last executing test programs: 13.027650492s ago: executing program 4 (id=3128): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) write$uinput_user_dev(r0, &(0x7f0000000080)={'syz1\x00'}, 0x45c) ioctl$UI_GET_SYSNAME(r0, 0x4008556c, 0x0) 12.882545934s ago: executing program 4 (id=3131): ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wlan0\x00'}) ioctl$TCSETSF2(0xffffffffffffffff, 0x402c542d, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) r0 = getpid() ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0) sched_setscheduler(r0, 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) sched_setaffinity(0x0, 0x0, 0x0) ioctl$sock_inet_SIOCGIFBRDADDR(0xffffffffffffffff, 0x8919, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, 0x0, 0x0) syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301) ioctl$KDFONTOP_SET(0xffffffffffffffff, 0x4b72, &(0x7f00000005c0)={0x0, 0x0, 0x2, 0x9, 0x15d, &(0x7f0000000100)="446fc663446b56e2e2d54fdca9bc6c277be78dc858795e7da44afc40ea401de4192735741ee8fa5867cc2551538b80251003b42f7397fc90dc5ea5500d0b2bfea0d8e9338361b0cbe6bf30903c1fa3fa3c9aadfb0603c707e7868bf9c404e7cc52d5fca2808808c4ced4db4601cbeb74b3e877ef54334142c4005c4513f1dacfc2d1ae0b229cab1e4a026c7a3a9ba51fee4f544508090b54941cb27d0a899c58ccb0586f86a2bcd78dc315ad4b52b60fb5b76a310252711785bc2e00022a853a20932b5c2905380148d700149c3bbfe872a512f445ef80dd8153d4e2d047a089ed1a00acc5dd7aca8bef5ab26286889cab9a695968820ce9358ec304b330e3fd0a6e0da254ae1e04125b1159bb8cbf13865f2c565c01b34d515dd5f744d6cddcee84dc90f29a37c4cd4affe1364b520157fa7123ed2237acea09d02094146e6b3ff2a0910cb403c532a5ecacd3d26f5658884af39b575b4045e15d9e7fc2cba4eb63662ec8303caab487746cd4d8c8f9426bb2a4fc6cd94715192eb4ecfa5561e9f2b19d0aceb4df2613b424e573aea9f6cbd1ace28f27578bad99bb7e2f26e063c48945f9ee4900c61c63de280a72719a2ac4459588a2b467520117eb86b559c756eb12f8dceff3643cc2c804eee8560c041b8c1dcd798b723ac54ce515403b99d13b2eb3534c258e46979dc20a4772997ca8553abcad135e46e0834d317320a158d530a62b87c34d2dfef23d965cc9cce45234c9eaae2ec3a6be787569e9e267df2cb5d5c53a620f12065f9aa8920f71afa121b0164a694542a7ba36fc7a13738065fd4f8dae40e8a920f2dfecb3429b71affa50e1ffd21591c0d06fc36cb4c51eeb8f5ef1393e1694bd065bebe9468c792bbfa826aee0f4b0c75facf1a4ea5a89dfd08cf6c541133b6b81406c1f66649e212535065e913dcc64c12f10714f81dffe550d925b0e17bb3dd5da212a627b11c09049c0f63087511628e210d6c54696cc45ce9d4c7188429802e2d6fa68ab28bb103e28c8ebc38edeb400e88b352f8aee174337bfa8e14240c3a2275f631323f1eb2ef7f7933ad673f32cd6034128d70c8ad78218420c7f7c2e011cc2d07d5cf8407c3a02ecf605c3bb5bb335525c8779d372a555a3bbb5e4f5d6a73b31802a725b66ff2ae0d659a0f50a41be9925adddd9cd7f5b77e4cfabadd422c2e9bdb1a81403a96ee6112d26eb7b5d2fd6f213f2744890123e8b9ceb8c02dd29c7d8cb68091e5adfeb7b2bf492feaafff3fce4ccaccdf2c4a3af4be35bff96afd85f58052f2ed939cc90372a7937949e67c9d7ccd399ac69d3a0ef755abc98a5c515c6e23f88c0856babb8fbbeea00ab091930f93bc9b2a8e4628bb6f784fd3838e35bf4db500efb1945c7a7e567496888b476fa68f2cd501f7771279933300e6c9800"}) socket$nl_route(0x10, 0x3, 0x0) keyctl$join(0x1, &(0x7f000001a400)={'syz', 0x3}) 12.203308722s ago: executing program 3 (id=3139): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x12, 0x0, 0x0, &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x6, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000300)={0x6}, 0x8, 0x10, &(0x7f0000002180), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) syz_mount_image$hfsplus(&(0x7f00000001c0), &(0x7f00000002c0)='./file0\x00', 0xa00010, &(0x7f0000000700)=ANY=[@ANYBLOB='nodecomp\a\x00e,decompnsd=\x00'/36, @ANYRESHEX, @ANYBLOB="2c6e6c733d69736f383835392d310000000072726965722c00bcd0f0b5c4e2957974ff5d7ea3c3dcee087e4983684e8a4c4e4e87b134e30ce77162b12885b964b3506ff3eae0f3599447b17861d19be78079e5dd7bdc7f1eb36e31ac14de48349767164f5f6431bbdeaef96a4f2bce64b5cfa76ce3a2c4302374bc5535d7e2eb8dfb2e5d58a37b7e37836597c21f51bcdf6df4cad825cfd9ef5ee9e89e04b15cd3cea9e152d67b9a7eedc5dfe6d85a3ce7c342da8cc969b552197cb8bcc4a1009f38f4a85b7c742101ba5bc03115feca2b994c699812"], 0x6, 0x635, &(0x7f0000000c80)="$eJzs3c1rHOcdB/DvrFZryQVHSezELYGKGNJSUVsvKK16iVtK0SGUkB56FrYcC6+VIClFCaWo79BTD/kD0oNuPRV6N6Tn9parjoFCLznppjKzs9LaWil6s1ZqPx/z7PM888w888xvZ2Zndi0mwP+t+Yk0n6TI/MTb62V9a3OmvbU5c6Vubicpy42k2clSLCfFZ8nddFK+Xk6s5y8OWs8nS3Pvfv7l1hedWrNO1fyNw5Y7mo06ZTzJUJ0/o/Wn4/Q33CmU/dzr398xFLtbWAbsVjdwMGg7+2wcZ/FTHrfARVB0Pjf3GUuuJhmprwNSnx0a5zu6s3essxwAAABcUi9sZzvruTbocQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBlUj//v6hTo1seT9F9/n+rnpa6fKk9GfQAAAAAAAAAAOAMfHM721nPtW59p6h+83+9qlyvXr+WD7OaxazkdtazkLWsZSVTScZ6OmqtL6ytrUwdYcnpvktOn8/2AgAAAAAAAMD/qN9kfu/3fwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGKShOi86xaJO17vlsTSaSUaStMr5NpJ/dcuXRNFv4pPzHwcAAACcysgJlnlhO9tZz7Vufaeo7vlfqe6XR/JhlrOWpaylncXcr++hy7v+xtbmTHtrc+Zxmfb3+8P/HGsYVY+7X0P0W/PNao7RPMhSNeV27lWDuZ9GtWTpZnc8/cf163JMxVu1I47sfp2XK/vzQd8iDMRYFZHh3YhM1mMro/Hi4ZH4yneneeiaptLY/ebn+nOI+dU6L7fnDxcz5o1UkZju2fteOTwSybf+/tefP2wvP3r4YHXi4mzSCT27T8z0ROLVSx2J5jHnn6wicWO3Pp+f5GeZyHjeyUqW8ossZC2L2anbF+r9uXwdOzxSd5+qvfNVI2nV70vnLHqUMY3nx1VpIa9Xy17LUoq8n/tZzJvVv+lM5XuZzWzmet7hGweOu9q26qhvHO+ov/XtujCa5I91Pmidj9Qyri/2xLX3nDtWtfVO2YvSS2d/bmx+oy6U6/htnV8Mz0ZiqicSLx8eib9Ux8Zqe/nRysOFDw7of+OZ+ht1Xu5xv79QnxLl/vJSRuozydN7R9n28u5Z5ul4tepfXDptjX1tN6q2ougeqT898Eht1ddw+3uartpe7ds2U7Xd7Gl76nor76e9ez0EwAV29TtXW6P/Hv3n6Kejvxt9OPr2yI+ufP/Ka60M/2P4B83JoTcarxV/y6f51d79PwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcHKrH338aKHdXlzpX2gc3HS2haJ+kM95rEth0IXuQwRP3eHdC7E5l7owlKRfU/0WneThosClcGft8Qd3Vj/6+LtLjxfeW3xvcXl4dnZucm72zZk7D5bai5Od10GPEnge9j70+7cXF+oBmwAAAAAAAAAAAECO9vc2O/X//zvxXxoMehsBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAy21+Is0nKTI1eXuyrG9tzrTL1C3vzdlM0mgkxS+T4rPkbjopYz3dFW8dsJ5Plube/fzLrS/2+mpW85ed1vkpbNQp40mG6vys+rt36v6K3S0sA3arGzgYtP8GAAD//+IHAOM=") prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = open_tree(0xffffffffffffff9c, &(0x7f0000002100)='./file0\x00', 0x9100) ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f0000002140)=ANY=[@ANYBLOB="040000000000000075020000000000000800000000000000f90a00000000000001000000"]) r5 = openat$udambuf(0xffffffffffffff9c, &(0x7f00000000c0), 0x2) r6 = memfd_create(&(0x7f0000000140)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\xea7\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x3) ftruncate(r6, 0xffff) pipe2$9p(0x0, 0x0) fcntl$addseals(r6, 0x409, 0x7) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r4, 0xc0a85320, &(0x7f0000000180)={{0x80, 0x5}, 'port1\x00', 0x0, 0x40816, 0x0, 0x0, 0x3, 0xffffca40, 0x8, 0x0, 0xb, 0x10}) r7 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(r7, 0xc0a85352, &(0x7f0000000200)={{0x80}, 'port0\x00'}) r8 = ioctl$UDMABUF_CREATE(r5, 0x40187542, &(0x7f0000000000)={r6, 0x0, 0x0, 0x10000}) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x11, r8, 0x0) r9 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r9, &(0x7f0000002240)={0x2, 0x4e20, @rand_addr=0x64010102}, 0x10) sendmmsg$inet(r9, &(0x7f0000001340)=[{{0x0, 0x0, &(0x7f0000000480)=[{0x0}], 0x1}}], 0x1, 0x20000001) 11.084445006s ago: executing program 3 (id=3140): openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup/syz0\x00', 0x200002, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000840), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f00000001c0)=0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000740)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, &(0x7f00000006c0), 0xfe, 0x24e, &(0x7f0000000400)="$eJzs3T9oJFUcB/DvzO565m6RUxtB/AMiooFwdoLN2SgciBwiggonIjbKnXBesMumsrHQWiWVTRA7o6WkCTaKYBU1RWwEDRYGCy1WZicJ+bMqusmOZD4fmMxMZub93jDzfbvNYwO01vkkF5N0kswm6SUp9p9wb72c39ldmlm7kgyHT/9SjM6r92u7151LMkjySJLVssir3WR+5fnN39afeODtG737P1x5bmaqN7lja3Pjye0PFt/65NLD819989NTRS6mf+C+jl8x5n/dIrntJIr9TxTdpnvAeAdjd/nNj7+tcn97kvtG+e+lTP3w3rl+02ovD73/Vy29+/PXd558f4GTNBz2qs/AwRBonTJJP0U5l6TeLsu5ufo7/Heds+Vr166/MfvKtRtXX256pAKOSz/ZePyzM5+eO5T/Hzt1/oHTq8r/M5eXv6+2tztN9waYirvqVZX/2RcXHoz8Q+vIP7SX/EN7yT+0l/xDe8k/nGqLf3dQ/uEU25t4Mhh7WP6hveQf2kv+ob325x8AaJfhmaZnIANNaXr8AQAAAAAAAAAAAAAAAAAAjlqaWbuyu0yr5hfvJVuPJemOq98Z/R5xcvPo79lfi+q0PUV92UReuGfCBib0UcOzr2/5odn6X97dbP2Fq8lgMcmFbvfo+1fsvH//3a3/cLz30oQF/qXi0P6jz063/mF/LDdb/9J68nk1/lwYN/6UuWO0Hj/+9KvnN2H913+fsAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACm5s8AAAD//5fFboQ=") prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x140008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'bridge_slave_0\x00', 0x0}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYRES32=r4], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r6, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000440)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e38e06c5fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b53606000000000000007c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df1001000000000694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34cf2645cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6424923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f580968af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff0000f5620000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb010100000000000001a047526865c888c9ff36056cc4ad258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe656c9c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d819164300"}) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 10.367427146s ago: executing program 4 (id=3143): setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) socket$l2tp(0x2, 0x2, 0x73) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-serpent-avx2\x00'}, 0x25) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x6, 0x4008032, 0xffffffffffffffff, 0xea7e8000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) mlockall(0x3) listen(r0, 0x8) getrusage(0x1, 0x0) 7.403441736s ago: executing program 4 (id=3153): ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wlan0\x00'}) ioctl$TCSETSF2(0xffffffffffffffff, 0x402c542d, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) r0 = getpid() ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) sched_setaffinity(0x0, 0x0, 0x0) ioctl$sock_inet_SIOCGIFBRDADDR(0xffffffffffffffff, 0x8919, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, 0x0, 0x0) syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301) ioctl$KDFONTOP_SET(0xffffffffffffffff, 0x4b72, &(0x7f00000005c0)={0x0, 0x0, 0x2, 0x9, 0x15d, &(0x7f0000000100)="446fc663446b56e2e2d54fdca9bc6c277be78dc858795e7da44afc40ea401de4192735741ee8fa5867cc2551538b80251003b42f7397fc90dc5ea5500d0b2bfea0d8e9338361b0cbe6bf30903c1fa3fa3c9aadfb0603c707e7868bf9c404e7cc52d5fca2808808c4ced4db4601cbeb74b3e877ef54334142c4005c4513f1dacfc2d1ae0b229cab1e4a026c7a3a9ba51fee4f544508090b54941cb27d0a899c58ccb0586f86a2bcd78dc315ad4b52b60fb5b76a310252711785bc2e00022a853a20932b5c2905380148d700149c3bbfe872a512f445ef80dd8153d4e2d047a089ed1a00acc5dd7aca8bef5ab26286889cab9a695968820ce9358ec304b330e3fd0a6e0da254ae1e04125b1159bb8cbf13865f2c565c01b34d515dd5f744d6cddcee84dc90f29a37c4cd4affe1364b520157fa7123ed2237acea09d02094146e6b3ff2a0910cb403c532a5ecacd3d26f5658884af39b575b4045e15d9e7fc2cba4eb63662ec8303caab487746cd4d8c8f9426bb2a4fc6cd94715192eb4ecfa5561e9f2b19d0aceb4df2613b424e573aea9f6cbd1ace28f27578bad99bb7e2f26e063c48945f9ee4900c61c63de280a72719a2ac4459588a2b467520117eb86b559c756eb12f8dceff3643cc2c804eee8560c041b8c1dcd798b723ac54ce515403b99d13b2eb3534c258e46979dc20a4772997ca8553abcad135e46e0834d317320a158d530a62b87c34d2dfef23d965cc9cce45234c9eaae2ec3a6be787569e9e267df2cb5d5c53a620f12065f9aa8920f71afa121b0164a694542a7ba36fc7a13738065fd4f8dae40e8a920f2dfecb3429b71affa50e1ffd21591c0d06fc36cb4c51eeb8f5ef1393e1694bd065bebe9468c792bbfa826aee0f4b0c75facf1a4ea5a89dfd08cf6c541133b6b81406c1f66649e212535065e913dcc64c12f10714f81dffe550d925b0e17bb3dd5da212a627b11c09049c0f63087511628e210d6c54696cc45ce9d4c7188429802e2d6fa68ab28bb103e28c8ebc38edeb400e88b352f8aee174337bfa8e14240c3a2275f631323f1eb2ef7f7933ad673f32cd6034128d70c8ad78218420c7f7c2e011cc2d07d5cf8407c3a02ecf605c3bb5bb335525c8779d372a555a3bbb5e4f5d6a73b31802a725b66ff2ae0d659a0f50a41be9925adddd9cd7f5b77e4cfabadd422c2e9bdb1a81403a96ee6112d26eb7b5d2fd6f213f2744890123e8b9ceb8c02dd29c7d8cb68091e5adfeb7b2bf492feaafff3fce4ccaccdf2c4a3af4be35bff96afd85f58052f2ed939cc90372a7937949e67c9d7ccd399ac69d3a0ef755abc98a5c515c6e23f88c0856babb8fbbeea00ab091930f93bc9b2a8e4628bb6f784fd3838e35bf4db500efb1945c7a7e567496888b476fa68f2cd501f7771279933300e6c9800"}) socket$nl_route(0x10, 0x3, 0x0) keyctl$join(0x1, &(0x7f000001a400)={'syz', 0x3}) 7.209577362s ago: executing program 4 (id=3155): openat$dsp(0xffffffffffffff9c, 0x0, 0x881, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = eventfd2(0x0, 0x80800) read$eventfd(r2, &(0x7f0000000340), 0x8) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x200000b, 0x12, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffffffffe, 0x4031, 0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x2d41, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000240)={0x50, 0x0, r3, {0x7, 0x1f, 0x0, 0x202}}, 0x50) syz_fuse_handle_req(0xffffffffffffffff, &(0x7f0000008380)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x101001, 0x0) r4 = userfaultfd(0x80001) ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f0000000000)) ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000140)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x4}) r5 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r5, 0x8946, 0x0) r6 = syz_open_dev$vbi(&(0x7f0000000100), 0x0, 0x2) ioctl$VIDIOC_G_PARM(r6, 0xc0cc5615, &(0x7f0000000200)={0x4, @capture={0x1000, 0x0, {0x80000000, 0xf2}, 0x0, 0xb44}}) ioctl$UFFDIO_COPY(r4, 0xc028aa03, &(0x7f0000000080)={&(0x7f00006c6000/0x400000)=nil, &(0x7f000018b000/0x3000)=nil, 0x400000, 0x0, 0x6040000}) 7.208362282s ago: executing program 3 (id=3165): openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup/syz0\x00', 0x200002, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000840), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f00000001c0)=0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000740)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, &(0x7f00000006c0), 0xfe, 0x24e, &(0x7f0000000400)="$eJzs3T9oJFUcB/DvzO565m6RUxtB/AMiooFwdoLN2SgciBwiggonIjbKnXBesMumsrHQWiWVTRA7o6WkCTaKYBU1RWwEDRYGCy1WZicJ+bMqusmOZD4fmMxMZub93jDzfbvNYwO01vkkF5N0kswm6SUp9p9wb72c39ldmlm7kgyHT/9SjM6r92u7151LMkjySJLVssir3WR+5fnN39afeODtG737P1x5bmaqN7lja3Pjye0PFt/65NLD819989NTRS6mf+C+jl8x5n/dIrntJIr9TxTdpnvAeAdjd/nNj7+tcn97kvtG+e+lTP3w3rl+02ovD73/Vy29+/PXd558f4GTNBz2qs/AwRBonTJJP0U5l6TeLsu5ufo7/Heds+Vr166/MfvKtRtXX256pAKOSz/ZePyzM5+eO5T/Hzt1/oHTq8r/M5eXv6+2tztN9waYirvqVZX/2RcXHoz8Q+vIP7SX/EN7yT+0l/xDe8k/nGqLf3dQ/uEU25t4Mhh7WP6hveQf2kv+ob325x8AaJfhmaZnIANNaXr8AQAAAAAAAAAAAAAAAAAAjlqaWbuyu0yr5hfvJVuPJemOq98Z/R5xcvPo79lfi+q0PUV92UReuGfCBib0UcOzr2/5odn6X97dbP2Fq8lgMcmFbvfo+1fsvH//3a3/cLz30oQF/qXi0P6jz063/mF/LDdb/9J68nk1/lwYN/6UuWO0Hj/+9KvnN2H913+fsAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACm5s8AAAD//5fFboQ=") prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x140008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'bridge_slave_0\x00', 0x0}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYRES32=r4], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r6, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000440)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e38e06c5fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b53606000000000000007c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df1001000000000694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34cf2645cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6424923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f580968af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff0000f5620000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb010100000000000001a047526865c888c9ff36056cc4ad258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe656c9c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d819164300"}) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 6.769542289s ago: executing program 1 (id=3159): r0 = socket(0x10, 0x803, 0x0) r1 = socket(0x200000100000011, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'syz_tun\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000000c0)=ANY=[@ANYBLOB="480000001400b59500000000000000", @ANYRES32=r2, @ANYBLOB="14000200fe8000000000000000000000000000aa08000900ff0f0000140001"], 0x48}}, 0x0) 6.551998718s ago: executing program 1 (id=3161): io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x2000000, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2, 0x0, 0x406, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) pipe2(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RREADDIR(r0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000002600)={0xffffffffffffffff}) r2 = socket(0x40000000015, 0x5, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$SO_RDS_TRANSPORT(r2, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f00006dbffc), 0x4) sendmsg$xdp(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000680)=[{&(0x7f00000004c0)="2b0d911f56551ad9", 0x8}, {&(0x7f0000001240)="1eac4d20f8509e2139d2842c8faedef008bcac1025cbc63d2bfe0c7bbe51c5bf73985d5106bf5b5e7e5761716e35b468ea79633c916c4a8026f9408d056b8977df67c0e6fd0b1b3da5de5d003382ac95eade5dadad870ce3749452d2c1c3651ffff244be3078fdbfeb97d093bba60131e733d91c4ad38e7b52aa7afa9cb8e2351bd3f8a7a2a0425b071f6790992b8c2a51d944b0161c5c97fcdc19c2ef7c66ccc23c77a28a34b216c429444343ea056f171399dc03d56a1131ba74d31fc1012d3deff0e43309fc9e3b88bec90a7680aa74ccd581e02eb436a0009fa62097513d0c9533256d81978fae39288edcb833739d2988ccf5a564bc00edd1ab0853b873cbab3ef227f11325d72dbe2f435351610d01d0f74e180df6eaa94651336e7713414e499586edd5693e587a186fcb68a973e823e61a072aaa4fb9e3a03ff4c17c9e343684255efba0d1b149b22c2d81f1ac5eaccaab01ab108178e97eb8a45d5d6cdeca0d6b9af9f88cfee58935be6902ac7c6915d60548367d164990b142d472b9b5700191b10f78fb36bcde646385dcf5cb7adf1ec70baef4061d2da93d2f5eefae1081374d58ab54532755c1b8bf303584296145e9aad2e3ccef93f30da9c102db5cfe346baba2fd3f157cb6e825e607365ff8c6187e216dc4072e582874ce63166405e21644015f99d5713165a377bfdc3143928e8469b4e312ce1f9dff83fe7c8d9fca791af2b46f1650e3937c9ab589d5f93fb578503aa64042c66571649844d93257489c1b658140e4c194c329a1a2c0117d123a45b213a118dd608bd6bdb2e0a6782f785321ff48eac4158ad9efb3737a6cfbb21d0dba732558493aa09dfa7fa41b4922e4e205a4792c9694661a18eff0d932d824f6987aa3dafa7ddc9b0acd70d43263c78dde88b7c665abbeec1cf1016ddc321f713cc3c149eeda6443b5b278eb3a05b08d510650b055d3193c4d5bbe084431cc40a626e81827d8bf2379435ada42a99569b35faa3af53f90f4dcf7a7d1c2e6fe4d7739b135981d40ba00de019909748640d554a159e552c6a7a7c77b213fad40dd785cc4ee983266b3377fbc7845a44992f82656b8240c169697599074348a4bac29423612e4c0ba89a66d08033b54b4d8f8704ab9470fe6316dc6ba610b7f3c1b0428607b13d2cfbed5c82d9214a1e97edaa27ed011d42800467fd54cddec7841f2aa513e7c8956842ea69b6b80208a4acbe9b678a9ab48a26df1cebd283f0d8e2956d8e8a4aad5b563ae75ddaf9b167d70b0e96f42a4f1c5bef1e777fedcb380707fc7ac87e249f322a01660687c04d1bbeeefeecadf86c3ef805d79964a862877cfbff40eb340f7065bc759013cbdcb25305ba6812a853b8d8e1960227826acb24311ed0e67f84565dd8858ca3be23409569e15ba75120c35dffdc8a4b7688d5d02fedf88434274b828fec979ea029405cd1e7cadc867ebdc98c4a523178715828c1a6361e60ff1f2968efc20d6888ac2a6f81e37cbc7f1e89f3421825cc278df26c8722e1672fc9672a8d0a60dded6", 0x449}], 0x2}, 0x0) sendmsg$NL80211_CMD_JOIN_MESH(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=ANY=[], 0x30}}, 0x40) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040)) close_range(r1, 0xffffffffffffffff, 0x0) 6.248478933s ago: executing program 1 (id=3163): unshare(0x22020600) openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x40, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', 0x0, 0x0, 0x0) read$FUSE(r0, 0x0, 0x0) syz_fuse_handle_req(r0, 0x0, 0x0, 0x0) userfaultfd(0x80001) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000100), 0xac42, 0x0) ioctl$SNDCTL_DSP_SETFMT(r1, 0xc0045005, &(0x7f0000000080)=0x2) mmap$dsp(&(0x7f000022a000/0x4000)=nil, 0x4000, 0x1000001, 0x12, r1, 