last executing test programs: 11.607967126s ago: executing program 1 (id=767): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000001100)={{r0, 0xffffffffffffffff}, &(0x7f0000001080), &(0x7f00000010c0)='%pI4 \x00'}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r1, 0xffffffffffffffff}, &(0x7f00000002c0), &(0x7f0000000300)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000d0039000000000000b4a518110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000000c0)='jbd2_handle_stats\x00', r3}, 0x10) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r4) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) r5 = inotify_init1(0x0) fcntl$setown(r5, 0x8, 0xffffffffffffffff) fcntl$getownex(r5, 0x10, &(0x7f0000000140)={0x0, 0x0}) r7 = syz_open_procfs(r6, &(0x7f0000000040)='fd/4\x00') ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r7, 0x40086610, &(0x7f0000000180)={@id={0x40000, 0x0, @b}}) 10.810741943s ago: executing program 1 (id=771): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f0000000240)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c00000022000000000000000000000f01"], 0x0, 0x26, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000240), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r2, 0x0) r3 = dup(r1) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KDSKBMETA(r3, 0x4b63, &(0x7f0000000000)=0x3) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000}) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_RUN(r4, 0xae80, 0x0) 9.648299272s ago: executing program 4 (id=774): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, 0x0) sendmsg$NL80211_CMD_AUTHENTICATE(r0, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={0x0, 0x54}}, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) recvfrom$inet6(0xffffffffffffffff, &(0x7f0000000740)=""/4096, 0x1000, 0x0, 0x0, 0x0) r1 = syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0) r2 = syz_open_dev$usbfs(&(0x7f0000000000), 0x20000007d, 0x0) syz_open_dev$evdev(&(0x7f0000001040), 0x0, 0x0) open(0x0, 0x0, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a500000023"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r3}, 0x10) r4 = dup3(r1, r2, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3000001, 0x12, r1, 0x0) ioctl$MON_IOCG_STATS(r4, 0xc0109207, &(0x7f00000001c0)) 9.493733845s ago: executing program 4 (id=777): ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) mmap(&(0x7f000069a000/0x4000)=nil, 0x4000, 0x380000a, 0x10, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0xe, &(0x7f00000012c0)={[{@noload}, {@usrjquota}, {@acl}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0xc4}}, {@resgid}, {@user_xattr}]}, 0x3, 0x449, &(0x7f0000000bc0)="$eJzs28trXNUfAPDvnSR995f8Sn30oUarGHwkTfqwCzeKggsLgi7qMiZpqZ020kSwpWgVqUspuC8uBf8CV7oRdSW41b0UimTTKghX7sy9ycxkJp2Jk0zrfD5wk3PuPZNzvnPvuXPOPZkA+tZo9iOJ2BURv0bEcDVbX2C0+uvO0pWZP5euzCSRpm/+kVTK3V66MlMULV63s8gMRpQ+TeJAk3oXLl0+N10uz13M8xOL59+bWLh0+fmz56fPzJ2ZuzB14sTRI5MvHJ861pU4s7hu7/9w/uC+196+fnLm1PV3fvw6KeJviKNLRtc6+FSadrm63tpdk04GVx/ftpmNoW0D1W4aQ5X+PxwDsXLyhuPVT3raOGBDpWmaPtj68NUU+A9LotctAHqj+KDP5r/FtklDj3vCrZeqE6As7jv5Vj0yGKW8zFDD/LabRiPi1NW/bmRbbMxzCACAOt9m45/nmo3/SlH7XOh/+RrKSET8PyL2RMTxiNgbEQ9EVMo+FBEPd1h/4yLJ6vFP6ea6AmtTNv57MV/bqh//FaO/GBnIc7sr8Q8lp8+W5w7n78lYDG3N8pNr1PHdK7983upY7fgv27L6i7Fg3o6bg1vrXzM7vTj9b2KudevjiP2DzeJPllcCkojYFxH711nH2We+OtjqWJP4/07T9EZbf7jJOlOn0i8jnq6e/6vREH8hWXt9cmJblOcOTxRXxWo//XztjVb13/38b6zs/O9oev0vxz+S1K7XLnRex7XfPms5p1nv9b8leatu3wfTi4sXJyO2JK8PRX6fWt4/1VBuaqV8Fv/Yoeb9f0+svBMHIiK7iB+JiEcj4rG87Y9HxBMRcWiN+H94+cl363aM7eog/o2VxT/b0flfSWyJxj3NEwPnvv+mrtKR6CD+7PwfraTG8j3t3P/aadf6rmYAAAC4/5QiYlckpfHldKk0Pl79H/69saNUnl9YfPb0/PsXZqvfERiJoVLxpGu45nnoZD6tL/JTDfkj+XPjLwa2V/LjM/Pl2V4HD31uZ4v+n/l9oNetAzZcF9bRgPuU/g/9S/+H/qX/Q/9q0v+396IdwOZr9vn/UQ/aAWy+hv5v2Q/6iPk/9C/9H/qX/g99aWF73P1L8hISqxJRuieaIdFJ4uSxtgv3+s4EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQHf8EAAD//yeb6Hg=") r0 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000140)=ANY=[], 0xfd14) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) read$alg(r2, &(0x7f0000000240)=""/4096, 0xfffffdef) 9.284131663s ago: executing program 1 (id=779): bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0x88, 0x0, &(0x7f0000000a80)="3b1c2fac82e71ea0f1bbe02f0ad1b1596b940795b65167892b6288f1232d882d6867f0498018bfe4b82f85768644038e5ceece9c99c9035aed496dd5121ef3ffa33e5aa053a4f3311d1800970743a60e97d402ca798fa7629f0ab7f4feddc43587bfee674941b874533cf13b89cdb1f987430b31643e4c25ab9d7577dcf16a3b1cde1388c1d59328", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1c0000001a000f"], 0x1c}}, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000240), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r2, 0x0) r3 = dup(r1) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 8.749639168s ago: executing program 2 (id=780): socket$inet(0x2, 0x3, 0xa) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x40000000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000000c0)=@file={0x0, './bus\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_open_dev$video4linux(&(0x7f0000000000), 0xfff, 0x0) ioctl$VIDIOC_SUBDEV_G_SELECTION(r3, 0xc040564a, &(0x7f0000000080)={0x0, 0x0, 0x100}) syz_genetlink_get_family_id$smc(&(0x7f00000000c0), 0xffffffffffffffff) syz_emit_ethernet(0x6a, &(0x7f0000000000)={@broadcast, @random="1704b45adbde", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x5, 0x0, 0x0, 0xe0, 0x0, 0xe000, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @multicast2=0xe0001b59, @rand_addr, {[@timestamp_prespec={0x44, 0x2c, 0x0, 0x3, 0x0, [{@private}, {@private}, {@dev}, {@remote}, {@multicast2}]}]}}}}}}}, 0x0) 8.581560492s ago: executing program 0 (id=781): socket$kcm(0xf, 0x3, 0x2) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0xc, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f00000001c0)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014fa0000b7030000000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.time\x00', 0x26e1, 0x0) r1 = syz_io_uring_setup(0x42e9, &(0x7f0000000200)={0x0, 0xfe3a, 0x0, 0x3, 0x20000}, &(0x7f0000000000)=0x0, &(0x7f0000000300)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r4}, 0x0, 0x0}, 0x20) write$UHID_CREATE2(r4, &(0x7f0000000180)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r4, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_WRITE={0x17, 0x10, 0x4007, @fd_index=0x8000000, 0x2, 0x0}) io_uring_enter(r1, 0x3f70, 0x0, 0x0, 0x0, 0x0) 7.42113283s ago: executing program 2 (id=783): r0 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000040)=0x3) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000100), 0x88602, 0x0) r2 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65) r3 = dup3(r2, r1, 0x0) r4 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'vxcan0\x00', 0x0}) connect$can_bcm(r4, &(0x7f0000000140)={0x1d, r5}, 0x10) sendmsg$can_bcm(r4, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000580)={0x1, 0x0, 0x0, {}, {}, {}, 0x1, @can={{}, 0x0, 0x0, 0x0, 0x0, "658cc35ee23b43e1"}}, 0x48}}, 0x0) sendmsg$can_bcm(r4, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000740)={0x1, 0x459, 0x0, {}, {}, {}, 0x1, @can={{}, 0x0, 0x0, 0x0, 0x0, "92919b0133d10edd"}}, 0x48}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x16, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x71, 0x11, 0x53}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call, @exit={0x95, 0x0, 0x33}], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xb8000000, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000240)='./file2aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x200008, &(0x7f0000000180)=ANY=[], 0x4, 0x61a, &(0x7f0000000540)="$eJzs3U9sHFcdB/DvrNeOHaR027ptQJWwGqkgLBL/kQvmQkAI+VChqhw4W4nTWNm4le0it0IoCBBXDhXncvCNExL3SOUMt159rITUSw/It6CZnbU3/rOx6zi7Dp+P9fa9t+/PvP3tzOzuWKsN8H9raTrNhymyNP32Vlnf2Z5v72zPX6qb20nKciNpdrIUa0nxWXIznZRvlnfW/YvjtvPJ6uK7n3+180Wn1qxT1b+R8ePHncyDOmUqyUidHzb6tea7dex8J1XsRaYM2LVu4GDQHh3y4DTDz3jcAsOg6LxuHtJKLicZr98HpD47NJ7t6p6+U53lAAAA4IJ6YTe72cqVQa8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALpL69/+LOjU6ebOYStH9/f+xui11+UJ7OOgFAAAAAAAAAMBT8O3d7GYrV7r1R0X1P/83qspkdfuNfJiNrGQ917OV5WxmM+uZTdLqmWhsa3lzc332BCPnjhw592weLwAAAAAAAAA8n1rJ0v7//wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYBgUyUgnq9Jkt9xKo5lkPMlY2e9B8u9u+SJ7OOgFAAAAwDPwwm52s5Ur3fqjovrM/2r1uX88H2Ytm1nNZtpZye3qWkDnU39jZ3u+vbM9f79Mh+f9y38fVU64jGrGdK49HL3lq1WPidzJanXP9dzK+2nndhrVyNLV7nqOXtfvvizn/nHthCu7XeflI/9znQ+HVhWR0b2IzNRrK6PxYv9I/OTLM21pNo29Kz+T5xDzy/WFpW6sL51qtefpYCTmeva+V/tHIvnOP/72q7vttXt372xMD89u1M/I8U0HIzHfE4nXnr9I9DFTReKVvfpSfp5fZjpTeSfrWc2vs5zNrGQqP6tKy/V+Xd62+kfq5mO1d560krH6eek8badb0xvl2O5l39zOSt6q/uYymx9kIQtZ7HmGXznBUd843VF/7bt1YSLJn+p8OJRxfbEnrr3n3FbV1nvPfpRe2tkey9M9Nza/VRfKbfy+zofDwUjM9kTi5f77y1+r9wkb7bV763eXPzjh9t6s83KH/eOpX5nHT9X7dMr95aXyyapqj+8dZdvLZdvEwbbZqm1yb1zjUNsre22tXMlqfpH3jzlSx+r3cIdnmqvaXjuybb5qu9rTdtT7LQCG3uXvXR6b+M/EvyY+nfjDxN2Jt8d/eumHl14fy+g/R3/UnBl5s/F68fd8mt/uf/4HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC+vo2PPr633G6vrJ9boftzTv07d3+B6vzXM9yFMgZDsAyF57fQPSCf0HmAJyXgmbixef+DGxsfffz91fvL7628t7I2urCwOLO48Nb8jTur7ZWZzu2gVwmch/0X/YMtY4NZEAAAAAAAAAAAAPBE/b8qMFr3OttXDgb8EAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIALbmk6zYcpMjtzfaas72zPt8vULe/3bCZpJCl+kxSfJTfTSWn1TFcct51PVhff/fyrnS/252p2+zf6jetvss4f1ClTSUbq/Awem+/Wmecr9h5hGbBr3cDBoP0vAAD//z1HAf4=") r6 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) fchown(r6, 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r3, 0xc0884113, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x5}) 7.391306543s ago: executing program 1 (id=784): ioctl$KDENABIO(0xffffffffffffffff, 0x4b36) syz_emit_vhci(0x0, 0x21) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000040)=0x20) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x74, &(0x7f0000000a40)={r1, 0x0, 0x30}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r2 = syz_open_dev$MSR(&(0x7f00000000c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r3 = fsopen(&(0x7f0000000040)='ceph\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000140)='source\x00\xb5\x838\x8d\xbd\xdf\xfe\x9a\xf2RM\xb6\xe0\xf9\xac\xa2\x06\x1cD\xe7C\xa5<\xd1=\x93\xf7\xf7Sn\xcb\xd5\xa7\xc9@D\x81\xff\xaar\xc8\xa9\x13\b\x9a\x8bF\v\x8a\x93F\x00\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f00000001c0)='.\n#)|.\x02\xd8\b\xb2f\xcd\x04\xb9\xc7\x9d\xb2a\r\xd7\xef\xc5\x112s\x88\x06\x13o\xd6w\xbf\xfa\xd5?\xa3\'\xca%\xd0\x8fKAq\x89f\xbb\x9dC\xd6\xea\xa8\xc2z\xbfe\xadSb3L)Hy\xfao\b\xa4\xb6\xff\xff\xff\xff\xff\xff\xff\xf7\xc7\xa4\xdcY\x9aM\x90\xa4\x05\xa8\xec\xf3\xa4h\x11\x19\x87E$\n://\xf3\x96\xaf\x1c8\b\x84x\'+\xd5\xd4?[e\x19\xa3\\J\xe9\x8a\xb9\xe495/\x00d\xd2\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf0\xb7\x1e\xf7Ys#m\xd40\xceP\xdc\x15FI>\x01\xfa\x15\x93\x9a&\xb4):\xc7?\x8d\x8e\x02\xc6\xf61\xbd\xbcBq\xba\xc6\x8e\x89\x15UTaf\xfc\x89\xab\x19\xd7\x82\x16\x94m\x0e\xb7$\x8c\xd76K\xdc\xd1;\\QPh@$\x06F\x81\xc9\xf8\xf8H\xb2\x85\xa8Cl\xa6\xcd\xb5\xf0\xd0\x1f\'\xc30]\xad7\x1eZA7\x89\xf5\x81b\r\xc1\x7f[\x84y\xac\x12\xaa\xa2-t\x16>V\xfc\xbf\xdb\xe4\x9a\x9eE^\x90oe\xc0\xd9\xc68\x0f\xd4\xcdKC\xadp\xba\xaa\xab\'\x1cRO\x89\x17i\x88\"\x8dQI\xed\x1d\xe1v\xe6&\xd3\x14\xe92\xca\x9dBe\\\x8f\xff\x9b\xc7Sd!\xf8(Z\xd42\xa2\xcdjjBP\xae3\xbd\xec\x8a\x8f:\xeb1\x1cK\xf2\x04s\b\xcb\xa9\x17\x8529\xd7`\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf1\xa4C\x81\xc8iy\xc4\xf7\x7f\x90\xf80\x18jT\xd45\xde\b\x88\xc9Xw\xe9\xf4\xa4\x94Q\x03s/\xac\xd4\xb7o\x99\xf5\xdb\xf9\x99,+\b\x17\xe4\xf4r}\xda\xf5\x12\x16\xb6g\x00\'(\x02[\xef\x03\x90W% \xe6b\xa2\\\x86\xac\xdax\x997AOJ=\x1f\x00\xe1/\n\xael\x15\xcfR\v\x0e\xbc!\xe8\x1cV-`\xf0$\xa6a \x93PV\x8dm@\x9c', 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x3, &(0x7f0000000000)=@framed={{0x18, 0x2}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) mkdir(&(0x7f0000000300)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) 7.339477577s ago: executing program 3 (id=785): openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0xfffd) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'xfrm0\x00'}) bpf$PROG_LOAD(0x5, 0x0, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000340)='fdinfo\x00') getdents64(r1, 0xffffffffffffffff, 0x43) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) mount$9p_tcp(&(0x7f0000000500), &(0x7f0000000540)='./file0\x00', &(0x7f0000000580), 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB='trans=tcp,port=0x0000000000000000,privport']) 7.294424941s ago: executing program 0 (id=786): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000020240), 0x10010) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r4, &(0x7f0000003000/0x18000)=nil, &(0x7f0000000300)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0xfffffffffffffdcc) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f00003cc000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x4, 0x0, 0x0, 0x1000, 0xd048, 0x0, 0x40000000000, 0x0, 0xc91e, 0xf7, 0x0, 0xff], 0x0, 0x241394}) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1, 0x10012, r5, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x7, 0x10012, r0, 0x0) 7.021225184s ago: executing program 2 (id=787): r0 = socket$xdp(0x2c, 0x3, 0x0) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000280)={'batadv_slave_1\x00', 0x0}) setsockopt$XDP_UMEM_FILL_RING(r0, 0x11b, 0x5, &(0x7f0000000140)=0x1, 0x4) r3 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_COMPLETION_RING(r0, 0x11b, 0x6, &(0x7f00000001c0)=0x100, 0x4) setsockopt$XDP_UMEM_REG(r3, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c) setsockopt$XDP_UMEM_COMPLETION_RING(r3, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$XDP_RX_RING(r3, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4) setsockopt$XDP_TX_RING(r0, 0x11b, 0x3, &(0x7f0000000440)=0x400, 0x4) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r4, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', 0x0}) setsockopt$XDP_UMEM_FILL_RING(r3, 0x11b, 0x5, &(0x7f0000000140)=0x1, 0x4) bind$xdp(r3, &(0x7f0000000100)={0x2c, 0x0, r5}, 0x10) bind$xdp(r0, &(0x7f00000004c0)={0x2c, 0x1, r2, 0x3c, r3}, 0x10) 6.326744824s ago: executing program 2 (id=788): syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="040efbff2820"], 0x7) r0 = syz_open_dev$sndpcmc(0x0, 0xffff, 0xc002) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0xf) r1 = syz_usb_connect(0x0, 0x3f, 0x0, 0x0) syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io(r1, 0x0, 0x0) r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) syz_emit_vhci(0x0, 0x0) ioctl$EVIOCGMASK(r2, 0x5b01, 0x0) ioctl$SNDRV_PCM_IOCTL_STATUS64(r0, 0xc06c4124, 0x0) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) r3 = syz_open_dev$sg(0x0, 0x0, 0x0) fcntl$dupfd(r3, 0x0, r3) syz_usb_connect(0x0, 0x36, 0x0, 0x0) 6.035287248s ago: executing program 3 (id=789): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001c40)={0x8, 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000001200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) r1 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(r1, 0x0, 0x0) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000200)={r0, r2, 0x1, 0x0, @void}, 0x10) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001c40)={0x8, 0x3, &(0x7f0000001300)=ANY=[], &(0x7f0000001200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r4 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) r5 = fsmount(r4, 0x0, 0x0) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000200)={r3, r5, 0x1, 0x0, @void}, 0x10) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r6, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r6, 0x3) setsockopt$SO_BINDTODEVICE(r6, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x10) syz_emit_ethernet(0x36, &(0x7f0000000080)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0) 6.029019339s ago: executing program 0 (id=790): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x405, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f00000005c0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc6751dfb265a0d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fd52347125907000000000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df262ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71d20fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada12f7a1001500a710eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff000000000000000000000000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18a904c0e585a66c3b84b138efc20a546d3d5227e23b03f2a834391ad24fe7d9b20cf92cb151763d41f5c76e2ff3e93ee296c4082ee73e7e197253a2b66c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0842b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f04c7f0be31491eb8c9ff68236c8600000000000000000000000066e034c81c3cab4e33fc8dc55ce0ada18dcbf31c6ea1893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f2243471221c15fa12313ffbfa7c2730302b66a99f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca20508011132153c528f7bca92980a3223c5b9cdddedb0a14adddf9a6e70a26b5c0ee0879c349814bee9d96d8bd23db4e801d49201ae84090455682794098afa42b34196b1d849020eeeb1ef48d003d71524683d7cdfa841bca708414fb8ff49742420d1ab7fa678aa4806d5247616e8bc0b02887f8efe9310ccf9bec1c9b7f6671c9d59ac6b09b4436cafdd1887c8e884c930d21ace088ccc99a94d4b33da2fc1b1310bb607a9ad65844655de1ac9fd36d12e07a821fb951368a970c58fb4f3f403fdaf68902874"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) r4 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) write$tcp_congestion(r4, 0x0, 0x0) 5.693361507s ago: executing program 3 (id=791): ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'gre0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x2d, 0x4, 0x0, 0x0, 0xb4, 0x0, 0x0, 0x0, 0x0, 0x0, @dev, @remote, {[@timestamp={0x44, 0x18, 0x0, 0x0, 0x9, [0x401, 0x5, 0x0, 0x0, 0x0]}, @timestamp_prespec={0x44, 0x3c, 0xc0, 0x3, 0x1, [{@private=0xa010102}, {@multicast1}, {@remote, 0x8000}, {@rand_addr=0x64010100}, {@empty}, {@multicast1, 0xffd200}, {@private=0xa010100}]}, @timestamp_prespec={0x44, 0x34, 0x0, 0x3, 0x0, [{@loopback}, {@remote}, {@multicast2, 0xb}, {@private=0xa010100}, {}, {@multicast2}]}, @noop, @noop, @noop, @rr={0x7, 0x13, 0x0, [@dev={0xac, 0x14, 0x14, 0x1}, @remote, @multicast1, @remote]}]}}}}}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000240), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r2, 0x0) r3 = dup(r1) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000}) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_RUN(r4, 0xae80, 0x0) 4.776447525s ago: executing program 0 (id=792): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0x0) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f00000001c0)={0x0, 0x0, 0x0, &(0x7f0000000380)=""/138, 0x0}) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000140)={0xc000001c}) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x0, r1}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x0, 0x0, &(0x7f00000000c0)=""/87, 0x0}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680)) ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f0000001480)={0x0, r1}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x20000) syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="120100005938d74010973077339600000001090212"], 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r3, 0x0) 4.667669734s ago: executing program 4 (id=793): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r2 = socket$netlink(0x10, 0x3, 0xf) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, &(0x7f0000000040)={'wlan0\x00'}) ioctl(r3, 0xc0189436, &(0x7f0000000040)) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f00000001c0), &(0x7f0000000080)=0xc) socket$inet6(0xa, 0x80002, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) sendmsg$ETHTOOL_MSG_LINKMODES_GET(r4, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000900)={&(0x7f0000000200)={0x20, r5, 0x403, 0x0, 0x0, {}, [@HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}]}]}, 0x20}}, 0x0) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000001080)={0x3, 0x15, &(0x7f0000000a40)=@framed={{}, [@ringbuf_output={{0x18, 