last executing test programs: 15.126439341s ago: executing program 2 (id=297): bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f0000000280)=@framed={{}, [@call={0x85, 0x0, 0x0, 0xf}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000280)='./file0\x00', 0x87, &(0x7f0000000180), 0x0, 0x594, &(0x7f00000002c0)="$eJzs3U9sFNUfAPDvzPYPLf3R8osxwMUmHCAxLrQ1gp4Ab8YY/x5NaEohDQsltCZAeoC7Bw8cvJp48eoF9USi8eDBgyfw5NmEmAapiTHWzO5MWej2T0rbKZ3PJ5nuvHnbfe/bybfz3s6+bACVNZz9SCMORsTZJGKwra4r8srh1vMW5ucm/pqfm0hicfGDP5JIIuLR/NxE8fwkf9ybF/ZExC9nIv5fW97uzPUbF8cbjcmrefnY7KUrx2au33hl6tL4hckLk5fHRkZff3VsbOzEyeJXep811o/eP/RO/eO37n81/do/t9/b91MSp2KgVVWLtjg2y3AML/1N2mV/1xOb3VhJank8neJk5yvOX3dEvBiDUcuzPjMYU5+W2jlgSy3WIhaBikrkP1RUMQ7I5vHFVu6IZHs9ON2aAGVxL+Rbq6ar9d5I7MnmRgO9D5O2mVFrvju0Ce1nbVw7cub7bIun3k/ZDjdvRcSBTuc/afZtqPkuTkT/w/SJ+NOIOJ4/ZsdHN9j+8FPl5yn+U23xn9lg+6vF37XB1wSAtdw93bqQL7/+pUvjn2he/54c/wx0uHZtRNnX/2L8t7Bs/Pc4/lqH+LPx37vrbOPXH+/8vFJd+/gv2xbmaxPFWHA7PLgVcahj/MlS/EmH+LNxz9l1tvH1N4dXvHe3PP65bY1/8YuII9E5/kKy+v3JY+enGpPHWz87tvHbgTfvrNR+2fFn579/hfhXO//ZsSvrbONk/9HPV6pbO/70957kw+ZeT37k2vjs7NWRiJ7k7eXH15iIFM8pXiOL/+jh1fO/U/x92dxhnfE/mv7u743Hv7Wy+M9t8Px/ts42vv3yh3sr1ZUdPwAAAAAAAOwmafOzHElaX9pP03q9tYb3hehPG9Mzsy+fn/7k8rnWZz6Gojst7nQPtspJVh7JPw9blEefKo9FxP6IuF3ra5brE9ONc2UHDwAAAAAAAAAAAAAAAAAAADvE3rb1/10R8Wettf4fqAhfNAbVJf+huuQ/VJf8h+qS/1Bd8h+qS/5Ddcl/qC75D9Ul/6G65D8AAAAA7Er7X7p7P4mIm2/0NbdMT17XXWrPgK2Wlt0BoDS1sjsAlMatf6guc3wgWaN+zxMPbe6u9ZsAAAAAAAAAAAAAwGY5ctD6f6gq6/+huqz/h+qy/h+qyxwfWOf6/+Ws/wcAAAAAAAAAAACAbTPQ3JK0nq8FHog0rdcj/hcRQ9GdnJ9qTB6PiH0Rca/W3ZuVR8ruNAAAAAAAAAAAAAAAAAAAAOwyM9dvXBxvNCav2rGz/Tt9EbEDuvEMO/+O7oBu9ObZvJmvXPI/JgAAAAAAAAAAAAAAAAAAqKDHi37L7gkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAlOfx9/9v3U7ZMQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAz6f/AgAA///fCQzH") write$binfmt_script(r1, &(0x7f0000000240), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r1, 0x0) r2 = dup(r0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r0, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000}) ioctl$KVM_NMI(r3, 0xae9a) ioctl$KVM_RUN(r3, 0xae80, 0x0) 11.998422561s ago: executing program 1 (id=304): syz_mount_image$vfat(&(0x7f0000000240), &(0x7f0000000040)='./file0\x00', 0x101c08a, &(0x7f0000000540)={[{@shortname_mixed}, {@utf8}, {@fat=@errors_remount}, {@shortname_win95}, {@rodir}, {@fat=@fmask={'fmask', 0x3d, 0x3}}, {@numtail}, {@uni_xlate}, {@rodir}, {@fat=@debug}, {@utf8no}, {@utf8no}, {@fat=@codepage={'codepage', 0x3d, '861'}}, {@fat=@codepage={'codepage', 0x3d, '1250'}}, {@numtail}, {@numtail}, {}, {@fat=@showexec}]}, 0x7, 0x2b8, &(0x7f0000000640)="$eJzs3U9rK1UYB+B30mQSdZEsXInggC5cXW7v1k2K3AtiV16yUBdabAvSBKGFgn8wduXWjQsXfgJB8IO48RsIbgV3ViiMzGSmSdqYJtJUvH2eTd+eOb+Zd6aHdrro6Ycvj472szg8++LX6HSSaPSjH+dJ9KIRta9iTv+bAAD+z87zPP7IJ9bJJRHR2VxbAMAGrfbzvzktf7qTtgCADXr67ntv7+zuPn4nyzrxZPT16aD4zb74ODm+cxgfxzAO4mF04yKifFFoRfm2UJRP8jwfN7NCL14bjU8HRXL0wc/V+Xd+jyjz29GNXjl0+bZR5t/afbydTczkx0Ufz1fX7xf5R9GNFy/Dc/lHC/IxSOP1V2f6fxDd+OWj+CSGsV82Mc1/uZ1lb+bf/vn5+0V7RT4Znw7a5bypfOuOvzQAAAAAAAAAAAAAAAAAAAAAADzDHlR757Sj3L+nGKr239m6KD5pRVbrze/PM8kn9Ylm9wfK83ycx/f1/joPsyzLq4nTfDNeas5uLAgAAAAAAAAAAAAAAAAAAAD318mnnx3tDYcHx7dS1LsBNCPir6cR//Y8/ZmRV2L55HZ1zb3hsFGV83OasyOxVc9JIpa2UdzELT2Wm4rnrvVcFT/8uO4JOzfPaS2+1m0W9eo62ksWP8N21COdapF8l0ZM56Sx4rXSfzqUxzrLL114qLv2vacvlMV4yZxIljX2xm+TJ1eNJFfvIi2f6sJ4qypm4lfWxkrrOTqT+PXvFYndOgAAAAAAAAAAAAAAAAAAYKOmf/274ODZ0mgjb2+sLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4U9P//79GMa7CK0xO4/jkP75FAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7oG/AwAA//83x1yS") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r5, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) listen(r5, 0xfff) syz_emit_ethernet(0x4a, &(0x7f0000000240)={@local, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0) r6 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r6, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000bc0)=ANY=[@ANYBLOB="500000002700010000000000000000000a010100000000000000000000000000fe8000000000000000000000000000bb00000000000000000000000000000000560b46c98f3c758b03e9ed2d9e68ebc10d583cb16cbbe7ef4f1cca4ffc53c016b02b51320859df036997bb05c59a22a37cc946cbb3a3d7785d6d9e43eb6d60fcb354bbde29a3c90587894e276402d58e36d1c6bfbded7de7a6db7645b0ba335a1b1d5ee1365406ec341ae8e815c43e34023de7a6cc920393306f76e0027625d0441146752ef4667d721e55785b547148c1c902", @ANYRES32=0x0, @ANYRES32=0x0], 0x50}}, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000280)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x16, 0x16, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) ptrace$PTRACE_GETSIGMASK(0x420a, r0, 0x8, &(0x7f0000000280)) sendmsg$ETHTOOL_MSG_CHANNELS_GET(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000003c0)={0x14, 0x0, 0x400, 0x70bd2a, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) 11.998241511s ago: executing program 2 (id=305): prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000500)=0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) openat$ptp0(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r3 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000140), 0x256f16877c9c3f29, 0x0) ioctl$SNDCTL_DSP_GETOPTR(r3, 0x800c5012, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r4, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000540)=ANY=[@ANYBLOB="b0cc1ef1be010000000000de1b9f614ba04549afaac70ea8381f115b6425bd456ef0c6f999cf32f7b3c51dacc026d34bc6b48d7da69d55251836bb3b3438e1177cc80572535a75a221dab2512b592c1b74b46697a884da5a08ac99a444b72620d10900af8c4cc158e1994fd8443f10651ef8b3a620dacd357846eb26c055cdf3a4af3be09c7a471e45ce66fcef87780c94c245e2d66d273bf96e118da830fdf8e1e554868371b2cc73a6ccd2326b9d"], 0x14}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000) r5 = openat$6lowpan_enable(0xffffffffffffff9c, &(0x7f0000002d80), 0x2, 0x0) r6 = socket$inet_mptcp(0x2, 0x1, 0x106) shutdown(r6, 0x1) listen(r6, 0x0) shutdown(r6, 0x0) writev(r5, &(0x7f0000002f00)=[{&(0x7f0000002dc0)='2', 0x1}], 0x1) 11.998102981s ago: executing program 4 (id=306): syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x103400, 0x0) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000180)={'syzkaller0\x00', 0xde02}) preadv(r0, &(0x7f00000002c0)=[{&(0x7f0000000300)=""/133, 0x20000385}], 0x1, 0x0, 0x0) 9.225858247s ago: executing program 1 (id=308): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000001c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) io_setup(0x6b4, &(0x7f00000004c0)=0x0) io_destroy(r0) 9.153736353s ago: executing program 4 (id=310): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000300)=ANY=[@ANYBLOB="12010000000000084c05e60c00000000000109022400010000000009040000010300000009210000000122070009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f00000005c0)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="000090"], 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000700)={0x2c, 0x0, 0x0, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="2001"], 0x0}) socketpair$unix(0x1, 0x1, 0x0, 0x0) 8.485359557s ago: executing program 1 (id=312): r0 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0) ioctl$HIDIOCGUSAGE(r0, 0x501c4814, 0x0) ioctl$HIDIOCGUCODE(r0, 0xc018480d, &(0x7f00000000c0)={0x2, 0x100, 0x0, 0x0, 0x0, 0x4}) 8.059525378s ago: executing program 1 (id=315): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000280)='./file0\x00', 0x87, &(0x7f0000000180), 0x0, 0x594, &(0x7f00000002c0)="$eJzs3U9sFNUfAPDvzPYPLf3R8osxwMUmHCAxLrQ1gp4Ab8YY/x5NaEohDQsltCZAeoC7Bw8cvJp48eoF9USi8eDBgyfw5NmEmAapiTHWzO5MWej2T0rbKZ3PJ5nuvHnbfe/bybfz3s6+bACVNZz9SCMORsTZJGKwra4r8srh1vMW5ucm/pqfm0hicfGDP5JIIuLR/NxE8fwkf9ybF/ZExC9nIv5fW97uzPUbF8cbjcmrefnY7KUrx2au33hl6tL4hckLk5fHRkZff3VsbOzEyeJXep811o/eP/RO/eO37n81/do/t9/b91MSp2KgVVWLtjg2y3AML/1N2mV/1xOb3VhJank8neJk5yvOX3dEvBiDUcuzPjMYU5+W2jlgSy3WIhaBikrkP1RUMQ7I5vHFVu6IZHs9ON2aAGVxL+Rbq6ar9d5I7MnmRgO9D5O2mVFrvju0Ce1nbVw7cub7bIun3k/ZDjdvRcSBTuc/afZtqPkuTkT/w/SJ+NOIOJ4/ZsdHN9j+8FPl5yn+U23xn9lg+6vF37XB1wSAtdw93bqQL7/+pUvjn2he/54c/wx0uHZtRNnX/2L8t7Bs/Pc4/lqH+LPx37vrbOPXH+/8vFJd+/gv2xbmaxPFWHA7PLgVcahj/MlS/EmH+LNxz9l1tvH1N4dXvHe3PP65bY1/8YuII9E5/kKy+v3JY+enGpPHWz87tvHbgTfvrNR+2fFn579/hfhXO//ZsSvrbONk/9HPV6pbO/70957kw+ZeT37k2vjs7NWRiJ7k7eXH15iIFM8pXiOL/+jh1fO/U/x92dxhnfE/mv7u743Hv7Wy+M9t8Px/ts42vv3yh3sr1ZUdPwAAAAAAAOwmafOzHElaX9pP03q9tYb3hehPG9Mzsy+fn/7k8rnWZz6Gojst7nQPtspJVh7JPw9blEefKo9FxP6IuF3ra5brE9ONc2UHDwAAAAAAAAAAAAAAAAAAADvE3rb1/10R8Wettf4fqAhfNAbVJf+huuQ/VJf8h+qS/1Bd8h+qS/5Ddcl/qC75D9Ul/6G65D8AAAAA7Er7X7p7P4mIm2/0NbdMT17XXWrPgK2Wlt0BoDS1sjsAlMatf6guc3wgWaN+zxMPbe6u9ZsAAAAAAAAAAAAAwGY5ctD6f6gq6/+huqz/h+qy/h+qyxwfWOf6/+Ws/wcAAAAAAAAAAACAbTPQ3JK0nq8FHog0rdcj/hcRQ9GdnJ9qTB6PiH0Rca/W3ZuVR8ruNAAAAAAAAAAAAAAAAAAAAOwyM9dvXBxvNCav2rGz/Tt9EbEDuvEMO/+O7oBu9ObZvJmvXPI/JgAAAAAAAAAAAAAAAAAAqKDHi37L7gkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAlOfx9/9v3U7ZMQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAz6f/AgAA///fCQzH") write$binfmt_script(r2, &(0x7f0000000240), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r2, 0x0) r3 = dup(r1) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000}) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_RUN(r4, 0xae80, 0x0) 7.31449088s ago: executing program 1 (id=317): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000180)='./bus\x00', 0xe, &(0x7f0000000200)={[{@resuid}, {@init_itable}, {@stripe}, {@stripe={'stripe', 0x3d, 0x200}}]}, 0x3, 0x453, &(0x7f0000001f80)="$eJzs3M9vFFUcAPDvzHaLCNiKqPxS8Vck/mgpoHLwoEYTD5iY6EGPTVsIslBDayKEKBiDJ2NMvBuP/gt60Ysxnoxe9W5IiOECeFozuzN0d7u7tNsti93PJxl4b+ZN3/v2zdt9M2+3AQytfdk/ScTWiPgzIsbq2eYC++r/Xb96fubG1fMzSVSrb/+T1Mpdu3p+pihanLclz+xPI9LPktjTpt6Fs+dOTlcqc2fy/OTiqQ8mF86ee+7Eqenjc8fnTh88cuTwoakXXzj4fF/izNp0bffH83t3vfHeV28e/aIp/pY41mznpsYf3daT1WrfqrsTbGtIJyMDbAirUoqIrLvKtfE/FqVY6ryxeP3TgTYOWFfVarW6pfPhC1VgA0uiOW/Iw7Ao3uiz+99ia50EvLx+04+Bu/JK/QYoi/t6vtWPjESalym33N/2076IePfCv99kW/T7OQQAQBs/ZvOfZ9vN/9J4oKHcPfna0HhE3BsR2yPivojYERH3R9TKPhgRO1dZf+siyfL5T3q5p8BWKJv/vZSvbTXP/4rZX4yX8ty2Wvzl5NiJytyB/HeyP8qbsvxUlzp+eu2PLzsda5z/ZVtWfzEXzNtxeWRT8zmz04vTa4m50ZWLEbtH2sWf3FwJSCJiV0Ts7rGOE09/t7fTsVvH30Uf1pmq30Y8Ve//C9ESfyHpvj45eVdU5g5MFlfFcr/+dumtTvWvKf4+yPr/7rbX/834x5PG9dqF1ddx6a/PO97T9Hr9jybv1NKj+b6PphcXz0xFjCZH641u3H9w6dwiX5T/4ff6/nbjf3ss/Sb2RER2ET8UEQ9HxCN52x+NiMci4vEu8f/y6hPv9x7/+sr6f3ZV/b+UGI3WPe0TpZM/f99U6fiy+G907//DtdT+fM9KXv9W0q7ermYAAAD4/0kjYmsk6cTNdJpOTNQ/L78jIq3MLyw+c2z+w9Oz9e8IjEc5LZ50jTU8D53Kb+vr+YsRUf9oQXH8UP7c+OvS5lp+Yma+Mjvo4GHIbekw/jN/lwbdOmDd+b4WDC/jH4aX8Q/Dy/iH4dVm/G8eRDuA26/d+/8nA2gHcPu1jH/LfjBE3P/D8Oo4/jfyX/4Barz/w1Ba2By3/pJ810Txk3o8fcMmonxHNGPtiWrStnMjHXTDJNYzMdjXJQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgH75LwAA//8HW+BC") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x1}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0xb, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000100000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000000500000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6}]}) 7.228878248s ago: executing program 2 (id=319): mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x12) r0 = syz_open_dev$vcsu(0x0, 0x9, 0x2000) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0x0, 0x0, 0x41100, 0x3, '\x00', 0x0, 0x0, r0, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f0000000340)=[{0x0, 0x1, 0xa, 0x5}, {0x9, 0x5, 0xd, 0x9}], 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r1 = getpid() fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000000800)=ANY=[@ANYBLOB="b702000007000000bfa30000000000000703000000feffff7a0af0ff0000000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010001010404000001007d60b7030000010000006a0a00fe000000008500000032000000b700000001000000950000000000000075cdc4b57b0c65752a3ad50000007ddd0000cb45fd629100002000000000000000ff7f0000b52f17cee19d0001000000000000000000cb04fcbb0b9bafe3ba431351a58a885ba9918d37b056b9bbd11b6b9f6cf7db220100002600000000000080622ea74b2b7f6a0cad8c932e1559f5fc8cd77e84cef4a2ab938f65aac33c4d620de2c9b7dc10d7d313f9f57606b83b994fb484510bef2e4872f5c2fe6faaf75e5cc4051ade12f41deff6df6a936b4ec3827c739bb39aad16cc75fe369258673b5df11cc2afb53611cc32a790bce5a6f087ae8f5e64be2c9d2d00b391d8177d7bb9f129db3d36dd015c7bd3f15aa6aadbeafdc3cf4cda547a9f1c27a7b2a01685108e61aa000000000000000000000000008b798b4f7458d1863cc67c4c6a06e828e5216f601b19db1af1b5d356d0f062137d866d11befffffffeffffffff97d62ecc645e143a60f1c6edc76609073909826151e2b42bf0ed0c8cef3ba2a730a00c87c493db845b10e9468bda6f82881eb8c9cfa72b08eecc952a3fd2c46f3c1cde71a19d1a2982492abaa96665372831210e00512fea3b8d188df2eff8d56aaae7d32a2e183722537395019f02ec4b85f6aad7faca088de9b26797a8446b16c28d85f225992dbdd5bb01ba51508951c7a7d6ca0916c3a12912715649c2b1c7192a4251b59d378d0616a48c7957e122665c8b7e89eddfc3783f6c9129a7c5f8ee5f50579ebb6d949fb12f63be72a3d817b324d6cada0a16e31790e26cf19588a7e0496ee2782224cf30f810da86cf1a3204f4c9404f5d7321a4fefc4d1c9139ca4b65b99909950000006b42077ca60fdecb2717e21f8f187b1866108f6e8c71e26032176066599783568628f0309c3afa716d3706e1fa89917e131f4034a8383e99c3568fd04201b37cd92ca6ebf94a2d8310f7"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r4, 0x1f2f, 0xe, 0x0, &(0x7f00000007c0)="9f44948721919580684010a49e66", 0x0, 0x241, 0x0, 0x0, 0x0, 0x0}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0xffffffffffffffff, 0x0, &(0x7f00000000c0), &(0x7f0000000240), 0x800}, 0x38) bpf$MAP_LOOKUP_BATCH(0x19, &(0x7f0000000800)={0x0, &(0x7f0000000840)=""/121, &(0x7f0000000680), &(0x7f0000000540), 0x6c}, 0x38) 6.097991676s ago: executing program 2 (id=320): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0x2c, 0x0, 0x0) setsockopt$sock_attach_bpf(r0, 0x1, 0x34, &(0x7f0000000040), 0x4) 6.05653732s ago: executing program 4 (id=321): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'veth1_vlan\x00', 0x0}) sendto$packet(0xffffffffffffffff, &(0x7f00000006c0)="02030e00d3fc02000000ab5d71acedd7c9560385dcb1080084d7dc0398062f2405ce811cc3524cc67f8b5aeb3b1cc329e0396256f39052d7ecbc34b03546faa976fc65e3", 0x44, 0x0, &(0x7f0000000140)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @broadcast}, 0x14) 5.756028929s ago: executing program 2 (id=322): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000004c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0xfffffffe, 0xfffffffd, 0x2, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_open_dev$tty20(0xc, 0x4, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, @void, @value}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x24, 0x24, 0x2, [@struct={0x0, 0x0, 0x0, 0x4, 0x0, 0x8}, @ptr, @restrict={0x0, 0x0, 0x0, 0x4}]}}, 0x0, 0x3e, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000017c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x0, '\x00', 0x0, r4, 0x0, 0x1, 0x0, 0x0, @void, @value, @void, @value}, 0x48) 5.593399415s ago: executing program 4 (id=323): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000500)=0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) openat$ptp0(0xffffffffffffff9c, 0x0, 0x0, 0x0) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) r3 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000140), 0x256f16877c9c3f29, 0x0) ioctl$SNDCTL_DSP_GETOPTR(r3, 0x800c5012, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r4, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000540)=ANY=[@ANYBLOB="b0cc1ef1be010000000000de1b9f614ba04549afaac70ea8381f115b6425bd456ef0c6f999cf32f7b3c51dacc026d34bc6b48d7da69d55251836bb3b3438e1177cc80572535a75a221dab2512b592c1b74b46697a884da5a08ac99a444b72620d10900af8c4cc158e1994fd8443f10651ef8b3a620dacd357846eb26c055cdf3a4af3be09c7a471e45ce66fcef87780c94c245e2d66d273bf96e118da830fdf8e1e554868371b2cc73a6ccd2326b9d"], 0x14}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000) r5 = openat$6lowpan_enable(0xffffffffffffff9c, &(0x7f0000002d80), 0x2, 0x0) r6 = socket$inet_mptcp(0x2, 0x1, 0x106) shutdown(r6, 0x1) listen(r6, 0x0) shutdown(r6, 0x0) writev(r5, &(0x7f0000002f00)=[{&(0x7f0000002dc0)='2', 0x1}], 0x1) 5.413599872s ago: executing program 3 (id=324): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) sendmsg$TIPC_NL_NET_GET(0xffffffffffffffff, &(0x7f0000001180)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000000c0)={0x3a4, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_NET={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID={0xc}, @TIPC_NLA_NET_NODEID={0xc}, @TIPC_NLA_NET_NODEID_W1={0xc}, @TIPC_NLA_NET_NODEID_W1={0xc}]}, @TIPC_NLA_NET={0x28, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID_W1={0xc}, @TIPC_NLA_NET_NODEID={0xc}, @TIPC_NLA_NET_NODEID_W1={0xc}]}, @TIPC_NLA_NODE={0x334, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ID={0x32a, 0x3, "8e42fd1d2329b145e12cd57d9d7dd1ccfa3e9b73de032fb7841220a74bddef4bdadd89759fe3b9fcf03a2214932e4ac0c7bef23467226db81a59b25114d663251f22358d6789665cac6bd3d8bd9db0ef4de3a18bfaf3782d86c1de7515cd680583e72c9bd4267e21ee00fa61412f5da6cce23bbb33e4263e731d025cbf494cff72e8312e823b2569e3f1727ef5b59dfe313253ab9d77884a8c93567c11ab36b2d509fc0d0b87826981d622d7d5f494ef21031f3434a04fc0184fc89f8f1066514878205ae6b649f93ca3be9a3e3c0d57bd435f1be2a98d7620be218dbb5e36726eda3a253194764d7566b2cccd649aa558793b3a9e84482760ebb9f90d103b9a36fc2a6743bfaf9de974c216aac6d23c73334afac9019f29d5f94d305f4404f0e67d20c086ea9193b97467e19079619c94ce2b30b1b0007a9d7e7075154a73ed7a551d4bc24e66769cdd659f8a7853aeb649d4d62147aba0008edae131814efe830938a14e0b7e03df975dde088d120167752efe7d8f7317bdfb774e91b1470c4e8f22c66ff6db6ec36e848775f982558bf60c1d55856d0e0ba959d2915c7abc15cf93f486825164becb9e2dd988e5380fb972b3eaa2b4de10ff753c1fefae597c8c7501d6ddbb388c9788d6054d7f85d0292efc15002e79f1daa55af63a2ffa94ecc5c3004949c1152bb769caa3322a9edbe402070f570bce38d59014e2f9a102024978c2b211af9c43f893a0dea2d2a5fb3af6196c32bb55f8786fbbf498b2e3a16b42195f17ec48ca4e885f80731dfa51c816505299f77611830c33e3c9b1b3bdac07d5930f90918a2b23c6588166437f7f52875cc66d19283c6c42984ee2f1b467f700d38d8dccd50c785f034e493d1e7d16a57ec30316003ea8bbf8d8eddff1ebcde2368c6352e0100a7ddb710fca41c489e9dcaff5c875bf995ed91fa177c08373a6bce21a7ade82166f414cc79fb75b8ee7feafd8259d40b3fa428d68203c5446d969c3a3df0b61b66b7c957a3bb748a9e6fc1c2e568ff4481f514df26e0258b1373a69116a64589a109338602de798633b8994d6556ca8c814005507349ae8f08a8a78d8e1f00faa85a8d11aa521377d1812732aff65e287a4062feb4ac55521ac62"}]}]}, 0x3a4}}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000004c0)=0x68) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000140)) ioctl$KVM_RUN(r3, 0xae80, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 4.716410548s ago: executing program 4 (id=325): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, 0x0) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCVHANGUP(r1, 0x5437, 0xfffffdfd) ioctl$VT_RELDISP(r1, 0x5605) r2 = dup3(r0, r1, 0x0) ioctl$TCSETSF(r0, 0x5404, 0x0) ioctl$TIOCGPTPEER(r2, 0x5441, 0x0) seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x0, &(0x7f0000000200)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0x7fff0004}]}) listxattr(0x0, 0x0, 0x0) sendmsg$key(0xffffffffffffffff, 0x0, 0x0) socket$key(0xf, 0x3, 0x2) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) unshare(0x22020600) open(&(0x7f0000000100)='./file0\x00', 0x101bff, 0x0) r3 = open(&(0x7f00009e1000)='./file0\x00', 0x0, 0x0) fcntl$setlease(r3, 0x400, 0x0) fcntl$getflags(r3, 0x401) r4 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc)) r5 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="12013f00000000407f04ffff00000000000109022d000100000000090400001503000000092140000001220f00090581", @ANYRES32], 0x0) syz_usb_control_io$hid(r5, 0x0, 