last executing test programs: 9.925309987s ago: executing program 1 (id=2): ioctl$KVM_SET_LAPIC(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000100)={"b46474f815e8d5535f0887c44335cc824dc6121bc72a77f532ff5dad4d643a9cab29d2310e04be14eb26c0af4985fe45e3b3b0680b3ec92725d74b9716e0f7c3119a2c9a0ae65ff4772e2e12733cb013c4308fe40863480747c0a7ddb9361b1578015ca1bb2c1677ebae096f08345476f567443842946ed946434c75916d1db83fe305920de65bfaf9bd940672216846cb16b8ae67cd3affc61375381f91b3b9f1cc5e38cafe5239aee71dcd481fbe1ecd2547ffbaad4469a74697c28fb9beefa6a5d736712a55eb9110c2cf7964062ba8cbc1c038e84f0f5db7fc7053118bf5221e3efa6fc3edb5d0ca3cde7054dd0751a332520aa8478b1775d552c5cc24d3c2df9eb333e5ca3aa06c1c2cf8526714f5caff2f55b41976fc20b64f1fc61d5b44f50953582a1825d32130a31abfeafd1987317879e29ac51b93c9659e023fff3ddb5e39dd19cc3ef1d883c78b9e073d08a9197fb3717df238b9831831214b186693be9dd2568bb77272e80df5dfed03e8c467627bedfbd93359a9f79a3aa37e873dc1357b37b43d813ea85267b0dc8b1c4cc51bd985328833beb2679b7fb762555bbea2da936b36f8f1673fd5f606b2b6eb23b72bf947206e8dbfeb40ca6f265a3485c8446e0f0da652860b88328073d2282c14b48a7774e62754a968b60e92205e8fafcdd70a55c3c4d1a4821ff44e6e3681f15ae091260010000000000000e30ebbf9d24287bb8a5d73c608d47d287f9e716cf02b4796a83fb0c05e45b89de9ef8bce834e6d7a0be6e30d2c66cb6e640cb01898454ad361bc0701d8fe56113335ae6adec59300db04691cc4a689034272a8e086a32ce7061b4f79fa8afbb48a6ce4b62bdc44af013d78980457e1fa61eb9204818606f4c3b03c0f33cd2a841ac9bc2b73151a96e31ab99e6ec969b5f2c3edd5f9abc69845e487af992758ba445368da93dae1d44360d52a534a88276b8aaf349841d8a4788c60408618437c442308dbf70efeda2e54e9b9e4fe5f76997c9dcb945a26bd75748c85d19ca8b99264dce50580e8d4dbda401dad7df31e9a7a6a3a83bfbdfb5394abd581ac0824fbcd75d2f5205c0b7c9188e6f26bfd97734d9a20433f6cdba9d14a5f32a4d97a57f4603b21146fd1aebf082e863d463c224ad623c17d8043d3bf083f0322408dd6ead6915ac6a4222ab51480eb6e11a8913348219515170d9df90d72d7363bbda3e327d19f98c0a856f98076380e788e602e8a2ae0a1930786874dc21a2e99abda15f35457cf1dcb440c4b41350d0eda352aad7f57a0adc8a6914da06460635ed21c4c11cd1a8ec778fd87105119cc7e2f828b23f94b16619a5520731c2c40ab8583c9f2e73233d74b84f4877ce6b35bb1180300"}) r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x6, 0xf3b8, 0x0, 0x1000, 0x400, 0x4002004c4, 0x1000, 0x0, 0x97, 0x10, 0x0, 0x3, 0x4], 0xeeee8000, 0x400}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x930, 0x1000009, 0x16831, 0xffffffffffffffff, 0x0) ioctl$KVM_GET_DIRTY_LOG(r1, 0x4010ae42, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001000/0x3000)=nil}) 9.655719208s ago: executing program 3 (id=4): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = getpid() syz_mount_image$erofs(&(0x7f00000002c0), &(0x7f0000000380)='./file1\x00', 0x200000, &(0x7f0000000280)=ANY=[], 0x4, 0x226, &(0x7f0000000840)="$eJzslb9v00AUx7/PdpykSEUMMLCEoRJBoo7tAOrCUJiRkAoCxogeVanbVGmGNhJSKhYWZsQ/wtCJgQ0mFhYGQKrEQEcmJA7dD5Nr4rQprbrwPsPp++7ePb87Pz+DYZj/lm9ff355eWvu3lVl9Afz330rPp2B5/h/fu2XrHy3Nv1sZzgeAZByYAeHPD8E8HbeB/omrPQh3fUZ1N3QmvvwcMXqByBEea5SYaQA4ZGdfroucw+0q1Zkgh63s8Uny5mI1ZCoIVVDE04KKv+9bcIigIp9BDn5bWz1VloZ0DEiE7koyfw5I0tHFUX3Rm5+8x5uovr3CtT7evji+bayI+sXw8OM1Qk8JFY3QViweg5lRFFUs6ZInPNfDAZX7JvXZugf5SSV3kqriuPfyITi3GzBUhnAwdurmVCnPbE0fsuDfdT7+ofI4b4SVDMqa+uTf3incs/qAwAmdMZgxquN7goPiSOOnzMNz5B7URf2dt6P7CrtnlrRnrzQjWuoxl6psvk4lWV3Cned3zdzaUwh5RU4tiRM/6AAuOy06MD5KzS6q+uNja3e7PJqa0ksibU0bd6Ir8Xx9bShe7MZi1qgjV/R/WnKiV8a4xtS6G+2ut1Osgl0O0lIIbSdmtHpuAtv2j/0Hk/3Pw/1X1Lmvxd97PJQI3ZMsvtIq7o/NnmGYRiGYRiGYRiGYRiGYZgJ2L2dqxoIH6YBedbYspAgvatX/wQAAP//7NhSLA==") sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r1 = syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x0, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000032680)=""/102400, 0x19000) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="18020000000000000000000000000000850000002e000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007300000095"], &(0x7f0000000080)='GPL\x00'}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r3, 0x0, 0xe, 0x0, &(0x7f0000000000)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 8.589936505s ago: executing program 1 (id=6): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x7, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000000c0)={r0, 0xffffffffffffffff, 0x16, 0x0, @void}, 0x10) 7.720080426s ago: executing program 1 (id=7): syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f0000000140)='./file0\x00', 0x8000d0, &(0x7f0000000040), 0x1, 0x586, &(0x7f0000000600)="$eJzs3U9sHFcZAPBvdx0ncd2mCY3UlIMDqUj/KLbblZwaDoQDHCjqpUioUjlYycYOXsfGdkVtLu6NE0UCBKiiasQBCSRiiQNwqChIHJAIEgIhLNRKIA78aQHhHigBjGZ31t54Z51Ftndbz+8nbfbNm7G/93bzvd19b9YTQG6dTv4pRAxGxI2IOFbfvPWA0/W775RXp66XV6cKsbHx5N8KteOulVenGoc2fu6OiFiJiHsj4seXIy4eao27sLQ8PVGtVubT7ZHFmbmRhaXlc1dmJiYrk5Wr5fJj42Nj4+fHRv+P3hR23PuJuddP/GbqicmXhv791PmZb/y1EBdq/Y5t/dhLWS3qK0Rc2I9gPVBK+hMRAx0ef7Ly/Mv73CQ69KUTayPJc3dPRNxfy/9jUao9mxEffPHpfxyLD9xs97M31l78UzfbCgDsnY3E4Z13AwdTMZLP/oXicETUy8Xi8HD9M/w9MVCszi4sPnx59pmrl+pzBHfHoeLlK9XKaDpXcHccKiTbj9TKW9uPbtsuR8TxiPhc6Whte/jibPVSV0c6oGEw4rXvfvpi/x3b8v+PpXr+AwdXkv+/+sn3f5iU3yz1ujVANyX5/603Zx4P+Q+5c/v8P9L1NgHd4fUf8kv+Q3615v/O584CB4fXf8gv+Q/5Jf8hv+Q/5Jf8h/xqzn/pD/l0fOiVtUJErLz/aO2W6E/3ZfzZHuAA2bjTt/whr7z3h/zq2yoe7WU7gO7zGR+43dn/bb8NPLf3bQG6o9jrBgA9c/aU9T/IK/P/kF99vW4A0DPe4wPm/yF/zP9Dfg22uf7XnU3X7hqNiLsi4melQ4cb1/oC3rkGI1574cb3no4o/rmQvv9PxoKJ11/9UfNx/YV/1pYI+iPiMy88+ZVnJxYX5x9J6v++Wb/41bT+0V71BuhEI08beQzk18LS8vREtVqZV1DYVoh4WzRDYR8LjXHgWnl1qnHr1tjz/EMRb3yofhJCEvd6eqvv7UvnJo/U1igH1gu3nKtQ2IO1y8+fi1h5LiLuzep/Ib3eeX3lY2C91BL/Xel9cjuVzp8kx5zsMH7prt3Fv68p/lBT/Hd3GH/t4x0euE+Of7u38V/67eayV1/W49+3y6/EnrjN/se/uatfv2t/+H1v498/1Nv4X56NeCUZf0az8q+YpOXmymfz+PPFL9TnSvp3Gf+zZ7fGv+st419xc/wrtRn/TncY56dPVT6ZVV/6ecQbz0Xclxm/Ee9ILdbAerEl/pmm8eeBHeL/5WO/nM6qv/BqxMa1iLORHb851sjizNzIwtLyuSszE5OVycrVcvmx8bGx8fNjoyO1OeqRxkx1qydunvxwVv2Zr9f7P9AmfqP/7R7/jR363Gz5a58afE9G/S9O1eM/cCb7+T+Rxq8//n0t8d+b3if/T/6TnsubHPNWRBxO6x+MiB+8fPyhrHZ99GY9/qU2/S/eEr+1/w932P/43X+fyap+9iOd/gIAYC+1nxrodcsAAIC91o2Vxl73Ecg2sN4fzcvAhZWmdYWVrXWFpP6tdH2htBLxr3SNIal/MF0lS8qZCw3A287J5ff9utdtAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMi7haXl6YlqtTK/0OuWAN32vwAAAP//mSj9Tw==") openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0) 6.412838235s ago: executing program 1 (id=8): syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x1000040, &(0x7f00000002c0)={[{@barrier}, {@nodioread_nolock}, {@noquota}, {@barrier}, {@auto_da_alloc}, {@nodioread_nolock}]}, 0x1, 0x59c, &(0x7f0000001840)="$eJzs3U9oHGUbAPBnZrNN/+T70g++Dz6lh6JChdJN0j9aPbVXsVDoQfCiYbMNJZtsySbahIDpvYg9iEov9aYHj4oHD+LFo1cvimeh2KDQ9KArm51N03S3bmI2W7O/H0z2fWdm93nfmX3e7AwzTAB962j9TxrxVERcTCKGNywbiGzh0cZ6qytLxfsrS8UkarVLvySRRMS9laVic/0kez0UEcsR8f+I+CYfcTxd/8h9zUJ1YXFqvFwuzWb1kbnpqyPVhcUTV6bHJ0uTpZlTL7505uzpM2MnxzY2935tYy2/tb7e+PHmuze+e+X2zU8/O7JcfH88iXMxlC3b2I+d1Ngm+Ti3af7pbgTroaTXDWBbclme11PpfzEcuSzrW6ltHBwGd6V5QBfVBiNq6zYUgT6QSHroU83fAfXj3+a0m78/7pxvHIDU466uLBXfiWb8gca5idi/dmxy8NfkoSOT+vHm4d1sKHvS8vWIGB0YePT7n2Tfv+0b3YkG0lVfn2/sqEf3f7o+/kSL8Weoee70b2qOf6vZ+LfaIn6uzfh3scMYv7/+00dt418fjKdbxk/W4yct4qcR8WaH8W+99uXZdstqH0cci9bxm5LHnx8euXylXBpt/G0Z46tjR15u3/+Ig23iN87Z7l9ryMb+78valHbY/y++/fyZ5cfEf/7Zx+//Vtv/QES812H8/9z75NV2y+5cT+7WfwVsdf8nkY/bHcZ/4dzRH7Kis4YAAAAAAAAAALCD0rVr2ZK0sF5O00KhcQ/vf+NgWq5U545frszPTDSueTsc+bR5pdVwo57U62PZ9bjN+slN9VO5LGDuwFq9UKyUJ3rcdwAAAAAAAAAAAAAAAAAAAHhSHNp0//9vubX7/zc/rhrYq9o/8hvY6+Q/9K+H8z/pWTuA3ef/P/StmvyH/iX/oX/Jf+hf8h/6l/yH/iX/oX/JfwAAAAAAAAAAAAAAAAAAAAAAAAAA6IqLFy7Up9r9laVivT4xsDA/VXnrxESpOlWYni8WipXZq4XJSmWyXCoUK9N/9XlJpXJ1NGbmr43MlapzI9WFxTemK/MzzWeKlvJd7xEAAAAAAAAAAAAAAAAAAAD88wytTUlaiMg36mlaKET8KyIOJ5FcvlIujUbEvyPi+1x+sF4f63WjAQAAAAAAAAAAAAAAAAAAYI+pLixOjZfLpdnuFQayUF0M0XlhYCsrR8Tyzjaj/olbflc+24A93nR7o5B7Mr6HT36hh4MSAAAAAAAAAAAAAAAAAAD0qQc3/Xb6jj+62yAAAAAAAAAAAAAAAAAAAADoS+nPSUTUp2PDzw1tXrovWc2tvUbE27cufXBtfG5udqw+/+76/LkPs/kne9F+oFPNPE0jop7HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwAPVhcWp8XK5NLvNwmAH6/S6jwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADb8WcAAAD//y4WzlE=") syz_usb_connect(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000319021508fd0701"], 