last executing test programs: 42.802587514s ago: executing program 0 (id=664): openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r3 = syz_io_uring_setup(0x88f, &(0x7f0000000900)={0x0, 0xaee1, 0x10, 0xffffffff, 0xffdffffe}, &(0x7f0000000000)=0x0, &(0x7f0000000540)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000100)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r3, 0x47f4, 0x0, 0x0, 0x0, 0x0) 41.734702355s ago: executing program 0 (id=667): openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = syz_usb_connect$hid(0x6, 0x36, 0x0, 0x0) syz_emit_ethernet(0x116b, &(0x7f0000000640)=ANY=[@ANYBLOB="0f477c6b16f8b9c88e885caffb95a3aa959c98305f6417e8e8227c234cbd541e987da4ee877d57c5d647f5bbbf29cb73200ef60d85021fa522799b2c2aed449a0318bea42a62452ca0507e30825745514c72cada839cc9ae1d9bd3f12f420e225668829873fde8f8c30ad30452a4ca583cccab42c72bdb40abae1d7237d7ef6758b692d29115983f31b3b90000", @ANYRES64=r0, @ANYRES16=r1, @ANYRES32=0x0], 0x0) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) r2 = socket$nl_rdma(0x10, 0x3, 0x14) r3 = openat$sndseq(0xffffff9c, &(0x7f0000000140), 0x200) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r3, 0x40bc5311, &(0x7f0000000180)={0x7, 0x0, 'client0\x00', 0x6, "3ce55b18c1f27588", "583d57b0a57e6430d87bc0fb393b14d5e384752fed0f1c8133f3b5ccbae26cfa", 0xfffff001, 0x8}) sendmsg$RDMA_NLDEV_CMD_RES_MR_GET(r2, 0x0, 0x50) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) socket$nl_netfilter(0x10, 0x3, 0xc) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x201, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0xa}]}], {0x14}}, 0x64}}, 0x0) r6 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r6, &(0x7f0000000080)={0x28, 0x0, 0x2711}, 0x10) connect$inet6(r4, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}}, 0x1c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x318, 0x1, 0x24}, 0x9c) 37.662517573s ago: executing program 0 (id=676): mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount$afs(0x0, &(0x7f0000002840)='./file0\x00', &(0x7f0000002880), 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="64796e2c0081"]) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0xf1) mkdir(&(0x7f00000004c0)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000000000), 0x0, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f00000000c0)='./bus\x00') r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x90) openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0) getdents64(r0, &(0x7f0000000f80)=""/4096, 0x1000) 37.520655456s ago: executing program 0 (id=677): sched_setaffinity(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000540), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = syz_init_net_socket$ax25(0x3, 0x5, 0x0) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) listen(r1, 0x3) accept4(r1, 0x0, 0x0, 0x0) 36.402468337s ago: executing program 0 (id=682): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) r0 = syz_clone(0x88200200, 0x0, 0x0, 0x0, 0x0, 0x0) setpgid(r0, 0x0) mount$bind(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000240)='./file0\x00', 0x0, 0x243014, 0x0) setpgid(0x0, r0) mount$overlay(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0xa40028, 0x0) 35.810789069s ago: executing program 0 (id=686): socket$inet6_udp(0xa, 0x2, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext2\x00', &(0x7f0000000840)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xc0ed000e, &(0x7f0000000180)={[{@jqfmt_vfsold}, {@nolazytime}, {@abort}, {@noload}, {@errors_continue}, {@abort}, {@dax}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x8000}}]}, 0xfa, 0x48a, &(0x7f0000000940)="$eJzs3M9vFFUcAPDvTLulgNiq+AMEqaKRqLS0/JCDF40mHDQx0QPGU20LqRRqaE2EEK0e8GhIvBvjP2E86cWoMdHEq94NCTFcQL2smZ0ZKO0O3Urbpd3PJ5ntezPTfe87M2/mzbzdDaBjDWQvScQ9EfF7RPTl2VtXGMj/XL96YezvqxfGkqjX3/graax37eqFsXLV8v+25pl6vchvalLuxbcjRqemJs4W+aHZ0+8NzZw7v3/y9OjJiZMTZ0aOHj10cHfPkZHDKxJnFte1nR9O79px7K1Lr40dv/TOj0kaedyxII6VMpBv3aaeWunC2mzbvHTSnb32Frk9v9xc0uxIoJ26IiLbXbVG+++Lrth8Y1lfvPJJWysHrKp6vV6/zVl5rg5sYEm0uwZAe5QX+uz+t5zWqOtxV7jyYn4DlMV9vZjyJd2R5ok9tQX3tytpICKOz/3zRTbF8p5D/LxKVQIANrhvs/7Pc836f2k8lCd6spd7izGU/oi4LyLuj4gHImJ7RDwY0Vj34Yh4ZJnlLxwhWdz/SS//7+BakPX/XijGtm7t/6XXilX6uxpbI+8D9kctOTE5NXGg2Cb7orbpxGQyMXybMr57+bfPqpbN7/9lU1Z+2Rcs6nG5e8EDuvHR2dE7CnqeKx9H7OxuFn/SGBeIYlxvR0TsbP4W+79aoozJZ7orl1XF39NK5avftmX1LyOezvf/XCyIv5RUjk8OP39k5PBQb0xNHBgqj4rFfvr14utV5S+9/1dXtv+3ND3+b8Tfn/RGzJw7f6oxXjuz/DIu/vFp5T3NMo//Y9uK478nebMxozxOPhidnT07HNGTvLp4/sjNdyvz5fpZ/Pv2Nm3/jXNcuSUejYhdEbE7Ih7LbgqLuj8eEU9ExN7bxP/DS0++u/z412asNIt/fKn9H/P3//ITXae+/2bp+Hsjomr/H2qk9hVzWjn/tVrBO9l2AAAAsF7kn4FP0sGb6WRwMP8M//bYkk5Nz8w+e2L6/TPj+Wfl+6OWlk+6+uY9Dx0ung2X+ZEF+YPFc+PPuzY38oNj01Pj7Q4eOtzWRe0/TbP2n/mzq921A1bdCoyjAeuU9g+dS/uHzpQs2f5ra1YXYO25/kPnatb+P6pce/DrVa0MsKZc/6FztdD+5/I/1b0CYH1y/YfOpf1DR6r8bnx6R1/5X/PEv8XvGd4t9dn4iUjvimps/ER3yz9mUZWoLW7L9b68/WdzNjX9r3afmQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFbGfwEAAP//XDTnjA==") r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x40}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) fanotify_init(0x8, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x1d, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x4, 0x40, 0x7fff0000}]}) 20.502535055s ago: executing program 32 (id=686): socket$inet6_udp(0xa, 0x2, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext2\x00', &(0x7f0000000840)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xc0ed000e, &(0x7f0000000180)={[{@jqfmt_vfsold}, {@nolazytime}, {@abort}, {@noload}, {@errors_continue}, {@abort}, {@dax}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x8000}}]}, 0xfa, 