0x0) syz_usb_control_io(r5, &(0x7f0000000b00)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="00000f00000009003d140f3c369197d09647190890"], 0x0, 0x0, 0x0, 0x0}, 0x0) r6 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0) ioctl$HIDIOCGUSAGE(r6, 0x501c4814, 0x0) ioctl$HIDIOCGUCODE(r6, 0xc018480d, &(0x7f00000000c0)={0x2, 0x100, 0x0, 0x0, 0x0, 0x4}) 4.579580052s ago: executing program 3 (id=326): mknodat$null(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x103) r0 = openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000010000,user_id=', @ANYRESOCT=r0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) r1 = open_tree(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0) fstat(r1, 0x0) 4.481032521s ago: executing program 0 (id=327): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000280)='./file0\x00', 0x87, &(0x7f0000000180), 0x0, 0x594, &(0x7f00000002c0)="$eJzs3U9sFNUfAPDvzPYPLf3R8osxwMUmHCAxLrQ1gp4Ab8YY/x5NaEohDQsltCZAeoC7Bw8cvJp48eoF9USi8eDBgyfw5NmEmAapiTHWzO5MWej2T0rbKZ3PJ5nuvHnbfe/bybfz3s6+bACVNZz9SCMORsTZJGKwra4r8srh1vMW5ucm/pqfm0hicfGDP5JIIuLR/NxE8fwkf9ybF/ZExC9nIv5fW97uzPUbF8cbjcmrefnY7KUrx2au33hl6tL4hckLk5fHRkZff3VsbOzEyeJXep811o/eP/RO/eO37n81/do/t9/b91MSp2KgVVWLtjg2y3AML/1N2mV/1xOb3VhJank8neJk5yvOX3dEvBiDUcuzPjMYU5+W2jlgSy3WIhaBikrkP1RUMQ7I5vHFVu6IZHs9ON2aAGVxL+Rbq6ar9d5I7MnmRgO9D5O2mVFrvju0Ce1nbVw7cub7bIun3k/ZDjdvRcSBTuc/afZtqPkuTkT/w/SJ+NOIOJ4/ZsdHN9j+8FPl5yn+U23xn9lg+6vF37XB1wSAtdw93bqQL7/+pUvjn2he/54c/wx0uHZtRNnX/2L8t7Bs/Pc4/lqH+LPx37vrbOPXH+/8vFJd+/gv2xbmaxPFWHA7PLgVcahj/MlS/EmH+LNxz9l1tvH1N4dXvHe3PP65bY1/8YuII9E5/kKy+v3JY+enGpPHWz87tvHbgTfvrNR+2fFn579/hfhXO//ZsSvrbONk/9HPV6pbO/70957kw+ZeT37k2vjs7NWRiJ7k7eXH15iIFM8pXiOL/+jh1fO/U/x92dxhnfE/mv7u743Hv7Wy+M9t8Px/ts42vv3yh3sr1ZUdPwAAAAAAAOwmafOzHElaX9pP03q9tYb3hehPG9Mzsy+fn/7k8rnWZz6Gojst7nQPtspJVh7JPw9blEefKo9FxP6IuF3ra5brE9ONc2UHDwAAAAAAAAAAAAAAAAAAADvE3rb1/10R8Wettf4fqAhfNAbVJf+huuQ/VJf8h+qS/1Bd8h+qS/5Ddcl/qC75D9Ul/6G65D8AAAAA7Er7X7p7P4mIm2/0NbdMT17XXWrPgK2Wlt0BoDS1sjsAlMatf6guc3wgWaN+zxMPbe6u9ZsAAAAAAAAAAAAAwGY5ctD6f6gq6/+huqz/h+qy/h+qyxwfWOf6/+Ws/wcAAAAAAAAAAACAbTPQ3JK0nq8FHog0rdcj/hcRQ9GdnJ9qTB6PiH0Rca/W3ZuVR8ruNAAAAAAAAAAAAAAAAAAAAOwyM9dvXBxvNCav2rGz/Tt9EbEDuvEMO/+O7oBu9ObZvJmvXPI/JgAAAAAAAAAAAAAAAAAAqKDHi37L7gkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAlOfx9/9v3U7ZMQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAz6f/AgAA///fCQzH") write$binfmt_script(r2, &(0x7f0000000240), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r2, 0x0) r3 = dup(r1) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000}) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_RUN(r4, 0xae80, 0x0) 4.480626981s ago: executing program 3 (id=328): mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0x4008af12, &(0x7f0000000080)={0x1, 0x7b}) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0, 0x4}) syz_usb_connect$hid(0x5, 0x0, 0x0, 0x0) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f00000001c0)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, &(0x7f0000000280)=""/74}) ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f0000000480)={0x1, r1}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f00000007c0)={0x1, 0x0, [{0x2, 0x56, &(0x7f0000000600)=""/86}]}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f00000004c0)=0x1) sendmsg$SEG6_CMD_SET_TUNSRC(0xffffffffffffffff, 0x0, 0x40) 4.438107665s ago: executing program 2 (id=329): prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000500)=0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) openat$ptp0(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r3 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000140), 0x256f16877c9c3f29, 0x0) ioctl$SNDCTL_DSP_GETOPTR(r3, 0x800c5012, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_DEL(r4, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000540)=ANY=[@ANYBLOB="b0cc1ef1be010000000000de1b9f614ba04549afaac70ea8381f115b6425bd456ef0c6f999cf32f7b3c51dacc026d34bc6b48d7da69d55251836bb3b3438e1177cc80572535a75a221dab2512b592c1b74b46697a884da5a08ac99a444b72620d10900af8c4cc158e1994fd8443f10651ef8b3a620dacd357846eb26c055cdf3a4af3be09c7a471e45ce66fcef87780c94c245e2d66d273bf96e118da830fdf8e1e554868371b2cc73a6ccd2326b9d"], 0x14}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000) r5 = openat$6lowpan_enable(0xffffffffffffff9c, &(0x7f0000002d80), 0x2, 0x0) r6 = socket$inet_mptcp(0x2, 0x1, 0x106) shutdown(r6, 0x1) listen(r6, 0x0) shutdown(r6, 0x0) writev(r5, &(0x7f0000002f00)=[{&(0x7f0000002dc0)='2', 0x1}], 0x1) 3.921149435s ago: executing program 0 (id=330): mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x12) r0 = syz_open_dev$vcsu(0x0, 0x9, 0x2000) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0x0, 0x0, 0x41100, 0x3, '\x00', 0x0, 0x0, r0, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f0000000340)=[{0x0, 0x1, 0xa, 0x5}, {0x9, 0x5, 0xd, 0x9}], 0x10, 0x37, @void, @value}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r1 = getpid() fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000000800)=ANY=[@ANYBLOB="b702000007000000bfa30000000000000703000000feffff7a0af0ff0000000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010001010404000001007d60b7030000010000006a0a00fe000000008500000032000000b700000001000000950000000000000075cdc4b57b0c65752a3ad50000007ddd0000cb45fd629100002000000000000000ff7f0000b52f17cee19d0001000000000000000000cb04fcbb0b9bafe3ba431351a58a885ba9918d37b056b9bbd11b6b9f6cf7db220100002600000000000080622ea74b2b7f6a0cad8c932e1559f5fc8cd77e84cef4a2ab938f65aac33c4d620de2c9b7dc10d7d313f9f57606b83b994fb484510bef2e4872f5c2fe6faaf75e5cc4051ade12f41deff6df6a936b4ec3827c739bb39aad16cc75fe369258673b5df11cc2afb53611cc32a790bce5a6f087ae8f5e64be2c9d2d00b391d8177d7bb9f129db3d36dd015c7bd3f15aa6aadbeafdc3cf4cda547a9f1c27a7b2a01685108e61aa000000000000000000000000008b798b4f7458d1863cc67c4c6a06e828e5216f601b19db1af1b5d356d0f062137d866d11befffffffeffffffff97d62ecc645e143a60f1c6edc76609073909826151e2b42bf0ed0c8cef3ba2a730a00c87c493db845b10e9468bda6f82881eb8c9cfa72b08eecc952a3fd2c46f3c1cde71a19d1a2982492abaa96665372831210e00512fea3b8d188df2eff8d56aaae7d32a2e183722537395019f02ec4b85f6aad7faca088de9b26797a8446b16c28d85f225992dbdd5bb01ba51508951c7a7d6ca0916c3a12912715649c2b1c7192a4251b59d378d0616a48c7957e122665c8b7e89eddfc3783f6c9129a7c5f8ee5f50579ebb6d949fb12f63be72a3d817b324d6cada0a16e31790e26cf19588a7e0496ee2782224cf30f810da86cf1a3204f4c9404f5d7321a4fefc4d1c9139ca4b65b99909950000006b42077ca60fdecb2717e21f8f187b1866108f6e8c71e26032176066599783568628f0309c3afa716d3706e1fa89917e131f4034a8383e99c3568fd04201b37cd92ca6ebf94a2d8310f7"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r4, 0x1f2f, 0xe, 0x0, &(0x7f00000007c0)="9f44948721919580684010a49e66", 0x0, 0x241, 0x0, 0x0, 0x0, 0x0}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0xffffffffffffffff, 0x0, &(0x7f00000000c0), &(0x7f0000000240), 0x800}, 0x38) bpf$MAP_LOOKUP_BATCH(0x19, &(0x7f0000000800)={0x0, &(0x7f0000000840)=""/121, &(0x7f0000000680), &(0x7f0000000540), 0x6c}, 0x38) 3.696216036s ago: executing program 3 (id=331): write$P9_RVERSION(0xffffffffffffffff, 0x0, 0x15) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000010001000900000001000000", @ANYRES32, @ANYRES32=0x0, @ANYBLOB], 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0xfffffffffffffddf, &(0x7f0000000040)=0x2) sched_setscheduler(r2, 0x2, &(0x7f00000002c0)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) r5 = syz_open_procfs(0x0, &(0x7f0000000000)='smaps_rollup\x00') lseek(r5, 0x2000, 0x0) 2.541862137s ago: executing program 3 (id=332): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0x2c, 0x0, 0x0) setsockopt$sock_attach_bpf(r0, 0x1, 0x34, &(0x7f0000000040), 0x4) 2.440638127s ago: executing program 3 (id=333): r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000300)=ANY=[@ANYBLOB="120100009b23fd406d04c1088dee000000410902240001fa0000000904000000ff01000007240100002e000b240201064dbd81"], 0x0) read$FUSE(0xffffffffffffffff, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r1}, &(0x7f0000000080), &(0x7f0000000280)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, &(0x7f0000001680)={0x14, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="00038d0000008d03"]}, 0x0) 2.427456348s ago: executing program 0 (id=334): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000680), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PAUSE_GET(r0, &(0x7f0000001ac0)={0x0, 0x9, &(0x7f0000001a80)={&(0x7f0000001940)={0x20, r1, 0x1, 0x0, 0x0, {0x1e}, [@HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}]}, 0x20}}, 0x0) 2.289938211s ago: executing program 0 (id=335): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000071000000950000000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_VENDOR(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01070000000200000000670000000c00990000000000000000000800c300000000000800c4"], 0x30}}, 0x0) 2.115696538s ago: executing program 1 (id=336): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5) sched_setscheduler(0x0, 0x2, &(0x7f0000001700)=0x4) socket$inet_tcp(0x2, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413e850000000f00000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10) socket$netlink(0x10, 0x3, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000001400)={0x6, 0x4, &(0x7f00000000c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x44, 0x0, 0x0, 0x0, 0xffff}, [@func={0x85, 0x0, 0x1, 0x0, 0xffffffffffffffff}]}, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x1000, &(0x7f0000000340)=""/4096, 0x41100, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f00000002c0)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000001340)={0x2, 0xc, 0xffff, 0x4}, 0x10, 0x0, 0x0, 0x4, &(0x7f0000001380)=[0xffffffffffffffff, 0x1, r3, 0x1], &(0x7f00000013c0)=[{0x1, 0x5, 0xe, 0x1}, {0x2, 0x3, 0x5, 0x4}, {0x5, 0x5, 0x0, 0x3}, {0x2, 0x1, 0x8, 0x8}], 0x10, 0xffffffff, @void, @value}, 0x94) r4 = socket$nl_route(0x10, 0x3, 0x0) getpeername(r4, &(0x7f0000000080)=@ieee802154={0x24, @long}, &(0x7f0000000000)=0x80) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_wireguard(r4, 0x8933, &(0x7f00000002c0)={'wg2\x00', 0x0}) sendmsg$WG_CMD_SET_DEVICE(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000001300)={0x364, r6, 0x5, 0x70bd2a, 0x25dfdbfd, {}, [@WGDEVICE_A_LISTEN_PORT={0x6, 0x6, 0x4e24}, @WGDEVICE_A_PEERS={0x340, 0x8, 0x0, 0x1, [{0x2c, 0x0, 0x0, 0x1, [@WGPEER_A_PUBLIC_KEY={0x24, 0x1, @neg}, @WGPEER_A_ALLOWEDIPS={0x4}]}, {0x40, 0x0, 0x0, 0x1, [@WGPEER_A_FLAGS={0x8}, @WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @c_g}, @WGPEER_A_FLAGS={0x8, 0x3, 0x3}]}, {0x8c, 0x0, 0x0, 0x1, [@WGPEER_A_PUBLIC_KEY={0x24, 0x1, @a_g}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @c_g}, @WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @b_g}, @WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x4e22, @empty}}]}, {0x244, 0x0, 0x0, 0x1, [@WGPEER_A_ALLOWEDIPS={0x21c, 0x9, 0x0, 0x1, [{0x94, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @empty}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @broadcast}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @multicast1}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @loopback}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @loopback}, {0x5, 0x3, 0x1}}]}, {0x34, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5, 0x3, 0x2}}]}, {0xd0, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @rand_addr=0x64010100}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @loopback}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @remote}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @multicast1}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @private1={0xfc, 0x1, '\x00', 0x1}}, {0x5, 0x3, 0x1}}]}, {0x7c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @rand_addr=0x64010102}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @loopback}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x12}}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x2d}}, {0x5, 0x3, 0x2}}]}, {0x4}]}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @b_g}]}]}, @WGDEVICE_A_IFINDEX={0x8, 0x1, r7}]}, 0x364}, 0x1, 0x0, 0x0, 0x4000}, 0x40) 1.187224696s ago: executing program 4 (id=337): ioctl$KDGKBDIACR(0xffffffffffffffff, 0x4b4b, &(0x7f0000000000)) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) io_setup(0x1, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x4d, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x404, &(0x7f00000000c0)={[{@noinit_itable}, {@resuid={'resuid', 0x3d, 0xee01}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x68}}, {@debug}, {@nombcache}, {@stripe={'stripe', 0x3d, 0x1}}]}, 0x3, 0x42f, &(0x7f0000000940)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+Ninib4qjQ4bXO/hkpdLh6rrrQF066etiQ9iUUq2bRn+1/w9EKVZP3kC8+mlXGwdsq0qlUnmg/eGlCvA/lkS3WwB0R/FFn81/i22Hhh53hRsv1SZAWdy38q12pC/SvEx/0/y2k4Yj4szSP19lW2zPfQgAgAbfZ+OfZ1uN/9Kovy90b76GMhgR90XEwYg4FRGHIuL+iGrZByPioU3W37xIsnb8k17fUmAblI3/XszXthrHf8XoLwZLee5ANf7+5OxseeZ4/p6MRP/uLD++Th0/vPLbF+2O1Y//si2rvxgL5u243re78TXTkwuTdxJzvRufRAz1tYo/WVkJSCLicEQMbbGO2ae/Odru2O3jX0cH1pkqX0c8VTv/S9EUfyFZf31y7J4ozxwfK66KtX759eqb7eq/o/g7IDv/e1te/yvxDyb167Xzm6/j6h+ft53TbPX635W83bDvw8mFhUvjEbuS12uNrt8/0VRuYrV8Fv/Isdb9/2CsvhNHIiK7iB+OiEci4tG87Y9FxOMRcWyd+H96+Yn3th7/9srin97U+V9N7IrmPa0TpfM/ftdQ6eBm4s/O/8lqaiTfs5HPv420a2tXMwAAAPz3pBGxP5J0dCWdpqOjtd/wH4q9aXlufuGZs3MfXJyuPSMwGP1pcadroO5+6Hg+rS/yE035E/l94y9Le6r50am58nS3g4cet69N/8/8Wep264Bt53kt6F36P/Qu/R96l/4PvatF/9/TjXYAO6/V9//HXWgHsPOa+r9lP+gh5v/Qu/R/6F36P/Sk+T1x+4fkJSTWJCK9K5ohsU2Jbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMa/AQAA//9QOObV") r1 = syz_open_dev$usbfs(&(0x7f0000000c40), 0x310decfa, 0x1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="b8000000190001000000000000000000fc020000000000000000000000000000ff02000000000000000000000000000100000000000000000a0080"], 0xb8}}, 0x0) write$binfmt_aout(r2, 0x0, 0xc1) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$USBDEVFS_CONTROL(r1, 0x80045510, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 1.065839978s ago: executing program 0 (id=338): bpf$PROG_LOAD(0x5, 0x0, 0xfffffffffffffc6e) r0 = openat$pfkey(0xffffff9c, 0x0, 0x101000, 0x0) syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$sock_SIOCGIFCONF(r2, 0x8912, 0x0) socket(0x11, 0x800000003, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'dvmrp0\x00', 0x0}) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="280000ed8c003b00000100000000000000000700", @ANYRES32=r4, @ANYBLOB="02008f000a000200bbbbbbbbbbbb0000"], 0x28}}, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) fchdir(r6) mkdir(&(0x7f0000000100)='./control\x00', 0x0) rmdir(&(0x7f0000000040)='./control\x00') write$cgroup_int(0xffffffffffffffff, &(0x7f0000000740), 0x12) 0s ago: executing program 0 (id=339): r0 = syz_usb_connect(0x0, 0x2d, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x50, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000070"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='timer_start\x00', r3}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='timer_start\x00', r2}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) syz_usb_disconnect(r0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.146' (ED25519) to the list of known hosts. [ 57.996099][ T4154] cgroup: Unknown subsys name 'net' [ 58.146097][ T4154] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 59.587812][ T4154] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k FS [ 61.458849][ T4166] chnl_net:caif_netlink_parms(): no params data found [ 61.479071][ T4167] chnl_net:caif_netlink_parms(): no params data found [ 61.554269][ T4165] chnl_net:caif_netlink_parms(): no params data found [ 61.619373][ T4168] chnl_net:caif_netlink_parms(): no params data found [ 61.661595][ T4167] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.668894][ T4167] bridge0: port 1(bridge_slave_0) entered disabled state [ 61.677776][ T4167] device bridge_slave_0 entered promiscuous mode [ 61.718885][ T4167] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.726181][ T4167] bridge0: port 2(bridge_slave_1) entered disabled state [ 61.734349][ T4167] device bridge_slave_1 entered promiscuous mode [ 61.781824][ T4166] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.788934][ T4166] bridge0: port 1(bridge_slave_0) entered disabled state [ 61.797550][ T4166] device bridge_slave_0 entered promiscuous mode [ 61.822874][ T4166] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.830285][ T4166] bridge0: port 2(bridge_slave_1) entered disabled state [ 61.838195][ T4166] device bridge_slave_1 entered promiscuous mode [ 61.855290][ T4169] chnl_net:caif_netlink_parms(): no params data found [ 61.867151][ T4167] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 61.876449][ T4165] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.883568][ T4165] bridge0: port 1(bridge_slave_0) entered disabled state [ 61.891830][ T4165] device bridge_slave_0 entered promiscuous mode [ 61.900105][ T4165] bridge0: port 2(bridge_slave_1) entered blocking state [ 61.907166][ T4165] bridge0: port 2(bridge_slave_1) entered disabled state [ 61.915342][ T4165] device bridge_slave_1 entered promiscuous mode [ 61.940571][ T4168] bridge0: port 1(bridge_slave_0) entered blocking state [ 61.947722][ T4168] bridge0: port 1(bridge_slave_0) entered disabled state [ 61.956284][ T4168] device bridge_slave_0 entered promiscuous mode [ 61.965275][ T4167] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 61.993744][ T4166] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 62.010574][ T4166] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 62.020330][ T4168] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.027390][ T4168] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.036948][ T4168] device bridge_slave_1 entered promiscuous mode [ 62.062033][ T4165] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 62.103438][ T4165] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 62.140415][ T4167] team0: Port device team_slave_0 added [ 62.148585][ T4168] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 62.171014][ T4166] team0: Port device team_slave_0 added [ 62.186829][ T4167] team0: Port device team_slave_1 added [ 62.205895][ T4168] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 62.226100][ T4166] team0: Port device team_slave_1 added [ 62.238481][ T4169] bridge0: port 1(bridge_slave_0) entered blocking state [ 62.246177][ T4169] bridge0: port 1(bridge_slave_0) entered disabled state [ 62.254346][ T4169] device bridge_slave_0 entered promiscuous mode [ 62.273039][ T4165] team0: Port device team_slave_0 added [ 62.303390][ T4169] bridge0: port 2(bridge_slave_1) entered blocking state [ 62.310971][ T4169] bridge0: port 2(bridge_slave_1) entered disabled state [ 62.319117][ T4169] device bridge_slave_1 entered promiscuous mode [ 62.328069][ T4165] team0: Port device team_slave_1 added [ 62.336651][ T4168] team0: Port device team_slave_0 added [ 62.352976][ T4167] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 62.360188][ T4167] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.386612][ T4167] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 62.416080][ T4168] team0: Port device team_slave_1 added [ 62.422465][ T4166] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 62.429956][ T4166] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.456237][ T4166] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 62.476444][ T4167] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 62.483526][ T4167] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.509816][ T4167] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 62.546981][ T4166] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 62.554201][ T4166] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.580435][ T4166] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 62.597457][ T4169] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 62.607073][ T4165] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 62.614176][ T4165] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.640268][ T4165] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 62.653096][ T4165] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 62.660489][ T4165] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.686727][ T4165] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 62.728027][ T4169] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 62.750392][ T4168] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 62.757365][ T4168] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.783487][ T4168] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 62.805513][ T4166] device hsr_slave_0 entered promiscuous mode [ 62.812762][ T4166] device hsr_slave_1 entered promiscuous mode [ 62.827281][ T4168] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 62.834548][ T4168] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 62.860759][ T4168] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 62.897848][ T4169] team0: Port device team_slave_0 added [ 62.918436][ T4167] device hsr_slave_0 entered promiscuous mode [ 62.925479][ T4167] device hsr_slave_1 entered promiscuous mode [ 62.932552][ T4167] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 62.940920][ T4167] Cannot create hsr debugfs directory [ 62.950008][ T4165] device hsr_slave_0 entered promiscuous mode [ 62.956826][ T4165] device hsr_slave_1 entered promiscuous mode [ 62.963758][ T4165] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 62.971571][ T4165] Cannot create hsr debugfs directory [ 62.978410][ T4169] team0: Port device team_slave_1 added [ 63.040751][ T4169] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 63.047746][ T4169] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 63.074473][ T4169] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 63.100832][ T4168] device hsr_slave_0 entered promiscuous mode [ 63.107657][ T4168] device hsr_slave_1 entered promiscuous mode [ 63.114470][ T4168] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 63.122125][ T4168] Cannot create hsr debugfs directory [ 63.135280][ T4169] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 63.142456][ T4169] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 63.168495][ T4169] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 63.180784][ T1107] Bluetooth: hci1: command 0x0409 tx timeout [ 63.186835][ T4173] Bluetooth: hci2: command 0x0409 tx timeout [ 63.187451][ T1107] Bluetooth: hci4: command 0x0409 tx timeout [ 63.209270][ T4173] Bluetooth: hci0: command 0x0409 tx timeout [ 63.215606][ T1107] Bluetooth: hci3: command 0x0409 tx timeout [ 63.347737][ T4169] device hsr_slave_0 entered promiscuous mode [ 63.355113][ T4169] device hsr_slave_1 entered promiscuous mode [ 63.361982][ T4169] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 63.369768][ T4169] Cannot create hsr debugfs directory [ 63.560010][ T4167] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 63.573877][ T4167] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 63.584143][ T4167] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 63.594371][ T4167] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 63.650261][ T4166] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 63.661972][ T4166] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 63.674031][ T4166] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 63.684943][ T4166] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 63.755488][ T4168] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 63.771724][ T4168] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 63.785616][ T4168] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 63.811540][ T4168] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 63.827127][ T4167] 8021q: adding VLAN 0 to HW filter on device bond0 [ 63.862349][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 63.872230][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 63.895346][ T4167] 8021q: adding VLAN 0 to HW filter on device team0 [ 63.907234][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 63.918214][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 63.927549][ T144] bridge0: port 1(bridge_slave_0) entered blocking state [ 63.934847][ T144] bridge0: port 1(bridge_slave_0) entered forwarding state [ 63.947159][ T4169] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 63.984907][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 63.993109][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 64.002637][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 64.011547][ T144] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.018592][ T144] bridge0: port 2(bridge_slave_1) entered forwarding state [ 64.026622][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 64.037065][ T4169] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 64.046145][ T4169] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 64.073313][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 64.086524][ T4169] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 64.112876][ T4166] 8021q: adding VLAN 0 to HW filter on device bond0 [ 64.121884][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 64.132278][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 64.142505][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 64.174523][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 64.182853][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 64.204041][ T4165] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 64.216915][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 64.226302][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 64.236016][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 64.245103][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 64.260343][ T4166] 8021q: adding VLAN 0 to HW filter on device team0 [ 64.268351][ T4165] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 64.279920][ T4165] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 64.293240][ T4165] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 64.313017][ T4167] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 64.326161][ T4167] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 64.334606][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 64.344340][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 64.352846][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 64.362057][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 64.371095][ T154] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.378172][ T154] bridge0: port 1(bridge_slave_0) entered forwarding state [ 64.386917][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 64.398590][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 64.408395][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 64.417369][ T144] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.424550][ T144] bridge0: port 2(bridge_slave_1) entered forwarding state [ 64.450857][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 64.486874][ T4168] 8021q: adding VLAN 0 to HW filter on device bond0 [ 64.512963][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 64.529079][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 64.537145][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 64.551599][ T4168] 8021q: adding VLAN 0 to HW filter on device team0 [ 64.572534][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 64.586310][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 64.618786][ T4166] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 64.631143][ T4166] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 64.652468][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 64.661129][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 64.670722][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 64.680493][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 64.689099][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 64.705851][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 64.718591][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 64.727972][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 64.737229][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 64.745863][ T154] bridge0: port 1(bridge_slave_0) entered blocking state [ 64.752969][ T154] bridge0: port 1(bridge_slave_0) entered forwarding state [ 64.761335][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 64.769508][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 64.802424][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 64.816247][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 64.827726][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 64.843959][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 64.853338][ T154] bridge0: port 2(bridge_slave_1) entered blocking state [ 64.860461][ T154] bridge0: port 2(bridge_slave_1) entered forwarding state [ 64.868781][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 64.878149][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 64.896703][ T4167] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 64.921998][ T653] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 64.937659][ T653] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 64.955845][ T653] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 64.964892][ T653] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 64.997098][ T653] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 65.013203][ T653] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 65.026596][ T653] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 65.036149][ T653] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 65.045366][ T653] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 65.054281][ T653] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 65.062102][ T653] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 65.072764][ T4168] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 65.097060][ T4169] 8021q: adding VLAN 0 to HW filter on device bond0 [ 65.124005][ T4166] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 65.140459][ T4165] 8021q: adding VLAN 0 to HW filter on device bond0 [ 65.163271][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 65.180141][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 65.208824][ T4169] 8021q: adding VLAN 0 to HW filter on device team0 [ 65.255844][ T4165] 8021q: adding VLAN 0 to HW filter on device team0 [ 65.264193][ T653] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 65.269815][ T4215] Bluetooth: hci3: command 0x041b tx timeout [ 65.282276][ T653] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 65.289898][ T4215] Bluetooth: hci4: command 0x041b tx timeout [ 65.296644][ T4215] Bluetooth: hci0: command 0x041b tx timeout [ 65.297462][ T653] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 65.304340][ T4215] Bluetooth: hci2: command 0x041b tx timeout [ 65.317279][ T4215] Bluetooth: hci1: command 0x041b tx timeout [ 65.318845][ T653] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 65.335533][ T653] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 65.345020][ T653] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 65.354628][ T653] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.361751][ T653] bridge0: port 1(bridge_slave_0) entered forwarding state [ 65.369945][ T653] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 65.377750][ T653] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 65.385899][ T653] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 65.394772][ T653] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 65.403835][ T653] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.410928][ T653] bridge0: port 2(bridge_slave_1) entered forwarding state [ 65.421066][ T653] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 65.443764][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 65.454140][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 65.469629][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 65.477610][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 65.491691][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 65.503482][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 65.513095][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 65.523324][ T4167] device veth0_vlan entered promiscuous mode [ 65.536497][ T4166] device veth0_vlan entered promiscuous mode [ 65.551036][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 65.561525][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 65.569551][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 65.577088][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 65.586245][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 65.595158][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 65.604145][ T144] bridge0: port 1(bridge_slave_0) entered blocking state [ 65.611257][ T144] bridge0: port 1(bridge_slave_0) entered forwarding state [ 65.619073][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 65.628348][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 65.637091][ T144] bridge0: port 2(bridge_slave_1) entered blocking state [ 65.644337][ T144] bridge0: port 2(bridge_slave_1) entered forwarding state [ 65.652446][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 65.672432][ T4168] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 65.694275][ T4166] device veth1_vlan entered promiscuous mode [ 65.706264][ T653] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 65.715473][ T653] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 65.726198][ T653] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 65.763032][ T4165] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 65.775305][ T4165] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 65.788704][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 65.798990][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 65.807784][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 65.816771][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 65.825837][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 65.835513][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 65.844167][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 65.852851][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 65.861813][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 65.870724][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 65.879071][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 65.887806][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 65.898407][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 65.907918][ T4167] device veth1_vlan entered promiscuous mode [ 65.941371][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 65.956833][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 65.967060][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 65.984467][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 66.003165][ T4169] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 66.013959][ T4169] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 66.035793][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 66.050628][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 66.064969][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 66.075675][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 66.088558][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 66.122601][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 66.134183][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 66.150081][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 66.157622][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 66.181287][ T4166] device veth0_macvtap entered promiscuous mode [ 66.193237][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 66.202709][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 66.214972][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 66.232305][ T4165] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 66.253481][ T4167] device veth0_macvtap entered promiscuous mode [ 66.264322][ T4166] device veth1_macvtap entered promiscuous mode [ 66.273563][ T653] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 66.282752][ T653] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 66.291235][ T653] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 66.300089][ T653] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 66.308690][ T653] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 66.317402][ T653] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 66.329967][ T4167] device veth1_macvtap entered promiscuous mode [ 66.350313][ T4168] device veth0_vlan entered promiscuous mode [ 66.386585][ T4166] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 66.396265][ T4167] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 66.408051][ T4167] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.421371][ T4167] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 66.432758][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 66.440978][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 66.449835][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 66.458744][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 66.467783][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 66.480702][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 66.488168][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 66.498157][ T4168] device veth1_vlan entered promiscuous mode [ 66.508222][ T4166] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 66.521269][ T4167] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 66.532244][ T4167] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.546145][ T4167] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 66.558997][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 66.568859][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 66.577737][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 66.586992][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 66.598432][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 66.607497][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 66.616454][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 66.633520][ T4166] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.642666][ T4166] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.651901][ T4166] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.660778][ T4166] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.674392][ T4169] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 66.715441][ T4167] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.727666][ T4167] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.737564][ T4167] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.746698][ T4167] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 66.773548][ T4165] device veth0_vlan entered promiscuous mode [ 