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r0) syz_usb_connect(0x1, 0x0, 0x0, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x2, &(0x7f0000000340)=ANY=[@ANYBLOB="020384d30c"]}]}) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r1, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r2, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 6.339627254s ago: executing program 2 (id=3): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f00000001c0)=@arm64={0x4, 0x8, 0x44, '\x00', 0x2}) ioctl$KVM_SET_GUEST_DEBUG_x86(r2, 0x4048ae9b, &(0x7f0000000080)={0xe0003, 0x0, {[0xffffffffffffffff, 0x1f8, 0x83, 0xffffffffefffff15, 0x3, 0x4, 0x4, 0x4]}}) 5.183461738s ago: executing program 2 (id=9): r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000206d049cc2000000000001090224000100000003090400000103000300092130b4000122060009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000200)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="002206000000abb668686844"], 0x0}, 0x0) 4.854875736s ago: executing program 0 (id=1): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x121502, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_SET_SREGS2(r2, 0x4140aecd, &(0x7f00000003c0)={{0xb000, 0x10000, 0xd, 0x6, 0xf, 0x4, 0xe0, 0x1f, 0x0, 0x7, 0x8, 0x3}, {0xfffc1000, 0xf000, 0x8, 0xd9, 0x80, 0x80, 0x12, 0x6, 0xf7, 0x2, 0x2e, 0xfc}, {0x200000, 0x41000, 0x0, 0x20, 0x8e, 0x6, 0x0, 0xbe, 0x81, 0x9, 0x5, 0x2}, {0x4000, 0x41000, 0xc, 0xf6, 0xdc, 0x79, 0x6, 0x8, 0x2c, 0x3, 0x1e, 0x9}, {0x1, 0x200000, 0x4, 0x3, 0x68, 0x7, 0x0, 0x11, 0x0, 0x6, 0x3, 0x20}, {0xfec00000, 0x10000, 0xa, 0xca, 0x2, 0xc6, 0x7, 0x7, 0xf, 0x3b, 0x0, 0x5}, {0xc617264baea5bdad, 0x60000, 0x3, 0xd, 0x65, 0x85, 0xf4, 0x6, 0x4, 0x6, 0x5, 0xe5}, {0x54000, 0xe000, 0x10, 0x6, 0x0, 0x4, 0x1e, 0x7, 0x6, 0x8, 0x40, 0x5}, {0xfec41000, 0xa}, {0x40000, 0x8}, 0x80010001, 0x0, 0x6000, 0x170221, 0x11, 0x8901, 0x30000, 0x0, [0x7, 0x6, 0x85, 0x4]}) 4.725065345s ago: executing program 4 (id=5): ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0}) ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4008af03, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000040)='./bus\x00', 0x10, &(0x7f00000003c0)={[{@i_version}, {@nodiscard}, {@oldalloc}]}, 0x1, 0x3f7, &(0x7f0000003080)="$eJzs3U1vG0UfAPD/bt7atE+TSs+Bl4sFSERCJE3aApVAIuLCoT3RA0es2C1RnQYlRqJVxItA3EAC8QHgAHwEjnDgO8AZOEClCOVAys1o7V3HxHbapA6ukt9PGnlmZ+2Z9XjW68nsJIBjqxQRL0fESESci4ipfHuah3i/FbL9trc2lv7e2lhKotF47c8kknxb8VpJ/ngqf4GZNCL9KInHe5S7fuv2jXKtVl3L03P1lbfm1m/dfnZ5pXy9er16c+G58xcuXnzh0sLzAzvWzZXkk6e+ufzbZx9XPv/pj++ns/qezvM6j2NQSlFqvye7XRp0YUN2oiOejA6xIgAA7CnNr/1Hm9f/UzESOxdvU/Hpj0OtHAAAADAQjUbxCAAAABxdid/+AAAAcMQV8wC2tzaWijDE6Qj8xzYXI2K61f5389DKGW3f0zu26/7eQSpFxKsnrixkIQ7pPmwAAACA4+yHxdbCf93jf2k80rHfyYiYLNb2G6DSrnT3+E96Z8BF0mFzMeLFiLjbNf6XFrtMj+Sp/zWHCseSa8u16rmIOBMRMzE2kaXn9yjj3SdufNsvr3P878tfX5/Pys8ed/ZI74xO/Ps5lXK9/CDHzI7NDyIeG+3V/kl7zLdzncyDeGN5+6V+eVn7Z+1dhO725zA1vop4umf/31m5NNl7fda55vlgLj8rTHSX8cvprz/sV35n/89CVn7xtwAOX9b/J/du/+Y6ue31etf3X8Z3f135uV/evdu/9/l/PLnarOB4vu2dcr2+Nh8xnlzu3u7T1Fa8H8X7lbX/zJO9v/+L678k/+4/07E+9H688t7Zq/3y9P/hytq/sq/+v//Im5OPzvQr//76/4VmZYoXcf13b/fbQMOuJwAAAAAAAACDkTbn9iXpbDueprOzrXm+/4/JtLa6Xn/m2urbNyutOYDTMZYW8z+nOuaDzrduI2+nF3alz0fE2Yj4YupkMz27tFqrDPvgAQAA4Jg41ef3f+b3g9zsAQAAADycpoddAQAAAODQ+f0PAAAAR9qDrOtfq64V/yLogE8XETlYZCT/4D0s9Tl6kSGelAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACIfwIAAP//keS8Nw==") ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040)) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x35, 0x0, 0x2, 0x180, 0x5, 0x4, 0xf1, 0x50, 0x12, 0x2, 0x0, 0x29, 0x0, 0x6, 0x0, 0xbdb], 0xd000, 0x43102}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x300, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) bind$vsock_stream(0xffffffffffffffff, &(0x7f0000000040)={0x28, 0x0, 0x0, @local}, 0x10) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x4, 0x1001000000, 0x0, 0x10043, 0x2000001, 0x3, 0x2004cb, 0x0, 0x1000007, 0xd2, 0x2, 0xeef, 0x3, 0x0, 0x7], 0xeeee8000, 0x202}) ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f00000001c0)={{0x2000, 0xeeee0000, 0xe, 0x8, 0xb, 0xe4, 0x40, 0x0, 0x0, 0x2e, 0x80}, {0x5000, 0x4000, 0x3, 0x0, 0x42, 0x5, 0x5, 0x0, 0x4, 0x5, 0x0, 0x89}, {0x6000, 0x1, 0xe, 0x5, 0x3, 0x7, 0x0, 0x7, 0x3, 0xa4, 0x5, 0x5}, {0x1, 0xf000, 0xd, 0x6, 0x4, 0x42, 0xb, 0xff, 0x2, 0x7, 0xe}, {0xeeee0000, 0xd000, 0xf, 0x3, 0x15, 0x7, 0xab, 0x8, 0x9, 0x83, 0xf7, 0x83}, {0x1000, 0xc000, 0x9, 0xa0, 0xb1, 0x8, 0x1, 0xa0, 0x82, 0xf, 0x1, 0x7}, {0x5000, 0x1, 0x3, 0x5, 0x7, 0x15, 0x7, 0x3, 0x7, 0x81, 0x40, 0x70}, {0xd000, 0x4000, 0x0, 0x5, 0xcd, 0x7, 0x1, 0x9, 0x2, 0x4c, 0xb0, 0x9}, {0x3000, 0x30}, {0x8000000, 0x7}, 0x80010000, 0x0, 0x0, 0x20458d, 0x1000000000000, 0x1500, 0x3000, [0x9, 0x7, 0x5, 0x8]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 4.377644918s ago: executing program 3 (id=10): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x5, 0x7, 0x7ffc0001}]}) semget$private(0x0, 0x20000000102, 0x0) r0 = syz_mount_image$udf(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x400, &(0x7f0000000600)=ANY=[@ANYBLOB='nostrict,umask=00000000000000000000010,unhide,longad,utf8,lastblock=00000000000000002304,anchor=18446744073709551615,gid=', @ANYRESDEC=0x0, @ANYBLOB=',gid=forget,uid=forget,noadinicb,shortad,iocharset=ascii,lastblock=00000000000000000009,iocharset=cp950,fileset=00000000000000000001,undelete,anchor=00000000000000000006,partition=00000000000000000008,anchor=00000000000008421375,session=00000000000000000001,anchor=00000000000000000005,gid=', @ANYRESDEC, @ANYBLOB="2c66fefb470f725c", @ANYRES8, @ANYRESOCT, @ANYRESDEC=0x0, @ANYBLOB="2c736d61636b66736465663d233f9d1abf59c53229ddd780b162f44a0e44f3436d598025e596d23078a3e733e07b480ad2f41c3ccd7956530c3be5c0d1833ad4954140d857bb924e0f613fe32a0c1461263f77581d8ed8b341959c53a341493644534a4b27223d1faac6bf7df530d100a57452b6a3abc826bb0f0b82809ca1e13376959935f589115abe267b25f42757304b4d6c7ffaec13f3079a4658933152fe693cc762ce82776b4003c4ac3d9d3478da3da1f79ad788d3b25f59422ba668e32c00"], 0x9, 