last executing test programs: 3.233723857s ago: executing program 0 (id=1697): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000400)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000e40)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16, @ANYBLOB="01002abd7000fddbdf252100000008000300", @ANYRES32=r2], 0x24}}, 0x40084) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_FRAME(r5, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="48040000", @ANYRES16=r4, @ANYBLOB="01e5c300000000fb04003b1c210008000300", @ANYRES32=r3, @ANYBLOB="2c0433005000de295b3acba52ee4080211000001"], 0x448}, 0x1, 0x0, 0x0, 0x480d5}, 0x0) 3.020423999s ago: executing program 0 (id=1701): openat$mice(0xffffffffffffff9c, &(0x7f0000000080), 0x20001) syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x2b, 0xa1, 0xef, 0x40, 0x5ac, 0x245, 0xa3a, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x4, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x1c, 0x0, 0x0, 0x3, 0x4a, 0x2}}]}}]}}, 0x0) 2.936898837s ago: executing program 2 (id=1702): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r0 = syz_open_dev$video(&(0x7f0000000080), 0x7, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x0, 0x59455247, 0x140, 0xf0, 0x1, @discrete={0x7fff, 0xfff}}) 2.788301482s ago: executing program 2 (id=1704): syz_mount_image$nilfs2(&(0x7f0000000dc0), &(0x7f0000000e00)='./file0\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0093d84f10fc3e1ec648b776cb7f8081d09ad0cc63a23840b824f920b21981285520a35f491e6934193661e8f46d"], 0x1, 0xd99, &(0x7f0000000e80)="$eJzs3UtvXNUdAPBzx544LxqHmMZN09glpbiP2CRYpbsaKV2gSqgSnwClgYYa+ghdgIKUsOi2kRAfoIh9F31mgRSxSsWmVb8AYtVNipBoG1UCI9vnjMf/zOjOOLbH4/n9pDtn7v2fe88587hz575OAkZWY+1xcXG6SuntW29dvDcz/r/VKTOtHLNrj+N5bCml1GzNl9JkWN7SxHr62SfXLrWnn+e0ShdSlarW9PTs3da8R1JK19Nsup0m03Mfn7z50gfPLL934saJi2/M3dmZ1gMAwGi596N3f/m3x3947fj/f39mKU20ppft86U8fjRv9y9V6+M5af0PqNrSqm28OBDyjeehEfKNdcjXXk4z5BvvUv6BsNxml3wTNeWPtU3r1G4YZhv/46vG/KbxRmN+fv0/+aoPxw5U869cWX7h6oAqCmy7T2fyLj6DwTByw8qxQa+BANbF44b3uR73LDyY1tLGeyv/7tONzvPDNtjtz7/yh6v8d29Y47B99uunqbSrfI+O5vF4HGE8zNfv978sLx6PaPZYz27HEYbl+EK3eo7tcj22qlv94+div/paTsvrcCbE278/8T0dlvcY6Oye/f8Gw8gOK4NeAQF7VjxvbiUr8XheX4xP1MQP1sQP1cQP18SP1MRhlP3h1d+mm9XG//z4n77f/WFlP9tDOf1Sn/WJ+yP7LT+e99uvBy0/nk8Me9rcf09/+uvbf4/n/38ezv8/m39LJ/MKouwvjPvVW+f+hwuDG13yPRyq81CH/GvPpzbnq6Y2lpPa1jP31WN683zHuuU7vTnfZMh3OG+LHAz1jdsnh8N8ZfujrFfL6zUe2tsM7TgQ6lHemeM5PRjac7xbu8KO7AMhXzMPJ0K7pkK7HgnzfTm0q5re3K64/7zU52SYHo+TlHzhbbvvdym+F/G6jEdz+mZO38np+zn9qEO5o6h8Hrud/18+n9OpWb1wZfnyE3m8fE7vjDUnVqef3+V6Aw+u1+t/ptPm63+OtqY3G+3rhWMb06v29cJkmH6hy/Qn83j5Pfvp2KG16fOXfr78k+1uPIy4q6+9/rPnl5cv/8oTTzzxpPVk0GsmYKctvPryLxauvvb6uSsvP//i5Rcvv3L+ie9/78mnnlpcWNuqX2jftgf2l40f/UHXBAAAAAAAAAAAAOhZdajz5JzW3d+2XE9erk+P18czHMr7Vj4N5T4G5frPbvd1KddvHt+FOrL9duNyokG3Eejs3+7/azCM7LCy4i7+wN4w6P7/yn0PS3r03D+Prw4l292nN68v4/0L4UHs9f7nlL+/+v9r9X/V8/ov9Jg1ubVy/3jv0D/aik2nei0/tr/cB3aqv/L/lMsvrXks9Vb+yu9C+fFGpT36cyj/cI/l39f+01sr/y+5/PKyzZ3ttfz1GleNzfWI+43LfQDjfuPir6H95d5+fbd/ix213crlwygbln4m+zUs/X92U5Zb1oN59dw6Tlfuvx37O+i3/uW+3+V34JGw/Krm903/n8Otrv/P8vlb0P8n7DsfOv5nMIzssLKyMtCuT0a135W9YtCv/6C3IQdd/qBf/zqx/8/4fyn2/xnjsf/PGI/9f8Z47F8rxmP/n/H1jP1/xvjJsNzYP+h0TfwrNfFTNfGv1sRP18Tj/7cYn62Jn6mJz9TEH66JP1oTP1sT/0ZN/LGa+OM18bma+H739ZyOavthlMV+I33/YXSU4z/dvv9TNXFgeMV+neP3+5s1cWB4lfM8fL9hBFWd79gR97eX/bhv5vSdnL6f0492rILshm/l9Ns5/U5Ov5vTczmdz+lCTvUNOdx+869TZ25WG+f5HQvxXs8njdcDxPvEnO+xPvH4XL/ns57ssZydKn+Ll4MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADI3G2uPi4nSV0tu33rr4n6kf/Hh1ykwrx+za43geW0opNVNKVR4fD8u7PrGefvbJtUud0ipdWHss4+nZu615j6zOn2bT7TSZnvv45M2XPnhm+b0TN05cfGPuzs60HgAAAEbDFwEAAP//ManlwQ==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r0, 0x40106e80, 0x0) 2.583323592s ago: executing program 2 (id=1706): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e21, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000000)=[@mss, @sack_perm, @sack_perm, @mss={0x2, 0x7}, @window={0x3, 0x3, 0x401}, @window], 0x21) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0), 0x4) sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x12, 0x0, 0x12) recvfrom$inet(r0, 0x0, 0x0, 0xc9100120, 0x0, 0x0) 1.655666625s ago: executing program 2 (id=1711): openat$sequencer2(0xffffffffffffff9c, &(0x7f00000005c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = socket(0x2, 0x3, 0xffffffff) ioctl$EVIOCGKEYCODE_V2(0xffffffffffffffff, 0x80284504, &(0x7f0000000b00)=""/68) connect$inet(r1, &(0x7f0000000540)={0x2, 0x4e22, @remote}, 0x10) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x28, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_EXTHDR_TYPE={0x5, 0x2, 0x7}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0xa4}}, 0x0) syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file2\x00', 0x2000410, &(0x7f0000000000)={[{@bsdgroups}, {@jqfmt_vfsv1}]}, 0xc1, 0x7da, &(0x7f0000000fc0)="$eJzs3c1rG80dAODfyh+ynbR2odAmJ0OhNYTIdeomLfSQ0kMpNBBoz02MrJjUshUsOcTGEOdQ6KXQlh4K7SXnfqSHQq/9uLb/ROmhJITWMW/e04tediX5U5LtxJId/Dyw2pnd2Z0Z7ezsSLtIAVxYk+lLLuJKRPw8iRhvLk8iYigLDUbcbqR7u7VRTKck6vUf/C/J0vz50u6+kub8UjPyxYj4+08iruUO5jranJdLK83QdG3p0XR1bf36w6W5hdJCafnmzOzsjVtfv3Xz8Fbv6qN/rV9+9YvvfuWPtwfjCy9+9o8kbsfl5rrtrY3ie+7+kMmYbL4nQ+lbuM93TjuzM5acdQF4J+mpOdA4y+NKjMdAFurgfU9AAOBceBoRdQDggklc/wHggml9D7C9tVFsTWf7jUR/vf52RIw06t+6v9lYM9i8ZzeS3Qcd20723RlJImLiFPKfjIjf/uVHv0+n6NF9SIB2Np9FxP2Jye2t/IH+P0n7v+Gj95DvuOar3TarN7abPLBY/wf989d0/PONw+O/qzsP9IxkrwfGPyP5Nufuuzj6/M+97LDpMfqmo6Xjv2/tebZtd/y389DaxEAz9plszDeUPHhYLqV922cjYiqG8ml8Jkva/imoqTefvOmU/97x3/9/+ePfpfmn890UuZeD+aiP79lmfq42dwpVz7x+FnF1sF39k53xb9Jh/Hu34173H5rvffOnv+mUMq1/Wt/WdLj+vVV/HvHltsd/91gmXZ9PnM6aw3SrUbTxp//8eqxT/rvHP5/N0/xbnwX6IT3+Y93rP5GGqmvri3PlcmmlevI8/vl8/G+d1u1t/+3rn7X/fdL2P5z8MAu3WtqTuVptZSZiOPn+4eU3drdtxVvp0/pPfan9+d+p/eeaz8be34l1N/hq+A/NXbWtf2azU/17K63//ImOf5dAvbnNgVUv3i4OdMr/eMd/NgtNNZccp/87oqTv0ZoBAAAAAAAAAAAAAAAAAAAAAAAA4ORyEXE5klxhJ5zLFQqN//D+fIzlypVq7dqDyuryfGT/lT0RQ7nWT12O7/k91Jnm7+G34jcOxL8WEZ+LiF/lR7N4oVgpz5915QEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACg6dL+//9/ms4Khca6/+bPunQAQM+MnHUBAIC+c/0HgIvnZNf/0Z6VAwDonxN//q8nvSkIANA3x77+3+9tOQCA/nH/HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgB67e+dOOtU/3toopvH5x2uri5XH1+dL1cXC0mqxUKysPCosVCoL5VKhWFnquKPNxqxcqTyajeXVJ9O1UrU2XV1bv7dUWV2u3Xu4NLdQulca6lvNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOD4qmvri3PlcmlFoEtgtDR6HopxjgKDcS6KcSiw+e+hrF13TRwTH0zjH+6SJjnNvEYPLtnbS4yeSd8EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8CH4NAAA//9RvRhH") sendto$inet(r1, 0x0, 0x0, 0x88d0, &(0x7f0000000040)={0x2, 0x4e23, @rand_addr=0x64010102}, 0x10) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='blkio.bfq.time_recursive\x00', 0x275a, 0x0) r4 = socket$kcm(0xf, 0x3, 0x2) sendmsg$inet(r4, &(0x7f0000003780)={0x0, 0x0, 0x0}, 0x0) write$binfmt_script(r3, &(0x7f0000000280)={'#! ', './file2'}, 0xb) ioctl$FIBMAP(r3, 0x1, &(0x7f0000000080)=0x10001) sendmsg$rds(r4, &(0x7f0000000a00)={&(0x7f0000000140)={0x2, 0x4e23, @loopback}, 0x10, 0x0, 0x0, &(0x7f0000000880)=[@rdma_map={0x30, 0x114, 0x3, {{&(0x7f00000006c0)=""/111, 0x6f}, &(0x7f0000000340), 0x2}}, @cswp={0x58, 0x114, 0x7, {{0x0, 0x9}, 0x0, &(0x7f0000000500)=0xfffffffffffffff3, 0x0, 0xfffffffffffffffb, 0x3bd7, 0x4, 0xd, 0x4}}, @mask_cswp={0x58, 0x114, 0x9, {{0x5}, 0x0, 0x0, 0x1, 0xbe0, 0x3, 0xd, 0x2c, 0x8}}, @cswp={0x58, 0x114, 0x7, {{0x9, 0xfffffff7}, &(0x7f00000007c0)=0x8, &(0x7f0000000800)=0xff, 0x5, 0x0, 0x7fffffff, 0x9, 0x455c3fc85c8fd46, 0x3}}], 0x138, 0x890}, 0x20000000) openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/tty/drivers\x00', 0x0, 0x0) r5 = socket$inet6(0xa, 0x805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, &(0x7f0000000080)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @private1}]}, &(0x7f00000002c0)=0x10) syz_io_uring_setup(0x22f, &(0x7f0000000080)={0x0, 0x5325, 0x10000, 0x0, 0x100002cf}, 0x0, 0x0) getsockopt$bt_hci(r5, 0x84, 0x82, &(0x7f0000000080)=""/4076, &(0x7f00000010c0)=0xfec) sched_setscheduler(0x0, 0x2, 0x0) 1.488238331s ago: executing program 1 (id=1714): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000012c0)=ANY=[@ANYBLOB="380200001900010025bd700001000000fe8800000000000000000000000001010000000000000000000000000000000000000000000000000200000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000020000000000000000010084010500ac1414aa000000000000000000000000000000003300000000000000640101000000000000000000000000000000000000000000000000000000000040000000fe8000000000000000000000000000bb000020003c00000002000000fe800000000000000000000002f408c8216606f0e8b7"], 0x238}, 0x1, 0x0, 0x0, 0x1}, 0x4000) 1.481794722s ago: executing program 2 (id=1715): r0 = socket$kcm(0x10, 0x400000002, 0x0) write$cgroup_subtree(r0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0007000042009103"], 0xfe33) recvmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000002500)=""/4137, 0x1029}, {&(0x7f0000000500)=""/183, 0xb7}], 0x2}, 0x120) 1.373955813s ago: executing program 0 (id=1716): r0 = landlock_create_ruleset(&(0x7f0000000080)={0x8601, 0x2}, 0x18, 0x0) landlock_restrict_self(r0, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = syz_io_uring_setup(0x1238, &(0x7f0000000380)={0x0, 0x80fd, 0x80, 0x2, 0xab9}, &(0x7f0000000040)=0x0, &(0x7f0000000200)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r1, 0x0, 0x0}) io_uring_enter(r2, 0x47bc, 0x0, 0x0, 0x0, 0x0) 1.30831554s ago: executing program 2 (id=1717): r0 = socket$inet(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) bind$netlink(r3, &(0x7f0000000100)={0x10, 0x0, 0x25dfdbfd, 0x400}, 0xc) getsockname$packet(r3, &(0x7f0000000600)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r2, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=@newlink={0x3c, 0x10, 0x40d, 0x70bd2d, 0x20000000, {0x0, 0x0, 0x0, r4, 0x50504}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_MODE={0x5, 0x1, 0x1}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40040}, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001400)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r1}, @IFLA_MASTER={0x8, 0xa, r7}]}, 0x44}}, 0x0) r8 = socket$nl_rdma(0x10, 0x3, 0x14) r9 = socket$netlink(0x10, 0x3, 0x0) sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, 0x0, 0x20008084) ioctl$sock_SIOCBRDELBR(r9, 0x89a2, &(0x7f0000000000)='bridge0\x00') r10 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r10, &(0x7f0000000600)={0x0, 0xfffffffe, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8480d0000005e140604000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x38, 0x1403, 0xc23, 0x70bd2a, 0x25dfdbff, "", [{{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'syz_tun\x00'}}]}, 0x38}, 0x1, 0x0, 0x0, 0x48845}, 0x4000) 1.302001121s ago: executing program 1 (id=1718): creat(&(0x7f0000000140)='./file0\x00', 0x71) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x80, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB, @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f0000006300)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0x10408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}}, 0x50) syz_fuse_handle_req(r0, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x80101, 0x0) dup2(r2, r0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0) ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) 1.079265832s ago: executing program 1 (id=1720): prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) poll(&(0x7f0000000040)=[{0xffffffffffffffff, 0x80cd}], 0x1, 0x7) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r2, &(0x7f0000000040)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x12, r2, 0x0) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x14, 0x874fd42a7836ef64, 0x4}) sendmmsg$inet6(r1, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) 1.070001074s ago: executing program 3 (id=1721): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000400)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000e40)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16, @ANYBLOB="01002abd7000fddbdf252100000008000300", @ANYRES32=r2], 0x24}}, 0x40084) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_FRAME(r5, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="48040000", @ANYRES16=r4, @ANYBLOB="01e5c300000000fb04003b1c210008000300", @ANYRES32=r3, @ANYBLOB="2c0433005000de295b3acba52ee4080211000001"], 0x448}, 0x1, 0x0, 0x0, 0x480d5}, 0x0) 900.412331ms ago: executing program 0 (id=1722): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB], 0x38}, 0x1, 0x0, 0x0, 0x880}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 792.411181ms ago: executing program 3 (id=1723): openat$sequencer2(0xffffffffffffff9c, &(0x7f00000005c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = socket(0x2, 0x3, 0xffffffff) ioctl$EVIOCGKEYCODE_V2(0xffffffffffffffff, 0x80284504, &(0x7f0000000b00)=""/68) connect$inet(r1, &(0x7f0000000540)={0x2, 0x4e22, @remote}, 0x10) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x28, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_EXTHDR_TYPE={0x5, 0x2, 0x7}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0xa4}}, 0x0) syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file2\x00', 0x2000410, &(0x7f0000000000)={[{@bsdgroups}, {@jqfmt_vfsv1}]}, 0xc1, 0x7da, &(0x7f0000000fc0)="$eJzs3c1rG80dAODfyh+ynbR2odAmJ0OhNYTIdeomLfSQ0kMpNBBoz02MrJjUshUsOcTGEOdQ6KXQlh4K7SXnfqSHQq/9uLb/ROmhJITWMW/e04tediX5U5LtxJId/Dyw2pnd2Z0Z7ezsSLtIAVxYk+lLLuJKRPw8iRhvLk8iYigLDUbcbqR7u7VRTKck6vUf/C/J0vz50u6+kub8UjPyxYj4+08iruUO5jranJdLK83QdG3p0XR1bf36w6W5hdJCafnmzOzsjVtfv3Xz8Fbv6qN/rV9+9YvvfuWPtwfjCy9+9o8kbsfl5rrtrY3ie+7+kMmYbL4nQ+lbuM93TjuzM5acdQF4J+mpOdA4y+NKjMdAFurgfU9AAOBceBoRdQDggklc/wHggml9D7C9tVFsTWf7jUR/vf52RIw06t+6v9lYM9i8ZzeS3Qcd20723RlJImLiFPKfjIjf/uVHv0+n6NF9SIB2Np9FxP2Jye2t/IH+P0n7v+Gj95DvuOar3TarN7abPLBY/wf989d0/PONw+O/qzsP9IxkrwfGPyP5Nufuuzj6/M+97LDpMfqmo6Xjv2/tebZtd/y389DaxEAz9plszDeUPHhYLqV922cjYiqG8ml8Jkva/imoqTefvOmU/97x3/9/+ePfpfmn890UuZeD+aiP79lmfq42dwpVz7x+FnF1sF39k53xb9Jh/Hu34173H5rvffOnv+mUMq1/Wt/WdLj+vVV/HvHltsd/91gmXZ9PnM6aw3SrUbTxp//8eqxT/rvHP5/N0/xbnwX6IT3+Y93rP5GGqmvri3PlcmmlevI8/vl8/G+d1u1t/+3rn7X/fdL2P5z8MAu3WtqTuVptZSZiOPn+4eU3drdtxVvp0/pPfan9+d+p/eeaz8be34l1N/hq+A/NXbWtf2azU/17K63//ImOf5dAvbnNgVUv3i4OdMr/eMd/NgtNNZccp/87oqTv0ZoBAAAAAAAAAAAAAAAAAAAAAAAA4ORyEXE5klxhJ5zLFQqN//D+fIzlypVq7dqDyuryfGT/lT0RQ7nWT12O7/k91Jnm7+G34jcOxL8WEZ+LiF/lR7N4oVgpz5915QEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACg6dL+//9/ms4Khca6/+bPunQAQM+MnHUBAIC+c/0HgIvnZNf/0Z6VAwDonxN//q8nvSkIANA3x77+3+9tOQCA/nH/HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgB67e+dOOtU/3toopvH5x2uri5XH1+dL1cXC0mqxUKysPCosVCoL5VKhWFnquKPNxqxcqTyajeXVJ9O1UrU2XV1bv7dUWV2u3Xu4NLdQulca6lvNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOD4qmvri3PlcmlFoEtgtDR6HopxjgKDcS6KcSiw+e+hrF13TRwTH0zjH+6SJjnNvEYPLtnbS4yeSd8EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8CH4NAAA//9RvRhH") sendto$inet(r1, 0x0, 0x0, 0x88d0, &(0x7f0000000040)={0x2, 0x4e23, @rand_addr=0x64010102}, 0x10) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='blkio.bfq.time_recursive\x00', 0x275a, 0x0) r4 = socket$kcm(0xf, 0x3, 0x2) sendmsg$inet(r4, &(0x7f0000003780)={0x0, 0x0, 0x0}, 0x0) write$binfmt_script(r3, &(0x7f0000000280)={'#! ', './file2'}, 0xb) ioctl$FIBMAP(r3, 0x1, &(0x7f0000000080)=0x10001) sendmsg$rds(r4, &(0x7f0000000a00)={&(0x7f0000000140)={0x2, 0x4e23, @loopback}, 0x10, 0x0, 0x0, &(0x7f0000000880)=[@rdma_map={0x30, 0x114, 0x3, {{&(0x7f00000006c0)=""/111, 0x6f}, &(0x7f0000000340), 0x2}}, @cswp={0x58, 0x114, 0x7, {{0x0, 0x9}, 0x0, &(0x7f0000000500)=0xfffffffffffffff3, 0x0, 0xfffffffffffffffb, 0x3bd7, 0x4, 0xd, 0x4}}, @mask_cswp={0x58, 0x114, 0x9, {{0x5}, 0x0, 0x0, 0x1, 0xbe0, 0x3, 0xd, 0x2c, 0x8}}, @cswp={0x58, 0x114, 0x7, {{0x9, 0xfffffff7}, &(0x7f00000007c0)=0x8, &(0x7f0000000800)=0xff, 0x5, 0x0, 0x7fffffff, 0x9, 0x455c3fc85c8fd46, 0x3}}], 0x138, 0x890}, 0x20000000) openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/tty/drivers\x00', 0x0, 0x0) r5 = socket$inet6(0xa, 0x805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, &(0x7f0000000080)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @private1}]}, &(0x7f00000002c0)=0x10) syz_io_uring_setup(0x22f, &(0x7f0000000080)={0x0, 0x5325, 0x10000, 0x0, 0x100002cf}, 0x0, 0x0) getsockopt$bt_hci(r5, 0x84, 0x82, &(0x7f0000000080)=""/4076, &(0x7f00000010c0)=0xfec) sched_setscheduler(0x0, 0x2, 0x0) 624.184838ms ago: executing program 0 (id=1724): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x60000000004, 0x1000000000, 0x5, 0x41, 0x2000000, 0x0, 0x2004cb, 0x0, 0xa1d, 0x8, 0x5, 0x0, 0x3, 0x2], 0x10000, 0x202}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_GUEST_DEBUG_x86(r2, 0x4048ae9b, &(0x7f0000000000)={0xe0000, 0x0, {[0x8000000000000000, 0x10, 0xc, 0x100000000, 0x3, 0x0, 0x6, 0x885]}}) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000100)={{0xd000, 0x0, 0x0, 0x7, 0x8, 0x0, 0x0, 0x3, 0x0, 0x8, 0x6}, {0xffff1000, 0x10000, 0xc, 0x0, 0x2, 0x0, 0x0, 0x0, 0x7, 0xff}, {0x2000, 0x8080000, 0xc, 0x0, 0x7, 0xc4, 0x0, 0x0, 0x8, 0x3, 0x40, 0xfc}, {0xeeef0000, 0x33331000, 0x18592cbc7c573fc6, 0x9, 0x1, 0x0, 0x9, 0x0, 0x8, 0x0, 0x4}, {0x80a0000, 0xeeee8000, 0xe, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3c}, {0x100000, 0x0, 0x0, 0x78, 0x5, 0x1, 0x2, 0x0, 0x0, 0xff, 0x1}, {0x0, 0xeeee0000, 0xa, 0x4, 0x0, 0x0, 0xa1, 0x20, 0x0, 0x0, 0x8}, {0x2, 0x6000, 0xc, 0x0, 0x0, 0x7, 0x8, 0x40, 0x26, 0x0, 0x0, 0x2}, {0x80a0000, 0x8cc}, {0xdddd1000}, 0xddf8ffdb, 0x0, 0x0, 0x110, 0x0, 0xf801, 0x0, [0x80000001, 0x0, 0x1, 0x1]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 599.257471ms ago: executing program 3 (id=1725): r0 = socket$packet(0x11, 0x2, 0x300) getsockopt$packet_buf(r0, 0x107, 0x16, 0x0, &(0x7f0000000180)) 436.128447ms ago: executing program 1 (id=1726): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x2000001, &(0x7f0000000180)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 368.435624ms ago: executing program 3 (id=1727): socket$packet(0x11, 0x3, 