66.803383][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 66.813064][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 66.823518][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 66.832429][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 66.841329][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 66.850579][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 66.859436][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 66.867517][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 66.877193][ T4168] device veth0_macvtap entered promiscuous mode [ 66.902600][ T4165] device veth1_vlan entered promiscuous mode [ 66.912073][ T4168] device veth1_macvtap entered promiscuous mode [ 66.965534][ T4168] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 66.976829][ T4168] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.990600][ T4168] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 67.001439][ T4168] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.013411][ T4168] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 67.039345][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 67.047621][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 67.062262][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 67.071942][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 67.080811][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 67.091530][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 67.100801][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 67.109114][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 67.118434][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 67.127402][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 67.136667][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 67.145058][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 67.154863][ T4168] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 67.166655][ T4168] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.176960][ T4168] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 67.188933][ T4168] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.200772][ T4168] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 67.211960][ T4169] device veth0_vlan entered promiscuous mode [ 67.221509][ T4165] device veth0_macvtap entered promiscuous mode [ 67.240224][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 67.248447][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 67.257648][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 67.270290][ T4168] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.279025][ T4168] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.288348][ T4168] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.297554][ T4168] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.322905][ T4165] device veth1_macvtap entered promiscuous mode [ 67.349804][ T4215] Bluetooth: hci1: command 0x040f tx timeout [ 67.356894][ T4215] Bluetooth: hci2: command 0x040f tx timeout [ 67.363916][ T4215] Bluetooth: hci0: command 0x040f tx timeout [ 67.372472][ T144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.373375][ T4169] device veth1_vlan entered promiscuous mode [ 67.381555][ T144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.390954][ T4215] Bluetooth: hci4: command 0x040f tx timeout [ 67.403731][ T4215] Bluetooth: hci3: command 0x040f tx timeout [ 67.419512][ T1234] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 67.427706][ T1234] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 67.437901][ T1234] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 67.454422][ T4165] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 67.465517][ T4165] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.477014][ T4165] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 67.487874][ T4165] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.498278][ T4165] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 67.509993][ T4165] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.521512][ T4165] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 67.556286][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 67.564813][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 67.574205][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 67.586746][ T4165] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 67.597485][ T4165] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.608119][ T4165] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 67.619012][ T4165] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.628932][ T4165] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 67.640008][ T4165] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.653895][ T4165] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 67.668669][ T4165] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.679592][ T4165] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.688722][ T4165] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.697791][ T4165] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 67.713482][ T1234] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 67.725211][ T1234] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 67.736556][ T154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.747399][ T154] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.757141][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 67.812185][ T1234] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 67.821934][ T1234] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 67.846412][ T4169] device veth0_macvtap entered promiscuous mode [ 67.873775][ T1234] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.891569][ T1234] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.899772][ T154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.907770][ T154] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.930238][ T4169] device veth1_macvtap entered promiscuous mode [ 67.946559][ T653] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 67.956894][ T653] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 67.965577][ T653] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 67.973799][ T653] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 67.996147][ T653] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 68.006789][ T653] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 68.032062][ T1234] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 68.061948][ T4169] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 68.075080][ T4169] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.083289][ T4246] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 68.094679][ T4169] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 68.108463][ T4246] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 68.128070][ T4169] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.141827][ T4169] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 68.152648][ T4169] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.162730][ T4169] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 68.173552][ T4169] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.186100][ T4169] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 68.214025][ T1234] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 68.224434][ T1234] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 68.234196][ T1234] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 68.263006][ T4169] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 68.289837][ T4169] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.331041][ T4169] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 68.352277][ T4169] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.368026][ T4169] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 68.374126][ T4250] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 68.379776][ T4169] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.405908][ T4169] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 68.416644][ T4169] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.432799][ T4169] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 68.441271][ T4252] loop0: detected capacity change from 0 to 1024 [ 68.469618][ T154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 68.479438][ T4249] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5'. [ 68.489903][ T4249] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5'. [ 68.509642][ T154] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 68.535270][ T4246] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 68.558590][ T4246] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 68.571271][ T4246] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 68.602875][ T4252] EXT4-fs (loop0): first meta block group too large: 50331648 (group descriptor block count 1) [ 68.653471][ T4169] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.718470][ T4169] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.730388][ T4169] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.740511][ T4169] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.928648][ T4258] loop3: detected capacity change from 0 to 128 [ 69.532547][ T4226] Bluetooth: hci3: command 0x0419 tx timeout [ 69.539667][ T4226] Bluetooth: hci4: command 0x0419 tx timeout [ 69.546111][ T4226] Bluetooth: hci0: command 0x0419 tx timeout [ 69.552780][ T4226] Bluetooth: hci2: command 0x0419 tx timeout [ 69.559333][ T4226] Bluetooth: hci1: command 0x0419 tx timeout [ 69.599089][ T154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 69.616452][ T154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 69.661917][ T4246] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 69.681065][ T4258] EXT4-fs (loop3): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000002000,,errors=continue. Quota mode: none. [ 69.695319][ T4258] ext4 filesystem being mounted at /0/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 69.747639][ T4257] process 'syz.3.4' launched './file0' with NULL argv: empty string added [ 69.798524][ T154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 69.832606][ T154] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 69.900181][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 69.910124][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 69.962783][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 69.994592][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 70.147055][ T4272] loop1: detected capacity change from 0 to 2048 [ 70.801825][ T4278] loop2: detected capacity change from 0 to 512 [ 71.418744][ T1421] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.425442][ T1421] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.466586][ T4272] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 71.480522][ T4278] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpid,grpquota,,errors=continue. Quota mode: writeback. [ 71.499142][ C0] sched: RT throttling activated [ 71.529613][ T4278] ext4 filesystem being mounted at /0/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 71.630019][ T4295] loop3: detected capacity change from 0 to 512 [ 71.834928][ T4295] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 71.863932][ T4295] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 72.086191][ T4301] loop4: detected capacity change from 0 to 256 [ 72.150579][ T4295] EXT4-fs (loop3): 1 truncate cleaned up [ 72.199309][ T4295] EXT4-fs (loop3): mounted filesystem without journal. Opts: resuid=0x0000000000000000,init_itable,stripe=0x0000000000000000,stripe=0x0000000000000200,,errors=continue. Quota mode: none. [ 72.560075][ T4310] loop2: detected capacity change from 0 to 128 [ 72.638671][ T26] audit: type=1326 audit(1730636919.915:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4288 comm="syz.3.10" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f13e7c28719 code=0x0 [ 72.745899][ T4245] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 73.057103][ T1107] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 73.149584][ T4245] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 73.158249][ T4316] loop3: detected capacity change from 0 to 1024 [ 73.162219][ T1109] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 73.174861][ T4245] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 73.185302][ T4245] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 73.221814][ T4245] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 73.242212][ T4316] EXT4-fs (loop3): Ignoring removed orlov option [ 73.255035][ T4316] EXT4-fs (loop3): Ignoring removed nomblk_io_submit option [ 73.268800][ T4245] usb 1-1: config 0 descriptor?? [ 73.337984][ T4316] EXT4-fs (loop3): mounted filesystem without journal. Opts: discard,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 73.774118][ T4324] hub 6-0:1.0: USB hub found [ 73.782333][ T4324] hub 6-0:1.0: 1 port detected [ 73.984329][ T1107] usb 2-1: device descriptor read/64, error -71 [ 74.412275][ T1109] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 74.437775][ T1109] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 74.447069][ T1109] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 74.459066][ T1109] usb 5-1: config 0 descriptor?? [ 74.539437][ T1107] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 74.587852][ T4326] loop3: detected capacity change from 0 to 512 [ 74.718545][ T4329] device pim6reg1 entered promiscuous mode [ 74.746701][ T4326] EXT4-fs error (device loop3): ext4_do_update_inode:5174: inode #3: comm syz.3.18: corrupted inode contents [ 74.782040][ T4326] EXT4-fs error (device loop3): ext4_dirty_inode:6010: inode #3: comm syz.3.18: mark_inode_dirty error [ 74.789881][ T1107] usb 2-1: Using ep0 maxpacket: 16 [ 74.810509][ T4326] EXT4-fs error (device loop3): ext4_do_update_inode:5174: inode #3: comm syz.3.18: corrupted inode contents [ 74.827184][ T4326] EXT4-fs error (device loop3): __ext4_ext_dirty:183: inode #3: comm syz.3.18: mark_inode_dirty error [ 74.843046][ T4326] Quota error (device loop3): write_blk: dquota write failed [ 74.854970][ T4326] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 74.868691][ T4326] EXT4-fs error (device loop3): ext4_acquire_dquot:6197: comm syz.3.18: Failed to acquire dquot type 0 [ 74.881288][ T4245] uclogic 0003:256C:006D.0001: interface is invalid, ignoring [ 74.901708][ T4326] EXT4-fs (loop3): 1 orphan inode deleted [ 74.907646][ T4326] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 74.920307][ T4326] ext4 filesystem being mounted at /3/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 74.921607][ T1107] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 74.952137][ T1109] keytouch 0003:0926:3333.0002: fixing up Keytouch IEC report descriptor [ 74.981900][ T1109] input: HID 0926:3333 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0926:3333.0002/input/input5 [ 75.138451][ T1107] usb 2-1: config 0 has no interfaces? [ 75.144608][ T1107] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 75.153784][ T1107] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 75.167663][ T1107] usb 2-1: config 0 descriptor?? [ 75.185895][ T4215] usb 1-1: USB disconnect, device number 2 [ 75.209394][ T4245] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 76.080521][ T4326] syz.3.18 (4326) used greatest stack depth: 19472 bytes left [ 76.187693][ T1109] keytouch 0003:0926:3333.0002: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.4-1/input0 [ 76.223182][ T1109] usb 5-1: USB disconnect, device number 2 [ 76.241453][ T4337] loop0: detected capacity change from 0 to 1024 [ 76.262690][ T4185] udevd[4185]: setting mode of /dev/input/event4 to 020660 failed: No such file or directory [ 76.275982][ T4337] EXT4-fs (loop0): first meta block group too large: 50331648 (group descriptor block count 1) [ 76.330482][ T4185] udevd[4185]: setting owner of /dev/input/event4 to uid=0, gid=104 failed: No such file or directory [ 76.399381][ T4245] usb 3-1: Using ep0 maxpacket: 32 [ 76.529372][ T4245] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 76.571256][ T4245] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 76.613795][ T4245] usb 3-1: New USB device found, idVendor=2006, idProduct=0118, bcdDevice= 0.00 [ 76.643911][ T4245] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 76.717683][ T4245] usb 3-1: config 0 descriptor?? [ 77.623945][ T4156] usb 2-1: USB disconnect, device number 3 [ 77.746389][ T4333] udc-core: couldn't find an available UDC or it's busy [ 77.746413][ T4333] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 77.817827][ T4245] hkems 0003:2006:0118.0003: unbalanced delimiter at end of report description [ 77.818287][ T4245] hkems 0003:2006:0118.0003: parse failed [ 77.818320][ T4245] hkems: probe of 0003:2006:0118.0003 failed with error -22 [ 78.048769][ T4156] usb 3-1: USB disconnect, device number 2 [ 78.111845][ T4366] loop1: detected capacity change from 0 to 1024 [ 78.199223][ T4366] EXT4-fs (loop1): Ignoring removed orlov option [ 78.199283][ T4366] EXT4-fs (loop1): Ignoring removed nomblk_io_submit option [ 78.241620][ T4366] EXT4-fs (loop1): mounted filesystem without journal. Opts: discard,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 78.378687][ T4371] loop0: detected capacity change from 0 to 128 [ 78.634438][ T4373] hub 6-0:1.0: USB hub found [ 78.636850][ T4373] hub 6-0:1.0: 1 port detected [ 79.769371][ T4244] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 80.194554][ T4383] netlink: 28 bytes leftover after parsing attributes in process `syz.0.33'. [ 80.262904][ T4383] netlink: 28 bytes leftover after parsing attributes in process `syz.0.33'. [ 80.298468][ T4244] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 80.328308][ T4244] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 80.338845][ T4244] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 80.348074][ T4244] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 80.365229][ T4244] usb 3-1: config 0 descriptor?? [ 81.503499][ T21] cfg80211: failed to load regulatory.db [ 81.612300][ T4393] loop4: detected capacity change from 0 to 512 [ 81.856178][ T4393] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 81.880273][ T4393] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2002c019, mo2=0002] [ 81.888567][ T4393] System zones: 1-12 [ 81.898413][ T4393] EXT4-fs warning (device loop4): ext4_expand_extra_isize_ea:2816: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 81.924086][ T4379] loop1: detected capacity change from 0 to 40427 [ 81.926413][ T4393] EXT4-fs (loop4): 1 truncate cleaned up [ 81.938235][ T4393] EXT4-fs (loop4): mounted filesystem without journal. Opts: noinit_itable,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,debug,nombcache,stripe=0x0000000000000001,,errors=continue. Quota mode: none. [ 81.992056][ T4244] uclogic 0003:256C:006D.0004: interface is invalid, ignoring [ 82.012740][ T4379] F2FS-fs (loop1): Invalid SB checksum offset: 0 [ 82.020702][ T4379] F2FS-fs (loop1): Can't find valid F2FS filesystem in 2th superblock [ 82.056671][ T4379] F2FS-fs (loop1): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 82.129505][ T4399] loop0: detected capacity change from 0 to 512 [ 82.183018][ T4399] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 82.221616][ T4215] usb 3-1: USB disconnect, device number 3 [ 82.293403][ T4399] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2002c019, mo2=0002] [ 82.304885][ T4399] System zones: 1-12 [ 82.313377][ T4399] EXT4-fs (loop0): 1 truncate cleaned up [ 82.326134][ T4399] EXT4-fs (loop0): mounted filesystem without journal. Opts: noinit_itable,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,debug,nombcache,stripe=0x0000000000000001,,errors=continue. Quota mode: none. [ 82.422005][ T4379] F2FS-fs (loop1): Try to recover 2th superblock, ret: 0 [ 82.429842][ T4379] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 82.739654][ T1107] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 83.540321][ T1107] usb 5-1: Using ep0 maxpacket: 16 [ 83.780071][ T1107] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 83.790314][ T1107] usb 5-1: config 0 has no interfaces? [ 83.795925][ T1107] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 83.814641][ T1107] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 84.277547][ T1107] usb 5-1: config 0 descriptor?? [ 84.967248][ T4437] loop3: detected capacity change from 0 to 512 [ 85.120581][ T4437] EXT4-fs (loop3): mounted filesystem without journal. Opts: grpid,grpquota,,errors=continue. Quota mode: writeback. [ 85.148913][ T4437] ext4 filesystem being mounted at /10/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 85.159194][ T4244] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 85.539950][ T4244] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 85.647603][ T1109] usb 5-1: USB disconnect, device number 3 [ 85.731985][ T4244] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 85.742033][ T4244] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 85.756536][ T4244] usb 1-1: config 0 descriptor?? [ 87.144365][ T4440] loop2: detected capacity change from 0 to 40427 [ 87.258596][ T4440] F2FS-fs (loop2): Invalid SB checksum offset: 0 [ 87.295163][ T4440] F2FS-fs (loop2): Can't find valid F2FS filesystem in 2th superblock [ 87.414248][ T4461] usb usb8: usbfs: process 4461 (syz.4.58) did not claim interface 0 before use [ 87.491116][ T4244] keytouch 0003:0926:3333.0005: fixing up Keytouch IEC report descriptor [ 87.508928][ T4440] F2FS-fs (loop2): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 87.511673][ T4244] input: HID 0926:3333 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0926:3333.0005/input/input6 [ 87.644144][ T4244] keytouch 0003:0926:3333.0005: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.0-1/input0 [ 87.696277][ T4440] F2FS-fs (loop2): Try to recover 2th superblock, ret: 0 [ 87.705683][ T4440] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 88.178059][ T4475] syz.2.52[4475] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 88.178272][ T4475] syz.2.52[4475] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 88.224091][ T4475] attempt to access beyond end of device [ 88.224091][ T4475] loop2: rw=2049, want=53256, limit=40427 [ 88.255879][ T4475] attempt to access beyond end of device [ 88.255879][ T4475] loop2: rw=2049, want=53264, limit=40427 [ 88.708292][ T1109] usb 1-1: USB disconnect, device number 3 [ 89.033407][ T4169] attempt to access beyond end of device [ 89.033407][ T4169] loop2: rw=2049, want=45112, limit=40427 [ 89.229980][ T4484] loop1: detected capacity change from 0 to 1024 [ 89.357879][ T4484] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpquota,debug_want_extra_isize=0x0000000000000088,resuid=0x0000000000000000,max_batch_time=0x0000000000000003,lazytime,usrquota,data_err=abort,data_err=abort,,errors=continue. Quota mode: writeback. [ 89.529434][ T1109] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 89.624709][ T4244] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 90.049438][ T4244] usb 5-1: Using ep0 maxpacket: 16 [ 90.170052][ T4244] usb 5-1: config index 0 descriptor too short (expected 2852, got 36) [ 90.202723][ T4244] usb 5-1: config 157 has an invalid descriptor of length 0, skipping remainder of the config [ 90.277839][ T1109] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 90.287113][ T4244] usb 5-1: config 157 has 0 interfaces, different from the descriptor's value: 4 [ 90.683841][ T4244] usb 5-1: New USB device found, idVendor=0419, idProduct=0001, bcdDevice= 0.00 [ 90.756082][ T1109] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 90.766550][ T1109] usb 1-1: New USB device found, idVendor=06cb, idProduct=81a7, bcdDevice= 0.00 [ 90.779274][ T4244] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 90.792923][ T1109] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 90.803882][ T1109] usb 1-1: config 0 descriptor?? [ 90.825673][ T4503] usb usb8: usbfs: process 4503 (syz.2.69) did not claim interface 0 before use [ 91.302454][ T1109] hid-rmi 0003:06CB:81A7.0006: unknown main item tag 0x0 [ 91.302488][ T1109] hid-rmi 0003:06CB:81A7.0006: unknown main item tag 0x0 [ 91.302513][ T1109] hid-rmi 0003:06CB:81A7.0006: unknown main item tag 0x0 [ 91.302538][ T1109] hid-rmi 0003:06CB:81A7.0006: unknown main item tag 0x0 [ 91.302562][ T1109] hid-rmi 0003:06CB:81A7.0006: unknown main item tag 0x0 [ 91.323527][ T1109] hid-rmi 0003:06CB:81A7.0006: hidraw0: USB HID v0.00 Device [HID 06cb:81a7] on usb-dummy_hcd.0-1/input0 [ 91.369381][ T4244] usb 5-1: string descriptor 0 read error: -71 [ 91.437588][ T4244] usb 5-1: USB disconnect, device number 4 [ 91.516794][ T1109] usb 1-1: USB disconnect, device number 4 [ 91.887019][ T4517] loop3: detected capacity change from 0 to 256 [ 92.109020][ T4524] loop3: detected capacity change from 0 to 128 [ 92.212262][ T4524] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1) [ 92.357734][ T4531] usb usb8: usbfs: process 4531 (syz.1.80) did not claim interface 0 before use [ 92.502556][ T4533] loop1: detected capacity change from 0 to 512 [ 92.578144][ T4533] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 92.604354][ T4533] ext4 filesystem being mounted at /15/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 93.371384][ T4538] syz.1.81 (4538) used greatest stack depth: 19224 bytes left [ 93.512960][ T4184] Bluetooth: hci5: sending frame failed (-49) [ 93.645541][ T4544] loop0: detected capacity change from 0 to 512 [ 93.710900][ T4544] ======================================================= [ 93.710900][ T4544] WARNING: The mand mount option has been deprecated and [ 93.710900][ T4544] and is ignored by this kernel. Remove the mand [ 93.710900][ T4544] option from the mount to silence this warning. [ 93.710900][ T4544] ======================================================= [ 93.803707][ T4544] EXT4-fs error (device loop0): ext4_orphan_get:1427: comm syz.0.83: bad orphan inode 17 [ 93.839613][ T4544] ext4_test_bit(bit=16, block=4) = 1 [ 93.878812][ T4544] is_bad_inode(inode)=0 [ 93.896420][ T4544] NEXT_ORPHAN(inode)=0 [ 93.909398][ T4544] max_ino=32 [ 93.912662][ T4544] i_nlink=1 [ 93.915869][ T4544] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 94.020802][ T4556] loop0: detected capacity change from 0 to 16 [ 94.041574][ T4556] erofs: (device loop0): mounted with root inode @ nid 36. [ 94.070739][ T4556] erofs: (device loop0): z_erofs_map_blocks_iter: unknown type 3 @ offset 507903 of nid 36 [ 94.089409][ T4556] erofs: (device loop0): z_erofs_readpage: failed to read, err [-95] [ 94.356321][ T4560] bridge: RTM_NEWNEIGH with invalid ether address [ 94.537438][ T4285] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1) [ 94.583828][ T4567] serio: Serial port pts1 [ 94.809997][ T4573] usb usb8: usbfs: process 4573 (syz.3.91) did not claim interface 0 before use [ 95.209394][ T4584] loop1: detected capacity change from 0 to 256 [ 95.590699][ T23] Bluetooth: hci5: command 0x1003 tx timeout [ 95.598807][ T4184] Bluetooth: hci5: sending frame failed (-49) [ 95.892445][ T4584] FAT-fs (loop1): Directory bread(block 64) failed [ 95.899561][ T4584] FAT-fs (loop1): Directory bread(block 65) failed [ 95.906338][ T4584] FAT-fs (loop1): Directory bread(block 66) failed [ 95.913182][ T4584] FAT-fs (loop1): Directory bread(block 67) failed [ 95.919834][ T4584] FAT-fs (loop1): Directory bread(block 68) failed [ 95.926376][ T4584] FAT-fs (loop1): Directory bread(block 69) failed [ 95.933065][ T4584] FAT-fs (loop1): Directory bread(block 70) failed [ 95.939701][ T4584] FAT-fs (loop1): Directory bread(block 71) failed [ 95.946305][ T4584] FAT-fs (loop1): Directory bread(block 72) failed [ 95.952907][ T4584] FAT-fs (loop1): Directory bread(block 73) failed [ 96.264189][ T4592] loop1: detected capacity change from 0 to 512 [ 96.307015][ T4592] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 96.354217][ T4592] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2002c019, mo2=0002] [ 96.372666][ T4592] System zones: 1-12 [ 96.394840][ T4592] EXT4-fs (loop1): 1 truncate cleaned up [ 96.401994][ T4601] loop2: detected capacity change from 0 to 2048 [ 96.406014][ T4592] EXT4-fs (loop1): mounted filesystem without journal. Opts: noinit_itable,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,debug,nombcache,stripe=0x0000000000000001,,errors=continue. Quota mode: none. [ 96.593287][ T4601] EXT4-fs (loop2): mounted filesystem without journal. Opts: commit=0x0000000000000005,,errors=continue. Quota mode: none. [ 96.605704][ T23] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 96.733375][ T4610] xt_TCPMSS: Only works on TCP SYN packets [ 96.863103][ T23] usb 1-1: Using ep0 maxpacket: 8 [ 96.995388][ T23] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8D has invalid wMaxPacketSize 0 [ 97.047640][ T23] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8D has invalid maxpacket 0 [ 97.220026][ T26] audit: type=1800 audit(1730636944.445:3): pid=4601 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.102" name="file2" dev="loop2" ino=16 res=0 errno=0 [ 97.299604][ T23] usb 1-1: New USB device found, idVendor=0499, idProduct=1055, bcdDevice= 1.a4 [ 97.318515][ T23] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 97.347974][ T23] usb 1-1: Product: syz [ 97.362382][ T23] usb 1-1: Manufacturer: syz [ 97.367037][ T23] usb 1-1: SerialNumber: syz [ 97.412935][ T23] usb 1-1: config 0 descriptor?? [ 97.463129][ T4617] usb usb8: usbfs: process 4617 (syz.3.107) did not claim interface 0 before use [ 97.480410][ T4618] devpts: called with bogus options [ 97.564094][ T4623] loop3: detected capacity change from 0 to 512 [ 97.618812][ T4623] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 97.645113][ T4623] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2002c019, mo2=0002] [ 97.656528][ T4623] System zones: 1-12 [ 97.668966][ T4623] EXT4-fs (loop3): 1 truncate cleaned up [ 97.676525][ T4623] EXT4-fs (loop3): mounted filesystem without journal. Opts: noinit_itable,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,debug,nombcache,stripe=0x0000000000000001,,errors=continue. Quota mode: none. [ 97.753467][ T4244] Bluetooth: hci5: command 0x1001 tx timeout [ 97.760630][ T4184] Bluetooth: hci5: sending frame failed (-49) [ 98.645998][ T23] snd-usb-audio: probe of 1-1:0.0 failed with error -12 [ 98.704766][ T23] usb 1-1: USB disconnect, device number 5 [ 98.768202][ T4159] udevd[4159]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 98.830177][ T4637] device pim6reg1 entered promiscuous mode [ 98.902654][ T4642] loop1: detected capacity change from 0 to 512 [ 98.981979][ T4642] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpid,grpquota,,errors=continue. Quota mode: writeback. [ 99.005316][ T4642] ext4 filesystem being mounted at /22/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 99.321885][ T4658] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 99.820894][ T1107] Bluetooth: hci5: command 0x1009 tx timeout [ 100.057428][ T4660] usb usb8: usbfs: process 4660 (syz.0.118) did not claim interface 0 before use [ 100.134421][ T4215] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 100.243467][ T4664] loop0: detected capacity change from 0 to 512 [ 100.912606][ T4664] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 100.959883][ T21] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 101.035723][ T4664] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2002c019, mo2=0002] [ 101.053156][ T4664] System zones: 1-12 [ 101.086180][ T4664] EXT4-fs (loop0): 1 truncate cleaned up [ 101.099019][ T4664] EXT4-fs (loop0): mounted filesystem without journal. Opts: noinit_itable,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,debug,nombcache,stripe=0x0000000000000001,,errors=continue. Quota mode: none. [ 101.130266][ T4673] syz.1.121 uses obsolete (PF_INET,SOCK_PACKET) [ 101.334500][ T4215] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 101.348163][ T4215] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 101.366697][ T4215] usb 3-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00 [ 101.376148][ T4215] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 101.388137][ T4215] usb 3-1: config 0 descriptor?? [ 101.409860][ T21] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 101.420636][ T21] usb 4-1: can't read configurations, error -61 [ 101.579258][ T21] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 101.788258][ T4686] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 101.798567][ T4686] IPv6: NLM_F_CREATE should be set when creating new route [ 101.805869][ T4686] IPv6: NLM_F_CREATE should be set when creating new route [ 101.875151][ T4215] lg-g15 0003:046D:C222.0007: unknown main item tag 0x0 [ 101.891616][ T4215] lg-g15 0003:046D:C222.0007: unknown main item tag 0x0 [ 101.901929][ T4215] lg-g15 0003:046D:C222.0007: unknown main item tag 0x0 [ 101.909918][ T4215] lg-g15 0003:046D:C222.0007: unknown main item tag 0x0 [ 101.917024][ T4215] lg-g15 0003:046D:C222.0007: unknown main item tag 0x0 [ 101.936381][ T4215] lg-g15 0003:046D:C222.0007: unknown main item tag 0x0 [ 101.943815][ T4215] lg-g15 0003:046D:C222.0007: unknown main item tag 0x0 [ 101.953305][ T4215] lg-g15 0003:046D:C222.0007: unknown main item tag 0x0 [ 101.960964][ T4215] lg-g15 0003:046D:C222.0007: unknown main item tag 0x0 [ 101.968335][ T4215] lg-g15 0003:046D:C222.0007: unknown main item tag 0x0 [ 101.976442][ T4215] lg-g15 0003:046D:C222.0007: unknown main item tag 0x0 [ 102.023137][ T4215] lg-g15 0003:046D:C222.0007: hidraw0: USB HID v0.00 Device [HID 046d:c222] on usb-dummy_hcd.2-1/input0 [ 102.086596][ T4215] usb 3-1: USB disconnect, device number 4 [ 102.149497][ T21] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 102.157638][ T21] usb 4-1: can't read configurations, error -61 [ 102.164864][ T21] usb usb4-port1: attempt power cycle [ 102.203061][ T4694] loop0: detected capacity change from 0 to 256 [ 102.619464][ T21] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 102.857291][ T4694] FAT-fs (loop0): IO charset mact=maccroatian not found [ 102.889291][ T21] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 102.897992][ T21] usb 4-1: can't read configurations, error -61 [ 102.901076][ T4697] usb usb8: usbfs: process 4697 (syz.2.130) did not claim interface 0 before use [ 103.137487][ T21] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 103.194467][ T4707] loop1: detected capacity change from 0 to 512 [ 103.265746][ T4707] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpid,grpquota,,errors=continue. Quota mode: writeback. [ 103.293249][ T4707] ext4 filesystem being mounted at /27/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 103.495351][ T21] usb 4-1: device not accepting address 5, error -71 [ 103.502652][ T21] usb usb4-port1: unable to enumerate USB device [ 103.859326][ T21] usb 4-1: new full-speed USB device number 6 using dummy_hcd [ 103.949733][ T4713] loop2: detected capacity change from 0 to 512 [ 104.015600][ T4713] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 104.098868][ T4713] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2002c019, mo2=0002] [ 104.118994][ T4713] System zones: 1-12 [ 104.151166][ T4713] EXT4-fs (loop2): 1 truncate cleaned up [ 104.185291][ T4713] EXT4-fs (loop2): mounted filesystem without journal. Opts: noinit_itable,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,debug,nombcache,stripe=0x0000000000000001,,errors=continue. Quota mode: none. [ 104.370174][ T4721] loop1: detected capacity change from 0 to 512 [ 104.407634][ T21] usb 4-1: unable to get BOS descriptor or descriptor too short [ 104.452898][ T4721] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 104.465593][ T4721] ext4 filesystem being mounted at /29/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 104.489987][ T4721] EXT4-fs error (device loop1): ext4_do_update_inode:5174: inode #2: comm syz.1.137: corrupted inode contents [ 104.505078][ T4721] EXT4-fs error (device loop1): ext4_dirty_inode:6010: inode #2: comm syz.1.137: mark_inode_dirty error [ 104.517473][ T4721] EXT4-fs error (device loop1): ext4_do_update_inode:5174: inode #2: comm syz.1.137: corrupted inode contents [ 104.529301][ T21] usb 4-1: unable to read config index 0 descriptor/start: -71 [ 104.529340][ T21] usb 4-1: can't read configurations, error -71 [ 104.537050][ T4215] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 104.558197][ T4721] EXT4-fs error (device loop1): __ext4_ext_dirty:183: inode #2: comm syz.1.137: mark_inode_dirty error [ 104.860249][ T4215] usb 5-1: Using ep0 maxpacket: 16 [ 105.079456][ T4215] usb 5-1: config 1 interface 0 altsetting 93 bulk endpoint 0x82 has invalid maxpacket 96 [ 105.099170][ T4215] usb 5-1: config 1 interface 0 altsetting 93 bulk endpoint 0x3 has invalid maxpacket 8 [ 105.108934][ T4215] usb 5-1: config 1 interface 0 altsetting 93 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 105.192844][ T4736] usb usb8: usbfs: process 4736 (syz.0.141) did not claim interface 0 before use [ 105.235099][ T4215] usb 5-1: config 1 interface 0 has no altsetting 0 [ 105.389496][ T4215] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 105.419240][ T4215] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 105.474454][ T4215] usb 5-1: SerialNumber: syz [ 105.539681][ T4719] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 105.581480][ T4719] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 105.866816][ T4719] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 105.894096][ T4719] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 106.372962][ T4765] IPv6: NLM_F_REPLACE set, but no existing node found! [ 107.048695][ T4215] cdc_ether: probe of 5-1:1.0 failed with error -22 [ 107.065018][ T4215] usb 5-1: USB disconnect, device number 5 [ 107.165266][ T4767] loop0: detected capacity change from 0 to 512 [ 107.312364][ T4774] usb usb8: usbfs: process 4774 (syz.4.153) did not claim interface 0 before use [ 107.327703][ T4767] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 108.226783][ T4777] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 108.256034][ T4767] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2002c019, mo2=0002] [ 108.279245][ T4767] System zones: 1-12 [ 108.299242][ T4245] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 108.307033][ T4767] EXT4-fs (loop0): 1 truncate cleaned up [ 108.329198][ T4767] EXT4-fs (loop0): mounted filesystem without journal. Opts: noinit_itable,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,debug,nombcache,stripe=0x0000000000000001,,errors=continue. Quota mode: none. [ 109.499569][ T4245] usb 3-1: config index 0 descriptor too short (expected 45, got 36) [ 109.513037][ T4245] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 109.549259][ T4245] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 109.575035][ T4245] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 