last executing test programs: 2m23.380329028s ago: executing program 2 (id=24): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet6_int(r0, 0x29, 0x19, 0x0, &(0x7f0000000100)) 2m22.985911398s ago: executing program 2 (id=27): bpf$BPF_LINK_CREATE(0x8, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff, 0x22, 0x0, @val=@tcx}, 0x1c) 2m22.384443902s ago: executing program 2 (id=29): symlink(&(0x7f0000001640)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/../file0\x00', &(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') setxattr$security_capability(&(0x7f0000001a00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/../file0\x00', &(0x7f0000000380), 0x0, 0x0, 0x1) 2m21.996517252s ago: executing program 2 (id=32): syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000100)={[{@errors_remount}, {@discard}, {@time_offset={'time_offset', 0x3d, 0x2}}, {@errors_remount}, {@keep_last_dots}, {@gid}, {@zero_size_dir}, {@time_offset={'time_offset', 0x3d, 0x6}}, {@umask={'umask', 0x3d, 0x3ff}}, {@zero_size_dir}]}, 0x1, 0x1534, &(0x7f0000000380)="$eJzs3AucTtX6OPDnWWvtMSbpbZLLsNZ6Nm8SyyRJLklySZIkSXJLSJrkSEJiyC1pSJJch+QyhOQyMWnc7/dLQpI0SRKSW7L+H8Vfnep3zvmdfjmfM8/383k/1jNrP2s/+33ey94b83WnwdUb1qhSn4jg34I//5EMALEA0B8ArgKAAADKxJeJPz+fU2Lyv7cT9ud6MO1yV8AuJ+5/9sb9z964/9kb9z974/5nb9z/7I37n71x/xnLzjZOLXA1P7Lvg+////er+4cz/P3/XySr5OjPV5e8tjNAzD+bwv3P3rj//7WCf2Yj7n/2xv3PrmIvdwHsPwC//7ODHH84w/3P3rj/jGVnl/v+8+V+QCR7PweX+/XHGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYYyx7OOUvUQBwcXy562KMMcYYY4wxxtifx+e43BUwxhhjjDHGGGPs/x6CAAkKAoiBHBALOSEOBABcCbnhKojA1RAP10AeuBbyQj7IDwUgAQpCIdBgwAJBCIWhCEThOigK10MxuAGKQwlwUBIS4UYoBTdBabgZysAtUBZuhXJQHipARbgNKsHtUBnugCpwJ1SFalAdasBdUBPuhlpwD9SGe6EO3Ad14X6oBw9AfXgQGsBD0BAehkbwCDSGJtAUmkHz/1X+89ANXoDu0AOSoSf0ghehN/SBvtAP+sNLMABehoHwCqTAIBgMr8IQeA2GwuswDN6A4fAmjICRMApGwxgYC6kwDsbDWzAB3oaJMAkmwxRIg6kwDd6B6TADZsK7MAveg9kwB+bCPEiH92E+LIAM+AAWwoeQCYtgMSyBpbAMlsMKWAmrYDWsgbWwDtbDBtgIm2AzbIGtsA22w0ewAz6GnbALdsMnsAc+/RfzT/5dfmcEBBQoUKHCGIzBWIzFOIzDXJgLc2NujGAE4zEe82AezIt5MT/mxwRMwEJYCA0aJCQsjIUxilEsikWxGBbD4lgcHTpMxEQshTdhaSyNZbAMlsWyWA7LY3msiBWxElbCylgZq2AVrIpVsTpWx7vwLuyJtbAW1sbaWAfrXLw9hfWxPjbABtgQG2IjbISNsTE2xabYHJtjC2yBLbEltsbW2AbbYFtsi0mYhO2wHbbH9tgBO2BH7IidsBN2xi7YJev5HIAv4AvYA6uKntgLe2FvTMnRF/thP3wJB+DL+DK+gik4CAfjq/gqvoZD8QQOwzdwOA7HSmIkjsLRSGIspmIqjsfxOAEn4ESchJNwCqbhVJyG03A6zsAZ+C7OwvfwPZyDc3AepmM6zscFmIEZuBBPYiYuwsW4BJfiMlyKK3AlrsDVuAZX4zpchxtwA27CTbgFt+A23AYfoQLAj3EX7sIU3IN7cC/uxX24D/fjfszCLDyAB/AgHsRDeAgP42E8gkfxGB7F43gcT+BJPIWn8AyewbP4bMKXDT66YVUKiPOUUCJGxIhYESviRJzIJXKJ3CK3iIiIiBfxIo/II/KKvCK/yC8SRIIoJAoJI4wgEcYAgIiKqCgqiopiopgoLooLJ5xIFImilCglSovSooy4RZQVt4pyorxo5SqKiqKSaO0qiztEFVFFVBXVRHVRQ9QQNUVNUUvUErVFbVFH1BF1xf2inuiJffFBcb4zDcUgbCQGY2PRRMgLn2AtxFBsKVqJ1uJx8QYOw7aihUsST4l2YhS2F38To/EZ0VGMxU7iOdFZdBFdxfOim2jpuoseYiL2FL3EFOwt+oi+op+YjtXEuzgrZ3XxikgRg8Rg8aqYh6+JoeJ1MeynI31TjBAjxSgxWowRY0WqGCfGi7fEBPG2mCgmicliikgTU8U08Y6YLmaImeJdMUu8J2aLOWKumCfSxftivlggMsQHYqH4UGSKRWKxWCKWimViuVghVopVYrVYI9aKdWK92CA2ik1is9gitoptYrv4SOwQH4udYpfYLT4Re8SnYq/4TOwTn4v94guRJb4UB8RX4qD4WhwS34jD4ltxRBwVx8R34rj4XpwQJ8UpcVqcET+Is+JHcU54ARKlkFIqGcgYmUPGypwyTl4hc8ngwrN7tYyX18g88lqZV+aT+WUBmSALykJSSyOtJBnKwrKIjMrrZFF5vSwmb5DFZQnpZEmZKG+UpeRNsrS8WZaRt8iy8lZZTpaXFWRFeZusJG+XEPl5H1VlNVld1pB3yWS4W9aS98ja8l5ZR94n68r7ZT35gKwvH5QN5EOyoXxYNpKPyMayiWwqm8nm8lHZQj4mW8pWsrV8XLaRT8i28kmZJJ+S7aS/8BJ5RnaUz8pO8jnZWXaRXeWP8pz0srvsIaEnyF7yRdlb9pF9ZT/ZX74kB8iX5UD5ikyRg+Rg+aocIl+TQ+Xrcph8Qw6Xb8oRcqQcJUfLMXKsTJXj5Hj5lpwg35YT5SQ5WU6RaXKq7HthpZlS/sP8t34nf+BPe98gN8pNcrPcIrfKbXK7/EjukDvkTrlT7pa75R65R+6Ve+U+uU/ul/tllsySB+QBeVAelIfkIXlYHpZH5FF5Wn4nj8vv5Ql5Up6Up+UZeUaevfAcgEIllFRKBSpG5VCxKqeKU1eoXOpKlVtdpSLqahWvrlF51LUqr8qn8qsCKkEVVIWUVkZZRSpUhVURFVXX4YUXjCquSiinSqpEdeO/kq+KqutVMXXDr/Iv1pf8B/U1V81VC9VCtVQtVWvVWrVRbVRb1VYlqSTVTrVT7VV71UF1UB1VR9VJdVKdVWfVVXVV3VQ31V11V8kqWfVSL6reqo/qq/qp/uolNUANUAPVQJWiUtRgNVgNUUPUUDVUDVPD1HA1XI1QI9QoNUqNUWNUqkpV49V4NUFNUBPVRDVZTVZpKk1NU9PUdDVdzVQz1Sw1S81Ws9VcNVelq3Q1X81XGSpDLVQLVaZapBapJWqJWqaWqRVqhVqlVqk1ao1ap9apTLVRbVSb1Wa1VW1V29V2tUPtUDvVTrVb7VZ71B61V+1V+9Q+tV/tV1kqSx1QB9RBdVAdUofUYXVYHVFH1DF1TB1Xx9UJdUKdUqfUGXVGnVVn1Tl17vxpXyACEahABTFBTBAbxAZxQVyQK8gV5A5yB5EgEsQH8UGe4Nogb5AvyB8UCBKCgkGhQAcmsIG40PRocF1QNLg+KBbcEBQPSgQuKBkkBjcGpYKbgtLBzUGZ4JagbHBrUC4oH1QIKga3BZWC24PKwR1BleDOoGpQLage1AjuCmoGdwe1gnuC2sG9QZ3gvqBucH9QL3ggqB88GDQIHgoaBg8HjYJHgsZBk6Bp0Cxo/qeu7/2JfI+57rqHTtY9dS/9ou6t++i+up/ur1/SA/TLeqB+RafoQXqwflUP0a/pofp1PUy/oYfrN/UIPVKP0qP1GD1Wp+pxerx+S0/Qb+uJepKerKfoND1VT9Pv6Ol6hp6p39Wz9Ht6tp6j5+p5Ol2/r+frBTpDf6AX6g91pl6kF+sleqleppfrFXqlXqVX6zV6rV6n1+sNeqPepDfrLXqr3qa364/0Dv2x3ql36d36E71Hf6r36s/0Pv253q+/0Fn6S31Af6UP6q/1If2NPqy/1Uf0UX1Mf6eP6+/1CX1Sn9Kn9Rn9gz6rf9TntD9/cn/+690oo0yMiTGxJtbEmTiTy+QyuU1uEzERE2/iTR6Tx+Q1eU1+k98kmARTyBQy55EhU9gUNlETNUVNUVPMFDPFTXHjjDOJJtGUMqVMaVPalDFlTFlT1pQz5UwFU8HcZm4zt5vbzR3mDnOnudNUM9VMDVPD1DQ1TS1Ty9Q2tU0dU8fUNXVNPVPP1Df1TQPTwDQ0DU0j08g0No1NU9PUNDfNTQvTwrQ0LU1r09q0MW1MW9PWJJkk0860M+1Ne9PBdDAdTUfTyXQynU1n09V0Nd1MN9PddDfJJtn0Mr1Mb9Pb9DV9TX/T3wwwA8xAM9CkmBQz2Aw2Q8wQM9QMNcPMG2b4+RNVM9KMMqPNGDPWpJpUM96MNxPMBDPRTDSTzWSTZtLMNDPNTDfTzUwz08wys8xsM9vMNXNNukk38818k2EyzEKz0GSaTLPYLDZLzVKz3Cw3K81Ks9qsNmthrVlv1puNZqPZbDabrWar2W62mx1mh9lpdprdZrfZY/aYvWav2Wf2mf1mv8kyWeaAOWAOmoPmkDlkDpvD5og5Yo6ZY+a4OW5OmBPmlDllzph8F74vvYm1OW2cvcLmslfa3PYq+/dxflvAJtiCtpDVNq/N96vYWGuL2RtscVvCOlvSJtobfxOXs+VtBVvR3mYr2dtt5d/ENe3dtpa9x9a299oa9q5fxXXsfbaufdjWQwSwTWwD28w2tA/bRvYR29g2sU1tM9vGPmHb2idtkn3KtrNP/yaebxfYlXaVXW3X2J12lz1lT9uD9mt7xv5gu9setr99yQ6wL9uB9hWbYgf9Jh5u37Qj7Eg7yo62Y+zY38ST7RSbZqfaafYdO93O+E2cbt+3s2yGnW3n2Ll23k/x+Zoy7Ad2of3QZtoAFtsldqldZpfbFf+/1iV2nV1vN9gd9mO72W6xW+02u/3iibDdZXfbT+we+6k9YL+y++zndr89ZLPslz/F54/vkP3GHrbf2iP2qD1mv7PH7ffqp9yRvQHsD/Y7+6M9Z70FQgKSpCigGMpBsZST4ugKykVXUm66iiJ0NcXTNZSHrqW8lI/yUwFKoIJUiDQZskQUUmEqQlG6ji6WV5xKkKOSlEg3Uim6iUrTzVSGbqGydCuVo/JUgSrSbVSJbqfKdAdVoTupKlWj6lSD7qKadDfVonuoNt1Ldeg+qkv3Uz16gOrTg9SAHqKG9DA1okeoMTWhptSMmtOj1IIeo5bUilrT49SGnqC29CQl0VPUjp6m9vQ36kDPUEd6ljrRc9SZulBXep660QvUnXpQMvWkXvQi9aY+1Jf6UX96iQbQyzSQXqEUGkSD6VUaQq/RUHqdhtEbNJzepBE0kkbRaBpDYymVxtF4eosm0Ns0kSbRZJpCaTSVptE7NJ1m0Ex6l2bRezSb5tBcmkfp9D7NpwWUQR/QQvqQMmkRLaYltJSW0XJaQStpFa2mNbSW1tF62kAbaRNtpi20lbbRdvqIdtDHtJN20W76hPbQp7SXPqN99Dntpy8oi76kA/QVHaSv6RB943vQt3SEjtIx+o6O0/d0gk7SKTpNZ+gHOks/0jnyBCGGIpShCoMwJswRxoY5w7jwijBXeGWYO7wqjIRXh/HhNWGe8Nowb5gvzB8WCBPCgmGhUIcmtCGFYVg4LBJGw+vCouH1YbEQw+JhidCFJcPE8MawVHhTWDq8OSwT3hKWDW8Ny4Xlw4fvrRjeFlYKbw8rh3eEVcI7w6phtbB6WCO8K6wZ3h3WCu8Ja4f3hqXD+8K64f1hvfCBsH74YNggfChsGD4cNgofCRuHTcKmYbOwefho2CJ8LGwZtgpbh4+HbcInwrbhk2FS+FTYLnz6p/n7FvzxfHLYM+wVvhi+GHp/j5wbnRdNj74fnR9dEM2IfhBdGP0wmhldFF0cXRJdGl0WXR5dEV0ZXRVdHV0TXRtdF10f3RD1vkYOcOiEk065wMW4HC7W5XRx7gqXy13pcrurXMRd7eLdNS6Pu9bldflcflfAJbiCrpDTzjjryIWusCviou46V9Rd74q5G1xxV8I5V9IlumauuWvuWrjHXEvXyrV2j7vH3RPuCfeke9I95dq5p1179zfXwT3jOrpn3bPuOdfZdXFd3fOumxuX++f3ZLLr5Xq53q636+v6uv6uvxvgBriBbqBLcSlusBvshrghbqgb6oa5YW64G+5GuBFulBvlxrgxLtWluvFuvJvgJriJbqKb7Ca7NJfmprlpbrqb7irN+Hkvs91sN9fNdeku3c13588ZM9xCt9Bluky32C12S91St9wtdyvdSrfarXZr3Vq33q13G91Gt9ltdlvdVrfdbXc73A6301/186Juj9vr9rp9bp/b775wWe5Ld8B95Q66r90h94077L51R9xRd8x95467790Jd9KdcqfdGfeDO+t+dOecd6mRcZHxkbciEyJvRyZGJkUmR6ZE0iJTI9Mi70SmR2ZEZkbejcyKvBeZHZkTmRuZF0mPvB+ZH1kQyYh8EFkY+TCSGVkUWRxZElkaWRbxvuDm0Bf2RXzUX+eL+ut9MX+DL+5LeOdL+kR/oy/lb/Kl/c2+jL/Fl/W3+nK+vK/gH/GNfRPf1Dfzzf2jvoV/zLf0rXxr/7hv45/wbf2TPsk/5dv5p317/zffwT/jO/pnfSf/nO/su/iu/nnfzb/gu/sePtn39L38i7637+P7+n6+v3/JD/Av+4H+FZ/iB/nB/lU/xL/mh/rX/TD/hh8e86YfcfESGcb6VD/Oj/dv+Qn+bT/RT/KT/RSf5qf6af4dP93P8DP9u36Wf8/P9nP8XD/Pp/v3/Xy/wGf4D/xC/6HP9Isu3lT2y/0Kv9Kv8qv9Gr/Wr/Pr/Qa/0W/ym/0Wv9Vv89v9R36H/9jv9Lv8bv+J3+M/9Xv9Z36f/9zv91/4LP+lP+C/8gf91/6Q/8Yf9t/6I/6oP+a/88f99/6EP+lP+dP+jP/Bn/U/+nP8f9YYY4wxxv4p4y4Nxa9nfr6d3/N3csQvNu4FAFduKZD1y/nzZ5Rr8/487iMS2kQA4KkenR68+KhaNTk5+cK2mRKCInMALv5N0HkxcCleBK3hCUiCVlDqd+vvI7qcoX+wfvQWgLhf5MTCpfjS+p8BYPLvrP/o48Pnlw1Pxf8P688BKFbkUk5OuBQvgtY/3V9pBaX/oP58LX5Zf+xv18/5eSpAy1/k5IJL8aX6E+ExeBqSfrUlY4wxxhhjjDH2sz6iQoeL158X/8Xn712fJ6hLOTngUvyPrs8ZY4wxxhhjjDF2+T3TpeuTjyYlterwrw8q/6+y/ulBI/i/WvkvGdzxn1HGvzDwHuDiTxQA/JsLApwfyL/yKDb9JftKufDW+fuppad9AP8ZrfwzBpf5g4kxxhhjjDH2p7t00v/rn6vLVRBjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMZYN/RW/TuyX++tx+Q6VMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYu2z+XwAAAP//dMcCKA==") mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x109041, 0x0) mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x81105a, 0x0) mount$bind(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f0000000080)='./file0/file0/file0\x00', 0x0, 0x887008, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') read$FUSE(r0, &(0x7f0000006b40)={0x2020}, 0x206e) 2m20.989808093s ago: executing program 2 (id=35): r0 = socket$inet_tcp(0x2, 0x1, 0x0) mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x1000006, 0x4132, 0xffffffffffffffff, 0x0) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0xfff0) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0)=0xffffffffffffffff, 0x4) sendmmsg$inet(r0, &(0x7f0000000780)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000300)='T', 0xffa6}], 0x1}}, {{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000380)='q', 0x1}], 0x1, &(0x7f0000000600)=ANY=[], 0x158}}], 0x2, 0x4048841) 2m20.119588969s ago: executing program 2 (id=38): openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000002c0)={'ipvlan0\x00'}) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0) syz_usb_connect(0x0, 0x5f, 0x0, 0x0) r3 = openat$cuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$FUSE_NOTIFY_DELETE(r3, &(0x7f0000000200)=ANY=[@ANYBLOB="45000000060000000000000000000f00050000040000000003000000000000001c0000000000"], 0x45) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0xd2e, &(0x7f00000000c0)) msgctl$IPC_INFO(0x0, 0x3, &(0x7f0000000200)=""/112) socket$inet6_tcp(0xa, 0x1, 0x0) r4 = syz_io_uring_setup(0x74d, &(0x7f0000000100)={0x0, 0x59c4, 0x8, 0x1000, 0x5cc}, &(0x7f0000000300)=0x0, &(0x7f0000000080)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) r7 = socket$nl_generic(0x10, 0x3, 0x10) syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x50, 0x0, r7, 0x0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)=[{0x0}, {0x0}], 0x2}, 0x0, 0x0, 0x1}) io_uring_enter(r4, 0x749f, 0x4, 0x0, 0x0, 0xfffffffffffffef5) 2m18.081049759s ago: executing program 32 (id=38): openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000002c0)={'ipvlan0\x00'}) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0) syz_usb_connect(0x0, 0x5f, 0x0, 0x0) r3 = openat$cuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$FUSE_NOTIFY_DELETE(r3, &(0x7f0000000200)=ANY=[@ANYBLOB="45000000060000000000000000000f00050000040000000003000000000000001c0000000000"], 0x45) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0xd2e, &(0x7f00000000c0)) msgctl$IPC_INFO(0x0, 0x3, &(0x7f0000000200)=""/112) socket$inet6_tcp(0xa, 0x1, 0x0) r4 = syz_io_uring_setup(0x74d, &(0x7f0000000100)={0x0, 0x59c4, 0x8, 0x1000, 0x5cc}, &(0x7f0000000300)=0x0, &(0x7f0000000080)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) r7 = socket$nl_generic(0x10, 0x3, 0x10) syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x50, 0x0, r7, 0x0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)=[{0x0}, {0x0}], 0x2}, 0x0, 0x0, 0x1}) io_uring_enter(r4, 0x749f, 0x4, 0x0, 0x0, 0xfffffffffffffef5) 1m59.756684266s ago: executing program 1 (id=98): creat(&(0x7f0000000040)='./file0\x00', 0x0) write$P9_RVERSION(0xffffffffffffffff, &(0x7f00000002c0)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030"], 0x15) r0 = dup(0xffffffffffffffff) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="5300000007000046009d40", @ANYBLOB="fe4cecb210bc09"], 0x53) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180), 0x800000, &(0x7f0000019200)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX=r0]) 1m59.425058301s ago: executing program 1 (id=100): r0 = syz_open_procfs(0x0, &(0x7f0000000140)='net/ipv6_route\x00') preadv(r0, &(0x7f0000000080)=[{&(0x7f0000000240)=""/135, 0x87}], 0x1, 0x1fe, 0x7) 1m59.044644798s ago: executing program 1 (id=102): r0 = socket$nl_route(0x10, 0x3, 0x0) syz_usb_connect(0x5, 0xf4, &(0x7f0000000700)=ANY=[@ANYBLOB="120110014c306f10da0b38011230010203010902e20002a60000000904b10403d7b5d25b09210400020122c705090500100004f40804072501832f08000905000040008103ff0905091b08000c078009042201040e010003090509000000030004090502020002f7810671300c458e9532438d4aae3ef0c9bf5c520b1aaab11a8cae9a60c3160adc1dfedebf5a6ead8834c7780c2eb777ef0caf96cd8b3b77f357f4aa1b662ab40651e6ae8cc63dd9f6e2d24afaed81a927ca2e0354281cfeffffffffffffffbf09aac591308e5c0c3c419bb288a21890e1af4af409050303ff030840040705a6c6415a9f09058503"], 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x60}, 0x1, 0x0, 0x0, 0x20004040}, 0x54) 1m56.736775995s ago: executing program 1 (id=106): syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000100)={[{@errors_remount}, {@discard}, {@time_offset={'time_offset', 0x3d, 0x2}}, {@errors_remount}, {@keep_last_dots}, {@gid}, {@zero_size_dir}, {@time_offset={'time_offset', 0x3d, 0x6}}, {@umask={'umask', 0x3d, 0x3ff}}, {@zero_size_dir}]}, 0x1, 0x1534, &(0x7f0000000380)="$eJzs3AucTtX6OPDnWWvtMSbpbZLLsNZ6Nm8SyyRJLklySZIkSXJLSJrkSEJiyC1pSJJch+QyhOQyMWnc7/dLQpI0SRKSW7L+H8Vfnep3zvmdfjmfM8/383k/1jNrP2s/+33ey94b83WnwdUb1qhSn4jg34I//5EMALEA0B8ArgKAAADKxJeJPz+fU2Lyv7cT9ud6MO1yV8AuJ+5/9sb9z964/9kb9z974/5nb9z/7I37n71x/xnLzjZOLXA1P7Lvg+////er+4cz/P3/XySr5OjPV5e8tjNAzD+bwv3P3rj//7WCf2Yj7n/2xv3PrmIvdwHsPwC//7ODHH84w/3P3rj/jGVnl/v+8+V+QCR7PweX+/XHGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYYyx7OOUvUQBwcXy562KMMcYYY4wxxtifx+e43BUwxhhjjDHGGGPs/x6CAAkKAoiBHBALOSEOBABcCbnhKojA1RAP10AeuBbyQj7IDwUgAQpCIdBgwAJBCIWhCEThOigK10MxuAGKQwlwUBIS4UYoBTdBabgZysAtUBZuhXJQHipARbgNKsHtUBnugCpwJ1SFalAdasBdUBPuhlpwD9SGe6EO3Ad14X6oBw9AfXgQGsBD0BAehkbwCDSGJtAUmkHz/1X+89ANXoDu0AOSoSf0ghehN/SBvtAP+sNLMABehoHwCqTAIBgMr8IQeA2GwuswDN6A4fAmjICRMApGwxgYC6kwDsbDWzAB3oaJMAkmwxRIg6kwDd6B6TADZsK7MAveg9kwB+bCPEiH92E+LIAM+AAWwoeQCYtgMSyBpbAMlsMKWAmrYDWsgbWwDtbDBtgIm2AzbIGtsA22w0ewAz6GnbALdsMnsAc+/RfzT/5dfmcEBBQoUKHCGIzBWIzFOIzDXJgLc2NujGAE4zEe82AezIt5MT/mxwRMwEJYCA0aJCQsjIUxilEsikWxGBbD4lgcHTpMxEQshTdhaSyNZbAMlsWyWA7LY3msiBWxElbCylgZq2AVrIpVsTpWx7vwLuyJtbAW1sbaWAfrXLw9hfWxPjbABtgQG2IjbISNsTE2xabYHJtjC2yBLbEltsbW2AbbYFtsi0mYhO2wHbbH9tgBO2BH7IidsBN2xi7YJev5HIAv4AvYA6uKntgLe2FvTMnRF/thP3wJB+DL+DK+gik4CAfjq/gqvoZD8QQOwzdwOA7HSmIkjsLRSGIspmIqjsfxOAEn4ESchJNwCqbhVJyG03A6zsAZ+C7OwvfwPZyDc3AepmM6zscFmIEZuBBPYiYuwsW4BJfiMlyKK3AlrsDVuAZX4zpchxtwA27CTbgFt+A23AYfoQLAj3EX7sIU3IN7cC/uxX24D/fjfszCLDyAB/AgHsRDeAgP42E8gkfxGB7F43gcT+BJPIWn8AyewbP4bMKXDT66YVUKiPOUUCJGxIhYESviRJzIJXKJ3CK3iIiIiBfxIo/II/KKvCK/yC8SRIIoJAoJI4wgEcYAgIiKqCgqiopiopgoLooLJ5xIFImilCglSovSooy4RZQVt4pyorxo5SqKiqKSaO0qiztEFVFFVBXVRHVRQ9QQNUVNUUvUErVFbVFH1BF1xf2inuiJffFBcb4zDcUgbCQGY2PRRMgLn2AtxFBsKVqJ1uJx8QYOw7aihUsST4l2YhS2F38To/EZ0VGMxU7iOdFZdBFdxfOim2jpuoseYiL2FL3EFOwt+oi+op+YjtXEuzgrZ3XxikgRg8Rg8aqYh6+JoeJ1MeynI31TjBAjxSgxWowRY0WqGCfGi7fEBPG2mCgmicliikgTU8U08Y6YLmaImeJdMUu8J2aLOWKumCfSxftivlggMsQHYqH4UGSKRWKxWCKWimViuVghVopVYrVYI9aKdWK92CA2ik1is9gitoptYrv4SOwQH4udYpfYLT4Re8SnYq/4TOwTn4v94guRJb4UB8RX4qD4WhwS34jD4ltxRBwVx8R34rj4XpwQJ8UpcVqcET+Is+JHcU54ARKlkFIqGcgYmUPGypwyTl4hc8ngwrN7tYyX18g88lqZV+aT+WUBmSALykJSSyOtJBnKwrKIjMrrZFF5vSwmb5DFZQnpZEmZKG+UpeRNsrS8WZaRt8iy8lZZTpaXFWRFeZusJG+XEPl5H1VlNVld1pB3yWS4W9aS98ja8l5ZR94n68r7ZT35gKwvH5QN5EOyoXxYNpKPyMayiWwqm8nm8lHZQj4mW8pWsrV8XLaRT8i28kmZJJ+S7aS/8BJ5RnaUz8pO8jnZWXaRXeWP8pz0srvsIaEnyF7yRdlb9pF9ZT/ZX74kB8iX5UD5ikyRg+Rg+aocIl+TQ+Xrcph8Qw6Xb8oRcqQcJUfLMXKsTJXj5Hj5lpwg35YT5SQ5WU6RaXKq7HthpZlS/sP8t34nf+BPe98gN8pNcrPcIrfKbXK7/EjukDvkTrlT7pa75R65R+6Ve+U+uU/ul/tllsySB+QBeVAelIfkIXlYHpZH5FF5Wn4nj8vv5Ql5Up6Up+UZeUaevfAcgEIllFRKBSpG5VCxKqeKU1eoXOpKlVtdpSLqahWvrlF51LUqr8qn8qsCKkEVVIWUVkZZRSpUhVURFVXX4YUXjCquSiinSqpEdeO/kq+KqutVMXXDr/Iv1pf8B/U1V81VC9VCtVQtVWvVWrVRbVRb1VYlqSTVTrVT7VV71UF1UB1VR9VJdVKdVWfVVXVV3VQ31V11V8kqWfVSL6reqo/qq/qp/uolNUANUAPVQJWiUtRgNVgNUUPUUDVUDVPD1HA1XI1QI9QoNUqNUWNUqkpV49V4NUFNUBPVRDVZTVZpKk1NU9PUdDVdzVQz1Sw1S81Ws9VcNVelq3Q1X81XGSpDLVQLVaZapBapJWqJWqaWqRVqhVqlVqk1ao1ap9apTLVRbVSb1Wa1VW1V29V2tUPtUDvVTrVb7VZ71B61V+1V+9Q+tV/tV1kqSx1QB9RBdVAdUofUYXVYHVFH1DF1TB1Xx9UJdUKdUqfUGXVGnVVn1Tl17vxpXyACEahABTFBTBAbxAZxQVyQK8gV5A5yB5EgEsQH8UGe4Nogb5AvyB8UCBKCgkGhQAcmsIG40PRocF1QNLg+KBbcEBQPSgQuKBkkBjcGpYKbgtLBzUGZ4JagbHBrUC4oH1QIKga3BZWC24PKwR1BleDOoGpQLage1AjuCmoGdwe1gnuC2sG9QZ3gvqBucH9QL3ggqB88GDQIHgoaBg8HjYJHgsZBk6Bp0Cxo/qeu7/2JfI+57rqHTtY9dS/9ou6t++i+up/ur1/SA/TLeqB+RafoQXqwflUP0a/pofp1PUy/oYfrN/UIPVKP0qP1GD1Wp+pxerx+S0/Qb+uJepKerKfoND1VT9Pv6Ol6hp6p39Wz9Ht6tp6j5+p5Ol2/r+frBTpDf6AX6g91pl6kF+sleqleppfrFXqlXqVX6zV6rV6n1+sNeqPepDfrLXqr3qa364/0Dv2x3ql36d36E71Hf6r36s/0Pv253q+/0Fn6S31Af6UP6q/1If2NPqy/1Uf0UX1Mf6eP6+/1CX1Sn9Kn9Rn9gz6rf9TntD9/cn/+690oo0yMiTGxJtbEmTiTy+QyuU1uEzERE2/iTR6Tx+Q1eU1+k98kmARTyBQy55EhU9gUNlETNUVNUVPMFDPFTXHjjDOJJtGUMqVMaVPalDFlTFlT1pQz5UwFU8HcZm4zt5vbzR3mDnOnudNUM9VMDVPD1DQ1TS1Ty9Q2tU0dU8fUNXVNPVPP1Df1TQPTwDQ0DU0j08g0No1NU9PUNDfNTQvTwrQ0LU1r09q0MW1MW9PWJJkk0860M+1Ne9PBdDAdTUfTyXQynU1n09V0Nd1MN9PddDfJJtn0Mr1Mb9Pb9DV9TX/T3wwwA8xAM9CkmBQz2Aw2Q8wQM9QMNcPMG2b4+RNVM9KMMqPNGDPWpJpUM96MNxPMBDPRTDSTzWSTZtLMNDPNTDfTzUwz08wys8xsM9vMNXNNukk38818k2EyzEKz0GSaTLPYLDZLzVKz3Cw3K81Ks9qsNmthrVlv1puNZqPZbDabrWar2W62mx1mh9lpdprdZrfZY/aYvWav2Wf2mf1mv8kyWeaAOWAOmoPmkDlkDpvD5og5Yo6ZY+a4OW5OmBPmlDllzph8F74vvYm1OW2cvcLmslfa3PYq+/dxflvAJtiCtpDVNq/N96vYWGuL2RtscVvCOlvSJtobfxOXs+VtBVvR3mYr2dtt5d/ENe3dtpa9x9a299oa9q5fxXXsfbaufdjWQwSwTWwD28w2tA/bRvYR29g2sU1tM9vGPmHb2idtkn3KtrNP/yaebxfYlXaVXW3X2J12lz1lT9uD9mt7xv5gu9setr99yQ6wL9uB9hWbYgf9Jh5u37Qj7Eg7yo62Y+zY38ST7RSbZqfaafYdO93O+E2cbt+3s2yGnW3n2Ll23k/x+Zoy7Ad2of3QZtoAFtsldqldZpfbFf+/1iV2nV1vN9gd9mO72W6xW+02u/3iibDdZXfbT+we+6k9YL+y++zndr89ZLPslz/F54/vkP3GHrbf2iP2qD1mv7PH7ffqp9yRvQHsD/Y7+6M9Z70FQgKSpCigGMpBsZST4ugKykVXUm66iiJ0NcXTNZSHrqW8lI/yUwFKoIJUiDQZskQUUmEqQlG6ji6WV5xKkKOSlEg3Uim6iUrTzVSGbqGydCuVo/JUgSrSbVSJbqfKdAdVoTupKlWj6lSD7qKadDfVonuoNt1Ldeg+qkv3Uz16gOrTg9SAHqKG9DA1okeoMTWhptSMmtOj1IIeo5bUilrT49SGnqC29CQl0VPUjp6m9vQ36kDPUEd6ljrRc9SZulBXep660QvUnXpQMvWkXvQi9aY+1Jf6UX96iQbQyzSQXqEUGkSD6VUaQq/RUHqdhtEbNJzepBE0kkbRaBpDYymVxtF4eosm0Ns0kSbRZJpCaTSVptE7NJ1m0Ex6l2bRezSb5tBcmkfp9D7NpwWUQR/QQvqQMmkRLaYltJSW0XJaQStpFa2mNbSW1tF62kAbaRNtpi20lbbRdvqIdtDHtJN20W76hPbQp7SXPqN99Dntpy8oi76kA/QVHaSv6RB943vQt3SEjtIx+o6O0/d0gk7SKTpNZ+gHOks/0jnyBCGGIpShCoMwJswRxoY5w7jwijBXeGWYO7wqjIRXh/HhNWGe8Nowb5gvzB8WCBPCgmGhUIcmtCGFYVg4LBJGw+vCouH1YbEQw+JhidCFJcPE8MawVHhTWDq8OSwT3hKWDW8Ny4Xlw4fvrRjeFlYKbw8rh3eEVcI7w6phtbB6WCO8K6wZ3h3WCu8Ja4f3hqXD+8K64f1hvfCBsH74YNggfChsGD4cNgofCRuHTcKmYbOwefho2CJ8LGwZtgpbh4+HbcInwrbhk2FS+FTYLnz6p/n7FvzxfHLYM+wVvhi+GHp/j5wbnRdNj74fnR9dEM2IfhBdGP0wmhldFF0cXRJdGl0WXR5dEV0ZXRVdHV0TXRtdF10f3RD1vkYOcOiEk065wMW4HC7W5XRx7gqXy13pcrurXMRd7eLdNS6Pu9bldflcflfAJbiCrpDTzjjryIWusCviou46V9Rd74q5G1xxV8I5V9IlumauuWvuWrjHXEvXyrV2j7vH3RPuCfeke9I95dq5p1179zfXwT3jOrpn3bPuOdfZdXFd3fOumxuX++f3ZLLr5Xq53q636+v6uv6uvxvgBriBbqBLcSlusBvshrghbqgb6oa5YW64G+5GuBFulBvlxrgxLtWluvFuvJvgJriJbqKb7Ca7NJfmprlpbrqb7irN+Hkvs91sN9fNdeku3c13588ZM9xCt9Bluky32C12S91St9wtdyvdSrfarXZr3Vq33q13G91Gt9ltdlvdVrfdbXc73A6301/186Juj9vr9rp9bp/b775wWe5Ld8B95Q66r90h94077L51R9xRd8x95467790Jd9KdcqfdGfeDO+t+dOecd6mRcZHxkbciEyJvRyZGJkUmR6ZE0iJTI9Mi70SmR2ZEZkbejcyKvBeZHZkTmRuZF0mPvB+ZH1kQyYh8EFkY+TCSGVkUWRxZElkaWRbxvuDm0Bf2RXzUX+eL+ut9MX+DL+5LeOdL+kR/oy/lb/Kl/c2+jL/Fl/W3+nK+vK/gH/GNfRPf1Dfzzf2jvoV/zLf0rXxr/7hv45/wbf2TPsk/5dv5p317/zffwT/jO/pnfSf/nO/su/iu/nnfzb/gu/sePtn39L38i7637+P7+n6+v3/JD/Av+4H+FZ/iB/nB/lU/xL/mh/rX/TD/hh8e86YfcfESGcb6VD/Oj/dv+Qn+bT/RT/KT/RSf5qf6af4dP93P8DP9u36Wf8/P9nP8XD/Pp/v3/Xy/wGf4D/xC/6HP9Isu3lT2y/0Kv9Kv8qv9Gr/Wr/Pr/Qa/0W/ym/0Wv9Vv89v9R36H/9jv9Lv8bv+J3+M/9Xv9Z36f/9zv91/4LP+lP+C/8gf91/6Q/8Yf9t/6I/6oP+a/88f99/6EP+lP+dP+jP/Bn/U/+nP8f9YYY4wxxv4p4y4Nxa9nfr6d3/N3csQvNu4FAFduKZD1y/nzZ5Rr8/487iMS2kQA4KkenR68+KhaNTk5+cK2mRKCInMALv5N0HkxcCleBK3hCUiCVlDqd+vvI7qcoX+wfvQWgLhf5MTCpfjS+p8BYPLvrP/o48Pnlw1Pxf8P688BKFbkUk5OuBQvgtY/3V9pBaX/oP58LX5Zf+xv18/5eSpAy1/k5IJL8aX6E+ExeBqSfrUlY4wxxhhjjDH2sz6iQoeL158X/8Xn712fJ6hLOTngUvyPrs8ZY4wxxhhjjDF2+T3TpeuTjyYlterwrw8q/6+y/ulBI/i/WvkvGdzxn1HGvzDwHuDiTxQA/JsLApwfyL/yKDb9JftKufDW+fuppad9AP8ZrfwzBpf5g4kxxhhjjDH2p7t00v/rn6vLVRBjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMZYN/RW/TuyX++tx+Q6VMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYu2z+XwAAAP//dMcCKA==") mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x109041, 0x0) mount$bind(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x81105a, 0x0) mount$bind(&(0x7f0000000880)='./file0/../file0\x00', &(0x7f0000000440)='./file0/file0\x00', 0x0, 0x1adc11, 0x0) mount$bind(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f0000000080)='./file0/file0/file0\x00', 0x0, 0x887008, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') read$FUSE(r0, &(0x7f0000006b40)={0x2020}, 0x206e) 1m55.877936684s ago: executing program 1 (id=109): syz_open_dev$ttys(0xc, 0x2, 0x0) socket$netlink(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0) syz_clone3(0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000fe5000/0x18000)=nil, &(0x7f00000001c0)=[@text16={0x10, 0x0}], 0x1, 0xe79b04dd2a128718, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000000)="0f080fae04a200400f01c426660f3a15e6160fc76bdbf08666350f2170260fed9c000066b9230b00000f32", 0x2b}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) syz_emit_ethernet(0x1a, &(0x7f0000000440)={@local, @remote, @void, {@llc={0x4, {@llc={0xaa, 0xd4, 's', "1839b3fd4aabb47e7a"}}}}}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) r6 = openat$binder_debug(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x1) socket$netlink(0x10, 0x3, 0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) r8 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r5, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', 0x0}) sendmsg$nl_route(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@ipv6_newnexthop={0x20, 0x68, 0x5fb9a818fb7378e9, 0x0, 0x25dfdbff, {}, [@NHA_OIF={0x8, 0x5, r9}]}, 0x20}}, 0x0) r10 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r10, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=@newnexthop={0x38, 0x68, 0x1, 0x100003, 0x7ffffffd, {}, [@NHA_GROUP={0xc, 0x2, [{0x1, 0x15}]}, @NHA_RES_GROUP={0xc, 0xc, 0x0, 0x1, [@NHA_RES_GROUP_BUCKETS={0x6, 0x1, 0x3fd4}]}, @NHA_GROUP_TYPE={0x6, 0x3, 0x1}]}, 0x38}, 0x1, 0x0, 0x0, 0x4008018}, 0x4000080) sendmsg$nl_route(r7, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0xc, 0x42, 0x40, 0x46}, 0x50) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) 1m55.112574875s ago: executing program 1 (id=114): ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x3, 0x7, 0x2, 0x17d, 0x4, 0x10, 0xf1, 0x50, 0x7fffffffffffe, 0x5, 0x0, 0x9, 0x0, 0x6, 0x0, 0xbd8], 0xffff1001, 0x120182}) syz_kvm_add_vcpu$x86(0x0, &(0x7f00000000c0)={0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000000000045000000040000000fa2"], 0x45}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f0000000240)=ANY=[@ANYBLOB="0100000000000000010000807e2a0000030079040000080000007ef9000000000000000000009cd2cabd63923a2d1bc631089fd6f9ce0eb5c100bfbf051c60"]) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1m53.037802141s ago: executing program 33 (id=114): ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x3, 0x7, 0x2, 0x17d, 0x4, 0x10, 0xf1, 0x50, 0x7fffffffffffe, 0x5, 0x0, 0x9, 0x0, 0x6, 0x0, 0xbd8], 0xffff1001, 0x120182}) syz_kvm_add_vcpu$x86(0x0, &(0x7f00000000c0)={0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000000000045000000040000000fa2"], 0x45}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f0000000240)=ANY=[@ANYBLOB="0100000000000000010000807e2a0000030079040000080000007ef9000000000000000000009cd2cabd63923a2d1bc631089fd6f9ce0eb5c100bfbf051c60"]) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1m26.391661366s ago: executing program 4 (id=214): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000000c0)={0xc}) r1 = epoll_create1(0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a, 0x0, 0x0, 0x0, 0x0, 0x2200}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @ip6erspan={{0xe}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x1, @dev}]}, 0x44}}, 0x4) fcntl$dupfd(r1, 0x2, 0xffffffffffffffff) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r4 = syz_io_uring_setup(0x88f, &(0x7f00000010c0)={0x0, 0xc941, 0x0, 0x2, 0xbfdffffc}, &(0x7f0000000000)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) r7 = socket$can_j1939(0x1d, 0x2, 0x7) syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r7, 0x73, &(0x7f00000000c0)=@can, 0x0, 0x0, 0x2}) io_uring_enter(r4, 0x47f6, 0x0, 0x4, 0x0, 0x0) 1m25.192642525s ago: executing program 4 (id=221): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000008}, 0xc, &(0x7f0000000100)={&(0x7f00000001c0)={0x3c, 0x3, 0x6, 0x401, 0x0, 