0x5, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x45}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}}]}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r8, 0x0, 0xe, 0x0, &(0x7f0000000900)="e02742e86c0d85ff9782762f0800", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 4.531213156s ago: executing program 2 (id=794): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0x4008af12, &(0x7f0000000200)={0x1, 0x101}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f00000001c0)={0x0, 0x0, 0x0, &(0x7f00000002c0)=""/138, 0x0}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000a40)={0x3, 0x0, [{0x0, 0x3d, &(0x7f0000000500)=""/61}, {0x0, 0x58, &(0x7f0000000740)=""/88}, {0x0, 0xc8, &(0x7f00000007c0)=""/200}]}) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x20000) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0, 0x8b}}, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000001, 0x28011, r2, 0x0) 4.36738811s ago: executing program 4 (id=795): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket(0x0, 0xa, 0x0) r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r3) ptrace$pokeuser(0x6, r3, 0x358, 0x0) 3.203537668s ago: executing program 1 (id=796): syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x101c08a, &(0x7f0000000900)=ANY=[@ANYBLOB="73686f72746e616d653d6d697865642c696f636861727365743d69736f383835392d312c696f636861727365743d63703433372c756e695f786c6174653d302c756e695f786c6174653d302c666d61736b3d30303030303030303030303030303030303030303030332c73686f72746e616d653d77696e6e742c756e695f786c6174653d302c756e695f786c6174653d302c726f6469722c73686f72746e616d653d6d697865642c6e6f6e756d7461696c3d302c646973636172642c636f6465706167653d3933362c756d61736b3d30303030303030303030303030303030303030303030372c726f6469722c636865636b3d72656c617865642c666f776e65723d50ef4c05d26bc6d0b33da2a20e7687c1d193cea4a35ab2e2afa4807399370e1d276f2a93434fb9eb3034c72a129bb91e39ca9dd9", @ANYRESDEC=0x0, @ANYBLOB=',subj_role=[,context=unconfined_u,\x00'], 0x6, 0x2b8, &(0x7f0000000640)="$eJzs3U9rK1UYB+B30mQSdZEsXInggC5cXW7v1k2K3AtiV16yUBdabAvSBKGFgn8wduXWjQsXfgJB8IO48RsIbgV3ViiMzGSmSdqYJtJUvH2eTd+eOb+Zd6aHdrro6Ycvj472szg8++LX6HSSaPSjH+dJ9KIRta9iTv+bAAD+z87zPP7IJ9bJJRHR2VxbAMAGrfbzvzktf7qTtgCADXr67ntv7+zuPn4nyzrxZPT16aD4zb74ODm+cxgfxzAO4mF04yKifFFoRfm2UJRP8jwfN7NCL14bjU8HRXL0wc/V+Xd+jyjz29GNXjl0+bZR5t/afbydTczkx0Ufz1fX7xf5R9GNFy/Dc/lHC/IxSOP1V2f6fxDd+OWj+CSGsV82Mc1/uZ1lb+bf/vn5+0V7RT4Znw7a5bypfOuOvzQAAAAAAAAAAAAAAAAAAAAAADzDHlR757Sj3L+nGKr239m6KD5pRVbrze/PM8kn9Ylm9wfK83ycx/f1/joPsyzLq4nTfDNeas5uLAgAAAAAAAAAAAAAAAAAAAD318mnnx3tDYcHx7dS1LsBNCPir6cR//Y8/ZmRV2L55HZ1zb3hsFGV83OasyOxVc9JIpa2UdzELT2Wm4rnrvVcFT/8uO4JOzfPaS2+1m0W9eo62ksWP8N21COdapF8l0ZM56Sx4rXSfzqUxzrLL114qLv2vacvlMV4yZxIljX2xm+TJ1eNJFfvIi2f6sJ4qypm4lfWxkrrOTqT+PXvFYndOgAAAAAAAAAAAAAAAAAAYKOmf/274ODZ0mgjb2+sLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4U9P//79GMa7CK0xO4/jkP75FAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7oG/AwAA//83x1yS") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000006ac0)='cpuacct.stat\x00', 0x275a, 0x0) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r1, 0x84, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8) setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r1, 0x84, 0x15, &(0x7f00000001c0)={0xb}, 0x1) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) sendto$inet6(r1, &(0x7f0000000040)='l', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) write$binfmt_script(r0, &(0x7f0000000100), 0xb) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=@newsa={0xf0, 0x10, 0x1, 0x0, 0x0, {{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x2}, {@in6=@private1}, @in=@loopback, {}, {}, {}, 0x0, 0x0, 0xa}}, 0xf0}}, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000000100)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000003c0)={0xffffffffffffffff}) r4 = gettid() getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000040)={0x0}, &(0x7f00000001c0)=0xc) kcmp(r4, r5, 0x1, 0xffffffffffffffff, 0xffffffffffffffff) 3.203161168s ago: executing program 4 (id=797): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xcadbd000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) sendmsg$key(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00008feff0)={0x0, 0x193}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000100)={0x4, 0x0, &(0x7f00008feff0)={&(0x7f0000000180)=ANY=[@ANYBLOB="020d0000100000002f3144e900000000030006000720000002004000e0000001000000f5000000000800120002000100000000000000000030006c000201009f6eae02000000adb20200000000152c000000000000000001020014bb7acde1b8e96408d700000000030005000020000002"], 0x80}}, 0x0) r3 = socket$key(0xf, 0x3, 0x2) sendmmsg(r3, &(0x7f00000000c0), 0x2c8, 0x0) sendmsg$key(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000400)={0x2, 0x13, 0x0, 0x8, 0x2}, 0x10}}, 0x10) 3.17747804s ago: executing program 3 (id=798): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=@framed={{}, [@printk={@p, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x71}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c) setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, 0x0, 0x0) 1.05142945s ago: executing program 3 (id=799): bpf$MAP_CREATE(0x0, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00'}, 0x10) semget$private(0x0, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x2000000, 0xb, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9", 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) syz_mount_image$udf(&(0x7f0000000000), &(0x7f0000000080)='./bus\x00', 0x8000, &(0x7f0000000040)=ANY=[@ANYBLOB='\x00'], 0x2, 0x597, &(0x7f0000000c00)="$eJzs3c1rXWkZAPDnPc1NbzrtzJ22ttaOckHBMmJJ006qpjjWyQSE4oRp04UrY5N2wtwmJelIOwzahejG/8HVbBRkQN0ILnTrQnciA67ErVEGBhWnck7P/Uw0qTc3ySW/H7Q599znvOc9hzbwvJ8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAER89dWr4xfSXtcCAAAAGKSvX399fKIn/x/bq8oAAAAAA3FD/z8AAAAAAAAADLsUWXw/Ujw4tp6OFp+fqF5bWn7rwdz0zOaXjaXiykNFfP6nemHi4qWXJi9/ofnzf1+/087Ea9dvXK2/snL33uri2triQn1ueenWysLitkvo9/peLxYvoH73zbcWbt9eq0+cv9j19YPaXw4/c6o29cVXT15rxs5Nz8xc74gZqfzfd9/ACA8AAICDbTSyuBQpbpz9aToWEVn0nwtv0XYwaGNRy/Pv4iHmpmeKB2kszS/fz7+cbSbCte6ceLSZI+9CLt6XWsTxvK6jMnoAAAC2rxJZfCpSnPloPT0bEYeaefDnioUBty6gtguV3MRIRJyIiHMxBDk7AAAA7LHDkcXrkeJXjVo8V+bVRf7/lYipva4cAAAAsCNGIovLkeKDqfVUK8YDRMSLc9Mz9Ws3619bvr3SETubyh71YZ8fsJuMTQAAAGAfqEYWx4oe//X0/FNf/Y/Hjx8PpFoAAADADhqLLP4ZKT778reLdeWiWJf+uakvHb0y07nC3Oktysljz0fE2W3Oya+Uaw3OptmUsg2lPdqRhwMAAAAK1ZTFnyPFh3+sFp/Plbl5GtnrmgEAAAA7JmXxvUjx5dn1lHr2pT/Usb9/y7DP/R9s/ceqr6zce7i6dOeN+5t+f6R69Vtr91fnb23+9ZO9C7uGQ2y1jyEAAABsQyVl8fdI8dvGe628s9wDoBwB0E40373Szk2rqefbot3g2aLdoDWH4JmJic7jTVPWp1gfr1be91D/jw0AAAAHSkpZjEaKz/zm4+Xe/0diQx90Gfe7SHFl5YUyLhvN45rTBGrF39XbS43F8Tx2OlL8vNGMjSL2cBl7oh17IY/9dV7ufHdstYw9WYRGHjuRx34UKd5Y3Tz2Y+1yL+axq5HiJz+qN2OP5LFHy9hT7djzt1YaC4N7wwAAALD3KimLX0SKH/6r3pry393/3+5tf/eddn//hgX6/kuff7/9/7WOc4/KdojDZXvFyBbtFa9FijPPv9B8nqKtoDms4MleB+32ir9FitVvdMeOlrHH27EXtv1iAQAAYB9pjv///c1ftobclzlw+XHz/P8TvesDDij/79yTML/n2sO335xvNBZXh+nguxHRdSbtk4o5eKqD/B/hPqjGzhyU/6ke7Zf69HvQ169BAAA4EPL8/2akePDB+63+7jL/L4fKt/P/D7/Tzv+negsaUP5/vOPcVLneQGUkonr/7r3K6Yjq2sO3P790d/7O4p3F5YuTL02OT05evjRRGW127reP+n5XAAAAMKzy/H88Uvz1Bz9uzc/fTv//kd6CBpT/n+g4l9+z3emXn/lTv48PAAAAB0Ke//8sUvzh7HutdfS68/+O9f/fac+zP/fpJ6MFWq0DA8r/T3acqxX3jRjboWcHAAAAAAAAAAAAAAAAAACA/aKSsvh3pHi/OpLKBf+3tf7fQm9BA5r/f6rj3ELszv5/fb9UAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGFJZZLEUKT55ej29nJ/4ZsTRzp8AAADA0PtPAAAA//81ax1R") r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) read$FUSE(r1, &(0x7f0000002180)={0x2020}, 0x2020) sendfile(r1, r1, &(0x7f0000000080), 0xe0000000) r2 = geteuid() setreuid(r2, 0xee01) 1.05119128s ago: executing program 2 (id=800): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) madvise(&(0x7f0000495000/0x400000)=nil, 0x400000, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x5) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff) creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39dcdb) lsetxattr$system_posix_acl(&(0x7f0000003340)='./file0\x00', &(0x7f0000003380)='system.posix_acl_access\x00', &(0x7f00000003c0)={{}, {0x1, 0x2}, [], {}, [{0x8, 0x5}, {}, {}, {}], {0x10, 0x1}}, 0x44, 0x0) lchown(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) recvfrom$inet6(0xffffffffffffffff, 0x0, 0x0, 0x2003, &(0x7f00000000c0)={0xa, 0x0, 0x0, @private2}, 0x20000000) 1.020992813s ago: executing program 1 (id=801): setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003900)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b07080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf5af51d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa16509945ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000cf7b6c4ba9bec153d6834bfef080df374703a8ff56a63ec1fe5f2e05a79e3cace7283dd68d41e94420c325fe4dae144fde5ec25a87d625cab20753a7"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x10, 0x16, &(0x7f0000000340)=ANY=[@ANYBLOB="61122800000000006113140000000000bf1000000000000025000200091bb0ff3d030000000000008701000000000000bc26000000000000bf67000000000000150300000ee600f0670200001400000015030000ffffffffbf050000000000000f650000000000006507f4ff02000400070700006b3128fe1f75000000000000bf540000000000000705000003001500ae430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a82983d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf719506d2d6b05fe70305863f970eac3590ac99b798f8125f1c322c2a154a8a8d"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) 933.098051ms ago: executing program 4 (id=802): r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) r1 = openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000), 0x10800, 0x0) fchmod(r1, 0xd7) bpf$MAP_CREATE(0x0, 0x0, 0xffeb) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$packet(0x11, 0x0, 0x300) chdir(&(0x7f0000000240)='\xe9\x1fq\x89Y\x1e\x923aK\x00') openat2$dir(0xffffffffffffff9c, 0x0, &(0x7f0000000280), 0x18) r2 = syz_open_dev$evdev(&(0x7f0000000180), 0x0, 0x0) ioctl$EVIOCSKEYCODE_V2(r2, 0x80104592, &(0x7f0000000040)={0x0, 0x0, 0x0, 0xfffffffe, "00207d2000000000201b14700c1e0ac74f000000001200000000000900"}) ioctl$EVIOCGRAB(r2, 0x40044590, &(0x7f00000001c0)) ioctl$EVIOCGRAB(r2, 0x40044590, &(0x7f0000000280)) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000004e80)=[{{&(0x7f00000005c0)=@file={0x1, './file0\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x4000000}}, {{&(0x7f0000000740)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000bc0)=[{0x0}], 0x1, &(0x7f0000001000), 0x0, 0x4000}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000002d00)=[@cred={{0x1c, 0x1, 0x2, {r0}}}, @cred={{0x1c}}], 0x40, 0x80001}}, {{&(0x7f0000002d40)=@file={0x1, './bus\x00'}, 0x6e, 0x0, 0x0, &(0x7f0000003180)=ANY=[], 0x18, 0x40040}}, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20044041}}, {{&(0x7f0000003680)=@abs={0x0, 0x0, 0x4e23}, 0x6e, &(0x7f0000004a80), 0x0, &(0x7f0000004b40)=[@cred={{0x1c}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x40, 0x41}}], 0x6, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) 134.856098ms ago: executing program 0 (id=803): socket$nl_route(0x10, 0x3, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) syz_open_dev$midi(&(0x7f0000000400), 0xb6, 0x0) syz_io_uring_setup(0x4e5e, &(0x7f0000000080), 0x0, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r3}, &(0x7f0000000240), &(0x7f00000003c0)=r5}, 0x20) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r4, r1, 0x25, 0x2, @val=@tcx={@void, @value}}, 0x40) syz_emit_ethernet(0x22, &(0x7f0000000100)={@broadcast, @local, @val={@void}, {@can={0xc, {{}, 0x0, 0x0, 0x0, 0x0, "534ead40a3537293"}}}}, 0x0) 75.480423ms ago: executing program 3 (id=804): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180200000000000000000000000000038500000007000000850000002300000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000180)={{0x1}, &(0x7f0000000100), &(0x7f0000000140)='%pB \x00'}, 0x20) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', 0x0}) r3 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)=@bridge_setlink={0x30, 0x13, 0xa29, 0x0, 0x0, {0x7, 0x0, 0x0, r2}, [@IFLA_AF_SPEC={0x4, 0xc}, @IFLA_AF_SPEC={0xc, 0x1a, 0x0, 0x1, [@AF_INET={0x8, 0x2, 0x0, 0x1, {0x4}}]}]}, 0x30}}, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) writev(r4, &(0x7f0000000140)=[{&(0x7f00000000c0)="39000000130003470fbb65e1c3e4ffff06006000010000005600000025000000190004000400000007fd17e5ff8e0606040020000000000000", 0x39}], 0x1) r5 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_DEL_MIF(r5, 0x29, 0xc8, 0x0, 0xc000000) r6 = syz_genetlink_get_family_id$mptcp(&(0x7f0000002240), r5) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r4, &(0x7f0000002340)={&(0x7f0000002200)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000002300)={&(0x7f0000002280)={0x70, r6, 0x400, 0x70bd27, 0x25dfdbfd, {}, [@MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x7}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x1}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x3}, @MPTCP_PM_ATTR_ADDR={0x44, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @remote}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @local}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r2}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x3f}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @loopback}]}]}, 0x70}, 0x1, 0x0, 0x0, 0x8000}, 0x4802) setsockopt$sock_int(r4, 0x1, 0x9, &(0x7f0000000780)=0xec000, 0x4) socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000900)={r0, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60000002, 0x0, 0x0, 0x0, 0x0}, 0x50) 0s ago: executing program 0 (id=805): r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_CONTEXT(r0, 0x84, 0x82, 0xfffffffffffffffe, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) set_mempolicy(0x3, 0x0, 0x6) r1 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r1, &(0x7f00000001c0)={0x18, 0x0, {0x9, @multicast, 'sit0\x00'}}, 0x1e) r2 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r2, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$EVIOCGPROP(r3, 0x40047438, &(0x7f0000000180)=""/246) r4 = dup(r3) ioctl$PPPIOCCONNECT(r4, 0x40047435, &(0x7f00000002c0)=0x2) ioctl$PPPIOCGCHAN(r2, 0x80047437, &(0x7f0000001f00)) sendmmsg(r2, &(0x7f0000001cc0), 0x400000000000026, 0x0) kernel console output (not intermixed with test programs): ries) [ 260.231359][ T5896] lo speed is unknown, defaulting to 1000 [ 260.251178][ T5019] FAT-fs (loop3): Filesystem has been set read-only [ 260.275910][ T5019] FAT-fs (loop3): error, corrupted directory (invalid entries) [ 260.834448][ T3835] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 261.079026][ T3835] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 261.217160][ T3835] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 261.504521][ T3835] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 262.116167][ T3641] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 262.129302][ T3641] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 262.140442][ T3641] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 262.149764][ T3641] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 262.158742][ T3641] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 262.167515][ T3641] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 262.530214][ T5911] loop2: detected capacity change from 0 to 764 [ 262.578634][ T5902] lo speed is unknown, defaulting to 1000 [ 264.122719][ T48] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 264.133988][ T48] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 264.142350][ T48] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 264.151946][ T48] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 264.160239][ T3643] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 264.168818][ T48] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 264.231895][ T5944] loop2: detected capacity change from 0 to 512 [ 264.265355][ T48] Bluetooth: hci3: command tx timeout [ 264.312889][ T5944] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 264.331146][ T5944] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002] [ 264.341711][ T5944] System zones: 0-1, 15-15, 18-18, 34-34 [ 264.363015][ T5944] EXT4-fs (loop2): orphan cleanup on readonly fs [ 264.373995][ T5944] __quota_error: 33 callbacks suppressed [ 264.374009][ T5944] Quota error (device loop2): v2_read_header: Failed header read: expected=8 got=0 [ 264.395287][ T5944] EXT4-fs warning (device loop2): ext4_enable_quotas:7035: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 264.411899][ T5944] EXT4-fs (loop2): Cannot turn on quotas: error -22 [ 264.425143][ T5944] EXT4-fs error (device loop2): ext4_orphan_get:1422: comm syz.2.460: bad orphan inode 16 [ 264.450965][ T5944] ext4_test_bit(bit=15, block=18) = 1 [ 264.457071][ T5944] is_bad_inode(inode)=0 [ 264.461251][ T5944] NEXT_ORPHAN(inode)=0 [ 264.465858][ T5944] max_ino=32 [ 264.469201][ T5944] i_nlink=2 [ 264.472382][ T5944] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 264.601569][ T5831] EXT4-fs (loop4): unmounting filesystem. [ 264.706214][ T5341] EXT4-fs (loop2): unmounting filesystem. [ 264.740068][ T5950] loop0: detected capacity change from 0 to 2048 [ 264.803828][ T5950] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 264.900177][ T5935] lo speed is unknown, defaulting to 1000 [ 265.130283][ T5902] chnl_net:caif_netlink_parms(): no params data found [ 265.138143][ T5958] loop2: detected capacity change from 0 to 256 [ 265.481091][ T3757] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 265.759751][ T5902] bridge0: port 1(bridge_slave_0) entered blocking state [ 265.769580][ T5902] bridge0: port 1(bridge_slave_0) entered disabled state [ 265.783349][ T5902] device bridge_slave_0 entered promiscuous mode [ 265.859663][ T5902] bridge0: port 2(bridge_slave_1) entered blocking state [ 265.865200][ T3757] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 265.873842][ T5902] bridge0: port 2(bridge_slave_1) entered disabled state [ 265.886202][ T3757] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 265.886589][ T5902] device bridge_slave_1 entered promiscuous mode [ 265.896515][ T3757] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 265.921100][ T3757] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 265.931437][ T3757] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 265.969803][ T3757] usb 3-1: config 0 descriptor?? [ 266.120387][ T3835] device hsr_slave_0 left promiscuous mode [ 266.140798][ T3835] device hsr_slave_1 left promiscuous mode [ 266.155611][ T3835] device bridge_slave_1 left promiscuous mode [ 266.166112][ T3835] bridge0: port 2(bridge_slave_1) entered disabled state [ 266.184954][ T3835] device bridge_slave_0 left promiscuous mode [ 266.191197][ T3835] bridge0: port 1(bridge_slave_0) entered disabled state [ 266.265140][ T48] Bluetooth: hci5: command tx timeout [ 266.276212][ T3835] device veth1_macvtap left promiscuous mode [ 266.282298][ T3835] device veth0_macvtap left promiscuous mode [ 266.307277][ T3835] device veth1_vlan left promiscuous mode [ 266.321848][ T3835] device veth0_vlan left promiscuous mode [ 266.345171][ T48] Bluetooth: hci3: command tx timeout [ 266.457641][ T3757] plantronics 0003:047F:FFFF.0005: No inputs registered, leaving [ 266.497044][ T3757] plantronics 0003:047F:FFFF.0005: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 266.719297][ T5995] binder_alloc: 5994: pid 5994 spamming oneway? 