last executing test programs: 14.683905047s ago: executing program 2 (id=128): syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) sendmsg$NL80211_CMD_NEW_STATION(0xffffffffffffffff, 0x0, 0x4000040) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x8, 0x4}}]}}]}, 0x48}}, 0x20040084) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000008c0)=@newqdisc={0x8c, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r4, {0xf}, {0xffff, 0xffff}, {0x2, 0x1}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x5c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x4, [0xc, 0x5, 0x0, 0xf, 0x10, 0x2, 0x4, 0x2, 0xf, 0x6, 0x3, 0x7, 0x8, 0x4, 0x10, 0x4], 0x3, [0xb, 0x3, 0xad1e, 0x2002, 0x1, 0x4, 0x2, 0xd06, 0xff05, 0x2, 0xb, 0x3, 0x5, 0x6, 0xd, 0x100], [0xfff1, 0x5, 0xffff, 0xfff5, 0x6, 0x8, 0x1, 0x9, 0x5, 0x2, 0xc, 0x40, 0xfffc, 0x3, 0x1]}}]}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x400dc}, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) close(0x3) 14.63625299s ago: executing program 1 (id=130): syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) syz_open_dev$evdev(&(0x7f0000000000), 0xb7e, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$udambuf(0xffffffffffffff9c, &(0x7f00000001c0), 0x2) socket(0x2b, 0x1, 0x1) socket$inet6_tcp(0xa, 0x1, 0x0) openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0) syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="120150021e604240"], 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) r0 = syz_open_dev$dri(&(0x7f0000000440), 0x1, 0x48240) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000040)={&(0x7f0000000100)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000180)={0x1, 0x1, &(0x7f00000000c0)=[r1], &(0x7f0000000180), &(0x7f0000000200), &(0x7f00000001c0)=[0x7fffffff], 0x0, 0x1}) 11.662502341s ago: executing program 1 (id=135): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x50) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x2, 0x0) sendmsg$SMC_PNETID_GET(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14) sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000900)=ANY=[@ANYBLOB="8c0000001000370400"/20, @ANYRES32=r2, @ANYBLOB="00000000000000006c0012800e00010069703665727370616e000000580002801400060020010000000000000000000000000002050016000100000014000700fc020000000000000000000000000000040012"], 0x8c}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=@newqdisc={0x24}, 0x24}, 0x1, 0x0, 0x0, 0xc}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=@deltclass={0x24, 0x29, 0x800, 0x70bd28, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0xd, 0xfff3}, {0xb, 0xfff1}, {0x6, 0xffff}}}, 0x24}, 0x1, 0x0, 0x0, 0x40000}, 0x1) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000014c0)=@newtfilter={0x24, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {}, {0x8}}}, 0x24}}, 0x4000) r3 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r3, &(0x7f00000002c0), 0x40000000000009f, 0x0) 11.616028503s ago: executing program 3 (id=136): sendmsg$key(0xffffffffffffffff, 0x0, 0x0) socket$packet(0x11, 0x3, 0x300) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c) listen(r1, 0x0) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) r3 = accept(r1, 0x0, 0x0) sendmsg$TEAM_CMD_OPTIONS_SET(r3, &(0x7f0000000080)={0x0, 0xfffffffffffffc7d, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[], 0xfffffdef}}, 0x10) recvfrom(r2, &(0x7f0000000180)=""/60, 0xfffffffffffffecb, 0x4112, 0x0, 0x0) 11.488013011s ago: executing program 2 (id=137): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socket$rds(0x15, 0x5, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000680), r3) sendmsg$L2TP_CMD_TUNNEL_CREATE(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000640)={&(0x7f00000000c0)={0x3c, r4, 0x917, 0x0, 0xffffffe4, {}, [@L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x2}, @L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_PROTO_VERSION={0x5}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}, @L2TP_ATTR_FD={0x8, 0x17, @l2tp}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4044011}, 0x4000) 11.363360158s ago: executing program 1 (id=138): setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x0, 0x7d, 0x1ff, 0x1, 0x1}, 0x1c) recvmmsg$unix(0xffffffffffffffff, &(0x7f0000002d00)=[{{0x0, 0x0, &(0x7f0000000840)}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000001dc0)=[{&(0x7f0000001cc0)=""/252, 0xfc}], 0x1}}, {{0x0, 0x0, &(0x7f0000000780)=[{&(0x7f0000000500)=""/98, 0x62}], 0x1}}], 0x4, 0x400000a0, 0x0) socket$kcm(0x2b, 0x1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, 0x0, 0x80202, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{0x0}], 0x1) ioctl$VIDIOC_G_EXT_CTRLS(0xffffffffffffffff, 0xc0185648, &(0x7f0000000080)={0x0, 0x1, 0x20000000, 0xffffffffffffffff, 0x0, 0x0}) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'lo\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="300000001400030500008000ffdbdf25020751ff", @ANYRES32=r4, @ANYBLOB="080002007f000001"], 0x30}, 0x1, 0x0, 0x0, 0xc090}, 0x0) ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000180)={'lo\x00', {0x2, 0x4e21, @empty=0x7f000000}}) pipe2$watch_queue(&(0x7f0000001100), 0x80) 10.394589014s ago: executing program 2 (id=139): r0 = socket(0x10, 0x80003, 0x0) write(r0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$ax25_int(0xffffffffffffffff, 0x101, 0x4, 0x0, 0x0) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = syz_open_dev$video(&(0x7f0000000040), 0x1002000000000003, 0x101002) ioctl$VIDIOC_S_FMT(r4, 0xc0d05640, &(0x7f0000000340)={0xa, @pix={0x0, 0x3, 0x0, 0x3, 0x0, 0x4, 0x9, 0xfeedcafe, 0x3, 0x0, 0x8002, 0x4}}) 10.29207261s ago: executing program 1 (id=140): r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) prlimit64(r0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008a}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/udp\x00') read$FUSE(r4, &(0x7f00000061c0)={0x2020}, 0x2020) 9.745823911s ago: executing program 0 (id=141): openat(0xffffffffffffff9c, 0x0, 0x143042, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x8, 0x8000}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(0x0, 0x0, 0x0) read$msr(r0, 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000d84000)={0xa, 0x2, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_int(r1, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4) setsockopt$inet6_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x4e21, 0x5, @loopback, 0xa}}, 0x0, 0x0, 0x22, 0x0, "bb353738cb473fc7c9f1cf53b6a7b4e23602a3c364ca41d6e5615445244740bd4c0b42a21d7214bf92594925208a0e2f964e654dc534a6324d4993fcf19b2df3ee818a118a7c49462189316d556d2ccd"}, 0xd8) sendto$inet6(r1, &(0x7f00000000c0)="e9", 0x1, 0x20008045, &(0x7f00000001c0)={0xa, 0x2, 0x1000, @empty}, 0x1c) shutdown(r1, 0x2) 7.753368855s ago: executing program 2 (id=142): r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000540)=ANY=[@ANYBLOB="120100009f187620ef170372362e010203010902240001000010000904bc00029e8833000905020200020200000905820220"], 0x0) syz_usb_control_io$rtl8150(r0, 0x0, 0x0) syz_usb_control_io$rtl8150(r0, 0x0, &(0x7f00000029c0)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="200302"], 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000002640)={0x44, &(0x7f0000000500)={0x20, 0x10, 0x2, '!k'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, &(0x7f0000000a80)={0x44, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000840)={0x40, 0xb, 0x2, "31fb"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$lan78xx(r0, 0x0, &(0x7f0000000000)={0x34, &(0x7f0000000580)={0x0, 0x16, 0x2, "f610"}, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000380)={0x2c, &(0x7f0000000200)={0x40, 0x17, 0x1, 't'}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$rtl8150(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$rtl8150(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$lan78xx(r0, 0x0, 0x0) syz_usb_control_io$lan78xx(r0, 0x0, 0x0) syz_usb_control_io$rtl8150(r0, 0x0, 0x0) 7.749287906s ago: executing program 1 (id=143): r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f00000000c0)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) connect$bt_l2cap(0xffffffffffffffff, 0x0, 0x0) r4 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r4, 0xc4c85512, &(0x7f0000000780)={{0x5, 