last executing test programs: 18m38.038897943s ago: executing program 2 (id=32): mknodat(0xffffffffffffff9c, &(0x7f0000000000)='./file2\x00', 0x81c0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[], 0x48) r1 = memfd_secret(0x80000) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_generic(r2, 0x0, 0x0) setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, 0x0, 0x0) ftruncate(r1, 0x51a9497) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x10, 0x0, 0x0) sched_setscheduler(0x0, 0x5, 0x0) execveat(0xffffffffffffff9c, &(0x7f00000002c0)='./file2\x00', 0x0, 0x0, 0x0) getsockopt$netrom_NETROM_T2(r2, 0x103, 0x2, &(0x7f00000000c0)=0x5, 0x0) mknod$loop(&(0x7f0000000200)='./file0\x00', 0x6000, 0x0) 18m37.411976648s ago: executing program 2 (id=33): openat$comedi(0xffffffffffffff9c, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xd7f4f000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000700), r3) fsetxattr$system_posix_acl(r1, 0x0, 0x0, 0x84, 0x3) sendmsg$NLBL_UNLABEL_C_STATICLIST(r3, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000480)={0x14, r4, 0xf002135a49ffa319, 0x70bd2a, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x40800) 18m35.525248859s ago: executing program 2 (id=36): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000197, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) getsockopt$IP6T_SO_GET_REVISION_MATCH(r0, 0x29, 0x44, &(0x7f0000000700)={'icmp\x00'}, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) fchdir(0xffffffffffffffff) r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r4, &(0x7f0000000100)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0x60) 18m34.351209691s ago: executing program 2 (id=38): syz_mount_image$ext4(&(0x7f0000000740)='ext4\x00', &(0x7f0000000780)='./file0\x00', 0x0, &(0x7f0000000000)={[{@nouid32}, {@mblk_io_submit}, {@i_version}]}, 0x1, 0x746, &(0x7f0000000f40)="$eJzs3c9rHGUfAPDvbJOmb9vXpODBimCgBwulG5vWUkGkogcpVop689Bud7ehZLdbspvShIpWFMGTSPHsj5M3/wFRBL15FDx7kkKRUi+CsDLb2bjt7jabNJtV9/OBCc8zM5tnvjszz/Mkz8NMAGNrNv2Ri9gfER8lEdPZ+iQiJlupiYiTd/e7c/taMV2SaDZf/y1p7ZPmo+MzqT1Z5rGI+O79iEO57nLrK6uLhUqlvJTl5xrVy3P1ldXDF6uFhfJC+dL88WePzp+Yf+bE/JbF+sd7r54/9dVLX9x498dfXnvr1JNJnIy92bbOOLbKbMxm38lk+hXe48WtLmzEklEfAJuS3po77t7lsT+mY0crBQD8l70dEU0AYMwk2n8AGDPt/wO0x/aGMQ72T3brhYjY1Sv+iWzMbldrHHT3neSekZEkIma2oPzZiLj65gdfp0sMaRwSoJd3rkfEuZnZ7vov6ZqzsFFPD7DP7H159R9sn2/T/s+JXv2f3Fr/J3r0f6Z63Lubsf79n7u5BcX0lfb/nuvZ/12btDazI8v9v9Xnm0wuXKyU07rtkYg4GJNTaf7IA8o49vHzP/Tb1tn/S5e0/HZfMDuOmxNT936mVGgUHibmTreuRzw+0Sv+ZO38J336v2cGLKPx/ROf99u2fvzD1fws4qme5//vGW1Jx/zEqeianzjXuh7m2ldFt/yH0/v6lT/q+NPzv/vB8c8knfM16xsv46dP/ny537bNXv87kzda6Z3ZuquFRmPpSMTO5JXu9R1TSNv59v5p/AcPPLj+63X9p38Tnhsw/sVPvzy/+fiHK42/tKHzv/HEgZ+/6R1PM5ttvO75P9ZKHczWDFL/DXqAD/PdAQAAAAAAAAAAAAAAAAAAAAAAAMCgchGxN5Jcfi2dy+Xzd9/h/WjszlVq9cahC7XlS6VovSt7JiZz7SddTnc8D/VI9jz8dn7+vvzRiNgXETem/tfK54u1SmnUwQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAZk+f9/+nfp0a9dEBAEOza9QHAABsO+0/AIwf7T8AjB/tPwCMH+0/AIwf7T8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABDdub06XRp/n77WjHNl66sLC/WrhwuleuL+epyMV+sLV3OL9RqC5Vyvlirrvf7KrXa5fnjsXx1rlGuN+bqK6tnq7XlS42zF6uFhfLZ8uS2RAUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG1NfWV0sVCrlJQkJCYm1xKhrJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB/h78CAAD//6LRHug=") rename(&(0x7f0000000000)='./file2\x00', &(0x7f00000005c0)='./file0/file0\x00') syz_mount_image$fuse(0x0, &(0x7f0000001040)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c}) syz_clone(0x0, 0x0, 0xfffffffffffffe7b, 0x0, 0x0, 0x0) 18m33.494329293s ago: executing program 2 (id=43): socket$unix(0x1, 0x1, 0x0) r0 = socket$unix(0x1, 0x1, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000600)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xb}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000280)=@newtfilter={0x84, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r3, {0xffff, 0x5}, {}, {0x7, 0x3}}, [@filter_kind_options=@f_matchall={{0xd}, {0x50, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x8, 0x8, 0x4, 0xa, 0x3}, 0x1}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x3}}}}]}]}}]}, 0x84}}, 0x0) 18m32.355033082s ago: executing program 2 (id=47): openat$sndseq(0xffffffffffffff9c, 0x0, 0x62181) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, 0x0, 0x20000000) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) write$uinput_user_dev(r1, &(0x7f0000000a00)={'syz1\x00', {0x9, 0x7, 0x5, 0x5}, 0x3f, [0x9, 0x2, 0x18, 0x2, 0x2, 0x400, 0x80400000, 0x0, 0x8, 0x2, 0x6, 0x2, 0xfffffffb, 0x39, 0x747d5e13, 0x800, 0xfffffb9a, 0xfffffffe, 0x0, 0xfffffffb, 0x2004, 0x3, 0x0, 0xf250, 0x80, 0x4800, 0x300000, 0x800c, 0x4000e, 0x4623f, 0x0, 0x10001, 0x1ff, 0x8000, 0x0, 0x3, 0xd, 0x3, 0xba55, 0x8da8, 0x2, 0xe, 0x2, 0x4, 0xe, 0x5, 0x2, 0x6f, 0x8, 0x9, 0x1, 0x199d, 0x6, 0x2, 0x9, 0xfffbffff, 0x4, 0x6, 0x1000, 0x5, 0x3d, 0x9, 0xa, 0x5], [0x7, 0x1e, 0x7f, 0x8000, 0xfffffffd, 0x3, 0x0, 0x2fcd0, 0x7, 0xfffffffc, 0x8, 0x7fff, 0x72c, 0x1c32, 0x3, 0x5, 0x10000, 0x400, 0x7ffd, 0x3, 0x1, 0x297, 0x5, 0x0, 0x981, 0x4, 0xfffffffc, 0x3ff, 0x0, 0xfffffffe, 0x0, 0x1000001, 0x10, 0xfffffff9, 0xfffffffd, 0x7, 0x1, 0xb, 0x6, 0x6, 0x800, 0xffff, 0x6, 0xfa75, 0xfbfffff9, 0x2, 0x0, 0x2, 0x401, 0xc, 0x3, 0x379, 0x4, 0xe, 0x5, 0x7, 0x6, 0x2, 0x2, 0x1, 0x8, 0x7, 0x200, 0x3], [0x401, 0x8000c584, 0xffff, 0xcd3, 0x7, 0x1f, 0x404, 0x4, 0x7fffffff, 0xc, 0x7, 0x9, 0xe8b, 0x5, 0x80000001, 0x9, 0x2f92, 0x1000, 0x0, 0x10, 0x1, 0xfffffff9, 0x0, 0x1000, 0x80040101, 0x5, 0x4, 0x5, 0x200003, 0x2, 0x5, 0x80, 0x9, 0x8001, 0x10000, 0x0, 0xf, 0x400004, 0x3, 0x6d7e, 0x3, 0x8, 0x3, 0xbf23, 0x6, 0x9, 0x956, 0x62, 0x3ff, 0xe, 0x6, 0x100fffd, 0x2005, 0x9, 0x4, 0xea, 0x9, 0x20000005, 0x3, 0xd9, 0x9, 0x7d, 0x401, 0x5], [0x108e, 0xffff, 0x3, 0x3, 0x88, 0x2, 0x4000000, 0x4, 0x50, 0x2, 0x763, 0xb, 0x402, 0x200001, 0x5, 0x4001000, 0x7f, 0x5, 0x3fa6, 0x4, 0x7, 0x5, 0x6, 0x4, 0xe47, 0x4, 0x3, 0x9, 0x200, 0x2851, 0x3b, 0x20000001, 0x6, 0x101, 0xa80a, 0x7, 0x4, 0x9, 0x4, 0x86, 0x44, 0x409, 0x3, 0x4, 0x4, 0x10, 0x4, 0xffffffff, 0x7ff7, 0xffff8a33, 0x3, 0x401, 0x3, 0x200, 0x7, 0x4edf, 0xfffffffd, 0xa, 0xe, 0x2, 0xf, 0xf, 0x8, 0x138b]}, 0x45c) ioctl$UI_DEV_CREATE(r1, 0x5501) readv(r1, &(0x7f0000001240)=[{&(0x7f00000012c0)=""/41, 0x18}], 0x1) write$input_event(r1, &(0x7f0000000000)={{0x77359400}, 0x15}, 0xfe4f) unshare(0x8040480) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) socket$inet6(0xa, 0x2, 0x0) sendmsg$NL802154_CMD_GET_SEC_LEVEL(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000080)={0x14, r3, 0x701, 0x70bd2b, 0x0, {0x5}}, 0x14}, 0x1, 0x0, 0x0, 0x20004074}, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x40, 0x3, 0xa, 0x801, 0x0, 0x0, {0x1, 0x0, 0x7}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0xfffffffe}, @NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x4}]}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x2}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x28, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @meta={{0x9}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_META_DREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_META_SREG={0x8, 0x3, 0x1, 0x0, 0xd}]}}}]}]}], {0x14}}, 0xd8}, 0x1, 0x0, 0x0, 0x2000c045}, 0x24000004) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r5, 0x0, 0x0) sendto$inet6(r5, 0x0, 0x0, 0x240540c7, 0x0, 0x0) 18m31.938681545s ago: executing program 32 (id=47): openat$sndseq(0xffffffffffffff9c, 0x0, 0x62181) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, 0x0, 0x20000000) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) write$uinput_user_dev(r1, &(0x7f0000000a00)={'syz1\x00', {0x9, 0x7, 0x5, 0x5}, 0x3f, [0x9, 0x2, 0x18, 0x2, 0x2, 0x400, 0x80400000, 0x0, 0x8, 0x2, 0x6, 0x2, 0xfffffffb, 0x39, 0x747d5e13, 0x800, 0xfffffb9a, 0xfffffffe, 0x0, 0xfffffffb, 0x2004, 0x3, 0x0, 0xf250, 0x80, 0x4800, 0x300000, 0x800c, 0x4000e, 0x4623f, 0x0, 0x10001, 0x1ff, 0x8000, 0x0, 0x3, 0xd, 0x3, 0xba55, 0x8da8, 0x2, 0xe, 0x2, 0x4, 0xe, 0x5, 0x2, 0x6f, 0x8, 0x9, 0x1, 0x199d, 0x6, 0x2, 0x9, 0xfffbffff, 0x4, 0x6, 0x1000, 0x5, 0x3d, 0x9, 0xa, 0x5], [0x7, 0x1e, 0x7f, 0x8000, 0xfffffffd, 0x3, 0x0, 0x2fcd0, 0x7, 0xfffffffc, 0x8, 0x7fff, 0x72c, 0x1c32, 0x3, 0x5, 0x10000, 0x400, 0x7ffd, 0x3, 0x1, 0x297, 0x5, 0x0, 0x981, 0x4, 0xfffffffc, 0x3ff, 0x0, 0xfffffffe, 0x0, 0x1000001, 0x10, 0xfffffff9, 0xfffffffd, 0x7, 0x1, 0xb, 0x6, 0x6, 0x800, 0xffff, 0x6, 0xfa75, 0xfbfffff9, 0x2, 0x0, 0x2, 0x401, 0xc, 0x3, 0x379, 0x4, 0xe, 0x5, 0x7, 0x6, 0x2, 0x2, 0x1, 0x8, 0x7, 0x200, 0x3], [0x401, 0x8000c584, 0xffff, 0xcd3, 0x7, 0x1f, 0x404, 0x4, 0x7fffffff, 0xc, 0x7, 0x9, 0xe8b, 0x5, 0x80000001, 0x9, 0x2f92, 0x1000, 0x0, 0x10, 0x1, 0xfffffff9, 0x0, 0x1000, 0x80040101, 0x5, 0x4, 0x5, 0x200003, 0x2, 0x5, 0x80, 0x9, 0x8001, 0x10000, 0x0, 0xf, 0x400004, 0x3, 0x6d7e, 0x3, 0x8, 0x3, 0xbf23, 0x6, 0x9, 0x956, 0x62, 0x3ff, 0xe, 0x6, 0x100fffd, 0x2005, 0x9, 0x4, 0xea, 0x9, 0x20000005, 0x3, 0xd9, 0x9, 0x7d, 0x401, 0x5], [0x108e, 0xffff, 0x3, 0x3, 0x88, 0x2, 0x4000000, 0x4, 0x50, 0x2, 0x763, 0xb, 0x402, 0x200001, 0x5, 0x4001000, 0x7f, 0x5, 0x3fa6, 0x4, 0x7, 0x5, 0x6, 0x4, 0xe47, 0x4, 0x3, 0x9, 0x200, 0x2851, 0x3b, 0x20000001, 0x6, 0x101, 0xa80a, 0x7, 0x4, 0x9, 0x4, 0x86, 0x44, 0x409, 0x3, 0x4, 0x4, 0x10, 0x4, 0xffffffff, 0x7ff7, 0xffff8a33, 0x3, 0x401, 0x3, 0x200, 0x7, 0x4edf, 0xfffffffd, 0xa, 0xe, 0x2, 0xf, 0xf, 0x8, 0x138b]}, 0x45c) ioctl$UI_DEV_CREATE(r1, 0x5501) readv(r1, &(0x7f0000001240)=[{&(0x7f00000012c0)=""/41, 0x18}], 0x1) write$input_event(r1, &(0x7f0000000000)={{0x77359400}, 0x15}, 0xfe4f) unshare(0x8040480) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff) socket$inet6(0xa, 0x2, 0x0) sendmsg$NL802154_CMD_GET_SEC_LEVEL(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000080)={0x14, r3, 0x701, 0x70bd2b, 0x0, {0x5}}, 0x14}, 0x1, 0x0, 0x0, 0x20004074}, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x40, 0x3, 0xa, 0x801, 0x0, 0x0, {0x1, 0x0, 0x7}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0xfffffffe}, @NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x4}]}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x2}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x28, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @meta={{0x9}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_META_DREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_META_SREG={0x8, 0x3, 0x1, 0x0, 0xd}]}}}]}]}], {0x14}}, 0xd8}, 0x1, 0x0, 0x0, 0x2000c045}, 0x24000004) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r5, 0x0, 0x0) sendto$inet6(r5, 0x0, 0x0, 0x240540c7, 0x0, 0x0) 15m30.234193023s ago: executing program 5 (id=482): r0 = syz_usb_connect(0x0, 0x1cb, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000122f0d4071040403dfe4000000010902b901010000003f0904"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000740)={0x84, &(0x7f0000000340)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 15m24.647196s ago: executing program 5 (id=492): write$binfmt_aout(0xffffffffffffffff, &(0x7f0000000300)=ANY=[], 0xff2e) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) prlimit64(0x0, 0x1, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = socket$pptp(0x18, 0x1, 0x2) bind$pptp(r1, &(0x7f0000000000)={0x18, 0x2, {0x0, @dev}}, 0x1e) 15m23.266365015s ago: executing program 5 (id=494): socket(0x10, 0x3, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000a80)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d640500000000006504040001001f000404000001007d60b7030000000000006a0a00fe00000100850000000d000000b7000000000000009500000000000000c74396c8e3ebbadc20e5a7ef8c9ac1465cbf188ef10871b81ac7553358380b3a1f59916ffc9bf0bdf81524f07fb2819bf5774fedda52e39c90af27db5b56024df96b4673b4e8d5467e114604ea09b290a248a120c9c6cd87cef9000000a39c15a7ef365cc27dfeac7b9b0e9048517354b0ca4f9cf8b59ee6fa003fe1f2c4c15f20a07db4583a462d8be6602186fd68ee14a19ea2eb42122b8635a66ce6b5b92356081bc0f18a0ca83dbc089a9813c1efa26001b3f486ebfaae85c4d0b96778478ae5355e6f923b11056969f486f80a35f7f2339704fa93fa915ab8e1e0d7f31ebd19455e6827cd493907bf9d0000000000000000000000004e1fa60acabcf0553910ca2e5ea499fd5889dde9261f0848a5b8af657bfc96049308e8953431b269053627a1523551c160c813969925a892d266792352ec0204596a37ce8d6d260b32239bddbce2e79f93cb5a0ad897adb53b397d07c50f84b74f2605a565ee149016aa75ea31c0087dcd821b47c8b36efc6da4fb2ea7f1f36c85856b73ac9872babc62149699b6b8c796a79d833eb4b5ca668d430db5653a2b3c5b87e17ca1"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x2ca}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x18000000000002a0, 0x28, 0x0, &(0x7f0000000040)="b90103600040f000009e0ff088a81fffffe100004000632177fb7f0200017f020001be3e7d2a182f", 0x0, 0x104, 0x6000000000000000, 0x10c, 0x0, &(0x7f0000000400)="9209558f0c5fb25cd57f98113135c3171b8b331fbc04f0e6955a796ff8e3aae3cac46cec3030dfc999058aea01f0e6dcf2f9d480d328655aca003927bd50ed49d4843c8a0a2a4b26ceb747947200bd644c85e7a8a7d7cfce840c02a7d69c9e0bca410f64d43290abbbf3131e1fa8bd8c3e5f19d5a491d3d4c1a0fe47de9eebaf073ac3da6256bdb681d18fbd607c9b0d710442bcf78bc36fd3c035812bde582a262bff0e4d6181c818fccf542868c6e602d97bea23a101955dc76bcc984142ab305387aa348566d688edd291a3e9d08952adbdf60462bb7f7faebcdfccf17115708b0d73d0f3a469ce7d8374219b3f92c92bcec4958d474bb281c26691949d054b784a5866f081e53eb9cfd7"}, 0x50) 15m21.810211145s ago: executing program 5 (id=497): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000012c0)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) write$char_usb(r1, 0x0, 0x0) 15m18.31893932s ago: executing program 5 (id=506): syz_mount_image$exfat(&(0x7f0000000280), &(0x7f0000001900)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x14090, &(0x7f0000001800)=ANY=[@ANYRES32=0x0, @ANYRESHEX, @ANYRESOCT=0x0, @ANYRESHEX, @ANYRES32], 0xfd, 0x1501, &(0x7f00000002c0)="$eJzs3Am4T1X3OPC19t6H62b4JpnP2uvwTYZNkoSSZEiSJCRzQpIkSZK4ZEpCEjLeJHPInG665nnInHTzSpIkJCTZ/+c2/P16h5/3fX/9/vq/d32e5zz2cs7aZ+27nu89w/Pc79ddh1VvVKNKfWaGf4f+bYC//JMEAAkAMBAAcgBAAABlc5bNmb4/i8akf+sk4n9JgxlXugJxJUn/Mzbpf8Ym/c/YpP8Zm/Q/Y5P+Z2zS/4xN+i9EhjYr39WyZdxN3v//f079T5Ll+p8h4D/aIf3/T6P/paOl/xmb9D9jk/5nbNL/jCy40gWIK0w+/xmb9F+IDO0Pf6e84dyVfqct27+wCSGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQ/w+c85cYAPhtfKXrEkIIIYQQQgghxB/Hv3ulKxBCCCGEEEIIIcT/PgQFGgwEkAkyQwJkgUS4CrJCNsgOOSAGV0NOuAZywbWQG/JAXsgH+aEAFIQQCCwwRFAICkMcroMicD0UhWJQHEqAg5JQCm6A0nAjlIGboCzcDOXgFigPFX4+Z7rboTLcAVXgTqgK1aA61IC7oCbcDbXgHqgN90IduA/qwv1QDx6A+tAAGsKD0AgegsbQBJpCM2gOLaDlZfKTc/y9/OehB7wAPaEXJEFv6AMvQl/oB/1hAAyEl2AQvAyD4RUYAkNhGLwKw+E1GAGvw0gYBaPhDRgDY2EcjIcJMBGS4U2YBG/BZHj7oWwwFabBdJgBM2EWvAOzYQ7MhXdhHsyHBZCcZREshiXwHiyF9yEFPoBl8CGkwnJYASthFayGNbAW1sF62AAbYRNshi2wFbbBR7AddsBO2AW7YQ/shY9hH3wC++FTSMPP/sX8s7/Ph24ICKhQoUGDmTATJmACJmIiZsWsmB2zYwxjmBNzYi7MhbkxN+bFvJiE+bEgFkRCQkbGQlgI4xjHIlgEi2JRLI7F0aHDUlgKS+ONWAbLYFksi+WwHJbHClgBb8VbsRJWwspYGatgFayKVbE6Vse78C68G2thLayNtbEO1sG6WBfrYT2sj/WxITbERtgIG2NjbIpNsTk2x5bYElthK2yNrbEttsV22A7bY3vsgB2wI3bETtgJO2Nn7IJdsCt2xW74HD6Hz+Pz+AK+gL2wquqNfbAP9sW+2B8H4AB8CQfhy/gyvoJDcCgOw1fxVXwNR+AZHImjcDSOxkpqLI7D8chqIiZjMmaGSTgZJ+MUnIpTcTrOwJk4C2fhbJyDc/BdnIfzcT4uxIW4GJfgElyK72MKpuAyPIupuBxX4EpchatxFa7FdbgWN+BG3ICbcTNuxa34EX6EO3AH7sJduAf34Mf4MX6Cn+AQTMM0PIAH8CAexEN4CA/jYTyCR/AoHsVjeAyP43E8gSfxFJ7E03gaz+BZPAcA5/E8XsALeBEvpn/4VTqjjMqkMqkElaASVaLKqrKq7Cq7iqmYyqlyqlwql8qtcqu8Kq/Kr/KrgqqgIkWKVaQKqUIqruKqiCqiiqqiqrgqrpxyqpQqpUqr0qqMKqPKqptVOXWLKq8qqDbuVnWrqqTausrqDlVFVVFVVTVVXdVQNVRNVVPVUrVUbVVb1VF1VF11v6qnemN/bKDSO9NIDcXGahg2Vc1Uc9VCvYYPq1ZqBLZWbVRb9agahSOxvWrlOqgnVEc1Djupp9R4fFp1UROxq3pWdVPPqe7qedVDtXY9VS81BXurPmo69lX9VH81QM3Gaiq9Y9XVK+r5zEPVMPWqWoyvqRHqdTVSjVKj1RtqjBqrxqnxaoKaqJLVm2qSektNVm+rKWqqmqamqxlqppql3lGz1Rw1V72r5qn5aoFaqBapxWqJek8tVe+rFPWBWqY+VKlquVqhVqpVarVao9aqdWq92qA2qk1qs9qitqpt6iO1Xe1QO9UutVvtUXvVx2qf+kTtV5+qNPWZOqD+og6qz9Uh9YU6rL5UR9RX6qj6Wh1T36jj6lt1Qp1Up9R36rT6Xp1RZ9U59YM6r35UF9RP6qLyCjRqpbU2OtCZdGadoLPoRH2Vzqqz6ew6h47pq3VOfY3Opa/VuXUendfk0/l1AV1Qh5q01awjXUgX1nF9nS6ir9dFdTFdXJfQTpfUpfQNurS+UZfRN+my+mZdTt+iy+sKuqIHfZuupG/XlfUduoq+U1fV1XR1XUPfpWvqu3UtfY+ure/VdfR9uq6+X9fTD+j6uoFuqB/UjfRDurFuopvqZrq5bqFb6od1K/2Ibq3b6Lb6Ud1OP6bb68d1B/2E7qif1J30U7qzflp30c/orvpZ3U0/p7vrn/RF7XVP3Usn6d66j35R99X9dH89QA/UL+lB+mU9WL+ih+iheph+VQ/Xr+kR+nU9Uo/So/Ubeoweq8fp8XqCnqiT9Zt6kn5LT9Zv6yl6qp6mp+sZeqbu/+tMc/+J/Lf+Tv7gn8++VW/TH+nteofeqXfp3XqP3qv36n16n96v9+s0naYP6AP6oD6oD+lD+rA+rI/oI/qoPqqP6WP6uD6uT+iT+gf9nT6tv9dn9Fl9Vv+gz+vz+sKvPwMwaJTRxpjAZDKZTYLJYhLNVSaryWaymxwmZq42Oc01Jpe51uQ2eUxek8/kNwVMQRMaMtawiUwhU9jEzXWmiLneFDXFTHFTwjhT0pQyN/yP8y9XX0vT0rQyrUxr09q0NW1NO9POtDftTQfTwXQ0HU0n08l0Np1NF9PFdDVdTTfTzXQ33U0P08P0ND1NkkkyfcyLpq/pZ/qbAWageckMMoPMYDPYDDFDzDAzzAw3w80IM8KMNCPNaDPajDFjzDgzzkwwE0yyz2EmmUlmsplsppgpZtrAHGaGmWFmmVlmtplt5pq5Zp6ZZxaYBWaRWWSWmCVmqVlqUkyKWWaWmVSz3Cw3K81Ks9qsNmvNWrPerDcbzUaz2Ww2qWab2Wa2m+1mp9lpdpvdZq/Za/aZfWa/2W/STJo5YA6Yg+agOWQOmcPmsDlijpij5qg5Zo6Z4+a4OWFOmFPmlDltTpsz5ow5Z86Z8+a8uWAumIvmYvptX6ACFZjABJmCTEFCkBAkBolB1iBrkD3IHsSCWJAzyBnkCq4Ncgd5grxBviB/UCAoGIQBBTbgIAoKBYWDeHBdUCS4PigaFAuKByUCF5QMSgU3BKWDG4MywU1B2eDmoFxwS1A+qBBUDG4NbgsqBbcHlYM7girBnUHVoFpQPagR3BXUDO4OagX3BLWDe4M6wX1B3eD+oF7wQFA/aBA0DB4MGgUPBY2DJkHToFnQPGgRtPxD5/f+TJ5HXM+wV5gU9g77hC+GfcN+Yf9wQDgwfCkcFL4cDg5fCYeEQ8Nh4avh8PC1cET4ejgyHBWODt8Ix4Rjw3Hh+HBCODFMDt8MJ4VvhZPDt8Mp4dRwWjA9nBHODGeF74Szwznh3PDdcF44P1wQLgwXhYtD/OWWGFLCD8Jl4Ydharg8XBGuDFeFq8M14dpwXbg+3BBuDDeFm8sO+uXQcHu4I9wZ7gp3h3vCveHH4b7wk3B/+GmYFn4WHgj/Eh4MPw8PhV+Eh8MvwyPhV+HR8OvwWPhNeDz8NjwRngxPhd+Fp8PvwzPh2fBc+EN4PvwxvBD+FF4MffrNffrlnQwZykSZKIESKJESKStlpeyUnWIUo5yUk3JRLspNuSkv5aX8lJ8KUkFKx8RUiApRnOJUhIpQUSpKxak4OXJUikpRaSpNZagMlaWyVI7KUXkqTxWpIt1Gt9HtdDvdQXfQnXQnVaNqVINqUE2qSbWoFtWm2lSH6lBdqkv1qB7Vp/rUkBpSI2pEjakxNaWm1JyaU0tqSa2oFbWm1tSW2lI7akftqT11oA7UkTpSJ+pEnakzdaEu1JW6UjfqRt2pO/WgHtSTelISJVEf6kN9qS/1p/40kAbSIBpEg2kwDaEhNIyG0XAaTiNoBI2kUTSa3qAxNJbG0XiaQBMpmZJpEk2iyTSZptAUmkbTaAbNoFk0i2bTbJpLc2kezaMFtIAW0SJaQktoKS2lFEqhZbSMUimVVtAKWkWraA2toXW0jjbQBtpEm2gLbaFttI2203baSTtpN+2mvbSX9tE+2k/7KY3S6AAdoIN0kA7RITpMh+kIHaGjdJSO0TE6TsfpBJ2gU3SKTtNpOkNn6Bydo/P0I12gn+gieUqwWWyivcpmtdlsdpvD/nWc1+az+W0BW9CGNrfN87uYrLVFbTFb3Jawzpa0pewNfxOXtxVsRXurvc1Wsrfbyra8zQL/Na5p77a17D22tr3X1rB3/S6uY++zde1Dtp5tYuvbZrahbWEb2YdsY9vENrXNbHPbwrazj9n29nHbwT5hO9on/yZeat+36+x6u8FutPvsJ/ac/cEetV/b8/ZH29P2sgPtS3aQfdkOtq/YIXbo72MAO9q+YcfYsXacHW8n2Il/E0+z0+0MO9POsu/Y2XbO38RL7Ht2nk2xC+xCu8gu/jlOrynFfmCX2Q9tql1uV9iVdpVdbdfYtf+31pV2s91it9q99mO73e6wO+0uu9vu+TlOX8d++6lNs5/ZI/Yre9B+bg/ZY/aw/fLnOH19x+w39rj91p6wJ+0p+509bb+3Z+zZn9efvvbv7E/2ovUWGFmxZsMBZ+LMnMBZOJGv4qycjbNzDo7x1ZyTr+FcfC3n5jycl/Nxfi7ABTlkYsvMERfiwhzn67gIX89FuRgX5xLsuCSX4hu4NN/IZfgmLss3czm+hctzBa7It/JtXIlv58p8B1fhO7kqV+PqXIPv4pp8N9fie7g238t1+D6uy/dzPX6A63MDbsgPciN+iBtzE27Kzbg5t+CW/DC34ke4Nbfhtvwot+PHuD0/zh34Ce7IT3Infoo789PchZ/hrvwsd+PnuDs/zz34Be7JvTiJe3MffpH7cj/uzwN4IL/Eg/hlHsyv8BAeysP4VR7Or/EIfp1H8igezW/wGB7L43g8T+CJnMxv8iR+iyfz2zyFp/I0ns4zeCbP4nd4Ns/hufwuz+P5vIAX8iJezEv4PV7K73MKf8DL+ENO5eW8glfyKl7Na3gtr+P1vIE38ibezFt4K2/jj3g77+CdvIt38x7eyx/zPv6E9/OnnMaf8QH+Cx/kz/kQf8GH+Us+wl/xUf6aj/E3fJy/5RN8kk/xd3yav+czfJbP8Q98nn/kC/wTX2TPEGGkIh2ZKIgyRZmjhChLlBhdFWWNskXZoxxRLLo6yhldE+WKro1yR3mivFG+KH9UICoYhRFFNuIoigpFhaN4dF1UJLo+KhoVi4pHJSIXlYxKRTdEpaMbozLRTVHZ6OaoXHRLVD6qEFWMbo1uiypFt0eVozuiKtGdUdWoWlQ9qhHdFdWM7o5qRfdEtaN7ozLRfVHd6P6oXvRAVD9qEDWMHowaRQ9FjaMmUdOoWdQ8ahG1jB6OWkWPRK2jNlHb6NGoXfRY1D56POoQPRF1jJ68tL9Y8MvV9K/2J0W9I/3rG7J79KL44viS+HvxpfH34ynxD+LL4h/GU+PL4yviK+Or4qvja+Jr4+vi6+Mb4hvjm+Kb41viW+Pe18gMDtMfhMG4wGVymV2Cy+IS3VUuq8vmsrscLuaudjndNS6Xu9bldnlcXpfP5XcFXEEXOnLWsYtcIVfYxd11roi73hV1xVxxV8I5V9KVci1cS9fStXKPuNaujWvrHnWPusfcY+7xhF8Ld53cU66ze9p1cc+4Z9yzrpt7znV3z7se7gXX0/VySS7J9XF9XF/X1/V3/d1AN9ANcoPcYDfYDXFD3DA3zA13w90IN8KNdCPdaDfajXFj3Dg3zk1wE1yyS3aT3CQ32U12U9wUN81NczPcDDfLzXKz3Ww3181189w8t8AtcIvcIrfELXFL3VKX4lLcMrfMpbpUt8KtcKvcKrfGrXHr3Dq3wW1wm9wmt8VtcdvcNrfdbXc73U632+12e91et8/tc/vdfpfm0twBd8AddAfdIfeFO+y+dEfcV+6o+9odc9+44+5bd8KddKec16fd9+6MO+vOuR/cefeju+B+chedd8mxN2OTYm/FJsfejk2JTY1Ni02PzYjNjM2KvRObHZsTmxt7NzYvNj+2ILYwtii2OLYk9l5saez9WErsg9iy2Iex1Njy2IrYytiq2OqY9wW2R76QL+zj/jpfxF/vi/pivrgv4Z0v6Uv5G3xpf6Mv42/yZf3Nvpy/xZf3FXxF38Q39c18c9/Ct/QP+1b+Ed/at/Ft/aO+nX/Mt/eP+w7+Cd/RP+k7+ad8Z/+07+Kf8V39s/N/7bLv4V/wPX0vn+R7+z7+Rd/X9/P9/QA/0L/kB/mX/WD/ih/ih/ph/lU/3L/mR/jX/Ug/yo/2b/gxfqwf58f7CX6iT/Zv+kn+LT/Zv+2n+Kl+mp/uZ/iZfpZ/x8/2c/xc/66f5+f7BX6hX+QX+yX+Pb/Uv+9T/Ad+mf/Qp/rlfoVf6Vf51X6NX+vX+fV+g9/oN/nNfovf6rf5j/x2v8Pv9Lv8br/H7/Uf+33+E7/ff+rT/Gf+gP+LP+g/94f8F/6w/9If8V/5o/5rf8x/44/7b/0Jf9Kf8t/50/57f8af9ef8D/68/9Ff8D/5i/I3a0IIIYQQ/xR9mf29/87/qV+3dH0AINuOfIf/es5NuX8Z91P7OsYA4IleXRv8tjVokJSU9OuxqRqCwgsBIHYp/+fvH/g1Xg5t4THoAG2g9N+tr5+q+PN93383f/xmgESALL/lpD8eJcJfz3/jP5i/yXt8ufkXAhQtfCkn/US/xZfmL/MP5t/T7jLzZ/k8GaD1f8nJCpfiS/OXgkfgSejwuyOFEEIIIYQQQohf9FPnu13u+Tb9+Ty/uZSTGS7Fl3s+v4zKf8QahBBCCCGEEEII8d97+rnujz/coUObzv/Jg8x/jjL+BAMEgD9BGTL48w+u9G8mIYQQQgghxB/t0k3/la5ECCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYTIuP79bwhT//TBV3qNQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghxJX2fwIAAP//5g1V0w==") syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0xf32}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeea, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42032, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x1000, 0x0, &(0x7f00008b5000/0x1000)=nil) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f00000026c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94) bpf$LINK_GET_NEXT_ID(0x1f, 0x0, 0x0) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000001b00)=ANY=[], 0x27) syz_usb_connect$hid(0x59c7271563034cba, 0x0, 0x0, 0x0) openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi1\x00', 0x2180, 0x0) openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x103042, 0x0) mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1) creat(&(0x7f0000001a00)='./file0\x00', 0x175) creat(0x0, 0x0) creat(0x0, 0x185) 15m15.085573482s ago: executing program 5 (id=515): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x40040, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$kcm(0x11, 0x3, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r5 = socket(0x400000000010, 0x3, 0x0) r6 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'}) sendmsg$nl_route_sched(r5, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000005c0)=@newtfilter={0x40, 0x2c, 0xd27, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, r4, {0xb, 0xfff3}, {}, {0x7, 0x1}}, [@filter_kind_options=@f_matchall={{0xd}, {0xc, 0x2, [@TCA_MATCHALL_CLASSID={0x8, 0x1, {0xf, 0xfff3}}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x20040810}, 0x0) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r7) socket(0x10, 0x3, 0x0) ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(r2, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0x7, r8, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000002300)="81", 0x1}], 0x1}, 0x4) 14m59.514713214s ago: executing program 33 (id=515): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x40040, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$kcm(0x11, 0x3, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r5 = socket(0x400000000010, 0x3, 0x0) r6 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'}) sendmsg$nl_route_sched(r5, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000005c0)=@newtfilter={0x40, 0x2c, 0xd27, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, r4, {0xb, 0xfff3}, {}, {0x7, 0x1}}, [@filter_kind_options=@f_matchall={{0xd}, {0xc, 0x2, [@TCA_MATCHALL_CLASSID={0x8, 0x1, {0xf, 0xfff3}}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x20040810}, 0x0) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r7) socket(0x10, 0x3, 0x0) ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$kcm(r2, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0x7, r8, 0x3e}, 0x80, &(0x7f0000000080)=[{&(0x7f0000002300)="81", 0x1}], 0x1}, 0x4) 1m15.10717549s ago: executing program 0 (id=3006): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x19, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @cgroup_sockopt=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$TCSETAF(r0, 0x5408, &(0x7f00000000c0)={0xcf50, 0x0, 0xffff, 0x99fe, 0x11, ')\x00'}) write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xff2e) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)={0x0, 0x0, 0xfffffff9, 0x7fff, 0x16, "0062007d82000000000000002240f7ffffff00"}) r1 = syz_open_pts(r0, 0x0) r2 = dup3(r1, r0, 0x0) ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000000)=0x17) 