last executing test programs: 44.263620945s ago: executing program 2 (id=1949): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_int(r3, 0x0, 0xb, &(0x7f00000000c0)=0x4, 0x4) pipe2$9p(&(0x7f0000000240), 0x0) 42.833062712s ago: executing program 2 (id=1952): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) connect$inet(r0, &(0x7f0000000140)={0x2, 0x0, @remote}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000000)=[@sack_perm, @window, @sack_perm, @sack_perm, @timestamp, @timestamp, @timestamp, @timestamp], 0x20000149) setsockopt$sock_attach_bpf(r0, 0x1, 0x44, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x0, 0x10012, r1, 0x0) 42.418169283s ago: executing program 2 (id=1957): r0 = socket$inet6(0xa, 0x80000, 0x7e0) r1 = syz_open_dev$tty1(0xc, 0x4, 0x1) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x3, &(0x7f0000000040)=[{0x61, 0x0, 0x0, 0x200}, {0x6, 0xe, 0x8}, {0x0, 0x6, 0x6, 0x4}]}) bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x3, 0x4, 0x0, &(0x7f0000000140)='GPL\x00', 0xfffffffd, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, '\x00', 0x0, 0x2d}, 0x90) mkdir(0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000007c0)={0x11, 0x1b, &(0x7f0000000500)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x101}, {{0x18, 0x1, 0x1, 0x0, 0x1}}, {}, [@cb_func={0x18, 0x8, 0x4, 0x0, 0x3}, @tail_call={{0x18, 0x2, 0x1, 0x0, r0}}, @func={0x85, 0x0, 0x1, 0x0, 0x4}, @alu={0x7, 0x0, 0x5, 0x8, 0x4, 0xfffffffffffffffe}, @map_idx_val={0x18, 0x6, 0x6, 0x0, 0x6, 0x0, 0x0, 0x0, 0x101}, @generic={0x9, 0x9, 0x4, 0x3, 0xd175}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f00000003c0)='syzkaller\x00', 0x1, 0x86, &(0x7f00000006c0)=""/134, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000400)={0x3, 0x5}, 0x8, 0x10, &(0x7f0000000600)={0x3, 0x3, 0x3, 0x5f3bb676}, 0x10, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000780)=[{0x3, 0x1, 0xb, 0x1}], 0x10, 0xff}, 0x90) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r5}, 0x10) ioctl$BTRFS_IOC_TREE_SEARCH(0xffffffffffffffff, 0x7005, 0x0) readv(0xffffffffffffffff, &(0x7f00000004c0)=[{&(0x7f00000012c0)=""/191, 0x4}], 0x1) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c0000002000010300000000000000000200000000000000000000001c4a620167739606e65f2b4164538c4f1299bda1bfde6413a1bf3545b752cc0b2254ed23708c782ce69d367d0522790ad82234f25870263b6c9ec748db2d030000005be6b95b13f81be1536ab8b2f3d8"], 0x1c}}, 0x0) ioctl$KDSETLED(r1, 0x4b45, 0x4) 37.979867574s ago: executing program 0 (id=1967): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) connect$inet(r0, &(0x7f0000000140)={0x2, 0x0, @remote}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000000)=[@sack_perm, @window, @sack_perm, @sack_perm, @timestamp, @timestamp, @timestamp, @timestamp], 0x20000149) setsockopt$sock_attach_bpf(r0, 0x1, 0x44, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x0, 0x10012, r1, 0x0) 37.752239651s ago: executing program 0 (id=1968): r0 = socket$packet(0x11, 0x2, 0x300) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x200000005c832, 0xffffffffffffffff, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) setsockopt$packet_drop_memb(r0, 0x107, 0x2, &(0x7f00000000c0)={0x0, 0x1, 0x6, @remote}, 0x10) 37.696280996s ago: executing program 0 (id=1969): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000000000000000000000ed000095"], &(0x7f00000000c0)='syzkaller\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r0}, 0x10) r1 = syz_open_dev$tty1(0xc, 0x4, 0x1) r2 = dup(r1) ioctl$TIOCL_SETSEL(r2, 0x541c, 0x0) 37.483326171s ago: executing program 0 (id=1971): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000040)=0x90000) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r0, 0x7a8, &(0x7f0000000080)={{@hyper}, @hyper, 0x0, 0x0, 0x2}) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r0, 0x7a8, &(0x7f0000000300)={{@host}, @host, 0x0, 0x0, 0x1}) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r0, 0x7a8, &(0x7f0000000000)={{@my=0x1}, @my=0x1, 0x0, 0x0, 0x421}) ioctl$IOCTL_VMCI_QUEUEPAIR_SETPF(r0, 0x7a9, &(0x7f00000000c0)={{@hyper}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff8, 0x4}) 37.168700335s ago: executing program 0 (id=1973): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000300)=[@acquire], 0x0, 0x0, 0x0}) r2 = syz_io_uring_setup(0xd2, &(0x7f0000000480), &(0x7f0000000000)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, 0x0, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) r5 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, r5}, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r6, 0x6, 0xd, &(0x7f00000000c0)='scalable\x00', 0x9) connect$inet6(r6, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c) bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(des3_ede)\x00'}, 0x58) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000c18000)="ed5696c5820fae0000000000000080beef911d564c", 0x15) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000056c0)=[{{&(0x7f0000000800)=@file={0x0, './file0\x00'}, 0x6e, 0x0}}, {{&(0x7f0000000540)=@file={0x0, './file0\x00'}, 0x6e, 0x0, 0x0, &(0x7f00000002c0)=[@rights={{0x10, 0x117, 0x2}}], 0x10}}], 0x2, 0x0) write$binfmt_script(r6, &(0x7f0000000200), 0xfffffd9d) io_uring_enter(r2, 0x47ba, 0x0, 0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000480)={0x20, 0x0, &(0x7f0000000000)=[@request_death, @clear_death], 0x0, 0x0, 0x0}) 37.050426374s ago: executing program 2 (id=1974): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x20, 0x0, 0x4, 0xfffffff7}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYRESOCT=0x0], 0x0}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff) rseq(&(0x7f0000000040), 0x20, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) lsetxattr$security_capability(&(0x7f0000000080)='.\x00', &(0x7f0000000180), &(0x7f00000001c0)=@v1={0x1000000, [{0x2, 0x10000}]}, 0xc, 0x0) 36.69979846s ago: executing program 2 (id=1975): mkdir(&(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') mkdir(&(0x7f0000000440)='./file0\x00', 0x0) r0 = openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) mkdir(0x0, 0x0) mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0) r1 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) getdents(r1, &(0x7f0000000300)=""/104, 0x68) r2 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000080)='./file0\x00', 0x18808, 0x0, 0xf9, 0x0, 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='autofs\x00', 0x0, &(0x7f0000000100)) r3 = openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000001840)='net/raw6\x00') read$FUSE(r4, &(0x7f0000006c00)={0x2020, 0x0, 0x0, 0x0}, 0x2020) fchown(r3, r5, 0x0) read$FUSE(0xffffffffffffffff, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r0, 0xc018937e, &(0x7f0000000200)={{0x1, 0x1, 0x29, r2}, './file0\x00'}) openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x147c40, 0x0) 36.238067654s ago: executing program 2 (id=1976): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000240)={0x4, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f0000000100)={0x0, 0x2, 0x2, 0x0}) 35.991621462s ago: executing program 0 (id=1978): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) connect$inet(r0, &(0x7f0000000140)={0x2, 0x0, @remote}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000000)=[@sack_perm, @window, @sack_perm, @sack_perm, @timestamp, @timestamp, @timestamp, @timestamp], 0x20000149) setsockopt$sock_attach_bpf(r0, 0x1, 0x44, &(0x7f0000000040), 0x4) r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x0, 0x10012, r1, 0x0) 9.399327478s ago: executing program 1 (id=2028): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x20, 0x0, 0x4, 0xfffffff7}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff) rseq(&(0x7f0000000040), 0x20, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) lsetxattr$security_capability(&(0x7f0000000080)='.\x00', &(0x7f0000000180), &(0x7f00000001c0)=@v1={0x1000000, [{0x2, 0x10000}]}, 0xc, 0x0) 9.198118103s ago: executing program 4 (id=2030): r0 = socket$inet6(0xa, 0x80000, 0x7e0) r1 = syz_open_dev$tty1(0xc, 0x4, 0x1) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x3, &(0x7f0000000040)=[{0x61, 0x0, 0x0, 0x200}, {0x6, 0xe, 0x8}, {0x0, 0x6, 0x6, 0x4}]}) bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x3, 0x4, 0x0, &(0x7f0000000140)='GPL\x00', 0xfffffffd, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, '\x00', 0x0, 0x2d}, 0x90) mkdir(0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000280)=0x7) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000007c0)={0x11, 0x1b, &(0x7f0000000500)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x101}, {{0x18, 0x1, 0x1, 0x0, 0x1}}, {}, [@cb_func={0x18, 0x8, 0x4, 0x0, 0x3}, @tail_call={{0x18, 0x2, 0x1, 0x0, r0}}, @func={0x85, 0x0, 0x1, 0x0, 0x4}, @alu={0x7, 0x0, 0x5, 0x8, 0x4, 0xfffffffffffffffe}, @map_idx_val={0x18, 0x6, 0x6, 0x0, 0x6, 0x0, 0x0, 0x0, 0x101}, @generic={0x9, 0x9, 0x4, 0x3, 0xd175}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f00000003c0)='syzkaller\x00', 0x1, 0x86, &(0x7f00000006c0)=""/134, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000400)={0x3, 0x5}, 0x8, 0x10, &(0x7f0000000600)={0x3, 0x3, 0x3, 0x5f3bb676}, 0x10, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000780)=[{0x3, 0x1, 0xb, 0x1}], 0x10, 0xff}, 0x90) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r5}, 0x10) ioctl$BTRFS_IOC_TREE_SEARCH(0xffffffffffffffff, 0x7005, 0x0) readv(0xffffffffffffffff, &(0x7f00000004c0)=[{&(0x7f00000012c0)=""/191, 0x4}], 0x1) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c0000002000010300000000000000000200000000000000000000001c4a620167739606e65f2b4164538c4f1299bda1bfde6413a1bf3545b752cc0b2254ed23708c782ce69d367d0522790ad82234f25870263b6c9ec748db2d030000005be6b95b13f81be1536ab8b2f3d8"], 0x1c}}, 0x0) ioctl$KDSETLED(r1, 0x4b45, 0x4) 9.196078574s ago: executing program 1 (id=2031): syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8) fcntl$addseals(0xffffffffffffffff, 0x409, 0x7) socket$l2tp(0x2, 0x2, 0x73) openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x6, 0x0) syz_open_dev$admmidi(0x0, 0x20, 0x200) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="40000000100003040000000000", @ANYRES32=0x0], 0x40}}, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x80383, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000)='configfs\x00', 0x0, 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000500)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f00000001c0)='./bus\x00') getdents64(0xffffffffffffffff, &(0x7f0000000f80)=""/4096, 0x300) close_range(r1, 0xffffffffffffffff, 0x0) 6.405492792s ago: executing program 4 (id=2035): r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() r2 = socket$kcm(0x29, 0x5, 0x0) sendmsg$kcm(r2, 0x0, 0x40400d4) sendmsg$inet(r2, &(0x7f0000000340)={0x0, 0x7ffcb000, &(0x7f0000000300)=[{&(0x7f00000000c0)='6', 0x18000}], 0x8}, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r5}, 0x10) ioctl$FIDEDUPERANGE(0xffffffffffffffff, 0xc0189436, &(0x7f0000000640)=ANY=[@ANYBLOB, @ANYRES32=r4, @ANYRES32=r3, @ANYBLOB="000000000200"/27, @ANYRES32=r5, @ANYBLOB="000000000600"/28, @ANYRES32=r5, @ANYBLOB="000000000300"/28, @ANYRES64=r5, @ANYRESDEC=r4, @ANYBLOB='\x00'/28]) syz_open_dev$sndctrl(0x0, 0x2, 0x4220c0) ioctl$SNDCTL_DSP_SETTRIGGER(0xffffffffffffffff, 0x40045010, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000140)=0x200000000) r6 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r6) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) r7 = inotify_init1(0x0) bind$unix(r3, &(0x7f0000000180)=@file={0x1, './file0\x00'}, 0x6e) fcntl$setown(r7, 0x8, 0xffffffffffffffff) fcntl$getownex(r7, 0x10, &(0x7f0000000140)={0x0, 0x0}) r9 = syz_open_procfs(r8, &(0x7f0000000600)='fd/4\x00') open_by_handle_at(r9, &(0x7f0000000180)=ANY=[@ANYBLOB="0c00000001000000"], 0x0) 5.368948149s ago: executing program 4 (id=2036): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_int(r0, &(0x7f0000001180)='cpuset.sched_relax_domain_level\x00', 0x2, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x2000040, &(0x7f00000007c0)={[{@errors_remount}, {@nodiscard}, {@noquota}, {@init_itable}, {@stripe={'stripe', 0x3d, 0x79}}, {@resgid}, {@sysvgroups}, {@delalloc}, {@usrquota}]}, 0x10, 0x4d2, &(0x7f00000002c0)="$eJzs3c9rHG8ZAPBnJtlvf+VrUvVQC7bFVtKi3U0a2wYPtYLYU8Fa7zUmmxCyyYbspm1CkRTvCiIqePLkRfAPEKR/gggFvUsVRbTVgwd1ZWdnaxt3m0i3OzX5fGA67zvv7j7P27Az88687ARwaJ2LiJsRMRIRlyJiPN+e5sutdvudzutePH80316SaLXu/jmJJN/W/awkX5+IiJ2IOBoRX70V8Y3kv+M2trZX5mq16kZerzRX1yuNre3Ly6tzS9Wl6trMzPS12euzV2enBtLPiYi48aXff/87P/nyjV989sFv7/3x4jfbaY3l7a/2Y5A6XS9l/xddoxGx8S6CFWAkX5f6tH97ZIjJAACwp/Y5/kcj4lPZ+f94jGRnpwAAAMBB0vrCWPwjiWgBAAAAB1aazYFN0nI+F2As0rRc7szh/XgcT2v1RvMzi/XNtYXOXNmJKKWLy7XqVD5XeCJKSbs+nc+x7dav7KrPRMTJiPje+LGsXp6v1xaKvvgBAAAAh8SJXeP/v41n4/8jRecFAAAADNhE0QkAAAAA75zxPwAAABx8xv8AAABwoH3l9u320uo+/3rh/tbmSv3+5YVqY6W8ujlfnq9vrJeX6vWl7Df7Vvf6vFq9vv65WNt8WGlWG81KY2v73mp9c615b/m1R2ADAAAAQ3Ty7JPfJBGx8/lj2dL2QdFJAUOR7NGePSTkWV753RASAoZmpOgEgMKMFp0AUJhS0QkAhdvrOkDfyTu/HHwuAADAuzH5if73/10bgIMtLToBAGDo3P+Hw6v0+gzAq8VlAhTlI3u0v/39/1brf0oIAAAYuLFsSdJyfi9wLNK0XI74MHssQClZXK5Vp/Lxwa/HS0fa9ensncmec4YBAAAAAAAAAAAAAAAAAAAAAAAAgI5WK4kWAAAAcKBFpH9Isl/zj5gcvzC2+/rAB8nfx7N1RDz40d0fPJxrNjem29v/8nJ784f59itFXMEAAAAAduuO07vjeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYpBfPH813l2HG/dMXI2KiZ/yzR7PV0ShFxPG/JjH6yvuSiBgZQPydxxFxqlf8pJ1WTEQni17xjxUYP42IEwOID4fZk/b+52av718a57J17+/faL68rf77vzS6+7+RPvufD/cZ4/TTn1X6xn8ccXq09/6nGz/pE//8PuN//Wvb2/3aWj+OmOx5/Elei1Vprq5XGlvbl5dX55aqS9W1mZnpa7PXZ6/OTlUWl2vV/N+eMb77yZ//6039P94n/sQe/b+wz/7/8+nD5x/rFEu94l883/v4e6pP/DQ/9n06L7fbJ7vlnU75VWd++qszb+r/Qp/+v/z79zjQtmNe3Gf/L9351rN9vhQAGILG1vbKXK1W3fh/LKTxXqShMJDCkfcjDYVOoeg9EwAAMGj/OekvOhMAAAAAAAAAAAAAAAAAAAA4vIbxc2K7Y+4U01UAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgDf6dwAAAP//sf7Zeg==") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() memfd_create(&(0x7f0000000880)='[\x00', 0x5) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) symlink(&(0x7f0000000440)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={0x0}, 0x10) prctl$PR_TASK_PERF_EVENTS_ENABLE(0x20) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r5, 0x1, 0x1a, &(0x7f0000000000)={0x3, &(0x7f0000000040)=[{0x20, 0x0, 0x0, 0xfffff010}, {0x20, 0x8, 0xd2, 0xfffff038}, {0x4}]}, 0x10) sendmmsg$unix(r4, &(0x7f0000006ec0)=[{{0x0, 0x0, &(0x7f0000000840)=[{&(0x7f0000001680)="b479c6", 0x3}], 0x1}}], 0x1, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) dup(r6) creat(&(0x7f0000000040)='./bus\x00', 0x0) syz_usb_connect(0x0, 0x2d, 0x0, 0x0) 5.291381945s ago: executing program 3 (id=2037): socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000005c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00'}) socket$inet6_sctp(0xa, 0x801, 0x84) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) syz_init_net_socket$ax25(0x3, 0x3, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000000)='net/snmp\x00') read(r4, &(0x7f0000001a00)=""/177, 0xb1) r5 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r5, &(0x7f0000002c80)={0xa, 0x14e24, 0x0, @remote, 0xc}, 0x1c) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r6, &(0x7f0000000000), 0xfea7) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r6, 0x0) connect$inet6(r5, &(0x7f00000002c0)={0xa, 0x4e24, 0x0, @rand_addr, 0x8}, 0x1c) r7 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r7, 0x84, 0xc, &(0x7f0000000240)=@assoc_value, &(0x7f0000000080)=0x8) 4.100767244s ago: executing program 3 (id=2038): mkdir(&(0x7f0000000000)='./file0\x00', 0x0) write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)={0x15, 0x65, 0xffff, 0x0, 0x8, '9P2000.u'}, 0x15) pipe2$9p(&(0x7f00000013c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180"], 0x15) r2 = dup(r1) write$P9_RLERRORu(r2, &(0x7f0000000040)=ANY=[@ANYBLOB="8b"], 0x53) write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000180)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20) write$RDMA_USER_CM_CMD_BIND_IP(r2, &(0x7f00000002c0)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}}, 0x30) write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[], 0x7c8) mount$9p_fd(0x0, 0x0, &(0x7f00000000c0), 0x0, &(0x7f0000001340)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[], [], 0x6b}}) readv(r0, &(0x7f0000000100)=[{&(0x7f0000000340)=""/4096, 0x1000}], 0x1) chdir(&(0x7f0000000200)='./file0\x00') fchmodat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0xffffff19) 3.320411452s ago: executing program 3 (id=2039): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x20, 0x0, 0x4, 0xfffffff7}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) fcntl$setown(0xffffffffffffffff, 0x8, 0xffffffffffffffff) rseq(&(0x7f0000000040), 0x20, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) lsetxattr$security_capability(&(0x7f0000000080)='.\x00', &(0x7f0000000180), &(0x7f00000001c0)=@v1={0x1000000, [{0x2, 0x10000}]}, 0xc, 0x0) 3.08731048s ago: executing program 3 (id=2040): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0xe, &(0x7f0000000240), 0x3, 0x42f, &(0x7f0000000940)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+Ninib4qjQ4bXO/hkpdLh6rrrQF066etiQ9iUUq2bRn+1/w9EKVZP3kC8+mlXGwdsq0qlUnmg/eGlCvA/lkS3WwB0R/FFn81/i22Hhh53hRsv1SZAWdy38q12pC/SvEx/0/y2k4Yj4szSP19lW2zPfQgAgAbfZ+OfZ1uN/9Kovy90b76GMhgR90XEwYg4FRGHIuL+iGrZByPioU3W37xIsnb8k17fUmAblI3/XszXthrHf8XoLwZLee5ANf7+5OxseeZ4/p6MRP/uLD++Th0/vPLbF+2O1Y//si2rvxgL5u243re78TXTkwuTdxJzvRufRAz1tYo/WVkJSCLicEQMbbGO2ae/Odru2O3jX0cH1pkqX0c8VTv/S9EUfyFZf31y7J4ozxwfK66KtX759eqb7eq/o/g7IDv/e1te/yvxDyb167Xzm6/j6h+ft53TbPX635W83bDvw8mFhUvjEbuS12uNrt8/0VRuYrV8Fv/Isdb9/2CsvhNHIiK7iB+OiEci4tG87Y9FxOMRcWyd+H96+Yn3th7/9srin97U+V9N7IrmPa0TpfM/ftdQ6eBm4s/O/8lqaiTfs5HPv420a2tXMwAAAPz3pBGxP5J0dCWdpqOjtd/wH4q9aXlufuGZs3MfXJyuPSMwGP1pcadroO5+6Hg+rS/yE035E/l94y9Le6r50am58nS3g4cet69N/8/8Wep264Bt53kt6F36P/Qu/R96l/4PvatF/9/TjXYAO6/V9//HXWgHsPOa+r9lP+gh5v/Qu/R/6F36P/Sk+T1x+4fkJSTWJCK9K5ohsU2Jbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMa/AQAA//9QOObV") ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00', 0x0}) syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000d80)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x4000, &(0x7f0000000d00), 0xd, 0x60b, &(0x7f0000001140)="$eJzs3c9vVNUeAPDvnf6gpbzXQl7ee7zFo8nLCyTv0dIChhgTYWtIgz/ixo2VFkQKNLRGiyaUBDcmxo0xJq5ciAv/ByWylJWuXLhxZUiIGpYmjrnTe0unvdMf03Yu7Xw+ycC958zt+d5Ovz13Ts+5E0DbGkz/qUQcjIjpJKI/mV+s64yscnDheY9+e/d8+kiiWn3xlySSrCx/fpL935cd3BPR/d03SRzoWNnuzNyNy+NTU5PXs/3h2SvTwzNzN45eujJ+cfLi5NXRp0ZPnTxx8tTIsabO62ZB2dnbb7zV//7YK59/+nsy8sWPY0mcjueyJy49j60yGIO170mysqrv1FY3VpKO7Odk6UucdJYYEBuSv35dEfGP6I+OePzi9cd7z5caHLCtqklEFWhTifyHNpVfB+Tv7Ze/D66UclUCtMLDMwsDACvzv3NhbDB6amMDex8lsXRYJ4mI5kbm6u2LiPv3xm5fuDd2O7ZpHA4oNn8rIv5ZlP9JLf8HoicGavlfqcv/9LrgXPZ/Wv5Ck+0vHyqW/9A6C/nfs2r+R4P8f3VJ/r/WZPuDjzdf763L/95mTwkAAAAAAADa1t0zEfH/or//Vxbn/0TB/J++iDi9Be0PLttf+ff/yoMtaAYo8PBMxDOF838r+ezfgY5s6y+1+QBdyYVLU5PHIuKvEXEkuvak+yOrtHH0gwOfNKobzOb/5Y+0/fvZXMAsjgede+qPmRifHd/seQMRD29F/Ktw/m+y2P8nBf1/+vtgep1tHPjvnXON6tbOf2C7VD+LOFzY/z++a0Wy+v05hmvXA8P5VcFK/37nw68atd9s/rvFBGxe2v/vXT3/B5Kl9+uZ2Xgbx+c6q43qluX/4W8Xite8/u9OXqrdcqY7K3t7fHb2+khEd3K2Iy2tKx/deMywG+X5kOdLmv9H/rP6+F/R9X9vRMwv+9rJr/VrinN//6Pvp0bxuP6H8qT5P7Gh/n/jG6N3Br5u1P76xv9O1Pr6I1mJ8T9Y8HGept315QXp2FlU1ep4AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGA3qETEvkgqQ4vblcrQUERfRPwt9lamrs3M/u/CtTevTqR1tc//r+Sf9Nu/sJ/kn/8/sGR/dNn+8YjYHxEfdfTW9ofOX5uaKPvkAQAAAAAAAAAAAAAAAAAA4AnR12D9f+rnjrKjA7ZdZ9kBAKUpyP/vy4gDaD39P7Qv+Q/tS/5D+0rzPyk7CKAU+n9oX/If2leW/8+WHQfQevp/AAAAAADYVfYfuvtDEhHzT/fWHqnurK6r1MiA7VZp+sg9WxoH0HrrvsXPl9sbB9B6pv5A+/IeH1hr+W9Pw4M2s3B4+vwmDgYAAAAAAAAAAACAtnP4oPX/0K6aX/8P7HTrXv8P7Dr5+v9DJccBtJ73+ECssZK/cP1/rdQHhwMAAAAAAAAAAABAq8zM3bg8PjU1eX3nbPTG9nzllxdLkp34bWlmo1qt3kx/Cp6UeHb4Rj4V/kmJZ9lGvtZvfUeV9zsJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACo92cAAAD//3XjH+E=") setxattr$incfs_size(&(0x7f0000000f40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f00000001c0), &(0x7f0000000200), 0x8, 0x0) pipe(0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0xcf, &(0x7f00000000c0)=0x80000000, 0x4) syz_clone3(&(0x7f00000004c0)={0x200001000, 0x0, &(0x7f0000000300), 0x0, {0xe}, 0x0, 0x0, &(0x7f0000000100)=""/54, &(0x7f00000003c0)}, 0x58) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000001100)={@cgroup, 0xffffffffffffffff, 0x0, 0x8}, 0x20) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r2 = syz_mount_image$ext4(&(0x7f00000002c0)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800700, &(0x7f0000001040)={[{@journal_ioprio={'journal_ioprio', 0x3d, 0x2}}, {@mb_optimize_scan}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5c}}, {@errors_remount}, {@bsdgroups}, {@nouser_xattr}, {@resuid}]}, 0x2, 0x44a, &(0x7f0000000400)="$eJzs281vFOUfAPDvzLbl9+OtFfEFRK0SY+NLSwsqBy8aTTxgNNEDHuu2EMJCDa2JECLVGLyYGBI9G48m/gXevBj1ZOJV74aEKBfQU83MzsDuslsobHcr+/kkA8+z82yf57vPPDPPzLMbwMAaz/5JIrZGxG8RMVrPNhcYr/939fLZ6t+Xz1aTWFl5688kL3fl8tlqWbR835YiM5FGpJ8kRSXNFk+fOT5bq82fKvJTSyfem1o8febZYydmj84fnT85c/Dggf3TLzw/81xX4sziurL7w4U9u15758Lr1cMX3v3p26y9W4v9jXF0y3gW+F8rudZ9T3S7sj7b1pBOhvrYENakEhFZdw3n4380KnG980bj1Y/72jhgXWXXpk2ddy+vAHexJPrdAqA/ygt9dv9bbj2aemwIl16q3wBlcV8ttvqeoUiLMsMt97fdNB4Rh5f/+SrbYp2eQwAANPqs+uWheKbd/C+N+xvKbS/WUMYi4p6I2BER90bEzoi4LyIv+0BEPLjG+luXhm6c/6QXbyuwW5TN/14s1raa53/l7C/GKkVuWx7/cHLkWG1+X/GZTMTwpiw/vUod37/y6+ed9jXO/7Itq7+cCxbtuDjU8oBubnZpNp+UdsGljyJ2D7WLP7m2EpBExK6I2L22P729TBx76ps9nQrdPP5VdGGdaeXriCfr/b8cLfGXktXXJ6f+F7X5fVPlUXGjn385/2an+u8o/i7I+n9z8/HfWmQsaVyvXVx7Hed//7TjPc3tHv8jydv5+WikeO2D2aWlU9MRI8mhPN/0+sz195b5snwW/8Te9uN/R/GeLP6HIiI7iB+OiEci4tGi7Y9FxOMRsXeV+H98ufO+jdD/c23Pf9eO/5b+X3uicvyH7zrVf2v9fyBPTRSv5Oe/m7jVBt7JZwcAAAD/FWn+HfgknbyWTtPJyfp3+HfG5rS2sLj09JGF90/O1b8rPxbDafmka7Theeh0slz8xXp+pnhWXO7fXzw3/qLy/zw/WV2ozfU5dhh0WzqM/8wflX63Dlh37dbRZkb60BCg51rHf9qcPfdGLxsD9JTfa8Pgusn4T3vVDqD3XP9hcLUb/+da8tYC4O7k+g+Dy/iHwWX8w+Ay/mEg3cnv+iUGORHphmiGxDol+n1mAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6I5/AwAA///K8u7c") chdir(&(0x7f0000000140)='./file0\x00') creat(&(0x7f0000000040)='./bus\x00', 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r3 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x80) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2, 0x28011, r3, 0x0) syz_mount_image$squashfs(&(0x7f00000001c0), &(0x7f0000000100)='./file1\x00', 0x0, &(0x7f0000000180)=ANY=[@ANYRES16=0x0, @ANYRES32, @ANYRES64, @ANYRESHEX, @ANYRES8, @ANYRES8=0x0, @ANYRESHEX, @ANYRES16, @ANYRES8=r2], 0x0, 0x1f4, &(0x7f0000000440)="$eJzslc9qU1EQxn9zc5I06qJrtxZbF5rkuvEN7AP4AIb0Woupf3oDmlDw6qYbF+JLFHwKF4IuBRcigpu6UNBFXRakcs6deziXJKbVUhDuB2Fmvjkzc+bknjm30wdpE/i1v91nEQfhHJ9EMMCy5NxBI5c/VR4qvprc7ir/UuUXlelo/P5Zro7v9AaDZCsdzVFEYN6akpKOdBPHC5ulvH1aZoSZi/UQHv990RZQZphgZirDWt72pOt5iWlOW6OxR601R7GncBJ5/kGpJTVt59LE1/btz+Hvjl20zol3YW9awIB3yRHCP77I/85TOXCZ/tWdghKVv7qmnzJTo1J0fKXXn0T8cMaH/e2+nW03dYpZbi3/FVfCrbHG62DNeQMZSI1Dn8e4aQnLQHu4eb+djsaXNzZ768l6cjeOyTpvzuoVTTrtWxuDpCPBNiKrmEZRFdtNK/DXgc/GuzMCSLA1izMgPlZjiuG8ciEIbEEUxIY58ryvfH09XXcuN7jIAvAws+5Y2SVsNoNrbRWhpkbXBPuEAyIWnONK/95gbQdBirBdjM/R3aNuDckgidVwnqvXfPs7KpdUrqrcVbmnsni7ijfJuAzf1VrJoMGj3nC45R6vXPNc7Ll40VeOtGrxGkqxkyYVKlSoUKFChQr/CX4HAAD///zvSU8=") mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x6000, 