last executing test programs: 4m29.407979101s ago: executing program 3 (id=1412): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000680)=ANY=[@ANYBLOB="2c0000001100050000000000000300", @ANYRES32=r2, @ANYBLOB="01000000000000000c001a8008000580040002"], 0x2c}, 0x1, 0x0, 0x0, 0x1}, 0x0) 4m29.114361485s ago: executing program 3 (id=1414): r0 = socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x0, &(0x7f0000000080)}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) madvise(&(0x7f00002e5000/0x400000)=nil, 0x400000, 0xf) inotify_init() r4 = timerfd_create(0x8, 0x0) timerfd_settime(r4, 0x3, &(0x7f0000000140), 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r4, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB, @ANYRES32, @ANYRESDEC=0x0, @ANYRES32, @ANYBLOB='\x00'/13], 0x48) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000440)=@raw={'raw\x00', 0x3c1, 0x3, 0x3d8, 0x0, 0xc8, 0x8, 0x0, 0x5803, 0x308, 0x2e8, 0x2e8, 0x308, 0x2e8, 0x3, 0x0, {[{{@ipv6={@ipv4={'\x00', '\xff\xff', @multicast1}, @mcast1, [], [0xff, 0x0, 0x0, 0xff000000], 'erspan0\x00', 'geneve1\x00'}, 0x0, 0x190, 0x1f8, 0x0, {0x0, 0x2000000000000}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'kmp\x00', "cfcfcf0c672f61cd17ae5119b5135c2aee68d23a465cd431e1ecef50c3234e082555f67222476147864fa03182f5cf11d8c348cbd06dc8de1dcbde7d4e252c3394fed47bf78c70f607b0178fa5ea335019ac07a602061c96baebc989f1f34a214e67262c1fe4b124e0f7323a587d2a1fcfe36bbf12eca0a7b66c60c527bac2b5", 0x1a, 0x0, {0x80000}}}, @inet=@rpfilter={{0x28}, {0x6}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x17, 0x3, 0x6, 0x80000000, 'snmp\x00', 'syz0\x00', {0xe6}}}}, {{@ipv6={@ipv4={'\x00', '\xff\xff', @broadcast}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', [0xff, 0xff000000, 0xff000000, 0xff], [0xffffff00, 0x0, 0xffffff00], 'wg0\x00', 'nicvf0\x00', {0xff}, {0xff}, 0x0, 0xc0, 0x0, 0x14}, 0x0, 0xa8, 0x110}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x4, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x438) r5 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301) fsetxattr$trusted_overlay_redirect(r0, &(0x7f00000001c0), &(0x7f0000000200)='./file1\x00', 0x8, 0x2) fspick(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x1) r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='smaps\x00') lseek(r6, 0x289e0cb5, 0x0) ioctl$USBDEVFS_FREE_STREAMS(r5, 0x802c550a, 0x0) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) syz_mount_image$msdos(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x2000c8, &(0x7f00000005c0)=ANY=[@ANYBLOB='codepage=874,nodots,dots,tz=UTC,dots,nodots,codepage=862,dots,dots,check=strict,allow_utime=000000000000000000001,sys_immutable,nodots,nfs,quiet,dots,nodots,nodots,debug,usefree,tz=UTC,flush,nodots,\x00'], 0xfd, 0x1bf, &(0x7f0000000940)="$eJzs3TGL02AYB/Cn9bzmnG4TRCHg4nSon+BEThADgtJBJ4XT5SqCt0SX9mP4Af0A0qmLRGrSxkaHWmxS6++39En/edvnHZp26ZNXN99dnL+/fPvl+udIkl70T+M0Zr04jn4sTAIA2CezooivRanrXgCAdqzx/f+t5ZYAgC17/uLlkwdZdvYsTZOI6SQf5sPyscwfPc7O7qY/HNerpnk+vLLM76XN3w7z/Gpcq/L75fp0NT+MO7fLfJ49fJo18kGcb3frAAAAAAAAAAAAAAAAAAAAAADQmVuRLvx2vs/JSTM/qvLy6Kf5QI35PQdx46A6rMcDFeM2NgUAAAAAAAAAAAAAAAAAAAD/mMuPny5ej0ZvPtTFICJWn/mTole98IbL2y76sRNtKP5qke5GG6MNPwWHEbGtxmZFUax1cn2NGHR1cQIAAAAAAAAAAAAAAAAAgP9M/affX7Oki4YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoAP1/f83KMYRscbJyzc76nSrAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7LHvAQAA///DgjXa") 4m28.068046689s ago: executing program 3 (id=1415): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xe, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000400000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000020000007b8af8ff00000000bfa20000000000000702fffff8ffffffb703000008000000b70400000000000085000000030000e69400000000000000"], 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000008c0)=ANY=[], 0x50) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000b80)={0x18, 0x3, &(0x7f0000000380)=ANY=[@ANYBLOB="1800"/16], &(0x7f0000000000)='syzkaller\x00'}, 0x94) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) bind$inet6(r3, &(0x7f0000000040)={0xa, 0x4e22, 0xb, @mcast1, 0x803}, 0x1c) bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x8) chdir(&(0x7f0000000040)='./file1\x00') bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000), 0xc) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r4, 0x6, 0xe, &(0x7f0000001700)={@in6={{0xa, 0x4e24, 0xb, @mcast1, 0x81}}, 0x0, 0x0, 0x3f, 0x0, "f1990e650926a96ecc136e7fb980e989db9e8bf9b93129488f651a8de213eb94cd46e19d9c65a018444a131f4da58ae3d393dd38ea6c02965c6776267517308a3d40aa1c788df600"}, 0xd8) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r4, 0x6, 0x14, &(0x7f0000000040)=0x2, 0x4) ioctl$int_in(r4, 0x5452, &(0x7f0000000740)=0x4) 4m26.894721674s ago: executing program 3 (id=1419): syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x43, 0x0, 0x0) r0 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$binfmt_misc(r1, &(0x7f0000000040), 0xe09) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd000000801900", [0x0, 0x2000000000001]}}) 4m26.783790393s ago: executing program 3 (id=1420): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x7, &(0x7f0000000080)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r3, @ANYBLOB], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000001c0)='sched_switch\x00', r4}, 0x10) r5 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000200), 0x20800, 0x0) ioctl$RTC_SET_TIME(r5, 0x4024700a, &(0x7f00000000c0)={0x7, 0x21, 0x0, 0x17, 0x4, 0xc0, 0x5, 0x14c, 0x1}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000300)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@netfilter={0x7, 0x1, 0x7}}, 0x20) r6 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000003c0)=@newlink={0x48, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x9801, 0x1303}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LOCAL={0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x24}}]}}}, @IFLA_MTU={0x8, 0x4, 0x4243}, @IFLA_MASTER={0x8}]}, 0x48}}, 0x0) ioctl$VHOST_SET_VRING_BASE(r6, 0xaf01, 0x0) r8 = eventfd(0xc) ioctl$VHOST_SET_LOG_FD(r6, 0x4004af07, &(0x7f0000000240)=r8) ioctl$VHOST_SET_VRING_KICK(r6, 0x4008af20, &(0x7f0000000040)={0x1, r8}) ioctl$VHOST_SET_VRING_ADDR(r6, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r6, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74}) ioctl$VHOST_SET_MEM_TABLE(r6, 0x4008af03, &(0x7f0000000c40)) ioctl$VHOST_VSOCK_SET_RUNNING(r6, 0x4004af61, &(0x7f0000000000)=0x1) getpid() 4m25.501694816s ago: executing program 3 (id=1421): openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x71bd0000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) getpriority(0x2, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x20, &(0x7f0000000080)={@private=0xa010100, @dev={0xac, 0x14, 0x14, 0x38}}, 0xc) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtfilter={0x4c, 0x2c, 0xd27, 0x70bd25, 0x4, {0x0, 0x0, 0x0, 0x0, {0x4, 0x2}, {}, {0x1, 0x6}}, [@filter_kind_options=@f_flower={{0xb}, {0x1c, 0x2, [@TCA_FLOWER_KEY_ETH_DST={0xa, 0x4, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x44}}, @TCA_FLOWER_KEY_ETH_DST_MASK={0xa, 0x5, [0x0, 0xff, 0x0, 0x0, 0x0, 0xff]}]}}]}, 0x4c}}, 0x20040054) socket$nl_route(0x10, 0x3, 0x0) 4m9.964050129s ago: executing program 32 (id=1421): openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x71bd0000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) getpriority(0x2, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x20, &(0x7f0000000080)={@private=0xa010100, @dev={0xac, 0x14, 0x14, 0x38}}, 0xc) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtfilter={0x4c, 0x2c, 0xd27, 0x70bd25, 0x4, {0x0, 0x0, 0x0, 0x0, {0x4, 0x2}, {}, {0x1, 0x6}}, [@filter_kind_options=@f_flower={{0xb}, {0x1c, 0x2, [@TCA_FLOWER_KEY_ETH_DST={0xa, 0x4, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x44}}, @TCA_FLOWER_KEY_ETH_DST_MASK={0xa, 0x5, [0x0, 0xff, 0x0, 0x0, 0x0, 0xff]}]}}]}, 0x4c}}, 0x20040054) socket$nl_route(0x10, 0x3, 0x0) 16.480005592s ago: executing program 4 (id=2014): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) socket(0x10, 0x803, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000400)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r4, 0x0, &(0x7f0000001700)=""/53}, 0x20) 13.002364942s ago: executing program 0 (id=2019): syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x8, &(0x7f0000000080)={[{@sb={'sb', 0x3d, 0x1}}, {@quota}]}, 0x2, 0x53a, &(0x7f0000000c80)="$eJzs3c9vI1cdAPDvOPHmR7NNCj0AArqUwoJW6yTeNqp6YXsBoaoSouLEYRsSN4pir6PYK5qwh+yReyVW4gT8B9w4IPXEgRs3kDj0Ug5IC6xADRIHoxlPEjexE7dJ7ST+fKTJzHszO9/34n3veV5kvwBG1o2I2I2IaxHxdkTM5vlJvsXd9pZe99HThyt7Tx+uJNFqvfXPJDuf5kXHv0k9k99zMiJ++L2InyTH4za2dzaWq9XKVp6eb9Y25xvbO7fXC3lOeWlxaeHVO6+Uz62uL9R+++S762/86Pe/+8qHf9r99s/SYs38/Hp2rrMeh4pnjpnk95npyBuPiDfOfOeLYzz//8Plk7a2z0XEi1n7n42x7NUEAK6yVms2WrOdaQDgqkuf/2ciKZTyuYCZKBRKpfYc3vMxXajWG81bs/UH91cjm8Oai2LhnfVqZSGfK5yLYpKmF7Pjw3T5Y+n3Knci4rmIeG9iKjtfWqlXV4f5xgcARtgzR8b//0y0x/9OZ/8rGABw4UwOuwAAwMB1jP9zwywHADA4nv8BYPR8gvHfpwMB4Irw/A8Ao8f4DwCj59Tx/9FgygEADMQP3nwz3Vp77e+/3v+m7turlcZGqfZgpbRS39osrdXra9VKaaXVOu1+1Xp9c/Hlg2Rje+derf7gfvPeem15rXKv4rsEAGD4nnvh/b+kg/7ua1PZFh1rORir4WorDLsAwNCMDbsAwND4PA+Mrj6e8U0DwBXXZYnetnyCIOl1wWOLv8JldfOL5v9hVJ1l/t/cAVxun27+/zvnXg5g8IzhMLparcSa/wAwYszxAz3//p/r+RUhj/u4+d1PXh4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4DGayLSmUsrXAd9OfhVIp4npEzEUxeWe9WlmIiGcj4s8TxYk0vTjsQgMAZ1T4e5Kv/3Vz9qWZo2evJf+dyPYR8dNfvvWLd5ebza3FNP9fB/nNx2n+VHOrfG0YFQAAOu2vu/nBYVY2fpfzfceD/EdPH67sb4Ms4pPXI2JyKou/l2/tM+Mxnu0noxgR0/9O8nRb+n5l7Bzi7z6KiC/s138y3u2IMJPNgbRXPj0aP419/dzjd/7+j8YvfKy+hexcui9mv4vPx5HCAad6//V2P5m3vbSJ5+2vEDeyfff2P5n1UGeX9n9pc9071v8VDvq/sWPxk6zN3zhIn1ySJy//4fvHMluz7XOPIr403i1+chA/6d7/Fl/qs44ffPmrL/Y61/pVxM2u9d9fkbqWdbPzzdrmfGN75/Z6bXmtsla5Xy4vLS4tvHrnlfJ8Nkfd/vnHbjH+8dqtZ3vFT+s/3SP+5Mn1j2/0Wf9f/+/tH3/thPjf+nr31//5E+KnY+I3+4y/PH235/LdafzVHvU/5fWPW33G//BvO6t9XgoADEBje2djuVqtbJ1ykL7XPO0aB/0fpM/2F6AY2UHsRpzXDbNJiYjoek36jvpiVPmzOkiGFv03533DYfdMwGftsNH3vuavgywQAAAAAAAAAAAAAABwTGN7Z2Oi+6e1zu1g2HUEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg6vp/AAAA//9W1cZQ") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{0xffffffffffffffff, 0xffffffffffffffff}, &(0x7f0000000b00), &(0x7f0000000300)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xe, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000400000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000020000007b8af8ff00000000bfa20000000000000702fffff8ffffffb703000008000000b70400000000000085000000030000e69400000000000000"], 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB], 0x50) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000b80)={0x18, 0x3, &(0x7f0000000380)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x94) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x8) chdir(&(0x7f0000000040)='./file1\x00') r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r4, 0x6, 0x14, &(0x7f0000000040)=0x2, 0x4) ioctl$int_in(r4, 0x5452, &(0x7f0000000740)=0x4) 12.943128097s ago: executing program 4 (id=2021): socket$unix(0x1, 0x2, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/bus/input/devices\x00', 0x0, 0x0) r0 = syz_io_uring_setup(0xa0, &(0x7f0000000640)={0x0, 0x105cc6, 0x0, 0x0, 0x207}, &(0x7f0000000040)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, 0x0) io_uring_enter(r0, 0x847ba, 0x0, 0xe, 0x0, 0x0) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x801, 0x0) ioctl$UI_DEV_SETUP(r3, 0x405c5503, &(0x7f0000000380)={{0x0, 0x400, 0x4b, 0x9}, 'syz0\x00', 0x11}) ioctl$UI_DEV_SETUP(r3, 0x5501, 0x0) r4 = syz_open_dev$evdev(&(0x7f0000000040), 0xfffffffffffffffe, 0x2) dup3(r4, r3, 0x80000) 11.864608284s ago: executing program 2 (id=2023): r0 = socket$inet_smc(0x2b, 0x1, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x24) ioctl$KVM_CAP_DIRTY_LOG_RING(r3, 0x4068aea3, &(0x7f0000000680)) openat$audio(0xffffff9c, 0x0, 0x1052c0, 0x0) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r2, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x10) sendmsg$NFT_BATCH(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000740)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a4c000000060a0bfe6ecd77084f21c01e020000000900010073797a30000000000900020073797a320000000018000480140001800b0001006c6f6f6b757000000400028007000740effafa00140000001100010000000000000000000300000a"], 0x74}}, 0x10) r5 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) r6 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r6, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r6, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x0, r7, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r6, 0xc06864ce, &(0x7f0000000440)={r8}) r9 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r9, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a4c000000060a09040000000000000000020000040900010073797a30000000000900020073797a3200000000200004801c0001800b00010065787468647200000c5a02800800064000000003140000001100010000000000000000000000000a"], 0x74}, 0x1, 0x0, 0x0, 0x8080}, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r5, 0xc02064b2, &(0x7f0000000140)={0x3ff, 0x2, 0xb5}) ioctl$DRM_IOCTL_MODE_GETFB2(r6, 0xc06864ce, &(0x7f0000000200)={r8, 0x0, 0x0, 0x0, 0x0, [0x0]}) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r6, 0xc00c642e, &(0x7f0000000300)) ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f00000004c0)={&(0x7f0000000100)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000280)=[0x0, 0x0], &(0x7f00000002c0)=[0x0, 0x0, 0x0, 0x0], 0x8, 0xa, 0x2, 0x4}) ioctl$DRM_IOCTL_MODE_ATOMIC(r6, 0xc03864bc, &(0x7f0000000640)={0x1, 0x0, &(0x7f0000000500), &(0x7f0000000540)=[0x335, 0xefffff98, 0xd9d0, 0xfff, 0x8], &(0x7f0000000580), &(0x7f00000005c0)=[0xfffffffffffffc00, 0x9, 0x9, 0xffffffffffff0001, 0x5, 0x1, 0x8000, 0x8, 0x5], 0x0, 0x4a07}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r6, 0xc00c642d, &(0x7f0000000040)={r10}) close_range(r0, 0xffffffffffffffff, 0x0) 11.851976835s ago: executing program 4 (id=2024): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x7, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000001c0)='sched_switch\x00', r4}, 0x10) r5 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000200), 0x20800, 0x0) ioctl$RTC_SET_TIME(r5, 0x4024700a, &(0x7f00000000c0)={0x7, 0x21, 0x0, 0x17, 0x4, 0xc0, 0x5, 0x14c, 0x1}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000300)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@netfilter={0x7, 0x1, 0x7}}, 0x20) r6 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000003c0)=@newlink={0x40, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x9801, 0x1303}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LOCAL={0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x24}}]}}}, @IFLA_MASTER={0x8}]}, 0x40}}, 0x0) ioctl$VHOST_SET_VRING_BASE(r6, 0xaf01, 0x0) r8 = eventfd(0xc) ioctl$VHOST_SET_LOG_FD(r6, 0x4004af07, &(0x7f0000000240)=r8) ioctl$VHOST_SET_VRING_KICK(r6, 0x4008af20, &(0x7f0000000040)={0x1, r8}) ioctl$VHOST_SET_VRING_ADDR(r6, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r6, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74}) ioctl$VHOST_SET_MEM_TABLE(r6, 0x4008af03, &(0x7f0000000c40)) ioctl$VHOST_VSOCK_SET_RUNNING(r6, 0x4004af61, &(0x7f0000000000)=0x1) getpid() 8.903016173s ago: executing program 4 (id=2025): sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x200000000000011, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) bind$packet(r1, &(0x7f0000000180)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @multicast}, 0x14) getsockname$packet(r1, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="38000000540001000000000000c4000007008209", @ANYRES32=r3, @ANYBLOB="20000100", @ANYRES32, @ANYBLOB="00000001e000030000000000000000000000000008"], 0x38}, 0x1, 0x0, 0x0, 0x880}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 7.927852262s ago: executing program 4 (id=2026): socketpair(0x15, 0x3, 0x1, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$rds(r0, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000980)=[{&(0x7f00000006c0)=""/85, 0x55}, {&(0x7f0000000740)=""/127, 0x7f}, {&(0x7f00000007c0)=""/2, 0x2}, {&(0x7f0000000800)=""/194, 0xc2}, {&(0x7f0000000900)=""/124, 0x7c}], 0x5, &(0x7f0000000a80)=[@rdma_dest={0x18, 0x114, 0x2, {0x9, 0x4}}, @mask_cswp={0x58, 0x114, 0x9, {{0x17, 0x80000000}, 0x0, &(0x7f0000000a40)=0xcb1e, 0x0, 0x7, 0x3, 0x5e13, 0x78, 0x1000000000000}}], 0x70, 0x4000000}, 0x4000080) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) write$P9_RSTATu(0xffffffffffffffff, &(0x7f00000004c0)=ANY=[@ANYBLOB="930200007d00000005f0000000000000040000000000000000000000000000000000000000000000000000000000000000001f00206e6f6465767b6376666f7892ffffff8102000000000031ffcebc920000003800704a86cec602007dfa673effeb09b5351f5bde05f700000000187b8200b500003b595fcb14"], 0x232) r3 = accept4(r2, 0x0, 0x0, 0x800) sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 7.927556921s ago: executing program 0 (id=2027): openat$vicodec0(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0) syz_usb_connect(0x0, 0x24, 0x0, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) fanotify_mark(0xffffffffffffffff, 0x94, 0x40000000, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) syz_open_dev$vbi(0x0, 0x0, 0x2) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r0, 0x0, 0x800) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f00000003c0), 0x101a02, 0x0) r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000002c0), 0x80, 0x0) ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r3, 0x3ba0, &(0x7f0000000400)={0x48, 0x2, r4}) ioctl$IOMMU_IOAS_MAP$PAGES(r3, 0x3b85, &(0x7f0000000180)={0x28, 0x2, r4, 0x0, &(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x100000000}) ioctl$IOMMU_HWPT_ALLOC$NONE(r3, 0x3b89, 0x0) close_range(r2, 0xffffffffffffffff, 0x0) r5 = socket$inet6_sctp(0xa, 0x801, 0x84) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r6, 0x8933, &(0x7f0000000140)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_GET_DAT_CACHE(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r7, @ANYBLOB="030300000000000000000600140008000300", @ANYRES32=r8, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x8000) syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0), r6) connect$inet6(r5, &(0x7f00000001c0)={0xa, 0x4e23, 0x7f, @mcast1, 0x8001}, 0x1c) shutdown(r5, 0x1) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r5, 0x84, 0x17, &(0x7f0000000340)={0x0, 0x8}, 0x8) readlink(&(0x7f0000000100)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x0) r9 = socket$packet(0x11, 0x2, 0x300) mmap(&(0x7f0000000000/0x2000)=nil, 0x30000, 0x2, 0x11, r9, 0x0) 7.494334386s ago: executing program 4 (id=2028): write$cgroup_int(0xffffffffffffffff, &(0x7f0000000000), 0x12) socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0xfffffffffffffffe, 0xfffffffb}, 0x0) syz_usb_connect(0x0, 0x5f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000b1f203401e0903003bd7010203010902"], 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x4, &(0x7f0000000140)={0x0, 0x218000, 0x1800, 0x3, 0x2}, 0x37) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000000), 0xfea7) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000280)={{{@in6=@remote, @in=@multicast1, 0xfffd, 0x0, 0x4e20, 0x0, 0x2, 0x0, 0x0, 0x11}, {0x0, 0x4, 0x1, 0xfffffffffffffffc, 0x0, 0x9}, {0x1ff, 0xffffffffe, 0x4053e5, 0x20}, 0x6, 0x1, 0x1, 0x0, 0x1, 0x2}, {{@in6=@remote, 0x1, 0x32}, 0xa, @in=@loopback, 0x3502, 0x1, 0x0, 0x0, 0x6, 0xfffffffd}}, 0xe4) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}, 