0x0, {0x3, 0x0, 0x8}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x3c}, 0x1, 0x0, 0x0, 0x48040}, 0x4010) 1m24.967730428s ago: executing program 4 (id=222): r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) setsockopt$inet6_int(r0, 0x29, 0x3, &(0x7f0000004240)=0x40000006, 0x4) recvmmsg(r0, &(0x7f0000002640)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000680)=""/4096, 0x1000}, 0xcf}], 0x1, 0x3, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x20000001, &(0x7f0000000300)={0xa, 0x4e20, 0x5, @mcast1}, 0x1c) 1m24.60443844s ago: executing program 4 (id=225): syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000100)={[{@errors_remount}, {@discard}, {@time_offset={'time_offset', 0x3d, 0x2}}, {@errors_remount}, {@keep_last_dots}, {@gid}, {@zero_size_dir}, {@time_offset={'time_offset', 0x3d, 0x6}}, {@umask={'umask', 0x3d, 0x3ff}}, {@zero_size_dir}]}, 0x1, 0x1534, &(0x7f0000000380)="$eJzs3AucTtX6OPDnWWvtMSbpbZLLsNZ6Nm8SyyRJLklySZIkSXJLSJrkSEJiyC1pSJJch+QyhOQyMWnc7/dLQpI0SRKSW7L+H8Vfnep3zvmdfjmfM8/383k/1jNrP2s/+33ey94b83WnwdUb1qhSn4jg34I//5EMALEA0B8ArgKAAADKxJeJPz+fU2Lyv7cT9ud6MO1yV8AuJ+5/9sb9z964/9kb9z974/5nb9z/7I37n71x/xnLzjZOLXA1P7Lvg+////er+4cz/P3/XySr5OjPV5e8tjNAzD+bwv3P3rj//7WCf2Yj7n/2xv3PrmIvdwHsPwC//7ODHH84w/3P3rj/jGVnl/v+8+V+QCR7PweX+/XHGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYYyx7OOUvUQBwcXy562KMMcYYY4wxxtifx+e43BUwxhhjjDHGGGPs/x6CAAkKAoiBHBALOSEOBABcCbnhKojA1RAP10AeuBbyQj7IDwUgAQpCIdBgwAJBCIWhCEThOigK10MxuAGKQwlwUBIS4UYoBTdBabgZysAtUBZuhXJQHipARbgNKsHtUBnugCpwJ1SFalAdasBdUBPuhlpwD9SGe6EO3Ad14X6oBw9AfXgQGsBD0BAehkbwCDSGJtAUmkHz/1X+89ANXoDu0AOSoSf0ghehN/SBvtAP+sNLMABehoHwCqTAIBgMr8IQeA2GwuswDN6A4fAmjICRMApGwxgYC6kwDsbDWzAB3oaJMAkmwxRIg6kwDd6B6TADZsK7MAveg9kwB+bCPEiH92E+LIAM+AAWwoeQCYtgMSyBpbAMlsMKWAmrYDWsgbWwDtbDBtgIm2AzbIGtsA22w0ewAz6GnbALdsMnsAc+/RfzT/5dfmcEBBQoUKHCGIzBWIzFOIzDXJgLc2NujGAE4zEe82AezIt5MT/mxwRMwEJYCA0aJCQsjIUxilEsikWxGBbD4lgcHTpMxEQshTdhaSyNZbAMlsWyWA7LY3msiBWxElbCylgZq2AVrIpVsTpWx7vwLuyJtbAW1sbaWAfrXLw9hfWxPjbABtgQG2IjbISNsTE2xabYHJtjC2yBLbEltsbW2AbbYFtsi0mYhO2wHbbH9tgBO2BH7IidsBN2xi7YJev5HIAv4AvYA6uKntgLe2FvTMnRF/thP3wJB+DL+DK+gik4CAfjq/gqvoZD8QQOwzdwOA7HSmIkjsLRSGIspmIqjsfxOAEn4ESchJNwCqbhVJyG03A6zsAZ+C7OwvfwPZyDc3AepmM6zscFmIEZuBBPYiYuwsW4BJfiMlyKK3AlrsDVuAZX4zpchxtwA27CTbgFt+A23AYfoQLAj3EX7sIU3IN7cC/uxX24D/fjfszCLDyAB/AgHsRDeAgP42E8gkfxGB7F43gcT+BJPIWn8AyewbP4bMKXDT66YVUKiPOUUCJGxIhYESviRJzIJXKJ3CK3iIiIiBfxIo/II/KKvCK/yC8SRIIoJAoJI4wgEcYAgIiKqCgqiopiopgoLooLJ5xIFImilCglSovSooy4RZQVt4pyorxo5SqKiqKSaO0qiztEFVFFVBXVRHVRQ9QQNUVNUUvUErVFbVFH1BF1xf2inuiJffFBcb4zDcUgbCQGY2PRRMgLn2AtxFBsKVqJ1uJx8QYOw7aihUsST4l2YhS2F38To/EZ0VGMxU7iOdFZdBFdxfOim2jpuoseYiL2FL3EFOwt+oi+op+YjtXEuzgrZ3XxikgRg8Rg8aqYh6+JoeJ1MeynI31TjBAjxSgxWowRY0WqGCfGi7fEBPG2mCgmicliikgTU8U08Y6YLmaImeJdMUu8J2aLOWKumCfSxftivlggMsQHYqH4UGSKRWKxWCKWimViuVghVopVYrVYI9aKdWK92CA2ik1is9gitoptYrv4SOwQH4udYpfYLT4Re8SnYq/4TOwTn4v94guRJb4UB8RX4qD4WhwS34jD4ltxRBwVx8R34rj4XpwQJ8UpcVqcET+Is+JHcU54ARKlkFIqGcgYmUPGypwyTl4hc8ngwrN7tYyX18g88lqZV+aT+WUBmSALykJSSyOtJBnKwrKIjMrrZFF5vSwmb5DFZQnpZEmZKG+UpeRNsrS8WZaRt8iy8lZZTpaXFWRFeZusJG+XEPl5H1VlNVld1pB3yWS4W9aS98ja8l5ZR94n68r7ZT35gKwvH5QN5EOyoXxYNpKPyMayiWwqm8nm8lHZQj4mW8pWsrV8XLaRT8i28kmZJJ+S7aS/8BJ5RnaUz8pO8jnZWXaRXeWP8pz0srvsIaEnyF7yRdlb9pF9ZT/ZX74kB8iX5UD5ikyRg+Rg+aocIl+TQ+Xrcph8Qw6Xb8oRcqQcJUfLMXKsTJXj5Hj5lpwg35YT5SQ5WU6RaXKq7HthpZlS/sP8t34nf+BPe98gN8pNcrPcIrfKbXK7/EjukDvkTrlT7pa75R65R+6Ve+U+uU/ul/tllsySB+QBeVAelIfkIXlYHpZH5FF5Wn4nj8vv5Ql5Up6Up+UZeUaevfAcgEIllFRKBSpG5VCxKqeKU1eoXOpKlVtdpSLqahWvrlF51LUqr8qn8qsCKkEVVIWUVkZZRSpUhVURFVXX4YUXjCquSiinSqpEdeO/kq+KqutVMXXDr/Iv1pf8B/U1V81VC9VCtVQtVWvVWrVRbVRb1VYlqSTVTrVT7VV71UF1UB1VR9VJdVKdVWfVVXVV3VQ31V11V8kqWfVSL6reqo/qq/qp/uolNUANUAPVQJWiUtRgNVgNUUPUUDVUDVPD1HA1XI1QI9QoNUqNUWNUqkpV49V4NUFNUBPVRDVZTVZpKk1NU9PUdDVdzVQz1Sw1S81Ws9VcNVelq3Q1X81XGSpDLVQLVaZapBapJWqJWqaWqRVqhVqlVqk1ao1ap9apTLVRbVSb1Wa1VW1V29V2tUPtUDvVTrVb7VZ71B61V+1V+9Q+tV/tV1kqSx1QB9RBdVAdUofUYXVYHVFH1DF1TB1Xx9UJdUKdUqfUGXVGnVVn1Tl17vxpXyACEahABTFBTBAbxAZxQVyQK8gV5A5yB5EgEsQH8UGe4Nogb5AvyB8UCBKCgkGhQAcmsIG40PRocF1QNLg+KBbcEBQPSgQuKBkkBjcGpYKbgtLBzUGZ4JagbHBrUC4oH1QIKga3BZWC24PKwR1BleDOoGpQLage1AjuCmoGdwe1gnuC2sG9QZ3gvqBucH9QL3ggqB88GDQIHgoaBg8HjYJHgsZBk6Bp0Cxo/qeu7/2JfI+57rqHTtY9dS/9ou6t++i+up/ur1/SA/TLeqB+RafoQXqwflUP0a/pofp1PUy/oYfrN/UIPVKP0qP1GD1Wp+pxerx+S0/Qb+uJepKerKfoND1VT9Pv6Ol6hp6p39Wz9Ht6tp6j5+p5Ol2/r+frBTpDf6AX6g91pl6kF+sleqleppfrFXqlXqVX6zV6rV6n1+sNeqPepDfrLXqr3qa364/0Dv2x3ql36d36E71Hf6r36s/0Pv253q+/0Fn6S31Af6UP6q/1If2NPqy/1Uf0UX1Mf6eP6+/1CX1Sn9Kn9Rn9gz6rf9TntD9/cn/+690oo0yMiTGxJtbEmTiTy+QyuU1uEzERE2/iTR6Tx+Q1eU1+k98kmARTyBQy55EhU9gUNlETNUVNUVPMFDPFTXHjjDOJJtGUMqVMaVPalDFlTFlT1pQz5UwFU8HcZm4zt5vbzR3mDnOnudNUM9VMDVPD1DQ1TS1Ty9Q2tU0dU8fUNXVNPVPP1Df1TQPTwDQ0DU0j08g0No1NU9PUNDfNTQvTwrQ0LU1r09q0MW1MW9PWJJkk0860M+1Ne9PBdDAdTUfTyXQynU1n09V0Nd1MN9PddDfJJtn0Mr1Mb9Pb9DV9TX/T3wwwA8xAM9CkmBQz2Aw2Q8wQM9QMNcPMG2b4+RNVM9KMMqPNGDPWpJpUM96MNxPMBDPRTDSTzWSTZtLMNDPNTDfTzUwz08wys8xsM9vMNXNNukk38818k2EyzEKz0GSaTLPYLDZLzVKz3Cw3K81Ks9qsNmthrVlv1puNZqPZbDabrWar2W62mx1mh9lpdprdZrfZY/aYvWav2Wf2mf1mv8kyWeaAOWAOmoPmkDlkDpvD5og5Yo6ZY+a4OW5OmBPmlDllzph8F74vvYm1OW2cvcLmslfa3PYq+/dxflvAJtiCtpDVNq/N96vYWGuL2RtscVvCOlvSJtobfxOXs+VtBVvR3mYr2dtt5d/ENe3dtpa9x9a299oa9q5fxXXsfbaufdjWQwSwTWwD28w2tA/bRvYR29g2sU1tM9vGPmHb2idtkn3KtrNP/yaebxfYlXaVXW3X2J12lz1lT9uD9mt7xv5gu9setr99yQ6wL9uB9hWbYgf9Jh5u37Qj7Eg7yo62Y+zY38ST7RSbZqfaafYdO93O+E2cbt+3s2yGnW3n2Ll23k/x+Zoy7Ad2of3QZtoAFtsldqldZpfbFf+/1iV2nV1vN9gd9mO72W6xW+02u/3iibDdZXfbT+we+6k9YL+y++zndr89ZLPslz/F54/vkP3GHrbf2iP2qD1mv7PH7ffqp9yRvQHsD/Y7+6M9Z70FQgKSpCigGMpBsZST4ugKykVXUm66iiJ0NcXTNZSHrqW8lI/yUwFKoIJUiDQZskQUUmEqQlG6ji6WV5xKkKOSlEg3Uim6iUrTzVSGbqGydCuVo/JUgSrSbVSJbqfKdAdVoTupKlWj6lSD7qKadDfVonuoNt1Ldeg+qkv3Uz16gOrTg9SAHqKG9DA1okeoMTWhptSMmtOj1IIeo5bUilrT49SGnqC29CQl0VPUjp6m9vQ36kDPUEd6ljrRc9SZulBXep660QvUnXpQMvWkXvQi9aY+1Jf6UX96iQbQyzSQXqEUGkSD6VUaQq/RUHqdhtEbNJzepBE0kkbRaBpDYymVxtF4eosm0Ns0kSbRZJpCaTSVptE7NJ1m0Ex6l2bRezSb5tBcmkfp9D7NpwWUQR/QQvqQMmkRLaYltJSW0XJaQStpFa2mNbSW1tF62kAbaRNtpi20lbbRdvqIdtDHtJN20W76hPbQp7SXPqN99Dntpy8oi76kA/QVHaSv6RB943vQt3SEjtIx+o6O0/d0gk7SKTpNZ+gHOks/0jnyBCGGIpShCoMwJswRxoY5w7jwijBXeGWYO7wqjIRXh/HhNWGe8Nowb5gvzB8WCBPCgmGhUIcmtCGFYVg4LBJGw+vCouH1YbEQw+JhidCFJcPE8MawVHhTWDq8OSwT3hKWDW8Ny4Xlw4fvrRjeFlYKbw8rh3eEVcI7w6phtbB6WCO8K6wZ3h3WCu8Ja4f3hqXD+8K64f1hvfCBsH74YNggfChsGD4cNgofCRuHTcKmYbOwefho2CJ8LGwZtgpbh4+HbcInwrbhk2FS+FTYLnz6p/n7FvzxfHLYM+wVvhi+GHp/j5wbnRdNj74fnR9dEM2IfhBdGP0wmhldFF0cXRJdGl0WXR5dEV0ZXRVdHV0TXRtdF10f3RD1vkYOcOiEk065wMW4HC7W5XRx7gqXy13pcrurXMRd7eLdNS6Pu9bldflcflfAJbiCrpDTzjjryIWusCviou46V9Rd74q5G1xxV8I5V9IlumauuWvuWrjHXEvXyrV2j7vH3RPuCfeke9I95dq5p1179zfXwT3jOrpn3bPuOdfZdXFd3fOumxuX++f3ZLLr5Xq53q636+v6uv6uvxvgBriBbqBLcSlusBvshrghbqgb6oa5YW64G+5GuBFulBvlxrgxLtWluvFuvJvgJriJbqKb7Ca7NJfmprlpbrqb7irN+Hkvs91sN9fNdeku3c13588ZM9xCt9Bluky32C12S91St9wtdyvdSrfarXZr3Vq33q13G91Gt9ltdlvdVrfdbXc73A6301/186Juj9vr9rp9bp/b775wWe5Ld8B95Q66r90h94077L51R9xRd8x95467790Jd9KdcqfdGfeDO+t+dOecd6mRcZHxkbciEyJvRyZGJkUmR6ZE0iJTI9Mi70SmR2ZEZkbejcyKvBeZHZkTmRuZF0mPvB+ZH1kQyYh8EFkY+TCSGVkUWRxZElkaWRbxvuDm0Bf2RXzUX+eL+ut9MX+DL+5LeOdL+kR/oy/lb/Kl/c2+jL/Fl/W3+nK+vK/gH/GNfRPf1Dfzzf2jvoV/zLf0rXxr/7hv45/wbf2TPsk/5dv5p317/zffwT/jO/pnfSf/nO/su/iu/nnfzb/gu/sePtn39L38i7637+P7+n6+v3/JD/Av+4H+FZ/iB/nB/lU/xL/mh/rX/TD/hh8e86YfcfESGcb6VD/Oj/dv+Qn+bT/RT/KT/RSf5qf6af4dP93P8DP9u36Wf8/P9nP8XD/Pp/v3/Xy/wGf4D/xC/6HP9Isu3lT2y/0Kv9Kv8qv9Gr/Wr/Pr/Qa/0W/ym/0Wv9Vv89v9R36H/9jv9Lv8bv+J3+M/9Xv9Z36f/9zv91/4LP+lP+C/8gf91/6Q/8Yf9t/6I/6oP+a/88f99/6EP+lP+dP+jP/Bn/U/+nP8f9YYY4wxxv4p4y4Nxa9nfr6d3/N3csQvNu4FAFduKZD1y/nzZ5Rr8/487iMS2kQA4KkenR68+KhaNTk5+cK2mRKCInMALv5N0HkxcCleBK3hCUiCVlDqd+vvI7qcoX+wfvQWgLhf5MTCpfjS+p8BYPLvrP/o48Pnlw1Pxf8P688BKFbkUk5OuBQvgtY/3V9pBaX/oP58LX5Zf+xv18/5eSpAy1/k5IJL8aX6E+ExeBqSfrUlY4wxxhhjjDH2sz6iQoeL158X/8Xn712fJ6hLOTngUvyPrs8ZY4wxxhhjjDF2+T3TpeuTjyYlterwrw8q/6+y/ulBI/i/WvkvGdzxn1HGvzDwHuDiTxQA/JsLApwfyL/yKDb9JftKufDW+fuppad9AP8ZrfwzBpf5g4kxxhhjjDH2p7t00v/rn6vLVRBjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMZYN/RW/TuyX++tx+Q6VMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYu2z+XwAAAP//dMcCKA==") mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x109041, 0x0) mount$bind(0x0, 0x0, 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x81105a, 0x0) mount$bind(&(0x7f0000000880)='./file0/../file0\x00', &(0x7f0000000440)='./file0/file0\x00', 0x0, 0x1adc11, 0x0) mount$bind(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f0000000080)='./file0/file0/file0\x00', 0x0, 0x887008, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') read$FUSE(r0, &(0x7f0000006b40)={0x2020}, 0x206e) 1m23.299092638s ago: executing program 4 (id=228): r0 = socket$inet6_udplite(0xa, 0x2, 0x88) sendmsg$inet6(r0, &(0x7f0000002280)={&(0x7f0000001e40)={0xa, 0x4e24, 0x0, @mcast1, 0x2}, 0x1c, 0x0, 0x0, 0x0, 0x5b0}, 0x20008001) sendmsg$inet6(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f00000022c0)="f14889c2ad234ad6f0a71da72859c7c1e176134eff431253493482c723f8633d838bf127", 0x24}], 0x1}, 0x20000044) 1m22.544673348s ago: executing program 4 (id=229): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr(aes-aesni)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x800) sendmsg$NFT_BATCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000002640)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [], {0x14, 0x11, 0x1, 0x0, 0x0, {0x6}}}, 0x28}, 0x1, 0x0, 0x0, 0x4000014}, 0x80c5) recvmsg$unix(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f00000006c0)=""/105, 0x69}], 0x1}, 0x2160) 1m21.30669892s ago: executing program 34 (id=229): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr(aes-aesni)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x800) sendmsg$NFT_BATCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000002640)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [], {0x14, 0x11, 0x1, 0x0, 0x0, {0x6}}}, 0x28}, 0x1, 0x0, 0x0, 0x4000014}, 0x80c5) recvmsg$unix(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f00000006c0)=""/105, 0x69}], 0x1}, 0x2160) 1m7.096754294s ago: executing program 3 (id=276): r0 = socket(0x1e, 0x4, 0x0) connect$tipc(r0, &(0x7f0000000040)=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x10) sendmmsg$unix(r0, 0x0, 0x0, 0x0) setsockopt$TIPC_IMPORTANCE(r0, 0x10f, 0x7f, &(0x7f0000000480)=0x7, 0x4) 1m6.860571733s ago: executing program 3 (id=278): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000007c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000000300)=[{{0x0, 0x0, 0x0}, 0xffffff0b}, {{0x0, 0x0, 0x0}, 0xf}], 0x2, 0x2101, 0x0) 1m6.658863002s ago: executing program 3 (id=280): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000600), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000003c0)={0x9c9, 0x0, 0x0, 'queue1\x00', 0x200000}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r0, 0x40605346, 0x0) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x8882) write$sndseq(r1, &(0x7f0000000140)=[{0x1f, 0x0, 0x0, 0xfd, @tick=0x4, {}, {}, @raw32}], 0x1c) 1m6.424706871s ago: executing program 3 (id=281): syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000100)={[{@errors_remount}, {@discard}, {@time_offset={'time_offset', 0x3d, 0x2}}, {@errors_remount}, {@keep_last_dots}, {@gid}, {@zero_size_dir}, {@time_offset={'time_offset', 0x3d, 0x6}}, {@umask={'umask', 0x3d, 0x3ff}}, {@zero_size_dir}]}, 0x1, 0x1534, &(0x7f0000000380)="$eJzs3AucTtX6OPDnWWvtMSbpbZLLsNZ6Nm8SyyRJLklySZIkSXJLSJrkSEJiyC1pSJJch+QyhOQyMWnc7/dLQpI0SRKSW7L+H8Vfnep3zvmdfjmfM8/383k/1jNrP2s/+33ey94b83WnwdUb1qhSn4jg34I//5EMALEA0B8ArgKAAADKxJeJPz+fU2Lyv7cT9ud6MO1yV8AuJ+5/9sb9z964/9kb9z974/5nb9z/7I37n71x/xnLzjZOLXA1P7Lvg+////er+4cz/P3/XySr5OjPV5e8tjNAzD+bwv3P3rj//7WCf2Yj7n/2xv3PrmIvdwHsPwC//7ODHH84w/3P3rj/jGVnl/v+8+V+QCR7PweX+/XHGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYYyx7OOUvUQBwcXy562KMMcYYY4wxxtifx+e43BUwxhhjjDHGGGPs/x6CAAkKAoiBHBALOSEOBABcCbnhKojA1RAP10AeuBbyQj7IDwUgAQpCIdBgwAJBCIWhCEThOigK10MxuAGKQwlwUBIS4UYoBTdBabgZysAtUBZuhXJQHipARbgNKsHtUBnugCpwJ1SFalAdasBdUBPuhlpwD9SGe6EO3Ad14X6oBw9AfXgQGsBD0BAehkbwCDSGJtAUmkHz/1X+89ANXoDu0AOSoSf0ghehN/SBvtAP+sNLMABehoHwCqTAIBgMr8IQeA2GwuswDN6A4fAmjICRMApGwxgYC6kwDsbDWzAB3oaJMAkmwxRIg6kwDd6B6TADZsK7MAveg9kwB+bCPEiH92E+LIAM+AAWwoeQCYtgMSyBpbAMlsMKWAmrYDWsgbWwDtbDBtgIm2AzbIGtsA22w0ewAz6GnbALdsMnsAc+/RfzT/5dfmcEBBQoUKHCGIzBWIzFOIzDXJgLc2NujGAE4zEe82AezIt5MT/mxwRMwEJYCA0aJCQsjIUxilEsikWxGBbD4lgcHTpMxEQshTdhaSyNZbAMlsWyWA7LY3msiBWxElbCylgZq2AVrIpVsTpWx7vwLuyJtbAW1sbaWAfrXLw9hfWxPjbABtgQG2IjbISNsTE2xabYHJtjC2yBLbEltsbW2AbbYFtsi0mYhO2wHbbH9tgBO2BH7IidsBN2xi7YJev5HIAv4AvYA6uKntgLe2FvTMnRF/thP3wJB+DL+DK+gik4CAfjq/gqvoZD8QQOwzdwOA7HSmIkjsLRSGIspmIqjsfxOAEn4ESchJNwCqbhVJyG03A6zsAZ+C7OwvfwPZyDc3AepmM6zscFmIEZuBBPYiYuwsW4BJfiMlyKK3AlrsDVuAZX4zpchxtwA27CTbgFt+A23AYfoQLAj3EX7sIU3IN7cC/uxX24D/fjfszCLDyAB/AgHsRDeAgP42E8gkfxGB7F43gcT+BJPIWn8AyewbP4bMKXDT66YVUKiPOUUCJGxIhYESviRJzIJXKJ3CK3iIiIiBfxIo/II/KKvCK/yC8SRIIoJAoJI4wgEcYAgIiKqCgqiopiopgoLooLJ5xIFImilCglSovSooy4RZQVt4pyorxo5SqKiqKSaO0qiztEFVFFVBXVRHVRQ9QQNUVNUUvUErVFbVFH1BF1xf2inuiJffFBcb4zDcUgbCQGY2PRRMgLn2AtxFBsKVqJ1uJx8QYOw7aihUsST4l2YhS2F38To/EZ0VGMxU7iOdFZdBFdxfOim2jpuoseYiL2FL3EFOwt+oi+op+YjtXEuzgrZ3XxikgRg8Rg8aqYh6+JoeJ1MeynI31TjBAjxSgxWowRY0WqGCfGi7fEBPG2mCgmicliikgTU8U08Y6YLmaImeJdMUu8J2aLOWKumCfSxftivlggMsQHYqH4UGSKRWKxWCKWimViuVghVopVYrVYI9aKdWK92CA2ik1is9gitoptYrv4SOwQH4udYpfYLT4Re8SnYq/4TOwTn4v94guRJb4UB8RX4qD4WhwS34jD4ltxRBwVx8R34rj4XpwQJ8UpcVqcET+Is+JHcU54ARKlkFIqGcgYmUPGypwyTl4hc8ngwrN7tYyX18g88lqZV+aT+WUBmSALykJSSyOtJBnKwrKIjMrrZFF5vSwmb5DFZQnpZEmZKG+UpeRNsrS8WZaRt8iy8lZZTpaXFWRFeZusJG+XEPl5H1VlNVld1pB3yWS4W9aS98ja8l5ZR94n68r7ZT35gKwvH5QN5EOyoXxYNpKPyMayiWwqm8nm8lHZQj4mW8pWsrV8XLaRT8i28kmZJJ+S7aS/8BJ5RnaUz8pO8jnZWXaRXeWP8pz0srvsIaEnyF7yRdlb9pF9ZT/ZX74kB8iX5UD5ikyRg+Rg+aocIl+TQ+Xrcph8Qw6Xb8oRcqQcJUfLMXKsTJXj5Hj5lpwg35YT5SQ5WU6RaXKq7HthpZlS/sP8t34nf+BPe98gN8pNcrPcIrfKbXK7/EjukDvkTrlT7pa75R65R+6Ve+U+uU/ul/tllsySB+QBeVAelIfkIXlYHpZH5FF5Wn4nj8vv5Ql5Up6Up+UZeUaevfAcgEIllFRKBSpG5VCxKqeKU1eoXOpKlVtdpSLqahWvrlF51LUqr8qn8qsCKkEVVIWUVkZZRSpUhVURFVXX4YUXjCquSiinSqpEdeO/kq+KqutVMXXDr/Iv1pf8B/U1V81VC9VCtVQtVWvVWrVRbVRb1VYlqSTVTrVT7VV71UF1UB1VR9VJdVKdVWfVVXVV3VQ31V11V8kqWfVSL6reqo/qq/qp/uolNUANUAPVQJWiUtRgNVgNUUPUUDVUDVPD1HA1XI1QI9QoNUqNUWNUqkpV49V4NUFNUBPVRDVZTVZpKk1NU9PUdDVdzVQz1Sw1S81Ws9VcNVelq3Q1X81XGSpDLVQLVaZapBapJWqJWqaWqRVqhVqlVqk1ao1ap9apTLVRbVSb1Wa1VW1V29V2tUPtUDvVTrVb7VZ71B61V+1V+9Q+tV/tV1kqSx1QB9RBdVAdUofUYXVYHVFH1DF1TB1Xx9UJdUKdUqfUGXVGnVVn1Tl17vxpXyACEahABTFBTBAbxAZxQVyQK8gV5A5yB5EgEsQH8UGe4Nogb5AvyB8UCBKCgkGhQAcmsIG40PRocF1QNLg+KBbcEBQPSgQuKBkkBjcGpYKbgtLBzUGZ4JagbHBrUC4oH1QIKga3BZWC24PKwR1BleDOoGpQLage1AjuCmoGdwe1gnuC2sG9QZ3gvqBucH9QL3ggqB88GDQIHgoaBg8HjYJHgsZBk6Bp0Cxo/qeu7/2JfI+57rqHTtY9dS/9ou6t++i+up/ur1/SA/TLeqB+RafoQXqwflUP0a/pofp1PUy/oYfrN/UIPVKP0qP1GD1Wp+pxerx+S0/Qb+uJepKerKfoND1VT9Pv6Ol6hp6p39Wz9Ht6tp6j5+p5Ol2/r+frBTpDf6AX6g91pl6kF+sleqleppfrFXqlXqVX6zV6rV6n1+sNeqPepDfrLXqr3qa364/0Dv2x3ql36d36E71Hf6r36s/0Pv253q+/0Fn6S31Af6UP6q/1If2NPqy/1Uf0UX1Mf6eP6+/1CX1Sn9Kn9Rn9gz6rf9TntD9/cn/+690oo0yMiTGxJtbEmTiTy+QyuU1uEzERE2/iTR6Tx+Q1eU1+k98kmARTyBQy55EhU9gUNlETNUVNUVPMFDPFTXHjjDOJJtGUMqVMaVPalDFlTFlT1pQz5UwFU8HcZm4zt5vbzR3mDnOnudNUM9VMDVPD1DQ1TS1Ty9Q2tU0dU8fUNXVNPVPP1Df1TQPTwDQ0DU0j08g0No1NU9PUNDfNTQvTwrQ0LU1r09q0MW1MW9PWJJkk0860M+1Ne9PBdDAdTUfTyXQynU1n09V0Nd1MN9PddDfJJtn0Mr1Mb9Pb9DV9TX/T3wwwA8xAM9CkmBQz2Aw2Q8wQM9QMNcPMG2b4+RNVM9KMMqPNGDPWpJpUM96MNxPMBDPRTDSTzWSTZtLMNDPNTDfTzUwz08wys8xsM9vMNXNNukk38818k2EyzEKz0GSaTLPYLDZLzVKz3Cw3K81Ks9qsNmthrVlv1puNZqPZbDabrWar2W62mx1mh9lpdprdZrfZY/aYvWav2Wf2mf1mv8kyWeaAOWAOmoPmkDlkDpvD5og5Yo6ZY+a4OW5OmBPmlDllzph8F74vvYm1OW2cvcLmslfa3PYq+/dxflvAJtiCtpDVNq/N96vYWGuL2RtscVvCOlvSJtobfxOXs+VtBVvR3mYr2dtt5d/ENe3dtpa9x9a299oa9q5fxXXsfbaufdjWQwSwTWwD28w2tA/bRvYR29g2sU1tM9vGPmHb2idtkn3KtrNP/yaebxfYlXaVXW3X2J12lz1lT9uD9mt7xv5gu9setr99yQ6wL9uB9hWbYgf9Jh5u37Qj7Eg7yo62Y+zY38ST7RSbZqfaafYdO93O+E2cbt+3s2yGnW3n2Ll23k/x+Zoy7Ad2of3QZtoAFtsldqldZpfbFf+/1iV2nV1vN9gd9mO72W6xW+02u/3iibDdZXfbT+we+6k9YL+y++zndr89ZLPslz/F54/vkP3GHrbf2iP2qD1mv7PH7ffqp9yRvQHsD/Y7+6M9Z70FQgKSpCigGMpBsZST4ugKykVXUm66iiJ0NcXTNZSHrqW8lI/yUwFKoIJUiDQZskQUUmEqQlG6ji6WV5xKkKOSlEg3Uim6iUrTzVSGbqGydCuVo/JUgSrSbVSJbqfKdAdVoTupKlWj6lSD7qKadDfVonuoNt1Ldeg+qkv3Uz16gOrTg9SAHqKG9DA1okeoMTWhptSMmtOj1IIeo5bUilrT49SGnqC29CQl0VPUjp6m9vQ36kDPUEd6ljrRc9SZulBXep660QvUnXpQMvWkXvQi9aY+1Jf6UX96iQbQyzSQXqEUGkSD6VUaQq/RUHqdhtEbNJzepBE0kkbRaBpDYymVxtF4eosm0Ns0kSbRZJpCaTSVptE7NJ1m0Ex6l2bRezSb5tBcmkfp9D7NpwWUQR/QQvqQMmkRLaYltJSW0XJaQStpFa2mNbSW1tF62kAbaRNtpi20lbbRdvqIdtDHtJN20W76hPbQp7SXPqN99Dntpy8oi76kA/QVHaSv6RB943vQt3SEjtIx+o6O0/d0gk7SKTpNZ+gHOks/0jnyBCGGIpShCoMwJswRxoY5w7jwijBXeGWYO7wqjIRXh/HhNWGe8Nowb5gvzB8WCBPCgmGhUIcmtCGFYVg4LBJGw+vCouH1YbEQw+JhidCFJcPE8MawVHhTWDq8OSwT3hKWDW8Ny4Xlw4fvrRjeFlYKbw8rh3eEVcI7w6phtbB6WCO8K6wZ3h3WCu8Ja4f3hqXD+8K64f1hvfCBsH74YNggfChsGD4cNgofCRuHTcKmYbOwefho2CJ8LGwZtgpbh4+HbcInwrbhk2FS+FTYLnz6p/n7FvzxfHLYM+wVvhi+GHp/j5wbnRdNj74fnR9dEM2IfhBdGP0wmhldFF0cXRJdGl0WXR5dEV0ZXRVdHV0TXRtdF10f3RD1vkYOcOiEk065wMW4HC7W5XRx7gqXy13pcrurXMRd7eLdNS6Pu9bldflcflfAJbiCrpDTzjjryIWusCviou46V9Rd74q5G1xxV8I5V9IlumauuWvuWrjHXEvXyrV2j7vH3RPuCfeke9I95dq5p1179zfXwT3jOrpn3bPuOdfZdXFd3fOumxuX++f3ZLLr5Xq53q636+v6uv6uvxvgBriBbqBLcSlusBvshrghbqgb6oa5YW64G+5GuBFulBvlxrgxLtWluvFuvJvgJriJbqKb7Ca7NJfmprlpbrqb7irN+Hkvs91sN9fNdeku3c13588ZM9xCt9Bluky32C12S91St9wtdyvdSrfarXZr3Vq33q13G91Gt9ltdlvdVrfdbXc73A6301/186Juj9vr9rp9bp/b775wWe5Ld8B95Q66r90h94077L51R9xRd8x95467790Jd9KdcqfdGfeDO+t+dOecd6mRcZHxkbciEyJvRyZGJkUmR6ZE0iJTI9Mi70SmR2ZEZkbejcyKvBeZHZkTmRuZF0mPvB+ZH1kQyYh8EFkY+TCSGVkUWRxZElkaWRbxvuDm0Bf2RXzUX+eL+ut9MX+DL+5LeOdL+kR/oy/lb/Kl/c2+jL/Fl/W3+nK+vK/gH/GNfRPf1Dfzzf2jvoV/zLf0rXxr/7hv45/wbf2TPsk/5dv5p317/zffwT/jO/pnfSf/nO/su/iu/nnfzb/gu/sePtn39L38i7637+P7+n6+v3/JD/Av+4H+FZ/iB/nB/lU/xL/mh/rX/TD/hh8e86YfcfESGcb6VD/Oj/dv+Qn+bT/RT/KT/RSf5qf6af4dP93P8DP9u36Wf8/P9nP8XD/Pp/v3/Xy/wGf4D/xC/6HP9Isu3lT2y/0Kv9Kv8qv9Gr/Wr/Pr/Qa/0W/ym/0Wv9Vv89v9R36H/9jv9Lv8bv+J3+M/9Xv9Z36f/9zv91/4LP+lP+C/8gf91/6Q/8Yf9t/6I/6oP+a/88f99/6EP+lP+dP+jP/Bn/U/+nP8f9YYY4wxxv4p4y4Nxa9nfr6d3/N3csQvNu4FAFduKZD1y/nzZ5Rr8/487iMS2kQA4KkenR68+KhaNTk5+cK2mRKCInMALv5N0HkxcCleBK3hCUiCVlDqd+vvI7qcoX+wfvQWgLhf5MTCpfjS+p8BYPLvrP/o48Pnlw1Pxf8P688BKFbkUk5OuBQvgtY/3V9pBaX/oP58LX5Zf+xv18/5eSpAy1/k5IJL8aX6E+ExeBqSfrUlY4wxxhhjjDH2sz6iQoeL158X/8Xn712fJ6hLOTngUvyPrs8ZY4wxxhhjjDF2+T3TpeuTjyYlterwrw8q/6+y/ulBI/i/WvkvGdzxn1HGvzDwHuDiTxQA/JsLApwfyL/yKDb9JftKufDW+fuppad9AP8ZrfwzBpf5g4kxxhhjjDH2p7t00v/rn6vLVRBjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMZYN/RW/TuyX++tx+Q6VMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYu2z+XwAAAP//dMcCKA==") mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x109041, 0x0) mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x100000, 0x0) mount$bind(&(0x7f0000000040)='./file0/file0\x00', 0x0, 0x0, 0x81105a, 0x0) mount$bind(&(0x7f0000000880)='./file0/../file0\x00', &(0x7f0000000440)='./file0/file0\x00', 0x0, 0x1adc11, 0x0) mount$bind(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f0000000080)='./file0/file0/file0\x00', 0x0, 0x887008, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') read$FUSE(r0, &(0x7f0000006b40)={0x2020}, 0x206e) 1m5.804272093s ago: executing program 3 (id=283): dup(0xffffffffffffffff) socket$inet6_tcp(0xa, 0x1, 0x0) syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000040)='./file0\x00', 0x2008080, &(0x7f0000000340)={[{@iocharset={'iocharset', 0x3d, 'cp869'}}, {@rodir}, {@numtail}, {@numtail}, {@uni_xlateno}, {@fat=@errors_continue}, {@iocharset={'iocharset', 0x3d, 'none'}}, {@rodir}, {@rodir}, {@iocharset={'iocharset', 0x3d, 'ascii'}}, {@utf8}, {@rodir}, {@utf8no}, {@rodir}]}, 0x81, 0x2c5, &(0x7f0000000840)="$eJzs3T+LI2UYAPBnNpPdrAqbWiwGtLBabu8T3CIrHKZSptBGDy8HkoSDDQRyirmr7AUrv4PfwQ9g4zewsBTsvEIcSWaSTbKT9SIxK3e/X5Mn877PO+8/smFh3nz21qD38PHw0bOvfolWK4mDe3EvnifRjoOYexoAwMvkeVHE70Up4vDGuumsvDip3h3sp4cAwK4t/f1PIiK57f4AAP+9jz7+5IPzTufiwyxrRQy+GeXTrwCDZJSX5eeP4ovoRzfuxEn8GVEslPEb9zsXkWbZ/J8Bo+PIIwaf/lS9P/8tYpZ/FifRvp7//v3OxVlWincGk1E+vfP0tRmvJRHnRfWV5G75UjSjauQq/25NfuSH8e7b31f9/6sbp3ESP38ej6MfD2dNXOV/fZZl7xXf/fFlOYI8IpmM8qNZvStFYz8rAgAAAAAAAAAAAAAAAAAAAADAq+A0W2gvn59TFFX5aX357HygRs35QNUJP5Ol83XuZFk2P8ZnlDejzE/jzTTSWx08AAAAAAAAAAAAAAAAAAAA/E8Mx096D/r97uVK8GOxfqUmqJ7oj+pKulSUrhbd3E5N0Psh4unWWf8UHPce9KNRda2fRKzVmQ/ohRtMN1c+erGORXvWsbp24mDTHKb9KDv/7TaTsLToW01d8S8mfH6j6Sa5oXIjhuNW/SZZ2pnHVWOXw9kCHW/atKtBUTN1jY1ZhzvaY4ev73bTTkfcXEzmap3WdCWXJrO5qZ3pNt3+7uufFMlOP3cAAAAAAAAAAAAAAAAAAIDrhuOkeug3fr1W+OxWugQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAezccP6l+/38RRHv9ynowqZK7delrwdHlsOa27T0PEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgJfc3wEAAP//cFFPtg==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0xc4042, 0x1ff) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0xb24d547a82164f02, 0x0) sendfile(r0, r1, 0x0, 0xfffe82) 1m5.240615892s ago: executing program 3 (id=285): syz_usb_connect$cdc_ncm(0x0, 0x0, 0x0, &(0x7f0000000580)={0x0, 0x0, 0x19, &(0x7f0000000080)={0x5, 0xf, 0x19, 0x1, [@ss_container_id={0x14, 0x10, 0x4, 0x76, "4356904e0fcc1c823edc379ecfa5c199"}]}}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r0, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@textreal={0x8, 0x0}], 0x1, 0x42, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1m4.826264282s ago: executing program 35 (id=285): syz_usb_connect$cdc_ncm(0x0, 0x0, 0x0, &(0x7f0000000580)={0x0, 0x0, 0x19, &(0x7f0000000080)={0x5, 0xf, 0x19, 0x1, [@ss_container_id={0x14, 0x10, 0x4, 0x76, "4356904e0fcc1c823edc379ecfa5c199"}]}}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r0, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@textreal={0x8, 0x0}], 0x1, 0x42, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 16.294170131s ago: executing program 6 (id=499): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x10b200, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, 0x0}], 0x1, 0x74, 0x0, 0x0) io_setup(0x5, &(0x7f0000000e80)=0x0) openat$random(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) io_submit(r3, 0x0, &(0x7f0000001580)) 15.535184631s ago: executing program 6 (id=504): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xc, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3}, [@printk={@u, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x7}, {0x85, 0x0, 0x0, 0xa0}}, @call={0x85, 0x0, 0x0, 0xf}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) 15.036537483s ago: executing program 6 (id=506): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$DRM_IOCTL_MODE_ADDFB2(0xffffffffffffffff, 0xc06864b8, &(0x7f00000001c0)={0x0, 0xb0, 0x3ff, 0x34325241, 0x0, [], [0x2b8, 0x200000], [0x0, 0x9, 0x0, 0x8003]}) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000024000/0x18000)=nil, &(0x7f0000000680)=[@text16={0x10, &(0x7f0000000280)="66b9800000c00f326635010000000f3064660f38828e4258660f086766c744240012e93bf96766c7442402010000006766c744240600000000670f011c2466b9800000c00f326635002000000f300f01df66b80500000066b900200000a90a000f01c40f019f09000f01c2", 0x6b}], 0x1, 0x7d, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = syz_open_dev$swradio(&(0x7f00000046c0), 0x1, 0x2) ioctl$VIDIOC_S_FREQUENCY(r3, 0x402c5639, &(0x7f00000000c0)={0x0, 0x4}) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000040)={{0x1, 0x1, 0x18, r3}, './file0\x00'}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000300)={[0x7, 0x800, 0x100, 0x0, 0x5700000000000000, 0x401, 0x6, 0xfffffffffffffff7, 0x0, 0x13f, 0x100000001, 0xba25, 0xfff, 0x3, 0xfffffffffffffe00, 0x4], 0xeeef0000, 0x1c0080}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14.659769133s ago: executing program 6 (id=507): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0) pivot_root(&(0x7f00000000c0)='./file0/../file0/../file0/../file0\x00', 0x0) 14.068392674s ago: executing program 6 (id=512): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000180)={0xffffff, 0x100000}, 0x10) write(r1, &(0x7f0000000000), 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) syz_emit_ethernet(0x0, 0x0, 0x0) dup(r0) socket$nl_route(0x10, 0x3, 0x0) socket$nl_sock_diag(0x10, 0x3, 0x4) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xf, &(0x7f0000000180)=0x80000004, 0x4) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) syz_emit_ethernet(0x3a, 0x0, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setxattr$incfs_metadata(&(0x7f0000000800)='./cgroup\x00', &(0x7f0000000840), &(0x7f0000000880)="22cff5", 0x3, 0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$inet6(0x10, 0x80000, 0x3) getsockopt$bt_hci(r2, 0x0, 0x2, &(0x7f00000001c0)=""/22, 0x0) sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) syz_usb_connect(0x0, 0x0, 0x0, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8b29, &(0x7f0000000040)={'wlan1\x00'}) r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_PORT_GET(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x38, r5, 