0x1) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0xf0, 0x0, &(0x7f0000001780)="d827cc8fc08733bbbd822c8158e9816d73e021e39debae50946f2741b08136edf3c447248fa87254e03dd54da490e0105e1280c659c72f894bf5d2e3d5ad3a6d4fd1c7261e090da19a2e400b86082253a98c26e6eda6f15b0a89a474b674301fd1867f7d9963dda69fe8c4fde2d2e013b321319a9a9c2bd526be83ab760c93a70f5e33d0c1ebd33f9ea10854e4c1bf0adf0c42045b922e436063c09d74360684a888bf49cebc6913955015956094cc778982be8fb3fe2ea30b48f7e26a7b20acd43543e8ca88fe41e74ebd3301cff6765b94af6e38630cd544781529ad01c1f1ef43e82bdfaf04ce7e34ab1a5330e004", 0x0, 0x27, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x6}, 0xfffffffffffffe77) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x6) utimes(0x0, 0x0) syz_mount_image$udf(&(0x7f0000000f00), &(0x7f0000001880)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x280cc12, &(0x7f0000000880)=ANY=[@ANYBLOB="7569642d666f5167657412eb464e33", @ANYRES8=r4, @ANYBLOB=',novrs,novrs,gid=', @ANYRESOCT=r4, @ANYBLOB="2c6164696e6963622c6769643d666f726765742c757466382c757466382c6d6f64653d3030303030303030303030303030303030304bfc6589332c2c00"/71], 0x1, 0xc30, &(0x7f0000001b00)="$eJzs3U9sHNd9B/DfGy3FldxWTOwoThoXm7ZIZcZy9S+mYhXOqqbZBpBlIhRzC8AVSakLUyRBUo1spAXTSw89BCiKHnIi0BoFUjQwmiLokWldILn4UOTUE9HCRlD0wBYBcgpYzOxbcUWRNi2KEmV9Pjb13Z15b/a9eesZWdCbFwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAxO+/cvHU6fSwWwEAPEiXx7526oz7PwA8Vq74/38AAAAAAAAAAAAAADjoUhTxZKSYv7yeJqr3HfVL7b6bt8aHR7avdiRVNQ9V5cuf+ukzZ8996YWh89281J79gPr322fjtbErFxsvz92YX5heXJyeaozPtifnpqZ3fYS91t9qsDoBjRuv35y6dm2xceb5s3fsvjXwfv8TxwcuDD178plu2fHhkZGxzSL13vK1e25Ix04zPA5HEScjxXPf/1lqRUQRez8X9Qc79lsdqToxWHVifHik6shMuzW7VO4c7Z6IIqLRU6nZPUfbj0XU+h5oH3bWjFgum182eLDs3th8a6F1dWa6MdpaWGovtedmR1OntWV/GlHE+RSxEhFr/Xcfri+KqEWK7x5bT1cj4lD3PHyxmhi8czuKfezjLpTtbPRFrBSPwJgdYP1RxKuR4ufvnIjJfJ2prjVfiHi1zB9GvFXmSxGp/GKci3hvm+8Rj6ZaFPEX5fhfWE9T1fWge1259PXGV2evzfWU7V5XPuL94a4rxUO6PxzZkg/GAb821aOIVnXFX0/3/psdAAAAAAAAAAAAAAAAAO63I1HEZyLFK//+x9W84qjmpR+7MPQHA7/aO2f86Q85Tln2+YhYLnY3J/dwnhg4mkZTeshziR9n9SjiT/L8v28/7MYAAAAAAAAAAAAAAAAAAAA81or4aaR48d0TaSV61xRvz15vXGldnemsCttd+7e7ZvrGxsZGI3WymXMi53LOlZyrOddyRpHr52zmnMi5nHMl52rOtZxxKNfP2cw5kXM550rO1ZxrOaOW6+ds5pzIuZxzJedqzrWccUDW7gUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+DgpoohfRorvfHM9RYqIZsREdHK1/2G3DgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAo9acifhApGn/YvL2tFhGp+rfjRPnLuWgeLvOT0Rwq86VoXszZqrLW/PZDaD9705eK+Emk6K+/fXvA8/j3dd7d/hrEW9/afPfZWicPdXcOvN//xPFjF4ZGfuPpnV6n7RoweKk9e/NWY3x4ZGSsZ3Mtf/one7YN5M8t7k/XiYjFN958vTUzM71w7y/Kr8Aeqj9CL1LtcempF9WLqB2IZjycvvMYKO//70WK3333P7o3/M79vx6/0nl3+w4fv/jTzfv/i1sPtMv7f21rvXz/L+/p293/n+zZ9mL+3UhfLaK+dGO+73hEffGNN0+2b7SuT1+fnj136tSXh4a+fPZU3+GI+rX2zHTPq/tyugAAAAAAAAAAAAAAAAAenFTEVyJF6yfrqRERt6r5WgMXhp49+cyhOFTNt7pj3vZrY1cuNl6euzG/ML24OD3VGJ9tT85NTe/24+rVdK/x4ZF96cyHOrLP7T9Sf3lu/o2F9vU/Wtp2/9H6xauLSwutye13x5EoIpq9WwarBo8Pj1SNnmm3Zquqo9tOpv/o+lIR/xkpJs810ufztjz/f+sM/zvm/y9vPdA+zf//RM+28jNTKuIXkeJ3/vLp+HzVzqNx1znL5f42Ugye/1wuF4fLct02dJ4r0JkZWJb930jxj7+8s2x3PuSTm2VP7/rEPiLK8T8WKX7w59+L38zb7nz+w/bjf3TrgfZp/J/q2Xb0jucV7Lnr5PE/GSleevLt+K287YOe/9F99saJXPj28zn2afw/1bNtIH/ub9+frgMAAAAAAAAAADzS+lIRfxcpfjRSSy/kbbv5+39TWw+0T3//69M926buz3pFH/pizycVAAAAAA6IvlTETyPF9aW3b8+hvnP+d8/8z9/bnP85nLbsrf6c79eq5wbczz//6zWQP3di790GAAAAAAAAAAAAAAAAAACAAyWlIl7I66lPVPP5p3ZcT301Urzy38/lcul4Wa67DvxA9Wv98tzsyYszM3OTraXW1Znpxth8a3K6rPtUpFj/m8/lukW1vnp3vfnOGu+ba7EvRIqRv++W7azF3l2b/KnNsqfLsp+IFP/1D3eW7a5j/anNsmfKsn8dKb7xz9uXPb5Z9mxZ9nuR4sffaHTLHi3Ldp+P+unNss9PzhX7MCoAAAAAAAAAAAAAAAAAAAA8bvpSEX8WKf7nxsrtufx5/f++nreVt77Vs97/Freqdf4HqvX/d3p9L+v/V88VWN7pUwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4OMpRRFvRor5y+tptb9831G/1J69eWt8eGT7akdSVfNQVb78qZ8+c/bcl14YOt/ND65/v30mXhu7crHx8tyN+YXpxcXpqcb4bHtybmp610fYa/2tBqsT0Ljx+s2pa9cWG2eeP1ttPpx33xp4v/+J4wMXhp49+Uy37PjwyMhYzyFqfff86XdJO2w/HEX8VaR47vs/Sz/qjyhi7+fiQ747++1I1YnBqhPjwyNVR2bardmlcudo90QUEY2eSs3uOXoAY7EnzYjlsvllgwfL7o3NtxZaV2emG6OthaX2UntudjR1Wlv2pxFFnE8RKxGx1n/34fqiiNcjxXePrad/6Y841D0PX7w89rVTZ3ZuR7GPfdyFsp2NvoiV4hEYswOsP4r4p0jx83dOxL/2R9Si8xNfiHi1zB9GvBWd8U7lF+NcxHvbfI94NNWiiP8rx//Cenqnv7wedK8rl77e+Orstbmest3ryiN/f3iQdr42feWBtmMH9Sjix9UVfz39m/+uAQAAAAAAAAAAAAAAAA6QIn49Urz47olUzQ/Oc4qfynuvznSm9XXn/nXnTG9sbGw0UiebOSdyLudcybmacy1nFLl+zmaZ9Y2Nifx+OedKztWcaznjUK6fs5lzIudyzpWcqznXckYt18/ZzDmRcznnSs7VnGs5w7xiAAAAAAAAAAAAAAAAAABgHxTVPym+8831tNHfWV96Ijq5aj3Qj73/DwAA//8H5/Ye") mount$bind(0x0, 0x0, 0x0, 0x100000, 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_CQM(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB, @ANYRES16=r5, @ANYBLOB="010000000000000000003f00000008000300", @ANYRES32=r0, @ANYBLOB="14005e8008000700000000000800070000000000"], 0x30}}, 0x0) 2.723095987s ago: executing program 1 (id=2041): mkdir(&(0x7f0000000400)='./file1\x00', 0x0) mkdir(&(0x7f0000005800)='./file0\x00', 0x0) mkdir(0x0, 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) r0 = creat(&(0x7f0000000340)='./file1/file0\x00', 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000000)=0x20) chdir(&(0x7f0000000140)='./bus\x00') r1 = openat$dir(0xffffffffffffff9c, &(0x7f00000003c0)='./file0\x00', 0x0, 0x0) ioctl$FS_IOC_FSSETXATTR(r1, 0x401c5820, &(0x7f0000005840)) 2.565656609s ago: executing program 1 (id=2042): pipe2$9p(0x0, 0x0) write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000280)=ANY=[@ANYBLOB="1500000065ffff097b00000800395032303030"], 0x15) r0 = dup(0xffffffffffffffff) write$FUSE_BMAP(r0, &(0x7f0000000080)={0x18}, 0x18) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'lo\x00', 0x0}) mkdir(&(0x7f00000020c0)='./file0\x00', 0x0) lsetxattr$system_posix_acl(&(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='system.posix_acl_access\x00', &(0x7f0000000280)={{}, {}, [], {0x4, 0x1}}, 0x24, 0x0) syz_mount_image$vfat(&(0x7f0000000400), &(0x7f0000000100)='./file0\x00', 0x414, &(0x7f0000000300)=ANY=[@ANYRES64, @ANYRESHEX], 0x3, 0x2a8, &(0x7f0000001300)="$eJzs3M9qE1EUx/FjU5s0pU0EERTUg250M7TpA2iQFsSAUpuiLoSpnWjImJSZUImIzUbc+hzFpTtBfYFuxI17d0UQ3HQhjjh/2iRNa9ombWy/Hyj3Juf+mDvttJwpZNbuvXlaKrhGwazKQEJlQKQu6yLpv7PQiXAc8OdD0qguV0d+fj1/9/6DW9lcbmpGdTo7O5lR1bGLH569eHvpU3Vk7t3Y+7isph+u/ch8Wz2zenbt9+yToqtFV8uVqpo6X6lUzXnb0oWiWzJU79iW6VpaLLuW01Qv2JXFxZqa5YXR5KJjua6a5ZqWrJpWK1p1amo+NotlNQxDR5NyvA12sCa/MjNjZrcte7Gu7gg9N9zuTcfJ1tsX8ysHsCcAANBndu7/g15/+/4/NxeMXe7/RVr7/6iZpf/fp3rTq3/0/zgSHCdrJsPf32b0/wAAAAAAAAAAAAAAAAAAAAAA/A/WPS/leV4qGqOvuIgkRCR6fdj7RG/s8ed/7ZC2iy5r+OBeQsR+vZRfygdjUM8WpCi2WDIuKfnlXw+hYD59Mzc1rr60fLSXw/zyUj4m8SgfSbfLXzg1EeS1OX9Sko3Hz0hKTrc/fqZtfkiuXG7IG5KSz4+kIrYs+Nf1Zv7lhOqN27mW/LC/DgAAAACAo8DQDVvu3/26vyAhW+tBfhf/H2i5vx6Uc508ohIAAAAAAOybW3teMm3bcvYwiYvIPuJHdRKTvthGy+S6iPTBNg5qkhCR4B3dS/z7RryjlNfBmkER6cGZDvfqe3jYf5kAAAAAdNtm07+L0JdXPdwRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADHT6fPA4vWbylNhoUd4g2Hix38GQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD9408AAAD//yF0HOo=") prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) write$FUSE_NOTIFY_STORE(0xffffffffffffffff, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) connect$inet(0xffffffffffffffff, 0x0, 0x0) socket$inet(0x2, 0x2, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) r3 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r3, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) chmod(&(0x7f0000000180)='./file0\x00', 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_MEMORY_LIMIT={0x8, 0x9, 0x4}]}}]}, 0x40}}, 0x0) 2.132097071s ago: executing program 4 (id=2043): r0 = socket$inet6(0xa, 0x80000, 0x7e0) r1 = syz_open_dev$tty1(0xc, 0x4, 0x1) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x3, &(0x7f0000000040)=[{0x61, 0x0, 0x0, 0x200}, {0x6, 0xe, 0x8}, {0x0, 0x6, 0x6, 0x4}]}) bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x3, 0x4, 0x0, &(0x7f0000000140)='GPL\x00', 0xfffffffd, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, '\x00', 0x0, 0x2d}, 0x90) mkdir(0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000280)=0x7) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000007c0)={0x11, 0x1b, &(0x7f0000000500)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x101}, {{0x18, 0x1, 0x1, 0x0, 0x1}}, {}, [@cb_func={0x18, 0x8, 0x4, 0x0, 0x3}, @tail_call={{0x18, 0x2, 0x1, 0x0, r0}}, @func={0x85, 0x0, 0x1, 0x0, 0x4}, @alu={0x7, 0x0, 0x5, 0x8, 0x4, 0xfffffffffffffffe}, @map_idx_val={0x18, 0x6, 0x6, 0x0, 0x6, 0x0, 0x0, 0x0, 0x101}, @generic={0x9, 0x9, 0x4, 0x3, 0xd175}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f00000003c0)='syzkaller\x00', 0x1, 0x86, &(0x7f00000006c0)=""/134, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000400)={0x3, 0x5}, 0x8, 0x10, &(0x7f0000000600)={0x3, 0x3, 0x3, 0x5f3bb676}, 0x10, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000780)=[{0x3, 0x1, 0xb, 0x1}], 0x10, 0xff}, 0x90) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r5}, 0x10) ioctl$BTRFS_IOC_TREE_SEARCH(0xffffffffffffffff, 0x7005, 0x0) readv(0xffffffffffffffff, &(0x7f00000004c0)=[{&(0x7f00000012c0)=""/191, 0x4}], 0x1) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="1c0000002000010300000000000000000200000000000000000000001c4a620167739606e65f2b4164538c4f1299bda1bfde6413a1bf3545b752cc0b2254ed23708c782ce69d367d0522790ad82234f25870263b6c9ec748db2d030000005be6b95b13f81be1536ab8b2f3d8"], 0x1c}}, 0x0) ioctl$KDSETLED(r1, 0x4b45, 0x4) 1.673659665s ago: executing program 1 (id=2044): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f00000002c0)=ANY=[], &(0x7f00000003c0)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='contention_end\x00', r0}, 0x10) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d8000000100081044e81f782db44b904021d080c48000000e8fe55a1180015000600142603600e120900210000000401a80016000a0001", 0x37}], 0x1}, 0x0) r1 = socket$kcm(0x10, 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0xfe33) 629.128833ms ago: executing program 3 (id=2045): r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() r2 = socket$kcm(0x29, 0x5, 0x0) sendmsg$kcm(r2, 0x0, 0x40400d4) sendmsg$inet(r2, &(0x7f0000000340)={0x0, 0x7ffcb000, &(0x7f0000000300)=[{&(0x7f00000000c0)='6', 0x18000}], 0x8}, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r5}, 0x10) ioctl$FIDEDUPERANGE(0xffffffffffffffff, 0xc0189436, &(0x7f0000000640)=ANY=[@ANYBLOB, @ANYRES32=r4, @ANYRES32=r3, @ANYBLOB="000000000200"/27, @ANYRES32=r5, @ANYBLOB="000000000600"/28, @ANYRES32=r5, @ANYBLOB="000000000300"/28, @ANYRES64=r5, @ANYRESDEC=r4, @ANYBLOB='\x00'/28]) syz_open_dev$sndctrl(0x0, 0x2, 0x4220c0) ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(0xffffffffffffffff, 0x4112, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000140)=0x200000000) r6 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r6) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) r7 = inotify_init1(0x0) bind$unix(r3, &(0x7f0000000180)=@file={0x1, './file0\x00'}, 0x6e) fcntl$setown(r7, 0x8, 0xffffffffffffffff) fcntl$getownex(r7, 0x10, &(0x7f0000000140)={0x0, 0x0}) r9 = syz_open_procfs(r8, &(0x7f0000000600)='fd/4\x00') open_by_handle_at(r9, &(0x7f0000000180)=ANY=[@ANYBLOB="0c00000001000000"], 0x0) 420.605409ms ago: executing program 1 (id=2046): r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x802}, 0x10) timer_create(0x3, &(0x7f0000000040)={0x0, 0x2e, 0x6, @thr={&(0x7f0000000300)="c6f670f200c25293c9f397627a68f362e6e00ef17e2b2628627c463f14bd0a0c064e8e649ea7947216642fe4bad5048da6e05baf814c462095a3ebed081f72c906479b399f3b49e45eaa05bbfc07dba4916d1897733dd35dc254a37b3d1146d5fd7eb8b019e9676979", &(0x7f0000000400)="389b6edfd2cd9ae37ad59c0dc82d6dddd23fe2c7cd9df5b1cc5fc7bc077daf350509259376cede2004dc6601862fd0c314d53a1a33343d33e495ceb9432345a56265cb24effa0cccbc8195a4fedca6a19d619aed3d86188fac3d3b31079a80f966f827f3dd6bf8667055cea9fc5bfc8df27d0a199d5e34936faf6764caf5f4a3de7cd62de39aafd52f51d722cbf1adda2c93801851fe316a861c0fd0d59f5d6e0ff0e662352e92d22f7394786f9e2db6d3af719cd8cf1cb38a288726b2eacddf72ef01f2175148d3073e98ea1b37206230384ac0c9a868dbba104b3701d1e00bdbc29a750c564ea33259982f3978d6577a76cd8ee8ba28335b66d87f9067dc1904f38a1c939a286235f16d3ffbb6e629d3f1e231518ccb12fd576da19c24f0f9deb881dc6654fc03e4789a1899a67b4ca17e610bdea801b5a5ffeb159a01b890a7981dc308a21ad9026f027128cbaafc9c1af6c1047103463612159584d2dbeca20d8dfd301d0e9cd0f3355710a71570f93e8c1d2db7140bf2027e9952cb6ed5fad7b626043575e78f4bba7d71dfc3ba994e6fd6f0362e79c9c6b3528abf5394ba3b84fe43782794e6cd5b248de0ab63bc9d55850acaa1a8375e574f4d732bd4962f5ff3e91ef0b25775168f4624b4d3260e29a12d6136a67e0dfa94f1f7dcb1cf48d0befe9c062b2f5e8b884947a7de899472b45f74c0c727d9c21e0afc51f88d200761626df8d98bdb062cb864f21e7789ea06f51bf32809c761b35a8734f5365023d24827afda67051dabceac638e0512a7e63b4d9d692972dcffea3bf076634c7a7bc9f01d9153f3314a11ab5ab60e30c8de317fb1df1eb06c00d06b3ae3970afac98e9e557d1bd31fddc2f2b0ad2b84d55b9b26cfdafc97b03cd5bfdc1b7a1fd203ec0cd719e7590305c9228e82ab35f1e95a4168597d5e04fda1b685251f64735fd1fd02eafa5e6bb22e3060f1f65528c2855c07d3d121fe63bf0ed9125ce49133f1023011fd050753aa49011e51a148fc511db15f62bfd9e0843ac79250fc3c0d3bdc3665f7552fc6859fd109454f6021bc2f078d473e2e6128a6b5b7ce6ff6a8e3f146ef3bbb5131bc38b325a8ffbde0317f2083021201b8178643640e797b01583deffb67a2b17ceb7ae9642e8111ec7ab1026aeab23c1e7dafb73f50a088b43c8af1d0c2c2a11577c1926bec31da6336f12479f82b72c2b2edc55eaa994d5c7959e2e7d18cf067b6b7950ed4793c4c555ab153d48974bc01b3ec8f66ad613bb09729b35296b049e2500c7e99db2ab0abeec17c18d36f9e0781b3361ac8f8fa8c751a6bc87fcf2dc84bb32140162677d0d54338fc0ff4ef850a1d02fe845358df93f8d7c707790f0ad57fd350e801beea060e23147c9f5a1f191efcf508c84c32c70541ab1c3c4ac048f460e1bfd32c436a56ff2caba8ba85d9338b44ca4ea499e3c3ee5aa363bc41d40a725424f5007284997e4d930b9ea5e80c4a5407f2a6fe213178f818a148ddcb5a6973371aa8628ee46d086236a273c72cb9adfe3f0f8981dc31c8763b8565258e41d3c355e728fd5118a984e0ac12c9ba1f8cf4933dd02fcbaf54fe582b26a40c3de8949f43776c82ecae323f4aefebadcc5ff74c857404341858f23443686541f2a10e939d894d0153252e969a84d3c770ca1457f4a1c97f146f4a1d804a6137c267e3a729793d54391b3580a098032f4b2c3bdfb51525525e0b1cecb7e235b74986d3dfee7eae6df46f77434fcfe6f0f9f222eceecac11ff57d1881687cad9bca32e7f1228e9b21829fb019dd01456e14c5551ea4294555505e975ed7ebe6ca29e16c8cd300a1b79510590623ca1be66656e557e603a296978455e7b6e8a6065deb9d0343c4b0819337d2f92682a45eaa66af44568599f4dcc33828bc4244d071090d1ffc3f900e2470f7d7642c1bdc5cb1ca6b38d86fec8dd4fab69de4c5ee621e49d4c4bcf1b2cec156b670b169091ab66396f7816768e98e5fae2ac4d950db4d70e4c636776f1fca9411b1f320a4929329c2d0277b1ec415c7440d5c163fb4a1a5788de5c5427740e20ccf6e10c0e25bb43f20835c2426c50b9d37582e1204c46987350fc67827e780d8ee6acec41df7e80f8f86a862c08b20c026a0dc648ad51dd397dc8b3e37c9ecb689e930e3b6922ae17d98a906ea026fdde229b567ae2aecccee796c7e52605387e3e108e8c9ad34c56b67f8797f9c896810f849ee374f58a341ec11c5aa1323af06cf07a3fc65b3ea360acaf22cb0731db96f77053f6a39db87c1db9920876bf2ae9675d0143b58b2b9e0027e68c8d4b41838368d3181a6cadebd72ed3920df995b85f00f436911f0d3e6ee69aae7639e933c0bd27c51d10cf98665d4704bc40222f2f092fdd98c7f6d4813a93795061976d681617756e810eacd7994c849f67356d71636cba934e249bdb1759775980d32747a4da876faf7b78d0548d25805558c2205fa71fb11eefc3a44dfd01a1cc44153acc0662c8a8599dd87fb87ef21bb44fa674c2f9e2c1174615c9fae82e66d01ea21f24a9a39545bbbece3211f820f75e5590093ea0aa1e214cccb8a6e4c0a6a1998526f9d8d23441ad4ede9f6e0d938f7e842e05a3b466e030b0742c2958c2bb36bd1d5e357d678d12c4c92dcc9511effdd8bcb9489dd05cd162cf8b8e542de94619fb281c72bb25a98988ec2cef87e341f9de416d88cce80530a718e079582028b4dfae06d54b4846782a07de08a21389ab5382b962791927a4197a974814467c2629b0bf989befd5638192f6d6a4692b3de1241c220e959b90669c3ff93571bc67855157ef99e3b6f7f36ee2c09be9c7d95040c0df2781ef5efd63207301a6673e147e1dfd72573a963a9642bceb761f73e538fee5bac15fb4b114e332f175b391ceed417baf63aa3d3df908eb6db11ab034dffda5ad7b7df13a82dbdba67a4f75dc5fd723fb1a98cf4b30b473a7439deb64957ad1caaec7c957809b70679145c7218fd2dd322f94143d02f791e765c972263ffc5d56e22d7164f01b9ab7bd3668cb5b7617857724b688c4b40c923e77d2a4ce7463392abd31734182adff1c72256ed3cba1a78e046fe1d953d0e6589a588b3adcaa35f7e769332149a9af9983eda2072071ee86d2c9bc8039c2317ba38d79ef3beb369c17cbf00eee386a37c1fe45fb80ca0de5b46f327485c5b18472a09e2660551df8da41a679a8dc045ca6ff9e7d5180678def3663b9a342a220bf870bad4614d20391ce1f9b07ea1a539c36f953ca0d82926a9c49407c189062d9204c523b66077a8af3b49789ec12a565f547a48f791e7ddffb26bae824add6d9e6959d6eb6e7af5885c0ed0cf898d20fa44e2d4dd46fa32e7048499c4fc01e1618b11440fa2347f98efc5b79c7a09974ee2bc9d5420905b05f836d2112f91d5d4fa76c059448c243ed6d7d855abe2bc39ecc7da0b8b4e6798bc0d14f163d6d90a02b12982291d84e789c1b32169c1d05b7a6b0b8443748bcb096ffc66b899d723096fa9500debff992454ae457ab77859ea58661f710d01590a81cfe762bac31a04fb3845db203165b8822fdede5da49525ea4fbbbad5460f45974825aff8e080a8257dfdaa99f31f8b0faf1c7991e46d947cb45d1f4b76713611661bc4345817d6b1575d8931e32c1387949a19a5cca6e719431c559be727e62a75815d5da8eb6360883b70b0ddccd5e472de9db0504ee54b39ae11e1235932c1399e87ea855f4dd4d0308a5cf57df953b8c8db573afd4f5f28ff06dcd8527880546d788cb49b9ce196f72cd8706eae26f38c78d3893399f7e8ff0aee1818f1e11f13cae4c173834474f6b577cbfc10c6c51b6b77324c2200dffda5225fc7b7b83ad198c559f2be7a31e0f2654ca21b0a29a8e28c0063d9c1d021a77f3767256f9578696134a2a6d29f9ab21ce1188d23abafd82adc190740b552bebb6730834ebf3d4468022c49d3b4f31b394cd9425a31e21f4736baa01a2d9ce617c68ee88eacd33333cabc0c883a67c6e1c7357224f5edbe41543c778ebef73be578d6535ce3efb361cfd5894e1f95fce240018f81b735c727cda2d339788eb34ea4430770199c00a8a9c109baac87ce4afd0452e33fdb44c0aef4f48974a959b006ba12001541ce09ea3fc373168977ae8b149cf01e1598cfeb0816e4d828df09d722d95ca83e69e671f28c6fe35679ff777527c2b0a8a1eade06555722bbf0e75fd081aa8ac11c4cd8bd5e670f813124bb4f8c6f55b5db30143baf5ccf51714d6a45d8ee1b5839b761fada991a15adcbbd0e3efec5405b259b216a80dd2ae81ab59e26a2150e85b134dfcb30c2de7042a2f0f1377029fe14c37d985457f868a60555493fc1ea7cf66b3f29496a3a88e5b0eae397d3268aab8db51572a7ab75c83ad2b6420b57a7815b5837afd499186d4b3158823bc24c57f7f4c0d90ad96b42f28598d7a6662ea7a775c750362228a76e2f53b78c922ee5153d3ebd17ccd244bc3316b9fe04109cd884a64be7feda3cdd1941a79b2ee69ab0d25907906b245ed6723e12727b7341ba4f699e1f48d9bdd5ad064c3a45eeba34573dc61ef4389d59aa3661603893264a2cda2688ac18e665582339726519564a281d8766165e0a7733d0e1dccd418fcbb01c4654fb2ae1bc186bcc7a942cc2eafaf2c2992503c6e4afef5e118f251c981e66df7792a2b417c664ebbd8086b8fe57e0aa2e6801d00a5aa92b0908ef570782f8c935495db448206072e7a3777d5a4400fa6a12b9bf4dd65a790f3d88bf4e3487b40c5ac857e1c8f662f1e381849b6398ed0292547f9dcf7f18bf7f2b4f8440c775cc2512b71c35e0c9b9c6ae6462478ff4ec1d3aee3656bdff8abfc6f8a122c57825dead997a2f580ba6bd4564d95013644322e35313307525964e90b6703920789c8c4e645f65f3f6473aa240e38e88e12dd3977d00dd1e1fe93bee977b3e12ea4dec3f35a2ab8d753ca5f8411b3fb64fcfe15d1ea07859387b416f03960d9b3310ddc4ea1f1324eff6759c2c98e294f46e330402049674130ae47a9eb5776ad51913257b3b0b71a006b37a0322ee76889b677a01859870efadd9cc5f765dbff02b5f8cbc2097c9fee0e4380392b7dec71ba797c8f9210e7ccb215bd87734de1b0f18de77ce8cd420b96a6223e1b8b464dff5747ef5076a0b717795b66366945bcc73d5f6708e06ef41be94eecd1c951f6d34cb170d6674a2b336bd19a48b91fa2f7402ead919ee9126156b54aeb6946d249aa6e86c317264624e3ea1bc11ffe7fd5b8f2f856bb3b0e8e3a687ab30122a5208cf41eaf73c9a5d76e24ab5abdebf04567a05ac5495aab2182004d5b9fc29b61f31fb69b8658c7a4c41d1c5c28b9d4daa1d3a37e21ff46762dc1fd5f0152b9f353c9a5c5e25976a69b6577b0180b43d48f0dab00ae2af59f99faff6f33e89ca51b07e25716cd2d899dac430fd15fe35b34edf5aa8d1e355c630168793e525068a6a04f0f078a6cb227404b3affd32c2458853e064ed8911f7e446d36af7774013dec227bdeae6afdf87fb4247982bf781aa8b445af3278bf82f940e4311c2c3cd43df5119ba0ff831169b71c5e6cb68cbe914386dd95b452ab3175ea586fc0ce8344fc13492fdceaed5b988356ba0c7edf287b062946348e4d2da0454fe02"}}, &(0x7f0000000100)) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000032680)=""/102376, 0x18fe8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) syz_open_dev$cec(&(0x7f0000002340), 0x0, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = socket$inet6_udp(0xa, 0x2, 0x0) sendmsg$inet6(r3, &(0x7f00000002c0)={&(0x7f0000000000)={0xa, 0x4e23, 0x7, @ipv4={'\x00', '\xff\xff', @multicast2}, 0xb1}, 0x1c, &(0x7f0000000280)=[{&(0x7f0000000200)="bdcf5722ba942a31e139d8f8d79984f586440ad354177c8882da6be77b8278", 0x1f}], 0x1, &(0x7f0000000680)=[@rthdr_2292={{0x64, 0x29, 0x39, {0xff, 0xa, 0x0, 0x9, 0x0, [@ipv4={'\x00', '\xff\xff', @rand_addr=0x64010102}, @remote, @remote, @mcast2, @local]}}}, @dontfrag={{0x10, 0x29, 0x3e, 0x2}}, @rthdrdstopts={{0x8c, 0x29, 0x37, {0x4, 0xe, '\x00', [@padn={0x1, 0x3, [0x0, 0x0, 0x0]}, @pad1, @pad1, @generic={0x18, 0x54, "71ea28af473f2d9b1e52e6fb16d7cd2d17a321b6b8b2a7018959dd5a11580da2c963ce2e0adfa391910eced718f8b3a220834028b88a8f5293b9bfbd137c6fe803bcce07416117150d84bf14d30917fc37ed858a"}, @pad1, @calipso={0x7, 0x10, {0x3, 0x2, 0xf7, 0xbac, [0x9]}}]}}}, @rthdr={{0x94, 0x29, 0x39, {0x87, 0x10, 0x0, 0xf2, 0x0, [@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @mcast2, @mcast1, @remote, @mcast2, @empty, @mcast1, @mcast1]}}}, @tclass={{0x10}}, @tclass={{0x10, 0x29, 0x43, 0x1}}, @hopopts={{0x24, 0x29, 0x36, {0x3c, 0x1, '\x00', [@ra={0x5, 0x2, 0x8}, @enc_lim={0x4, 0x1, 0xff}, @ra={0x5, 0x2, 0xd}]}}}, @dstopts={{0x14}}], 0x1ec}, 0x4000) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r4}, 0x2c, {'rootmode', 0x3d, 0x4000}}) write$FUSE_NOTIFY_RETRIEVE(r4, &(0x7f0000000100)={0x30, 0x5, 0x0, {0x0, 0x1}}, 0x30) read$FUSE(r4, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) umount2(&(0x7f00000001c0)='./file0\x00', 0x0) write$FUSE_NOTIFY_DELETE(r4, &(0x7f0000000400)={0x36, 0x6, 0x0, {0x0, 0x0, 0xd, 0x0, 'dont_appraise'}}, 0x36) write$FUSE_INIT(r4, &(0x7f0000000040)={0x50, 0x0, r5}, 0x50) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001580)={&(0x7f00000015c0)=ANY=[@ANYBLOB="200000005200010000000000000000001c"], 0x20}}, 0x0) 381.501102ms ago: executing program 4 (id=2047): mkdir(&(0x7f0000000000)='./file0\x00', 0x0) write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)={0x15, 0x65, 0xffff, 0x0, 0x8, '9P2000.u'}, 0x15) pipe2$9p(&(0x7f00000013c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff0180"], 0x15) r2 = dup(r1) write$P9_RLERRORu(r2, &(0x7f0000000040)=ANY=[@ANYBLOB="8b"], 0x53) write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000180)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20) write$RDMA_USER_CM_CMD_BIND_IP(r2, &(0x7f00000002c0)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}}, 0x30) write$binfmt_elf64(r2, &(0x7f0000000280)=ANY=[], 0x7c8) mount$9p_fd(0x0, 0x0, &(0x7f00000000c0), 0x0, &(0x7f0000001340)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[], [], 0x6b}}) readv(r0, &(0x7f0000000100)=[{&(0x7f0000000340)=""/4096, 0x1000}], 