0x0) syz_fuse_handle_req(r0, &(0x7f00000041c0)="0a44566bd8cd7422e078875d6a98d0a2dcc0a0c7881e44e46c6bf84253a3ba4cba8183c2236313cd49babfb721c547a5caed646bac2f2ea43e134e2a05d84cd813c9e2a96e68352f95c458f6ba48078f1d10fce44d869b4a00c68ca338ff3b877cb434f502cedfe83cbfb33d5233d081ec8ee2ac10e08194f6257183be922fc7203071a2aaf87478d1420237a1516e749623929f0d60f15e536376ba41fbbce034588b60680572f0d1d76ed122dc46252cc143f0e665e3f4e3f56bc454957265bd9a029cf8c7397ca01f95bc0e6601673bb31804c34307725385260df48c32527d74e51e5f26728aaedf9f379f5960f5e6e7146eff3254aaf54eb42834e1f57595a2b0333f5ca1474e07c2447c33dbe8f62f24cd788ac18475493edb813450e917837b125ad6f850e6af93e16828a6741c6ac00a4e25cfcd498f1b857e74a4eb8dce5ffcb3999031f1da13e9e6a973134ec04795a3fe91388fb6b349e668f49bd4c4ffa71a8662916219b4a2075bbfe4892cd1080f662005c1c2030d35999c9637f4836ae5745acae8ff0d745184e58241510d780f8a9aeeccb17b9213527a1b747dd23df6b4ac2ca4bd07fb7de6bb4bf8811e5c2f99f4bbcb3cba79fc483182bb981815a1b1ba5afad464631e6eb940a5da4e73787e9e0103bc7ea59cc8d63f740131a14c3cd034e91e885bd730521ba80c1071f25e0073a44bf8e36cc23a5f433378a13d2e2be7fbb8ca204976651924ae8637b339e883f4d388e239424031e20616341a5d51cd5d574382d518e4824dcdadba86143b4de3ff8126f0be226d1e6526a2af981d11092c428bc699ea208d4d38d63ef525b8da551207397fdb7d57a52c2062182072b017141de1b70bd15c758c88c65f6acffd5b5b0846c2a779660ceef46b22336abf817a24d27c3f66839b5f2f99131898dd372a124d9e5df84b24fa7be045b92fb225a735da1be1972c706120c391ffadf231603ffbb86d38ff2c76202a0f81317a7f790dadcdca1d109e4428f52246b17f6b5822f64d36da71167df86cedf76f4405f320f70a3d6d6307a13e023d9a23985fd9c95793118674346d7977654ed14a121c1bc0b3e8672087245e0721230edc667c1fb6bcdb22b3264b7fffedb589a2899096493ba97ce5fb0ad97821d0a4528465380e086b61f632eb0ce1f89eea2d8336217f51b4085433d426d404431360be55776cbb0f80c33e807732df3d73bf9d9a8e3b1468d2ac7c73a4aa239c96bbeef3965132a02254d887e65fbeaf517e913cc331ed36c3e326163d1a3aef7df9db06f8997668cc35e39813c82a440a73f12011bcc0b2abb993b99e79727d49e6656e8d9ecfb7b65c2c187ca6262361c6a7d3679aba9df764d13485874b1443f47d8caea64963011294082a9d50ed2fb08cdfaaa7dbcf782b7e8f8d8206dbc421bf9807727126b1ea364498f3ae693fe19f5b56af13df090892919c136c201a0d058c1863f136a3ff389cc510c17b1de341ca9a8d6ffd80fd019ac3fd9eeeb845202f2c5f207b1e7e169d57164855b9c3dbdf3c696124136d07a4de6be16b43352567a3e3bab0f73ccdd41255ffeb3ecb2bdf9eedd1d4332f4a7534b01b6331474880d4d07b464bd8c3b18d02fbf1faeeff70c8ae35b4eef002930dfa9a0c9350ffb72c82535a55280ac9c6d5384cf9aa3c66cc918497f51a6dbad608eee21f6085f85990983d0a51e5b41cb69ae52d60fa835045aaa0132be8b4dfdb10f521bc22b0192a4133040453c5a0a8bbb5d4c46ea25f2be5b0e79d71c4a13db6e9cb66db9f2c4804d41b9c26f96fd23c358ee9c8f57322540953224b56072af25b5c7041de560f1d4bde367eb3bbac949d9a9a86123ae62d0f4741446192e85772fb893b64c0e7c44a6e967af906b0f50e32be384027379c8dde251f549f94b16cee199da537d07ae89848da801b43bab3b65651402756cb22d17e602cdc33790ec8a5484a955bc8f487597ac9752166a405bbd7dfc9107af72b46e39d29afd2a0447e53377fd11997ab21db0f740699843a168720377e365caf88fd319dca184cadb8ffb4d288a0045b349be5ecb64561a2bdfa13336ef96aea86c48a5e405330a01c5390d482e6ccf4ebb2cf149d8b6274b2f9e6e1066004172a1a90e0db9838afafcb663bd693b2e5ca35858dcb82c05cbc87ec5cedfbb08daf55c472e250861bf357569342d90a667f3ac7fc2d4e54220444a97810ac14b0af6b043a07c1d791182635b983492f21db4a6ffee2d686238869e50b9bb73d75ec26087c0c8cb92ff25740b3995e4d771469b8474efef04d8d75f3544aaf84f02ad977948764d4c1bce36aa4198d6f22091b263d9eae96f1096fe3d8045949f189f33ec713101fea26ea043fe98b987542e33ab372058c64205e90a0e1f52d04b2c5ba7a5572ddb95f7d2b04f22e2e987c5d0f879db65718d8979da2a45cd333a5aacf96081977a9eb3dcee4afb44443ad37528c5a314d1ea08d1c3f0a36d4bdf77fc0caaeaa1eb2746a26683561b62d22f4e166192892e2ec1597f8bf6e89cd53840c8d7baea220e1b5e17df52a05017363727b0cc77ee61577a79b3de2ed364f3419a30d23701044b45ed3ba44b01804750bacf5bc959cffba86619f3331cc939fecadb5cba1edfe28952e0f70d2d99ce696dab9411aa2f7e7ca6207a3b16fc36a70e339aa5a618f6bcb0272968eba6edd95242825fe6e47cf1d50d229d4b1676aad0e9410aa1f2d6d2fcb9c4ec8e06c83faefbc2143de2367123bdb7669bd959782cf64def3a601c596611ac98d76df33e1fe340829340ba0a582d014ffacf9a9394300ab7efd60222cf96a99e42dae6e1ff1fcad1e3280ca07de5ea7e08b264a60015ffb76cc72d70ded58a1e2f59906f3c76433e4353a94a2a49f91103e2b5491ac7f66d54ae2a0e82099c4c9bd683971c2d3dd51601bf5e94f7660158bc6fdc1b2ce3d689a3aa64c29810ad7d9e91e49b72e6f97230a2a966434bf5cdb339556e6452e6b446766f55df45219fc02192cb73076285e74eb848229bffd812f6058782b3f5d0efa4d7b0d3c120931aa8b679e318ecc5ea539e3dcaf87473e2573189ce500b616957d88a09a014baffbd66990e41a3432891279cb82d9c4b50675ff067b76503535631aab9a29ee7e274eded1cd542c801bf519e1119fbab84f57c7686209c9e5177545bf0f403609c81fe6d8f2979d886c43fa3053b38b6e21ec3632011c97451d8409f169f71d226e61fdd206ec5f962b0277eee286a694ba5381493941ed44b3659994d3cd2a8c9c3bdb2f63d77eaee180428d7d6df86f6738cf7adb4b863c9ee9da9904bba4c2c3188a1ce31c5b082857e5566055c8cf58a9e9f7624d220b8d3093cbc6eaed7fcf15fc700ed711575aff5fb5cb7e206c810ea7a766d2960a1356687aad2ec171e4a1db6540a9257385a1e8b9f029485866c32e74c1a19e1113040c9d215f9f4bb4311f0d587b9cb6d11cdf28d4cbcdde4ee7831e5c8608335a1e41883b55b3609b9c4fb8489619481dffc6224e4c98b1e89831187b28b6bcebe7f78c779f5a2896e47bef8e607811b435c517e8e3f19d74752d7ae99cb7caf69c0f977f1b94f8f11bdbf35444fabaac2fc0e568d3b5b3b9f13162b1fa92615bc16492b870fc85c79c51b6516276f8e559e769a8d37a2335d67edbdbe2d4ded10e79ad26629ba6de862acb27fa7d0607a5c83840e446ca0d231ae9175ae9cddf35443ef8434a61d54b704d2b46835ca030d4325dd62918d361c27bd6e422f3f8431ff979953c88a5f3d07a84b733b2fffda5dedbc2ba876ea653aaa2a8446019d2cb69c4c7023177af7b5de358c4a93ba969415c7e3bd3e10a17653cc4c0031dc779d47bedc8d0f77b9fb39484e47d1edfa16a4839d7e3c1f4147bf7a5a41395980d0234577d433c4f3663a648865cf5cfc4a713bfde809cae8161f044770d8f3dd65f183392ed73dd0512951dce40dd6f68927144d09a6df1225769a47a2f1dc7da5a0e5651dc0198c2feb7de7aae5675a3753272294cdc8f05b4bf1b478d6e2a18f6a9dfdc42421bae7072786a4122cb3fcc61b2d0bc9314b92be8be3f9b8b109631305e06b52c0bf621d577f014d0572327c49fd705b45794aa8f198b37c139c4a8008763c654af912552549203733ad09c667104a3c1756dacc50af3d19bd996a99a7f857d9ff8c337c6feb16cb7fe282cbf8c975bdb60a7ddaa056352d9cf752f2b49fd0ae9dd7a263c4e1c1a027c7d45529b5a49de9f2306862b8ef8d386594f9909aabc849c5955241d192ab57d52fd2c7db0e4066bc3f70445599a60016de606b30a92b1bcbcd9dc8cfb492a6e66aa2be612e1d5f7fc61989d51285f1ef8a4e724a46c36bdaa6bed82ec972fe3e929a7a708397432b13e266d9a66954e011a158c9bc031587f9315382dfcc2334100d99b7d50b87096970d294261dd3263bee8f5aac2d86f070d70e278ecca4cf6ff05e511c0a65d6da81b68d94cd635e9dc98c1259fa2060de60d05117090a9a36d7b7aab999cd28a6c0727336312ede8f7fe0118e22aeb4094a64311fa766412d68ee04a93a1b9e2da91afcc91a1fc3c216f0aed6da74baed3242e620482ae01d3055562d16cab58500a5f41145d2275f6da8e24003cae19a7bdb9de8ef57965341253901962d846fcfd687e32fc81e716c42fae279382c8a750c9ef9543c942ca644287ec9cc921f99e9c901810a342e198f3b60a5c75aa91e67c1a6f08008841ddbe0766604b38a211929682303ce61e8024ea4589aa955886adc98f365af515daf30c376eb2b96fd78d46bc3999935a336c89f02ebe822bb5db6a1fd145c4d403b88f17b3fac670b2eb1296b3a5a7055556c21259695c248696162fc179aa1b4ec10e022ea7bacd0255937f9aa89f4d4c58bdedb54b43fde47268552f51b949a9cfbdabf6e3172853e6de9d0b0d9643349595769e98dab85282c49ce8c52301c04710a2c43cf63decaf65243d4756015b681bb680fdd1aba59d63b54e2ebedc68df32e575a95adfb2b18a79688b23ffb498d03012250f0dfaaed5353025aea7a35c8a89873b5f73adb41cc864b9f86e14624d70c917f05e47bab793958de9957cf23c94a9807b30bd7574edf66250224b887a8c02baa05cc02abd4c008339129b3109f1b04da29a9edf472991a440fcc8e586bef32b8c95fcd3d6702b9f43bf41454d5fe72a1f1ac80604c93dc9e9abf9a824c6d45e65b4f39f8341799dce4eac5e9036450ba7829221fdac7ec394c0a8e9813f5aad3ad0052f5156b3dca979e9c9a8755d4be2502727d346889210a13e5391951afef1880bcbd2a9ea020c9b2946563cd40c40f6202bce9bd1d2a1bbc3e5e6b2a9d2220343fd1ff5cde1b4d27c0601b8890b6ad8d3d80075a23725bddd81c15cd1b63e0123c4ac01de7b62b1e0fe2b72eaf400a1bcc63f76316d471eb191c931d5350e83a110b89e77668cfdc47734b91c2268fbbd89ce15b50b84c423a1f27943c32739e99b046a665c966275dba2dd6449b69ec53e5cb9cde89afe4149589c7378f5f3648d748bf3d46fa53f50d1228714252a328cebe7146d81dbb2f850aad492bc0697e2760dc9c60bc76a010e85110c0076478a21b47e5fbc4f7397a319e1db642e305bb1330674d96eb4b421f0f2131d125d4cec8aef4637dce572bad633e076972c9147a48b4c67135ace6a4490e16fa4731d62864e910762f1eb58afa63031c78c375a90147ceef07cd1e8155a649f2558d67dba9d6d2e012a3af4b603cd094e4a3b2e30c65c80cf8d9b2cb840e9df91e70162b80e74be96467574ca0ac5ad52238163283c556f0865c2338d6dcc73fa330634f6e5ce68e766df2db5b7edce0d98203e1d4374e7eda3558667229ea2daeb74156cf5895c4afb460cb4037456b14d9b748ddf7b8f3d5accd3e0d8d2eca2a78056d945eb4383078cc09a3a77736ce4e91f8174fe03fdceef8df92a50c2797b0cd06c6f1ae95650e48d103fb269c0a004d62237b77257807c8954678476030d788543d84770a1533a72141c7ea919e533bc182a3306782233d1a20153fa3e9e315a856e75f760bb7f943ea2f5956243f75fdb241ddfb4c081219ebb4eb3c3e989e3d953a93d96dafe1142c29434a554a92d319747e618cbd3af5202e51d30761e81b6c2d6febf221e3147b63171ea5dbaab4cba1b0fe7dc9cb249d74bbbcd7ef11c35fade1132ee4b74dc6090cfb6f852fb01d79aa0e5ee6897b7c021c6a1e69995e0546932c56e65b2581d619fc59f9775f3e8573b3c4926b8f6a9041512788d11a6fb279941ce24fea916e6568db25f1fcd3fd1e907fb3c45ddbca37230f5b3ffd48cf9c2269ec068d0bc528aac14807636c9067c5e32f2c2f259f6502ffffdbea40ad1b6b4a1d819fccc5c77da908204781747ecb0f2245dfa2941a9dba5d11ad186ab0eb87173dda634bd5a9221143e244c793d6262c904a64ba36cdced65abdd3be06d534b649b03791f7ce41e9abdea4d2c17f14bfbee0455dfa791f241341c78ce24cb8b86a9e332787d4ac1bdc20d022ae9588e8d63c22925d5e507bf41faddc17e01d3354c597908124705d88131b2e8ce8d04d660ce4100b5288d750d996e069bca1fe21f9b84c97011dd14c95c3cd538bf619b1df241fcf286c7014f8467a7ee81b2bef1c3bc56573894dbb54efb6a2fff0302b26c7589e08993e755059ba8b94fe728f1fdcb8ab10a5133d0434973e6667c25288b6e5e2d75202aec6bc0255177a53ea7c666afa79dca738a9d20990f118075b9f1cfb8ff1e5be75b49635bcbf43cb3bf97719dae8ec5c5528fcf89a9dda8fe6c08f7f737d69ef181ad3e35cf8e46efd94358b4640de1c387e295ae38edd0d5b80287f022895ca4dd9532bece6b2bbe100a83fef98dc5af595f4f7e4747ff5d28ab372db71b7c1c423183fa8ba4d823cc05b7be8819dd669b6517bd753e83f4d407a72dcbfcd0e9b2d5daef7fa88c1618236375a50ad2baa6a5e0551e679dce352181a1f9e72f5fca8c323b945bdd92e2d424b3e75041734d099f778fcb1e6407c80e7724d52ab110b02c0c9d1d4b78df12fc443fd8dc8fe82d9f3c8da7b87fdfb11e912c97a4e61425ac7b3954cb2e7e46ed0e24cc0c961dd5c2fc619a9e5e3550ca7bc21f2adc1a85c5b9dade357f1ecfd72646b27e7ab59b1b4d63c63082907b3be4cda341c49ade8992af489d11cf285b81a34c5614284ab4bb94018009e2333aa8e4630a9f6792b44b62d9c6e9d1855ffecab30c611cf5dc1e6ec09088b83a4c2cda9e5ee080df0b5e36b9badc035d6991bfd82fbb408faac15ced6ddcc917a9249b767f8844d6458411c1a31ff84e272311ea968ed3ff02f2e0caa47b1a6e030b07984c07d71e740420a9ed47b26799feecbba4f26dcdb61c9422e940550bfafa99ef0f826d2bcb1d7862016abe81d021be29adabe2c399fb9aa2f3ac472012b26ccd4eea2957343b06ac8ad71a637b8fa209ab6d4351fae53a9af0e920c043df94eccd5c1a847cb17d13589021f1a621b457fbe02a16f0f4b9dee0e7eb9358b8afd999d47f5143d49d4aef227f5b06ecef1ed71207e3526ff82b6ec69d3e8788f6c476437fe96f0533394027cf48e3e146aed7943d872bc35de34f7fdba13e5e1c259a68aa8050a813aa734f202ad7faba9f64b16f5068b43bdfb726e5fa54a1675dcab0697fc47a4fa3dd472022cc0d317d39076ad9847e72e1965b227f3e49ad6e8e742305bdd05d0c88b5859d6cfc98cc47a566269dbc4c200615f3e995511a69d8e724f0c842c06c46b5460dca83137656aae785e8415cfb57d57265af9c1d8f126081bcb218a427b80ccfaa95b8bd3f87f58f09ac52a2a47bbff99b057576d26876fa758c8e41172dd2bd45742a30d55f1b65bafc0c7c9c785f583069caf6de080c9057238e110456c0f9e8d898918b6981011f8dd17c55caced49eed32839305ec37b45e8cc4c35aec0c8a4cac54035a941842e5d19fd298757799c4a501718bf21a024106a292626d4eb3c784119b9f5003c6cdb36e442c04ca5b0ea59efb63fe90f9e218fdd9f0864f407cf8edbe71f3fb1d3a587ccfadbf7a5acbb0713b1ca1991e25e75738ca68e1817d08fdbacfab6900242b91ed9541efd2ca469bf7acc7857185d47506fd0a735d7b542949241976cfb1252f2e490fcdef3166f993ff9a812d0af902001a4f239989c087b41de65f83af93e349a2d37ad3b59c5009465e14030ecdfc8fec2d27939af2311bc5d544b19220b12a5782deb83f0e193f57cc4631d8746e7d0736e1295128f3a48aeacf2952be3005b09de00c9a4565e07692d8355a947d072de4324f2e8f3b2f01483d31999826b4ac7bad4f6ae099225f751995f463e5f762b9671ebb79fdfc51b5080af6fae4837a4e00a76b775eaa6f1fa1479b6afe5d66ac5fd148fdc4750d6ae1e268da446ba08dc4d7c872bd6401f1dd6b226e91bcf77c085e3c115f49d05a29c4e282caa7b8a60a1fe09a2e98227a2cbaa838d6053cb56bc7cc84e6ffa81c18ee26c1b32c2ce205c8fee3b2f4fa8d983b4901c80d766a3299fd62e3339a697305ab7cda995b3cce61e3372f152841ec1d540c9f6cfe2871e7cf4e6997afac85b1c05bed03a5e017bce4b45b0903e9c60cf3538df7df9d8fa93b53856fe93f522f723470c553799c90c56fb705040ba78141f7e5e9117f4876c45884edd5059c8588fc39f9c6268038c4a462a4a5fbbecac0daaf54876ac0217a9ab6f83ec52f15a170005e57baead0e8b1570508e10d2c9808ff3a437436d93ffd02c72c703e2e1917c0c82c3a4b4c03cb91c961451e3f6e2d9d9e58ac1810831d7618f81a34c23cc14029326f16cd043e82ea3bea5c6bcb84152d140659d1a4f135cee82640f96e177c030907117a6c6a8049fd3815fa06249ba4b37c2381c0eca124e7f5abd393c6d175ccf0c5fd4a6e9e00d5338899ed03b5a5023dbe4c6ae1f1ffc192411049e6fa34adeefa3b2e6b45165f341e0b853561ea0d183d93100efe80237ab878312281d607ac8dc10f34e6840a6b6d5c2975348a15761326504c24d5ec648f5714254087bd8c53fe131461ca4cea09ab52848b2526edb91a2bf6c0287aeaac51eb720507d66522ff2f94d90ec584f6088910ee079538e43cf8db55e2f0d70a60eac90eafd82480d11ea5dd795a05a698c2961eedad5f8a79dc3ffa92129f76b8d795e24a1905fc82f11c40d68d11af282621b9a2e39a8dd146013bd3a044f55366af078f7c15adc548029ba4ed896ddb646d74e3af69d8597831e08eb4df1b7ed54b8f3b327753ebf47d50a215c461cd422483c8f2d54f010fa9b76e5afef86b1bb8aa6d4b0c5c9ee798791379ed4dea481feb37ea18b5c7c0146aed32772245cc39628ecc13e03b76c302f80ebcb50279fa2ff74139468a23f36881ee7e7119d8040f90c7e3d8f75d80624d17d881e363b4913eb02e73224c7dac1077d19cc9063f8831053eaa9ecf87ffc31140f6a0a47869e5a5660e5d53b404c34e17b4693df9d5418131c8aaabb0e15aee98594c57cfb2202f209a4529a293b37ef68a2e95fb8fe5142e974f1d3fe3a08ed169379387e96ab5d927771ca7157e9bbd2650992680105dcd6a75829e0643b5ad708e5c65ea4b04b3eeedc24bcac8152cb887f32436a11efab6dc2509fa42d3d31e8aac73e9e8e84a88d7096b9549bc4a879d8f824eb63809a253409294f359b76ac3f031e6bf74a4de018f1c666239bae7bb01c523f53efc922232415d68264872296967dd150af095a12717e7eaeeb98f48c84a70fce8063790f9c2f43db477175e1c8da911ce853042d84e7f24df59e8caca5ee93e2daa6aa18e92930b4495dc22ff6729964942d1baaccd07233dcab828c2254f719132271e9239390e2ebb74ddde7284ebb8955719f7d086cdbe7eef6d7298576fac821eae5a8b6ddf9d88a1dcb32121b6d3ce49c245dd675e8a3b2254a9998ec0d0d7d9570bf6b6db0392c5b060872e154841096351d880f71bc00e5a576b14c26f85840c93a0c424cdbbc57b1d1212e300a874921c1f9c0de14a8cf61f8ebd03eee5cc79f34a41235b6c72aebf48243250c6dae8547b6634374e0bd073f7c162d4226a26032bc154eba7964b2975a8d35f17560a5312cf124741c74774f9a30f8d5ddc891e78bafdaf4f86d16d4c1363d23708463ab1314e3bade23316c7fbf51d2a2417da5162f9112c4331eab695d457e3712bb5f880c68367dba95b61f6f6a9297e477eaec615dff2cd3222f21d90abd8bd4b12fabb278c9fd44ce1ed024ccf908cb4995a1d9da53f62532203d7079e20a46b2b069be4b13a52a81c3b5227f57d6c184945a1799e80dbc7cd137e3427df352c0c0fba04f3b7fb02aa36c9af4611ebb51333326f8f750d662a0a8b43e30acaaeaf2653431b57e95a77adf8261298f791d200c02bdf4b821f7d09f972dd165ce92109c8dce081bd0bd53f598200bb3c5d875bbf1be2a7dc68355e42c515c20f2d72cef3d680a42e8a705f17c6ce15f47b144e55a3e566cb73ba5ee18c5a1535e5f4b4c1774736ed1654bc024b6c748b48d9cea48a06a571d264fc876f9afb2bb43441b39bb3f9e844f70dabd4d0ea06a46c1361a60ef5914411397600e63ecaa65f6598b4ce6f3a967c93ef0697e268b70d0637709ea3fef1da8afed0d2ffd36503197efcf68e0a2cb10b4104b209c133fdbe11e07a8d5c511045d19b69c63818e55168de4357a99eed1d8410664efdc866451de9bf6794d9742e2182449e2ae3869a01f1ed7ee37ffe817a38c502b8243a1c05f1ccbd349c7b9864cbf45b5a3c6f395e4a6602a02bb80ccac94ab66d67dfd8e5cc6fa6321e930354a2c40a1e8d360752dbdcf00134d34a21b24b9acfa2cd37f3c191461f4c9d8243176f42a8109bb05c37ee715ceb027861cf71268f283035d71ce4bae4ac5f79ee5211475ddfc33f02dcd91276e5ca265e5b9104222fdff5969f434a4412ba9fe00aec27f559b63c25a9e8d53c063db549035ec2c8e91e1a6247045541a7e28ff6c13e9f29a3683e55731d80d714b9d5801cfbf617aeb6651290293ac0f4e246df99e72434772b7d8494485537b7b2063c7bc5e80eb6c7ab6647d01189cc910aae2fe8249a0fc3226caa8994b476c6777bf113d153c43da337a6304fd10582d58919596a6de42ad500b62c1e6550d8cdc059496073a48110b2fccb42c96e3e3640f1a87fe379779adcd8836aa8dc545db39bb3afc032c16977e150e9572c3e5f8e04bc15497ec8217a0e187ba097fa95a855af66d47a105bdc3c837091daf5fbeb3ee5ce10b132f912b89ea1c6b9ecb8fbee0e4ea4e43b835ae583b67aab430dec741ea03195fed3cc164472d4b571d166ae20e0a309a80ce00b0fb349f7641f41a31993a8bd9ee092aa7ef16c9563e4db6236c9e702710dc95b198f533b1140441a1827aa4bef6a01c689127eb7028d1bb083edc8a08b8d239389d99948f1290623ba908e6e1c606035b70ba7065f8011451151dca715fb920b4d87858f01c5484df0e63656", 0x2000, &(0x7f0000000a40)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={0x18}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 5.258271817s ago: executing program 0 (id=3167): syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000580)="670fea4700b9800000c00f3235000400000f306636660f388285440000008f0878c23b00640f01c9c462b139d0c4e3516d9ad73a0000000fc76cd7e8c4c2f922c90f01dd", 0x44}], 0x1, 0x0, 0x0, 0x0) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0x4008af12, &(0x7f0000000080)={0x1, 0x7f}) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, 0x0) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/85, &(0x7f0000000480)=""/65}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0xfffffeac, &(0x7f00000001c0)=""/115}]}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc, @void, @value}, 0x90) 5.185885413s ago: executing program 1 (id=3170): r0 = socket$inet6(0xa, 0x80002, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) syz_usb_connect(0x3, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000ec31f8104c1302007eec0102030109021b0001000000000904000001098b75000905832270f3a848b4a2784839"], 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffff}, 0x0) sendmmsg$inet6(r0, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00) 4.606369022s ago: executing program 0 (id=3171): r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/partitions\x00', 0x0, 0x0) r1 = openat$sysctl(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0) sendfile(r1, r0, &(0x7f00000000c0)=0x58, 0x5) r2 = fcntl$dupfd(r1, 0x406, 0xffffffffffffffff) write$sndseq(r2, 0x0, 0x0) 3.647137972s ago: executing program 3 (id=3174): r0 = socket(0x10, 0x803, 0x0) r1 = socket(0x200000100000011, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'syz_tun\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000000c0)=ANY=[@ANYBLOB="480000001400b59500000000000000", @ANYRES32=r2, @ANYBLOB="14000200fe8000000000000000000000000000aa08000900ff0f0000140001"], 0x48}}, 0x0) 3.507438414s ago: executing program 0 (id=3175): io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x2000000, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2, 0x0, 0x406, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) pipe2(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RREADDIR(r0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000002600)={0xffffffffffffffff}) r2 = socket(0x40000000015, 0x5, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$SO_RDS_TRANSPORT(r2, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f00006dbffc), 0x4) sendmsg$xdp(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000680)=[{&(0x7f00000004c0)="2b0d911f56551ad9", 0x8}, {&(0x7f0000001240)="1eac4d20f8509e2139d2842c8faedef008bcac1025cbc63d2bfe0c7bbe51c5bf73985d5106bf5b5e7e5761716e35b468ea79633c916c4a8026f9408d056b8977df67c0e6fd0b1b3da5de5d003382ac95eade5dadad870ce3749452d2c1c3651ffff244be3078fdbfeb97d093bba60131e733d91c4ad38e7b52aa7afa9cb8e2351bd3f8a7a2a0425b071f6790992b8c2a51d944b0161c5c97fcdc19c2ef7c66ccc23c77a28a34b216c429444343ea056f171399dc03d56a1131ba74d31fc1012d3deff0e43309fc9e3b88bec90a7680aa74ccd581e02eb436a0009fa62097513d0c9533256d81978fae39288edcb833739d2988ccf5a564bc00edd1ab0853b873cbab3ef227f11325d72dbe2f435351610d01d0f74e180df6eaa94651336e7713414e499586edd5693e587a186fcb68a973e823e61a072aaa4fb9e3a03ff4c17c9e343684255efba0d1b149b22c2d81f1ac5eaccaab01ab108178e97eb8a45d5d6cdeca0d6b9af9f88cfee58935be6902ac7c6915d60548367d164990b142d472b9b5700191b10f78fb36bcde646385dcf5cb7adf1ec70baef4061d2da93d2f5eefae1081374d58ab54532755c1b8bf303584296145e9aad2e3ccef93f30da9c102db5cfe346baba2fd3f157cb6e825e607365ff8c6187e216dc4072e582874ce63166405e21644015f99d5713165a377bfdc3143928e8469b4e312ce1f9dff83fe7c8d9fca791af2b46f1650e3937c9ab589d5f93fb578503aa64042c66571649844d93257489c1b658140e4c194c329a1a2c0117d123a45b213a118dd608bd6bdb2e0a6782f785321ff48eac4158ad9efb3737a6cfbb21d0dba732558493aa09dfa7fa41b4922e4e205a4792c9694661a18eff0d932d824f6987aa3dafa7ddc9b0acd70d43263c78dde88b7c665abbeec1cf1016ddc321f713cc3c149eeda6443b5b278eb3a05b08d510650b055d3193c4d5bbe084431cc40a626e81827d8bf2379435ada42a99569b35faa3af53f90f4dcf7a7d1c2e6fe4d7739b135981d40ba00de019909748640d554a159e552c6a7a7c77b213fad40dd785cc4ee983266b3377fbc7845a44992f82656b8240c169697599074348a4bac29423612e4c0ba89a66d08033b54b4d8f8704ab9470fe6316dc6ba610b7f3c1b0428607b13d2cfbed5c82d9214a1e97edaa27ed011d42800467fd54cddec7841f2aa513e7c8956842ea69b6b80208a4acbe9b678a9ab48a26df1cebd283f0d8e2956d8e8a4aad5b563ae75ddaf9b167d70b0e96f42a4f1c5bef1e777fedcb380707fc7ac87e249f322a01660687c04d1bbeeefeecadf86c3ef805d79964a862877cfbff40eb340f7065bc759013cbdcb25305ba6812a853b8d8e1960227826acb24311ed0e67f84565dd8858ca3be23409569e15ba75120c35dffdc8a4b7688d5d02fedf88434274b828fec979ea029405cd1e7cadc867ebdc98c4a523178715828c1a6361e60ff1f2968efc20d6888ac2a6f81e37cbc7f1e89f3421825cc278df26c8722e1672fc9672a8d0a60dded6", 0x449}], 0x2}, 0x0) sendmsg$NL80211_CMD_JOIN_MESH(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=ANY=[], 0x30}}, 0x40) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040)) close_range(r1, 0xffffffffffffffff, 0x0) 3.506760664s ago: executing program 3 (id=3176): r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) r1 = socket(0x10, 0x3, 0x0) inotify_init1(0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0) r3 = socket$vsock_stream(0x28, 0x1, 0x0) sendmsg$alg(r1, 0x0, 0x4004080) ioctl$int_in(r3, 0x5421, &(0x7f0000000240)=0x2) connect$vsock_stream(r3, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10) shutdown(r3, 0x0) sendmsg$nl_route_sched(r1, 0x0, 0x44080) r4 = epoll_create1(0x80000) r5 = openat$mice(0xffffffffffffff9c, &(0x7f0000000000), 0x2) write$P9_RSTATu(r5, &(0x7f00000004c0)={0x65, 0x7d, 0x2, {{0x0, 0x39, 0x7ff, 0x6, {0x80, 0x2}, 0x40000, 0x2, 0x81, 0x5, 0x3, '#]]', 0x1, '(', 0x0, '', 0x2, '$['}, 0x17, '({%*#\\+$:$\\{\\-!(!&}{:#}'}}, 0x65) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r5, &(0x7f0000000040)) r6 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, 0x0) r7 = syz_usb_connect$cdc_ncm(0x0, 0x6e, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r7, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r7, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r7, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r7, 0x0, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000580)=@newqdisc={0x24, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, 0x0, {}, {0xffff, 0xa}}}, 0x24}}, 0x0) syz_usb_connect$hid(0xf63067478e218e8, 0x36, &(0x7f0000000cc0)=ANY=[], 0x0) r8 = syz_usb_connect$printer(0x0, 0x36, &(0x7f0000000300)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x40, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x2, 0x10, 0xa7, [{{0x9, 0x4, 0x0, 0xe, 0x1, 0x7, 0x1, 0x3, 0x4, "", {{{0x9, 0x5, 0x1, 0x2, 0x8, 0x10, 0x1d, 0x8}}, [{{0x9, 0x5, 0x82, 0x2, 0x8, 0x0, 0x6, 0x7e}}]}}}]}}]}}, &(0x7f0000001840)={0xa, &(0x7f00000005c0)={0xa, 0x6, 0x250, 0x0, 0x6, 0xe, 0xff, 0xf}, 0x10, &(0x7f0000000600)={0x5, 0xf, 0x10, 0x1, [@wireless={0xb, 0x10, 0x1, 0xc, 0xa4, 0x90, 0x0, 0x8, 0x44}]}, 0x4, [{0x4, &(0x7f0000000640)=@lang_id={0x4, 0x3, 0x415}}, {0xe, &(0x7f0000000680)=@string={0xe, 0x3, "2a4c58d06d3901f41b3a63bb"}}, {0x0, 0x0}, {0x4, &(0x7f0000000740)=@lang_id={0x4, 0x3, 0x40e}}]}) syz_usb_control_io$printer(r8, &(0x7f0000001a00)={0x14, &(0x7f00000018c0)={0x40, 0x23, 0x2, {0x2, 0x23}}, &(0x7f0000001980)={0x0, 0x3, 0x79, @string={0x79, 0x3, "d06e3f4f970d6d7f6becf9991cbb197a75b8e4069280b74a139156ef67690ea7d84c98b7d96e8af3ba0a71f75f8dd4d74a8034b5e87ba2e2722fb7981a9476a9502538f4dd03e239a7290e956947342a01f2229383fe9b4ac6eda2e9e9ed4ab9668f10f624fc0ee1b46594d34e269a891d7015001175e7"}}}, &(0x7f0000001c40)={0x34, &(0x7f0000001a40)={0x40, 0xd, 0x7, "93d3c9ff43d22f"}, &(0x7f0000001a80)={0x0, 0xa, 0x1, 0x8}, &(0x7f0000001ac0)={0x0, 0x8, 0x1, 0x8}, &(0x7f0000001b00)={0x20, 0x0, 0x81, {0x7f, "a417231329a78f8553a158e1560bdf110dac0fc89690b3881e49da0be7f6dceeb5795719fc654df0e81e122dd890aa3ef88ac96a323e5d9b81030eeeabb99807724eba0e79b55bbb7d28a46cc7e0bf327ef643543b04b16cd56592b7bea2d3965c2a1e6e58646ea13d0c7deac805e4dd46a404e73e58f7c1ad2d8985e68fed"}}, &(0x7f0000001bc0)={0x20, 0x1, 0x1, 0x4}, 0x0}) ioctl$FIONREAD(r0, 0x541b, 0x0) 3.251555226s ago: executing program 2 (id=3177): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[], 0x28}, 0x1, 0x1000000000000000}, 0x0) syz_io_uring_setup(0x231, &(0x7f0000000080)={0x0, 0x0, 0x10101}, &(0x7f0000000300), &(0x7f0000000000)) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_GET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="3800000001020101000000000000000002000000240001801400018008000100"], 0x38}, 0x1, 0x0, 0x0, 0x40}, 0x0) 3.020548465s ago: executing program 2 (id=3178): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x12, 0x0, 0x0, &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x6, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x8, &(0x7f0000000300)={0x6}, 0x8, 0x10, &(0x7f0000002180), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) syz_mount_image$hfsplus(&(0x7f00000001c0), &(0x7f00000002c0)='./file0\x00', 0xa00010, &(0x7f0000000700)=ANY=[@ANYBLOB='nodecomp\a\x00e,decompnsd=\x00'/36, @ANYRESHEX, @ANYBLOB="2c6e6c733d69736f383835392d310000000072726965722c00bcd0f0b5c4e2957974ff5d7ea3c3dcee087e4983684e8a4c4e4e87b134e30ce77162b12885b964b3506ff3eae0f3599447b17861d19be78079e5dd7bdc7f1eb36e31ac14de48349767164f5f6431bbdeaef96a4f2bce64b5cfa76ce3a2c4302374bc5535d7e2eb8dfb2e5d58a37b7e37836597c21f51bcdf6df4cad825cfd9ef5ee9e89e04b15cd3cea9e152d67b9a7eedc5dfe6d85a3ce7c342da8cc969b552197cb8bcc4a1009f38f4a85b7c742101ba5bc03115feca2b994c699812"], 0x6, 