1m12.545427537s ago: executing program 0 (id=3014): openat$kvm(0xffffffffffffff9c, 0x0, 0xe8381, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x40) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0xc) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/81, &(0x7f0000000480)=""/74}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, 0x0) ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f00000002c0)={0x1, r1}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) 1m11.675972807s ago: executing program 0 (id=3017): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, 0x0, 0x0) r2 = syz_open_dev$sndctrl(0x0, 0x0, 0x0) ioctl$int_in(r2, 0x5452, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000000), 0x208e24b) 1m7.248864372s ago: executing program 0 (id=3035): syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f00000000c0)='./file1\x00', 0x88, &(0x7f0000000100)={[{@dioread_lock}, {@nombcache}, {@max_batch_time={'max_batch_time', 0x3d, 0x6}}, {@nouid32}, {@noinit_itable}, {@auto_da_alloc}]}, 0x3, 0x438, &(0x7f0000000d80)="$eJzs289rHFUcAPDv7GZT01+Jpf5oWjVaxeCPpElr7cGLouBBQdBDPcYkLbHbRpoItgSNIvUoBe/iUfAv8KQXUU8Fr3oXoUgurZ5WZncm2d1sfnaTrd3PByb5vpm3vPfNzNt9My8bQNcaSn8kEfsj4veI6K8VGysM1X7dXlqY/GdpYTKJSuXtv5NqvVtLC5N51fx1+/JCT0Th8ySOtmh37srVCxPl8vTlrDw6f/GD0bkrV5+fuThxfvr89KXxM2dOnRx78fT4C23JM83r1uDHs8eOvP7u9Tcnz15/75fvkjz/pjzaZGi9g09VKm1urrMO1MVJTwc7wpYUa8M0StXx3x/FWDl5/fHaZx3tHLCjKpVK5cG1Dy9WgHtYEp3uAdAZ+Qd9ev+bb7s09bgr3Hy5dgOU5n0722pHeqKQ1Sk13d+201BEnF389+t0i515DgEA0OCHdP7zXKv5XyHqnwsdzNZQBiLi/og4FBGnI+JwRDwQUa37UEQ8vMX2mxdJVs9/Dm4rr81K538vZWtbjfO/fPYXA8WsdKCafyk5N1OePpH1bDhKe9Ly2Dpt/Pjqb1+2PJA1kc//0i1tP58LZpX+6tnT+LKpifmJO8m53s1PIwZ7WuWfLK8EJBFxJCIGt9nGzDPfHlvr2NCG+a+jDetMlW8inq6d/8Voyj+XrL8+OXpflKdPjOZXxWq/3rj21lrt31H+bZCe/70tr//l/AeS+vXaua23ce2PL9a8p9k4/9bXf2/yTsO+jybm5y+PRfQmb9Q6Xb9/vKne+Er9NP/h463H/6FY+UscjYj0In4kIh6NiMeyvj8eEU9ExPHVqd3ozYKfX3ny/WpQ2k7+OyvNf2pL538l6I3mPa2D4oWfvm9odGAr+afn/1Q1Gs72bOb9bzP92t7VDAAAAP8/hYjYH0lhZDkuFEZGav/Dfzj2Fsqzc/PPnpv98NJU7TsCA1Eq5E+6+uueh45lt/V5ebypfDJ7bvxVsa9aHpmcLU91OnnocvvWGP+pP4ud7h2w43xfC7qX8Q/dy/iH7mX8Q/dqMf77OtEPYPe1+vz/pAP9AHZf0/i37AddxP0/dC/jH7qX8Q9daa4vNv6SvECwKojCXdENwQ4FnX5nAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAaI//AgAA//9Lr+a0") openat(0xffffffffffffff9c, &(0x7f0000000040)='./bus\x00', 0x42, 0x0) mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x8000, 0xa0) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x8005, 0x0, 0x0, 0x12, 0xd, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x204]}) 1m6.43051949s ago: executing program 0 (id=3042): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) r2 = socket$l2tp(0x2, 0x2, 0x73) bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @multicast1}, 0x10) r3 = socket$kcm(0x2, 0x2, 0x73) bind$inet(r3, &(0x7f00000000c0)={0x2, 0x0, @broadcast}, 0x10) connect$inet(r2, &(0x7f0000000100)={0x2, 0x4e22, @empty}, 0x10) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$SO_TIMESTAMP(r1, 0x1, 0x1d, &(0x7f0000000040)=0x5, 0x4) sched_setscheduler(0x0, 0x2, &(0x7f0000000340)=0x6) r4 = socket$rds(0x15, 0x5, 0x0) bind$rds(r4, 0x0, 0x0) sendmsg$rds(r4, &(0x7f00000000c0)={&(0x7f0000000080)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0}, 0x0) ioctl$VIDIOC_S_CTRL(0xffffffffffffffff, 0xc008561c, &(0x7f0000000080)={0xf0f041}) r5 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f00000003c0)={0x0, &(0x7f0000000300)=[0x0], &(0x7f0000000340)=[0x0], 0x0, 0x0, 0x1, 0x1}) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r5, 0xc01864c6, &(0x7f0000000040)={0x0}) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[], 0x74}}, 0x0) 1m2.098931602s ago: executing program 0 (id=3054): prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) clock_gettime(0x2, &(0x7f0000000040)) ioctl$sock_inet_SIOCSIFDSTADDR(0xffffffffffffffff, 0x891b, &(0x7f0000000000)={'lo\x00', {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0xa}}}) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) openat$ttyS3(0xffffffffffffff9c, 0x0, 0x2182, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000300)='/proc/bus/input/devices\x00', 0x0, 0x0) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) socket$netlink(0x10, 0x3, 0x0) close_range(r4, 0xffffffffffffffff, 0x200000000000000) creat(&(0x7f0000000280)='./file0\x00', 0x108) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000140)=ANY=[], 0x10) r5 = syz_open_procfs(0x0, &(0x7f00000193c0)='net/igmp6\x00') pread64(r5, &(0x7f0000019400)=""/102344, 0xfffffcbb, 0x1c2a) ioctl$UI_DEV_SETUP(r3, 0x405c5503, &(0x7f0000000200)={{0xf272, 0x401, 0x934, 0x3}, 'syz0\x00', 0x4c}) quotactl$Q_SYNC(0xffffffff80000102, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r6 = userfaultfd(0x80001) ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f0000000540)={0xaa, 0x310}) ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000000000/0x400000)=nil, 0x400000}, 0x1}) 1m1.196507546s ago: executing program 34 (id=3054): prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) clock_gettime(0x2, &(0x7f0000000040)) ioctl$sock_inet_SIOCSIFDSTADDR(0xffffffffffffffff, 0x891b, &(0x7f0000000000)={'lo\x00', {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0xa}}}) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) openat$ttyS3(0xffffffffffffff9c, 0x0, 0x2182, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000300)='/proc/bus/input/devices\x00', 0x0, 0x0) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) socket$netlink(0x10, 0x3, 0x0) close_range(r4, 0xffffffffffffffff, 0x200000000000000) creat(&(0x7f0000000280)='./file0\x00', 0x108) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000140)=ANY=[], 0x10) r5 = syz_open_procfs(0x0, &(0x7f00000193c0)='net/igmp6\x00') pread64(r5, &(0x7f0000019400)=""/102344, 0xfffffcbb, 0x1c2a) ioctl$UI_DEV_SETUP(r3, 0x405c5503, &(0x7f0000000200)={{0xf272, 0x401, 0x934, 0x3}, 'syz0\x00', 0x4c}) quotactl$Q_SYNC(0xffffffff80000102, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r6 = userfaultfd(0x80001) ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f0000000540)={0xaa, 0x310}) ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000000000/0x400000)=nil, 0x400000}, 0x1}) 9.17502418s ago: executing program 3 (id=3216): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x58) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x24040014, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @empty}, 0x1c) close(r0) sendmmsg$inet(r1, &(0x7f00000013c0)=[{{0x0, 0x0, &(0x7f0000001900)=[{&(0x7f00000000c0)="42ec6c", 0x3}], 0x1}}, {{0x0, 0x0, 0x0}}], 0x2, 0x48045) 9.069899021s ago: executing program 3 (id=3217): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) r3 = socket$l2tp(0x2, 0x2, 0x73) bind$inet(r3, &(0x7f0000000080)={0x2, 0x0, @multicast1}, 0x10) bind$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @broadcast}, 0x10) connect$inet(r3, &(0x7f0000000100)={0x2, 0x4e22, @empty}, 0x10) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$SO_TIMESTAMP(r1, 0x1, 0x1d, &(0x7f0000000040)=0x5, 0x4) sched_setscheduler(0x0, 0x2, &(0x7f0000000340)=0x6) r4 = socket$rds(0x15, 0x5, 0x0) bind$rds(r4, 0x0, 0x0) ioctl$SCSI_IOCTL_GET_PCI(0xffffffffffffffff, 0x5387, 0x0) sendmsg$rds(r4, &(0x7f00000000c0)={&(0x7f0000000080)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0}, 0x0) r5 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_G_OUTPUT(r5, 0x8004562e, &(0x7f0000000340)) ioctl$VIDIOC_S_CTRL(r5, 0xc008561c, &(0x7f0000000080)={0xf0f041}) r6 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r6, 0xc04064a0, &(0x7f00000003c0)={0x0, &(0x7f0000000300)=[0x0], &(0x7f0000000340)=[0x0], 0x0, 0x0, 0x1, 0x1}) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r6, 0xc01864c6, &(0x7f0000000040)={0x0}) socket(0x6, 0x4, 0x4) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[], 0x74}}, 0x0) 8.135354209s ago: executing program 3 (id=3219): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) accept4$tipc(0xffffffffffffffff, 0x0, 0x0, 0x80800) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x2000c10, &(0x7f0000000400), 0xff, 0x23f, &(0x7f0000000540)="$eJzs3T1oLFUYBuB3Zne95t5FrtoI4g+IiAbCtRNsYqMQkBBEBBUiIjZKIsQEu8TKxkJrlVQ2QeyMlpIm2CiCVdQUsRE0WBgstFiZnURisuLPxh1xngdmZ2b3nPnOMPOe3WbYAK11Nclskk6S6SS9JMXpBnfWy9Xj3c2p3cVkMHjsh2LYrt6vnfS7kmQjyQNJdsoiL3STte2nDn7ae+Se11d7d7+7/eTURE/y2OHB/qNH78y/9sHc/WufffHdfJHZ9H93XhevGPFet0hu+jeK/UcU3aZHwF+x8Mr7X1a5vznJXcP891KmvnhvrFy308t9b/9R3ze///zWSY4VuHiDQa/6DtwYAK1TJumnKGeS1NtlOTNT/4b/qnO5fHF55eXp55dXl55reqYCLko/2X/4o0sfXjmT/287df6B/68q/48vbH1dbR91mh4NMBG31asq/9PPrN8b+YfWkX9oL/mH9pJ/aC/5h/aSf2gv+Yf2kn9oL/mH9pJ/aK/T+QcA2mVwqeknkIGmND3/AAAAAAAAAAAAAAAAAAAA521O7S6eLJOq+clbyeFDSbqj6neG/0ecXD98vfxjUTX7TVF3G8vTd4x5gDG91/DT1zd802z9T29vtv76UrLxapJr3e75+684vv/+uRv/5PPes2MW+JuKM/sPPjHZ+mf9stVs/bm95ONq/rk2av4pc8twPXr+6VfXb8z6L/085gEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACYmF8DAAD//xFQbUc=") prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)}, {0x0}], 0x2) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040), 0x208e24b) 7.152744968s ago: executing program 7 (id=3224): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x4000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e) ioctl$F2FS_IOC_COMPRESS_FILE(r2, 0xf518, 0x0) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0xef, &(0x7f00000000c0)={&(0x7f0000000840)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x25dfdbfc, {{@in, @in6=@ipv4={'\x00', '\xff\xff', @multicast2}, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x4, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x3, 0x200000000000}, 0x0, 0x0, 0x1}, [@tmpl={0x44, 0x5, [{{@in6=@empty, 0x2, 0x2b}, 0x0, @in6=@local, 0x0, 0x1}]}]}, 0xfc}, 0x1, 0x0, 0x0, 0x20008000}, 0x0) r3 = socket$inet(0x2, 0x2, 0x1) sendmsg$inet(r3, &(0x7f00000000c0)={&(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000000300)=[{&(0x7f0000000280)="08001efbb07d5a6e", 0x8}], 0x1, &(0x7f0000000080)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @remote}}}], 0x20}, 0x20000810) r4 = socket$tipc(0x1e, 0x5, 0x0) sendmsg$tipc(r4, 0x0, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='freezer.self_freezing\x00', 0x275a, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[], 0x48) bpf$MAP_CREATE(0x0, 0x0, 0x50) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000b00)={0xffffffffffffffff, 0x0, 0x0}, 0x10) openat$cgroup_ro(r5, &(0x7f0000000180)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x0, 0x0) r6 = socket$inet6(0xa, 0x3, 0x7) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0) setsockopt$SO_TIMESTAMPING(r6, 0x1, 0x25, &(0x7f0000000280)=0x10, 0x4) sendmmsg$inet6(r6, &(0x7f0000004580)=[{{&(0x7f0000000080)={0xa, 0x0, 0x8, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB], 0x28}}], 0x1, 0x0) 6.997818329s ago: executing program 3 (id=3225): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x0, @multicast1}, 0x10) r3 = socket$kcm(0x2, 0x2, 0x73) bind$inet(r3, &(0x7f00000000c0)={0x2, 0x0, @broadcast}, 0x10) connect$inet(0xffffffffffffffff, &(0x7f0000000100)={0x2, 0x4e22, @empty}, 0x10) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$SO_TIMESTAMP(r1, 0x1, 0x1d, &(0x7f0000000040)=0x5, 0x4) sched_setscheduler(0x0, 0x2, &(0x7f0000000340)=0x6) r4 = socket$rds(0x15, 0x5, 0x0) bind$rds(r4, 0x0, 0x0) sendmsg$rds(r4, &(0x7f00000000c0)={&(0x7f0000000080)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0}, 0x0) ioctl$VIDIOC_S_CTRL(0xffffffffffffffff, 0xc008561c, &(0x7f0000000080)={0xf0f041}) r5 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f00000003c0)={0x0, &(0x7f0000000300)=[0x0], &(0x7f0000000340)=[0x0], 0x0, 0x0, 0x1, 0x1}) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r5, 0xc01864c6, &(0x7f0000000040)={0x0}) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[], 0x74}}, 0x0) 6.250469002s ago: executing program 1 (id=3227): socket$kcm(0x2, 0x1, 0x84) sendmsg$inet(0xffffffffffffffff, 0x0, 0x40000) ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, &(0x7f0000000080)={0xffffffffffffffff, 0x3, {0x0, 0x0, 0x0, 0x1, 0x4000000000000ffd, 0x0, 0x0, 0x3, 0xc, "faf98317e5a1149989fc67be43ea6acc96e3a2503dc31c97214d58128bbad0099cebdc25f5ab60c9e69098c8b534464c516bdd8a0f350000000000000300", "32d8cc26f7061a74df2cfc06489f3d9e234b30c509fe55cd4a5d83cd4a524b09ffe70c7f3f800b2f7b6aa54cc50a1fcaed1e831fa79a00", "67523760fd40f78d2cfc03d81a8ca55ba139c01802c4dae4162e43ac61b7ad33", [0x2, 0x8]}}) syz_usb_connect(0x6, 0x2d, &(0x7f0000000200)=ANY=[], 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socket$kcm(0x21, 0x2, 0xa) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@perf_event={0x4}}, 0x18) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0) r2 = eventfd(0xc) ioctl$VHOST_SET_LOG_FD(r1, 0x4004af07, &(0x7f0000000240)=r2) ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, &(0x7f0000000040)={0x1, r2}) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000c40)={0x1, 0x0, [{0x0, 0xf3, &(0x7f00000008c0)=""/243}]}) ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000000)=0xffffffff) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x45a}, 0x94) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 6.159730705s ago: executing program 7 (id=3228): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0) getsockname$packet(r2, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000086d7c0d6c878f064eb", @ANYRES32=r3, @ANYBLOB="0000000000000000280012000c000100766574"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}, 0x1, 0xfffc}, 0x4000800) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000003080)=@delchain={0x58, 0x64, 0xf31, 0xfffffffb, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xfff3, 0xffff}, {0x0, 0x1b}}, [@TCA_CHAIN={0x8, 0xb, 0x5}, @filter_kind_options=@f_flower={{0xb}, {0x20, 0x2, [@TCA_FLOWER_INDEV={0x14, 0x2, 'bridge_slave_0\x00'}, @TCA_FLOWER_KEY_IPV4_SRC={0x8, 0xa, @initdev={0xac, 0x1e, 0x0, 0x0}}]}}]}, 0x58}, 0x1, 0x0, 0x0, 0x10}, 0x0) 5.389403333s ago: executing program 4 (id=3230): ioctl$TCSETSW2(0xffffffffffffffff, 0x402c542c, &(0x7f0000000100)={0xfffffffe, 0x400, 0x6, 0x7a7, 0x4f, "0d418107009188b791e15b1b6f6ff88c6b00", 0x4, 0x104}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sendto$inet(0xffffffffffffffff, &(0x7f00000000c0)="8689d46205a34100ff2bbe11a5ce7879edaf02afe39ead95913e9c4f8cf31440006769ebdf12cfacae8e8c03f5db079da7d9", 0x32, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000200)={0x0, 0x1, 0xf000, 0x2000, &(0x7f0000ff4000/0x2000)=nil}) r3 = dup(r2) ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000000)=@arm64={0x5, 0x6, 0xd4, '\x00', 0x36c9}) ioctl$KVM_SET_VAPIC_ADDR(r3, 0x4008ae93, &(0x7f00000002c0)=0x10000) ioctl$KVM_RUN(r2, 0xae80, 0x0) 5.364815388s ago: executing program 7 (id=3231): r0 = socket$nl_route(0x10, 0x3, 0x0) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'vcan0\x00', 0x0}) bind$can_j1939(0xffffffffffffffff, &(0x7f0000000340)={0x1d, r1, 0x1000, {0x2, 0xff, 0x4}, 0xfe}, 0x18) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4) connect$can_j1939(0xffffffffffffffff, &(0x7f0000000000)={0x1d, r1, 0x0, {0x0, 0xf0, 0x2}, 0xff}, 0x18) r2 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000000c0)={'vcan0\x00', 0x0}) bind$can_j1939(r2, &(0x7f0000000340)={0x1d, r3, 0x0, {0x0, 0x0, 0x4}, 0xfe}, 0x18) setsockopt$sock_int(r2, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4) sendmsg$inet(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000540)="81b641f1f3843704b6", 0x9}], 0x1}, 0x4048081) sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)=@newtfilter={0x24, 0x11, 0x1, 0x70bd2c, 0x25dfdbfc, {0x0, 0x0, 0x74, r3, {0xffff, 0x8}, {0xfff1, 0xa}, {0x1, 0x8}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x2400c840}, 0x4000850) 5.154103759s ago: executing program 4 (id=3232): r0 = syz_kvm_setup_syzos_vm$x86(0xffffffffffffffff, &(0x7f0000bfe000/0x400000)=nil) r1 = syz_kvm_setup_syzos_vm$x86(0xffffffffffffffff, &(0x7f0000bfe000/0x400000)=nil) r2 = syz_kvm_setup_syzos_vm$x86(0xffffffffffffffff, &(0x7f0000bfe000/0x400000)=nil) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x3, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) syz_kvm_setup_syzos_vm$x86(r4, &(0x7f0000bfe000/0x400000)=nil) r5 = syz_kvm_add_vcpu$x86(r2, &(0x7f0000000080)={0x0, &(0x7f00000004c0)=[@enable_nested={0x12c, 0x18}, @nested_create_vm={0x12d, 0x18, 0x200000000000000}, @nested_vmlaunch={0x12f, 0x18}], 0x48}) ioctl$KVM_RUN(r5, 0xae80, 0x0) r6 = syz_kvm_add_vcpu$x86(r1, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@enable_nested={0x12c, 0x18}, @nested_create_vm={0x12d, 0x18, 0x80000000000000}, @nested_vmlaunch={0x12f, 0x18}], 0x48}) ioctl$KVM_RUN(r6, 0xae80, 0x0) r7 = syz_kvm_add_vcpu$x86(r0, &(0x7f00000000c0)={0x0, &(0x7f0000000a80)=[@enable_nested={0x12c, 0x18}, @nested_create_vm={0x12d, 0x18}, @nested_vmlaunch={0x12f, 0x18}], 0x48}) ioctl$KVM_RUN(r7, 0xae80, 0x0) 5.024631315s ago: executing program 6 (id=3233): openat$null(0xffffffffffffff9c, 0x0, 0x200100, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socket$nl_route(0x10, 0x3, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000000004"], 0x0, 0x26}, 0x28) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000680)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x50, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x130}, @NFTA_SET_TIMEOUT={0xc, 0xb, 0x1, 0x0, 0x6}]}, @NFT_MSG_NEWSETELEM={0x40, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, "d103"}]}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xb8}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETSETELEM(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000003d80)={0x2c, 0xd, 0xa, 0x301, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}]}, 0x2c}, 0x1, 0x0, 0x0, 0x24000801}, 0x8000) sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0xc820) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000080)='GPL\x00', 0x5, 0x1f6, &(0x7f00000002c0)=""/168, 0x0, 0x0, '\x00', 0x0, @sock_ops, r1, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000200), 0x1}, 0x6d) r4 = syz_open_procfs(0x0, &(0x7f0000000140)='loginuid\x00') r5 = syz_io_uring_setup(0x416f, &(0x7f0000000780)={0x0, 0xfffffffd, 0x10100, 0x200, 0x1}, &(0x7f0000000100)=0x0, &(0x7f0000000300)=0x0) r8 = syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0) ioctl$VIDIOC_QUERYMENU(r8, 0xc008561c, &(0x7f00000001c0)={0x980901, 0xfffffff2, @value=0x9}) syz_io_uring_submit(r6, r7, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x4, 0x0, @fd=r4, 0x792, 0x0, 0x0, 0x5}) io_uring_enter(r5, 0x567, 0x1000a387, 0x20, 0x0, 0x0) 5.024143436s ago: executing program 3 (id=3234): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) socket$pppl2tp(0x18, 0x1, 0x1) socket$inet6_udp(0xa, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000280), 0x0) openat$cgroup_devices(0xffffffffffffffff, &(0x7f0000000000)='devices.deny\x00', 0x2, 0x0) r2 = socket$pppl2tp(0x18, 0x1, 0x1) r3 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r2, &(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, r3, {0x2, 0x4e24, @broadcast}, 0x2, 0x0, 0x3}}, 0x26) r4 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r4, &(0x7f0000000140)=@pppol2tpv3={0x18, 0x1, {0x3, r2, {0x2, 0x4e21, @broadcast}, 0x2, 0x9800, 0xfffffffd}}, 0x2e) r5 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) ioctl$PPPIOCATTCHAN(r5, 0x40047438, &(0x7f0000000500)=0x2) ioctl$PPPIOCBRIDGECHAN(r5, 0x40047435, 0x0) 4.957790663s ago: executing program 1 (id=3235): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000000)=@x86={0x6, 0xdb, 0x40, 0x0, 0x5, 0x84, 0x8, 0xb6, 0xfd, 0x7, 0x8, 0x96, 0x0, 0x8001, 0x9, 0x8, 0x81, 0x3, 0x6, '\x00', 0x4, 0x3}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000280)={{0x1, 0x4, 0xc, 0x6, 0x4, 0xa, 0x3, 0xe, 0x0, 0xfe, 0xc, 0x3}, {0x2, 0x3000, 0xe, 0x13, 0x1, 0x8, 0x2, 0x8, 0x0, 0x46, 0x2}, {0x2, 0x5001, 0x8, 0xf, 0x5, 0x3, 0xc3, 0x6, 0x3, 0x6, 0x5, 0x3}, {0x3000, 0x3000, 0x1a, 0xc, 0x7f, 0x6, 0x8, 0x7e, 0x9, 0x2, 0x3, 0x6}, {0x1, 0x8000000, 0x0, 0xd, 0x8, 0x2d, 0x5, 0x9, 0xfc, 0x0, 0xf8, 0xe5}, {0x2, 0x8092000, 0xe, 0xbd, 0x6, 0x7, 0x10, 0x1, 0xbf, 0x18, 0x2, 0x4}, {0x5000, 0x8000000, 0xa, 0xc, 0x0, 0xf, 0x10, 0x3, 0x4, 0x0, 0x80, 0x9}, {0xdddd0000, 0xffff, 0x10, 0x4, 0x3, 0x43, 0x0, 0x6, 0x1, 0x8, 0x0, 0xfe}, {0x1, 0xedd8}, {0xffff1000, 0x17}, 0x40019, 0x0, 0xd000, 0x0, 0x100000002, 0x0, 0xdddd1000, [0x5, 0x3, 0x4000000000000009, 0x7]}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000000)={0x0, 0x0}) ioctl$KVM_SET_SREGS(r5, 0x4138ae84, &(0x7f0000000280)={{0x1, 0x5000, 0xc, 0x6, 0x4, 0xa, 0x3, 0xe, 0x0, 0x1, 0xc, 0x3}, {0x2, 0xffffffff, 0xe, 0x13, 0x1, 0x8, 0x3, 0x8, 0x0, 0x46, 0x2}, {0x5000, 0x5001, 0xd, 0xf, 0x5, 0x3, 0xc3, 0x6, 0x3, 0x6, 0x5, 0x3}, {0x3000, 0x0, 0x1a, 0xc, 0x2, 0x6, 0x8, 0x7f, 0x9, 0x2, 0x1, 0x6}, {0x1, 0x4000, 0xc, 0xd, 0x59, 0x2d, 0x5, 0xc, 0xfc, 0x0, 0xf8, 0xe5}, {0x3000, 0x8092000, 0xf, 0xbd, 0x6, 0x10, 0x10, 0x1, 0xbf, 0x18, 0x2, 0x4}, {0x8000000, 0x8000000, 0xc, 0x9, 0x0, 0xf, 0x10, 0x3, 0x8, 0x0, 0x2, 0x8}, {0xdddd0000, 0xffff, 0xa, 0x4, 0x7, 0x3, 0x0, 0xf9, 0x1, 0x8, 0x0, 0xfe}, {0xd000, 0xedd8}, {0xffff1000, 0x17}, 0x40040019, 0x0, 0x2, 0x0, 0x100000002, 0x0, 0xdddd1000, [0x5, 0x4, 0x4000000000000009, 0x7]}) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000010c0)={[0x60000000003, 0x1000000000, 0x2, 0x10, 0x2000001, 0x0, 0x2004cb, 0xa000000000000000, 0xfffe, 0xfffffffffffffff7, 0x4, 0xffffffffffffffff, 0x7fffffffffffffff, 0xfffffffffffffffc, 0x0, 0xfffffffffffffffc], 0x1, 0x202}) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000010c0)={[0x7, 0x1000000000, 0x0, 0x10, 0x9, 0x7fffffffffffffff, 0x157, 0xa000000000000000, 0x0, 0xfffffffffffffffb, 0x5, 0x1, 0x2, 0x0, 0x0, 0xfffffffffffffffc], 0x1, 0x202}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 4.706614317s ago: executing program 6 (id=3236): request_key(&(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0xffffffffffffffff) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil) ioctl$IOCTL_VMCI_CTX_SET_CPT_STATE(0xffffffffffffffff, 0x7b2, 0x0) socket(0x2, 0x80805, 0x0) socket$nl_generic(0x10, 0x3, 0x10) ioctl$SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, &(0x7f0000000100)={0x1, "ff0f000000000000f5a72d866b0000000000f0ffdefe00"}) syz_init_net_socket$ax25(0x3, 0x5, 0xc5) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141302) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15) 3.647029552s ago: executing program 4 (id=3237): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x58) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x24040014, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @empty}, 0x1c) close(r0) sendmmsg$inet(r1, &(0x7f00000013c0)=[{{0x0, 0x0, &(0x7f0000001900)=[{&(0x7f00000000c0)="42ec6c", 0x3}], 0x1}}, {{0x0, 0x0, 0x0}}], 0x2, 0x48045) 3.612127635s ago: executing program 6 (id=3238): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) write$vga_arbiter(0xffffffffffffffff, 0x0, 0x0) sendmsg$IPSET_CMD_CREATE(r0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$batadv(&(0x7f0000001d00), 0xffffffffffffffff) r1 = socket$l2tp(0x2, 0x2, 0x73) bind$inet(r1, 0x0, 0x0) connect$inet(r1, 0x0, 0x0) sendmmsg$inet(r1, &(0x7f0000000900)=[{{0x0, 0x0, 0x0}}], 0x40000cf, 0x0) setsockopt$inet_opts(r1, 0x0, 0x4, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_HARDIF(r2, 0x0, 0x20004800) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r3, &(0x7f0000000200)={0x2, 0x4e20, @multicast1}, 0x10) setsockopt$inet_tcp_int(r3, 0x6, 0x2, &(0x7f0000000040)=0x2800, 0x4) connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x18}}, 0x10) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r5, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0xea, 0x2, 0xfffd, 0x0, 0x9, 0x7}, {0x12, 0x2, 0x0, 0x401, 0x8001, 0x1400}, 0xa4, 0x5, 0x10000000}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}}, 0x44080) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x4c, 0x24, 0xd0f, 0x70bd2b, 0x25dfdbfb, {0x60, 0x0, 0x0, r5, {0x0, 0x6}, {0xffe0, 0xa}, {0x1, 0x8}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x50, 0x5, 0x9, 0x8000, 0x0, 0xab93}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x55}, 0xc010) sendmsg$inet(r3, &(0x7f00000015c0)={0x0, 0x14, &(0x7f0000001600)=[{&(0x7f0000000240)=' ', 0xffffff1f}], 0x1}, 0x0) 3.551420544s