last executing test programs: 10m31.700831206s ago: executing program 1 (id=2): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket(0x10, 0x3, 0x0) sendmsg$nl_generic(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="140000001600010a00000000"], 0x14}}, 0x0) 10m30.478959335s ago: executing program 1 (id=12): bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="130000001000000002"], 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000780)={0xffffffffffffffff, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000400)="5aee41dea43e9eee28e622e563a3", 0x0, 0x3e, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 10m29.817812886s ago: executing program 1 (id=14): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x4, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mount(0x0, 0x0, 0x0, 0x0, 0x0) ioctl$sock_inet_SIOCGIFPFLAGS(r0, 0x8935, 0x0) ioctl$sock_SIOCOUTQ(r0, 0x5411, &(0x7f0000000100)) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = socket$rxrpc(0x21, 0x2, 0x2) bind$rxrpc(r2, &(0x7f0000001280)=@in4={0x21, 0x4, 0x2, 0x10, {0x2, 0x0, @local}}, 0x24) munmap(&(0x7f0000331000/0x1000)=nil, 0x1000) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1000001, 0x32, 0xffffffffffffffff, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) sendmsg$inet6(r3, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000004540)=[@pktinfo={{0x24, 0x29, 0x3e, {@loopback}}}], 0x28}, 0x40) sched_setscheduler(0x0, 0x2, 0x0) r4 = socket(0x15, 0x5, 0x0) getsockopt(r4, 0x200000000114, 0x2711, 0x0, &(0x7f0000000000)) 10m28.71547363s ago: executing program 1 (id=16): r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x202, 0x0) ioctl$SNDCTL_SEQ_SYNC(r0, 0x5101) open(0x0, 0x14927e, 0x20) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000ac0)=@raw={'raw\x00', 0x3c1, 0x1a6cc7, 0x290, 0xf0, 0x5802, 0x294, 0xf0, 0x294, 0x1c0, 0x378, 0x378, 0x1c0, 0x378, 0x3, 0x0, {[{{@ipv6={@ipv4={'\x00', '\xff\xff', @empty}, @private0, [0x0, 0x0, 0xff000000], [0xff000000], 'macvtap0\x00', 'vlan1\x00', {}, {}, 0x0, 0x0, 0x9}, 0x0, 0xa8, 0xf0, 0x52020000}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'pptp\x00', {0x24aa}}}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xfffffffffffffffd}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x2f0) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc000}, 0xc010) r3 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r3, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r3, 0x0, 0x0) connect$inet(0xffffffffffffffff, &(0x7f0000000480)={0x2, 0x4e21, @remote}, 0x10) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x317, 0x1, 0x34, 0x9}, 0x9c) set_mempolicy(0x1, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="4c00000010001fff00"/20, @ANYRES32, @ANYBLOB="00000000000000002c00128009000100626f6e64000000001c0002800500010004002000080020"], 0x4c}}, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) syz_usb_connect(0x6, 0x36, 0x0, 0x0) 10m25.205764573s ago: executing program 1 (id=19): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) sendto$inet6(r0, &(0x7f0000000080)="b3019c28", 0x4, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2}, 0x1c) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000940)={0x18, 0xe, &(0x7f0000000380)=@raw=[@tail_call, @exit, @map_idx_val={0x18, 0x6, 0x6, 0x0, 0xa, 0x0, 0x0, 0x0, 0x6}, @btf_id={0x18, 0x3, 0x3, 0x0, 0x5}, @ldst={0x2, 0x1, 0x6, 0xa, 0x8, 0x0, 0xfffffffffffffff0}, @func, @map_idx_val={0x18, 0x2, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1}], &(0x7f00000007c0)='syzkaller\x00', 0x8, 0xbb, &(0x7f0000000800)=""/187, 0x41000, 0x1, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000008c0)={0x3, 0x2, 0x80000000, 0x1800}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000900)=[0xffffffffffffffff, 0x1, 0x1], 0x0, 0x10, 0x40}, 0x94) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="130000001000000002"], 0x48) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x8, 0xf, &(0x7f0000000c80)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r2}, {}, {0x7, 0x0, 0xb, 0x2}, {0x85, 0x0, 0x0, 0x51}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0xa0}}}, &(0x7f0000000000)='GPL\x00'}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000780)={r3, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000400)="5aee41dea43e9eee28e622e563a3", 0x0, 0x3e, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) bpf$BPF_PROG_QUERY(0x10, &(0x7f00000002c0)={@ifindex, 0x3, 0x1, 0x1, &(0x7f0000000180)=[0x0, 0x0], 0x2, 0x0, 0x0, &(0x7f0000000200)=[0x0, 0x0], &(0x7f0000000280)=[0x0], 0x0}, 0x40) bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000340)={0xe, 0x0}, 0x8) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000b00)={@map=r2, r3, 0xb, 0x2024, 0x0, @void, @void, @value=r5, @void, r4}, 0x20) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000a40)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000a00)={@cgroup=r6, r1, 0x10, 0x38, r0, @void, @void, @void, @value, r4}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x18, 0x0, 0x0) recvmmsg(r0, &(0x7f0000000d80)=[{{0x0, 0x0, 0x0}}, {{&(0x7f00000000c0)=@nl, 0x0, &(0x7f0000000240)=[{&(0x7f0000000180)=""/186}, {0xffffffffffffffff}], 0x0, &(0x7f0000000280)=""/239, 0x13}}, {{&(0x7f0000000e80)=@vsock={0x28, 0x0, 0x0, @host}, 0x0, &(0x7f0000000680)=[{&(0x7f0000000400)=""/18}, {&(0x7f0000000440)=""/110}, {&(0x7f00000004c0)=""/165}, {&(0x7f0000001540)=""/4096}, {&(0x7f0000000580)=""/245}], 0x0, &(0x7f0000000700)=""/27}}, {{&(0x7f0000000740)=@nfc, 0x0, &(0x7f0000000c00), 0x0, &(0x7f0000000cc0)=""/180}}], 0x4000000000001f1, 0x10162, 0x0) 10m23.882091742s ago: executing program 1 (id=23): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) pipe2$watch_queue(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) r3 = add_key$keyring(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$KEYCTL_WATCH_KEY(0x20, r3, r2, 0x3b) keyctl$unlink(0x9, 0x0, r3) keyctl$clear(0x7, r3) r4 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) r5 = fsmount(r4, 0x0, 0x0) fchdir(r5) ftruncate(0xffffffffffffffff, 0x2007ffb) close(0xffffffffffffffff) openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x88882, 0x0) 10m12.226195748s ago: executing program 32 (id=5): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$IP6T_SO_GET_REVISION_MATCH(r2, 0x29, 0x44, &(0x7f0000000080)={'icmp6\x00'}, &(0x7f0000000040)=0x1e) 10m8.181853239s ago: executing program 33 (id=23): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) pipe2$watch_queue(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) r3 = add_key$keyring(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$KEYCTL_WATCH_KEY(0x20, r3, r2, 0x3b) keyctl$unlink(0x9, 0x0, r3) keyctl$clear(0x7, r3) r4 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) r5 = fsmount(r4, 0x0, 0x0) fchdir(r5) ftruncate(0xffffffffffffffff, 0x2007ffb) close(0xffffffffffffffff) openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x88882, 0x0) 9m56.322450522s ago: executing program 3 (id=75): socket$packet(0x11, 0x2, 0x300) socket$kcm(0x10, 0x2, 0x0) socket$igmp6(0xa, 0x3, 0x2) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x50) openat$binder_debug(0xffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_io_uring_setup(0x4680, &(0x7f0000000200)={0x0, 0x7067, 0x0, 0x0, 0xb5}, &(0x7f0000000340)=0x0, &(0x7f00000002c0)=0x0) pipe(&(0x7f00000001c0)) openat$urandom(0xffffffffffffff9c, &(0x7f00000000c0), 0x200041, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r4, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) recvmsg$unix(r3, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x100}, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r5, &(0x7f0000000180)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x9, 0x12, r5, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080), 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_WRITE={0x17, 0x4, 0x4007, @fd_index=0x7fffffd, 0xb877, 0x0, 0xfffffe6f, 0x0, 0x1}) io_uring_enter(r0, 0x3f70, 0x0, 0x0, 0x0, 0x0) 9m55.990404095s ago: executing program 3 (id=77): socket$key(0xf, 0x3, 0x2) r0 = socket$kcm(0x2b, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) getpid() sendmsg$kcm(0xffffffffffffffff, 0x0, 0x6000000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) keyctl$read(0x16, 0x0, &(0x7f0000000240)=""/112, 0x349b7f55) sendmsg$inet(r0, &(0x7f00000009c0)={&(0x7f00000000c0)={0x2, 0x4001, @empty}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x300}, 0x20044818) ioctl$FBIO_WAITFORVSYNC(0xffffffffffffffff, 0x40044620, 0x0) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r3, 0x84, 0x6b, &(0x7f0000000240), 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={0x0}, 0x1, 0x0, 0x0, 0x4008000}, 0x0) socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'lo\x00'}) 9m51.464975758s ago: executing program 3 (id=83): prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r1 = socket$inet6(0xa, 0x1, 0x84) bind$inet6(r1, &(0x7f0000ed3fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) shutdown(r1, 0x0) setsockopt$sock_linger(r1, 0x1, 0xd, &(0x7f0000000040)={0x1, 0xffffffff}, 0x8) close(r1) 9m50.994944211s ago: executing program 3 (id=85): openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file1\x00', &(0x7f0000000140), 0x2, &(0x7f0000002400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,use', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f0000000200)={0x2020, 0x0, 0x0}, 0x2020) open(&(0x7f00000000c0)='./file1\x00', 0x3f, 0x0) write$FUSE_INIT(r0, &(0x7f0000002300)={0x50, 0x0, r1, {0x7, 0x9, 0x0, 0x1030002, 0xfffe, 0x0, 0x3}}, 0x50) read$FUSE(r0, &(0x7f0000004580)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r0, &(0x7f0000002240)={0x10, 0xffffffffffffffda, r2}, 0x10) r3 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) dup3(r3, r0, 0x0) 9m50.777438419s ago: executing program 3 (id=86): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) 9m50.50966379s ago: executing program 3 (id=88): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800"/14, @ANYRES32=r3, @ANYBLOB="000000008a78ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000820000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000940)=ANY=[@ANYBLOB="b4050000200080066110000000000000c6000000000000009500d800000000009f33ef60916e55893f1eeb0b2ae13d922e6235592ce847e2566c43d72918a897323fd0723043c47c896ce0bce66a245ad9d6817fd98cd824498949714ffaac8a6f77ef0000ca5d82054d54d53cd2b6db714e75d9bdae214fa68a0557eb2c5ca683a4b6fcfcff0bffffffffffd47042eaebfa6fa26fa7a347c7faa8e700458c60897d4a6148a1c11428427c40de60beacf871ab5c2ff88a02084e5b5271e45f00003826fb8579c1fb01d2c5553d2ccb5fc5b51fe6b174ebd9907dcff414ed55b0c20cdbe7009a6fe7cc78762f1d4dcdbca64920db9a50f86c21632f7a4bd344e0bd74ff05d37ef68e3b9db863c758ffffffffabe90ac5d08dd9d4e0359c41cf3626e1230bc1cd4c02c460ceb44276e9bd94d1c2e6d17dc5c2edf332a62f5fe68fbbbbfcfd00000000000fbf940e6652d357474ed5f816f66ac3027460ae66317f83cdd7a7eb2a7003d1a6cf5478533584961c329fcf5a43e05c92bfef0dcd28000000003f2915a3039c9a78f63b8ec7e60a0000fed7d67c440e23d130e51eea1e085bebabe7059de9cbfc5117c024185a062acb6b8eec31c21b3af8b9eedb4660ed2deb7acf2a33a376a5cb7d4266d5b0be14488d14b473502486ad8dd600000000000000000000c7766ea7c581782c0d90f42a85303835fc291c25d29e6bead5d7360f2e1929d7736ebc8558c4506407d3046022bdf25485bd5442169e9b4c1278343581b7a06f65e8ea6b042c4fd08381e5000000000000006398d6480000001a723b91030000006480304c66b217aea0156ce9eef911fe5b7370f79987303ecb3aabc53c60014a0101ab766754f596b41da9534d12b8306a1b36cf3b03f0d790879f523eabfbee83d8bd472ef69660cf6ec897106c51e54a17497f384c4956b41f3843e7c878b1e11316d8ddae1c6c3b85aaf7a9fcaf8f5d6186c42542d68ba72682c938d3c0a2e6e10eed71b1d31c9f300b41745329bf34495c63e43fb896e4903fb0fae54a8f0fe3b48a5b29d279070647e65097c8ecf32a15080000000000000001007ba4a70a084bd994ac5e00000000000000000000000000351a30cd97f83d72631d0fe92efa974a53f4dc1eb9a86df632a6d463688123f64d42a919bcfc44a90ffd680200000091f842a91c977f6075d07e39e669b0713af0498a99bf5261cb3269d499a5202d7a08b33ade7b38829b9bd39619688d5e9af22170ef83e5b92cbb32b655c45de1c154aad81bf64351668a3f76d5afa958aff76249e0ffdf8e45155536a1a44bfcbfbfd232af000052f9002a"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="12000000040000000400000012"], 0x48) close(r4) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{r5, 0xffffffffffffffff}, &(0x7f00000000c0), &(0x7f0000000100)=r4}, 0x20) r7 = syz_open_dev$video4linux(&(0x7f0000000000), 0x5, 0x0) ioctl$VIDIOC_SUBDEV_S_FMT(r7, 0xc0585605, &(0x7f0000000040)={0x1, 0x0, {0x1ff, 0x20000038, 0x2004, 0x8, 0x0, 0x8, 0x0, 0x2}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000280)={{0x1, 0x1, 0x18, r6, {0x71}}, './file0\x00'}) syz_genetlink_get_family_id$tipc2(&(0x7f0000000440), 0xffffffffffffffff) r8 = socket$nl_rdma(0x10, 0x3, 0x14) ioctl$sock_SIOCETHTOOL(r8, 0x8946, &(0x7f00000000c0)={'syz_tun\x00', &(0x7f0000000000)=@ethtool_gstrings={0x1b, 0x7}}) openat$cuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) 9m33.994418459s ago: executing program 34 (id=88): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800"/14, @ANYRES32=r3, @ANYBLOB="000000008a78ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000820000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000940)=ANY=[@ANYBLOB="b4050000200080066110000000000000c6000000000000009500d800000000009f33ef60916e55893f1eeb0b2ae13d922e6235592ce847e2566c43d72918a897323fd0723043c47c896ce0bce66a245ad9d6817fd98cd824498949714ffaac8a6f77ef0000ca5d82054d54d53cd2b6db714e75d9bdae214fa68a0557eb2c5ca683a4b6fcfcff0bffffffffffd47042eaebfa6fa26fa7a347c7faa8e700458c60897d4a6148a1c11428427c40de60beacf871ab5c2ff88a02084e5b5271e45f00003826fb8579c1fb01d2c5553d2ccb5fc5b51fe6b174ebd9907dcff414ed55b0c20cdbe7009a6fe7cc78762f1d4dcdbca64920db9a50f86c21632f7a4bd344e0bd74ff05d37ef68e3b9db863c758ffffffffabe90ac5d08dd9d4e0359c41cf3626e1230bc1cd4c02c460ceb44276e9bd94d1c2e6d17dc5c2edf332a62f5fe68fbbbbfcfd00000000000fbf940e6652d357474ed5f816f66ac3027460ae66317f83cdd7a7eb2a7003d1a6cf5478533584961c329fcf5a43e05c92bfef0dcd28000000003f2915a3039c9a78f63b8ec7e60a0000fed7d67c440e23d130e51eea1e085bebabe7059de9cbfc5117c024185a062acb6b8eec31c21b3af8b9eedb4660ed2deb7acf2a33a376a5cb7d4266d5b0be14488d14b473502486ad8dd600000000000000000000c7766ea7c581782c0d90f42a85303835fc291c25d29e6bead5d7360f2e1929d7736ebc8558c4506407d3046022bdf25485bd5442169e9b4c1278343581b7a06f65e8ea6b042c4fd08381e5000000000000006398d6480000001a723b91030000006480304c66b217aea0156ce9eef911fe5b7370f79987303ecb3aabc53c60014a0101ab766754f596b41da9534d12b8306a1b36cf3b03f0d790879f523eabfbee83d8bd472ef69660cf6ec897106c51e54a17497f384c4956b41f3843e7c878b1e11316d8ddae1c6c3b85aaf7a9fcaf8f5d6186c42542d68ba72682c938d3c0a2e6e10eed71b1d31c9f300b41745329bf34495c63e43fb896e4903fb0fae54a8f0fe3b48a5b29d279070647e65097c8ecf32a15080000000000000001007ba4a70a084bd994ac5e00000000000000000000000000351a30cd97f83d72631d0fe92efa974a53f4dc1eb9a86df632a6d463688123f64d42a919bcfc44a90ffd680200000091f842a91c977f6075d07e39e669b0713af0498a99bf5261cb3269d499a5202d7a08b33ade7b38829b9bd39619688d5e9af22170ef83e5b92cbb32b655c45de1c154aad81bf64351668a3f76d5afa958aff76249e0ffdf8e45155536a1a44bfcbfbfd232af000052f9002a"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="12000000040000000400000012"], 0x48) close(r4) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{r5, 0xffffffffffffffff}, &(0x7f00000000c0), &(0x7f0000000100)=r4}, 0x20) r7 = syz_open_dev$video4linux(&(0x7f0000000000), 0x5, 0x0) ioctl$VIDIOC_SUBDEV_S_FMT(r7, 0xc0585605, &(0x7f0000000040)={0x1, 0x0, {0x1ff, 0x20000038, 0x2004, 0x8, 0x0, 0x8, 0x0, 0x2}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000280)={{0x1, 0x1, 0x18, r6, {0x71}}, './file0\x00'}) syz_genetlink_get_family_id$tipc2(&(0x7f0000000440), 0xffffffffffffffff) r8 = socket$nl_rdma(0x10, 0x3, 0x14) ioctl$sock_SIOCETHTOOL(r8, 0x8946, &(0x7f00000000c0)={'syz_tun\x00', &(0x7f0000000000)=@ethtool_gstrings={0x1b, 0x7}}) openat$cuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) 2m58.71591819s ago: executing program 5 (id=854): prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setrlimit(0x40000000000008, &(0x7f0000000000)={0x4848, 0x387040000}) 2m54.189317927s ago: executing program 5 (id=870): syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000340)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xc0ed000e, &(0x7f0000000540)={[{@data_err_abort}, {@data_err_abort}, {@dax}, {@noload}, {@mblk_io_submit}, {@commit={'commit', 0x3d, 0x5}}, {@init_itable_val={'init_itable', 0x3d, 0x601}}, {@debug}]}, 0xf6, 0x47a, &(0x7f0000000680)="$eJzs3M1vFOUfAPDvzLbl7cevFfEFBKmikfjS0vIiBy8aTThoYqIHjKfaFlJZqKE1EUK0esCjIfFu/C+MJ70Y9aKJV70bEmK4gHpZMzszpSy7ZVu2Xeh+Psl0n2fn6T7Pd2ae2Wfm2d0AetZw9ieJ+F9E/B4Rg3n21gLD+cONaxcn/752cTKJWu2tv5J6uevXLk6WRcv/25ZnarUiv6lJvZfejZioVqfPFfnR+TMfjM6dv/DCzJmJU9Onps+OHzt2+NDegaPjRzoSZxbX9d0fz+7Zdfydy29Mnrj83k9JX+RxR0McnTKcb92mnu50ZV22fUm6vmEX7fvlZrrZkUA3VSIi21399f4/GJXYsrhuMF77rKuNA9ZUrVarLXNWXqgBG1gS3W4B0B3lG312/Vsu6zT0uCdcfTm/AMrivlEs+Zq+SPPEvv6G69tOGo6IEwv/fJUtsUb3IQAAlvouG/8832z8l8bDeWIg+/P/Yg5lKCIeiIgdEfFgROyMiIci6mUfiYhHV1h/4wzJ7eOf9Mqqg2tDNv57qZjbunX8l5ZFhipFbns9/v5YOr1xIPo3nZxJpseWqeP7V3/7otW6peO/bMnqL8eCRTuu9DXcoJuamJ9YTazNXP00Yndfs/iTxTiTiNgVEbtXWcfMs30t1905/mW0ftm21b6OeCbf/wvREH8paTk/Ofbi0fEjo5ujOn1w9ORMdfpg0zp+/vXSm63qX3X8HZpKy/b/1qbH/2L8Q8nmiLnzF07X52vnVl7HpT8+b3lNs8Lj//j24vgfSN6un48GihUfTczPnxuLGEher+dveX785quV+bJ8Fv+B/c37/464uSUei4g9EbE3Ih7PLgqLtj8REU9GxP5l4v/xlafeX3n86zNXmsU/daf9H0v3/8oTldM/fNtQbeX2+DdHRKv9f7ieOlA80875r90G3u32AwAAgPtBWv8MfJKOLKbTdGQk/wz/ztiaVmfn5p87Ofvh2an8s/JD0Z+Wd7ry+8H9SZYfK+4Nl/nxhvyh4r7xl5Ut9fzI5Gx1qtvBQ4/b1qL/Z/6sdLt1wJrrwDwacJ/S/6F36f/QmxL9H3qa/g+9q1n//6Rl6ZFv1rQxwLry/g+9q43+v5A/tB4VAPcn7//Qu/R/6Ektvxuf3tVX/tc98W/xe4b3Sns2fiLSe6IZGz/R1/aPWZy/cLrs13cqXBvMy2XPbGpaposnJQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgA76LwAA///J9uCF") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f076bbeef, 0x8031, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x4082c1, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, 0x0, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000340)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cast6-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) r3 = accept4(r2, 0x0, 0x0, 0x0) sendmsg$nl_route_sched_retired(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000006c0)=@newchain={0x38, 0x64, 0x100, 0x70bd29, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0x7}, {0xfff1}, {0xc, 0xe}}, [@f_rsvp6={{0xa}, {0x8, 0x2, [@TCA_RSVP_POLICE={0x4}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x1}, 0x40881) recvmmsg(r3, &(0x7f0000006fc0)=[{{0x0, 0x0, &(0x7f0000001f80)=[{&(0x7f0000000d40)=""/13, 0xd}, {&(0x7f0000000d80)=""/247, 0xf7}], 0x2}, 0x3}], 0x1, 0x1, 0x0) socket$kcm(0x10, 0x3, 0x10) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) mknod$loop(0x0, 0xfff, 0x0) r4 = socket$inet6_sctp(0xa, 0x801, 0x84) connect$inet6(r4, &(0x7f0000000100)={0xa, 0x0, 0x0, @private1, 0x200000}, 0x1c) sendto$inet6(r4, &(0x7f00000001c0), 0x0, 0x80, &(0x7f0000000280)={0xa, 0x0, 0x0, @private2}, 0x1c) 2m44.657773905s ago: executing program 0 (id=888): mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) chdir(&(0x7f0000000140)='./bus\x00') open(&(0x7f0000000780)='./bus\x00', 0x14507e, 0x0) io_setup(0x7d, &(0x7f0000000600)=0x0) io_submit(r0, 0x0, &(0x7f0000001d00)) 2m44.201026417s ago: executing program 5 (id=890): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') read$FUSE(r0, &(0x7f00000020c0)={0x2020}, 0x2020) bpf$PROG_LOAD(0x5, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@xino_on}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000200180000000000000"], &(0x7f00000001c0)='GPL\x00', 0x4, 0x93, &(0x7f00000003c0)=""/147}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) chdir(&(0x7f00000003c0)='./bus\x00') r5 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) getdents(r5, &(0x7f0000001fc0)=""/184, 0x20002078) r6 = syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0xa401) ioctl$USBDEVFS_CONTROL(r6, 0xc0185500, &(0x7f00000006c0)={0x2, 0xf, 0x4, 0x1, 0x0, 0x5, 0x0}) 2m44.08455576s ago: executing program 0 (id=891): r0 = syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0) ioctl$VIDIOC_SUBSCRIBE_EVENT(r0, 0x4020565a, &(0x7f00000000c0)={0x3, 0x980900, 0x3}) ioctl$VIDIOC_QUERYMENU(r0, 0xc008561c, 0x0) 2m43.016165676s ago: executing program 5 (id=893): pipe2$9p(0x0, 0x0) r0 = dup(0xffffffffffffffff) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, &(0x7f0000000080)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[], [], 0x6b}}) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) syz_open_dev$tty20(0xc, 0x4, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) r4 = gettid() timer_create(0x8, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) readv(0xffffffffffffffff, &(0x7f0000001140)=[{&(0x7f0000000700)=""/206, 0xce}], 0x1) 2m42.900430017s ago: executing program 0 (id=894): r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='.\x00', 0x0, 0x0) fsetxattr$system_posix_acl(r0, &(0x7f0000000000)='system.posix_acl_access\x00', &(0x7f0000000300)=ANY=[], 0x24, 0x0) 2m42.44571684s ago: executing program 0 (id=898): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0x0) timer_create(0x3, &(0x7f0000000300)={0x0, 0x21, 0x2, @thr={0x0, &(0x7f00000003c0)}}, 0x0) r1 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={0x0, 0x1030000, 0x1000, 0x5, 0x4}, 0x20) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x220, 0x0, 0x43, 0xa0, 0x238, 0x98, 0x330, 0x178, 0x178, 0x330, 0x178, 0x49, 0x0, {[{{@ip={@empty=0x5107, @dev, 0x0, 0x0, 'veth0_to_bond\x00', 'ip6erspan0\x00'}, 0x12a, 0x70, 0xb8, 0x0, {0x0, 0x7a010000}}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'snmp_trap\x00'}}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@SET={0x60}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x280) syz_usb_connect(0x0, 0x3f, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000b8e42d08da05990082d5010203010902"], 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0xb, 0x2}) memfd_create(&(0x7f0000000200)='\f\x8b\x8a\xa9\x16\x11O\xdd\xdfk(F\x99\xdf\x9a\xd5>oJ\x02u\x9b\x94a\xac\xfe6A\xc4\a\x9e\xbd\xa2\xfb\rD\xefq\x1f!\x01\xc3\xa5U\x98\xee\xcd;A\xe8\x00~V\xbf\xd4\x00\xd2,7\xa0\xfd7\xe8\xf9M\x02\xec\f3\xd4\xb8\xc3\x85\xda\xeb\xce7y%S\x1e\xa9\xe9\x92!\x95\xf1Ek\x95\x9bQ\x1d\xa4\xc2\xbb\xfa\x96\x14\x7f\xb9\x90\x9cn\xb5\x10\xd2\x84\xe9\x9e1\x9a\x9e\xa7\x9e\xcd\x1a\x86\x14%\xbaS\x90\xb1j\xf9\x00\xd7@D\x04\xaa\xb55\xd8x?z\xff\x85j3\xbe\axo\x05)\xcc\xcd\x9b\xb3\xe7w\x0e\x9f\xd3\aU\xf0M\xc1\xad\x17t\xeb\x1b\x11m\xec\x00\x00\x00\x00R\xb6v\x88\a\x82\x9e\x00\x00\x00\x10\x00\x00\x00\xa6!\xb3\xa8\xe7[&\x165\x84\xce\xa5\xc4wT\xf2E\tj\x92G\x14\x04\x93\xa4\xba\xcb\xce\"Y\xd68\xeb\x01\xc9/\x19\x85\xc6\x8do\xcb\x17\xb5\xffW\xe6\x8a\xfb\a\xf6', 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000500)) r2 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0x2, 0xbfdffffc}, &(0x7f0000000000)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x418}}) io_uring_register$IORING_REGISTER_NAPI(r2, 0x1b, &(0x7f0000000240)={0x2, 0xff}, 0x1) io_uring_enter(r2, 0x75fa, 0xe475, 0x0, 0x0, 0x0) 2m42.416420605s ago: executing program 5 (id=899): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x8010) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) r1 = io_uring_setup(0x67bb, 0x0) io_uring_enter(r1, 0x0, 0xcb, 0xf, &(0x7f0000000000), 0x18) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) ioctl$IOC_PR_RESERVE(0xffffffffffffffff, 0x401070c9, 0x0) r4 = fsmount(0xffffffffffffffff, 0x1, 0x0) mq_open(0x0, 0x840, 0x0, 0x0) syz_io_uring_setup(0x9e, &(0x7f00000004c0)={0x0, 0xec25, 0x40, 0x0, 0x40000333, 0x0, r4}, &(0x7f00000006c0), 0x0) syz_mount_image$iso9660(&(0x7f0000000040), &(0x7f0000000000)='./file2\x00', 0x800008, &(0x7f0000000540)=ANY=[@ANYBLOB='de=0x00000000800000b1,norock,overriderockperm,gid=', @ANYRESHEX=0x0, @ANYBLOB=',mode=0x0000000000000401,norock,showassoc,hide,hide,norock,gid=', @ANYRESHEX=0x0, @ANYBLOB=',mode=0x0000000000001000,check=strict,iocharset=cp949,cruft,uid=', @ANYRESHEX=0x0, @ANYBLOB=',\x00'], 0xff, 0xa4a, &(0x7f00000007c0)="$eJzs3c1vHOd9B/DvLEmJoV1JcVTXFRxxJVcK47AUSdVSBR9SiVxJTPlSkBRgoYcojahCEFu3cQs4RoEoQNFTjBZo0UN7M3rqyUAuTQ+FL0V7a049FCj8LwQ9qScGM7skl+Qul2IoklY+H2J35+U3z/PMyzMPd3d2nvDFsnZ6y9jaWvXY5/i9fz6EEnOM3Zr+/JNPPy4fP3yaE+nLO8W/JINJ6kl/kjeSganpxYW5Hgk9SR4k+SwpkpxM83VPHqT467y6Of5Zin8s8+3qxF5Tppc1fqkd9fEHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADHUTE1PT4+UZzIzPy99+pNSX2HqenFhSJrazvnrC/T9JOq1+/iJz3zTYrykcHB9a6+3zi7Ofv1JPWLebM59mbVIXkG89Err5959yv9tfXlu5XmF3Jy78l+8P2PnnxndXXlex3nFsUBluqYaR4jdxrzM0sLM3M37zTqM0sL9RvXro1fuXt7qX57ZraxdH9puTFXn1ps3FxeWKyPTH29PnHjxtV6Y+z+wr35O9Njs431idd/c3J8/Fr9W2O/17i5uLQwf+VbY0tTd2dmZ2fm71Qx5ewy5np5IP7uzHJ9uXFzrl5/9Hh15eq2kvVl2/FbBk30Wp8yaLJX0OT45OTExOTkxA9bvWdvTLj2zo13ro+P9483vZrWQHZEvKCDluPlS91388GfxGGfas32P5nNTOZzL++l3vFvKtNZzELmusxvWW//L11p7Jpt2tr/Vivf3zb/XPl0Medbo4Nd2v8uZTm8vw/y/XyUJ/lOVrOalXzvyEt0uH930sh8ZrKUhcxkLjerKfXWlHpu5FquZTzfzt0MZyn9uZ2ZzKaRpdzPUpbTqI6oqSymkZtZzkIWU89IpvL11DORG7mRq6mnkbHcz0LuZT53Mp2bVSqP8rja7ld3KeNG0MRegiZ3CdrRmHdr/zdsX6Sx/Z8TXkK1XffyCziLw/6stdr/E71DR6YOo0AAAADAgfv1/8yps6/9x/8mRb5afS9/e2a2MX7UxQIAAAAOUHW53pvly0A59NUU3v8DAADAy6aofmNXJBnKcHNo/ZdQPgQAAACAl0T1/f/5FMObE7z/BwAAgJdM73vs94woRtdv/1t/2Hx92IpojhVDt2dmG2NTC7PvTuRydZeB6pcGO1LrS4qB6ucHb+dCM+rCUPN1aDPFMs/BMmpi7N2JvJ2LrRUZeat8eWukQ+RkM/JrzcivtUf2ZUvk1TISAF52F3dpj/fa/r+d0WbE6Lmqye8/t6UN7qta1nEtKwAcFxt97Px/q0uzDu3/+ea9Ac53a/9/a5f3/2XEa3k03LykYCzfzftZzcOMpnXFwXCnVNd7I2hehjDa49OAodYlCz+9Xsvojs8DBjfWtT12JZMZ7fiJQFu6xXoZrjbj+l7UXgCAw3Vx13Z4vf2vPiTv2v6P7v7+v63NdUkhABwHGz3YP+/A8N6Dj3odAYCttNIAAAAAAAAAAAAAAAAAAAAAAAAAAABw8PZ0A///upysrq4k++0soMPAT//9X3+la8yPXkkGn6eEuw/UcjBlPv4DfUmOKvdv5rmXKvfxcdl0L9NA8bSqsL9QOkd8YgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBQFElfp+m15GSS8SRXDr9UL87Toy7AQanvb7HiWZ7lw5w66OIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPyya93/v5bm6yvNSemvJZeSPEjy+0ddxucx2GP+s0Mqx/HzR9Vz2/3/a8lA1or0Z21tbS0pBqamFxfmykOhOFnO//yTTz8uH12T/MH6wM5eFcoEyhy2dC7RyqFtysDWpb5cLTU0vfLBkz97/0/q07eqA/PW8u3Z6bk7i7+zGfh68eNmFwjt3SCsl/cvLv3b37RNPtHK/Mfp77Yi2/O9XeU7vTPfX+u0dJd89+Dx6spkmdNy473lP//jWvus13IheWskGdma0x+Wjy45Xdi+Pbcqflb8VXEqf58H1f4vt0axVpS76HS1/l969Hh1Zey7768+3CjTDx5/2JbAmQwnebi1lvUo03B1PunolSrXgTLX8SqofDrbI71dtaU4sbldt6zDl6tDZui51qHefR0qPbZ7q0RXt5dorawkf/unX8nlXff0yQ4pXu6RY0fFz4r/Ke7mv/OXbf1/1Mr9fykda2eHJKrItiOlfd6W6lW7tLnmk+0zvr09za61khfgR/mD/PbG/q9V5//2ejPZpd5snI++2TaxS71Zr1pd6sXJrTV1R71o6VUvdtbUfzq9o0XZmmvObmuRWmefbsu0ynm2GdWlnL+abyT9557rjPKNHmeUXsvvt/7/QzGS/8tT/f8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADHX5H0dZpeSy4lOZPkdDleT9a2xzzdR361oWI/xTww+ynzF0/RdUWLZ3mWD3PqsEsEAAAAAAAAwItxa/rzTz79uHxU38f35TdqrTn1pD/JmeLvBqamFxfmeiQ0kDxY/0p/sHNIl8l5UD69ujn+WTn2Ro/8jvbyAQD4Qvt5AAAA//9B+m/L") r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x1, 0x5, 0x29fd, 0x84, 