0x635, &(0x7f0000000c80)="$eJzs3c1rHOcdB/DvrFZryQVHSezELYGKGNJSUVsvKK16iVtK0SGUkB56FrYcC6+VIClFCaWo79BTD/kD0oNuPRV6N6Tn9parjoFCLznppjKzs9LaWil6s1ZqPx/z7PM888w888xvZ2Zndi0mwP+t+Yk0n6TI/MTb62V9a3OmvbU5c6Vubicpy42k2clSLCfFZ8nddFK+Xk6s5y8OWs8nS3Pvfv7l1hedWrNO1fyNw5Y7mo06ZTzJUJ0/o/Wn4/Q33CmU/dzr398xFLtbWAbsVjdwMGg7+2wcZ/FTHrfARVB0Pjf3GUuuJhmprwNSnx0a5zu6s3essxwAAABcUi9sZzvruTbocQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBlUj//v6hTo1seT9F9/n+rnpa6fKk9GfQAAAAAAAAAAOAMfHM721nPtW59p6h+83+9qlyvXr+WD7OaxazkdtazkLWsZSVTScZ6OmqtL6ytrUwdYcnpvktOn8/2AgAAAAAAAMD/qN9kfu/3fwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGKShOi86xaJO17vlsTSaSUaStMr5NpJ/dcuXRNFv4pPzHwcAAACcysgJlnlhO9tZz7Vufaeo7vlfqe6XR/JhlrOWpaylncXcr++hy7v+xtbmTHtrc+Zxmfb3+8P/HGsYVY+7X0P0W/PNao7RPMhSNeV27lWDuZ9GtWTpZnc8/cf163JMxVu1I47sfp2XK/vzQd8iDMRYFZHh3YhM1mMro/Hi4ZH4yneneeiaptLY/ebn+nOI+dU6L7fnDxcz5o1UkZju2fteOTwSybf+/tefP2wvP3r4YHXi4mzSCT27T8z0ROLVSx2J5jHnn6wicWO3Pp+f5GeZyHjeyUqW8ossZC2L2anbF+r9uXwdOzxSd5+qvfNVI2nV70vnLHqUMY3nx1VpIa9Xy17LUoq8n/tZzJvVv+lM5XuZzWzmet7hGweOu9q26qhvHO+ov/XtujCa5I91Pmidj9Qyri/2xLX3nDtWtfVO2YvSS2d/bmx+oy6U6/htnV8Mz0ZiqicSLx8eib9Ux8Zqe/nRysOFDw7of+OZ+ht1Xu5xv79QnxLl/vJSRuozydN7R9n28u5Z5ul4tepfXDptjX1tN6q2ougeqT898Eht1ddw+3uartpe7ds2U7Xd7Gl76nor76e9ez0EwAV29TtXW6P/Hv3n6Kejvxt9OPr2yI+ufP/Ka60M/2P4B83JoTcarxV/y6f51d79PwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcHKrH338aKHdXlzpX2gc3HS2haJ+kM95rEth0IXuQwRP3eHdC7E5l7owlKRfU/0WneThosClcGft8Qd3Vj/6+LtLjxfeW3xvcXl4dnZucm72zZk7D5bai5Od10GPEnge9j70+7cXF+oBmwAAAAAAAAAAAECO9vc2O/X//zvxXxoMehsBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAy21+Is0nKTI1eXuyrG9tzrTL1C3vzdlM0mgkxS+T4rPkbjopYz3dFW8dsJ5Plube/fzLrS/2+mpW85ed1vkpbNQp40mG6vys+rt36v6K3S0sA3arGzgYtP8GAAD//+IHAOM=") prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = open_tree(0xffffffffffffff9c, &(0x7f0000002100)='./file0\x00', 0x9100) ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f0000002140)=ANY=[@ANYBLOB="040000000000000075020000000000000800000000000000f90a00000000000001000000"]) r5 = openat$udambuf(0xffffffffffffff9c, &(0x7f00000000c0), 0x2) r6 = memfd_create(&(0x7f0000000140)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\xea7\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x3) ftruncate(r6, 0xffff) pipe2$9p(0x0, 0x0) fcntl$addseals(r6, 0x409, 0x7) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r4, 0xc0a85320, &(0x7f0000000180)={{0x80, 0x5}, 'port1\x00', 0x0, 0x40816, 0x0, 0x0, 0x3, 0xffffca40, 0x8, 0x0, 0xb, 0x10}) r7 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(r7, 0xc0a85352, &(0x7f0000000200)={{0x80}, 'port0\x00'}) r8 = ioctl$UDMABUF_CREATE(r5, 0x40187542, &(0x7f0000000000)={r6, 0x0, 0x0, 0x10000}) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x11, r8, 0x0) r9 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r9, &(0x7f0000002240)={0x2, 0x4e20, @rand_addr=0x64010102}, 0x10) sendmmsg$inet(r9, &(0x7f0000001340)=[{{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f00000021c0)}], 0x1}}], 0x1, 0x20000001) 2.878224607s ago: executing program 0 (id=3179): ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wlan0\x00'}) ioctl$TCSETSF2(0xffffffffffffffff, 0x402c542d, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) r0 = getpid() ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) sched_setaffinity(0x0, 0x0, 0x0) ioctl$sock_inet_SIOCGIFBRDADDR(0xffffffffffffffff, 0x8919, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, 0x0, 0x0) syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301) ioctl$KDFONTOP_SET(0xffffffffffffffff, 0x4b72, &(0x7f00000005c0)={0x0, 0x0, 0x2, 0x9, 0x15d, &(0x7f0000000100)="446fc663446b56e2e2d54fdca9bc6c277be78dc858795e7da44afc40ea401de4192735741ee8fa5867cc2551538b80251003b42f7397fc90dc5ea5500d0b2bfea0d8e9338361b0cbe6bf30903c1fa3fa3c9aadfb0603c707e7868bf9c404e7cc52d5fca2808808c4ced4db4601cbeb74b3e877ef54334142c4005c4513f1dacfc2d1ae0b229cab1e4a026c7a3a9ba51fee4f544508090b54941cb27d0a899c58ccb0586f86a2bcd78dc315ad4b52b60fb5b76a310252711785bc2e00022a853a20932b5c2905380148d700149c3bbfe872a512f445ef80dd8153d4e2d047a089ed1a00acc5dd7aca8bef5ab26286889cab9a695968820ce9358ec304b330e3fd0a6e0da254ae1e04125b1159bb8cbf13865f2c565c01b34d515dd5f744d6cddcee84dc90f29a37c4cd4affe1364b520157fa7123ed2237acea09d02094146e6b3ff2a0910cb403c532a5ecacd3d26f5658884af39b575b4045e15d9e7fc2cba4eb63662ec8303caab487746cd4d8c8f9426bb2a4fc6cd94715192eb4ecfa5561e9f2b19d0aceb4df2613b424e573aea9f6cbd1ace28f27578bad99bb7e2f26e063c48945f9ee4900c61c63de280a72719a2ac4459588a2b467520117eb86b559c756eb12f8dceff3643cc2c804eee8560c041b8c1dcd798b723ac54ce515403b99d13b2eb3534c258e46979dc20a4772997ca8553abcad135e46e0834d317320a158d530a62b87c34d2dfef23d965cc9cce45234c9eaae2ec3a6be787569e9e267df2cb5d5c53a620f12065f9aa8920f71afa121b0164a694542a7ba36fc7a13738065fd4f8dae40e8a920f2dfecb3429b71affa50e1ffd21591c0d06fc36cb4c51eeb8f5ef1393e1694bd065bebe9468c792bbfa826aee0f4b0c75facf1a4ea5a89dfd08cf6c541133b6b81406c1f66649e212535065e913dcc64c12f10714f81dffe550d925b0e17bb3dd5da212a627b11c09049c0f63087511628e210d6c54696cc45ce9d4c7188429802e2d6fa68ab28bb103e28c8ebc38edeb400e88b352f8aee174337bfa8e14240c3a2275f631323f1eb2ef7f7933ad673f32cd6034128d70c8ad78218420c7f7c2e011cc2d07d5cf8407c3a02ecf605c3bb5bb335525c8779d372a555a3bbb5e4f5d6a73b31802a725b66ff2ae0d659a0f50a41be9925adddd9cd7f5b77e4cfabadd422c2e9bdb1a81403a96ee6112d26eb7b5d2fd6f213f2744890123e8b9ceb8c02dd29c7d8cb68091e5adfeb7b2bf492feaafff3fce4ccaccdf2c4a3af4be35bff96afd85f58052f2ed939cc90372a7937949e67c9d7ccd399ac69d3a0ef755abc98a5c515c6e23f88c0856babb8fbbeea00ab091930f93bc9b2a8e4628bb6f784fd3838e35bf4db500efb1945c7a7e567496888b476fa68f2cd501f7771279933300e6c9800"}) socket$nl_route(0x10, 0x3, 0x0) keyctl$join(0x1, &(0x7f000001a400)={'syz', 0x3}) 2.093876233s ago: executing program 0 (id=3180): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x169802, 0x0) write$binfmt_script(r0, 0x0, 0x0) 1.89948203s ago: executing program 0 (id=3181): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r0 = io_uring_setup(0x7, &(0x7f00000000c0)={0x0, 0x3, 0x0, 0x40000}) io_uring_enter(r0, 0x0, 0x54aa, 0x5, 0x0, 0x0) 1.887485501s ago: executing program 2 (id=3182): syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, &(0x7f0000000580)="670fea4700b9800000c00f3235000400000f306636660f388285440000008f0878c23b00640f01c9c462b139d0c4e3516d9ad73a0000000fc76cd7e8c4c2f922c90f01dd", 0x44}], 0x1, 0x0, 0x0, 0x0) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0x4008af12, &(0x7f0000000080)={0x1, 0x7f}) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, 0x0) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/85, &(0x7f0000000480)=""/65}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0xfffffeac, &(0x7f00000001c0)=""/115}]}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc, @void, @value}, 0x90) 1.625711533s ago: executing program 2 (id=3183): r0 = openat$vimc0(0xffffffffffffff9c, &(0x7f0000002d40), 0x2, 0x0) ioctl$VIDIOC_QUERYCAP(r0, 0x80685600, &(0x7f0000002d80)) 1.41955059s ago: executing program 2 (id=3184): r0 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000b40)={0x5, 0x1, 0x3, {0x9, @pix_mp={0xe, 0xc1, 0x4f565559, 0x3, 0x5, [{0x4f, 0x4}, {0xfffeffff, 0x6}, {0x1, 0x7fffffff}, {0x1, 0x10}, {0x6, 0x3}, {0x6, 0x7}, {0x9, 0x9}, {0x1, 0xfffffff0}], 0x6, 0x4, 0x2, 0x0, 0x4}}, 0xfffffffd}) 1.280261512s ago: executing program 2 (id=3185): openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup/syz0\x00', 0x200002, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000840), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f00000001c0)=0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000740)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, &(0x7f00000006c0), 0xfe, 0x24e, &(0x7f0000000400)="$eJzs3T9oJFUcB/DvzO565m6RUxtB/AMiooFwdoLN2SgciBwiggonIjbKnXBesMumsrHQWiWVTRA7o6WkCTaKYBU1RWwEDRYGCy1WZicJ+bMqusmOZD4fmMxMZub93jDzfbvNYwO01vkkF5N0kswm6SUp9p9wb72c39ldmlm7kgyHT/9SjM6r92u7151LMkjySJLVssir3WR+5fnN39afeODtG737P1x5bmaqN7lja3Pjye0PFt/65NLD819989NTRS6mf+C+jl8x5n/dIrntJIr9TxTdpnvAeAdjd/nNj7+tcn97kvtG+e+lTP3w3rl+02ovD73/Vy29+/PXd558f4GTNBz2qs/AwRBonTJJP0U5l6TeLsu5ufo7/Heds+Vr166/MfvKtRtXX256pAKOSz/ZePyzM5+eO5T/Hzt1/oHTq8r/M5eXv6+2tztN9waYirvqVZX/2RcXHoz8Q+vIP7SX/EN7yT+0l/xDe8k/nGqLf3dQ/uEU25t4Mhh7WP6hveQf2kv+ob325x8AaJfhmaZnIANNaXr8AQAAAAAAAAAAAAAAAAAAjlqaWbuyu0yr5hfvJVuPJemOq98Z/R5xcvPo79lfi+q0PUV92UReuGfCBib0UcOzr2/5odn6X97dbP2Fq8lgMcmFbvfo+1fsvH//3a3/cLz30oQF/qXi0P6jz063/mF/LDdb/9J68nk1/lwYN/6UuWO0Hj/+9KvnN2H913+fsAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACm5s8AAAD//5fFboQ=") prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x140008b}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'bridge_slave_0\x00', 0x0}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYRES32=r4], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r6, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000440)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e38e06c5fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b53606000000000000007c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df1001000000000694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34cf2645cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6424923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f580968af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff0000f5620000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb010100000000000001a047526865c888c9ff36056cc4ad258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe656c9c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d819164300"}) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1.057949941s ago: executing program 4 (id=3186): r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/partitions\x00', 0x0, 0x0) r1 = openat$sysctl(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0) sendfile(r1, r0, &(0x7f00000000c0)=0x58, 0x5) r2 = fcntl$dupfd(r1, 0x406, 0xffffffffffffffff) write$sndseq(r2, 0x0, 0x0) 334.600922ms ago: executing program 1 (id=3187): r0 = socket(0x10, 0x803, 0x0) r1 = socket(0x200000100000011, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'syz_tun\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000000c0)=ANY=[@ANYBLOB="480000001400b59500000000000000000a00", @ANYRES32=r2, @ANYBLOB="14000200fe8000000000000000000000000000aa08000900ff0f0000140001"], 0x48}}, 0x0) 107.415201ms ago: executing program 3 (id=3188): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000000c0)='bond0\x00', 0x10) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0xfef2) sched_setaffinity(0x0, 0xffffffffffffffca, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r2 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000640)=@raw={'raw\x00', 0x4001, 0x3, 0x1318, 0x1158, 0x0, 0x148, 0x1158, 0x148, 0x1280, 0x240, 0x240, 0x1280, 0x240, 0x7fffffe, 0x0, {[{{@ip={@multicast2, @remote, 0x0, 0x0, 'ip6gretap0\x00', 'bridge0\x00'}, 0x0, 0x10f8, 0x1158, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'lo\x00', {0x0, 0x0, 0x1ff, 0x0, 0x0, 0xed, 0x7}}}, @common=@unspec=@cgroup1={{0x1030}, {0x1, 0x0, 0x0, 0x0, './cgroup/syz0\x00'}}]}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @multicast}}}, {{@uncond, 0x0, 0xc0, 0x128, 0x0, {}, [@inet=@rpfilter={{0x28}}, @inet=@rpfilter={{0x28}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'pptp\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x1378) unshare(0x62040200) socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000a40)={'vxcan1\x00'}) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_RATE_GET(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="b70b00000000000000200f0000000e0001006e257464657673696d0000000f0002006e657464657673696d300000"], 0x34}}, 0x0) 0s ago: executing program 1 (id=3189): io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x2000000, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2, 0x0, 0x406, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) pipe2(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RREADDIR(r0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000002600)={0xffffffffffffffff}) r2 = socket(0x40000000015, 0x5, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$SO_RDS_TRANSPORT(r2, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4) bind$inet(r2, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57) sendmsg$xdp(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000680)=[{&(0x7f00000004c0)="2b0d911f56551ad9", 0x8}, {&(0x7f0000001240)="1eac4d20f8509e2139d2842c8faedef008bcac1025cbc63d2bfe0c7bbe51c5bf73985d5106bf5b5e7e5761716e35b468ea79633c916c4a8026f9408d056b8977df67c0e6fd0b1b3da5de5d003382ac95eade5dadad870ce3749452d2c1c3651ffff244be3078fdbfeb97d093bba60131e733d91c4ad38e7b52aa7afa9cb8e2351bd3f8a7a2a0425b071f6790992b8c2a51d944b0161c5c97fcdc19c2ef7c66ccc23c77a28a34b216c429444343ea056f171399dc03d56a1131ba74d31fc1012d3deff0e43309fc9e3b88bec90a7680aa74ccd581e02eb436a0009fa62097513d0c9533256d81978fae39288edcb833739d2988ccf5a564bc00edd1ab0853b873cbab3ef227f11325d72dbe2f435351610d01d0f74e180df6eaa94651336e7713414e499586edd5693e587a186fcb68a973e823e61a072aaa4fb9e3a03ff4c17c9e343684255efba0d1b149b22c2d81f1ac5eaccaab01ab108178e97eb8a45d5d6cdeca0d6b9af9f88cfee58935be6902ac7c6915d60548367d164990b142d472b9b5700191b10f78fb36bcde646385dcf5cb7adf1ec70baef4061d2da93d2f5eefae1081374d58ab54532755c1b8bf303584296145e9aad2e3ccef93f30da9c102db5cfe346baba2fd3f157cb6e825e607365ff8c6187e216dc4072e582874ce63166405e21644015f99d5713165a377bfdc3143928e8469b4e312ce1f9dff83fe7c8d9fca791af2b46f1650e3937c9ab589d5f93fb578503aa64042c66571649844d93257489c1b658140e4c194c329a1a2c0117d123a45b213a118dd608bd6bdb2e0a6782f785321ff48eac4158ad9efb3737a6cfbb21d0dba732558493aa09dfa7fa41b4922e4e205a4792c9694661a18eff0d932d824f6987aa3dafa7ddc9b0acd70d43263c78dde88b7c665abbeec1cf1016ddc321f713cc3c149eeda6443b5b278eb3a05b08d510650b055d3193c4d5bbe084431cc40a626e81827d8bf2379435ada42a99569b35faa3af53f90f4dcf7a7d1c2e6fe4d7739b135981d40ba00de019909748640d554a159e552c6a7a7c77b213fad40dd785cc4ee983266b3377fbc7845a44992f82656b8240c169697599074348a4bac29423612e4c0ba89a66d08033b54b4d8f8704ab9470fe6316dc6ba610b7f3c1b0428607b13d2cfbed5c82d9214a1e97edaa27ed011d42800467fd54cddec7841f2aa513e7c8956842ea69b6b80208a4acbe9b678a9ab48a26df1cebd283f0d8e2956d8e8a4aad5b563ae75ddaf9b167d70b0e96f42a4f1c5bef1e777fedcb380707fc7ac87e249f322a01660687c04d1bbeeefeecadf86c3ef805d79964a862877cfbff40eb340f7065bc759013cbdcb25305ba6812a853b8d8e1960227826acb24311ed0e67f84565dd8858ca3be23409569e15ba75120c35dffdc8a4b7688d5d02fedf88434274b828fec979ea029405cd1e7cadc867ebdc98c4a523178715828c1a6361e60ff1f2968efc20d6888ac2a6f81e37cbc7f1e89f3421825cc278df26c8722e1672fc9672a8d0a60dded6", 0x449}], 0x2}, 0x0) sendmsg$NL80211_CMD_JOIN_MESH(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)=ANY=[], 0x30}}, 0x40) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040)) close_range(r1, 0xffffffffffffffff, 0x0) kernel console output (not intermixed with test programs): 770][T15001] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1327.272661][T15001] device bridge_slave_1 left promiscuous mode [ 1327.279089][T15001] bridge0: port 2(bridge_slave_1) entered disabled state [ 1327.650147][T15001] device bridge_slave_0 left promiscuous mode [ 1327.674253][T15001] bridge0: port 1(bridge_slave_0) entered disabled state [ 1327.713709][ T9640] Bluetooth: hci0: command 0x0406 tx timeout [ 1327.765515][T15001] device veth1_macvtap left promiscuous mode [ 1327.772857][T15001] device veth0_macvtap left promiscuous mode [ 1327.843518][T15001] device veth1_vlan left promiscuous mode [ 1327.873924][T15001] device veth0_vlan left promiscuous mode [ 1328.073822][T16112] netlink: 116 bytes leftover after parsing attributes in process `syz.2.2252'. [ 1328.651817][T16117] loop1: detected capacity change from 0 to 1024 [ 1328.696947][T16117] hfsplus: unable to parse mount options [ 1328.946558][T16121] loop2: detected capacity change from 0 to 128 [ 1328.957448][T16121] EXT4-fs (loop2): VFS: Found ext4 filesystem with invalid superblock checksum. Run e2fsck? [ 1329.278481][T16121] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns [ 1329.287098][T16121] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1329.890053][T16130] loop3: detected capacity change from 0 to 8 [ 1329.907070][T16130] squashfs: Unknown parameter '' [ 1333.573531][T16150] binder: 16149:16150 ioctl c0306201 20000380 returned -14 [ 1333.671535][T15001] team0 (unregistering): Port device team_slave_1 removed [ 1333.772383][T15001] team0 (unregistering): Port device team_slave_0 removed [ 1333.830139][T15001] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1333.952376][T15001] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1334.335015][T16160] netlink: 116 bytes leftover after parsing attributes in process `syz.3.2264'. [ 1335.334722][T16169] loop3: detected capacity change from 0 to 1024 [ 1335.343100][T16169] hfsplus: unable to parse mount options [ 1335.512175][T15001] bond0 (unregistering): Released all slaves [ 1336.626869][T16180] loop0: detected capacity change from 0 to 8 [ 1336.826346][T16180] squashfs: Unknown parameter '' [ 1338.359659][T16080] netlink: 'syz.4.2244': attribute type 4 has an invalid length. [ 1338.657946][T16195] loop3: detected capacity change from 0 to 1024 [ 1338.694966][T16195] hfsplus: unable to parse mount options [ 1338.791942][T16202] netlink: 116 bytes leftover after parsing attributes in process `syz.2.2276'. [ 1339.653763][T16215] loop2: detected capacity change from 0 to 1024 [ 1339.671437][T16216] loop1: detected capacity change from 0 to 512 [ 1339.712778][T16213] netlink: 'syz.1.2279': attribute type 4 has an invalid length. [ 1339.722495][T16215] hfsplus: unable to parse mount options [ 1339.874316][ T3620] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 1340.622827][T16192] chnl_net:caif_netlink_parms(): no params data found [ 1340.705247][T16216] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1340.843811][ T4041] Bluetooth: hci3: command 0x0409 tx timeout [ 1340.850492][T16216] ext4 filesystem being mounted at /52/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1341.723001][ T3620] usb 1-1: Using ep0 maxpacket: 32 [ 1341.777429][T16192] bridge0: port 1(bridge_slave_0) entered blocking state [ 1341.826890][T16192] bridge0: port 1(bridge_slave_0) entered disabled state [ 1341.869599][T16192] device bridge_slave_0 entered promiscuous mode [ 1341.878398][T16192] bridge0: port 2(bridge_slave_1) entered blocking state [ 1341.885524][T16192] bridge0: port 2(bridge_slave_1) entered disabled state [ 1341.894457][T16192] device bridge_slave_1 entered promiscuous mode [ 1342.023529][ T3620] usb 1-1: New USB device found, idVendor=05ac, idProduct=023f, bcdDevice=e0.d8 [ 1342.131414][ T3620] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1342.475143][ T3620] usb 1-1: config 0 descriptor?? [ 1342.503910][ T3620] usb 1-1: can't set config #0, error -71 [ 1342.522247][ T3620] usb 1-1: USB disconnect, device number 6 [ 1342.605088][T16249] loop3: detected capacity change from 0 to 8 [ 1342.662957][T16255] loop0: detected capacity change from 0 to 1024 [ 1342.675422][T16249] squashfs: Unknown parameter '' [ 1342.677870][T16192] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1342.695265][T16255] hfsplus: unable to parse mount options [ 1342.730158][T16257] loop1: detected capacity change from 0 to 128 [ 1342.753037][T16192] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1342.933857][ T3620] Bluetooth: hci3: command 0x041b tx timeout [ 1343.225942][T16263] netlink: 116 bytes leftover after parsing attributes in process `syz.2.2289'. [ 1344.566338][T16257] EXT4-fs (loop1): VFS: Found ext4 filesystem with invalid superblock checksum. Run e2fsck? [ 1344.682610][T16268] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns [ 1344.694494][T16268] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1345.124137][ T9640] Bluetooth: hci3: command 0x040f tx timeout [ 1345.261525][T16192] team0: Port device team_slave_0 added [ 1345.332899][T16273] loop3: detected capacity change from 0 to 1024 [ 1345.335105][T16192] team0: Port device team_slave_1 added [ 1345.365991][T16273] hfsplus: unable to parse mount options [ 1345.560052][T16192] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1345.600694][T16282] loop1: detected capacity change from 0 to 512 [ 1345.695378][T16192] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1346.073746][T16192] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1346.294921][T16280] netlink: 'syz.1.2295': attribute type 4 has an invalid length. [ 1346.354357][T16192] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1346.383939][T16192] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1346.481498][T16282] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1347.797950][T16192] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1347.830317][ T3620] Bluetooth: hci6: command 0x0406 tx timeout [ 1347.832532][T16282] ext4 filesystem being mounted at /54/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1347.855030][T15454] Bluetooth: hci3: command 0x0419 tx timeout [ 1348.716396][T16310] loop2: detected capacity change from 0 to 8 [ 1348.734880][T16308] loop1: detected capacity change from 0 to 1024 [ 1348.755136][T16308] hfsplus: unable to parse mount options [ 1348.767987][T16310] squashfs: Unknown parameter '' [ 1348.811210][T16311] netlink: 116 bytes leftover after parsing attributes in process `syz.3.2301'. [ 1349.577953][T16192] device hsr_slave_0 entered promiscuous mode [ 1349.671784][T16192] device hsr_slave_1 entered promiscuous mode [ 1349.682249][T16192] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1349.709714][T16192] Cannot create hsr debugfs directory [ 1349.772485][T16315] tipc: Invalid UDP bearer configuration [ 1349.772533][T16315] tipc: Enabling of bearer rejected, failed to enable media [ 1349.917522][T16321] loop3: detected capacity change from 0 to 128 [ 1350.169834][T16321] EXT4-fs (loop3): VFS: Found ext4 filesystem with invalid superblock checksum. Run e2fsck? [ 1351.095511][T16192] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1351.254655][T16333] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns [ 1351.264364][T16333] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1351.736297][T16335] loop0: detected capacity change from 0 to 1024 [ 1351.743841][T16192] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1351.774746][T16335] hfsplus: unable to parse mount options [ 1351.827395][T16192] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1354.257432][T12302] Bluetooth: hci2: command 0x0406 tx timeout [ 1355.269466][T16341] netlink: 'syz.2.2312': attribute type 4 has an invalid length. [ 1355.606175][T16341] loop2: detected capacity change from 0 to 512 [ 1355.701902][T16192] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1355.963047][T16356] netlink: 116 bytes leftover after parsing attributes in process `syz.3.2314'. [ 1356.095985][T16341] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1356.383492][T16341] ext4 filesystem being mounted at /38/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1356.732753][T16358] loop3: detected capacity change from 0 to 8 [ 1356.757377][T16192] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1356.784729][T16358] squashfs: Unknown parameter '' [ 1356.794549][T16192] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1356.809214][T16192] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1356.837368][T16192] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1357.307238][T16192] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1358.127588][T16371] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2320'. [ 1358.173634][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1358.182183][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1358.222889][T16378] loop1: detected capacity change from 0 to 128 [ 1358.258205][T16376] loop3: detected capacity change from 0 to 1024 [ 1358.280941][T16192] 8021q: adding VLAN 0 to HW filter on device team0 [ 1358.294901][T16376] hfsplus: unable to parse mount options [ 1358.307427][T16378] EXT4-fs (loop1): VFS: Found ext4 filesystem with invalid superblock checksum. Run e2fsck? [ 1358.338507][T11297] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1358.517718][T11297] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1358.531560][T11297] bridge0: port 1(bridge_slave_0) entered blocking state [ 1358.538859][T11297] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1358.569010][T16383] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns [ 1358.761743][T11297] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1358.814208][T16383] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1360.211401][T11297] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1360.222276][T11297] bridge0: port 2(bridge_slave_1) entered blocking state [ 1360.229585][T11297] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1360.281179][T11297] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1360.290342][T11297] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1360.300613][T11297] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1360.320306][T11297] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1360.332731][T11297] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1360.358350][T11297] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1360.392573][T11297] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1360.474863][T16192] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1360.708196][T16399] loop3: detected capacity change from 0 to 512 [ 1360.743681][T16401] netlink: 116 bytes leftover after parsing attributes in process `syz.0.2324'. [ 1361.560816][ T1389] ieee802154 phy0 wpan0: encryption failed: -22 [ 1361.567281][ T1389] ieee802154 phy1 wpan1: encryption failed: -22 [ 1361.642935][T16192] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1361.663359][T16407] loop2: detected capacity change from 0 to 8 [ 1361.703135][T16407] squashfs: Unknown parameter '' [ 1361.805317][T16399] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1361.826956][T16399] ext4 filesystem being mounted at /31/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1361.846551][T11297] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1361.857141][T11297] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1361.866827][T11297] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1361.877857][T11297] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1361.887081][T11297] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1361.897048][T11297] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1361.969967][T16416] netlink: 116 bytes leftover after parsing attributes in process `syz.0.2337'. [ 1362.125018][T16391] netlink: 'syz.3.2325': attribute type 4 has an invalid length. [ 1362.896831][T16423] loop3: detected capacity change from 0 to 1024 [ 1362.904383][T16423] hfsplus: unable to parse mount options [ 1364.541379][T16436] loop1: detected capacity change from 0 to 1024 [ 1364.566399][T11297] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1364.575318][T16436] hfsplus: unable to parse mount options [ 1364.584241][T11297] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1366.669674][T16192] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1366.930697][T16454] Cannot find add_set index 0 as target [ 1366.946820][T16456] loop1: detected capacity change from 0 to 128 [ 1367.281645][T16460] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2339'. [ 1367.312320][T16456] EXT4-fs (loop1): VFS: Found ext4 filesystem with invalid superblock checksum. Run e2fsck? [ 1367.992754][T16465] netlink: 'syz.2.2340': attribute type 4 has an invalid length. [ 1368.206890][T16465] loop2: detected capacity change from 0 to 512 [ 1368.290201][T16478] netlink: 116 bytes leftover after parsing attributes in process `syz.0.2341'. [ 1368.944739][T16477] loop1: detected capacity change from 0 to 1024 [ 1369.088077][T16477] hfsplus: unable to parse mount options [ 1369.361525][T16465] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1369.393823][T16465] ext4 filesystem being mounted at /43/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1370.295758][T15001] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1370.325309][T15001] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1371.281046][ T3662] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1371.331418][ T3662] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1371.359229][T16496] loop3: detected capacity change from 0 to 8 [ 1371.397114][ T3662] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1371.398155][T16498] loop2: detected capacity change from 0 to 1024 [ 1371.412308][T16498] hfsplus: unable to parse mount options [ 1371.432725][ T3662] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1371.439627][T16496] squashfs: Unknown parameter '' [ 1371.469950][T16192] device veth0_vlan entered promiscuous mode [ 1371.517288][T16192] device veth1_vlan entered promiscuous mode [ 1372.698598][T11297] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1372.721557][T11297] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1372.747835][T16192] device veth0_macvtap entered promiscuous mode [ 1372.781500][T16510] Cannot find add_set index 0 as target [ 1372.802384][T16192] device veth1_macvtap entered promiscuous mode [ 1372.912603][T16192] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1372.969600][T16192] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1372.980544][T16192] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1372.999550][T16192] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1373.010924][T16192] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1373.023440][T16192] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1373.029904][T16517] loop1: detected capacity change from 0 to 128 [ 1373.071328][T16192] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1373.103810][T16192] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1373.142866][T16192] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1373.154532][T16192] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1373.184928][T16192] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1373.206598][T16192] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1373.217877][T16192] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1373.228925][T16192] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1373.234310][T16517] EXT4-fs (loop1): VFS: Found ext4 filesystem with invalid superblock checksum. Run e2fsck? [ 1373.240365][T16192] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1373.283860][T16192] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1373.294842][T16192] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1373.305344][T16192] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1373.319953][T16192] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1373.332336][T16192] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1373.343295][T16192] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1373.361060][T16192] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1373.371890][T16515] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2351'. [ 1373.422520][T15001] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1374.012069][T16517] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns [ 1374.020712][T16517] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1374.078469][T15001] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1374.130846][T15001] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1374.159431][T15001] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1374.176307][T15001] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1374.222583][T16192] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1374.270320][T16192] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1374.431509][T16192] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1374.441009][T16192] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1374.533763][T16529] netlink: 116 bytes leftover after parsing attributes in process `syz.2.2353'. [ 1375.381126][T15471] device hsr_slave_0 left promiscuous mode [ 1375.402433][T15471] device hsr_slave_1 left promiscuous mode [ 1375.437817][T15471] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1375.485517][T15471] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1375.509785][T15471] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1375.531578][T15471] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1376.373336][T15471] device bridge_slave_1 left promiscuous mode [ 1376.394614][T15471] bridge0: port 2(bridge_slave_1) entered disabled state [ 1376.422768][T15471] device bridge_slave_0 left promiscuous mode [ 1376.430491][T15471] bridge0: port 1(bridge_slave_0) entered disabled state [ 1376.464627][T15471] device veth1_macvtap left promiscuous mode [ 1376.470699][T15471] device veth0_macvtap left promiscuous mode [ 1376.504513][T15471] device veth1_vlan left promiscuous mode [ 1376.520846][T15471] device veth0_vlan left promiscuous mode [ 1377.112723][T15471] team0 (unregistering): Port device team_slave_1 removed [ 1377.153683][T15471] team0 (unregistering): Port device team_slave_0 removed [ 1377.177778][T15471] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1377.196122][T15471] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1377.306125][T15471] bond0 (unregistering): Released all slaves [ 1377.375098][T16537] netlink: 'syz.2.2356': attribute type 4 has an invalid length. [ 1377.454281][T16544] loop1: detected capacity change from 0 to 1024 [ 1377.495610][T16544] hfsplus: unable to parse mount options [ 1377.673034][ T3662] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1377.692145][T16387] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1377.702060][T16549] netlink: 'syz.0.2367': attribute type 4 has an invalid length. [ 1377.724073][ T3662] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1377.737266][T16387] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1378.137796][T16555] loop0: detected capacity change from 0 to 512 [ 1378.655916][T15001] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 1378.734158][T15001] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 1378.751516][T16562] loop1: detected capacity change from 0 to 1024 [ 1378.758831][T16555] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1378.758945][T16555] ext4 filesystem being mounted at /50/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1378.785476][T16562] hfsplus: unable to parse mount options [ 1380.004415][ T3620] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 1380.323737][ T3620] usb 4-1: Using ep0 maxpacket: 16 [ 1380.762915][T16580] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns [ 1380.773611][T16580] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1381.164012][ T3620] usb 4-1: unable to read config index 0 descriptor/all [ 1381.171096][ T3620] usb 4-1: can't read configurations, error -71 [ 1381.423881][T16586] netlink: 116 bytes leftover after parsing attributes in process `syz.1.2365'. [ 1382.002094][T16594] Cannot find add_set index 0 as target [ 1382.037944][T16595] loop2: detected capacity change from 0 to 8 [ 1383.069983][T16595] squashfs: Unknown parameter '' [ 1383.270185][T16596] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2366'. [ 1383.519454][T16607] loop3: detected capacity change from 0 to 1024 [ 1383.585119][T16607] hfsplus: unable to parse mount options [ 1384.841525][T16614] loop1: detected capacity change from 0 to 1024 [ 1384.987346][T16623] loop0: detected capacity change from 0 to 1024 [ 1385.006354][T16614] hfsplus: unable to parse mount options [ 1385.025402][T16623] hfsplus: unable to parse mount options [ 1385.093707][T16625] netlink: 'syz.2.2374': attribute type 4 has an invalid length. [ 1385.128236][T16625] loop2: detected capacity change from 0 to 512 [ 1387.485506][T16625] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1387.533804][T16625] ext4 filesystem being mounted at /51/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1388.101398][T16659] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns [ 1388.110477][T16659] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1388.653183][T16662] loop2: detected capacity change from 0 to 8 [ 1388.774513][T16662] squashfs: Unknown parameter '' [ 1390.626549][T16670] Cannot find add_set index 0 as target [ 1390.658337][T16673] loop0: detected capacity change from 0 to 1024 [ 1390.795254][T16673] hfsplus: unable to parse mount options [ 1393.685103][T16693] loop1: detected capacity change from 0 to 1024 [ 1393.702449][T16680] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2386'. [ 1393.714869][T16693] hfsplus: unable to parse mount options [ 1393.922275][T16697] netlink: 'syz.0.2391': attribute type 4 has an invalid length. [ 1394.839838][T16697] loop0: detected capacity change from 0 to 512 [ 1394.847291][T16707] loop2: detected capacity change from 0 to 8 [ 1394.904506][T16707] squashfs: Unknown parameter '' [ 1394.958904][T16697] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1395.076163][T16717] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns [ 1395.088660][T16717] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1395.092210][T16697] ext4 filesystem being mounted at /54/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1397.063900][T16737] netlink: 116 bytes leftover after parsing attributes in process `syz.1.2401'. [ 1397.755478][T16739] loop0: detected capacity change from 0 to 1024 [ 1397.763001][T16739] hfsplus: unable to parse mount options [ 1398.985290][T16750] loop1: detected capacity change from 0 to 1024 [ 1399.062061][T16754] loop0: detected capacity change from 0 to 8 [ 1399.074722][T16750] hfsplus: unable to parse mount options [ 1399.138184][T16754] squashfs: Unknown parameter '' [ 1399.473697][ T3622] Bluetooth: hci4: command 0x0406 tx timeout [ 1400.221435][T16773] netlink: 'syz.1.2412': attribute type 4 has an invalid length. [ 1400.253200][T16773] loop1: detected capacity change from 0 to 512 [ 1400.267355][T16772] loop0: detected capacity change from 0 to 128 [ 1400.330525][T16772] EXT4-fs (loop0): VFS: Found ext4 filesystem with invalid superblock checksum. Run e2fsck? [ 1401.248751][T16786] loop3: detected capacity change from 0 to 1024 [ 1401.262522][T16773] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1401.299855][T16786] hfsplus: unable to parse mount options [ 1401.483887][T16773] ext4 filesystem being mounted at /80/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1402.346831][T16794] Zero length message leads to an empty skb [ 1402.613090][T16810] loop2: detected capacity change from 0 to 8 [ 1402.693825][T16810] squashfs: Unknown parameter '' [ 1402.723233][T16814] loop1: detected capacity change from 0 to 1024 [ 1402.765059][T16814] hfsplus: unable to parse mount options [ 1404.174936][T16829] loop0: detected capacity change from 0 to 128 [ 1404.221969][T16832] loop4: detected capacity change from 0 to 1024 [ 1404.255322][T16832] hfsplus: unable to parse mount options [ 1404.267252][T16829] EXT4-fs (loop0): VFS: Found ext4 filesystem with invalid superblock checksum. Run e2fsck? [ 1404.419438][T16833] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer. [ 1405.002446][T16836] Cannot find add_set index 0 as target [ 1405.817290][T16839] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2429'. [ 1406.313130][T16855] loop4: detected capacity change from 0 to 1024 [ 1406.375180][T16855] hfsplus: unable to parse mount options [ 1406.406731][T16858] netlink: 'syz.0.2432': attribute type 4 has an invalid length. [ 1406.497385][T16860] loop0: detected capacity change from 0 to 512 [ 1408.419439][ T26] audit: type=1326 audit(1729371590.273:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16850 comm="syz.1.2434" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1b05f6ff9 code=0x7fc00000 [ 1409.008876][T16882] loop2: detected capacity change from 0 to 1024 [ 1409.045794][T16860] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1409.074504][T16882] hfsplus: unable to parse mount options [ 1409.155052][T16885] loop3: detected capacity change from 0 to 128 [ 1409.300502][T16860] ext4 filesystem being mounted at /64/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1409.325436][T16885] EXT4-fs (loop3): VFS: Found ext4 filesystem with invalid superblock checksum. Run e2fsck? [ 1410.268089][T16895] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer. [ 1411.075468][T16910] loop1: detected capacity change from 0 to 1024 [ 1411.137627][T16910] hfsplus: unable to parse mount options [ 1411.151199][T16914] loop3: detected capacity change from 0 to 8 [ 1411.270639][T16914] squashfs: Unknown parameter '' [ 1412.255573][T16932] netlink: 'syz.0.2453': attribute type 4 has an invalid length. [ 1412.351011][T16934] loop4: detected capacity change from 0 to 1024 [ 1412.395169][T16934] hfsplus: unable to parse mount options [ 1412.432395][T16932] loop0: detected capacity change from 0 to 512 [ 1416.254837][T16932] EXT4-fs warning (device loop0): ext4_multi_mount_protect:403: Unable to create kmmpd thread for loop0. [ 1416.300279][T16942] loop3: detected capacity change from 0 to 128 [ 1416.339256][T16942] EXT4-fs (loop3): VFS: Found ext4 filesystem with invalid superblock checksum. Run e2fsck? [ 1416.749103][T16942] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns [ 1416.757722][T16942] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1417.600802][T16388] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 1417.820668][T16971] loop0: detected capacity change from 0 to 8 [ 1417.928382][T16971] squashfs: Unknown parameter '' [ 1418.014450][T16388] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1418.063850][T16388] usb 5-1: config 0 has no interfaces? [ 1418.069380][T16388] usb 5-1: New USB device found, idVendor=1908, idProduct=1315, bcdDevice= 0.00 [ 1418.087225][T16388] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1418.160538][T16388] usb 5-1: config 0 descriptor?? [ 1418.430107][T16952] udc-core: couldn't find an available UDC or it's busy [ 1418.458999][T16952] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 1418.493810][ T4850] usb 5-1: USB disconnect, device number 8 [ 1419.096742][T16990] loop4: detected capacity change from 0 to 1024 [ 1419.135151][T16990] hfsplus: unable to parse mount options [ 1420.229238][ T4850] Bluetooth: hci1: command 0x0406 tx timeout [ 1420.348547][T16995] loop1: detected capacity change from 0 to 128 [ 1420.361022][T16996] loop4: detected capacity change from 0 to 1024 [ 1420.425125][T16996] hfsplus: unable to parse mount options [ 1420.611663][T16995] EXT4-fs (loop1): VFS: Found ext4 filesystem with invalid superblock checksum. Run e2fsck? [ 1421.623415][T17005] netlink: 'syz.4.2473': attribute type 4 has an invalid length. [ 1421.633780][T17007] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns [ 1421.645770][T17007] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1422.166426][T17009] loop4: detected capacity change from 0 to 512 [ 1422.404069][T17009] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1422.425463][T17009] ext4 filesystem being mounted at /22/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1422.926056][ T1389] ieee802154 phy0 wpan0: encryption failed: -22 [ 1422.932438][ T1389] ieee802154 phy1 wpan1: encryption failed: -22 [ 1423.062029][T17035] loop0: detected capacity change from 0 to 1024 [ 1423.130772][T17035] hfsplus: unable to parse mount options [ 1423.281427][T17039] loop4: detected capacity change from 0 to 8 [ 1423.404868][T17039] squashfs: Unknown parameter '' [ 1423.466867][T17041] loop3: detected capacity change from 0 to 1024 [ 1423.505692][T17041] hfsplus: unable to parse mount options [ 1425.757402][T17050] loop3: detected capacity change from 0 to 128 [ 1425.788408][T17050] EXT4-fs (loop3): VFS: Found ext4 filesystem with invalid superblock checksum. Run e2fsck? [ 1426.064482][T17055] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns [ 1426.072896][T17055] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1427.069318][T17067] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2491'. [ 1427.331332][T17076] netlink: 'syz.0.2493': attribute type 4 has an invalid length. [ 1427.512821][T17076] loop0: detected capacity change from 0 to 512 [ 1427.730010][T17076] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1427.757362][T17076] ext4 filesystem being mounted at /74/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1428.252645][T17088] loop3: detected capacity change from 0 to 1024 [ 1428.304899][T17088] hfsplus: unable to parse mount options [ 1430.067955][T17096] device syz_tun entered promiscuous mode [ 1430.101919][T17096] device vlan2 entered promiscuous mode [ 1430.121249][T17101] loop3: detected capacity change from 0 to 1024 [ 1430.175371][T17096] device syz_tun left promiscuous mode [ 1430.185592][T17101] hfsplus: unable to parse mount options [ 1430.194055][T17106] loop2: detected capacity change from 0 to 128 [ 1430.357314][T17106] EXT4-fs (loop2): VFS: Found ext4 filesystem with invalid superblock checksum. Run e2fsck? [ 1432.283011][T17133] netlink: 'syz.1.2507': attribute type 4 has an invalid length. [ 1433.049140][T17133] loop1: detected capacity change from 0 to 512 [ 1433.206694][T17138] loop4: detected capacity change from 0 to 1024 [ 1433.275189][T17138] hfsplus: unable to parse mount options [ 1433.310069][T17133] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1433.378759][T17133] ext4 filesystem being mounted at /100/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1433.483865][T17150] loop2: detected capacity change from 0 to 1024 [ 1433.525184][T17150] hfsplus: unable to parse mount options [ 1434.577763][T17168] loop2: detected capacity change from 0 to 8 [ 1434.633348][T17168] squashfs: Unknown parameter '' [ 1435.715223][T17180] loop1: detected capacity change from 0 to 128 [ 1435.773740][T17180] EXT4-fs (loop1): VFS: Found ext4 filesystem with invalid superblock checksum. Run e2fsck? [ 1436.945962][T17201] netlink: 'syz.1.2527': attribute type 4 has an invalid length. [ 1437.120137][T17201] loop1: detected capacity change from 0 to 512 [ 1437.331131][T17201] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1437.417578][T17201] ext4 filesystem being mounted at /105/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1437.443714][T17210] loop0: detected capacity change from 0 to 1024 [ 1437.475226][T17210] hfsplus: unable to parse mount options [ 1438.681025][T17222] loop2: detected capacity change from 0 to 8 [ 1438.704390][T17222] squashfs: Unknown parameter '' [ 1438.911875][T17225] loop0: detected capacity change from 0 to 128 [ 1439.117560][T17225] EXT4-fs (loop0): VFS: Found ext4 filesystem with invalid superblock checksum. Run e2fsck? [ 1441.007870][T17253] netlink: 'syz.0.2541': attribute type 4 has an invalid length. [ 1441.086316][T17253] loop0: detected capacity change from 0 to 512 [ 1441.244863][T17253] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1441.257605][T17253] ext4 filesystem being mounted at /84/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1441.743833][ T3620] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 1441.748863][T17260] loop3: detected capacity change from 0 to 1024 [ 1441.776904][T17263] loop1: detected capacity change from 0 to 1024 [ 1441.815179][T17260] hfsplus: unable to parse mount options [ 1441.815270][T17263] hfsplus: unable to parse mount options [ 1444.565189][ T3620] usb 5-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc [ 1444.586234][ T3620] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1444.753824][T17279] loop4: detected capacity change from 0 to 128 [ 1444.773724][ T3620] usb 5-1: Product: syz [ 1444.788272][ T3620] usb 5-1: Manufacturer: syz [ 1444.809213][T17279] EXT4-fs (loop4): VFS: Found ext4 filesystem with invalid superblock checksum. Run e2fsck? [ 1444.835827][ T3620] usb 5-1: config 0 descriptor?? [ 1444.883910][ T3620] usb 5-1: can't set config #0, error -71 [ 1444.913844][ T3620] usb 5-1: USB disconnect, device number 9 [ 1445.508405][ T26] audit: type=1326 audit(1729371627.393:126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17283 comm="syz.3.2550" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d6a68dff9 code=0x7fc00000 [ 1445.679955][ T26] audit: type=1326 audit(1729371627.403:127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17283 comm="syz.3.2550" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f1d6a68dff9 code=0x7fc00000 [ 1445.782342][ T26] audit: type=1326 audit(1729371627.403:128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17283 comm="syz.3.2550" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d6a68dff9 code=0x7fc00000 [ 1445.888525][ T26] audit: type=1326 audit(1729371627.403:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17283 comm="syz.3.2550" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d6a68dff9 code=0x7fc00000 [ 1445.997458][ T26] audit: type=1326 audit(1729371627.403:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17283 comm="syz.3.2550" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d6a68dff9 code=0x7fc00000 [ 1446.081306][ T26] audit: type=1326 audit(1729371627.403:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17283 comm="syz.3.2550" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d6a68dff9 code=0x7fc00000 [ 1446.144308][ T26] audit: type=1326 audit(1729371627.403:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17283 comm="syz.3.2550" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d6a68dff9 code=0x7fc00000 [ 1446.199879][ T26] audit: type=1326 audit(1729371627.403:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17283 comm="syz.3.2550" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d6a68dff9 code=0x7fc00000 [ 1446.257388][ T26] audit: type=1326 audit(1729371627.403:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17283 comm="syz.3.2550" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d6a68dff9 code=0x7fc00000 [ 1446.311347][ T26] audit: type=1326 audit(1729371627.403:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17283 comm="syz.3.2550" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d6a68dff9 code=0x7fc00000 [ 1446.600004][T17307] loop2: detected capacity change from 0 to 8 [ 1446.644658][T17307] squashfs: Unknown parameter '' [ 1446.729424][T17311] loop4: detected capacity change from 0 to 1024 [ 1446.765431][T17311] hfsplus: unable to parse mount options [ 1446.774154][T17312] netlink: 'syz.3.2556': attribute type 4 has an invalid length. [ 1446.952191][T17312] loop3: detected capacity change from 0 to 512 [ 1446.987398][T17315] loop0: detected capacity change from 0 to 1024 [ 1447.824785][T17315] hfsplus: unable to parse mount options [ 1448.044770][T17312] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1448.608109][T17312] ext4 filesystem being mounted at /84/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1449.476271][T17339] loop3: detected capacity change from 0 to 128 [ 1449.577330][T17339] EXT4-fs (loop3): VFS: Found ext4 filesystem with invalid superblock checksum. Run e2fsck? [ 1451.313880][T17361] loop0: detected capacity change from 0 to 1024 [ 1451.345165][T17361] hfsplus: unable to parse mount options [ 1452.201801][T17366] loop3: detected capacity change from 0 to 1024 [ 1452.294688][T17370] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 1452.342049][T17371] netlink: 'syz.2.2572': attribute type 4 has an invalid length. [ 1452.392864][T17371] loop2: detected capacity change from 0 to 512 [ 1452.566322][T17366] hfsplus: unable to parse mount options [ 1452.754601][T17371] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1452.754726][T17371] ext4 filesystem being mounted at /89/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1453.556333][T17383] loop1: detected capacity change from 0 to 8 [ 1453.721011][T17388] loop2: detected capacity change from 0 to 128 [ 1453.746226][T17383] squashfs: Unknown parameter '' [ 1453.766762][T17388] EXT4-fs (loop2): VFS: Found ext4 filesystem with invalid superblock checksum. Run e2fsck? [ 1454.063846][ T4437] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 1454.433651][ T4437] usb 4-1: Using ep0 maxpacket: 32 [ 1454.555017][ T4437] usb 4-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 1454.573175][ T4437] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 1454.582830][ T4437] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1454.641076][ T4437] usb 4-1: config 0 descriptor?? [ 1454.664145][T17392] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 1454.684844][ T4437] hub 4-1:0.0: bad descriptor, ignoring hub [ 1454.690788][ T4437] hub: probe of 4-1:0.0 failed with error -5 [ 1454.734360][ T4437] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 1455.356402][T17408] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2582'. [ 1455.400322][T17408] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2582'. [ 1455.513903][ T4437] usb 4-1: USB disconnect, device number 7 [ 1456.040039][T17425] loop0: detected capacity change from 0 to 1024 [ 1456.050275][T17426] netlink: 'syz.2.2588': attribute type 4 has an invalid length. [ 1456.081927][T17426] loop2: detected capacity change from 0 to 512 [ 1456.089855][T17425] hfsplus: unable to parse mount options [ 1456.110577][T17428] loop4: detected capacity change from 0 to 128 [ 1456.253452][T17428] EXT4-fs (loop4): VFS: Found ext4 filesystem with invalid superblock checksum. Run e2fsck? [ 1456.596952][T17426] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1457.238522][T17426] ext4 filesystem being mounted at /95/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1457.995865][T17450] loop2: detected capacity change from 0 to 8 [ 1458.044250][T17450] squashfs: Unknown parameter '' [ 1458.383886][ T3622] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 1458.763807][ T3622] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1458.782001][ T3622] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1458.827594][ T3622] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 1458.981549][ T3622] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 1459.003651][ T3622] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 1459.038999][ T3622] usb 2-1: SerialNumber: syz [ 1459.483347][T17469] loop3: detected capacity change from 0 to 1024 [ 1459.514720][T17469] hfsplus: unable to parse mount options [ 1460.714897][T17477] netlink: 'syz.2.2603': attribute type 4 has an invalid length. [ 1460.740432][T17477] netlink: 'syz.2.2603': attribute type 4 has an invalid length. [ 1460.834734][ T4850] Bluetooth: hci3: command 0x0406 tx timeout [ 1460.842354][T17477] loop2: detected capacity change from 0 to 512 [ 1460.909920][T17480] loop3: detected capacity change from 0 to 128 [ 1460.949880][T17480] EXT4-fs (loop3): VFS: Found ext4 filesystem with invalid superblock checksum. Run e2fsck? [ 1460.989367][ T3622] usb 2-1: 0:2 : does not exist [ 1461.048889][T17477] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1461.063984][T17477] ext4 filesystem being mounted at /98/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1461.211163][ T3622] usb 2-1: USB disconnect, device number 7 [ 1461.701004][T16119] udevd[16119]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1462.931348][T17511] loop3: detected capacity change from 0 to 8 [ 1463.044363][T17511] squashfs: Unknown parameter '' [ 1463.129234][T17515] loop2: detected capacity change from 0 to 1024 [ 1463.175202][T17515] hfsplus: unable to parse mount options [ 1464.650478][T17530] netlink: 'syz.0.2617': attribute type 4 has an invalid length. [ 1464.704292][T17531] netlink: 'syz.0.2617': attribute type 4 has an invalid length. [ 1464.733702][ T3622] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 1464.759681][T17530] loop0: detected capacity change from 0 to 512 [ 1465.052400][T17530] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1465.092667][T17530] ext4 filesystem being mounted at /102/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1465.183803][ T3622] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1465.194704][ T3622] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1465.204641][ T3622] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 1465.303733][ T3622] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 1465.317585][T17538] loop1: detected capacity change from 0 to 128 [ 1465.325065][ T3622] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 1465.344298][ T3622] usb 3-1: SerialNumber: syz [ 1465.428412][T17538] EXT4-fs (loop1): VFS: Found ext4 filesystem with invalid superblock checksum. Run e2fsck? [ 1466.485727][T17549] loop1: detected capacity change from 0 to 128 [ 1466.586837][T17549] EXT4-fs (loop1): VFS: Found ext4 filesystem with invalid superblock checksum. Run e2fsck? [ 1467.956451][ T3622] usb 3-1: 0:2 : does not exist [ 1468.000401][ T3622] usb 3-1: USB disconnect, device number 6 [ 1468.060784][T17561] loop2: detected capacity change from 0 to 1024 [ 1468.084891][T17561] hfsplus: unable to parse mount options [ 1468.840074][T16119] udevd[16119]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1469.216786][T17577] netlink: 'syz.4.2629': attribute type 4 has an invalid length. [ 1469.311479][T17577] netlink: 'syz.4.2629': attribute type 4 has an invalid length. [ 1469.416999][T17577] loop4: detected capacity change from 0 to 512 [ 1469.664568][T17577] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1469.666499][T17598] loop1: detected capacity change from 0 to 128 [ 1469.684174][T17577] ext4 filesystem being mounted at /46/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1469.719683][T17598] EXT4-fs (loop1): VFS: Found ext4 filesystem with invalid superblock checksum. Run e2fsck? [ 1471.063846][T12282] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 1471.473958][T12282] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1471.488781][T12282] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1471.498679][T12282] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 1471.593868][T12282] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 1471.610777][T12282] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 1471.620895][T12282] usb 4-1: SerialNumber: syz [ 1471.685781][T17630] loop0: detected capacity change from 0 to 1024 [ 1471.744516][T17630] hfsplus: unable to parse mount options [ 1472.706366][T17635] loop1: detected capacity change from 0 to 8 [ 1473.044547][T17635] squashfs: Unknown parameter '' [ 1473.125091][T17645] netlink: 'syz.0.2648': attribute type 4 has an invalid length. [ 1473.969149][T17647] netlink: 'syz.0.2648': attribute type 4 has an invalid length. [ 1474.028612][T17650] loop4: detected capacity change from 0 to 128 [ 1474.038199][T12282] usb 4-1: 0:2 : does not exist [ 1474.039455][T17645] loop0: detected capacity change from 0 to 512 [ 1474.067607][T17650] EXT4-fs (loop4): VFS: Found ext4 filesystem with invalid superblock checksum. Run e2fsck? [ 1474.112411][T12282] usb 4-1: USB disconnect, device number 8 [ 1474.272745][T17645] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1474.323730][T17645] ext4 filesystem being mounted at /112/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1475.250192][T16119] udevd[16119]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1475.638943][T17674] loop2: detected capacity change from 0 to 1024 [ 1475.724781][T17674] hfsplus: unable to parse mount options [ 1477.800233][T17699] loop4: detected capacity change from 0 to 128 [ 1477.853677][ T3620] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 1477.870475][T17699] EXT4-fs (loop4): VFS: Found ext4 filesystem with invalid superblock checksum. Run e2fsck? [ 1478.031690][T17701] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns [ 1478.041545][T17701] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1478.492056][ T3620] usb 1-1: Using ep0 maxpacket: 8 [ 1478.616028][T17705] netlink: 'syz.3.2664': attribute type 4 has an invalid length. [ 1478.624010][ T3620] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1478.644512][ T3620] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1478.659404][T17705] netlink: 'syz.3.2664': attribute type 4 has an invalid length. [ 1478.686451][ T3620] usb 1-1: New USB device found, idVendor=6666, idProduct=8804, bcdDevice= 0.00 [ 1478.764075][ T3620] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1478.770236][T17706] loop3: detected capacity change from 0 to 512 [ 1478.806348][ T3620] usb 1-1: config 0 descriptor?? [ 1478.866125][ T3620] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 1478.922998][T17714] loop1: detected capacity change from 0 to 8 [ 1478.974978][T17714] squashfs: Unknown parameter '' [ 1478.981439][T17706] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1479.000966][T17706] ext4 filesystem being mounted at /104/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1479.212640][ T4846] usb 1-1: USB disconnect, device number 7 [ 1479.507400][T17724] netlink: 'syz.2.2679': attribute type 4 has an invalid length. [ 1479.608371][T17727] netlink: 'syz.2.2679': attribute type 4 has an invalid length. [ 1479.672678][T17724] loop2: detected capacity change from 0 to 512 [ 1479.841426][T17734] loop4: detected capacity change from 0 to 1024 [ 1479.857671][T17724] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1479.898723][T17724] ext4 filesystem being mounted at /110/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1479.905282][T17734] hfsplus: unable to parse mount options [ 1481.320784][T17750] loop2: detected capacity change from 0 to 128 [ 1481.394411][T17750] EXT4-fs (loop2): VFS: Found ext4 filesystem with invalid superblock checksum. Run e2fsck? [ 1481.769840][T17752] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns [ 1481.779219][T17752] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1482.330518][T17760] netlink: 'syz.0.2688': attribute type 4 has an invalid length. [ 1482.415817][T17761] netlink: 'syz.0.2688': attribute type 4 has an invalid length. [ 1482.863681][T12311] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 1483.103649][T12311] usb 4-1: Using ep0 maxpacket: 8 [ 1483.223831][T12311] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1483.240560][T12311] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1483.259273][T12311] usb 4-1: New USB device found, idVendor=6666, idProduct=8804, bcdDevice= 0.00 [ 1483.270217][T12311] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1483.329257][T12311] usb 4-1: config 0 descriptor?? [ 1483.386259][T12311] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 1483.678041][T17785] loop0: detected capacity change from 0 to 1024 [ 1483.714988][T17785] hfsplus: unable to parse mount options [ 1483.766966][T15454] usb 4-1: USB disconnect, device number 9 [ 1484.554137][ T1389] ieee802154 phy0 wpan0: encryption failed: -22 [ 1484.560465][ T1389] ieee802154 phy1 wpan1: encryption failed: -22 [ 1485.045407][T17796] loop0: detected capacity change from 0 to 128 [ 1485.133204][T17796] EXT4-fs (loop0): VFS: Found ext4 filesystem with invalid superblock checksum. Run e2fsck? [ 1485.689237][T17806] netlink: 'syz.1.2693': attribute type 4 has an invalid length. [ 1485.733245][T17807] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns [ 1485.807694][T17807] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1485.934514][T17806] netlink: 'syz.1.2693': attribute type 4 has an invalid length. [ 1486.313005][T17811] loop4: detected capacity change from 0 to 8 [ 1486.364883][T17811] squashfs: Unknown parameter '' [ 1487.572860][T17836] loop3: detected capacity change from 0 to 1024 [ 1487.591294][T17836] hfsplus: unable to parse mount options [ 1487.871635][ T3616] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 1488.893668][ T3616] usb 2-1: Using ep0 maxpacket: 8 [ 1489.183826][ T3616] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1489.197075][ T3616] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1489.214782][ T3616] usb 2-1: New USB device found, idVendor=6666, idProduct=8804, bcdDevice= 0.00 [ 1489.224494][ T3616] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1489.236119][ T3616] usb 2-1: config 0 descriptor?? [ 1489.276926][ T3616] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 1489.722796][T17855] netlink: 'syz.4.2706': attribute type 10 has an invalid length. [ 1489.732405][ T3616] usb 2-1: USB disconnect, device number 8 [ 1489.737717][T17855] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2706'. [ 1489.762810][T17855] device team0 entered promiscuous mode [ 1489.861030][T17855] device team_slave_0 entered promiscuous mode [ 1489.879187][T17855] device team_slave_1 entered promiscuous mode [ 1489.912475][T17855] bridge0: port 3(team0) entered blocking state [ 1489.957335][T17855] bridge0: port 3(team0) entered disabled state [ 1489.991572][T17855] bridge0: port 3(team0) entered blocking state [ 1489.998015][T17855] bridge0: port 3(team0) entered forwarding state [ 1490.060181][T17860] loop0: detected capacity change from 0 to 128 [ 1490.138776][T17860] EXT4-fs (loop0): VFS: Found ext4 filesystem with invalid superblock checksum. Run e2fsck? [ 1490.260843][T17863] netlink: 'syz.4.2708': attribute type 4 has an invalid length. [ 1490.900126][T17864] netlink: 'syz.4.2708': attribute type 4 has an invalid length. [ 1491.191706][T17883] loop1: detected capacity change from 0 to 1024 [ 1491.257292][T17883] hfsplus: unable to parse mount options [ 1491.436784][T17889] loop4: detected capacity change from 0 to 8 [ 1492.794778][T17889] squashfs: Unknown parameter '' [ 1492.955150][T17915] loop2: detected capacity change from 0 to 128 [ 1493.033274][T17915] EXT4-fs (loop2): VFS: Found ext4 filesystem with invalid superblock checksum. Run e2fsck? [ 1493.233601][T17919] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns [ 1493.247383][T17919] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1494.070627][T17927] netlink: 'syz.1.2725': attribute type 4 has an invalid length. [ 1494.123225][T17927] netlink: 'syz.1.2725': attribute type 4 has an invalid length. [ 1494.152004][T17924] loop0: detected capacity change from 0 to 128 [ 1494.231996][T17927] loop1: detected capacity change from 0 to 512 [ 1494.280412][T17924] EXT4-fs (loop0): VFS: Found ext4 filesystem with invalid superblock checksum. Run e2fsck? [ 1494.343486][T17927] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1494.386451][T17927] ext4 filesystem being mounted at /137/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1494.423743][ T3622] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 1494.490675][T17928] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns [ 1494.499341][T17928] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1495.193654][ T3622] usb 3-1: Using ep0 maxpacket: 8 [ 1495.315735][ T3622] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1495.333867][ T3622] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1495.350177][ T3622] usb 3-1: New USB device found, idVendor=6666, idProduct=8804, bcdDevice= 0.00 [ 1495.361396][ T3622] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1495.708162][ T3622] usb 3-1: config 0 descriptor?? [ 1495.757641][ T3622] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 1496.179922][ T4850] usb 3-1: USB disconnect, device number 7 [ 1496.875193][T17959] loop1: detected capacity change from 0 to 1024 [ 1496.944649][T17959] hfsplus: unable to parse mount options [ 1497.177884][T15454] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 1497.683665][T15454] usb 3-1: Using ep0 maxpacket: 16 [ 1497.829920][T15454] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 62320, setting to 1024 [ 1497.883734][T15454] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024 [ 1498.136243][T15454] usb 3-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 1498.161527][T15454] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1498.186747][T17983] loop1: detected capacity change from 0 to 8 [ 1498.190505][T15454] usb 3-1: Product: syz [ 1498.200130][T17983] squashfs: Unknown parameter '' [ 1498.213254][T15454] usb 3-1: Manufacturer: syz [ 1498.218278][T15454] usb 3-1: SerialNumber: syz [ 1498.232341][T17984] loop3: detected capacity change from 0 to 128 [ 1498.260481][T17986] netlink: 'syz.0.2739': attribute type 4 has an invalid length. [ 1498.744894][T15454] usb 3-1: config 0 descriptor?? [ 1498.751397][T17988] netlink: 'syz.0.2739': attribute type 4 has an invalid length. [ 1498.763931][T17957] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 1498.786987][T17984] EXT4-fs (loop3): VFS: Found ext4 filesystem with invalid superblock checksum. Run e2fsck? [ 1498.794660][T15454] hub 3-1:0.0: bad descriptor, ignoring hub [ 1498.803218][T15454] hub: probe of 3-1:0.0 failed with error -5 [ 1498.862167][T15454] input: syz syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input8 [ 