ago: executing program 1 (id=3239): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x4000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e) ioctl$F2FS_IOC_COMPRESS_FILE(r2, 0xf518, 0x0) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0xef, &(0x7f00000000c0)={&(0x7f0000000840)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x25dfdbfc, {{@in, @in6=@ipv4={'\x00', '\xff\xff', @multicast2}, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x4, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x3, 0x200000000000}, 0x0, 0x0, 0x1}, [@tmpl={0x44, 0x5, [{{@in6=@empty, 0x2, 0x2b}, 0x0, @in6=@local, 0x0, 0x1}]}]}, 0xfc}, 0x1, 0x0, 0x0, 0x20008000}, 0x0) r3 = socket$inet(0x2, 0x2, 0x1) sendmsg$inet(r3, &(0x7f00000000c0)={&(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000000300)=[{&(0x7f0000000280)="08001efbb07d5a6e", 0x8}], 0x1, &(0x7f0000000080)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @remote}}}], 0x20}, 0x20000810) r4 = socket$tipc(0x1e, 0x5, 0x0) sendmsg$tipc(r4, 0x0, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='freezer.self_freezing\x00', 0x275a, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[], 0x48) bpf$MAP_CREATE(0x0, 0x0, 0x50) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000b00)={0xffffffffffffffff, 0x0, 0x0}, 0x10) openat$cgroup_ro(r5, &(0x7f0000000180)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x0, 0x0) r6 = socket$inet6(0xa, 0x3, 0x7) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0) setsockopt$SO_TIMESTAMPING(r6, 0x1, 0x25, &(0x7f0000000280)=0x10, 0x4) sendmmsg$inet6(r6, &(0x7f0000004580)=[{{&(0x7f0000000080)={0xa, 0x0, 0x8, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB], 0x28}}], 0x1, 0x0) 3.471590659s ago: executing program 4 (id=3240): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000007c0), 0x2, 0x0) r1 = eventfd(0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0x4008af12, &(0x7f0000000080)={0x1, 0x7f}) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000dc0)=r1) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000800)=""/90}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0xfffffeac, &(0x7f00000001c0)=""/115}]}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000340)=0x1) ioctl$BTRFS_IOC_SCRUB_PROGRESS(r0, 0xc400941d, &(0x7f0000000380)={0x0, 0x3ff, 0x5}) ioctl$VHOST_SET_LOG_BASE(r0, 0x4008af04, &(0x7f0000000240)) 3.325053553s ago: executing program 7 (id=3241): socket$inet6_sctp(0xa, 0x1, 0x84) syz_mount_image$squashfs(&(0x7f0000000040), &(0x7f0000000240)='./bus\x00', 0x880, &(0x7f00000000c0)=ANY=[], 0x1, 0x1cf, &(0x7f0000000780)="$eJzKKC4sZmdgYPj7sSaZQYABDBgZeBguMDAysDAwMKgzQsQYmCDUeij/BZSeCZW2gfKbofRCKF1xS3vdmlN+Z0566motk2VmaPXUlkcWk0vtMXKTXMwjwcwQmnpkUXFlVXZiTk5qUfFChopbyUkVp08wsFy3v6bSLMHp8EeewyFJ00GH6YiPR9aMxhLOSVKaYmxsmQpnz3yQX8emcYTh0QrmjXWeeY11halT89LykqqyqrLmTZy4cWZjZ2Pjyol1UWl+qxhbUlw2NXUyMjlsURPYzGyoPslGe8K79lUPkxxYezz8mk8ZK71OZb5kvLBI6tSKqpkTvijNZjT8znCHp2yFhIaGk8QVCYsGE4YjdbYNriAnpjQwpCmEMSapsYm1bTkzJ4SZn81tgUJL8gmm0KMcS2dKWBwQqjr501LzrUOi24xtTx3YzvAcPs6zpqBP0Oi4BIPTQsH/MiBjEhoayjTWMi21XfClSOOvhNdqY6cMBnd7pmWwAGVpAJEroTxZsJ6E5BUeOpqaRinJCQ2bJBKS3AoMlRm27uFcLdDAgBRtKgwMDNsZYXELAddgjFEwCkbBKBgFo2AUjIJRMApGwSgYBSMCAAIAAP//QJCYyw==") openat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x8) openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x8081) writev(r0, &(0x7f0000000840)=[{0x0}], 0x1) socket$phonet_pipe(0x23, 0x5, 0x2) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x20000000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0x0, 0x9, 0x0, 0xf, 0x80000002}, 0x0, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e21, 0x3ff, @loopback={0x12, 0xa8aaaafffeaaaa1e}, 0x8000}, 0x1c) 2.488180848s ago: executing program 1 (id=3242): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000ab9ff0)={0x1, &(0x7f0000000000)=[{0x6, 0xfd, 0xc, 0x42}]}, 0x10) listen(r0, 0x5) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x24040014, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @empty}, 0x1c) sendmmsg$inet(r1, &(0x7f0000001a00)=[{{0x0, 0x0, &(0x7f0000001900)}}, {{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="6f41032714e9dd292df5cdaba7689648ccce259ac20d5954437fe850f4dddcd66bfe5ce1f3ce9a", 0x27}, {&(0x7f0000000680)="d883cbafa3000e3179add89f262a22335cd61b4558392b0bad5fa8a0d4e67bb21a3ead72e3eb095d6cfb7292e635d3577d124b1bf0e504e8ed098c5f9acedcb29dfbc8ac507849e5b720dd3adc6c8a7cb9b72ae68b6e84975e1924399482aeaabe54275675961ba6e7c1807a93a940df02aad2ceeff94f8210927afe630e946616d315f92abf29099e10872c1a992fb0acb5654b665de94b4fd74e73848f707771dba44d1c244de4602b669bf9c9748324267eb3cb2dd077914ee5640eae7118903e95c0dcd2fcbab46cc151c8e580944a9cd3a106e8f46f23f2df195c6b570e92fc312c4bae0000", 0xe8}], 0x2}}], 0x2, 0x48045) close_range(r0, 0xffffffffffffffff, 0x0) 2.407887264s ago: executing program 6 (id=3243): ioctl$TCSETSW2(0xffffffffffffffff, 0x402c542c, &(0x7f0000000100)={0xfffffffe, 0x400, 0x6, 0x7a7, 0x4f, "0d418107009188b791e15b1b6f6ff88c6b00", 0x4, 0x104}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sendto$inet(0xffffffffffffffff, &(0x7f00000000c0)="8689d46205a34100ff2bbe11a5ce7879edaf02afe39ead95913e9c4f8cf31440006769ebdf12cfacae8e8c03f5db079da7d9", 0x32, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000200)={0x0, 0x1, 0xf000, 0x2000, &(0x7f0000ff4000/0x2000)=nil}) r3 = dup(r2) ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000000)=@arm64={0x5, 0x6, 0xd4, '\x00', 0x36c9}) ioctl$KVM_SET_VAPIC_ADDR(r3, 0x4008ae93, &(0x7f00000002c0)=0x10000) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2.289746122s ago: executing program 4 (id=3244): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) r3 = socket$l2tp(0x2, 0x2, 0x73) r4 = socket$kcm(0x2, 0x2, 0x73) bind$inet(r4, &(0x7f00000000c0)={0x2, 0x0, @broadcast}, 0x10) connect$inet(r3, &(0x7f0000000100)={0x2, 0x4e22, @empty}, 0x10) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$SO_TIMESTAMP(r1, 0x1, 0x1d, &(0x7f0000000040)=0x5, 0x4) sched_setscheduler(0x0, 0x2, &(0x7f0000000340)=0x6) r5 = socket$rds(0x15, 0x5, 0x0) bind$rds(r5, 0x0, 0x0) ioctl$SCSI_IOCTL_GET_PCI(0xffffffffffffffff, 0x5387, 0x0) sendmsg$rds(r5, &(0x7f00000000c0)={&(0x7f0000000080)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0}, 0x0) r6 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_G_OUTPUT(r6, 0x8004562e, &(0x7f0000000340)) ioctl$VIDIOC_S_CTRL(r6, 0xc008561c, &(0x7f0000000080)={0xf0f041}) r7 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r7, 0xc04064a0, &(0x7f00000003c0)={0x0, &(0x7f0000000300)=[0x0], &(0x7f0000000340)=[0x0], 0x0, 0x0, 0x1, 0x1}) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r7, 0xc01864c6, &(0x7f0000000040)={0x0}) socket(0x6, 0x4, 0x4) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[], 0x74}}, 0x0) 2.288900822s ago: executing program 7 (id=3245): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x0, @multicast1}, 0x10) r3 = socket$kcm(0x2, 0x2, 0x73) bind$inet(r3, &(0x7f00000000c0)={0x2, 0x0, @broadcast}, 0x10) connect$inet(0xffffffffffffffff, &(0x7f0000000100)={0x2, 0x4e22, @empty}, 0x10) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$SO_TIMESTAMP(r1, 0x1, 0x1d, &(0x7f0000000040)=0x5, 0x4) sched_setscheduler(0x0, 0x2, &(0x7f0000000340)=0x6) r4 = socket$rds(0x15, 0x5, 0x0) bind$rds(r4, 0x0, 0x0) sendmsg$rds(r4, &(0x7f00000000c0)={&(0x7f0000000080)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0}, 0x0) ioctl$VIDIOC_S_CTRL(0xffffffffffffffff, 0xc008561c, &(0x7f0000000080)={0xf0f041}) r5 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f00000003c0)={0x0, &(0x7f0000000300)=[0x0], &(0x7f0000000340)=[0x0], 0x0, 0x0, 0x1, 0x1}) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r5, 0xc01864c6, &(0x7f0000000040)={0x0}) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[], 0x74}}, 0x0) 2.145305885s ago: executing program 6 (id=3246): socket$kcm(0x2, 0x1, 0x84) sendmsg$inet(0xffffffffffffffff, 0x0, 0x40000) ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, &(0x7f0000000080)={0xffffffffffffffff, 0x3, {0x0, 0x0, 0x0, 0x1, 0x4000000000000ffd, 0x0, 0x0, 0x3, 0xc, "faf98317e5a1149989fc67be43ea6acc96e3a2503dc31c97214d58128bbad0099cebdc25f5ab60c9e69098c8b534464c516bdd8a0f350000000000000300", "32d8cc26f7061a74df2cfc06489f3d9e234b30c509fe55cd4a5d83cd4a524b09ffe70c7f3f800b2f7b6aa54cc50a1fcaed1e831fa79a00", "67523760fd40f78d2cfc03d81a8ca55ba139c01802c4dae4162e43ac61b7ad33", [0x2, 0x8]}}) syz_usb_connect(0x6, 0x2d, &(0x7f0000000200)=ANY=[], 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0xc010) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@perf_event={0x4}}, 0x18) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0) r2 = eventfd(0xc) ioctl$VHOST_SET_LOG_FD(r1, 0x4004af07, &(0x7f0000000240)=r2) ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, &(0x7f0000000040)={0x1, r2}) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000c40)={0x1, 0x0, [{0x0, 0xf3, &(0x7f00000008c0)=""/243}]}) ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000000)=0xffffffff) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x45a}, 0x94) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 1.524670831s ago: executing program 1 (id=3247): openat$null(0xffffffffffffff9c, 0x0, 0x200100, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socket$nl_route(0x10, 0x3, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000000004"], 0x0, 0x26}, 0x28) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r4, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000680)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x50, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x130}, @NFTA_SET_TIMEOUT={0xc, 0xb, 0x1, 0x0, 0x6}]}, @NFT_MSG_NEWSETELEM={0x40, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, "d103"}]}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xb8}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETSETELEM(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000003d80)={0x2c, 0xd, 0xa, 0x301, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}]}, 0x2c}, 0x1, 0x0, 0x0, 0x24000801}, 0x8000) sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0xc820) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000080)='GPL\x00', 0x5, 0x1f6, &(0x7f00000002c0)=""/168, 0x0, 0x0, '\x00', 0x0, @sock_ops, r3, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000200), 0x1}, 0x6d) r6 = syz_open_procfs(0x0, &(0x7f0000000140)='loginuid\x00') r7 = syz_io_uring_setup(0x416f, &(0x7f0000000780)={0x0, 0xfffffffd, 0x10100, 0x200, 0x1}, &(0x7f0000000100)=0x0, &(0x7f0000000300)=0x0) r10 = syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0) ioctl$VIDIOC_QUERYMENU(r10, 0xc008561c, &(0x7f00000001c0)={0x980901, 0xfffffff2, @value=0x9}) syz_io_uring_submit(r8, r9, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x4, 0x0, @fd=r6, 0x792, 0x0, 0x0, 0x5}) io_uring_enter(r7, 0x567, 0x1000a387, 0x20, 0x0, 0x0) 1.242737349s ago: executing program 4 (id=3248): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_add_vcpu$x86(0x0, &(0x7f00000002c0)={0x0, &(0x7f0000000380)=[@wrmsr={0x65, 0x20, {0x140, 0x1}}], 0x20}) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4008ae93, &(0x7f0000000040)=0x4) ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000080)={0x4, 0xbde, 0x0, &(0x7f0000000180)="a1984ec3aec3fc2e025f90eda6dbc903939aac644fd36f1e65174cae030c42cbacc392851a695f247112e91f059460a2c031929dc0515ac7cd20775ff9da9c2b6cb48968dcd6d8d982c492932c572f084d3af58650d207eec0794b3e47c5678c36b99eed61e1dbac68ce8a79aa21a51202018bdc4a51489844f785887083841d65c129992bbe5a51c71b95a9847d2bdede66c6e3184c386faf938fd6db888e73a5c0dcc69c3de7458e68ed33226a8d1c8e17", 0x0, 0xb2}) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@x86={0x7, 0x8, 0xc5, 0x0, 0x6, 0x9, 0x4, 0x6, 0x1, 0xf8, 0x0, 0x1, 0x0, 0x3, 0x6, 0x6, 0x9, 0x4, 0xfe, '\x00', 0x4, 0x4}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1.1911883s ago: executing program 7 (id=3249): request_key(&(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0xffffffffffffffff) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil) ioctl$IOCTL_VMCI_CTX_SET_CPT_STATE(0xffffffffffffffff, 0x7b2, 0x0) socket(0x2, 0x80805, 0x0) socket$nl_generic(0x10, 0x3, 0x10) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) syz_init_net_socket$ax25(0x3, 0x5, 0xc5) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141302) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15) 17.538283ms ago: executing program 1 (id=3250): syz_open_dev$dvb_demux(&(0x7f0000000080), 0x0, 0x41) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0x1}], 0x1) symlinkat(&(0x7f0000000080)='.\x00', 0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x1) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) chdir(&(0x7f00000003c0)='./bus\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000540)='./file7\x00', 0x1c0) renameat2(0xffffffffffffff9c, 0x0, 0xffffffffffffff9c, &(0x7f0000000000)='./file7/file0\x00', 0x0) r1 = socket$inet6(0xa, 0x1, 0x0) writev(0xffffffffffffffff, &(0x7f0000000740)=[{&(0x7f00000000c0)}], 0x1) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0xfffffffd, @empty}, 0x1c) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x101000, 0x108) getdents64(r2, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) getdents(r2, &(0x7f0000000440)=""/176, 0xb0) 16.581383ms ago: executing program 6 (id=3251): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f0000000040)={0x79, 0x0, 0xd53}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f00000000c0)={"49841ada71cfe011e10532489ef0a3127f9f67568978975321ebdb7108d333a8df648f920da594ae3a327a3f1292465c016dbc5261414bd85acd87473d61390f4bbded57a902b5deb9c23c641914f6b147db6146e946ce31b52ff43219cbc1574ebc8f47d0d2a02b89dc02c49f25471af4f2435dd40d0481fe6f0124e4aa9849c9b8358074976ba0dd502c77e65623e41c8ce041fe7058274e54be3d84f5aa382e9032df7a279d491a51e7480061ebb983305b23e584f6b47af6d615b2f0a182d7c0095f222a4a176472ebbd1021d2eb285ff99ea7601c4e25ecd4c055c59c3964e30b2f8567d69324b6828cc0e9c3528f1f4e27527d98bca370c165bfd88348ca0eb405029367247b738c6cce89e3efd4479d8f2fc7dbd015046860acb8a71106b920b09e661065bf765a03317feb4f54d4382ac41850982313319363b14557a5b8a18d60e425b3db6bcd35b03c810c9d398c9d91902878258419a4b02fc4bdc3b69da6c5c27f5a507005a24a3fef74f0b287c3a4cd1517537dc8cf5cf0efd75c11e803e972ecc24c500cc49001f231f74f7120f55004d5621655ba535c8c8a91d2fec5656526974aef9f08d835f6c3c7c570d047312da759708349121ee9f7078926baa412b4ae8076f6b7f2bf46ffe08878e0281bb42ace8eca796933daf7f65530e30eb6b0695a450e50aea20fcabb5fca187f8ee62b93dee581774cefb953b396e5b8a1e3cc1062b001082aa5a434d9f03407c4239d0fcb779eba5a32f473d142ac92042c2b140f12a0181a4d98a0a5a1c80de2363a80dfc365d26e0332ee63e84500f086fffded2d72500cfb5b3b16aefef5d5808f29e1c572df8af9ca90b714fe6c71a1097e58ccb7945341445d2a0c271f5d15a1462be10d757de7cfd980459469387c5049cebcdb62a24cf04418634944354b4690d4974a26ca113eefe5a71b23aa2fbd989f7b6fcf490ed465f219e70b3397dbc63e21b9d3998c4580570c40a2e75cb6845b34236f5a38dde94ae6fac7a994b21e829bdb618b0910b71608ed7893bc927afa06b1d08d18f684d7972e5467ddfebe1982924658db3e5aee3e443f1cd7017d7a27e6e2620673e9afd67c69ae555ec3e67863f1a9ac7d653d38125f51db870ffa8887c08c455a536d70ea0cae525218e8d06865b553b17bacd52630e4765af1036c834e96c193523d8b3bc399ac296fbe53ed4bd454c669f01cb0915cf9fc03b54d93fbc37ace112d4643c64842b60ee6b979703b6448fe7ddaab8d2fc2d417a12f138d61cc3ca311aa09adbad1a0647a62208ca7f9f2a9e6a6c42e6ae926b15d094886a7d6ae787c8238ab4c235541b1432b9e9407d18a0399dfa98b8ee84ccbe16bf8c30e7cf7071ab10eb8ffb0334d2b91135e3294efd14dd06db46be1032a472cdd54bd015f2937fe3d7d691fa9d0b55a0d5d17a9"}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_XSAVE(r2, 0x5000aea5, &(0x7f0000000100)={[0x7, 0x6ffb141d, 0x6, 0xa, 0x27, 0x2, 0xe, 0xe7, 0x10, 0x5, 0x5, 0x4, 0x6, 0x5, 0x4a3, 0x5, 0x8, 0x5, 0xf, 0x50, 0xa, 0x10, 0x0, 0x1, 0x4d9d, 0x5d8, 0x8, 0x6ad6, 0xffffff44, 0xbfc, 0x1, 0x8fdd, 0x6, 0x7e, 0x7, 0x95b76099, 0x3, 0x9, 0x240000, 0xa378, 0xfff, 0x3, 0xfffff800, 0x5, 0x5, 0x9, 0xa, 0xffffff60, 0x5, 0x80000000, 0x5, 0x1, 0x9, 0x8, 0x91, 0x6, 0x9, 0x568, 0x0, 0xb015, 0x1, 0xaed9, 0x4, 0x4, 0x401, 0x0, 0x400, 0x30000, 0x7, 0x8, 0xdab7, 0x4800, 0xdc, 0x10, 0xffff, 0xb4d, 0x10, 0x146, 0x800, 0x6, 0x7, 0x202, 0x4, 0xfffff000, 0x600000, 0x41ce, 0x9, 0x8, 0x3, 0x6, 0x10, 0x6, 0x6, 0x7, 0xda7, 0x44, 0x7b29, 0xa8cd, 0xe71, 0x0, 0x9, 0x3ff, 0x7ff, 0x4b, 0x2, 0x51, 0x1, 0x1ce9, 0x2, 0x23, 0x5, 0x1, 0x2, 0x85e, 0x7ff, 0x6, 0x9e, 0x1, 0x7, 0x9, 0xa222, 0x10001, 0x4, 0xaa12, 0x9, 0x0, 0x8, 0x1, 0x400273b, 0x8, 0x4, 0x9, 0x9cd8, 0x100, 0x10, 0x6, 0xa, 0x1, 0x1, 0x7dc, 0xffff, 0x7, 0x79e, 0x9, 0x1, 0x9, 0x6, 0x1, 0x2, 0x200, 0x4, 0x7, 0xfffffffe, 0x800, 0xffffffff, 0xcd0, 0x0, 0x80000, 0xffffff01, 0x3, 0x5, 0x10001, 0x9, 0xffffff80, 0x401, 0x7fffffff, 0x17a0, 0x9, 0x4, 0x2, 0x6, 0x8000, 0x6, 0x2, 0x9, 0x401, 0x6, 0x3, 0x9, 0x4, 0x401, 0x9, 0x5, 0x6, 0x2, 0x7, 0x2, 0xe, 0x9, 0x400, 0x80000001, 0xb, 0x3, 0xfe1, 0x7, 0x2, 0x5, 0x6f, 0x7, 0x8, 0x3, 0x9, 0x5, 0x7a7, 0x3a, 0x7e, 0x7fff, 0x8, 0x8001, 0xd, 0x1, 0x3, 0x0, 0x1, 0x3, 0x7fffffff, 0x8, 0x9, 0x3, 0x80, 0xd, 0x286e, 0x732, 0x8002, 0x6be, 0x2, 0xe7, 0x8, 0xb, 0x8, 0x9, 0x1ff, 0x8, 0x3, 0x9, 0x5, 0x1, 0x2b2c, 0x6, 0xe3da, 0x6, 0x2c54, 0x6, 0xfffff29d, 0xc791, 0x6, 0x10000, 0x7f, 0x8, 0x40, 0x7, 0x401, 0x6b, 0x44, 0x2, 0x0, 0x0, 0x6, 0x3, 0xc, 0x0, 0x7ff, 0x14000, 0x26, 0x1, 0x7, 0x5, 0x1, 0x7ff, 0x9, 0xd4f8, 0x273, 0x8, 0x9, 0x10001, 0x4, 0x8, 0x5, 0x5, 0x7, 0xfffffff8, 0x9, 0x4, 0x80000001, 0x200, 0x86d, 0x2, 0xb23, 0x4, 0x83, 0x4, 0x80000001, 0x7fff, 0x5, 0x100, 0x9, 0x5, 0x3, 0xfffffffa, 0x10, 0x0, 0xfff, 0x10, 0xed9, 0x1, 0x3, 0x0, 0x1, 0x9, 0x5, 0x8, 0x1, 0x9, 0x80000000, 0xc, 0x2, 0x6, 0x1ff, 0x9, 0x3ff, 0x7, 0x76, 0x1, 0xfffffffa, 0x8, 0x3, 0x0, 0x3d88, 0x1246, 0x0, 0x5, 0x101, 0x3, 0x0, 0x800, 0x8, 0x19, 0x2, 0x0, 0x0, 0x6, 0x5, 0x5, 0x0, 0xffffff81, 0x1, 0x6, 0x917, 0x9, 0xfffff801, 0x4, 0x81, 0x9, 0xf0000000, 0x5, 0x3f29, 0x4, 0x0, 0xff, 0x5, 0x8, 0x9, 0x9, 0x1, 0x6, 0x80000000, 0x3, 0x5, 0xffff, 0x1000, 0x7, 0x3, 0x7, 0x800, 0x3d23, 0xfffffff8, 0x9, 0x4, 0x3, 0x10000, 0xfffffffd, 0xffffff1c, 0x0, 0x0, 0x2, 0x7, 0x6, 0x934, 0x9ca, 0x8, 0x2, 0x9, 0x4, 0x0, 0x4, 0x7, 0x80, 0x7f, 0x4, 0x400, 0xf8cc, 0x2, 0x400, 0x65bd, 0x8c4, 0x0, 0x3ff, 0x40, 0x80, 0x2, 0x3, 0x5, 0x4, 0x6, 0x7, 0x6, 0x240, 0x7, 0x8, 0x10000, 0x2, 0x2, 0xb, 0x6, 0x3, 0x2, 0x5, 0x3ff, 0x1, 0x8000, 0x0, 0x80000000, 0x800, 0x99, 0xe, 0x0, 0x1, 0xac5b000, 0x2, 0x1, 0x3ff, 0x0, 0x9, 0x286, 0xcf, 0x1, 0x4, 0x5, 0x790d7779, 0x6a, 0x4, 0x2, 0x0, 0x5, 0x4, 0x7, 0xe, 0x8, 0x1ff, 0x9, 0x6, 0x1, 0x5, 0x1, 0x1, 0x3, 0x4, 0x80, 0xb, 0x4, 0x3, 0x9, 0x7, 0x3, 0xeb, 0x7fff, 0x6, 0xeb34, 0x8, 0x6, 0x26, 0x3, 0x8, 0xfffff858, 0x0, 0x5, 0xa9c, 0xffffffff, 0xffff, 0x3, 0x9, 0x8, 0x1ff, 0x5, 0xfffffffe, 0xffff, 0x80000001, 0x6, 0x6, 0x0, 0x400, 0xd, 0xad4, 0x7, 0x7, 0x636, 0xff, 0x7fff, 0x2, 0x6, 0x9, 0x5, 0x7, 0x9, 0x800000, 0xffffffff, 0x9, 0x0, 0x7, 0x40, 0xb, 0xfffffffa, 0x5, 0x0, 0x8, 0xfffffff8, 0x4, 0x0, 0x3, 0x2, 0x4, 0x506, 0xf, 0xc179, 0x3, 0x9, 0x0, 0x1000, 0xffd1, 0x2, 0x9, 0x0, 0x3, 0x2, 0x9, 0xa3, 0x2, 0x7, 0x9, 0x6, 0x40, 0x6, 0x100, 0xfffffff1, 0xb8a, 0x6, 0x200, 0x7, 0x81, 0x9, 0x5f9c, 0x80, 0x4, 0x94, 0x2, 0x6, 0x7fff, 0x3, 0xc00, 0xfffffff8, 0x9, 0x800, 0x4, 0x401, 0x2, 0x3, 0xbe, 0x80000000, 0xffffffff, 0x3b2, 0x2, 0xfffffffc, 0x0, 0x6, 0x4, 0x80000000, 0x6, 0x0, 0x80, 0x3, 0x5, 0xb949, 0xfffffff9, 0xfffffbff, 0x0, 0x1, 0x800, 0x2, 0x6, 0x5, 0x3, 0x597d, 0x1, 0x5, 0x5, 0x3, 0x8, 0x9a96, 0x3, 0x2, 0x9, 0x7ff, 0x4, 0x40000, 0x97, 0x7ff, 0x12, 0x6, 0x6, 0x0, 0x2, 0x180, 0x1000, 0x1, 0x6, 0xc, 0xffff, 0x8001, 0x0, 0x7, 0x9, 0x3, 0xfbb2, 0x6, 0x7fff, 0x1, 0x8, 0x4, 0xb, 0xffff, 0xffff, 0x9, 0x0, 0xff, 0x9, 0x2, 0xd82, 0x5, 0x6, 0x8, 0x2, 0xb206, 0xbe7, 0xfffffec1, 0x9, 0xa, 0x641, 0x80000000, 0xa1cd, 0xfffffffd, 0x2, 0x3, 0x7, 0x5, 0x7, 0x2, 0x7, 0xf31f, 0x7, 0x10000, 0x100, 0x4, 0x16b, 0xffff, 0x8, 0xc, 0x8, 0x2, 0x1, 0x5, 0xa1655d00, 0x3ff, 0x8001, 0x4, 0x2, 0x0, 0x3945d990, 0x7, 0x10000, 0x4, 0x2, 0x0, 0xffff0001, 0xe0c2, 0x9, 0x7ff, 0x1, 0x80000001, 0x7dcf94da, 0x10, 0x7, 0xb9, 0x6, 0x7fff, 0x5, 0x4d3, 0xeb, 0x2d, 0x6, 0x3, 0x27316108, 0x40, 0x2, 0x7fffffff, 0x3, 0x5, 0x0, 0x8, 0xad, 0x3, 0xffff, 0xaf7, 0x5, 0x237, 0x800, 0xe2, 0x240000, 0x4, 0x4, 0x1, 0x3, 0x7, 0x8b3d, 0x0, 0x1000, 0x1, 0x8, 0x6, 0x7, 0x3, 0xc1, 0x2, 0x8, 0x3, 0x1, 0x4, 0xb66, 0x5, 0x8, 0x401, 0x6, 0x3, 0x0, 0x1000, 0x2, 0x6855, 0x2, 0x1, 0x40000, 0xd, 0xa, 0x80000001, 0x4, 0x5, 0x0, 0x2, 0x7, 0x80, 0x3c79, 0x1, 0xfffffffa, 0x100, 0x2, 0x10, 0x400, 0x8001, 0x8, 0x5, 0x2, 0x3, 0xffffff3d, 0x9, 0x3ff, 0x4, 0x5, 0x9, 0xc0000, 0x66, 0x4, 0x9, 0x0, 0xe7, 0xc28, 0x9a, 0x6, 0x1, 0x9, 0xde, 0x81, 0x8000, 0x9, 0x6c4, 0x0, 0x9, 0xffff, 0x9a, 0x101, 0x8, 0x8, 0x2, 0x0, 0x7, 0x71, 0x5277bf5c, 0x7, 0x7fff, 0x7, 0x1, 0x3, 0xffff, 0x1, 0x18000, 0x1, 0x17, 0xffff, 0x87, 0x8, 0x0, 0x1000, 0xb, 0x1000, 0xbe, 0x6, 0x8000, 0x6, 0x1, 0x4, 0x8cd3, 0x7, 0x1, 0x7, 0x2, 0x3, 0x652a, 0x3ff, 0x9, 0xa, 0x82, 0x1f8, 0xfffffff8, 0x80, 0xd, 0x7, 0x3, 0x5, 0x3, 0xffffffd1, 0x0, 0x8, 0x9, 0x0, 0x6, 0xfffffff9, 0x0, 0x3ff, 0x8ae, 0x8000, 0x2, 0x100, 0x6, 0x0, 0x5, 0x5, 0x8, 0x1, 0x10000, 0x7fffffff, 0xffffff99, 0x4, 0x200000e, 0xc, 0x7, 0x5, 0xc6a, 0x10, 0x4, 0xfffffff8, 0x9, 0x40, 0x5, 0x3, 0x4, 0x100, 0xd89, 0x100, 0x5230, 0xfffff6f4, 0xffffb8c6, 0x1000, 0xa, 0x6, 0xfffffff5, 0x2, 0x1000, 0x52, 0x80, 0x15, 0x7, 0x3, 0x8, 0x4, 0x29, 0x6b, 0x4, 0xffffffff, 0xe18d, 0x3, 0x3, 0x9, 0x4, 0x7ff, 0x6, 0x400101, 0x800, 0x8, 0x4, 0x7f, 0x2, 0xb, 0xe20, 0x5, 0x8001, 0x5, 0x1, 0x400, 0xffff, 0x2, 0x6, 0x4, 0x10, 0x1000, 0xffff, 0x4, 0x6b92, 0xa8, 0x0, 0x6, 0x1, 0x200, 0x81, 0x8, 0x6, 0x3, 0x8, 0xcb, 0x400, 0x54, 0x8, 0x6102, 0x81, 0x2, 0xff, 0x10, 0x4a08, 0x9, 0x4, 0x3, 0x3, 0x5, 0xffffff81, 0x7, 0xacf2, 0xd26, 0x4, 0x48e, 0x3f800, 0x6140, 0x8, 0xff, 0x80, 0x9, 0x850d, 0x9, 0x6, 0x3, 0xfffffffb, 0x0, 0x3, 0xffffff81, 0x5, 0x7, 0x2, 0x3, 0x6, 0x922f, 0x3, 0x8b14, 0x0, 0x401, 0x9, 0x80000201, 0x2, 0x4, 0xfffffff8, 0x2, 0x1, 0x5, 0x5, 0x3, 0x0, 0xfffffff8, 0x3, 0xffff9f82, 0x8, 0xd08, 0x4, 0xfffffeff, 0x6, 0xa, 0x5c, 0x4, 0xc, 0x9, 0x2]}) ioctl$KVM_SET_XCRS(0xffffffffffffffff, 0x4188aea7, &(0x7f0000000200)={0xb, 0x1, [{0x2, 0x0, 0xc}, {0x200, 0x0, 0x8}, {0x1, 0x0, 0x8}, {0x1000, 0x0, 0x206}, {0xb, 0x0, 0x8000000000000001}, {0xbbfc}, {0x3, 0x0, 0xc000000000}, {0x8, 0x0, 0x95}, {0x2, 0x0, 0x1c9c}, {0x4, 0x0, 0xfff0000000000000}, {0x9}, {0x4, 0x0, 0x8}, {0x8, 0x0, 0x1}, {0x9, 0x0, 0x200}, {0x9, 0x0, 0x8}, {0x6, 0x0, 0x5}]}) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000280)={[0x8, 0x2, 0x6, 0x2, 0x9, 0x40, 0x4, 0xc, 0x80000000000, 0x81c, 0x9, 0x7, 0xc0, 0x5, 0x2, 0x8001], 0x4}) 0s ago: executing program 3 (id=3252): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x4000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e) ioctl$F2FS_IOC_COMPRESS_FILE(r2, 0xf518, 0x0) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0xef, &(0x7f00000000c0)={&(0x7f0000000840)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x25dfdbfc, {{@in, @in6=@ipv4={'\x00', '\xff\xff', @multicast2}, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x4, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x3, 0x200000000000}, 0x0, 0x0, 0x1}, [@tmpl={0x44, 0x5, [{{@in6=@empty, 0x2, 0x2b}, 0x0, @in6=@local, 0x0, 0x1}]}]}, 0xfc}, 0x1, 0x0, 0x0, 0x20008000}, 0x0) r3 = socket$inet(0x2, 0x2, 0x1) sendmsg$inet(r3, &(0x7f00000000c0)={&(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000000300)=[{&(0x7f0000000280)="08001efbb07d5a6e", 0x8}], 0x1, &(0x7f0000000080)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @remote}}}], 0x20}, 0x20000810) r4 = socket$tipc(0x1e, 0x5, 0x0) sendmsg$tipc(r4, 0x0, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='freezer.self_freezing\x00', 0x275a, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[], 0x48) bpf$MAP_CREATE(0x0, 0x0, 0x50) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000b00)={0xffffffffffffffff, 0x0, 0x0}, 0x10) openat$cgroup_ro(r5, &(0x7f0000000180)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x0, 0x0) r6 = socket$inet6(0xa, 0x3, 0x7) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, 0x0) setsockopt$SO_TIMESTAMPING(r6, 0x1, 0x25, &(0x7f0000000280)=0x10, 0x4) sendmmsg$inet6(r6, &(0x7f0000004580)=[{{&(0x7f0000000080)={0xa, 0x0, 