last executing test programs: 19m33.794038871s ago: executing program 2 (id=821): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000020000000000000f9ffff0b85000000070000008500000007"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000040)='sys_exit\x00', r0}, 0x90) fallocate(0xffffffffffffffff, 0x3, 0x9100, 0x3) 19m33.507826456s ago: executing program 2 (id=823): ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, &(0x7f0000000140)=0x7ffd) socket(0x10, 0x3, 0x0) openat$urandom(0xffffffffffffff9c, 0x0, 0x5752c1, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_open_dev$loop(&(0x7f00000001c0), 0x9, 0x20a5c3) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x87}, 0x0) io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x2, 0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) io_uring_enter(0xffffffffffffffff, 0x47f6, 0x0, 0x0, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00') read$msr(r0, &(0x7f0000000180)=""/174, 0xae) add_key(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r1 = syz_open_dev$radio(0x0, 0x3, 0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r2 = syz_open_dev$MSR(&(0x7f00000000c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) socket$igmp6(0xa, 0x3, 0x2) ioctl$VIDIOC_SUBSCRIBE_EVENT(r1, 0x4020565a, &(0x7f0000000140)={0x3, 0x2}) mount(&(0x7f0000000140)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='qnx6\x00', 0x200000, 0x0) openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) memfd_create(&(0x7f0000000000)='\x103q}2\x9a\xce\xaf\x03\xdfy[\xd9\xffR8\xf4\x1c\bi\xe4^\xd5\xfd\xa9\r\xac7A\x94\xa0\x00\x00\x00\x90+\xd6\x05\r\x84\x87\x1c\b\xdb\xe2\x00\x00A\x90m\xb6&\xd0\x9d\x00\x00\xc5\xb8,\f\xd4s\xb2\x99/\xc0\x9a\xf2O\xdb\x00\x00\x00\x00\x00\x00\r\x1b\xd3\xff<\x83z\x80\x8fQ|\xf5d\x10\x10\xd7\x01M\x7fML\x18\'\x1a<\xfee7{l\x16}\xa0I\x7f\xb5)l\xbb\x02\xfa\xb7\xb6\xa0]\xda8\xe0~\x1c \x91\t\x8b\xbd\x1f\xb3834d1i\x9b\x94\xa6\\\x0e\xe2\xfa\xe5!\xd3\xcf\xfc\xce\xba\xe2\x9f\x05xgL5\x14Y+\xb3\x1axi)<\xf7\x98\xc1\xba\xf4|\xe7|\xc4\xd7\x03\x00\x00\x00\x04D\x15E^7%8\x94y\x98\xf0l\xa0\'Q%\xd4\xda\xee\x81}\xcc\xfd\xa2\xe3M~x\x96\xe3]\xd70\xa2\x17\xca\xde\x1b\xaa\xe0l\xfc\x85\x8fc\x1c{|e\x8bs\xb0\x85E\xce;p)\xf8\xa6\xaa&QC4V\x81\x04\xcf\xd2\x81\xdc\xdf\xd7<\x9f\x93\x8bX\xd4\xea\xb2\xff\b\x92\xc7\x00\xef\xff\x00\x93\x1f\x92\xa7dcY\x9c\x9e9O-\xfcF\xbb\xbd{:IR\xea\xd8$\xe2\xa0\xc2\x8b\x1a\xead\xb8\xe1:6\x15M\x1d\xdak\x8c\x909\xd8\xb3\x02\xe0\x04\x9c\xc2\x06|\xf0\x0f\xa6Y&r\x9b\xc7\x1d\xe7jDf\x87@\x8fg\x15RJwe\xe2\xdcunu\xff`\xa40\xce\xffB%\xe4k\xff\x8d\x06\x0e\x89\xd9DC\x9fF\x9c[M=\xe0^\xa8\xed)\xe8Z\xe8\x99&\x87\x04\xa4\t\xaa\xd8\xd6\xd5pG\xcb\xc4\x8b\xf7\xb8#\xcb\xd8|\xa5\xa6S\x8b\x8cv\xb7)\x02k\xf3L\x03\xbb\xfa\xe1\\\xf1\x8cUj\xd5\xa5\x88GL\xe7_\xfd\x17C=G\x0f\xe9u\x1d\xfeg\xfex\xcd\xaa\xad\x906\xd0sy\xc6T\x93\xae\xd5r\xc8G\xc5\xfdS\xff\x04:`\x1e\xe3;l\xcd&\xd4\xf4\x8eum\x04\x00~\xfa\x05\xd7\xe7X\xc7/\xae5\x93wwT\x13\xbd,\xd6\x16\x84\xcd\xd1\xd8\xe1P_\xbf0\xd8\x8d%Yh\xb5\xb4\"\xf5\x93\xdeh\xce\xa5\xe8\xc8\xec\x88\x89\xf07{\x95\xc9\xd0\xee\xe1\x1d\x80\xcc]-\xc2\xa1\x02ELhI\xd9\xf5\xcfk\x8a&i\xc1\xff9T\x8e\xe2rY\xa3\xd2H9\xfe\x0e\x1e\xac\x0f\xc3\xbd{\xd9\xcc\xbe\xa9\x93\xe0\xa4W\x1cn>\xc1\xf1\x9e\"\x93\x19\x19\x1a\xcc\x7fy\xd2~\x05\x99\xe6\x00o\xca\xe0\xc6\xd4\xf5\xa0\xc8P\xd6;\xf3\xc6~E\xacI\xd4\xe9\xa1|>\x91.K\x81\xa9+\xcf\xff\xcb\xfa\x0f\xe7n\x83H\x12\xac\x80\x16\xf8\x87Q\x97Az\n`\xb6\xe13A\xec\x8d(\\D\xec\xa6\t1\xa0h\xfc\x1f\xdd1@-4\xb4:\xf8\xd5wP \x84m\xe2\xd9\xfcb\xa0\xc3\xc9\xe7W\x86\xd7$\xa4ml\xee\x97[\xb7\xfa', 0x2) 19m32.305492763s ago: executing program 2 (id=825): r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r1 = syz_usb_connect(0x0, 0x24, &(0x7f00000001c0)=ANY=[@ANYBLOB="12010000351930404516080036cf000000010902120001000000000904"], 0x0) syz_usb_control_io$printer(r1, 0x0, &(0x7f0000000000)={0x1c, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0}) socket(0x11, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_usb_control_io$uac1(r1, 0x0, 0x0) socket$inet_smc(0x2b, 0x1, 0x0) 19m29.802042372s ago: executing program 2 (id=831): openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) r3 = signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x2]}, 0x8, 0x800) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000640)=@generic={0x0}, 0x18) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setsockopt$inet_msfilter(r3, 0x0, 0x29, &(0x7f0000000080)=ANY=[@ANYBLOB="000000000a0101010100000004000000e070a091f16ac01987b1d4700000017f"], 0x20) r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) msgget$private(0x0, 0x2c0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TIOCGPGRP(r4, 0x5437, 0x0) r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) setsockopt$bt_l2cap_L2CAP_OPTIONS(r5, 0x6, 0x1, &(0x7f0000000000)={0x0, 0x747, 0x0, 0x3}, 0xc) 19m28.708191352s ago: executing program 2 (id=834): prlimit64(0x0, 0xe, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f00000003c0)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0) bind$rose(r3, &(0x7f0000000440)=@short={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, 0x1, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}}, 0x1c) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) r5 = socket(0x1d, 0x2, 0x6) ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000000)={'vxcan0\x00', 0x0}) bind$can_j1939(r5, &(0x7f0000000900)={0x1d, r6, 0x1}, 0x18) sendmmsg$unix(r5, &(0x7f0000004a80)=[{{&(0x7f00000003c0)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000000840)=[{&(0x7f0000000440)="bd", 0x1}], 0x1, 0x0, 0x0, 0x40000}}], 0x1, 0x1d3) syz_genetlink_get_family_id$wireguard(&(0x7f0000000080), r5) r7 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_ADD_MFC(r7, 0x29, 0xcc, &(0x7f0000000000)={{0xa, 0x4e24, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x809}, {0xa, 0x8, 0xfffffffe, @empty}, 0x2, {[0x0, 0x1, 0xfffffffe, 0xfff, 0x2, 0x4]}}, 0x5c) setsockopt$MRT6_ADD_MFC(r7, 0x29, 0xcc, &(0x7f0000000280)={{0xa, 0x0, 0x0, @loopback}, {0xa, 0x0, 0x0, @mcast2}, 0x0, {[0x1, 0x0, 0x0, 0x0, 0x9]}}, 0x5c) setsockopt$MRT6_ADD_MFC(r7, 0x29, 0xcc, &(0x7f0000000000)={{0xa, 0x0, 0x0, @private2}, {0xa, 0x0, 0x0, @empty}}, 0x5c) setsockopt$MRT6_FLUSH(r7, 0x29, 0xd4, &(0x7f00000000c0)=0x7, 0x4) sendmsg$NFT_BATCH(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)={{0x70, 0x10, 0x1, 0x0, 0x0, {0xa}}, [@NFT_MSG_NEWRULE={0x48, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x1c, 0x4, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, @log={{0x8}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_LOG_GROUP={0x6, 0x1, 0x1, 0x0, 0x7}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x70}}, 0x0) 19m26.039976995s ago: executing program 2 (id=839): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f00000002c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$SNDCTL_DSP_RESET(0xffffffffffffffff, 0x5000, 0x0) getresuid(&(0x7f0000000200), 0x0, 0x0) sendmsg$unix(r1, 0x0, 0x8000) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f0000000240)) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x1, 0x2}, 0x28) ioctl$KVM_RUN(r4, 0xae80, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_DELETE(r5, 0x0, 0x40) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) socket$unix(0x1, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) 19m10.771471402s ago: executing program 32 (id=839): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f00000002c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$SNDCTL_DSP_RESET(0xffffffffffffffff, 0x5000, 0x0) getresuid(&(0x7f0000000200), 0x0, 0x0) sendmsg$unix(r1, 0x0, 0x8000) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f0000000240)) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x1, 0x2}, 0x28) ioctl$KVM_RUN(r4, 0xae80, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_DELETE(r5, 0x0, 0x40) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) socket$unix(0x1, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) 12m13.338839157s ago: executing program 1 (id=1632): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) r3 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_int(r3, 0x0, 0xa, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) move_pages(0x0, 0x0, 0x0, &(0x7f0000000240)=[0x1], 0x0, 0x0) r4 = shmget(0x1, 0x4000, 0x200, &(0x7f0000ffb000/0x4000)=nil) mount$fuse(0x0, &(0x7f00000042c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB, @ANYRESDEC=0x0]) mount$fuse(0x0, &(0x7f00000002c0)='./cgroup\x00', &(0x7f0000000340), 0x888000, &(0x7f0000000400)=ANY=[@ANYBLOB, @ANYBLOB=',rootmode=00000000000000000020000,us', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYBLOB=',allow_other,max_read=0x0000000000000e5a,blksi']) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r5 = syz_open_dev$cec(&(0x7f0000000400), 0x0, 0x80200) ioctl$CEC_ADAP_S_LOG_ADDRS(r5, 0xc05c6104, &(0x7f00000000c0)={"f2efe21e", 0x0, 0x5, 0x4a, 0x0, 0x1ff, "2179d46fd08e3c0ced34c7d0c7e6d7", "7ca24a13", "0400", "a2d1d4a2", ["1af0b1ba1cb8fd54c9c9b587", "bed0f3d6ce7a5f7389827f04", "33af343c60abc64f2fdc9ddf", "9b3842fc63849f62b6eb1c3c"]}) r6 = syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000280)={0x4, 0x2, 0x80a0000, 0x2000, &(0x7f000005e000/0x2000)=nil}) ioctl$CEC_TRANSMIT(r6, 0xc0386105, &(0x7f0000000d40)={0x2, 0x3, 0x3, 0xfffffffc, 0x0, 0x4063, "57c1169b6664ea61326ac71ae7213059", 0x0, 0x0, 0x0, 0xfd, 0x5, 0x1, 0x4}) ioctl$CEC_ADAP_S_LOG_ADDRS(r5, 0xc05c6104, &(0x7f0000000340)={"8171f879", 0x7, 0xb0, 0x0, 0x9, 0x5, "00800000000000f51000", "00598b00", "0200", "01000800", ["dc001000", "0000000000ffe700005a00", "4a218302000000215c384d00", "790000a5a16706008c00edbf"]}) shmctl$IPC_RMID(r4, 0x0) mount(0x0, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000000)='iso9660\x00', 0x208000, 0x0) 12m11.064406397s ago: executing program 1 (id=1635): r0 = openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, 0x0, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000180)={0x3, 0x40, 0xfa02, {{0x6000000, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, {0xa, 0x0, 0x0, @mcast2={0xff, 0x5}}}}, 0x48) r1 = socket$inet_udp(0x2, 0x2, 0x0) r2 = fsopen(&(0x7f0000000280)='configfs\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0) r3 = fsmount(r2, 0x0, 0x0) ioctl$BLKGETDISKSEQ(r3, 0x80081280, &(0x7f0000000200)) mkdir(&(0x7f00000000c0)='./file1\x00', 0x154) socket$nl_route(0x10, 0x3, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f00000003c0)={0x4, 0x80100008b}, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000002700)=""/102392, 0x18ff8) r5 = openat$ttyS3(0xffffffffffffff9c, 0x0, 0x2982, 0x0) r6 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0x20000023896) r7 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0) sendfile(r7, 0xffffffffffffffff, &(0x7f0000002080)=0x3a, 0x23b) setsockopt$inet_buf(r1, 0x0, 0x20, &(0x7f0000000080)="1700be8c00000000", 0x8) syz_clone(0x81000, &(0x7f0000000000)="7a7ca126d81cc5c8b84401b987cbab72ce14a717", 0x14, &(0x7f0000000040), &(0x7f00000000c0), &(0x7f0000000100)="78cb242c45e08639c9615ce79d4555a4e5caaa24e9a73d214181153b2ecff681e2afbd") 12m5.899938058s ago: executing program 1 (id=1643): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) syz_emit_vhci(&(0x7f00000003c0)=ANY=[@ANYBLOB="03c9008c8a7cfc942116783857cbbf94a48949bd944741ae963b551ab2316c2ea4e70cb07d718a94f57b99517e536c4a0f708656296dc71cd9fdf61a59460f7b7062af8be5a92217"], 0x90) add_key$user(&(0x7f0000000380), &(0x7f0000000000)={'syz', 0x0}, &(0x7f0000000580)='X', 0x1, 0xfffffffffffffffe) statx(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0xa151f28f0960cc0f, 0x100, 0x0) add_key$user(&(0x7f0000000200), &(0x7f00000005c0), &(0x7f00000000c0), 0x390, 0xfffffffffffffffd) socket$inet(0xa, 0x801, 0x84) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r3, 0x40045532, &(0x7f00000000c0)=0x2) r4 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0) r5 = syz_open_dev$sndpcmp(&(0x7f0000000200), 0x0, 0xa2c65) ioctl$SNDCTL_DSP_GETOSPACE(r4, 0x8010500c, &(0x7f0000000040)) ioctl$SNDRV_PCM_IOCTL_READI_FRAMES(r5, 0x80184151, &(0x7f0000000340)={0x0, 0x0}) 12m4.340399835s ago: executing program 1 (id=1647): ioctl$I2C_SMBUS(0xffffffffffffffff, 0x720, &(0x7f0000000080)={0x0, 0x0, 0x6, &(0x7f0000000000)={0x0, "e922fe53e14fcad1ebe6ff00000000000000080000000000000000000021b49d61"}}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r3, &(0x7f0000000040)={0xa, 0xe22}, 0x1c) r4 = socket$netlink(0x10, 0x3, 0x8000000004) getgroups(0x449a065a, 0xfffffffffffffffe) writev(r4, &(0x7f0000000180)=[{&(0x7f00000001c0)="580000001400add427323b472545b4560a117fffffff81000e220e227f000001925aa80013007b00090080007f000001e809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee000000deff00000002000000", 0x57}], 0x1) 12m2.504899512s ago: executing program 1 (id=1650): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)=ANY=[@ANYBLOB="4c00000002060108000034e40000000000000000050001000600000005000400000000000900020073797a3100000000050005000200000c12000300686173683a6e65742c706f7274"], 0x4c}}, 0x2) bpf$MAP_CREATE(0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="1b00"/11], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0xc, &(0x7f0000000600)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) ioctl$TUNSETVNETLE(r0, 0x400454dc, &(0x7f00000006c0)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) socket$inet6(0xa, 0x80002, 0x0) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18060000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x20, &(0x7f00000001c0)={@empty, @private, 0x0}, &(0x7f0000000280)=0xc) sendmsg$ETHTOOL_MSG_FEATURES_GET(r4, &(0x7f0000000600)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000500)={0xd0, 0x0, 0x300, 0x70bd25, 0x25dfdbfe, {}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dvmrp0\x00'}]}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @HEADER={0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge_slave_0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8}]}, @HEADER={0x54, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_batadv\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_bond\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8}]}, @HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8}]}]}, 0xd0}, 0x1, 0x0, 0x0, 0x40040}, 0x4) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r4, &(0x7f0000000480)={0x0, 0x60, &(0x7f0000000140)={&(0x7f00000002c0)={0x1c, r5, 0x9c3fa077fa966179, 0x0, 0x0, {{0x7e}, {@val={0x8}, @void}}}, 0x1c}}, 0x0) 11m59.119772752s ago: executing program 1 (id=1653): unshare(0x6a040000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, 0x0) r0 = socket(0x10, 0x803, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000002240)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) r3 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$KEYCTL_MOVE(0x1e, r3, 0xfffffffffffffffd, 0xfffffffffffffffe, 0x1) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000080)='net/igmp\x00') r4 = socket$pppl2tp(0x18, 0x1, 0x1) write$char_usb(0xffffffffffffffff, 0x0, 0x0) r5 = socket$kcm(0x2, 0x5, 0x84) r6 = syz_open_dev$vim2m(&(0x7f0000000280), 0x10000000, 0x2) ioctl$vim2m_VIDIOC_QUERYCAP(r6, 0x80685600, &(0x7f00000005c0)) sendmsg$inet(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000001400)=[{&(0x7f0000001800)='_', 0x1}], 0x1}, 0x64) setsockopt$sock_attach_bpf(r5, 0x84, 0x1e, &(0x7f0000000000), 0x10) socket$kcm(0x10, 0x2, 0x0) connect$pppl2tp(r4, &(0x7f00000000c0)=@pppol2tpv3in6={0x18, 0x1, {0x0, r0, 0x3, 0x0, 0x1, 0x0, {0xa, 0x4e23, 0x3, @private1, 0x7}}}, 0x3a) sendmsg$SMC_PNETID_GET(r0, 0x0, 0x0) getsockname$packet(r0, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000080)=ANY=[@ANYRES8, @ANYBLOB="83550500010000001c0012800b00010067656e65766500000c00028005000c00"], 0x3c}, 0x1, 0x0, 0x0, 0x1}, 0x0) syz_open_dev$sg(&(0x7f0000000140), 0x0, 0x20c02) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000040)="aefdda9d240303005a90f57f07703aeff0f64eb9ee07962c220a2e11b44e65d76641cb010852f426072a", 0x2a}], 0x1) 11m43.735784813s ago: executing program 33 (id=1653): unshare(0x6a040000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, 0x0) r0 = socket(0x10, 0x803, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000002240)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) r3 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$KEYCTL_MOVE(0x1e, r3, 0xfffffffffffffffd, 0xfffffffffffffffe, 0x1) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) syz_open_procfs(0x0, &(0x7f0000000080)='net/igmp\x00') r4 = socket$pppl2tp(0x18, 0x1, 0x1) write$char_usb(0xffffffffffffffff, 0x0, 0x0) r5 = socket$kcm(0x2, 0x5, 0x84) r6 = syz_open_dev$vim2m(&(0x7f0000000280), 0x10000000, 0x2) ioctl$vim2m_VIDIOC_QUERYCAP(r6, 0x80685600, &(0x7f00000005c0)) sendmsg$inet(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000001400)=[{&(0x7f0000001800)='_', 0x1}], 0x1}, 0x64) setsockopt$sock_attach_bpf(r5, 0x84, 0x1e, &(0x7f0000000000), 0x10) socket$kcm(0x10, 0x2, 0x0) connect$pppl2tp(r4, &(0x7f00000000c0)=@pppol2tpv3in6={0x18, 0x1, {0x0, r0, 0x3, 0x0, 0x1, 0x0, {0xa, 0x4e23, 0x3, @private1, 0x7}}}, 0x3a) sendmsg$SMC_PNETID_GET(r0, 0x0, 0x0) getsockname$packet(r0, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000080)=ANY=[@ANYRES8, @ANYBLOB="83550500010000001c0012800b00010067656e65766500000c00028005000c00"], 0x3c}, 0x1, 0x0, 0x0, 0x1}, 0x0) syz_open_dev$sg(&(0x7f0000000140), 0x0, 0x20c02) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000040)="aefdda9d240303005a90f57f07703aeff0f64eb9ee07962c220a2e11b44e65d76641cb010852f426072a", 0x2a}], 0x1) 8m43.783903113s ago: executing program 3 (id=1994): openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) r1 = signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x2]}, 0x8, 0x800) bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000640)=@generic={0x0}, 0x18) sched_setscheduler(0x0, 0x2, 0x0) setsockopt$inet_msfilter(r1, 0x0, 0x29, &(0x7f0000000080)=ANY=[], 0x20) r2 = openat$ttyS3(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, 0x0) ioctl$TIOCGPGRP(r2, 0x5437, 0x0) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) setsockopt$bt_l2cap_L2CAP_OPTIONS(r3, 0x6, 0x1, &(0x7f0000000000)={0x0, 0x747, 0x0, 0x3}, 0xc) connect$bt_l2cap(r3, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe) shutdown(r3, 0x0) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r3) 8m39.517605536s ago: executing program 3 (id=2001): syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x22400) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0xffffffffffffffe0, &(0x7f0000000180)=0x6) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f00000002c0)=@framed, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) socket$nl_route(0x10, 0x3, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r4 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0) syz_usb_disconnect(r4) syz_usb_connect(0x4, 0x65, &(0x7f0000000500)=ANY=[], 0x0) 8m28.65538483s ago: executing program 3 (id=2034): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0x4) ioctl$VHOST_SET_VRING_BASE(r0, 0x4008af12, &(0x7f0000000080)={0x1, 0x7f}) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1}) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000180), 0xfea7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) r4 = userfaultfd(0x80001) ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f0000000380)) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/236, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/66}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1) 8m28.267915174s ago: executing program 3 (id=2036): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4) sendmmsg$inet(r0, &(0x7f0000000e80)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f00000006c0)="0d18687da3e7f33aed145cf8ff2d1e5a18c0d5f9856f4824f41040f6987d0b531da10713ed151bc4867681f28e033aef683334d03864ed30590dd4ea64a20ecbbc1346c9f42510d91eec0632885b7da95ca85f4b1435c5c1e993a85257df5f19bdfc5e038a16e6a8aef907e347081fdb93cee93217e11f19cde423e6138bd1b79ee615527ccaf8049959ac6e32af46d777ccb8c26ca925f69590df13a81aee3213e80ba5cacf1f930b3cc49093d11594ef13325790b55efbdc2dd99ed1c3c609a49cc151870a", 0xc6}, {&(0x7f00000002c0)="9c811ff500139d7d28a5f0de630ec6041ed353d314e58721edf306c382ac611fe34479cb9e2585745ff3c61da74b06eb64f69a4e90d706178176dc533f123b66d04d51fb740c1efdf8db3b99ed18fb67c1f75ef7d55b3bb185f5f38665ea5e0918", 0x61}, {&(0x7f0000000380)="3f82090ccda4f8ce1b08afd200c6075794cdd2e0021e32a0f6267447162a2085457cf687e74d142e85e9c4ac6eefcdaa493bcb54152b1339a38d3898707b77a9333cfb7bdc7c523ab4aa869c6db252e8e93bc14cfccfdedf9bbaed10dbc3c315aaedb987b398dd67a155fc3644e2", 0x6e}], 0x3}}, {{0x0, 0x0, &(0x7f0000000e40)=[{&(0x7f0000001800)="353a35d6094e4ee7d764b6993f65136c5d6b84d9b1324a0b25e094700c9a66f9181738098f32e3e48859c3878d53a9752474da0d6af299d849d48f2fa2c8c807d7a1521da940585790ff1e6f9da83e32b751d1af9cfac640c1361f5ae8b99c187dafe9ea854120f6eaab11e7fdeb3f2152ebdbc21520ca01f64bb821576deef4ed6696cdddc1768b5b4fbd68a687cb6ba52ecf5cc6f8f05062f26de19d6aaaeb6cbca00e46685f77d2b3e8dd9d0d099e799cd5a76c67ab283f790366f7f744508edc9e48fa101b89215bd330c4e706c1f09d781a5a50aef5e424a7a88b3241a338ca7411cda28aa167b5628b79e8a7d588efb69636181b9c54f6d296386c95f8a08e27d5792dcb20fa3b5b4f60c71f310b31bb1ab4a825c2dc10fac150a17d92bb51849d9eea53c78d427d8d1036dc906084046fcae09499c220ef50c2c7c475f392bc288eb5efb8032d1ade92e88e50a05a95dd5c6cbbdfb086fa53bca14d40c8c3f7149b39b16b7c7370978389366174db5fbc99dbe958f8c1690cd695dfbe6c384162a412c8d3cfd7cf223f9df4c67b92514111891f53d4e19826797302e1a87e7a627c52740bb3bd311771a68d349c0a68ef6f2a765f8220323add67b2b6695ca41adcda387a4264bcd94c8578a9ccca3b55ebcda45369b56068cfeec34abc2cbd94b9b12d057fa9d4328d57073f40e5ae64443e4a10ed400575bbd1168a170a0134b9ad28735dbd9603a9e417cce864f2141a92f57e1fdfcff4776f94a794d6db8d3e9e0ecc783956c7ab15a8d5639d3df1ac9da6057af913a563bd55b657f37cbf4cae2919aea6ff8a748eb4c036361b8866cc062bbad019f43d02b0c38bd6309f2baa53924466203ab8d00daaac4c9da846e645d64c10e47c32e9824e79ade4eeee7cbf71b1bb48f760800b04334745ab553dea12a85f0671eb07a4cc67ceaffa8269e0b052f25136cfb8a6b9327a2d165c42933642d3171ad00ebf0be485f5ed319021600a94072f251c8905a2451eba3ba7db2ec5fb8613463a796610629719166259ffa3261e06f09b5a69798b88848da9028ff7ed8a729c384374fce0f4f5cda3b61cc4d61da382c5708f26edb16e9b65d667ed61248dfbed35a6a886adec25361c17d9f30f94db7e3085440df135ddec94f3f01fe2e2f9edb9e19fd8ae0b93363f0dbadc858d8e0a93dea50e89b2d7674b7e0f813c38f70a87554f5d0b95b531ec006716207abc5c34bcf447f0e547516d2fa23e2871db3662c8fb30e93b939aaed219ca9ef4b30f79e3d27e1caece83168292a10c0abf24f5fe97ef6fd46045f6ee3fc33d995a79584426fdac0c663d4991364d450dd71cf86e7d298ec8500eae0fa9b26b9ba3", 0x3cd}], 0x1}}], 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4) sendto$inet(r0, &(0x7f0000000580), 0x0, 0x10008095, 0x0, 0x0) 8m25.083737759s ago: executing program 3 (id=2042): openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x202080, 0x0) openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r1, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r1, &(0x7f0000000040)={0x50, 0x0, r2, {0x7, 0x1f, 0x0, 0x490420}}, 0x50) syz_fuse_handle_req(r1, &(0x7f000000e3c0)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d838aae8c05dd22d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_fuse_handle_req(r1, 0x0, 0x0, &(0x7f0000000c80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x20c01, 