0x1, 0x0, 0x0, {0x54}, [{{@pci={{0x8}, {0x11}}, {0x8}}}]}, 0x38}}, 0x0) 13.448516021s ago: executing program 6 (id=516): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xc, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3}, [@printk={@u, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x7}, {0x85, 0x0, 0x0, 0xa0}}, @call={0x85, 0x0, 0x0, 0xf}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) 12.429703026s ago: executing program 36 (id=516): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xc, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3}, [@printk={@u, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x7}, {0x85, 0x0, 0x0, 0xa0}}, @call={0x85, 0x0, 0x0, 0xf}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) 5.432617376s ago: executing program 0 (id=550): r0 = mq_open(&(0x7f000084dff0)='z\xbf\x17', 0x6e93ebbbcc0884f2, 0x0, 0x0) r1 = syz_io_uring_setup(0x239, &(0x7f0000000200)={0x0, 0xcd0c, 0x10100}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x14, 0x0, @fd_index=0x3}) io_uring_enter(r1, 0x2def, 0x0, 0x0, 0x0, 0x0) unshare(0x6a040000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0xc3490000) mq_timedsend(r0, 0x0, 0x0, 0x0, 0x0) 5.364638596s ago: executing program 7 (id=551): socket(0xa, 0x3, 0x3a) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000100)={0x5}, 0x8) ioctl$VIDIOC_EXPBUF(0xffffffffffffffff, 0xc0405610, &(0x7f0000000340)={0xc, 0xb21, 0x1ff, 0x80080}) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000200)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cast5-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000001280)="b7f2288a911993f0", 0x8) r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000280), 0x40000, 0x0) ioctl$RTC_ALM_SET(r3, 0x40247007, &(0x7f00000002c0)={0x14, 0x10, 0x3, 0xb, 0x4, 0x2, 0x3, 0x84, 0x1}) accept$alg(r2, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) write$6lowpan_enable(0xffffffffffffffff, 0x0, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$inet6_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f0000000080)='cdg\x00', 0x4) bind$inet6(r4, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c) connect$inet6(r4, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c) sendmmsg$inet6(r4, &(0x7f0000000e40)=[{{0x0, 0x0, &(0x7f0000002c40)=[{&(0x7f00000002c0)=';', 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000380)="12", 0x1}], 0x1}}], 0x2, 0x10) r5 = syz_mount_image$fuse(&(0x7f0000000140), &(0x7f0000000180)='./file0\x00', 0x84008, &(0x7f00000003c0)={{}, 0x2c, {'rootmode', 0x3d, 0xa000}, 0x2c, {'user_id', 0x3d, 0xee00}, 0x2c, {'group_id', 0x3d, 0xee00}, 0x2c, {[{@blksize={'blksize', 0x3d, 0x400}}, {@max_read={'max_read', 0x3d, 0xe6f9}}, {@blksize={'blksize', 0x3d, 0xe00}}, {@max_read={'max_read', 0x3d, 0x6}}, {@max_read={'max_read', 0x3d, 0x8}}], [{@dont_measure}, {@appraise_type}, {@subj_user={'subj_user', 0x3d, '*#('}}, {@rootcontext={'rootcontext', 0x3d, 'sysadm_u'}}, {@mask={'mask', 0x3d, 'MAY_EXEC'}}, {@fsmagic={'fsmagic', 0x3d, 0x2}}, {@smackfshat={'smackfshat', 0x3d, '\x00'}}, {@fowner_eq}, {@smackfshat={'smackfshat', 0x3d, '\x00'}}]}}, 0x1, 0x0, &(0x7f0000000580)="0903c87329ad4d3d3cad91621a8de377ccb3a739e80f22fedb60ad6033bfecf765e23f306615354dbe033011b8388f6ffd79c8ea2b159cd306d1ac2db026b5b194ef9dc4a1fe0117883c50f779e999c4945b1cc942c90d9218bf579fd8c2c67d20d00bcb59a3c2ff6cac321b1c1982f187e943a41498bf8fd870e0cb049708fb4e4165688494955c6ab462bf6a42e59a000cc91fbc3e03d387ef88cb3400305686f88acc20361c7b7853ad8b4ba6f610669d1b99949009fceda8bf8fad0366010e2532871108f1968dfa9bf66e08ee507c7dbaa64962d7b5e059f68cf8e4f9f8ab1b6d8479b4") mknodat(r5, &(0x7f00000001c0)='./file0\x00', 0xc000, 0x4) syz_usb_disconnect(0xffffffffffffffff) setsockopt$inet6_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f00000000c0)='westwood\x00', 0x9) r6 = socket(0x10, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r6, 0x89f1, &(0x7f0000000040)={'ip6_vti0\x00', &(0x7f0000000080)={'syztnl1\x00', 0x0, 0x29, 0x8, 0xc, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x2a}, @loopback={0x0, 0x460c6}, 0x8, 0x7, 0x1}}) 3.893943204s ago: executing program 8 (id=559): r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) close(r0) signalfd(0xffffffffffffffff, &(0x7f00000001c0)={[0x226e88d4]}, 0x8) r1 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) close(r1) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) openat$random(0xffffffffffffff9c, 0x0, 0x800, 0x0) sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x11, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0) openat$sw_sync_info(0xffffffffffffff9c, &(0x7f00000004c0), 0x1, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 2.798100142s ago: executing program 7 (id=562): add_key$user(0x0, 0x0, 0x0, 0x0, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) sendmsg$MPTCP_PM_CMD_ADD_ADDR(0xffffffffffffffff, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) r0 = socket$netlink(0x10, 0x3, 0x9) bind$netlink(r0, 0x0, 0x0) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, 0x0, 0x0) mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) mremap(&(0x7f0000000000/0x9000)=nil, 0x600600, 0x200000, 0x3, &(0x7f0000a00000/0x600000)=nil) 2.399357133s ago: executing program 0 (id=563): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x11) ioctl$UI_DEV_SETUP(r0, 0x405c5503, 0x0) ioctl$UI_DEV_CREATE(r0, 0x5501) write$input_event(r0, &(0x7f0000000200)={{0x77359400}, 0x11, 0xae, 0x7fffffff}, 0xffffffe7) 2.064636396s ago: executing program 0 (id=564): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c) setsockopt$SO_BINDTODEVICE_wg(r0, 0x1, 0x19, &(0x7f0000000080)='wg2\x00', 0x4) sendmmsg(r0, &(0x7f0000002b40)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f00000003c0)="ebbbc61ded6c6a64b5aceec4322279ff42b8afce454d240618892c5f746ba36e1b69b4e34ed01d6ddc73af17cf237ae5b92e24415bf0d3d23fe735fd44b819eb51014a3c3b7f5f26d5e44749888e54b518a909fc7ccb5d3ec5440c07c8048ee49a8530ca96d0f68cc1260c3a706a9f06c2ed502b20a8ed6b997fa15392054493dfbfe178881b35d8a003ec02cbdf060cc7d5d9d9373cd36ec313d07fa967cfd194ec1284b51b91af16c907ac67310aef110491ad073b6b5b977e145694ad073b6faef79279224a486d2dcd7f55d28def3fca0ab27763f835e10caf52d6a9645e75a195e848905b77bbd4ac8a9f3339c53997937d815d6571172b7f6bf813eb9e02267f04bfe08ce60900de11f38685193e38e5e3f03c6b78fe8469c3a35fd4d51745b089115931739ef1ee0fb869cabf25a6620a9a3956e89bc155326a612056481e00a475189dabd622cd09f10c122dd9d5f4a193838245778b893570ea5f08700c5feecdc8a979d5fd1413045a5aec8ec9858968fbd3d6d09bbd36507b92a8cb6a92d650396c44850a0241c2117828cf98386f4f634f4c08f06289a25827e178798445ef8df8bcec2de152d7930c6759e2539d4c98abfd1d23b1eb213fadea8e79c946a019128c92a12ff6268f7d7e5353b13151ec200238b90bb2521de66d94fec336f8147550d579f4f81d7ede3441cfbb149889fd557421cccc14bd6b00a9b19ea156c03fbf670406e5fb516bedd09df641d7682659b9dac391be8818ac2bcca62d3e4b3ab3d3fdc938017afcbc9e6ce471e0ceb88e9f6105efc79ec717c02edf3d7ae8fa31543f7709c12e5d972ad590d0b052d44cdbb893938bf8b6fee99ff2e10efee738f16550bb57e9e9a2c120dba43bf1cfc102015c897ea7c8765542add4598568af4a7fb38d5aca614cd7f0abedc6240bab2bbb0747fadcfdca2a1ad473eeae8925315039ea17f60e408a817501114dccbd01f835a9576677a7ed8aacea6e43256d24295d2156c0466fd8dfa5eaee8d84ac0b34f4c1fb6a235d3d35cc3a4c86c5c00625bbd7925929ad436ed8fa72cc823963a5f89e5fed4f72215453702f2939131f7bce34fe1fad7d053a5ea5dcc21bd63e7c5a9a92028dda9cc7306f6421b09486865a18644b775877367e1e9036801bbf824fa0e165d8715d33542c023c4674624beba523016400ae53ab619be059125dd3aa701cadcd5fbda9d950b13c38de4dbaca871a1111f436cf83e21e7976e5bd5b29f31b2cbe00e772a9ecfd6d656db3f01014f24967ee1cb84d470db06e0471a0b21dee7b20aa6ad895210663d0e1cdf9c4f8530d0ad69f1ebb68f671f300b1bb86a9d577ff7e4cea6f43cabbc6a1bb160c3903b2520571721315e54219f508e160ad9de86912d96bb5f5235ad10ab60e75b7d27493f3f576a51b9e9cd3cdb068ae5d30ba3aa226c8b4c8886b896f6745f8cf316b54a85575f2a008db275636d067f074ab093bf6ce80febeef4fae786d72812a1080e02e4ef8815c8524e84d9239ac354bb90c573a6c773206875595b47b6d1ec09a1a401848edb6ff91ba962f18ff628e010db14df50221daa0c11663b9a6c1879a9dfdb4ebb1b8d795f1b8104c880f32be3dc1ddfcc12e582c49e387932b6e17e95d6dcce489bbb6fb04ceb9e0d8b3b960281dfcf5c83007e1c244e9a9744b4b124a7ffba84573dbb0ab9a618c50f10a0bf47691ffc966deaae5660176de93be1ac09f278eab34997cc9a3189f8ae1cc28a7481e466d9b4ef26375bb6eba77ff34400385587c192f06fcc5be567094d03ebd0dcae994ca27c2041eea53c6543efac5239cc9c51554298a679cef4f36a9134233015f61e42d484c8094f2bdb1ba1be21b9bb86f8c439b5ae26d2e6eeb4d6dbe16fb88450822452a0e096acb055ff9fc7a2f35df43b43febfb8d52da5a6d33bb6f94897817ef13b1356563161f0f0b06480ff3d2c53db1de3e71fd4ba94e6236642d2450d3686c1c781228b0d4878b357440fb8df8ae74eccc3327759146894691c1f8e6c6012a5e4fb95e04d918b90f7bc85d91a88a193e96ef59c62119abd0f4594b5a81abb9fd6665e9a66203ff42c3f9741d43dcc4674090f5920a52bf023348148c1899062fbab32d92d449bb445f9566541d0953630428d95d3597a99f1898a65fdfe911d4f58ab6a97d9fa6dddbc832e006be2873c0a493283e54bd47af93df9380dcf6e4a174d6f30288ae84b4461745a3fd23502ee04290a61acdf54dd191dcca5d4d5269582401e27e406335bb1627e1dceff693bd669a853f0120c42ef7bd4acc23a631f35d8446af168830613592533e464a829c55d7c2294b02d5c80eb2c114eb294cb0f2275b2a2f91845daf81d5f751baafb1bf5efc8d93e26fe0b72e937f0409a047a145352b61ca5fd9afafe558bbc18d67b9c193db266a5c71cb7f6b484b30a14f951b4ebcb6a885e00a0332179d720eb2eef8d92040c020c0baa3767025a8eed4bb63aaf4af2cce17d2cf43149ed4e89b8ce14c3471d840555d965bffcb984cad9c25a948e2299bc0dd1a3a8f95ab3681dba8b489931d6fdb9298bfb0a38f74378227e758145c6e3d3f142dfda59afd40ffb8c02a30f6a2fbb3b2949661980c9d9ab98fdb5ad07aa64dab0bd0591210bfc8b9d1203b4d2d1e4fe04fa3e10de1e783bbd8800425bc8df40d1273578b432043932d59f1498990c219c09b8bc6de755a0692dd0b679e8d379af55d6fce967b1fdd75c9e8468c0da2b8a31b225fc3197dc5bef5890d12a4bffae2d26bff96f221fcb268e6d05ee951c69ef909f126f17ed8d09fe26e7a504390bc1d2789a19f9b3e6ab1f31bd6a930de6c9e3316853663c27f6455b5011b4db251ea5cf2db15494caa343b40eec7fd98d16e73ee8e479f66fa0544eca19ee60520753e6287a674be3e5419d782e61a5fc5f48dfc111f273dabb4cc5716e4f9d5758317e41f6ac98d79a75b48a483ca58ad332d5f4d2ad2d3017b6f8f8c084fd1bce7f965c0e6fbd051387a726821052c951ca44f9dc769465878fe161660ff559f7717a1b27510c20f96c7b4b99c2175ea0958f8ff1914451cdcdda68fa1d56617e3ecb9a62005002160d358382f6a01f842afd926bb7c015bb62c1d01a33483949212b51c29b30304c0154e3c0a620ac706799cf2f37767abc9f01632947ba505e4438c8e7cc941021ca2b737890205a5a846733a93c6f76999437878852a06d5bd58e2c844955f501347c595b84ae13256f4fc397c5b7e770bfe9b199d76e3f08d2f0155470833412070a15e6c1e524e6ca5e0b11dc1c27bf5fd9eb78dea4d7663669baeff18005dec75ec17d1876f459b2b06b8dacd748128d4295f77530d6d4c0816fada0b1e087254b0e5e99fabd1888046135d0ba41934611633463b40bc2bc8dad0786f1ed0eb956df1a8f9be0643068cd8349cf71b24f236f1f8b04e738fa35539fed1d46f4cd27fa2435369fc787cf95641da94db7b304eff85db75d25155bf98ef744e229704593c5184832776a0f39ca0e58c8309e5d2dc3017747d1e92bcbd3587a4c19d127aa6f5ad3c4090ab2101e8825b1f0e8340456e24f7621576ddee5a703cc051dfd0851a3ecd21f71c1bfc45095454d920596a55b32cb49d558aef5b780de75edc5d846b6415dcfa7f56f2d420d9d2238febf1a2fddb6f75f6467f4c5c2b746e10d347e86b56eba979ebd211c29765b3a176086583d95aa28d071b022777a8bc69c3f15d0f247be03a965e9a4006244c5ff54eccefc02110ea07ec881b4af9320ce4fc4ea501344a27d9f9f7b61bd29c42ac52eb7e6e421d2726f6a2c2159f766c97b9bc515e82a0eff17f0bd2d250dfdc5f88f2151051f6de3cdf51122ccd56ee996f04b2709276a1f3860236ccc721ae1aba3ca723fb3e175268ac62f4234bbd9f6efda6017ed51792d6d17ba3809e43a21b7c5cc41f2d4a514207e9a3bcf267bb70af", 0xb02}], 0x1}}], 0x1, 0x44010) connect$inet6(r0, 0x0, 0x0) 1.998145609s ago: executing program 8 (id=565): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000000)=0x7, 0x4) r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000040)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x42, &(0x7f0000000040)=0xf2b, 0x4) getsockopt$inet6_buf(r0, 0x29, 0x6, &(0x7f00000000c0)=""/25, &(0x7f0000000080)=0x17) 1.987558662s ago: executing program 5 (id=566): munmap(&(0x7f0000bff000/0x400000)=nil, 0x400000) brk(0x200000ffa000) 1.832598909s ago: executing program 0 (id=567): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000c00), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)={0x20, r2, 0x1, 0x4, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_SCAN_FREQUENCIES={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x10}, 0x40000) 1.805265546s ago: executing program 5 (id=568): bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x50) removexattr(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)=@random={'user.', '\\\x10[]+\\\x00'}) mkdir(&(0x7f0000000000)='./cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000000)=[@text64={0x40, 0x0}], 0x1, 0x1, 0x0, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 1.802816523s ago: executing program 8 (id=569): r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) close(r0) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r2, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id='], 0x0, 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000c85000)={0x8000200d}) epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, &(0x7f0000000180)={0x40002000}) epoll_pwait(r1, &(0x7f0000000240)=[{}], 0x1, 0x2, 0x0, 0x0) 1.707813605s ago: executing program 0 (id=570): socket(0x10, 0x803, 0x0) mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x1) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f0000006300)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0x10408}}, 0x50) syz_fuse_handle_req(r0, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x80101, 0x0) dup2(r2, r0) r3 = syz_io_uring_setup(0x497, &(0x7f0000000300)={0x0, 0x7079, 0x1000, 0x14, 0x28b}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) io_uring_enter(r3, 0x3af6, 0xbebb, 0x0, 0x0, 0xfffffea9) 1.512506735s ago: executing program 8 (id=571): socket$kcm(0x10, 0x400000002, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4138ae84, &(0x7f0000000240)=@x86={0x0, 0x2, 0x84, 0x0, 0x1, 0x5, 0x3, 0x4, 0x80, 0x10, 0x3, 0xbe, 0x0, 0x7f, 0x4, 0xf0, 0xd5, 0x8, 0x6, '\x00', 0xc, 0x21}) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000e40)={0x2, 0x0, @ioapic={0x1000, 0xffffffff, 0x40, 0x4, 0x0, [{0x1, 0x85, 0x8, '\x00', 0x6}, {0xb, 0x0, 0x0, '\x00', 0xa}, {0x6c, 0x8, 0x6, '\x00', 0xff}, {0xf2, 0x8, 0x10, '\x00', 0x9}, {0x9, 0x1, 0x3, '\x00', 0xb}, {0x2, 0xff, 0x9, '\x00', 0x1}, {0xf0, 0x3, 0xf7, '\x00', 0xf3}, {0x0, 0xa, 0x40, '\x00', 0x3}, {0x80, 0x74, 0x3, '\x00', 0xd}, {0xe7, 0xfe, 0xfe, '\x00', 0xf}, {0xbe, 0x1, 0x4, '\x00', 0x2}, {0x8, 0x5, 0xf, '\x00', 0x7f}, {0xa6, 0x0, 0xd, '\x00', 0x18}, {0x15, 0x8, 0x0, '\x00', 0x6}, {0x4, 0x4d, 0x9, '\x00', 0x1}, {0x9, 0xa, 0x9, '\x00', 0x2}, {0x5, 0x8, 0x81, '\x00', 0x3}, {0x7, 0x7, 0x90, '\x00', 0xfe}, {0xfd, 0x0, 0x5, '\x00', 0x7f}, {0xfd, 0x3, 0xe2, '\x00', 0x2}, {0x0, 0x2, 0x7, '\x00', 0x6}, {0x0, 0xfe, 0xfd, '\x00', 0x9}, {0xe, 0x11, 0x2, '\x00', 0xfd}, {0xd, 0x9, 0x8e, '\x00', 0x8}]}}) 1.457645973s ago: executing program 5 (id=572): r0 = socket$inet6_sctp(0xa, 0x801, 0x84) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r2 = dup(r1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r2, 0x2000) getsockopt$bt_hci(r0, 0x84, 0x9, 0x0, &(0x7f0000000000)) 1.351170563s ago: executing program 7 (id=573): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, 0x0, 0x2) sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x4c, 0x9, 0x6, 0x801, 0x0, 0x0, {0x5}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x24, 0x7, 0x0, 0x1, [@IPSET_ATTR_PROTO={0x5, 0x7, 0xff}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @private=0xa010101}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}]}]}, 0x4c}, 0x1, 0x0, 0x0, 0x10004893}, 0x80) 1.294907765s ago: executing program 0 (id=574): r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) close(r0) signalfd(0xffffffffffffffff, &(0x7f00000001c0)={[0x226e88d4]}, 0x8) r1 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) close(r1) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) openat$random(0xffffffffffffff9c, 0x0, 0x800, 0x0) sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x11, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0) openat$sw_sync_info(0xffffffffffffff9c, &(0x7f00000004c0), 0x1, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 1.233296279s ago: executing program 8 (id=575): socket(0x10, 0x803, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) socket(0x400000000010, 0x3, 0x0) io_uring_setup(0x194e, &(0x7f0000000a80)={0x0, 0xd3d5, 0x80, 0x5, 0x2b0}) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000280)) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000080)=0x200000000) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000040)=0x1) r1 = dup2(r0, r0) signalfd4(0xffffffffffffffff, &(0x7f0000000140), 0x8, 0x0) syz_io_uring_setup(0x39, &(0x7f0000000580)={0x0, 0xe7b7, 0x13500}, 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) read$FUSE(r1, &(0x7f0000002b40)={0x2020}, 0x2020) 1.164656167s ago: executing program 5 (id=576): ioctl$vim2m_VIDIOC_ENUM_FMT(0xffffffffffffffff, 0xc0405602, &(0x7f0000000000)={0x26, 0x1, 0x0, "3a8e00000034b52ba75066c27891ca55e21f0000000000b2b678d200", 0x32344d59}) 1.015328892s ago: executing program 5 (id=577): munmap(&(0x7f0000bff000/0x400000)=nil, 0x400000) brk(0x200000ffa000) 1.00520718s ago: executing program 7 (id=578): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000000)=0x7, 0x4) r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000040)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x42, &(0x7f0000000040)=0xf2b, 0x4) getsockopt$inet6_buf(r0, 0x29, 0x6, &(0x7f00000000c0)=""/25, &(0x7f0000000080)=0x17) 796.829477ms ago: executing program 5 (id=579): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-serpent-sse2\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r1 = accept4(r0, 0x0, 0x0, 0x0) r2 = syz_io_uring_setup(0x9e, &(0x7f0000000640)={0x0, 0x5867, 0x10, 0xfffffffc, 0x24d}, &(0x7f00000006c0)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f00000002c0)=0xfffffffc, 0x0, 0x4) sendmsg$NL80211_CMD_SET_WDS_PEER(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000500)=ANY=[], 0x38}, 0x1, 0x0, 0x0, 0x10}, 0x2404c000) syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4007, @fd_index=0x4, 0x0, &(0x7f0000000100)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1}) io_uring_enter(r2, 0x100847c0, 0x0, 0x1, 0x0, 0x0) 468.613607ms ago: executing program 7 (id=580): r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, 0x0) ioctl$SOUND_PCM_READ_CHANNELS(r0, 0x80045006, 0x0) 124.384811ms ago: executing program 8 (id=581): bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x50) removexattr(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)=@random={'user.', '\\\x10[]+\\\x00'}) mkdir(&(0x7f0000000000)='./cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000000)=[@text64={0x40, 0x0}], 0x1, 0x1, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 0s ago: executing program 7 (id=582): r0 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='dctcp-reno\x00', 0xb) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f0000009340)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4008004) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000000)={&(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000a5f000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000000000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0}, 0x68) ptrace(0x10, 0x1) r2 = socket(0x840000000002, 0x3, 0xff) connect$inet(r2, &(0x7f0000000280)={0x2, 0x4e21, @remote}, 0x10) sendmmsg$inet(r2, &(0x7f0000005240)=[{{0x0, 0xfffffdef, 0x0, 0x0, 0x0, 0x0, 0x10}, 0xfffffdef}], 0x4000095, 0x401eb94) r3 = dup(r1) socket$inet6(0xa, 0x5, 0xffff) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000007, 0x38011, r3, 0x2c9ab000) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x2, 0x4, 0x6, 0x504}, 0x48) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000200), 0xa7c, r4}, 0x38) r5 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0xc0686611, &(0x7f0000000180)={0x68, 0x0, 0x17, 0x2000, &(0x7f0000ffd000/0x2000)=nil}) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000003c0)) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x15) fadvise64(r6, 0x18, 0x0, 0x4) kernel console output (not intermixed with test programs): exists in 'hsr' [ 90.838810][ T5857] Cannot create hsr debugfs directory [ 90.853200][ T5844] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.860421][ T5844] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.891095][ T5844] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.918790][ T5859] team0: Port device team_slave_0 added [ 90.952733][ T5853] hsr_slave_0: entered promiscuous mode [ 90.959488][ T5853] hsr_slave_1: entered promiscuous mode [ 90.966133][ T5853] debugfs: 'hsr0' already exists in 'hsr' [ 90.971877][ T5853] Cannot create hsr debugfs directory [ 91.001426][ T5859] team0: Port device team_slave_1 added [ 91.132855][ T5859] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.140385][ T5859] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.167328][ T5859] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.231567][ T5859] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.238594][ T5859] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 91.265503][ T5859] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.295115][ T5844] hsr_slave_0: entered promiscuous mode [ 91.301592][ T5844] hsr_slave_1: entered promiscuous mode [ 91.308308][ T5844] debugfs: 'hsr0' already exists in 'hsr' [ 91.314054][ T5844] Cannot create hsr debugfs directory [ 91.615225][ T5859] hsr_slave_0: entered promiscuous mode [ 91.621716][ T5859] hsr_slave_1: entered promiscuous mode [ 91.628203][ T5859] debugfs: 'hsr0' already exists in 'hsr' [ 91.634039][ T5859] Cannot create hsr debugfs directory [ 91.827819][ T5845] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 91.878079][ T5845] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 91.888442][ T9] cfg80211: failed to load regulatory.db [ 91.892713][ T5845] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 91.908401][ T5845] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 92.020185][ T5857] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 92.033936][ T5857] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 92.076834][ T5857] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 92.090377][ T5857] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 92.184117][ T5853] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 92.198732][ T5853] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 92.205674][ T5167] Bluetooth: hci0: command tx timeout [ 92.217088][ T5853] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 92.249232][ T5853] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 92.286312][ T5850] Bluetooth: hci1: command tx timeout [ 92.291942][ T5167] Bluetooth: hci2: command tx timeout [ 92.345926][ T5844] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 92.360031][ T5844] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 92.367879][ T5167] Bluetooth: hci3: command tx timeout [ 92.382369][ T5844] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 92.393997][ T5844] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 92.444824][ T5167] Bluetooth: hci4: command tx timeout [ 92.511225][ T5845] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.534317][ T5859] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 92.545757][ T5859] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 92.558678][ T5859] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 92.590465][ T5859] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 92.642768][ T5845] 8021q: adding VLAN 0 to HW filter on device team0 [ 92.678336][ T5857] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.702663][ T3535] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.710210][ T3535] bridge0: port 1(bridge_slave_0) entered forwarding state [ 92.769334][ T5857] 8021q: adding VLAN 0 to HW filter on device team0 [ 92.778692][ T3535] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.785903][ T3535] bridge0: port 2(bridge_slave_1) entered forwarding state [ 92.828232][ T3535] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.835446][ T3535] bridge0: port 1(bridge_slave_0) entered forwarding state [ 92.876072][ T3535] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.883241][ T3535] bridge0: port 2(bridge_slave_1) entered forwarding state [ 92.949761][ T5853] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.980042][ T5844] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.009365][ T5853] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.051260][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.058473][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.078907][ T5844] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.118026][ T3571] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.125257][ T3571] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.176627][ T3571] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.183838][ T3571] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.216916][ T3571] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.224164][ T3571] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.319864][ T5859] 8021q: adding VLAN 0 to HW filter on device bond0 [ 93.512080][ T5859] 8021q: adding VLAN 0 to HW filter on device team0 [ 93.556321][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.563525][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.598016][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.605220][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.652700][ T5845] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 93.705723][ T5857] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 93.988052][ T5857] veth0_vlan: entered promiscuous mode [ 94.083631][ T5844] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.121995][ T5853] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.134525][ T5857] veth1_vlan: entered promiscuous mode [ 94.285777][ T5167] Bluetooth: hci0: command tx timeout [ 94.330165][ T5857] veth0_macvtap: entered promiscuous mode [ 94.362136][ T5844] veth0_vlan: entered promiscuous mode [ 94.378440][ T5167] Bluetooth: hci2: command tx timeout [ 94.382098][ T5853] veth0_vlan: entered promiscuous mode [ 94.383899][ T5167] Bluetooth: hci1: command tx timeout [ 94.407519][ T5857] veth1_macvtap: entered promiscuous mode [ 94.437783][ T5844] veth1_vlan: entered promiscuous mode [ 94.444890][ T5167] Bluetooth: hci3: command tx timeout [ 94.459135][ T5853] veth1_vlan: entered promiscuous mode [ 94.512195][ T5859] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 94.525797][ T5167] Bluetooth: hci4: command tx timeout [ 94.547711][ T5845] veth0_vlan: entered promiscuous mode [ 94.558236][ T5857] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 94.573743][ T5853] veth0_macvtap: entered promiscuous mode [ 94.590432][ T5845] veth1_vlan: entered promiscuous mode [ 94.599221][ T5857] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 94.621640][ T5844] veth0_macvtap: entered promiscuous mode [ 94.636307][ T5853] veth1_macvtap: entered promiscuous mode [ 94.669975][ T5844] veth1_macvtap: entered promiscuous mode [ 94.677237][ T49] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.690423][ T49] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.712467][ T49] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.737557][ T49] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.761198][ T5853] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 94.795664][ T5853] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 94.809278][ T5845] veth0_macvtap: entered promiscuous mode [ 94.833368][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 94.843758][ T5845] veth1_macvtap: entered promiscuous mode [ 94.875685][ T13] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.890868][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 94.902677][ T5859] veth0_vlan: entered promiscuous mode [ 94.919381][ T49] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.930197][ T49] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.975097][ T49] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 94.992498][ T5859] veth1_vlan: entered promiscuous mode [ 95.052396][ T49] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.061575][ T49] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.071468][ T49] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.113618][ T49] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.127441][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.148472][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.162546][ T3515] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.162601][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.173753][ T3515] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.235495][ T5845] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.278277][ T78] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.286746][ T78] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.289289][ T5859] veth0_macvtap: entered promiscuous mode [ 95.323998][ T78] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.324525][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.341979][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.386979][ T78] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.403317][ T78] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.442193][ T5859] veth1_macvtap: entered promiscuous mode [ 95.452597][ T5857] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 95.460933][ T3535] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.491005][ T78] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.503476][ T3535] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.668608][ T5859] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 95.693215][ T3515] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 95.710844][ T3515] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 95.748990][ T5859] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 95.822062][ T3515] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.832688][ T3515] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.851994][ T3515] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.902898][ T3515] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 95.912559][ T9] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 95.977223][ T3535] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.003379][ T3535] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.099415][ T9] usb 3-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 96.141838][ T9] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 96.147991][ T3535] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.192928][ T9] usb 3-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 96.211840][ T3535] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.268562][ T78] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.286722][ T5975] loop3: detected capacity change from 0 to 512 [ 96.304903][ T78] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.375322][ T5167] Bluetooth: hci0: command tx timeout [ 96.429875][ T5975] EXT4-fs (loop3): orphan cleanup on readonly fs [ 96.445450][ T5167] Bluetooth: hci1: command tx timeout [ 96.450928][ T5167] Bluetooth: hci2: command tx timeout [ 96.468097][ T3535] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.493544][ T3535] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.536144][ T5850] Bluetooth: hci3: command tx timeout [ 96.562211][ T9] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 96.563717][ T5975] Quota error (device loop3): find_tree_dqentry: Cycle in quota tree detected: block 2 index 0 [ 96.582893][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 96.606313][ T5850] Bluetooth: hci4: command tx timeout [ 96.622845][ T5975] Quota error (device loop3): qtree_read_dquot: Can't read quota structure for id 0 [ 96.643176][ T5975] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.7: Failed to acquire dquot type 1 [ 96.675758][ T9] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 96.720091][ T9] usb 3-1: invalid MIDI out EP 0 [ 96.745028][ T5975] EXT4-fs (loop3): 1 truncate cleaned up [ 96.767773][ T5975] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 96.928570][ T5975] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000. [ 97.029578][ T5985] syz.4.5 uses obsolete (PF_INET,SOCK_PACKET) [ 97.050078][ T9] snd-usb-audio 3-1:27.0: probe with driver snd-usb-audio failed with error -22 [ 97.071140][ T9] usb 3-1: USB disconnect, device number 2 [ 97.107129][ T5853] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 97.315328][ T5982] loop1: detected capacity change from 0 to 32768 [ 97.322902][ T5898] udevd[5898]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 97.352948][ T5982] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.2 (5982) [ 97.398411][ T5982] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 97.409234][ T5982] BTRFS info (device loop1): using crc32c (crc32c-lib) checksum algorithm [ 97.418782][ T5982] BTRFS info (device loop1): disk space caching is enabled [ 97.426252][ T5982] BTRFS warning (device loop1): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 97.657612][ T5982] BTRFS info (device loop1): rebuilding free space tree [ 97.730898][ T5982] BTRFS info (device loop1): disabling free space tree [ 97.738042][ T5982] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 97.747977][ T5982] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 97.943851][ T6010] usb usb8: usbfs: process 6010 (syz.2.12) did not claim interface 0 before use [ 98.084216][ T6003] loop4: detected capacity change from 0 to 32768 [ 98.145959][ T6009] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 98.330378][ T6003] bcachefs (loop4): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,recovery_pass_last=initialize_subvolumes,nojournal_transaction_names,noexcl,read_only [ 98.330408][ T6003] allowing incompatible features above 0.0: (unknown version) [ 98.330421][ T6003] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 98.373017][ T6003] bcachefs (loop4): Using encoding defined by superblock: utf8-12.1.0 [ 98.381656][ T6003] bcachefs (loop4): recovering from clean shutdown, journal seq 10 [ 98.390072][ T6003] bcachefs (loop4): Version upgrade required: [ 98.390072][ T6003] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 98.390072][ T6003] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.28: inode_has_case_insensitive [ 98.390072][ T6003] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,check_rebalance_work,set_fs_needs_rebalance [ 98.606083][ T6003] bcachefs (loop4): error reading btree root btree=alloc level=0: btree_node_read_error, fixing [ 98.651550][ T6003] bcachefs (loop4): check_topology... done [ 98.660336][ T6003] bcachefs (loop4): accounting_read... done [ 99.424489][ T6003] bcachefs (loop4): alloc_read... done [ 99.445122][ T6003] bcachefs (loop4): Fixed errors, running fsck a second time to verify fs is clean [ 99.459592][ T6003] bcachefs (loop4): done starting filesystem [ 99.499391][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 99.617520][ T5845] bcachefs (loop4): shutting down [ 99.770762][ T6019] netlink: 132 bytes leftover after parsing attributes in process `syz.0.13'. [ 99.881529][ T5845] bcachefs (loop4): shutdown complete [ 99.890081][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 100.045275][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 100.354831][ T5961] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 100.466180][ T9] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 100.545405][ T5961] usb 4-1: Using ep0 maxpacket: 8 [ 100.565044][ T5961] usb 4-1: config 0 has an invalid interface number: 31 but max is 0 [ 100.575049][ T5961] usb 4-1: config 0 has no interface number 0 [ 100.588881][ T5961] usb 4-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16 [ 100.600412][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 100.610460][ T5961] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 100.619882][ T5961] usb 4-1: Product: syz [ 100.619899][ T5859] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 100.624272][ T5961] usb 4-1: Manufacturer: syz [ 100.641275][ T5961] usb 4-1: SerialNumber: syz [ 100.657928][ T9] usb 3-1: config 0 has an invalid interface number: 204 but max is 0 [ 100.671880][ T9] usb 3-1: config 0 has no interface number 0 [ 100.691166][ T5961] usb 4-1: config 0 descriptor?? [ 100.708208][ T9] usb 3-1: New USB device found, idVendor=12d6, idProduct=0444, bcdDevice=29.3d [ 100.737590][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 100.756191][ T9] usb 3-1: Product: syz [ 100.765034][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 100.789238][ T9] usb 3-1: Manufacturer: syz [ 100.799181][ T9] usb 3-1: SerialNumber: syz [ 100.821437][ T9] usb 3-1: config 0 descriptor?? [ 100.839238][ T9] ems_usb 3-1:0.204 (unnamed net_device) (uninitialized): couldn't initialize controller: -22 [ 100.899031][ T9] ems_usb 3-1:0.204: probe with driver ems_usb failed with error -22 [ 100.945021][ T5961] usb 4-1: Found UVC 0.04 device syz (046d:08c3) [ 100.976204][ T5961] usb 4-1: No valid video chain found. [ 101.175191][ T5961] usb 4-1: USB disconnect, device number 2 [ 101.233508][ T5913] usb 3-1: USB disconnect, device number 3 [ 101.245055][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 101.805424][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 102.035129][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 102.134964][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 102.255998][ T6047] IPVS: length: 4096 != 8 [ 102.285462][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 103.453900][ T6067] team_slave_0: entered promiscuous mode [ 103.460727][ T6067] team_slave_1: entered promiscuous mode [ 103.729915][ T6069] loop0: detected capacity change from 0 to 40427 [ 103.747167][ T6067] macsec1: entered promiscuous mode [ 103.752439][ T6067] team0: entered promiscuous mode [ 103.813606][ T6067] macsec1: entered allmulticast mode [ 103.815751][ T6069] F2FS-fs (loop0): invalid crc value [ 103.823140][ T6067] team0: entered allmulticast mode [ 103.928128][ T6071] loop2: detected capacity change from 0 to 256 [ 103.951185][ T6069] F2FS-fs (loop0): Start checkpoint disabled! [ 103.975645][ T6069] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 104.004735][ T6067] team_slave_0: entered allmulticast mode [ 104.010536][ T6067] team_slave_1: entered allmulticast mode [ 104.071185][ T6071] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xf6dff195, utbl_chksum : 0xe619d30d) [ 104.129256][ T6067] team0: Device macsec1 is already an upper device of the team interface [ 104.186097][ T6071] ======================================================= [ 104.186097][ T6071] WARNING: The mand mount option has been deprecated and [ 104.186097][ T6071] and is ignored by this kernel. Remove the mand [ 104.186097][ T6071] option from the mount to silence this warning. [ 104.186097][ T6071] ======================================================= [ 104.280927][ T6067] team0: left allmulticast mode [ 104.349904][ T6067] team_slave_0: left allmulticast mode [ 104.371738][ T6067] team_slave_1: left allmulticast mode [ 104.394904][ T6067] team0: left promiscuous mode [ 104.484957][ T6067] team_slave_0: left promiscuous mode [ 104.490459][ T6067] team_slave_1: left promiscuous mode [ 104.960309][ T6078] IPv6: sit1: Disabled Multicast RS [ 105.468992][ T3515] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 105.872731][ T3515] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 106.035630][ T5961] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 106.079119][ T3515] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 106.207307][ T5961] usb 1-1: Using ep0 maxpacket: 16 [ 106.957555][ T5961] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 107.096954][ T3515] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 107.120188][ T5961] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 107.167516][ T5961] usb 1-1: New USB device found, idVendor=1044, idProduct=7a4d, bcdDevice= 0.00 [ 107.201825][ T5961] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 107.379426][ T5961] usb 1-1: config 0 descriptor?? [ 107.502494][ T5961] usbhid 1-1:0.0: can't add hid device: -22 [ 107.574413][ T5961] usbhid 1-1:0.0: probe with driver usbhid failed with error -22 [ 107.575787][ T6093] netlink: 8 bytes leftover after parsing attributes in process `syz.3.40'. [ 107.616987][ T6093] netlink: 'syz.3.40': attribute type 5 has an invalid length. [ 107.660025][ T6093] netlink: 28 bytes leftover after parsing attributes in process `syz.3.40'. [ 107.835171][ T6093] geneve2: entered promiscuous mode [ 107.858756][ T6093] geneve2: entered allmulticast mode [ 108.197099][ T3571] netdevsim netdevsim3 netdevsim0: set [1, 1] type 2 family 0 port 256 - 0 [ 108.213596][ T3571] netdevsim netdevsim3 netdevsim1: set [1, 1] type 2 family 0 port 256 - 0 [ 108.366233][ T3571] netdevsim netdevsim3 netdevsim2: set [1, 1] type 2 family 0 port 256 - 0 [ 108.413692][ T3571] netdevsim netdevsim3 netdevsim3: set [1, 1] type 2 family 0 port 256 - 0 [ 108.466463][ T3515] bridge_slave_1: left allmulticast mode [ 108.491058][ T3515] bridge_slave_1: left promiscuous mode [ 108.525734][ T3515] bridge0: port 2(bridge_slave_1) entered disabled state [ 108.596470][ T3515] bridge_slave_0: left allmulticast mode [ 108.602365][ T3515] bridge_slave_0: left promiscuous mode [ 108.617090][ T3515] bridge0: port 1(bridge_slave_0) entered disabled state [ 109.197012][ T6106] loop3: detected capacity change from 0 to 40427 [ 109.253055][ T6106] F2FS-fs (loop3): invalid crc value [ 109.355178][ T6106] F2FS-fs (loop3): Start checkpoint disabled! [ 109.392503][ T6106] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 109.449807][ T5167] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 109.465267][ T5167] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 109.473501][ T5167] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 109.484773][ T5167] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 109.492898][ T5167] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 110.084139][ T5913] usb 1-1: USB disconnect, device number 2 [ 111.039205][ T6135] loop0: detected capacity change from 0 to 32768 [ 111.664827][ T5850] Bluetooth: hci3: command tx timeout [ 111.696006][ T6135] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nocow [ 111.696032][ T6135] allowing incompatible features above 0.0: (unknown version) [ 111.696046][ T6135] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 111.719853][ T6146] loop3: detected capacity change from 0 to 40427 [ 111.735317][ T6135] bcachefs (loop0): Using encoding defined by superblock: utf8-12.1.0 [ 111.750277][ T6135] bcachefs (loop0): initializing new filesystem [ 111.766220][ T6146] F2FS-fs (loop3): invalid crc value [ 111.770611][ T6135] bcachefs (loop0): going read-write [ 111.857091][ T6135] bcachefs (loop0): marking superblocks [ 111.880843][ T6135] bcachefs (loop0): initializing freespace [ 111.890734][ T6135] bcachefs (loop0): done initializing freespace [ 111.900513][ T6135] bcachefs (loop0): reading snapshots table [ 111.906705][ T6135] bcachefs (loop0): reading snapshots done [ 111.946166][ T6146] F2FS-fs (loop3): Start checkpoint disabled! [ 111.981084][ T6135] bcachefs (loop0): loop0: Superblock write was silently dropped! (seq 0 expected 42) [ 111.993025][ T6135] bcachefs (loop0): done starting filesystem [ 112.028007][ T6146] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 112.105511][ T3515] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 112.117046][ T6135] syz.0.50 (6135) used greatest stack depth: 16376 bytes left [ 112.188430][ T5844] bcachefs (loop0): shutting down [ 112.193520][ T5844] bcachefs (loop0): going read-only [ 112.205116][ T5844] bcachefs (loop0): finished waiting for writes to stop [ 112.270553][ T3515] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 112.295990][ T5844] bcachefs (loop0): flushing journal and stopping allocators, journal seq 5 [ 112.327330][ T3515] bond0 (unregistering): Released all slaves [ 112.473966][ T5844] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 5 [ 112.582599][ T5844] bcachefs (loop0): clean shutdown complete, journal seq 6 [ 112.611555][ T5844] bcachefs (loop0): marking filesystem clean [ 112.665323][ T9] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 112.775952][ T5844] bcachefs (loop0): shutdown complete [ 112.844964][ T9] usb 2-1: Using ep0 maxpacket: 8 [ 112.857383][ T9] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 112.875332][ T9] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 112.896968][ T9] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 112.956619][ T9] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 112.992019][ T9] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 113.055672][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 113.315181][ T9] usb 2-1: GET_CAPABILITIES returned 0 [ 113.320744][ T9] usbtmc 2-1:16.0: can't read capabilities [ 113.336607][ T3515] hsr_slave_0: left promiscuous mode [ 113.393116][ T3515] hsr_slave_1: left promiscuous mode [ 113.402591][ T3515] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 113.413850][ T6171] loop3: detected capacity change from 0 to 128 [ 113.434162][ T3515] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 113.463438][ T3515] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 113.475428][ T3515] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 113.543627][ T9] usb 2-1: USB disconnect, device number 2 [ 113.552919][ T3515] veth1_macvtap: left promiscuous mode [ 113.611798][ T3515] veth0_macvtap: left promiscuous mode [ 113.625244][ T3515] veth1_vlan: left promiscuous mode [ 113.659272][ T3515] veth0_vlan: left promiscuous mode [ 113.724837][ T5850] Bluetooth: hci3: command tx timeout [ 115.490691][ T6196] capability: warning: `syz.3.63' uses deprecated v2 capabilities in a way that may be insecure [ 115.810032][ T5850] Bluetooth: hci3: command tx timeout [ 116.129690][ T6202] loop3: detected capacity change from 0 to 40427 [ 116.151114][ T6202] F2FS-fs (loop3): invalid crc value [ 116.253085][ T6202] F2FS-fs (loop3): Start checkpoint disabled! [ 116.263514][ T6202] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 116.285005][ T30] audit: type=1800 audit(1751868064.080:2): pid=6202 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.66" name="file2" dev="loop3" ino=10 res=0 errno=0 [ 116.308431][ T6202] syz.3.66: attempt to access beyond end of device [ 116.308431][ T6202] loop3: rw=10241, sector=45096, nr_sectors = 8 limit=40427 [ 116.324400][ T6202] syz.3.66: attempt to access beyond end of device [ 116.324400][ T6202] loop3: rw=2049, sector=45104, nr_sectors = 8 limit=40427 [ 116.338675][ T6202] syz.3.66: attempt to access beyond end of device [ 116.338675][ T6202] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 116.462072][ T1311] kworker/u8:5: attempt to access beyond end of device [ 116.462072][ T1311] loop3: rw=2049, sector=45112, nr_sectors = 8 limit=40427 [ 116.536355][ T1311] CPU: 1 UID: 0 PID: 1311 Comm: kworker/u8:5 Not tainted 6.16.0-rc4-next-20250704-syzkaller #0 PREEMPT(full) [ 116.536386][ T1311] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 116.536401][ T1311] Workqueue: writeback wb_workfn (flush-7:3) [ 116.536452][ T1311] Call Trace: [ 116.536461][ T1311] [ 116.536470][ T1311] dump_stack_lvl+0x189/0x250 [ 116.536502][ T1311] ? __pfx_dump_stack_lvl+0x10/0x10 [ 116.536524][ T1311] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 116.536551][ T1311] ? __pfx_queue_work_on+0x10/0x10 [ 116.536577][ T1311] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 116.536603][ T1311] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 116.536631][ T1311] ? f2fs_hw_is_readonly+0x39b/0x470 [ 116.536669][ T1311] f2fs_handle_critical_error+0x37c/0x540 [ 116.536710][ T1311] f2fs_write_end_io+0x495/0x810 [ 116.536733][ T1311] ? blkg_put+0x22/0x240 [ 116.536772][ T1311] __submit_merged_bio+0x27a/0x6a0 [ 116.536813][ T1311] __submit_merged_write_cond+0x255/0x530 [ 116.536854][ T1311] f2fs_write_data_pages+0x261d/0x3000 [ 116.536916][ T1311] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 116.536955][ T1311] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 116.537021][ T1311] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 116.537058][ T1311] ? trace_f2fs_writepages+0x7f/0x200 [ 116.537094][ T1311] ? f2fs_write_node_pages+0x478/0x6e0 [ 116.537133][ T1311] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 116.537182][ T1311] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 116.537207][ T1311] do_writepages+0x32e/0x550 [ 116.537237][ T1311] ? reacquire_held_locks+0x127/0x1d0 [ 116.537259][ T1311] ? writeback_sb_inodes+0x384/0x1010 [ 116.537300][ T1311] __writeback_single_inode+0x145/0xff0 [ 116.537326][ T1311] ? do_raw_spin_unlock+0x122/0x240 [ 116.537359][ T1311] writeback_sb_inodes+0x6c7/0x1010 [ 116.537413][ T1311] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 