0x1) chdir(&(0x7f0000000200)='./file0\x00') fchmodat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0xffffff19) 251.878842ms ago: executing program 4 (id=2048): r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x802}, 0x10) timer_create(0x3, &(0x7f0000000040)={0x0, 0x2e, 0x6, @thr={&(0x7f0000000300)="c6f670f200c25293c9f397627a68f362e6e00ef17e2b2628627c463f14bd0a0c064e8e649ea7947216642fe4bad5048da6e05baf814c462095a3ebed081f72c906479b399f3b49e45eaa05bbfc07dba4916d1897733dd35dc254a37b3d1146d5fd7eb8b019e9676979", &(0x7f0000000400)="389b6edfd2cd9ae37ad59c0dc82d6dddd23fe2c7cd9df5b1cc5fc7bc077daf350509259376cede2004dc6601862fd0c314d53a1a33343d33e495ceb9432345a56265cb24effa0cccbc8195a4fedca6a19d619aed3d86188fac3d3b31079a80f966f827f3dd6bf8667055cea9fc5bfc8df27d0a199d5e34936faf6764caf5f4a3de7cd62de39aafd52f51d722cbf1adda2c93801851fe316a861c0fd0d59f5d6e0ff0e662352e92d22f7394786f9e2db6d3af719cd8cf1cb38a288726b2eacddf72ef01f2175148d3073e98ea1b37206230384ac0c9a868dbba104b3701d1e00bdbc29a750c564ea33259982f3978d6577a76cd8ee8ba28335b66d87f9067dc1904f38a1c939a286235f16d3ffbb6e629d3f1e231518ccb12fd576da19c24f0f9deb881dc6654fc03e4789a1899a67b4ca17e610bdea801b5a5ffeb159a01b890a7981dc308a21ad9026f027128cbaafc9c1af6c1047103463612159584d2dbeca20d8dfd301d0e9cd0f3355710a71570f93e8c1d2db7140bf2027e9952cb6ed5fad7b626043575e78f4bba7d71dfc3ba994e6fd6f0362e79c9c6b3528abf5394ba3b84fe43782794e6cd5b248de0ab63bc9d55850acaa1a8375e574f4d732bd4962f5ff3e91ef0b25775168f4624b4d3260e29a12d6136a67e0dfa94f1f7dcb1cf48d0befe9c062b2f5e8b884947a7de899472b45f74c0c727d9c21e0afc51f88d200761626df8d98bdb062cb864f21e7789ea06f51bf32809c761b35a8734f5365023d24827afda67051dabceac638e0512a7e63b4d9d692972dcffea3bf076634c7a7bc9f01d9153f3314a11ab5ab60e30c8de317fb1df1eb06c00d06b3ae3970afac98e9e557d1bd31fddc2f2b0ad2b84d55b9b26cfdafc97b03cd5bfdc1b7a1fd203ec0cd719e7590305c9228e82ab35f1e95a4168597d5e04fda1b685251f64735fd1fd02eafa5e6bb22e3060f1f65528c2855c07d3d121fe63bf0ed9125ce49133f1023011fd050753aa49011e51a148fc511db15f62bfd9e0843ac79250fc3c0d3bdc3665f7552fc6859fd109454f6021bc2f078d473e2e6128a6b5b7ce6ff6a8e3f146ef3bbb5131bc38b325a8ffbde0317f2083021201b8178643640e797b01583deffb67a2b17ceb7ae9642e8111ec7ab1026aeab23c1e7dafb73f50a088b43c8af1d0c2c2a11577c1926bec31da6336f12479f82b72c2b2edc55eaa994d5c7959e2e7d18cf067b6b7950ed4793c4c555ab153d48974bc01b3ec8f66ad613bb09729b35296b049e2500c7e99db2ab0abeec17c18d36f9e0781b3361ac8f8fa8c751a6bc87fcf2dc84bb32140162677d0d54338fc0ff4ef850a1d02fe845358df93f8d7c707790f0ad57fd350e801beea060e23147c9f5a1f191efcf508c84c32c70541ab1c3c4ac048f460e1bfd32c436a56ff2caba8ba85d9338b44ca4ea499e3c3ee5aa363bc41d40a725424f5007284997e4d930b9ea5e80c4a5407f2a6fe213178f818a148ddcb5a6973371aa8628ee46d086236a273c72cb9adfe3f0f8981dc31c8763b8565258e41d3c355e728fd5118a984e0ac12c9ba1f8cf4933dd02fcbaf54fe582b26a40c3de8949f43776c82ecae323f4aefebadcc5ff74c857404341858f23443686541f2a10e939d894d0153252e969a84d3c770ca1457f4a1c97f146f4a1d804a6137c267e3a729793d54391b3580a098032f4b2c3bdfb51525525e0b1cecb7e235b74986d3dfee7eae6df46f77434fcfe6f0f9f222eceecac11ff57d1881687cad9bca32e7f1228e9b21829fb019dd01456e14c5551ea4294555505e975ed7ebe6ca29e16c8cd300a1b79510590623ca1be66656e557e603a296978455e7b6e8a6065deb9d0343c4b0819337d2f92682a45eaa66af44568599f4dcc33828bc4244d071090d1ffc3f900e2470f7d7642c1bdc5cb1ca6b38d86fec8dd4fab69de4c5ee621e49d4c4bcf1b2cec156b670b169091ab66396f7816768e98e5fae2ac4d950db4d70e4c636776f1fca9411b1f320a4929329c2d0277b1ec415c7440d5c163fb4a1a5788de5c5427740e20ccf6e10c0e25bb43f20835c2426c50b9d37582e1204c46987350fc67827e780d8ee6acec41df7e80f8f86a862c08b20c026a0dc648ad51dd397dc8b3e37c9ecb689e930e3b6922ae17d98a906ea026fdde229b567ae2aecccee796c7e52605387e3e108e8c9ad34c56b67f8797f9c896810f849ee374f58a341ec11c5aa1323af06cf07a3fc65b3ea360acaf22cb0731db96f77053f6a39db87c1db9920876bf2ae9675d0143b58b2b9e0027e68c8d4b41838368d3181a6cadebd72ed3920df995b85f00f436911f0d3e6ee69aae7639e933c0bd27c51d10cf98665d4704bc40222f2f092fdd98c7f6d4813a93795061976d681617756e810eacd7994c849f67356d71636cba934e249bdb1759775980d32747a4da876faf7b78d0548d25805558c2205fa71fb11eefc3a44dfd01a1cc44153acc0662c8a8599dd87fb87ef21bb44fa674c2f9e2c1174615c9fae82e66d01ea21f24a9a39545bbbece3211f820f75e5590093ea0aa1e214cccb8a6e4c0a6a1998526f9d8d23441ad4ede9f6e0d938f7e842e05a3b466e030b0742c2958c2bb36bd1d5e357d678d12c4c92dcc9511effdd8bcb9489dd05cd162cf8b8e542de94619fb281c72bb25a98988ec2cef87e341f9de416d88cce80530a718e079582028b4dfae06d54b4846782a07de08a21389ab5382b962791927a4197a974814467c2629b0bf989befd5638192f6d6a4692b3de1241c220e959b90669c3ff93571bc67855157ef99e3b6f7f36ee2c09be9c7d95040c0df2781ef5efd63207301a6673e147e1dfd72573a963a9642bceb761f73e538fee5bac15fb4b114e332f175b391ceed417baf63aa3d3df908eb6db11ab034dffda5ad7b7df13a82dbdba67a4f75dc5fd723fb1a98cf4b30b473a7439deb64957ad1caaec7c957809b70679145c7218fd2dd322f94143d02f791e765c972263ffc5d56e22d7164f01b9ab7bd3668cb5b7617857724b688c4b40c923e77d2a4ce7463392abd31734182adff1c72256ed3cba1a78e046fe1d953d0e6589a588b3adcaa35f7e769332149a9af9983eda2072071ee86d2c9bc8039c2317ba38d79ef3beb369c17cbf00eee386a37c1fe45fb80ca0de5b46f327485c5b18472a09e2660551df8da41a679a8dc045ca6ff9e7d5180678def3663b9a342a220bf870bad4614d20391ce1f9b07ea1a539c36f953ca0d82926a9c49407c189062d9204c523b66077a8af3b49789ec12a565f547a48f791e7ddffb26bae824add6d9e6959d6eb6e7af5885c0ed0cf898d20fa44e2d4dd46fa32e7048499c4fc01e1618b11440fa2347f98efc5b79c7a09974ee2bc9d5420905b05f836d2112f91d5d4fa76c059448c243ed6d7d855abe2bc39ecc7da0b8b4e6798bc0d14f163d6d90a02b12982291d84e789c1b32169c1d05b7a6b0b8443748bcb096ffc66b899d723096fa9500debff992454ae457ab77859ea58661f710d01590a81cfe762bac31a04fb3845db203165b8822fdede5da49525ea4fbbbad5460f45974825aff8e080a8257dfdaa99f31f8b0faf1c7991e46d947cb45d1f4b76713611661bc4345817d6b1575d8931e32c1387949a19a5cca6e719431c559be727e62a75815d5da8eb6360883b70b0ddccd5e472de9db0504ee54b39ae11e1235932c1399e87ea855f4dd4d0308a5cf57df953b8c8db573afd4f5f28ff06dcd8527880546d788cb49b9ce196f72cd8706eae26f38c78d3893399f7e8ff0aee1818f1e11f13cae4c173834474f6b577cbfc10c6c51b6b77324c2200dffda5225fc7b7b83ad198c559f2be7a31e0f2654ca21b0a29a8e28c0063d9c1d021a77f3767256f9578696134a2a6d29f9ab21ce1188d23abafd82adc190740b552bebb6730834ebf3d4468022c49d3b4f31b394cd9425a31e21f4736baa01a2d9ce617c68ee88eacd33333cabc0c883a67c6e1c7357224f5edbe41543c778ebef73be578d6535ce3efb361cfd5894e1f95fce240018f81b735c727cda2d339788eb34ea4430770199c00a8a9c109baac87ce4afd0452e33fdb44c0aef4f48974a959b006ba12001541ce09ea3fc373168977ae8b149cf01e1598cfeb0816e4d828df09d722d95ca83e69e671f28c6fe35679ff777527c2b0a8a1eade06555722bbf0e75fd081aa8ac11c4cd8bd5e670f813124bb4f8c6f55b5db30143baf5ccf51714d6a45d8ee1b5839b761fada991a15adcbbd0e3efec5405b259b216a80dd2ae81ab59e26a2150e85b134dfcb30c2de7042a2f0f1377029fe14c37d985457f868a60555493fc1ea7cf66b3f29496a3a88e5b0eae397d3268aab8db51572a7ab75c83ad2b6420b57a7815b5837afd499186d4b3158823bc24c57f7f4c0d90ad96b42f28598d7a6662ea7a775c750362228a76e2f53b78c922ee5153d3ebd17ccd244bc3316b9fe04109cd884a64be7feda3cdd1941a79b2ee69ab0d25907906b245ed6723e12727b7341ba4f699e1f48d9bdd5ad064c3a45eeba34573dc61ef4389d59aa3661603893264a2cda2688ac18e665582339726519564a281d8766165e0a7733d0e1dccd418fcbb01c4654fb2ae1bc186bcc7a942cc2eafaf2c2992503c6e4afef5e118f251c981e66df7792a2b417c664ebbd8086b8fe57e0aa2e6801d00a5aa92b0908ef570782f8c935495db448206072e7a3777d5a4400fa6a12b9bf4dd65a790f3d88bf4e3487b40c5ac857e1c8f662f1e381849b6398ed0292547f9dcf7f18bf7f2b4f8440c775cc2512b71c35e0c9b9c6ae6462478ff4ec1d3aee3656bdff8abfc6f8a122c57825dead997a2f580ba6bd4564d95013644322e35313307525964e90b6703920789c8c4e645f65f3f6473aa240e38e88e12dd3977d00dd1e1fe93bee977b3e12ea4dec3f35a2ab8d753ca5f8411b3fb64fcfe15d1ea07859387b416f03960d9b3310ddc4ea1f1324eff6759c2c98e294f46e330402049674130ae47a9eb5776ad51913257b3b0b71a006b37a0322ee76889b677a01859870efadd9cc5f765dbff02b5f8cbc2097c9fee0e4380392b7dec71ba797c8f9210e7ccb215bd87734de1b0f18de77ce8cd420b96a6223e1b8b464dff5747ef5076a0b717795b66366945bcc73d5f6708e06ef41be94eecd1c951f6d34cb170d6674a2b336bd19a48b91fa2f7402ead919ee9126156b54aeb6946d249aa6e86c317264624e3ea1bc11ffe7fd5b8f2f856bb3b0e8e3a687ab30122a5208cf41eaf73c9a5d76e24ab5abdebf04567a05ac5495aab2182004d5b9fc29b61f31fb69b8658c7a4c41d1c5c28b9d4daa1d3a37e21ff46762dc1fd5f0152b9f353c9a5c5e25976a69b6577b0180b43d48f0dab00ae2af59f99faff6f33e89ca51b07e25716cd2d899dac430fd15fe35b34edf5aa8d1e355c630168793e525068a6a04f0f078a6cb227404b3affd32c2458853e064ed8911f7e446d36af7774013dec227bdeae6afdf87fb4247982bf781aa8b445af3278bf82f940e4311c2c3cd43df5119ba0ff831169b71c5e6cb68cbe914386dd95b452ab3175ea586fc0ce8344fc13492fdceaed5b988356ba0c7edf287b062946348e4d2da0454fe02"}}, &(0x7f0000000100)) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000032680)=""/102376, 0x18fe8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) syz_open_dev$cec(&(0x7f0000002340), 0x0, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = socket$inet6_udp(0xa, 0x2, 0x0) sendmsg$inet6(r3, &(0x7f00000002c0)={&(0x7f0000000000)={0xa, 0x4e23, 0x7, @ipv4={'\x00', '\xff\xff', @multicast2}, 0xb1}, 0x1c, &(0x7f0000000280)=[{&(0x7f0000000200)="bdcf5722ba942a31e139d8f8d79984f586440ad354177c8882da6be77b8278", 0x1f}], 0x1, &(0x7f0000000680)=[@rthdr_2292={{0x64, 0x29, 0x39, {0xff, 0xa, 0x0, 0x9, 0x0, [@ipv4={'\x00', '\xff\xff', @rand_addr=0x64010102}, @remote, @remote, @mcast2, @local]}}}, @dontfrag={{0x10, 0x29, 0x3e, 0x2}}, @rthdrdstopts={{0x8c, 0x29, 0x37, {0x4, 0xe, '\x00', [@padn={0x1, 0x3, [0x0, 0x0, 0x0]}, @pad1, @pad1, @generic={0x18, 0x54, "71ea28af473f2d9b1e52e6fb16d7cd2d17a321b6b8b2a7018959dd5a11580da2c963ce2e0adfa391910eced718f8b3a220834028b88a8f5293b9bfbd137c6fe803bcce07416117150d84bf14d30917fc37ed858a"}, @pad1, @calipso={0x7, 0x10, {0x3, 0x2, 0xf7, 0xbac, [0x9]}}]}}}, @rthdr={{0x94, 0x29, 0x39, {0x87, 0x10, 0x0, 0xf2, 0x0, [@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @mcast2, @mcast1, @remote, @mcast2, @empty, @mcast1, @mcast1]}}}, @tclass={{0x10}}, @tclass={{0x10, 0x29, 0x43, 0x1}}, @hopopts={{0x24, 0x29, 0x36, {0x3c, 0x1, '\x00', [@ra={0x5, 0x2, 0x8}, @enc_lim={0x4, 0x1, 0xff}, @ra={0x5, 0x2, 0xd}]}}}, @dstopts={{0x14}}], 0x1ec}, 0x4000) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r4}, 0x2c, {'rootmode', 0x3d, 0x4000}}) write$FUSE_NOTIFY_RETRIEVE(r4, &(0x7f0000000100)={0x30, 0x5, 0x0, {0x0, 0x1}}, 0x30) read$FUSE(r4, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) umount2(&(0x7f00000001c0)='./file0\x00', 0x0) write$FUSE_NOTIFY_DELETE(r4, &(0x7f0000000400)={0x36, 0x6, 0x0, {0x0, 0x0, 0xd, 0x0, 'dont_appraise'}}, 0x36) write$FUSE_INIT(r4, &(0x7f0000000040)={0x50, 0x0, r5}, 0x50) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001580)={&(0x7f00000015c0)=ANY=[@ANYBLOB="200000005200010000000000000000001c"], 0x20}}, 0x0) 0s ago: executing program 3 (id=2049): syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8) fcntl$addseals(0xffffffffffffffff, 0x409, 0x7) socket$l2tp(0x2, 0x2, 0x73) r1 = socket$inet6(0xa, 0x6, 0x0) syz_open_dev$admmidi(0x0, 0x20, 0x200) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="40000000100003040000000000", @ANYRES32=0x0], 0x40}}, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x80383, 0x0) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000)='configfs\x00', 0x0, 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000500)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f00000001c0)='./bus\x00') getdents64(0xffffffffffffffff, &(0x7f0000000f80)=""/4096, 0x300) close_range(r1, 0xffffffffffffffff, 0x0) kernel console output (not intermixed with test programs): 6.318743][ T4293] bond0 (unregistering): Released all slaves [ 426.366669][ T8113] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 426.387402][ T8260] netlink: 'syz.1.1306': attribute type 29 has an invalid length. [ 426.403906][ T8113] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 426.511300][ T8113] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 426.519952][ T8288] fuse: Bad value for 'fd' [ 426.529052][ T8113] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 426.765731][ T8113] 8021q: adding VLAN 0 to HW filter on device bond0 [ 426.840195][ T8113] 8021q: adding VLAN 0 to HW filter on device team0 [ 426.879863][ T3983] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 426.899120][ T3983] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 426.958311][ T3710] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 427.010006][ T3710] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 427.218521][ T8301] IPVS: set_ctl: invalid protocol: 58 10.1.1.0:20003 [ 427.243099][ T3710] bridge0: port 1(bridge_slave_0) entered blocking state [ 427.250288][ T3710] bridge0: port 1(bridge_slave_0) entered forwarding state [ 427.384735][ T3710] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 427.445500][ T3710] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 427.484682][ T3710] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 427.556642][ T3710] bridge0: port 2(bridge_slave_1) entered blocking state [ 427.563991][ T3710] bridge0: port 2(bridge_slave_1) entered forwarding state [ 427.627079][ T8313] loop2: detected capacity change from 0 to 128 [ 427.648580][ T3710] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 427.650213][ T8313] FAT-fs (loop2): Unrecognized mount option "ÿÿÿÿÿÿÿÿ0xffffffffffffffff" or missing value [ 427.689471][ T5038] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 427.761184][ T3710] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 427.959506][ T5038] usb 1-1: Using ep0 maxpacket: 8 [ 428.223654][ T3710] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 428.349821][ T5038] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 428.375290][ T5038] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 428.375372][ T3710] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 428.438840][ T5038] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 428.510129][ T5038] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 428.577293][ T5038] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 428.578421][ T8314] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1320'. [ 428.607598][ T3710] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 428.640695][ T3710] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 428.647789][ T5038] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 428.695254][ T3710] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 428.879250][ T3710] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 428.963504][ T8319] syz.2.1322[8319] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 428.964149][ T8319] syz.2.1322[8319] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 429.021931][ T8319] binder: 8316:8319 ioctl c0306201 20000300 returned -22 [ 429.679742][ T5038] usb 1-1: GET_CAPABILITIES returned 0 [ 429.685415][ T5038] usbtmc 1-1:16.0: can't read capabilities [ 429.722307][ T3710] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 429.785716][ T8113] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 429.833059][ T8113] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 429.872224][ T3710] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 429.891429][ T3710] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 429.927938][ T8322] netlink: 'syz.2.1323': attribute type 29 has an invalid length. [ 429.984764][ T8322] netlink: 'syz.2.1323': attribute type 29 has an invalid length. [ 430.026663][ T8324] netlink: 'syz.2.1323': attribute type 29 has an invalid length. [ 430.083178][ T8321] netlink: 828 bytes leftover after parsing attributes in process `syz.2.1323'. [ 430.365597][ T8327] fuse: Bad value for 'fd' [ 430.677145][ T3983] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 430.708300][ T3983] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 430.747744][ T8113] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 430.868475][ T3710] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 430.903246][ T3710] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 431.032847][ T3983] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 431.043374][ T3692] usb 1-1: USB disconnect, device number 19 [ 431.045823][ T3983] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 431.115262][ T3983] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 431.135621][ T3983] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 431.169614][ T8113] device veth0_vlan entered promiscuous mode [ 431.198322][ T8346] loop0: detected capacity change from 0 to 512 [ 431.217617][ T8113] device veth1_vlan entered promiscuous mode [ 431.276471][ T8349] netlink: 'syz.2.1334': attribute type 29 has an invalid length. [ 431.286198][ T8346] EXT4-fs (loop0): 1 truncate cleaned up [ 431.298089][ T8346] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 431.313649][ T8349] netlink: 'syz.2.1334': attribute type 29 has an invalid length. [ 431.329476][ T5038] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 431.353107][ T3710] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 431.378248][ T8349] netlink: 828 bytes leftover after parsing attributes in process `syz.2.1334'. [ 431.388746][ T3710] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 431.452200][ T8353] netlink: 'syz.2.1334': attribute type 29 has an invalid length. [ 431.503346][ T8113] device veth0_macvtap entered promiscuous mode [ 431.516838][ T8355] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1333'. [ 431.534837][ T8113] device veth1_macvtap entered promiscuous mode [ 431.573972][ T8113] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 431.592069][ T8113] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 431.608517][ T8113] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 431.620349][ T8113] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 431.641833][ T8113] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 431.667494][ T4293] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 431.679761][ T4293] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 431.689972][ T5038] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 431.695255][ T4293] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 431.708986][ T4293] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 431.722843][ T5038] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 431.737166][ T8113] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 431.763919][ T5038] usb 2-1: config 0 descriptor?? [ 431.776811][ T8113] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 431.801895][ T5038] cp210x 2-1:0.0: cp210x converter detected [ 431.812017][ T8113] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 431.823234][ T8357] fuse: Bad value for 'fd' [ 431.827864][ T8113] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 431.871946][ T8113] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 431.903480][ T3710] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 431.930509][ T3710] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 431.971557][ T8113] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 432.011889][ T5038] usb 2-1: cp210x converter now attached to ttyUSB0 [ 432.030150][ T8113] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 432.055795][ T8113] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 432.089379][ T8113] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 432.326736][ T4293] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 432.372098][ T4293] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 432.413157][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 432.435799][ T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 432.450189][ T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 432.476828][ T3710] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 433.540655][ T26] kauditd_printk_skb: 6 callbacks suppressed [ 433.540670][ T26] audit: type=1326 audit(1725417351.230:248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8373 comm="syz.2.1340" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f569a57ceb9 code=0x7ffc0000 [ 433.654400][ T26] audit: type=1326 audit(1725417351.270:249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8373 comm="syz.2.1340" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f569a57ceb9 code=0x7ffc0000 [ 434.473647][ T26] audit: type=1326 audit(1725417351.270:250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8373 comm="syz.2.1340" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f569a57ceb9 code=0x7ffc0000 [ 434.501049][ T26] audit: type=1326 audit(1725417351.270:251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8373 comm="syz.2.1340" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f569a57ceb9 code=0x7ffc0000 [ 434.530628][ T26] audit: type=1326 audit(1725417351.270:252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8373 comm="syz.2.1340" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f569a57ceb9 code=0x7ffc0000 [ 434.564125][ T14] usb 2-1: USB disconnect, device number 25 [ 434.570241][ T26] audit: type=1326 audit(1725417351.270:253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8373 comm="syz.2.1340" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f569a57ceb9 code=0x7ffc0000 [ 434.625587][ T14] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 434.654415][ T14] cp210x 2-1:0.0: device disconnected [ 434.666062][ T8381] IPVS: set_ctl: invalid protocol: 58 10.1.1.0:20003 [ 434.679644][ T26] audit: type=1326 audit(1725417351.270:254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8373 comm="syz.2.1340" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f569a57ceb9 code=0x7ffc0000 [ 434.784941][ T26] audit: type=1326 audit(1725417351.270:255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8373 comm="syz.2.1340" exe="/root/syz-executor" sig=0 arch=c000003e syscall=333 compat=0 ip=0x7f569a57ceb9 code=0x7ffc0000 [ 434.817179][ T8385] netlink: 'syz.1.1344': attribute type 29 has an invalid length. [ 434.828309][ T8385] netlink: 'syz.1.1344': attribute type 29 has an invalid length. [ 434.845919][ T8385] netlink: 'syz.1.1344': attribute type 29 has an invalid length. [ 434.855574][ T26] audit: type=1326 audit(1725417351.270:256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8373 comm="syz.2.1340" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f569a57ceb9 code=0x7ffc0000 [ 434.892289][ T8385] netlink: 828 bytes leftover after parsing attributes in process `syz.1.1344'. [ 435.005305][ T4467] usb 3-1: new high-speed USB device number 31 using dummy_hcd [ 435.269696][ T4467] usb 3-1: Using ep0 maxpacket: 8 [ 435.403884][ T4467] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 435.421662][ T4467] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 435.468605][ T4467] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 435.487177][ T4467] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 435.552147][ T4467] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 435.567592][ T4467] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 435.899603][ T4467] usb 3-1: GET_CAPABILITIES returned 0 [ 435.905382][ T4467] usbtmc 3-1:16.0: can't read capabilities [ 436.083639][ T14] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 436.142079][ T8395] Dead loop on virtual device ip6_vti0, fix it urgently! [ 436.151679][ T8395] Dead loop on virtual device ip6_vti0, fix it urgently! [ 436.158933][ T8395] Dead loop on virtual device ip6_vti0, fix it urgently! [ 436.166265][ T8395] Dead loop on virtual device ip6_vti0, fix it urgently! [ 436.173684][ T8395] Dead loop on virtual device ip6_vti0, fix it urgently! [ 436.181179][ T8395] Dead loop on virtual device ip6_vti0, fix it urgently! [ 436.278040][ T7812] EXT4-fs (loop0): unmounting filesystem. [ 436.520131][ T14] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 436.575869][ T14] usb 5-1: config 0 interface 0 altsetting 129 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 436.593383][ T14] usb 5-1: config 0 interface 0 altsetting 129 endpoint 0x81 has invalid wMaxPacketSize 0 [ 436.607591][ T14] usb 5-1: config 0 interface 0 has no altsetting 0 [ 436.624604][ T14] usb 5-1: New USB device found, idVendor=0c12, idProduct=0005, bcdDevice= 0.00 [ 436.639746][ T14] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 436.678024][ T14] usb 5-1: config 0 descriptor?? [ 438.094626][ T4473] usb 3-1: USB disconnect, device number 31 [ 439.195186][ T14] usbhid 5-1:0.0: can't add hid device: -71 [ 439.201309][ T14] usbhid: probe of 5-1:0.0 failed with error -71 [ 439.225370][ T14] usb 5-1: USB disconnect, device number 28 [ 441.129391][ T8421] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1355'. [ 442.288257][ T8434] IPVS: set_ctl: invalid protocol: 58 10.1.1.0:20003 [ 442.939536][ T5034] usb 3-1: new high-speed USB device number 32 using dummy_hcd [ 443.759379][ T5034] usb 3-1: Using ep0 maxpacket: 8 [ 443.879703][ T5034] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 443.907643][ T5034] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 444.061457][ T5034] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 444.089389][ T5034] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 444.243942][ T5034] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 444.276888][ T5034] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 444.999498][ T5034] usb 3-1: usb_control_msg returned -71 [ 445.012740][ T5034] usbtmc 3-1:16.0: can't read capabilities [ 445.049641][ T1270] ieee802154 phy0 wpan0: encryption failed: -22 [ 445.056167][ T1270] ieee802154 phy1 wpan1: encryption failed: -22 [ 445.062995][ T5034] usb 3-1: USB disconnect, device number 32 [ 445.217259][ T8458] loop4: detected capacity change from 0 to 256 [ 445.927177][ T8469] loop3: detected capacity change from 0 to 512 [ 446.051075][ T8469] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 446.080636][ T8469] ext4 filesystem being mounted at /5/file0 supports timestamps until 2038 (0x7fffffff) [ 446.382605][ T8478] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1374'. [ 446.682718][ T8113] EXT4-fs (loop3): unmounting filesystem. [ 446.857487][ T8483] IPVS: set_ctl: invalid protocol: 58 10.1.1.0:20003 [ 447.998225][ T8465] loop2: detected capacity change from 0 to 40427 [ 448.019359][ T3692] usb 5-1: new high-speed USB device number 29 using dummy_hcd [ 448.025515][ T8465] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 448.067247][ T8492] loop1: detected capacity change from 0 to 256 [ 448.103005][ T8465] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 448.191706][ T8465] F2FS-fs (loop2): invalid crc value [ 448.267229][ T8465] F2FS-fs (loop2): Found nat_bits in checkpoint [ 448.309342][ T3692] usb 5-1: Using ep0 maxpacket: 8 [ 448.559575][ T3692] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 449.491079][ T3692] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 449.548105][ T3692] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 449.609949][ T3692] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 449.691548][ T3692] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 449.761023][ T3692] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 449.787860][ T8506] loop3: detected capacity change from 0 to 256 [ 449.829836][ T3692] usb 5-1: can't set config #16, error -71 [ 449.860915][ T3692] usb 5-1: USB disconnect, device number 29 [ 451.573814][ T3692] usb 2-1: new high-speed USB device number 26 using dummy_hcd [ 452.557248][ T26] audit: type=1326 audit(1725417370.240:257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8527 comm="syz.4.1390" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2870f7ceb9 code=0x7ffc0000 [ 452.580711][ T26] audit: type=1326 audit(1725417370.240:258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8527 comm="syz.4.1390" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2870f7ceb9 code=0x7ffc0000 [ 452.605404][ T26] audit: type=1326 audit(1725417370.240:259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8527 comm="syz.4.1390" exe="/root/syz-executor" sig=0 arch=c000003e syscall=88 compat=0 ip=0x7f2870f7ceb9 code=0x7ffc0000 [ 452.640996][ T3692] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 452.659389][ T3692] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 452.679022][ T26] audit: type=1326 audit(1725417370.240:260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8527 comm="syz.4.1390" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2870f7ceb9 code=0x7ffc0000 [ 452.701897][ T3692] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 452.744984][ T3692] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 452.764328][ T26] audit: type=1326 audit(1725417370.240:261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8527 comm="syz.4.1390" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2870f7ceb9 code=0x7ffc0000 [ 452.828903][ T3692] usb 2-1: config 0 descriptor?? [ 452.942888][ T26] audit: type=1326 audit(1725417370.240:262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8527 comm="syz.4.1390" exe="/root/syz-executor" sig=0 arch=c000003e syscall=89 compat=0 ip=0x7f2870f7ceb9 code=0x7ffc0000 [ 452.998773][ T26] audit: type=1326 audit(1725417370.270:263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8527 comm="syz.4.1390" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2870f7ceb9 code=0x7ffc0000 [ 453.154109][ T26] audit: type=1326 audit(1725417370.270:264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8527 comm="syz.4.1390" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2870f7ceb9 code=0x7ffc0000 [ 453.374677][ T3692] hid (null): bogus close delimiter [ 453.589795][ T3692] usb 2-1: language id specifier not provided by device, defaulting to English [ 453.972660][ T8546] IPVS: set_ctl: invalid protocol: 58 10.1.1.0:20003 [ 454.054644][ T3692] input: HID 256c:006d Pen as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:256C:006D.0003/input/input47 [ 454.178916][ T3692] input: HID 256c:006d Pad as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:256C:006D.0003/input/input48 [ 454.296365][ T3692] input: HID 256c:006d Touch Strip as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:256C:006D.0003/input/input49 [ 454.359389][ T3695] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 454.506013][ T3692] input: HID 256c:006d Dial as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:256C:006D.0003/input/input50 [ 454.609462][ T3695] usb 4-1: Using ep0 maxpacket: 8 [ 454.721411][ T3692] uclogic 0003:256C:006D.0003: input,hiddev0,hidraw0: USB HID v0.00 Keypad [HID 256c:006d] on usb-dummy_hcd.1-1/input0 [ 454.729749][ T3695] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 454.745574][ T8543] loop4: detected capacity change from 0 to 40427 [ 454.772774][ T3695] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 454.794129][ T8543] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 454.827090][ T8543] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 454.836302][ T3695] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 454.869838][ T3692] usb 2-1: USB disconnect, device number 26 [ 454.888665][ T3695] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 454.937552][ T8543] F2FS-fs (loop4): Found nat_bits in checkpoint [ 454.954426][ T3695] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 454.988413][ T3695] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 455.224142][ T8543] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 455.257746][ T8543] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 455.309571][ T3695] usb 4-1: GET_CAPABILITIES returned 0 [ 455.315217][ T3695] usbtmc 4-1:16.0: can't read capabilities [ 455.899400][ T26] audit: type=1800 audit(1725417373.580:265): pid=8565 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1396" name="bus" dev="loop4" ino=10 res=0 errno=0 [ 457.210577][ T14] usb 4-1: USB disconnect, device number 18 [ 459.414261][ T8562] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1401'. [ 459.597749][ T8583] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1409'. [ 460.690384][ T26] audit: type=1326 audit(1725417378.380:266): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8598 comm="syz.1.1414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9f977ceb9 code=0x7ffc0000 [ 460.737276][ T26] audit: type=1326 audit(1725417378.410:267): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8598 comm="syz.1.1414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9f977ceb9 code=0x7ffc0000 [ 460.772690][ T26] audit: type=1326 audit(1725417378.410:268): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8598 comm="syz.1.1414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa9f977ceb9 code=0x7ffc0000 [ 460.798501][ T8589] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1410'. [ 460.895317][ T26] audit: type=1326 audit(1725417378.410:269): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8598 comm="syz.1.1414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9f977ceb9 code=0x7ffc0000 [ 461.043820][ T26] audit: type=1326 audit(1725417378.410:270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8598 comm="syz.1.1414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9f977ceb9 code=0x7ffc0000 [ 461.074099][ T26] audit: type=1326 audit(1725417378.410:271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8598 comm="syz.1.1414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa9f977ceb9 code=0x7ffc0000 [ 461.099709][ T26] audit: type=1326 audit(1725417378.410:272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8598 comm="syz.1.1414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9f977ceb9 code=0x7ffc0000 [ 461.139491][ T26] audit: type=1326 audit(1725417378.410:273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8598 comm="syz.1.1414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9f977ceb9 code=0x7ffc0000 [ 461.193656][ T26] audit: type=1326 audit(1725417378.410:274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8598 comm="syz.1.1414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fa9f977ceb9 code=0x7ffc0000 [ 461.226569][ T26] audit: type=1326 audit(1725417378.420:275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8598 comm="syz.1.1414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9f977ceb9 code=0x7ffc0000 [ 461.310239][ T8612] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1417'. [ 461.339550][ T4473] usb 3-1: new high-speed USB device number 33 using dummy_hcd [ 461.544265][ T8621] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1422'. [ 461.612123][ T4473] usb 3-1: Using ep0 maxpacket: 16 [ 461.841891][ T4473] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 462.648874][ T4473] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 8 [ 462.659096][ T4473] usb 3-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22 [ 462.672279][ T4473] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 462.681431][ T4473] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 462.710033][ T8609] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 462.734071][ T4473] cdc_acm 3-1:1.0: Control and data interfaces are not separated! [ 462.788305][ T8631] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1425'. [ 462.952060][ T8609] input: syz1 as /devices/virtual/input/input51 [ 463.087549][ T8609] loop2: detected capacity change from 0 to 512 [ 463.119935][ T8609] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 463.192695][ T8609] EXT4-fs (loop2): 1 truncate cleaned up [ 463.220200][ T8640] netlink: 'syz.3.1430': attribute type 29 has an invalid length. [ 463.243176][ T8640] netlink: 'syz.3.1430': attribute type 29 has an invalid length. [ 463.260393][ T8609] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 463.280681][ T8645] netlink: 'syz.3.1430': attribute type 29 has an invalid length. [ 463.314208][ T8640] netlink: 828 bytes leftover after parsing attributes in process `syz.3.1430'. [ 463.421454][ T4473] cdc_acm 3-1:1.0: ttyACM0: USB ACM device [ 463.469206][ T4473] usb 3-1: USB disconnect, device number 33 [ 464.114040][ T3654] EXT4-fs (loop2): unmounting filesystem. [ 464.349854][ T8661] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1435'. [ 464.431181][ T8665] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1432'. [ 464.554787][ T8668] loop0: detected capacity change from 0 to 1024 [ 464.574705][ T8653] mmap: syz.3.1433 (8653) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 464.616009][ T8668] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 464.928058][ T7812] EXT4-fs (loop0): unmounting filesystem. [ 465.185405][ T8679] netlink: 'syz.0.1441': attribute type 29 has an invalid length. [ 465.217160][ T8679] netlink: 'syz.0.1441': attribute type 29 has an invalid length. [ 465.254932][ T8682] netlink: 'syz.0.1441': attribute type 29 has an invalid length. [ 465.318905][ T8679] netlink: 828 bytes leftover after parsing attributes in process `syz.0.1441'. [ 466.264520][ T8697] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1450'. [ 466.419865][ T26] kauditd_printk_skb: 181 callbacks suppressed [ 466.419883][ T26] audit: type=1326 audit(1725417384.100:457): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8700 comm="syz.0.1451" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8978f7ceb9 code=0x7ffc0000 [ 466.520092][ T8705] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1446'. [ 466.544646][ T26] audit: type=1326 audit(1725417384.160:458): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8700 comm="syz.0.1451" exe="/root/syz-executor" sig=0 arch=c000003e syscall=121 compat=0 ip=0x7f8978f7ceb9 code=0x7ffc0000 [ 466.643309][ T26] audit: type=1326 audit(1725417384.160:459): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8700 comm="syz.0.1451" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8978f7ceb9 code=0x7ffc0000 [ 466.763332][ T26] audit: type=1326 audit(1725417384.160:460): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8700 comm="syz.0.1451" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8978f7ceb9 code=0x7ffc0000 [ 466.837277][ T26] audit: type=1326 audit(1725417384.160:461): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8700 comm="syz.0.1451" exe="/root/syz-executor" sig=0 arch=c000003e syscall=434 compat=0 ip=0x7f8978f7ceb9 code=0x7ffc0000 [ 466.861180][ T26] audit: type=1326 audit(1725417384.160:462): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8700 comm="syz.0.1451" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8978f7ceb9 code=0x7ffc0000 [ 466.886786][ T26] audit: type=1326 audit(1725417384.160:463): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8700 comm="syz.0.1451" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8978f7ceb9 code=0x7ffc0000 [ 466.966289][ T26] audit: type=1326 audit(1725417384.160:464): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8700 comm="syz.0.1451" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f8978f7ceb9 code=0x7ffc0000 [ 466.992882][ T26] audit: type=1326 audit(1725417384.160:465): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8700 comm="syz.0.1451" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8978f7ceb9 code=0x7ffc0000 [ 466.995202][ T8717] netlink: 'syz.1.1458': attribute type 29 has an invalid length. [ 467.016118][ T26] audit: type=1326 audit(1725417384.160:466): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8700 comm="syz.0.1451" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8978f7ceb9 code=0x7ffc0000 [ 467.065941][ T8717] netlink: 'syz.1.1458': attribute type 29 has an invalid length. [ 467.076045][ T8721] netlink: 'syz.1.1458': attribute type 29 has an invalid length. [ 467.140115][ T8717] netlink: 828 bytes leftover after parsing attributes in process `syz.1.1458'. [ 467.186751][ T8723] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1460'. [ 469.753269][ T8745] device wg2 entered promiscuous mode [ 469.898621][ T8750] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1464'. [ 470.116184][ T8756] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1471'. [ 470.236503][ T8760] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1473'. [ 470.264273][ T8758] netlink: 'syz.3.1472': attribute type 29 has an invalid length. [ 470.337013][ T8758] netlink: 'syz.3.1472': attribute type 29 has an invalid length. [ 470.359086][ T8761] netlink: 'syz.3.1472': attribute type 29 has an invalid length. [ 470.411254][ T8758] netlink: 828 bytes leftover after parsing attributes in process `syz.3.1472'. [ 470.454779][ T8766] fuse: Unknown parameter 'use00000000000000000000' [ 471.035859][ T8778] loop1: detected capacity change from 0 to 512 [ 471.168094][ T8778] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: comm syz.1.1480: inode #1: comm syz.1.1480: iget: illegal inode # [ 471.214122][ T8778] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz.1.1480: error while reading EA inode 1 err=-117 [ 471.265774][ T8778] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2808: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 471.370139][ T8778] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: comm syz.1.1480: inode #1: comm syz.1.1480: iget: illegal inode # [ 471.388077][ T8778] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz.1.1480: error while reading EA inode 1 err=-117 [ 471.409371][ T8778] EXT4-fs (loop1): 1 orphan inode deleted [ 471.417362][ T8778] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 471.440850][ T8786] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1478'. [ 471.453636][ T8778] EXT4-fs (loop1): unmounting filesystem. [ 471.532852][ T8788] loop2: detected capacity change from 0 to 2048 [ 471.584481][ T8788] UDF-fs: error (device loop2): udf_process_sequence: Primary Volume Descriptor not found! [ 471.661563][ T8788] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 471.786633][ T8788] UDF-fs: unknown compression code (0) [ 471.943803][ T8793] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1483'. [ 472.613646][ T8805] fuse: Unknown parameter 'user_i00000000000000000000' [ 472.653917][ T8804] netlink: 'syz.2.1488': attribute type 29 has an invalid length. [ 472.662996][ T8804] netlink: 'syz.2.1488': attribute type 29 has an invalid length. [ 472.674386][ T8804] netlink: 'syz.2.1488': attribute type 29 has an invalid length. [ 472.683609][ T8804] netlink: 828 bytes leftover after parsing attributes in process `syz.2.1488'. [ 473.393376][ T26] kauditd_printk_skb: 54 callbacks suppressed [ 473.393394][ T26] audit: type=1326 audit(1725417391.080:521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8819 comm="syz.4.1494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2870f7ceb9 code=0x7ffc0000 [ 473.439007][ T26] audit: type=1326 audit(1725417391.120:522): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8819 comm="syz.4.1494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2870f7ceb9 code=0x7ffc0000 [ 473.504719][ T26] audit: type=1326 audit(1725417391.150:523): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8819 comm="syz.4.1494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f2870f7ceb9 code=0x7ffc0000 [ 473.542153][ T26] audit: type=1326 audit(1725417391.150:524): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8819 comm="syz.4.1494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2870f7ceb9 code=0x7ffc0000 [ 473.766792][ T8824] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1493'. [ 473.855802][ T26] audit: type=1326 audit(1725417391.150:525): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8819 comm="syz.4.1494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2870f7ceb9 code=0x7ffc0000 [ 474.033276][ T26] audit: type=1326 audit(1725417391.150:526): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8819 comm="syz.4.1494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f2870f7ceb9 code=0x7ffc0000 [ 474.098504][ T26] audit: type=1326 audit(1725417391.150:527): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8819 comm="syz.4.1494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2870f7ceb9 code=0x7ffc0000 [ 474.166804][ T8830] serio: Serial port ptm0 [ 474.226813][ T26] audit: type=1326 audit(1725417391.150:528): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8819 comm="syz.4.1494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2870f7ceb9 code=0x7ffc0000 [ 474.308648][ T26] audit: type=1326 audit(1725417391.150:529): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8819 comm="syz.4.1494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2870f7ceb9 code=0x7ffc0000 [ 474.353347][ T8836] fuse: Unknown parameter 'user_i00000000000000000000' [ 474.474055][ T26] audit: type=1326 audit(1725417391.160:530): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8819 comm="syz.4.1494" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2870f7ceb9 code=0x7ffc0000 [ 474.985132][ T8853] loop3: detected capacity change from 0 to 164 [ 474.993460][ T8855] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1502'. [ 475.060878][ T7436] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 475.098604][ T8857] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1508'. [ 475.242529][ T8853] loop3: detected capacity change from 0 to 4096 [ 475.335725][ T8853] ntfs: volume version 3.1. [ 476.008937][ T8870] netlink: 52 bytes leftover after parsing attributes in process `syz.1.1514'. [ 476.378357][ T8875] 9pnet: p9_errstr2errno: server reported unknown error œîç7µÀúÈ‹~@7 Û’nè§ÿŸ3»Ú‚$¢ó×rçcnH³<¿pƒrèñ¹“>ÅwC¾" žð-ùËòöè€Ó [ 476.738600][ T8881] loop3: detected capacity change from 0 to 1024 [ 476.800855][ T8881] hfsplus: extend alloc file! (8192,65536,366) [ 477.025882][ T8881] kvm: vcpu 0: requested 394 ns lapic timer period limited to 200000 ns [ 477.349425][ T5033] usb 5-1: new high-speed USB device number 30 using dummy_hcd [ 