0x48a, &(0x7f0000000940)="$eJzs3M9vFFUcAPDvTLulgNiq+AMEqaKRqLS0/JCDF40mHDQx0QPGU20LqRRqaE2EEK0e8GhIvBvjP2E86cWoMdHEq94NCTFcQL2smZ0ZKO0O3Urbpd3PJ5ntezPTfe87M2/mzbzdDaBjDWQvScQ9EfF7RPTl2VtXGMj/XL96YezvqxfGkqjX3/graax37eqFsXLV8v+25pl6vchvalLuxbcjRqemJs4W+aHZ0+8NzZw7v3/y9OjJiZMTZ0aOHj10cHfPkZHDKxJnFte1nR9O79px7K1Lr40dv/TOj0kaedyxII6VMpBv3aaeWunC2mzbvHTSnb32Frk9v9xc0uxIoJ26IiLbXbVG+++Lrth8Y1lfvPJJWysHrKp6vV6/zVl5rg5sYEm0uwZAe5QX+uz+t5zWqOtxV7jyYn4DlMV9vZjyJd2R5ok9tQX3tytpICKOz/3zRTbF8p5D/LxKVQIANrhvs/7Pc836f2k8lCd6spd7izGU/oi4LyLuj4gHImJ7RDwY0Vj34Yh4ZJnlLxwhWdz/SS//7+BakPX/XijGtm7t/6XXilX6uxpbI+8D9kctOTE5NXGg2Cb7orbpxGQyMXybMr57+bfPqpbN7/9lU1Z+2Rcs6nG5e8EDuvHR2dE7CnqeKx9H7OxuFn/SGBeIYlxvR0TsbP4W+79aoozJZ7orl1XF39NK5avftmX1LyOezvf/XCyIv5RUjk8OP39k5PBQb0xNHBgqj4rFfvr14utV5S+9/1dXtv+3ND3+b8Tfn/RGzJw7f6oxXjuz/DIu/vFp5T3NMo//Y9uK478nebMxozxOPhidnT07HNGTvLp4/sjNdyvz5fpZ/Pv2Nm3/jXNcuSUejYhdEbE7Ih7LbgqLuj8eEU9ExN7bxP/DS0++u/z412asNIt/fKn9H/P3//ITXae+/2bp+Hsjomr/H2qk9hVzWjn/tVrBO9l2AAAAsF7kn4FP0sGb6WRwMP8M//bYkk5Nz8w+e2L6/TPj+Wfl+6OWlk+6+uY9Dx0ung2X+ZEF+YPFc+PPuzY38oNj01Pj7Q4eOtzWRe0/TbP2n/mzq921A1bdCoyjAeuU9g+dS/uHzpQs2f5ra1YXYO25/kPnatb+P6pce/DrVa0MsKZc/6FztdD+5/I/1b0CYH1y/YfOpf1DR6r8bnx6R1/5X/PEv8XvGd4t9dn4iUjvimps/ER3yz9mUZWoLW7L9b68/WdzNjX9r3afmQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFbGfwEAAP//XDTnjA==") r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x40}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) fanotify_init(0x8, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x1d, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x4, 0x40, 0x7fff0000}]}) 14.630193568s ago: executing program 4 (id=761): mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000200)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x200c008, &(0x7f0000000300)='usrquota') chdir(&(0x7f0000000280)='./file1\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0) quotactl_fd$Q_SETQUOTA(r0, 0xffffffff80000800, 0x0, &(0x7f00000000c0)={0x0, 0x1, 0x2000200000a95c, 0x4, 0x4000000201, 0x4000000201, 0x48cd, 0xfffffffffffffffc, 0x800000df}) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0) 14.613715908s ago: executing program 4 (id=762): r0 = syz_usb_connect(0x0, 0x3f, &(0x7f0000000240)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f0002000000090505020000", @ANYRES32], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000080)={0x84, &(0x7f0000001a80)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$FS_IOC_GETVERSION(r1, 0x40015b0b, &(0x7f0000000040)) 13.534034169s ago: executing program 2 (id=766): syz_usb_connect(0x5, 0x24, &(0x7f0000002040)=ANY=[@ANYBLOB="12010000fe76181004160780a6af011703010902120001000000"], 0x0) r0 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x800) ioctl$SNDRV_CTL_IOCTL_HWDEP_INFO(r0, 0x80dc5521, &(0x7f00000001c0)=""/4096) 11.876114931s ago: executing program 1 (id=770): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r0, 0xfff) syz_emit_ethernet(0x4a, &(0x7f0000000240)={@local, @dev, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "8a35f2", 0x14, 0x6, 0xff, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2, 0x800}}}}}}}, 0x0) 11.663779656s ago: executing program 1 (id=772): openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = syz_usb_connect$hid(0x6, 0x36, 0x0, 0x0) syz_emit_ethernet(0x116b, &(0x7f0000000640)=ANY=[@ANYBLOB="0f477c6b16f8b9c88e885caffb95a3aa959c98305f6417e8e8227c234cbd541e987da4ee877d57c5d647f5bbbf29cb73200ef60d85021fa522799b2c2aed449a0318bea42a62452ca0507e30825745514c72cada839cc9ae1d9bd3f12f420e225668829873fde8f8c30ad30452a4ca583cccab42c72bdb40abae1d7237d7ef6758b692d29115983f31b3b90000", @ANYRES64=r0, @ANYRES16=r1, @ANYRES32=0x0], 0x0) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) r2 = socket$nl_rdma(0x10, 0x3, 0x14) r3 = openat$sndseq(0xffffff9c, &(0x7f0000000140), 0x200) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r3, 0x40bc5311, &(0x7f0000000180)={0x7, 0x0, 'client0\x00', 0x6, "3ce55b18c1f27588", "583d57b0a57e6430d87bc0fb393b14d5e384752fed0f1c8133f3b5ccbae26cfa", 0xfffff001, 0x8}) sendmsg$RDMA_NLDEV_CMD_RES_MR_GET(r2, 0x0, 0x50) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) socket$nl_netfilter(0x10, 0x3, 0xc) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0) r6 = socket$vsock_stream(0x28, 0x1, 0x0) setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(r6, 0x28, 0x1, &(0x7f0000000140)=0xfffffffffffffffe, 0x8) connect$vsock_stream(r6, &(0x7f0000000080)={0x28, 0x0, 0x2711}, 0x10) connect$inet6(r4, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}}, 0x1c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x318, 0x1, 0x24}, 0x9c) 11.564206798s ago: executing program 2 (id=773): mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) r0 = syz_open_dev$tty1(0xc, 0x4, 0x4) ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, &(0x7f0000000000)={0x2, 0x0, 0xc, 0x8, 0x1d4, 0x0}) 11.156911395s ago: executing program 4 (id=774): mkdir(&(0x7f0000000400)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f00000004c0)='cgroup2\x00', 0x0, 0x0) chroot(&(0x7f0000000480)='./file0/../file0\x00') mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000380), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r0, &(0x7f0000000e80)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20008080}}, {{&(0x7f0000000640)=@file={0x1, './file0/../file0\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x4004000}}], 0x2, 0x4) 10.435724009s ago: executing program 2 (id=775): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0xe, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x0, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x3}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0xffffffffffffffff, 0x4}, 0x1}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000002000)=ANY=[@ANYRES32=0x0, @ANYRES32=0x0], 0x140}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) openat$cuse(0xffffff9c, &(0x7f00000001c0), 0x2, 0x0) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10138, 0x2, 0x0) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) syz_clone3(&(0x7f00000002c0)={0x8040000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) r3 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r5 = socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) write$tun(r4, &(0x7f0000000080)={@val={0x8, 0x800}, @val={0x2, 0x1, 0x9, 0x68, 0x8000, 0x9}, @ipv4=@udp={{0x5, 0x4, 0x3, 0x1b, 0x59, 0x66, 0x0, 0x40, 0x11, 0x0, @private=0xa010102, @local}, {0x4f20, 0x4e22, 0x45, 0x0, @gue={{0x1, 0x0, 0x3, 0x2, 0x0, @void}, "6279cb22459ff50866ff829694a603d3c443eead410baf7b350c12fa15932138ee8f6a6d2afdde33d5a4298b32860f7d3d68030697e95d9cff"}}}}, 0x67) ioctl$SCSI_IOCTL_SEND_COMMAND(r3, 0x1, &(0x7f0000000080)={0x0, 0x0, 0xa294}) syz_clone(0x20304000, 0x0, 0x1e, 0x0, 0x0, 0x0) 9.070427075s ago: executing program 4 (id=776): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000200)='./bus\x00', 0x20081e, &(0x7f00000001c0)={[{@grpquota}, {@nogrpid}, {@quota}]}, 0x1, 0x4fa, &(0x7f00000005c0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSFUCdEjSG1I3CiKHUexU5rQQ3rmikQlTnDkD+DcE3cuCG5cygGJHxGoQeLg1YwnqZvaTdQkdhR/PtJo3ps39fe9pvNe/U3iF8DQuhoRuxExFhF3I2I6u57LjvisfST3Pdt7uLS/93ApF63W7X/l0vbkWnT8mcSV7DWLEfGj70X8NPdy3Mb2ztpitVrZzOqzzdrGbGN758ZqbXGlslJZL5cX5hfmPrn5cfnMxvpebSwrffXpH3e/9fOkW1PZlc5xnKX20AuHcRKjEfGD8wg2ACPZeMYG3RFeSz4i3o6I99PnfzpG0q8mAHCZtVrT0ZrurAMAl10+zYHl8qUsFzAV+Xyp1M7hvROT+Wq90bx+r761vtzOlc1EIX9vtVqZy3KFM1HIJfX5tPy8Xj5SvxkRb0XEL8cn0nppqV5dHuR/fABgiF05sv7/d7y9/gMAl1xx0B0AAPrO+g8Aw8f6DwDDx/oPAMOnvf5PDLobAEAfef8PAMPH+g8AQ+WHt24lR2s/+/zr5fvbW2v1+zeWK421Um1rqbRU39wordTrK+ln9tSOe71qvb4x/1FsPZj59kajOdvY3rlTq2+tN++kn+t9p1JI79rtw8gAgF7eeu/JX3LJivzpRHpEx14OhYH2DDhv+UF3ABiYkUF3ABgYu33B8DrFe3zpAbgkumzR+4Jit18QarVarfPrEnDOrn1J/h+GVUf+308Bw5CR/4fhJf8Pw6vVyp10z/846Y0AwMUmxw/0+P7/29n5d9k3B36yfPSOx+fZKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYDvb/LWV7gU9FPl8qRbwRETNRyN1brVbmIuLNiPjzeGE8qc8PuM8AwGnl/57L9v+6Nv3h1AtN7145LI5FxM9+fftXDxabzc0/RYzl/j1+cL35OLte7n/vAYDjHazT6bnjjfyzvYdLB0c/+/OP70ZEsR1/f28s9g/jj8Zoei5GISIm/5PL6m25jtzFaew+iogvdht/LqbSHEh759Oj8ZPYb/Q1fv6F+Pm0rX1O/i6+cAZ9gWHzJJl/Puv2/OXjanru/vwX0xnq9LL5L3mppf10Dnwe/2D+G+kx/109aYyP/vD9dmni5bZHEV8ejTiIvd8x/xzEz/WI/+EJ4//1K+++36ut9ZuIa9E9fmes2WZtY7axvXNjtba4UlmprJfLC/MLc5/c/Lg8m+aoZ3uvBv/89PqbvdqS8U/2iF88ZvxfP+H4f/v/uz/+2ivif/ODbvHz8c4r4idr4jdOGH9x8vfFXm1J/OUe4z/u63/9hPGf/m3npW3DAYDBaWzvrC1Wq5VNBYWLX0j+yV6AbnQtfKdfscaie9MvPmg/00eaWq3XitVrxjiLrBtwERw+9BHxv0F3BgAAAAAAAAAAAAAA6Kofv7E06DECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABweX0eAAD//19xzyM=") mount$bind(0x0, &(0x7f00000000c0)='./file1\x00', 0x0, 0x3002, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, 0x0, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$unix(0x1, 0x1, 0x0) bind$unix(r3, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) 8.477910577s ago: executing program 1 (id=777): setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xa, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000340)=@mgmt_frame=@beacon={{{}, {}, @device_b}, 0xfffffffffffffffd, @default, 0x1001, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x1, [{0xb}]}, @void, @void, @void, @val={0x5, 0x3, {0x5, 0xdd}}, @void, @val={0x2a, 0x1, {0x1, 0x1}}, @void, @void, @val={0x72, 0x6}, @val={0x71, 0x7, {0x0, 0x0, 0x0, 0xffffffffffffffff, 0xfd}}, @val={0x76, 0x6, {0x1, 0x9, 0x25, 0xe}}}, 0x50) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), r0) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), r2) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r2, 0x0, 0x0) sendmsg$NL80211_CMD_ASSOCIATE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)={0x3c, r1, 0x1, 0x70bd2b, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x96c}], @NL80211_ATTR_MAC={0xa}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4000815}, 0x850) syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000000)=ANY=[@ANYBLOB="d0187f0008021100000108041100000050505050505020000f"], 0x3c) landlock_create_ruleset(0x0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, &(0x7f0000000680)={0x1c, &(0x7f0000000580)={0x40, 0x15, 0x6, "ff7092f55eb0"}, 0x0, 0x0}) openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) 8.068233935s ago: executing program 3 (id=778): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x6, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000300), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000080)=ANY=[], 0x4, 0x127d, &(0x7f00000011c0)="$eJzs3U1rJMUfB/DfJJPH/SeTv66ruyAWelGEcZODJy9BdkEMKNEsqKdeM9EhkwcyQyAi7njyJPgyRD16E8Q3kIsXz4IgkovHPYgtyUw085BsYjIJyOdz6aK6vlXV6U5DD1303itfrK2u1MsrWSOGCoUobo5E8WGKFEMxHC3NeOHeTz8//dY7774+v7BwZzGlu/Nvz76cUpp+5vv3Pv7m2R8a1+59O/3dWOzODO39PvfL7o3dm3t/fh3VeqrW0/pGI2Xp/sZGI7tfq6Tlan21nNKbtUpWr6Tqer2y1bF/pbaxubmTsvXlqcnNrUq9nrL1nbRa2UmNQmps7aTsg6y6nsrlcpqaDM5j6auHeZ5H5PlIjEae5/lETMa1+F9MxXSUYib+H4/F43E9nogb8WQ8FTcPWl31vAEAAAAAAAAAAAAAAAAAAOC/5RHr/wvW/wMAAAAAAAAAAAAAAAAAAMDgda//L0b4/j8AAAAAAAAAAAAAAAAAAABcskd8/79r/f+L1v8DAAAAAAAAAAAAAAAAAADAIIy3NospjUesfba9tL3U2rbq51eiGrWoxO0oxR9xsPq/pVW++9rCndvpwEy8tPagnX+wvTTcmZ8dKcVMoW9+diIiUkqd+bGYPJqfi1Jc7z/+XGv8rvx4PP/cfv7TVr4cpfjx/diIWixHFNpHf5D/ZDalV99YmOjM39pvd6zhAZ8WAAAAuEjl9Lfe5/dmu1Hf/a1d7efz1G5ZOOH3ga7n82LcKl7VUXOovvPRalarVbb+ZWH0+H5Gz9dzT6EQEVkcrZme/HVxf/BT9nN4uV3QfI4Uhi+6wxMLIye3Occ5jeKp/5gDKkSzuyYvRZy1n9++PFIzfub4+QpD7cssqzVPfbFFM88HOrG+/4xjJ6WOv2cUBnxP4vL8c9KveiYAAAAAAAAAAACcRd+3/yYioud9wA97ag5fD++M9/Z8/OifX8IRAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB/sQPHAgAAAADC/K3T6NgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgK8CAAD//w+Ty90=") r1 = syz_mount_image$vfat(&(0x7f00000006c0), &(0x7f0000000280)='./bus\x00', 0x444, 0x0, 0x1, 0x0, &(0x7f0000000080)) r2 = socket$igmp(0x2, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000000)='bridge0\x00', 0x10) sendto$inet(r2, &(0x7f0000000040)="255f5a03204f8e0b", 0xdd86, 0x804, &(0x7f0000000080)={0x2, 0x4e22, @multicast1}, 0x10) r3 = fcntl$dupfd(r2, 0x0, r2) read$FUSE(r3, &(0x7f00000000c0)={0x2020}, 0x2020) openat(r1, &(0x7f0000000340)='./file0\x00', 0x0, 0x0) chdir(&(0x7f0000001180)='./bus\x00') openat(0xffffffffffffff9c, &(0x7f0000000480)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x103741, 