last executing test programs: 14.018688856s ago: executing program 4: ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x32, 0x4, 0x0, 0x0, 0xc8, 0x66, 0x0, 0x0, 0x0, 0x0, @broadcast, @remote, {[@timestamp={0x44, 0x18, 0x0, 0x0, 0x9, [0x401, 0x0, 0x0, 0x5, 0x0]}, @timestamp_prespec={0x44, 0x44, 0x0, 0x3, 0x0, [{@private=0xa010101}, {@multicast2, 0x5}, {@remote, 0x8}, {@dev={0xac, 0x14, 0x14, 0x32}, 0x659}, {@broadcast, 0x8000}, {@empty}, {@multicast1, 0xffd200}, {@private=0xa010100, 0x7}]}, @timestamp_prespec={0x44, 0x2c, 0x0, 0x3, 0x0, [{@broadcast}, {@remote}, {@private=0xa010101}, {@rand_addr=0x64010101}, {@broadcast, 0x52b1}]}, @noop, @noop, @noop, @lsrr={0x83, 0xf, 0x0, [@private=0xa010102, @rand_addr=0x64010102, @multicast1]}, @rr={0x7, 0x17, 0x0, [@dev, @remote, @multicast1, @private=0xa010102, @remote]}]}}}}}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000240), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r2, 0x0) r3 = dup(r1) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000}) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_RUN(r4, 0xae80, 0x0) syz_mount_image$ext4(&(0x7f0000000bc0)='ext3\x00', &(0x7f0000000240)='./file1\x00', 0x4000, &(0x7f0000000040), 0x2, 0xbb8, &(0x7f00000017c0)="$eJzs3M1rXFUbAPDn3kymaZv3nfTlRawbIyItiNOkkmKLYCsVNy4E3QoN6aSETD9IIjVpFhP9B0RdC24EtSgu7LobRbdutN0qLoQisVEQ0cidjyQ2mTS1M70x/f3gzD3nnpl5nmcuM/cemJkA7luD2U0asT8iTiURpeb+NCKK9V5fRK1xv6XF+bFfF+fHklhefumnJJKIuLk4P9Z6rqS53dsc9EXE188m8b831sednp2bHK1WK1PN8aGZsxcOTc/OPTFxdvRM5Uzl3PCRp0YOjxwZOjrSsVp/++74lV8eef6H2u8f/nH557ffT+J49Dfn1tbRKYMxuPKarFWIiNFOB8tJT7OetXUmhds8KO1yUgAAtJWuuYZ7IErRE6sXb6X4/JtckwMAAAA6YrknYhkAAADY4RLrfwAAANjhWt8DuLk4P9Zq+X4j4d66cSIiBhr1LzVbY6YQtfq2L3ojYs/NJNb+rDVpPOyuDUbE99ePfpK16NLvkDdTW4iIBzc6/km9/oH6r7jX159GxFAH4g/eMv431X+8A/Hzrh+A+9PVE40T2frzX7py/RMbnP8KG5y7/om8z3+t67+lddd/q/X3tLn+e3GLMS598O7FdnNZ/U9fee7jVsviZ9u7KuoO3FiIeKiwUf3JSv1Jm/pPbTFG6c+LlXZzede//F7Egdi4/pZk8/8nOjQ+Ua0MNW43jLHw1chH7eLnXX92/Pe0qb/1/0/tjv+FLcZ45eTJT9ftvL7a3bz+9Mdi8nK9V2zueW10ZmZqOKKYvLB+/+HNc2ndp/UcWf0HH938/b9R/dlnQq35OmRrgYXmNhu/fkvMZy5f+qxdPq31X57H/3Sb47+2/i8L64//m1uM8dgXbx1sN7d2/Zu1LH5rLQwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALWlE9EeSllf6aVouR+yNiP/HnrR6fnrm8fHzr547nc1FDERvOj5RrQxFRKkxTrLxcL2/Oj58y/jJiNgXEe+UdtfH5bHz1dN5Fw8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCKvRHRH0lajog0IpZKaVou550VAAAA0HEDeScAAAAAdJ31PwAAAOx81v8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB02b6Hr15LIqJ2bHe9ZYrNud5cMwO6Lc07ASA3PXknAOSmkHcCQG7ucI3vcgF2oOQ2831tZ3Z1PBcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtq8D+69eSyKidmx3vWWKzbneXDMDui3NOwEgNz2bTRbuXR7AvectDvcva3wguc183+p9an+f2dW1nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADYfvrrLUnLEVFs7iuXI/4TEQPRm4xPVCtDEfHfiPi21LsrGw/nnDMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACdNz07NzlarVamsk4azc7KHp3VTtJ4xWrbJR+du+wUY1uksU07eX8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACQh+nZucnRarUyNZ13JgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDepmfnJker1cpUFzt51wgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQH7+CgAA//9gfgp0") 14.017983856s ago: executing program 2: bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x0, 0x4, 0x0, &(0x7f0000000140)='GPL\x00', 0x0, 0x99, &(0x7f0000000180)=""/153}, 0x90) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) syz_open_dev$loop(&(0x7f00000003c0), 0x9, 0x82e81) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = dup(r3) socket$nl_xfrm(0x10, 0x3, 0x6) clock_gettime(0x0, &(0x7f0000000280)={0x0, 0x0}) utimes(&(0x7f0000000240)='./file0\x00', &(0x7f0000000300)={{r5, r6/1000+60000}, {0x77359400}}) socket$inet6(0xa, 0x2, 0x0) sendmsg$inet(r4, &(0x7f0000000780)={&(0x7f0000000100)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f0000000140)="be38", 0xffdf}], 0x1, &(0x7f0000000c80)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @private}}}, @ip_retopts={{0x1c, 0x0, 0x7, {[@timestamp={0x44, 0x4, 0x73}, @noop]}}}], 0x40}, 0x0) read$char_usb(r4, &(0x7f0000000080)=""/139, 0xfdef) 12.064081112s ago: executing program 4: r0 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r0) r1 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f00000001c0)=0x20000, 0x4) setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x200000, 0x1000}, 0x20) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'team_slave_0\x00', 0x0}) setsockopt$XDP_UMEM_COMPLETION_RING(r1, 0x11b, 0x6, &(0x7f0000000180)=0x20, 0x4) setsockopt$XDP_UMEM_FILL_RING(r1, 0x11b, 0x5, &(0x7f0000000140)=0x4000, 0x4) bind$xdp(r1, &(0x7f00000002c0)={0x2c, 0x0, r3}, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f0000000300), r0) 10.844616163s ago: executing program 1: openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0), 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x88, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000740)='cgroup2\x00', 0x0, 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@xino_on}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000100)='./bus\x00', 0x100000, &(0x7f0000000200)=ANY=[], 0x1, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cgroup.controllers\x00', 0x275a, 0x0) r4 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) getdents(r4, &(0x7f0000001fc0)=""/184, 0x20002078) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x13) 10.775953214s ago: executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) syz_mount_image$erofs(&(0x7f00000001c0), &(0x7f0000000400)='./file0\x00', 0x809, &(0x7f0000000200)=ANY=[@ANYRES64=0x0, @ANYRES8, @ANYRESOCT, @ANYRES64, @ANYRES16, @ANYBLOB="8dc89e7744fa9283c8fa8c347820bdca1970caa5351156b73b183e1dc9fbec51f67262d0581ba26188990a74a6c6019862883960ebdace93bbf50ef802a5cdd5b03697b62f712512c7fe60cf519a4e60ca1894b0469dde3b32722ee8a3ea588ce873083729be815cc269c3"], 0xff, 0x210, &(0x7f0000000440)="$eJzsmb9rFEEUx7+zu9lNggg2FjYpDBgxyf44lTQHKoiVIERRy8NswukmJ5cVkoBwh42NpYigpf+AhcXVdjZiY6GFPxAsvFKwEEZmdnZvbm/3PGFFJO9TzL15b968mdm5b7ELgiD2LZ8+fv/w4NzK5UUABzAPR/m/moMxhjb+/eM7Jx7Wzz95/u7Zy62Dd3v5+eoAOB/0X38eX58BHZy1S+Pzonk07LsCA8eVfRVZ7k8uSTohGK6rwE3Nbs0oIwqXb7SitfVmFHqi8UUTiKam17IA9LsMawCm5d44Z1p8e3fvViOKwnbemOJpneFQWr84q9AYc3yd1KirX7E+8byu3b/XFf1l5fdgJGcJwIcBX9k1MKwqewUO5gBkR6Lt/4g1mN+cZP//ymA/kmsgPIeWKi9h4k+ynqL4Evz/xuJbYNjDnepr4czfWDzLe8QfOvMc7vdejWZ9qaS6kLvRkFPNvljZZZPCBe15XVBj3sxG0cXJF9/JK5c9TstEYEbqB7OAY5o+WbAy/XDjzdvu9u7eUnOzsRFuhFtBUDvtnfS8U4G73nTguVKhSwXQwrTUp1lt/qmSsTazsdOI47a/A8RtP+sHSasp7uqL1jeZY0j9M7BwNJlDHLLctlNcg2nFmRy9YJYuniAIgiAIgiAIgiAIgiAI4rekLyMZgDkwJJ9A5IcqXkJwSWb8CgAA//8pOFyp") r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000280)=ANY=[@ANYBLOB="9feb0100180000000000000024000000240000000b000000050000000200000401000080000000000400000003000000080000001a0000000000000000000000002e3061612e"], 0x0, 0x47}, 0x20) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x22000406, &(0x7f0000000180)={[{@dioread_lock}, {@noblock_validity}, {@abort}, {@init_itable}, {@auto_da_alloc}, {@grpjquota, 0x2e}, {@nouid32}, {@errors_remount}, {@jqfmt_vfsv1}, {@grpid}], [], 0x2c}, 0x84, 0x4aa, &(0x7f0000000740)="$eJzs3M9vFFUcAPDvTGn5TQviD34oq2hsRFtaUDl4QKMJFxMTPeCxlkqQAobWRAiRagwejX+BejQx8eTFkybGqCeNV70bE2K4gB5MzezOtLPtbtluf6yyn0+y2/dm3ux735l5u2/ndTaArlXJnpKIbRHxa0T017L1BSq1P7duXBn/68aV8SRmZ1/+M6mWu3njynhRtNhua54ZTCPS95PY16DeqUuXz45NTk5czPPD0+feHJ66dPmJM+fGTk+cnjg/euzY0SMjTz81+uSqxJnFdXPvOxf27znx6kcvjs/Gaz98nrV3W76+HEfNwIrrrEQlZnPzS/uqz4+s+NX/W7aX0smGDjaEZemJiOxw9Vb7f3/0xPzB648X3pvLfNuhBgJrJvts2rloaU/+N537/ALuRIk+Dl2q+MTPvv8Wj/Ucf3Ta9Wez54lq/LfyR21N7XtQMlD7xt7TZPvjK6x/W0ScnPn74+wRDa9DAACsrq+z8c/jjcZ/adxTKrcjn0MZiIhDEbErIu6KiN0RcXdEtey9EXHfMuuvLMgvHv/8vLmtwFqUjf+eyee26sd/aV4imcttr8bfm7x+ZnLicL5PBqN3Y5YfWaKOb57/5cNm6yql8V/2yOovxoJ5O/7YsLF+m1Nj02MrCLnO9Xcj9m5oFH8yNxOQ7YE9EbG3jdfP9tmZxz7bn6V3bF28/vbxL2EV5plmP414tHb8Z2JB/IWkVlOz+cnhTTE5cXi4OCsW+/Gnay+V872ldF38m1qLaVO7wTaQHf8tDc//PP6iGxTztVPLr+Pabx80/U6z+PgncXKmXCI//0vvAtn535e8Uk335cveHpuevjgS0ZcvqFs+Or9tkS/KZ/EPHmzc/3dF/PNJvt2+iMhO4vsj4oGIOJC3/cGIeCgiDi4R//fPPfzG0nuozfN/FWTxn1rq+EcMJOX5+jYSPWe/+6pZ/a29/x2tpgbzJa28/7XawJXsOwAAAPi/SKtz0Ek6VKRLF6d2x5Z08sLU9KFKvHX+VG2ueiB60+JKV3/peuhIfm24yI8uyB+JiJ3V/zTaXM0PjV+Y3N7JwIHqvTp1/T/SdGiotu73Zv/0Atw5ljWPVr478IsvV78xwLpyvyZ0L/0fupf+D91L/4fu1aj/X4241YGmAOvM5z90L/0fupf+D91L/4eutPiW+OKHFtq5038+sevEijZf88Rs/5q88szyt+pZo0ij/KMdTRNJRLRXRaRLl+lrofaOJdLbljne5m5ZRuJAntgYEa1udXXd9mpn35cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABWy78BAAD//8XZ3Pk=") r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d40)={0x11, 0x5, &(0x7f00000000c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x3c}, [@generic={0x3f, 0x4, 0x4, 0x9, 0x1}, @alu={0x4, 0x0, 0x3, 0x2, 0x0, 0x0, 0x10}]}, &(0x7f00000003c0)='GPL\x00', 0x7ad6, 0xb6, &(0x7f0000000c80)=""/182, 0x0, 0x1, '\x00', 0x0, 0x0, r1, 0x8, 0x0, 0x0, 0x10, &(0x7f00000006c0)={0x3, 0x0, 0x0, 0x4}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000700)=[r3, r3, r3, r3, r3, r2, r3], 0x0, 0x10, 0x1}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000e00)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x40003}, 0x85) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x9, 0x4, &(0x7f0000000040)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x0, 0x1, 0x26}], {0x95, 0x0, 0x700}}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xd}, 0x80) syz_open_dev$MSR(&(0x7f0000000180), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x2, 0x0) r4 = socket$inet(0x2, 0x3, 0x6) setsockopt$sock_int(r4, 0x1, 0x2e, &(0x7f0000000180)=0x207f, 0x4) shutdown(r4, 0x0) pidfd_getfd(0xffffffffffffffff, r0, 0x0) recvmmsg(r4, &(0x7f00000066c0), 0xa0d, 0x0, 0x0) sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet6_IPV6_DSTOPTS(0xffffffffffffffff, 0x29, 0x3b, &(0x7f0000000080)=ANY=[], 0x8) 10.566744457s ago: executing program 0: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000008000)={0x1, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="b70000000000000007000000000000009500000000000000a9171809f8dcf159569d5475991f7de1a0d0c119cfcf6b98741c23fb7f8d3002ec85db75af955427e91496087a51a0a78f269a9e216a0d0177c4fe3552396a180330807a5b6e8c79aa92038c78d1f16c1323f0e023bd2a9eca19e0c8d45c641a21757847cb22230e4321cc3581e40c62c4defee8cffe359cfeef7f58fffdb48647d28ae810f6d22d20271e9e88e94aa6982bf48356652b08e2fbd404e41e0058aae0478fbe542b648421d1b4486a542a7d478fbe6b5e000000293853f9c68e235184b7ad5b6c4fe70ec8320500db0db7fda3da6171a05509ffecef2cb9802d4f36c9a1ce46d3b355fec188ccfc2f0fc89e164561fb06ee9a0153981a47b5de9edd3536d5534f9a699f73b2c9341d2d05043748ce1f4577ed76cdf5b3c697089daa4abda69a8c0c992404610a6be9e103c972459065dec0488e85a6a0418fc87dd8019ef7bb4ef4fa6ee08d81797570578f2e8198e687012f25a69a90e7515e35f8abbddfa96c3f0485f01f0e9e144a2bd31c1b594c50de7c9efd826f1e19b7bd89ca4052b1985287bd13957a48467e0eeddf564d175bf4340885b63976df609806c3b2a3667539dfd6"], &(0x7f0000003ff6)='syzkaller\x00', 0x1, 0xbd, &(0x7f00000002c0)=""/189, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0xa, 0x1}, 0x8}, 0x90) r3 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_int(r3, 0x1, 0x1000000000000f, &(0x7f0000000080)=0x7fffffff, 0x4) setsockopt$sock_attach_bpf(r3, 0x1, 0x34, &(0x7f0000000040)=r2, 0x4) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000010c0), 0x52000, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, 0x0) r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000001080)='/proc/locks\x00', 0x0, 0x0) fcntl$lock(r5, 0x25, &(0x7f0000002380)) r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/ip6_tables_matches\x00') preadv(r6, &(0x7f0000000100)=[{&(0x7f0000000180)=""/253, 0xfd}], 0x1, 0x101, 0x0) setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x14, &(0x7f0000000040)={0x77359400}, 0x10) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4}, 0x48) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r7, &(0x7f0000000180), &(0x7f00000000c0)=@tcp6}, 0x20) recvmsg(0xffffffffffffffff, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000740)=[{&(0x7f00000003c0)=""/128, 0x80}], 0x1}, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000002100)=[{{&(0x7f0000000280)=@file={0x1, './file0\x00'}, 0x6e, 0x0}}], 0x1, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r5}, &(0x7f0000000040), &(0x7f0000000080)=r6}, 0x20) r8 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) 9.637495802s ago: executing program 1: ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x32, 0x4, 0x0, 0x0, 0xc8, 0x66, 0x0, 0x0, 0x0, 0x0, @broadcast, @remote, {[@timestamp={0x44, 0x18, 0x0, 0x0, 0x9, [0x401, 0x0, 0x0, 0x5, 0x0]}, @timestamp_prespec={0x44, 0x44, 0x0, 0x3, 0x0, [{@private=0xa010101}, {@multicast2, 0x5}, {@remote, 0x8}, {@dev={0xac, 0x14, 0x14, 0x32}, 0x659}, {@broadcast, 0x8000}, {@empty}, {@multicast1, 0xffd200}, {@private=0xa010100, 0x7}]}, @timestamp_prespec={0x44, 0x2c, 0x0, 0x3, 0x0, [{@broadcast}, {@remote}, {@private=0xa010101}, {@rand_addr=0x64010101}, {@broadcast, 0x52b1}]}, @noop, @noop, @noop, @lsrr={0x83, 0xf, 0x0, [@private=0xa010102, @rand_addr=0x64010102, @multicast1]}, @rr={0x7, 0x17, 0x0, [@dev, @remote, @multicast1, @private=0xa010102, @remote]}]}}}}}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000240), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r2, 0x0) r3 = dup(r1) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000}) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_RUN(r4, 0xae80, 0x0) syz_mount_image$ext4(&(0x7f0000000bc0)='ext3\x00', &(0x7f0000000240)='./file1\x00', 0x4000, &(0x7f0000000040), 0x2, 0xbb8, &(0x7f00000017c0)="$eJzs3M1rXFUbAPDn3kymaZv3nfTlRawbIyItiNOkkmKLYCsVNy4E3QoN6aSETD9IIjVpFhP9B0RdC24EtSgu7LobRbdutN0qLoQisVEQ0cidjyQ2mTS1M70x/f3gzD3nnpl5nmcuM/cemJkA7luD2U0asT8iTiURpeb+NCKK9V5fRK1xv6XF+bFfF+fHklhefumnJJKIuLk4P9Z6rqS53dsc9EXE188m8b831sednp2bHK1WK1PN8aGZsxcOTc/OPTFxdvRM5Uzl3PCRp0YOjxwZOjrSsVp/++74lV8eef6H2u8f/nH557ffT+J49Dfn1tbRKYMxuPKarFWIiNFOB8tJT7OetXUmhds8KO1yUgAAtJWuuYZ7IErRE6sXb6X4/JtckwMAAAA6YrknYhkAAADY4RLrfwAAANjhWt8DuLk4P9Zq+X4j4d66cSIiBhr1LzVbY6YQtfq2L3ojYs/NJNb+rDVpPOyuDUbE99ePfpK16NLvkDdTW4iIBzc6/km9/oH6r7jX159GxFAH4g/eMv431X+8A/Hzrh+A+9PVE40T2frzX7py/RMbnP8KG5y7/om8z3+t67+lddd/q/X3tLn+e3GLMS598O7FdnNZ/U9fee7jVsviZ9u7KuoO3FiIeKiwUf3JSv1Jm/pPbTFG6c+LlXZzede//F7Egdi4/pZk8/8nOjQ+Ua0MNW43jLHw1chH7eLnXX92/Pe0qb/1/0/tjv+FLcZ45eTJT9ftvL7a3bz+9Mdi8nK9V2zueW10ZmZqOKKYvLB+/+HNc2ndp/UcWf0HH938/b9R/dlnQq35OmRrgYXmNhu/fkvMZy5f+qxdPq31X57H/3Sb47+2/i8L64//m1uM8dgXbx1sN7d2/Zu1LH5rLQwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALWlE9EeSllf6aVouR+yNiP/HnrR6fnrm8fHzr547nc1FDERvOj5RrQxFRKkxTrLxcL2/Oj58y/jJiNgXEe+UdtfH5bHz1dN5Fw8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCKvRHRH0lajog0IpZKaVou550VAAAA0HEDeScAAAAAdJ31PwAAAOx81v8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB02b6Hr15LIqJ2bHe9ZYrNud5cMwO6Lc07ASA3PXknAOSmkHcCQG7ucI3vcgF2oOQ2831tZ3Z1PBcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtq8D+69eSyKidmx3vWWKzbneXDMDui3NOwEgNz2bTRbuXR7AvectDvcva3wguc183+p9an+f2dW1nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADYfvrrLUnLEVFs7iuXI/4TEQPRm4xPVCtDEfHfiPi21LsrGw/nnDMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACdNz07NzlarVamsk4azc7KHp3VTtJ4xWrbJR+du+wUY1uksU07eX8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACQh+nZucnRarUyNZ13JgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDepmfnJker1cpUFzt51wgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQH7+CgAA//9gfgp0") 9.569432653s ago: executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x0, &(0x7f0000000200)=0x4) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r3, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r3, &(0x7f0000000200)="a6", 0x1, 0x0, &(0x7f00000004c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x2df) getsockopt$inet_sctp6_SCTP_ASSOCINFO(r3, 0x84, 0x1, &(0x7f0000000440), &(0x7f0000000480)=0x14) 8.299493911s ago: executing program 2: sendmsg$NL80211_CMD_LEAVE_MESH(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0xfff, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xe24}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x7, &(0x7f0000000540)=ANY=[@ANYRES32, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r5 = creat(&(0x7f0000000500)='./file1\x00', 0x0) fstat(r5, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000140)='./file1\x00', 0x1000811, &(0x7f0000000680)=ANY=[@ANYRES32=r7, @ANYRES16, @ANYRESDEC, @ANYRESDEC=r6, @ANYRES64, @ANYRES16, @ANYRES16, @ANYRESOCT, @ANYRES64=r6, @ANYRESHEX=r7, @ANYBLOB="7c7d95e676a8292ec4b3c08049ee9037b826a9bde5403e72fea52710f6703d28f521423e0b72337c0ad6be85be9ec0feff0618d145b5ac21ebb130039db796978dc49dfdf628dc743d6ec021daa5816ff66f8c18b384d11c68c520feb650f9d06d16db0a86b071b7eec0a719922604e3abe0b54462a7d7546f1c092a3e2cd8b4f73b227a954bc5874162c4f5cc2985a9ff65e1807633c41dec778bf68f0fe74f9a19ff8d23b0259acc035743b9b5dc312cadbc9c1ad0a0729989cb73938a19f2b5d7787c004a12cfc3d5e51326c0c2a1de6d8475", @ANYRES64], 0x2, 0x1d4, &(0x7f00000008c0)="$eJzsmb/vEjEYxp/27gtIjImLg4smkogRjrtDDQsDJu4m4K9NIidBDzBwJkDiQFxcHB1MXP0HHByYHNzcXHVQExMHGZ3PtJS7yq9ADJHE95PQe9q+7du+wDMACIL4b/n29deX51dLtRyA48ggqcZ/GHEM1+I/v3x88UX52qs3n16/75x4MlncjwEIw+3zizTvKgYC1Q/DP1dn1LMGHukb4Lig9C0wWErfBcdNpT0w3FH6gaa7x5TwPete12/cb/meLRpHNK5oinp+E8B0zNAAkFLnY9p8fzh6WPd9r7cojsJ5nqWpXcWm+pmAOa1wlLX6iffr9rOnY9Gf18bW6ueAw1G6CIaq0iUkYVlWXBLt/qfNeH9jm/sfgjiZ3xSTO4ATkvgHgi2OiC90NHJqOvmwvOr7Pg92dr9XlsYFYGnqY/rvdk4oE1gZE/unsNzzmj+ZMCP/KATtR4X+cJRvtetNr+l1XLd4xb5k25fdgjSiWbvB/1LSn9La/kdrYhMsgUE9CHrOAAh6TtR3Z63muNW33Z9yDZf+x5E9N9tDfFTktZOrczD14vIpVNZYe3iCIAiCIAiCIAiCIAiCIIidOAMmfwVVf1SFa3Cvy+jfAQAA//+0A2jN") 8.18255299s ago: executing program 0: capset(&(0x7f0000000100)={0x20071026}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x81, 0xfffffffb}) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x8, 0x4, &(0x7f0000000040)=@framed={{}, [@ldst={0x3, 0x0, 0x3, 0x1, 0x0, 0x8}]}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x80) 7.949078296s ago: executing program 3: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000080)=0x8, 0x4) bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0xe22}, 0x1c) syz_emit_ethernet(0x42, &(0x7f00000000c0)=ANY=[@ANYBLOB="e10000000053e8000000000086dd600164ca000c110020010000000000000000000000000000fe8000000000000000000000000000aa00000e22"], 0x0) 7.41259224s ago: executing program 0: syz_mount_image$vfat(&(0x7f0000000180), &(0x7f0000000000)='./file1\x00', 0x280008a, &(0x7f0000000240)=ANY=[@ANYBLOB='shortname=lower,shortname=win95,rodir,iocharset=default,uni_xlate=0,nonumtail=1,utf8=0,flush,rodir,shortname=win95,shortname=winnt,shortname=win95,showexec,uni_xlate=0,utf8=0,utf8=0,uni_xlate=0,shortname=mixed,\x00'], 0x97, 0x2ad, &(0x7f0000000d40)="$eJzs3b9rO2UYAPDn0vQSdEgEJxE80MHpS9vVJUVaEDspGdRBi21BmiC0UPAHnp1cXRxdXQTBzX/Cxf9AcBXcLFg4ueSuSTSNSTWt+v18hvbte8/z3vNe39J2yJN3nh2eHmVxcvnxj9FuJ9HoRS+ukuhGI2qfxoze5wEA/JddFUX8UoytkpdERHt9ZQEAa7Ty7/9v114SALBmr7/x5qu7Bwd7r2VZO/aHn130y//sy8/j67sn8V4M4ji2ohPXEUVe3Py1UH7cL4oib2albrwwzC/6Zebw7e+r9Xd/jhjlb0cnuqOp2fxXDva2s7Gp/Lys44nq/r0yfyc68fRN8kz+zpz86Kfx4vNT9T+KTvzwbrwfgzgaFTHOj0bEJ9tZ9nLxxa8fvVWWV+Yn+UW/NYqbKDbu+VsDAAAAAAAAAAAAAAAAAAAAAMD/2KOqd04rRv17yqmq/87GdfnFZmS17mx/nnF+Ui9U9weq5EV8Wffn2cqyrKgCJ/nNeKYZzYfZNQAAAAAAAAAAAAAAAAAAAPy7nH/w4enhYHB89o8M6m4A9cv677pOb2rmuVgc3JrcqxGRlsMFK8dGFV7WurCMchNL1/xb1fbgbo/uqdtq/vqbpdf5qt7XXwZvLhHzNwf16To9TOY/w1bUM+36kHw3HZPGkvdKb7tUrHT80rmXOivvPX1yNMgXxESyqLCXfho/uWom+eMu0tFTnZu+WQ2m0mdj2suf5/In5U8S3ToAAAAAAAAAAAAAAAAAAGCtJi/6nXPxcmFqo2itrSwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuFeT9/9fYZBXyUsEp3F2/sBbBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4DHwewAAAP//M+pilA==") r0 = open(0x0, 0x14927e, 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) open(0x0, 0x4100, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000d00)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000440)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$EXT4_IOC_CLEAR_ES_CACHE(0xffffffffffffffff, 0x6628) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x0, 0x0, 0x0, 0xff, 0x0, 0x1}, 0x48) unshare(0x8040480) r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) setsockopt$bt_BT_SECURITY(r4, 0x112, 0x4, &(0x7f0000003000)={0x2}, 0x2) ppoll(&(0x7f00000000c0)=[{r4}], 0x1, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000580)='./file0\x00', 0x0) 7.231460048s ago: executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000140)='./file0\x00', 0x2000000, 0x0, 0x0, 0x0, &(0x7f0000000000)) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x7}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000002200b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) dup2(r3, r0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kmem_cache_free\x00', r3}, 0x10) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) 7.15734819s ago: executing program 2: r0 = open(0x0, 0x400000040, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x0, 0x0, 0x0, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$inet_udp(0x2, 0x2, 0x0) open(&(0x7f00000002c0)='./file0/file0\x00', 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00'}, 0x2d) socket$packet(0x11, 0x0, 0x300) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x13, r0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018000000000000003c0000003c00000002000000000000000100000d020000000000000003000000000000000000000105000000080000000000000000000003000000000200000002"], 