0x0) syz_fuse_handle_req(r1, &(0x7f0000006340)="7c7a6a069306f2c5ddf91f36944f207a1bd11284b4445fa3507bbc5def2e6fec4bb7c6001eafe381e277221f30085acd5d0c251f7c60c23874c04db6aa516f773dd2e57e746d1a085193c8b7664fceb1fe764d87f4395c66e5d4eee443a555692ebe80f3a11b8be74963f1a18c1d0cd71dec65e609e065e14615d2e8b283e55b4aa8b485f81ce52443d61fac9f08cf34f2997c05a63f98f988cfcea9a5650b37dff5817e5033b3912c226bd9bf68b528dec710584242fbdcf7dd0d55e394d3742039e6960bb589fb9ba18ac8e9e82cdbd08e9b584d0a8224cae3e9dd91e25699549007dc0d99165a73cda1c99fc48f6bfdb900c60e4481222505c58cc1108fbaf317d361d1f2d78f6db6e14b283ca9f1927f4f8a0f6f52818be03c7b257aec57f06a0a4279131a2bb0a13b23ab188ea50a686abb2f7e4d0f7a166f358e4cb886b7fbdf51cd9a153410dcc4cc5db7e8e94cc9ba2371a328480ad20f51d7fa012f367a0a8f9c882c47b5f714f0e1b35f72b2261989513c1428d648aa8ab8c12c87dfea38d5be0d49097fce804c9cd2ac8f61b68579853129351e3bcdbdae3371d2b12a150d94b3097161c226c50a1d2c1f8b4c10a986e21dbbb854ad1d26d0ce5d950835d14664ee8f58c537f5256b761b4707fe8d46cc1658798d285310a1cff127b1280cab3f1f633569391d5a7cc08aa1d108b93c38df397d90bbb81753930934df7dcaf8f960dff660fe239aa15cf48872668cacf4d664dc0809fe9d780ab202c3a968abb56655267c907eb3343809b2407105a5c14d53a3b17a9a1552314d27e13daf48a2bb7b2c9fc15aba9ae1d6325c11fbe8432c067efa72878ca56c6463b6cf4d29646905422908a4a1f7741d0049febed4fc2b7cc27154031e50a0ab297826383935bef6a0f968db92128e8a940509b5368146bdcacc852b9d0b4ae9624635f9e69f3a7bc8e6f3340c7de46f49feb20a46f11aef464fa6696a60865bdd0c40b1c411c9661fa9f6393a33a7eb4afaef3eb1ab4634a42baeea780ac6c0c4fc8cf7a92cf0592f993ac85bdfd6c18ba4b7cf4c4438a8330413de8365b4a080234f59edefca0c5ce9697b20cc7b71d04438c00cf3d557bd03b5e1b86e167d2d6e09714135ef720667d0f2e7ca54da419d1bf6722eda31381059216009cd8c99ba1d7f9ebc1bc021457a195fa5be2f0727a84cf4cac5e080f22c836a4955d5ed06bee2eec0d39abc5f459ac43596fee3b341dfbd7ce6f4e57ea42e1e8d4f65880b8b77d2ee27dc1efe95ff1bacf5aa14933456b68645380d0f2ef6284b9946857456d64f4cb656998e99e3e286f596b31c69a69d0ee8444ed838ca2f0ead1be9538e4e927239d0e65a3f871dcad33881f69592eed93a9fafc934aefa67bb87d582d0ae4cfbb5c50325774bbc259a277749751228d3610f95fd56e9fbccb288eca1b14c8255b6996a59c91efbb08440ed91cdd53b0aab82600906904cee2a117a06157e24fa822e1cf4f9db4c2e8a5e842cfc503e578e69002fbae194b6bc7c8b69aac7359292109b712eb49d21946f5ea2745ab77ef59950dcfd926df2aef20e85f2a14554aabb417f15c725c73edd4853926ad6c525afa2c65de213cee799c18d1ced9424d10d7076fc5862579702a5f91031381f41cb8d9899ab514cfa1c8c51437df9710271d8cf69e8900921cba296703f1a7b5234500c1625884fea594d836a930b06142a6e577cd9c2a32cae65e712624abeeffc423a5d5ed7bd75fcb1a82ecec8acd0da9918a5c7c189f14f8cdf37062f93b87f9188501556060ffc6eac435cb1624f2af688316366e03cfb869eacf83d9d45fce910c3347f810b614c2e4291e70471ca2b574241c3f3d9740c6a45c7296a2f275acbde72e513ef4e5a1123a57c2eb1bd023af716c16a7747204338f60b6e3ac514af50b21952c21592aefb6149828a5183ba581d5ee8647f374645ff941bab67bef760ce353b456c4b51c5d3a0c5372b1773b944ad67a92937dd838e1b6f550a1dca975d6230e430bcc278afed54e0621008b2f850107b0244359e3747be5282630452d432e5df0fd160795effed150f9396a7da5a1e4dce0c8f62280ff2fbfaa813859a671208b4b9f05fe450729b0efad83a790acd688a90e5fee5550de4ddeac70ecd125ad076c4e2b68652e6ea520e2b6b339b4b9dc219d853e06b9aa79d022e53607213fc254e15ec3e6b776d2b562997e0fe52b98c58e1c0316b22a4219460053da87e7baff7dc1892c2de2f324dd1169b977f3a6698d0234c78de3e46ba5824f3e373f264e8d28fbb4cc108a41fdecd4b629d92b0a65f84366bf504eb5a894ba40c89f9df854dc469fa174ac85cb8d2adfdc099ca9848a1032b2e2f375bd1544dfb69e33492e1a4b921ad7ff17c4c7e357ff69f42d2301c302ee2ed313f0e9a20ebfe028a8737d6e38bf179940179cb779b70c2276264cb4f23249db7d5f179baa842b70f5b287cf74ce1ff6b70a56be8f2fe15aeadca229804923d28a793838bc605eaf5dcd362f757577ebdac54b09fd73326720d3522d002a41a3b5f2450f48286a5ea45836b5ee77fc415f47e0716049ec2610d607737fd5a73b066b4876f9d744f6b3486b088dd3bfc3d393a27c6c799ce078e2ee348257b5ec1ba9de76da2a67ca912dc2dd5afc70834ceecbb8bd41f6e790294cacd5891bef1b4e2124dcd6dffdedee8f16b3bddc030429dcb0f98e6fe0649cb14eed3293fa4933b2ab8c0ec0ff4dbbced1e32dceb317252e715b872b00478cbd7b0275b7394a0ccfe9887410b32f1ce9266b3b83470ec982cf908507d3ad0cc366bff3759388b624701b3e0dc0e7928386b155b50b42a8e352622516beeeddfb79866a2eb1d360802cd19d62fd171267a0fece5f54e315a8cd49c41072f2a7a0baab5aadae2c1ff28e285b642f8d3869321bd18b4aed107feaa12d055b179a8ab7b50e2796d287a196e280d527b526c45c8aa98696d88a02d923d06fedf51336c0695c218e70448073921971093ea44b5352e10ce6cec26d082b93f69958165bd986f56650a62224c2d9fd044bd8fefd33544c6bd141b4cc211a087fa57c09e195c8edffe559048db738d1395f5e2625dd7cd035b8c76aad6c238fb52a7c5ff0965fc7122a5899746ca88abd699d6078623722fff92726e18613519f2b1927504fd5cb7a38ffa373c3883022f0387953530834affb5f05e0f44c24caa75561b2b63994493ab857fdc30900586fed09298d846e5936869b43d81c4b91902028e57a8f2da16355ccb7a77d29ecc8e66015e979b2f3edc5b8d77c45348dea55c9ed6b7465acf899f4bc1a7edcae0b0daf69ff85c504eea1294620b6d3dbb004575044a5ae7c110010c2cf39827fbdab3b42ac35d147fc53bb5e7de6c47091dc80c14b8da494b2e913d1a52085e29af19edc4a417346c5a896a3851cb6132511e0627d190b77623c8a3bb6085eff22ede7127f7988a1d388fb70ea20d5c1b2424c5aa83532bc5162a5d177968b4a46583f2d4b92d04a5f19145221aeaf724d92ea1d4dfb53021b47585bbe5ce35f8d09a83e13fdb1de8e52dc646d41e810879ce9c830959c3ee93f11a16d030d141863244395e3f847505fe6d9594a34009fec9a743c033b9793335684cc5c3d0eb0ad094f40a60264b02cd88c583c850d99c5b9c6c5dcef467ca3ea38f2aa42f5657cd940aeb12960efa18d571e4f958b9cd90918e069a486d84f214617ce29c0f2c26bf84f12f5036f26a8de0c8359f572654bf5ee06d38f741c464976d95ae3fdda45c2ed2d08ef71d3590e82d235e0fa357c568158791a195d4a2d9615e1edc85be64cfd169f925ffc4f636f86783cf43624a77bdb9b172228097f02f391df00668dafbd9932298b23cfadfd1b8d14a25cb408a440f930f0813de73c1eb2eb4b3c802d718a672453d0038965c6dc98db96fb4e06f1fda72782d0839d4e8b477ebdb2c73510db44f643ec7dc4fcb837806853caa35cf622aff9d44381d3f7adae00650cbb6f0334ceca14ec982dfb5817d7fd49251c203b6463a09c14885f754603291ccf0a7ceaa57284ee751774fa5ad72f9f7a32fa542947af40601e98057895f2869d4ec2db0d73930962535fc9e12ba7e6777cb458592bee505b367012ebd27b256fa0fac1452cf3b28eab573549b7c7a13752ca0189768f738d5f8030fe999f7bdc466d67bb32937ae469f1a1e21fac2ae2ab92a0a260bf0e9ce20625e82f88d0ed4d13876aed768765d77433bb9137d92d622df502aef574de82fe28063128fe5a1787ced99734c2f3f221e80d3baefd367d01d950ee1bc981b4b5ff86b2a96ab78fa3c1201303cab473103d89bb185afc77dd2cb7ac1564045036fe9fcf85af5d73a7553bc45bf5e221564540982db2f81e612e7c1715d3498b8d7851c0160146d6eaae9e30c81dedfca8e7122fcb69b26b396629b723f1e1822b8d5d8f2ac583728a5ab40010f88aa42f37f2031a3e99d8d6661e63f86f65af521066ea6af89c89e1748521b8368cd03409e895a941025ee777653f55e66cd1a0cca21308666260c3b9a306ddadb322eb1d09f7b27fd570cd35b6ec88bb391e3ae4745e17fb4dd7aef1d75b4ebb91e6e7789b241566d7c0cc97a3a126ed50b0cb621e015414f62641afd85bad78470463f86d8287aa56d331911c23c4cae8e5dfea33f3789c064296c5f9399216ce565210a4075ac5e43e916850774a127f9174d95b43d839e056b4a7d679bb8804951ca171c0b59f4d6f32c4fe8f908b9a1614591f5d1e1cf3348e02317ec4655c693417a4c4e7007a8db02faa1634f8eea9c9bbe5b149ce2279953a54884392dc7251dd38670fd59d9d1da5203340909d50f779e864339014bcb545d825cdcccedc558a1d01a2784b8f499ce9fa2ddb0dd1dc0b93d1b282a96cb4ecf152474dbc4b2853b30c8e5fcea85bdab949f5eb1e98d81c102c349f680230082db5aba9e20209c35b16598507d28211b49763b598a7e60519d5b28b67c027cb2657cf2ac7c7455291fcfe63f0b43afcd3afaea934da97c209d02e5b47a686c1c284aeee5d662fd9d9be7c576259d9f1a36fc0f7fe329a1da1dbe078381233940745fc28a56db98b1a8442325168158e3f0b3cbf8a368d19dd20cdfc1c4f3893a30a49223050159b0bb8b7c59ca705ae25453988d87ca6cdd2bd2fe37847ba67cbcf7a494925a8598b7b50a741c9ced10ea08e35c422b79265561a07f40ebb89bc46069a1c1ad95949fe757a76ff6b5386a043abc967c367a9d86b54d374e573540dfc1f6d396f398abe9735f523b778fd124ac1e1eb832a66dd4b1838a50e6a4eb1b95b8a60a94f067b24d1194976c539d5ec287a261bf25904575be3ff49e7411a8dc09739649828124c14fc2b89dad1f3f5725db2e45f5a447cd3e4bdf9e1e95c5ad7c76fcf0c1021cb6c32e6985e1d113030d534eecb0dff2554183ee18da2da5d21a8b994a81f05e0e6ae89b20bffb4be333d1956270da23e9905830921b1f3d615a56a20b11d45ccd1d22b910e33f475a92c31fa5b4675ddee18336d0ee7b75c07df2a9d4ad53d83142219a00aef15e1e9dace0f039d63a530fdf671a54aba3882dad0d439632af5576726c3aa095cc1a0a03063e8a6581b78bef501acc24b05a0150d8f683c90e8e5e283a49f898906dab926e544ead48cb9bf9a6e1bf140b5273443b8cb8166b2d8a5464a3e9d9f4246ac81ea91b33a0b399dde9f5efaf792bb04cfa028f40b7c92db2d9c33e16ef58b9263350879ea94e581a1187b2d1931b1cd7606a76bd8943b7c3098a33bdf476960af7bdf2854b1336e72feb603b8bb2242df0839d157843d369a50a615068ff5d99ecebe8dc19158a6c654e853cedf860a727bf8140c062f5d307fdcd150ad0af03d2c3a913b91047858ed6382d2d2d30f5c0bd419c2cd4047f225107ea8bf4a3a69384f16b5b5bb2655bdb750db4e975794592987df95f6a90374b0a08769b2c957faa16a21270196afba76b4527f01f0c5db7fa16e2da81fc49336e20bc3ee1ccbcb62255c84513d9ceb706f03c25000517070c03b7bce838e6b6cbc7f767959fbd62e11ab7ea6d760cff674a4296e6185eb348028b472290922160f3ea36c22c8375a016f505017c0a0e041dd8e52b4f19ccfc701109a19391a059d77db239d40a06d84a6f0ccd08aaad764e53ad1da19ee825a4d25ca7cd538289bffe135486ec1614e28b3682c7081a1b0a2c7272f4e36f6d0d9e68d84209126dc59312d48eed1c63c90efeadd472259392c28746abf394c5c6c97d3fb00b70a74c313a817ee1719c33f16d58f297fc7eacbca5803df115745079c5434e851ad6c1f0e8ba0bdbb66cbb6789b89a23526b476ad0f2cea0907e72702f93d37bdfe7b39fb9b33fb1111e58f5c45db8cc38afe4e03a318aa0690afb870a67aeda7da9640fdad1e1f551dd4757c69b4f523b616e502514a2e35495916f2e5ddab1ad9534644d99ec56e818caba173773aa5e45104deb869b23063eaea5542d3bc503a6948b83779aa46879443cad02477451b46429f1f67560c31d4377f96031ab94866a73be753c4ab91cc6576c3991c3423103ebae604e887c56cbacb9e95b8b46300b62e698a6456a0d175cf682eacabbe301e0b0ea34f963daed0dc6c1b75fa5e3870959913e69e61911d9ff646e9c6bab33fe566871027e861577c4d7fdfdf94ce7ac1a3f6d29daf28d660431a89c0b56c4b95090e2ca5df62c1e5c5dbf98f067751819d4c5914aa33883b7b521aab30d14e1cfae74fcf3ad4b2cf9448009d3223ad984e0c50f92d465573a6fc2894f8a5d4e855316738ecfd6a6c157d39b5c44d80a7cba944cf9f7a701899859821cf2bc248459f7a350fefba53c1481a7197f024f2eb74251455c06f4b82dfcf3ccf3e3b98b898fa1b16c310125e5e9fd4019acccbe91b4d842ddd52ee56f6d3112dec80159d6d3ef93bca70e7afcccb223361c39addbe3c429934cd0ae35f36a8f6309f08e36b27341db1f21fd8a148b239361b31a85f53bd1ad49fadace6c64d5f4363427fb2f268e8aec6d81cdb7f1252baa4652dc55881661114bf98cdf17190379591f2e22dc97e790f53f463bbb0ad0ead78ddf7dfe2e26052acc31cfe52b822afd5ec5c75957106cb5c368c09252ff3e4f624d90e599279fb985ecdb7d8880dfe05ac2d2da83e34e2b9b88f5dd60107a4509902fcddf4a36605e5c7a2606a4aea9fd4b5b24ca6b67d6945d133869cf9276d8c30b08c2a9f4bf03f4e0b956fd5f3c80b958ac5c41e4115b6708799c3102bd8b6c7fe17ff8c3f89c7437255faf69d1e16074086dd44d038bc0211ac74743169b462dbc085d77bf45eea72bf8348308bf48feea02d739a0fee9fbf71023ef8c6828da1aec8618cc2345ff663f88bc52a990e6b9591425435b0c7900ea4068f5aa6345e94254e259a71290fa23281658a6a165d1dee10dcb355518264824665ff2c5538de9ae4487782911f79e0bb09bc2c2d8e0d91b33cbec839075c9b38c848e9d2fad7368e96c1932042c3e85fd95b7d4500e6cae9e649082e9d5ca6f2cf91fc7ecaccc1049525d4325003424cacbd6eb5b8cc30b6893bd1ef46a8e7cbcc87dc2dda5c802ef1f8bb607c7457eb161254dc0feb60ed5ed0383fdb4db91d7e41d45c8eb80c1981e801ef05703f97f8710a2e00eb0559f854f700f946937b9e68c75ad6d0015d5d79be5423d0d846bc76f92ea7ebb0302b3d3c695c0aafa83b2bf029a444709cbf2cefbdcc7eaf3dd7a16f8ca8c861e883db10d433f7fec547be45e6829962e430bb3c93e8cdfb342c1cb7e53d8a6ea625d5574c4b4303f61c4338a658e652ab2bc0029c0a78a5114f495a439956909cf42128cb4348affbecb20b7fea98e22160e9a58e7666a00e7b37fbec4bd3860d66a39d1232a57e8cc50710c5c666f7efa98f16f9a02d843c94b0842a383945d06899998ff2fd01ffb58ab53ea89b2c93634c48d0420edb9791b8e451b35b534b8b2874c4859c684cd14afb5335a2555c75ad9df018635bb7131a7ef204ccecfed33a675fc51687e3f8818406fbf58e7b5fde1ca96153817e1b632e89a78d967eb6a34af1dac0d9ffa448b7b9bac27afc305a7b47febbe0a37036c18aef6852b1b2759d67479f9edb169e796d949844a1624b1e832a2eee9be36dc5866d6fde431cfcbd4e305d322c9dd07f83b5b361daaa74bfc9fbce8b447210c327468659ecbb0a5fc20d0cb79de7d1d70bf251c81d5f38711f3f4bd4752685b077058beb465711b1359d2a7d2f59216c5a807121bb97e7ccacc46526e4072f1d6de3b487d492fed0995e2273fa3bb115bd08d32d8e57eb2aa8f9d3b81babd1b8334c3a5e69422b75502ced3793d07b9bdf38e9d9fa1d2e48c7886dfc41985e8ffc49f09c4ba58ddc3b4cbf562b591f8939ced5d18214a77cc753075334a157373cc33cbc07a731cd6342492f5e05f78108e627bc88777203c76632bbe0120924c7a51bbfc9dc789a5695b7c95ef544935032fb81d499c454a2d78727875c20bc8a48a9f23cf6595c17c9cdaa8d04bab8ac567ebd3bbcdb40e11f1893fea3970f176f75f38d17d6ee1bd4ab76c660723a776bc72319199ab82c40ac4a9f4f475e8fd4643a4be8601cb5172e112c236c7c430078601bf183a59a03885e994c1116a9d4ef275790ff2417ffd85b43274fc57654466fa394958aeb11f343c3439604af13997011af70b67df1a9dfa4cdb751a2dc3e5bbf42f7b9ebc6dcebb2dbdc57d7a2cef7409dba307b7cf6eab148a924566341d035cabc877c68d0fbfaebdd39c16304b63a1bae376fb4650708bf5695dfd7ffc01f43f0021f622de0b116ea494454497337a0ec469963de7f9d2b1d6c5a7a0a7835777a78a2b9e16eec696446981d2fea550f011419b96f7b2018d027b87fc715521b0302bd7b5b3bc5f033346029eced73df07dd1bb1f91848376b40b9e9da7233e7832edcc7b54ef6fd320d19efce78d58ea7020fbbdf77612dc8a4f3281915ac9706f346e405b9f489f8f2e9a2decb8d18bec1e5f735a4ec69bba4dc5d36c9c1cc50b92fe67b2cdd53fa671c0cbe331abdf46787e7c9912b951aa20700dba6cf5a209fe5c9c61ef62a8e2e572ec774b2d0f42d570633fc44d44826e848d47a8f386a5704e0a3eaf1d06617181aeb166334ab55d5aedccb27abf19a42a480930e25465721336c70a2ea7799d21a3659124ac9503efc99c1b13ca2b9723e3e338055f9b3cef7502017ebbb09a64b06462db353a5c562101cb7fbf29e056deeb1ff0c7bc877210c941c87401ceae52bcecc83e87655069ab931bd813c1a87d67554f5d2cf435e6dd92a515c22f5d5a9a44ebc81e9c4849104343b80824005619312a9e349d996e366d381da42edad1a560bf5e31ecd049e92ceaf42954958600a3868599fe10e9b34587368d3044250c3d1a8ba6c8dcb6d318d4f9e71c2d33fc74cb57620a8343258d072f3aa767b4b178f3f66d5a713dae2426296c12edf9ee37636869e30df64cd3855fae20bc7602c1b7e6c8246ed4be71231a5ec7b5e7a9ebb08bf8667d8f2900ecdb0a0addc14a2328eebc448db13013e6a3c1a661065e5ac0a04b5171bd84c9d9d947a6c31257ed13a966530c5e20168c100117cf82b4c00ea3ad00ea65e1af89535b3f11a1418ddad33db8cec281543732d2ff4eab54b12cc95f7d872e75bc01bf6c580540b0e26413c6c2321ddfb0447bdb6acf05ddf2bb92534a3a5f37d6da882289f6fefc6a213cdfcf34902137fa3b982b2b4c27c611f08909a18405482f1e3a2bf3635d3e970457541da16e37bb3c422cceeb484bb64c78724431a543ecf4ca851914c1555e3b785ec87bba3769927f6c29f80e7ae8632bdb9acdddf7c3b5580740d9b2bfc25086c9566844136f3fac74f429121f86c378c68c20a194b0c98b1e92991954cbf60477e217a2e25297fc7b18972e40c531ec19e1eea193bbc8893392d8528c6a0375bcb4b082d20d5c47cb330bbb4b74b91ab55d4a0d3e1dee8182c581e8e70ac30108eeb7185c6ea3f786881ad124e1404651ee95cdb0fbb0d0f4a2b43c795ec1cd4e46234a88862d57903ce878b641004fb637341e5d6bf5163f1a3467b828f6eea96c3c2bb79503687867e11eec32dec452e0fdd2eaacfc0a477ee839ef049855da734d18212142dfe2a95ab9ad9bc4f98c3bfa34134c7e6c9f8669303314d4e8c1bc5475e8fcf418cbdb3246ebf393d911cdfee8f2550dc1593ece59ced81a4ffb2484f9c8ebed0aed8d418138445c4e96b209adcc4afd70f09901662daa2c8c557d6039768d97e6b9518f0de4ac2e0187ba08a4a9128d3e632fca102137338b5e568f12c7bd28db772c800fb5f4d4e683b201840731bb7c034235cd73313cde88891bbb31597bb537696e6c987302297f9717b8053779aed447d33ef9129e84d3031fa9b453bd5731fb010ffd19a9133e0ccbec2461cdd31ba294d68c60a8535b15584bab6e6d0ce6c1cef4755bd5f7d90f4debb40af1437a19a96ef9c0709692156152091c7efb58f2d39a65b96416dc09e8091ae08d9be5235a3c1ec062862baa1aab788f28e83ba4635cecc6671f2320f42b4f711e7d0fcad89d6727d3630da1ef35e32dee39eda665946abe6224f17f2acc29e62518fd51eb7f193d9bb16c38204069098c293fdce24c1c79229fd08622a4256b581cffce12e46c20248dc902753f0e3c91f9685b3d45f984620e262b3487d67d152f1c50de3fd2067a9d3debf715f346dd2f712c55545336a9036ba82bb06cfae59a48d083c3388f77790c9639fa0a9c33f4c66c7513042bffb765c2a4b3657dddf0ea094d8d79018f66c8ef8e9df980a89906275edf4a467a5db0a623976899f0efd1a81bb6ff385cdde59027a95a570277cb94ebce503906c28527e3114eb9ed739d0c2f4cf82786b35c0054718f47381ed8ce9b107e1f1019be5fc877166da667036f0c1b84e2b5118b5f4babc052d997e5f1e8c4cf45eb26430b74d9e1df3735b8d5df559903143d983e974bed6cc608c2580a991bdd3628ec676d348de8752cafa80c1661f162e35c25fc0ba0198423f83214fed800f9355ac8ea67951cfeeb3736b50c1e14d45d33aa25fc72c38702bd5dd217842e54114f4799c45ff1b7cec9729382ff7fc3ff80cbe1a13d03e19eecd7de676f6791fe34143ae30c97da9623907d974a37b65d0ef5d46b718d58541c6b1902814de71218ca7396ceb5fdacdc3cf4d110862402e7cc6254f1e44e28593fd443290262db75fd482ce1d305d6bf9fd3e5e0efbedac5a4d097650b111e6e9e1b2c66a23ac5bf27ed78d25d1a54c16ca4287126736c2f17ab73e683798c29d16481775ada8e20d94b00b6b29654b18f60e2853fdc7d3ba55d7df660db90288b6f440efd19f0478047b12c7b07ab2b1c9529597e6462d20612e6c3b6d1b1d11305f8ddc811860450504b7cbf9794edd0d07c25ab6307d74afdce958355eb919dcb1fcb8038c6dd5e774ee398dc8553a9ddeb551f00", 0x2000, &(0x7f0000000b00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r3 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 8m24.452869375s ago: executing program 3 (id=2044): syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x22400) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() sched_setaffinity(0x0, 0xffffffffffffffe0, &(0x7f0000000180)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f00000002c0)=@framed, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10) socket$nl_route(0x10, 0x3, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0) syz_usb_disconnect(r3) syz_usb_connect(0x4, 0x65, &(0x7f0000000500)=ANY=[], 0x0) 8m8.84826786s ago: executing program 34 (id=2044): syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x22400) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() sched_setaffinity(0x0, 0xffffffffffffffe0, &(0x7f0000000180)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f00000002c0)=@framed, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10) socket$nl_route(0x10, 0x3, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0) syz_usb_disconnect(r3) syz_usb_connect(0x4, 0x65, &(0x7f0000000500)=ANY=[], 0x0) 1m16.134365505s ago: executing program 0 (id=2937): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=@updpolicy={0xfc, 0x19, 0x1, 0x70bd28, 0x0, {{@in, @in6=@remote, 0x0, 0xfffd, 0x0, 0x0, 0x2, 0x20}, {0x0, 0x7, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x200000000000, 0x9}, 0x0, 0x0, 0x1}, [@tmpl={0xfffffffffffffed9}]}, 0xfc}, 0x1, 0x0, 0x0, 0x20008000}, 0x880) 1m15.423856828s ago: executing program 0 (id=2939): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000b00)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) setgroups(0x0, 0x0) 1m15.25815203s ago: executing program 0 (id=2940): prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000d80)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000007000000095"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x4c, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000840)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x4004040) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, 0xffffffffffffffff, 0x0) r4 = socket$inet(0x2, 0xa, 0x47737) ioctl$sock_inet_SIOCSIFADDR(r4, 0x8916, &(0x7f0000000000)={'sit0\x00', {0x2, 0x4e26, @rand_addr=0xdffffc13}}) 1m11.536343901s ago: executing program 0 (id=2946): r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @thr={0x0, &(0x7f00000003c0)="f5fba7a3e518c721cbc6170ff8f738ef1390c108aee2b67e7b2de3152ff752de0b3fd1a5449c464feb730aade3173b390763ba80544c99b2dfa8319fcbbdeb2aff73262265fb2e2c10d22ea74d7e80d7c289db7fc62f365efcf727495f5c71fc1997ba058cffb50f0844d88aeefc7c34a4e51fa7aa1776a7678911bd5941556c954e93c95138ae67e5b18f312c6844d44be20fc65d9b07808ee14dc338c2d31df72e9427e194cc1f55b6a4c644e63b91b5175f3c3567407cd140a4b736cacda475851ce06a275a1c0816c01a3879ebda54b2d47b4f3af58cfeaa4109794946ff9a"}}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r1 = userfaultfd(0x801) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000001c0)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) ioctl$UFFDIO_COPY(r1, 0xc028aa03, &(0x7f0000000000)={&(0x7f00002b9000/0x400000)=nil, &(0x7f0000779000/0x1000)=nil, 0x400000, 0x3, 0x2}) unlinkat(r0, 0x0, 0x200) r2 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(r3, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0xfff0) setresuid(0x0, 0xee00, 0x0) sendto$inet(r3, &(0x7f0000000580)="5ca7bb8fde0ce88fa02d07eec0fa3052b3b19477a8440b3167a4cd48bed723681afe25e1ee1d5875477d31cc830ebc626b5f3b365ce4bbef89520e9868956159a16ec3360589", 0x3d5bb649f2c3467, 0x40000d5, 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) 1m10.540585882s ago: executing program 0 (id=2948): r0 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f00000004c0)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x6}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xe}}]}, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) readlinkat(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB], 0x48) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) creat(&(0x7f0000000200)='./file0\x00', 0x90) 1m9.071427644s ago: executing program 0 (id=2952): openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) fsetxattr(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) getresuid(&(0x7f00000002c0), &(0x7f00000003c0), 0x0) close(0xffffffffffffffff) bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) r0 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf910000"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/27], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, 0x0, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f00000005c0), 0x1, 0x578, &(0x7f0000000fc0)="$eJzs3d9rW1UcAPDvTZv91nUwhvoghT04mUvX1h8ThM1H0eFA32do78pouowmHWsdbHtwL77IEEQcqH+A7z4O/wH/ioEOhoyiD75UbnqzZm3Tpm22Zubzgbudc+9Nzzk595x874+QAPrWcPZPIeLViPgmiTjcsm0w8o3Dy/stPr4xkS1JLC199lcSSb6uuX+S/38wz7wSEb99FXGysLbc2vzCdLlSSWfz/Eh95upIbX7h1OWZ8lQ6lV4ZGx8/88742Pvvvdu1tr554Z/vP73/0Zmvjy9+98vDI3eTOBeH8m2t7diBW62Z4RjO35NinFu142gXCuslyW5XgG0ZyMd5MbI54HAM5KMe+P+7GRFLQJ9KjH/oU804oHlu36Xz4BfGow+XT4DWtn9w+dpI7GucGx1YTJ46M8rOd4e6UH5Wxq9/3rubLbHJdYibXSgPoOnW7Yg4PTi4dv5L8vlv+043Lh5vbHUZnX/+JC5UwQ7dz+Kft9aLfwpP4p9YJ/45uM7Y3Y7Nx3/hYReKaSuL/z5YN/59MnUNDeS5lxoxXzG5dLmSno6IlyPiRBT3ZvmN7uecWXyw1G5ba/yXLVn5zVgwr8fDwb1Pv2ayXC/vpM2tHt2OeG0l/k1izfy/rxHrru7/7P240GEZx9J7r7fbtnn7W3U/Al76OeKNdft/5Y5WsvH9yZHG8TDSPCrW+vvOsd/blb+19ndf1v8HNm7/UNJ6v7a29TJ+3Pdv2m7bdo//PcnnjfSefN31cr0+OxqxJ/lk7fqxldc28839s/afOL7x/Lfe8b8/Ir7osP13jt5pu2sv9P/klvp/64kHH3/5Q7vyO+v/txupE/maTua/Tiu4k/cOAAAAAAAAek0hIg5FUig9SRcKpdLy8x1H40ChUq3VT16qzl2ZjMZ3ZYeiWGje6T7c8jzEaP48bDM/tio/HhFHIuLbgf2NfGmiWpnc7cYDAAAAAAAAAAAAAAAAAABAjzjY5vv/mT8Gdrt2wDPnl5Sgf206/rvxS09AT/L5D/3L+If+ZfxD/zL+oX8Z/9C/Ohr/Uz89+4oAz53Pf+hfxj8AAAAAAAAAAAAAAAAAAAAAAAAAAAB01YXz57NlafHxjYksP3ltfm66eu3UZFqbLs3MTZQmqrNXS1PV6lQlLU1UZzb7e5Vq9eroWMxdH6mntfpIbX7h4kx17kr94uWZ8lR6MS0+l1YBAAAAAAAAAAAAAAAAAADAi6U2vzBdrlTSWYm2ibPRA9VIYtsvTzbr5bONQ6EY26rYYK90k0RXE7s9MwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAiv8CAAD//xpZM/Q=") syz_mount_image$fuse(0x0, &(0x7f0000000400)='./file4\x00', 0x1018000, 0x0, 0x1, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x10000, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file4'}}], [], 0x2c}) openat(0xffffffffffffff9c, 0x0, 0x20202, 0x80) syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0xa401) 54.007122867s ago: executing program 35 (id=2952): openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) fsetxattr(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) getresuid(&(0x7f00000002c0), &(0x7f00000003c0), 0x0) close(0xffffffffffffffff) bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) r0 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf910000"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/27], 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, 0x0, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f00000005c0), 0x1, 0x578, &(0x7f0000000fc0)="$eJzs3d9rW1UcAPDvTZv91nUwhvoghT04mUvX1h8ThM1H0eFA32do78pouowmHWsdbHtwL77IEEQcqH+A7z4O/wH/ioEOhoyiD75UbnqzZm3Tpm22Zubzgbudc+9Nzzk595x874+QAPrWcPZPIeLViPgmiTjcsm0w8o3Dy/stPr4xkS1JLC199lcSSb6uuX+S/38wz7wSEb99FXGysLbc2vzCdLlSSWfz/Eh95upIbX7h1OWZ8lQ6lV4ZGx8/88742Pvvvdu1tr554Z/vP73/0Zmvjy9+98vDI3eTOBeH8m2t7diBW62Z4RjO35NinFu142gXCuslyW5XgG0ZyMd5MbI54HAM5KMe+P+7GRFLQJ9KjH/oU804oHlu36Xz4BfGow+XT4DWtn9w+dpI7GucGx1YTJ46M8rOd4e6UH5Wxq9/3rubLbHJdYibXSgPoOnW7Yg4PTi4dv5L8vlv+043Lh5vbHUZnX/+JC5UwQ7dz+Kft9aLfwpP4p9YJ/45uM7Y3Y7Nx3/hYReKaSuL/z5YN/59MnUNDeS5lxoxXzG5dLmSno6IlyPiRBT3ZvmN7uecWXyw1G5ba/yXLVn5zVgwr8fDwb1Pv2ayXC/vpM2tHt2OeG0l/k1izfy/rxHrru7/7P240GEZx9J7r7fbtnn7W3U/Al76OeKNdft/5Y5WsvH9yZHG8TDSPCrW+vvOsd/blb+19ndf1v8HNm7/UNJ6v7a29TJ+3Pdv2m7bdo//PcnnjfSefN31cr0+OxqxJ/lk7fqxldc28839s/afOL7x/Lfe8b8/Ir7osP13jt5pu2sv9P/klvp/64kHH3/5Q7vyO+v/txupE/maTua/Tiu4k/cOAAAAAAAAek0hIg5FUig9SRcKpdLy8x1H40ChUq3VT16qzl2ZjMZ3ZYeiWGje6T7c8jzEaP48bDM/tio/HhFHIuLbgf2NfGmiWpnc7cYDAAAAAAAAAAAAAAAAAABAjzjY5vv/mT8Gdrt2wDPnl5Sgf206/rvxS09AT/L5D/3L+If+ZfxD/zL+oX8Z/9C/Ohr/Uz89+4oAz53Pf+hfxj8AAAAAAAAAAAAAAAAAAAAAAAAAAAB01YXz57NlafHxjYksP3ltfm66eu3UZFqbLs3MTZQmqrNXS1PV6lQlLU1UZzb7e5Vq9eroWMxdH6mntfpIbX7h4kx17kr94uWZ8lR6MS0+l1YBAAAAAAAAAAAAAAAAAADAi6U2vzBdrlTSWYm2ibPRA9VIYtsvTzbr5bONQ6EY26rYYK90k0RXE7s9MwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAiv8CAAD//xpZM/Q=") syz_mount_image$fuse(0x0, &(0x7f0000000400)='./file4\x00', 0x1018000, 0x0, 0x1, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x10000, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file4'}}], [], 0x2c}) openat(0xffffffffffffff9c, 0x0, 0x20202, 0x80) syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0xa401) 22.67568026s ago: executing program 6 (id=3069): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) syz_open_pts(r0, 0x4400) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r1, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000001680)) r2 = eventfd2(0x1, 0x1) add_key(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff) ioctl$VHOST_SET_VRING_ERR(r1, 0x4008af22, &(0x7f00000001c0)={0x0, r2}) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000240)={0x0, 0x0, 0x0, &(0x7f0000001d00)=""/176, 0x0, 0xffff1000}) ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, &(0x7f0000000000)={0x0, r2}) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000280)={'dummy0\x00', 0x84aebfbd6349b7f2}) mount$9p_fd(0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)) ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f00000000c0)=0x1) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000140)={@my=0x1}) socket$vsock_stream(0x28, 0x1, 0x0) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)=""/4096}) r3 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454da, &(0x7f0000000080)={'batadv0\x00'}) epoll_create1(0x80000) ioctl$TCXONC(0xffffffffffffffff, 0x540a, 0x3) ioctl$TUNSETIFF(r3, 0x400454ca, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x103442, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000100)={'pimreg0\x00', 0x1}) 22.178348148s ago: executing program 6 (id=3072): bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x12, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x40) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000025c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0xff7fffff) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0xfffffeac, &(0x7f00000001c0)=""/115}]}) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, &(0x7f00000001c0)=ANY=[@ANYBLOB="01000000000000000004"]) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x0, 0x39383ddd, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xe}, 0x94) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000001c0)=0xffffffffffffffff, 0x4) 21.903853184s ago: executing program 6 (id=3075): r0 = creat(&(0x7f0000000280)='./file0\x00', 0x5b3393367dc26357) close(r0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000001c0)={'veth1_to_hsr\x00', 0x0}) sendto$packet(r0, &(0x7f00000006c0)="3f031c000302140006001e0089e9", 0xe, 0x0, &(0x7f0000000540)={0xc9, 0x5, r2, 0x1, 0xfd}, 0x14) r3 = socket(0x18, 0x0, 0x2) mount$9p_fd(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300), 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r3]) 21.556665334s ago: executing program 6 (id=3077): r0 = socket(0x11, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'gre0\x00', 0x0}) bind$packet(r0, &(0x7f0000000180)={0x11, 0x0, r2}, 0x14) sendmsg$netlink(r0, &(0x7f0000002ac0)={0x0, 0x0, &(0x7f0000000540)=[{0x0, 0xdd12}], 0x1}, 0x0) 21.299347042s ago: executing program 6 (id=3079): ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'bridge_slave_0\x00'}) socket$nl_route(0x10, 0x3, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x200000000000008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000000)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, 0x0, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x18) add_key$keyring(&(0x7f00000000c0), &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000010001004900000001000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000000000000600000000ecff000000000000000000"], 0x48) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) r5 = socket$inet_udp(0x2, 0x2, 0x0) sendfile(r5, r4, 0x0, 0x20000023893) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r7 = socket(0x400000000010, 0x3, 0x0) r8 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r7, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r9, {0x0, 0x1}, {0xffff, 0xffff}, {0x0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r7, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000080)=@newtfilter={0x54, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r9, {0x0, 0xfff1}, {}, {0x7, 0x10}}, [@filter_kind_options=@f_flow={{0x9}, {0x24, 0x2, [@TCA_FLOW_MODE={0x8, 0x2, 0x1}, @TCA_FLOW_XOR={0x8, 0x7, 0x1ff}, @TCA_FLOW_KEYS={0x8, 0x1, 0x681e}, @TCA_FLOW_MASK={0x8, 0x6, 0x7}]}}]}, 0x54}, 0x1, 0x0, 0x0, 0x10}, 0x2008c014) syz_genetlink_get_family_id$netlbl_cipso(0x0, 0xffffffffffffffff) 19.701779146s ago: executing program 6 (id=3082): socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, 0x0, 0xc044) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000000)='sched_switch\x00', r5}, 0x10) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$IPSET_CMD_PROTOCOL(r6, &(0x7f0000000440)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000340)={&(0x7f00000003c0)={0x4c, 0x1, 0x6, 0x201, 0x0, 0x0, {0x7, 0x0, 0x3}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40004}, 0x20008000) r7 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r7, 0x6, 0x10000000013, &(0x7f0000000180)=0x1, 0x4) setsockopt$inet_tcp_int(r7, 0x6, 0x14, &(0x7f00000000c0)=0x100000001, 0x4) connect$inet(r7, &(0x7f0000000300)={0x2, 0x0, @remote}, 0x10) sendto$inet(r7, &(0x7f0000000200)="e1", 0xfea8, 0x0, 0x0, 0x0) splice(r7, 0x0, r6, 0x0, 0xfea8, 0xa) bind$netlink(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff) r8 = syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0xa401) ioctl$USBDEVFS_DISCONNECT_CLAIM(r8, 0x8108551b, &(0x7f0000000000)={0x0, 0x0, "ec9fe44d4dbe56a60274fcffffffffffffff14e315eeb406bfdd73835e57efa94b1a0275781c647aa7e3470c6028643b17832b10b386a6f73791011c26a9aa141f406e312295ee620a9a46577b9249b738fe7750bec83bf6ed5b67213fa7d6c0823fd154ed29ede1ff379742c3f0b46caa357d70ee438f901d7645c3f87e4b21482b76f2ad8eaac090272081f98fd2e3e5a63e008104df635e731a5bfcd942f4529517454618de595cd179445b4bdbf698b9986356f0ebf7d25a57774ef474f86a3ad24ae9f0bf94b99e6b87de5f79d383d05bb32701daed400785a49788f08caecc9e0c48a3740bbe6e1c1fd4f6cfdfe756bc00d08e36655c00"}) 11.476011915s ago: executing program 4 (id=3109): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r0}, 0x18) r1 