0x12c) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f00000024c0)=@file={0x1, './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'}, 0xffffffffffffff9b) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000000)=0xd) read$FUSE(0xffffffffffffffff, &(0x7f0000000200)={0x2020}, 0x2020) r6 = syz_open_procfs(0x0, &(0x7f0000000700)='mounts\x00') read$FUSE(r6, &(0x7f0000002780)={0x2020}, 0x5ecfb203) sendfile(r6, r6, 0x0, 0x9b) 7.668911683s ago: executing program 4 (id=779): prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_open_procfs$pagemap(r0, &(0x7f0000000000)) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r1, 0x8983, &(0x7f0000000100)={0x0, 'erspan0\x00', {0x1}, 0x26}) read$FUSE(0xffffffffffffffff, 0x0, 0x0) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) timer_create(0x0, 0x0, 0x0) timer_create(0x0, 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) sched_getattr(0x0, 0x0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) mount$cgroup(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f00000001c0), 0x2010042, &(0x7f00000000c0)={[{@noprefix}, {@subsystem='memory'}, {@xattr}]}) mount(0x0, 0x0, 0x0, 0x40078, &(0x7f0000000000)) ioctl$HCIINQUIRY(r3, 0x400448ca, 0x0) ioctl$sock_bt_hci(r3, 0x400448c9, 0x0) unshare(0x40020000) 7.556150045s ago: executing program 1 (id=780): timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)) r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42f82, 0x0) ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000180)) write$dsp(r0, &(0x7f00000001c0)="5cba91a4", 0xffffffd9) write$dsp(r0, &(0x7f0000000200)="dce480febb0ccd0bcb66ade3495e87b440e5afdc984cc06eb1c91c85a7fec04b2f82e267c1edd1543b79d80c0f949073bdbaa464c040e61ea6e658101100101097a5821b6c0c79d177b96995281707ce6d20a6db", 0x54) write$dsp(r0, &(0x7f0000000080)="cd", 0x1) ioctl$SNDCTL_DSP_SYNC(r0, 0x5001, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) 6.724444171s ago: executing program 3 (id=781): syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000080)='./file1\x00', 0x800, &(0x7f0000000100)=ANY=[@ANYBLOB='iocharset=iso8859-9,utf8,dmask=00000000000000000000011,utf8,errors=remount-ro,utf8,fmask=00000000000000000000001,errors=remount-ro,iocharset=iso8859-5,gid=', @ANYRESHEX=0x0, @ANYBLOB="0002"], 0x1, 0x1548, &(0x7f0000000380)="$eJzs3AuYTdX7OPD3XWvtMSSdJrkMa613c5LLMkmSS5JckiRJktwSkib5SkJiyC1pSEJyGZLLEJLLxKRxv98vCU2SJklCckvW/1H8fftVv++lvl/P85v38zz7sd6z9rv22vOeM2fvdZz5psvQmo1rVWtIRPCn4C//JAFALAAMBIBrACAAgHJx5eIu9OeUmPTnDsL+Wg+lXukZsCuJ65+9cf2zN65/9sb1z964/tkb1z974/pnb1x/xrKzzdMLXstb9t14/T874/f//0OySo/9Ym3p67sCxPyzKVz/7I3r/39W8M/sxPXP3rj+2VXslZ4A+yvN/vfS+PWfHeT4wx6uf/bG9WcsO/t5HTgnXPF16Cu1QSR7fwZypZ9/jDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcayh9P+MgUAl9pXel6MMcYYY4wxxhj76/gcV3oGjDHGGGOMMcYY+89DECBBQQAxkANiISfkAgEAV0MeuAYicC3EwXWQF66HfJAfCkBBiIdCUBg0GLBAEEIRKApRuAGKwY1QHEpASSgFDkpDAtwEZeBmKAu3QDm4FcrDbVABKkIlqAy3QxW4A6rCnVAN7oLqUANqQi24G2rDPVAH7oW6cB/Ug/uhPjwADeBBaAgPQSN4GBrDI9AEHoWm0AyaQwto+W/lvwA94EXoCb0gCXpDH3gJ+kI/6A8DYCC8DIPgFRgMr0IyDIGh8BoMg9dhOLwBI2AkjII3YTS8BWNgLIyD8ZACE2AivA2T4B2YDFNgKkyDVJgOM+BdmAmzYDa8B3PgfZgL82A+LIA0+AAWwiJIhw9hMXwEGbAElsIyWA4rYCWsgtWwBtbCuh/7wgbYCJtgM2yBrbANtsMO2Akfwy74BHbDntfnAUAmfPZH+bD+d/NPXcqHvfApZEJXBAQUKFChwhiMwViMxVyYC3NjbsyDeTCCEYzDOMyLeTEf5sMCWADjMR4LY2E0aJCQsAgWwShGsRgWw+JYHEtiSXToMAETsAzejGWxLJbDclgey2MFrIgVsTJWxipYBatiVayG1bA6VseaWBPvxruxN9bBOlgX62I9rHdpeQobYkNshI2wMTbGJtgEm2JTbI7NsSW2xFbYCltja2yLbbEdtsP22B4TMRE7YAfsiB2xE3bCztgZu2AX7IrdsFvWCzkAX8QXsRdWF72xD/bBvpicoz8OwAH4Mg7CV/AVfBWTcQgOxdfwNXwdh+NJHIEjcRSOwiriLRyDY5HEeEzBFJyIE3ESTsLJOAWn4DRMxek4A2fgTJyFs/A9nIPv4/s4D+fhAkzDNFyIizAd03ExnsIMXIJLcRkuxxW4HFfhalyFa3EdrsUNuAE34SbcgltwG27DHbgDP0YFgJ/gHtyDyZiJmbgP9+F+3I8H8ABmYRYexIN4CA/hYTyMR/AIHsVjeByP4Qk8gSfxFJ7G03gWz+I5fC7+q0Yfl1iTDOICJZSIETEiVsSKXCKXyC1yizwij4iIiIgTcSKvyCvyiXyigCgg4kW8KCwKCyOMIBHGAICIiqgoJoqJ4qK4KClKCiecSBAJoowoI8qKsqKcuFWUF7eJCqKiaOMqi8qiimjrqoo7RTVRTVQXNURNUUvUErVFbVFH1BF1RV1RT9QT9cUDooHojf3xIXGhMo3FEGwihmJT0UzIi7/BWonh2Fq0EW3FE2IkjsD2opVLFE+LDmIMdhR/E2PxWdFZjMcu4nnRVXQT3cULoodo7XqKXmIy9hZ9xDTsK/qJ/mKAmIk1xHs4J2dN8apIFkPEUPGaWICvi+HiDTFCjBSjxJtitHhLjBFjxTgxXqSICWKieFtMEu+IyWKKmCqmiVQxXcwQ74qZYpaYLd4Tc8T7Yq6YJ+aLBSJNfCAWikUiXXwoFouPRIZYIpaKZWK5WCFWilVitVgj1op1Yr3YIDaKTWKz2CK2im1iu9ghdoqPxS7xidgt9oi94lORKT4T+8TnYr/4QhwQX4os8ZU4KL4Wh8Q34rD4VhwR34mj4pg4Lr4XJ8QP4qQ4JU6LM+Ks+FGcEz+J88ILkCiFlFLJQMbIHDJW5pS55FUytwwu/nSvlXHyOplXXi/zyfyygCwo42UhWVhqaaSVJENZRBaVUXmDLCZvlMVlCVlSlpJOlpYJ8iZZRt4sy8pbZDl5qywvb5MVZEVZSVaWt8sq8g4JkV+OUV3WkDVlLXm3TIJ7ZB15r6wr75P15P2yvnxANpAPyobyIdlIPiwby0dkE/mobCqbyeayhWwpH5Ot5OOytWwj28onZDv5pGwvn5KJ8mnZQfqLT5FnZWf5nOwin5ddZTfZXf4kz0sve8peEnqD7CNfkn1lP9lfDpAD5ctykHxFDpavymQ5RA6Vr8lh8nU5XL4hR8iRcpR8U46Wb8kxcqwcJ8fLFDlBTpRvy0nyHTlZTpFT5TSZKqfL/hdHmi3lP8x/+3fyB/989E1ys9wit8ptcrvcIXfKj+UuuUvulrvlXrlXZspMuU/uk/vlfnlAHpBZMkselAflIXlIHpaH5RF5RB6Vx+QZ+b08IX+QJ+UpeUqekWflWXnu4s8AFCqhpFIqUDEqh4pVOVUudZXKra5WedQ1KqKuVXHqOpVXXa/yqfyqgCqo4lUhVVhpZZRVpEJVRBVVUXUDXnzCqJKqlHKqtEpQN/0r+aqYulEVVyV+lX9pfkl/ML+WqqVqpVqp1qq1aqvaqnaqnWqv2qtElag6qA6qo+qoOqlOqrPqrLqoLqqr6qq6q+6qh+qheqqeKkklqT7qJdVX9VP91QA1UL2sBqlBarAarJJVshqqhqphapgaroarEWqEGqVGqdFqtBqjxqhxapxKUSlqopqoJqlJarKarKaqqSpVpaoZaoaaqWaq2Wq2mqPmqLlqrpqv5qs0laYWqoUqXaWrxWqxylBL1BK1TC1TK9QKtUqtUmvUGrVOrVMb1AaVoTarzWqr2qq2q+1qp9qpdqldarfarfaqvSpTZap9ap/ar/arA+qAylJZ6qA6qA6pQ+qwOqyOqCPqqDqqjqvj6oQ6oU6qk+q0Oq3OqrPqnDqnzqvzFy77AhGIQAUqiAligtggNsgV5ApyB7mDPEGeIBJEgrggLsgbXB/kC/IHBYKCQXxQKCgc6MAENhAXix4NbgiKBTcGxYMSQcmgVOCC0kFCzMXO4JagXHBrUD64LagQVAwqBZWD24MqwR1B1eDOoFpwV1A9qBHUDGoFdwe1g3uCOsG9Qd3gvqBecH9QP3ggaBA8GDQMHgoaBQ8HjYNHgibBo0HToFnQPGgRtAxuDsr+ZeN7fzL/466n7qWTdG/dR7+k++p+ur8eoAfql/Ug/YoerF/VyXqIHqpf08P063q4fkOP0CP1KP2mHq3f0mP0WD1Oj9cpeoKeqN/Wk/Q7erKeoqfqaTpVT9cz9Lt6pp6lZ+v39Bz9vp6r5+n5eoFO0x/ohXqRTtcf6sX6I52hl+ileplerlfolXqVXq3X6LV6nV6vN+iNepPerLforXqb3q536J36Y71Lf6J36z16r/5UZ+rP9D79ud6vv9AH9Jc6S3+lD+qv9SH9jT6sv9VH9Hf6qD6mj+vv9Qn9gz6pT+nT+ow+q3/U5/RP+rz2Fy7uL7y9