116.537485][ T1311] ? rcu_is_watching+0x15/0xb0 [ 116.537519][ T1311] wb_writeback+0x43b/0xaf0 [ 116.537553][ T1311] ? queue_io+0x3d1/0x590 [ 116.537580][ T1311] ? __pfx_wb_writeback+0x10/0x10 [ 116.537614][ T1311] ? _raw_spin_unlock_irq+0x23/0x50 [ 116.537645][ T1311] wb_workfn+0x409/0xef0 [ 116.537696][ T1311] ? __pfx_wb_workfn+0x10/0x10 [ 116.537739][ T1311] ? __lock_acquire+0xab9/0xd20 [ 116.537784][ T1311] ? process_scheduled_works+0x9ef/0x17b0 [ 116.537813][ T1311] ? _raw_spin_unlock_irq+0x23/0x50 [ 116.537837][ T1311] ? process_scheduled_works+0x9ef/0x17b0 [ 116.537857][ T1311] ? process_scheduled_works+0x9ef/0x17b0 [ 116.537880][ T1311] process_scheduled_works+0xae1/0x17b0 [ 116.537935][ T1311] ? __pfx_process_scheduled_works+0x10/0x10 [ 116.537977][ T1311] worker_thread+0x8a0/0xda0 [ 116.538002][ T1311] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 116.538038][ T1311] ? __kthread_parkme+0x7b/0x200 [ 116.538073][ T1311] kthread+0x70e/0x8a0 [ 116.538104][ T1311] ? __pfx_worker_thread+0x10/0x10 [ 116.538125][ T1311] ? __pfx_kthread+0x10/0x10 [ 116.538154][ T1311] ? _raw_spin_unlock_irq+0x23/0x50 [ 116.538178][ T1311] ? lockdep_hardirqs_on+0x9c/0x150 [ 116.538203][ T1311] ? __pfx_kthread+0x10/0x10 [ 116.538231][ T1311] ret_from_fork+0x3fc/0x770 [ 116.538255][ T1311] ? __pfx_ret_from_fork+0x10/0x10 [ 116.538289][ T1311] ? __switch_to_asm+0x39/0x70 [ 116.538315][ T1311] ? __switch_to_asm+0x33/0x70 [ 116.538341][ T1311] ? __pfx_kthread+0x10/0x10 [ 116.538368][ T1311] ret_from_fork_asm+0x1a/0x30 [ 116.538412][ T1311] [ 116.538421][ T1311] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 116.996829][ T6212] netlink: 8 bytes leftover after parsing attributes in process `syz.0.56'. [ 117.300260][ T3515] team0 (unregistering): Port device team_slave_1 removed [ 117.442313][ T3515] team0 (unregistering): Port device team_slave_0 removed [ 117.895388][ T5850] Bluetooth: hci3: command tx timeout [ 119.479171][ T6235] netlink: 12 bytes leftover after parsing attributes in process `syz.1.76'. [ 119.596938][ T6101] Set syz1 is full, maxelem 65536 reached [ 119.608368][ T6099] Set syz1 is full, maxelem 65536 reached [ 119.993974][ T6219] netlink: 8 bytes leftover after parsing attributes in process `syz.0.72'. [ 120.016991][ T6219] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 120.054221][ T6235] vlan2: entered promiscuous mode [ 120.059443][ T6235] erspan0: entered promiscuous mode [ 120.827208][ T6111] chnl_net:caif_netlink_parms(): no params data found [ 121.917508][ T5927] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 121.995374][ T6265] vlan0: entered promiscuous mode [ 122.096839][ T5927] usb 1-1: config 0 has an invalid interface number: 9 but max is 0 [ 122.141989][ T5927] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 122.181467][ T6111] bridge0: port 1(bridge_slave_0) entered blocking state [ 122.195109][ T5927] usb 1-1: config 0 has no interface number 0 [ 122.201271][ T5927] usb 1-1: New USB device found, idVendor=0421, idProduct=0302, bcdDevice=45.e8 [ 122.213017][ T6111] bridge0: port 1(bridge_slave_0) entered disabled state [ 122.258477][ T6111] bridge_slave_0: entered allmulticast mode [ 122.280190][ T5927] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 122.303221][ T6111] bridge_slave_0: entered promiscuous mode [ 122.330631][ T5927] usb 1-1: config 0 descriptor?? [ 122.363470][ T5927] rndis_host 1-1:0.9: More than one union descriptor, skipping ... [ 122.366048][ T6111] bridge0: port 2(bridge_slave_1) entered blocking state [ 122.527322][ T5927] rndis_host 1-1:0.9: skipping garbage [ 122.535196][ T6111] bridge0: port 2(bridge_slave_1) entered disabled state [ 122.552700][ T6111] bridge_slave_1: entered allmulticast mode [ 122.575298][ T5927] usb 1-1: bad CDC descriptors [ 122.610942][ T6111] bridge_slave_1: entered promiscuous mode [ 122.613156][ T5927] cdc_acm 1-1:0.9: More than one union descriptor, skipping ... [ 122.665635][ T5927] cdc_acm 1-1:0.9: skipping garbage [ 123.066278][ T6290] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 123.076312][ T6290] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 123.142104][ T6289] Zero length message leads to an empty skb [ 123.158424][ T6111] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 123.187105][ T6111] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 123.471648][ T6304] PKCS7: Unknown OID: [5] (bad) [ 123.477938][ T6304] PKCS7: Only support pkcs7_signedData type [ 123.635955][ T6111] team0: Port device team_slave_0 added [ 123.661283][ T6111] team0: Port device team_slave_1 added [ 124.206356][ T6111] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 124.233771][ T6111] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 124.301127][ T6111] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 124.495387][ T6111] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 124.580513][ T6111] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 124.690553][ T6111] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 124.789210][ T6312] tipc: Started in network mode [ 124.878011][ T6312] tipc: Node identity e2978cd8eac8, cluster identity 4711 [ 124.951660][ T6312] tipc: Enabled bearer , priority 0 [ 125.071860][ T6310] syzkaller0: entered promiscuous mode [ 125.091115][ T6310] syzkaller0: entered allmulticast mode [ 125.217632][ T6319] tipc: Resetting bearer [ 125.405577][ T6111] hsr_slave_0: entered promiscuous mode [ 125.464992][ T6111] hsr_slave_1: entered promiscuous mode [ 125.492836][ T6111] debugfs: 'hsr0' already exists in 'hsr' [ 125.512697][ T6111] Cannot create hsr debugfs directory [ 125.590996][ T6319] tipc: Resetting bearer [ 125.628347][ T6319] tipc: Disabling bearer [ 125.997250][ T6331] 9pnet_fd: Insufficient options for proto=fd [ 126.264956][ T977] usb 1-1: USB disconnect, device number 3 [ 126.757552][ T977] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 126.790768][ T6111] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 126.834585][ T6111] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 126.841442][ T5913] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 126.886114][ T6111] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 126.910999][ T6111] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 126.955599][ T977] usb 1-1: Using ep0 maxpacket: 32 [ 126.981937][ T977] usb 1-1: config index 0 descriptor too short (expected 29220, got 36) [ 127.024933][ T977] usb 1-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 127.033621][ T977] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 127.064798][ T5913] usb 2-1: Using ep0 maxpacket: 16 [ 127.091366][ T977] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 127.112723][ T5913] usb 2-1: config 166 has an invalid interface number: 177 but max is 1 [ 127.118308][ T977] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 127.135979][ T5913] usb 2-1: config 166 has an invalid interface number: 34 but max is 1 [ 127.153249][ T977] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 127.184682][ T5913] usb 2-1: config 166 has no interface number 0 [ 127.192215][ T5913] usb 2-1: config 166 has no interface number 1 [ 127.218401][ T977] usb 1-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 127.220264][ T5913] usb 2-1: config 166 interface 177 altsetting 4 has an invalid descriptor for endpoint zero, skipping [ 127.257897][ T977] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 127.280254][ T977] usb 1-1: config 0 descriptor?? [ 127.312872][ T5913] usb 2-1: config 166 interface 177 altsetting 4 has an invalid descriptor for endpoint zero, skipping [ 127.349782][ T6111] 8021q: adding VLAN 0 to HW filter on device bond0 [ 127.375610][ T5913] usb 2-1: config 166 interface 34 altsetting 1 has a duplicate endpoint with address 0x9, skipping [ 127.413813][ T5913] usb 2-1: config 166 interface 34 altsetting 1 has an endpoint descriptor with address 0xA6, changing to 0x86 [ 127.432821][ T6111] 8021q: adding VLAN 0 to HW filter on device team0 [ 127.466119][ T5913] usb 2-1: config 166 interface 34 altsetting 1 endpoint 0x86 has invalid maxpacket 23105, setting to 1024 [ 127.485086][ T5913] usb 2-1: config 166 interface 34 altsetting 1 bulk endpoint 0x86 has invalid maxpacket 1024 [ 127.521597][ T5913] usb 2-1: config 166 interface 34 altsetting 1 endpoint 0x85 has an invalid bInterval 0, changing to 7 [ 127.544837][ T977] usblp 1-1:0.0: usblp0: USB Bidirectional printer dev 4 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 127.579958][ T3571] bridge0: port 1(bridge_slave_0) entered blocking state [ 127.587179][ T3571] bridge0: port 1(bridge_slave_0) entered forwarding state [ 127.590295][ T5913] usb 2-1: config 166 interface 34 altsetting 1 endpoint 0x85 has invalid wMaxPacketSize 0 [ 127.612111][ T6351] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 127.624390][ T977] usb 1-1: USB disconnect, device number 4 [ 127.640653][ T977] usblp0: removed [ 127.807515][ T5913] usb 2-1: config 166 interface 34 altsetting 1 has 5 endpoint descriptors, different from the interface descriptor's value: 4 [ 127.825240][ T5913] usb 2-1: config 166 interface 177 has no altsetting 0 [ 127.834842][ T5913] usb 2-1: config 166 interface 34 has no altsetting 0 [ 127.845831][ T5913] usb 2-1: New USB device found, idVendor=0bda, idProduct=0138, bcdDevice=30.12 [ 127.866272][ T5913] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 127.884142][ T5913] usb 2-1: Product: syz [ 127.884413][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 127.891511][ T5913] usb 2-1: Manufacturer: syz [ 127.895620][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 127.900377][ T5913] usb 2-1: SerialNumber: syz [ 128.139686][ T5913] ums-realtek 2-1:166.177: USB Mass Storage device detected [ 128.175778][ T977] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 128.334803][ T10] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 128.366089][ T977] usb 1-1: Using ep0 maxpacket: 32 [ 128.380835][ T977] usb 1-1: config index 0 descriptor too short (expected 29220, got 36) [ 128.410135][ T977] usb 1-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 128.452932][ T5913] ums-realtek 2-1:166.34: USB Mass Storage device detected [ 128.455245][ T977] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 128.522660][ T977] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 128.554450][ T977] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 128.574979][ T10] usb 5-1: Using ep0 maxpacket: 16 [ 128.600858][ T10] usb 5-1: config 8 has an invalid interface number: 39 but max is 0 [ 128.611490][ T10] usb 5-1: config 8 has no interface number 0 [ 128.632911][ T5913] ums-realtek 2-1:166.34: probe with driver ums-realtek failed with error -5 [ 128.643436][ T10] usb 5-1: config 8 interface 39 altsetting 1 bulk endpoint 0x1 has invalid maxpacket 521 [ 128.664140][ T977] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 128.678019][ T5913] usb 2-1: Found UVC 0.00 device syz (0bda:0138) [ 128.720214][ T5913] usb 2-1: No valid video chain found. [ 128.725064][ T10] usb 5-1: config 8 interface 39 has no altsetting 0 [ 128.792002][ T977] usb 1-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 128.815710][ T5913] usb 2-1: USB disconnect, device number 3 [ 128.831829][ T10] usb 5-1: New USB device found, idVendor=05ac, idProduct=c704, bcdDevice=62.77 [ 128.871588][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 128.900629][ T977] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 128.947515][ T10] usb 5-1: Product: syz [ 128.986023][ T977] usb 1-1: config 0 descriptor?? [ 129.003364][ T10] usb 5-1: Manufacturer: syz [ 129.020912][ T10] usb 5-1: SerialNumber: syz [ 129.062585][ T6375] loop1: detected capacity change from 0 to 256 [ 129.198376][ T977] usblp 1-1:0.0: usblp0: USB Bidirectional printer dev 5 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 129.239142][ T6375] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xf6dff195, utbl_chksum : 0xe619d30d) [ 129.415411][ T977] usb 1-1: USB disconnect, device number 5 [ 129.455711][ T977] usblp0: removed [ 129.646783][ T6111] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 129.849814][ T10] usb 5-1: can't set config #8, error -71 [ 129.875403][ T10] usb 5-1: USB disconnect, device number 2 [ 130.747440][ T3571] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 130.869116][ T6410] netlink: 104 bytes leftover after parsing attributes in process `syz.0.115'. [ 131.425988][ T3571] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 133.088515][ T3571] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 133.367007][ T3571] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 133.571074][ T6111] veth0_vlan: entered promiscuous mode [ 133.620502][ T6111] veth1_vlan: entered promiscuous mode [ 133.953573][ T6111] veth0_macvtap: entered promiscuous mode [ 133.998824][ T3571] bridge_slave_1: left allmulticast mode [ 134.006662][ T3571] bridge_slave_1: left promiscuous mode [ 134.034906][ T3571] bridge0: port 2(bridge_slave_1) entered disabled state [ 134.045952][ T5167] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 134.057582][ T5167] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 134.066870][ T5167] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 134.090951][ T5167] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 134.107226][ T5167] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 134.108386][ T3571] bridge_slave_0: left allmulticast mode [ 134.188671][ T3571] bridge_slave_0: left promiscuous mode [ 134.195396][ T3571] bridge0: port 1(bridge_slave_0) entered disabled state [ 135.115061][ T43] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 135.215130][ T5927] usb 1-1: new full-speed USB device number 6 using dummy_hcd [ 135.279396][ T43] usb 5-1: Using ep0 maxpacket: 32 [ 135.311435][ T43] usb 5-1: config index 0 descriptor too short (expected 26090, got 796) [ 135.328965][ T43] usb 5-1: config 231 has too many interfaces: 103, using maximum allowed: 32 [ 135.362214][ T43] usb 5-1: config 231 has an invalid descriptor of length 0, skipping remainder of the config [ 135.373352][ T3571] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 135.382596][ T43] usb 5-1: config 231 has 0 interfaces, different from the descriptor's value: 103 [ 135.399340][ T3571] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 135.408977][ T5927] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 135.419577][ T5927] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 135.429290][ T5927] usb 1-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 135.441703][ T3571] bond0 (unregistering): Released all slaves [ 135.454235][ T43] usb 5-1: New USB device found, idVendor=d024, idProduct=5e5a, bcdDevice=16.a9 [ 135.469631][ T43] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 135.479105][ T5927] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 135.487600][ T43] usb 5-1: Product: syz [ 135.493618][ T43] usb 5-1: Manufacturer: syz [ 135.501675][ T43] usb 5-1: SerialNumber: syz [ 135.508028][ T5927] usb 1-1: config 0 descriptor?? [ 135.509591][ T6111] veth1_macvtap: entered promiscuous mode [ 135.527644][ T5927] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 135.569343][ T5927] dvb-usb: bulk message failed: -22 (3/0) [ 135.606211][ T3571] tipc: Left network mode [ 135.618888][ T5927] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 135.631085][ T6111] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 135.642373][ T5927] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 135.660557][ T5927] usb 1-1: media controller created [ 135.698617][ T5927] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 135.720157][ T6111] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 135.772557][ T78] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 135.788615][ T6446] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 135.843102][ T6446] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 135.875366][ T5927] dvb-usb: bulk message failed: -22 (6/0) [ 135.893530][ T5927] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 135.933570][ T5927] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input5 [ 135.971372][ T5927] dvb-usb: schedule remote query interval to 150 msecs. [ 135.983529][ T5927] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 136.048913][ T78] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 136.137329][ T5927] dvb-usb: bulk message failed: -22 (1/0) [ 136.186020][ T5927] dvb-usb: error while querying for an remote control event. [ 136.207161][ T5167] Bluetooth: hci4: command tx timeout [ 136.242062][ T78] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 136.262820][ T78] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 136.425220][ T5927] dvb-usb: bulk message failed: -22 (1/0) [ 136.470626][ T5927] dvb-usb: error while querying for an remote control event. [ 136.694762][ T5913] dvb-usb: bulk message failed: -22 (1/0) [ 136.719058][ T5913] dvb-usb: error while querying for an remote control event. [ 136.746702][ T3571] hsr_slave_0: left promiscuous mode [ 136.767299][ T3571] hsr_slave_1: left promiscuous mode [ 136.788033][ T3571] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 136.830224][ T3571] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 136.868859][ T3571] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 136.886290][ T3571] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 136.914777][ T5913] dvb-usb: bulk message failed: -22 (1/0) [ 137.028032][ T5913] dvb-usb: error while querying for an remote control event. [ 137.181167][ T3571] veth1_macvtap: left promiscuous mode [ 137.189372][ T3571] veth0_macvtap: left promiscuous mode [ 137.199809][ T3571] veth1_vlan: left promiscuous mode [ 137.210387][ T3571] veth0_vlan: left promiscuous mode [ 137.220333][ T5913] dvb-usb: bulk message failed: -22 (1/0) [ 137.278172][ T5913] dvb-usb: error while querying for an remote control event. [ 137.484799][ T5913] dvb-usb: bulk message failed: -22 (1/0) [ 137.490629][ T5913] dvb-usb: error while querying for an remote control event. [ 137.704975][ T5913] dvb-usb: bulk message failed: -22 (1/0) [ 137.721190][ T5913] dvb-usb: error while querying for an remote control event. [ 137.925638][ T5913] dvb-usb: bulk message failed: -22 (1/0) [ 137.972479][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 137.985012][ T5913] dvb-usb: error while querying for an remote control event. [ 137.992643][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 138.103752][ T977] usb 1-1: USB disconnect, device number 6 [ 138.208278][ T977] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 138.259683][ T43] usb 5-1: USB disconnect, device number 3 [ 138.285490][ T5167] Bluetooth: hci4: command tx timeout [ 138.492862][ T6479] kvm: kvm [6478]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x800 [ 138.507151][ T6479] kvm: kvm [6478]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x0 [ 138.521014][ T6479] kvm: kvm [6478]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x187) = 0x800 [ 138.880416][ T3571] team0 (unregistering): Port device team_slave_1 removed [ 138.933074][ T3571] team0 (unregistering): Port device team_slave_0 removed [ 139.861988][ T78] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 139.893727][ T78] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 140.056409][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 140.064850][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 140.256476][ T6511] input: syz0 as /devices/virtual/input/input6 [ 140.348765][ T6428] chnl_net:caif_netlink_parms(): no params data found [ 140.373466][ T5167] Bluetooth: hci4: command tx timeout [ 140.640647][ T6514] loop3: detected capacity change from 0 to 32768 [ 140.863287][ T6514] bcachefs (loop3): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nocow [ 140.863315][ T6514] allowing incompatible features above 0.0: (unknown version) [ 140.863329][ T6514] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 140.900890][ T6514] bcachefs (loop3): Using encoding defined by superblock: utf8-12.1.0 [ 140.909463][ T6514] bcachefs (loop3): initializing new filesystem [ 140.926524][ T6514] bcachefs (loop3): going read-write [ 140.994335][ T6514] bcachefs (loop3): marking superblocks [ 141.011126][ T6514] bcachefs (loop3): initializing freespace [ 141.020185][ T6514] bcachefs (loop3): done initializing freespace [ 141.028477][ T6514] bcachefs (loop3): reading snapshots table [ 141.034427][ T6514] bcachefs (loop3): reading snapshots done [ 141.114888][ T6514] bcachefs (loop3): loop3: Superblock write was silently dropped! (seq 0 expected 42) [ 141.137150][ T6514] bcachefs (loop3): done starting filesystem [ 141.446171][ T5853] bcachefs (loop3): shutting down [ 141.485901][ T5853] bcachefs (loop3): going read-only [ 141.491172][ T5853] bcachefs (loop3): finished waiting for writes to stop [ 141.534564][ T5853] bcachefs (loop3): flushing journal and stopping allocators, journal seq 3 [ 141.624692][ T6428] bridge0: port 1(bridge_slave_0) entered blocking state [ 141.718627][ T6428] bridge0: port 1(bridge_slave_0) entered disabled state [ 141.774977][ T5853] bcachefs (loop3): flushing journal and stopping allocators complete, journal seq 4 [ 141.775015][ T6428] bridge_slave_0: entered allmulticast mode [ 141.796716][ T6428] bridge_slave_0: entered promiscuous mode [ 141.802995][ T6539] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 141.818626][ T6428] bridge0: port 2(bridge_slave_1) entered blocking state [ 141.830748][ T6428] bridge0: port 2(bridge_slave_1) entered disabled state [ 141.846379][ T5853] bcachefs (loop3): clean shutdown complete, journal seq 5 [ 141.864289][ T6428] bridge_slave_1: entered allmulticast mode [ 141.873450][ T6428] bridge_slave_1: entered promiscuous mode [ 141.905626][ T5853] bcachefs (loop3): marking filesystem clean [ 142.121616][ T5853] bcachefs (loop3): shutdown complete [ 142.151243][ T6428] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 142.229166][ T6428] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 142.447188][ T5850] Bluetooth: hci4: command tx timeout [ 142.522129][ T6428] team0: Port device team_slave_0 added [ 142.547156][ T6428] team0: Port device team_slave_1 added [ 142.608517][ T6428] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 142.615685][ T6428] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 142.671039][ T6428] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 142.700484][ T6558] netlink: 32 bytes leftover after parsing attributes in process `syz.5.150'. [ 142.723192][ T6428] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 142.734673][ T6428] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 142.844779][ T6428] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 143.093960][ T6428] hsr_slave_0: entered promiscuous mode [ 143.125389][ T6428] hsr_slave_1: entered promiscuous mode [ 143.131903][ T6428] debugfs: 'hsr0' already exists in 'hsr' [ 143.142088][ T6428] Cannot create hsr debugfs directory [ 143.164836][ T977] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 143.365427][ T977] usb 1-1: Using ep0 maxpacket: 32 [ 143.393942][ T977] usb 1-1: New USB device found, idVendor=0ccd, idProduct=0080, bcdDevice=67.fe [ 143.403556][ T977] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 143.432314][ T977] usb 1-1: Product: syz [ 143.443443][ T977] usb 1-1: Manufacturer: syz [ 143.454799][ T977] usb 1-1: SerialNumber: syz [ 143.488637][ T977] usb 1-1: config 0 descriptor?? [ 143.706539][ T977] snd-usb-6fire 1-1:0.0: unknown device firmware state received from device: [ 143.730528][ T977] eb 9a 47 80 9b f8 7a f0 [ 143.741237][ T977] snd-usb-6fire 1-1:0.0: probe with driver snd-usb-6fire failed with error -5 [ 143.906042][ T5961] usb 1-1: USB disconnect, device number 7 [ 144.626411][ T6428] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 144.711506][ T6428] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 144.755186][ T6428] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 144.797500][ T6428] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 145.385933][ T6611] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 145.393444][ T6611] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 145.402860][ T6611] trusted_key: syz.0.159 sent an empty control message without MSG_MORE. [ 145.799811][ T6428] 8021q: adding VLAN 0 to HW filter on device bond0 [ 145.980889][ T6428] 8021q: adding VLAN 0 to HW filter on device team0 [ 146.246345][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 146.253572][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 