0x105}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0xffffffffffffffff, 0x0, &(0x7f00000000c0), &(0x7f0000000240), 0x800, r5}, 0x38) bpf$MAP_LOOKUP_BATCH(0x19, &(0x7f0000000100)={0x0, &(0x7f0000000040)=""/122, &(0x7f0000000180)="09e967861cd0a109a8577ec49ac3cf080a38108e675f7283f17db4d99f23bea434e02c78a25952556f", &(0x7f0000000000), 0x6c, r5}, 0x38) 2m38.983545603s ago: executing program 5 (id=902): syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000340)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xc0ed000e, &(0x7f0000000540)={[{@data_err_abort}, {@data_err_abort}, {@dax}, {@noload}, {@mblk_io_submit}, {@commit={'commit', 0x3d, 0x5}}, {@init_itable_val={'init_itable', 0x3d, 0x601}}, {@debug}]}, 0xf6, 0x47a, &(0x7f0000000680)="$eJzs3M1vFOUfAPDvzLbl7cevFfEFBKmikfjS0vIiBy8aTThoYqIHjKfaFlJZqKE1EUK0esCjIfFu/C+MJ70Y9aKJV70bEmK4gHpZMzszpSy7ZVu2Xeh+Psl0n2fn6T7Pd2ae2Wfm2d0AetZw9ieJ+F9E/B4Rg3n21gLD+cONaxcn/752cTKJWu2tv5J6uevXLk6WRcv/25ZnarUiv6lJvZfejZioVqfPFfnR+TMfjM6dv/DCzJmJU9Onps+OHzt2+NDegaPjRzoSZxbX9d0fz+7Zdfydy29Mnrj83k9JX+RxR0McnTKcb92mnu50ZV22fUm6vmEX7fvlZrrZkUA3VSIi21399f4/GJXYsrhuMF77rKuNA9ZUrVarLXNWXqgBG1gS3W4B0B3lG312/Vsu6zT0uCdcfTm/AMrivlEs+Zq+SPPEvv6G69tOGo6IEwv/fJUtsUb3IQAAlvouG/8832z8l8bDeWIg+/P/Yg5lKCIeiIgdEfFgROyMiIci6mUfiYhHV1h/4wzJ7eOf9Mqqg2tDNv57qZjbunX8l5ZFhipFbns9/v5YOr1xIPo3nZxJpseWqeP7V3/7otW6peO/bMnqL8eCRTuu9DXcoJuamJ9YTazNXP00Yndfs/iTxTiTiNgVEbtXWcfMs30t1905/mW0ftm21b6OeCbf/wvREH8paTk/Ofbi0fEjo5ujOn1w9ORMdfpg0zp+/vXSm63qX3X8HZpKy/b/1qbH/2L8Q8nmiLnzF07X52vnVl7HpT8+b3lNs8Lj//j24vgfSN6un48GihUfTczPnxuLGEher+dveX785quV+bJ8Fv+B/c37/464uSUei4g9EbE3Ih7PLgqLtj8REU9GxP5l4v/xlafeX3n86zNXmsU/daf9H0v3/8oTldM/fNtQbeX2+DdHRKv9f7ieOlA80875r90G3u32AwAAgPtBWv8MfJKOLKbTdGQk/wz/ztiaVmfn5p87Ofvh2an8s/JD0Z+Wd7ry+8H9SZYfK+4Nl/nxhvyh4r7xl5Ut9fzI5Gx1qtvBQ4/b1qL/Z/6sdLt1wJrrwDwacJ/S/6F36f/QmxL9H3qa/g+9q1n//6Rl6ZFv1rQxwLry/g+9q43+v5A/tB4VAPcn7//Qu/R/6Ektvxuf3tVX/tc98W/xe4b3Sns2fiLSe6IZGz/R1/aPWZy/cLrs13cqXBvMy2XPbGpaposnJQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgA76LwAA///J9uCF") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f076bbeef, 0x8031, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x4082c1, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, 0x0, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000340)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cast6-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) r3 = accept4(r2, 0x0, 0x0, 0x0) sendmsg$nl_route_sched_retired(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000006c0)=@newchain={0x38, 0x64, 0x100, 0x70bd29, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0x7}, {0xfff1}, {0xc, 0xe}}, [@f_rsvp6={{0xa}, {0x8, 0x2, [@TCA_RSVP_POLICE={0x4}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x1}, 0x40881) recvmmsg(r3, &(0x7f0000006fc0)=[{{0x0, 0x0, &(0x7f0000001f80)=[{&(0x7f0000000d40)=""/13, 0xd}, {&(0x7f0000000d80)=""/247, 0xf7}], 0x2}, 0x3}], 0x1, 0x1, 0x0) socket$kcm(0x10, 0x3, 0x10) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) mknod$loop(0x0, 0xfff, 0x0) r4 = socket$inet6_sctp(0xa, 0x801, 0x84) connect$inet6(r4, &(0x7f0000000100)={0xa, 0x0, 0x0, @private1, 0x200000}, 0x1c) sendto$inet6(r4, &(0x7f00000001c0), 0x0, 0x80, &(0x7f0000000280)={0xa, 0x0, 0x0, @private2}, 0x1c) 2m37.26818861s ago: executing program 0 (id=905): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_io_uring_setup(0x110, &(0x7f00000000c0)={0x0, 0x10, 0x0, 0x3, 0x80}, &(0x7f0000000180)=0x0, &(0x7f0000000280)=0x0) io_uring_register$IORING_REGISTER_FILES(r3, 0x2, &(0x7f0000000300)=[0xffffffffffffffff], 0x1) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_FILES_UPDATE={0x14, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000040), 0x1b}) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r6, 0x0, 0x32600) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r6, 0x0) io_uring_enter(r3, 0x47f6, 0x0, 0x100000000000000, 0x0, 0x0) 2m35.593728593s ago: executing program 0 (id=907): prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setrlimit(0x40000000000008, &(0x7f0000000000)={0x4848, 0x387040000}) 2m23.217363141s ago: executing program 35 (id=902): syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000340)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xc0ed000e, &(0x7f0000000540)={[{@data_err_abort}, {@data_err_abort}, {@dax}, {@noload}, {@mblk_io_submit}, {@commit={'commit', 0x3d, 0x5}}, {@init_itable_val={'init_itable', 0x3d, 0x601}}, {@debug}]}, 0xf6, 0x47a, &(0x7f0000000680)="$eJzs3M1vFOUfAPDvzLbl7cevFfEFBKmikfjS0vIiBy8aTThoYqIHjKfaFlJZqKE1EUK0esCjIfFu/C+MJ70Y9aKJV70bEmK4gHpZMzszpSy7ZVu2Xeh+Psl0n2fn6T7Pd2ae2Wfm2d0AetZw9ieJ+F9E/B4Rg3n21gLD+cONaxcn/752cTKJWu2tv5J6uevXLk6WRcv/25ZnarUiv6lJvZfejZioVqfPFfnR+TMfjM6dv/DCzJmJU9Onps+OHzt2+NDegaPjRzoSZxbX9d0fz+7Zdfydy29Mnrj83k9JX+RxR0McnTKcb92mnu50ZV22fUm6vmEX7fvlZrrZkUA3VSIi21399f4/GJXYsrhuMF77rKuNA9ZUrVarLXNWXqgBG1gS3W4B0B3lG312/Vsu6zT0uCdcfTm/AMrivlEs+Zq+SPPEvv6G69tOGo6IEwv/fJUtsUb3IQAAlvouG/8832z8l8bDeWIg+/P/Yg5lKCIeiIgdEfFgROyMiIci6mUfiYhHV1h/4wzJ7eOf9Mqqg2tDNv57qZjbunX8l5ZFhipFbns9/v5YOr1xIPo3nZxJpseWqeP7V3/7otW6peO/bMnqL8eCRTuu9DXcoJuamJ9YTazNXP00Yndfs/iTxTiTiNgVEbtXWcfMs30t1905/mW0ftm21b6OeCbf/wvREH8paTk/Ofbi0fEjo5ujOn1w9ORMdfpg0zp+/vXSm63qX3X8HZpKy/b/1qbH/2L8Q8nmiLnzF07X52vnVl7HpT8+b3lNs8Lj//j24vgfSN6un48GihUfTczPnxuLGEher+dveX785quV+bJ8Fv+B/c37/464uSUei4g9EbE3Ih7PLgqLtj8REU9GxP5l4v/xlafeX3n86zNXmsU/daf9H0v3/8oTldM/fNtQbeX2+DdHRKv9f7ieOlA80875r90G3u32AwAAgPtBWv8MfJKOLKbTdGQk/wz/ztiaVmfn5p87Ofvh2an8s/JD0Z+Wd7ry+8H9SZYfK+4Nl/nxhvyh4r7xl5Ut9fzI5Gx1qtvBQ4/b1qL/Z/6sdLt1wJrrwDwacJ/S/6F36f/QmxL9H3qa/g+9q1n//6Rl6ZFv1rQxwLry/g+9q43+v5A/tB4VAPcn7//Qu/R/6Ektvxuf3tVX/tc98W/xe4b3Sns2fiLSe6IZGz/R1/aPWZy/cLrs13cqXBvMy2XPbGpaposnJQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgA76LwAA///J9uCF") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f076bbeef, 0x8031, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x4082c1, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, 0x0, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000340)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cast6-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) r3 = accept4(r2, 0x0, 0x0, 0x0) sendmsg$nl_route_sched_retired(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000006c0)=@newchain={0x38, 0x64, 0x100, 0x70bd29, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0x7}, {0xfff1}, {0xc, 0xe}}, [@f_rsvp6={{0xa}, {0x8, 0x2, [@TCA_RSVP_POLICE={0x4}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x1}, 0x40881) recvmmsg(r3, &(0x7f0000006fc0)=[{{0x0, 0x0, &(0x7f0000001f80)=[{&(0x7f0000000d40)=""/13, 0xd}, {&(0x7f0000000d80)=""/247, 0xf7}], 0x2}, 0x3}], 0x1, 0x1, 0x0) socket$kcm(0x10, 0x3, 0x10) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) mknod$loop(0x0, 0xfff, 0x0) r4 = socket$inet6_sctp(0xa, 0x801, 0x84) connect$inet6(r4, &(0x7f0000000100)={0xa, 0x0, 0x0, @private1, 0x200000}, 0x1c) sendto$inet6(r4, &(0x7f00000001c0), 0x0, 0x80, &(0x7f0000000280)={0xa, 0x0, 0x0, @private2}, 0x1c) 2m20.288391868s ago: executing program 36 (id=907): prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setrlimit(0x40000000000008, &(0x7f0000000000)={0x4848, 0x387040000}) 20.432095727s ago: executing program 6 (id=1205): socketpair$unix(0x1, 0x3, 0x0, 0x0) syz_genetlink_get_family_id$wireguard(0x0, 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(r0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x12, 0x104, 0x8, 0x2}, 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r3}, &(0x7f0000001d80), &(0x7f0000001d40)}, 0x20) r4 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r5) ioctl$IOCTL_GET_NCIDEV_IDX(r4, 0x0, &(0x7f00000000c0)=0x0) sendmsg$NFC_CMD_DEV_UP(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x1c, r6, 0x1, 0x70bd26, 0x23c, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r7}]}, 0x1c}}, 0x0) ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, 0x0) r8 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x2, 0x0, 0x7fff0000}]}) close_range(r8, 0xffffffffffffffff, 0x0) r9 = socket$inet6(0xa, 0x3, 0x8000000003c) r10 = socket$nl_generic(0x10, 0x3, 0x10) r11 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r10, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x18, r11, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x4}]}, 0x18}}, 0x0) connect$inet6(r9, &(0x7f0000000140)={0xa, 0x3, 0x0, @remote, 0x5}, 0x1c) 19.985585226s ago: executing program 4 (id=1207): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') read$FUSE(r0, &(0x7f00000020c0)={0x2020}, 0x2020) bpf$PROG_LOAD(0x5, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@xino_on}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000200180000000000000"], &(0x7f00000001c0)='GPL\x00', 0x4, 0x93, &(0x7f00000003c0)=""/147}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) chdir(&(0x7f00000003c0)='./bus\x00') r5 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) getdents(r5, &(0x7f0000001fc0)=""/184, 0x20002078) ioctl$USBDEVFS_CONTROL(0xffffffffffffffff, 0xc0185500, &(0x7f00000006c0)={0x2, 0xf, 0x4, 0x1, 0x0, 0x5, 0x0}) 19.073411531s ago: executing program 6 (id=1209): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000007440), 0xffffffffffffffff) sendmsg$IPVS_CMD_NEW_DEST(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x20, r1, 0x1, 0x70bd2b, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_SERVICE={0xc, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x3}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x80}, 0x84) 18.625255349s ago: executing program 8 (id=1210): openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi1\x00', 0x2180, 0x0) syz_io_uring_setup(0x2f90, 0x0, 0x0, 0x0) epoll_create(0xaf2) socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) sendto$inet6(r3, &(0x7f0000000080)="b3019c28", 0x4, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2}, 0x1c) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000940)={0x18, 0xe, &(0x7f0000000380)=@raw=[@tail_call, @exit, @map_idx_val={0x18, 0x6, 0x6, 0x0, 0xa, 0x0, 0x0, 0x0, 0x6}, @btf_id={0x18, 0x3, 0x3, 0x0, 0x5}, @ldst={0x2, 0x1, 0x6, 0xa, 0x8, 0x0, 0xfffffffffffffff0}, @func, @map_idx_val={0x18, 0x2, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1}], &(0x7f00000007c0)='syzkaller\x00', 0x8, 0xbb, &(0x7f0000000800)=""/187, 0x41000, 0x1, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000008c0)={0x3, 0x2, 0x80000000, 0x1800}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000900)=[0xffffffffffffffff, 0x1, 0x1], 0x0, 0x10, 0x40}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="130000001000000002"], 0x48) bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000340)={0xe}, 0x8) 18.346293102s ago: executing program 6 (id=1212): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0x0) timer_create(0x3, &(0x7f0000000300)={0x0, 0x21, 0x2, @thr={0x0, &(0x7f00000003c0)}}, 0x0) r1 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={0x0, 0x1030000, 0x1000, 0x5, 0x4}, 0x20) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x220, 0x0, 0x43, 0xa0, 0x238, 0x98, 0x330, 0x178, 0x178, 0x330, 0x178, 0x49, 0x0, {[{{@ip={@empty=0x5107, @dev, 0x0, 0x0, 'veth0_to_bond\x00', 'ip6erspan0\x00'}, 0x12a, 0x70, 0xb8, 0x0, {0x0, 0x7a010000}}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'snmp_trap\x00'}}}, {{@uncond, 0x0, 0x70, 0xd0}, @common=@SET={0x60}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x280) syz_usb_connect(0x0, 0x3f, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000b8e42d08da05990082d5010203010902"], 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0xb, 0x2}) memfd_create(&(0x7f0000000200)='\f\x8b\x8a\xa9\x16\x11O\xdd\xdfk(F\x99\xdf\x9a\xd5>oJ\x02u\x9b\x94a\xac\xfe6A\xc4\a\x9e\xbd\xa2\xfb\rD\xefq\x1f!\x01\xc3\xa5U\x98\xee\xcd;A\xe8\x00~V\xbf\xd4\x00\xd2,7\xa0\xfd7\xe8\xf9M\x02\xec\f3\xd4\xb8\xc3\x85\xda\xeb\xce7y%S\x1e\xa9\xe9\x92!\x95\xf1Ek\x95\x9bQ\x1d\xa4\xc2\xbb\xfa\x96\x14\x7f\xb9\x90\x9cn\xb5\x10\xd2\x84\xe9\x9e1\x9a\x9e\xa7\x9e\xcd\x1a\x86\x14%\xbaS\x90\xb1j\xf9\x00\xd7@D\x04\xaa\xb55\xd8x?z\xff\x85j3\xbe\axo\x05)\xcc\xcd\x9b\xb3\xe7w\x0e\x9f\xd3\aU\xf0M\xc1\xad\x17t\xeb\x1b\x11m\xec\x00\x00\x00\x00R\xb6v\x88\a\x82\x9e\x00\x00\x00\x10\x00\x00\x00\xa6!\xb3\xa8\xe7[&\x165\x84\xce\xa5\xc4wT\xf2E\tj\x92G\x14\x04\x93\xa4\xba\xcb\xce\"Y\xd68\xeb\x01\xc9/\x19\x85\xc6\x8do\xcb\x17\xb5\xffW\xe6\x8a\xfb\a\xf6', 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000500)) syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x418}}) io_uring_register$IORING_REGISTER_NAPI(0xffffffffffffffff, 0x1b, &(0x7f0000000240)={0x2, 0xff}, 0x1) io_uring_enter(0xffffffffffffffff, 0x75fa, 0xe475, 0x0, 0x0, 0x0) 18.037129104s ago: executing program 4 (id=1214): r0 = syz_usb_connect(0x3, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="9f01000083667d1040206402d14e0102030109021b000100000000090400000190f19c000905f3ed"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000001840)={0x84, &(0x7f0000001340)={0x20, 0x3, 0x8, "6e812891baf00ff0"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001800)={0x40, 0x21, 0x1, 0x7f}}) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000840)={0x84, &(0x7f0000000040)={0x40, 0x17}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) 16.213761631s ago: executing program 9 (id=1219): r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCDEL6RD(r0, 0x89fa, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f0000000f40), r1) syz_io_uring_setup(0x696, &(0x7f0000000240)={0x0, 0xbcdf, 0x3180, 0x0, 0x35}, &(0x7f0000000180)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_WRITE={0x17, 0x47, 0x4007, @fd_index=0x40, 0xd351, 0x0, 0x0, 0xa}) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000000906010200000000000000000200ffff08ffff40000000390900020073797a3100000000050001000700000004000880"], 0x34}, 0x1, 0x0, 0x0, 0x10000082}, 0x4000080) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200003, 0x0, 0x0, 0x3}) r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r6 = syz_pidfd_open(r5, 0x0) process_madvise(r6, 0x0, 0x0, 0x10, 0x0) 14.829088698s ago: executing program 9 (id=1221): sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r3}, 0x10) r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000140), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r4, 0xc0605345, &(0x7f0000000040)) syz_open_dev$dri(&(0x7f0000000340), 0x1ff, 0x400002) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) kexec_load(0xff0f, 0x1, &(0x7f0000000480)=[{0x0, 0x0, 0x7ffe0000, 0x3e0000}], 0x0) 14.808863011s ago: executing program 8 (id=1222): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000) ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000180)=[0x0], 0x0, 0x0, 0x0, 0x15}) r1 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$HIDIOCGFIELDINFO(0xffffffffffffffff, 0xc038480a, &(0x7f0000000240)={0x3, 0x0, 0x2, 0xff800000, 0x9, 0xe, 0x1, 0x4, 0x1, 0x6, 0x10, 0x0, 0x15d1, 0x6}) r3 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r3, 0xc05064a7, &(0x7f0000000a00)={&(0x7f0000000800)=[0x0], &(0x7f0000000840)=[{}, {}, {}, {}], &(0x7f0000024140)=[0x0, 0x0, 0x0], &(0x7f00000009c0), 0x42, 0x42, 0x1, 0x0, r2}) 13.513162296s ago: executing program 6 (id=1223): bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0xffffffffffffffe6) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock}, 0x70) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000e40)=ANY=[@ANYRES32=r0, @ANYRES32=r1, @ANYBLOB="02"], 0x10) socket$inet6(0xa, 0x1, 0x84) 13.034245945s ago: executing program 9 (id=1224): mkdir(&(0x7f0000000400)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f000000e280)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) syz_fuse_handle_req(r0, &(0x7f000000c280)="897c6500ff3035465c7acb4e06980b05687c1480c7aafe631c0543db2bf0d6f539506e8782da06c1ca018774d72e9e5a3418ab66ee78dad68457b17ec9d47bf7d8272d607c1c0a4bd906f0cee7f8451828d2458596bdd6a459ba18ebaf61b38f5d66c27fa8a024ad7832a85e58689a4c254c94cbcf7208fce6e61d9566459789d15a6f91dd7db7c54cc3a94da956fb290a8a15f849270bc459d9d9f47801be86dd5c9d18382081a993b7bfde5c28adca4c71329afd6be743b076033b5859891703eb65fa256d6f47450b6edacbd05a9bd8b372e90cfc30f32826566dac6c48e6ef001881cbc30482f9ec469e476a101da496b8c0785eaf875d3608b0c49e9d39baaa1041f903a805f0f24aa63722fa2d87b98595fa5cfaf8b79c458de43ee39904e7cac7540a934b4108957785d58807abff186949f1b94cd21b724aff34ac45c7066dcdbd68ea7b766af9d045cd7fafeafc5c5a0c3400ef4e0c71a6fdd5b8d68a6f317644cda9d2fd2c839a82b97b3d909b54c672227bef573c9de1991d65a63017f724d1f7f1575e69db53318a7fd7065b303e751518c8eef04f642dbd4dfa349040a7b5401050ffc2b4ef62803a7c8eaba99e011dfac24d81b2b61e0b0581e53bf520f623eca17f0545c5e59ff15b527475f970f589894ae589145fa4283f7225088ccfeba1d72e9128f8c223ae1840f2edae3dbcdf7e560d5cdf4f71c9ada1931c0f8312c000101b264aaddb9fab166ba8d8903d6098eca20935ca607ea79e936798b3dfb22a7e159abb234cf21f3733dbf263a8ff116092f251659108892b2e21e1b428fd225096a5040270b2d70347013eaa1fd8e452942200283aab092c4ffc5b8b427b5d691a5a773e09da20539ff0f8214331c5d84107ae8a59aeb58efe22d7a079e446f1dfb07510377799bfdc7ee59cabcd76af0fe8a427ac8258ff33bbad5a8061f1cfdfbf375d73d676cc7916d6658ce46a0b17ad6350150f98e3512b513e25ca73f5f5df0a1fb9582ace7906c493fe1fd2889d9aac0b7c29c2b6c205537627bad64df433336a5ace32ca871e51b4dab0fbb00886a1fa81a98b74de0a26cebf65723515ebb807fc3c161ed42d1a7b6b55717613577ea437f3a2967c66ce45ff85a6a35b7cd40625fc575b107d7394e3d2db51d58347276c33e21f50b5a6b5672bf9fda63139bb75aead1fe4ee9a4064af5a5958466aa39faa6d821489fa415224c8d69d3b5922236832c2b1e4f6b8863b32f9aea83fb522a2de081d674502b48f73ce6db98d84136059b4a6676bc85ac6b7626329afa9bc7d3f9f2caa3c4d872744e0a8e02d72a75c6c545b8ec8e15b6fb0fe4185bd0d154960e6fef05ba40e5fe2968eb1301dcc52a03337179e74ba1522af93d77827845f8941c69ed8bb84567e3c63f1cc378a542f1de7007b688ff0a9c69d5861f0b85402c30a2fd391c52bafbe65f8e82135fd38361d7c0b43c982b2f3e7cb09c40c7e215114f4243d670cd576bcd93c1e959345170c75d6c3cf89cf8c2c70dc792e646e7c649d4c5f36bb016c7acd466ad58473d40dfef36394e581065a8581ab852250403cf372ac0065bf757fa3f445424ac0d82aec1938a2ea116bdfd306baa1cb06c62a4a97d66ab1b9489469cb8ba842da12e310caed02c5ef05c0be1e1e8c9c8b87d6871c94c57d164d08672b205c948086a06a545b266b7ad902a908681eb188bc51b6190b5cb9d8ca59b8c4c6e7369c00d6f6119fd5d437239e3d3c89cb81e09e560fb817590106015f08e7b09f1e1e65bfab3b8489fa058e24081978b9e25463d9945bfbca81c08885d4b6d4c62e217bd9e19460762f36c66bc948fe31cde089626fbb310e3c78a8d3f2eac21d374d9b58d887235d3a95721168e4b9475849071d60ecfe7ea5d6c4bf60da3747612ef59bb651270f326c0af31bc8c71361f851de34ccb3c8071b96f1128d7ee79b41246e566edd0272dbd3ccfe472b38e5e03d3ef83218bd498e6de8b4d92cb6f82716449ede7ba845028eccdb9137be8a622ac88ac53118fbc39637fa7a93cd3abc6f7671c7804420d66e94720acbcac916950f9baca77fef4217155ccc2cd0507339a0486f9f468eb28772986ee768c63eba671bf8c52e48a2a5dc2cc24fe925368706c2d712dd1064692b0fb2a32ddfbd4a0ffcf9c2abcedaae6e527bc1d42637aff2a275b76a7a7f010e42e1cc1d27141f6c3585a2bf58c6c5789ce61551d10118a000e3764631ec0b7f4b1a6f22a678133a30940b79dc76f863dd9f6e0d7776300898c97cef286c731c2050928c492439256e481652bff0d202db3cfdc54c9816ceea7895357bfa0362fad79afd09ed55189294d6ead7e898ac091cddbe7efcedb314bc02a18dd5bbddc42e089124758bb491fd1536aab27c5c124567bc325e7028bced5a179a011d1cb9a5ffb61d7af863e91ec8e60495561188b74d158ba1418228d44e92915a22eb1c166ef7d6179e84381ed950ffd747f13e24172942d922ca3109fb8b1e4e6264fa4a4eec75ad0d0e22579d90f45d6cd157300e38ae665eb56457202e25a8dd5877ba99725de288660badd2704345d9bad208c903ba27ea167dd45a77f77b6502b525b2973270582858183c784c324c1366fbba8d410c38bf75b41e067f6a9a017c56595161db4fc5639393fdafb1f148d3f416c1adc5fe1ab9cebe4689855c9b4bda6dcba5d5fa858a1b87d2ad23cdf54dbdf4d14aa4462da0b6f1107f4afa0091c2643508861a4d9f133ba77751941bb8fb756abf1a104205b80d47a3b4a59724d959c8b5833da4f56fb6613231f230a9378c9af741e94fd2c7213ac1d7625559b3f032f6c8df3ab441929720fe43d7c548cc661eed5b3c62b3c61f538ea3228376e2a18c6da2ad906322f64fb4865cde8e1889a8e5237fd6a39bbd6662f1dedc22fbd74e4376fa610cd710703dbd3924a38beae69783d1d5abf36122cbb87129ba719042748f060f4303a3199c5891c5040fd8cdb9761b006bf64cdcb65e5cc50a29994b8c1c34b83760ece12ed9ed7c3d2a7f8911cdf23a1afe0d7db1bf342aa0123dd5cd31339f5c8e160c4efef882602b3eccbe76fb690162b8bfb8a31910bcdf9a4a5dde76c2ac2fcd8678add7a000cfdcab398eb2171c026313eb6eb56b4b87bf8ef93f7f8a1c0bcc3775b681d4229ea561cb52281d8ba4315c3694ed08433596884d5a7ce3a8b1f82359846b7136726e2fe37bf4f7b7e2206cdcdb0705ced9f0dcaaa2ed3a78ea70d2cfeab668eb321400fc955e9aeb7bbcf86cd03f02dd443503a1480d9d9f899f53bd747a95293786798fc59fceb09e686a9328da4f929b6201841bbbefaffcf3386abdf69540e3b46a643ec10f0acf21f27c0053dc13f18485dbc898729dfbeaaa4887b58cd442d7ffa941808cd9658595be8650a815b088621278d89f0d8a4252566b923df3a3cd65c0e4af08fad385927251b31d35f75eaf25e6cf13a579aeeb0bcc0a14ca4a20a6831d532be0b2af3821792a2df95131b7fafef245aa19b214053342aa820c35858d13f84e496294529411015c41ed447b5b51dc44a45d52552a2be1abfc157f3ace7bfa32d5b931421d5a152dd66b7bf549311b08325e5a7201f793037b38990bedeca8a647c08d2478670f8fc2b4e8983ea18bcd514daeeeeb9d7a778f783c76edf01bd4beda4b77b612cd2e865c2e4f58ca7ae06147bf66ae6aee221cf9b9505dc07e6fb6cf4f82dc8c406c78e270210c11cf2531011ed678d9dfe1f49c9a69a95a9f3b0e5b624d9c2664d787ab911b75a4a38d63e9d6c353f8aaf433ff961fe5e34d84936ead0d0bc7954caf84e541f5c6f3f20c9eed21eb0316b82c0dc5182540e63a0af25565496792153d6395adc2b8d68b8bcd93dd110ff5685879db4384ec390d44b89663d43a5de3bdc0e103b7c1b355dc5f6fe3518c93628780ba03f156badea65d1d0af8433c9e8a975fdd19453da662a33fa9f0f5fa15fdb216b483fb48370a967246e0b763df8b3bc7924a6c76c4b114f803dbfa3b312e6815b4eb67be167283a9e482d9a5beac250089d069d4c386b7fda5fc228404a0f58b12ca4dc131c381b49b42b570bcfc0dd663f24afaf65a26a21f6d92f52c9f8de36cb76bacbaa0eef98ba6b7dbbc2629a03bb2b6f83fc5adaf20c217bc8d0f0d2421e01472532bcb546aeb2d483c8f95011a3ba1d2fd8086a717cb015dd53064ef4a80b6d6fdc12d9069223fdf2aa9b192a0e0bdb38436f49d9eedfef3665815633fee4344aff11162526362b70b18e1dbedbb5d8c4698860beccf667851878a25a1e766caae2861f2e23404aac859e62fdfeac06a6057554828d7035806e8ab3ee2fa6d711e5811db61231a22f4672f6a11b27641f350bcab78792362e6ebc1c054a643bbbf2746678c14dc567d1f73e37005c8ab6374c4d8d3106384a2d32c5fcf05cb9ba97cb7fa1aff11505a701bead543e555f3901ef3b693d5b9ebf49518c3509af042b7e84b1b867c22b7e08725220e4338fd074edce428212e6a3563a08e2ccd8ab71910256532904542e93d5c7deb5bf5d49beb3202d4da4f643649e55edbb91188cdcf0883a40c6ed6b8a086fb5c50dc08fee00308420121d4c7431b7c447bf9c1e099423ac451d67b12e930d9e391d0a799c7d4b54a0d56ea0aae00c1d009e21fb5459416b464b227d66ccc1a68da59d64c1583dee54bbcd7d61ffe541fd0fb7452adba91906918966a7d58019ad1f8fdebeceeed7018837b6e4272eefeec8385abe7207fb2d7061fa6cdc478165a98971f9729b818a73edefed976d5c7c0a651c091cfd1174c020e39330a79144271fe4cbc61ea0ffa274d0d87d06dd08c1d5f8a0364d46ef7b54426bc286330c75fa257afeb2715c2ae511ff53b1189cc59ab80b1325fbdcedfdb8f36ed71f70091116e16b52188b794e637755027caac8db8554f8674b844964c710cacd7a9d6b06baf6fef76159a380e639b0d3e66080a7cf7f86baac01dbe47fe687fcef2f3bfbf6f8fba045181dee688360a11ee56e5fc73ed31c0e2924ae57f0cc93c63a30662a65c5d5f17123ae28cc5b74dd13ed81b03dc7fa61dc575668868c0df12d3553269f04ba79084d070abcdbd4745de80e90e4e3e524f27249b5c4a2f2d4c8b331b0cb6d4efe62a298daacc6eacdfe008c1f912795dbdc37098c42db860953120fda709baa6d46f52eaba781505e68561ca0f281e850532ef8e7c779883e312806e1c357bdef8d0dda005e7fccfa6eb8686e8bf3bff036b3fcdc4036541d93530ce6f598442c24170b307ef05f23c93aa0ec96831b532d8120402214a940d1fa01ed649061a4a71308be189cffd729a196754fb8a75f23851189589be1b819f0612cad3dc94ccee88f4ab9ef6ac9c7daad8cf94f5ed9496c4c824e5b4f66ce32a80e7a6ef069a32f6812e656aa5f5742bd432afdf026c86e8f28212c1139dad47d7fc07e5c1a83e993daaa4a4bb5f0c9435ccab2a10f867ffe259dba7a1d9168619b1e3048860a5122e4a5d0b00372eaae861a0cc88549852fffa76e6d78739b654d67df15ea97a9a46b7c382d83191a673aa619b4a10ec05bc681379b0d6df824cb6fe158e9d89ae5dd1ef66976f67972b553db52eb6feef836dca6026293f83a61e117754a7424a3da63bd82d017f87f0603e2a9b8fc550aae611681935ae91f7ca2b5341b05a25208bd28f1a202a7f2a213b1d7411ffb557470aec00c4d13c70163f22a038a189710dd19a47e8db4a87c3fd329a63abca172a9810edad2d8e19ef85b57ea4287cfb3d740d7ea3fa9c80d06e1aa84b317f678ddb3c147ba5e0db432125f59ca4944c8e9050281ca82a3ecf67b2a5df678697a52a7297af1ecb03c586af7b91d74e881964ed95f7be12fa07e2a4e71aab8b913a13996fa33e915144bf00e49b8e7adec5b2c4b8165f54ba3155230e241ee023af77a295ab87c40f63f6092ccee05cb08a265abe8f57c9919bf45064b6c2240ba8011db223a283a4e2292d9b59df8c9a4fdc763f0631007db9976f351717db0e6b5f9c6e5f227c2efa1ae5fe0be1af0b22fc164f9f9678a01fe8b059749fe8a2972455732da1989c609d191544ef9fbb3e58da93ec4a582430523f260b776e4d747312747d18a9bae14740f5dcd35fd1072f8a4d81573b5882203be856b62d7e1d87081a9e431872c9d68864197bbc61f15dd8aeae950d34d6ce97182deebd2ad64cabd1c723baf512acfc7e94675b31369bd60e155af79b97bb734312569f736dcd5b5a78223ffaa0f7e93e1a112cb9f6a5b88fe3cf12c30024c16c6b8380fdf086c662665d3751c11617cc4dbd5b8bc7543301a23fbc90ba8d060193cdc2b68c31c734d516707b759f7db009c8f06e69b40154e1cd8ae444afb28134acdf871136b4fd78bd86d7faaaf618afb25e92d1ee37cdff0595278f9565f5eb109e181e9cacec2f22e32e9f34774ee223fdb992fecfc5dbc5cceeda16cbcf1434730d859e7e03d36ff17636a7a7e66956b515894da114f3040909f90ce3cfbb2d7d46e37049c0fb124e0683d662eb427cd7b851ada229451e6e3aaee64b9964ced3036bde5d9d80eb062474f96ecfb9b65fcafc719494ac12ab7df245475f2a5e7f85ca4789833ca373e6214d39176c8f51dde87a4cfe5414a20f68bb9f34709979b99533ba3435c4aa56e525195e10ffd00f8e41aee30a909c07b973bbf733d45500b539ebe2206d438216690998d9e256db1b7ac6bef3e810785e1986985c945a2b820323a592721fcfa444934d0faf8aa439d5efca5dcd77b72d1eb91b3790d50d0a7483e354c415f81d99c133d648c1293e795b3c43f9b47e23ef982e10072ea5baafb0df675e69af1807b225afa0cec3eafbde8535d3ecaa0ea6ddbffe4465207425bb003670320324df0aeeb16b38a043f9c0e85673b36def332fd68b2b1e6edda621d0cadebbced8c7fc8f890489115b457249e8d8103676b3207a472804d33e0fe511ac56cd8dc5333b2333892f87b455940ada78fcf5075c358fce990e6f65f095eb416d876ce6f120b8b02cfa6b176ee269c942f881247c3e464cce2aa65c39137607c585aeb4b5f24f5f8e058c9c8b48003c1809da3e8aad1bee7955c3a976d43fe132e2b16f4758a0a9884e51d13b930675a4361ff366b0fed190ad7b2a00385528951e39cd44ea06d8921b9d613d7626221154cf86249a550198fe4e5b05ad3052b474291da0a0a2f701759859bc0392adf243ad5eca89e6d18e28dff99ef95743bcabe75504be8c715cd6360facf3bb06cb97c29989d4f6ff5083573cefe6ef0b39a252a2678112fa88e5b06c9a6bfc9597cc96e5a49710c4fc120fb0da4945b9d94e46de1e9989d0fc3d8d20df23d815b660c799a903f651b0d013f7fe158f1d297f7fcb6a48780ca5525f1d081ada0aafa83552318b848783306549750b6254cf676c7b934cf7fdab992717f0cdc089b34278f3fb151cadde14d0d3250e85a4b0ff2a2778a219aa40563d3ef575285484424b6d0e7cc8392342e4848c6fc8cb20fa1b450cc4c1fea19f3bbdd9e342e6c49cd7ac893b1eda2e93d1d74d20969465946b398fbc733757741ac822c4a118632cd242a439fc37512cf79b7c629504ccc1e7f2f11798955c3262b5e9695625ba74d8050e20f51d4769e1ab938f487f1bc4b55b5abcaa3ec079c2d0972b2ae9bfb7c5423b959119292ea05f1d79d35afe47e49d97c946b193bffc0a8f607f18a6845cecbbdd98cd351db2b2dce05a4848ba84a6a497b4618950130cb7e76c03d0976eb2fb41d3a42a1430063ed8e5b8c67e80fd4fc1148911958babbcbff33a6505de209b0d9320017fd736fd027a16564008ab2e1f48a6dd66c9256730e9fda0a606875d0871b2b9b0bc2ed4e1b696dbf0283c8dc72cf4338e595266f5390bc3a21f988353118f2948fc75d050ea076b73508d9ed89bade0ba305c1f4e5daf9d40d2f5e7ababed8d1b1d919c61a6d3fb149c1a9b44e38585a2fe322f83d73a3aecb44da3f0e82942d75d62ed3f91eb44f3411df014f88839e4cb1e21b9b259d4eb4adaf6b0be433d0ed4c87ec77dde5ee9d566e3dd8d928fc1875c63af26c59daba5ae267d9bd5da72b99a03e6a33cc48ed961ab484ff4a46c2d5fa597e626e00b530d7b9a9705e4e08d03f3a7f2a5a5233ad6340e3b5c89db81ca713b6d7d855c6324955f85109b204566f50178cd88abe3fcba25de905e8ea0b75ad51831761ed9b1af2470f976f05ec73bf74d137c207270cfd614170518cdc449aeeb663e114359c8124eaf2499d8cf5dc84a0872301db2e57b50bd285060ec4390d99d4ae3674ca3bb8679c1b08e566ba4f30daec8684a980055eb43cb5a1306c4b52a154682aa96637e06c869278aa2f74ef7345632c11265ef8ac97e953745302556881ba0cb590fef271c0abb193fb84d18ee3f24d9976ae816b857d6f68d1fdfe10b312c799fe014debf875d04bff8b4f387859e97c6bf13f7083c28a2045a0b5eb09c94e781a165965e8617c0efed1701ea9667aeca26d9577ea7b1242e1d91b25d6a66756cc627648a293b9f4345966bc469fafaeddc1118d0972bd5c7751a1f51e5989fd952f314ae10417c97b41e60ebfbc47e496486fa4a89fd16aea7fa1eabebd26eb2a37a3e2b351e0c9d2f67b2e5be0f921adc9b6045b045948e5103af0e5050b9c0799b513c00865deebda730de538f956ceb6164e08bd6f58655a294b4b44fc65309b30f9c00f92ef5bd5b911a3d830f72c258b19521bb8e80db02129954efb61423f518d2c5f36587303890cad9a93fa4f4bcd0e24c67db679c67ea59c1350b8442577632d5e8735833f3daf5a74bc7bd82659a81beba8c889632efe03cd24187aee856cf659e16e195464f52f2b984fc7a299e7b2aa53979a147ebed35705d5e89691666536f2febacfcef9b32d14952f958b72512869e4f6a0a34176918217888b1eb8b89322ebb6bb1dead2b4744e728479880db70e6147edaff6c3f083f18e0696bdbd78cf0bda14d9f42e5c1077ced00041aadff90470aacec0e48e2a5f2a0ed37818a173b96061e8c5bf24c0bde9e09f9e0ddb8e13306ef1d4eb8043ebadde5d7553e5212ecd4691eb426251f9d6720b8276ac543dde02399a35d974b22c1727d4b6df01957cae47443b706d43165e01d6932b136f561ce837431254cfb2a6e7d8070a2d3805aaa15b3c10ccd0cda2e9b418ce9ef380e5d08217752e12b3b892d03a9495c83d78d674612fde5a67738b2d4649ce44606ecce6bf3bd1293eca246a83643e4f1c7ba362b110e07c8479f216e3d4afc4fcb8d0820c8ab702a66d8183e83174597035e92b9b500dee08c80b927b42c3689c7c9617b4112c9e54cbfa51e989b5fd42b80c595d3edd265f138e8128cfbbb0e4f53aa0aa95a2ecda4518b2e564c42d5de7671560843d08103b9bdceac5fdeb0b1266f72f491265dd2b2b80a225a50955167da1812364ea340d82f61535401bae6f3140a8795d7c318a64cee4676627244930957b2f0b227be21b72d90027e6a5a7af3c59470c74dcdb71d1ef090a0f49c91acd604c792385c8f4e085765292822ee5eca03885fd6bfeaca9b3bbbdeac939f7846a487c5a483ed1e4fbf37c93886ea27bb35c812089b900b77c7c924147e97b6a71533610750bc84921012aa8158b213f7601d934a20bdd1f757b0a33042a683af6b9069f3900059d7f80f9fdcc9f33ece8cf7888dc9e24f1fc6ca0ecccf161c5334c60f440feb3acfc3d115011c176dfa05314c5bcf089e3c82bbe7680a3eefdcdbf3ac27265b779db4f49bade0128eda6e29bc5933ef454601db1b49628fd39ab938794fa46a33937a086ece7050d31a21524e2f0cacb307ed4412a2078636f9cc8e11c5c31cc0f9edd7be6d1e31a1513a58e25215f5a24245cb988589e6d5e5119f4f6557c697fad7d1c3a7e3bae064db4382701e33e48c5b6a52fe9141a385ef2325c6f7781134607e98bfd02c43d6deefaa861700388b40d98e941cfb2ddec209f977e8b9f93d29fdbf85e3010ce7cd622e8c75ce3df535e392052b6d65d5042d2a6e78bbfe5ee146e8b18d4bc7fb024dbba57cbe0402205593766a313950cb719d00c67bb6b3bcaa1015b89e820f11475afce655947113a7c3dcbb52427f090df994fbf076db867e0ab3f6125fb8884c1d13ff3e99fab5fa8b9f0b72cb44db4d0a48d9ec17f9733764e213c40a15ad821ec60e4a88cb2fd9dd9a4f35e6a708f4b74067f4be3f03a95261f6b191df53fa5bb5164e4a164630ad9ce39087aa950ad9e60cd2c44fa2237c49abf858c97737fd21180fd0b9542767150fbed3f39a29e6c3484d9437e15d2439f2a54b2a1ac7e63e6c436658abc3f1dd52d984f6c6901768a8cf2ec98ebf44e90e0fc0c24f8957c62e05d8eacecaf25b178fd710af609a8a1bc4d7955b5f0cb4f48a37685e6304ea5843573a1abff37b5106916c83c8f23f939a0dc43aea8d196191ed6e18dd793990d1f37d7de0bf8fac6f469843724eaab86be8a483be281b8ecf4aa29d9c571951cde8cd8c2aaf4d597ac2cb48f23fad145916920a55d655924940573b64dbd42a280cddc4810434f930183fdbbdc72db1491a4c9d44daf9b1bc2fecd855508648063040faeb125da0e68e6cd2002181118eecff0be1dd8eae726af5d451630cd65119c52abd6dded97f931202f186a18c4ba34bc2c3f6d765e2d8f445e959f26ffb55827cf3ff2cc0289f17b82c8caa5a2d3d54306a300f0ef42bbe4ea9e32c5d4b1173942745cdcfe4f5d1619eefaf8dc600afbc9171d516f7f4b35331d0b9be005132ffad5e9df59710278b842afb626a78b8b8b37fc3a894dc705b2d4e0940cb264e9dc87eaa148e6faf78125462f28a0f1d7b3c65a291b85713fa71ffc478f6601e8716c35489f4a54ed0c70bcfd5502cc91374dc3c982075c5180398bc6b195b36e79dcc4087cb990cc9d964a150e0dcc887d496bdd27c3f298736b9ad8345ba2df46021964cf43c38f9d2e94b77bee2b7bf059e0870ff9f17b9ef1320c0aa88a2fa9781e9017ab64643de9a3df9ed4b8cfd8fa080a2e494409520b795eb1517d224a05e450c4c8ae0e9fd29c0e72d3a592cce55f6dd5107f21214e1a3f9a5448384de06149f959ec0c92790f0ff229ab4971171f1c528ae6d095ec007bf5e7f55d623a68194e9ea8edc3af418075338328f24e7504341c22bef72c2963fc9c3237ba990d29c2c8aa3007395f6d96e95b40ee1b18dbad550bf39d0d98268cb74dde76d987c3169c9067495fb1b88508bbb7e94cbb7dfc15c03b1d5b163132c8a468906f02d422a8cf98d0b432b5779dd962074b72dd27439b2e94312f573435e5aa84664432c1914839cd6e172186ce93eeb1d7cb0659696d9d550eb3b185f8c6ee16e53f78233cbe709f99d2879d63d93f7d0ed133241d2f1ab1eb2c56605ca0f0e01c39ab0ba2370fe5c4e68de0561b517ff9a10023c386236398372c7176e35443e2cf5dd6cbed9f23395f231e6a54f65626cb5860a8b72122c34664119e7c47204ef4a70583a", 0x2000, &(0x7f0000001940)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)={0x90, 0x0, 0x0, {0x3, 0x0, 0x0, 0x0, 0x0, 0x6, {0x0, 0x7, 0xfffffffffffffffe, 0xc9, 0x0, 0x8000001, 0x0, 0x0, 0x81, 0x1000, 0x2000}}}, 0x0, 0x0, 0x0, 0x0, 0x0}) write$FUSE_INIT(r0, &(0x7f0000000380)={0x50, 0x0, r1, {0x7, 0x29, 0x0, 0xe72c5e8f5e8528e9, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x6}}, 0x50) syz_fuse_handle_req(r0, &(0x7f00000061c0)="75ff311821f07fa4703471f11c7f9a343f146bc8a0059adb304af4dda6a635c782f0d1876dc4627e1aec92ca1fa753a923ca393dde13807c4a58e5a359ca9e98080eef63408e6f862bb0163f4d0eb142e97c03e024aa14ae0bedb306245522bb5a9d1fbc0e8655ae0dc9ba5980d67871769aef065383747b762ce0de5431ecd5e635dbb9ec7fe06e6cf812ef5bac0e0ea2daea3849ef66912f02de733073e13d5a4e5432e0d04f561567c0a9968ae8f5ff5a896237069bfb948bc71ccdea121324fec465b4cf31bd464726d15e7c13741869f0c969fe6f173604650e9d37350745066e8a5dc520898df15cf02859f6d508dc8bb5342af839d6ac5cd69bfb102b5c54746c5382dd976382351a7b701f3490a27ae738b93176d55d5de60823ddcd2470bf6c939ed858c53ba880c38db973256e065521c495d3b6f01d89a526e285bd11a1ad902cbad5bd7a240a10c4f955e6f57bf2b734fe658151b69ca497d6a90f930b330f639c3480a03b8ff62d067051ee0fb71df680b4d79ade539e31512d102ae66b75fc632b5af7da47ba3b87489a7c9735a522070c1b9c7f980aca172315b90bef887aaffe72804ff70d6a275513a90722d191c367474102dd5b17cd9e115e6ce1a2d6a787f8beac2fa5e32f88be0902db5bb1ecde5adb2331f1cd97e9a181e722c3fb83a99a53568f94e457c377ee840de8f2dcaf183781fad768431dc0b24ee63e689eaaaf7e75346fc5e5f6ff123d2fedaeee184e8d6a4d9e45f7a06b5de83fce572c5f631beed57641d3e262e57d592256bc38911adc7c4c59b022d532c7a5418fdebc76ff44c1fd9392818934a4f5603f33687d7d0f9e72c7056e55180e9ce336d86f99f243d31b3fcb15bd7a5bac39a93fcd7f747ee2352cf4886123757c7b7f759aa06a65fdfbf1da74f74968c47ef679ae843f9a331159d490578ae0d7c314a833bc31dbcda6bb0c019f189a2f999c29bbeb2586744d2f2682f3336516a92740d031029b83b3d38844390165bf6517521db3d89d016192b916bd9ac2ee5a3c2059d76cca7eddffdc3ac38bba3112298cb2ac79c686027621b212cb2165de3849f217d8e01885c05e4278491585ecd9633335769a431e82d809f4c378f1fe1f6b3560745fc9c9b2ba0f095b27513e3d6e6263c8298c0dab4819e8d170db1f42df4a2aee0a05d5422eb8fe61e7fbcf3ac8b568d2d6e0bd0ebfeed6fda0f8783dd797ebb2978a0e92fb9610d0ff465515adaeccf7d84bf7f90cf0867de6ef4a1102050928f5416fefa01af66779964011532b8abdf30b24dd76988699f6f8f139cb3628a94aaaf80baebb86d27d970cc17a298473cd80657c641c94ab4ca99336d1a95c27b47da153a0787002ea830c29db176b0f5539b40500986f206cdbbbc843ac148e1f583de9db549354cf681162483bf55704d548f523f1f4ce7b42abc127ff33fb70d4f129cc355b19eef3f6a19f903419b63b2f535e70a1e42bb85c94615bf2e2a640264e0a9712f69ed4a3ebfec61083a65096619b5c91f17eea4cc1e709b6b958be70656fc0086dde58cdfcf2f881abe9e26d185fef6b4c4726646ee47733de0645a5a204be01132c8ea667562625550035d0053267f4f80fcd9e827410c9bbcc4e8dcadb6fd603d709450749941fe5a4419b1f11764dbd0dbb251fcdc92acf7ef19eb65effcc2b8f563825a148b33747bd71fe7904d3946f60cee531131cc847e9c030922296f0578653d304501eda09e9aa95dc019be57e660282c47b81d00d502a8f7af8e2d8e5ead13577c7ecaec231b1117932de732c937db995056cd124ab9155f6c30a8efe14dfd47c1324b970be0317abbf68c130971a3672d093cf9c6a0fb897987107a490cfaeb114348fe308d3df65c732d5e5f910c344d632db028350739c5ee84b229114d97493827d405b349117818b29d2bd9117ee09d061c46fa2cb5ad83880d23300c7a11aeece2125c87eacf88279052bad129cb69b841fcae78a153cc31b494e0b0de4d8d9f347dafad6e4c44146def64c255173822aea7983cad710d734b9ddf5edd4369c00af3bff5ea434fd6d23079410bc8dfb4ac2554f6d9589d4d3dbc5757c93fe0bf5143ee2cc2118a07ddfa29756d80d78131c79d84ab0d269147bbf7756ad4e3875db312ea1270091d8d1d6249c6b9f703659bb3c60cc00055b0b3854f7e31a793a518927f5718b6f5738914bb07ed83ad8371111a48f1bc252443cc1f54ddee0e909506f0f5107b9dde26059135bc6a253e721f1ae34f81c023df75c58ff392d37b04a797365902d638ecd523cd8a78ff351318401c6729b7a1cc85f30a72223869df4c2013bfcbc64382fc8612393fd950f4874d215bfef214ea816acd8ad3a41d4b52b83e7a62d42069610f2169b9132b2b73f6a96ec31209facf23f1dd21f6c0c5892e3b9435c1f5b1d4bd9650814a34654de031da54729fbca6feb36e2e3fb80925b82d58982e4a17947ea8d5db9d743a108be3cf71c788625aae1eaf8f31d54b798eac0fd9076cfa0de451fd81eb7667ae88ca1f42c212f09fbc6e51fd7b8f3cbb9b664a09575bcda1e860bffe2c02411baba18087bc7dd8b6550019cb344c2e1a7eda52b0040b847bf8570cfaeed3934e0e90734df9ec8b495d1da4775658599326be1126c4995bab0f25d6c0b52e241a06f376f1f2b786da2cf4ffc61ffb1554930c02f34cc1136ffd1013bf2bff1adad5a9aad0360f508dd79765723e19de228d99a4895d51b5e6c5a820b883cc42529c8e1cff24fd31a7085869818d28de64956ec221603dd30c4e148ee34e3dbaf24ecbbf2c32f535be5ecf453d736c90ed28bfca01f4c54a9dd0ba2d16602c5681d70be98a5cc32ac862cc2675101b23e77ed827e3efb6ed34afb546d22dd96d88170fa98324953c58eb37bbcd9cdf366d88cc09e615029c41ab853e06a990e43394e3f3873703a3256b28416f4f6fe06dedbd2b9865b6974e13d5d7ab0cfbd9a2c57c00f407c002f9d6cd4a9458a1f67d507ea990db074ec5100714b7dce20c1f9ff6ce76d7882eab2930dd6a75cdb0a3712fba6c757bdc31e21a88ad59911c3f9d94c82817808d22b4dafe124fc1060bcfe61538ae5c04f1b394019ab0b028f915cd1b74ad3cc78b66b94af4339873e988e580f32801d2556482c168b690312e710c9889c32cc3c616b046c75d2d89eb160e97756fc5e1bbd0880f1e9e77e3de1e84becc16df56b55b6b9dc123bb8f1ec0417ebdaab62439f9dc7549903b9f1a90ed9b39edea8611268ce74d92f3629bb3bb357b78d669e9ef3bc8f5f1f22d16af63208c85c1b98af509a36dceb2c69c60ed8c21c15ea821ce40f3eee389807c51bd3ef310d811456cc36509705865584ed545085101ddf75bd44f260ab0407f476fb16bb3cba70b2361f4804719ad9775e9f015c2952a070bd93ef96cb6e96c4501b776da4e3221420be5bce977bb8b19f044dc339c0c8579c1c5ecf5e30f049c43241f1539a5520f580b67e30a435fb726e3d00e08e7d6a14d89f01257a28aed0fe773aaaedc0f5a6458e163dbe4d43a83ffd54ae69cb0e62a7f72b667f85f84b0decd84b043c943360a3d287c9a7167b30e0c2ddcc61c6d7c14119d760e1b9ced30a3baec6d3c82635e02726ea02489630f0b77b0e6c435b560358b5df5a16762d77860ae94b8b934794c6282ef45d669652551c05f8a451220138a25449da84a77d8e4fc171aedf4b613fa07710f4479912eba0e0cb0faa39582e2edd08c67e858799d9d5ab93f0791dbf5312dd94b5145c66e401d42805178ae212b5d328b7971371975ba952f5d387e694d24d71970aa1d3d719c560719a6e2a8b32a70f71ae44cac4695d342c4561e8eec605f8335e3ff1663feb569141fe859ef29e346759dcb682ca401177eb7ffcdd30b23aa976c5cff76e0ce19d301b272700b726902bc0765d809518be44cbf33cc63c845a9e97d2999a1f75d54c0caed5165a03e8337bb38f5582cd5a87057aa116f97012dd058a59d31c1cf53cc1492a39d213111ecd2284b76fd847c7cbd6305390baffee8373e525a6540c85317b44660fdda85357c04b885aae5d2e353cf094404df2708228f193600e7534e464f891201fcefb37f09302f234de1f1388645798437ad53d150078749f5080d83de1257cd3c7bedcb9817cb025c23bf3750e7b7be10079b4285c19788d6233c2c07f9c976845873bae54eb6f9196c23273b1e0b79464c23454e7a3de1b791ea60dedf6ba7cf44a197cacd6f22276d9456f1f786afcd468b50608233bfda467814a6a74f5035520e46ab21a822ca0f9feb3a2dfb1562addeffa3725d831351c1429232c1001b79b90eb6cefba15f68bcb3d530a11cd7226345b410cbf97a6fa892bf5c9c4c96e8917b07819c9c2628352ff08787c7a520f737b8b4fc6d27f3ff23256b64cdbc7ebc6cf7822badab4af58b845ec7c8b0d8815358cad4e32709e480c9dd14e0e21fcac30eec45b8744565b0b4efbdab74fbeb3b3feff454e8ae277c967bf6e0e70f15c48fe4c0407e7e446016cd683e36a1913f9be7a200247c37495c9585600897e0803eacdc758d8c37362379090df025772dc8e20fb1acbeff16150baa7361aec5c0d299337cf9497defa20cb8a6f9150b0fd7e80fff83900bc5825f2a02193e7da4c62b27630d12c4e161db7e58d0df7f3bb83777af4c60e2489e64aef23056fa7b363955a0477970503ef2925435ff78df62b58454c57f4106a2ff13e78264fdcb725811d378225f7675ba7046d4034590f1e84fb67f37dab7affc09e0ca51386d0fc206884164a322ff8923aa77a5fbd606a97989027c15e2dcea0f064bf893ca48a0f7ba9ba7519e922964260eb268705040be051c3059f8645200eebd51de1376a6ed88d1556b8a71df8796dfcf465426da4a0108c18608b677cb32b36c1da5f8219297e317c00642a09a548710ba6f9974bdb3d8cbd286bf458af5eda394705de8154d939df7856b9e9fd210c58015c859e33874f6dd5c0209c9f512d6d0a327a2fa6c2342d75cad4a0d4a19b48103666db3fd86493edcdb2b4202b1449a547a6f20911b6f982d66a9ddf54e539c48f5742b0d3221ea5f3f9a9a5198d797439cd1d7bbc269d6430e299ee12e1dc56e4da607fc29e047061db51ab5a8d249e0b2aa0b09b60f1314e5ab117c9ea940ebdf6d4529ea02b73565b0894f1420a4a2a4f25ac8e1cf2feb137e06d638af3e47db14aa721a343a00eb3e660b0ea03d6ff1ecdce42d41605a8fec19b61fb49986c87304057cc08880e5d6ad44158c3c3dd64287e55c0e4d0a577e408c1b44cf6670cd04c9a1d79899d367818c7451d3b95bef3d21f93e7c87667ce10fe1d8dec460523cfdfbbb0a8e01527f86e1268a0ffa98aa51a6b966e4196a37f096b4167c9ac9b31ed85a8c33f222aa15d1fa34cfa042d33189cd7f6255d4393228386253367a10cd501a85ad39011d3fa404146ee228e11446a0118c5be841936693e77f2bacc15b4bde2f58a2283bb82fabb29b897509151efed1a8d19c1deb85181e02183a49477a9857b179849d41c389248715350d9ca35a62e637f804cf3e8cf007582957104832c5c2da3765894b267aa0affcf8129469aabfcb6b854a1e54313f5841a34c1c0809004689cce4175811a958defb457a2ff3781a198114ea016232d74fcb8a5161f129f456848c74bf0f081778779060f3662ac3478d804edcc2340a19e449525336d0e9775bae61cfec557b4ddb0e5357458c6d88e94f46378aa0ea4499a3233cc22d6bd4aceb6cb46a0e9e2d619636a860ced49c8731268c69de345df6abfd5c443eb7e0da26e5bca8c03b5bc7b46b479fe14bc8e33df52419ecc8c551561b140c138625ed647a47471f121608e4ae233adc92bf62556ca0af28f94d629f5e5dcbbcd4239ecf202f7c886148db64b702c5be5b4779db955fd229fb40324fbe8db99270c2599da6d5c09cd93fd5197a1e85c3fc791883a71084c846a7f91202db6fc864d6113e1c5834f3d9634b595b2f1ceeab67f65b9d5833f1069e08d55821655938a35895458eb407352218ad49815d1497fb3cbd3ba2f6da2cb1ea81d4ab04416939528c208c4cc420d6fe119ac2adb6ccf32d7b52fb56b4c88f4357dedbe83b630acd0edb826550e36239f5a1703719abac50c8202c2adacba2e7036dcf42342656190b930a45c5bd617fffea79e3baab98e0bbffc48109127849b37f65d59133bb4fc4548f2414756327081f7208158dbe26742880c3d1e8c534e14f2a572d0f4cc5345fa1604f6bdc7eec5ccdc011911d55c6f79272a30282162b7f3cbffebf78871defb9cec442dc5488efc00a158ac265c0319e44fc39aa9b20f7996727fc2821383f69bc1e3d5fbd0810e484416482b196463a6a4d2e22bab5f1a2e0866348a9c9e4c1df5926042aac3fcb179d514d62972245961c308c4250e01f44274bfd8477d3a64396c714d47efb8f5adfacee7360d061bba505c4230a1993d2f43089e734c36494af93b3d4cd77c2540244e41fb7103db54ca0beec9b67a29a2b702028c5772f34325343335806c3fa058ba3e657e8554e5fdfa1aad253114acd220737428bdc1a0c56fd86ad1ab4f2332a2d0a960bdf300e591f164a34d1af63fa2aa98328829f61ff4a6b6b89afe93bb9967dfbc0b97f949d62886c4890fc77f26b344b83a052be0eda4671730f2dfbc792a67c41f9969789a4227facfbe3903b6826d01788ad5702428f3954227609d75e7d9dd8de82a55b9fef1b65dc9168650351e1b5b2b2db96098771c8b7614bdded244f29c6ebda995843e939f96d986fbadb196cf2d27f5c15a5bc7f65e340a054812b88686e9a4ec036d75a5b57cfb5be1c9fc915559508512d8e3936728e5c26e5849cf7559b4d9c993cfedd1b8ca59d895535d444ea7eb96c361cb4b72226acdd64787e0950e43dc517f30b15534ede3006d425296f36cdb3459500c817c05f729a4dd290d28baa55558902f0553df72bd618713013708304c7ba7bfb4b004af2c9af436d6b04e64dd92adbe41f91d2920106167f3d061d6262d62c5ba810e327240004b97536488dc5d758a051a717670b0b760e0c0aa0bc41e1a501614e51ec4f50eb5a862c3723ce53bb4f75469c92cd4f491dfe81ca8c4bd925fe2275caca49843865c56dac2506be78b610b454fb0408e88b3ea6fdd133b9340ef85ac58b1ca7b1ef1c19f7369d55d68ddf68d19cb0853486abfa0bc847bbdeacbc42675462ca236283b7b3171f3129bce5c705f0da567c408baf7848d8f8067a7cda0834bb9adbe07576b11a4c4560ebf32fab24b11acc14d065b8bcb0a75deab241b24f10789fda3f2359d7dcd96804f8a1b79445fed28224965067cd17dd0535495dae3c13ddbdd0d26d1e6c6a44a76b7b391079f8d375b0ae484e449d24d16fc3783a7a6644664edeb0efb57420f97daf4825a3001a010072bcf5a87ad98bda8eb1ad72ea3b84672b10fae1239118fb9be7e504c1f04d59d08792bd6e4ce7090bc4986386beedbb510a36d4dcd59df09daa064df9d6f6649fa41da815dc647db36ad14d0d9f8014e2d96d7e2f9cc43a50719592954508e15e99209abfcbe0553de67f758f07e9d23bd9173e245d4701bf94591a258d0ef88d4f24dfd692658ac2fb551aa14246e9d3f36172c2559eda27a52191be7d4b4c8b2c7d89a238a18c57a0c6bd2989566390ac90171bff2d90706e520835ce24e28040e811035be6512f974c314d547dcfb13f8d66aa3369aad2d2a2e40058c83c9a3e933b211166ce1848ad98e8023469fe7360415fb288104e037f1eaf9fa39d1c81f674c64c48b9dd21e26385a0fc9caac8027eab7b2ec9c1ba87c5e41a5ef4ea2fe8a55d1edc19468eb184483f5b42401e50bd89526c78db9dd59e8a05ebe3c8b36d1cf1287daee3b4de0652a35c2cbd2d69f4f0b63e1b852a75dcb31bab9ab59f1b5f23310e129c4cb0f67dffdb3528726784460f4136f1c0b3bebead066bacc814f054227fbcdc89eddd429b526c94a255e3489cb329dfcdff5df32c70fdd7b5272ab6c14de9afa2c1c943ad896533c1b9c36030080a6df4515bf1a025506f68f45bf5c8bb6007c4c12c3b9841ec959760193ac031bd67106192bd9dd01d37fa18756d24a033b3078e4dbff0ce4efda48ae89c0d1486694d09b8550cd2aa22ab2407af4a74c9d29d23e7ae79ced6f6e46ecfeccb44ea617167d14607c592ed12952a5bb0a078176ff6aba391fb2152089c42fa048a47525708ba67cdeff99a8e62fde26ac22fe106184be2e054ca94b878e14deaa62cf70967ee2063b3ded9b2c5e4ce7c90bcdd329d50083772c6abb0704ee03c2c9a0a714182e6cb49abccbb3fd5c12d184cfb8a343a7dac685775e39cf1c5f2130d66d2c7e7b4490fe200b25a6bbfbd0a6684b10b0cfd833153c7353356c78b0bae6b3545671e5c9ed7fe645c799f409535f0dd69e063eb826129869718a93cca7b0450eef6a93a80cf3bca7746bb904b04a8bc2b12d50477b400a97ceadb0bfed7e8d4a94cbafb4d496b6b3e3d113d997c373ffa2341bb607346b2b24006ccdae52834a559b5d35c5f27ef05722bd32c7471ada2b535b3d786d27a794f5db55b834aba43f6f46bde855ff533cd6450c2a2900ffff0bc9c37ee6cfacfc2b06a7b10336014b7db868d615c9b3d4f3d86a4834ed97ced9f2cf06e96ec21715ffd46527754f8717a672c6cf69455dd5dcc557328cc0599b2420d89ca2d78c9283da5e3ead128be306980211ae3009e2a339106c244e92a9b1065cd0f7ab74b21edd89f910a8dbe28991df6f2e2946697c59da7eb1c3bc356e991b75a65e89288d0878706a49c289d6a573f394e76eb3b28f9a6f4f23e3181fb97257181adcfd36eba2ad2a81a2e3f45f25f7937c423bc28f59e8aba9dfcea3450711b152eae6d29480760988bfbd3670bdfdc3b1ea808b23cd2b9f950e0e1f7cff1e6880830326d808394e340504315d11f80eaffe6640df91e8ad907f3f7b2aacc39eaedcfca78e73bef99b844fd9f365a9990f26f0d25245dad5757c321aa6d8455bb5b1a0a727115f4b6bac2f554cfdd712c067d2200655db26e009c1375888e7582d74fd1e803b7da21866d57a23ba8183d2b5b23ea6d96fa031d0b9e952424e993d45e88d05098002a33198e4eef4f7fd55f75c7b2aaa5d23e6a95e59b6fc9b763217492b45fa8193caf228ea0955e628a3bb9cf912d73113aef09c4f5b1cd12c6404cdd5e365089bcd9e27a81eda7d7cbfd6d7cedd54eebdda507b170a9c994bc9e8baeb7c750d3c011bc59790c5ed5679ecdfef26f48e4ca88efd755c835566353b7e4d32d313398e00a1b72c70bcc6dceb3c08d62294fcff61554cac9e1b8fdd5cae252e5d1f33415b2ff450c06277817ff0d63e52e6be9ccf9f06e028d1d5bd0f93bd80a5c8242b10da68df985635b2d86ed26e6e2b3976be076ccdb9257fa6b64328d83b0180664f507f20ae883a9404ba0a48aa3b7ca1233099f80a892d7ffdbb5af0a90f71ebaf8922bf670b016d301e52d53af718d17c2467ebd863b9146bf730e05120acabfe4fd1208565e0d408f30f83778742ec651649c2a6f7beb4363e77575185449e92f735526dca023647a807e54f8a562d76502e05efd128f171f5b557d7649699bcda0df779cac291326414c6fb27d0f837895eb2066c4ce0a179e768965ed70f3164a2e84f183dd5e9ed0de7a122371ca7205b298389d7a2d92228ab844d169fe356b571a43197d1181e3e7f1609c9120fff75fc6272b56167528557b55b6f7e590610c3deeb82bf3d9bb68bac455e3239305668fe00d6b8b6fe47dba8bc603f7bef657dc6c8d47d0df722b9c1e891ffa5cb7b2be34c361791ac497d07a4d600f1fd24fea1a399546fcf0e9fca7f85ed1eca2ffa05c3c1b30ed74564358562c500d17065c3eb2421e68bfd86bc7700b66d35a85a07de9355d226744a001a9fa8c2df39034329c9736675e450c7f1b614587b4a77a00607471fd5ae1066522d88c65b3e23fcec27204eed1f60b4fa4a40f816900992f0fddadb5eaa0e478ef1c2202193b4992e0f077c9b8cbf9aaa0cc8ac80c0bfba7c7c42a3bfd072ef3df0d644503e36a70048ad79a7007c994128661afb61510af0fb7f8c049bb48d530be4d8a68f3beab8eca240577879e50103fd7bce6393194520bd3e8bcd899fe5d45ed4f05cc624c4ddc2f5bed56a70a4bcc195c79c039955a5302c332580d8f429ed2f9a1b3b8e5acdb60868ea9b64c640a6a0f7dd4cd07661a9e82d50b468efaa96c787a9c7513b769922e146b3906ffc21cd6d9f2a8a4292da640e6438883cdd4f07ec5556e241739710dd6f1e857cbcc2d95bd8448d71a8c72fc1658e6038dd669e7b3bb183a274386571abe8077f23a9ac2d461786b60093177ece718061a64990ca37166f73c505cdeae12295897a57d96ae439ab57e34546f4f3de44de489ec0e1d22e8abcb3c4eaaba51ffd466b662672552d08d0f1baa32fffd7e030dbe54127f2db1ccd812de4a0ca97dc5d4c426d365996a736998e1b27c00fd8bd1134621eb7b3ab571b09ab4b726facd6027b7f301adf4ffb66b7e51d6a59b786439f174a3841343027be4f6bb23b89a10739eca5967dae44bb35088ebf9ff7d3449aadb0babc3852369f449eb9fcf9c622e4c61eefa8c828f42c9869bcee70f0af771032eb65f35ec09fd287c82521193c831b821839a318590543595a76c25c7dadc0fd5a79e826c618963e602f0de526fb30cd76407545558210aad6e06e6a45247b1d920902aad7e61f15058ae98118137e38243ef403c8982c4235e13c34323d37136d276275cb4aba2b44bacffaf3a11a0a5973349204d29999bb0c722ace31c26595521a30f03fa7c28fb4d22b70d3fbd13185cb19a75d8b8eaf1125ce206c6401eaf2c4b73d1629a8e65bb9e586bdb523de71302899bec87bbe62ac9cac46ccbd66c1e098a9e05fe599039bdfed5e9b789b43312fb0b3c2eb1f3f8f9486dfe07ce180369be6fc8d8107a5a1fbd0c0691044d4015810742a122858e2ce25f6d522e5136da5ebe9eb6ed32d932cb1443ead3584bb998fedd2f707a11a4a076c1d36bea69371cf616d2ef5be3d03031da49e4a2aef49d0ae45e7f2c91fb87bed83da94c77cebde7764565e664f6b8b12911b481d4c94853cf5834e8dc6c7d11fffd38f0680679ad9759b60bb5ef8f70c980f57fa990b3dfa0b1fb9a4f2ad61911c55bcdc15a9ca69444481c38b95d47b5f087c1c081ac308be753410157874009e33e8a1f8911f75486db0459ba025f9d7483a964aa8fc840a1c862a3a0284469e8751682ee3ec84696d9bbba81703d3b922eb6e92d1524c0f5ebd7a3376c42e868d53b710b35d95548c82fb9ddbd7f316391288b6cf2902234d90e062b33033df20c4f02b1c62bbc09d81d42fe54aa426ef02350fd35cd00755c78ab3d6ccc98e77ee6ab5e357df58843390422283f311b4b46dea4fa6d8ef2dceed92819db1ce5f5a827d26e8154dffe4ec8f419c420c72825df0", 0x2000, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x90, 0x0, 0x80000003, {0x0, 0x7ffffffffffc, 0x2, 0x3, 0x30c7, 0xa2, {0x0, 0x2, 0x3, 0xa, 0x8000000000000001, 0x9, 0x1, 0x801, 0x42, 0x6000, 0x4, 0x0, 0x0, 0xffffffff, 0xfff}}}, 0x0, 0x0, 0x0, 0x0, 0x0}) r3 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x2002, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2) socket(0x2a, 0x3, 0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) fsopen(0x0, 0x0) write$dsp(0xffffffffffffffff, 0x0, 0x0) write$proc_mixer(r3, &(0x7f00000003c0)=ANY=[@ANYBLOB='ALTPCM \'Line Capture\' 00000000000000000000\nLINE2\nDIGITAL3\nSP'], 0xf7) r5 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card0/oss_mixer\x00', 0x0, 0x0) dup3(r5, r3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0xe1}, 0x0) r6 = getpid() setpgid(r2, r6) sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r7, &(0x7f00000bd000), 0x318, 0x0) r8 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) readv(r8, &(0x7f0000000000)=[{&(0x7f0000001300)=""/241, 0xf1}], 0x1) ioctl$TIOCVHANGUP(r8, 0x5437, 0x0) link(&(0x7f0000000280)='./file0/../file0/file0\x00', &(0x7f0000000400)='./file0/../file0/file0\x00') 12.806790803s ago: executing program 7 (id=1225): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) process_madvise(0xffffffffffffffff, 0x0, 0x0, 0x17, 0x0) 12.426905329s ago: executing program 8 (id=1226): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') read$FUSE(r0, &(0x7f00000020c0)={0x2020}, 0x2020) bpf$PROG_LOAD(0x5, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@xino_on}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000200180000000000000"], &(0x7f00000001c0)='GPL\x00', 0x4, 0x93, &(0x7f00000003c0)=""/147}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) chdir(&(0x7f00000003c0)='./bus\x00') open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) r5 = syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0xa401) ioctl$USBDEVFS_CONTROL(r5, 0xc0185500, &(0x7f00000006c0)={0x2, 0xf, 0x4, 0x1, 0x0, 0x5, 0x0}) 12.426419151s ago: executing program 4 (id=1227): prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socket(0x1d, 0x2, 0x6) socket$key(0xf, 0x3, 0x2) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0xc7}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000002c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x2, &(0x7f0000000b80)=@gcm_128={{0x303}, "cfc86a00", "4617a9f6040839230fb7fead776dd8dc", "c6db0872", "a44a883fca4400"}, 0x28) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58) accept4(r2, 0x0, 0x0, 0x800) pselect6(0x40, &(0x7f0000000240)={0x0, 0x5, 0x3, 0x200, 0x2, 0x8}, 0x0, &(0x7f0000000280)={0x3ff, 0x0, 0x2, 0x18, 0xc0, 0x9, 0x466, 0xfffffffffffffffe}, 0x0, 0x0) 12.425849776s ago: executing program 6 (id=1228): socket$nl_xfrm(0x10, 0x3, 0x6) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) syz_usbip_server_init(0x0) r3 = socket$inet6(0xa, 0x802, 0x0) sendmsg$inet(r3, &(0x7f0000000300)={&(0x7f00000001c0)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1100000000000000000000000100000000000000000000001c00000000000000000000000700000044"], 0x38}, 0x0) unshare(0x2c020400) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0x0, 0x1}, {0xffff, 0xffff}, {0xffff, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x0, 0x0, 0x40004}, 0x4000) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000600)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd2d, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x0, 0x2}, {}, {0x7, 0x9}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_KEY_ETH_TYPE={0x6, 0x8, 0x8864}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x24000810}, 0x20084084) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x0, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80}, 0x94) socket$nl_generic(0x10, 0x3, 0x10) 12.29365414s ago: executing program 2 (id=1229): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x4, &(0x7f0000000100)=@framed={{0x18, 0x5}, [@call={0x85, 0x0, 0x0, 0x6a}]}, 0x0, 0x8}, 0x94) r0 = socket$can_raw(0x1d, 0x3, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0) sendmsg$can_raw(r0, &(0x7f0000000000)={&(0x7f0000000580), 0x10, &(0x7f0000000100)={0x0}, 0x2, 0x0, 0x0, 0x4904}, 0x4040005) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeef, 0x8031, 0xffffffffffffffff, 0x402000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r5, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) bpf$MAP_CREATE(0x0, 0x0, 0x48) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4000) r8 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r8}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) write$P9_RGETLOCK(r7, &(0x7f00000000c0)=ANY=[], 