0x9df}, 0x1c) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(0xffffffffffffffff, 0xc0b45545, &(0x7f0000000040)=0x1000) syz_open_dev$sndpcmc(0x0, 0xfffffffffffffffd, 0x200080) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) listen(r3, 0xfff) shutdown(r3, 0x0) accept(r3, 0xfffffffffffffffd, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'lo\x00'}) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)=0x1f00, 0x12) 6.264120946s ago: executing program 1 (id=2030): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="680000001300010000000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006772653000000000000000000000000034001a80100002800c000180080021000000000020000a80050008"], 0x68}}, 0x0) 6.043114573s ago: executing program 1 (id=2031): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000004c0)='dctcp\x00', 0x6) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x2, 0x200, @loopback, 0x7}, 0x1c) setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4) sendto$inet6(r0, &(0x7f0000000280)="32780f64398323", 0x7, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0xffff, @loopback, 0x3}, 0x1c) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000380)='bic\x00', 0x4) shutdown(r0, 0x1) 5.854598089s ago: executing program 1 (id=2032): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xe, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000400000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000020000007b8af8ff00000000bfa20000000000000702fffff8ffffffb703000008000000b70400000000000085000000030000e69400000000000000"], 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x50) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000b80)={0x18, 0x3, &(0x7f0000000380)=ANY=[@ANYBLOB="1800"/16], &(0x7f0000000000)='syzkaller\x00'}, 0x94) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) bind$inet6(r3, &(0x7f0000000040)={0xa, 0x4e22, 0xb, @mcast1, 0x803}, 0x1c) bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x8) chdir(&(0x7f0000000040)='./file1\x00') bpf$PROG_BIND_MAP(0xa, 0x0, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r4, 0x6, 0xe, &(0x7f0000001700)={@in6={{0xa, 0x4e24, 0xb, @mcast1, 0x81}}, 0x0, 0x0, 0x3f, 0x0, "f1990e650926a96ecc136e7fb980e989db9e8bf9b93129488f651a8de213eb94cd46e19d9c65a018444a131f4da58ae3d393dd38ea6c02965c6776267517308a3d40aa1c788df600"}, 0xd8) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r4, 0x6, 0x14, 0x0, 0x0) ioctl$int_in(r4, 0x5452, &(0x7f0000000740)=0x4) 5.579829971s ago: executing program 2 (id=2033): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x7, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000001c0)='sched_switch\x00', r4}, 0x10) r5 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000200), 0x20800, 0x0) ioctl$RTC_SET_TIME(r5, 0x4024700a, &(0x7f00000000c0)={0x7, 0x21, 0x0, 0x17, 0x4, 0xc0, 0x5, 0x14c, 0x1}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000300)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@netfilter={0x7, 0x1, 0x7}}, 0x20) r6 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000003c0)=@newlink={0x40, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x9801, 0x1303}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LOCAL={0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x24}}]}}}, @IFLA_MASTER={0x8}]}, 0x40}}, 0x0) ioctl$VHOST_SET_VRING_BASE(r6, 0xaf01, 0x0) r8 = eventfd(0xc) ioctl$VHOST_SET_LOG_FD(r6, 0x4004af07, &(0x7f0000000240)=r8) ioctl$VHOST_SET_VRING_KICK(r6, 0x4008af20, &(0x7f0000000040)={0x1, r8}) ioctl$VHOST_SET_VRING_ADDR(r6, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r6, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74}) ioctl$VHOST_SET_MEM_TABLE(r6, 0x4008af03, &(0x7f0000000c40)) ioctl$VHOST_VSOCK_SET_RUNNING(r6, 0x4004af61, &(0x7f0000000000)=0x1) getpid() 4.753915927s ago: executing program 1 (id=2034): r0 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r0, &(0x7f00000000c0)={0x18, 0x0, {0x2, @local, 'ip6_vti0\x00'}}, 0x1e) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x4, 0x12, r1, 0x1750b000) ioctl$PPPOEIOCSFWD(r0, 0x4008b100, 0x0) 3.702757852s ago: executing program 2 (id=2035): syz_emit_ethernet(0x36, &(0x7f0000001800)={@link_local, @local, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x64, 0x0, 0x4, 0x2, 0x0, @empty=0xb00, @multicast2}, @timestamp_reply={0x11, 0x0, 0x0, 0xe000, 0x2, 0x2, 0x0, 0xff80000}}}}}, 0x0) 3.668141815s ago: executing program 0 (id=2036): r0 = socket$nl_route(0x10, 0x3, 0x0) socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'wg0\x00'}) mkdirat(0xffffffffffffff9c, 0x0, 0x0) inotify_init() bpf$MAP_CREATE(0x0, 0x0, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bf"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sched_switch\x00', r1}, 0x18) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdir(&(0x7f00000003c0)='./file0\x00', 0x21) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0) mkdir(&(0x7f0000000200)='./bus\x00', 0x10) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chroot(&(0x7f0000000000)='./bus\x00') openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, 0x0) 3.467898601s ago: executing program 1 (id=2037): socketpair(0x15, 0x3, 0x1, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$rds(r0, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000980)=[{&(0x7f00000006c0)=""/85, 0x55}, {&(0x7f0000000740)=""/127, 0x7f}, {&(0x7f00000007c0)=""/2, 0x2}, {&(0x7f0000000800)=""/194, 0xc2}, {&(0x7f0000000900)=""/124, 0x7c}], 0x5, &(0x7f0000000a80)=[@rdma_dest={0x18, 0x114, 0x2, {0x9, 0x4}}, @mask_cswp={0x58, 0x114, 0x9, {{0x17, 0x80000000}, 0x0, &(0x7f0000000a40)=0xcb1e, 0x0, 0x7, 0x3, 0x5e13, 0x78, 0x1000000000000}}], 0x70, 0x4000000}, 0x4000080) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) write$P9_RSTATu(0xffffffffffffffff, &(0x7f00000004c0)=ANY=[@ANYBLOB="930200007d00000005f0000000000000040000000000000000000000000000000000000000000000000000000000000000001f00206e6f6465767b6376666f7892ffffff8102000000000031ffcebc920000003800704a86cec602007dfa673effeb09b5351f5bde05f700000000187b8200b500003b595fcb14"], 0x232) r3 = accept4(r2, 0x0, 0x0, 0x800) sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 3.467688621s ago: executing program 2 (id=2038): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) socket(0x10, 0x803, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000400)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r4, 0x0, &(0x7f0000001700)=""/53}, 0x20) 1.62028949s ago: executing program 2 (id=2039): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="6800000013000100"/18, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006772653000000000000000000000000034001a80100002800c000180080021000000000020000a80050008"], 0x68}}, 0x0) 1.48846365s ago: executing program 0 (id=2040): ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) write$sndseq(r0, &(0x7f0000000180)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}], 0x38) write$sndseq(r0, &(0x7f0000000200)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x0, 0x0}}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @control}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @connect}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"448cc880fe353ca0f2c2e953"}}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @connect}], 0xc4) write$sndseq(r0, &(0x7f0000000640)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {0x8}, @ext={0x0, 0x0}}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @addr}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @connect}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @connect}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @control={0x6, 0x7fff, 0x8}}, {0x0, 0x0, 0x0, 0x0, @time={0xffffff81}, {}, {}, @time=@time}], 0xc4) write$sndseq(r0, &(0x7f0000002840)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @control}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @addr}], 0x54) write$sndseq(r0, &(0x7f0000000300)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @result}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @queue}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x0, 0x0}}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @time}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @connect}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @control}], 0xc4) write$sndseq(r0, &(0x7f0000000a40)=[{0x0, 0x0, 0x0, 0x0, @time}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @queue}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @queue}], 0x8c) write$sndseq(0xffffffffffffffff, &(0x7f0000000000)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @addr}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @control}], 0x54) write$sndseq(r0, &(0x7f0000000f80)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @queue}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @quote}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @addr}, {}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @quote}], 0xc4) write$sndseq(r0, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @queue}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @time=@time}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @control}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @result}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time}], 0x8c) write$sndseq(r0, &(0x7f0000000740)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @time=@time}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @queue}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @result}], 0x8c) write$sndseq(r0, &(0x7f0000000b00)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @result}, {}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"b5f8fbe8c20c855083221c33"}}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @addr}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @control}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x0, 0x0}}], 0xc4) write$sndseq(r0, &(0x7f00000004c0)=[{0x81, 0x80, 0x2, 0x4, @time={0x8, 0x5}, {0x3, 0x31}, {0xff, 0x7f}, @queue={0x80, {0x8, 0x4}}}, {0x8, 0x2, 0x8f, 0x6, @time={0x3, 0x1cddab93}, {0x0, 0x6e}, {0xf2, 0x30}, @addr={0x9, 0x1}}, {0x8, 0x7, 0x0, 0xe3, @time={0x200, 0x9}, {0x8}, {0x6, 0x1}, @raw8={"7aa27555b79e43403e7fa600"}}, {0x0, 0x7, 0x3, 0x6, @time={0x0, 0x7}, {0x8, 0xfd}, {0x93, 0x80}, @queue={0x14, {0x10, 0x80}}}, {0x6, 0x8, 0x3, 0x40, @tick=0xf6, {0x2, 0x8}, {0x3}, @ext={0x0, 0x0}}, {0xba, 0x6, 0x54, 0x7, @time={0xe5b, 0x10001}, {0x80, 0x8}, {0x2, 0x7f}, @control={0x5, 0x40, 0x5}}, {0x3, 0xc, 0x4, 0x6, @time={0x6, 0x1}, {0x10, 0x4}, {0x8, 0xa}, @raw8={"80408bcf99ee1216e4e59519"}}, {0xd2, 0x5, 0xd9, 0x0, @time={0x8, 0x4}, {0x54, 0x6}, {0x8, 0x8}, @result={0x5, 0x6}}, {0xcf, 0x1, 0xff, 0x5, @tick=0x9, {0x4, 0xb3}, {0x80, 0xd}, @control={0x66, 0x800, 0x3}}], 0xfc) write$sndseq(r0, &(0x7f0000000800)=[{0x0, 0x0, 0x0, 0x0, @time={0xb, 0x3}, {}, {}, @connect}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x0, 0x0}}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @control}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}, {0x0, 0x0, 0x0, 0x0, @time, {}, {0x0, 0xe7}}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @time=@time}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw8={"ce274516c7da5b6da0b16993"}}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"b134b141793d8609365bda4d"}}, {}], 0xfc) write$sndseq(r0, &(0x7f0000000d00)=[{0x0, 0x0, 0x0, 0x0, @time}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"49cbee45cad57a0372831665"}}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x0, 0x0}}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @queue}], 0x8c) 1.37581207s ago: executing program 1 (id=2041): r0 = socket$inet_smc(0x2b, 0x1, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x24) ioctl$KVM_CAP_DIRTY_LOG_RING(r3, 0x4068aea3, &(0x7f0000000680)) openat$audio(0xffffff9c, 0x0, 0x1052c0, 0x0) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r2, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x10) sendmsg$NFT_BATCH(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000740)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a4c000000060a0bfe6ecd77084f21c01e020000000900010073797a30000000000900020073797a320000000018000480140001800b0001006c6f6f6b757000000400028007000740effafa00140000001100010000000000000000000300000a"], 0x74}}, 0x10) r5 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) r6 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r6, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r6, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x0, r7, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r6, 0xc06864ce, &(0x7f0000000440)={r8, 0x0, 0x0, 0x0, 0x0, [0x0]}) r10 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r10, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r10, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a4c000000060a09040000000000000000020000040900010073797a30000000000900020073797a3200000000200004801c0001800b00010065787468647200000c5a02800800064000000003140000001100010000000000000000000000000a"], 0x74}, 0x1, 0x0, 0x0, 0x8080}, 0x0) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r5, 0xc00c642d, &(0x7f0000000080)={r9, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_MODE_GETFB2(r6, 0xc06864ce, &(0x7f0000000200)={r8, 0x0, 0x0, 0x0, 0x0, [0x0]}) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r6, 0xc00c642e, &(0x7f0000000300)={0x0, 0x0, r11}) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r11, 0xc04064a0, &(0x7f00000004c0)={&(0x7f0000000100)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000280)=[0x0, 0x0], &(0x7f00000002c0)=[0x0, 0x0, 0x0, 0x0], 0x8, 0xa, 0x2, 0x4}) ioctl$DRM_IOCTL_MODE_ATOMIC(r6, 0xc03864bc, &(0x7f0000000640)={0x1, 0x0, &(0x7f0000000500), &(0x7f0000000540)=[0x335, 0xefffff98, 0xd9d0, 0xfff, 0x8], &(0x7f0000000580), &(0x7f00000005c0)=[0xfffffffffffffc00, 0x9, 0x9, 0xffffffffffff0001, 0x5, 0x1, 0x8000, 0x8, 0x5], 0x0, 0x4a07}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r6, 0xc00c642d, &(0x7f0000000040)={r12}) close_range(r0, 0xffffffffffffffff, 0x0) 1.24951981s ago: executing program 0 (id=2042): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xe, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000400000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000020000007b8af8ff00000000bfa20000000000000702fffff8ffffffb703000008000000b70400000000000085000000030000e69400000000000000"], 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x50) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000b80)={0x18, 0x3, &(0x7f0000000380)=ANY=[@ANYBLOB="1800"/16], &(0x7f0000000000)='syzkaller\x00'}, 0x94) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) bind$inet6(r3, &(0x7f0000000040)={0xa, 0x4e22, 0xb, @mcast1, 0x803}, 0x1c) bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x8) chdir(&(0x7f0000000040)='./file1\x00') bpf$PROG_BIND_MAP(0xa, 0x0, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r4, 0x6, 0xe, &(0x7f0000001700)={@in6={{0xa, 0x4e24, 0xb, @mcast1, 0x81}}, 0x0, 0x0, 0x3f, 0x0, "f1990e650926a96ecc136e7fb980e989db9e8bf9b93129488f651a8de213eb94cd46e19d9c65a018444a131f4da58ae3d393dd38ea6c02965c6776267517308a3d40aa1c788df600"}, 0xd8) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r4, 0x6, 0x14, &(0x7f0000000040)=0x2, 0x4) ioctl$int_in(r4, 0x5452, 0x0) 1.167523056s ago: executing program 2 (id=2043): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a44, 0x1700) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r0) sendmsg$TIPC_CMD_GET_LINKS(r1, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x24, r2, 0x300, 0x70bd2a, 0x25dfdbfe, {{}, {}, {0x8, 0x11, 0x80000}}, ["", "", ""]}, 0x24}}, 0x1) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000340)={0x0, 0x18, 0xfa00, {0x1, &(0x7f00000002c0)={0xffffffffffffffff}, 0x111, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_INIT_QP_ATTR(r0, &(0x7f0000000480)={0xb, 0x10, 0xfa00, {&(0x7f00000003c0), r3, 0x5}}, 0x18) mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0xe, 0x8010, r0, 0x952de000) r4 = socket$inet6_udp(0xa, 0x2, 0x0) r5 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r5, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) cachestat(r0, &(0x7f0000000240)={0x1ff, 0x2}, &(0x7f0000000280), 0x0) ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f00000000c0)={'syz_tun\x00', &(0x7f0000000040)=@ethtool_link_settings={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x20, 0x8, [0x0, 0x0, 0x0, 0xc, 0x5, 0x0, 0x0, 0x2]}}) bind$inet6(r4, &(0x7f0000000500)={0xa, 0x4e20, 0xffffffff, @empty, 0x4}, 0x1c) connect$inet6(r4, &(0x7f0000000300)={0xa, 0x4e1d, 0x9, @local, 0x2}, 0x1c) r6 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10c4, 0xea90, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r6, 0x0, 0x0) r7 = socket$alg(0x26, 0x5, 0x0) bind$alg(r7, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'essiv(cbc-twofish-avx,blake2b-256-generic)\x00'}, 0x58) syz_usb_control_io(r6, &(0x7f00000000c0)={0x2c, &(0x7f0000000100)={0x0, 0x0, 0x8, {0x8, 0x0, "392cdaab4a73"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) ioctl$I2C_RDWR(0xffffffffffffffff, 0x707, &(0x7f00000001c0)={&(0x7f0000000380), 0x2}) syz_emit_ethernet(0x4e, &(0x7f0000000040)={@local, @multicast, @void, {@ipv6={0x86dd, @udp={0xa, 0x6, "00e800", 0x18, 0x11, 0x0, @private2, @mcast2, {[], {0x4e1c, 0x4e20, 0x18, 0x0, @wg=@data={0x4, 0x6, 0x7fffffffffffffff}}}}}}}, 0x0) 0s ago: executing program 0 (id=2044): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x7, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000001c0)='sched_switch\x00', r4}, 0x10) r5 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000200), 0x20800, 0x0) ioctl$RTC_SET_TIME(r5, 0x4024700a, &(0x7f00000000c0)={0x7, 0x21, 0x0, 0x17, 0x4, 0xc0, 0x5, 0x14c, 0x1}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000300)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@netfilter={0x7, 0x1, 0x7}}, 0x20) r6 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000003c0)=@newlink={0x30, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x9801, 0x1303}, [@IFLA_MTU={0x8, 0x4, 0x4243}, @IFLA_MASTER={0x8}]}, 0x30}}, 0x0) ioctl$VHOST_SET_VRING_BASE(r6, 0xaf01, 0x0) r8 = eventfd(0xc) ioctl$VHOST_SET_LOG_FD(r6, 0x4004af07, &(0x7f0000000240)=r8) ioctl$VHOST_SET_VRING_KICK(r6, 0x4008af20, &(0x7f0000000040)={0x1, r8}) ioctl$VHOST_SET_VRING_ADDR(r6, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r6, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74}) ioctl$VHOST_SET_MEM_TABLE(r6, 0x4008af03, &(0x7f0000000c40)) ioctl$VHOST_VSOCK_SET_RUNNING(r6, 0x4004af61, &(0x7f0000000000)=0x1) getpid() kernel console output (not intermixed with test programs): from eth3 [ 82.611601][ T5788] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 82.622453][ T5788] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 82.653764][ T5788] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 82.676719][ T5788] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 82.733208][ T5785] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 82.744177][ T5785] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 82.760388][ T5785] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 82.771149][ T5785] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 82.854577][ T5786] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 82.874816][ T5786] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 82.900773][ T5786] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 