last executing test programs: 7.982396986s ago: executing program 3 (id=2472): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x0, 0x0) sendmsg$nl_route(r1, 0x0, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000002c0)=@newlink={0x48, 0x10, 0x0, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LOCAL={0x14, 0x2, @private2}]}}}]}, 0x48}}, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)) capset(&(0x7f00000002c0)={0x20080522}, &(0x7f0000000300)) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x0, 0xf, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{}, {}, {}, {0x85, 0x0, 0x0, 0x8}}, {}, [], {{0x7, 0x1, 0xb, 0x1, 0x9, 0x10}, {0x6, 0x0, 0x5, 0x8}}}, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) process_vm_writev(0x0, &(0x7f0000000000), 0x0, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xe7}], 0x1, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r4 = accept4(r3, 0x0, 0x0, 0x0) sendmmsg$alg(r4, &(0x7f0000000400)=[{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe1a}], 0x1, &(0x7f0000000380)=[@op={0x18}], 0x18}], 0x4924924924924b9, 0x0) recvmmsg(r4, &(0x7f0000006540)=[{{0x0, 0x0, &(0x7f0000005bc0)=[{0x0}, {0x0}, {&(0x7f00000049c0)=""/4096, 0x1000}], 0x3}}], 0x1, 0x0, 0x0) r5 = syz_open_dev$vim2m(0x0, 0x0, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r5, 0xc0405602, &(0x7f0000000140)={0x1, 0x1, 0x0, "1c13ebdaf2f20d55806b26b1d750185fd75a206da058e85b2197edb1439b1cc2"}) 7.238700247s ago: executing program 4 (id=2483): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @empty}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x0) write$binfmt_elf64(r0, &(0x7f0000001340)=ANY=[], 0xa89) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r0, &(0x7f00000002c0)="e2", 0x1, 0x8c1, 0x0, 0x0) 7.17287444s ago: executing program 4 (id=2486): pipe2(&(0x7f0000000140)={0xffffffffffffffff}, 0x0) ioctl$BTRFS_IOC_QGROUP_CREATE(r0, 0x5450, 0x0) 7.086567394s ago: executing program 0 (id=2488): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x4c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x2}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_TYPE={0xa, 0x7, 'route\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_HOOKNUM={0x8}, @NFTA_HOOK_PRIORITY={0x8}]}]}], {0x14}}, 0x94}}, 0x0) 7.037822286s ago: executing program 3 (id=2489): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x5) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) r4 = dup(r3) write$UHID_INPUT(r4, &(0x7f0000002100)={0x18, {"a2e3ad2119c752f91b3809091bf70e0dd038e7ff7fc6e5539b3263078b089b3b0838721a0890e0878f0e1ac6e7049b3d63959b509a240d5b67f3988f7ef319520100ffe8d178708c523c921b9b5b31320d076d0936cd3b78130daa61d8e809ea889b5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae19397d696d0d758f2dc7d1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70d998ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f0000000c558cdc0a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5af098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc94681359bad8deff4b05f60cea0da7710a80000000000108000e0a37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4ceb360c7e658828563e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b2fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d3a6df40babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f794c9eee1198751adaa13d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6ea94f88a4facfd4c735a20307c737afae5136651b1b9bd522dcb399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f39a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab83c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00303000000000000007fb33b72685ec37a2d3f766413a60559516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce21265b6e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57fa9c0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f458d8d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47a08d3679507000000000000934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d8872fe174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f980000000203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600", 0x1000}}, 0xb82) 6.986593638s ago: executing program 4 (id=2490): r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x0) bind$ax25(r0, &(0x7f0000000140)={{0x3, @default}, [@null, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default]}, 0x48) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = getpid() sched_setscheduler(r2, 0x0, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)) dup2(r0, r1) sendmsg$DEVLINK_CMD_TRAP_GROUP_SET(r1, &(0x7f00000003c0)={&(0x7f0000000340), 0xc, &(0x7f0000000440)={0x0}}, 0x0) 6.986382528s ago: executing program 0 (id=2491): r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = dup(r0) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f00000001c0)='.\x00', &(0x7f0000000180), 0x0, &(0x7f0000000040)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}}) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) 6.100722495s ago: executing program 0 (id=2494): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x10, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) setsockopt(0xffffffffffffffff, 0x84, 0x81, &(0x7f0000000040)="020000000d80ffff", 0x8) r2 = socket$l2tp(0x2, 0x2, 0x73) getsockopt$IPT_SO_GET_INFO(r2, 0x0, 0x40, &(0x7f0000000180)={'filter\x00'}, &(0x7f0000000240)=0x54) 5.97474044s ago: executing program 3 (id=2495): openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0) sendmsg$NL80211_CMD_CONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x28, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params]}, 0x28}}, 0x0) 5.951779811s ago: executing program 3 (id=2497): r0 = io_uring_setup(0x497c, &(0x7f00000001c0)={0x0, 0x0, 0x10, 0x1}) prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x3, 0x0) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f00"], 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) sendmsg$key(0xffffffffffffffff, 0x0, 0x0) pwritev(0xffffffffffffffff, &(0x7f0000002240)=[{&(0x7f0000000080)='E', 0x1}], 0x1, 0x0, 0x0) r1 = socket$l2tp6(0xa, 0x2, 0x73) setsockopt$SO_TIMESTAMP(r1, 0x1, 0x0, &(0x7f0000000240)=0xca, 0x4) getsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x41, 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x6, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) openat$mixer(0xffffffffffffff9c, &(0x7f00000018c0), 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 5.151116975s ago: executing program 0 (id=2500): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r3, 0xae03, 0x64) 4.176050866s ago: executing program 0 (id=2501): r0 = syz_usb_connect$cdc_ecm(0x3, 0x0, 0x0, &(0x7f0000000280)={0xa, &(0x7f0000000080)={0xa, 0x6, 0x250, 0x7f, 0x7, 0x3, 0xff, 0x3}, 0x4d, &(0x7f00000000c0)={0x5, 0xf, 0x4d, 0x3, [@ss_container_id={0x14, 0x10, 0x4, 0xa8, "e00d1debdcb23129f306bf3fcd2b2a36"}, @ss_container_id={0x14, 0x10, 0x4, 0x7, "f0f29c885031924c9b7cf66f82876396"}, @ssp_cap={0x20, 0x10, 0xa, 0x9, 0x5, 0x5, 0x0, 0x8000, [0x3f00, 0x3f00, 0xffff28, 0x3f00, 0xff0030]}]}, 0x5, [{0x4, &(0x7f0000000140)=@lang_id={0x4, 0x3, 0x100a}}, {0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x4ff}}, {0x4, &(0x7f00000001c0)=@lang_id={0x4, 0x3, 0x422}}, {0x4, &(0x7f0000000200)=@lang_id={0x4, 0x3, 0x430}}, {0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x40d}}]}) syz_usb_control_io$cdc_ecm(r0, &(0x7f0000000480)={0x14, &(0x7f0000000300)={0x20, 0x21, 0x102, {0x102, 0x4, "dbaecd32d366be02512253b1865a75a8f5a52b366ffa6023ff582870be149a385afa93123e56c5277d078b1101795408ed4a25a0928a4857c1d6091090192805c36c43b0f0ee34734de97a4035f14088533cfd0c2c548dc526ce65e25a8f049b2d5fafc8f4b36d1c081f2ce0610e373a6724058a194e148b3780434ac8d11febe396530a713ed51754d77227c9c880d122b41a9782eb06ae7c436971b13421d8dbe29a4ed845080195eedb6ad23b14a3286f80a316510e2eff5a4630dab532ec52d0fe838ba494c9c85fbd0ed9c72a46546b4f354ec2e071f739f6f78900243bb658415585409e4ea8e3e8c4c957a4394ae4a0809e352628452ef7affe8d7d6a"}}, &(0x7f0000000440)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000640)={0x1c, &(0x7f00000004c0)={0x60, 0x10, 0xf5, "e554b55f444ba10f1de881be594938e8a399942dce2a9292713efbc283b8cd282ddfbebe90facf591c1a7cfccb29741e34ea253c24d530a420847281982b1439c105d15b29e45c3cfb4376435194fc13bea8f4921d19224d27c9c6dcf7fed8fd63821918fed04611e992dbf8b7fc623ddc67e1e83c61d8ea6277d21d2b81c2c6383a1c3623c668e55593359bca9fd6a1323fb71c097c9e8ef3044058f261056fa7e05d220ee8637d776afb68b9525a9629f9bc93efe846a5d14a4307803a85bb332c22133955fbe989bbca82a72355e67c18e97d85bb720c847d68280a24b2a4c415ea9387df8998b3f24a48c5cab69ec2c5a940c2"}, &(0x7f00000005c0)={0x0, 0xa, 0x1, 0xe}, &(0x7f0000000600)={0x0, 0x8, 0x1, 0xf}}) syz_usb_connect$cdc_ncm(0x1, 0x73, &(0x7f0000000680)={{0x12, 0x1, 0x200, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x61, 0x2, 0x1, 0x2, 0x0, 0x4, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0xa, 0x24, 0x6, 0x0, 0x1, "eb472b8128"}, {0x5, 0x24, 0x0, 0xa}, {0xd, 0x24, 0xf, 0x1, 0xffff, 0x4, 0x4, 0x5}, {0x6, 0x24, 0x1a, 0x40, 0x10}}, {{0x9, 0x5, 0x81, 0x3, 0x200, 0xf4, 0x4, 0x4}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x8, 0x7, 0x0, 0x80}}, {{0x9, 0x5, 0x3, 0x2, 0x10, 0x3, 0x73, 0xc}}}}}}}]}}, &(0x7f0000000a40)={0xa, &(0x7f0000000700)={0xa, 0x6, 0x300, 0x40, 0x9, 0x2, 0x20, 0x6}, 0x5, &(0x7f0000000740)={0x5, 0xf, 0x5}, 0x7, [{0xf3, &(0x7f0000000780)=@string={0xf3, 0x3, "f1ecbadd0b0705ad882e41f28a51b85d12f691fa1f4058fe28d2c41ab27dc26e3afe68d7b068bb920a6a2e2c7dbbaa05d3a37dc809191590f8a8e9f5631ab9dd7e2f41f354de9d96f6ea6abf7ad156b7fe22fff6e574dd0fd1f746515091e3e13368aad68b86485fbd085682eb88bbd911368de7d3e7acf0c4226787bbaa321c6b998b991ea03096de2d15d6796fcbc6b897d07d895aa4178f4a409a83e21ac7074b3a0ffcf365694a4f1dea90410e54b331bbd1e427d5802b07dd4fc359abefe716663ea3a0dff216edaeb1e9aa36cd97479d579c2e91604127b65fc8b4eee9c4bebf8ecdffc4f544e1beb6695b33bf74"}}, {0x4, &(0x7f0000000880)=@lang_id={0x4, 0x3, 0x457}}, {0x4, &(0x7f00000008c0)=@lang_id={0x4, 0x3, 0x410}}, {0x4, &(0x7f0000000900)=@lang_id={0x4, 0x3, 0x2809}}, {0x75, &(0x7f0000000940)=@string={0x75, 0x3, "8671cda87d9cf20833b824f4fa412acb166d84d427261b5834b328d0b13c4ad59cb7c5c85a0b6f2374aaa64834d376a4f588e29827e574fc606acd77859d09fdd69d7a33396b9bf4633a626d156717f391e0732689fd79790de59e17e063f99981dd7bc3ba799b0894d72dc0c11e0e28e955bb"}}, {0x4, &(0x7f00000009c0)=@lang_id={0x4, 0x3, 0x3401}}, {0x4, &(0x7f0000000a00)=@lang_id={0x4, 0x3, 0x7c04}}]}) r1 = socket$inet6(0xa, 0x1, 0x3) setsockopt$inet6_opts(r1, 0x29, 0x36, &(0x7f0000000ac0)=@dstopts={0x29, 0x0, '\x00', [@jumbo={0xc2, 0x4, 0x1}]}, 0x10) r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0) ioctl$sock_rose_SIOCRSCLRRT(r2, 0x89e4) 3.934749235s ago: executing program 4 (id=2503): r0 = syz_open_dev$amidi(&(0x7f00000001c0), 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, 0x0, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) ioctl$SNDRV_RAWMIDI_IOCTL_INFO(r0, 0x40045730, &(0x7f0000002780)) 3.806832411s ago: executing program 3 (id=2504): openat$nvram(0xffffffffffffff9c, &(0x7f0000000400), 0x24100, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) syz_open_dev$video4linux(&(0x7f0000000040), 0x0, 0x0) r0 = socket$kcm(0x10, 0x400000002, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000006ac0)='cpuacct.stat\x00', 0x275a, 0x0) connect$x25(r1, &(0x7f0000000080)={0x9, @remote={'\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc', 0x1}}, 0x12) r2 = syz_io_uring_setup(0x24f7, &(0x7f0000000140)={0x0, 0x0, 0x10100}, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x0, &(0x7f0000000200)) openat$ttyS3(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)={0x1c, 0x0, 0x0, 0x0, 0x0, {}, [@WGDEVICE_A_IFINDEX={0x8}]}, 0x1c}}, 0x0) syz_emit_vhci(&(0x7f0000000900)=ANY=[@ANYRESHEX=r0, @ANYRESOCT=r0, @ANYBLOB="4b0631a7ed785e55e0fc6a9af75005852cd6a0b05b89ee001e9a8b4d0ff896883916e939bacabac2fb855f609a356c24ea88dcf0525f3b93dc6e91f60f6d69ed3bee9a55951c4ef6544e0e4a71d39a7c14dc3ce6f882e71fcd09b914a3ec6bb833664030e05e07ff33d2c2cfca47a499", @ANYBLOB="64943f457a69f60aaedfed08b2162cbb0d10b9e8050762228f97f44c5299745bfce61afd6b1c3d8a5eab661bc26c70c73a7126957d7722e97590c172e2a70daddd0582fa593b5423840b50804a96cedafc0174e3a2e38d081e3115a6810a6191e464bcd95c548a0779f6c9dc647a7beda1f693312942b98309bfc156466fef4ae83dbf6e1e8e79663574f08c2077f2e83abae710c3778227d23482103bbd31e8f1d692c5627e09e16ded1c1121401098720539a4394c44bb064c", @ANYBLOB="f405f6ecb9956544099cfdb94b30e9c87de47a2e24a433048c46d7aeab1141b36d060a99c30b795e1faa0f5087210773a58274be6949b20eb57aea8cd2c13fc591bd94af792d3276155bf2bf0c8242f1afa53256d987d9be047788044e", @ANYBLOB="d675538b33db1623f5a2265a035ec3fb429e6e3c8ca9432bfa949aab38edc1e40911cb87455c279ed7a877c9385a348bd41ceed20f25f7f89c6680342ec5f37d083c5b4e3741134a321a1a056af62ecc2d502ce00134f9039ac83576050deaab79c93c154d185c3176f48535899a2587f9c78538b7628395d25dc1ec0d10ecd94970623abcf05fd579c33380e36d747438ffd1b71e3049f36f"], 0x10) ioctl$KDGKBTYPE(0xffffffffffffffff, 0x4b33, &(0x7f0000000040)) syz_io_uring_submit(r3, r4, &(0x7f0000000280)=@IORING_OP_FADVISE={0x18, 0x0, 0x0, @fd=r1}) connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000000)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x1, 0x0, 0x4, 0x0, {0xa, 0x0, 0x0, @loopback}}}, 0x3a) io_uring_enter(r2, 0x2d3e, 0x0, 0x0, 0x0, 0x0) syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x33, 0xcd, 0x2e, 0x8, 0x545, 0x8080, 0x301, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x26, 0x0, 0x0, 0xc9, 0x12, 0x60}}]}}]}}, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001980)}, 0x0) 2.458730577s ago: executing program 4 (id=2507): mkdir(&(0x7f0000000400)='./file1\x00', 0x0) r0 = signalfd(0xffffffffffffffff, &(0x7f0000003500), 0x8) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = fcntl$dupfd(r1, 0x0, r1) mount$9p_fd(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000280), 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r0]) signalfd(r0, &(0x7f0000000300), 0x8) 2.458411297s ago: executing program 1 (id=2509): memfd_create(&(0x7f0000000140)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\xea7\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f00000000c0)) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000180)={0x2, 0x0, @ioapic={0x0, 0x0, 0x0, 0xff, 0x0, [{}, {}, {}, {}, {0x0, 0x0, 0x0, '\x00', 0xff}]}}) 2.441349778s ago: executing program 2 (id=2510): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = dup3(r0, r1, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_VENDOR(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)={0x28, r3, 0x1, 0x0, 0x0, {{}, {@val={0x8}, @void, @val={0xc, 0x99, {0x1, 0x46}}}}}, 0x28}}, 0x0) 2.38752527s ago: executing program 2 (id=2511): syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) open(&(0x7f0000000000)='.\x00', 0x0, 0x0) prlimit64(0x0, 0x7, &(0x7f0000000000)={0x8, 0x8b}, 0x0) pipe2$9p(&(0x7f00000001c0), 0x0) 2.342736612s ago: executing program 1 (id=2512): r0 = syz_init_net_socket$ax25(0x3, 0x5, 0x0) bind$ax25(r0, &(0x7f0000000100)={{0x3, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x1}, [@default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null]}, 0x48) getpid() mlock(&(0x7f0000c00000/0x400000)=nil, 0x400000) mremap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000, 0x0, &(0x7f0000fff000/0x1000)=nil) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff15) bind$inet6(0xffffffffffffffff, 0x0, 0x0) connect$ax25(r0, &(0x7f0000000000)={{0x3, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x4}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default]}, 0x48) 2.128596031s ago: executing program 1 (id=2513): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x0, 0x0) sendmsg$nl_route(r1, 0x0, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000002c0)=@newlink={0x48, 0x10, 0x0, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LOCAL={0x14, 0x2, @private2}]}}}]}, 0x48}}, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)) capset(&(0x7f00000002c0)={0x20080522}, &(0x7f0000000300)) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x0, 0xf, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{}, {}, {}, {0x85, 0x0, 0x0, 0x8}}, {}, [], {{0x7, 0x1, 0xb, 0x1, 0x9, 0x10}, {0x6, 0x0, 0x5, 0x8}}}, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) process_vm_writev(0x0, &(0x7f0000000000), 0x0, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xe7}], 0x1, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r4 = accept4(r3, 0x0, 0x0, 0x0) sendmmsg$alg(r4, &(0x7f0000000400)=[{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe1a}], 0x1, &(0x7f0000000380)=[@op={0x18}], 0x18}], 0x4924924924924b9, 0x0) recvmmsg(r4, &(0x7f0000006540)=[{{0x0, 0x0, &(0x7f0000005bc0)=[{0x0}, {0x0}, {&(0x7f00000049c0)=""/4096, 0x1000}], 0x3}}], 0x1, 0x0, 0x0) r5 = syz_open_dev$vim2m(0x0, 0x0, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r5, 0xc0405602, &(0x7f0000000140)={0x1, 0x1, 0x0, "1c13ebdaf2f20d55806b26b1d750185fd75a206da058e85b2197edb1439b1cc2"}) 1.620657162s ago: executing program 4 (id=2514): r0 = io_uring_setup(0x497c, &(0x7f00000001c0)={0x0, 0x0, 0x10, 0x1}) prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x3, 0x0) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f00"], 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) sendmsg$key(0xffffffffffffffff, 0x0, 0x0) pwritev(0xffffffffffffffff, &(0x7f0000002240)=[{&(0x7f0000000080)='E', 0x1}], 0x1, 0x0, 0x0) r1 = socket$l2tp6(0xa, 0x2, 0x73) setsockopt$SO_TIMESTAMP(r1, 0x1, 0x0, &(0x7f0000000240)=0xca, 0x4) getsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x41, 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x6, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) openat$mixer(0xffffffffffffff9c, &(0x7f00000018c0), 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 1.425267221s ago: executing program 2 (id=2515): r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) close(r0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r1, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f00000002c0)={0x50, 0x0, r2, {0x7, 0x1f}}, 