0xffffff6a) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4000) tee(r6, r9, 0xfffffffffffffc01, 0x0) tee(r6, r9, 0x60000000000, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000008000000010001000900000001"], 0x48) 12.293346352s ago: executing program 7 (id=1230): fsopen(0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000740)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$SNDCTL_DSP_CHANNELS(0xffffffffffffffff, 0xc0045006, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) 11.006112742s ago: executing program 2 (id=1231): prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x10000}, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) socket$nl_route(0x10, 0x3, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x2010, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(0xffffffffffffffff, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="190000000400000004000000"], 0x48) r5 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10) r6 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$sock_linger(r6, 0x1, 0x3c, &(0x7f0000000100)={0x200000000000001}, 0x8) connect$inet6(r6, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback={0xff00000000000000}, 0x400}, 0x1c) sendmmsg$inet6(r6, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171, 0x0, 0x0, 0xffffff8d}}], 0x400000000000172, 0x4000000) 8.865786149s ago: executing program 4 (id=1232): r0 = socket$kcm(0x2, 0x5, 0x84) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000440)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f00000003c0)=[{}, {0x2, 0x0, 0x0, 0x8}], 0x10, 0x3}, 0x94) sendmsg$inet(r0, &(0x7f00000029c0)={&(0x7f0000000100)={0x2, 0x0, @local}, 0x10, &(0x7f0000000080)}, 0x0) r1 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, &(0x7f0000000780)={{0x6, 0x5, 0x0, 0x3, 'syz0\x00'}, 0x1, [0x0, 0x0, 0x8000000000000000, 0x0, 0x0, 0x4, 0x0, 0x3, 0xa8af, 0x0, 0x5, 0x0, 0xfffffffffffffffe, 0x3, 0x0, 0x1, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x43, 0x0, 0xfffffffffffffffd, 0x100000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd453, 0x0, 0x0, 0x4, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x9, 0x0, 0x1000, 0x3, 0x0, 0x0, 0xfffc, 0x7785, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0xffffffffffffffff, 0x7fffffff, 0x0, 0x10000, 0x80000000000, 0x79, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x4, 0x0, 0xffffffffffffffff, 0x3, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x80000, 0x0, 0x2, 0x4000000000000, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x34, 0x0, 0x4, 0x0, 0x400, 0x0, 0x8000000000000001, 0x1, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ffffffc, 0x20b50d5c, 0x0, 0xfffffffffffffffc]}) sendmsg$inet(r0, &(0x7f00000000c0)={&(0x7f0000001040)={0x2, 0xfffd, @private=0xa010101}, 0x10, &(0x7f00000001c0)=[{&(0x7f0000000140)='\x00', 0x1}, {&(0x7f0000000280)="99a939b800656b9f4d5afc3b87e44bedc3387908909039575b65a54c8efdcb9537fb9b15643bffa02d7d4f7b466b85c134914af6052498176d5bc61ca9078b3b6e92525ed9d28ad8f3ad637cd5ef9ccae8d88872f51cd6b504ca5a3dbc1143dd9b2bc4844a6d691acb0c60e7709da943", 0x70}], 0x2}, 0x20000000) capset(&(0x7f0000000380)={0x20080522}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)=ANY=[], 0x34}}, 0x4004010) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x14, 0x34, 0x107, 0xfffffffc, 0x0, {0x1, 0x7c}}, 0x14}, 0x1, 0x0, 0x0, 0x488c0}, 0x4c044) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)={0x14, 0x34, 0x9, 0x0, 0x4000, {0x4}}, 0x14}, 0x1, 0x0, 0x0, 0x4841}, 0x14040044) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) 8.637776799s ago: executing program 7 (id=1233): r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCDEL6RD(r0, 0x89fa, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f0000000f40), r1) syz_io_uring_setup(0x696, &(0x7f0000000240)={0x0, 0xbcdf, 0x3180, 0x0, 0x35}, &(0x7f0000000180)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_WRITE={0x17, 0x47, 0x4007, @fd_index=0x40, 0xd351, 0x0, 0x0, 0xa}) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="340000000906010200000000000000000200ffff08ffff40000000390900020073797a3100000000050001000700000004000880"], 0x34}, 0x1, 0x0, 0x0, 0x10000082}, 0x4000080) socket$nl_generic(0x10, 0x3, 0x10) capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200003, 0x0, 0x0, 0x3}) r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r6 = syz_pidfd_open(r5, 0x0) process_madvise(r6, 0x0, 0x0, 0x10, 0x0) 7.23667934s ago: executing program 8 (id=1234): capset(&(0x7f0000000040)={0x20080522}, 0x0) r0 = socket$qrtr(0x2a, 0x2, 0x0) bind$qrtr(r0, &(0x7f0000000500)={0x2a, 0x1, 0x1}, 0xc) 7.23373499s ago: executing program 9 (id=1235): socket(0x10, 0x3, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b000000000000000000"], 0x48) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000b80)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x50) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000540)={r4, &(0x7f0000000480), &(0x7f0000000340)=@udp6=r0}, 0x20) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000380)={r5, r2, 0x25, 0x2, @val=@tcx}, 0x1c) syz_emit_ethernet(0x46, &(0x7f0000000580)=ANY=[@ANYBLOB], 0x0) 7.104524135s ago: executing program 2 (id=1236): sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r3}, 0x10) r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000140), 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r4, 0xc0605345, &(0x7f0000000040)) syz_open_dev$dri(&(0x7f0000000340), 0x1ff, 0x400002) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) kexec_load(0xff0f, 0x1, &(0x7f0000000480)=[{0x0, 0x0, 0x7ffe0000, 0x3e0000}], 0x0) 6.67994087s ago: executing program 8 (id=1237): prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x8b}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', 0xffffffffffffffff, 0x0, 0x3}, 0x18) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000240)=@bpf_lsm={0xd, 0x0, 0x0, &(0x7f0000000000)='GPL\x00'}, 0x94) request_key(&(0x7f0000001000)='dns_resolver\x00', &(0x7f0000001040)={'syz', 0x2}, &(0x7f0000001080)='\x00', 0x0) request_key(&(0x7f00000010c0)='dns_resolver\x00', &(0x7f0000001100)={'syz', 0x2}, 0x0, 0x0) 5.689805906s ago: executing program 7 (id=1238): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000) ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000180)=[0x0], 0x0, 0x0, 0x0, 0x15}) r1 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$HIDIOCGFIELDINFO(0xffffffffffffffff, 0xc038480a, &(0x7f0000000240)={0x3, 0x0, 0x2, 0xff800000, 0x9, 0xe, 0x1, 0x4, 0x1, 0x6, 0x10, 0x0, 0x15d1, 0x6}) r3 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r3, 0xc05064a7, &(0x7f0000000a00)={&(0x7f0000000800)=[0x0], &(0x7f0000000840)=[{}, {}, {}, {}], &(0x7f0000024140)=[0x0, 0x0, 0x0], &(0x7f00000009c0), 0x42, 0x42, 0x1, 0x0, r2}) 5.631105562s ago: executing program 2 (id=1239): r0 = syz_usb_connect(0x3, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="9f01000083667d1040206402d14e0102030109021b000100000000090400000190f19c000905f3ed"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000001840)={0x84, &(0x7f0000001340)={0x20, 0x3, 0x8, "6e812891baf00ff0"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001800)={0x40, 0x21, 0x1, 0x7f}}) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000840)={0x84, &(0x7f0000000040)={0x40, 0x17}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) 5.506369737s ago: executing program 6 (id=1240): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r0, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r1, 0x0, 0x0, 0x0, 0x0}) ioctl$IOMMU_HWPT_ALLOC$NONE(r0, 0x3b89, &(0x7f0000000180)={0x28, 0x1, r2, r1, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$IOMMU_HWPT_ALLOC$TEST(r0, 0x3b89, &(0x7f0000000200)={0x28, 0x0, r2, r3, 0x0, 0x0, 0xdead, 0x4, &(0x7f0000000240)}) ioctl$IOMMU_HWPT_INVALIDATE$TEST(r0, 0x3b8d, &(0x7f0000000280)={0x20, r4, &(0x7f0000000480)=[{0x0, 0x10000002}], 0xdeadbeef, 0x8, 0x1}) 4.46581587s ago: executing program 9 (id=1241): r0 = socket(0x400000000010, 0x3, 0x0) r1 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000b40)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2e, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x1, 0xfffffffd, 0x7fff}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x20004081}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=@gettfilter={0x24, 0x2e, 0x121, 0x70bd28, 0x25dfdbfb, {0x0, 0x0, 0x0, r2, {0x9, 0xa}, {0xfff3, 0xfff1}, {0xb, 0xc}}}, 0x24}, 0x1, 0x0, 0x0, 0x20000090}, 0x4041080) 3.693455556s ago: executing program 9 (id=1242): r0 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi3\x00', 0x2000, 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r1, &(0x7f0000000000)={0x15, 0x110, 0xfa08, {0xffffffffffffffff, 0x0, 0x10, 0x10, 0x0, @in6={0xa, 0x4e22, 0x10001, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0xba99}, @in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1c}}}}, 0x118) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r2}, 0x18) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r3 = getpid() r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000001c0)={r4, 0x58, &(0x7f0000001f40)}, 0x9) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r7 = socket$inet6_sctp(0xa, 0x5, 0x84) prlimit64(0x0, 0x7, 0x0, 0x0) r8 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) poll(&(0x7f0000000000), 0x0, 0x400) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r8, 0x80044940, &(0x7f00000006c0)) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r7, 0x84, 0x7a, &(0x7f0000000340)={0x0, @in6={{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, &(0x7f0000000040)=0x84) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000340)) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f0000000140)={'pcl818\x00', [0xfffffffb, 0x2167, 0x2, 0x100000, 0x88d7, 0x8f, 0xfffffffd, 0x1000010, 0x3, 0xffffffff, 0x200, 0xfff, 0x344, 0x1, 0x0, 0xffffffff, 0x6, 0x3, 0x81, 0xe, 0x0, 0x0, 0x80, 0x7ff, 0x5, 0x0, 0xb0c4, 0x7df, 0x8, 0x1, 0x1]}) 3.60670807s ago: executing program 8 (id=1243): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x6, 0x8, 0x0) chroot(0x0) 3.011350389s ago: executing program 7 (id=1244): prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socket(0x1d, 0x2, 0x6) socket$key(0xf, 0x3, 0x2) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0xc7}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000002c0), 0x4) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58) accept4(r2, 0x0, 0x0, 0x800) pselect6(0x40, &(0x7f0000000240)={0x0, 0x5, 0x3, 0x200, 0x2, 0x8}, 0x0, &(0x7f0000000280)={0x3ff, 0x0, 0x2, 0x18, 0xc0, 0x9, 0x466, 0xfffffffffffffffe}, 0x0, 0x0) 2.718424383s ago: executing program 2 (id=1245): fsopen(0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000740)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$SNDCTL_DSP_CHANNELS(0xffffffffffffffff, 0xc0045006, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) 2.071600559s ago: executing program 4 (id=1246): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') read$FUSE(r0, &(0x7f00000020c0)={0x2020}, 0x2020) bpf$PROG_LOAD(0x5, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) mkdir(&(0x7f0000000040)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@xino_on}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000200180000000000000"], &(0x7f00000001c0)='GPL\x00', 0x4, 0x93, &(0x7f00000003c0)=""/147}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) chdir(&(0x7f00000003c0)='./bus\x00') open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) r5 = syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0xa401) ioctl$USBDEVFS_CONTROL(r5, 0xc0185500, &(0x7f00000006c0)={0x2, 0xf, 0x4, 0x1, 0x0, 0x5, 0x0}) 865.287725ms ago: executing program 2 (id=1247): r0 = syz_open_procfs(0x0, &(0x7f0000002400)='net/netstat\x00') read$FUSE(r0, &(0x7f0000002500)={0x2020}, 0x2020) 122.596802ms ago: executing program 7 (id=1248): bpf$MAP_LOOKUP_ELEM(0x4, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) r1 = io_uring_setup(0x1511, &(0x7f0000000180)={0x0, 0x675c, 0x8000, 0x2, 0x370}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, r1, 0x20000000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000002900)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000a00)=ANY=[@ANYBLOB="600000000206050000000000000000000100000405000400000000000900020073797a310000000014000780050015000200000008001240000000000500050002000000050001000600000011000300686173683a6e65742c6e6574"], 0x60}, 0x1, 0x0, 0x0, 0x4000}, 0x0) open_by_handle_at(0xffffffffffffffff, &(0x7f0000000100)=ANY=[@ANYBLOB="0c0000000100010004"], 0x408100) 0s ago: executing program 4 (id=1249): r0 = bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000000)={r0}, 0x4) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) timer_create(0x4, 0x0, &(0x7f0000000140)=0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) tee(r2, r3, 0x3, 0x0) timer_gettime(r1, &(0x7f00000000c0)) timer_gettime(r1, &(0x7f0000003bc0)) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x7, 0x4, 0x20, 0x1}, 0x50) bpf$BPF_GET_MAP_INFO(0x3, &(0x7f00000006c0)={r5, 0x58, &(0x7f0000000100)}, 0x87) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) chdir(&(0x7f00000000c0)='./file0\x00') renameat2(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000600)='./file5\x00', 0x2) epoll_ctl$EPOLL_CTL_DEL(0xffffffffffffffff, 0x2, r5) bind$inet(0xffffffffffffffff, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0e00000004000000040000000300000000000000", @ANYRES32, @ANYBLOB, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000000000fc31856fc19e503684b1154f0afd00000000000000000000000000000000000800cf5044f2c99dd83420c4ad6d08f59fb7a99382f08238b2572920f003ba751fa5eae0401eadb72224453678aa585c10f7ff0758225f332063689825ccced7406d8e205e2ffd10953c7f6df17bccb6e982d1a67e837046762ffa3774479ecaed6a719936296a6fae7cb8963e1e6937724d3f12c4e727cc8e3ee8a51702ce4eb93b1412618d93f82f64cfd3f971b5572860d9118da6e53ee8e674ac3030f371cf762110"], 0x50) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50) syz_open_dev$tty1(0xc, 0x4, 0x1) r6 = syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0) ioctl$VIDIOC_SUBSCRIBE_EVENT(r6, 0x4020565a, &(0x7f00000000c0)={0x3, 0x980900, 0x3}) ioctl$VIDIOC_QUERYMENU(r6, 0xc008561c, &(0x7f0000000000)={0x980900, 0x7, @value=0x2}) kernel console output (not intermixed with test programs): g=0 arch=c000003e syscall=15 compat=0 ip=0x7f2bfc52ab19 code=0x7ffc0000 [ 378.233139][ C0] vkms_vblank_simulate: vblank timer overrun [ 378.469086][ T6321] bridge0: port 1(bridge_slave_0) entered disabled state [ 378.480522][ T5868] Bluetooth: hci1: command tx timeout [ 379.540060][ T5868] Bluetooth: hci3: command tx timeout [ 379.622371][ T8365] overlayfs: failed to resolve './file0': -2 [ 380.519261][ T5868] Bluetooth: hci1: command tx timeout [ 380.824823][ T8360] loop5: detected capacity change from 0 to 32768 [ 380.836633][ T6321] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 380.847313][ T8360] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.501 (8360) [ 380.876489][ T6321] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 380.906328][ T6321] bond0 (unregistering): Released all slaves [ 380.997783][ T8258] chnl_net:caif_netlink_parms(): no params data found [ 381.002780][ T8360] BTRFS info (device loop5): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 381.071257][ T8360] BTRFS info (device loop5): using sha256 (sha256-x86_64) checksum algorithm [ 381.096373][ T8046] 8021q: adding VLAN 0 to HW filter on device bond0 [ 381.123924][ T8360] BTRFS info (device loop5): using free-space-tree [ 381.528151][ T8360] BTRFS info (device loop5): rebuilding free space tree [ 381.565587][ T6321] hsr_slave_0: left promiscuous mode [ 381.590337][ T6321] hsr_slave_1: left promiscuous mode [ 381.600612][ T6321] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 381.635798][ T6321] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 381.692527][ T5848] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 381.710693][ T6321] veth1_vlan: left promiscuous mode [ 381.722031][ T6321] veth0_vlan: left promiscuous mode [ 382.586904][ T5868] Bluetooth: hci1: command tx timeout [ 384.356172][ T6321] team0 (unregistering): Port device team_slave_1 removed [ 384.435285][ T6321] team0 (unregistering): Port device team_slave_0 removed [ 384.573231][ T8418] overlay: Unknown parameter '/' [ 384.688162][ T8419] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 385.402909][ T8421] loop0: detected capacity change from 0 to 4096 [ 385.621539][ T30] kauditd_printk_skb: 22 callbacks suppressed [ 385.621560][ T30] audit: type=1800 audit(1751863687.475:41): pid=8421 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.509" name="file1" dev="loop0" ino=33 res=0 errno=0 [ 385.726586][ T8293] chnl_net:caif_netlink_parms(): no params data found [ 385.777922][ T5855] BTRFS info (device loop5): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 385.937859][ T8046] 8021q: adding VLAN 0 to HW filter on device team0 [ 386.130508][ T1096] bridge0: port 1(bridge_slave_0) entered blocking state [ 386.137669][ T1096] bridge0: port 1(bridge_slave_0) entered forwarding state [ 386.410390][ T8435] loop0: detected capacity change from 0 to 1024 [ 386.835753][ T1096] bridge0: port 2(bridge_slave_1) entered blocking state [ 386.842968][ T1096] bridge0: port 2(bridge_slave_1) entered forwarding state [ 387.213562][ T12] hfsplus: b-tree write err: -5, ino 4 [ 387.218917][ T8046] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 387.290796][ T8258] bridge0: port 1(bridge_slave_0) entered blocking state [ 387.298727][ T8258] bridge0: port 1(bridge_slave_0) entered disabled state [ 387.343038][ T8258] bridge_slave_0: entered allmulticast mode [ 387.353329][ T8258] bridge_slave_0: entered promiscuous mode [ 387.363659][ T8258] bridge0: port 2(bridge_slave_1) entered blocking state [ 387.370895][ T8258] bridge0: port 2(bridge_slave_1) entered disabled state [ 387.378051][ T8258] bridge_slave_1: entered allmulticast mode [ 387.385982][ T8258] bridge_slave_1: entered promiscuous mode [ 389.272259][ T8462] loop0: detected capacity change from 0 to 512 [ 389.344463][ T8462] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 389.860628][ T8462] EXT4-fs (loop0): 1 truncate cleaned up [ 389.879227][ T8462] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 390.166025][ T8293] bridge0: port 1(bridge_slave_0) entered blocking state [ 390.176418][ T8293] bridge0: port 1(bridge_slave_0) entered disabled state [ 390.193140][ T8293] bridge_slave_0: entered allmulticast mode [ 390.209351][ T8293] bridge_slave_0: entered promiscuous mode [ 390.672423][ T8258] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 391.423913][ T8466] random: crng reseeded on system resumption [ 391.434416][ T8258] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 391.540979][ T8293] bridge0: port 2(bridge_slave_1) entered blocking state [ 391.558881][ T8293] bridge0: port 2(bridge_slave_1) entered disabled state [ 391.600364][ T8293] bridge_slave_1: entered allmulticast mode [ 391.608240][ T8293] bridge_slave_1: entered promiscuous mode [ 392.193717][ T5848] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 392.224627][ T8293] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 392.291016][ T8258] team0: Port device team_slave_0 added [ 392.544748][ T8293] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 392.708054][ T8258] team0: Port device team_slave_1 added [ 393.051619][ T8293] team0: Port device team_slave_0 added [ 393.059189][ T8258] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 393.084603][ T8258] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 393.149709][ T8258] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 393.187031][ T8258] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 393.205021][ T8258] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 393.276393][ T8258] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 393.394343][ T8046] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 393.447490][ T8293] team0: Port device team_slave_1 added [ 393.816608][ T8498] loop0: detected capacity change from 0 to 32768 [ 393.845117][ T8498] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.520 (8498) [ 393.902640][ T8293] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 393.928091][ T8293] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 393.954013][ C0] vkms_vblank_simulate: vblank timer overrun [ 393.989902][ T8498] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 394.010283][ T8498] BTRFS info (device loop0): using sha256 (sha256-x86_64) checksum algorithm [ 394.030400][ T8293] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 394.050429][ T8498] BTRFS info (device loop0): using free-space-tree [ 394.233162][ T8258] hsr_slave_0: entered promiscuous mode [ 394.266461][ T8258] hsr_slave_1: entered promiscuous mode [ 394.289071][ T8258] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 394.307668][ T8258] Cannot create hsr debugfs directory [ 394.576944][ T8498] BTRFS info (device loop0): rebuilding free space tree [ 394.601827][ T8293] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 394.608777][ T8293] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 394.634741][ C0] vkms_vblank_simulate: vblank timer overrun [ 395.389761][ T8539] loop5: detected capacity change from 0 to 1024 [ 395.415959][ T8293] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 396.138583][ T6626] hfsplus: b-tree write err: -5, ino 4 [ 396.251022][ T8544] xt_CT: No such helper "syz1" [ 396.682948][ T5848] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 397.592021][ T8293] hsr_slave_0: entered promiscuous mode [ 397.647796][ T8293] hsr_slave_1: entered promiscuous mode [ 397.670686][ T8293] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 397.710839][ T8293] Cannot create hsr debugfs directory [ 397.753431][ T8562] random: crng reseeded on system resumption [ 400.213062][ T8579] 9pnet_fd: Insufficient options for proto=fd [ 400.455296][ T6321] bridge_slave_1: left allmulticast mode [ 400.466594][ T6321] bridge_slave_1: left promiscuous mode [ 401.211273][ T6321] bridge0: port 2(bridge_slave_1) entered disabled state [ 401.227423][ T6321] bridge_slave_0: left allmulticast mode [ 401.233277][ T6321] bridge_slave_0: left promiscuous mode [ 401.239015][ T6321] bridge0: port 1(bridge_slave_0) entered disabled state [ 401.730214][ T6321] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 401.741447][ T6321] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 401.752795][ T6321] bond0 (unregistering): Released all slaves [ 402.112557][ T6321] hsr_slave_0: left promiscuous mode [ 402.300026][ T6321] hsr_slave_1: left promiscuous mode [ 402.311122][ T6321] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 403.088939][ T6321] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 404.279433][ T8604] xt_CT: No such helper "syz1" [ 406.279765][ T8634] netlink: 44 bytes leftover after parsing attributes in process `syz.5.542'. [ 406.294042][ T8634] netlink: 43 bytes leftover after parsing attributes in process `syz.5.542'. [ 406.294193][ T6321] team0 (unregistering): Port device team_slave_1 removed [ 406.304148][ T8634] netlink: 'syz.5.542': attribute type 5 has an invalid length. [ 406.322683][ T8634] netlink: 43 bytes leftover after parsing attributes in process `syz.5.542'. [ 406.352644][ T6321] team0 (unregistering): Port device team_slave_0 removed [ 406.718876][ T8635] IPVS: sync thread started: state = BACKUP, mcast_ifn = bond_slave_1, syncid = 1, id = 0 [ 410.373084][ T8667] trusted_key: encrypted_key: insufficient parameters specified [ 411.355775][ T5859] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 411.384467][ T5859] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 411.395374][ T5859] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 411.410474][ T5859] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 411.429358][ T5859] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 411.931672][ T8678] ptrace attach of "./syz-executor exec"[5848] was attempted by "./syz-executor exec"[8678] [ 413.472854][ T5859] Bluetooth: hci2: command tx timeout [ 415.606763][ T5859] Bluetooth: hci2: command tx timeout [ 415.613288][ T30] audit: type=1804 audit(1751863973.437:42): pid=8722 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.555" name="/newroot/166/bus/file0" dev="overlay" ino=977 res=1 errno=0 [ 416.176977][ T8726] trusted_key: encrypted_key: insufficient parameters specified [ 416.649096][ T8293] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 416.750851][ T8293] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 416.808887][ T8293] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 416.867115][ T8293] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 416.971355][ T38] bridge_slave_1: left allmulticast mode [ 416.987273][ T38] bridge_slave_1: left promiscuous mode [ 417.000212][ T38] bridge0: port 2(bridge_slave_1) entered disabled state [ 417.046080][ T38] bridge_slave_0: left allmulticast mode [ 417.074221][ T38] bridge_slave_0: left promiscuous mode [ 417.097763][ T38] bridge0: port 1(bridge_slave_0) entered disabled state [ 417.405615][ T8743] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 417.620443][ T5859] Bluetooth: hci2: command tx timeout [ 417.956454][ T38] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 417.978123][ T38] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 418.006947][ T38] bond0 (unregistering): Released all slaves [ 418.090650][ T8672] chnl_net:caif_netlink_parms(): no params data found [ 418.144891][ T38] hsr_slave_0: left promiscuous mode [ 418.152888][ T38] hsr_slave_1: left promiscuous mode [ 418.159235][ T38] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 418.168002][ T38] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 418.620069][ T38] team0 (unregistering): Port device team_slave_1 removed [ 418.665146][ T38] team0 (unregistering): Port device team_slave_0 removed [ 419.365396][ T8258] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 419.418970][ T8258] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 419.799982][ T5859] Bluetooth: hci2: command tx timeout [ 420.204679][ T8258] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 420.576776][ T8672] bridge0: port 1(bridge_slave_0) entered blocking state [ 420.591847][ T8672] bridge0: port 1(bridge_slave_0) entered disabled state [ 420.599571][ T8672] bridge_slave_0: entered allmulticast mode [ 420.608685][ T8672] bridge_slave_0: entered promiscuous mode [ 420.725341][ T8672] bridge0: port 2(bridge_slave_1) entered blocking state [ 420.743879][ T8672] bridge0: port 2(bridge_slave_1) entered disabled state [ 420.752758][ T8672] bridge_slave_1: entered allmulticast