0x8, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB], 0x28}}], 0x1, 0x0) kernel console output (not intermixed with test programs): yscall=431 compat=0 ip=0x7f0ba5f9c799 code=0x7ffc0000 [ 832.698595][ T27] audit: type=1326 audit(1773350372.488:253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12545 comm="syz.1.2002" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ba5f9c799 code=0x7ffc0000 [ 832.721460][T12582] EXT4-fs error (device loop0): ext4_acquire_dquot:6835: comm syz.0.2010: Failed to acquire dquot type 1 [ 832.772425][T12582] EXT4-fs (loop0): 1 truncate cleaned up [ 832.888696][T12582] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 833.926661][ T4269] EXT4-fs (loop0): unmounting filesystem. [ 834.027705][T12613] loop3: detected capacity change from 0 to 1024 [ 834.241597][T12619] loop6: detected capacity change from 0 to 4096 [ 834.382364][T12621] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 834.819201][ T5239] hfsplus: b-tree write err: -5, ino 25 [ 834.831750][ T5239] hfsplus: b-tree write err: -5, ino 4 [ 834.843066][ T5239] hfsplus: b-tree write err: -5, ino 2 [ 834.894873][ T5239] hfsplus: b-tree write err: -5, ino 26 [ 834.911682][ T8376] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 835.131523][ T8376] usb 1-1: Using ep0 maxpacket: 8 [ 835.151371][ T8376] usb 1-1: unable to get BOS descriptor or descriptor too short [ 835.189226][ T8376] usb 1-1: config 0 has an invalid interface number: 88 but max is 0 [ 835.212206][ T8376] usb 1-1: config 0 has no interface number 0 [ 835.228491][ T8376] usb 1-1: config 0 interface 88 altsetting 8 endpoint 0x86 has an invalid bInterval 0, changing to 7 [ 835.250205][ T8376] usb 1-1: config 0 interface 88 altsetting 8 endpoint 0x86 has invalid wMaxPacketSize 0 [ 835.290374][ T8376] usb 1-1: config 0 interface 88 has no altsetting 0 [ 835.473627][ T8376] usb 1-1: string descriptor 0 read error: -22 [ 835.479883][ T8376] usb 1-1: New USB device found, idVendor=0460, idProduct=0004, bcdDevice=96.31 [ 835.489270][ T8376] usb 1-1: New USB device strings: Mfr=1, Product=84, SerialNumber=3 [ 835.500331][ T8376] usb 1-1: config 0 descriptor?? [ 836.238804][T12643] loop1: detected capacity change from 0 to 8 [ 836.245534][ T8376] input: USB Acecad Flair Tablet 0460:0004 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.88/input/input25 [ 838.792377][ T27] kauditd_printk_skb: 16 callbacks suppressed [ 838.792392][ T27] audit: type=1800 audit(1773350379.958:268): pid=12649 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.2029" name="file2" dev="loop1" ino=3 res=0 errno=0 [ 838.918661][ T8376] usb 1-1: USB disconnect, device number 18 [ 842.525791][T12706] sg_read: process 1437 (syz.3.2046) changed security contexts after opening file descriptor, this is not allowed. [ 842.723860][T12714] device syzkaller0 entered promiscuous mode [ 843.505534][ T8376] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 843.691500][ T8376] usb 1-1: Using ep0 maxpacket: 16 [ 843.698383][ T8376] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 843.718806][ T8376] usb 1-1: too many endpoints for config 0 interface 0 altsetting 255: 255, using maximum allowed: 30 [ 843.747752][T12723] loop3: detected capacity change from 0 to 4096 [ 843.754227][ T8376] usb 1-1: config 0 interface 0 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255 [ 843.767779][ T8376] usb 1-1: config 0 interface 0 has no altsetting 0 [ 843.775392][T12723] ntfs3: Unknown parameter 'nocase' [ 843.783409][ T8376] usb 1-1: New USB device found, idVendor=0d46, idProduct=0081, bcdDevice=19.82 [ 843.792599][ T8376] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 843.800591][ T8376] usb 1-1: Product: syz [ 843.843102][ T8376] usb 1-1: Manufacturer: syz [ 843.873188][ T8376] usb 1-1: SerialNumber: syz [ 844.705026][ T8376] usb 1-1: config 0 descriptor?? [ 844.748187][ T8376] kobil_sct 1-1:0.0: required endpoints missing [ 845.519433][ T8376] usb 1-1: USB disconnect, device number 19 [ 848.228295][T12754] tmpfs: Unknown parameter 'fscontext' [ 850.064340][T12771] loop6: detected capacity change from 0 to 64 [ 850.174322][ T27] audit: type=1800 audit(1773350391.488:269): pid=12771 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.2068" name=E91F7189591E9233614B dev="loop6" ino=21 res=0 errno=0 [ 850.478780][T12781] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2070'. [ 850.487765][T12781] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2070'. [ 850.501831][T12781] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2070'. [ 850.510768][T12781] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2070'. [ 850.751593][ T8376] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 851.641130][T12788] device syzkaller0 entered promiscuous mode [ 851.663098][T12789] tmpfs: Unknown parameter 'ÿÿ' [ 851.871684][ T5136] usb 7-1: new high-speed USB device number 15 using dummy_hcd [ 852.235789][ T8376] usb 4-1: Using ep0 maxpacket: 16 [ 852.282514][ T8376] usb 4-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config [ 852.296308][ T8376] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 852.328260][ T8376] usb 4-1: New USB device found, idVendor=0d46, idProduct=0081, bcdDevice=19.82 [ 852.353610][ T8376] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 852.373616][ T8376] usb 4-1: Product: syz [ 852.383889][ T8376] usb 4-1: Manufacturer: syz [ 852.394003][ T8376] usb 4-1: SerialNumber: syz [ 852.421588][ T5136] usb 7-1: Using ep0 maxpacket: 8 [ 852.428699][ T5136] usb 7-1: unable to read config index 0 descriptor/start: -61 [ 852.436246][ T8376] usb 4-1: config 0 descriptor?? [ 852.446169][ T5136] usb 7-1: can't read configurations, error -61 [ 852.639169][T12799] loop0: detected capacity change from 0 to 8 [ 852.645462][ T8376] kobil_sct 4-1:0.0: required endpoints missing [ 853.356553][ T5136] usb 7-1: new high-speed USB device number 16 using dummy_hcd [ 853.379984][ T8376] usb 4-1: USB disconnect, device number 21 [ 853.821622][ T5136] usb 7-1: Using ep0 maxpacket: 8 [ 853.829642][ T5136] usb 7-1: unable to read config index 0 descriptor/start: -61 [ 853.844884][ T5136] usb 7-1: can't read configurations, error -61 [ 853.858113][ T5136] usb usb7-port1: attempt power cycle [ 854.026238][T12820] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2083'. [ 854.047713][T12819] loop3: detected capacity change from 0 to 1024 [ 854.156909][ T56] hfsplus: b-tree write err: -5, ino 25 [ 854.168230][ T56] hfsplus: b-tree write err: -5, ino 4 [ 854.194661][ T56] hfsplus: b-tree write err: -5, ino 2 [ 854.211346][ T56] hfsplus: b-tree write err: -5, ino 26 [ 854.350974][ T5136] usb 7-1: new high-speed USB device number 17 using dummy_hcd [ 854.381963][ T5136] usb 7-1: Using ep0 maxpacket: 8 [ 854.389032][ T5136] usb 7-1: unable to read config index 0 descriptor/start: -61 [ 854.397900][ T5136] usb 7-1: can't read configurations, error -61 [ 854.511595][ T5155] usb 5-1: new high-speed USB device number 31 using dummy_hcd [ 854.571526][ T5136] usb 7-1: new high-speed USB device number 18 using dummy_hcd [ 854.706547][ T5155] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 854.730354][ T5155] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024 [ 854.748307][ T5136] usb 7-1: device descriptor read/8, error -71 [ 854.782790][ T5155] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 854.795509][ T5155] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 854.803570][ T5155] usb 5-1: Product: syz [ 854.807739][ T5155] usb 5-1: Manufacturer: syz [ 854.812440][ T5155] usb 5-1: SerialNumber: syz [ 854.829126][ T5155] cdc_mbim 5-1:1.0: skipping garbage [ 854.871808][ T5136] usb usb7-port1: unable to enumerate USB device [ 855.029863][T12822] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 855.389941][T12833] tmpfs: Unknown parameter 'ÿÿ' [ 856.062794][T12822] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 856.079252][ T5155] cdc_mbim 5-1:1.0: setting tx_max = 184 [ 856.776308][T12822] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 856.841800][ T5155] cdc_mbim 5-1:1.0: cdc-wdm0: USB WDM device [ 856.854659][T12822] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 856.865862][ T5155] cdc_mbim 5-1:1.0 wwan0: register 'cdc_mbim' at usb-dummy_hcd.4-1, CDC MBIM, 3a:8a:a8:1d:ab:22 [ 857.200847][ C1] cdc_mbim 5-1:1.0: nonzero urb status received: -71 [ 857.207684][ C1] cdc_mbim 5-1:1.0: wdm_int_callback - 0 bytes [ 857.214692][ C1] cdc_mbim 5-1:1.0: nonzero urb status received: -71 [ 857.221381][ C1] cdc_mbim 5-1:1.0: wdm_int_callback - 0 bytes [ 857.267298][ T8376] usb 5-1: USB disconnect, device number 31 [ 857.298877][ T8376] cdc_mbim 5-1:1.0 wwan0: unregister 'cdc_mbim' usb-dummy_hcd.4-1, CDC MBIM [ 857.612737][T12859] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(3) [ 857.619275][T12859] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 857.658958][T12859] vhci_hcd vhci_hcd.0: Device attached [ 857.695152][T12860] vhci_hcd: connection closed [ 857.696851][ T56] vhci_hcd: stop threads [ 857.730090][ T56] vhci_hcd: release socket [ 857.745797][ T56] vhci_hcd: disconnect device [ 857.888673][T12867] loop4: detected capacity change from 0 to 128 [ 857.959252][T12867] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 857.995878][T12867] ext4 filesystem being mounted at /407/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 858.023825][T12867] EXT4-fs (loop4): shut down requested (2) [ 858.184792][ T4279] EXT4-fs (loop4): unmounting filesystem. [ 858.571713][ T5136] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 858.801631][ T5136] usb 1-1: Using ep0 maxpacket: 8 [ 858.813838][ T5136] usb 1-1: unable to read config index 0 descriptor/start: -61 [ 858.922926][ T5136] usb 1-1: can't read configurations, error -61 [ 859.191610][ T5136] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 859.193019][T12886] loop4: detected capacity change from 0 to 4096 [ 859.207503][T12886] ntfs3: loop4: ino=3, Correct links count -> 2. [ 860.301603][ T5136] usb 1-1: Using ep0 maxpacket: 8 [ 860.308772][ T5136] usb 1-1: unable to read config index 0 descriptor/start: -61 [ 860.332854][ T5136] usb 1-1: can't read configurations, error -61 [ 860.347899][ T5136] usb usb1-port1: attempt power cycle [ 860.771624][ T5136] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 860.812017][ T5136] usb 1-1: Using ep0 maxpacket: 8 [ 860.820399][ T5136] usb 1-1: unable to read config index 0 descriptor/start: -61 [ 860.874167][ T5136] usb 1-1: can't read configurations, error -61 [ 861.203667][ T5136] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 861.451415][ T5136] usb 1-1: Using ep0 maxpacket: 8 [ 861.637409][ T5136] usb 1-1: unable to read config index 0 descriptor/start: -61 [ 861.679387][ T5136] usb 1-1: can't read configurations, error -61 [ 861.822036][ T5136] usb usb1-port1: unable to enumerate USB device [ 862.596302][T12935] tmpfs: Unknown parameter 'fscontext' [ 864.588741][T12965] loop4: detected capacity change from 0 to 128 [ 865.038237][T12965] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 865.049330][T12965] ext4 filesystem being mounted at /411/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 865.077146][T12965] EXT4-fs (loop4): shut down requested (2) [ 865.466016][ T4279] EXT4-fs (loop4): unmounting filesystem. [ 865.566210][T12982] tmpfs: Unknown parameter 'ÿÿ' [ 866.583083][T12988] loop0: detected capacity change from 0 to 8 [ 867.163650][T13006] loop3: detected capacity change from 0 to 256 [ 868.173636][T13006] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 868.326155][ T27] audit: type=1800 audit(1773350409.638:270): pid=13006 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2133" name="file1" dev="loop3" ino=1048832 res=0 errno=0 [ 868.792429][T13025] syz.6.2137 (13025): attempted to duplicate a private mapping with mremap. This is not supported. [ 869.296962][T13031] tmpfs: Unknown parameter 'ÿÿ' [ 870.185532][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 870.191895][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 871.321661][T13051] loop4: detected capacity change from 0 to 4096 [ 871.436934][T13053] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 871.545157][T13059] loop6: detected capacity change from 0 to 256 [ 871.583211][T13059] exFAT-fs (loop6): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 871.928842][T13065] syz.6.2147: attempt to access beyond end of device [ 871.928842][T13065] loop6: rw=524288, sector=280, nr_sectors = 128 limit=256 [ 871.944256][T13065] syz.6.2147: attempt to access beyond end of device [ 871.944256][T13065] loop6: rw=524288, sector=408, nr_sectors = 256 limit=256 [ 871.958315][T13065] syz.6.2147: attempt to access beyond end of device [ 871.958315][T13065] loop6: rw=0, sector=280, nr_sectors = 8 limit=256 [ 871.975985][ T27] audit: type=1800 audit(1773350413.288:271): pid=13065 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.2147" name="file1" dev="loop6" ino=1048833 res=0 errno=0 [ 872.982666][T13085] tmpfs: Unknown parameter 'ÿÿ' [ 874.717440][T13102] loop4: detected capacity change from 0 to 512 [ 874.942183][T13102] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 874.964168][T13102] ext4 filesystem being mounted at /423/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 875.683334][T13121] overlayfs: missing 'lowerdir' [ 876.347855][ T4279] EXT4-fs (loop4): unmounting filesystem. [ 877.010153][T13138] tmpfs: Unknown parameter 'ÿÿ' [ 878.806115][T13149] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request [ 879.329452][T13162] netlink: 'syz.3.2178': attribute type 2 has an invalid length. [ 879.405199][T13166] overlayfs: missing 'lowerdir' [ 880.256010][T13175] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2181'. [ 880.265330][T13175] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2181'. [ 880.280510][T13172] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2181'. [ 880.321668][T13172] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2181'. [ 881.925081][T13198] tmpfs: Unknown parameter 'ÿÿ' [ 882.218538][T13201] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request [ 883.609621][T13222] overlayfs: missing 'lowerdir' [ 884.738986][T13236] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2198'. [ 884.748241][T13236] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2198'. [ 884.760613][T13236] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2198'. [ 884.769550][T13236] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2198'. [ 884.812054][T13238] netlink: 'syz.0.2199': attribute type 2 has an invalid length. [ 884.937695][T13241] 8021q: adding VLAN 0 to HW filter on device bond1 [ 885.544270][T13241] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2202'. [ 885.697173][T13241] device bond1 entered promiscuous mode [ 885.849873][T13246] device dummy0 entered promiscuous mode [ 885.922042][T13246] bond1: (slave dummy0): Enslaving as an active interface with an up link [ 886.115981][ T4478] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready [ 886.141401][T13260] tmpfs: Unknown parameter 'ÿÿ' [ 886.401815][T13262] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request [ 887.541745][T13272] vivid-007: disconnect [ 887.979326][T13274] overlayfs: missing 'lowerdir' [ 888.270037][T13267] vivid-007: reconnect [ 888.809497][T13305] loop5: detected capacity change from 0 to 7 [ 888.844139][T13305] Dev loop5: unable to read RDB block 7 [ 889.031644][T13305] loop5: unable to read partition table [ 889.037549][T13305] loop5: partition table beyond EOD, truncated [ 889.048829][T13305] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5) [ 889.601314][T13327] overlayfs: missing 'lowerdir' [ 890.584416][T13347] loop0: detected capacity change from 0 to 8 [ 892.425390][T13380] overlayfs: missing 'lowerdir' [ 894.323333][T13410] tmpfs: Unknown parameter 'fscontext' [ 894.386641][T13411] loop4: detected capacity change from 0 to 256 [ 894.484274][T13411] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 894.907953][T13418] syz.4.2249: attempt to access beyond end of device [ 894.907953][T13418] loop4: rw=524288, sector=280, nr_sectors = 128 limit=256 [ 894.923108][T13418] syz.4.2249: attempt to access beyond end of device [ 894.923108][T13418] loop4: rw=524288, sector=408, nr_sectors = 256 limit=256 [ 894.937027][T13418] syz.4.2249: attempt to access beyond end of device [ 894.937027][T13418] loop4: rw=0, sector=280, nr_sectors = 8 limit=256 [ 894.950399][ T27] audit: type=1800 audit(1773350436.258:272): pid=13418 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.2249" name="file1" dev="loop4" ino=1048836 res=0 errno=0 [ 895.935344][T13432] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2254'. [ 896.029695][T13435] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2254'. [ 896.768721][T13448] device dummy0 entered promiscuous mode [ 898.071009][T13462] tmpfs: Unknown parameter 'fscontext' [ 900.491538][T13472] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request [ 902.814655][T13497] loop3: detected capacity change from 0 to 256 [ 902.889700][T13497] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xe619cb59, utbl_chksum : 0xe619d30d) [ 904.068143][T13507] loop6: detected capacity change from 0 to 4096 [ 904.141145][T13513] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 904.151856][ T27] audit: type=1326 audit(1773350445.448:273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13514 comm="syz.1.2277" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ba5f9c799 code=0x7ffc0000 [ 904.213629][ T27] audit: type=1326 audit(1773350445.448:274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13514 comm="syz.1.2277" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ba5f9c799 code=0x7ffc0000 [ 904.301360][ T27] audit: type=1326 audit(1773350445.448:275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13514 comm="syz.1.2277" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ba5f9c799 code=0x7ffc0000 [ 904.331277][ T27] audit: type=1326 audit(1773350445.448:276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13514 comm="syz.1.2277" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ba5f9c799 code=0x7ffc0000 [ 904.390311][ T27] audit: type=1326 audit(1773350445.448:277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13514 comm="syz.1.2277" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f0ba5f9c799 code=0x7ffc0000 [ 904.501378][ T27] audit: type=1326 audit(1773350445.448:278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13514 comm="syz.1.2277" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ba5f9c799 code=0x7ffc0000 [ 904.545094][T13520] tmpfs: Unknown parameter 'fscontext' [ 905.068147][ T27] audit: type=1326 audit(1773350445.448:279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13514 comm="syz.1.2277" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ba5f9c799 code=0x7ffc0000 [ 905.100864][ T27] audit: type=1326 audit(1773350445.448:280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13514 comm="syz.1.2277" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ba5f9c799 code=0x7ffc0000 [ 905.221905][ T27] audit: type=1326 audit(1773350445.448:281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13514 comm="syz.1.2277" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ba5f9c799 code=0x7ffc0000 [ 905.335605][ T27] audit: type=1326 audit(1773350445.448:282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13514 comm="syz.1.2277" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f0ba5f9c42b code=0x7ffc0000 [ 905.593226][T13546] vivid-007: disconnect [ 906.069363][T13543] device syzkaller0 entered promiscuous mode [ 906.246510][T13540] vivid-007: reconnect [ 908.341095][T13592] loop3: detected capacity change from 0 to 4096 [ 908.390860][T13592] ntfs3: loop3: ino=3, Correct links count -> 2. [ 910.490908][T13620] loop3: detected capacity change from 0 to 32768 [ 910.524684][T13620] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 scanned by syz.3.2306 (13620) [ 910.560035][T13620] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 910.580293][T13620] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 910.598521][T13620] BTRFS info (device loop3): setting nodatacow, compression disabled [ 910.625770][T13620] BTRFS info (device loop3): force clearing of disk cache [ 910.633011][T13620] BTRFS info (device loop3): turning off barriers [ 910.639577][T13620] BTRFS info (device loop3): use no compression [ 910.664834][T13620] BTRFS info (device loop3): disabling free space tree [ 910.685826][T13620] BTRFS info (device loop3): enabling ssd optimizations [ 910.711876][T13620] BTRFS info (device loop3): using spread ssd allocation scheme [ 910.721960][T13620] BTRFS info (device loop3): not using ssd optimizations [ 910.739239][T13620] BTRFS info (device loop3): not using spread ssd allocation scheme [ 910.978801][T13620] BTRFS info (device loop3): rebuilding free space tree [ 911.195374][T13620] BTRFS info (device loop3): disabling free space tree [ 911.218553][T13620] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 911.231600][T13620] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 911.296330][T13620] BTRFS info (device loop3): checking UUID tree [ 911.419362][T13651] loop4: detected capacity change from 0 to 4096 [ 911.515471][T13651] ntfs3: loop4: ino=3, Correct links count -> 2. [ 911.565490][ T4275] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 914.045108][T13700] loop0: detected capacity change from 0 to 4096 [ 914.077347][T13700] ntfs3: loop0: ino=3, Correct links count -> 2. [ 915.867544][T13709] tmpfs: Unknown parameter 'ÿÿ' [ 916.861783][T13737] loop6: detected capacity change from 0 to 128 [ 916.895684][T13737] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none. [ 916.905629][T13737] ext4 filesystem being mounted at /343/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 918.127852][T13752] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2340'. [ 918.654780][T13755] tmpfs: Unknown parameter 'ÿÿ' [ 919.155332][ T6694] EXT4-fs (loop6): unmounting filesystem. [ 919.183199][T13761] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2345'. [ 919.192811][T13757] vivid-007: disconnect [ 919.222113][T13759] vivid-007: reconnect [ 920.607793][T13791] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2354'. [ 923.578642][T13817] vivid-007: disconnect [ 923.588225][T13816] vivid-007: reconnect [ 924.010227][T13834] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2368'. [ 924.091056][T13830] loop6: detected capacity change from 0 to 4096 [ 924.820093][T13845] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 925.323697][T13847] loop4: detected capacity change from 0 to 4096 [ 925.342464][T13847] ntfs3: loop4: ino=3, Correct links count -> 2. [ 926.126055][T13882] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2383'. [ 926.398961][T13888] loop3: detected capacity change from 0 to 4096 [ 927.368210][T13895] loop6: detected capacity change from 0 to 4096 [ 927.388324][ T4275] ntfs3: loop3: ntfs_evict_inode r=5 failed, -22. [ 927.413403][ T4275] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 927.422129][T13895] ntfs3: loop6: ino=3, Correct links count -> 2. [ 927.705260][T13910] loop4: detected capacity change from 0 to 128 [ 928.460597][T13910] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 928.517144][T13910] ext4 filesystem being mounted at /472/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 928.595460][T13921] binder_alloc: 13920: binder_alloc_buf, no vma [ 928.699592][ T4279] EXT4-fs (loop4): unmounting filesystem. [ 928.721628][ T8376] usb 1-1: new high-speed USB device number 24 using dummy_hcd [ 928.802625][T13928] vivid-007: disconnect [ 929.525763][T13923] vivid-007: reconnect [ 929.554079][T13930] loop4: detected capacity change from 0 to 4096 [ 929.589266][ T8376] usb 1-1: Using ep0 maxpacket: 16 [ 929.589531][T13931] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 929.595435][ T8376] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 929.595464][ T8376] usb 1-1: config 0 has no interfaces? [ 929.645310][ T8376] usb 1-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d [ 