1499.050976][T17982] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer. [ 1499.815304][T17997] input: syz0 as /devices/virtual/input/input9 [ 1500.020554][T15581] udevd[15581]: setting owner of /dev/input/event5 to uid=0, gid=104 failed: No such file or directory [ 1500.940855][T18018] loop0: detected capacity change from 0 to 1024 [ 1500.975356][T18018] hfsplus: unable to parse mount options [ 1501.044171][T18021] netlink: 'syz.3.2754': attribute type 4 has an invalid length. [ 1501.106686][T18024] netlink: 'syz.3.2754': attribute type 4 has an invalid length. [ 1502.961460][T18021] loop3: detected capacity change from 0 to 512 [ 1503.074287][ T3622] usb 3-1: USB disconnect, device number 8 [ 1503.101255][T18033] loop1: detected capacity change from 0 to 128 [ 1503.137860][T18039] loop0: detected capacity change from 0 to 8 [ 1503.153879][T18033] EXT4-fs (loop1): VFS: Found ext4 filesystem with invalid superblock checksum. Run e2fsck? [ 1503.209539][T18021] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1503.224208][T18039] squashfs: Unknown parameter '' [ 1503.233942][T18021] ext4 filesystem being mounted at /121/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1503.521739][T18044] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns [ 1503.530811][T18044] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1504.493139][T18056] loop1: detected capacity change from 0 to 1024 [ 1504.575869][T18056] hfsplus: unable to parse mount options [ 1506.951668][T18084] netlink: 'syz.1.2773': attribute type 4 has an invalid length. [ 1507.041358][T18085] netlink: 'syz.1.2773': attribute type 4 has an invalid length. [ 1507.136102][T18084] loop1: detected capacity change from 0 to 512 [ 1507.273774][T18089] loop0: detected capacity change from 0 to 128 [ 1507.348110][T18089] EXT4-fs (loop0): VFS: Found ext4 filesystem with invalid superblock checksum. Run e2fsck? [ 1507.390047][T18084] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1507.520690][T18084] ext4 filesystem being mounted at /150/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1507.590067][T18096] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2775'. [ 1508.309353][T18100] loop2: detected capacity change from 0 to 1024 [ 1508.365566][T18100] hfsplus: unable to parse mount options [ 1509.393354][T18121] loop1: detected capacity change from 0 to 8 [ 1509.510735][T12282] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 1509.559007][T18121] squashfs: Unknown parameter '' [ 1509.957353][T12282] usb 1-1: Using ep0 maxpacket: 16 [ 1510.224722][T12282] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 62320, setting to 1024 [ 1510.455906][T12282] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024 [ 1510.599061][T18133] netlink: 48 bytes leftover after parsing attributes in process `syz.3.2787'. [ 1510.706887][T18137] netlink: 'syz.3.2788': attribute type 4 has an invalid length. [ 1510.733824][T12282] usb 1-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 1510.744203][T12282] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1510.782394][T12282] usb 1-1: Product: syz [ 1510.789207][T12282] usb 1-1: Manufacturer: syz [ 1510.799898][T18140] netlink: 'syz.3.2788': attribute type 4 has an invalid length. [ 1510.800158][T12282] usb 1-1: SerialNumber: syz [ 1510.860360][T12282] usb 1-1: config 0 descriptor?? [ 1510.875301][T18137] loop3: detected capacity change from 0 to 512 [ 1510.924014][T18107] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 1510.946452][T12282] hub 1-1:0.0: bad descriptor, ignoring hub [ 1510.947691][T18142] loop4: detected capacity change from 0 to 128 [ 1510.952473][T12282] hub: probe of 1-1:0.0 failed with error -5 [ 1511.009664][T12282] input: syz syz as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input10 [ 1511.040302][T18137] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1511.057534][T18137] ext4 filesystem being mounted at /130/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1511.069790][T18142] EXT4-fs (loop4): VFS: Found ext4 filesystem with invalid superblock checksum. Run e2fsck? [ 1511.300467][T18147] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns [ 1511.309475][T18147] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1512.186407][ T26] kauditd_printk_skb: 37 callbacks suppressed [ 1512.186424][ T26] audit: type=1326 audit(1729371694.073:173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18153 comm="syz.4.2793" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff967825ff9 code=0x7ffc0000 [ 1512.370086][ T26] audit: type=1326 audit(1729371694.123:174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18153 comm="syz.4.2793" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7ff967825ff9 code=0x7ffc0000 [ 1512.506686][ T26] audit: type=1326 audit(1729371694.123:175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18153 comm="syz.4.2793" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff967825ff9 code=0x7ffc0000 [ 1512.596576][ T26] audit: type=1326 audit(1729371694.123:176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18153 comm="syz.4.2793" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7ff967825ff9 code=0x7ffc0000 [ 1512.675213][ T26] audit: type=1326 audit(1729371694.133:177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18153 comm="syz.4.2793" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7ff96781cfa7 code=0x7ffc0000 [ 1512.787344][ T26] audit: type=1326 audit(1729371694.133:178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18153 comm="syz.4.2793" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7ff9677c1959 code=0x7ffc0000 [ 1512.903122][ T26] audit: type=1326 audit(1729371694.133:179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18153 comm="syz.4.2793" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7ff96781cfa7 code=0x7ffc0000 [ 1513.001638][ T26] audit: type=1326 audit(1729371694.133:180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18153 comm="syz.4.2793" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7ff9677c1959 code=0x7ffc0000 [ 1513.107238][ T26] audit: type=1326 audit(1729371694.133:181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18153 comm="syz.4.2793" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7ff96781cfa7 code=0x7ffc0000 [ 1513.190379][ T26] audit: type=1326 audit(1729371694.133:182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18153 comm="syz.4.2793" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7ff9677c1959 code=0x7ffc0000 [ 1513.674755][T18169] loop1: detected capacity change from 0 to 1024 [ 1513.745257][T18169] hfsplus: unable to parse mount options [ 1515.826261][T18176] netlink: 48 bytes leftover after parsing attributes in process `syz.4.2800'. [ 1515.996631][T18185] netlink: 'syz.2.2802': attribute type 4 has an invalid length. [ 1516.132744][T18188] loop4: detected capacity change from 0 to 128 [ 1516.187339][T18187] netlink: 'syz.2.2802': attribute type 4 has an invalid length. [ 1516.240401][T18188] EXT4-fs (loop4): VFS: Found ext4 filesystem with invalid superblock checksum. Run e2fsck? [ 1517.102545][T18202] loop4: detected capacity change from 0 to 8 [ 1517.166636][T18202] squashfs: Unknown parameter '' [ 1517.985866][ T3620] usb 1-1: USB disconnect, device number 8 [ 1518.106808][T18220] loop2: detected capacity change from 0 to 1024 [ 1518.265184][T18220] hfsplus: unable to parse mount options [ 1519.915859][T18228] netlink: 48 bytes leftover after parsing attributes in process `syz.0.2814'. [ 1520.316036][T18236] netlink: 'syz.2.2816': attribute type 4 has an invalid length. [ 1520.416781][T18237] netlink: 'syz.2.2816': attribute type 4 has an invalid length. [ 1520.455288][T18239] loop0: detected capacity change from 0 to 128 [ 1520.500953][T18236] loop2: detected capacity change from 0 to 512 [ 1520.588510][T18239] EXT4-fs (loop0): VFS: Found ext4 filesystem with invalid superblock checksum. Run e2fsck? [ 1520.767608][T18238] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer. [ 1521.251140][T18236] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1521.263854][T18236] ext4 filesystem being mounted at /133/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1522.000132][T18264] binder_alloc: 18263: pid 18263 spamming oneway? 1 buffers allocated for a total size of 4096 [ 1522.036762][T18267] loop1: detected capacity change from 0 to 1024 [ 1522.175715][T18267] hfsplus: unable to parse mount options [ 1522.287230][ T3620] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 1522.794496][T18271] netlink: 48 bytes leftover after parsing attributes in process `syz.0.2827'. [ 1523.027307][T18279] loop0: detected capacity change from 0 to 128 [ 1523.093692][ T3620] usb 4-1: Using ep0 maxpacket: 16 [ 1523.133240][T18279] EXT4-fs (loop0): VFS: Found ext4 filesystem with invalid superblock checksum. Run e2fsck? [ 1523.134013][T18284] netlink: 'syz.2.2831': attribute type 4 has an invalid length. [ 1523.193776][T18284] netlink: 'syz.2.2831': attribute type 4 has an invalid length. [ 1523.219483][T18284] loop2: detected capacity change from 0 to 512 [ 1523.223954][ T3620] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 62320, setting to 1024 [ 1523.240653][ T3620] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024 [ 1523.630756][ T3620] usb 4-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 1523.732901][T18284] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1523.751744][ T3620] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1523.890304][T18284] ext4 filesystem being mounted at /136/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1523.923872][ T3620] usb 4-1: Product: syz [ 1523.938358][ T3620] usb 4-1: Manufacturer: syz [ 1523.943040][ T3620] usb 4-1: SerialNumber: syz [ 1523.965896][ T3620] usb 4-1: config 0 descriptor?? [ 1523.993995][T18261] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 1524.035934][ T3620] hub 4-1:0.0: bad descriptor, ignoring hub [ 1524.048096][ T3620] hub: probe of 4-1:0.0 failed with error -5 [ 1524.059445][ T3620] input: syz syz as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input11 [ 1524.213964][T12311] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 1524.734773][T12311] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1524.863873][T12282] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 1524.879502][T12311] usb 1-1: config 0 has no interfaces? [ 1525.223896][T12311] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 1525.249659][T12311] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1525.277521][T12311] usb 1-1: Product: syz [ 1525.282000][T12311] usb 1-1: Manufacturer: syz [ 1525.289107][T12311] usb 1-1: SerialNumber: syz [ 1525.315538][T12311] usb 1-1: config 0 descriptor?? [ 1525.405648][T12282] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1525.432176][T12282] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1525.463196][T12282] usb 3-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00 [ 1525.487719][T12282] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1525.523196][T12282] usb 3-1: config 0 descriptor?? [ 1525.602291][ T3616] usb 1-1: USB disconnect, device number 9 [ 1526.994860][T18317] netlink: 48 bytes leftover after parsing attributes in process `syz.1.2840'. [ 1527.058166][T18321] loop4: detected capacity change from 0 to 128 [ 1527.169906][T18321] EXT4-fs (loop4): VFS: Found ext4 filesystem with invalid superblock checksum. Run e2fsck? [ 1527.969477][T18332] netlink: 'syz.0.2846': attribute type 4 has an invalid length. [ 1528.063655][T18333] netlink: 'syz.0.2846': attribute type 4 has an invalid length. [ 1528.133706][T12282] usbhid 3-1:0.0: can't add hid device: -71 [ 1528.139730][T12282] usbhid: probe of 3-1:0.0 failed with error -71 [ 1528.155713][T18332] loop0: detected capacity change from 0 to 512 [ 1528.179613][T12282] usb 3-1: USB disconnect, device number 9 [ 1529.152153][T18332] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1529.163753][T18332] ext4 filesystem being mounted at /154/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1529.221513][T18345] loop1: detected capacity change from 0 to 1024 [ 1529.265048][T18345] hfsplus: unable to parse mount options [ 1530.643690][T12282] usb 4-1: USB disconnect, device number 10 [ 1530.702670][T18363] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2854'. [ 1530.830587][T18370] loop1: detected capacity change from 0 to 128 [ 1530.896508][T18370] EXT4-fs (loop1): VFS: Found ext4 filesystem with invalid superblock checksum. Run e2fsck? [ 1530.912529][T18374] netlink: 'syz.0.2858': attribute type 9 has an invalid length. [ 1530.945548][T18374] netlink: 'syz.0.2858': attribute type 7 has an invalid length. [ 1530.953551][T18374] netlink: 'syz.0.2858': attribute type 8 has an invalid length. [ 1532.700456][T18396] netlink: 'syz.1.2864': attribute type 4 has an invalid length. [ 1532.726854][T18396] netlink: 'syz.1.2864': attribute type 4 has an invalid length. [ 1532.858580][T18396] loop1: detected capacity change from 0 to 512 [ 1533.559074][T18401] loop2: detected capacity change from 0 to 1024 [ 1533.571144][T18396] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1533.582785][T18396] ext4 filesystem being mounted at /167/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1533.603784][ T3620] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 1533.615057][T18406] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2866'. [ 1533.635175][T18401] hfsplus: unable to parse mount options [ 1533.832723][T18410] mmap: syz.3.2869 (18410) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst. [ 1534.143656][ T3620] usb 5-1: Using ep0 maxpacket: 16 [ 1534.264044][ T3620] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 62320, setting to 1024 [ 1534.414404][ T3620] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024 [ 1535.459484][ T3620] usb 5-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 1535.484334][ T3620] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1535.504980][T18427] loop0: detected capacity change from 0 to 1024 [ 1535.525252][T18427] hfsplus: unable to parse mount options [ 1535.538698][ T26] kauditd_printk_skb: 184 callbacks suppressed [ 1535.538715][ T26] audit: type=1326 audit(1729371717.423:367): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18425 comm="syz.2.2874" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f634b50fff9 code=0x0 [ 1535.569495][ T3620] usb 5-1: Product: syz [ 1535.595134][ T3620] usb 5-1: Manufacturer: syz [ 1535.599779][ T3620] usb 5-1: SerialNumber: syz [ 1535.628424][ T3620] usb 5-1: config 0 descriptor?? [ 1535.653948][ T3620] usb 5-1: can't set config #0, error -71 [ 1535.661100][ T3620] usb 5-1: USB disconnect, device number 10 [ 1535.687414][T18432] loop1: detected capacity change from 0 to 128 [ 1536.856915][T18432] EXT4-fs (loop1): VFS: Found ext4 filesystem with invalid superblock checksum. Run e2fsck? [ 1537.180781][T18449] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns [ 1537.193650][T18449] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1537.622516][T18457] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2880'. [ 1538.044809][T18467] dccp_invalid_packet: P.Data Offset(4) too small [ 1538.669083][T18477] loop3: detected capacity change from 0 to 1024 [ 1538.706834][T18477] hfsplus: unable to parse mount options [ 1538.758891][T18482] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 1541.122137][T18491] loop2: detected capacity change from 0 to 128 [ 1541.185594][T18498] netlink: 'syz.0.2895': attribute type 4 has an invalid length. [ 1541.242545][ T4436] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 1541.270248][T18501] netlink: 'syz.0.2895': attribute type 4 has an invalid length. [ 1541.311508][T18491] EXT4-fs (loop2): VFS: Found ext4 filesystem with invalid superblock checksum. Run e2fsck? [ 1541.319653][T18500] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2897'. [ 1541.344666][T18498] loop0: detected capacity change from 0 to 512 [ 1541.513827][ T4436] usb 5-1: Using ep0 maxpacket: 16 [ 1542.316123][T18497] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns [ 1542.324723][T18497] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1542.414670][T18498] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 1542.429055][T18498] ext4 filesystem being mounted at /166/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1542.477027][T18514] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2901'. [ 1542.488126][ T4436] usb 5-1: device descriptor read/all, error -71 [ 1543.797928][T18534] loop3: detected capacity change from 0 to 1024 [ 1543.806229][T18539] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2910'. [ 1543.870408][T18534] hfsplus: unable to parse mount options [ 1545.603752][T12282] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 1545.660683][T18553] loop0: detected capacity change from 0 to 128 [ 1545.798639][ T1389] ieee802154 phy0 wpan0: encryption failed: -22 [ 1545.805082][ T1389] ieee802154 phy1 wpan1: encryption failed: -22 [ 1545.941409][T18553] EXT4-fs (loop0): VFS: Found ext4 filesystem with invalid superblock checksum. Run e2fsck? [ 1545.983799][T12282] usb 2-1: Using ep0 maxpacket: 16 [ 1546.154730][T12282] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 62320, setting to 1024 [ 1546.440810][T12282] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024 [ 1546.808810][T18570] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns [ 1547.021196][T18570] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1547.083794][T12282] usb 2-1: string descriptor 0 read error: -71 [ 1547.090077][T12282] usb 2-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 1547.127144][T12282] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1547.165509][T12282] usb 2-1: config 0 descriptor?? [ 1548.061968][T12282] usb 2-1: can't set config #0, error -71 [ 1548.064770][T18588] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2925'. [ 1548.069415][T12282] usb 2-1: USB disconnect, device number 9 [ 1548.156847][T18590] loop9: detected capacity change from 0 to 6 [ 1548.182103][T18590] Dev loop9: unable to read RDB block 6 [ 1548.204070][T18590] loop9: unable to read partition table [ 1548.217696][T18590] loop9: partition table beyond EOD, truncated [ 1548.223367][T18593] loop0: detected capacity change from 0 to 1024 [ 1548.234855][T18590] loop_reread_partitions: partition scan of loop9 (被xڬdƤݡ [ 1548.234855][T18590] ) failed (rc=-5) [ 1548.255597][T18593] hfsplus: unable to parse mount options [ 1548.277467][ T26] audit: type=1326 audit(1729371730.163:368): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18595 comm="syz.3.2929" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d6a68dff9 code=0x7ffc0000 [ 1548.433450][ T26] audit: type=1326 audit(1729371730.163:369): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18595 comm="syz.3.2929" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d6a68dff9 code=0x7ffc0000 [ 1548.482320][ T26] audit: type=1326 audit(1729371730.163:370): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18595 comm="syz.3.2929" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7f1d6a68dff9 code=0x7ffc0000 [ 1548.991622][ T26] audit: type=1326 audit(1729371730.163:371): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18595 comm="syz.3.2929" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d6a68dff9 code=0x7ffc0000 [ 1549.015174][ T4846] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 1549.372155][ T26] audit: type=1326 audit(1729371730.163:372): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18595 comm="syz.3.2929" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d6a68dff9 code=0x7ffc0000 [ 1549.851022][ T26] audit: type=1326 audit(1729371730.163:373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18595 comm="syz.3.2929" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f1d6a68c990 code=0x7ffc0000 [ 1550.082441][ T26] audit: type=1326 audit(1729371730.163:374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18595 comm="syz.3.2929" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f1d6a68dbfb code=0x7ffc0000 [ 1550.179920][ T26] audit: type=1326 audit(1729371730.163:375): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18595 comm="syz.3.2929" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f1d6a68dbfb code=0x7ffc0000 [ 1550.202526][ T26] audit: type=1326 audit(1729371730.163:376): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18595 comm="syz.3.2929" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f1d6a68dbfb code=0x7ffc0000 [ 1550.267187][ T26] audit: type=1326 audit(1729371730.163:377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18595 comm="syz.3.2929" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f1d6a68dbfb code=0x7ffc0000 [ 1550.414036][ T4846] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1550.461832][ T4846] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1550.501660][ T4846] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 1550.531015][ T4846] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1550.578006][ T4846] usb 4-1: config 0 descriptor?? [ 1551.078975][T18624] loop4: detected capacity change from 0 to 128 [ 1551.410256][T18624] EXT4-fs (loop4): VFS: Found ext4 filesystem with invalid superblock checksum. Run e2fsck? [ 1551.533716][ T4850] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 1551.544821][T18626] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2938'. [ 1551.793878][ T4850] usb 2-1: Using ep0 maxpacket: 16 [ 1552.275116][ T3560] usb 4-1: USB disconnect, device number 11 [ 1552.303958][ T4850] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 62320, setting to 1024 [ 1552.334241][ T4850] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024 [ 1552.543880][ T4850] usb 2-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 1552.703664][ T4850] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1552.711935][ T4850] usb 2-1: Product: syz [ 1552.835572][ T4850] usb 2-1: Manufacturer: syz [ 1552.840663][ T4850] usb 2-1: SerialNumber: syz [ 1552.859258][ T4850] usb 2-1: config 0 descriptor?? [ 1552.883894][T18614] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 1552.904387][ T4850] hub 2-1:0.0: bad descriptor, ignoring hub [ 1552.934991][ T4850] hub: probe of 2-1:0.0 failed with error -5 [ 1552.944779][ T4850] input: syz syz as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input12 [ 1553.770088][T18645] loop0: detected capacity change from 0 to 1024 [ 1553.835174][T18645] hfsplus: unable to parse mount options [ 1556.284571][T18664] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2949'. [ 1556.540773][T18669] loop0: detected capacity change from 0 to 128 [ 1556.671057][T18669] EXT4-fs (loop0): VFS: Found ext4 filesystem with invalid superblock checksum. Run e2fsck? [ 1556.934636][T18675] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer. [ 1557.824026][T12282] usb 2-1: USB disconnect, device number 10 [ 1557.878812][T18683] loop4: detected capacity