G2WUiTExJtbEmlwml8ltcps8Jo+JmIiJM3Emr8lr8pl8poApYOJNvClsCpsLyJApYoqYqImaYqaYKW6Km5KmpHHGmQSTYMqYMqasKWvKmXKmvClvKpgKppKpZG43t5s7zB3mTnOnucvcZWqYGqaWqWVqm9qmjqlj6pq6pp6pZ+qb+qaBaWAamoamkWlkGpvGpolpYpqapqa5aW5ampamlWllWpvWpq1pa9qZdqa9aW8STaLpYDqYjqaj6WQ6mc6ms+liupiupqvpbrqbHqaH6Wl6miSTZPqYPqav6Wv6m/5moBloBplBZrAZbJJNshlqhpphZpgZboabEWakGXXhQtW8ZcaYsWacGW9STIqZaCaaSWaSmWwmm6lmqkk1qWaGmWFmmplmtplt5pg5Zq6Za+ab+SbNpJmFZqFJN+lmsVlsMkyGWWqWmuVmuVlpVprVZrVZa9aa9bDebDQbzWaz2Ww1W812s93sNDvNLrPL7Da7zV6z12SaTLPP7DP7zX5zwBwwWSbLHDQHzSFzyBw2h80Rc8QcNUfNcXPcnDAnzElz0pw2p81Zk//i+6U3sTanzWWvsrnt1TaPvcb+z7iALWjjbSFb2Gqbz+b/VWystcVtCVvSlrLOlrYJ9qbfxBVsRVvJVra32yr2Dlv1N3Fte4+tY++1de19tpa9+1dxPXu/rW8fsQ0QAWwz28i2sI3tI7aJfdQ2tc1sc9vCtrNP2vb2KZton7Yd7DO/iRfaRXa1XWPX2nV2t91jT9sz9pD9xp61P9qetpcdaF+2g+wrdrB91SbbIb+JR9k37Wj7lh1jx9pxdvxv4ql2mk210+0M+66daWf9Jk6zH9g5Nt3OtfPsfLvg5/jCnNLth3ax/chm2ACW2mV2uV1hV9pV/3+uy+wGu9FusrvsJ3ar3Wa32x1256ULYbvH7rWf2kz7mT1ov7b77Rf2gD1ss+xXP8cXzu+w/dYesd/Zo/aYPW6/tyfsD+pS9oVz/97+ZM9bb4GQgCQpCiiGclAs5aRcdBXlpqspD11DEbqW4ug6ykvXUz7KTwWoIMVTISpMmgxZIgqpCBWlKN1Al6ZXkkqRo9KUQDdRGbqZytItVI5upfJ0G1WgilSJKtPtVIXuoKp0J1Wju6g61aCaVIvuptp0D9Whe6ku3Uf16H6qTw9QA3qQGtJD1Igepsb0CDWhR6kpNaPm1IJa0mPUih6n1tSG2tIT1I6epPb0FCXS09SBnqGO9DfqRM9SZ3qOutDz1JW6UXd6gXrQi9STelES9aY+9BL1pX7UnwbQQHqZBtErNJhepWQaQkPpNRpGr9NweoNG0EgaRW/SaHqLxtBYGkfjKYUm0ER6mybROzSZptBUmkapNJ1m0Ls0k2bRbHqP5tD7NJfm0XxaQGn0AS2kRZROH9Ji+ogyaAktpWW0nFbQSlpFq2kNraV1tJ420EbaRJtpC22lbbSddtBO+ph20Se0m/bQXvqUMukz2kef0376gg7Ql5RFX9FB+poO0Td0mL71veg7OkrH6Dh9TyfoBzpJp+g0naGz9COdo5/oPHmCEEMRylCFQRgT5ghjw5xhrvCqMHd4dZgnvCaMhNeGceF1Yd7w+jBfmD8sEBYM48NCYeFQhya0IYVhWCQsGkbDG8Ji4Y1h8bBEWDIsFbqwdJgQ3hSWCW8Oy4a3hOXCW8Py4W1hhbBi+Mh9lcPbwyrhHWHV8M6wWnhXWD2sEdYMa4V3h7XDe8I64b1h3fC+sGx4f1g/fCBsED4YNgwfChuFD4eNw0fCJuGjYdOwWdg8bBG2DB8LW4WPh63DNmHb8ImwXfhk2D58KkwMnw47hM/83H//oj/uTwp7h33Cl8KXQu/vlfOjC6Jp0Q+iC6OLounRD6OLox9FM6JLokujy6LLoyuiK6Oroquja6Jro+ui66Mbohujm6Le18oBDp1w0ikXuBiXw8W6nC6Xu8rldle7PO4aF3HXujh3ncvrrnf5XH5XwBV08a6QK+y0M846cqEr4oq6qLvBFXM3uuKuhCvpSjnnSrsE18K1dC1dK/e4a+3auLbuCfeEe9I96Z5yT7mnXQf3jOvo/uY6uWddZ/ece84977q6bq67e8H1cBPy/PKaTHJ9XB/X1/V1/V1/N9ANdIPcIDfYDXbJLtkNdUPdMDfMDXfD3Qg3wo1yo9xoN9qNcWPcODfOpbgUN9FNdJPcJDfZTXZT3VSX6lLdDDfDzXQzXZVZvxxlrpvr5rv5Ls2luYXuwjVjulvsFrsMl+GWuqVuuVvuVrqVbrVb7da6tW69W+82uo1us9vstrqtbrvb7na6nW6X2+V2+2t+GdRlun1un9vv9rsD7kuX5b5yB93X7pD7xh1237oj7jt31B1zx9337oT7wZ10p9xpd8addT+6c+4nd955lxKZEJkYeTsyKfJOZHJkSmRqZFokNTI9MiPybmRmZFZkduS9yJzI+5G5kXmR+ZEFkbTIB5GFkUWR9MiHkcWRjyIZkSWRpZFlkeWRFRHvC20NfRFf1Ef9Db6Yv9EX9yV8SV/KO1/aJ/ibfBl/sy/rb/Hl/K2+vL/NV/AVfSX/qG/qm/nmvoVv6R/zrfzjvrVv49v6J3w7/6Rv75/yif5p38E/4zv6v/lO/lnf2T/nu/jnfVffzXf3L/ge/kXf0/fySb637+Nf8n19P9/fD/AD/ct+kH/FD/av+mQ/xA/1r/lh/nU/3L/hR/iRflTMm370pVtkGO9T/AQ/0b/tJ/l3/GQ/xU/103yqn+5n+Hf9TD/Lz/bv+Tn+fT/Xz/Pz/QKf5j/wC/0in+4/9Iv9Rz7DL7m0qOxX+lV+tV/j1/p1fr3f4Df6TX6z3+K3+m1+u9/hd/qP/S7/id/t9/i9/lOf6T/z+/znfr//wh/wX/os/5U/6L/2h/w3/rD/1h/x3/mj/pg/7r/3J/wP/qQ/5U/7M/6s/9Gf8z/58/ydNcYYY4yxf8qEy03x655flvN7/06O+Lud+wDA1dsKZv19/4UryvX5fmn3E/HtIgDwdK8uD13aqldPSkq6uG+GhKDoPIBLnwRd8POy8cV4CbSFJyER2kCZ351/P9HtLP2D8aO3AuT6u5xYuBxfHv9zAEz6nfEfe2LUwvLh6bj/Zfx5AMWLXs7JCZfjJdD25/WVNlD2D+afv9U/mH/OL1IAWv9dTm64HF+efwI8Ds9A4q/2ZIwxxhhjjDHGftFPVOp06f7z0v/4/L3783h1OScHXI7/0f05Y4wxxhhjjDHGrrxnu3V/6rFL39x7LDGxTaefH/lnGlX/lZ3/9UYT+E+NzI3fbXgPcOkRBQB/ckCACw353zyLLf+VYyVffLX8z67lZ3wA3Ytd/NLjX3fQ2D9fi3+ncaV+IzHGGGOMMcb+Uy5f9P/6cXWlJsQYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjGVD/40/J3alz5ExxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhi70v5fAAAA//8XnvpB") bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa1", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) syz_mount_image$fuse(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) mount$tmpfs(0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)={[{@mode={'mode', 0x3d, 0x8000000d315}}]}) mount(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000100)) r2 = getpid() sched_setscheduler(r2, 0x2, 0x0) setpriority(0x2, r2, 0xa) getpriority(0x2, r2) ptrace$getregs(0xe, r2, 0x3, &(0x7f0000001900)=""/217) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={0x0, 0x0, 0x42}, 0x28) bpf$ITER_CREATE(0xb, &(0x7f00000004c0), 0x8) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) getpid() r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x1c1840, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x0, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000e80)='./bus\x00', 0x1c1002, 0x0) write(r5, &(0x7f00000001c0)="f14a", 0x2) sendfile(r5, r3, 0x0, 0x40001) sendfile(r5, r4, 0x0, 0x7ffff000) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="240000001e008d2a28bd7000ffdbdf250a000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00'], 0x24}, 0x1, 0x0, 0x0, 0x4001}, 0x40000c0) 5.411302846s ago: executing program 3 (id=782): bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000096d132478102268d00", @ANYRES32, @ANYBLOB="0000000000000000b7080000002000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000f00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x5, 0x0, 0x1, 0xfffffffd}, 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r1, 0x2000002, 0xe, 0x0, &(0x7f0000000200)="df12c9f7b9a60000000000000000", 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 4.973683735s ago: executing program 5 (id=736): socket(0x400000000010, 0x3, 0x0) pipe(&(0x7f00000004c0)={0xffffffffffffffff}) read$qrtrtun(r0, &(0x7f0000000200)=""/137, 0x89) socket$unix(0x1, 0x1, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000e, 0x20c44fb6edc09a38, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) 4.968012225s ago: executing program 3 (id=792): r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CAP_EXIT_HYPERCALL(r0, 0x4068aea3, &(0x7f0000000040)={0x79}) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f00000000c0)={0x58, 0x2, 0x6, 0x401, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0xc}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x14, 