0x50) syz_fuse_handle_req(r0, &(0x7f00000061c0)="c0f61a5fb77193bea0c6599de09cf570067192ff7d5bf191681878eb121895cd4c4052feb0a5196b61ab6e28d35aec54bb2aee6802a27f50c4e8f36a2b1bb12d93dbcd320ed338fd1a8ed43a2dcb2bf11c773ae982800321c7dcd67fa8930472eee2990090cc2a92f3373d898573a2cd1712c18ea624e82422c96f0d8895bfc4541911ff3662cd28fd55d795d1a5f31c92defbed88d48db688f899fe88997b057ce3e898eaf9eb2e76a59c1d2c10610768b3296595221c2b063ca2aa664fa0a5456c4e2bcddc7f856e2e29ce1b8852997a4d24f918408bfa9969074de495dd4cc9591e48287d78a2b3e0de09b48eb5b6bf78c6afd134b09770c164000d1f300c92877afe8be5d381c38da3b5fb9bd540c2f43c7dd2ec8dcff2af3517ba839c827866d10608964445bdead091df1264f5591e91d2f31b2015dff1b3b7ff0a5dc8b15748278849ddf4389ca7112ec1ca45957e2809b3d763e336f7051ac4e832ec61d1b95b9266565293806933dd8e3b65eaa1b4fe7946056703426674379ccec7abff1c459b91248f3a1d9e8103ae395aa86dd4235a5c16d9bd12dcb1ea9565a7c3d58d247a51db6d9077ecf47152d0733d79a5c449480c40b1cf8e115df4de3404b73ad06ac4c0d03f3b51d1b89b05ded082a5db1f5fbd8d351015b93862b2cc0995fb318609237e404e8d78d8982af761c27ad1fbc8f4693194c5e6b99edcb7a6e9dd261a386d8ed4420a7c12cbdcc86ab19f4e7a6c0c9b80fa3f0549ae57b38a93f669a87584b81e56211b34263db87c2d244e422878aa93e2c24260c71d06f75da33079b48b7072859669c128ba03d1487336a4a04167f2a3fa928d002c8b3cafdedf7a479604aa8f94e6b7ba58395df3d136b783f7be6b0b6b7b4b735c88a53da064a493b16713726b39ce23f08af19a671fe81be1e9772d87ca9cb5dccc35759fe3f7935a3167924d0a7d1586821ffebe0fa57e72a24967f7958875c4bf56d779369074db0077ee58138400c2f646c645e0f453e9e39aaf48da67775f59f8e282db3dec88bbe20ca6e65e2c7e44ab0583840513bfab76d94d1512549ea6db4a5a64cbe6f76b0ecdb2f1f71aa6446bcf4f7249366474cb77ed70ccb2702134b9dc6c2bfaf27ac9a9c85b8d9c48d100ae8c0eaa34701d2125a405b1117307119b754ccbbbcb2c8b71eb76d1157ddc7fbe0c75652a4cfc31d785a489f2344d8b4c47ff1b772104f49658f62d6241ef7f782db0cc071788b3dfa74e69533cd0a02ffadacdfbc8b5a83b9d4b8db068b5a7370f947fc4a99158c6296a442beba2e23ac1ef68c50f19851f3fb68b67fb714a5e7e53bb5a7690286cac12f2b002e854d8595075fbd00622b29bd423c3dbaf600ad6f37c96dcde43de6290b053c76df5620ce17118e2230039304c88a0d207c7cd05dd3854c545cdbebe907cc4d3411a382afed5e080502363cebe68e2c8dc1f800ea4add827a83a9cdf0fe6d54eabfca5a0ba370a06a4af1c49a60cd19141a4d994fbcce888278ade6300bd40685267fcdf1317cdb3b06cae9e7d9edb08d5c98b6d7115c025fcc05058a515adcc23c65ce526aed3b8203f3c54986f65ba9ffe2a9bc26b2813a1fe339ba2a58515cb8375e2d62550bf35dfd4fbdb75a70bb9fdc47d3d0346a65b986b7efd12aab760124b6888480b341b16ef2fea93fe2fbdeb55706690aa2c02bd80b1ccb7b8f23720283df89b515e2020bc5364cc4aea5fdc250f10d46db93c128e2de7477f4c80ec016f7a872efdef50ae1730b3a1deb8085d82f4fd53015a518803cd02646c087d67b0fd7092852dd81ac93ca60346f23fd847cf7c4883cab81af956342da21fb399b69e1988d89f9693b0630fa8cc95714285940d20eda153f8f7b01e6b2b892327b5d1e754a36a3430c5c22c3b841357eb80e526d7792a8ab9c4b1d23d82e31f23ef38580c2b33ca72424fbfbbf237f315cf2e5d134783982cad204be087ef58da96c6bc5da2dc4bc78f293eed56157a10848c0a956de15b83daacede9ae1c54731149f9ce7231cd84e14f128f87361e1fc0cdb2940766f39c93b9ddc74bba0a32548cddb1ae20981576de2ef8a772b04ed90900b2da11ffc70bbdb7091b8b8ed600dc0c9d236277afd9bb97b035f3b8fc95ef3f30c056b67a195c5c9f44c0f2ca4debba0d6d8779903e8e34fdd6b766fbba6b57e722ad9a852dbbeca8eb9acb9929bdcb4d4fa57d54ef1c1a0fdc032a898d3334f5671c7df82361b7d616c1f87e23f7adf043edda83458051f073f2562904ed25ad9a7129f3c14286007c9e4c81ea56c6a7289d8e58782d949a19a2642dc89d107fb465d0a98128250e66eedd93cf063963b7f7a0e1d3b9f1dd212cc9edd662af45852dbbaec84c69a640be115a239b5abd46d990fa007988f6be78a8c1e426091ecb33822529f7fddfb34d9304466ea06bb546a34735021e98674ae4a5f5c0b4f153ad5434b81c6343c42ae79224fe5abfe8b9e6fba38164c3c318500c130323b2f9bbcdf6aceb664e10483e2084defa744cd745e565ac5a8b5c30166330dd95e70f2a072a5cf5462635f7e0a4f455bcb607426aede9fa06d708c7c0daaafe2b84896134ab3b379c6690c9049903156232e5b7ca9529d602968f1e1f7a73214aaf4a9575dd5147e5bef8f05907267580abdb728cf32f6845cdf3bc779451669e4972e0b787afac5a36bacc3c1bcce125e91e4bf9810d91d1f1a3d8316328dd2626040af09892f1241c6645537ebfbeb752afba5e8171f487edba97aa92404973d4e8d09254abd2b70bdadd9b98fa3c33355295a5c474e9b2f017a6636233a382e8ef4e73506880e2a588bf257b6bb11e57cd9e75e45ef609ba583f3a6b1f2f94c7a0443dc0a8906a13e0188b61550cd296e4c63faf45bf7aed852f68ffed377302da3f73d89e4274a64667636bf00e8e4408a8407e098aeeed98e545b9aef40896c8070a76aaa0042162979ec0b7b69b4ee701100d66d3e7d25a48c59989424522889b32e4f18676475782e86d652d2eb836c326b46b8544bb755eeb14727e5ca25875f7b9ae1c113068be55a1521cb4edefef34a7a4cabc3639e456c94f01d78c059c441ce2c468e7b39b56555ad5cd6a14df8e3518e4e1970fbd6f586ce46c51c4d9ad20c3f7f5048c071994e807f19b7176290a82406dd0ad3f0b64350bbce79b223f27ed99f819def43a33696c0739e09030460a5a5d04d251adfbde1af7a485894d3d30c79d49796a9a5e077aeddba1303f3e3a3187298c88da70885e2a9dc966eb69a6439e2d3b1934ae6e8ea328497d87a9dbbddbdbf12b0c582ca4ffe1f25cdcf89a6ccdb31880776ab808b4f050ae02adf70f64c73ab2a3b1c4da69950ab4f7bcf9cc22f81b99694a7783b792facd8197904c12d3776de5184afa143ee23eee82aab2ac79b25503e0692f3463e5c363e0b4b5f31af82898009f7da13d4f249a70de40314c003e7e59dfb233bc44d0316df3e45af806d216ca76a58417ff8abcdf7cfea2da8868c496cdec8f47c451ccdc8908c5e8c1039b6bfa8751637c29fdd9b7dc76279dea5ad7455af4db3394a34cb9be8b9bf1105862108f920c44d029c3372e77c44a25d06cba956da65ee40abe32b8b557e123fddaa87b4ed5ab3485eb11f13c61072720d4adbb937c336f2b60525933b6d49e7c6751f0769377bdcef02abe63639b17a6780a4afccc8067403aeea42726f253ec97994dcf55358e6faa3e622344dfc613f8be96714d5c49633d7b74b9a72883985782ea8691d26da620d905f3583adbd9d527d93f1ce623bcf70d98a0455ff80fb1d472c6fc6bf0390e81b8d755b196e94fb73bcc883f5f310043c5138c95c5d7079c24d5bc5876b422f46a2bb17aee407bf7a55dbbdb253e2865c1b91839737c37142a8fe8bdbc0a7bf89a392da717a5ed87af754052b1d0a1a37313b00cf3b4aad91ce7fa7777b1851121a63e374865b238ddf9a7ebd20641a719c68682b97e3c5126e732800c04cdb627bd415efbb7e5e19917bf4bd53f072b7ec2eaa0128b56e069a32e9f729718fa4a7212ab0fd1e5d3582a5723a704d84a88c235b44812849301ee8155cea471028beea1918cb1f4118728718674cca9dcc58bafcdb9379c57e9333ab348b30a801aa2f5c05c3107e52613cf0f591781ddb5e1e4844633057a26bb3179c31b5664db4bb8c6d762c7b9886317ab6e9e301de67f12085547ad2a20d1d63d361c2bcd66be2e25fe104f8b53b7cf89d90d456f063da31f60078b760ce340f9c9a8e8da113b6c6e3c53e666488d75ab209dbe31ecb531553f17446a29edc465ed22aee2d4c013ee8a4d935c0cd92bcba9e5a56a6c19ac114d12db58bcf5f931a7b282404af34fee464f4c28e16dab834de98dd57b107e45fa66b26c32fd94e848aef6e4a2a65fd4fbead1b1d445d6c343bf50d785e664220371e27566646e284c6a3b07c14c0c5b84b5cd1a01a84d655f8dd72ab8e3d0c48e67596f605cd4a50b5fde9b182792d7ee8ee457eb6666aadea80563b4d176933cc482f75cb98a8dde4a414041187cfb2abe3e5077f23c98bafd0afb8b023e0cb26efc1488dd98a51a19dc93412b5fd91c4e06439b6d2d20a174989f860de6b1be55923a11e5893d30fae74a625f777ef9362e64b529c964b5c0b5817a579a647ded28582c45f965e52e1f76084267c73f8fce8037b22c2496ee6674f56056d9c691eab831c831a27fccd90f961e949a51c90a80b677d11e70d01744f9632cc26b7e6476b8c92a688ec8e1280ea8b795eae7ee61e2735045b9ea516af752b35388a6c3ed98cfbc4e74c8d0717dc31eac87b6a9c06f0d4f412e8e1155ce48cec6d9c106f3013329596a2d43ffe7f942cb7b7449f38620a8a9e5138b5d5d03c8a563446e4dfb1905d841f7a350d6c67d85652297db21b3dd3291b795c90276ccc50eaf513f3ff9480b3d2c0096e92c93cbbea680833cfa630d72c4f5a21ef0f81910b8a5ef77d62175d3abf5b3417cce43e3c53bb84ee1f5e354b2d79c2b46e3bdb2ffb15420e7a28c800c2591cd331d71c645a6b1bc43f06703164c05f61b4abc0fecbaee510def6340c2bbcc32248655e9161c3e6f01520bb0c53be04c3a3ef4a2dc401663f6719ac758aa297f65d1681652e4ad042d754b054df9cede3ffef7ad2f52184ea6d93d6867cc262b0a413da11c02d0c7c49a663319333d8b29d56cbf630e66b6683ff7f3b1ce5c481d37151626eae761adb77642f802bf0f663f3c322ee17cf01a09f058dbf82d04bdd7c48f34f54392d1dd489891ce28373ae980f74897fe3f90db2a9ccdbe56160fd2517adbc953e88c5fa8981456b87ab9f122321816e0df119f6f6c505f0dcab1c8e6a7f4109055dd80001dd90ea984b80f0b0766bd9772d96ed42d95f219b4a8420d7cf04f28475d7f5d8a8a07b0930c40d0dfc2592f8f54e90a80e0a98d3055f4660b1530565c7f2d91d7d96142da19d644aa7c512e24f83e8305970f9d3fc3b9382ad141f63f2d5b265b7cda258119ca4f553fab11f2fd925a7a24c4021045073d867bb089ca7bcb702bcedbc28781e408cf8bd43498f8661a320d28c95c1fc42635c9e4c4de8787afc70bf5c8bf75e0a2937a9ca2b08c15453f24211168c7fb2a24218fc3f04160c2daaa46ef7fb710606a53228e134f20511169034cec55e77037a108060b8fd10ab9ae228d9ee4d5ab1380cfcb8611e6c9d5dc143db2bc856d967b0b9d0187ba8483f7adbd1092562b2b16420baa5ab6c1f7c02ae56f013e752d9f41df4b4f0b008bc25ff58f816e50bdce308e219068bc898a21f1dd26d7fe7760459629f3615bcf7582c87d296f041fb005a72c7ef4013ccd8ca3bea85db90ae6349f101adb9235dd343be423816b37db2661dde2b9db33800da7599e8a9194fcf06755e2659670c62aba1d5a01172a416a0296bade0b32e69b0ee60dd6cd1eecca4335eb0416df6ded75049a14660276df47bb4f224e087235742e90ddf6f57827a0cf26d71b9338f2ff5166bea85a7639de6ac97ec829a7d071fac1f4b27c6c23e952adb5536b45a68e75c1c1a6d44508be6f4b87c5bb880a6baad5faecd1fd6730783d8729c2d89b23a3f2f9b79b78f7fcb70a7812607b25b17ae857e65f205ad5dd87a34e52c6e9611f588236bdc59d816f277aa8cd4a19750461d3e82c8621181b803900d1df439babcf4909168d4125a7c962ceac2f834d79460f17f92f415a85ad7e12da4b76105bceb4641fc87da7797fee092828f6e9e42631fd5c87046ebe5c4044663a31a1b39a6f6a53ee2b7fbc3eede57619535b1011c10d2d5a97c781c44bb6e493287528bc5281496f1aee3c746e09aeef0b2d38bdd33e37446c1f7516767ecbe298b78ef8e03336a08a1a9e62805140573b034459a445240aff04593539aa97056957f3dec9c43e50a1bce1b9c8e860940e03ae39e8f76fb80ae746f7fa4ed0b050c9e08a788e666e9f18bc8e83c64ee3ea04eb9f1c1dd92b3be73d18cc53bca76ba4688b48c13982ae6d25fdd9b5b85612d5b706c9b9d7c6cca91141313356f0d7b859da0de669fb52a829014a0fdde51df658303ce085222a42ad624ee6c659ec94e0d0713b2d3c3becb53c6f76d30530e6129943e20361a7c9f7847f79cb871d866b5277eecc8c1626fe2719c9cf872c0fc78a98e6ca998555721e9abd5bf9e2d1848016e0bd3202c44575c688837136e71e85765d677e0f2b081707a4e7e22bef50b9280a1a5ea549022ef2a9fed989f156198975302608dffd03f8f1186a12585d4670ce868f0c96be37416b9132144f65c9abe8b00894d7a7e6d0a8554e09139ec2a0eb6d4f00c637684602c106257f5abe816e068e0f6f3e94a916ff41e23b6baa4876931209a6b0bce1f6fa8d1965665d3dc42e5c6b011bdb5144fa5fe4879779ac9dffe0843cf49806ecbb615b818e54c6dfe4d12ccae5b12b0ce87909c1e852e8d7587d1ee24c2575af61eb0b667c37b6d15b88121974598ac23cbc66503f95cf01a7a1e217f0712c4cc4e5fc22e83e3aa375eda531a73828eba91223d7de1194af730bbf2c1ed5ec47ecdf465b1794971010ff8c8771c488a1d3f98292b5d2ea9625e52589aaf7212fcdddcc0f1681b785911fcc64a6427358e4307a3d8bc583dd635ba5c41eeae96e0b6bc5236a1f539d291e568d5a0aee25ffbaa73d0cb84bf558cbf6d04b16ef7e97617b42d07100d82fda6f75dcade611e459bdb4773bf2b70e90a8add2bfe6ea6d3a4427940fef6c81931762dbea6678fc63e50c4430227b15cf184dbae4c3b2d8096292c17f701c560ac7cb33efe7d79d0c2a3c0c06e22d4e84e9e959697879f0d27df460046fc20394655cfa19793256cd9074f1c5f8ef530af537164e0e43184f921d56094fa7c7744af35821a5833c9b9d56fcf525a39fc795cf33f14705d0c7087c081bf11ad29e4d6c8f6cbbb3a0d873262b89cfc54d4cec42c3e13a5ba604df942bf8b4eef7cdae1c0e2970edb7ea6437618e6f8312a745ca8bbf0c42df103f42c824ab4e77e8b118e2b9a84568ed3d4aa3800011d02be29c032192719635a1c6c28315b27368f6ffe852bbd661c351cbfbf97b1b36d52371a4ce57e5eb6e4b13cd01b022de1770a5b1cab0fe548092a16e04de76fb8d29d69a1c55f8aa11b34bd6f018d283a9a7c0338b8c1900e21c0054616ade6b56d0fe3379f1a8dec38b85fa8e74e9bb5df4287d037f77bad30de89ea87b03d40c3a1618db1073c07032f6d22f8a264cbf0c1113689308a2fcd7299603a64f884cb03f8c5f0e61e4981d2baac3d50975cb917b815efe2f7eda88f1cef1f34997f0819a92051c1d9eac3ef05de25a2b4d5f65619b4ea377180c541f2afbfa5c8fdae59f8e3a7635d2b30c4c759c32e570b8d9ec03b4aab65503e81e545dd41f593615cfedcf009424ae4854de3a9111115cb254608bc2666b18c85698ac193a9799f1a1f6098288b42dd2684db37e0d3b023ac9b417263b1566acd6d951df147e83db8e909b39bb6a1aa3fcc1c1a20795521b84e0884254b2524ebf0321e5709e7a79f2d62309247b7b24ec71553a9ab9daccacac1a8bd6019b7703c0ed468379640ac6e764ededb2fefaa2f88e15fc97ec6f16007f540cd7a57c7726f4aa9ff6640cc7f5d71a6c12048f98a9071ffd594f17e42e7336ab6d0fd429328df1238e5eb4ebe4f9d8ef01fbcfe8f53eb3f6defd4c7cb40b3772ea2f2130b655d2ad3643977cafa991bbc6aa2aaa2879a3c2d1dace3ec034beb3d06f0a09429b3fd1ac06870dde4ab97b7d5d7ff1394577a6bea7a3a53ca883a16c98d574ddad00de5dfe9f75369be7686a4badf44f4d9b110846b6ffca67f63973186433f6bc3691b580cdc689c159064c55a974fb849f56fd2f9cbe4738e0a1a8a764467dc1d3723278ee1ea573fad98a5318104218d359d89579614592fa6ae7cc4720e6ed71706fdc4c707b03ff77454daf4505700f249aea0abc909763416d44a069a6d605118ac0c20a325577fe1d8af053673fc72e489d24405281f01b4e2e05e4fa14e68a53294e4b5d201c146ff994cfb7a776ad80828732ee647092c20fe46d917142880318136557c47ff7e31d26f35f407c1e6d4254aae442b233b89dd4c0adcfc92b0f821a5a9dce95a24bed9bb5cd17a5b59d3e82086cdd7a3755064e4de22d8f0f973f4235aa58c6214dab89325638d94d3dc25f3ac4d912ff74be6ad8ef49aa2becede5453a409cc8ed8065dacf28a1a7498f6dd07a3478af093574fdd2d0a4f98d12fe898e47cd0550f1fc42810ed2e4cfe5cc4faa67d965f252aab1bd5c536bf2c936706bc71aae98b93494d364faac72a9a60188a23f15ddf1238896e4848da876789b57ca53cd5b1041612a49de9a64a545a39375aa2a516c4af4744daf65a9c28ffb635ba56b96731b763934afa0651fd6fb65e9f71eb0e6fd54bcfd2bf0118b486e97db512290bdb1dcfca76ed974722e13e5acd0569d5f944de70adf728379094981ffaec43848367ec8cdcc227b266649ced47a03b22016ce42be3a33135229670244cc7b3325ee448c95236d0de4bbf641e1cbb0516edb3f8829e60f91d43f0fe45595d8a99e699252930c7b05ba2ba679f8f46c38f789a7750ffa4eaed19c4c1a33aff60c8926ae42497662a130b83b3211e9399e2565d9f082ec30e26e5b02ea91cf43b0a046f9fe596e5bb2a9c800d761008dc7fced2a510af6b02d3f702fc3e1a98c6a87661f0d353b81bc4435c0d4376cfc74c057bf23febb101252c4eb168d4e347e697c8d0c48a687fb2224d58e5dc68c38de930164aba51e7cb19051fe64603c6b602c02c5cc22c6da1c47d906fa1cbf67312658b201b8f89a377d61695daaeee18eb2fb8caf38280fa8b95cca721afdf33d2c3092af57204bca72c46aeae9e9fc46f0ce76b96bbbb59a8517cb72d68f8b189280b6ce1e2686204913bac1d9aecd77623b7f05475352e57f245197894d767e5f17611bbf1bfe2015c9750e9b3f5ad4ad57be1ac4988c30d90829946b05fc5bd709dbd2590da2e3666294f83336e52758bc12c9d02af342a91fdcfc9144021a783643a9845a4898ee03417329ee0e2dd7bd53f3b23f3f9a10ea643b91b3c2df8438efb22fc894bbcdc408a13dbded7002d9cef6e38bf6dfa16f52f0f24087281a3ae95fb4995131938f9ca80c5f466c7367665e5717c823b318f43e7a3e2e8fe9c2e74959ca3d53b79fa45ac778d0a99351a1919b1c9ddfda10d61487fc5a2b8227493b14e2ea9fa41db870deb1700eb46665424fbc3f21c5d7ad61089ad0f99aadcca2a97d46fd091cf21d95674c3cf48f2724a89299b5342ebf8b18770e61c449455f77cacc5b2e0123005cc296acfc28e42e3d3b426469e39def114d6071a3f015f94dd8eab597dc4cf6109f2aeba0639ffe3f66f15ddaa74460a884a5c067e1e6f8d961ff32518e7571d53ae36badcaca50258a15743e67fb35e062e697d44ccd4e416010dbe62a1d13319d3ce88dc7826514d0f84cf7ffd5f1dbdbe3534af35bba26c5f951e18b012234a3e1cd22199358ba66421a326af09d36d45c3497c4725c0e8557395376fa9dcbe4c595aef7f822cb160e72138cd610563c382769b64f5da2ae6f62cbf09d24490565d7b88f6fefc30f050e74327b7efc168f040f18110a61cc6ecf73c43c0e9e73fafcfc6079ee68839a8ed710160fdcfd987394a790e01c42c916169e8c6a7af905c15d51f87e88877386b8f8743efe4fffc2dc8fd73b4e8905b428d4cd87d90e93513f19a981b5037370cd634f23859cb7bd6b5632bd25c6873b7195691e0f76fb07fce6e72d4b2b467e57a325febf4bb842820fe6896b23aa2a3eb37697753a3693ee936692e6cd91eae410bf89192df913f2689adc73b7b35eaf8bf80928c0023b105cbd2be51a08a371be88926636bd590466c218b203fe311d73dd1a8b440133f1ebb8249b4e1f6723b7b18b508dc34acd9da927ea60d2dc361c2d14cd43ad3b0137ac32e8988d11d11de19065d02e8012a2ee24891541989d11da87de4383036b757769222af022e86803b64ccd03e4bfe3a9d3b8a5d6522d7b6ade88aca72bc436382cfcba22a426ecb21366d42588e9a68c0d61722617a4706852ef6e5eb42842d127f88dabcb8cd635d621a9082efe0cbb52fffb017c8cbf80e48ad1d8ac4c927bda50be7bbb6a302081951dd7c05142465ef8188774807ba482c155f7b56b663d24c4ad88140ddba388e4d6abda83048db46ad18328c63006d02844189a769167d94265148e06f3eca08dcd81691df655968de44c5931e62f5dcc4aa16b24ceb6e7a2c8783d9918a9be7c72dcd57fbf39f985ac29069241cbe3298d7651124f03bef8e2adcadb0c0e08efb096f72e5df2d3f8e2ea6f9cd2401533469e5099a6faa98acc2f73028eae115b3a771bc7ddd186ee7a634398e206ce9b1262b1dbb80575eac718eade048bc01ac1d410e21393dada6c1ced94c411fc19ccacdd175996501d66819b491fef65697f736ecc3a4c32f3675d1f90c8e4d44a1ba6048e77fa24d6998ad88da3cf5de223446d53dd72981c19d5915af69b9a7b9bdf35114ac1cee66b9f3f6df4b9a2d2c017d44443a28badca61b1e8db627d967827ebf32c8642b7de41508c15538b6cdf0284f1a94e8d9fcaa086236f11fb1689d57d500423a0c1d362a4fd57e5efa8858c237a0b58210b4df2b6f10fb01ff8b305cb69e65120c716970e1752cae51022a068b9ac2b7775ac415c56d31536c9f1eca654ec89d7ed00855b2d2564a74bf1a0a3b75cbeadad89fd4ce7e0a83a565c6d69077f026dd40ee186fb496d575c5f5d2f4f84e0efd6bca34f070b185903c7fcd6478f467b73687dee0b765477cc474cbe7f067d1f655efe1fac24a6cda9ed82dee343a36f5ce3894587937f31a14dff66e8384bb3c9adebb753f782570a894e09a38c096f523fbdfb7e0c09026fa023c8dc9e5822410d8343afd647a91130744017166a9b195996ee871eb284279fa725f7af7f853eb85bce100cfade5d458c4e166c839e4c1a86", 0x2000, &(0x7f0000000d00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000880)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff}}}, 0x0, 0x0, 0x0, 0x0, 0x0}) chmod(&(0x7f00000001c0)='./file0\x00', 0x0) lremovexattr(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)=@random={'os2.', '{\x00'}) 1.373541103s ago: executing program 2 (id=2516): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x5) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) r4 = dup(r3) write$UHID_INPUT(r4, &(0x7f0000002100)={0x18, {"a2e3ad2119c752f91b3809091bf70e0dd038e7ff7fc6e5539b3263078b089b3b0838721a0890e0878f0e1ac6e7049b3d63959b509a240d5b67f3988f7ef319520100ffe8d178708c523c921b9b5b31320d076d0936cd3b78130daa61d8e809ea889b5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae19397d696d0d758f2dc7d1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70d998ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f0000000c558cdc0a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5af098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc94681359bad8deff4b05f60cea0da7710a80000000000108000e0a37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4ceb360c7e658828563e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b2fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d3a6df40babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f794c9eee1198751adaa13d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6ea94f88a4facfd4c735a20307c737afae5136651b1b9bd522dcb399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f39a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab83c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00303000000000000007fb33b72685ec37a2d3f766413a60559516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce21265b6e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57fa9c0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f458d8d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47a08d3679507000000000000934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d8872fe174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f980000000203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600", 0x1000}}, 0xb82) 1.177489531s ago: executing program 1 (id=2517): prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8e}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) socket$l2tp6(0xa, 0x2, 0x73) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x10, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r1, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r2, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r2, &(0x7f0000000000)=ANY=[@ANYBLOB='7'], 0x6) 390.642814ms ago: executing program 0 (id=2518): mkdir(&(0x7f0000000400)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='ramfs\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(0xffffffffffffffff, 0xc01064b5, 0x0) chdir(&(0x7f00000000c0)='./file0\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000240)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000002340)='./bus\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) 370.382184ms ago: executing program 2 (id=2519): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) r1 = epoll_create(0x200) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000340)) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000040)={0x2, 0x4e23, @local}, 0x10) 324.166207ms ago: executing program 2 (id=2520): umount2(0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) mkdir(&(0x7f0000000400)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000000)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') mkdir(&(0x7f0000000280)='./control\x00', 0x0) inotify_init1(0x0) open$dir(&(0x7f0000000140)='./control\x00', 0x0, 0x0) rmdir(&(0x7f0000000080)='./control\x00') 258.595699ms ago: executing program 1 (id=2521): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) dup3(r1, r0, 0x0) fchdir(0xffffffffffffffff) r2 = inotify_init1(0x0) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) capset(0x0, &(0x7f0000000040)) fcntl$setown(r2, 0x8, 0xffffffffffffffff) fcntl$getownex(r2, 0x10, &(0x7f0000000140)={0x0, 0x0}) syz_open_procfs(r4, &(0x7f0000000600)='fd/4\x00') ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000480)={0x20, 0x0, &(0x7f0000000000)=[@request_death, @clear_death], 0x0, 0x0, 0x0}) r5 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0) lseek(r5, 0x851, 0x0) 50.063398ms ago: executing program 1 (id=2522): mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) socket$netlink(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0) chdir(&(0x7f0000001180)='./bus\x00') r0 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) mkdir(0x0, 0x0) mount$cgroup2(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f0000000240), 0x0, &(0x7f0000000000)={[{}]}) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000d40)={'wlan0\x00'}) lseek(r0, 0x5, 0x0) getdents(r0, 0x0, 0x0) 0s ago: executing program 3 (id=2523): r0 = socket(0x10, 0x3, 0x0) syz_open_dev$loop(&(0x7f0000000900), 0x0, 0x0) r1 = syz_io_uring_setup(0x37b2, &(0x7f00000006c0)={0x0, 0x0, 0x10100}, &(0x7f0000000200), &(0x7f0000000100)=0x0) syz_io_uring_setup(0x1868, &(0x7f00000003c0), &(0x7f0000000000)=0x0, &(0x7f0000000280)) syz_io_uring_submit(r3, r2, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54}) io_uring_enter(r1, 0x184c, 0x0, 0x0, 0x0, 0x0) write(r0, &(0x7f0000000000)="2400000011005f0414f9f4070009040081000000010000000000000008000f000100", 0x22) unshare(0x2000400) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, 0x0) r6 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/profiling', 0x22042, 0x0) write$tun(r6, &(0x7f0000000280)=ANY=[@ANYRESDEC=r6], 0x15) kernel console output (not intermixed with test programs): [ 470.291684][ T3556] usb 2-1: Using ep0 maxpacket: 32 [ 470.412086][ T3556] usb 2-1: invalid descriptor for config index 0: type = 0x2, length = 102 [ 470.429768][ T3556] usb 2-1: can't read configurations, error -22 [ 471.273203][ T3556] usb 2-1: new high-speed USB device number 37 using dummy_hcd [ 471.430973][ T1066] usb 3-1: new high-speed USB device number 34 using dummy_hcd [ 471.438630][ T3679] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 471.624219][ T3556] usb 2-1: device not accepting address 37, error -71 [ 471.632495][ T3556] usb usb2-port1: unable to enumerate USB device [ 471.750858][ T1066] usb 3-1: Using ep0 maxpacket: 8 [ 471.755995][ T3679] usb 4-1: Using ep0 maxpacket: 8 [ 472.041035][ T1066] usb 3-1: New USB device found, idVendor=17dd, idProduct=5500, bcdDevice=41.cb [ 472.050296][ T1066] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 472.058434][ T3679] usb 4-1: New USB device found, idVendor=19d2, idProduct=1119, bcdDevice=39.9d [ 472.072197][ T3679] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 472.080322][ T3679] usb 4-1: Product: syz [ 472.092763][ T1066] usb 3-1: Product: syz [ 472.096947][ T1066] usb 3-1: Manufacturer: syz [ 472.105719][ T3679] usb 4-1: Manufacturer: syz [ 472.110313][ T3679] usb 4-1: SerialNumber: syz [ 472.115057][ T1066] usb 3-1: SerialNumber: syz [ 472.122135][ T1066] usb 3-1: config 0 descriptor?? [ 472.161887][ T3679] usb 4-1: bad CDC descriptors [ 472.172365][ T1066] usb-storage 3-1:0.0: USB Mass Storage device detected [ 472.277257][ T1066] cypress_m8 3-1:0.0: HID->COM RS232 Adapter converter detected [ 472.363245][ T1066] cyphidcom ttyUSB0: required endpoint is missing [ 472.399232][ T4569] usb 3-1: USB disconnect, device number 34 [ 472.415686][ T4569] cypress_m8 3-1:0.0: device disconnected [ 472.434479][T10830] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 472.453431][ T3679] usb 4-1: USB disconnect, device number 27 [ 472.470139][T10830] tipc: Enabling of bearer rejected, failed to enable media [ 472.671071][ T1069] Bluetooth: hci0: command 0x0406 tx timeout [ 472.835784][T10843] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported [ 473.518916][T10859] loop0: detected capacity change from 0 to 256 [ 473.691811][T10868] netlink: 'syz.0.1792': attribute type 4 has an invalid length. [ 474.024214][T10875] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 474.067605][T10875] tipc: Enabling of bearer rejected, failed to enable media [ 474.303521][T10881] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3702941173 (3702941173 ns) > initial count (2209245800 ns). Using initial count to start timer. [ 474.867585][T10901] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported [ 475.670869][ T26] usb 3-1: new high-speed USB device number 35 using dummy_hcd [ 476.031054][ T26] usb 3-1: config 164 has an invalid descriptor of length 0, skipping remainder of the config [ 476.155039][T10903] xt_CT: You must specify a L4 protocol and not use inversions on it [ 476.731159][ T26] usb 3-1: New USB device found, idVendor=048d, idProduct=9005, bcdDevice=40.3d [ 476.758235][ T26] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 476.790922][ T26] usb 3-1: Product: syz [ 476.795139][ T26] usb 3-1: Manufacturer: syz [ 476.816448][ T26] usb 3-1: SerialNumber: syz [ 476.841915][T10919] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 476.900846][ T1069] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 476.925595][T10919] tipc: Enabling of bearer rejected, failed to enable media [ 476.953602][T10925] loop0: detected capacity change from 0 to 128 [ 477.028841][T10925] ufs: ufs_fill_super(): fragment size 2066844866 is not a power of 2 [ 477.191110][ T1069] usb 4-1: Using ep0 maxpacket: 16 [ 477.351824][ T1069] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 477.372243][ T1069] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 477.399714][T10933] loop0: detected capacity change from 0 to 1024 [ 477.410727][ T1069] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 477.438632][ T1069] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 477.495870][ T1069] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 477.613957][T10935] syz.1.1813 uses old SIOCAX25GETINFO [ 477.651048][ T1069] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 477.671034][ T1069] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 477.685315][ T1069] usb 4-1: Manufacturer: syz [ 477.705499][ T1069] usb 4-1: config 0 descriptor?? [ 478.250993][ T26] usb 3-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 478.257390][ T26] dvb_usb_af9035: probe of 3-1:164.0 failed with error -22 [ 478.332887][ T26] usb 3-1: USB disconnect, device number 35 [ 478.512205][ T1069] rc_core: IR keymap rc-hauppauge not found [ 478.525179][ T1069] Registered IR keymap rc-empty [ 478.548131][ T1069] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 478.605156][ T1069] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 478.661953][ T1069] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0 [ 478.700387][ T1069] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input32 [ 478.762592][ T1069] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 478.811024][ T1069] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 478.841357][ T1069] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 478.901182][ T1069] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 478.940957][ T1069] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 479.001722][ T1069] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 479.050909][ T1069] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 479.094795][ T1069] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 479.142018][T10963] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported [ 479.151482][ T1069] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 479.202220][ T1069] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 479.244177][ T1069] mceusb 4-1:0.0: Registered with mce emulator interface version 1 [ 479.264088][ T1069] mceusb 4-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 479.308374][ T1069] usb 4-1: USB disconnect, device number 28 [ 479.848505][ T25] audit: type=1326 audit(1719763874.988:146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10972 comm="syz.0.1822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa6372f4b99 code=0x7ffc0000 [ 480.424028][ T25] audit: type=1326 audit(1719763875.078:147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10972 comm="syz.0.1822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fa6372f4b99 code=0x7ffc0000 [ 480.526611][ T25] audit: type=1326 audit(1719763875.078:148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10972 comm="syz.0.1822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa6372f4b99 code=0x7ffc0000 [ 480.549334][ T25] audit: type=1326 audit(1719763875.088:149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10972 comm="syz.0.1822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fa6372f4b99 code=0x7ffc0000 [ 480.572009][ T25] audit: type=1326 audit(1719763875.088:150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10972 comm="syz.0.1822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa6372f4b99 code=0x7ffc0000 [ 480.595284][ T25] audit: type=1326 audit(1719763875.148:151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10972 comm="syz.0.1822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7fa6372f4b99 code=0x7ffc0000 [ 480.625593][ T25] audit: type=1326 audit(1719763875.248:152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10972 comm="syz.0.1822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa6372f4b99 code=0x7ffc0000 [ 480.668529][ T25] audit: type=1326 audit(1719763875.258:153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10972 comm="syz.0.1822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa6372f4b99 code=0x7ffc0000 [ 480.749057][ T25] audit: type=1326 audit(1719763875.298:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10972 comm="syz.0.1822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa6372f4b99 code=0x7ffc0000 [ 480.920968][ T25] audit: type=1326 audit(1719763875.308:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10972 comm="syz.0.1822" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa6372f4b99 code=0x7ffc0000 [ 481.455057][T11010] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported [ 482.070998][ T26] usb 2-1: new high-speed USB device number 38 using dummy_hcd [ 482.191251][T11015] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1836'. [ 482.233165][T11027] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1836'. [ 482.417537][ T26] usb 2-1: Using ep0 maxpacket: 16 [ 482.581687][ T26] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 482.686753][ T26] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 482.986362][ T26] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 483.000256][ T26] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 483.010256][ T26] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 483.121878][ T26] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 483.143771][ T26] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 483.314512][ T26] usb 2-1: Manufacturer: syz [ 483.357873][T11064] loop0: detected capacity change from 0 to 2048 [ 483.566830][ T26] usb 2-1: config 0 descriptor?? [ 483.664584][T11074] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported [ 483.686329][T11064] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 483.731652][T11064] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 484.143162][ T26] rc_core: IR keymap rc-hauppauge not found [ 484.145279][T11080] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 484.149081][ T26] Registered IR keymap rc-empty [ 484.149160][ T26] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 484.177087][ T26] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 484.192115][T11080] kvm: pic: non byte read [ 484.199164][T11080] kvm: pic: level sensitive irq not supported [ 484.199329][T11080] kvm: pic: non byte read [ 484.211023][T11080] kvm: pic: level sensitive irq not supported [ 484.211086][T11080] kvm: pic: non byte read [ 484.531908][ T26] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0 [ 484.562326][ T26] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input33 [ 484.592634][ T26] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 484.620917][ T26] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 484.660608][ T26] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 484.691081][ T26] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 484.703518][T11091] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1853'. [ 484.721055][ T26] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 484.760940][ T26] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 484.800921][ T26] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 484.840924][ T26] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 484.881547][ T26] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 484.920880][ T26] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 484.953527][T11099] usb usb8: usbfs: process 11099 (syz.4.1854) did not claim interface 0 before use [ 484.964218][ T26] mceusb 2-1:0.0: Registered with mce emulator interface version 1 [ 484.980891][ T26] mceusb 2-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 485.000049][T11099] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1854'. [ 485.014913][ T26] usb 2-1: USB disconnect, device number 38 [ 485.139435][T11087] loop0: detected capacity change from 0 to 32768 [ 485.238746][T11087] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 scanned by syz.0.1851 (11087) [ 485.309212][T11087] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 485.339150][T11087] BTRFS info (device loop0): enabling auto defrag [ 485.380687][T11087] BTRFS info (device loop0): max_inline at 0 [ 485.397241][T11087] BTRFS info (device loop0): enabling ssd optimizations [ 485.416194][T11087] BTRFS info (device loop0): setting incompat feature flag for COMPRESS_LZO (0x8) [ 485.456663][T11087] BTRFS info (device loop0): use lzo compression, level 0 [ 485.487063][T11087] BTRFS info (device loop0): using free space tree [ 485.530927][T11087] BTRFS info (device loop0): has skinny extents [ 486.466079][T11152] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1864'. [ 486.801044][ T25] kauditd_printk_skb: 7 callbacks suppressed [ 486.801061][ T25] audit: type=1804 audit(1719763881.938:163): pid=11113 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.1858" name="/root/syzkaller.wsPtSS/35/file0" dev="sda1" ino=2093 res=1 errno=0 [ 487.189999][T11180] loop0: detected capacity change from 0 to 1024 [ 487.279377][T11183] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1871'. [ 487.379418][T11183] IPVS: set_ctl: invalid protocol: 103 172.20.20.170:20001 [ 487.641334][T11198] tipc: Enabled bearer , priority 0 [ 487.663858][T11198] ªªªªªª: renamed from syzkaller0 [ 487.664095][T11159] usb 3-1: new high-speed USB device number 36 using dummy_hcd [ 487.690042][T11198] tipc: Disabling bearer [ 488.261542][T11206] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1879'. [ 488.530861][T11159] usb 3-1: Using ep0 maxpacket: 16 [ 488.631705][T11221] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1882'. [ 488.655507][T11159] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 488.696290][T11159] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 488.720854][T11159] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 488.731914][T11224] loop0: detected capacity change from 0 to 248 [ 488.751023][T11159] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 488.760682][T11159] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 488.883978][T11159] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 488.903634][T11159] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 488.921045][T11159] usb 3-1: Manufacturer: syz [ 488.944620][T11159] usb 3-1: config 0 descriptor?? [ 489.469598][ T25] audit: type=1800 audit(1719763884.608:164): pid=11246 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1888" name="file0" dev="sda1" ino=2094 res=0 errno=0 [ 489.711152][T11159] rc_core: IR keymap rc-hauppauge not found [ 489.717511][T11159] Registered IR keymap rc-empty [ 489.741040][T11159] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 490.392481][T11159] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 490.414260][T11248] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 490.421701][T11159] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0 [ 490.441540][T11248] fuse: Bad value for 'fd' [ 490.462056][T11159] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input34 [ 490.501023][T11159] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 490.525004][ T13] Bluetooth: hci3: command 0x0405 tx timeout [ 490.530904][T11159] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 490.561178][T11159] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 490.591279][T11159] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 490.779791][T11159] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 491.206435][T11159] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 491.300926][T11159] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 491.330970][T11159] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 491.360946][T11159] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 491.390915][T11159] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 491.417517][T11276] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 491.431904][T11159] mceusb 3-1:0.0: Registered with mce emulator interface version 1 [ 491.450252][T11159] mceusb 3-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 491.483956][T11159] usb 3-1: USB disconnect, device number 36 [ 491.554384][ T9056] udevd[9056]: setting owner of /dev/input/event4 to uid=0, gid=104 failed: No such file or directory [ 491.930936][T11159] usb 3-1: new high-speed USB device number 37 using dummy_hcd [ 492.018335][T11286] device ip6gretap0 entered promiscuous mode [ 492.051284][T11286] device vlan2 entered promiscuous mode [ 492.080755][T11286] device ip6gretap0 left promiscuous mode [ 492.591455][T11159] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 492.600607][T11159] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 492.636042][ T25] audit: type=1804 audit(1719763887.778:165): pid=11291 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.1900" name="/root/syzkaller.u6puLB/37/bus" dev="sda1" ino=2095 res=1 errno=0 [ 492.672273][T11159] usb 3-1: config 0 descriptor?? [ 492.712116][T11159] cp210x 3-1:0.0: cp210x converter detected [ 492.764210][T11302] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1904'. [ 493.776898][T11280] udc-core: couldn't find an available UDC or it's busy [ 493.787627][T11317] device veth1_macvtap left promiscuous mode [ 493.810928][T11280] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 493.883154][T11159] cp210x 3-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 493.960896][T11161] usb 2-1: new high-speed USB device number 39 using dummy_hcd [ 494.003366][T11159] usb 3-1: cp210x converter now attached to ttyUSB0 [ 494.200971][T11161] usb 2-1: Using ep0 maxpacket: 16 [ 494.213967][T11324] device ip6gretap0 entered promiscuous mode [ 494.227124][T11324] device vlan2 entered promiscuous mode [ 494.240609][T11324] device ip6gretap0 left promiscuous mode [ 494.349295][ T25] audit: type=1326 audit(1719763889.488:166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11279 comm="syz.2.1896" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53bca45b99 code=0x7ffc0000 [ 494.401310][ T13] usb 3-1: USB disconnect, device number 37 [ 494.449352][ T13] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 494.478677][ T25] audit: type=1326 audit(1719763889.518:167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11279 comm="syz.2.1896" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53bca45b99 code=0x7ffc0000 [ 494.567118][ T13] cp210x 3-1:0.0: device disconnected [ 494.612248][ T25] audit: type=1326 audit(1719763889.528:168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11279 comm="syz.2.1896" exe="/root/syz-executor" sig=0 arch=c000003e syscall=259 compat=0 ip=0x7f53bca45b99 code=0x7ffc0000 [ 494.635332][ T25] audit: type=1326 audit(1719763889.528:169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11279 comm="syz.2.1896" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53bca45b99 code=0x7ffc0000 [ 494.657918][T11161] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 494.668242][ T25] audit: type=1326 audit(1719763889.528:170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11279 comm="syz.2.1896" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53bca45b99 code=0x7ffc0000 [ 494.692793][T11161] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 494.703896][T11161] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 494.715668][T11161] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 494.726184][T11161] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 494.811071][T11161] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 494.820135][T11161] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 494.860912][T11161] usb 2-1: Manufacturer: syz [ 494.871792][T11161] usb 2-1: config 0 descriptor?? [ 495.018983][T11336] device wg2 entered promiscuous mode [ 495.394523][ T26] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0 [ 495.431483][ T13] usb 3-1: new high-speed USB device number 38 using dummy_hcd [ 495.670198][T11161] rc_core: IR keymap rc-hauppauge not found [ 495.676271][ T26] Bluetooth: hci4: Injecting HCI hardware error event [ 495.683251][T11161] Registered IR keymap rc-empty [ 495.688175][T11161] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 495.698175][ T3524] Bluetooth: hci4: hardware error 0x00 [ 495.704395][ T13] usb 3-1: Using ep0 maxpacket: 16 [ 495.711754][T11350] futex_wake_op: syz.3.1919 tries to shift op by 208; fix this program [ 495.726207][T11161] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 495.751402][T11161] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0 [ 495.781645][T11161] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input35 [ 495.801156][T11353] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1920'. [ 495.901091][ T13] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 495.930280][ T13] usb 3-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00 [ 