0x0, 0x56}, 0x20) 7.075849603s ago: executing program 4: r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000cc0)=ANY=[@ANYBLOB="120100004f92b90857152077ebb7000000010902120001000000000904"], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000f80)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000e00)={0x40, 0x13, 0x6, @local}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r1}, 0x0, &(0x7f00000002c0)}, 0x20) syz_usb_control_io(r0, 0x0, &(0x7f0000001740)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001600)={0x40, 0x19, 0x2, "7cbf"}, 0x0, 0x0, 0x0, 0x0}) 7.03107391s ago: executing program 3: bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00'}, 0x10) socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000004f4b000000000000000000180100002020702000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000fdffffff850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) bpf$MAP_CREATE(0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000000)='sys_enter\x00', r4}, 0x10) timer_create(0x0, &(0x7f0000000040), 0x0) mkdir(&(0x7f0000000540)='./file0\x00', 0x0) r5 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r5, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) connect$inet(0xffffffffffffffff, 0x0, 0x0) 6.754172713s ago: executing program 1: openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0), 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x88, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000740)='cgroup2\x00', 0x0, 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@xino_on}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000100)='./bus\x00', 0x100000, &(0x7f0000000200)=ANY=[], 0x1, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cgroup.controllers\x00', 0x275a, 0x0) r4 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) getdents(r4, &(0x7f0000001fc0)=""/184, 0x20002078) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x13) 4.832625124s ago: executing program 2: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1e7d, 0x2d5a, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000580)={0x2c, &(0x7f0000000300)={0x0, 0x0, 0x5, {0x5, 0x0, "ff4e4a"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) 4.832267524s ago: executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x0, &(0x7f0000000200)=0x4) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r3, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r3, &(0x7f0000000200)="a6", 0x1, 0x0, &(0x7f00000004c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x2df) getsockopt$inet_sctp6_SCTP_ASSOCINFO(r3, 0x84, 0x1, &(0x7f0000000440), &(0x7f0000000480)=0x14) 4.832041554s ago: executing program 3: prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000008000)={0x1, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="b70000000000000007000000000000009500000000000000a9171809f8dcf159569d5475991f7de1a0d0c119cfcf6b98741c23fb7f8d3002ec85db75af955427e91496087a51a0a78f269a9e216a0d0177c4fe3552396a180330807a5b6e8c79aa92038c78d1f16c1323f0e023bd2a9eca19e0c8d45c641a21757847cb22230e4321cc3581e40c62c4defee8cffe359cfeef7f58fffdb48647d28ae810f6d22d20271e9e88e94aa6982bf48356652b08e2fbd404e41e0058aae0478fbe542b648421d1b4486a542a7d478fbe6b5e000000293853f9c68e235184b7ad5b6c4fe70ec8320500db0db7fda3da6171a05509ffecef2cb9802d4f36c9a1ce46d3b355fec188ccfc2f0fc89e164561fb06ee9a0153981a47b5de9edd3536d5534f9a699f73b2c9341d2d05043748ce1f4577ed76cdf5b3c697089daa4abda69a8c0c992404610a6be9e103c972459065dec0488e85a6a0418fc87dd8019ef7bb4ef4fa6ee08d81797570578f2e8198e687012f25a69a90e7515e35f8abbddfa96c3f0485f01f0e9e144a2bd31c1b594c50de7c9efd826f1e19b7bd89ca4052b1985287bd13957a48467e0eeddf564d175bf4340885b63976df609806c3b2a3667539dfd6"], &(0x7f0000003ff6)='syzkaller\x00', 0x1, 0xbd, &(0x7f00000002c0)=""/189, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0xa, 0x1}, 0x8}, 0x90) r3 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_int(r3, 0x1, 0x1000000000000f, &(0x7f0000000080)=0x7fffffff, 0x4) setsockopt$sock_attach_bpf(r3, 0x1, 0x34, &(0x7f0000000040)=r2, 0x4) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000010c0), 0x52000, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, 0x0) r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000001080)='/proc/locks\x00', 0x0, 0x0) fcntl$lock(r5, 0x25, &(0x7f0000002380)) r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/ip6_tables_matches\x00') preadv(r6, &(0x7f0000000100)=[{&(0x7f0000000180)=""/253, 0xfd}], 0x1, 0x101, 0x0) setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x14, &(0x7f0000000040)={0x77359400}, 0x10) r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4}, 0x48) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r7, &(0x7f0000000180), &(0x7f00000000c0)=@tcp6}, 0x20) recvmsg(0xffffffffffffffff, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000740)=[{&(0x7f00000003c0)=""/128, 0x80}], 0x1}, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000002100)=[{{&(0x7f0000000280)=@file={0x1, './file0\x00'}, 0x6e, 0x0}}], 0x1, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r5}, &(0x7f0000000040), &(0x7f0000000080)=r6}, 0x20) r8 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) 4.827931405s ago: executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x14, 0x0, 0x0, 0x80000000}, 0x48) mkdir(0x0, 0x0) socket$netlink(0x10, 0x3, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r4}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x1, 0x4, 0x0, &(0x7f00000002c0)='GPL\x00', 0x5, 0xbc, &(0x7f0000000300)=""/188, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000080), 0x10}, 0x90) syz_open_dev$tty1(0xc, 0x4, 0x1) write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000000000)={0xf, {"a2e3ad21ed0d09f91b3d090987f70906d038e7ff7fc6e5539b0d3d0e8b089b3c310068090890e0878f0e1ac6e7049b334a959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070b074a0936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b6080000007a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb15da202d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) syz_emit_ethernet(0xfdef, 0x0, 0x0) 3.751312093s ago: executing program 0: r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002120702500000000000500207b1af8ff00000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) dup2(r0, 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) pipe(0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x0, 0x0, 0x7fe2}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xa, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x73, 0x11, 0x7a}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6}, 0x70) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000001440)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a505000000007751e841cca555077e3a159110193dd2ff1fa7c3205bfedbe9d8f3bd23cd78a07e32fe0231368b2264f9c504b2f1f65515b2e1a38d522be18bd10a48b043ccc42646d25dfd73d06d7535f7866925d86751dfced1fd8accae669e173a659c1cfd6587d47578f4c35235138d5521f9453559c35da860e8efbcbfb42c30d294a55e1c46680bee88956f2b3599f455c7a3a49a01010000009f2f0517e4ca0e1803a20000000013d4e21b3336f1ae0796f23526ec0fd97f7325eac34c4dfafe7cc03b0864009d2e7d7ff6ff72ba8972b122b09789d99b3d0524f39d5ae913b2d22eb2c09244ba5dbe9180950f76f7049db5cb19d7962fed44e00f39ed8c13a11fa798de504e2865cd81f2b77fdd76c677f812d249c8130b018d4300000020000000db3947c85c3a9027ce9e856fa8b7fb05000000000000593d60abc9b3e67d127e56f3d3759dcfeb820634fd4d419efaefc74305b2bea2000600000051fcf5d62205561b6efaad206335a309f7b9e01446a6285f4665a7fe3cda2349f8bf400100000000000000f40f420ee83f2d9babe7b922401639ce3c4ff0850a8e078374909413f3fbd3ced3285252dc81a46ef7ce29484dc6b6adfd7a4db730fc594609654d97836f171b766ffd7526847a6bfda9c648e8aa5c558aa6d463ec9d840f3914909187b6b0776952be71b0417d33d3ab25493418ba0fbacf768e07c1a939d31f606085b9e3efc93b0f58d5ec37494d9d10d76e603129e9a726579ac7d672cacd581b7ca77b3610b74039fffd42051d4b7443e5b49c000000000000007d6173050027791c9c1e04ad3711a66da2254a6f911b1469c62a6e1e3f9c1715c009a58e6eadac8f61b45853673df72dc813f7454ae22d79ac48034282f03040889500000000179dcf66d93907cedd49e0c5752f755849953957143a0335d2f62acbf18b251ce63b29fe177745448ccc925770fac12cf9e291200df6bb669d5a57dd74df817ef2f8698f710c359afe73947afebdf5536e4db8b0231d0cbc798766ec60586f14b44775bc9d250e4515cb83275d3b495fa90000e69a68b47ac4595463e1442d88e0606a060000cc914fae896ab129ccdf8792a8435972c8391d132a2fcbd40e865d62cc7c4200000000000000000000000000000800002a77fbbccfdb1ab3d8434905f09726b8145ea99c7640faab578dc98a6134df0a10a54ce7e7ddbb709a27d977d1f91ab9ee940700009594c9a50961b7fcc56d82584dc8254df7c411fa61353a6897c4f3b9f152fdf6f2ab47adb29aefecce96c94f360e129c9f2af569c794b68b2ead404bcdd4aa9cb6a128e1ad45fd4030e1e69adf4986b7860f3122d59c079f0f9a1732f691590f45512aec4ed2413f66cac7dd022301741c576dea82005b166d6c3b9ed0c297ac197a92188a618745e78dca0b3c62f1601243089d9c687563382b0b88a7d80fd7bf7fae8a690f52db1464d29b1b926414cd35705c89662c585e32c881d917b74f027674dbc017499ba15a2e2900000000000000000000000000007b593ecbdd162fee9f239a3c615b3e9a3fb0af254bdd247a5a5abdbc0123c950eec0f1800b295be71418dd65de15e11beef9630499c70fce74135a7c7c8e818b79b85ff65d59d89492d7a663d3f25651e252ab49d358eac853ffe182ee37a5db085a072647719cb8604ba2e0b80af3f1867bd8fb6afca671437e0a5a9d5a088436739262d894986882ec0fb419a377ef47f4920a5de6d8de0d3090b4cb6b773e825442d351f980eed0d997a4d98a5121e941b145e2186546c646128a3e69f52fcad83a026def90b9eb55f4a0a2251bbae428c6c017b5a47f1580831a7ce232857e6aa9e777e99da1a3ad03fdc93fa7ed96228deac5e3bce983971041297a6ba18783a2edc7e3901cc891035872c61e7ea375b0902be0c5cc7fdef968ba1ca17ce5e11f2f384cd28c1194f56d3cf074e8ba4e60e84dc2f352c3cd170581aee0c93ca8ceff84cda40325d340759e79e5c4bcec227e37f7ec2193c78877fb319ec1f2d4dcf1d46a15cde1d6cecce6ecdb0c0a3413394d51341a7b3606ad8c29b6dbf6be3265b528c3208de35161bfe19678df43a45b314e5a0f8754cfaf4f9d3fdf9c8f7b7c296bf2e632d25ba8ee6369b362a8e4c9dff176d482d32249c93680a04f6464f184acfd0376662fee9e1031e569248db9bc724cdd97976a4d7c5c5172d1383fa1e442f68a14b747a9f2597bf115dd0111fe8ba3584a43176f33bd39a408f8648b19839bba9cc47624ea19e46dbbdf0faf591bcdc8613828a0c5a40c04ae34bbf4a0e27828b0c7cb9d7a7455db030425a4bd69cf6dcb4b1d066f8ef4ea1c710e05819df82d5cc94ace6b41c2de37a2eaf24f24b3d9a7dd4d197d51407be3e90000000000000000dbc0b0d6e11ccb71437ebea7ad01d5b93a7a0561e4a1b3fa1aa9c75f3aaec4ace1b6201a3e007b657be62df59133b4d8f0f145d9fc954cc7792077268bf0977e2a699722ce3dbb97248b8a8a771dd0f7d9c97e6587524a44fd6d49330ccbc39ca277b84f7f0a39759ef0b42388bd69fe341a925e8cdc5d7b2d6ddb7331a081bd0672bf4d02255de095a179e51bf5492d4e89c3cbad59db725c0dd7e35cbd9887175286a37d7621a361eb830cc5b842b11b5d040ccceb254d6a0c9c43718d0816bb2465928e236101b8cd46b5ef9cb930378a9249cbb41b92fe3caef70845cde9bb78d71c512153d2f1d765b56d2e5ef3e3d34975787646630051074c9706747fda873ccfdb394fc269c8cfadc0a52c3402f3920001ddd312969ecc08a99f5a3be58de34149af8360a7db3f301e656c5485d5de03be99b04e3593e8e18d7b635ca24a915c82122ac7a5bf6d011ee91573d66fc9522a76fa00211d62dc123fd51d1cb2ce1d4f3a62f99e2d93b2d34324a962a3762b6e8d7d3a7f73af6eb264b44822d8847442c3df4771df9a5d79443174b191878fe586facc18035f09fd70a137809ce970e31c4e6a8e48ce2fc30316087caaa2ed0bda52e969fda35236ac9aedb241a114a8cf1c49b8bd3f73c1c67d7968db4f71202d63bb0963cf128d"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6}, 0x70) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000240)='kmem_cache_free\x00', r4}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000002340)=ANY=[@ANYBLOB="b702000022000000bfa300000000000007030000007effff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065060400010000050404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000496cf27fb6d2c643db7e2d5fb4b0936cdf827fb43a431ca711fcd0cdfa146ed3d09a6175037958e27106e225b7937f02008b5e5a076d83923dd29c034055b67dafe6c8dc525d78c07f34e4d5b3185b310efcfa89147a09000000f110026e6d2ef831ab7ea0c34f17e3ad6eecbb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b0a341a2d7cbdb9cd38bdb2ca8e0500009cb20d03e7564c35a8d36774d5e5003a14817ac61e4dd19699a13477bf7e060e3670ef0e789f65f105006704902cbe7bc04b82d2789cb132b8667c214733a18c8b6619f28d9961b626c57c2691208173656d60a17e3c184b751c51160fbcbbdb5b1e7be6148ba532e60a0ac346dfebd31a080600000002000000ff000000334d83239dd27080e71113610e10d858e8327ef01fb6c86acac12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e957bc73ddc4eabba08ab1e1ad828267d4eadd3957663e88535c133f7130856f756436303767d2e24f29e5dad9796edb697a6ea0182babc190ae2ebf8aad34732181feb215139f15ea7e8cb0bae7c34d5ac5e7c805210600000000000000c3dec04b25dfc17975238345d4f71ab158c36657b7218baa0700f781c0a99bd50499ccc421ace5e845885efb5b9964ecbeba3da8223fe5308e4e65ee93e107000000f8ddebf70132a4d0175b989b8eccf707882042e716df9b57b290c661d4e85031086197bcc5cb0e221a0c34323c129102b6ff0100002e88a1940b3c02ed9c92d6f64b1282dc51bb0015982730711c599e1c72ffa11ed8be1a6830d7507005154c46bd3ca96318c570f0721fc7aa2a5836ba99fe1f86468694f22cdf550ef091a78098534f0d973059594119d06d5ea9a8d0857382ec6e2a071474cfc12346e47ad97f4ead7cf70a9d1cdac944779dc08a705414888700a30e2366c6a06b3367a389ca00010000790017b0689a173db9c24db65c1e00015c1d093dab18fd063e9c7080397bc49d70c060d57bc88fbe3bbaa058b040362ab926150363fb099408885afc2bf9a46a076b7babfcddeff8c35030669ea69f5e4be1b8e0d6697e97186f9ae97d5670dba6623279f73db9dec75070cd9ab0fda6b069ef6d2857ca3e4effcf7462710d133d541da86e0477e4a6cc999dc21c3ef408e6b178e7c9f274d7fafc8d757d33dfa35aa2000034837d365e63845f3c1092f8dde8af3904ea0f4b82649b83ed4fa0f873339c4cadecc13219ba7518aa4f7db34ead13484742067ab743c1d82a5687f2ed690000000000000000000000000000000000000000000099d4fa0000000000003f0ecdc7c82e72919c91d2039afe17e95edeeeba72205beff7771bcb293747b88486cacec403000000a2919a4bff2ed893f2c814679fa69fc7e0cf761f918725704a01c56009a9f748e5aaf30a10bd8c409b1870c1f75e26b45264e3d3f8e0048e55ae289ce2ad779ce71d4dc30cbb2cc4289d2f884d66cddc76eb7f601110ff39057c1f395968e23c262279f4ef00fbdb8c338615a9ec84f27a9f3938ae736138b8c1ec220c1540bf3d162dc1c27fa30f0dc60b9f257db5d1c7ed2e152cb2cf06f8edb30177fead735a952ffce676a93110904d5ee2abdab2ef3ff84c4d61443f73552195c7ccfbf9f03c44432eaa3b7501d4239354da8de21eada75d3a3afb2c76ff0700007981699b6c0f0e946766f57544ff52cef0dd811bec4e3c0a30f2d7d19d26d2503a3ea376721b8eded3bc475958dd498ee2b2d6146e33fc0de1dc2e0516ac565ddb1d4ae89e6712824a85eb9ee0a3b68c9e209756623adf685dd715d68ed11e4b4d5502f5124948f8f98c615cac3666c58f785c3f758be352a71871d5c081197d37980e4f4e26b5476fb20407ff7098b7174bef66fa03a99b5c1c20b378065fac4ef9ac2d0d804b9400000060e5d3f1749f6aecf69ba83a71caa9bdddc679f1b826f54b6563a4be1fd82b73c8c2bc65f63982b951fb058fd3c7b6341c4580376b6c16bd94d2da66059de81abfa15eeeb88b6ae5882ad341032c73f1285e21fff5a1d138e061b1dc7bbda199b5fab8e0719e9cd69b47dcb52b0be6a3a73afdf328132e1d4f21065716be0c53a23940d07188b015fa341dbc92231c8b5e5717eac184f46c9f61b69f55cd2231bcf821052429a1f250e8b734be0605a15f25923d599544b319319ff0a32621019347df460a098119a6f47eb1bac47946d7a009cbc6ec74c19a93cc7c7138b28c95270116181fd5f553572548104d2ad0e10d3663488e664401030022f0d76d2162635365258af61ae1f46f4a7862f302d91e3f7c2781f602220522e84602a939a8d5e4137ae31ccd397404dc72e06715a6503d4d865182803ee6725da7293b23daeebefd6fce7411c9624a7e8d5ba5a13e1c32adc4f32744a8c6882a72475e4280a4d9a47c003c6ed3071330c58145be813a10788a720a6b5a498ca2b42496c479a0a71e2f6f9bad8c84bc6be20281bde0b348cf2c60538a505ad4a0510eebb023e4954c9eb6cd70627f5c03d867dbf3ad5d1f1dc852064dd0efafc3df20ec8faf3d194db76127f88f284fa1b71ab964fdd2474471da76373e65e9a8bf844bdfdd348bc7d00c4c7e7afe8a1f8cde79b7a6c5aafe954b8ba37818e40c14b37c23f9f614576b689436fef2f27f8b1e756e00262e22bca49c43fd73e7e99b2fa44a8c1db99c2cf2735ad6c5fabf082e0df0f8ba7e24272165f2f5b28230c02b53d44bd84bf6770157e96bbb96b5e1f165c87e7ad68a3600b3d357fa9a7d53c281d88ebb175a4dbb82130e6970982947913110f091d21760d985afd3163f2e6880682432f9b3b97d57a9f980ede51116a3d04d58872a07d6a7e12db673acd2f7b8988d833e71943fe2c1c60100f36b955c56b55bfd3ecf0af694c71a03f2996c15b1ba971de1cb9c7e6a0000000000000014783ef54c51199317413f98dca8ff3d0bda50f6c0af58dbd6c031b1a5a7512c5896514adfa17d31429c68db50a93d88199defd3b4625fea426ff9293a28a544a6a9e2a79b55daa1b3c6b14c4ec6d164e902ce4913843d65d841973468729ea12bf6d3499036dbb66718f3497855c3baa6cc07c0fa388ec9df0617c1a28ef5a595ee267a76175b8a057e6efaf4fefe46def451f2858fe71a53e77b1a44e98843bb3a40102da3703dfb9f61bdcea2fb810b32d52e2157a150a63ea6135d1cf6f864c2e6887dd7245bc5d61dc5a114d10ffb22e76678bbfc1e3865d17d128306d1b81884a934cb00000000000000000098a4526e6468987dbc63bff7590eb388afaba43d811996333eef7e9f472bee440b293f0c40d434b8be07cbd52325296e22802493edb5c590ad208bac683a8b2d4c9d2d57ff846ae8c422e0b28546671f11d8157bb762c91f3fbc8b8e21589c92446ae65d408c0637ffcc2d44d715ce003dd1e12b085e186d069a55c2e96efbe5024d61a56a36d988c0f51a973a6c545b28211a92000000001501aed8972af0fcd540a9d4e293690c5e697b3a1480e46df5371bca1cfb28a57c1b3c956ec81397e81fbf870a67385fea04220423f52ad8178b9fd04bdc7e5fee4bd52db996e633792118efdb6b88023e80da74fdf723c7f05e96d738989f2c8b1e6b3a9716b6130a09e2698b12d8ae4d329f305fde3e8dec42eae3c69988ad568543a715755110c8dff124a6ba9ee1dc32ea7d17a35a420133c7df262a30cbff8790d80fd4def27ff1b268014daec1b0d1d2864bf010801f092efac0b349b86631d2a7455a72c0e7f43730b78e9beb255188acb12f3770fcc2223ba034181d9c3acef5b6d9ee77883ca12cfd68a5db88cc945a5c377c4ee2da24351905240b0b1920429109032ddc3cf9bf4ba32f594d45478bca432bdeb1a21fd5b5c2c416ed8eeabade9e2002b4e714dc3d7476fa52fedc0d0e6bed973e3aa468597810c13a8c40d9845bf0080850f309ec4dc5f88ef54bc3272918944178203e706674d8402f8ccd86d33edb1894e46b793641e9bf407b7c8b2b4b555f07467c96828163ce30fd4c24b108df352bc32eae5b1e3adecf6cf8d2bc3549f49c14a553683499b707a422e98082456c0dcf3f7155db062dfad1e92af9708dca9b70a77f4b88c06f8ee7a43df5f5ac21a6ed194102abaa097097f544896db197fa4dc32c420640a48bc6e79c214c21fc2312d4f9f4f489a52f5774d8339c2e03f979c9ee9a23e8f6f7d3aec1100c9949095ed29deabeebc420cfdf909dbecf8acc871b627bb358bd5ab90db253acf496d9b6a3374c86558a38537a821aa092794333ac26edb8b06370d7b0fa2db01c24534b33431132dc386178651682b5446d519dbc4fdcc69cfb60afe6cbd4d3ea2bcfa9d10bf14cb169009d7d7cc02ff1f03941916f046dcd6fa0c0d25c2189c349481633fdd841f8cca89757c2528b8334e76f37b8c43271a2820c33a2e631e4ed3060b7f0ab4e264a022f17647d511e44c3c594bbff7f0047450d74bf891cb2452f4093d3a77c4b7316218e50bedff67f529f78e52a0ac3af2a8414078aaadfe77e14a1647fe521a947a0489ca384989f391d2b005aaa970457a4f3e0c0f488b4228b33b08ff78581bf5d07446992ad520b2e"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000900)={0xffffffffffffffff, 0x18000000000002a0, 0xf, 0x0, &(0x7f0000000040)="76389e147583ddd0569ba56a5cfd55", 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) 3.738594855s ago: executing program 4: r0 = open(&(0x7f0000000100)='./bus\x00', 0x400145042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x7800007, 0x12, r0, 0x0) r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ftruncate(r1, 0x81fd) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000dc0)=[{&(0x7f0000000340)="1b3b351333f3a3b13679144b0600000000000000de5829aceff19492e9ba6875841285b877fac97b183e950017761d4433127df4ffeab47d3545970ac2571b8775e05a2ec30dbc2154f17ddb1da5b2411d093471a30c77ca0d06d1576a43cbd422dd9fc5aeeef4a0a53a5d93a9b5b000bba7223848aa6b97abe164077f7737311f187ffdfefdae072f6c3d59bf3a7d1565", 0x91}, {&(0x7f00000001c0)="8ec1cc54649640be1983f79c5bfe88cd6a6afd5570ab59578db363f4", 0x1c}, {&(0x7f0000000840)="b0fef28adda655a00a8ce0bb7d504206000000000000001abe0a88f67472c3cd975c9884ae01084df2b7f556e2a043b74efe85a30267fae395e8a051934cefd1a1f19f89180ab1fe20a7e4088d8a3f4304feafe592c403cb5d1991683fcbda9a1404998bc92cb28946223165c906e2bed23adce7939d37148e79c6b485db91083de9905e7de49fd8837cf3792d697bf8b29b9c6e8daee80e86778a4a2426e6459d4a30ad36b138b31570d8342f9bd5635f4888c4c60793a6e21acbc4749413f629ba4de97b84ed9acc06a3d29ef68cd6d32fc4398429c472891f8e244d27a4b6241083efd4ecd2c92d91399de6ddcafbcd07000000000000009d1b7d60c898340102268c474bf8b7db27c8787b34cae8a9c676907ec017733c1ece82e11b99a4bdc74c8d9d1871be6af0fef62b529af9ab1f37d60a2f967d715b301856b033a7e7dac74416447a090f7b6693bbd2deaf5eebbfc9adff299bafcf57774d0c993f5524409672b4f35409a8720dc2b78f83198096c60126f911fd42c29cd6fa311e2c8daef3927ccdc90436b2b6ee4cfffffffffffffff8d9b7977fff6c4293065de2ff26a041e67954f68871d010d377f9ba1ee447b5bfd5b9d3711b3ea5c6361a97d4d46b8b406091be9433f950613083805aa4ae31e3aef57eb8d299548df54dffb7c4af7f00a869c6bdbc6c2bd1a83262981638ae365b2611d2b50c5f000000d620e2a52db4283dc90000000000000000000000000000f676fce6502229acaace64eb2390025dd834dc9d6eea", 0x22d}], 0x3}, 0x0) recvmsg(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)=[{0x0}], 0x1, &(0x7f0000001d00)=""/4080, 0xff0}, 0x0) close(r2) 3.429707263s ago: executing program 1: r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195}, 0x48) close(r0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r4, r3, 0x26}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r4}, &(0x7f0000000000), &(0x7f0000000080)=r0}, 0x20) recvmsg$unix(r1, &(0x7f00000004c0)={&(0x7f0000000180), 0x6e, &(0x7f0000000100)=[{&(0x7f00000006c0)=""/179, 0x22fe0}], 0x1}, 0x0) sendmsg$inet(r2, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000280)='>', 0x33fe0}], 0x1}, 0x0) 2.669410142s ago: executing program 4: sendmsg$NL80211_CMD_LEAVE_MESH(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0xfff, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xe24}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x7, &(0x7f0000000540)=ANY=[@ANYRES32, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r5 = creat(&(0x7f0000000500)='./file1\x00', 