vYe91t/qZHUCGjdfvzV5/fpC4+zz5zZ9fHvg/f4njg9cHHz21DPdsmNDw8OjG0XqveVr99yQjp1meByOIk5Fiue+99PUiogi9n4u6g927Lc6UnXiZNWJsaHhqiPT7dbMYvnhSPdEFBGNnkrN7jnafiyi1vdA+7CzZsRS2fyywSfL7o3OteZb16anGiOt+cX2Ynt2ZiR1Wlv2pxFFXEgRyxGx2n/37vqiiFqk+M6xtXQtIg51z8MXq4nBO7ej2Mc+7kLZzkZfxHLxCIzZAdYfRbwaKX72zomYyNeZ6lrzhYhXy/xBxFtlvhSRyi/G+Yj3tvke8WiqRRF/WY7/xbU0WV0PuteVy19rfGXm+mxP2e515SPeH+66Ujyk+8ORLflgHPBrUz2KaFVX/LV077/ZAQAAAAAAAAAAAAAAAOB+OxJFfCZSvPIff1LNK45qXvqxi4N/OPCrvXPGn/6Q/ZRln4+IpWJ3c3IP54mBI2kkpYc8l/hxVo8i/jTP//vWw24MAAAAAAAAAAAAAAAAAADAY62In0SKF989kZajd03x9syNxtXWtenOqrDdtX+7a6avr6+vN1InmznHcy7lXM65knM1ZxS5fs5mzvGcSzmXc67kXM0Zh3L9nM2c4zmXci7nXMm5mjNquX7OZs7xnEs5l3Ou5FzNGQdk7V4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgI+TIor4RaT49jfWUqSIaEaMRydX+h926wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAUn8q4vuRovFHzTvbahGRqn87TpS/nI/m4TI/Gc3BMl+K5qWcrSprzW89hPazN32piB9Hiv7623cGPI9/X+fdna9BvPXNjXefrXXyUPfDgff7nzh+7OLg8G88vdPrtF0DTl5uz9y63RgbGh4e7dlcy0f/ZM+2gXzc4v50nYhYeOPN11vT01Pz9/6i/Arsofoj9CLVHpeeelG9iNqBaMbD6TuPgfL+/16k+N13/7N7w+/c/+vxK513d+7w8fM/27j/v7h1R7u8/9e21sv3//Kevt39/8mebS/m34301SLqizfn+o5H1BfeePNU+2brxtSNqZnzp09/eXDwy+dO9x2OqF9vT0/1vLovpwsAAAAAAAAAAAAAAADgwUlF/H6kaP14LTUi4nY1X2vg4uCzp545FIeq+Vab5m2/Nnr1UuPl2Ztz81MLC1OTjbGZ9sTs5NRuD1evpnuNDQ3vS2c+1JF9bv+R+suzc2/Mt2/88eK2nx+tX7q2sDjfmtj+4zgSRUSzd8vJqsFjQ8NVo6fbrZmq6si2k+k/ur5UxH9FionzjfT5vC3P/986w3/T/P+lrTvap/n/n+jZVh4zpSJ+Hil+56+ejs9X7Twad52zXO7vIsXJC5/L5eJwWa7bhs5zBTozA8uy/xcp/ukXm8t250M+uVH2zK5P7COiHP9jkeL7f/Hd+M28bfPzH7Yf/6Nbd7RP4/9Uz7ajm55XsOeuk8f/VKR46cm347fytg96/kf32RsncuE7z+fYp/H/VM+2gXzc374/XQcAAAAAAAAAAHik9aUi/j5S/HC4ll7I23bz9/8mt+5on/7+16d7tk3en/WKPvTFnk8qAAAAABwQfamIn0SKG4tv35lDvXn+d8/8z9/bmP85lLZ8Wv05369Vzw24n3/+12sgH3d8790GAAAAAAAAAAAAAAAAAACAAyWlIl7I66mPV/P5J3dcT30lUrzyP8/lcul4Wa67DvxA9Wv9yuzMqUvT07MTrcXWtempxuhca2KqrPtUpFj728/lukW1vnp3vfnOGu8ba7HPR4rhf+iW7azF3l2b/KmNsmfKsp+IFP/9j5vLdtex/tRG2bNl2b+JFF//l+3LHt8oe64s+91I8aOvN7plj5Zlu89H/fRG2ecnZot9GBUAAAAAAAAAAAAAAAAAAAAeN32piD+PFP97c/nOXP68/n9fz9vKW9/sWe9/i9vVOv8D1fr/O72+l/X/q+cKLO10VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+HhKUcSbkWLuylpa6S/fd9Qvt2du3R4bGt6+2pFU1TxUlS9/6mfOnjv/pRcGL3Tzg+vfb5+J10avXmq8PHtzbn5qYWFqsjE2056YnZza9R72Wn+rk9UJaNx8/dbk9esLjbPPn9v08e2B9/ufOD5wcfDZU890y44NDQ+P9pSp9d3z0e+Sdth+OIr460jx3Pd+mn7YH1HE3s/Fh3x39tuRqhMnq06MDQ1XHZlut2YWyw9HuieiiGj0VGp2z9EDGIs9aUYslc0vG3yy7N7oXGu+dW16qjHSml9sL7ZnZ0ZSp7VlfxpRxIUUsRwRq/13764ving9Unzn2Fr61/6IQ93z8MUro189fXbndhT72MddKNvZ6ItYLh6BMTvA+qOIf44UP3vnRPxbf0QtOj/xhYhXy/xBxFvRGe9UfjHOR7y3zfeIR1Mtivj/cvwvrqV3+svrQfe6cvlrja/MXJ/tKdu9rjzy94cH6YBfm+pRxI+qK/5a+nf/XQMAAAAAAAAAAAAAAAAcIEX8eqR48d0TqZoffGdOcXvmRuNq69p0Z1pfd+5fd870+vr6eiN1splzPOdSzuWcKzlXc0aR6+dslllfXx/P75dyLudcybmaMw7l+jmbOcdzLuVczrmSczVn1HL9nM2c4zmXci7nXMm5mjMOyNw9AAAAAAAAAAAAAAAAAADg46Wo/knx7W+spfX+zvrS49HJFeuBfuz9MgAA//8hX/ir") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='blkio.throttle.io_serviced\x00', 0x275a, 0x0) syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000580)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581", @ANYRES16], 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) syz_usb_control_io$hid(r1, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="00220f000000079b4d3948019f0b6d011fe4021a79fe234468a19ad19669b8d71782da4613fae22eef5d0756"], 0x0}, 0x0) r2 = syz_open_dev$hiddev(&(0x7f0000000d40), 0x0, 0x0) ioctl$HIDIOCGPHYS(r2, 0x4004480f, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0xc0086c43, &(0x7f0000000080)=0x700) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r3, &(0x7f0000000180), 0x40001) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r4, &(0x7f0000000180), 0x20002189) 11.631245367s ago: executing program 3 (id=1061): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000740)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, &(0x7f00000006c0), 0xfe, 0x246, &(0x7f0000000ac0)="$eJzs3T9oM2UcB/DvXRJf+75BXnURxD8gIloor5vg8rooFKQUEUGFioiL0gq1xa1xcnHQWaWTSxE3q6N0KS6K4FS1Q10ELQ4WBx0iybVS24ja1Jz0Ph+43l3vee73HLnvkyyXBGisq0muJ2klmU7SSVIcb3B3tVw93F2f2l5I+v0nfiqG7ar9ylG/K0l6SR5KslUWeamdrG4+s/fLzmP3vbnSuff9zaenJnqRh/b3dh8/eG/ujY9mH1z94qsf5opcT/dP13X+ihH/axfJLf9Fsf+Jol33CPgn5l/78OtB7m9Ncs8w/52UqV68t5Zv2OrkgXf/qu/bP355+yTHCpy/fr8zeA/s9YHGKZN0U5QzSartspyZqT7Df9O6XL68tPzq9ItLK4sv1D1TAeelm+w++smlj6+cyP/3rSr/wMU1yP+T8xvfDrYPWnWPBpiIO6rVIP/Tz63dH/mHxpF/aC75h+aSf2gu+Yfmkn9oLvmHC6xztNEbeVj+obnkH5pL/qG5jucfAGiW/qW6n0AG6lL3/AMAAAAAAAAAAAAAAAAAAJy2PrW9cLRMquZn7yT7jyRpj6rfGv4ecXLj8O/ln4tBsz8UVbexPHvXmCcY0wc1P31903f11v/8znrrry0mvdeTXGu3T99/xeH9d3Y3/83xzvNjFviXihP7Dz812fon/bZRb/3ZneTTwfxzbdT8U+a24Xr0/NM9/hXLZ/TKr2OeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIn5PQAA//8PK23M") creat(&(0x7f0000000e00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1) link(&(0x7f0000001240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000bc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') rename(&(0x7f0000000600)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000f40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') open(&(0x7f0000000080)='./bus\x00', 0xa942, 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r2 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) r3 = dup(r1) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) 9.264479902s ago: executing program 3 (id=1070): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f00000004c0)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000000), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0) mknodat(r0, &(0x7f00000003c0)='./file0\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./bus\x00') r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) mkdir(&(0x7f0000000240)='./bus\x00', 0x0) chdir(&(0x7f00000003c0)='./bus\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.events\x00', 0x275a, 0x0) renameat2(r1, &(0x7f00000001c0)='./file0\x00', r1, &(0x7f0000000200)='./bus/file0\x00', 0x0) link(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080)='./bus\x00') r2 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) getdents64(r2, &(0x7f0000000180)=""/105, 0x69) 9.15484208s ago: executing program 1 (id=1072): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x0, 0x0) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r4 = openat$cgroup_procs(r3, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r4, &(0x7f0000000080), 0x12) 7.401098841s ago: executing program 1 (id=1077): sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f00000003c0)={&(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffa000/0x2000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ff7000/0x4000)=nil, &(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffa000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff9000/0x3000)=nil, &(0x7f0000400000/0xc00000)=nil, &(0x7f0000000300), 0x0, r0}, 0x68) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) unshare(0x20000400) socket$inet6_udp(0xa, 0x2, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/tty/drivers\x00', 0x0, 0x0) ptrace$peeksig(0x4209, 0x0, &(0x7f0000000100)={0x0, 0x1}, 0x0) r2 = syz_io_uring_setup(0x4172, 0x0, &(0x7f0000000100), 0x0) io_uring_enter(r2, 0x539d, 0x0, 0x0, 0x0, 0xffffffffffffff4a) shutdown(r1, 0x0) recvmmsg(r1, &(0x7f0000000840)=[{{0x0, 0x0, 0x0}}], 0x414, 0x0, 0x0) request_key(0x0, 0x0, 0x0, 0xfffffffffffffffe) 7.324501206s ago: executing program 0 (id=1078): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff"], 0x15) r2 = dup(r1) mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000440)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}}) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="a8"], 0xa8) write$FUSE_DIRENTPLUS(r2, &(0x7f0000000640)=ANY=[@ANYBLOB="6801"], 0x168) write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_BMAP(r2, &(0x7f00000000c0)={0x18}, 0x18) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f0000000480)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@access_any}]}}) r3 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) fsync(r3) 7.240025772s ago: executing program 0 (id=1080): syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000000)='./file0\x00', 0x2010000, &(0x7f0000000740)={[{@shortname_lower}, {@utf8no}, {@iocharset={'iocharset', 0x3d, 'cp852'}}, {@uni_xlate}, {@fat=@codepage={'codepage', 0x3d, '932'}}, {@iocharset={'iocharset', 0x3d, 'macceltic'}}, {@shortname_winnt}, {@shortname_mixed}, {@numtail}, {@iocharset={'iocharset', 0x3d, 'cp932'}}, {@shortname_lower}, {@uni_xlate}, {@uni_xlate}, {@iocharset={'iocharset', 0x3d, 'cp1255'}}, {@iocharset={'iocharset', 0x3d, 'cp850'}}]}, 0x2d, 0x342, &(0x7f00000003c0)="$eJzs3U1oHGUYB/BnO2k2DdTkIBT14OpNkNJEPOgpoVQo5qCVpX5cXOzWj8xa2MWFeMg2F8Wj4kXQk7ce9NizeBDx5sGrFaQqXuyt0OLI7kz2I7trUnFTP36/Q3h45v3P+85myE5C8ubltdi8cDQu3rhxPRYWSjG3dnotbpZiOY5EErnLAQD8l9zMsvgty+0/+oPF3Wp+xusCAGan9/7/6vFBo3w3VwMAHIYDfv//zMTupZktCwCYobH3/4dHDu/5Mf9c/3cCAIB/r+deePHp9Y2Ic5XKQkTj3Xa1XY0nB8fXL8brkUY9TsVS3I7IHxTyp4Xux6fObpw5Ven6aTmq3US7GtHotKv5k8J60suXYyWWYrnIZ/180s2v9PKViLjc6c0fjVK7ejQWi/m/X4x6rMZS3DuWjzi7cWa1Upyg2tjNdyJ2YmH3IrrrPxlL8e0rcSnSuBDd7GD92yuVyulsYyTfvlLujQMAAAAAAAAAAAAAAAAAAAAAgFk4Welb7u9/kzU67XfO7R2wPLI/TjU/XOwPtJPvD5SVd3fneS/Zuz/Q6P487epcHLmrVw4AAAAAAAAAAAAAAAAAAAD/HK2t+ailab15/oHIi9bW25u1NO3sFvVm682vP/vyWNSHOt3ijWTQibn8dCNjil4MpZLox7N+PEtGxhRFEjEYfOVqf8XDY8r9qxiLd4vy2KFSsaZamh5/6MePSxNSvw86STSnnLkoSsX8Q4ca9+StP0lNL1b3GXMty7Jp8e2PxlNRipgb+8T9HcVX11+777HWicd7nS+KTR8eeXTp/LUPP/1ls5ZG8dKk6XyzdTv7y3MlQ/dPqXidi1M/uH98Z9DZaba2asl3vz5///vf7BmcTL5/suHOW9Pn+nxvZz4vuss8yJUenXDzTy5eutW/e+/8xTzxyVrt6vYPPx80NfRFwkYdAAAAAAAAAAAAAAAAAABwKIb+VvwOPPHs7FYEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIdv8P//h4qdsc5BiludGD9UrjdbUyc/dqiXCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA/9gfAQAA//+qKncz") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file2\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) prlimit64(0x0, 0x3, 0x0, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x0, 0x0) prctl$PR_SET_UNALIGN(0x6, 0x3) getdents64(r3, &(0x7f00000001c0)=""/202, 0xff4) 7.239842482s ago: executing program 3 (id=1081): socket$nl_route(0x10, 0x3, 0x0) capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000}) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r0 = open(&(0x7f0000000280)='./bus\x00', 0x400141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x13, r0, 0x0) getrandom(&(0x7f0000000600)=""/274, 0xffffff4f, 0x0) execve(&(0x7f0000000280)='./file1\x00', 0x0, 0x0) syslog(0x0, 0x0, 0x0) syz_emit_ethernet(0x32, &(0x7f00000000c0)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x0, 0x10, 0x0, @gue={{0x2}}}}}}}, 0x0) creat(&(0x7f0000000040)='./file0\x00', 0x0) lchown(&(0x7f00000006c0)='./file0\x00', 0x0, 0xee01) 7.092750924s ago: executing program 2 (id=1083): r0 = syz_io_uring_setup(0x10d, &(0x7f0000000200), &(0x7f0000000380)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xff, 0xfffffffffffffffc}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f00000000c0)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r6 = socket$phonet_pipe(0x23, 0x5, 0x2) syz_io_uring_submit(r1, r2, &(0x7f0000000300)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r6, 0x0, 0x0}) io_uring_enter(r0, 0x3f70, 0x0, 0x0, 0x0, 0x0) 6.162543123s ago: executing program 2 (id=1085): prlimit64(0x0, 0xe, &(0x7f0000000280)={0xb, 0xc8}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r3 = inotify_init1(0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r4 = dup(r3) ioctl$sock_inet_udp_SIOCINQ(r4, 0x541b, 0x0) 6.051967151s ago: executing program 1 (id=1086): openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10) pselect6(0x40, &(0x7f0000000040), 0x0, &(0x7f0000000140)={0x1ff}, 0x0, 0x0) 5.061880084s ago: executing program 2 (id=1088): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r3, 0x0, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) r4 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r4, &(0x7f00000001c0)={0x600000000000000, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=ANY=[@ANYBLOB="02030009140000000000000000000000030006000000000002000000e00000020000000000000000030001000000000002000b00ac1414000000000000000000030005000000000002000000ac1e0001000000000000000004000400000000000000000000000000000000000000000000000000000000000400030000000000000000000000000000000000000000000000000000000000010018"], 0xa0}}, 0x0) 4.71216833s ago: executing program 1 (id=1089): ioctl$int_in(0xffffffffffffffff, 0x5452, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) epoll_create(0x0) shutdown(0xffffffffffffffff, 0x1) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000100)={0xd, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x8, 0x1, 0x68}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xe}, 0x80) syz_open_procfs(0x0, 0x0) 3.993264873s ago: executing program 0 (id=1091): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) r4 = fsopen(&(0x7f0000000000)='virtiofs\x00', 0x0) r5 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000040), 0x101100, 0x0) ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r5, 0xc0505405, &(0x7f0000000080)={{0x2, 0x3, 0xffff, 0x3, 0xec02}, 0x1, 0x8, 0x1}) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) 3.784124869s ago: executing program 1 (id=1092): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)) dup(r0) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r2 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$UHID_CREATE(r2, &(0x7f00000002c0)={0x0, {'syz0\x00', 'syz0\x00', 'syz1\x00', &(0x7f0000000540)=""/32, 0x20}}, 0x120) r3 = socket$nl_generic(0x10, 0x3, 0x10) socket$packet(0x11, 0x2, 0x300) pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f00000002c0)={0x3ff}, 0x0, 0x0) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000440)=ANY=[@ANYBLOB="1201000000000040341a0208009812ffff010902"], 0x0) syz_open_dev$hidraw(&(0x7f0000000080), 0x0, 0x0) close_range(r1, r3, 0x0) r4 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) close_range(r4, 0xffffffffffffffff, 0x0) 3.554662046s ago: executing program 4 (id=1093): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0x2, 0x0, 0x0, @mcast1}, {0xa, 0x0, 0x0, @mcast2}}}, 0x48) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(0xffffffffffffffff, 0xc01064b5, &(0x7f0000000140)={0x0}) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0) write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x0, 0x1c, &(0x7f0000000040)=ANY=[@ANYBLOB="0000000000000000b702000014000000b7030000030000008500000005000000bf0900000000000055090100000000009500000000000000b7020000000000007b2af0ff000000003609080000000000c39af0ffa0"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) ioctl$KVM_RUN(r3, 0xae80, 0x0) 2.908596894s ago: executing program 0 (id=1094): r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'bond0\x00', 0x0}) bind$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @random="df559fdab89a"}, 0x14) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x1, 0x803, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14) r5 = socket(0x1, 0x803, 0x0) socket$netlink(0x10, 0x3, 0x0) r6 = socket$netlink(0x10, 0x3, 0x0) r7 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r7, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={&(0x7f00000001c0)=ANY=[], 0x14}}, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r8, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x14) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000a00)=ANY=[@ANYBLOB="940000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="444dc9fe000000006400128009000100766c616e000000005400028006000100000000000c000200020000000a000000040004801c0003800c00010068e30000030000000c0001007f000000070000001c0004800c0001000200000060d506000c000100000000000200000008000500", @ANYRES32=r4, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r9], 0x94}}, 0x0) 2.906896074s ago: executing program 4 (id=1095): syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) ioctl$VIDIOC_QUERYMENU(0xffffffffffffffff, 0xc02c5625, &(0x7f0000000180)={0x8000, 0xc5f7, @value=0xe82}) r3 = add_key$user(&(0x7f0000000200), &(0x7f00000002c0)={'syz', 0x2}, &(0x7f0000000480)="a64547f02d24ef452b126e6b4ee0848331045276a2dada029f6feb61fefcc850639a2d2217a4c525abf430b2ff722f5cebae237de618f52f93495a5cdaa00f30b4da4148d4e0cad2831de99f500b35d48bbf6a414bfbeb4c4612c0a6", 0x5c, 0xffffffffffffffff) r4 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={r3, r4, r3}, &(0x7f00000000c0)=""/80, 0x50, 0x0) 2.796029342s ago: executing program 2 (id=1096): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001300)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000040000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd70a5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f20aae63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c707647fa8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680200000000000000c0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffff78124a9bbe3aea5cacd3325c8385f9ffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100b0fbb04852e62d16788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa60e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d97b37023bf0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbdf58e54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f587eb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb2f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcdc821aa8e8c5c39609ff9b4352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f88cab11e7ad87bece1f71d478b655e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e7204ffff000000000000671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b24c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba2000000000000e8013e862e9c0000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239bd00be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fbf3cd119ac06adb6597155ae47846892bb423d8c2b37068b6aa33ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261de87a4f5ed60a47f74a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7e7f00000000000000cac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b0a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000f841b35af2e300000000000000000000000000009cedd4fe3f4606b3610868827759342ba79e02f759eaf5539c0de35f6f0d544b8560730b6acd555d496212fb7bb9f55f4bd9761b4b229597b866457ce907b570cbc35b17f7d24468f347d96c623c732df4f7e35590c75f0334b76b28657499146b4d55d4120c082a227b7e22e287a68179174310e99c3751549a5efb93d535cd059909aec2f80f667a308b1d8e8e2c57351c5790519bce732ca5e203d93a50840e5283081b599546a05836"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x2e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_migrate_pages_start\x00', r0}, 0x10) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x9, &(0x7f0000000780)={&(0x7f0000000080)=@ipv4_newroute={0x30, 0x18, 0x35f32a6dfa748ddd, 0x0, 0x0, {}, [@RTA_ENCAP_TYPE={0x6, 0x15, 0x2}, @RTA_ENCAP={0xc, 0x16, 0x0, 0x1, @LWTUNNEL_IP6_FLAGS={0x6}}]}, 0x30}}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)) close(r3) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x2, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="b400000000000000791048000000008000a0000041000000950000000000000090153b9273123229c0426ed9e8106d155606482910e9f2309106e38a2bfa3e3cf76fc366ddbce3e0cc854a27cae7870c445de6150d3ecea420522b40d06189cb84766562032e922f13741f724c27d09e7067d072d357f8f24e19cc68043f93557d920b867d86c0348b670fef766dca9b2392753f2a6f8ef7c3734e55"], &(0x7f0000000080)='GPL\x00', 0x0, 0xffb9, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x40) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) 