change from 0 to 1024 [ 1557.925236][T18683] hfsplus: unable to parse mount options [ 1560.073753][T18702] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2961'. [ 1560.230360][T18706] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 1560.318003][T18707] loop0: detected capacity change from 0 to 128 [ 1560.448174][T18707] EXT4-fs (loop0): VFS: Found ext4 filesystem with invalid superblock checksum. Run e2fsck? [ 1560.527380][T18719] loop1: detected capacity change from 0 to 1024 [ 1560.556760][T18719] hfsplus: unable to parse mount options [ 1561.715258][T12282] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 1561.814031][T18726] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer. [ 1562.323681][T12282] usb 5-1: Using ep0 maxpacket: 16 [ 1562.463963][T12282] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 62320, setting to 1024 [ 1562.513592][ T4850] Bluetooth: hci0: command 0x0409 tx timeout [ 1562.532658][T12282] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024 [ 1562.732683][T18713] chnl_net:caif_netlink_parms(): no params data found [ 1562.773848][T12282] usb 5-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 1562.790743][T12282] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1562.806954][T12282] usb 5-1: Product: syz [ 1562.814444][T12282] usb 5-1: Manufacturer: syz [ 1562.822671][T12282] usb 5-1: SerialNumber: syz [ 1562.842633][T12282] usb 5-1: config 0 descriptor?? [ 1562.884435][T18720] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 1562.906004][T12282] hub 5-1:0.0: bad descriptor, ignoring hub [ 1562.951169][T12282] hub: probe of 5-1:0.0 failed with error -5 [ 1562.989850][T12282] input: syz syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input13 [ 1563.113595][T18727] syz.3.2968 (18727): drop_caches: 1 [ 1563.142466][T18594] syz.2.2928 (18594): drop_caches: 1 [ 1563.237891][T18597] syz.2.2928 (18597): drop_caches: 1 [ 1563.299164][T18713] bridge0: port 1(bridge_slave_0) entered blocking state [ 1563.357496][T18713] bridge0: port 1(bridge_slave_0) entered disabled state [ 1563.379601][T18713] device bridge_slave_0 entered promiscuous mode [ 1563.409684][T18713] bridge0: port 2(bridge_slave_1) entered blocking state [ 1563.427515][T18713] bridge0: port 2(bridge_slave_1) entered disabled state [ 1563.439485][T18713] device bridge_slave_1 entered promiscuous mode [ 1563.547373][T18713] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1563.639322][T18713] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1563.715696][T18722] syz.3.2968 (18722): drop_caches: 1 [ 1563.872091][T18713] team0: Port device team_slave_0 added [ 1563.942623][T18713] team0: Port device team_slave_1 added [ 1564.071356][T18713] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1564.085608][T18713] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1564.152799][T18713] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1564.179099][T18713] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1564.193832][T18713] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1564.228841][T18713] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1564.263590][T15454] usb 4-1: new full-speed USB device number 12 using dummy_hcd [ 1564.496407][T18713] device hsr_slave_0 entered promiscuous mode [ 1564.528043][T18713] device hsr_slave_1 entered promiscuous mode [ 1564.593827][ T9640] Bluetooth: hci0: command 0x041b tx timeout [ 1564.824675][T15454] usb 4-1: New USB device found, idVendor=13d8, idProduct=0011, bcdDevice=d0.62 [ 1564.854205][T15454] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1564.862212][T15454] usb 4-1: Product: syz [ 1564.893582][T15454] usb 4-1: Manufacturer: syz [ 1564.903789][T15454] usb 4-1: SerialNumber: syz [ 1564.917921][T15454] usb 4-1: config 0 descriptor?? [ 1565.002104][T15454] comedi comedi0: This driver needs USB 2.0 to operate. Aborting... [ 1565.033795][T15454] usbduxfast 4-1:0.0: driver 'usbduxfast' failed to auto-configure device. [ 1565.158813][T18713] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1565.181118][T15454] usb 4-1: USB disconnect, device number 12 [ 1565.254227][ T4436] usb 5-1: USB disconnect, device number 13 [ 1565.337150][T18713] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1565.368398][T18760] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6) [ 1565.375422][T18760] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 1565.387524][T18760] vhci_hcd vhci_hcd.0: Device attached [ 1565.405896][T18763] vhci_hcd: connection closed [ 1565.423431][ T3985] vhci_hcd: stop threads [ 1565.451637][ T3985] vhci_hcd: release socket [ 1565.458754][ T3985] vhci_hcd: disconnect device [ 1565.486360][T18713] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1565.531648][T18767] loop4: detected capacity change from 0 to 1024 [ 1565.564756][T18767] hfsplus: unable to parse mount options [ 1566.604246][T18713] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1566.673151][T18769] loop3: detected capacity change from 0 to 128 [ 1566.679716][T15454] Bluetooth: hci0: command 0x040f tx timeout [ 1566.781721][T18769] EXT4-fs (loop3): VFS: Found ext4 filesystem with invalid superblock checksum. Run e2fsck? [ 1566.942427][T18713] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1567.004271][T18772] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns [ 1567.037281][T18772] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1567.560486][T18713] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1567.626173][T18713] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1567.749044][T18713] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1568.264486][T18713] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1568.394328][T16126] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1568.464285][T16126] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1568.507728][T18713] 8021q: adding VLAN 0 to HW filter on device team0 [ 1568.553376][T16126] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1568.563020][T16126] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1568.585685][T16126] bridge0: port 1(bridge_slave_0) entered blocking state [ 1568.592776][T16126] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1568.652027][T16126] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1568.696191][T16126] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1568.734445][T16126] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1568.753635][ T4846] Bluetooth: hci0: command 0x0419 tx timeout [ 1568.778869][T16126] bridge0: port 2(bridge_slave_1) entered blocking state [ 1568.786065][T16126] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1568.846836][T16126] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1568.905381][T16126] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1568.944996][T16126] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1568.992104][T16126] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1569.035186][T16126] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1569.074539][T16126] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1569.090495][T18713] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1569.118864][ T3560] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 1569.150793][T18713] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1569.210968][T16126] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1569.224700][T16126] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1569.264379][T16126] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1569.284620][T16126] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1569.314426][T16126] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1569.341369][T16126] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1569.393653][ T3560] usb 4-1: Using ep0 maxpacket: 16 [ 1569.416080][T18785] syz.0.2984 (18785): drop_caches: 1 [ 1569.430293][T18788] syz.0.2984 (18788): drop_caches: 1 [ 1569.535187][ T3560] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 62320, setting to 1024 [ 1569.566881][ T3560] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024 [ 1569.719905][ T3985] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1569.739764][ T3985] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1569.775227][T18806] loop0: detected capacity change from 0 to 1024 [ 1569.794033][ T3560] usb 4-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 1569.806602][ T3560] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1569.820648][T18713] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1569.829472][T18806] hfsplus: unable to parse mount options [ 1569.848268][ T3560] usb 4-1: Product: syz [ 1569.852497][ T3560] usb 4-1: Manufacturer: syz [ 1570.013731][ T3560] usb 4-1: SerialNumber: syz [ 1570.035500][ T3560] usb 4-1: config 0 descriptor?? [ 1570.054208][ T1245] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1570.306071][ T1245] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1570.557405][T16387] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1570.631129][T16387] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1570.678368][T18713] device veth0_vlan entered promiscuous mode [ 1570.695770][T16387] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1570.720812][T16387] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1570.762856][T18713] device veth1_vlan entered promiscuous mode [ 1570.800663][T16387] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 1570.905027][T18713] device veth0_macvtap entered promiscuous mode [ 1570.934931][T16387] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1570.961452][T16387] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1571.001714][T16387] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1571.009693][T18797] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 1571.034762][ T3560] hub 4-1:0.0: bad descriptor, ignoring hub [ 1571.040732][ T3560] hub: probe of 4-1:0.0 failed with error -5 [ 1571.060490][T18713] device veth1_macvtap entered promiscuous mode [ 1571.091988][ T3560] input: syz syz as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input14 [ 1571.157663][T18713] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1571.213642][T18713] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1571.241821][T18713] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1571.282860][T18823] loop0: detected capacity change from 0 to 128 [ 1571.285721][T18713] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1571.343671][T18823] EXT4-fs (loop0): VFS: Found ext4 filesystem with invalid superblock checksum. Run e2fsck? [ 1571.363957][T18713] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1571.424984][T18713] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1571.450755][T18713] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1571.469669][T18713] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1571.494423][T18713] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1571.512846][T18713] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1571.532117][T18713] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1571.549898][T15471] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 1571.599985][T15471] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1571.657263][T15471] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1571.752269][T18713] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1571.789025][T18713] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1571.835308][T18833] binder_alloc: 18830: pid 18830 spamming oneway? 1 buffers allocated for a total size of 4096 [ 1571.853636][T18713] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1571.896241][T18713] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1571.947254][T18713] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1572.029659][T18713] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1572.075302][T18831] kvm [18829]: vcpu0, guest rIP: 0x1be ignored wrmsr: 0x11e data 0xbe702111 [ 1572.122244][T18713] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1572.174607][T18713] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1572.226750][T18713] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1572.290485][T18713] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1572.347907][T18713] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1572.379351][ T3985] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1572.438413][ T3985] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1572.528137][T18713] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1572.583612][T18713] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1572.643099][T18713] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1572.702644][T18713] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1572.825074][T18840] loop4: detected capacity change from 0 to 1024 [ 1572.856063][T18840] hfsplus: unable to parse mount options [ 1573.925545][T15471] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1573.975643][T15471] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1574.064001][ T3985] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1574.068126][T16126] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 1574.096965][ T3985] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1574.151266][T16126] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 1574.738367][T12302] usb 4-1: USB disconnect, device number 13 [ 1575.276286][T18868] netlink: 48 bytes leftover after parsing attributes in process `syz.2.3006'. [ 1575.734214][T18881] loop0: detected capacity change from 0 to 1024 [ 1575.824962][T18881] hfsplus: unable to parse mount options [ 1576.941741][T18842] syz.1.3000 (18842): drop_caches: 1 [ 1577.107978][T18843] syz.1.3000 (18843): drop_caches: 1 [ 1577.326520][T18886] kvm [18885]: vcpu0, guest rIP: 0x1be ignored wrmsr: 0x11e data 0xbe702111 [ 1577.715014][T11297] device hsr_slave_0 left promiscuous mode [ 1577.730203][T11297] device hsr_slave_1 left promiscuous mode [ 1577.757901][T11297] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1577.791140][T11297] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1577.858173][T11297] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1577.895761][T11297] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1577.961980][T11297] device bridge_slave_1 left promiscuous mode [ 1577.977160][T11297] bridge0: port 2(bridge_slave_1) entered disabled state [ 1577.993633][ T3622] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 1578.048429][T11297] device bridge_slave_0 left promiscuous mode [ 1578.103791][T11297] bridge0: port 1(bridge_slave_0) entered disabled state [ 1578.149141][T11297] device veth1_macvtap left promiscuous mode [ 1578.163999][T11297] device veth0_macvtap left promiscuous mode [ 1578.170365][T11297] device veth1_vlan left promiscuous mode [ 1578.180542][T11297] device veth0_vlan left promiscuous mode [ 1578.243622][ T3622] usb 2-1: Using ep0 maxpacket: 16 [ 1578.363977][ T3622] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 62320, setting to 1024 [ 1578.434504][ T3622] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024 [ 1578.548939][T18901] loop2: detected capacity change from 0 to 128 [ 1578.654165][ T3622] usb 2-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 1578.668552][ T3622] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1578.686002][ T3622] usb 2-1: Product: syz [ 1578.692865][T18901] EXT4-fs (loop2): VFS: Found ext4 filesystem with invalid superblock checksum. Run e2fsck? [ 1578.696179][ T3622] usb 2-1: Manufacturer: syz [ 1578.714210][ T3622] usb 2-1: SerialNumber: syz [ 1578.752222][ T3622] usb 2-1: config 0 descriptor?? [ 1578.804217][T18895] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 1578.824620][ T3622] hub 2-1:0.0: bad descriptor, ignoring hub [ 1578.835431][ T3622] hub: probe of 2-1:0.0 failed with error -5 [ 1578.858560][ T3622] input: syz syz as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input15 [ 1578.942264][T18910] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns [ 1578.965993][T18910] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1579.285849][T18917] loop3: detected capacity change from 0 to 1024 [ 1579.334768][T18917] hfsplus: unable to parse mount options [ 1580.581642][T11297] team0 (unregistering): Port device team_slave_1 removed [ 1580.667226][T11297] team0 (unregistering): Port device team_slave_0 removed [ 1580.760772][T11297] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1580.844661][T11297] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1581.389596][T11297] bond0 (unregistering): Released all slaves [ 1581.517810][T18903] netlink: 48 bytes leftover after parsing attributes in process `syz.0.3018'. [ 1582.319427][T12302] usb 2-1: USB disconnect, device number 11 [ 1583.263963][T18921] loop0: detected capacity change from 0 to 1024 [ 1583.299303][T18924] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 1583.354435][T18921] hfsplus: unable to parse mount options [ 1584.293979][T18939] dccp_invalid_packet: P.Data Offset(224) too large [ 1584.953052][T18958] netlink: 48 bytes leftover after parsing attributes in process `syz.1.3035'. [ 1584.980577][T18954] loop0: detected capacity change from 0 to 128 [ 1585.101389][T18954] EXT4-fs (loop0): VFS: Found ext4 filesystem with invalid superblock checksum. Run e2fsck? [ 1585.286809][T18962] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns [ 1585.297735][T18962] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1586.014036][ T3620] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 1586.086288][T18973] loop0: detected capacity change from 0 to 1024 [ 1586.135697][T18973] hfsplus: unable to parse mount options [ 1586.413934][T18933] syz.4.3023 (18933): drop_caches: 1 [ 1586.423740][ T3620] usb 2-1: Using ep0 maxpacket: 16 [ 1587.413641][ T3620] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 62320, setting to 1024 [ 1587.433518][ T3620] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024 [ 1587.454731][T18980] loop0: detected capacity change from 0 to 1024 [ 1587.532088][T18980] hfsplus: unable to parse mount options [ 1587.763899][ T3620] usb 2-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 1587.772984][ T3620] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1587.823073][ T3620] usb 2-1: Product: syz [ 1587.846878][ T3620] usb 2-1: Manufacturer: syz [ 1588.179970][ T3620] usb 2-1: SerialNumber: syz [ 1588.342718][ T3620] usb 2-1: config 0 descriptor?? [ 1588.364083][ T3620] usb 2-1: can't set config #0, error -71 [ 1588.373827][ T3620] usb 2-1: USB disconnect, device number 12 [ 1588.731658][T19004] loop4: detected capacity change from 0 to 128 [ 1588.843166][T19004] EXT4-fs (loop4): VFS: Found ext4 filesystem with invalid superblock checksum. Run e2fsck? [ 1589.973951][T19038] loop1: detected capacity change from 0 to 1024 [ 1590.048930][T19038] hfsplus: unable to parse mount options [ 1590.695448][T12302] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 1590.973973][T12302] usb 4-1: Using ep0 maxpacket: 16 [ 1590.991561][T19023] syz.0.3056 (19023): drop_caches: 1 [ 1591.113913][T12302] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 62320, setting to 1024 [ 1591.158797][T12302] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024 [ 1591.286065][T19052] loop2: detected capacity change from 0 to 128 [ 1591.373291][T19052] EXT4-fs (loop2): VFS: Found ext4 filesystem with invalid superblock checksum. Run e2fsck? [ 1591.384023][ T3620] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 1591.391738][T12302] usb 4-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 1591.405660][T12302] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1591.422933][T12302] usb 4-1: Product: syz [ 1591.428121][T12302] usb 4-1: Manufacturer: syz [ 1591.433032][T12302] usb 4-1: SerialNumber: syz [ 1591.450708][T12302] usb 4-1: config 0 descriptor?? [ 1591.474218][T19035] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 1591.494559][T12302] hub 4-1:0.0: bad descriptor, ignoring hub [ 1591.500513][T12302] hub: probe of 4-1:0.0 failed with error -5 [ 1591.609094][T19065] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns [ 1591.618387][T19065] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1591.728047][T12302] input: syz syz as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input16 [ 1591.824026][ T3620] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1591.840802][ T3620] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1591.870006][ T3620] usb 5-1: New USB device found, idVendor=056a, idProduct=00d0, bcdDevice= 0.00 [ 1591.889353][ T3620] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1591.924121][ T3620] usb 5-1: config 0 descriptor?? [ 1592.180765][T19047] device veth0 entered promiscuous mode [ 1592.193827][T19047] device macsec1 entered promiscuous mode [ 1592.211066][T19047] device veth0 left promiscuous mode [ 1592.483676][ T3620] usbhid 5-1:0.0: can't add hid device: -71 [ 1592.489928][ T3620] usbhid: probe of 5-1:0.0 failed with error -71 [ 1592.535754][ T3620] usb 5-1: USB disconnect, device number 14 [ 1592.637357][T19086] loop1: detected capacity change from 0 to 1024 [ 1592.694382][T19086] hfsplus: unable to parse mount options [ 1594.400916][T19083] syz.2.3077 (19083): drop_caches: 1 [ 1594.449188][T19076] syz.2.3077 (19076): drop_caches: 1 [ 1594.793068][T19112] loop4: detected capacity change from 0 to 128 [ 1594.871980][T19118] loop2: detected capacity change from 0 to 1024 [ 1594.893206][T19112] EXT4-fs (loop4): VFS: Found ext4 filesystem with invalid superblock checksum. Run e2fsck? [ 1594.915032][T19118] hfsplus: unable to parse mount options [ 1594.946040][ T3620] usb 4-1: USB disconnect, device number 14 [ 1594.978805][T19124] input: syz1 as /devices/virtual/input/input17 [ 1595.082345][T19128] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns [ 1595.090898][T19128] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1595.554773][ T3620] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 1595.983848][ T3620] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 1596.346877][ T3620] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1596.413679][ T3620] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1596.413721][ T3620] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 1596.525139][ T3620] usb 2-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 1596.525178][ T3620] usb 2-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 1596.525202][ T3620] usb 2-1: Manufacturer: syz [ 1596.534792][ T3620] usb 2-1: config 0 descriptor?? [ 1596.823778][T12302] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 1597.014994][ T3620] appleir 0003:05AC:8243.0004: unknown main item tag 0x0 [ 1597.033192][ T3620] appleir 0003:05AC:8243.0004: No inputs registered, leaving [ 1597.064133][T12302] usb 1-1: Using ep0 maxpacket: 16 [ 1597.110098][ T3620] appleir 0003:05AC:8243.0004: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.1-1/input0 [ 