146.276636][ T6617] loop3: detected capacity change from 0 to 4096 [ 146.415584][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 146.422746][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 146.479087][ T6617] NILFS (loop3): invalid segment: Checksum error in segment payload [ 146.513788][ T6617] NILFS (loop3): trying rollback from an earlier position [ 146.641746][ T6617] NILFS (loop3): recovery complete [ 146.709882][ T6623] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 146.817846][ T6622] netlink: 8 bytes leftover after parsing attributes in process `syz.4.163'. [ 147.018165][ T6622] vlan3: entered promiscuous mode [ 147.044742][ T6622] vlan2: entered promiscuous mode [ 147.082874][ T6622] gretap0: entered promiscuous mode [ 147.420890][ T6634] netlink: 4 bytes leftover after parsing attributes in process `syz.5.166'. [ 147.763135][ T6428] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 148.633025][ T6671] loop4: detected capacity change from 0 to 4096 [ 148.742237][ T6671] NILFS (loop4): invalid segment: Checksum error in segment payload [ 148.817913][ T6671] NILFS (loop4): trying rollback from an earlier position [ 148.978741][ T6671] NILFS (loop4): recovery complete [ 149.019858][ T6678] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 149.492257][ T6428] veth0_vlan: entered promiscuous mode [ 149.566779][ T6428] veth1_vlan: entered promiscuous mode [ 149.741105][ T6428] veth0_macvtap: entered promiscuous mode [ 149.923399][ T6428] veth1_macvtap: entered promiscuous mode [ 149.981867][ T6687] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 150.109055][ T6428] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 150.165461][ T6428] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 150.238519][ T12] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 150.286046][ T12] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 150.418261][ T12] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 150.462254][ T12] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 150.671396][ T3571] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 150.701896][ T3571] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 150.774822][ T24] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 150.868221][ T3571] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 150.898303][ T3571] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 150.940768][ T24] usb 4-1: config 0 has an invalid interface number: 91 but max is 0 [ 150.959291][ T24] usb 4-1: config 0 has no interface number 0 [ 150.969448][ T24] usb 4-1: config 0 interface 91 has no altsetting 0 [ 150.990012][ T24] usb 4-1: New USB device found, idVendor=174f, idProduct=5212, bcdDevice=60.41 [ 151.021429][ T6707] loop0: detected capacity change from 0 to 4096 [ 151.032147][ T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 151.059409][ T24] usb 4-1: config 0 descriptor?? [ 151.162005][ T6707] NILFS (loop0): invalid segment: Checksum error in segment payload [ 151.189340][ T6707] NILFS (loop0): trying rollback from an earlier position [ 151.310982][ T24] usb 4-1: string descriptor 0 read error: -71 [ 151.335456][ T6707] NILFS (loop0): recovery complete [ 151.347214][ T24] usb 4-1: Found UVC 0.00 device (174f:5212) [ 151.354137][ T24] usb 4-1: No valid video chain found. [ 151.388613][ T6723] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 151.425598][ T24] usb 4-1: USB disconnect, device number 3 [ 151.654861][ T5927] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 151.837028][ T5927] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 151.868435][ T5927] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 151.934309][ T5927] usb 6-1: New USB device found, idVendor=07b5, idProduct=0312, bcdDevice= 0.00 [ 151.953771][ T5927] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 151.993563][ T5927] usb 6-1: config 0 descriptor?? [ 152.042252][ T30] audit: type=1326 audit(1751868099.840:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6733 comm="syz.6.192" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2abeb8e929 code=0x0 [ 153.968749][ T6767] loop4: detected capacity change from 0 to 32768 [ 154.145029][ T6767] bcachefs (loop4): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nocow [ 154.145056][ T6767] allowing incompatible features above 0.0: (unknown version) [ 154.145070][ T6767] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 154.168454][ T6777] random: crng reseeded on system resumption [ 154.181806][ T6767] bcachefs (loop4): Using encoding defined by superblock: utf8-12.1.0 [ 154.181855][ T6767] bcachefs (loop4): initializing new filesystem [ 154.192252][ T6767] bcachefs (loop4): going read-write [ 154.277127][ T6767] bcachefs (loop4): marking superblocks [ 154.288822][ T6767] bcachefs (loop4): initializing freespace [ 154.297595][ T6767] bcachefs (loop4): done initializing freespace [ 154.306462][ T6767] bcachefs (loop4): reading snapshots table [ 154.312436][ T6767] bcachefs (loop4): reading snapshots done [ 154.460949][ T6767] bcachefs (loop4): loop4: Superblock write was silently dropped! (seq 0 expected 42) [ 154.490979][ T6767] bcachefs (loop4): done starting filesystem [ 154.810821][ T5845] bcachefs (loop4): shutting down [ 154.852630][ T5845] bcachefs (loop4): going read-only [ 154.870417][ T6762] loop6: detected capacity change from 0 to 32768 [ 154.888521][ T5845] bcachefs (loop4): finished waiting for writes to stop [ 154.911212][ T5845] bcachefs (loop4): flushing journal and stopping allocators, journal seq 2 [ 155.133576][ T5845] bcachefs (loop4): flushing journal and stopping allocators complete, journal seq 3 [ 155.166907][ T5845] bcachefs (loop4): clean shutdown complete, journal seq 4 [ 155.193682][ T6762] bcachefs (loop6): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=xxhash,data_checksum=xxhash,compression=lz4,str_hash=crc64,norecovery,reconstruct_alloc [ 155.193711][ T6762] allowing incompatible features above 0.0: (unknown version) [ 155.193725][ T6762] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 155.218323][ T5845] bcachefs (loop4): marking filesystem clean [ 155.369417][ T5845] bcachefs (loop4): shutdown complete [ 155.470152][ T6762] bcachefs (loop6): Using encoding defined by superblock: utf8-12.1.0 [ 155.495594][ T6762] bcachefs (loop6): recovering from clean shutdown, journal seq 10 [ 155.526769][ T6762] bcachefs (loop6): Version upgrade from 1.19: autofix_errors to 1.7: mi_btree_bitmap incomplete [ 155.526769][ T6762] Doing compatible version upgrade from 1.19: autofix_errors to 1.28: inode_has_case_insensitive [ 155.526769][ T6762] running recovery passes: check_extents_to_backpointers,check_inodes [ 155.620238][ T6762] bcachefs (loop6): dropping and reconstructing all alloc info [ 155.718982][ T6762] bcachefs (loop6): invalid bkey in btree_node btree=inodes level=0: u64s 18 type inode_v3 0:4098:U32_MAX len 0 ver 0: [ 155.719034][ T6762] mode=0 [ 155.719047][ T6762] flags=(15300000) [ 155.719058][ T6762] journal_seq=4 [ 155.719069][ T6762] hash_seed=ece93825deac2443 [ 155.719080][ T6762] hash_type=siphash [ 155.719090][ T6762] bi_size=0 [ 155.719100][ T6762] bi_sectors=0 [ 155.719110][ T6762] bi_version=0 [ 155.719120][ T6762] bi_atime=2770562249 [ 155.719131][ T6762] bi_ctime=2780562352 [ 155.719141][ T6762] bi_mtime=2780562352 [ 155.719151][ T6762] bi_otime=2770562249 [ 155.719162][ T6762] bi_uid=0 [ 155.719172][ T6762] bi_gid=0 [ 155.719182][ T6762] bi_nlink=0 [ 155.719204][ T6762] bi_generation=0 [ 155.719215][ T6762] bi_dev=0 [ 155.719225][ T6762] bi_data_checksum=0 [ 155.719235][ T6762] bi_compression=0 [ 155.719245][ T6762] bi_project=0 [ 155.719255][ T6762] bi_background_compression=0 [ 155.719266][ T6762] bi_data_replicas=0 [ 155.719277][ T6762] bi_promote_target=0 [ 155.719287][ T6762] bi_foreground_target=0 [ 155.719298][ T6762] bi_background_target=0 [ 155.719308][ T6762] bi_erasure_code=0 [ 155.719319][ T6762] bi_fields_set=0 [ 155.719329][ T6762] bi_dir=4096 [ 155.719339][ T6762] bi_dir_offset=189491840996961599 [ 155.719350][ T6762] bi_subvol=0 [ 155.719360][ T6762] bi_parent_subvol=0 [ 155.719371][ T6762] bi_nocow=0 [ 155.719388][ T6762] bi_depth=0 [ 155.719398][ T6762] bi_inodes_32bit=0 [ 155.719409][ T6762] bi_casefold=0 [ 155.719419][ T6762] invalid fields_start (got 18, min 6 max 13), deleting [ 155.975069][ T5927] usbhid 6-1:0.0: can't add hid device: -71 [ 155.975183][ T5927] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 156.010190][ T5927] usb 6-1: USB disconnect, device number 2 [ 156.438104][ T6807] cgroup: fork rejected by pids controller in /syz0 [ 156.702988][ T6762] bcachefs (loop6): accounting_read... done [ 156.720670][ T6762] bcachefs (loop6): alloc_read... done [ 157.742632][ T5927] usb 5-1: new full-speed USB device number 4 using dummy_hcd [ 157.747724][ T7239] netlink: 4 bytes leftover after parsing attributes in process `syz.5.204'. [ 157.754692][ T6762] bcachefs (loop6): snapshots_read... done [ 157.779108][ T7239] netlink: 64 bytes leftover after parsing attributes in process `syz.5.204'. [ 157.848524][ T6762] bcachefs (loop6): Fixed errors, running fsck a second time to verify fs is clean [ 157.898974][ T6762] bcachefs (loop6): done starting filesystem [ 158.116760][ T5927] usb 5-1: config 0 has an invalid interface number: 93 but max is 0 [ 158.132516][ T5927] usb 5-1: config 0 has no interface number 0 [ 158.182048][ T5927] usb 5-1: New USB device found, idVendor=19ab, idProduct=1000, bcdDevice= 0.35 [ 158.233674][ T5927] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 158.285727][ T5927] usb 5-1: config 0 descriptor?? [ 158.291913][ T6428] bcachefs (loop6): shutting down [ 158.477919][ T6428] bcachefs (loop6): shutdown complete [ 158.569071][ T5927] usb 5-1: string descriptor 0 read error: -71 [ 158.621727][ T5927] usb 5-1: Found UVC 0.00 device (19ab:1000) [ 158.699313][ T5927] usb 5-1: No valid video chain found. [ 158.774818][ T5927] usb 5-1: USB disconnect, device number 4 [ 160.103937][ T7279] tipc: Started in network mode [ 160.116931][ T7279] tipc: Node identity fe150604a93a, cluster identity 4711 [ 160.176552][ T7279] tipc: Enabled bearer , priority 0 [ 160.250878][ T7282] syzkaller0: entered promiscuous mode [ 160.257606][ T7282] syzkaller0: entered allmulticast mode [ 160.267501][ T7279] tipc: Resetting bearer [ 160.308810][ T7278] tipc: Resetting bearer [ 160.398384][ T7278] tipc: Disabling bearer [ 161.039124][ T7302] loop4: detected capacity change from 0 to 256 [ 161.201911][ T7302] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xf6dff195, utbl_chksum : 0xe619d30d) [ 162.571948][ T7321] bridge1: entered promiscuous mode [ 162.577684][ T7321] bridge1: entered allmulticast mode [ 162.590286][ T7321] team0: Port device bridge1 added [ 163.366312][ T78] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 163.718341][ T78] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 164.418113][ T78] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 165.136533][ T78] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 165.352673][ T7349] tipc: Enabled bearer , priority 0 [ 165.561757][ T7349] syzkaller0: entered promiscuous mode [ 165.584735][ T7349] syzkaller0: entered allmulticast mode [ 165.734444][ T7349] tipc: Resetting bearer [ 165.778451][ T5850] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 165.795085][ T5850] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 165.816229][ T5850] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 165.819159][ T7348] tipc: Resetting bearer [ 165.831437][ T5850] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 165.840184][ T5850] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 166.113947][ T7348] tipc: Disabling bearer [ 166.250442][ T78] bridge_slave_1: left allmulticast mode [ 166.250468][ T78] bridge_slave_1: left promiscuous mode [ 166.250670][ T78] bridge0: port 2(bridge_slave_1) entered disabled state [ 166.267506][ T78] bridge_slave_0: left allmulticast mode [ 166.267533][ T78] bridge_slave_0: left promiscuous mode [ 166.267745][ T78] bridge0: port 1(bridge_slave_0) entered disabled state [ 167.407323][ T7361] loop6: detected capacity change from 0 to 32768 [ 167.772182][ T78] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 167.782138][ T7361] bcachefs (loop6): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=xxhash,data_checksum=xxhash,compression=lz4,str_hash=crc64,norecovery,reconstruct_alloc [ 167.782166][ T7361] allowing incompatible features above 0.0: (unknown version) [ 167.782180][ T7361] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 167.829881][ T78] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 167.858243][ T78] bond0 (unregistering): Released all slaves [ 167.940661][ T7361] bcachefs (loop6): Using encoding defined by superblock: utf8-12.1.0 [ 167.946711][ T7390] fuse: Bad value for 'fd' [ 167.960936][ T7361] bcachefs (loop6): recovering from clean shutdown, journal seq 10 [ 167.971306][ T5850] Bluetooth: hci1: command tx timeout [ 168.029311][ T7361] bcachefs (loop6): Version upgrade from 1.19: autofix_errors to 1.7: mi_btree_bitmap incomplete [ 168.029311][ T7361] Doing compatible version upgrade from 1.19: autofix_errors to 1.28: inode_has_case_insensitive [ 168.029311][ T7361] running recovery passes: check_extents_to_backpointers,check_inodes [ 168.101554][ T7361] bcachefs (loop6): dropping and reconstructing all alloc info [ 168.249775][ T7361] bcachefs (loop6): invalid bkey in btree_node btree=inodes level=0: u64s 18 type inode_v3 0:4098:U32_MAX len 0 ver 0: [ 168.249795][ T7361] mode=0 [ 168.249802][ T7361] flags=(15300000) [ 168.249809][ T7361] journal_seq=4 [ 168.249816][ T7361] hash_seed=ece93825deac2443 [ 168.249823][ T7361] hash_type=siphash [ 168.249830][ T7361] bi_size=0 [ 168.249837][ T7361] bi_sectors=0 [ 168.249844][ T7361] bi_version=0 [ 168.249851][ T7361] bi_atime=2770562249 [ 168.249858][ T7361] bi_ctime=2780562352 [ 168.249865][ T7361] bi_mtime=2780562352 [ 168.249872][ T7361] bi_otime=2770562249 [ 168.249879][ T7361] bi_uid=0 [ 168.249886][ T7361] bi_gid=0 [ 168.249892][ T7361] bi_nlink=0 [ 168.249899][ T7361] bi_generation=0 [ 168.249906][ T7361] bi_dev=0 [ 168.249912][ T7361] bi_data_checksum=0 [ 168.249919][ T7361] bi_compression=0 [ 168.249926][ T7361] bi_project=0 [ 168.249933][ T7361] bi_background_compression=0 [ 168.249940][ T7361] bi_data_replicas=0 [ 168.249947][ T7361] bi_promote_target=0 [ 168.249954][ T7361] bi_foreground_target=0 [ 168.249962][ T7361] bi_background_target=0 [ 168.249969][ T7361] bi_erasure_code=0 [ 168.249976][ T7361] bi_fields_set=0 [ 168.249983][ T7361] bi_dir=4096 [ 168.249990][ T7361] bi_dir_offset=189491840996961599 [ 168.249998][ T7361] bi_subvol=0 [ 168.250004][ T7361] bi_parent_subvol=0 [ 168.250012][ T7361] bi_nocow=0 [ 168.250018][ T7361] bi_depth=0 [ 168.250025][ T7361] bi_inodes_32bit=0 [ 168.250032][ T7361] bi_casefold=0 [ 168.250039][ T7361] invalid fields_start (got 18, min 6 max 13), deleting [ 168.478228][ T7406] random: crng reseeded on system resumption [ 169.288215][ T7361] bcachefs (loop6): accounting_read... done [ 169.329291][ T7361] bcachefs (loop6): alloc_read... done [ 169.376598][ T7361] bcachefs (loop6): snapshots_read... done [ 169.414063][ T7361] bcachefs (loop6): Fixed errors, running fsck a second time to verify fs is clean [ 169.461612][ T7361] bcachefs (loop6): done starting filesystem [ 169.478392][ T7356] chnl_net:caif_netlink_parms(): no params data found [ 169.650723][ T6428] bcachefs (loop6): shutting down [ 169.787369][ T6428] bcachefs (loop6): shutdown complete [ 169.905504][ T78] hsr_slave_0: left promiscuous mode [ 169.939025][ T78] hsr_slave_1: left promiscuous mode [ 169.946672][ T78] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 169.974724][ T78] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 169.982894][ T78] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 170.005890][ T78] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 170.048483][ T5850] Bluetooth: hci1: command tx timeout [ 170.062324][ T78] veth1_macvtap: left promiscuous mode [ 170.094899][ T24] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 170.126323][ T78] veth0_macvtap: left promiscuous mode [ 170.137070][ T78] veth1_vlan: left promiscuous mode [ 170.295001][ T24] usb 4-1: device descriptor read/64, error -71 [ 170.548487][ T24] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 170.694932][ T24] usb 4-1: device descriptor read/64, error -71 [ 170.812059][ T24] usb usb4-port1: attempt power cycle [ 170.920664][ T7435] fuse: Bad value for 'fd' [ 171.194786][ T24] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 171.232118][ T24] usb 4-1: device descriptor read/8, error -71 [ 171.504724][ T24] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 171.538990][ T24] usb 4-1: device descriptor read/8, error -71 [ 171.657469][ T24] usb usb4-port1: unable to enumerate USB device [ 171.728011][ T7443] random: crng reseeded on system resumption [ 172.125002][ T5850] Bluetooth: hci1: command tx timeout [ 172.249040][ T78] team0 (unregistering): Port device team_slave_1 removed [ 172.445511][ T78] team0 (unregistering): Port device team_slave_0 removed [ 173.293438][ T7451] loop5: detected capacity change from 0 to 32768 [ 173.982101][ T7451] bcachefs (loop5): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=xxhash,data_checksum=xxhash,compression=lz4,str_hash=crc64,norecovery,reconstruct_alloc [ 173.982131][ T7451] allowing incompatible features above 0.0: (unknown version) [ 173.982145][ T7451] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 174.264881][ T5850] Bluetooth: hci1: command tx timeout [ 174.439012][ T7451] bcachefs (loop5): Using encoding defined by superblock: utf8-12.1.0 [ 174.495283][ T7451] bcachefs (loop5): recovering from clean shutdown, journal seq 10 [ 174.543678][ T7451] bcachefs (loop5): Version upgrade from 1.19: autofix_errors to 1.7: mi_btree_bitmap incomplete [ 174.543678][ T7451] Doing compatible version upgrade from 1.19: autofix_errors to 1.28: inode_has_case_insensitive [ 174.543678][ T7451] running recovery passes: check_extents_to_backpointers,check_inodes [ 174.591114][ T7451] bcachefs (loop5): dropping and reconstructing all alloc info [ 174.680474][ T7451] bcachefs (loop5): invalid bkey in btree_node btree=inodes level=0: u64s 18 type inode_v3 0:4098:U32_MAX len 0 ver 0: [ 174.680493][ T7451] mode=0 [ 174.680499][ T7451] flags=(15300000) [ 174.680506][ T7451] journal_seq=4 [ 174.680513][ T7451] hash_seed=ece93825deac2443 [ 174.680520][ T7451] hash_type=siphash [ 174.680528][ T7451] bi_size=0 [ 174.680534][ T7451] bi_sectors=0 [ 174.680541][ T7451] bi_version=0 [ 174.680547][ T7451] bi_atime=2770562249 [ 174.680554][ T7451] bi_ctime=2780562352 [ 174.680562][ T7451] bi_mtime=2780562352 [ 174.680569][ T7451] bi_otime=2770562249 [ 174.680576][ T7451] bi_uid=0 [ 174.680582][ T7451] bi_gid=0 [ 174.680589][ T7451] bi_nlink=0 [ 174.680596][ T7451] bi_generation=0 [ 174.680602][ T7451] bi_dev=0 [ 174.680609][ T7451] bi_data_checksum=0 [ 174.680616][ T7451] bi_compression=0 [ 174.680623][ T7451] bi_project=0 [ 174.680629][ T7451] bi_background_compression=0 [ 174.680637][ T7451] bi_data_replicas=0 [ 174.680644][ T7451] bi_promote_target=0 [ 174.680651][ T7451] bi_foreground_target=0 [ 174.680658][ T7451] bi_background_target=0 [ 174.680665][ T7451] bi_erasure_code=0 [ 174.680672][ T7451] bi_fields_set=0 [ 174.680679][ T7451] bi_dir=4096 [ 174.680685][ T7451] bi_dir_offset=189491840996961599 [ 174.680693][ T7451] bi_subvol=0 [ 174.680700][ T7451] bi_parent_subvol=0 [ 174.680707][ T7451] bi_nocow=0 [ 174.680713][ T7451] bi_depth=0 [ 174.680720][ T7451] bi_inodes_32bit=0 [ 174.680727][ T7451] bi_casefold=0 [ 174.680734][ T7451] invalid fields_start (got 18, min 6 max 13), deleting [ 174.983740][ T7473] syzkaller0: entered promiscuous mode [ 174.983762][ T7473] syzkaller0: entered allmulticast mode [ 175.234474][ T7451] bcachefs (loop5): accounting_read... done [ 175.254679][ T7451] bcachefs (loop5): alloc_read... done [ 175.283563][ T7451] bcachefs (loop5): snapshots_read... done [ 175.296616][ T7451] bcachefs (loop5): Fixed errors, running fsck a second time to verify fs is clean [ 175.311203][ T7451] bcachefs (loop5): done starting filesystem [ 175.443542][ T6111] bcachefs (loop5): shutting down [ 175.550939][ T6111] bcachefs (loop5): shutdown complete [ 176.864277][ T977] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 176.918535][ T977] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz1] on syz0 [ 176.963429][ T7499] loop6: detected capacity change from 0 to 256 [ 177.079249][ T30] audit: type=1800 audit(1751868124.880:4): pid=7499 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.273" name="file1" dev="loop6" ino=1048652 res=0 errno=0 [ 177.459497][ T7504] netlink: 4 bytes leftover after parsing attributes in process `syz.6.274'. [ 177.969178][ T977] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 178.144868][ T977] usb 6-1: Using ep0 maxpacket: 32 [ 178.152062][ T977] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 178.163855][ T977] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 178.175464][ T977] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 178.206465][ T977] usb 6-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00 [ 178.215883][ T977] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 178.244962][ T977] usb 6-1: config 0 descriptor?? [ 178.488908][ T7356] bridge0: port 1(bridge_slave_0) entered blocking state [ 178.520095][ T7356] bridge0: port 1(bridge_slave_0) entered disabled state [ 178.550569][ T7356] bridge_slave_0: entered allmulticast mode [ 178.570291][ T7356] bridge_slave_0: entered promiscuous mode [ 178.583691][ T7356] bridge0: port 2(bridge_slave_1) entered blocking state [ 178.602102][ T7356] bridge0: port 2(bridge_slave_1) entered disabled state [ 178.622077][ T7356] bridge_slave_1: entered allmulticast mode [ 178.648093][ T7356] bridge_slave_1: entered promiscuous mode [ 178.724684][ T977] hid (null): global environment stack underflow [ 178.871312][ T977] input: HID 0458:5011 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:0458:5011.0002/input/input7 [ 179.067996][ T977] input: HID 0458:5011 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:0458:5011.0002/input/input8 [ 179.185524][ T7356] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 179.212076][ T7356] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 179.261749][ T977] kye 0003:0458:5011.0002: input,hiddev0,hidraw0: USB HID v0.00 Mouse [HID 0458:5011] on usb-dummy_hcd.5-1/input0 [ 179.337918][ T7528] loop3: detected capacity change from 0 to 256 [ 179.385724][ T7528] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xf6dff195, utbl_chksum : 0xe619d30d) [ 179.802795][ T7356] team0: Port device team_slave_0 added [ 179.846558][ T7356] team0: Port device team_slave_1 added [ 179.949428][ C0] kye 0003:0458:5011.0002: usb_submit_urb(ctrl) failed: -1 [ 180.089459][ T7356] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 180.099657][ T7356] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 180.160454][ T7356] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 180.192082][ T7533] tipc: Started in network mode [ 180.221710][ T7533] tipc: Node identity 62d553e5e7f1, cluster identity 4711 [ 180.244575][ T7533] tipc: Enabled bearer , priority 0 [ 180.276528][ T7535] syzkaller0: entered promiscuous mode [ 180.334786][ T7535] syzkaller0: entered allmulticast mode [ 180.421991][ T7356] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 180.444811][ T7356] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 180.550949][ T7356] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 180.703493][ T3535] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 180.731850][ T3535] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 180.772237][ T9] usb 6-1: USB disconnect, device number 3 [ 180.835855][ T7535] tipc: Resetting bearer [ 180.897126][ T7532] tipc: Resetting bearer [ 180.982573][ T7532] tipc: Disabling bearer [ 181.145998][ T3535] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 181.166105][ T3535] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 181.399404][ T7566] netlink: 8 bytes leftover after parsing attributes in process `syz.0.293'. [ 181.514525][ T3535] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 181.529683][ T3535] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 181.549115][ T5167] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 181.579723][ T5167] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 