477.756185][ T5033] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 477.775786][ T5033] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 477.818075][ T5033] usb 5-1: config 0 descriptor?? [ 477.890896][ T5033] cp210x 5-1:0.0: cp210x converter detected [ 478.329484][ T5033] cp210x 5-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 478.389493][ T5033] cp210x 5-1:0.0: failed to get vendor val 0x370c size 73: -121 [ 478.404067][ T5033] cp210x 5-1:0.0: GPIO initialisation failed: -121 [ 478.452108][ T5033] usb 5-1: cp210x converter now attached to ttyUSB0 [ 478.595223][ T3695] usb 5-1: USB disconnect, device number 30 [ 478.621809][ T3695] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 478.660204][ T3695] cp210x 5-1:0.0: device disconnected [ 478.761964][ T8908] loop3: detected capacity change from 0 to 1024 [ 478.789004][ T8908] EXT4-fs: Ignoring removed bh option [ 478.825194][ T8908] EXT4-fs (loop3): Test dummy encryption mode enabled [ 478.867286][ T8908] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 479.178629][ T8918] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1529'. [ 479.365541][ T8923] netlink: 52 bytes leftover after parsing attributes in process `syz.4.1530'. [ 480.025378][ T8113] EXT4-fs (loop3): unmounting filesystem. [ 480.386521][ T8929] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1531'. [ 482.223728][ T8945] syz.2.1535[8945] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 482.224223][ T8945] syz.2.1535[8945] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 483.583199][ T8959] netlink: 52 bytes leftover after parsing attributes in process `syz.2.1542'. [ 484.076263][ T8962] loop1: detected capacity change from 0 to 256 [ 484.118868][ T8962] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x4ec6003b, utbl_chksum : 0xe619d30d) [ 484.144030][ T8964] loop4: detected capacity change from 0 to 2048 [ 484.210204][ T8964] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 484.276471][ T8964] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 484.300418][ T8964] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 31 with max blocks 33 with error 28 [ 484.314255][ T8964] EXT4-fs (loop4): This should not happen!! Data will be lost [ 484.314255][ T8964] [ 484.325045][ T8964] EXT4-fs (loop4): Total free blocks count 0 [ 484.331553][ T8964] EXT4-fs (loop4): Free/Dirty block details [ 484.339236][ T8964] EXT4-fs (loop4): free_blocks=2415919104 [ 484.347254][ T8964] EXT4-fs (loop4): dirty_blocks=48 [ 484.399382][ T8964] EXT4-fs (loop4): Block reservation details [ 484.418256][ T8964] EXT4-fs (loop4): i_reserved_data_blocks=3 [ 484.569380][ T3650] EXT4-fs (loop4): unmounting filesystem. [ 485.952705][ T8982] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1549'. [ 486.058665][ T8984] syz.4.1548[8984] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 486.059183][ T8984] syz.4.1548[8984] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 486.773022][ T8989] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1553'. [ 487.497641][ T8997] netlink: 52 bytes leftover after parsing attributes in process `syz.1.1556'. [ 487.800026][ T9002] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1550'. [ 487.812414][ T9002] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1550'. [ 491.341563][ T9035] syz.0.1562[9035] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 491.341680][ T9035] syz.0.1562[9035] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 491.362586][ T5033] usb 3-1: new high-speed USB device number 34 using dummy_hcd [ 491.997744][ T9048] ip6gretap0 speed is unknown, defaulting to 1000 [ 492.012055][ T9048] ip6gretap0 speed is unknown, defaulting to 1000 [ 492.034840][ T9048] ip6gretap0 speed is unknown, defaulting to 1000 [ 492.095126][ T9048] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 492.141642][ T9048] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98 [ 492.631488][ T9048] ip6gretap0 speed is unknown, defaulting to 1000 [ 492.679698][ T4467] usb 5-1: new high-speed USB device number 31 using dummy_hcd [ 492.844747][ T9048] ip6gretap0 speed is unknown, defaulting to 1000 [ 492.888839][ T9048] ip6gretap0 speed is unknown, defaulting to 1000 [ 492.937414][ T9048] ip6gretap0 speed is unknown, defaulting to 1000 [ 492.965228][ T9048] ip6gretap0 speed is unknown, defaulting to 1000 [ 493.062966][ T4467] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 493.099337][ T4467] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 493.109872][ T5033] usb 3-1: unable to read config index 0 descriptor/all [ 493.117781][ T5033] usb 3-1: can't read configurations, error -71 [ 493.189571][ T4467] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2db4, bcdDevice= 0.00 [ 493.202068][ T9062] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1572'. [ 493.215278][ T4467] usb 5-1: New USB device strings: Mfr=0, Product=9, SerialNumber=0 [ 493.224273][ T4467] usb 5-1: Product: syz [ 493.228258][ T9064] netlink: 52 bytes leftover after parsing attributes in process `syz.0.1571'. [ 493.235329][ T4467] usb 5-1: config 0 descriptor?? [ 493.248138][ T9063] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1570'. [ 493.721462][ T4467] konepure 0003:1E7D:2DB4.0004: unknown main item tag 0x0 [ 493.733403][ T4467] konepure 0003:1E7D:2DB4.0004: unknown main item tag 0x0 [ 493.741615][ T4467] konepure 0003:1E7D:2DB4.0004: unknown main item tag 0x0 [ 493.753766][ T4467] konepure 0003:1E7D:2DB4.0004: unknown main item tag 0x0 [ 493.761296][ T4467] konepure 0003:1E7D:2DB4.0004: unknown main item tag 0x0 [ 493.768894][ T4467] konepure 0003:1E7D:2DB4.0004: unknown main item tag 0x0 [ 493.776356][ T4467] konepure 0003:1E7D:2DB4.0004: unknown main item tag 0x0 [ 493.788722][ T4467] konepure 0003:1E7D:2DB4.0004: unknown main item tag 0x0 [ 493.804039][ T4467] konepure 0003:1E7D:2DB4.0004: unknown main item tag 0x0 [ 493.814255][ T4467] konepure 0003:1E7D:2DB4.0004: unknown main item tag 0x0 [ 493.821994][ T4467] konepure 0003:1E7D:2DB4.0004: unknown main item tag 0x0 [ 493.844539][ T4467] konepure 0003:1E7D:2DB4.0004: hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.4-1/input0 [ 493.922951][ T4467] usb 5-1: USB disconnect, device number 31 [ 494.540194][ T9078] syz.3.1575[9078] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 494.540772][ T9078] syz.3.1575[9078] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 495.373340][ T9080] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1576'. [ 496.002445][ T9093] input: syz0 as /devices/virtual/input/input54 [ 496.455075][ T9102] netlink: 52 bytes leftover after parsing attributes in process `syz.2.1583'. [ 498.362674][ T9123] syz.1.1586[9123] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 498.363309][ T9123] syz.1.1586[9123] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 499.093603][ T9129] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1589'. [ 500.716804][ T4467] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 500.785107][ T4467] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 500.838935][ T4467] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 500.865943][ T4467] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 500.891871][ T4467] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 500.922922][ T4467] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 500.994475][ T4467] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 501.069447][ T5028] usb 2-1: new high-speed USB device number 27 using dummy_hcd [ 501.080553][ T4467] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 501.092767][ T4467] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 501.100834][ T4467] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 501.108606][ T4467] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 501.133505][ T4467] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 501.168244][ T4467] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 501.191621][ T4467] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 501.261862][ T4467] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 501.274469][ T4467] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 501.284141][ T4467] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 501.293545][ T4467] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 501.308842][ T4467] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 501.338793][ T4467] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 501.348720][ T4467] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 501.376350][ T4467] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 501.385746][ T4467] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 501.396073][ T4467] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 501.406405][ T4467] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 501.418932][ T4467] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 501.429162][ T4467] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 501.440994][ T4467] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 501.448820][ T4467] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 501.467570][ T4467] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 501.479471][ T5028] usb 2-1: no configurations [ 501.484142][ T5028] usb 2-1: can't read configurations, error -22 [ 501.494010][ T4467] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 501.546442][ T4467] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 501.607481][ T4467] hid-generic 0000:0000:0000.0005: hidraw0: HID v0.00 Device [syz0] on syz0 [ 501.639367][ T5028] usb 2-1: new high-speed USB device number 28 using dummy_hcd [ 502.019436][ T5028] usb 2-1: no configurations [ 502.024072][ T5028] usb 2-1: can't read configurations, error -22 [ 502.065055][ T5028] usb usb2-port1: attempt power cycle [ 502.659370][ T5028] usb 2-1: new high-speed USB device number 29 using dummy_hcd [ 502.859384][ T4473] usb 3-1: new high-speed USB device number 36 using dummy_hcd [ 502.868696][ T9175] input: syz0 as /devices/virtual/input/input55 [ 504.169626][ T4473] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 504.191934][ T4473] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 504.229558][ T5028] usb 2-1: device descriptor read/8, error -71 [ 504.292121][ T4473] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2db4, bcdDevice= 0.00 [ 504.324018][ T4473] usb 3-1: New USB device strings: Mfr=0, Product=9, SerialNumber=0 [ 504.354745][ T4473] usb 3-1: Product: syz [ 504.367669][ T4473] usb 3-1: config 0 descriptor?? [ 505.581010][ T4473] konepure 0003:1E7D:2DB4.0006: unknown main item tag 0x0 [ 505.588188][ T4473] konepure 0003:1E7D:2DB4.0006: unknown main item tag 0x0 [ 505.645497][ T4473] konepure 0003:1E7D:2DB4.0006: unknown main item tag 0x0 [ 505.689119][ T4473] konepure 0003:1E7D:2DB4.0006: unknown main item tag 0x0 [ 505.707888][ T4473] konepure 0003:1E7D:2DB4.0006: unknown main item tag 0x0 [ 505.742725][ T4473] konepure 0003:1E7D:2DB4.0006: unknown main item tag 0x0 [ 505.889473][ T4473] konepure 0003:1E7D:2DB4.0006: hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.2-1/input0 [ 505.934768][ T4473] usb 3-1: USB disconnect, device number 36 [ 505.965563][ T9202] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1608'. [ 506.517698][ T1270] ieee802154 phy0 wpan0: encryption failed: -22 [ 506.524102][ T1270] ieee802154 phy1 wpan1: encryption failed: -22 [ 510.313402][ T9244] input: syz0 as /devices/virtual/input/input56 [ 511.166441][ T9259] /dev/sg0: Can't open blockdev [ 511.849584][ T5028] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 512.289547][ T5028] usb 1-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c [ 512.305679][ T5028] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 512.351492][ T5028] usb 1-1: config 0 descriptor?? [ 513.499718][ T5028] pegasus: probe of 1-1:0.0 failed with error -71 [ 513.613712][ T9287] loop3: detected capacity change from 0 to 1024 [ 513.628916][ T9287] EXT4-fs: Ignoring removed oldalloc option [ 513.653661][ T5028] usb 1-1: USB disconnect, device number 20 [ 513.691001][ T9287] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 513.747901][ T8113] EXT4-fs (loop3): unmounting filesystem. [ 515.542734][ T9306] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1637'. [ 515.891923][ T9318] loop1: detected capacity change from 0 to 1024 [ 515.914082][ T9318] EXT4-fs: Ignoring removed oldalloc option [ 516.798465][ T9318] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 517.408869][ T3646] EXT4-fs (loop1): unmounting filesystem. [ 517.439456][ T7] usb 3-1: new high-speed USB device number 37 using dummy_hcd [ 518.616705][ T5038] usb 5-1: new high-speed USB device number 32 using dummy_hcd [ 518.669452][ T7] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 518.789736][ T3659] Bluetooth: hci3: command 0x0406 tx timeout [ 518.889565][ T7] usb 3-1: string descriptor 0 read error: -71 [ 518.896715][ T7] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2db4, bcdDevice= 0.00 [ 518.926573][ T7] usb 3-1: New USB device strings: Mfr=0, Product=9, SerialNumber=0 [ 518.976934][ T7] usb 3-1: config 0 descriptor?? [ 518.979348][ T5038] usb 5-1: Using ep0 maxpacket: 32 [ 519.023729][ T7] usb 3-1: can't set config #0, error -71 [ 519.092146][ T9345] loop2: detected capacity change from 0 to 1024 [ 519.129641][ T5038] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 519.140847][ T9346] fuse: Bad value for 'fd' [ 519.156904][ T7] usb 3-1: USB disconnect, device number 37 [ 519.170620][ T5038] usb 5-1: config 0 has no interfaces? [ 519.197191][ T9346] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1648'. [ 519.235750][ T9345] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 519.369636][ T5038] usb 5-1: New USB device found, idVendor=3823, idProduct=0001, bcdDevice= 3.eb [ 519.382271][ T5038] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 519.442489][ T5038] usb 5-1: Product: syz [ 519.469384][ T5038] usb 5-1: Manufacturer: syz [ 519.499355][ T5038] usb 5-1: SerialNumber: syz [ 519.573619][ T5038] usb 5-1: config 0 descriptor?? [ 519.599118][ T3654] EXT4-fs (loop2): unmounting filesystem. [ 519.865785][ T9331] Failed to get privilege flags for destination (handle=0x0:0x0) [ 521.176122][ T9367] loop3: detected capacity change from 0 to 1024 [ 521.184294][ T7] usb 5-1: USB disconnect, device number 32 [ 521.232043][ T9367] EXT4-fs: Ignoring removed oldalloc option [ 521.343416][ T9367] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 521.689378][ T7] usb 5-1: new high-speed USB device number 33 using dummy_hcd [ 521.729129][ T8113] EXT4-fs (loop3): unmounting filesystem. [ 522.749701][ T7] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 522.762760][ T9385] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1662'. [ 522.778861][ T7] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 522.805836][ T7] usb 5-1: config 0 descriptor?? [ 522.870654][ T7] cp210x 5-1:0.0: cp210x converter detected [ 522.889660][ T5034] usb 3-1: new high-speed USB device number 38 using dummy_hcd [ 523.093572][ T9390] loop1: detected capacity change from 0 to 1024 [ 523.189691][ T5034] usb 3-1: Using ep0 maxpacket: 32 [ 523.943694][ T7] cp210x 5-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 523.995964][ T9390] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 524.009757][ T7] usb 5-1: cp210x converter now attached to ttyUSB0 [ 524.049569][ T5034] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 524.077123][ T5034] usb 3-1: config 0 has no interfaces? [ 524.179093][ T3646] EXT4-fs (loop1): unmounting filesystem. [ 524.207234][ T3695] usb 5-1: USB disconnect, device number 33 [ 524.226529][ T3695] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 524.259659][ T5034] usb 3-1: New USB device found, idVendor=3823, idProduct=0001, bcdDevice= 3.eb [ 524.289151][ T5034] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 524.333799][ T5034] usb 3-1: Product: syz [ 524.338182][ T5034] usb 3-1: Manufacturer: syz [ 524.346505][ T5034] usb 3-1: SerialNumber: syz [ 524.382740][ T3695] cp210x 5-1:0.0: device disconnected [ 524.472869][ T5034] usb 3-1: config 0 descriptor?? [ 525.409681][ T5034] usb 3-1: can't set config #0, error -71 [ 525.418586][ T5034] usb 3-1: USB disconnect, device number 38 [ 525.757162][ T9412] Failed to get privilege flags for destination (handle=0x0:0x0) [ 527.041389][ T9419] loop1: detected capacity change from 0 to 1024 [ 527.130186][ T9419] EXT4-fs: Ignoring removed oldalloc option [ 527.284213][ T9419] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 527.671996][ T9428] fuse: Bad value for 'fd' [ 527.694045][ T9428] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1673'. [ 527.724022][ T3646] EXT4-fs (loop1): unmounting filesystem. [ 527.776872][ T9431] loop0: detected capacity change from 0 to 16 [ 527.830746][ T9431] erofs: (device loop0): mounted with root inode @ nid 36. [ 529.910202][ T9442] Can't find ip_set type hash:net,ifa [ 530.490648][ T3692] usb 3-1: new high-speed USB device number 39 using dummy_hcd [ 530.565786][ T9459] loop3: detected capacity change from 0 to 1024 [ 530.651164][ T9459] EXT4-fs: Ignoring removed oldalloc option [ 531.576707][ T9464] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1684'. [ 531.699442][ T3692] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 531.744805][ T3692] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 531.763271][ T9459] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 531.798455][ T3692] usb 3-1: config 0 descriptor?? [ 531.861159][ T3692] cp210x 3-1:0.0: cp210x converter detected [ 531.865823][ T8113] EXT4-fs (loop3): unmounting filesystem. [ 532.289471][ T3692] cp210x 3-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 532.347501][ T3692] usb 3-1: cp210x converter now attached to ttyUSB0 [ 532.542343][ T3692] usb 3-1: USB disconnect, device number 39 [ 532.556900][ T3692] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 532.612288][ T3692] cp210x 3-1:0.0: device disconnected [ 534.589875][ T9497] /dev/sg0: Can't open blockdev [ 535.963534][ T9508] loop1: detected capacity change from 0 to 1024 [ 536.021337][ T9508] EXT4-fs: Ignoring removed oldalloc option [ 536.107697][ T9508] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 536.298912][ T3646] EXT4-fs (loop1): unmounting filesystem. [ 536.445466][ T9522] fuse: Bad value for 'fd' [ 536.501286][ T9522] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1701'. [ 538.686094][ T9541] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1707'. [ 538.864040][ T9545] loop4: detected capacity change from 0 to 1024 [ 538.890563][ T9545] EXT4-fs: Ignoring removed orlov option [ 538.910361][ T9545] EXT4-fs: Ignoring removed nomblk_io_submit option [ 538.989942][ T9545] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a802e018, mo2=0002] [ 539.006627][ T9545] System zones: 0-1, 3-12 [ 539.012910][ T9550] loop1: detected capacity change from 0 to 1024 [ 539.027586][ T9545] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 539.064771][ T9550] EXT4-fs: Ignoring removed oldalloc option [ 539.156959][ T9550] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 539.208414][ T9545] EXT4-fs error (device loop4): ext4_expand_extra_isize_ea:2738: inode #14: comm syz.4.1711: corrupted in-inode xattr [ 539.247336][ T3646] EXT4-fs (loop1): unmounting filesystem. [ 539.248714][ T9545] EXT4-fs error (device loop4): ext4_clear_blocks:883: inode #14: comm syz.4.1711: attempt to clear invalid blocks 1886221359 len 1 [ 539.349415][ T3659] Bluetooth: hci4: command 0x0406 tx timeout [ 539.446921][ T9555] loop1: detected capacity change from 0 to 2048 [ 539.473898][ T3650] EXT4-fs (loop4): unmounting filesystem. [ 539.512741][ T9555] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 539.617230][ T9555] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 539.718591][ T9555] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 31 with max blocks 33 with error 28 [ 539.760939][ T9555] EXT4-fs (loop1): This should not happen!! Data will be lost [ 539.760939][ T9555] [ 539.814950][ T9555] EXT4-fs (loop1): Total free blocks count 0 [ 539.821547][ T9555] EXT4-fs (loop1): Free/Dirty block details [ 539.827525][ T9555] EXT4-fs (loop1): free_blocks=2415919104 [ 539.835622][ T9555] EXT4-fs (loop1): dirty_blocks=64 [ 539.842444][ T9555] EXT4-fs (loop1): Block reservation details [ 539.857951][ T9555] EXT4-fs (loop1): i_reserved_data_blocks=4 [ 539.904407][ T4293] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 542.432419][ T9584] loop1: detected capacity change from 0 to 1024 [ 542.507842][ T9584] EXT4-fs: Ignoring removed oldalloc option [ 542.625047][ T9584] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 542.942921][ T3646] EXT4-fs (loop1): unmounting filesystem. [ 543.372840][ T9600] syz.2.1727[9600] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 543.373357][ T9600] syz.2.1727[9600] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 544.083371][ T9599] loop1: detected capacity change from 0 to 512 [ 544.142218][ T9599] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 544.256457][ T9599] EXT4-fs (loop1): 1 truncate cleaned up [ 544.298405][ T9599] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 544.499077][ T3646] EXT4-fs (loop1): unmounting filesystem. [ 544.910859][ T9615] can: request_module (can-proto-0) failed. [ 545.118809][ T9621] loop1: detected capacity change from 0 to 1024 [ 545.148828][ T9621] hfsplus: extend alloc file! (8192,65536,366) [ 545.278766][ T9625] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1735'. [ 545.328563][ T9626] kvm: vcpu 0: requested 394 ns lapic timer period limited to 200000 ns [ 545.456877][ T9628] loop4: detected capacity change from 0 to 1024 [ 545.670289][ T9628] EXT4-fs: Ignoring removed oldalloc option [ 545.936093][ T9628] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 546.231734][ T9645] syz.0.1738[9645] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 546.232183][ T9645] syz.0.1738[9645] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 547.071438][ T9648] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1739'. [ 547.095316][ T26] kauditd_printk_skb: 51 callbacks suppressed [ 547.095328][ T26] audit: type=1326 audit(1725417464.790:578): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9647 comm="syz.0.1740" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8978f7ceb9 code=0x7ffc0000 [ 547.215871][ T3650] EXT4-fs (loop4): unmounting filesystem. [ 547.257910][ T26] audit: type=1326 audit(1725417464.820:579): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9647 comm="syz.0.1740" exe="/root/syz-executor" sig=0 arch=c000003e syscall=72 compat=0 ip=0x7f8978f7ceb9 code=0x7ffc0000 [ 547.289453][ T26] audit: type=1326 