82.912021][ T5786] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 82.960828][ T5787] 8021q: adding VLAN 0 to HW filter on device bond0 [ 83.036575][ T5787] 8021q: adding VLAN 0 to HW filter on device team0 [ 83.061710][ T1121] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.069168][ T1121] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.129848][ T5788] 8021q: adding VLAN 0 to HW filter on device bond0 [ 83.158632][ T1121] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.165788][ T1121] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.203923][ T5786] 8021q: adding VLAN 0 to HW filter on device bond0 [ 83.222062][ T5788] 8021q: adding VLAN 0 to HW filter on device team0 [ 83.247903][ T5785] 8021q: adding VLAN 0 to HW filter on device bond0 [ 83.268443][ T42] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.275669][ T42] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.296949][ T5786] 8021q: adding VLAN 0 to HW filter on device team0 [ 83.316052][ T42] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.323242][ T42] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.349654][ T5787] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 83.369224][ T137] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.376401][ T137] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.414454][ T58] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.421648][ T58] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.454676][ T5785] 8021q: adding VLAN 0 to HW filter on device team0 [ 83.499064][ T42] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.506306][ T42] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.534849][ T5788] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 83.568566][ T42] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.575796][ T42] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.693833][ T5786] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 83.830118][ T5793] Bluetooth: hci0: command tx timeout [ 83.850687][ T5787] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 83.906754][ T5793] Bluetooth: hci1: command tx timeout [ 83.906953][ T50] Bluetooth: hci2: command tx timeout [ 83.985495][ T50] Bluetooth: hci3: command tx timeout [ 84.006651][ T5787] veth0_vlan: entered promiscuous mode [ 84.030776][ T5787] veth1_vlan: entered promiscuous mode [ 84.109474][ T5787] veth0_macvtap: entered promiscuous mode [ 84.142819][ T5788] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.172143][ T5787] veth1_macvtap: entered promiscuous mode [ 84.263210][ T5787] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 84.283907][ T5787] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 84.318618][ T5787] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.329033][ T5787] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.338259][ T5787] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.347155][ T5787] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.362713][ T5786] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.380798][ T5788] veth0_vlan: entered promiscuous mode [ 84.414529][ T5785] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 84.427349][ T5788] veth1_vlan: entered promiscuous mode [ 84.569645][ T1121] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.585449][ T1121] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.612910][ T5786] veth0_vlan: entered promiscuous mode [ 84.664753][ T5788] veth0_macvtap: entered promiscuous mode [ 84.671249][ T1116] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.683870][ T5786] veth1_vlan: entered promiscuous mode [ 84.690782][ T1116] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.691805][ T5785] veth0_vlan: entered promiscuous mode [ 84.711458][ T5788] veth1_macvtap: entered promiscuous mode [ 84.744106][ T5785] veth1_vlan: entered promiscuous mode [ 84.771378][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 84.783817][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 84.797883][ T5788] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 84.808713][ T5788] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 84.827201][ T5788] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 84.839338][ T5788] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 84.881571][ T5788] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.893737][ T5788] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.907645][ T5788] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.917004][ T5788] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.988779][ T5786] veth0_macvtap: entered promiscuous mode [ 85.001476][ T5786] veth1_macvtap: entered promiscuous mode [ 85.021364][ T5785] veth0_macvtap: entered promiscuous mode [ 85.034447][ T5785] veth1_macvtap: entered promiscuous mode [ 85.059832][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 85.071921][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.090708][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 85.102831][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.122571][ T5786] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 85.252273][ T5785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 85.269601][ T5785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.283696][ T5785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 85.301309][ T5785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.314861][ T5785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 85.331817][ T5785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.344660][ T5785] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 85.368264][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 85.385461][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.396097][ T5786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 85.406629][ T5786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.418194][ T5786] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 85.438611][ T5786] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.448515][ T5786] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.457807][ T5786] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.467460][ T5786] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.492404][ T5785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 85.510745][ T5785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.528800][ T5785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 85.541751][ T5785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.556396][ T5785] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 85.571010][ T5785] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 85.583680][ T5785] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 85.629950][ T5785] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.649217][ T5785] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.662886][ T5785] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.673410][ T5785] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 85.678926][ T5876] syz.2.5[5876]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 85.728973][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.733649][ T5876] loop2: detected capacity change from 0 to 512 [ 85.767150][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.784064][ T5876] EXT4-fs: Ignoring removed nobh option [ 85.873075][ T5876] EXT4-fs error (device loop2): ext4_orphan_get:1399: inode #15: comm syz.2.5: iget: bad i_size value: 38620345925642 [ 85.906797][ T50] Bluetooth: hci0: command tx timeout [ 85.937738][ T5876] EXT4-fs error (device loop2): ext4_orphan_get:1404: comm syz.2.5: couldn't read orphan inode 15 (err -117) [ 85.964634][ T5876] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 85.988979][ T50] Bluetooth: hci1: command tx timeout [ 85.989436][ T5793] Bluetooth: hci2: command tx timeout [ 86.008843][ T1121] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.034697][ T1121] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.075659][ T5793] Bluetooth: hci3: command tx timeout [ 86.167221][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.175105][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.287691][ T1121] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.320418][ T1121] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.388567][ T5882] loop3: detected capacity change from 0 to 1024 [ 86.408462][ T5882] ======================================================= [ 86.408462][ T5882] WARNING: The mand mount option has been deprecated and [ 86.408462][ T5882] and is ignored by this kernel. Remove the mand [ 86.408462][ T5882] option from the mount to silence this warning. [ 86.408462][ T5882] ======================================================= [ 86.464907][ T1121] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.484630][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.491934][ T1121] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.518604][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.601945][ T5882] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 86.638929][ T5882] ext4 filesystem being mounted at /0/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 86.955983][ T5889] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 87.140169][ T28] audit: type=1326 audit(1755821098.702:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5885 comm="syz.0.1" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f24c2f8ebe9 code=0x0 [ 88.006219][ T50] Bluetooth: hci0: command tx timeout [ 88.065951][ T5799] Bluetooth: hci1: command tx timeout [ 88.072050][ T50] Bluetooth: hci2: command tx timeout [ 88.145507][ T50] Bluetooth: hci3: command tx timeout [ 88.587834][ T5787] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 88.682907][ T5788] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 89.666097][ T50] Bluetooth: hci4: command 0x1003 tx timeout [ 89.675091][ T5793] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 92.061364][ T5880] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 92.176709][ T27] cfg80211: failed to load regulatory.db [ 92.415888][ T5880] usb 2-1: Using ep0 maxpacket: 16 [ 92.440653][ T5880] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 92.455268][ T5880] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 92.475655][ T5880] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 92.498721][ T5880] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 92.527894][ T5880] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 92.555700][ T5880] usb 2-1: Product: syz [ 92.560163][ T5880] usb 2-1: Manufacturer: syz [ 92.564808][ T5880] usb 2-1: SerialNumber: syz [ 92.685593][ T8] usb 3-1: new full-speed USB device number 2 using dummy_hcd [ 93.643295][ T5880] usb 2-1: 0:2 : does not exist [ 93.836033][ T8] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 93.865962][ T8] usb 3-1: config 1 has 0 interfaces, different from the descriptor's value: 1 [ 93.885138][ T8] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 93.902553][ T8] usb 3-1: New USB device strings: Mfr=1, Product=0, SerialNumber=3 [ 93.911334][ T8] usb 3-1: Manufacturer: syz [ 93.916230][ T8] usb 3-1: SerialNumber: syz [ 94.190920][ T8] usb 3-1: USB disconnect, device number 2 [ 94.289086][ T5880] usb 2-1: 1:0: failed to get current value for ch 0 (-22) [ 94.363740][ T5880] usb 2-1: USB disconnect, device number 2 [ 94.425983][ T5798] udevd[5798]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 95.337097][ T5955] loop2: detected capacity change from 0 to 512 [ 95.365368][ T5955] EXT4-fs: Ignoring removed oldalloc option [ 95.406989][ T5955] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 95.454828][ T5955] ext4 filesystem being mounted at /8/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 96.612351][ T5972] loop3: detected capacity change from 0 to 512 [ 96.688824][ T5972] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 96.719262][ T5972] ext4 filesystem being mounted at /3/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 98.043052][ T5788] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 98.056303][ T5787] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 98.816131][ T5989] JFS: discard option not supported on device [ 98.826690][ T5989] Mount JFS Failure: -22 [ 98.831130][ T5989] jfs_mount failed w/return code = -22 [ 99.638599][ T5990] loop1: detected capacity change from 0 to 512 [ 99.740646][ T5990] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 99.938494][ T5990] EXT4-fs (loop1): 1 orphan inode deleted [ 99.965013][ T1116] Quota error (device loop1): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 99.987403][ T5990] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 100.010380][ T5990] ext4 filesystem being mounted at /4/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 100.036487][ T1116] EXT4-fs error (device loop1): ext4_release_dquot:6974: comm kworker/u4:6: Failed to release dquot type 1 [ 100.115293][ T2180] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 100.134503][ T6004] fuse: Unknown parameter 'user_id00000000000000000000' [ 100.302132][ T5785] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 100.317257][ T2180] usb 4-1: Using ep0 maxpacket: 8 [ 100.330681][ T2180] usb 4-1: unable to get BOS descriptor or descriptor too short [ 101.370910][ T6014] loop1: detected capacity change from 0 to 256 [ 102.135179][ C0] sched: RT throttling activated [ 102.150477][ T2180] usb 4-1: config 0 has no interfaces? [ 102.222854][ T6017] loop2: detected capacity change from 0 to 512 [ 102.250481][ T6018] loop0: detected capacity change from 0 to 512 [ 102.314301][ T6017] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 102.336855][ T6017] ext4 filesystem being mounted at /12/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 102.367499][ T2180] usb 4-1: language id specifier not provided by device, defaulting to English [ 102.368474][ T6018] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 102.381054][ T2180] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 102.425227][ T2180] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 102.433294][ T2180] usb 4-1: Product: syz [ 102.437819][ T6018] ext4 filesystem being mounted at /9/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 102.453624][ T2180] usb 4-1: Manufacturer: syz [ 102.482263][ T2180] usb 4-1: SerialNumber: syz [ 102.515350][ T2180] usb 4-1: config 0 descriptor?? [ 102.733585][ T2180] usb 4-1: USB disconnect, device number 2 [ 103.139163][ T5786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 103.473003][ T6040] loop3: detected capacity change from 0 to 512 [ 103.490431][ T6040] EXT4-fs: Ignoring removed oldalloc option [ 103.542985][ T6040] EXT4-fs: Ignoring removed mblk_io_submit option [ 103.597009][ T6040] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 103.609199][ T5787] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 103.653546][ T6040] EXT4-fs (loop3): can't mount with journal_async_commit, fs mounted w/o journal [ 104.015368][ T6056] fuse: Unknown parameter 'user_id00000000000000000000' [ 105.371944][ T6066] loop0: detected capacity change from 0 to 16 [ 105.397088][ T6069] loop3: detected capacity change from 0 to 512 [ 105.418096][ T6066] erofs: (device loop0): mounted with root inode @ nid 36. [ 105.479919][ T6069] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 105.604481][ T6069] ext4 filesystem being mounted at /8/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 106.158086][ T5788] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 106.499194][ T6084] loop2: detected capacity change from 0 to 512 [ 107.146443][ T6084] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 107.401837][ T6084] ext4 filesystem being mounted at /16/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 108.845316][ T5787] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 109.353211][ T6101] block device autoloading is deprecated and will be removed. [ 109.910518][ T6107] fuse: Unknown parameter 'user_id00000000000000000000' [ 110.038140][ T6109] loop1: detected capacity change from 0 to 512 [ 110.138235][ T6109] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 110.158887][ T6109] ext4 filesystem being mounted at /10/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 111.591391][ T5785] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 112.355831][ T6136] loop0: detected capacity change from 0 to 1024 [ 112.364476][ T6136] EXT4-fs: Ignoring removed bh option [ 112.533611][ T6136] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 112.584109][ T6136] EXT4-fs error (device loop0): ext4_quota_enable:7129: comm syz.0.57: inode #2304: comm syz.0.57: iget: illegal inode # [ 112.610095][ T6136] EXT4-fs (loop0): Remounting filesystem read-only [ 112.617642][ T6136] EXT4-fs warning (device loop0): ext4_enable_quotas:7173: Failed to enable quota tracking (type=2, err=-117, ino=2304). Please run e2fsck to fix. [ 112.637368][ T6136] EXT4-fs (loop0): mount failed [ 114.441754][ T6142] loop1: detected capacity change from 0 to 512 [ 114.524550][ T6142] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 114.550065][ T6142] ext4 filesystem being mounted at /13/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 114.652939][ T5785] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 114.821487][ T6152] fuse: Bad value for 'fd' [ 115.985840][ T6159] loop1: detected capacity change from 0 to 512 [ 116.258155][ T6159] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 116.272530][ T6159] ext4 filesystem being mounted at /14/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 116.885936][ T6164] loop3: detected capacity change from 0 to 512 [ 116.964245][ T6164] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 117.008590][ T6168] overlayfs: failed to clone upperpath [ 117.023358][ T6164] ext4 filesystem being mounted at /12/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 117.804844][ T5788] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 118.356634][ T6174] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 119.975034][ T5785] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 121.353378][ T6199] loop0: detected capacity change from 0 to 4096 [ 121.571479][ T6199] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 121.671057][ T6206] fuse: Bad value for 'fd' [ 123.670797][ T6225] loop3: detected capacity change from 0 to 256 [ 123.840906][ T5786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 124.283631][ T6231] loop0: detected capacity change from 0 to 512 [ 124.323067][ T6231] EXT4-fs: Ignoring removed orlov option [ 124.367482][ T6231] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 124.671485][ T6231] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2244: inode #17: comm syz.0.82: corrupted in-inode xattr: overlapping e_value [ 125.076126][ T6231] EXT4-fs error (device loop0): ext4_orphan_get:1404: comm syz.0.82: couldn't read orphan inode 17 (err -117) [ 125.132322][ T6231] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 125.350459][ T6238] loop3: detected capacity change from 0 to 512 [ 125.366545][ T6238] EXT4-fs: Ignoring removed oldalloc option [ 125.428341][ T6238] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 125.499889][ T6238] ext4 filesystem being mounted at /17/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 126.769088][ T6235] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 128.167075][ T5786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 