2.650133723s ago: executing program 2 (id=1097): socket$pppl2tp(0x18, 0x1, 0x1) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) r0 = syz_open_dev$video(&(0x7f0000000000), 0x7fffffff, 0x0) pread64(r0, &(0x7f0000000040)=""/238, 0xee, 0x0) ioctl$vim2m_VIDIOC_CREATE_BUFS(0xffffffffffffffff, 0xc100565c, &(0x7f0000000140)={0x0, 0x0, 0x4, {0x1, @vbi}}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000005840)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0x0, 0x0, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000040)={0x1, &(0x7f0000000340)=[{0x6, 0x0, 0x0, 0x67b}]}, 0x10) bind$inet6(r2, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r2, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r2, 0x84, 0x71, &(0x7f0000000400), &(0x7f00000006c0)=0x8) sendmmsg$inet(r1, &(0x7f0000000840)=[{{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000040)="08cc6c9ce466c22e1eec39a0ce755f74315fd0835e6dac41295fc8e6bcc815dcfa29479b2b85976c9d8cd311449bf8cb6724fbdc02665d0ff70a5f3affa2f0737435237283ee4d418ae2086ef14d21326c10298dacc6632cc901ba1a62d76beaf4cea7bb50f11e5b8effb91f090f53aed39b5ab90457e50cb46c", 0x7a}, {&(0x7f0000000240)="9d937efb8d41642b9cdf560143510312c81e6a9769bc358d4b9336a1a275e6addfb561c3eb35", 0x26}, {&(0x7f0000001880)="a96708116ced5e3df7e1a748cfeb9951051dc8949c1582746bb8d7657dd28c827db4c3915bf3489a27b8dfcbf55ca698737b9726dc472830e84c82e533484eeaadd72619d840ea578bc7746b0794561bcdb52ad57dc1423e974708f2bf4d8c6af9018ee558c702cc5ce01a736d73214ba1943af13361b14684360dcc0b5218a130017898a09f0f299bc3d104a19e49fbd781e5023a6235c3108ea33d68732f768d5dc0b01b4df6815eff7215d6ee7d2e25668ab3c3c85ed87c04a0712ee3d3", 0xbf}], 0x3}}], 0x1, 0x0) 2.326457617s ago: executing program 2 (id=1098): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000300)='mm_page_alloc\x00', r0}, 0x54) syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000140)='./file1\x00', 0x1000801, &(0x7f0000000840)=ANY=[], 0x2, 0x1ea, &(0x7f0000000600)="$eJzsmb2LE0EYxp+Z3eydhyg2FjYWHniit9ndqFxzxQmWgnCKWgZvDdFNIskKSUAw2NhYWgi2NpYWFlYW/gW2WqggWJjSThiZj2wmm02IHxjR9weZeebrnZmX5FnYgCCI/5aPH76+f3hu69IpAPuxjhXT/9nRtTg4Of/d4zsnH22ff/L87dPXzQN3X+bjMblGLL6/B+DVjoMUzDU7Tqxe1xW3NC6D44TRV8Dga/lNKHQjBsM1M+empVv7jEhi/3or2btRT+JAFqEsIllU7P3loYYDhj0Aq+p0QjBrvNPr36omSdzOi5IY7TM19KNiXv7U+XY4tjHKnhAyWVcf3B/ItskNAvAsfyE4QqMrYNg1egsr8H1/nBLr/kfccXxnkfsvVzxT4tDmn9pUf0GBv+Hu/7Ao/ZY4LN8jf9BZz+HhyAPtOZ+WfvefF8q4AEwNvVlLkgu/ENkrSFQmxv4knf245U8u3Mw/ymnjdrnT62/WG9VaXIubUVQ5G5wOgjNRWRmRLuf436rypzUrfmnGXI956FbTtB12gbQdZu1Il5bj7r5ofVFruPI/jo1jOgYzz6zsQZmDmQ9XtVQbTvHMezPvRBAEQRAEQRAEQRAEQRAEUcxRMOh/wgQzL0SLiC6qN5TfAwAA//9KnWb+") bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000500)='mm_lru_activate\x00'}, 0x10) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x43451) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write$cgroup_int(r1, 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) fadvise64(r2, 0xe0ffff, 0x4101, 0x3) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)) 2.060181867s ago: executing program 0 (id=1099): fcntl$getown(0xffffffffffffffff, 0x9) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) setsockopt$inet_sctp6_SCTP_RECVRCVINFO(0xffffffffffffffff, 0x84, 0x20, &(0x7f00000001c0)=0xb, 0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000040)='./file0/../file0/../file0\x00', &(0x7f00000002c0)='tracefs\x00', 0x0, 0x0) mount$tmpfs(0x0, &(0x7f0000000080)='./file0/../file0/../file0\x00', 0x0, 0x1218024, &(0x7f0000000000)=ANY=[@ANYBLOB='gid=', @ANYRESHEX=0xee01, @ANYBLOB=',uid=', @ANYRESHEX=0x0]) 1.947158535s ago: executing program 4 (id=1100): socket$nl_route(0x10, 0x3, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xf, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f}, 0x90) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe) io_uring_register$IORING_UNREGISTER_PERSONALITY(0xffffffffffffffff, 0xa, 0x0, 0x0) io_uring_register$IORING_UNREGISTER_PERSONALITY(0xffffffffffffffff, 0xa, 0x0, 0x0) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) process_vm_writev(0x0, &(0x7f0000000000), 0x0, &(0x7f0000121000), 0x0, 0x0) socket$pppoe(0x18, 0x1, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000007c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x5c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x1f}, @NFTA_SET_EXPR={0x20, 0x11, 0x0, 0x1, @connlimit={{0xe}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_CONNLIMIT_COUNT={0x8}]}}}]}], {0x14, 0x10}}, 0xa4}}, 0x0) 1.19738113s ago: executing program 0 (id=1101): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x4, 0x7fe2, 0x1}, 0x48) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=@newqdisc={0x9c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x4, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x6c, 0x2, {{}, [@TCA_NETEM_LOSS={0x30, 0x5, 0x0, 0x1, [@NETEM_LOSS_GE={0x14}, @NETEM_LOSS_GI={0x18, 0x1, {0x10}}]}, @TCA_NETEM_RATE={0x14, 0xd}, @TCA_NETEM_CORRUPT={0xc, 0x2}]}}}]}, 0x9c}}, 0x0) bpf$MAP_DELETE_ELEM(0x2, &(0x7f0000000400)={r0, &(0x7f00000007c0)="e8e9b0eb859c1da21b23b2fc311d16d77e5965fbe3ba76e8fc16f5927e621ec44807e05036674984857da723761133910e4aee292ed388bb0fee880da73c166e5c5b01bf4e152cccb7ce6d455bd2f6600303af86eda579f41b87370aaa2a717f9ca1a3c4f84db0bae5aac7a8b32cd9f4ef5cd93bf152594794b7ead5964cf148ee29398b3d1108ccaaed0e5d28ee33a0abcf20f4ff010000577559a89cfdbe062a16cb78421dcc42e6775131d640c7c92fc8af016bb73d6c8b22ba97aa28a7e47ae9a0d293d2f8be2e5dd22b08b9d91ab7ead47fd3f15cdfdecd474706bba9aa82708bbba2", 0x20000000}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x7, 0xc, &(0x7f0000000680)=ANY=[@ANYBLOB="401768aed15be9555fd60b9c89098b3d14901aeb7faae323688e8152c7b92fd68a98a02ed3b7093bc1e9a850aca0dcf8df64d9b1062d2e44aae642517fe1871eb51929b7e7503bbc624b95cec3dcb6dca8ffa9ae5aa2b45ee2a3252567b37d102b0db9bc72128a3237cf9c3fae5fb123c083d6467bb295f9b896b863172362473bb9d70f9838391324403a56dd2322ca3d83e323e99bf181bba55111b7c14bd62c360b8ce41d5da21c0949765ee93ba1b5381e93f7f3aa594a727864b098e4a16045bc05e4e7cb2fdb7977b6278ccb4e8e6c7fba23822cd7d3fd7f52c2cccaf1243e6bcea85fe9c3b4a503619a86d8915bb006495569887d8fde9a31b9", @ANYRES32=r0, @ANYRESOCT], 0x0, 0x1, 0x0, 0x0, 0x40f00, 0x22, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00'}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r4 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x1e7d, 0x319c, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r4, 0x0, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) syz_usb_control_io(r4, &(0x7f0000000400)={0x2c, &(0x7f0000000280)={0x0, 0x0, 0x7, {0x7, 0x0, "5a7da32917"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r4, 0x0, &(0x7f0000000440)={0x2c, 0x0, 0x0, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="20010001"], 0x0}) futex(&(0x7f0000004000), 0x5, 0x0, 0x0, &(0x7f0000004000), 0x82020000) 1.012152275s ago: executing program 4 (id=1102): r0 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYRESHEX, @ANYRES8, @ANYBLOB='\x00\x00'], 0x1c}, 0x1, 0x0, 0x0, 0x4000001}, 0x0) close(r0) r2 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301) ioctl$USBDEVFS_FREE_STREAMS(r2, 0x802c550a, &(0x7f0000000000)=ANY=[@ANYBLOB="02002303040000000000000002000020d3"]) r3 = open(&(0x7f0000000140)='./bus\x00', 0x400141142, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x12, r3, 0x0) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x802, 0x0) ioctl$BINDER_GET_EXTENDED_ERROR(r4, 0xc00c6211, 0x0) r5 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r6 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$VHOST_SET_FEATURES(r6, 0x4008af00, &(0x7f0000000000)=0x1d) ioctl$SNDRV_TIMER_IOCTL_TREAD(r5, 0x40045402, &(0x7f0000000100)=0x1) 1.001377725s ago: executing program 4 (id=1103): syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000340)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, &(0x7f00000004c0)={[{@debug}, {@i_version}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@noload}, {@orlov}, {@nobarrier}]}, 0xfe, 0x246, &(0x7f0000000ac0)="$eJzs3T9oM2UcB/DvXRJf+75BXnURxD8gIloor5vg8rooFKQUEUGFioiL0gq1xa1xcnHQWaWTSxE3q6N0KS6K4FS1Q10ELQ4WBx0iybVS24ja1Jz0Ph+43l3vee73HLnvkyyXBGisq0muJ2klmU7SSVIcb3B3tVw93F2f2l5I+v0nfiqG7ar9ylG/K0l6SR5KslUWeamdrG4+s/fLzmP3vbnSuff9zaenJnqRh/b3dh8/eG/ujY9mH1z94qsf5opcT/dP13X+ihH/axfJLf9Fsf+Jol33CPgn5l/78OtB7m9Ncs8w/52UqV68t5Zv2OrkgXf/qu/bP355+yTHCpy/fr8zeA/s9YHGKZN0U5QzSartspyZqT7Df9O6XL68tPzq9ItLK4sv1D1TAeelm+w++smlj6+cyP/3rSr/wMU1yP+T8xvfDrYPWnWPBpiIO6rVIP/Tz63dH/mHxpF/aC75h+aSf2gu+Yfmkn9oLvmHC6xztNEbeVj+obnkH5pL/qG5jucfAGiW/qW6n0AG6lL3/AMAAAAAAAAAAAAAAAAAAJy2PrW9cLRMquZn7yT7jyRpj6rfGv4ecXLj8O/ln4tBsz8UVbexPHvXmCcY0wc1P31903f11v/8znrrry0mvdeTXGu3T99/xeH9d3Y3/83xzvNjFviXihP7Dz812fon/bZRb/3ZneTTwfxzbdT8U+a24Xr0/NM9/hXLZ/TKr2OeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIn5PQAA//8PK23M") creat(0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000020240), 0x10010) 774.796752ms ago: executing program 1 (id=1104): r0 = syz_open_dev$vim2m(0x0, 0x400, 0x2) ioctl$vim2m_VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f0000000380)={0x1, @win={{0x0, 0x0, 0x0, 0x1000}, 0x0, 0x0, 0x0, 0x0, 0x0}}) mkdirat(0xffffffffffffff9c, 0x0, 0x0) socket(0x1e, 0x1, 0x0) connect$tipc(0xffffffffffffffff, &(0x7f0000000000)=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x10) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) r1 = socket$igmp6(0xa, 0x3, 0x2) ioctl$sock_inet6_SIOCADDRT(r1, 0x890b, &(0x7f00000000c0)={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @empty, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x0, 0x0, 0x9, 0x0, 0x0, 0x80330}) mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x10, r0, 0x1a182000) r2 = socket$inet6(0x10, 0x3, 0x0) sendto$inet6(r2, &(0x7f0000000000)='.', 0x1, 0x0, 0x0, 0x0) ioctl$sock_inet6_SIOCADDRT(r1, 0x890b, &(0x7f00000004c0)={@empty, @private2, @local, 0x0, 0x0, 0x8, 0x0, 0x0, 0x80000280}) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000080)=ANY=[], 0x2000011a) syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x33, 0x3c, 0x23, 0x40, 0x3fd, 0xebbe, 0xd20d, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x91, 0xcd, 0x64}}]}}]}}, 0x0) 0s ago: executing program 4 (id=1105): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = syz_init_net_socket$ax25(0x3, 0x2, 0x0) mknod$loop(&(0x7f0000000140)='./file0\x00', 0x0, 0x1) newfstatat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x0) setresuid(0x0, r4, 0x0) ioctl$SIOCAX25ADDUID(r3, 0x89e8, 0x0) kernel console output (not intermixed with test programs): 271.738813][ T6725] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 271.754665][ T6725] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 271.766458][ T6725] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 271.778572][ T6725] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 271.790939][ T6725] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 271.838454][ T6821] team0: Port device team_slave_0 added [ 272.131462][ T6821] team0: Port device team_slave_1 added [ 272.275188][ T4585] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 272.305597][ T6865] could not allocate digest TFM handle sha256-arm64-neon [ 272.398104][ T4585] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 272.411667][ T2988] Bluetooth: hci0: command 0x041b tx timeout [ 272.542663][ T6725] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 272.569925][ T6725] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 272.599803][ T6725] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 272.613502][ T6725] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 272.661924][ T6725] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 272.661964][ T6725] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 272.661989][ T6725] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 272.662020][ T6725] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 272.662040][ T6725] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 272.662056][ T6725] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 272.662106][ T6725] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 272.662123][ T6725] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 272.664527][ T6725] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 272.718699][ T6821] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 272.718715][ T6821] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 272.718736][ T6821] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 272.722857][ T6875] netlink: 7 bytes leftover after parsing attributes in process `syz.3.694'. [ 272.724755][ T6821] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 272.724770][ T6821] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 272.724791][ T6821] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 272.726877][ T3724] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 272.727531][ T3724] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 272.731307][ T6725] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 272.731337][ T6725] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 272.731361][ T6725] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 272.731384][ T6725] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 272.873323][ T6821] device hsr_slave_0 entered promiscuous mode [ 272.874355][ T6821] device hsr_slave_1 entered promiscuous mode [ 272.874997][ T6821] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 272.875104][ T6821] Cannot create hsr debugfs directory [ 272.944701][ T154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 272.944777][ T154] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 272.955743][ T4585] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 273.015777][ C0] vkms_vblank_simulate: vblank timer overrun [ 273.266353][ T4585] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 273.277819][ T4585] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 273.310431][ T4585] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 273.333414][ T400] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 273.421091][ T400] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 273.871541][ T400] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 274.047787][ T400] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 274.430558][ T1292] Bluetooth: hci0: command 0x040f tx timeout [ 275.048871][ T6821] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 275.066104][ T6821] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 275.089508][ T400] device hsr_slave_0 left promiscuous mode [ 275.095944][ T400] device hsr_slave_1 left promiscuous mode [ 275.102438][ T400] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 275.110150][ T400] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 275.117773][ T400] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 275.125641][ T400] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 275.134007][ T400] device bridge_slave_1 left promiscuous mode [ 275.140786][ T400] bridge0: port 2(bridge_slave_1) entered disabled state [ 275.148740][ T400] device bridge_slave_0 left promiscuous mode [ 275.155926][ T400] bridge0: port 1(bridge_slave_0) entered disabled state [ 275.166355][ T400] device hsr_slave_0 left promiscuous mode [ 275.176592][ T400] device hsr_slave_1 left promiscuous mode [ 275.183354][ T400] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 275.191599][ T400] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 275.199604][ T400] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 275.207220][ T400] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 275.214872][ T400] device bridge_slave_1 left promiscuous mode [ 275.221100][ T400] bridge0: port 2(bridge_slave_1) entered disabled state [ 275.228968][ T400] device bridge_slave_0 left promiscuous mode [ 275.236378][ T400] bridge0: port 1(bridge_slave_0) entered disabled state [ 275.248373][ T400] device veth1_macvtap left promiscuous mode [ 275.254898][ T400] device veth0_macvtap left promiscuous mode [ 275.262292][ T400] device veth1_vlan left promiscuous mode [ 275.268074][ T400] device veth0_vlan left promiscuous mode [ 275.275391][ T400] device veth1_macvtap left promiscuous mode [ 275.281596][ T400] device veth0_macvtap left promiscuous mode [ 275.287701][ T400] device veth1_vlan left promiscuous mode [ 275.294152][ T400] device veth0_vlan left promiscuous mode [ 275.499293][ T400] team0 (unregistering): Port device team_slave_1 removed [ 275.515739][ T400] team0 (unregistering): Port device team_slave_0 removed [ 275.527004][ T400] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 275.544336][ T400] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 275.606620][ T400] bond0 (unregistering): Released all slaves [ 275.693480][ T400] team0 (unregistering): Port device team_slave_1 removed [ 275.706667][ T400] team0 (unregistering): Port device team_slave_0 removed [ 275.719057][ T400] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 275.733322][ T400] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 275.792329][ T400] bond0 (unregistering): Released all slaves [ 275.833369][ T6821] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 275.843105][ T6821] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 275.915048][ T6821] 8021q: adding VLAN 0 to HW filter on device bond0 [ 275.928654][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 275.937232][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 275.974170][ T6821] 8021q: adding VLAN 0 to HW filter on device team0 [ 275.990555][ T3724] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 275.999140][ T3724] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 276.008230][ T3724] bridge0: port 1(bridge_slave_0) entered blocking state [ 276.015304][ T3724] bridge0: port 1(bridge_slave_0) entered forwarding state [ 276.034384][ T3724] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 276.042859][ T3724] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 276.052543][ T3724] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 276.061653][ T3724] bridge0: port 2(bridge_slave_1) entered blocking state [ 276.068691][ T3724] bridge0: port 2(bridge_slave_1) entered forwarding state [ 276.076630][ T3724] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 276.087845][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 276.120469][ T4267] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 276.143609][ T4267] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 276.153159][ T4267] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 276.162263][ T4267] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 276.170783][ T4267] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 276.179337][ T4267] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 276.187945][ T4267] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 276.196540][ T4267] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 276.205964][ T4267] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 276.219021][ T6821] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 276.302024][ T3607] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 276.309517][ T3607] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 276.334205][ T6821] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 276.364162][ T3607] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 276.375020][ T3607] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 276.394053][ T3607] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 276.404467][ T3607] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 