1 buffers allocated for a total size of 4096 [ 266.761832][ T5995] binder: 5994:5995 ioctl c0306201 20000380 returned -14 [ 266.816563][ T3641] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 266.826368][ T3641] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 266.842104][ T3641] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 266.850780][ T3641] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 266.858485][ T3641] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 266.870004][ T3641] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 267.135330][ T22] usb 3-1: USB disconnect, device number 3 [ 269.593255][ T3835] team0 (unregistering): Port device team_slave_1 removed [ 269.821146][ T3835] team0 (unregistering): Port device team_slave_0 removed [ 269.977277][ T3835] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 270.132454][ T3835] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 271.023272][ T48] Bluetooth: hci5: command tx timeout [ 271.023289][ T3641] Bluetooth: hci3: command tx timeout [ 271.028885][ T3641] Bluetooth: hci2: command tx timeout [ 271.208102][ T6017] loop2: detected capacity change from 0 to 256 [ 271.240297][ T6017] exfat: Unknown parameter '184467440737095516150x0000000000000000' [ 271.395010][ T6017] loop2: detected capacity change from 0 to 512 [ 271.480236][ T3835] bond0 (unregistering): Released all slaves [ 271.610863][ T5902] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 271.622759][ T5902] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 271.835017][ T5997] lo speed is unknown, defaulting to 1000 [ 271.886237][ T5902] team0: Port device team_slave_0 added [ 271.894311][ T5902] team0: Port device team_slave_1 added [ 271.964030][ T5902] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 271.985135][ T5902] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 272.064093][ T5902] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 272.093337][ T5935] chnl_net:caif_netlink_parms(): no params data found [ 272.144085][ T5902] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 272.165096][ T5902] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 272.208839][ T5902] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 272.498223][ T5902] device hsr_slave_0 entered promiscuous mode [ 272.520014][ T5902] device hsr_slave_1 entered promiscuous mode [ 272.540293][ T5902] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 272.574399][ T5902] Cannot create hsr debugfs directory [ 272.630894][ T5935] bridge0: port 1(bridge_slave_0) entered blocking state [ 272.655152][ T5935] bridge0: port 1(bridge_slave_0) entered disabled state [ 272.663258][ T5935] device bridge_slave_0 entered promiscuous mode [ 272.720439][ T5935] bridge0: port 2(bridge_slave_1) entered blocking state [ 272.735095][ T5935] bridge0: port 2(bridge_slave_1) entered disabled state [ 272.743422][ T5935] device bridge_slave_1 entered promiscuous mode [ 272.857551][ T5935] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 272.924018][ T3835] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 272.971247][ T5935] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 273.065908][ T3641] Bluetooth: hci2: command tx timeout [ 273.065994][ T3643] Bluetooth: hci5: command tx timeout [ 273.071350][ T3641] Bluetooth: hci3: command tx timeout [ 273.089739][ T5935] team0: Port device team_slave_0 added [ 273.117153][ T3835] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 273.135835][ T5935] team0: Port device team_slave_1 added [ 273.187017][ T3835] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 273.202133][ T5997] chnl_net:caif_netlink_parms(): no params data found [ 273.284515][ T5935] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 273.292243][ T5935] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 273.319562][ T5935] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 273.366682][ T3835] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 273.387268][ T5935] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 273.396260][ T5935] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 273.427658][ T5935] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 273.617336][ T5935] device hsr_slave_0 entered promiscuous mode [ 273.624554][ T5935] device hsr_slave_1 entered promiscuous mode [ 273.634741][ T5935] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 273.642765][ T5935] Cannot create hsr debugfs directory [ 273.648481][ T5997] bridge0: port 1(bridge_slave_0) entered blocking state [ 273.656179][ T5997] bridge0: port 1(bridge_slave_0) entered disabled state [ 273.664377][ T5997] device bridge_slave_0 entered promiscuous mode [ 273.742056][ T5997] bridge0: port 2(bridge_slave_1) entered blocking state [ 273.760482][ T5997] bridge0: port 2(bridge_slave_1) entered disabled state [ 273.769427][ T5997] device bridge_slave_1 entered promiscuous mode [ 273.923237][ T5997] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 274.009221][ T5997] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 274.081160][ T3835] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 274.174517][ T5997] team0: Port device team_slave_0 added [ 274.256894][ T3835] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 274.281713][ T5997] team0: Port device team_slave_1 added [ 274.314501][ T5902] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 274.417274][ T3835] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 274.430766][ T5902] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 274.452867][ T5902] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 274.487984][ T3835] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 274.503620][ T5997] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 274.511344][ T5997] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 274.541726][ T5997] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 274.557954][ T5902] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 274.582015][ T5997] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 274.590742][ T5997] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 274.617411][ T5997] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 274.806248][ T5997] device hsr_slave_0 entered promiscuous mode [ 274.825231][ T5997] device hsr_slave_1 entered promiscuous mode [ 274.831981][ T5997] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 274.839664][ T5997] Cannot create hsr debugfs directory [ 275.145802][ T3641] Bluetooth: hci5: command tx timeout [ 275.145811][ T3643] Bluetooth: hci2: command tx timeout [ 275.190120][ T5902] 8021q: adding VLAN 0 to HW filter on device bond0 [ 275.254718][ T3768] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 275.270560][ T3768] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 275.366927][ T5902] 8021q: adding VLAN 0 to HW filter on device team0 [ 275.484250][ T3768] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 275.498184][ T3768] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 275.513007][ T3768] bridge0: port 1(bridge_slave_0) entered blocking state [ 275.520218][ T3768] bridge0: port 1(bridge_slave_0) entered forwarding state [ 275.668627][ T3768] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 275.689948][ T3768] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 275.705994][ T3768] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 275.725515][ T3768] bridge0: port 2(bridge_slave_1) entered blocking state [ 275.732620][ T3768] bridge0: port 2(bridge_slave_1) entered forwarding state [ 275.741472][ T3768] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 275.751312][ T3768] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 275.867238][ T3768] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 275.904135][ T6100] netlink: 40 bytes leftover after parsing attributes in process `syz.2.484'. [ 275.907444][ T3768] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 275.931864][ T3768] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 275.954255][ T4724] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 275.971775][ T4724] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 276.118605][ T4724] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 276.144767][ T4724] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 276.179572][ T4724] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 276.207598][ T4724] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 276.283266][ T5902] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 276.535066][ T3631] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 276.621863][ T5935] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 276.641834][ T5935] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 276.820958][ T5935] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 276.841874][ T5935] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 276.955806][ T3631] usb 3-1: config 0 has an invalid interface number: 153 but max is 0 [ 276.975244][ T3631] usb 3-1: config 0 has no interface number 0 [ 276.981360][ T3631] usb 3-1: New USB device found, idVendor=249c, idProduct=932c, bcdDevice=f9.1b [ 277.011287][ T3631] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 277.057838][ T3631] usb 3-1: config 0 descriptor?? [ 277.112535][ T3631] usb 3-1: can't set first interface for hiFace device. [ 277.125056][ T3631] snd-usb-hiface: probe of 3-1:0.153 failed with error -5 [ 277.177612][ T3768] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 277.193259][ T3768] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 277.225384][ T48] Bluetooth: hci2: command tx timeout [ 277.266727][ T5902] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 277.320434][ T3719] usb 3-1: USB disconnect, device number 4 [ 277.542527][ T3852] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 277.575764][ T3852] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 277.864320][ T5997] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 277.928635][ T5997] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 277.993401][ T5997] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 278.009840][ T4724] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 278.019172][ T4724] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 279.206144][ T5902] device veth0_vlan entered promiscuous mode [ 279.223059][ T5997] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 279.303776][ T3852] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 279.324133][ T3852] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 279.370456][ T5902] device veth1_vlan entered promiscuous mode [ 279.428109][ T5935] 8021q: adding VLAN 0 to HW filter on device bond0 [ 279.599341][ T3852] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 279.634321][ T3852] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 279.708690][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 279.736622][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 279.776012][ T5935] 8021q: adding VLAN 0 to HW filter on device team0 [ 279.882969][ T5902] device veth0_macvtap entered promiscuous mode [ 279.915501][ T5902] device veth1_macvtap entered promiscuous mode [ 279.950797][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 279.979397][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 279.988533][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 279.998572][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 280.007638][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 280.014736][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 280.037334][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 280.332375][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 280.493288][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 280.500478][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 280.655901][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 280.695839][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 280.736869][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 280.747329][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 280.756713][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 280.815883][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 280.830473][ T5902] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 280.853537][ T5902] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 280.874248][ T5902] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 280.884797][ T5902] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 280.913520][ T6166] loop1: detected capacity change from 0 to 2048 [ 280.925071][ T5902] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 280.942511][ T5902] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 280.965378][ T5902] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 280.977022][ T3835] device hsr_slave_0 left promiscuous mode [ 280.987147][ T6166] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 280.998962][ T3835] device hsr_slave_1 left promiscuous mode [ 281.035822][ T3835] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 281.043276][ T3835] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 281.101121][ T3835] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 281.115040][ T3835] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 281.147211][ T3835] device bridge_slave_1 left promiscuous mode [ 281.155960][ T3835] bridge0: port 2(bridge_slave_1) entered disabled state [ 281.382182][ T3835] device bridge_slave_0 left promiscuous mode [ 281.392199][ T3835] bridge0: port 1(bridge_slave_0) entered disabled state [ 281.579329][ T3835] device hsr_slave_0 left promiscuous mode [ 281.590910][ T3835] device hsr_slave_1 left promiscuous mode [ 281.735238][ T3835] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 281.742918][ T3835] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 281.783729][ T3835] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 281.805006][ T3835] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 281.853829][ T3835] device bridge_slave_1 left promiscuous mode [ 281.873371][ T3835] bridge0: port 2(bridge_slave_1) entered disabled state [ 281.900403][ T3835] device bridge_slave_0 left promiscuous mode [ 281.929966][ T3835] bridge0: port 1(bridge_slave_0) entered disabled state [ 282.100996][ T3835] device veth1_macvtap left promiscuous mode [ 282.108558][ T3835] device veth0_macvtap left promiscuous mode [ 282.114679][ T3835] device veth1_vlan left promiscuous mode [ 282.121453][ T3835] device veth0_vlan left promiscuous mode [ 282.137267][ T3835] device veth1_macvtap left promiscuous mode [ 282.164669][ T3835] device veth0_macvtap left promiscuous mode [ 282.214825][ T3835] device veth1_vlan left promiscuous mode [ 282.303226][ T3835] device veth0_vlan left promiscuous mode [ 283.054837][ T6194] loop2: detected capacity change from 0 to 47 [ 283.642278][ T3835] team0 (unregistering): Port device team_slave_1 removed [ 283.684744][ T3835] team0 (unregistering): Port device team_slave_0 removed [ 283.728648][ T3835] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 283.773503][ T3835] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 285.016846][ T3835] bond0 (unregistering): Released all slaves [ 285.473904][ T3835] team0 (unregistering): Port device team_slave_1 removed [ 285.515140][ T3835] team0 (unregistering): Port device team_slave_0 removed [ 285.557184][ T3835] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 285.596970][ T3835] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 286.049164][ T3835] bond0 (unregistering): Released all slaves [ 286.140241][ T5997] 8021q: adding VLAN 0 to HW filter on device bond0 [ 286.156131][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 286.164744][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 286.177197][ T5902] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 286.191123][ T5902] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 286.201920][ T5902] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 286.214621][ T5902] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 286.227177][ T5902] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 286.251306][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 286.270493][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 286.291750][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 286.310622][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 286.335775][ T5902] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 286.345385][ T5902] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 286.354174][ T5902] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 286.363364][ T5902] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 286.399637][ T5997] 8021q: adding VLAN 0 to HW filter on device team0 [ 286.425108][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 286.434116][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 286.457761][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 286.471609][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 286.479855][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 286.491568][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 286.500571][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 286.507788][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 286.549835][ T5935] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 286.627593][ T5935] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 286.729340][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 286.928119][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 286.979936][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 287.026218][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 287.052277][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 287.061270][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 287.068420][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 287.076548][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 287.090355][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 287.099229][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 287.146653][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 287.185546][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 287.239362][ T3852] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 287.269145][ T3852] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 287.310511][ T3852] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 287.401612][ T3852] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 287.500617][ T5997] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 287.526657][ T5997] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 287.532996][ T6234] loop2: detected capacity change from 0 to 256 [ 287.645628][ T3767] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 287.742435][ T3767] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 287.838581][ T6234] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d) [ 288.262712][ T3852] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 288.306808][ T3852] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 288.354362][ T3852] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 288.444701][ T26] audit: type=1800 audit(1728649028.360:52): pid=6234 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.505" name="bus" dev="loop2" ino=1048683 res=0 errno=0 [ 288.579227][ T6234] loop2: detected capacity change from 256 to 255 [ 288.588303][ T3852] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 288.596103][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 288.635929][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 288.753073][ T6244] exFAT-fs (loop2): error, invalid access to FAT free cluster (entry 0x00000005) [ 288.792166][ T5935] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 288.957570][ T5341] exFAT-fs (loop2): error, invalid access to FAT free cluster (entry 0x00000005) [ 288.967664][ T3852] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 289.005776][ T3752] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 289.033115][ T5341] exFAT-fs (loop2): error, invalid access to FAT free cluster (entry 0x00000005) [ 289.047699][ T5341] exFAT-fs (loop2): error, invalid access to FAT free cluster (entry 0x00000005) [ 289.548385][ T3752] exFAT-fs (loop2): error, invalid access to FAT free cluster (entry 0x00000005) [ 289.939372][ T3835] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 289.970860][ T3768] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 289.985204][ T3768] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 290.011481][ T5997] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 290.080107][ T3835] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 290.150750][ T3765] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 290.165535][ T3765] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 