audit(1725417464.820:580): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9647 comm="syz.0.1740" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8978f7ceb9 code=0x7ffc0000 [ 547.392657][ T26] audit: type=1326 audit(1725417464.820:581): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9647 comm="syz.0.1740" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f8978f7ceb9 code=0x7ffc0000 [ 547.516428][ T26] audit: type=1326 audit(1725417464.820:582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9647 comm="syz.0.1740" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8978f7ceb9 code=0x7ffc0000 [ 547.671430][ T26] audit: type=1326 audit(1725417464.840:583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9647 comm="syz.0.1740" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7f8978f7ceb9 code=0x7ffc0000 [ 547.917083][ T26] audit: type=1326 audit(1725417464.840:584): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9647 comm="syz.0.1740" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8978f7ceb9 code=0x7ffc0000 [ 548.001151][ T26] audit: type=1326 audit(1725417464.850:585): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9647 comm="syz.0.1740" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f8978f7ceb9 code=0x7ffc0000 [ 548.092072][ T26] audit: type=1326 audit(1725417464.850:586): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9647 comm="syz.0.1740" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8978f7ceb9 code=0x7ffc0000 [ 548.179140][ T26] audit: type=1326 audit(1725417464.850:587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9647 comm="syz.0.1740" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f8978f7ceb9 code=0x7ffc0000 [ 548.208506][ T9660] device wg1 entered promiscuous mode [ 548.251813][ T9660] IPv6: ADDRCONF(NETDEV_CHANGE): wg1: link becomes ready [ 548.274536][ T9660] A link change request failed with some changes committed already. Interface wg1 may have been left with an inconsistent configuration, please check. [ 548.299620][ T9662] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1746'. [ 549.398798][ T9679] syz.0.1750[9679] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 549.399391][ T9679] syz.0.1750[9679] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 550.169653][ T9673] can: request_module (can-proto-0) failed. [ 550.394099][ T9682] loop0: detected capacity change from 0 to 1024 [ 550.456315][ T9682] EXT4-fs: Ignoring removed oldalloc option [ 550.626685][ T9682] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 550.818466][ T3692] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 550.873722][ T3692] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 550.897171][ T3692] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 550.915861][ T3692] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 550.927598][ T3692] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 550.959033][ T3692] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 550.967976][ T9695] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1753'. [ 551.034139][ T3692] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 551.082048][ T3692] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 551.123311][ T3692] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 551.148866][ T3692] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 551.206698][ T3692] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 551.238819][ T3692] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 551.266171][ T3692] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 551.299378][ T3692] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 551.322916][ T3692] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 551.332567][ T3692] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 551.343343][ T3692] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 551.343963][ T9701] netlink: 'syz.3.1758': attribute type 5 has an invalid length. [ 551.350934][ T3692] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 551.351000][ T3692] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 551.351023][ T3692] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 551.351044][ T3692] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 551.397206][ T3692] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 551.405095][ T3692] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 551.415291][ T3692] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 551.431918][ T3692] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 551.445060][ T3692] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 551.463080][ T3692] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 551.470723][ T3692] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 551.493150][ T3692] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 551.503994][ T3692] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 551.511705][ T3692] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 551.534906][ T3692] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0 [ 551.549650][ T3692] hid-generic 0000:0000:0000.0007: hidraw0: HID v0.00 Device [syz0] on syz0 [ 551.583110][ T7812] EXT4-fs (loop0): unmounting filesystem. [ 552.236017][ T9711] syz.3.1761[9711] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 552.236602][ T9711] syz.3.1761[9711] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 553.049387][ T4467] usb 2-1: new high-speed USB device number 31 using dummy_hcd [ 554.429503][ T4467] usb 2-1: device descriptor read/all, error -71 [ 554.613793][ T9727] loop1: detected capacity change from 0 to 1024 [ 554.637909][ T9727] EXT4-fs: Ignoring removed oldalloc option [ 554.731050][ T9727] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 554.749519][ T3692] usb 5-1: new high-speed USB device number 34 using dummy_hcd [ 554.943131][ T3646] EXT4-fs (loop1): unmounting filesystem. [ 555.309594][ T3692] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 555.326052][ T3692] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 555.387388][ T3692] usb 5-1: config 0 descriptor?? [ 555.445102][ T3692] cp210x 5-1:0.0: cp210x converter detected [ 555.877867][ T3692] cp210x 5-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 556.061979][ T3692] usb 5-1: cp210x converter now attached to ttyUSB0 [ 557.351570][ T9755] syz.2.1772[9755] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 557.352152][ T9755] syz.2.1772[9755] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 557.493888][ T3692] usb 5-1: USB disconnect, device number 34 [ 557.728373][ T3692] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 557.790768][ T3692] cp210x 5-1:0.0: device disconnected [ 559.060416][ T9769] loop4: detected capacity change from 0 to 1024 [ 559.086381][ T9768] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1776'. [ 559.112592][ T9769] EXT4-fs: Ignoring removed oldalloc option [ 559.273104][ T9769] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 559.538673][ T3650] EXT4-fs (loop4): unmounting filesystem. [ 559.930242][ T9778] loop0: detected capacity change from 0 to 512 [ 560.059405][ T9778] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 560.201925][ T9778] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 560.269070][ T9778] ext4 filesystem being mounted at /94/file2 supports timestamps until 2038 (0x7fffffff) [ 561.053933][ T7812] EXT4-fs (loop0): unmounting filesystem. [ 561.138893][ T9789] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1782'. [ 561.178639][ T9795] loop1: detected capacity change from 0 to 16 [ 561.219172][ T9795] erofs: (device loop1): mounted with root inode @ nid 36. [ 561.716694][ T9802] syz.0.1783[9802] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 561.716803][ T9802] syz.0.1783[9802] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 562.659957][ T9804] erofs: (device loop1): z_erofs_readahead: readahead error at page 22 @ nid 36 [ 562.680757][ T9804] erofs: (device loop1): z_erofs_readahead: readahead error at page 21 @ nid 36 [ 562.689872][ T9804] erofs: (device loop1): z_erofs_readahead: readahead error at page 20 @ nid 36 [ 562.699075][ T9804] erofs: (device loop1): z_erofs_readahead: readahead error at page 18 @ nid 36 [ 562.708322][ T9804] erofs: (device loop1): z_erofs_readahead: readahead error at page 12 @ nid 36 [ 562.717426][ T9804] erofs: (device loop1): z_erofs_readahead: readahead error at page 10 @ nid 36 [ 562.726740][ T9804] erofs: (device loop1): z_erofs_readahead: readahead error at page 6 @ nid 36 [ 562.735847][ T9804] syz.1.1784: attempt to access beyond end of device [ 562.735847][ T9804] loop1: rw=524288, sector=6520, nr_sectors = 16 limit=16 [ 562.749598][ T9804] syz.1.1784: attempt to access beyond end of device [ 562.749598][ T9804] loop1: rw=524288, sector=34359736328, nr_sectors = 16 limit=16 [ 562.763989][ T9804] syz.1.1784: attempt to access beyond end of device [ 562.763989][ T9804] loop1: rw=524288, sector=720, nr_sectors = 16 limit=16 [ 562.869344][ T9804] syz.1.1784: attempt to access beyond end of device [ 562.869344][ T9804] loop1: rw=524288, sector=536576856, nr_sectors = 16 limit=16 [ 562.883885][ T9804] syz.1.1784: attempt to access beyond end of device [ 562.883885][ T9804] loop1: rw=524288, sector=8, nr_sectors = 16 limit=16 [ 562.897404][ T9804] syz.1.1784: attempt to access beyond end of device [ 562.897404][ T9804] loop1: rw=524288, sector=13478624032, nr_sectors = 8 limit=16 [ 562.963254][ T4467] usb 3-1: new high-speed USB device number 40 using dummy_hcd [ 563.589658][ T4467] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 563.698409][ T4467] usb 3-1: config 0 has no interfaces? [ 563.859550][ T4467] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 563.934356][ T4467] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 563.994917][ T4467] usb 3-1: config 0 descriptor?? [ 564.075127][ T9813] loop3: detected capacity change from 0 to 1024 [ 564.102900][ T9813] EXT4-fs: Ignoring removed oldalloc option [ 564.184648][ T9813] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 564.432434][ T8113] EXT4-fs (loop3): unmounting filesystem. [ 564.575199][ T9820] loop1: detected capacity change from 0 to 1024 [ 564.663942][ T3054] usb 3-1: USB disconnect, device number 40 [ 564.902218][ T9826] loop2: detected capacity change from 0 to 512 [ 564.939876][ T9826] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 565.034478][ T9826] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 565.089474][ T9826] ext4 filesystem being mounted at /373/file1 supports timestamps until 2038 (0x7fffffff) [ 565.418393][ T3654] EXT4-fs (loop2): unmounting filesystem. [ 565.734286][ T9840] loop3: detected capacity change from 0 to 512 [ 565.778731][ T9840] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 565.798654][ T9840] EXT4-fs (loop3): 1 truncate cleaned up [ 565.805170][ T9840] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 565.885620][ T8113] EXT4-fs (loop3): unmounting filesystem. [ 566.061966][ T9843] syz.4.1796[9843] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 566.062478][ T9843] syz.4.1796[9843] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 566.269455][ T5028] usb 3-1: new high-speed USB device number 41 using dummy_hcd [ 566.801517][ T9848] loop4: detected capacity change from 0 to 128 [ 567.023748][ T9848] FAT-fs (loop4): Unrecognized mount option "ÿÿÿÿÿÿÿÿ0xffffffffffffffff" or missing value [ 567.139607][ T5028] usb 3-1: config 0 has an invalid interface number: 18 but max is 0 [ 567.291021][ T5028] usb 3-1: config 0 has no interface number 0 [ 567.299447][ T5028] usb 3-1: config 0 interface 18 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 567.310869][ T5028] usb 3-1: config 0 interface 18 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 567.659464][ T5028] usb 3-1: New USB device found, idVendor=054c, idProduct=03d5, bcdDevice= 0.10 [ 567.668560][ T5028] usb 3-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 567.809391][ T5028] usb 3-1: Manufacturer: syz [ 567.852528][ T5028] usb 3-1: config 0 descriptor?? [ 567.907371][ T9858] loop4: detected capacity change from 0 to 1024 [ 567.923024][ T1270] ieee802154 phy0 wpan0: encryption failed: -22 [ 567.931611][ T1270] ieee802154 phy1 wpan1: encryption failed: -22 [ 567.950244][ T9858] EXT4-fs: Ignoring removed oldalloc option [ 568.075045][ T9858] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 568.098438][ T9849] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1798'. [ 568.318880][ T3650] EXT4-fs (loop4): unmounting filesystem. [ 568.443258][ T5028] input: syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.18/0003:054C:03D5.0008/input/input58 [ 568.557909][ T5028] sony 0003:054C:03D5.0008: input,hidraw0: USB HID v0.00 Joystick [syz] on usb-dummy_hcd.2-1/input18 [ 568.782421][ T4467] usb 3-1: USB disconnect, device number 41 [ 569.024417][ T9877] loop0: detected capacity change from 0 to 2048 [ 569.155006][ T9877] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 569.183482][ T9877] ext4 filesystem being mounted at /101/file0 supports timestamps until 2038 (0x7fffffff) [ 571.435068][ T7812] EXT4-fs (loop0): unmounting filesystem. [ 571.518035][ T9896] loop4: detected capacity change from 0 to 512 [ 571.564653][ T9896] EXT4-fs error (device loop4): ext4_xattr_inode_iget:404: comm syz.4.1813: inode #1: comm syz.4.1813: iget: illegal inode # [ 571.619846][ T9896] EXT4-fs error (device loop4): ext4_xattr_inode_iget:409: comm syz.4.1813: error while reading EA inode 1 err=-117 [ 571.657631][ T9896] EXT4-fs error (device loop4): ext4_xattr_inode_iget:404: comm syz.4.1813: inode #1: comm syz.4.1813: iget: illegal inode # [ 571.761267][ T9896] EXT4-fs error (device loop4): ext4_xattr_inode_iget:409: comm syz.4.1813: error while reading EA inode 1 err=-117 [ 571.808667][ T9896] EXT4-fs (loop4): 1 orphan inode deleted [ 571.844849][ T9906] loop0: detected capacity change from 0 to 128 [ 571.853679][ T9896] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 571.877785][ T9906] FAT-fs (loop0): Unrecognized mount option "ÿÿÿÿÿÿÿÿ0xffffffffffffffff" or missing value [ 571.927329][ T9900] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1810'. [ 572.566186][ T3650] EXT4-fs (loop4): unmounting filesystem. [ 573.109638][ T9923] loop3: detected capacity change from 0 to 2048 [ 575.169289][ T9926] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1817'. [ 575.213683][ T9923] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 575.415011][ T8113] EXT4-fs (loop3): unmounting filesystem. [ 575.459510][ T5033] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 576.569159][ T9937] loop3: detected capacity change from 0 to 2048 [ 576.714239][ T9937] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 576.803531][ T9937] UDF-fs: error (device loop3): udf_read_inode: (ino 1376) failed !bh [ 576.835325][ T9937] UDF-fs: error (device loop3): udf_fill_super: Error in udf_iget, block=64, partition=0 [ 576.959350][ T5033] usb 1-1: device not accepting address 21, error -71 [ 578.298834][ T9955] loop3: detected capacity change from 0 to 128 [ 578.340297][ T9955] FAT-fs (loop3): Unrecognized mount option "ÿÿÿÿÿÿÿÿ0xffffffffffffffff" or missing value [ 578.975902][ T9962] overlayfs: failed to resolve './file1': -2 [ 579.075714][ T9965] loop3: detected capacity change from 0 to 1024 [ 579.158816][ T9965] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 580.110231][ T8113] EXT4-fs (loop3): unmounting filesystem. [ 580.893254][ T9986] loop3: detected capacity change from 0 to 512 [ 581.054245][ T9986] EXT4-fs (loop3): orphan cleanup on readonly fs [ 581.066645][ T9986] __quota_error: 67 callbacks suppressed [ 581.066664][ T9986] Quota error (device loop3): dq_insert_tree: Quota tree root isn't allocated! [ 581.127391][ T9986] Quota error (device loop3): qtree_write_dquot: Error -5 occurred while creating quota [ 581.178263][ T9986] EXT4-fs error (device loop3): ext4_acquire_dquot:6800: comm syz.3.1836: Failed to acquire dquot type 0 [ 581.319919][ T9986] Quota error (device loop3): dq_insert_tree: Quota tree root isn't allocated! [ 581.328931][ T9986] Quota error (device loop3): qtree_write_dquot: Error -5 occurred while creating quota [ 581.379440][ T9986] EXT4-fs error (device loop3): ext4_acquire_dquot:6800: comm syz.3.1836: Failed to acquire dquot type 0 [ 581.542813][ T9986] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz.3.1836: bg 0: block 64: padding at end of block bitmap is not set [ 581.738922][ T9986] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6172: Corrupt filesystem [ 581.790440][ T9986] Quota error (device loop3): dq_insert_tree: Quota tree root isn't allocated! [ 581.826575][ T9986] Quota error (device loop3): qtree_write_dquot: Error -5 occurred while creating quota [ 581.865778][ T9986] EXT4-fs error (device loop3): ext4_acquire_dquot:6800: comm syz.3.1836: Failed to acquire dquot type 0 [ 581.906026][ T9986] EXT4-fs (loop3): 1 orphan inode deleted [ 581.931383][ T9986] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 582.286485][ T9995] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1838'. [ 582.315388][T10003] loop2: detected capacity change from 0 to 512 [ 582.376958][ T8113] EXT4-fs (loop3): unmounting filesystem. [ 582.390744][T10003] Quota error (device loop2): find_tree_dqentry: Cycle in quota tree detected: block 1 index 0 [ 582.431157][T10003] Quota error (device loop2): qtree_read_dquot: Can't read quota structure for id 0 [ 582.479048][T10003] EXT4-fs error (device loop2): ext4_acquire_dquot:6800: comm syz.2.1840: Failed to acquire dquot type 0 [ 582.525035][T10003] EXT4-fs (loop2): Remounting filesystem read-only [ 582.558710][T10003] EXT4-fs (loop2): 1 orphan inode deleted [ 582.583789][T10003] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 582.636111][T10003] ext4 filesystem being mounted at /381/file1 supports timestamps until 2038 (0x7fffffff) [ 582.787471][T10011] loop3: detected capacity change from 0 to 1024 [ 582.961038][T10013] loop1: detected capacity change from 0 to 1024 [ 583.066221][T10015] Quota error (device loop2): find_tree_dqentry: Cycle in quota tree detected: block 1 index 0 [ 583.077640][T10015] Quota error (device loop2): qtree_read_dquot: Can't read quota structure for id 0 [ 583.087277][T10015] EXT4-fs error (device loop2): ext4_acquire_dquot:6800: comm syz.2.1840: Failed to acquire dquot type 0 [ 583.318948][T10015] EXT4-fs (loop2): Remounting filesystem read-only [ 583.770796][T10013] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 583.960318][ T3646] EXT4-fs (loop1): unmounting filesystem. [ 585.239361][ T7] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 585.252425][T10037] loop4: detected capacity change from 0 to 128 [ 585.290989][T10037] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256 [ 585.326490][T10037] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 585.389178][ T3654] EXT4-fs (loop2): unmounting filesystem. [ 585.502108][ T7] usb 1-1: Using ep0 maxpacket: 8 [ 587.518057][ T26] audit: type=1326 audit(1725417505.200:655): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10047 comm="syz.2.1854" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f569a57ceb9 code=0x7ffc0000 [ 587.589033][ T26] audit: type=1326 audit(1725417505.200:656): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10047 comm="syz.2.1854" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f569a57ceb9 code=0x7ffc0000 [ 587.614281][ T26] audit: type=1326 audit(1725417505.240:657): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10047 comm="syz.2.1854" exe="/root/syz-executor" sig=0 arch=c000003e syscall=218 compat=0 ip=0x7f569a57ceb9 code=0x7ffc0000 [ 587.754261][ T26] audit: type=1326 audit(1725417505.240:658): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10047 comm="syz.2.1854" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f569a57ceb9 code=0x7ffc0000 [ 587.829408][ T26] audit: type=1326 audit(1725417505.240:659): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10047 comm="syz.2.1854" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f569a57ceb9 code=0x7ffc0000 [ 587.939533][ T7] usb 1-1: unable to get BOS descriptor or descriptor too short [ 587.977437][T10054] ip6gretap0 speed is unknown, defaulting to 1000 [ 588.014686][ T7] usb 1-1: unable to read config index 0 descriptor/start: -71 [ 588.045755][ T7] usb 1-1: can't read configurations, error -71 [ 588.193748][T10062] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1856'. [ 588.237012][T10058] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1857'. [ 589.852378][T10070] ip6gretap0 speed is unknown, defaulting to 1000 [ 592.149649][T10087] input: syz0 as /devices/virtual/input/input59 [ 595.877086][T10126] tap0: tun_chr_ioctl cmd 1074025681 [ 595.954697][T10127] loop3: detected capacity change from 0 to 128 [ 596.018023][T10127] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 596.041607][T10130] loop4: detected capacity change from 0 to 16 [ 596.089313][T10130] erofs: (device loop4): mounted with root inode @ nid 36. [ 596.110240][T10127] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 598.837100][T10156] input: syz0 as /devices/virtual/input/input60 [ 599.731173][T10145] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1880'. [ 600.855827][T10168] loop4: detected capacity change from 0 to 16 [ 600.875102][T10168] erofs: (device loop4): mounted with root inode @ nid 36. [ 605.004879][T10210] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1901'. [ 605.261975][T10206] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1902'. [ 605.343530][T10206] openvswitch: netlink: Message has 8 unknown bytes. [ 607.826557][T10232] Context (ID=0x0) not attached to queue pair (handle=0x0:0x0) [ 608.327887][T10237] netlink: 47 bytes leftover after parsing attributes in process `syz.2.1910'. [ 609.901723][T10258] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1911'. [ 611.044179][T10271] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1920'. [ 611.478339][T10275] Context (ID=0x0) not attached to queue pair (handle=0x0:0x0) [ 613.125868][T10291] input: syz1 as /devices/virtual/input/input62 [ 613.385374][T10293] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap1 [ 613.448029][T10293] batman_adv: batadv0: Adding interface: ip6gretap1 [ 613.499821][T10293] batman_adv: batadv0: The MTU of interface ip6gretap1 is too small (1434) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 613.589310][T10293] batman_adv: batadv0: Interface activated: ip6gretap1 [ 613.705535][T10298] loop4: detected capacity change from 0 to 16 [ 613.748458][ T26] audit: type=1326 audit(1725417531.430:660): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10299 comm="syz.3.1931" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa8e6b7ceb9 