181.592973][ T5167] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 181.608555][ T5167] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 181.622905][ T7356] hsr_slave_0: entered promiscuous mode [ 181.629789][ T5167] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 181.640105][ T7356] hsr_slave_1: entered promiscuous mode [ 181.743917][ T3535] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 181.761326][ T3535] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 183.265329][ T3535] bridge_slave_1: left allmulticast mode [ 183.271073][ T3535] bridge_slave_1: left promiscuous mode [ 183.279135][ T3535] bridge0: port 2(bridge_slave_1) entered disabled state [ 183.345785][ T3535] bridge_slave_0: left allmulticast mode [ 183.351455][ T3535] bridge_slave_0: left promiscuous mode [ 183.372044][ T3535] bridge0: port 1(bridge_slave_0) entered disabled state [ 183.735081][ T5850] Bluetooth: hci2: command tx timeout [ 184.189452][ T3535] team0: Port device bridge1 removed [ 184.594720][ T24] usb 6-1: new full-speed USB device number 4 using dummy_hcd [ 184.701632][ T3535] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 184.729227][ T3535] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 184.750849][ T3535] bond0 (unregistering): Released all slaves [ 184.782472][ T7598] tipc: Started in network mode [ 184.796614][ T7598] tipc: Node identity d2c17802f19b, cluster identity 4711 [ 184.804100][ T7598] tipc: Enabled bearer , priority 0 [ 184.825099][ T24] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 184.859813][ T7599] syzkaller0: entered promiscuous mode [ 184.860771][ T24] usb 6-1: config 1 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 184.865777][ T7599] syzkaller0: entered allmulticast mode [ 184.876908][ T24] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 184.916781][ T24] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40 [ 184.927497][ T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 184.957369][ T24] usb 6-1: SerialNumber: syz [ 184.987822][ T24] cdc_ether 6-1:1.0: probe with driver cdc_ether failed with error -22 [ 184.999312][ T24] usb-storage 6-1:1.0: USB Mass Storage device detected [ 185.075294][ T24] usb-storage 6-1:1.0: Quirks match for vid 0525 pid a4a5: 10000 [ 185.129192][ T7603] tipc: Resetting bearer [ 185.150945][ T7596] tipc: Resetting bearer [ 185.182074][ T7596] tipc: Disabling bearer [ 185.298319][ T7628] tipc: Enabled bearer , priority 0 [ 185.313121][ T7625] syzkaller0: entered promiscuous mode [ 185.321449][ T7625] syzkaller0: entered allmulticast mode [ 185.468161][ T7632] input: syz1 as /devices/virtual/input/input9 [ 185.474400][ T7632] input: failed to attach handler leds to device input9, error: -6 [ 185.805344][ T5850] Bluetooth: hci2: command tx timeout [ 186.017391][ T3535] hsr_slave_0: left promiscuous mode [ 186.028368][ T3535] hsr_slave_1: left promiscuous mode [ 186.042152][ T3535] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 186.066785][ T3535] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 186.081135][ T3535] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 186.265120][ T3535] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 187.044672][ T977] tipc: Node number set to 2233750501 [ 187.151255][ T3535] veth1_macvtap: left promiscuous mode [ 187.175569][ T3535] veth0_macvtap: left promiscuous mode [ 187.209350][ T3535] veth1_vlan: left promiscuous mode [ 187.212019][ T10] usb 6-1: USB disconnect, device number 4 [ 187.254851][ T3535] veth0_vlan: left promiscuous mode [ 187.891506][ T5850] Bluetooth: hci2: command tx timeout [ 188.066555][ T5961] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 188.246983][ T5961] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 188.258355][ T5961] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 188.269006][ T5961] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 188.278802][ T5961] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 188.305302][ T7662] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 188.319752][ T5961] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 188.461022][ T3535] team0 (unregistering): Port device team_slave_1 removed [ 188.544518][ T3535] team0 (unregistering): Port device team_slave_0 removed [ 188.547743][ T5961] usb 6-1: USB disconnect, device number 5 [ 189.776696][ T7356] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 189.841899][ T7356] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 189.871441][ T7356] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 189.898270][ T7680] tipc: Enabled bearer , priority 0 [ 189.924954][ T7683] syzkaller0: entered promiscuous mode [ 189.958811][ T7683] syzkaller0: entered allmulticast mode [ 189.964918][ T5167] Bluetooth: hci2: command tx timeout [ 190.017614][ T7356] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 190.075235][ T7680] tipc: Resetting bearer [ 190.112028][ T7570] chnl_net:caif_netlink_parms(): no params data found [ 190.130691][ T7679] tipc: Resetting bearer [ 190.157094][ T7679] tipc: Disabling bearer [ 190.492527][ T7570] bridge0: port 1(bridge_slave_0) entered blocking state [ 190.507359][ T7570] bridge0: port 1(bridge_slave_0) entered disabled state [ 190.524905][ T7570] bridge_slave_0: entered allmulticast mode [ 190.546925][ T7570] bridge_slave_0: entered promiscuous mode [ 190.590304][ T7570] bridge0: port 2(bridge_slave_1) entered blocking state [ 190.611464][ T7570] bridge0: port 2(bridge_slave_1) entered disabled state [ 190.625608][ T7570] bridge_slave_1: entered allmulticast mode [ 190.633550][ T7570] bridge_slave_1: entered promiscuous mode [ 190.808585][ T7570] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 190.843732][ T7570] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 191.007537][ T7570] team0: Port device team_slave_0 added [ 191.031609][ T7570] team0: Port device team_slave_1 added [ 191.549191][ T7570] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 191.583663][ T7570] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 191.784697][ T7570] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 191.817922][ T7570] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 191.834183][ T7570] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 191.919614][ T7570] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 192.162415][ T7570] hsr_slave_0: entered promiscuous mode [ 192.195124][ T7570] hsr_slave_1: entered promiscuous mode [ 192.232439][ T7570] debugfs: 'hsr0' already exists in 'hsr' [ 192.469040][ T7570] Cannot create hsr debugfs directory [ 192.571439][ T7356] 8021q: adding VLAN 0 to HW filter on device bond0 [ 194.004548][ T7356] 8021q: adding VLAN 0 to HW filter on device team0 [ 194.217801][ T3515] bridge0: port 1(bridge_slave_0) entered blocking state [ 194.224981][ T3515] bridge0: port 1(bridge_slave_0) entered forwarding state [ 194.360225][ T7764] cgroup: fork rejected by pids controller in /syz6 [ 194.630669][ T1336] bridge0: port 2(bridge_slave_1) entered blocking state [ 194.637858][ T1336] bridge0: port 2(bridge_slave_1) entered forwarding state [ 195.441910][ T7570] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 195.653998][ T7570] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 195.749448][ T7570] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 195.861915][ T7570] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 196.499609][ T7356] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 196.662099][ T7570] 8021q: adding VLAN 0 to HW filter on device bond0 [ 196.772440][ T7570] 8021q: adding VLAN 0 to HW filter on device team0 [ 196.822710][ T3535] bridge0: port 1(bridge_slave_0) entered blocking state [ 196.829971][ T3535] bridge0: port 1(bridge_slave_0) entered forwarding state [ 196.930345][ T3535] bridge0: port 2(bridge_slave_1) entered blocking state [ 196.937564][ T3535] bridge0: port 2(bridge_slave_1) entered forwarding state [ 197.908024][ T7356] veth0_vlan: entered promiscuous mode [ 197.980635][ T7356] veth1_vlan: entered promiscuous mode [ 198.101769][ T7356] veth0_macvtap: entered promiscuous mode [ 198.121415][ T7356] veth1_macvtap: entered promiscuous mode [ 198.212146][ T7356] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 198.352314][ T7570] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 198.396358][ T7356] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 198.479362][ T3515] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 198.494959][ T43] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 198.510289][ T3515] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 198.560906][ T3515] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 198.583274][ T3515] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 198.655901][ T43] usb 1-1: Using ep0 maxpacket: 16 [ 198.849499][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 198.888943][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 199.161690][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 199.190853][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 199.410675][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 199.410790][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 199.465453][ T5927] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 199.608070][ T8546] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 199.620569][ T5927] usb 7-1: Using ep0 maxpacket: 8 [ 199.633012][ T5927] usb 7-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 199.633060][ T5927] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 199.633081][ T5927] usb 7-1: Product: syz [ 199.633097][ T5927] usb 7-1: Manufacturer: syz [ 199.633113][ T5927] usb 7-1: SerialNumber: syz [ 199.639026][ T5927] usb 7-1: config 0 descriptor?? [ 199.674903][ T5927] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 199.674997][ T5927] usb 7-1: setting power ON [ 199.675357][ T5927] dvb-usb: bulk message failed: -22 (2/0) [ 199.715640][ T5927] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 199.718065][ T5927] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 199.718159][ T5927] usb 7-1: media controller created [ 199.859420][ T8538] dvb-usb: bulk message failed: -22 (3/0) [ 199.919751][ T5927] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 199.965359][ T7570] veth0_vlan: entered promiscuous mode [ 200.027736][ T7570] veth1_vlan: entered promiscuous mode [ 200.083732][ T5927] usb 7-1: selecting invalid altsetting 6 [ 200.083818][ T5927] usb 7-1: digital interface selection failed (-22) [ 200.083860][ T5927] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 200.093432][ T5927] usb 7-1: setting power OFF [ 200.093579][ T5927] dvb-usb: bulk message failed: -22 (2/0) [ 200.093621][ T5927] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 200.093636][ T5927] (NULL device *): no alternate interface [ 200.196455][ T7570] veth0_macvtap: entered promiscuous mode [ 200.241432][ T7570] veth1_macvtap: entered promiscuous mode [ 200.281978][ T5927] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 200.572093][ T7570] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 200.601885][ T5927] usb 7-1: USB disconnect, device number 2 [ 200.669650][ T7570] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 200.741702][ T13] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 200.829629][ T13] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 201.024318][ T13] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 201.042592][ T13] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 201.608940][ T3515] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 201.641599][ T43] usb 1-1: unable to get BOS descriptor or descriptor too short [ 201.663889][ T3515] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 201.692602][ T43] usb 1-1: unable to read config index 0 descriptor/start: -71 [ 201.716792][ T43] usb 1-1: can't read configurations, error -71 [ 201.832813][ T3515] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 202.064673][ T3515] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 202.135972][ T8593] netlink: 4 bytes leftover after parsing attributes in process `syz.0.368'. [ 202.164772][ T5961] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 202.525857][ T5854] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 202.632714][ T5961] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 202.655362][ T5961] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 202.686162][ T5961] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 202.720423][ T5961] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 202.777071][ T5854] usb 8-1: device descriptor read/64, error -71 [ 202.798549][ T8586] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 202.865451][ T5961] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 202.955218][ T8604] loop6: detected capacity change from 0 to 256 [ 203.036057][ T5854] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 203.132997][ T8583] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 203.144494][ T8583] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 203.214861][ T5854] usb 8-1: device descriptor read/64, error -71 [ 203.259203][ T30] audit: type=1800 audit(1751868151.060:5): pid=8604 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.370" name="file1" dev="loop6" ino=1048675 res=0 errno=0 [ 203.325102][ T5854] usb usb8-port1: attempt power cycle [ 203.684894][ T5854] usb 8-1: new high-speed USB device number 4 using dummy_hcd [ 203.736462][ T5854] usb 8-1: device descriptor read/8, error -71 [ 203.850623][ T5961] usb 6-1: USB disconnect, device number 6 [ 204.041521][ T5854] usb 8-1: new high-speed USB device number 5 using dummy_hcd [ 204.075410][ T5854] usb 8-1: device descriptor read/8, error -71 [ 204.211905][ T5854] usb usb8-port1: unable to enumerate USB device [ 205.304897][ T5860] usb 8-1: new full-speed USB device number 6 using dummy_hcd [ 205.486927][ T5860] usb 8-1: unable to get BOS descriptor or descriptor too short [ 205.497661][ T5860] usb 8-1: not running at top speed; connect to a high speed hub [ 205.520719][ T5860] usb 8-1: config 111 has an invalid interface number: 251 but max is 1 [ 205.532027][ T5860] usb 8-1: config 111 has an invalid interface number: 171 but max is 1 [ 205.584447][ T5860] usb 8-1: config 111 has no interface number 0 [ 205.615228][ T5860] usb 8-1: config 111 has no interface number 1 [ 205.632085][ T5860] usb 8-1: config 111 interface 251 altsetting 249 endpoint 0x1 has invalid maxpacket 1024, setting to 64 [ 205.665002][ T5860] usb 8-1: config 111 interface 251 altsetting 249 has an invalid descriptor for endpoint zero, skipping [ 205.693982][ T5860] usb 8-1: config 111 interface 251 has no altsetting 0 [ 205.729363][ T5860] usb 8-1: config 111 interface 171 has no altsetting 0 [ 205.778776][ T5860] usb 8-1: New USB device found, idVendor=0499, idProduct=1050, bcdDevice=fa.da [ 205.898908][ T5860] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 206.003730][ T5860] usb 8-1: Product: syz [ 206.020754][ T5860] usb 8-1: Manufacturer: syz [ 206.048821][ T5860] usb 8-1: SerialNumber: syz [ 206.155380][ T8655] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22 [ 206.488032][ T5860] usb 8-1: Quirk or no altset; falling back to MIDI 1.0 [ 206.509536][ T5860] usb 8-1: invalid MIDI in EP 0 [ 206.539020][ T5860] snd-usb-audio 8-1:111.251: probe with driver snd-usb-audio failed with error -22 [ 206.689005][ T5860] usb 8-1: Quirk or no altset; falling back to MIDI 1.0 [ 206.806607][ T8692] tipc: Started in network mode [ 206.811575][ T8692] tipc: Node identity a2bc8ac4586c, cluster identity 4711 [ 206.870121][ T8692] tipc: Enabled bearer , priority 0 [ 206.890292][ T8693] syzkaller0: entered promiscuous mode [ 206.910048][ T5860] snd-usb-audio 8-1:111.171: probe with driver snd-usb-audio failed with error -2 [ 206.955767][ T8693] syzkaller0: entered allmulticast mode [ 206.975840][ T5860] usb 8-1: USB disconnect, device number 6 [ 207.049492][ T8693] tipc: Resetting bearer [ 207.057174][ T6725] udevd[6725]: error opening ATTR{/sys/devices/platform/dummy_hcd.7/usb8/8-1/8-1:111.171/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 207.157978][ T8691] tipc: Resetting bearer [ 207.273302][ T8691] tipc: Disabling bearer [ 207.394921][ T9] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 207.565192][ T9] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 207.592397][ T9] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 207.615324][ T9] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 207.636556][ T9] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 207.679936][ T8701] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 207.740054][ T9] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 207.967270][ T9] usb 7-1: USB disconnect, device number 3 [ 208.685542][ T9] usb 8-1: new high-speed USB device number 7 using dummy_hcd [ 208.764852][ T5961] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 208.884293][ T9] usb 8-1: Using ep0 maxpacket: 16 [ 208.935924][ T5961] usb 6-1: device descriptor read/64, error -71 [ 208.956306][ T9] usb 8-1: config 0 has an invalid interface number: 105 but max is 0 [ 208.984734][ T9] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 209.017539][ T9] usb 8-1: config 0 has no interface number 0 [ 209.043674][ T9] usb 8-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28 [ 209.081954][ T9] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 209.108879][ T9] usb 8-1: Product: syz [ 209.113663][ T9] usb 8-1: Manufacturer: syz [ 209.135284][ T9] usb 8-1: SerialNumber: syz [ 209.155264][ T9] usb 8-1: config 0 descriptor?? [ 209.175997][ T9] usb 8-1: Found UVC 0.00 device syz (046d:08f3) [ 209.215155][ T9] usb 8-1: No valid video chain found. [ 209.224137][ T5961] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 209.281996][ T8599] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 209.707098][ T9] usb 8-1: USB disconnect, device number 7 [ 209.734680][ T5961] usb 6-1: device descriptor read/64, error -71 [ 209.845355][ T5961] usb usb6-port1: attempt power cycle [ 209.869046][ T8599] usb 1-1: Using ep0 maxpacket: 8 [ 209.877396][ T8599] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 209.897759][ T8599] usb 1-1: config 0 has no interfaces? [ 210.055031][ T8599] usb 1-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 210.107252][ T8599] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 210.165050][ T8599] usb 1-1: config 0 descriptor?? [ 210.236328][ T8732] loop8: detected capacity change from 0 to 32768 [ 210.324788][ T5961] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 210.355545][ T5961] usb 6-1: device descriptor read/8, error -71 [ 210.515565][ T8761] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 210.605320][ T8761] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 210.628699][ T8732] bcachefs (loop8): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nocow [ 210.628717][ T8732] allowing incompatible features above 0.0: (unknown version) [ 210.628727][ T8732] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 210.648939][ T5961] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 210.669976][ T5961] usb 6-1: device descriptor read/8, error -71 [ 210.747055][ T8732] bcachefs (loop8): Using encoding defined by superblock: utf8-12.1.0 [ 210.787587][ T8732] bcachefs (loop8): initializing new filesystem [ 210.826265][ T5961] usb usb6-port1: unable to enumerate USB device [ 210.899500][ T8732] bcachefs (loop8): going read-write [ 211.003003][ T8732] bcachefs (loop8): marking superblocks [ 211.057770][ T8732] bcachefs (loop8): initializing freespace [ 211.168049][ T8732] bcachefs (loop8): done initializing freespace [ 211.221478][ T8732] bcachefs (loop8): reading snapshots table [ 211.248553][ T8732] bcachefs (loop8): reading snapshots done [ 211.486148][ T8732] bcachefs (loop8): loop8: Superblock write was silently dropped! (seq 0 expected 42) [ 211.500603][ T8777] program syz.7.413 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 211.543653][ T8732] bcachefs (loop8): done starting filesystem [ 211.658077][ T7570] bcachefs (loop8): shutting down [ 211.685030][ T7570] bcachefs (loop8): going read-only [ 211.690312][ T7570] bcachefs (loop8): finished waiting for writes to stop [ 211.726467][ T5847] Bluetooth: hci0: command 0x0406 tx timeout [ 211.861128][ T7570] bcachefs (loop8): flushing journal and stopping allocators, journal seq 3 [ 212.054913][ T24] usb 1-1: USB disconnect, device number 10 [ 212.097702][ T7570] bcachefs (loop8): flushing journal and stopping allocators complete, journal seq 3 [ 212.244774][ T7570] bcachefs (loop8): clean shutdown complete, journal seq 4 [ 212.255371][ T7570] bcachefs (loop8): marking filesystem clean [ 212.522207][ T7570] bcachefs (loop8): shutdown complete [ 212.655249][ T8804] vhci_hcd vhci_hcd.0: pdev(6) rhport(0) sockfd(3) [ 212.662101][ T8804] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 212.746725][ T8813] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 212.787933][ T8813] netlink: 'syz.0.418': attribute type 10 has an invalid length. [ 212.847818][ T8804] vhci_hcd vhci_hcd.0: Device attached [ 212.870700][ T8806] vhci_hcd: connection closed [ 212.873171][ T3515] vhci_hcd: stop threads [ 213.269978][ T3515] vhci_hcd: release socket [ 213.277615][ T3515] vhci_hcd: disconnect device [ 213.753344][ T8823] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 214.370029][ T8831] netlink: 156 bytes leftover after parsing attributes in process `syz.7.423'. [ 214.400772][ T8831] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 215.825005][ T8830] loop5: detected capacity change from 0 to 32768 [ 216.262620][ T8830] bcachefs (loop5): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nocow [ 216.262649][ T8830] allowing incompatible features above 0.0: (unknown version) [ 216.262663][ T8830] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 216.365022][ T5860] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 216.513980][ T8830] bcachefs (loop5): Using encoding defined by superblock: utf8-12.1.0 [ 216.532857][ T5860] usb 7-1: config 0 has an invalid interface number: 49 but max is 0 [ 216.562149][ T5860] usb 7-1: config 0 has no interface number 0 [ 216.575172][ T8830] bcachefs (loop5): initializing new filesystem [ 216.587255][ T5860] usb 7-1: New USB device found, idVendor=0c45, idProduct=6128, bcdDevice=e7.29 [ 216.605585][ T5860] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 216.653916][ T5860] usb 7-1: Product: syz [ 216.669555][ T5860] usb 7-1: Manufacturer: syz [ 216.704257][ T5860] usb 7-1: SerialNumber: syz [ 216.712623][ T8830] bcachefs (loop5): going read-write [ 216.916603][ T5860] usb 7-1: config 0 descriptor?? [ 217.131444][ T8830] bcachefs (loop5): marking superblocks [ 217.156523][ T5860] gspca_main: sonixj-2.14.0 probing 0c45:6128 [ 217.246099][ T8830] bcachefs (loop5): initializing freespace [ 217.322896][ T8830] bcachefs (loop5): done initializing freespace [ 217.342882][ T8830] bcachefs (loop5): reading snapshots table [ 217.394804][ T8830] bcachefs (loop5): reading snapshots done [ 217.480889][ T8830] bcachefs (loop5): loop5: Superblock write was silently dropped! (seq 0 expected 42) [ 217.532685][ T8830] bcachefs (loop5): done starting filesystem [ 217.593860][ T8830] syz.5.425 (8830) used greatest stack depth: 15192 bytes left [ 217.649748][ T6111] bcachefs (loop5): shutting down [ 217.679652][ T6111] bcachefs (loop5): going read-only [ 217.696800][ T5860] gspca_sonixj: reg_w1 err -110 [ 217.714657][ T6111] bcachefs (loop5): finished waiting for writes to stop [ 217.718254][ T5860] sonixj 7-1:0.49: probe with driver sonixj failed with error -110 [ 217.767514][ T6111] bcachefs (loop5): flushing journal and stopping allocators, journal seq 3 [ 217.871653][ T6111] bcachefs (loop5): flushing journal and stopping allocators complete, journal seq 3 [ 217.879746][ T5860] usb 7-1: USB disconnect, device number 4 [ 217.931414][ T6111] bcachefs (loop5): clean shutdown complete, journal seq 4 [ 217.972351][ T6111] bcachefs (loop5): marking filesystem clean [ 218.077216][ T6111] bcachefs (loop5): shutdown complete [ 219.036557][ T8898] process 'syz.0.437' launched './file0' with NULL argv: empty string added [ 219.485296][ T5927] usb 1-1: new low-speed USB device number 11 using dummy_hcd [ 219.787860][ T5927] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 219.798201][ T5927] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 219.814090][ T5927] usb 1-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 