0x0) fstat(r5, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000140)='./file1\x00', 0x1000811, &(0x7f0000000680)=ANY=[@ANYRES32=r7, @ANYRES16, @ANYRESDEC, @ANYRESDEC=r6, @ANYRES64, @ANYRES16, @ANYRES16, @ANYRESOCT, @ANYRES64=r6, @ANYRESHEX=r7, @ANYBLOB="7c7d95e676a8292ec4b3c08049ee9037b826a9bde5403e72fea52710f6703d28f521423e0b72337c0ad6be85be9ec0feff0618d145b5ac21ebb130039db796978dc49dfdf628dc743d6ec021daa5816ff66f8c18b384d11c68c520feb650f9d06d16db0a86b071b7eec0a719922604e3abe0b54462a7d7546f1c092a3e2cd8b4f73b227a954bc5874162c4f5cc2985a9ff65e1807633c41dec778bf68f0fe74f9a19ff8d23b0259acc035743b9b5dc312cadbc9c1ad0a0729989cb73938a19f2b5d7787c004a12cfc3d5e51326c0c2a1de6d8475", @ANYRES64], 0x2, 0x1d4, &(0x7f00000008c0)="$eJzsmb/vEjEYxp/27gtIjImLg4smkogRjrtDDQsDJu4m4K9NIidBDzBwJkDiQFxcHB1MXP0HHByYHNzcXHVQExMHGZ3PtJS7yq9ADJHE95PQe9q+7du+wDMACIL4b/n29deX51dLtRyA48ggqcZ/GHEM1+I/v3x88UX52qs3n16/75x4MlncjwEIw+3zizTvKgYC1Q/DP1dn1LMGHukb4Lig9C0wWErfBcdNpT0w3FH6gaa7x5TwPete12/cb/meLRpHNK5oinp+E8B0zNAAkFLnY9p8fzh6WPd9r7cojsJ5nqWpXcWm+pmAOa1wlLX6iffr9rOnY9Gf18bW6ueAw1G6CIaq0iUkYVlWXBLt/qfNeH9jm/sfgjiZ3xSTO4ATkvgHgi2OiC90NHJqOvmwvOr7Pg92dr9XlsYFYGnqY/rvdk4oE1gZE/unsNzzmj+ZMCP/KATtR4X+cJRvtetNr+l1XLd4xb5k25fdgjSiWbvB/1LSn9La/kdrYhMsgUE9CHrOAAh6TtR3Z63muNW33Z9yDZf+x5E9N9tDfFTktZOrczD14vIpVNZYe3iCIAiCIAiCIAiCIAiCIIidOAMmfwVVf1SFa3Cvy+jfAQAA//+0A2jN") 2.472050363s ago: executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) syz_mount_image$erofs(&(0x7f00000001c0), &(0x7f0000000400)='./file0\x00', 0x809, &(0x7f0000000200)=ANY=[@ANYRES64=0x0, @ANYRES8, @ANYRESOCT, @ANYRES64, @ANYRES16, @ANYBLOB="8dc89e7744fa9283c8fa8c347820bdca1970caa5351156b73b183e1dc9fbec51f67262d0581ba26188990a74a6c6019862883960ebdace93bbf50ef802a5cdd5b03697b62f712512c7fe60cf519a4e60ca1894b0469dde3b32722ee8a3ea588ce873083729be815cc269c3"], 0xff, 0x210, &(0x7f0000000440)="$eJzsmb9rFEEUx7+zu9lNggg2FjYpDBgxyf44lTQHKoiVIERRy8NswukmJ5cVkoBwh42NpYigpf+AhcXVdjZiY6GFPxAsvFKwEEZmdnZvbm/3PGFFJO9TzL15b968mdm5b7ELgiD2LZ8+fv/w4NzK5UUABzAPR/m/moMxhjb+/eM7Jx7Wzz95/u7Zy62Dd3v5+eoAOB/0X38eX58BHZy1S+Pzonk07LsCA8eVfRVZ7k8uSTohGK6rwE3Nbs0oIwqXb7SitfVmFHqi8UUTiKam17IA9LsMawCm5d44Z1p8e3fvViOKwnbemOJpneFQWr84q9AYc3yd1KirX7E+8byu3b/XFf1l5fdgJGcJwIcBX9k1MKwqewUO5gBkR6Lt/4g1mN+cZP//ymA/kmsgPIeWKi9h4k+ynqL4Evz/xuJbYNjDnepr4czfWDzLe8QfOvMc7vdejWZ9qaS6kLvRkFPNvljZZZPCBe15XVBj3sxG0cXJF9/JK5c9TstEYEbqB7OAY5o+WbAy/XDjzdvu9u7eUnOzsRFuhFtBUDvtnfS8U4G73nTguVKhSwXQwrTUp1lt/qmSsTazsdOI47a/A8RtP+sHSasp7uqL1jeZY0j9M7BwNJlDHLLctlNcg2nFmRy9YJYuniAIgiAIgiAIgiAIgiAI4rekLyMZgDkwJJ9A5IcqXkJwSWb8CgAA//8pOFyp") r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000280)=ANY=[@ANYBLOB="9feb0100180000000000000024000000240000000b000000050000000200000401000080000000000400000003000000080000001a0000000000000000000000002e3061612e"], 0x0, 0x47}, 0x20) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x22000406, &(0x7f0000000180)={[{@dioread_lock}, {@noblock_validity}, {@abort}, {@init_itable}, {@auto_da_alloc}, {@grpjquota, 0x2e}, {@nouid32}, {@errors_remount}, {@jqfmt_vfsv1}, {@grpid}], [], 0x2c}, 0x84, 0x4aa, &(0x7f0000000740)="$eJzs3M9vFFUcAPDvTGn5TQviD34oq2hsRFtaUDl4QKMJFxMTPeCxlkqQAobWRAiRagwejX+BejQx8eTFkybGqCeNV70bE2K4gB5MzezOtLPtbtluf6yyn0+y2/dm3ux735l5u2/ndTaArlXJnpKIbRHxa0T017L1BSq1P7duXBn/68aV8SRmZ1/+M6mWu3njynhRtNhua54ZTCPS95PY16DeqUuXz45NTk5czPPD0+feHJ66dPmJM+fGTk+cnjg/euzY0SMjTz81+uSqxJnFdXPvOxf27znx6kcvjs/Gaz98nrV3W76+HEfNwIrrrEQlZnPzS/uqz4+s+NX/W7aX0smGDjaEZemJiOxw9Vb7f3/0xPzB648X3pvLfNuhBgJrJvts2rloaU/+N537/ALuRIk+Dl2q+MTPvv8Wj/Ucf3Ta9Wez54lq/LfyR21N7XtQMlD7xt7TZPvjK6x/W0ScnPn74+wRDa9DAACsrq+z8c/jjcZ/adxTKrcjn0MZiIhDEbErIu6KiN0RcXdEtey9EXHfMuuvLMgvHv/8vLmtwFqUjf+eyee26sd/aV4imcttr8bfm7x+ZnLicL5PBqN3Y5YfWaKOb57/5cNm6yql8V/2yOovxoJ5O/7YsLF+m1Nj02MrCLnO9Xcj9m5oFH8yNxOQ7YE9EbG3jdfP9tmZxz7bn6V3bF28/vbxL2EV5plmP414tHb8Z2JB/IWkVlOz+cnhTTE5cXi4OCsW+/Gnay+V872ldF38m1qLaVO7wTaQHf8tDc//PP6iGxTztVPLr+Pabx80/U6z+PgncXKmXCI//0vvAtn535e8Uk335cveHpuevjgS0ZcvqFs+Or9tkS/KZ/EPHmzc/3dF/PNJvt2+iMhO4vsj4oGIOJC3/cGIeCgiDi4R//fPPfzG0nuozfN/FWTxn1rq+EcMJOX5+jYSPWe/+6pZ/a29/x2tpgbzJa28/7XawJXsOwAAAPi/SKtz0Ek6VKRLF6d2x5Z08sLU9KFKvHX+VG2ueiB60+JKV3/peuhIfm24yI8uyB+JiJ3V/zTaXM0PjV+Y3N7JwIHqvTp1/T/SdGiotu73Zv/0Atw5ljWPVr478IsvV78xwLpyvyZ0L/0fupf+D91L/4fu1aj/X4241YGmAOvM5z90L/0fupf+D91L/4eutPiW+OKHFtq5038+sevEijZf88Rs/5q88szyt+pZo0ij/KMdTRNJRLRXRaRLl+lrofaOJdLbljne5m5ZRuJAntgYEa1udXXd9mpn35cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABWy78BAAD//8XZ3Pk=") r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d40)={0x11, 0x5, &(0x7f00000000c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x3c}, [@generic={0x3f, 0x4, 0x4, 0x9, 0x1}, @alu={0x4, 0x0, 0x3, 0x2, 0x0, 0x0, 0x10}]}, &(0x7f00000003c0)='GPL\x00', 0x7ad6, 0xb6, &(0x7f0000000c80)=""/182, 0x0, 0x1, '\x00', 0x0, 0x0, r1, 0x8, 0x0, 0x0, 0x10, &(0x7f00000006c0)={0x3, 0x0, 0x0, 0x4}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000700)=[r3, r3, r3, r3, r3, r2, r3], 0x0, 0x10, 0x1}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000e00)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x40003}, 0x85) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x9, 0x4, &(0x7f0000000040)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x0, 0x1, 0x26}], {0x95, 0x0, 0x700}}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xd}, 0x80) syz_open_dev$MSR(&(0x7f0000000180), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x2, 0x0) r4 = socket$inet(0x2, 0x3, 0x6) setsockopt$sock_int(r4, 0x1, 0x2e, &(0x7f0000000180)=0x207f, 0x4) shutdown(r4, 0x0) pidfd_getfd(0xffffffffffffffff, r0, 0x0) recvmmsg(r4, &(0x7f00000066c0), 0xa0d, 0x0, 0x0) sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet6_IPV6_DSTOPTS(0xffffffffffffffff, 0x29, 0x3b, &(0x7f0000000080)=ANY=[], 0x8) 2.380625398s ago: executing program 1: ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x32, 0x4, 0x0, 0x0, 0xc8, 0x66, 0x0, 0x0, 0x0, 0x0, @broadcast, @remote, {[@timestamp={0x44, 0x18, 0x0, 0x0, 0x9, [0x401, 0x0, 0x0, 0x5, 0x0]}, @timestamp_prespec={0x44, 0x44, 0x0, 0x3, 0x0, [{@private=0xa010101}, {@multicast2, 0x5}, {@remote, 0x8}, {@dev={0xac, 0x14, 0x14, 0x32}, 0x659}, {@broadcast, 0x8000}, {@empty}, {@multicast1, 0xffd200}, {@private=0xa010100, 0x7}]}, @timestamp_prespec={0x44, 0x2c, 0x0, 0x3, 0x0, [{@broadcast}, {@remote}, {@private=0xa010101}, {@rand_addr=0x64010101}, {@broadcast, 0x52b1}]}, @noop, @noop, @noop, @lsrr={0x83, 0xf, 0x0, [@private=0xa010102, @rand_addr=0x64010102, @multicast1]}, @rr={0x7, 0x17, 0x0, [@dev, @remote, @multicast1, @private=0xa010102, @remote]}]}}}}}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000240), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r2, 0x0) r3 = dup(r1) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000}) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_RUN(r4, 0xae80, 0x0) syz_mount_image$ext4(&(0x7f0000000bc0)='ext3\x00', &(0x7f0000000240)='./file1\x00', 0x4000, &(0x7f0000000040), 0x2, 0xbb8, &(0x7f00000017c0)="$eJzs3M1rXFUbAPDn3kymaZv3nfTlRawbIyItiNOkkmKLYCsVNy4E3QoN6aSETD9IIjVpFhP9B0RdC24EtSgu7LobRbdutN0qLoQisVEQ0cidjyQ2mTS1M70x/f3gzD3nnpl5nmcuM/cemJkA7luD2U0asT8iTiURpeb+NCKK9V5fRK1xv6XF+bFfF+fHklhefumnJJKIuLk4P9Z6rqS53dsc9EXE188m8b831sednp2bHK1WK1PN8aGZsxcOTc/OPTFxdvRM5Uzl3PCRp0YOjxwZOjrSsVp/++74lV8eef6H2u8f/nH557ffT+J49Dfn1tbRKYMxuPKarFWIiNFOB8tJT7OetXUmhds8KO1yUgAAtJWuuYZ7IErRE6sXb6X4/JtckwMAAAA6YrknYhkAAADY4RLrfwAAANjhWt8DuLk4P9Zq+X4j4d66cSIiBhr1LzVbY6YQtfq2L3ojYs/NJNb+rDVpPOyuDUbE99ePfpK16NLvkDdTW4iIBzc6/km9/oH6r7jX159GxFAH4g/eMv431X+8A/Hzrh+A+9PVE40T2frzX7py/RMbnP8KG5y7/om8z3+t67+lddd/q/X3tLn+e3GLMS598O7FdnNZ/U9fee7jVsviZ9u7KuoO3FiIeKiwUf3JSv1Jm/pPbTFG6c+LlXZzede//F7Egdi4/pZk8/8nOjQ+Ua0MNW43jLHw1chH7eLnXX92/Pe0qb/1/0/tjv+FLcZ45eTJT9ftvL7a3bz+9Mdi8nK9V2zueW10ZmZqOKKYvLB+/+HNc2ndp/UcWf0HH938/b9R/dlnQq35OmRrgYXmNhu/fkvMZy5f+qxdPq31X57H/3Sb47+2/i8L64//m1uM8dgXbx1sN7d2/Zu1LH5rLQwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALWlE9EeSllf6aVouR+yNiP/HnrR6fnrm8fHzr547nc1FDERvOj5RrQxFRKkxTrLxcL2/Oj58y/jJiNgXEe+UdtfH5bHz1dN5Fw8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCKvRHRH0lajog0IpZKaVou550VAAAA0HEDeScAAAAAdJ31PwAAAOx81v8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB02b6Hr15LIqJ2bHe9ZYrNud5cMwO6Lc07ASA3PXknAOSmkHcCQG7ucI3vcgF2oOQ2831tZ3Z1PBcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtq8D+69eSyKidmx3vWWKzbneXDMDui3NOwEgNz2bTRbuXR7AvectDvcva3wguc183+p9an+f2dW1nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADYfvrrLUnLEVFs7iuXI/4TEQPRm4xPVCtDEfHfiPi21LsrGw/nnDMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACdNz07NzlarVamsk4azc7KHp3VTtJ4xWrbJR+du+wUY1uksU07eX8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACQh+nZucnRarUyNZ13JgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDepmfnJker1cpUFzt51wgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQH7+CgAA//9gfgp0") 2.340782594s ago: executing program 3: bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x1, 0x8, 0x8}, 0x48) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r0}, 0x10) r1 = socket$inet6(0xa, 0x800000000000002, 0x0) setsockopt$inet6_udp_int(r1, 0x11, 0x0, &(0x7f0000000000), 0x4) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f00000003c0)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000440)='sched_switch\x00', r6}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x400ad00, &(0x7f0000000080)={0xa, 0x4e21, 0x0, @dev}, 0x1c) sendto$inet6(r1, 0x0, 0x0, 0x0, 0x0, 0x0) listen(0xffffffffffffffff, 0x0) 201.651739ms ago: executing program 2: r0 = open(0x0, 0x400000040, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x0, 0x0, 0x0, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$inet_udp(0x2, 0x2, 0x0) open(&(0x7f00000002c0)='./file0/file0\x00', 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00'}, 0x2d) socket$packet(0x11, 0x0, 0x300) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x13, r0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018000000000000003c0000003c00000002000000000000000100000d020000000000000003000000000000000000000105000000080000000000000000000003000000000200000002"], 0x0, 0x56}, 0x20) 0s ago: executing program 3: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="180000000900000000000000213f0000c50000000e800000850000000e00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00'}, 0x90) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) close(r1) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000002090000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r1}, 0x10) r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='mmap_lock_acquire_returned\x00', r0}, 0x10) r4 = bpf$ITER_CREATE(0xb, &(0x7f0000000300)={r3}, 0x8) write$cgroup_int(r4, &(0x7f00000001c0), 0xfffffdef) kernel console output (not intermixed with test programs): wlan0: link becomes ready [ 72.892202][ T3623] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 72.902911][ T3623] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 72.904887][ T3658] ext4 filesystem being mounted at /root/syzkaller-testdir1703885873/syzkaller.WGRS8o/0/bus supports timestamps until 2038 (0x7fffffff) [ 72.929912][ T3571] device veth0_macvtap entered promiscuous mode [ 72.973462][ T3647] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 72.983123][ T32] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.002469][ T3571] device veth1_macvtap entered promiscuous mode [ 73.014359][ T32] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.053318][ T3647] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.076333][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.100766][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.117969][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 73.126256][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 73.146433][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 73.162825][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 73.185758][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 73.232380][ T102] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 73.239446][ T3571] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.259607][ T102] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 73.277299][ T3571] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.338582][ T3571] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.390366][ T3571] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.496687][ T3571] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.550702][ T3571] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.647939][ T3572] Bluetooth: hci1: command tx timeout [ 73.653411][ T3572] Bluetooth: hci0: command tx timeout [ 73.659535][ T3578] Bluetooth: hci3: command tx timeout [ 73.701453][ T3571] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 73.712585][ T3571] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 73.728401][ T3572] Bluetooth: hci4: command tx timeout [ 73.733860][ T3572] Bluetooth: hci2: command tx timeout [ 73.756966][ T3571] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 73.848174][ T3618] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 73.868060][ T3618] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 73.913501][ T3618] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 74.001907][ T3571] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 74.059040][ T3571] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.141106][ T3571] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 74.164071][ T3571] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.175600][ T3571] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 74.191761][ T3571] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.201875][ T3571] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 74.228268][ T3571] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 74.246291][ T3571] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 74.287851][ T3582] EXT4-fs (loop2): unmounting filesystem. [ 74.445072][ T3664] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 74.628358][ T3616] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 75.028451][ T3616] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 75.176996][ T3664] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 75.179805][ T3616] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 75.189071][ T3571] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.216859][ T3571] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.257273][ T3616] usb 1-1: New USB device found, idVendor=056a, idProduct=00f8, bcdDevice= 0.00 [ 75.275328][ T3616] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 75.337580][ T3616] usb 1-1: config 0 descriptor?? [ 75.365945][ T3571] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.381449][ T3571] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.594322][ T3744] netem: change failed [ 75.943960][ T3692] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 75.944021][ T3692] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.077751][ T3616] wacom 0003:056A:00F8.0001: hidraw0: USB HID v0.00 Device [HID 056a:00f8] on usb-dummy_hcd.0-1/input0 [ 76.103284][ T3685] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 76.103352][ T3685] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 76.150985][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 76.151690][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 76.247863][ T3631] usb 1-1: USB disconnect, device number 2 [ 76.287748][ T3616] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 76.667486][ T3616] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 76.695740][ T3616] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 76.747212][ T3616] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 76.772130][ T3772] loop1: detected capacity change from 0 to 512 [ 76.788810][ T3616] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 255 [ 76.833483][ T3616] usb 3-1: New USB device found, idVendor=04d8, idProduct=c002, bcdDevice= 0.00 [ 76.867090][ T3616] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 76.889250][ T3616] usb 3-1: config 0 descriptor?? [ 76.898937][ T3772] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 76.983303][ T3772] ext4 filesystem being mounted at /root/syzkaller-testdir1426981909/syzkaller.qi58kZ/3/bus supports timestamps until 2038 (0x7fffffff) [ 77.200176][ T3018] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 77.421307][ T3616] hid-picolcd 0003:04D8:C002.0002: unknown main item tag 0x0 [ 77.457251][ T3018] usb 4-1: Using ep0 maxpacket: 16 [ 77.554205][ T3616] hid-picolcd 0003:04D8:C002.0002: No report with id 0x11 found [ 77.580817][ T3018] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 11 [ 77.730361][ T3616] usb 3-1: USB disconnect, device number 2 [ 77.737851][ T3018] usb 4-1: config 1 interface 0 altsetting 3 endpoint 0xB has invalid wMaxPacketSize 0 [ 77.880086][ T3018] usb 4-1: config 1 interface 0 altsetting 3 bulk endpoint 0xB has invalid maxpacket 0 [ 78.045424][ T3018] usb 4-1: config 1 interface 0 altsetting 3 endpoint 0x8A has invalid wMaxPacketSize 0 [ 78.077584][ T3018] usb 4-1: config 1 interface 0 altsetting 3 bulk endpoint 0x8A has invalid maxpacket 0 [ 78.098318][ T3018] usb 4-1: config 1 interface 0 has no altsetting 0 [ 78.105059][ T3018] usb 4-1: New USB device found, idVendor=04e6, idProduct=0003, bcdDevice= 1.77 [ 78.127696][ T3018] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 78.195150][ T3574] EXT4-fs (loop1): unmounting filesystem. [ 78.198822][ T3018] ums-sddr09 4-1:1.0: USB Mass Storage device detected [ 78.411801][ T3018] scsi host1: usb-storage 4-1:1.0 [ 79.303232][ T3018] usb 4-1: USB disconnect, device number 2 [ 80.334390][ T3858] 9pnet_fd: Insufficient options for proto=fd [ 80.366410][ T3860] syz-executor.4 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 80.542077][ T3864] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 80.698372][ T3839] loop2: detected capacity change from 0 to 40427 [ 80.737300][ T3839] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 80.770483][ T3839] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 80.831483][ T3839] F2FS-fs (loop2): invalid crc value [ 80.883659][ T3839] F2FS-fs (loop2): Found nat_bits in checkpoint [ 80.904982][ T3846] loop1: detected capacity change from 0 to 40427 [ 80.943672][ T3846] F2FS-fs (loop1): invalid crc value [ 81.002275][ T3846] F2FS-fs (loop1): Found nat_bits in checkpoint [ 81.051766][ T3839] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 81.063536][ T3839] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 81.128664][ T3846] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4 [ 81.190929][ T26] audit: type=1800 audit(1718752287.853:2): pid=3846 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="loop1" ino=10 res=0 errno=0 [ 81.305093][ T26] audit: type=1800 audit(1718752287.923:3): pid=3846 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="loop1" ino=10 res=0 errno=0 [ 81.358182][ T3574] syz-executor.1: attempt to access beyond end of device [ 81.358182][ T3574] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 81.636408][ T1148] cfg80211: failed to load regulatory.db [ 82.055425][ T3870] loop3: detected capacity change from 0 to 40427 [ 82.117182][ T3870] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 82.169823][ T3870] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 82.220584][ T3870] F2FS-fs (loop3): invalid crc value [ 82.253962][ T3883] binder: 3881:3883 ioctl c0306201 0 returned -14 [ 82.280065][ T3870] F2FS-fs (loop3): Found nat_bits in checkpoint [ 82.481152][ T3870] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 82.490914][ T3870] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 83.595442][ T3618] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 83.857278][ T3618] usb 5-1: Using ep0 maxpacket: 16 [ 83.976503][ T3700] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 83.986000][ T3618] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 11 [ 84.003474][ T3618] usb 5-1: config 1 interface 0 altsetting 3 endpoint 0xB has invalid wMaxPacketSize 0 [ 84.035043][ T3700] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 84.062654][ T3618] usb 5-1: config 1 interface 0 altsetting 3 bulk endpoint 0xB has invalid maxpacket 0 [ 84.103141][ T3618] usb 5-1: config 1 interface 0 altsetting 3 endpoint 0x8A has invalid wMaxPacketSize 0 [ 84.149317][ T3618] usb 5-1: config 1 interface 0 altsetting 3 bulk endpoint 0x8A has invalid maxpacket 0 [ 84.164440][ T3618] usb 5-1: config 1 interface 0 has no altsetting 0 [ 84.172722][ T3618] usb 5-1: New USB device found, idVendor=04e6, idProduct=0003, bcdDevice= 1.77 [ 84.186834][ T3618] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 84.289242][ T3618] ums-sddr09 5-1:1.0: USB Mass Storage device detected [ 84.374912][ T3911] 9pnet_fd: Insufficient options for proto=fd [ 84.526591][ T3618] scsi host1: usb-storage 5-1:1.0 [ 84.737738][ T3618] usb 5-1: USB disconnect, device number 2 [ 84.846827][ T3919] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.855070][ T3919] bridge0: port 1(bridge_slave_0) entered forwarding state [ 85.565903][ T3927] binder: 3926:3927 ioctl c0306201 0 returned -14 [ 85.885712][ T3916] loop1: detected capacity change from 0 to 40427 [ 85.926102][ T3916] F2FS-fs (loop1): invalid crc value [ 86.005198][ T3916] F2FS-fs (loop1): Found nat_bits in checkpoint [ 86.292665][ T3916] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4 [ 86.333546][ T26] audit: type=1800 audit(1718752292.993:4): pid=3916 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="loop1" ino=10 res=0 errno=0 [ 86.409685][ T3574] syz-executor.1: attempt to access beyond end of device [ 86.409685][ T3574] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 86.415469][ T26] audit: type=1800 audit(1718752292.993:5): pid=3916 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="loop1" ino=10 res=0 errno=0 [ 87.022146][ T3945] 9pnet_fd: Insufficient options for proto=fd [ 87.366241][ T3955] ======================================================= [ 87.366241][ T3955] WARNING: The mand mount option has been deprecated and [ 87.366241][ T3955] and is ignored by this kernel. Remove the mand [ 87.366241][ T3955] option from the mount to silence this warning. [ 87.366241][ T3955] ======================================================= [ 88.393558][ T3966] syz-executor.1[3966] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 88.393676][ T3966] syz-executor.1[3966] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 88.654423][ T3977] 9pnet_fd: Insufficient options for proto=fd [ 88.765853][ T3978] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 88.775764][ T3978] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 89.455008][ T3978] syz-executor.4 (3978) used greatest stack depth: 19776 bytes left [ 90.166685][ T26] audit: type=1800 audit(1718752296.823:6): pid=4004 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=1960 res=0 errno=0 [ 90.350408][ T26] audit: type=1800 audit(1718752296.823:7): pid=4004 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=1960 res=0 errno=0 [ 92.260774][ T4016] loop1: detected capacity change from 0 to 32768 [ 93.676196][ T26] audit: type=1800 audit(1718752300.333:8): pid=4047 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=1964 res=0 errno=0 [ 93.791323][ T26] audit: type=1800 audit(1718752300.393:9): pid=4042 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor.1" name="memory.events" dev="loop1" ino=7 res=0 errno=0 [ 94.049420][ T4050] loop4: detected capacity change from 0 to 128 [ 94.096422][ T4050] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1) [ 94.238675][ T4035] loop0: detected capacity change from 0 to 40427 [ 94.303441][ T4035] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 94.331367][ T4035] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 94.385354][ T4035] F2FS-fs (loop0): invalid crc value [ 94.500683][ T4035] F2FS-fs (loop0): Found nat_bits in checkpoint [ 94.913773][ T4035] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 94.954155][ T4035] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 95.777775][ T4078] loop1: detected capacity change from 0 to 8192 [ 96.082746][ T4078] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 96.570492][ T4046] loop2: detected capacity change from 0 to 40427 [ 96.603498][ T4046] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 96.637981][ T4046] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 96.709101][ T4046] F2FS-fs (loop2): Failed to start F2FS issue_checkpoint_thread (-12) [ 97.128475][ T4092] loop3: detected capacity change from 0 to 128 [ 97.177446][ T4092] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1) [ 97.342759][ T26] audit: type=1800 audit(1718752304.003:10): pid=4087 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor.1" name="memory.events" dev="loop1" ino=1048599 res=0 errno=0 [ 98.278104][ T4113] tipc: Can't bind to reserved service type 0 [ 100.453262][ T4122] process 'syz-executor.4' launched './file1' with NULL argv: empty string added [ 102.476294][ T4145] loop4: detected capacity change from 0 to 256 [ 102.645328][ T4145] syz-executor.4: attempt to access beyond end of device [ 102.645328][ T4145] loop4: rw=2049, sector=256, nr_sectors = 12 limit=256 [ 105.190473][ T4179] loop3: detected capacity change from 0 to 1024 [ 105.261235][ T4179] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 105.290353][ T4171] loop2: detected capacity change from 0 to 32768 [ 105.339836][ T4157] loop0: detected capacity change from 0 to 40427 [ 105.486917][ T4157] F2FS-fs (loop0): invalid crc value [ 105.568508][ T3576] EXT4-fs (loop3): unmounting filesystem. [ 105.579087][ T4157] F2FS-fs (loop0): Found nat_bits in checkpoint [ 105.994937][ T4169] loop4: detected capacity change from 0 to 40427 [ 106.299802][ T4169] F2FS-fs (loop4): invalid crc value [ 106.349409][ T4169] F2FS-fs (loop4): Found nat_bits in checkpoint [ 106.449182][ T4169] F2FS-fs (loop4): Cannot turn on quotas: -2 on 1 [ 106.465706][ T4169] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 106.668162][ T3571] syz-executor.4: attempt to access beyond end of device [ 106.668162][ T3571] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 108.049327][ T4219] loop0: detected capacity change from 0 to 256 [ 109.036161][ T26] audit: type=1326 audit(1718752315.693:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4225 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f456767cf29 code=0x0 [ 109.135605][ T4229] capability: warning: `syz-executor.4' uses 32-bit capabilities (legacy support in use) [ 109.702299][ T4211] loop2: detected capacity change from 0 to 40427 [ 109.723491][ T4242] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 109.738482][ T4211] F2FS-fs (loop2): invalid crc value [ 109.795882][ T4211] F2FS-fs (loop2): Found nat_bits in checkpoint [ 110.004996][ T4211] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 110.045836][ T26] audit: type=1804 audit(1718752316.703:12): pid=4211 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir1703885873/syzkaller.WGRS8o/35/file0/file0" dev="loop2" ino=10 res=1 errno=0 [ 110.968295][ T4255] loop0: detected capacity change from 0 to 256 [ 110.983076][ T4234] loop3: detected capacity change from 0 to 40427 [ 111.024138][ T4234] F2FS-fs (loop3): invalid crc value [ 111.073638][ T4255] syz-executor.0: attempt to access beyond end of device [ 111.073638][ T4255] loop0: rw=2049, sector=256, nr_sectors = 12 limit=256 [ 111.074887][ T4234] F2FS-fs (loop3): Found nat_bits in checkpoint [ 111.256294][ T4234] F2FS-fs (loop3): Cannot turn on quotas: -2 on 1 [ 111.282874][ T4234] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 111.414357][ T3582] syz-executor.2: attempt to access beyond end of device [ 111.414357][ T3582] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 111.443176][ T3576] syz-executor.3: attempt to access beyond end of device [ 111.443176][ T3576] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 112.116624][ T4275] loop0: detected capacity change from 0 to 256 [ 112.158935][ T4275] FAT-fs (loop0): Unrecognized mount option "uid=.›¹ŠÂ)B­ðlé¶ê€éSJ¸bù¨Ȇ¿mSA°KÀ´ìþ¹Þj" or missing value [ 112.266773][ T4275] loop0: detected capacity change from 0 to 256 [ 114.506472][ T4295] loop2: detected capacity change from 0 to 256 [ 114.674208][ T4297] syz-executor.3 (pid 4297) is setting deprecated v1 encryption policy; recommend upgrading to v2. [ 116.908821][ T4324] netlink: 104 bytes leftover after parsing attributes in process `syz-executor.4'. [ 116.956343][ T4326] loop3: detected capacity change from 0 to 256 [ 117.398961][ T4334] kvm: emulating exchange as write [ 117.412549][ T4342] 9pnet_fd: Insufficient options for proto=fd [ 117.421919][ T4341] tap0: tun_chr_ioctl cmd 1074025684 [ 117.554884][ T4343] loop2: detected capacity change from 0 to 4096 [ 117.651069][ T4343] EXT4-fs (loop2): couldn't mount as ext3 due to feature incompatibilities [ 118.735452][ T4359] netlink: 104 bytes leftover after parsing attributes in process `syz-executor.4'. [ 118.791419][ T4361] loop3: detected capacity change from 0 to 256 [ 119.155910][ T4373] 9pnet_fd: Insufficient options for proto=fd [ 120.906796][ T1148] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 122.377320][ T1148] usb 4-1: unable to read config index 0 descriptor/start: -71 [ 122.407229][ T1148] usb 4-1: can't read configurations, error -71 [ 122.439095][ T4401] netlink: 104 bytes leftover after parsing attributes in process `syz-executor.4'. [ 124.042459][ T4428] syz-executor.0[4428] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 124.042563][ T4428] syz-executor.0[4428] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 124.380192][ T4407] loop4: detected capacity change from 0 to 40427 [ 124.404249][ T4432] loop3: detected capacity change from 0 to 256 [ 124.457846][ T4432] FAT-fs (loop3): Unrecognized mount option "uid=.›¹ŠÂ)B­ðlé¶ê€éSJ¸bù¨Ȇ¿mSA°KÀ´ìþ¹Þj" or missing value [ 124.492876][ T4407] F2FS-fs (loop4): invalid crc value [ 124.541333][ T4407] F2FS-fs (loop4): Found nat_bits in checkpoint [ 124.602495][ T4432] loop3: detected capacity change from 0 to 256 [ 124.744841][ T4407] F2FS-fs (loop4): Cannot turn on quotas: -2 on 1 [ 124.802417][ T4407] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 124.838333][ T4002] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 125.254501][ T4435] f2fs_ckpt-7:4: attempt to access beyond end of device [ 125.254501][ T4435] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 127.358954][ T4458] device pim6reg1 entered promiscuous mode [ 127.488689][ T3584] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 127.498558][ T3584] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 127.506909][ T3578] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 127.527615][ T3584] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 127.535243][ T3584] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 127.542899][ T3584] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 128.182329][ T4476] loop0: detected capacity change from 0 to 1024 [ 128.238357][ T4476] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 128.301489][ T4461] chnl_net:caif_netlink_parms(): no params data found [ 128.364877][ T4476] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 128.441949][ T4476] Quota error (device loop0): find_block_dqentry: Quota for id 0 referenced but not present [ 128.473991][ T4476] Quota error (device loop0): qtree_read_dquot: Can't read quota structure for id 0 [ 128.509415][ T4476] EXT4-fs error (device loop0): ext4_acquire_dquot:6777: comm syz-executor.0: Failed to acquire dquot type 1 [ 128.668491][ T3585] EXT4-fs (loop0): unmounting filesystem. [ 128.734173][ T4461] bridge0: port 1(bridge_slave_0) entered blocking state [ 128.761969][ T4461] bridge0: port 1(bridge_slave_0) entered disabled state [ 128.808919][ T4461] device bridge_slave_0 entered promiscuous mode [ 128.868006][ T4461] bridge0: port 2(bridge_slave_1) entered blocking state [ 128.875220][ T4461] bridge0: port 2(bridge_slave_1) entered disabled state [ 128.952280][ T4461] device bridge_slave_1 entered promiscuous mode [ 129.080834][ T4461] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 129.121245][ T4461] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 129.220033][ T4472] loop3: detected capacity change from 0 to 40427 [ 129.251127][ T4472] F2FS-fs (loop3): invalid crc value [ 129.286199][ T4461] team0: Port device team_slave_0 added [ 129.308693][ T4472] F2FS-fs (loop3): Found nat_bits in checkpoint [ 129.326438][ T4461] team0: Port device team_slave_1 added [ 129.439913][ T4461] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 129.474274][ T4461] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 129.508737][ T4500] loop0: detected capacity change from 0 to 256 [ 129.528752][ T4472] F2FS-fs (loop3): Cannot turn on quotas: -2 on 1 [ 129.558892][ T4472] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 129.569716][ T3572] Bluetooth: hci5: command tx timeout [ 129.624271][ T4461] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 129.710402][ T4461] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 129.757810][ T4461] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 129.811394][ T4500] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x5b196f7a, utbl_chksum : 0xe619d30d) [ 129.889494][ T4461] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 129.961155][ T3576] syz-executor.3: attempt to access beyond end of device [ 129.961155][ T3576] loop3: rw=524288, sector=45064, nr_sectors = 8 limit=40427 [ 130.037911][ T3576] syz-executor.3: attempt to access beyond end of device [ 130.037911][ T3576] loop3: rw=0, sector=45064, nr_sectors = 8 limit=40427 [ 130.149778][ T4461] device hsr_slave_0 entered promiscuous mode [ 130.205862][ T4461] device hsr_slave_1 entered promiscuous mode [ 130.235664][ T4461] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 130.265901][ T4461] Cannot create hsr debugfs directory [ 130.297540][ T4506] syz-executor.4[4506] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 130.297650][ T4506] syz-executor.4[4506] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 130.342600][ T3724] kworker/u4:22: attempt to access beyond end of device [ 130.342600][ T3724] loop3: rw=2049, sector=45096, nr_sectors = 24 limit=40427 [ 130.926872][ T4461] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 131.173273][ T3018] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 131.417402][ T3018] usb 3-1: Using ep0 maxpacket: 32 [ 131.538339][ T3018] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 131.635563][ T3018] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 131.648581][ T3572] Bluetooth: hci5: command tx timeout [ 131.863662][ T3018] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 131.934839][ T3018] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 131.985672][ T3018] usb 3-1: config 0 descriptor?? [ 132.043836][ T4461] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 132.081541][ T3018] hub 3-1:0.0: USB hub found [ 132.271974][ T4461] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 132.287497][ T3018] hub 3-1:0.0: 1 port detected [ 132.323833][ T4524] loop4: detected capacity change from 0 to 1024 [ 132.356379][ T4524] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 132.384620][ T4524] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 132.545635][ T4524] Quota error (device loop4): find_block_dqentry: Quota for id 0 referenced but not present [ 132.576530][ T4461] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 132.599355][ T4524] Quota error (device loop4): qtree_read_dquot: Can't read quota structure for id 0 [ 132.647260][ T4524] EXT4-fs error (device loop4): ext4_acquire_dquot:6777: comm syz-executor.4: Failed to acquire dquot type 1 [ 132.683854][ T11] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 132.769490][ T1252] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.775885][ T1252] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.793602][ T3571] EXT4-fs (loop4): unmounting filesystem. [ 132.805606][ T3018] usb 3-1: USB disconnect, device number 3 [ 132.930821][ T11] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 133.044841][ T11] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 133.158848][ T11] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 133.296201][ T4461] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 133.307214][ T3613] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 133.367893][ T4461] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 133.396607][ T4461] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 133.624006][ T4461] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 133.807742][ T3584] Bluetooth: hci5: command tx timeout [ 134.197449][ T3613] usb 5-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 134.238671][ T3572] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 134.262416][ T3613] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 134.309594][ T3572] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 134.318936][ T3572] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 134.330615][ T3572] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 134.339004][ T3572] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 134.346353][ T3572] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 134.375010][ T3613] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 134.426213][ T3613] usb 5-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 134.517458][ T3613] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 134.547181][ T3613] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 134.627563][ T3613] usb 5-1: invalid MIDI out EP 0 [ 134.699119][ T4539] loop0: detected capacity change from 0 to 40427 [ 134.723333][ T4552] mmap: syz-executor.2 (4552) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 134.863108][ T4539] F2FS-fs (loop0): invalid crc value [ 134.951935][ T4461] 8021q: adding VLAN 0 to HW filter on device bond0 [ 135.002882][ T4539] F2FS-fs (loop0): Found nat_bits in checkpoint [ 135.061194][ T3613] snd-usb-audio: probe of 5-1:27.0 failed with error -22 [ 135.110961][ T3613] usb 5-1: USB disconnect, device number 3 [ 135.142440][ T4539] F2FS-fs (loop0): Cannot turn on quotas: -2 on 1 [ 135.226973][ T4539] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 135.236805][ T3618] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 135.250324][ T3618] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 135.305711][ T4461] 8021q: adding VLAN 0 to HW filter on device team0 [ 135.354277][ T4557] f2fs_ckpt-7:0: attempt to access beyond end of device [ 135.354277][ T4557] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 135.386598][ T3618] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 135.405893][ T3618] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 135.497739][ T3618] bridge0: port 1(bridge_slave_0) entered blocking state [ 135.505005][ T3618] bridge0: port 1(bridge_slave_0) entered forwarding state [ 135.535084][ T3618] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 135.729032][ T3618] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 135.747776][ T3618] bridge0: port 2(bridge_slave_1) entered blocking state [ 135.754960][ T3618] bridge0: port 2(bridge_slave_1) entered forwarding state [ 135.779197][ T3618] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 135.887395][ T3584] Bluetooth: hci5: command tx timeout [ 136.677348][ T3572] Bluetooth: hci2: command tx timeout [ 136.800618][ T3664] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 136.834313][ T4543] chnl_net:caif_netlink_parms(): no params data found [ 136.889903][ T3620] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 136.974940][ T3664] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 136.994985][ T3664] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 137.034414][ T3664] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 137.054678][ T3664] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 137.770502][ T3664] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 137.779324][ T3664] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 137.993382][ T4461] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 138.048428][ T4461] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 138.105014][ T4601] loop0: detected capacity change from 0 to 1024 [ 138.127690][ T3613] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 138.138287][ T3613] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 138.155691][ T3613] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 138.163750][ T4601] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 138.239716][ T4601] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 138.377910][ T4601] Quota error (device loop0): find_block_dqentry: Quota for id 0 referenced but not present [ 138.417298][ T4601] Quota error (device loop0): qtree_read_dquot: Can't read quota structure for id 0 [ 138.438649][ T4543] bridge0: port 1(bridge_slave_0) entered blocking state [ 138.445787][ T4543] bridge0: port 1(bridge_slave_0) entered disabled state [ 138.486300][ T4601] EXT4-fs error (device loop0): ext4_acquire_dquot:6777: comm syz-executor.0: Failed to acquire dquot type 1 [ 138.525287][ T4543] device bridge_slave_0 entered promiscuous mode [ 138.626835][ T4543] bridge0: port 2(bridge_slave_1) entered blocking state [ 138.638876][ T4543] bridge0: port 2(bridge_slave_1) entered disabled state [ 138.682517][ T4543] device bridge_slave_1 entered promiscuous mode [ 138.687535][ T3572] Bluetooth: hci2: command tx timeout [ 138.711999][ T3585] EXT4-fs (loop0): unmounting filesystem. [ 138.964917][ T4543] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 139.120160][ T4543] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 139.285705][ T4543] team0: Port device team_slave_0 added [ 139.442627][ T4543] team0: Port device team_slave_1 added [ 139.493340][ T4461] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 139.555920][ T3631] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 139.569674][ T3631] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 139.665828][ T4543] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 139.674577][ T4543] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 139.759171][ T4543] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 139.783671][ T4609] loop2: detected capacity change from 0 to 40427 [ 139.790447][ T26] audit: type=1800 audit(1718752346.443:13): pid=4640 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=1954 res=0 errno=0 [ 139.844740][ T4609] F2FS-fs (loop2): invalid crc value [ 139.852385][ T26] audit: type=1800 audit(1718752346.453:14): pid=4640 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=1954 res=0 errno=0 [ 139.925172][ T4609] F2FS-fs (loop2): Found nat_bits in checkpoint [ 140.005483][ T11] device hsr_slave_0 left promiscuous mode [ 140.031720][ T11] device hsr_slave_1 left promiscuous mode [ 140.045857][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 140.071688][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 140.085781][ T4609] F2FS-fs (loop2): Cannot turn on quotas: -2 on 1 [ 140.185927][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 140.213468][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 140.226584][ T4609] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 140.289745][ T11] device bridge_slave_1 left promiscuous mode [ 140.298204][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 140.417052][ T11] device bridge_slave_0 left promiscuous mode [ 140.643322][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 140.768047][ T3572] Bluetooth: hci2: command tx timeout [ 140.977018][ T11] device veth1_macvtap left promiscuous mode [ 140.992101][ T11] device veth0_macvtap left promiscuous mode [ 141.005291][ T11] device veth1_vlan left promiscuous mode [ 141.020379][ T11] device veth0_vlan left promiscuous mode [ 141.093820][ T3582] syz-executor.2: attempt to access beyond end of device [ 141.093820][ T3582] loop2: rw=524288, sector=45064, nr_sectors = 8 limit=40427 [ 141.125708][ T3582] syz-executor.2: attempt to access beyond end of device [ 141.125708][ T3582] loop2: rw=0, sector=45064, nr_sectors = 8 limit=40427 [ 141.239395][ T3685] kworker/u4:8: attempt to access beyond end of device [ 141.239395][ T3685] loop2: rw=2049, sector=40960, nr_sectors = 32 limit=40427 [ 141.438401][ T11] team0 (unregistering): Port device team_slave_1 removed [ 141.454642][ T11] team0 (unregistering): Port device team_slave_0 removed [ 141.470463][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 141.496549][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 141.603520][ T11] bond0 (unregistering): Released all slaves [ 141.714197][ T4543] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 141.721371][ T4543] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 141.748403][ T4543] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 141.760661][ T3664] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 141.770135][ T3664] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 142.225618][ T3623] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 142.261194][ T3623] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 142.304597][ T4461] device veth0_vlan entered promiscuous mode [ 142.821334][ T4461] device veth1_vlan entered promiscuous mode [ 142.847624][ T3572] Bluetooth: hci2: command tx timeout [ 142.849885][ T3613] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 142.888446][ T3613] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 142.912987][ T3613] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 143.022533][ T4543] device hsr_slave_0 entered promiscuous mode [ 143.060146][ T4543] device hsr_slave_1 entered promiscuous mode [ 143.087666][ T4543] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 143.095291][ T4543] Cannot create hsr debugfs directory [ 143.290215][ T3623] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 143.308989][ T3623] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 143.328033][ T4461] device veth0_macvtap entered promiscuous mode [ 143.380741][ T4461] device veth1_macvtap entered promiscuous mode [ 143.479885][ T4461] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 143.487541][ T3617] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 143.501315][ T4461] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 143.522395][ T4461] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 143.549126][ T4461] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 143.569437][ T4461] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 143.594776][ T4461] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 143.615904][ T4461] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 143.637836][ T4461] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 143.672096][ T4461] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 143.693431][ T3623] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 143.708107][ T3623] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 143.722858][ T3623] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 143.742480][ T3623] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 143.849589][ T4461] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 143.877489][ T3617] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 143.901884][ T3617] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 143.911956][ T4461] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 143.942348][ T3617] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 143.957241][ T4461] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 143.987172][ T3617] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 143.995315][ T4461] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 144.027671][ T3617] usb 5-1: config 0 descriptor?? [ 144.034634][ T4461] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 144.075527][ T4461] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 144.116029][ T4461] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 144.146992][ T4461] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 144.181105][ T4461] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 144.210814][ T3613] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 144.237966][ T3613] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 144.331952][ T4461] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 144.350973][ T4461] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 144.382308][ T4461] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 144.402587][ T4461] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 144.613468][ T3584] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 144.623567][ T3584] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 144.632357][ T3584] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 144.640986][ T3584] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 144.656289][ T3584] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 144.664747][ T3584] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 144.801791][ T3712] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 144.823763][ T3712] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 144.870312][ T3664] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 145.110437][ T3685] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 145.149987][ T3685] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 145.199656][ T3613] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 145.636448][ T3617] uclogic 0003:256C:006D.0003: v1 frame probing failed: -71 [ 145.772448][ T3617] uclogic 0003:256C:006D.0003: failed probing parameters: -71 [ 145.968283][ T3617] uclogic: probe of 0003:256C:006D.0003 failed with error -71 [ 146.111165][ T3617] usb 5-1: USB disconnect, device number 4 [ 146.416468][ T4543] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 148.126450][ T4730] trusted_key: encrypted_key: insufficient parameters specified [ 148.200257][ T3572] Bluetooth: hci3: command tx timeout [ 148.294476][ T1148] hid-generic 0000:0020:0000.0004: unknown main item tag 0x0 [ 148.461547][ T1148] hid-generic 0000:0020:0000.0004: item fetching failed at offset 7/18 [ 148.521712][ T1148] hid-generic: probe of 0000:0020:0000.0004 failed with error -22 [ 149.014712][ T4543] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 149.371631][ T4543] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 149.514436][ T4543] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 149.608768][ T4700] chnl_net:caif_netlink_parms(): no params data found [ 150.287296][ T3584] Bluetooth: hci3: command tx timeout [ 151.260458][ T4700] bridge0: port 1(bridge_slave_0) entered blocking state [ 151.309482][ T4700] bridge0: port 1(bridge_slave_0) entered disabled state [ 151.349183][ T4700] device bridge_slave_0 entered promiscuous mode [ 151.373995][ T4700] bridge0: port 2(bridge_slave_1) entered blocking state [ 151.459504][ T4700] bridge0: port 2(bridge_slave_1) entered disabled state [ 151.508489][ T4700] device bridge_slave_1 entered promiscuous mode [ 152.169735][ T4781] Zero length message leads to an empty skb [ 152.741767][ T4786] trusted_key: encrypted_key: insufficient parameters specified [ 153.124421][ T3617] hid-generic 0000:0020:0000.0005: unknown main item tag 0x0 [ 153.177105][ C0] sched: RT throttling activated [ 153.219557][ T3617] hid-generic 0000:0020:0000.0005: item fetching failed at offset 7/18 [ 153.319564][ T3617] hid-generic: probe of 0000:0020:0000.0005 failed with error -22 [ 153.640476][ T3584] Bluetooth: hci3: command tx timeout [ 153.669172][ T4700] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 153.730109][ T4700] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 153.860024][ T4700] team0: Port device team_slave_0 added [ 153.980149][ T4700] team0: Port device team_slave_1 added [ 154.391451][ T4543] 8021q: adding VLAN 0 to HW filter on device bond0 [ 155.272176][ T4700] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 155.347044][ T4700] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 155.465585][ T4700] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 155.500650][ T3613] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 155.518033][ T3613] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 155.659009][ T3584] Bluetooth: hci3: command tx timeout [ 156.214144][ T4700] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 156.228082][ T4700] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 156.255615][ T4700] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 156.276754][ T4815] device ip6gre0 entered promiscuous mode [ 156.283066][ T4815] device vlan2 entered promiscuous mode [ 156.297653][ T4815] device ip6gre0 left promiscuous mode [ 156.358354][ T4543] 8021q: adding VLAN 0 to HW filter on device team0 [ 156.517356][ T3618] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 156.526279][ T3618] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 156.736652][ T3618] bridge0: port 1(bridge_slave_0) entered blocking state [ 156.745004][ T3618] bridge0: port 1(bridge_slave_0) entered forwarding state [ 156.767665][ T3618] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 156.776555][ T3618] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 156.797714][ T3618] bridge0: port 2(bridge_slave_1) entered blocking state [ 156.804864][ T3618] bridge0: port 2(bridge_slave_1) entered forwarding state [ 157.475713][ T4700] device hsr_slave_0 entered promiscuous mode [ 157.506736][ T4700] device hsr_slave_1 entered promiscuous mode [ 157.528185][ T4700] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 157.535805][ T4700] Cannot create hsr debugfs directory [ 157.578968][ T3616] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 157.605494][ T3616] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 157.625012][ T3616] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 157.924948][ T3631] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 157.951999][ T3631] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 158.030631][ T3613] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 158.055002][ T3613] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 158.083282][ T3613] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 158.155507][ T11] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 158.229124][ T3664] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 158.244027][ T3664] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 158.291530][ T4543] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 158.307641][ T4543] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 158.321436][ T3623] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 158.333806][ T3623] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 159.345113][ T11] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 159.583728][ T11] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 159.709177][ T11] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 159.730537][ T41] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 159.757220][ T3620] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 159.782600][ T4543] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 159.829429][ T3623] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 159.844962][ T3623] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 159.896416][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 159.915362][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 160.037001][ T26] audit: type=1326 audit(1718752366.693:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4847 comm="syz-executor.1" exe="/root/syz-executor.1" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f709547cf29 code=0x0 [ 160.067567][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 160.086343][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 160.105629][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 160.117812][ T41] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 160.131329][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 160.147387][ T41] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 160.159638][ T4543] device veth0_vlan entered promiscuous mode [ 160.178007][ T41] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 160.197344][ T41] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 160.229957][ T41] usb 5-1: config 0 descriptor?? [ 160.229957][ T3620] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 160.229988][ T3620] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 160.260104][ T4543] device veth1_vlan entered promiscuous mode [ 160.287182][ T3620] usb 1-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00 [ 160.296279][ T3620] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 160.356208][ T3620] usb 1-1: config 0 descriptor?? [ 160.584304][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 160.603216][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 160.623201][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 160.648050][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 160.742481][ T41] keytouch 0003:0926:3333.0006: fixing up Keytouch IEC report descriptor [ 160.771611][ T4543] device veth0_macvtap entered promiscuous mode [ 160.781609][ T41] input: HID 0926:3333 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0926:3333.0006/input/input9 [ 160.890291][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 160.941201][ T4543] device veth1_macvtap entered promiscuous mode [ 160.945711][ T41] keytouch 0003:0926:3333.0006: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.4-1/input0 [ 161.008404][ T41] usb 5-1: USB disconnect, device number 5 [ 161.148583][ T4543] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 161.222531][ T4543] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 161.237774][ T4543] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 161.250471][ T4543] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 161.267233][ T4543] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 161.287252][ T4543] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 161.307166][ T4543] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 161.337238][ T4543] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 161.377255][ T4543] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 161.423643][ T4543] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 161.461981][ T4543] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 161.543737][ T3616] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 161.564545][ T3616] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 161.603410][ T4543] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 161.628919][ T4543] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 161.657171][ T4543] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 161.687222][ T4543] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 161.707306][ T4543] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 161.737956][ T4543] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 161.755051][ T4543] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 161.931221][ T4543] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 161.991089][ T4543] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 162.142330][ T4543] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 162.214404][ T4543] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 162.458413][ T3664] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 162.551785][ T3664] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 162.647408][ T3620] usbhid 1-1:0.0: can't add hid device: -71 [ 162.654390][ T3620] usbhid: probe of 1-1:0.0 failed with error -71 [ 162.669405][ T4543] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 162.717163][ T4543] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 162.754066][ T3620] usb 1-1: USB disconnect, device number 3 [ 162.877334][ T4543] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 162.909529][ T4543] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 162.977544][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 162.978117][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 162.994268][ T0] NOHZ tick-stop error: local softirq work is pending, handler #282!!! [ 162.997720][ T0] NOHZ tick-stop error: local softirq work is pending, handler #28a!!! [ 163.071612][ T4956] loop4: detected capacity change from 0 to 2048 [ 163.207664][ T4956] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 163.450261][ T4700] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 164.062472][ T4700] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 164.074460][ T4700] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 164.094524][ T4700] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 164.253456][ T3571] EXT4-fs (loop4): unmounting filesystem. [ 164.298979][ T3685] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 164.307049][ T3685] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 164.512388][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 164.711396][ T3685] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 164.732736][ T3685] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 166.195577][ T26] audit: type=1326 audit(1718752372.853:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4979 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f456767cf29 code=0x0 [ 166.358712][ T11] device hsr_slave_0 left promiscuous mode [ 166.577592][ T11] device hsr_slave_1 left promiscuous mode [ 166.599660][ T4995] Driver unsupported XDP return value 0 on prog (id 184) dev N/A, expect packet loss! [ 166.638941][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 166.646428][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 166.707220][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 166.714790][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 166.795570][ T11] device bridge_slave_1 left promiscuous mode [ 166.807379][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 166.845801][ T11] device bridge_slave_0 left promiscuous mode [ 166.865840][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 166.885074][ T5005] loop0: detected capacity change from 0 to 128 [ 166.923172][ T11] device veth1_macvtap left promiscuous mode [ 167.005137][ T11] device veth0_macvtap left promiscuous mode [ 167.044324][ T11] device veth1_vlan left promiscuous mode [ 167.091178][ T11] device veth0_vlan left promiscuous mode [ 169.839424][ T11] team0 (unregistering): Port device team_slave_1 removed [ 169.846956][ T26] audit: type=1326 audit(1718752376.503:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5033 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f456767cf29 code=0x0 [ 169.891795][ T11] team0 (unregistering): Port device team_slave_0 removed [ 169.913158][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 169.941079][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 170.074529][ T11] bond0 (unregistering): Released all slaves [ 170.146610][ T3617] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 170.257587][ T4700] 8021q: adding VLAN 0 to HW filter on device bond0 [ 170.386567][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 170.398071][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 170.415375][ T4700] 8021q: adding VLAN 0 to HW filter on device team0 [ 170.453214][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 170.478749][ T14] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 170.497909][ T14] bridge0: port 1(bridge_slave_0) entered blocking state [ 170.505071][ T14] bridge0: port 1(bridge_slave_0) entered forwarding state [ 170.514427][ T5040] device pim6reg1 entered promiscuous mode [ 170.652280][ T3620] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 170.759479][ T3664] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 170.805525][ T3664] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 170.828845][ T3664] bridge0: port 2(bridge_slave_1) entered blocking state [ 170.836095][ T3664] bridge0: port 2(bridge_slave_1) entered forwarding state [ 170.867591][ T3664] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 170.886881][ T3664] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 171.780075][ T3664] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 171.790291][ T3664] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 171.819182][ T3664] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 171.852754][ T3664] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 172.007805][ T3613] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 172.027917][ T3613] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 172.085024][ T3613] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 172.124026][ T4700] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 172.166869][ T4700] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 172.235586][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 172.245242][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 172.305606][ T5066] loop3: detected capacity change from 0 to 4096 [ 172.370402][ T5066] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities [ 172.390509][ T26] audit: type=1326 audit(1718752379.053:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5061 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f456767cf29 code=0x0 [ 172.548245][ T5043] loop0: detected capacity change from 0 to 32768 [ 173.357420][ T26] audit: type=1800 audit(1718752380.013:19): pid=5076 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor.0" name="memory.events" dev="loop0" ino=7 res=0 errno=0 [ 173.748573][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 173.757652][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 173.777143][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 173.785518][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 173.793832][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 173.802185][ T0] NOHZ tick-stop error: local softirq work is pending, handler #82!!! [ 173.978150][ T3620] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 173.986424][ T3620] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 173.997115][ T4700] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 174.044758][ T3620] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 174.064677][ T3620] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 174.203115][ T3620] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 174.236613][ T3620] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 174.276189][ T4700] device veth0_vlan entered promiscuous mode [ 174.328206][ T3613] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 174.336299][ T3613] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 174.403443][ T4700] device veth1_vlan entered promiscuous mode [ 174.526509][ T3613] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 174.550922][ T3613] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 174.585640][ T3613] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 174.596494][ T3613] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 174.618679][ T4700] device veth0_macvtap entered promiscuous mode [ 174.637225][ T3613] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 174.676935][ T4700] device veth1_macvtap entered promiscuous mode [ 174.734023][ T4700] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 174.754905][ T4700] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 174.775125][ T4700] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 174.797211][ T4700] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 174.827855][ T4700] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 174.848268][ T4700] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 174.867518][ T4700] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 174.885920][ T5097] loop1: detected capacity change from 0 to 256 [ 174.897333][ T3664] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 174.904976][ T4700] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 174.925225][ T4700] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 174.941253][ T4700] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 174.969015][ T4700] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 174.998412][ T3631] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 175.019576][ T3631] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 175.050931][ T4700] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 175.064088][ T4700] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 175.101698][ T4700] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 175.129839][ T4700] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 175.157370][ T4700] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 175.183149][ T4700] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 175.207210][ T4700] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 175.227197][ T4700] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 175.237065][ T4700] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 175.257373][ T3664] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 175.281518][ T4700] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 175.299192][ T4700] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 175.317247][ T3664] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 175.327058][ T3664] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 175.330528][ T4700] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 175.357184][ T3664] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 175.378045][ T3664] usb 5-1: config 0 descriptor?? [ 175.387194][ T4700] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 175.397590][ T4700] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 175.406332][ T4700] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 175.448963][ T3613] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 175.468640][ T3613] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 175.601816][ T3700] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 175.626764][ T3700] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 175.657279][ T3617] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 175.662121][ T3631] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 175.708786][ T3700] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 175.722161][ T3700] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 175.756114][ T3631] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 175.861379][ T3664] hid (null): bogus close delimiter [ 176.002906][ T26] audit: type=1326 audit(1718752382.663:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5111 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f64c8a7cf29 code=0x0 [ 176.037501][ T3617] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 176.067183][ T3617] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 176.085438][ T3617] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 176.125050][ T3617] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 176.144574][ T3617] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 176.166599][ T3617] usb 2-1: config 0 descriptor?? [ 176.317518][ T3664] usb 5-1: string descriptor 0 read error: -71 [ 176.337504][ T3664] uclogic 0003:256C:006D.0007: failed retrieving string descriptor #200: -71 [ 176.352913][ T3664] uclogic 0003:256C:006D.0007: failed retrieving pen parameters: -71 [ 176.381545][ T3664] uclogic 0003:256C:006D.0007: failed probing pen v2 parameters: -71 [ 176.414570][ T3664] uclogic 0003:256C:006D.0007: failed probing parameters: -71 [ 176.432377][ T3664] uclogic: probe of 0003:256C:006D.0007 failed with error -71 [ 176.456416][ T3664] usb 5-1: USB disconnect, device number 6 [ 176.636780][ T5115] loop3: detected capacity change from 0 to 32768 [ 176.649935][ T3617] plantronics 0003:047F:FFFF.0008: No inputs registered, leaving [ 177.057363][ T3617] plantronics 0003:047F:FFFF.0008: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 178.477465][ T26] audit: type=1800 audit(1718752385.133:21): pid=5123 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor.3" name="memory.events" dev="loop3" ino=7 res=0 errno=0 [ 178.806358][ T5136] loop0: detected capacity change from 0 to 512 [ 178.860712][ T5136] EXT4-fs (loop0): orphan cleanup on readonly fs [ 178.916856][ T5136] Quota error (device loop0): find_block_dqentry: Quota for id 0 referenced but not present [ 178.943888][ T5136] Quota error (device loop0): qtree_read_dquot: Can't read quota structure for id 0 [ 178.987942][ T5136] EXT4-fs error (device loop0): ext4_acquire_dquot:6777: comm syz-executor.0: Failed to acquire dquot type 1 [ 179.035979][ T5136] EXT4-fs (loop0): 1 truncate cleaned up [ 179.046220][ T5136] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 179.158562][ T3585] EXT4-fs (loop0): unmounting filesystem. [ 179.230153][ T26] audit: type=1326 audit(1718752385.893:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5154 comm="syz-executor.2" exe="/root/syz-executor.2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f51d687cf29 code=0x0 [ 179.629224][ T1148] usb 2-1: USB disconnect, device number 2 [ 179.676158][ T5173] loop0: detected capacity change from 0 to 4096 [ 179.766702][ T5173] EXT4-fs (loop0): couldn't mount as ext3 due to feature incompatibilities [ 179.792995][ T11] device hsr_slave_0 left promiscuous mode [ 179.815101][ T11] device hsr_slave_1 left promiscuous mode [ 179.831412][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 179.847701][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 179.868196][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 179.899881][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 179.936268][ T11] device bridge_slave_1 left promiscuous mode [ 179.954624][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 179.985861][ T11] device bridge_slave_0 left promiscuous mode [ 180.013139][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 180.042278][ T5189] loop4: detected capacity change from 0 to 512 [ 180.064625][ T11] device veth1_macvtap left promiscuous mode [ 180.075651][ T5189] EXT4-fs (loop4): orphan cleanup on readonly fs [ 180.090154][ T5189] Quota error (device loop4): find_block_dqentry: Quota for id 0 referenced but not present [ 180.090255][ T11] device veth0_macvtap left promiscuous mode [ 180.113438][ T5189] Quota error (device loop4): qtree_read_dquot: Can't read quota structure for id 0 [ 180.125860][ T5189] EXT4-fs error (device loop4): ext4_acquire_dquot:6777: comm syz-executor.4: Failed to acquire dquot type 1 [ 180.175828][ T11] device veth1_vlan left promiscuous mode [ 180.183651][ T5189] EXT4-fs (loop4): 1 truncate cleaned up [ 180.202768][ T11] device veth0_vlan left promiscuous mode [ 180.218612][ T5189] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 180.327390][ T3664] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 180.366718][ T3571] EXT4-fs (loop4): unmounting filesystem. [ 180.707429][ T3664] usb 2-1: config index 0 descriptor too short (expected 61842, got 146) [ 180.732424][ T3664] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 180.756459][ T11] team0 (unregistering): Port device team_slave_1 removed [ 180.757366][ T3664] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 180.812729][ T11] team0 (unregistering): Port device team_slave_0 removed [ 180.840833][ T3664] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 180.858234][ T3664] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 180.866574][ T3664] usb 2-1: SerialNumber: syz [ 180.880030][ T26] audit: type=1326 audit(1718752387.543:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5201 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f456767cf29 code=0x0 [ 180.902875][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 180.950690][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 181.064505][ T11] bond0 (unregistering): Released all slaves [ 181.199137][ T3664] usb 2-1: 0:2 : does not exist [ 181.240604][ T3664] usb 2-1: USB disconnect, device number 3 [ 181.457238][ T5218] syz-executor.0[5218] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 181.457342][ T5218] syz-executor.0[5218] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 181.544157][ T5222] loop3: detected capacity change from 0 to 512 [ 181.587291][ T26] audit: type=1800 audit(1718752388.153:24): pid=5220 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=1963 res=0 errno=0 [ 181.613145][ T5222] EXT4-fs (loop3): orphan cleanup on readonly fs [ 181.650016][ T1148] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 181.664896][ T26] audit: type=1800 audit(1718752388.153:25): pid=5220 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=1963 res=0 errno=0 [ 181.679238][ T5222] Quota error (device loop3): find_block_dqentry: Quota for id 0 referenced but not present [ 181.696074][ T5222] EXT4-fs error (device loop3): ext4_acquire_dquot:6777: comm syz-executor.3: Failed to acquire dquot type 1 [ 181.761966][ T5222] EXT4-fs (loop3): 1 truncate cleaned up [ 181.802707][ T5228] loop0: detected capacity change from 0 to 16 [ 181.829026][ T5228] erofs: (device loop0): mounted with root inode @ nid 36. [ 182.053828][ T5227] netlink: 104 bytes leftover after parsing attributes in process `syz-executor.4'. [ 182.117853][ T1148] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 182.182853][ T1148] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 182.492660][ T5230] loop1: detected capacity change from 0 to 256 [ 182.531923][ T5222] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 182.546916][ T1148] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 182.560756][ T1148] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 182.570000][ T1148] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 182.579831][ T1148] usb 3-1: config 0 descriptor?? [ 182.625615][ T5230] syz-executor.1: attempt to access beyond end of device [ 182.625615][ T5230] loop1: rw=2049, sector=256, nr_sectors = 12 limit=256 [ 182.709425][ T4543] EXT4-fs (loop3): unmounting filesystem. [ 183.117267][ T1148] usbhid 3-1:0.0: can't add hid device: -71 [ 183.123413][ T1148] usbhid: probe of 3-1:0.0 failed with error -71 [ 183.154323][ T1148] usb 3-1: USB disconnect, device number 4 [ 183.532311][ T5239] loop4: detected capacity change from 0 to 40427 [ 183.598507][ T5239] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 183.616529][ T5239] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 183.663704][ T5239] F2FS-fs (loop4): invalid crc value [ 184.514914][ T5239] F2FS-fs (loop4): Found nat_bits in checkpoint [ 184.604366][ T5265] syz-executor.0[5265] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 184.604508][ T5265] syz-executor.0[5265] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 184.710765][ T5269] loop3: detected capacity change from 0 to 512 [ 184.790493][ T5239] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 184.810202][ T5239] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 184.833414][ T5267] loop2: detected capacity change from 0 to 8192 [ 184.847950][ T5269] EXT4-fs (loop3): orphan cleanup on readonly fs [ 184.948871][ T5273] loop0: detected capacity change from 0 to 16 [ 185.011201][ T5273] erofs: (device loop0): mounted with root inode @ nid 36. [ 185.034492][ T5269] __quota_error: 3 callbacks suppressed [ 185.034540][ T5269] Quota error (device loop3): find_block_dqentry: Quota for id 0 referenced but not present [ 185.298812][ T5269] Quota error (device loop3): qtree_read_dquot: Can't read quota structure for id 0 [ 185.460452][ T5269] EXT4-fs error (device loop3): ext4_acquire_dquot:6777: comm syz-executor.3: Failed to acquire dquot type 1 [ 185.498832][ T5250] loop1: detected capacity change from 0 to 40427 [ 185.539677][ T5269] EXT4-fs (loop3): 1 truncate cleaned up [ 185.593604][ T5250] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 185.601888][ T5250] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 185.617600][ T5269] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 185.689742][ T5279] loop2: detected capacity change from 0 to 256 [ 185.738096][ T4543] EXT4-fs (loop3): unmounting filesystem. [ 185.744641][ T5250] F2FS-fs (loop1): Found nat_bits in checkpoint [ 185.798941][ T5279] syz-executor.2: attempt to access beyond end of device [ 185.798941][ T5279] loop2: rw=2049, sector=256, nr_sectors = 12 limit=256 [ 185.954800][ T5250] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 185.973355][ T5250] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 186.056892][ T26] audit: type=1800 audit(1718752392.713:28): pid=5293 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=1965 res=0 errno=0 [ 186.113873][ T26] audit: type=1800 audit(1718752392.743:29): pid=5293 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=1965 res=0 errno=0 [ 186.134499][ C1] vkms_vblank_simulate: vblank timer overrun [ 187.527168][ T5304] tipc: Started in network mode [ 187.586728][ T5304] tipc: Node identity 00000000000000feffffffffffffff01, cluster identity 4711 [ 187.605678][ T5304] tipc: Enabling of bearer rejected, failed to enable media [ 187.764545][ T5312] loop2: detected capacity change from 0 to 256 [ 187.790915][ T5311] loop0: detected capacity change from 0 to 512 [ 187.826837][ T5311] EXT4-fs (loop0): orphan cleanup on readonly fs [ 187.854549][ T5311] Quota error (device loop0): find_block_dqentry: Quota for id 0 referenced but not present [ 187.892571][ T5312] syz-executor.2: attempt to access beyond end of device [ 187.892571][ T5312] loop2: rw=2049, sector=256, nr_sectors = 12 limit=256 [ 187.933556][ T5311] Quota error (device loop0): qtree_read_dquot: Can't read quota structure for id 0 [ 187.964336][ T5311] EXT4-fs error (device loop0): ext4_acquire_dquot:6777: comm syz-executor.0: Failed to acquire dquot type 1 [ 187.998318][ T1148] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 188.013534][ T5311] EXT4-fs (loop0): 1 truncate cleaned up [ 188.040710][ T5311] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 188.105988][ T26] audit: type=1800 audit(1718752394.763:30): pid=5326 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=1960 res=0 errno=0 [ 188.139584][ T26] audit: type=1800 audit(1718752394.763:31): pid=5326 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=1960 res=0 errno=0 [ 188.188061][ T3585] EXT4-fs (loop0): unmounting filesystem. [ 188.296260][ T5337] netlink: 104 bytes leftover after parsing attributes in process `syz-executor.4'. [ 188.416790][ T5340] tipc: Started in network mode [ 188.472957][ T5340] tipc: Node identity 00000000000000feffffffffffffff01, cluster identity 4711 [ 188.498613][ T5340] tipc: Enabling of bearer rejected, failed to enable media [ 188.527336][ T1148] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 188.546699][ T1148] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 188.556872][ T1148] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 188.570828][ T1148] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 188.580359][ T1148] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 188.590569][ T1148] usb 2-1: config 0 descriptor?? [ 188.810969][ T5358] loop2: detected capacity change from 0 to 256 [ 188.898752][ T5358] syz-executor.2: attempt to access beyond end of device [ 188.898752][ T5358] loop2: rw=2049, sector=256, nr_sectors = 12 limit=256 [ 188.968896][ T5364] loop4: detected capacity change from 0 to 512 [ 189.003028][ T5364] EXT4-fs (loop4): orphan cleanup on readonly fs [ 189.018922][ T5364] Quota error (device loop4): find_block_dqentry: Quota for id 0 referenced but not present [ 189.038178][ T5364] Quota error (device loop4): qtree_read_dquot: Can't read quota structure for id 0 [ 189.054090][ T5364] EXT4-fs error (device loop4): ext4_acquire_dquot:6777: comm syz-executor.4: Failed to acquire dquot type 1 [ 189.073219][ T5364] EXT4-fs (loop4): 1 truncate cleaned up [ 189.085625][ T5364] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 189.127347][ T1148] usbhid 2-1:0.0: can't add hid device: -71 [ 189.148477][ T1148] usbhid: probe of 2-1:0.0 failed with error -71 [ 189.196020][ T1148] usb 2-1: USB disconnect, device number 4 [ 189.293216][ T5344] loop3: detected capacity change from 0 to 40427 [ 189.302942][ T3571] EXT4-fs (loop4): unmounting filesystem. [ 189.312458][ T5344] F2FS-fs (loop3): invalid crc value [ 189.343547][ T5344] F2FS-fs (loop3): Found nat_bits in checkpoint [ 189.423762][ T5375] netlink: 104 bytes leftover after parsing attributes in process `syz-executor.2'. [ 189.667401][ T5344] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 189.675231][ T5384] tipc: Enabling of bearer rejected, failed to enable media [ 