0x300) bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x1e, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb85"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0xae, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x7ffd}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001300)={&(0x7f0000000c00)='net_dev_start_xmit\x00', r0}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000000f00)=ANY=[@ANYBLOB="b702000002000000bfa30000000000000703000000feffff7a0af0fff8bffffd79a4f0ff00000000b7060000ffffffff2d640500000000006504040001001f000404000081007d60b7030000000000006a0a00fefdff0000850000000d000000b7000000000000009500000000000000c74396c8e3ebbadc20e5a7ef8c9ac1465c3a1f59916ffc9bf0bd09279c362f80e5cf8df265e1b40e4c8ae7a89cf8bd819b5c0c000000008da68076774bb4db2c769937000090af27db5b56024dcbbbd2cb2000ce94284673b4e8d5467e357754508535766c801100000000b290a248a120c9c6e39f3052aae80677eeba68562eaeaea5fecf298ca20f274233106e2baf69b1c60f0ce4099f366b89ab63ecf772de7b265040b6b1acbef92b2704550a4d1dd5c50b7420b58a93fe94c756008afcd0b2eb785632e0a85f02a5a6474ae549070000000000001294fba0ed5020e6477cc921fee1f6d8ad6a80d0947cd6d4a561ced23b0b4a902be6af7ec2d1ba000057f301000000000000000000000000100000aaf253886c0b9f6d4731d714ad72e5ad8530a6380ed2d29f47f96a576cd20cef7ed95157ab050000f0077e9d13d8b93eb0f2c6f8941e35e1577c10e509c9b133c849eb709df5c6ba73cccdfa3c58bc5204339b0b487f0eeed581cb202900000d322717c338033213c18a34ee0ca2cf61efb4b3797a642735d6d482ba98d252f36c54333aab1aa736369392239820f5f1557b0bf7ccb0a5a13c714e0b1a5bc3f9caff3283076cda3d0b1a2905cf7bd04f2db530abcbe44bc40528ad807970727fb819afa14aad99f93093ced7dd51995edcf53b907228fa9e83433eedb4ac88d0285594ffb0d14e71d5c57f33702f22b22417bfb38d04c8441ceec8bcaffbe800aa41307bd8325a76f395bc9a8b0c9d905979f34adddb521914f92eed3d3e9de82942a952e86bd67aff5bc2e3c1fcc00f61124dd06df4b8fd356cb365adc037e443820c05c5db160087a9cf471e0eff227f25b2c5cacebfcd55f8c81f5eb1f8d615ca27efb2193bb61665b8ce37f30c2efc9c3b5a4a5d95479fac471ba60fbd0e50223517a07a3484124c5563cd3700000000001825b05a580ea8cb7f85b77b35a06a895b287b47efbe220bc215aca4a65d7018a7f91c4228b35f71a7c183360ab7a7b6b7870086d851ff861ee07bbec801b79afa477ebab255c7265820456fdc3f34f9d729315d856be7ec564613d5e28cf7c405d6e2b6aeb20000b8505a36a8067cb459fab87c8de118117733d30f4fe049658a2c3edd43546ead9c7882858868cff89a49a693731140db1b7b7116060c30690a39de8b3e0eb4f5401e8354870848c546f9defe1a9c534c9030830fec3eeb5faf1d64bb8e80000000f6ff0000000000000055d843352632b829ceb5200a2cdeb63c0bc7e835e061f9ac3c052b5b6f689bf203aeb8858be07691bc83e178181fab55e6ed9e8a17819de49564d0f0c00dd507441b80cd499c39c5d03d6c00cf5be5215bae09a4f52abf8f1c1add498470a0bb9d7ab757a8b28e4accc939b3621e4c2c9e02741c51eeeaad40cf2e1c3659d83ed71fc628807739d70edda93542445e3204828c49bef648efdc2208341357dd158f411d379df9b1feffbe7c7ee80558a040fa3d5a303f36d5c1a66d9644fc0559aa0e291355ee3de6c7a705b8f7b45bb825044b9a82a6fd2f6eeb14eee0c3f71eeea9984e14c57022ef72850b6dc5fda167d6f98f6c1c73feb424b7937e3c7ca0d2525efbdac50eb94797cf3747b83b56cfea8c74dd3f957dc462e715b789934b422b7ddf3e11a6ad6ad9afd5389c728d14"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x3f, 0x10, &(0x7f0000000000), 0x2ff}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r1, 0x18000000000002a0, 0xe80, 0x304, &(0x7f0000000040)="b90703600000f007049e0ff065581fffffe10ec53308633a77fbac141441e0022001be3e7d2a2002ff", 0x0, 0x104, 0xa000000, 0x0, 0xfeb9, &(0x7f0000000640)="9209558f0c5fb25cd57f98113135c3171b8b331fbc04f0e6955a796ff8e3aae3cac46cec3030dfc999058aea02f0e6dcf2f9d480d328655aca003927bd50ed49d4843c8a0a2a4b26ceb747947200bd644c85e7a8a7d7cfce840c02a7d69c9e0bca410f64d43290abbbf3131e1fa8bd8c3e5f19d5a491d3d4c1a0fe47de9eebaf073ac3da6256bdb681d18fbd607c9b0d710442bcf78bc36fd3c035812bde582a262bff0e4d6181c818fccf542868c6e602d97bea23a101955dc76bcc984142ab305387aa348566d688edd291a3e9d08952adbdf60462bb7f7faebcdfccf17115708b0d73d0f3a469ce7d8374219b3f92c92bcec4958d474bb281c26691949d054b784a5866f081e53eb9cfd7", &(0x7f0000000100), 0x0, 0x300}, 0x28) 241.237396ms ago: executing program 1 (id=1728): creat(&(0x7f0000000140)='./file0\x00', 0x71) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x80, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB, @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f0000006300)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0x10408, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}}, 0x50) syz_fuse_handle_req(r0, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x80101, 0x0) dup2(r2, r0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0) ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) 186.335151ms ago: executing program 3 (id=1729): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000060000"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r0}, 0x10) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x74) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0xc89f, 0xc000, 0x7, 0x1b5}) mbind(&(0x7f0000118000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, 0x2) 152.802545ms ago: executing program 0 (id=1730): r0 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi3\x00', 0x2000, 0x0) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f0000000080)={'c6xdigio\x00', [0x40401, 0x181, 0x2, 0xa, 0x14000000, 0x0, 0xfffffffc, 0x2, 0xffd, 0x7ffe, 0x3, 0x723, 0x400, 0x2, 0x13, 0x100, 0xffffffa7, 0x9, 0xffff, 0x1, 0x3fd, 0x4000009, 0x200, 0xe2de, 0xaaa1, 0xffffffff, 0x4, 0x40000, 0x1, 0xf58, 0x6]}) 5.42674ms ago: executing program 1 (id=1731): bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x8, 0xe, &(0x7f0000000840)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8fff0ff79a4f0ff00000000b7060000ffffffff6d6405000000000065040400010000000404000001000000b7050000400000006a0a80fe000000008500000053000000b70000000000000095000010000000004e62011c3034fdb117168bd07ba08af339d1a1ee35fe313a255c33282044b32495ef8ab9adc67ccc945ff15d802f5132143c0a9fc7a84452569957c1002ed7d458e17f791f4798c8eb484de03312c69b3edff5be26765ba5f8f2879021c2ea53ac547a654bbd2db5356b971d83dd12742be9087a3e7b7c0efd3e38c794eb06b0b8c392904ae7dd5e4dee88518ddf12dddd4bfc6a4dd3b6beba51074229b0d4b504516c4c3e5d1aa044d8d00728141cd67bcd68f253288e655c6b34e02e90637ef2912ba7de26ff2357ef17f95a25780c3a057826ef4e912f01a201e694e3049b8c8fe8b65d8d66bb766f7f3f918c86a702522368d9f81897133af94a5a4cff7f4d8b9d8eaf302f0b2e0c252b0000000000000000ee917bca4885bbf597a14ab6458e6272d88e0c8088f404f011289ebc5623faa1182632161e073af1d69a2e36be115be3b325ecd201d2ffb0a7fa4f5d1106560cdcf071defd0a8be3b69ce3e4f361aca75827426dde87fdf4617222674280f55e98107450c19b861299fcd9ed9d8679406419406bf0c5329bd5b4697336112b0b8756ce3574046bf611a108f8df4d1a88597840b702b6fa8edfff8faf8b8ec039bab385cac0535373bb8fab90539b1a65ddff841eb671f7faf39a43a66c5540b8762b42007c9ec43193ccf617dbf8a12b4a189edbf9fb7c42b1f435ccd4b19b53b60322af0aa66e8f448e1bd96822e6b70b62912c926dbe417cccd4f696d528fa8a3ea847f10e9b1106f3bb506f1d7fbdf801000000000000006c028eb5b5a073d0de5538ab42e171b3baae34c35987b0dda497ac3f5e97e60eaeea15c6d55badf9b86b1c000100009060cd06c9ed24313ce607d403bb6030f800000000690db0221b1705c501f802ff59b4e683efa4b6e77e042072ec9eb8166f6e28b49a7705a1befc4d315878f88a8fb1dd679fb4c5557abae6849917dc51a89d47b728502f7e621fc0e3ba04020000c149ee6601728c750930519339b44197c22da865059b475afd96187d881e93b42a5fdfd686d8900c44c67133eeb0109dcb60dddad58037fda65885a15a42560ee3027a5ebf95254744f10fd607bc3100b94932b8d9447c42f6e21ee0e54f8be386bdc09decece910a481e648e0cb074536a25ff581d92af08a06f857311a2f14326b0b290205e91a682e00c8762cbc6b904c980eef6e6ae00f0000000000006a8194479700a02b92bec8d05eae1f24fdd7b80d3dde04c22f689594de2ebb9687219de8d73ac83823feb402a2415a9850d5f0183ec67be96dc0e4acd7acf1dfe79d6771903b76e2ae47d972651390c22d641030e1ddac018dc3116e1803af10a5f2b5f7ba58aca5bcabbbab24414a3810788e5503e4be66d683daac5f00000000000000001000ba96edb95ede0e1957c2a2754258d9fd028096cc15a8b912b494d4bbe609031ea1ca65a548941d5d16297757310d9daebd5a3dabbced3b051129cd60a37d397643324e6f0aadf978d639650000000000000000570b0acbcaa196e6b46e213a34c1a550e7c2d8cee7a278cee591f360e345d37dc9f8991a16c08d72317e42d2ac9126acd76130ef1086016697e4d51c4b42b2efc8edab88d46bc3d5d6e5a634c912bc40513643bf44cb416b3149040220aa39035ae46d16d879fc815a5cb84b0d5c8ad970128adf8dec1171e860ca54ce5d6a5aa0327bca4f49a710bf8a8399071237fe5d764e2034873c94a4f21287f3bce3eeb69e94df2e14e4ab10cc7834b304bc879b80255991dd7aac2e92c9e7c411c019d229c1f1e563152f1c5ae9cda3e808000000a0c779d624c5a2b7491b8f73e767389ecd1dee951353bb22b7caf89468871520823715cfebd04189c6c6b34bd8a6541f6bc0630000000000f94e85f5111add3a3cb5bcace95f38465402c39df835754ef33056b0e1134187822c001a25304f3e00b44675d0a25a21dc4023c642cc6f5a75c45a29ab933600acf9a2d471b73a73178cdf309e5d53311996215b44295dfddc1dd6b81132e999366e460d15d366e84da02b8afc40c47e733f804460ed8300ec34eab2ed80097bd32ff1a6143ab1476037e474ca876187c85bed4391215cd77e6a1fd6399a498b96b9b0cca93255acb08c67e50004c5af6fd5b4ce7c1ebc9202bd7b329a4d2530486d5999dd7f90ebecca37f2869135438f0540801fd7481daf9ec94b799c12e714d573e2a6331f496254f254a60c52b2026ed6a72c82cd191490fabe7b151f92e5d700f21830d613fbe490f305b3845a78817e59bf7ed36471dbca01d39e50ae2535460e1d2f2614940647233a02d5000000000000000000f70e52f0d56f6a4dcf7e57c03d4b4add0500000000000000320304d0d2b308c5ed3956eae263035d703f862224e9818a3d7ac270793a7bf2af87585293960a80ac63c54e55063bf8d24639e561253ef0caf6c58118120d8acecc0528"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb}, 0x94) prctl$PR_SET_MM(0x23, 0x8, &(0x7f0000001000/0x4000)=nil) ptrace(0x10, 0x1) 0s ago: executing program 3 (id=1732): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000400)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000e40)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002abd7000fddbdf252100000008000300", @ANYRES32=r2], 0x24}}, 0x40084) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_FRAME(r5, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="48040000", @ANYRES16=r4, @ANYBLOB="01e5c300000000fb04003b1c210008000300", @ANYRES32=r3, @ANYBLOB="2c0433005000de295b3acba52ee4080211000001"], 0x448}, 0x1, 0x0, 0x0, 0x480d5}, 0x0) kernel console output (not intermixed with test programs): T6027] hsr_slave_0: left promiscuous mode [ 186.352481][ T6027] hsr_slave_1: left promiscuous mode [ 186.413358][ T6027] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 186.471705][ T6027] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 186.693177][ T6027] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 186.746006][ T6027] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 186.786160][ T6027] bridge_slave_1: left allmulticast mode [ 186.792072][ T6027] bridge_slave_1: left promiscuous mode [ 186.839458][ T6027] bridge0: port 2(bridge_slave_1) entered disabled state [ 186.971227][ T6027] bridge_slave_0: left allmulticast mode [ 186.987086][ T6027] bridge_slave_0: left promiscuous mode [ 187.006843][ T6027] bridge0: port 1(bridge_slave_0) entered disabled state [ 187.110051][ T6027] veth1_macvtap: left promiscuous mode [ 187.124845][ T6027] veth0_macvtap: left promiscuous mode [ 187.141264][ T6027] veth1_vlan: left promiscuous mode [ 187.157230][ T6027] veth0_vlan: left promiscuous mode [ 187.299849][ T51] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 187.311116][ T51] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 187.329861][ T51] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 187.338359][ T51] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 187.356091][ T51] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 187.364283][ T51] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 188.049807][ T5800] Bluetooth: hci3: command tx timeout [ 188.134237][ T6027] team0 (unregistering): Port device team_slave_1 removed [ 188.193416][ T6027] team0 (unregistering): Port device team_slave_0 removed [ 188.248663][ T6027] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 188.306139][ T6027] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 188.912647][ T6027] bond0 (unregistering): Released all slaves [ 189.047787][ T7044] pimreg3: entered allmulticast mode [ 189.342448][ T6969] bridge0: port 1(bridge_slave_0) entered blocking state [ 189.366531][ T6969] bridge0: port 1(bridge_slave_0) entered disabled state [ 189.375102][ T6969] bridge_slave_0: entered allmulticast mode [ 189.387740][ T6969] bridge_slave_0: entered promiscuous mode [ 189.411896][ T7058] loop0: detected capacity change from 0 to 512 [ 189.418471][ T5800] Bluetooth: hci1: command tx timeout [ 189.432960][ T6969] bridge0: port 2(bridge_slave_1) entered blocking state [ 189.462589][ T7058] EXT4-fs warning (device loop0): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 189.478018][ T6969] bridge0: port 2(bridge_slave_1) entered disabled state [ 189.514644][ T7058] EXT4-fs warning (device loop0): dx_probe:881: Enable large directory feature to access it [ 189.520127][ T6969] bridge_slave_1: entered allmulticast mode [ 189.539167][ T6969] bridge_slave_1: entered promiscuous mode [ 189.555322][ T7058] EXT4-fs warning (device loop0): dx_probe:966: inode #2: comm syz.0.225: Corrupt directory, running e2fsck is recommended [ 189.606323][ T7058] EXT4-fs (loop0): Cannot turn on journaled quota: type 1: error -117 [ 189.623388][ T7058] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2249: inode #15: comm syz.0.225: corrupted in-inode xattr: e_name out of bounds [ 189.639999][ T7058] EXT4-fs error (device loop0): ext4_orphan_get:1404: comm syz.0.225: couldn't read orphan inode 15 (err -117) [ 189.644568][ T6969] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 189.664025][ T7058] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 189.711265][ T6969] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 189.801608][ T6765] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 189.828067][ T6969] team0: Port device team_slave_0 added [ 189.884266][ T6969] team0: Port device team_slave_1 added [ 189.978432][ T6969] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 190.011021][ T6969] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 190.040270][ T6969] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 190.127430][ T5800] Bluetooth: hci3: command tx timeout [ 190.150436][ T6969] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 190.169402][ T6969] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 190.196606][ T6969] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 190.513053][ T6027] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 190.575193][ T7087] loop0: detected capacity change from 0 to 2048 [ 190.625726][ T7087] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none. [ 190.783770][ T6969] hsr_slave_0: entered promiscuous mode [ 190.810595][ T6765] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000900. [ 190.827575][ T6969] hsr_slave_1: entered promiscuous mode [ 190.844423][ T6969] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 190.872438][ T6969] Cannot create hsr debugfs directory [ 190.879146][ T7028] chnl_net:caif_netlink_parms(): no params data found [ 190.967724][ T6027] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 191.061219][ T6027] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 191.140638][ T6027] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 191.236121][ T970] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 191.247904][ T7028] bridge0: port 1(bridge_slave_0) entered blocking state [ 191.255699][ T7028] bridge0: port 1(bridge_slave_0) entered disabled state [ 191.263657][ T7028] bridge_slave_0: entered allmulticast mode [ 191.271616][ T7028] bridge_slave_0: entered promiscuous mode [ 191.280500][ T7028] bridge0: port 2(bridge_slave_1) entered blocking state [ 191.287987][ T7028] bridge0: port 2(bridge_slave_1) entered disabled state [ 191.295219][ T7028] bridge_slave_1: entered allmulticast mode [ 191.302876][ T7028] bridge_slave_1: entered promiscuous mode [ 191.396054][ T970] usb 1-1: device descriptor read/64, error -71 [ 191.422061][ T7028] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 191.450190][ T7028] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 191.486225][ T5800] Bluetooth: hci1: command tx timeout [ 191.667327][ T970] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 191.846135][ T970] usb 1-1: device descriptor read/64, error -71 [ 191.905745][ T7028] team0: Port device team_slave_0 added [ 191.948023][ T7028] team0: Port device team_slave_1 added [ 191.999723][ T970] usb usb1-port1: attempt power cycle [ 192.206103][ T5800] Bluetooth: hci3: command tx timeout [ 192.436193][ T970] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 192.456366][ T7028] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 192.469915][ T7028] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 192.504225][ T7028] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 192.515724][ T970] usb 1-1: device descriptor read/8, error -71 [ 192.525615][ T7028] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 192.533115][ T7028] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 192.559675][ T7028] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 192.793515][ T7028] hsr_slave_0: entered promiscuous mode [ 192.799301][ T970] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 192.809702][ T7028] hsr_slave_1: entered promiscuous mode [ 192.820992][ T7028] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 192.829373][ T7028] Cannot create hsr debugfs directory [ 192.840363][ T970] usb 1-1: device descriptor read/8, error -71 [ 192.969770][ T970] usb usb1-port1: unable to enumerate USB device [ 193.201778][ T6969] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 193.233283][ T6969] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 193.330103][ T6969] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 193.341804][ T6969] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 193.566065][ T5800] Bluetooth: hci1: command tx timeout [ 193.948082][ T6027] hsr_slave_0: left promiscuous mode [ 193.969897][ T6027] hsr_slave_1: left promiscuous mode [ 193.983643][ T6027] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 194.001840][ T6027] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 194.047583][ T6027] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 194.062432][ T6027] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 194.090605][ T6027] bridge_slave_1: left allmulticast mode [ 194.096739][ T6027] bridge_slave_1: left promiscuous mode [ 194.102658][ T6027] bridge0: port 2(bridge_slave_1) entered disabled state [ 194.113108][ T6027] bridge_slave_0: left allmulticast mode [ 194.120817][ T6027] bridge_slave_0: left promiscuous mode [ 194.127014][ T6027] bridge0: port 1(bridge_slave_0) entered disabled state [ 194.157045][ T6027] veth1_macvtap: left promiscuous mode [ 194.162681][ T6027] veth0_macvtap: left promiscuous mode [ 194.168534][ T6027] veth1_vlan: left promiscuous mode [ 194.173894][ T6027] veth0_vlan: left promiscuous mode [ 194.493169][ T23] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 194.630769][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.639263][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.683650][ T23] usb 1-1: Using ep0 maxpacket: 32 [ 194.692114][ T23] usb 1-1: config 0 has an invalid interface number: 184 but max is 0 [ 194.703523][ T23] usb 1-1: config 