129.207707][ T5788] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 129.392179][ T6256] fuse: Bad value for 'fd' [ 129.488586][ T6259] loop3: detected capacity change from 0 to 512 [ 129.501626][ T6260] overlayfs: failed to clone upperpath [ 129.546463][ T6259] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 129.564572][ T6259] ext4 filesystem being mounted at /18/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 131.402295][ T5788] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 132.421555][ T6282] loop0: detected capacity change from 0 to 512 [ 132.443349][ T6273] loop3: detected capacity change from 0 to 256 [ 132.632175][ T6282] EXT4-fs (loop0): 1 orphan inode deleted [ 132.656312][ T6009] Quota error (device loop0): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 132.721230][ T6282] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 132.756210][ T6009] EXT4-fs error (device loop0): ext4_release_dquot:6974: comm kworker/u4:12: Failed to release dquot type 1 [ 132.805890][ T6282] ext4 filesystem being mounted at /21/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 133.145724][ T1278] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.152863][ T1278] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.863717][ T5786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 135.463897][ T6303] loop0: detected capacity change from 0 to 1024 [ 135.492090][ T6303] EXT4-fs: Ignoring removed nobh option [ 135.531549][ T6303] EXT4-fs: Ignoring removed bh option [ 135.574621][ T6303] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 135.630460][ T6303] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 136.948673][ T6315] overlayfs: conflicting lowerdir path [ 140.154624][ T6313] tipc: Started in network mode [ 140.160664][ T6313] tipc: Node identity ac14140f, cluster identity 4711 [ 140.168419][ T6313] tipc: New replicast peer: 255.255.255.255 [ 140.175881][ T6313] tipc: Enabled bearer , priority 10 [ 140.183158][ T6316] netlink: 12 bytes leftover after parsing attributes in process `syz.1.100'. [ 140.487021][ T5786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 140.605360][ T6324] fuse: Unknown parameter '0x0000000000000005' [ 142.455347][ T6333] netlink: 4 bytes leftover after parsing attributes in process `syz.3.104'. [ 142.464295][ T6333] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 143.726873][ T6333] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 143.736807][ T8] tipc: Node number set to 2886997007 [ 146.248898][ T6354] tipc: Enabling of bearer rejected, already enabled [ 146.279407][ T6354] netlink: 12 bytes leftover after parsing attributes in process `syz.1.111'. [ 147.196417][ T6361] loop0: detected capacity change from 0 to 256 [ 148.189163][ T6370] capability: warning: `syz.1.115' uses deprecated v2 capabilities in a way that may be insecure [ 148.242498][ T6372] fuse: Unknown parameter '0x0000000000000005' [ 151.721529][ T6402] loop0: detected capacity change from 0 to 256 [ 152.609189][ T6405] netlink: 12 bytes leftover after parsing attributes in process `syz.1.124'. [ 158.364905][ T6443] syz.3.135[6443] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 158.365224][ T6443] syz.3.135[6443] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 161.972946][ T6466] 9pnet_fd: Insufficient options for proto=fd [ 163.357235][ T6480] loop0: detected capacity change from 0 to 256 [ 164.406768][ T6487] loop0: detected capacity change from 0 to 512 [ 164.544168][ T6487] EXT4-fs (loop0): 1 orphan inode deleted [ 164.575787][ T6487] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 164.811624][ T6493] netlink: 8 bytes leftover after parsing attributes in process `syz.3.147'. [ 165.213855][ T1121] Quota error (device loop0): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 165.224253][ T1121] EXT4-fs error (device loop0): ext4_release_dquot:6974: comm kworker/u4:7: Failed to release dquot type 1 [ 165.282854][ T6487] ext4 filesystem being mounted at /38/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 165.293716][ T6493] syz.3.147 (6493) used greatest stack depth: 16592 bytes left [ 165.493079][ T5786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 165.719402][ T6499] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 166.848901][ T6505] netlink: 96 bytes leftover after parsing attributes in process `syz.3.152'. [ 167.150576][ T6510] kernel profiling enabled (shift: 9) [ 167.189435][ T6510] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 169.475605][ T6527] loop0: detected capacity change from 0 to 512 [ 169.585007][ T6527] EXT4-fs (loop0): 1 orphan inode deleted [ 169.610636][ T5925] Quota error (device loop0): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 169.636661][ T6527] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 169.681271][ T5925] EXT4-fs error (device loop0): ext4_release_dquot:6974: comm kworker/u4:10: Failed to release dquot type 1 [ 169.734068][ T6527] ext4 filesystem being mounted at /41/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 169.951065][ T5786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 171.947641][ T6554] syz.2.167[6554] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 171.947791][ T6554] syz.2.167[6554] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 174.660965][ T6563] loop0: detected capacity change from 0 to 256 [ 175.256010][ T6563] exFAT-fs (loop0): failed to load upcase table (idx : 0x000104d0, chksum : 0xda218cab, utbl_chksum : 0xe619d30d) [ 176.276617][ T28] audit: type=1326 audit(1755821197.845:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6569 comm="syz.2.172" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa6638ebe9 code=0x7ffc0000 [ 176.413542][ T28] audit: type=1326 audit(1755821197.845:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6569 comm="syz.2.172" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa6638ebe9 code=0x7ffc0000 [ 176.489553][ T28] audit: type=1326 audit(1755821197.845:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6569 comm="syz.2.172" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7ffa6638ebe9 code=0x7ffc0000 [ 176.580441][ T28] audit: type=1326 audit(1755821197.875:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6569 comm="syz.2.172" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffa6638ebe9 code=0x7ffc0000 [ 178.429416][ T6596] loop0: detected capacity change from 0 to 256 [ 179.595867][ T6602] loop0: detected capacity change from 0 to 40427 [ 179.613422][ T6602] F2FS-fs (loop0): Insane cp_payload (553648128 >= 504) [ 179.641150][ T6602] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 179.657870][ T6602] F2FS-fs (loop0): heap/no_heap options were deprecated [ 179.699642][ T6602] F2FS-fs (loop0): invalid crc value [ 179.743098][ T6602] F2FS-fs (loop0): Found nat_bits in checkpoint [ 179.954769][ T6602] F2FS-fs (loop0): Start checkpoint disabled! [ 180.025246][ T6602] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 180.032611][ T6602] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 182.651754][ T1121] kworker/u4:7: attempt to access beyond end of device [ 182.651754][ T1121] loop0: rw=2049, sector=40960, nr_sectors = 24 limit=40427 [ 182.693569][ T1121] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 182.722422][ T1121] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 182.745089][ T1121] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 183.385516][ T6624] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 184.447871][ T6659] loop0: detected capacity change from 0 to 512 [ 184.541808][ T6659] EXT4-fs (loop0): 1 orphan inode deleted [ 184.553505][ T6659] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 184.569008][ T6030] Quota error (device loop0): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 184.572227][ T6659] ext4 filesystem being mounted at /46/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 184.665431][ T6030] EXT4-fs error (device loop0): ext4_release_dquot:6974: comm kworker/u4:13: Failed to release dquot type 1 [ 185.271076][ T5786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 186.049975][ T6674] netlink: 36 bytes leftover after parsing attributes in process `syz.0.195'. [ 186.099518][ T6674] loop0: detected capacity change from 0 to 512 [ 186.135950][ T6674] EXT4-fs: Ignoring removed i_version option [ 186.163332][ T6674] EXT4-fs: Ignoring removed bh option [ 186.297161][ T6674] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 186.355513][ T6674] ext4 filesystem being mounted at /47/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 186.652227][ T5786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 188.529285][ T6698] Zero length message leads to an empty skb [ 188.876007][ T6704] overlay: Unknown parameter '/' [ 188.903258][ T6704] overlayfs: failed to clone upperpath [ 194.504540][ T6738] fuse: Invalid rootmode [ 194.615844][ T1278] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.622382][ T1278] ieee802154 phy1 wpan1: encryption failed: -22 [ 198.628343][ T6750] loop0: detected capacity change from 0 to 256 [ 198.834930][ T6751] syz.2.217 uses obsolete (PF_INET,SOCK_PACKET) [ 201.433438][ T6777] xt_TCPMSS: Only works on TCP SYN packets [ 203.142601][ T6777] netlink: 9 bytes leftover after parsing attributes in process `syz.1.223'. [ 203.297655][ T6777] gretap0: entered promiscuous mode [ 203.350822][ T6778] netlink: 5 bytes leftover after parsing attributes in process `syz.1.223'. [ 203.361446][ T6778] 0猉功D: renamed from gretap0 [ 204.066936][ T6778] 0猉功D: left promiscuous mode [ 204.071941][ T6778] 0猉功D: entered allmulticast mode [ 204.086320][ T6778] A link change request failed with some changes committed already. Interface 30猉功D may have been left with an inconsistent configuration, please check. [ 204.432394][ T6785] fuse: Unknown parameter '0x0000000000000005' [ 206.190692][ T6792] loop0: detected capacity change from 0 to 2048 [ 206.598627][ T6792] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 208.173260][ T5801] Bluetooth: hci3: command 0x0406 tx timeout [ 208.179679][ T5801] Bluetooth: hci0: command 0x0406 tx timeout [ 208.185985][ T5103] Bluetooth: hci2: command 0x0406 tx timeout [ 208.192355][ T5801] Bluetooth: hci1: command 0x0406 tx timeout [ 208.701825][ T5786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 209.041680][ T6815] loop0: detected capacity change from 0 to 128 [ 212.624897][ T6831] fuse: Unknown parameter 'fd0x0000000000000005' [ 214.754398][ T6856] loop0: detected capacity change from 0 to 512 [ 215.137725][ T6856] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 215.150696][ T6856] ext4 filesystem being mounted at /58/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 216.198647][ T5786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 218.552760][ T6890] fuse: Unknown parameter 'fd0x0000000000000005' [ 222.865950][ T6921] netlink: 8 bytes leftover after parsing attributes in process `syz.3.258'. [ 222.924861][ T6921] netlink: 8 bytes leftover after parsing attributes in process `syz.3.258'. [ 224.017765][ T6935] loop0: detected capacity change from 0 to 512 [ 224.080092][ T6935] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 224.113418][ T6935] ext4 filesystem being mounted at /64/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 225.381472][ T6946] fuse: Unknown parameter 'fd0x0000000000000005' [ 225.488227][ T5786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 230.669847][ T6981] Cannot find add_set index 0 as target [ 230.879074][ T6997] loop0: detected capacity change from 0 to 256 [ 231.109860][ T6997] FAT-fs (loop0): Directory bread(block 64) failed [ 231.135571][ T6997] FAT-fs (loop0): Directory bread(block 65) failed [ 231.143419][ T6997] FAT-fs (loop0): Directory bread(block 66) failed [ 231.170941][ T6997] FAT-fs (loop0): Directory bread(block 67) failed [ 231.343006][ T6997] FAT-fs (loop0): Directory bread(block 68) failed [ 231.343184][ T6997] FAT-fs (loop0): Directory bread(block 69) failed [ 231.343295][ T6997] FAT-fs (loop0): Directory bread(block 70) failed [ 231.343323][ T6997] FAT-fs (loop0): Directory bread(block 71) failed [ 231.343425][ T6997] FAT-fs (loop0): Directory bread(block 72) failed [ 231.343453][ T6997] FAT-fs (loop0): Directory bread(block 73) failed [ 234.095984][ T7013] bridge0: entered promiscuous mode [ 234.101835][ T7013] macsec1: entered promiscuous mode [ 248.095467][ T7112] bridge0: entered promiscuous mode [ 248.110010][ T7112] macsec1: entered promiscuous mode [ 248.128259][ T7112] bridge0: port 3(macsec1) entered blocking state [ 248.156469][ T7112] bridge0: port 3(macsec1) entered disabled state [ 248.166919][ T7112] macsec1: entered allmulticast mode [ 248.172399][ T7112] bridge0: entered allmulticast mode [ 248.181337][ T7112] macsec1: left allmulticast mode [ 248.192203][ T7112] bridge0: left allmulticast mode [ 248.201333][ T7112] bridge0: left promiscuous mode [ 250.836056][ T28] audit: type=1326 audit(1755821280.418:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7156 comm="syz.1.316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb1258ebe9 code=0x7ffc0000 [ 250.888779][ T28] audit: type=1326 audit(1755821280.418:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7156 comm="syz.1.316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb1258ebe9 code=0x7ffc0000 [ 250.953605][ T28] audit: type=1326 audit(1755821280.418:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7156 comm="syz.1.316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7fcb1258ebe9 code=0x7ffc0000 [ 251.027275][ T28] audit: type=1326 audit(1755821280.418:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7156 comm="syz.1.316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb1258ebe9 code=0x7ffc0000 [ 251.100564][ T28] audit: type=1326 audit(1755821280.418:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7156 comm="syz.1.316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7fcb1258ebe9 code=0x7ffc0000 [ 251.187356][ T28] audit: type=1326 audit(1755821280.418:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7156 comm="syz.1.316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fcb1252add9 code=0x7ffc0000 [ 251.497175][ T28] audit: type=1326 audit(1755821280.418:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7156 comm="syz.1.316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fcb1252add9 code=0x7ffc0000 [ 251.915300][ T28] audit: type=1326 audit(1755821280.418:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7156 comm="syz.1.316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fcb1252add9 code=0x7ffc0000 [ 252.007942][ T28] audit: type=1326 audit(1755821280.418:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7156 comm="syz.1.316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fcb1252add9 code=0x7ffc0000 [ 252.030773][ T28] audit: type=1326 audit(1755821280.418:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7156 comm="syz.1.316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fcb1252add9 code=0x7ffc0000 [ 256.675409][ T7201] netlink: 4 bytes leftover after parsing attributes in process `syz.2.325'. [ 256.679595][ T1278] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.684433][ T7201] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 256.765292][ T1278] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.959929][ T7201] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 259.293516][ T7231] bridge0: port 3(vlan2) entered blocking state [ 259.314864][ T7231] bridge0: port 3(vlan2) entered disabled state [ 259.323294][ T7231] vlan2: entered allmulticast mode [ 259.329800][ T7231] bridge0: entered allmulticast mode [ 259.337302][ T7231] vlan2: left allmulticast mode [ 259.342451][ T7231] bridge0: left allmulticast mode [ 260.383189][ T7248] xt_hashlimit: max too large, truncated to 1048576 [ 266.514037][ T7296] xt_time: invalid argument - start or stop time greater than 23:59:59 [ 274.338763][ T7343] loop0: detected capacity change from 0 to 40427 [ 274.378563][ T7343] F2FS-fs (loop0): Insane cp_payload (553648128 >= 504) [ 274.401092][ T7343] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 274.435736][ T7343] F2FS-fs (loop0): heap/no_heap options were deprecated [ 274.463731][ T7343] F2FS-fs (loop0): invalid crc value [ 274.503491][ T7343] F2FS-fs (loop0): Found nat_bits in checkpoint [ 275.676560][ T7343] F2FS-fs (loop0): Start checkpoint disabled! [ 292.845390][ T8] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 293.052188][ T8] usb 1-1: config 0 has no interfaces? [ 294.384090][ T8] usb 1-1: New USB device found, idVendor=7d25, idProduct=8e26, bcdDevice= 0.40 [ 294.406125][ T8] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 294.414192][ T8] usb 1-1: Product: syz [ 294.419096][ T8] usb 1-1: Manufacturer: syz [ 294.436285][ T8] usb 1-1: config 0 descriptor?? [ 294.653992][ T8] usb 1-1: USB disconnect, device number 2 [ 299.344175][ T7531] loop0: detected capacity change from 0 to 512 [ 299.433058][ T7531] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 299.446414][ T7531] ext4 filesystem being mounted at /93/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 300.834526][ T5786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 301.110816][ T7546] loop0: detected capacity change from 0 to 512 [ 301.196369][ T7546] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 301.242249][ T7546] ext4 filesystem being mounted at /94/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 304.513769][ T5786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 306.156216][ T7570] netlink: 'syz.3.418': attribute type 4 has an invalid length. [ 306.164035][ T7570] netlink: 'syz.3.418': attribute type 5 has an invalid length. [ 306.171833][ T7570] netlink: 3657 bytes leftover after parsing attributes in process `syz.3.418'. [ 306.710226][ T7579] loop0: detected capacity change from 0 to 1024 [ 306.777850][ T7579] EXT4-fs: Ignoring removed nobh option [ 306.828774][ T7579] EXT4-fs: Ignoring removed bh option [ 306.847941][ T7579] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 306.977815][ T7579] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 307.522734][ T7584] overlayfs: conflicting lowerdir path [ 309.589892][ T5786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 318.010297][ T1278] ieee802154 phy0 wpan0: encryption failed: -22 [ 318.022010][ T1278] ieee802154 phy1 wpan1: encryption failed: -22 [ 318.524546][ T7653] loop0: detected capacity change from 0 to 512 [ 318.604496][ T7653] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 318.617451][ T7653] ext4 filesystem being mounted at /99/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 319.415353][ T7667] netlink: 12 bytes leftover after parsing attributes in process `syz.3.442'. [ 320.112536][ T7678] netlink: 9 bytes leftover after parsing attributes in process `syz.2.445'. [ 320.134688][ T7678] gretap0: entered promiscuous mode [ 320.173349][ T7678] netlink: 5 bytes leftover after parsing attributes in process `syz.2.445'. [ 320.183817][ T7678] 0猉功D: renamed from gretap0 [ 320.447970][ T7678] 0猉功D: left promiscuous mode [ 320.453081][ T7678] 0猉功D: entered allmulticast mode [ 320.470489][ T7678] A link change request failed with some changes committed already. Interface 30猉功D may have been left with an inconsistent configuration, please check. [ 322.144958][ T5786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 324.130889][ T7697] netlink: 12 bytes leftover after parsing attributes in process `syz.3.451'. [ 329.182538][ T7725] loop0: detected capacity change from 0 to 256 [ 330.206256][ T7734] netlink: 12 bytes leftover after parsing attributes in process `syz.0.460'. [ 337.419885][ T7781] loop0: detected capacity change from 0 to 1024 [ 338.008511][ T7781] EXT4-fs: Ignoring removed nomblk_io_submit option [ 338.055418][ T7781] EXT4-fs: Mount option(s) incompatible with ext3 [ 341.706904][ T7797] loop0: detected capacity change from 0 to 1024 [ 341.735366][ T7798] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 341.761821][ T7797] EXT4-fs: Ignoring removed nobh option [ 341.801902][ T7797] EXT4-fs: Ignoring removed bh option [ 341.837786][ T7797] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 342.007701][ T7797] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 343.076654][ T7817] overlayfs: conflicting lowerdir path [ 344.047841][ T5786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 346.425188][ T8] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 346.652002][ T8] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 346.689569][ T8] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 346.737789][ T8] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 346.765414][ T8] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 346.785878][ T8] usb 1-1: config 0 descriptor?? [ 347.149148][ T7848] netlink: 8 bytes leftover after parsing attributes in process `syz.3.488'. [ 347.158107][ T7848] netlink: 4 bytes leftover after parsing attributes in process `syz.3.488'. [ 347.709594][ T7848] workqueue: Failed to create a rescuer kthread for wq "wg-crypt-wireguard%d": -EINTR [ 349.501785][ T8] usb 1-1: language id specifier not provided by device, defaulting to English [ 349.792890][ T8] uclogic 0003:256C:006D.0001: failed retrieving string descriptor #100: -71 [ 349.824600][ T8] uclogic 0003:256C:006D.0001: failed retrieving pen parameters: -71 [ 349.839418][ T8] uclogic 0003:256C:006D.0001: failed probing pen v1 parameters: -71 [ 349.868117][ T8] uclogic 0003:256C:006D.0001: failed probing parameters: -71 [ 349.887331][ T8] uclogic: probe of 0003:256C:006D.0001 failed with error -71 [ 349.929423][ T8] usb 1-1: USB disconnect, device number 3 [ 351.633053][ T7885] netlink: 4 bytes leftover after parsing attributes in process `syz.1.497'. [ 351.642375][ T7885] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 352.068222][ T7885] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 352.751347][ T7895] loop0: detected capacity change from 0 to 256 [ 353.508996][ T7903] loop0: detected capacity change from 0 to 512 [ 353.606047][ T7903] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 353.619053][ T7903] ext4 filesystem being mounted at /109/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 356.854645][ T5786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 362.393453][ T7945] bridge0: port 2(bridge_slave_1) entered disabled state [ 362.401395][ T7945] bridge0: port 1(bridge_slave_0) entered disabled state [ 364.459375][ T7945] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 366.409049][ T7988] process 'syz.3.521' launched './file0' with NULL argv: empty string added [ 367.959912][ T7945] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 367.982662][ T7945] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 368.005129][ T7945] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 368.022461][ T7945] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 368.389593][ T8002] netlink: 20 bytes leftover after parsing attributes in process `syz.0.524'. [ 368.834750][ T8007] loop0: detected capacity change from 0 to 256 [ 371.049628][ T8025] loop0: detected capacity change from 0 to 512 [ 371.257067][ T8025] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 371.308775][ T8025] ext4 filesystem being mounted at /117/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 375.533788][ T8051] netlink: 8 bytes leftover after parsing attributes in process `syz.2.535'. [ 375.545989][ T8051] netlink: 8 bytes leftover after parsing attributes in process `syz.2.535'. [ 376.426894][ T5786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 376.465621][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 376.474535][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 376.483475][ T0] NOHZ tick-stop error: local softirq work is pending, handler #210!!! [ 376.492473][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 376.501649][ T0] NOHZ tick-stop error: local softirq work is pending, handler #240!!! [ 376.510395][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 376.914939][ T8063] loop0: detected capacity change from 0 to 256 [ 378.565713][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 378.574393][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 378.780998][ T8080] loop0: detected capacity change from 0 to 1024 [ 378.883117][ T1278] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.889713][ T1278] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.919108][ T8080] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 378.997939][ T8080] ext4 filesystem being mounted at /120/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 383.093723][ T5786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 384.825614][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 384.834496][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 387.757317][ T8141] tipc: Started in network mode [ 387.763016][ T8141] tipc: Node identity ac14140f, cluster identity 4711 [ 387.770326][ T8141] tipc: New replicast peer: 255.255.255.255 [ 387.777347][ T8141] tipc: Enabled bearer , priority 10 [ 387.787306][ T8141] netlink: 12 bytes leftover after parsing attributes in process `syz.2.558'. [ 389.133436][ T7979] tipc: Node number set to 2886997007 [ 392.100655][ T8164] loop0: detected capacity change from 0 to 256 [ 392.178983][ T8168] fuse: Unknown parameter '{roup_id' [ 394.919467][ T8185] netlink: 9 bytes leftover after parsing attributes in process `syz.2.569'. [ 394.934941][ T8185] 0猉功D: entered promiscuous mode [ 394.940288][ T8185] 0猉功D: left allmulticast mode [ 394.959662][ T8185] netlink: 5 bytes leftover after parsing attributes in process `syz.2.569'. [ 394.969674][ T8185] 1猉功D: renamed from 30猉功D [ 395.002189][ T8185] 1猉功D: left promiscuous mode [ 395.007340][ T8185] 1猉功D: entered allmulticast mode [ 395.025306][ T8185] A link change request failed with some changes committed already. Interface 31猉功D may have been left with an inconsistent configuration, please check. [ 399.497267][ T8198] overlayfs: failed to clone lowerpath [ 399.881632][ T8200] overlayfs: failed to clone upperpath [ 401.655181][ T7975] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 401.848697][ T7975] usb 1-1: Using ep0 maxpacket: 8 [ 401.872566][ T7975] usb 1-1: unable to get BOS descriptor or descriptor too short [ 401.909951][ T7975] usb 1-1: config 0 has an invalid interface number: 88 but max is 0 [ 401.940557][ T7975] usb 1-1: config 0 has no interface number 0 [ 401.971878][ T7975] usb 1-1: config 0 interface 88 altsetting 8 endpoint 0x86 has an invalid bInterval 0, changing to 7 [ 402.023844][ T7975] usb 1-1: config 0 interface 88 has no altsetting 0 [ 402.050845][ T7975] usb 1-1: language id specifier not provided by device, defaulting to English [ 402.080520][ T7975] usb 1-1: New USB device found, idVendor=0460, idProduct=0004, bcdDevice=96.31 [ 402.101516][ T7975] usb 1-1: New USB device strings: Mfr=1, Product=84, SerialNumber=3 [ 402.137478][ T7975] usb 1-1: Product: syz [ 402.152222][ T7975] usb 1-1: Manufacturer: 氆喍敫忓嫴虢斷С飳岇伝釢般攻鑲椾寷洧屷澘猡冣瓚韸㈢耄栥梽窑戗裤瘏鑵宏珦鑾洧倽辍п湧瑜风嵏閵氠禑铫撫伯浣鋩濁瘶韺儺 [ 402.219961][ T7975] usb 1-1: SerialNumber: syz [ 402.254806][ T7975] usb 1-1: config 0 descriptor?? [ 402.628197][ T8210] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 402.663085][ T8210] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 402.669089][ T8223] netlink: 228 bytes leftover after parsing attributes in process `syz.3.578'. [ 404.436972][ T7975] input: 氆喍敫忓嫴虢斷С飳岇伝釢般攻鑲椾寷洧屷澘猡冣瓚韸㈢耄栥梽窑戗裤瘏鑵宏珦鑾洧倽辍п湧瑜风嵏閵氠禑铫撫伯浣鋩濁瘶韺 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.88/input/input5 [ 405.464064][ T7975] usb 1-1: USB disconnect, device number 4 [ 405.470131][ C0] usb_acecad 1-1:0.88: can't resubmit intr, dummy_hcd.0-1/input0, status -19 [ 405.489956][ T137] Bluetooth: hci4: Frame reassembly failed (-84) [ 405.537725][ T137] Bluetooth: hci4: Frame reassembly failed (-84) [ 408.112410][ T5799] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 410.257533][ T8275] loop0: detected capacity change from 0 to 1024 [ 410.438291][ T8275] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 413.204602][ T5786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 414.198402][ T8302] overlayfs: failed to resolve './file0': -2 [ 417.615347][ T137] Bluetooth: hci4: Frame reassembly failed (-84) [ 419.834451][ T5793] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 424.498446][ T8385] loop0: detected capacity change from 0 to 4096 [ 424.585931][ T8385] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 430.223464][ T5786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 431.649377][ T8434] loop0: detected capacity change from 0 to 2048 [ 431.987328][ T8434] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 433.238843][ T8434] vlan2: entered promiscuous mode [ 433.243934][ T8434] bridge0: entered promiscuous mode [ 434.717630][ T5786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 438.965735][ T8491] overlayfs: failed to clone upperpath [ 440.310021][ T1278] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.316558][ T1278] ieee802154 phy1 wpan1: encryption failed: -22 [ 441.445243][ T7977] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 442.476957][ T7977] usb 1-1: New USB device found, idVendor=1235, idProduct=0018, bcdDevice=f0.ee [ 442.495126][ T7977] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 442.506358][ T7977] usb 1-1: config 0 descriptor?? [ 442.533097][ T7977] usb 1-1: selecting invalid altsetting 1 [ 442.633932][ T7977] snd-usb-audio: probe of 1-1:0.0 failed with error -22 [ 443.287494][ T8525] loop0: detected capacity change from 0 to 1024 [ 443.434308][ T8525] EXT4-fs (loop0): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 443.484678][ T8525] ext4 filesystem being mounted at /141/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 443.521078][ T8525] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 443.575666][ T8525] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 443.688851][ T28] kauditd_printk_skb: 762 callbacks suppressed [ 443.688877][ T28] audit: type=1800 audit(1755821478.268:779): pid=8525 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.654" name="file2" dev="loop0" ino=16 res=0 errno=0 [ 445.272562][ T8544] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters [ 445.412701][ T7975] usb 1-1: USB disconnect, device number 5 [ 445.498174][ T1121] EXT4-fs error (device loop0): ext4_map_blocks:718: inode #15: comm kworker/u4:7: lblock 0 mapped to illegal pblock 0 (length 6) [ 445.534669][ T1121] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 6 with error 117 [ 445.557107][ T1121] EXT4-fs (loop0): This should not happen!! Data will be lost [ 445.557107][ T1121] [ 445.574740][ T1121] EXT4-fs error (device loop0): ext4_map_blocks:718: inode #15: block 8: comm kworker/u4:7: lblock 8 mapped to illegal pblock 8 (length 8) [ 445.595664][ T1121] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 8 with max blocks 8 with error 117 [ 445.630204][ T1121] EXT4-fs (loop0): This should not happen!! Data will be lost [ 445.630204][ T1121] [ 445.722811][ T5786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 453.367208][ T8607] xt_time: invalid argument - start or stop time greater than 23:59:59 [ 454.145200][ T5793] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 456.118324][ T8617] vlan2: entered promiscuous mode [ 457.372743][ T8627] loop0: detected capacity change from 0 to 256 [ 464.785254][ T8664] loop0: detected capacity change from 0 to 256 [ 470.099393][ T8714] loop0: detected capacity change from 0 to 256 [ 472.734924][ T8739] loop0: detected capacity change from 0 to 512 [ 472.780944][ T8739] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 472.833439][ T8739] ext4 filesystem being mounted at /151/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 474.196509][ T5786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 481.895193][ T7977] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 482.828147][ T7977] usb 1-1: Using ep0 maxpacket: 32 [ 482.850178][ T7977] usb 1-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb [ 482.865277][ T7977] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 482.875608][ T7977] usb 1-1: Product: syz [ 482.879865][ T7977] usb 1-1: Manufacturer: syz [ 482.884498][ T7977] usb 1-1: SerialNumber: syz [ 482.902538][ T7977] usb 1-1: config 0 descriptor?? [ 482.923778][ T7977] gspca_main: ov534_9-2.14.0 probing 05a9:1550 [ 486.104307][ T8830] overlayfs: failed to clone upperpath [ 486.901777][ T7977] gspca_ov534_9: reg_w failed -71 [ 487.310927][ T7977] gspca_ov534_9: Unknown sensor 0000 [ 487.311583][ T7977] ov534_9: probe of 1-1:0.0 failed with error -22 [ 487.355769][ T7977] usb 1-1: USB disconnect, device number 6 [ 487.896738][ T8849] xt_time: invalid argument - start or stop time greater than 23:59:59 [ 490.980953][ T8861] netlink: 4 bytes leftover after parsing attributes in process `syz.2.740'. [ 492.355802][ T8872] overlayfs: failed to clone upperpath [ 501.085801][ T8917] overlayfs: failed to clone upperpath [ 501.825684][ T1278] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.832061][ T1278] ieee802154 phy1 wpan1: encryption failed: -22 [ 504.579177][ T8940] 9pnet_fd: Insufficient options for proto=fd [ 508.141368][ T8961] loop0: detected capacity change from 0 to 512 [ 508.256542][ T8961] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 508.277966][ T8961] ext4 filesystem being mounted at /162/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 511.761947][ T5786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 512.253352][ T9002] 9pnet_fd: Insufficient options for proto=fd [ 515.475165][ T7976] usb 1-1: new full-speed USB device number 7 using dummy_hcd [ 515.947965][ T7976] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 515.983645][ T7976] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 516.026924][ T7976] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 516.057967][ T7976] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 516.313120][ T7976] usb 1-1: usb_control_msg returned -32 [ 516.322574][ T7976] usbtmc 1-1:16.0: can't read capabilities [ 516.816927][ T9047] 9pnet_fd: Insufficient options for proto=fd [ 517.775439][ T5793] Bluetooth: hci1: unexpected event for opcode 0x2060 [ 518.636915][ T7977] usb 1-1: USB disconnect, device number 7 [ 519.922232][ T9061] loop0: detected capacity change from 0 to 1024 [ 519.959279][ T9061] EXT4-fs: Ignoring removed nomblk_io_submit option [ 519.989184][ T9061] EXT4-fs: Mount option(s) incompatible with ext3 [ 524.037927][ T9096] fuse: Unknown parameter '0xffffffffffffffff' [ 524.112554][ T9098] 9pnet_fd: Insufficient options for proto=fd [ 527.048836][ T9118] loop0: detected capacity change from 0 to 512 [ 527.207938][ T9118] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 527.251884][ T9118] ext4 filesystem being mounted at /170/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 528.344925][ T5786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 528.785470][ T7977] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 529.015173][ T7977] usb 1-1: Using ep0 maxpacket: 8 [ 529.032647][ T7977] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 529.047418][ T7977] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 529.079669][ T7977] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 529.107536][ T7977] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 529.133529][ T7977] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 529.251854][ T7977] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 529.275443][ T7977] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 529.518303][ T7977] usb 1-1: usb_control_msg returned -32 [ 529.549000][ T7977] usbtmc 1-1:16.0: can't read capabilities [ 530.910261][ T9155] usbtmc 1-1:16.0: usb_clear_halt returned -32 [ 531.113767][ T7977] usb 1-1: USB disconnect, device number 8 [ 536.696337][ T50] Bluetooth: hci4: command 0x1003 tx timeout [ 536.711192][ T5793] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 538.465530][ T9221] loop0: detected capacity change from 0 to 256 [ 542.356868][ T9252] netlink: 20 bytes leftover after parsing attributes in process `syz.3.834'. [ 544.587091][ T9290] (unnamed net_device) (uninitialized): option active_slave: mode dependency failed, not supported in mode balance-rr(0) [ 553.446552][ T9368] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 553.465313][ T9368] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 553.505894][ T9368] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 553.511968][ T9368] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 553.564447][ T9368] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 553.595211][ T9368] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 553.663793][ T9368] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 553.695450][ T9368] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 555.516252][ T50] Bluetooth: hci0: command 0x0406 tx timeout [ 556.104324][ T50] Bluetooth: hci2: command 0x0406 tx timeout [ 556.111537][ T5793] Bluetooth: hci3: command 0x0c1a tx timeout [ 556.111758][ T50] Bluetooth: hci1: command 0x0406 tx timeout [ 557.595177][ T9401] Bluetooth: hci0: command 0x0406 tx timeout [ 558.147129][ T5799] Bluetooth: hci2: command 0x0406 tx timeout [ 558.153995][ T9401] Bluetooth: hci3: command 0x0c1a tx timeout [ 558.160821][ T5799] Bluetooth: hci1: command 0x0406 tx timeout [ 559.917097][ T9447] netlink: 12 bytes leftover after parsing attributes in process `syz.3.896'. [ 559.939184][ T9447] vlan2: entered promiscuous mode [ 559.944509][ T9447] dummy0: entered promiscuous mode [ 561.638911][ T9474] 9pnet_fd: Insufficient options for proto=fd [ 563.115571][ T7977] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 563.295752][ T1278] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.375855][ T1278] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.499015][ T7977] usb 1-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 563.512525][ T7977] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 563.532781][ T7977] usb 1-1: Product: syz [ 563.542913][ T7977] usb 1-1: Manufacturer: syz [ 563.553056][ T7977] usb 1-1: SerialNumber: syz [ 564.016062][ T9470] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 564.078231][ T9470] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 565.943774][ T7977] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00000098. ret = -71 [ 565.964785][ T7977] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -71 [ 565.983008][ T7977] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 565.994705][ T7977] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 566.193498][ T7977] lan78xx: probe of 1-1:1.0 failed with error -71 [ 566.238468][ T7977] usb 1-1: USB disconnect, device number 9 [ 566.875779][ T9498] overlayfs: failed to clone upperpath [ 568.605132][ T7977] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 568.806152][ T7977] usb 1-1: too many configurations: 151, using maximum allowed: 8 [ 568.815062][ T9515] 9pnet_fd: Insufficient options for proto=fd [ 568.845903][ T7977] usb 1-1: New USB device found, idVendor=04d8, idProduct=0082, bcdDevice=ce.b7 [ 568.855734][ T7977] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=130 [ 568.864162][ T7977] usb 1-1: Product: syz [ 568.870369][ T7977] usb 1-1: Manufacturer: syz [ 568.881045][ T7977] usb 1-1: SerialNumber: syz [ 568.890688][ T7977] usb 1-1: config 0 descriptor?? [ 568.912971][ T7977] ims_pcu 1-1:0.0: Zero length descriptor [ 568.928134][ T7977] ims_pcu: probe of 1-1:0.0 failed with error -22 [ 569.166986][ T7977] usb 1-1: USB disconnect, device number 10 [ 572.022072][ T9530] overlayfs: failed to clone upperpath [ 572.815828][ T9546] 9pnet_fd: Insufficient options for proto=fd [ 575.925755][ T9570] overlayfs: failed to resolve './file1': -2 [ 576.418523][ T9575] netlink: 4 bytes leftover after parsing attributes in process `syz.2.936'. [ 577.689037][ T9589] 9pnet_fd: Insufficient options for proto=fd [ 577.809261][ T9590] loop0: detected capacity change from 0 to 256 [ 581.817880][ T9611] overlayfs: failed to resolve './file1': -2 [ 586.508662][ T9651] netlink: 'syz.3.957': attribute type 4 has an invalid length. [ 586.519940][ T9651] netlink: 72 bytes leftover after parsing attributes in process `syz.3.957'. [ 592.846691][ T9704] 9pnet_fd: Insufficient options for proto=fd [ 593.234247][ T9705] netlink: 'syz.1.973': attribute type 2 has an invalid length. [ 596.839204][ T9745] loop0: detected capacity change from 0 to 256 [ 600.818884][ T9775] netlink: 4 bytes leftover after parsing attributes in process `syz.3.993'. [ 601.957246][ T9799] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1001'. [ 605.181040][ T9837] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1011'. [ 605.345103][ T7951] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 605.573204][ T7951] usb 1-1: New USB device found, idVendor=1b80, idProduct=e396, bcdDevice=a7.b1 [ 605.633426][ T7951] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 605.689571][ T7951] usb 1-1: config 0 descriptor?? [ 605.743468][ T7951] usb 1-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 605.803631][ T7951] dvb_usb_af9015: probe of 1-1:0.0 failed with error -22 [ 607.875311][ T9857] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1017'. [ 607.883466][ T7951] usb 1-1: USB disconnect, device number 11 [ 611.455874][ T9889] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1027'. [ 622.285189][ T7951] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 622.627225][ T9979] xt_time: invalid argument - start or stop time greater than 23:59:59 [ 623.675876][ T7951] usb 1-1: too many configurations: 151, using maximum allowed: 8 [ 623.865518][ T7951] usb 1-1: New USB device found, idVendor=04d8, idProduct=0082, bcdDevice=ce.b7 [ 623.885137][ T7951] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=130 [ 623.893378][ T7951] usb 1-1: Product: syz [ 623.915141][ T7951] usb 1-1: Manufacturer: syz [ 623.919838][ T7951] usb 1-1: SerialNumber: syz [ 623.945864][ T7951] usb 1-1: config 0 descriptor?? [ 623.966570][ T7951] ims_pcu 1-1:0.0: Zero length descriptor [ 623.972723][ T7951] ims_pcu: probe of 1-1:0.0 failed with error -22 [ 624.255084][ T7977] usb 1-1: USB disconnect, device number 12 [ 624.632921][ T1278] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.639633][ T1278] ieee802154 phy1 wpan1: encryption failed: -22 [ 625.805692][ T9998] loop0: detected capacity change from 0 to 256 [ 627.948950][T10010] xt_time: invalid argument - start or stop time greater than 23:59:59 [ 631.978892][T10053] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 631.997246][T10053] team0: Port device batadv1 added [ 634.272826][T10074] loop0: detected capacity change from 0 to 256 [ 636.856330][T10096] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 638.723894][ T28] audit: type=1326 audit(1755821686.294:780): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10126 comm="syz.3.1099" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f985f78ebe9 code=0x0 [ 638.955046][ T7977] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 639.146291][ T7977] usb 1-1: Using ep0 maxpacket: 32 [ 639.160911][ T7977] usb 1-1: config index 0 descriptor too short (expected 35577, got 27) [ 639.170888][ T7977] usb 1-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 639.188539][ T7977] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 639.207262][ T7977] usb 1-1: config 1 has no interface number 0 [ 639.220362][ T7977] usb 1-1: config 1 interface 1 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 639.242768][ T7977] usb 1-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 639.270591][ T7977] usb 1-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 639.289454][ T7977] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 639.320270][ T7977] snd_usb_pod 1-1:1.1: Line 6 Pocket POD found [ 639.531384][ T7977] snd_usb_pod 1-1:1.1: endpoint not available, using fallback values [ 639.570555][ T7977] snd_usb_pod 1-1:1.1: invalid control EP [ 639.584324][ T7977] snd_usb_pod 1-1:1.1: cannot start listening: -22 [ 639.603282][ T7977] snd_usb_pod 1-1:1.1: Line 6 Pocket POD now disconnected [ 639.621861][ T7977] snd_usb_pod: probe of 1-1:1.1 failed with error -22 [ 639.761131][ T7977] usb 1-1: USB disconnect, device number 13 [ 640.754706][T10146] netlink: 68 bytes leftover after parsing attributes in process `syz.0.1106'. [ 641.999805][T10153] loop0: detected capacity change from 0 to 512 [ 642.135884][T10153] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 642.223772][T10153] ext4 filesystem being mounted at /233/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 643.153300][ T5786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 643.357594][T10166] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1112'. [ 643.769332][T10178] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1117'. [ 643.910159][T10176] overlayfs: failed to clone upperpath [ 643.922810][ T5853] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 644.493571][ T5853] usb 1-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 644.521255][ T5853] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 644.543726][ T5853] usb 1-1: Product: syz [ 644.548558][ T5853] usb 1-1: Manufacturer: syz [ 644.559984][ T5853] usb 1-1: SerialNumber: syz [ 645.057311][T10168] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 645.082685][T10168] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 645.672910][ T5853] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00000098. ret = -71 [ 645.905785][ T5853] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -71 [ 645.954553][ T5853] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 645.986805][ T5853] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 646.025811][ T5853] lan78xx: probe of 1-1:1.0 failed with error -71 [ 646.080203][ T5853] usb 1-1: USB disconnect, device number 14 [ 646.203927][T10200] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1124'. [ 647.058028][T10212] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 648.163439][T10228] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1134'. [ 650.055205][T10255] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1143'. [ 650.377140][ T7979] usb 1-1: new full-speed USB device number 15 using dummy_hcd [ 650.719550][ T7979] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 650.808418][ T7979] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 650.967576][ T7979] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 651.077573][ T7979] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 651.377594][ T7979] usb 1-1: usb_control_msg returned -32 [ 651.411026][ T7979] usbtmc 1-1:16.0: can't read capabilities [ 653.199986][ T7974] usb 1-1: USB disconnect, device number 15 [ 657.690750][T10317] netlink: 68 bytes leftover after parsing attributes in process `syz.3.1162'. [ 661.013053][T10343] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1171'. [ 661.472093][T10350] netlink: 9 bytes leftover after parsing attributes in process `syz.1.1172'. [ 661.490192][T10350] 0猉功D: entered promiscuous mode [ 661.495504][T10350] 0猉功D: left allmulticast mode [ 661.520052][T10350] netlink: 5 bytes leftover after parsing attributes in process `syz.1.1172'. [ 661.529957][T10350] 1猉功D: renamed from 30猉功D [ 662.024734][T10350] 1猉功D: left promiscuous mode [ 662.029783][T10350] 1猉功D: entered allmulticast mode [ 662.043164][T10350] A link change request failed with some changes committed already. Interface 31猉功D may have been left with an inconsistent configuration, please check. [ 666.213581][T10374] 9pnet_fd: Insufficient options for proto=fd [ 669.837455][T10397] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1189'. [ 669.851623][T10397] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1189'. [ 670.097747][ T7974] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 671.101943][ T7974] usb 1-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 671.130302][ T7974] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 671.145165][ T7974] usb 1-1: Product: syz [ 671.159756][ T7974] usb 1-1: Manufacturer: syz [ 671.164415][ T7974] usb 1-1: SerialNumber: syz [ 671.624597][T10399] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 671.655782][T10399] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 671.931447][ T7974] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -71 [ 671.992248][ T7974] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00000098. ret = -71 [ 672.022417][ T7974] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -71 [ 672.050435][ T7974] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 672.088279][ T7974] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 672.576282][ T7974] lan78xx: probe of 1-1:1.0 failed with error -71 [ 673.017838][ T7974] usb 1-1: USB disconnect, device number 16 [ 674.054116][T10446] 9pnet_fd: Insufficient options for proto=fd [ 679.445240][T10460] loop0: detected capacity change from 0 to 256 [ 681.582367][T10487] loop0: detected capacity change from 0 to 512 [ 681.643976][T10487] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 681.709594][T10487] ext4 filesystem being mounted at /255/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 682.954033][ T5786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 683.629555][T10500] loop0: detected capacity change from 0 to 512 [ 683.737145][T10500] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 683.790974][T10500] ext4 filesystem being mounted at /256/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 684.893784][ T5786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 686.342495][ T1278] ieee802154 phy0 wpan0: encryption failed: -22 [ 686.349042][ T1278] ieee802154 phy1 wpan1: encryption failed: -22 [ 687.397224][T10518] loop0: detected capacity change from 0 to 256 [ 690.674865][T10563] loop0: detected capacity change from 0 to 512 [ 690.727035][T10563] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 690.769911][T10563] ext4 filesystem being mounted at /260/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 692.413068][T10581] overlayfs: failed to clone upperpath [ 692.898695][ T5786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 694.445841][T10598] loop0: detected capacity change from 0 to 256 [ 695.756849][T10607] loop0: detected capacity change from 0 to 4096 [ 695.974541][T10607] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 696.694543][T10614] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1247'. [ 697.064513][T10624] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1251'. [ 697.282317][T10624] vlan3: entered promiscuous mode [ 697.410237][T10624] team0: entered promiscuous mode [ 697.543973][T10624] team_slave_0: entered promiscuous mode [ 697.693291][T10624] team_slave_1: entered promiscuous mode [ 699.982091][T10655] overlayfs: failed to clone upperpath [ 700.050411][ T5786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 702.917259][T10676] loop0: detected capacity change from 0 to 256 [ 703.728582][T10679] loop0: detected capacity change from 0 to 512 [ 703.801484][T10679] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 703.850950][T10679] ext4 filesystem being mounted at /269/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 705.378283][ T5786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 705.551632][T10697] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1270'. [ 706.229620][T10711] loop0: detected capacity change from 0 to 256 [ 707.675767][ T1121] Bluetooth: hci4: Frame reassembly failed (-84) [ 707.951114][T10723] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1277'. [ 707.968056][T10723] vlan2: entered promiscuous mode [ 707.973155][T10723] team0: entered promiscuous mode [ 707.979247][T10723] team_slave_0: entered promiscuous mode [ 707.985201][T10723] team_slave_1: entered promiscuous mode [ 707.991197][T10723] batadv1: entered promiscuous mode [ 709.809053][ T5799] Bluetooth: hci4: command 0x1003 tx timeout [ 709.810786][ T9401] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 714.407480][T10787] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1294'. [ 720.872821][T10823] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1305'. [ 723.818563][T10838] loop0: detected capacity change from 0 to 256 [ 723.850521][T10832] overlayfs: failed to clone upperpath [ 724.802143][T10846] loop0: detected capacity change from 0 to 512 [ 724.844242][T10846] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 724.911399][T10846] ext4 filesystem being mounted at /276/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 726.861382][T10858] xt_time: invalid argument - start or stop time greater than 23:59:59 [ 727.077149][ T5786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 727.842609][T10865] loop0: detected capacity change from 0 to 4096 [ 728.050607][T10865] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 728.316809][T10869] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1316'. [ 728.404066][T10869] vlan3: entered promiscuous mode [ 733.790182][ T5786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 733.927432][T10917] loop0: detected capacity change from 0 to 512 [ 734.034132][T10917] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 734.052129][T10917] ext4 filesystem being mounted at /278/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 734.537195][T10923] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1330'. [ 735.160291][ T5786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 738.078822][T10954] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1339'. [ 739.537747][T10965] loop0: detected capacity change from 0 to 512 [ 739.633322][T10965] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 739.665748][T10965] ext4 filesystem being mounted at /280/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 740.665756][ T5786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 742.417112][ T1307] Bluetooth: hci4: Frame reassembly failed (-84) [ 744.308900][ T9401] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 746.712997][T11030] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1360'. [ 746.876941][T11030] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 746.884813][T11030] IPv6: NLM_F_CREATE should be set when creating new route [ 747.509937][ T1278] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.516560][ T1278] ieee802154 phy1 wpan1: encryption failed: -22 [ 752.135045][ T7975] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 752.377337][ T7975] usb 1-1: config 0 has no interfaces? [ 752.441157][ T7975] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 752.515525][ T7975] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 752.546385][ T7975] usb 1-1: Product: syz [ 752.550636][ T7975] usb 1-1: Manufacturer: syz [ 752.588453][ T7975] usb 1-1: SerialNumber: syz [ 752.605799][ T7975] usb 1-1: config 0 descriptor?? [ 758.914507][ T5870] usb 1-1: USB disconnect, device number 17 [ 763.290718][ T7979] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 763.441005][T11155] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1391'. [ 763.474167][T11157] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1392'. [ 763.485811][ T7979] usb 1-1: too many configurations: 151, using maximum allowed: 8 [ 763.506726][ T7979] usb 1-1: unable to read config index 0 descriptor/start: -61 [ 763.520027][ T7979] usb 1-1: can't read configurations, error -61 [ 763.530768][T11157] vlan2: entered promiscuous mode [ 763.696426][ T7979] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 763.901257][ T7979] usb 1-1: too many configurations: 151, using maximum allowed: 8 [ 763.940982][ T7979] usb 1-1: unable to read config index 0 descriptor/start: -61 [ 764.908673][ T7979] usb 1-1: can't read configurations, error -61 [ 764.935059][ T7979] usb usb1-port1: attempt power cycle [ 766.485006][ T7979] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 766.567633][ T7979] usb 1-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 766.587259][ T7979] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 766.611239][ T7979] usb 1-1: Product: syz [ 766.627791][ T7979] usb 1-1: Manufacturer: syz [ 766.645908][ T7979] usb 1-1: SerialNumber: syz [ 767.465221][T11179] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 767.520013][T11179] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 767.803016][T11198] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1402'. [ 767.835543][ T7979] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00000098. ret = -71 [ 767.862266][ T7979] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -71 [ 767.889952][ T7979] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 767.910544][ T7979] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 768.102465][ T7979] lan78xx: probe of 1-1:1.0 failed with error -71 [ 769.140265][ T7979] usb 1-1: USB disconnect, device number 20 [ 773.517705][T11236] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1412'. [ 780.335092][ T7974] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 780.525844][ T7974] usb 1-1: too many configurations: 151, using maximum allowed: 8 [ 780.546869][ T7974] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 780.580378][ T7974] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 780.598131][ T7974] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 780.612427][ T7974] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 781.462660][ T7974] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 781.473262][ T7974] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 781.484033][ T7974] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 781.494568][ T7974] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 781.509358][ T7974] usb 1-1: New USB device found, idVendor=04d8, idProduct=0082, bcdDevice=ce.b7 [ 781.525663][ T7974] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=130 [ 781.533888][ T7974] usb 1-1: Product: syz [ 781.565248][ T7974] usb 1-1: Manufacturer: syz [ 781.569919][ T7974] usb 1-1: SerialNumber: syz [ 781.609752][ T7974] usb 1-1: config 0 descriptor?? [ 783.137081][ T7974] usb 1-1: USB disconnect, device number 21 [ 786.475249][ T7975] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 787.433927][ T7975] usb 1-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 787.454970][ T7975] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 787.463036][ T7975] usb 1-1: Product: syz [ 787.484941][ T7975] usb 1-1: Manufacturer: syz [ 787.489639][ T7975] usb 1-1: SerialNumber: syz [ 788.622296][ T7975] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00000098. ret = -71 [ 788.645038][ T7975] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -71 [ 788.657369][ T7975] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 788.672757][ T7975] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 788.686161][ T7975] lan78xx: probe of 1-1:1.0 failed with error -71 [ 788.718809][ T7975] usb 1-1: USB disconnect, device number 22 [ 791.693635][T11373] loop0: detected capacity change from 0 to 4096 [ 791.910284][T11373] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 791.953458][T11379] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1449'. [ 793.345588][T11393] fuse: Unknown parameter '0x0000000000000007' [ 793.417788][ T5786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 793.625741][ T50] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 793.636811][ T50] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 793.645104][ T50] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 793.654337][ T50] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 793.662019][ T50] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 793.673548][ T50] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 795.748181][ T9401] Bluetooth: hci4: command tx timeout [ 795.918806][T11395] chnl_net:caif_netlink_parms(): no params data found [ 797.135299][ T9401] Bluetooth: hci5: command 0x1003 tx timeout [ 797.155169][ T50] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 797.481953][T11423] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1459'. [ 797.500314][ T6030] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 797.601027][ T6030] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 797.634622][T11395] bridge0: port 1(bridge_slave_0) entered blocking state [ 797.667482][T11395] bridge0: port 1(bridge_slave_0) entered disabled state [ 797.674787][T11395] bridge_slave_0: entered allmulticast mode [ 797.716840][T11395] bridge_slave_0: entered promiscuous mode [ 797.729095][T11395] bridge0: port 2(bridge_slave_1) entered blocking state [ 797.736607][T11395] bridge0: port 2(bridge_slave_1) entered disabled state [ 797.743953][T11395] bridge_slave_1: entered allmulticast mode [ 797.752205][T11395] bridge_slave_1: entered promiscuous mode [ 797.800928][ T6030] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 797.862708][ T50] Bluetooth: hci4: command tx timeout [ 797.910906][ T6030] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 798.972219][T11395] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 799.063735][T11395] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 800.004949][ T50] Bluetooth: hci4: command tx timeout [ 800.104606][T11395] team0: Port device team_slave_0 added [ 800.111893][ T28] audit: type=1326 audit(1755821851.683:781): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11439 comm="syz.0.1464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f24c2f8ebe9 code=0x7ffc0000 [ 800.152249][ T28] audit: type=1326 audit(1755821851.683:782): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11439 comm="syz.0.1464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f24c2f8ebe9 code=0x7ffc0000 [ 800.182867][ T28] audit: type=1326 audit(1755821851.723:783): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11439 comm="syz.0.1464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=135 compat=0 ip=0x7f24c2f8ebe9 code=0x7ffc0000 [ 800.186223][T11395] team0: Port device team_slave_1 added [ 800.304177][ T28] audit: type=1326 audit(1755821851.723:784): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11439 comm="syz.0.1464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f24c2f8ebe9 code=0x7ffc0000 [ 800.412754][T11395] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 800.433877][T11395] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 800.475873][ T28] audit: type=1326 audit(1755821851.723:785): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11439 comm="syz.0.1464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f24c2f8ebe9 code=0x7ffc0000 [ 800.515287][T11395] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 800.537621][ T28] audit: type=1326 audit(1755821851.723:786): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11439 comm="syz.0.1464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7f24c2f8ebe9 code=0x7ffc0000 [ 800.563007][T11395] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 800.570120][T11395] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 800.596336][ T28] audit: type=1326 audit(1755821851.723:787): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11439 comm="syz.0.1464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f24c2f8ebe9 code=0x7ffc0000 [ 800.619752][T11395] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 800.631221][ T28] audit: type=1326 audit(1755821851.723:788): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11439 comm="syz.0.1464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f24c2f8ebe9 code=0x7ffc0000 [ 800.654182][ T28] audit: type=1326 audit(1755821851.723:789): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11439 comm="syz.0.1464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f24c2f8ebe9 code=0x7ffc0000 [ 800.676796][ T28] audit: type=1326 audit(1755821851.723:790): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11439 comm="syz.0.1464" exe="/root/syz-executor" sig=0 arch=c000003e syscall=190 compat=0 ip=0x7f24c2f8ebe9 code=0x7ffc0000 [ 801.054186][T11395] hsr_slave_0: entered promiscuous mode [ 801.137709][T11395] hsr_slave_1: entered promiscuous mode [ 801.144722][T11395] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 801.189798][T11395] Cannot create hsr debugfs directory [ 801.276324][ T23] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 802.075608][ T50] Bluetooth: hci4: command tx timeout [ 802.108436][ T23] usb 1-1: Using ep0 maxpacket: 16 [ 803.653301][T11475] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1469'. [ 804.011022][ T23] usb 1-1: device descriptor read/all, error -71 [ 804.340846][T11485] loop0: detected capacity change from 0 to 256 [ 806.913235][T11395] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 807.093020][T11508] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1477'. [ 807.450179][T11395] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 808.251031][T11395] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 808.346074][T11395] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 808.561305][ T6030] hsr_slave_0: left promiscuous mode [ 808.576434][ T6030] hsr_slave_1: left promiscuous mode [ 808.599814][ T6030] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 808.633347][ T6030] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 808.671478][ T6030] bridge_slave_1: left allmulticast mode [ 808.681274][ T6030] bridge_slave_1: left promiscuous mode [ 808.694113][ T6030] bridge0: port 2(bridge_slave_1) entered disabled state [ 808.711402][ T6030] bridge_slave_0: left allmulticast mode [ 808.717498][ T6030] bridge_slave_0: left promiscuous mode [ 808.729466][ T6030] bridge0: port 1(bridge_slave_0) entered disabled state [ 808.828370][ T6030] veth1_macvtap: left promiscuous mode [ 808.835440][ T6030] veth0_macvtap: left promiscuous mode [ 808.850169][ T6030] veth1_vlan: left promiscuous mode [ 808.864188][ T6030] veth0_vlan: left promiscuous mode [ 808.975786][ T1278] ieee802154 phy0 wpan0: encryption failed: -22 [ 808.982150][ T1278] ieee802154 phy1 wpan1: encryption failed: -22 [ 812.516297][ T6030] team0 (unregistering): Port device team_slave_1 removed [ 812.584826][ T6030] team0 (unregistering): Port device team_slave_0 removed [ 812.633234][ T6030] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 812.681864][ T6030] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 813.216114][ T6030] bond0 (unregistering): Released all slaves [ 815.383280][T11577] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1491'. [ 815.597315][T11395] 8021q: adding VLAN 0 to HW filter on device bond0 [ 815.669417][T11395] 8021q: adding VLAN 0 to HW filter on device team0 [ 815.728108][T11571] block device autoloading is deprecated and will be removed. [ 816.800359][T10465] bridge0: port 1(bridge_slave_0) entered blocking state [ 816.807545][T10465] bridge0: port 1(bridge_slave_0) entered forwarding state [ 816.846482][T10465] bridge0: port 2(bridge_slave_1) entered blocking state [ 816.854525][T10465] bridge0: port 2(bridge_slave_1) entered forwarding state [ 817.504703][T11571] syz.0.1490: attempt to access beyond end of device [ 817.504703][T11571] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 817.603074][T11395] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 818.998567][T11395] veth0_vlan: entered promiscuous mode [ 820.209375][T11395] veth1_vlan: entered promiscuous mode [ 821.060990][T11395] veth0_macvtap: entered promiscuous mode [ 822.525970][T11395] veth1_macvtap: entered promiscuous mode [ 822.559689][T11395] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 822.571126][T11395] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 822.582221][T11395] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 822.599274][T11395] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 822.722416][T11395] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 822.797609][T11395] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 822.821401][T11395] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 823.283086][T11395] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 823.600028][T11395] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 823.675048][T11395] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 823.696285][T11395] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 823.705795][T11395] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 825.033722][T11672] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1507'. [ 825.214784][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 825.302264][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 826.338756][T10463] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 826.678669][T10463] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 827.309823][T11688] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1511'. [ 828.033929][T11688] vlan2: entered promiscuous mode [ 831.153086][T11722] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1515'. [ 831.997697][T11748] loop0: detected capacity change from 0 to 256 [ 835.390226][T11773] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1524'. [ 836.678053][T11773] @: renamed from syz_tun [ 837.446760][T11784] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 838.760510][T11797] netlink: 68 bytes leftover after parsing attributes in process `syz.0.1528'. [ 839.171411][T11803] loop0: detected capacity change from 0 to 256 [ 843.497029][T11827] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 844.853889][T11835] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1538'. [ 845.107437][T11841] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 846.187341][T11848] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1541'. [ 847.184654][T11871] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1542'. [ 848.098539][T11871] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1542'. [ 848.274454][T11878] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1548'. [ 848.780726][T11891] loop0: detected capacity change from 0 to 256 [ 851.074560][T11903] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1552'. [ 852.885609][T11931] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1558'. [ 853.543558][T11950] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1562'. [ 855.076343][T11961] loop4: detected capacity change from 0 to 512 [ 856.780740][T11961] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 857.067589][T11961] ext4 filesystem being mounted at /11/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 857.883242][T11395] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 857.941091][T11980] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1568'. [ 858.634032][T11995] tipc: Enabling of bearer rejected, failed to enable media [ 858.678022][T11996] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1572'. [ 858.754715][ T50] Bluetooth: hci2: unexpected event for opcode 0x200b [ 861.852246][T12016] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1578'. [ 863.067662][T12034] input: syz0 as /devices/virtual/input/input6 [ 863.146892][T12038] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1584'. [ 863.160137][T12038] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1584'. [ 863.173351][T12038] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1584'. [ 866.041667][T12060] overlayfs: failed to clone upperpath [ 868.518261][T12081] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1594'. [ 868.614205][T12081] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1594'. [ 868.685050][T12081] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1594'. [ 868.925969][T12090] netlink: 'syz.1.1596': attribute type 1 has an invalid length. [ 869.078803][T12090] 8021q: adding VLAN 0 to HW filter on device bond1 [ 869.176179][T12096] loop0: detected capacity change from 0 to 512 [ 869.204196][T12092] bond1: (slave gretap0): making interface the new active one [ 869.232918][T12096] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 869.258026][T12092] bond1: (slave gretap0): Enslaving as an active interface with an up link [ 869.286067][T12096] ext4 filesystem being mounted at /340/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 870.201914][T10465] Bluetooth: hci1: Frame reassembly failed (-84) [ 870.406169][ T1278] ieee802154 phy0 wpan0: encryption failed: -22 [ 870.459659][ T1278] ieee802154 phy1 wpan1: encryption failed: -22 [ 872.765515][ T50] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 872.767936][ T9401] Bluetooth: hci1: command 0x1003 tx timeout [ 874.610955][ T7977] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 874.620042][ T5786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 874.945470][ T7977] usb 5-1: Using ep0 maxpacket: 16 [ 875.839205][T12166] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 880.384582][ T7977] usb 5-1: unable to read config index 0 descriptor/start: -110 [ 880.394981][ T7977] usb 5-1: can't read configurations, error -110 [ 880.544951][ T7977] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 880.635863][T12195] netdevsim netdevsim2 netdevsim0: entered promiscuous mode [ 880.774951][ T7977] usb 5-1: device descriptor read/64, error -32 [ 881.015362][ T7977] usb usb5-port1: attempt power cycle [ 881.611793][T12213] loop4: detected capacity change from 0 to 128 [ 885.060759][T12253] loop4: detected capacity change from 0 to 256 [ 886.421500][T12268] loop4: detected capacity change from 0 to 128 [ 886.465053][ T50] Bluetooth: hci1: command 0x1003 tx timeout [ 886.531925][ T9401] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 887.675104][ T7974] usb 1-1: new low-speed USB device number 25 using dummy_hcd [ 887.877741][ T7974] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 887.902249][ T7974] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 887.924156][ T7974] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2ced, bcdDevice= 0.00 [ 887.942191][ T7974] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 887.961651][ T7974] usb 1-1: config 0 descriptor?? [ 888.439510][ T7974] usbhid 1-1:0.0: can't add hid device: -71 [ 888.457803][ T7974] usbhid: probe of 1-1:0.0 failed with error -71 [ 888.725666][ T7974] usb 1-1: USB disconnect, device number 25 [ 890.275796][ T7977] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 890.474952][ T7977] usb 5-1: Using ep0 maxpacket: 16 [ 890.490422][ T7977] usb 5-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xF3, skipping [ 890.527095][ T7977] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 890.539478][ T7977] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 890.554034][ T7977] usb 5-1: Product: syz [ 890.561206][ T7977] usb 5-1: Manufacturer: syz [ 890.577391][ T7977] usb 5-1: SerialNumber: syz [ 890.602813][ T7977] usb 5-1: config 0 descriptor?? [ 893.080727][ T7974] usb 5-1: USB disconnect, device number 5 [ 893.761223][T12377] loop0: detected capacity change from 0 to 256 [ 897.034960][ T7974] usb 1-1: new high-speed USB device number 26 using dummy_hcd [ 897.294293][ T7974] usb 1-1: config 0 has no interfaces? [ 897.322710][ T7974] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 897.368017][ T7974] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 897.421994][ T7974] usb 1-1: Product: syz [ 897.448575][ T7974] usb 1-1: Manufacturer: syz [ 897.521822][ T7974] usb 1-1: SerialNumber: syz [ 897.565916][ T7974] usb 1-1: config 0 descriptor?? [ 899.488667][T12450] input: syz0 as /devices/virtual/input/input7 [ 900.064357][ T7979] usb 1-1: USB disconnect, device number 26 [ 900.134213][T12458] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1681'. [ 900.144149][T12458] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1681'. [ 901.526150][T12472] loop4: detected capacity change from 0 to 4096 [ 902.196126][T12472] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 902.607942][T12495] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 904.090900][T11395] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 907.375459][T12523] input: syz0 as /devices/virtual/input/input8 [ 908.315863][T12528] overlayfs: failed to clone upperpath [ 912.595831][T12567] overlayfs: failed to clone upperpath [ 914.022911][ T9401] Bluetooth: hci0: ACL packet for unknown connection handle 3584 [ 914.495388][ T7977] usb 1-1: new high-speed USB device number 27 using dummy_hcd [ 914.729825][ T7977] usb 1-1: config 0 has no interfaces? [ 914.886315][ T7977] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 914.910764][ T7977] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 914.921308][ T7977] usb 1-1: Product: syz [ 914.926070][ T7977] usb 1-1: Manufacturer: syz [ 914.930783][ T7977] usb 1-1: SerialNumber: syz [ 914.938660][ T7977] usb 1-1: config 0 descriptor?? [ 917.057794][T12620] input: syz0 as /devices/virtual/input/input9 [ 917.495173][ T50] Bluetooth: hci4: ACL packet for unknown connection handle 3584 [ 917.903075][ T7975] usb 1-1: USB disconnect, device number 27 [ 918.121493][T12636] loop4: detected capacity change from 0 to 256 [ 918.545153][ T50] Bluetooth: hci4: command 0x0406 tx timeout [ 921.718856][ T9401] Bluetooth: hci3: ACL packet for unknown connection handle 3584 [ 923.384084][T12676] xt_time: invalid argument - start or stop time greater than 23:59:59 [ 926.090196][T12677] loop0: detected capacity change from 0 to 256 [ 928.707028][T12693] input: syz0 as /devices/virtual/input/input10 [ 928.775142][ T9401] Bluetooth: hci3: ACL packet for unknown connection handle 3584 [ 929.113629][T12708] loop0: detected capacity change from 0 to 256 [ 931.855132][ T1278] ieee802154 phy0 wpan0: encryption failed: -22 [ 931.861663][ T1278] ieee802154 