1597.203931][T12302] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 62320, setting to 1024 [ 1597.235864][T12302] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024 [ 1597.326769][T19140] syz.4.3099 (19140): drop_caches: 1 [ 1597.351124][T19143] syz.4.3099 (19143): drop_caches: 1 [ 1597.484224][T12302] usb 1-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 1597.498853][T12302] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1597.516706][T12302] usb 1-1: Product: syz [ 1597.521155][T12302] usb 1-1: Manufacturer: syz [ 1597.536424][T12302] usb 1-1: SerialNumber: syz [ 1597.552656][T12302] usb 1-1: config 0 descriptor?? [ 1597.573853][ T9640] usb 2-1: USB disconnect, device number 13 [ 1597.584086][T19152] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 1597.615670][T12302] hub 1-1:0.0: bad descriptor, ignoring hub [ 1597.629258][T12302] hub: probe of 1-1:0.0 failed with error -5 [ 1597.639802][T19172] loop3: detected capacity change from 0 to 128 [ 1597.682541][T12302] input: syz syz as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input18 [ 1597.701385][T19172] EXT4-fs (loop3): VFS: Found ext4 filesystem with invalid superblock checksum. Run e2fsck? [ 1597.766871][T19176] netlink: 48 bytes leftover after parsing attributes in process `syz.4.3110'. [ 1597.831990][T19168] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer. [ 1597.997049][T19181] loop3: detected capacity change from 0 to 1024 [ 1598.027033][T19181] hfsplus: unable to parse mount options [ 1599.109568][T19186] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3113'. [ 1600.406632][T19207] syz.3.3120 (19207): drop_caches: 1 [ 1600.643349][T19211] loop2: detected capacity change from 0 to 128 [ 1600.665150][T19215] netlink: 48 bytes leftover after parsing attributes in process `syz.3.3123'. [ 1600.771350][T19211] EXT4-fs (loop2): VFS: Found ext4 filesystem with invalid superblock checksum. Run e2fsck? [ 1600.825241][T19219] loop4: detected capacity change from 0 to 1024 [ 1600.865154][T19219] hfsplus: unable to parse mount options [ 1600.881299][T19211] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns [ 1600.889978][T19211] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1600.918220][T12311] usb 1-1: USB disconnect, device number 10 [ 1601.135680][T19224] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3127'. [ 1602.421115][T19249] netlink: 48 bytes leftover after parsing attributes in process `syz.2.3136'. [ 1602.779296][T19257] loop3: detected capacity change from 0 to 1024 [ 1602.814852][T19257] hfsplus: unable to parse mount options [ 1603.028207][T12311] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 1603.363601][T12311] usb 3-1: Using ep0 maxpacket: 16 [ 1603.484100][T12311] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 62320, setting to 1024 [ 1603.514337][T12311] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024 [ 1603.641545][T19238] syz.0.3133 (19238): drop_caches: 1 [ 1603.923843][T12311] usb 3-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 1603.951686][T12311] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1603.953952][T19263] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 1603.993634][T12311] usb 3-1: Product: syz [ 1603.997890][T12311] usb 3-1: Manufacturer: syz [ 1604.033206][T12311] usb 3-1: SerialNumber: syz [ 1604.044752][T19262] loop3: detected capacity change from 0 to 128 [ 1604.062634][T12311] usb 3-1: config 0 descriptor?? [ 1604.093950][T19255] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 1604.122141][T12311] hub 3-1:0.0: bad descriptor, ignoring hub [ 1604.131897][T12311] hub: probe of 3-1:0.0 failed with error -5 [ 1604.158078][T19262] EXT4-fs (loop3): VFS: Found ext4 filesystem with invalid superblock checksum. Run e2fsck? [ 1604.195692][T12311] input: syz syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input20 [ 1604.423267][T19267] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns [ 1604.472989][T19267] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1604.848443][T19277] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3144'. [ 1605.106772][T19284] syz.0.3146[19284] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1605.106886][T19284] syz.0.3146[19284] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1605.559741][ T26] kauditd_printk_skb: 37 callbacks suppressed [ 1605.559758][ T26] audit: type=1326 audit(1729371787.443:415): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19283 comm="syz.0.3146" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0339eacff9 code=0x0 [ 1605.952334][T19299] loop1: detected capacity change from 0 to 1024 [ 1605.995152][T19299] hfsplus: unable to parse mount options [ 1607.245948][ T1389] ieee802154 phy0 wpan0: encryption failed: -22 [ 1607.252513][ T1389] ieee802154 phy1 wpan1: encryption failed: -22 [ 1607.874707][T19315] loop3: detected capacity change from 0 to 128 [ 1608.017275][T19315] EXT4-fs (loop3): VFS: Found ext4 filesystem with invalid superblock checksum. Run e2fsck? [ 1608.110609][T19304] syz.1.3152 (19304): drop_caches: 1 [ 1608.239632][ T4436] usb 3-1: USB disconnect, device number 10 [ 1608.248966][T19331] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns [ 1608.273232][T19331] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1608.365885][T19329] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3158'. [ 1608.663630][T19337] loop0: detected capacity change from 0 to 1024 [ 1608.684730][T19337] hfsplus: unable to parse mount options [ 1609.821243][ T26] audit: type=1326 audit(1729371791.703:416): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19352 comm="syz.2.3168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa05c90eff9 code=0x7ffc0000 [ 1609.905219][ T26] audit: type=1326 audit(1729371791.753:417): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19352 comm="syz.2.3168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fa05c90eff9 code=0x7ffc0000 [ 1610.017485][ T26] audit: type=1326 audit(1729371791.753:418): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19352 comm="syz.2.3168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa05c90eff9 code=0x7ffc0000 [ 1610.095092][ T26] audit: type=1326 audit(1729371791.753:419): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19352 comm="syz.2.3168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7fa05c90eff9 code=0x7ffc0000 [ 1610.177380][ T26] audit: type=1326 audit(1729371791.753:420): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19352 comm="syz.2.3168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa05c90eff9 code=0x7ffc0000 [ 1610.203688][ T4436] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 1610.250226][ T26] audit: type=1326 audit(1729371791.763:421): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19352 comm="syz.2.3168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7fa05c90eff9 code=0x7ffc0000 [ 1610.288410][ T26] audit: type=1326 audit(1729371792.123:422): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19352 comm="syz.2.3168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa05c90eff9 code=0x7ffc0000 [ 1610.323860][ T26] audit: type=1326 audit(1729371792.123:423): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19352 comm="syz.2.3168" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa05c90eff9 code=0x7ffc0000 [ 1610.473595][ T4436] usb 2-1: Using ep0 maxpacket: 16 [ 1610.593840][ T4436] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 62320, setting to 1024 [ 1610.625041][ T4436] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024 [ 1610.823838][ T4436] usb 2-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 1610.842951][ T4436] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1610.886253][ T4436] usb 2-1: Product: syz [ 1610.913393][ T4436] usb 2-1: Manufacturer: syz [ 1610.931919][ T4436] usb 2-1: SerialNumber: syz [ 1610.954443][ T4436] usb 2-1: config 0 descriptor?? [ 1610.993860][T19356] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 1611.014212][ T4436] hub 2-1:0.0: bad descriptor, ignoring hub [ 1611.021078][ T4436] hub: probe of 2-1:0.0 failed with error -5 [ 1611.059698][ T4436] input: syz syz as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input21 [ 1611.182926][T19365] syz.2.3173 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 1611.198866][T19360] syz.0.3171 (19360): drop_caches: 1 [ 1611.248559][ T26] audit: type=1326 audit(1729371793.133:424): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19364 comm="syz.2.3173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa05c90eff9 code=0x7ffc0000 [ 1611.309908][T19365] serio: Serial port pts0 [ 1611.379122][ T26] audit: type=1326 audit(1729371793.133:425): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19364 comm="syz.2.3173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa05c90eff9 code=0x7ffc0000 [ 1611.465099][ T26] audit: type=1326 audit(1729371793.263:426): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19364 comm="syz.2.3173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7fa05c90eff9 code=0x7ffc0000 [ 1611.623270][ T26] audit: type=1326 audit(1729371793.263:427): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19364 comm="syz.2.3173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa05c90eff9 code=0x7ffc0000 [ 1611.749656][T19379] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3177'. [ 1611.767094][ T26] audit: type=1326 audit(1729371793.263:428): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19364 comm="syz.2.3173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa05c90eff9 code=0x7ffc0000 [ 1611.809759][T19379] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3177'. [ 1611.841549][T19379] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3177'. [ 1611.863884][ T26] audit: type=1326 audit(1729371793.293:429): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19364 comm="syz.2.3173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa05c90eff9 code=0x7ffc0000 [ 1611.986194][ T26] audit: type=1326 audit(1729371793.293:430): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19364 comm="syz.2.3173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa05c90eff9 code=0x7ffc0000 [ 1612.061122][T19381] loop2: detected capacity change from 0 to 1024 [ 1612.085687][ T26] audit: type=1326 audit(1729371793.293:431): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19364 comm="syz.2.3173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa05c90eff9 code=0x7ffc0000 [ 1612.134615][T19381] hfsplus: unable to parse mount options [ 1612.302576][ T26] audit: type=1326 audit(1729371793.293:432): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19364 comm="syz.2.3173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fa05c90eff9 code=0x7ffc0000 [ 1613.273740][ T3616] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 1613.733775][ T3616] usb 4-1: config 1 interface 0 altsetting 14 bulk endpoint 0x1 has invalid maxpacket 8 [ 1613.781126][ T3616] usb 4-1: config 1 interface 0 altsetting 14 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 1613.828119][ T3616] usb 4-1: config 1 interface 0 has no altsetting 0 [ 1613.988158][T19405] loop2: detected capacity change from 0 to 128 [ 1614.102158][T19405] EXT4-fs (loop2): VFS: Found ext4 filesystem with invalid superblock checksum. Run e2fsck? [ 1614.213830][ T3616] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 1614.274498][ T3616] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1614.296150][T19403] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer. [ 1614.338241][ T3616] usb 4-1: Manufacturer: 䰪큘㥭㨛뭣 [ 1614.391520][ T3616] usb 4-1: SerialNumber: Ў [ 1614.454742][T19374] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 1614.469505][T19374] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 1614.601367][T12311] usb 2-1: USB disconnect, device number 14 [ 1614.613541][ C0] usbtouchscreen 2-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19 [ 1614.693715][ T3616] usb 4-1: can't set config #1, error -71 [ 1614.714648][ T3616] usb 4-1: USB disconnect, device number 15 [ 1614.765802][T19409] netlink: 48 bytes leftover after parsing attributes in process `syz.1.3187'. [ 1614.980972][T19412] BUG: sleeping function called from invalid context at kernel/locking/rwsem.c:1497 [ 1614.990927][T19412] in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 19412, name: syz.3.3188 [ 1615.000039][T19412] 2 locks held by syz.3.3188/19412: [ 1615.005261][T19412] #0: ffff888074c30a08 (&smc->clcsock_release_lock){+.+.}-{3:3}, at: smc_setsockopt+0x130/0xb20 [ 1615.015812][T19412] #1: ffffffff8c9455d8 (css_set_lock){..-.}-{2:2}, at: cgroup_get_from_path+0x24/0x2e0 [ 1615.025595][T19412] irq event stamp: 250 [ 1615.029735][T19412] hardirqs last enabled at (249): [] queue_delayed_work_on+0x171/0x250 [ 1615.039638][T19412] hardirqs last disabled at (250): [] _raw_spin_lock_irq+0xa9/0x110 [ 1615.049217][T19412] softirqs last enabled at (128): [] ip_setsockopt+0x260e/0x3fb0 [ 1615.058618][T19412] softirqs last disabled at (126): [] release_sock+0x2c/0x1c0 [ 1615.067664][T19412] Preemption disabled at: [ 1615.067676][T19412] [<0000000000000000>] 0x0 [ 1615.076406][T19412] CPU: 1 PID: 19412 Comm: syz.3.3188 Not tainted 5.15.168-syzkaller #0 [ 1615.084664][T19412] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 1615.094740][T19412] Call Trace: [ 1615.098020][T19412] [ 1615.100971][T19412] dump_stack_lvl+0x1e3/0x2d0 [ 1615.105654][T19412] ? ip_setsockopt+0x260e/0x3fb0 [ 1615.110595][T19412] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 1615.116225][T19412] ? panic+0x860/0x860 [ 1615.120305][T19412] ___might_sleep+0x547/0x6a0 [ 1615.124992][T19412] ? __might_sleep+0xc0/0xc0 [ 1615.129593][T19412] down_read+0x21/0x2e0 [ 1615.133747][T19412] ? kernfs_walk_and_get_ns+0x72/0x2b0 [ 1615.139212][T19412] kernfs_walk_and_get_ns+0x7e/0x2b0 [ 1615.144501][T19412] ? kernfs_find_ns+0x500/0x500 [ 1615.149369][T19412] ? current_cgns_cgroup_from_root+0x2a3/0x2f0 [ 1615.155523][T19412] cgroup_get_from_path+0x5c/0x2e0 [ 1615.160633][T19412] cgroup_mt_check_v1+0x1a0/0x2b0 [ 1615.165667][T19412] xt_check_match+0x363/0xa30 [ 1615.170352][T19412] ? xt_find_match+0x6d/0x200 [ 1615.175049][T19412] ? mutex_unlock+0x10/0x10 [ 1615.179575][T19412] ? xt_check_proc_name+0x110/0x110 [ 1615.184795][T19412] ? pcpu_alloc+0x10c9/0x17c0 [ 1615.189487][T19412] ? xt_find_match+0x1cf/0x200 [ 1615.194256][T19412] translate_table+0x15bd/0x2250 [ 1615.199230][T19412] ? ipt_register_table+0x7a0/0x7a0 [ 1615.204463][T19412] ? __might_fault+0xb8/0x110 [ 1615.209151][T19412] ? __lock_acquire+0x1ff0/0x1ff0 [ 1615.214182][T19412] ? _copy_from_user+0x10f/0x170 [ 1615.219116][T19412] ? copy_from_sockptr_offset+0x6b/0xa0 [ 1615.224664][T19412] do_ipt_set_ctl+0xdbc/0x1200 [ 1615.229430][T19412] ? rcu_lock_release+0x20/0x20 [ 1615.234283][T19412] ? ipt_unregister_table_exit+0x1e0/0x1e0 [ 1615.240090][T19412] ? __lock_acquire+0x1ff0/0x1ff0 [ 1615.245126][T19412] ? __mutex_unlock_slowpath+0x218/0x750 [ 1615.250760][T19412] ? nf_setsockopt+0x38/0x2b0 [ 1615.255435][T19412] ? print_irqtrace_events+0x210/0x210 [ 1615.260922][T19412] ? mutex_unlock+0x10/0x10 [ 1615.265427][T19412] ? lockdep_hardirqs_on+0x94/0x130 [ 1615.270642][T19412] ? __local_bh_enable_ip+0x164/0x1f0 [ 1615.276017][T19412] nf_setsockopt+0x28a/0x2b0 [ 1615.280698][T19412] ip_setsockopt+0x2732/0x3fb0 [ 1615.285467][T19412] ? ipv4_pktinfo_prepare+0x6f0/0x6f0 [ 1615.290846][T19412] ? read_lock_is_recursive+0x10/0x10 [ 1615.296215][T19412] ? __mutex_trylock_common+0x17e/0x2e0 [ 1615.301759][T19412] ? __might_sleep+0xc0/0xc0 [ 1615.306347][T19412] ? rcu_lock_release+0x20/0x20 [ 1615.311200][T19412] tcp_setsockopt+0x23f/0x3680 [ 1615.315966][T19412] ? tcp_set_window_clamp+0x1b0/0x1b0 [ 1615.321333][T19412] ? __might_sleep+0xc0/0xc0 [ 1615.325922][T19412] ? smc_setsockopt+0x130/0xb20 [ 1615.330771][T19412] ? mutex_lock_io_nested+0x60/0x60 [ 1615.335969][T19412] ? __lock_acquire+0x1ff0/0x1ff0 [ 1615.341008][T19412] ? aa_sk_perm+0x8fc/0xa30 [ 1615.345517][T19412] ? sock_common_setsockopt+0x33/0xc0 [ 1615.351014][T19412] ? sock_common_recvmsg+0x240/0x240 [ 1615.356300][T19412] smc_setsockopt+0x1e5/0xb20 [ 1615.360989][T19412] ? smc_shutdown+0x5f0/0x5f0 [ 1615.365665][T19412] ? aa_sock_opt_perm+0x79/0x110 [ 1615.370601][T19412] ? bpf_lsm_socket_setsockopt+0x5/0x10 [ 1615.376924][T19412] ? security_socket_setsockopt+0x7d/0xa0 [ 1615.382637][T19412] ? smc_shutdown+0x5f0/0x5f0 [ 1615.387314][T19412] __sys_setsockopt+0x57e/0x990 [ 1615.392173][T19412] ? __ia32_sys_recv+0xb0/0xb0 [ 1615.396945][T19412] ? syscall_enter_from_user_mode+0x2e/0x240 [ 1615.402929][T19412] __x64_sys_setsockopt+0xb1/0xc0 [ 1615.407957][T19412] do_syscall_64+0x3b/0xb0 [ 1615.412370][T19412] ? clear_bhb_loop+0x15/0x70 [ 1615.417044][T19412] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 1615.422944][T19412] RIP: 0033:0x7f1d6a68dff9 [ 1615.427359][T19412] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1615.446990][T19412] RSP: 002b:00007f1d68ae5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 1615.455406][T19412] RAX: ffffffffffffffda RBX: 00007f1d6a846058 RCX: 00007f1d6a68dff9 [ 1615.463375][T19412] RDX: 0000000000000040 RSI: 0004000000000000 RDI: 0000000000000005 [ 1615.471342][T19412] RBP: 00007f1d6a700296 R08: 0000000000001378 R09: 0000000000000000 [ 1615.479311][T19412] R10: 0000000020000640 R11: 0000000000000246 R12: 0000000000000000 [ 1615.487278][T19412] R13: 0000000000000000 R14: 00007f1d6a846058 R15: 00007fff15377288 [ 1615.495257][T19412] [ 1615.498273][T19412] [ 1615.500588][T19412] ============================= [ 1615.505416][T19412] [ BUG: Invalid wait context ] [ 1615.510254][T19412] 5.15.168-syzkaller #0 Tainted: G W [ 1615.516824][T19412] ----------------------------- [ 1615.521760][T19412] syz.3.3188/19412 is trying to lock: [ 1615.527119][T19412] ffffffff8ca52230 (kernfs_rwsem){++++}-{3:3}, at: kernfs_walk_and_get_ns+0x7e/0x2b0 [ 1615.536599][T19412] other info that might help us debug this: [ 1615.542473][T19412] context-{4:4} [ 1615.545915][T19412] 2 locks held by syz.3.3188/19412: [ 1615.551097][T19412] #0: ffff888074c30a08 (&smc->clcsock_release_lock){+.+.}-{3:3}, at: smc_setsockopt+0x130/0xb20 [ 1615.561619][T19412] #1: ffffffff8c9455d8 (css_set_lock){..-.}-{2:2}, at: cgroup_get_from_path+0x24/0x2e0 [ 1615.571358][T19412] stack backtrace: [ 1615.575148][T19412] CPU: 1 PID: 19412 Comm: syz.3.3188 Tainted: G W 5.15.168-syzkaller #0 [ 1615.584767][T19412] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 1615.595249][T19412] Call Trace: [ 1615.598525][T19412] [ 1615.601447][T19412] dump_stack_lvl+0x1e3/0x2d0 [ 1615.606125][T19412] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 1615.611751][T19412] ? panic+0x860/0x860 [ 1615.615821][T19412] __lock_acquire+0x14f5/0x1ff0 [ 1615.620757][T19412] lock_acquire+0x1db/0x4f0 [ 1615.625342][T19412] ? kernfs_walk_and_get_ns+0x7e/0x2b0 [ 1615.630799][T19412] ? read_lock_is_recursive+0x10/0x10 [ 1615.636170][T19412] ? __might_sleep+0xc0/0xc0 [ 1615.640758][T19412] down_read+0x45/0x2e0 [ 1615.644913][T19412] ? kernfs_walk_and_get_ns+0x7e/0x2b0 [ 1615.650372][T19412] ? kernfs_walk_and_get_ns+0x72/0x2b0 [ 1615.655823][T19412] kernfs_walk_and_get_ns+0x7e/0x2b0 [ 1615.661109][T19412] ? kernfs_find_ns+0x500/0x500 [ 1615.665976][T19412] ? current_cgns_cgroup_from_root+0x2a3/0x2f0 [ 1615.672125][T19412] cgroup_get_from_path+0x5c/0x2e0 [ 1615.677315][T19412] cgroup_mt_check_v1+0x1a0/0x2b0 [ 1615.682337][T19412] xt_check_match+0x363/0xa30 [ 1615.687009][T19412] ? xt_find_match+0x6d/0x200 [ 1615.691704][T19412] ? mutex_unlock+0x10/0x10 [ 1615.696202][T19412] ? xt_check_proc_name+0x110/0x110 [ 1615.701391][T19412] ? pcpu_alloc+0x10c9/0x17c0 [ 1615.706065][T19412] ? xt_find_match+0x1cf/0x200 [ 1615.710832][T19412] translate_table+0x15bd/0x2250 [ 1615.715773][T19412] ? ipt_register_table+0x7a0/0x7a0 [ 1615.720970][T19412] ? __might_fault+0xb8/0x110 [ 1615.725641][T19412] ? __lock_acquire+0x1ff0/0x1ff0 [ 1615.730675][T19412] ? _copy_from_user+0x10f/0x170 [ 1615.735605][T19412] ? copy_from_sockptr_offset+0x6b/0xa0 [ 1615.741151][T19412] do_ipt_set_ctl+0xdbc/0x1200 [ 1615.746017][T19412] ? rcu_lock_release+0x20/0x20 [ 1615.750869][T19412] ? ipt_unregister_table_exit+0x1e0/0x1e0 [ 1615.756686][T19412] ? __lock_acquire+0x1ff0/0x1ff0 [ 1615.761709][T19412] ? __mutex_unlock_slowpath+0x218/0x750 [ 1615.767347][T19412] ? nf_setsockopt+0x38/0x2b0 [ 1615.772025][T19412] ? print_irqtrace_events+0x210/0x210 [ 1615.777494][T19412] ? mutex_unlock+0x10/0x10 [ 1615.781991][T19412] ? lockdep_hardirqs_on+0x94/0x130 [ 1615.787190][T19412] ? __local_bh_enable_ip+0x164/0x1f0 [ 1615.792556][T19412] nf_setsockopt+0x28a/0x2b0 [ 1615.797143][T19412] ip_setsockopt+0x2732/0x3fb0 [ 1615.801910][T19412] ? ipv4_pktinfo_prepare+0x6f0/0x6f0 [ 1615.807278][T19412] ? read_lock_is_recursive+0x10/0x10 [ 1615.812640][T19412] ? __mutex_trylock_common+0x17e/0x2e0 [ 1615.818190][T19412] ? __might_sleep+0xc0/0xc0 [ 1615.822819][T19412] ? rcu_lock_release+0x20/0x20 [ 1615.827708][T19412] tcp_setsockopt+0x23f/0x3680 [ 1615.832478][T19412] ? tcp_set_window_clamp+0x1b0/0x1b0 [ 1615.837864][T19412] ? __might_sleep+0xc0/0xc0 [ 1615.842452][T19412] ? smc_setsockopt+0x130/0xb20 [ 1615.847304][T19412] ? mutex_lock_io_nested+0x60/0x60 [ 1615.852520][T19412] ? __lock_acquire+0x1ff0/0x1ff0 [ 1615.857536][T19412] ? aa_sk_perm+0x8fc/0xa30 [ 1615.862033][T19412] ? sock_common_setsockopt+0x33/0xc0 [ 1615.867421][T19412] ? sock_common_recvmsg+0x240/0x240 [ 1615.872874][T19412] smc_setsockopt+0x1e5/0xb20 [ 1615.877548][T19412] ? smc_shutdown+0x5f0/0x5f0 [ 1615.882307][T19412] ? aa_sock_opt_perm+0x79/0x110 [ 1615.887415][T19412] ? bpf_lsm_socket_setsockopt+0x5/0x10 [ 1615.892956][T19412] ? security_socket_setsockopt+0x7d/0xa0 [ 1615.898668][T19412] ? smc_shutdown+0x5f0/0x5f0 [ 1615.903341][T19412] __sys_setsockopt+0x57e/0x990 [ 1615.908189][T19412] ? __ia32_sys_recv+0xb0/0xb0 [ 1615.912960][T19412] ? syscall_enter_from_user_mode+0x2e/0x240 [ 1615.919111][T19412] __x64_sys_setsockopt+0xb1/0xc0 [ 1615.924134][T19412] do_syscall_64+0x3b/0xb0 [ 1615.928634][T19412] ? clear_bhb_loop+0x15/0x70 [ 1615.933311][T19412] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 1615.939461][T19412] RIP: 0033:0x7f1d6a68dff9 [ 1615.943872][T19412] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1615.963566][T19412] RSP: 002b:00007f1d68ae5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 1615.972064][T19412] RAX: ffffffffffffffda RBX: 00007f1d6a846058 RCX: 00007f1d6a68dff9 [ 1615.980033][T19412] RDX: 0000000000000040 RSI: 0004000000000000 RDI: 0000000000000005 [ 1615.987997][T19412] RBP: 00007f1d6a700296 R08: 0000000000001378 R09: 0000000000000000 [ 1615.995963][T19412] R10: 0000000020000640 R11: 0000000000000246 R12: 0000000000000000 [ 1616.003925][T19412] R13: 0000000000000000 R14: 00007f1d6a846058 R15: 00007fff15377288 [ 1616.011905][T19412] [ 1616.042901][T19412] xt_cgroup: invalid path, errno=-2 [ 1616.412160][T19404] syz.4.3186 (19404): drop_caches: 1