276.415099][ T6821] device veth0_vlan entered promiscuous mode [ 276.422565][ T3607] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 276.431160][ T3607] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 276.443941][ T6821] device veth1_vlan entered promiscuous mode [ 276.483766][ T3607] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 276.493219][ T3607] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 276.501288][ T3607] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 276.509625][ T3607] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 276.520254][ T13] Bluetooth: hci0: command 0x0419 tx timeout [ 276.527630][ T6821] device veth0_macvtap entered promiscuous mode [ 276.537971][ T6821] device veth1_macvtap entered promiscuous mode [ 276.554117][ T6821] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 276.564739][ T6821] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 276.574920][ T6821] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 276.585451][ T6821] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 276.596024][ T6821] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 276.606738][ T6821] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 276.616849][ T6821] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 276.627306][ T6821] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 276.637550][ T6821] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 276.648038][ T6821] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 276.659289][ T6821] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 276.686545][ T3607] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 276.696095][ T3607] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 276.706427][ T3607] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 276.715156][ T3607] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 276.724827][ T6821] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 276.735398][ T6821] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 276.745461][ T6821] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 276.756505][ T6821] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 276.766610][ T6821] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 276.777311][ T6821] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 276.787184][ T6821] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 276.798167][ T6821] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 276.808021][ T6821] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 276.819362][ T6821] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 276.830873][ T6821] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 276.842874][ T6821] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 276.851838][ T6821] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 276.861243][ T6821] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 276.870121][ T6821] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 276.880107][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 276.888647][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 276.953536][ T3607] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 276.977037][ T3607] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 276.986438][ T3724] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 277.006095][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 277.013886][ T3724] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 277.026476][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 277.128962][ T6907] loop3: detected capacity change from 0 to 1024 [ 277.371079][ T6907] hfsplus: part requires an argument [ 277.384340][ T6907] hfsplus: unable to parse mount options [ 278.239805][ T1292] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 278.509870][ T1292] usb 1-1: Using ep0 maxpacket: 8 [ 278.539421][ T6907] loop3: detected capacity change from 0 to 32768 [ 278.650206][ T1292] usb 1-1: New USB device found, idVendor=0681, idProduct=0010, bcdDevice=ab.e9 [ 278.662992][ T1292] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 278.678395][ T1292] usb 1-1: config 0 descriptor?? [ 278.945294][ T1292] usb 1-1: USB disconnect, device number 10 [ 279.474715][ T6919] loop3: detected capacity change from 0 to 64 [ 281.408467][ T6938] tap0: tun_chr_ioctl cmd 1074025677 [ 281.417295][ T6938] tap0: linktype set to 776 [ 281.507650][ T6941] hfs: request for non-existent node 1280 in B*Tree [ 281.514737][ T6941] hfs: request for non-existent node 1280 in B*Tree [ 281.676418][ T6938] tap0: tun_chr_ioctl cmd 2147767517 [ 282.366178][ T6948] input: syz1 as /devices/virtual/input/input8 [ 282.538905][ T3561] udevd[3561]: setting owner of /dev/input/event4 to uid=0, gid=104 failed: No such file or directory [ 285.784286][ T6987] loop2: detected capacity change from 0 to 256 [ 286.469878][ T5062] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 288.463268][ T7001] loop3: detected capacity change from 0 to 1024 [ 288.617505][ T7001] EXT4-fs (loop3): Quota format mount options ignored when QUOTA feature is enabled [ 288.672366][ T7005] device syzkaller1 entered promiscuous mode [ 288.682958][ T7001] EXT4-fs (loop3): mounted filesystem without journal. Opts: bsddf,debug_want_extra_isize=0x0000000000000084,resuid=0x0000000000000000,max_batch_time=0x0000000000000007,lazytime,jqfmt=vfsold,usrquota,data_err=abort,,errors=continue. Quota mode: writeback. [ 288.890207][ T5062] usb 5-1: unable to read config index 0 descriptor/all [ 288.910775][ T5062] usb 5-1: can't read configurations, error -71 [ 289.296258][ T7024] loop0: detected capacity change from 0 to 2048 [ 289.447271][ T7024] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 289.490791][ T7024] ext4 filesystem being mounted at /8/file0 supports timestamps until 2038 (0x7fffffff) [ 289.951023][ T26] audit: type=1800 audit(1725547920.738:60): pid=7034 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.734" name="bus" dev="loop0" ino=18 res=0 errno=0 [ 290.143094][ T26] audit: type=1800 audit(1725547920.738:61): pid=7034 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.734" name="bus" dev="loop0" ino=18 res=0 errno=0 [ 291.525947][ T7060] loop1: detected capacity change from 0 to 256 [ 291.582275][ T7064] xt_TCPMSS: Only works on TCP SYN packets [ 291.601462][ T7064] netlink: 4 bytes leftover after parsing attributes in process `syz.2.746'. [ 291.619494][ T7067] loop0: detected capacity change from 0 to 256 [ 291.627207][ T7060] exfat: Bad value for 'uid' [ 291.680433][ T7067] exfat: Unknown parameter '' [ 291.694674][ T7065] loop3: detected capacity change from 0 to 4096 [ 292.241503][ T7079] loop1: detected capacity change from 0 to 512 [ 292.552563][ T7067] loop0: detected capacity change from 0 to 4096 [ 292.759944][ T7067] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 292.772728][ T7067] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 4096) [ 292.795624][ T7086] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 293.341208][ T5062] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 293.488379][ T7093] netlink: 8 bytes leftover after parsing attributes in process `syz.2.754'. [ 293.672935][ T7103] loop3: detected capacity change from 0 to 512 [ 294.400313][ T5062] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 294.555359][ T7109] Process accounting resumed [ 294.582379][ T7103] EXT4-fs (loop3): 1 truncate cleaned up [ 294.588245][ T7103] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 294.672763][ T5062] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 294.689305][ T5062] usb 5-1: New USB device found, idVendor=046d, idProduct=c71b, bcdDevice= 0.00 [ 294.698542][ T5062] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 294.803578][ T26] audit: type=1326 audit(1725547925.588:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7114 comm="syz.1.761" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f97fe86fef9 code=0x0 [ 294.864361][ T5062] usb 5-1: config 0 descriptor?? [ 295.387774][ T7117] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 295.722232][ T5062] logitech-djreceiver 0003:046D:C71B.000A: unknown main item tag 0x0 [ 295.739779][ T5062] logitech-djreceiver 0003:046D:C71B.000A: unknown main item tag 0x0 [ 295.747887][ T5062] logitech-djreceiver 0003:046D:C71B.000A: unknown main item tag 0x0 [ 295.803524][ T5062] logitech-djreceiver 0003:046D:C71B.000A: unknown main item tag 0x0 [ 295.818110][ T7133] netlink: 'syz.0.763': attribute type 3 has an invalid length. [ 295.832548][ T7133] netlink: 'syz.0.763': attribute type 3 has an invalid length. [ 295.882905][ T5062] logitech-djreceiver 0003:046D:C71B.000A: unknown main item tag 0x0 [ 295.925851][ T5062] logitech-djreceiver 0003:046D:C71B.000A: unknown main item tag 0x0 [ 295.970244][ T5062] logitech-djreceiver 0003:046D:C71B.000A: unknown main item tag 0x0 [ 296.354501][ T5062] usb 5-1: USB disconnect, device number 9 [ 297.754249][ T7150] netlink: 4 bytes leftover after parsing attributes in process `syz.4.769'. [ 297.944780][ T7154] loop0: detected capacity change from 0 to 1764 [ 299.820456][ T7167] loop3: detected capacity change from 0 to 2048 [ 300.279056][ T7177] loop1: detected capacity change from 0 to 256 [ 300.570155][ T7167] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 300.630599][ T26] audit: type=1804 audit(1725547931.408:63): pid=7177 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.775" name="/newroot/15/bus/bus/bus" dev="loop1" ino=1048723 res=1 errno=0 [ 300.708322][ T7185] netlink: 60 bytes leftover after parsing attributes in process `syz.4.778'. [ 300.789039][ T26] audit: type=1804 audit(1725547931.468:64): pid=7184 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.775" name="/newroot/15/bus/bus/bus" dev="loop1" ino=1048723 res=1 errno=0 [ 302.481672][ T5062] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 302.730030][ T5062] usb 1-1: Using ep0 maxpacket: 8 [ 302.849877][ T5062] usb 1-1: config 179 has an invalid interface number: 65 but max is 0 [ 302.864276][ T5062] usb 1-1: config 179 has no interface number 0 [ 302.889803][ T5062] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 302.928663][ T5062] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 302.955614][ T5062] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 302.969111][ T5062] usb 1-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 302.993647][ T5062] usb 1-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 303.230084][ T13] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 303.560612][ T13] usb 4-1: Using ep0 maxpacket: 16 [ 303.647414][ T5062] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 303.670036][ T7191] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 303.731177][ T13] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 303.924343][ T5062] input: Generic X-Box pad as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:179.65/input/input9 [ 303.937841][ T7227] loop1: detected capacity change from 0 to 4096 [ 303.943784][ T13] usb 4-1: New USB device found, idVendor=0e20, idProduct=0101, bcdDevice=7a.5a [ 303.978213][ T13] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 304.029656][ T13] usb 4-1: Product: syz [ 304.044596][ T13] usb 4-1: Manufacturer: syz [ 304.055570][ T13] usb 4-1: SerialNumber: syz [ 304.072859][ T13] usb 4-1: config 0 descriptor?? [ 304.078177][ T7236] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 304.131701][ T13] pegasus_notetaker: probe of 4-1:0.0 failed with error -12 [ 304.199180][ T7231] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 304.245719][ T5062] usb 1-1: USB disconnect, device number 11 [ 304.259751][ C1] xpad 1-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 304.268908][ C1] xpad 1-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 304.280916][ T5062] xpad 1-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 304.333943][ T3610] usb 4-1: USB disconnect, device number 7 [ 304.521999][ T7248] loop2: detected capacity change from 0 to 256 [ 305.254145][ T3613] Bluetooth: hci1: command 0x0406 tx timeout [ 305.314794][ T7252] loop2: detected capacity change from 0 to 512 [ 305.330824][ T7257] loop1: detected capacity change from 0 to 512 [ 305.901149][ T7265] xt_ecn: cannot match TCP bits for non-tcp packets [ 306.180059][ T7252] EXT4-fs (loop2): Unrecognized mount option "obj_type=" or missing value [ 306.331660][ T7257] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 306.343042][ T7257] ext4 filesystem being mounted at /20/bus supports timestamps until 2038 (0x7fffffff) [ 307.218926][ T7278] loop3: detected capacity change from 0 to 64 [ 307.241665][ T7276] loop0: detected capacity change from 0 to 1024 [ 307.274835][ T7281] loop2: detected capacity change from 0 to 512 [ 307.332758][ T7283] loop1: detected capacity change from 0 to 512 [ 307.350534][ T7281] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 307.358413][ T7276] hfsplus: extend alloc file! (8192,65536,366) [ 307.394461][ T7281] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #16: comm syz.2.804: invalid indirect mapped block 83886080 (level 1) [ 307.424752][ T7281] EXT4-fs (loop2): 1 orphan inode deleted [ 307.466108][ T7281] EXT4-fs (loop2): 1 truncate cleaned up [ 307.505533][ T7283] EXT4-fs error (device loop1): ext4_fill_super:4840: inode #2: comm syz.1.803: iget: special inode unallocated [ 307.524605][ T7281] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 307.550011][ T7283] EXT4-fs (loop1): get root inode failed [ 307.568197][ T7283] EXT4-fs (loop1): mount failed [ 307.581168][ T7281] EXT4-fs error (device loop2): __ext4_get_inode_loc:4320: comm syz.2.804: Invalid inode table block 5 in block_group 0 [ 307.623627][ T7287] kvm: vcpu 0: requested 394 ns lapic timer period limited to 200000 ns [ 307.770979][ T6551] EXT4-fs error (device loop2): htree_dirblock_to_tree:1112: inode #2: block 13: comm syz-executor: bad entry in directory: rec_len is too small for name_len - offset=12, inode=2, rec_len=12, size=1024 fake=0 [ 307.963301][ T7283] loop1: detected capacity change from 0 to 256 [ 308.130068][ T3613] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 308.589976][ T3613] usb 4-1: config index 0 descriptor too short (expected 23569, got 27) [ 308.619359][ T3613] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 308.730097][ T3613] usb 4-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 308.739161][ T3613] usb 4-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 308.761134][ T3613] usb 4-1: Manufacturer: syz [ 308.768684][ T3613] usb 4-1: config 0 descriptor?? [ 308.846424][ T3607] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 308.939842][ T4390] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 308.945955][ T3613] rc_core: IR keymap rc-hauppauge not found [ 308.953443][ T3613] Registered IR keymap rc-empty [ 308.960985][ T3607] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 308.973859][ T3613] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0 [ 308.986979][ T3613] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input11 [ 309.054654][ T3607] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 309.077152][ T7289] udc-core: couldn't find an available UDC or it's busy [ 309.096554][ T7289] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 309.155960][ T3607] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 309.200443][ T4519] usb 4-1: USB disconnect, device number 8 [ 309.340030][ T4390] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 309.399854][ T4390] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 309.480224][ T4390] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 309.539187][ T4390] usb 1-1: New USB device found, idVendor=20d6, idProduct=cb17, bcdDevice= 0.00 [ 309.574014][ T4390] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 309.636952][ T4390] usb 1-1: config 0 descriptor?? [ 309.776158][ T7313] chnl_net:caif_netlink_parms(): no params data found [ 309.840808][ T7323] x_tables: duplicate underflow at hook 1 [ 309.853043][ T7323] IPVS: set_ctl: invalid protocol: 108 172.20.20.187:20004 [ 310.093881][ T7332] loop1: detected capacity change from 0 to 1024 [ 310.126620][ T7313] bridge0: port 1(bridge_slave_0) entered blocking state [ 310.139897][ T7313] bridge0: port 1(bridge_slave_0) entered disabled state [ 310.148242][ T7313] device bridge_slave_0 entered promiscuous mode [ 310.161923][ T4390] hid-udraw 0003:20D6:CB17.000B: unknown main item tag 0x0 [ 310.186537][ T7332] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpquota,debug_want_extra_isize=0x0000000000000088,resuid=0x0000000000000000,max_batch_time=0x0000000000000003,lazytime,usrquota,data_err=abort,data_err=abort,,errors=continue. Quota mode: writeback. [ 310.191259][ T4390] input: THQ uDraw Game Tablet for PS3 Joypad as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:20D6:CB17.000B/input/input12 [ 310.579274][ T7313] bridge0: port 2(bridge_slave_1) entered blocking state [ 310.621249][ T7313] bridge0: port 2(bridge_slave_1) entered disabled state [ 310.757015][ T7313] device bridge_slave_1 entered promiscuous mode [ 310.799870][ T7332] overlayfs: failed to resolve './file1': -2 [ 310.940119][ T7344] loop0: detected capacity change from 0 to 2048 [ 310.947558][ T4390] input: THQ uDraw Game Tablet for PS3 Touchpad as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:20D6:CB17.000B/input/input13 [ 311.024614][ T7344] EXT4-fs (loop0): Mount option "noacl" will be removed by 3.5 [ 311.024614][ T7344] Contact linux-ext4@vger.kernel.org if you think we should keep it. [ 311.024614][ T7344] [ 311.050102][ T7344] EXT4-fs (loop0): Mount option "nouser_xattr" will be removed by 3.5 [ 311.050102][ T7344] Contact linux-ext4@vger.kernel.org if you think we should keep it. [ 311.050102][ T7344] [ 311.116852][ T4390] input: THQ uDraw Game Tablet for PS3 Pen as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:20D6:CB17.000B/input/input14 [ 311.158506][ T7313] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 311.176855][ T4390] input: THQ uDraw Game Tablet for PS3 Accelerometer as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:20D6:CB17.000B/input/input15 [ 311.186049][ T7344] EXT4-fs (loop0): mounted filesystem without journal. Opts: errors=remount-ro,noacl,nouser_xattr,minixdf,. Quota mode: none. [ 311.212726][ T4390] hid-udraw 0003:20D6:CB17.000B: hidraw0: USB HID v0.00 Device [HID 20d6:cb17] on usb-dummy_hcd.0-1/input0 [ 311.291405][ T7313] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 311.319772][ T4390] Bluetooth: hci2: command 0x0409 tx timeout [ 311.368451][ T4390] usb 1-1: USB disconnect, device number 12 [ 311.374778][ T7351] loop1: detected capacity change from 0 to 1024 [ 311.406753][ T7351] EXT4-fs (loop1): Test dummy encryption mode enabled [ 311.420774][ T7351] EXT4-fs (loop1): Ignoring removed orlov option [ 311.428003][ T7357] xt_HMARK: proto mask must be zero with L3 mode [ 311.471190][ T7351] EXT4-fs (loop1): mounted filesystem without journal. Opts: test_dummy_encryption,debug_want_extra_isize=0x0000000000000084,stripe=0x0000000000000007,commit=0x0000000000000005,orlov,barrier=0x0000000000000005,max_batch_time=0x0000000000000000,data_err=abort,,errors=continue. Quota mode: writeback. [ 311.548365][ T7352] tipc: MTU too low for tipc bearer [ 311.562902][ T7313] team0: Port device team_slave_0 added [ 311.582244][ T7313] team0: Port device team_slave_1 added [ 312.629095][ T7372] loop1: detected capacity change from 