last executing test programs: 5m4.256497883s ago: executing program 2 (id=553): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffcf7, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='sys_enter\x00', r1}, 0x10) fchmodat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0xfffffed3) 5m3.906017501s ago: executing program 2 (id=554): sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000cc0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=[@ip_tos_int={{0x14, 0x0, 0x1, 0x4}}], 0x18}}], 0x1, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000004000000000000004b64ffec850000007d00000004"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCBRDELBR(r1, 0x89a2, &(0x7f0000000200)='bridge0\x00') 5m3.265590369s ago: executing program 2 (id=555): munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000) r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r0, &(0x7f0000000040), 0x10) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) read(r1, &(0x7f0000000080)=""/155, 0x9b) write$binfmt_script(r0, &(0x7f00000036c0)={'#! ', './file0'}, 0xb) r2 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x802, 0x0) mprotect(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x14cb84fb0918cdfe) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000480)={0x20, 0x0, &(0x7f0000000000)=[@request_death, @clear_death], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x2) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000540)={0x50, 0x0, &(0x7f00000004c0)=[@increfs={0x40046304, 0x2}, @exit_looper, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x78, 0x18, &(0x7f0000000380)={@ptr={0x70742a85, 0x0, &(0x7f0000000180)=""/70, 0x46, 0x2, 0x8}, @ptr={0x70742a85, 0x0, &(0x7f0000000200)=""/254, 0xfe, 0x0, 0xa}, @ptr={0x70742a85, 0x0, &(0x7f0000000300)=""/96, 0x60, 0x0, 0x14}}, &(0x7f0000000400)={0x0, 0x28, 0x50}}}], 0x0, 0x0, 0x0}) socket$inet6_udp(0xa, 0x2, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480), 0x2880, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCFLSH(r3, 0x400455c8, 0x0) r4 = syz_usb_connect(0x0, 0x36, &(0x7f0000000200)=ANY=[@ANYBLOB="1201000014da2108ab12a390eb1e000000010902240001b30000040904410017ff5d810009050f1f01040000000905830300b3"], 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x20, 0x0, 0x0, 0xfffff034}]}, 0x10) syz_usb_ep_write$ath9k_ep2(r4, 0x83, 0x8, &(0x7f0000000080)=ANY=[]) syz_usb_connect$printer(0x3, 0x2d, &(0x7f00000000c0)=ANY=[@ANYBLOB="1201100100"], 0x0) syz_usb_ep_write$ath9k_ep2(r4, 0x83, 0x8, &(0x7f00000000c0)=ANY=[]) 4m59.939556775s ago: executing program 2 (id=590): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000007c0)='./file0\x00', 0x2000480, &(0x7f0000000100), 0x5, 0x75b, &(0x7f0000000800)="$eJzs3c9rHFUcAPDvbJKmTauJIGg9BQQNlG5Mja2Ch4oHESwU9Gy7bLahZpMt2U1pQkCLCF4EFQ+CXnr2R7159cdV/wsP0lI1LVY8SGQ2s+m22U03aZJF9/OB1743M5s333kz897uDDMB9KzR9J9cxOGI+DCJGM6mJxExUM/1R5xcW+72ynIxTUmsrr7+e1Jf5tbKcjGaPpM6mBUej4gf3os4kttYb3VxaaZQLpfms/J4bfbCeHVx6ej52cJ0abo0d3xicvLYiedOHN+5QP/8eenQ9Y9eefrrk3+/+9jVD35M4mQcymY3x7FTRmM02yYD6Sa8y8s7XVmXJd1eAbYlPTT71o7yOBzD0VfPAQD/Z29HxCoA0GMS/T8A9JjG7wC3VpaLjdTdXyT21o2XImL/WvyN65trc/qza3b769dBh24ld10ZSSJiZAfqH42Iz79988s0xS5dhwRo5Z3LEXF2ZHTj+T/ZcM/CVj3TwTKj95Sd/2DvfJeOf55vNf7LrY9/osX4Z7DFsbsd9z/+c9d2oJq20vHfi033tt1uij8z0peVHqqP+QaSc+fLpfTc9nBEjMXAYFqe2KSOsZv/3Gw3r3n898fHb32R1p/+f2eJ3LX+wbs/M1WoFR4k5mY3Lkc80d8q/mS9/ZM249/THdbx6gvvf9ZuXhp/Gm8jbYx/d61eiXiqZfvfuaMt2fT+xPH67jDe2Cla+OaXT4fa1d/c/mlK6298F9gLafsPbR7/SNJ8v2Z163X8dGX4+3bz7h9/6/1/X/JGPb8vm3apUKvNT0TsS17bOP3Ync9m5QORLZ/GP/Zk6+N/s/0//U54tsP4+6//9tX2499dafxTW2r/rWeu3p7pa1d/Z+0/Wc+NZVM6Of91uoIPsu0AAAAAAAAAAAAAAAAAAAAAAAAAoFO5iDgUSS6/ns/l8vm1d3g/GkO5cqVaO3KusjA3FfV3ZY/EQK7xqMvhpuehTmTPw2+Uj91TfjYiHomITwYP1Mv5YqU81e3gAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACBzsM37/1O/DnZ77QCAXbO/2ysAAOw5/T8A9B79PwD0Hv0/APQe/T8A9B79PwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALvs9KlTaVr9a2W5mJanLi4uzFQuHp0qVWfyswvFfLEyfyE/XalMl0v5YmX2fn+vXKlcmIy5hUvjtVK1Nl5dXDozW1mYq505P1uYLp0pDexJVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwNdXFpZlCuVyal5GRkVnPdPvMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDf8G8AAAD//7WFKeA=") mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='mountinfo\x00') r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000100)={0x80002005}) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x89101a, 0x0) mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000280)='./file0/../file0\x00', 0x0, 0x1adc51, 0x0) 4m59.828665885s ago: executing program 2 (id=596): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x8, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000002980)={&(0x7f00000017c0)='}', 0x0, 0x0, 0x0, 0x4, r0}, 0x38) 4m59.762280774s ago: executing program 2 (id=597): r0 = add_key$keyring(&(0x7f0000000140), &(0x7f0000000400)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r0, &(0x7f0000000240)='cifs.idmap\x00', &(0x7f00000002c0)=@chain={'key_or_keyring:', r0}) 4m59.714447664s ago: executing program 32 (id=597): r0 = add_key$keyring(&(0x7f0000000140), &(0x7f0000000400)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r0, &(0x7f0000000240)='cifs.idmap\x00', &(0x7f00000002c0)=@chain={'key_or_keyring:', r0}) 9.561030919s ago: executing program 3 (id=1738): mkdir(&(0x7f0000000000)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b00000800395032303030"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r2, &(0x7f00000012c0)=ANY=[@ANYBLOB="b0"], 0xb0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='writeback_bdi_register\x00', r4}, 0x10) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) 8.375861565s ago: executing program 3 (id=1741): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000001700)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0) r3 = openat$zero(0xffffffffffffff9c, 0x0, 0x480304, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0x1, 0x4, 0x7fe4, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r4, @ANYBLOB="0000000000000000b70800"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x4ace457a, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000010007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0}, 0x18) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r6}, 0x10) timerfd_gettime(0xffffffffffffffff, &(0x7f0000000000)) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r7}, 0x10) close(0xffffffffffffffff) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000300)='./file0\x00', 0x400003, &(0x7f0000000200)={[{@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x5}}, {@noblock_validity}, {@usrquota}, {@resgid}, {@nogrpid}, {@errors_remount}, {@noinit_itable}, {@dioread_lock}, {@journal_dev={'journal_dev', 0x3d, 0x4}, 0x32}]}, 0x1b, 0x4f5, &(0x7f0000000340)="$eJzs3V1rHGsdAPD/TLJtk6YmRS9qwVpsJSna3aSxbfCiVhG9Kqj12hqTTQjZZEN20zahaIofQBBRQRC88kbwAwjSjyBCQe9FRRFtPRe9OKd72Le+JLvJ9nSz25P8fjCZ55mX/P/PLjszz8wwE8CRdT4iLkTE80qlcikiRhvT08Zws1rZri/39MmDueqQRKVy+79JRFKfVl1k4pX/ebK+SpyIiO98M+IHye64pc2t5dlCIb/eqOfKK2u50ubW5aWV2cX8Yn51enrq2sz1maszk11p50hE3Pj6P3/+k99+48Yfv3jvb3f+PfHDpDE94mU7uq3e9Ezts2gajIj1gwjWBzcb7cn0OxEAADrSPM7/XERcitEYqB3NAQAAAIdJ5Ssj8X4SUQEAAAAOrbR2D2ySZhv3AYxEmmaz9Xt4PxXDaaFYKn9hobixOl+/V3YsMunCUiE/2bhXeCwySbU+VSu/rF/ZUZ+OiNMR8bPRoVo9O1cszPf75AcAAAAcESd39P/fG633/wEAAIBDZqzfCQAAAAAHTv8fAAAADj/9fwAAADjUvnXrVnWoNN9/PX93c2O5ePfyfL60nF3ZmMvOFdfXsovF4mLtmX0r+/2/QrG49qVY3bifK+dL5Vxpc+vOSnFjtXxn6bVXYAMAAAA9dPqzj/6aRMT2l4dqQ9WxficF9MTgmyz8j4PLA+i9gX4nAPTNrv3/Gx0QAB9nmX4nAPRdEhG/3mN+25t3/nQw+QAAAN03/unW1/+Tfc8NbKc9ShE4IM7/wdH1Ea//D3c7D6D3XO6HoysTA9F5R37oQHMB+iPZZ/7bX/+vVN4oIQAAoOtGakOSZiNq5wFGIk2z2YhTtdcCZJKFpUJ+MiI+ERF/Gc0cr9anamsm+/YZAAAAAAAAAAAAAAAAAAAAAAAAAIC6SiWJCgAAAHCoRaT/Shrv/xofvTiy8/zAseTZaG0cEfd+dfsX92fL5fWp6vT/vZhe/mVj+pV+nMEAAAAAdmr205v9eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADopqdPHsw1h17G/c9XI2KsVfzBOFEbn4hMRAz/P4nBV9ZLImKgC/G3H0bE177XIn5STSvGGlm0ij/UrfhnWrV/7/hpRJzsQnw4yh5Vtz83W/3+0jhfG+/8/R1/se5gF+K33/6lL7Z/A222P6c6jHH28e9zbeM/jDg72Hr704yftIl/ocP43//u1la7eZXfRIy33P8kr8XKlVfWcqXNrctLK7OL+cX86vT01LWZ6zNXZyZzC0uFfONvyxg//cwfnu/V/uE28cf2af/FDtv/weP7Tz5ZL2ZaxZ+40Pr7P9MmftrY932+Ua7OH2+Wt+vlV5373Z/P7dX++Tbt3+/7n+iw/Ze+/eO/d7goANADpc2t5dlCIb9+pAtv9WlUD4s6WzhthHkXmqyQXy/96N1I450sNH8Tz/qyXQIAALpvdx8YAAAAAAAAAAAAAAAAAAAA6LXuPDOs+UzsvZ+u17RdH+16FjIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQD99GAAA//+GWc+t") 8.365229605s ago: executing program 1 (id=1743): r0 = syz_open_procfs(0x0, &(0x7f0000000300)='cmdline\x00') preadv2(r0, &(0x7f00000000c0), 0x0, 0xfffffffb, 0x2, 0x4) ioctl$VHOST_SET_OWNER(0xffffffffffffffff, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, 0x0, 0x0}) r1 = userfaultfd(0x1) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}}) ioctl$UFFDIO_UNREGISTER(r1, 0x8010aa01, &(0x7f0000000140)={&(0x7f0000733000/0x1000)=nil, 0x1000}) r2 = eventfd2(0x76, 0x1) ioctl$VHOST_SET_VRING_ERR(0xffffffffffffffff, 0x4008af22, &(0x7f00000001c0)={0x0, r2}) ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, 0x0) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x4008af20, &(0x7f0000000000)={0x0, r2}) ioctl$VHOST_VSOCK_SET_RUNNING(0xffffffffffffffff, 0x4004af61, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(0xffffffffffffffff, 0x4008af60, &(0x7f0000000040)={@hyper}) socket$vsock_stream(0x28, 0x1, 0x0) munmap(&(0x7f0000001000/0x4000)=nil, 0x4000) r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r3, 0xaf01, 0x0) ioctl$VHOST_SET_MEM_TABLE(r3, 0x4008af03, &(0x7f0000000140)) ioctl$VHOST_SET_FEATURES(0xffffffffffffffff, 0x4008af00, &(0x7f0000000180)=0x1d) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[], 0x48) mknodat$loop(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x1000, 0x1) socket(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r4 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) 6.449405016s ago: executing program 1 (id=1746): munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000) r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r0, &(0x7f0000000040), 0x10) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) read(r1, &(0x7f0000000080)=""/155, 0x9b) write$binfmt_script(r0, &(0x7f00000036c0)={'#! ', './file0'}, 0xb) r2 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x802, 0x0) mprotect(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x14cb84fb0918cdfe) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000480)={0x20, 0x0, &(0x7f0000000000)=[@request_death, @clear_death], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x2) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000540)={0x50, 0x0, &(0x7f00000004c0)=[@increfs={0x40046304, 0x2}, @exit_looper, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x78, 0x18, &(0x7f0000000380)={@ptr={0x70742a85, 0x0, &(0x7f0000000180)=""/70, 0x46, 0x2, 0x8}, @ptr={0x70742a85, 0x0, &(0x7f0000000200)=""/254, 0xfe, 0x0, 0xa}, @ptr={0x70742a85, 0x0, &(0x7f0000000300)=""/96, 0x60, 0x0, 0x14}}, &(0x7f0000000400)={0x0, 0x28, 0x50}}}], 0x2b, 0x0, &(0x7f0000000440)="7baf69d829ab644989dfd779f04f85ac91c8015ff885b60ed928064d13520f904f177a5301f4fd3c04d120"}) socket$inet6_udp(0xa, 0x2, 0x0) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480), 0x2880, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCFLSH(r4, 0x400455c8, 0x0) ioctl$sock_bt_hci(r3, 0x400448dd, &(0x7f0000000100)) r5 = syz_usb_connect(0x0, 0x36, &(0x7f0000000200)=ANY=[@ANYBLOB="1201000014da2108ab12a390eb1e000000010902240001b30000040904410017ff5d810009050f1f01040000000905830300b3"], 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x20, 0x0, 0x0, 0xfffff034}]}, 0x10) syz_usb_ep_write$ath9k_ep2(r5, 0x83, 0x8, &(0x7f0000000080)=ANY=[]) syz_usb_connect$printer(0x3, 0x2d, &(0x7f00000000c0)=ANY=[@ANYBLOB="1201100100"], 0x0) syz_usb_ep_write$ath9k_ep2(r5, 0x83, 0x8, 0x0) 6.355602506s ago: executing program 3 (id=1747): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000001700)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0) r2 = openat$zero(0xffffffffffffff9c, 0x0, 0x480304, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b70800"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x3, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000010007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0}, 0x18) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00'}, 0x10) preadv(0xffffffffffffffff, 0x0, 0x0, 0xb6, 0x0) timerfd_gettime(0xffffffffffffffff, &(0x7f0000000000)) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r4}, 0x10) creat(&(0x7f00000000c0)='./file0\x00', 0x8b) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000300)='./file0\x00', 0x400003, &(0x7f0000000200)={[{@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x5}}, {@noblock_validity}, {@usrquota}, {@resgid}, {@nogrpid}, {@errors_remount}, {@noinit_itable}, {@dioread_lock}, {@journal_dev={'journal_dev', 0x3d, 0x4}, 0x32}]}, 0x1b, 0x4f5, &(0x7f0000000340)="$eJzs3V1rHGsdAPD/TLJtk6YmRS9qwVpsJSna3aSxbfCiVhG9Kqj12hqTTQjZZEN20zahaIofQBBRQRC88kbwAwjSjyBCQe9FRRFtPRe9OKd72Le+JLvJ9nSz25P8fjCZ55mX/P/PLjszz8wwE8CRdT4iLkTE80qlcikiRhvT08Zws1rZri/39MmDueqQRKVy+79JRFKfVl1k4pX/ebK+SpyIiO98M+IHye64pc2t5dlCIb/eqOfKK2u50ubW5aWV2cX8Yn51enrq2sz1maszk11p50hE3Pj6P3/+k99+48Yfv3jvb3f+PfHDpDE94mU7uq3e9Ezts2gajIj1gwjWBzcb7cn0OxEAADrSPM7/XERcitEYqB3NAQAAAIdJ5Ssj8X4SUQEAAAAOrbR2D2ySZhv3AYxEmmaz9Xt4PxXDaaFYKn9hobixOl+/V3YsMunCUiE/2bhXeCwySbU+VSu/rF/ZUZ+OiNMR8bPRoVo9O1cszPf75AcAAAAcESd39P/fG633/wEAAIBDZqzfCQAAAAAHTv8fAAAADj/9fwAAADjUvnXrVnWoNN9/PX93c2O5ePfyfL60nF3ZmMvOFdfXsovF4mLtmX0r+/2/QrG49qVY3bifK+dL5Vxpc+vOSnFjtXxn6bVXYAMAAAA9dPqzj/6aRMT2l4dqQ9WxficF9MTgmyz8j4PLA+i9gX4nAPTNrv3/Gx0QAB9nmX4nAPRdEhG/3mN+25t3/nQw+QAAAN03/unW1/+Tfc8NbKc9ShE4IM7/wdH1Ea//D3c7D6D3XO6HoysTA9F5R37oQHMB+iPZZ/7bX/+vVN4oIQAAoOtGakOSZiNq5wFGIk2z2YhTtdcCZJKFpUJ+MiI+ERF/Gc0cr9anamsm+/YZAAAAAAAAAAAAAAAAAAAAAAAAAIC6SiWJCgAAAHCoRaT/Shrv/xofvTiy8/zAseTZaG0cEfd+dfsX92fL5fWp6vT/vZhe/mVj+pV+nMEAAAAAdmr205v9eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADopqdPHsw1h17G/c9XI2KsVfzBOFEbn4hMRAz/P4nBV9ZLImKgC/G3H0bE177XIn5STSvGGlm0ij/UrfhnWrV/7/hpRJzsQnw4yh5Vtz83W/3+0jhfG+/8/R1/se5gF+K33/6lL7Z/A222P6c6jHH28e9zbeM/jDg72Hr704yftIl/ocP43//u1la7eZXfRIy33P8kr8XKlVfWcqXNrctLK7OL+cX86vT01LWZ6zNXZyZzC0uFfONvyxg//cwfnu/V/uE28cf2af/FDtv/weP7Tz5ZL2ZaxZ+40Pr7P9MmftrY932+Ua7OH2+Wt+vlV5373Z/P7dX++Tbt3+/7n+iw/Ze+/eO/d7goANADpc2t5dlCIb9+pAtv9WlUD4s6WzhthHkXmqyQXy/96N1I450sNH8Tz/qyXQIAALpvdx8YAAAAAAAAAAAAAAAAAAAA6LXuPDOs+UzsvZ+u17RdH+16FjIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQD99GAAA//+GWc+t") socket$vsock_stream(0x28, 0x1, 0x0) 6.113814725s ago: executing program 0 (id=1752): mkdir(&(0x7f0000000000)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b00000800395032303030"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r2, &(0x7f00000012c0)=ANY=[@ANYBLOB="b0"], 0xb0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r4}, 0x18) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='writeback_bdi_register\x00', r5}, 0x10) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) 6.095908165s ago: executing program 0 (id=1753): openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xf, 0x0, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, 0x0, 0x0) sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, 0x0}, 0x40) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=@framed={{0x18, 0x8, 0x0, 0x0, 0xffd0, 0x0, 0x0, 0x0, 0xd0}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0}, @generic={0x66, 0x8}, @initr0, @exit, @alu={0x6, 0x0, 0x3, 0xa, 0x0, 0x2, 0x300}, @printk={@x, {}, {}, {}, {}, {0x5, 0x0, 0xb, 0xa}}]}, &(0x7f0000000000)='GPL\x00', 0x2, 0xff5c, &(0x7f0000000340)=""/222, 0x0, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32=r3, @ANYRES8=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x1, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES16], 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000640)='console\x00'}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000680)={0x6, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x40f00, 0x18, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9, @void, @value}, 0x94) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000640), &(0x7f0000000740), 0x75}, 0x38) 5.981065594s ago: executing program 5 (id=1755): syz_mount_image$fuse(0x0, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000005c0)='kfree\x00', r0}, 0x18) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYRESDEC=0x0]) 5.949360194s ago: executing program 5 (id=1756): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000240)={'batadv0\x00', 0x0}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r2, @fallback=0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) dup(0xffffffffffffffff) syz_mount_image$fuse(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000)='configfs\x00', 0x0, 0x0) ioctl$RTC_UIE_ON(0xffffffffffffffff, 0x7003) ioctl$RTC_WKALM_SET(0xffffffffffffffff, 0x4028700f, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, &(0x7f00000000c0)}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x1, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_enter\x00', r5}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x18) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) 4.512191288s ago: executing program 3 (id=1757): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000240)={'batadv0\x00', 0x0}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r3, @fallback=0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) dup(0xffffffffffffffff) syz_mount_image$fuse(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$RTC_UIE_ON(0xffffffffffffffff, 0x7003) ioctl$RTC_WKALM_SET(0xffffffffffffffff, 0x4028700f, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, &(0x7f00000000c0)}) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x1, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_enter\x00', r6}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x18) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) 4.400044198s ago: executing program 0 (id=1759): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000001700)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0) r3 = openat$zero(0xffffffffffffff9c, 0x0, 0x480304, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0x1, 0x4, 0x7fe4, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r4, @ANYBLOB="0000000000000000b70800"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x4ace457a, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x3, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000010007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0}, 0x18) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000580)=ANY=[@ANYBLOB="9feb010018000000000000002400000024000000020000000000000001000004000000000000000002"], &(0x7f0000000240)=""/199, 0x3e, 0xc7, 0x1, 0x0, 0x0, @void, @value}, 0x28) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) preadv(0xffffffffffffffff, 0x0, 0x0, 0xb6, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r6}, 0x10) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000300)='./file0\x00', 0x400003, &(0x7f0000000200)={[{@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x5}}, {@noblock_validity}, {@usrquota}, {@resgid}, {@nogrpid}, {@errors_remount}, {@noinit_itable}, {@dioread_lock}, {@journal_dev={'journal_dev', 0x3d, 0x4}, 0x32}]}, 0x1b, 0x4f5, &(0x7f0000000340)="$eJzs3V1rHGsdAPD/TLJtk6YmRS9qwVpsJSna3aSxbfCiVhG9Kqj12hqTTQjZZEN20zahaIofQBBRQRC88kbwAwjSjyBCQe9FRRFtPRe9OKd72Le+JLvJ9nSz25P8fjCZ55mX/P/PLjszz8wwE8CRdT4iLkTE80qlcikiRhvT08Zws1rZri/39MmDueqQRKVy+79JRFKfVl1k4pX/ebK+SpyIiO98M+IHye64pc2t5dlCIb/eqOfKK2u50ubW5aWV2cX8Yn51enrq2sz1maszk11p50hE3Pj6P3/+k99+48Yfv3jvb3f+PfHDpDE94mU7uq3e9Ezts2gajIj1gwjWBzcb7cn0OxEAADrSPM7/XERcitEYqB3NAQAAAIdJ5Ssj8X4SUQEAAAAOrbR2D2ySZhv3AYxEmmaz9Xt4PxXDaaFYKn9hobixOl+/V3YsMunCUiE/2bhXeCwySbU+VSu/rF/ZUZ+OiNMR8bPRoVo9O1cszPf75AcAAAAcESd39P/fG633/wEAAIBDZqzfCQAAAAAHTv8fAAAADj/9fwAAADjUvnXrVnWoNN9/PX93c2O5ePfyfL60nF3ZmMvOFdfXsovF4mLtmX0r+/2/QrG49qVY3bifK+dL5Vxpc+vOSnFjtXxn6bVXYAMAAAA9dPqzj/6aRMT2l4dqQ9WxficF9MTgmyz8j4PLA+i9gX4nAPTNrv3/Gx0QAB9nmX4nAPRdEhG/3mN+25t3/nQw+QAAAN03/unW1/+Tfc8NbKc9ShE4IM7/wdH1Ea//D3c7D6D3XO6HoysTA9F5R37oQHMB+iPZZ/7bX/+vVN4oIQAAoOtGakOSZiNq5wFGIk2z2YhTtdcCZJKFpUJ+MiI+ERF/Gc0cr9anamsm+/YZAAAAAAAAAAAAAAAAAAAAAAAAAIC6SiWJCgAAAHCoRaT/Shrv/xofvTiy8/zAseTZaG0cEfd+dfsX92fL5fWp6vT/vZhe/mVj+pV+nMEAAAAAdmr205v9eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADopqdPHsw1h17G/c9XI2KsVfzBOFEbn4hMRAz/P4nBV9ZLImKgC/G3H0bE177XIn5STSvGGlm0ij/UrfhnWrV/7/hpRJzsQnw4yh5Vtz83W/3+0jhfG+/8/R1/se5gF+K33/6lL7Z/A222P6c6jHH28e9zbeM/jDg72Hr704yftIl/ocP43//u1la7eZXfRIy33P8kr8XKlVfWcqXNrctLK7OL+cX86vT01LWZ6zNXZyZzC0uFfONvyxg//cwfnu/V/uE28cf2af/FDtv/weP7Tz5ZL2ZaxZ+40Pr7P9MmftrY932+Ua7OH2+Wt+vlV5373Z/P7dX++Tbt3+/7n+iw/Ze+/eO/d7goANADpc2t5dlCIb9+pAtv9WlUD4s6WzhthHkXmqyQXy/96N1I450sNH8Tz/qyXQIAALpvdx8YAAAAAAAAAAAAAAAAAAAA6LXuPDOs+UzsvZ+u17RdH+16FjIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQD99GAAA//+GWc+t") 4.367676718s ago: executing program 5 (id=1760): chdir(0x0) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x80001, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) io_submit(0x0, 0x0, &(0x7f0000001d00)) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f00000004c0)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) socket$inet6(0x10, 0x3, 0x0) syz_mount_image$exfat(&(0x7f0000006c00), &(0x7f0000001b40)='./file0\x00', 0x208008de, &(0x7f0000001b80)=ANY=[@ANYBLOB='utf8,errors=continue,namecase=1,utf8,gid=', @ANYRESHEX=0x0, @ANYBLOB=',umask=000+0000000000000000077,umask=00000000000000000005676,uid=', @ANYRESHEX=0x0, @ANYBLOB=',gid=', @ANYRESHEX=0x0, @ANYBLOB="2c000ca8768ddddc191573cbd33da79641936c9de64e264f331d1b50f4c4f54702f51dcbddb39c14c19175f07a639bb65ea608fbf6fadf5d8da30ace1281bed3e61b084526e10dbe921dad84fbcabc5791f52445cb76b789ed377aa0cd17309c4df04d525e8af05fb246b33836d90656cd2daa991b916be40df3bd607ae5672e1bb90730d0ff03000000000000c5f0cf287ea707c1fc66165f74e7d8a78c37a4b86907cec1df06da3611f616718d88770a2520ceb039bc06ef4d1183"], 0x1, 