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) pidfd_send_signal(r1, 0x0, 0x0, 0x0) 11.331830369s ago: executing program 4 (id=3112): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000d7c900000900000001"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0, 0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a40)={&(0x7f0000000980)='sys_enter\x00', r2}, 0x10) syz_clone3(&(0x7f0000000680)={0x40004000, 0x0, 0x0, 0x0, {0x21}, 0x0, 0x0, 0x0, 0x0}, 0x58) 11.254930294s ago: executing program 8 (id=3114): openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r0, 0x8983, &(0x7f0000000080)={0x0, 'vlan1\x00', {0x3}, 0x9}) connect$netlink(0xffffffffffffffff, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc) bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="1921000004000054d6b1ada7bbbec2390c3bb6f29f00000000fc90fac3ca835a6c0b90f8215a2dcfa4870a3d0b8df9a0894840c462585c97e6188496f108576399b35eee74"], 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xffffff57) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000040)='veth1_virt_wifi\x00', 0x10) r2 = dup(r1) sendmsg$inet(r2, &(0x7f0000000780)={&(0x7f0000000100)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f0000000000)="be39", 0xffeb}], 0x1, &(0x7f0000000c80)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @private}}}], 0xf}, 0x0) setsockopt$SO_TIMESTAMP(r2, 0x1, 0x23, &(0x7f00000008c0)=0x800001, 0x4) r3 = bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r3, 0x0, 0x0}, 0x20) bpf$PROG_LOAD(0x5, 0x0, 0x0) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) read$FUSE(r2, &(0x7f0000003680)={0x2020}, 0x2020) socket$nl_xfrm(0x10, 0x3, 0x6) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000280)={r4, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000140)=[0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000680), &(0x7f0000000180)=[0x0, 0x0, 0x0], 0x0, 0x8a, &(0x7f0000000200)=[{}, {}, {}, {}, {}, {}], 0x30, 0x10, &(0x7f0000000240), &(0x7f0000000500), 0x8, 0xad, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10) r5 = socket(0x1e, 0x1, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x50) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[], 0x48) r7 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000580)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x8}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r6}, 0x0, &(0x7f0000000300)=r7}, 0x20) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0xe, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000040)='kmem_cache_free\x00', r8}, 0x10) shutdown(r5, 0x2) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000100), &(0x7f0000000080)='./bus\x00', 0x3048011, &(0x7f00000005c0)=ANY=[], 0x9, 0x126f, &(0x7f00000056c0)="$eJzs3U1rY1UcB+B/2vQtY5uq4+gMiAfdKEKcduHKTZEZEAtKtQMqCHdsqqFpU5pQiIhTV64EP4aoS3eC+AW6ceNaEES6cTkL8UqbjDNp0o522lSG59ncwznnd8+5veXCDedw9175cn1ttVlZzVoxUihEcXMsirdTpBiJ0ejYiRdu/PzL02+98+7rC4uL15ZSur7w9tzLKaWZZ35475Nvn/2xdeHGdzPfT8Tu7Pt7f8z/untp9/LeX99ErZlqzbTRaKUs3Ww0WtnNejWt1JprlZTerFezZjVNdse4275ab2xutlO2sTJd2tyqNpsp22intWo7tQqptdVO2YdZbSNVKpU0XQoexPLXt/M8j8jzsRiPPM/zqSjFhXgkpmMmyjEbj8Zj8XhcjCfiUjwZT8Xlg17nPW8AAAAAAAAAAAAAAAAAAAB4uNxn/3+hf///xHlPGQAAAAAAAAAAAAAAAAAAAB46h/f/FyN8/x8AAAAAAAAAAAAAAAAAAACG7D7f/z+0//9F+/8BAAAAAAAAAAAAAAAAAADgLEx2DkspTUasf769vL3cOXbqF1ajFvWoxtUox59xsPu/o1O+/tritavpwGy8tH6rm7+1vTzam58bK8dsYWB+rpNPvfmJKN2bn49yXBw8/vzA/GQ8/9x+/rNOvhLl+OmDaEQ9ViIK3as/yH86l9KrbyxO9eav7Pc70ugZ3xYAAAA4TZX0j/73951up4Htnabu+3nq9iwc8/vAoffzYlwpntdVc0ez/fFaVq9Xt05YGD/6POO9NVPdniceqxARWU98pvTb0v4pTzr5UyuMDnXQseP7PMA9jeL/4I95CoXfv7qnZjKGO/pI9x89q+8/P/9dKnby/EwnNj6oaeK41NHPjMIZP5MYnrs3/bxnAgAAAAAAAAAAwH8xcPXfVET0rQf8qK/mzvLw3nj/mY8e/YshXCEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPA3O3AsAAAAACDM3zqNjg0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4KgAA//+E38bU") write$binfmt_script(r2, &(0x7f0000000680)={'#! ', '', [{0x20, '#! '}, {0x20, '+%'}, {0x20, '#! '}, {0x20, '-:('}, {0x20, '\'(\\'}, {0x20, 'GPL\x00'}, {}, {0x20, ':&&'}, {0x20, '^^'}, {0x20, 'vlan1\x00'}], 0xa, "b5ddfc093cc76dcdd0ea92d70771cb797e3dd5cc35048717fea8e5fafa78fd81340b4a55aca897e0e20e8aa976cf6f718eb3c5f5"}, 0x5f) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000140)=[{0x200000000006, 0x1, 0x0, 0x7ffc1ffb}]}) 10.287877734s ago: executing program 8 (id=3115): r0 = socket$inet6(0xa, 0x80002, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) bpf$PROG_BIND_MAP(0xa, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) close(0xffffffffffffffff) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f00000000c0)) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008d}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) fcntl$notify(0xffffffffffffffff, 0x402, 0x2) read$msr(r2, &(0x7f000001a900)=""/102392, 0x18ff8) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000240), 0x20240) openat(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/cgroup.procs\x00', 0xa000, 0x1da) unshare(0x2000400) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f00000000c0)={'batadv_slave_0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000b00)=@newlink={0x44, 0x10, 0x801, 0x1, 0x25dfdbfc, {0x0, 0x0, 0x0, r3, 0x0, 0x10290}, [@IFLA_AF_SPEC={0x24, 0x1a, 0x0, 0x1, [@AF_INET6={0x20, 0xa, 0x0, 0x1, [@IFLA_INET6_TOKEN={0x14, 0x7, @private1}, @IFLA_INET6_ADDR_GEN_MODE={0x5}]}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x20000080}, 0x0) 9.130002241s ago: executing program 7 (id=3119): mkdir(&(0x7f0000000000)='./file0\x00', 0x0) syz_mount_image$fuse(0x0, &(0x7f0000001040)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0) sendmsg$inet(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10) socket$igmp6(0xa, 0x3, 0x2) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000600)=ANY=[@ANYBLOB="9feb0100180000000000000040000000400000000200000000000000000000060400000000000000000000010500000008000000000000000000000300000000020000000200000004000000000000000000000b03"], 0x0, 0x5a}, 0x28) r5 = syz_open_dev$usbfs(&(0x7f0000000080), 0x70, 0x101301) ioctl$USBDEVFS_IOCTL(r5, 0xc0105512, &(0x7f0000000200)) ioctl$USBDEVFS_IOCTL(r5, 0xc0105512, &(0x7f0000000040)=@usbdevfs_connect) mount$overlay(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c}) lgetxattr(&(0x7f0000000080)='./file0\x00', &(0x7f0000000180)=@known='trusted.overlay.impure\x00', 0x0, 0x0) 9.097465469s ago: executing program 4 (id=3120): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, 0x0, &(0x7f0000000300)) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x759, &(0x7f0000001140)={[{@abort}, {@noblock_validity}, {@dioread_lock}, {@resuid}, {@jqfmt_vfsv0, 0x0}, {@noauto_da_alloc}, {@noload}, {@journal_dev={'journal_dev', 0x3d, 0xb62}}, {@mblk_io_submit}, {@noacl}, {}, {@grpjquota}, {@journal_dev={'journal_dev', 0x3d, 0x765}}, {@nobarrier}, {@nobarrier}, {@data_writeback}, {@usrquota}], [{@smackfsfloor={'smackfsfloor', 0x3d, 'journal_checksum'}}, {@flag='posixacl'}], 0x2c}, 0x3, 0x503, &(0x7f0000000c00)="$eJzs3M1vFOUfAPDvbFtKf9Bf++PnGy/KKhobjZSW14MHIJpwMTHRGDzWthCkgKE1AdJIMQYSDxr+Al9uJv4FnvRi1HjQeJV4NSbE9AJ4MGNmd7ZsO92+sUst/XySXZ6ZeWbn+c7Mwz4vnQ1g3Spnb0nE5oj4NSJ6qouzM5Sr/9yenhy+Mz05nESavvZnUsl3a3pyuJa1tt+mfKGvFFH6IIntxcN2jl+8dHpobGz0fL6if6KUp84MnRw9OXp28NChfXu7Dh4Y3N+UOLMy3dr23rkdW4+9ef2V4ePX3/r+y6y8ab69Po6q3sr7hiUfoa2wphzl2eeyzjNLL/qa0F2XTtqz99LqFYYly+7a7HJ1VOp/T7RVlqp64uX3V7VwQEulaZp2FtbOfJdNpfWSpLpDml5JgQdAEqtdAmB11L7ob01nPdXJ4WI/+MF280hUekBZ3LfzV3VLe6UHW+6t9o06WnT8hyLi+NRfn2SvmHccAgCgub4+EnHtaLXdUXtVt5Tikbp8/83nhnoj4n8RsSUi/p+3Xx6OqOR9NCIeq9unewmzAOU5y8X2z89deaK+udo0WfvvxXxua3b7b6bkvW35Uncl/o7kxKmx0T35OemLjs5seaD40TPDat+89MvHjY5frmv/Za/s+LW2YF6OP9rnDNCNDE0M3WvcNTevVE7s5WL8SbQntVTE1ojYtoLPz87Zqee+2NFo+6z4szgL8X/U+MPbV1CgOdLPIp6tXv+pmBN/5PN/SWV+8sw7/eMXL71wqn5+cuDggcH9/RtjbHRPf+2uKPrhp6uv5slCN2KB61+rGi2dSMuu/3/mvf9nZi57s9TMfO348o9x9ca1hn2ald7/G5LXK+na/OyFoYmJ8wMRG5Kp4vrBu/teGOqalT+Lv2/X/PV/S8Tfn+b7bY+I7CZ+PCKeiIidedmfjIinImLXAvF/d/Tptxt1IRePv7Wy+EeWdf0bJQ7/GDH/prbT335VOPCH5UL8HdHo+u+rpPryNSNDExsXi2uhktYn7vkEAgAAwBqwMyI2R1LanQ80bY5SaffuiE0zIyjjE8+fOPfu2ZHqMwK90VGqjXT11I2HDuRjw9lyttdg3XK2fW9l3DhN07QrW87672Pdqxs6rHubGtT/zO/FR1qAB82y5tEaPdEGrElz6/+NJedt/h9kAPdXE/6OBlij1H9Yv5Zc/1v1FBywauar/5cjbi+2n6FAWPvmq/9vFNYcvpvsam15gPtH/x/Wr5XXfz0AWOt8/8O6tKSH5FeQ2HJsgTxJe2sO2jhRirtr7qTFXwHojaitqbVpGn9gtvW3UkRzStjW1Ei7Zl3T0rx5NkYzjhWlRfO0L+OHGO5vovTvKEY10RkRi9y9Mzfb5VriUqsLVqkEn6/qf04AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABN8E8AAAD//9DS01I=") prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x7, 0x4, 0x208, 0x1}, 0x50) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b703000021000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x18) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r8, &(0x7f0000004080)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="14000000000000000100000001000000", @ANYRES32=r7], 0x18}}], 0x1, 0x0) r9 = dup3(r8, r7, 0x0) connect$unix(r9, &(0x7f0000000100)=@abs={0x1, 0x0, 0x4e22}, 0x6e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='tlb_flush\x00', r6}, 0x10) 8.823889808s ago: executing program 8 (id=3121): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) stat(&(0x7f0000000180)='./file0\x00', &(0x7f0000000380)) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000000)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="1b00"/12, @ANYRES32=0x0, @ANYBLOB='\x00'/10], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000480)) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) memfd_create(&(0x7f00000002c0)='\x103q}2\x9a\xce\xaf\x03\x86\xe7\xc0\x14\x8f^\xd5\xfd\xa1\r\xac7A\x94\xeb\xcd\t\x00\x90k\xd6\x05\r\x84\x87\x1c\b\x8c`\xea\x13A\x90m\xb6&\xd0\x9daA\xc5\xb8_\xd4\x18,\f\xd4s\xb2\x99/\xc0\x9a\xf2_\xdb\xc0\x8b\x19\x17\xb7Rvd\xcb:\b\xeeC0\xa3\xa6\xcf\x00\x00\xac\xc5h&+\t\x98\'\xfd|\x11\x99\xa2*6{\xd2C>2\x0e\"\xbc\xda\xee\xb0\xd8\xbf\xaf)\xf58c\x189K\x82\xd1(\xceY*\xcb\x9b\xbdn\x8e\x88m\x10L\xec\xfdWF\x7fj\x19\xb8<\xd2\x9d\xf0\xe9Qy\xe32\xed\x16f\xfe&\x1a\xdb\xeb\xad\xaaE\b\xa9\xf8\xa9s\xc4d\xd4\x03\xf1\xb7xO\x99\x804m[Ai\x13\x02\xf0\x84c2s\xd5P\t`\x9b\x12&\x8cx\x8eg\x9d\xe6g', 0x3) r5 = userfaultfd(0x80001) ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f0000000100)={0xaa, 0x100}) ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r5, 0xc020aa04, &(0x7f0000000000)={{&(0x7f00004bd000/0x3000)=nil, 0x3000}}) r6 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000000c0)={{'fd', 0x3d, r6}, 0x2c, {'rootmode', 0x3d, 0x4000}}) read$FUSE(r6, &(0x7f0000006380)={0x2020}, 0x2020) 8.700793086s ago: executing program 5 (id=3122): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0xa, 0x3, 0x8, 0x1}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r0}, &(0x7f0000000500), &(0x7f0000000580)}, 0x20) creat(&(0x7f0000000100)='./file0\x00', 0xd931d3864d39dcca) syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000180)='./file0\x00', 0x20044e, &(0x7f0000000280)={[{@minixdf}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x1ff}}, {@stripe}, {@noblock_validity}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x6}}]}, 0x3, 0x451, &(0x7f0000000f80)="$eJzs3M2PU1UbAPDn3k6HlxdwRsQPPtRRNE78mGEAlYULNZq4wMREF7qczAwEKYxhxkQIUTAGV8aYuDcu/Rdc6cYYVyZudW9IiGEDuKq57b1MW9rCdFqq098vuXDOvedyztNzT3vuPS0BjKyp7I8kYntE/B4RE/Vsc4Gp+l/Xr55fuHH1/EIS1erbfyW1cteunl8oihbnbcsz02lE+lkSe9vUu3L23Mn5SmXpTJ6fXT31wezK2XPPnTg1f3zp+NLpg0eOHD409+ILB5/vS5xZm67t+Xh53+433vvqzaNfNMXfEkefTHU7+GS12ufqhmtHQzoZG2JDWJdSRGTdVa6N/4koxVrnTcTrnw61ccBAVavV6rbOhy9UgU0siea8IQ+jovigz+5/i611EvDy4KYfQ3fllfoNUBb39XyrHxmLNC9Tbrm/7aepiHj3wt/fZFsM5jkEAECTH7L5z7Pt5n9pPNBQ7p58bWgyIu6NiJ0RcV9E7IqI+yNqZR+MiIfWWX/rIsmt85/0ck+B3aFs/vdSvrbVPP8rZn8xWcpzO2rxl5NjJypLB/LXZDrKW7L8XJc6fnztty87HWuc/2VbVn8xF8zbcXlsS/M5i/Or8xuJudGVixF7xtrFn9xcCUgiYndE7OmxjhNPf7ev07Hbx99FH9aZqt9GPFXv/wvREn8h6b4+Ofu/qCwdmC2uilv98uultzrVv6H4+yDr//+3vf5vxj+ZNK7Xrqy/jkt/fN7xnqbX6388eaeWHs/3fTS/unpmLmI8OVpvdOP+g2vnFvmifBb/9P72439nrL0SeyMiu4gfjohHIuLRvO2PRcTjEbG/S/w/v/rE+73HP1hZ/Ivr6v+1xHi07mmfKJ386fumSidvif9G9/4/XEtN53vu5P3vTtrV29UMAAAA/z1pRGyPJJ25mU7TmZn69+V3RaSV5ZXVZ44tf3h6sf4bgckop8WTromG56Fz+W19PX8xIupfLSiOH8qfG39d2lrLzywsVxaHHTyMuG0dxn/mz9KwWwcMnN9rwegy/mF0Gf8wuox/GF1txv/WYbQDuPvaff5/MoR2AHdfy/i37AcjxP0/jK6O438z/88/QI3PfxhJK1vj9j+S75oo/qUeT9+0iSj/K5qx8UQ1adu5kQ67YRKDTAz3fQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKBf/gkAAP//qmHgTw==") 8.119831384s ago: executing program 7 (id=3123): syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x759, &(0x7f0000000880)={[{@noload}, {@max_batch_time={'max_batch_time', 0x3d, 0x7}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x80000}}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x1}}, {@jqfmt_vfsv0, 0x0}, {@usrjquota}, {@noload}, {@jqfmt_vfsv1}, {@journal_ioprio={'journal_ioprio', 0x3d, 0x1}}, {@noacl}, {@resgid}, {@data_err_ignore}], [], 0x2c}, 0x2, 0x4f8, &(0x7f0000000200)="$eJzs3MtrXNUfAPDvnSRN08cv+fX389GHdrSKQbFp0ufCRSsK3QiCInUZk7TUpq00EdoSbCpSwYXSv8DHTvAvcKUbUXGhuFXcilAkm1YXcuXO3BknuZm8OsmY5vOBmZ5777lzznfuPZ3zmEkAG1Y5e0oitkXETxHRW92cnaFc/efOzNTIHzNTI0mk6Uu/J5V8t2emRmpZa+dtzTf6SxGld5LYXSy2e+LK1XPD4+Njl/IdA5OlPHV++MzYmbELQ8eOHTrYc/TI0OGWxJnV6fauty7u2Xny1ZsvjJy6+do3n2X1TfPjjXFU9VWeNy25hI7CnnKUZ7+XDR5fetXXhe0N6aQzey61rzIsWXbXZperq9L+e6OjslXVG8+/3dbKAasqTdO0u7C3/lk2nTZKkuoJaXo9Be4BSbS7BkB71D7ob89kI9WpkeI4+N5260RURkBZ3HfyR/VIZ2UEW+6rjo26Vqn8/0fEqek/P8weMe88BABAa31xImJL3u+oPapHSnF/Q77/5GtDfRHx34jYERH/y/sv90VU8j4QEQ82nLNtCasA5Tnbxf7PDz15orG72jJZ/++ZfG1rdv+vXvO+jnxreyX+ruT02fGxA/l70h9d3dn2YPGl69NqXz734wfNyi839P+yR1Z+rS+Y1+O3zjkTdKPDk8N3G3fNreuVN/ZaMf4kOpNaKmJnROxawetn79nZJz/d0+z4rPizOAvxv9/8xTtXUKE50o8jnqhe/+mYE3/k639JZX3y/BsDE1euPn22cX1y8OiRocMDm2N87MBA7a4o+vb7Gy/mycIwYoHrX2saq7qQll3/LfPe//WVy74sVV+vnVh+GTd+frfpmGal9/+m5OVKurY+e3l4cvLSYMSmZLq4f+ifcy8P98zKn8Xfv2/+9r8j4q+P8vN2R0R2Ez8UEQ9HxN687o9ExKMRsW+B+L9+9rHXmw0hF49/dWXxjy7r+jdLHP8uYv5DHee++rxQ8HvlQvxd0ez6H6qk+vM9o8OTmxeLa6GaNibu+g0EAACAdWBvZZ42Ke3PJ5q2Ram0f3/E1voMysTkU6cvvnlhtDqf2xddpdpMV2/DfOhgPjecbWdnDTVsZ8cPVuaN0zRNe7LtbPw+vr29ocOGt7VJ+8/8WvxJC3CvWdY6WrNftAHr0tz2v+jqWl3rv5ABrK0WfI8GWKe0f9i4ltz+V+tXcEDbzNf+r0XcaUNVgDU2X/t/pbDn+JrUBVhbxv+wca28/fsyAKx3Pv9hQ1rSj+RXkNhxcoE8SefqFNo8UYqF/wpAX0RtT61Ps/AL/lKKaE0NO1oaac+sa1qaN8/maEVZUVo0T+cy/hDD2iZK/45qVBPdEbHI3Vu/2a7VEldXu2KVRvBJe/93AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuHt/BwAA//9n7NJW") mount(0x0, &(0x7f00000001c0)='./file0\x00', 0x0, 0x40008, 0x0) 7.651940194s ago: executing program 7 (id=3124): r0 = syz_clone(0x1222080, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r1) syz_usb_connect$uac1(0x0, 0xad, &(0x7f0000000300)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902"], 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) syz_open_procfs(r0, &(0x7f0000000180)='attr/exec\x00') 7.324551478s ago: executing program 5 (id=3125): r0 = socket$netlink(0x10, 0x3, 0xf) copy_file_range(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0xffffffffa003e459, 0x700000000000000) r1 = socket$netlink(0x10, 0x3, 0xf) r2 = bpf$MAP_CREATE(0x0, 0x0, 0x48) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f0000000480)=@abs={0x0, 0x0, 0x8004e24}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bf"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a00)={&(0x7f0000000d00)='sched_switch\x00', r6}, 0x10) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000d40)=ANY=[@ANYBLOB="b800000019000100ffffffff00000000e00000020000000000000000000000000000000000000000000000000000000000000000000400000a00000087000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000001a0000000000000004000000000000000000000000000000ffffffffff00000000000000000000000000000000e70000000000000000000000000000000000000000000000000100000000000000000000000000000000000000e300773cdb2bf7d35ca07168e445f96488bc720ba727b69c3e3065f353a581f6cad50f0e4db7b0d25d9c817db7f1bfdec7ef74c39b0ad534218e52df72a0ad28ae4777f79f4a0f08c6d743ad64089bd5741001754502ca9ce1865beb98b0d6d68669e64a6344da620b1485fd12d8ed23215efcb082e3c64b716ef62586e5b79a6c853485487d0c4aa66320a09fabe436d7baf3917a9877de2aeb853f927a9bf17394966845a972687606df58d1a2c4601d941fa90e99e932c1967edf6658e3f92b78c636303ddb5f992760182e749fed314fe711c9b7bf92b45e9e818e5ed4aea371f07afd3663188da350017fd61a52bb6ff025db5c4b73854ba494e9686c6cf4475d75a8d563334e22546ead74d878eed913dff9f86ce76ebaa2efd035e35d494be660461f73b588eb66684a7fcc609edf2edaee8f836f8a2c1e689398bde49658be6d818c86f91f7746e73f4c07007540436f12d092"], 0xb8}}, 0x4000090) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000600)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000900)=@bpf_ext={0x1c, 0x12, &(0x7f0000000600)=@framed={{0x18, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0x5}, [@map_fd={0x18, 0x9, 0x1, 0x0, r2}, @exit, @exit, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x8}}, @map_idx={0x18, 0xa1a91e471ef8d339, 0x5, 0x0, 0x9}]}, &(0x7f00000003c0)='GPL\x00', 0x5, 0x14, &(0x7f0000000240)=""/20, 0x40f00, 0xd, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000480)={0x5, 0x1}, 0x8, 0x10, &(0x7f0000000540)={0x3, 0x2, 0x9, 0x6}, 0x10, 0x1955a, 0xffffffffffffffff, 0xa, &(0x7f0000000740)=[r2], &(0x7f0000000780)=[{0x2, 0x3, 0x8, 0xc}, {0x2, 0x3, 0x7, 0x2}, {0x4, 0x2, 0x4, 0x3}, {0x5, 0x3, 0x5, 0xc}, {0x1, 0x1, 0xf, 0x6}, {0x2, 0x1, 0x3}, {0x2, 0x2, 0x0, 0xb}, {0x1, 0x1, 0xe, 0xc}, {0x5, 0x1, 0x4, 0x1}, {0x5, 0x1, 0x8}], 0x10, 0x6}, 0x94) bind$netlink(r1, &(0x7f0000000a40)={0x10, 0x0, 0x25dfdbfb, 0x2ffffffff}, 0xc) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f0000000180)='sys_enter\x00', r7}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x14, 0xb, &(0x7f0000000180)=@framed={{}, [@printk={@p, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x70}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.io_service_bytes\x00', 0x26e1, 0x0) r8 = getpid() sched_setscheduler(r8, 0x2, &(0x7f0000000200)=0x7) syz_open_procfs$namespace(r8, &(0x7f0000000040)='ns/mnt\x00') 7.26779398s ago: executing program 4 (id=3126): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) syz_mount_image$ext4(0x0, &(0x7f0000000200)='./file0\x00', 0x3060000, 0x0, 0x0, 0x0, &(0x7f0000000000)) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000040)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000001a80)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x50) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0xc0b40) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000003c0)={'ip6_vti0\x00', &(0x7f0000000400)={'syztnl0\x00', 0x0, 0x0, 0x80, 0x0, 0x4, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @loopback={0xfec0ffff00000000, 0xffff8881114a4aa8}, 0x40, 0x80, 0x0, 0x6}}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)) 7.233557781s ago: executing program 8 (id=3127): openat$tun(0xffffffffffffff9c, 0x0, 0xc1842, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x8000, 0x0) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xf, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000090000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r1}, 0x10) bpf$MAP_CREATE(0xe4ffffff00000000, &(0x7f0000001000)=@base={0x10, 0x4, 0x4, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1}, 0x48) 6.343905019s ago: executing program 7 (id=3128): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000740)=@framed, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={0x0, r0}, 0x18) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c1341, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x182804, 0x0) close(r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) writev(r1, &(0x7f00000002c0)=[{&(0x7f0000000100)="89e7ee", 0x3}, {&(0x7f0000000440)="9c74dfbf77572856c888a8", 0xb}], 0x2) 6.262314295s ago: executing program 5 (id=3129): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0x4) ioctl$VHOST_SET_VRING_BASE(r0, 0x4008af12, &(0x7f0000000080)={0x1, 0x7f}) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/236, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/66}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0xfffffeac, &(0x7f00000001c0)=""/115}]}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1) 6.215342729s ago: executing program 8 (id=3130): pipe2$9p(&(0x7f00000000c0), 0x4800) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x185) r4 = inotify_init() inotify_add_watch(r4, &(0x7f00000000c0)='.\x00', 0x5000009) fallocate(r3, 0x0, 0x1000000, 0x3) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) 6.152110252s ago: executing program 7 (id=3131): bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="17000000000000000400000003"], 0x48) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r1, 0x0, 0xd}, 0x18) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r3 = socket(0x1e, 0x805, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x8}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff, 0x2}, 0x0, 0x0) ioctl$UI_DEV_CREATE(r0, 0x5501) openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, 0x0) r4 = creat(&(0x7f00000001c0)='./file0\x00', 0x8) close(r4) read$FUSE(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) r5 = inotify_init1(0x0) inotify_add_watch(r5, &(0x7f0000000200)='.\x00', 0x400) r6 = dup(r5) read$FUSE(r6, &(0x7f0000002280)={0x2020}, 0x2020) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) openat$ptp0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) clock_gettime(0xfffffffffffffffb, 0x0) 4.65675538s ago: executing program 36 (id=3082): socket$nl_generic(0x10, 0x3, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, 0x0, 0xc044) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000000)='sched_switch\x00', r5}, 0x10) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$IPSET_CMD_PROTOCOL(r6, &(0x7f0000000440)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000340)={&(0x7f00000003c0)={0x4c, 0x1, 0x6, 0x201, 0x0, 0x0, {0x7, 0x0, 0x3}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40004}, 0x20008000) r7 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r7, 0x6, 0x10000000013, &(0x7f0000000180)=0x1, 0x4) setsockopt$inet_tcp_int(r7, 0x6, 0x14, &(0x7f00000000c0)=0x100000001, 0x4) connect$inet(r7, &(0x7f0000000300)={0x2, 0x0, @remote}, 0x10) sendto$inet(r7, &(0x7f0000000200)="e1", 0xfea8, 0x0, 0x0, 0x0) splice(r7, 0x0, r6, 0x0, 0xfea8, 0xa) bind$netlink(r0, 0x0, 0x0) syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff) r8 = syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0xa401) ioctl$USBDEVFS_DISCONNECT_CLAIM(r8, 0x8108551b, &(0x7f0000000000)={0x0, 0x0, "ec9fe44d4dbe56a60274fcffffffffffffff14e315eeb406bfdd73835e57efa94b1a0275781c647aa7e3470c6028643b17832b10b386a6f73791011c26a9aa141f406e312295ee620a9a46577b9249b738fe7750bec83bf6ed5b67213fa7d6c0823fd154ed29ede1ff379742c3f0b46caa357d70ee438f901d7645c3f87e4b21482b76f2ad8eaac090272081f98fd2e3e5a63e008104df635e731a5bfcd942f4529517454618de595cd179445b4bdbf698b9986356f0ebf7d25a57774ef474f86a3ad24ae9f0bf94b99e6b87de5f79d383d05bb32701daed400785a49788f08caecc9e0c48a3740bbe6e1c1fd4f6cfdfe756bc00d08e36655c00"}) 4.63713819s ago: executing program 4 (id=3133): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) mlock(&(0x7f0000923000/0x3000)=nil, 0x3000) preadv2(0xffffffffffffffff, &(0x7f0000000440)=[{&(0x7f0000000700)=""/4096, 0x1000}], 0x1, 0x0, 0x0, 0x0) 4.634521876s ago: executing program 5 (id=3134): r0 = add_key(&(0x7f00000001c0)='user\x00', &(0x7f0000000080)={'syz', 0x3}, &(0x7f00000000c0)='9', 0x1, 0xfffffffffffffffc) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r0, &(0x7f0000000000)='asymmetric\x00', &(0x7f0000000040)=@secondary) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a80)={0x6, 0x4, &(0x7f0000000100)=@framed={{}, [@generic={0x4, 0x5, 0x0, 0x200, 0x8}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xe}, 0x94) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000a00)=ANY=[@ANYBLOB="80020000120001000000001000000000fe8000000000000000000000000000aaff0100000000000000000000000000010000000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8800000000000000000000000000010000000033000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffff00000000000000000a0000000000000000"], 0x280}}, 0x0) keyctl$chown(0x4, r0, 0xee00, 0xffffffffffffffff) 1.624121565s ago: executing program 4 (id=3135): r0 = gettid() prlimit64(r0, 0xe, &(0x7f0000000000)={0xb, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000032680)=""/102392, 0x18ff8) sigaltstack(&(0x7f0000000240)={&(0x7f0000000540)=""/83, 0x2, 0x53}, &(0x7f0000000440)={&(0x7f00000005c0)=""/77, 0x0, 0x4d}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x80000) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='huge=always']) chdir(&(0x7f0000000140)='./file0\x00') r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='blkio.bfq.io_service_time_recursive\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0xb4ed6000) ftruncate(r2, 0xc254) r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) openat$tcp_congestion(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r4, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000000}, 0x8000) ioctl$EXT4_IOC_MOVE_EXT(r3, 0x40305829, &(0x7f00000000c0)={0x17c04, 0xffffffffffffffff, 0xf4ff, 0xfff}) mount(0x0, &(0x7f0000000140)='./bus\x00', 0x0, 0x1080, 0x0) ftruncate(0xffffffffffffffff, 0xffff) fallocate(0xffffffffffffffff, 0x0, 0x3, 0x1) 1.609532207s ago: executing program 5 (id=3136): prlimit64(0x0, 0xe, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f00000003c0)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0) bind$rose(r3, &(0x7f0000000440)=@short={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, 0x1, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}}, 0x1c) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) r5 = socket(0x1d, 0x2, 0x6) ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000000)={'vxcan0\x00', 0x0}) bind$can_j1939(r5, &(0x7f0000000900)={0x1d, r6, 0x1}, 0x18) sendmmsg$unix(r5, &(0x7f0000004a80)=[{{&(0x7f00000003c0)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000000840)=[{&(0x7f0000000440)="bd", 0x1}], 0x1, 0x0, 0x0, 0x40000}}], 0x1, 0x1d3) syz_genetlink_get_family_id$wireguard(&(0x7f0000000080), r5) r7 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_ADD_MFC(r7, 0x29, 0xcc, &(0x7f0000000000)={{0xa, 0x4e24, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x809}, {0xa, 0x8, 0xfffffffe, @empty}, 0x2, {[0x0, 0x1, 0xfffffffe, 0xfff, 0x2, 0x4]}}, 0x5c) setsockopt$MRT6_ADD_MFC(r7, 0x29, 0xcc, 0x0, 0x0) setsockopt$MRT6_ADD_MFC(r7, 0x29, 0xcc, &(0x7f00000001c0)={{0xa, 0x0, 0x0, @remote, 0x6}, {0xa, 0x4e22, 0x0, @mcast1}, 0x0, {[0x4, 0x7fff, 0x0, 0x0, 0x3fd, 0x0, 0x58, 0x200]}}, 0x5c) setsockopt$MRT6_ADD_MFC(r7, 0x29, 0xcc, &(0x7f0000000000)={{0xa, 0x0, 0x0, @private2}, {0xa, 0x0, 0x0, @empty}}, 0x5c) setsockopt$MRT6_FLUSH(r7, 0x29, 0xd4, &(0x7f00000000c0)=0x7, 0x4) sendmsg$NFT_BATCH(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)={{0x70, 0x10, 0x1, 0x0, 0x0, {0xa}}, [@NFT_MSG_NEWRULE={0x48, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x1c, 0x4, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, @log={{0x8}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_LOG_GROUP={0x6, 0x1, 0x1, 0x0, 0x7}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x70}}, 0x0) 1.548179649s ago: executing program 7 (id=3137): r0 = gettid() prlimit64(r0, 0xe, &(0x7f0000000000)={0xb, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000032680)=""/102392, 0x18ff8) sigaltstack(&(0x7f0000000240)={&(0x7f0000000540)=""/83, 