290.237893][ T3835] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 290.270134][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 290.292441][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 290.321166][ T5935] device veth0_vlan entered promiscuous mode [ 290.391844][ T3835] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 290.435704][ T48] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 290.445422][ T48] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 290.453555][ T48] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 290.467031][ T48] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 290.476833][ T48] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 290.485560][ T48] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 290.511466][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 290.537914][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 290.738951][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 290.854054][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 291.214436][ T5997] device veth0_vlan entered promiscuous mode [ 291.333455][ T5935] device veth1_vlan entered promiscuous mode [ 291.351268][ T6299] loop1: detected capacity change from 0 to 256 [ 291.403011][ T3768] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 291.416329][ T3768] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 291.441191][ T6299] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0xff6f124c, utbl_chksum : 0xe619d30d) [ 291.461758][ T3768] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 291.480736][ T3768] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 291.508415][ T5997] device veth1_vlan entered promiscuous mode [ 291.551407][ T6291] lo speed is unknown, defaulting to 1000 [ 291.564615][ T3768] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 291.671978][ T5997] device veth0_macvtap entered promiscuous mode [ 291.698998][ T3768] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 291.729027][ T3768] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 291.762192][ T3768] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 291.798435][ T5997] device veth1_macvtap entered promiscuous mode [ 291.845734][ T3852] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 291.853930][ T3852] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 291.889114][ T3852] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 291.907180][ T5935] device veth0_macvtap entered promiscuous mode [ 292.585530][ T3641] Bluetooth: hci1: command tx timeout [ 292.780723][ T5935] device veth1_macvtap entered promiscuous mode [ 292.830369][ T3765] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 292.831396][ T6315] devpts: called with bogus options [ 292.845362][ T3765] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 292.870653][ T5997] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 292.883728][ T5997] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 292.894451][ T5997] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 292.905687][ T5997] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 292.918521][ T5997] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 292.938381][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 292.947793][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 292.976964][ T5997] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 292.998155][ T5997] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 293.024896][ T5997] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 293.044961][ T5997] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 293.054806][ T5997] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 293.071102][ T5997] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 293.088308][ T5997] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 293.104153][ T5935] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 293.122360][ T5935] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 293.132721][ T5935] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 293.150066][ T5935] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 293.160989][ T5935] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 293.177339][ T5935] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 293.191342][ T5935] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 293.202680][ T5935] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 293.213660][ T5935] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 293.255000][ T5935] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 293.269713][ T5935] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 293.280531][ T5935] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 293.291691][ T5935] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 293.455016][ T5935] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 293.483988][ T5935] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 293.495806][ T5935] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 293.510302][ T3765] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 293.526501][ T3765] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 293.539725][ T3765] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 293.553337][ T3765] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 293.656957][ T3765] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 293.896572][ T3765] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 294.500780][ T5935] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 294.517609][ T5935] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 294.530200][ T5935] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 294.541514][ T5935] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 294.565751][ T5997] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 294.594879][ T5997] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 294.624041][ T5997] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 294.642947][ T5997] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 294.674943][ T48] Bluetooth: hci1: command tx timeout [ 294.879801][ T6353] raw_sendmsg: syz.3.522 forgot to set AF_INET. Fix it! [ 296.884895][ T48] Bluetooth: hci1: command tx timeout [ 298.551704][ T3852] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 298.570580][ T3852] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 298.626822][ T3767] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 298.685376][ T3852] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 298.701335][ T3852] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 298.749885][ T3834] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 298.773340][ T3852] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 298.780988][ T3834] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 298.799998][ T6291] chnl_net:caif_netlink_parms(): no params data found [ 298.863945][ T3752] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 298.880027][ T3752] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 298.905046][ T48] Bluetooth: hci1: command tx timeout [ 298.923494][ T3752] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 298.963900][ T6367] loop1: detected capacity change from 0 to 32768 [ 299.064507][ T4724] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 300.135884][ T6291] bridge0: port 1(bridge_slave_0) entered blocking state [ 300.195210][ T6291] bridge0: port 1(bridge_slave_0) entered disabled state [ 300.273981][ T6291] device bridge_slave_0 entered promiscuous mode [ 300.442928][ T6381] device syzkaller0 entered promiscuous mode [ 301.342118][ T6291] bridge0: port 2(bridge_slave_1) entered blocking state [ 301.361002][ T6291] bridge0: port 2(bridge_slave_1) entered disabled state [ 301.427888][ T6291] device bridge_slave_1 entered promiscuous mode [ 301.673433][ T6425] input: syz0 as /devices/virtual/input/input6 [ 305.221373][ T6291] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 305.239221][ T6426] lo speed is unknown, defaulting to 1000 [ 305.256857][ T6291] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 307.960368][ T6291] team0: Port device team_slave_0 added [ 308.003652][ T6291] team0: Port device team_slave_1 added [ 308.125273][ T6291] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 308.142880][ T6291] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 308.294391][ T6291] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 309.669104][ T6291] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 309.684978][ T6291] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 309.710979][ C0] vkms_vblank_simulate: vblank timer overrun [ 309.753857][ T6291] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 310.036199][ T6478] netlink: 12 bytes leftover after parsing attributes in process `syz.1.542'. [ 310.880575][ T6291] device hsr_slave_0 entered promiscuous mode [ 310.920899][ T6291] device hsr_slave_1 entered promiscuous mode [ 310.952874][ T6291] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 310.990805][ T6291] Cannot create hsr debugfs directory [ 312.330594][ T3835] device hsr_slave_0 left promiscuous mode [ 312.444628][ T3835] device hsr_slave_1 left promiscuous mode [ 312.478065][ T3835] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 312.607232][ T3835] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 312.731672][ T3835] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 312.840498][ T3835] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 313.088525][ T3835] device bridge_slave_1 left promiscuous mode [ 313.105325][ T3835] bridge0: port 2(bridge_slave_1) entered disabled state [ 313.145537][ T3835] device bridge_slave_0 left promiscuous mode [ 313.186626][ T3835] bridge0: port 1(bridge_slave_0) entered disabled state [ 313.234490][ T3835] device veth1_macvtap left promiscuous mode [ 313.240799][ T3835] device veth0_macvtap left promiscuous mode [ 313.263242][ T3835] device veth1_vlan left promiscuous mode [ 313.291764][ T3835] device veth0_vlan left promiscuous mode [ 313.334929][ T3693] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 313.351254][ T6495] loop4: detected capacity change from 0 to 1024 [ 313.392915][ T6495] hfsplus: invalid btree flag [ 313.417743][ T3641] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 313.425224][ T6495] hfsplus: failed to load catalog file [ 313.431926][ T3641] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 313.440965][ T3641] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 313.449106][ T3641] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 313.457473][ T3641] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 313.465176][ T3641] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 313.695265][ T3693] usb 2-1: config 0 has no interfaces? [ 313.702185][ T3693] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 313.736327][ T3693] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 313.777653][ T3693] usb 2-1: config 0 descriptor?? [ 314.136128][ T6514] 9pnet_fd: Insufficient options for proto=fd [ 315.546824][ T3641] Bluetooth: hci4: command tx timeout [ 315.873639][ T41] usb 2-1: USB disconnect, device number 8 [ 316.991876][ T1262] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.003491][ T1262] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.397225][ T3835] team0 (unregistering): Port device team_slave_1 removed [ 317.664995][ T3641] Bluetooth: hci4: command tx timeout [ 317.826703][ T6541] loop1: detected capacity change from 0 to 40427 [ 317.865690][ T6541] F2FS-fs (loop1): invalid crc value [ 317.883487][ T3835] team0 (unregistering): Port device team_slave_0 removed [ 317.937376][ T6541] F2FS-fs (loop1): Found nat_bits in checkpoint [ 317.948187][ T3835] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 318.010127][ T6541] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4 [ 318.044721][ T3835] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 319.082245][ T3640] syz-executor: attempt to access beyond end of device [ 319.082245][ T3640] loop1: rw=2051, sector=36912, nr_sectors = 8152 limit=40427 [ 319.136639][ T3640] syz-executor: attempt to access beyond end of device [ 319.136639][ T3640] loop1: rw=2051, sector=45096, nr_sectors = 85976 limit=40427 [ 319.167117][ T3640] F2FS-fs (loop1): Issue discard(4614, 4614, 1019) failed, ret: -5 [ 319.167169][ T3640] F2FS-fs (loop1): Issue discard(5637, 5637, 10747) failed, ret: -5 [ 319.610229][ T3835] bond0 (unregistering): Released all slaves [ 319.705756][ T48] Bluetooth: hci4: command tx timeout [ 320.409769][ T6560] device lo entered promiscuous mode [ 320.428261][ T6560] device lo left promiscuous mode [ 320.806004][ T6509] lo speed is unknown, defaulting to 1000 [ 320.817948][ T6571] binder: 6570:6571 ioctl c018620b 20000380 returned -14 [ 321.785396][ T3641] Bluetooth: hci4: command tx timeout [ 322.506517][ T3641] Bluetooth: hci0: Malformed Event: 0x02 [ 322.762997][ T6602] loop4: detected capacity change from 0 to 2048 [ 322.794290][ T6602] UDF-fs: error (device loop4): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 322.841579][ T6602] UDF-fs: error (device loop4): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 322.885009][ T6602] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found [ 322.892716][ T6602] UDF-fs: Scanning with blocksize 512 failed [ 322.949433][ T6602] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 324.194747][ T6291] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 324.261585][ T6291] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 324.298680][ T6626] loop4: detected capacity change from 0 to 512 [ 324.320957][ T6291] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 324.343705][ T6509] chnl_net:caif_netlink_parms(): no params data found [ 324.490129][ T6626] EXT4-fs error (device loop4): ext4_do_update_inode:5224: inode #16: comm syz.4.574: corrupted inode contents [ 324.509562][ T3835] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 324.545911][ T6634] loop1: detected capacity change from 0 to 2048 [ 324.545990][ T6291] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 324.604965][ T6626] EXT4-fs error (device loop4): ext4_dirty_inode:6086: inode #16: comm syz.4.574: mark_inode_dirty error [ 324.657048][ T6626] EXT4-fs error (device loop4): ext4_do_update_inode:5224: inode #16: comm syz.4.574: corrupted inode contents [ 324.659000][ T6634] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 324.692737][ T3835] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 324.707958][ T6626] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #16: comm syz.4.574: mark_inode_dirty error [ 324.725676][ T6626] EXT4-fs error (device loop4): ext4_do_update_inode:5224: inode #16: comm syz.4.574: corrupted inode contents [ 324.761727][ T6626] EXT4-fs error (device loop4) in ext4_orphan_del:305: Corrupt filesystem [ 324.778766][ T26] audit: type=1804 audit(1728649064.700:53): pid=6634 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.576" name="/newroot/175/file1/bus" dev="loop1" ino=18 res=1 errno=0 [ 324.800620][ T6626] EXT4-fs error (device loop4): ext4_do_update_inode:5224: inode #16: comm syz.4.574: corrupted inode contents [ 324.835297][ T6626] EXT4-fs error (device loop4): ext4_truncate:4311: inode #16: comm syz.4.574: mark_inode_dirty error [ 324.868152][ T26] audit: type=1804 audit(1728649064.790:54): pid=6634 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.576" name="/newroot/175/file1/bus" dev="loop1" ino=18 res=1 errno=0 [ 324.916860][ T6626] EXT4-fs error (device loop4) in ext4_process_orphan:347: Corrupt filesystem [ 324.931985][ T6626] EXT4-fs (loop4): 1 truncate cleaned up [ 324.965066][ T6626] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 325.002813][ T3768] Quota error (device loop4): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 325.013353][ T6626] ext4 filesystem being mounted at /15/file1 supports timestamps until 2038 (0x7fffffff) [ 325.032121][ T3768] EXT4-fs error (device loop4): ext4_release_dquot:6823: comm kworker/u4:10: Failed to release dquot type 1 [ 325.097658][ T3835] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 325.112089][ T6509] bridge0: port 1(bridge_slave_0) entered blocking state [ 325.120341][ T6509] bridge0: port 1(bridge_slave_0) entered disabled state [ 325.130501][ T6509] device bridge_slave_0 entered promiscuous mode [ 325.143902][ T6509] bridge0: port 2(bridge_slave_1) entered blocking state [ 325.151971][ T6509] bridge0: port 2(bridge_slave_1) entered disabled state [ 325.165903][ T6509] device bridge_slave_1 entered promiscuous mode [ 325.190735][ T26] audit: type=1800 audit(1728649065.110:55): pid=6626 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.574" name="bus" dev="loop4" ino=18 res=0 errno=0 [ 325.253510][ T3835] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 325.344703][ T6509] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 325.391045][ T3640] EXT4-fs (loop1): unmounting filesystem. [ 325.460572][ T6509] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 325.483904][ T5935] EXT4-fs error (device loop4): ext4_map_blocks:634: inode #2: block 3: comm syz-executor: lblock 0 mapped to illegal pblock 3 (length 1) [ 326.794356][ T5935] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5882: Corrupt filesystem [ 326.875589][ T6291] 8021q: adding VLAN 0 to HW filter on device bond0 [ 326.900358][ T6509] team0: Port device team_slave_0 added [ 326.941111][ T5935] EXT4-fs error (device loop4): ext4_dirty_inode:6086: inode #2: comm syz-executor: mark_inode_dirty error [ 327.044527][ T6291] 8021q: adding VLAN 0 to HW filter on device team0 [ 327.080385][ T6509] team0: Port device team_slave_1 added [ 327.097539][ T5935] EXT4-fs (loop4): unmounting filesystem. [ 327.114380][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 327.126552][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 327.134016][ T5935] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5882: Corrupt filesystem [ 327.210336][ T5935] EXT4-fs error (device loop4): ext4_quota_off:7089: inode #3: comm syz-executor: mark_inode_dirty error [ 327.222288][ T5935] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5882: Corrupt filesystem [ 327.242561][ T5935] EXT4-fs error (device loop4): ext4_quota_off:7089: inode #4: comm syz-executor: mark_inode_dirty error [ 327.363983][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 327.376544][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 327.403122][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 327.410484][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 328.056861][ T6291] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 328.144190][ T6291] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 328.352103][ T6509] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 328.361416][ T6509] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 328.414895][ T6509] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 328.433217][ T6509] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 328.443394][ T6509] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 328.479206][ T6509] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 328.528741][ T6509] device hsr_slave_0 entered promiscuous mode [ 328.535754][ T6509] device hsr_slave_1 entered promiscuous mode [ 328.542442][ T6509] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 328.550450][ T6509] Cannot create hsr debugfs directory [ 328.556722][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 328.583785][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 328.688376][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 328.760593][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 328.767787][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 328.941615][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 329.066512][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 329.151902][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 329.240932][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 329.270284][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 