mode [ 420.773825][ T8672] bridge_slave_1: entered promiscuous mode [ 420.787915][ T8258] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 423.602900][ T8672] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 423.746350][ T8672] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 423.973769][ T8672] team0: Port device team_slave_0 added [ 423.995825][ T8293] 8021q: adding VLAN 0 to HW filter on device bond0 [ 424.022295][ T8672] team0: Port device team_slave_1 added [ 424.023853][ T8783] loop5: detected capacity change from 0 to 4096 [ 424.121869][ T8672] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 424.128847][ T8672] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 424.166520][ T30] audit: type=1800 audit(1751863982.017:43): pid=8783 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.571" name="file1" dev="loop5" ino=33 res=0 errno=0 [ 424.210266][ T8672] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 424.235822][ T8672] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 424.261983][ T8672] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 424.288242][ C0] vkms_vblank_simulate: vblank timer overrun [ 424.323843][ T8672] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 424.647179][ T8293] 8021q: adding VLAN 0 to HW filter on device team0 [ 426.542251][ T8796] relay: one or more items not logged [item size (56) > sub-buffer size (10)] [ 426.636484][ T8672] hsr_slave_0: entered promiscuous mode [ 426.655501][ T8672] hsr_slave_1: entered promiscuous mode [ 426.675729][ T8672] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 426.687526][ T8672] Cannot create hsr debugfs directory [ 426.878084][ T6321] bridge0: port 1(bridge_slave_0) entered blocking state [ 426.885261][ T6321] bridge0: port 1(bridge_slave_0) entered forwarding state [ 426.951910][ T6442] bridge0: port 2(bridge_slave_1) entered blocking state [ 426.959107][ T6442] bridge0: port 2(bridge_slave_1) entered forwarding state [ 426.999936][ T8258] 8021q: adding VLAN 0 to HW filter on device bond0 [ 427.211305][ T5973] kernel read not supported for file /dsp (pid: 5973 comm: kworker/1:5) [ 427.306901][ T8805] input: syz1 as /devices/virtual/input/input7 [ 427.379141][ T8258] 8021q: adding VLAN 0 to HW filter on device team0 [ 427.467522][ T3526] bridge0: port 1(bridge_slave_0) entered blocking state [ 427.474723][ T3526] bridge0: port 1(bridge_slave_0) entered forwarding state [ 427.587169][ T3526] bridge0: port 2(bridge_slave_1) entered blocking state [ 427.594381][ T3526] bridge0: port 2(bridge_slave_1) entered forwarding state [ 428.244682][ T8672] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 428.330629][ T8672] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 428.399652][ T8672] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 428.451224][ T8672] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 428.631407][ T8293] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 428.817514][ T8807] loop2: detected capacity change from 0 to 40427 [ 428.930628][ T8807] F2FS-fs (loop2): invalid crc value [ 429.006440][ T8672] 8021q: adding VLAN 0 to HW filter on device bond0 [ 429.052671][ T8825] loop5: detected capacity change from 0 to 512 [ 429.115858][ T8672] 8021q: adding VLAN 0 to HW filter on device team0 [ 429.166646][ T8828] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 429.201783][ T8825] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 429.216029][ T8828] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 429.288458][ T8825] EXT4-fs (loop5): 1 truncate cleaned up [ 429.298674][ T8825] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 429.351131][ T8807] F2FS-fs (loop2): Start checkpoint disabled! [ 429.391887][ T8807] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 429.400445][ T8828] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 429.407838][ T8828] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 429.744645][ T30] audit: type=1804 audit(1751863987.597:44): pid=8837 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.578" name="/newroot/192/file0/file0" dev="loop2" ino=10 res=1 errno=0 [ 429.766149][ C0] vkms_vblank_simulate: vblank timer overrun [ 430.104495][ T30] audit: type=1804 audit(1751863987.947:45): pid=8837 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.578" name="/newroot/192/file0/file0" dev="loop2" ino=10 res=1 errno=0 [ 430.258652][ T1077] bridge0: port 1(bridge_slave_0) entered blocking state [ 430.265874][ T1077] bridge0: port 1(bridge_slave_0) entered forwarding state [ 430.323753][ T3526] kworker/u8:10: attempt to access beyond end of device [ 430.323753][ T3526] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 430.396842][ T3526] CPU: 0 UID: 0 PID: 3526 Comm: kworker/u8:10 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 430.396876][ T3526] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 430.396892][ T3526] Workqueue: writeback wb_workfn (flush-7:2) [ 430.396939][ T3526] Call Trace: [ 430.396948][ T3526] [ 430.396958][ T3526] dump_stack_lvl+0x189/0x250 [ 430.396995][ T3526] ? __pfx_dump_stack_lvl+0x10/0x10 [ 430.397023][ T3526] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 430.397059][ T3526] ? __pfx_queue_work_on+0x10/0x10 [ 430.397091][ T3526] ? srso_alias_return_thunk+0x5/0xfbef5 [ 430.397119][ T3526] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 430.397159][ T3526] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 430.397196][ T3526] ? srso_alias_return_thunk+0x5/0xfbef5 [ 430.397223][ T3526] ? f2fs_hw_is_readonly+0x39b/0x470 [ 430.397264][ T3526] f2fs_handle_critical_error+0x37c/0x540 [ 430.397307][ T3526] f2fs_write_end_io+0x495/0x810 [ 430.397329][ T3526] ? blkg_put+0x22/0x240 [ 430.397377][ T3526] __submit_merged_bio+0x27a/0x6a0 [ 430.397419][ T3526] __submit_merged_write_cond+0x255/0x530 [ 430.397462][ T3526] f2fs_write_data_pages+0x261d/0x3000 [ 430.397541][ T3526] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 430.397595][ T3526] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 430.397664][ T3526] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 430.397700][ T3526] ? srso_alias_return_thunk+0x5/0xfbef5 [ 430.397741][ T3526] ? trace_f2fs_writepages+0x7f/0x200 [ 430.397777][ T3526] ? f2fs_write_node_pages+0x478/0x6e0 [ 430.397827][ T3526] ? sched_clock+0x3f/0x60 [ 430.397863][ T3526] ? srso_alias_return_thunk+0x5/0xfbef5 [ 430.397889][ T3526] ? sched_clock_cpu+0x74/0x430 [ 430.397916][ T3526] ? srso_alias_return_thunk+0x5/0xfbef5 [ 430.397949][ T3526] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 430.397989][ T3526] do_writepages+0x32e/0x550 [ 430.398021][ T3526] ? srso_alias_return_thunk+0x5/0xfbef5 [ 430.398049][ T3526] ? reacquire_held_locks+0x127/0x1d0 [ 430.398078][ T3526] ? writeback_sb_inodes+0x372/0x1000 [ 430.398116][ T3526] __writeback_single_inode+0x145/0xff0 [ 430.398147][ T3526] ? srso_alias_return_thunk+0x5/0xfbef5 [ 430.398174][ T3526] ? do_raw_spin_unlock+0x122/0x240 [ 430.398214][ T3526] writeback_sb_inodes+0x6b5/0x1000 [ 430.398240][ T3526] ? lockdep_hardirqs_on+0x9c/0x150 [ 430.398284][ T3526] ? rcu_is_watching+0x15/0xb0 [ 430.398317][ T3526] ? srso_alias_return_thunk+0x5/0xfbef5 [ 430.398359][ T3526] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 430.398436][ T3526] ? srso_alias_return_thunk+0x5/0xfbef5 [ 430.398463][ T3526] ? rcu_is_watching+0x15/0xb0 [ 430.398491][ T3526] ? srso_alias_return_thunk+0x5/0xfbef5 [ 430.398529][ T3526] wb_writeback+0x43b/0xaf0 [ 430.398566][ T3526] ? queue_io+0x311/0x590 [ 430.398596][ T3526] ? __pfx_wb_writeback+0x10/0x10 [ 430.398633][ T3526] ? _raw_spin_unlock_irq+0x23/0x50 [ 430.398674][ T3526] wb_workfn+0x409/0xef0 [ 430.398730][ T3526] ? __pfx_wb_workfn+0x10/0x10 [ 430.398771][ T3526] ? srso_alias_return_thunk+0x5/0xfbef5 [ 430.398798][ T3526] ? __lock_acquire+0xab9/0xd20 [ 430.398835][ T3526] ? srso_alias_return_thunk+0x5/0xfbef5 [ 430.398866][ T3526] ? srso_alias_return_thunk+0x5/0xfbef5 [ 430.398898][ T3526] ? _raw_spin_unlock_irq+0x23/0x50 [ 430.398930][ T3526] ? process_scheduled_works+0x9ef/0x17b0 [ 430.398957][ T3526] ? process_scheduled_works+0x9ef/0x17b0 [ 430.398987][ T3526] process_scheduled_works+0xae1/0x17b0 [ 430.399051][ T3526] ? __pfx_process_scheduled_works+0x10/0x10 [ 430.399088][ T3526] ? srso_alias_return_thunk+0x5/0xfbef5 [ 430.399125][ T3526] worker_thread+0x8a0/0xda0 [ 430.399162][ T3526] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 430.399207][ T3526] ? __kthread_parkme+0x7b/0x200 [ 430.399249][ T3526] kthread+0x711/0x8a0 [ 430.399287][ T3526] ? __pfx_worker_thread+0x10/0x10 [ 430.399315][ T3526] ? __pfx_kthread+0x10/0x10 [ 430.399346][ T3526] ? srso_alias_return_thunk+0x5/0xfbef5 [ 430.399377][ T3526] ? _raw_spin_unlock_irq+0x23/0x50 [ 430.399409][ T3526] ? srso_alias_return_thunk+0x5/0xfbef5 [ 430.399436][ T3526] ? lockdep_hardirqs_on+0x9c/0x150 [ 430.399469][ T3526] ? __pfx_kthread+0x10/0x10 [ 430.399505][ T3526] ret_from_fork+0x3fc/0x770 [ 430.399534][ T3526] ? __pfx_ret_from_fork+0x10/0x10 [ 430.399568][ T3526] ? __switch_to_asm+0x39/0x70 [ 430.399599][ T3526] ? __switch_to_asm+0x33/0x70 [ 430.399630][ T3526] ? __pfx_kthread+0x10/0x10 [ 430.399666][ T3526] ret_from_fork_asm+0x1a/0x30 [ 430.399718][ T3526] [ 430.399728][ T3526] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 430.553038][ T5868] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 430.863626][ T5868] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 430.909902][ T5868] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 430.921619][ T5868] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 430.929729][ T5868] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 431.046940][ T1077] bridge0: port 2(bridge_slave_1) entered blocking state [ 431.054140][ T1077] bridge0: port 2(bridge_slave_1) entered forwarding state [ 431.303831][ T8672] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 432.894069][ T8862] loop0: detected capacity change from 0 to 4096 [ 432.980493][ T5859] Bluetooth: hci3: command tx timeout [ 433.142017][ T8865] comedi comedi1: dt2801: a I/O base address must be specified [ 433.203341][ T30] audit: type=1800 audit(1751863991.047:46): pid=8862 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.583" name="file1" dev="loop0" ino=33 res=0 errno=0 [ 433.232747][ T8672] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 433.425974][ T5859] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 433.440142][ T5859] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 433.448387][ T5859] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 433.457114][ T5859] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 433.465696][ T5859] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 433.505966][ T8871] mmap: syz.0.585 (8871) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 434.100402][ T3089] usb 1-1: new full-speed USB device number 6 using dummy_hcd [ 434.108165][ C1] raw-gadget.0 gadget.0: ignoring, device is not running [ 434.260037][ T3089] usb 1-1: device descriptor read/64, error -32 [ 434.487298][ T5855] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 434.593636][ T1077] bridge_slave_1: left allmulticast mode [ 434.616261][ T1077] bridge_slave_1: left promiscuous mode [ 434.626558][ T1077] bridge0: port 2(bridge_slave_1) entered disabled state [ 434.679896][ T3089] usb 1-1: new full-speed USB device number 7 using dummy_hcd [ 434.702542][ T30] audit: type=1804 audit(1751863992.547:47): pid=8881 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.587" name="/newroot/196/bus/file0" dev="overlay" ino=1092 res=1 errno=0 [ 434.764336][ T1077] bridge_slave_0: left allmulticast mode [ 434.779360][ T1077] bridge_slave_0: left promiscuous mode [ 434.818311][ T1077] bridge0: port 1(bridge_slave_0) entered disabled state [ 435.059885][ T5859] Bluetooth: hci3: command tx timeout [ 435.091325][ T3089] usb 1-1: config 5 has an invalid interface number: 123 but max is 0 [ 435.122382][ T3089] usb 1-1: config 5 has no interface number 0 [ 435.600966][ T5859] Bluetooth: hci6: command tx timeout [ 435.707793][ T3089] usb 1-1: config 5 interface 123 altsetting 7 has an endpoint descriptor with address 0xEB, changing to 0x8B [ 435.732694][ T3089] usb 1-1: config 5 interface 123 altsetting 7 endpoint 0x4 has invalid maxpacket 54562, setting to 64 [ 435.744853][ T3089] usb 1-1: config 5 interface 123 has no altsetting 0 [ 435.764902][ T3089] usb 1-1: New USB device found, idVendor=3923, idProduct=718a, bcdDevice=d8.d7 [ 435.793688][ T3089] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 435.813715][ T3089] usb 1-1: Product: syz [ 435.818116][ T3089] usb 1-1: Manufacturer: syz [ 435.825096][ T3089] usb 1-1: SerialNumber: syz [ 435.851969][ T8872] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 436.542965][ T3089] comedi comedi5: driver 'ni6501' has successfully auto-configured 'ni6501'. [ 436.610626][ T3089] usb 1-1: USB disconnect, device number 7 [ 436.727305][ T1077] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 436.739617][ T1077] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 436.751402][ T1077] bond0 (unregistering): Released all slaves [ 437.140560][ T5859] Bluetooth: hci3: command tx timeout [ 437.321642][ T8903] netlink: 8 bytes leftover after parsing attributes in process `syz.5.592'. [ 437.634509][ T5859] Bluetooth: hci6: command tx timeout [ 437.807934][ T1077] hsr_slave_0: left promiscuous mode [ 437.814537][ T1077] hsr_slave_1: left promiscuous mode [ 437.820604][ T1077] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 437.830870][ T1077] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 438.337482][ T1077] team0 (unregistering): Port device team_slave_1 removed [ 438.400412][ T1077] team0 (unregistering): Port device team_slave_0 removed [ 438.598109][ T8910] loop0: detected capacity change from 0 to 1764 [ 438.605575][ T8910] iso9660: Unknown parameter 'de' [ 439.038792][ T8912] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 439.133153][ T8840] chnl_net:caif_netlink_parms(): no params data found [ 439.220032][ T5859] Bluetooth: hci3: command tx timeout [ 439.306150][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 439.312655][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 439.339004][ T8915] netlink: 8 bytes leftover after parsing attributes in process `syz.5.595'. [ 439.577659][ T8840] bridge0: port 1(bridge_slave_0) entered blocking state [ 439.597649][ T8840] bridge0: port 1(bridge_slave_0) entered disabled state [ 439.616249][ T8840] bridge_slave_0: entered allmulticast mode [ 439.625210][ T8840] bridge_slave_0: entered promiscuous mode [ 439.671039][ T8840] bridge0: port 2(bridge_slave_1) entered blocking state [ 439.708932][ T8840] bridge0: port 2(bridge_slave_1) entered disabled state [ 439.719495][ T5859] Bluetooth: hci6: command tx timeout [ 439.733621][ T8840] bridge_slave_1: entered allmulticast mode [ 439.749066][ T8840] bridge_slave_1: entered promiscuous mode [ 439.789508][ T8923] loop5: detected capacity change from 0 to 512 [ 439.798655][ T8923] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 439.838213][ T8923] EXT4-fs (loop5): 1 truncate cleaned up [ 439.855212][ T8923] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 440.494995][ T8840] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 440.596642][ T8840] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 440.691468][ T8672] veth0_vlan: entered promiscuous mode [ 440.708916][ T8672] veth1_vlan: entered promiscuous mode [ 440.740363][ T8672] veth0_macvtap: entered promiscuous mode [ 440.751458][ T8672] veth1_macvtap: entered promiscuous mode [ 440.779747][ T8672] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 440.813516][ T8672] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 440.918669][ T8840] team0: Port device team_slave_0 added [ 440.942996][ T8868] chnl_net:caif_netlink_parms(): no params data found [ 441.777843][ T8840] team0: Port device team_slave_1 added [ 441.784246][ T5859] Bluetooth: hci6: command tx timeout [ 442.021612][ T8672] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 442.046954][ T8672] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 442.063101][ T44] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 442.083209][ T8672] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 442.100904][ T8672] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 442.436896][ T8840] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 442.452334][ T8840] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 442.478321][ C0] vkms_vblank_simulate: vblank timer overrun [ 442.489361][ T8840] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 442.588894][ T8840] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 442.598139][ T8840] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 442.628430][ T8840] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 442.887029][ T8840] hsr_slave_0: entered promiscuous mode [ 442.892747][ T44] usb 1-1: Using ep0 maxpacket: 16 [ 442.897557][ T8840] hsr_slave_1: entered promiscuous mode [ 442.899660][ T44] usb 1-1: config index 0 descriptor too short (expected 65351, got 71) [ 442.908236][ T8840] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 442.912403][ T44] usb 1-1: config 0 has too many interfaces: 255, using maximum allowed: 32 [ 442.926897][ T8840] Cannot create hsr debugfs directory [ 442.928549][ T44] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 442.940147][ T8868] bridge0: port 1(bridge_slave_0) entered blocking state [ 442.944311][ T44] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 255 [ 442.955312][ T8868] bridge0: port 1(bridge_slave_0) entered disabled state [ 442.964368][ T44] usb 1-1: New USB device found, idVendor=046c, idProduct=14e8, bcdDevice= b.28 [ 442.969655][ T8868] bridge_slave_0: entered allmulticast mode [ 442.977027][ T44] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 442.977055][ T44] usb 1-1: Product: syz [ 442.977073][ T44] usb 1-1: Manufacturer: syz [ 442.977091][ T44] usb 1-1: SerialNumber: syz [ 443.009100][ T44] usb 1-1: config 0 descriptor?? [ 443.016447][ T8868] bridge_slave_0: entered promiscuous mode [ 443.065510][ T6321] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 443.074699][ T6321] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 443.085545][ T8868] bridge0: port 2(bridge_slave_1) entered blocking state [ 443.097796][ T8868] bridge0: port 2(bridge_slave_1) entered disabled state [ 443.109370][ T8868] bridge_slave_1: entered allmulticast mode [ 443.124393][ T8868] bridge_slave_1: entered promiscuous mode [ 443.219108][ T8868] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 443.253543][ T5855] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 443.375867][ T8868] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 444.090651][ T8868] team0: Port device team_slave_0 added [ 444.124801][ T6321] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 444.159919][ T6321] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 444.237617][ T8963] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 444.634290][ T8868] team0: Port device team_slave_1 added [ 444.697155][ T8966] loop5: detected capacity change from 0 to 1764 [ 444.720806][ T8966] iso9660: Unknown parameter 'de' [ 444.772794][ T8868] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 444.794757][ T8868] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 444.881681][ T8868] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 444.907580][ T920] usb 1-1: USB disconnect, device number 8 [ 445.112975][ T8868] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 445.182294][ T8868] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 445.711185][ T8868] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 445.897874][ T1077] bridge_slave_1: left allmulticast mode [ 445.912700][ T1077] bridge_slave_1: left promiscuous mode [ 446.198078][ T8975] loop2: detected capacity change from 0 to 32768 [ 446.212869][ T1077] bridge0: port 2(bridge_slave_1) entered disabled state [ 446.268308][ T1077] bridge_slave_0: left allmulticast mode [ 446.281835][ T1077] bridge_slave_0: left promiscuous mode [ 446.327536][ T8975] bcachefs (loop2): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names [ 446.327570][ T8975] allowing incompatible features above 0.0: (unknown version) [ 446.327586][ T8975] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 446.350173][ C0] vkms_vblank_simulate: vblank timer overrun [ 446.381235][ T8975] bcachefs (loop2): Using encoding defined by superblock: utf8-12.1.0 [ 446.389483][ T8975] bcachefs (loop2): initializing new filesystem [ 446.404023][ T8975] bcachefs (loop2): going read-write [ 446.419505][ T8975] bcachefs (loop2): marking superblocks [ 446.437793][ T8975] bcachefs (loop2): initializing freespace [ 446.449352][ T8975] bcachefs (loop2): done initializing freespace [ 446.458679][ T8975] bcachefs (loop2): reading snapshots table [ 446.464700][ T8975] bcachefs (loop2): reading snapshots done [ 446.492026][ T8975] bcachefs (loop2): done starting filesystem [ 446.507753][ T1077] bridge0: port 1(bridge_slave_0) entered disabled state [ 447.520826][ T8975] syz.2.610 (8975) used greatest stack depth: 15448 bytes left [ 447.944638][ T8973] loop8: detected capacity change from 0 to 32768 [ 448.070083][ T5858] bcachefs (loop2): shutting down [ 448.075315][ T5858] bcachefs (loop2): going read-only [ 448.088290][ T8995] loop0: detected capacity change from 0 to 512 [ 448.104978][ T5858] bcachefs (loop2): finished waiting for writes to stop [ 448.129851][ T5858] bcachefs (loop2): flushing journal and stopping allocators, journal seq 4 [ 448.174925][ T8995] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 448.334287][ T8995] EXT4-fs (loop0): 1 truncate cleaned up [ 448.375756][ T5858] bcachefs (loop2): flushing journal and stopping allocators complete, journal seq 4 [ 448.388653][ T8995] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 448.473216][ T9001] trusted_key: encrypted_key: insufficient parameters specified [ 448.522912][ T5858] bcachefs (loop2): clean shutdown complete, journal seq 5 [ 448.734972][ T5858] bcachefs (loop2): marking filesystem clean [ 449.188563][ T5858] bcachefs (loop2): shutdown complete [ 449.699344][ T9004] netlink: 8 bytes leftover after parsing attributes in process `syz.5.616'. [ 451.249564][ T1077] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 451.264127][ T1077] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 451.274469][ T1077] bond0 (unregistering): Released all slaves [ 451.459360][ T5848] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 451.470509][ T8868] hsr_slave_0: entered promiscuous mode [ 451.477102][ T8868] hsr_slave_1: entered promiscuous mode [ 451.484627][ T8868] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 451.492393][ T8868] Cannot create hsr debugfs directory [ 452.668440][ T1077] hsr_slave_0: left promiscuous mode [ 452.678372][ T1077] hsr_slave_1: left promiscuous mode [ 452.684556][ T1077] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 452.695573][ T1077] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 452.769948][ T9025] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 453.602921][ T1077] team0 (unregistering): Port device team_slave_1 removed [ 453.646491][ T1077] team0 (unregistering): Port device team_slave_0 removed [ 453.944802][ T9030] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 455.560548][ T9021] netlink: 76 bytes leftover after parsing attributes in process `syz.5.619'. [ 456.493445][ T9060] loop5: detected capacity change from 0 to 1024 [ 457.382236][ T36] hfsplus: b-tree write err: -5, ino 4 [ 457.514448][ T9076] trusted_key: encrypted_key: insufficient parameters specified [ 459.885524][ T9074] loop2: detected capacity change from 0 to 32768 [ 459.921480][ T9074] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.627 (9074) [ 460.342246][ T9101] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 461.498994][ T9103] 9pnet_fd: Insufficient options for proto=fd [ 461.884327][ T8840] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 462.037521][ T8840] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 462.202651][ T8840] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 463.012502][ T8840] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 466.099656][ T8840] 8021q: adding VLAN 0 to HW filter on device bond0 [ 466.582661][ T8840] 8021q: adding VLAN 0 to HW filter on device team0 [ 466.799539][ T8868] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 466.860869][ T8868] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 466.884827][ T1077] bridge0: port 1(bridge_slave_0) entered blocking state [ 466.892004][ T1077] bridge0: port 1(bridge_slave_0) entered forwarding state [ 467.526693][ T1077] bridge0: port 2(bridge_slave_1) entered blocking state [ 467.533912][ T1077] bridge0: port 2(bridge_slave_1) entered forwarding state [ 467.660440][ T8868] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 467.713467][ T8868] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 468.823916][ T8840] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 469.154624][ T8868] 8021q: adding VLAN 0 to HW filter on device bond0 [ 469.166173][ T9156] loop2: detected capacity change from 0 to 32768 [ 469.987205][ T8868] 8021q: adding VLAN 0 to HW filter on device team0 [ 470.052177][ T6321] bridge0: port 1(bridge_slave_0) entered blocking state [ 470.059335][ T6321] bridge0: port 1(bridge_slave_0) entered forwarding state [ 470.365789][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 470.373026][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 471.989202][ T8840] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 472.337103][ T5943] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 472.500483][ T5943] usb 1-1: Using ep0 maxpacket: 16 [ 472.625794][ T5943] usb 1-1: config 0 has an invalid interface number: 105 but max is 0 [ 472.703379][ T5943] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 473.100666][ T5943] usb 1-1: config 0 has no interface number 0 [ 473.168050][ T5943] usb 1-1: New USB device found, idVendor=046c, idProduct=14e8, bcdDevice= b.28 [ 473.199841][ T5943] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 473.261418][ T5943] usb 1-1: Product: syz [ 473.265622][ T5943] usb 1-1: Manufacturer: syz [ 473.301341][ T5943] usb 1-1: SerialNumber: syz [ 473.341076][ T5943] usb 1-1: config 0 descriptor?? [ 473.523896][ T8868] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 473.991118][ T9233] orangefs_mount: mount request failed with -4 [ 474.780044][ T5973] usb 1-1: USB disconnect, device number 9 [ 477.577005][ T9274] random: crng reseeded on system resumption [ 477.847311][ T8840] veth0_vlan: entered promiscuous mode [ 