929.645338][ T8376] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 929.645358][ T8376] usb 1-1: Product: syz [ 929.645372][ T8376] usb 1-1: Manufacturer: syz [ 929.645386][ T8376] usb 1-1: SerialNumber: syz [ 929.647266][ T8376] usb 1-1: config 0 descriptor?? [ 929.875871][ T8376] usb 1-1: USB disconnect, device number 24 [ 931.344449][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 931.344522][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 931.575588][T13952] loop4: detected capacity change from 0 to 256 [ 931.587448][T13947] loop0: detected capacity change from 0 to 4096 [ 931.590518][T13947] ntfs3: loop0: ino=3, Correct links count -> 2. [ 931.641752][T13952] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 933.277948][T13965] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2412'. [ 933.290154][T13965] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2412'. [ 933.291713][T13965] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2412'. [ 933.291793][T13965] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2412'. [ 933.444996][T13959] syz.4.2409: attempt to access beyond end of device [ 933.444996][T13959] loop4: rw=524288, sector=280, nr_sectors = 128 limit=256 [ 933.499549][T13959] syz.4.2409: attempt to access beyond end of device [ 933.499549][T13959] loop4: rw=524288, sector=408, nr_sectors = 256 limit=256 [ 933.499622][T13959] syz.4.2409: attempt to access beyond end of device [ 933.499622][T13959] loop4: rw=0, sector=280, nr_sectors = 8 limit=256 [ 933.499808][ T27] kauditd_printk_skb: 40 callbacks suppressed [ 933.499818][ T27] audit: type=1800 audit(1773350474.818:323): pid=13959 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.2409" name="file1" dev="loop4" ino=1048842 res=0 errno=0 [ 936.358724][T13985] loop4: detected capacity change from 0 to 4096 [ 937.576825][T14000] loop0: detected capacity change from 0 to 4096 [ 937.613763][ T4279] ntfs3: loop4: ntfs_evict_inode r=5 failed, -22. [ 937.620219][ T4279] ntfs3: loop4: Mark volume as dirty due to NTFS errors [ 937.647125][T14000] ntfs3: loop0: ino=3, Correct links count -> 2. [ 938.049934][T14015] vivid-007: disconnect [ 938.667174][T14009] vivid-007: reconnect [ 940.234404][T14026] loop0: detected capacity change from 0 to 256 [ 940.377162][T14026] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 940.687137][T14032] syz.0.2433: attempt to access beyond end of device [ 940.687137][T14032] loop0: rw=524288, sector=280, nr_sectors = 128 limit=256 [ 940.708192][T14032] syz.0.2433: attempt to access beyond end of device [ 940.708192][T14032] loop0: rw=524288, sector=408, nr_sectors = 256 limit=256 [ 940.722238][T14032] syz.0.2433: attempt to access beyond end of device [ 940.722238][T14032] loop0: rw=0, sector=280, nr_sectors = 8 limit=256 [ 940.815569][ T27] audit: type=1800 audit(1773350482.058:324): pid=14032 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.2433" name="file1" dev="loop0" ino=1048845 res=0 errno=0 [ 940.835641][ C0] vkms_vblank_simulate: vblank timer overrun [ 942.101041][T14048] loop3: detected capacity change from 0 to 4096 [ 942.116048][T14048] ntfs3: loop3: ino=3, Correct links count -> 2. [ 944.602996][T14084] loop3: detected capacity change from 0 to 4096 [ 944.665431][T14087] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 944.841616][T14092] vivid-007: disconnect [ 945.550118][T14086] vivid-007: reconnect [ 946.067352][T14098] loop6: detected capacity change from 0 to 4096 [ 946.593613][T14098] ntfs3: loop6: ino=3, Correct links count -> 2. [ 947.299851][T14108] loop3: detected capacity change from 0 to 40427 [ 947.323215][T14108] F2FS-fs (loop3): build fault injection attr: rate: 19, type: 0x3ffff [ 947.936698][T14122] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request [ 948.539870][T14119] netlink: 16 bytes leftover after parsing attributes in process `syz.6.2461'. [ 948.797222][T14127] loop3: detected capacity change from 0 to 8 [ 949.822896][T14146] loop0: detected capacity change from 0 to 4096 [ 949.887374][T14153] vivid-007: disconnect [ 949.949344][T14146] ntfs3: loop0: ino=3, Correct links count -> 2. [ 950.599820][T14145] vivid-007: reconnect [ 951.934004][T14170] loop3: detected capacity change from 0 to 256 [ 951.992950][T14170] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 952.383761][T14178] syz.3.2477: attempt to access beyond end of device [ 952.383761][T14178] loop3: rw=524288, sector=280, nr_sectors = 128 limit=256 [ 952.399028][T14178] syz.3.2477: attempt to access beyond end of device [ 952.399028][T14178] loop3: rw=524288, sector=408, nr_sectors = 256 limit=256 [ 952.412959][T14178] syz.3.2477: attempt to access beyond end of device [ 952.412959][T14178] loop3: rw=0, sector=280, nr_sectors = 8 limit=256 [ 952.431478][ T27] audit: type=1800 audit(1773350493.738:325): pid=14178 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.2477" name="file1" dev="loop3" ino=1048848 res=0 errno=0 [ 952.451530][ C0] vkms_vblank_simulate: vblank timer overrun [ 954.926467][T14199] vivid-007: disconnect [ 955.566159][T14196] vivid-007: reconnect [ 956.572274][T14205] loop0: detected capacity change from 0 to 4096 [ 956.751887][T14205] ntfs3: loop0: ino=3, Correct links count -> 2. [ 956.879148][T14219] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2489'. [ 956.888185][T14219] netlink: 24 bytes leftover after parsing attributes in process `syz.6.2489'. [ 956.899567][T14219] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2489'. [ 956.908716][T14219] netlink: 24 bytes leftover after parsing attributes in process `syz.6.2489'. [ 959.451150][T14241] netlink: 'syz.4.2499': attribute type 2 has an invalid length. [ 959.479289][T14243] loop0: detected capacity change from 0 to 128 [ 959.560959][T14243] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 959.576967][T14243] ext4 filesystem being mounted at /495/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 959.671293][ T4269] EXT4-fs (loop0): unmounting filesystem. [ 959.708447][T14251] device batadv_slave_0 left promiscuous mode [ 959.747976][T14251] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 960.750639][T14262] loop3: detected capacity change from 0 to 8 [ 960.819144][T14254] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2503'. [ 960.841715][T14254] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2503'. [ 960.908081][T14263] loop6: detected capacity change from 0 to 4096 [ 960.917323][T14255] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2503'. [ 961.240134][T14263] ntfs3: loop6: ino=3, Correct links count -> 2. [ 961.246813][T14255] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2503'. [ 962.911507][ T4316] usb 5-1: new high-speed USB device number 32 using dummy_hcd [ 963.161734][ T4316] usb 5-1: Using ep0 maxpacket: 8 [ 963.172522][ T4316] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 963.306874][ T4316] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 963.436770][ T4316] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 963.555154][ T4316] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 963.691758][ T4316] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 963.700840][ T4316] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 963.811176][T14297] netlink: 'syz.1.2517': attribute type 2 has an invalid length. [ 963.829416][T14297] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 964.043918][T14305] vivid-007: disconnect [ 964.768477][T14300] vivid-007: reconnect [ 964.936630][ T4316] usb 5-1: GET_CAPABILITIES returned 0 [ 964.942503][ T4316] usbtmc 5-1:16.0: can't read capabilities [ 964.977811][T14315] loop3: detected capacity change from 0 to 8 [ 965.140154][ T7013] usb 5-1: USB disconnect, device number 32 [ 965.506327][T14316] loop0: detected capacity change from 0 to 4096 [ 965.909546][ T4269] ntfs3: loop0: ntfs_evict_inode r=5 failed, -22. [ 965.942957][ T4269] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 966.122218][T14339] netlink: 'syz.0.2530': attribute type 2 has an invalid length. [ 967.773135][T14366] loop3: detected capacity change from 0 to 8 [ 967.965384][T14365] loop4: detected capacity change from 0 to 4096 [ 968.131127][T14373] netlink: 'syz.1.2544': attribute type 2 has an invalid length. [ 968.657743][ T4279] ntfs3: loop4: ntfs_evict_inode r=5 failed, -22. [ 968.693487][ T4279] ntfs3: loop4: Mark volume as dirty due to NTFS errors [ 970.392092][T14393] vivid-007: disconnect [ 970.605143][T14382] vivid-007: reconnect [ 970.766296][T14410] loop4: detected capacity change from 0 to 8 [ 971.678617][T14414] loop6: detected capacity change from 0 to 32768 [ 971.692821][T14414] gfs2: fsid=gfs2: Trying to join cluster "lock_dlm", "gfs2" [ 971.700644][T14414] gfs2: fsid=gfs2: no fsname found [ 972.442793][T14421] loop6: detected capacity change from 0 to 4096 [ 974.638115][ T6694] ntfs3: loop6: ntfs_evict_inode r=5 failed, -22. [ 974.651892][ T6694] ntfs3: loop6: Mark volume as dirty due to NTFS errors [ 974.857671][T14442] loop0: detected capacity change from 0 to 512 [ 974.867565][T14442] EXT4-fs: inline encryption not supported [ 974.873592][T14442] EXT4-fs: Ignoring removed i_version option [ 974.879637][T14442] EXT4-fs: Ignoring removed i_version option [ 974.885761][T14442] ext4: Bad value for 'journal_dev' [ 976.027175][T14455] loop0: detected capacity change from 0 to 4096 [ 976.055137][T14456] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 978.685606][T14494] tmpfs: Unknown parameter 'ÿÿ' [ 979.564601][T14501] netlink: 'syz.6.2583': attribute type 2 has an invalid length. [ 979.827896][T14510] loop6: detected capacity change from 0 to 128 [ 979.914012][T14513] loop4: detected capacity change from 0 to 128 [ 979.983109][T14510] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none. [ 980.004538][T14513] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 980.007336][T14510] ext4 filesystem being mounted at /390/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 980.241503][T14513] ext4 filesystem being mounted at /503/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 981.700286][T14525] loop3: detected capacity change from 0 to 32768 [ 981.754751][T14525] gfs2: fsid=gfs2: Trying to join cluster "lock_dlm", "gfs2" [ 981.762400][T14525] gfs2: fsid=gfs2: no fsname found [ 982.065030][ T6694] EXT4-fs (loop6): unmounting filesystem. [ 982.086282][T14513] fscrypt: Error allocating hmac(sha512): -2 [ 982.245496][ T4279] EXT4-fs (loop4): unmounting filesystem. [ 983.593585][T14551] netlink: 'syz.1.2597': attribute type 2 has an invalid length. [ 984.359667][T14570] loop4: detected capacity change from 0 to 128 [ 984.542503][T14570] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 984.561783][T14570] ext4 filesystem being mounted at /506/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 986.066988][T14592] loop0: detected capacity change from 0 to 4096 [ 986.613728][T14590] netlink: 'syz.3.2610': attribute type 2 has an invalid length. [ 986.618968][T14596] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 986.826029][ T4279] EXT4-fs (loop4): unmounting filesystem. [ 987.126031][T14604] delete_channel: no stack [ 990.118949][T14627] loop3: detected capacity change from 0 to 128 [ 990.319782][T14627] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 990.389806][T14627] ext4 filesystem being mounted at /538/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 991.492913][ T4275] EXT4-fs (loop3): unmounting filesystem. [ 992.661195][T14659] netlink: 'syz.0.2628': attribute type 2 has an invalid length. [ 992.785243][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 992.792466][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 995.412160][T14680] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request [ 995.792991][T14681] tmpfs: Unknown parameter 'fscontext' [ 996.538984][T14692] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2635'. [ 996.548008][T14692] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2635'. [ 996.562769][T14692] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2635'. [ 996.571835][T14692] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2635'. [ 996.634080][T14696] loop6: detected capacity change from 0 to 128 [ 996.666591][T14696] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none. [ 997.265732][T14696] ext4 filesystem being mounted at /400/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 997.658281][ T6694] EXT4-fs (loop6): unmounting filesystem. [ 998.870903][T14732] tmpfs: Unknown parameter 'fscontext' [ 1001.741599][T14753] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2650'. [ 1001.750606][T14753] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2650'. [ 1001.784814][T14753] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2650'. [ 1001.794038][T14753] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2650'. [ 1002.665799][T14777] tmpfs: Unknown parameter 'fscontext' [ 1004.065077][T14793] loop4: detected capacity change from 0 to 4096 [ 1005.021655][T14795] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1005.502325][T14813] vivid-007: disconnect [ 1006.109983][T14806] vivid-007: reconnect [ 1006.519730][T14818] netlink: 'syz.1.2671': attribute type 2 has an invalid length. [ 1007.668841][ T4316] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 1008.231510][ T4316] usb 4-1: Using ep0 maxpacket: 16 [ 1008.242563][ T4316] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1008.301543][ T4316] usb 4-1: config 0 has no interfaces? [ 1008.338051][ T4316] usb 4-1: string descriptor 0 read error: -71 [ 1008.396944][ T4316] usb 4-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d [ 1008.467879][ T4316] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1008.495143][ T4316] usb 4-1: config 0 descriptor?? [ 1008.522035][ T4316] usb 4-1: can't set config #0, error -71 [ 1008.536944][ T4316] usb 4-1: USB disconnect, device number 22 [ 1008.576288][T14846] loop3: detected capacity change from 0 to 4096 [ 1008.668487][T14847] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1012.841532][ T4316] usb 1-1: new high-speed USB device number 25 using dummy_hcd [ 1012.933091][T14890] tmpfs: Unknown parameter 'ÿÿ' [ 1013.022027][ T4316] usb 1-1: Using ep0 maxpacket: 16 [ 1013.034186][ T4316] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1013.187414][ T4316] usb 1-1: config 0 has no interfaces? [ 1013.512101][ T4316] usb 1-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d [ 1013.556430][ T4316] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1013.624334][ T4316] usb 1-1: Product: syz [ 1013.639035][ T4316] usb 1-1: Manufacturer: syz [ 1013.659260][ T4316] usb 1-1: SerialNumber: syz [ 1013.694371][ T4316] usb 1-1: config 0 descriptor?? [ 1016.332028][T14913] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request [ 1017.176371][ T4315] usb 1-1: USB disconnect, device number 25 [ 1018.802797][T14949] tmpfs: Unknown parameter 'ÿÿ' [ 1019.406648][T14951] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2715'. [ 1019.781632][ T8376] usb 5-1: new high-speed USB device number 33 using dummy_hcd [ 1019.992515][ T8376] usb 5-1: Using ep0 maxpacket: 16 [ 1020.024900][ T8376] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1020.230289][ T8376] usb 5-1: config 0 has no interfaces? [ 1020.418483][ T8376] usb 5-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d [ 1020.435032][ T8376] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1020.452068][ T8376] usb 5-1: Product: syz [ 1020.456251][ T8376] usb 5-1: Manufacturer: syz [ 1020.460848][ T8376] usb 5-1: SerialNumber: syz [ 1020.716129][ T8376] usb 5-1: config 0 descriptor?? [ 1020.722431][T14972] loop3: detected capacity change from 0 to 8 [ 1021.733262][ T7013] usb 5-1: USB disconnect, device number 33 [ 1022.066799][T14989] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 1022.322541][T15000] tmpfs: Unknown parameter 'ÿÿ' [ 1024.485545][T14997] loop6: detected capacity change from 0 to 4096 [ 1024.941982][ T8376] usb 5-1: new high-speed USB device number 34 using dummy_hcd [ 1025.164097][ T8376] usb 5-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 1025.188355][ T6694] ntfs3: loop6: ntfs_evict_inode r=5 failed, -22. [ 1025.231230][T15020] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request [ 1025.262297][ T6694] ntfs3: loop6: Mark volume as dirty due to NTFS errors [ 1025.284877][ T8376] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1025.357825][ T8376] usb 5-1: Product: syz [ 1025.397424][ T8376] usb 5-1: Manufacturer: syz [ 1025.437043][ T8376] usb 5-1: SerialNumber: syz [ 1025.945546][T15027] loop0: detected capacity change from 0 to 4096 [ 1025.954529][ T8376] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -32 [ 1025.981218][T15033] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1025.996256][ T4285] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1026.008605][T15031] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1026.017555][T15031] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1026.026179][T15031] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1026.049464][T15031] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 1026.056832][T15031] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1026.070089][ T4282] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1026.079499][ T4282] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1026.087988][ T4282] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1026.097310][ T4282] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1026.106550][ T4282] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 1026.114785][ T4282] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1026.335536][T15040] vivid-007: disconnect [ 1027.097180][T15037] vivid-007: reconnect [ 1027.345383][T15029] chnl_net:caif_netlink_parms(): no params data found [ 1027.555237][ T8376] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000040. ret = -71 [ 1027.571825][ T8376] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00001000. ret = -71 [ 1027.590339][ T8376] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00001004. ret = -71 [ 1027.609250][ T8376] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00001008. ret = -71 [ 1027.704156][ T8376] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00001020. ret = -71 [ 1027.721708][ T8376] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00001028. ret = -71 [ 1027.743133][T15060] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2742'. [ 1027.752483][ T8376] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00001030. ret = -71 [ 1027.968458][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805630a000: rx timeout, send abort [ 1028.385233][ T8376] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00001018. ret = -71 [ 1028.397194][ T8376] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x0000011c. ret = -71 [ 1028.408826][ T8376] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 1028.521943][ T8376] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 1028.725358][ T8376] lan78xx: probe of 5-1:1.0 failed with error -71 [ 1030.441535][T15077] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request [ 1030.825818][ T8376] usb 5-1: USB disconnect, device number 34 [ 1031.011647][T15029] bridge0: port 1(bridge_slave_0) entered blocking state [ 1031.019004][T15029] bridge0: port 1(bridge_slave_0) entered disabled state [ 1031.102970][T15029] device bridge_slave_0 entered promiscuous mode [ 1031.111287][T15029] bridge0: port 2(bridge_slave_1) entered blocking state [ 1031.130318][T15029] bridge0: port 2(bridge_slave_1) entered disabled state [ 1031.236309][T15029] device bridge_slave_1 entered promiscuous mode [ 1032.738392][T15029] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1032.892848][T15029] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1033.784827][T15029] team0: Port device team_slave_0 added [ 1033.797111][T15117] loop6: detected capacity change from 0 to 2048 [ 1033.848010][T15111] loop0: detected capacity change from 0 to 4096 [ 1033.878064][T15117] UDF-fs: error (device loop6): udf_process_sequence: Primary Volume Descriptor not found! [ 1034.212152][T15117] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1034.258641][T15029] team0: Port device team_slave_1 added [ 1034.335914][T15119] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2758'. [ 1034.344991][T15119] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2758'. [ 1034.354383][T15122] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2758'. [ 1034.363391][T15122] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2758'. [ 1034.850356][T15029] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1035.670481][T15029] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1035.696422][ C1] vkms_vblank_simulate: vblank timer overrun [ 1035.737700][T15029] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1035.761168][ T4269] ntfs3: loop0: ntfs_evict_inode r=5 failed, -22. [ 1035.778636][ T4269] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 1035.910995][T15029] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1035.938357][T15029] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1036.457361][T15029] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1036.899687][T15029] device hsr_slave_0 entered promiscuous mode [ 1036.951845][T15029] device hsr_slave_1 entered promiscuous mode [ 1036.973863][T15029] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1036.991534][T15029] Cannot create hsr debugfs directory [ 1038.821992][T15174] tmpfs: Unknown parameter 'fscontext' [ 1040.149633][ T5107] device hsr_slave_0 left promiscuous mode [ 1040.165589][ T5107] device hsr_slave_1 left promiscuous mode [ 1040.278648][ T5107] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1040.421026][ T5107] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1040.614067][ T5107] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1040.777026][ T5107] device bridge_slave_1 left promiscuous mode [ 1040.830623][ T5107] bridge0: port 2(bridge_slave_1) entered disabled state [ 1040.916483][ T5107] device bridge_slave_0 left promiscuous mode [ 1040.979887][ T5107] bridge0: port 1(bridge_slave_0) entered disabled state [ 1041.429003][ T7013] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 1041.563795][ T5107] bond1 (unregistering): (slave dummy0): Releasing backup interface [ 1041.578530][ T5107] device dummy0 left promiscuous mode [ 1041.584623][ T5107] bond1 (unregistering): Released all slaves [ 1041.631511][ T7013] usb 4-1: Using ep0 maxpacket: 8 [ 1041.639529][ T7013] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 1041.658625][ T7013] usb 4-1: New USB device found, idVendor=0e41, idProduct=4750, bcdDevice= 0.40 [ 1041.681223][ T7013] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1041.689742][ T7013] usb 4-1: Product: syz [ 1041.694241][ T7013] usb 4-1: Manufacturer: syz [ 1041.698900][ T7013] usb 4-1: SerialNumber: syz [ 1042.020807][ T7013] usb 4-1: USB disconnect, device number 23 [ 1042.287364][ T5107] team0 (unregistering): Port device team_slave_1 removed [ 1042.466056][ T5107] team0 (unregistering): Port device team_slave_0 removed [ 1042.591128][ T5107] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1042.683466][T15032] udevd[15032]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1042.778321][ T5107] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1046.368597][T15261] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request [ 1046.632080][ T5107] bond0 (unregistering): Released all slaves [ 1047.052722][T15272] loop6: detected capacity change from 0 to 4096 [ 1047.210555][ T6694] ntfs3: loop6: ntfs_evict_inode r=5 failed, -22. [ 1047.219368][ T6694] ntfs3: loop6: Mark volume as dirty due to NTFS errors [ 1047.507281][T15280] device veth5 entered promiscuous mode [ 1048.500432][T15029] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1048.753506][T15029] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1049.188213][T15029] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1049.313669][T15029] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1049.361787][T15305] loop4: detected