0x2, 0x53}, &(0x7f0000000440)={&(0x7f00000005c0)=""/77, 0x0, 0x4d}) accept4(0xffffffffffffffff, 0x0, 0x0, 0x80000) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='huge=always']) chdir(&(0x7f0000000140)='./file0\x00') r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='blkio.bfq.io_service_time_recursive\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0xb4ed6000) ftruncate(r2, 0xc254) r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) openat$tcp_congestion(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r4, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000000}, 0x8000) ioctl$EXT4_IOC_MOVE_EXT(r3, 0x40305829, &(0x7f00000000c0)={0x17c04, 0xffffffffffffffff, 0xf4ff, 0xfff}) mount(0x0, &(0x7f0000000140)='./bus\x00', 0x0, 0x1080, 0x0) ftruncate(0xffffffffffffffff, 0xffff) 1.444350717s ago: executing program 8 (id=3138): mkdir(&(0x7f0000000000)='./file0\x00', 0x0) syz_mount_image$fuse(0x0, &(0x7f0000001040)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0) sendmsg$inet(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10) socket$igmp6(0xa, 0x3, 0x2) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000600)=ANY=[@ANYBLOB="9feb0100180000000000000040000000400000000200000000000000000000060400000000000000000000010500000008000000000000000000000300000000020000000200000004000000000000000000000b03"], 0x0, 0x5a}, 0x28) r5 = syz_open_dev$usbfs(&(0x7f0000000080), 0x70, 0x101301) ioctl$USBDEVFS_IOCTL(r5, 0xc0105512, &(0x7f0000000200)) ioctl$USBDEVFS_IOCTL(r5, 0xc0105512, &(0x7f0000000040)=@usbdevfs_connect) mount$overlay(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c}) lgetxattr(&(0x7f0000000080)='./file0\x00', &(0x7f0000000180)=@known='trusted.overlay.impure\x00', 0x0, 0x0) 0s ago: executing program 5 (id=3139): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = timerfd_create(0x8, 0x80800) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) timerfd_settime(r1, 0x2, &(0x7f00000001c0)={{r2, r3+10000000}, {0x77359400}}, &(0x7f0000000240)) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r4 = getpid() getpeername$inet6(0xffffffffffffffff, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000fd0f000007"], 0x48) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r8}, 0x10) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) syz_open_procfs(0x0, &(0x7f00000000c0)='mountinfo\x00') syz_mount_image$ext4(0x0, &(0x7f0000000140)='./file0\x00', 0x2000000, 0x0, 0x1, 0x0, &(0x7f0000000000)) mount(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000040)='ramfs\x00', 0x2014050, 0x0) r9 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) ioctl$KVM_RUN(r10, 0xae80, 0x0) kernel console output (not intermixed with test programs): ing for an remote control event. [ 1319.828594][ T5914] usb 1-1: USB disconnect, device number 37 [ 1320.737385][ T5885] usb 6-1: unable to read config index 0 descriptor/start: -71 [ 1320.765845][ T5885] usb 6-1: can't read configurations, error -71 [ 1320.778836][ T5914] dvb-usb: AVerMedia AverTV DVB-T USB 2.0 (A800) successfully deinitialized and disconnected. [ 1326.326715][T16279] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2358'. [ 1329.033189][ T43] usb 6-1: new high-speed USB device number 23 using dummy_hcd [ 1330.144538][ T43] usb 6-1: too many configurations: 9, using maximum allowed: 8 [ 1330.157957][ T43] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1330.168570][T16294] netlink: 'syz.7.2363': attribute type 2 has an invalid length. [ 1330.176624][T16294] netlink: 244 bytes leftover after parsing attributes in process `syz.7.2363'. [ 1330.209046][ T43] usb 6-1: config 0 has no interfaces? [ 1330.561445][ T43] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1330.583187][ T43] usb 6-1: config 0 has no interfaces? [ 1330.589741][ T43] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1330.611986][ T43] usb 6-1: config 0 has no interfaces? [ 1330.631365][ T43] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1330.676164][T16307] netlink: 600 bytes leftover after parsing attributes in process `syz.4.2365'. [ 1330.728243][ T43] usb 6-1: config 0 has no interfaces? [ 1330.985249][ T43] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1331.378998][ T43] usb 6-1: config 0 has no interfaces? [ 1331.415746][ T43] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1331.443089][ T43] usb 6-1: config 0 has no interfaces? [ 1331.472916][ T43] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1331.592008][ T43] usb 6-1: config 0 has no interfaces? [ 1331.947988][ T43] usb 6-1: unable to read config index 7 descriptor/start: -71 [ 1332.519712][ T43] usb 6-1: can't read configurations, error -71 [ 1333.973299][T11172] usb 1-1: new high-speed USB device number 38 using dummy_hcd [ 1333.981742][ T5937] usb 8-1: new high-speed USB device number 7 using dummy_hcd [ 1334.243442][T11172] usb 1-1: Using ep0 maxpacket: 32 [ 1334.674107][T11172] usb 1-1: config 0 has an invalid interface number: 184 but max is 0 [ 1334.723563][ T5937] usb 8-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 1334.770918][T11172] usb 1-1: config 0 has no interface number 0 [ 1334.823226][ T5937] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1334.860014][T11172] usb 1-1: config 0 interface 184 has no altsetting 0 [ 1335.004571][T11172] usb 1-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 1335.092889][ T5937] usb 8-1: config 0 descriptor?? [ 1335.214433][T11172] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1335.225827][T11172] usb 1-1: Product: syz [ 1335.230125][T11172] usb 1-1: Manufacturer: syz [ 1335.244173][T11172] usb 1-1: SerialNumber: syz [ 1335.252635][T11172] usb 1-1: config 0 descriptor?? [ 1335.324457][T11172] smsc75xx v1.0.0 [ 1335.468822][T16329] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1335.553281][T16329] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1335.640296][ T5914] usb 6-1: new high-speed USB device number 25 using dummy_hcd [ 1335.843603][T11172] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -32 [ 1335.857164][T11172] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -32 [ 1335.860212][ T5914] usb 6-1: Using ep0 maxpacket: 32 [ 1335.896812][T11172] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_bind [ 1335.905649][T16329] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1335.914113][T11172] smsc75xx 1-1:0.184: probe with driver smsc75xx failed with error -32 [ 1336.034679][ T5914] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA6, changing to 0x86 [ 1336.103627][T16329] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1336.112216][ T5914] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x86 has an invalid bInterval 0, changing to 7 [ 1336.126945][T16329] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1336.171849][T16329] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1336.185892][ T5914] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x86 has invalid wMaxPacketSize 0 [ 1336.232009][T16329] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1336.242896][ T5914] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1336.279691][T16329] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1336.303238][ T5937] ath6kl: Failed to submit usb control message: -110 [ 1336.310762][ T5914] usb 6-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36 [ 1336.319992][ T5937] ath6kl: unable to send the bmi data to the device: -110 [ 1336.327222][ T5914] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1336.327246][ T5914] usb 6-1: Product: syz [ 1336.327260][ T5914] usb 6-1: Manufacturer: syz [ 1336.327275][ T5914] usb 6-1: SerialNumber: syz [ 1336.357135][ T5914] usb 6-1: config 0 descriptor?? [ 1336.371595][ T5937] ath6kl: Unable to send get target info: -110 [ 1336.412681][ T5937] ath6kl: Failed to init ath6kl core: -110 [ 1336.424336][ T5937] ath6kl_usb 8-1:0.0: probe with driver ath6kl_usb failed with error -110 [ 1336.642002][T16329] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1336.756256][T16366] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1336.786647][T16329] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1336.842626][T16366] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1337.271987][T16371] fuse: Bad value for 'fd' [ 1337.309228][ T5937] usb 8-1: USB disconnect, device number 7 [ 1337.358049][ T5914] usb 6-1: USB disconnect, device number 25 [ 1337.390047][ T5892] usb 1-1: USB disconnect, device number 38 [ 1337.706082][T16382] netlink: 600 bytes leftover after parsing attributes in process `syz.4.2378'. [ 1338.993377][T16398] netlink: 'syz.4.2382': attribute type 4 has an invalid length. [ 1339.001203][T16398] netlink: 17 bytes leftover after parsing attributes in process `syz.4.2382'. [ 1339.532781][ T24] usb 6-1: new high-speed USB device number 26 using dummy_hcd [ 1339.873162][ T24] usb 6-1: device descriptor read/64, error -71 [ 1340.306788][ T24] usb 6-1: new high-speed USB device number 27 using dummy_hcd [ 1340.493628][ T24] usb 6-1: device descriptor read/64, error -71 [ 1340.766863][ T24] usb usb6-port1: attempt power cycle [ 1341.732247][ T24] usb 6-1: new high-speed USB device number 28 using dummy_hcd [ 1341.837374][ T24] usb 6-1: device descriptor read/8, error -71 [ 1342.019494][T16427] fuse: Bad value for 'fd' [ 1342.462060][T16429] netlink: 312 bytes leftover after parsing attributes in process `syz.6.2390'. [ 1342.833436][ T24] usb 6-1: new high-speed USB device number 29 using dummy_hcd [ 1344.607812][ T24] usb 6-1: Using ep0 maxpacket: 32 [ 1345.034825][ T24] usb 6-1: config 0 has an invalid interface number: 184 but max is 0 [ 1345.341366][ T24] usb 6-1: config 0 has no interface number 0 [ 1345.375108][ T24] usb 6-1: config 0 interface 184 has no altsetting 0 [ 1345.591581][ T24] usb 6-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 1345.607365][ T24] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1345.650387][T16451] netlink: 'syz.4.2395': attribute type 4 has an invalid length. [ 1345.658327][T16451] netlink: 17 bytes leftover after parsing attributes in process `syz.4.2395'. [ 1345.860838][ T24] usb 6-1: Product: syz [ 1345.996728][ T24] usb 6-1: Manufacturer: syz [ 1346.133319][ T24] usb 6-1: config 0 descriptor?? [ 1346.160654][ T24] usb 6-1: can't set config #0, error -71 [ 1346.190396][ T24] usb 6-1: USB disconnect, device number 29 [ 1350.107030][T16477] fuse: Bad value for 'fd' [ 1350.755441][T16492] netlink: 'syz.5.2405': attribute type 4 has an invalid length. [ 1350.763279][T16492] netlink: 17 bytes leftover after parsing attributes in process `syz.5.2405'. [ 1350.787508][ T10] usb 8-1: new high-speed USB device number 8 using dummy_hcd [ 1351.003402][ T10] usb 8-1: Using ep0 maxpacket: 16 [ 1351.064505][ T10] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1351.172493][ T10] usb 8-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 9 [ 1351.240290][T16493] netlink: 600 bytes leftover after parsing attributes in process `syz.0.2404'. [ 1351.905897][ T10] usb 8-1: New USB device found, idVendor=0457, idProduct=07da, bcdDevice= 0.00 [ 1351.915041][ T10] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1351.969779][ T10] usb 8-1: config 0 descriptor?? [ 1352.038500][ T10] usbhid 8-1:0.0: couldn't find an input interrupt endpoint [ 1352.895054][T16508] netlink: 'syz.6.2408': attribute type 4 has an invalid length. [ 1352.902874][T16508] netlink: 17 bytes leftover after parsing attributes in process `syz.6.2408'. [ 1353.584017][T11172] usb 8-1: USB disconnect, device number 8 [ 1355.909536][T16522] fuse: Invalid rootmode [ 1357.835802][ T10] usb 6-1: new high-speed USB device number 30 using dummy_hcd [ 1358.253407][ T10] usb 6-1: device descriptor read/64, error -71 [ 1359.440106][ T10] usb 6-1: new high-speed USB device number 31 using dummy_hcd [ 1359.803403][ T10] usb 6-1: device descriptor read/64, error -71 [ 1359.930346][ T10] usb usb6-port1: attempt power cycle [ 1360.078956][ T24] usb 5-1: new full-speed USB device number 35 using dummy_hcd [ 1360.672291][T16568] fuse: Invalid rootmode [ 1360.684470][ T24] usb 5-1: unable to get BOS descriptor or descriptor too short [ 1360.721084][ T24] usb 5-1: not running at top speed; connect to a high speed hub [ 1360.733098][ T10] usb 6-1: new high-speed USB device number 32 using dummy_hcd [ 1360.748672][ T24] usb 5-1: config 14 has an invalid interface number: 169 but max is 0 [ 1360.857103][ T24] usb 5-1: config 14 has no interface number 0 [ 1360.863489][ T24] usb 5-1: config 14 interface 169 has no altsetting 0 [ 1360.888622][ T24] usb 5-1: New USB device found, idVendor=07fa, idProduct=0847, bcdDevice= c.76 [ 1360.970111][ T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1361.090208][ T24] usb 5-1: Product: syz [ 1361.134378][ T24] usb 5-1: Manufacturer: syz [ 1361.178954][ T24] usb 5-1: SerialNumber: syz [ 1361.277076][ T10] usb 6-1: device not accepting address 32, error -71 [ 1361.559981][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1361.585737][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 1361.950568][ T24] hub 5-1:14.169: bad descriptor, ignoring hub [ 1362.099980][ T24] hub 5-1:14.169: probe with driver hub failed with error -5 [ 1362.109839][ T24] HFC-S_USB 5-1:14.169: probe with driver HFC-S_USB failed with error -5 [ 1362.146393][ T24] usb 5-1: USB disconnect, device number 35 [ 1363.214852][T16593] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1364.130770][T16605] fuse: Invalid rootmode [ 1364.257530][ T5885] usb 8-1: new high-speed USB device number 9 using dummy_hcd [ 1364.594994][ T5885] usb 8-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 1364.698910][ T5885] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1364.887151][ T5885] usb 8-1: config 0 descriptor?? [ 1365.266209][T16598] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1365.281510][T16598] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1365.540719][T16598] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1365.710471][T16598] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1365.907204][T16598] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1365.968191][T16598] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1366.079110][T16598] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1366.127043][ T5885] ath6kl: Failed to submit usb control message: -110 [ 1366.170908][T16598] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1366.220898][ T5885] ath6kl: unable to send the bmi data to the device: -110 [ 1366.229779][ T5885] ath6kl: Unable to send get target info: -110 [ 1366.247482][ T5885] ath6kl: Failed to init ath6kl core: -110 [ 1366.254920][ T5885] ath6kl_usb 8-1:0.0: probe with driver ath6kl_usb failed with error -110 [ 1366.425921][T16626] netlink: 600 bytes leftover after parsing attributes in process `syz.5.2442'. [ 1367.119903][T16598] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1367.129123][T16598] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1367.222053][ T10] usb 8-1: USB disconnect, device number 9 [ 1367.326878][T11172] usb 7-1: new high-speed USB device number 11 using dummy_hcd [ 1367.983173][ T43] usb 1-1: new high-speed USB device number 39 using dummy_hcd [ 1368.286583][T11172] usb 7-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 1368.327362][T11172] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1368.384243][T11172] usb 7-1: config 0 descriptor?? [ 1368.477822][ T43] usb 1-1: Using ep0 maxpacket: 32 [ 1368.495251][ T43] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA6, changing to 0x86 [ 1368.513398][ T43] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x86 has an invalid bInterval 0, changing to 7 [ 1368.533485][ T43] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x86 has invalid wMaxPacketSize 0 [ 1368.548986][ T43] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1368.569112][ T43] usb 1-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36 [ 1368.578332][ T43] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1368.603054][ T43] usb 1-1: Product: syz [ 1368.607321][ T43] usb 1-1: Manufacturer: syz [ 1368.611956][ T43] usb 1-1: SerialNumber: syz [ 1368.772361][T16624] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1369.380479][T16624] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1369.391406][T16648] fuse: Bad value for 'rootmode' [ 1369.399427][ T43] usb 1-1: config 0 descriptor?? [ 1369.553706][T11172] ath6kl: Failed to submit usb control message: -110 [ 1369.563819][T11172] ath6kl: unable to send the bmi data to the device: -110 [ 1369.580297][T11172] ath6kl: Unable to send get target info: -110 [ 1369.600725][T11172] ath6kl: Failed to init ath6kl core: -110 [ 1369.618137][T11172] ath6kl_usb 7-1:0.0: probe with driver ath6kl_usb failed with error -110 [ 1369.697693][T16657] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1369.706587][T16657] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1369.719321][T11172] usb 1-1: USB disconnect, device number 39 [ 1369.746173][T16624] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1369.760997][T16624] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1369.773726][T16624] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1369.783390][T16624] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1369.801121][T16624] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1369.811902][T16624] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1369.953294][ T10] usb 6-1: new high-speed USB device number 34 using dummy_hcd [ 1370.223311][ T10] usb 6-1: Using ep0 maxpacket: 16 [ 1370.256584][T16624] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1370.291337][ T10] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1370.336813][T16624] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1370.362603][ T10] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1370.396810][ T5914] usb 5-1: new high-speed USB device number 36 using dummy_hcd [ 1370.444412][ T10] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1370.529353][ T5885] usb 7-1: USB disconnect, device number 11 [ 1370.536757][ T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1370.673693][ T10] usb 6-1: Product: syz [ 1370.677888][ T10] usb 6-1: Manufacturer: syz [ 1370.682486][ T10] usb 6-1: SerialNumber: syz [ 1370.746471][ T5914] usb 5-1: Using ep0 maxpacket: 16 [ 1370.782149][ T5914] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1370.807617][ T5914] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1370.825258][ T5914] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1371.392660][ T5914] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1371.401316][ T5914] usb 5-1: Product: syz [ 1371.405964][ T5914] usb 5-1: Manufacturer: syz [ 1371.410873][ T10] usb 6-1: 0:2 : does not exist [ 1371.416102][ T5914] usb 5-1: SerialNumber: syz [ 1371.520469][ T10] usb 6-1: 5:0: failed to get current value for ch 0 (-22) [ 1371.572235][ T10] usb 6-1: USB disconnect, device number 34 [ 1371.763560][T11172] usb 7-1: new high-speed USB device number 12 using dummy_hcd [ 1371.795320][ T5914] usb 5-1: 0:2 : does not exist [ 1371.814293][ T5914] usb 5-1: 5:0: failed to get current value for ch 0 (-22) [ 1371.857757][ T5914] usb 5-1: USB disconnect, device number 36 [ 1372.413250][T11172] usb 7-1: Using ep0 maxpacket: 8 [ 1372.864664][T11172] usb 7-1: config index 0 descriptor too short (expected 301, got 45) [ 1372.872872][T11172] usb 7-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 1373.107835][T11172] usb 7-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 1373.124099][T15194] udevd[15194]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1373.147739][T15348] udevd[15348]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card4/controlC4/../uevent} for writing: No such file or directory [ 1373.206622][T11172] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 1373.229300][T11172] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1373.550098][T16685] fuse: Bad value for 'rootmode' [ 1373.614437][T16697] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2462'. [ 1375.179867][T11172] usb 7-1: can't set config #16, error -71 [ 1375.345484][T11172] usb 7-1: USB disconnect, device number 12 [ 1381.780460][T16740] fuse: Bad value for 'rootmode' [ 1386.745031][T16784] netlink: 5128 bytes leftover after parsing attributes in process `syz.5.2489'. [ 1386.754546][T16784] netlink: 5128 bytes leftover after parsing attributes in process `syz.5.2489'. [ 1386.764139][T16784] netlink: 584 bytes leftover after parsing attributes in process `syz.5.2489'. [ 1387.125035][ T5937] usb 6-1: new high-speed USB device number 35 using dummy_hcd [ 1388.056727][ T5937] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1388.262035][ T5937] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1388.664195][ T5937] usb 6-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 1388.820306][ T5937] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 1388.995515][ T5937] usb 6-1: SerialNumber: syz [ 1389.233491][T11417] Bluetooth: hci3: command 0x0c1a tx timeout [ 1390.273634][T16783] Bluetooth: hci3: Opcode 0x0c1a failed: -110 [ 1390.580945][ T5937] usb 6-1: 0:2 : does not exist [ 1390.797701][ T5937] usb 6-1: unit 255 not found! [ 1390.846173][T16783] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 1390.873627][ T5937] usb 6-1: 5:0: cannot get min/max values for control 1 (id 5) [ 1390.998980][T16783] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1391.124356][T16783] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1391.124601][ T5937] usb 6-1: 5:0: cannot get min/max values for control 17 (id 5) [ 1391.795264][ T5937] usb 6-1: USB disconnect, device number 35 [ 1391.981224][T15194] udevd[15194]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1392.754969][T11417] Bluetooth: hci5: command 0x0419 tx timeout [ 1393.073720][T11417] Bluetooth: hci0: command 0x0406 tx timeout [ 1393.153228][T11417] Bluetooth: hci4: command 0x0405 tx timeout [ 1393.573091][ T5914] usb 8-1: new high-speed USB device number 10 using dummy_hcd [ 1393.723163][ T5914] usb 8-1: Using ep0 maxpacket: 32 [ 1393.736153][ T5914] usb 8-1: config 0 has no interfaces? [ 1393.784647][ T5914] usb 8-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 1395.369294][ T5914] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1395.551662][ T5914] usb 8-1: config 0 descriptor?? [ 1396.646785][T16863] netlink: 44 bytes leftover after parsing attributes in process `syz.0.2507'. [ 1397.058356][ T43] usb 8-1: USB disconnect, device number 10 [ 1397.797057][T16871] netlink: 14 bytes leftover after parsing attributes in process `syz.0.2512'. [ 1400.465026][T16891] CUSE: unknown device info "KJ éH+ßãÛ¤2Lh¸änLþ1Õ`†CcÝòn§õ†îì8­¨×0º©®(À3Õ¶ië®â>f¡Çè_Ù®,°ð<Ö_e¤FÀÆ" [ 1400.473754][ T43] usb 8-1: new high-speed USB device number 11 using dummy_hcd [ 1400.476743][T16891] CUSE: unknown device info "3ÜŸ•,²¥Ì˜õ" [ 1400.476760][T16891] CUSE: unknown device info "Jô©Ð2S Zûü !e/ëÅúãõž‘­J½+-n´¸a4¼ßØÁDÿ|G$öó­5O~©q ´ƒ [ 1400.476760][T16891] f𳦧ìýzóÚXÁSAäx¡Ùjª½T¾Ç”¨åw— üæšxRÉQ÷®(hÒj pøVdY0¨Æ|M?2JÿúIšvö^RÎ@´å" [ 1400.476777][T16891] CUSE: unknown device info "!ToÛ}Ý&|L+U²®oæõϲ±„Ð"–¨FstVµ:׌E• gJºî‹ÂÁ<@cÁ”²ûŽ4ÊTáM˜M|©·š‚ô" [ 1400.476789][T16891] CUSE: DEVNAME unspecified [ 1400.479813][ T30] audit: type=1326 audit(1751433579.497:501): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16881 comm="syz.4.2516" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f2dac38e929 code=0x0 [ 1401.231300][ T5937] usb 7-1: new high-speed USB device number 13 using dummy_hcd [ 1402.349368][T16912] netlink: 'syz.7.2522': attribute type 4 has an invalid length. [ 1402.357216][T16912] netlink: 17 bytes leftover after parsing attributes in process `syz.7.2522'. [ 1402.637649][ T43] usb 8-1: device not accepting address 11, error -71 [ 1402.680916][ T5937] usb 7-1: Using ep0 maxpacket: 16 [ 1403.132767][ T5937] usb 7-1: device descriptor read/all, error -71 [ 1408.139202][T16953] netlink: 14 bytes leftover after parsing attributes in process `syz.5.2528'. [ 1409.973118][ T5892] usb 8-1: new high-speed USB device number 13 using dummy_hcd [ 1410.273537][ T5892] usb 8-1: Using ep0 maxpacket: 32 [ 1410.485742][ T5892] usb 8-1: config 0 has an invalid interface number: 184 but max is 0 [ 1410.522247][ T5892] usb 8-1: config 0 has no interface number 0 [ 1410.529354][ T5892] usb 8-1: config 0 interface 184 has no altsetting 0 [ 1411.156284][ T5892] usb 8-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 1411.180759][ T5892] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1411.361869][ T5892] usb 8-1: Product: syz [ 1411.391607][ T5892] usb 8-1: Manufacturer: syz [ 1411.532397][ T5892] usb 8-1: SerialNumber: syz [ 1412.807356][ T5892] usb 8-1: config 0 descriptor?? [ 1413.313410][T16968] Bluetooth: hci3: Opcode 0x0c1a failed: -110 [ 1413.360037][ T5892] usb 8-1: can't set config #0, error -71 [ 1413.700242][T11417] Bluetooth: hci3: command 0x0c1a tx timeout [ 1413.734644][ T5892] usb 8-1: USB disconnect, device number 13 [ 1414.230826][T16968] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 1414.405281][T16968] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1414.411494][T16968] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1415.803314][T11417] Bluetooth: hci5: command 0x0419 tx timeout [ 1416.453256][T11417] Bluetooth: hci4: command 0x0405 tx timeout [ 1416.459504][T11417] Bluetooth: hci0: command 0x0406 tx timeout [ 1417.254602][T17015] netlink: 14 bytes leftover after parsing attributes in process `syz.0.2545'. [ 1418.743109][ T5885] usb 5-1: new high-speed USB device number 37 using dummy_hcd [ 1419.908260][ T5834] Bluetooth: hci4: command 0x0405 tx timeout [ 1420.238791][ T5885] usb 5-1: config 0 has no interfaces? [ 1420.255033][ T5885] usb 5-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 1420.280269][ T5885] usb 5-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 1420.342227][ T5885] usb 5-1: Manufacturer: syz [ 1421.520540][ T5885] usb 5-1: config 0 descriptor?? [ 1421.823257][ T5885] usb 5-1: can't set config #0, error -71 [ 1421.857180][ T5885] usb 5-1: USB disconnect, device number 37 [ 1422.048428][T11417] Bluetooth: hci4: command 0x0405 tx timeout [ 1422.289943][ T5957] usb 8-1: new high-speed USB device number 14 using dummy_hcd [ 1423.040457][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1423.046842][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 1424.841432][ T5957] usb 8-1: device descriptor read/all, error -71 [ 1425.356801][T17076] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2561'. [ 1434.316553][T17134] netlink: 36 bytes leftover after parsing attributes in process `syz.5.2575'. [ 1438.453144][ T5914] usb 8-1: new high-speed USB device number 16 using dummy_hcd [ 1438.973110][ T5914] usb 8-1: Using ep0 maxpacket: 32 [ 1439.239786][ T5914] usb 8-1: config 0 has an invalid interface number: 184 but max is 0 [ 1439.248095][ T5914] usb 8-1: config 0 has no interface number 0 [ 1439.254785][ T5914] usb 8-1: config 0 interface 184 has no altsetting 0 [ 1439.272698][ T5914] usb 8-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 1439.282189][ T5914] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1439.291442][ T5914] usb 8-1: Product: syz [ 1439.295924][ T5914] usb 8-1: Manufacturer: syz [ 1439.300837][ T5914] usb 8-1: SerialNumber: syz [ 1439.319178][ T5914] usb 8-1: config 0 descriptor?? [ 1439.482033][ T5914] smsc75xx v1.0.0 [ 1439.518462][ T5914] smsc75xx 8-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 1440.033697][ T5834] Bluetooth: hci4: command 0x0405 tx timeout [ 1440.056289][ T5914] smsc75xx 8-1:0.184: probe with driver smsc75xx failed with error -22 [ 1441.319886][ T5914] usb 8-1: USB disconnect, device number 16 [ 1450.473257][ T10] usb 6-1: new high-speed USB device number 36 using dummy_hcd [ 1450.516797][T17247] fuse: Invalid rootmode [ 1450.522940][T17249] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2605'. [ 1450.533673][T17249] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2605'. [ 1450.743186][ T10] usb 6-1: Using ep0 maxpacket: 32 [ 1450.839148][ T10] usb 6-1: config 0 interface 0 has no altsetting 0 [ 1451.053236][ T10] usb 6-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 1451.249327][ T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1451.655320][ T10] usb 6-1: Product: syz [ 1451.683201][ T10] usb 6-1: Manufacturer: syz [ 1451.696084][ T10] usb 6-1: SerialNumber: syz [ 1451.734180][ T10] usb 6-1: config 0 descriptor?? [ 1453.226427][ T10] gs_usb 6-1:0.0: Couldn't send data format (err=-110) [ 1453.766762][T17255] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1453.767126][ T10] gs_usb 6-1:0.0: probe with driver gs_usb failed with error -110 [ 1453.846169][T17255] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 1453.860637][T17255] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1453.886520][T17255] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1453.954900][T11417] Bluetooth: hci3: command 0x0c1a tx timeout [ 1453.962479][ T10] usb 6-1: USB disconnect, device number 36 [ 1455.177816][T17284] netlink: 'syz.4.2614': attribute type 4 has an invalid length. [ 1455.185701][T17284] netlink: 17 bytes leftover after parsing attributes in process `syz.4.2614'. [ 1455.883169][T11417] Bluetooth: hci0: command 0x0406 tx timeout [ 1455.889292][T11417] Bluetooth: hci5: command 0x0419 tx timeout [ 1455.953425][T11417] Bluetooth: hci4: command 0x0405 tx timeout [ 1462.537059][T17339] netlink: 'syz.4.2629': attribute type 4 has an invalid length. [ 1462.545156][T17339] netlink: 17 bytes leftover after parsing attributes in process `syz.4.2629'. [ 1464.813131][ T5885] usb 8-1: new high-speed USB device number 17 using dummy_hcd [ 1466.160140][ T5885] usb 8-1: too many configurations: 9, using maximum allowed: 8 [ 1466.563097][ T5885] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1466.572015][ T5885] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1466.682974][ T5885] usb 8-1: config 0 interface 0 has no altsetting 0 [ 1466.705764][ T5885] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1466.746612][ T5885] usb 8-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 1468.227940][ T5885] usb 8-1: config 0 interface 0 has no altsetting 0 [ 1468.239613][ T5885] usb 8-1: unable to read config index 2 descriptor/start: -71 [ 1468.248523][ T5885] usb 8-1: can't read configurations, error -71 [ 1470.547333][T17388] netlink: 'syz.0.2640': attribute type 4 has an invalid length. [ 1470.555181][T17388] netlink: 17 bytes leftover after parsing attributes in process `syz.0.2640'. [ 1472.219916][T17367] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1472.250928][T17367] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 1472.261879][T17367] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1472.301103][T17397] netlink: 14 bytes leftover after parsing attributes in process `syz.4.2643'. [ 1472.310401][T17367] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1473.741586][T11417] Bluetooth: hci3: command 0x0c1a tx timeout [ 1474.063143][ T5914] usb 1-1: new high-speed USB device number 40 using dummy_hcd [ 1474.281403][ T5914] usb 1-1: Using ep0 maxpacket: 16 [ 1474.323686][T11417] Bluetooth: hci0: command 0x0406 tx timeout [ 1474.330282][T11417] Bluetooth: hci5: command 0x0419 tx timeout [ 1474.353416][ T5834] Bluetooth: hci4: command 0x0405 tx timeout [ 1474.420765][ T5914] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1474.563211][ T10] usb 7-1: new high-speed USB device number 15 using dummy_hcd [ 1474.585968][ T5914] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 1474.642079][ T5914] usb 1-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 1474.652012][ T5914] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1474.671350][ T5914] usb 1-1: config 0 descriptor?? [ 1474.696597][ T5914] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 1474.933852][ T10] usb 7-1: Using ep0 maxpacket: 8 [ 1475.796385][ T10] usb 7-1: no configurations [ 1475.804897][ T10] usb 7-1: can't read configurations, error -22 [ 1476.462710][ T10] usb 7-1: new high-speed USB device number 16 using dummy_hcd [ 1476.621330][ T5885] usb 1-1: USB disconnect, device number 40 [ 1476.653263][ T5914] usb 5-1: new high-speed USB device number 38 using dummy_hcd [ 1476.775255][ T10] usb 7-1: Using ep0 maxpacket: 8 [ 1476.782403][ T10] usb 7-1: no configurations [ 1476.793698][ T10] usb 7-1: can't read configurations, error -22 [ 1477.749931][ T10] usb usb7-port1: attempt power cycle [ 1478.286050][ T5914] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21 [ 1478.330504][ T5914] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1478.344399][ T5914] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1478.358193][ T5914] usb 5-1: config 0 descriptor?? [ 1478.398937][ T5914] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 1479.370850][ T5885] usb 1-1: new high-speed USB device number 41 using dummy_hcd [ 1480.228504][ T5885] usb 1-1: Using ep0 maxpacket: 32 [ 1481.373639][ T5885] usb 1-1: device descriptor read/all, error -71 [ 1483.134750][ T5957] usb 5-1: USB disconnect, device number 38 [ 1483.423184][ T5939] usb 6-1: new high-speed USB device number 37 using dummy_hcd [ 1483.494236][ T5957] usb 5-1: new high-speed USB device number 39 using dummy_hcd [ 1483.647229][ T5939] usb 6-1: Using ep0 maxpacket: 32 [ 1483.742431][ T5957] usb 5-1: Using ep0 maxpacket: 16 [ 1483.936282][ T5939] usb 6-1: config 0 interface 0 has no altsetting 0 [ 1483.961460][ T5957] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 1483.979639][ T5939] usb 6-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 1483.988959][ T5939] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1483.997239][ T5957] usb 5-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 1484.013122][ T5939] usb 6-1: Product: syz [ 1484.017301][ T5939] usb 6-1: Manufacturer: syz [ 1484.021899][ T5939] usb 6-1: SerialNumber: syz [ 1484.026563][ T5957] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1484.141698][ T5939] usb 6-1: config 0 descriptor?? [ 1484.160439][ T5957] usb 5-1: config 0 descriptor?? [ 1484.403127][ T5957] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 1484.484387][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1484.503635][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 1484.555224][ T5939] gs_usb 6-1:0.0: Couldn't send data format (err=-71) [ 1484.578524][ T5939] gs_usb 6-1:0.0: probe with driver gs_usb failed with error -71 [ 1484.698512][ T5939] usb 6-1: USB disconnect, device number 37 [ 1485.649137][T12878] usb 8-1: new high-speed USB device number 19 using dummy_hcd [ 1485.915760][T17491] netlink: 'syz.4.2662': attribute type 2 has an invalid length. [ 1485.926593][T17491] netlink: 244 bytes leftover after parsing attributes in process `syz.4.2662'. [ 1485.953306][T12878] usb 8-1: Using ep0 maxpacket: 8 [ 1486.004524][T12878] usb 8-1: no configurations [ 1486.055148][T12878] usb 8-1: can't read configurations, error -22 [ 1487.484338][T12878] usb 8-1: new high-speed USB device number 20 using dummy_hcd [ 1487.890006][ T5914] usb 5-1: USB disconnect, device number 39 [ 1487.943141][ T5885] usb 7-1: new high-speed USB device number 18 using dummy_hcd [ 1488.446073][ T5885] usb 7-1: Using ep0 maxpacket: 32 [ 1488.455724][ T5885] usb 7-1: config 0 has an invalid interface number: 184 but max is 0 [ 1488.610615][ T5885] usb 7-1: config 0 has no interface number 0 [ 1488.630935][ T5885] usb 7-1: config 0 interface 184 has no altsetting 0 [ 1488.932276][ T5885] usb 7-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 1488.964355][ T5885] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1488.983236][ T5885] usb 7-1: Product: syz [ 1488.992182][ T5885] usb 7-1: Manufacturer: syz [ 1490.297967][ T5885] usb 7-1: SerialNumber: syz [ 1490.594032][ T5885] usb 7-1: config 0 descriptor?? [ 1490.616989][ T5885] usb 7-1: can't set config #0, error -71 [ 1490.627890][ T5885] usb 7-1: USB disconnect, device number 18 [ 1491.043222][ T5885] usb 7-1: new high-speed USB device number 19 using dummy_hcd [ 1491.063206][ T5892] usb 1-1: new high-speed USB device number 43 using dummy_hcd [ 1491.213409][ T5885] usb 7-1: Using ep0 maxpacket: 32 [ 1491.340390][ T5892] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1491.419194][ T5892] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1491.671843][ T5892] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 1491.681217][ T5892] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 1491.689293][ T5892] usb 1-1: SerialNumber: syz [ 1491.706828][ T5885] usb 7-1: config 0 interface 0 has no altsetting 0 [ 1491.717000][ T5885] usb 7-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 1491.733317][ T5885] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1491.741365][ T5885] usb 7-1: Product: syz [ 1491.746041][ T5885] usb 7-1: Manufacturer: syz [ 1491.750675][ T5885] usb 7-1: SerialNumber: syz [ 1491.762252][ T5885] usb 7-1: config 0 descriptor?? [ 1491.767284][ T5939] usb 5-1: new high-speed USB device number 40 using dummy_hcd [ 1491.963259][ T5939] usb 5-1: Using ep0 maxpacket: 8 [ 1491.987450][ T5939] usb 5-1: no configurations [ 1491.992929][ T5939] usb 5-1: can't read configurations, error -22 [ 1492.044502][ T5885] gs_usb 7-1:0.0: Couldn't send data format (err=-71) [ 1492.051398][ T5885] gs_usb 7-1:0.0: probe with driver gs_usb failed with error -71 [ 1492.208455][ T5939] usb 5-1: new high-speed USB device number 41 using dummy_hcd [ 1492.533236][ T5939] usb 5-1: Using ep0 maxpacket: 8 [ 1492.582776][ T5939] usb 5-1: no configurations [ 1493.098945][ T5939] usb 5-1: can't read configurations, error -22 [ 1493.121830][ T5939] usb usb5-port1: attempt power cycle [ 1493.210811][ T5892] usb 1-1: 0:2 : does not exist [ 1493.324808][ T5892] usb 1-1: USB disconnect, device number 43 [ 1493.332048][ T5885] usb 7-1: USB disconnect, device number 19 [ 1493.472856][T17472] udevd[17472]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1493.587790][ T5939] usb 5-1: new high-speed USB device number 42 using dummy_hcd [ 1493.675671][ T43] usb 6-1: new high-speed USB device number 38 using dummy_hcd [ 1493.868632][ T5939] usb 5-1: Using ep0 maxpacket: 8 [ 1493.938595][ T5939] usb 5-1: no configurations [ 1493.949771][ T5939] usb 5-1: can't read configurations, error -22 [ 1494.028467][ T43] usb 6-1: Using ep0 maxpacket: 16 [ 1494.070291][ T43] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 1494.098350][ T5939] usb 5-1: new high-speed USB device number 43 using dummy_hcd [ 1494.116267][ T43] usb 6-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 1494.447934][ T43] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1494.500580][ T43] usb 6-1: config 0 descriptor?? [ 1495.433058][ T5939] usb 5-1: device not accepting address 43, error -71 [ 1496.143244][ T5939] usb usb5-port1: unable to enumerate USB device [ 1496.184285][ T43] usbhid 6-1:0.0: couldn't find an input interrupt endpoint [ 1496.975759][T17576] netlink: 'syz.5.2684': attribute type 2 has an invalid length. [ 1496.983681][T17576] netlink: 244 bytes leftover after parsing attributes in process `syz.5.2684'. [ 1498.408832][T17589] loop7: detected capacity change from 0 to 512 [ 1498.482157][T17593] loop4: detected capacity change from 0 to 512 [ 1498.491745][T17589] EXT4-fs: Ignoring removed mblk_io_submit option [ 1498.499028][ T5939] usb 6-1: USB disconnect, device number 38 [ 1498.537391][T17589] ext4: Unknown parameter 'seclabel' [ 1498.618310][T17593] EXT4-fs (loop4): blocks per group (35) and clusters per group (32768) inconsistent [ 1499.755887][T17602] loop6: detected capacity change from 0 to 1024 [ 1499.763336][T17602] EXT4-fs: Ignoring removed i_version option [ 1499.781241][T17602] EXT4-fs (loop6): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 1499.839122][T17602] EXT4-fs error (device loop6): ext4_read_block_bitmap_nowait:483: comm syz.6.2699: Invalid block bitmap block 0 in block_group 0 [ 1499.855622][T17602] Quota error (device loop6): write_blk: dquota write failed [ 1499.866790][T17602] Quota error (device loop6): qtree_write_dquot: Error -117 occurred while creating quota [ 1499.877011][T17602] EXT4-fs error (device loop6): ext4_acquire_dquot:6933: comm syz.6.2699: Failed to acquire dquot type 0 [ 1499.898774][T17602] EXT4-fs error (device loop6): ext4_free_blocks:6587: comm syz.6.2699: Freeing blocks not in datazone - block = 0, count = 4096 [ 1499.918488][T17602] EXT4-fs error (device loop6): ext4_read_inode_bitmap:139: comm syz.6.2699: Invalid inode bitmap blk 0 in block_group 0 [ 1499.933103][T17602] EXT4-fs error (device loop6) in ext4_free_inode:361: Corrupt filesystem [ 1499.942634][T17602] EXT4-fs (loop6): 1 orphan inode deleted [ 1499.950140][T17602] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1499.971249][T17602] usb usb1: usbfs: process 17602 (syz.6.2699) did not claim interface 0 before use [ 1499.984705][ T6258] Quota error (device loop6): do_check_range: Getting block 0 out of range 1-8 [ 1500.014010][ T6258] EXT4-fs error (device loop6): ext4_release_dquot:6969: comm kworker/u8:9: Failed to release dquot type 0 [ 1500.061534][ T30] audit: type=1326 audit(1751433679.077:502): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17608 comm="syz.5.2702" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4079b8e929 code=0x7ffc0000 [ 1500.095345][ T30] audit: type=1326 audit(1751433679.077:503): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17608 comm="syz.5.2702" exe="/root/syz-executor" sig=0 arch=c000003e syscall=121 compat=0 ip=0x7f4079b8e929 code=0x7ffc0000 [ 1500.119196][ T30] audit: type=1326 audit(1751433679.077:504): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17608 comm="syz.5.2702" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4079b8e929 code=0x7ffc0000 [ 1500.214707][ T30] audit: type=1326 audit(1751433679.237:505): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17615 comm="syz.5.2705" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4079b8e929 code=0x7ffc0000 [ 1500.269881][ T30] audit: type=1326 audit(1751433679.257:506): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17615 comm="syz.5.2705" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4079b8e929 code=0x7ffc0000 [ 1500.297255][ T30] audit: type=1326 audit(1751433679.257:507): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17615 comm="syz.5.2705" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f4079b90847 code=0x7ffc0000 [ 1500.319828][ T30] audit: type=1326 audit(1751433679.257:508): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17615 comm="syz.5.2705" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4079b8e929 code=0x7ffc0000 [ 1500.618941][T13171] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1501.580740][T17626] loop4: detected capacity change from 0 to 512 [ 1502.244398][T17626] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1502.257490][T17626] ext4 filesystem being mounted at /558/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 1503.091364][ T5840] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1503.159705][T17641] loop6: detected capacity change from 0 to 512 [ 1503.289947][T17641] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 1503.305185][T17641] ext4 filesystem being mounted at /198/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1503.518204][T17641] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 1503.862219][T17656] loop4: detected capacity change from 0 to 16 [ 1503.935955][T17656] erofs (device loop4): mounted with root inode @ nid 36. [ 1504.336650][T17671] 9pnet_fd: Insufficient options for proto=fd [ 1504.376220][T17671] syz_tun: entered allmulticast mode [ 1504.518392][T17675] loop2: detected capacity change from 0 to 7 [ 1504.528363][T17677] loop4: detected capacity change from 0 to 512 [ 1504.554231][T17675] Dev loop2: unable to read RDB block 7 [ 1504.589424][T17675] loop2: AHDI p1 p2 p3 [ 1504.613192][T17675] loop2: partition table partially beyond EOD, truncated [ 1504.648542][T17675] loop2: p1 start 1601398130 is beyond EOD, truncated [ 1504.694346][T17675] loop2: p2 start 1702059890 is beyond EOD, truncated [ 1505.101749][T17661] syz_tun: left allmulticast mode [ 1505.836164][ T5892] usb 1-1: new full-speed USB device number 44 using dummy_hcd [ 1506.125399][ T5892] usb 1-1: unable to get BOS descriptor or descriptor too short [ 1506.143840][ T5892] usb 1-1: not running at top speed; connect to a high speed hub [ 1506.167733][ T5892] usb 1-1: config 12 has an invalid interface number: 144 but max is 0 [ 1506.181410][ T5892] usb 1-1: config 12 has no interface number 0 [ 1506.195070][ T5892] usb 1-1: config 12 interface 144 has no altsetting 0 [ 1506.213423][ T5892] usb 1-1: New USB device found, idVendor=07fd, idProduct=0004, bcdDevice=89.59 [ 1506.228949][ T5892] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1506.246697][ T5892] usb 1-1: Product: syz [ 1506.255445][ T5892] usb 1-1: Manufacturer: syz [ 1506.266388][ T5892] usb 1-1: SerialNumber: syz [ 1507.394320][ T5892] usb 1-1: USB disconnect, device number 44 [ 1507.412931][T17708] loop5: detected capacity change from 0 to 512 [ 1507.497215][ T5939] usb 8-1: new high-speed USB device number 21 using dummy_hcd [ 1507.526171][T17708] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1507.564438][T17708] ext4 filesystem being mounted at /364/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1507.895421][ T5939] usb 8-1: config 0 interface 0 altsetting 15 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1507.911851][ T5939] usb 8-1: config 0 interface 0 has no altsetting 0 [ 1508.676083][ T5939] usb 8-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00 [ 1508.685423][ T5939] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1509.127448][ T9523] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1509.129641][ T5939] usb 8-1: config 0 descriptor?? [ 1509.182063][ T5939] usb 8-1: can't set config #0, error -71 [ 1509.215353][ T5939] usb 8-1: USB disconnect, device number 21 [ 1509.367765][T17720] loop0: detected capacity change from 0 to 128 [ 1509.489166][T17720] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 1509.510056][T17720] ext4 filesystem being mounted at /568/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1509.934020][T17472] udevd[17472]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:12.144/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1510.486001][T17725] loop5: detected capacity change from 0 to 256 [ 1510.606304][T17725] exFAT-fs (loop5): failed to load upcase table (idx : 0x000104d0, chksum : 0xda218cab, utbl_chksum : 0xe619d30d) [ 1510.815272][ T5835] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 1510.872669][T17716] loop4: detected capacity change from 0 to 40427 [ 1510.960461][T17716] F2FS-fs (loop4): invalid crc value [ 1511.163455][T17732] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2738'. [ 1512.112393][T17742] hub 2-0:1.0: USB hub found [ 1512.120395][T17742] hub 2-0:1.0: 1 port detected [ 1512.570803][T17716] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4 [ 1512.972800][T17752] loop7: detected capacity change from 0 to 256 [ 1512.989155][T17752] exFAT-fs (loop7): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 1513.011986][T17752] exFAT-fs (loop7): Medium has reported failures. Some data may be lost. [ 1513.047226][T17752] exFAT-fs (loop7): failed to load upcase table (idx : 0x0000ff98, chksum : 0xc64c1d22, utbl_chksum : 0xe619d30d) [ 1515.270210][ T30] kauditd_printk_skb: 15 callbacks suppressed [ 1515.270227][ T30] audit: type=1326 audit(1751433694.287:524): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17771 comm="syz.6.2754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48bcf8e929 code=0x7ffc0000 [ 1515.357683][T17774] loop7: detected capacity change from 0 to 256 [ 1515.396833][T17774] exfat: Deprecated parameter 'utf8' [ 1515.402353][ T30] audit: type=1326 audit(1751433694.317:525): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17771 comm="syz.6.2754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f48bcf8e929 code=0x7ffc0000 [ 1515.425397][T17774] exfat: Deprecated parameter 'namecase' [ 1515.431152][T17774] exfat: Deprecated parameter 'namecase' [ 1515.458017][T17774] exfat: Deprecated parameter 'utf8' [ 1515.484273][ T30] audit: type=1326 audit(1751433694.317:526): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17771 comm="syz.6.2754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48bcf8e929 code=0x7ffc0000 [ 1515.524508][T17774] exFAT-fs (loop7): failed to load upcase table (idx : 0x00012153, chksum : 0xc9bffc20, utbl_chksum : 0xe619d30d) [ 1515.577035][ T30] audit: type=1326 audit(1751433694.327:527): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17771 comm="syz.6.2754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f48bcf8e929 code=0x7ffc0000 [ 1515.651095][ T30] audit: type=1326 audit(1751433694.327:528): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17771 comm="syz.6.2754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48bcf8e929 code=0x7ffc0000 [ 1515.756001][ T30] audit: type=1326 audit(1751433694.327:529): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17771 comm="syz.6.2754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f48bcf8e929 code=0x7ffc0000 [ 1515.868311][ T30] audit: type=1326 audit(1751433694.327:530): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17771 comm="syz.6.2754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48bcf8e929 code=0x7ffc0000 [ 1515.963104][ T30] audit: type=1326 audit(1751433694.327:531): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17771 comm="syz.6.2754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f48bcf8e929 code=0x7ffc0000 [ 1516.030031][ T30] audit: type=1326 audit(1751433694.327:532): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17771 comm="syz.6.2754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48bcf8e929 code=0x7ffc0000 [ 1516.087777][ T30] audit: type=1326 audit(1751433694.337:533): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17771 comm="syz.6.2754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=285 compat=0 ip=0x7f48bcf8e929 code=0x7ffc0000 [ 1516.802780][T17763] loop0: detected capacity change from 0 to 40427 [ 1516.872035][T17763] F2FS-fs (loop0): Invalid log blocks per segment (83886089) [ 1516.887431][T17763] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock [ 1516.968086][T17763] F2FS-fs (loop0): invalid crc value [ 1517.235173][T17796] netlink: 172 bytes leftover after parsing attributes in process `syz.7.2760'. [ 1517.277333][T17796] netlink: 172 bytes leftover after parsing attributes in process `syz.7.2760'. [ 1517.350113][T17763] F2FS-fs (loop0): Try to recover 2th superblock, ret: 0 [ 1517.398260][T17763] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 1517.419797][T17776] loop5: detected capacity change from 0 to 40427 [ 1517.464366][T17776] F2FS-fs (loop5): Image doesn't support compression [ 1517.488373][T17776] F2FS-fs (loop5): Unrecognized mount option "whint_mode=fs-based" or missing value [ 1517.489248][T17782] loop6: detected capacity change from 0 to 40427 [ 1517.603986][T17782] F2FS-fs (loop6): invalid crc value [ 1518.006115][T17806] bridge0: port 1(bridge_slave_0) entered disabled state [ 1518.024306][T17806] bridge0: port 2(bridge_slave_1) entered disabled state [ 1518.569175][T17812] loop5: detected capacity change from 0 to 512 [ 1518.662453][T17812] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 1518.707244][T17812] EXT4-fs (loop5): orphan cleanup on readonly fs [ 1518.721849][T17812] EXT4-fs error (device loop5): ext4_acquire_dquot:6933: comm syz.5.2762: Failed to acquire dquot type 1 [ 1518.755139][T17812] EXT4-fs (loop5): 1 truncate cleaned up [ 1518.767881][T17812] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 1519.543525][T17782] F2FS-fs (loop6): Start checkpoint disabled! [ 1519.587338][T17782] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e6 [ 1519.600832][T17820] overlayfs: missing 'lowerdir' [ 1520.488367][ T9523] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1520.573942][T17823] netlink: 96 bytes leftover after parsing attributes in process `syz.7.2769'. [ 1521.801774][T17841] loop6: detected capacity change from 0 to 128 [ 1522.978068][T17841] FAT-fs (loop6): error, invalid access to FAT (entry 0x0fff0101) [ 1523.052658][T17841] FAT-fs (loop6): Filesystem has been set read-only [ 1523.916862][T17850] netlink: 'syz.6.2767': attribute type 4 has an invalid length. [ 1524.171555][T17853] loop0: detected capacity change from 0 to 256 [ 1524.179719][T17853] vfat: Unknown parameter 'syble' [ 1524.423989][T12878] usb 1-1: new high-speed USB device number 45 using dummy_hcd [ 1524.587141][T12878] usb 1-1: Using ep0 maxpacket: 32 [ 1524.618902][T12878] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1524.645152][T17865] binder: 17863:17865 ioctl c0306201 200000000040 returned -14 [ 1524.666229][T12878] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1524.696591][T12878] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 1524.726378][T12878] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1524.742386][T12878] usb 1-1: config 0 descriptor?? [ 1524.760073][T12878] hub 1-1:0.0: USB hub found [ 1524.966391][T12878] hub 1-1:0.0: 1 port detected [ 1525.132039][T17868] loop4: detected capacity change from 0 to 1024 [ 1525.207655][T17868] EXT4-fs: Ignoring removed bh option [ 1525.245965][T17868] EXT4-fs: inline encryption not supported [ 1525.312630][T17868] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 1525.365211][T17868] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000] [ 1525.410606][T12878] usb 1-1: USB disconnect, device number 45 [ 1525.450374][T17868] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #3: block 2: comm syz.4.2782: lblock 2 mapped to illegal pblock 2 (length 1) [ 1525.583549][T17868] __quota_error: 17 callbacks suppressed [ 1525.583567][T17868] Quota error (device loop4): qtree_write_dquot: dquota write failed [ 1525.630079][T17868] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #3: block 48: comm syz.4.2782: lblock 0 mapped to illegal pblock 48 (length 1) [ 1525.687514][T17868] Quota error (device loop4): v2_write_file_info: Can't write info structure [ 1525.710165][T17868] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.2782: Failed to acquire dquot type 0 [ 1525.796100][T17868] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6254: Corrupt filesystem [ 1525.810263][T17868] EXT4-fs error (device loop4): ext4_evict_inode:254: inode #11: comm syz.4.2782: mark_inode_dirty error [ 1525.871739][T17868] EXT4-fs warning (device loop4): ext4_evict_inode:257: couldn't mark inode dirty (err -117) [ 1526.120621][T17868] EXT4-fs (loop4): 1 orphan inode deleted [ 1526.364157][T15519] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #3: block 1: comm kworker/u8:3: lblock 1 mapped to illegal pblock 1 (length 1) [ 1526.384530][T17868] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1526.424098][T15519] Quota error (device loop4): remove_tree: Can't read quota data block 1 [ 1526.456119][T15519] EXT4-fs error (device loop4): ext4_release_dquot:6969: comm kworker/u8:3: Failed to release dquot type 0 [ 1526.480788][T17868] EXT4-fs: Cannot change journaled quota options when quota turned on [ 1526.579378][T17868] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #2: block 16: comm syz.4.2782: lblock 0 mapped to illegal pblock 16 (length 1) [ 1526.911102][ T5840] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1526.938135][ T30] audit: type=1326 audit(1751433705.957:549): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17896 comm="syz.0.2789" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa2f578e929 code=0x7ffc0000 [ 1526.971275][ T5840] EXT4-fs error (device loop4): __ext4_get_inode_loc:4791: comm syz-executor: Invalid inode table block 1 in block_group 0 [ 1527.015940][ T30] audit: type=1326 audit(1751433705.987:550): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17896 comm="syz.0.2789" exe="/root/syz-executor" sig=0 arch=c000003e syscall=92 compat=0 ip=0x7fa2f578e929 code=0x7ffc0000 [ 1527.019807][ T5840] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6254: Corrupt filesystem [ 1527.079123][ T5840] EXT4-fs error (device loop4): ext4_quota_off:7217: inode #3: comm syz-executor: mark_inode_dirty error [ 1527.135553][ T30] audit: type=1326 audit(1751433705.987:551): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17896 comm="syz.0.2789" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa2f578e929 code=0x7ffc0000 [ 1527.814602][T17913] loop7: detected capacity change from 0 to 128 [ 1529.924011][T17913] EXT4-fs (loop7): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 1529.938259][T17913] ext4 filesystem being mounted at /133/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1529.992853][T17912] netlink: 32 bytes leftover after parsing attributes in process `syz.7.2794'. [ 1530.152114][T17926] loop5: detected capacity change from 0 to 512 [ 1530.236502][T17926] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 1530.373467][T17926] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 1530.388026][T14994] EXT4-fs (loop7): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 1530.414779][ T30] audit: type=1326 audit(1751433709.437:552): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17927 comm="syz.4.2801" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2dac38e929 code=0x7ffc0000 [ 1530.473466][T17926] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a00ec019, mo2=0002] [ 1530.482678][T17926] System zones: 1-12 [ 1530.489704][ T30] audit: type=1326 audit(1751433709.437:553): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17927 comm="syz.4.2801" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2dac38e929 code=0x7ffc0000 [ 1530.532839][T17926] EXT4-fs warning (device loop5): ext4_expand_extra_isize_ea:2848: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 1530.533184][ T30] audit: type=1326 audit(1751433709.437:554): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17927 comm="syz.4.2801" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2dac38e929 code=0x7ffc0000 [ 1530.574128][ T30] audit: type=1326 audit(1751433709.437:555): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17927 comm="syz.4.2801" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2dac38e929 code=0x7ffc0000 [ 1530.600511][T17926] EXT4-fs (loop5): 1 truncate cleaned up [ 1530.603990][ T30] audit: type=1326 audit(1751433709.467:556): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17927 comm="syz.4.2801" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2dac38e929 code=0x7ffc0000 [ 1530.624710][T17926] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1532.101339][ T9523] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1532.105175][T17949] bridge1: entered allmulticast mode [ 1533.278617][T11417] Bluetooth: hci2: command 0x1003 tx timeout [ 1533.284516][ T5834] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 1533.483730][T17960] loop5: detected capacity change from 0 to 512 [ 1534.342342][T17960] EXT4-fs (loop5): Test dummy encryption mode enabled [ 1534.352544][T17960] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 1534.373121][ T5939] usb 7-1: new full-speed USB device number 20 using dummy_hcd [ 1534.419126][T17960] EXT4-fs (loop5): SIPHASH is not a valid default hash value [ 1536.829309][T17983] loop4: detected capacity change from 0 to 256 [ 1536.836659][T17983] exfat: Unknown parameter 'ÿÿÿÿÿÿÿÿ' [ 1537.194637][T17993] loop5: detected capacity change from 0 to 512 [ 1537.231807][T17993] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 1537.320263][T17993] EXT4-fs (loop5): orphan cleanup on readonly fs [ 1537.345988][T17993] Quota error (device loop5): do_check_range: Getting block 196613 out of range 1-5 [ 1537.356501][T17993] Quota error (device loop5): qtree_read_dquot: Can't read quota structure for id 0 [ 1537.365988][T17993] EXT4-fs error (device loop5): ext4_acquire_dquot:6933: comm syz.5.2817: Failed to acquire dquot type 1 [ 1537.391394][T17993] EXT4-fs (loop5): 1 truncate cleaned up [ 1537.406230][T17993] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 1539.531524][ T9523] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1539.592318][T18010] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2824'. [ 1543.802412][T18070] hub 2-0:1.0: USB hub found [ 1543.808631][T18070] hub 2-0:1.0: 1 port detected [ 1545.124376][T17633] Bluetooth: hci2: Frame reassembly failed (-84) [ 1545.886955][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1545.899735][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 1545.972428][ T30] audit: type=1326 audit(1751433724.987:557): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18080 comm="syz.0.2844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa2f578e929 code=0x7ffc0000 [ 1545.995241][ T30] audit: type=1326 audit(1751433724.987:558): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18080 comm="syz.0.2844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa2f578e929 code=0x7ffc0000 [ 1546.017781][ T30] audit: type=1326 audit(1751433724.997:559): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18080 comm="syz.0.2844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fa2f578e929 code=0x7ffc0000 [ 1546.040583][ T30] audit: type=1326 audit(1751433724.997:560): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18080 comm="syz.0.2844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa2f578e929 code=0x7ffc0000 [ 1546.063535][ T30] audit: type=1326 audit(1751433724.997:561): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18080 comm="syz.0.2844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa2f578e929 code=0x7ffc0000 [ 1546.086997][ T30] audit: type=1326 audit(1751433724.997:562): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18080 comm="syz.0.2844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=50 compat=0 ip=0x7fa2f578e929 code=0x7ffc0000 [ 1546.109409][ T30] audit: type=1326 audit(1751433724.997:563): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18080 comm="syz.0.2844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa2f578e929 code=0x7ffc0000 [ 1546.132070][ T30] audit: type=1326 audit(1751433724.997:564): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18080 comm="syz.0.2844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa2f578e929 code=0x7ffc0000 [ 1546.797636][T18087] loop7: detected capacity change from 0 to 512 [ 1546.808709][T18087] EXT4-fs: Ignoring removed oldalloc option [ 1547.245390][T11417] Bluetooth: hci2: command 0x1003 tx timeout [ 1547.303230][ T5834] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 1547.677147][T18087] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 1547.696782][T18087] EXT4-fs (loop7): orphan cleanup on readonly fs [ 1547.709150][T18087] Quota error (device loop7): do_check_range: Getting block 196613 out of range 1-5 [ 1547.719152][T18087] Quota error (device loop7): qtree_read_dquot: Can't read quota structure for id 0 [ 1547.728635][T18087] EXT4-fs error (device loop7): ext4_acquire_dquot:6933: comm syz.7.2846: Failed to acquire dquot type 1 [ 1547.746292][T18087] EXT4-fs (loop7): 1 truncate cleaned up [ 1547.762260][T18087] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 1548.231496][T18090] loop4: detected capacity change from 0 to 256 [ 1548.317366][T18090] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0xda218cab, utbl_chksum : 0xe619d30d) [ 1548.389888][ T5885] hid-generic 0003:0004:0000.0011: unknown main item tag 0x0 [ 1548.431435][ T5885] hid-generic 0003:0004:0000.0011: unknown main item tag 0x0 [ 1548.455677][ T5885] hid-generic 0003:0004:0000.0011: unknown main item tag 0x0 [ 1548.513597][ T5885] hid-generic 0003:0004:0000.0011: hidraw0: USB HID v0.00 Device [syz0] on syz1 [ 1548.856940][T18093] fido_id[18093]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 1548.975723][T14994] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1550.347792][T18113] loop5: detected capacity change from 0 to 512 [ 1550.415180][T18113] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 1550.512502][T18113] EXT4-fs (loop5): orphan cleanup on readonly fs [ 1550.551562][T18113] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm #! ./file0 [ 1550.551562][T18113] : bg 0: block 248: padding at end of block bitmap is not set [ 1550.595935][T18113] EXT4-fs error (device loop5): ext4_acquire_dquot:6933: comm #! ./file0 [ 1550.595935][T18113] : Failed to acquire dquot type 1 [ 1550.632280][T18113] EXT4-fs (loop5): 1 truncate cleaned up [ 1550.640432][T18113] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 1550.744416][T18120] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2851'. [ 1550.770003][T18120] netlink: 24 bytes leftover after parsing attributes in process `syz.6.2851'. [ 1550.926454][T18124] loop4: detected capacity change from 0 to 128 [ 1552.786231][ T5885] usb 6-1: new full-speed USB device number 39 using dummy_hcd [ 1552.965464][ T5885] usb 6-1: config 0 has an invalid interface number: 46 but max is 0 [ 1553.170091][T18124] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 1553.203352][T18124] ext4 filesystem being mounted at /589/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1553.252911][ T5885] usb 6-1: config 0 has no interface number 0 [ 1553.263680][ T5885] usb 6-1: config 0 interface 46 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 1553.274685][ T5885] usb 6-1: config 0 interface 46 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1553.335743][T18117] tipc: Enabled bearer , priority 0 [ 1553.383055][ T6259] tipc: Resetting bearer [ 1553.414765][T18114] tipc: Resetting bearer [ 1553.512952][ T5840] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 1554.590075][T17965] tipc: Node number set to 2477793716 [ 1555.571109][T18135] loop4: detected capacity change from 0 to 2048 [ 1555.578331][T18135] ext4: Unknown parameter 'noacl' [ 1555.603577][T18135] hub 2-0:1.0: USB hub found [ 1555.609004][T18135] hub 2-0:1.0: 1 port detected [ 1558.747059][ T5885] usb 6-1: string descriptor 0 read error: -32 [ 1558.756507][ T5885] usb 6-1: New USB device found, idVendor=045a, idProduct=5210, bcdDevice= 1.01 [ 1558.767258][ T5885] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1558.783519][ T5885] usb 6-1: config 0 descriptor?? [ 1558.789126][ T5885] usb 6-1: can't set config #0, error -32 [ 1559.448504][T18145] input: syz1 as /devices/virtual/input/input61 [ 1560.183374][T18114] tipc: Disabling bearer [ 1560.220885][T18146] batadv_slave_1: entered promiscuous mode [ 1560.232890][T18147] batadv_slave_1: left promiscuous mode [ 1561.724815][T18163] syz.7.2867 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 1561.738009][T17965] usb 6-1: USB disconnect, device number 39 [ 1562.007431][ T9523] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1563.057839][T18167] loop6: detected capacity change from 0 to 256 [ 1563.232722][T18167] FAT-fs (loop6): Directory bread(block 64) failed [ 1563.280585][T18169] loop4: detected capacity change from 0 to 512 [ 1563.290893][T18167] FAT-fs (loop6): Directory bread(block 65) failed [ 1563.343326][T18167] FAT-fs (loop6): Directory bread(block 66) failed [ 1563.365168][T18169] EXT4-fs: Ignoring removed i_version option [ 1563.400354][T18167] FAT-fs (loop6): Directory bread(block 67) failed [ 1563.668114][T18167] FAT-fs (loop6): Directory bread(block 68) failed [ 1563.689729][T18169] EXT4-fs (loop4): orphan cleanup on readonly fs [ 1563.806368][T18174] loop5: detected capacity change from 0 to 128 [ 1563.962277][T18174] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 1563.983329][T18174] ext4 filesystem being mounted at /390/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1564.157561][T18174] netlink: 'syz.5.2868': attribute type 12 has an invalid length. [ 1564.294981][T18167] FAT-fs (loop6): Directory bread(block 69) failed [ 1564.763361][T18167] FAT-fs (loop6): Directory bread(block 70) failed [ 1564.792507][T18167] FAT-fs (loop6): Directory bread(block 71) failed [ 1564.823902][T18169] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.2870: bg 0: block 131: padding at end of block bitmap is not set [ 1564.855971][T18167] FAT-fs (loop6): Directory bread(block 72) failed [ 1564.900551][T18167] FAT-fs (loop6): Directory bread(block 73) failed [ 1564.910725][T18169] EXT4-fs (loop4): Remounting filesystem read-only [ 1564.966265][T18169] EXT4-fs (loop4): 1 truncate cleaned up [ 1565.023354][T18169] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 1566.022873][ T9523] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 1567.178150][ T6258] kworker/u8:9: attempt to access beyond end of device [ 1567.178150][ T6258] loop6: rw=1, sector=1224, nr_sectors = 32 limit=256 [ 1567.252938][ T6258] kworker/u8:9: attempt to access beyond end of device [ 1567.252938][ T6258] loop6: rw=1, sector=1288, nr_sectors = 68 limit=256 [ 1567.510312][ T5840] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1567.700450][T18188] loop5: detected capacity change from 0 to 16 [ 1567.740674][T18188] erofs (device loop5): mounted with root inode @ nid 36. [ 1567.803722][ T30] kauditd_printk_skb: 26 callbacks suppressed [ 1567.803741][ T30] audit: type=1326 audit(1751433746.797:589): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18189 comm="syz.6.2873" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48bcf8e929 code=0x7ffc0000 [ 1568.056897][ T30] audit: type=1326 audit(1751433746.867:590): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18189 comm="syz.6.2873" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48bcf8e929 code=0x7ffc0000 [ 1568.252261][ T30] audit: type=1326 audit(1751433746.877:591): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18189 comm="syz.6.2873" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f48bcf90847 code=0x7ffc0000 [ 1568.275398][ T30] audit: type=1326 audit(1751433746.877:592): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18189 comm="syz.6.2873" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7f48bcf907bc code=0x7ffc0000 [ 1568.298389][ T30] audit: type=1326 audit(1751433746.877:593): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18189 comm="syz.6.2873" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7f48bcf906f4 code=0x7ffc0000 [ 1568.320751][ T30] audit: type=1326 audit(1751433746.877:594): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18189 comm="syz.6.2873" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7f48bcf906f4 code=0x7ffc0000 [ 1568.433101][ T30] audit: type=1326 audit(1751433746.877:595): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18189 comm="syz.6.2873" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f48bcf8d58a code=0x7ffc0000 [ 1568.506048][ T30] audit: type=1326 audit(1751433746.887:596): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18189 comm="syz.6.2873" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48bcf8e929 code=0x7ffc0000 [ 1569.266799][T18201] loop4: detected capacity change from 0 to 8192 [ 1571.611327][T18227] loop6: detected capacity change from 0 to 256 [ 1571.717098][T18227] FAT-fs (loop6): Directory bread(block 64) failed [ 1571.774900][T18227] FAT-fs (loop6): Directory bread(block 65) failed [ 1571.781549][T18227] FAT-fs (loop6): Directory bread(block 66) failed [ 1571.881593][T18227] FAT-fs (loop6): Directory bread(block 67) failed [ 1571.900233][T18227] FAT-fs (loop6): Directory bread(block 68) failed [ 1571.935126][T18227] FAT-fs (loop6): Directory bread(block 69) failed [ 1571.964704][T18227] FAT-fs (loop6): Directory bread(block 70) failed [ 1571.971273][T18227] FAT-fs (loop6): Directory bread(block 71) failed [ 1571.993938][T18227] FAT-fs (loop6): Directory bread(block 72) failed [ 1572.000491][T18227] FAT-fs (loop6): Directory bread(block 73) failed [ 1573.012633][T11417] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1573.193620][T11417] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1573.210717][T11417] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1573.221524][T11417] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1573.229881][T11417] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1574.589169][ T1103] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1574.601950][ T1103] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 1575.313313][T11417] Bluetooth: hci2: command tx timeout [ 1575.672755][ T1103] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1576.275355][ T1103] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 1577.089135][ T1103] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1577.131779][ T1103] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 1577.198859][ T30] audit: type=1326 audit(1751433756.217:597): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18285 comm="syz.6.2903" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48bcf8e929 code=0x7ffc0000 [ 1577.237722][ T30] audit: type=1326 audit(1751433756.217:598): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18285 comm="syz.6.2903" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48bcf8e929 code=0x7ffc0000 [ 1577.261363][ T30] audit: type=1326 audit(1751433756.257:599): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18285 comm="syz.6.2903" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f48bcf8e929 code=0x7ffc0000 [ 1577.285417][ T30] audit: type=1326 audit(1751433756.257:600): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18285 comm="syz.6.2903" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48bcf8e929 code=0x7ffc0000 [ 1577.381850][ T30] audit: type=1326 audit(1751433756.257:601): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18285 comm="syz.6.2903" exe="/root/syz-executor" sig=0 arch=c000003e syscall=299 compat=0 ip=0x7f48bcf8e929 code=0x7ffc0000 [ 1577.405702][ T30] audit: type=1326 audit(1751433756.257:602): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18285 comm="syz.6.2903" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48bcf8e929 code=0x7ffc0000 [ 1577.428607][ T30] audit: type=1326 audit(1751433756.257:603): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18285 comm="syz.6.2903" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f48bcf8e929 code=0x7ffc0000 [ 1577.451469][ T30] audit: type=1326 audit(1751433756.257:604): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18285 comm="syz.6.2903" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48bcf8e929 code=0x7ffc0000 [ 1577.474307][ T30] audit: type=1326 audit(1751433756.257:605): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18285 comm="syz.6.2903" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48bcf8e929 code=0x7ffc0000 [ 1577.531607][T11417] Bluetooth: hci2: command tx timeout [ 1577.619400][ T1103] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1577.637037][ T1103] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 1578.399648][T18300] loop6: detected capacity change from 0 to 128 [ 1578.891675][T18300] EXT4-fs (loop6): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 1578.906017][T18300] ext4 filesystem being mounted at /229/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 1579.063772][ T30] audit: type=1326 audit(1751433758.077:606): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18309 comm="syz.0.2910" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa2f578e929 code=0x7ffc0000 [ 1579.179290][T13171] EXT4-fs (loop6): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 1579.201042][T18238] chnl_net:caif_netlink_parms(): no params data found [ 1579.561266][T11417] Bluetooth: hci2: command tx timeout [ 1579.742864][T18238] bridge0: port 1(bridge_slave_0) entered blocking state [ 1579.771436][T18238] bridge0: port 1(bridge_slave_0) entered disabled state [ 1579.793820][T18238] bridge_slave_0: entered allmulticast mode [ 1579.806315][T18238] bridge_slave_0: entered promiscuous mode [ 1579.816334][T18238] bridge0: port 2(bridge_slave_1) entered blocking state [ 1579.824461][T18238] bridge0: port 2(bridge_slave_1) entered disabled state [ 1579.832546][T18238] bridge_slave_1: entered allmulticast mode [ 1579.841431][T18238] bridge_slave_1: entered promiscuous mode [ 1579.999082][ T1103] bridge_slave_1: left allmulticast mode [ 1580.028532][ T1103] bridge_slave_1: left promiscuous mode [ 1580.055350][ T1103] bridge0: port 2(bridge_slave_1) entered disabled state [ 1580.089802][ T1103] bridge_slave_0: left allmulticast mode [ 1580.107552][ T1103] bridge_slave_0: left promiscuous mode [ 1580.125454][ T1103] bridge0: port 1(bridge_slave_0) entered disabled state [ 1581.953333][T11417] Bluetooth: hci2: command tx timeout [ 1587.306057][T18362] loop6: detected capacity change from 0 to 128 [ 1587.320118][T18362] EXT4-fs: Ignoring removed nomblk_io_submit option [ 1587.327113][T18362] EXT4-fs: Ignoring removed nomblk_io_submit option [ 1588.258102][T18362] EXT4-fs (loop6): Test dummy encryption mode enabled [ 1588.411990][T18362] EXT4-fs (loop6): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 1588.432094][T18362] ext4 filesystem being mounted at /232/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 1588.615684][T18362] fscrypt: AES-256-CBC-CTS using implementation "cts-cbc-aes-aesni" [ 1589.980892][ T1103] batman_adv: batadv0: Removing interface: gretap1 [ 1589.993988][T13171] EXT4-fs (loop6): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 1590.170034][ T30] kauditd_printk_skb: 238 callbacks suppressed [ 1590.170052][ T30] audit: type=1326 audit(1751433769.187:845): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18369 comm="syz.6.2923" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48bcf8e929 code=0x7ffc0000 [ 1590.199507][ T30] audit: type=1326 audit(1751433769.197:846): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18369 comm="syz.6.2923" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f48bcf8e929 code=0x7ffc0000 [ 1590.223439][ T30] audit: type=1326 audit(1751433769.197:847): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18369 comm="syz.6.2923" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48bcf8e929 code=0x7ffc0000 [ 1590.247715][ T30] audit: type=1326 audit(1751433769.197:848): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18369 comm="syz.6.2923" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48bcf8e929 code=0x7ffc0000 [ 1590.270678][ T30] audit: type=1326 audit(1751433769.197:849): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18369 comm="syz.6.2923" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f48bcf8e929 code=0x7ffc0000 [ 1590.271962][T18370] loop6: detected capacity change from 0 to 512 [ 1590.293560][ T30] audit: type=1326 audit(1751433769.197:850): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18369 comm="syz.6.2923" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48bcf8e929 code=0x7ffc0000 [ 1590.293603][ T30] audit: type=1326 audit(1751433769.197:851): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18369 comm="syz.6.2923" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f48bcf8e929 code=0x7ffc0000 [ 1590.293639][ T30] audit: type=1326 audit(1751433769.197:852): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18369 comm="syz.6.2923" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48bcf8e929 code=0x7ffc0000 [ 1590.330886][T18370] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode [ 1590.350893][ T30] audit: type=1326 audit(1751433769.197:853): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18369 comm="syz.6.2923" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f48bcf8e929 code=0x7ffc0000 [ 1590.400542][ T30] audit: type=1326 audit(1751433769.197:854): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18369 comm="syz.6.2923" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48bcf8e929 code=0x7ffc0000 [ 1590.446338][T18370] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a00ec019, mo2=0002] [ 1590.498132][T18238] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1590.513639][T18370] System zones: 1-12 [ 1590.538099][T18370] EXT4-fs (loop6): 1 truncate cleaned up [ 1590.565119][T18370] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1590.573123][T18238] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1590.667713][T18348] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12 [ 1590.678858][T18348] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12 [ 1590.688565][T18348] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 1591.017403][T18238] team0: Port device team_slave_0 added [ 1591.030966][T18238] team0: Port device team_slave_1 added [ 1591.292444][T18387] overlayfs: failed to clone upperpath [ 1591.990393][T13171] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1592.118435][ T1103] hsr_slave_0: left promiscuous mode [ 1592.121938][T18400] loop6: detected capacity change from 0 to 256 [ 1592.156612][ T1103] hsr_slave_1: left promiscuous mode [ 1592.162689][ T1103] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1592.237414][T18400] FAT-fs (loop6): Directory bread(block 64) failed [ 1592.265791][T18400] FAT-fs (loop6): Directory bread(block 65) failed [ 1592.272433][T18400] FAT-fs (loop6): Directory bread(block 66) failed [ 1592.347347][T18400] FAT-fs (loop6): Directory bread(block 67) failed [ 1592.363246][ T1103] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1592.383286][T18400] FAT-fs (loop6): Directory bread(block 68) failed [ 1592.391627][T18400] FAT-fs (loop6): Directory bread(block 69) failed [ 1592.429283][ T1103] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1592.440996][T18400] FAT-fs (loop6): Directory bread(block 70) failed [ 1592.467565][ T1103] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1592.581345][T18400] FAT-fs (loop6): Directory bread(block 71) failed [ 1592.759995][T18400] FAT-fs (loop6): Directory bread(block 72) failed [ 1592.871227][ T1103] veth1_macvtap: left promiscuous mode [ 1592.986248][T18400] FAT-fs (loop6): Directory bread(block 73) failed [ 1593.025433][ T1103] veth0_macvtap: left promiscuous mode [ 1593.061021][ T1103] veth1_vlan: left promiscuous mode [ 1593.108479][ T1103] veth0_vlan: left promiscuous mode [ 1594.194930][T18427] netlink: 68 bytes leftover after parsing attributes in process `syz.0.2937'. [ 1594.323346][T18428] hub 2-0:1.0: USB hub found [ 1594.330545][T18428] hub 2-0:1.0: 1 port detected [ 1594.652687][T18411] loop5: detected capacity change from 0 to 40427 [ 1594.681157][T18411] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12 [ 1594.702484][T18411] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 1594.748654][T18411] F2FS-fs (loop5): invalid crc value [ 1595.997605][T18411] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 1596.016721][T18411] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 1597.001532][ T1103] team0 (unregistering): Port device team_slave_1 removed [ 1597.065272][ T1103] team0 (unregistering): Port device team_slave_0 removed [ 1597.090473][T18441] loop6: detected capacity change from 0 to 40427 [ 1597.099396][T18441] F2FS-fs (loop6): Invalid log_blocksize (268), supports only 12 [ 1597.107925][T18441] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock [ 1597.140629][T18441] F2FS-fs (loop6): invalid crc value [ 1597.318235][T18441] F2FS-fs (loop6): Try to recover 1th superblock, ret: 0 [ 1597.335572][T18441] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5 [ 1597.879529][T18238] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1597.900994][T18238] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1597.939881][T18238] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1598.041718][T18238] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1598.052731][T18238] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1598.083919][T18238] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1598.253341][ T977] usb 6-1: new high-speed USB device number 40 using dummy_hcd [ 1598.455819][ T977] usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 9 [ 1598.517414][ T977] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1599.030401][ T977] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41 [ 1599.039864][ T977] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11 [ 1599.048734][ T977] usb 6-1: Product: syz [ 1599.052913][ T977] usb 6-1: Manufacturer: syz [ 1599.083093][ T977] usb 6-1: SerialNumber: syz [ 1599.096493][T18451] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 1599.133599][T18238] hsr_slave_0: entered promiscuous mode [ 1599.150968][T18238] hsr_slave_1: entered promiscuous mode [ 1599.174474][T18238] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1599.192639][T18238] Cannot create hsr debugfs directory [ 1599.330619][ T977] usblp 6-1:1.0: usblp0: USB Unidirectional printer dev 40 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 1599.491098][ T1103] IPVS: stop unused estimator thread 0... [ 1599.532640][ C1] usblp0: nonzero write bulk status received: -71 [ 1601.114667][ T5885] usb 6-1: USB disconnect, device number 40 [ 1602.144846][ T5885] usblp0: removed [ 1603.205562][T18238] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1603.341384][T18238] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1603.401988][T18517] loop5: detected capacity change from 0 to 1024 [ 1603.411209][T18238] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1603.509065][T18238] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1603.552929][T18517] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1603.620478][T18517] EXT4-fs error (device loop5): ext4_mb_mark_diskspace_used:4113: comm syz.5.2957: Allocating blocks 257-513 which overlap fs metadata [ 1604.348284][ T9523] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1604.409836][T18238] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1604.501138][T18238] 8021q: adding VLAN 0 to HW filter on device team0 [ 1604.794017][T13395] bridge0: port 1(bridge_slave_0) entered blocking state [ 1604.801201][T13395] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1604.864660][T13395] bridge0: port 2(bridge_slave_1) entered blocking state [ 1604.871849][T13395] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1605.083159][T18549] loop6: detected capacity change from 0 to 512 [ 1605.185223][T18549] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1605.198192][T18549] ext4 filesystem being mounted at /242/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 1605.358130][T18549] virtiofs: Unknown parameter 'always 1 V3 [ 1605.358130][T18549] 010000E0 1 0:00000000 0 [ 1605.358130][T18549] 21 vxcan0 : 1 V3 [ 1605.358130][T18549] 010000E0 1 0:00000000 0 [ 1605.358130][T18549] 22 vxcan1 : 1 V3 [ 1605.358130][T18549] 010000E0 1 0:00000000 0 [ 1605.358130][T18549] 23 veth0 : 1 V3 [ 1605.358130][T18549] 010000E0 1 0:00000000 0 [ 1605.358130][T18549] 24 veth1 : 1 V3 [ 1605.358130][T18549] 010000E0 1 0:00000000 0 [ 1605.358130][T18549] 25 wg0 : 1 V3 [ 1605.358130][T18549] 010000E0 1 0:00000000 0 [ 1605.358130][T18549] 26 wg1 : 1 V3 [ 1605.358130][T18549] 010000E0 1 0:00000000 0 [ 1605.358130][T18549] 27 wg2 : 1 V3 [ 1605.358130][T18549] 010000E0 1 0:00000000 0 [ 1605.358130][T18549] 28 veth0_to_bridge: 1 V3 [ 1605.358130][T18549] 010000E0 1 0:00000000 0 [ 1605.358130][T18549] 29 bridge_slave_0: ' [ 1605.488290][T18549] netlink: 'syz.6.2961': attribute type 13 has an invalid length. [ 1606.013673][T18549] gretap0: refused to change device tx_queue_len [ 1606.020708][T18549] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 1606.747484][T18562] hub 2-0:1.0: USB hub found [ 1606.763540][T18562] hub 2-0:1.0: 1 port detected [ 1607.355729][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1607.362135][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 1607.531426][T13171] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1607.913880][T18574] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2964'. [ 1608.688545][T18588] tipc: Started in network mode [ 1608.695230][T18589] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2967'. [ 1608.700571][T18588] tipc: Node identity 4, cluster identity 4711 [ 1608.714779][T18588] tipc: Node number set to 4 [ 1608.726933][T18589] bridge_slave_1: left allmulticast mode [ 1608.738610][T18589] bridge_slave_1: left promiscuous mode [ 1608.767871][T18589] bridge0: port 2(bridge_slave_1) entered disabled state [ 1608.802986][T18577] kvm: kvm [18576]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0xe80000d948 [ 1608.815521][T18589] bridge_slave_0: left allmulticast mode [ 1608.821190][T18589] bridge_slave_0: left promiscuous mode [ 1608.835846][T18589] bridge0: port 1(bridge_slave_0) entered disabled state [ 1608.844901][T18577] kvm: kvm [18576]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0xe800002a48 [ 1608.857118][T18577] kvm: kvm [18576]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0xe8000018f8 [ 1608.886302][T18577] kvm: kvm [18576]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0xe80000ee95 [ 1608.909080][T18577] kvm: kvm [18576]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc1) = 0xe80000b724 [ 1608.926073][T18577] kvm: kvm [18576]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc1) = 0xe80000b724 [ 1608.936070][T18577] kvm: kvm [18576]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc1) = 0xe80000b724 [ 1608.945966][T18577] kvm: kvm [18576]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc1) = 0xe80000b724 [ 1608.956130][T18577] kvm: kvm [18576]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc1) = 0xe80000b724 [ 1608.987198][T18238] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1609.551214][T18238] veth0_vlan: entered promiscuous mode [ 1609.578824][T18238] veth1_vlan: entered promiscuous mode [ 1609.652208][T18238] veth0_macvtap: entered promiscuous mode [ 1609.681632][T18238] veth1_macvtap: entered promiscuous mode [ 1609.718873][T18238] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1609.744207][T18611] loop6: detected capacity change from 0 to 40427 [ 1609.753601][T18238] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1609.765819][T18611] F2FS-fs (loop6): Insane cp_payload (553648128 >= 504) [ 1609.779297][T18611] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock [ 1609.828374][ T1103] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1609.837535][T18611] F2FS-fs (loop6): inline encryption not supported [ 1609.868385][ T1103] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1609.895655][T18611] F2FS-fs (loop6): invalid crc value [ 1609.911420][ T1103] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1609.957011][ T1103] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1610.147021][T18611] F2FS-fs (loop6): Try to recover 1th superblock, ret: 0 [ 1610.182076][T18611] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5 [ 1610.302889][T18633] overlayfs: failed to clone upperpath [ 1610.766473][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1610.882220][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1610.977219][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1610.995641][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1612.080474][T18642] loop6: detected capacity change from 0 to 256 [ 1612.247651][T18642] exFAT-fs (loop6): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x53fda505, utbl_chksum : 0xe619d30d) [ 1612.313716][T18642] exFAT-fs (loop6): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 1613.558519][T18663] loop5: detected capacity change from 0 to 256 [ 1613.737497][T18663] FAT-fs (loop5): Directory bread(block 64) failed [ 1613.744534][T18663] FAT-fs (loop5): Directory bread(block 65) failed [ 1613.751584][T18663] FAT-fs (loop5): Directory bread(block 66) failed [ 1613.758274][T18663] FAT-fs (loop5): Directory bread(block 67) failed [ 1613.765492][T18663] FAT-fs (loop5): Directory bread(block 68) failed [ 1613.772103][T18663] FAT-fs (loop5): Directory bread(block 69) failed [ 1613.779344][T18663] FAT-fs (loop5): Directory bread(block 70) failed [ 1613.785995][T18663] FAT-fs (loop5): Directory bread(block 71) failed [ 1613.794107][T18663] FAT-fs (loop5): Directory bread(block 72) failed [ 1613.800716][T18663] FAT-fs (loop5): Directory bread(block 73) failed [ 1614.662180][T18668] loop6: detected capacity change from 0 to 128 [ 1614.687952][T18668] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=16, mo=a84ec018, mo2=0002] [ 1615.360044][T18668] System zones: 1-3, 19-19, 35-36 [ 1615.449740][T18668] EXT4-fs (loop6): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback. [ 1615.520753][T18668] ext4 filesystem being mounted at /247/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 1615.660848][T18668] EXT4-fs warning (device loop6): verify_group_input:137: Cannot add at group 4 (only 1 groups) [ 1615.835341][T13171] EXT4-fs (loop6): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 1617.071761][T18692] loop4: detected capacity change from 0 to 512 [ 1617.504649][T18692] EXT4-fs (loop4): failed to initialize system zone (-117) [ 1618.039122][ T977] usb 7-1: new high-speed USB device number 21 using dummy_hcd [ 1618.104547][T18694] loop5: detected capacity change from 0 to 512 [ 1618.120599][T18694] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 1618.146093][T18692] EXT4-fs (loop4): mount failed [ 1618.206688][T18694] EXT4-fs (loop5): orphan cleanup on readonly fs [ 1618.219337][T18694] __quota_error: 71 callbacks suppressed [ 1618.219378][T18694] Quota error (device loop5): do_check_range: Getting block 196613 out of range 1-5 [ 1618.234998][T18694] Quota error (device loop5): qtree_read_dquot: Can't read quota structure for id 0 [ 1618.244496][T18694] EXT4-fs error (device loop5): ext4_acquire_dquot:6933: comm syz.5.2993: Failed to acquire dquot type 1 [ 1618.270244][T18694] EXT4-fs (loop5): 1 truncate cleaned up [ 1618.289071][ T977] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1618.314579][T18694] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 1618.524966][ T977] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1618.538633][ T977] usb 7-1: New USB device found, idVendor=086d, idProduct=0000, bcdDevice= 0.00 [ 1618.549710][ T977] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1618.561025][ T977] usb 7-1: config 0 descriptor?? [ 1620.451763][ T977] usbhid 7-1:0.0: can't add hid device: -71 [ 1620.502349][ T9523] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1620.519850][ T977] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 1620.597715][ T977] usb 7-1: USB disconnect, device number 21 [ 1620.872912][T18715] loop5: detected capacity change from 0 to 256 [ 1620.896855][T18715] vfat: Unknown parameter 'euid' [ 1621.660908][ T5834] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1621.768081][ T5834] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1621.867545][ T5834] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1621.918621][ T5834] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1622.074953][ T5834] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1624.968332][T18743] 9pnet_fd: Insufficient options for proto=fd [ 1625.463671][T11417] Bluetooth: hci3: command tx timeout [ 1625.788915][ T30] audit: type=1326 audit(1751433804.807:926): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18748 comm="syz.4.3008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe3c998e929 code=0x7ffc0000 [ 1625.826288][ T24] usb 6-1: new high-speed USB device number 41 using dummy_hcd [ 1625.860774][ T30] audit: type=1326 audit(1751433804.807:927): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18748 comm="syz.4.3008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe3c998e929 code=0x7ffc0000 [ 1625.885481][ T30] audit: type=1326 audit(1751433804.807:928): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18748 comm="syz.4.3008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe3c998e929 code=0x7ffc0000 [ 1625.908556][ T30] audit: type=1326 audit(1751433804.807:929): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18748 comm="syz.4.3008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe3c998e929 code=0x7ffc0000 [ 1625.931751][ T30] audit: type=1326 audit(1751433804.807:930): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18748 comm="syz.4.3008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe3c998e929 code=0x7ffc0000 [ 1625.954988][ T30] audit: type=1326 audit(1751433804.807:931): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18748 comm="syz.4.3008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe3c998e929 code=0x7ffc0000 [ 1625.979488][ T30] audit: type=1326 audit(1751433804.807:932): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18748 comm="syz.4.3008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe3c998e929 code=0x7ffc0000 [ 1626.017198][ T30] audit: type=1326 audit(1751433804.807:933): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18748 comm="syz.4.3008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe3c998e929 code=0x7ffc0000 [ 1626.069262][ T30] audit: type=1326 audit(1751433804.837:934): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18748 comm="syz.4.3008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe3c998e929 code=0x7ffc0000 [ 1626.071299][ T24] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1626.092704][ T30] audit: type=1326 audit(1751433804.847:935): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18748 comm="syz.4.3008" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe3c998e929 code=0x7ffc0000 [ 1626.397591][T18757] loop4: detected capacity change from 0 to 40427 [ 1627.084389][ T24] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1627.094605][ T24] usb 6-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 1627.105832][ T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1627.144907][ T24] usb 6-1: config 0 descriptor?? [ 1627.588821][T18757] F2FS-fs (loop4): Unrecognized mount option "whint_mode=off" or missing value [ 1627.599609][T11417] Bluetooth: hci3: command tx timeout [ 1627.744456][T18758] loop6: detected capacity change from 0 to 512 [ 1629.375607][T18758] EXT4-fs: error -4 creating inode table initialization thread [ 1629.383884][T18758] EXT4-fs (loop6): mount failed [ 1629.760069][ T24] usb 6-1: can't set config #0, error -71 [ 1629.773289][T11417] Bluetooth: hci3: command tx timeout [ 1630.174132][ T24] usb 6-1: USB disconnect, device number 41 [ 1630.401084][T18718] chnl_net:caif_netlink_parms(): no params data found [ 1631.067511][T18784] loop5: detected capacity change from 0 to 512 [ 1631.704045][T18784] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1631.793478][T11417] Bluetooth: hci3: command tx timeout [ 1631.804646][T18784] ext4 filesystem being mounted at /420/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1631.855384][T18718] bridge0: port 1(bridge_slave_0) entered blocking state [ 1631.867669][T18784] fscrypt (loop5, inode 15): Error -61 getting encryption context [ 1631.898634][T18718] bridge0: port 1(bridge_slave_0) entered disabled state [ 1631.923702][T18718] bridge_slave_0: entered allmulticast mode [ 1631.942230][T18718] bridge_slave_0: entered promiscuous mode [ 1631.986111][T18718] bridge0: port 2(bridge_slave_1) entered blocking state [ 1632.023185][T18718] bridge0: port 2(bridge_slave_1) entered disabled state [ 1632.045874][T18718] bridge_slave_1: entered allmulticast mode [ 1632.064195][T18718] bridge_slave_1: entered promiscuous mode [ 1632.092496][T18791] overlayfs: missing 'lowerdir' [ 1632.136364][ T9523] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1632.207277][T18718] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1632.253776][T18718] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1632.319054][T18800] loop5: detected capacity change from 0 to 256 [ 1632.341110][T18800] exFAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 1632.355602][T18718] team0: Port device team_slave_0 added [ 1632.387355][T18800] exFAT-fs (loop5): Medium has reported failures. Some data may be lost. [ 1632.398952][T18718] team0: Port device team_slave_1 added [ 1632.434089][T18800] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 1632.521114][T18718] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1632.542334][T18718] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1632.663870][T18718] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1632.695723][T18718] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1632.725146][T18718] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1632.823987][T18806] netlink: 48 bytes leftover after parsing attributes in process `syz.7.3020'. [ 1633.178441][T18718] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1633.374404][T18808] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3021'. [ 1633.899055][T18718] hsr_slave_0: entered promiscuous mode [ 1633.931896][T18718] hsr_slave_1: entered promiscuous mode [ 1633.961475][T18718] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1633.973823][T18718] Cannot create hsr debugfs directory [ 1634.157948][ T30] kauditd_printk_skb: 8 callbacks suppressed [ 1634.157965][ T30] audit: type=1326 audit(1751433813.177:944): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18814 comm="syz.7.3024" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a16f8e929 code=0x7ffc0000 [ 1634.247018][ T30] audit: type=1326 audit(1751433813.177:945): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18814 comm="syz.7.3024" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0a16f8e929 code=0x7ffc0000 [ 1634.339602][ T30] audit: type=1326 audit(1751433813.177:946): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18814 comm="syz.7.3024" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a16f8e929 code=0x7ffc0000 [ 1634.433170][ T30] audit: type=1326 audit(1751433813.177:947): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18814 comm="syz.7.3024" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0a16f8e929 code=0x7ffc0000 [ 1634.491532][T18824] usb usb8: usbfs: process 18824 (syz.5.3023) did not claim interface 0 before use [ 1634.553694][ T30] audit: type=1326 audit(1751433813.177:948): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18814 comm="syz.7.3024" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a16f8e929 code=0x7ffc0000 [ 1634.648077][ T30] audit: type=1326 audit(1751433813.207:949): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18814 comm="syz.7.3024" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0a16f8e929 code=0x7ffc0000 [ 1634.723301][ T30] audit: type=1326 audit(1751433813.207:950): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18814 comm="syz.7.3024" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a16f8e929 code=0x7ffc0000 [ 1634.805527][ T30] audit: type=1326 audit(1751433813.207:951): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18814 comm="syz.7.3024" exe="/root/syz-executor" sig=0 arch=c000003e syscall=26 compat=0 ip=0x7f0a16f8e929 code=0x7ffc0000 [ 1634.886816][ T30] audit: type=1326 audit(1751433813.207:952): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18814 comm="syz.7.3024" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a16f8e929 code=0x7ffc0000 [ 1634.948352][ T30] audit: type=1326 audit(1751433813.207:953): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18814 comm="syz.7.3024" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0a16f8e929 code=0x7ffc0000 [ 1635.106069][T18718] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 1635.129635][T18718] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 1635.159112][T18718] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 1635.188052][T18718] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 1635.242901][T18831] loop4: detected capacity change from 0 to 512 [ 1635.344356][T18831] EXT4-fs (loop4): failed to initialize system zone (-117) [ 1635.353278][T18831] EXT4-fs (loop4): mount failed [ 1636.298736][T18718] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1636.361077][T18856] loop4: detected capacity change from 0 to 16 [ 1636.382136][T18718] 8021q: adding VLAN 0 to HW filter on device team0 [ 1636.400236][T18856] erofs (device loop4): mounted with root inode @ nid 36. [ 1636.414764][ T6424] bridge0: port 1(bridge_slave_0) entered blocking state [ 1636.421937][ T6424] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1636.468395][ T6424] bridge0: port 2(bridge_slave_1) entered blocking state [ 1636.475605][ T6424] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1639.012035][T18879] loop4: detected capacity change from 0 to 512 [ 1639.025991][T18879] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 1639.993343][T18879] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a842e11c, mo2=0002] [ 1640.037073][T18879] System zones: 1-12 [ 1640.041264][T18879] EXT4-fs (loop4): orphan cleanup on readonly fs [ 1640.067160][T18879] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.3042: bg 0: block 361: padding at end of block bitmap is not set [ 1640.680457][T18891] loop6: detected capacity change from 0 to 512 [ 1640.733979][T18879] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6548: Corrupt filesystem [ 1640.751354][T18891] EXT4-fs (loop6): failed to initialize system zone (-117) [ 1640.781542][T18891] EXT4-fs (loop6): mount failed [ 1641.014848][T18879] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #11: comm syz.4.3042: invalid indirect mapped block 12 (level 1) [ 1641.066596][T18896] loop5: detected capacity change from 0 to 16 [ 1641.073222][T18718] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1641.080568][T18879] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #11: comm syz.4.3042: invalid indirect mapped block 2 (level 2) [ 1641.521431][T18879] EXT4-fs (loop4): 1 truncate cleaned up [ 1641.528342][T18896] erofs (device loop5): mounted with root inode @ nid 36. [ 1641.579361][T18879] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none. [ 1641.694927][ T30] kauditd_printk_skb: 25 callbacks suppressed [ 1641.694945][ T30] audit: type=1326 audit(1751433820.657:979): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18894 comm="syz.5.3045" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4079b8e929 code=0x7ffc0000 [ 1641.764498][ T30] audit: type=1326 audit(1751433820.657:980): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18894 comm="syz.5.3045" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4079b8e929 code=0x7ffc0000 [ 1641.912341][T18238] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000007. [ 1641.961265][ T30] audit: type=1326 audit(1751433820.657:981): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18894 comm="syz.5.3045" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4079b8e929 code=0x7ffc0000 [ 1642.070917][ T30] audit: type=1326 audit(1751433820.667:982): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18894 comm="syz.5.3045" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f4079b8e929 code=0x7ffc0000 [ 1642.080916][T18906] netlink: 'syz.6.3047': attribute type 3 has an invalid length. [ 1642.151787][ T30] audit: type=1326 audit(1751433820.667:983): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18894 comm="syz.5.3045" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4079b8e929 code=0x7ffc0000 [ 1642.206969][ T30] audit: type=1326 audit(1751433820.667:984): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18894 comm="syz.5.3045" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f4079b8e929 code=0x7ffc0000 [ 1642.277144][ T30] audit: type=1326 audit(1751433820.697:985): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18894 comm="syz.5.3045" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f4079b8e963 code=0x7ffc0000 [ 1642.331097][ T30] audit: type=1326 audit(1751433820.697:986): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18894 comm="syz.5.3045" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f4079b8d3df code=0x7ffc0000 [ 1642.406224][ T30] audit: type=1326 audit(1751433820.697:987): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18894 comm="syz.5.3045" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7f4079b8e9b7 code=0x7ffc0000 [ 1642.525475][ T30] audit: type=1326 audit(1751433820.697:988): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18894 comm="syz.5.3045" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f4079b8d290 code=0x7ffc0000 [ 1642.614791][T18920] loop4: detected capacity change from 0 to 512 [ 1642.674700][T18917] bridge0: port 2(bridge_slave_1) entered disabled state [ 1642.682135][T18917] bridge0: port 1(bridge_slave_0) entered disabled state [ 1642.707480][T18920] EXT4-fs (loop4): failed to initialize system zone (-117) [ 1642.724067][T18920] EXT4-fs (loop4): mount failed [ 1643.707872][T18917] bridge_slave_0: left allmulticast mode [ 1643.716629][T18917] bridge_slave_0: left promiscuous mode [ 1643.722444][T18917] bridge0: port 1(bridge_slave_0) entered disabled state [ 1643.743613][T18917] bridge_slave_1: left allmulticast mode [ 1643.757840][T18917] bridge_slave_1: left promiscuous mode [ 1643.773809][T18917] bridge0: port 2(bridge_slave_1) entered disabled state [ 1643.828817][T18917] bond0: (slave bond_slave_0): Releasing backup interface [ 1644.013280][T18917] bond0: (slave bond_slave_1): Releasing backup interface [ 1644.304576][T18917] team0: Port device team_slave_0 removed [ 1644.525067][T18917] team0: Port device team_slave_1 removed [ 1644.685672][T18917] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1644.713128][T18917] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1644.741585][T18917] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1644.775990][T18917] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1645.135917][T18917] geneve2: left allmulticast mode [ 1645.245698][T18718] veth0_vlan: entered promiscuous mode [ 1645.308233][T15519] netdevsim netdevsim7 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1645.638353][T15519] netdevsim netdevsim7 netdevsim0: unset [1, 1] type 2 family 0 port 20000 - 0 [ 1645.664600][T15519] netdevsim netdevsim7 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1645.709583][T15519] netdevsim netdevsim7 netdevsim1: unset [1, 1] type 2 family 0 port 20000 - 0 [ 1645.775503][T18718] veth1_vlan: entered promiscuous mode [ 1645.818416][T15519] netdevsim netdevsim7 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1645.831355][T15519] netdevsim netdevsim7 netdevsim2: unset [1, 1] type 2 family 0 port 20000 - 0 [ 1645.845786][T15519] netdevsim netdevsim7 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1645.859535][T15519] netdevsim netdevsim7 netdevsim3: unset [1, 1] type 2 family 0 port 20000 - 0 [ 1645.916134][T18718] veth0_macvtap: entered promiscuous mode [ 1645.930629][T18718] veth1_macvtap: entered promiscuous mode [ 1646.017354][T18718] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1646.067799][T18718] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1646.106096][T15519] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1646.131246][T15519] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1646.161862][T15519] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1646.191317][T15519] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1646.379562][ T6259] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1646.406847][ T6259] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1646.531999][ T6259] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1646.549826][ T6259] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1646.832055][T18964] 9pnet_fd: Insufficient options for proto=fd [ 1647.802705][ T30] kauditd_printk_skb: 36 callbacks suppressed [ 1647.802722][ T30] audit: type=1326 audit(1751433826.807:1025): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18985 comm="syz.4.3074" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe3c998e929 code=0x7ffc0000 [ 1647.886280][ T30] audit: type=1326 audit(1751433826.817:1026): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18985 comm="syz.4.3074" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe3c998e929 code=0x7ffc0000 [ 1648.127467][ T30] audit: type=1326 audit(1751433826.817:1027): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18985 comm="syz.4.3074" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe3c998e929 code=0x7ffc0000 [ 1648.156636][ T30] audit: type=1326 audit(1751433826.817:1028): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18985 comm="syz.4.3074" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe3c998e929 code=0x7ffc0000 [ 1648.193701][ T30] audit: type=1326 audit(1751433826.817:1029): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18985 comm="syz.4.3074" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe3c998e929 code=0x7ffc0000 [ 1648.217937][ T30] audit: type=1326 audit(1751433826.847:1030): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18985 comm="syz.4.3074" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe3c998e929 code=0x7ffc0000 [ 1648.243166][ T30] audit: type=1326 audit(1751433826.847:1031): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18985 comm="syz.4.3074" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe3c998e929 code=0x7ffc0000 [ 1648.266083][ T30] audit: type=1326 audit(1751433826.847:1032): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18985 comm="syz.4.3074" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe3c998e929 code=0x7ffc0000 [ 1648.303188][ T30] audit: type=1326 audit(1751433826.847:1033): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18985 comm="syz.4.3074" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe3c998e929 code=0x7ffc0000 [ 1648.325767][ T30] audit: type=1326 audit(1751433826.857:1034): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18985 comm="syz.4.3074" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe3c998e929 code=0x7ffc0000 [ 1648.401060][T18983] loop5: detected capacity change from 0 to 256 [ 1648.487492][T18983] exfat: Deprecated parameter 'utf8' [ 1648.543342][T18983] exfat: Deprecated parameter 'namecase' [ 1648.549046][T18983] exfat: Deprecated parameter 'utf8' [ 1648.617400][T18983] exfat: Bad value for 'uid' [ 1648.632231][T18983] exfat: Bad value for 'uid' [ 1649.531565][T19003] tipc: Started in network mode [ 1649.549855][T19003] tipc: Node identity ca448effbb06, cluster identity 4711 [ 1649.583304][T19003] tipc: Enabled bearer , priority 0 [ 1649.698925][T19001] tipc: Resetting bearer [ 1650.033001][T19018] hub 2-0:1.0: USB hub found [ 1650.039209][T19018] hub 2-0:1.0: 1 port detected [ 1650.684698][ T977] tipc: Node number set to 1900187391 [ 1654.665024][ T30] kauditd_printk_skb: 9 callbacks suppressed [ 1654.665043][ T30] audit: type=1326 audit(1751433833.667:1044): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19036 comm="syz.8.3086" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb02d18e929 code=0x7fc00000 [ 1654.750647][ T30] audit: type=1326 audit(1751433833.667:1045): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19036 comm="syz.8.3086" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fb02d18e929 code=0x7fc00000 [ 1654.834675][ T30] audit: type=1326 audit(1751433833.667:1046): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19036 comm="syz.8.3086" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb02d18e929 code=0x7fc00000 [ 1654.893136][ T30] audit: type=1326 audit(1751433833.667:1047): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19036 comm="syz.8.3086" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb02d18e929 code=0x7fc00000 [ 1654.947778][ T30] audit: type=1326 audit(1751433833.667:1048): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19036 comm="syz.8.3086" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb02d18e929 code=0x7fc00000 [ 1654.970225][ C1] vkms_vblank_simulate: vblank timer overrun [ 1654.983746][ T30] audit: type=1326 audit(1751433833.667:1049): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19036 comm="syz.8.3086" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb02d18e929 code=0x7fc00000 [ 1655.484521][T19062] overlayfs: failed to clone upperpath [ 1656.221845][T19070] loop5: detected capacity change from 0 to 128 [ 1656.246343][T19070] EXT4-fs (loop5): Test dummy encryption mode enabled [ 1656.295434][T19070] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 1656.343174][T19070] ext4 filesystem being mounted at /438/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 1656.407652][T19070] fscrypt: AES-256-XTS using implementation "xts-aes-aesni-avx" [ 1656.845743][ T9523] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 1657.703716][T19104] hub 2-0:1.0: USB hub found [ 1657.710025][T19104] hub 2-0:1.0: 1 port detected [ 1658.157818][T19001] tipc: Disabling bearer [ 1658.842359][T19119] loop8: detected capacity change from 0 to 8192 [ 1659.414011][ T30] audit: type=1326 audit(1751434094.425:1050): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19117 comm="syz.8.3114" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb02d18e929 code=0x7ffc0000 [ 1659.437062][ T30] audit: type=1326 audit(1751434094.425:1051): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19117 comm="syz.8.3114" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb02d18e929 code=0x7ffc0000 [ 1660.448879][T19136] loop5: detected capacity change from 0 to 512 [ 1660.525239][T19136] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 1660.613129][T19136] ext4 filesystem being mounted at /445/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1660.719354][T19136] overlayfs: failed to resolve './file1': -2 [ 1660.850896][T19144] loop4: detected capacity change from 0 to 512 [ 1660.881881][T19144] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 1660.949130][T19144] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8802e01c, mo2=0102] [ 1660.973310][T19144] EXT4-fs (loop4): orphan cleanup on readonly fs [ 1660.994218][T19144] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.3120: bg 0: block 361: padding at end of block bitmap is not set [ 1661.066071][T19147] overlayfs: failed to clone upperpath [ 1661.211729][T19144] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6548: Corrupt filesystem [ 1661.322960][T19144] EXT4-fs error (device loop4): ext4_clear_blocks:876: inode #11: comm syz.4.3120: attempt to clear invalid blocks 33619980 len 1 [ 1661.528267][ T9523] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 1661.550396][T19144] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #11: comm syz.4.3120: invalid indirect mapped block 1811939328 (level 0) [ 1661.646189][T19144] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #11: comm syz.4.3120: invalid indirect mapped block 2185560079 (level 1) [ 1661.742579][T19144] EXT4-fs (loop4): 1 truncate cleaned up [ 1661.827764][T19144] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none. [ 1662.139260][T19162] loop5: detected capacity change from 0 to 512 [ 1662.166468][T19162] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 1662.228539][T19162] EXT4-fs (loop5): 1 truncate cleaned up [ 1662.284898][T19162] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1662.334311][T19162] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1662.542461][T18238] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000007. [ 1667.584717][T19204] netlink: 600 bytes leftover after parsing attributes in process `syz.5.3134'. [ 1669.035431][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1669.041815][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 1670.083253][ T31] INFO: task kworker/0:4:5892 blocked for more than 143 seconds. [ 1670.091021][ T31] Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1670.717626][T19224] hub 2-0:1.0: USB hub found [ 1670.727604][T19224] hub 2-0:1.0: 1 port detected [ 1671.427841][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1671.493324][ T31] task:kworker/0:4 state:D stack:20760 pid:5892 tgid:5892 ppid:2 task_flags:0x4208060 flags:0x00004000 [ 1671.513765][ T31] Workqueue: events_power_efficient hub_init_func2 [ 1671.520332][ T31] Call Trace: [ 1671.593061][ T31] [ 1671.596046][ T31] __schedule+0x16f5/0x4d00 [ 1671.600579][ T31] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 1671.632969][ T31] ? schedule+0x165/0x360 [ 1671.637547][ T31] ? __pfx___schedule+0x10/0x10 [ 1671.642432][ T31] ? schedule+0x91/0x360 [ 1671.663262][ T31] schedule+0x165/0x360 [ 1671.667484][ T31] schedule_preempt_disabled+0x13/0x30 [ 1671.672956][ T31] __mutex_lock+0x724/0xe80 [ 1671.703378][ T31] ? __mutex_lock+0x51b/0xe80 [ 1671.708122][ T31] ? hub_activate+0xb7/0x1ea0 [ 1671.712820][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 1671.743340][ T31] ? do_raw_spin_lock+0x121/0x290 [ 1671.748429][ T31] ? __lock_acquire+0xab9/0xd20 [ 1671.763102][ T31] hub_activate+0xb7/0x1ea0 [ 1671.767643][ T31] ? process_scheduled_works+0x9ef/0x17b0 [ 1671.778021][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 1671.783637][ T31] ? process_scheduled_works+0x9ef/0x17b0 [ 1671.789379][ T31] ? process_scheduled_works+0x9ef/0x17b0 [ 1671.800140][ T31] process_scheduled_works+0xae1/0x17b0 [ 1671.813363][ T31] ? __pfx_process_scheduled_works+0x10/0x10 [ 1671.822724][ T31] worker_thread+0x8a0/0xda0 [ 1671.827537][ T31] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 1671.837631][ T31] ? __kthread_parkme+0x7b/0x200 [ 1671.842609][ T31] kthread+0x70e/0x8a0 [ 1671.846838][ T31] ? __pfx_worker_thread+0x10/0x10 [ 1671.851978][ T31] ? __pfx_kthread+0x10/0x10 [ 1671.858741][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 1671.864114][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 1671.869328][ T31] ? __pfx_kthread+0x10/0x10 [ 1671.874033][ T31] ret_from_fork+0x3fc/0x770 [ 1671.878637][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 1671.883867][ T31] ? __switch_to_asm+0x39/0x70 [ 1671.888636][ T31] ? __switch_to_asm+0x33/0x70 [ 1671.893543][ T31] ? __pfx_kthread+0x10/0x10 [ 1671.898148][ T31] ret_from_fork_asm+0x1a/0x30 [ 1671.902931][ T31] [ 1672.143149][ T31] INFO: task kworker/0:0:12878 blocked for more than 145 seconds. [ 1672.151006][ T31] Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 [ 1672.200866][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1672.223164][ T31] task:kworker/0:0 state:D stack:21832 pid:12878 tgid:12878 ppid:2 task_flags:0x4288060 flags:0x00004000 [ 1672.253100][ T31] Workqueue: usb_hub_wq hub_event [ 1672.258179][ T31] Call Trace: [ 1672.307213][ T31] [ 1672.310196][ T31] __schedule+0x16f5/0x4d00 [ 1672.323275][ T31] ? schedule+0x165/0x360 [ 1672.334036][ T31] ? __pfx___schedule+0x10/0x10 [ 1672.338921][ T31] ? preempt_schedule_common+0x83/0xd0 [ 1672.353634][ T31] ? __pfx_preempt_schedule+0x10/0x10 [ 1672.363428][ T31] ? schedule+0x91/0x360 [ 1672.383326][ T31] schedule+0x165/0x360 [ 1672.387538][ T31] schedule_timeout+0x9a/0x270 [ 1672.392316][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 1672.403097][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 1672.419472][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 1672.425472][ T31] ? wait_for_completion+0x267/0x5d0 [ 1672.438647][ T31] wait_for_completion+0x2bf/0x5d0 [ 1672.444401][ T31] ? __pfx_wait_for_completion+0x10/0x10 [ 1672.450030][ T31] ? __flush_work+0xd2/0xbc0 [ 1672.454928][ T31] ? __flush_work+0xd2/0xbc0 [ 1672.459512][ T31] __flush_work+0x9b9/0xbc0 [ 1672.468841][ T31] ? __flush_work+0xd2/0xbc0 [ 1672.473909][ T31] ? __pfx___flush_work+0x10/0x10 [ 1672.478930][ T31] ? __pfx_wq_barrier_func+0x10/0x10 [ 1672.486730][ T31] flush_delayed_work+0x13e/0x190 [ 1672.512655][ T31] ? __pfx_flush_delayed_work+0x10/0x10 [ 1672.519096][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 1672.524716][ T31] ? usb_hcd_flush_endpoint+0x3e9/0x400 [ 1672.531649][ T31] hub_quiesce+0x1f0/0x330 [ 1672.536471][ T31] hub_disconnect+0xc8/0x470 [ 1672.541088][ T31] usb_unbind_interface+0x26b/0x910 [ 1672.546757][ T31] ? __pfx_usb_unbind_interface+0x10/0x10 [ 1672.552494][ T31] device_release_driver_internal+0x4d6/0x7c0 [ 1672.558988][ T31] bus_remove_device+0x34d/0x410 [ 1672.564208][ T31] device_del+0x511/0x8e0 [ 1672.568554][ T31] ? kfree+0x18e/0x440 [ 1672.579047][ T31] ? __pfx_device_del+0x10/0x10 [ 1672.584478][ T31] ? kobject_put+0x446/0x480 [ 1672.589093][ T31] usb_disable_device+0x3e9/0x8a0 [ 1672.594695][ T31] usb_disconnect+0x330/0x950 [ 1672.599403][ T31] hub_event+0x1cdb/0x4a00 [ 1672.604794][ T31] ? do_raw_spin_lock+0x121/0x290 [ 1672.609832][ T31] ? register_lock_class+0x51/0x320 [ 1672.619279][ T31] ? __pfx_hub_event+0x10/0x10 [ 1672.628578][ T31] ? process_scheduled_works+0x9ef/0x17b0 [ 1672.634624][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 1672.639840][ T31] ? process_scheduled_works+0x9ef/0x17b0 [ 1672.650065][ T31] ? process_scheduled_works+0x9ef/0x17b0 [ 1672.656175][ T31] process_scheduled_works+0xae1/0x17b0 [ 1672.661752][ T31] ? __pfx_process_scheduled_works+0x10/0x10 [ 1672.670141][ T31] worker_thread+0x8a0/0xda0 [ 1672.675797][ T31] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 1672.682152][ T31] ? __kthread_parkme+0x7b/0x200 [ 1672.687369][ T31] kthread+0x70e/0x8a0 [ 1672.691445][ T31] ? __pfx_worker_thread+0x10/0x10 [ 1672.696825][ T31] ? __pfx_kthread+0x10/0x10 [ 1672.701425][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 1672.709006][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 1672.714899][ T31] ? __pfx_kthread+0x10/0x10 [ 1672.719493][ T31] ret_from_fork+0x3fc/0x770 [ 1672.729508][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 1672.734707][ T31] ? __switch_to_asm+0x39/0x70 [ 1672.739475][ T31] ? __switch_to_asm+0x33/0x70 [ 1672.744588][ T31] ? __pfx_kthread+0x10/0x10 [ 1672.749201][ T31] ret_from_fork_asm+0x1a/0x30 [ 1672.754033][ T31] [ 1672.757230][ T31] [ 1672.757230][ T31] Showing all locks held in the system: [ 1672.777996][ T31] 1 lock held by khungtaskd/31: [ 1672.782886][ T31] #0: ffffffff8e13bee0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 1672.793755][ T31] 2 locks held by kworker/u8:2/36: [ 1672.798921][ T31] #0: ffff8880b8639f58 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0xad/0x140 [ 1672.809540][ T31] #1: ffff8880b8623f08 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x39a/0x6d0 [ 1672.821342][ T31] 2 locks held by getty/5594: [ 1672.826310][ T31] #0: ffff88814daae0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 1672.845032][ T31] #1: ffffc9000331b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400 [ 1672.870680][ T31] 3 locks held by kworker/0:4/5892: [ 1672.876011][ T31] #0: ffff88801a482148 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 1672.889080][ T31] #1: ffffc9000446fbc0 ((work_completion)(&(&hub->init_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 1672.902072][ T31] #2: ffff888021e8a198 (&dev->mutex){....}-{4:4}, at: hub_activate+0xb7/0x1ea0 [ 1672.912067][ T31] 5 locks held by kworker/0:0/12878: [ 1672.917444][ T31] #0: ffff888143ad6148 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 1672.928795][ T31] #1: ffffc900030f7bc0 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 1672.940720][ T31] #2: ffff888027dc3198 (&dev->mutex){....}-{4:4}, at: hub_event+0x184/0x4a00 [ 1672.952477][ T31] #3: ffff888021e8a198 (&dev->mutex){....}-{4:4}, at: usb_disconnect+0xf8/0x950 [ 1672.973183][ T31] #4: ffff8880212c3160 (&dev->mutex){....}-{4:4}, at: device_release_driver_internal+0xb6/0x7c0 [ 1672.986482][ T31] 3 locks held by kworker/u8:3/15519: [ 1672.991869][ T31] #0: ffff88801a489148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 1673.004008][ T31] #1: ffffc9000c0f7bc0 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 1673.015345][ T31] #2: ffffffff8f516c88 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60 [ 1673.024952][ T31] 2 locks held by syz-executor/18238: [ 1673.030326][ T31] #0: ffff88807b11cdc0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x212/0x510 [ 1673.040698][ T31] #1: ffff88807b11c0b8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x66a/0x1330 [ 1673.050742][ T31] 1 lock held by syz.0.2952/18504: [ 1673.057985][ T31] #0: ffff888027dc3198 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x16e/0x760 [ 1673.074753][ T31] 1 lock held by syz.6.3082/19024: [ 1673.079893][ T31] #0: ffff888027dc3198 (&dev->mutex){....}-{4:4}, at: usbdev_open+0x16e/0x760 [ 1673.090577][ T31] 1 lock held by syz.7.3137/19212: [ 1673.095800][ T31] #0: ffffffff8f516c88 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x3e/0x1c0 [ 1673.104940][ T31] 2 locks held by syz.5.3139/19222: [ 1673.110134][ T31] #0: ffffffff8f516c88 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x3e/0x1c0 [ 1673.119144][ T31] #1: ffffffff8e1419f8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x3b9/0x730 [ 1673.147577][ T31] [ 1673.152984][ T31] ============================================= [ 1673.152984][ T31] [ 1673.164096][ T31] NMI backtrace for cpu 0 [ 1673.164121][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) [ 1673.164139][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1673.164149][ T31] Call Trace: [ 1673.164155][ T31] [ 1673.164163][ T31] dump_stack_lvl+0x189/0x250 [ 1673.164189][ T31] ? __wake_up_klogd+0xd9/0x110 [ 1673.164208][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1673.164229][ T31] ? __pfx__printk+0x10/0x10 [ 1673.164257][ T31] nmi_cpu_backtrace+0x39e/0x3d0 [ 1673.164281][ T31] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 1673.164307][ T31] ? _printk+0xcf/0x120 [ 1673.164328][ T31] ? __pfx__printk+0x10/0x10 [ 1673.164349][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 1673.164372][ T31] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 1673.164396][ T31] watchdog+0xfee/0x1030 [ 1673.164416][ T31] ? watchdog+0x1de/0x1030 [ 1673.164442][ T31] kthread+0x70e/0x8a0 [ 1673.164461][ T31] ? __pfx_watchdog+0x10/0x10 [ 1673.164478][ T31] ? __pfx_kthread+0x10/0x10 [ 1673.164495][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 1673.164518][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 1673.164539][ T31] ? __pfx_kthread+0x10/0x10 [ 1673.164555][ T31] ret_from_fork+0x3fc/0x770 [ 1673.164578][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 1673.164605][ T31] ? __switch_to_asm+0x39/0x70 [ 1673.164620][ T31] ? __switch_to_asm+0x33/0x70 [ 1673.164635][ T31] ? __pfx_kthread+0x10/0x10 [ 1673.164652][ T31] ret_from_fork_asm+0x1a/0x30 [ 1673.164683][ T31] [ 1673.164695][ T31] Sending NMI from CPU 0 to CPUs 1: [ 1673.323673][ C1] NMI backtrace for cpu 1 [ 1673.323689][ C1] CPU: 1 UID: 0 PID: 18763 Comm: kworker/u8:8 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) [ 1673.323708][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1673.323718][ C1] Workqueue: events_unbound toggle_allocation_gate [ 1673.323757][ C1] RIP: 0010:__phys_addr+0x109/0x180 [ 1673.323773][ C1] Code: 09 cc 48 c7 c0 10 10 f6 8d 48 c1 e8 03 42 80 3c 38 00 74 0c 48 c7 c7 10 10 f6 8d e8 21 8e af 00 48 8b 1d 9a be 81 0c 4c 01 f3 ff ff ff 1f 4c 89 f6 e8 ea 7e 4b 00 49 81 fe ff ff ff 1f 77 56 [ 1673.323786][ C1] RSP: 0018:ffffc9000c62f4d8 EFLAGS: 00000006 [ 1673.323799][ C1] RAX: 1ffffffff1bec202 RBX: 000000000df36000 RCX: ffff888052ed3c00 [ 1673.323810][ C1] RDX: 0000000000000000 RSI: ffffffff8df36000 RDI: ffffffff7fffffff [ 1673.323821][ C1] RBP: ffffc9000c62f5f0 R08: ffffffff8e247377 R09: 1ffffffff1c48e6e [ 1673.323832][ C1] R10: dffffc0000000000 R11: fffffbfff1c48e6f R12: ffffffff8e246cf8 [ 1673.323844][ C1] R13: ffffffff8e246c40 R14: 000000000df36000 R15: dffffc0000000000 [ 1673.323855][ C1] FS: 0000000000000000(0000) GS:ffff888125d1d000(0000) knlGS:0000000000000000 [ 1673.323867][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1673.323878][ C1] CR2: 00007fe3ca6e7d60 CR3: 000000001a478000 CR4: 00000000003526f0 [ 1673.323892][ C1] Call Trace: [ 1673.323897][ C1] [ 1673.323905][ C1] load_new_mm_cr3+0xb1/0x1e0 [ 1673.323921][ C1] switch_mm_irqs_off+0x52d/0x7a0 [ 1673.323939][ C1] ? __pfx_switch_mm_irqs_off+0x10/0x10 [ 1673.323953][ C1] ? __pfx_switch_mm_irqs_off+0x10/0x10 [ 1673.323965][ C1] ? do_raw_spin_lock+0x121/0x290 [ 1673.323979][ C1] ? __pte_offset_map_lock+0x13e/0x210 [ 1673.324002][ C1] unuse_temporary_mm+0x136/0x220 [ 1673.324018][ C1] ? __pfx_unuse_temporary_mm+0x10/0x10 [ 1673.324033][ C1] ? __text_poke+0x633/0xa10 [ 1673.324047][ C1] ? kasan_check_range+0x2b0/0x2c0 [ 1673.324060][ C1] ? __text_poke+0x633/0xa10 [ 1673.324075][ C1] ? kmem_cache_alloc_bulk_noprof+0x148/0x790 [ 1673.324090][ C1] __text_poke+0x6c8/0xa10 [ 1673.324107][ C1] ? __pfx_text_poke_memcpy+0x10/0x10 [ 1673.324121][ C1] ? kmem_cache_alloc_bulk_noprof+0x148/0x790 [ 1673.324135][ C1] ? __pfx___text_poke+0x10/0x10 [ 1673.324148][ C1] ? rcu_is_watching+0x15/0xb0 [ 1673.324167][ C1] ? trace_contention_end+0x39/0x120 [ 1673.324194][ C1] smp_text_poke_batch_finish+0xd0a/0x1100 [ 1673.324213][ C1] ? __pfx_smp_text_poke_batch_finish+0x10/0x10 [ 1673.324231][ C1] ? arch_jump_label_transform_queue+0x97/0x110 [ 1673.324254][ C1] arch_jump_label_transform_apply+0x1c/0x30 [ 1673.324270][ C1] static_key_enable_cpuslocked+0x128/0x250 [ 1673.324293][ C1] static_key_enable+0x1a/0x20 [ 1673.324312][ C1] toggle_allocation_gate+0xad/0x240 [ 1673.324332][ C1] ? __pfx_toggle_allocation_gate+0x10/0x10 [ 1673.324352][ C1] ? process_scheduled_works+0x9ef/0x17b0 [ 1673.324374][ C1] ? process_scheduled_works+0x9ef/0x17b0 [ 1673.324391][ C1] ? process_scheduled_works+0x9ef/0x17b0 [ 1673.324409][ C1] process_scheduled_works+0xae1/0x17b0 [ 1673.324442][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 1673.324468][ C1] worker_thread+0x8a0/0xda0 [ 1673.324487][ C1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 1673.324516][ C1] ? __kthread_parkme+0x7b/0x200 [ 1673.324540][ C1] kthread+0x70e/0x8a0 [ 1673.324556][ C1] ? __pfx_worker_thread+0x10/0x10 [ 1673.324573][ C1] ? __pfx_kthread+0x10/0x10 [ 1673.324587][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 1673.324605][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 1673.324623][ C1] ? __pfx_kthread+0x10/0x10 [ 1673.324638][ C1] ret_from_fork+0x3fc/0x770 [ 1673.324657][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 1673.324678][ C1] ? __switch_to_asm+0x39/0x70 [ 1673.324691][ C1] ? __switch_to_asm+0x33/0x70 [ 1673.324705][ C1] ? __pfx_kthread+0x10/0x10 [ 1673.324719][ C1] ret_from_fork_asm+0x1a/0x30 [ 1673.324741][ C1] [ 1673.328036][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 1673.328056][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) [ 1673.328079][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1673.328091][ T31] Call Trace: [ 1673.328100][ T31] [ 1673.328108][ T31] dump_stack_lvl+0x99/0x250 [ 1673.328137][ T31] ? __asan_memcpy+0x40/0x70 [ 1673.328160][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1673.328185][ T31] ? __pfx__printk+0x10/0x10 [ 1673.328215][ T31] panic+0x2db/0x790 [ 1673.328245][ T31] ? __pfx_panic+0x10/0x10 [ 1673.328273][ T31] ? __pfx_delay_tsc+0x10/0x10 [ 1673.328295][ T31] ? nmi_backtrace_stall_check+0x433/0x440 [ 1673.328322][ T31] ? preempt_schedule_thunk+0x16/0x30 [ 1673.328345][ T31] ? nmi_trigger_cpumask_backtrace+0x2b6/0x300 [ 1673.328374][ T31] watchdog+0x102d/0x1030 [ 1673.328397][ T31] ? watchdog+0x1de/0x1030 [ 1673.328423][ T31] kthread+0x70e/0x8a0 [ 1673.328444][ T31] ? __pfx_watchdog+0x10/0x10 [ 1673.328463][ T31] ? __pfx_kthread+0x10/0x10 [ 1673.328482][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 1673.328505][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 1673.328527][ T31] ? __pfx_kthread+0x10/0x10 [ 1673.328546][ T31] ret_from_fork+0x3fc/0x770 [ 1673.328570][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 1673.328597][ T31] ? __switch_to_asm+0x39/0x70 [ 1673.328614][ T31] ? __switch_to_asm+0x33/0x70 [ 1673.328630][ T31] ? __pfx_kthread+0x10/0x10 [ 1673.328649][ T31] ret_from_fork_asm+0x1a/0x30 [ 1673.328680][ T31] [ 1673.851983][ T31] Kernel Offset: disabled [ 1673.856288][ T31] Rebooting in 86400 seconds..