109.579229][ T4244] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 109.618746][ T4245] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 109.648387][ T4245] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 109.693868][ T4245] usb 3-1: config 0 descriptor?? [ 109.729880][ T4769] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 109.989275][ T4244] usb 5-1: config 9 has an invalid descriptor of length 0, skipping remainder of the config [ 110.021173][ T4244] usb 5-1: config 9 has 0 interfaces, different from the descriptor's value: 1 [ 110.033054][ T4244] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 110.058306][ T4244] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 110.223722][ T4245] plantronics 0003:047F:FFFF.0008: unknown main item tag 0xd [ 110.248907][ T4245] plantronics 0003:047F:FFFF.0008: No inputs registered, leaving [ 110.313983][ T4245] plantronics 0003:047F:FFFF.0008: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 110.898176][ T4244] usb 5-1: string descriptor 0 read error: -71 [ 110.906174][ T4244] usb 5-1: USB disconnect, device number 6 [ 111.679306][ T21] usb 3-1: reset high-speed USB device number 5 using dummy_hcd [ 111.827883][ T4810] usb usb8: usbfs: process 4810 (syz.3.164) did not claim interface 0 before use [ 112.893692][ T23] usb 3-1: USB disconnect, device number 5 [ 113.097545][ T4826] loop2: detected capacity change from 0 to 512 [ 113.203895][ T4826] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 113.214665][ T26] audit: type=1326 audit(1730636960.495:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4827 comm="syz.3.171" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f13e7c28719 code=0x0 [ 113.261793][ T4826] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2002c019, mo2=0002] [ 113.280136][ T4826] System zones: 1-12 [ 113.294617][ T4826] EXT4-fs (loop2): 1 truncate cleaned up [ 113.309225][ T4826] EXT4-fs (loop2): mounted filesystem without journal. Opts: noinit_itable,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,debug,nombcache,stripe=0x0000000000000001,,errors=continue. Quota mode: none. [ 115.159021][ T4845] loop1: detected capacity change from 0 to 8192 [ 115.291909][ T4850] loop0: detected capacity change from 0 to 512 [ 116.078242][ T4860] 9pnet: Insufficient options for proto=fd [ 116.488551][ T4864] usb usb8: usbfs: process 4864 (syz.3.179) did not claim interface 0 before use [ 116.685799][ T4850] EXT4-fs (loop0): bad s_want_extra_isize: 11962 [ 117.069088][ T4882] loop0: detected capacity change from 0 to 128 [ 117.105211][ T4881] loop4: detected capacity change from 0 to 512 [ 117.374227][ T4881] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 117.648848][ T4881] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2002c019, mo2=0002] [ 117.758911][ T4881] System zones: 1-12 [ 117.990345][ T4881] EXT4-fs (loop4): 1 truncate cleaned up [ 118.009304][ T4881] EXT4-fs (loop4): mounted filesystem without journal. Opts: noinit_itable,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,debug,nombcache,stripe=0x0000000000000001,,errors=continue. Quota mode: none. [ 118.665940][ T4892] loop0: detected capacity change from 0 to 1024 [ 118.767037][ T4892] EXT4-fs (loop0): first meta block group too large: 50331648 (group descriptor block count 1) [ 119.078700][ T4898] kvm: emulating exchange as write [ 119.895539][ T4903] usb usb8: usbfs: process 4903 (syz.0.191) did not claim interface 0 before use [ 122.446843][ T4936] loop1: detected capacity change from 0 to 256 [ 122.617031][ T4936] exFAT-fs (loop1): failed to load upcase table (idx : 0x00011bf5, chksum : 0xcea91b8a, utbl_chksum : 0xe619d30d) [ 122.690594][ T4938] loop0: detected capacity change from 0 to 512 [ 122.721489][ T4936] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 122.797261][ T4938] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 122.866158][ T4936] attempt to access beyond end of device [ 122.866158][ T4936] loop1: rw=524288, want=408, limit=256 [ 122.881198][ T4938] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2002c019, mo2=0002] [ 122.894933][ T26] audit: type=1804 audit(1730636970.175:5): pid=4942 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.199" name="/newroot/43/bus/file1" dev="loop1" ino=1048595 res=1 errno=0 [ 122.899557][ T4938] System zones: 1-12 [ 123.032193][ T4938] EXT4-fs (loop0): 1 truncate cleaned up [ 123.037874][ T4938] EXT4-fs (loop0): mounted filesystem without journal. Opts: noinit_itable,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,debug,nombcache,stripe=0x0000000000000001,,errors=continue. Quota mode: none. [ 123.051817][ T26] audit: type=1800 audit(1730636970.335:6): pid=4936 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.199" name="file1" dev="loop1" ino=1048595 res=0 errno=0 [ 123.089263][ T1107] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 123.166899][ T26] audit: type=1800 audit(1730636970.335:7): pid=4942 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.199" name="file1" dev="loop1" ino=1048595 res=0 errno=0 [ 123.469504][ T1107] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 123.508262][ T1107] usb 3-1: New USB device found, idVendor=17ef, idProduct=6047, bcdDevice= 0.00 [ 123.543803][ T1107] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 123.568811][ T4954] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 123.579532][ T4954] overlayfs: option "index=on" is useless in a non-upper mount, ignore [ 123.606150][ T1107] usb 3-1: config 0 descriptor?? [ 123.643784][ T4954] overlayfs: missing 'lowerdir' [ 124.134671][ T1107] lenovo 0003:17EF:6047.0009: unknown main item tag 0x0 [ 124.189464][ T4244] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 124.351561][ T1107] lenovo 0003:17EF:6047.0009: unknown main item tag 0x0 [ 124.651096][ T1107] lenovo 0003:17EF:6047.0009: unknown main item tag 0x0 [ 124.664026][ T1107] lenovo 0003:17EF:6047.0009: unknown main item tag 0x0 [ 124.679311][ T1107] lenovo 0003:17EF:6047.0009: unknown main item tag 0x0 [ 124.809630][ T1107] lenovo 0003:17EF:6047.0009: hidraw0: USB HID v0.00 Device [HID 17ef:6047] on usb-dummy_hcd.2-1/input0 [ 125.023637][ T4244] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 125.047850][ T4244] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 125.069233][ T4244] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00 [ 125.078324][ T4244] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 125.290052][ T1107] lenovo 0003:17EF:6047.0009: Failed to switch middle button: -71 [ 125.307630][ T4244] usb 4-1: config 0 descriptor?? [ 125.619935][ T1107] lenovo 0003:17EF:6047.0009: Fn-lock setting failed: -71 [ 125.820343][ T1107] lenovo 0003:17EF:6047.0009: Sensitivity setting failed: -71 [ 125.900120][ T1107] usb 3-1: USB disconnect, device number 6 [ 126.006689][ T4971] loop2: detected capacity change from 0 to 512 [ 126.017596][ T4244] pyra 0003:1E7D:2CF6.000A: hidraw0: USB HID v0.00 Device [HID 1e7d:2cf6] on usb-dummy_hcd.3-1/input0 [ 126.076330][ T4971] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 126.110161][ T4975] futex_wake_op: syz.0.210 tries to shift op by -1; fix this program [ 126.136258][ T4971] EXT4-fs (loop2): 1 truncate cleaned up [ 126.157521][ T4971] EXT4-fs (loop2): mounted filesystem without journal. Opts: resuid=0x0000000000000000,init_itable,stripe=0x0000000000000000,stripe=0x0000000000000200,,errors=continue. Quota mode: none. [ 126.372137][ T4244] pyra 0003:1E7D:2CF6.000A: couldn't init struct pyra_device [ 126.383300][ T4244] pyra 0003:1E7D:2CF6.000A: couldn't install mouse [ 126.391561][ T4244] pyra: probe of 0003:1E7D:2CF6.000A failed with error -71 [ 126.401354][ T4244] usb 4-1: USB disconnect, device number 8 [ 126.519349][ T26] audit: type=1326 audit(1730636973.795:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4970 comm="syz.2.209" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1108640719 code=0x0 [ 127.488777][ T4991] netlink: 8 bytes leftover after parsing attributes in process `syz.3.213'. [ 127.520286][ T4991] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 127.529903][ T4991] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 127.628776][ T4991] syz.3.213 (4991) used greatest stack depth: 18776 bytes left [ 128.064167][ T4997] loop1: detected capacity change from 0 to 256 [ 128.182658][ T4997] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d) [ 129.547992][ T4984] loop4: detected capacity change from 0 to 40427 [ 129.731423][ T4984] F2FS-fs (loop4): invalid crc value [ 129.752223][ T5006] loop2: detected capacity change from 0 to 512 [ 129.788326][ T4984] F2FS-fs (loop4): Found nat_bits in checkpoint [ 129.805273][ T5006] EXT4-fs (loop2): inline encryption not supported [ 129.925843][ T4984] F2FS-fs (loop4): Start checkpoint disabled! [ 129.987001][ T5006] EXT4-fs (loop2): Test dummy encryption mode enabled [ 130.026807][ T5006] EXT4-fs error (device loop2): __ext4_iget:4872: inode #11: block 1: comm syz.2.219: invalid block [ 130.051054][ T5006] EXT4-fs error (device loop2): ext4_orphan_get:1406: comm syz.2.219: couldn't read orphan inode 11 (err -117) [ 130.087467][ T5006] EXT4-fs (loop2): mounted filesystem without journal. Opts: inlinecrypt,user_xattr,quota,inode_readahead_blks=0x0000000000010000,jqfmt=vfsv0,delalloc,inode_readahead_blks=0x0000000000400000,noauto_da_alloc,test_dummy_encryption,,errors=continue. Quota mode: writeback. [ 130.130650][ T23] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 130.148766][ T5020] loop0: detected capacity change from 0 to 512 [ 130.182884][ T5021] loop3: detected capacity change from 0 to 512 [ 130.289320][ T5021] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 130.343656][ T5020] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 130.368874][ T5020] ext4 filesystem being mounted at /49/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 130.403401][ T5021] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2002c019, mo2=0002] [ 130.544997][ T5021] System zones: 1-12 [ 130.669658][ T23] usb 2-1: config index 0 descriptor too short (expected 45, got 36) [ 131.494870][ T23] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 131.508027][ T23] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 131.519598][ T23] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 131.532921][ T23] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 131.542412][ T23] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 131.567707][ T26] audit: type=1800 audit(1730636978.845:9): pid=5029 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.221" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 131.596927][ T5021] EXT4-fs (loop3): 1 truncate cleaned up [ 131.622330][ T23] usb 2-1: config 0 descriptor?? [ 131.638099][ T5021] EXT4-fs (loop3): mounted filesystem without journal. Opts: noinit_itable,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,debug,nombcache,stripe=0x0000000000000001,,errors=continue. Quota mode: none. [ 131.699665][ T5010] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 132.023157][ T5026] fscrypt: AES-256-XTS using implementation "xts-aes-aesni" [ 132.035962][ T5026] EXT4-fs error (device loop2): ext4_add_entry:2486: inode #2: comm syz.2.219: Directory hole found for htree leaf block 0 [ 132.241129][ T23] plantronics 0003:047F:FFFF.000B: unknown main item tag 0xd [ 132.261235][ T23] plantronics 0003:047F:FFFF.000B: No inputs registered, leaving [ 132.283987][ T23] plantronics 0003:047F:FFFF.000B: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 132.707922][ T1421] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.714535][ T1421] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.373949][ T5046] loop4: detected capacity change from 0 to 512 [ 133.638194][ T5046] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 134.005337][ T23] usb 2-1: reset high-speed USB device number 4 using dummy_hcd [ 134.089212][ T1107] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 134.302449][ T5046] EXT4-fs (loop4): 1 truncate cleaned up [ 134.308141][ T5046] EXT4-fs (loop4): mounted filesystem without journal. Opts: resuid=0x0000000000000000,init_itable,stripe=0x0000000000000000,stripe=0x0000000000000200,,errors=continue. Quota mode: none. [ 134.739377][ T26] audit: type=1326 audit(1730636982.015:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5045 comm="syz.4.224" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f49fda0c719 code=0x0 [ 134.760987][ C1] vkms_vblank_simulate: vblank timer overrun [ 134.809357][ T1107] usb 1-1: Using ep0 maxpacket: 16 [ 135.049466][ T1107] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 135.061644][ T1107] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 135.082771][ T1107] usb 1-1: New USB device found, idVendor=0419, idProduct=0001, bcdDevice= 0.00 [ 135.102838][ T1107] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 135.141514][ T4244] usb 2-1: USB disconnect, device number 4 [ 135.153463][ T1107] usb 1-1: config 0 descriptor?? [ 135.251930][ T5074] futex_wake_op: syz.3.232 tries to shift op by -1; fix this program [ 135.357306][ T5062] loop1: detected capacity change from 0 to 40427 [ 135.397859][ T5076] loop4: detected capacity change from 0 to 128 [ 135.452699][ T5062] F2FS-fs (loop1): invalid crc value [ 135.493746][ T5062] F2FS-fs (loop1): Found nat_bits in checkpoint [ 135.635665][ T5062] F2FS-fs (loop1): Start checkpoint disabled! [ 135.663533][ T1107] samsung 0003:0419:0001.000C: item fetching failed at offset 3/5 [ 135.673289][ T1107] samsung 0003:0419:0001.000C: parse failed [ 135.679455][ T1107] samsung: probe of 0003:0419:0001.000C failed with error -22 [ 135.687280][ T5062] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 136.492083][ T4244] usb 1-1: USB disconnect, device number 6 [ 136.959891][ T5089] overlayfs: missing 'lowerdir' [ 137.889601][ T5092] loop2: detected capacity change from 0 to 256 [ 137.936749][ T5096] loop4: detected capacity change from 0 to 512 [ 137.993700][ T5096] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 138.083310][ T5096] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2002c019, mo2=0002] [ 138.099219][ T5096] System zones: 1-12 [ 138.123612][ T5096] EXT4-fs (loop4): 1 truncate cleaned up [ 138.130067][ T5096] EXT4-fs (loop4): mounted filesystem without journal. Opts: noinit_itable,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,debug,nombcache,stripe=0x0000000000000001,,errors=continue. Quota mode: none. [ 138.300485][ T5031] attempt to access beyond end of device [ 138.300485][ T5031] loop1: rw=2049, want=45112, limit=40427 [ 139.007774][ T5109] loop0: detected capacity change from 0 to 512 [ 139.039499][ T4173] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 139.168303][ T5109] EXT4-fs (loop0): mounted filesystem without journal. Opts: quota,,errors=continue. Quota mode: writeback. [ 139.208395][ T5109] ext4 filesystem being mounted at /54/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 141.329348][ T4173] usb 4-1: unable to read config index 0 descriptor/start: -71 [ 141.336970][ T4173] usb 4-1: can't read configurations, error -71 [ 141.375985][ T5124] loop1: detected capacity change from 0 to 512 [ 141.440663][ T5128] loop4: detected capacity change from 0 to 512 [ 141.487980][ T5124] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpquota,nouid32,minixdf,,errors=continue. Quota mode: writeback. [ 141.533472][ T5128] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 141.549536][ T5124] ext4 filesystem being mounted at /49/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 141.580926][ T5128] EXT4-fs (loop4): 1 truncate cleaned up [ 141.595349][ T5128] EXT4-fs (loop4): mounted filesystem without journal. Opts: resuid=0x0000000000000000,init_itable,stripe=0x0000000000000000,stripe=0x0000000000000200,,errors=continue. Quota mode: none. [ 142.414556][ T5119] bridge0: port 2(bridge_slave_1) entered disabled state [ 142.423361][ T5119] bridge0: port 1(bridge_slave_0) entered disabled state [ 143.053008][ T4226] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 143.459856][ T4226] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 143.481387][ T4226] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 143.505703][ T4226] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 143.519832][ T4226] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 143.528898][ T4226] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 143.567506][ T4226] usb 1-1: config 0 descriptor?? [ 143.610355][ T5143] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 144.608862][ T5119] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 144.634937][ T5155] loop1: detected capacity change from 0 to 2048 [ 144.717690][ T5119] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 144.780468][ T5155] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 144.841853][ T26] audit: type=1800 audit(1730636992.125:11): pid=5155 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.251" name="bus" dev="loop1" ino=18 res=0 errno=0 [ 144.931678][ T4226] plantronics 0003:047F:FFFF.000D: unknown main item tag 0xd [ 144.943114][ T4226] plantronics 0003:047F:FFFF.000D: No inputs registered, leaving [ 144.970469][ T4226] plantronics 0003:047F:FFFF.000D: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 145.473528][ T5119] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 145.482580][ T5119] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 145.491679][ T5119] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 145.500689][ T5119] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 145.766543][ T5156] netlink: 8 bytes leftover after parsing attributes in process `syz.0.249'. [ 145.844447][ T5164] 9pnet: Insufficient options for proto=fd [ 145.912535][ T5166] loop2: detected capacity change from 0 to 512 [ 145.956635][ T5166] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 145.972211][ T5166] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2002c019, mo2=0002] [ 145.980967][ T5166] System zones: 1-12 [ 145.988022][ T5166] EXT4-fs (loop2): 1 truncate cleaned up [ 145.997265][ T5166] EXT4-fs (loop2): mounted filesystem without journal. Opts: noinit_itable,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,debug,nombcache,stripe=0x0000000000000001,,errors=continue. Quota mode: none. [ 146.007785][ T5171] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 146.098506][ T5169] loop3: detected capacity change from 0 to 1024 [ 146.193099][ T5169] EXT4-fs (loop3): first meta block group too large: 50331648 (group descriptor block count 1) [ 147.692899][ T4173] usb 1-1: USB disconnect, device number 7 [ 147.813349][ T5198] loop1: detected capacity change from 0 to 512 [ 147.920260][ T5198] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 148.060622][ T5198] EXT4-fs (loop1): 1 truncate cleaned up [ 148.070164][ T5198] EXT4-fs (loop1): mounted filesystem without journal. Opts: resuid=0x0000000000000000,init_itable,stripe=0x0000000000000000,stripe=0x0000000000000200,,errors=continue. Quota mode: none. [ 149.527282][ T26] audit: type=1326 audit(1730636996.565:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5197 comm="syz.1.264" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1171743719 code=0x0 [ 150.110561][ T5216] loop4: detected capacity change from 0 to 512 [ 150.198960][ T5216] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 150.251464][ T5216] EXT4-fs (loop4): 1 truncate cleaned