495.980698][T11161] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 496.009848][ T13] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 496.010979][T11161] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 496.071226][T11161] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 496.261014][T11161] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 496.301049][T11161] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 496.351092][T11161] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 496.410970][T11161] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 496.450954][T11161] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 496.455225][ T13] usb 3-1: config 0 descriptor?? [ 496.506581][ T13] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input36 [ 496.541231][T11161] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 496.574251][T11161] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 496.621937][T11161] mceusb 2-1:0.0: Registered with mce emulator interface version 1 [ 496.629953][T11161] mceusb 2-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 496.668067][T11161] usb 2-1: USB disconnect, device number 39 [ 496.891125][ T2948] bcm5974 3-1:0.0: could not read from device [ 496.977610][T11339] bcm5974 3-1:0.0: could not read from device [ 497.069386][ T13] usb 3-1: USB disconnect, device number 38 [ 497.076478][ T8212] bcm5974 3-1:0.0: could not read from device [ 497.104162][ T2948] bcm5974 3-1:0.0: could not read from device [ 497.906955][T11378] loop0: detected capacity change from 0 to 32768 [ 498.020714][T11378] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz.0.1927 (11378) [ 498.076571][T11378] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 498.092850][T11378] BTRFS info (device loop0): using free space tree [ 498.101791][T11378] BTRFS info (device loop0): has skinny extents [ 498.300773][T11378] BTRFS info (device loop0): enabling ssd optimizations [ 498.694507][T11425] netdevsim netdevsim2 netdevsim0: set [1, 1] type 2 family 0 port 44640 - 0 [ 498.705741][T11425] netdevsim netdevsim2 netdevsim1: set [1, 1] type 2 family 0 port 44640 - 0 [ 498.719471][T11425] netdevsim netdevsim2 netdevsim2: set [1, 1] type 2 family 0 port 44640 - 0 [ 498.732953][T11425] netdevsim netdevsim2 netdevsim3: set [1, 1] type 2 family 0 port 44640 - 0 [ 498.753830][T11425] netdevsim netdevsim2 netdevsim0: set [1, 2] type 2 family 0 port 50612 - 0 [ 498.782472][T11425] netdevsim netdevsim2 netdevsim1: set [1, 2] type 2 family 0 port 50612 - 0 [ 498.791465][T11425] netdevsim netdevsim2 netdevsim2: set [1, 2] type 2 family 0 port 50612 - 0 [ 498.810259][T11425] netdevsim netdevsim2 netdevsim3: set [1, 2] type 2 family 0 port 50612 - 0 [ 498.820361][T11425] device geneve2 entered promiscuous mode [ 498.840263][T11425] netdevsim netdevsim2 netdevsim0: unset [1, 2] type 2 family 0 port 50612 - 0 [ 498.876620][T11425] netdevsim netdevsim2 netdevsim1: unset [1, 2] type 2 family 0 port 50612 - 0 [ 498.888585][T11425] netdevsim netdevsim2 netdevsim2: unset [1, 2] type 2 family 0 port 50612 - 0 [ 498.922749][T11445] fuse: Bad value for 'fd' [ 498.927431][T11446] fuse: Bad value for 'fd' [ 498.947309][T11425] netdevsim netdevsim2 netdevsim3: unset [1, 2] type 2 family 0 port 50612 - 0 [ 498.969221][T11425] netdevsim netdevsim2 netdevsim0: unset [1, 1] type 2 family 0 port 44640 - 0 [ 498.983137][T11425] netdevsim netdevsim2 netdevsim1: unset [1, 1] type 2 family 0 port 44640 - 0 [ 498.993053][T11425] netdevsim netdevsim2 netdevsim2: unset [1, 1] type 2 family 0 port 44640 - 0 [ 499.002389][T11425] netdevsim netdevsim2 netdevsim3: unset [1, 1] type 2 family 0 port 44640 - 0 [ 499.070994][T11161] usb 2-1: new high-speed USB device number 40 using dummy_hcd [ 499.143941][ T25] audit: type=1326 audit(1719763894.288:171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11449 comm="syz.3.1940" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f9dcb149b99 code=0x0 [ 499.370930][T11161] usb 2-1: Using ep0 maxpacket: 16 [ 499.531085][T11161] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 499.549771][T11161] usb 2-1: can't read configurations, error -61 [ 499.669410][T11452] loop0: detected capacity change from 0 to 32768 [ 499.701999][T11161] usb 2-1: new high-speed USB device number 41 using dummy_hcd [ 499.758123][T11452] BTRFS: device fsid 34a2da50-e117-4d40-8878-8e0fb0127b5f devid 1 transid 8 /dev/loop0 scanned by syz.0.1941 (11452) [ 499.980851][T11161] usb 2-1: Using ep0 maxpacket: 16 [ 500.023151][T11452] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 500.050900][T11452] BTRFS info (device loop0): using free space tree [ 500.057438][T11452] BTRFS info (device loop0): has skinny extents [ 500.161089][T11161] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 500.187993][T11161] usb 2-1: can't read configurations, error -61 [ 500.218285][T11161] usb usb2-port1: attempt power cycle [ 500.322827][T11452] BTRFS info (device loop0): enabling ssd optimizations [ 500.399127][T11491] tipc: Started in network mode [ 500.411709][T11491] tipc: Node identity 7aade9af0588, cluster identity 4711 [ 500.418941][T11491] tipc: Enabled bearer , priority 0 [ 500.548219][T11495] tipc: Disabling bearer [ 500.640937][T11161] usb 2-1: new high-speed USB device number 42 using dummy_hcd [ 500.741047][T11161] usb 2-1: Using ep0 maxpacket: 16 [ 500.901139][T11161] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 500.917919][T11161] usb 2-1: can't read configurations, error -61 [ 500.958287][T11510] syz.4.1950 (11510): drop_caches: 4 [ 501.080907][T11161] usb 2-1: new high-speed USB device number 43 using dummy_hcd [ 501.098883][ T25] audit: type=1326 audit(1719763896.238:172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11519 comm="syz.3.1954" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f9dcb149b99 code=0x0 [ 501.191035][T11161] usb 2-1: Using ep0 maxpacket: 16 [ 501.241106][ T3556] usb 5-1: new high-speed USB device number 31 using dummy_hcd [ 501.271328][ T26] usb 3-1: new high-speed USB device number 39 using dummy_hcd [ 501.312955][ T1376] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.319382][ T1376] ieee802154 phy1 wpan1: encryption failed: -22 [ 501.361070][T11161] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 501.368799][T11161] usb 2-1: can't read configurations, error -61 [ 501.388502][T11161] usb usb2-port1: unable to enumerate USB device [ 501.531219][ T26] usb 3-1: Using ep0 maxpacket: 32 [ 501.611197][ T3556] usb 5-1: New USB device found, idVendor=a766, idProduct=7cb5, bcdDevice=55.3a [ 501.640591][ T3556] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 501.655457][ T26] usb 3-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7 [ 501.675503][ T26] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 501.700203][ T3556] usb 5-1: config 0 descriptor?? [ 501.732277][ T26] usb 3-1: config 0 descriptor?? [ 501.771912][ T3556] usb-storage 5-1:0.0: USB Mass Storage device detected [ 501.782099][ T26] gspca_main: sunplus-2.14.0 probing 041e:400b [ 501.973628][T11161] usb 5-1: USB disconnect, device number 31 [ 502.474464][ T26] gspca_sunplus: reg_w_riv err -71 [ 502.479662][ T26] sunplus: probe of 3-1:0.0 failed with error -71 [ 502.492344][ T26] usb 3-1: USB disconnect, device number 39 [ 502.625217][T11546] (unnamed net_device) (uninitialized): option lp_interval: invalid value (0) [ 502.654383][T11546] (unnamed net_device) (uninitialized): option lp_interval: allowed values 1 - 2147483647 [ 502.674997][T11542] tipc: Started in network mode [ 502.679938][T11542] tipc: Node identity bea8ff239124, cluster identity 4711 [ 502.721070][T11542] tipc: Enabled bearer , priority 0 [ 502.744475][T11551] ªªªªªª: renamed from syzkaller0 [ 502.783379][T11551] tipc: Disabling bearer [ 502.970652][T11562] netlink: 'syz.4.1966': attribute type 4 has an invalid length. [ 502.991915][ T26] usb 3-1: new high-speed USB device number 40 using dummy_hcd [ 503.462333][T11580] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1973'. [ 503.538031][ T376] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 503.559522][ T26] usb 3-1: Using ep0 maxpacket: 8 [ 503.565041][T11583] xt_TCPMSS: Only works on TCP SYN packets [ 503.662090][ T376] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 503.691017][ T26] usb 3-1: config index 0 descriptor too short (expected 301, got 45) [ 503.699221][ T26] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 503.716428][T11439] usb 5-1: new high-speed USB device number 32 using dummy_hcd [ 503.749501][ T26] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 503.761768][ T26] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 503.773245][ T26] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 503.795961][ T26] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 503.805215][ T26] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 503.867613][ T376] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 503.922263][T11595] tipc: Enabled bearer , priority 0 [ 503.940292][T11595] ªªªªªª: renamed from syzkaller0 [ 503.952241][T11595] tipc: Disabling bearer [ 503.969050][ T376] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 504.072594][ T26] usb 3-1: GET_CAPABILITIES returned 0 [ 504.079261][ T26] usbtmc 3-1:16.0: can't read capabilities [ 504.133914][T11592] chnl_net:caif_netlink_parms(): no params data found [ 504.165244][T11439] usb 5-1: New USB device found, idVendor=a766, idProduct=7cb5, bcdDevice=55.3a [ 504.215693][T11439] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 504.287453][T11439] usb 5-1: config 0 descriptor?? [ 504.317050][T11615] loop0: detected capacity change from 0 to 512 [ 504.352278][T11439] usb-storage 5-1:0.0: USB Mass Storage device detected [ 504.512991][T11592] bridge0: port 1(bridge_slave_0) entered blocking state [ 504.520197][T11592] bridge0: port 1(bridge_slave_0) entered disabled state [ 504.532310][T11592] device bridge_slave_0 entered promiscuous mode [ 504.553918][T11592] bridge0: port 2(bridge_slave_1) entered blocking state [ 504.561269][T11592] bridge0: port 2(bridge_slave_1) entered disabled state [ 504.589254][T11592] device bridge_slave_1 entered promiscuous mode [ 504.635147][T11615] EXT4-fs (loop0): Test dummy encryption mode enabled [ 504.647704][T11156] usb 5-1: USB disconnect, device number 32 [ 504.676755][T11615] EXT4-fs (loop0): Test dummy encryption mode enabled [ 504.764389][T11615] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:163: inode #12: comm syz.0.1984: inline data xattr refers to an external xattr inode [ 504.833561][T11615] EXT4-fs error (device loop0): ext4_orphan_get:1402: comm syz.0.1984: couldn't read orphan inode 12 (err -117) [ 504.836485][T11592] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 504.862805][T11592] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 504.872486][T11615] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000040000,init_itable=0x0000000000000000,nolazytime,grpid,prjquota,usrjquota=,lazytime,errors=continue,test_dummy_encryption,test_dummy_encryption,,errors=continue. Quota mode: writeback. [ 504.938564][ T25] audit: type=1400 audit(1719763900.078:173): apparmor="DENIED" operation="change_profile" info="label not found" error=-2 profile="unconfined" name=222F2F26 pid=11614 comm="syz.0.1984" [ 505.449398][T11592] team0: Port device team_slave_0 added [ 505.485590][T11592] team0: Port device team_slave_1 added [ 505.595112][T11650] netlink: 96 bytes leftover after parsing attributes in process `syz.4.1986'. [ 505.871287][T11156] Bluetooth: hci2: command 0x0409 tx timeout [ 505.971924][T11592] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 505.979087][T11592] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 506.040924][T11659] loop0: detected capacity change from 0 to 16 [ 506.087944][T11659] erofs: (device loop0): mounted with root inode @ nid 36. [ 506.091957][T11434] usb 3-1: USB disconnect, device number 40 [ 506.100851][T11592] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 506.197090][T11592] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 506.206730][T11592] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 506.284299][T11592] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 506.440106][T11676] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3) [ 506.446654][T11676] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 506.476124][T11592] device hsr_slave_0 entered promiscuous mode [ 506.492389][T11676] vhci_hcd vhci_hcd.0: Device attached [ 506.500522][T11592] device hsr_slave_1 entered promiscuous mode [ 506.529043][T11592] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 506.557276][T11592] Cannot create hsr debugfs directory [ 506.688208][T11677] vhci_hcd: connection closed [ 506.697516][ T3758] vhci_hcd: stop threads [ 506.710767][ T3758] vhci_hcd: release socket [ 506.727821][ T3758] vhci_hcd: disconnect device [ 506.760910][T11156] usb 9-1: new high-speed USB device number 2 using vhci_hcd [ 506.768405][T11156] usb 9-1: enqueue for inactive port 0 [ 506.881011][T11156] vhci_hcd: vhci_device speed not set [ 507.066372][ T376] device hsr_slave_0 left promiscuous mode [ 507.082688][ T376] device hsr_slave_1 left promiscuous mode [ 507.107769][ T376] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 507.127372][ T376] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 507.157740][ T376] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 507.175565][ T376] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 507.198618][ T376] device bridge_slave_1 left promiscuous mode [ 507.218842][ T376] bridge0: port 2(bridge_slave_1) entered disabled state [ 507.234836][ T376] device bridge_slave_0 left promiscuous mode [ 507.251710][ T3554] usb 5-1: new high-speed USB device number 33 using dummy_hcd [ 507.268029][ T376] bridge0: port 1(bridge_slave_0) entered disabled state [ 507.356172][T11714] 9pnet: Insufficient options for proto=fd [ 507.370749][ T376] device veth1_macvtap left promiscuous mode [ 507.396892][ T376] device veth0_macvtap left promiscuous mode [ 507.423352][ T376] device veth1_vlan left promiscuous mode [ 507.439612][ T376] device veth0_vlan left promiscuous mode [ 507.674619][T11734] futex_wake_op: syz.2.2000 tries to shift op by 32; fix this program [ 507.685636][T11734] tipc: Can't bind to reserved service type 0 [ 507.698033][ T376] bond1 (unregistering): Released all slaves [ 507.721659][ T3554] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 507.733003][ T3554] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 18 [ 507.786151][ T376] team0 (unregistering): Port device team_slave_1 removed [ 507.804018][ T376] team0 (unregistering): Port device team_slave_0 removed [ 507.816009][ T376] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 507.825164][ T3554] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice=e0.40 [ 507.834596][ T3554] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 507.842795][ T3554] usb 5-1: SerialNumber: syz [ 507.847671][ T376] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 507.882089][ T3554] cdc_ether: probe of 5-1:1.0 failed with error -22 [ 507.909566][ T376] bond0 (unregistering): Released all slaves [ 507.961012][ T3554] Bluetooth: hci2: command 0x041b tx timeout [ 507.986366][T11736] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2000'. [ 508.021929][T11735] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2000'. [ 508.042477][T11739] loop0: detected capacity change from 0 to 190 [ 508.122977][ T3556] usb 5-1: USB disconnect, device number 33 [ 508.152231][T11739] ntfs: (device loop0): is_boot_sector_ntfs(): Invalid boot sector checksum. [ 508.203428][T11739] ntfs: (device loop0): ntfs_mapping_pairs_decompress(): Corrupt attribute. [ 508.241403][T11739] ntfs: (device loop0): ntfs_read_block(): Failed to read from inode 0x1, attribute type 0x80, vcn 0x0, offset 0x0 because its location on disk could not be determined even after retrying (error code -5). [ 508.273023][T11739] ntfs: (device loop0): check_mft_mirror(): Failed to read $MFTMirr. [ 508.297504][T11739] ntfs: (device loop0): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 508.328489][T11739] ntfs: (device loop0): ntfs_attr_find(): Inode is corrupt. Run chkdsk. [ 508.345270][T11592] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 508.359359][T11739] ntfs: (device loop0): ntfs_read_locked_inode(): Failed to lookup attribute list attribute. [ 508.359843][T11592] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 508.387017][T11739] ntfs: (device loop0): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xa as bad. Run chkdsk. [ 508.387420][T11592] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 508.411249][T11739] ntfs: (device loop0): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 508.451848][T11739] ntfs: volume version 3.1. [ 508.452100][T11592] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 508.471166][T11739] attempt to access beyond end of device [ 508.471166][T11739] loop0: rw=0, want=560, limit=190 [ 508.535022][T11739] attempt to access beyond end of device [ 508.535022][T11739] loop0: rw=0, want=560, limit=190 [ 508.605359][ T3554] usb 2-1: new high-speed USB device number 44 using dummy_hcd [ 508.610720][T11592] 8021q: adding VLAN 0 to HW filter on device bond0 [ 508.638017][T11752] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2001'. [ 508.668945][T11156] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 508.677295][T11156] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 508.695841][T11592] 8021q: adding VLAN 0 to HW filter on device team0 [ 508.715540][ T3556] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 508.729033][ T3556] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 508.742122][ T3556] bridge0: port 1(bridge_slave_0) entered blocking state [ 508.749251][ T3556] bridge0: port 1(bridge_slave_0) entered forwarding state [ 508.775626][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 508.787902][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 508.799534][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 508.817311][ T26] bridge0: port 2(bridge_slave_1) entered blocking state [ 508.824483][ T26] bridge0: port 2(bridge_slave_1) entered forwarding state [ 508.838397][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 508.847599][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 508.922326][T11161] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 508.939088][T11161] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 508.949680][T11161] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 508.968132][T11161] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 508.978539][T11161] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 509.037146][T11161] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 509.071683][T11592] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 509.167866][T11592] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 509.238766][T11156] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 509.252473][T11156] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 509.328342][T11156] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 509.368946][T11767] syz.0.2008[11767] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 509.369056][T11767] syz.0.2008[11767] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 509.475773][T11767] syz.0.2008[11767] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 509.581290][ T3554] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 509.591630][T11767] syz.0.2008[11767] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 509.593057][ T3554] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 509.626149][ T3554] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 509.640827][ T3554] usb 2-1: New USB device found, idVendor=5543, idProduct=0003, bcdDevice= 0.00 [ 509.649872][ T3554] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 509.693326][ T3554] usb 2-1: config 0 descriptor?? [ 509.743960][ T3556] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 509.758044][ T3556] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 509.785599][T11592] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 509.850605][T11792] 9pnet: Insufficient