0x1503, &(0x7f0000000580)="$eJzs3AuYj1XXMPC99t43Y5L+TXIY9trr5p8G2yRJDgk5JEmSJDklJCZJEhJDTklDEnKcJIchJIdpTBrn8yHnpMkjTZKE5BT2d+np/Tzv0/O+fe9X3+e93lm/69qXvdz/tf7rnjXX3Pf9v66Z73uOqtu8Xq2mRCT+FPj7P8lCiBghxDAhxA1CiEAIUTGuYtyV4/kUJP+5N2F/rUfTrnUH7Fri+eduPP/cjeefu/H8czeef+7G88/deP65G8+fsdxs+5yiN/LKvYs//8/N+Pr/P0hOuclfbyx3c6//QgrPP3fj+eduPP/cjeefu/H8czee//98Nf+TYzz/3I3nz1hudq0/f+Z1bde1/v5jjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMZY7nPNXaSHEv+2vdV+MMcYYY4wxxhj76/i817oDxhhjjDHGGGOM/b8HQgoltAhEHpFXxIh8IlZcJ/KL60UBcYOIiBtFnLhJFBQ3i0KisCgiiop4UUwUF0agsIJEKEqIkiIqbhGlxK0iQZQWZURZ4UQ5kShuE+XF7aKCuENUFHeKSuIuUVlUEVVFNXG3qC7uETVETVFL3Ctqizqirqgn7hP1xf2igXhANBQPikbiIdFYPCyaiEdEU/GoaCYeE83F46KFeEK0FK1Ea9FGtP2/yn9Z9BWviH6iv0gWA8RA8aoYJAaLIWKoGCZeE8PF62KEeEOkiJFilHhTjBZviTHibTFWjBPjxTtigpgoJonJYoqYKlLFu2KaeE9MF++LGWKmmCVmizQxR8wVH4h5Yr5YID4UC8VHYpFYLJaIpSJdfCwyxDKRKT4Ry8WnIkusECvFKrFarBFrxTqxXmwQG8UmsVlsEVvFNrFdfCZ2iJ1il9gt9oi9Yp/4XOwXX4gD4kuRLb76L+af/af8XiBAgAQJGjTkgTwQAzEQC7GQH/JDASgAEYhAHMRBQSgIhaAQFIEiEA/xUByKAwICAUEJKAFRiEIpKAUJkABloAw4cJAIiVAebocKUAEqQkWoBJWgMlSBKlANqkF1qA41oAbUglpQG2pDXagL98F9cD80gAbQEBpCI2gEjaExNIEm0BSaQjNoBs2hObSAFtASWkJraA1toS20g3bQHtpDR+gInaATdIbOkARJ0BW6QjfoBt2hO/SAHtATekIv6A294WV4GV6BV6A/1JYDYCAMhEEwCIbAUBgKr8FweB1ehzcgBUbCKHgT3oS3YAycgbEwDsbDeKguJ8IkmAwkp0IqpMI0mAbTYTrMgJkwE2ZDGsyBuTAX5sF8mA8fwkL4CD6CxbAYlkI6pEMGLINMyITlcBayYAWshFWwGtbAalgH62EdbIRNsBG2wBbYBtvgM/gMdsJO2A27YS/shc/hc/gCvoAUyIZsOAgH4RAcgsNwGHIgB47AETgKR+EYHIPjcBxOwEk4BSfhNJyGM3AWzsE5uAAX4CK8GP9ts72lN6QIeYWWWuaReWSMjJGxMlbml/llAVlARmRExsk4WVAWlIVkIVlEFpHxMl4Wl8UlSpQkQ1lClogRQshSspRMkAmyjCwjnXQyUSbK8rK8rCAryIryTllJ3iUryyqyg6smq8nqsqOrIWvKWrKWrC3ryLqynqwn68v6soFsIBvKhrKRbCQby4dlEzkAhsCj8spkmsuR0EKOgpaylWwt28i34EnZTo6B9rKD7CifluNgLHSW7VySfFZ2lZOgm3xeToYXZA85FXrKl2Qv2Vv2kS/LvrK96yf7yxkwQA6Us2GQHCyHyKFyHtSRVyZWV74hU+RIOUq+KZfCW3KMfFuOlePkePmOnCAnyklyspwip8pU+a6cJt+T0+X7coacKWfJ2TJNzpFz5QdynpwvF8gP5UL5kVwkF8slcqlMlx/LDLlMZspP5HL5qcySK+RKuUqulmvkWrlOrpcb5Ea5SW6WW+RWuU1ul5/JHXKn3CV3yz1yr9wnP5f75RfygPxSZsuv5EH5N3lIfi0Py29kjvxWHpHfyaPye3lM/iCPyx/lCXlSnpI/ydPyZ3lGnpXn5Hl5Qf4iL8pL8rL0UihQUimlVaDyqLwqRuVTseo6lV9drwqoG1RE3aji1E2qoLpZFVKFVRFVVMWrYqq4MgqVVaRCVUKVVFF1iyqlblUJqrQqo8oqp8qpRHWbKq9uVxXUHaqiulNVUnepyqqKqqqqqbtVdXWPqqFqqlrqXlVb1VF1VT11n6qv7lcN1AOqoXpQNVIPqcbqYdVEPaKaqkdVM/WYaq4eVy3UE6qlaqVaqzaqrXpStVNPqfaqg+qonlad1DOqs+qiktSzqqt6TnVTz6vu6gXVQ72oeqqXVC/VW/VRl9Rl5VU/1V8lqwFqoHpVDVKD1RA1VA1Tr6nh6nU1Qr2hUtRINUq9qUart9QY9bYaq8ap8eodNUFNVJPUZDVFTVWp6l01Tb2npqv31Qw1U81Ss1WamqOG/FZpwT/lD/jtqvuP+e/9i/wRv777NrVdfaZ2qJ1ql9qt9qi9ap/ap/ar/eqAOqCyVbY6qA6qQ+qQOqwOqxyVo46oI+qoOqqOqWPquDquTqiT6rz6SZ1WP6sz6qw6q86rC+qCuvjb10Bo0FIrrXWg8+i8Okbn07H6Op1fX68L6Bt0RN+o4/RNuqC+WRfShXURXVTH62K6uDYatdWkQ11Cl9RRfYsupW/VCbq0LqPLaqfL6UR925/O/6P+2uq2up1up9vr9rqj7qg76U66s+6sk3SS7qq76m66m+6uu+seuofuqXvqXrqX7qP76L66r+6n++lknawH6lf1ID1YD9FD9TD9mh6uh+sReoRO0Sl6lB6lR+vReoweo8fqsXq8Hq8n6Al6kp6kp+gpOlWn6ml6mp6up+sZeoaepWfpNJ2m5+q5ep6epxfoBXqhXqgX6UV6iV6i03W6ztAZOlNn6uV6uc7SK/QKvUqv0mv0Gr1Or9Mb9Aa9SW/SW/QWnaW36+16h96hd+ldeo/eo/fpfXq/3q8P6AM6W2frg/qgPqQP6cP6sM7ROfqIPqKP6qP6mD424Lg+rk/oE/qUPqVP69P6jD6jz+lz+oK+oC/qi/qyvnzlti+QgQx0oIM8QZ4gJogJYoPYIH+QPygQFAgiQSSIC+KCgsHNQaGgcFAkKBrEB8WC4oEJMLABBWFQIigZRINbglLBrUFCUDooE5QNXFAuSAxuC8oHtwcVgjuCisGdQaXgrqByUCWoGlQL7g6qB/cENYKaQa3g3qB2UCeoG9QL7gvqB/cHDYIHgobBg0Gj4KGgcfBw0CR4JGgaPBo0Cx4LmgePBy2CJ4KWQaugddAmaPuX1vf+TOGnXD/T3ySbAWagedUMMoPNEDPUDDOvmeHmdTPCvGFSzEgzyrxpRpu3zBjzthlrxpnx5h0zwUw0k8xkM8VMNanmXTPNvGemm/fNDDPTzDKzTZqZY+aaD8w8M98sMB+aheYjs8gsNkvMUpNuPjYZZpnJNJ+Y5eZTk2VWmJVmlVlt1py/UQiz3mwwG80ms9lsMVvNNrPdfGZ2mJ1ml9lt9pi9Zp/53Ow3X5gD5kuTbb4yB83fzCHztTlsvjE55ltzxHxnjprvzTHzgzlufjQnzElzyvxkTpufzRlz1pwz580F84u5aC6Zy8Zfubm/cnlHjRrzYB6MwRiMxVjMj/mxABbACEYwDuOwIBbEQlgIi2ARjMd4LI7F8QpCwhJYAqMYxVJYChMwActgGXToMBETsTyWxwpYAStiRayElbAyVsaqWBXvxrvxHrwHa2JNvBfvxTpYB+thPayP9bEBNsCG2BAbYSNsjI2xCTbBptgUm2EzbI7NsQW2wJbYEltja2yLbbEdtsP22B47YkfshJ2wM3bGJEzCrtgVu2E37I7dsQf2wJ7YE3thL+yDfbAv9sV+2A+TMRkH4kAchINwCA7BYTgMh+NwHIEjMAVTcBSOwtE4GsfgGByL43A8voMTcCJOwsk4BadiKqbiNJyG03E6zsAZOAtnYRqm4Vyci/NwHi7ABbgQF+IiXIRLcAmmYzpmYAZmYiYux+WYhVm4ElfialyNa3Etrsf1uBE34mbcjFtxK27H7bgDd+Au3IV7cA/uw324H/fjATyA2ZiNB/EgHsJDeBgPYw7m4BE8gkfxKB7DY3gcj+MJPIGn8BSextN4Bs/gOTyHF/AXvIiX8DJ6jLFSxNrrbH57vS1gb7AxNp/9x7iILWrjbTFb3BpbyBb+dzFaaxNsaVvGlrXOlrOJ9rbfxZVtFVvVVrN32+r2Hlvjd3F9e79tYB+wDe2Dtp6977c4769xI/uQbWwft03sE7apbWWb2Ta2uX3ctrBP2Ja2lW1t29hO9hnb2XaxSfZZ29U+97s4wy6z6+0Gu9FusvvtF/acPW+P2u/tBfuL7Wf722H2NTvcvm5H2Ddsih35u3i8fcdOsBPtJDvZTrFTfxfPsrNtmp1j59oP7Dw7/3dxuv3YLrSZdpFdbJfYpb/GV3rKtJ/Y5fZTm2VX2JV2lV1t19i1dt3/7nWV3WK32m12n/3c7rA77S672+6xe3+Nr5zHAfulzbZf2SP2O3vIfm0P22M2x377a3zl/I7ZH+xx+6M9YU/aU/Yne9r+bM/Ys7+e/5Vz/8lespett4KAJCnSFFAeyksxlI9i6TrKT9dTAbqBInQjxdFNVJBupkJUmIpQUYqnYlScDCFZIgqpBJWkKN1CpehWSqDSVIbKkqNylEi3UXm6nSrQHVSR7qRKdBdVpipUlarR3VSd7qEaVJNq0b1Um+pQXapH91F9up8a0APUkB6kRvQQNaaHqQk9Qk3pUWpGj1Fzepxa0BPUklpRa2pDbelJakdPUXvqQB3paepEz1Bn6kJJ9Cx1peeoGz1P3ekF6kEvUk96iXpRb+pDL1NfeoX6UX9KpgE0kF6lQTSYhtBQGkav0XB6nUbQG5RCI2kUvUmj6S0aQ2/TWBpH4+kdmkATaRJNpik0lVLpXTqb3qXIlXu9GTSTZtFsSqM5NJc+oHk0nxbQh7SQPqJFtJiW0FJKp48pg5ZRJn1Cy+lTyqIVtJJW0WpaQ2tpHa2nDbSRNtFm2kJbaRttp89oB+2kXbSb9tBe2kef0376gg7Ql5RNX9FB+hsdoq/pMH1DOfQtHaHv6Ch9T8foBzpOP9IJOkmn6Cc6TT/TGTpL5+g8XaBf6CJdosvkSYQQylCFOgzCPGHeMCbMF8aG14X5w+vDAuENYSS8MYwLbwoLhjeHhcLCYZGwaBgfFguLhybE0IYUhmGJsGQYDW8JS4W3hglh6bBMWDZ0YbkwMbwtLB/eHlYI7wgrhneGlcK7wsphlfDxB6uFd4fVw3vCGmHNsFZ4b1g7rBPWDeuF94X1w/vDBuEDYcPwwbBC+FDYOHw4bBI+EjYNHw2bhY+FzcPHwxbhE2HLsFXYOmwTtg2fDNuFT4Xtww5hx/DpsFP4TNg57BImhc+GXcPn/vB4cjggHBi+Gr4aev+AWhJdGk2PfhzNiC6LZkY/iS6PfhrNiq6Iroyuiq6Oromuja6Lro9uiG6Mbopujm6Jbo1ui3pfL69w4KRTTrvA5XF5XYzL52LddS6/u94VcDe4iLvRxbmbXEF3syvkCrsirqiLd8VccWccOuvIha6EK+mi7hZXyt3qElxpV8aVdc6Vc4mujWvr2rp27inX3nVwHd3T7mn3jHvGdXFd3LOuq3vOdXPPu+7uBdfDvehedC+5Xq636+Nedn3dK66f6++SXbIb6Aa6QW6QG+KGuGFumBvuhrsRboRLcSlulBvlRrvRbowb48a6sW68G+8muAlukpvkprgpLtWlumlumpvuprsZboab5Wa5NJfm5rq5bp6b5xa4BW5hwkK3yC1yS9wSl+7SXYbLcJku0y13y12Wy3Ir3Uq32q12a91at96tdxvdRrfZbXZb3Va33W13O9wOt8vtcnvcHrfP7XP73X53wB1w2S7bHXQH3SF3yB1237gc96074r5zR9337pj7wR13P7oT7qQ75X5yp93P7ow768658+6C+8VddJfcZeddauTdyLTIe5HpkfcjMyIzI7MisyNpkTmRuZEPIvMi8yMLIh9GFkY+iiyKLI4siSyNpEc+jmRElkUyI59Elkc+jWRFVkRWRlZFVkfWRLwvtiP0JXxJH/W3+FL+Vp/gS/syvqx3vpxP9Lf58v52X8Hf4Sv6O30lf5ev7Kv4qv4J39K38q19G9/WP+nb+ad8e9/Bd/RP+07+Gd/Zd/FJ/lnf1T/nu/nnfXf/gu/hX/Q9/Uu+l+/t+/iXfV//iu/n+/tkP8AP9K/6QX6wH+KH+mH+NT/cv+5H+Dd8ih/pR/k3/Wj/lh/j3/Zj/Tg/3r/jJ/iJfpKf7Kf4qT7Vv+un+ff8dP++n+Fn+ll+tk/zc/xc/4Gf5+f7Bf5Dv9B/5Bf5xX6JX+rT/cc+wy/zmf4Tv9x/6rP8Cr/Sr/Kr/Rq/1q/z6/0Gv9Fv8pv9Fr/Vb/Pb/Wd+h9/pd/ndfo/f6/f5z/1+/4U/4L/02f4rf9D/zR/yX/vD/huf47/1R/x3/qj/3h/zP/jj/kd/wp/0p/xP/rT/2Z/xZ/05f95f8L/4i/6Sv8y/s8YYY4wx9n9E/cHxAf/i/+Rv64qBQojrdxbN+eeamwv9fT9YxneKCCGe7d/z0X9btWsnJyf/9tosJYKSi4UQkav5ecTVeIXoKJ4RSaKDKP8v+xsse1+gP6gfvVOI2KuVfxUr/rn+7f9B/SefHp9RKTwX95/UXyxEQsmrOfnE1fhq/Qr/Qf3C7f6g/3xfpwrR/h9y8our8dX6ieIp8ZxI+nevZIwxxhhjjDHG/m6wrNr9j56frzyfx+urOXnF1fiPns8ZY4wxxhhjjDF27b3Qu0+XJ5OSOnTnzZ/Y1Pjv0QZvePOXba71TybGGGOMMcbYX+3qTf+17oQxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGMu9/n/8ObFrfY6MMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcbYtfa/AgAA///mJjhh") bpf$PROG_LOAD(0x5, 0x0, 0x0) mlock(&(0x7f0000ff9000/0x4000)=nil, 0x4000) 3.532542905s ago: executing program 3 (id=1762): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r1, &(0x7f0000001600)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000280)="db", 0x1}], 0x1}, 0x41) recvmsg(r0, &(0x7f0000000840)={0x0, 0x0, 0x0}, 0x40012002) sendmsg$inet(r1, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f00000001c0)="04", 0x1}], 0x1}, 0x1) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000580)='sched_switch\x00', r2}, 0x10) socket$nl_route(0x10, 0x3, 0x0) 3.450114224s ago: executing program 4 (id=1763): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000006c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r0}, 0x10) r1 = io_uring_setup(0x36a3, &(0x7f0000000340)) close(r1) clock_nanosleep(0x2, 0x0, &(0x7f0000000000)={0x77359400}, 0xfffffffffffffffe) 3.332151684s ago: executing program 4 (id=1764): mkdir(&(0x7f0000000000)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b00000800395032303030"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r2, &(0x7f00000012c0)=ANY=[@ANYBLOB="b0"], 0xb0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r4}, 0x18) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='writeback_bdi_register\x00', r5}, 0x10) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) 3.251815893s ago: executing program 4 (id=1765): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setscheduler(0x0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x30dd3000) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f0000"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) syz_emit_ethernet(0xae, &(0x7f0000000440)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaaaa86dd60f4adf700382900000000000000000000f9000000000000ff020000000000000000000000000001"], 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x101, 0x7fff, 0xcc, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) 2.942901162s ago: executing program 0 (id=1766): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000001700)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0) r3 = openat$zero(0xffffffffffffff9c, 0x0, 0x480304, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0x1, 0x4, 0x7fe4, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r4, @ANYBLOB="0000000000000000b70800"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x4ace457a, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x3, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000010007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0}, 0x18) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000580)=ANY=[@ANYBLOB="9feb010018000000000000002400000024000000020000000000000001000004000000000000000002"], &(0x7f0000000240)=""/199, 0x3e, 0xc7, 0x1, 0x0, 0x0, @void, @value}, 0x28) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) preadv(0xffffffffffffffff, 0x0, 0x0, 0xb6, 0x0) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r7}, 0x10) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000300)='./file0\x00', 0x400003, &(0x7f0000000200)={[{@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x5}}, {@noblock_validity}, {@usrquota}, {@resgid}, {@nogrpid}, {@errors_remount}, {@noinit_itable}, {@dioread_lock}, {@journal_dev={'journal_dev', 0x3d, 0x4}, 0x32}]}, 0x1b, 0x4f5, &(0x7f0000000340)="$eJzs3V1rHGsdAPD/TLJtk6YmRS9qwVpsJSna3aSxbfCiVhG9Kqj12hqTTQjZZEN20zahaIofQBBRQRC88kbwAwjSjyBCQe9FRRFtPRe9OKd72Le+JLvJ9nSz25P8fjCZ55mX/P/PLjszz8wwE8CRdT4iLkTE80qlcikiRhvT08Zws1rZri/39MmDueqQRKVy+79JRFKfVl1k4pX/ebK+SpyIiO98M+IHye64pc2t5dlCIb/eqOfKK2u50ubW5aWV2cX8Yn51enrq2sz1maszk11p50hE3Pj6P3/+k99+48Yfv3jvb3f+PfHDpDE94mU7uq3e9Ezts2gajIj1gwjWBzcb7cn0OxEAADrSPM7/XERcitEYqB3NAQAAAIdJ5Ssj8X4SUQEAAAAOrbR2D2ySZhv3AYxEmmaz9Xt4PxXDaaFYKn9hobixOl+/V3YsMunCUiE/2bhXeCwySbU+VSu/rF/ZUZ+OiNMR8bPRoVo9O1cszPf75AcAAAAcESd39P/fG633/wEAAIBDZqzfCQAAAAAHTv8fAAAADj/9fwAAADjUvnXrVnWoNN9/PX93c2O5ePfyfL60nF3ZmMvOFdfXsovF4mLtmX0r+/2/QrG49qVY3bifK+dL5Vxpc+vOSnFjtXxn6bVXYAMAAAA9dPqzj/6aRMT2l4dqQ9WxficF9MTgmyz8j4PLA+i9gX4nAPTNrv3/Gx0QAB9nmX4nAPRdEhG/3mN+25t3/nQw+QAAAN03/unW1/+Tfc8NbKc9ShE4IM7/wdH1Ea//D3c7D6D3XO6HoysTA9F5R37oQHMB+iPZZ/7bX/+vVN4oIQAAoOtGakOSZiNq5wFGIk2z2YhTtdcCZJKFpUJ+MiI+ERF/Gc0cr9anamsm+/YZAAAAAAAAAAAAAAAAAAAAAAAAAIC6SiWJCgAAAHCoRaT/Shrv/xofvTiy8/zAseTZaG0cEfd+dfsX92fL5fWp6vT/vZhe/mVj+pV+nMEAAAAAdmr205v9eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADopqdPHsw1h17G/c9XI2KsVfzBOFEbn4hMRAz/P4nBV9ZLImKgC/G3H0bE177XIn5STSvGGlm0ij/UrfhnWrV/7/hpRJzsQnw4yh5Vtz83W/3+0jhfG+/8/R1/se5gF+K33/6lL7Z/A222P6c6jHH28e9zbeM/jDg72Hr704yftIl/ocP43//u1la7eZXfRIy33P8kr8XKlVfWcqXNrctLK7OL+cX86vT01LWZ6zNXZyZzC0uFfONvyxg//cwfnu/V/uE28cf2af/FDtv/weP7Tz5ZL2ZaxZ+40Pr7P9MmftrY932+Ua7OH2+Wt+vlV5373Z/P7dX++Tbt3+/7n+iw/Ze+/eO/d7goANADpc2t5dlCIb9+pAtv9WlUD4s6WzhthHkXmqyQXy/96N1I450sNH8Tz/qyXQIAALpvdx8YAAAAAAAAAAAAAAAAAAAA6LXuPDOs+UzsvZ+u17RdH+16FjIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQD99GAAA//+GWc+t") 2.47049598s ago: executing program 3 (id=1767): munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000) r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r0, &(0x7f0000000040), 0x10) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) read(r1, &(0x7f0000000080)=""/155, 0x9b) write$binfmt_script(r0, &(0x7f00000036c0)={'#! ', './file0'}, 0xb) mprotect(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x14cb84fb0918cdfe) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000480)={0x20, 0x0, &(0x7f0000000000)=[@request_death, @clear_death], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1, 0x11, 0xffffffffffffffff, 0x2) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000540)={0x50, 0x0, &(0x7f00000004c0)=[@increfs={0x40046304, 0x2}, @exit_looper, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x78, 0x18, &(0x7f0000000380)={@ptr={0x70742a85, 0x0, &(0x7f0000000180)=""/70, 0x46, 0x2, 0x8}, @ptr={0x70742a85, 0x0, &(0x7f0000000200)=""/254, 0xfe, 0x0, 0xa}, @ptr={0x70742a85, 0x0, &(0x7f0000000300)=""/96, 0x60, 0x0, 0x14}}, &(0x7f0000000400)={0x0, 0x28, 0x50}}}], 0x0, 0x0, 0x0}) socket$inet6_udp(0xa, 0x2, 0x0) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480), 0x2880, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCFLSH(r3, 0x400455c8, 0x0) ioctl$sock_bt_hci(r2, 0x400448dd, &(0x7f0000000100)) r4 = syz_usb_connect(0x0, 0x36, &(0x7f0000000200)=ANY=[@ANYBLOB="1201000014da2108ab12a390eb1e000000010902240001b30000040904410017ff5d810009050f1f01040000000905830300b3"], 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x20, 0x0, 0x0, 0xfffff034}]}, 0x10) syz_usb_ep_write$ath9k_ep2(r4, 0x83, 0x8, &(0x7f0000000080)=ANY=[]) syz_usb_connect$printer(0x3, 0x2d, &(0x7f00000000c0)=ANY=[@ANYBLOB="1201100100"], 0x0) syz_usb_ep_write$ath9k_ep2(r4, 0x83, 0x8, &(0x7f00000000c0)=ANY=[]) 1.474944096s ago: executing program 4 (id=1768): socket$nl_route(0x10, 0x3, 0x0) r0 = socket(0x10, 0x803, 0x2) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_GET_WOWLAN(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={0x0, 0x28}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14) getsockname$packet(r1, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000000)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=@newlink={0x34, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0x0, r2}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x4}}}]}, 0x34}}, 0x0) r3 = socket(0x10, 0x803, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=ANY=[@ANYBLOB="2c0000001400b59501000004f2ffffff0a400400", @ANYRES32=r5, @ANYBLOB="1400020000000000000000000000ffff"], 0x2c}}, 0x4000) r6 = socket(0x10, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=@ipv6_newaddr={0x34, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, r7}, [@IFA_LOCAL={0x14, 0x2, @ipv4}, @IFA_FLAGS={0x8, 0x8, 0x781}]}, 0x34}}, 0x0) 1.473460306s ago: executing program 4 (id=1769): bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) add_key$keyring(0x0, &(0x7f0000000100)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_route(0x10, 0x3, 0x0) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) rmdir(&(0x7f0000000080)='./cgroup/../file0\x00') write$UHID_INPUT(0xffffffffffffffff, 0x0, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r1 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r2 = openat$cgroup_subtree(r1, &(0x7f00000001c0), 0x2, 0x0) write$cgroup_subtree(r2, &(0x7f0000000100)={[{0x2d, 'pids'}]}, 0x6) 1.472732856s ago: executing program 4 (id=1770): munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000) r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r0, &(0x7f0000000040), 0x10) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) read(r1, &(0x7f0000000080)=""/155, 0x9b) write$binfmt_script(r0, &(0x7f00000036c0)={'#! ', './file0'}, 0xb) r2 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x802, 0x0) mprotect(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x14cb84fb0918cdfe) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000480)={0x20, 0x0, &(0x7f0000000000)=[@request_death, @clear_death], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1, 0x11, r2, 0x2) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000540)={0x50, 0x0, &(0x7f00000004c0)=[@increfs={0x40046304, 0x2}, @exit_looper, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x78, 0x18, &(0x7f0000000380)={@ptr={0x70742a85, 0x0, &(0x7f0000000180)=""/70, 0x46, 0x2, 0x8}, @ptr={0x70742a85, 0x0, &(0x7f0000000200)=""/254, 0xfe, 0x0, 0xa}, @ptr={0x70742a85, 0x0, &(0x7f0000000300)=""/96, 0x60, 0x0, 0x14}}, &(0x7f0000000400)={0x0, 0x28, 0x50}}}], 0x2b, 0x0, &(0x7f0000000440)="7baf69d829ab644989dfd779f04f85ac91c8015ff885b60ed928064d13520f904f177a5301f4fd3c04d120"}) socket$inet6_udp(0xa, 0x2, 0x0) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480), 0x2880, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCFLSH(r4, 0x400455c8, 0x0) ioctl$sock_bt_hci(r3, 0x400448dd, &(0x7f0000000100)) r5 = syz_usb_connect(0x0, 0x36, &(0x7f0000000200)=ANY=[@ANYBLOB="1201000014da2108ab12a390eb1e000000010902240001b30000040904410017ff5d810009050f1f01040000000905830300b3"], 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x20, 0x0, 0x0, 0xfffff034}]}, 0x10) syz_usb_ep_write$ath9k_ep2(r5, 0x83, 0x8, &(0x7f0000000080)=ANY=[]) syz_usb_connect$printer(0x3, 0x2d, 0x0, 0x0) syz_usb_ep_write$ath9k_ep2(r5, 0x83, 0x8, &(0x7f00000000c0)=ANY=[]) 1.472113526s ago: executing program 1 (id=1771): syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') socket$inet_tcp(0x2, 0x1, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$pppl2tp(0x18, 0x1, 0x1) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000005000/0x18000)=nil, &(0x7f0000000380)=[@text32={0x20, &(0x7f00000001c0)="b8050000000f01c10f46a78900000066ba2100b067ee66ba2000b000ee6d2f2f800000c00f3266bac0000f3066b808008ed0660f38806f008ee0", 0x3a}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040)) syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_PIT(r1, 0x8048ae66, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2004cb], 0x0, 0x200}) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1.466574486s ago: executing program 0 (id=1772): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x30dd3000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, 0x0, 0x0, 0x2, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r3}, 0x10) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x101, 0x7fff, 0xcc, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) 1.382505575s ago: executing program 1 (id=1773): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000001700)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) add_key$fscrypt_v1(&(0x7f00000001c0), 0x0, 0x0, 0x0, 0xffffffffffffffff) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) socket$packet(0x11, 0x3, 0x300) sendmsg$nl_route(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x4000) 999.904354ms ago: executing program 5 (id=1774): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000006c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r0}, 0x10) r1 = io_uring_setup(0x36a3, &(0x7f0000000340)) close(r1) clock_nanosleep(0x2, 0x0, &(0x7f0000000000)={0x77359400}, 0xfffffffffffffffe) 953.368144ms ago: executing program 5 (id=1775): openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xf, 0x0, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, 0x0, 0x0) sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0) recvmsg(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, 0x0}, 0x40) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=@framed={{0x18, 0x8, 0x0, 0x0, 0xffd0, 0x0, 0x0, 0x0, 0xd0}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0}, @generic={0x66, 0x8}, @initr0, @exit, @alu={0x6, 0x0, 0x3, 0xa, 0x0, 0x2, 0x300}, @printk={@x, {}, {}, {}, {}, {0x5, 0x0, 0xb, 0xa}}]}, &(0x7f0000000000)='GPL\x00', 0x2, 0xff5c, &(0x7f0000000340)=""/222, 0x0, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32=r3, @ANYRES8=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x1, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES16], 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000640)='console\x00'}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000680)={0x6, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x40f00, 0x18, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9, @void, @value}, 0x94) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000640), &(0x7f0000000740), 0x75}, 0x38) 494.760582ms ago: executing program 1 (id=1776): mkdir(&(0x7f0000000000)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b00000800395032303030"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r2, &(0x7f00000012c0)=ANY=[@ANYBLOB="b0"], 0xb0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r4}, 0x18) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='writeback_bdi_register\x00', r5}, 0x10) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) 418.785842ms ago: executing program 1 (id=1777): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r1, &(0x7f0000001600)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000280)="db", 0x1}], 0x1}, 0x41) recvmsg(r0, &(0x7f0000000840)={0x0, 0x0, 0x0}, 0x40012002) sendmsg$inet(r1, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f00000001c0)="04", 0x1}], 0x1}, 0x1) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000580)='sched_switch\x00', r2}, 0x10) socket$nl_route(0x10, 0x3, 0x0) 409.447272ms ago: executing program 0 (id=1778): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000001700)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0) r3 = openat$zero(0xffffffffffffff9c, 0x0, 0x480304, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0x1, 0x4, 0x7fe4, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r4, @ANYBLOB="0000000000000000b70800"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x3, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000010007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0}, 0x18) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000580)=ANY=[@ANYBLOB="9feb010018000000000000002400000024000000020000000000000001000004000000000000000002"], &(0x7f0000000240)=""/199, 0x3e, 0xc7, 0x1, 0x0, 0x0, @void, @value}, 0x28) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) preadv(0xffffffffffffffff, 0x0, 0x0, 0xb6, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r6}, 0x10) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000300)='./file0\x00', 0x400003, &(0x7f0000000200)={[{@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x5}}, {@noblock_validity}, {@usrquota}, {@resgid}, {@nogrpid}, {@errors_remount}, {@noinit_itable}, {@dioread_lock}, {@journal_dev={'journal_dev', 