478.430395][ T9286] trusted_key: encrypted_key: key user:syz not found [ 479.741743][ T8840] veth1_vlan: entered promiscuous mode [ 480.325927][ T9294] loop5: detected capacity change from 0 to 1024 [ 480.842238][ T9297] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 481.199169][ T38] hfsplus: b-tree write err: -5, ino 4 [ 481.639464][ T8840] veth0_macvtap: entered promiscuous mode [ 481.687498][ T8840] veth1_macvtap: entered promiscuous mode [ 481.961705][ T8840] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 482.698183][ T8868] veth0_vlan: entered promiscuous mode [ 482.717400][ T9313] orangefs_mount: mount request failed with -4 [ 482.726026][ T8840] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 482.765705][ T8868] veth1_vlan: entered promiscuous mode [ 482.838118][ T8840] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 482.853237][ T8840] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 482.864025][ T8840] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 482.878383][ T8840] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 484.491724][ T8868] veth0_macvtap: entered promiscuous mode [ 484.718206][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 484.914426][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 485.398668][ T9350] trusted_key: encrypted_key: key user:syz not found [ 485.948764][ T8868] veth1_macvtap: entered promiscuous mode [ 486.441775][ T3500] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 486.740328][ T3500] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 486.960375][ T9357] random: crng reseeded on system resumption [ 487.005316][ T8868] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 487.123548][ T8868] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 487.223657][ T8868] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 487.279785][ T8868] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 487.308609][ T8868] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 487.353131][ T8868] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 487.994911][ T9381] loop5: detected capacity change from 0 to 1764 [ 488.002340][ T9381] iso9660: Unknown parameter 'de' [ 488.142720][ T9383] netlink: 48 bytes leftover after parsing attributes in process `syz.8.690'. [ 488.191368][ T9370] orangefs_mount: mount request failed with -4 [ 488.824641][ T3526] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 488.950117][ T3526] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 489.074802][ T6321] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 489.098599][ T6321] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 489.396119][ T9397] overlayfs: missing 'lowerdir' [ 490.111666][ T10] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 490.472973][ T10] usb 1-1: Using ep0 maxpacket: 16 [ 490.630031][ T10] usb 1-1: config 0 has an invalid interface number: 105 but max is 0 [ 490.689904][ T10] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 490.740129][ T10] usb 1-1: config 0 has no interface number 0 [ 490.830156][ T10] usb 1-1: New USB device found, idVendor=046c, idProduct=14e8, bcdDevice= b.28 [ 490.839223][ T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 491.105777][ T10] usb 1-1: Product: syz [ 491.110031][ T10] usb 1-1: Manufacturer: syz [ 491.114629][ T10] usb 1-1: SerialNumber: syz [ 492.062256][ T9411] trusted_key: encrypted_key: key user:syz not found [ 492.538381][ T9414] netlink: 292 bytes leftover after parsing attributes in process `syz.8.696'. [ 492.611175][ T10] usb 1-1: config 0 descriptor?? [ 492.621249][ T10] usb 1-1: can't set config #0, error -71 [ 492.694857][ T10] usb 1-1: USB disconnect, device number 10 [ 492.790854][ T30] audit: type=1326 audit(1751864050.647:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9420 comm="syz.6.700" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f065978e929 code=0x7ffc0000 [ 492.812923][ C0] vkms_vblank_simulate: vblank timer overrun [ 493.576826][ T30] audit: type=1326 audit(1751864050.677:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9420 comm="syz.6.700" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f065978e929 code=0x7ffc0000 [ 493.604115][ T30] audit: type=1326 audit(1751864050.677:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9420 comm="syz.6.700" exe="/root/syz-executor" sig=0 arch=c000003e syscall=254 compat=0 ip=0x7f065978e929 code=0x7ffc0000 [ 493.626176][ C0] vkms_vblank_simulate: vblank timer overrun [ 493.632777][ T30] audit: type=1326 audit(1751864050.677:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9420 comm="syz.6.700" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f065978e929 code=0x7ffc0000 [ 493.656292][ T30] audit: type=1326 audit(1751864050.687:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9420 comm="syz.6.700" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f065978e929 code=0x7ffc0000 [ 493.678346][ C0] vkms_vblank_simulate: vblank timer overrun [ 493.685294][ T30] audit: type=1326 audit(1751864050.697:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9420 comm="syz.6.700" exe="/root/syz-executor" sig=0 arch=c000003e syscall=255 compat=0 ip=0x7f065978e929 code=0x7ffc0000 [ 493.999898][ T30] audit: type=1326 audit(1751864050.697:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9420 comm="syz.6.700" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f065978e929 code=0x7ffc0000 [ 494.750247][ T9432] orangefs_mount: mount request failed with -4 [ 494.928676][ T30] audit: type=1326 audit(1751864050.697:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9420 comm="syz.6.700" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f065978e929 code=0x7ffc0000 [ 494.951025][ T30] audit: type=1326 audit(1751864050.697:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9420 comm="syz.6.700" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7f065978e929 code=0x7ffc0000 [ 495.046057][ T30] audit: type=1326 audit(1751864050.697:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9420 comm="syz.6.700" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f065978e929 code=0x7ffc0000 [ 495.427816][ T9452] overlayfs: missing 'lowerdir' [ 499.597048][ T9481] trusted_key: encrypted_key: key user:syz not found [ 501.266191][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.279435][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 501.901214][ T9496] comedi comedi3: driver 'ni_daq_700' does not support attach using comedi_config [ 502.740375][ T9503] Device name not specified. [ 502.740375][ T9503] [ 503.146670][ T9513] overlayfs: missing 'lowerdir' [ 503.261429][ T9517] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci6/hci6:200/input8 [ 505.609123][ T9547] trusted_key: encrypted_key: key user:syz not found [ 505.731939][ T30] kauditd_printk_skb: 33 callbacks suppressed [ 505.731973][ T30] audit: type=1804 audit(1751864063.587:91): pid=9534 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.5.726" name="/newroot/207/bus/file0" dev="overlay" ino=1176 res=1 errno=0 [ 506.138282][ T9554] loop8: detected capacity change from 0 to 1764 [ 506.147697][ T9554] iso9660: Unknown parameter 'de' [ 506.469807][ T920] usb 8-1: new full-speed USB device number 2 using dummy_hcd [ 506.654348][ T920] usb 8-1: unable to get BOS descriptor or descriptor too short [ 506.684576][ T920] usb 8-1: not running at top speed; connect to a high speed hub [ 506.714927][ T920] usb 8-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 147, changing to 4 [ 506.803457][ T920] usb 8-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 506.840074][ T920] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 506.878504][ T920] usb 8-1: Product: syz [ 506.902079][ T920] usb 8-1: Manufacturer: syz [ 506.919107][ T920] usb 8-1: SerialNumber: syz [ 507.920065][ T9589] Device name not specified. [ 507.920065][ T9589] [ 508.614706][ T920] usb 8-1: 2:1 : UAC_AS_GENERAL descriptor not found [ 508.661565][ T920] usb 8-1: unit 5 not found! [ 508.829950][ T920] usb 8-1: USB disconnect, device number 2 [ 509.013690][ T9597] 9pnet_fd: Insufficient options for proto=fd [ 509.820072][ T30] audit: type=1326 audit(1751864067.657:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9609 comm="syz.8.746" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1b2918e929 code=0x7ffc0000 [ 510.669821][ T9614] trusted_key: encrypted_key: key user:syz not found [ 510.963218][ T30] audit: type=1326 audit(1751864067.657:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9609 comm="syz.8.746" exe="/root/syz-executor" sig=0 arch=c000003e syscall=121 compat=0 ip=0x7f1b2918e929 code=0x7ffc0000 [ 510.997807][ C0] vkms_vblank_simulate: vblank timer overrun [ 511.446370][ C0] vkms_vblank_simulate: vblank timer overrun [ 511.511519][ C0] vkms_vblank_simulate: vblank timer overrun [ 512.167401][ T30] audit: type=1326 audit(1751864067.657:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9609 comm="syz.8.746" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1b2918e929 code=0x7ffc0000 [ 512.606018][ T9622] warning: `syz.8.747' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 512.783892][ T9626] netlink: 48 bytes leftover after parsing attributes in process `syz.6.750'. [ 512.873023][ T9626] netlink: 12 bytes leftover after parsing attributes in process `syz.6.750'. [ 512.926047][ T9626] netlink: 48 bytes leftover after parsing attributes in process `syz.6.750'. [ 514.457823][ T9654] 9pnet_fd: Insufficient options for proto=fd [ 515.822804][ T9665] loop2: detected capacity change from 0 to 1764 [ 515.830244][ T9665] iso9660: Unknown parameter 'de' [ 516.335076][ T9670] trusted_key: encrypted_key: key user:syz not found [ 520.874389][ T9711] 9pnet_fd: Insufficient options for proto=fd [ 523.720116][ T9735] loop5: detected capacity change from 0 to 32768 [ 523.727581][ T9735] XFS: ikeep mount option is deprecated. [ 524.087018][ T9735] XFS (loop5): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 524.487244][ T9735] XFS (loop5): Ending clean mount [ 524.507631][ T9735] XFS (loop5): Quotacheck needed: Please wait. [ 524.599523][ T9735] XFS (loop5): Quotacheck: Done. [ 525.285854][ T9757] loop6: detected capacity change from 0 to 512 [ 525.341619][ T5855] XFS (loop5): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 525.409131][ T9757] EXT4-fs (loop6): external journal device major/minor numbers have changed [ 525.450483][ T9757] syz.6.782: attempt to access beyond end of device [ 525.450483][ T9757] loop20: rw=0, sector=2, nr_sectors = 2 limit=0 [ 525.524403][ T9757] EXT4-fs (loop6): couldn't read superblock of external journal [ 529.801288][ T9805] loop5: detected capacity change from 0 to 1024 [ 531.052907][ T1114] hfsplus: b-tree write err: -5, ino 4 [ 531.332514][ T30] audit: type=1800 audit(1751864089.157:95): pid=9810 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.8.794" name="bus" dev="overlay" ino=263 res=0 errno=0 [ 532.534446][ T9818] loop7: detected capacity change from 0 to 512 [ 532.574725][ T9818] EXT4-fs: Ignoring removed mblk_io_submit option [ 532.920236][ T9818] EXT4-fs (loop7): mounting ext3 file system using the ext4 subsystem [ 533.053438][ T9827] loop5: detected capacity change from 0 to 1764 [ 533.066722][ T9827] iso9660: Unknown parameter 'de' [ 533.652234][ T9768] syz.6.782 (9768): drop_caches: 2 [ 533.669907][ T9818] EXT4-fs (loop7): DAX unsupported by block device. [ 535.069841][ T920] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 535.244803][ T920] usb 3-1: Using ep0 maxpacket: 8 [ 536.010164][ T920] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 536.024583][ T920] usb 3-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a [ 536.038868][ T920] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 536.124340][ T920] usb 3-1: config 0 descriptor?? [ 536.165131][ T920] gspca_main: vc032x-2.14.0 probing 046d:0892 [ 536.311148][ T9856] netlink: del zone limit has 4 unknown bytes [ 537.597753][ T920] gspca_vc032x: reg_r err -110 [ 537.603524][ T920] vc032x 3-1:0.0: probe with driver vc032x failed with error -110 [ 537.707878][ T9871] loop5: detected capacity change from 0 to 4096 [ 537.798229][ T30] audit: type=1800 audit(1751864095.647:96): pid=9873 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.810" name="bus" dev="overlay" ino=1299 res=0 errno=0 [ 538.731892][ T5854] Bluetooth: hci2: command 0x0406 tx timeout [ 539.687005][ T5991] usb 3-1: USB disconnect, device number 7 [ 539.881198][ T9884] loop8: detected capacity change from 0 to 1764 [ 539.894422][ T9884] iso9660: Unknown parameter 'de' [ 542.940832][ T30] audit: type=1800 audit(1751864100.787:97): pid=9919 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.8.823" name="bus" dev="overlay" ino=304 res=0 errno=0 [ 543.233066][ T9923] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 544.368068][ T9931] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 544.379516][ T9931] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 544.450364][ T9931] usb usb1: check_ctrlrecip: process 9931 (syz.8.826) requesting ep 01 but needs 81 [ 545.242655][ T9936] loop5: detected capacity change from 0 to 1764 [ 545.257033][ T9936] iso9660: Unknown parameter 'de' [ 548.742770][ T9966] overlayfs: missing 'workdir' [ 549.627126][ T30] audit: type=1800 audit(1751864107.457:98): pid=9970 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.838" name="bus" dev="overlay" ino=1347 res=0 errno=0 [ 549.648652][ T9972] loop7: detected capacity change from 0 to 512 [ 549.655987][ T9972] EXT4-fs: Ignoring removed mblk_io_submit option [ 549.709863][ T9972] EXT4-fs (loop7): mounting ext3 file system using the ext4 subsystem [ 549.755268][ T9972] EXT4-fs (loop7): DAX unsupported by block device. [ 551.268286][ T9991] loop0: detected capacity change from 0 to 1764 [ 551.275868][ T9991] iso9660: Unknown parameter 'de' [ 551.873566][ T30] audit: type=1804 audit(1751864109.727:99): pid=9988 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.8.843" name="/newroot/53/bus/file0" dev="overlay" ino=335 res=1 errno=0 [ 552.431923][ T9974] loop5: detected capacity change from 0 to 32768 [ 552.452291][T10001] loop0: detected capacity change from 0 to 512 [ 552.477870][ T9974] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.839 (9974) [ 552.521933][T10001] EXT4-fs (loop0): external journal device major/minor numbers have changed [ 552.593540][T10001] syz.0.844: attempt to access beyond end of device [ 552.593540][T10001] loop20: rw=0, sector=2, nr_sectors = 2 limit=0 [ 552.647233][ T9974] BTRFS info (device loop5): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 552.667619][T10001] EXT4-fs (loop0): couldn't read superblock of external journal [ 552.698553][ T9974] BTRFS info (device loop5): using sha256 (sha256-x86_64) checksum algorithm [ 552.723372][T10004] netlink: 24 bytes leftover after parsing attributes in process `syz.2.845'. [ 552.969965][ T9974] BTRFS info (device loop5): using free-space-tree [ 552.976957][ T9974] workqueue: Failed to create a rescuer kthread for wq "btrfs-worker": -EINTR [ 553.020423][T10007] netlink: 32 bytes leftover after parsing attributes in process `syz.2.845'. [ 553.055708][ T9974] workqueue: Failed to create a rescuer kthread for wq "btrfs-delalloc": -EINTR [ 553.056114][ T9974] workqueue: Failed to create a rescuer kthread for wq "btrfs-flush_delalloc": -EINTR [ 553.204503][ T9974] workqueue: Failed to create a rescuer kthread for wq "btrfs-cache": -EINTR [ 553.360825][ T9974] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio": -EINTR [ 553.395657][ T9974] workqueue: Failed to create a rescuer kthread for wq "btrfs-rmw": -EINTR [ 553.440349][ T9974] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-write": -EINTR [ 553.460141][ T9974] workqueue: Failed to create a rescuer kthread for wq "btrfs-compressed-write": -EINTR [ 553.469895][ T9974] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR [ 553.481075][ T9974] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR [ 553.491160][ T9974] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR [ 553.589048][ T9974] BTRFS error (device loop5): open_ctree failed: -12 [ 554.132836][ T5859] Bluetooth: hci3: command 0x0406 tx timeout [ 555.665903][T10052] overlayfs: missing 'workdir' [ 557.886492][T10009] syz.0.844 (10009): drop_caches: 2 [ 558.489781][ T30] audit: type=1800 audit(1751864116.327:100): pid=10062 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.853" name="bus" dev="overlay" ino=1352 res=0 errno=0 [ 558.612606][T10068] netlink: 8 bytes leftover after parsing attributes in process `syz.2.857'. [ 559.359887][T10078] loop8: detected capacity change from 0 to 1764 [ 559.367212][T10078] iso9660: Unknown parameter 'de' [ 561.633975][T10099] loop7: detected capacity change from 0 to 1024 [ 562.214826][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 562.230588][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 562.413895][ T1096] hfsplus: b-tree write err: -5, ino 4 [ 562.796040][T10118] netlink: 8 bytes leftover after parsing attributes in process `syz.7.866'. [ 563.834332][T10127] loop5: detected capacity change from 0 to 512 [ 564.278761][T10127] EXT4-fs: Ignoring removed mblk_io_submit option [ 564.337786][T10127] EXT4-fs (loop5): mounting ext3 file system using the ext4 subsystem [ 564.448575][T10137] loop0: detected capacity change from 0 to 1764 [ 564.456014][T10137] iso9660: Unknown parameter 'de' [ 564.552473][T10127] EXT4-fs (loop5): DAX unsupported by block device. [ 566.495757][ T30] audit: type=1800 audit(1751864380.349:101): pid=10155 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.874" name="bus" dev="overlay" ino=1388 res=0 errno=0 [ 571.582774][T10206] loop7: detected capacity change from 0 to 1764 [ 571.595887][T10206] iso9660: Unknown parameter 'de' [ 572.542452][ T30] audit: type=1800 audit(1751864642.399:102): pid=10213 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.888" name="bus" dev="overlay" ino=1413 res=0 errno=0 [ 573.326441][T10224] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 573.338345][T10224] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 573.600650][T10224] usb usb1: check_ctrlrecip: process 10224 (syz.5.890) requesting ep 01 but needs 81 [ 573.610271][T10224] usb usb1: usbfs: process 10224 (syz.5.890) did not claim interface 0 before use [ 576.332584][T10250] loop6: detected capacity change from 0 to 2048 [ 576.712594][T10250] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 577.188856][T10261] loop5: detected capacity change from 0 to 1764 [ 577.203149][T10261] iso9660: Unknown parameter 'de' [ 579.633823][T10266] loop5: detected capacity change from 0 to 512 [ 579.691218][T10266] EXT4-fs: Ignoring removed mblk_io_submit option [ 579.822890][T10266] EXT4-fs (loop5): mounting ext3 file system using the ext4 subsystem [ 580.028111][T10266] EXT4-fs (loop5): DAX unsupported by block device. [ 581.461212][ T30] audit: type=1800 audit(1751864651.289:103): pid=10281 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.903" name="bus" dev="overlay" ino=200 res=0 errno=0 [ 583.095887][ T5991] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 583.217396][T10305] fuse: Bad value for 'fd' [ 583.982544][ T5991] usb 7-1: Using ep0 maxpacket: 16 [ 584.041494][ T5991] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 584.141400][ T5991] usb 7-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 584.191035][ T5991] usb 7-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb [ 584.221423][ T5991] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 584.229457][ T5991] usb 7-1: Product: syz [ 584.439798][ T5991] usb 7-1: Manufacturer: syz [ 585.219853][ T5991] usb 7-1: SerialNumber: syz [ 585.240402][ T5991] usb 7-1: config 0 descriptor?? [ 586.910531][T10332] loop2: detected capacity change from 0 to 32768 [ 588.578327][T10332] workqueue: Failed to create a rescuer kthread for wq "xfs-buf/loop2": -EINTR [ 588.584609][ T5991] usb 7-1: USB disconnect, device number 2 [ 588.824653][T10328] loop7: detected capacity change from 0 to 32768 [ 588.832118][T10328] XFS: ikeep mount option is deprecated. [ 589.345161][ T30] audit: type=1326 audit(1751864658.829:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10321 comm="syz.8.917" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1b2918e929 code=0x7ffc0000 [ 589.382180][ T30] audit: type=1326 audit(1751864658.829:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10321 comm="syz.8.917" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f1b2918e929 code=0x7ffc0000 [ 589.408885][ T30] audit: type=1326 audit(1751864658.829:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10321 comm="syz.8.917" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1b2918e929 code=0x7ffc0000 [ 589.431343][ T30] audit: type=1326 audit(1751864658.839:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10321 comm="syz.8.917" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1b2918e929 code=0x7ffc0000 [ 589.454468][ T30] audit: type=1326 audit(1751864658.839:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10321 comm="syz.8.917" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1b2918e929 code=0x7ffc0000 [ 589.482233][T10328] XFS (loop7): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 589.529842][ T30] audit: type=1326 audit(1751864658.839:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10321 comm="syz.8.917" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f1b2918e929 code=0x7ffc0000 [ 589.552276][ T30] audit: type=1326 audit(1751864658.839:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10321 comm="syz.8.917" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1b2918e929 code=0x7ffc0000 [ 589.614550][ T30] audit: type=1326 audit(1751864658.839:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10321 comm="syz.8.917" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f1b2918e929 code=0x7ffc0000 [ 589.636746][ C0] vkms_vblank_simulate: vblank timer overrun [ 589.704040][T10328] XFS (loop7): AIL initialisation failed: error -12 [ 589.712070][T10328] XFS (loop7): log mount failed [ 589.790937][ T30] audit: type=1326 audit(1751864658.849:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10321 comm="syz.8.917" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1b2918e929 code=0x7ffc0000 [ 589.960740][T10352] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 590.137891][T10352] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 590.520659][ T30] audit: type=1326 audit(1751864658.849:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10321 comm="syz.8.917" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f1b2918e929 code=0x7ffc0000 [ 592.224343][ C0] vkms_vblank_simulate: vblank timer overrun [ 592.311453][ C0] vkms_vblank_simulate: vblank timer overrun [ 592.334329][T10362] overlayfs: missing 'workdir' [ 592.844945][T10360] IPv4: Oversized IP packet from 127.202.26.0 [ 597.060013][ T5991] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 597.217671][ T5859] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 597.229328][ T5859] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 597.237079][ T5859] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 597.245381][ T5859] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 597.253527][ T5859] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 597.290288][ T5991] usb 3-1: Using ep0 maxpacket: 16 [ 597.337681][ T5991] usb 3-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config [ 597.367994][ T5991] usb 3-1: config 0 interface 0 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 598.349717][ T5991] usb 3-1: config 0 interface 0 has no altsetting 0 [ 598.359558][ T5991] usb 3-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb [ 598.386056][ T5991] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 598.474330][ T5991] usb 3-1: Product: syz [ 598.478649][ T5991] usb 3-1: Manufacturer: syz [ 598.483385][ T5991] usb 3-1: SerialNumber: syz [ 598.493424][ T5991] usb 3-1: config 0 descriptor?? [ 598.874540][ T30] kauditd_printk_skb: 2 callbacks suppressed [ 598.874562][ T30] audit: type=1326 audit(1751864668.719:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10420 comm="syz.8.935" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1b2918e929 code=0x7ffc0000 [ 599.187280][ T5929] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 599.420981][ T5859] Bluetooth: hci1: command tx timeout [ 599.920162][ T30] audit: type=1326 audit(1751864668.719:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10420 comm="syz.8.935" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1b2918e929 code=0x7ffc0000 [ 600.037714][ T30] audit: type=1326 audit(1751864668.759:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10420 comm="syz.8.935" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f1b2918e929 code=0x7ffc0000 [ 600.075871][ T5854] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 600.088780][ T5854] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 600.097079][ T5854] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 600.104075][ T30] audit: type=1326 audit(1751864668.759:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10420 comm="syz.8.935" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1b2918e929 code=0x7ffc0000 [ 600.104131][ T30] audit: type=1326 audit(1751864668.759:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10420 comm="syz.8.935" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1b2918e929 code=0x7ffc0000 [ 600.128923][ T5854] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 600.158206][ T5929] usb 7-1: Using ep0 maxpacket: 16 [ 600.165540][ T5854] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 600.190944][ T5929] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 192, changing to 11 [ 600.204041][ T5929] usb 7-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 8 [ 600.214337][ T5929] usb 7-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 18 [ 600.227813][ T30] audit: type=1326 audit(1751864668.759:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10420 comm="syz.8.935" exe="/root/syz-executor" sig=0 arch=c000003e syscall=22 compat=0 ip=0x7f1b2918e929 code=0x7ffc0000 [ 600.252307][ T30] audit: type=1326 audit(1751864668.759:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10420 comm="syz.8.935" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1b2918e929 code=0x7ffc0000 [ 600.275447][ T30] audit: type=1326 audit(1751864668.769:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10420 comm="syz.8.935" exe="/root/syz-executor" sig=0 arch=c000003e syscall=276 compat=0 ip=0x7f1b2918e929 code=0x7ffc0000 [ 600.298146][ T5929] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 600.307616][ T5929] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 600.315913][ T5929] usb 7-1: SerialNumber: syz [ 600.322953][ T30] audit: type=1326 audit(1751864668.769:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10420 comm="syz.8.935" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1b2918e929 code=0x7ffc0000 [ 600.349560][T10416] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22 [ 600.360259][ T30] audit: type=1326 audit(1751864668.769:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10420 comm="syz.8.935" exe="/root/syz-executor" sig=0 arch=c000003e syscall=224 compat=0 ip=0x7f1b2918e929 code=0x7ffc0000 [ 600.415883][T10103] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 600.569499][ T5929] cdc_ether 7-1:1.0: probe with driver cdc_ether failed with error -22 [ 600.611420][ T5929] usb 7-1: USB disconnect, device number 3 [ 600.758781][T10103] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 600.952773][ T5991] usb 3-1: Can not set alternate setting to 1, error: -71 [ 600.969866][ T5991] synaptics_usb 3-1:0.0: probe with driver synaptics_usb failed with error -71 [ 601.007057][ T5991] usb 3-1: USB disconnect, device number 8 [ 601.093010][T10103] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 601.539912][ T5854] Bluetooth: hci1: command tx timeout [ 601.747565][T10444] loop6: detected capacity change from 0 to 1764 [ 601.760398][T10444] iso9660: Unknown parameter 'de' [ 602.299889][ T5854] Bluetooth: hci4: command tx timeout [ 603.187248][T10103] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 603.639898][ T5854] Bluetooth: hci1: command tx timeout [ 603.831117][T10464] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 604.645016][ T5854] Bluetooth: hci4: command tx timeout [ 605.316115][T10408] chnl_net:caif_netlink_parms(): no params data found [ 605.642891][ T30] kauditd_printk_skb: 58 callbacks suppressed [ 605.642910][ T30] audit: type=1326 audit(1751864675.489:184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10476 comm="syz.8.946" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1b2918e929 code=0x7ffc0000 [ 605.671281][ C0] vkms_vblank_simulate: vblank timer overrun [ 605.703363][ T5854] Bluetooth: hci1: command tx timeout [ 605.906567][ T30] audit: type=1326 audit(1751864675.489:185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10476 comm="syz.8.946" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1b2918e929 code=0x7ffc0000 [ 606.525430][ T30] audit: type=1326 audit(1751864675.499:186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10476 comm="syz.8.946" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f1b2918e929 code=0x7ffc0000 [ 606.592529][ T24] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 606.610219][ T30] audit: type=1326 audit(1751864675.499:187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10476 comm="syz.8.946" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1b2918e929 code=0x7ffc0000 [ 606.646415][ T30] audit: type=1326 audit(1751864675.499:188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10476 comm="syz.8.946" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1b2918e929 code=0x7ffc0000 [ 606.697326][ T30] audit: type=1326 audit(1751864675.499:189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10476 comm="syz.8.946" exe="/root/syz-executor" sig=0 arch=c000003e syscall=22 compat=0 ip=0x7f1b2918e929 code=0x7ffc0000 [ 606.802461][ T24] usb 8-1: Using ep0 maxpacket: 16 [ 606.816063][ T30] audit: type=1326 audit(1751864675.499:190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10476 comm="syz.8.946" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1b2918e929 code=0x7ffc0000 [ 606.816342][ T24] usb 8-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 606.819783][ T5859] Bluetooth: hci4: command tx timeout [ 606.884794][ T30] audit: type=1326 audit(1751864675.499:191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10476 comm="syz.8.946" exe="/root/syz-executor" sig=0 arch=c000003e syscall=276 compat=0 ip=0x7f1b2918e929 code=0x7ffc0000 [ 606.949986][ T30] audit: type=1326 audit(1751864675.499:192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10476 comm="syz.8.946" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1b2918e929 code=0x7ffc0000 [ 606.972265][ C0] vkms_vblank_simulate: vblank timer overrun [ 606.984839][ T24] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 607.034018][ T24] usb 8-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 607.059808][ T24] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 607.067815][ T24] usb 8-1: Product: syz [ 607.079415][ T24] usb 8-1: Manufacturer: syz [ 607.089891][ T24] usb 8-1: SerialNumber: syz [ 607.121046][ T24] usb 8-1: config 0 descriptor?? [ 607.149455][ T24] em28xx 8-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 607.229698][ T24] em28xx 8-1:0.0: Audio interface 0 found (Vendor Class) [ 607.317861][ T30] audit: type=1326 audit(1751864675.499:193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10476 comm="syz.8.946" exe="/root/syz-executor" sig=0 arch=c000003e syscall=224 compat=0 ip=0x7f1b2918e929 code=0x7ffc0000 [ 607.421805][T10408] bridge0: port 1(bridge_slave_0) entered blocking state [ 607.439218][T10408] bridge0: port 1(bridge_slave_0) entered disabled state [ 607.459545][T10408] bridge_slave_0: entered allmulticast mode [ 607.484273][T10408] bridge_slave_0: entered promiscuous mode [ 607.503659][T10425] chnl_net:caif_netlink_parms(): no params data found [ 607.736895][ T24] em28xx 8-1:0.0: unknown em28xx chip ID (0) [ 607.745352][ T24] em28xx 8-1:0.0: Config register raw data: 0x6e [ 607.764197][ T24] em28xx 8-1:0.0: I2S Audio (1 sample rate(s)) [ 607.787373][ T24] em28xx 8-1:0.0: No AC97 audio processor [ 608.057859][T10103] bridge_slave_1: left allmulticast mode [ 608.130533][T10103] bridge_slave_1: left promiscuous mode [ 608.136391][T10103] bridge0: port 2(bridge_slave_1) entered disabled state [ 608.278300][T10103] bridge_slave_0: left allmulticast mode [ 608.319954][T10103] bridge_slave_0: left promiscuous mode [ 608.338221][T10103] bridge0: port 1(bridge_slave_0) entered disabled state [ 608.387015][ T24] usb 8-1: USB disconnect, device number 3 [ 608.421874][T10509] loop2: detected capacity change from 0 to 1764 [ 608.429160][T10509] iso9660: Unknown parameter 'de' [ 608.899878][ T5859] Bluetooth: hci4: command tx timeout [ 611.374518][T10103] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 611.386244][T10103] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 611.397457][T10103] bond0 (unregistering): Released all slaves [ 611.416531][T10408] bridge0: port 2(bridge_slave_1) entered blocking state [ 611.424640][T10408] bridge0: port 2(bridge_slave_1) entered disabled state [ 611.435289][T10408] bridge_slave_1: entered allmulticast mode [ 611.444073][T10408] bridge_slave_1: entered promiscuous mode [ 611.554576][T10518] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 611.581086][T10527] veth0_to_team: entered promiscuous mode [ 611.587096][T10527] veth0_to_team: entered allmulticast mode [ 611.675753][T10518] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 611.863308][T10408] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 611.879185][ T30] kauditd_printk_skb: 8 callbacks suppressed [ 611.879203][ T30] audit: type=1326 audit(1751864681.729:202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10543 comm="syz.7.959" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea6ef8e929 code=0x7ffc0000 [ 611.921918][ T30] audit: type=1326 audit(1751864681.729:203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10543 comm="syz.7.959" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea6ef8e929 code=0x7ffc0000 [ 611.948533][ T30] audit: type=1326 audit(1751864681.769:204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10543 comm="syz.7.959" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7fea6ef8e929 code=0x7ffc0000 [ 611.970927][ C0] vkms_vblank_simulate: vblank timer overrun [ 612.703045][ T30] audit: type=1326 audit(1751864681.769:205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10543 comm="syz.7.959" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea6ef8e929 code=0x7ffc0000 [ 612.726201][ T30] audit: type=1326 audit(1751864681.769:206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10543 comm="syz.7.959" exe="/root/syz-executor" sig=0 arch=c000003e syscall=22 compat=0 ip=0x7fea6ef8e929 code=0x7ffc0000 [ 612.749934][ T30] audit: type=1326 audit(1751864681.769:207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10543 comm="syz.7.959" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea6ef8e929 code=0x7ffc0000 [ 612.772254][ C0] vkms_vblank_simulate: vblank timer overrun [ 612.782723][ T30] audit: type=1326 audit(1751864681.769:208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10543 comm="syz.7.959" exe="/root/syz-executor" sig=0 arch=c000003e syscall=276 compat=0 ip=0x7fea6ef8e929 code=0x7ffc0000 [ 612.804955][ C0] vkms_vblank_simulate: vblank timer overrun [ 612.813425][ T30] audit: type=1326 audit(1751864681.769:209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10543 comm="syz.7.959" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea6ef8e929 code=0x7ffc0000 [ 612.835659][ C0] vkms_vblank_simulate: vblank timer overrun [ 612.859772][ T30] audit: type=1326 audit(1751864681.769:210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10543 comm="syz.7.959" exe="/root/syz-executor" sig=0 arch=c000003e syscall=224 compat=0 ip=0x7fea6ef8e929 code=0x7ffc0000 [ 612.934957][ T30] audit: type=1326 audit(1751864681.769:211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10543 comm="syz.7.959" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea6ef8e929 code=0x7ffc0000 [ 613.453151][T10518] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 613.526461][T10408] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 613.787393][T10518] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 614.416861][T10425] bridge0: port 1(bridge_slave_0) entered blocking state [ 614.439088][T10425] bridge0: port 1(bridge_slave_0) entered disabled state [ 614.463556][T10425] bridge_slave_0: entered allmulticast mode [ 614.476130][T10583] 9pnet_fd: p9_fd_create_tcp (10583): problem connecting socket to 127.0.0.1 [ 614.488416][T10425] bridge_slave_0: entered promiscuous mode [ 616.319803][T10103] hsr_slave_0: left promiscuous mode [ 616.400016][T10103] hsr_slave_1: left promiscuous mode [ 616.603730][T10602] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 617.327562][T10103] veth1_macvtap: left promiscuous mode [ 617.349758][T10103] veth0_macvtap: left promiscuous mode [ 617.357710][T10103] veth1_vlan: left promiscuous mode [ 617.365023][T10103] veth0_vlan: left promiscuous mode [ 617.740698][T10607] loop6: detected capacity change from 0 to 1764 [ 617.747813][T10607] iso9660: Unknown parameter 'de' [ 617.885525][T10609] overlayfs: failed to clone upperpath [ 618.416768][T10103] team0 (unregistering): Port device team_slave_1 removed [ 618.459009][T10103] team0 (unregistering): Port device team_slave_0 removed [ 618.816512][T10425] bridge0: port 2(bridge_slave_1) entered blocking state [ 618.824059][T10425] bridge0: port 2(bridge_slave_1) entered disabled state [ 618.835652][T10425] bridge_slave_1: entered allmulticast mode [ 618.844411][T10425] bridge_slave_1: entered promiscuous mode [ 618.871709][T10408] team0: Port device team_slave_0 added [ 619.091777][T10408] team0: Port device team_slave_1 added [ 619.111682][T10425] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 619.456839][T10425] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 619.554543][T10408] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 619.586724][T10408] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 619.655263][T10408] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 622.172101][T10518] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 622.191632][T10518] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 622.221792][T10518] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 622.246869][T10518] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 622.501561][T10425] team0: Port device team_slave_0 added [ 622.528189][T10408] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 622.558298][T10408] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 622.584219][ C0] vkms_vblank_simulate: vblank timer overrun [ 622.696173][T10408] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 622.793276][T10425] team0: Port device team_slave_1 added [ 622.825667][T10103] IPVS: stop unused estimator thread 0... [ 623.527300][T10662] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 623.860709][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 623.867250][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 624.263944][T10425] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 624.285703][T10425] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 624.313380][T10425] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 624.670212][T10408] hsr_slave_0: entered promiscuous mode [ 624.693927][T10408] hsr_slave_1: entered promiscuous mode [ 624.706758][T10408] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 624.714804][T10408] Cannot create hsr debugfs directory [ 624.797035][T10425] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 624.813619][T10425] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 624.859153][T10425] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 625.159063][T10103] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 626.743353][ T9] IPVS: starting estimator thread 0... [ 626.930134][T10701] IPVS: using max 23 ests per chain, 55200 per kthread [ 627.628819][T10103] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 629.087689][T10425] hsr_slave_0: entered promiscuous mode [ 629.820026][T10731] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 629.829389][T10425] hsr_slave_1: entered promiscuous mode [ 629.976800][T10425] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 629.989755][T10425] Cannot create hsr debugfs directory [ 631.116814][T10103] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 631.846859][T10770] overlayfs: failed to clone lowerpath [ 632.827914][T10775] overlayfs: failed to clone upperpath [ 633.357479][T10103] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 633.980558][T10794] netlink: 72 bytes leftover after parsing attributes in process `syz.8.1015'. [ 634.220490][T10794] netlink: 4 bytes leftover after parsing attributes in process `syz.8.1015'. [ 634.326578][T10796] netlink: 12 bytes leftover after parsing attributes in process `syz.8.1015'. [ 635.491299][T10814] loop7: detected capacity change from 0 to 2048 [ 635.683542][T10814] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 636.216322][T10103] bridge_slave_1: left allmulticast mode [ 636.259808][T10103] bridge_slave_1: left promiscuous mode [ 636.287410][T10103] bridge0: port 2(bridge_slave_1) entered disabled state [ 636.542341][T10103] bridge_slave_0: left allmulticast mode [ 636.573645][T10103] bridge_slave_0: left promiscuous mode [ 636.666774][T10103] bridge0: port 1(bridge_slave_0) entered disabled state [ 638.239710][T10838] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 638.399728][T10842] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 638.410836][T10842] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 638.906000][T10835] IPv4: Oversized IP packet from 127.202.26.0 [ 639.796907][T10103] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 639.813889][T10103] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 639.837888][T10103] bond0 (unregistering): Released all slaves [ 640.266032][T10858] overlayfs: failed to resolve './file0': -2 [ 640.513412][T10103] IPVS: stopping backup sync thread 8635 ... [ 641.320131][T10408] netdevsim netdevsim9 netdevsim0: renamed from eth0 [ 642.799090][T10863] loop2: detected capacity change from 0 to 32768 [ 642.961089][ T30] kauditd_printk_skb: 87 callbacks suppressed [ 642.961133][ T30] audit: type=1804 audit(1751864968.784:299): pid=10890 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.7.1039" name="/newroot/63/bus/file0" dev="overlay" ino=360 res=1 errno=0 [ 643.327564][T10863] read_mapping_page failed! [ 643.419209][T10863] diRead: diIAGRead returned -5 [ 644.083170][T10901] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 645.035533][T10408] netdevsim netdevsim9 netdevsim1: renamed from eth1 [ 645.126738][T10408] netdevsim netdevsim9 netdevsim2: renamed from eth2 [ 645.140984][T10907] overlayfs: failed to resolve './file0': -2 [ 645.588909][T10408] netdevsim netdevsim9 netdevsim3: renamed from eth3 [ 649.588135][ T30] audit: type=1804 audit(1751865231.376:300): pid=10954 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.1052" name="/newroot/278/bus/file0" dev="overlay" ino=1545 res=1 errno=0 [ 650.175854][T10959] overlayfs: failed to resolve './file0': -2 [ 651.623442][T10103] hsr_slave_0: left promiscuous mode [ 651.629959][T10103] hsr_slave_1: left promiscuous mode [ 651.674335][T10103] veth1_macvtap: left promiscuous mode [ 651.702265][T10103] veth0_macvtap: left promiscuous mode [ 651.718243][T10103] veth1_vlan: left promiscuous mode [ 651.728286][T10103] veth0_vlan: left promiscuous mode [ 652.382671][T10103] team0 (unregistering): Port device team_slave_1 removed [ 652.419492][T10103] team0 (unregistering): Port device team_slave_0 removed [ 653.385270][T10408] 8021q: adding VLAN 0 to HW filter on device bond0 [ 653.928620][T10408] 8021q: adding VLAN 0 to HW filter on device team0 [ 654.198313][T10103] IPVS: stop unused estimator thread 0... [ 654.206157][ T9886] bridge0: port 1(bridge_slave_0) entered blocking state [ 654.213315][ T9886] bridge0: port 1(bridge_slave_0) entered forwarding state [ 654.239140][ T9886] bridge0: port 2(bridge_slave_1) entered blocking state [ 654.246309][ T9886] bridge0: port 2(bridge_slave_1) entered forwarding state [ 655.560084][T10425] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 655.851678][T10425] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 656.473643][T10425] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 656.537814][T10425] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 658.754292][T11042] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 659.900263][ T5854] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 659.923240][ T5854] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 659.949869][ T5854] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 659.971587][ T5854] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 659.990865][ T5854] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 662.184978][ T5859] Bluetooth: hci0: command tx timeout [ 662.803513][ T5854] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 662.844187][ T5854] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 662.853989][ T5854] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 662.863447][ T5854] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 662.874342][ T5854] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 663.068999][T11053] chnl_net:caif_netlink_parms(): no params data found [ 664.493028][ T5859] Bluetooth: hci0: command tx timeout [ 665.032855][ T5859] Bluetooth: hci1: command tx timeout [ 665.610332][ T5973] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 665.839898][ T5973] usb 3-1: Using ep0 maxpacket: 16 [ 665.863916][ T5973] usb 3-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config [ 665.886342][ T5973] usb 3-1: config 0 interface 0 altsetting 1 endpoint 0x7 has invalid wMaxPacketSize 0 [ 665.909761][ T5973] usb 3-1: config 0 interface 0 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 665.934761][ T5973] usb 3-1: config 0 interface 0 has no altsetting 0 [ 665.947876][ T5973] usb 3-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb [ 665.957167][ T5973] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 665.965274][ T5973] usb 3-1: Product: syz [ 665.969569][ T5973] usb 3-1: Manufacturer: syz [ 665.977729][ T5973] usb 3-1: SerialNumber: syz [ 665.987253][ T5973] usb 3-1: config 0 descriptor?? [ 666.500456][ T5859] Bluetooth: hci0: command tx timeout [ 667.160517][ T5859] Bluetooth: hci1: command tx timeout [ 667.862052][ T5973] usb 3-1: Can not set alternate setting to 1, error: -71 [ 667.914199][ T5973] synaptics_usb 3-1:0.0: probe with driver synaptics_usb failed with error -71 [ 667.993113][ T5973] usb 3-1: USB disconnect, device number 9 [ 669.332354][ T5854] Bluetooth: hci1: command tx timeout [ 669.337856][ T5859] Bluetooth: hci0: command tx timeout [ 669.959940][T11053] bridge0: port 1(bridge_slave_0) entered blocking state [ 669.967127][T11053] bridge0: port 1(bridge_slave_0) entered disabled state [ 670.036254][T11053] bridge_slave_0: entered allmulticast mode [ 670.044403][T11053] bridge_slave_0: entered promiscuous mode [ 670.361138][T11053] bridge0: port 2(bridge_slave_1) entered blocking state [ 670.368366][T11053] bridge0: port 2(bridge_slave_1) entered disabled state [ 670.461946][T11053] bridge_slave_1: entered allmulticast mode [ 670.500685][T11053] bridge_slave_1: entered promiscuous mode [ 670.694803][T11053] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 670.974138][T11159] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 671.022901][T11053] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 671.393962][ T5859] Bluetooth: hci1: command tx timeout [ 672.521682][T11053] team0: Port device team_slave_0 added [ 673.524841][T11053] team0: Port device team_slave_1 added [ 673.909980][ T10] usb 8-1: new high-speed USB device number 4 using dummy_hcd [ 673.974927][T11053] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 673.999708][T11053] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 674.109806][ T10] usb 8-1: Using ep0 maxpacket: 8 [ 674.118199][ T10] usb 8-1: config index 0 descriptor too short (expected 301, got 45) [ 674.119871][T11053] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 674.149784][ T10] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 674.159535][ T10] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 674.172355][T11053] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 674.216869][ T10] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 674.219705][T11053] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 674.258415][ T10] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 674.294182][ T10] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 674.304148][ T10] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 674.318726][T11053] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 674.519845][T11077] chnl_net:caif_netlink_parms(): no params data found [ 674.558684][ T10] usb 8-1: usb_control_msg returned -32 [ 674.589553][ T10] usbtmc 8-1:16.0: can't read capabilities [ 674.637468][T11053] hsr_slave_0: entered promiscuous mode [ 674.669337][T11053] hsr_slave_1: entered promiscuous mode [ 674.706372][ T6626] bridge_slave_1: left allmulticast mode [ 674.722396][ T6626] bridge_slave_1: left promiscuous mode [ 674.728169][ T6626] bridge0: port 2(bridge_slave_1) entered disabled state [ 674.788562][ T6626] bridge_slave_0: left allmulticast mode [ 674.817923][ T6626] bridge_slave_0: left promiscuous mode [ 674.846880][ T6626] bridge0: port 1(bridge_slave_0) entered disabled state [ 676.087127][T11185] usbtmc 8-1:16.0: usb_clear_halt returned -32 [ 676.107863][T11185] loop6: detected capacity change from 0 to 524287999 [ 676.299035][ T5929] usb 8-1: USB disconnect, device number 4 [ 677.476528][ T6626] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 677.563858][ T6626] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 677.606079][ T6626] bond0 (unregistering): Released all slaves [ 679.126172][ T6626] hsr_slave_0: left promiscuous mode [ 679.235815][ T6626] hsr_slave_1: left promiscuous mode [ 679.395561][ T6626] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 679.558279][ T6626] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 680.950185][T11266] netlink: 32 bytes leftover after parsing attributes in process `syz.6.1119'. [ 681.036735][T11266] capability: warning: `syz.6.1119' uses deprecated v2 capabilities in a way that may be insecure [ 681.260902][ T6626] team0 (unregistering): Port device team_slave_1 removed [ 681.523401][ T6626] team0 (unregistering): Port device team_slave_0 removed [ 681.937520][T11280] loop6: detected capacity change from 0 to 2048 [ 683.385179][T11280] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 685.071102][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 685.078549][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 686.183795][T11077] bridge0: port 1(bridge_slave_0) entered blocking state [ 686.192839][T11077] bridge0: port 1(bridge_slave_0) entered disabled state [ 686.200037][T11077] bridge_slave_0: entered allmulticast mode [ 686.207824][T11077] bridge_slave_0: entered promiscuous mode [ 686.217182][T11077] bridge0: port 2(bridge_slave_1) entered blocking state [ 686.224396][T11077] bridge0: port 2(bridge_slave_1) entered disabled state [ 686.241249][T11077] bridge_slave_1: entered allmulticast mode [ 686.254523][T11077] bridge_slave_1: entered promiscuous mode [ 686.574644][T11077] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 686.622441][T11077] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 686.836782][T11311] loop2: detected capacity change from 0 to 1024 [ 687.355012][T11077] team0: Port device team_slave_0 added [ 687.362592][ T38] hfsplus: b-tree write err: -5, ino 4 [ 687.401831][T11077] team0: Port device team_slave_1 added [ 687.452622][T11325] netlink: 32 bytes leftover after parsing attributes in process `syz.8.1132'. [ 689.431901][T11340] loop2: detected capacity change from 0 to 2048 [ 689.806197][T11340] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 689.842005][T11077] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 689.873973][T11077] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 689.987099][T11077] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 690.145636][T11077] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 690.194047][T11077] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 690.283514][T11077] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 690.558807][T11077] hsr_slave_0: entered promiscuous mode [ 690.576009][T11077] hsr_slave_1: entered promiscuous mode [ 690.605180][T11077] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 690.621990][T11077] Cannot create hsr debugfs directory [ 691.627104][T11368] IPv4: Oversized IP packet from 127.202.26.0 [ 692.260012][ T5854] Bluetooth: hci6: command 0x0406 tx timeout [ 692.500312][T11379] netlink: 156 bytes leftover after parsing attributes in process `syz.2.1142'. [ 