0x0, 0x0, 0xfffffffd, 'syz1\x00'}, 0x0, [0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x2, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0xfffffffffffffffd, 0x1, 0x0, 0x0, 0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0, 0xd451, 0x0, 0x0, 0x0, 0x8, 0x800, 0x0, 0x2, 0x0, 0x0, 0x0, 0x3, 0x2, 0x100000, 0x10000, 0x4, 0x0, 0x7ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x274, 0x0, 0x800, 0x80000000000, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffffffffffe, 0x3, 0xfffffffffffffffe, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x5, 0x0, 0x7fffffffffffffff, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff80000000, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0xfffffffffffffffe, 0x2, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x9, 0x1, 0x0, 0x10001, 0x0, 0x0, 0x0, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x4, 0x80000001, 0x0, 0x2, 0x0, 0x80000000]}) 7.698531708s ago: executing program 3 (id=144): socket$netlink(0x10, 0x3, 0x0) getpid() prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000440)=@base={0x14, 0x4, 0x8, 0x6, 0x0, 0x1}, 0x48) r4 = memfd_secret(0x0) readahead(r4, 0x7, 0x4000) r5 = socket$inet6(0xa, 0x80002, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000340)={r3, &(0x7f0000000280), &(0x7f0000000a80)=@udp6=r5}, 0x20) 7.592005885s ago: executing program 0 (id=145): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) r0 = gettid() sched_setscheduler(r0, 0x2, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = syz_open_dev$vcsu(0x0, 0x957, 0x14001) ioctl$SNDCTL_TMR_TIMEBASE(r4, 0xc0045401, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket$nl_sock_diag(0x10, 0x3, 0x4) openat(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup\x00', 0x0, 0x0) mount(&(0x7f0000000140)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000000)='ntfs3\x00', 0x2208004, 0x0) 6.432109801s ago: executing program 0 (id=146): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r4 = socket$netlink(0x10, 0x3, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0x6}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}}, 0x24040084) sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000400)=@newqdisc={0x34, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r7, {0x4}, {0xffff, 0xffff}, {0x2, 0xa}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x400dc}, 0x0) r8 = socket$netlink(0x10, 0x3, 0x0) r9 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=@newqdisc={0x38, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r10, {}, {0xffff, 0xffff}, {0x2, 0x1}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0xc, 0x2, [@TCA_HHF_QUANTUM={0x8, 0x2, 0xa406}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x400dc}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000000c0)=@newqdisc={0x40, 0x28, 0x4ee4e6a52ff56541, 0x5001, 0xfffffdfb, {0x0, 0x0, 0x0, r3, {0x4}, {0xffff, 0xffff}, {0xe, 0x1}}, [@qdisc_kind_options=@q_etf={{0x8}, {0x14, 0x2, @TCA_ETF_PARMS={0x10, 0x1, {0x7, 0x1}}}}]}, 0x40}, 0x1, 0x0, 0x0, 0x400dc}, 0x4000080) 5.984013037s ago: executing program 0 (id=147): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) timer_create(0x1, 0x0, 0x0) r3 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) fcntl$notify(r3, 0x402, 0x8000001f) r4 = open(&(0x7f0000000000)='.\x00', 0x0, 0x4) fcntl$notify(r4, 0x402, 0x8000003d) close_range(r3, r4, 0x0) 5.557394461s ago: executing program 3 (id=148): r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000200)=0x1000000000005) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) r1 = syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0x0) mmap$snddsp(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x50, r1, 0x5000) sched_setscheduler(0x0, 0x1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r3 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) gettid() timer_create(0x0, 0x0, &(0x7f0000bbdffc)=0x0) timer_settime(r5, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r7, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r7, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_GETPLANE(r7, 0xc02064b6, &(0x7f00000001c0)={r8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r7, 0xc02064b9, &(0x7f00000002c0)={&(0x7f0000000240)=[0x0, 0x0, 0x0], &(0x7f0000000040), 0x3, r9}) ioctl$DRM_IOCTL_MODE_ATOMIC(r7, 0xc03864bc, &(0x7f0000000580)={0x601, 0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000640)=[r11, r10], &(0x7f0000000340), 0x0, 0xffffffffffffffff}) splice(r6, 0x0, 0xffffffffffffffff, 0x0, 0x1, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000001280)=[{&(0x7f0000001180)="83", 0x1}], 0x1, 0x0) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x6) 4.580076897s ago: executing program 0 (id=149): r0 = getpgrp(0x0) prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) mount$fuse(0x0, 0x0, 0x0, 0x280449c, 0x0) openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(0xffffffffffffffff, 0x40605346, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) timer_gettime(0x0, &(0x7f0000000040)) 2.379275224s ago: executing program 1 (id=150): mkdirat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0xe) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000140)='ramfs\x00', 0x0, 0x0) syz_mount_image$fuse(&(0x7f0000000580), &(0x7f0000000040)='./file0\x00', 0x30160f8, &(0x7f0000000700)=ANY=[], 0x81, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x2, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000440), 0x8, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x42, 0x0) pwrite64(r0, &(0x7f00000000c0)='a', 0x200000c1, 0x9000) chdir(&(0x7f00000003c0)='./bus\x00') openat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x101042, 0x2) 2.242257762s ago: executing program 2 (id=151): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040)) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x35, 0x0, 0x2, 0x180, 0x5, 0x4, 0xf1, 0x50, 0x12, 0x2, 0x0, 0x29, 0x0, 0x6, 0x0, 0xbdb], 0xd000, 0x43102}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000000)=@newtaction={0x18, 0x30, 0xb, 0x0, 0x0, {}, [{0x4}]}, 0x18}}, 0x10) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x4, 0x1000000000, 0x0, 0x10043, 0x2000001, 0x3, 0x2004cb, 0x0, 0x1000007, 0xd2, 0x2, 0x9, 0x3, 0x0, 0x7], 0xeeee8000, 0x202}) ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f00000001c0)={{0x2000, 0xeeee0000, 0x8, 0x8, 0xb, 0xe4, 0x40, 0x0, 0x0, 0x2e, 0x80}, {0x5000, 0x4000, 0x3, 0x0, 0x42, 0x5, 0x5, 0x6, 0x5, 0x5, 0x2, 0x89}, {0x6000, 0x1, 0xe, 0x5, 0x3, 0x7, 0x0, 0x7, 0x3, 0xa4, 0x5, 0x5}, {0x1, 0xf000, 0xd, 0x6, 0x4, 0x42, 0xb, 0xff, 0x2, 0x7, 0xe}, {0xeeee0000, 0xd000, 0xf, 0x3, 0x15, 0x7, 0xab, 0x8, 0x9, 0x83, 0xf7, 0x83}, {0x1000, 0xc000, 0x9, 0xa0, 0xb1, 0x8, 0x1, 0xa0, 0x82, 0xf, 0x1, 0x7}, {0xeeef0000, 0xeeef0000, 0x4, 0x5, 0x7, 0x15, 0x7, 0x3, 0x9, 0x81, 0x40, 0x70}, {0xd000, 0x4000, 0x4, 0x5, 0xcd, 0x7, 0x1, 0x9, 0x2, 0xc, 0xb0, 0x9}, {0x3000, 0x30}, {0x8000000, 0x7}, 0x80010000, 0x0, 0x0, 0x2024, 0x0, 0x1500, 0x3000, [0x9, 0x204, 0x5b, 0x8]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 882.43972ms ago: executing program 0 (id=152): sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) clock_gettime(0x0, &(0x7f0000000080)) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) r1 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000001c0)={0x2, 0x9, 0x8, 0x9, 0x3, 0x0, 0x70bd2a, 0x25dfdbfe, [@sadb_x_sec_ctx={0x1, 0x17, 0xac, 0xdb}]}, 0x18}}, 0x800) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000840)={[{@numtail}, {@uni_xlate}, {@fat=@allow_utime={'allow_utime', 0x3d, 0x6}}, {@shortname_mixed}, {@iocharset={'iocharset', 0x3d, 'koi8-ru'}}, {@numtail}, {@fat=@dmask={'dmask', 0x3d, 0x3}}, {@shortname_winnt}, {@uni_xlate}, {@uni_xlate}, {@numtail}, {@shortname_win95}, {@iocharset={'iocharset', 0x3d, 'utf8'}}, {@fat=@quiet}, {@shortname_win95}, {@utf8}, {@nonumtail}, {@shortname_win95}, {@numtail}, {@shortname_win95}], [{@fsname}, {@appraise}, {@smackfsfloor}, {@euid_eq}, {@seclabel}, {@smackfshat={'smackfshat', 0x3d, '$$:!-T\x06\xb1\x95\xc7~.