0x3d, 0x4}, 0x32}]}, 0x1b, 0x4f5, &(0x7f0000000340)="$eJzs3V1rHGsdAPD/TLJtk6YmRS9qwVpsJSna3aSxbfCiVhG9Kqj12hqTTQjZZEN20zahaIofQBBRQRC88kbwAwjSjyBCQe9FRRFtPRe9OKd72Le+JLvJ9nSz25P8fjCZ55mX/P/PLjszz8wwE8CRdT4iLkTE80qlcikiRhvT08Zws1rZri/39MmDueqQRKVy+79JRFKfVl1k4pX/ebK+SpyIiO98M+IHye64pc2t5dlCIb/eqOfKK2u50ubW5aWV2cX8Yn51enrq2sz1maszk11p50hE3Pj6P3/+k99+48Yfv3jvb3f+PfHDpDE94mU7uq3e9Ezts2gajIj1gwjWBzcb7cn0OxEAADrSPM7/XERcitEYqB3NAQAAAIdJ5Ssj8X4SUQEAAAAOrbR2D2ySZhv3AYxEmmaz9Xt4PxXDaaFYKn9hobixOl+/V3YsMunCUiE/2bhXeCwySbU+VSu/rF/ZUZ+OiNMR8bPRoVo9O1cszPf75AcAAAAcESd39P/fG633/wEAAIBDZqzfCQAAAAAHTv8fAAAADj/9fwAAADjUvnXrVnWoNN9/PX93c2O5ePfyfL60nF3ZmMvOFdfXsovF4mLtmX0r+/2/QrG49qVY3bifK+dL5Vxpc+vOSnFjtXxn6bVXYAMAAAA9dPqzj/6aRMT2l4dqQ9WxficF9MTgmyz8j4PLA+i9gX4nAPTNrv3/Gx0QAB9nmX4nAPRdEhG/3mN+25t3/nQw+QAAAN03/unW1/+Tfc8NbKc9ShE4IM7/wdH1Ea//D3c7D6D3XO6HoysTA9F5R37oQHMB+iPZZ/7bX/+vVN4oIQAAoOtGakOSZiNq5wFGIk2z2YhTtdcCZJKFpUJ+MiI+ERF/Gc0cr9anamsm+/YZAAAAAAAAAAAAAAAAAAAAAAAAAIC6SiWJCgAAAHCoRaT/Shrv/xofvTiy8/zAseTZaG0cEfd+dfsX92fL5fWp6vT/vZhe/mVj+pV+nMEAAAAAdmr205v9eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADopqdPHsw1h17G/c9XI2KsVfzBOFEbn4hMRAz/P4nBV9ZLImKgC/G3H0bE177XIn5STSvGGlm0ij/UrfhnWrV/7/hpRJzsQnw4yh5Vtz83W/3+0jhfG+/8/R1/se5gF+K33/6lL7Z/A222P6c6jHH28e9zbeM/jDg72Hr704yftIl/ocP43//u1la7eZXfRIy33P8kr8XKlVfWcqXNrctLK7OL+cX86vT01LWZ6zNXZyZzC0uFfONvyxg//cwfnu/V/uE28cf2af/FDtv/weP7Tz5ZL2ZaxZ+40Pr7P9MmftrY932+Ua7OH2+Wt+vlV5373Z/P7dX++Tbt3+/7n+iw/Ze+/eO/d7goANADpc2t5dlCIb9+pAtv9WlUD4s6WzhthHkXmqyQXy/96N1I450sNH8Tz/qyXQIAALpvdx8YAAAAAAAAAAAAAAAAAAAA6LXuPDOs+UzsvZ+u17RdH+16FjIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQD99GAAA//+GWc+t") 0s ago: executing program 5 (id=1779): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setscheduler(0x0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x30dd3000) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f0000"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) syz_emit_ethernet(0xae, &(0x7f0000000440)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaaaa86dd60f4adf700382900000000000000000000f9000000000000ff020000000000000000000000000001"], 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x101, 0x7fff, 0xcc, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) kernel console output (not intermixed with test programs): 4-fs (loop3): Remounting filesystem read-only [ 326.155403][ T4777] EXT4-fs warning (device loop3): ext4_enable_quotas:7023: Failed to enable quota tracking (type=0, err=-117, ino=64). Please run e2fsck to fix. [ 326.334697][ T4795] loop1: detected capacity change from 0 to 512 [ 326.836679][ T4777] EXT4-fs (loop3): Cannot turn on quotas: error -117 [ 326.843324][ T4777] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 326.853292][ T4795] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 326.898106][ T4795] EXT4-fs (loop1): orphan cleanup on readonly fs [ 326.904378][ T4795] EXT4-fs error (device loop1): ext4_quota_enable:6975: comm syz.1.1316: Bad quota inum: 64, type: 0 [ 326.915997][ T4795] EXT4-fs (loop1): Remounting filesystem read-only [ 326.922359][ T4795] EXT4-fs warning (device loop1): ext4_enable_quotas:7023: Failed to enable quota tracking (type=0, err=-117, ino=64). Please run e2fsck to fix. [ 326.936950][ T4795] EXT4-fs (loop1): Cannot turn on quotas: error -117 [ 326.943534][ T4795] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 328.002738][ T8] Bluetooth: hci0: Frame reassembly failed (-84) [ 328.199033][ T297] EXT4-fs (loop3): unmounting filesystem. [ 328.206014][ T294] EXT4-fs (loop1): unmounting filesystem. [ 328.405556][ T4819] loop3: detected capacity change from 0 to 512 [ 328.413071][ T421] usb 6-1: new high-speed USB device number 25 using dummy_hcd [ 328.422925][ T4819] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 328.505811][ T305] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 328.601253][ T4819] EXT4-fs (loop3): orphan cleanup on readonly fs [ 328.607700][ T4819] EXT4-fs error (device loop3): ext4_quota_enable:6975: comm syz.3.1319: Bad quota inum: 64, type: 0 [ 328.619759][ T4819] EXT4-fs (loop3): Remounting filesystem read-only [ 328.626137][ T4819] EXT4-fs warning (device loop3): ext4_enable_quotas:7023: Failed to enable quota tracking (type=0, err=-117, ino=64). Please run e2fsck to fix. [ 328.640703][ T4819] EXT4-fs (loop3): Cannot turn on quotas: error -117 [ 328.647394][ T4819] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 328.658544][ T4819] EXT4-fs (loop3): unmounting filesystem. [ 328.716053][ T4823] netlink: 'syz.1.1323': attribute type 4 has an invalid length. [ 328.770016][ T4823] netlink: 'syz.1.1323': attribute type 4 has an invalid length. [ 328.779639][ T421] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 328.803145][ T421] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 328.928638][ T305] usb 5-1: Using ep0 maxpacket: 8 [ 328.935508][ T305] usb 5-1: config 179 has an invalid interface number: 65 but max is 0 [ 328.952261][ T305] usb 5-1: config 179 has no interface number 0 [ 328.971711][ T421] usb 6-1: New USB device found, idVendor=05ab, idProduct=0301, bcdDevice= 1.00 [ 329.002779][ T305] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 329.020124][ T421] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 329.072547][ T4819] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1319'. [ 329.123817][ T305] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 329.153370][ T421] usb 6-1: Product: syz [ 329.161093][ T421] usb 6-1: Manufacturer: syz [ 329.166422][ T305] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 329.178786][ T421] usb 6-1: SerialNumber: syz [ 329.206045][ T4830] netlink: 'syz.1.1324': attribute type 4 has an invalid length. [ 329.376705][ T421] usb 6-1: config 0 descriptor?? [ 329.381591][ T305] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 329.393136][ T305] usb 5-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 329.407120][ T4831] netlink: 'syz.1.1324': attribute type 4 has an invalid length. [ 329.421045][ T305] usb 5-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 329.439316][ T305] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 329.469582][ T4806] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 330.005323][ T24] usb 6-1: USB disconnect, device number 25 [ 330.015588][ T690] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 330.015732][ T45] Bluetooth: hci0: command 0x1003 tx timeout [ 330.140753][ T4839] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1326'. [ 330.156507][ T4802] Bluetooth: hci0: Opcode 0x0c1a failed: -22 [ 330.506710][ T305] usb 5-1: USB disconnect, device number 26 [ 330.506770][ C0] xpad 5-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 330.506808][ C0] xpad 5-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 330.711529][ T4843] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1328'. [ 331.543718][ T4852] loop4: detected capacity change from 0 to 512 [ 331.556938][ T4852] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 331.623345][ T4852] EXT4-fs (loop4): orphan cleanup on readonly fs [ 331.629803][ T4852] EXT4-fs error (device loop4): ext4_quota_enable:6975: comm syz.4.1329: Bad quota inum: 64, type: 0 [ 331.642719][ T4852] EXT4-fs (loop4): Remounting filesystem read-only [ 331.649137][ T4852] EXT4-fs warning (device loop4): ext4_enable_quotas:7023: Failed to enable quota tracking (type=0, err=-117, ino=64). Please run e2fsck to fix. [ 331.663733][ T4852] EXT4-fs (loop4): Cannot turn on quotas: error -117 [ 331.670218][ T4852] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 331.719804][ T329] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 331.719839][ T19] usb 2-1: new high-speed USB device number 33 using dummy_hcd [ 332.203454][ T4858] loop5: detected capacity change from 0 to 512 [ 332.215754][ T4858] EXT4-fs: Ignoring removed i_version option [ 332.220744][ T19] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 332.223850][ T4858] EXT4-fs: Ignoring removed mblk_io_submit option [ 332.232804][ T19] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 332.248883][ T19] usb 2-1: New USB device found, idVendor=05ac, idProduct=0265, bcdDevice= 0.00 [ 332.258033][ T19] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 332.270541][ T19] usb 2-1: config 0 descriptor?? [ 332.279434][ T4858] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 332.294666][ T4863] netlink: 'syz.0.1334': attribute type 4 has an invalid length. [ 332.302478][ T329] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 332.314277][ T4863] netlink: 'syz.0.1334': attribute type 4 has an invalid length. [ 332.324811][ T4858] EXT4-fs (loop5): 1 truncate cleaned up [ 332.330407][ T4858] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 332.339400][ T329] usb 4-1: New USB device found, idVendor=0421, idProduct=0007, bcdDevice=b8.51 [ 332.355546][ T329] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 332.461457][ T329] usb 4-1: Product: syz [ 332.468678][ T329] usb 4-1: Manufacturer: syz [ 332.473247][ T329] usb 4-1: SerialNumber: syz [ 332.484360][ T329] usb 4-1: config 0 descriptor?? [ 332.492397][ T329] usb 4-1: bad CDC descriptors [ 332.600825][ T329] cdc_acm 4-1:0.0: Zero length descriptor references [ 332.608342][ T329] cdc_acm: probe of 4-1:0.0 failed with error -22 [ 335.623628][ T2349] EXT4-fs (loop5): unmounting filesystem. [ 335.654438][ T19] usbhid 2-1:0.0: can't add hid device: -71 [ 335.661115][ T19] usbhid: probe of 2-1:0.0 failed with error -71 [ 335.695643][ T19] usb 2-1: USB disconnect, device number 33 [ 336.840454][ T329] usb 4-1: USB disconnect, device number 27 [ 336.855585][ T295] EXT4-fs (loop4): unmounting filesystem. [ 336.895897][ T4892] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1342'. [ 336.897606][ T8] Bluetooth: hci0: Frame reassembly failed (-84) [ 336.914491][ T8] Bluetooth: hci1: Frame reassembly failed (-84) [ 336.943154][ T8] Bluetooth: hci2: Frame reassembly failed (-84) [ 337.165481][ T24] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 337.205506][ T305] usb 1-1: new high-speed USB device number 27 using dummy_hcd [ 337.255465][ T39] usb 6-1: new high-speed USB device number 26 using dummy_hcd [ 337.305436][ T329] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 337.346496][ T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 337.355446][ T19] usb 2-1: new high-speed USB device number 34 using dummy_hcd [ 337.357282][ T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 337.374376][ T24] usb 5-1: New USB device found, idVendor=05ac, idProduct=0265, bcdDevice= 0.00 [ 337.383153][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 337.386657][ T305] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 337.392263][ T24] usb 5-1: config 0 descriptor?? [ 337.405767][ T305] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 337.415994][ T305] usb 1-1: New USB device found, idVendor=05ab, idProduct=0301, bcdDevice= 1.00 [ 337.424874][ T305] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 337.432824][ T305] usb 1-1: Product: syz [ 337.436987][ T305] usb 1-1: Manufacturer: syz [ 337.441511][ T305] usb 1-1: SerialNumber: syz [ 337.445471][ T39] usb 6-1: Using ep0 maxpacket: 8 [ 337.447358][ T305] usb 1-1: config 0 descriptor?? [ 337.456724][ T39] usb 6-1: config 179 has an invalid interface number: 65 but max is 0 [ 337.464838][ T39] usb 6-1: config 179 has no interface number 0 [ 337.471118][ T39] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 337.482033][ T39] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 337.485471][ T329] usb 4-1: Using ep0 maxpacket: 8 [ 337.493050][ T39] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 337.499658][ T329] usb 4-1: config 179 has an invalid interface number: 65 but max is 0 [ 337.508839][ T39] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 337.517475][ T329] usb 4-1: config 179 has no interface number 0 [ 337.528413][ T39] usb 6-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 337.534401][ T329] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 337.547488][ T39] usb 6-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 337.558152][ T19] usb 2-1: Using ep0 maxpacket: 8 [ 337.567250][ T39] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 337.572075][ T329] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 337.581657][ T4902] raw-gadget.3 gadget.5: fail, usb_ep_enable returned -22 [ 337.591260][ T329] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 337.608677][ T329] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 337.620005][ T329] usb 4-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 337.633163][ T19] usb 2-1: config 179 has an invalid interface number: 65 but max is 0 [ 337.641300][ T329] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 337.650152][ T19] usb 2-1: config 179 has no interface number 0 [ 337.656248][ T19] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 337.659333][ T39] usb 1-1: USB disconnect, device number 27 [ 337.667059][ T329] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 337.667487][ T19] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 337.692210][ T4899] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 337.699280][ T19] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 337.713421][ T19] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 337.724843][ T19] usb 2-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 337.737866][ T19] usb 2-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 337.746696][ T19] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 337.755952][ T4903] raw-gadget.4 gadget.1: fail, usb_ep_enable returned -22 [ 337.810057][ T24] magicmouse 0003:05AC:0265.000E: unknown main item tag 0x0 [ 337.817704][ T24] magicmouse 0003:05AC:0265.000E: unknown main item tag 0x0 [ 337.824948][ T24] magicmouse 0003:05AC:0265.000E: unknown main item tag 0x0 [ 337.833625][ T24] magicmouse 0003:05AC:0265.000E: hidraw0: USB HID v0.00 Device [HID 05ac:0265] on usb-dummy_hcd.4-1/input0 [ 337.845229][ T24] magicmouse 0003:05AC:0265.000E: magicmouse input not registered [ 337.855634][ T24] magicmouse: probe of 0003:05AC:0265.000E failed with error -12 [ 338.026814][ T39] usb 5-1: USB disconnect, device number 27 [ 338.080089][ T4902] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 338.088618][ T4902] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 338.176303][ T4899] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 338.184804][ T4899] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 338.200562][ T4903] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 338.209208][ T4903] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 338.310954][ T4906] netlink: 'syz.0.1345': attribute type 4 has an invalid length. [ 338.320365][ T4906] netlink: 'syz.0.1345': attribute type 4 has an invalid length. [ 338.895654][ T2099] Bluetooth: hci0: command 0x1003 tx timeout [ 338.905628][ T690] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 338.916074][ T4889] Bluetooth: hci0: Opcode 0x0c1a failed: -22 [ 338.922687][ T4893] Bluetooth: hci0: Opcode 0x0c1a failed: -22 [ 338.930636][ T4900] Bluetooth: hci0: Opcode 0x0c1a failed: -22 [ 338.975533][ T690] Bluetooth: hci2: command 0x1003 tx timeout [ 338.975642][ T45] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 338.975667][ T2099] Bluetooth: hci1: command 0x1003 tx timeout [ 339.005631][ T1352] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 339.846383][ T4921] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1349'. [ 339.925632][ T19] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 340.128847][ T19] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 340.139264][ T19] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8E has invalid maxpacket 0 [ 340.152762][ T19] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 340.165794][ T19] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0xA has invalid maxpacket 0 [ 340.180889][ T19] usb 5-1: New USB device found, idVendor=05ab, idProduct=0301, bcdDevice= 1.00 [ 340.192472][ T19] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 340.201958][ T19] usb 5-1: Product: syz [ 340.206759][ T19] usb 5-1: Manufacturer: syz [ 340.212073][ T19] usb 5-1: SerialNumber: syz [ 340.279869][ T19] usb 5-1: config 0 descriptor?? [ 340.312038][ T19] ums-isd200 5-1:0.0: USB Mass Storage device detected [ 340.968923][ T19] scsi host1: usb-storage 5-1:0.0 [ 340.975617][ T1352] Bluetooth: hci0: command 0x0c1a tx timeout [ 341.011330][ T39] usb 2-1: USB disconnect, device number 34 [ 341.011367][ C0] xpad 2-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 341.011399][ C0] xpad 2-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 341.022383][ T19] usb 5-1: USB disconnect, device number 28 [ 341.031964][ T24] usb 4-1: USB disconnect, device number 28 [ 341.033633][ C0] xpad 4-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 341.043488][ C1] xpad 6-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 341.045401][ C0] dummy_hcd dummy_hcd.3: timer fired with no URBs pending? [ 341.053246][ C1] xpad 6-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 341.100430][ T469] usb 6-1: USB disconnect, device number 26 [ 341.118156][ T4934] loop1: detected capacity change from 0 to 512 [ 341.129920][ T4934] EXT4-fs: Ignoring removed i_version option [ 341.151370][ T4934] EXT4-fs: Ignoring removed mblk_io_submit option [ 341.158576][ T4934] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 341.170986][ T4934] EXT4-fs (loop1): 1 truncate cleaned up [ 341.176931][ T4934] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 342.475608][ T329] usb 1-1: new high-speed USB device number 28 using dummy_hcd [ 344.656391][ T4961] loop3: detected capacity change from 0 to 512 [ 344.668585][ T4962] loop5: detected capacity change from 0 to 512 [ 344.677434][ T4961] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 344.687270][ T4962] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended [ 344.720988][ T294] EXT4-fs (loop1): unmounting filesystem. [ 344.726869][ T329] usb 1-1: Using ep0 maxpacket: 8 [ 344.741587][ T4936] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 344.789265][ T4961] EXT4-fs (loop3): orphan cleanup on readonly fs [ 344.795535][ T4961] EXT4-fs error (device loop3): ext4_quota_enable:6975: comm syz.3.1357: Bad quota inum: 64, type: 0 [ 344.807462][ T4961] EXT4-fs (loop3): Remounting filesystem read-only [ 344.813941][ T4961] EXT4-fs warning (device loop3): ext4_enable_quotas:7023: Failed to enable quota tracking (type=0, err=-117, ino=64). Please run e2fsck to fix. [ 344.828582][ T4961] EXT4-fs (loop3): Cannot turn on quotas: error -117 [ 344.835193][ T4961] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 345.174609][ T4962] EXT4-fs (loop5): orphan cleanup on readonly fs [ 345.180900][ T4962] EXT4-fs error (device loop5): ext4_quota_enable:6975: comm syz.5.1356: Bad quota inum: 64, type: 0 [ 345.192603][ T4962] EXT4-fs (loop5): Remounting filesystem read-only [ 345.199028][ T4962] EXT4-fs warning (device loop5): ext4_enable_quotas:7023: Failed to enable quota tracking (type=0, err=-117, ino=64). Please run e2fsck to fix. [ 345.213707][ T4962] EXT4-fs (loop5): Cannot turn on quotas: error -117 [ 345.220225][ T4962] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 345.232141][ T4962] EXT4-fs (loop5): unmounting filesystem. [ 345.259427][ T1375] Bluetooth: hci0: Frame reassembly failed (-84) [ 345.550520][ T1375] Bluetooth: hci0: Frame reassembly failed (-84) [ 345.611590][ T329] usb 1-1: device descriptor read/all, error -71 [ 346.275333][ T4969] loop4: detected capacity change from 0 to 512 [ 346.283627][ T4969] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 346.351520][ T297] EXT4-fs (loop3): unmounting filesystem. [ 346.504355][ T4969] EXT4-fs (loop4): orphan cleanup on readonly fs [ 346.510643][ T4969] EXT4-fs error (device loop4): ext4_quota_enable:6975: comm syz.4.1359: Bad quota inum: 64, type: 0 [ 346.522529][ T4969] EXT4-fs (loop4): Remounting filesystem read-only [ 346.528912][ T4969] EXT4-fs warning (device loop4): ext4_enable_quotas:7023: Failed to enable quota tracking (type=0, err=-117, ino=64). Please run e2fsck to fix. [ 346.543411][ T4969] EXT4-fs (loop4): Cannot turn on quotas: error -117 [ 346.550013][ T4969] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 346.955523][ T43] Bluetooth: hci1: Frame reassembly failed (-84) [ 347.108288][ T295] EXT4-fs (loop4): unmounting filesystem. [ 347.135447][ T24] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 347.317897][ T4989] loop4: detected capacity change from 0 to 512 [ 347.329786][ T1352] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 347.376991][ T4989] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 347.516425][ T4989] EXT4-fs (loop4): orphan cleanup on readonly fs [ 347.522679][ T4989] EXT4-fs error (device loop4): ext4_quota_enable:6975: comm syz.4.1363: Bad quota inum: 64, type: 0 [ 347.535231][ T4989] EXT4-fs (loop4): Remounting filesystem read-only [ 347.541800][ T4989] EXT4-fs warning (device loop4): ext4_enable_quotas:7023: Failed to enable quota tracking (type=0, err=-117, ino=64). Please run e2fsck to fix. [ 347.556306][ T4989] EXT4-fs (loop4): Cannot turn on quotas: error -117 [ 347.562803][ T4989] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 347.574135][ T4989] EXT4-fs (loop4): unmounting filesystem. [ 348.234345][ T4989] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1363'. [ 348.984177][ T5015] loop5: detected capacity change from 0 to 512 [ 349.196305][ T24] usb 4-1: Using ep0 maxpacket: 8 [ 349.205502][ T2099] Bluetooth: hci1: command 0x1003 tx timeout [ 349.223890][ T24] usb 4-1: config 179 has an invalid interface number: 65 but max is 0 [ 353.410075][ T5012] loop1: detected capacity change from 0 to 512 [ 353.463289][ T24] usb 4-1: config 179 has no interface number 0 [ 353.473250][ T24] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 353.489185][ T5015] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended [ 353.498827][ T5015] EXT4-fs: failed to create workqueue [ 353.504043][ T5015] EXT4-fs (loop5): mount failed [ 353.509544][ T5012] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 353.540128][ T24] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 353.559893][ T5012] EXT4-fs (loop1): orphan cleanup on readonly fs [ 353.566098][ T5012] EXT4-fs error (device loop1): ext4_quota_enable:6975: comm syz.1.1369: Bad quota inum: 64, type: 0 [ 353.577069][ T45] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 353.583242][ T5012] EXT4-fs (loop1): Remounting filesystem read-only [ 353.590127][ T5012] EXT4-fs warning (device loop1): ext4_enable_quotas:7023: Failed to enable quota tracking (type=0, err=-117, ino=64). Please run e2fsck to fix. [ 353.604654][ T5012] EXT4-fs (loop1): Cannot turn on quotas: error -117 [ 353.611175][ T5012] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 353.789504][ T325] Bluetooth: hci0: Frame reassembly failed (-84) [ 354.303519][ T24] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 354.314562][ T24] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 354.326222][ T24] usb 4-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 354.351553][ T5030] loop4: detected capacity change from 0 to 512 [ 354.385809][ T5030] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 354.449001][ T5030] EXT4-fs (loop4): orphan cleanup on readonly fs [ 354.455290][ T5030] EXT4-fs error (device loop4): ext4_quota_enable:6975: comm syz.4.1373: Bad quota inum: 64, type: 0 [ 354.467366][ T5030] EXT4-fs (loop4): Remounting filesystem read-only [ 354.473718][ T5030] EXT4-fs warning (device loop4): ext4_enable_quotas:7023: Failed to enable quota tracking (type=0, err=-117, ino=64). Please run e2fsck to fix. [ 354.488269][ T5030] EXT4-fs (loop4): Cannot turn on quotas: error -117 [ 354.494755][ T5030] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 354.783012][ T24] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 354.791941][ T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 354.801018][ T24] usb 4-1: can't set config #179, error -71 [ 354.807657][ T24] usb 4-1: USB disconnect, device number 29 [ 354.858468][ T294] EXT4-fs (loop1): unmounting filesystem. [ 354.888074][ T295] EXT4-fs (loop4): unmounting filesystem. [ 354.986803][ T10] Bluetooth: hci1: Frame reassembly failed (-84) [ 355.037088][ T5039] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 355.059986][ T5039] picdev_read: 2 callbacks suppressed [ 355.060010][ T5039] kvm: pic: non byte read [ 355.070581][ T5039] kvm: pic: non byte read [ 355.074883][ T5039] kvm: pic: single mode not supported [ 355.074957][ T5039] kvm: pic: non byte read [ 355.085160][ T5039] kvm: pic: non byte read [ 355.089581][ T5039] kvm: pic: level sensitive irq not supported [ 355.089651][ T5039] kvm: pic: non byte read [ 355.100290][ T5039] kvm: pic: non byte read [ 355.104672][ T5039] kvm: pic: non byte read [ 355.109332][ T5039] kvm: pic: non byte read [ 355.113646][ T5039] kvm: pic: single mode not supported [ 355.113657][ T5039] kvm: pic: level sensitive irq not supported [ 355.119020][ T5039] kvm: pic: non byte read [ 355.129857][ T5039] kvm: pic: non byte read [ 355.134624][ T5039] kvm: pic: single mode not supported [ 355.134638][ T5039] kvm: pic: level sensitive irq not supported [ 355.146028][ T5039] kvm: pic: single mode not supported [ 355.151984][ T5039] kvm: pic: level sensitive irq not supported [ 355.215460][ T24] usb 4-1: new high-speed USB device number 30 using dummy_hcd [ 355.315414][ T329] usb 2-1: new high-speed USB device number 35 using dummy_hcd [ 355.406291][ T24] usb 4-1: Using ep0 maxpacket: 8 [ 355.419572][ T24] usb 4-1: config 179 has an invalid interface number: 65 but max is 0 [ 355.430549][ T24] usb 4-1: config 179 has no interface number 0 [ 355.462549][ T5060] loop4: detected capacity change from 0 to 512 [ 355.473321][ T5060] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 355.498280][ T5060] EXT4-fs (loop4): orphan cleanup on readonly fs [ 355.504492][ T5060] EXT4-fs error (device loop4): ext4_quota_enable:6975: comm syz.4.1382: Bad quota inum: 64, type: 0 [ 355.515683][ T329] usb 2-1: Using ep0 maxpacket: 8 [ 355.522293][ T5060] EXT4-fs (loop4): Remounting filesystem read-only [ 355.528757][ T5060] EXT4-fs warning (device loop4): ext4_enable_quotas:7023: Failed to enable quota tracking (type=0, err=-117, ino=64). Please run e2fsck to fix. [ 355.543466][ T5060] EXT4-fs (loop4): Cannot turn on quotas: error -117 [ 355.550020][ T5060] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 355.561548][ T5060] EXT4-fs (loop4): unmounting filesystem. [ 355.567911][ T329] usb 2-1: config 179 has an invalid interface number: 65 but max is 0 [ 355.608648][ T24] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 355.616884][ T329] usb 2-1: config 179 has no interface number 0 [ 355.628126][ T329] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 355.641913][ T329] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 355.654452][ T329] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 355.665855][ T24] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 355.674837][ T329] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 355.689815][ T24] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 355.702947][ T24] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 355.704958][ T329] usb 2-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 355.715557][ T24] usb 4-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 355.742227][ T329] usb 2-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 355.751308][ T329] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 355.855692][ T2099] Bluetooth: hci0: command 0x1003 tx timeout [ 355.855725][ T1352] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 355.868228][ T5028] Bluetooth: hci0: Opcode 0x0c1a failed: -22 [ 355.874452][ T5048] Bluetooth: hci0: Opcode 0x0c1a failed: -22 [ 355.920725][ T5064] fuse: Unknown parameter 'use00000000000000000000' [ 355.942410][ T5051] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 356.821603][ T24] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 356.830562][ T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 356.836016][ T5070] loop5: detected capacity change from 0 to 512 [ 356.846476][ T5070] EXT4-fs: Ignoring removed i_version option [ 356.852389][ T5070] EXT4-fs: Ignoring removed mblk_io_submit option [ 356.860302][ T24] usb 4-1: can't set config #179, error -71 [ 356.866634][ T5070] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 356.876581][ T24] usb 4-1: USB disconnect, device number 30 [ 356.929337][ T5070] EXT4-fs (loop5): 1 truncate cleaned up [ 356.936762][ T5070] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 357.064755][ T1352] Bluetooth: hci1: command 0x1003 tx timeout [ 357.070727][ T45] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 357.100987][ T5048] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 357.111208][ T5048] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 357.228999][ T5081] loop4: detected capacity change from 0 to 512 [ 357.237115][ T5081] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 357.276724][ T5081] EXT4-fs (loop4): orphan cleanup on readonly fs [ 357.283003][ T5081] EXT4-fs error (device loop4): ext4_quota_enable:6975: comm syz.4.1387: Bad quota inum: 64, type: 0 [ 357.296181][ T5081] EXT4-fs (loop4): Remounting filesystem read-only [ 357.302642][ T5081] EXT4-fs warning (device loop4): ext4_enable_quotas:7023: Failed to enable quota tracking (type=0, err=-117, ino=64). Please run e2fsck to fix. [ 357.317227][ T5081] EXT4-fs (loop4): Cannot turn on quotas: error -117 [ 357.323861][ T5081] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 357.419617][ T24] usb 4-1: new high-speed USB device number 31 using dummy_hcd [ 357.608840][ T2349] EXT4-fs (loop5): unmounting filesystem. [ 358.370047][ T295] EXT4-fs (loop4): unmounting filesystem. [ 359.205576][ T24] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 359.224917][ T39] usb 2-1: USB disconnect, device number 35 [ 359.224926][ C0] xpad 2-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 359.238854][ C0] xpad 2-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 359.339225][ T5093] loop5: detected capacity change from 0 to 512 [ 359.346975][ T5093] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended [ 359.397814][ T5093] EXT4-fs (loop5): orphan cleanup on readonly fs [ 359.404044][ T5093] EXT4-fs error (device loop5): ext4_quota_enable:6975: comm syz.5.1388: Bad quota inum: 64, type: 0 [ 359.417123][ T5093] EXT4-fs (loop5): Remounting filesystem read-only [ 359.423520][ T5093] EXT4-fs warning (device loop5): ext4_enable_quotas:7023: Failed to enable quota tracking (type=0, err=-117, ino=64). Please run e2fsck to fix. [ 359.438079][ T5093] EXT4-fs (loop5): Cannot turn on quotas: error -117 [ 359.444644][ T5093] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 359.569393][ T1352] Bluetooth: hci0: sending frame failed (-49) [ 359.575597][ T45] Bluetooth: hci0: Opcode 0x1003 failed: -49 [ 359.935767][ T5099] Bluetooth: hci0: Opcode 0x0c1a failed: -22 [ 360.198551][ T24] usb 4-1: New USB device found, idVendor=0421, idProduct=0007, bcdDevice=b8.51 [ 360.207692][ T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 360.217794][ T5111] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 360.382495][ T5110] loop1: detected capacity change from 0 to 512 [ 360.391024][ T5110] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 360.445057][ T2349] EXT4-fs (loop5): unmounting filesystem. [ 360.535499][ T329] usb 5-1: new high-speed USB device number 29 using dummy_hcd [ 360.577155][ T5110] EXT4-fs (loop1): orphan cleanup on readonly fs [ 360.583397][ T5110] EXT4-fs error (device loop1): ext4_quota_enable:6975: comm syz.1.1393: Bad quota inum: 64, type: 0 [ 360.595916][ T5110] EXT4-fs (loop1): Remounting filesystem read-only [ 360.602311][ T5110] EXT4-fs warning (device loop1): ext4_enable_quotas:7023: Failed to enable quota tracking (type=0, err=-117, ino=64). Please run e2fsck to fix. [ 360.616953][ T5110] EXT4-fs (loop1): Cannot turn on quotas: error -117 [ 360.623531][ T5110] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 360.635287][ T5110] EXT4-fs (loop1): unmounting filesystem. [ 360.745571][ T329] usb 5-1: Using ep0 maxpacket: 8 [ 360.752113][ T329] usb 5-1: config 179 has an invalid interface number: 65 but max is 0 [ 360.771140][ T329] usb 5-1: config 179 has no interface number 0 [ 360.863591][ T329] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 360.876939][ T329] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 360.889748][ T329] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 360.902270][ T329] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 360.935952][ T329] usb 5-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 361.059595][ T24] usb 4-1: config 0 descriptor?? [ 361.072771][ T24] usb 4-1: can't set config #0, error -71 [ 361.167360][ T329] usb 5-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 361.183877][ T5120] fuse: Unknown parameter 'use00000000000000000000' [ 361.204427][ T24] usb 4-1: USB disconnect, device number 31 [ 361.227603][ T329] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 361.304724][ T5099] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 362.046294][ T45] Bluetooth: hci0: command 0x0c1a tx timeout [ 362.335483][ T329] usb 6-1: new high-speed USB device number 27 using dummy_hcd [ 362.350173][ T5098] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 362.362126][ T5098] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 362.608561][ T329] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 362.657612][ T329] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 362.742372][ T329] usb 6-1: New USB device found, idVendor=05ac, idProduct=0265, bcdDevice= 0.00 [ 362.867964][ T329] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 362.983692][ T329] usb 6-1: config 0 descriptor?? [ 363.926700][ T19] usb 5-1: USB disconnect, device number 29 [ 363.926743][ C0] xpad 5-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 363.940586][ C0] xpad 5-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 364.006626][ T329] magicmouse 0003:05AC:0265.000F: unknown main item tag 0x0 [ 364.291473][ T329] magicmouse 0003:05AC:0265.000F: unknown main item tag 0x0 [ 364.300609][ T329] magicmouse 0003:05AC:0265.000F: unknown main item tag 0x0 [ 364.345497][ T329] magicmouse 0003:05AC:0265.000F: hidraw0: USB HID v0.00 Device [HID 05ac:0265] on usb-dummy_hcd.5-1/input0 [ 364.464503][ T329] magicmouse 0003:05AC:0265.000F: magicmouse input not registered [ 364.503472][ T329] magicmouse: probe of 0003:05AC:0265.000F failed with error -12 [ 364.605457][ T329] usb 6-1: USB disconnect, device number 27 [ 364.857612][ T5159] loop3: detected capacity change from 0 to 512 [ 364.867834][ T19] usb 1-1: new high-speed USB device number 30 using dummy_hcd [ 364.876918][ T5159] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 364.986467][ T5159] EXT4-fs (loop3): orphan cleanup on readonly fs [ 364.992798][ T5159] EXT4-fs error (device loop3): ext4_quota_enable:6975: comm syz.3.1405: Bad quota inum: 64, type: 0 [ 365.004941][ T5159] EXT4-fs (loop3): Remounting filesystem read-only [ 365.011380][ T5159] EXT4-fs warning (device loop3): ext4_enable_quotas:7023: Failed to enable quota tracking (type=0, err=-117, ino=64). Please run e2fsck to fix. [ 365.025990][ T5159] EXT4-fs (loop3): Cannot turn on quotas: error -117 [ 365.032637][ T5159] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 365.097223][ T19] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 365.335445][ T19] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 365.365442][ T19] usb 1-1: New USB device found, idVendor=05ab, idProduct=0301, bcdDevice= 1.00 [ 365.414824][ T19] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 365.440429][ T19] usb 1-1: Product: syz [ 365.444428][ T19] usb 1-1: Manufacturer: syz [ 365.465415][ T19] usb 1-1: SerialNumber: syz [ 365.488570][ T19] usb 1-1: config 0 descriptor?? [ 365.513847][ T10] Bluetooth: hci0: Frame reassembly failed (-84) [ 365.522356][ T19] ums-isd200 1-1:0.0: USB Mass Storage device detected [ 365.558490][ T297] EXT4-fs (loop3): unmounting filesystem. [ 365.724098][ T24] usb 1-1: USB disconnect, device number 30 [ 365.813653][ T5194] loop4: detected capacity change from 0 to 512 [ 365.822114][ T329] usb 6-1: new high-speed USB device number 28 using dummy_hcd [ 365.866387][ T5194] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 365.902074][ T5194] EXT4-fs (loop4): orphan cleanup on readonly fs [ 365.908339][ T5194] EXT4-fs error (device loop4): ext4_quota_enable:6975: comm syz.4.1419: Bad quota inum: 64, type: 0 [ 365.920749][ T5194] EXT4-fs (loop4): Remounting filesystem read-only [ 365.927138][ T5194] EXT4-fs warning (device loop4): ext4_enable_quotas:7023: Failed to enable quota tracking (type=0, err=-117, ino=64). Please run e2fsck to fix. [ 365.941694][ T5194] EXT4-fs (loop4): Cannot turn on quotas: error -117 [ 365.948285][ T5194] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 365.960407][ T5194] EXT4-fs (loop4): unmounting filesystem. [ 366.065544][ T329] usb 6-1: Using ep0 maxpacket: 8 [ 366.072565][ T329] usb 6-1: config 179 has an invalid interface number: 65 but max is 0 [ 366.083155][ T329] usb 6-1: config 179 has no interface number 0 [ 366.090273][ T329] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 366.102263][ T329] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 366.114657][ T329] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 366.126841][ T329] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 366.139270][ T329] usb 6-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 366.153651][ T329] usb 6-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 366.163919][ T329] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 366.195265][ T5169] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22 [ 367.103921][ T5206] loop3: detected capacity change from 0 to 512 [ 368.856137][ T5212] loop4: detected capacity change from 0 to 512 [ 368.863122][ T1352] Bluetooth: hci0: command 0x1003 tx timeout [ 368.863152][ T45] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 368.880226][ T5212] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 368.890277][ T5206] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 368.959428][ T5167] Bluetooth: hci0: Opcode 0x0c1a failed: -22 [ 368.983642][ T5212] EXT4-fs (loop4): orphan cleanup on readonly fs [ 368.990082][ T5212] EXT4-fs error (device loop4): ext4_quota_enable:6975: comm syz.4.1423: Bad quota inum: 64, type: 0 [ 369.002061][ T5212] EXT4-fs (loop4): Remounting filesystem read-only [ 369.008810][ T5212] EXT4-fs warning (device loop4): ext4_enable_quotas:7023: Failed to enable quota tracking (type=0, err=-117, ino=64). Please run e2fsck to fix. [ 369.023570][ T5212] EXT4-fs (loop4): Cannot turn on quotas: error -117 [ 369.030225][ T5212] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 369.042312][ T5212] EXT4-fs (loop4): unmounting filesystem. [ 369.069203][ T5206] EXT4-fs (loop3): orphan cleanup on readonly fs [ 369.075493][ T5206] EXT4-fs error (device loop3): ext4_quota_enable:6975: comm syz.3.1421: Bad quota inum: 64, type: 0 [ 369.087190][ T5206] EXT4-fs (loop3): Remounting filesystem read-only [ 369.093595][ T5206] EXT4-fs warning (device loop3): ext4_enable_quotas:7023: Failed to enable quota tracking (type=0, err=-117, ino=64). Please run e2fsck to fix. [ 369.108290][ T5206] EXT4-fs (loop3): Cannot turn on quotas: error -117 [ 369.114889][ T5206] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 369.126624][ T5206] EXT4-fs (loop3): unmounting filesystem. [ 369.476696][ T329] usb 6-1: USB disconnect, device number 28 [ 369.476743][ C0] xpad 6-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 369.490565][ C0] xpad 6-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 370.121559][ T5225] loop1: detected capacity change from 0 to 512 [ 370.130301][ T5225] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 370.196316][ T5225] EXT4-fs (loop1): orphan cleanup on readonly fs [ 370.202640][ T5225] EXT4-fs error (device loop1): ext4_quota_enable:6975: comm syz.1.1424: Bad quota inum: 64, type: 0 [ 370.214445][ T5225] EXT4-fs (loop1): Remounting filesystem read-only [ 370.220803][ T5225] EXT4-fs warning (device loop1): ext4_enable_quotas:7023: Failed to enable quota tracking (type=0, err=-117, ino=64). Please run e2fsck to fix. [ 370.235385][ T5225] EXT4-fs (loop1): Cannot turn on quotas: error -117 [ 370.241984][ T5225] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 370.253270][ T5225] EXT4-fs (loop1): unmounting filesystem. [ 370.345441][ T5230] netlink: 'syz.4.1427': attribute type 4 has an invalid length. [ 370.378578][ T2099] Bluetooth: hci0: sending frame failed (-49) [ 370.384574][ T45] Bluetooth: hci0: Opcode 0x1003 failed: -49 [ 370.397503][ T5232] Bluetooth: hci0: Opcode 0x0c1a failed: -22 [ 370.590534][ T5239] netlink: 'syz.4.1427': attribute type 4 has an invalid length. [ 370.667406][ T5230] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1427'. [ 370.775526][ T19] usb 1-1: new high-speed USB device number 31 using dummy_hcd [ 370.966482][ T305] usb 6-1: new high-speed USB device number 29 using dummy_hcd [ 371.015403][ T19] usb 1-1: Using ep0 maxpacket: 8 [ 371.784369][ T19] usb 1-1: config 179 has an invalid interface number: 65 but max is 0 [ 372.162534][ T19] usb 1-1: config 179 has no interface number 0 [ 372.168681][ T19] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 372.180932][ T19] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 372.198741][ T19] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 372.209990][ T305] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 372.220167][ T305] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 372.230030][ T19] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 372.241599][ T305] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8E has invalid maxpacket 0 [ 372.252192][ T19] usb 1-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 372.265635][ T305] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 372.279354][ T19] usb 1-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 372.302352][ T19] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 372.311591][ T305] usb 6-1: New USB device found, idVendor=05ab, idProduct=0301, bcdDevice= 1.00 [ 372.320882][ T305] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 372.328869][ T5235] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 372.337784][ T305] usb 6-1: Product: syz [ 372.341815][ T305] usb 6-1: Manufacturer: syz [ 372.346282][ T305] usb 6-1: SerialNumber: syz [ 372.351955][ T305] usb 6-1: config 0 descriptor?? [ 372.358775][ T305] ums-isd200 6-1:0.0: USB Mass Storage device detected [ 372.417978][ T5264] loop3: detected capacity change from 0 to 512 [ 372.424644][ T45] Bluetooth: hci0: command 0x0c1a tx timeout [ 372.513782][ T5265] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 372.585716][ T305] usb 6-1: USB disconnect, device number 29 [ 372.840608][ T5232] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 372.902446][ T5232] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 373.069580][ T5264] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 373.133196][ T5264] EXT4-fs (loop3): orphan cleanup on readonly fs [ 373.139490][ T5264] EXT4-fs error (device loop3): ext4_quota_enable:6975: comm syz.3.1437: Bad quota inum: 64, type: 0 [ 373.152973][ T5264] EXT4-fs (loop3): Remounting filesystem read-only [ 373.159429][ T5264] EXT4-fs warning (device loop3): ext4_enable_quotas:7023: Failed to enable quota tracking (type=0, err=-117, ino=64). Please run e2fsck to fix. [ 373.173956][ T5264] EXT4-fs (loop3): Cannot turn on quotas: error -117 [ 373.180634][ T5264] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 373.559094][ T297] EXT4-fs (loop3): unmounting filesystem. [ 373.719879][ T5280] loop5: detected capacity change from 0 to 512 [ 374.234514][ T5280] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended [ 374.296252][ T5280] EXT4-fs (loop5): orphan cleanup on readonly fs [ 374.302540][ T5280] EXT4-fs