code=0x7ffc0000 [ 613.790418][T10298] erofs: (device loop4): mounted with root inode @ nid 36. [ 614.100176][ T26] audit: type=1326 audit(1725417531.470:661): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10299 comm="syz.3.1931" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa8e6b7ceb9 code=0x7ffc0000 [ 614.157706][T10305] Context (ID=0x0) not attached to queue pair (handle=0x0:0x0) [ 614.321051][ T26] audit: type=1326 audit(1725417531.470:662): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10299 comm="syz.3.1931" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7fa8e6b7ceb9 code=0x7ffc0000 [ 615.415957][ T26] audit: type=1326 audit(1725417531.470:663): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10299 comm="syz.3.1931" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa8e6b7ceb9 code=0x7ffc0000 [ 615.466917][T10308] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1934'. [ 615.546641][ T26] audit: type=1326 audit(1725417531.470:664): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10299 comm="syz.3.1931" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa8e6b7ceb9 code=0x7ffc0000 [ 616.517325][T10321] ip6gretap0 speed is unknown, defaulting to 1000 [ 616.528704][ T26] audit: type=1326 audit(1725417531.470:665): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10299 comm="syz.3.1931" exe="/root/syz-executor" sig=0 arch=c000003e syscall=189 compat=0 ip=0x7fa8e6b7ceb9 code=0x7ffc0000 [ 616.603720][ T26] audit: type=1326 audit(1725417531.480:666): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10299 comm="syz.3.1931" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa8e6b7ceb9 code=0x7ffc0000 [ 616.676865][T10330] input: syz1 as /devices/virtual/input/input63 [ 616.694663][ T26] audit: type=1326 audit(1725417531.480:667): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10299 comm="syz.3.1931" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa8e6b7ceb9 code=0x7ffc0000 [ 617.847738][T10347] loop4: detected capacity change from 0 to 16 [ 617.932006][T10347] erofs: (device loop4): mounted with root inode @ nid 36. [ 618.997923][T10360] input: syz1 as /devices/virtual/input/input64 [ 620.446168][T10380] loop3: detected capacity change from 0 to 16 [ 620.524882][T10380] erofs: (device loop3): mounted with root inode @ nid 36. [ 620.693462][T10387] loop0: detected capacity change from 0 to 1024 [ 620.745532][T10387] hfsplus: extend alloc file! (8192,65536,366) [ 621.244598][T10387] kvm: vcpu 0: requested 394 ns lapic timer period limited to 200000 ns [ 622.069689][T10406] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1962'. [ 622.533817][T10395] loop3: detected capacity change from 0 to 32768 [ 622.546687][T10395] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 scanned by syz.3.1961 (10395) [ 622.581239][T10395] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 622.593998][T10395] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 622.605064][T10395] BTRFS info (device loop3): using free space tree [ 622.761208][T10395] BTRFS info (device loop3): enabling ssd optimizations [ 622.804313][ T26] audit: type=1800 audit(1725417540.490:668): pid=10395 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1961" name="bus" dev="loop3" ino=263 res=0 errno=0 [ 623.098123][ T8113] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 624.384261][T10441] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1966'. [ 624.849388][T10106] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 625.101433][T10106] usb 4-1: Using ep0 maxpacket: 8 [ 625.221753][T10106] usb 4-1: config 167 has too many interfaces: 202, using maximum allowed: 32 [ 625.239027][T10106] usb 4-1: config 167 has 1 interface, different from the descriptor's value: 202 [ 625.362379][T10453] loop4: detected capacity change from 0 to 16 [ 625.436147][T10453] erofs: (device loop4): mounted with root inode @ nid 36. [ 625.449632][T10106] usb 4-1: New USB device found, idVendor=1025, idProduct=005f, bcdDevice=fe.29 [ 625.483666][T10106] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 625.558891][T10106] usb 4-1: Product: syz [ 625.582703][T10106] usb 4-1: Manufacturer: syz [ 625.609391][T10106] usb 4-1: SerialNumber: syz [ 625.683802][T10106] dvb-usb: found a 'Unknown USB1.1 DVB-T device ???? please report the name to the author' in warm state. [ 625.784580][T10106] dvb-usb: bulk message failed: -22 (3/0) [ 625.859944][T10106] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 625.910143][T10106] dvbdev: DVB: registering new adapter (Unknown USB1.1 DVB-T device ???? please report the name to the author) [ 625.937711][T10106] usb 4-1: media controller created [ 625.945581][ T26] audit: type=1326 audit(1725417543.640:669): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10462 comm="syz.2.1974" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f569a57ceb9 code=0x7ffc0000 [ 626.038282][T10106] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 626.039428][ T26] audit: type=1326 audit(1725417543.660:670): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10462 comm="syz.2.1974" exe="/root/syz-executor" sig=0 arch=c000003e syscall=72 compat=0 ip=0x7f569a57ceb9 code=0x7ffc0000 [ 626.172467][ T26] audit: type=1326 audit(1725417543.660:671): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10462 comm="syz.2.1974" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f569a57ceb9 code=0x7ffc0000 [ 626.227737][T10106] dvb-usb: bulk message failed: -22 (6/0) [ 626.274250][T10106] dvb-usb: no frontend was attached by 'Unknown USB1.1 DVB-T device ???? please report the name to the author' [ 626.293496][ T26] audit: type=1326 audit(1725417543.660:672): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10462 comm="syz.2.1974" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7f569a57ceb9 code=0x7ffc0000 [ 626.382540][T10106] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input66 [ 626.434832][ T26] audit: type=1326 audit(1725417543.670:673): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10462 comm="syz.2.1974" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f569a57ceb9 code=0x7ffc0000 [ 626.519997][T10106] dvb-usb: schedule remote query interval to 150 msecs. [ 626.536497][ T26] audit: type=1326 audit(1725417543.670:674): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10462 comm="syz.2.1974" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f569a57ceb9 code=0x7ffc0000 [ 626.547758][T10106] dvb-usb: bulk message failed: -22 (3/0) [ 626.649374][T10106] dvb-usb: Unknown USB1.1 DVB-T device ???? please report the name to the author successfully initialized and connected. [ 626.653771][ T26] audit: type=1326 audit(1725417543.670:675): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10462 comm="syz.2.1974" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f569a57ceb9 code=0x7ffc0000 [ 626.725270][T10106] usb 4-1: USB disconnect, device number 19 [ 626.729379][ T26] audit: type=1326 audit(1725417543.670:676): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10462 comm="syz.2.1974" exe="/root/syz-executor" sig=0 arch=c000003e syscall=189 compat=0 ip=0x7f569a57ceb9 code=0x7ffc0000 [ 626.737825][T10468] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1977'. [ 626.758331][ T26] audit: type=1326 audit(1725417543.670:677): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10462 comm="syz.2.1974" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f569a57ceb9 code=0x7ffc0000 [ 626.932539][T10106] dvb-usb: Unknown USB1.1 DVB-T device ???? please successfully deinitialized and disconnected. [ 629.191391][T10480] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1980'. [ 629.275568][ T3659] Bluetooth: hci4: unexpected event for opcode 0x0c14 [ 629.353181][ T1270] ieee802154 phy0 wpan0: encryption failed: -22 [ 629.363968][ T1270] ieee802154 phy1 wpan1: encryption failed: -22 [ 629.864422][T10492] loop3: detected capacity change from 0 to 16 [ 629.914385][T10492] erofs: (device loop3): mounted with root inode @ nid 36. [ 630.500640][ T26] kauditd_printk_skb: 1 callbacks suppressed [ 630.500658][ T26] audit: type=1326 audit(1725417548.190:679): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10495 comm="syz.4.1985" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2870f7ceb9 code=0x7ffc0000 [ 630.639344][ T26] audit: type=1326 audit(1725417548.220:680): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10495 comm="syz.4.1985" exe="/root/syz-executor" sig=0 arch=c000003e syscall=72 compat=0 ip=0x7f2870f7ceb9 code=0x7ffc0000 [ 630.718133][ T26] audit: type=1326 audit(1725417548.220:681): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10495 comm="syz.4.1985" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2870f7ceb9 code=0x7ffc0000 [ 630.819305][ T26] audit: type=1326 audit(1725417548.220:682): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10495 comm="syz.4.1985" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2870f7ceb9 code=0x7ffc0000 [ 630.925208][ T26] audit: type=1326 audit(1725417548.220:683): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10495 comm="syz.4.1985" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7f2870f7ceb9 code=0x7ffc0000 [ 631.009872][ T26] audit: type=1326 audit(1725417548.220:684): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10495 comm="syz.4.1985" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2870f7ceb9 code=0x7ffc0000 [ 631.050939][T10503] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1987'. [ 631.095714][ T26] audit: type=1326 audit(1725417548.220:685): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10495 comm="syz.4.1985" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2870f7ceb9 code=0x7ffc0000 [ 631.174193][ T26] audit: type=1326 audit(1725417548.220:686): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10495 comm="syz.4.1985" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f2870f7ceb9 code=0x7ffc0000 [ 631.561790][ T26] audit: type=1326 audit(1725417548.220:687): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10495 comm="syz.4.1985" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2870f7ceb9 code=0x7ffc0000 [ 631.645490][ T26] audit: type=1326 audit(1725417548.220:688): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10495 comm="syz.4.1985" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2870f7ceb9 code=0x7ffc0000 [ 632.226141][T10511] can: request_module (can-proto-0) failed. [ 633.607782][T10523] loop4: detected capacity change from 0 to 512 [ 633.669615][ T3659] Bluetooth: hci4: unexpected event for opcode 0x0c14 [ 633.692577][T10523] EXT4-fs error (device loop4): ext4_acquire_dquot:6800: comm syz.4.1992: Failed to acquire dquot type 0 [ 633.718346][T10523] EXT4-fs (loop4): Remounting filesystem read-only [ 633.734800][T10523] EXT4-fs (loop4): 1 orphan inode deleted [ 633.749512][T10523] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 633.775658][T10523] ext4 filesystem being mounted at /376/file1 supports timestamps until 2038 (0x7fffffff) [ 633.949564][T10529] loop1: detected capacity change from 0 to 16 [ 633.982286][T10529] erofs: (device loop1): mounted with root inode @ nid 36. [ 634.058905][T10531] EXT4-fs error (device loop4): ext4_acquire_dquot:6800: comm syz.4.1992: Failed to acquire dquot type 0 [ 634.609066][T10531] EXT4-fs (loop4): Remounting filesystem read-only [ 636.497826][ T26] kauditd_printk_skb: 7 callbacks suppressed [ 636.497843][ T26] audit: type=1326 audit(1725417554.180:692): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10540 comm="syz.3.1996" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa8e6b7ceb9 code=0x7ffc0000 [ 636.654958][ T26] audit: type=1326 audit(1725417554.220:693): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10540 comm="syz.3.1996" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa8e6b7ceb9 code=0x7ffc0000 [ 636.660518][ T3650] EXT4-fs (loop4): unmounting filesystem. [ 636.678689][ T26] audit: type=1326 audit(1725417554.220:694): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10540 comm="syz.3.1996" exe="/root/syz-executor" sig=0 arch=c000003e syscall=72 compat=0 ip=0x7fa8e6b7ceb9 code=0x7ffc0000 [ 636.811001][ T26] audit: type=1326 audit(1725417554.220:695): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10540 comm="syz.3.1996" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa8e6b7ceb9 code=0x7ffc0000 [ 636.909505][ T26] audit: type=1326 audit(1725417554.220:696): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10540 comm="syz.3.1996" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa8e6b7ceb9 code=0x7ffc0000 [ 637.075892][ T26] audit: type=1326 audit(1725417554.220:697): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10540 comm="syz.3.1996" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7fa8e6b7ceb9 code=0x7ffc0000 [ 637.174699][ T26] audit: type=1326 audit(1725417554.220:698): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10540 comm="syz.3.1996" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa8e6b7ceb9 code=0x7ffc0000 [ 637.288239][ T26] audit: type=1326 audit(1725417554.220:699): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10540 comm="syz.3.1996" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa8e6b7ceb9 code=0x7ffc0000 [ 637.347678][T10552] can: request_module (can-proto-0) failed. [ 637.395457][ T26] audit: type=1326 audit(1725417554.220:700): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10540 comm="syz.3.1996" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7fa8e6b7ceb9 code=0x7ffc0000 [ 637.516347][ T26] audit: type=1326 audit(1725417554.220:701): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10540 comm="syz.3.1996" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa8e6b7ceb9 code=0x7ffc0000 [ 637.777426][ T3651] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 637.788907][ T3651] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 637.811415][ T3651] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 637.861216][ T3651] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 637.870748][ T3651] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 637.880189][ T3651] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 638.201996][ T3710] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 638.289502][T10563] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2004'. [ 638.393404][T10558] ip6gretap0 speed is unknown, defaulting to 1000 [ 638.529310][ T3744] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 638.565294][ T3710] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 638.730649][ T3710] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 638.821655][ T3651] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 638.833850][ T3651] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 638.843661][ T3651] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 638.854783][ T3651] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 638.863614][ T3651] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 638.872305][ T3651] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 638.929571][ T3744] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 638.983533][ T3710] batman_adv: batadv0: Interface deactivated: netdevsim0 [ 639.079018][ T3710] batman_adv: batadv0: Removing interface: netdevsim0 [ 639.117348][ T3710] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 639.139604][ T3744] usb 4-1: New USB device found, idVendor=05ac, idProduct=025b, bcdDevice= 0.40 [ 639.161901][ T3744] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 639.172181][ T3744] usb 4-1: Product: syz [ 639.176479][ T3744] usb 4-1: Manufacturer: syz [ 639.181655][ T3744] usb 4-1: SerialNumber: syz [ 639.263873][ T3744] input: bcm5974 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/input/input67 [ 639.292412][T10570] ip6gretap0 speed is unknown, defaulting to 1000 [ 639.989596][ T3659] Bluetooth: hci2: command tx timeout [ 640.003005][T10558] chnl_net:caif_netlink_parms(): no params data found [ 640.069582][ T3078] bcm5974 4-1:1.0: could not read from device [ 640.100464][ T3078] bcm5974 4-1:1.0: could not read from device [ 640.158783][ T3744] usb 4-1: USB disconnect, device number 20 [ 640.208462][ T3078] bcm5974 4-1:1.0: could not read from device [ 640.241256][ T5306] bcm5974 4-1:1.0: could not read from device [ 640.274418][ T3078] bcm5974 4-1:1.0: could not read from device [ 640.303580][ T5306] udevd[5306]: Error opening device "/dev/input/event4": No such device [ 640.317794][ T5306] udevd[5306]: Unable to EVIOCGABS device "/dev/input/event4" [ 640.380988][ T5306] udevd[5306]: Unable to EVIOCGABS device "/dev/input/event4" [ 640.388731][ T5306] udevd[5306]: Unable to EVIOCGABS device "/dev/input/event4" [ 640.443664][ T5306] udevd[5306]: Unable to EVIOCGABS device "/dev/input/event4" [ 640.815420][ T3659] Bluetooth: hci4: unexpected event for opcode 0x0c14 [ 640.898496][T10594] loop4: detected capacity change from 0 to 16 [ 640.949448][ T3659] Bluetooth: hci5: command tx timeout [ 641.026532][T10570] chnl_net:caif_netlink_parms(): no params data found [ 641.035799][T10594] erofs: (device loop4): mounted with root inode @ nid 36. [ 641.898469][ T26] kauditd_printk_skb: 4 callbacks suppressed [ 641.898486][ T26] audit: type=1326 audit(1725417559.580:706): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10605 comm="syz.1.2010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9f977ceb9 code=0x7ffc0000 [ 641.956124][T10558] bridge0: port 1(bridge_slave_0) entered blocking state [ 642.003157][T10558] bridge0: port 1(bridge_slave_0) entered disabled state [ 642.031495][T10608] loop3: detected capacity change from 0 to 512 [ 642.056441][T10558] device bridge_slave_0 entered promiscuous mode [ 642.069701][ T3659] Bluetooth: hci2: command tx timeout [ 642.077986][ T26] audit: type=1326 audit(1725417559.620:707): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10605 comm="syz.1.2010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=72 compat=0 ip=0x7fa9f977ceb9 code=0x7ffc0000 [ 642.103303][ T26] audit: type=1326 audit(1725417559.620:708): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10605 comm="syz.1.2010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9f977ceb9 code=0x7ffc0000 [ 642.126576][ T26] audit: type=1326 audit(1725417559.620:709): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10605 comm="syz.1.2010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7fa9f977ceb9 code=0x7ffc0000 [ 642.181241][T10608] Quota error (device loop3): find_tree_dqentry: Cycle in quota tree detected: block 1 index 0 [ 642.189577][ T26] audit: type=1326 audit(1725417559.620:710): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10605 comm="syz.1.2010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9f977ceb9 code=0x7ffc0000 [ 642.231993][T10608] Quota error (device loop3): qtree_read_dquot: Can't read quota structure for id 0 [ 642.238072][T10558] bridge0: port 2(bridge_slave_1) entered blocking state [ 642.262895][T10558] bridge0: port 2(bridge_slave_1) entered disabled state [ 642.279444][ T26] audit: type=1326 audit(1725417559.620:711): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10605 comm="syz.1.2010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7fa9f977ceb9 code=0x7ffc0000 [ 642.308441][T10608] EXT4-fs error (device loop3): ext4_acquire_dquot:6800: comm syz.3.2009: Failed to acquire dquot type 0 [ 642.321515][T10558] device bridge_slave_1 entered promiscuous mode [ 642.349821][T10608] EXT4-fs (loop3): Remounting filesystem read-only [ 642.356578][T10608] EXT4-fs (loop3): 1 orphan inode deleted [ 642.378264][T10608] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 642.379654][ T26] audit: type=1326 audit(1725417559.620:712): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10605 comm="syz.1.2010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9f977ceb9 code=0x7ffc0000 [ 642.429613][T10608] ext4 filesystem being mounted at /136/file1 supports timestamps until 2038 (0x7fffffff) [ 642.701505][ T26] audit: type=1326 audit(1725417559.620:713): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10605 comm="syz.1.2010" exe="/root/syz-executor" sig=0 arch=c000003e syscall=189 compat=0 ip=0x7fa9f977ceb9 code=0x7ffc0000 [ 642.769044][T10619] EXT4-fs error (device loop3): ext4_acquire_dquot:6800: comm syz.3.2009: Failed to acquire dquot type 0 [ 643.059307][ T3659] Bluetooth: hci5: command tx timeout [ 643.419847][T10619] EXT4-fs (loop3): Remounting filesystem read-only [ 643.561425][T10558] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 643.596604][T10558] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 643.941640][T10558] team0: Port device team_slave_0 added [ 644.149569][ T3659] Bluetooth: hci2: command tx timeout [ 644.227817][T10570] bridge0: port 1(bridge_slave_0) entered blocking state [ 644.242715][T10570] bridge0: port 1(bridge_slave_0) entered disabled state [ 644.287856][T10570] device bridge_slave_0 entered promiscuous mode [ 644.343686][T10558] team0: Port device team_slave_1 added [ 644.388040][T10570] bridge0: port 2(bridge_slave_1) entered blocking state [ 644.425831][T10570] bridge0: port 2(bridge_slave_1) entered disabled state [ 644.440666][T10570] device bridge_slave_1 entered promiscuous mode [ 645.109449][ T3659] Bluetooth: hci5: command tx timeout [ 645.484055][ T8113] EXT4-fs (loop3): unmounting filesystem. [ 645.932620][T10642] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2014'. [ 645.973657][T10570] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 646.005304][T10558] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 646.016039][T10558] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 646.049429][T10558] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 646.086435][ T3710] device hsr_slave_0 left promiscuous mode [ 646.104003][ T3710] device hsr_slave_1 left promiscuous mode [ 646.117914][ T3710] device bridge_slave_1 left promiscuous mode [ 646.132194][ T3710] bridge0: port 2(bridge_slave_1) entered disabled state [ 646.157410][ T3710] device bridge_slave_0 left promiscuous mode [ 646.193322][ T3710] bridge0: port 1(bridge_slave_0) entered disabled state [ 646.229335][ T3651] Bluetooth: hci2: command tx timeout [ 646.303034][ T3710] device veth1_macvtap left promiscuous mode [ 646.309925][ T3710] device veth0_macvtap left promiscuous mode [ 646.316082][ T3710] device veth1_vlan left promiscuous mode [ 646.329788][ T3710] device veth0_vlan left promiscuous mode [ 647.230125][ T3651] Bluetooth: hci5: command tx timeout [ 648.489332][ T26] kauditd_printk_skb: 3 callbacks suppressed [ 648.489350][ T26] audit: type=1326 audit(1725417566.170:715): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10669 comm="syz.4.2019" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2870f7ceb9 