0 has no interface number 0 [ 194.709889][ T23] usb 1-1: config 0 interface 184 has no altsetting 0 [ 194.720501][ T23] usb 1-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 194.730149][ T23] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 194.738810][ T23] usb 1-1: Product: syz [ 194.743067][ T23] usb 1-1: Manufacturer: syz [ 194.747812][ T23] usb 1-1: SerialNumber: syz [ 194.755089][ T23] usb 1-1: config 0 descriptor?? [ 194.765279][ T23] smsc75xx v1.0.0 [ 194.769751][ T23] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 194.780695][ T23] smsc75xx: probe of 1-1:0.184 failed with error -22 [ 194.902039][ T6027] team0 (unregistering): Port device team_slave_1 removed [ 194.958769][ T6027] team0 (unregistering): Port device team_slave_0 removed [ 195.017722][ T6027] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 195.094332][ T6027] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 195.656164][ T5800] Bluetooth: hci1: command tx timeout [ 196.395228][ T6027] bond0 (unregistering): Released all slaves [ 196.523559][ T6969] 8021q: adding VLAN 0 to HW filter on device bond0 [ 196.546703][ T6969] 8021q: adding VLAN 0 to HW filter on device team0 [ 196.612711][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 196.620118][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 196.645492][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 196.652796][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 197.217893][ T5879] usb 1-1: USB disconnect, device number 14 [ 197.350041][ T7028] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 197.404200][ T7028] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 197.437097][ T7028] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 197.487063][ T6969] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 197.506566][ T7028] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 197.709467][ T7206] loop0: detected capacity change from 0 to 32768 [ 197.774468][ T7206] JBD2: Ignoring recovery information on journal [ 197.815230][ T7028] 8021q: adding VLAN 0 to HW filter on device bond0 [ 197.843795][ T7028] 8021q: adding VLAN 0 to HW filter on device team0 [ 197.853540][ T7206] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 197.864366][ T6969] veth0_vlan: entered promiscuous mode [ 197.921427][ T42] bridge0: port 1(bridge_slave_0) entered blocking state [ 197.928755][ T42] bridge0: port 1(bridge_slave_0) entered forwarding state [ 197.964163][ T6969] veth1_vlan: entered promiscuous mode [ 198.009207][ T42] bridge0: port 2(bridge_slave_1) entered blocking state [ 198.016501][ T42] bridge0: port 2(bridge_slave_1) entered forwarding state [ 198.042208][ T6765] ocfs2: Unmounting device (7,0) on (node local) [ 198.175832][ T6969] veth0_macvtap: entered promiscuous mode [ 198.227578][ T6969] veth1_macvtap: entered promiscuous mode [ 198.332117][ T6969] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 198.359424][ T6969] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 198.393363][ T6969] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 198.415515][ T6969] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 198.458614][ T6969] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 198.490725][ T6969] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 198.526007][ T6969] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 198.549375][ T6969] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 198.560378][ T6969] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 198.572371][ T6969] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 198.619930][ T6969] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 198.671071][ T6969] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 198.696104][ T6969] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 198.704909][ T6969] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 198.717403][ T7234] loop0: detected capacity change from 0 to 1024 [ 199.007799][ T6813] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 199.039145][ T6813] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 199.107013][ T7028] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 199.226946][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 199.234875][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 199.265011][ T7028] veth0_vlan: entered promiscuous mode [ 199.314219][ T7028] veth1_vlan: entered promiscuous mode [ 199.468802][ T7028] veth0_macvtap: entered promiscuous mode [ 199.500449][ T7028] veth1_macvtap: entered promiscuous mode [ 199.564000][ T7028] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 199.586006][ T7028] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 199.607129][ T7028] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 199.656156][ T7028] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 199.675989][ T7028] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 199.709344][ T7028] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 199.731696][ T7028] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 199.745373][ T7257] loop3: detected capacity change from 0 to 1024 [ 199.750214][ T7028] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 199.799581][ T7028] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 199.834027][ T7257] hfsplus: bad catalog entry type [ 199.843345][ T7028] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 199.896043][ T7028] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 199.944061][ T7028] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 199.975107][ T7028] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 200.009069][ T7028] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 200.015838][ T49] hfsplus: b-tree write err: -5, ino 4 [ 200.080703][ T7028] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 200.120833][ T7028] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 200.151598][ T7028] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 200.171953][ T7028] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 200.493278][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 200.513319][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 200.653419][ T3047] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 200.693686][ T3047] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 200.744099][ T7272] loop3: detected capacity change from 0 to 1024 [ 200.757343][ T7253] loop0: detected capacity change from 0 to 40427 [ 200.796125][ T7253] F2FS-fs (loop0): Small segment_count (9 < 1 * 24) [ 200.816155][ T7253] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 200.868176][ T7253] F2FS-fs (loop0): Found nat_bits in checkpoint [ 201.059750][ T7279] loop2: detected capacity change from 0 to 2048 [ 201.119316][ T7253] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 201.145468][ T7279] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none. [ 201.181268][ T7253] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 201.253483][ T7028] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000900. [ 201.282016][ T27] audit: type=1800 audit(1761606736.354:16): pid=7253 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.271" name="bus" dev="loop0" ino=10 res=0 errno=0 [ 201.364163][ T7287] netlink: 12 bytes leftover after parsing attributes in process `syz.1.278'. [ 201.376909][ T6765] syz-executor: attempt to access beyond end of device [ 201.376909][ T6765] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 201.446111][ T6765] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 202.105270][ T7306] loop2: detected capacity change from 0 to 1024 [ 202.248074][ T5878] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 202.410075][ T5878] usb 4-1: device descriptor read/64, error -71 [ 202.509095][ T7310] loop2: detected capacity change from 0 to 1024 [ 202.574605][ T7310] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 202.730210][ T5878] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 202.789360][ T7028] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 202.912792][ T5878] usb 4-1: device descriptor read/64, error -71 [ 202.975512][ T7328] process 'syz.2.289' launched './file0' with NULL argv: empty string added [ 203.065147][ T5878] usb usb4-port1: attempt power cycle [ 203.524362][ T7332] loop2: detected capacity change from 0 to 40427 [ 203.533385][ T7332] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 203.542155][ T7332] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 203.564149][ T7332] F2FS-fs (loop2): invalid crc value [ 203.616622][ T7332] F2FS-fs (loop2): Found nat_bits in checkpoint [ 203.676494][ T7332] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 203.683636][ T7332] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 203.706225][ T5879] usb 1-1: new full-speed USB device number 15 using dummy_hcd [ 203.846288][ T5878] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 203.921491][ T5879] usb 1-1: config 1 has an invalid interface number: 105 but max is 0 [ 203.929496][ T5878] usb 4-1: device descriptor read/8, error -71 [ 203.940377][ T5879] usb 1-1: config 1 has no interface number 0 [ 203.960721][ T5879] usb 1-1: config 1 interface 105 has no altsetting 0 [ 203.983685][ T5879] usb 1-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d [ 204.006150][ T5879] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 204.029927][ T5879] usb 1-1: Product: syz [ 204.034201][ T5879] usb 1-1: Manufacturer: syz [ 204.050828][ T5879] usb 1-1: SerialNumber: syz [ 204.226385][ T5878] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 204.291214][ T7350] loop2: detected capacity change from 0 to 1024 [ 204.308128][ T5878] usb 4-1: device descriptor read/8, error -71 [ 204.435161][ T5878] usb usb4-port1: unable to enumerate USB device [ 204.982714][ T7370] syzkaller1: entered promiscuous mode [ 204.997163][ T7370] syzkaller1: entered allmulticast mode [ 205.056139][ T23] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 205.091027][ T5879] aqc111 1-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -71 [ 205.114635][ T5879] aqc111 1-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -71 [ 205.159535][ T5879] aqc111 1-1:1.105 eth1: register 'aqc111' at usb-dummy_hcd.0-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter, a0:b4:1c:e0:4e:4f [ 205.213303][ T5879] usb 1-1: USB disconnect, device number 15 [ 205.224327][ T5879] aqc111 1-1:1.105 eth1: unregister 'aqc111' usb-dummy_hcd.0-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter [ 205.266081][ T23] usb 4-1: Using ep0 maxpacket: 32 [ 205.273496][ T23] usb 4-1: config 0 has an invalid interface number: 184 but max is 0 [ 205.310922][ T23] usb 4-1: config 0 has no interface number 0 [ 205.356225][ T23] usb 4-1: config 0 interface 184 has no altsetting 0 [ 205.394216][ T5879] aqc111 1-1:1.105 eth1 (unregistered): Failed to write(0x1) reg index 0x0002: -19 [ 205.414786][ T23] usb 4-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 205.450933][ T23] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 205.466572][ T5879] aqc111 1-1:1.105 eth1 (unregistered): Failed to write(0x1) reg index 0x0002: -19 [ 205.488580][ T23] usb 4-1: Product: syz [ 205.492839][ T23] usb 4-1: Manufacturer: syz [ 205.508014][ T5879] aqc111 1-1:1.105 eth1 (unregistered): Failed to write(0x61) reg index 0x0000: -19 [ 205.536220][ T23] usb 4-1: SerialNumber: syz [ 205.581245][ T23] usb 4-1: config 0 descriptor?? [ 205.630829][ T23] smsc75xx v1.0.0 [ 205.634572][ T23] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 205.711631][ T23] smsc75xx: probe of 4-1:0.184 failed with error -22 [ 205.835525][ T7382] loop2: detected capacity change from 0 to 1024 [ 205.920982][ T7388] fuse: Bad value for 'fd' [ 207.297481][ T7385] loop0: detected capacity change from 0 to 40427 [ 207.364036][ T7418] loop2: detected capacity change from 0 to 4096 [ 207.408002][ T7385] F2FS-fs (loop0): Small segment_count (9 < 1 * 24) [ 207.433485][ T7385] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 207.512927][ T7385] F2FS-fs (loop0): Found nat_bits in checkpoint [ 207.788147][ T7385] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 207.821395][ T7385] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 207.877622][ T5879] usb 4-1: USB disconnect, device number 11 [ 208.021287][ T7428] loop3: detected capacity change from 0 to 512 [ 208.124689][ T7428] EXT4-fs warning (device loop3): dx_probe:878: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 208.146399][ T7428] EXT4-fs warning (device loop3): dx_probe:881: Enable large directory feature to access it [ 208.192055][ T7428] EXT4-fs warning (device loop3): dx_probe:966: inode #2: comm syz.3.315: Corrupt directory, running e2fsck is recommended [ 208.231293][ T7428] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -117 [ 208.276213][ T7428] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2249: inode #15: comm syz.3.315: corrupted in-inode xattr: e_name out of bounds [ 208.338122][ T7428] EXT4-fs error (device loop3): ext4_orphan_get:1404: comm syz.3.315: couldn't read orphan inode 15 (err -117) [ 208.406829][ T7436] loop0: detected capacity change from 0 to 512 [ 208.419263][ T7428] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 208.486226][ T7436] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -2 [ 208.494427][ T7436] EXT4-fs (loop0): Cannot turn on journaled quota: type 1: error -2 [ 208.600665][ T6969] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 208.614228][ T7436] EXT4-fs (loop0): 1 truncate cleaned up [ 208.641855][ T7436] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 208.714272][ T7436] EXT4-fs error (device loop0): ext4_map_blocks:608: inode #2: block 4: comm syz.0.316: lblock 0 mapped to illegal pblock 4 (length 1) [ 208.907207][ T6765] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 209.406190][ T5854] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 209.606079][ T5854] usb 1-1: Using ep0 maxpacket: 32 [ 209.617118][ T5854] usb 1-1: config 0 has an invalid interface number: 184 but max is 0 [ 209.626017][ T5854] usb 1-1: config 0 has no interface number 0 [ 209.633047][ T5854] usb 1-1: config 0 interface 184 has no altsetting 0 [ 209.647949][ T5854] usb 1-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 209.657279][ T5854] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 209.665336][ T5854] usb 1-1: Product: syz [ 209.670356][ T5854] usb 1-1: Manufacturer: syz [ 209.675152][ T5854] usb 1-1: SerialNumber: syz [ 209.684900][ T5854] usb 1-1: config 0 descriptor?? [ 209.705826][ T5854] smsc75xx v1.0.0 [ 210.117780][ T5854] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -32 [ 210.141358][ T5854] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -32 [ 210.162874][ T5854] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_bind [ 210.186103][ T5854] smsc75xx: probe of 1-1:0.184 failed with error -32 [ 210.235340][ T7473] loop3: detected capacity change from 0 to 4096 [ 211.042535][ T7483] loop2: detected capacity change from 0 to 2048 [ 211.270505][ T7483] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none. [ 211.404415][ T7028] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000900. [ 211.986085][ T5878] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 212.156113][ T5878] usb 3-1: device descriptor read/64, error -71 [ 212.170874][ T5879] usb 1-1: USB disconnect, device number 16 [ 212.466054][ T5878] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 212.636463][ T5878] usb 3-1: device descriptor read/64, error -71 [ 212.766812][ T5878] usb usb3-port1: attempt power cycle [ 212.860558][ T7514] loop0: detected capacity change from 0 to 4096 [ 212.891027][ T7515] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 212.931026][ T27] audit: type=1800 audit(1761606748.014:17): pid=7514 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.348" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 213.186208][ T5878] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 213.216802][ T5878] usb 3-1: device descriptor read/8, error -71 [ 213.499088][ T5878] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 213.546253][ T5878] usb 3-1: device descriptor read/8, error -71 [ 213.556042][ T5857] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 213.617107][ T7526] loop3: detected capacity change from 0 to 128 [ 213.649534][ T7526] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 213.679503][ T7526] hpfs: filesystem error: improperly stopped [ 213.685693][ T7526] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 213.706266][ T7526] hpfs: You really don't want any checks? You are crazy... [ 213.706997][ T5878] usb usb3-port1: unable to enumerate USB device [ 213.729120][ T7526] hpfs: hpfs_map_sector(): read error [ 213.734624][ T7526] hpfs: code page support is disabled [ 213.747973][ T7526] hpfs: hpfs_map_4sectors(): unaligned read [ 213.754336][ T7526] hpfs: hpfs_map_4sectors(): unaligned read [ 213.756119][ T5857] usb 1-1: Using ep0 maxpacket: 32 [ 213.765984][ T7526] hpfs: filesystem error: unable to find root dir [ 213.787039][ T5857] usb 1-1: config 0 has an invalid interface number: 184 but max is 0 [ 213.799227][ T5857] usb 1-1: config 0 has no interface number 0 [ 213.805620][ T5857] usb 1-1: config 0 interface 184 has no altsetting 0 [ 213.814632][ T7526] hpfs: hpfs_map_4sectors(): unaligned read [ 213.845619][ T5857] usb 1-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 213.861228][ T5857] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 213.869539][ T5857] usb 1-1: Product: syz [ 213.873802][ T5857] usb 1-1: Manufacturer: syz [ 213.880086][ T5857] usb 1-1: SerialNumber: syz [ 213.892935][ T5857] usb 1-1: config 0 descriptor?? [ 213.907508][ T5857] smsc75xx v1.0.0 [ 214.105513][ T7528] loop3: detected capacity change from 0 to 4096 [ 214.322233][ T5857] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -32 [ 214.355998][ T5857] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -32 [ 214.396078][ T5857] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_bind [ 214.426162][ T5857] smsc75xx: probe of 1-1:0.184 failed with error -32 [ 215.227272][ T7533] loop2: detected capacity change from 0 to 32768 [ 215.234993][ T7533] XFS: noattr2 mount option is deprecated. [ 215.491507][ T7533] XFS (loop2): Cannot mount a V5 filesystem as noattr2. attr2 is always enabled for V5 filesystems. [ 216.017779][ T7550] nbd: must specify a device to reconfigure [ 216.177799][ T5857] usb 1-1: USB disconnect, device number 17 [ 216.356027][ T23] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 216.532944][ T7559] loop2: detected capacity change from 0 to 24 [ 216.542815][ T7559] MTD: Attempt to mount non-MTD device "/dev/loop2" [ 216.566016][ T7559] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 217.096689][ T7562] overlayfs: failed to clone upperpath [ 217.196974][ T5857] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 217.235980][ T23] usb 4-1: Using ep0 maxpacket: 32 [ 217.243382][ T23] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 217.255840][ T23] usb 4-1: config 0 interface 0 altsetting 128 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 217.286086][ T23] usb 4-1: config 0 interface 0 has no altsetting 0 [ 217.302735][ T23] usb 4-1: New USB device found, idVendor=05ac, idProduct=0237, bcdDevice= 0.00 [ 217.322298][ T23] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 217.342891][ T23] usb 4-1: config 0 descriptor?? [ 217.360989][ T23] input: bcm5974 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input8 [ 217.396668][ T5857] usb 1-1: Using ep0 maxpacket: 16 [ 217.404862][ T5857] usb 1-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config [ 217.446112][ T5857] usb 1-1: config 7 has 0 interfaces, different from the descriptor's value: 1 [ 217.466017][ T5857] usb 1-1: New USB device found, idVendor=0458, idProduct=5010, bcdDevice= 0.00 [ 217.496047][ T5857] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 217.561445][ T7552] loop3: detected capacity change from 0 to 64 [ 217.610151][ T5142] bcm5974 4-1:0.0: could not read from device [ 217.646787][ T5142] bcm5974 4-1:0.0: could not read from device [ 217.666752][ T23] usb 4-1: USB disconnect, device number 12 [ 217.700004][ T5142] bcm5974 4-1:0.0: could not read from device [ 217.787188][ T5923] udevd[5923]: Error opening device "/dev/input/event4": No such file or directory [ 217.817079][ T5923] udevd[5923]: Unable to EVIOCGABS device "/dev/input/event4" [ 217.826231][ T5923] udevd[5923]: Unable to EVIOCGABS device "/dev/input/event4" [ 217.836386][ T5923] udevd[5923]: Unable to EVIOCGABS device "/dev/input/event4" [ 217.846524][ T5923] udevd[5923]: Unable to EVIOCGABS device "/dev/input/event4" [ 218.116731][ T7572] loop2: detected capacity change from 0 to 4096 [ 219.443900][ T7587] overlayfs: failed to decode file handle (len=5, type=0, flags=0, err=-22) [ 219.569771][ T5857] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 219.902688][ T5857] usb 3-1: Using ep0 maxpacket: 16 [ 219.995643][ T5857] usb 3-1: unable to get BOS descriptor or descriptor too short [ 220.134173][ T5857] usb 3-1: unable to read config index 0 descriptor/start: -71 [ 220.149650][ T970] usb 1-1: USB disconnect, device number 18 [ 220.158182][ T5857] usb 3-1: can't read configurations, error -71 [ 220.697653][ T7606] loop0: detected capacity change from 0 to 24 [ 220.708032][ T7606] MTD: Attempt to mount non-MTD device "/dev/loop0" [ 220.734593][ T7606] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 222.436000][ T9] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 222.636055][ T9] usb 3-1: Using ep0 maxpacket: 16 [ 222.658241][ T9] usb 3-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config [ 222.687130][ T9] usb 3-1: config 7 has 0 interfaces, different from the descriptor's value: 1 [ 222.716463][ T9] usb 3-1: New USB device found, idVendor=0458, idProduct=5010, bcdDevice= 0.00 [ 222.735970][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 222.850549][ T7637] loop0: detected capacity change from 0 to 512 [ 222.860976][ T7637] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 222.903024][ T7637] EXT4-fs (loop0): 1 truncate cleaned up [ 222.931188][ T7637] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 223.013684][ T7637] EXT4-fs error (device loop0): ext4_inlinedir_to_tree:1412: inode #12: block 7: comm syz.0.392: path /32/bus/file0: bad entry in directory: rec_len is smaller than minimal - offset=20, inode=2147483648, rec_len=0, size=60 fake=0 [ 223.017597][ T5800] Bluetooth: hci0: unexpected subevent 0x0a length: 5 < 30 [ 223.166327][ T6765] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 224.871522][ T9] usb 3-1: USB disconnect, device number 16 [ 225.968537][ T970] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 226.165967][ T970] usb 3-1: Using ep0 maxpacket: 8 [ 226.174551][ T970] usb 3-1: config 0 has no interfaces? [ 226.184803][ T970] usb 3-1: New USB device found, idVendor=12d1, idProduct=fae2, bcdDevice=70.8b [ 226.194510][ T970] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 226.203414][ T970] usb 3-1: Product: syz [ 226.208293][ T970] usb 3-1: Manufacturer: syz [ 226.212947][ T970] usb 3-1: SerialNumber: syz [ 226.237112][ T970] usb 3-1: config 0 descriptor?? [ 226.266110][ T9] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 226.721809][ T5857] usb 3-1: USB disconnect, device number 17 [ 227.233721][ T9] usb 1-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 227.254447][ T9] usb 1-1: config 0 interface 0 has no altsetting 0 [ 227.267902][ T9] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 227.283747][ T9] usb 1-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 227.293885][ T9] usb 1-1: Product: syz [ 227.299192][ T9] usb 1-1: Manufacturer: syz [ 227.303990][ T9] usb 1-1: SerialNumber: syz [ 227.315272][ T9] usb 1-1: config 0 descriptor?? [ 227.343066][ T9] usb 1-1: selecting invalid altsetting 0 [ 227.852668][ T7688] loop0: detected capacity change from 0 to 512 [ 227.890351][ T7688] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 228.066279][ T7688] EXT4-fs (loop0): 1 truncate cleaned up [ 228.073389][ T7688] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 228.392529][ T5777] usb 1-1: USB disconnect, device number 19 [ 230.128558][ T7721] loop2: detected capacity change from 0 to 24 [ 230.138892][ T7721] MTD: Attempt to mount non-MTD device "/dev/loop2" [ 230.168128][ T7721] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 230.608598][ T6765] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 231.538602][ T7731] loop0: detected capacity change from 0 to 2048 [ 231.616398][ T7731] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none. [ 231.841327][ T6765] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000900. [ 231.879425][ T7744] syz.3.429: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz3,mems_allowed=0-1 [ 231.896856][ T7744] CPU: 1 PID: 7744 Comm: syz.3.429 Not tainted syzkaller #0 [ 231.904196][ T7744] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 231.914308][ T7744] Call Trace: [ 231.917623][ T7744] [ 231.920604][ T7744] dump_stack_lvl+0x16c/0x230 [ 231.925332][ T7744] ? show_regs_print_info+0x20/0x20 [ 231.930574][ T7744] ? load_image+0x3b0/0x3b0 [ 231.935135][ T7744] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 231.941596][ T7744] ? cpuset_print_current_mems_allowed+0x2e3/0x360 [ 231.948148][ T7744] warn_alloc+0x210/0x300 [ 231.952528][ T7744] ? stack_trace_save+0x9c/0xe0 [ 231.957428][ T7744] ? zone_watermark_ok_safe+0x230/0x230 [ 231.963028][ T7744] ? kasan_set_track+0x5f/0x70 [ 231.967833][ T7744] ? kasan_set_track+0x4e/0x70 [ 231.972628][ T7744] ? __kasan_kmalloc+0x8f/0xa0 [ 231.977426][ T7744] ? xsk_init_queue+0xb0/0x110 [ 231.982226][ T7744] ? xsk_setsockopt+0x43c/0x6f0 [ 231.987106][ T7744] ? do_sock_setsockopt+0x175/0x1a0 [ 231.992382][ T7744] ? __x64_sys_setsockopt+0x184/0x200 [ 231.997806][ T7744] __vmalloc_node_range+0x126/0x1320 [ 232.003162][ T7744] ? free_vm_area+0x50/0x50 [ 232.007720][ T7744] vmalloc_user+0x74/0x80 [ 232.012088][ T7744] ? xskq_create+0xbf/0x170 [ 232.016630][ T7744] xskq_create+0xbf/0x170 [ 232.021001][ T7744] xsk_init_queue+0xb0/0x110 [ 232.025632][ T7744] xsk_setsockopt+0x43c/0x6f0 [ 232.030351][ T7744] ? xsk_poll+0x670/0x670 [ 232.034734][ T7744] ? bpf_lsm_socket_setsockopt+0x9/0x10 [ 232.040332][ T7744] ? security_socket_setsockopt+0x7e/0xa0 [ 232.046090][ T7744] ? xsk_poll+0x670/0x670 [ 232.050465][ T7744] do_sock_setsockopt+0x175/0x1a0 [ 232.055541][ T7744] ? __fdget+0x14a/0x210 [ 232.059832][ T7744] __x64_sys_setsockopt+0x184/0x200 [ 232.065085][ T7744] do_syscall_64+0x55/0xb0 [ 232.069539][ T7744] ? clear_bhb_loop+0x40/0x90 [ 232.074254][ T7744] ? clear_bhb_loop+0x40/0x90 [ 232.078974][ T7744] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 232.084911][ T7744] RIP: 0033:0x7f0aca38efc9 [ 232.089473][ T7744] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 232.109118][ T7744] RSP: 002b:00007f0acb209038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 232.117562][ T7744] RAX: ffffffffffffffda RBX: 00007f0aca5e5fa0 RCX: 00007f0aca38efc9 [ 232.125551][ T7744] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000003 [ 232.133584][ T7744] RBP: 00007f0aca411f91 R08: 0000000000000004 R09: 0000000000000000 [ 232.141576][ T7744] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000 [ 232.149581][ T7744] R13: 00007f0aca5e6038 R14: 00007f0aca5e5fa0 R15: 00007ffd2ccbbf58 [ 232.157584][ T7744] [ 232.169252][ T7744] Mem-Info: [ 232.172471][ T7744] active_anon:9027 inactive_anon:0 isolated_anon:0 [ 232.172471][ T7744] active_file:1348 inactive_file:40011 isolated_file:0 [ 232.172471][ T7744] unevictable:768 dirty:139 writeback:0 [ 232.172471][ T7744] slab_reclaimable:8526 slab_unreclaimable:94337 [ 232.172471][ T7744] mapped:27756 shmem:4452 pagetables:591 [ 232.172471][ T7744] sec_pagetables:0 bounce:0 [ 232.172471][ T7744] kernel_misc_reclaimable:0 [ 232.172471][ T7744] free:1358569 free_pcp:9545 free_cma:0 [ 232.221276][ T7744] Node 0 active_anon:36132kB inactive_anon:0kB active_file:5392kB inactive_file:159812kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:111052kB dirty:540kB writeback:0kB shmem:16356kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11556kB pagetables:2340kB sec_pagetables:0kB all_unreclaimable? no [ 232.254872][ T7744] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 232.286817][ T7744] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 232.317943][ T7744] lowmem_reserve[]: 0 2525 2526 2526 2526 [ 232.325333][ T7744] Node 0 DMA32 free:1519180kB boost:0kB min:34676kB low:43344kB high:52012kB reserved_highatomic:0KB active_anon:36564kB inactive_anon:0kB active_file:5392kB inactive_file:158508kB unevictable:1536kB writepending:520kB present:3129332kB managed:2589600kB mlocked:0kB bounce:0kB free_pcp:18336kB local_pcp:14588kB free_cma:0kB [ 232.399266][ T7746] loop2: detected capacity change from 0 to 1024 [ 232.614492][ T7744] lowmem_reserve[]: 0 0 1 1 1 [ 232.802285][ T7744] Node 0 Normal free:8kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1316kB unevictable:0kB writepending:0kB present:1048576kB managed:1384kB mlocked:0kB bounce:0kB free_pcp:12kB local_pcp:0kB free_cma:0kB [ 232.912339][ T7744] lowmem_reserve[]: 0 0 0 0 0 [ 233.106103][ T7744] Node 1 Normal free:3899728kB boost:0kB min:55208kB low:69008kB high:82808kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:4kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:19228kB local_pcp:8384kB free_cma:0kB [ 233.266321][ T7751] loop2: detected capacity change from 0 to 32768 [ 233.270308][ T7744] lowmem_reserve[]: 0 0 0 0 0 [ 233.315270][ T7744] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 233.331422][ T7751] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 233.342696][ T7751] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 233.351537][ T7751] BTRFS info (device loop2): turning on flush-on-commit [ 233.358733][ T7751] BTRFS info (device loop2): max_inline at 0 [ 233.364787][ T7751] BTRFS info (device loop2): enabling disk space caching [ 233.371977][ T7751] BTRFS info (device loop2): setting nodatasum [ 233.378342][ T7751] BTRFS info (device loop2): turning off barriers [ 233.384842][ T7751] BTRFS info (device loop2): disabling tree log [ 233.391255][ T7751] BTRFS info (device loop2): enabling ssd optimizations [ 233.398348][ T7751] BTRFS info (device loop2): force clearing of disk cache [ 233.405546][ T7751] BTRFS info (device loop2): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 233.415283][ T7751] BTRFS info (device loop2): use zstd compression, level 3 [ 233.422692][ T7751] BTRFS info (device loop2): max_inline at 0 [ 233.428848][ T7751] BTRFS info (device loop2): disk space caching is enabled [ 233.437379][ T7744] Node 0 DMA32: 410*4kB (UME) 389*8kB (UME) 222*16kB (UE) 144*32kB (UME) 38*64kB (UME) 69*128kB (UME) 34*256kB (UME) 30*512kB (UME) 20*1024kB (UME) 9*2048kB (UM) 349*4096kB (UM) = 1516656kB [ 233.459179][ T7744] Node 0 Normal: 0*4kB 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB [ 233.474899][ T7744] Node 1 Normal: 182*4kB (UME) 65*8kB (UME) 49*16kB (UME) 81*32kB (UME) 23*64kB (UE) 7*128kB (UME) 2*256kB (UE) 2*512kB (ME) 2*1024kB (UE) 1*2048kB (E) 949*4096kB (M) = 3899728kB [ 233.493968][ T7744] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 233.507074][ T7744] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 233.519597][ T7744] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 233.529351][ T7744] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 233.540439][ T7744] 46852 total pagecache pages [ 233.546505][ T7744] 0 pages in swap cache [ 233.550725][ T7744] Free swap = 124996kB [ 233.554931][ T7744] Total swap = 124996kB [ 233.559226][ T7744] 2097051 pages RAM [ 233.563143][ T7744] 0 pages HighMem/MovableOnly [ 233.568286][ T7744] 416137 pages reserved [ 233.572850][ T7744] 0 pages cma reserved [ 233.599332][ T7751] BTRFS info (device loop2): rebuilding free space tree [ 233.614269][ T7751] BTRFS info (device loop2): disabling free space tree [ 233.621382][ T7751] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 233.631154][ T7751] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 233.651255][ T7751] BTRFS info (device loop2): checking UUID tree [ 233.695031][ T27] audit: type=1800 audit(1761606768.774:18): pid=7751 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.434" name="file2" dev="loop2" ino=261 res=0 errno=0 [ 233.716232][ T23] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 233.867007][ T7783] x_tables: duplicate entry at hook 1 [ 233.906138][ T23] usb 1-1: Using ep0 maxpacket: 8 [ 233.917837][ T7028] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 233.935356][ T23] usb 1-1: config 1 has an invalid descriptor of length 100, skipping remainder of the config [ 233.946018][ T23] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 233.963820][ T23] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 233.991537][ T23] usb 1-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 234.002461][ T23] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 234.044001][ T23] hub 1-1:1.0: bad descriptor, ignoring hub [ 234.076206][ T23] hub: probe of 1-1:1.0 failed with error -5 [ 234.096694][ T23] cdc_wdm 1-1:1.0: skipping garbage [ 234.102001][ T23] cdc_wdm 1-1:1.0: skipping garbage [ 234.130447][ T23] cdc_wdm: probe of 1-1:1.0 failed with error -22 [ 234.556330][ T5857] usb 1-1: USB disconnect, device number 20 [ 234.934517][ T7791] loop2: detected capacity change from 0 to 32768 [ 234.961746][ T5857] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 235.005295][ T7791] XFS (loop2): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 235.157586][ T5857] usb 1-1: Using ep0 maxpacket: 16 [ 235.179951][ T5857] usb 1-1: config 0 has an invalid interface number: 249 but max is 0 [ 235.222320][ T5857] usb 1-1: config 0 has no interface number 0 [ 235.230310][ T7791] XFS (loop2): Ending clean mount [ 235.239107][ T5857] usb 1-1: config 0 interface 249 has no altsetting 0 [ 235.281690][ T5857] usb 1-1: New USB device found, idVendor=045e, idProduct=028c, bcdDevice=1e.a6 [ 235.333157][ T5857] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 235.342948][ T7028] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 235.357395][ T5857] usb 1-1: Product: syz [ 235.361656][ T5857] usb 1-1: Manufacturer: syz [ 235.383102][ T5857] usb 1-1: SerialNumber: syz [ 235.416722][ T5857] usb 1-1: config 0 descriptor?? [ 235.465430][ T5857] gspca_main: ov519-2.14.0 probing 045e:028c [ 235.666266][ T5857] ov519 1-1:0.249: reg_w 5a failed -71 [ 236.614542][ T7811] loop0: detected capacity change from 0 to 4096 [ 236.932029][ T7823] netlink: 4 bytes leftover after parsing attributes in process `syz.2.455'. [ 236.969711][ T7823] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 237.302404][ T7823] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 238.517629][ T7844] loop2: detected capacity change from 0 to 2048 [ 238.723273][ T7844] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none. [ 238.846803][ T7851] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1215: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 238.942905][ T7028] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000900. [ 240.086024][ T5800] Bluetooth: hci0: command 0x0406 tx timeout [ 240.459516][ T23] usb 3-1: new low-speed USB device number 18 using dummy_hcd [ 241.062593][ T23] usb 3-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 241.074154][ T23] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 241.095295][ T23] usb 3-1: config 0 descriptor?? [ 242.717568][ T23] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 242.736209][ T23] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9 [ 242.781668][ T23] asix: probe of 3-1:0.0 failed with error -71 [ 242.838857][ T23] usb 3-1: USB disconnect, device number 18 [ 243.041007][ T7900] loop0: detected capacity change from 0 to 512 [ 243.052700][ T7901] netlink: 44 bytes leftover after parsing attributes in process `syz.3.484'. [ 243.058647][ T7900] EXT4-fs: Ignoring removed nobh option [ 243.168288][ T7900] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 243.196276][ T7900] ext4 filesystem being mounted at /47/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 243.343872][ T6765] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 243.420230][ T7908] loop2: detected capacity change from 0 to 1024 [ 243.909956][ T3047] hfsplus: b-tree write err: -5, ino 3 [ 243.932316][ T7028] hfsplus: node 4:3 still has 2 user(s)! [ 245.415897][ C0] sched: RT throttling activated [ 245.426093][ T27] audit: type=1326 audit(1761606779.384:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7919 comm="syz.1.492" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fbd66b8efc9 code=0x0 [ 245.782381][ T7925] loop2: detected capacity change from 0 to 2048 [ 245.825005][ T7925] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 246.272622][ T7938] loop2: detected capacity