0x3, 'hash:ip,port,ip\x00'}]}, 0x58}, 0x1, 0x0, 0x0, 0x24000000}, 0x0) write$cgroup_subtree(r0, &(0x7f0000000140)=ANY=[@ANYRES32=r1, @ANYRESHEX=r1, @ANYRES8=r1, @ANYRES64=r0], 0xfe33) r2 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000380)=0x4) ioctl$KVM_GET_MP_STATE(r2, 0x8004ae98, 0x0) 4.788248498s ago: executing program 2 (id=783): mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x1e2) mount(&(0x7f00000000c0)=@sr0, &(0x7f0000000280)='./file0\x00', &(0x7f0000000100)='romfs\x00', 0x18001, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'virt_wifi0\x00'}) r0 = openat$vimc0(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0) ioctl$VIDIOC_REQBUFS(r0, 0xc0145608, 0x0) socket(0x15, 0x5, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_io_uring_setup(0x8d2, &(0x7f00000000c0)={0x0, 0x0, 0x3010, 0x2, 0x39d}, &(0x7f0000000040)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f00000004c0)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000000000), 0x0, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) r4 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x92) mknodat(r4, &(0x7f00000003c0)='./file0\x00', 0x0, 0x0) chdir(&(0x7f00000000c0)='./bus\x00') r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) mkdir(&(0x7f0000000240)='./bus\x00', 0x0) chdir(&(0x7f0000000080)='./bus\x00') renameat2(r5, &(0x7f00000001c0)='./file0\x00', r5, &(0x7f0000000200)='./bus/file0\x00', 0x0) r6 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) getdents(r6, 0x0, 0x0) 4.788029648s ago: executing program 3 (id=784): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000200)='./bus\x00', 0x20081e, &(0x7f00000001c0)={[{@grpquota}, {@nogrpid}, {@quota}]}, 0x1, 0x4fa, &(0x7f00000005c0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSFUCdEjSG1I3CiKHUexU5rQQ3rmikQlTnDkD+DcE3cuCG5cygGJHxGoQeLg1YwnqZvaTdQkdhR/PtJo3ps39fe9pvNe/U3iF8DQuhoRuxExFhF3I2I6u57LjvisfST3Pdt7uLS/93ApF63W7X/l0vbkWnT8mcSV7DWLEfGj70X8NPdy3Mb2ztpitVrZzOqzzdrGbGN758ZqbXGlslJZL5cX5hfmPrn5cfnMxvpebSwrffXpH3e/9fOkW1PZlc5xnKX20AuHcRKjEfGD8wg2ACPZeMYG3RFeSz4i3o6I99PnfzpG0q8mAHCZtVrT0ZrurAMAl10+zYHl8qUsFzAV+Xyp1M7hvROT+Wq90bx+r761vtzOlc1EIX9vtVqZy3KFM1HIJfX5tPy8Xj5SvxkRb0XEL8cn0nppqV5dHuR/fABgiF05sv7/d7y9/gMAl1xx0B0AAPrO+g8Aw8f6DwDDx/oPAMOnvf5PDLobAEAfef8PAMPH+g8AQ+WHt24lR2s/+/zr5fvbW2v1+zeWK421Um1rqbRU39wordTrK+ln9tSOe71qvb4x/1FsPZj59kajOdvY3rlTq2+tN++kn+t9p1JI79rtw8gAgF7eeu/JX3LJivzpRHpEx14OhYH2DDhv+UF3ABiYkUF3ABgYu33B8DrFe3zpAbgkumzR+4Jit18QarVarfPrEnDOrn1J/h+GVUf+308Bw5CR/4fhJf8Pw6vVyp10z/846Y0AwMUmxw/0+P7/29n5d9k3B36yfPSOx+fZKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYDvb/LWV7gU9FPl8qRbwRETNRyN1brVbmIuLNiPjzeGE8qc8PuM8AwGnl/57L9v+6Nv3h1AtN7145LI5FxM9+fftXDxabzc0/RYzl/j1+cL35OLte7n/vAYDjHazT6bnjjfyzvYdLB0c/+/OP70ZEsR1/f28s9g/jj8Zoei5GISIm/5PL6m25jtzFaew+iogvdht/LqbSHEh759Oj8ZPYb/Q1fv6F+Pm0rX1O/i6+cAZ9gWHzJJl/Puv2/OXjanru/vwX0xnq9LL5L3mppf10Dnwe/2D+G+kx/109aYyP/vD9dmni5bZHEV8ejTiIvd8x/xzEz/WI/+EJ4//1K+++36ut9ZuIa9E9fmes2WZtY7axvXNjtba4UlmprJfLC/MLc5/c/Lg8m+aoZ3uvBv/89PqbvdqS8U/2iF88ZvxfP+H4f/v/uz/+2ivif/ODbvHz8c4r4idr4jdOGH9x8vfFXm1J/OUe4z/u63/9hPGf/m3npW3DAYDBaWzvrC1Wq5VNBYWLX0j+yV6AbnQtfKdfscaie9MvPmg/00eaWq3XitVrxjiLrBtwERw+9BHxv0F3BgAAAAAAAAAAAAAA6Kofv7E06DECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABweX0eAAD//19xzyM=") mount$bind(&(0x7f0000000040)='./file1\x00', 0x0, 0x0, 0x3002, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000100)=ANY=[@ANYBLOB="180100"/13], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6c, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = socket$unix(0x1, 0x1, 0x0) bind$unix(r4, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) 4.69846851s ago: executing program 1 (id=785): socket$nl_audit(0x10, 0x3, 0x9) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="01000000120000007f00000001"], 0x48) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x2d) socket(0x1e, 0x5, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=@base={0x12, 0x2, 0x8, 0xd0eb, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x4}, 0x50) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000000)={r0, 0x0, 0x0}, 0x10) 3.65776918s ago: executing program 5 (id=786): openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = syz_usb_connect$hid(0x6, 0x36, 0x0, 0x0) syz_emit_ethernet(0x116b, &(0x7f0000000640)=ANY=[@ANYBLOB="0f477c6b16f8b9c88e885caffb95a3aa959c98305f6417e8e8227c234cbd541e987da4ee877d57c5d647f5bbbf29cb73200ef60d85021fa522799b2c2aed449a0318bea42a62452ca0507e30825745514c72cada839cc9ae1d9bd3f12f420e225668829873fde8f8c30ad30452a4ca583cccab42c72bdb40abae1d7237d7ef6758b692d29115983f31b3b90000", @ANYRES64=r0, @ANYRES16=r1, @ANYRES32=0x0], 0x0) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0) r2 = socket$nl_rdma(0x10, 0x3, 0x14) r3 = openat$sndseq(0xffffff9c, &(0x7f0000000140), 0x200) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r3, 0x40bc5311, &(0x7f0000000180)={0x7, 0x0, 'client0\x00', 0x6, "3ce55b18c1f27588", "583d57b0a57e6430d87bc0fb393b14d5e384752fed0f1c8133f3b5ccbae26cfa", 0xfffff001, 0x8}) sendmsg$RDMA_NLDEV_CMD_RES_MR_GET(r2, 0x0, 0x50) r4 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) socket$nl_netfilter(0x10, 0x3, 0xc) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0) r6 = socket$vsock_stream(0x28, 0x1, 0x0) setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(r6, 0x28, 0x1, &(0x7f0000000140)=0xfffffffffffffffe, 0x8) connect$vsock_stream(r6, &(0x7f0000000080)={0x28, 0x0, 0x2711}, 0x10) connect$inet6(r4, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}}, 0x1c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x318, 0x1, 0x24}, 0x9c) 3.65017263s ago: executing program 2 (id=787): r0 = syz_usbip_server_init(0x4) syz_usb_connect(0x1, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="120100001ddf8208c00712152230000000010902"], 