code=0x7ffc0000 [ 648.572382][ T26] audit: type=1326 audit(1725417566.170:716): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10669 comm="syz.4.2019" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2870f7ceb9 code=0x7ffc0000 [ 648.643278][ T26] audit: type=1326 audit(1725417566.170:717): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10669 comm="syz.4.2019" exe="/root/syz-executor" sig=0 arch=c000003e syscall=72 compat=0 ip=0x7f2870f7ceb9 code=0x7ffc0000 [ 648.735189][ T26] audit: type=1326 audit(1725417566.170:718): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10669 comm="syz.4.2019" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2870f7ceb9 code=0x7ffc0000 [ 648.776329][ T26] audit: type=1326 audit(1725417566.170:719): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10669 comm="syz.4.2019" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2870f7ceb9 code=0x7ffc0000 [ 648.802702][ T26] audit: type=1326 audit(1725417566.170:720): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10669 comm="syz.4.2019" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7f2870f7ceb9 code=0x7ffc0000 [ 648.876687][ T26] audit: type=1326 audit(1725417566.170:721): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10669 comm="syz.4.2019" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2870f7ceb9 code=0x7ffc0000 [ 648.908530][ T26] audit: type=1326 audit(1725417566.170:722): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10669 comm="syz.4.2019" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2870f7ceb9 code=0x7ffc0000 [ 648.977363][ T26] audit: type=1326 audit(1725417566.170:723): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10669 comm="syz.4.2019" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f2870f7ceb9 code=0x7ffc0000 [ 649.035576][ T26] audit: type=1326 audit(1725417566.170:724): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10669 comm="syz.4.2019" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2870f7ceb9 code=0x7ffc0000 [ 649.068642][T10674] loop4: detected capacity change from 0 to 16 [ 649.113387][T10674] erofs: (device loop4): mounted with root inode @ nid 36. [ 650.025343][T10682] loop1: detected capacity change from 0 to 512 [ 650.161977][T10682] EXT4-fs error (device loop1): ext4_acquire_dquot:6800: comm syz.1.2023: Failed to acquire dquot type 0 [ 650.225906][T10682] EXT4-fs (loop1): Remounting filesystem read-only [ 650.255596][T10682] EXT4-fs (loop1): 1 orphan inode deleted [ 650.261643][T10682] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 650.293823][T10682] ext4 filesystem being mounted at /430/file1 supports timestamps until 2038 (0x7fffffff) [ 650.579803][T10687] EXT4-fs error (device loop1): ext4_acquire_dquot:6800: comm syz.1.2023: Failed to acquire dquot type 0 [ 651.116736][T10687] EXT4-fs (loop1): Remounting filesystem read-only [ 651.429438][T10106] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 651.516122][ T3710] team0 (unregistering): Port device team_slave_1 removed [ 651.959679][ T3710] team0 (unregistering): Port device team_slave_0 removed [ 652.511022][ T3710] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 652.589800][T10106] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 652.599034][T10106] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 652.616982][T10106] usb 4-1: config 0 descriptor?? [ 652.644358][ T3710] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 653.414992][ T3646] EXT4-fs (loop1): unmounting filesystem. [ 653.464180][T10106] cp210x 4-1:0.0: cp210x converter detected [ 653.582069][ T26] kauditd_printk_skb: 8 callbacks suppressed [ 653.582089][ T26] audit: type=1326 audit(1725417571.260:729): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10705 comm="syz.1.2028" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9f977ceb9 code=0x7ffc0000 [ 653.619431][T10106] cp210x 4-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 653.658017][ T26] audit: type=1326 audit(1725417571.260:730): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10705 comm="syz.1.2028" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9f977ceb9 code=0x7ffc0000 [ 653.696649][T10106] usb 4-1: cp210x converter now attached to ttyUSB0 [ 653.750801][ T26] audit: type=1326 audit(1725417571.260:731): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10705 comm="syz.1.2028" exe="/root/syz-executor" sig=0 arch=c000003e syscall=72 compat=0 ip=0x7fa9f977ceb9 code=0x7ffc0000 [ 653.780939][ T26] audit: type=1326 audit(1725417571.260:732): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10705 comm="syz.1.2028" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9f977ceb9 code=0x7ffc0000 [ 653.810945][ T26] audit: type=1326 audit(1725417571.260:733): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10705 comm="syz.1.2028" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9f977ceb9 code=0x7ffc0000 [ 653.870076][ T26] audit: type=1326 audit(1725417571.260:734): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10705 comm="syz.1.2028" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7fa9f977ceb9 code=0x7ffc0000 [ 653.945685][T10106] usb 4-1: USB disconnect, device number 21 [ 653.973592][T10106] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 653.974553][ T26] audit: type=1326 audit(1725417571.260:735): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10705 comm="syz.1.2028" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9f977ceb9 code=0x7ffc0000 [ 653.997311][T10106] cp210x 4-1:0.0: device disconnected [ 654.671296][ T26] audit: type=1326 audit(1725417571.260:736): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10705 comm="syz.1.2028" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9f977ceb9 code=0x7ffc0000 [ 654.694929][ T26] audit: type=1326 audit(1725417571.260:737): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10705 comm="syz.1.2028" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7fa9f977ceb9 code=0x7ffc0000 [ 654.719465][ T26] audit: type=1326 audit(1725417571.260:738): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10705 comm="syz.1.2028" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9f977ceb9 code=0x7ffc0000 [ 655.339137][T10720] loop3: detected capacity change from 0 to 128 [ 655.365442][T10720] FAT-fs (loop3): Unrecognized mount option "ÿÿÿÿÿÿÿÿ0xffffffffffffffff" or missing value [ 655.459561][ T3710] bond0 (unregistering): Released all slaves [ 656.094086][T10570] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 656.117899][T10558] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 656.128419][T10558] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 656.166979][T10558] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 656.390990][T10723] loop3: detected capacity change from 0 to 1024 [ 656.403790][T10714] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2031'. [ 656.476619][T10640] hfsplus: b-tree write err: -5, ino 4 [ 656.512638][T10558] device hsr_slave_0 entered promiscuous mode [ 656.555225][T10558] device hsr_slave_1 entered promiscuous mode [ 656.625714][T10558] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 656.635636][T10558] Cannot create hsr debugfs directory [ 657.092460][T10624] hfsplus: b-tree write err: -5, ino 4 [ 657.529371][T10570] team0: Port device team_slave_0 added [ 657.577031][T10570] team0: Port device team_slave_1 added [ 657.725044][T10730] loop4: detected capacity change from 0 to 512 [ 657.778666][T10570] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 657.805935][T10570] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 657.903590][T10730] EXT4-fs error (device loop4): ext4_acquire_dquot:6800: comm syz.4.2036: Failed to acquire dquot type 0 [ 657.910996][T10570] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 657.962367][T10570] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 657.973905][T10570] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 657.989298][T10730] EXT4-fs (loop4): Remounting filesystem read-only [ 658.007636][T10570] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 658.073545][T10730] EXT4-fs (loop4): 1 orphan inode deleted [ 658.133156][T10730] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 658.214299][T10730] ext4 filesystem being mounted at /392/file1 supports timestamps until 2038 (0x7fffffff) [ 658.317474][T10570] device hsr_slave_0 entered promiscuous mode [ 658.356243][T10570] device hsr_slave_1 entered promiscuous mode [ 658.375756][T10570] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 658.401580][T10570] Cannot create hsr debugfs directory [ 658.607978][T10743] __quota_error: 6 callbacks suppressed [ 658.608021][T10743] Quota error (device loop4): find_tree_dqentry: Cycle in quota tree detected: block 1 index 0 [ 658.624461][T10743] Quota error (device loop4): qtree_read_dquot: Can't read quota structure for id 0 [ 658.634261][T10743] EXT4-fs error (device loop4): ext4_acquire_dquot:6800: comm syz.4.2036: Failed to acquire dquot type 0 [ 659.365263][T10743] EXT4-fs (loop4): Remounting filesystem read-only [ 659.597095][ T26] audit: type=1326 audit(1725417577.280:743): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10751 comm="syz.3.2039" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa8e6b7ceb9 code=0x7ffc0000 [ 659.693237][ T26] audit: type=1326 audit(1725417577.310:744): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10751 comm="syz.3.2039" exe="/root/syz-executor" sig=0 arch=c000003e syscall=72 compat=0 ip=0x7fa8e6b7ceb9 code=0x7ffc0000 [ 659.765711][ T3710] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 659.800118][ T26] audit: type=1326 audit(1725417577.310:745): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10751 comm="syz.3.2039" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa8e6b7ceb9 code=0x7ffc0000 [ 659.835039][ T26] audit: type=1326 audit(1725417577.310:746): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10751 comm="syz.3.2039" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7fa8e6b7ceb9 code=0x7ffc0000 [ 659.916789][T10758] loop3: detected capacity change from 0 to 512 [ 659.928684][ T26] audit: type=1326 audit(1725417577.310:747): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10751 comm="syz.3.2039" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa8e6b7ceb9 code=0x7ffc0000 [ 659.952518][ T26] audit: type=1326 audit(1725417577.310:748): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10751 comm="syz.3.2039" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7fa8e6b7ceb9 code=0x7ffc0000 [ 659.975833][ T26] audit: type=1326 audit(1725417577.310:749): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10751 comm="syz.3.2039" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa8e6b7ceb9 code=0x7ffc0000 [ 660.003912][T10758] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 660.043199][ T26] audit: type=1326 audit(1725417577.310:750): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10751 comm="syz.3.2039" exe="/root/syz-executor" sig=0 arch=c000003e syscall=189 compat=0 ip=0x7fa8e6b7ceb9 code=0x7ffc0000 [ 660.103128][T10758] EXT4-fs (loop3): 1 truncate cleaned up [ 660.116482][T10758] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 660.196361][ T3710] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 660.312214][T10765] loop1: detected capacity change from 0 to 128 [ 660.400199][T10765] FAT-fs (loop1): Unrecognized mount option "ÿÿÿÿÿÿÿÿ0xffffffffffffffff" or missing value [ 660.470539][ T5306] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 660.730539][ T3650] EXT4-fs (loop4): unmounting filesystem. [ 661.376834][ T3710] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 662.185264][ T8113] EXT4-fs error (device loop3): ext4_lookup:1860: inode #2: comm syz-executor: deleted inode referenced: 11 [ 662.215740][ T8113] EXT4-fs error (device loop3): ext4_lookup:1860: inode #2: comm syz-executor: deleted inode referenced: 11 [ 662.268171][T10769] netlink: 'syz.1.2044': attribute type 33 has an invalid length. [ 662.282349][T10769] netlink: 152 bytes leftover after parsing attributes in process `syz.1.2044'. [ 662.409759][ T3710] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 662.707455][ T8113] EXT4-fs (loop3): unmounting filesystem. [ 662.902225][T10558] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 662.961423][T10558] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 663.014337][T10558] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 663.074992][T10558] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 663.265594][ T3710] batman_adv: batadv0: Interface deactivated: ip6gretap1 [ 663.595281][ T3710] batman_adv: batadv0: Removing interface: ip6gretap1 [ 663.643982][T10784] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2048'. [ 663.667214][ T3744] ip6gretap0 speed is unknown, defaulting to 1000 [ 663.696360][ T3744] ================================================================== [ 663.704488][ T3744] BUG: KASAN: use-after-free in siw_query_port+0x342/0x430 [ 663.711716][ T3744] Read of size 4 at addr ffff88807713a0e0 by task kworker/1:8/3744 [ 663.719718][ T3744] [ 663.722048][ T3744] CPU: 1 PID: 3744 Comm: kworker/1:8 Not tainted 6.1.107-syzkaller #0 [ 663.730195][ T3744] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 663.740252][ T3744] Workqueue: infiniband ib_cache_event_task [ 663.746182][ T3744] Call Trace: [ 663.749478][ T3744] [ 663.752407][ T3744] dump_stack_lvl+0x1e3/0x2cb [ 663.757141][ T3744] ? nf_tcp_handle_invalid+0x642/0x642 [ 663.762615][ T3744] ? panic+0x764/0x764 [ 663.766696][ T3744] ? _printk+0xd1/0x111 [ 663.770859][ T3744] ? __virt_addr_valid+0x17f/0x530 [ 663.775997][ T3744] ? __virt_addr_valid+0x17f/0x530 [ 663.781132][ T3744] print_report+0x15f/0x4f0 [ 663.785681][ T3744] ? __virt_addr_valid+0x17f/0x530 [ 663.790830][ T3744] ? __virt_addr_valid+0x17f/0x530 [ 663.795947][ T3744] ? __virt_addr_valid+0x45b/0x530 [ 663.801096][ T3744] ? __phys_addr+0xb6/0x170 [ 663.805608][ T3744] ? siw_query_port+0x342/0x430 [ 663.810487][ T3744] kasan_report+0x136/0x160 [ 663.814991][ T3744] ? siw_query_port+0x342/0x430 [ 663.819869][ T3744] siw_query_port+0x342/0x430 [ 663.824547][ T3744] ? ib_query_port+0x344/0x7c0 [ 663.829326][ T3744] ib_cache_update+0x1a8/0xaf0 [ 663.834103][ T3744] ? ib_cache_setup_one+0x5a0/0x5a0 [ 663.839315][ T3744] ? read_lock_is_recursive+0x10/0x10 [ 663.844811][ T3744] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 663.850803][ T3744] ? print_irqtrace_events+0x210/0x210 [ 663.856295][ T3744] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 663.862201][ T3744] ib_cache_event_task+0xef/0x1e0 [ 663.867232][ T3744] ? process_one_work+0x7a9/0x11d0 [ 663.872352][ T3744] process_one_work+0x8a9/0x11d0 [ 663.877303][ T3744] ? worker_detach_from_pool+0x260/0x260 [ 663.882971][ T3744] ? _raw_spin_lock_irqsave+0x120/0x120 [ 663.888525][ T3744] ? kthread_data+0x4e/0xc0 [ 663.893065][ T3744] ? wq_worker_running+0x97/0x190 [ 663.898103][ T3744] worker_thread+0xa47/0x1200 [ 663.902813][ T3744] ? _raw_spin_unlock+0x40/0x40 [ 663.907679][ T3744] kthread+0x28d/0x320 [ 663.911752][ T3744] ? worker_clr_flags+0x190/0x190 [ 663.916779][ T3744] ? kthread_blkcg+0xd0/0xd0 [ 663.921370][ T3744] ret_from_fork+0x1f/0x30 [ 663.925802][ T3744] [ 663.928826][ T3744] [ 663.931265][ T3744] Allocated by task 7812: [ 663.935592][ T3744] kasan_set_track+0x4b/0x70 [ 663.940208][ T3744] __kasan_kmalloc+0x97/0xb0 [ 663.944821][ T3744] __kmalloc_node+0xb3/0x230 [ 663.949437][ T3744] kvmalloc_node+0x6e/0x180 [ 663.954055][ T3744] alloc_netdev_mqs+0x85/0xeb0 [ 663.958850][ T3744] rtnl_create_link+0x2e9/0xa30 [ 663.963726][ T3744] rtnl_newlink+0x1403/0x2050 [ 663.968410][ T3744] rtnetlink_rcv_msg+0x818/0xff0 [ 663.973362][ T3744] netlink_rcv_skb+0x1cd/0x410 [ 663.978138][ T3744] netlink_unicast+0x7d8/0x970 [ 663.982912][ T3744] netlink_sendmsg+0xa26/0xd60 [ 663.987683][ T3744] __sys_sendto+0x480/0x600 [ 663.992197][ T3744] __x64_sys_sendto+0xda/0xf0 [ 663.996881][ T3744] do_syscall_64+0x3b/0xb0 [ 664.001308][ T3744] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 664.007248][ T3744] [ 664.009571][ T3744] Freed by task 3710: [ 664.013546][ T3744] kasan_set_track+0x4b/0x70 [ 664.018149][ T3744] kasan_save_free_info+0x27/0x40 [ 664.023185][ T3744] ____kasan_slab_free+0xd6/0x120 [ 664.028207][ T3744] __kmem_cache_free+0x25c/0x3c0 [ 664.033148][ T3744] device_release+0x91/0x1c0 [ 664.037737][ T3744] kobject_put+0x224/0x460 [ 664.042171][ T3744] netdev_run_todo+0xe56/0xf40 [ 664.046938][ T3744] ip6gre_exit_batch_net+0x41a/0x460 [ 664.052226][ T3744] cleanup_net+0x763/0xb60 [ 664.056642][ T3744] process_one_work+0x8a9/0x11d0 [ 664.061579][ T3744] worker_thread+0xa47/0x1200 [ 664.066262][ T3744] kthread+0x28d/0x320 [ 664.070350][ T3744] ret_from_fork+0x1f/0x30 [ 664.074775][ T3744] [ 664.077181][ T3744] The buggy address belongs to the object at ffff88807713a000 [ 664.077181][ T3744] which belongs to the cache kmalloc-cg-4k of size 4096 [ 664.091517][ T3744] The buggy address is located 224 bytes inside of [ 664.091517][ T3744] 4096-byte region [ffff88807713a000, ffff88807713b000) [ 664.104883][ T3744] [ 664.107199][ T3744] The buggy address belongs to the physical page: [ 664.113616][ T3744] page:ffffea0001dc4e00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x77138 [ 664.123776][ T3744] head:ffffea0001dc4e00 order:3 compound_mapcount:0 compound_pincount:0 [ 664.132104][ T3744] memcg:ffff888058cf2441 [ 664.136339][ T3744] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 664.144341][ T3744] raw: 00fff00000010200 ffffea0001d2ca00 dead000000000002 ffff888017c4c280 [ 664.152931][ T3744] raw: 0000000000000000 0000000000040004 00000001ffffffff ffff888058cf2441 [ 664.161536][ T3744] page dumped because: kasan: bad access detected [ 664.167951][ T3744] page_owner tracks the page as allocated [ 664.173664][ T3744] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 7812, tgid 7812 (syz-executor), ts 393739805425, free_ts 393555813427 [ 664.196593][ T3744] post_alloc_hook+0x18d/0x1b0 [ 664.201362][ T3744] get_page_from_freelist+0x322e/0x33b0 [ 664.206911][ T3744] __alloc_pages+0x28d/0x770 [ 664.211505][ T3744] alloc_slab_page+0x6a/0x150 [ 664.216189][ T3744] new_slab+0x84/0x2d0 [ 664.220267][ T3744] ___slab_alloc+0xc20/0x1270 [ 664.224959][ T3744] __kmem_cache_alloc_node+0x19f/0x260 [ 664.230422][ T3744] __kmalloc_node_track_caller+0xa0/0x220 [ 664.236151][ T3744] kmemdup+0x26/0x60 [ 664.240093][ T3744] __addrconf_sysctl_register+0xad/0x3e0 [ 664.245731][ T3744] addrconf_sysctl_register+0x128/0x180 [ 664.251296][ T3744] ipv6_add_dev+0xb8e/0x1180 [ 664.255901][ T3744] addrconf_notify+0x7a6/0xf60 [ 664.260673][ T3744] raw_notifier_call_chain+0xd0/0x170 [ 664.266081][ T3744] call_netdevice_notifiers+0x145/0x1b0 [ 664.271646][ T3744] register_netdevice+0x12f2/0x1720 [ 664.276904][ T3744] page last free stack trace: [ 664.281580][ T3744] free_unref_page_prepare+0xf63/0x1120 [ 664.287133][ T3744] free_unref_page+0x33/0x3e0 [ 664.291807][ T3744] __unfreeze_partials+0x1b7/0x210 [ 664.296954][ T3744] put_cpu_partial+0x17b/0x250 [ 664.301775][ T3744] qlist_free_all+0x76/0xe0 [ 664.306282][ T3744] kasan_quarantine_reduce+0x156/0x170 [ 664.311749][ T3744] __kasan_slab_alloc+0x1f/0x70 [ 664.316626][ T3744] slab_post_alloc_hook+0x52/0x3a0 [ 664.321745][ T3744] __kmem_cache_alloc_node+0x137/0x260 [ 664.327231][ T3744] __kmalloc+0xa1/0x230 [ 664.331387][ T3744] tomoyo_encode+0x26b/0x530 [ 664.335983][ T3744] tomoyo_realpath_from_path+0x594/0x5d0 [ 664.341648][ T3744] tomoyo_path_perm+0x29f/0x710 [ 664.346501][ T3744] tomoyo_path_unlink+0xcc/0x100 [ 664.351519][ T3744] security_path_unlink+0xd7/0x130 [ 664.356657][ T3744] do_unlinkat+0x3e0/0x820 [ 664.361099][ T3744] [ 664.363416][ T3744] Memory state around the buggy address: [ 664.369080][ T3744] ffff888077139f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 664.377158][ T3744] ffff88807713a000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 664.385314][ T3744] >ffff88807713a080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 664.393375][ T3744] ^ [ 664.400588][ T3744] ffff88807713a100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 664.408693][ T3744] ffff88807713a180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 664.416879][ T3744] ================================================================== [ 664.732924][ T3744] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 664.740177][ T3744] CPU: 1 PID: 3744 Comm: kworker/1:8 Not tainted 6.1.107-syzkaller #0 [ 664.748359][ T3744] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 664.758543][ T3744] Workqueue: infiniband ib_cache_event_task [ 664.764455][ T3744] Call Trace: [ 664.767732][ T3744] [ 664.770663][ T3744] dump_stack_lvl+0x1e3/0x2cb [ 664.775356][ T3744] ? nf_tcp_handle_invalid+0x642/0x642 [ 664.780860][ T3744] ? panic+0x764/0x764 [ 664.784928][ T3744] ? preempt_schedule_common+0xa6/0xd0 [ 664.791035][ T3744] ? vscnprintf+0x59/0x80 [ 664.795383][ T3744] panic+0x318/0x764 [ 664.799294][ T3744] ? check_panic_on_warn+0x1d/0xa0 [ 664.804425][ T3744] ? memcpy_page_flushcache+0xfc/0xfc [ 664.809819][ T3744] ? _raw_spin_unlock_irqrestore+0x128/0x130 [ 664.815811][ T3744] ? _raw_spin_unlock+0x40/0x40 [ 664.820664][ T3744] ? print_report+0x4a3/0x4f0 [ 664.825346][ T3744] check_panic_on_warn+0x7e/0xa0 [ 664.830306][ T3744] ? siw_query_port+0x342/0x430 [ 664.835264][ T3744] end_report+0x66/0x110 [ 664.839625][ T3744] kasan_report+0x143/0x160 [ 664.844146][ T3744] ? siw_query_port+0x342/0x430 [ 664.849003][ T3744] siw_query_port+0x342/0x430 [ 664.853685][ T3744] ? ib_query_port+0x344/0x7c0 [ 664.858500][ T3744] ib_cache_update+0x1a8/0xaf0 [ 664.863277][ T3744] ? ib_cache_setup_one+0x5a0/0x5a0 [ 664.868519][ T3744] ? read_lock_is_recursive+0x10/0x10 [ 664.873941][ T3744] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 664.879948][ T3744] ? print_irqtrace_events+0x210/0x210 [ 664.885417][ T3744] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 664.891319][ T3744] ib_cache_event_task+0xef/0x1e0 [ 664.896358][ T3744] ? process_one_work+0x7a9/0x11d0 [ 664.901492][ T3744] process_one_work+0x8a9/0x11d0 [ 664.906458][ T3744] ? worker_detach_from_pool+0x260/0x260 [ 664.912097][ T3744] ? _raw_spin_lock_irqsave+0x120/0x120 [ 664.917683][ T3744] ? kthread_data+0x4e/0xc0 [ 664.922196][ T3744] ? wq_worker_running+0x97/0x190 [ 664.927232][ T3744] worker_thread+0xa47/0x1200 [ 664.931942][ T3744] ? _raw_spin_unlock+0x40/0x40 [ 664.936811][ T3744] kthread+0x28d/0x320 [ 664.940905][ T3744] ? worker_clr_flags+0x190/0x190 [ 664.945960][ T3744] ? kthread_blkcg+0xd0/0xd0 [ 664.950557][ T3744] ret_from_fork+0x1f/0x30 [ 664.954992][ T3744] [ 664.958298][ T3744] Kernel Offset: disabled [ 664.962633][ T3744] Rebooting in 86400 seconds..