-'}}, {@flag='rw'}]}, 0x0, 0x2a4, &(0x7f0000000580)="$eJzs3T1re1UYAPDnpmkSdUgGJxG8oIPTn7arS4qkUMykZFAHLbYFaYLQQsEXDJ1cXRz9BILg5pdw8RsIroKbHQpHbnIvSWuaNtK0vvx+Q3t67vOc85zTQ18oOf3w5dHJYR7HF1/8Eq1WFrVudOMyi07UopJSSjHT/ToAgH+zy5Ti9zS1Sl4WEa31lQUArNHK3/9/WHtJAMCavfPue2/t9vu9t/O8FXujr84HxW/2xfvp893j+DiGcRRb0Y6r6d8Cqp8Wird7KaVxPS904rXR+HxQZI4++Kkcf/e3iEn+drSjM+m6nr/f723nU3P546KO58v5u0X+TrTjxQXz7/d7OwvyY9CI11+dq/9ZtOPnj+KTGMbhpIhZ/pfbef5m+uaPz98vyivys/H5oDmJm0kbj/ypAQAAAAAAAAAAAAAAAAAAAADgP+xZeXdOMyb39xRd5f07G1fFB5uRVzrX7+eZ5mfVQDfuBxqn+DalZj2i39vK8zyVgbP8erxUj/rTrBoAAAAAAAAAAAAAAAAAAAD+Wc4+/ezkYDg8On2QRnUbQPWy/r87Tneu55VYHtyczVUrm0tGjo0qJotYWkaxiAfalrsaz91W83ffrzpg6+6YzWX78zCN6nSdHGSL97AZVU+rOiQ/zsc04p5zNW57lFY6fo2Fj9orr73xwqQxXhIT2bLC3vh1unNlT3ZzFY3Jri5M3ywbc+k3zsZK5/mvXysyt3UAAAAAAAAAAAAAAAAAAMBazV70u+DhxdLUWmqurSwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeFSz//+/QmNcJt8juBGnZ0+8RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP4H/gwAAP//GX9i/A==") syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) 660.071153ms ago: executing program 3 (id=153): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './cgroup\x00'}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) process_mrelease(0xffffffffffffffff, 0x2) bpf$LINK_GET_FD_BY_ID(0x1e, 0x0, 0x0) 252.584146ms ago: executing program 2 (id=154): openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_mount_image$ext4(&(0x7f0000000740)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x1810714, &(0x7f0000000d80)={[{@test_dummy_encryption}, {@init_itable_val}, {@minixdf}, {@jqfmt_vfsv1}, {@prjquota}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x100}}, {@barrier_val={'barrier', 0x3d, 0xb}}, {@errors_remount}, {@auto_da_alloc}, {@test_dummy_encryption}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}], [{@appraise}, {@smackfsfloor={'smackfsfloor', 0x3d, 'Q'}}, {@uid_eq}]}, 0xdf, 0x475, &(0x7f0000000780)="$eJzs289vFFUcAPDvTLeAgGxFREGQKpo0/mhpQeVgYjSaeNDERA94rG0hyEINrYmQRqsxeDQk3o1HE/8CT56MejLxikcTQ0KUmIheXDO7M6VddssubNna/XySoe/NvHk/dubNvn2PCaBvDWf/JBHbI+JSRJTr0ZUJhut/rl1dmPr76sJUEtXqG78ntXR/XV2YquaK87bleY6kEeknSV5IDC7Pdu7c+VOTlcrM2Tw+Nn/63bG5c+efOnl68sTMiZkzE0ePHjk8/uwzE083qfWvFztq5ED+d+8Hs/v2vPLWxdemjl18+4evs/ru3l8/lLWjozzbMJw1/I/6Z9N47LFuF9Zj/1avtzMp9bo2tCvrGqW8c16KcgzE9YtXjpc/7mnlgDWVPbM3tz68WAU2sCR6XQOgN4ov+uz3b7HdoaHHunDlhfoPoKzd1/KtfqQUaZ5mcA3LH46IY4v/fJFt0TAPUW0ybwAAcLu+zcY/TzYb/6Wxe1m6Hfna0FBE3BMROyPi3ojYFRH3RdTS3h8RD3RY/nBD/MbxZ3r5lhrWpmz891y+trVy/FeM/mJoII/dXWv/YHL8ZGXmUP6ZjMTg5iw+3izzIouXfv6sVfnLx3/ZlpVfjAXzTC6X6hN0W4o905Pzk90alF75KGJvqVn7k6WVgCQi9kTE3s6y3lEETj7+1b5WiW7e/lV0YZ2p+mWRycJiNLS/kKy+Pjm2JSozh8aKu+JGP/504fVW5d9W+7sgu/5bV97/DSnKfybL12vnlg48324ZF375tOVvylL79/+S7P7flLxZW7PelO97f3J+/ux4xKbk1Vp8xf6J6+cW8SJ91v6Rg837/878nKz9D0ZEdhPvj4iHIuJAfu0ejohHIuLgKu3//sVH32l1bD1c/+mmz7+l+39o5fXvPDBw6rtvWpXf3vPvSC00ku+pPf9uonV1isdotufY3K1+bgAAAPB/kkbE9kjS0aVwmo6O1v8P/67YmlZm5+afOD773pnp+jsCQzGYFjNd5WXzoePJYp5jPT6RzxUXxw/n88afD9xVi49OzVame9x26HfbWvT/zG8Dva4dsOa8rwX9q7H/pz2qB3Dn+f6H/qX/Q/+6of97IEDfaNbdP2yIWwuAjaha7vgUE4SwYRjuQ//S/6F/6f/Ql27nvf61CpRWeXtfoMeBrRFRC0S6LuqzbgIH1lFvKnWhd/f4wQQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANAl/wUAAP//xgL2dQ==") prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) timer_create(0x0, &(0x7f0000000680)={0x0, 0x21}, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) 228.856257ms ago: executing program 3 (id=155): r0 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f00000000c0)={0x84, @dev={0xac, 0x14, 0x14, 0xb}, 0x15, 0x3, 'lblc\x00', 0x20, 0x400000, 0x4}, 0x2c) r1 = socket$kcm(0xa, 0x2, 0x0) mknod$loop(&(0x7f0000000080)='./file0\x00', 0x100000000000600d, 0x1) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0xffffffff, 0x1, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180), &(0x7f0000000840), 0x5, r2}, 0x38) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socket$nl_route(0x10, 0x3, 0x0) r3 = socket$inet_sctp(0x2, 0x1, 0x84) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB='\v\x00\x00\x00\a\x00\x00\x00\b\x00\x00\x00\b\x00\x00\x00'], 0x48) setsockopt$IP_VS_SO_SET_ADDDEST(r0, 0x0, 0x487, &(0x7f0000000000)={{0x84, @remote, 0x4e21, 0x3, 'wrr\x00', 0x23, 0x81, 0x5}, {@dev={0xac, 0x14, 0x14, 0x3c}, 0x4e23, 0x10000, 0x1cb, 0x12d61, 0x12d58}}, 0x44) setsockopt$IP_VS_SO_SET_ADDDEST(r3, 0x0, 0x487, &(0x7f0000000000)={{0x84, @rand_addr=0x64010100, 0x4e24, 0x3, 'lc\x00', 0x8, 0x323b, 0x55}, {@rand_addr=0x64010100, 0x4e23, 0x2, 0x44, 0x12d5c, 0x12d5c}}, 0x44) sendmsg$sock(r1, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e22, 0x0, @dev}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0) 0s ago: executing program 3 (id=156): r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f00020000000905050200de7e001009058b1e20"], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000000080)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) r2 = dup(r1) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x80080, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000080), 0xf, 0x8041) ioctl$USBDEVFS_DISCONNECT_CLAIM(r4, 0x8108551b, &(0x7f0000000300)={0x0, 0x2, "4cf90fba85c830e42a3ca4b10f01bbcb15f3806c4853e7c44a6974759d9f643905a56baa4195fb396d9bfa306999f1586e5d1ca49add100a36b751a7d9fe0b182ebf2c8a0e66f72c1c08260030752f07cd4089473e52885a3c85bacf3ccfac5bb9435fe036dcfccd7254bbd8bce90e2284d29e1f17d6652270fd0abcb8729f16ff602b438bd122a9e09984e2799d0dbfef7533d1a930ea4f4b57605ace45f5815450693650ae000034aa0c5ca5e793516d156e5a5b34d6c17c40d753426a3d8e15e726d0f2622e873e0cbe63751bb62c68594d4cb0a21b92ad2e80f24a9b290a9eee6779022a0b7f5223e4e8c9f53f501ec8c439724078fdc076a51d50760566"}) r5 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r6, &(0x7f00003e6000/0x18000)=nil, &(0x7f00000004c0)=[@textreal={0x8, 0x0}], 0x1, 0xa3, 0x0, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.254' (ED25519) to the list of known hosts. [ 82.737729][ T5757] cgroup: Unknown subsys name 'net' [ 82.875365][ T5757] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 84.602966][ T5757] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 86.204649][ T5770] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 86.213422][ T5770] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 86.221955][ T5770] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 86.247126][ T5774] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 86.256299][ T5774] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 86.263845][ T5776] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 86.285759][ T5776] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 86.294895][ T5776] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 86.303141][ T5776] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 86.310849][ T5776] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 86.332060][ T51] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 86.339578][ T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 86.360021][ T51] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 86.369622][ T51] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 86.380112][ T51] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 86.389471][ T5780] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 86.391960][ T51] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 86.402458][ T5780] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 86.410213][ T51] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 86.417084][ T5780] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 86.421160][ T51] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 86.431477][ T5780] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 86.434020][ T51] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 86.445792][ T5780] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 86.920795][ T5768] chnl_net:caif_netlink_parms(): no params data found [ 86.999894][ T5777] chnl_net:caif_netlink_parms(): no params data found [ 87.084465][ T5771] chnl_net:caif_netlink_parms(): no params data found [ 87.138852][ T5775] chnl_net:caif_netlink_parms(): no params data found [ 87.242833][ T5768] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.265268][ T5768] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.272770][ T5768] bridge_slave_0: entered allmulticast mode [ 87.296352][ T5768] bridge_slave_0: entered promiscuous mode [ 87.322016][ T5777] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.329352][ T5777] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.341994][ T5777] bridge_slave_0: entered allmulticast mode [ 87.349866][ T5777] bridge_slave_0: entered promiscuous mode [ 87.390862][ T5768] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.402828][ T5768] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.410810][ T5768] bridge_slave_1: entered allmulticast mode [ 87.423198][ T5768] bridge_slave_1: entered promiscuous mode [ 87.431148][ T5777] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.443248][ T5777] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.451437][ T5777] bridge_slave_1: entered allmulticast mode [ 87.465902][ T5777] bridge_slave_1: entered promiscuous mode [ 87.614315][ T5768] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.630990][ T5777] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.675675][ T5768] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.700163][ T5777] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.723594][ T5775] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.736904][ T5775] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.744265][ T5775] bridge_slave_0: entered allmulticast mode [ 87.751729][ T5775] bridge_slave_0: entered promiscuous mode [ 87.797161][ T5768] team0: Port device team_slave_0 added [ 87.827130][ T5775] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.834337][ T5775] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.845249][ T5775] bridge_slave_1: entered allmulticast mode [ 87.852285][ T5775] bridge_slave_1: entered promiscuous mode [ 87.859564][ T5771] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.866861][ T5771] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.874442][ T5771] bridge_slave_0: entered allmulticast mode [ 87.881925][ T5771] bridge_slave_0: entered promiscuous mode [ 87.891577][ T5768] team0: Port device team_slave_1 added [ 87.903444][ T5777] team0: Port device team_slave_0 added [ 87.912098][ T5777] team0: Port device team_slave_1 added [ 87.938999][ T5771] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.946734][ T5771] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.953982][ T5771] bridge_slave_1: entered allmulticast mode [ 87.961387][ T5771] bridge_slave_1: entered promiscuous mode [ 88.004186][ T5775] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 88.058057][ T5775] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.069367][ T5768] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.076577][ T5768] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.102901][ T5768] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.116398][ T5768] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.123411][ T5768] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.149708][ T5768] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.172666][ T5777] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.179968][ T5777] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.206042][ T5777] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.219239][ T5777] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.226653][ T5777] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.252975][ T5777] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.296510][ T5771] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 88.310018][ T5771] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 88.321883][ T5775] team0: Port device team_slave_0 added [ 88.332719][ T5775] team0: Port device team_slave_1 added [ 88.366699][ T5776] Bluetooth: hci1: command tx timeout [ 88.411771][ T5775] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.418905][ T5775] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.445459][ T5776] Bluetooth: hci0: command tx timeout [ 88.450943][ T5775] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.464267][ T5775] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.471383][ T5775] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.497868][ T5775] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.524748][ T5771] team0: Port device team_slave_0 added [ 88.530769][ T5776] Bluetooth: hci3: command tx timeout [ 88.531595][ T5770] Bluetooth: hci2: command tx timeout [ 88.556771][ T5771] team0: Port device team_slave_1 added [ 88.573867][ T5768] hsr_slave_0: entered promiscuous mode [ 88.584558][ T5768] hsr_slave_1: entered promiscuous mode [ 88.668298][ T5777] hsr_slave_0: entered promiscuous mode [ 88.675298][ T5777] hsr_slave_1: entered promiscuous mode [ 88.682691][ T5777] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 88.691250][ T5777] Cannot create hsr debugfs directory [ 88.700473][ T5771] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.707932][ T5771] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.734032][ T5771] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.747201][ T5771] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.754204][ T5771] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.780648][ T5771] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.869514][ T5775] hsr_slave_0: entered promiscuous mode [ 88.876691][ T5775] hsr_slave_1: entered promiscuous mode [ 88.882932][ T5775] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 88.890839][ T5775] Cannot create hsr debugfs directory [ 88.957497][ T5771] hsr_slave_0: entered promiscuous mode [ 88.964314][ T5771] hsr_slave_1: entered promiscuous mode [ 88.971482][ T5771] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 88.979208][ T5771] Cannot create hsr debugfs directory [ 89.410263][ T5768] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 89.423277][ T5768] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 89.440350][ T5768] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 89.451447][ T5768] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 89.540073][ T5771] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 89.553057][ T5771] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 89.568963][ T5771] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 89.586661][ T5771] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 89.677160][ T5777] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 89.689319][ T5777] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 89.700062][ T5777] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 89.713398][ T5777] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 89.808955][ T5775] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 89.820845][ T5775] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 89.843104][ T5775] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 89.858452][ T5775] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 89.921498][ T5768] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.952031][ T5771] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.986823][ T5771] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.008405][ T5768] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.039545][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.047009][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.071333][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.078678][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.111329][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.118560][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.137357][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.144552][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.299383][ T5771] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 90.342445][ T5775] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.383520][ T5777] 8021q: adding VLAN 0 to HW filter on device bond0 [ 90.438817][ T5777] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.451776][ T5775] 8021q: adding VLAN 0 to HW filter on device team0 [ 90.457141][ T5776] Bluetooth: hci1: command tx timeout [ 90.493444][ T140] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.500763][ T140] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.525820][ T5776] Bluetooth: hci0: command tx timeout [ 90.546073][ T140] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.553400][ T140] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.573393][ T140] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.580665][ T140] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.606198][ T5776] Bluetooth: hci2: command tx timeout [ 90.611702][ T5776] Bluetooth: hci3: command tx timeout [ 90.637275][ T140] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.644526][ T140] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.838331][ T5768] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.901996][ T5771] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.041221][ T5768] veth0_vlan: entered promiscuous mode [ 91.092255][ T5771] veth0_vlan: entered promiscuous mode [ 91.103800][ T5768] veth1_vlan: entered promiscuous mode [ 91.153459][ T5771] veth1_vlan: entered promiscuous mode [ 91.237253][ T5768] veth0_macvtap: entered promiscuous mode [ 91.280842][ T5771] veth0_macvtap: entered promiscuous mode [ 91.299220][ T5768] veth1_macvtap: entered promiscuous mode [ 91.323077][ T5768] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.351146][ T5771] veth1_macvtap: entered promiscuous mode [ 91.368177][ T5768] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.389973][ T5777] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.410151][ T5775] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 91.428783][ T5768] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.437836][ T5768] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.449993][ T5768] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.459371][ T5768] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.508647][ T5771] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.532068][ T5771] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.544334][ T5771] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.584375][ T5771] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.599855][ T5771] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.611296][ T5771] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.623101][ T5771] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.632013][ T5771] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.641467][ T5771] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.651573][ T5771] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.709007][ T1104] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.717445][ T1104] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.818978][ T1112] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.827360][ T1112] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.849541][ T5777] veth0_vlan: entered promiscuous mode [ 91.916442][ T1104] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.924340][ T1104] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.937334][ T5775] veth0_vlan: entered promiscuous mode [ 91.974170][ T5777] veth1_vlan: entered promiscuous mode [ 91.992513][ T5775] veth1_vlan: entered promiscuous mode [ 92.057313][ T1104] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.066899][ T1104] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.162601][ T5777] veth0_macvtap: entered promiscuous mode [ 92.201578][ T5777] veth1_macvtap: entered promiscuous mode [ 92.246664][ T5777] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 92.269802][ T5777] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.281172][ T5777] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 92.305462][ T788] cfg80211: failed to load regulatory.db [ 92.312409][ T5777] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.328700][ T5777] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 92.362120][ T5775] veth0_macvtap: entered promiscuous mode [ 92.406393][ T5777] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 92.425127][ T5777] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.450539][ T5777] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 92.460745][ T5863] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 92.475518][ T5777] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.493187][ T5777] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 92.521104][ T5775] veth1_macvtap: entered promiscuous mode [ 92.528941][ T5776] Bluetooth: hci1: command tx timeout [ 92.570757][ T5777] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.583029][ T5777] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.605435][ T5776] Bluetooth: hci0: command tx timeout [ 92.612367][ T5777] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.622283][ T5777] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 92.671584][ T5775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 92.685389][ T5776] Bluetooth: hci2: command tx timeout [ 92.695413][ T5776] Bluetooth: hci3: command tx timeout [ 92.715230][ T5775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.726260][ T5775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 92.737070][ T5775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.747019][ T5775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 92.757944][ T5775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.770342][ T5775] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 92.794495][ T5775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 92.833276][ T5775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.864040][ T5775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 92.884584][ T5775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.906121][ T5775] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 92.920215][ T5775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 92.943853][ T5775] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 92.969995][ T5869] netlink: 28 bytes leftover after parsing attributes in process `syz.1.7'. [ 92.985974][ T5869] netlink: 28 bytes leftover after parsing attributes in process `syz.1.7'. [ 93.008550][ T5869] bridge0: entered promiscuous mode [ 93.018878][ T5869] ip6gretap0: entered promiscuous mode [ 93.052273][ T5775] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.081374][ T5775] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.093017][ T5775] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.105734][ T5775] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.765891][ T140] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.805112][ T140] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.009390][ T1078] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.035903][ T1078] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.106608][ T1078] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.114521][ T1078] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.118883][ T5876] block device autoloading is deprecated and will be removed. [ 94.241322][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.259628][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.495356][ T5882] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 94.515660][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 95.065735][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 95.067734][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 95.074927][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 95.405776][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 95.414769][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 95.477763][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 96.505155][ T5776] Bluetooth: hci1: command tx timeout [ 96.510654][ T5776] Bluetooth: hci0: command tx timeout [ 96.516878][ T5770] Bluetooth: hci3: command tx timeout [ 96.522382][ T5770] Bluetooth: hci2: command tx timeout [ 96.544399][ T28] audit: type=1326 audit(1769929758.283:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5883 comm="syz.3.11" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f91a359aeb9 code=0x0 [ 96.701258][ T5890] syz.0.1[5890]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 96.772334][ T5890] loop0: detected capacity change from 0 to 256 [ 96.823548][ T5890] ======================================================= [ 96.823548][ T5890] WARNING: The mand mount option has been deprecated and [ 96.823548][ T5890] and is ignored by this kernel. Remove the mand [ 96.823548][ T5890] option from the mount to silence this warning. [ 96.823548][ T5890] ======================================================= [ 96.992731][ T5890] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000e8a4, chksum : 0x7bc75166, utbl_chksum : 0xe619d30d) [ 97.875284][ T5890] exFAT-fs (loop0): error, found bogus dentry(11) beyond unused empty group(10) (start_clu : 5, cur_clu : 5) [ 97.915447][ T5890] exFAT-fs (loop0): Filesystem has been set read-only [ 99.879454][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 100.185859][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 100.595492][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 106.072630][ T5962] loop3: detected capacity change from 0 to 512 [ 106.105384][ T5962] FAT-fs (loop3): Directory bread(block 199916) failed [ 106.118662][ T5962] FAT-fs (loop3): Directory bread(block 199917) failed [ 106.136080][ T5962] FAT-fs (loop3): Directory bread(block 199918) failed [ 106.144676][ T5962] FAT-fs (loop3): Directory bread(block 199919) failed [ 106.152523][ T5962] FAT-fs (loop3): Directory bread(block 199920) failed [ 106.179138][ T5962] FAT-fs (loop3): Directory bread(block 199921) failed [ 106.196085][ T5962] FAT-fs (loop3): Directory bread(block 199922) failed [ 106.225288][ T5962] FAT-fs (loop3): Directory bread(block 199923) failed [ 106.397047][ T5965] FAT-fs (loop3): Directory bread(block 199916) failed [ 106.404907][ T5965] FAT-fs (loop3): Directory bread(block 199917) failed [ 106.830608][ T5972] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 107.080786][ T5856] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 107.279941][ T5856] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 107.305132][ T5856] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 107.324938][ T5856] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 107.362807][ T5856] usb 2-1: config 0 descriptor?? [ 107.386602][ T5856] pwc: Askey VC010 type 2 USB webcam detected. [ 107.426778][ T5992] syzkaller0: entered promiscuous mode [ 107.432437][ T5992] syzkaller0: entered allmulticast mode [ 107.482882][ T5995] binder: 5994:5995 unknown command 0 [ 107.491311][ T5992] tipc: Started in network mode [ 107.496798][ T5992] tipc: Node identity 325b2b3fbded, cluster identity 4711 [ 107.504622][ T5992] tipc: Enabled bearer , priority 0 [ 107.509127][ T5995] binder: 5994:5995 ioctl c0306201 200000000080 returned -22 [ 107.523865][ T5991] tipc: Resetting bearer [ 107.615863][ T5991] tipc: Disabling bearer [ 107.703898][ T5997] netlink: 4 bytes leftover after parsing attributes in process `syz.3.45'. [ 107.772117][ T5998] netlink: 4 bytes leftover after parsing attributes in process `syz.3.45'. [ 107.803240][ T5856] pwc: recv_control_msg error -32 req 02 val 2b00 [ 107.816143][ T5856] pwc: recv_control_msg error -32 req 02 val 2700 [ 107.824149][ T5856] pwc: recv_control_msg error -32 req 02 val 2c00 [ 107.834983][ T5856] pwc: recv_control_msg error -32 req 04 val 1000 [ 107.842607][ T5856] pwc: recv_control_msg error -32 req 04 val 1300 [ 107.853512][ T5856] pwc: recv_control_msg error -32 req 04 val 1400 [ 107.861176][ T5856] pwc: recv_control_msg error -32 req 02 val 2000 [ 107.877707][ T5856] pwc: recv_control_msg error -32 req 02 val 2100 [ 108.090819][ T5856] pwc: recv_control_msg error -71 req 02 val 2500 [ 108.104235][ T5856] pwc: recv_control_msg error -71 req 02 val 2400 [ 108.111999][ T5856] pwc: recv_control_msg error -71 req 02 val 2600 [ 108.119211][ T5856] pwc: recv_control_msg error -71 req 02 val 2900 [ 108.126403][ T5856] pwc: recv_control_msg error -71 req 02 val 2800 [ 108.133493][ T5856] pwc: recv_control_msg error -71 req 04 val 1100 [ 108.141297][ T5856] pwc: recv_control_msg error -71 req 04 val 1200 [ 108.153783][ T5856] pwc: Registered as video103. [ 108.166419][ T5856] input: PWC snapshot button as /devices/platform/dummy_hcd.1/usb2/2-1/input/input5 [ 108.218968][ T5856] usb 2-1: USB disconnect, device number 2 [ 108.466485][ T6004] loop0: detected capacity change from 0 to 4096 [ 108.529671][ T6005] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 111.432415][ T6027] loop2: detected capacity change from 0 to 1024 [ 111.461956][ T6027] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 111.475912][ T6027] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 111.501329][ T6027] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c800e02c, mo2=0000] [ 111.607275][ T6027] EXT4-fs error (device loop2): ext4_free_blocks:6692: comm syz.2.55: Freeing blocks not in datazone - block = 0, count = 4096 [ 111.645763][ T6027] EXT4-fs (loop2): Remounting filesystem read-only [ 111.661182][ T6027] EXT4-fs (loop2): 1 orphan inode deleted [ 111.680574][ T6027] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 111.693869][ T59] EXT4-fs (loop2): Quota write (off=3072, len=1024) cancelled because transaction is not started [ 111.714261][ T6031] loop1: detected capacity change from 0 to 256 [ 111.720831][ T59] Quota error (device loop2): write_blk: dquota write failed [ 111.755293][ T59] Quota error (device loop2): free_dqentry: Can't move quota data block (2) to free list [ 111.790332][ T6031] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 111.906446][ T6031] syz.1.56: attempt to access beyond end of device [ 111.906446][ T6031] loop1: rw=524288, sector=280, nr_sectors = 128 limit=256 [ 111.940385][ T6031] syz.1.56: attempt to access beyond end of device [ 111.940385][ T6031] loop1: rw=524288, sector=408, nr_sectors = 256 limit=256 [ 111.992690][ T6031] syz.1.56: attempt to access beyond end of device [ 111.992690][ T6031] loop1: rw=0, sector=280, nr_sectors = 8 limit=256 [ 112.033083][ T28] audit: type=1800 audit(1769929775.263:3): pid=6031 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.56" name="file1" dev="loop1" ino=1048592 res=0 errno=0 [ 112.235724][ T5777] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 112.537466][ T6043] input: syz1 as /devices/virtual/input/input6 [ 112.802017][ T6046] netlink: 12 bytes leftover after parsing attributes in process `syz.1.59'. [ 113.458177][ T6048] loop0: detected capacity change from 0 to 256 [ 117.288375][ T6070] loop1: detected capacity change from 0 to 2048 [ 117.348043][ T6070] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 120.651676][ T6094] loop0: detected capacity change from 0 to 128 [ 121.126711][ T6094] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 121.204816][ T6094] ext4 filesystem being mounted at /16/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 121.334398][ T6107] loop2: detected capacity change from 0 to 1024 [ 121.511537][ T6107] netlink: 8 bytes leftover after parsing attributes in process `syz.2.78'. [ 121.554585][ T6094] fscrypt: Error allocating hmac(sha512): -2 [ 121.640786][ T6112] netlink: 12 bytes leftover after parsing attributes in process `syz.1.79'. [ 121.746788][ T5775] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 122.736553][ T6130] loop3: detected capacity change from 0 to 512 [ 123.545607][ T6130] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 123.565525][ T6130] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 124.254013][ T6130] EXT4-fs warning (device loop3): ext4_expand_extra_isize_ea:2853: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 124.272279][ T6130] EXT4-fs (loop3): 1 truncate cleaned up [ 124.305966][ T6130] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 124.364902][ T28] audit: type=1800 audit(1769929787.593:4): pid=6130 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.72" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 126.505280][ T787] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 126.535682][ T6149] binder: 6148:6149 ioctl c0306201 200000000280 returned -14 [ 126.576978][ T5768] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 126.701879][ T787] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 126.725218][ T787] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 126.734400][ T787] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 126.778201][ T787] usb 2-1: config 0 descriptor?? [ 126.811939][ T787] pwc: Askey VC010 type 2 USB webcam detected. [ 126.829982][ T6152] loop2: detected capacity change from 0 to 2048 [ 126.921215][ T6152] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 127.153641][ T6157] EXT4-fs error (device loop2): ext4_validate_block_bitmap:439: comm syz.2.91: bg 0: block 234: padding at end of block bitmap is not set [ 127.210878][ T6157] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 416 with error 28 [ 127.226596][ T787] pwc: recv_control_msg error -32 req 02 val 2b00 [ 127.245367][ T787] pwc: recv_control_msg error -32 req 02 val 2700 [ 127.246356][ T6157] EXT4-fs (loop2): This should not happen!! Data will be lost [ 127.246356][ T6157] [ 127.264565][ T787] pwc: recv_control_msg error -32 req 02 val 2c00 [ 127.282725][ T787] pwc: recv_control_msg error -32 req 04 val 1000 [ 127.293517][ T787] pwc: recv_control_msg error -32 req 04 val 1300 [ 127.305598][ T787] pwc: recv_control_msg error -32 req 04 val 1400 [ 127.324063][ T787] pwc: recv_control_msg error -32 req 02 val 2000 [ 127.348362][ T6157] EXT4-fs (loop2): Total free blocks count 0 [ 127.354461][ T6157] EXT4-fs (loop2): Free/Dirty block details [ 127.365759][ T787] pwc: recv_control_msg error -32 req 02 val 2100 [ 127.386014][ T787] pwc: recv_control_msg error -32 req 04 val 1500 [ 127.393826][ T787] pwc: recv_control_msg error -32 req 02 val 2500 [ 127.405459][ T6157] EXT4-fs (loop2): free_blocks=0 [ 127.410621][ T6157] EXT4-fs (loop2): dirty_blocks=416 [ 127.416833][ T787] pwc: recv_control_msg error -32 req 02 val 2400 [ 127.425342][ T6157] EXT4-fs (loop2): Block reservation details [ 127.456312][ T6157] EXT4-fs (loop2): i_reserved_data_blocks=26 [ 127.640611][ T787] pwc: recv_control_msg error -71 req 02 val 2900 [ 127.656173][ T787] pwc: recv_control_msg error -71 req 02 val 2800 [ 127.683728][ T787] pwc: recv_control_msg error -71 req 04 val 1100 [ 127.708139][ T5777] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 127.718991][ T787] pwc: recv_control_msg error -71 req 04 val 1200 [ 127.766555][ T787] pwc: Registered as video103. [ 127.783749][ T787] input: PWC snapshot button as /devices/platform/dummy_hcd.1/usb2/2-1/input/input7 [ 127.870647][ T787] usb 2-1: USB disconnect, device number 3 [ 128.497736][ T6182] syzkaller0: entered promiscuous mode [ 128.503280][ T6182] syzkaller0: entered allmulticast mode [ 128.690613][ T6181] netlink: 40 bytes leftover after parsing attributes in process `syz.2.99'. [ 128.735154][ T5857] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 128.977175][ T5857] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 129.147305][ T5857] usb 4-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 129.343658][ T5857] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 129.617701][ T5857] usb 4-1: config 0 descriptor?? [ 129.636461][ T5857] pwc: Askey VC010 type 2 USB webcam detected. [ 129.956604][ T6203] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(8) [ 129.963637][ T6203] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 129.988637][ T6203] vhci_hcd vhci_hcd.0: Device attached [ 130.044210][ T5857] pwc: recv_control_msg error -32 req 02 val 2b00 [ 130.303046][ T5856] usb 35-1: new high-speed USB device number 2 using vhci_hcd [ 130.980818][ T6204] vhci_hcd: connection reset by peer [ 131.011095][ T140] vhci_hcd: stop threads [ 131.059116][ T140] vhci_hcd: release socket [ 131.089823][ T140] vhci_hcd: disconnect device [ 131.399410][ T6188] netlink: 'syz.0.101': attribute type 11 has an invalid length. [ 131.407632][ T6188] netlink: 36 bytes leftover after parsing attributes in process `syz.0.101'. [ 131.455739][ T5857] pwc: recv_control_msg error -32 req 02 val 2700 [ 131.603088][ T5857] pwc: recv_control_msg error -71 req 02 val 2c00 [ 131.611260][ T5857] pwc: recv_control_msg error -71 req 04 val 1000 [ 131.619887][ T5857] pwc: recv_control_msg error -71 req 04 val 1300 [ 131.628048][ T5857] pwc: recv_control_msg error -71 req 04 val 1400 [ 131.635157][ T5857] pwc: recv_control_msg error -71 req 02 val 2000 [ 131.652092][ T5857] pwc: recv_control_msg error -71 req 02 val 2100 [ 131.868495][ T5857] pwc: recv_control_msg error -71 req 04 val 1500 [ 131.876212][ T5857] pwc: recv_control_msg error -71 req 02 val 2500 [ 131.885141][ T5857] pwc: recv_control_msg error -71 req 02 val 2400 [ 131.894975][ T5857] pwc: recv_control_msg error -71 req 02 val 2600 [ 131.903099][ T5857] pwc: recv_control_msg error -71 req 02 val 2900 [ 131.910241][ T5857] pwc: recv_control_msg error -71 req 02 val 2800 [ 131.921551][ T5857] pwc: recv_control_msg error -71 req 04 val 1100 [ 131.931678][ T5857] pwc: recv_control_msg error -71 req 04 val 1200 [ 131.942117][ T5857] pwc: Registered as video103. [ 131.951368][ T5857] input: PWC snapshot button as /devices/platform/dummy_hcd.3/usb4/4-1/input/input8 [ 132.277551][ T6181] syz.2.99 (6181) used greatest stack depth: 19720 bytes left [ 132.720004][ T5857] usb 4-1: USB disconnect, device number 2 [ 133.008626][ T6224] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 133.268480][ T1283] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.278348][ T1283] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.676483][ T6229] syzkaller0: entered promiscuous mode [ 133.682052][ T6229] syzkaller0: entered allmulticast mode [ 133.821401][ T6228] loop2: detected capacity change from 0 to 8192 [ 134.346993][ T6249] loop3: detected capacity change from 0 to 128 [ 134.372178][ T6246] Zero length message leads to an empty skb [ 134.409636][ T6246] loop2: detected capacity change from 0 to 2048 [ 134.431837][ T6238] kvm_intel: kvm [6237]: vcpu0, guest rIP: 0x0 Unhandled WRMSR(0x1d9) = 0x10000a [ 134.443185][ T6249] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 134.455705][ T6246] UDF-fs: warning (device loop2): udf_fill_super: No partition found (2) [ 134.467340][ T6249] ext4 filesystem being mounted at /24/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 134.635732][ T6253] EXT4-fs (loop3): shut down requested (2) [ 134.653014][ T6253] fscrypt (loop3, inode 12): Error -5 getting encryption context [ 134.878540][ T5768] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 135.006923][ T6264] loop3: detected capacity change from 0 to 1024 [ 135.014545][ T6264] EXT4-fs: Ignoring removed nomblk_io_submit option [ 135.035890][ T6264] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 135.070138][ T6264] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003] [ 135.087224][ T6264] System zones: 0-1, 3-36 [ 135.137563][ T6264] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 135.485336][ T5856] vhci_hcd: vhci_device speed not set [ 136.388311][ T5768] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 140.325562][ T23] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 140.586059][ T23] usb 2-1: unable to get BOS descriptor or descriptor too short [ 140.593911][ T23] usb 2-1: no configurations [ 140.635716][ T23] usb 2-1: can't read configurations, error -22 [ 140.990005][ T6310] netlink: 'syz.3.134': attribute type 10 has an invalid length. [ 141.030055][ T6310] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 141.128747][ T6310] 8021q: adding VLAN 0 to HW filter on device bond1 [ 141.190063][ T6310] bond_slave_0: entered promiscuous mode [ 141.196279][ T6310] bond_slave_1: entered promiscuous mode [ 141.202128][ T6310] syz_tun: entered promiscuous mode [ 141.209316][ T6310] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 141.217108][ T6310] bond1: (slave macvlan2): unknown ethtool speed (30000) for port 1 (set it to 0) [ 141.227982][ T6310] bond1: (slave macvlan2): speed changed to 0 on port 1 [ 141.239761][ T6310] bond1: (slave macvlan2): Enslaving as a backup interface with an up link [ 141.487735][ T6321] netlink: 32 bytes leftover after parsing attributes in process `syz.1.135'. [ 141.556886][ T6321] netlink: 32 bytes leftover after parsing attributes in process `syz.1.135'. [ 141.834186][ T6326] netlink: 16 bytes leftover after parsing attributes in process `syz.1.138'. [ 145.675130][ T23] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 145.828362][ T6348] ntfs3: nullb0: Primary boot signature is not NTFS. [ 145.838774][ T6348] ntfs3: nullb0: try to read out of volume at offset 0x3e7ffffe00 [ 145.915396][ T23] usb 3-1: Using ep0 maxpacket: 32 [ 145.932714][ T23] usb 3-1: config 0 has an invalid interface number: 188 but max is 0 [ 145.941753][ T23] usb 3-1: config 0 has no interface number 0 [ 145.950667][ T23] usb 3-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [ 145.982575][ T23] usb 3-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36 [ 146.056734][ T23] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 146.190296][ T23] usb 3-1: Product: syz [ 146.254233][ T23] usb 3-1: Manufacturer: syz [ 146.325204][ T23] usb 3-1: SerialNumber: syz [ 146.340519][ T23] usb 3-1: config 0 descriptor?? [ 146.347295][ T6342] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 146.590338][ T6342] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 146.668801][ T6350] netlink: 'syz.0.146': attribute type 1 has an invalid length. [ 150.719803][ T23] asix 3-1:0.188 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 150.748919][ T23] asix 3-1:0.188 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9 [ 150.775722][ T23] asix: probe of 3-1:0.188 failed with error -71 [ 151.098043][ T28] audit: type=1326 audit(1769929814.323:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6363 comm="syz.0.149" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fc1a259aeb9 code=0x0 [ 152.115404][ T23] usb 3-1: USB disconnect, device number 2 [ 152.885176][ T6193] IPVS: starting estimator thread 0... [ 152.981475][ T6378] loop2: detected capacity change from 0 to 512 [ 152.988402][ T6376] IPVS: using max 16 ests per chain, 38400 per kthread [ 153.071278][ T6378] EXT4-fs (loop2): Test dummy encryption mode enabled [ 153.127691][ T6378] EXT4-fs (loop2): mounted filesystem 00000005-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 153.375169][ T6193] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 153.560912][ T6193] usb 4-1: Using ep0 maxpacket: 8 [ 153.591173][ T6193] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 153.629583][ T6193] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 258.285022][ C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 258.292266][ C1] rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P5856/1:b..l [ 258.300820][ C1] rcu: (detected by 1, t=10502 jiffies, g=15281, q=626 ncpus=2) [ 258.308617][ C1] task:kworker/0:7 state:R running task stack:22640 pid:5856 ppid:2 flags:0x00004000 [ 258.320585][ C1] Workqueue: events_power_efficient gc_worker [ 258.326754][ C1] Call Trace: [ 258.330101][ C1] [ 258.333180][ C1] __schedule+0x1553/0x45a0 [ 258.337766][ C1] ? asan.module_dtor+0x20/0x20 [ 258.342667][ C1] ? mark_lock+0x94/0x320 [ 258.347052][ C1] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 258.353115][ C1] ? preempt_schedule_irq+0xb4/0x150 [ 258.358490][ C1] preempt_schedule_irq+0xbf/0x150 [ 258.364014][ C1] ? preempt_schedule_notrace+0x110/0x110 [ 258.369816][ C1] ? rcu_irq_exit_check_preempt+0xdf/0x210 [ 258.375700][ C1] irqentry_exit+0x67/0x70 [ 258.380180][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 258.386228][ C1] RIP: 0010:seqcount_lockdep_reader_access+0x19a/0x1d0 [ 258.393148][ C1] Code: f8 4d 85 e4 75 16 e8 f5 86 cb f8 eb 15 e8 ee 86 cb f8 e8 09 ae c8 01 4d 85 e4 74 ea e8 df 86 cb f8 fb 48 c7 04 24 0e 36 e0 45 <4b> c7 04 3e 00 00 00 00 43 c7 44 3e 08 00 00 00 00 65 48 8b 04 25 [ 258.413005][ C1] RSP: 0018:ffffc90004aff9a0 EFLAGS: 00000293 [ 258.419138][ C1] RAX: ffffffff88bb8dd1 RBX: 0000000000000000 RCX: ffff888030a4da00 [ 258.427189][ C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 258.435473][ C1] RBP: ffffc90004affa50 R08: ffffffff911bf597 R09: 1ffffffff2237eb2 [ 258.443502][ C1] R10: dffffc0000000000 R11: fffffbfff2237eb3 R12: 0000000000000200 [ 258.451531][ C1] R13: dffffc0000000000 R14: 1ffff9200095ff34 R15: dffffc0000000000 [ 258.459563][ C1] ? seqcount_lockdep_reader_access+0x191/0x1d0 [ 258.465888][ C1] ? nf_conntrack_hash_check_insert+0x9c0/0x9c0 [ 258.472203][ C1] ? nf_ct_gc_expired+0x259/0x3b0 [ 258.477282][ C1] ? nf_conntrack_tuple_taken+0xd70/0xd70 [ 258.483064][ C1] gc_worker+0x317/0x1490 [ 258.487460][ C1] ? gc_worker+0x269/0x1490 [ 258.492039][ C1] ? init_conntrack+0xf10/0xf10 [ 258.496946][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 258.502204][ C1] ? process_scheduled_works+0x96f/0x15d0 [ 258.508184][ C1] ? process_scheduled_works+0x96f/0x15d0 [ 258.513967][ C1] process_scheduled_works+0xa5d/0x15d0 [ 258.519603][ C1] ? assign_work+0x430/0x430 [ 258.524340][ C1] ? assign_work+0x3d0/0x430 [ 258.528997][ C1] worker_thread+0xa55/0xfc0 [ 258.533664][ C1] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 258.539629][ C1] ? _raw_spin_unlock+0x40/0x40 [ 258.544538][ C1] ? _raw_spin_unlock_irqrestore+0x86/0x120 [ 258.550516][ C1] kthread+0x2fa/0x390 [ 258.554644][ C1] ? pr_cont_work+0x560/0x560 [ 258.559387][ C1] ? kthread_blkcg+0xd0/0xd0 [ 258.564034][ C1] ret_from_fork+0x48/0x80 [ 258.568554][ C1] ? kthread_blkcg+0xd0/0xd0 [ 258.573221][ C1] ret_from_fork_asm+0x11/0x20 [ 258.578105][ C1] [ 258.581186][ C1] rcu: rcu_preempt kthread starved for 10491 jiffies! g15281 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1 [ 258.592439][ C1] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 258.602456][ C1] rcu: RCU grace-period kthread stack dump: [ 258.608392][ C1] task:rcu_preempt state:R running task stack:27656 pid:17 ppid:2 flags:0x00004000 [ 258.619234][ C1] Call Trace: [ 258.622552][ C1] [ 258.625530][ C1] __schedule+0x1553/0x45a0 [ 258.630132][ C1] ? _raw_spin_lock_bh+0x30/0x50 [ 258.635118][ C1] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 258.641065][ C1] ? asan.module_dtor+0x20/0x20 [ 258.645980][ C1] ? enqueue_timer+0x23d/0x550 [ 258.651156][ C1] ? __mod_timer+0x984/0xdb0 [ 258.655812][ C1] schedule+0xbd/0x170 [ 258.659936][ C1] schedule_timeout+0x188/0x2d0 [ 258.664842][ C1] ? console_conditional_schedule+0x40/0x40 [ 258.670783][ C1] ? _raw_spin_unlock_irqrestore+0x86/0x120 [ 258.676744][ C1] ? update_process_times+0x1b0/0x1b0 [ 258.682189][ C1] ? prepare_to_swait_event+0x339/0x360 [ 258.687884][ C1] rcu_gp_fqs_loop+0x313/0x1590 [ 258.692805][ C1] ? rcu_gp_init+0x1162/0x1560 [ 258.697652][ C1] ? rcu_gp_kthread+0x3b0/0x3b0 [ 258.702567][ C1] ? dyntick_save_progress_counter+0x2b0/0x2b0 [ 258.708774][ C1] ? rcu_gp_init+0x1560/0x1560 [ 258.713581][ C1] ? rcu_gp_cleanup+0xb41/0xc90 [ 258.718496][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 258.723868][ C1] ? lockdep_hardirqs_on+0x98/0x150 [ 258.729145][ C1] rcu_gp_kthread+0x9d/0x3b0 [ 258.733802][ C1] ? rcu_report_qs_rsp+0x1a0/0x1a0 [ 258.738969][ C1] ? __kthread_parkme+0x7a/0x1c0 [ 258.743955][ C1] ? __kthread_parkme+0x162/0x1c0 [ 258.749043][ C1] kthread+0x2fa/0x390 [ 258.753169][ C1] ? rcu_report_qs_rsp+0x1a0/0x1a0 [ 258.758347][ C1] ? kthread_blkcg+0xd0/0xd0 [ 258.763009][ C1] ret_from_fork+0x48/0x80 [ 258.767480][ C1] ? kthread_blkcg+0xd0/0xd0 [ 258.772128][ C1] ret_from_fork_asm+0x11/0x20 [ 258.776981][ C1] [ 258.780052][ C1] rcu: Stack dump where RCU GP kthread last ran: [ 258.786448][ C1] CPU: 1 PID: 0 Comm: swapper/1 Not tainted syzkaller #0 [ 258.793703][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 258.803816][ C1] RIP: 0010:pv_native_safe_halt+0xf/0x10 [ 258.809519][ C1] Code: f8 22 02 c3 cc cc cc cc cc cc cc f3 0f 1e fa 0f 0b 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 66 90 0f 00 2d 33 02 44 00 fb f4 66 0f 1f 00 55 41 57 41 56 41 54 53 50 8b 2f eb 2e 41 89 de 80 [ 258.829293][ C1] RSP: 0018:ffffc90000187de0 EFLAGS: 000002c2 [ 258.835414][ C1] RAX: af617d71648d9e00 RBX: ffffffff8162a490 RCX: af617d71648d9e00 [ 258.843434][ C1] RDX: 0000000000000001 RSI: ffffffff8acac900 RDI: ffffffff8b1c81e0 [ 258.851733][ C1] RBP: ffffc90000187f20 R08: ffff8880b8f36b2b R09: 1ffff110171e6d65 [ 258.859842][ C1] R10: dffffc0000000000 R11: ffffed10171e6d66 R12: 1ffff110036ce780 [ 258.868050][ C1] R13: 1ffff92000030fc8 R14: 0000000000000001 R15: dffffc0000000000 [ 258.876079][ C1] FS: 0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 [ 258.885239][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 258.891958][ C1] CR2: 000000110c24c3c3 CR3: 000000005caaa000 CR4: 00000000003506e0 [ 258.899985][ C1] Call Trace: [ 258.903345][ C1] [ 258.906404][ C1] default_idle+0x13/0x20 [ 258.910793][ C1] default_idle_call+0x6c/0xa0 [ 258.915876][ C1] do_idle+0x1f0/0x4e0 [ 258.920005][ C1] ? idle_inject_timer_fn+0x60/0x60 [ 258.925258][ C1] ? asm_sysvec_call_function_single+0x1a/0x20 [ 258.931482][ C1] cpu_startup_entry+0x43/0x60 [ 258.936300][ C1] start_secondary+0xee/0xf0 [ 258.940939][ C1] secondary_startup_64_no_verify+0x179/0x17b [ 258.947088][ C1]