phy1 wpan1: encryption failed: -22 [ 934.028293][ T9401] Bluetooth: hci0: ACL packet for unknown connection handle 3584 [ 938.334661][T12772] input: syz0 as /devices/virtual/input/input11 [ 942.241370][T12801] input: syz0 as /devices/virtual/input/input12 [ 943.137178][T12821] loop0: detected capacity change from 0 to 256 [ 945.214930][ T7951] usb 1-1: new high-speed USB device number 28 using dummy_hcd [ 945.410835][ T7951] usb 1-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 945.604945][ T7951] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 945.613189][ T7951] usb 1-1: Product: syz [ 945.627046][ T7951] usb 1-1: Manufacturer: syz [ 945.631682][ T7951] usb 1-1: SerialNumber: syz [ 946.070490][ T7951] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -71 [ 946.100152][ T7951] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00000098. ret = -71 [ 946.123979][ T7951] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -71 [ 946.168376][ T7951] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 946.206790][ T7951] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 946.229955][ T7951] lan78xx: probe of 1-1:1.0 failed with error -71 [ 946.256992][ T7951] usb 1-1: USB disconnect, device number 28 [ 947.485188][T12844] input: syz0 as /devices/virtual/input/input13 [ 948.046449][T12855] loop0: detected capacity change from 0 to 256 [ 949.153098][T12864] loop4: detected capacity change from 0 to 4096 [ 949.335972][T12864] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 950.399532][T12849] xt_time: invalid argument - start or stop time greater than 23:59:59 [ 951.129672][T11395] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 952.005326][ T23] usb 1-1: new high-speed USB device number 29 using dummy_hcd [ 952.590858][ T23] usb 1-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 952.624965][ T23] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 952.659068][ T23] usb 1-1: Product: syz [ 952.663310][ T23] usb 1-1: Manufacturer: syz [ 952.688904][ T23] usb 1-1: SerialNumber: syz [ 953.216807][T12897] loop4: detected capacity change from 0 to 256 [ 953.940723][ T23] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -71 [ 953.995460][ T23] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00000098. ret = -71 [ 954.028766][ T23] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -71 [ 954.066846][ T23] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 954.113514][ T23] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 954.144021][ T23] lan78xx: probe of 1-1:1.0 failed with error -71 [ 954.215044][ T23] usb 1-1: USB disconnect, device number 29 [ 954.299853][T12903] loop4: detected capacity change from 0 to 4096 [ 954.372334][T12903] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 956.290339][T11395] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 959.228967][T12942] input: syz0 as /devices/virtual/input/input14 [ 959.791433][T12953] loop0: detected capacity change from 0 to 4096 [ 959.843013][T12953] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 960.612275][T12977] loop4: detected capacity change from 0 to 256 [ 961.840537][ T5786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 964.574225][T13008] loop0: detected capacity change from 0 to 256 [ 965.724284][T13013] loop0: detected capacity change from 0 to 256 [ 968.756010][ T23] usb 1-1: new high-speed USB device number 30 using dummy_hcd [ 969.060029][ T23] usb 1-1: config 0 has no interfaces? [ 969.090660][ T23] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 969.120139][ T23] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 969.159390][ T23] usb 1-1: Product: syz [ 969.200411][ T23] usb 1-1: Manufacturer: syz [ 969.256697][ T23] usb 1-1: SerialNumber: syz [ 969.349788][ T23] usb 1-1: config 0 descriptor?? [ 969.550836][T13059] loop4: detected capacity change from 0 to 4096 [ 970.469081][T13059] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 972.990858][ T7951] usb 1-1: USB disconnect, device number 30 [ 973.361720][T11395] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 973.993147][T13108] binder: 13107:13108 ioctl c0306201 200000000240 returned -11 [ 975.569099][ T7951] usb 1-1: new high-speed USB device number 31 using dummy_hcd [ 976.728437][ T7951] usb 1-1: config 0 has no interfaces? [ 976.773765][ T7951] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 976.793713][ T7951] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 976.808052][T13149] input: syz0 as /devices/virtual/input/input15 [ 976.823918][ T7951] usb 1-1: Product: syz [ 976.845779][ T7951] usb 1-1: Manufacturer: syz [ 976.850459][ T7951] usb 1-1: SerialNumber: syz [ 976.874051][ T7951] usb 1-1: config 0 descriptor?? [ 978.685208][T13170] loop4: detected capacity change from 0 to 1024 [ 978.721316][T13170] EXT4-fs: Ignoring removed nomblk_io_submit option [ 978.746109][T13170] EXT4-fs: Mount option(s) incompatible with ext3 [ 980.071853][T11686] usb 1-1: USB disconnect, device number 31 [ 980.367390][T13194] loop0: detected capacity change from 0 to 256 [ 981.351764][ T9401] Bluetooth: hci3: Malformed MSFT vendor event: 0x02 [ 984.249728][T13230] loop0: detected capacity change from 0 to 256 [ 985.185169][ T9401] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 990.438935][ T28] kauditd_printk_skb: 12 callbacks suppressed [ 990.438951][ T28] audit: type=1326 audit(1755822050.018:803): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13260 comm="syz.4.1914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe607b8ebe9 code=0x7ffc0000 [ 990.519335][ T28] audit: type=1326 audit(1755822050.048:804): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13260 comm="syz.4.1914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe607b8ebe9 code=0x7ffc0000 [ 991.500669][ T28] audit: type=1326 audit(1755822050.048:805): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13260 comm="syz.4.1914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=135 compat=0 ip=0x7fe607b8ebe9 code=0x7ffc0000 [ 991.547830][ T28] audit: type=1326 audit(1755822050.048:806): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13260 comm="syz.4.1914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe607b8ebe9 code=0x7ffc0000 [ 991.578541][ T28] audit: type=1326 audit(1755822050.048:807): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13260 comm="syz.4.1914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe607b8ebe9 code=0x7ffc0000 [ 991.637147][ T28] audit: type=1326 audit(1755822050.048:808): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13260 comm="syz.4.1914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7fe607b8ebe9 code=0x7ffc0000 [ 991.800510][ T28] audit: type=1326 audit(1755822050.048:809): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13260 comm="syz.4.1914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe607b8ebe9 code=0x7ffc0000 [ 991.833674][ T28] audit: type=1326 audit(1755822050.058:810): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13260 comm="syz.4.1914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe607b8ebe9 code=0x7ffc0000 [ 992.515124][ T28] audit: type=1326 audit(1755822050.058:811): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13260 comm="syz.4.1914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fe607b8ebe9 code=0x7ffc0000 [ 992.666689][ T28] audit: type=1326 audit(1755822050.058:812): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13260 comm="syz.4.1914" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe607b8ebe9 code=0x7ffc0000 [ 992.801880][T13265] pim6reg: entered allmulticast mode [ 993.955383][ T1278] ieee802154 phy0 wpan0: encryption failed: -22 [ 993.962121][ T1278] ieee802154 phy1 wpan1: encryption failed: -22 [ 994.435115][ T23] usb 1-1: new high-speed USB device number 32 using dummy_hcd [ 996.711045][T13311] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1930'. [ 997.261138][T13322] binder: BINDER_SET_CONTEXT_MGR already set [ 997.288055][T13322] binder: 13321:13322 ioctl 4018620d 200000000040 returned -16 [ 997.319261][T13322] binder: 13321:13322 ioctl c0306201 200000000240 returned -11 [ 999.230611][ T23] usb 1-1: device descriptor read/all, error -71 [ 999.473453][T13343] loop4: detected capacity change from 0 to 256 [ 1000.858466][T13347] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1940'. [ 1002.106638][T13358] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1006.423259][T11686] usb 1-1: new high-speed USB device number 34 using dummy_hcd [ 1006.830855][T11686] usb 1-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 1006.845009][T11686] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1006.853402][T11686] usb 1-1: Product: syz [ 1006.858600][T11686] usb 1-1: Manufacturer: syz [ 1006.863375][T11686] usb 1-1: SerialNumber: syz [ 1007.915056][T11686] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -32 [ 1007.957948][T11686] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -71 [ 1007.995681][T11686] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -71 [ 1008.014429][T11686] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 1008.040556][T11686] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 1008.079421][T11686] lan78xx: probe of 1-1:1.0 failed with error -71 [ 1008.117921][T11686] usb 1-1: USB disconnect, device number 34 [ 1009.657401][T13413] input: syz0 as /devices/virtual/input/input16 [ 1010.665119][T13420] input: syz0 as /devices/virtual/input/input17 [ 1011.158288][T13423] kvm: kvm [13421]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x187) = 0x2d00000800 [ 1011.645063][ T5853] usb 1-1: new high-speed USB device number 35 using dummy_hcd [ 1012.102178][ T5853] usb 1-1: config 0 has no interfaces? [ 1012.155266][ T5853] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 1012.155301][ T5853] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1012.155323][ T5853] usb 1-1: Product: syz [ 1012.155338][ T5853] usb 1-1: Manufacturer: syz [ 1012.155355][ T5853] usb 1-1: SerialNumber: syz [ 1012.205308][ T5853] usb 1-1: config 0 descriptor?? [ 1014.810384][T13466] loop4: detected capacity change from 0 to 256 [ 1018.068938][T13480] input: syz0 as /devices/virtual/input/input18 [ 1018.211435][ T23] usb 1-1: USB disconnect, device number 35 [ 1019.322355][ T23] usb 1-1: new full-speed USB device number 36 using dummy_hcd [ 1019.670692][ T23] usb 1-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c [ 1019.689648][ T23] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1019.709146][ T23] usb 1-1: config 0 descriptor?? [ 1020.841446][ T23] pegasus: probe of 1-1:0.0 failed with error -71 [ 1020.927459][ T23] usb 1-1: USB disconnect, device number 36 [ 1021.477116][T13525] loop4: detected capacity change from 0 to 512 [ 1021.501260][T13525] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1021.526287][T13525] ext4 filesystem being mounted at /117/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1022.571965][T11395] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1022.877278][ T7979] usb 1-1: new high-speed USB device number 37 using dummy_hcd [ 1023.081913][ T7979] usb 1-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 1023.111232][ T7979] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1023.137502][ T7979] usb 1-1: Product: syz [ 1023.159334][ T7979] usb 1-1: Manufacturer: syz [ 1023.170825][ T7979] usb 1-1: SerialNumber: syz [ 1023.979259][ T7979] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -71 [ 1024.012767][ T7979] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00000098. ret = -71 [ 1024.040943][ T7979] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -71 [ 1024.074440][ T7979] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 1024.089487][ T7979] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 1024.111316][ T7979] lan78xx: probe of 1-1:1.0 failed with error -71 [ 1024.149340][ T7979] usb 1-1: USB disconnect, device number 37 [ 1025.648595][T13562] loop0: detected capacity change from 0 to 4096 [ 1025.814928][T13562] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1025.833960][T13572] input: syz0 as /devices/virtual/input/input19 [ 1029.822806][ T5786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1029.932050][T13601] input: syz0 as /devices/virtual/input/input20 [ 1033.594546][T13614] loop0: detected capacity change from 0 to 512 [ 1033.882030][T13614] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1033.957875][T13614] ext4 filesystem being mounted at /422/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1034.797279][ T5786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1035.266074][T13632] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 1036.533521][T13643] netlink: 72 bytes leftover after parsing attributes in process `syz.1.2030'. [ 1036.745033][T11686] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 1038.149299][T11686] usb 5-1: config 0 has no interfaces? [ 1038.158989][T11686] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 1038.994875][T11686] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1039.003013][T11686] usb 5-1: Product: syz [ 1039.021694][T11686] usb 5-1: Manufacturer: syz [ 1039.047633][T11686] usb 5-1: SerialNumber: syz [ 1039.092056][T11686] usb 5-1: config 0 descriptor?? [ 1039.609853][T13667] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1041.406536][T13672] netlink: 72 bytes leftover after parsing attributes in process `syz.2.2039'. [ 1148.194743][ C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 1148.201752][ C0] rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P11/1:b..l [ 1148.209931][ C0] rcu: (detected by 0, t=10502 jiffies, g=70545, q=367 ncpus=2) [ 1148.217664][ C0] task:kworker/u4:0 state:R running task stack:21968 pid:11 ppid:2 flags:0x00004000 [ 1148.229410][ C0] Workqueue: bat_events batadv_nc_worker [ 1148.235081][ C0] Call Trace: [ 1148.238375][ C0] [ 1148.241315][ C0] __schedule+0x14d2/0x44d0 [ 1148.245847][ C0] ? asan.module_dtor+0x20/0x20 [ 1148.250705][ C0] ? mark_lock+0x94/0x320 [ 1148.255048][ C0] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 1148.261060][ C0] ? preempt_schedule_irq+0xaa/0x140 [ 1148.266363][ C0] preempt_schedule_irq+0xb5/0x140 [ 1148.271479][ C0] ? preempt_schedule_notrace+0x110/0x110 [ 1148.277213][ C0] ? rcu_irq_exit_check_preempt+0xdf/0x210 [ 1148.283045][ C0] irqentry_exit+0x67/0x70 [ 1148.287498][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1148.293503][ C0] RIP: 0010:batadv_nc_worker+0x103/0x610 [ 1148.299158][ C0] Code: 31 f6 31 d2 b9 02 00 00 00 45 31 c0 45 31 c9 41 55 e8 91 5d 31 f7 48 83 c4 08 e8 28 ad 37 00 89 c3 31 ff 89 c6 e8 bd ed 4f f7 <85> db 74 10 e8 24 f5 39 f7 84 c0 74 0e e8 fb e9 4f f7 eb 56 e8 f4 [ 1148.318809][ C0] RSP: 0018:ffffc90000107b60 EFLAGS: 00000293 [ 1148.324904][ C0] RAX: ffffffff8a35a113 RBX: 0000000000000001 RCX: 0000000000000000 [ 1148.332926][ C0] RDX: ffff888019e7bc00 RSI: 0000000000000001 RDI: 0000000000000000 [ 1148.340915][ C0] RBP: ffff888030540fc0 R08: dffffc0000000000 R09: 1ffffffff21b46a0 [ 1148.348913][ C0] R10: dffffc0000000000 R11: fffffbfff21b46a1 R12: dffffc0000000000 [ 1148.356905][ C0] R13: ffffffff8a35a0e2 R14: ffff888060e80c80 R15: 00000000000001f8 [ 1148.364902][ C0] ? batadv_nc_worker+0xd2/0x610 [ 1148.369875][ C0] ? batadv_nc_worker+0x103/0x610 [ 1148.374946][ C0] ? process_scheduled_works+0x957/0x15b0 [ 1148.380695][ C0] process_scheduled_works+0xa45/0x15b0 [ 1148.386427][ C0] ? assign_work+0x400/0x400 [ 1148.391055][ C0] ? assign_work+0x39e/0x400 [ 1148.395848][ C0] worker_thread+0xa55/0xfc0 [ 1148.400477][ C0] kthread+0x2fa/0x390 [ 1148.404553][ C0] ? pr_cont_work+0x560/0x560 [ 1148.409239][ C0] ? kthread_blkcg+0xd0/0xd0 [ 1148.413837][ C0] ret_from_fork+0x48/0x80 [ 1148.418260][ C0] ? kthread_blkcg+0xd0/0xd0 [ 1148.422888][ C0] ret_from_fork_asm+0x11/0x20 [ 1148.427685][ C0] [ 1148.430719][ C0] rcu: rcu_preempt kthread starved for 10224 jiffies! g70545 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1 [ 1148.441923][ C0] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 1148.451903][ C0] rcu: RCU grace-period kthread stack dump: [ 1148.457790][ C0] task:rcu_preempt state:R running task stack:27368 pid:17 ppid:2 flags:0x00004000 [ 1148.468567][ C0] Call Trace: [ 1148.471848][ C0] [ 1148.474797][ C0] __schedule+0x14d2/0x44d0 [ 1148.479339][ C0] ? asan.module_dtor+0x20/0x20 [ 1148.484237][ C0] ? enqueue_timer+0x225/0x530 [ 1148.489124][ C0] ? __mod_timer+0x984/0xdb0 [ 1148.493741][ C0] schedule+0xbd/0x170 [ 1148.497822][ C0] schedule_timeout+0x160/0x280 [ 1148.502696][ C0] ? console_conditional_schedule+0x40/0x40 [ 1148.508611][ C0] ? _raw_spin_unlock_irqrestore+0x86/0x110 [ 1148.514528][ C0] ? update_process_times+0x1b0/0x1b0 [ 1148.519917][ C0] ? prepare_to_swait_event+0x339/0x360 [ 1148.525477][ C0] rcu_gp_fqs_loop+0x302/0x1560 [ 1148.530340][ C0] ? rcu_gp_init+0x110e/0x1510 [ 1148.535125][ C0] ? dyntick_save_progress_counter+0x2b0/0x2b0 [ 1148.541293][ C0] ? rcu_gp_init+0x1510/0x1510 [ 1148.546072][ C0] ? rcu_gp_cleanup+0xb4c/0xca0 [ 1148.550968][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 1148.556179][ C0] ? lockdep_hardirqs_on+0x98/0x150 [ 1148.561391][ C0] rcu_gp_kthread+0x99/0x380 [ 1148.566002][ C0] ? rcu_report_qs_rsp+0x1a0/0x1a0 [ 1148.571129][ C0] ? __kthread_parkme+0x7a/0x1c0 [ 1148.576107][ C0] ? __kthread_parkme+0x162/0x1c0 [ 1148.581237][ C0] kthread+0x2fa/0x390 [ 1148.585403][ C0] ? rcu_report_qs_rsp+0x1a0/0x1a0 [ 1148.590534][ C0] ? kthread_blkcg+0xd0/0xd0 [ 1148.595143][ C0] ret_from_fork+0x48/0x80 [ 1148.599917][ C0] ? kthread_blkcg+0xd0/0xd0 [ 1148.604522][ C0] ret_from_fork_asm+0x11/0x20 [ 1148.609310][ C0] [ 1148.612347][ C0] rcu: Stack dump where RCU GP kthread last ran: [ 1148.618677][ C0] Sending NMI from CPU 0 to CPUs 1: [ 1148.623924][ C1] NMI backtrace for cpu 1 [ 1148.623947][ C1] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.6.102-syzkaller #0 [ 1148.623963][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1148.623973][ C1] RIP: 0010:pv_native_safe_halt+0x13/0x20 [ 1148.624001][ C1] Code: cc cc cc cc cc cc cc f3 0f 1e fa 0f 0b 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 66 90 0f 00 2d e3 e6 3a 00 f3 0f 1e fa fb f4 cc cc cc cc cc cc cc cc cc cc cc cc 66 0f 1f 00 55 41 57 41 56 [ 1148.624016][ C1] RSP: 0018:ffffc90000187de0 EFLAGS: 000002c6 [ 1148.624030][ C1] RAX: 5d2e2d0751832200 RBX: ffffffff8161914b RCX: 5d2e2d0751832200 [ 1148.624043][ C1] RDX: 0000000000000001 RSI: ffffffff8aaab9c0 RDI: ffffffff8afc66c0 [ 1148.624055][ C1] RBP: ffffc90000187f20 R08: ffff8880b8f36d4b R09: 1ffff110171e6da9 [ 1148.624067][ C1] R10: dffffc0000000000 R11: ffffed10171e6daa R12: ffffffff8e4a8828 [ 1148.624080][ C1] R13: 0000000000000001 R14: 0000000000000001 R15: 1ffff1100364e780 [ 1148.624090][ C1] FS: 0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 [ 1148.624103][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1148.624121][ C1] CR2: 00007f51c6604fab CR3: 0000000075c0a000 CR4: 00000000003506e0 [ 1148.624135][ C1] Call Trace: [ 1148.624142][ C1] [ 1148.624147][ C1] default_idle+0x13/0x20 [ 1148.624172][ C1] default_idle_call+0x6c/0xa0 [ 1148.624197][ C1] do_idle+0x1eb/0x510 [ 1148.624220][ C1] ? idle_inject_timer_fn+0x60/0x60 [ 1148.624239][ C1] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 1148.624275][ C1] cpu_startup_entry+0x43/0x60 [ 1148.624294][ C1] start_secondary+0xee/0xf0 [ 1148.624312][ C1] secondary_startup_64_no_verify+0x179/0x17b [ 1148.624343][ C1]