0xc1e, &(0x7f0000001240)="$eJzs3U9sHNd9B/DfG5HiUmkrJnYUu42LTVukMmO5+hdTsQp3VdNsA8gyEYq5BeCKpNSFKZIgqUY20oLppYceAhRFDzkRaI0CKRoYTRH0yLQukFx8KHLqiWhhIyh6YIsAOQUsZvatuKRIixFFibI+H5v67s6+N/PevPWMLOjNCwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAg4vdfu3T6THrUrQAAHqYrY185fdb9HwCeKFf9/z8AAAAAAAAAAAAAABx2KYp4KlLMX1lPE9X7ttrlVu+t2+PDIztX609VzSNV+fKndubsufNffGnoQicvt2Y/ov6D9my8MXb1Uv3VuZvzC9OLi9NT9fHZ1uTc1PSe97Df+tsNViegfvPNW1PXry/Wz754bsvHtwc+7PvEiYGLQ8+feq5Tdnx4ZGRss0jtvo+9g91meByNIk5Fihe++5PUjIgi9n8uag937LfrrzoxWHVifHik6shMqzm7VH442jkRRUS9q1Kjc452Hovo6X2ofdhdI2K5bH7Z4MGye2PzzYXmtZnp+mhzYam11JqbHU3t1pb9qUcRF1LESkSs9d29u94ooidSfPv4eroWEUc65+EL1cTg3dtRHGAf96BsZ703YqV4DMbsEOuLIl6PFD9972RMlucs/8TnI14v8/sR75T5SkQqvxjnIz7Y4XvE46kniviLcvwvrqep6nrQua5c/mr9y7PX57rKdq4rv+D94a4rxSO6P/Rvy4fjkF+balFEs7rir6f7/80OAAAAAAAAAAAAAAAAAA9afxTxbKR47d//uJpXHNW89OMXh/5g4Je754w/c4/9lGVfjIjlYm9zco/miYGjaTSlRzyX+ElWiyL+JM//++ajbgwAAAAAAAAAAAAAAAAAAMATrYgfR4qX3z+ZVqJ7TfHW7I361ea1mfaqsJ21fztrpm9sbGzUUzsbOSdyLudcybmacy1nFLl+zkbOiZzLOVdyruZcyxlHcv2cjZwTOZdzruRczbmWM3py/ZyNnBM5l3Ou5FzNuZYzDsnavQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHydFFPHzSPGtr6+nSBHRiJiIdq72PerWAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAClvlTE9yJF/Q8bd7b1RESq/m07Wf5yPhpHy/xUNIbKfCUal3I2q+xpfPMRtJ/96U1F/ChS9NXevTPgefx72+/ufA3inW9svvvVnnYe6Xw48GHfJ04cvzg08uvP7PY67dSAwcut2Vu36+PDIyNjXZt78tE/1bVtIB+3eDBdJyIW33r7zebMzPTC/b8ovwL7qO6FF4f1RfQcimY8mr7zBCjv/x9Eit95/z86N/zO/f+X2u/u3OHjZ3+6ef9/efuO9nj/79le7x73/6e6tr2cfzfS2xNRW7o533siorb41tunWjebN6ZvTM+eP336S0NDXzp3uvdoRO16a2a669UDOV0AAAAAAAAAAAAAAAAAD08q4vciRfNH66keEber+VoDF4eeP/XckThSzbfaMm/7jbGrl+qvzt2cX5heXJyeqo/Ptibnpqb3erhaNd1rfHjkQDpzT/0H3P7+2qtz828ttG780dKOnx+rXbq2uLTQnNz54+iPIqLRvWWwavD48EjV6JlWc7aqOrrjZPpfXG8q4j8jxeT5evpc3pbn/22f4b9l/v/y9h0d0Pz/T3ZtK4+ZUhE/ixS//ZfPxOeqdh6Lu85ZLve3kWLwwmdzuThaluu0of1cgfbMwLLs/0aKf/z51rKd+ZBPbZY9s+cT+5gox/94pPjen38nfiNv2/r8h53H/9j2HR3Q+D/dte3YlucV7Lvr5PE/FSleeerd+M287aOe/9F59sbJXPjO8zkOaPw/3bVtIB/3tx5M1wEAAAAAAAAAAB5rvamIv4sUPxjpSS/lbXv5+39T23d0QH//6zNd26YezHpF93yx75MKAAAAAIdEbyrix5HixtK7d+ZQb53/3TX/83c3538Op22fVn/O9yvVcwMe5J//dRvIx53Yf7cBAAAAAAAAAAAAAAAAAADgUEmpiJfyeuoT1Xz+qV3XU1+NFK/99wu5XDpRluusAz9Q/Vq7Mjd76tLMzNxkc6l5bWa6PjbfnJwu6z4dKdb/5rO5blGtr95Zb769xvvmWuwLkWLk7ztl22uxd9Ymf3qz7Jmy7CcjxX/9w9aynXWsP71Z9mxZ9q8jxdf+eeeyJzbLnivLfidS/PBr9U7ZY2XZzvNRP7NZ9sXJueIARgUAAAAAAAAAAAAAAAAAAIAnTW8q4s8ixf/cXLkzlz+v/9/b9bbyzje61vvf5na1zv9Atf7/bq/vZ/3/6rkCy7sdFQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPp5SFPF2pJi/sp5W+8r3bbXLrdlbt8eHR3au1p+qmkeq8uVP7czZc+e/+NLQhU5+dP0H7dl4Y+zqpfqrczfnF6YXF6en6uOzrcm5qek972G/9bcbrE5A/eabt6auX1+sn33x3JaPbw982PeJEwMXh54/9Vyn7PjwyMhYV5me3vs++l3SLtuPRhF/FSle+O5P0g/6IorY/7m4x3fnoPVXnRisOjE+PFJ1ZKbVnF0qPxztnIgiot5VqdE5Rw9hLPalEbFcNr9s8GDZvbH55kLz2sx0fbS5sNRaas3NjqZ2a8v+1KOICyliJSLW+u7eXW8U8Wak+Pbx9fQvfRFHOufhC1fGvnL67O7tKA6wj3tQtrPeG7FSPAZjdoj1RRH/FCl++t7J+Ne+iJ5o/8TnI14v8/sR70R7vFP5xTgf8cEO3yMeTz1RxP+V439xPb3XV14POteVy1+tf3n2+lxX2c515bG/PzxMh/zaVIsiflhd8dfTv/nvGgAAAAAAAAAAAAAAAOAQKeLXIsXL759M1fzgO3OKW7M36leb12ba0/o6c/86c6Y3NjY26qmdjZwTOZdzruRczbmWM4pcP2ejzNrGxkR+v5xzJedqzrWccSTXz9nIOZFzOedKztWcazmjJ9fP2cg5kXM550rO1ZxrOeOQzN0DAAAAAAAAAAAAAAAAAAA+XorqnxTf+vp62uhrry89Ee1ctR7ox97/BwAA///bhfta") r1 = socket$inet6_udp(0xa, 0x2, 0x0) syz_mount_image$erofs(&(0x7f00000001c0), &(0x7f0000000400)='./file2\x00', 0x8002, &(0x7f0000000040)=ANY=[], 0x1, 0x1f3, &(0x7f0000000700)="$eJzslc+L00AUx78zU5PsrvgHePHgguvBNElVvCysF08eBNHFg2Bx02U160qbgy2I+Bd49+bBP0OoV/8IqYIoiF7U88j8SDLG+KO21YLvA/vyfZnJmzdvtm9AEMR/y+tXXyby8+bbAMBhrMO3798JZQOtuTP/ZfDx/vOLF7YfXX/6wp+EK99G86devwVgfF4gV84qIKWU7vi6fR7R+qTWV8CtArbBEFp9AxxXrU7BcM3qW44+UPPDsLeXpeHNg2ynJ7I0Ul6sTKJMp57fh4cMO9ZX+TFnfDAc3e5mWdpfoGiu3Pg9IEx+AbDp5OeeVwiTbQRe1jIGR2x1BwyXrT4Hv6iNKYmz/6OtKr746f49zLjtNwCqN7351dH/LmdPLfVHAQH2V85+wUJAi+JEZwi4pNWAOuL5BJQ+MM1XXIu1X64uZi/dsy1zfmWqD4w/XZytoHnIQz9AEfC3/0mq/imfMJxw+pNpJY/1z7Gd799tD4ajU3v73d10N72TJJ2z0ekoOpO0dSMytrkF6vgruj+tVvH1ndSSAKvN9ZiHe90878fGln5ibFPH5br/cWwcxyHlq5heLe4nAMVFyOwf10+lNsQPkycIgviHHAPTPVn35ULY26QckHLtUuPX9Q5LEARBEARBEARBEMQy8jUAAP//3LtTfQ==") quotactl$Q_QUOTAON(0xffffffff80000201, &(0x7f0000000180)=@loop={'/dev/loop', 0x0}, 0x0, 0x0) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='memory.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r2, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x9) syz_mount_image$erofs(&(0x7f0000000040), &(0x7f0000000200)='./file1\x00', 0x80, &(0x7f00000001c0)=ANY=[], 0x4, 0x203, &(0x7f0000000440)="$eJzslb9v00AUx79nO3bSMiCxsTBQiTLg2A6/lkplYWJA4kfFRkTdquAS1HqglRDqX8DOxsDCv4CQwsofgQISAgmFBZgPne9sn5M4yg9HGXgfKc9f33s6v3vPeQZBEP8tX7/87fE/G9/rAE5hDY5a/2HmMYYW/7n+68XHWze3XllvPzk9t1HczZn6+RaA7g0TsbrnnHPdv6aud2Fk+h4MXFR6Cwyu0g9h4L7SIRgeKP1Y052aElHoPupE2zt7UegJ4wsTCNMazK9/wrCt5cc0/+HR8ZN2FIUHCxN2SeW6P7P86sCGlp/eLxcyW0+rnw8DvtItMNxR+jocuK6bl0Q7/1kr398ce34b0x9yVV/5lnQnXdkZCDYxZR1rUtRGxYjaztYYgI3u/fvKX4LT8+5jo7CCd7nLlK60o9W/waLCi/tvDDVlyAWreNI5HsEdE9XnfM2pYIh82JT9y1J9Ke+LwZ3V8V3enOz9mVDk85O/YbiQziek0/N18rFoxvvPmodHx5f29tu74W74NAhaV73LnnclaCaDSNqSGSj2byTzaUWOJkGjLNZmNp634/jAlza7D6TNDwBAG3L9EwPr55F8ORjO3B7c9zeA9KFM/YzkKtS6WZo8QRDEEjkHlg1OKxXqa6IcNuc80IbeyrJyJQiCIAiCIAiCIAhiNv4FAAD//xPCU3c=") r3 = openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$F2FS_IOC_RELEASE_COMPRESS_BLOCKS(r0, 0x8008f512, 0x0) r4 = fanotify_init(0x200, 0x0) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x5) fanotify_mark(r4, 0x1, 0x4800003e, r3, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000000)=@nat={'nat\x00', 0x8, 0x5, 0x490, 0xf0, 0x2d0, 0xffffffff, 0x0, 0xf0, 0x3c0, 0x3c0, 0xffffffff, 0x3c0, 0x3c0, 0x5, 0x0, {[{{@uncond, 0xb7030000, 0xa8, 0xf0}, @REDIRECT={0x48, 'REDIRECT\x00', 0x0, {0x5, @ipv6=@private0={0xfc, 0x0, '\x00', 0x1}, @ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}, @gre_key=0x1, @gre_key=0x8d}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @REDIRECT={0x48, 'REDIRECT\x00', 0x0, {0x0, @ipv4=@loopback, @ipv6=@local, @icmp_id, @gre_key=0x1}}}, {{@ipv6={@mcast1, @local, [0xffffff00, 0x0, 0x0, 0x445de9688c2ce293], [], 'wg1\x00', 'ip6gre0\x00', {0xff}}, 0x0, 0xa8, 0xf0}, @REDIRECT={0x48, 'REDIRECT\x00', 0x0, {0x0, @ipv6=@private1={0xfc, 0x1, '\x00', 0x1}, @ipv4=@broadcast, @gre_key=0x1, @gre_key=0x2}}}, {{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @ipv4={'\x00', '\xff\xff', @private=0xa010100}, [], [0x0, 0x0, 0xff000000], 'lo\x00', 'wlan0\x00', {}, {}, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xa8, 0xf0}, @REDIRECT={0x48, 'REDIRECT\x00', 0x0, {0x0, @ipv4=@multicast1, @ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}, @icmp_id, @icmp_id}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x4f0) 3.781901035s ago: executing program 1 (id=11): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) r1 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) ioctl$sock_bt_hidp_HIDPCONNADD(r1, 0x400448c8, &(0x7f0000000600)={r0, r0, 0x8, 0x0, 0x0, 0x6, 0xfe, 0x10cf, 0x5, 0x5, 0x2, 0x1, 'syz0\x00'}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) 3.505663832s ago: executing program 0 (id=12): setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000180)={0x200000000000001}, 0x8) connect$inet6(0xffffffffffffffff, &(0x7f0000002140)={0xa, 0x4e28, 0x8, @mcast2, 0x5}, 0x1c) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000003cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4001c00) r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup(r1) getsockopt$inet6_tcp_buf(0xffffffffffffffff, 0x6, 0x21, 0x0, &(0x7f0000000080)) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}) write$tun(r0, &(0x7f0000000000)={@val={0xa, 0x88a8}, @void, @eth={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x8c58257c1ad608aa}, @local, @val={@val, {0x8100, 0x3, 0x0, 0x1}}, {@generic={0xfbfb}}}}, 0x1a) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) 2.674212104s ago: executing program 4 (id=13): socket$inet_tcp(0x2, 0x1, 0x0) msync(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x6) keyctl$chown(0x4, 0x0, 0xee01, 0xee01) r0 = syz_open_procfs(0x0, 0x0) preadv(r0, 0x0, 0x0, 0x0, 0x0) mmap(&(0x7f0000ff4000/0xc000)=nil, 0xc000, 0x1000003, 0x20031, 0xffffffffffffffff, 0xffffe000) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) gettid() timer_create(0x0, 0x0, 0x0) syz_usb_connect(0x3, 0x24, &(0x7f0000003ac0)={{0x12, 0x1, 0x201, 0x20, 0x72, 0x3b, 0x10, 0x5ef, 0x8884, 