0 to 1024 [ 312.650864][ T7313] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 312.657820][ T7313] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 312.688599][ T7313] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 312.728459][ T7372] EXT4-fs (loop1): Ignoring removed nomblk_io_submit option [ 312.742590][ T7372] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 312.805618][ T7372] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003] [ 312.819995][ T7372] System zones: 0-1, 3-36 [ 312.824963][ T7313] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 312.833007][ T7313] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 312.860435][ T7313] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 312.887338][ T7372] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpquota,delalloc,resuid=0x0000000000000000,debug,dioread_nolock,bsddf,nomblk_io_submit,noauto_da_alloc,,errors=continue. Quota mode: writeback. [ 313.062717][ T7385] loop3: detected capacity change from 0 to 512 [ 313.402742][ T4519] Bluetooth: hci2: command 0x041b tx timeout [ 314.197461][ T7385] EXT4-fs (loop3): orphan cleanup on readonly fs [ 314.233382][ T7385] Quota error (device loop3): dq_insert_tree: Quota tree root isn't allocated! [ 314.277863][ T7385] Quota error (device loop3): qtree_write_dquot: Error -5 occurred while creating quota [ 314.301704][ T7385] EXT4-fs error (device loop3): ext4_acquire_dquot:6196: comm syz.3.831: Failed to acquire dquot type 0 [ 314.328633][ T7385] Quota error (device loop3): dq_insert_tree: Quota tree root isn't allocated! [ 314.342067][ T7385] Quota error (device loop3): qtree_write_dquot: Error -5 occurred while creating quota [ 314.352332][ T7385] EXT4-fs error (device loop3): ext4_acquire_dquot:6196: comm syz.3.831: Failed to acquire dquot type 0 [ 314.391115][ T7395] loop0: detected capacity change from 0 to 64 [ 314.399464][ T7385] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz.3.831: bg 0: block 64: padding at end of block bitmap is not set [ 314.427671][ T7385] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6185: Corrupt filesystem [ 314.448585][ T7385] Quota error (device loop3): dq_insert_tree: Quota tree root isn't allocated! [ 314.451321][ T7313] device hsr_slave_0 entered promiscuous mode [ 314.461541][ T7385] Quota error (device loop3): qtree_write_dquot: Error -5 occurred while creating quota [ 314.474446][ T7385] EXT4-fs error (device loop3): ext4_acquire_dquot:6196: comm syz.3.831: Failed to acquire dquot type 0 [ 314.475115][ T7313] device hsr_slave_1 entered promiscuous mode [ 314.498637][ T7385] EXT4-fs (loop3): 1 orphan inode deleted [ 314.514273][ T7395] hfs: get root inode failed [ 314.522421][ T7385] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 314.827844][ T7409] netlink: 12 bytes leftover after parsing attributes in process `syz.3.837'. [ 314.844359][ T7409] netlink: 'syz.3.837': attribute type 25 has an invalid length. [ 314.866388][ T7409] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 314.875948][ T7409] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 314.884687][ T7409] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 314.893381][ T7409] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 315.043974][ T3607] device hsr_slave_0 left promiscuous mode [ 315.056190][ T3607] device hsr_slave_1 left promiscuous mode [ 315.068224][ T3607] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 315.082093][ T3607] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 315.097848][ T3607] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 315.109404][ T3607] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 315.122820][ T3607] device bridge_slave_1 left promiscuous mode [ 315.136110][ T3607] bridge0: port 2(bridge_slave_1) entered disabled state [ 315.168645][ T3607] device bridge_slave_0 left promiscuous mode [ 315.176029][ T3607] bridge0: port 1(bridge_slave_0) entered disabled state [ 315.195529][ T3607] device veth1_macvtap left promiscuous mode [ 315.204259][ T26] audit: type=1326 audit(1725547945.988:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7410 comm="syz.0.838" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fc4cc095ef9 code=0x0 [ 315.227052][ T3607] device veth0_macvtap left promiscuous mode [ 315.243169][ T3607] device veth1_vlan left promiscuous mode [ 315.249492][ T3607] device veth0_vlan left promiscuous mode [ 315.258406][ T7412] netlink: 140 bytes leftover after parsing attributes in process `syz.0.838'. [ 315.625912][ T3607] team0 (unregistering): Port device team_slave_1 removed [ 315.667783][ T3607] team0 (unregistering): Port device team_slave_0 removed [ 315.701928][ T3607] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 315.721754][ T7417] tmpfs: Bad value for 'mpol' [ 315.746973][ T3607] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 315.766009][ T7408] kexec: Could not allocate control_code_buffer [ 315.964897][ T3607] bond0 (unregistering): Released all slaves [ 316.126189][ T7426] loop0: detected capacity change from 0 to 1764 [ 316.350366][ T3613] Bluetooth: hci2: command 0x040f tx timeout [ 316.614938][ T7313] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 316.645885][ T7313] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 316.736846][ T7313] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 316.795058][ T7313] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 317.002150][ T1389] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.089508][ T7445] loop1: detected capacity change from 0 to 256 [ 317.096013][ T13] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 317.175866][ T7445] exFAT-fs (loop1): failed to load upcase table (idx : 0x00011a37, chksum : 0xd675b107, utbl_chksum : 0xe619d30d) [ 317.192199][ T7313] 8021q: adding VLAN 0 to HW filter on device bond0 [ 317.228706][ T4267] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 317.278967][ T4267] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 317.290469][ T7313] 8021q: adding VLAN 0 to HW filter on device team0 [ 317.338779][ T4585] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 317.361004][ T4585] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 317.373445][ T4585] bridge0: port 1(bridge_slave_0) entered blocking state [ 317.380553][ T4585] bridge0: port 1(bridge_slave_0) entered forwarding state [ 317.418879][ T4585] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 317.439343][ T4585] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 317.483561][ T4585] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 317.510320][ T13] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 317.527548][ T4585] bridge0: port 2(bridge_slave_1) entered blocking state [ 317.534701][ T4585] bridge0: port 2(bridge_slave_1) entered forwarding state [ 317.542684][ T13] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 317.553915][ T13] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 317.563642][ T4585] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 317.571819][ T13] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 317.581631][ T4585] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 317.615253][ T4585] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 317.631541][ T4585] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 317.640662][ T7434] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 317.966332][ T4585] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 318.233594][ T4585] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 318.324616][ T4585] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 318.430251][ T3609] Bluetooth: hci2: command 0x0419 tx timeout [ 318.440624][ T4585] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 318.449264][ T4585] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 318.460129][ T13] usb 5-1: USB disconnect, device number 10 [ 318.542315][ T3688] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 318.561096][ T3688] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 318.623109][ T7313] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 319.968111][ T26] audit: type=1326 audit(1725547950.748:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7470 comm="syz.3.858" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff57697def9 code=0x0 [ 320.029919][ T3613] Bluetooth: hci0: command 0x0409 tx timeout [ 320.065063][ T7449] chnl_net:caif_netlink_parms(): no params data found [ 320.076058][ T7485] dccp_close: ABORT with 1 bytes unread [ 320.156783][ T4267] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 320.170129][ T4267] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 320.207284][ T7313] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 320.361345][ T7449] bridge0: port 1(bridge_slave_0) entered blocking state [ 320.406353][ T7449] bridge0: port 1(bridge_slave_0) entered disabled state [ 320.666210][ T7449] device bridge_slave_0 entered promiscuous mode [ 321.656946][ T4267] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 321.698893][ T4267] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 321.723593][ T7313] device veth0_vlan entered promiscuous mode [ 321.735651][ T4267] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 321.785075][ T4267] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 321.800792][ T7449] bridge0: port 2(bridge_slave_1) entered blocking state [ 321.824922][ T7449] bridge0: port 2(bridge_slave_1) entered disabled state [ 321.856348][ T7449] device bridge_slave_1 entered promiscuous mode [ 321.896483][ T7313] device veth1_vlan entered promiscuous mode [ 321.927324][ T4267] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 321.940483][ T4267] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 321.970772][ T4267] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 322.133333][ T3613] Bluetooth: hci0: command 0x041b tx timeout [ 322.144243][ T7449] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 322.175812][ T4267] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 322.225187][ T4267] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 322.244034][ T4267] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 322.273596][ T7449] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 322.335512][ T7313] device veth0_macvtap entered promiscuous mode [ 322.392429][ T7313] device veth1_macvtap entered promiscuous mode [ 322.425423][ T7449] team0: Port device team_slave_0 added [ 322.486566][ T7449] team0: Port device team_slave_1 added [ 322.521199][ T7313] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 322.544882][ T7313] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 322.544907][ T7313] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 322.544929][ T7313] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 322.544948][ T7313] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 322.544960][ T7313] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 322.544979][ T7313] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 322.544990][ T7313] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 322.545009][ T7313] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 322.545020][ T7313] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 322.567589][ T7313] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 322.658555][ T3711] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 322.659185][ T3711] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 322.669172][ T3711] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 322.669993][ T3711] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 322.684088][ T7313] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 322.684108][ T7313] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 322.684119][ T7313] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 322.684132][ T7313] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 322.684142][ T7313] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 322.684153][ T7313] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 322.684163][ T7313] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 322.684175][ T7313] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 322.684185][ T7313] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 322.684197][ T7313] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 322.685292][ T7313] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 322.687731][ T7313] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 322.687763][ T7313] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 322.687790][ T7313] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 322.687815][ T7313] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 322.690573][ T3711] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 322.691149][ T3711] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 322.692250][ T7449] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 322.692262][ T7449] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 322.692284][ T7449] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 322.696500][ T7449] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 322.696514][ T7449] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 322.696534][ T7449] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 322.882658][ T7449] device hsr_slave_0 entered promiscuous mode [ 322.883348][ T7449] device hsr_slave_1 entered promiscuous mode [ 322.883788][ T7449] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 322.883810][ T7449] Cannot create hsr debugfs directory [ 323.700142][ T6894] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 323.700212][ T6894] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 323.776995][ T3711] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 323.877501][ T3711] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 323.877571][ T3711] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 323.936836][ T7449] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 324.065819][ T3711] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 324.087339][ T7524] block nbd4: shutting down sockets [ 324.190029][ T4519] Bluetooth: hci0: command 0x040f tx timeout [ 324.240206][ T7449] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 324.866335][ T7449] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 325.015075][ C0] eth0: bad gso: type: 1, size: 1408 [ 325.046985][ T7449] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 326.090224][ T7558] loop1: detected capacity change from 0 to 512 [ 326.215517][ T7449] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 326.239001][ T7558] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpquota,nobarrier,noauto_da_alloc,,errors=continue. Quota mode: writeback. [ 326.254222][ T7558] ext4 filesystem being mounted at /42/bus supports timestamps until 2038 (0x7fffffff) [ 326.264122][ T7449] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 326.269830][ T5062] Bluetooth: hci0: command 0x0419 tx timeout [ 326.310782][ T7449] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 326.323870][ T7565] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.878'. [ 326.370221][ T7449] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 326.469808][ T3609] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 326.798843][ T7449] 8021q: adding VLAN 0 to HW filter on device bond0 [ 326.840106][ T3609] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 326.866707][ T3609] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 326.892780][ T3609] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 326.914000][ T3609] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 255 [ 326.963034][ T3609] usb 3-1: New USB device found, idVendor=044f, idProduct=b653, bcdDevice= 0.00 [ 326.986692][ T3609] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 327.018836][ T3609] usb 3-1: config 0 descriptor?? [ 327.238514][ T7616] xt_time: unknown flags 0xc [ 327.592294][ T3609] thrustmaster 0003:044F:B653.000C: unbalanced delimiter at end of report description [ 327.752864][ T3609] thrustmaster 0003:044F:B653.000C: parse failed [ 327.829375][ T3609] thrustmaster: probe of 0003:044F:B653.000C failed with error -22 [ 327.892547][ T3609] usb 3-1: USB disconnect, device number 11 [ 327.920839][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 327.971674][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 328.013652][ T7449] 8021q: adding VLAN 0 to HW filter on device team0 [ 328.148749][ T6894] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 328.247432][ T6894] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 329.026518][ T6894] bridge0: port 1(bridge_slave_0) entered blocking state [ 329.033665][ T6894] bridge0: port 1(bridge_slave_0) entered forwarding state [ 329.097922][ T6894] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 329.171113][ T6894] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 329.200701][ T6894] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 329.239606][ T6894] bridge0: port 2(bridge_slave_1) entered blocking state [ 329.246745][ T6894] bridge0: port 2(bridge_slave_1) entered forwarding state [ 329.295550][ T6894] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 329.438527][ T3607] device hsr_slave_0 left promiscuous mode [ 329.475188][ T3607] device hsr_slave_1 left promiscuous mode [ 329.487472][ T3607] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 329.517652][ T3607] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 329.536269][ T3607] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 329.554096][ T3607] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 329.570494][ T3607] device bridge_slave_1 left promiscuous mode [ 329.593831][ T3607] bridge0: port 2(bridge_slave_1) entered disabled state [ 329.620920][ T3607] device bridge_slave_0 left promiscuous mode [ 329.632037][ T3607] bridge0: port 1(bridge_slave_0) entered disabled state [ 329.662821][ T3607] device veth1_macvtap left promiscuous mode [ 329.677294][ T3607] device veth0_macvtap left promiscuous mode [ 329.691260][ T3607] device veth1_vlan left promiscuous mode [ 329.704116][ T3607] device veth0_vlan left promiscuous mode [ 329.778238][ T7634] loop2: detected capacity change from 0 to 32768 [ 329.939236][ T7634] XFS (loop2): Mounting V5 Filesystem [ 330.089954][ T7634] XFS (loop2): Ending clean mount [ 330.097235][ T7634] XFS (loop2): Quotacheck needed: Please wait. [ 330.232676][ T7634] XFS (loop2): Quotacheck: Done. [ 330.243965][ T3607] team0 (unregistering): Port device team_slave_1 removed [ 330.306295][ T3607] team0 (unregistering): Port device team_slave_0 removed [ 330.327084][ T3607] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 330.327510][ T26] audit: type=1800 audit(1725547961.108:67): pid=7634 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.891" name="bus" dev="loop2" ino=9292 res=0 errno=0 [ 330.367766][ T3607] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 330.644192][ T3607] bond0 (unregistering): Released all slaves [ 330.749781][ T6894] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 330.771335][ T6894] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 330.810773][ T6894] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 330.826900][ T7313] XFS (loop2): Unmounting Filesystem [ 330.840324][ T6894] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 330.859216][ T6894] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 330.911700][ T6894] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 330.942653][ T6894] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 330.999292][ T6894] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 331.009996][ T7658] netlink: 'syz.4.896': attribute type 10 has an invalid length. [ 331.017726][ T7658] netlink: 40 bytes leftover after parsing attributes in process `syz.4.896'. [ 331.045854][ T7658] bridge0: port 3(dummy0) entered blocking state [ 331.079906][ T7658] bridge0: port 3(dummy0) entered disabled state [ 331.087847][ T7658] device dummy0 entered promiscuous mode [ 331.098358][ T7658] bridge0: port 3(dummy0) entered blocking state [ 331.105481][ T7658] bridge0: port 3(dummy0) entered forwarding state [ 331.132781][ T4585] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 331.151534][ T4585] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 331.186593][ T7449] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 331.302656][ T26] audit: type=1326 audit(1725547962.088:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7677 comm="syz.3.901" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff57697def9 code=0x0 [ 331.358081][ T7681] loop3: detected capacity change from 0 to 512 [ 331.474393][ T7684] loop2: detected capacity change from 0 to 512 [ 331.485673][ T7681] EXT4-fs (loop3): quotafile must be on filesystem root [ 331.599266][ T7449] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 331.618767][ T7684] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 331.661862][ T4585] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 331.670433][ T4585] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 331.693874][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 331.710797][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 331.724142][ T7684] EXT4-fs warning (device loop2): ext4_update_dynamic_rev:1061: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 331.770914][ T7684] EXT4-fs (loop2): 1 truncate cleaned up [ 331.776574][ T7684] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 331.801905][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 331.841277][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 331.878892][ T7449] device veth0_vlan entered promiscuous mode [ 331.918641][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 331.940726][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 331.975319][ T7690] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 331.983393][ T7449] device veth1_vlan entered promiscuous mode [ 332.060208][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 332.082168][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 332.136119][ T7449] device veth0_macvtap entered promiscuous mode [ 332.183093][ T7449] device veth1_macvtap entered promiscuous mode [ 332.258898][ T7449] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 332.299849][ T7449] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 332.329832][ T7449] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 332.367910][ T7449] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 332.378193][ T7449] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 332.389221][ T7449] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 332.400495][ T7449] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 332.411306][ T7449] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 332.421537][ T7449] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 332.432457][ T7449] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 332.465220][ T7449] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 332.478165][ T4585] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 332.530001][ T4585] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 332.552216][ T4585] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 332.562533][ T4585] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 332.576698][ T7702] loop2: detected capacity change from 0 to 128 [ 332.586068][ T7449] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 332.601449][ T7449] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 332.612203][ T7449] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 332.623103][ T7449] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 332.633404][ T7449] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 332.644272][ T7449] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 332.654643][ T7449] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 332.675336][ T7449] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 332.685891][ T7449] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 332.706764][ T7449] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 332.725912][ T7449] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 332.740094][ T6894] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 332.759231][ T6894] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 332.787102][ T7449] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 332.811326][ T7449] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 332.820328][ T13] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 332.835512][ T7449] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 332.853291][ T7449] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 332.941632][ T7702] loop2: detected capacity change from 0 to 4096 [ 332.996914][ T6894] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 333.009550][ T6894] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 333.048051][ T3711] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 333.061408][ T3711] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 333.077340][ T7702] ntfs3: loop2: Different NTFS' sector size (2048) and media sector size (512) [ 333.116623][ T7702] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 333.156565][ T3711] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 333.199510][ T3688] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 333.318883][ T144] ntfs3: loop2: ntfs3_write_inode r=5 failed, -22. [ 333.349956][ T7702] Cannot find add_set index 0 as target [ 333.399936][ T13] usb 4-1: New USB device found, idVendor=046d, idProduct=0896, bcdDevice=36.1c [ 333.429162][ T7706] loop1: detected capacity change from 0 to 1024 [ 333.430003][ T13] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 333.460127][ T7710] loop0: detected capacity change from 0 to 1024 [ 333.477267][ T13] usb 4-1: Product: syz [ 333.487430][ T13] usb 4-1: Manufacturer: syz [ 333.499848][ T13] usb 4-1: SerialNumber: syz [ 333.518083][ T13] usb 4-1: config 0 descriptor?? [ 333.572703][ T6894] ntfs3: loop2: ntfs3_write_inode r=5 failed, -22. [ 333.598353][ T13] gspca_main: vc032x-2.14.0 probing 046d:0896 [ 333.612627][ T7710] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 333.625718][ T7313] ntfs3: loop2: ntfs_evict_inode r=5 failed, -22. [ 333.641482][ T7710] ext4 filesystem being mounted at /0/file1 supports timestamps until 2038 (0x7fffffff) [ 334.385781][ T13] gspca_vc032x: reg_r err -110 [ 334.390681][ T13] vc032x: probe of 4-1:0.0 failed with error -110 [ 334.413455][ T13] usb 4-1: USB disconnect, device number 9 [ 336.193645][ T7747] netlink: 4 bytes leftover after parsing attributes in process `syz.4.918'. [ 338.342318][ T4391] Bluetooth: hci2: command 0x0409 tx timeout [ 338.649940][ T7767] netlink: 16 bytes leftover after parsing attributes in process `syz.4.922'. [ 338.709931][ T7767] netlink: 24 bytes leftover after parsing attributes in process `syz.4.922'. [ 338.729983][ T7767] (unnamed net_device) (uninitialized): Removing last arp target with arp_interval on [ 338.761397][ T4390] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 338.940272][ T7767] 8021q: adding VLAN 0 to HW filter on device bond1 [ 339.102385][ T7739] chnl_net:caif_netlink_parms(): no params data found [ 339.232855][ T4390] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 339.259532][ T4390] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 339.279934][ T4390] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 339.298131][ T4390] usb 1-1: New USB device found, idVendor=046d, idProduct=c293, bcdDevice= 0.00 [ 339.307981][ T4390] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 339.323489][ T4390] usb 1-1: config 0 descriptor?? [ 339.347680][ T3711] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 339.532907][ T3711] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 339.791376][ T3711] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 339.843031][ T7739] bridge0: port 1(bridge_slave_0) entered blocking state [ 339.852175][ T4390] logitech 0003:046D:C293.000D: item fetching failed at offset 5/7 [ 339.867868][ T7739] bridge0: port 1(bridge_slave_0) entered disabled state [ 339.887118][ T4390] logitech 0003:046D:C293.000D: parse failed [ 339.926196][ T7739] device bridge_slave_0 entered promiscuous mode [ 339.938200][ T4390] logitech: probe of 0003:046D:C293.000D failed with error -22 [ 340.004784][ T3711] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 340.028408][ T7739] bridge0: port 2(bridge_slave_1) entered blocking state [ 340.043374][ T7739] bridge0: port 2(bridge_slave_1) entered disabled state [ 340.070376][ T7739] device bridge_slave_1 entered promiscuous mode [ 340.139667][ T1292] usb 1-1: USB disconnect, device number 13 [ 340.188165][ T4519] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 340.212526][ T7739] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 340.231137][ T7739] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 340.272165][ T7739] team0: Port device team_slave_0 added [ 340.280767][ T7739] team0: Port device team_slave_1 added [ 340.306583][ T7739] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 340.313951][ T7739] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 340.349452][ T7739] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 340.379411][ T1292] Bluetooth: hci2: command 0x041b tx timeout [ 340.407496][ T7798] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 340.436537][ T7739] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 340.443686][ T7739] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 340.470879][ T7739] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 340.562557][ T7739] device hsr_slave_0 entered promiscuous mode [ 340.569540][ T7739] device hsr_slave_1 entered promiscuous mode [ 340.570021][ T4519] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 340.588280][ T4519] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 340.589871][ T7739] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 340.598707][ T4519] usb 5-1: New USB device found, idVendor=1b1c, idProduct=1b02, bcdDevice= 0.00 [ 340.618794][ T7739] Cannot create hsr debugfs directory [ 340.628053][ T4519] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 340.636350][ T5062] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 340.648127][ T4519] usb 5-1: config 0 descriptor?? [ 340.879783][ T5062] usb 2-1: Using ep0 maxpacket: 32 [ 341.000146][ T5062] usb 2-1: config 0 has no interfaces? [ 341.132832][ T4519] corsair 0003:1B1C:1B02.000E: unknown main item tag 0x0 [ 341.159899][ T5062] usb 2-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c [ 341.173033][ T5062] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 341.181607][ T4519] corsair 0003:1B1C:1B02.000E: hidraw0: USB HID v0.00 Device [HID 1b1c:1b02] on usb-dummy_hcd.4-1/input0 [ 341.198405][ T5062] usb 2-1: Product: syz [ 341.212075][ T5062] usb 2-1: Manufacturer: syz [ 341.230802][ T5062] usb 2-1: SerialNumber: syz [ 341.243454][ T5062] usb 2-1: config 0 descriptor?? [ 341.287934][ T7819] vivid-002: disconnect [ 341.301026][ T7817] vivid-002: reconnect [ 341.331221][ T7791] netlink: 36 bytes leftover after parsing attributes in process `syz.4.931'. [ 341.344086][ T7791] tipc: Can't bind to reserved service type 1 [ 341.359906][ T4519] corsair 0003:1B1C:1B02.000E: Failed to get K90 initial state (error -71). [ 341.422676][ T4519] usb 5-1: USB disconnect, device number 11 [ 341.456584][ T3711] device hsr_slave_0 left promiscuous mode [ 341.467303][ T3711] device hsr_slave_1 left promiscuous mode [ 341.488673][ T3711] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 341.503810][ T3711] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 341.520156][ T3711] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 341.527739][ T3711] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 341.536281][ T3711] device bridge_slave_1 left promiscuous mode [ 341.542912][ T3711] bridge0: port 2(bridge_slave_1) entered disabled state [ 341.556951][ T3711] device bridge_slave_0 left promiscuous mode [ 341.566743][ T3711] bridge0: port 1(bridge_slave_0) entered disabled state [ 341.585730][ T3711] device veth1_macvtap left promiscuous mode [ 341.598035][ T3711] device veth0_macvtap left promiscuous mode [ 341.604646][ T3711] device veth1_vlan left promiscuous mode [ 341.614925][ T3711] device veth0_vlan left promiscuous mode [ 341.647020][ T4390] usb 2-1: USB disconnect, device number 8 [ 341.948775][ T7836] syz.3.942 sent an empty control message without MSG_MORE. [ 342.920885][ T4391] Bluetooth: hci2: command 0x040f tx timeout [ 343.049147][ T3711] team0 (unregistering): Port device team_slave_1 removed [ 343.088824][ T3711] team0 (unregistering): Port device team_slave_0 removed [ 343.125087][ T3711] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 343.138905][ T7853] loop0: detected capacity change from 0 to 1024 [ 343.165978][ T3711] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 343.184942][ T7853] EXT4-fs (loop0): Ignoring removed orlov option [ 343.229871][ T7853] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 343.286455][ T7853] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 343.352201][ T26] audit: type=1804 audit(1725548999.134:69): pid=7853 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.947" name="/newroot/9/file1/file1" dev="loop0" ino=15 res=1 errno=0 [ 343.383441][ T3711] bond0 (unregistering): Released all slaves [ 343.513978][ T7739] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 343.536319][ T7739] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 343.577575][ T7739] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 343.609448][ T7739] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 343.628843][ T7861] loop1: detected capacity change from 0 to 64 [ 343.805671][ T7739] 8021q: adding VLAN 0 to HW filter on device bond0 [ 344.730747][ T4072] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 344.754279][ T4072] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 344.815035][ T7739] 8021q: adding VLAN 0 to HW filter on device team0 [ 344.879109][ T4585] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 344.899142][ T4585] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 344.927596][ T4585] bridge0: port 1(bridge_slave_0) entered blocking state [ 344.934718][ T4585] bridge0: port 1(bridge_slave_0) entered forwarding state [ 344.964508][ T4585] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 344.973377][ T4585] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 344.985336][ T4585] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 344.994320][ T4585] bridge0: port 2(bridge_slave_1) entered blocking state [ 345.001490][ T4585] bridge0: port 2(bridge_slave_1) entered forwarding state [ 345.085696][ T4391] Bluetooth: hci2: command 0x0419 tx timeout [ 345.126438][ T4585] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 345.601018][ T3607] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 345.637210][ T3607] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 345.646435][ T7871] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 345.664009][ T3607] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 345.710946][ T7871] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 345.745003][ T3607] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 345.811848][ T3607] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 345.820011][ T7888] loop0: detected capacity change from 0 to 256 [ 345.830729][ T3607] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 345.851703][ T3607] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 345.863743][ T3607] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 345.886683][ T7888] FAT-fs (loop0): Unrecognized mount option "B1q鞳+d'#.Ԓͯ?o\ [ 345.886683][ T7888] 18446744073709551615" or missing value [ 345.924085][ T7739] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 345.945681][ T7739] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 345.962544][ T3607] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 345.990581][ T3607] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 346.175082][ T7899] blk_update_request: I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 346.187115][ T7899] F2FS-fs (loop1): Unable to read 1th superblock [ 346.193803][ T7899] blk_update_request: I/O error, dev loop1, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 346.204763][ T7899] F2FS-fs (loop1): Unable to read 2th superblock [ 346.217343][ T7899] loop1: detected capacity change from 0 to 64 [ 346.346756][ T385] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 346.379980][ T385] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 346.427140][ T7739] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 346.441569][ T7899] hfs: unable to load iocharset "macromania]n" [ 346.447876][ T7899] hfs: unable to parse mount options [ 346.524072][ T385] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 346.573532][ T385] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 346.584333][ T7899] loop1: detected capacity change from 0 to 2048 [ 346.674637][ T7899] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 346.680494][ T385] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 346.730404][ T385] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 346.739681][ T7739] device veth0_vlan entered promiscuous mode [ 346.763923][ T385] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 346.825365][ T7905] XFS (nullb0): Invalid superblock magic number [ 346.836120][ T385] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 346.902911][ T7739] device veth1_vlan entered promiscuous mode [ 346.977554][ T4250] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 347.003893][ T4250] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 347.021766][ T7739] device veth0_macvtap entered promiscuous mode [ 347.032995][ T7739] device veth1_macvtap entered promiscuous mode [ 347.062486][ T4519] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 347.073050][ T7919] netlink: 12 bytes leftover after parsing attributes in process `syz.4.964'. [ 347.136742][ T7739] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 347.172701][ T7739] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 347.196978][ T7739] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 347.223242][ T7892] loop3: detected capacity change from 0 to 40427 [ 347.224238][ T7739] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 347.249898][ T7739] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 347.267130][ T7739] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 347.280775][ T7892] F2FS-fs (loop3): Invalid Fs Meta Ino: node(0) meta(2) root(0) [ 347.288431][ T7892] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 347.295787][ T7739] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 347.314578][ T7892] F2FS-fs (loop3): invalid crc value [ 347.321668][ T7739] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 