error (device loop5): ext4_quota_enable:6975: comm syz.5.1438: Bad quota inum: 64, type: 0 [ 374.314610][ T5280] EXT4-fs (loop5): Remounting filesystem read-only [ 374.321058][ T5280] EXT4-fs warning (device loop5): ext4_enable_quotas:7023: Failed to enable quota tracking (type=0, err=-117, ino=64). Please run e2fsck to fix. [ 374.335640][ T5280] EXT4-fs (loop5): Cannot turn on quotas: error -117 [ 374.342160][ T5280] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 374.354452][ T5280] EXT4-fs (loop5): unmounting filesystem. [ 374.381574][ T5292] netlink: 'syz.3.1443': attribute type 4 has an invalid length. [ 374.544823][ T5293] netlink: 'syz.3.1443': attribute type 4 has an invalid length. [ 374.555265][ T305] usb 1-1: USB disconnect, device number 31 [ 374.561031][ C0] xpad 1-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 374.561072][ C0] xpad 1-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 374.862348][ T5274] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1438'. [ 376.065395][ T24] usb 6-1: new high-speed USB device number 30 using dummy_hcd [ 376.195415][ T39] usb 4-1: new high-speed USB device number 32 using dummy_hcd [ 376.237665][ T5328] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 376.247446][ T24] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 376.257659][ T24] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 376.267599][ T24] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8E has invalid maxpacket 0 [ 376.277445][ T24] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 376.292075][ T24] usb 6-1: New USB device found, idVendor=05ab, idProduct=0301, bcdDevice= 1.00 [ 376.301289][ T24] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 377.442225][ T5350] loop4: detected capacity change from 0 to 512 [ 377.450482][ T5350] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 377.535090][ T5350] EXT4-fs (loop4): orphan cleanup on readonly fs [ 377.541340][ T5350] EXT4-fs error (device loop4): ext4_quota_enable:6975: comm syz.4.1457: Bad quota inum: 64, type: 0 [ 377.553244][ T5350] EXT4-fs (loop4): Remounting filesystem read-only [ 377.559627][ T5350] EXT4-fs warning (device loop4): ext4_enable_quotas:7023: Failed to enable quota tracking (type=0, err=-117, ino=64). Please run e2fsck to fix. [ 377.574139][ T5350] EXT4-fs (loop4): Cannot turn on quotas: error -117 [ 377.580635][ T5350] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 377.782932][ T39] usb 4-1: Using ep0 maxpacket: 8 [ 378.192654][ T24] usb 6-1: Product: syz [ 378.197064][ T5323] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 378.205559][ T24] usb 6-1: Manufacturer: syz [ 378.210099][ T24] usb 6-1: SerialNumber: syz [ 378.214873][ T39] usb 4-1: config 179 has an invalid interface number: 65 but max is 0 [ 378.223573][ T39] usb 4-1: config 179 has no interface number 0 [ 378.540524][ T5360] loop1: detected capacity change from 0 to 512 [ 378.561119][ T295] EXT4-fs (loop4): unmounting filesystem. [ 378.577052][ T5360] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 378.681429][ T5360] EXT4-fs (loop1): orphan cleanup on readonly fs [ 378.687691][ T5360] EXT4-fs error (device loop1): ext4_quota_enable:6975: comm syz.1.1461: Bad quota inum: 64, type: 0 [ 378.699347][ T5360] EXT4-fs (loop1): Remounting filesystem read-only [ 378.705713][ T5360] EXT4-fs warning (device loop1): ext4_enable_quotas:7023: Failed to enable quota tracking (type=0, err=-117, ino=64). Please run e2fsck to fix. [ 378.720228][ T5360] EXT4-fs (loop1): Cannot turn on quotas: error -117 [ 378.726753][ T5360] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 378.737771][ T5360] EXT4-fs (loop1): unmounting filesystem. [ 379.175644][ T24] usb 6-1: config 0 descriptor?? [ 379.176209][ T5367] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 379.180928][ T24] usb 6-1: can't set config #0, error -71 [ 379.194155][ T39] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 379.205756][ T24] usb 6-1: USB disconnect, device number 30 [ 379.211753][ T39] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 379.223428][ T39] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 379.975089][ T39] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 379.986504][ T39] usb 4-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 379.999736][ T39] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 380.054196][ T39] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 380.075932][ T39] usb 4-1: can't set config #179, error -71 [ 380.089737][ T39] usb 4-1: USB disconnect, device number 32 [ 380.133013][ T5359] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1461'. [ 380.265414][ T45] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 380.291062][ T5383] fuse: Unknown parameter 'user_id00000000000000000000' [ 380.345548][ T24] usb 6-1: new high-speed USB device number 31 using dummy_hcd [ 380.445116][ T5389] loop3: detected capacity change from 0 to 512 [ 380.506890][ T5389] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 380.609426][ T5389] EXT4-fs (loop3): orphan cleanup on readonly fs [ 380.615685][ T5389] EXT4-fs error (device loop3): ext4_quota_enable:6975: comm syz.3.1469: Bad quota inum: 64, type: 0 [ 380.627570][ T5389] EXT4-fs (loop3): Remounting filesystem read-only [ 380.634044][ T5389] EXT4-fs warning (device loop3): ext4_enable_quotas:7023: Failed to enable quota tracking (type=0, err=-117, ino=64). Please run e2fsck to fix. [ 380.648575][ T5389] EXT4-fs (loop3): Cannot turn on quotas: error -117 [ 380.655093][ T5389] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 380.666436][ T5389] EXT4-fs (loop3): unmounting filesystem. [ 382.608474][ T24] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 382.651595][ T24] usb 6-1: New USB device found, idVendor=0421, idProduct=0007, bcdDevice=b8.51 [ 382.662995][ T24] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 382.671484][ T24] usb 6-1: Product: syz [ 382.676180][ T24] usb 6-1: Manufacturer: syz [ 382.680595][ T24] usb 6-1: SerialNumber: syz [ 382.690448][ T24] usb 6-1: config 0 descriptor?? [ 382.718250][ T24] usb 6-1: can't set config #0, error -71 [ 382.745700][ T24] usb 6-1: USB disconnect, device number 31 [ 382.784978][ T8] Bluetooth: hci0: Frame reassembly failed (-84) [ 383.014955][ T5421] loop5: detected capacity change from 0 to 512 [ 383.037145][ T5421] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended [ 383.135333][ T5421] EXT4-fs (loop5): orphan cleanup on readonly fs [ 383.141807][ T5421] EXT4-fs error (device loop5): ext4_quota_enable:6975: comm syz.5.1480: Bad quota inum: 64, type: 0 [ 383.153837][ T5421] EXT4-fs (loop5): Remounting filesystem read-only [ 383.160267][ T5421] EXT4-fs warning (device loop5): ext4_enable_quotas:7023: Failed to enable quota tracking (type=0, err=-117, ino=64). Please run e2fsck to fix. [ 383.174956][ T5421] EXT4-fs (loop5): Cannot turn on quotas: error -117 [ 383.181533][ T5421] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 383.192941][ T5421] EXT4-fs (loop5): unmounting filesystem. [ 383.237204][ T5425] fuse: Unknown parameter 'user_id00000000000000000000' [ 383.333154][ T5421] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1480'. [ 383.403132][ T39] usb 4-1: new high-speed USB device number 33 using dummy_hcd [ 383.517917][ T5326] usb 2-1: new high-speed USB device number 36 using dummy_hcd [ 383.706554][ T39] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 383.730972][ T39] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 383.759219][ T39] usb 4-1: New USB device found, idVendor=05ac, idProduct=0265, bcdDevice= 0.00 [ 383.775426][ T5326] usb 2-1: Using ep0 maxpacket: 8 [ 383.781411][ T5326] usb 2-1: config 179 has an invalid interface number: 65 but max is 0 [ 383.798404][ T39] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 383.816533][ T5326] usb 2-1: config 179 has no interface number 0 [ 383.838732][ T39] usb 4-1: config 0 descriptor?? [ 383.846548][ T5326] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 383.964507][ T5326] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 383.985375][ T5326] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 384.004563][ T5326] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 385.071793][ T2099] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 385.095974][ T45] Bluetooth: hci0: command 0x1003 tx timeout [ 385.102174][ T5415] Bluetooth: hci0: Opcode 0x0c1a failed: -22 [ 385.118966][ T5326] usb 2-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 385.162471][ T5326] usb 2-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 385.181563][ T5326] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 385.205150][ T5417] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 385.311030][ T39] magicmouse 0003:05AC:0265.0010: unknown main item tag 0x0 [ 385.321327][ T39] magicmouse 0003:05AC:0265.0010: unknown main item tag 0x0 [ 385.328884][ T39] magicmouse 0003:05AC:0265.0010: unknown main item tag 0x0 [ 385.337312][ T39] magicmouse 0003:05AC:0265.0010: hidraw0: USB HID v0.00 Device [HID 05ac:0265] on usb-dummy_hcd.3-1/input0 [ 385.349639][ T39] magicmouse 0003:05AC:0265.0010: magicmouse input not registered [ 385.360262][ T39] magicmouse: probe of 0003:05AC:0265.0010 failed with error -12 [ 385.438281][ T5446] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 385.522949][ T19] usb 4-1: USB disconnect, device number 33 [ 385.624294][ T5415] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 385.632703][ T5415] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 385.735468][ T39] usb 1-1: new high-speed USB device number 32 using dummy_hcd [ 385.835441][ T305] usb 6-1: new high-speed USB device number 32 using dummy_hcd [ 385.936570][ T39] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 385.948015][ T39] usb 1-1: New USB device found, idVendor=0421, idProduct=0007, bcdDevice=b8.51 [ 385.957060][ T39] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 385.964923][ T39] usb 1-1: Product: syz [ 385.968928][ T39] usb 1-1: Manufacturer: syz [ 385.973409][ T39] usb 1-1: SerialNumber: syz [ 385.978931][ T39] usb 1-1: config 0 descriptor?? [ 385.984581][ T39] usb 1-1: bad CDC descriptors [ 385.989460][ T39] cdc_acm 1-1:0.0: Zero length descriptor references [ 385.996028][ T39] cdc_acm: probe of 1-1:0.0 failed with error -22 [ 386.016587][ T305] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 386.028360][ T305] usb 6-1: New USB device found, idVendor=0421, idProduct=0007, bcdDevice=b8.51 [ 386.043508][ T305] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 386.051495][ T305] usb 6-1: Product: syz [ 386.055588][ T305] usb 6-1: Manufacturer: syz [ 386.060195][ T305] usb 6-1: SerialNumber: syz [ 386.065740][ T305] usb 6-1: config 0 descriptor?? [ 386.071313][ T305] usb 6-1: bad CDC descriptors [ 386.076331][ T305] cdc_acm 6-1:0.0: Zero length descriptor references [ 386.082827][ T305] cdc_acm: probe of 6-1:0.0 failed with error -22 [ 386.181104][ T5461] loop3: detected capacity change from 0 to 512 [ 386.189755][ T5461] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 386.217510][ T5461] EXT4-fs (loop3): orphan cleanup on readonly fs [ 386.223751][ T5461] EXT4-fs error (device loop3): ext4_quota_enable:6975: comm syz.3.1491: Bad quota inum: 64, type: 0 [ 386.235232][ T5461] EXT4-fs (loop3): Remounting filesystem read-only [ 386.241644][ T5461] EXT4-fs warning (device loop3): ext4_enable_quotas:7023: Failed to enable quota tracking (type=0, err=-117, ino=64). Please run e2fsck to fix. [ 386.256147][ T5461] EXT4-fs (loop3): Cannot turn on quotas: error -117 [ 386.262606][ T5461] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 386.341067][ T305] usb 6-1: USB disconnect, device number 32 [ 386.383059][ T5464] fuse: Bad value for 'fd' [ 386.390192][ T19] usb 1-1: USB disconnect, device number 32 [ 387.436754][ T2099] Bluetooth: hci0: command 0x0c1a tx timeout [ 387.444002][ T5468] loop4: detected capacity change from 0 to 512 [ 387.460927][ T5468] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 387.478813][ T297] EXT4-fs (loop3): unmounting filesystem. [ 387.528379][ T5468] EXT4-fs (loop4): orphan cleanup on readonly fs [ 387.534598][ T5468] EXT4-fs error (device loop4): ext4_quota_enable:6975: comm syz.4.1493: Bad quota inum: 64, type: 0 [ 387.546556][ T5468] EXT4-fs (loop4): Remounting filesystem read-only [ 387.552914][ T5468] EXT4-fs warning (device loop4): ext4_enable_quotas:7023: Failed to enable quota tracking (type=0, err=-117, ino=64). Please run e2fsck to fix. [ 387.567465][ T5468] EXT4-fs (loop4): Cannot turn on quotas: error -117 [ 387.573950][ T5468] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 387.627007][ T19] usb 2-1: USB disconnect, device number 36 [ 387.627008][ C1] xpad 2-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 387.627142][ C1] xpad 2-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 388.412217][ T295] EXT4-fs (loop4): unmounting filesystem. [ 388.503050][ T5496] loop5: detected capacity change from 0 to 256 [ 388.510561][ T5496] exfat: Deprecated parameter 'utf8' [ 388.515882][ T5496] exfat: Deprecated parameter 'namecase' [ 388.521413][ T5496] exfat: Deprecated parameter 'utf8' [ 388.526751][ T5496] exfat: Bad value for 'umask' [ 388.720442][ T5498] fuse: Bad value for 'fd' [ 389.022132][ T5504] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 389.586813][ T8] Bluetooth: hci0: Frame reassembly failed (-84) [ 389.714415][ T5530] fuse: Bad value for 'fd' [ 389.978884][ T5540] loop1: detected capacity change from 0 to 256 [ 389.989751][ T5540] exfat: Deprecated parameter 'utf8' [ 389.995398][ T5540] exfat: Deprecated parameter 'namecase' [ 390.001121][ T5540] exfat: Deprecated parameter 'utf8' [ 390.006894][ T5540] exfat: Bad value for 'umask' [ 393.514831][ T5541] loop3: detected capacity change from 0 to 512 [ 395.215266][ T45] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 395.218389][ T5542] loop4: detected capacity change from 0 to 512 [ 395.242621][ T5541] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 395.253623][ T5542] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 395.263320][ T5542] EXT4-fs: failed to create workqueue [ 395.268529][ T5542] EXT4-fs (loop4): mount failed [ 395.280901][ T5541] EXT4-fs: failed to create workqueue [ 395.330826][ T5541] EXT4-fs (loop3): mount failed [ 395.335719][ T2099] Bluetooth: hci0: command 0x1003 tx timeout [ 395.341669][ T19] usb 1-1: new high-speed USB device number 33 using dummy_hcd [ 395.365500][ T5520] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 395.894122][ T5572] fuse: Unknown parameter '0x0000000000000005' [ 396.156975][ T5584] loop1: detected capacity change from 0 to 512 [ 396.166860][ T5584] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 396.245492][ T329] usb 6-1: new high-speed USB device number 33 using dummy_hcd [ 396.268507][ T5584] EXT4-fs (loop1): orphan cleanup on readonly fs [ 396.274751][ T5584] EXT4-fs error (device loop1): ext4_quota_enable:6975: comm syz.1.1529: Bad quota inum: 64, type: 0 [ 396.286940][ T5584] EXT4-fs (loop1): Remounting filesystem read-only [ 396.293307][ T5584] EXT4-fs warning (device loop1): ext4_enable_quotas:7023: Failed to enable quota tracking (type=0, err=-117, ino=64). Please run e2fsck to fix. [ 396.307949][ T5584] EXT4-fs (loop1): Cannot turn on quotas: error -117 [ 396.314610][ T5584] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 396.326064][ T5584] EXT4-fs (loop1): unmounting filesystem. [ 396.557402][ T329] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 396.619445][ T329] usb 6-1: New USB device found, idVendor=0421, idProduct=0007, bcdDevice=b8.51 [ 396.684274][ T329] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 396.778237][ T329] usb 6-1: Product: syz [ 396.810119][ T329] usb 6-1: Manufacturer: syz [ 397.213061][ T329] usb 6-1: SerialNumber: syz [ 397.222296][ T329] usb 6-1: config 0 descriptor?? [ 397.229570][ T329] usb 6-1: bad CDC descriptors [ 397.234320][ T329] cdc_acm 6-1:0.0: Zero length descriptor references [ 397.251507][ T329] cdc_acm: probe of 6-1:0.0 failed with error -22 [ 397.348110][ T5593] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 397.378142][ T5593] picdev_read: 2 callbacks suppressed [ 397.378163][ T5593] kvm: pic: non byte read [ 397.395203][ T5593] kvm: pic: non byte read [ 397.410824][ T5593] kvm: pic: single mode not supported [ 397.410958][ T5593] kvm: pic: non byte read [ 397.424422][ T5593] kvm: pic: non byte read [ 397.429087][ T5593] kvm: pic: level sensitive irq not supported [ 397.429158][ T5593] kvm: pic: non byte read [ 397.435013][ T329] usb 6-1: USB disconnect, device number 33 [ 397.445580][ T5593] kvm: pic: non byte read [ 397.450082][ T5593] kvm: pic: non byte read [ 397.457267][ T5593] kvm: pic: non byte read [ 397.457527][ T43] Bluetooth: hci0: Frame reassembly failed (-84) [ 397.461613][ T5593] kvm: pic: single mode not supported [ 397.467639][ T5593] kvm: pic: level sensitive irq not supported [ 397.473188][ T5593] kvm: pic: non byte read [ 397.491618][ T5593] kvm: pic: non byte read [ 397.496167][ T5593] kvm: pic: single mode not supported [ 397.496180][ T5593] kvm: pic: level sensitive irq not supported [ 397.501801][ T5593] kvm: pic: single mode not supported [ 397.507747][ T5593] kvm: pic: level sensitive irq not supported [ 397.676507][ T5613] loop1: detected capacity change from 0 to 256 [ 397.690310][ T5613] exfat: Deprecated parameter 'utf8' [ 397.695617][ T5613] exfat: Deprecated parameter 'namecase' [ 397.701148][ T5613] exfat: Deprecated parameter 'utf8' [ 397.706372][ T5613] exfat: Bad value for 'umask' [ 397.774807][ T4613] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 397.855941][ T39] usb 1-1: new high-speed USB device number 34 using dummy_hcd [ 397.865650][ T5326] usb 5-1: new high-speed USB device number 30 using dummy_hcd [ 398.058483][ T5326] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 398.069795][ T39] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 398.101570][ T39] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8E has invalid maxpacket 0 [ 398.117813][ T5326] usb 5-1: New USB device found, idVendor=0421, idProduct=0007, bcdDevice=b8.51 [ 398.154857][ T5615] fuse: Unknown parameter '0x0000000000000005' [ 398.161295][ T5326] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 398.170970][ T39] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 398.198768][ T5326] usb 5-1: Product: syz [ 398.219672][ T5326] usb 5-1: Manufacturer: syz [ 398.230631][ T39] usb 1-1: New USB device found, idVendor=05ab, idProduct=0301, bcdDevice= 1.00 [ 398.340015][ T5326] usb 5-1: SerialNumber: syz [ 398.361334][ T5326] usb 5-1: config 0 descriptor?? [ 398.366630][ T39] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 398.383175][ T39] usb 1-1: Product: syz [ 398.388501][ T5326] usb 5-1: bad CDC descriptors [ 398.393245][ T5326] cdc_acm 5-1:0.0: Zero length descriptor references [ 398.408898][ T39] usb 1-1: Manufacturer: syz [ 398.415564][ T39] usb 1-1: SerialNumber: syz [ 398.421933][ T5326] cdc_acm: probe of 5-1:0.0 failed with error -22 [ 398.442117][ T39] usb 1-1: config 0 descriptor?? [ 398.464978][ T39] ums-isd200 1-1:0.0: USB Mass Storage device detected [ 398.601349][ T5626] loop5: detected capacity change from 0 to 512 [ 398.615750][ T5626] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended [ 398.625462][ T5547] usb 4-1: new high-speed USB device number 34 using dummy_hcd [ 398.683243][ T329] usb 5-1: USB disconnect, device number 30 [ 399.733651][ T5629] loop1: detected capacity change from 0 to 512 [ 399.740408][ T2099] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 399.749167][ T5629] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 399.800618][ T5629] EXT4-fs (loop1): orphan cleanup on readonly fs [ 399.807026][ T5629] EXT4-fs error (device loop1): ext4_quota_enable:6975: comm syz.1.1543: Bad quota inum: 64, type: 0 [ 399.818327][ T45] Bluetooth: hci0: command 0x1003 tx timeout [ 399.826174][ T5629] EXT4-fs (loop1): Remounting filesystem read-only [ 399.832524][ T5629] EXT4-fs warning (device loop1): ext4_enable_quotas:7023: Failed to enable quota tracking (type=0, err=-117, ino=64). Please run e2fsck to fix. [ 399.847080][ T5629] EXT4-fs (loop1): Cannot turn on quotas: error -117 [ 399.853555][ T5629] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 399.870037][ T5547] usb 4-1: Using ep0 maxpacket: 8 [ 399.875205][ T5600] Bluetooth: hci0: Opcode 0x0c1a failed: -22 [ 399.894109][ T5626] EXT4-fs (loop5): orphan cleanup on readonly fs [ 399.900397][ T5626] EXT4-fs error (device loop5): ext4_quota_enable:6975: comm syz.5.1542: Bad quota inum: 64, type: 0 [ 399.912167][ T5626] EXT4-fs (loop5): Remounting filesystem read-only [ 399.918633][ T5626] EXT4-fs warning (device loop5): ext4_enable_quotas:7023: Failed to enable quota tracking (type=0, err=-117, ino=64). Please run e2fsck to fix. [ 399.933231][ T5626] EXT4-fs (loop5): Cannot turn on quotas: error -117 [ 399.939768][ T5626] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 400.109370][ T5547] usb 4-1: config 179 has an invalid interface number: 65 but max is 0 [ 400.154162][ T2349] EXT4-fs (loop5): unmounting filesystem. [ 400.172419][ T5547] usb 4-1: config 179 has no interface number 0 [ 400.185538][ T5547] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 400.209563][ T5547] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 400.221244][ T5547] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 400.232333][ T5547] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 400.244131][ T5547] usb 4-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 400.258753][ T5547] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 400.268231][ T5547] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 400.281065][ T5606] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 400.409821][ C0] xpad 4-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 400.417942][ C0] xpad 4-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 400.426519][ T19] usb 4-1: USB disconnect, device number 34 [ 400.537394][ T294] EXT4-fs (loop1): unmounting filesystem. [ 400.538868][ T39] usb 1-1: USB disconnect, device number 34 [ 400.829250][ T5653] loop3: detected capacity change from 0 to 512 [ 400.838312][ T5653] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 400.919523][ T5653] EXT4-fs (loop3): orphan cleanup on readonly fs [ 400.925821][ T5653] EXT4-fs error (device loop3): ext4_quota_enable:6975: comm syz.3.1547: Bad quota inum: 64, type: 0 [ 400.938020][ T5653] EXT4-fs (loop3): Remounting filesystem read-only [ 400.944401][ T5653] EXT4-fs warning (device loop3): ext4_enable_quotas:7023: Failed to enable quota tracking (type=0, err=-117, ino=64). Please run e2fsck to fix. [ 400.959063][ T5653] EXT4-fs (loop3): Cannot turn on quotas: error -117 [ 400.965731][ T5653] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 401.104511][ T5657] fuse: Unknown parameter '0x0000000000000005' [ 402.380165][ T297] EXT4-fs (loop3): unmounting filesystem. [ 402.494210][ T5675] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 402.587035][ T5677] loop5: detected capacity change from 0 to 256 [ 402.593389][ T5677] exfat: Deprecated parameter 'utf8' [ 402.598556][ T5677] exfat: Deprecated parameter 'namecase' [ 402.603972][ T5677] exfat: Deprecated parameter 'utf8' [ 402.609128][ T5677] exfat: Bad value for 'umask' [ 402.647146][ T5673] loop4: detected capacity change from 0 to 512 [ 402.657045][ T5673] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 402.736867][ T5673] EXT4-fs (loop4): orphan cleanup on readonly fs [ 402.743154][ T5673] EXT4-fs error (device loop4): ext4_quota_enable:6975: comm syz.4.1555: Bad quota inum: 64, type: 0 [ 402.755112][ T5673] EXT4-fs (loop4): Remounting filesystem read-only [ 402.761655][ T5673] EXT4-fs warning (device loop4): ext4_enable_quotas:7023: Failed to enable quota tracking (type=0, err=-117, ino=64). Please run e2fsck to fix. [ 402.776274][ T5673] EXT4-fs (loop4): Cannot turn on quotas: error -117 [ 402.782906][ T5673] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 403.038642][ T8] Bluetooth: hci0: Frame reassembly failed (-84) [ 403.401308][ T295] EXT4-fs (loop4): unmounting filesystem. [ 403.555482][ T5547] usb 4-1: new high-speed USB device number 35 using dummy_hcd [ 403.765462][ T5547] usb 4-1: Using ep0 maxpacket: 8 [ 403.781059][ T5547] usb 4-1: config 179 has an invalid interface number: 65 but max is 0 [ 403.891247][ T5547] usb 4-1: config 179 has no interface number 0 [ 403.951825][ T5547] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 404.082807][ T5547] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 404.105909][ T5547] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 404.128864][ T5547] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 404.152127][ T5547] usb 4-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 404.179410][ T5547] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 404.188846][ T5547] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 404.201685][ T5682] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 404.461894][ T5702] fuse: Unknown parameter '0x0000000000000005' [ 404.485541][ T19] usb 5-1: new high-speed USB device number 31 using dummy_hcd [ 404.535467][ T5547] usb 2-1: new high-speed USB device number 37 using dummy_hcd [ 404.634488][ T5682] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 404.644024][ T5682] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 404.678115][ T19] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 404.693955][ T19] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8E has invalid maxpacket 0 [ 404.704119][ T19] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 404.718599][ T5547] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 404.729954][ T19] usb 5-1: New USB device found, idVendor=05ab, idProduct=0301, bcdDevice= 1.00 [ 404.739364][ T19] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 404.747868][ T19] usb 5-1: Product: syz [ 404.752085][ T19] usb 5-1: Manufacturer: syz [ 404.757006][ T5547] usb 2-1: New USB device found, idVendor=0421, idProduct=0007, bcdDevice=b8.51 [ 404.766108][ T19] usb 5-1: SerialNumber: syz [ 404.770604][ T5547] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 404.778960][ T5547] usb 2-1: Product: syz [ 404.783235][ T19] usb 5-1: config 0 descriptor?? [ 404.788213][ T5547] usb 2-1: Manufacturer: syz [ 404.792811][ T5547] usb 2-1: SerialNumber: syz [ 404.797952][ T19] ums-isd200 5-1:0.0: USB Mass Storage device detected [ 404.807285][ T5547] usb 2-1: config 0 descriptor?? [ 404.813725][ T5547] usb 2-1: bad CDC descriptors [ 404.818595][ T5547] cdc_acm 2-1:0.0: Zero length descriptor references [ 404.825152][ T5547] cdc_acm: probe of 2-1:0.0 failed with error -22 [ 404.997644][ T5326] usb 5-1: USB disconnect, device number 31 [ 405.015149][ T5547] usb 2-1: USB disconnect, device number 37 [ 405.055419][ T2099] Bluetooth: hci0: command 0x1003 tx timeout [ 405.055513][ T45] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 405.067563][ T5681] Bluetooth: hci0: Opcode 0x0c1a failed: -22 [ 405.605448][ T5326] usb 1-1: new high-speed USB device number 35 using dummy_hcd [ 405.676792][ T5725] loop1: detected capacity change from 0 to 512 [ 405.684392][ T5725] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 405.783269][ T5725] EXT4-fs (loop1): orphan cleanup on readonly fs [ 405.789553][ T5725] EXT4-fs error (device loop1): ext4_quota_enable:6975: comm syz.1.1568: Bad quota inum: 64, type: 0 [ 405.801968][ T5725] EXT4-fs (loop1): Remounting filesystem read-only [ 405.808449][ T5725] EXT4-fs warning (device loop1): ext4_enable_quotas:7023: Failed to enable quota tracking (type=0, err=-117, ino=64). Please run e2fsck to fix. [ 405.823109][ T5725] EXT4-fs (loop1): Cannot turn on quotas: error -117 [ 405.829782][ T5725] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 405.842151][ T5725] EXT4-fs (loop1): unmounting filesystem. [ 406.177265][ C0] xpad 4-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 406.185391][ C0] xpad 4-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 406.195039][ T5547] usb 4-1: USB disconnect, device number 35 [ 407.017688][ T5737] fuse: Unknown parameter '0x0000000000000005' [ 407.183182][ T5326] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 407.194874][ T5326] usb 1-1: New USB device found, idVendor=0421, idProduct=0007, bcdDevice=b8.51 [ 407.204197][ T5326] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 407.212119][ T5326] usb 1-1: Product: syz [ 407.216339][ T5326] usb 1-1: Manufacturer: syz [ 407.220860][ T5326] usb 1-1: SerialNumber: syz [ 407.225890][ T5326] usb 1-1: config 0 descriptor?? [ 407.231398][ T5326] usb 1-1: bad CDC descriptors [ 407.261259][ T5326] cdc_acm 1-1:0.0: Zero length descriptor references [ 407.303103][ T5749] loop3: detected capacity change from 0 to 256 [ 407.310945][ T5749] exfat: Deprecated parameter 'utf8' [ 407.316280][ T5749] exfat: Deprecated parameter 'namecase' [ 407.321840][ T5749] exfat: Deprecated parameter 'utf8' [ 407.327048][ T5749] exfat: Bad value for 'umask' [ 407.333587][ T5326] cdc_acm: probe of 1-1:0.0 failed with error -22 [ 407.588417][ T5326] usb 1-1: USB disconnect, device number 35 [ 408.105416][ T5547] usb 5-1: new high-speed USB device number 32 using dummy_hcd [ 408.296520][ T5547] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 408.313685][ T5547] usb 5-1: New USB device found, idVendor=0421, idProduct=0007, bcdDevice=b8.51 [ 408.328847][ T5547] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 408.357487][ T5547] usb 5-1: Product: syz [ 408.361501][ T5547] usb 5-1: Manufacturer: syz [ 408.375535][ T5547] usb 5-1: SerialNumber: syz [ 408.385935][ T8] Bluetooth: hci0: Frame reassembly failed (-84) [ 408.399231][ T5547] usb 5-1: config 0 descriptor?? [ 408.411557][ T5547] usb 5-1: bad CDC descriptors [ 408.421766][ T5547] cdc_acm 5-1:0.0: Zero length descriptor references [ 408.428733][ T5547] cdc_acm: probe of 5-1:0.0 failed with error -22 [ 408.448944][ T5765] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 408.497998][ T5770] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 408.526670][ T5770] picdev_read: 2 callbacks suppressed [ 408.526691][ T5770] kvm: pic: non byte read [ 408.613831][ T5547] usb 5-1: USB disconnect, device number 32 [ 408.655479][ T5326] usb 4-1: new high-speed USB device number 36 using dummy_hcd [ 408.837404][ T5326] usb 4-1: Using ep0 maxpacket: 8 [ 408.843371][ T5326] usb 4-1: config 179 has an invalid interface number: 65 but max is 0 [ 408.861756][ T5326] usb 4-1: config 179 has no interface number 0 [ 408.875389][ T5326] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 408.896087][ T5326] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 408.932756][ T5326] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 408.974253][ T5326] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 408.996631][ T5326] usb 4-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 409.016176][ T5326] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 409.035468][ T5326] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 409.057924][ T5763] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 409.455391][ T19] usb 5-1: new high-speed USB device number 33 using dummy_hcd [ 409.479544][ T5763] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 409.489880][ T5763] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 409.646445][ T19] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 409.662337][ T19] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 409.672126][ T19] usb 5-1: New USB device found, idVendor=05ac, idProduct=0265, bcdDevice= 0.00 [ 409.681492][ T19] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 409.695672][ T19] usb 5-1: config 0 descriptor?? [ 409.735262][ T5804] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 410.088111][ T5819] loop1: detected capacity change from 0 to 512 [ 410.097963][ T5819] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 410.119040][ T19] magicmouse 0003:05AC:0265.0011: unknown main item tag 0x0 [ 410.128733][ T2099] Bluetooth: hci1: sending frame failed (-49) [ 410.134813][ T1352] Bluetooth: hci1: Opcode 0x1003 failed: -49 [ 410.142883][ T19] magicmouse 0003:05AC:0265.0011: unknown main item tag 0x0 [ 410.150809][ T19] magicmouse 0003:05AC:0265.0011: unknown main item tag 0x0 [ 410.203172][ T19] magicmouse 0003:05AC:0265.0011: hidraw0: USB HID v0.00 Device [HID 05ac:0265] on usb-dummy_hcd.4-1/input0 [ 410.251336][ T5819] EXT4-fs (loop1): orphan cleanup on readonly fs [ 410.257779][ T5819] EXT4-fs error (device loop1): ext4_quota_enable:6975: comm syz.1.1599: Bad quota inum: 64, type: 0 [ 410.269826][ T5819] EXT4-fs (loop1): Remounting filesystem read-only [ 410.276341][ T5819] EXT4-fs warning (device loop1): ext4_enable_quotas:7023: Failed to enable quota tracking (type=0, err=-117, ino=64). Please run e2fsck to fix. [ 410.290953][ T5819] EXT4-fs (loop1): Cannot turn on quotas: error -117 [ 410.297533][ T5819] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 410.326588][ T19] magicmouse 0003:05AC:0265.0011: magicmouse input not registered [ 410.350477][ T19] magicmouse: probe of 0003:05AC:0265.0011 failed with error -12 [ 410.401442][ T19] usb 5-1: USB disconnect, device number 33 [ 410.425452][ T45] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 410.425488][ T1352] Bluetooth: hci0: command 0x1003 tx timeout [ 410.437903][ T5760] Bluetooth: hci0: Opcode 0x0c1a failed: -22 [ 410.453531][ T5820] Bluetooth: hci0: Opcode 0x0c1a failed: -22 [ 410.545443][ T5547] usb 6-1: new high-speed USB device number 34 using dummy_hcd [ 410.725950][ T5547] usb 6-1: Using ep0 maxpacket: 8 [ 410.732726][ T5547] usb 6-1: config 179 has an invalid interface number: 65 but max is 0 [ 410.741857][ T5547] usb 6-1: config 179 has no interface number 0 [ 410.748825][ T5547] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 410.760495][ T5547] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 410.772387][ T5547] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 410.784107][ T5547] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 410.840474][ T5547] usb 6-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 410.854008][ T5547] usb 6-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 410.863085][ T5547] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 410.875758][ T5818] raw-gadget.3 gadget.5: fail, usb_ep_enable returned -22 [ 411.203694][ T294] EXT4-fs (loop1): unmounting filesystem. [ 411.263928][ T5818] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 411.284720][ T5818] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 411.384640][ T5838] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 411.535085][ T5547] usb 4-1: USB disconnect, device number 36 [ 411.535104][ C1] xpad 4-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 411.535138][ C1] xpad 4-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 411.945394][ T19] usb 2-1: new high-speed USB device number 38 using dummy_hcd [ 412.075394][ T5547] usb 4-1: new high-speed USB device number 37 using dummy_hcd [ 412.136687][ T19] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 412.155936][ T19] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 412.178534][ T19] usb 2-1: New USB device found, idVendor=05ac, idProduct=0265, bcdDevice= 0.00 [ 412.199265][ T19] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 412.219686][ T19] usb 2-1: config 0 descriptor?? [ 412.266555][ T5547] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 412.286544][ T5547] usb 4-1: New USB device found, idVendor=0421, idProduct=0007, bcdDevice=b8.51 [ 412.295669][ T5547] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 412.303577][ T5547] usb 4-1: Product: syz [ 412.307678][ T5547] usb 4-1: Manufacturer: syz [ 412.312276][ T5547] usb 4-1: SerialNumber: syz [ 412.322249][ T5547] usb 4-1: config 0 descriptor?? [ 412.337813][ T5547] usb 4-1: bad CDC descriptors [ 412.342790][ T5547] cdc_acm 4-1:0.0: Zero length descriptor references [ 412.359582][ T5547] cdc_acm: probe of 4-1:0.0 failed with error -22 [ 412.650278][ T19] magicmouse 0003:05AC:0265.0012: unknown main item tag 0x0 [ 412.711650][ T19] magicmouse 0003:05AC:0265.0012: unknown main item tag 0x0 [ 412.748026][ T19] magicmouse 0003:05AC:0265.0012: unknown main item tag 0x0 [ 412.788990][ T19] magicmouse 0003:05AC:0265.0012: hidraw0: USB HID v0.00 Device [HID 05ac:0265] on usb-dummy_hcd.1-1/input0 [ 412.828431][ T19] magicmouse 0003:05AC:0265.0012: magicmouse input not registered [ 412.897172][ T19] magicmouse: probe of 0003:05AC:0265.0012 failed with error -12 [ 412.978293][ T19] usb 2-1: USB disconnect, device number 38 [ 413.099047][ T5547] usb 4-1: USB disconnect, device number 37 [ 413.404499][ T329] usb 6-1: USB disconnect, device number 34 [ 413.404551][ C0] xpad 6-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 413.418390][ C0] xpad 6-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 413.592064][ T5869] loop3: detected capacity change from 0 to 512 [ 413.606562][ T5869] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 413.679313][ T5869] EXT4-fs (loop3): orphan cleanup on readonly fs [ 413.685564][ T5869] EXT4-fs error (device loop3): ext4_quota_enable:6975: comm syz.3.1615: Bad quota inum: 64, type: 0 [ 413.697481][ T5869] EXT4-fs (loop3): Remounting filesystem read-only [ 413.703832][ T5869] EXT4-fs warning (device loop3): ext4_enable_quotas:7023: Failed to enable quota tracking (type=0, err=-117, ino=64). Please run e2fsck to fix. [ 413.718372][ T5869] EXT4-fs (loop3): Cannot turn on quotas: error -117 [ 413.724873][ T5869] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 414.661740][ T1375] Bluetooth: hci0: Frame reassembly failed (-84) [ 414.896034][ T297] EXT4-fs (loop3): unmounting filesystem. [ 414.939928][ T43] Bluetooth: hci1: Frame reassembly failed (-84) [ 415.005533][ T329] usb 6-1: new high-speed USB device number 35 using dummy_hcd [ 415.100754][ T5902] loop3: detected capacity change from 0 to 512 [ 415.176879][ T5902] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 415.198094][ T5899] loop1: detected capacity change from 0 to 512 [ 415.207810][ T5899] EXT4-fs: Ignoring removed i_version option [ 415.214082][ T5899] EXT4-fs: Ignoring removed mblk_io_submit option [ 415.220571][ T329] usb 6-1: Using ep0 maxpacket: 8 [ 415.255536][ T329] usb 6-1: config 179 has an invalid interface number: 65 but max is 0 [ 415.265451][ T5547] usb 5-1: new high-speed USB device number 34 using dummy_hcd [ 415.291953][ T5902] EXT4-fs (loop3): orphan cleanup on readonly fs [ 415.298232][ T5902] EXT4-fs error (device loop3): ext4_quota_enable:6975: comm syz.3.1625: Bad quota inum: 64, type: 0 [ 415.310229][ T5902] EXT4-fs (loop3): Remounting filesystem read-only [ 415.316595][ T5902] EXT4-fs warning (device loop3): ext4_enable_quotas:7023: Failed to enable quota tracking (type=0, err=-117, ino=64). Please run e2fsck to fix. [ 415.331119][ T5902] EXT4-fs (loop3): Cannot turn on quotas: error -117 [ 415.337635][ T5902] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 415.348906][ T5902] EXT4-fs (loop3): unmounting filesystem. [ 415.367783][ T5899] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 415.417328][ T329] usb 6-1: config 179 has no interface number 0 [ 415.445487][ T5547] usb 5-1: Using ep0 maxpacket: 8 [ 415.452235][ T5547] usb 5-1: config 179 has an invalid interface number: 65 but max is 0 [ 415.463439][ T329] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 415.483604][ T5547] usb 5-1: config 179 has no interface number 0 [ 415.500340][ T5899] EXT4-fs (loop1): 1 truncate cleaned up [ 415.530822][ T5899] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 415.540292][ T5547] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 415.552337][ T329] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 415.598271][ T5547] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 415.610606][ T329] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 415.622773][ T5547] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 415.634943][ T329] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 415.647462][ T5547] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 415.659925][ T329] usb 6-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 415.674052][ T5547] usb 5-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 415.688319][ T329] usb 6-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 415.717665][ T5547] usb 5-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 415.732980][ T329] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 415.777172][ T5547] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 415.799590][ T294] EXT4-fs (loop1): unmounting filesystem. [ 415.827833][ T5887] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 415.904691][ T5897] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 416.068455][ T5902] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1625'. [ 416.277452][ T329] usb 1-1: new high-speed USB device number 36 using dummy_hcd [ 416.427641][ T5915] loop3: detected capacity change from 0 to 512 [ 416.435849][ T5915] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 416.468595][ T5887] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 416.510242][ T329] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 416.566328][ T5897] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 416.587991][ T5887] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 416.611144][ T5897] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 416.620790][ T329] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 416.651169][ T329] usb 1-1: New USB device found, idVendor=05ac, idProduct=0265, bcdDevice= 0.00 [ 416.662362][ T329] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 416.675597][ T5915] EXT4-fs (loop3): orphan cleanup on readonly fs [ 416.681888][ T5915] EXT4-fs error (device loop3): ext4_quota_enable:6975: comm syz.3.1629: Bad quota inum: 64, type: 0 [ 416.695447][ T5915] EXT4-fs (loop3): Remounting filesystem read-only [ 416.701895][ T5915] EXT4-fs warning (device loop3): ext4_enable_quotas:7023: Failed to enable quota tracking (type=0, err=-117, ino=64). Please run e2fsck to fix. [ 416.716498][ T5915] EXT4-fs (loop3): Cannot turn on quotas: error -117 [ 416.723194][ T5915] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 416.736351][ T5915] EXT4-fs (loop3): unmounting filesystem. [ 416.742539][ T2099] Bluetooth: hci0: command 0x1003 tx timeout [ 416.748548][ T1352] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 416.757155][ T5884] Bluetooth: hci0: Opcode 0x0c1a failed: -22 [ 416.763309][ T5894] Bluetooth: hci0: Opcode 0x0c1a failed: -22 [ 416.826331][ T329] usb 1-1: config 0 descriptor?? [ 416.927180][ C0] xpad 5-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 416.935296][ C0] xpad 5-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 416.944567][ T5547] usb 5-1: USB disconnect, device number 34 [ 416.979405][ T5915] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1629'. [ 416.989432][ T2099] Bluetooth: hci1: command 0x1003 tx timeout [ 416.989506][ T45] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 417.332104][ T329] magicmouse 0003:05AC:0265.0013: unknown main item tag 0x0 [ 417.339825][ T329] magicmouse 0003:05AC:0265.0013: unknown main item tag 0x0 [ 417.347376][ T329] magicmouse 0003:05AC:0265.0013: unknown main item tag 0x0 [ 417.356383][ T329] magicmouse 0003:05AC:0265.0013: hidraw0: USB HID v0.00 Device [HID 05ac:0265] on usb-dummy_hcd.0-1/input0 [ 417.367951][ T329] magicmouse 0003:05AC:0265.0013: magicmouse input not registered [ 417.376903][ T329] magicmouse: probe of 0003:05AC:0265.0013 failed with error -12 [ 417.492665][ T5326] usb 2-1: new high-speed USB device number 39 using dummy_hcd [ 417.541328][ T39] usb 1-1: USB disconnect, device number 36 [ 417.686933][ T5326] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 417.696938][ T5326] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8E has invalid maxpacket 0 [ 417.708134][ T5326] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 417.721852][ T5326] usb 2-1: New USB device found, idVendor=05ab, idProduct=0301, bcdDevice= 1.00 [ 417.731753][ T5326] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 417.740339][ T5326] usb 2-1: Product: syz [ 