capacity change from 0 to 4096 [ 1049.419604][T15307] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1049.551653][ T4316] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 1049.620135][T15029] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1049.776230][ T9328] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1049.792932][ T9328] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1049.847565][ T4316] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1049.859631][ T4316] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024 [ 1049.861415][T15029] 8021q: adding VLAN 0 to HW filter on device team0 [ 1049.875663][ T4316] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1049.905575][ T4316] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1050.033386][ T4316] usb 4-1: Product: syz [ 1050.136925][ T4316] usb 4-1: Manufacturer: syz [ 1050.220477][ T4316] usb 4-1: SerialNumber: syz [ 1050.697346][ T4409] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1050.722181][ T4409] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1050.803940][ T4409] bridge0: port 1(bridge_slave_0) entered blocking state [ 1050.811059][ T4409] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1050.900755][ T4409] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1050.938897][ T4316] cdc_mbim 4-1:1.0: skipping garbage [ 1050.988785][ T4409] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1051.049289][ T4409] bridge0: port 2(bridge_slave_1) entered blocking state [ 1051.056421][ T4409] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1051.087696][ T4409] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1051.096591][ T4409] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1051.153031][T15303] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 1051.157426][ T4409] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1051.166813][T15340] loop4: detected capacity change from 0 to 128 [ 1051.199938][ T4409] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1051.230672][ T4409] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1051.257178][T15340] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 1051.258033][ T4409] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1051.296210][T15340] ext4 filesystem being mounted at /554/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 1051.347467][ T4409] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1051.376992][ T4409] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1051.547291][ T4409] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1051.724135][ T4409] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1051.796351][T15303] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 1051.846305][ T4316] cdc_mbim 4-1:1.0: setting tx_max = 184 [ 1051.885143][ T4409] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1051.984521][ T4316] cdc_mbim 4-1:1.0: cdc-wdm0: USB WDM device [ 1052.014860][ T4279] EXT4-fs (loop4): unmounting filesystem. [ 1052.021407][ T4409] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1052.045364][T15029] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1052.056840][ T4316] cdc_mbim 4-1:1.0 wwan0: register 'cdc_mbim' at usb-dummy_hcd.3-1, CDC MBIM, 46:8d:53:c4:f8:db [ 1052.070512][ T4316] usb 4-1: USB disconnect, device number 24 [ 1052.077126][ T4316] cdc_mbim 4-1:1.0 wwan0: unregister 'cdc_mbim' usb-dummy_hcd.3-1, CDC MBIM [ 1052.252683][T15359] loop0: detected capacity change from 0 to 4096 [ 1052.290654][T15362] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1052.958006][ T4409] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1052.976997][ T4409] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1053.020113][T15029] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1053.085990][ T5107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1053.946980][ T5107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1054.071394][ T4409] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1054.098804][ T4409] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1054.117425][ T4409] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1054.173029][ T4409] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1054.211665][T15029] device veth0_vlan entered promiscuous mode [ 1054.231953][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 1054.238267][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 1054.305122][T15029] device veth1_vlan entered promiscuous mode [ 1054.404542][ T5107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1054.438922][ T5107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1054.477315][T15029] device veth0_macvtap entered promiscuous mode [ 1054.703772][T15029] device veth1_macvtap entered promiscuous mode [ 1054.827943][T15029] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1054.867390][T15029] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1054.926614][T15029] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1054.972130][T15029] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1054.997484][T15417] loop6: detected capacity change from 0 to 256 [ 1055.031483][T15029] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1055.051495][T15029] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1055.096449][T15029] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1055.135578][T15417] exFAT-fs (loop6): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 1055.161970][T15415] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2826'. [ 1055.182773][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1055.190940][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 1055.207291][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1055.249693][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1055.308772][T15029] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1055.381533][T15029] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1055.401509][T15029] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1055.585227][T15029] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1055.752818][T15427] syz.6.2829: attempt to access beyond end of device [ 1055.752818][T15427] loop6: rw=524288, sector=280, nr_sectors = 128 limit=256 [ 1055.792237][T15427] syz.6.2829: attempt to access beyond end of device [ 1055.792237][T15427] loop6: rw=524288, sector=408, nr_sectors = 256 limit=256 [ 1055.806426][T15427] syz.6.2829: attempt to access beyond end of device [ 1055.806426][T15427] loop6: rw=0, sector=280, nr_sectors = 8 limit=256 [ 1055.827878][ T27] audit: type=1800 audit(1773350597.138:326): pid=15427 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.2829" name="file1" dev="loop6" ino=1048851 res=0 errno=0 [ 1055.982734][T15029] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1055.995184][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1056.017779][T15431] loop0: detected capacity change from 0 to 8 [ 1056.029932][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1056.100833][T15029] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1056.233316][T15029] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1056.296528][T15029] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1056.364465][T15029] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1056.993859][ T9321] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1057.021562][ T9321] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1057.042661][T15443] binder: 15442:15443 ioctl c018620c 200000000900 returned -1 [ 1057.063778][ T5278] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 1057.092254][ T9321] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1057.267215][ T9321] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1057.275750][ T5107] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 1057.673015][T15459] fuse: Bad value for 'fd' [ 1058.347735][T15471] loop6: detected capacity change from 0 to 256 [ 1058.437175][T15471] exFAT-fs (loop6): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x32e3664b, utbl_chksum : 0xe619d30d) [ 1058.810511][T15482] loop6: detected capacity change from 0 to 8 [ 1061.884568][T15498] vivid-007: disconnect [ 1062.071960][T15494] vivid-007: reconnect [ 1064.381543][T15537] loop3: detected capacity change from 0 to 4096 [ 1064.430857][T15539] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1064.641787][T15543] loop0: detected capacity change from 0 to 256 [ 1064.725656][T15543] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 1065.578590][T15553] syz.0.2862: attempt to access beyond end of device [ 1065.578590][T15553] loop0: rw=524288, sector=280, nr_sectors = 128 limit=256 [ 1065.604592][T15553] syz.0.2862: attempt to access beyond end of device [ 1065.604592][T15553] loop0: rw=524288, sector=408, nr_sectors = 256 limit=256 [ 1065.618738][T15553] syz.0.2862: attempt to access beyond end of device [ 1065.618738][T15553] loop0: rw=0, sector=280, nr_sectors = 8 limit=256 [ 1065.633328][ T27] audit: type=1800 audit(1773350606.948:327): pid=15553 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.2862" name="file1" dev="loop0" ino=1048857 res=0 errno=0 [ 1065.887790][T15558] loop6: detected capacity change from 0 to 1024 [ 1066.071289][T15562] loop3: detected capacity change from 0 to 2048 [ 1066.101093][ T9321] hfsplus: b-tree write err: -5, ino 25 [ 1066.107066][ T9321] hfsplus: b-tree write err: -5, ino 4 [ 1066.125200][ T9321] hfsplus: b-tree write err: -5, ino 2 [ 1066.456507][T15562] UDF-fs: error (device loop3): udf_process_sequence: Primary Volume Descriptor not found! [ 1066.524383][T15562] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1067.392680][T15585] loop3: detected capacity change from 0 to 128 [ 1067.411211][T15585] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 1067.421062][T15585] ext4 filesystem being mounted at /591/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 1067.485734][T15591] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2873'. [ 1069.438862][ T4275] EXT4-fs (loop3): unmounting filesystem. [ 1069.703390][T15613] vivid-007: disconnect [ 1070.427452][T15607] vivid-007: reconnect [ 1070.730582][T15609] loop3: detected capacity change from 0 to 4096 [ 1071.552821][T15634] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request [ 1072.009081][ T4275] ntfs3: loop3: ntfs_evict_inode r=5 failed, -22. [ 1072.016218][ T4275] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 1072.491982][ T4316] usb 7-1: new high-speed USB device number 19 using dummy_hcd [ 1072.765858][ T4316] usb 7-1: Using ep0 maxpacket: 16 [ 1072.778829][ T4316] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1072.919930][ T4316] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1072.947963][ T4316] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1073.093319][ T4316] usb 7-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00 [ 1073.146871][ T4316] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1073.202294][ T4316] usb 7-1: config 0 descriptor?? [ 1073.626708][ T4316] apple 0003:05AC:0244.0002: unknown main item tag 0x0 [ 1073.643315][ T4316] apple 0003:05AC:0244.0002: unknown main item tag 0x0 [ 1073.667981][ T4316] apple 0003:05AC:0244.0002: unknown main item tag 0x0 [ 1073.690696][ T4316] apple 0003:05AC:0244.0002: unknown main item tag 0x0 [ 1073.698202][ T4316] apple 0003:05AC:0244.0002: unknown main item tag 0x0 [ 1073.708824][ T4316] apple 0003:05AC:0244.0002: unknown main item tag 0x0 [ 1073.718692][ T4316] apple 0003:05AC:0244.0002: unknown main item tag 0x0 [ 1073.725891][ T4316] apple 0003:05AC:0244.0002: unknown main item tag 0x0 [ 1073.736996][ T4316] apple 0003:05AC:0244.0002: unknown main item tag 0x0 [ 1073.746097][ T4316] apple 0003:05AC:0244.0002: unknown main item tag 0x0 [ 1073.755043][ T4316] apple 0003:05AC:0244.0002: unknown main item tag 0x0 [ 1073.765180][ T4316] apple 0003:05AC:0244.0002: unknown main item tag 0x0 [ 1073.831095][T15668] vivid-007: disconnect [ 1074.509723][ T4316] apple 0003:05AC:0244.0002: unknown main item tag 0x0 [ 1074.556693][ T4316] apple 0003:05AC:0244.0002: unknown main item tag 0x0 [ 1074.560509][T15665] vivid-007: reconnect [ 1074.563996][ T4316] apple 0003:05AC:0244.0002: unknown main item tag 0x0 [ 1074.597545][ T4316] apple 0003:05AC:0244.0002: unknown main item tag 0x0 [ 1074.597572][ T4316] apple 0003:05AC:0244.0002: unknown main item tag 0x0 [ 1074.597594][ T4316] apple 0003:05AC:0244.0002: unknown main item tag 0x0 [ 1074.597614][ T4316] apple 0003:05AC:0244.0002: unknown main item tag 0x0 [ 1074.597636][ T4316] apple 0003:05AC:0244.0002: unknown main item tag 0x0 [ 1074.597658][ T4316] apple 0003:05AC:0244.0002: unknown main item tag 0x0 [ 1074.597679][ T4316] apple 0003:05AC:0244.0002: unknown main item tag 0x0 [ 1074.597700][ T4316] apple 0003:05AC:0244.0002: unknown main item tag 0x0 [ 1074.597721][ T4316] apple 0003:05AC:0244.0002: unknown main item tag 0x0 [ 1074.597742][ T4316] apple 0003:05AC:0244.0002: unknown main item tag 0x0 [ 1074.597763][ T4316] apple 0003:05AC:0244.0002: unknown main item tag 0x0 [ 1074.597783][ T4316] apple 0003:05AC:0244.0002: unknown main item tag 0x0 [ 1074.597803][ T4316] apple 0003:05AC:0244.0002: unknown main item tag 0x0 [ 1074.597824][ T4316] apple 0003:05AC:0244.0002: unknown main item tag 0x0 [ 1074.597854][ T4316] apple 0003:05AC:0244.0002: unknown main item tag 0x0 [ 1074.597874][ T4316] apple 0003:05AC:0244.0002: unknown main item tag 0x0 [ 1074.597896][ T4316] apple 0003:05AC:0244.0002: unknown main item tag 0x0 [ 1074.597918][ T4316] apple 0003:05AC:0244.0002: unknown main item tag 0x0 [ 1074.597938][ T4316] apple 0003:05AC:0244.0002: unknown main item tag 0x0 [ 1074.597958][ T4316] apple 0003:05AC:0244.0002: unknown main item tag 0x0 [ 1074.597979][ T4316] apple 0003:05AC:0244.0002: unknown main item tag 0x0 [ 1074.597998][ T4316] apple 0003:05AC:0244.0002: unknown main item tag 0x0 [ 1074.598018][ T4316] apple 0003:05AC:0244.0002: unknown main item tag 0x0 [ 1074.602305][ T4316] apple 0003:05AC:0244.0002: hidraw0: USB HID v0.04 Device [HID 05ac:0244] on usb-dummy_hcd.6-1/input0 [ 1074.604636][ T4316] usb 7-1: USB disconnect, device number 19 [ 1075.098664][T15690] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request [ 1075.747422][T15697] loop4: detected capacity change from 0 to 128 [ 1075.868537][T15697] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 1075.868961][T15697] ext4 filesystem being mounted at /576/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 1076.097431][T15682] fido_id[15682]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.6/usb7/report_descriptor': No such file or directory [ 1076.136582][ T4279] EXT4-fs (loop4): unmounting filesystem. [ 1076.352971][T15713] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2904'. [ 1076.491606][ T4315] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 1076.676327][ T4315] usb 4-1: Using ep0 maxpacket: 8 [ 1076.677983][ T4315] usb 4-1: config 179 has an invalid descriptor of length 0, skipping remainder of the config [ 1076.678007][ T4315] usb 4-1: config 179 has 0 interfaces, different from the descriptor's value: 1 [ 1076.678038][ T4315] usb 4-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00 [ 1076.678062][ T4315] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1077.001404][T15672] tty tty1: ldisc open failed (-12), clearing slot 0 [ 1077.208651][T15727] vivid-007: disconnect [ 1077.910288][T15724] vivid-007: reconnect [ 1080.024999][ T5136] usb 4-1: USB disconnect, device number 25 [ 1080.056489][T15747] loop1: detected capacity change from 0 to 128 [ 1080.178446][T15747] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 1080.221942][T15747] ext4 filesystem being mounted at /18/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 1081.422609][T15029] EXT4-fs (loop1): unmounting filesystem. [ 1082.143119][T15784] vivid-007: disconnect [ 1082.493328][T15779] vivid-007: reconnect [ 1082.690411][T15798] netlink: 20 bytes leftover after parsing attributes in process `syz.6.2927'. [ 1082.734708][T15031] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1082.747829][T15031] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1082.757319][T15031] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1082.769637][T15031] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1082.777388][T15031] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 1082.784744][T15031] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1082.941742][ T4315] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 1083.008264][ T51] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1083.095945][T15811] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2928'. [ 1083.151570][ T4315] usb 2-1: Using ep0 maxpacket: 8 [ 1083.158057][ T4315] usb 2-1: config 179 has an invalid descriptor of length 0, skipping remainder of the config [ 1083.186763][ T4315] usb 2-1: config 179 has 0 interfaces, different from the descriptor's value: 1 [ 1083.204582][ T4315] usb 2-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00 [ 1083.241122][ T4315] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1083.313836][ T51] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1083.466613][ T51] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1083.541083][ T51] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1083.571238][T15801] chnl_net:caif_netlink_parms(): no params data found [ 1083.771296][T15801] bridge0: port 1(bridge_slave_0) entered blocking state [ 1083.809702][T15801] bridge0: port 1(bridge_slave_0) entered disabled state [ 1083.832629][T15801] device bridge_slave_0 entered promiscuous mode [ 1083.940484][T15801] bridge0: port 2(bridge_slave_1) entered blocking state [ 1083.955078][T15801] bridge0: port 2(bridge_slave_1) entered disabled state [ 1083.985614][T15801] device bridge_slave_1 entered promiscuous mode [ 1084.062199][T15822] lo: Caught tx_queue_len zero misconfig [ 1084.078158][T15822] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 1084.142177][ T51] tipc: Left network mode [ 1084.169922][T15801] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1084.226625][T15801] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1084.546246][T15801] team0: Port device team_slave_0 added [ 1084.574180][T15801] team0: Port device team_slave_1 added [ 1084.780476][T15801] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1084.793894][T15801] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1084.886506][ T4282] Bluetooth: hci1: command 0x0409 tx timeout [ 1084.937429][T15801] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1085.311756][T15801] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1085.516886][T15801] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1085.542855][ C1] vkms_vblank_simulate: vblank timer overrun [ 1085.638187][T15801] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1085.641062][T15845] loop4: detected capacity change from 0 to 256 [ 1085.709515][ T1169] usb 2-1: USB disconnect, device number 12 [ 1085.774207][T15845] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 1086.954296][T15031] Bluetooth: hci1: command 0x041b tx timeout [ 1087.093978][T15866] syz.4.2933: attempt to access beyond end of device [ 1087.093978][T15866] loop4: rw=524288, sector=280, nr_sectors = 128 limit=256 [ 1087.109927][T15866] syz.4.2933: attempt to access beyond end of device [ 1087.109927][T15866] loop4: rw=524288, sector=408, nr_sectors = 256 limit=256 [ 1087.123778][T15866] syz.4.2933: attempt to access beyond end of device [ 1087.123778][T15866] loop4: rw=0, sector=280, nr_sectors = 8 limit=256 [ 1087.161633][ T27] audit: type=1800 audit(1773350628.458:328): pid=15866 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.2933" name="file1" dev="loop4" ino=1048859 res=0 errno=0 [ 1087.199388][T15870] vivid-007: disconnect [ 1087.909668][T15861] vivid-007: reconnect [ 1088.103410][T15801] device hsr_slave_0 entered promiscuous mode [ 1088.162181][T15801] device hsr_slave_1 entered promiscuous mode [ 1088.269208][T15801] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1088.286378][T15801] Cannot create hsr debugfs directory [ 1089.023530][T15031] Bluetooth: hci1: command 0x040f tx timeout [ 1090.510342][T15892] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 1092.080567][T15031] Bluetooth: hci1: command 0x0419 tx timeout [ 1092.091031][T15916] vivid-007: disconnect [ 1092.728723][T15908] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2946'. [ 1092.742720][T15908] netlink: 24 bytes leftover after parsing attributes in process `syz.6.2946'. [ 1092.762041][T15912] vivid-007: reconnect [ 1092.805289][T15908] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2946'. [ 1092.814220][T15908] netlink: 24 bytes leftover after parsing attributes in process `syz.6.2946'. [ 1092.865138][T15922] loop1: detected capacity change from 0 to 64 [ 1094.271049][ T51] device hsr_slave_0 left promiscuous mode [ 1094.288007][ T51] device hsr_slave_1 left promiscuous mode [ 1094.432095][T15950] netlink: 'syz.1.2954': attribute type 2 has an invalid length. [ 1094.447346][ T51] device veth1_macvtap left promiscuous mode [ 1094.647467][T15955] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request [ 1095.191495][ T51] device veth0_macvtap left promiscuous mode [ 1095.222274][ T51] device veth1_vlan left promiscuous mode [ 1095.246687][ T51] device veth0_vlan left promiscuous mode [ 1095.943099][ T51] bond1 (unregistering): (slave dummy0): Releasing backup interface [ 1095.951988][ T51] device dummy0 left promiscuous mode [ 1095.957660][ T51] bond1 (unregistering): Released all slaves [ 1096.195830][T15973] vivid-007: disconnect [ 1096.909001][T15970] vivid-007: reconnect [ 1096.993772][T15978] loop4: detected capacity change from 0 to 256 [ 1097.027161][T15978] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 1097.583853][T15981] syz.4.2962: attempt to access beyond end of device [ 1097.583853][T15981] loop4: rw=524288, sector=280, nr_sectors = 128 limit=256 [ 1097.604958][T15981] syz.4.2962: attempt to access beyond end of device [ 1097.604958][T15981] loop4: rw=524288, sector=408, nr_sectors = 256 limit=256 [ 1097.619087][T15981] syz.4.2962: attempt to access beyond end of device [ 1097.619087][T15981] loop4: rw=0, sector=280, nr_sectors = 8 limit=256 [ 1097.643230][ T27] audit: type=1800 audit(1773350638.948:329): pid=15981 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.2962" name="file1" dev="loop4" ino=1048861 res=0 errno=0 [ 1098.275841][ T51] bond0 (unregistering): Released all slaves [ 1098.452391][T15975] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2961'. [ 1098.461328][T15975] netlink: 24 bytes leftover after parsing attributes in process `syz.6.2961'. [ 1098.470528][T15976] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2961'. [ 1098.520489][T15976] netlink: 24 bytes leftover after parsing attributes in process `syz.6.2961'. [ 1098.697394][T15989] loop1: detected capacity change from 0 to 64 [ 1098.903887][T15801] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1098.917929][T15801] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1099.152995][T15801] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1099.338566][T15801] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1099.945797][T15997] loop1: detected capacity change from 0 to 128 [ 1100.458176][T15997] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 1100.513313][T15997] ext4 filesystem being mounted at /32/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 1100.891269][T15801] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1100.938599][ T4478] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1100.965670][ T4478] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1100.984362][T15801] 8021q: adding VLAN 0 to HW filter on device team0 [ 1101.074806][T15029] EXT4-fs (loop1): unmounting filesystem. [ 1101.298865][ T5107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1101.339763][ T5107] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1101.484668][ T5107] bridge0: port 1(bridge_slave_0) entered blocking state [ 1101.491881][ T5107] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1101.676170][T16024] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request [ 1101.817830][T15801] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1101.862805][T15801] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1102.299686][ T5107] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1102.359184][ T5107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1102.409749][ T5107] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1102.466807][ T5107] bridge0: port 2(bridge_slave_1) entered blocking state [ 1102.473952][ T5107] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1102.527032][T16036] loop4: detected capacity change from 0 to 64 [ 1102.535181][T16037] netlink: 'syz.1.2973': attribute type 2 has an invalid length. [ 1102.591830][ T5107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1102.640321][T16040] loop6: detected capacity change from 0 to 4096 [ 1102.690145][ T5107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1102.772860][T16043] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1102.900654][ T5107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1102.961017][ T5107] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1103.006721][ T5107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1103.087114][ T5107] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1103.155839][ T5107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1103.213757][ T5107] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1103.257730][ T5107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1103.369950][ T5107] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1103.416106][ T5107] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1103.436442][ T5107] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1105.199806][ T4478] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1105.212076][ T4478] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1105.225973][T15801] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1105.249591][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1105.280116][T16069] loop1: detected capacity change from 0 to 256 [ 1105.327613][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1105.409346][T15801] device veth0_vlan entered promiscuous mode [ 1105.437653][T16069] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 1105.459518][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1105.489029][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1105.555109][T15801] device veth1_vlan entered promiscuous mode [ 1105.589578][T16068] loop0: detected capacity change from 0 to 4096 [ 1105.742988][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1105.814262][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1105.872830][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 1106.034782][T16082] syz.1.2979: attempt to access beyond end of device [ 1106.034782][T16082] loop1: rw=524288, sector=280, nr_sectors = 128 limit=256 [ 1106.118834][T16082] syz.1.2979: attempt to access beyond end of device [ 1106.118834][T16082] loop1: rw=524288, sector=408, nr_sectors = 256 limit=256 [ 1106.133224][T16082] syz.1.2979: attempt to access beyond end of device [ 1106.133224][T16082] loop1: rw=0, sector=280, nr_sectors = 8 limit=256 [ 1106.158641][ T27] audit: type=1800 audit(1773350647.468:330): pid=16082 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.2979" name="file1" dev="loop1" ino=1048863 res=0 errno=0 [ 1106.442512][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 1106.486608][T15801] device veth0_macvtap entered promiscuous mode [ 1106.504612][ T4269] ntfs3: loop0: ntfs_evict_inode r=5 failed, -22. [ 1106.533505][ T4269] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 1106.544994][ T4478] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1106.562053][ T4478] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1106.584350][T15801] device veth1_macvtap entered promiscuous mode [ 1106.752749][ T4478] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1106.768086][ T4478] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 1107.028417][T16093] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request [ 1107.820865][T15801] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1107.911520][T15801] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1107.925907][T16105] loop4: detected capacity change from 0 to 64 [ 1107.967616][T15801] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1107.991948][T15801] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1108.783341][T15801] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1108.817309][T15801] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1108.875551][T15801] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1108.886890][T15801] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1108.900244][T15801] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1108.910870][T15801] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1108.922063][T15801] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1108.934002][T15801] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1108.946165][T15801] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1108.960005][T15801] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1108.990686][T15801] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1109.044734][T15801] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1109.070006][ T4409] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1109.088664][ T4409] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1109.149334][ T4409] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1109.176622][ T4409] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1109.315639][T15801] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1109.327717][T15801] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1109.336496][T15801] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1109.345705][T15801] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1109.369399][T16123] netlink: 'syz.6.2990': attribute type 2 has an invalid length. [ 1110.206816][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1110.230970][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1110.270031][ T9328] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 1110.317480][ T4615] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1110.342335][ T4615] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1110.374984][ T51] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 1110.585326][T16146] vivid-007: disconnect [ 1111.110046][T16150] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request [ 1111.313545][T16142] vivid-007: reconnect [ 1111.565917][T16157] loop6: detected capacity change from 0 to 256 [ 1111.596055][T16157] exFAT-fs (loop6): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 1113.203513][T16163] syz.6.2997: attempt to access beyond end of device [ 1113.203513][T16163] loop6: rw=524288, sector=280, nr_sectors = 128 limit=256 [ 1113.287335][T16163] syz.6.2997: attempt to access beyond end of device [ 1113.287335][T16163] loop6: rw=524288, sector=408, nr_sectors = 256 limit=256 [ 1113.301258][T16163] syz.6.2997: attempt to access beyond end of device [ 1113.301258][T16163] loop6: rw=0, sector=280, nr_sectors = 8 limit=256 [ 1113.316308][ T27] audit: type=1800 audit(1773350654.628:331): pid=16163 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.2997" name="file1" dev="loop6" ino=1048868 res=0 errno=0 [ 1115.526662][T16199] netlink: 'syz.4.3004': attribute type 2 has an invalid length. [ 1115.665877][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 1116.249805][T16217] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request [ 1116.934354][T16225] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3010'. [ 1116.944501][T16225] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3010'. [ 1116.956875][T16225] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3010'. [ 1116.966028][T16225] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3010'. [ 1118.324362][ T4282] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1118.334827][ T4282] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1118.350524][ T4282] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1118.364445][ T4282] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1118.623675][ T4285] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 1118.635876][ T4285] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1119.132628][ T8624] bond1: (slave syz_tun): Releasing active interface [ 1119.751079][T16237] chnl_net:caif_netlink_parms(): no params data found [ 1120.209126][T16237] bridge0: port 1(bridge_slave_0) entered blocking state [ 1120.223650][T16237] bridge0: port 1(bridge_slave_0) entered disabled state [ 1120.268745][T16237] device bridge_slave_0 entered promiscuous mode [ 1120.318840][T16237] bridge0: port 2(bridge_slave_1) entered blocking state [ 1120.331606][T16237] bridge0: port 2(bridge_slave_1) entered disabled state [ 1120.349535][T16237] device bridge_slave_1 entered promiscuous mode [ 1120.455338][T16237] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1120.521101][T16237] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1120.615816][T16237] team0: Port device team_slave_0 added [ 1120.625647][T16237] team0: Port device team_slave_1 added [ 1120.701535][T15031] Bluetooth: hci3: command 0x0409 tx timeout [ 1120.735032][T16237] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1120.742973][T16237] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1120.769054][T16237] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1120.872264][T16237] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1120.881367][T16237] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1121.062840][T16237] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1122.567712][T16237] device hsr_slave_0 entered promiscuous mode [ 1122.590664][T16237] device hsr_slave_1 entered promiscuous mode [ 1122.783038][T15031] Bluetooth: hci3: command 0x041b tx timeout [ 1123.157610][T16237] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1123.351551][T16237] Cannot create hsr debugfs directory [ 1123.786895][T16335] loop0: detected capacity change from 0 to 512 [ 1123.805027][T16333] netlink: 'syz.3.3036': attribute type 2 has an invalid length. [ 1123.834409][T16335] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 1123.859617][T16337] loop1: detected capacity change from 0 to 64 [ 1123.878047][T16335] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 1123.936457][T16335] EXT4-fs (loop0): 1 truncate cleaned up [ 1123.943216][T16335] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 1124.132243][T16335] loop0: detected capacity change from 512 to 64 [ 1124.314832][ T4269] EXT4-fs warning (device loop0): ext4_empty_dir:3166: inode #11: lblock 5: comm syz-executor: error -12 reading directory block [ 1124.408363][ T4269] EXT4-fs warning (device loop0): ext4_empty_dir:3166: inode #11: lblock 5: comm syz-executor: error -12 reading directory block [ 1124.430080][ T4269] EXT4-fs warning (device loop0): ext4_empty_dir:3166: inode #11: lblock 5: comm syz-executor: error -12 reading directory block [ 1124.481039][ T9331] device hsr_slave_0 left promiscuous mode [ 1124.489789][ T9331] device hsr_slave_1 left promiscuous mode [ 1124.500022][ T4269] EXT4-fs warning (device loop0): ext4_empty_dir:3166: inode #11: lblock 5: comm syz-executor: error -12 reading directory block [ 1124.521285][ T9331] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1124.530820][ T9331] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1124.545657][ T4269] EXT4-fs warning (device loop0): ext4_empty_dir:3166: inode #11: lblock 5: comm syz-executor: error -12 reading directory block [ 1124.564272][ T9331] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1124.572370][ T4269] EXT4-fs warning (device loop0): ext4_empty_dir:3166: inode #11: lblock 5: comm syz-executor: error -12 reading directory block [ 1124.586512][ T9331] device bridge_slave_1 left promiscuous mode [ 1124.592884][ T9331] bridge0: port 2(bridge_slave_1) entered disabled state [ 1124.601989][ T9331] device bridge_slave_0 left promiscuous mode [ 1124.608692][ T4269] EXT4-fs warning (device loop0): ext4_empty_dir:3166: inode #11: lblock 5: comm syz-executor: error -12 reading directory block [ 1124.638419][ T9331] bridge0: port 1(bridge_slave_0) entered disabled state [ 1124.648477][ T4269] EXT4-fs warning (device loop0): ext4_empty_dir:3166: inode #11: lblock 5: comm syz-executor: error -12 reading directory block [ 1124.664401][ T4269] EXT4-fs warning (device loop0): ext4_empty_dir:3166: inode #11: lblock 5: comm syz-executor: error -12 reading directory block [ 1124.702909][ T4269] EXT4-fs warning (device loop0): ext4_empty_dir:3166: inode #11: lblock 5: comm syz-executor: error -12 reading directory block [ 1124.861576][T15031] Bluetooth: hci3: command 0x040f tx timeout [ 1125.393773][ T9331] bond1 (unregistering): Released all slaves [ 1126.337831][T16386] netlink: 'syz.3.3049': attribute type 2 has an invalid length. [ 1127.045540][T15031] Bluetooth: hci3: command 0x0419 tx timeout [ 1127.441788][ T9331] team0 (unregistering): Port device team_slave_1 removed [ 1127.500444][ T9331] team0 (unregistering): Port device team_slave_0 removed [ 1127.582303][ T9331] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1127.594997][T16399] loop1: detected capacity change from 0 to 4096 [ 1127.655068][ T9331] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1127.716522][T16400] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1128.212923][ T9331] bond0 (unregistering): Released all slaves [ 1128.404819][ T4269] bond1: (slave syz_tun): Releasing active interface [ 1128.491288][ T4269] EXT4-fs (loop0): unmounting filesystem. [ 1129.111267][T16406] loop3: detected capacity change from 0 to 1024 [ 1129.183423][T16406] EXT4-fs: Ignoring removed bh option [ 1129.232454][T16406] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 1129.418901][T16406] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 1129.451133][T16406] EXT4-fs (loop3): unmounting filesystem. [ 1129.498554][T16237] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1129.523331][T16237] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1129.538285][T16237] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1129.581527][T16237] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1129.706236][T16415] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3057'. [ 1130.595302][ T9331] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1130.667391][T16237] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1130.789068][ T9331] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1130.829600][T16237] 8021q: adding VLAN 0 to HW filter on device team0 [ 1130.860809][ T4409] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1130.879611][ T4409] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1131.028791][ T9331] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1131.100251][ T5278] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1131.145654][ T5278] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1131.210420][ T5278] bridge0: port 1(bridge_slave_0) entered blocking state [ 1131.217572][ T5278] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1131.289050][ T5278] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1131.340622][ T4285] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1131.353829][ T4285] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1131.365240][ T4285] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1131.374995][ T4285] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1131.384645][ T4285] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 1131.392462][ T4285] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1131.430284][ T5278] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1131.460606][ T5278] bridge0: port 2(bridge_slave_1) entered blocking state [ 1131.467749][ T5278] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1131.569028][ T9331] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1131.637336][ T5278] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1131.655204][ T5278] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1131.749745][ T4445] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1131.792421][ T4445] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1131.844950][ T4445] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1131.951905][ T4445] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1131.972757][T16461] vivid-007: disconnect [ 1132.002805][ T4445] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1132.034961][ T4445] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1132.083914][ T4445] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1132.171148][ T4445] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1132.222949][T16237] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1132.269135][T16237] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1132.383051][ T5239] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1132.423027][ T5239] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1132.670647][T16464] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1132.745504][T16459] vivid-007: reconnect [ 1133.127729][ T4615] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1133.140662][ T4615] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1133.156562][ T7012] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 1133.204994][T16237] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1133.230661][T16452] chnl_net:caif_netlink_parms(): no params data found [ 1133.262856][T16485] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3068'. [ 1133.343187][ T7012] usb 2-1: config index 0 descriptor too short (expected 39, got 27) [ 1133.356013][ T7012] usb 2-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 1133.367650][ T7012] usb 2-1: config 0 interface 0 has no altsetting 0 [ 1133.390630][ T7012] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 1133.421689][ T4285] Bluetooth: hci2: command 0x0409 tx timeout [ 1133.431781][ T7012] usb 2-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 1133.448846][ T7012] usb 2-1: Product: syz [ 1133.458751][ T7012] usb 2-1: Manufacturer: syz [ 1133.469250][ T7012] usb 2-1: SerialNumber: syz [ 1133.492443][ T7012] usb 2-1: config 0 descriptor?? [ 1133.514689][T16490] netlink: 40 bytes leftover after parsing attributes in process `syz.6.3069'. [ 1133.517150][ T7012] hub 2-1:0.0: bad descriptor, ignoring hub [ 1133.530651][ T7012] hub: probe of 2-1:0.0 failed with error -5 [ 1133.540276][ T7012] usb 2-1: selecting invalid altsetting 0 [ 1133.852176][ T7012] usb 2-1: USB disconnect, device number 13 [ 1133.988006][T16452] bridge0: port 1(bridge_slave_0) entered blocking state [ 1133.999764][T16452] bridge0: port 1(bridge_slave_0) entered disabled state [ 1134.013181][T16452] device bridge_slave_0 entered promiscuous mode [ 1134.030239][T16452] bridge0: port 2(bridge_slave_1) entered blocking state [ 1134.037630][T16452] bridge0: port 2(bridge_slave_1) entered disabled state [ 1134.049847][T16452] device bridge_slave_1 entered promiscuous mode [ 1134.666581][T16452] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1134.779719][T16452] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1135.120967][T16452] team0: Port device team_slave_0 added [ 1135.793434][ T4285] Bluetooth: hci2: command 0x041b tx timeout [ 1136.077751][T16526] loop1: detected capacity change from 0 to 4096 [ 1136.193174][T16527] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1136.319144][T16452] team0: Port device team_slave_1 added [ 1136.989069][ T4547] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1137.007905][ T4547] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1137.838303][T16237] device veth0_vlan entered promiscuous mode [ 1137.853304][ T4285] Bluetooth: hci2: command 0x040f tx timeout [ 1137.968642][T16452] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1137.981727][T16452] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1138.091568][T16452] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1138.151678][T16546] loop3: detected capacity change from 0 to 64 [ 1138.189404][ T4445] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1138.198462][ T4445] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1138.623822][T16554] netlink: 'syz.3.3081': attribute type 2 has an invalid length. [ 1138.665641][T16452] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1138.679995][T16452] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1139.472740][T16452] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1139.596004][ T4445] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1139.615230][ T4445] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1139.795060][T16237] device veth1_vlan entered promiscuous mode [ 1139.890332][T16237] device veth0_macvtap entered promiscuous mode [ 1139.902061][ T4285] Bluetooth: hci2: command 0x0419 tx timeout [ 1139.935709][ T5239] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1139.991049][ T5239] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1140.057778][ T9331] device hsr_slave_0 left promiscuous mode [ 1140.205668][ T9331] device hsr_slave_1 left promiscuous mode [ 1140.221900][ T9331] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1140.229347][ T9331] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1140.259368][ T9331] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1140.275597][ T9331] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1140.290353][ T9331] device bridge_slave_1 left promiscuous mode [ 1140.300959][ T9331] bridge0: port 2(bridge_slave_1) entered disabled state [ 1140.326145][ T9331] device bridge_slave_0 left promiscuous mode [ 1140.357995][ T9331] bridge0: port 1(bridge_slave_0) entered disabled state [ 1140.457647][ T9331] device veth1_macvtap left promiscuous mode [ 1140.473829][ T9331] device veth0_macvtap left promiscuous mode [ 1140.503485][ T9331] device veth1_vlan left promiscuous mode [ 1140.509317][ T9331] device veth0_vlan left promiscuous mode [ 1140.931418][T16591] loop3: detected capacity change from 0 to 64 [ 1141.904007][ T9331] bond1 (unregistering): Released all slaves [ 1143.613530][ C0] vcan0: j1939_tp_rxtimer: 0xffff888057aeb000: rx timeout, send abort [ 1143.880015][ T9331] team0 (unregistering): Port device team_slave_1 removed [ 1143.942253][ T9331] team0 (unregistering): Port device team_slave_0 removed [ 1144.004383][ T9331] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1144.061680][ T9331] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1144.106736][ C0] vcan0: j1939_tp_rxtimer: 0xffff88807c647800: rx timeout, send abort [ 1144.121788][ C0] vcan0: j1939_tp_rxtimer: 0xffff888057aeb000: abort rx timeout. Force session deactivation [ 1144.597097][ T9331] bond0 (unregistering): Released all slaves [ 1144.614965][ C0] vcan0: j1939_tp_rxtimer: 0xffff88807c647800: abort rx timeout. Force session deactivation [ 1144.689724][T16612] netlink: 'syz.3.3094': attribute type 2 has an invalid length. [ 1144.727827][ T5239] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1144.739183][T16452] device hsr_slave_0 entered promiscuous mode [ 1144.746112][T16452] device hsr_slave_1 entered promiscuous mode [ 1144.778361][T16609] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3093'. [ 1144.814097][T16237] device veth1_macvtap entered promiscuous mode [ 1145.328477][T16237] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1145.340011][T16237] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1145.350223][T16237] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1145.371020][T16237] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1145.392851][T16237] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1145.415811][T16237] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1145.439296][T16237] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1145.468237][ T4615] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1145.481598][T13657] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 