190.370698][ T5387] loop1: detected capacity change from 0 to 256 [ 190.524715][ T4543] syz-executor.3: attempt to access beyond end of device [ 190.524715][ T4543] loop3: rw=524288, sector=45064, nr_sectors = 8 limit=40427 [ 190.658321][ T4543] syz-executor.3: attempt to access beyond end of device [ 190.658321][ T4543] loop3: rw=0, sector=45064, nr_sectors = 8 limit=40427 [ 191.778736][ T3578] Bluetooth: hci4: command 0x0406 tx timeout [ 191.785126][ T3578] Bluetooth: hci0: command 0x0406 tx timeout [ 191.959834][ T5403] loop0: detected capacity change from 0 to 512 [ 191.993719][ T5403] EXT4-fs (loop0): orphan cleanup on readonly fs [ 192.013991][ T26] kauditd_printk_skb: 2 callbacks suppressed [ 192.014008][ T26] audit: type=1800 audit(1718752398.673:34): pid=5409 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=1966 res=0 errno=0 [ 192.015079][ T46] kworker/u4:3: attempt to access beyond end of device [ 192.015079][ T46] loop3: rw=2049, sector=45096, nr_sectors = 24 limit=40427 [ 192.023413][ T26] audit: type=1800 audit(1718752398.683:35): pid=5409 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=1966 res=0 errno=0 [ 192.082863][ T5403] Quota error (device loop0): find_block_dqentry: Quota for id 0 referenced but not present [ 192.123303][ T5403] Quota error (device loop0): qtree_read_dquot: Can't read quota structure for id 0 [ 192.153653][ T5403] EXT4-fs error (device loop0): ext4_acquire_dquot:6777: comm syz-executor.0: Failed to acquire dquot type 1 [ 192.220461][ T5403] EXT4-fs (loop0): 1 truncate cleaned up [ 192.256936][ T5403] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 192.275432][ T5412] netlink: 104 bytes leftover after parsing attributes in process `syz-executor.1'. [ 192.335732][ T3585] EXT4-fs (loop0): unmounting filesystem. [ 192.423427][ T5417] syz-executor.0[5417] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 192.423540][ T5417] syz-executor.0[5417] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 192.687174][ T1148] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 192.749311][ T5426] loop0: detected capacity change from 0 to 16 [ 192.868845][ T5426] erofs: (device loop0): mounted with root inode @ nid 36. [ 193.137795][ T1148] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 193.236591][ T1148] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 193.434874][ T1148] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 193.477987][ T1148] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 193.495180][ T1148] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 193.513187][ T1148] usb 3-1: config 0 descriptor?? [ 194.014848][ T26] audit: type=1800 audit(1718752400.673:36): pid=5443 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=1956 res=0 errno=0 [ 194.077023][ T26] audit: type=1800 audit(1718752400.703:37): pid=5443 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=1956 res=0 errno=0 [ 194.107448][ T1148] usbhid 3-1:0.0: can't add hid device: -71 [ 194.119443][ T1148] usbhid: probe of 3-1:0.0 failed with error -71 [ 194.170407][ T1148] usb 3-1: USB disconnect, device number 5 [ 194.214706][ T1252] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.221165][ T1252] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.924116][ T5437] input: syz0 as /devices/virtual/input/input10 [ 195.174230][ T3575] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 195.183740][ T3575] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 195.192436][ T3575] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 195.207776][ T3575] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 195.215531][ T3575] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 195.223166][ T3575] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 195.426871][ T5445] loop4: detected capacity change from 0 to 40427 [ 195.465994][ T5445] F2FS-fs (loop4): Mismatch start address, segment0(0) cp_blkaddr(512) [ 195.502825][ T5445] F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock [ 195.529473][ T26] audit: type=1800 audit(1718752402.193:38): pid=5474 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=1948 res=0 errno=0 [ 195.554934][ T5445] F2FS-fs (loop4): Ignore s_resuid=0, s_resgid=60929 w/o reserve_root [ 195.599705][ T26] audit: type=1800 audit(1718752402.213:39): pid=5474 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=1948 res=0 errno=0 [ 195.632237][ T5445] F2FS-fs (loop4): Found nat_bits in checkpoint [ 195.761602][ T5445] F2FS-fs (loop4): Try to recover 2th superblock, ret: 0 [ 195.790686][ T5445] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 195.867750][ T1148] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 195.908694][ T5457] chnl_net:caif_netlink_parms(): no params data found [ 196.002572][ T5491] 9p: Unknown access argument 18446744073709551615: -34 [ 196.173463][ T11] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 196.227548][ T1148] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 196.260734][ T1148] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 196.278427][ T1148] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 196.291772][ T1148] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 196.301191][ T1148] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 196.318543][ T1148] usb 1-1: config 0 descriptor?? [ 196.341275][ T11] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 196.361011][ T5457] bridge0: port 1(bridge_slave_0) entered blocking state [ 196.380693][ T5457] bridge0: port 1(bridge_slave_0) entered disabled state [ 196.402407][ T5457] device bridge_slave_0 entered promiscuous mode [ 196.435276][ T11] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 196.470334][ T5457] bridge0: port 2(bridge_slave_1) entered blocking state [ 196.487950][ T5457] bridge0: port 2(bridge_slave_1) entered disabled state [ 196.500484][ T5457] device bridge_slave_1 entered promiscuous mode [ 196.551994][ T11] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 196.628075][ T5457] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 196.656061][ T5457] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 196.736953][ T5508] loop4: detected capacity change from 0 to 2048 [ 196.758285][ T5457] team0: Port device team_slave_0 added [ 196.778059][ T5457] team0: Port device team_slave_1 added [ 196.886992][ T5508] loop4: p2 p3 p7 [ 197.213848][ T5514] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 197.330362][ T3578] Bluetooth: hci1: command tx timeout [ 197.537776][ T1148] usbhid 1-1:0.0: can't add hid device: -71 [ 197.769129][ T5457] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 197.776113][ T5457] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 197.931857][ T26] audit: type=1800 audit(1718752404.593:40): pid=5518 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=1949 res=0 errno=0 [ 197.961513][ T5457] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 198.025309][ T26] audit: type=1800 audit(1718752404.633:41): pid=5518 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=1949 res=0 errno=0 [ 198.028034][ T1148] usbhid: probe of 1-1:0.0 failed with error -71 [ 198.055340][ T1148] usb 1-1: USB disconnect, device number 4 [ 198.159345][ T5457] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 198.175805][ T5457] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 198.258677][ T5457] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 198.294534][ T11] tipc: Left network mode [ 198.428747][ T5457] device hsr_slave_0 entered promiscuous mode [ 198.457564][ T5457] device hsr_slave_1 entered promiscuous mode [ 198.474046][ T5457] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 198.504138][ T5457] Cannot create hsr debugfs directory [ 199.190785][ T26] audit: type=1800 audit(1718752405.853:42): pid=5544 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=1950 res=0 errno=0 [ 199.244173][ T26] audit: type=1800 audit(1718752405.853:43): pid=5544 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=1950 res=0 errno=0 [ 199.550083][ T5523] loop2: detected capacity change from 0 to 40427 [ 199.567288][ T3578] Bluetooth: hci1: command tx timeout [ 199.738389][ T5523] F2FS-fs (loop2): Mismatch start address, segment0(0) cp_blkaddr(512) [ 199.795187][ T5523] F2FS-fs (loop2): Can't find valid F2FS filesystem in 2th superblock [ 199.943560][ T5523] F2FS-fs (loop2): Ignore s_resuid=0, s_resgid=60929 w/o reserve_root [ 200.392620][ T5523] F2FS-fs (loop2): Found nat_bits in checkpoint [ 200.585505][ T5523] F2FS-fs (loop2): Try to recover 2th superblock, ret: 0 [ 200.608003][ T5523] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 200.785255][ T5562] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 201.214673][ T5457] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 201.456574][ T26] audit: type=1800 audit(1718752408.113:44): pid=5577 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=1955 res=0 errno=0 [ 201.487961][ T11] device hsr_slave_0 left promiscuous mode [ 201.524023][ T11] device hsr_slave_1 left promiscuous mode [ 201.567578][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 201.579639][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 201.647220][ T3578] Bluetooth: hci1: command tx timeout [ 202.410653][ T5586] loop4: detected capacity change from 0 to 40427 [ 202.428713][ T5586] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 202.436509][ T5586] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 202.668849][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 202.688741][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 202.702892][ T5586] F2FS-fs (loop4): Found nat_bits in checkpoint [ 202.799190][ T11] device bridge_slave_1 left promiscuous mode [ 202.805532][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 202.808339][ T5586] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 202.819781][ T5586] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 202.833172][ T11] device bridge_slave_0 left promiscuous mode [ 202.833895][ T5586] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 202.846375][ T11] bridge0: port 1(bridge_slave_0) entered disabled state [ 202.857208][ T5586] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 202.878146][ T11] device veth1_macvtap left promiscuous mode [ 202.895043][ T11] device veth0_macvtap left promiscuous mode [ 202.911443][ T11] device veth1_vlan left promiscuous mode [ 203.037474][ T11] device veth0_vlan left promiscuous mode [ 203.375254][ T5600] loop2: detected capacity change from 0 to 4096 [ 203.428655][ T5600] EXT4-fs (loop2): couldn't mount as ext3 due to feature incompatibilities [ 203.520149][ T5607] overlayfs: unrecognized mount option "seclabel" or missing value [ 203.727739][ T3578] Bluetooth: hci1: command tx timeout [ 203.951938][ T11] team0 (unregistering): Port device team_slave_1 removed [ 203.972862][ T11] team0 (unregistering): Port device team_slave_0 removed [ 203.985886][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 204.002513][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 204.076400][ T5617] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 204.855746][ T11] bond0 (unregistering): Released all slaves [ 204.909962][ T26] audit: type=1800 audit(1718752411.573:45): pid=5619 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=1959 res=0 errno=0 [ 204.932236][ T26] audit: type=1800 audit(1718752411.573:46): pid=5619 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=1959 res=0 errno=0 [ 204.957335][ T5457] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 204.968386][ T5457] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 204.979258][ T5457] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 205.114694][ T26] audit: type=1800 audit(1718752411.773:47): pid=5627 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=1959 res=0 errno=0 [ 205.155703][ T5625] loop2: detected capacity change from 0 to 512 [ 205.209742][ T5625] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 205.414280][ T5625] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 205.466454][ T5625] EXT4-fs (loop2): 1 truncate cleaned up [ 205.472396][ T5625] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 205.486774][ T5457] 8021q: adding VLAN 0 to HW filter on device bond0 [ 205.505576][ T3664] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 205.510051][ T5625] EXT4-fs (loop2): re-mounted. Quota mode: none. [ 205.515472][ T3664] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 205.559702][ T5457] 8021q: adding VLAN 0 to HW filter on device team0 [ 205.575185][ T5637] EXT4-fs (loop2): re-mounted. Quota mode: none. [ 205.586884][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 205.606489][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 205.616003][ T22] bridge0: port 1(bridge_slave_0) entered blocking state [ 205.623176][ T22] bridge0: port 1(bridge_slave_0) entered forwarding state [ 205.632124][ T4700] EXT4-fs (loop2): unmounting filesystem. [ 205.635751][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 205.646954][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 205.665396][ T22] bridge0: port 2(bridge_slave_1) entered blocking state [ 205.672605][ T22] bridge0: port 2(bridge_slave_1) entered forwarding state [ 205.680760][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 205.693056][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 205.704740][ T3616] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 205.738050][ T3631] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 205.763934][ T3617] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 205.772299][ T3617] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 205.800814][ T3617] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 205.818064][ T3617] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 205.827017][ T3617] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 205.858387][ T3618] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 205.883766][ T3664] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 205.905252][ T3664] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 205.921052][ T3664] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 205.948232][ T26] audit: type=1800 audit(1718752412.613:48): pid=5645 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=1941 res=0 errno=0 [ 205.958388][ T3664] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 205.995405][ T5457] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 206.004613][ T26] audit: type=1800 audit(1718752412.653:49): pid=5645 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=1941 res=0 errno=0 [ 206.097395][ T3616] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 206.115535][ T3616] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 206.136713][ T3616] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 206.165863][ T3616] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 206.177482][ T3631] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 206.185130][ T3616] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 206.206583][ T3631] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 206.211208][ T3616] usb 5-1: config 0 descriptor?? [ 206.245724][ T3631] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 206.277372][ T3631] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 206.390135][ T5657] netlink: 'syz-executor.2': attribute type 25 has an invalid length. [ 206.410636][ T5657] netlink: 'syz-executor.2': attribute type 7 has an invalid length. [ 206.412473][ T3631] usb 2-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 206.459830][ T3631] usb 2-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 206.466399][ T5457] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 206.487438][ T3631] usb 2-1: Manufacturer: syz [ 206.504045][ T3631] usb 2-1: config 0 descriptor?? [ 206.518864][ T3620] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 206.546834][ T3620] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 206.585652][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 206.599254][ T5659] syz-executor.0[5659] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 206.599360][ T5659] syz-executor.0[5659] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 206.612500][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 206.759017][ T5659] syz-executor.0[5659] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 206.759124][ T5659] syz-executor.0[5659] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 206.838501][ T5659] device pim6reg1 entered promiscuous mode [ 206.878570][ T3616] usbhid 5-1:0.0: can't add hid device: -71 [ 206.885089][ T3616] usbhid: probe of 5-1:0.0 failed with error -71 [ 206.902937][ T3616] usb 5-1: USB disconnect, device number 7 [ 207.655014][ T3631] appleir 0003:05AC:8243.0009: unknown main item tag 0x0 [ 207.664430][ T3631] appleir 0003:05AC:8243.0009: No inputs registered, leaving [ 207.688726][ T3631] appleir 0003:05AC:8243.0009: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.1-1/input0 [ 207.737763][ T3617] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 207.746690][ T3617] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 207.750489][ T5671] loop2: detected capacity change from 0 to 2048 [ 207.792919][ T5457] device veth0_vlan entered promiscuous mode [ 207.805526][ T3616] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 207.827984][ T3616] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 207.831410][ T5671] loop2: p2 p3 p7 [ 207.846034][ T5457] device veth1_vlan entered promiscuous mode [ 208.072947][ T5678] loop4: detected capacity change from 0 to 256 [ 208.091685][ T3631] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 208.111273][ T3631] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 208.164652][ T5678] FAT-fs (loop4): Directory bread(block 64) failed [ 208.176262][ T5457] device veth0_macvtap entered promiscuous mode [ 208.177746][ T5678] FAT-fs (loop4): Directory bread(block 65) failed [ 208.190074][ T5678] FAT-fs (loop4): Directory bread(block 66) failed [ 208.196807][ T5678] FAT-fs (loop4): Directory bread(block 67) failed [ 208.205763][ T5678] FAT-fs (loop4): Directory bread(block 68) failed [ 208.213258][ T5678] FAT-fs (loop4): Directory bread(block 69) failed [ 208.222633][ T5678] FAT-fs (loop4): Directory bread(block 70) failed [ 208.230998][ T5678] FAT-fs (loop4): Directory bread(block 71) failed [ 208.361130][ T5678] FAT-fs (loop4): Directory bread(block 72) failed [ 208.368570][ T5678] FAT-fs (loop4): Directory bread(block 73) failed [ 208.866327][ T5457] device veth1_macvtap entered promiscuous mode [ 208.879897][ T3616] usb 2-1: USB disconnect, device number 5 [ 208.919431][ T3620] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 208.929177][ T3620] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 208.996467][ T5457] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 209.007655][ T5457] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 209.017562][ T5457] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 209.028295][ T5457] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 209.039454][ T5457] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 209.049974][ T5457] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 209.060494][ T5457] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 209.071000][ T5457] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 209.083334][ T5457] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 209.096226][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 209.106232][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 209.117415][ T5457] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 209.137528][ T5457] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 209.161572][ T5457] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 209.176578][ T5457] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 209.188508][ T5457] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 209.209450][ T5457] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 209.234511][ T5457] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 209.255307][ T5457] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 209.277773][ T5457] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 209.304130][ T3616] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 209.316999][ T3616] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 209.343953][ T5457] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 209.370733][ T5457] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 209.395134][ T5457] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 209.547398][ T26] audit: type=1326 audit(1718752416.203:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5683 comm="syz-executor.1" exe="/root/syz-executor.1" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f709547cf29 code=0x0 [ 209.587153][ T5457] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 209.641187][ T5692] loop2: detected capacity change from 0 to 128 [ 210.470187][ T3700] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 210.487587][ T3700] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 210.530421][ T3664] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 