0x3, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x6, 0x81, 0x40, 0xc5, [{{0x9, 0x4, 0x0, 0x4, 0x0, 0xbb, 0xbb, 0xf2, 0x8e}}]}}]}}, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001140)=@newqdisc={0x70, 0x24, 0x4ee4e6a52ff56541, 0x40000, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0xe}, {0xffff, 0xffff}, {0x0, 0xfff3}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x40, 0x2, {{0x9, 0x29, 0x80, 0x9, 0xffffffff, 0x91b1}, [@TCA_NETEM_RATE={0x14, 0x6, {0x5, 0x7, 0x7fffffff}}, @TCA_NETEM_CORR={0x10, 0x1, {0x3, 0x3aa8, 0x7}}]}}}]}, 0x70}}, 0x0) r3 = socket$inet6(0xa, 0x3, 0x2) connect$inet6(r3, &(0x7f0000000200)={0xa, 0x4e25, 0x0, @empty, 0x7}, 0x1c) sendmmsg(r3, &(0x7f00000092c0), 0x4ff, 0x0) 2.099743334s ago: executing program 2 (id=14): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000) r1 = syz_io_uring_setup(0x5100, &(0x7f0000000000)={0x0, 0x8015, 0x8, 0x1, 0x2c9}, &(0x7f0000000080), &(0x7f0000000180)) io_uring_setup(0x5720, &(0x7f0000000240)={0x0, 0xcae8, 0x986c, 0x3, 0x96, 0x0, r1}) r2 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r2, &(0x7f0000000200)={0xa, 0x0, 0xfffffffd, @empty}, 0x1c) r3 = dup(r2) r4 = open(&(0x7f00000000c0)='./file0\x00', 0x1298c2, 0x0) ftruncate(r4, 0x200004) sendfile(r3, r4, 0x0, 0x80001d00c0d1) 2.04721009s ago: executing program 1 (id=15): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f00000000c0)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r1 = syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x0, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000000ac0)=""/102392, 0x18ff8) inotify_init1(0x0) socket$inet6(0xa, 0x3, 0x100) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$IP6T_SO_GET_REVISION_MATCH(r3, 0x29, 0x44, &(0x7f0000000000)={'ah\x00'}, &(0x7f0000000080)=0x1e) 1.915391729s ago: executing program 3 (id=16): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x37}}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x4048aec9, 0x0) r2 = socket$key(0xf, 0x3, 0x2) ioctl$AUTOFS_IOC_SETTIMEOUT(r2, 0x80049367, &(0x7f0000000240)=0x7b) writev(r1, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1) socket$inet(0x2, 0x2, 0x0) write(0xffffffffffffffff, 0x0, 0x0) shutdown(r0, 0x1) 1.546802876s ago: executing program 0 (id=17): syz_mount_image$squashfs(&(0x7f0000000700), &(0x7f0000000b00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x3014441, &(0x7f00000001c0)=ANY=[], 0xff, 0x192, &(0x7f0000000c00)="$eJzskr2qE0EUx3+z2fsl90YFqzTeQvwoNJuNip2WWmmhIFiFzRqDGzXZgCYEXBGxsBBLH0DyIL6AFuIDpE4RrGVkvnZXyBvc+RX7n/nPOTNzzuyzfJzvAX83i4Q7aBo0+SkEIXBeGG8dGP1i9ZfVz0b4IXh8H7hn/fdWW1YVx5yFVj6bP+9lWTo5Bv5or7Ty2+8C1vrI35tFogZvq3z6oMI5dDEN448BKaUEHrVCOKeLkOU+oY56wCWgPR29auez+dXhqDdIB+mLuNG9GV2Pohtx++kwSyPzFbVruBKUXvl2SB21vgN8sPNTNP9bF9XV7DrigCdl7q7rYVOwDZcrpVShHNmyYJHs4d4LHnKRfeB1IWruBX3rEF3S3UCZZtIxLXEvrqL29cK15GXWP7CmTlsSqj2ct1NuGK9qk+6tgiMT8dFGqsMJq1KWVldW3a/lfpmwUN9Pdna5gF3e9KbTSUdVbkbCjeLSi88U1B5Info1qJoPnP4ebO2tbpjH4/F4PB6Px+PxnBD+BQAA//+DjWtR") openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) gettid() mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x148) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) r1 = fanotify_init(0xf00, 0x1000) fanotify_mark(r1, 0x105, 0x5000003a, r0, 0x0) creat(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x93) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r3 = fanotify_init(0x200, 0x0) fanotify_mark(r3, 0x2d, 0x1001, r2, 0x0) renameat2(0xffffffffffffff9c, &(0x7f0000000380)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xffffffffffffff9c, &(0x7f0000000480)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2) 991.367945ms ago: executing program 3 (id=18): unshare(0x22020600) r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_TREAD_OLD(r0, 0x40045402, 0x0) 419.662135ms ago: executing program 4 (id=19): sendto$inet6(0xffffffffffffffff, &(0x7f0000000400), 0x0, 0x40040, 0x0, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r2, &(0x7f0000000040)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x88fd537e5e114b6f, 0x12, r2, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000002c0)={0x0, 0x0, @pic={0x2c, 0xc0, 0x7, 0x6, 0xfb, 0x2, 0x12, 0x4, 0x3, 0x0, 0x3, 0x58, 0x9c, 0x6, 0x6, 0x7f}}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000000)={[0x18addbae, 0xfff, 0x2, 0x180, 0x4, 0x1000, 0xf1, 0x0, 0x7fffffffffffe, 0xa, 0xfc9, 0x3, 0xfffffffffffffffe, 0x45, 0x3, 0xbd8], 0x1, 0x1c5a13}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 283.768869ms ago: executing program 0 (id=20): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x72, 0x0, 0x7fff0000}]}) keyctl$join(0x1, &(0x7f0000000280)={'syz', 0x1}) request_key(&(0x7f0000000040)='keyring\x00', &(0x7f0000000100)={'syz', 0x1}, 0x0, 0xfffffffffffffffe) 27.36946ms ago: executing program 2 (id=21): r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000000)={[{0x81fffffe, 0x4, 0xc1, 0x4f, 0x3, 0xbd, 0xd, 0x6, 0x1, 0x44, 0x8, 0x3, 0x100}, {0xb, 0xa6f2, 0x2, 0x8, 0x9, 0xfb, 0x44, 0x87, 0xa, 0x13, 0x7, 0x6, 0xffffffffffffffff}, {0x1fd, 0x8, 0xd, 0x22, 0x25, 0x9, 0x69, 0x13, 0x3, 0x15, 0x0, 0xf, 0x4}], 0x2}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x67a, 0x6, 0x3fe, 0x0, 0x1000, 0x1, 0x4002004c4, 0x1000, 0x0, 0x97, 0x10, 0x3, 0x2, 0x4, 0x0, 0x1aa], 0xeeee8000, 0x400}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 0s ago: executing program 3 (id=22): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) write$bt_hci(r0, &(0x7f0000000080)=ANY=[], 0x6) kernel console output (not intermixed with test programs): no interfaces have a carrier [ 111.379103][ T5424] 8021q: adding VLAN 0 to HW filter on device bond0 [ 111.409915][ T5424] eql: remember to turn off Van-Jacobson compression on your slave devices Starting crond: OK Starting sshd: OK syzkaller Warning: Permanently added '10.128.1.205' (ED25519) to the list of known hosts. syzkaller login: [ 155.329948][ T5756] cgroup: Unknown subsys name 'net' [ 155.462553][ T5756] cgroup: Unknown subsys name 'cpuset' [ 155.476592][ T5756] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 161.098369][ T5756] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 165.184726][ T5776] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 165.194123][ T5776] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 165.213793][ T5776] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 165.222996][ T5776] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 165.228013][ T5779] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 165.237061][ T5776] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 165.240921][ T5776] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 165.252796][ T5779] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 165.265698][ T5779] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 165.276706][ T5779] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 165.343320][ T5779] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 165.354880][ T5776] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 165.364645][ T5776] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 165.374087][ T5776] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 165.384271][ T5776] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 165.394001][ T5787] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 165.402370][ T5776] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 165.416814][ T5787] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 165.426968][ T5787] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 165.428240][ T5776] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 165.437772][ T5787] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 165.474604][ T5787] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 165.489851][ T5787] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 165.507056][ T5787] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 165.517818][ T5787] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 166.758376][ T5777] chnl_net:caif_netlink_parms(): no params data found [ 166.985798][ T5783] chnl_net:caif_netlink_parms(): no params data found [ 167.237978][ T5782] chnl_net:caif_netlink_parms(): no params data found [ 167.277102][ T5784] chnl_net:caif_netlink_parms(): no params data found [ 167.300247][ T5774] chnl_net:caif_netlink_parms(): no params data found [ 167.324747][ T49] Bluetooth: hci0: command tx timeout [ 167.405025][ T49] Bluetooth: hci1: command tx timeout [ 167.482053][ T49] Bluetooth: hci3: command tx timeout [ 167.482101][ T5787] Bluetooth: hci4: command tx timeout [ 167.562134][ T49] Bluetooth: hci2: command tx timeout [ 167.762506][ T5777] bridge0: port 1(bridge_slave_0) entered blocking state [ 167.770017][ T5777] bridge0: port 1(bridge_slave_0) entered disabled state [ 167.792537][ T5777] bridge_slave_0: entered allmulticast mode [ 167.808764][ T5777] bridge_slave_0: entered promiscuous mode [ 167.969581][ T5777] bridge0: port 2(bridge_slave_1) entered blocking state [ 167.981558][ T5777] bridge0: port 2(bridge_slave_1) entered disabled state [ 167.990992][ T5777] bridge_slave_1: entered allmulticast mode [ 168.001491][ T5777] bridge_slave_1: entered promiscuous mode [ 168.037516][ T5783] bridge0: port 1(bridge_slave_0) entered blocking state [ 168.045274][ T5783] bridge0: port 1(bridge_slave_0) entered disabled state [ 168.054685][ T5783] bridge_slave_0: entered allmulticast mode [ 168.063348][ T5783] bridge_slave_0: entered promiscuous mode [ 168.217131][ T5783] bridge0: port 2(bridge_slave_1) entered blocking state [ 168.226162][ T5783] bridge0: port 2(bridge_slave_1) entered disabled state [ 168.233863][ T5783] bridge_slave_1: entered allmulticast mode [ 168.242323][ T5783] bridge_slave_1: entered promiscuous mode [ 168.283862][ T5774] bridge0: port 1(bridge_slave_0) entered blocking state [ 168.291328][ T5774] bridge0: port 1(bridge_slave_0) entered disabled state [ 168.301625][ T5774] bridge_slave_0: entered allmulticast mode [ 168.309973][ T5774] bridge_slave_0: entered promiscuous mode [ 168.329916][ T5777] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 168.408357][ T5774] bridge0: port 2(bridge_slave_1) entered blocking state [ 168.416172][ T5774] bridge0: port 2(bridge_slave_1) entered disabled state [ 168.424009][ T5774] bridge_slave_1: entered allmulticast mode [ 168.432844][ T5774] bridge_slave_1: entered promiscuous mode [ 168.449723][ T5777] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 168.522871][ T5783] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 168.602272][ T5784] bridge0: port 1(bridge_slave_0) entered blocking state [ 168.609897][ T5784] bridge0: port 1(bridge_slave_0) entered disabled state [ 168.617691][ T5784] bridge_slave_0: entered allmulticast mode [ 168.625908][ T5784] bridge_slave_0: entered promiscuous mode [ 168.644215][ T5783] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 168.654185][ T5782] bridge0: port 1(bridge_slave_0) entered blocking state [ 168.661627][ T5782] bridge0: port 1(bridge_slave_0) entered disabled state [ 168.669372][ T5782] bridge_slave_0: entered allmulticast mode [ 168.678140][ T5782] bridge_slave_0: entered promiscuous mode [ 168.722420][ T5777] team0: Port device team_slave_0 added [ 168.728663][ T5784] bridge0: port 2(bridge_slave_1) entered blocking state [ 168.737047][ T5784] bridge0: port 2(bridge_slave_1) entered disabled state [ 168.744699][ T5784] bridge_slave_1: entered allmulticast mode [ 168.753112][ T5784] bridge_slave_1: entered promiscuous mode [ 168.793292][ T5782] bridge0: port 2(bridge_slave_1) entered blocking state [ 168.800594][ T5782] bridge0: port 2(bridge_slave_1) entered disabled state [ 168.808254][ T5782] bridge_slave_1: entered allmulticast mode [ 168.816706][ T5782] bridge_slave_1: entered promiscuous mode [ 168.865602][ T5774] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 168.919232][ T5777] team0: Port device team_slave_1 added [ 169.033297][ T5774] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 169.095790][ T5783] team0: Port device team_slave_0 added [ 169.153835][ T5777] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 169.160888][ T5777] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 169.187177][ T5777] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 169.206877][ T5784] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 169.223948][ T5783] team0: Port device team_slave_1 added [ 169.237232][ T5782] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 169.271111][ T5777] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 169.278637][ T5777] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 169.305231][ T5777] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 169.325072][ T5784] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 169.365732][ T5782] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 169.383631][ T5774] team0: Port device team_slave_0 added [ 169.402252][ T49] Bluetooth: hci0: command tx timeout [ 169.482146][ T49] Bluetooth: hci1: command tx timeout [ 169.516153][ T5774] team0: Port device team_slave_1 added [ 169.562042][ T49] Bluetooth: hci4: command tx timeout [ 169.567624][ T49] Bluetooth: hci3: command tx timeout [ 169.583887][ T5784] team0: Port device team_slave_0 added [ 169.591711][ T5783] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 169.598940][ T5783] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 169.625529][ T5783] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 169.642111][ T49] Bluetooth: hci2: command tx timeout [ 169.666010][ T5774] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 169.673560][ T5774] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 169.699803][ T5774] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 169.740947][ T5784] team0: Port device team_slave_1 added [ 169.749106][ T5783] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 169.756454][ T5783] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 169.782973][ T5783] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 169.803034][ T5782] team0: Port device team_slave_0 added [ 169.811132][ T5774] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 169.818317][ T5774] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 169.845096][ T5774] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 169.938489][ T5782] team0: Port device team_slave_1 added [ 169.975053][ T5777] hsr_slave_0: entered promiscuous mode [ 169.984046][ T5777] hsr_slave_1: entered promiscuous mode [ 170.020389][ T5784] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 170.027633][ T5784] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 170.054748][ T5784] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 170.116735][ T5782] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 170.124365][ T5782] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 170.150872][ T5782] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 170.166751][ T5782] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 170.174435][ T5782] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 170.200952][ T5782] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 170.219854][ T5784] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 170.227024][ T5784] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 170.253364][ T5784] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 170.416973][ T5783] hsr_slave_0: entered promiscuous mode [ 170.425492][ T5783] hsr_slave_1: entered promiscuous mode [ 170.433891][ T5783] debugfs: 'hsr0' already exists in 'hsr' [ 170.439805][ T5783] Cannot create hsr debugfs directory [ 170.524262][ T5774] hsr_slave_0: entered promiscuous mode [ 170.534022][ T5774] hsr_slave_1: entered promiscuous mode [ 170.541532][ T5774] debugfs: 'hsr0' already exists in 'hsr' [ 170.547616][ T5774] Cannot create hsr debugfs directory [ 170.667541][ T5784] hsr_slave_0: entered promiscuous mode [ 170.676084][ T5784] hsr_slave_1: entered promiscuous mode [ 170.684344][ T5784] debugfs: 'hsr0' already exists in 'hsr' [ 170.690250][ T5784] Cannot create hsr debugfs directory [ 170.740955][ T5782] hsr_slave_0: entered promiscuous mode [ 170.749599][ T5782] hsr_slave_1: entered promiscuous mode [ 170.757746][ T5782] debugfs: 'hsr0' already exists in 'hsr' [ 170.763761][ T5782] Cannot create hsr debugfs directory [ 171.482216][ T49] Bluetooth: hci0: command tx timeout [ 171.572047][ T49] Bluetooth: hci1: command tx timeout [ 171.642113][ T49] Bluetooth: hci3: command tx timeout [ 171.642155][ T5787] Bluetooth: hci4: command tx timeout [ 171.722255][ T49] Bluetooth: hci2: command tx timeout [ 171.930946][ T5777] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 171.958632][ T5777] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 171.979161][ T5777] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 171.998497][ T5777] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 172.139832][ T5783] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 172.161536][ T5783] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 172.181090][ T5783] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 172.200768][ T5783] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 172.451051][ T5784] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 172.486800][ T5784] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 172.504706][ T5784] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 172.554751][ T5784] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 172.810377][ T5782] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 172.829505][ T5782] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 172.888625][ T5782] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 172.950040][ T5782] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 173.005521][ T5777] 8021q: adding VLAN 0 to HW filter on device bond0 [ 173.190893][ T5774] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 173.245310][ T5777] 8021q: adding VLAN 0 to HW filter on device team0 [ 173.253217][ T5774] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 173.272716][ T5774] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 173.300938][ T5774] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 173.354607][ T5783] 8021q: adding VLAN 0 to HW filter on device bond0 [ 173.410950][ T1324] bridge0: port 1(bridge_slave_0) entered blocking state [ 173.418417][ T1324] bridge0: port 1(bridge_slave_0) entered forwarding state [ 173.493915][ T53] bridge0: port 2(bridge_slave_1) entered blocking state [ 173.501218][ T53] bridge0: port 2(bridge_slave_1) entered forwarding state [ 173.564107][ T49] Bluetooth: hci0: command tx timeout [ 173.605124][ T5783] 8021q: adding VLAN 0 to HW filter on device team0 [ 173.642210][ T49] Bluetooth: hci1: command tx timeout [ 173.706972][ T53] bridge0: port 1(bridge_slave_0) entered blocking state [ 173.714353][ T53] bridge0: port 1(bridge_slave_0) entered forwarding state [ 173.724322][ T49] Bluetooth: hci4: command tx timeout [ 173.724424][ T5787] Bluetooth: hci3: command tx timeout [ 173.802183][ T5787] Bluetooth: hci2: command tx timeout [ 173.824179][ T53] bridge0: port 2(bridge_slave_1) entered blocking state [ 173.831476][ T53] bridge0: port 2(bridge_slave_1) entered forwarding state [ 173.936347][ T5784] 8021q: adding VLAN 0 to HW filter on device bond0 [ 174.209412][ T5784] 8021q: adding VLAN 0 to HW filter on device team0 [ 174.301616][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 174.309202][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 174.419703][ T5782] 8021q: adding VLAN 0 to HW filter on device bond0 [ 174.500973][ T1324] bridge0: port 2(bridge_slave_1) entered blocking state [ 174.508515][ T1324] bridge0: port 2(bridge_slave_1) entered forwarding state [ 174.621254][ T5782] 8021q: adding VLAN 0 to HW filter on device team0 [ 174.732825][ T5774] 8021q: adding VLAN 0 to HW filter on device bond0 [ 174.764164][ T1324] bridge0: port 1(bridge_slave_0) entered blocking state [ 174.771912][ T1324] bridge0: port 1(bridge_slave_0) entered forwarding state [ 174.846909][ T1324] bridge0: port 2(bridge_slave_1) entered blocking state [ 174.854456][ T1324] bridge0: port 2(bridge_slave_1) entered forwarding state [ 175.054281][ T5774] 8021q: adding VLAN 0 to HW filter on device team0 [ 175.101749][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 175.109292][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 175.208963][ T735] bridge0: port 2(bridge_slave_1) entered blocking state [ 175.216535][ T735] bridge0: port 2(bridge_slave_1) entered forwarding state [ 175.297890][ T5777] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 175.514523][ T5783] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 175.998157][ T5777] veth0_vlan: entered promiscuous mode [ 176.142973][ T5777] veth1_vlan: entered promiscuous mode [ 176.346302][ T5783] veth0_vlan: entered promiscuous mode [ 176.525012][ T5783] veth1_vlan: entered promiscuous mode [ 176.634183][ T5777] veth0_macvtap: entered promiscuous mode [ 176.698608][ T5784] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 176.736795][ T5777] veth1_macvtap: entered promiscuous mode [ 176.910210][ T5782] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 177.008976][ T5783] veth0_macvtap: entered promiscuous mode [ 177.058926][ T5777] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 177.147212][ T5777] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 177.161495][ T5783] veth1_macvtap: entered promiscuous mode [ 177.198504][ T5774] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 177.297827][ T12] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 177.345766][ T12] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 177.398567][ T5783] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 177.440589][ T12] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 177.463004][ T12] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 177.557988][ T5783] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 177.699015][ T53] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 177.709985][ T53] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 177.767082][ T53] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 177.783702][ T53] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 177.867212][ T5782] veth0_vlan: entered promiscuous mode [ 178.096929][ T5782] veth1_vlan: entered promiscuous mode [ 178.167678][ T5774] veth0_vlan: entered promiscuous mode [ 178.293004][ T5784] veth0_vlan: entered promiscuous mode [ 178.304617][ T5774] veth1_vlan: entered promiscuous mode [ 178.464929][ T5784] veth1_vlan: entered promiscuous mode [ 178.591163][ T5782] veth0_macvtap: entered promiscuous mode [ 178.695549][ T5782] veth1_macvtap: entered promiscuous mode [ 178.855678][ T5774] veth0_macvtap: entered promiscuous mode [ 178.927019][ T5774] veth1_macvtap: entered promiscuous mode [ 179.039604][ T5782] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 179.109871][ T5782] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 179.130839][ T5784] veth0_macvtap: entered promiscuous mode [ 179.195848][ T5774] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 179.250695][ T5784] veth1_macvtap: entered promiscuous mode [ 179.285659][ T34] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 179.305229][ T34] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 179.377280][ T5774] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 179.385442][ T34] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 179.400644][ T34] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 179.553560][ T5784] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 179.571128][ T13] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 179.629228][ T34] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 179.667124][ T34] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 179.692111][ T34] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 179.737275][ T5784] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 179.891192][ T13] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 179.922062][ T13] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 180.000440][ T13] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 180.038699][ T13] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 181.910847][ T1074] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 181.931196][ T1074] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 182.293875][ T57] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 182.344111][ T57] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 182.551609][ T34] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 182.607782][ T34] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 182.828132][ T5777] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 182.843871][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 182.855370][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 183.696618][ T5945] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 183.913028][ T5947] loop3: detected capacity change from 0 to 16 [ 183.949897][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 184.062394][ T5947] erofs (device loop3): blkszbits 0 isn't supported [ 185.690185][ T735] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 185.716374][ T735] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 185.766584][ T5967] loop1: detected capacity change from 0 to 512 [ 185.794088][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 185.804988][ T5967] ======================================================= [ 185.804988][ T5967] WARNING: The mand mount option has been deprecated and [ 185.804988][ T5967] and is ignored by this kernel. Remove the mand [ 185.804988][ T5967] option from the mount to silence this warning. [ 185.804988][ T5967] ======================================================= [ 186.004445][ T34] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 186.060597][ T5967] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 186.086208][ T34] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 186.115223][ T5967] ext4 filesystem being mounted at /2/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 186.219833][ T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!! [ 186.268007][ T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!! [ 186.276803][ T5967] EXT4-fs error (device loop1): ext4_validate_inode_bitmap:105: comm syz.1.7: Corrupt inode bitmap - block_group = 0, inode_bitmap = 20 [ 186.489085][ T735] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 186.528964][ T735] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 186.641142][ T5777] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 186.654116][ T34] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 186.792041][ T34] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 186.817862][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 187.282221][ T34] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 187.319107][ T5978] loop1: detected capacity change from 0 to 1024 [ 187.387111][ T34] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 187.425631][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 187.467536][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 187.663179][ T5978] EXT4-fs (loop1): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 187.742908][ T5978] ext4 filesystem being mounted at /3/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 188.102116][ T1922] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 188.323624][ T1922] usb 2-1: Using ep0 maxpacket: 8 [ 188.461056][ T1922] usb 2-1: unable to get BOS descriptor or descriptor too short [ 188.496454][ T1922] usb 2-1: no configurations [ 188.542090][ T1922] usb 2-1: can't read configurations, error -22 [ 188.712162][ T5830] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 188.889463][ T29] audit: type=1326 audit(1771145592.022:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5989 comm="syz.3.10" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709ef6c code=0x7ffc0000 [ 188.904469][ T5830] usb 3-1: Using ep0 maxpacket: 32 [ 188.963922][ T5988] loop4: detected capacity change from 0 to 512 [ 188.975048][ T5830] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 188.975206][ T5830] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 188.975393][ T5830] usb 3-1: New USB device found, idVendor=046d, idProduct=c29c, bcdDevice= 0.00 [ 188.988684][ T29] audit: type=1326 audit(1771145592.022:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5989 comm="syz.3.10" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709ef6c code=0x7ffc0000 [ 189.030246][ T5830] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 189.044646][ T5988] EXT4-fs: Ignoring removed i_version option [ 189.084055][ T5988] EXT4-fs: Ignoring removed oldalloc option [ 189.099176][ T5830] usb 3-1: config 0 descriptor?? [ 189.113795][ T29] audit: type=1326 audit(1771145592.032:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5989 comm="syz.3.10" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709ef6c code=0x7ffc0000 [ 189.253003][ T29] audit: type=1326 audit(1771145592.042:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5989 comm="syz.3.10" exe="/root/syz-executor" sig=0 arch=40000003 syscall=393 compat=1 ip=0xf709ef6c code=0x7ffc0000 [ 189.263440][ T5988] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 189.345257][ T5777] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 189.367322][ T29] audit: type=1326 audit(1771145592.042:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5989 comm="syz.3.10" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709ef6c code=0x7ffc0000 [ 189.420858][ T29] audit: type=1326 audit(1771145592.042:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5989 comm="syz.3.10" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709ef6c code=0x7ffc0000 [ 