change from 0 to 1024 [ 246.491434][ T7938] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 246.866646][ T5857] ov519 1-1:0.249: Can't determine sensor slave IDs [ 246.873526][ T5857] ov519 1-1:0.249: OV519 Config failed [ 246.908120][ T5857] ov519: probe of 1-1:0.249 failed with error -22 [ 246.934502][ T7028] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 246.959807][ T5857] usb 1-1: USB disconnect, device number 21 [ 248.126397][ T7953] netlink: 44 bytes leftover after parsing attributes in process `syz.0.493'. [ 248.354265][ T7956] syzkaller0: entered promiscuous mode [ 248.369716][ T7956] syzkaller0: entered allmulticast mode [ 248.476112][ T7960] loop0: detected capacity change from 0 to 8192 [ 248.542437][ T7960] loop0: p1 p2 p3 p4 [ 248.565685][ T7960] loop0: partition table partially beyond EOD, truncated [ 248.578979][ T7960] loop0: p1 size 3523149824 extends beyond EOD, truncated [ 248.619305][ T7960] loop0: p2 start 11194625 is beyond EOD, truncated [ 248.646942][ T7960] loop0: p3 start 150994946 is beyond EOD, truncated [ 248.653746][ T7960] loop0: p4 start 524290 is beyond EOD, truncated [ 250.068440][ T7971] netlink: 8 bytes leftover after parsing attributes in process `syz.2.513'. [ 250.331077][ T7986] netlink: 44 bytes leftover after parsing attributes in process `syz.2.517'. [ 250.406743][ T5879] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 250.596491][ T5879] usb 1-1: Using ep0 maxpacket: 8 [ 250.609503][ T5879] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9 [ 250.641431][ T5879] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 250.683152][ T5879] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 250.726194][ T5879] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12592, setting to 1024 [ 250.754368][ T5879] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 250.765123][ T5879] usb 1-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 250.789714][ T5879] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 250.876166][ T5879] usb 1-1: config 0 descriptor?? [ 250.883587][ T7978] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 251.398028][ T9] usb 1-1: USB disconnect, device number 22 [ 251.459111][ T51] Bluetooth: hci4: Opcode 0x0c03 failed: -71 [ 253.024589][ T8014] syz.3.529 uses obsolete (PF_INET,SOCK_PACKET) [ 253.370727][ T8025] syzkaller0: entered promiscuous mode [ 253.386355][ T8025] syzkaller0: entered allmulticast mode [ 254.115805][ T8040] loop0: detected capacity change from 0 to 4096 [ 256.056620][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.063068][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.445691][ T27] audit: type=1326 audit(1761606791.524:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8082 comm="syz.1.549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd66b8efc9 code=0x7ffc0000 [ 256.550575][ T27] audit: type=1326 audit(1761606791.554:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8082 comm="syz.1.549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd66b8efc9 code=0x7ffc0000 [ 256.598338][ T27] audit: type=1326 audit(1761606791.554:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8082 comm="syz.1.549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=140 compat=0 ip=0x7fbd66b8efc9 code=0x7ffc0000 [ 256.650222][ T27] audit: type=1326 audit(1761606791.554:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8082 comm="syz.1.549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd66b8efc9 code=0x7ffc0000 [ 256.725927][ T8084] netlink: 24 bytes leftover after parsing attributes in process `syz.1.549'. [ 256.877655][ T27] audit: type=1326 audit(1761606791.554:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8082 comm="syz.1.549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd66b8efc9 code=0x7ffc0000 [ 256.917977][ T27] audit: type=1326 audit(1761606791.564:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8082 comm="syz.1.549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7fbd66b8efc9 code=0x7ffc0000 [ 256.945985][ T27] audit: type=1326 audit(1761606791.564:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8082 comm="syz.1.549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fbd66b8f003 code=0x7ffc0000 [ 256.971340][ T27] audit: type=1326 audit(1761606791.564:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8082 comm="syz.1.549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fbd66b8da7f code=0x7ffc0000 [ 256.996056][ T9] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 257.008862][ T27] audit: type=1326 audit(1761606791.584:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8082 comm="syz.1.549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7fbd66b8f057 code=0x7ffc0000 [ 257.226151][ T9] usb 3-1: Using ep0 maxpacket: 32 [ 257.302580][ T27] audit: type=1326 audit(1761606791.584:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8082 comm="syz.1.549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fbd66b8d810 code=0x7ffc0000 [ 257.376164][ T9] usb 3-1: config 0 has an invalid interface number: 184 but max is 0 [ 257.416947][ T9] usb 3-1: config 0 has no interface number 0 [ 257.423148][ T9] usb 3-1: config 0 interface 184 has no altsetting 0 [ 257.483393][ T9] usb 3-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 257.519460][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 257.557113][ T9] usb 3-1: Product: syz [ 257.569941][ T9] usb 3-1: Manufacturer: syz [ 257.606426][ T9] usb 3-1: SerialNumber: syz [ 257.668653][ T9] usb 3-1: config 0 descriptor?? [ 257.727314][ T9] smsc75xx v1.0.0 [ 258.356514][ T9] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32 [ 258.391570][ T9] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 258.410257][ T9] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -32 [ 258.434193][ T9] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -32 [ 258.453773][ T9] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset [ 258.476373][ T9] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -32 [ 258.488474][ T9] smsc75xx: probe of 3-1:0.184 failed with error -32 [ 259.516131][ T51] Bluetooth: hci2: Malformed LE Event: 0x0b [ 259.763703][ T5857] usb 3-1: USB disconnect, device number 19 [ 261.414209][ T8184] loop0: detected capacity change from 0 to 2048 [ 261.470949][ T8184] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none. [ 261.597915][ T6765] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000900. [ 262.374891][ T8212] loop0: detected capacity change from 0 to 128 [ 262.385203][ T8212] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 262.430135][ T8212] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 262.581404][ T59] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 262.793145][ T8214] loop0: detected capacity change from 0 to 2048 [ 262.830312][ T8214] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none. [ 262.923573][ T6765] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000900. [ 267.184229][ T8296] loop2: detected capacity change from 0 to 4096 [ 268.367176][ T5800] Bluetooth: hci0: command 0x0406 tx timeout [ 268.924956][ T8320] loop2: detected capacity change from 0 to 1024 [ 269.138825][ T3047] hfsplus: b-tree write err: -5, ino 4 [ 269.388898][ T8327] loop2: detected capacity change from 0 to 1024 [ 270.342155][ T8343] loop2: detected capacity change from 0 to 4096 [ 270.568233][ T8352] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 270.696162][ T970] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 271.432732][ T970] usb 1-1: Using ep0 maxpacket: 32 [ 271.450405][ T970] usb 1-1: config 0 has an invalid interface number: 184 but max is 0 [ 271.465949][ T970] usb 1-1: config 0 has no interface number 0 [ 271.472356][ T970] usb 1-1: config 0 interface 184 has no altsetting 0 [ 271.492306][ T970] usb 1-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 271.516141][ T970] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 271.529256][ T970] usb 1-1: Product: syz [ 271.539151][ T970] usb 1-1: Manufacturer: syz [ 271.543837][ T970] usb 1-1: SerialNumber: syz [ 271.567232][ T970] usb 1-1: config 0 descriptor?? [ 271.578713][ T970] smsc75xx v1.0.0 [ 272.186755][ T970] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32 [ 272.215971][ T970] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 272.227563][ T970] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -61 [ 272.243916][ T970] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -61 [ 272.256721][ T970] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset [ 272.267832][ T970] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -61 [ 272.279186][ T970] smsc75xx: probe of 1-1:0.184 failed with error -61 [ 272.317102][ T8379] autofs4:pid:8379:autofs_fill_super: called with bogus options [ 273.128611][ T8414] overlayfs: missing 'lowerdir' [ 273.509776][ T970] usb 1-1: USB disconnect, device number 23 [ 274.016292][ T970] usb 1-1: new full-speed USB device number 24 using dummy_hcd [ 274.208565][ T970] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 274.226008][ T970] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 274.249881][ T970] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 274.259326][ T970] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 274.275982][ T970] usb 1-1: Product: syz [ 274.286252][ T970] usb 1-1: Manufacturer: syz [ 274.296238][ T970] usb 1-1: SerialNumber: syz [ 274.420288][ T8435] overlayfs: failed to clone upperpath [ 274.537208][ T970] usb 1-1: 0:2 : does not exist [ 274.552624][ T970] usb 1-1: 5:0: failed to get current value for ch 0 (-22) [ 274.623909][ T970] usb 1-1: USB disconnect, device number 24 [ 274.723219][ T5797] udevd[5797]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 275.371078][ T8450] syzkaller0: entered promiscuous mode [ 275.396902][ T8450] syzkaller0: entered allmulticast mode [ 275.477980][ T8454] overlayfs: failed to clone upperpath [ 276.046465][ T970] usb 1-1: new high-speed USB device number 25 using dummy_hcd [ 276.250734][ T970] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 276.274435][ T970] usb 1-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice= 0.00 [ 276.300451][ T970] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 276.329437][ T970] usb 1-1: config 0 descriptor?? [ 277.210667][ T970] letsketch 0003:6161:4D15.0006: Device info: 劸 [ 277.419854][ T970] letsketch 0003:6161:4D15.0006: Device info: 귡ɪ做㲄股儀廹 [ 277.660658][ T970] usb 1-1: Max retries (5) exceeded reading string descriptor 202 [ 277.676376][ T970] letsketch: probe of 0003:6161:4D15.0006 failed with error -71 [ 277.700482][ T970] usb 1-1: USB disconnect, device number 25 [ 278.118350][ T8508] overlayfs: failed to clone upperpath [ 278.556128][ T5777] usb 1-1: new high-speed USB device number 26 using dummy_hcd [ 278.766141][ T5777] usb 1-1: Using ep0 maxpacket: 16 [ 278.783971][ T5777] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 278.819690][ T5777] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 278.853394][ T5777] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 278.879633][ T5777] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 279.027598][ T5777] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 279.045502][ T5777] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 279.056617][ T5777] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 279.064706][ T5777] usb 1-1: Manufacturer: syz [ 279.076852][ T5777] usb 1-1: config 0 descriptor?? [ 279.406078][ T5777] rc_core: IR keymap rc-hauppauge not found [ 279.413544][ T5777] Registered IR keymap rc-empty [ 279.420325][ T5777] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 279.466347][ T5777] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 279.499914][ T5777] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0 [ 279.515658][ T5777] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input9 [ 279.540307][ T5777] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 279.577833][ T5777] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 279.614182][ T5777] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 279.662616][ T5777] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 279.727097][ T5777] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 279.766185][ T5777] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 279.806897][ T5777] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 279.846150][ T5777] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 279.886279][ T5777] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 279.937972][ T5777] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 280.210606][ T5777] mceusb 1-1:0.0: Registered 艣¦ with mce emulator interface version 1 [ 280.236619][ T5777] mceusb 1-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 280.960342][ T5777] usb 1-1: USB disconnect, device number 26 [ 281.207667][ T8572] loop0: detected capacity change from 0 to 64 [ 281.357508][ T8572] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 281.373759][ T8572] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 281.724855][ T8585] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 281.766019][ T5777] usb 1-1: new high-speed USB device number 27 using dummy_hcd [ 282.165973][ T5777] usb 1-1: Using ep0 maxpacket: 32 [ 282.174271][ T5777] usb 1-1: too many configurations: 17, using maximum allowed: 8 [ 282.190540][ T5777] usb 1-1: config 0 has an invalid interface number: 2 but max is 0 [ 282.199410][ T5777] usb 1-1: config 0 has no interface number 0 [ 282.205596][ T5777] usb 1-1: config 0 interface 2 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 282.226177][ T5777] usb 1-1: config 0 interface 2 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 282.247317][ T5777] usb 1-1: config 0 has an invalid interface number: 2 but max is 0 [ 282.255765][ T5777] usb 1-1: config 0 has no interface number 0 [ 282.282960][ T5777] usb 1-1: config 0 interface 2 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 282.294151][ T5777] usb 1-1: config 0 interface 2 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 282.307495][ T5777] usb 1-1: config 0 has an invalid interface number: 2 but max is 0 [ 282.318362][ T5777] usb 1-1: config 0 has no interface number 0 [ 282.327088][ T5777] usb 1-1: config 0 interface 2 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 282.338259][ T5777] usb 1-1: config 0 interface 2 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 282.349989][ T5777] usb 1-1: config 0 has an invalid interface number: 2 but max is 0 [ 282.358791][ T5777] usb 1-1: config 0 has no interface number 0 [ 282.364962][ T5777] usb 1-1: config 0 interface 2 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 282.376648][ T5777] usb 1-1: config 0 interface 2 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 282.398364][ T5777] usb 1-1: config 0 has an invalid interface number: 2 but max is 0 [ 282.437207][ T5777] usb 1-1: config 0 has no interface number 0 [ 282.453104][ T5777] usb 1-1: config 0 interface 2 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 282.475822][ T5777] usb 1-1: config 0 interface 2 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 282.513944][ T5777] usb 1-1: config 0 has an invalid interface number: 2 but max is 0 [ 282.529627][ T5777] usb 1-1: config 0 has no interface number 0 [ 282.542323][ T5777] usb 1-1: config 0 interface 2 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 282.552589][ T5777] usb 1-1: config 0 interface 2 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 282.566640][ T5777] usb 1-1: config 0 has an invalid interface number: 2 but max is 0 [ 282.574701][ T5777] usb 1-1: config 0 has no interface number 0 [ 282.586598][ T5777] usb 1-1: config 0 interface 2 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 282.597656][ T5777] usb 1-1: config 0 interface 2 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 282.612646][ T5777] usb 1-1: config 0 has an invalid interface number: 2 but max is 0 [ 282.635905][ T5777] usb 1-1: config 0 has no interface number 0 [ 282.652449][ T5777] usb 1-1: config 0 interface 2 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 282.674039][ T5777] usb 1-1: config 0 interface 2 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 282.704050][ T5777] usb 1-1: New USB device found, idVendor=108c, idProduct=0168, bcdDevice=84.b2 [ 282.723661][ T5777] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 282.750587][ T5777] usb 1-1: Product: syz [ 282.754849][ T5777] usb 1-1: Manufacturer: syz [ 282.761432][ T5777] usb 1-1: SerialNumber: syz [ 282.777500][ T5777] usb 1-1: config 0 descriptor?? [ 282.791899][ T5777] etas_es58x 1-1:0.2: Starting syz syz (Serial Number syz) [ 283.020254][ T5777] etas_es58x 1-1:0.2: could not parse product info: '424242424242' [ 283.261967][ T8583] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 283.286627][ T8583] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 284.579452][ T5777] usb 1-1: USB disconnect, device number 27 [ 284.587659][ T5777] etas_es58x 1-1:0.2: Disconnecting syz syz [ 285.258991][ T8681] loop0: detected capacity change from 0 to 4096 [ 286.213073][ T8710] netlink: 12 bytes leftover after parsing attributes in process `syz.0.782'. [ 286.251829][ T8710] netlink: 24 bytes leftover after parsing attributes in process `syz.0.782'. [ 287.699456][ T8735] loop0: detected capacity change from 0 to 24 [ 287.717552][ T8735] MTD: Attempt to mount non-MTD device "/dev/loop0" [ 288.620140][ T8737] netlink: 'syz.2.793': attribute type 7 has an invalid length. [ 288.817835][ T8737] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 288.827253][ T8737] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 288.836129][ T8737] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 288.845978][ T8737] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 288.850057][ T51] Bluetooth: hci2: command 0x0406 tx timeout [ 289.097765][ T8737] netlink: 'syz.2.793': attribute type 7 has an invalid length. [ 289.414102][ T8735] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 290.230341][ T8746] overlayfs: failed to clone upperpath [ 291.237955][ T8773] (unnamed net_device) (uninitialized): ARP target 4.0.0.0 is already present [ 291.250072][ T8771] overlayfs: failed to clone upperpath [ 291.266328][ T8773] (unnamed net_device) (uninitialized): option arp_ip_target: invalid value (4) [ 291.365141][ T8776] loop0: detected capacity change from 0 to 256 [ 291.391373][ T8776] exfat: Deprecated parameter 'namecase' [ 291.432675][ T8776] exfat: Deprecated parameter 'namecase' [ 291.466147][ T8776] exfat: Deprecated parameter 'utf8' [ 291.499131][ T8776] exfat: Deprecated parameter 'utf8' [ 291.591727][ T8776] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x5417aa89, utbl_chksum : 0xe619d30d) [ 292.146443][ T8787] x_tables: duplicate entry at hook 1 [ 292.195314][ T8788] netlink: 'syz.1.814': attribute type 1 has an invalid length. [ 292.766727][ T8790] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 294.552371][ T8808] loop0: detected capacity change from 0 to 40427 [ 294.606328][ T8809] x_tables: duplicate entry at hook 1 [ 294.707256][ T8808] F2FS-fs (loop0): Found nat_bits in checkpoint [ 294.765174][ T8808] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 294.847516][ T8808] F2FS-fs (loop0): access invalid blkaddr:2048 [ 294.854345][ T8808] CPU: 1 PID: 8808 Comm: syz.0.821 Not tainted syzkaller #0 [ 294.861701][ T8808] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 294.871839][ T8808] Call Trace: [ 294.875233][ T8808] [ 294.878181][ T8808] dump_stack_lvl+0x16c/0x230 [ 294.882902][ T8808] ? show_regs_print_info+0x20/0x20 [ 294.888133][ T8808] ? __lock_acquire+0x1260/0x7c80 [ 294.893202][ T8808] ? f2fs_get_next_page_offset+0x690/0x690 [ 294.899054][ T8808] f2fs_is_valid_blkaddr+0xef8/0x1580 [ 294.904454][ T8808] f2fs_map_blocks+0xda2/0x3da0 [ 294.909364][ T8808] ? verify_lock_unused+0x140/0x140 [ 294.914642][ T8808] ? f2fs_get_block_locked+0xe0/0xe0 [ 294.919979][ T8808] ? __lock_acquire+0x7c80/0x7c80 [ 294.925034][ T8808] ? xas_descend+0x3a4/0x490 [ 294.929681][ T8808] ? xa_load+0x2c0/0x2e0 [ 294.933954][ T8808] ? xa_load+0x64/0x2e0 [ 294.938137][ T8808] ? page_index+0xe7/0x470 [ 294.942584][ T8808] f2fs_mpage_readpages+0x9f5/0x1ec0 [ 294.947955][ T8808] ? detach_page_private+0x4c0/0x4c0 [ 294.953269][ T8808] ? __mod_lruvec_page_state+0xa5/0x420 [ 294.958866][ T8808] ? f2fs_readahead+0x167/0x300 [ 294.963747][ T8808] ? f2fs_dirty_data_folio+0x810/0x810 [ 294.969239][ T8808] read_pages+0x177/0x840 [ 294.973599][ T8808] ? folio_put+0xd0/0xd0 [ 294.977968][ T8808] ? page_cache_ra_unbounded+0x770/0x770 [ 294.983742][ T8808] ? filemap_add_folio+0x192/0x3c0 [ 294.988902][ T8808] page_cache_ra_unbounded+0x692/0x770 [ 294.994583][ T8808] f2fs_readdir+0x44c/0x8c0 [ 294.999154][ T8808] ? f2fs_fill_dentries+0xbb0/0xbb0 [ 295.004446][ T8808] ? mutex_lock_nested+0x20/0x20 [ 295.009436][ T8808] ? end_current_label_crit_section+0x149/0x170 [ 295.015742][ T8808] ? down_read_killable+0x1d0/0x340 [ 295.021106][ T8808] ? fsnotify_perm+0x271/0x5e0 [ 295.025925][ T8808] iterate_dir+0x1c2/0x580 [ 295.030389][ T8808] __se_sys_getdents+0xe9/0x260 [ 295.035281][ T8808] ? __x64_sys_getdents+0x80/0x80 [ 295.040420][ T8808] ? fillonedir+0x430/0x430 [ 295.044955][ T8808] ? lockdep_hardirqs_on+0x98/0x150 [ 295.050173][ T8808] do_syscall_64+0x55/0xb0 [ 295.054611][ T8808] ? clear_bhb_loop+0x40/0x90 [ 295.059305][ T8808] ? clear_bhb_loop+0x40/0x90 [ 295.063998][ T8808] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 295.069907][ T8808] RIP: 0033:0x7f1d7798efc9 [ 295.074340][ T8808] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 295.093974][ T8808] RSP: 002b:00007f1d78776038 EFLAGS: 00000246 ORIG_RAX: 000000000000004e [ 295.102418][ T8808] RAX: ffffffffffffffda RBX: 00007f1d77be5fa0 RCX: 00007f1d7798efc9 [ 295.110413][ T8808] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 295.118417][ T8808] RBP: 00007f1d77a11f91 R08: 0000000000000000 R09: 0000000000000000 [ 295.126404][ T8808] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 295.134390][ T8808] R13: 00007f1d77be6038 R14: 00007f1d77be5fa0 R15: 00007fff43861098 [ 295.142400][ T8808] [ 295.190299][ T8808] syz.0.821: attempt to access beyond end of device [ 295.190299][ T8808] loop0: rw=524288, sector=45064, nr_sectors = 8 limit=40427 [ 295.205121][ T8808] syz.0.821: attempt to access beyond end of device [ 295.205121][ T8808] loop0: rw=0, sector=45064, nr_sectors = 8 limit=40427 [ 295.640784][ T8825] overlayfs: failed to clone upperpath [ 295.787792][ T6765] syz-executor: attempt to access beyond end of device [ 295.787792][ T6765] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 295.821939][ T6765] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 295.917987][ T8835] x_tables: duplicate entry at hook 1 [ 296.513499][ T8850] overlayfs: failed to clone upperpath [ 298.071334][ T8852] loop0: detected capacity change from 0 to 24 [ 298.081981][ T8852] MTD: Attempt to mount non-MTD device "/dev/loop0" [ 298.665977][ T8852] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 298.935971][ T51] Bluetooth: hci2: command 0x0406 tx timeout [ 298.953103][ T8863] x_tables: duplicate entry at hook 1 [ 299.291122][ T8873] overlayfs: failed to clone upperpath [ 299.581850][ T8877] loop0: detected capacity change from 0 to 32768 [ 299.633712][ T8877] ocfs2: Mounting device (7,0) on (node local, slot 0) with writeback data mode. [ 299.911120][ T8885] netlink: 8 bytes leftover after parsing attributes in process `syz.2.855'. [ 299.995505][ T8883] fuse: Bad value for 'fd' [ 300.021221][ T6765] ocfs2: Unmounting device (7,0) on (node local) [ 300.136535][ T8890] x_tables: duplicate entry at hook 1 [ 300.438813][ T8899] loop0: detected capacity change from 0 to 2048 [ 300.805316][ T8899] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none. [ 301.288505][ T8907] overlayfs: failed to clone upperpath [ 301.368941][ T6765] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000900. [ 301.612696][ T8918] x_tables: duplicate entry at hook 1 [ 301.624877][ T5792] Bluetooth: hci2: unexpected event 0x06 length: 4 > 3 [ 301.716239][ T8922] netlink: 32 bytes leftover after parsing attributes in process `syz.1.869'. [ 302.028636][ T8934] overlayfs: failed to clone upperpath [ 302.046218][ T5777] usb 1-1: new full-speed USB device number 28 using dummy_hcd [ 302.237738][ T5777] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 302.249176][ T5777] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 127, setting to 64 [ 302.261438][ T5777] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 302.270737][ T5777] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 302.283429][ T8924] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 302.293329][ T8924] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 302.305611][ T5777] usb 1-1: Quirk or no altest; falling back to MIDI 1.0 [ 302.515412][ T9] usb 1-1: USB disconnect, device number 28 [ 303.041205][ T8955] overlayfs: failed to clone upperpath [ 303.738559][ T51] Bluetooth: hci2: command 0x0406 tx timeout [ 303.938191][ T8968] loop0: detected capacity change from 0 to 65536 [ 304.388282][ T8968] XFS (loop0): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 304.413805][ T8979] overlayfs: failed to clone upperpath [ 304.520784][ T51] Bluetooth: hci0: unexpected event 0x06 length: 4 > 3 [ 304.530145][ T8968] XFS (loop0): Ending clean mount [ 304.556072][ T8968] XFS (loop0): Quotacheck needed: Please wait. [ 304.714323][ T8968] XFS (loop0): Quotacheck: Done. [ 304.995477][ T6765] XFS (loop0): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 305.140711][ T51] Bluetooth: hci1: command 0x0406 tx timeout [ 305.805983][ T5792] Bluetooth: hci2: command 0x0406 tx timeout [ 306.211837][ T9012] overlayfs: failed to decode file handle (len=5, type=0, flags=0, err=-22) [ 306.563600][ T51] Bluetooth: hci0: command 0x0406 tx timeout [ 308.610756][ T51] Bluetooth: hci0: command 0x0406 tx timeout [ 309.333077][ T51] Bluetooth: hci3: command 0x0406 tx timeout [ 309.650057][ T9] usb 1-1: new high-speed USB device number 29 using dummy_hcd [ 310.146054][ T9] usb 1-1: Using ep0 maxpacket: 32 [ 310.203878][ T9] usb 1-1: config 0 has an invalid interface number: 184 but max is 0 [ 310.230855][ T9] usb 1-1: config 0 has no interface number 0 [ 310.249918][ T9] usb 1-1: config 0 interface 184 has no altsetting 0 [ 310.267555][ T9] usb 1-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 310.287712][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 310.296416][ T9] usb 1-1: Product: syz [ 310.316165][ T9] usb 1-1: Manufacturer: syz [ 310.320973][ T9] usb 1-1: SerialNumber: syz [ 310.340974][ T9] usb 1-1: config 0 descriptor?? [ 310.393283][ T9] smsc75xx v1.0.0 [ 311.009107][ T9] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32 [ 311.039333][ T9] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 311.695795][ T9] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000010: -61 [ 311.708262][ T9] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read HW_CFG: -61 [ 311.720937][ T9] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -61 [ 311.736909][ T9] smsc75xx: probe of 1-1:0.184 failed with error -61 [ 311.912645][ T51] Bluetooth: hci0: unexpected event 0x06 length: 4 > 3 [ 311.914811][ T9104] netlink: 'syz.3.949': attribute type 7 has an invalid length. [ 311.951374][ T9104] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 311.960413][ T9104] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 311.969777][ T9104] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 311.978881][ T9104] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 311.990794][ T9104] netlink: 'syz.3.949': attribute type 7 has an invalid length. [ 312.558501][ T5857] usb 1-1: USB disconnect, device number 29 [ 312.910963][ T5800] Bluetooth: hci2: unexpected event 0x06 length: 4 > 3 [ 313.193720][ T5794] Bluetooth: hci3: command 0x0406 tx timeout [ 313.966013][ T5792] Bluetooth: hci0: command 0x0406 tx timeout [ 314.406157][ T5792] Bluetooth: hci3: unexpected event 0x06 length: 4 > 3 [ 314.456072][ T51] Bluetooth: hci1: command 0x0406 tx timeout [ 314.926638][ T51] Bluetooth: hci2: command 0x0406 tx timeout [ 315.663489][ T9165] loop0: detected capacity change from 0 to 128 [ 315.697982][ T9167] netlink: 12 bytes leftover after parsing attributes in process `syz.3.975'. [ 315.752098][ T9165] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 315.817778][ T51] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:0' [ 315.827898][ T51] CPU: 1 PID: 51 Comm: kworker/u5:0 Not tainted syzkaller #0 [ 315.835293][ T51] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 315.845385][ T51] Workqueue: hci3 hci_rx_work [ 315.850098][ T51] Call Trace: [ 315.853395][ T51] [ 315.856334][ T51] dump_stack_lvl+0x16c/0x230 [ 315.861048][ T51] ? show_regs_print_info+0x20/0x20 [ 315.866265][ T51] ? load_image+0x3b0/0x3b0 [ 315.870788][ T51] sysfs_create_dir_ns+0x256/0x280 [ 315.875947][ T51] ? hci_rx_work+0x43a/0xd80 [ 315.880556][ T51] ? sysfs_warn_dup+0xa0/0xa0 [ 315.885251][ T51] ? do_raw_spin_unlock+0x121/0x230 [ 315.890477][ T51] kobject_add_internal+0x6b8/0xc70 [ 315.895694][ T51] kobject_add+0x156/0x220 [ 315.900147][ T51] ? __rwlock_init+0x150/0x150 [ 315.904932][ T51] ? kobject_init+0x1e0/0x1e0 [ 315.909630][ T51] ? _raw_spin_unlock+0x28/0x40 [ 315.914516][ T51] ? get_device_parent+0x366/0x390 [ 315.919653][ T51] device_add+0x408/0xc20 [ 315.924005][ T51] hci_conn_add_sysfs+0xd5/0x1e0 [ 315.928977][ T51] le_conn_complete_evt+0xf36/0x1500 [ 315.934281][ T51] ? hci_event_packet+0x4a7/0x1210 [ 315.939412][ T51] ? hci_le_big_info_adv_report_evt+0x8e0/0x8e0 [ 315.945665][ T51] ? __copy_skb_header+0xa7/0x550 [ 315.950709][ T51] ? __mutex_unlock_slowpath+0x1a2/0x6a0 [ 315.956363][ T51] ? skb_pull_data+0xfb/0x200 [ 315.961053][ T51] hci_le_enh_conn_complete_evt+0x189/0x460 [ 315.966974][ T51] ? hci_le_remote_conn_param_req_evt+0xcc0/0xcc0 [ 315.973454][ T51] ? hci_remote_host_features_evt+0x160/0x160 [ 315.979590][ T51] hci_event_packet+0x795/0x1210 [ 315.984575][ T51] ? bis_list+0x290/0x290 [ 315.988927][ T51] ? lockdep_hardirqs_on+0x98/0x150 [ 315.994144][ T51] ? hci_send_to_monitor+0xd7/0x4f0 [ 315.999374][ T51] hci_rx_work+0x43a/0xd80 [ 316.003826][ T51] ? process_scheduled_works+0x957/0x15b0 [ 316.009571][ T51] process_scheduled_works+0xa45/0x15b0 [ 316.015162][ T51] ? assign_work+0x400/0x400 [ 316.019796][ T51] ? assign_work+0x39e/0x400 [ 316.024415][ T51] worker_thread+0xa55/0xfc0 [ 316.029049][ T51] kthread+0x2fa/0x390 [ 316.033157][ T51] ? pr_cont_work+0x560/0x560 [ 316.037855][ T51] ? kthread_blkcg+0xd0/0xd0 [ 316.042458][ T51] ret_from_fork+0x48/0x80 [ 316.046899][ T51] ? kthread_blkcg+0xd0/0xd0 [ 316.051503][ T51] ret_from_fork_asm+0x11/0x20 [ 316.056307][ T51] [ 316.066023][ T51] kobject: kobject_add_internal failed for hci3:0 with -EEXIST, don't try to register things with the same name in the same directory. [ 316.081226][ T51] Bluetooth: hci3: failed to register connection device [ 316.088927][ T51] Bluetooth: hci3: unexpected event 0x06 length: 4 > 3 [ 316.089047][ T51] Bluetooth: hci0: command 0x0406 tx timeout [ 316.123231][ T9165] ext4 filesystem being mounted at /119/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 316.308199][ T6765] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 316.446021][ T5800] Bluetooth: hci3: command 0x0406 tx timeout [ 316.867856][ T9188] 9pnet_fd: Insufficient options for proto=fd [ 317.020185][ T5800] Bluetooth: hci2: command 0x0406 tx timeout [ 317.492913][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.696112][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.773923][ T9199] ptrace attach of "./syz-executor exec"[6969] was attempted by "\x22"[9199] [ 317.793121][ T9199] team_slave_0: entered promiscuous mode [ 317.799413][ T9199] team_slave_1: entered promiscuous mode [ 317.893903][ T9199] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 317.950820][ T9204] 8021q: adding VLAN 0 to HW filter on device macvlan3 [ 317.982020][ T9206] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 318.529573][ T5792] Bluetooth: hci3: command 0x0406 tx timeout [ 318.932835][ T9226] 9pnet_fd: Insufficient options for proto=fd [ 319.026376][ T9228] overlayfs: failed to clone upperpath [ 319.930661][ T9249] warning: `syz.0.1006' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 319.989364][ T9251] overlayfs: failed to clone upperpath [ 320.216213][ T9259] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1011'. [ 320.226141][ T9259] team1 (uninitialized): Failed to send options change via netlink (err -105) [ 320.254237][ T9259] team1: entered promiscuous mode [ 320.259470][ T9259] team1: entered allmulticast mode [ 320.581336][ T9273] overlayfs: failed to decode file handle (len=5, type=0, flags=0, err=-22) [ 320.607382][ T5800] Bluetooth: hci3: command 0x0406 tx timeout [ 321.646413][ T9284] loop0: detected capacity change from 0 to 2048 [ 322.115721][ T9284] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none. [ 322.839367][ T9301] overlayfs: failed to clone upperpath [ 322.842496][ T6765] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000900. [ 323.053785][ T9308] overlayfs: failed to clone upperpath [ 323.382203][ T9318] binder: BINDER_SET_CONTEXT_MGR already set [ 323.418290][ T9318] binder: 9317:9318 ioctl 40046207 0 returned -16 [ 324.412489][ T5800] Bluetooth: hci0: unexpected event 0x06 length: 4 > 3 [ 324.501523][ T9335] loop0: detected capacity change from 0 to 2048 [ 324.895970][ T9335] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none. [ 325.389469][ T6765] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000900. [ 325.476986][ T9345] overlayfs: failed to clone upperpath [ 325.560254][ T9350] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1044'. [ 325.596562][ T9350] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1044'. [ 325.622948][ T9350] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 325.632022][ T9350] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 325.637396][ T9352] loop0: detected capacity change from 0 to 4096 [ 325.640944][ T9350] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 325.657100][ T9350] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 325.712147][ T9350] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1044'. [ 325.721545][ T9350] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1044'. [ 325.945756][ T9352] EXT4-fs (loop0): Test dummy encryption mode enabled [ 325.959635][ T9352] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003] [ 325.979614][ T9352] System zones: 0-5 [ 326.002788][ T9352] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 326.025411][ T5792] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:0' [ 326.036753][ T5792] CPU: 1 PID: 5792 Comm: kworker/u5:2 Not tainted syzkaller #0 [ 326.044406][ T5792] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 326.054527][ T5792] Workqueue: hci0 hci_rx_work [ 326.059292][ T5792] Call Trace: [ 326.063009][ T5792] [ 326.065993][ T5792] dump_stack_lvl+0x16c/0x230 [ 326.070754][ T5792] ? show_regs_print_info+0x20/0x20 [ 326.076041][ T5792] ? load_image+0x3b0/0x3b0 [ 326.080643][ T5792] sysfs_create_dir_ns+0x256/0x280 [ 326.085848][ T5792] ? hci_rx_work+0x43a/0xd80 [ 326.090618][ T5792] ? sysfs_warn_dup+0xa0/0xa0 [ 326.095378][ T5792] ? do_raw_spin_unlock+0x121/0x230 [ 326.100661][ T5792] kobject_add_internal+0x6b8/0xc70 [ 326.105943][ T5792] kobject_add+0x156/0x220 [ 326.110423][ T5792] ? __rwlock_init+0x150/0x150 [ 326.115261][ T5792] ? kobject_init+0x1e0/0x1e0 [ 326.120199][ T5792] ? _raw_spin_unlock+0x28/0x40 [ 326.125119][ T5792] ? get_device_parent+0x366/0x390 [ 326.130308][ T5792] device_add+0x408/0xc20 [ 326.134709][ T5792] hci_conn_add_sysfs+0xd5/0x1e0 [ 326.139746][ T5792] le_conn_complete_evt+0xf36/0x1500 [ 326.145123][ T5792] ? hci_event_packet+0x4a7/0x1210 [ 326.150327][ T5792] ? hci_le_big_info_adv_report_evt+0x8e0/0x8e0 [ 326.156634][ T5792] ? __copy_skb_header+0xa7/0x550 [ 326.161735][ T5792] ? __mutex_unlock_slowpath+0x1a2/0x6a0 [ 326.167441][ T5792] ? skb_pull_data+0xfb/0x200 [ 326.172188][ T5792] hci_le_enh_conn_complete_evt+0x189/0x460 [ 326.178163][ T5792] ? hci_le_remote_conn_param_req_evt+0xcc0/0xcc0 [ 326.184651][ T5792] ? hci_remote_host_features_evt+0x160/0x160 [ 326.190823][ T5792] hci_event_packet+0x795/0x1210 [ 326.195851][ T5792] ? bis_list+0x290/0x290 [ 326.200240][ T5792] ? lockdep_hardirqs_on+0x98/0x150 [ 326.205490][ T5792] ? hci_send_to_monitor+0xd7/0x4f0 [ 326.210763][ T5792] hci_rx_work+0x43a/0xd80 [ 326.215263][ T5792] ? process_scheduled_works+0x957/0x15b0 [ 326.221060][ T5792] process_scheduled_works+0xa45/0x15b0 [ 326.226789][ T5792] ? assign_work+0x400/0x400 [ 326.231452][ T5792] ? assign_work+0x39e/0x400 [ 326.236118][ T5792] worker_thread+0xa55/0xfc0 [ 326.240803][ T5792] kthread+0x2fa/0x390 [ 326.244924][ T5792] ? pr_cont_work+0x560/0x560 [ 326.249666][ T5792] ? kthread_blkcg+0xd0/0xd0 [ 326.254319][ T5792] ret_from_fork+0x48/0x80 [ 326.258801][ T5792] ? kthread_blkcg+0xd0/0xd0 [ 326.263449][ T5792] ret_from_fork_asm+0x11/0x20 [ 326.268308][ T5792] [ 326.283215][ T5792] kobject: kobject_add_internal failed for hci0:0 with -EEXIST, don't try to register things with the same name in the same directory. [ 326.298169][ T5792] Bluetooth: hci0: failed to register connection device [ 326.446334][ T5792] Bluetooth: hci0: command 0x0406 tx timeout [ 326.531629][ T6765] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 326.857024][ T9380] overlayfs: failed to clone upperpath [ 326.947319][ T9382] loop0: detected capacity change from 0 to 256 [ 326.971298][ T9382] exfat: Deprecated parameter 'utf8' [ 326.991057][ T9382] exfat: Deprecated parameter 'utf8' [ 327.061500][ T9382] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x7b823c56, utbl_chksum : 0xe619d30d) [ 327.416545][ T9392] fuse: Bad value for 'fd' [ 327.556294][ T9393] loop0: detected capacity change from 0 to 2048 [ 327.937180][ T9393] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none. [ 328.400377][ T6765] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000900. [ 328.503180][ T9403] overlayfs: failed to clone upperpath [ 328.526828][ T5800] Bluetooth: hci0: command 0x0406 tx timeout [ 328.837850][ T9413] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1068'. [ 329.250642][ T9425] overlayfs: failed to clone upperpath [ 329.441839][ T9409] loop0: detected capacity change from 0 to 32768 [ 329.485028][ T9409] XFS (loop0): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 329.507580][ T9435] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1075'. [ 329.517820][ T9435] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1075'. [ 329.528126][ T9435] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1075'. [ 329.537370][ T9435] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1075'. [ 329.686020][ T9409] XFS (loop0): Ending clean mount [ 329.691239][ T5157] udevd[5157]: worker [5797] terminated by signal 33 (Unknown signal 33) [ 329.709102][ T5157] udevd[5157]: worker [5797] failed while handling '/devices/virtual/block/loop0' [ 329.751708][ T9444] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1078'. [ 329.803457][ T6765] XFS (loop0): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 330.091989][ T9451] overlayfs: failed to clone upperpath [ 330.458486][ T9462] loop0: detected capacity change from 0 to 2048 [ 330.648403][ T5792] Bluetooth: hci0: command 0x0406 tx timeout [ 330.976095][ T9462] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none. [ 331.276661][ T9461] __nla_validate_parse: 2 callbacks suppressed [ 331.276792][ T9461] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1086'. [ 331.311751][ T9461] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1086'. [ 331.449764][ T6765] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000900. [ 331.692849][ T9478] overlayfs: failed to clone upperpath [ 332.284556][ T9477] loop0: detected capacity change from 0 to 32768 [ 332.319611][ T9477] XFS (loop0): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 332.393172][ T9477] XFS (loop0): Ending clean mount [ 332.490787][ T6765] XFS (loop0): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 332.858156][ T9516] overlayfs: failed to decode file handle (len=5, type=0, flags=0, err=-22) [ 333.222842][ T9518] mmap: syz.1.1105 (9518) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 334.143794][ T9527] loop0: detected capacity change from 0 to 2048 [ 334.451607][ T9527] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none. [ 335.107445][ T6765] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000900. [ 335.409292][ T9547] loop0: detected capacity change from 0 to 128 [ 335.464737][ T27] kauditd_printk_skb: 43 callbacks suppressed [ 335.464755][ T27] audit: type=1800 audit(1761606870.544:73): pid=9547 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1117" name="file2" dev="loop0" ino=1048650 res=0 errno=0 [ 336.239075][ T9569] overlayfs: failed to clone upperpath [ 336.864162][ T9591] loop0: detected capacity change from 0 to 512 [ 336.883438][ T9591] EXT4-fs (loop0): Test dummy encryption mode enabled [ 336.927397][ T9591] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 336.976640][ T9591] EXT4-fs (loop0): 1 truncate cleaned up [ 336.984000][ T9591] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 337.057514][ T27] audit: type=1800 audit(1761606872.134:74): pid=9591 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1139" name="file2" dev="loop0" ino=16 res=0 errno=0 [ 337.212009][ T6765] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 337.678658][ T9610] sctp: [Deprecated]: syz.0.1147 (pid 9610) Use of int in max_burst socket option. [ 337.678658][ T9610] Use struct sctp_assoc_value instead [ 337.940740][ T9618] loop0: detected capacity change from 0 to 1024 [ 337.976437][ T9618] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 338.034815][ T9618] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 338.142183][ T9627] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1154'. [ 338.152915][ T9627] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1154'. [ 338.172823][ T6765] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 338.239410][ T9627] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1154'. [ 338.265129][ T9627] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1154'. [ 339.372760][ T27] audit: type=1326 audit(1761606874.454:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9656 comm="syz.1.1167" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fbd66b8efc9 code=0x0 [ 339.739698][ T9673] syzkaller0: entered promiscuous mode [ 339.750749][ T9673] syzkaller0: entered allmulticast mode [ 339.845726][ T5792] Bluetooth: unknown link type 236 [ 339.853367][ T5792] Bluetooth: hci1: connection err: -111 [ 340.069083][ T9684] loop0: detected capacity change from 0 to 256 [ 340.169114][ T9684] FAT-fs (loop0): Directory bread(block 64) failed [ 340.180015][ T9684] FAT-fs (loop0): Directory bread(block 65) failed [ 340.188496][ T9684] FAT-fs (loop0): Directory bread(block 66) failed [ 340.195108][ T9684] FAT-fs (loop0): Directory bread(block 67) failed [ 340.206450][ T9684] FAT-fs (loop0): Directory bread(block 68) failed [ 340.235032][ T9684] FAT-fs (loop0): Directory bread(block 69) failed [ 340.257329][ T9684] FAT-fs (loop0): Directory bread(block 70) failed [ 340.269077][ T9684] FAT-fs (loop0): Directory bread(block 71) failed [ 340.275803][ T9684] FAT-fs (loop0): Directory bread(block 72) failed [ 340.314367][ T9684] FAT-fs (loop0): Directory bread(block 73) failed [ 342.421501][ T9729] loop0: detected capacity change from 0 to 32768 [ 342.447922][ T9729] XFS (loop0): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 342.500274][ T9729] XFS (loop0): Ending clean mount [ 342.574763][ T6765] XFS (loop0): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 342.953165][ T9749] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) ! [ 342.975063][ T9754] overlayfs: failed to clone upperpath [ 343.171595][ T9762] netlink: 'syz.2.1207': attribute type 5 has an invalid length. [ 343.396010][ T5857] usb 1-1: new high-speed USB device number 30 using dummy_hcd [ 343.442042][ T9770] netlink: 52 bytes leftover after parsing attributes in process `syz.2.1210'. [ 343.456291][ T9770] netlink: 52 bytes leftover after parsing attributes in process `syz.2.1210'. [ 343.590098][ T5857] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 343.613070][ T5857] usb 1-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 343.644142][ T5857] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 343.719437][ T5857] usb 1-1: config 0 descriptor?? [ 343.738180][ T5857] pwc: Askey VC010 type 2 USB webcam detected. [ 344.147734][ T5857] pwc: recv_control_msg error -32 req 02 val 2b00 [ 344.178138][ T5857] pwc: recv_control_msg error -32 req 02 val 2700 [ 344.196818][ T5857] pwc: recv_control_msg error -32 req 02 val 2c00 [ 344.218884][ T5857] pwc: recv_control_msg error -32 req 04 val 1000 [ 344.246143][ T5857] pwc: recv_control_msg error -32 req 04 val 1300 [ 344.484462][ T5857] pwc: recv_control_msg error -32 req 02 val 2000 [ 344.502105][ T5857] pwc: recv_control_msg error -32 req 02 val 2100 [ 344.526790][ T5857] pwc: recv_control_msg error -32 req 04 val 1500 [ 344.541306][ T5857] pwc: recv_control_msg error -32 req 02 val 2500 [ 344.566438][ T5857] pwc: recv_control_msg error -32 req 02 val 2400 [ 344.594660][ T5857] pwc: recv_control_msg error -32 req 02 val 2600 [ 344.605448][ T5857] pwc: recv_control_msg error -32 req 02 val 2900 [ 344.616109][ T5857] pwc: recv_control_msg error -32 req 02 val 2800 [ 344.716056][ T9784] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1216'. [ 344.754883][ T9784] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1216'. [ 344.825270][ T5857] pwc: recv_control_msg error -71 req 04 val 1200 [ 344.881210][ T5857] pwc: Registered as video103. [ 344.901499][ T5857] input: PWC snapshot button as /devices/platform/dummy_hcd.0/usb1/1-1/input/input10 [ 344.955225][ T5857] usb 1-1: USB disconnect, device number 30 [ 345.148373][ T9794] tipc: Can't bind to reserved service type 2 [ 346.545790][ T9848] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1245'. [ 346.810398][ T9856] loop0: detected capacity change from 0 to 2048 [ 346.858578][ T9856] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 346.950560][ T6765] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 347.420407][ T9877] loop0: detected capacity change from 0 to 2048 [ 347.659099][ T9877] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none. [ 349.747698][ T6765] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000900. [ 350.391796][ T9908] ptrace attach of "./syz-executor exec"[6765] was attempted by "\x22"[9908] [ 350.440076][ T9908] team_slave_0: entered promiscuous mode [ 350.445917][ T9908] team_slave_1: entered promiscuous mode [ 350.506460][ T9908] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 350.591278][ T9915] 8021q: adding VLAN 0 to HW filter on device macvlan3 [ 350.922935][ T9934] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1280'. [ 351.095095][ T9937] loop0: detected capacity change from 0 to 2048 [ 351.349574][ T9937] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none. [ 351.978517][ T6765] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000900. [ 352.106198][ T9950] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1287'. [ 352.559667][ T9969] overlayfs: failed to clone upperpath [ 353.292586][ T5792] Bluetooth: hci2: unexpected event 0x10 length: 4 > 1 [ 353.295503][ T5800] Bluetooth: hci2: hardware error 0x20 [ 353.504058][T10015] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1314'. [ 353.530964][T10015] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1314'. [ 354.006867][T10038] loop0: detected capacity change from 0 to 136 [ 354.090984][ T6765] rock: directory entry would overflow storage [ 354.097860][ T6765] rock: sig=0x4f50, size=4, remaining=3 [ 354.103607][ T6765] iso9660: Corrupted directory entry in block 2 of inode 1472 [ 354.118527][ T6765] iso9660: Corrupted directory entry in block 2 of inode 1472 [ 354.180895][T10040] syzkaller0: entered promiscuous mode [ 354.187054][T10040] syzkaller0: entered allmulticast mode [ 354.289733][T10042] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1327'. [ 354.300212][T10042] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1327'. [ 354.901910][T10061] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1336'. [ 354.912489][T10061] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1336'. [ 355.331713][ T5800] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 357.845964][ T5879] usb 1-1: new high-speed USB device number 31 using dummy_hcd [ 358.026180][ T5879] usb 1-1: Using ep0 maxpacket: 16 [ 358.044583][ T5879] usb 1-1: config 0 has an invalid interface number: 8 but max is 0 [ 358.067181][ T5879] usb 1-1: config 0 has no interface number 0 [ 358.073490][ T5879] usb 1-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 358.091022][ T5879] usb 1-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 358.104292][ T5879] usb 1-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 358.114260][ T5879] usb 1-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 358.122839][ T5879] usb 1-1: Product: syz [ 358.130737][ T5879] usb 1-1: SerialNumber: syz [ 358.142920][ T5879] usb 1-1: config 0 descriptor?? [ 358.170407][ T5879] cm109 1-1:0.8: invalid payload size 0, expected 4 [ 358.184378][ T5879] input: CM109 USB driver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.8/input/input11 [ 358.382563][ C1] cm109 1-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 358.386540][ T970] usb 1-1: USB disconnect, device number 31 [ 358.390272][ C1] cm109 1-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 358.430616][ T970] cm109 1-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 358.720231][T10165] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1385'. [ 359.195574][T10185] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1395'. [ 359.205743][T10185] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1395'. [ 359.220377][T10185] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1395'. [ 359.234720][T10185] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1395'. [ 359.256018][ T970] usb 1-1: new full-speed USB device number 32 using dummy_hcd [ 359.407448][T10193] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1399'. [ 359.450311][ T970] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 359.475984][ T970] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 359.501864][ T970] usb 1-1: New USB device found, idVendor=057e, idProduct=200e, bcdDevice= 0.00 [ 359.520146][ T970] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 359.536805][ T970] usb 1-1: config 0 descriptor?? [ 359.546054][T10175] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 359.996739][ T970] nintendo 0003:057E:200E.0007: hidraw0: USB HID v80.00 Device [HID 057e:200e] on usb-dummy_hcd.0-1/input0 [ 360.104788][ T970] nintendo 0003:057E:200E.0007: Failed charging grip handshake [ 360.132437][ T970] nintendo 0003:057E:200E.0007: Failed to initialize controller; ret=-110 [ 360.158130][ T970] nintendo 0003:057E:200E.0007: probe - fail = -110 [ 360.165201][ T970] nintendo: probe of 0003:057E:200E.0007 failed with error -110 [ 360.208577][ T970] usb 1-1: USB disconnect, device number 32 [ 360.301652][T10220] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1411'. [ 361.094035][T10248] netlink: 'syz.0.1422': attribute type 16 has an invalid length. [ 361.115097][T10248] netlink: 'syz.0.1422': attribute type 17 has an invalid length. [ 361.481503][T10266] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1430'. [ 361.812018][T10271] loop0: detected capacity change from 0 to 2048 [ 362.318082][T10271] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none. [ 363.254178][ T6765] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000900. [ 363.827187][T10313] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1448'. [ 363.930190][ T5792] Bluetooth: hci1: unexpected event for opcode 0x0804 [ 364.012115][T10322] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1452'. [ 364.535609][T10338] loop0: detected capacity change from 0 to 2048 [ 364.832285][T10338] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none. [ 365.402044][ T6765] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000900. [ 365.861545][T10367] pimreg: entered allmulticast mode [ 365.890823][T10367] pimreg: left allmulticast mode [ 366.056699][T10372] loop0: detected capacity change from 0 to 2048 [ 366.308768][T10372] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none. [ 366.956295][ T6765] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000900. [ 367.402553][T10397] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1481'. [ 368.829540][T10451] pimreg: entered allmulticast mode [ 368.925652][ T27] audit: type=1326 audit(1761606904.004:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10457 comm="syz.3.1502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0aca38efc9 code=0x7ffc0000 [ 368.958753][ T27] audit: type=1326 audit(1761606904.004:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10457 comm="syz.3.1502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=299 compat=0 ip=0x7f0aca38efc9 code=0x7ffc0000 [ 368.981603][ T27] audit: type=1326 audit(1761606904.014:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10457 comm="syz.3.1502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0aca38efc9 code=0x7ffc0000 [ 369.003994][ C1] vkms_vblank_simulate: vblank timer overrun [ 369.011645][ T27] audit: type=1326 audit(1761606904.014:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10457 comm="syz.3.1502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7f0aca390f1a code=0x7ffc0000 [ 369.033924][ C1] vkms_vblank_simulate: vblank timer overrun [ 369.041525][ T27] audit: type=1326 audit(1761606904.014:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10457 comm="syz.3.1502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f0aca38d810 code=0x7ffc0000 [ 369.065651][ T27] audit: type=1326 audit(1761606904.014:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10457 comm="syz.3.1502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0aca38efc9 code=0x7ffc0000 [ 369.088686][ C1] vkms_vblank_simulate: vblank timer overrun [ 369.095799][ T27] audit: type=1326 audit(1761606904.014:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10457 comm="syz.3.1502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0aca38efc9 code=0x7ffc0000 [ 369.118411][ C1] vkms_vblank_simulate: vblank timer overrun [ 369.125587][ T27] audit: type=1326 audit(1761606904.014:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10457 comm="syz.3.1502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7f0aca390f1a code=0x7ffc0000 [ 369.148709][ T27] audit: type=1326 audit(1761606904.014:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10457 comm="syz.3.1502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f0aca38d810 code=0x7ffc0000 [ 369.171023][ C1] vkms_vblank_simulate: vblank timer overrun [ 369.182747][ T27] audit: type=1326 audit(1761606904.014:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10457 comm="syz.3.1502" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0aca38efc9 code=0x7ffc0000 [ 369.205076][ C1] vkms_vblank_simulate: vblank timer overrun [ 370.306913][T10493] syzkaller0: entered promiscuous mode [ 370.314540][T10493] syzkaller0: entered allmulticast mode [ 370.894295][T10522] xt_connbytes: Forcing CT accounting to be enabled [ 370.976507][T10526] netlink: 'syz.1.1529': attribute type 10 has an invalid length. [ 371.049942][T10526] team0: Port device dummy0 added [ 371.059702][T10527] netlink: 'syz.1.1529': attribute type 10 has an invalid length. [ 371.132398][ T5792] Bluetooth: hci1: Malformed HCI Event [ 371.238391][T10527] team0: Port device dummy0 removed [ 371.267412][T10527] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 371.938593][T10561] overlayfs: failed to resolve './file0': -2 [ 372.456815][ T5792] Bluetooth: hci3: command 0x0406 tx timeout [ 372.524032][T10590] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1554'. [ 373.268699][T10620] tipc: Started in network mode [ 373.277925][T10620] tipc: Node identity fe800000000000000000000000000016, cluster identity 4711 [ 373.302383][T10620] tipc: Enabled bearer , priority 10 [ 373.364284][T10622] syzkaller0: entered promiscuous mode [ 373.377089][T10622] syzkaller0: entered allmulticast mode [ 374.429178][ T5878] tipc: Node number set to 4269801494 [ 374.925193][T10655] overlayfs: failed to clone upperpath [ 379.753909][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 379.766806][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 380.256847][T10669] loop0: detected capacity change from 0 to 24 [ 380.264248][T10669] MTD: Attempt to mount non-MTD device "/dev/loop0" [ 380.276148][T10669] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 380.916427][T10700] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1588'. [ 380.953819][ T27] kauditd_printk_skb: 1 callbacks suppressed [ 380.953836][ T27] audit: type=1326 audit(1761606916.024:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10701 comm="syz.3.1589" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0aca38efc9 code=0x7ffc0000 [ 381.019382][ T27] audit: type=1326 audit(1761606916.024:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10701 comm="syz.3.1589" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0aca38efc9 code=0x7ffc0000 [ 381.322247][T10704] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 381.331379][T10704] ubi: mtd0 is already attached to ubi31 [ 382.163455][ T27] audit: type=1326 audit(1761606917.244:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10724 comm="syz.3.1596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0aca38efc9 code=0x7ffc0000 [ 382.260010][ T27] audit: type=1326 audit(1761606917.244:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10724 comm="syz.3.1596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0aca38efc9 code=0x7ffc0000 [ 382.330490][ T27] audit: type=1326 audit(1761606917.254:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10724 comm="syz.3.1596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0aca38efc9 code=0x7ffc0000 [ 382.400313][ T27] audit: type=1326 audit(1761606917.254:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10724 comm="syz.3.1596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0aca38efc9 code=0x7ffc0000 [ 382.521325][ T27] audit: type=1326 audit(1761606917.254:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10724 comm="syz.3.1596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0aca38efc9 code=0x7ffc0000 [ 382.586431][ T27] audit: type=1326 audit(1761606917.254:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10724 comm="syz.3.1596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0aca38efc9 code=0x7ffc0000 [ 382.642684][ T27] audit: type=1326 audit(1761606917.264:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10724 comm="syz.3.1596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0aca38efc9 code=0x7ffc0000 [ 382.756014][ T27] audit: type=1326 audit(1761606917.274:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10724 comm="syz.3.1596" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0aca38efc9 code=0x7ffc0000 [ 383.125992][ T970] usb 1-1: new high-speed USB device number 33 using dummy_hcd [ 383.317950][ T970] usb 1-1: Using ep0 maxpacket: 8 [ 383.339988][ T970] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 13 [ 383.392773][ T970] usb 1-1: New USB device found, idVendor=046d, idProduct=08ae, bcdDevice=11.58 [ 383.438984][ T970] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 383.469534][ T970] usb 1-1: Product: syz [ 383.484562][ T970] usb 1-1: Manufacturer: syz [ 383.495503][ T970] usb 1-1: SerialNumber: syz [ 383.515362][ T970] usb 1-1: config 0 descriptor?? [ 383.533510][ T970] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08ae [ 384.766013][ T5792] Bluetooth: hci0: command 0x0406 tx timeout [ 385.467070][ T970] gspca_zc3xx: reg_w_i err -71 [ 385.633889][T10775] netlink: 642 bytes leftover after parsing attributes in process `syz.3.1611'. [ 385.705514][T10777] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1612'. [ 385.715010][T10777] netlink: 38 bytes leftover after parsing attributes in process `syz.3.1612'. [ 386.878145][ T970] gspca_zc3xx: Unknown sensor - set to TAS5130C [ 386.884576][ T970] gspca_zc3xx: probe of 1-1:0.0 failed with error -71 [ 386.937939][ T970] usb 1-1: USB disconnect, device number 33 [ 386.960574][T10792] loop0: detected capacity change from 0 to 128 [ 386.986968][T10792] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 387.032503][T10792] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 387.172404][T10798] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1621'. [ 387.297820][T10801] ptrace attach of "./syz-executor exec"[6765] was attempted by ""[10801] [ 387.402418][T10805] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1624'. [ 387.413417][T10805] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1624'. [ 387.696100][ T5792] Bluetooth: hci1: command 0x0406 tx timeout [ 387.885276][T10821] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 387.906658][T10821] ubi: mtd0 is already attached to ubi31 [ 388.718277][T10826] ptrace attach of "./syz-executor exec"[6969] was attempted by ""[10826] [ 389.387271][T10854] ptrace attach of "./syz-executor exec"[6765] was attempted by ""[10854] [ 390.808172][ T27] kauditd_printk_skb: 16 callbacks suppressed [ 390.808189][ T27] audit: type=1326 audit(1761606925.894:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10887 comm="syz.3.1655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0aca38efc9 code=0x7ffc0000 [ 390.949095][ T27] audit: type=1326 audit(1761606925.944:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10887 comm="syz.3.1655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=123 compat=0 ip=0x7f0aca38efc9 code=0x7ffc0000 [ 391.003599][ T27] audit: type=1326 audit(1761606925.944:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10887 comm="syz.3.1655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0aca38efc9 code=0x7ffc0000 [ 391.060628][ T27] audit: type=1326 audit(1761606925.944:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10887 comm="syz.3.1655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0aca38efc9 code=0x7ffc0000 [ 391.303922][T10903] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1661'. [ 391.313446][T10903] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1661'. [ 392.141201][T10909] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1664'. [ 392.541978][T10927] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1673'. [ 392.552535][T10927] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1673'. [ 393.071371][T10935] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1677'. [ 393.452632][T10950] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1682'. [ 393.486271][T10950] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1682'. [ 393.604827][T10957] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1687'. [ 393.885404][ T27] audit: type=1326 audit(1761606928.964:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10966 comm="syz.2.1692" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1b0498efc9 code=0x7ffc0000 [ 393.909843][ T27] audit: type=1326 audit(1761606928.964:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10966 comm="syz.2.1692" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1b0498efc9 code=0x7ffc0000 [ 393.933046][ T27] audit: type=1326 audit(1761606928.974:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10966 comm="syz.2.1692" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1b0498efc9 code=0x7ffc0000 [ 393.956408][ T27] audit: type=1326 audit(1761606928.974:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10966 comm="syz.2.1692" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1b0498efc9 code=0x7ffc0000 [ 393.981280][ T27] audit: type=1326 audit(1761606928.974:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10966 comm="syz.2.1692" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1b0498efc9 code=0x7ffc0000 [ 394.019530][ T27] audit: type=1326 audit(1761606929.094:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10966 comm="syz.2.1692" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1b0498efc9 code=0x7ffc0000 [ 394.422685][T10974] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1695'. [ 394.442617][T10974] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1695'. [ 395.146412][ T8] usb 1-1: new high-speed USB device number 34 using dummy_hcd [ 395.358258][ T8] usb 1-1: config 4 has an invalid interface number: 28 but max is 0 [ 395.367300][ T8] usb 1-1: config 4 has no interface number 0 [ 395.375862][ T8] usb 1-1: New USB device found, idVendor=05ac, idProduct=0245, bcdDevice= a.3a [ 395.384979][ T8] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 395.393165][ T8] usb 1-1: Product: syz [ 395.401744][ T8] usb 1-1: Manufacturer: syz [ 395.406473][ T8] usb 1-1: SerialNumber: syz [ 395.427103][ T8] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:4.28/input/input12 [ 395.671090][ T5142] bcm5974 1-1:4.28: could not read from device [ 395.686121][ T5142] bcm5974 1-1:4.28: could not read from device [ 395.837265][ T8] bcm5974 1-1:4.28: could not read from device [ 395.859471][ T8] input: failed to attach handler mousedev to device input12, error: -5 [ 395.884319][ T8] usb 1-1: USB disconnect, device number 34 [ 395.886290][ T5142] bcm5974 1-1:4.28: could not read from device [ 395.989153][T10769] udevd[10769]: Error opening device "/dev/input/event4": No such file or directory [ 396.013768][T10769] udevd[10769]: Unable to EVIOCGABS device "/dev/input/event4" [ 396.023027][T10769] udevd[10769]: Unable to EVIOCGABS device "/dev/input/event4" [ 396.033400][T10769] udevd[10769]: Unable to EVIOCGABS device "/dev/input/event4" [ 396.046914][T10769] udevd[10769]: Unable to EVIOCGABS device "/dev/input/event4" [ 396.096708][T11008] macvtap0: entered promiscuous mode [ 396.103664][T11008] macvtap0: left promiscuous mode [ 396.369224][T11018] netlink: 384 bytes leftover after parsing attributes in process `syz.1.1714'. [ 396.586100][T11022] bond1: entered promiscuous mode [ 396.608528][T11022] bond_slave_0: entered promiscuous mode [ 396.614823][T11022] bond_slave_1: entered promiscuous mode [ 396.680784][T11022] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 396.728047][T11022] bond1: (slave macvlan2): making interface the new active one [ 396.735696][T11022] macvlan2: entered promiscuous mode [ 396.770495][T11022] bond0: entered promiscuous mode [ 396.792566][T11022] bond1: (slave macvlan2): Enslaving as an active interface with an up link [ 396.991135][T11022] (null): rxe_set_mtu: Set mtu to 1024 [ 397.444513][T11022] infiniband syz1: set active [ 397.461677][T11022] infiniband syz1: added syz_tun [ 397.481768][T11022] syz1: rxe_create_cq: returned err = -12 [ 397.496295][T11022] infiniband syz1: Couldn't create ib_mad CQ [ 397.507062][T11022] infiniband syz1: Couldn't open port 1 [ 397.563588][T11022] RDS/IB: syz1: added [ 397.572598][T11022] smc: adding ib device syz1 with port count 1 [ 397.579194][T11022] smc: ib device syz1 port 1 has pnetid [ 397.737251][T11055] comedi comedi3: c6xdigio: I/O port conflict (0x40401,3) [ 397.746452][T11055] ------------[ cut here ]------------ [ 397.752351][T11055] Unexpected driver unregister! [ 397.791016][T11055] WARNING: CPU: 0 PID: 11055 at drivers/base/driver.c:270 driver_unregister+0x92/0xa0 [ 397.800974][T11055] Modules linked in: [ 397.804929][T11055] CPU: 0 PID: 11055 Comm: syz.0.1730 Not tainted syzkaller #0 [ 397.812869][T11055] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 397.823166][T11055] RIP: 0010:driver_unregister+0x92/0xa0 [ 397.828833][T11055] Code: e8 83 d0 da fc 48 89 df 5b 41 5e 41 5f e9 e6 5a ff ff e8 71 51 4d fc eb 05 e8 6a 51 4d fc 48 c7 c7 40 15 21 8b e8 ce ce 17 fc <0f> 0b 5b 41 5e 41 5f c3 cc cc cc cc cc cc 66 0f 1f 00 41 57 41 56 [ 397.848660][T11055] RSP: 0018:ffffc9001485fa60 EFLAGS: 00010246 [ 397.854790][T11055] RAX: 327a89524416c000 RBX: ffffffff8de9a6c0 RCX: 0000000000080000 [ 397.862996][T11055] RDX: ffffc9000ce7a000 RSI: 000000000000f1c5 RDI: 000000000000f1c6 [ 397.871176][T11055] RBP: 0000000000000001 R08: ffffc9001485f667 R09: 1ffff9200290becc [ 397.876336][T11057] ptrace attach of "./syz-executor exec"[6535] was attempted by ""[11057] [ 397.879265][T11055] R10: dffffc0000000000 R11: fffff5200290becd R12: ffff88802be71038 [ 397.896134][T11055] R13: ffffffff8de9a610 R14: 0000000000000000 R15: dffffc0000000000 [ 397.904182][T11055] FS: 00007f1d787766c0(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 [ 397.913254][T11055] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 397.919949][T11055] CR2: 00007f0acb1156c0 CR3: 000000006a7d5000 CR4: 00000000003506f0 [ 397.928061][T11055] Call Trace: [ 397.931383][T11055] [ 397.934353][T11055] comedi_device_detach_locked+0x172/0x710 [ 397.940308][T11055] comedi_device_attach+0x5cd/0x710 [ 397.945583][T11055] comedi_unlocked_ioctl+0x606/0xfe0 [ 397.951031][T11055] ? tomoyo_path_number_perm+0x477/0x590 [ 397.956800][T11055] ? comedi_poll+0x8c0/0x8c0 [ 397.961530][T11055] ? __fget_files+0x28/0x4d0 [ 397.966501][T11055] ? bpf_lsm_file_ioctl+0x9/0x10 [ 397.971506][T11055] ? security_file_ioctl+0x80/0xa0 [ 397.976747][T11055] ? comedi_poll+0x8c0/0x8c0 [ 397.981413][T11055] __se_sys_ioctl+0xfd/0x170 [ 397.986155][T11055] do_syscall_64+0x55/0xb0 [ 397.990652][T11055] ? clear_bhb_loop+0x40/0x90 [ 397.995400][T11055] ? clear_bhb_loop+0x40/0x90 [ 398.000400][T11055] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 398.006444][T11055] RIP: 0033:0x7f1d7798efc9 [ 398.010930][T11055] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 398.030675][T11055] RSP: 002b:00007f1d78776038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 398.039208][T11055] RAX: ffffffffffffffda RBX: 00007f1d77be5fa0 RCX: 00007f1d7798efc9 [ 398.047324][T11055] RDX: 0000200000000080 RSI: 0000000040946400 RDI: 0000000000000003 [ 398.055365][T11055] RBP: 00007f1d77a11f91 R08: 0000000000000000 R09: 0000000000000000 [ 398.063557][T11055] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 398.071701][T11055] R13: 00007f1d77be6038 R14: 00007f1d77be5fa0 R15: 00007fff43861098 [ 398.079876][T11055] [ 398.082938][T11055] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 398.090256][T11055] CPU: 0 PID: 11055 Comm: syz.0.1730 Not tainted syzkaller #0 [ 398.097765][T11055] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 398.107868][T11055] Call Trace: [ 398.111202][T11055] [ 398.114183][T11055] dump_stack_lvl+0x16c/0x230 [ 398.118934][T11055] ? show_regs_print_info+0x20/0x20 [ 398.124204][T11055] ? load_image+0x3b0/0x3b0 [ 398.128785][T11055] panic+0x2c0/0x710 [ 398.132739][T11055] ? bpf_jit_dump+0xd0/0xd0 [ 398.137395][T11055] __warn+0x2e0/0x470 [ 398.141416][T11055] ? driver_unregister+0x92/0xa0 [ 398.146410][T11055] ? driver_unregister+0x92/0xa0 [ 398.151411][T11055] report_bug+0x2be/0x4f0 [ 398.155794][T11055] ? driver_unregister+0x92/0xa0 [ 398.160779][T11055] ? driver_unregister+0x92/0xa0 [ 398.165766][T11055] ? driver_unregister+0x94/0xa0 [ 398.170748][T11055] handle_bug+0xcf/0x120 [ 398.175039][T11055] exc_invalid_op+0x1a/0x50 [ 398.179599][T11055] asm_exc_invalid_op+0x1a/0x20 [ 398.184497][T11055] RIP: 0010:driver_unregister+0x92/0xa0 [ 398.190097][T11055] Code: e8 83 d0 da fc 48 89 df 5b 41 5e 41 5f e9 e6 5a ff ff e8 71 51 4d fc eb 05 e8 6a 51 4d fc 48 c7 c7 40 15 21 8b e8 ce ce 17 fc <0f> 0b 5b 41 5e 41 5f c3 cc cc cc cc cc cc 66 0f 1f 00 41 57 41 56 [ 398.209741][T11055] RSP: 0018:ffffc9001485fa60 EFLAGS: 00010246 [ 398.215836][T11055] RAX: 327a89524416c000 RBX: ffffffff8de9a6c0 RCX: 0000000000080000 [ 398.223844][T11055] RDX: ffffc9000ce7a000 RSI: 000000000000f1c5 RDI: 000000000000f1c6 [ 398.231827][T11055] RBP: 0000000000000001 R08: ffffc9001485f667 R09: 1ffff9200290becc [ 398.239819][T11055] R10: dffffc0000000000 R11: fffff5200290becd R12: ffff88802be71038 [ 398.247828][T11055] R13: ffffffff8de9a610 R14: 0000000000000000 R15: dffffc0000000000 [ 398.255837][T11055] comedi_device_detach_locked+0x172/0x710 [ 398.261684][T11055] comedi_device_attach+0x5cd/0x710 [ 398.267003][T11055] comedi_unlocked_ioctl+0x606/0xfe0 [ 398.272318][T11055] ? tomoyo_path_number_perm+0x477/0x590 [ 398.278008][T11055] ? comedi_poll+0x8c0/0x8c0 [ 398.282660][T11055] ? __fget_files+0x28/0x4d0 [ 398.287278][T11055] ? bpf_lsm_file_ioctl+0x9/0x10 [ 398.292233][T11055] ? security_file_ioctl+0x80/0xa0 [ 398.297363][T11055] ? comedi_poll+0x8c0/0x8c0 [ 398.302024][T11055] __se_sys_ioctl+0xfd/0x170 [ 398.306637][T11055] do_syscall_64+0x55/0xb0 [ 398.311077][T11055] ? clear_bhb_loop+0x40/0x90 [ 398.315775][T11055] ? clear_bhb_loop+0x40/0x90 [ 398.320511][T11055] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 398.326444][T11055] RIP: 0033:0x7f1d7798efc9 [ 398.330869][T11055] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 398.350665][T11055] RSP: 002b:00007f1d78776038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 398.359096][T11055] RAX: ffffffffffffffda RBX: 00007f1d77be5fa0 RCX: 00007f1d7798efc9 [ 398.367090][T11055] RDX: 0000200000000080 RSI: 0000000040946400 RDI: 0000000000000003 [ 398.375077][T11055] RBP: 00007f1d77a11f91 R08: 0000000000000000 R09: 0000000000000000 [ 398.383065][T11055] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 398.391054][T11055] R13: 00007f1d77be6038 R14: 00007f1d77be5fa0 R15: 00007fff43861098 [ 398.399059][T11055] [ 398.402469][T11055] Kernel Offset: disabled [ 398.406996][T11055] Rebooting in 86400 seconds..