693.274973][T11385] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1143'. [ 693.489738][T11053] netdevsim netdevsim9 netdevsim0: renamed from eth0 [ 693.569855][T11053] netdevsim netdevsim9 netdevsim1: renamed from eth1 [ 693.688774][T11053] netdevsim netdevsim9 netdevsim2: renamed from eth2 [ 693.844976][T11053] netdevsim netdevsim9 netdevsim3: renamed from eth3 [ 694.361288][ T6626] bridge_slave_1: left allmulticast mode [ 694.397564][ T6626] bridge_slave_1: left promiscuous mode [ 694.413463][ T6626] bridge0: port 2(bridge_slave_1) entered disabled state [ 694.476161][ T6626] bridge_slave_0: left allmulticast mode [ 694.494063][ T6626] bridge_slave_0: left promiscuous mode [ 694.718750][T11424] overlayfs: failed to clone lowerpath [ 694.727545][T11424] overlayfs: failed to clone upperpath [ 694.852590][T11425] loop6: detected capacity change from 0 to 1024 [ 695.147093][ T6626] bridge0: port 1(bridge_slave_0) entered disabled state [ 695.479834][ T5929] usb 8-1: new high-speed USB device number 5 using dummy_hcd [ 695.690324][ T6626] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 695.701337][ T5929] usb 8-1: Using ep0 maxpacket: 16 [ 695.780775][ T5929] usb 8-1: config 0 interface 0 altsetting 1 endpoint 0x7 has invalid wMaxPacketSize 0 [ 695.783100][ T6626] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 695.795833][ T5929] usb 8-1: config 0 interface 0 altsetting 1 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 695.835583][ T5929] usb 8-1: config 0 interface 0 altsetting 1 endpoint 0x8F has invalid wMaxPacketSize 0 [ 695.846833][ T5929] usb 8-1: config 0 interface 0 has no altsetting 0 [ 695.862802][ T5929] usb 8-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb [ 695.864799][ T6626] bond0 (unregistering): Released all slaves [ 695.884431][ T5929] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 695.918007][ T5929] usb 8-1: Product: syz [ 695.919362][ T30] audit: type=1326 audit(1751866045.769:301): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11433 comm="syz.8.1154" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1b2918e929 code=0x7ffc0000 [ 695.957887][ T30] audit: type=1326 audit(1751866045.769:302): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11433 comm="syz.8.1154" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1b2918e929 code=0x7ffc0000 [ 695.958706][ T5929] usb 8-1: Manufacturer: syz [ 695.980236][ C0] vkms_vblank_simulate: vblank timer overrun [ 695.989972][ T30] audit: type=1326 audit(1751866045.799:303): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11433 comm="syz.8.1154" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f1b2918e929 code=0x7ffc0000 [ 696.025146][ T5929] usb 8-1: SerialNumber: syz [ 696.032081][ T30] audit: type=1326 audit(1751866045.799:304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11433 comm="syz.8.1154" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1b2918e929 code=0x7ffc0000 [ 696.055548][ T30] audit: type=1326 audit(1751866045.799:305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11433 comm="syz.8.1154" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1b2918e929 code=0x7ffc0000 [ 696.057366][ T5929] usb 8-1: config 0 descriptor?? [ 696.090216][ T30] audit: type=1326 audit(1751866045.799:306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11433 comm="syz.8.1154" exe="/root/syz-executor" sig=0 arch=c000003e syscall=22 compat=0 ip=0x7f1b2918e929 code=0x7ffc0000 [ 696.114117][ C0] vkms_vblank_simulate: vblank timer overrun [ 696.134295][ T30] audit: type=1326 audit(1751866045.799:307): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11433 comm="syz.8.1154" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1b2918e929 code=0x7ffc0000 [ 696.169067][ T6626] hsr_slave_0: left promiscuous mode [ 696.183034][ T6626] hsr_slave_1: left promiscuous mode [ 696.189054][ T6626] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 696.201681][ T30] audit: type=1326 audit(1751866045.799:308): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11433 comm="syz.8.1154" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1b2918e929 code=0x7ffc0000 [ 696.210861][ T6626] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 696.224387][ T30] audit: type=1326 audit(1751866045.799:309): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11433 comm="syz.8.1154" exe="/root/syz-executor" sig=0 arch=c000003e syscall=276 compat=0 ip=0x7f1b2918e929 code=0x7ffc0000 [ 696.284850][ T30] audit: type=1326 audit(1751866045.799:310): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11433 comm="syz.8.1154" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1b2918e929 code=0x7ffc0000 [ 697.381420][ T6626] team0 (unregistering): Port device team_slave_1 removed [ 697.464619][ T6626] team0 (unregistering): Port device team_slave_0 removed [ 697.610163][T11442] netlink: 32 bytes leftover after parsing attributes in process `syz.8.1156'. [ 697.962340][ T5950] IPVS: starting estimator thread 0... [ 697.980393][ T6321] hfsplus: b-tree write err: -5, ino 4 [ 698.112084][T11448] IPVS: using max 24 ests per chain, 57600 per kthread [ 698.258836][ T5929] usb 8-1: Can not set alternate setting to 1, error: -71 [ 698.266059][ T5929] synaptics_usb 8-1:0.0: probe with driver synaptics_usb failed with error -71 [ 698.321287][ T5929] usb 8-1: USB disconnect, device number 5 [ 699.580559][T11053] 8021q: adding VLAN 0 to HW filter on device bond0 [ 699.697516][T11053] 8021q: adding VLAN 0 to HW filter on device team0 [ 699.981210][ T1077] bridge0: port 1(bridge_slave_0) entered blocking state [ 699.988369][ T1077] bridge0: port 1(bridge_slave_0) entered forwarding state [ 700.044659][ T1077] bridge0: port 2(bridge_slave_1) entered blocking state [ 700.051883][ T1077] bridge0: port 2(bridge_slave_1) entered forwarding state [ 700.300712][T11472] loop2: detected capacity change from 0 to 40427 [ 700.348846][T11472] F2FS-fs (loop2): invalid crc value [ 700.450150][T11472] F2FS-fs (loop2): Start checkpoint disabled! [ 700.509975][T11472] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 700.973395][T11480] netlink: 32 bytes leftover after parsing attributes in process `syz.7.1168'. [ 701.195703][T11077] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 701.206714][ T3526] kworker/u8:10: attempt to access beyond end of device [ 701.206714][ T3526] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 701.359759][ T3526] CPU: 1 UID: 0 PID: 3526 Comm: kworker/u8:10 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 701.359794][ T3526] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 701.359810][ T3526] Workqueue: writeback wb_workfn (flush-7:2) [ 701.359858][ T3526] Call Trace: [ 701.359867][ T3526] [ 701.359877][ T3526] dump_stack_lvl+0x189/0x250 [ 701.359927][ T3526] ? __pfx_dump_stack_lvl+0x10/0x10 [ 701.359954][ T3526] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 701.359992][ T3526] ? __pfx_queue_work_on+0x10/0x10 [ 701.360024][ T3526] ? srso_alias_return_thunk+0x5/0xfbef5 [ 701.360052][ T3526] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 701.360087][ T3526] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 701.360124][ T3526] ? srso_alias_return_thunk+0x5/0xfbef5 [ 701.360151][ T3526] ? f2fs_hw_is_readonly+0x39b/0x470 [ 701.360192][ T3526] f2fs_handle_critical_error+0x37c/0x540 [ 701.360236][ T3526] f2fs_write_end_io+0x495/0x810 [ 701.360257][ T3526] ? blkg_put+0x22/0x240 [ 701.360306][ T3526] __submit_merged_bio+0x27a/0x6a0 [ 701.360349][ T3526] __submit_merged_write_cond+0x255/0x530 [ 701.360404][ T3526] f2fs_write_data_pages+0x261d/0x3000 [ 701.360443][ T3526] ? __pfx___mutex_lock+0x10/0x10 [ 701.360510][ T3526] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 701.360565][ T3526] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 701.360643][ T3526] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 701.360680][ T3526] ? srso_alias_return_thunk+0x5/0xfbef5 [ 701.360707][ T3526] ? look_up_lock_class+0x74/0x170 [ 701.360755][ T3526] ? trace_f2fs_writepages+0x7f/0x200 [ 701.360791][ T3526] ? f2fs_write_node_pages+0x478/0x6e0 [ 701.360831][ T3526] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 701.360872][ T3526] ? srso_alias_return_thunk+0x5/0xfbef5 [ 701.360907][ T3526] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 701.360946][ T3526] do_writepages+0x32e/0x550 [ 701.360979][ T3526] ? srso_alias_return_thunk+0x5/0xfbef5 [ 701.361006][ T3526] ? reacquire_held_locks+0x127/0x1d0 [ 701.361034][ T3526] ? writeback_sb_inodes+0x372/0x1000 [ 701.361072][ T3526] __writeback_single_inode+0x145/0xff0 [ 701.361098][ T3526] ? srso_alias_return_thunk+0x5/0xfbef5 [ 701.361125][ T3526] ? do_raw_spin_unlock+0x122/0x240 [ 701.361166][ T3526] writeback_sb_inodes+0x6b5/0x1000 [ 701.361224][ T3526] ? srso_alias_return_thunk+0x5/0xfbef5 [ 701.361267][ T3526] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 701.361344][ T3526] ? srso_alias_return_thunk+0x5/0xfbef5 [ 701.361372][ T3526] ? rcu_is_watching+0x15/0xb0 [ 701.361400][ T3526] ? srso_alias_return_thunk+0x5/0xfbef5 [ 701.361438][ T3526] wb_writeback+0x43b/0xaf0 [ 701.361474][ T3526] ? queue_io+0x311/0x590 [ 701.361510][ T3526] ? __pfx_wb_writeback+0x10/0x10 [ 701.361547][ T3526] ? _raw_spin_unlock_irq+0x23/0x50 [ 701.361588][ T3526] wb_workfn+0x409/0xef0 [ 701.361643][ T3526] ? __pfx_wb_workfn+0x10/0x10 [ 701.361684][ T3526] ? srso_alias_return_thunk+0x5/0xfbef5 [ 701.361711][ T3526] ? __lock_acquire+0xab9/0xd20 [ 701.361749][ T3526] ? srso_alias_return_thunk+0x5/0xfbef5 [ 701.361780][ T3526] ? srso_alias_return_thunk+0x5/0xfbef5 [ 701.361811][ T3526] ? _raw_spin_unlock_irq+0x23/0x50 [ 701.361844][ T3526] ? process_scheduled_works+0x9ef/0x17b0 [ 701.361871][ T3526] ? process_scheduled_works+0x9ef/0x17b0 [ 701.361901][ T3526] process_scheduled_works+0xae1/0x17b0 [ 701.361964][ T3526] ? __pfx_process_scheduled_works+0x10/0x10 [ 701.362002][ T3526] ? srso_alias_return_thunk+0x5/0xfbef5 [ 701.362041][ T3526] worker_thread+0x8a0/0xda0 [ 701.362074][ T3526] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 701.362119][ T3526] ? __kthread_parkme+0x7b/0x200 [ 701.362162][ T3526] kthread+0x711/0x8a0 [ 701.362200][ T3526] ? __pfx_worker_thread+0x10/0x10 [ 701.362229][ T3526] ? __pfx_kthread+0x10/0x10 [ 701.362259][ T3526] ? srso_alias_return_thunk+0x5/0xfbef5 [ 701.362291][ T3526] ? _raw_spin_unlock_irq+0x23/0x50 [ 701.362323][ T3526] ? srso_alias_return_thunk+0x5/0xfbef5 [ 701.362350][ T3526] ? lockdep_hardirqs_on+0x9c/0x150 [ 701.362384][ T3526] ? __pfx_kthread+0x10/0x10 [ 701.362420][ T3526] ret_from_fork+0x3fc/0x770 [ 701.362450][ T3526] ? __pfx_ret_from_fork+0x10/0x10 [ 701.362483][ T3526] ? __switch_to_asm+0x39/0x70 [ 701.362519][ T3526] ? __switch_to_asm+0x33/0x70 [ 701.362549][ T3526] ? __pfx_kthread+0x10/0x10 [ 701.362585][ T3526] ret_from_fork_asm+0x1a/0x30 [ 701.362636][ T3526] [ 701.362647][ T3526] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 701.364148][T11077] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 702.016002][T11077] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 702.388787][T11077] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 703.966435][T11077] 8021q: adding VLAN 0 to HW filter on device bond0 [ 704.176821][T11077] 8021q: adding VLAN 0 to HW filter on device team0 [ 704.204394][ T38] bridge0: port 1(bridge_slave_0) entered blocking state [ 704.211571][ T38] bridge0: port 1(bridge_slave_0) entered forwarding state [ 704.312662][ T38] bridge0: port 2(bridge_slave_1) entered blocking state [ 704.319888][ T38] bridge0: port 2(bridge_slave_1) entered forwarding state [ 704.590683][ T5950] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 704.721664][T11053] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 704.769667][ T5950] usb 3-1: Using ep0 maxpacket: 16 [ 704.804676][ T5950] usb 3-1: config 0 interface 0 altsetting 1 endpoint 0x7 has invalid wMaxPacketSize 0 [ 704.869132][ T5950] usb 3-1: config 0 interface 0 altsetting 1 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 704.915113][ T5950] usb 3-1: config 0 interface 0 altsetting 1 endpoint 0x89 has invalid wMaxPacketSize 0 [ 704.966372][ T5950] usb 3-1: config 0 interface 0 has no altsetting 0 [ 704.988350][ T5950] usb 3-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb [ 705.032204][ T5950] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 705.074448][ T5950] usb 3-1: Product: syz [ 705.099752][ T5950] usb 3-1: Manufacturer: syz [ 705.119871][ T5950] usb 3-1: SerialNumber: syz [ 705.140421][ T5950] usb 3-1: config 0 descriptor?? [ 705.651524][T11077] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 706.893847][T11053] veth0_vlan: entered promiscuous mode [ 707.636697][T11053] veth1_vlan: entered promiscuous mode [ 707.688004][T11053] veth0_macvtap: entered promiscuous mode [ 707.736984][T11053] veth1_macvtap: entered promiscuous mode [ 707.812305][ T5950] usb 3-1: Can not set alternate setting to 1, error: -71 [ 707.861496][ T5950] synaptics_usb 3-1:0.0: probe with driver synaptics_usb failed with error -71 [ 707.896827][T11053] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 707.976929][T11053] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 707.989988][ T5950] usb 3-1: USB disconnect, device number 10 [ 708.026985][T11053] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 708.105595][T11053] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 708.129798][T11053] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 708.661764][T11053] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 709.704191][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 709.738678][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 710.168239][T11077] veth0_vlan: entered promiscuous mode [ 710.176181][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 710.194413][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 710.538133][T11077] veth1_vlan: entered promiscuous mode [ 710.714124][T11077] veth0_macvtap: entered promiscuous mode [ 710.762068][T11077] veth1_macvtap: entered promiscuous mode [ 710.845480][T11077] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 710.920454][T11077] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 711.326704][T11581] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 711.338009][T11581] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 711.522902][T11077] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 711.812378][T11077] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 711.839803][T11077] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 711.874263][T11077] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 713.617642][T11599] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 713.721290][ T6321] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 713.729231][ T6321] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 713.965771][T10101] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 714.067949][T10101] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 714.954456][T11620] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 715.009787][T11620] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 715.055658][T11620] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 715.224778][T11620] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 715.242802][T11625] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1201'. [ 715.856431][T11628] 9pnet_fd: Insufficient options for proto=fd [ 716.510461][T11634] 9pnet_fd: Insufficient options for proto=fd [ 717.719476][T11644] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_rx_wq": -EINTR [ 718.155677][T11653] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 718.176006][T11653] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 719.359886][ T5929] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 720.539811][ T10] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 720.569674][ T5929] usb 7-1: Using ep0 maxpacket: 8 [ 720.594211][ T5929] usb 7-1: config index 0 descriptor too short (expected 73, got 45) [ 720.626619][ T5929] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 720.679634][ T5929] usb 7-1: config 0 has no interfaces? [ 720.697272][ T5929] usb 7-1: New USB device found, idVendor=05da, idProduct=0099, bcdDevice=d5.82 [ 720.718733][ T5929] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 720.754157][ T10] usb 3-1: Using ep0 maxpacket: 16 [ 720.763789][ T5929] usb 7-1: Product: syz [ 720.767964][ T5929] usb 7-1: Manufacturer: syz [ 720.789899][ T5929] usb 7-1: SerialNumber: syz [ 720.794989][ T10] usb 3-1: config 0 interface 0 altsetting 1 endpoint 0x7 has invalid wMaxPacketSize 0 [ 720.829701][ T5929] usb 7-1: config 0 descriptor?? [ 720.836133][ T10] usb 3-1: config 0 interface 0 altsetting 1 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 720.847104][ T24] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 720.875304][T11691] netlink: 32 bytes leftover after parsing attributes in process `syz.9.1219'. [ 720.897614][ T10] usb 3-1: config 0 interface 0 altsetting 1 endpoint 0x89 has invalid wMaxPacketSize 0 [ 720.923713][ T10] usb 3-1: config 0 interface 0 has no altsetting 0 [ 721.522104][ T10] usb 3-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb [ 721.759984][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 721.768034][ T10] usb 3-1: Product: syz [ 721.779653][ T10] usb 3-1: Manufacturer: syz [ 721.784281][ T10] usb 3-1: SerialNumber: syz [ 721.812108][ T10] usb 3-1: config 0 descriptor?? [ 721.898506][ T9] usb 7-1: USB disconnect, device number 4 [ 722.157382][ T24] usb 5-1: Using ep0 maxpacket: 16 [ 722.167797][ T24] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 722.179332][ T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 722.193784][ T24] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 722.218205][ T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 722.228301][ T24] usb 5-1: Product: syz [ 722.233848][ T10] input: syz syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input9 [ 722.245351][ T24] usb 5-1: Manufacturer: syz [ 722.271084][ T5198] synaptics_usb 3-1:0.0: synusb_open - usb_submit_urb failed, error: -90 [ 722.272892][ T24] usb 5-1: SerialNumber: syz [ 722.299283][ T5198] synaptics_usb 3-1:0.0: synusb_open - usb_submit_urb failed, error: -90 [ 722.356031][ T5198] synaptics_usb 3-1:0.0: synusb_open - usb_submit_urb failed, error: -90 [ 722.386014][ T5198] synaptics_usb 3-1:0.0: synusb_open - usb_submit_urb failed, error: -90 [ 722.407214][T11677] synaptics_usb 3-1:0.0: synusb_open - usb_submit_urb failed, error: -90 [ 724.382427][T11712] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 724.391297][T11712] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 724.623856][ T24] usb 5-1: config 0 descriptor?? [ 724.635184][ T5915] usb 3-1: USB disconnect, device number 11 [ 724.641293][ T24] usb 5-1: can't set config #0, error -71 [ 724.662153][ T24] usb 5-1: USB disconnect, device number 2 [ 726.116043][T11739] overlayfs: failed to clone lowerpath [ 729.787751][T11749] netlink: 32 bytes leftover after parsing attributes in process `syz.7.1233'. [ 731.700117][ T10] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 731.742076][ T9886] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 731.900703][ T9886] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 731.911398][ T10] usb 3-1: Using ep0 maxpacket: 16 [ 731.952309][ T10] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 732.010699][ T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 732.044836][ T10] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 732.056269][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 732.080845][ T10] usb 3-1: Product: syz [ 732.095724][ T10] usb 3-1: Manufacturer: syz [ 732.119195][ T10] usb 3-1: SerialNumber: syz [ 732.154960][ T9886] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 732.166669][ T10] usb 3-1: config 0 descriptor?? [ 732.209449][ T10] em28xx 3-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 732.247422][ T10] em28xx 3-1:0.0: Audio interface 0 found (Vendor Class) [ 732.365815][ T9886] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 732.846174][ T10] em28xx 3-1:0.0: unknown em28xx chip ID (110) [ 733.001406][ T9886] bridge_slave_1: left allmulticast mode [ 733.046866][ T10] em28xx 3-1:0.0: Config register raw data: 0xfffffffb [ 733.060896][ T9886] bridge_slave_1: left promiscuous mode [ 733.081911][ T9886] bridge0: port 2(bridge_slave_1) entered disabled state [ 733.149988][ T9886] bridge_slave_0: left allmulticast mode [ 733.196140][ T9886] bridge_slave_0: left promiscuous mode [ 733.220636][ T9886] bridge0: port 1(bridge_slave_0) entered disabled state [ 733.505822][ T10] em28xx 3-1:0.0: AC97 chip type couldn't be determined [ 733.527188][ T10] em28xx 3-1:0.0: No AC97 audio processor [ 733.592994][ T10] usb 3-1: USB disconnect, device number 12 [ 733.636907][ T10] em28xx 3-1:0.0: Disconnecting em28xx [ 733.716996][ T10] em28xx 3-1:0.0: Freeing device [ 734.827118][ T5854] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 735.099904][ T5854] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 735.224277][ T5854] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 735.233979][ T5854] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 735.242053][ T5854] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 736.432160][T11823] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 736.444421][T11823] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 736.474237][T11823] usb usb1: check_ctrlrecip: process 11823 (syz.4.1246) requesting ep 01 but needs 81 [ 736.484133][T11823] usb usb1: usbfs: process 11823 (syz.4.1246) did not claim interface 0 before use [ 736.981690][T11825] comedi comedi3: pcl818: I/O port conflict (0xfffffffffffffffb,16) [ 737.025393][T11825] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000005: 0000 [#1] SMP KASAN NOPTI [ 737.037499][T11825] KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f] [ 737.045914][T11825] CPU: 0 UID: 0 PID: 11825 Comm: syz.9.1242 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 737.056243][T11825] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 737.066309][T11825] RIP: 0010:pcl818_ai_cancel+0x69/0x3f0 [ 737.071872][T11825] Code: 8b 1b 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 29 f6 42 f9 48 8b 03 48 89 04 24 49 83 c4 28 4c 89 e0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 e7 e8 08 f6 42 f9 4d 8b 24 24 48 83 c3 [ 737.091485][T11825] RSP: 0018:ffffc90003c3f9f0 EFLAGS: 00010216 [ 737.097566][T11825] RAX: 0000000000000005 RBX: ffff88802f747180 RCX: 0000000000080000 [ 737.105543][T11825] RDX: ffffc90012f5f000 RSI: 0000000000003edc RDI: 0000000000003edd [ 737.113536][T11825] RBP: 0000000000000001 R08: ffff88814c2f512f R09: 1ffff1102985ea25 [ 737.121512][T11825] R10: dffffc0000000000 R11: ffffffff88e08cf0 R12: 0000000000000028 [ 737.129486][T11825] R13: dffffc0000000000 R14: ffff88814c2f5000 R15: dffffc0000000000 [ 737.137466][T11825] FS: 00007f81c03c46c0(0000) GS:ffff888125c1d000(0000) knlGS:0000000000000000 [ 737.146402][T11825] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 737.152995][T11825] CR2: 000000110c244d94 CR3: 000000007afd6000 CR4: 0000000000350ef0 [ 737.160971][T11825] Call Trace: [ 737.164242][T11825] [ 737.167167][T11825] pcl818_detach+0x66/0xd0 [ 737.171586][T11825] comedi_device_detach+0x137/0x720 [ 737.176795][T11825] comedi_device_attach+0x568/0x670 [ 737.181991][T11825] comedi_unlocked_ioctl+0x686/0xf40 [ 737.187279][T11825] ? srso_alias_return_thunk+0x5/0xfbef5 [ 737.192913][T11825] ? srso_alias_return_thunk+0x5/0xfbef5 [ 737.198543][T11825] ? __pfx_comedi_unlocked_ioctl+0x10/0x10 [ 737.204364][T11825] ? file_init_path+0x3b/0x590 [ 737.209135][T11825] ? srso_alias_return_thunk+0x5/0xfbef5 [ 737.214765][T11825] ? __lock_acquire+0xab9/0xd20 [ 737.219622][T11825] ? __fget_files+0x2a/0x420 [ 737.224216][T11825] ? __fget_files+0x2a/0x420 [ 737.228809][T11825] ? __fget_files+0x3a0/0x420 [ 737.233486][T11825] ? __fget_files+0x2a/0x420 [ 737.238079][T11825] ? srso_alias_return_thunk+0x5/0xfbef5 [ 737.243710][T11825] ? srso_alias_return_thunk+0x5/0xfbef5 [ 737.249339][T11825] ? __pfx_comedi_unlocked_ioctl+0x10/0x10 [ 737.255144][T11825] __se_sys_ioctl+0xfc/0x170 [ 737.259747][T11825] do_syscall_64+0xfa/0x3b0 [ 737.264253][T11825] ? lockdep_hardirqs_on+0x9c/0x150 [ 737.269554][T11825] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 737.275623][T11825] ? srso_alias_return_thunk+0x5/0xfbef5 [ 737.281255][T11825] ? exc_page_fault+0x9f/0xf0 [ 737.285941][T11825] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 737.291828][T11825] RIP: 0033:0x7f81bf58e929 [ 737.296233][T11825] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 737.315838][T11825] RSP: 002b:00007f81c03c4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 737.324249][T11825] RAX: ffffffffffffffda RBX: 00007f81bf7b6240 RCX: 00007f81bf58e929 [ 737.332218][T11825] RDX: 0000200000000140 RSI: 0000000040946400 RDI: 0000000000000003 [ 737.340180][T11825] RBP: 00007f81bf610b39 R08: 0000000000000000 R09: 0000000000000000 [ 737.348141][T11825] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 737.356102][T11825] R13: 0000000000000000 R14: 00007f81bf7b6240 R15: 00007ffe42875438 [ 737.364078][T11825] [ 737.367085][T11825] Modules linked in: [ 737.371023][ C0] vkms_vblank_simulate: vblank timer overrun SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 737.377927][T11825] ---[ end trace 0000000000000000 ]--- [ 737.399513][ T5859] Bluetooth: hci3: command tx timeout [ 738.129856][T11825] RIP: 0010:pcl818_ai_cancel+0x69/0x3f0 [ 738.135463][T11825] Code: 8b 1b 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 29 f6 42 f9 48 8b 03 48 89 04 24 49 83 c4 28 4c 89 e0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 e7 e8 08 f6 42 f9 4d 8b 24 24 48 83 c3 [ 738.276268][T11825] RSP: 0018:ffffc90003c3f9f0 EFLAGS: 00010216 [ 738.329918][T11825] RAX: 0000000000000005 RBX: ffff88802f747180 RCX: 0000000000080000 [ 738.337945][T11825] RDX: ffffc90012f5f000 RSI: 0000000000003edc RDI: 0000000000003edd [ 738.407395][T11825] RBP: 0000000000000001 R08: ffff88814c2f512f R09: 1ffff1102985ea25 [ 738.490942][T11825] R10: dffffc0000000000 R11: ffffffff88e08cf0 R12: 0000000000000028 [ 738.498975][T11825] R13: dffffc0000000000 R14: ffff88814c2f5000 R15: dffffc0000000000 [ 738.573849][T11825] FS: 00007f81c03c46c0(0000) GS:ffff888125d1d000(0000) knlGS:0000000000000000 [ 738.591596][T11825] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 738.622222][T11825] CR2: 000055717a552950 CR3: 000000007afd6000 CR4: 0000000000350ef0 [ 738.651727][T11825] Kernel panic - not syncing: Fatal exception [ 738.658027][T11825] Kernel Offset: disabled [ 738.662343][T11825] Rebooting in 86400 seconds..