189.428764][ T5990] loop3: detected capacity change from 0 to 2048 [ 189.448918][ T29] audit: type=1326 audit(1771145592.062:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5989 comm="syz.3.10" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709ef6c code=0x7ffc0000 [ 189.538983][ T5990] udf: Bad value for 'anchor' [ 189.621089][ T5830] logitech 0003:046D:C29C.0001: unbalanced delimiter at end of report description [ 189.643814][ T29] audit: type=1326 audit(1771145592.062:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5989 comm="syz.3.10" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709ef6c code=0x7ffc0000 [ 189.730236][ T5830] logitech 0003:046D:C29C.0001: parse failed [ 189.774162][ T29] audit: type=1326 audit(1771145592.062:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5989 comm="syz.3.10" exe="/root/syz-executor" sig=0 arch=40000003 syscall=356 compat=1 ip=0xf709ef6c code=0x7ffc0000 [ 189.810968][ T5830] logitech 0003:046D:C29C.0001: probe with driver logitech failed with error -22 [ 189.907598][ T29] audit: type=1326 audit(1771145592.062:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5989 comm="syz.3.10" exe="/root/syz-executor" sig=0 arch=40000003 syscall=192 compat=1 ip=0xf709ef6c code=0x7ffc0000 [ 189.930338][ T5830] usb 3-1: USB disconnect, device number 2 [ 190.310601][ T5998] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input5 [ 190.368582][ T5784] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 191.328211][ T794] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 191.433272][ T0] NOHZ tick-stop error: local softirq work is pending, handler #41!!! [ 191.522279][ T794] usb 5-1: Using ep0 maxpacket: 16 [ 191.555283][ T6010] netlink: 'syz.3.16': attribute type 4 has an invalid length. [ 191.662710][ T794] usb 5-1: unable to get BOS descriptor or descriptor too short [ 191.719726][ T794] usb 5-1: unable to read config index 0 descriptor/start: -71 [ 191.787187][ T794] usb 5-1: can't read configurations, error -71 [ 191.812518][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 191.910202][ T6014] loop0: detected capacity change from 0 to 8 [ 192.077814][ T6014] squashfs image failed sanity check [ 192.247186][ T0] NOHZ tick-stop error: local softirq work is pending, handler #41!!! [ 192.348943][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 192.533049][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 193.344841][ C0] ===================================================== [ 193.352029][ C0] BUG: KMSAN: uninit-value in __flush_smp_call_function_queue+0x362/0x18e0 [ 193.360772][ C0] __flush_smp_call_function_queue+0x362/0x18e0 [ 193.367156][ C0] generic_smp_call_function_single_interrupt+0x1c/0x30 [ 193.374236][ C0] __sysvec_call_function_single+0x4b/0x3e0 [ 193.380713][ C0] sysvec_call_function_single+0x7c/0x90 [ 193.386473][ C0] asm_sysvec_call_function_single+0x1f/0x30 [ 193.392592][ C0] _raw_spin_unlock_irq+0x25/0x50 [ 193.397777][ C0] process_scheduled_works+0xabf/0x1e30 [ 193.403457][ C0] worker_thread+0xede/0x1580 [ 193.408267][ C0] kthread+0x53f/0x600 [ 193.412463][ C0] ret_from_fork+0x20f/0x910 [ 193.417172][ C0] ret_from_fork_asm+0x1a/0x30 [ 193.422076][ C0] [ 193.424456][ C0] Local variable reuse.i created at: [ 193.429792][ C0] mas_wr_store_entry+0x14bd/0x96d0 [ 193.435100][ C0] mas_store_prealloc+0x1834/0x1e60 [ 193.440410][ C0] [ 193.442820][ C0] CPU: 0 UID: 0 PID: 5830 Comm: kworker/0:3 Not tainted syzkaller #0 PREEMPT(full) [ 193.452318][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 193.462477][ C0] Workqueue: rcu_gp process_srcu [ 193.467563][ C0] ===================================================== [ 193.474550][ C0] Disabling lock debugging due to kernel taint [ 193.480780][ C0] Kernel panic - not syncing: kmsan.panic set ... [ 193.487328][ C0] CPU: 0 UID: 0 PID: 5830 Comm: kworker/0:3 Tainted: G B syzkaller #0 PREEMPT(full) [ 193.498410][ C0] Tainted: [B]=BAD_PAGE [ 193.502639][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 193.512811][ C0] Workqueue: rcu_gp process_srcu [ 193.517913][ C0] Call Trace: [ 193.521271][ C0] [ 193.524191][ C0] __dump_stack+0x26/0x30 [ 193.528657][ C0] dump_stack_lvl+0x50/0x1c0 [ 193.533383][ C0] ? dump_stack+0x12/0x25 [ 193.537843][ C0] dump_stack+0x1e/0x25 [ 193.542141][ C0] vpanic+0x7b4/0x1430 [ 193.546404][ C0] panic+0x15d/0x160 [ 193.550491][ C0] kmsan_report+0x31a/0x320 [ 193.555162][ C0] ? __msan_warning+0x1b/0x30 [ 193.559983][ C0] ? __flush_smp_call_function_queue+0x362/0x18e0 [ 193.566527][ C0] ? generic_smp_call_function_single_interrupt+0x1c/0x30 [ 193.573783][ C0] ? __sysvec_call_function_single+0x4b/0x3e0 [ 193.580017][ C0] ? sysvec_call_function_single+0x7c/0x90 [ 193.585954][ C0] ? asm_sysvec_call_function_single+0x1f/0x30 [ 193.592259][ C0] ? _raw_spin_unlock_irq+0x25/0x50 [ 193.597614][ C0] ? process_scheduled_works+0xabf/0x1e30 [ 193.603471][ C0] ? worker_thread+0xede/0x1580 [ 193.608453][ C0] ? kthread+0x53f/0x600 [ 193.612833][ C0] ? ret_from_fork+0x20f/0x910 [ 193.617722][ C0] ? ret_from_fork_asm+0x1a/0x30 [ 193.622822][ C0] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 193.629302][ C0] ? kmsan_get_metadata+0xf1/0x160 [ 193.634569][ C0] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 193.641055][ C0] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 193.647274][ C0] ? kmsan_get_metadata+0xf1/0x160 [ 193.652537][ C0] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 193.658505][ C0] ? kmsan_get_metadata+0xf1/0x160 [ 193.663770][ C0] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 193.670250][ C0] ? kmsan_get_metadata+0xf1/0x160 [ 193.675529][ C0] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 193.681507][ C0] ? kmsan_get_metadata+0xf1/0x160 [ 193.686797][ C0] __msan_warning+0x1b/0x30 [ 193.691448][ C0] __flush_smp_call_function_queue+0x362/0x18e0 [ 193.697871][ C0] generic_smp_call_function_single_interrupt+0x1c/0x30 [ 193.704954][ C0] __sysvec_call_function_single+0x4b/0x3e0 [ 193.711009][ C0] sysvec_call_function_single+0x7c/0x90 [ 193.716772][ C0] [ 193.719763][ C0] [ 193.722760][ C0] asm_sysvec_call_function_single+0x1f/0x30 [ 193.728893][ C0] RIP: 0010:_raw_spin_unlock_irq+0x25/0x50 [ 193.734871][ C0] Code: 90 90 90 90 90 f3 0f 1e fa 55 48 89 e5 53 48 89 fb e8 4f 42 a4 f1 48 89 df e8 87 35 a4 f1 c6 00 00 c6 03 00 fb be 04 00 00 00 <48> c7 c7 28 00 84 95 e8 9f 37 a4 f1 65 ff 0d 40 55 7d 04 74 08 5b [ 193.754610][ C0] RSP: 0018:ffff888050d37bf0 EFLAGS: 00000286 [ 193.760834][ C0] RAX: ffff88823fd21a00 RBX: ffff88813fca2a00 RCX: 0000000000b3ee3a [ 193.769002][ C0] RDX: ffff88823fc72a00 RSI: 0000000000000004 RDI: ffff88813fca2a00 [ 193.777092][ C0] RBP: ffff888050d37bf8 R08: ffffea000000000f R09: ffff888050dde040 [ 193.785198][ C0] R10: ffff888101ea4918 R11: ffffffff91018580 R12: ffff888101ea4910 [ 193.793285][ C0] R13: 0000000000000000 R14: ffff888050dde018 R15: 0000000000001739 [ 193.801374][ C0] ? __pfx_delay_tsc+0x10/0x10 [ 193.806317][ C0] process_scheduled_works+0xabf/0x1e30 [ 193.812067][ C0] worker_thread+0xede/0x1580 [ 193.816919][ C0] kthread+0x53f/0x600 [ 193.821142][ C0] ? __pfx_worker_thread+0x10/0x10 [ 193.826402][ C0] ? __pfx_kthread+0x10/0x10 [ 193.831142][ C0] ret_from_fork+0x20f/0x910 [ 193.835867][ C0] ? __switch_to+0x51c/0x750 [ 193.840615][ C0] ? __pfx_kthread+0x10/0x10 [ 193.845353][ C0] ret_from_fork_asm+0x1a/0x30 [ 193.850300][ C0] [ 193.853756][ C0] Kernel Offset: disabled [ 193.858132][ C0] Rebooting in 86400 seconds..