417.744810][ T5326] usb 2-1: Manufacturer: syz [ 417.750385][ T5326] usb 2-1: SerialNumber: syz [ 417.793904][ T5326] usb 2-1: config 0 descriptor?? [ 417.835096][ T5326] ums-isd200 2-1:0.0: USB Mass Storage device detected [ 417.862176][ T39] usb 6-1: USB disconnect, device number 35 [ 417.862229][ C0] xpad 6-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 417.876589][ C0] dummy_hcd dummy_hcd.5: timer fired with no URBs pending? [ 417.887509][ T5929] fuse: Unknown parameter 'fd0x0000000000000005' [ 418.037409][ T5326] usb 2-1: USB disconnect, device number 39 [ 418.381976][ T5953] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 418.394961][ T5957] loop3: detected capacity change from 0 to 512 [ 418.402769][ T5957] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 418.412823][ T5957] EXT4-fs (loop3): orphan cleanup on readonly fs [ 418.419013][ T5957] EXT4-fs error (device loop3): ext4_quota_enable:6975: comm syz.3.1640: Bad quota inum: 64, type: 0 [ 418.429915][ T5957] EXT4-fs (loop3): Remounting filesystem read-only [ 418.436619][ T5957] EXT4-fs warning (device loop3): ext4_enable_quotas:7023: Failed to enable quota tracking (type=0, err=-117, ino=64). Please run e2fsck to fix. [ 418.451184][ T5957] EXT4-fs (loop3): Cannot turn on quotas: error -117 [ 418.457687][ T5957] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 418.466937][ T5957] EXT4-fs (loop3): unmounting filesystem. [ 418.636542][ T5962] fuse: Unknown parameter 'fd0x0000000000000005' [ 418.854900][ T43] Bluetooth: hci0: Frame reassembly failed (-84) [ 418.935397][ T329] usb 2-1: new high-speed USB device number 40 using dummy_hcd [ 419.065432][ T5547] usb 5-1: new high-speed USB device number 35 using dummy_hcd [ 419.116497][ T329] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 419.127313][ T329] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 419.136944][ T329] usb 2-1: New USB device found, idVendor=05ac, idProduct=0265, bcdDevice= 0.00 [ 419.145957][ T329] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 419.154814][ T329] usb 2-1: config 0 descriptor?? [ 419.175369][ T19] usb 6-1: new high-speed USB device number 36 using dummy_hcd [ 419.246540][ T5547] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 419.257516][ T5547] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 419.267190][ T5547] usb 5-1: New USB device found, idVendor=05ac, idProduct=0265, bcdDevice= 0.00 [ 419.276327][ T5547] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 419.295686][ T5547] usb 5-1: config 0 descriptor?? [ 419.356112][ T5980] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 419.366366][ T5980] kvm: pic: non byte read [ 419.381452][ T19] usb 6-1: Using ep0 maxpacket: 8 [ 419.388280][ T19] usb 6-1: config 179 has an invalid interface number: 65 but max is 0 [ 419.396872][ T19] usb 6-1: config 179 has no interface number 0 [ 419.403052][ T19] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 419.414521][ T19] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 419.426891][ T19] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 419.438312][ T19] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 419.450075][ T19] usb 6-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 419.463549][ T19] usb 6-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 419.472689][ T19] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 419.486948][ T5972] raw-gadget.2 gadget.5: fail, usb_ep_enable returned -22 [ 419.566942][ T329] magicmouse 0003:05AC:0265.0014: unknown main item tag 0x0 [ 419.574098][ T329] magicmouse 0003:05AC:0265.0014: unknown main item tag 0x0 [ 419.581307][ T329] magicmouse 0003:05AC:0265.0014: unknown main item tag 0x0 [ 419.594920][ T329] magicmouse 0003:05AC:0265.0014: hidraw0: USB HID v0.00 Device [HID 05ac:0265] on usb-dummy_hcd.1-1/input0 [ 419.943014][ T5547] magicmouse 0003:05AC:0265.0015: unknown main item tag 0x0 [ 419.948233][ T5972] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 419.950354][ T329] magicmouse 0003:05AC:0265.0014: magicmouse input not registered [ 419.961659][ T5972] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 419.966166][ T5547] magicmouse 0003:05AC:0265.0015: unknown main item tag 0x0 [ 419.980980][ T5547] magicmouse 0003:05AC:0265.0015: unknown main item tag 0x0 [ 419.988653][ T329] magicmouse: probe of 0003:05AC:0265.0014 failed with error -12 [ 419.998485][ T329] usb 2-1: USB disconnect, device number 40 [ 420.005292][ T5547] magicmouse 0003:05AC:0265.0015: hidraw0: USB HID v0.00 Device [HID 05ac:0265] on usb-dummy_hcd.4-1/input0 [ 420.017611][ T5547] magicmouse 0003:05AC:0265.0015: magicmouse input not registered [ 420.026663][ T5547] magicmouse: probe of 0003:05AC:0265.0015 failed with error -12 [ 420.035730][ T5547] usb 5-1: USB disconnect, device number 35 [ 420.044087][ T5999] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 420.299997][ T6008] fuse: Unknown parameter 'fd0x0000000000000005' [ 420.455452][ T5326] usb 4-1: new high-speed USB device number 38 using dummy_hcd [ 420.682561][ T6018] loop4: detected capacity change from 0 to 512 [ 420.691553][ T6018] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 420.732857][ T6018] EXT4-fs (loop4): orphan cleanup on readonly fs [ 420.739167][ T6018] EXT4-fs error (device loop4): ext4_quota_enable:6975: comm syz.4.1659: Bad quota inum: 64, type: 0 [ 420.751155][ T6018] EXT4-fs (loop4): Remounting filesystem read-only [ 420.757718][ T6018] EXT4-fs warning (device loop4): ext4_enable_quotas:7023: Failed to enable quota tracking (type=0, err=-117, ino=64). Please run e2fsck to fix. [ 420.772821][ T6018] EXT4-fs (loop4): Cannot turn on quotas: error -117 [ 420.779349][ T6018] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 420.788539][ T6018] EXT4-fs (loop4): unmounting filesystem. [ 420.794686][ T5326] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 420.804507][ T5326] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8E has invalid maxpacket 0 [ 420.814163][ T5326] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 420.825083][ T5326] usb 4-1: New USB device found, idVendor=05ab, idProduct=0301, bcdDevice= 1.00 [ 420.836477][ T5326] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 420.844352][ T5326] usb 4-1: Product: syz [ 420.848475][ T5326] usb 4-1: Manufacturer: syz [ 420.852939][ T5326] usb 4-1: SerialNumber: syz [ 420.858209][ T5326] usb 4-1: config 0 descriptor?? [ 420.863814][ T5326] ums-isd200 4-1:0.0: USB Mass Storage device detected [ 420.895381][ T2099] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 420.895407][ T45] Bluetooth: hci0: command 0x1003 tx timeout [ 420.907404][ T5971] Bluetooth: hci0: Opcode 0x0c1a failed: -22 [ 421.066426][ T5326] usb 4-1: USB disconnect, device number 38 [ 421.440815][ T6042] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 421.678331][ T6052] loop4: detected capacity change from 0 to 512 [ 421.687462][ T6052] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 421.730435][ T6052] EXT4-fs (loop4): orphan cleanup on readonly fs [ 421.736816][ T6052] EXT4-fs error (device loop4): ext4_quota_enable:6975: comm syz.4.1667: Bad quota inum: 64, type: 0 [ 421.760442][ T6052] EXT4-fs (loop4): Remounting filesystem read-only [ 421.766897][ T6052] EXT4-fs warning (device loop4): ext4_enable_quotas:7023: Failed to enable quota tracking (type=0, err=-117, ino=64). Please run e2fsck to fix. [ 421.792565][ T6052] EXT4-fs (loop4): Cannot turn on quotas: error -117 [ 421.799237][ T6052] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 422.788060][ T39] usb 6-1: USB disconnect, device number 36 [ 422.788059][ C0] xpad 6-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 422.788097][ C0] xpad 6-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 423.927412][ T295] EXT4-fs (loop4): unmounting filesystem. [ 423.995415][ T5326] usb 2-1: new high-speed USB device number 41 using dummy_hcd [ 424.113604][ T6094] loop4: detected capacity change from 0 to 512 [ 424.127289][ T6094] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 424.194349][ T6094] EXT4-fs (loop4): orphan cleanup on readonly fs [ 424.200680][ T6094] EXT4-fs error (device loop4): ext4_quota_enable:6975: comm syz.4.1679: Bad quota inum: 64, type: 0 [ 424.212928][ T6094] EXT4-fs (loop4): Remounting filesystem read-only [ 424.219300][ T6094] EXT4-fs warning (device loop4): ext4_enable_quotas:7023: Failed to enable quota tracking (type=0, err=-117, ino=64). Please run e2fsck to fix. [ 424.233852][ T6094] EXT4-fs (loop4): Cannot turn on quotas: error -117 [ 424.240471][ T6094] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 424.251883][ T6094] EXT4-fs (loop4): unmounting filesystem. [ 424.971733][ T6110] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 425.035411][ T5547] usb 4-1: new high-speed USB device number 39 using dummy_hcd [ 425.216507][ T5547] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 425.216859][ T5326] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 425.237633][ T5547] usb 4-1: New USB device found, idVendor=0421, idProduct=0007, bcdDevice=b8.51 [ 425.239460][ T5326] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 425.255397][ T5547] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 425.256378][ T5326] usb 2-1: New USB device found, idVendor=05ac, idProduct=0265, bcdDevice= 0.00 [ 425.272909][ T39] usb 6-1: new high-speed USB device number 37 using dummy_hcd [ 425.280500][ T5326] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 425.281737][ T5547] usb 4-1: Product: syz [ 425.292659][ T5547] usb 4-1: Manufacturer: syz [ 425.297320][ T5547] usb 4-1: SerialNumber: syz [ 425.306301][ T5326] usb 2-1: config 0 descriptor?? [ 425.311179][ T5547] usb 4-1: config 0 descriptor?? [ 425.318302][ T5547] usb 4-1: bad CDC descriptors [ 425.323109][ T5547] cdc_acm 4-1:0.0: Zero length descriptor references [ 425.485497][ T39] usb 6-1: Using ep0 maxpacket: 8 [ 425.492689][ T39] usb 6-1: config 179 has an invalid interface number: 65 but max is 0 [ 425.581860][ T39] usb 6-1: config 179 has no interface number 0 [ 425.620124][ T5547] cdc_acm: probe of 4-1:0.0 failed with error -22 [ 425.627362][ T5547] usb 4-1: USB disconnect, device number 39 [ 425.631602][ T39] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 425.658210][ T39] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 425.669453][ T39] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 425.681191][ T39] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 425.692550][ T39] usb 6-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 425.708540][ T39] usb 6-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 425.717719][ T39] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 425.726958][ T5326] magicmouse 0003:05AC:0265.0016: unknown main item tag 0x0 [ 425.734560][ T5326] magicmouse 0003:05AC:0265.0016: unknown main item tag 0x0 [ 425.742281][ T5326] magicmouse 0003:05AC:0265.0016: unknown main item tag 0x0 [ 425.749794][ T6106] raw-gadget.2 gadget.5: fail, usb_ep_enable returned -22 [ 425.753300][ T5326] magicmouse 0003:05AC:0265.0016: hidraw0: USB HID v0.00 Device [HID 05ac:0265] on usb-dummy_hcd.1-1/input0 [ 425.769703][ T5326] magicmouse 0003:05AC:0265.0016: magicmouse input not registered [ 425.778022][ T5326] magicmouse: probe of 0003:05AC:0265.0016 failed with error -12 [ 425.930345][ T5547] usb 2-1: USB disconnect, device number 41 [ 426.180287][ T6106] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 426.210750][ T6106] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 426.815796][ T6104] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 426.885528][ T8] Bluetooth: hci0: Frame reassembly failed (-84) [ 427.167513][ T6151] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 427.476429][ T6173] loop1: detected capacity change from 0 to 512 [ 427.506135][ T6173] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 427.538917][ T6173] EXT4-fs (loop1): orphan cleanup on readonly fs [ 427.545114][ T6173] EXT4-fs error (device loop1): ext4_quota_enable:6975: comm syz.1.1702: Bad quota inum: 64, type: 0 [ 427.556684][ T6173] EXT4-fs (loop1): Remounting filesystem read-only [ 427.563039][ T6173] EXT4-fs warning (device loop1): ext4_enable_quotas:7023: Failed to enable quota tracking (type=0, err=-117, ino=64). Please run e2fsck to fix. [ 427.577608][ T6173] EXT4-fs (loop1): Cannot turn on quotas: error -117 [ 427.584149][ T6173] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 427.594371][ T6173] EXT4-fs (loop1): unmounting filesystem. [ 427.613735][ T6167] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 428.422001][ T5326] usb 6-1: USB disconnect, device number 37 [ 428.427785][ C1] xpad 6-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 428.427828][ C1] xpad 6-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 428.453733][ T6175] kvm: pic: non byte read [ 428.522036][ T6175] kvm: pic: level sensitive irq not supported [ 428.522104][ T6175] kvm: pic: non byte read [ 428.552867][ T6175] kvm: pic: level sensitive irq not supported [ 428.552934][ T6175] kvm: pic: non byte read [ 428.582638][ T6175] kvm: pic: level sensitive irq not supported [ 428.582706][ T6175] kvm: pic: non byte read [ 428.599208][ T6183] loop4: detected capacity change from 0 to 512 [ 428.617687][ T6183] EXT4-fs: Ignoring removed i_version option [ 428.634218][ T6183] EXT4-fs: Ignoring removed mblk_io_submit option [ 428.655832][ T6183] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 428.671267][ T6183] EXT4-fs (loop4): 1 truncate cleaned up [ 428.677200][ T6183] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 428.722982][ T295] EXT4-fs (loop4): unmounting filesystem. [ 428.895459][ T2099] Bluetooth: hci0: command 0x0c1a tx timeout [ 428.901524][ T45] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 428.908082][ T2099] Bluetooth: hci0: sending frame failed (-49) [ 429.015462][ T5547] usb 1-1: new high-speed USB device number 37 using dummy_hcd [ 429.095249][ T6208] loop4: detected capacity change from 0 to 512 [ 429.139147][ T6208] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 429.240518][ T6208] EXT4-fs (loop4): orphan cleanup on readonly fs [ 429.246805][ T6208] EXT4-fs error (device loop4): ext4_quota_enable:6975: comm syz.4.1707: Bad quota inum: 64, type: 0 [ 429.259763][ T6208] EXT4-fs (loop4): Remounting filesystem read-only [ 429.266163][ T6208] EXT4-fs warning (device loop4): ext4_enable_quotas:7023: Failed to enable quota tracking (type=0, err=-117, ino=64). Please run e2fsck to fix. [ 429.280679][ T6208] EXT4-fs (loop4): Cannot turn on quotas: error -117 [ 429.287318][ T6208] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 429.346869][ T5547] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 429.428657][ T5547] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 429.494150][ T5547] usb 1-1: New USB device found, idVendor=05ac, idProduct=0265, bcdDevice= 0.00 [ 429.535645][ T5547] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 429.644967][ T5547] usb 1-1: config 0 descriptor?? [ 429.751999][ T6212] loop1: detected capacity change from 0 to 512 [ 430.176997][ T6212] EXT4-fs: Ignoring removed i_version option [ 430.182867][ T6212] EXT4-fs: Ignoring removed mblk_io_submit option [ 430.189572][ T6212] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 430.212652][ T6212] EXT4-fs (loop1): 1 truncate cleaned up [ 430.223815][ T6212] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 430.551937][ T295] EXT4-fs (loop4): unmounting filesystem. [ 430.658274][ T5547] magicmouse 0003:05AC:0265.0017: unknown main item tag 0x0 [ 430.665638][ T5547] magicmouse 0003:05AC:0265.0017: unknown main item tag 0x0 [ 430.672776][ T5547] magicmouse 0003:05AC:0265.0017: unknown main item tag 0x0 [ 430.682182][ T5547] magicmouse 0003:05AC:0265.0017: hidraw0: USB HID v0.00 Device [HID 05ac:0265] on usb-dummy_hcd.0-1/input0 [ 430.693768][ T5547] magicmouse 0003:05AC:0265.0017: magicmouse input not registered [ 430.712164][ T5547] magicmouse: probe of 0003:05AC:0265.0017 failed with error -12 [ 430.740664][ T10] Bluetooth: hci0: Frame reassembly failed (-84) [ 430.748922][ T5326] usb 1-1: USB disconnect, device number 37 [ 431.018369][ T6233] loop5: detected capacity change from 0 to 512 [ 431.028613][ T6233] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended [ 431.178282][ T6233] EXT4-fs (loop5): orphan cleanup on readonly fs [ 431.184504][ T6233] EXT4-fs error (device loop5): ext4_quota_enable:6975: comm syz.5.1719: Bad quota inum: 64, type: 0 [ 431.196450][ T6233] EXT4-fs (loop5): Remounting filesystem read-only [ 431.202805][ T6233] EXT4-fs warning (device loop5): ext4_enable_quotas:7023: Failed to enable quota tracking (type=0, err=-117, ino=64). Please run e2fsck to fix. [ 431.217385][ T6233] EXT4-fs (loop5): Cannot turn on quotas: error -117 [ 431.223864][ T6233] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 431.234845][ T6233] EXT4-fs (loop5): unmounting filesystem. [ 431.276893][ T39] usb 5-1: new high-speed USB device number 36 using dummy_hcd [ 432.528653][ T39] usb 5-1: Using ep0 maxpacket: 8 [ 432.987318][ T45] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 433.017746][ T39] usb 5-1: config 179 has an invalid interface number: 65 but max is 0 [ 433.030393][ T39] usb 5-1: config 179 has no interface number 0 [ 433.043231][ T39] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 433.064501][ T39] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 433.091593][ T39] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 433.112899][ T39] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 433.142645][ T39] usb 5-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 433.158951][ T39] usb 5-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 433.176819][ T39] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 433.194071][ T8] Bluetooth: hci1: Frame reassembly failed (-84) [ 433.222465][ T294] EXT4-fs (loop1): unmounting filesystem. [ 433.229593][ T6228] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 434.309261][ T5326] usb 6-1: new high-speed USB device number 38 using dummy_hcd [ 435.045604][ T6225] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 435.077730][ T39] usb 5-1: USB disconnect, device number 36 [ 435.077774][ C1] xpad 5-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 435.091605][ C1] xpad 5-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 435.125440][ T5326] usb 6-1: Using ep0 maxpacket: 8 [ 435.131598][ T5326] usb 6-1: config 179 has an invalid interface number: 65 but max is 0 [ 435.245407][ T2099] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 435.269995][ T5326] usb 6-1: config 179 has no interface number 0 [ 435.893005][ T5326] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 435.986650][ T6284] loop1: detected capacity change from 0 to 256 [ 435.993112][ T6284] exfat: Deprecated parameter 'utf8' [ 435.998347][ T6284] exfat: Deprecated parameter 'namecase' [ 436.003889][ T6284] exfat: Deprecated parameter 'utf8' [ 436.009128][ T6284] exfat: Bad value for 'umask' [ 436.016331][ T6249] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 436.073919][ T5326] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 436.174091][ T5326] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 437.185433][ T5326] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 437.198631][ T5326] usb 6-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 437.212528][ T5326] usb 6-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 437.221832][ T5326] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 438.186863][ T5326] usb 6-1: can't set config #179, error -71 [ 438.193136][ T5326] usb 6-1: USB disconnect, device number 38 [ 438.301543][ T6302] loop1: detected capacity change from 0 to 512 [ 438.324510][ T6302] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 438.352961][ T6302] EXT4-fs (loop1): orphan cleanup on readonly fs [ 438.359191][ T6302] EXT4-fs error (device loop1): ext4_quota_enable:6975: comm syz.1.1734: Bad quota inum: 64, type: 0 [ 438.370923][ T6302] EXT4-fs (loop1): Remounting filesystem read-only [ 438.377291][ T6302] EXT4-fs warning (device loop1): ext4_enable_quotas:7023: Failed to enable quota tracking (type=0, err=-117, ino=64). Please run e2fsck to fix. [ 438.391801][ T6302] EXT4-fs (loop1): Cannot turn on quotas: error -117 [ 438.399051][ T6302] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 439.380690][ T294] EXT4-fs (loop1): unmounting filesystem. [ 439.407662][ T6305] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 440.374104][ T6330] loop3: detected capacity change from 0 to 512 [ 440.449593][ T6330] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 440.603245][ T6330] EXT4-fs (loop3): orphan cleanup on readonly fs [ 440.609515][ T6330] EXT4-fs error (device loop3): ext4_quota_enable:6975: comm syz.3.1741: Bad quota inum: 64, type: 0 [ 440.621320][ T6330] EXT4-fs (loop3): Remounting filesystem read-only [ 440.627711][ T6330] EXT4-fs warning (device loop3): ext4_enable_quotas:7023: Failed to enable quota tracking (type=0, err=-117, ino=64). Please run e2fsck to fix. [ 440.642452][ T6330] EXT4-fs (loop3): Cannot turn on quotas: error -117 [ 440.649094][ T6330] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 440.956153][ T6305] kvm: pic: non byte read [ 440.972040][ T6305] kvm: pic: level sensitive irq not supported [ 440.972105][ T6305] kvm: pic: non byte read [ 440.982592][ T6305] kvm: pic: level sensitive irq not supported [ 440.982685][ T6305] kvm: pic: non byte read [ 440.992976][ T6305] kvm: pic: level sensitive irq not supported [ 440.993049][ T6305] kvm: pic: non byte read [ 441.056587][ T6342] loop5: detected capacity change from 0 to 256 [ 441.063130][ T6342] exfat: Deprecated parameter 'utf8' [ 441.068327][ T6342] exfat: Deprecated parameter 'namecase' [ 441.073725][ T6342] exfat: Deprecated parameter 'utf8' [ 441.079441][ T6342] exfat: Bad value for 'umask' [ 441.390777][ T297] EXT4-fs (loop3): unmounting filesystem. [ 441.462804][ T6350] loop3: detected capacity change from 0 to 512 [ 441.469597][ T6350] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 441.481390][ T6350] EXT4-fs (loop3): orphan cleanup on readonly fs [ 441.487622][ T6350] EXT4-fs