210.738968][ T3700] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 211.332671][ T3700] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 211.411493][ T5709] loop0: detected capacity change from 0 to 16 [ 211.444377][ T3631] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 211.467323][ T5709] erofs: (device loop0): EXPERIMENTAL compressed inline data feature in use. Use at your own risk! [ 211.579856][ T5709] erofs: (device loop0): EXPERIMENTAL compressed fragments feature in use. Use at your own risk! [ 211.657354][ T5709] erofs: (device loop0): EXPERIMENTAL global deduplication feature in use. Use at your own risk! [ 211.689187][ T5709] erofs: (device loop0): erofs_read_inode: bogus i_mode (0) @ nid 58320 [ 211.793318][ T5709] loop0: detected capacity change from 0 to 512 [ 211.886552][ T5709] EXT4-fs (loop0): corrupt root inode, run e2fsck [ 211.897597][ T5709] EXT4-fs (loop0): mount failed [ 212.068181][ T5728] overlayfs: failed to resolve './file2': -2 [ 212.335869][ T5734] syz-executor.0[5734] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 212.337363][ T5734] syz-executor.0[5734] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 212.382532][ T5734] syz-executor.0[5734] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 212.422368][ T5734] syz-executor.0[5734] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 214.140012][ T5759] loop2: detected capacity change from 0 to 256 [ 214.250190][ T5759] syz-executor.2: attempt to access beyond end of device [ 214.250190][ T5759] loop2: rw=2049, sector=256, nr_sectors = 12 limit=256 [ 214.417425][ T26] audit: type=1326 audit(1718752421.073:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5750 comm="syz-executor.3" exe="/root/syz-executor.3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc1b747cf29 code=0x0 [ 214.608970][ T5777] loop1: detected capacity change from 0 to 256 [ 214.665633][ T5777] FAT-fs (loop1): Directory bread(block 64) failed [ 214.672561][ T5777] FAT-fs (loop1): Directory bread(block 65) failed [ 214.685189][ T5777] FAT-fs (loop1): Directory bread(block 66) failed [ 214.694352][ T5777] FAT-fs (loop1): Directory bread(block 67) failed [ 214.749948][ T5777] FAT-fs (loop1): Directory bread(block 68) failed [ 214.800480][ T5777] FAT-fs (loop1): Directory bread(block 69) failed [ 214.892214][ T5777] FAT-fs (loop1): Directory bread(block 70) failed [ 214.981765][ T5777] FAT-fs (loop1): Directory bread(block 71) failed [ 215.114960][ T5777] FAT-fs (loop1): Directory bread(block 72) failed [ 215.133533][ T5777] FAT-fs (loop1): Directory bread(block 73) failed [ 215.608229][ T3692] kworker/u4:9: attempt to access beyond end of device [ 215.608229][ T3692] loop1: rw=1, sector=1224, nr_sectors = 128 limit=256 [ 216.699211][ T5810] loop4: detected capacity change from 0 to 256 [ 216.768216][ T5810] syz-executor.4: attempt to access beyond end of device [ 216.768216][ T5810] loop4: rw=2049, sector=256, nr_sectors = 12 limit=256 [ 218.058527][ T5797] loop0: detected capacity change from 0 to 40427 [ 218.066720][ T5797] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 218.080337][ T5797] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 218.093690][ T5797] F2FS-fs (loop0): invalid crc value [ 218.106875][ T5797] F2FS-fs (loop0): Found nat_bits in checkpoint [ 218.178708][ T5797] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 218.185555][ T5824] loop3: detected capacity change from 0 to 40427 [ 218.185770][ T5797] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 218.201102][ T3631] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 218.207450][ T5824] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 218.216433][ T5824] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 218.252140][ T5824] F2FS-fs (loop3): Found nat_bits in checkpoint [ 218.266268][ T5797] syz-executor.0: attempt to access beyond end of device [ 218.266268][ T5797] loop0: rw=10241, sector=45096, nr_sectors = 8 limit=40427 [ 218.299650][ T5824] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 218.306832][ T5824] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 218.341091][ T5822] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 218.352951][ T3585] syz-executor.0: attempt to access beyond end of device [ 218.352951][ T3585] loop0: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 218.372645][ T3700] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 218.389983][ T3700] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 218.571167][ T5822] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 218.954625][ T5842] loop4: detected capacity change from 0 to 16 [ 219.187454][ T5842] erofs: (device loop4): EXPERIMENTAL compressed inline data feature in use. Use at your own risk! [ 219.198595][ T3631] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 219.237120][ T3631] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 219.246933][ T3631] usb 3-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00 [ 219.277227][ T5842] erofs: (device loop4): EXPERIMENTAL compressed fragments feature in use. Use at your own risk! [ 219.307495][ T5842] erofs: (device loop4): EXPERIMENTAL global deduplication feature in use. Use at your own risk! [ 219.369902][ T5842] erofs: (device loop4): erofs_read_inode: bogus i_mode (0) @ nid 58320 [ 219.385312][ T3631] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 219.428104][ T3631] usb 3-1: config 0 descriptor?? [ 220.565638][ T5842] loop4: detected capacity change from 0 to 512 [ 220.638887][ T5860] netlink: 104 bytes leftover after parsing attributes in process `syz-executor.1'. [ 220.661484][ T5842] EXT4-fs (loop4): corrupt root inode, run e2fsck [ 220.676041][ T5842] EXT4-fs (loop4): mount failed [ 221.073106][ T26] audit: type=1326 audit(1718752427.733:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5871 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc1b747cf29 code=0x7ffc0000 [ 221.130367][ T26] audit: type=1326 audit(1718752427.763:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5871 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc1b747cf29 code=0x7ffc0000 [ 221.160703][ T3631] hid-multitouch 0003:1FD2:6007.000A: hidraw0: USB HID v0.00 Device [HID 1fd2:6007] on usb-dummy_hcd.2-1/input0 [ 221.168651][ T26] audit: type=1326 audit(1718752427.763:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5871 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc1b747cf29 code=0x7ffc0000 [ 221.214611][ T26] audit: type=1326 audit(1718752427.763:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5871 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc1b747cf29 code=0x7ffc0000 [ 221.237754][ T3616] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 221.245884][ T26] audit: type=1326 audit(1718752427.763:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5871 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc1b747cf29 code=0x7ffc0000 [ 221.361355][ T26] audit: type=1326 audit(1718752427.763:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5871 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fc1b747a6a7 code=0x7ffc0000 [ 221.625759][ T26] audit: type=1326 audit(1718752427.763:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5871 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fc1b7440379 code=0x7ffc0000 [ 221.651874][ T3616] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 221.707941][ T3616] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 221.870577][ T3616] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 221.890454][ T26] audit: type=1326 audit(1718752427.763:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5871 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=50 compat=0 ip=0x7fc1b747cf29 code=0x7ffc0000 [ 221.955697][ T3616] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 221.963943][ T3631] usb 3-1: USB disconnect, device number 6 [ 221.977205][ T26] audit: type=1326 audit(1718752427.763:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5871 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fc1b747a6a7 code=0x7ffc0000 [ 222.013338][ T3616] usb 2-1: config 0 descriptor?? [ 222.018860][ T26] audit: type=1326 audit(1718752427.763:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5871 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fc1b7440379 code=0x7ffc0000 [ 222.103583][ T5885] loop0: detected capacity change from 0 to 512 [ 222.211022][ T5885] EXT4-fs (loop0): 1 orphan inode deleted [ 222.230198][ T5885] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 222.239705][ T5885] ext4 filesystem being mounted at /root/syzkaller-testdir2816537661/syzkaller.mRJDah/159/file0 supports timestamps until 2038 (0x7fffffff) [ 222.262284][ T5885] EXT4-fs warning (device loop0): ext4_group_add:1723: Can't resize non-sparse filesystem further [ 222.560875][ T3585] EXT4-fs (loop0): unmounting filesystem. [ 222.706287][ T3616] hid (null): bogus close delimiter [ 223.118224][ T5897] syz-executor.3[5897] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 223.118338][ T5897] syz-executor.3[5897] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 223.397749][ T3616] uclogic 0003:256C:006D.000B: failed retrieving Huion firmware version: -71 [ 223.446298][ T5902] loop3: detected capacity change from 0 to 16 [ 223.474798][ T5902] erofs: (device loop3): mounted with root inode @ nid 36. [ 223.775918][ T3616] uclogic 0003:256C:006D.000B: failed probing parameters: -71 [ 223.917548][ T3616] uclogic: probe of 0003:256C:006D.000B failed with error -71 [ 224.056916][ T3616] usb 2-1: USB disconnect, device number 6 [ 225.425206][ T5921] loop4: detected capacity change from 0 to 16 [ 225.586738][ T5921] erofs: (device loop4): EXPERIMENTAL compressed inline data feature in use. Use at your own risk! [ 225.614151][ T5924] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 225.667620][ T5921] erofs: (device loop4): EXPERIMENTAL compressed fragments feature in use. Use at your own risk! [ 225.678556][ T5921] erofs: (device loop4): EXPERIMENTAL global deduplication feature in use. Use at your own risk! [ 225.746883][ T5921] erofs: (device loop4): erofs_read_inode: bogus i_mode (0) @ nid 58320 [ 226.764906][ T5933] loop4: detected capacity change from 0 to 512 [ 227.748363][ T5933] EXT4-fs (loop4): corrupt root inode, run e2fsck [ 227.754998][ T5933] EXT4-fs (loop4): mount failed [ 227.798953][ T5944] syz-executor.2[5944] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 227.799060][ T5944] syz-executor.2[5944] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 228.019836][ T5951] capability: warning: `syz-executor.0' uses deprecated v2 capabilities in a way that may be insecure [ 228.125759][ T5952] loop2: detected capacity change from 0 to 16 [ 228.147063][ T5952] erofs: (device loop2): mounted with root inode @ nid 36. [ 228.760222][ T5948] loop1: detected capacity change from 0 to 4096 [ 228.798752][ T5956] loop0: detected capacity change from 0 to 256 [ 228.826718][ T5948] EXT4-fs (loop1): couldn't mount as ext3 due to feature incompatibilities [ 230.477944][ T5974] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 231.137839][ T3613] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 232.027354][ T1148] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 232.307190][ T1148] usb 3-1: Using ep0 maxpacket: 16 [ 232.540899][ T26] kauditd_printk_skb: 1 callbacks suppressed [ 232.540916][ T26] audit: type=1800 audit(1718752439.203:63): pid=5992 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=1964 res=0 errno=0 [ 232.543963][ T3613] usb 5-1: Using ep0 maxpacket: 8 [ 232.558802][ T26] audit: type=1800 audit(1718752439.223:64): pid=5992 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=1964 res=0 errno=0 [ 232.627906][ T1148] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 232.845998][ T1148] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 233.017553][ T1148] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 233.337223][ T1148] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 233.379682][ T1148] usb 3-1: config 0 descriptor?? [ 233.466998][ T6004] syz-executor.4[6004] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 233.467224][ T6004] syz-executor.4[6004] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 233.487541][ T3613] usb 5-1: device descriptor read/all, error -71 [ 233.544808][ T6006] loop0: detected capacity change from 0 to 16 [ 233.560291][ T6006] erofs: (device loop0): EXPERIMENTAL compressed inline data feature in use. Use at your own risk! [ 233.574575][ T6006] erofs: (device loop0): EXPERIMENTAL compressed fragments feature in use. Use at your own risk! [ 233.617632][ T6006] erofs: (device loop0): EXPERIMENTAL global deduplication feature in use. Use at your own risk! [ 233.645601][ T6006] erofs: (device loop0): erofs_read_inode: bogus i_mode (0) @ nid 58320 [ 233.999272][ T6014] loop4: detected capacity change from 0 to 16 [ 235.625709][ T6014] erofs: (device loop4): mounted with root inode @ nid 36. [ 235.799770][ T6020] loop0: detected capacity change from 0 to 512 [ 235.874355][ T6020] EXT4-fs (loop0): corrupt root inode, run e2fsck [ 235.892127][ T6020] EXT4-fs (loop0): mount failed [ 235.909359][ T6008] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 236.043751][ T6026] [ 236.046139][ T6026] ============================================ [ 236.052304][ T6026] WARNING: possible recursive locking detected [ 236.058471][ T6026] 6.1.94-syzkaller #0 Not tainted [ 236.063515][ T6026] -------------------------------------------- [ 236.069677][ T6026] syz-executor.3/6026 is trying to acquire lock: [ 236.076018][ T6026] ffff8880b9835e90 (lock#10){+.+.}-{2:2}, at: __mmap_lock_do_trace_acquire_returned+0x84/0x670 [ 236.086466][ T6026] [ 236.086466][ T6026] but task is already holding lock: [ 236.093855][ T6026] ffff8880b9835e90 (lock#10){+.+.}-{2:2}, at: __mmap_lock_do_trace_acquire_returned+0x84/0x670 [ 236.104268][ T6026] [ 236.104268][ T6026] other info that might help us debug this: [ 236.110628][ T6008] loop1: detected capacity change from 0 to 4096 [ 236.112324][ T6026] Possible unsafe locking scenario: [ 236.112324][ T6026] [ 236.112333][ T6026] CPU0 [ 236.118865][ T1148] usbhid 3-1:0.0: can't add hid device: -71 [ 236.126093][ T6026] ---- [ 236.126102][ T6026] lock( [ 236.130874][ T1148] usbhid: probe of 3-1:0.0 failed with error -71 [ 236.135248][ T6026] lock#10 [ 236.140388][ T1148] usb 3-1: USB disconnect, device number 7 [ 236.141461][ T6026] ); [ 236.141469][ T6026] lock(lock#10); [ 236.162805][ T6026] [ 236.162805][ T6026] *** DEADLOCK *** [ 236.162805][ T6026] [ 236.170955][ T6026] May be due to missing lock nesting notation [ 236.170955][ T6026] [ 236.179275][ T6026] 6 locks held by syz-executor.3/6026: [ 236.184730][ T6026] #0: ffff888025954468 (&pipe->mutex/1){+.+.}-{3:3}, at: pipe_write+0x1b6/0x1af0 [ 236.193977][ T6026] #1: ffff888028e22e58 (&mm->mmap_lock){++++}-{3:3}, at: lock_mm_and_find_vma+0x2e/0x2e0 [ 236.203909][ T6026] #2: ffff8880b9835e90 (lock#10){+.+.}-{2:2}, at: __mmap_lock_do_trace_acquire_returned+0x84/0x670 [ 236.214716][ T6026] #3: ffffffff8d12acc0 (rcu_read_lock){....}-{1:2}, at: get_mm_memcg_path+0xb1/0x600 [ 236.224299][ T6026] #4: ffffffff8d12acc0 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run4+0x16a/0x470 [ 236.233712][ T6026] #5: ffff888028e22e58 (&mm->mmap_lock){++++}-{3:3}, at: stack_map_get_build_id_offset+0x232/0x9c0 [ 236.244513][ T6026] [ 236.244513][ T6026] stack backtrace: [ 236.250412][ T6026] CPU: 0 PID: 6026 Comm: syz-executor.3 Not tainted 6.1.94-syzkaller #0 [ 236.258735][ T6026] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 236.268796][ T6026] Call Trace: [ 236.272075][ T6026] [ 236.275005][ T6026] dump_stack_lvl+0x1e3/0x2cb [ 236.279704][ T6026] ? nf_tcp_handle_invalid+0x642/0x642 [ 236.285176][ T6026] ? panic+0x764/0x764 [ 236.289252][ T6026] validate_chain+0x4711/0x5950 [ 236.294125][ T6026] ? check_path+0x21/0x40 [ 236.298457][ T6026] ? check_noncircular+0x1e3/0x3b0 [ 236.303573][ T6026] ? reacquire_held_locks+0x660/0x660 [ 236.308961][ T6026] ? add_chain_block+0x850/0x850 [ 236.313910][ T6026] ? lockdep_unlock+0x165/0x300 [ 236.318768][ T6026] ? lockdep_lock+0x2a0/0x2a0 [ 236.323451][ T6026] ? unwind_get_return_address+0x49/0x80 [ 236.329090][ T6026] ? arch_stack_walk+0xf3/0x140 [ 236.333944][ T6026] ? mark_lock+0x9a/0x340 [ 236.338286][ T6026] ? mark_lock+0x9a/0x340 [ 236.342625][ T6026] __lock_acquire+0x125b/0x1f80 [ 236.347492][ T6026] lock_acquire+0x1f8/0x5a0 [ 236.352003][ T6026] ? __mmap_lock_do_trace_acquire_returned+0x84/0x670 [ 236.358773][ T6026] ? read_lock_is_recursive+0x10/0x10 [ 236.364157][ T6026] ? down_read_trylock+0x24a/0x3b0 [ 236.369272][ T6026] ? stack_map_get_build_id_offset+0x232/0x9c0 [ 236.375435][ T6026] ? __mmap_lock_do_trace_acquire_returned+0x84/0x670 [ 236.382202][ T6026] __mmap_lock_do_trace_acquire_returned+0x9d/0x670 [ 236.388796][ T6026] ? __mmap_lock_do_trace_acquire_returned+0x84/0x670 [ 236.395566][ T6026] stack_map_get_build_id_offset+0x99e/0x9c0 [ 236.401557][ T6026] ? __lock_acquire+0x125b/0x1f80 [ 236.406594][ T6026] ? __bpf_get_stackid+0x910/0x910 [ 236.411718][ T6026] __bpf_get_stack+0x495/0x570 [ 236.416492][ T6026] ? stack_map_get_build_id_offset+0x9c0/0x9c0 [ 236.422656][ T6026] ? __cant_sleep+0x270/0x270 [ 236.427334][ T6026] bpf_get_stack_raw_tp+0x1b2/0x220 [ 236.432538][ T6026] bpf_prog_e6cf5f9c69743609+0x3a/0x3e [ 236.438004][ T6026] ? bpf_trace_run4+0x16a/0x470 [ 236.442855][ T6026] bpf_trace_run4+0x253/0x470 [ 236.447552][ T6026] ? bpf_trace_run3+0x440/0x440 [ 236.452437][ T6026] ? __bpf_trace_mmap_lock+0x30/0x30 [ 236.457737][ T6026] __traceiter_mmap_lock_acquire_returned+0x8c/0xe0 [ 236.464332][ T6026] __mmap_lock_do_trace_acquire_returned+0x5e3/0x670 [ 236.471009][ T6026] ? __mmap_lock_do_trace_acquire_returned+0x84/0x670 [ 236.477776][ T6026] lock_mm_and_find_vma+0x219/0x2e0 [ 236.482982][ T6026] exc_page_fault+0x169/0x620 [ 236.487671][ T6026] asm_exc_page_fault+0x22/0x30 [ 236.492531][ T6026] RIP: 0010:copy_user_enhanced_fast_string+0xa/0x40 [ 236.499130][ T6026] Code: ff c9 75 f2 89 d1 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 31 c0 0f 01 ca c3 8d 0c ca 89 ca eb 20 0f 01 cb 83 fa 40 72 38 89 d1 a4 31 c0 0f 01 ca c3 89 ca eb 0a 66 2e 0f 1f 84 00 00 00 00 00 [ 236.518738][ T6026] RSP: 0018:ffffc90004997938 EFLAGS: 00050206 [ 236.524805][ T6026] RAX: ffffffff84364901 RBX: 0000000000001000 RCX: 00000000000001c0 [ 236.532775][ T6026] RDX: 0000000000001000 RSI: 0000000020001000 RDI: ffff888018b9ee40 [ 236.540747][ T6026] RBP: ffffc90004997a98 R08: dffffc0000000000 R09: ffffed1003173e00 [ 236.548720][ T6026] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff888018b9e000 [ 236.556688][ T6026] R13: 1ffff92000932fb3 R14: 0000000000001000 R15: dffffc0000000000 [ 236.564666][ T6026] ? _copy_from_iter+0x201/0xff0 [ 236.569612][ T6026] _copy_from_iter+0x2c2/0xff0 [ 236.574399][ T6026] ? mark_lock+0x9a/0x340 [ 236.578738][ T6026] ? copyout_mc+0x100/0x100 [ 236.583243][ T6026] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 236.589235][ T6026] ? print_irqtrace_events+0x210/0x210 [ 236.594703][ T6026] ? _raw_spin_lock_irq+0xdb/0x110 [ 236.599822][ T6026] ? page_copy_sane+0x46/0x390 [ 236.604593][ T6026] copy_page_from_iter+0x76/0x100 [ 236.609625][ T6026] pipe_write+0x857/0x1af0 [ 236.614055][ T6026] ? pipe_read+0x12a0/0x12a0 [ 236.618648][ T6026] ? end_current_label_crit_section+0x147/0x170 [ 236.624893][ T6026] ? common_file_perm+0x17d/0x1d0 [ 236.629922][ T6026] ? fsnotify_perm+0x67/0x590 [ 236.634599][ T6026] vfs_write+0x7ae/0xba0 [ 236.638846][ T6026] ? file_end_write+0x250/0x250 [ 236.643697][ T6026] ? __fget_files+0x28/0x4a0 [ 236.648288][ T6026] ? __fget_files+0x435/0x4a0 [ 236.652970][ T6026] ? __fdget_pos+0x1db/0x360 [ 236.657560][ T6026] ? ksys_write+0x77/0x2c0 [ 236.661974][ T6026] ksys_write+0x19c/0x2c0 [ 236.666302][ T6026] ? print_irqtrace_events+0x210/0x210 [ 236.671785][ T6026] ? __ia32_sys_read+0x80/0x80 [ 236.676584][ T6026] ? syscall_enter_from_user_mode+0x2e/0x230 [ 236.682567][ T6026] ? lockdep_hardirqs_on+0x94/0x130 [ 236.687768][ T6026] ? syscall_enter_from_user_mode+0x2e/0x230 [ 236.693752][ T6026] do_syscall_64+0x3b/0xb0 [ 236.698181][ T6026] ? clear_bhb_loop+0x45/0xa0 [ 236.702864][ T6026] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 236.708762][ T6026] RIP: 0033:0x7fc1b747cf29 [ 236.713178][ T6026] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 236.732785][ T6026] RSP: 002b:00007fc1b82540c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 2024/06/18 23:14:03 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF [ 236.741217][ T6026] RAX: ffffffffffffffda RBX: 00007fc1b75b3f80 RCX: 00007fc1b747cf29 [ 236.749191][ T6026] RDX: 00000000fffffdef RSI: 00000000200001c0 RDI: 0000000000000000 [ 236.757168][ T6026] RBP: 00007fc1b74ec074 R08: 0000000000000000 R09: 0000000000000000 [ 236.765141][ T6026] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 236.773111][ T6026] R13: 000000000000000b R14: 00007fc1b75b3f80 R15: 00007ffdce449928 [ 236.781092][ T6026] [ 236.823142][ T6008] EXT4-fs (loop1): couldn't mount as ext3 due to feature incompatibilities