347.329809][ T4519] usb 2-1: Using ep0 maxpacket: 16 [ 347.336936][ T7739] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 347.357312][ T7892] F2FS-fs (loop3): Found nat_bits in checkpoint [ 347.366481][ T7739] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 347.399501][ T7739] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 347.419939][ T3688] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 347.440843][ T3688] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 347.450157][ T4519] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 347.457357][ T7892] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 347.469940][ T4519] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 347.473835][ T3688] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 347.493781][ T7892] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4 [ 347.494092][ T4519] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 347.506449][ T3688] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 347.654135][ T7739] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 347.665213][ T7739] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 347.675128][ T7739] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 347.685625][ T4519] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 347.695349][ T4519] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 347.708266][ T7739] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 348.405776][ T7739] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 348.454759][ T7739] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 348.471753][ T7739] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 348.487769][ T7739] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 348.499575][ T4519] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 348.515642][ T7739] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 348.546831][ T4519] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 348.574158][ T7739] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 348.590039][ T4519] usb 2-1: Manufacturer: syz [ 348.623170][ T4519] usb 2-1: config 0 descriptor?? [ 348.764744][ T7739] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 348.778802][ T6630] handle_bad_sector: 1929 callbacks suppressed [ 348.778828][ T6630] attempt to access beyond end of device [ 348.778828][ T6630] loop3: rw=2049, want=45104, limit=40427 [ 349.161885][ T4072] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 349.177381][ T4072] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 349.327521][ T4519] rc_core: IR keymap rc-hauppauge not found [ 349.336186][ T7739] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 349.345942][ T4519] Registered IR keymap rc-empty [ 349.350954][ T4519] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 349.363392][ T7739] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 349.379810][ T4519] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 349.397797][ T7739] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 349.410734][ T4519] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0 [ 349.435955][ T7739] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 349.439595][ T4519] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input16 [ 349.507321][ T4519] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 349.539891][ T4519] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 349.572010][ T4519] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 349.674388][ T4519] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 349.817138][ T4072] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 349.859035][ T4072] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 349.918092][ T385] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 349.960263][ T144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 349.981770][ T144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 350.085339][ T4519] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 350.104988][ T385] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 350.119841][ T4519] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 350.149841][ T4519] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 350.179891][ T4519] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 350.209807][ T4519] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 350.260459][ T4519] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 350.291903][ T4519] mceusb 2-1:0.0: Registered with mce emulator interface version 1 [ 350.302973][ T7970] Context (ID=0x0) not attached to queue pair (handle=0x4d6:0x0) [ 350.314316][ T4519] mceusb 2-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 350.384605][ T7972] Cannot find set identified by id 0 to match [ 350.644920][ T3609] usb 2-1: USB disconnect, device number 9 [ 350.693884][ T7977] A link change request failed with some changes committed already. Interface macvlan0 may have been left with an inconsistent configuration, please check. [ 350.743763][ T7981] loop1: detected capacity change from 0 to 128 [ 350.802497][ T7981] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 350.819512][ T7981] ext4 filesystem being mounted at /63/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff) [ 351.662466][ T7992] EXT4-fs warning (device loop1): dx_probe:893: inode #2: comm syz.1.979: dx entry: limit 62 != root limit 105 [ 351.703344][ T7992] EXT4-fs warning (device loop1): dx_probe:966: inode #2: comm syz.1.979: Corrupt directory, running e2fsck is recommended [ 351.763916][ T7988] device syzkaller0 entered promiscuous mode [ 351.858313][ T7998] loop0: detected capacity change from 0 to 16 [ 351.870795][ T6725] EXT4-fs warning (device loop1): dx_probe:893: inode #2: comm syz-executor: dx entry: limit 62 != root limit 105 [ 351.897309][ T6725] EXT4-fs warning (device loop1): dx_probe:966: inode #2: comm syz-executor: Corrupt directory, running e2fsck is recommended [ 352.075341][ T6725] EXT4-fs error (device loop1): ext4_readdir:260: inode #2: block 4: comm syz-executor: path (unknown): bad entry in directory: rec_len % 4 != 0 - offset=12, inode=4227584, rec_len=65535, size=1024 fake=0 [ 352.138264][ T7998] erofs: (device loop0): mounted with root inode @ nid 36. [ 352.498532][ T3610] usb 5-1: new low-speed USB device number 12 using dummy_hcd [ 352.880263][ T8005] erofs: (device loop0): z_erofs_readahead: readahead error at page 22 @ nid 36 [ 352.889812][ T8005] erofs: (device loop0): z_erofs_readahead: readahead error at page 21 @ nid 36 [ 352.898842][ T8005] erofs: (device loop0): z_erofs_readahead: readahead error at page 20 @ nid 36 [ 352.908127][ T8005] erofs: (device loop0): z_erofs_readahead: readahead error at page 16 @ nid 36 [ 352.917331][ T8005] erofs: (device loop0): z_erofs_map_blocks_iter: unknown type 3 @ offset 45055 of nid 36 [ 352.927257][ T8005] erofs: (device loop0): z_erofs_readahead: readahead error at page 10 @ nid 36 [ 352.936508][ T8005] attempt to access beyond end of device [ 352.936508][ T8005] loop0: rw=524288, want=6536, limit=16 [ 352.947633][ T8005] attempt to access beyond end of device [ 352.947633][ T8005] loop0: rw=524288, want=34359736344, limit=16 [ 352.959439][ T8005] attempt to access beyond end of device [ 352.959439][ T8005] loop0: rw=524288, want=736, limit=16 [ 352.970481][ T8005] attempt to access beyond end of device [ 352.970481][ T8005] loop0: rw=524288, want=536576872, limit=16 [ 352.982093][ T8005] attempt to access beyond end of device [ 352.982093][ T8005] loop0: rw=524288, want=24, limit=16 [ 352.993010][ T8005] attempt to access beyond end of device [ 352.993010][ T8005] loop0: rw=524288, want=13478624040, limit=16 [ 353.112401][ T6725] EXT4-fs warning (device loop1): dx_probe:893: inode #2: comm syz-executor: dx entry: limit 62 != root limit 105 [ 353.272366][ T6725] EXT4-fs warning (device loop1): dx_probe:966: inode #2: comm syz-executor: Corrupt directory, running e2fsck is recommended [ 353.401641][ T6725] EXT4-fs error (device loop1): ext4_lookup:1853: inode #2: comm syz-executor: '' linked to parent dir [ 353.798985][ T6725] EXT4-fs warning (device loop1): dx_probe:893: inode #2: comm syz-executor: dx entry: limit 62 != root limit 105 [ 353.915402][ T6725] EXT4-fs warning (device loop1): dx_probe:966: inode #2: comm syz-executor: Corrupt directory, running e2fsck is recommended [ 354.058447][ T6725] EXT4-fs error (device loop1): ext4_lookup:1853: inode #2: comm syz-executor: '' linked to parent dir [ 354.349599][ T8017] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 354.485536][ T8022] loop2: detected capacity change from 0 to 512 [ 354.642065][ T3610] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8 is Bulk; changing to Interrupt [ 354.825219][ T8022] EXT4-fs error (device loop2): ext4_orphan_get:1397: inode #15: comm syz.2.991: casefold flag without casefold feature [ 355.074900][ T8022] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: inode #12: comm syz.2.991: missing EA_INODE flag [ 355.120000][ T3610] usb 5-1: string descriptor 0 read error: -71 [ 355.127409][ T3610] usb 5-1: New USB device found, idVendor=2019, idProduct=4901, bcdDevice=59.33 [ 355.139843][ T8022] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz.2.991: error while reading EA inode 12 err=-117 [ 355.154661][ T8022] EXT4-fs (loop2): 1 orphan inode deleted [ 355.181241][ T8022] EXT4-fs (loop2): mounted filesystem without journal. Opts: noquota,journal_dev=0x0000000000000007,quota,init_itable=0x0000000000000004,errors=continue,errors=continue,data_err=ignore,delalloc,jqfmt=vfsold,norecovery,errors=continue,errors=continue,,errors=continue. Quota mode: writeback. [ 355.213274][ T3610] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 355.276125][ T3610] usb 5-1: config 0 descriptor?? [ 355.276447][ T8022] EXT4-fs error (device loop2): ext4_add_entry:2484: inode #2: comm syz.2.991: Directory hole found for htree leaf block 0 [ 355.326199][ T8033] EXT4-fs error (device loop2): ext4_add_entry:2484: inode #2: comm syz.2.991: Directory hole found for htree leaf block 0 [ 355.329885][ T3610] usb 5-1: can't set config #0, error -71 [ 355.367921][ T26] audit: type=1326 audit(1725549011.144:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8020 comm="syz.2.991" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ffa42bb0ef9 code=0x0 [ 355.381441][ T3610] usb 5-1: USB disconnect, device number 12 [ 355.415854][ T4585] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 355.467335][ T8037] loop0: detected capacity change from 0 to 512 [ 355.481138][ T8033] dccp_close: ABORT with 9144 bytes unread [ 355.559133][ T4585] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 355.575068][ T8037] EXT4-fs (loop0): Ignoring removed bh option [ 355.611074][ T8037] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem [ 355.720607][ T4585] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 355.915005][ T8037] EXT4-fs (loop0): failed to open journal device unknown-block(0,0) -6 [ 356.710829][ T4585] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 356.830777][ T1060] block nbd2: Attempted send on invalid socket [ 356.836971][ T1060] blk_update_request: I/O error, dev nbd2, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 356.850847][ T8058] ADFS-fs (nbd2): error: unable to read block 3, try 0 [ 356.959258][ T8062] loop3: detected capacity change from 0 to 256 [ 357.258518][ T8062] FAT-fs (loop3): Directory bread(block 64) failed [ 357.334042][ T8062] FAT-fs (loop3): Directory bread(block 65) failed [ 357.403468][ T8062] FAT-fs (loop3): Directory bread(block 66) failed [ 357.449330][ T8052] chnl_net:caif_netlink_parms(): no params data found [ 357.473624][ T8062] FAT-fs (loop3): Directory bread(block 67) failed [ 357.480350][ T8062] FAT-fs (loop3): Directory bread(block 68) failed [ 357.487160][ T8062] FAT-fs (loop3): Directory bread(block 69) failed [ 357.493812][ T8062] FAT-fs (loop3): Directory bread(block 70) failed [ 357.500984][ T8062] FAT-fs (loop3): Directory bread(block 71) failed [ 357.509575][ T8062] FAT-fs (loop3): Directory bread(block 72) failed [ 357.516208][ T8062] FAT-fs (loop3): Directory bread(block 73) failed [ 357.813983][ T8052] bridge0: port 1(bridge_slave_0) entered blocking state [ 357.830243][ T8052] bridge0: port 1(bridge_slave_0) entered disabled state [ 357.973882][ T8052] device bridge_slave_0 entered promiscuous mode [ 358.003325][ T8052] bridge0: port 2(bridge_slave_1) entered blocking state [ 358.003816][ T8052] bridge0: port 2(bridge_slave_1) entered disabled state [ 358.139911][ T8052] device bridge_slave_1 entered promiscuous mode [ 358.256988][ T8052] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 358.259466][ T8052] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 358.387747][ T8052] team0: Port device team_slave_0 added [ 358.410217][ T8052] team0: Port device team_slave_1 added [ 358.513163][ T8052] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 358.513179][ T8052] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 358.513200][ T8052] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 358.514792][ T8052] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 358.514804][ T8052] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 358.514823][ T8052] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 358.576249][ T8052] device hsr_slave_0 entered promiscuous mode [ 358.579216][ T8052] device hsr_slave_1 entered promiscuous mode [ 358.745739][ T8066] loop0: detected capacity change from 0 to 32768 [ 358.805492][ T3618] Bluetooth: hci4: command 0x0409 tx timeout [ 358.860341][ T8066] XFS: ikeep mount option is deprecated. [ 358.938656][ T8088] loop2: detected capacity change from 0 to 2048 [ 358.957535][ T8066] XFS (loop0): Mounting V5 Filesystem [ 359.020665][ T8088] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 359.691849][ T8066] XFS (loop0): Ending clean mount [ 359.725185][ T8066] XFS (loop0): Quotacheck needed: Please wait. [ 359.751489][ T8084] loop3: detected capacity change from 0 to 32768 [ 359.818322][ T4585] device hsr_slave_0 left promiscuous mode [ 359.824865][ T4585] device hsr_slave_1 left promiscuous mode [ 359.837961][ T8084] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by syz.3.1008 (8084) [ 359.852853][ T4585] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 359.860737][ T4585] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 359.880518][ T8066] XFS (loop0): Quotacheck: Done. [ 359.892022][ T4585] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 359.907481][ T8084] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 359.916562][ T8084] BTRFS info (device loop3): setting nodatasum [ 359.922807][ T8084] BTRFS info (device loop3): force zlib compression, level 3 [ 359.925305][ T4585] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 359.939870][ T8084] BTRFS info (device loop3): allowing degraded mounts [ 359.946919][ T8084] BTRFS info (device loop3): turning on flush-on-commit [ 359.959760][ T5061] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 359.984749][ T8084] BTRFS info (device loop3): allowing degraded mounts [ 359.992198][ T8066] xfs: Unknown parameter ' Z* m.Dc8'@C9G9?9S{1Jլ5 æԌqqY糔' [ 360.001133][ T8084] BTRFS info (device loop3): using free space tree [ 360.020040][ T4585] device bridge_slave_1 left promiscuous mode [ 360.022019][ T8084] BTRFS info (device loop3): has skinny extents [ 360.026238][ T4585] bridge0: port 2(bridge_slave_1) entered disabled state [ 360.032510][ T13] Bluetooth: hci5: command 0x0406 tx timeout [ 360.113073][ T4585] device bridge_slave_0 left promiscuous mode [ 360.119531][ T4585] bridge0: port 1(bridge_slave_0) entered disabled state [ 360.133290][ T4585] device veth1_macvtap left promiscuous mode [ 360.139392][ T4585] device veth0_macvtap left promiscuous mode [ 360.146801][ T4585] device veth1_vlan left promiscuous mode [ 360.152861][ T4585] device veth0_vlan left promiscuous mode [ 360.178080][ T7449] XFS (loop0): Unmounting Filesystem [ 360.249348][ T8084] BTRFS info (device loop3): enabling ssd optimizations [ 360.325942][ T5061] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 360.345103][ T5061] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 360.372283][ T5061] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 360.381724][ T5061] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 360.395131][ T5061] usb 3-1: config 0 descriptor?? [ 360.840573][ T2988] Bluetooth: hci4: command 0x041b tx timeout [ 360.871666][ T5061] plantronics 0003:047F:FFFF.000F: unknown main item tag 0x0 [ 361.601134][ T5061] plantronics 0003:047F:FFFF.000F: unknown main item tag 0x0 [ 361.609036][ T5061] plantronics 0003:047F:FFFF.000F: No inputs registered, leaving [ 361.625212][ T5061] plantronics 0003:047F:FFFF.000F: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 361.715962][ T4585] team0 (unregistering): Port device team_slave_1 removed [ 361.764024][ T5061] usb 3-1: USB disconnect, device number 12 [ 361.802155][ T4585] team0 (unregistering): Port device team_slave_0 removed [ 362.989661][ T4585] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 363.056857][ T4585] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 363.087377][ T3618] Bluetooth: hci4: command 0x040f tx timeout [ 363.113218][ T8147] loop0: detected capacity change from 0 to 4096 [ 363.236446][ T4585] bond0 (unregistering): Released all slaves [ 363.307776][ T8149] loop2: detected capacity change from 0 to 1764 [ 363.354554][ T8147] ntfs3: loop0: MFT: r=0, expect seq=1 instead of 0! [ 363.368869][ T8147] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 363.385771][ T8147] ntfs3: loop0: Failed to load $MFT. [ 363.636609][ T8163] team0 (unregistering): Port device team_slave_0 removed [ 363.690073][ T8163] team0 (unregistering): Port device team_slave_1 removed [ 363.889828][ T8052] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 364.192455][ T8052] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 364.230194][ T8052] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 364.262439][ T8052] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 364.409653][ T8052] 8021q: adding VLAN 0 to HW filter on device bond0 [ 364.487215][ T8052] 8021q: adding VLAN 0 to HW filter on device team0 [ 364.522998][ T4250] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 364.902330][ T4250] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 364.964532][ T4250] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 365.017287][ T4250] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 365.076502][ T4250] bridge0: port 1(bridge_slave_0) entered blocking state [ 365.083644][ T4250] bridge0: port 1(bridge_slave_0) entered forwarding state [ 365.189573][ T3618] Bluetooth: hci4: command 0x0419 tx timeout [ 365.200671][ T4250] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 365.219006][ T4250] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 365.229649][ T4250] bridge0: port 2(bridge_slave_1) entered blocking state [ 365.236776][ T4250] bridge0: port 2(bridge_slave_1) entered forwarding state [ 365.275517][ T4250] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 365.311982][ T4250] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 365.352446][ T4250] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 365.400641][ T4250] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 365.432696][ T4250] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 365.439260][ T8188] loop0: detected capacity change from 0 to 