options for proto=fd [ 509.876373][ T1069] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 509.885853][ T1069] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 509.925963][ T1069] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 509.939976][ T1069] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 509.981172][T11592] device veth0_vlan entered promiscuous mode [ 509.999118][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 510.007611][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 510.029689][T11592] device veth1_vlan entered promiscuous mode [ 510.038469][ T1069] Bluetooth: hci2: command 0x040f tx timeout [ 510.122640][ T3556] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 510.133058][ T3556] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 510.161650][ T3556] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 510.190971][ T3556] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 510.209438][ T3554] uclogic 0003:5543:0003.001D: unknown main item tag 0x0 [ 510.221769][T11592] device veth0_macvtap entered promiscuous mode [ 510.241310][ T3556] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 510.262194][ T3554] uclogic 0003:5543:0003.001D: unknown main item tag 0x0 [ 510.262589][T11592] device veth1_macvtap entered promiscuous mode [ 510.300342][ T3554] uclogic 0003:5543:0003.001D: No inputs registered, leaving [ 510.338792][ T3554] uclogic 0003:5543:0003.001D: hidraw0: USB HID v0.00 Device [HID 5543:0003] on usb-dummy_hcd.1-1/input0 [ 510.338865][T11592] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 510.363380][T11801] loop0: detected capacity change from 0 to 1024 [ 510.450919][T11592] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 510.460762][T11592] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 510.538758][T11748] Invalid architecture in ELF header: 574 [ 510.627856][T11592] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 510.718127][T11592] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 510.774351][T11592] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 510.819532][T11592] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 510.830067][T11592] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 510.853253][T11592] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 510.874553][T11801] hfsplus: unable to parse mount options [ 510.903617][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 510.921642][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 510.958815][T11592] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 510.979771][T11592] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 511.017746][T11592] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 511.038631][T11592] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 511.086478][T11592] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 511.103325][T11592] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 511.139909][T11592] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 511.169303][T11592] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 511.181395][ T3554] usb 2-1: USB disconnect, device number 44 [ 511.189973][T11592] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 511.269093][ T1069] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 511.292220][ T1069] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 511.302438][T11828] loop0: detected capacity change from 0 to 512 [ 511.317939][T11592] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 511.328469][T11592] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 511.361202][T11592] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 511.380541][T11592] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 511.412950][T11828] EXT4-fs (loop0): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000000800,minixdf,,errors=continue. Quota mode: writeback. [ 511.443480][T11828] ext4 filesystem being mounted at /root/syzkaller.QsPMWF/193/bus supports timestamps until 2038 (0x7fffffff) [ 511.619489][ T4747] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 511.631805][ T1069] usb 3-1: new high-speed USB device number 41 using dummy_hcd [ 511.640960][ T4747] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 511.675284][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 511.701942][ T4304] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 511.710155][ T4304] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 511.775232][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 511.941049][ T1069] usb 3-1: Using ep0 maxpacket: 8 [ 512.030413][T11851] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 513.363442][ T1069] usb 3-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 513.382424][ T1069] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 513.419255][ T1069] usb 3-1: config 0 descriptor?? [ 513.455805][T11432] Bluetooth: hci2: command 0x0419 tx timeout [ 513.752243][T11866] sd 0:0:1:0: device reset [ 514.228538][T11855] loop0: detected capacity change from 0 to 32768 [ 514.263702][T11439] usb 5-1: new high-speed USB device number 34 using dummy_hcd [ 514.367549][T11855] ERROR: (device loop0): xtSearch: XT_GETPAGE: xtree page corrupt [ 514.367549][T11855] [ 514.392660][T11855] xtLookup: xtSearch returned -5 [ 514.397648][T11855] read_mapping_page failed! [ 514.416287][T11855] jfs_mount: diMount(ipaimap2) failed, rc = -5 [ 514.423504][T11855] Mount JFS Failure: -5 [ 514.428293][T11855] jfs_mount failed w/return code = -5 [ 514.661054][T11439] usb 5-1: New USB device found, idVendor=a766, idProduct=7cb5, bcdDevice=55.3a [ 514.680712][T11439] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 514.709537][T11439] usb 5-1: config 0 descriptor?? [ 514.772164][T11439] usb-storage 5-1:0.0: USB Mass Storage device detected [ 514.993296][ T26] usb 5-1: USB disconnect, device number 34 [ 515.233412][T11913] device veth0_vlan left promiscuous mode [ 515.633869][T11830] udc-core: couldn't find an available UDC or it's busy [ 515.653951][T11830] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 515.742362][ T1069] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 515.776606][ T1069] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to write RX_CTL mode to 0x0088: ffffffb9 [ 515.844269][ T1069] asix: probe of 3-1:0.0 failed with error -71 [ 515.893830][ T1069] usb 3-1: USB disconnect, device number 41 [ 516.138254][T11939] loop0: detected capacity change from 0 to 1024 [ 516.208036][T11939] EXT4-fs (loop0): Ignoring removed bh option [ 516.259040][T11939] EXT4-fs error (device loop0): ext4_map_blocks:601: inode #3: block 69: comm syz.0.2043: lblock 8 mapped to illegal pblock 69 (length 1) [ 516.286724][T11939] __quota_error: 10 callbacks suppressed [ 516.286743][T11939] Quota error (device loop0): write_blk: dquota write failed [ 516.300379][T11939] EXT4-fs error (device loop0): ext4_map_blocks:601: inode #3: block 68: comm syz.0.2043: lblock 7 mapped to illegal pblock 68 (length 1) [ 516.320972][T11939] Quota error (device loop0): write_blk: dquota write failed [ 516.339341][T11939] EXT4-fs error (device loop0): ext4_map_blocks:601: inode #3: block 67: comm syz.0.2043: lblock 6 mapped to illegal pblock 67 (length 1) [ 516.360900][T11939] Quota error (device loop0): write_blk: dquota write failed [ 516.378575][T11939] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 516.389745][T11939] EXT4-fs error (device loop0): ext4_map_blocks:601: inode #3: block 48: comm syz.0.2043: lblock 0 mapped to illegal pblock 48 (length 1) [ 516.410939][T11939] Quota error (device loop0): v2_write_file_info: Can't write info structure [ 516.431011][T11939] EXT4-fs error (device loop0): ext4_acquire_dquot:6196: comm syz.0.2043: Failed to acquire dquot type 0 [ 516.457828][T11939] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5789: Corrupt filesystem [ 516.502093][T11939] EXT4-fs error (device loop0): ext4_evict_inode:282: inode #11: comm syz.0.2043: mark_inode_dirty error [ 516.517375][T11939] EXT4-fs warning (device loop0): ext4_evict_inode:285: couldn't mark inode dirty (err -117) [ 516.529058][T11939] EXT4-fs (loop0): 1 orphan inode deleted [ 516.538827][T11939] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,barrier,resuid=0x0000000000000000,noload,dioread_lock,bh,bsddf,bsdgroups,,errors=continue. Quota mode: none. [ 516.568395][ T3758] EXT4-fs error (device loop0): ext4_map_blocks:601: inode #3: block 1: comm kworker/u4:7: lblock 1 mapped to illegal pblock 1 (length 1) [ 516.609757][ T3758] Quota error (device loop0): remove_tree: Can't read quota data block 1 [ 516.638947][ T3758] EXT4-fs error (device loop0): ext4_release_dquot:6219: comm kworker/u4:7: Failed to release dquot type 0 [ 516.790904][ T1069] usb 2-1: new full-speed USB device number 45 using dummy_hcd [ 517.010729][T11942] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:476: comm ext4lazyinit: Invalid block bitmap block 3 in block_group 0 [ 517.322282][ T1069] usb 2-1: device descriptor read/64, error -71 [ 518.330858][ T1069] usb 2-1: new full-speed USB device number 46 using dummy_hcd [ 518.610989][ T1069] usb 2-1: device descriptor read/64, error -71 [ 518.751554][ T1069] usb usb2-port1: attempt power cycle [ 519.191099][ T1069] usb 2-1: new full-speed USB device number 47 using dummy_hcd [ 519.305395][T11939] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5789: Corrupt filesystem [ 519.348709][T11939] EXT4-fs error (device loop0): ext4_quota_off:6485: inode #3: comm syz.0.2043: mark_inode_dirty error [ 519.362620][T11948] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 519.380777][ C0] vkms_vblank_simulate: vblank timer overrun [ 519.446564][ T1069] usb 2-1: device not accepting address 47, error -71 [ 519.570975][ T26] usb 3-1: new high-speed USB device number 42 using dummy_hcd [ 519.961492][ T26] usb 3-1: New USB device found, idVendor=a766, idProduct=7cb5, bcdDevice=55.3a [ 520.006892][ T26] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 520.239864][ T26] usb 3-1: config 0 descriptor?? [ 520.295832][ T26] usb-storage 3-1:0.0: USB Mass Storage device detected [ 521.746241][ T1069] usb 3-1: USB disconnect, device number 42 [ 522.042824][T12024] loop0: detected capacity change from 0 to 2048 [ 522.374770][ T3556] usb 2-1: new high-speed USB device number 49 using dummy_hcd [ 522.629662][T12041] IPv6: addrconf: prefix option has invalid lifetime [ 522.639897][ T3556] usb 2-1: Using ep0 maxpacket: 16 [ 522.761032][ T3556] usb 2-1: config 0 has an invalid descriptor of length 1, skipping remainder of the config [ 522.786842][ T3556] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 522.825189][ T3556] usb 2-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 522.845821][ T3556] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 522.884849][ T3556] usb 2-1: config 0 descriptor?? [ 523.795995][T11156] usb 2-1: USB disconnect, device number 49 [ 523.903422][T12078] tipc: Enabled bearer , priority 0 [ 523.915103][T12078] ªªªªªª: renamed from syzkaller0 [ 523.926667][T12078] tipc: Disabling bearer [ 524.017177][T12080] netlink: 'syz.1.2082': attribute type 10 has an invalid length. [ 524.028570][T12080] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2082'. [ 524.236702][T12091] netlink: 'syz.0.2086': attribute type 29 has an invalid length. [ 524.279236][T12091] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2086'. [ 524.289161][T12091] netlink: 'syz.0.2086': attribute type 29 has an invalid length. [ 524.317210][T12091] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2086'. [ 524.402100][T12096] loop0: detected capacity change from 0 to 16 [ 524.450906][T11156] usb 2-1: new high-speed USB device number 50 using dummy_hcd [ 524.483448][T12096] erofs: (device loop0): mounted with root inode @ nid 36. [ 524.577582][T12096] attempt to access beyond end of device [ 524.577582][T12096] loop0: rw=0, want=34359739352, limit=16 [ 524.660892][T11156] usb 2-1: device descriptor read/64, error -71 [ 524.696185][T12107] attempt to access beyond end of device [ 524.696185][T12107] loop0: rw=0, want=34359739352, limit=16 [ 525.433532][T12116] tipc: Started in network mode [ 525.446013][T12116] tipc: Node identity d2f6868e6d, cluster identity 4711 [ 525.454505][T12116] tipc: Enabled bearer , priority 0 [ 525.471935][T12116] ªªªªªª: renamed from syzkaller0 [ 525.483553][T12116] tipc: Disabling bearer [ 525.631294][T11156] usb 2-1: new high-speed USB device number 51 using dummy_hcd [ 525.641622][T12121] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2094'. [ 525.670336][T12121] netlink: 'syz.2.2094': attribute type 16 has an invalid length. [ 525.954771][T11156] usb 2-1: device descriptor read/64, error -71 [ 526.314499][T11156] usb usb2-port1: attempt power cycle [ 526.831900][T11156] usb 2-1: new high-speed USB device number 52 using dummy_hcd [ 526.931473][T11156] usb 2-1: device descriptor read/8, error -71 [ 527.200976][T11156] usb 2-1: new high-speed USB device number 53 using dummy_hcd [ 527.455309][ C0] vxcan0: j1939_tp_rxtimer: 0xffff8880658a7c00: rx timeout, send abort [ 527.460881][T11156] usb 2-1: device not accepting address 53, error -71 [ 527.464678][ C0] vxcan0: j1939_xtp_rx_abort_one: 0xffff8880658a7c00: 0x40000: (3) A timeout occurred and this is the connection abort to close the session. [ 527.481392][T11156] usb usb2-port1: unable to enumerate USB device [ 527.490389][T11432] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 527.501323][T11432] Bluetooth: hci2: Injecting HCI hardware error event [ 527.508638][ T3522] Bluetooth: hci2: hardware error 0x00 [ 527.756043][T12169] tipc: Enabled bearer , priority 0 [ 527.764819][T12169] ªªªªªª: renamed from syzkaller0 [ 527.782074][T12169] tipc: Disabling bearer [ 528.276172][T12180] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2111'. [ 529.034239][ T25] audit: type=1804 audit(1719763924.178:174): pid=12197 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.2117" name="/root/syzkaller.u6puLB/92/bus" dev="sda1" ino=2094 res=1 errno=0 [ 529.185792][ T25] audit: type=1326 audit(1719763924.328:175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12201 comm="syz.4.2118" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe4f0d02b99 code=0x7ffc0000 [ 529.243556][ T25] audit: type=1326 audit(1719763924.358:176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12201 comm="syz.4.2118" exe="/root/syz-executor" sig=0 arch=c000003e syscall=117 compat=0 ip=0x7fe4f0d02b99 code=0x7ffc0000 [ 529.318036][ T25] audit: type=1326 audit(1719763924.358:177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12201 comm="syz.4.2118" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe4f0d02b99 code=0x7ffc0000 [ 529.389377][ T25] audit: type=1326 audit(1719763924.358:178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12201 comm="syz.4.2118" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe4f0d02b99 code=0x7ffc0000 [ 529.470342][ T25] audit: type=1326 audit(1719763924.358:179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12201 comm="syz.4.2118" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7fe4f0d02b99 code=0x7ffc0000 [ 529.544220][ T25] audit: type=1326 audit(1719763924.358:180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12201 comm="syz.4.2118" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe4f0d02b99 code=0x7ffc0000 [ 529.606236][T12223] tipc: Enabled bearer , priority 0 [ 529.612969][ T25] audit: type=1326 audit(1719763924.358:181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12201 comm="syz.4.2118" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe4f0d02b99 code=0x7ffc0000 [ 529.655104][T12223] ªªªªªª: renamed from syzkaller0 [ 529.670850][ T25] audit: type=1326 audit(1719763924.358:182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12201 comm="syz.4.2118" exe="/root/syz-executor" sig=0 arch=c000003e syscall=259 compat=0 ip=0x7fe4f0d02b99 code=0x7ffc0000 [ 529.695717][T12223] tipc: Disabling bearer [ 529.722443][ T25] audit: type=1326 audit(1719763924.358:183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12201 comm="syz.4.2118" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe4f0d02b99 code=0x7ffc0000 [ 529.894357][T12239] netlink: 'syz.4.2129': attribute type 2 has an invalid length. [ 530.326222][ T1069] usb 3-1: new high-speed USB device number 43 using dummy_hcd [ 530.601187][ T1069] usb 3-1: Using ep0 maxpacket: 16 [ 530.657314][T12268] tipc: Enabled bearer , priority 0 [ 530.666707][T12268] ªªªªªª: renamed from syzkaller0 [ 530.688274][T12268] tipc: Disabling bearer [ 530.897524][T12272] loop0: detected capacity change from 0 to 4096 [ 530.916267][ T1069] usb 3-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice= 7.79 [ 530.925489][ T3554] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 530.940916][ T1069] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 530.941361][T12272] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 530.958542][ T1069] usb 3-1: Product: syz [ 530.967537][ T1069] usb 3-1: Manufacturer: syz [ 530.987712][ T1069] usb 3-1: SerialNumber: syz [ 531.003716][ T1069] usb 3-1: config 0 descriptor?? [ 531.047043][T12272] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 531.218795][ T3554] usb 4-1: Using ep0 maxpacket: 16 [ 531.289454][T12245] netlink: 68 bytes leftover after parsing attributes in process `syz.2.2131'. [ 531.342284][ T3554] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 531.371058][ T3554] usb 4-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00 [ 531.384455][ T3554] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 531.394562][ T1069] usb 3-1: Limiting number of CPorts to U8_MAX [ 531.405069][ T1069] usb 3-1: Not enough endpoints found in device, aborting! [ 531.412507][T11432] usb 5-1: new high-speed USB device number 35 using dummy_hcd [ 531.436539][ T3554] usb 4-1: config 0 descriptor?? [ 531.498805][ T3554] input: bcm5974 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input38 [ 531.599410][T11439] usb 3-1: USB disconnect, device number 43 [ 531.710982][T11432] usb 5-1: Using ep0 maxpacket: 32 [ 531.771067][ T2948] bcm5974 4-1:0.0: could not read from device [ 531.831401][ T2948] bcm5974 4-1:0.0: could not read from device [ 531.911579][T12310] tipc: Enabled bearer , priority 0 [ 531.929500][T12310] ªªªªªª: renamed from syzkaller0 [ 531.944443][T12310] tipc: Disabling bearer [ 531.974230][T12294] loop0: detected capacity change from 0 to 40427 [ 532.011117][T11432] usb 5-1: New USB device found, idVendor=061d, idProduct=c160, bcdDevice=af.e4 [ 532.028847][T11432] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 532.040087][T11432] usb 5-1: Product: syz [ 532.049884][T11432] usb 5-1: Manufacturer: syz [ 532.054797][T11432] usb 5-1: SerialNumber: syz [ 532.064826][T11432] usb 5-1: config 0 descriptor?? [ 532.087533][T12294] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 532.105225][T12294] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 532.115342][T11432] quatech2 5-1:0.0: Quatech 2nd gen USB to Serial Driver converter detected [ 532.139068][T12294] F2FS-fs (loop0): invalid crc value [ 532.148079][T12294] F2FS-fs (loop0): invalid crc value [ 532.155936][T12294] F2FS-fs (loop0): Failed to get valid F2FS checkpoint [ 532.351245][T11432] usb 5-1: qt2_attach - failed to power on unit: -71 [ 532.358389][T11432] quatech2: probe of 5-1:0.0 failed with error -71 [ 532.377783][T11432] usb 5-1: USB disconnect, device number 35 [ 532.488396][T12331] device syzkaller1 entered promiscuous mode [ 532.537936][T12330] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2158'. [ 533.849306][T12342] loop0: detected capacity change from 0 to 8192 [ 534.038728][T12354] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2165'. [ 534.072390][ T3554] usb 4-1: USB disconnect, device number 29 [ 534.081073][ T9056] bcm5974 4-1:0.0: could not read from device [ 534.119322][ T2948] bcm5974 4-1:0.0: could not read from device [ 534.135794][T12354] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2165'. [ 534.145739][T12342] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 534.156833][T12342] REISERFS (device loop0): using ordered data mode [ 534.163997][T12342] reiserfs: using flush barriers [ 534.177995][T12342] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 