329.316024][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 329.330283][ T6686] loop1: detected capacity change from 0 to 2048 [ 329.357525][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 329.425892][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 329.466715][ T6686] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 329.511595][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 329.546983][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 329.560502][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 329.568637][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 330.171994][ T48] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 330.183438][ T48] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 330.192532][ T3643] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 330.202455][ T48] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 330.210467][ T3643] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 330.219563][ T48] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 330.447149][ T1107] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 330.466278][ T1107] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 33 with error 28 [ 330.479854][ T1107] EXT4-fs (loop1): This should not happen!! Data will be lost [ 330.479854][ T1107] [ 330.489967][ T1107] EXT4-fs (loop1): Total free blocks count 0 [ 330.496104][ T1107] EXT4-fs (loop1): Free/Dirty block details [ 330.502102][ T1107] EXT4-fs (loop1): free_blocks=2415919104 [ 330.509957][ T1107] EXT4-fs (loop1): dirty_blocks=48 [ 330.515224][ T1107] EXT4-fs (loop1): Block reservation details [ 330.521248][ T1107] EXT4-fs (loop1): i_reserved_data_blocks=3 [ 330.531952][ T3640] EXT4-fs (loop1): unmounting filesystem. [ 330.707628][ T6699] lo speed is unknown, defaulting to 1000 [ 330.900082][ T6291] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 330.917928][ T6695] syz.3.587 (6695): /proc/6692/oom_adj is deprecated, please use /proc/6692/oom_score_adj instead. [ 330.946539][ T3834] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 330.954085][ T3834] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 331.133861][ T3765] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 331.146219][ T3765] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 331.260523][ T3834] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 331.270070][ T3834] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 331.308835][ T3834] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 331.324778][ T3834] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 331.348650][ T6291] device veth0_vlan entered promiscuous mode [ 331.480401][ T6291] device veth1_vlan entered promiscuous mode [ 331.535318][ T6509] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 331.599487][ T6509] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 331.613926][ T6509] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 331.624607][ T6509] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 331.679222][ T6699] chnl_net:caif_netlink_parms(): no params data found [ 331.696280][ T6291] device veth0_macvtap entered promiscuous mode [ 331.705687][ T3765] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 331.713800][ T3765] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 331.722945][ T3765] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 331.732750][ T3765] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 331.742300][ T3765] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 331.787214][ T6291] device veth1_macvtap entered promiscuous mode [ 331.878503][ T6699] bridge0: port 1(bridge_slave_0) entered blocking state [ 331.893400][ T6699] bridge0: port 1(bridge_slave_0) entered disabled state [ 331.902285][ T6699] device bridge_slave_0 entered promiscuous mode [ 331.911126][ T6699] bridge0: port 2(bridge_slave_1) entered blocking state [ 331.918658][ T6699] bridge0: port 2(bridge_slave_1) entered disabled state [ 331.927110][ T6699] device bridge_slave_1 entered promiscuous mode [ 331.942399][ T6291] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 331.953067][ T6291] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 331.963118][ T6291] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 331.973674][ T6291] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 331.983649][ T6291] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 331.996579][ T6291] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 332.007875][ T6291] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 332.022136][ T3835] device hsr_slave_0 left promiscuous mode [ 332.030553][ T3835] device hsr_slave_1 left promiscuous mode [ 332.037753][ T3835] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 332.045715][ T3835] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 332.053344][ T3835] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 332.061566][ T3835] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 332.069529][ T3835] device bridge_slave_1 left promiscuous mode [ 332.076135][ T3835] bridge0: port 2(bridge_slave_1) entered disabled state [ 332.084328][ T3835] device bridge_slave_0 left promiscuous mode [ 332.092709][ T3835] bridge0: port 1(bridge_slave_0) entered disabled state [ 332.120911][ T3835] device veth1_macvtap left promiscuous mode [ 332.127085][ T3835] device veth0_macvtap left promiscuous mode [ 332.133220][ T3835] device veth1_vlan left promiscuous mode [ 332.139763][ T3835] device veth0_vlan left promiscuous mode [ 332.278270][ T3643] Bluetooth: hci2: command tx timeout [ 332.637531][ T3835] team0 (unregistering): Port device team_slave_1 removed [ 332.683107][ T3835] team0 (unregistering): Port device team_slave_0 removed [ 332.725928][ T3835] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 332.771815][ T3835] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 333.234516][ T3835] bond0 (unregistering): Released all slaves [ 333.318810][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 333.332333][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 333.343075][ T6291] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 333.362125][ T6291] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 333.372036][ T6291] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 333.382751][ T6291] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 333.392873][ T6291] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 333.404140][ T6291] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 333.415770][ T6291] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 333.437215][ T6699] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 333.449608][ T6699] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 333.459848][ T3752] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 333.475640][ T3752] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 333.488337][ T6291] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 333.497893][ T6291] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 333.507801][ T6291] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 333.517058][ T6291] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 333.573867][ T6699] team0: Port device team_slave_0 added [ 333.584020][ T6699] team0: Port device team_slave_1 added [ 333.604038][ T6509] 8021q: adding VLAN 0 to HW filter on device bond0 [ 333.686646][ T6699] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 333.693680][ T6699] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 333.726671][ T6699] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 333.745333][ T6509] 8021q: adding VLAN 0 to HW filter on device team0 [ 333.758509][ T3834] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 333.767599][ T3834] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 333.785435][ T6699] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 333.792420][ T6699] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 333.818897][ T6699] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 333.858127][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 333.872740][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 333.890137][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 333.897308][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 333.953667][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 333.963259][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 333.982374][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 333.994235][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 334.001439][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 334.016955][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 334.030454][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 334.040491][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 334.052303][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 334.061630][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 334.071274][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 334.092418][ T3752] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 334.123416][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 334.131538][ T3752] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 334.135485][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 334.151967][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 334.165439][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 334.173965][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 334.206492][ T6509] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 334.232004][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 334.250344][ T6699] device hsr_slave_0 entered promiscuous mode [ 334.262623][ T6699] device hsr_slave_1 entered promiscuous mode [ 334.272593][ T6699] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 334.280329][ T6699] Cannot create hsr debugfs directory [ 334.295688][ T1107] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 334.304036][ T1107] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 334.346501][ T3643] Bluetooth: hci2: command tx timeout [ 334.375288][ T3752] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 336.155162][ T3835] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 336.403624][ T6509] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 336.445034][ T3643] Bluetooth: hci2: command tx timeout [ 337.486640][ T3835] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 337.506484][ T6759] loop2: detected capacity change from 0 to 2048 [ 337.564699][ T6759] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 337.628129][ T26] audit: type=1804 audit(1728649077.530:56): pid=6759 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.588" name="/newroot/1/file1/bus" dev="loop2" ino=18 res=1 errno=0 [ 337.652467][ T1107] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 337.652528][ T26] audit: type=1804 audit(1728649077.540:57): pid=6759 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.588" name="/newroot/1/file1/bus" dev="loop2" ino=18 res=1 errno=0 [ 337.682801][ T1107] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 337.728815][ T3835] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 337.763299][ T1107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 337.787237][ T1107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 337.800889][ T1107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 337.819730][ T1107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 337.830789][ T1107] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 337.838946][ T1107] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 337.851090][ T6509] device veth0_vlan entered promiscuous mode [ 337.873025][ T3835] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 337.895807][ T6509] device veth1_vlan entered promiscuous mode [ 337.939614][ T3768] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 337.948804][ T3768] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 337.958972][ T3768] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 337.967728][ T3768] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 337.979791][ T6509] device veth0_macvtap entered promiscuous mode [ 337.993765][ T6509] device veth1_macvtap entered promiscuous mode [ 338.019308][ T6291] EXT4-fs (loop2): unmounting filesystem. [ 338.106287][ T6509] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 338.127149][ T6509] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 338.150511][ T6509] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 338.164300][ T6509] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 338.179137][ T6509] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 338.192698][ T6509] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 338.209962][ T6509] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 338.345779][ T4724] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 338.362658][ T4724] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 338.383361][ T4724] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 338.393052][ T4724] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 339.033418][ T6509] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 339.074656][ T6509] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 339.086617][ T6509] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 339.097528][ T6509] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 339.107813][ T6509] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 339.118612][ T6509] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 339.132783][ T3641] Bluetooth: hci2: command tx timeout [ 339.151306][ T6509] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 339.162121][ T6509] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 339.173511][ T6509] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 339.218925][ T4724] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 339.255631][ T4724] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 339.344106][ C1] TCP: request_sock_subflow_v6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 339.404205][ T6509] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 339.434965][ T6509] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 339.453898][ T6509] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 339.504141][ T6509] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 339.624169][ T6791] loop2: detected capacity change from 0 to 2048 [ 339.724563][ T6791] UDF-fs: error (device loop2): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 339.841791][ T6791] UDF-fs: error (device loop2): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 339.860120][ T6791] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [ 339.871470][ T6791] UDF-fs: Scanning with blocksize 512 failed [ 339.893888][ T6791] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 339.959449][ T4724] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 340.000706][ T4724] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 340.124326][ T4724] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 340.199973][ T4724] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 340.255409][ T4724] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 340.321469][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 340.344489][ T6699] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 340.483760][ T6699] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 340.522566][ T6699] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 340.659811][ T6699] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 340.699850][ T26] audit: type=1326 audit(1728649080.620:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6804 comm="syz.0.547" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f967c77dff9 code=0x7ffc0000 [ 340.835791][ T26] audit: type=1326 audit(1728649080.650:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6804 comm="syz.0.547" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f967c77dff9 code=0x7ffc0000 [ 340.955055][ T26] audit: type=1326 audit(1728649080.650:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6804 comm="syz.0.547" exe="/root/syz-executor" sig=0 arch=c000003e syscall=0 compat=0 ip=0x7f967c77dff9 code=0x7ffc0000 [ 341.301748][ T26] audit: type=1326 audit(1728649080.650:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6804 comm="syz.0.547" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f967c77dff9 code=0x7ffc0000 [ 341.453780][ T26] audit: type=1326 audit(1728649080.650:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6804 comm="syz.0.547" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f967c77dff9 code=0x7ffc0000 [ 341.801784][ T26] audit: type=1326 audit(1728649080.660:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6804 comm="syz.0.547" exe="/root/syz-executor" sig=0 arch=c000003e syscall=40 compat=0 ip=0x7f967c77dff9 code=0x7ffc0000 [ 341.976804][ T26] audit: type=1326 audit(1728649080.660:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6804 comm="syz.0.547" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f967c77dff9 code=0x7ffc0000 [ 342.032824][ T6699] 8021q: adding VLAN 0 to HW filter on device bond0 [ 342.128366][ T26] audit: type=1326 audit(1728649080.660:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6804 comm="syz.0.547" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f967c77dff9 code=0x7ffc0000 [ 342.218388][ T6820] loop2: detected capacity change from 0 to 4096 [ 342.230948][ T4724] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 342.282876][ T4724] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 342.322316][ T6699] 8021q: adding VLAN 0 to HW filter on device team0 [ 342.397036][ T6820] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 342.614218][ T3835] device hsr_slave_0 left promiscuous mode [ 342.622375][ T3835] device hsr_slave_1 left promiscuous mode [ 342.765649][ T3835] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 342.773870][ T3835] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 342.983874][ T3835] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 342.999754][ T3835] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 343.011741][ T3835] device bridge_slave_1 left promiscuous mode [ 343.031417][ T3835] bridge0: port 2(bridge_slave_1) entered disabled state [ 343.059739][ T3835] device bridge_slave_0 left promiscuous mode [ 343.088147][ T3835] bridge0: port 1(bridge_slave_0) entered disabled state [ 343.204022][ T3835] device veth1_macvtap left promiscuous mode [ 343.222328][ T3835] device veth0_macvtap left promiscuous mode [ 343.241746][ T3835] device veth1_vlan left promiscuous mode [ 343.268599][ T3835] device veth0_vlan left promiscuous mode [ 343.754004][ T6838] loop2: detected capacity change from 0 to 256 [ 343.808731][ T6838] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 343.887608][ T26] kauditd_printk_skb: 3 callbacks suppressed [ 343.887623][ T26] audit: type=1800 audit(1728649083.810:69): pid=6838 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.605" name="file1" dev="loop2" ino=1048707 res=0 errno=0 [ 343.931968][ T6838] exFAT-fs (loop2): hint_cluster is invalid (17) [ 344.246063][ T6846] loop1: detected capacity change from 0 to 512 [ 344.273763][ T6846] EXT4-fs: Ignoring removed orlov option [ 344.303704][ T6846] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 344.374896][ T6850] loop2: detected capacity change from 0 to 16 [ 344.532902][ T6850] erofs: (device loop2): mounted with root inode @ nid 36. [ 344.972952][ T6846] Quota error (device loop1): find_tree_dqentry: Cycle in quota tree detected: block 1 index 0 [ 345.105081][ T6846] Quota error (device loop1): qtree_read_dquot: Can't read quota structure for id 0 [ 345.114572][ T6846] EXT4-fs error (device loop1): ext4_acquire_dquot:6800: comm syz.1.606: Failed to acquire dquot type 0 [ 345.166266][ T6846] Quota error (device loop1): find_tree_dqentry: Cycle in quota tree detected: block 1 index 0 [ 345.206600][ T6846] Quota error (device loop1): qtree_read_dquot: Can't read quota structure for id 0 [ 345.230045][ T6846] EXT4-fs error (device loop1): ext4_acquire_dquot:6800: comm syz.1.606: Failed to acquire dquot type 0 [ 345.278338][ T6846] Quota error (device loop1): find_tree_dqentry: Cycle in quota tree detected: block 1 index 0 [ 345.339549][ T6846] Quota error (device loop1): qtree_read_dquot: Can't read quota structure for id 0 [ 345.373801][ T6846] EXT4-fs error (device loop1): ext4_acquire_dquot:6800: comm syz.1.606: Failed to acquire dquot type 0 [ 345.421887][ T6846] EXT4-fs (loop1): 1 orphan inode deleted [ 345.440959][ T6846] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 345.450399][ T6846] ext4 filesystem being mounted at /185/file1 supports timestamps until 2038 (0x7fffffff) [ 346.433501][ T3640] EXT4-fs (loop1): unmounting filesystem. [ 346.606326][ T6865] loop1: detected capacity change from 0 to 256 [ 346.679020][ T3835] team0 (unregistering): Port device team_slave_1 removed [ 346.804083][ T3835] team0 (unregistering): Port device team_slave_0 removed [ 347.059080][ T3835] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 348.638518][ T6877] loop0: detected capacity change from 0 to 512 [ 348.676754][ T6877] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 348.725945][ T3835] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 348.799593][ T6877] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 348.837037][ T6877] ext4 filesystem being mounted at /3/file0 supports timestamps until 2038 (0x7fffffff) [ 349.083602][ T6509] EXT4-fs (loop0): unmounting filesystem. [ 349.324995][ T152] usb 2-1: new full-speed USB device number 9 using dummy_hcd [ 349.705362][ T152] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 349.722075][ T152] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 349.752032][ T152] usb 2-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c [ 349.762134][ T152] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 349.786282][ T152] usb 2-1: config 0 descriptor?? [ 349.923955][ T6897] loop0: detected capacity change from 0 to 256 [ 349.945508][ T3835] bond0 (unregistering): Released all slaves [ 350.226650][ T3832] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 350.244679][ T3832] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 350.274227][ T3832] bridge0: port 1(bridge_slave_0) entered blocking state [ 350.281452][ T3832] bridge0: port 1(bridge_slave_0) entered forwarding state [ 350.297285][ T3832] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 350.321326][ T3834] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 350.350935][ T3834] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 350.374120][ T3834] bridge0: port 2(bridge_slave_1) entered blocking state [ 350.381297][ T3834] bridge0: port 2(bridge_slave_1) entered forwarding state [ 350.442813][ T3834] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 350.466867][ T3834] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 350.475718][ T3631] usb 2-1: USB disconnect, device number 9 [ 350.527522][ T3834] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 350.571655][ T3834] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 350.625919][ T3834] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 350.647213][ T3834] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 350.678721][ T3834] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 350.725881][ T3834] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 350.751121][ T3834] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 350.782035][ T6699] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 350.798759][ T6910] loop0: detected capacity change from 0 to 2048 [ 350.833567][ T6699] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 350.848635][ T3834] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 350.861432][ T3834] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 350.893451][ T6910] loop0: p4 < > [ 350.932088][ T3093] loop0: p4 < > [ 350.971893][ T6910] FAT-fs (loop0p4): bogus number of reserved sectors [ 351.005040][ T6910] FAT-fs (loop0p4): Can't find a valid FAT filesystem [ 351.291793][ T6917] loop0: detected capacity change from 0 to 2048 [ 351.321360][ T6916] loop1: detected capacity change from 0 to 1024 [ 351.365636][ T6916] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 351.372850][ T1107] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 351.391106][ T6917] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 351.412695][ T1107] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 351.432447][ T6699] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 351.458033][ T6924] loop2: detected capacity change from 0 to 1024 [ 351.523514][ T6924] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 351.534501][ T6916] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 351.573470][ T6924] ext4 filesystem being mounted at /12/file1 supports timestamps until 2038 (0x7fffffff) [ 351.659616][ T26] audit: type=1804 audit(1728649091.580:70): pid=6916 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.624" name="/newroot/190/file0/bus" dev="loop1" ino=18 res=1 errno=0 [ 351.685625][ T26] audit: type=1800 audit(1728649091.580:71): pid=6916 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.624" name="bus" dev="loop1" ino=18 res=0 errno=0 [ 351.770478][ T26] audit: type=1804 audit(1728649091.680:72): pid=6931 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.624" name="/newroot/190/file0/bus" dev="loop1" ino=18 res=1 errno=0 [ 351.843173][ T26] audit: type=1800 audit(1728649091.680:73): pid=6931 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.624" name="bus" dev="loop1" ino=18 res=0 errno=0 [ 351.888996][ T6291] EXT4-fs (loop2): unmounting filesystem. [ 352.157666][ T6509] EXT4-fs (loop0): unmounting filesystem. [ 352.281897][ T3640] EXT4-fs (loop1): unmounting filesystem. [ 353.183567][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 353.213873][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 353.231600][ T6948] loop1: detected capacity change from 0 to 256 [ 353.345163][ T3834] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 353.381187][ T3834] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 353.445273][ T6699] device veth0_vlan entered promiscuous mode [ 353.462998][ T3834] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 353.525723][ T3834] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 353.609705][ T6699] device veth1_vlan entered promiscuous mode [ 353.767542][ T1107] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 353.790115][ T1107] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 353.845899][ T1107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 353.892676][ T1107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 353.923085][ T6699] device veth0_macvtap entered promiscuous mode [ 353.958746][ T6699] device veth1_macvtap entered promiscuous mode [ 354.090089][ T6699] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 354.112891][ T6699] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 354.128418][ T6699] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 354.140192][ T6699] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 354.154009][ T6699] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 354.172246][ T6699] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 354.186343][ T6699] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 354.193780][ T1107] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 354.208297][ T1107] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 354.221579][ T1107] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 354.235261][ T3757] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 354.270850][ T1107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 354.302978][ T6699] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 354.334863][ T6699] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 354.354877][ T6699] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 354.374898][ T6699] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 354.384750][ T6699] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 354.414912][ T6699] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 354.440177][ T6699] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 354.460899][ T6699] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 354.507660][ T6699] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 354.539800][ T6699] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 354.561444][ T6699] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 354.585055][ T6699] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 354.604072][ T6699] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 354.630278][ T6957] netlink: 'syz.1.634': attribute type 2 has an invalid length. [ 354.630324][ T3832] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 354.649112][ T3832] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 354.691060][ T3757] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 354.709084][ T3757] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 354.720101][ T3757] usb 4-1: New USB device found, idVendor=056a, idProduct=0315, bcdDevice= 0.00 [ 354.730995][ T3757] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 354.742007][ T3757] usb 4-1: config 0 descriptor?? [ 354.831128][ T6960] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 354.989453][ T6960] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 355.104262][ T6960] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 355.142386][ T37] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 355.198387][ T37] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 355.230915][ T6960] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 355.249203][ T3757] wacom 0003:056A:0315.0006: Unknown device_type for 'HID 056a:0315'. Assuming pen. [ 355.271706][ T3757] wacom 0003:056A:0315.0006: hidraw0: USB HID v8.00 Device [HID 056a:0315] on usb-dummy_hcd.3-1/input0 [ 355.313326][ T3757] input: Wacom Intuos Pro M Pen as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:056A:0315.0006/input/input8 [ 355.351137][ T1107] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 355.358908][ T3834] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 355.378310][ T3834] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 355.417525][ T1107] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 355.546235][ T3757] usb 4-1: USB disconnect, device number 7 [ 355.629368][ T6960] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 355.684799][ T6960] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 355.710386][ T6960] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 355.737150][ T6960] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 357.932159][ T6977] device syzkaller0 entered promiscuous mode [ 359.342903][ T26] audit: type=1326 audit(1728649099.270:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7004 comm="syz.1.646" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbab977dff9 code=0x7ffc0000 [ 359.368016][ T26] audit: type=1326 audit(1728649099.280:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7004 comm="syz.1.646" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbab977dff9 code=0x7ffc0000 [ 359.392655][ T26] audit: type=1326 audit(1728649099.280:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7004 comm="syz.1.646" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fbab977c990 code=0x7ffc0000 [ 359.423354][ T26] audit: type=1326 audit(1728649099.280:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7004 comm="syz.1.646" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7fbab977f827 code=0x7ffc0000 [ 359.487112][ T26] audit: type=1326 audit(1728649099.280:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7004 comm="syz.1.646" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fbab977dff9 code=0x7ffc0000 [ 359.528108][ T26] audit: type=1326 audit(1728649099.280:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7004 comm="syz.1.646" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7fbab977f827 code=0x7ffc0000 [ 359.571001][ T26] audit: type=1326 audit(1728649099.280:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7004 comm="syz.1.646" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fbab977cc8a code=0x7ffc0000 [ 359.608119][ T26] audit: type=1326 audit(1728649099.280:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7004 comm="syz.1.646" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbab977dff9 code=0x7ffc0000 [ 359.641105][ T26] audit: type=1326 audit(1728649099.280:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7004 comm="syz.1.646" exe="/root/syz-executor" sig=0 arch=c000003e syscall=55 compat=0 ip=0x7fbab977dff9 code=0x7ffc0000 [ 359.681177][ T26] audit: type=1326 audit(1728649099.280:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7004 comm="syz.1.646" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbab977dff9 code=0x7ffc0000 [ 361.626912][ T7021] loop1: detected capacity change from 0 to 128 [ 361.666545][ T7021] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 361.766817][ T7021] overlayfs: upper fs needs to support d_type. [ 361.804183][ T7021] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 361.812791][ T7021] overlayfs: failed to set xattr on upper [ 361.824415][ T7021] overlayfs: ...falling back to index=off,metacopy=off. [ 362.363900][ T3640] UDF-fs: error (device loop1): udf_read_inode: (ino 114) failed !bh [ 362.399134][ T3640] UDF-fs: error (device loop1): udf_read_inode: (ino 114) failed !bh [ 364.411956][ T7034] loop0: detected capacity change from 0 to 1024 [ 364.427021][ T7034] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 364.477167][ T7034] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 364.530526][ T26] kauditd_printk_skb: 38 callbacks suppressed [ 364.530538][ T26] audit: type=1804 audit(1728649104.460:122): pid=7034 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.655" name="/newroot/20/file0/bus" dev="loop0" ino=18 res=1 errno=0 [ 364.578657][ T26] audit: type=1800 audit(1728649104.490:123): pid=7034 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.655" name="bus" dev="loop0" ino=18 res=0 errno=0 [ 364.635090][ T26] audit: type=1804 audit(1728649104.550:124): pid=7037 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.655" name="/newroot/20/file0/bus" dev="loop0" ino=18 res=1 errno=0 [ 364.669421][ T26] audit: type=1800 audit(1728649104.590:125): pid=7037 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.655" name="bus" dev="loop0" ino=18 res=0 errno=0 [ 365.081098][ T6509] EXT4-fs (loop0): unmounting filesystem. [ 366.389187][ T3834] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 366.476175][ T7041] kvm_set_msr_common: 48 callbacks suppressed [ 366.476194][ T7041] kvm [7039]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0xc1 data 0x5500000800 [ 366.551456][ T7041] kvm [7039]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0xc1 data 0x7100000800 [ 366.606956][ T7041] kvm [7039]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0x186 data 0xa600000000 [ 366.618478][ T7041] kvm [7039]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0x186 data 0xb200000000 [ 366.720491][ T3834] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 366.813499][ T3834] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 367.444525][ T3834] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 368.435708][ T3643] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 368.446313][ T3643] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 368.456002][ T3643] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 368.479381][ T48] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 368.491470][ T48] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 368.501678][ T48] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 368.886653][ T7068] lo speed is unknown, defaulting to 1000 [ 369.162901][ T7066] loop0: detected capacity change from 0 to 32768 [ 369.176190][ T7066] XFS: noikeep mount option is deprecated. [ 369.232646][ T3834] tipc: Disabling bearer [ 369.279598][ T3834] tipc: Left network mode [ 369.434149][ T7066] XFS (loop0): Mounting V5 Filesystem [ 369.613318][ T7066] XFS (loop0): Ending clean mount [ 369.688666][ T7066] XFS (loop0): Quotacheck needed: Please wait. [ 370.171695][ T7066] XFS (loop0): Quotacheck: Done. [ 370.585045][ T48] Bluetooth: hci0: command tx timeout [ 370.692929][ T7112] loop4: detected capacity change from 0 to 2048 [ 370.740347][ T7068] chnl_net:caif_netlink_parms(): no params data found [ 370.803641][ T7112] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 370.843120][ T7112] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 370.890299][ T7112] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 15 with max blocks 1 with error 28 [ 370.905250][ T7112] EXT4-fs (loop4): This should not happen!! Data will be lost [ 370.905250][ T7112] [ 370.915804][ T7112] EXT4-fs (loop4): Total free blocks count 0 [ 370.921908][ T7112] EXT4-fs (loop4): Free/Dirty block details [ 370.929148][ T7112] EXT4-fs (loop4): free_blocks=2415919104 [ 370.935686][ T7112] EXT4-fs (loop4): dirty_blocks=16 [ 370.941009][ T7112] EXT4-fs (loop4): Block reservation details [ 370.947437][ T7112] EXT4-fs (loop4): i_reserved_data_blocks=1 [ 371.100206][ T7068] bridge0: port 1(bridge_slave_0) entered blocking state [ 371.109249][ T7068] bridge0: port 1(bridge_slave_0) entered disabled state [ 371.123145][ T7068] device bridge_slave_0 entered promiscuous mode [ 371.171800][ T6509] XFS (loop0): Unmounting Filesystem [ 371.184763][ T7068] bridge0: port 2(bridge_slave_1) entered blocking state [ 371.215126][ T7068] bridge0: port 2(bridge_slave_1) entered disabled state [ 371.239012][ T3835] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 371.286790][ T7068] device bridge_slave_1 entered promiscuous mode [ 371.545753][ T7068] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 371.560210][ T7068] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 371.692791][ T7068] team0: Port device team_slave_0 added [ 371.722388][ T7068] team0: Port device team_slave_1 added [ 371.881917][ T7068] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 371.890666][ T7068] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 371.916764][ C1] vkms_vblank_simulate: vblank timer overrun [ 371.943537][ T7068] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 372.684667][ T7068] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 372.730173][ T48] Bluetooth: hci0: command tx timeout [ 372.748269][ T7068] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 372.790360][ T7068] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 372.932423][ T7068] device hsr_slave_0 entered promiscuous mode [ 372.939369][ T7068] device hsr_slave_1 entered promiscuous mode [ 372.947947][ T7068] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 372.957418][ T7068] Cannot create hsr debugfs directory [ 373.141035][ T3834] device hsr_slave_0 left promiscuous mode [ 373.147980][ T3834] device hsr_slave_1 left promiscuous mode [ 373.154431][ T3834] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 373.163056][ T3834] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 373.171421][ T3834] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 373.179543][ T3834] device bridge_slave_1 left promiscuous mode [ 373.186064][ T3834] bridge0: port 2(bridge_slave_1) entered disabled state [ 373.194559][ T3834] device bridge_slave_0 left promiscuous mode [ 373.202760][ T3834] bridge0: port 1(bridge_slave_0) entered disabled state [ 373.235630][ T3834] device dummy0 left promiscuous mode [ 373.241548][ T3834] device veth1_macvtap left promiscuous mode [ 373.247828][ T3834] device veth0_macvtap left promiscuous mode [ 373.253916][ T3834] device veth1_vlan left promiscuous mode [ 373.260167][ T3834] device veth0_vlan left promiscuous mode [ 373.733714][ T3834] team0 (unregistering): Port device team_slave_1 removed [ 373.774763][ T3834] team0 (unregistering): Port device team_slave_0 removed [ 373.818899][ T3834] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 373.866885][ T3834] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 374.307884][ T3834] bond0 (unregistering): Released all slaves [ 374.392471][ T3835] smc: removing ib device syz0 [ 374.745189][ T48] Bluetooth: hci0: command tx timeout [ 375.211681][ T7068] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 375.222259][ T7068] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 375.241049][ T7068] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 375.257397][ T7068] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 375.347139][ T7068] 8021q: adding VLAN 0 to HW filter on device bond0 [ 375.364423][ T3754] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 375.376125][ T3754] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 375.388251][ T7068] 8021q: adding VLAN 0 to HW filter on device team0 [ 375.398649][ T3754] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 375.409661][ T3754] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 375.418627][ T3754] bridge0: port 1(bridge_slave_0) entered blocking state [ 375.425778][ T3754] bridge0: port 1(bridge_slave_0) entered forwarding state [ 375.447437][ T3754] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 375.455595][ T3754] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 375.466495][ T3754] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 375.482468][ T3754] bridge0: port 2(bridge_slave_1) entered blocking state [ 375.489611][ T3754] bridge0: port 2(bridge_slave_1) entered forwarding state [ 375.505385][ T3754] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 375.519874][ T3754] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 375.529716][ T3754] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 375.546946][ T3754] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 375.570705][ T3754] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 375.580540][ T3754] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 375.591625][ T3754] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 375.601644][ T3754] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 375.611234][ T3754] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 375.620559][ T3754] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 375.629341][ T3754] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 375.644783][ T7068] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 375.889913][ T7068] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 375.898525][ T3765] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 375.906533][ T3765] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 375.937443][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 375.957212][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 375.989946][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 376.000720][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 376.012252][ T7068] device veth0_vlan entered promiscuous mode [ 376.027418][ T7068] device veth1_vlan entered promiscuous mode [ 376.034346][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 376.044512][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 376.058574][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 376.084737][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 376.093206][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 376.108564][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 376.123424][ T7068] device veth0_macvtap entered promiscuous mode [ 376.140414][ T7068] device veth1_macvtap entered promiscuous mode [ 376.165449][ T7068] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 376.181326][ T7068] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 376.191914][ T7068] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 376.208899][ T7068] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 376.221455][ T7068] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 376.234607][ T7068] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 376.244889][ T7068] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 376.256341][ T7068] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 376.267955][ T7068] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 376.278252][ T7068] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 376.289031][ T7068] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 376.299300][ T7068] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 376.310225][ T7068] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 376.321165][ T7068] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 376.333202][ T7068] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 376.343673][ T7068] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 376.359848][ T7068] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 376.372412][ T7068] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 376.388735][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 376.400993][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 376.411623][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 376.424209][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 376.435966][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 376.444671][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 376.458043][ T7068] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 376.467644][ T7068] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 376.478158][ T7068] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 376.487428][ T7068] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 376.581036][ T3834] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 376.599281][ T3834] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 376.631604][ T3834] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 376.642986][ T3754] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 376.657972][ T3754] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 376.680947][ T3765] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 376.786719][ T7209] loop1: detected capacity change from 0 to 256 [ 376.894980][ T48] Bluetooth: hci0: command tx timeout [ 378.460302][ T1262] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.485346][ T1262] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.275624][ T7236] loop4: detected capacity change from 0 to 512 [ 379.347281][ T7241] loop0: detected capacity change from 0 to 512 [ 379.495480][ T7236] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 379.524200][ T7236] ext4 filesystem being mounted at /7/file0 supports timestamps until 2038 (0x7fffffff) [ 380.762138][ T3634] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 380.828371][ T7241] loop0: detected capacity change from 0 to 1024 [ 380.846981][ T3634] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 380.880259][ T3634] Buffer I/O error on dev loop0, logical block 0, async page read [ 380.894480][ T7267] loop1: detected capacity change from 0 to 256 [ 380.923330][ T26] audit: type=1800 audit(1728649120.840:126): pid=7241 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.691" name="bus" dev="loop0" ino=26 res=0 errno=0 [ 382.443984][ T26] audit: type=1326 audit(1728649122.350:127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7288 comm="syz.3.693" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc321b7dff9 code=0x7ffc0000 [ 382.563386][ T7291] netlink: 'syz.0.694': attribute type 1 has an invalid length. [ 382.800356][ T26] audit: type=1326 audit(1728649122.520:128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7288 comm="syz.3.693" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7fc321b7dff9 code=0x7ffc0000 [ 382.881051][ T26] audit: type=1326 audit(1728649122.640:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7288 comm="syz.3.693" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc321b7dff9 code=0x7ffc0000 [ 383.014586][ T6699] EXT4-fs (loop4): unmounting filesystem. [ 383.066888][ T26] audit: type=1326 audit(1728649122.670:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7288 comm="syz.3.693" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc321b7dff9 code=0x7ffc0000 [ 383.524390][ T7301] IPVS: fo: SCTP 172.20.20.187:0 - no destination available [ 384.813555][ T7313] loop2: detected capacity change from 0 to 2048 [ 384.928870][ T7313] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 385.052303][ T7313] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 385.072361][ T7313] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 15 with max blocks 1 with error 28 [ 385.072397][ T7313] EXT4-fs (loop2): This should not happen!! Data will be lost [ 385.072397][ T7313] [ 385.072415][ T7313] EXT4-fs (loop2): Total free blocks count 0 [ 385.072431][ T7313] EXT4-fs (loop2): Free/Dirty block details [ 385.072447][ T7313] EXT4-fs (loop2): free_blocks=2415919104 [ 385.072477][ T7313] EXT4-fs (loop2): dirty_blocks=16 [ 385.072489][ T7313] EXT4-fs (loop2): Block reservation details [ 385.072502][ T7313] EXT4-fs (loop2): i_reserved_data_blocks=1 [ 385.514526][ T46] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 385.635155][ T48] Bluetooth: hci3: command 0x0406 tx timeout [ 388.461698][ T7359] loop2: detected capacity change from 0 to 512 [ 388.571742][ T7359] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 388.586851][ T7359] ext4 filesystem being mounted at /29/file0 supports timestamps until 2038 (0x7fffffff) [ 388.858291][ T3686] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 389.498660][ T6291] EXT4-fs (loop2): unmounting filesystem. [ 389.638234][ T3686] usb 5-1: Using ep0 maxpacket: 16 [ 389.785202][ T3686] usb 5-1: config 0 has an invalid descriptor of length 169, skipping remainder of the config [ 389.795719][ T3686] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 389.808859][ T3686] usb 5-1: New USB device found, idVendor=1e7d, idProduct=31ce, bcdDevice= 0.00 [ 389.818179][ T3686] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 389.838295][ T3686] usb 5-1: config 0 descriptor?? [ 390.081279][ T7361] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 390.095760][ T7361] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 390.155222][ T3686] usb 5-1: string descriptor 0 read error: -71 [ 390.175982][ T3686] usb 5-1: USB disconnect, device number 5 [ 393.293853][ T7397] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 393.307123][ T7397] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 393.313117][ T7397] Bluetooth: hci3: Suspend notifier action (1) failed: -4 [ 393.345011][ T7397] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 393.351171][ T7397] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 393.372951][ T7397] Bluetooth: hci1: Suspend notifier action (1) failed: -4 [ 393.406456][ T7397] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 393.443365][ T7397] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 393.489244][ T7397] Bluetooth: hci4: Suspend notifier action (1) failed: -4 [ 393.506090][ T7397] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 393.512203][ T7397] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 393.525246][ T7397] Bluetooth: hci2: Suspend notifier action (1) failed: -4 [ 393.542935][ T7397] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 393.549259][ T7397] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 393.561218][ T7397] Bluetooth: hci0: Suspend notifier action (1) failed: -4 [ 393.928690][ T7430] libceph: resolve '. [ 393.928690][ T7430] #)|.fǝa2sow?'%ЏKAqfCzeSb3L)HyoǤYMhE$ [ 393.928690][ T7430] ' (ret=-3): failed [ 393.950245][ T7432] autofs4:pid:7432:autofs_fill_super: called with bogus options [ 394.027280][ T3685] usb 3-1: new low-speed USB device number 5 using dummy_hcd [ 394.386143][ T7442] kvm: pic: non byte read [ 394.400034][ T7442] kvm: pic: non byte read [ 394.475062][ T3685] usb 3-1: config 179 has an invalid interface number: 65 but max is 0 [ 394.498122][ T3685] usb 3-1: config 179 has no interface number 0 [ 394.531062][ T3685] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 10 [ 394.568679][ T3685] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 8 [ 394.593581][ T3685] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10 [ 394.605672][ T3643] Bluetooth: hci3: command 0x0406 tx timeout [ 394.629020][ T3685] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 45824, setting to 8 [ 394.656976][ T3685] usb 3-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 394.671404][ T3685] usb 3-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 394.689072][ T3685] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 394.715111][ T7420] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 394.748215][ T7420] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 394.989867][ T3686] usb 3-1: USB disconnect, device number 5 [ 395.014885][ C0] xpad 3-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 396.078940][ T3643] Bluetooth: hci1: command 0x0c1a tx timeout [ 396.085465][ T3641] Bluetooth: hci4: command 0x0c1a tx timeout [ 396.086482][ T48] Bluetooth: hci0: command 0x0c1a tx timeout [ 396.099868][ T3641] Bluetooth: hci2: command 0x0c1a tx timeout [ 396.674938][ T48] Bluetooth: hci3: command 0x0406 tx timeout [ 396.746829][ T7460] kvm [7459]: vcpu0, guest rIP: 0x2af disabled perfctr wrmsr: 0xc2 data 0x2000 [ 396.836769][ T7465] kvm [7462]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0xc1 data 0x5500000800 [ 396.852201][ T7465] kvm [7462]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0xc1 data 0x7100000800 [ 396.873108][ T7465] kvm [7462]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0x186 data 0xa600000000 [ 396.896140][ T7465] kvm [7462]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0x186 data 0xb200000000 [ 396.961962][ T7471] kvm [7468]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0xc1 data 0x5100000800 [ 397.004912][ T3686] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 397.041601][ T7471] kvm [7468]: vcpu0, guest rIP: 0x18e ignored wrmsr: 0x11e data 0xd200000000 [ 398.085105][ T3686] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 398.096866][ T3686] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 398.107436][ T3686] usb 4-1: New USB device found, idVendor=046d, idProduct=c219, bcdDevice= 0.00 [ 398.116784][ T3686] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 398.139574][ T3686] usb 4-1: config 0 descriptor?? [ 398.192781][ T3641] Bluetooth: hci0: command 0x0c1a tx timeout [ 398.192801][ T48] Bluetooth: hci1: command 0x0c1a tx timeout [ 398.201455][ T3643] Bluetooth: hci2: command 0x0c1a tx timeout [ 398.205022][ T48] Bluetooth: hci4: command 0x0c1a tx timeout [ 398.415080][ T14] usb 1-1: new full-speed USB device number 2 using dummy_hcd [ 399.005106][ T14] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 399.401058][ T14] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 399.439772][ T14] usb 1-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 399.462991][ T14] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 399.638933][ T14] usb 1-1: config 0 descriptor?? [ 400.050012][ T14] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 400.103215][ T3686] logitech 0003:046D:C219.0007: invalid report_size 213086753 [ 400.140010][ T3686] logitech 0003:046D:C219.0007: item 0 4 1 7 parsing failed [ 400.168458][ T14] dvb-usb: bulk message failed: -22 (3/0) [ 400.198747][ T3686] logitech 0003:046D:C219.0007: parse failed [ 400.243410][ T3686] logitech: probe of 0003:046D:C219.0007 failed with error -22 [ 400.445803][ T7480] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 400.493457][ T14] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 400.510425][ T3686] usb 4-1: USB disconnect, device number 8 [ 400.525831][ T14] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 400.541814][ T14] usb 1-1: media controller created [ 400.556386][ T7480] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 400.571753][ T14] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 400.617850][ T14] dvb-usb: bulk message failed: -22 (6/0) [ 400.635404][ T14] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 400.659619][ T7501] loop1: detected capacity change from 0 to 1024 [ 400.704574][ T7501] EXT4-fs: Invalid want_extra_isize 137 [ 400.716509][ T14] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input13 [ 400.741497][ T14] dvb-usb: schedule remote query interval to 150 msecs. [ 400.749753][ T14] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 401.073428][ T14] dvb-usb: bulk message failed: -22 (1/0) [ 401.094464][ T14] dvb-usb: error while querying for an remote control event. [ 401.254958][ T14] dvb-usb: bulk message failed: -22 (1/0) [ 401.260927][ T14] dvb-usb: error while querying for an remote control event. [ 401.344698][ T14] usb 1-1: USB disconnect, device number 2 [ 401.513371][ T14] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 402.182867][ T7520] loop4: detected capacity change from 0 to 1024 [ 402.281677][ T7524] loop1: detected capacity change from 0 to 512 [ 402.349513][ T26] audit: type=1326 audit(1728649142.270:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7528 comm="syz.2.757" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f975677dff9 code=0x7ffc0000 [ 402.383240][ T7530] loop2: detected capacity change from 0 to 512 [ 402.393503][ T7530] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256 [ 402.412278][ T26] audit: type=1326 audit(1728649142.300:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7528 comm="syz.2.757" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f975677dff9 code=0x7ffc0000 [ 402.659675][ T7524] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 402.792547][ T7524] ext4 filesystem being mounted at /13/file1 supports timestamps until 2038 (0x7fffffff) [ 403.123342][ T26] audit: type=1326 audit(1728649142.300:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7528 comm="syz.2.757" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f975677dff9 code=0x7ffc0000 [ 403.240551][ T26] audit: type=1326 audit(1728649142.300:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7528 comm="syz.2.757" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f975677dff9 code=0x7ffc0000 [ 403.263469][ T26] audit: type=1326 audit(1728649142.300:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7528 comm="syz.2.757" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f975677dff9 code=0x7ffc0000 [ 403.315013][ T26] audit: type=1326 audit(1728649142.300:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7528 comm="syz.2.757" exe="/root/syz-executor" sig=0 arch=c000003e syscall=64 compat=0 ip=0x7f975677dff9 code=0x7ffc0000 [ 403.390819][ T26] audit: type=1326 audit(1728649142.300:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7528 comm="syz.2.757" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f975677dff9 code=0x7ffc0000 [ 403.427361][ T26] audit: type=1326 audit(1728649142.300:138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7528 comm="syz.2.757" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f975677dff9 code=0x7ffc0000 [ 403.657237][ T7545] loop4: detected capacity change from 0 to 2048 [ 403.705781][ T7545] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found [ 403.713569][ T7545] UDF-fs: Scanning with blocksize 512 failed [ 403.744315][ T7545] UDF-fs: error (device loop4): udf_read_tagged: tag checksum failed, block 129: 0x7d != 0x7e [ 403.757303][ T7545] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 403.888079][ T7068] EXT4-fs (loop1): unmounting filesystem. [ 404.159679][ T26] audit: type=1326 audit(1728649142.300:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7528 comm="syz.2.757" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f975677dff9 code=0x7ffc0000 [ 404.245997][ T26] audit: type=1326 audit(1728649142.300:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7528 comm="syz.2.757" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f975677dff9 code=0x7ffc0000 [ 404.411599][ T7549] netlink: 4 bytes leftover after parsing attributes in process `syz.2.762'. [ 404.479684][ T7549] device bridge0 entered promiscuous mode [ 404.486084][ T7549] device macsec1 entered promiscuous mode [ 404.511362][ T7549] device bridge0 left promiscuous mode [ 406.483234][ T7568] EXT4-fs (sda1): resizing filesystem from 262144 to 262144 blocks [ 406.886873][ T7578] loop4: detected capacity change from 0 to 256 [ 407.271708][ T7590] autofs4:pid:7590:autofs_fill_super: called with bogus options [ 408.255056][ T7601] loop4: detected capacity change from 0 to 512 [ 408.262790][ T7601] EXT4-fs: Invalid want_extra_isize 196 [ 410.467095][ T7623] loop2: detected capacity change from 0 to 1024 [ 410.548837][ T7628] libceph: resolve '. [ 410.548837][ T7628] #)|.fǝa2sow?'