1145.494913][ T4615] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1145.543919][T16237] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1145.562824][T16237] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1145.603214][T16237] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1145.613998][T16237] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1145.624159][T16237] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1145.643610][T16237] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1145.681516][T13657] usb 4-1: Using ep0 maxpacket: 16 [ 1145.695655][T13657] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 1145.714136][T16237] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1145.722528][T13657] usb 4-1: can't read configurations, error -61 [ 1145.740148][ T4615] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1145.759986][ T4615] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1145.800388][T16237] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1145.822192][T16237] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1145.846928][T16237] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1145.870389][T16237] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1145.887115][T13657] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 1146.064393][T16452] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 1146.080507][ T5239] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1146.091955][T13657] usb 4-1: Using ep0 maxpacket: 16 [ 1146.098977][ T5239] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1146.106671][T13657] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 1146.112449][T16452] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 1146.131614][ T4445] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 1146.150887][T16452] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 1146.180076][T13657] usb 4-1: can't read configurations, error -61 [ 1146.285737][T13657] usb usb4-port1: attempt power cycle [ 1146.303077][ T5239] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1146.310969][ T5239] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1146.319496][ T5239] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 1146.366119][T16452] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 1146.760784][T16452] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1146.791750][T13657] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 1146.825725][T16452] 8021q: adding VLAN 0 to HW filter on device team0 [ 1146.835770][T13657] usb 4-1: Using ep0 maxpacket: 16 [ 1146.848312][T13657] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 1146.879111][T13657] usb 4-1: can't read configurations, error -61 [ 1147.303362][T13657] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 1147.332222][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1147.340271][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1147.481201][T13657] usb 4-1: Using ep0 maxpacket: 16 [ 1147.517077][T13657] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 1147.523476][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1147.525105][T13657] usb 4-1: can't read configurations, error -61 [ 1147.533463][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1147.551523][ T8376] usb 5-1: new high-speed USB device number 35 using dummy_hcd [ 1147.639900][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 1147.647070][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1148.201275][T13657] usb usb4-port1: unable to enumerate USB device [ 1148.272303][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1148.362927][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1148.381761][ T8376] usb 5-1: Using ep0 maxpacket: 8 [ 1148.392999][ T8376] usb 5-1: config 179 has an invalid interface number: 65 but max is 0 [ 1148.397046][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 1148.401251][ T8376] usb 5-1: config 179 has an invalid descriptor of length 0, skipping remainder of the config [ 1148.408358][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1148.439142][ T8376] usb 5-1: config 179 has no interface number 0 [ 1148.445934][ T8376] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 63, changing to 9 [ 1148.462397][ T8376] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 57605, setting to 1024 [ 1148.479398][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1148.496543][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1148.505889][ T8376] usb 5-1: config 179 interface 65 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 23 [ 1148.550337][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1148.621541][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1148.631590][ T8376] usb 5-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00 [ 1149.308506][ T8376] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1149.529685][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1149.561992][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1149.584439][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1149.605853][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1149.640022][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1149.664204][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1149.682487][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1149.701978][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1149.736375][T16681] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3106'. [ 1149.761203][T16452] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1149.972552][T16683] loop1: detected capacity change from 0 to 4096 [ 1150.140201][T15029] ntfs3: loop1: ntfs_evict_inode r=5 failed, -22. [ 1150.167900][T15029] ntfs3: loop1: Mark volume as dirty due to NTFS errors [ 1151.504561][ T5135] usb 5-1: USB disconnect, device number 35 [ 1151.584573][T16721] loop6: detected capacity change from 0 to 128 [ 1151.802913][T16721] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none. [ 1151.815868][T16721] ext4 filesystem being mounted at /512/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 1151.824707][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1152.153473][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1152.162668][ T6694] EXT4-fs (loop6): unmounting filesystem. [ 1152.307652][T16452] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1153.451679][ T4316] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 1153.641694][ T4316] usb 2-1: Using ep0 maxpacket: 16 [ 1153.651934][ T4316] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 1153.715559][ T4316] usb 2-1: can't read configurations, error -61 [ 1153.829946][T16757] loop4: detected capacity change from 0 to 8 [ 1153.891667][ T4316] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 1154.197410][T16769] tmpfs: Unknown parameter 'fscontext' [ 1154.779108][ T4316] usb 2-1: Using ep0 maxpacket: 16 [ 1154.919151][ T4316] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 1154.937601][ T4316] usb 2-1: can't read configurations, error -61 [ 1154.945471][ T4316] usb usb2-port1: attempt power cycle [ 1155.167488][T16452] device veth0_vlan entered promiscuous mode [ 1155.183664][T16673] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1155.195474][T16673] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1155.207612][T16673] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1155.220924][T16673] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1155.241557][ T4315] usb 4-1: new high-speed USB device number 30 using dummy_hcd [ 1155.252886][T16452] device veth1_vlan entered promiscuous mode [ 1155.260308][T16787] loop6: detected capacity change from 0 to 128 [ 1155.268143][T16673] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1155.281277][T16673] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1155.299830][T16673] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 1155.319909][T16787] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none. [ 1155.326350][T16452] device veth0_macvtap entered promiscuous mode [ 1155.338516][T16452] device veth1_macvtap entered promiscuous mode [ 1155.353618][T16673] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 1155.361644][ T4316] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 1155.397258][T16673] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1155.412597][T16787] ext4 filesystem being mounted at /516/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 1155.435245][ T4316] usb 2-1: device descriptor read/8, error -71 [ 1155.441520][ T4315] usb 4-1: Using ep0 maxpacket: 8 [ 1155.444504][ T4315] usb 4-1: config 179 has an invalid interface number: 65 but max is 0 [ 1155.458614][ T4315] usb 4-1: config 179 has an invalid descriptor of length 0, skipping remainder of the config [ 1155.468066][T16673] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1155.479236][ T4315] usb 4-1: config 179 has no interface number 0 [ 1155.485751][ T4315] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 63, changing to 9 [ 1155.520324][ T4315] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 57605, setting to 1024 [ 1155.537507][T16673] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 1155.575818][ T4315] usb 4-1: config 179 interface 65 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 23 [ 1155.579132][T16452] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1155.619506][ T4315] usb 4-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00 [ 1155.631523][T16452] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1155.641406][ T4315] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1155.666046][T16452] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1155.696316][T16452] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1155.718609][T16452] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1155.745913][T16452] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1155.790338][T16452] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1155.850152][T16452] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1156.903263][T16452] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1157.277164][ T6694] EXT4-fs (loop6): unmounting filesystem. [ 1157.309376][T16673] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1157.326390][T16673] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1157.353125][T16673] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1157.421132][T16452] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1157.455441][T16452] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1157.488248][T16452] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1157.530535][T16452] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1157.557127][T16452] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1157.585436][T16452] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1157.607926][T16452] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1157.627086][T16452] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1157.645938][T16452] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1157.662273][T16673] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1157.676516][T16673] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1157.708300][T16452] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1157.729500][T16452] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1157.763543][T16452] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1157.778924][T16452] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1157.941277][ T5107] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1157.962127][ T5107] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1158.000410][ T7013] usb 4-1: USB disconnect, device number 30 [ 1158.038375][ T5107] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 1158.120918][T16673] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1158.157700][T16673] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1158.297214][T16821] loop1: detected capacity change from 0 to 4096 [ 1158.901339][ T9321] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 1158.966901][T16822] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1159.202761][T16831] vivid-007: disconnect [ 1159.923876][T16827] vivid-007: reconnect [ 1160.827048][ T7013] usb 5-1: new high-speed USB device number 36 using dummy_hcd [ 1161.022273][ T7013] usb 5-1: Using ep0 maxpacket: 16 [ 1161.034149][ T7013] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 1161.054116][ T7013] usb 5-1: can't read configurations, error -61 [ 1161.354565][ T7013] usb 5-1: new high-speed USB device number 37 using dummy_hcd [ 1162.051615][ T7013] usb 5-1: Using ep0 maxpacket: 16 [ 1162.058812][ T7013] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 1162.091546][ T7013] usb 5-1: can't read configurations, error -61 [ 1162.111812][ T7013] usb usb5-port1: attempt power cycle [ 1162.411724][ T4315] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 1162.531523][ T7013] usb 5-1: new high-speed USB device number 38 using dummy_hcd [ 1162.579250][ T7013] usb 5-1: Using ep0 maxpacket: 16 [ 1162.587401][ T7013] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 1162.601513][ T4315] usb 2-1: Using ep0 maxpacket: 8 [ 1162.608233][ T4315] usb 2-1: config 179 has an invalid interface number: 65 but max is 0 [ 1162.784485][T16881] loop7: detected capacity change from 0 to 4096 [ 1163.356489][T16882] NILFS (loop7): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1163.369809][ T7013] usb 5-1: can't read configurations, error -61 [ 1163.381771][ T4315] usb 2-1: config 179 has an invalid descriptor of length 0, skipping remainder of the config [ 1163.504602][ T4315] usb 2-1: config 179 has no interface number 0 [ 1163.510906][ T4315] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 63, changing to 9 [ 1163.523174][ T4315] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 57605, setting to 1024 [ 1163.549919][ T4315] usb 2-1: config 179 interface 65 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 23 [ 1163.666053][T16893] tmpfs: Unknown parameter 'fscontext' [ 1163.761594][ T7013] usb 5-1: new high-speed USB device number 39 using dummy_hcd [ 1164.355246][ T4315] usb 2-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00 [ 1164.418331][ T4315] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1164.521664][ T7013] usb 5-1: device not accepting address 39, error -71 [ 1164.561809][ T7013] usb usb5-port1: unable to enumerate USB device [ 1167.413285][T16943] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3157'. [ 1167.495363][ T7013] usb 2-1: USB disconnect, device number 18 [ 1167.523612][T16943] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3157'. [ 1167.747849][T16944] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3157'. [ 1167.899822][T16944] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3157'. [ 1168.251617][T16964] vivid-007: disconnect [ 1168.973263][T16960] vivid-007: reconnect [ 1169.078859][T16969] loop6: detected capacity change from 0 to 128 [ 1169.103814][T16969] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none. [ 1169.363180][T16969] ext4 filesystem being mounted at /525/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 1169.593806][ T6694] EXT4-fs (loop6): unmounting filesystem. [ 1169.601114][T16976] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3165'. [ 1172.417981][T17013] loop3: detected capacity change from 0 to 4096 [ 1172.426782][T17013] ntfs3: loop3: ino=3, Correct links count -> 2. [ 1173.894066][T17041] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3180'. [ 1175.617576][T17062] loop3: detected capacity change from 0 to 128 [ 1175.858379][T17062] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 1175.957994][T17062] ext4 filesystem being mounted at /49/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 1176.054801][T17079] tmpfs: Unknown parameter 'fscontext' [ 1177.136201][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 1177.738199][T15801] EXT4-fs (loop3): unmounting filesystem. [ 1177.860654][T17093] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3194'. [ 1179.958341][T17141] loop3: detected capacity change from 0 to 128 [ 1180.021968][T17141] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 1180.047073][T17141] ext4 filesystem being mounted at /51/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 1180.184128][T15801] EXT4-fs (loop3): unmounting filesystem. [ 1181.433205][T17164] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3212'. [ 1181.554764][T17165] loop4: detected capacity change from 0 to 4096 [ 1181.605608][T17169] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1181.826369][T17177] vivid-007: disconnect [ 1182.521971][T17130] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 1182.555751][T17172] vivid-007: reconnect [ 1182.869749][T17185] loop3: detected capacity change from 0 to 128 [ 1183.112053][T17185] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 1183.154511][T17185] ext4 filesystem being mounted at /57/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 1183.971698][T17206] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3223'. [ 1184.535568][T17210] loop4: detected capacity change from 0 to 8 [ 1184.644712][T15801] EXT4-fs (loop3): unmounting filesystem. [ 1184.736372][T17215] netlink: 24 bytes leftover after parsing attributes in process `syz.7.3228'. [ 1185.305431][T17226] vivid-007: disconnect [ 1185.543897][T17239] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3231'. [ 1185.662478][T17221] vivid-007: reconnect [ 1188.233805][T17276] loop7: detected capacity change from 0 to 8 [ 1188.902899][T17297] vivid-007: disconnect [ 1189.388656][T17290] vivid-007: reconnect [ 1190.816924][T17316] ------------[ cut here ]------------ [ 1190.822658][T17316] WARNING: CPU: 1 PID: 17316 at arch/x86/kvm/x86.c:11259 kvm_arch_vcpu_ioctl_run+0x1e9e/0x2390 [ 1190.833080][T17316] Modules linked in: [ 1190.837001][T17316] CPU: 1 PID: 17316 Comm: syz.6.3251 Not tainted syzkaller #0 [ 1190.844518][T17316] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1190.854626][T17316] RIP: 0010:kvm_arch_vcpu_ioctl_run+0x1e9e/0x2390 [ 1190.861069][T17316] Code: e8 47 4e c3 00 e9 4e ef ff ff 44 89 f9 80 e1 07 38 c1 0f 8c db e5 ff ff 4c 89 ff e8 0c 4e c3 00 e9 ce e5 ff ff e8 32 63 72 00 <0f> 0b e9 da fc ff ff 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c ae eb [ 1190.880752][T17316] RSP: 0018:ffffc90004807c48 EFLAGS: 00010287 [ 1190.886876][T17316] RAX: ffffffff81100f7e RBX: ffff888066388000 RCX: 0000000000080000 [ 1190.894899][T17316] RDX: ffffc9001018d000 RSI: 00000000000003bf RDI: 00000000000003c0 [ 1190.902920][T17316] RBP: ffff888064037000 R08: dffffc0000000000 R09: 1ffffffff215ec6e [ 1190.910910][T17316] R10: dffffc0000000000 R11: fffffbfff215ec6f R12: ffff8880663882f4 [ 1190.918936][T17316] R13: ffff8880663880d8 R14: dffffc0000000000 R15: 0000000000000000 [ 1190.926960][T17316] FS: 00007f4eb2bae6c0(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 [ 1190.935960][T17316] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1190.942632][T17316] CR2: 000000110c321766 CR3: 000000002ede8000 CR4: 00000000003526e0 [ 1190.950628][T17316] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1190.958660][T17316] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1190.966686][T17316] Call Trace: [ 1190.969990][T17316] [ 1190.972966][T17316] ? mutex_lock_nested+0x10/0x10 [ 1190.977937][T17316] ? kvm_arch_vcpu_ioctl_run+0x139/0x2390 [ 1190.983725][T17316] kvm_vcpu_ioctl+0x8f7/0xc10 [ 1190.988433][T17316] ? xa_release+0x50/0x50 [ 1190.992828][T17316] ? __fget_files+0x28/0x4b0 [ 1190.997450][T17316] ? __fget_files+0x28/0x4b0 [ 1191.002082][T17316] ? bpf_lsm_file_ioctl+0x5/0x10 [ 1191.007010][T17316] ? security_file_ioctl+0x7c/0xa0 [ 1191.012136][T17316] ? xa_release+0x50/0x50 [ 1191.016469][T17316] __se_sys_ioctl+0xfa/0x170 [ 1191.021061][T17316] do_syscall_64+0x4c/0xa0 [ 1191.025490][T17316] ? clear_bhb_loop+0x60/0xb0 [ 1191.030152][T17316] ? clear_bhb_loop+0x60/0xb0 [ 1191.034861][T17316] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1191.040777][T17316] RIP: 0033:0x7f4eb1d9c799 [ 1191.045248][T17316] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1191.064885][T17316] RSP: 002b:00007f4eb2bae028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1191.073337][T17316] RAX: ffffffffffffffda RBX: 00007f4eb2015fa0 RCX: 00007f4eb1d9c799 [ 1191.081324][T17316] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 1191.089328][T17316] RBP: 00007f4eb1e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1191.097327][T17316] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1191.105343][T17316] R13: 00007f4eb2016038 R14: 00007f4eb2015fa0 R15: 00007fff4138b368 [ 1191.113384][T17316] [ 1191.116416][T17316] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 1191.123687][T17316] CPU: 1 PID: 17316 Comm: syz.6.3251 Not tainted syzkaller #0 [ 1191.131130][T17316] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1191.141172][T17316] Call Trace: [ 1191.144437][T17316] [ 1191.147357][T17316] dump_stack_lvl+0x188/0x24e [ 1191.152030][T17316] ? memcpy+0x3c/0x60 [ 1191.155998][T17316] ? show_regs_print_info+0x12/0x12 [ 1191.161192][T17316] ? load_image+0x400/0x400 [ 1191.165697][T17316] panic+0x2e5/0x730 [ 1191.169588][T17316] ? bpf_jit_dump+0xd0/0xd0 [ 1191.174094][T17316] __warn+0x2f8/0x4f0 [ 1191.178066][T17316] ? kvm_arch_vcpu_ioctl_run+0x1e9e/0x2390 [ 1191.183867][T17316] ? kvm_arch_vcpu_ioctl_run+0x1e9e/0x2390 [ 1191.189662][T17316] report_bug+0x2ba/0x4f0 [ 1191.193984][T17316] ? kvm_arch_vcpu_ioctl_run+0x1e9e/0x2390 [ 1191.199784][T17316] handle_bug+0x3a/0x70 [ 1191.203931][T17316] exc_invalid_op+0x16/0x40 [ 1191.208442][T17316] asm_exc_invalid_op+0x16/0x20 [ 1191.213283][T17316] RIP: 0010:kvm_arch_vcpu_ioctl_run+0x1e9e/0x2390 [ 1191.219718][T17316] Code: e8 47 4e c3 00 e9 4e ef ff ff 44 89 f9 80 e1 07 38 c1 0f 8c db e5 ff ff 4c 89 ff e8 0c 4e c3 00 e9 ce e5 ff ff e8 32 63 72 00 <0f> 0b e9 da fc ff ff 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c ae eb [ 1191.239326][T17316] RSP: 0018:ffffc90004807c48 EFLAGS: 00010287 [ 1191.245387][T17316] RAX: ffffffff81100f7e RBX: ffff888066388000 RCX: 0000000000080000 [ 1191.253351][T17316] RDX: ffffc9001018d000 RSI: 00000000000003bf RDI: 00000000000003c0 [ 1191.261314][T17316] RBP: ffff888064037000 R08: dffffc0000000000 R09: 1ffffffff215ec6e [ 1191.269273][T17316] R10: dffffc0000000000 R11: fffffbfff215ec6f R12: ffff8880663882f4 [ 1191.277234][T17316] R13: ffff8880663880d8 R14: dffffc0000000000 R15: 0000000000000000 [ 1191.285199][T17316] ? kvm_arch_vcpu_ioctl_run+0x1e9e/0x2390 [ 1191.291004][T17316] ? kvm_arch_vcpu_ioctl_run+0x1e9e/0x2390 [ 1191.296803][T17316] ? mutex_lock_nested+0x10/0x10 [ 1191.301758][T17316] ? kvm_arch_vcpu_ioctl_run+0x139/0x2390 [ 1191.307506][T17316] kvm_vcpu_ioctl+0x8f7/0xc10 [ 1191.312188][T17316] ? xa_release+0x50/0x50 [ 1191.316521][T17316] ? __fget_files+0x28/0x4b0 [ 1191.321105][T17316] ? __fget_files+0x28/0x4b0 [ 1191.325720][T17316] ? bpf_lsm_file_ioctl+0x5/0x10 [ 1191.330652][T17316] ? security_file_ioctl+0x7c/0xa0 [ 1191.335787][T17316] ? xa_release+0x50/0x50 [ 1191.340104][T17316] __se_sys_ioctl+0xfa/0x170 [ 1191.344717][T17316] do_syscall_64+0x4c/0xa0 [ 1191.349126][T17316] ? clear_bhb_loop+0x60/0xb0 [ 1191.353800][T17316] ? clear_bhb_loop+0x60/0xb0 [ 1191.358471][T17316] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1191.364353][T17316] RIP: 0033:0x7f4eb1d9c799 [ 1191.368755][T17316] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1191.388352][T17316] RSP: 002b:00007f4eb2bae028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1191.396757][T17316] RAX: ffffffffffffffda RBX: 00007f4eb2015fa0 RCX: 00007f4eb1d9c799 [ 1191.404719][T17316] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 1191.412679][T17316] RBP: 00007f4eb1e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1191.420640][T17316] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1191.428600][T17316] R13: 00007f4eb2016038 R14: 00007f4eb2015fa0 R15: 00007fff4138b368 [ 1191.436573][T17316] [ 1191.439952][T17316] Kernel Offset: disabled [ 1191.444340][T17316] Rebooting in 86400 seconds..