534.202615][T12342] REISERFS (device loop0): checking transaction log (loop0) [ 534.291912][T12342] REISERFS (device loop0): Using r5 hash to sort names [ 534.322865][T12342] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 534.351388][T12342] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 534.385555][T12368] Illegal XDP return value 4054907434, expect packet loss! [ 534.389726][T12369] fuse: Unknown parameter '0x00000000000000030x00000000000000030x00000000000000000xffffffffffffffff' [ 535.270751][T12402] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2181'. [ 535.392275][T12402] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2181'. [ 535.740925][T11159] usb 3-1: new high-speed USB device number 44 using dummy_hcd [ 535.816705][T12423] EXT4-fs warning (device sda1): __ext4_ioctl:881: Setting inode version is not supported with metadata_csum enabled. [ 535.853653][T12379] loop0: detected capacity change from 0 to 65536 [ 536.008269][T12379] XFS (loop0): Mounting V5 Filesystem [ 536.111741][T11159] usb 3-1: config 9 has an invalid descriptor of length 0, skipping remainder of the config [ 536.129308][T11159] usb 3-1: config 9 has 0 interfaces, different from the descriptor's value: 1 [ 536.139987][T12379] XFS (loop0): Ending clean mount [ 536.155501][T11159] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 536.163583][T12379] XFS (loop0): Quotacheck needed: Please wait. [ 536.175733][T11159] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 536.285511][T12379] XFS (loop0): Quotacheck: Done. [ 536.452505][T12441] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2189'. [ 536.531017][T11159] usb 3-1: language id specifier not provided by device, defaulting to English [ 536.675118][ T8253] XFS (loop0): Unmounting Filesystem [ 536.861122][ T3554] usb 4-1: new high-speed USB device number 30 using dummy_hcd [ 537.052179][T11159] usb 3-1: USB disconnect, device number 44 [ 537.201078][ T3554] usb 4-1: no configurations [ 537.206019][ T3554] usb 4-1: can't read configurations, error -22 [ 537.363655][ T3554] usb 4-1: new high-speed USB device number 31 using dummy_hcd [ 537.681154][ T3554] usb 4-1: no configurations [ 537.685910][ T3554] usb 4-1: can't read configurations, error -22 [ 537.705600][ T3554] usb usb4-port1: attempt power cycle [ 537.742326][T12461] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2195'. [ 537.846139][T12461] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2195'. [ 538.240867][ T3554] usb 4-1: new high-speed USB device number 32 using dummy_hcd [ 538.411944][ T3554] usb 4-1: no configurations [ 538.417431][ T3554] usb 4-1: can't read configurations, error -22 [ 538.651090][ T3554] usb 4-1: new high-speed USB device number 33 using dummy_hcd [ 538.841893][ T3554] usb 4-1: no configurations [ 538.884565][ T3554] usb 4-1: can't read configurations, error -22 [ 538.905700][ T3554] usb usb4-port1: unable to enumerate USB device [ 540.871451][T12506] udc-core: couldn't find an available UDC or it's busy [ 540.946944][T12506] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 541.333270][T12513] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2208'. [ 541.479358][T12513] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2208'. [ 542.128790][T12529] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2214'. [ 542.188924][T12529] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2214'. [ 542.217992][T12531] x_tables: ip_tables: udp match: only valid for protocol 17 [ 542.259288][T12531] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2216'. [ 542.292336][T12531] netlink: 2 bytes leftover after parsing attributes in process `syz.4.2216'. [ 542.317240][T12536] 9pnet: Insufficient options for proto=fd [ 542.327765][T12536] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2217'. [ 542.412569][T12542] loop0: detected capacity change from 0 to 512 [ 542.853529][T12565] loop0: detected capacity change from 0 to 256 [ 542.870905][ T1069] usb 5-1: new high-speed USB device number 36 using dummy_hcd [ 542.959877][T12565] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 543.150988][ T1069] usb 5-1: Using ep0 maxpacket: 8 [ 543.196680][T12572] udc-core: couldn't find an available UDC or it's busy [ 543.209318][T12572] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 543.470949][ T1069] usb 5-1: New USB device found, idVendor=04bb, idProduct=0901, bcdDevice=56.a0 [ 543.489731][ T1069] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 543.511653][ T1069] usb 5-1: Product: syz [ 543.515898][ T1069] usb 5-1: Manufacturer: syz [ 543.520833][ T1069] usb 5-1: SerialNumber: syz [ 543.532224][ T1069] usb 5-1: config 0 descriptor?? [ 543.677154][T12585] netlink: 104 bytes leftover after parsing attributes in process `syz.3.2232'. [ 543.805068][ T1069] kaweth 5-1:0.0: Firmware present in device. [ 544.031586][ T26] usb 4-1: new high-speed USB device number 34 using dummy_hcd [ 544.149631][T12554] program syz.4.2221 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 544.201091][ T1069] kaweth 5-1:0.0: Error reading configuration (-71), no net device created [ 544.209813][ T1069] kaweth: probe of 5-1:0.0 failed with error -5 [ 544.255020][ T1069] usb 5-1: USB disconnect, device number 36 [ 544.291011][ T26] usb 4-1: Using ep0 maxpacket: 32 [ 544.411297][ T26] usb 4-1: descriptor type invalid, skip [ 544.491046][ T26] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 544.511216][ T26] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 544.531244][ T26] usb 4-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 544.724918][ T26] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 544.739961][ T26] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 544.748425][ T26] usb 4-1: Product: syz [ 544.758482][ T26] usb 4-1: Manufacturer: syz [ 544.763568][T12584] loop0: detected capacity change from 0 to 65536 [ 545.045668][T12584] XFS (loop0): Mounting V5 Filesystem [ 545.093098][T12584] XFS (loop0): Ending clean mount [ 545.107646][T12584] XFS (loop0): Quotacheck needed: Please wait. [ 545.168052][T12584] XFS (loop0): Quotacheck: Done. [ 545.255865][ T26] usb 4-1: SerialNumber: syz [ 545.275809][ T8253] XFS (loop0): Unmounting Filesystem [ 545.421067][T11159] usb 2-1: new high-speed USB device number 54 using dummy_hcd [ 545.515255][T12585] netlink: 'syz.3.2232': attribute type 10 has an invalid length. [ 545.531043][T12585] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2232'. [ 545.558163][T12585] device team0 entered promiscuous mode [ 545.576625][T12585] device team_slave_0 entered promiscuous mode [ 545.596719][T12585] device team_slave_1 entered promiscuous mode [ 545.613947][T12585] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 545.652577][T12586] device virt_wifi0 entered promiscuous mode [ 545.659181][T12586] team0: Port device virt_wifi0 added [ 545.670895][T11159] usb 2-1: Using ep0 maxpacket: 8 [ 545.690248][ T376] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 545.757419][ T376] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 545.793558][T11159] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 545.807774][T12625] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2241'. [ 545.816374][T11159] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 545.817694][T12625] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2241'. [ 545.853026][T11159] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 545.865029][T11159] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 255 [ 545.880355][ T376] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 545.883214][T11159] usb 2-1: New USB device found, idVendor=056a, idProduct=5000, bcdDevice= 0.00 [ 545.905431][T11159] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 545.916028][T11159] usb 2-1: config 0 descriptor?? [ 545.956298][ T376] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 546.113876][T12623] chnl_net:caif_netlink_parms(): no params data found [ 546.242121][ T26] cdc_ether: probe of 4-1:1.0 failed with error -22 [ 546.268088][ T26] usb 4-1: USB disconnect, device number 34 [ 546.332459][ T376] tipc: Left network mode [ 546.426060][T12623] bridge0: port 1(bridge_slave_0) entered blocking state [ 546.439322][T12623] bridge0: port 1(bridge_slave_0) entered disabled state [ 546.461046][T11159] usbhid 2-1:0.0: can't add hid device: -71 [ 546.471192][T11159] usbhid: probe of 2-1:0.0 failed with error -71 [ 546.471273][T12623] device bridge_slave_0 entered promiscuous mode [ 546.495503][T12623] bridge0: port 2(bridge_slave_1) entered blocking state [ 546.508919][T12623] bridge0: port 2(bridge_slave_1) entered disabled state [ 546.518611][T12623] device bridge_slave_1 entered promiscuous mode [ 546.528923][T11159] usb 2-1: USB disconnect, device number 54 [ 546.623291][T12623] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 546.652519][T12623] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 546.890396][T12623] team0: Port device team_slave_0 added [ 546.979979][T12623] team0: Port device team_slave_1 added [ 547.140389][T12623] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 547.175317][T12623] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 547.220654][T12623] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 547.242305][ T3554] usb 4-1: new high-speed USB device number 35 using dummy_hcd [ 547.323796][T12623] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 547.359296][T12623] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 547.410963][T12623] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 547.564859][T12623] device hsr_slave_0 entered promiscuous mode [ 547.584925][T12623] device hsr_slave_1 entered promiscuous mode [ 547.701102][ T3554] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 547.742033][ T3554] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 520 [ 547.834812][ T376] device hsr_slave_0 left promiscuous mode [ 547.864745][ T376] device hsr_slave_1 left promiscuous mode [ 547.871204][T11156] Bluetooth: hci3: command 0x0409 tx timeout [ 547.892954][ T376] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 547.928193][ T376] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 547.961073][ T3554] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 547.989924][ T3554] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 548.028816][ T3554] usb 4-1: Product: syz [ 548.056799][ T3554] usb 4-1: Manufacturer: syz [ 548.076573][ T3554] usb 4-1: SerialNumber: syz [ 548.110872][ T376] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 548.129197][ T376] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 548.175808][ T376] device bridge_slave_1 left promiscuous mode [ 548.212422][ T376] bridge0: port 2(bridge_slave_1) entered disabled state [ 548.262135][ T376] device bridge_slave_0 left promiscuous mode [ 548.268448][ T376] bridge0: port 1(bridge_slave_0) entered disabled state [ 548.317345][ T376] device veth1_macvtap left promiscuous mode [ 548.336696][ T376] device veth0_macvtap left promiscuous mode [ 548.346840][ T376] device veth1_vlan left promiscuous mode [ 548.356953][ T376] device veth0_vlan left promiscuous mode [ 548.365597][T12662] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 548.565646][ T376] bond2 (unregistering): Released all slaves [ 548.591967][T12662] udc-core: couldn't find an available UDC or it's busy [ 548.612449][T12662] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 548.635093][ T376] bond1 (unregistering): Released all slaves [ 548.698355][T12691] loop0: detected capacity change from 0 to 1024 [ 548.778496][T12691] EXT4-fs (loop0): bad geometry: first data block 100663296 is beyond end of filesystem (512) [ 548.848915][T12691] xt_hashlimit: max too large, truncated to 1048576 [ 548.858270][ T376] team0 (unregistering): Port device team_slave_1 removed [ 548.877546][ T376] team0 (unregistering): Port device team_slave_0 removed [ 548.936406][ T376] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 548.978109][ T376] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 549.043074][T12662] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 549.072260][ T376] bond0 (unregistering): Released all slaves [ 549.084216][ T25] kauditd_printk_skb: 26 callbacks suppressed [ 549.084230][ T25] audit: type=1326 audit(1719763944.228:210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12697 comm="syz.1.2255" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f60662feb99 code=0x0 [ 549.120127][ T25] audit: type=1326 audit(1719763944.258:211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12694 comm="syz.0.2254" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa6372f4b99 code=0x7ffc0000 [ 549.155407][ T25] audit: type=1326 audit(1719763944.258:212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12694 comm="syz.0.2254" exe="/root/syz-executor" sig=0 arch=c000003e syscall=117 compat=0 ip=0x7fa6372f4b99 code=0x7ffc0000 [ 549.155449][ T25] audit: type=1326 audit(1719763944.258:213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12694 comm="syz.0.2254" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa6372f4b99 code=0x7ffc0000 [ 549.155480][ T25] audit: type=1326 audit(1719763944.258:214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12694 comm="syz.0.2254" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7fa6372f4b99 code=0x7ffc0000 [ 549.155510][ T25] audit: type=1326 audit(1719763944.258:215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12694 comm="syz.0.2254" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa6372f4b99 code=0x7ffc0000 [ 549.155540][ T25] audit: type=1326 audit(1719763944.268:216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12694 comm="syz.0.2254" exe="/root/syz-executor" sig=0 arch=c000003e syscall=259 compat=0 ip=0x7fa6372f4b99 code=0x7ffc0000 [ 549.155571][ T25] audit: type=1326 audit(1719763944.268:217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12694 comm="syz.0.2254" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa6372f4b99 code=0x7ffc0000 [ 549.155602][ T25] audit: type=1326 audit(1719763944.268:218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12694 comm="syz.0.2254" exe="/root/syz-executor" sig=0 arch=c000003e syscall=80 compat=0 ip=0x7fa6372f4b99 code=0x7ffc0000 [ 549.155632][ T25] audit: type=1326 audit(1719763944.268:219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12694 comm="syz.0.2254" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa6372f4b99 code=0x7ffc0000 [ 549.408206][ T3554] cdc_ncm 4-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 549.408249][ T3554] cdc_ncm 4-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048 [ 549.408270][ T3554] cdc_ncm 4-1:1.0: setting rx_max = 2048 [ 549.776050][T12623] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 549.814486][T12623] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 549.828111][T12623] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 549.847019][T12623] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 549.950963][ T3678] Bluetooth: hci3: command 0x041b tx timeout [ 550.042265][ T3554] cdc_ncm 4-1:1.0: setting tx_max = 88 [ 550.060959][ T3554] cdc_ncm 4-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.3-1, CDC NCM, 42:42:42:42:42:42 [ 550.072208][T12623] 8021q: adding VLAN 0 to HW filter on device bond0 [ 550.109222][T12623] 8021q: adding VLAN 0 to HW filter on device team0 [ 550.140982][ T3554] usb 4-1: USB disconnect, device number 35 [ 550.188180][ T3554] cdc_ncm 4-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.3-1, CDC NCM [ 550.291261][T11439] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 550.299148][T11439] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 550.386789][ T1069] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 550.399124][ T1069] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 550.417845][ T1069] bridge0: port 1(bridge_slave_0) entered blocking state [ 550.424980][ T1069] bridge0: port 1(bridge_slave_0) entered forwarding state [ 550.451047][ T1069] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 550.468714][ T1069] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 550.487408][ T1069] bridge0: port 2(bridge_slave_1) entered blocking state [ 550.494541][ T1069] bridge0: port 2(bridge_slave_1) entered forwarding state [ 550.518950][ T1069] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 550.536794][ T1069] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 550.598663][T11439] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 550.610465][T11439] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 550.640405][T11439] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 550.667262][T11439] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 550.699120][T11439] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 550.716615][T11439] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 550.747198][T11439] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 550.778115][T12623] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 550.811315][T12623] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 550.834246][ T1069] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 550.844980][ T1069] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 550.869620][ T1069] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 551.146218][ T3678] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 551.171747][ T3678] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 551.212334][T12623] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 551.879186][T12746] chnl_net:caif_netlink_parms(): no params data found [ 552.028730][T11439] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 552.030897][ T3678] Bluetooth: hci3: command 0x040f tx timeout [ 552.043976][T11439] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 552.120678][T12623] device veth0_vlan entered promiscuous mode [ 552.165091][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 552.199602][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 552.343846][T12623] device veth1_vlan entered promiscuous mode [ 552.357665][T11439] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 552.391154][T11439] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 552.441059][T12781] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 552.446182][T11439] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 552.561990][T12746] bridge0: port 1(bridge_slave_0) entered blocking state [ 552.569287][T12746] bridge0: port 1(bridge_slave_0) entered disabled state [ 552.606693][T12746] device bridge_slave_0 entered promiscuous mode [ 552.640132][T12623] device veth0_macvtap entered promiscuous mode [ 552.682782][T12746] bridge0: port 2(bridge_slave_1) entered blocking state [ 552.696706][T12746] bridge0: port 2(bridge_slave_1) entered disabled state [ 552.726788][T12746] device bridge_slave_1 entered promiscuous mode [ 552.768195][ T3554] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 552.788003][ T3554] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 552.822439][T12623] device veth1_macvtap entered promiscuous mode [ 552.863860][ T3554] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 552.898655][ T3554] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 552.914363][T12746] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 552.960461][T12746] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 553.046161][T12623] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 553.062895][T12623] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 553.081336][ T3554] Bluetooth: hci2: command 0x0409 tx timeout [ 553.083941][T12623] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 553.131980][T12623] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 553.182565][T12623] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 553.201908][T12623] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 553.236404][T12623] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 553.268222][T12623] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 553.316206][T12623] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 553.407532][T12746] team0: Port device team_slave_0 added [ 553.442561][ T3554] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 553.464705][ T3554] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 553.493012][T12746] team0: Port device team_slave_1 added [ 553.541527][T12623] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 553.569465][T12623] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 553.609655][T12623] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 553.664302][T12623] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 553.709989][T12623] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 553.727693][T12623] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 553.738025][T12623] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 553.754835][T12623] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 553.779667][T12623] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 553.807380][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 553.817323][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 553.833596][T12623] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 553.844768][T12623] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 553.855452][T12623] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 553.867517][T12623] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 553.908268][T12746] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 553.933029][T12746] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 554.014438][T12746] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 554.032641][T12864] ALSA: seq fatal error: cannot create timer (-22) [ 554.038987][T12746] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 554.064372][T12746] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 554.121655][ T13] Bluetooth: hci3: command 0x0419 tx timeout [ 554.127940][T12746] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 554.271333][T12746] device hsr_slave_0 entered promiscuous mode [ 554.293523][T12746] device hsr_slave_1 entered promiscuous mode [ 554.302082][T12746] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 554.312959][T12746] Cannot create hsr debugfs directory [ 554.422087][ T3707] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 554.422161][ T3707] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 554.427265][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 554.468727][ T3707] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 554.468803][ T3707] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 554.483631][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 554.622122][T12746] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 554.693554][T12746] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 554.738941][T12746] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 554.842347][T12746] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 554.892607][T12875] loop0: detected capacity change from 0 to 32768 [ 554.955333][T12875] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz.0.2287 (12875) [ 555.029717][T12875] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 555.048647][T12875] BTRFS info (device loop0): setting nodatasum [ 555.062901][T12875] BTRFS info (device loop0): enabling auto defrag [ 555.067756][T12746] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 555.089983][T12875] BTRFS info (device loop0): disabling tree log [ 555.099123][T12746] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 555.105390][T12875] BTRFS info (device loop0): using free space tree [ 555.129797][T12875] BTRFS info (device loop0): has skinny extents [ 555.140332][T12746] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 555.157371][T11439] Bluetooth: hci2: command 0x041b tx timeout [ 555.161802][T12746] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 555.345226][T12746] 8021q: adding VLAN 0 to HW filter on device bond0 [ 555.366174][T12875] BTRFS info (device loop0): enabling ssd optimizations [ 555.366666][ T3554] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 555.418588][ T3554] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 555.478118][T12746] 8021q: adding VLAN 0 to HW filter on device team0 [ 555.556981][T11439] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 555.586184][T11439] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 555.630118][T11439] bridge0: port 1(bridge_slave_0) entered blocking state [ 555.637247][T11439] bridge0: port 1(bridge_slave_0) entered forwarding state [ 556.071404][T11441] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 556.086121][T12946] loop0: detected capacity change from 0 to 1024 [ 556.098837][T11441] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 556.117499][T11441] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 556.129470][T11441] bridge0: port 2(bridge_slave_1) entered blocking state [ 556.136587][T11441] bridge0: port 2(bridge_slave_1) entered forwarding state [ 556.155003][T11441] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 556.163987][T11441] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 556.173563][T11441] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 556.184790][T11441] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 556.213746][T11439] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 556.228677][T11439] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 556.240231][T12946] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a000c118, mo2=0002] [ 556.241259][T11439] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 556.275418][T12946] System zones: 0-1, 3-12 [ 556.302248][T12946] EXT4-fs (loop0): mounted filesystem without journal. Opts: jqfmt=vfsv1,bsddf,barrier=0x0000000000000000,norecovery,min_batch_time=0x0000000000000005,lazytime,nodelalloc,acl,debug,,errors=continue. Quota mode: none. [ 556.323236][ C0] vkms_vblank_simulate: vblank timer overrun [ 556.332359][T11156] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 556.359602][T11156] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 556.370985][ T25] kauditd_printk_skb: 19 callbacks suppressed [ 556.371003][ T25] audit: type=1800 audit(1719763951.508:239): pid=12946 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2304" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 556.427590][T12746] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 556.469227][T12746] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 556.597295][ T3678] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 556.622981][ T3678] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 557.243188][T11441] Bluetooth: hci2: command 0x040f tx timeout [ 557.351636][T12976] tmpfs: Unknown parameter 'usrquota' [ 557.444281][ T376] device hsr_slave_0 left promiscuous mode [ 557.460702][ T376] device hsr_slave_1 left promiscuous mode [ 557.500093][ T376] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 557.527485][ T376] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 557.546982][ T376] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 557.567943][ T376] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 557.589675][ T376] device bridge_slave_1 left promiscuous mode [ 557.604773][ T376] bridge0: port 2(bridge_slave_1) entered disabled state [ 557.646550][ T376] device bridge_slave_0 left promiscuous mode [ 557.646644][T12985] loop0: detected capacity change from 0 to 1024 [ 557.658011][ T376] bridge0: port 1(bridge_slave_0) entered disabled state [ 557.689593][ T376] device veth1_macvtap left promiscuous mode [ 557.696903][ T376] device veth0_macvtap left promiscuous mode [ 557.714369][ T376] device veth1_vlan left promiscuous mode [ 557.727491][ T376] device veth0_vlan left promiscuous mode [ 557.817275][ T8253] hfsplus: bad catalog entry type [ 557.853079][ T8253] hfsplus: bad catalog entry type [ 557.879488][ T154] hfsplus: b-tree write err: -5, ino 4 [ 558.260296][ T376] device virt_wifi0 left promiscuous mode [ 558.283815][ T376] team0 (unregistering): Port device virt_wifi0 removed [ 558.376985][ T376] device team_slave_1 left promiscuous mode [ 558.406500][ T376] team0 (unregistering): Port device team_slave_1 removed [ 558.466940][ T376] device team_slave_0 left promiscuous mode [ 558.476789][ T376] team0 (unregistering): Port device team_slave_0 removed [ 558.498605][ T376] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 558.545777][ T376] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 559.236126][ T3678] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 559.244616][ T3678] Bluetooth: hci1: Injecting HCI hardware error event [ 559.271434][ T3522] Bluetooth: hci1: hardware error 0x00 [ 559.278757][ T376] bond0 (unregistering): Released all slaves [ 559.311392][T12938] Bluetooth: hci2: command 0x0419 tx timeout [ 559.376521][ T25] audit: type=1800 audit(1719763954.518:240): pid=12998 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.2319" name="bus" dev="overlay" ino=2113 res=0 errno=0 [ 559.405485][T11441] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 559.421703][T11441] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 559.494131][T12746] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 559.531207][T11441] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 559.540700][T11441] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 559.576518][T11432] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 559.593908][T11432] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 559.605175][T12746] device veth0_vlan entered promiscuous mode [ 559.608763][T13010] netlink: 276 bytes leftover after parsing attributes in process `syz.4.2325'. [ 559.613211][T11441] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 559.636139][T11441] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 559.649714][T12746] device veth1_vlan entered promiscuous mode [ 559.727388][T11441] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 559.748695][T11441] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 559.757218][T13006] overlayfs: failed to resolve './file0': -2 [ 559.758624][T11441] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 559.811375][T11441] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 559.865358][T12746] device veth0_macvtap entered promiscuous mode [ 559.911955][T12746] device veth1_macvtap entered promiscuous mode [ 559.985041][T12746] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 559.999527][T12746] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 560.013384][T12746] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 560.040254][T12746] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 560.068560][T12746] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 560.094050][T12746] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 560.142109][T12746] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 560.165413][T12746] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 560.204054][T12746] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 560.241079][T11432] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 560.264426][T11432] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 560.296664][T13033] ieee802154 phy0 wpan0: encryption failed: -22 [ 560.320921][T11432] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 560.345101][T11432] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 560.366871][T12746] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 560.438214][T12746] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 560.459228][T12746] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 560.487141][T12746] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 560.534028][T12746] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 560.555607][T12746] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 560.573855][T12746] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 560.584742][T12746] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 560.602573][T12746] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 560.615874][T11441] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 560.645235][T11441] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 560.691356][T12746] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 560.706906][T12746] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 560.716577][T12746] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 560.736262][T12746] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 560.944079][ T3758] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 560.980488][ T3758] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 561.017269][ T4747] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 561.036945][T11156] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 561.054132][ T4747] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 561.066733][T11156] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 561.126498][T13048] autofs4:pid:13048:autofs_fill_super: called with bogus options [ 561.153908][T13029] chnl_net:caif_netlink_parms(): no params data found [ 561.244619][T11439] usb 2-1: new high-speed USB device number 55 using dummy_hcd [ 561.343303][T13029] bridge0: port 1(bridge_slave_0) entered blocking state [ 561.358804][T13029] bridge0: port 1(bridge_slave_0) entered disabled state [ 561.369951][T13029] device bridge_slave_0 entered promiscuous mode [ 561.378474][T13029] bridge0: port 2(bridge_slave_1) entered blocking state [ 561.404708][T13029] bridge0: port 2(bridge_slave_1) entered disabled state [ 561.429816][T13029] device bridge_slave_1 entered promiscuous mode [ 561.477641][T13069] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2344'. [ 561.521035][T11439] usb 2-1: Using ep0 maxpacket: 8 [ 561.572618][T13029] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 561.612025][T13029] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 561.642966][T11439] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 561.664341][T11439] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 561.688748][T11439] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 561.726605][T11439] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 561.768925][T11439] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 561.821611][T11439] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 561.845674][T11439] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 561.994640][T13029] team0: Port device team_slave_0 added [ 562.006445][T13080] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns [ 562.035756][T13080] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 562.055429][T13029] team0: Port device team_slave_1 added [ 562.139783][T13029] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 562.146961][T11439] usb 2-1: usb_control_msg returned -32 [ 562.153470][T11439] usbtmc 2-1:16.0: can't read capabilities [ 562.174828][T13029] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 562.272769][T13029] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 562.358270][T13029] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 562.384373][T13029] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 562.431013][T11159] Bluetooth: hci0: command 0x0409 tx timeout [ 562.445158][T13029] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 562.579859][T13029] device hsr_slave_0 entered promiscuous mode [ 562.599863][T13029] device hsr_slave_1 entered promiscuous mode [ 562.621301][T13029] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 562.664510][T13029] Cannot create hsr debugfs directory [ 562.756169][ T1376] ieee802154 phy0 wpan0: encryption failed: -22 [ 562.762488][ T1376] ieee802154 phy1 wpan1: encryption failed: -22 [ 562.930992][T13087] usbtmc 2-1:16.0: usb_control_msg returned -32 [ 563.090772][T11441] usb 2-1: USB disconnect, device number 55 [ 563.182700][T13029] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 563.329678][T13029] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 563.501829][T13029] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 563.621670][T13029] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 564.392171][T13115] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns [ 564.415361][T13029] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 564.430730][T13115] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 564.480369][T13029] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 564.503377][T13029] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 564.511088][T11156] Bluetooth: hci0: command 0x041b tx timeout [ 564.543962][T13029] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 564.738409][T13029] 8021q: adding VLAN 0 to HW filter on device bond0 [ 564.789530][T11159] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 564.805429][T11159] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 564.832896][T13029] 8021q: adding VLAN 0 to HW filter on device team0 [ 564.891432][T11159] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 564.906670][T11159] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 564.927001][T11159] bridge0: port 1(bridge_slave_0) entered blocking state [ 564.934122][T11159] bridge0: port 1(bridge_slave_0) entered forwarding state [ 564.979745][T11156] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 565.006371][T11156] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 565.041265][T11156] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 565.065371][T11156] bridge0: port 2(bridge_slave_1) entered blocking state [ 565.072566][T11156] bridge0: port 2(bridge_slave_1) entered forwarding state [ 565.092148][T11156] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 565.106843][T11156] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 565.143318][T11432] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 565.171905][T11432] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 565.180489][T11432] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 565.226339][T11432] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 565.261871][T11432] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 565.270339][T11432] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 565.312009][T11439] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 565.392001][ T3678] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 565.400537][ T3678] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 565.411825][T13029] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 566.120185][ T376] tipc: Left network mode [ 566.301764][T12938] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 566.316853][T12938] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 566.336386][T13029] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 566.417207][T12938] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 566.426604][T12938] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 566.497635][T12938] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 566.517870][T12938] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 566.563518][T13029] device veth0_vlan entered promiscuous mode [ 566.583424][T11439] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 566.592357][ T3678] Bluetooth: hci0: command 0x040f tx timeout [ 566.611302][T11439] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 566.632894][T13029] device veth1_vlan entered promiscuous mode [ 566.755425][T12938] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 566.771486][T12938] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 566.792236][T12938] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 566.849405][T12938] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 566.896968][T13029] device veth0_macvtap entered promiscuous mode [ 566.951035][T13029] device veth1_macvtap entered promiscuous mode [ 567.008089][T13029] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 567.026684][T13029] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 567.038226][T13029] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 567.055980][T13160] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns [ 567.069325][T13029] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 567.080601][T13160] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 567.100951][T13029] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 567.115762][T13029] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 