219.853721][ T5927] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 219.902361][ T5927] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 219.958799][ T5927] usb 1-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 219.994215][ T5927] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 220.028596][ T8906] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 220.117806][ T5927] hub 1-1:1.0: bad descriptor, ignoring hub [ 220.171808][ T5927] hub 1-1:1.0: probe with driver hub failed with error -5 [ 220.235338][ T5927] cdc_wdm 1-1:1.0: skipping garbage [ 220.299947][ T5927] cdc_wdm 1-1:1.0: skipping garbage [ 220.410580][ T5927] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 220.490259][ T5927] cdc_wdm 1-1:1.0: Unknown control protocol [ 221.621807][ T8932] tipc: Started in network mode [ 221.651699][ T8932] tipc: Node identity 363e055ddcfe, cluster identity 4711 [ 221.715884][ T8932] tipc: Enabled bearer , priority 0 [ 221.798496][ T8933] syzkaller0: entered promiscuous mode [ 221.849117][ T8933] syzkaller0: entered allmulticast mode [ 221.953143][ T8932] tipc: Enabled bearer , priority 0 [ 222.047649][ T8931] tipc: Resetting bearer [ 222.260480][ T8931] tipc: Disabling bearer [ 222.376086][ T8937] tipc: Enabled bearer , priority 0 [ 222.440535][ T8937] syzkaller0: entered promiscuous mode [ 222.464809][ T8937] syzkaller0: entered allmulticast mode [ 222.584856][ T8936] tipc: Resetting bearer [ 222.830230][ T8936] tipc: Disabling bearer [ 222.966074][ T9] tipc: Node number set to 3938452829 [ 222.975721][ T5927] usb 1-1: USB disconnect, device number 11 [ 225.748473][ T9019] 9pnet: p9_errstr2errno: server reported unknown error @ [ 226.696886][ T9044] kvm: pic: non byte write [ 226.701557][ T9044] kvm: pic: non byte write [ 226.759237][ T9] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 226.820964][ T9] hid-generic 0000:0000:0000.0003: hidraw0: HID v0.00 Device [syz1] on syz0 [ 227.022143][ T9061] tipc: Enabled bearer , priority 0 [ 227.139736][ T9061] tipc: Enabled bearer , priority 0 [ 227.176287][ T9059] tipc: Disabling bearer [ 228.255153][ T5927] tipc: Node number set to 593131522 [ 229.656979][ T5961] usb 8-1: new high-speed USB device number 8 using dummy_hcd [ 229.894737][ T5961] usb 8-1: Using ep0 maxpacket: 16 [ 230.065939][ T5961] usb 8-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6 [ 230.065976][ T5961] usb 8-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 230.066001][ T5961] usb 8-1: Product: syz [ 230.066018][ T5961] usb 8-1: Manufacturer: syz [ 230.066036][ T5961] usb 8-1: SerialNumber: syz [ 230.069149][ T5961] usb 8-1: config 0 descriptor?? [ 232.204800][ T5847] Bluetooth: hci3: command 0x0406 tx timeout [ 232.313899][ T36] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 232.507571][ T36] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 232.713265][ T5860] usb 8-1: USB disconnect, device number 8 [ 232.737768][ T36] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 232.942904][ T36] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 233.316291][ T36] bridge_slave_1: left allmulticast mode [ 233.330837][ T36] bridge_slave_1: left promiscuous mode [ 233.366349][ T36] bridge0: port 2(bridge_slave_1) entered disabled state [ 233.441628][ T36] bridge_slave_0: left allmulticast mode [ 233.447920][ T5860] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 233.458330][ T36] bridge_slave_0: left promiscuous mode [ 233.465795][ T36] bridge0: port 1(bridge_slave_0) entered disabled state [ 233.567181][ T36] tipc: Resetting bearer [ 233.634950][ T5860] usb 1-1: Using ep0 maxpacket: 32 [ 233.647838][ T5860] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA6, changing to 0x86 [ 233.709540][ T5860] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x86 has an invalid bInterval 0, changing to 7 [ 233.762936][ T5860] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x86 has invalid wMaxPacketSize 0 [ 233.826285][ T5860] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 233.869734][ T5860] usb 1-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36 [ 233.889117][ T5860] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 233.921407][ T5860] usb 1-1: Product: syz [ 233.951577][ T5860] usb 1-1: Manufacturer: syz [ 233.977813][ T5860] usb 1-1: SerialNumber: syz [ 234.011406][ T5860] usb 1-1: config 0 descriptor?? [ 234.276836][ T9188] misc userio: The device must be registered before sending interrupts [ 234.322665][ T5860] usb 1-1: USB disconnect, device number 12 [ 234.366565][ T9188] netlink: 8 bytes leftover after parsing attributes in process `syz.0.518'. [ 234.388710][ T5847] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 234.411960][ T5847] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 234.422641][ T5847] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 234.438525][ T5847] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 234.447146][ T9188] netlink: 8 bytes leftover after parsing attributes in process `syz.0.518'. [ 234.456790][ T5847] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 234.585068][ T5854] usb 9-1: new high-speed USB device number 2 using dummy_hcd [ 234.619373][ T36] tipc: Disabling bearer [ 234.775263][ T5854] usb 9-1: Using ep0 maxpacket: 32 [ 234.814923][ T5854] usb 9-1: config 0 has no interfaces? [ 234.821126][ T5854] usb 9-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 234.831410][ T5854] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 234.856251][ T5854] usb 9-1: config 0 descriptor?? [ 235.037437][ T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 235.054521][ T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 235.074339][ T36] bond0 (unregistering): Released all slaves [ 235.646577][ T36] tipc: Left network mode [ 236.464250][ T5961] usb 9-1: USB disconnect, device number 2 [ 236.536145][ T5167] Bluetooth: hci4: command tx timeout [ 237.430987][ T36] hsr_slave_0: left promiscuous mode [ 237.447710][ T36] hsr_slave_1: left promiscuous mode [ 237.497692][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 237.532436][ T36] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 237.579351][ T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 237.697935][ T36] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 237.896406][ T36] veth1_macvtap: left promiscuous mode [ 237.907651][ T36] veth0_macvtap: left promiscuous mode [ 237.918461][ T36] veth1_vlan: left promiscuous mode [ 237.923938][ T36] veth0_vlan: left promiscuous mode [ 238.605195][ T5167] Bluetooth: hci4: command tx timeout [ 238.932933][ T9273] binder: 9272:9273 ioctl 400c620e 0 returned -14 [ 238.957254][ T9273] binder: 9272:9273 ioctl c0046209 0 returned -22 [ 239.505097][ T36] team0 (unregistering): Port device team_slave_1 removed [ 239.547375][ T36] team0 (unregistering): Port device team_slave_0 removed [ 240.115340][ T9209] chnl_net:caif_netlink_parms(): no params data found [ 240.691795][ T5167] Bluetooth: hci4: command tx timeout [ 240.951746][ T9303] syz_tun: entered allmulticast mode [ 240.962841][ T9209] bridge0: port 1(bridge_slave_0) entered blocking state [ 240.976142][ T9209] bridge0: port 1(bridge_slave_0) entered disabled state [ 240.988709][ T9209] bridge_slave_0: entered allmulticast mode [ 241.080542][ T9209] bridge_slave_0: entered promiscuous mode [ 241.117897][ T9209] bridge0: port 2(bridge_slave_1) entered blocking state [ 241.135339][ T9209] bridge0: port 2(bridge_slave_1) entered disabled state [ 241.144928][ T9209] bridge_slave_1: entered allmulticast mode [ 241.152906][ T9209] bridge_slave_1: entered promiscuous mode [ 241.170095][ T9300] syz_tun: left allmulticast mode [ 241.378187][ T9209] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 241.527200][ T9314] fuse: Bad value for 'group_id' [ 241.544742][ T9314] fuse: Bad value for 'group_id' [ 241.658211][ T9209] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 241.809747][ T9209] team0: Port device team_slave_0 added [ 241.825452][ T9209] team0: Port device team_slave_1 added [ 242.059075][ T9209] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 242.087134][ T9209] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 242.163405][ T9209] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 242.184498][ T9209] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 242.192084][ T9209] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 242.220945][ T9209] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 242.245450][ T9319] netlink: 'syz.5.560': attribute type 6 has an invalid length. [ 242.253700][ T9319] netlink: 32 bytes leftover after parsing attributes in process `syz.5.560'. [ 242.705430][ T9209] hsr_slave_0: entered promiscuous mode [ 242.712197][ T9209] hsr_slave_1: entered promiscuous mode [ 242.770184][ T5167] Bluetooth: hci4: command tx timeout [ 242.782033][ T9209] debugfs: 'hsr0' already exists in 'hsr' [ 242.790101][ T9209] Cannot create hsr debugfs directory [ 243.527013][ T9209] netdevsim netdevsim9 netdevsim0: renamed from eth0 [ 243.652329][ T9209] netdevsim netdevsim9 netdevsim1: renamed from eth1 [ 243.695731][ T9209] netdevsim netdevsim9 netdevsim2: renamed from eth2 [ 243.777547][ T9342] fuse: Bad value for 'group_id' [ 243.809046][ T9209] netdevsim netdevsim9 netdevsim3: renamed from eth3 [ 243.824817][ T9342] fuse: Bad value for 'group_id' [ 244.212079][ T9209] 8021q: adding VLAN 0 to HW filter on device bond0 [ 244.355924][ T9209] 8021q: adding VLAN 0 to HW filter on device team0 [ 244.410297][ T3571] bridge0: port 1(bridge_slave_0) entered blocking state [ 244.417512][ T3571] bridge0: port 1(bridge_slave_0) entered forwarding state [ 244.537677][ T3571] bridge0: port 2(bridge_slave_1) entered blocking state [ 244.544931][ T3571] bridge0: port 2(bridge_slave_1) entered forwarding state [ 245.694183][ T9386] ptrace attach of "./syz-executor exec"[7356] was attempted by " /dev/nullb0 dctcp-reno [ 245.853150][ T9209] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 245.956159][ T9383] BUG: sleeping function called from invalid context at kernel/locking/rwsem.c:1523 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 246.050272][ T9383] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 9383, name: syz.7.582 [ 246.062900][ T9383] preempt_count: 0, expected: 0 [ 246.155408][ T9383] RCU nest depth: 1, expected: 0 [ 246.234971][ T9383] 2 locks held by syz.7.582/9383: [ 246.333582][ T9383] #0: ffffffff8e13bf60 (rcu_read_lock){....}-{1:3}, at: query_vma_setup+0x18/0x110 [ 246.396164][ T9383] #1: ffff888032a22448 (vm_lock){++++}-{0:0}, at: lock_next_vma+0x146/0xdc0 [ 246.455563][ T9383] CPU: 1 UID: 0 PID: 9383 Comm: syz.7.582 Not tainted 6.16.0-rc4-next-20250704-syzkaller #0 PREEMPT(full) [ 246.455594][ T9383] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 246.455610][ T9383] Call Trace: [ 246.455619][ T9383] [ 246.455629][ T9383] dump_stack_lvl+0x189/0x250 [ 246.455666][ T9383] ? __pfx_dump_stack_lvl+0x10/0x10 [ 246.455702][ T9383] ? print_lock_name+0xde/0x100 [ 246.455740][ T9383] __might_resched+0x495/0x610 [ 246.455771][ T9383] ? __pfx___might_resched+0x10/0x10 [ 246.455799][ T9383] ? vma_start_read+0x218/0x3b0 [ 246.455827][ T9383] ? vma_start_read+0x259/0x3b0 [ 246.455860][ T9383] ? __filemap_get_folio+0x9a6/0xaf0 [ 246.455898][ T9383] down_read+0x22/0x2e0 [ 246.455935][ T9383] freader_get_folio+0x38b/0x830 [ 246.455971][ T9383] freader_fetch+0xa3/0x5d0 [ 246.456006][ T9383] __build_id_parse+0x133/0x7d0 [ 246.456039][ T9383] ? __pfx___build_id_parse+0x10/0x10 [ 246.456076][ T9383] ? query_matching_vma+0x494/0x4b0 [ 246.456130][ T9383] procfs_procmap_ioctl+0x7dd/0xce0 [ 246.456172][ T9383] ? __pfx_procfs_procmap_ioctl+0x10/0x10 [ 246.456224][ T9383] ? __fget_files+0x2a/0x420 [ 246.456260][ T9383] ? __fget_files+0x2a/0x420 [ 246.456290][ T9383] ? __fget_files+0x3a0/0x420 [ 246.456319][ T9383] ? __fget_files+0x2a/0x420 [ 246.456355][ T9383] ? bpf_lsm_file_ioctl+0x9/0x20 [ 246.456380][ T9383] ? __pfx_procfs_procmap_ioctl+0x10/0x10 [ 246.456412][ T9383] __se_sys_ioctl+0xf9/0x170 [ 246.456440][ T9383] do_syscall_64+0xfa/0x3b0 [ 246.456470][ T9383] ? lockdep_hardirqs_on+0x9c/0x150 [ 246.456499][ T9383] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 246.456521][ T9383] ? clear_bhb_loop+0x60/0xb0 [ 246.456550][ T9383] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 246.456572][ T9383] RIP: 0033:0x7f9c85d8e929 [ 246.456605][ T9383] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 246.456625][ T9383] RSP: 002b:00007f9c86bc0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 246.456649][ T9383] RAX: ffffffffffffffda RBX: 00007f9c85fb5fa0 RCX: 00007f9c85d8e929 [ 246.456666][ T9383] RDX: 0000200000000180 RSI: 00000000c0686611 RDI: 0000000000000008 [ 246.456682][ T9383] RBP: 00007f9c85e10b39 R08: 0000000000000000 R09: 0000000000000000 [ 246.456696][ T9383] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 246.456709][ T9383] R13: 0000000000000000 R14: 00007f9c85fb5fa0 R15: 00007ffdcfa8c718 [ 246.456745][ T9383] [ 246.456759][ T9383] [ 246.701642][ T9383] ============================= [ 246.706498][ T9383] [ BUG: Invalid wait context ] [ 246.711337][ T9383] 6.16.0-rc4-next-20250704-syzkaller #0 Tainted: G W [ 246.719568][ T9383] ----------------------------- [ 246.724495][ T9383] syz.7.582/9383 is trying to lock: [ 246.729686][ T9383] ffff888148defc40 (mapping.invalidate_lock){++++}-{4:4}, at: freader_get_folio+0x38b/0x830 [ 246.739782][ T9383] other info that might help us debug this: [ 246.745662][ T9383] context-{5:5} [ 246.749112][ T9383] 2 locks held by syz.7.582/9383: [ 246.754127][ T9383] #0: ffffffff8e13bf60 (rcu_read_lock){....}-{1:3}, at: query_vma_setup+0x18/0x110 [ 246.763542][ T9383] #1: ffff888032a22448 (vm_lock){++++}-{0:0}, at: lock_next_vma+0x146/0xdc0 [ 246.772345][ T9383] stack backtrace: [ 246.776075][ T9383] CPU: 1 UID: 0 PID: 9383 Comm: syz.7.582 Tainted: G W 6.16.0-rc4-next-20250704-syzkaller #0 PREEMPT(full) [ 246.776099][ T9383] Tainted: [W]=WARN [ 246.776105][ T9383] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 246.776115][ T9383] Call Trace: [ 246.776121][ T9383] [ 246.776128][ T9383] dump_stack_lvl+0x189/0x250 [ 246.776151][ T9383] ? __pfx_dump_stack_lvl+0x10/0x10 [ 246.776169][ T9383] ? __pfx__printk+0x10/0x10 [ 246.776199][ T9383] __lock_acquire+0xbcb/0xd20 [ 246.776226][ T9383] ? freader_get_folio+0x38b/0x830 [ 246.776246][ T9383] lock_acquire+0x120/0x360 [ 246.776268][ T9383] ? freader_get_folio+0x38b/0x830 [ 246.776289][ T9383] ? vma_start_read+0x218/0x3b0 [ 246.776309][ T9383] ? vma_start_read+0x259/0x3b0 [ 246.776331][ T9383] down_read+0x46/0x2e0 [ 246.776354][ T9383] ? freader_get_folio+0x38b/0x830 [ 246.776374][ T9383] freader_get_folio+0x38b/0x830 [ 246.776396][ T9383] freader_fetch+0xa3/0x5d0 [ 246.776419][ T9383] __build_id_parse+0x133/0x7d0 [ 246.776439][ T9383] ? __pfx___build_id_parse+0x10/0x10 [ 246.776460][ T9383] ? query_matching_vma+0x494/0x4b0 [ 246.776489][ T9383] procfs_procmap_ioctl+0x7dd/0xce0 [ 246.776513][ T9383] ? __pfx_procfs_procmap_ioctl+0x10/0x10 [ 246.776537][ T9383] ? __fget_files+0x2a/0x420 [ 246.776559][ T9383] ? __fget_files+0x2a/0x420 [ 246.776579][ T9383] ? __fget_files+0x3a0/0x420 [ 246.776598][ T9383] ? __fget_files+0x2a/0x420 [ 246.776619][ T9383] ? bpf_lsm_file_ioctl+0x9/0x20 [ 246.776636][ T9383] ? __pfx_procfs_procmap_ioctl+0x10/0x10 [ 246.776656][ T9383] __se_sys_ioctl+0xf9/0x170 [ 246.776673][ T9383] do_syscall_64+0xfa/0x3b0 [ 246.776694][ T9383] ? lockdep_hardirqs_on+0x9c/0x150 [ 246.776714][ T9383] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 246.776728][ T9383] ? clear_bhb_loop+0x60/0xb0 [ 246.776745][ T9383] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 246.776760][ T9383] RIP: 0033:0x7f9c85d8e929 [ 246.776775][ T9383] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 246.776789][ T9383] RSP: 002b:00007f9c86bc0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 246.776805][ T9383] RAX: ffffffffffffffda RBX: 00007f9c85fb5fa0 RCX: 00007f9c85d8e929 [ 246.776817][ T9383] RDX: 0000200000000180 RSI: 00000000c0686611 RDI: 0000000000000008 [ 246.776828][ T9383] RBP: 00007f9c85e10b39 R08: 0000000000000000 R09: 0000000000000000 [ 246.776837][ T9383] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 246.776847][ T9383] R13: 0000000000000000 R14: 00007f9c85fb5fa0 R15: 00007ffdcfa8c718 [ 246.776863][ T9383] [ 247.045459][ T9383] BUG: sleeping function called from invalid context at ./include/linux/sched/mm.h:321 [ 247.063979][ T9383] in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 9383, name: syz.7.582 [ 247.075306][ T9383] preempt_count: 0, expected: 0 [ 247.080191][ T9383] RCU nest depth: 1, expected: 0 [ 247.093406][ T9383] INFO: lockdep is turned off. [ 247.099322][ T9383] CPU: 1 UID: 0 PID: 9383 Comm: syz.7.582 Tainted: G W 6.16.0-rc4-next-20250704-syzkaller #0 PREEMPT(full) [ 247.099348][ T9383] Tainted: [W]=WARN [ 247.099353][ T9383] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 247.099363][ T9383] Call Trace: [ 247.099369][ T9383] [ 247.099375][ T9383] dump_stack_lvl+0x189/0x250 [ 247.099399][ T9383] ? __pfx_dump_stack_lvl+0x10/0x10 [ 247.099418][ T9383] ? __pfx__printk+0x10/0x10 [ 247.099438][ T9383] ? rcu_is_watching+0x15/0xb0 [ 247.099456][ T9383] ? rcu_is_watching+0x15/0xb0 [ 247.099473][ T9383] __might_resched+0x495/0x610 [ 247.099490][ T9383] ? down_read+0x54/0x2e0 [ 247.099513][ T9383] ? __pfx___might_resched+0x10/0x10 [ 247.099529][ T9383] ? lock_acquire+0x5f/0x360 [ 247.099553][ T9383] ? rcu_is_watching+0x15/0xb0 [ 247.099569][ T9383] ? fs_reclaim_acquire+0x7d/0x100 [ 247.099593][ T9383] prepare_alloc_pages+0x1d9/0x610 [ 247.099619][ T9383] __alloc_frozen_pages_noprof+0x123/0x370 [ 247.099645][ T9383] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 247.099673][ T9383] ? filemap_get_entry+0xad/0x2f0 [ 247.099697][ T9383] alloc_pages_mpol+0x232/0x4a0 [ 247.099720][ T9383] alloc_pages_noprof+0xa9/0x190 [ 247.099741][ T9383] folio_alloc_noprof+0x1e/0x30 [ 247.099761][ T9383] filemap_alloc_folio_noprof+0xdf/0x470 [ 247.099784][ T9383] ? __pfx_filemap_alloc_folio_noprof+0x10/0x10 [ 247.099807][ T9383] ? __filemap_get_folio+0x9a6/0xaf0 [ 247.099830][ T9383] ? vma_start_read+0x218/0x3b0 [ 247.099852][ T9383] do_read_cache_folio+0x2da/0x590 [ 247.099867][ T9383] ? __pfx_blkdev_read_folio+0x10/0x10 [ 247.099884][ T9383] freader_get_folio+0x3c4/0x830 [ 247.099906][ T9383] freader_fetch+0xa3/0x5d0 [ 247.099929][ T9383] __build_id_parse+0x133/0x7d0 [ 247.099950][ T9383] ? __pfx___build_id_parse+0x10/0x10 [ 247.099978][ T9383] ? query_matching_vma+0x494/0x4b0 [ 247.100007][ T9383] procfs_procmap_ioctl+0x7dd/0xce0 [ 247.100031][ T9383] ? __pfx_procfs_procmap_ioctl+0x10/0x10 [ 247.100056][ T9383] ? __fget_files+0x2a/0x420 [ 247.100079][ T9383] ? __fget_files+0x2a/0x420 [ 247.100099][ T9383] ? __fget_files+0x3a0/0x420 [ 247.100119][ T9383] ? __fget_files+0x2a/0x420 [ 247.100140][ T9383] ? bpf_lsm_file_ioctl+0x9/0x20 [ 247.100157][ T9383] ? __pfx_procfs_procmap_ioctl+0x10/0x10 [ 247.100179][ T9383] __se_sys_ioctl+0xf9/0x170 [ 247.100195][ T9383] do_syscall_64+0xfa/0x3b0 [ 247.100217][ T9383] ? lockdep_hardirqs_on+0x9c/0x150 [ 247.100248][ T9383] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 247.100263][ T9383] ? clear_bhb_loop+0x60/0xb0 [ 247.100280][ T9383] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 247.100294][ T9383] RIP: 0033:0x7f9c85d8e929 [ 247.100307][ T9383] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 247.100321][ T9383] RSP: 002b:00007f9c86bc0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 247.100337][ T9383] RAX: ffffffffffffffda RBX: 00007f9c85fb5fa0 RCX: 00007f9c85d8e929 [ 247.100349][ T9383] RDX: 0000200000000180 RSI: 00000000c0686611 RDI: 0000000000000008 [ 247.100359][ T9383] RBP: 00007f9c85e10b39 R08: 0000000000000000 R09: 0000000000000000 [ 247.100368][ T9383] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 247.100377][ T9383] R13: 0000000000000000 R14: 00007f9c85fb5fa0 R15: 00007ffdcfa8c718 [ 247.100393][ T9383] [ 248.427835][ T3571] bridge_slave_1: left allmulticast mode [ 248.433528][ T3571] bridge_slave_1: left promiscuous mode [ 248.439819][ T3571] bridge0: port 2(bridge_slave_1) entered disabled state [ 248.449660][ T3571] bridge_slave_0: left allmulticast mode [ 248.458222][ T3571] bridge_slave_0: left promiscuous mode [ 248.463978][ T3571] bridge0: port 1(bridge_slave_0) entered disabled state [ 248.550394][ T3571] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 248.562174][ T3571] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 248.573674][ T3571] bond0 (unregistering): Released all slaves [ 248.660982][ T3571] hsr_slave_0: left promiscuous mode [ 248.668024][ T3571] hsr_slave_1: left promiscuous mode [ 248.673893][ T3571] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 248.688053][ T3571] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 248.807185][ T3571] team0 (unregistering): Port device team_slave_1 removed [ 248.830791][ T3571] team0 (unregistering): Port device team_slave_0 removed [ 249.130025][ T3571] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 249.183175][ T3571] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 249.256379][ T3571] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 249.321999][ T3571] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 249.410278][ T3571] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 249.484881][ T3571] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 249.556311][ T3571] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 249.613061][ T3571] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 249.718924][ T3571] bridge_slave_1: left allmulticast mode [ 249.724739][ T3571] bridge_slave_1: left promiscuous mode [ 249.730513][ T3571] bridge0: port 2(bridge_slave_1) entered disabled state [ 249.740066][ T3571] bridge_slave_0: left allmulticast mode [ 249.745975][ T3571] bridge_slave_0: left promiscuous mode [ 249.751707][ T3571] bridge0: port 1(bridge_slave_0) entered disabled state [ 249.762137][ T3571] bridge_slave_1: left allmulticast mode [ 249.768373][ T3571] bridge_slave_1: left promiscuous mode [ 249.774129][ T3571] bridge0: port 2(bridge_slave_1) entered disabled state [ 249.784026][ T3571] bridge_slave_0: left allmulticast mode [ 249.789925][ T3571] bridge_slave_0: left promiscuous mode [ 249.796099][ T3571] bridge0: port 1(bridge_slave_0) entered disabled state [ 249.806634][ T3571] tipc: Resetting bearer [ 249.965280][ T3571] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 249.981362][ T3571] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 249.991503][ T3571] bond0 (unregistering): Released all slaves [ 250.039602][ T3571] tipc: Disabling bearer [ 250.143738][ T3571] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 250.153721][ T3571] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 250.163760][ T3571] bond0 (unregistering): Released all slaves [ 250.221451][ T3571] tipc: Left network mode [ 250.227575][ T3571] tipc: Left network mode [ 250.512573][ T3571] hsr_slave_0: left promiscuous mode [ 250.521114][ T3571] hsr_slave_1: left promiscuous mode [ 250.527199][ T3571] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 250.536046][ T3571] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 250.543748][ T3571] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 250.552048][ T3571] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 250.562184][ T3571] hsr_slave_0: left promiscuous mode [ 250.568682][ T3571] hsr_slave_1: left promiscuous mode [ 250.574426][ T3571] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 250.581953][ T3571] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 250.591047][ T3571] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 250.598785][ T3571] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 250.613216][ T3571] veth1_macvtap: left promiscuous mode [ 250.618918][ T3571] veth0_macvtap: left promiscuous mode [ 250.624481][ T3571] veth1_vlan: left promiscuous mode [ 250.629972][ T3571] veth0_vlan: left promiscuous mode [ 250.636306][ T3571] veth1_macvtap: left promiscuous mode [ 250.641801][ T3571] veth0_macvtap: left promiscuous mode [ 250.647934][ T3571] veth1_vlan: left promiscuous mode [ 250.653236][ T3571] veth0_vlan: left promiscuous mode [ 250.860953][ T3571] team0 (unregistering): Port device team_slave_1 removed [ 250.883820][ T3571] team0 (unregistering): Port device team_slave_0 removed [ 251.062111][ T3571] team0 (unregistering): Port device team_slave_1 removed [ 251.080907][ T3571] team0 (unregistering): Port device team_slave_0 removed