up [ 150.257133][ T5216] EXT4-fs (loop4): mounted filesystem without journal. Opts: resuid=0x0000000000000000,init_itable,stripe=0x0000000000000000,stripe=0x0000000000000200,,errors=continue. Quota mode: none. [ 150.318587][ T5193] bridge0: port 2(bridge_slave_1) entered disabled state [ 150.325955][ T5193] bridge0: port 1(bridge_slave_0) entered disabled state [ 150.520138][ T4213] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 150.658250][ T26] audit: type=1326 audit(1730636997.935:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5215 comm="syz.4.269" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f49fda0c719 code=0x0 [ 150.799993][ T4213] usb 1-1: Using ep0 maxpacket: 32 [ 151.000719][ T4213] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 151.020506][ T4213] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 151.038097][ T4213] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 151.047697][ T4213] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 151.092826][ T4213] usb 1-1: config 0 descriptor?? [ 151.119877][ T5214] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 151.140608][ T4213] hub 1-1:0.0: USB hub found [ 151.359299][ T4213] hub 1-1:0.0: 2 ports detected [ 151.387717][ T5221] loop4: detected capacity change from 0 to 1024 [ 151.486590][ T5221] EXT4-fs (loop4): first meta block group too large: 50331648 (group descriptor block count 1) [ 151.611224][ T5193] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 151.684218][ T5193] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 151.799383][ T4213] hub 1-1:0.0: set hub depth failed [ 151.844970][ T4213] usb 1-1: USB disconnect, device number 8 [ 151.969336][ T21] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 152.163440][ T5193] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 152.172406][ T5193] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 152.181697][ T5193] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 152.191033][ T5193] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 152.209311][ T21] usb 5-1: Using ep0 maxpacket: 32 [ 152.329590][ T21] usb 5-1: config 0 has an invalid interface number: 67 but max is 0 [ 152.460008][ T21] usb 5-1: config 0 has no interface number 0 [ 152.629730][ T21] usb 5-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 152.646663][ T21] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 152.655403][ T21] usb 5-1: Product: syz [ 152.660149][ T21] usb 5-1: Manufacturer: syz [ 152.664893][ T21] usb 5-1: SerialNumber: syz [ 152.672482][ T21] usb 5-1: config 0 descriptor?? [ 152.711101][ T21] smsc95xx v2.0.0 [ 152.787534][ T5240] loop2: detected capacity change from 0 to 256 [ 152.869216][ T4213] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 153.009304][ T4215] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 153.188259][ T5242] netlink: 60 bytes leftover after parsing attributes in process `syz.2.278'. [ 153.199801][ T5242] unsupported nlmsg_type 40 [ 153.389972][ T4213] usb 2-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 26 [ 153.580486][ T4213] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 153.834076][ T4213] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 153.852567][ T4213] usb 2-1: SerialNumber: syz [ 154.039327][ T21] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000034: -71 [ 154.057246][ T21] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_DATA [ 154.087527][ T21] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71 [ 154.104901][ T21] smsc95xx: probe of 5-1:0.67 failed with error -71 [ 154.137713][ T21] usb 5-1: USB disconnect, device number 7 [ 154.281090][ T5250] loop2: detected capacity change from 0 to 512 [ 154.331950][ T4215] usb 4-1: Using ep0 maxpacket: 16 [ 154.337551][ T5250] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 154.407698][ T5250] EXT4-fs (loop2): 1 truncate cleaned up [ 154.419935][ T5250] EXT4-fs (loop2): mounted filesystem without journal. Opts: resuid=0x0000000000000000,init_itable,stripe=0x0000000000000000,stripe=0x0000000000000200,,errors=continue. Quota mode: none. [ 154.489513][ T4215] usb 4-1: config index 0 descriptor too short (expected 2852, got 36) [ 154.504274][ T4215] usb 4-1: config 157 has an invalid descriptor of length 0, skipping remainder of the config [ 154.515336][ T4215] usb 4-1: config 157 has 0 interfaces, different from the descriptor's value: 4 [ 154.531067][ T4215] usb 4-1: New USB device found, idVendor=0419, idProduct=0001, bcdDevice= 0.00 [ 155.839269][ T26] audit: type=1326 audit(1730637003.115:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5249 comm="syz.2.280" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1108640719 code=0x0 [ 155.899990][ T5257] udc-core: couldn't find an available UDC or it's busy [ 155.907376][ T5257] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 156.119397][ T4213] cdc_ether: probe of 2-1:1.0 failed with error -71 [ 156.154609][ T4213] usb 2-1: USB disconnect, device number 5 [ 156.213213][ T5261] loop4: detected capacity change from 0 to 512 [ 156.475354][ T4215] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 156.522714][ T5261] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 156.550097][ T5265] loop0: detected capacity change from 0 to 1024 [ 156.574970][ T5261] EXT4-fs (loop4): 1 truncate cleaned up [ 156.591736][ T5269] loop2: detected capacity change from 0 to 512 [ 156.593505][ T5261] EXT4-fs (loop4): mounted filesystem without journal. Opts: resuid=0x0000000000000000,init_itable,stripe=0x0000000000000000,stripe=0x0000000000000200,,errors=continue. Quota mode: none. [ 156.635412][ T5269] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 156.652485][ T5269] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2002c019, mo2=0002] [ 156.662920][ T5265] EXT4-fs (loop0): first meta block group too large: 50331648 (group descriptor block count 1) [ 156.662954][ T5269] System zones: 1-12 [ 156.682933][ T5269] EXT4-fs (loop2): 1 truncate cleaned up [ 156.688759][ T5269] EXT4-fs (loop2): mounted filesystem without journal. Opts: noinit_itable,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,debug,nombcache,stripe=0x0000000000000001,,errors=continue. Quota mode: none. [ 156.769479][ T4215] usb 4-1: string descriptor 0 read error: -71 [ 156.778560][ T4215] usb 4-1: USB disconnect, device number 11 [ 157.191202][ T4184] Bluetooth: hci5: sending frame failed (-49) [ 157.198550][ T26] audit: type=1326 audit(1730637004.465:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5259 comm="syz.4.283" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f49fda0c719 code=0x0 [ 157.904919][ T5287] netlink: 16 bytes leftover after parsing attributes in process `syz.3.288'. [ 158.776037][ T5292] loop4: detected capacity change from 0 to 256 [ 159.227490][ T5297] netlink: 60 bytes leftover after parsing attributes in process `syz.4.291'. [ 159.259276][ T21] Bluetooth: hci5: command 0x1003 tx timeout [ 159.304868][ T4184] Bluetooth: hci5: sending frame failed (-49) [ 160.235172][ T5290] loop2: detected capacity change from 0 to 40427 [ 160.330897][ T5290] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 160.344405][ T5290] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 160.438693][ T5290] F2FS-fs (loop2): invalid crc value [ 160.491843][ T5290] F2FS-fs (loop2): Found nat_bits in checkpoint [ 160.827495][ T5290] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 160.846136][ T5290] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 161.170479][ T5315] loop4: detected capacity change from 0 to 512 [ 161.232194][ T5315] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 161.339293][ T21] Bluetooth: hci5: command 0x1001 tx timeout [ 161.345841][ T4184] Bluetooth: hci5: sending frame failed (-49) [ 161.360454][ T5315] EXT4-fs (loop4): 1 truncate cleaned up [ 161.366137][ T5315] EXT4-fs (loop4): mounted filesystem without journal. Opts: resuid=0x0000000000000000,init_itable,stripe=0x0000000000000000,stripe=0x0000000000000200,,errors=continue. Quota mode: none. [ 161.401921][ T5319] loop1: detected capacity change from 0 to 512 [ 161.548071][ T5319] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 161.637815][ T5319] EXT4-fs (loop1): 1 truncate cleaned up [ 161.759683][ T26] audit: type=1326 audit(1730637009.005:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5314 comm="syz.4.296" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f49fda0c719 code=0x0 [ 161.759882][ T5319] EXT4-fs (loop1): mounted filesystem without journal. Opts: resuid=0x0000000000000000,init_itable,stripe=0x0000000000000000,stripe=0x0000000000000200,,errors=continue. Quota mode: none. [ 162.679267][ T26] audit: type=1326 audit(1730637009.645:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5318 comm="syz.1.299" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1171743719 code=0x0 [ 163.419334][ T21] Bluetooth: hci5: command 0x1009 tx timeout [ 163.609058][ T5336] loop2: detected capacity change from 0 to 1024 [ 163.668724][ T5336] EXT4-fs (loop2): first meta block group too large: 50331648 (group descriptor block count 1) [ 164.214276][ T5346] loop1: detected capacity change from 0 to 256 [ 166.089291][ T5353] netlink: 60 bytes leftover after parsing attributes in process `syz.1.304'. [ 167.020058][ T26] audit: type=1326 audit(1730637014.305:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5361 comm="syz.1.308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1171743719 code=0x7ffc0000 [ 167.087686][ T26] audit: type=1326 audit(1730637014.335:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5361 comm="syz.1.308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=206 compat=0 ip=0x7f1171743719 code=0x7ffc0000 [ 167.129179][ T26] audit: type=1326 audit(1730637014.335:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5361 comm="syz.1.308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1171743719 code=0x7ffc0000 [ 167.181304][ T26] audit: type=1326 audit(1730637014.335:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5361 comm="syz.1.308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1171743719 code=0x7ffc0000 [ 167.269458][ T23] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 167.549412][ T23] usb 5-1: Using ep0 maxpacket: 8 [ 167.669906][ T23] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 167.723951][ T26] audit: type=1326 audit(1730637014.345:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5361 comm="syz.1.308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=207 compat=0 ip=0x7f1171743719 code=0x7ffc0000 [ 167.809354][ T23] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 167.964633][ T23] usb 5-1: New USB device found, idVendor=054c, idProduct=0ce6, bcdDevice= 0.00 [ 168.018336][ T26] audit: type=1326 audit(1730637014.455:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5361 comm="syz.1.308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1171743719 code=0x7ffc0000 [ 168.045511][ T23] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 168.062892][ T5373] fuse: Bad value for 'fd' [ 168.095062][ T23] usb 5-1: config 0 descriptor?? [ 168.104119][ T26] audit: type=1326 audit(1730637014.455:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5361 comm="syz.1.308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1171743719 code=0x7ffc0000 [ 168.198818][ T5375] loop1: detected capacity change from 0 to 1024 [ 168.295028][ T5375] EXT4-fs (loop1): first meta block group too large: 50331648 (group descriptor block count 1) [ 168.607580][ T23] playstation 0003:054C:0CE6.000E: unknown main item tag 0x0 [ 168.628381][ T23] playstation 0003:054C:0CE6.000E: unknown main item tag 0x0 [ 168.646866][ T23] playstation 0003:054C:0CE6.000E: unknown main item tag 0x0 [ 168.667140][ T23] playstation 0003:054C:0CE6.000E: unknown main item tag 0x0 [ 168.687375][ T23] playstation 0003:054C:0CE6.000E: unknown main item tag 0x0 [ 168.707650][ T23] playstation 0003:054C:0CE6.000E: unknown main item tag 0x0 [ 168.727895][ T23] playstation 0003:054C:0CE6.000E: unknown main item tag 0x0 [ 168.757076][ T23] playstation 0003:054C:0CE6.000E: hidraw0: USB HID v0.00 Device [HID 054c:0ce6] on usb-dummy_hcd.4-1/input0 [ 168.899325][ T23] playstation 0003:054C:0CE6.000E: Invalid byte count transferred, expected 20 got 0 [ 168.920896][ T23] playstation 0003:054C:0CE6.000E: Failed to retrieve DualSense pairing info: -22 [ 168.928871][ T5384] loop1: detected capacity change from 0 to 512 [ 169.008959][ T5386] loop3: detected capacity change from 0 to 512 [ 169.042345][ T5384] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 169.094552][ T5384] EXT4-fs (loop1): 1 truncate cleaned up [ 169.100688][ T5384] EXT4-fs (loop1): mounted filesystem without journal. Opts: resuid=0x0000000000000000,init_itable,stripe=0x0000000000000000,stripe=0x0000000000000200,,errors=continue. Quota mode: none. [ 169.112878][ T23] playstation 0003:054C:0CE6.000E: Failed to get MAC address from DualSense [ 169.145148][ T5386] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 169.157567][ T23] playstation 0003:054C:0CE6.000E: Failed to create dualsense. [ 169.177146][ T23] playstation: probe of 0003:054C:0CE6.000E failed with error -22 [ 169.231760][ T5386] EXT4-fs (loop3): 1 truncate cleaned up [ 169.296678][ T5386] EXT4-fs (loop3): mounted filesystem without journal. Opts: resuid=0x0000000000000000,init_itable,stripe=0x0000000000000000,stripe=0x0000000000000200,,errors=continue. Quota mode: none. [ 169.558754][ T23] usb 5-1: USB disconnect, device number 8 [ 170.159586][ T26] audit: type=1326 audit(1730637017.435:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5385 comm="syz.3.318" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f13e7c28719 code=0x0 [ 171.597704][ T5418] fuse: Bad value for 'fd' [ 171.735927][ T5420] loop0: detected capacity change from 0 to 1024 [ 171.809213][ T4245] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 171.825949][ T5420] EXT4-fs (loop0): first meta block group too large: 50331648 (group descriptor block count 1) [ 172.269592][ T4245] usb 5-1: config index 0 descriptor too short (expected 45, got 36) [ 172.282415][ T4245] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 172.298611][ T4245] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 172.310628][ T4245] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 172.494409][ T4245] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 172.504216][ T4245] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 172.514446][ T4245] usb 5-1: config 0 descriptor?? [ 172.540492][ T5414] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 173.851378][ T4245] plantronics 0003:047F:FFFF.000F: unknown main item tag 0xd [ 173.866250][ T4245] plantronics 0003:047F:FFFF.000F: No inputs registered, leaving [ 173.903973][ T4245] plantronics 0003:047F:FFFF.000F: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 174.900539][ T23] usb 5-1: USB disconnect, device number 9 [ 175.019386][ T4245] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 175.148448][ T5453] loop4: detected capacity change from 0 to 512 [ 175.303760][ T5453] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 175.644258][ T5453] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2002c019, mo2=0002] [ 175.726362][ T5453] System zones: 1-12 [ 175.998836][ T5453] EXT4-fs (loop4): 1 truncate cleaned up [ 176.039884][ T5453] EXT4-fs (loop4): mounted filesystem without journal. Opts: noinit_itable,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,debug,nombcache,stripe=0x0000000000000001,,errors=continue. Quota mode: none. [ 176.127683][ T4245] usb 4-1: too many configurations: 65, using maximum allowed: 8 [ 176.237574][ C1] ------------[ cut here ]------------ [ 176.237663][ C1] [ 176.237669][ C1] ====================================================== [ 176.237675][ C1] WARNING: possible circular locking dependency detected [ 176.237681][ C1] 5.15.170-syzkaller #0 Not tainted [ 176.237692][ C1] ------------------------------------------------------ [ 176.237698][ C1] kworker/1:2/1107 is trying to acquire lock: [ 176.237709][ C1] ffffffff8c7fc4b8 ((console_sem).lock){-.-.}-{2:2}, at: down_trylock+0x1c/0xa0 [ 176.237765][ C1] [ 176.237765][ C1] but task is already holding lock: [ 176.237770][ C1] ffff8880b9128098 (&base->lock){-.-.}-{2:2}, at: __mod_timer+0x772/0xeb0 [ 176.237812][ C1] [ 176.237812][ C1] which lock already depends on the new lock. [ 176.237812][ C1] [ 176.237817][ C1] [ 176.237817][ C1] the existing dependency chain (in reverse order) is: [ 176.237822][ C1] [ 176.237822][ C1] -> #3 (&base->lock){-.-.}-{2:2}: [ 176.237846][ C1] lock_acquire+0x1db/0x4f0 [ 176.237864][ C1] _raw_spin_lock_irqsave+0xd1/0x120 [ 176.237885][ C1] lock_timer_base+0x120/0x260 [ 176.237904][ C1] __mod_timer+0x1d6/0xeb0 [ 176.237922][ C1] queue_delayed_work_on+0x156/0x250 [ 176.237941][ C1] enqueue_task+0x2fe/0x3a0 [ 176.237960][ C1] wake_up_new_task+0x515/0xb60 [ 176.237979][ C1] kernel_clone+0x44e/0x960 [ 176.237996][ C1] kernel_thread+0x168/0x1e0 [ 176.238011][ C1] rest_init+0x21/0x330 [ 176.238030][ C1] start_kernel+0x48c/0x540 [ 176.238045][ C1] secondary_startup_64_no_verify+0xb1/0xbb [ 176.238065][ C1] [ 176.238065][ C1] -> #2 (&rq->__lock){-.-.}-{2:2}: [ 176.238088][ C1] lock_acquire+0x1db/0x4f0 [ 176.238103][ C1] _raw_spin_lock_nested+0x2d/0x40 [ 176.238122][ C1] raw_spin_rq_lock_nested+0x26/0x140 [ 176.238141][ C1] task_fork_fair+0x5d/0x350 [ 176.238158][ C1] sched_cgroup_fork+0x2d3/0x330 [ 176.238177][ C1] copy_process+0x224a/0x3ef0 [ 176.238193][ C1] kernel_clone+0x210/0x960 [ 176.238249][ C1] kernel_thread+0x168/0x1e0 [ 176.238265][ C1] rest_init+0x21/0x330 [ 176.238283][ C1] start_kernel+0x48c/0x540 [ 176.238298][ C1] secondary_startup_64_no_verify+0xb1/0xbb [ 176.238318][ C1] [ 176.238318][ C1] -> #1 (&p->pi_lock){-.-.}-{2:2}: [ 176.238342][ C1] lock_acquire+0x1db/0x4f0 [ 176.238358][ C1] _raw_spin_lock_irqsave+0xd1/0x120 [ 176.238377][ C1] try_to_wake_up+0xae/0x1300 [ 176.238397][ C1] up+0x6e/0x90 [ 176.238414][ C1] __up_console_sem+0x11a/0x1e0 [ 176.238432][ C1] console_unlock+0x1145/0x12b0 [ 176.238449][ C1] vprintk_emit+0xbf/0x150 [ 176.238465][ C1] dev_vprintk_emit+0x2aa/0x330 [ 176.238482][ C1] dev_printk_emit+0xd9/0x120 [ 176.238499][ C1] _dev_info+0x11e/0x170 [ 176.238514][ C1] usb_string+0x487/0x790 [ 176.238534][ C1] usb_cache_string+0x79/0xf0 [ 176.238552][ C1] usb_set_configuration+0x188c/0x2020 [ 176.238573][ C1] usb_generic_driver_probe+0x84/0x140 [ 176.238599][ C1] usb_probe_device+0x130/0x260 [ 176.238619][ C1] really_probe+0x24e/0xb60 [ 176.238637][ C1] __driver_probe_device+0x1a2/0x3d0 [ 176.238656][ C1] driver_probe_device+0x50/0x420 [ 176.238675][ C1] __device_attach_driver+0x2b9/0x500 [ 176.238694][ C1] bus_for_each_drv+0x183/0x200 [ 176.238711][ C1] __device_attach+0x359/0x570 [ 176.238729][ C1] bus_probe_device+0xba/0x1e0 [ 176.238745][ C1] device_add+0xb48/0xfd0 [ 176.238760][ C1] usb_new_device+0xc17/0x18e0 [ 176.238776][ C1] hub_event+0x2cdf/0x54c0 [ 176.238792][ C1] process_one_work+0x8a1/0x10c0 [ 176.238811][ C1] worker_thread+0xaca/0x1280 [ 176.238830][ C1] kthread+0x3f6/0x4f0 [ 176.238845][ C1] ret_from_fork+0x1f/0x30 [ 176.238863][ C1] [ 176.238863][ C1] -> #0 ((console_sem).lock){-.-.