567.142335][T13029] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 567.154290][T13029] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 567.165903][T13029] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 567.178284][T13029] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 567.206525][T13029] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 567.250049][T11439] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 567.273683][T11439] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 567.308493][T11439] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 567.327348][T11439] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 567.352158][T13029] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 567.388961][T13029] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 567.402854][T13029] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 567.418290][T13166] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 567.456479][T13029] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 567.509904][T13029] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 567.561504][T13029] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 567.604473][T13029] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 567.629659][T13029] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 567.644668][T13029] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 567.656330][T13029] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 567.669721][T13029] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 567.682648][T11159] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 567.693701][T11159] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 567.705916][ T376] IPVS: stopping master sync thread 8751 ... [ 567.708140][T13029] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 567.756666][T13029] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 567.790116][T13029] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 567.799504][T13029] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 568.087011][ T4747] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 568.130938][ T4747] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 568.147007][ T376] device hsr_slave_0 left promiscuous mode [ 568.164616][ T376] device hsr_slave_1 left promiscuous mode [ 568.175523][ T376] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 568.199154][ T376] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 568.221472][ T376] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 568.247782][ T376] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 568.280476][ T376] device bridge_slave_1 left promiscuous mode [ 568.299479][ T376] bridge0: port 2(bridge_slave_1) entered disabled state [ 568.326791][ T376] device bridge_slave_0 left promiscuous mode [ 568.356714][ T376] bridge0: port 1(bridge_slave_0) entered disabled state [ 568.415199][ T376] device veth0_macvtap left promiscuous mode [ 568.435871][ T376] device veth1_vlan left promiscuous mode [ 568.455826][ T376] device veth0_vlan left promiscuous mode [ 568.671221][ T3678] Bluetooth: hci0: command 0x0419 tx timeout [ 569.144868][ T376] team0 (unregistering): Port device team_slave_1 removed [ 569.198958][ T376] team0 (unregistering): Port device team_slave_0 removed [ 569.207781][T13202] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns [ 569.224821][T13202] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 569.252024][ T376] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 569.271553][ T376] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 569.495526][ T376] bond0 (unregistering): Released all slaves [ 569.584114][T11159] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 569.636867][ T4747] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 569.666260][ T4747] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 569.748656][T12938] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 570.766891][T13215] loop0: detected capacity change from 0 to 4096 [ 570.882145][T13215] ntfs3: Invalid value for fmask. [ 572.204866][T13240] kvm [13239]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0xc1 data 0x0 [ 572.278309][T13240] kvm [13239]: vcpu0, guest rIP: 0x1be disabled perfctr wrmsr: 0xc1 data 0x0 [ 572.544900][T13254] tipc: Trying to set illegal importance in message [ 573.398294][ T25] audit: type=1800 audit(1719763968.538:241): pid=13261 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.2407" name="bus" dev="sda1" ino=2122 res=0 errno=0 [ 573.751655][T13277] netlink: 124 bytes leftover after parsing attributes in process `syz.2.2412'. [ 573.956310][ T5688] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 573.977092][ T5688] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 574.042350][T13293] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 574.901780][T13312] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 574.922542][T13314] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 576.155229][T13352] device bond0 entered promiscuous mode [ 576.171014][T13352] device bond_slave_0 entered promiscuous mode [ 576.177489][T13352] device bond_slave_1 entered promiscuous mode [ 576.228936][T13354] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2440'. [ 576.258467][T13354] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2440'. [ 576.476840][ T25] audit: type=1326 audit(1719763971.618:242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13349 comm="syz.1.2438" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f60662feb99 code=0x0 [ 576.820261][T13389] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2452'. [ 576.930909][T12938] usb 5-1: new high-speed USB device number 37 using dummy_hcd [ 577.531094][T12938] usb 5-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36 [ 577.557018][T12938] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 577.566163][T12938] usb 5-1: Product: syz [ 577.570414][T12938] usb 5-1: Manufacturer: syz [ 577.575722][T12938] usb 5-1: SerialNumber: syz [ 577.592022][T12938] usb 5-1: config 0 descriptor?? [ 577.651916][T12938] ch341 5-1:0.0: ch341-uart converter detected [ 577.679937][T13421] device syzkaller0 entered promiscuous mode [ 578.037931][T13430] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2464'. [ 578.049736][T13430] IPv6: ADDRCONF(NETDEV_CHANGE): gre1: link becomes ready [ 578.348227][ T25] audit: type=1800 audit(1719763973.488:243): pid=13419 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2460" name="/" dev="fuse" ino=1 res=0 errno=0 [ 578.376259][T13437] netlink: 'syz.1.2467': attribute type 1 has an invalid length. [ 578.398777][T13439] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2468'. [ 578.407975][T13437] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2467'. [ 578.420658][T13439] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2468'. [ 578.721101][T12938] ch341-uart ttyUSB0: failed to read break control: -71 [ 578.728104][T12938] ch341-uart: probe of ttyUSB0 failed with error -71 [ 578.805730][T12938] usb 5-1: USB disconnect, device number 37 [ 578.833809][T12938] ch341 5-1:0.0: device disconnected [ 579.058894][T13466] device syzkaller1 entered promiscuous mode [ 579.168211][T13472] TCP: request_sock_subflow_v6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 579.407861][T13482] TCP: request_sock_subflow_v6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 580.881777][T11159] usb 4-1: new high-speed USB device number 36 using dummy_hcd [ 581.261097][T11159] usb 4-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 581.287527][T11159] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 581.346819][T11159] usb 4-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 581.400870][T11159] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 581.413013][T11159] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 581.549305][T11159] usb 4-1: invalid MIDI out EP 0 [ 582.239198][T11159] snd-usb-audio: probe of 4-1:27.0 failed with error -22 [ 582.252113][T11159] usb 4-1: USB disconnect, device number 36 [ 584.260970][ T1066] usb 4-1: new high-speed USB device number 37 using dummy_hcd [ 584.307940][T13567] ax25_connect(): syz.1.2512 uses autobind, please contact jreuter@yaina.de [ 584.513390][ T1066] usb 4-1: Using ep0 maxpacket: 8 [ 584.631007][ T1066] usb 4-1: config 0 has an invalid interface number: 38 but max is 0 [ 584.657867][ T1066] usb 4-1: config 0 has no interface number 0 [ 584.691054][ T1066] usb 4-1: New USB device found, idVendor=0545, idProduct=8080, bcdDevice= 3.01 [ 584.700914][ T1066] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 584.712961][ T1066] usb 4-1: config 0 descriptor?? [ 585.293186][T11441] usb 5-1: new high-speed USB device number 38 using dummy_hcd [ 586.350442][T13594] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 586.359872][T13594] overlayfs: failed to set xattr on upper [ 586.367147][T13594] overlayfs: ...falling back to index=off,metacopy=off. [ 586.420330][T12938] usb 4-1: USB disconnect, device number 37 [ 586.511299][T11441] usb 5-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 586.533274][T11441] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 586.553212][T11441] usb 5-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 586.574047][T11441] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 586.587299][T11441] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 586.658866][T11441] usb 5-1: invalid MIDI out EP 0 [ 586.672181][T13603] kernel profiling enabled (shift: 5) [ 586.771139][ C1] ================================================================== [ 586.779716][ C1] BUG: KASAN: stack-out-of-bounds in profile_pc+0xa4/0xe0 [ 586.786840][ C1] Read of size 8 at addr ffffc900044375a0 by task syz.1.2522/13604 [ 586.794734][ C1] [ 586.797076][ C1] CPU: 1 PID: 13604 Comm: syz.1.2522 Not tainted 5.15.161-syzkaller #0 [ 586.805323][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 586.812918][ T8212] udevd[8212]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 586.815376][ C1] Call Trace: [ 586.834459][ C1] [ 586.837313][ C1] dump_stack_lvl+0x1e3/0x2d0 [ 586.842445][ C1] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 586.845164][T11441] snd-usb-audio: probe of 5-1:27.0 failed with error -22 [ 586.855081][ C1] ? _printk+0xd1/0x120 [ 586.855112][ C1] ? __wake_up_klogd+0xcc/0x100 [ 586.855131][ C1] ? panic+0x860/0x860 [ 586.855147][ C1] ? _raw_spin_lock_irqsave+0xdd/0x120 [ 586.855170][ C1] ? __raise_softirq_irqoff+0x180/0x180 [ 586.879448][ C1] print_address_description+0x63/0x3b0 [ 586.885008][ C1] ? profile_pc+0xa4/0xe0 [ 586.889341][ C1] kasan_report+0x16b/0x1c0 [ 586.893852][ C1] ? profile_pc+0xa4/0xe0 [ 586.898183][ C1] ? trigger_load_balance+0x1d5/0xd90 [ 586.903559][ C1] ? _raw_spin_unlock_irqrestore+0xd4/0x130 [ 586.909452][ C1] profile_pc+0xa4/0xe0 [ 586.913606][ C1] profile_tick+0xd4/0x130 [ 586.918021][ C1] tick_sched_timer+0x390/0x550 [ 586.922866][ C1] ? tick_setup_sched_timer+0x2d0/0x2d0 [ 586.928445][ C1] __hrtimer_run_queues+0x55b/0xcf0 [ 586.933658][ C1] ? hrtimer_interrupt+0x980/0x980 [ 586.938774][ C1] ? ktime_get_update_offsets_now+0x407/0x420 [ 586.944850][ C1] hrtimer_interrupt+0x392/0x980 [ 586.949813][ C1] __sysvec_apic_timer_interrupt+0x139/0x470 [ 586.955793][ C1] sysvec_apic_timer_interrupt+0x8c/0xb0 [ 586.961440][ C1] [ 586.964558][ C1] [ 586.967505][ C1] asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 586.973508][ C1] RIP: 0010:_raw_spin_unlock_irqrestore+0xd4/0x130 [ 586.980036][ C1] Code: 9c 8f 44 24 20 42 80 3c 23 00 74 08 4c 89 f7 e8 62 6c a2 f7 f6 44 24 21 02 75 4e 41 f7 c7 00 02 00 00 74 01 fb bf 01 00 00 00 57 ac 2f f7 65 8b 05 d8 b2 da 75 85 c0 74 3f 48 c7 04 24 0e 36 [ 586.999658][ C1] RSP: 0018:ffffc900044375a0 EFLAGS: 00000206 [ 587.005740][ C1] RAX: bb9f52448741fc00 RBX: 1ffff92000886eb8 RCX: ffffffff81631688 [ 587.013723][ C1] RDX: dffffc0000000000 RSI: ffffffff8a8b2a00 RDI: 0000000000000001 [ 587.021707][ C1] RBP: ffffc90004437630 R08: dffffc0000000000 R09: fffffbfff1f7f22e [ 587.029685][ C1] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000 [ 587.037663][ C1] R13: 1ffff92000886eb4 R14: ffffc900044375c0 R15: 0000000000000246 [ 587.045648][ C1] ? mark_lock+0x98/0x340 [ 587.049991][ C1] ? _raw_spin_unlock+0x40/0x40 [ 587.054845][ C1] ? __wake_up_common+0x2a0/0x4e0 [ 587.059878][ C1] __wake_up_sync_key+0x121/0x1c0 [ 587.064902][ C1] ? __wake_up_locked_key_bookmark+0x20/0x20 [ 587.070887][ C1] ? __skb_try_recv_from_queue+0x770/0x770 [ 587.076698][ C1] ? consume_skb+0x103/0x140 [ 587.081297][ C1] __unix_dgram_recvmsg+0x5fe/0x1260 [ 587.086938][ C1] ? __lock_acquire+0x1295/0x1ff0 [ 587.091964][ C1] ? unix_unhash+0x10/0x10 [ 587.096394][ C1] ? unix_dgram_recvmsg+0xb9/0xe0 [ 587.101424][ C1] ? unix_dgram_sendmsg+0x2090/0x2090 [ 587.106803][ C1] ____sys_recvmsg+0x286/0x530 [ 587.111585][ C1] ? __sys_recvmsg_sock+0x40/0x40 [ 587.116637][ C1] ___sys_recvmsg+0x1ec/0x690 [ 587.121321][ C1] ? __sys_recvmsg+0x260/0x260 [ 587.126117][ C1] ? __might_fault+0xb4/0x110 [ 587.130802][ C1] do_recvmmsg+0x36f/0x8f0 [ 587.131256][T11441] usb 5-1: USB disconnect, device number 38 [ 587.135232][ C1] ? __sys_recvmmsg+0x270/0x270 [ 587.135273][ C1] ? __lock_acquire+0x1ff0/0x1ff0 [ 587.150973][ C1] ? rcu_is_watching+0x11/0xa0 [ 587.155763][ C1] __x64_sys_recvmmsg+0x195/0x240 [ 587.160804][ C1] ? do_recvmmsg+0x8f0/0x8f0 [ 587.165406][ C1] ? syscall_enter_from_user_mode+0x2e/0x240 [ 587.171396][ C1] ? lockdep_hardirqs_on+0x94/0x130 [ 587.176608][ C1] ? syscall_enter_from_user_mode+0x2e/0x240 [ 587.182608][ C1] do_syscall_64+0x3b/0xb0 [ 587.187380][ C1] ? clear_bhb_loop+0x15/0x70 [ 587.192155][ C1] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 587.198050][ C1] RIP: 0033:0x7f60662feb99 [ 587.202464][ C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 587.222161][ C1] RSP: 002b:00007f6064d5e048 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 587.230592][ C1] RAX: ffffffffffffffda RBX: 00007f606648d078 RCX: 00007f60662feb99 [ 587.238577][ C1] RDX: 0000000000010106 RSI: 00000000200000c0 RDI: 0000000000000007 [ 587.246557][ C1] RBP: 00007f606637f77e R08: 0000000000000000 R09: 0000000000000000 [ 587.254539][ C1] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000 [ 587.259078][ T9056] udevd[9056]: setting mode of /dev/dmmidi3 to 020660 failed: No such file or directory [ 587.262772][ C1] R13: 000000000000006e R14: 00007f606648d078 R15: 00007ffdbc4da418 [ 587.262804][ C1] [ 587.262811][ C1] [ 587.262815][ C1] [ 587.262819][ C1] addr ffffc900044375a0 is located in stack of task syz.1.2522/13604 at offset 0 in frame: [ 587.262834][ C1] _raw_spin_unlock_irqrestore+0x0/0x130 [ 587.262856][ C1] [ 587.262861][ C1] this frame has 1 object: [ 587.262871][ C1] [32, 40) 'flags.i.i.i.i' [ 587.262880][ C1] [ 587.262885][ C1] Memory state around the buggy address: [ 587.262894][ C1] ffffc90004437480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 587.262904][ C1] ffffc90004437500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 587.262915][ C1] >ffffc90004437580: 00 00 00 00 f1 f1 f1 f1 00 f3 f3 f3 00 00 00 00 [ 587.262924][ C1] ^ [ 587.262933][ C1] ffffc90004437600: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 [ 587.262944][ C1] ffffc90004437680: 00 00 00 00 00 f3 f3 f3 f3 f3 f3 f3 00 00 00 00 [ 587.262953][ C1] ================================================================== [ 587.316324][ T9056] udevd[9056]: setting owner of /dev/dmmidi3 to uid=0, gid=29 failed: No such file or directory [ 587.317478][ C1] Disabling lock debugging due to kernel taint [ 587.317496][ C1] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 587.317506][ C1] CPU: 1 PID: 13604 Comm: syz.1.2522 Tainted: G B 5.15.161-syzkaller #0 [ 587.410556][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 587.420624][ C1] Call Trace: [ 587.423906][ C1] [ 587.426744][ C1] dump_stack_lvl+0x1e3/0x2d0 [ 587.431422][ C1] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 587.437056][ C1] ? panic+0x860/0x860 [ 587.441121][ C1] ? lock_release+0xb9/0x9a0 [ 587.445712][ C1] ? irq_work_queue+0xcd/0x150 [ 587.450479][ C1] panic+0x318/0x860 [ 587.454373][ C1] ? check_panic_on_warn+0x1d/0xa0 [ 587.459479][ C1] ? fb_is_primary_device+0xd0/0xd0 [ 587.464673][ C1] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 587.470567][ C1] ? _raw_spin_unlock+0x40/0x40 [ 587.475424][ C1] check_panic_on_warn+0x7e/0xa0 [ 587.480361][ C1] ? profile_pc+0xa4/0xe0 [ 587.484689][ C1] end_report+0x6d/0xf0 [ 587.488935][ C1] kasan_report+0x18e/0x1c0 [ 587.493451][ C1] ? profile_pc+0xa4/0xe0 [ 587.497776][ C1] ? trigger_load_balance+0x1d5/0xd90 [ 587.503151][ C1] ? _raw_spin_unlock_irqrestore+0xd4/0x130 [ 587.509058][ C1] profile_pc+0xa4/0xe0 [ 587.513227][ C1] profile_tick+0xd4/0x130 [ 587.517693][ C1] tick_sched_timer+0x390/0x550 [ 587.522548][ C1] ? tick_setup_sched_timer+0x2d0/0x2d0 [ 587.528092][ C1] __hrtimer_run_queues+0x55b/0xcf0 [ 587.533295][ C1] ? hrtimer_interrupt+0x980/0x980 [ 587.538408][ C1] ? ktime_get_update_offsets_now+0x407/0x420 [ 587.544486][ C1] hrtimer_interrupt+0x392/0x980 [ 587.549437][ C1] __sysvec_apic_timer_interrupt+0x139/0x470 [ 587.555420][ C1] sysvec_apic_timer_interrupt+0x8c/0xb0 [ 587.561055][ C1] [ 587.563978][ C1] [ 587.566898][ C1] asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 587.573002][ C1] RIP: 0010:_raw_spin_unlock_irqrestore+0xd4/0x130 [ 587.579516][ C1] Code: 9c 8f 44 24 20 42 80 3c 23 00 74 08 4c 89 f7 e8 62 6c a2 f7 f6 44 24 21 02 75 4e 41 f7 c7 00 02 00 00 74 01 fb bf 01 00 00 00 57 ac 2f f7 65 8b 05 d8 b2 da 75 85 c0 74 3f 48 c7 04 24 0e 36 [ 587.599150][ C1] RSP: 0018:ffffc900044375a0 EFLAGS: 00000206 [ 587.605283][ C1] RAX: bb9f52448741fc00 RBX: 1ffff92000886eb8 RCX: ffffffff81631688 [ 587.613268][ C1] RDX: dffffc0000000000 RSI: ffffffff8a8b2a00 RDI: 0000000000000001 [ 587.621244][ C1] RBP: ffffc90004437630 R08: dffffc0000000000 R09: fffffbfff1f7f22e [ 587.629226][ C1] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000 [ 587.637203][ C1] R13: 1ffff92000886eb4 R14: ffffc900044375c0 R15: 0000000000000246 [ 587.645189][ C1] ? mark_lock+0x98/0x340 [ 587.649532][ C1] ? _raw_spin_unlock+0x40/0x40 [ 587.654385][ C1] ? __wake_up_common+0x2a0/0x4e0 [ 587.659412][ C1] __wake_up_sync_key+0x121/0x1c0 [ 587.664437][ C1] ? __wake_up_locked_key_bookmark+0x20/0x20 [ 587.670415][ C1] ? __skb_try_recv_from_queue+0x770/0x770 [ 587.676219][ C1] ? consume_skb+0x103/0x140 [ 587.680805][ C1] __unix_dgram_recvmsg+0x5fe/0x1260 [ 587.686093][ C1] ? __lock_acquire+0x1295/0x1ff0 [ 587.691113][ C1] ? unix_unhash+0x10/0x10 [ 587.695532][ C1] ? unix_dgram_recvmsg+0xb9/0xe0 [ 587.700711][ C1] ? unix_dgram_sendmsg+0x2090/0x2090 [ 587.706087][ C1] ____sys_recvmsg+0x286/0x530 [ 587.710854][ C1] ? __sys_recvmsg_sock+0x40/0x40 [ 587.715890][ C1] ___sys_recvmsg+0x1ec/0x690 [ 587.720654][ C1] ? __sys_recvmsg+0x260/0x260 [ 587.725424][ C1] ? __might_fault+0xb4/0x110 [ 587.730098][ C1] do_recvmmsg+0x36f/0x8f0 [ 587.734512][ C1] ? __sys_recvmmsg+0x270/0x270 [ 587.739445][ C1] ? __lock_acquire+0x1ff0/0x1ff0 [ 587.744462][ C1] ? rcu_is_watching+0x11/0xa0 [ 587.749223][ C1] __x64_sys_recvmmsg+0x195/0x240 [ 587.754340][ C1] ? do_recvmmsg+0x8f0/0x8f0 [ 587.759026][ C1] ? syscall_enter_from_user_mode+0x2e/0x240 [ 587.765001][ C1] ? lockdep_hardirqs_on+0x94/0x130 [ 587.770192][ C1] ? syscall_enter_from_user_mode+0x2e/0x240 [ 587.776172][ C1] do_syscall_64+0x3b/0xb0 [ 587.780584][ C1] ? clear_bhb_loop+0x15/0x70 [ 587.785256][ C1] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 587.791147][ C1] RIP: 0033:0x7f60662feb99 [ 587.795560][ C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 587.815163][ C1] RSP: 002b:00007f6064d5e048 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 587.823590][ C1] RAX: ffffffffffffffda RBX: 00007f606648d078 RCX: 00007f60662feb99 [ 587.831751][ C1] RDX: 0000000000010106 RSI: 00000000200000c0 RDI: 0000000000000007 [ 587.839723][ C1] RBP: 00007f606637f77e R08: 0000000000000000 R09: 0000000000000000 [ 587.847694][ C1] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000 [ 587.855653][ C1] R13: 000000000000006e R14: 00007f606648d078 R15: 00007ffdbc4da418 [ 587.863618][ C1] [ 587.866728][ C1] Kernel Offset: disabled [ 587.871041][ C1] Rebooting in 86400 seconds..