2048 [ 365.473927][ T4250] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 365.512211][ T4250] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 365.550669][ T4250] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 365.570716][ T8188] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 365.577636][ T8052] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 365.624285][ T8052] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 365.687411][ T4250] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 365.700492][ T4250] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 365.730651][ T4250] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 365.760387][ T4250] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 365.780656][ T4250] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 365.929876][ T3609] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 366.073825][ T3688] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 366.089090][ T3688] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 366.117142][ T8052] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 366.176824][ T3688] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 366.204737][ T3688] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 366.256997][ T3688] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 366.275851][ T3688] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 366.299980][ T3609] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 366.318361][ T8052] device veth0_vlan entered promiscuous mode [ 366.328717][ T3688] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 366.336080][ T8181] loop2: detected capacity change from 0 to 40427 [ 366.343866][ T3609] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 366.396340][ T3688] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 366.419857][ T3609] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 366.423248][ T8052] device veth1_vlan entered promiscuous mode [ 366.428911][ T3609] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 366.459666][ T3609] usb 1-1: config 0 descriptor?? [ 366.485387][ T8181] F2FS-fs (loop2): Found nat_bits in checkpoint [ 366.492719][ T3688] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 366.556752][ T8052] device veth0_macvtap entered promiscuous mode [ 366.580910][ T8052] device veth1_macvtap entered promiscuous mode [ 366.588028][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 366.621976][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 366.636068][ C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 366.657856][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 366.686432][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 366.699826][ T8181] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 366.758133][ T8052] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 366.787436][ T8181] attempt to access beyond end of device [ 366.787436][ T8181] loop2: rw=2049, want=53384, limit=40427 [ 366.818907][ T8052] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 366.849740][ T8052] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 366.880094][ T8052] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 366.946503][ T8052] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 366.971599][ T3609] plantronics 0003:047F:FFFF.0010: unknown main item tag 0x0 [ 366.984420][ T3609] plantronics 0003:047F:FFFF.0010: unknown main item tag 0x0 [ 366.992301][ T3609] plantronics 0003:047F:FFFF.0010: No inputs registered, leaving [ 367.007330][ T8052] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 367.014550][ T3609] plantronics 0003:047F:FFFF.0010: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 367.058920][ T8052] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 367.116728][ T8052] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 367.356932][ T8052] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 367.602637][ T8052] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 367.660401][ T8052] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 367.691995][ T8052] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 367.703031][ T7739] attempt to access beyond end of device [ 367.703031][ T7739] loop2: rw=2049, want=45112, limit=40427 [ 367.714517][ T8052] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 367.779189][ T8052] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 367.806147][ T8052] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 367.826867][ T8052] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 368.085914][ T8052] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 368.310933][ T8052] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 368.533223][ T8052] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 368.551164][ T8052] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 368.595771][ T8052] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 368.610836][ T4073] usb 1-1: USB disconnect, device number 14 [ 368.635385][ T8052] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 368.821488][ T8052] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 368.892805][ T8052] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 368.901609][ T8052] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 368.919320][ T8052] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 368.979446][ T8224] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1034'. [ 369.035365][ T4250] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 369.218233][ T4250] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 369.452740][ T4250] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 369.516097][ T4250] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 369.833696][ T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 369.982319][ T8236] loop2: detected capacity change from 0 to 512 [ 369.994768][ T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 370.126516][ T8236] EXT4-fs (loop2): Unsupported blocksize for fs-verity [ 370.142115][ T6894] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 370.144981][ T4250] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 370.151856][ T6894] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 370.194748][ T4250] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 371.791702][ C0] eth0: bad gso: type: 1, size: 1408 [ 372.871234][ T8276] loop3: detected capacity change from 0 to 2048 [ 372.978511][ T8279] loop1: detected capacity change from 0 to 2048 [ 372.992371][ T8276] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 373.019986][ T2988] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 373.045225][ T26] audit: type=1326 audit(1725549028.824:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8280 comm="syz.4.1049" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c4d4caef9 code=0x7ffc0000 [ 373.105825][ T26] audit: type=1326 audit(1725549028.824:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8280 comm="syz.4.1049" exe="/root/syz-executor" sig=0 arch=c000003e syscall=14 compat=0 ip=0x7f7c4d4caef9 code=0x7ffc0000 [ 373.177768][ T26] audit: type=1326 audit(1725549028.824:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8280 comm="syz.4.1049" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c4d4caef9 code=0x7ffc0000 [ 373.263714][ T26] audit: type=1326 audit(1725549028.824:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8280 comm="syz.4.1049" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f7c4d4caef9 code=0x7ffc0000 [ 373.292386][ T2988] usb 3-1: Using ep0 maxpacket: 32 [ 373.308581][ T26] audit: type=1326 audit(1725549028.824:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8280 comm="syz.4.1049" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c4d4caef9 code=0x7ffc0000 [ 373.336471][ T26] audit: type=1326 audit(1725549028.854:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8280 comm="syz.4.1049" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7c4d4caef9 code=0x7ffc0000 [ 373.372955][ T5654] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 373.380982][ T8279] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 373.381564][ T26] audit: type=1326 audit(1725549028.854:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8280 comm="syz.4.1049" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c4d4caef9 code=0x7ffc0000 [ 373.407988][ T8279] ext4 filesystem being mounted at /1/file0 supports timestamps until 2038 (0x7fffffff) [ 373.414251][ T26] audit: type=1326 audit(1725549028.854:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8280 comm="syz.4.1049" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7c4d4caef9 code=0x7ffc0000 [ 373.446336][ T26] audit: type=1326 audit(1725549028.864:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8280 comm="syz.4.1049" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7c4d4caef9 code=0x7ffc0000 [ 373.470065][ T2988] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 373.475627][ T26] audit: type=1326 audit(1725549028.864:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8280 comm="syz.4.1049" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7c4d4caef9 code=0x7ffc0000 [ 373.710247][ T2988] usb 3-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 373.739783][ T2988] usb 3-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 373.748049][ T2988] usb 3-1: Product: syz [ 373.758883][ T2988] usb 3-1: Manufacturer: syz [ 373.765765][ T2988] usb 3-1: SerialNumber: syz [ 373.766082][ T5654] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 373.781397][ T2988] usb 3-1: config 0 descriptor?? [ 373.809879][ T5654] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 373.810208][ T8269] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 373.830059][ T5654] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 373.839186][ T5654] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 373.868524][ T5654] usb 4-1: config 0 descriptor?? [ 374.006981][ T8300] loop1: detected capacity change from 0 to 8 [ 374.081447][ T8300] squashfs: Unknown parameter '4@;c$Y1kos/D|L2F/ [ 374.081447][ T8300] 5JӴ˼Pą6C3' [ 374.186215][ T8298] loop1: detected capacity change from 0 to 512 [ 374.207475][ T5061] usb 3-1: USB disconnect, device number 13 [ 374.283602][ T8298] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 374.326731][ T8298] ext4 filesystem being mounted at /2/file0 supports timestamps until 2038 (0x7fffffff) [ 374.382925][ T5654] plantronics 0003:047F:FFFF.0011: unknown main item tag 0x0 [ 374.391214][ T8298] EXT4-fs error (device loop1): ext4_acquire_dquot:6196: comm syz.1.1054: Failed to acquire dquot type 0 [ 374.399982][ T5654] plantronics 0003:047F:FFFF.0011: unknown main item tag 0x0 [ 374.429434][ T5654] plantronics 0003:047F:FFFF.0011: No inputs registered, leaving [ 374.452092][ T5654] plantronics 0003:047F:FFFF.0011: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 374.750927][ T2988] usb 4-1: USB disconnect, device number 10 [ 375.814205][ T2988] Bluetooth: hci3: command 0x0406 tx timeout [ 376.094309][ T8321] loop2: detected capacity change from 0 to 2048 [ 377.512127][ T8333] loop3: detected capacity change from 0 to 128 [ 377.725802][ T3611] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0 [ 377.734878][ T3611] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0 [ 377.751264][ T8342] loop1: detected capacity change from 0 to 1024 [ 377.766580][ T3611] hid-generic 0000:0000:0000.0012: hidraw0: HID v0.00 Device [syz0] on syz1 [ 377.786624][ T8321] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 377.806800][ T8345] loop0: detected capacity change from 0 to 512 [ 377.843733][ T8333] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 377.855559][ T8342] EXT4-fs (loop1): Ignoring removed orlov option [ 377.867150][ T8333] ext4 filesystem being mounted at /98/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff) [ 377.900449][ T8342] EXT4-fs (loop1): Ignoring removed nomblk_io_submit option [ 377.939298][ T8345] EXT4-fs error (device loop0): ext4_orphan_get:1397: inode #15: comm syz.0.1067: casefold flag without casefold feature [ 377.993510][ T8345] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #12: comm syz.0.1067: missing EA_INODE flag [ 378.047109][ T8333] EXT4-fs warning (device loop3): dx_probe:893: inode #2: comm syz.3.1061: dx entry: limit 62 != root limit 105 [ 378.060382][ T8342] EXT4-fs (loop1): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 378.105280][ T8333] EXT4-fs warning (device loop3): dx_probe:966: inode #2: comm syz.3.1061: Corrupt directory, running e2fsck is recommended [ 378.118923][ T8345] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.1067: error while reading EA inode 12 err=-117 [ 378.139547][ T8345] EXT4-fs (loop0): 1 orphan inode deleted [ 378.145945][ T8345] EXT4-fs (loop0): mounted filesystem without journal. Opts: noquota,journal_dev=0x0000000000000007,quota,init_itable=0x0000000000000004,errors=continue,errors=continue,data_err=ignore,delalloc,jqfmt=vfsold,norecovery,errors=continue,errors=continue,,errors=continue. Quota mode: writeback. [ 378.207937][ T26] kauditd_printk_skb: 22 callbacks suppressed [ 378.207951][ T26] audit: type=1804 audit(1725549033.984:101): pid=8342 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.1065" name="/newroot/6/file1/file1" dev="loop1" ino=15 res=1 errno=0 [ 378.240555][ T8345] EXT4-fs error (device loop0): ext4_add_entry:2484: inode #2: comm syz.0.1067: Directory hole found for htree leaf block 0 [ 378.293023][ T8345] EXT4-fs error (device loop0): ext4_add_entry:2484: inode #2: comm syz.0.1067: Directory hole found for htree leaf block 0 [ 378.298260][ T6630] EXT4-fs warning (device loop3): dx_probe:893: inode #2: comm syz-executor: dx entry: limit 62 != root limit 105 [ 378.345531][ T26] audit: type=1326 audit(1725549034.124:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8343 comm="syz.0.1067" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7a5e242ef9 code=0x0 [ 378.396742][ T6630] EXT4-fs warning (device loop3): dx_probe:966: inode #2: comm syz-executor: Corrupt directory, running e2fsck is recommended [ 378.435977][ T8359] dccp_close: ABORT with 9144 bytes unread [ 378.437049][ T1389] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.515625][ T6630] EXT4-fs error (device loop3): ext4_readdir:260: inode #2: block 4: comm syz-executor: path (unknown): bad entry in directory: rec_len % 4 != 0 - offset=12, inode=4227584, rec_len=65535, size=1024 fake=0 [ 378.587099][ T6630] EXT4-fs warning (device loop3): dx_probe:893: inode #2: comm syz-executor: dx entry: limit 62 != root limit 105 [ 378.602070][ T6630] EXT4-fs warning (device loop3): dx_probe:966: inode #2: comm syz-executor: Corrupt directory, running e2fsck is recommended [ 378.615912][ T6630] EXT4-fs error (device loop3): ext4_lookup:1853: inode #2: comm syz-executor: '' linked to parent dir [ 378.735288][ T6630] EXT4-fs warning (device loop3): dx_probe:893: inode #2: comm syz-executor: dx entry: limit 62 != root limit 105 [ 378.888917][ T6630] EXT4-fs warning (device loop3): dx_probe:966: inode #2: comm syz-executor: Corrupt directory, running e2fsck is recommended [ 379.093499][ T8363] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability [ 379.194148][ T6630] EXT4-fs error (device loop3): ext4_lookup:1853: inode #2: comm syz-executor: '' linked to parent dir [ 379.247458][ T8363] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16 [ 380.336042][ T154] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 380.390997][ T154] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 380.480878][ T154] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 380.612845][ T8392] loop0: detected capacity change from 0 to 256 [ 380.647568][ T154] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 381.562509][ T154] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 381.583751][ T8392] FAT-fs (loop0): Directory bread(block 64) failed [ 382.024607][ T8392] FAT-fs (loop0): Directory bread(block 65) failed [ 382.500716][ T8392] FAT-fs (loop0): Directory bread(block 66) failed [ 382.514855][ T154] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 382.589389][ T8392] FAT-fs (loop0): Directory bread(block 67) failed [ 382.601130][ T8392] FAT-fs (loop0): Directory bread(block 68) failed [ 382.657824][ T8392] FAT-fs (loop0): Directory bread(block 69) failed [ 382.695219][ T8392] FAT-fs (loop0): Directory bread(block 70) failed [ 382.723744][ T8392] FAT-fs (loop0): Directory bread(block 71) failed [ 382.755984][ T8392] FAT-fs (loop0): Directory bread(block 72) failed [ 382.773058][ T8392] FAT-fs (loop0): Directory bread(block 73) failed [ 383.097946][ T154] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 383.466820][ T154] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 383.625660][ T8402] chnl_net:caif_netlink_parms(): no params data found [ 383.925155][ T8429] virtio-fs: tag <(null)> not found [ 383.967413][ T3609] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0 [ 383.995358][ T3609] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0 [ 384.019850][ T3609] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0 [ 384.047822][ T3609] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0 [ 384.074872][ T3609] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0 [ 384.083181][ T8402] bridge0: port 1(bridge_slave_0) entered blocking state [ 384.097800][ T8402] bridge0: port 1(bridge_slave_0) entered disabled state [ 384.102870][ T3609] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0 [ 384.122693][ T8402] device bridge_slave_0 entered promiscuous mode [ 384.138609][ T3609] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0 [ 384.158945][ T8402] bridge0: port 2(bridge_slave_1) entered blocking state [ 384.174189][ T3609] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0 [ 384.190054][ T8402] bridge0: port 2(bridge_slave_1) entered disabled state [ 384.205023][ T3609] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0 [ 384.220842][ T8402] device bridge_slave_1 entered promiscuous mode [ 384.227789][ T3609] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0 [ 384.247506][ T3609] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0 [ 384.259248][ T3609] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0 [ 384.266722][ T3609] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0 [ 384.274248][ T3609] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0 [ 384.281708][ T3609] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0 [ 384.289167][ T3609] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0 [ 384.298442][ T3609] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0 [ 384.307136][ T3609] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0 [ 384.316672][ T3609] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0 [ 384.324188][ T3609] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0 [ 384.331761][ T3609] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0 [ 384.339402][ T3609] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0 [ 384.346907][ T3609] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0 [ 384.354639][ T3609] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0 [ 384.368577][ T3609] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0 [ 384.377177][ T3609] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0 [ 384.392444][ T3609] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0 [ 384.404334][ T3609] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0 [ 384.415417][ T3609] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0 [ 384.423018][ T3609] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0 [ 384.430505][ T3609] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0 [ 384.437966][ T3609] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0 [ 384.448357][ T3609] hid-generic 0000:0000:0000.0013: hidraw0: HID v0.00 Device [syz0] on syz0 [ 384.582933][ T8402] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 384.622314][ T2988] Bluetooth: hci3: command 0x0409 tx timeout [ 384.692397][ T8402] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 384.759833][ T8130] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 384.884217][ T8440] device vlan2 entered promiscuous mode [ 385.108022][ T8402] team0: Port device team_slave_0 added [ 385.119959][ T8130] usb 2-1: config 0 has no interfaces? [ 385.198476][ T8402] team0: Port device team_slave_1 added [ 385.216074][ C0] eth0: bad gso: type: 1, size: 1408 [ 385.261819][ T8454] loop2: detected capacity change from 0 to 16 [ 385.280259][ T8130] usb 2-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice=98.00 [ 385.293765][ T8130] usb 2-1: New USB device strings: Mfr=18, Product=255, SerialNumber=255 [ 385.302502][ T8130] usb 2-1: Product: syz [ 385.307099][ T8130] usb 2-1: Manufacturer: syz [ 385.326377][ T8130] usb 2-1: SerialNumber: syz [ 385.335904][ T8454] erofs: (device loop2): mounted with root inode @ nid 36. [ 385.348995][ T8454] attempt to access beyond end of device [ 385.348995][ T8454] loop2: rw=0, want=40, limit=16 [ 385.360331][ T8130] usb 2-1: config 0 descriptor?? [ 385.364717][ T8454] attempt to access beyond end of device [ 385.364717][ T8454] loop2: rw=0, want=40, limit=16 [ 385.393109][ T8454] erofs: (device loop2): z_erofs_readahead: readahead error at page 3599 @ nid 36 [ 385.429055][ T8402] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 385.436199][ T8402] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 385.476898][ T8402] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 385.499438][ T8402] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 385.608166][ T8402] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 385.662938][ T8402] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 385.664323][ T5654] usb 2-1: USB disconnect, device number 10 [ 386.199130][ T8402] device hsr_slave_0 entered promiscuous mode [ 386.208189][ T8402] device hsr_slave_1 entered promiscuous mode [ 386.224256][ T8402] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 386.235448][ T8402] Cannot create hsr debugfs directory [ 386.504282][ T8466] vhci_hcd: invalid port number 0 [ 386.512597][ T8466] binder: 8465:8466 ioctl c00c6211 0 returned -22 [ 386.679963][ T5654] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 386.703243][ T13] Bluetooth: hci3: command 0x041b tx timeout [ 387.644139][ T154] device hsr_slave_0 left promiscuous mode [ 387.651374][ T154] device hsr_slave_1 left promiscuous mode [ 387.657846][ T154] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 387.666567][ T154] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 387.674586][ T154] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 387.682545][ T154] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 387.690557][ T154] device bridge_slave_1 left promiscuous mode [ 387.697069][ T154] bridge0: port 2(bridge_slave_1) entered disabled state [ 387.729935][ T13] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 388.070545][ T27] INFO: task syz.4.581:6409 blocked for more than 143 seconds. [ 388.086174][ T27] Not tainted 5.15.166-syzkaller #0 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 388.201316][ T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 388.320342][ T13] usb 2-1: New USB device found, idVendor=03fd, idProduct=ebbe, bcdDevice=d2.0d [ 388.341427][ T27] task:syz.4.581 state:D stack:23424 pid: 6409 ppid: 5732 flags:0x00004004 [ 388.349784][ T154] device bridge_slave_0 left promiscuous mode [ 388.352631][ T27] Call Trace: [ 388.367341][ T27] [ 388.371835][ T27] __schedule+0x12c4/0x45b0 [ 388.376432][ T27] ? blk_flush_plug_list+0x452/0x490 [ 388.408257][ T27] ? release_firmware_map_entry+0x190/0x190 [ 388.419907][ T5654] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 388.446868][ T154] bridge0: port 1(bridge_slave_0) entered disabled state [ 388.472436][ T5654] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 388.482756][ T27] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 388.488944][ T27] ? blk_check_plugged+0x250/0x250 [ 388.502761][ T13] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 388.519829][ T13] usb 2-1: Product: syz [ 388.524014][ T13] usb 2-1: Manufacturer: syz [ 388.528609][ T13] usb 2-1: SerialNumber: syz [ 388.539809][ T5654] usb 1-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00 [ 388.548865][ T5654] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 388.551002][ T13] usb 2-1: config 0 descriptor?? [ 388.559807][ T27] ? print_irqtrace_events+0x210/0x210 [ 388.572640][ T27] ? _raw_spin_lock_irq+0xdb/0x110 [ 388.577777][ T27] schedule+0x11b/0x1f0 [ 388.588461][ T27] io_schedule+0x88/0x100 [ 388.592837][ T27] wait_on_page_bit_common+0xa13/0x1180 [ 388.598392][ T27] ? wait_on_page_bit+0x50/0x50 [ 388.605104][ T5654] usb 1-1: config 0 descriptor?? [ 388.612586][ T27] ? rcu_lock_release+0x20/0x20 [ 388.617597][ T27] ? bio_add_page+0x2b3/0x450 [ 388.622401][ T27] z_erofs_runqueue+0x788/0x1a80 [ 388.627335][ T27] ? tick_nohz_tick_stopped+0x77/0xb0 [ 388.632783][ T27] ? z_erofs_do_read_page+0x2600/0x2600 [ 388.638437][ T27] ? __bpf_trace_erofs_destroy_inode+0x20/0x20 [ 388.644675][ T27] z_erofs_readahead+0xc9a/0x1280 [ 388.649861][ T27] ? z_erofs_readpage+0x840/0x840 [ 388.654914][ T27] read_pages+0x159/0x8e0 [ 388.659325][ T27] ? page_cache_ra_unbounded+0x930/0x930 [ 388.664973][ T27] ? add_to_page_cache_locked+0x40/0x40 [ 388.672637][ T27] ? down_read+0x1b3/0x2e0 [ 388.677067][ T27] page_cache_ra_unbounded+0x7b0/0x930 [ 388.685358][ T27] ? read_cache_pages_invalidate_pages+0x1c0/0x1c0 [ 388.692204][ T27] force_page_cache_ra+0x378/0x3e0 [ 388.697605][ T27] generic_fadvise+0x5ba/0x8b0 [ 388.702769][ T27] ? dump_task+0x5f0/0x5f0 [ 388.707205][ T27] ? __fdget+0x191/0x220 [ 388.711520][ T27] __x64_sys_fadvise64+0x138/0x180 [ 388.716766][ T27] do_syscall_64+0x3b/0xb0 [ 388.721477][ T27] ? clear_bhb_loop+0x15/0x70 [ 388.726157][ T27] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 388.732446][ T27] RIP: 0033:0x7effb1304ef9 [ 388.736876][ T27] RSP: 002b:00007effaf77e038 EFLAGS: 00000246 ORIG_RAX: 00000000000000dd [ 388.745455][ T27] RAX: ffffffffffffffda RBX: 00007effb14bdf80 RCX: 00007effb1304ef9 [ 388.753542][ T27] RDX: 0000000000004101 RSI: 0000000000e0ffff RDI: 0000000000000004 [ 388.759968][ T4073] Bluetooth: hci3: command 0x040f tx timeout [ 388.761611][ T27] RBP: 00007effb137701e R08: 0000000000000000 R09: 0000000000000000 [ 388.775529][ T27] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 [ 388.783651][ T27] R13: 0000000000000000 R14: 00007effb14bdf80 R15: 00007ffed48100e8 [ 388.791771][ T27] [ 388.797092][ T27] [ 388.797092][ T27] Showing all locks held in the system: [ 388.805002][ T27] 5 locks held by kworker/0:1/13: [ 388.810162][ T27] #0: ffff88801c107138 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0 [ 388.821546][ T27] #1: ffffc90000d27d20 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0 [ 388.832881][ T27] #2: ffff888023f8b220 (&dev->mutex){....}-{3:3}, at: hub_event+0x208/0x54c0 [ 388.842447][ T27] #3: ffff888074896220 (&dev->mutex){....}-{3:3}, at: __device_attach+0x8a/0x570 [ 388.851739][ T27] #4: ffff88814813df68 (hcd->bandwidth_mutex){+.+.}-{3:3}, at: usb_set_configuration+0x54f/0x2020 [ 388.862484][ T27] 1 lock held by khungtaskd/27: [ 388.867321][ T27] #0: ffffffff8c91fbe0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x0/0x30 [ 388.877000][ T27] 4 locks held by kworker/u4:2/154: [ 388.882478][ T27] #0: ffff8880171d5938 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0 [ 388.893036][ T27] #1: ffffc90001ff7d20 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0 [ 388.903626][ T27] #2: ffffffff8da25a50 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0xf1/0xb60 [ 388.913150][ T27] #3: ffffffff8da31608 (rtnl_mutex){+.+.}-{3:3}, at: default_device_exit_batch+0x1ac/0x3f0 [ 388.923767][ T27] 3 locks held by kworker/0:3/2988: [ 388.928958][ T27] #0: ffff888017070938 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0 [ 388.939325][ T27] #1: ffffc9000bac7d20 ((work_completion)(&(&nsim_dev->trap_data->trap_report_dw)->work)){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0 [ 388.953776][ T27] #2: ffff888029b1e400 (&nsim_dev->port_list_lock#2){+.+.}-{3:3}, at: nsim_dev_trap_report_work+0x56/0xab0 [ 388.965364][ T27] 2 locks held by getty/3321: [ 388.970065][ T27] #0: ffff88814b18f098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x21/0x70 [ 388.980454][ T27] #1: ffffc9000229b2e8 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6af/0x1db0 [ 388.990627][ T27] 3 locks held by kworker/u4:5/3607: [ 388.995917][ T27] #0: ffff888017079138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0 [ 389.007293][ T27] #1: ffffc90003007d20 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0 [ 389.017966][ T27] #2: ffffffff8da31608 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xa/0x50 [ 389.027275][ T27] 3 locks held by kworker/1:5/3611: [ 389.032518][ T27] #0: ffff888017070938 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0 [ 389.042940][ T27] #1: ffffc90003057d20 (free_ipc_work){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0 [ 389.053088][ T27] #2: ffffffff8c9241a8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x350/0x740 [ 389.064066][ T27] 3 locks held by kworker/u4:12/4250: [ 389.069444][ T27] #0: ffff8880b913a318 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x26/0x140 [ 389.079503][ T27] #1: ffff8880b9127848 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x4e1/0x810 [ 389.091193][ T27] #2: ffff8880b9127848 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: enqueue_task+0x2fe/0x3a0 [ 389.102722][ T27] 5 locks held by kworker/1:12/5654: [ 389.108012][ T27] #0: ffff88801c107138 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0 [ 389.119147][ T27] #1: ffffc90002fc7d20 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0 [ 389.131048][ T27] #2: ffff888024018220 (&dev->mutex){....}-{3:3}, at: hub_event+0x208/0x54c0 [ 389.140133][ T27] #3: ffff88805fa37220 (&dev->mutex){....}-{3:3}, at: __device_attach+0x8a/0x570 [ 389.149557][ T27] #4: ffff888023f4e268 (hcd->bandwidth_mutex){+.+.}-{3:3}, at: usb_set_configuration+0x54f/0x2020 [ 389.160629][ T27] 3 locks held by kworker/1:14/5656: [ 389.165911][ T27] #0: ffff888017070938 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0 [ 389.176633][ T27] #1: ffffc90003387d20 (deferred_process_work){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0 [ 389.187150][ T27] #2: ffffffff8da31608 (rtnl_mutex){+.+.}-{3:3}, at: switchdev_deferred_process_work+0xa/0x20 [ 389.197580][ T27] 1 lock held by syz.4.581/6409: [ 389.202614][ T27] #0: ffff8880622c0320 (mapping.invalidate_lock#12){.+.+}-{3:3}, at: page_cache_ra_unbounded+0x1a6/0x930 [ 389.213977][ T27] 2 locks held by syz.4.625/6642: [ 389.219020][ T27] #0: ffff888022e10ff0 (&hdev->req_lock){+.+.}-{3:3}, at: hci_dev_do_close+0x63/0x1070 [ 389.229235][ T27] #1: ffff888022e10078 (&hdev->lock){+.+.}-{3:3}, at: hci_dev_do_close+0x431/0x1070 [ 389.239549][ T27] 2 locks held by kworker/1:20/8130: [ 389.244906][ T27] #0: ffff888017072138 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0 [ 389.255560][ T27] #1: ffffc900033a7d20 ((work_completion)(&rew.rew_work)){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0 [ 389.267094][ T27] 7 locks held by syz-executor/8402: [ 389.272411][ T27] #0: ffff88807e5ee460 (sb_writers#8){.+.+}-{0:0}, at: vfs_write+0x29a/0xe50 [ 389.281335][ T27] #1: ffff88801fed0088 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x1e7/0x4f0 [ 389.291155][ T27] #2: ffff88802314ba00 (kn->active#232){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x20b/0x4f0 [ 389.301508][ T27] #3: ffffffff8d373348 (nsim_bus_dev_list_lock){+.+.}-{3:3}, at: del_device_store+0xf1/0x470 [ 389.315400][ T27] #4: ffff888029b18178 (&dev->mutex){....}-{3:3}, at: device_release_driver_internal+0xc2/0x7f0 [ 389.326564][ T27] #5: ffff888029b1e400 (&nsim_dev->port_list_lock#2){+.+.}-{3:3}, at: nsim_dev_reload_destroy+0x118/0x240 [ 389.338187][ T27] #6: ffffffff8da31608 (rtnl_mutex){+.+.}-{3:3}, at: netdev_run_todo+0xa4f/0xc40 [ 389.348011][ T27] 1 lock held by syz.2.1098/8454: [ 389.353106][ T27] #0: ffff88805e41d2e0 (mapping.invalidate_lock#12){.+.+}-{3:3}, at: page_cache_ra_unbounded+0x1a6/0x930 [ 389.364814][ T27] 3 locks held by syz.0.1101/8464: [ 389.370029][ T27] #0: ffff8880640c4ff0 (&hdev->req_lock){+.+.}-{3:3}, at: hci_dev_do_close+0x63/0x1070 [ 389.380495][ T27] #1: ffff8880640c4078 (&hdev->lock){+.+.}-{3:3}, at: hci_dev_do_close+0x431/0x1070 [ 389.390115][ T27] #2: ffffffff8db7ac68 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_hash_flush+0xb8/0x220 [ 389.400230][ T27] 4 locks held by syz.1.1104/8472: [ 389.405352][ T27] #0: ffff88801ecacff0 (&hdev->req_lock){+.+.}-{3:3}, at: hci_dev_do_close+0x63/0x1070 [ 389.415116][ T27] #1: ffff88801ecac078 (&hdev->lock){+.+.}-{3:3}, at: hci_dev_do_close+0x431/0x1070 [ 389.424711][ T27] #2: ffffffff8db7ac68 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_hash_flush+0xb8/0x220 [ 389.435036][ T27] #3: ffffffff8c9241a8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x350/0x740 [ 389.448680][ T27] [ 389.459977][ T27] ============================================= [ 389.459977][ T27] [ 389.468406][ T27] NMI backtrace for cpu 0 [ 389.472734][ T27] CPU: 0 PID: 27 Comm: khungtaskd Not tainted 5.15.166-syzkaller #0 [ 389.480714][ T27] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 389.490773][ T27] Call Trace: [ 389.494064][ T27] [ 389.496996][ T27] dump_stack_lvl+0x1e3/0x2d0 [ 389.501677][ T27] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 389.507289][ T27] ? panic+0x860/0x860 [ 389.511343][ T27] ? nmi_cpu_backtrace+0x23b/0x4a0 [ 389.516451][ T27] nmi_cpu_backtrace+0x46a/0x4a0 [ 389.521450][ T27] ? __wake_up_klogd+0xd5/0x100 [ 389.526277][ T27] ? nmi_trigger_cpumask_backtrace+0x2a0/0x2a0 [ 389.532410][ T27] ? _printk+0xd1/0x120 [ 389.536547][ T27] ? panic+0x860/0x860 [ 389.540597][ T27] ? __wake_up_klogd+0xcc/0x100 [ 389.545440][ T27] ? panic+0x860/0x860 [ 389.549484][ T27] ? __rcu_read_unlock+0x92/0x100 [ 389.554485][ T27] ? arch_trigger_cpumask_backtrace+0x10/0x10 [ 389.560532][ T27] nmi_trigger_cpumask_backtrace+0x181/0x2a0 [ 389.566495][ T27] watchdog+0xe72/0xeb0 [ 389.570638][ T27] kthread+0x3f6/0x4f0 [ 389.574705][ T27] ? hungtask_pm_notify+0x50/0x50 [ 389.579852][ T27] ? kthread_blkcg+0xd0/0xd0 [ 389.584425][ T27] ret_from_fork+0x1f/0x30 [ 389.588827][ T27] [ 389.592717][ T27] Sending NMI from CPU 0 to CPUs 1: [ 389.597931][ C1] NMI backtrace for cpu 1 [ 389.597942][ C1] CPU: 1 PID: 385 Comm: kworker/u4:3 Not tainted 5.15.166-syzkaller #0 [ 389.597958][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 389.597967][ C1] Workqueue: bat_events batadv_nc_worker [ 389.597988][ C1] RIP: 0010:mark_lock+0x1/0x340 [ 389.598004][ C1] Code: ff ff 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 73 ff ff ff 4c 89 ff e8 ee 08 67 00 e9 66 ff ff ff e8 74 03 d1 08 0f 1f 40 00 55 <41> 57 41 56 41 55 41 54 53 48 83 ec 10 49 89 f7 48 89 3c 24 49 bd [ 389.598016][ C1] RSP: 0018:ffffc90002fb79b0 EFLAGS: 00000002 [ 389.598028][ C1] RAX: 0000000000040729 RBX: ffff88801e5ae458 RCX: ffffffff81631a88 [ 389.598039][ C1] RDX: 0000000000000002 RSI: ffff88801e5ae458 RDI: ffff88801e5ad940 [ 389.598049][ C1] RBP: ffffc90002fb7a80 R08: dffffc0000000000 R09: fffffbfff20e2235 [ 389.598060][ C1] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff88801e5ae478 [ 389.598069][ C1] R13: 0000000000000001 R14: ffff88801e5ae428 R15: 1ffff11003cb5c85 [ 389.598079][ C1] FS: 0000000000000000(0000) GS:ffff8880b9100000(0000) knlGS:0000000000000000 [ 389.598092][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 389.598103][ C1] CR2: 00007ffc812efff8 CR3: 000000007d592000 CR4: 00000000003506e0 [ 389.598116][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 389.598124][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 389.598133][ C1] Call Trace: [ 389.598137][ C1] [ 389.598143][ C1] ? nmi_cpu_backtrace+0x39f/0x4a0 [ 389.598160][ C1] ? read_lock_is_recursive+0x10/0x10 [ 389.598175][ C1] ? nmi_trigger_cpumask_backtrace+0x2a0/0x2a0 [ 389.598197][ C1] ? nmi_cpu_backtrace_handler+0x8/0x10 [ 389.598212][ C1] ? nmi_handle+0xf7/0x370 [ 389.598228][ C1] ? mark_lock+0x1/0x340 [ 389.598240][ C1] ? default_do_nmi+0x62/0x150 [ 389.598257][ C1] ? exc_nmi+0xa8/0x100 [ 389.598270][ C1] ? end_repeat_nmi+0x16/0x31 [ 389.598286][ C1] ? mark_lock+0x98/0x340 [ 389.598298][ C1] ? mark_lock+0x1/0x340 [ 389.598311][ C1] ? mark_lock+0x1/0x340 [ 389.598329][ C1] ? mark_lock+0x1/0x340 [ 389.598341][ C1] [ 389.598345][ C1] [ 389.598350][ C1] lockdep_hardirqs_on_prepare+0x27d/0x7a0 [ 389.598365][ C1] ? print_irqtrace_events+0x210/0x210 [ 389.598379][ C1] ? lockdep_hardirqs_on_prepare+0x7a0/0x7a0 [ 389.598394][ C1] ? __local_bh_enable_ip+0x102/0x1f0 [ 389.598409][ C1] trace_hardirqs_on+0x67/0x80 [ 389.598426][ C1] __local_bh_enable_ip+0x164/0x1f0 [ 389.598440][ C1] ? batadv_nc_purge_paths+0x30e/0x3b0 [ 389.598455][ C1] ? _local_bh_enable+0xa0/0xa0 [ 389.598469][ C1] ? batadv_nc_purge_paths+0xe8/0x3b0 [ 389.598484][ C1] ? batadv_nc_purge_paths+0x3b0/0x3b0 [ 389.598500][ C1] batadv_nc_purge_paths+0x30e/0x3b0 [ 389.598520][ C1] batadv_nc_worker+0x2cf/0x5b0 [ 389.598538][ C1] process_one_work+0x8a1/0x10c0 [ 389.598559][ C1] ? worker_detach_from_pool+0x260/0x260 [ 389.598575][ C1] ? _raw_spin_lock_irqsave+0x120/0x120 [ 389.598592][ C1] ? kthread_data+0x4e/0xc0 [ 389.598605][ C1] ? wq_worker_running+0x97/0x170 [ 389.598620][ C1] worker_thread+0xaca/0x1280 [ 389.598644][ C1] kthread+0x3f6/0x4f0 [ 389.598656][ C1] ? rcu_lock_release+0x20/0x20 [ 389.598671][ C1] ? kthread_blkcg+0xd0/0xd0 [ 389.598684][ C1] ret_from_fork+0x1f/0x30 [ 389.598705][ C1] [ 389.658987][ T27] Kernel panic - not syncing: hung_task: blocked tasks [ 389.933999][ T27] CPU: 1 PID: 27 Comm: khungtaskd Not tainted 5.15.166-syzkaller #0 [ 389.941954][ T27] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 389.951987][ T27] Call Trace: [ 389.955251][ T27] [ 389.958159][ T27] dump_stack_lvl+0x1e3/0x2d0 [ 389.962822][ T27] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 389.968436][ T27] ? panic+0x860/0x860 [ 389.972594][ T27] panic+0x318/0x860 [ 389.976467][ T27] ? schedule_preempt_disabled+0x20/0x20 [ 389.982069][ T27] ? nmi_trigger_cpumask_backtrace+0x221/0x2a0 [ 389.988198][ T27] ? fb_is_primary_device+0xd0/0xd0 [ 389.993374][ T27] ? arch_trigger_cpumask_backtrace+0x10/0x10 [ 389.999421][ T27] ? nmi_trigger_cpumask_backtrace+0x221/0x2a0 [ 390.005571][ T27] ? nmi_trigger_cpumask_backtrace+0x281/0x2a0 [ 390.011705][ T27] ? nmi_trigger_cpumask_backtrace+0x286/0x2a0 [ 390.017839][ T27] watchdog+0xeb0/0xeb0 [ 390.021988][ T27] kthread+0x3f6/0x4f0 [ 390.026034][ T27] ? hungtask_pm_notify+0x50/0x50 [ 390.031032][ T27] ? kthread_blkcg+0xd0/0xd0 [ 390.035595][ T27] ret_from_fork+0x1f/0x30 [ 390.039991][ T27] [ 390.043265][ T27] Kernel Offset: disabled [ 390.047594][ T27] Rebooting in 86400 seconds..