error (device loop3): ext4_quota_enable:6975: comm syz.3.1747: Bad quota inum: 64, type: 0 [ 441.499632][ T6350] EXT4-fs (loop3): Remounting filesystem read-only [ 441.506006][ T6350] EXT4-fs warning (device loop3): ext4_enable_quotas:7023: Failed to enable quota tracking (type=0, err=-117, ino=64). Please run e2fsck to fix. [ 441.520580][ T6350] EXT4-fs (loop3): Cannot turn on quotas: error -117 [ 441.527235][ T6350] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 441.536490][ T6350] EXT4-fs (loop3): unmounting filesystem. [ 441.695527][ T5326] usb 2-1: new high-speed USB device number 42 using dummy_hcd [ 441.773485][ T6371] fuse: Bad value for 'fd' [ 441.985571][ T5326] usb 2-1: Using ep0 maxpacket: 8 [ 441.992700][ T5326] usb 2-1: config 179 has an invalid interface number: 65 but max is 0 [ 442.001098][ T5326] usb 2-1: config 179 has no interface number 0 [ 442.007480][ T5326] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 442.018492][ T5326] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 442.029640][ T5326] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 443.233161][ T5326] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 443.244693][ T5326] usb 2-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 443.257830][ T5326] usb 2-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 443.266735][ T5326] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 443.275607][ T6349] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 443.375486][ T6346] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 443.966037][ T43] Bluetooth: hci0: Frame reassembly failed (-84) [ 443.972916][ T43] Bluetooth: hci0: Frame reassembly failed (-84) [ 444.278441][ T6399] loop5: detected capacity change from 0 to 256 [ 444.300053][ T6346] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 444.343595][ T6346] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 444.398165][ T6399] exfat: Deprecated parameter 'utf8' [ 444.456037][ T6399] exfat: Deprecated parameter 'namecase' [ 444.513946][ T6399] exfat: Deprecated parameter 'utf8' [ 444.557433][ T6399] exfat: Bad value for 'umask' [ 445.409517][ T43] Bluetooth: hci1: Frame reassembly failed (-84) [ 445.462549][ T329] usb 2-1: USB disconnect, device number 42 [ 445.462632][ C1] xpad 2-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 445.485348][ C1] dummy_hcd dummy_hcd.1: timer fired with no URBs pending? [ 446.115387][ T1352] Bluetooth: hci0: command 0x0c1a tx timeout [ 446.121268][ T1352] Bluetooth: hci0: sending frame failed (-49) [ 446.145990][ T19] usb 4-1: new high-speed USB device number 40 using dummy_hcd [ 446.175423][ T45] Bluetooth: hci0: Opcode 0x1003 failed: -49 [ 446.182042][ T6415] Bluetooth: hci0: Opcode 0x0c1a failed: -22 [ 446.269196][ T1375] Bluetooth: hci0: Frame reassembly failed (-84) [ 446.335373][ T19] usb 4-1: Using ep0 maxpacket: 8 [ 446.341416][ T19] usb 4-1: config 179 has an invalid interface number: 65 but max is 0 [ 446.369240][ T19] usb 4-1: config 179 has no interface number 0 [ 446.379428][ T19] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 446.391544][ T19] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 446.407574][ T19] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 446.419129][ T19] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 446.430756][ T19] usb 4-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 446.454462][ T6436] Zero length message leads to an empty skb [ 446.470436][ T19] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 446.485275][ T19] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 446.497299][ T6416] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 446.645387][ T329] usb 5-1: new high-speed USB device number 37 using dummy_hcd [ 446.825398][ T329] usb 5-1: Using ep0 maxpacket: 8 [ 446.831624][ T329] usb 5-1: config 179 has an invalid interface number: 65 but max is 0 [ 446.840532][ T329] usb 5-1: config 179 has no interface number 0 [ 446.846981][ T329] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 446.858435][ T329] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 446.870081][ T329] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 446.886413][ T329] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 446.897715][ T329] usb 5-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 446.910742][ T329] usb 5-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 446.919556][ T329] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 446.932730][ T6415] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 446.941330][ T6431] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 446.942273][ T6415] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 447.456099][ T2099] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 447.456278][ T1352] Bluetooth: hci1: command 0x1003 tx timeout [ 448.255343][ C0] ================================================================== [ 448.263329][ C0] BUG: KASAN: use-after-free in __run_timers+0x34a/0xa10 [ 448.270180][ C0] Write of size 8 at addr ffff888113b84a00 by task syz.0.1778/6447 [ 448.277913][ C0] [ 448.280077][ C0] CPU: 0 PID: 6447 Comm: syz.0.1778 Not tainted 6.1.118-syzkaller-00074-g3e3f2b9e9fca #0 [ 448.289708][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 448.299606][ C0] Call Trace: [ 448.302739][ C0] [ 448.305421][ C0] dump_stack_lvl+0x151/0x1b7 [ 448.309931][ C0] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 448.315227][ C0] ? _printk+0xd1/0x111 [ 448.319490][ C0] ? __virt_addr_valid+0x242/0x2f0 [ 448.324432][ C0] print_report+0x158/0x4e0 [ 448.328767][ C0] ? __virt_addr_valid+0x242/0x2f0 [ 448.333728][ C0] ? kasan_complete_mode_report_info+0x90/0x1b0 [ 448.339794][ C0] ? __run_timers+0x34a/0xa10 [ 448.344303][ C0] kasan_report+0x13c/0x170 [ 448.348650][ C0] ? __run_timers+0x34a/0xa10 [ 448.353158][ C0] __asan_report_store8_noabort+0x17/0x20 [ 448.358709][ C0] __run_timers+0x34a/0xa10 [ 448.363054][ C0] ? kvm_sched_clock_read+0x18/0x40 [ 448.368092][ C0] ? calc_index+0x270/0x270 [ 448.372428][ C0] ? sched_clock+0x9/0x10 [ 448.376591][ C0] ? sched_clock_cpu+0x71/0x2b0 [ 448.381277][ C0] run_timer_softirq+0x69/0xf0 [ 448.385878][ C0] handle_softirqs+0x1db/0x650 [ 448.390567][ C0] ? irqtime_account_irq+0xdc/0x260 [ 448.395599][ C0] __irq_exit_rcu+0x52/0xf0 [ 448.399937][ C0] irq_exit_rcu+0x9/0x10 [ 448.404018][ C0] sysvec_apic_timer_interrupt+0xa9/0xc0 [ 448.409485][ C0] [ 448.412264][ C0] [ 448.415039][ C0] asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 448.420855][ C0] RIP: 0010:_raw_spin_unlock_irqrestore+0x56/0x80 [ 448.427102][ C0] Code: f5 0d 87 e8 cc 0a 9b fc 48 83 3d d4 05 ec 01 00 74 34 48 89 df e8 6e 0f 00 00 90 41 f7 c6 00 02 00 00 74 01 fb bf 01 00 00 00 95 ae 2d fc 65 8b 05 56 7e e0 7a 85 c0 74 05 5b 41 5e 5d c3 e8 [ 448.446547][ C0] RSP: 0000:ffffc90000f0f560 EFLAGS: 00000206 [ 448.452444][ C0] RAX: 0000000000000001 RBX: ffff88813d477380 RCX: dffffc0000000000 [ 448.460260][ C0] RDX: 0000000000000001 RSI: 0000000000000246 RDI: 0000000000000001 [ 448.468072][ C0] RBP: ffffc90000f0f570 R08: dffffc0000000000 R09: ffffed102337e79c [ 448.475879][ C0] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000246 [ 448.483692][ C0] R13: 0000000000000000 R14: 0000000000000246 R15: ffff88813d477380 [ 448.491511][ C0] prepare_to_wait_exclusive+0x1ac/0x1f0 [ 448.496983][ C0] unix_wait_for_peer+0x15d/0x330 [ 448.501830][ C0] ? unix_find_other+0x8e0/0x8e0 [ 448.506605][ C0] ? wake_bit_function+0x230/0x230 [ 448.511552][ C0] ? _raw_spin_trylock_bh+0x190/0x190 [ 448.516762][ C0] ? security_unix_may_send+0x7b/0xa0 [ 448.521969][ C0] unix_dgram_sendmsg+0x1348/0x2050 [ 448.527009][ C0] ? unix_dgram_poll+0x690/0x690 [ 448.531777][ C0] ? security_socket_sendmsg+0x82/0xb0 [ 448.537070][ C0] ? unix_dgram_poll+0x690/0x690 [ 448.541841][ C0] ____sys_sendmsg+0x5d3/0x9a0 [ 448.546444][ C0] ? __sys_sendmsg_sock+0x40/0x40 [ 448.551306][ C0] __sys_sendmmsg+0x3b9/0x6f0 [ 448.555822][ C0] ? __ia32_sys_sendmsg+0x90/0x90 [ 448.560682][ C0] ? futex_wait+0x4b7/0x7e0 [ 448.565038][ C0] ? _raw_spin_unlock_irqrestore+0x5b/0x80 [ 448.570660][ C0] ? _raw_spin_trylock_bh+0x190/0x190 [ 448.575866][ C0] ? do_futex+0x55a/0x9a0 [ 448.580042][ C0] ? regmap_debugfs_get_dump_start+0x4f0/0x9f0 [ 448.586029][ C0] __x64_sys_sendmmsg+0xa0/0xb0 [ 448.590709][ C0] x64_sys_call+0x81d/0x9a0 [ 448.595048][ C0] do_syscall_64+0x3b/0xb0 [ 448.599299][ C0] ? clear_bhb_loop+0x55/0xb0 [ 448.603813][ C0] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 448.609549][ C0] RIP: 0033:0x7efd35585d29 [ 448.613795][ C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 448.633247][ C0] RSP: 002b:00007efd363a7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 448.641484][ C0] RAX: ffffffffffffffda RBX: 00007efd35775fa0 RCX: 00007efd35585d29 [ 448.649295][ C0] RDX: 0000000000000318 RSI: 00000000200bd000 RDI: 0000000000000004 [ 448.657104][ C0] RBP: 00007efd35601aa8 R08: 0000000000000000 R09: 0000000000000000 [ 448.664917][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 448.672727][ C0] R13: 0000000000000000 R14: 00007efd35775fa0 R15: 00007ffdb9a1a5e8 [ 448.680543][ C0] [ 448.683410][ C0] [ 448.685578][ C0] Allocated by task 6346: [ 448.689744][ C0] kasan_set_track+0x4b/0x70 [ 448.694165][ C0] kasan_save_alloc_info+0x1f/0x30 [ 448.699109][ C0] __kasan_kmalloc+0x9c/0xb0 [ 448.703538][ C0] __kmalloc+0xb4/0x1e0 [ 448.707529][ C0] hci_alloc_dev_priv+0x27/0x1c00 [ 448.712500][ C0] hci_uart_tty_ioctl+0x401/0xa70 [ 448.717364][ C0] tty_ioctl+0x903/0xc50 [ 448.721437][ C0] __se_sys_ioctl+0x114/0x190 [ 448.725950][ C0] __x64_sys_ioctl+0x7b/0x90 [ 448.730375][ C0] x64_sys_call+0x98/0x9a0 [ 448.734631][ C0] do_syscall_64+0x3b/0xb0 [ 448.738883][ C0] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 448.744609][ C0] [ 448.746779][ C0] Freed by task 6415: [ 448.750603][ C0] kasan_set_track+0x4b/0x70 [ 448.755033][ C0] kasan_save_free_info+0x2b/0x40 [ 448.759885][ C0] ____kasan_slab_free+0x131/0x180 [ 448.764831][ C0] __kasan_slab_free+0x11/0x20 [ 448.769436][ C0] __kmem_cache_free+0x21d/0x410 [ 448.774209][ C0] kfree+0x7a/0xf0 [ 448.777775][ C0] hci_release_dev+0x14d3/0x1640 [ 448.782539][ C0] bt_host_release+0x83/0xa0 [ 448.786968][ C0] device_release+0x95/0x1c0 [ 448.791397][ C0] kobject_put+0x178/0x260 [ 448.795642][ C0] put_device+0x1f/0x30 [ 448.799639][ C0] hci_dev_cmd+0x2be/0x9b0 [ 448.803914][ C0] hci_sock_ioctl+0x415/0x7f0 [ 448.808405][ C0] sock_do_ioctl+0x152/0x450 [ 448.812831][ C0] sock_ioctl+0x455/0x740 [ 448.816998][ C0] __se_sys_ioctl+0x114/0x190 [ 448.821520][ C0] __x64_sys_ioctl+0x7b/0x90 [ 448.825938][ C0] x64_sys_call+0x98/0x9a0 [ 448.830191][ C0] do_syscall_64+0x3b/0xb0 [ 448.834447][ C0] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 448.840169][ C0] [ 448.842342][ C0] Last potentially related work creation: [ 448.847895][ C0] kasan_save_stack+0x3b/0x60 [ 448.852407][ C0] __kasan_record_aux_stack+0xb4/0xc0 [ 448.857614][ C0] kasan_record_aux_stack_noalloc+0xb/0x10 [ 448.863257][ C0] insert_work+0x56/0x310 [ 448.867511][ C0] __queue_work+0x9b6/0xd70 [ 448.871850][ C0] queue_work_on+0x105/0x170 [ 448.876278][ C0] __hci_cmd_sync_sk+0xc2a/0xf70 [ 448.881049][ C0] hci_cmd_sync_status+0x52/0x130 [ 448.885907][ C0] hci_dev_cmd+0x39e/0x9b0 [ 448.890164][ C0] hci_sock_ioctl+0x415/0x7f0 [ 448.894683][ C0] sock_do_ioctl+0x152/0x450 [ 448.899104][ C0] sock_ioctl+0x455/0x740 [ 448.903288][ C0] __se_sys_ioctl+0x114/0x190 [ 448.907781][ C0] __x64_sys_ioctl+0x7b/0x90 [ 448.912208][ C0] x64_sys_call+0x98/0x9a0 [ 448.916463][ C0] do_syscall_64+0x3b/0xb0 [ 448.920720][ C0] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 448.926443][ C0] [ 448.928624][ C0] Second to last potentially related work creation: [ 448.935041][ C0] kasan_save_stack+0x3b/0x60 [ 448.939549][ C0] __kasan_record_aux_stack+0xb4/0xc0 [ 448.944754][ C0] kasan_record_aux_stack_noalloc+0xb/0x10 [ 448.950397][ C0] insert_work+0x56/0x310 [ 448.954561][ C0] __queue_work+0x9b6/0xd70 [ 448.958905][ C0] queue_work_on+0x105/0x170 [ 448.963329][ C0] hci_cmd_timeout+0x199/0x200 [ 448.967926][ C0] process_one_work+0x73d/0xcb0 [ 448.972700][ C0] worker_thread+0xa60/0x1260 [ 448.977225][ C0] kthread+0x26d/0x300 [ 448.981135][ C0] ret_from_fork+0x1f/0x30 [ 448.985375][ C0] [ 448.987544][ C0] The buggy address belongs to the object at ffff888113b84000 [ 448.987544][ C0] which belongs to the cache kmalloc-8k of size 8192 [ 449.001440][ C0] The buggy address is located 2560 bytes inside of [ 449.001440][ C0] 8192-byte region [ffff888113b84000, ffff888113b86000) [ 449.014723][ C0] [ 449.017055][ C0] The buggy address belongs to the physical page: [ 449.023309][ C0] page:ffffea00044ee000 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x113b80 [ 449.033373][ C0] head:ffffea00044ee000 order:3 compound_mapcount:0 compound_pincount:0 [ 449.041534][ C0] flags: 0x4000000000010200(slab|head|zone=1) [ 449.047439][ C0] raw: 4000000000010200 ffffea0004305600 dead000000000003 ffff888100043500 [ 449.055857][ C0] raw: 0000000000000000 0000000000020002 00000001ffffffff 0000000000000000 [ 449.064381][ C0] page dumped because: kasan: bad access detected [ 449.070627][ C0] page_owner tracks the page as allocated [ 449.076174][ C0] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x152a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 324, tgid 323 (syz.4.6), ts 28058297876, free_ts 28051791880 [ 449.096051][ C0] post_alloc_hook+0x213/0x220 [ 449.100650][ C0] prep_new_page+0x1b/0x110 [ 449.104986][ C0] get_page_from_freelist+0x2f41/0x2fc0 [ 449.110369][ C0] __alloc_pages+0x234/0x610 [ 449.114881][ C0] alloc_slab_page+0x6c/0xf0 [ 449.119312][ C0] new_slab+0x90/0x3e0 [ 449.123222][ C0] ___slab_alloc+0x6f9/0xb80 [ 449.127640][ C0] __slab_alloc+0x5d/0xa0 [ 449.131804][ C0] __kmem_cache_alloc_node+0x207/0x2a0 [ 449.137103][ C0] kmalloc_trace+0x2a/0xa0 [ 449.141359][ C0] audit_log_d_path+0xb9/0x170 [ 449.145953][ C0] common_lsm_audit+0x3bf/0x1940 [ 449.150728][ C0] slow_avc_audit+0x26c/0x3c0 [ 449.155239][ C0] avc_has_perm+0x1f5/0x260 [ 449.159579][ C0] file_has_perm+0x508/0x6c0 [ 449.164006][ C0] selinux_file_ioctl+0x1f3/0x540 [ 449.168865][ C0] page last free stack trace: [ 449.173388][ C0] free_unref_page_prepare+0x83d/0x850 [ 449.178676][ C0] free_unref_page+0xb2/0x5c0 [ 449.183290][ C0] __free_pages+0x61/0xf0 [ 449.187438][ C0] __free_slab+0xce/0x1a0 [ 449.191618][ C0] __unfreeze_partials+0x165/0x1a0 [ 449.196552][ C0] put_cpu_partial+0xa9/0x100 [ 449.201065][ C0] __slab_free+0x1c8/0x280 [ 449.205320][ C0] ___cache_free+0xc6/0xd0 [ 449.209582][ C0] qlist_free_all+0xc5/0x140 [ 449.213999][ C0] kasan_quarantine_reduce+0x15a/0x180 [ 449.219293][ C0] __kasan_slab_alloc+0x24/0x80 [ 449.224069][ C0] slab_post_alloc_hook+0x53/0x2c0 [ 449.229024][ C0] kmem_cache_alloc+0x175/0x320 [ 449.233700][ C0] getname_flags+0xba/0x520 [ 449.238040][ C0] getname+0x19/0x20 [ 449.241782][ C0] do_sys_openat2+0xe0/0x870 [ 449.246201][ C0] [ 449.248420][ C0] Memory state around the buggy address: [ 449.253840][ C0] ffff888113b84900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 449.261740][ C0] ffff888113b84980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 449.269639][ C0] >ffff888113b84a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 449.277536][ C0] ^ [ 449.281440][ C0] ffff888113b84a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 449.289337][ C0] ffff888113b84b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 449.297233][ C0] ================================================================== [ 449.305132][ C0] Disabling lock debugging due to kernel taint [ 449.311183][ C0] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN [ 449.322855][ C0] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 449.331093][ C0] CPU: 0 PID: 6447 Comm: syz.0.1778 Tainted: G B 6.1.118-syzkaller-00074-g3e3f2b9e9fca #0 [ 449.342205][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 [ 449.352096][ C0] RIP: 0010:__queue_work+0x4f1/0xd70 [ 449.357216][ C0] Code: 39 03 0f 84 40 01 00 00 e8 fc 6b 2a 00 4c 89 e7 e8 e4 d3 d6 03 49 bd 00 00 00 00 00 fc ff df 4c 8b 65 d0 4c 89 f0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 f7 e8 30 df 71 00 49 8b 3e e8 98 cc d6 [ 449.376659][ C0] RSP: 0000:ffffc90000007c78 EFLAGS: 00010046 [ 449.382559][ C0] RAX: 0000000000000000 RBX: 000000007fffffff RCX: ffff888119bf3cc0 [ 449.390374][ C0] RDX: 0000000000000100 RSI: 000000007fffffff RDI: 000000007fffffff [ 449.398271][ C0] RBP: ffffc90000007d00 R08: ffffffff814b186b R09: 0000000000000007 [ 449.406081][ C0] R10: ffffffffffffffff R11: dffffc0000000001 R12: ffff888113b849c8 [ 449.413904][ C0] R13: dffffc0000000000 R14: 0000000000000000 R15: ffff888113b849e0 [ 449.421705][ C0] FS: 00007efd363a76c0(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 449.430471][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 449.436977][ C0] CR2: 000000110c332689 CR3: 0000000116e7d000 CR4: 00000000003506b0 [ 449.444799][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 449.452618][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 449.460410][ C0] Call Trace: [ 449.463536][ C0] [ 449.466231][ C0] ? __die_body+0x62/0xb0 [ 449.470399][ C0] ? die_addr+0x9f/0xd0 [ 449.474385][ C0] ? exc_general_protection+0x317/0x4c0 [ 449.479803][ C0] ? asm_exc_general_protection+0x27/0x30 [ 449.485333][ C0] ? __queue_work+0x28b/0xd70 [ 449.489836][ C0] ? __queue_work+0x4f1/0xd70 [ 449.494433][ C0] ? __queue_work+0x29c/0xd70 [ 449.498954][ C0] delayed_work_timer_fn+0x61/0x80 [ 449.503902][ C0] ? queue_work_node+0x1d0/0x1d0 [ 449.508675][ C0] call_timer_fn+0x3b/0x2d0 [ 449.513009][ C0] ? queue_work_node+0x1d0/0x1d0 [ 449.517876][ C0] __run_timers+0x756/0xa10 [ 449.522305][ C0] ? calc_index+0x270/0x270 [ 449.526644][ C0] ? sched_clock+0x9/0x10 [ 449.530806][ C0] ? sched_clock_cpu+0x71/0x2b0 [ 449.535499][ C0] run_timer_softirq+0x69/0xf0 [ 449.540232][ C0] handle_softirqs+0x1db/0x650 [ 449.544781][ C0] ? irqtime_account_irq+0xdc/0x260 [ 449.549818][ C0] __irq_exit_rcu+0x52/0xf0 [ 449.554156][ C0] irq_exit_rcu+0x9/0x10 [ 449.558237][ C0] sysvec_apic_timer_interrupt+0xa9/0xc0 [ 449.563705][ C0] [ 449.566482][ C0] [ 449.569258][ C0] asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 449.575071][ C0] RIP: 0010:_raw_spin_unlock_irqrestore+0x56/0x80 [ 449.581324][ C0] Code: f5 0d 87 e8 cc 0a 9b fc 48 83 3d d4 05 ec 01 00 74 34 48 89 df e8 6e 0f 00 00 90 41 f7 c6 00 02 00 00 74 01 fb bf 01 00 00 00 95 ae 2d fc 65 8b 05 56 7e e0 7a 85 c0 74 05 5b 41 5e 5d c3 e8 [ 449.600764][ C0] RSP: 0000:ffffc90000f0f560 EFLAGS: 00000206 [ 449.606664][ C0] RAX: 0000000000000001 RBX: ffff88813d477380 RCX: dffffc0000000000 [ 449.614493][ C0] RDX: 0000000000000001 RSI: 0000000000000246 RDI: 0000000000000001 [ 449.622288][ C0] RBP: ffffc90000f0f570 R08: dffffc0000000000 R09: ffffed102337e79c [ 449.630097][ C0] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000246 [ 449.637911][ C0] R13: 0000000000000000 R14: 0000000000000246 R15: ffff88813d477380 [ 449.646252][ C0] prepare_to_wait_exclusive+0x1ac/0x1f0 [ 449.651710][ C0] unix_wait_for_peer+0x15d/0x330 [ 449.656573][ C0] ? unix_find_other+0x8e0/0x8e0 [ 449.661347][ C0] ? wake_bit_function+0x230/0x230 [ 449.666297][ C0] ? _raw_spin_trylock_bh+0x190/0x190 [ 449.671503][ C0] ? security_unix_may_send+0x7b/0xa0 [ 449.676706][ C0] unix_dgram_sendmsg+0x1348/0x2050 [ 449.681744][ C0] ? unix_dgram_poll+0x690/0x690 [ 449.686523][ C0] ? security_socket_sendmsg+0x82/0xb0 [ 449.691806][ C0] ? unix_dgram_poll+0x690/0x690 [ 449.696584][ C0] ____sys_sendmsg+0x5d3/0x9a0 [ 449.701184][ C0] ? __sys_sendmsg_sock+0x40/0x40 [ 449.706046][ C0] __sys_sendmmsg+0x3b9/0x6f0 [ 449.710558][ C0] ? __ia32_sys_sendmsg+0x90/0x90 [ 449.715422][ C0] ? futex_wait+0x4b7/0x7e0 [ 449.719758][ C0] ? _raw_spin_unlock_irqrestore+0x5b/0x80 [ 449.725402][ C0] ? _raw_spin_trylock_bh+0x190/0x190 [ 449.730605][ C0] ? do_futex+0x55a/0x9a0 [ 449.734775][ C0] ? regmap_debugfs_get_dump_start+0x4f0/0x9f0 [ 449.740766][ C0] __x64_sys_sendmmsg+0xa0/0xb0 [ 449.745455][ C0] x64_sys_call+0x81d/0x9a0 [ 449.749785][ C0] do_syscall_64+0x3b/0xb0 [ 449.754040][ C0] ? clear_bhb_loop+0x55/0xb0 [ 449.758553][ C0] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 449.764286][ C0] RIP: 0033:0x7efd35585d29 [ 449.768535][ C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 449.787986][ C0] RSP: 002b:00007efd363a7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 449.796222][ C0] RAX: ffffffffffffffda RBX: 00007efd35775fa0 RCX: 00007efd35585d29 [ 449.804030][ C0] RDX: 0000000000000318 RSI: 00000000200bd000 RDI: 0000000000000004 [ 449.811841][ C0] RBP: 00007efd35601aa8 R08: 0000000000000000 R09: 0000000000000000 [ 449.819659][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 449.827550][ C0] R13: 0000000000000000 R14: 00007efd35775fa0 R15: 00007ffdb9a1a5e8 [ 449.835367][ C0] [ 449.838226][ C0] Modules linked in: [ 449.842062][ C0] ---[ end trace 0000000000000000 ]--- [ 449.847351][ C0] RIP: 0010:__queue_work+0x4f1/0xd70 [ 449.852472][ C0] Code: 39 03 0f 84 40 01 00 00 e8 fc 6b 2a 00 4c 89 e7 e8 e4 d3 d6 03 49 bd 00 00 00 00 00 fc ff df 4c 8b 65 d0 4c 89 f0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 f7 e8 30 df 71 00 49 8b 3e e8 98 cc d6 [ 449.871911][ C0] RSP: 0000:ffffc90000007c78 EFLAGS: 00010046 [ 449.877820][ C0] RAX: 0000000000000000 RBX: 000000007fffffff RCX: ffff888119bf3cc0 [ 449.885625][ C0] RDX: 0000000000000100 RSI: 000000007fffffff RDI: 000000007fffffff [ 449.893451][ C0] RBP: ffffc90000007d00 R08: ffffffff814b186b R09: 0000000000000007 [ 449.901252][ C0] R10: ffffffffffffffff R11: dffffc0000000001 R12: ffff888113b849c8 [ 449.909159][ C0] R13: dffffc0000000000 R14: 0000000000000000 R15: ffff888113b849e0 [ 449.916962][ C0] FS: 00007efd363a76c0(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 449.925725][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 449.932147][ C0] CR2: 000000110c332689 CR3: 0000000116e7d000 CR4: 00000000003506b0 [ 449.939959][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 449.947769][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 449.955583][ C0] Kernel panic - not syncing: Fatal exception in interrupt [ 449.962932][ C0] Kernel Offset: disabled [ 449.967063][ C0] Rebooting in 86400 seconds..