}-{2:2}: [ 176.238888][ C1] validate_chain+0x1649/0x5930 [ 176.238905][ C1] __lock_acquire+0x1295/0x1ff0 [ 176.238921][ C1] lock_acquire+0x1db/0x4f0 [ 176.238937][ C1] _raw_spin_lock_irqsave+0xd1/0x120 [ 176.238956][ C1] down_trylock+0x1c/0xa0 [ 176.238974][ C1] __down_trylock_console_sem+0x105/0x250 [ 176.238993][ C1] console_trylock_spinning+0x8a/0x3f0 [ 176.239011][ C1] vprintk_emit+0xa6/0x150 [ 176.239027][ C1] _printk+0xd1/0x120 [ 176.239047][ C1] report_bug+0x1e5/0x2e0 [ 176.239068][ C1] handle_bug+0x3d/0x70 [ 176.239088][ C1] exc_invalid_op+0x16/0x40 [ 176.239103][ C1] asm_exc_invalid_op+0x16/0x20 [ 176.239122][ C1] copy_from_user_nofault+0x15c/0x1c0 [ 176.239140][ C1] bpf_probe_read_user+0x26/0x70 [ 176.239158][ C1] bpf_prog_1e8b16acb1dbd232+0x42/0xd34 [ 176.239173][ C1] bpf_trace_run3+0x1d1/0x380 [ 176.239190][ C1] __traceiter_timer_start+0x79/0xd0 [ 176.239210][ C1] enqueue_timer+0x3ae/0x540 [ 176.239225][ C1] __mod_timer+0x9ca/0xeb0 [ 176.239244][ C1] mod_peer_timer+0x158/0x220 [ 176.239260][ C1] wg_packet_rx_poll+0xd8f/0x2130 [ 176.239277][ C1] __napi_poll+0xc7/0x440 [ 176.239296][ C1] net_rx_action+0x617/0xda0 [ 176.239315][ C1] handle_softirqs+0x3a7/0x930 [ 176.239331][ C1] do_softirq+0x162/0x240 [ 176.239346][ C1] __local_bh_enable_ip+0x1b1/0x1f0 [ 176.239362][ C1] wg_packet_decrypt_worker+0xd49/0xde0 [ 176.239379][ C1] process_one_work+0x8a1/0x10c0 [ 176.239396][ C1] worker_thread+0xaca/0x1280 [ 176.239414][ C1] kthread+0x3f6/0x4f0 [ 176.239429][ C1] ret_from_fork+0x1f/0x30 [ 176.239446][ C1] [ 176.239446][ C1] other info that might help us debug this: [ 176.239446][ C1] [ 176.239451][ C1] Chain exists of: [ 176.239451][ C1] (console_sem).lock --> &rq->__lock --> &base->lock [ 176.239451][ C1] [ 176.239479][ C1] Possible unsafe locking scenario: [ 176.239479][ C1] [ 176.239484][ C1] CPU0 CPU1 [ 176.239488][ C1] ---- ---- [ 176.239492][ C1] lock(&base->lock); [ 176.239500][ C1] lock(&rq->__lock); [ 176.239511][ C1] lock(&base->lock); [ 176.239523][ C1] lock((console_sem).lock); [ 176.239533][ C1] [ 176.239533][ C1] *** DEADLOCK *** [ 176.239533][ C1] [ 176.239537][ C1] 5 locks held by kworker/1:2/1107: [ 176.239548][ C1] #0: ffff888064234538 ((wq_completion)wg-crypt-wg2#4){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0 [ 176.239608][ C1] #1: ffffc900042f7d20 ((work_completion)(&({ do { const void *__vpp_verify = (typeof((worker) + 0))((void *)0); (void)__vpp_verify; } while (0); ({ unsigned long __ptr; __ptr = (unsigned long) ((typeof(*((worker))) *)((worker))); (typeof((typeof(*((worker))) *)((worker)))) (__ptr + (((__per_cpu_offset[(cpu)])))); }); })->work)){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0 [ 176.239665][ C1] #2: ffffffff8c91fcc0 (rcu_read_lock_bh){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30 [ 176.239707][ C1] #3: ffff8880b9128098 (&base->lock){-.-.}-{2:2}, at: __mod_timer+0x772/0xeb0 [ 176.239751][ C1] #4: ffffffff8c91fc60 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x5/0x30 [ 176.239794][ C1] [ 176.239794][ C1] stack backtrace: [ 176.239806][ C1] CPU: 1 PID: 1107 Comm: kworker/1:2 Not tainted 5.15.170-syzkaller #0 [ 176.239826][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 176.239837][ C1] Workqueue: wg-crypt-wg2 wg_packet_decrypt_worker [ 176.239861][ C1] Call Trace: [ 176.239867][ C1] [ 176.239873][ C1] dump_stack_lvl+0x1e3/0x2d0 [ 176.239895][ C1] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 176.239919][ C1] ? print_circular_bug+0x12b/0x1a0 [ 176.239940][ C1] check_noncircular+0x2f8/0x3b0 [ 176.239962][ C1] ? add_chain_block+0x850/0x850 [ 176.239981][ C1] ? lockdep_lock+0x11f/0x2a0 [ 176.240004][ C1] validate_chain+0x1649/0x5930 [ 176.240023][ C1] ? stack_trace_save+0x1c0/0x1c0 [ 176.240051][ C1] ? reacquire_held_locks+0x660/0x660 [ 176.240074][ C1] ? lockdep_lock+0x11f/0x2a0 [ 176.240093][ C1] ? lockdep_unlock+0x166/0x300 [ 176.240110][ C1] ? lockdep_lock+0x2a0/0x2a0 [ 176.240131][ C1] ? mark_lock+0x98/0x340 [ 176.240150][ C1] __lock_acquire+0x1295/0x1ff0 [ 176.240174][ C1] lock_acquire+0x1db/0x4f0 [ 176.240191][ C1] ? down_trylock+0x1c/0xa0 [ 176.240212][ C1] ? vsnprintf+0x1c70/0x1c70 [ 176.240231][ C1] ? read_lock_is_recursive+0x10/0x10 [ 176.240250][ C1] ? memcpy+0x3c/0x60 [ 176.240269][ C1] ? vsnprintf+0x1b93/0x1c70 [ 176.240288][ C1] ? _prb_commit+0x30a/0x3e0 [ 176.240308][ C1] ? prb_reserve+0x1240/0x1240 [ 176.240328][ C1] _raw_spin_lock_irqsave+0xd1/0x120 [ 176.240350][ C1] ? down_trylock+0x1c/0xa0 [ 176.240370][ C1] ? _raw_spin_lock+0x40/0x40 [ 176.240391][ C1] ? vprintk_store+0xf1b/0x1300 [ 176.240412][ C1] down_trylock+0x1c/0xa0 [ 176.240433][ C1] __down_trylock_console_sem+0x105/0x250 [ 176.240454][ C1] ? printk_parse_prefix+0x2c0/0x2c0 [ 176.240472][ C1] ? vprintk_emit+0xa6/0x150 [ 176.240490][ C1] ? console_trylock+0x70/0x70 [ 176.240508][ C1] ? validate_chain+0x112/0x5930 [ 176.240530][ C1] ? vprintk_emit+0xa6/0x150 [ 176.240547][ C1] console_trylock_spinning+0x8a/0x3f0 [ 176.240566][ C1] ? vprintk_emit+0x150/0x150 [ 176.240590][ C1] ? validate_chain+0x112/0x5930 [ 176.240609][ C1] ? validate_chain+0x112/0x5930 [ 176.240633][ C1] vprintk_emit+0xa6/0x150 [ 176.240652][ C1] _printk+0xd1/0x120 [ 176.240674][ C1] ? report_bug+0x16e/0x2e0 [ 176.240695][ C1] ? panic+0x860/0x860 [ 176.240717][ C1] ? find_bug+0x9c/0x350 [ 176.240739][ C1] ? copy_from_user_nofault+0x15c/0x1c0 [ 176.240757][ C1] report_bug+0x1e5/0x2e0 [ 176.240781][ C1] handle_bug+0x3d/0x70 [ 176.240799][ C1] exc_invalid_op+0x16/0x40 [ 176.240818][ C1] asm_exc_invalid_op+0x16/0x20 [ 176.240839][ C1] RIP: 0010:copy_from_user_nofault+0x15c/0x1c0 [ 176.240860][ C1] Code: db 48 c7 c0 f2 ff ff ff 48 0f 44 c5 eb 0c e8 0b c7 d5 ff 48 c7 c0 f2 ff ff ff 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 f4 c6 d5 ff <0f> 0b e9 1e ff ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c ef fe ff [ 176.240876][ C1] RSP: 0018:ffffc90000dd0748 EFLAGS: 00010046 [ 176.240892][ C1] RAX: ffffffff81aaaccc RBX: 0000000000000000 RCX: ffff888021323b80 [ 176.240907][ C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000 [ 176.240916][ C1] RBP: dffffc0000000000 R08: ffffffff81aaabdd R09: fffffbfff20ec621 [ 176.240930][ C1] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000000 [ 176.240943][ C1] R13: 0000000000000008 R14: 0000000000000000 R15: ffffc90000dd07a8 [ 176.240958][ C1] ? copy_from_user_nofault+0x6d/0x1c0 [ 176.240975][ C1] ? copy_from_user_nofault+0x15c/0x1c0 [ 176.240998][ C1] ? copy_from_user_nofault+0x15c/0x1c0 [ 176.241018][ C1] bpf_probe_read_user+0x26/0x70 [ 176.241037][ C1] bpf_prog_1e8b16acb1dbd232+0x42/0xd34 [ 176.241055][ C1] bpf_trace_run3+0x1d1/0x380 [ 176.241076][ C1] ? bpf_trace_run2+0x340/0x340 [ 176.241097][ C1] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 176.241121][ C1] ? _raw_spin_unlock+0x40/0x40 [ 176.241141][ C1] ? do_raw_spin_lock+0x14a/0x370 [ 176.241162][ C1] ? __bpf_trace_timer_class+0x20/0x20 [ 176.241183][ C1] __traceiter_timer_start+0x79/0xd0 [ 176.241207][ C1] enqueue_timer+0x3ae/0x540 [ 176.241227][ C1] __mod_timer+0x9ca/0xeb0 [ 176.241253][ C1] ? mod_timer_pending+0x20/0x20 [ 176.241273][ C1] ? local_bh_disable+0x5/0x20 [ 176.241292][ C1] ? __bpf_trace_softirq+0x10/0x10 [ 176.241311][ C1] ? del_timer+0x183/0x310 [ 176.241333][ C1] ? lock_timer_base+0x260/0x260 [ 176.241358][ C1] mod_peer_timer+0x158/0x220 [ 176.241377][ C1] wg_packet_rx_poll+0xd8f/0x2130 [ 176.241400][ C1] ? _raw_spin_unlock_irqrestore+0x8b/0x130 [ 176.241429][ C1] ? wg_packet_handshake_receive_worker+0xe00/0xe00 [ 176.241452][ C1] ? mark_lock+0x98/0x340 [ 176.241475][ C1] ? print_irqtrace_events+0x210/0x210 [ 176.241493][ C1] ? memset+0x1f/0x40 [ 176.241511][ C1] ? __run_timers+0x814/0x890 [ 176.241530][ C1] __napi_poll+0xc7/0x440 [ 176.241554][ C1] net_rx_action+0x617/0xda0 [ 176.241581][ C1] ? net_tx_action+0x8e0/0x8e0 [ 176.241610][ C1] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 176.241638][ C1] handle_softirqs+0x3a7/0x930 [ 176.241659][ C1] ? do_softirq+0x162/0x240 [ 176.241679][ C1] ? do_softirq+0x240/0x240 [ 176.241701][ C1] do_softirq+0x162/0x240 [ 176.241719][ C1] [ 176.241724][ C1] [ 176.241730][ C1] ? __local_bh_enable_ip+0x1f0/0x1f0 [ 176.241750][ C1] ? lockdep_hardirqs_on_prepare+0x7a0/0x7a0 [ 176.241771][ C1] ? __local_bh_enable_ip+0x102/0x1f0 [ 176.241790][ C1] ? lockdep_hardirqs_off+0x70/0x100 [ 176.241814][ C1] __local_bh_enable_ip+0x1b1/0x1f0 [ 176.241833][ C1] ? wg_packet_decrypt_worker+0xd49/0xde0 [ 176.241853][ C1] ? _local_bh_enable+0xa0/0xa0 [ 176.241872][ C1] ? wg_packet_decrypt_worker+0x91f/0xde0 [ 176.241894][ C1] wg_packet_decrypt_worker+0xd49/0xde0 [ 176.241923][ C1] ? wg_packet_rx_poll+0x2130/0x2130 [ 176.241941][ C1] ? validate_chain+0x112/0x5930 [ 176.241996][ C1] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 176.242018][ C1] ? print_irqtrace_events+0x210/0x210 [ 176.242036][ C1] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 176.242060][ C1] ? do_raw_spin_unlock+0x137/0x8b0 [ 176.242083][ C1] process_one_work+0x8a1/0x10c0 [ 176.242111][ C1] ? worker_detach_from_pool+0x260/0x260 [ 176.242135][ C1] ? _raw_spin_lock_irqsave+0x120/0x120 [ 176.242157][ C1] ? kthread_data+0x4e/0xc0 [ 176.242176][ C1] ? wq_worker_running+0x97/0x170 [ 176.242197][ C1] worker_thread+0xaca/0x1280 [ 176.242230][ C1] kthread+0x3f6/0x4f0 [ 176.242248][ C1] ? rcu_lock_release+0x20/0x20 [ 176.242268][ C1] ? kthread_blkcg+0xd0/0xd0 [ 176.242287][ C1] ret_from_fork+0x1f/0x30 [ 176.242314][ C1] [ 177.591845][ C1] WARNING: CPU: 1 PID: 1107 at mm/maccess.c:226 copy_from_user_nofault+0x15c/0x1c0 [ 177.601128][ C1] Modules linked in: [ 177.605017][ C1] CPU: 1 PID: 1107 Comm: kworker/1:2 Not tainted 5.15.170-syzkaller #0 [ 177.613300][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 177.623356][ C1] Workqueue: wg-crypt-wg2 wg_packet_decrypt_worker [ 177.629883][ C1] RIP: 0010:copy_from_user_nofault+0x15c/0x1c0 [ 177.636073][ C1] Code: db 48 c7 c0 f2 ff ff ff 48 0f 44 c5 eb 0c e8 0b c7 d5 ff 48 c7 c0 f2 ff ff ff 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 f4 c6 d5 ff <0f> 0b e9 1e ff ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c ef fe ff [ 177.655869][ C1] RSP: 0018:ffffc90000dd0748 EFLAGS: 00010046 [ 177.661942][ C1] RAX: ffffffff81aaaccc RBX: 0000000000000000 RCX: ffff888021323b80 [ 177.669922][ C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000 [ 177.677894][ C1] RBP: dffffc0000000000 R08: ffffffff81aaabdd R09: fffffbfff20ec621 [ 177.685855][ C1] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000000 [ 177.693934][ C1] R13: 0000000000000008 R14: 0000000000000000 R15: ffffc90000dd07a8 [ 177.701900][ C1] FS: 0000000000000000(0000) GS:ffff8880b9100000(0000) knlGS:0000000000000000 [ 177.710831][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 177.717416][ C1] CR2: 000000110c2c676d CR3: 000000001a7f7000 CR4: 00000000003506e0 [ 177.725378][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 177.733348][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 177.741314][ C1] Call Trace: [ 177.744589][ C1] [ 177.747429][ C1] ? __warn+0x15b/0x300 [ 177.751597][ C1] ? copy_from_user_nofault+0x15c/0x1c0 [ 177.757136][ C1] ? report_bug+0x1b7/0x2e0 [ 177.761641][ C1] ? handle_bug+0x3d/0x70 [ 177.766056][ C1] ? exc_invalid_op+0x16/0x40 [ 177.770728][ C1] ? asm_exc_invalid_op+0x16/0x20 [ 177.775772][ C1] ? copy_from_user_nofault+0x6d/0x1c0 [ 177.781218][ C1] ? copy_from_user_nofault+0x15c/0x1c0 [ 177.786756][ C1] ? copy_from_user_nofault+0x15c/0x1c0 [ 177.792285][ C1] ? copy_from_user_nofault+0x15c/0x1c0 [ 177.797848][ C1] bpf_probe_read_user+0x26/0x70 [ 177.802771][ C1] bpf_prog_1e8b16acb1dbd232+0x42/0xd34 [ 177.808300][ C1] bpf_trace_run3+0x1d1/0x380 [ 177.812963][ C1] ? bpf_trace_run2+0x340/0x340 [ 177.818018][ C1] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 177.823934][ C1] ? _raw_spin_unlock+0x40/0x40 [ 177.828792][ C1] ? do_raw_spin_lock+0x14a/0x370 [ 177.833907][ C1] ? __bpf_trace_timer_class+0x20/0x20 [ 177.839359][ C1] __traceiter_timer_start+0x79/0xd0 [ 177.844636][ C1] enqueue_timer+0x3ae/0x540 [ 177.849299][ C1] __mod_timer+0x9ca/0xeb0 [ 177.853704][ C1] ? mod_timer_pending+0x20/0x20 [ 177.858637][ C1] ? local_bh_disable+0x5/0x20 [ 177.863402][ C1] ? __bpf_trace_softirq+0x10/0x10 [ 177.868509][ C1] ? del_timer+0x183/0x310 [ 177.873037][ C1] ? lock_timer_base+0x260/0x260 [ 177.877972][ C1] mod_peer_timer+0x158/0x220 [ 177.882655][ C1] wg_packet_rx_poll+0xd8f/0x2130 [ 177.887668][ C1] ? _raw_spin_unlock_irqrestore+0x8b/0x130 [ 177.893562][ C1] ? wg_packet_handshake_receive_worker+0xe00/0xe00 [ 177.900149][ C1] ? mark_lock+0x98/0x340 [ 177.904493][ C1] ? print_irqtrace_events+0x210/0x210 [ 177.909936][ C1] ? memset+0x1f/0x40 [ 177.913907][ C1] ? __run_timers+0x814/0x890 [ 177.918569][ C1] __napi_poll+0xc7/0x440 [ 177.922888][ C1] net_rx_action+0x617/0xda0 [ 177.927466][ C1] ? net_tx_action+0x8e0/0x8e0 [ 177.932270][ C1] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 177.938289][ C1] handle_softirqs+0x3a7/0x930 [ 177.943071][ C1] ? do_softirq+0x162/0x240 [ 177.947589][ C1] ? do_softirq+0x240/0x240 [ 177.952108][ C1] do_softirq+0x162/0x240 [ 177.956434][ C1] [ 177.959352][ C1] [ 177.962269][ C1] ? __local_bh_enable_ip+0x1f0/0x1f0 [ 177.967633][ C1] ? lockdep_hardirqs_on_prepare+0x7a0/0x7a0 [ 177.973607][ C1] ? __local_bh_enable_ip+0x102/0x1f0 [ 177.978971][ C1] ? lockdep_hardirqs_off+0x70/0x100 [ 177.984251][ C1] __local_bh_enable_ip+0x1b1/0x1f0 [ 177.989435][ C1] ? wg_packet_decrypt_worker+0xd49/0xde0 [ 177.995168][ C1] ? _local_bh_enable+0xa0/0xa0 [ 178.000006][ C1] ? wg_packet_decrypt_worker+0x91f/0xde0 [ 178.005712][ C1] wg_packet_decrypt_worker+0xd49/0xde0 [ 178.011330][ C1] ? wg_packet_rx_poll+0x2130/0x2130 [ 178.016623][ C1] ? validate_chain+0x112/0x5930 [ 178.021684][ C1] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 178.027659][ C1] ? print_irqtrace_events+0x210/0x210 [ 178.033106][ C1] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 178.038995][ C1] ? do_raw_spin_unlock+0x137/0x8b0 [ 178.044286][ C1] process_one_work+0x8a1/0x10c0 [ 178.049233][ C1] ? worker_detach_from_pool+0x260/0x260 [ 178.054856][ C1] ? _raw_spin_lock_irqsave+0x120/0x120 [ 178.060390][ C1] ? kthread_data+0x4e/0xc0 [ 178.064881][ C1] ? wq_worker_running+0x97/0x170 [ 178.069890][ C1] worker_thread+0xaca/0x1280 [ 178.074568][ C1] kthread+0x3f6/0x4f0 [ 178.078625][ C1] ? rcu_lock_release+0x20/0x20 [ 178.083567][ C1] ? kthread_blkcg+0xd0/0xd0 [ 178.088173][ C1] ret_from_fork+0x1f/0x30 [ 178.092621][ C1] [ 178.095640][ C1] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 178.102914][ C1] CPU: 1 PID: 1107 Comm: kworker/1:2 Not tainted 5.15.170-syzkaller #0 [ 178.111140][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 178.121181][ C1] Workqueue: wg-crypt-wg2 wg_packet_decrypt_worker [ 178.127683][ C1] Call Trace: [ 178.130946][ C1] [ 178.133775][ C1] dump_stack_lvl+0x1e3/0x2d0 [ 178.138467][ C1] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 178.144087][ C1] ? panic+0x860/0x860 [ 178.148176][ C1] ? panic+0x860/0x860 [ 178.152271][ C1] ? copy_from_user_nofault+0x90/0x1c0 [ 178.157846][ C1] ? copy_from_user_nofault+0x90/0x1c0 [ 178.163318][ C1] panic+0x318/0x860 [ 178.167209][ C1] ? __warn+0x16a/0x300 [ 178.171364][ C1] ? fb_is_primary_device+0xd0/0xd0 [ 178.176557][ C1] ? ret_from_fork+0x1f/0x30 [ 178.181134][ C1] ? copy_from_user_nofault+0x15c/0x1c0 [ 178.186664][ C1] __warn+0x2b2/0x300 [ 178.190642][ C1] ? copy_from_user_nofault+0x15c/0x1c0 [ 178.196179][ C1] report_bug+0x1b7/0x2e0 [ 178.200521][ C1] handle_bug+0x3d/0x70 [ 178.204677][ C1] exc_invalid_op+0x16/0x40 [ 178.209166][ C1] asm_exc_invalid_op+0x16/0x20 [ 178.214017][ C1] RIP: 0010:copy_from_user_nofault+0x15c/0x1c0 [ 178.220243][ C1] Code: db 48 c7 c0 f2 ff ff ff 48 0f 44 c5 eb 0c e8 0b c7 d5 ff 48 c7 c0 f2 ff ff ff 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 f4 c6 d5 ff <0f> 0b e9 1e ff ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c ef fe ff [ 178.239957][ C1] RSP: 0018:ffffc90000dd0748 EFLAGS: 00010046 [ 178.246013][ C1] RAX: ffffffff81aaaccc RBX: 0000000000000000 RCX: ffff888021323b80 [ 178.253968][ C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000 [ 178.261922][ C1] RBP: dffffc0000000000 R08: ffffffff81aaabdd R09: fffffbfff20ec621 [ 178.269880][ C1] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000000 [ 178.277833][ C1] R13: 0000000000000008 R14: 0000000000000000 R15: ffffc90000dd07a8 [ 178.285790][ C1] ? copy_from_user_nofault+0x6d/0x1c0 [ 178.291244][ C1] ? copy_from_user_nofault+0x15c/0x1c0 [ 178.296791][ C1] ? copy_from_user_nofault+0x15c/0x1c0 [ 178.302320][ C1] bpf_probe_read_user+0x26/0x70 [ 178.307260][ C1] bpf_prog_1e8b16acb1dbd232+0x42/0xd34 [ 178.312828][ C1] bpf_trace_run3+0x1d1/0x380 [ 178.317519][ C1] ? bpf_trace_run2+0x340/0x340 [ 178.322365][ C1] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 178.328375][ C1] ? _raw_spin_unlock+0x40/0x40 [ 178.333218][ C1] ? do_raw_spin_lock+0x14a/0x370 [ 178.338253][ C1] ? __bpf_trace_timer_class+0x20/0x20 [ 178.343701][ C1] __traceiter_timer_start+0x79/0xd0 [ 178.348984][ C1] enqueue_timer+0x3ae/0x540 [ 178.353586][ C1] __mod_timer+0x9ca/0xeb0 [ 178.358030][ C1] ? mod_timer_pending+0x20/0x20 [ 178.362964][ C1] ? local_bh_disable+0x5/0x20 [ 178.367720][ C1] ? __bpf_trace_softirq+0x10/0x10 [ 178.372823][ C1] ? del_timer+0x183/0x310 [ 178.377228][ C1] ? lock_timer_base+0x260/0x260 [ 178.382153][ C1] mod_peer_timer+0x158/0x220 [ 178.386836][ C1] wg_packet_rx_poll+0xd8f/0x2130 [ 178.391869][ C1] ? _raw_spin_unlock_irqrestore+0x8b/0x130 [ 178.397777][ C1] ? wg_packet_handshake_receive_worker+0xe00/0xe00 [ 178.404386][ C1] ? mark_lock+0x98/0x340 [ 178.408711][ C1] ? print_irqtrace_events+0x210/0x210 [ 178.414177][ C1] ? memset+0x1f/0x40 [ 178.418172][ C1] ? __run_timers+0x814/0x890 [ 178.422835][ C1] __napi_poll+0xc7/0x440 [ 178.427152][ C1] net_rx_action+0x617/0xda0 [ 178.431735][ C1] ? net_tx_action+0x8e0/0x8e0 [ 178.436485][ C1] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 178.442456][ C1] handle_softirqs+0x3a7/0x930 [ 178.447206][ C1] ? do_softirq+0x162/0x240 [ 178.451699][ C1] ? do_softirq+0x240/0x240 [ 178.456189][ C1] do_softirq+0x162/0x240 [ 178.460504][ C1] [ 178.463437][ C1] [ 178.466359][ C1] ? __local_bh_enable_ip+0x1f0/0x1f0 [ 178.471719][ C1] ? lockdep_hardirqs_on_prepare+0x7a0/0x7a0 [ 178.477943][ C1] ? __local_bh_enable_ip+0x102/0x1f0 [ 178.483314][ C1] ? lockdep_hardirqs_off+0x70/0x100 [ 178.488586][ C1] __local_bh_enable_ip+0x1b1/0x1f0 [ 178.493767][ C1] ? wg_packet_decrypt_worker+0xd49/0xde0 [ 178.499470][ C1] ? _local_bh_enable+0xa0/0xa0 [ 178.504305][ C1] ? wg_packet_decrypt_worker+0x91f/0xde0 [ 178.510010][ C1] wg_packet_decrypt_worker+0xd49/0xde0 [ 178.515550][ C1] ? wg_packet_rx_poll+0x2130/0x2130 [ 178.520818][ C1] ? validate_chain+0x112/0x5930 [ 178.525765][ C1] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 178.531730][ C1] ? print_irqtrace_events+0x210/0x210 [ 178.537172][ C1] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 178.543055][ C1] ? do_raw_spin_unlock+0x137/0x8b0 [ 178.548239][ C1] process_one_work+0x8a1/0x10c0 [ 178.553183][ C1] ? worker_detach_from_pool+0x260/0x260 [ 178.558824][ C1] ? _raw_spin_lock_irqsave+0x120/0x120 [ 178.564359][ C1] ? kthread_data+0x4e/0xc0 [ 178.568846][ C1] ? wq_worker_running+0x97/0x170 [ 178.573854][ C1] worker_thread+0xaca/0x1280 [ 178.578524][ C1] kthread+0x3f6/0x4f0 [ 178.582582][ C1] ? rcu_lock_release+0x20/0x20 [ 178.587417][ C1] ? kthread_blkcg+0xd0/0xd0 [ 178.592000][ C1] ret_from_fork+0x1f/0x30 [ 178.596449][ C1] [ 179.712438][ C1] Shutting down cpus with NMI [ 179.717672][ C1] Kernel Offset: disabled [ 179.721999][ C1] Rebooting in 86400 seconds..