%ЏKAqfCzeSb3L)HyoǤYMhE$ [ 410.548837][ T7628] ' (ret=-3): failed [ 410.592821][ T7628] autofs4:pid:7628:autofs_fill_super: called with bogus options [ 410.688417][ T7629] 9pnet_fd: p9_fd_create_tcp (7629): problem connecting socket to 127.0.0.1 [ 411.474385][ T48] Bluetooth: hci1: unexpected event for opcode 0x2028 [ 413.405001][ T945] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 416.052055][ T7674] loop1: detected capacity change from 0 to 256 [ 416.498794][ T26] kauditd_printk_skb: 42 callbacks suppressed [ 416.498811][ T26] audit: type=1326 audit(1728649156.420:183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7670 comm="syz.1.796" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b6cb7dff9 code=0x7ffc0000 [ 416.528850][ T3641] Bluetooth: hci1: command 0x0c1a tx timeout [ 416.705795][ T945] usb 1-1: unable to read config index 0 descriptor/all [ 416.712985][ T945] usb 1-1: can't read configurations, error -71 [ 416.719805][ T26] audit: type=1326 audit(1728649156.460:184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7670 comm="syz.1.796" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7f9b6cb7dff9 code=0x7ffc0000 [ 416.779596][ T26] audit: type=1326 audit(1728649156.460:185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7670 comm="syz.1.796" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b6cb7dff9 code=0x7ffc0000 [ 416.802418][ T26] audit: type=1326 audit(1728649156.460:186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7670 comm="syz.1.796" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f9b6cb7dff9 code=0x7ffc0000 [ 416.825148][ T26] audit: type=1326 audit(1728649156.460:187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7670 comm="syz.1.796" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b6cb7dff9 code=0x7ffc0000 [ 416.893211][ T26] audit: type=1326 audit(1728649156.460:188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7670 comm="syz.1.796" exe="/root/syz-executor" sig=0 arch=c000003e syscall=55 compat=0 ip=0x7f9b6cb7dff9 code=0x7ffc0000 [ 417.630518][ T26] audit: type=1326 audit(1728649156.460:189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7670 comm="syz.1.796" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b6cb7dff9 code=0x7ffc0000 [ 417.701566][ T7695] netlink: 'syz.3.804': attribute type 4 has an invalid length. [ 417.718245][ T26] audit: type=1326 audit(1728649156.460:190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7670 comm="syz.1.796" exe="/root/syz-executor" sig=0 arch=c000003e syscall=312 compat=0 ip=0x7f9b6cb7dff9 code=0x7ffc0000 [ 417.804123][ T7697] [ 417.806493][ T7697] ======================================================== [ 417.813688][ T7697] WARNING: possible irq lock inversion dependency detected [ 417.820970][ T7697] 6.1.112-syzkaller #0 Not tainted [ 417.826086][ T7697] -------------------------------------------------------- [ 417.833286][ T7697] syz.0.805/7697 just changed the state of lock: [ 417.834497][ T26] audit: type=1326 audit(1728649156.460:191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7670 comm="syz.1.796" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b6cb7dff9 code=0x7ffc0000 [ 417.839608][ T7697] ffff888061d839e0 (&pch->downl){+.+.}-{2:2}, at: ppp_input+0x185/0xa00 [ 417.839666][ T7697] but this lock was taken by another, SOFTIRQ-READ-safe lock in the past: [ 417.839679][ T7697] (&pch->upl){++.-}-{2:2} [ 417.878671][ T7697] [ 417.878671][ T7697] [ 417.878671][ T7697] and interrupts could create inverse lock ordering between them. [ 417.878671][ T7697] [ 417.897417][ T7697] [ 417.897417][ T7697] other info that might help us debug this: [ 417.898952][ T26] audit: type=1326 audit(1728649156.780:192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7679 comm="syz.3.799" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc321b7dff9 code=0x7ffc0000 [ 417.905472][ T7697] Chain exists of: [ 417.905472][ T7697] &pch->upl --> &ppp->rlock --> &pch->downl [ 417.905472][ T7697] [ 417.905509][ T7697] Possible interrupt unsafe locking scenario: [ 417.905509][ T7697] [ 417.905515][ T7697] CPU0 CPU1 [ 417.905520][ T7697] ---- ---- [ 417.905524][ T7697] lock(&pch->downl); [ 417.905535][ T7697] local_irq_disable(); [ 417.905540][ T7697] lock(&pch->upl); [ 417.905553][ T7697] lock(&ppp->rlock); [ 417.905565][ T7697] [ 417.905569][ T7697] lock(&pch->upl); [ 417.905580][ T7697] [ 417.905580][ T7697] *** DEADLOCK *** [ 417.905580][ T7697] [ 417.905584][ T7697] 2 locks held by syz.0.805/7697: [ 417.905595][ T7697] #0: ffff8880263e2130 (sk_lock-AF_PPPOX){+.+.}-{0:0}, at: pppoe_sendmsg+0x4d/0x740 [ 417.905671][ T7697] #1: ffffffff8d32b000 (rcu_read_lock){....}-{1:2}, at: ppp_input+0x51/0xa00 [ 417.905720][ T7697] [ 417.905720][ T7697] the shortest dependencies between 2nd lock and 1st lock: [ 417.905743][ T7697] -> (&pch->upl){++.-}-{2:2} { [ 417.905773][ T7697] HARDIRQ-ON-W at: [ 417.905784][ T7697] lock_acquire+0x1f8/0x5a0 [ 417.905814][ T7697] _raw_write_lock_bh+0x31/0x40 [ 417.905839][ T7697] ppp_disconnect_channel+0x2f/0x2d0 [ 417.905868][ T7697] ppp_unregister_channel+0xb5/0x2f0 [ 417.905888][ T7697] ppp_asynctty_close+0xed/0x180 [ 418.075678][ T7697] tty_ldisc_kill+0xa6/0x1a0 [ 418.082438][ T7697] tty_ldisc_release+0x19d/0x200 [ 418.089539][ T7697] tty_release_struct+0x27/0xd0 [ 418.096551][ T7697] tty_release+0xcfb/0x12a0 [ 418.103211][ T7697] __fput+0x3f6/0x8d0 [ 418.109363][ T7697] task_work_run+0x246/0x300 [ 418.116122][ T7697] exit_to_user_mode_loop+0xde/0x100 [ 418.123563][ T7697] exit_to_user_mode_prepare+0xb1/0x140 [ 418.131267][ T7697] syscall_exit_to_user_mode+0x60/0x270 [ 418.138979][ T7697] do_syscall_64+0x47/0xb0 [ 418.145549][ T7697] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 418.153606][ T7697] HARDIRQ-ON-R at: [ 418.157840][ T7697] lock_acquire+0x1f8/0x5a0 [ 418.164596][ T7697] _raw_read_lock_bh+0x39/0x50 [ 418.171614][ T7697] ppp_input_error+0x5c/0x1a0 [ 418.178455][ T7697] ppp_sync_process+0x86/0x170 [ 418.185384][ T7697] tasklet_action_common+0x3cb/0x4a0 [ 418.192849][ T7697] handle_softirqs+0x2ee/0xa40 [ 418.199783][ T7697] run_ksoftirqd+0xc6/0x120 [ 418.206445][ T7697] smpboot_thread_fn+0x52c/0xa30 [ 418.213553][ T7697] kthread+0x28d/0x320 [ 418.219785][ T7697] ret_from_fork+0x1f/0x30 [ 418.226371][ T7697] IN-SOFTIRQ-R at: [ 418.230599][ T7697] lock_acquire+0x1f8/0x5a0 [ 418.237267][ T7697] _raw_read_lock_bh+0x39/0x50 [ 418.244205][ T7697] ppp_input_error+0x5c/0x1a0 [ 418.251039][ T7697] ppp_sync_process+0x86/0x170 [ 418.257988][ T7697] tasklet_action_common+0x3cb/0x4a0 [ 418.265443][ T7697] handle_softirqs+0x2ee/0xa40 [ 418.272392][ T7697] run_ksoftirqd+0xc6/0x120 [ 418.279052][ T7697] smpboot_thread_fn+0x52c/0xa30 [ 418.286170][ T7697] kthread+0x28d/0x320 [ 418.292399][ T7697] ret_from_fork+0x1f/0x30 [ 418.298977][ T7697] INITIAL USE at: [ 418.303131][ T7697] lock_acquire+0x1f8/0x5a0 [ 418.309709][ T7697] _raw_write_lock_bh+0x31/0x40 [ 418.316636][ T7697] ppp_disconnect_channel+0x2f/0x2d0 [ 418.323990][ T7697] ppp_unregister_channel+0xb5/0x2f0 [ 418.331364][ T7697] ppp_asynctty_close+0xed/0x180 [ 418.338377][ T7697] tty_ldisc_kill+0xa6/0x1a0 [ 418.345041][ T7697] tty_ldisc_release+0x19d/0x200 [ 418.352071][ T7697] tty_release_struct+0x27/0xd0 [ 418.358995][ T7697] tty_release+0xcfb/0x12a0 [ 418.365570][ T7697] __fput+0x3f6/0x8d0 [ 418.371637][ T7697] task_work_run+0x246/0x300 [ 418.378307][ T7697] exit_to_user_mode_loop+0xde/0x100 [ 418.385663][ T7697] exit_to_user_mode_prepare+0xb1/0x140 [ 418.393277][ T7697] syscall_exit_to_user_mode+0x60/0x270 [ 418.401264][ T7697] do_syscall_64+0x47/0xb0 [ 418.407770][ T7697] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 418.415749][ T7697] INITIAL READ USE at: [ 418.420339][ T7697] lock_acquire+0x1f8/0x5a0 [ 418.427375][ T7697] _raw_read_lock_bh+0x39/0x50 [ 418.434653][ T7697] ppp_input_error+0x5c/0x1a0 [ 418.441842][ T7697] ppp_sync_process+0x86/0x170 [ 418.449118][ T7697] tasklet_action_common+0x3cb/0x4a0 [ 418.456916][ T7697] handle_softirqs+0x2ee/0xa40 [ 418.464205][ T7697] run_ksoftirqd+0xc6/0x120 [ 418.471215][ T7697] smpboot_thread_fn+0x52c/0xa30 [ 418.478669][ T7697] kthread+0x28d/0x320 [ 418.485249][ T7697] ret_from_fork+0x1f/0x30 [ 418.492219][ T7697] } [ 418.494967][ T7697] ... key at: [] ppp_register_net_channel.__key.3+0x0/0x20 [ 418.504503][ T7697] ... acquired at: [ 418.508550][ T7697] lock_acquire+0x1f8/0x5a0 [ 418.513221][ T7697] _raw_spin_lock_bh+0x31/0x40 [ 418.518161][ T7697] ppp_connect_channel+0x170/0x640 [ 418.523447][ T7697] ppp_ioctl+0xbe5/0x1c90 [ 418.527964][ T7697] __se_sys_ioctl+0xf1/0x160 [ 418.532723][ T7697] do_syscall_64+0x3b/0xb0 [ 418.537297][ T7697] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 418.543378][ T7697] [ 418.545691][ T7697] -> (&ppp->wlock){+...}-{2:2} { [ 418.550894][ T7697] HARDIRQ-ON-W at: [ 418.555036][ T7697] lock_acquire+0x1f8/0x5a0 [ 418.561553][ T7697] _raw_spin_lock_bh+0x31/0x40 [ 418.568328][ T7697] ppp_get_stats64+0xbf/0x290 [ 418.575001][ T7697] dev_get_stats+0xa7/0x490 [ 418.581537][ T7697] rtnl_fill_stats+0x47/0x880 [ 418.588211][ T7697] rtnl_fill_ifinfo+0x18aa/0x2090 [ 418.595230][ T7697] rtmsg_ifinfo_build_skb+0xdc/0x180 [ 418.602508][ T7697] rtmsg_ifinfo+0x71/0x120 [ 418.608917][ T7697] register_netdevice+0x13dc/0x1720 [ 418.616104][ T7697] ppp_dev_configure+0x850/0xab0 [ 418.623027][ T7697] ppp_ioctl+0x702/0x1c90 [ 418.629343][ T7697] __se_sys_ioctl+0xf1/0x160 [ 418.635915][ T7697] do_syscall_64+0x3b/0xb0 [ 418.642325][ T7697] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 418.650222][ T7697] INITIAL USE at: [ 418.654297][ T7697] lock_acquire+0x1f8/0x5a0 [ 418.660716][ T7697] _raw_spin_lock_bh+0x31/0x40 [ 418.667385][ T7697] ppp_get_stats64+0xbf/0x290 [ 418.673984][ T7697] dev_get_stats+0xa7/0x490 [ 418.680416][ T7697] rtnl_fill_stats+0x47/0x880 [ 418.686999][ T7697] rtnl_fill_ifinfo+0x18aa/0x2090 [ 418.693926][ T7697] rtmsg_ifinfo_build_skb+0xdc/0x180 [ 418.701135][ T7697] rtmsg_ifinfo+0x71/0x120 [ 418.707461][ T7697] register_netdevice+0x13dc/0x1720 [ 418.714564][ T7697] ppp_dev_configure+0x850/0xab0 [ 418.721486][ T7697] ppp_ioctl+0x702/0x1c90 [ 418.727720][ T7697] __se_sys_ioctl+0xf1/0x160 [ 418.734210][ T7697] do_syscall_64+0x3b/0xb0 [ 418.740528][ T7697] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 418.748327][ T7697] } [ 418.750986][ T7697] ... key at: [] ppp_dev_configure.__key.65+0x0/0x20 [ 418.759918][ T7697] ... acquired at: [ 418.763878][ T7697] lock_acquire+0x1f8/0x5a0 [ 418.768549][ T7697] _raw_spin_lock_bh+0x31/0x40 [ 418.773484][ T7697] ppp_dev_uninit+0x68/0x1a0 [ 418.778237][ T7697] unregister_netdevice_many+0x11d7/0x17a0 [ 418.784217][ T7697] unregister_netdevice_queue+0x2e6/0x350 [ 418.790104][ T7697] ppp_release+0xec/0x1f0 [ 418.794595][ T7697] __fput+0x3f6/0x8d0 [ 418.798752][ T7697] task_work_run+0x246/0x300 [ 418.803510][ T7697] exit_to_user_mode_loop+0xde/0x100 [ 418.808971][ T7697] exit_to_user_mode_prepare+0xb1/0x140 [ 418.814681][ T7697] syscall_exit_to_user_mode+0x60/0x270 [ 418.820391][ T7697] do_syscall_64+0x47/0xb0 [ 418.824970][ T7697] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 418.831052][ T7697] [ 418.833362][ T7697] -> (&ppp->rlock){+...}-{2:2} { [ 418.838388][ T7697] HARDIRQ-ON-W at: [ 418.842533][ T7697] lock_acquire+0x1f8/0x5a0 [ 418.848874][ T7697] _raw_spin_lock_bh+0x31/0x40 [ 418.855470][ T7697] ppp_get_stats64+0x2f/0x290 [ 418.861960][ T7697] dev_get_stats+0xa7/0x490 [ 418.868282][ T7697] rtnl_fill_stats+0x47/0x880 [ 418.874784][ T7697] rtnl_fill_ifinfo+0x18aa/0x2090 [ 418.881648][ T7697] rtmsg_ifinfo_build_skb+0xdc/0x180 [ 418.888768][ T7697] rtmsg_ifinfo+0x71/0x120 [ 418.895026][ T7697] register_netdevice+0x13dc/0x1720 [ 418.902061][ T7697] ppp_dev_configure+0x850/0xab0 [ 418.908816][ T7697] ppp_ioctl+0x702/0x1c90 [ 418.914966][ T7697] __se_sys_ioctl+0xf1/0x160 [ 418.921369][ T7697] do_syscall_64+0x3b/0xb0 [ 418.927602][ T7697] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 418.935327][ T7697] INITIAL USE at: [ 418.939292][ T7697] lock_acquire+0x1f8/0x5a0 [ 418.945523][ T7697] _raw_spin_lock_bh+0x31/0x40 [ 418.952033][ T7697] ppp_get_stats64+0x2f/0x290 [ 418.958437][ T7697] dev_get_stats+0xa7/0x490 [ 418.964667][ T7697] rtnl_fill_stats+0x47/0x880 [ 418.971174][ T7697] rtnl_fill_ifinfo+0x18aa/0x2090 [ 418.978032][ T7697] rtmsg_ifinfo_build_skb+0xdc/0x180 [ 418.985058][ T7697] rtmsg_ifinfo+0x71/0x120 [ 418.991216][ T7697] register_netdevice+0x13dc/0x1720 [ 418.998155][ T7697] ppp_dev_configure+0x850/0xab0 [ 419.004828][ T7697] ppp_ioctl+0x702/0x1c90 [ 419.010914][ T7697] __se_sys_ioctl+0xf1/0x160 [ 419.017249][ T7697] do_syscall_64+0x3b/0xb0 [ 419.023388][ T7697] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 419.031016][ T7697] } [ 419.033592][ T7697] ... key at: [] ppp_dev_configure.__key+0x0/0x20 [ 419.042181][ T7697] ... acquired at: [ 419.046150][ T7697] lock_acquire+0x1f8/0x5a0 [ 419.050905][ T7697] _raw_spin_lock_bh+0x31/0x40 [ 419.055841][ T7697] ppp_connect_channel+0x190/0x640 [ 419.061118][ T7697] ppp_ioctl+0xbe5/0x1c90 [ 419.065645][ T7697] __se_sys_ioctl+0xf1/0x160 [ 419.070400][ T7697] do_syscall_64+0x3b/0xb0 [ 419.074984][ T7697] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 419.081046][ T7697] [ 419.083356][ T7697] -> (&pch->downl){+.+.}-{2:2} { [ 419.088293][ T7697] HARDIRQ-ON-W at: [ 419.092264][ T7697] lock_acquire+0x1f8/0x5a0 [ 419.098444][ T7697] _raw_spin_lock_bh+0x31/0x40 [ 419.104855][ T7697] ppp_unregister_channel+0x78/0x2f0 [ 419.111810][ T7697] ppp_asynctty_close+0xed/0x180 [ 419.118397][ T7697] tty_ldisc_kill+0xa6/0x1a0 [ 419.124653][ T7697] tty_ldisc_release+0x19d/0x200 [ 419.131262][ T7697] tty_release_struct+0x27/0xd0 [ 419.137761][ T7697] tty_release+0xcfb/0x12a0 [ 419.143903][ T7697] __fput+0x3f6/0x8d0 [ 419.149527][ T7697] task_work_run+0x246/0x300 [ 419.155762][ T7697] exit_to_user_mode_loop+0xde/0x100 [ 419.162693][ T7697] exit_to_user_mode_prepare+0xb1/0x140 [ 419.169880][ T7697] syscall_exit_to_user_mode+0x60/0x270 [ 419.177070][ T7697] do_syscall_64+0x47/0xb0 [ 419.183127][ T7697] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 419.190671][ T7697] SOFTIRQ-ON-W at: [ 419.194837][ T7697] lock_acquire+0x1f8/0x5a0 [ 419.201002][ T7697] _raw_spin_lock+0x2a/0x40 [ 419.207153][ T7697] ppp_input+0x185/0xa00 [ 419.213060][ T7697] pppoe_rcv_core+0x112/0x300 [ 419.219480][ T7697] __release_sock+0x198/0x4b0 [ 419.225830][ T7697] release_sock+0x5d/0x1c0 [ 419.231893][ T7697] pppoe_sendmsg+0xd1/0x740 [ 419.238048][ T7697] ____sys_sendmsg+0x5a5/0x8f0 [ 419.244464][ T7697] __sys_sendmmsg+0x3ab/0x730 [ 419.250870][ T7697] __x64_sys_sendmmsg+0x9c/0xb0 [ 419.257378][ T7697] do_syscall_64+0x3b/0xb0 [ 419.263438][ T7697] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 419.270979][ T7697] INITIAL USE at: [ 419.274870][ T7697] lock_acquire+0x1f8/0x5a0 [ 419.280949][ T7697] _raw_spin_lock_bh+0x31/0x40 [ 419.287285][ T7697] ppp_unregister_channel+0x78/0x2f0 [ 419.294145][ T7697] ppp_asynctty_close+0xed/0x180 [ 419.300676][ T7697] tty_ldisc_kill+0xa6/0x1a0 [ 419.306828][ T7697] tty_ldisc_release+0x19d/0x200 [ 419.313341][ T7697] tty_release_struct+0x27/0xd0 [ 419.319751][ T7697] tty_release+0xcfb/0x12a0 [ 419.325808][ T7697] __fput+0x3f6/0x8d0 [ 419.331347][ T7697] task_work_run+0x246/0x300 [ 419.337524][ T7697] exit_to_user_mode_loop+0xde/0x100 [ 419.344379][ T7697] exit_to_user_mode_prepare+0xb1/0x140 [ 419.351481][ T7697] syscall_exit_to_user_mode+0x60/0x270 [ 419.358587][ T7697] do_syscall_64+0x47/0xb0 [ 419.364554][ T7697] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 419.372009][ T7697] } [ 419.374507][ T7697] ... key at: [] ppp_register_net_channel.__key.1+0x0/0x20 [ 419.383797][ T7697] ... acquired at: [ 419.387596][ T7697] mark_lock+0x21c/0x340 [ 419.392016][ T7697] __lock_acquire+0xc50/0x1f80 [ 419.396953][ T7697] lock_acquire+0x1f8/0x5a0 [ 419.401643][ T7697] _raw_spin_lock+0x2a/0x40 [ 419.406331][ T7697] ppp_input+0x185/0xa00 [ 419.410740][ T7697] pppoe_rcv_core+0x112/0x300 [ 419.415618][ T7697] __release_sock+0x198/0x4b0 [ 419.420467][ T7697] release_sock+0x5d/0x1c0 [ 419.425058][ T7697] pppoe_sendmsg+0xd1/0x740 [ 419.429735][ T7697] ____sys_sendmsg+0x5a5/0x8f0 [ 419.434664][ T7697] __sys_sendmmsg+0x3ab/0x730 [ 419.439547][ T7697] __x64_sys_sendmmsg+0x9c/0xb0 [ 419.444579][ T7697] do_syscall_64+0x3b/0xb0 [ 419.449186][ T7697] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 419.455254][ T7697] [ 419.457565][ T7697] [ 419.457565][ T7697] stack backtrace: [ 419.463469][ T7697] CPU: 1 PID: 7697 Comm: syz.0.805 Not tainted 6.1.112-syzkaller #0 [ 419.471461][ T7697] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 419.481605][ T7697] Call Trace: [ 419.484894][ T7697] [ 419.487825][ T7697] dump_stack_lvl+0x1e3/0x2cb [ 419.492505][ T7697] ? nf_tcp_handle_invalid+0x642/0x642 [ 419.498055][ T7697] ? print_shortest_lock_dependencies+0xee/0x150 [ 419.504420][ T7697] ? print_irq_inversion_bug+0x323/0x390 [ 419.510068][ T7697] mark_lock_irq+0x836/0xba0 [ 419.514671][ T7697] ? save_trace+0xab0/0xab0 [ 419.519181][ T7697] ? stack_trace_snprint+0xe0/0xe0 [ 419.524296][ T7697] ? lockdep_lock+0x11f/0x2a0 [ 419.529000][ T7697] ? save_trace+0x5a/0xab0 [ 419.533460][ T7697] mark_lock+0x21c/0x340 [ 419.537814][ T7697] __lock_acquire+0xc50/0x1f80 [ 419.542596][ T7697] lock_acquire+0x1f8/0x5a0 [ 419.547149][ T7697] ? ppp_input+0x185/0xa00 [ 419.551567][ T7697] ? read_lock_is_recursive+0x10/0x10 [ 419.556959][ T7697] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 419.562936][ T7697] ? __release_sock+0x9c/0x4b0 [ 419.567707][ T7697] ? print_irqtrace_events+0x210/0x210 [ 419.573188][ T7697] _raw_spin_lock+0x2a/0x40 [ 419.577694][ T7697] ? ppp_input+0x185/0xa00 [ 419.582189][ T7697] ppp_input+0x185/0xa00 [ 419.586427][ T7697] ? __release_sock+0x9c/0x4b0 [ 419.591206][ T7697] ? ppp_input+0x51/0xa00 [ 419.595570][ T7697] pppoe_rcv_core+0x112/0x300 [ 419.600247][ T7697] __release_sock+0x198/0x4b0 [ 419.604936][ T7697] release_sock+0x5d/0x1c0 [ 419.609357][ T7697] pppoe_sendmsg+0xd1/0x740 [ 419.613878][ T7697] ? pppoe_getname+0x1b0/0x1b0 [ 419.618638][ T7697] ____sys_sendmsg+0x5a5/0x8f0 [ 419.623416][ T7697] ? __sys_sendmsg_sock+0x30/0x30 [ 419.628458][ T7697] __sys_sendmmsg+0x3ab/0x730 [ 419.633127][ T7697] ? __ia32_sys_sendmsg+0x90/0x90 [ 419.638143][ T7697] ? futex_unqueue+0xc7/0xf0 [ 419.642744][ T7697] ? futex_wait_setup+0x340/0x340 [ 419.647767][ T7697] ? futex_wake+0x4ea/0x590 [ 419.652272][ T7697] ? sock_show_fdinfo+0xb0/0xb0 [ 419.657135][ T7697] ? do_futex+0x3b5/0x490 [ 419.661483][ T7697] ? print_irqtrace_events+0x210/0x210 [ 419.666944][ T7697] ? syscall_enter_from_user_mode+0x2e/0x230 [ 419.672937][ T7697] __x64_sys_sendmmsg+0x9c/0xb0 [ 419.677780][ T7697] do_syscall_64+0x3b/0xb0 [ 419.682209][ T7697] ? clear_bhb_loop+0x45/0xa0 [ 419.686911][ T7697] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 419.692825][ T7697] RIP: 0033:0x7f967c77dff9 [ 419.697252][ T7697] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 419.716867][ T7697] RSP: 002b:00007f967d5e0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 419.725269][ T7697] RAX: ffffffffffffffda RBX: 00007f967c935f80 RCX: 00007f967c77dff9 [ 419.733245][ T7697] RDX: 0400000000000026 RSI: 0000000020001cc0 RDI: 0000000000000005 [ 419.741224][ T7697] RBP: 00007f967c7f0296 R08: 0000000000000000 R09: 0000000000000000 [ 419.749188][ T7697] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 419.757165][ T7697] R13: 0000000000000000 R14: 00007f967c935f80 R15: 00007ffe44480aa8 [ 419.765242][ T7697]