0x0) write$usbip_server(r0, &(0x7f0000000180)=ANY=[@ANYBLOB="000000030000000100000000000000010000000800000fff00000013000000340000000300000001000000000000000000000002000000ffff00000007001100080000000600000008000000017fffffffb95533d8d5b301bd6e4ecf6ab8d310ba00b09d73d0ab780160d0bdb42aa3a644d2d9b26b3c303335f4804f47b191701502a5819e097836e1c5b6a769be280e10da3ee1c70340ac3b6e911cad46547d73611f8344527a96b724ac45b5cd9c9e10fb78246f4ecc0ccc3f1c3f15223c1ea5232d70d00883f2aad28597fb5a2e34af8f2022bc9d89ef5dd662f1330a669a0ce2c92a2645fdb43fad249894091009d5c8478761"], 0x60) 826.404265ms ago: executing program 1 (id=788): openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x3) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', 0x0, 0x2000000, 0x0) r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) write$rfkill(r0, &(0x7f0000000080)={0x300, 0x0, 0x3, 0x1}, 0x8) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0) timer_create(0x8, &(0x7f00000002c0)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)=0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) write$P9_RREADLINK(r1, &(0x7f00000000c0)={0x10, 0x17, 0x1, {0x7, './file0'}}, 0x10) read$FUSE(r1, 0x0, 0x0) timer_getoverrun(r2) getsockopt$inet_pktinfo(r1, 0x0, 0x8, 0x0, &(0x7f0000000140)) ioctl$SIOCRSSL2CALL(r1, 0x89e2, &(0x7f0000000180)=@bcast) 724.088817ms ago: executing program 4 (id=789): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000200)='./bus\x00', 0x20081e, &(0x7f00000001c0)={[{@grpquota}, {@nogrpid}, {@quota}]}, 0x1, 0x4fa, &(0x7f00000005c0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSFUCdEjSG1I3CiKHUexU5rQQ3rmikQlTnDkD+DcE3cuCG5cygGJHxGoQeLg1YwnqZvaTdQkdhR/PtJo3ps39fe9pvNe/U3iF8DQuhoRuxExFhF3I2I6u57LjvisfST3Pdt7uLS/93ApF63W7X/l0vbkWnT8mcSV7DWLEfGj70X8NPdy3Mb2ztpitVrZzOqzzdrGbGN758ZqbXGlslJZL5cX5hfmPrn5cfnMxvpebSwrffXpH3e/9fOkW1PZlc5xnKX20AuHcRKjEfGD8wg2ACPZeMYG3RFeSz4i3o6I99PnfzpG0q8mAHCZtVrT0ZrurAMAl10+zYHl8qUsFzAV+Xyp1M7hvROT+Wq90bx+r761vtzOlc1EIX9vtVqZy3KFM1HIJfX5tPy8Xj5SvxkRb0XEL8cn0nppqV5dHuR/fABgiF05sv7/d7y9/gMAl1xx0B0AAPrO+g8Aw8f6DwDDx/oPAMOnvf5PDLobAEAfef8PAMPH+g8AQ+WHt24lR2s/+/zr5fvbW2v1+zeWK421Um1rqbRU39wordTrK+ln9tSOe71qvb4x/1FsPZj59kajOdvY3rlTq2+tN++kn+t9p1JI79rtw8gAgF7eeu/JX3LJivzpRHpEx14OhYH2DDhv+UF3ABiYkUF3ABgYu33B8DrFe3zpAbgkumzR+4Jit18QarVarfPrEnDOrn1J/h+GVUf+308Bw5CR/4fhJf8Pw6vVyp10z/846Y0AwMUmxw/0+P7/29n5d9k3B36yfPSOx+fZKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYDvb/LWV7gU9FPl8qRbwRETNRyN1brVbmIuLNiPjzeGE8qc8PuM8AwGnl/57L9v+6Nv3h1AtN7145LI5FxM9+fftXDxabzc0/RYzl/j1+cL35OLte7n/vAYDjHazT6bnjjfyzvYdLB0c/+/OP70ZEsR1/f28s9g/jj8Zoei5GISIm/5PL6m25jtzFaew+iogvdht/LqbSHEh759Oj8ZPYb/Q1fv6F+Pm0rX1O/i6+cAZ9gWHzJJl/Puv2/OXjanru/vwX0xnq9LL5L3mppf10Dnwe/2D+G+kx/109aYyP/vD9dmni5bZHEV8ejTiIvd8x/xzEz/WI/+EJ4//1K+++36ut9ZuIa9E9fmes2WZtY7axvXNjtba4UlmprJfLC/MLc5/c/Lg8m+aoZ3uvBv/89PqbvdqS8U/2iF88ZvxfP+H4f/v/uz/+2ivif/ODbvHz8c4r4idr4jdOGH9x8vfFXm1J/OUe4z/u63/9hPGf/m3npW3DAYDBaWzvrC1Wq5VNBYWLX0j+yV6AbnQtfKdfscaie9MvPmg/00eaWq3XitVrxjiLrBtwERw+9BHxv0F3BgAAAAAAAAAAAAAA6Kofv7E06DECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABweX0eAAD//19xzyM=") mount$bind(0x0, &(0x7f00000000c0)='./file1\x00', 0x0, 0x3002, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, 0x0) r3 = socket$unix(0x1, 0x1, 0x0) bind$unix(r3, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) 723.860317ms ago: executing program 2 (id=790): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x6, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) syz_mount_image$vfat(&(0x7f0000000300), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000080)=ANY=[], 0x4, 0x127d, &(0x7f00000011c0)="$eJzs3U1rJMUfB/DfJJPH/SeTv66ruyAWelGEcZODJy9BdkEMKNEsqKdeM9EhkwcyQyAi7njyJPgyRD16E8Q3kIsXz4IgkovHPYgtyUw085BsYjIJyOdz6aK6vlXV6U5DD1303itfrK2u1MsrWSOGCoUobo5E8WGKFEMxHC3NeOHeTz8//dY7774+v7BwZzGlu/Nvz76cUpp+5vv3Pv7m2R8a1+59O/3dWOzODO39PvfL7o3dm3t/fh3VeqrW0/pGI2Xp/sZGI7tfq6Tlan21nNKbtUpWr6Tqer2y1bF/pbaxubmTsvXlqcnNrUq9nrL1nbRa2UmNQmps7aTsg6y6nsrlcpqaDM5j6auHeZ5H5PlIjEae5/lETMa1+F9MxXSUYib+H4/F43E9nogb8WQ8FTcPWl31vAEAAAAAAAAAAAAAAAAAAOC/5RHr/wvW/wMAAAAAAAAAAAAAAAAAAMDgda//L0b4/j8AAAAAAAAAAAAAAAAAAABcskd8/79r/f+L1v8DAAAAAAAAAAAAAAAAAADAIIy3NospjUesfba9tL3U2rbq51eiGrWoxO0oxR9xsPq/pVW++9rCndvpwEy8tPagnX+wvTTcmZ8dKcVMoW9+diIiUkqd+bGYPJqfi1Jc7z/+XGv8rvx4PP/cfv7TVr4cpfjx/diIWixHFNpHf5D/ZDalV99YmOjM39pvd6zhAZ8WAAAAuEjl9Lfe5/dmu1Hf/a1d7efz1G5ZOOH3ga7n82LcKl7VUXOovvPRalarVbb+ZWH0+H5Gz9dzT6EQEVkcrZme/HVxf/BT9nN4uV3QfI4Uhi+6wxMLIye3Occ5jeKp/5gDKkSzuyYvRZy1n9++PFIzfub4+QpD7cssqzVPfbFFM88HOrG+/4xjJ6WOv2cUBnxP4vL8c9KveiYAAAAAAAAAAACcRd+3/yYioud9wA97ag5fD++M9/Z8/OifX8IRAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB/sQPHAgAAAADC/K3T6NgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgK8CAAD//w+Ty90=") r1 = syz_mount_image$vfat(&(0x7f00000006c0), &(0x7f0000000280)='./bus\x00', 0x444, 0x0, 0x1, 0x0, &(0x7f0000000080)) r2 = socket$igmp(0x2, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000000)='bridge0\x00', 0x10) sendto$inet(r2, &(0x7f0000000040)="255f5a03204f8e0b", 0xdd86, 0x804, &(0x7f0000000080)={0x2, 0x4e22, @multicast1}, 0x10) r3 = fcntl$dupfd(r2, 0x0, r2) read$FUSE(r3, &(0x7f00000000c0)={0x2020}, 0x2020) openat(r1, &(0x7f0000000340)='./file0\x00', 0x0, 0x0) chdir(&(0x7f0000001180)='./bus\x00') openat(0xffffffffffffff9c, &(0x7f0000000480)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x103741, 0x12c) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f00000024c0)=@file={0x1, './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'}, 0xffffffffffffff9b) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) sched_setscheduler(r0, 0x5, &(0x7f0000000000)=0xd) read$FUSE(0xffffffffffffffff, &(0x7f0000000200)={0x2020}, 0x2020) r6 = syz_open_procfs(0x0, &(0x7f0000000700)='mounts\x00') read$FUSE(r6, &(0x7f0000002780)={0x2020}, 0x5ecfb203) sendfile(r6, r6, 0x0, 0x9b) 0s ago: executing program 3 (id=791): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = epoll_create1(0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40088a01, &(0x7f0000000000)=0x10) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x18) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) r6 = epoll_create1(0x0) syz_open_dev$usbfs(&(0x7f00000001c0), 0x101, 0x200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000100)={0x3, 0x0, &(0x7f0000000000)={&(0x7f0000000580)=ANY=[@ANYBLOB="020200020d00000000000000000000000200080008000000fd00000000000000020001000000000000000500000000a0030006000000000002000000ac1414ff00000000000000000300050000000000020000000000000000000000000000000100140000000000f7799d882160f53ff47b5679c292cab89c0d521949c1924b2e3487edbdd9876408cbc4ad3ba96cae0386a6eec7290da9accd4e"], 0x68}, 0x1, 0x7}, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r6, &(0x7f0000000040)={0x1}) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r0, &(0x7f0000000340)={0xa000001c}) kernel console output (not intermixed with test programs): :50:50 [ 66.690261][ T1325] Bluetooth: hci4: command 0x040f tx timeout [ 66.699132][ T1325] Bluetooth: hci0: command 0x040f tx timeout [ 66.705356][ T1325] Bluetooth: hci2: command 0x040f tx timeout [ 66.716236][ T4196] device veth0_macvtap entered promiscuous mode [ 66.726074][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 66.734837][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 66.743839][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 66.752268][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 66.761833][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 66.770924][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 66.779993][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 66.789793][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 66.803970][ T4182] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 66.817192][ T4182] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.827348][ T4182] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 66.841559][ T4182] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.851833][ T4182] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 66.862742][ T4182] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 66.875973][ T4182] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 66.894667][ T4196] device veth1_macvtap entered promiscuous mode [ 66.902716][ T384] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 66.921038][ T384] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 66.930354][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 66.940139][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 66.956513][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 66.965694][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 67.018829][ T4182] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 67.043739][ T4182] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.063221][ T4182] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 67.091785][ T4182] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.102346][ T4182] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 67.113259][ T4182] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.124976][ T4182] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 67.132994][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 67.142633][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 67.165801][ T4196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 67.195122][ T4196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.205506][ T4196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 67.223537][ T4196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.225058][ T4289] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 67.235474][ T4196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 67.267121][ T4196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.279363][ T4196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 67.290256][ T4196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.317575][ T4196] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 67.565573][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 67.584580][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 67.697922][ T4264] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.703197][ T4196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 67.708021][ T384] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 67.723011][ T4196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.740537][ T4264] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.746799][ T384] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 67.748532][ T4196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 67.772072][ T4196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.784125][ T4196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 67.800107][ T4196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 67.903723][ T4196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 67.916683][ T4196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 68.002105][ T4196] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 68.013325][ T4182] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.042661][ T4182] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.256329][ T4182] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.277987][ T4182] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.305659][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 68.320757][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 68.348841][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 68.359765][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 68.391577][ T4196] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.406345][ T4196] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.428180][ T4196] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.463458][ T4196] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 68.688395][ T4295] Bluetooth: hci3: command 0x0419 tx timeout [ 68.707533][ T384] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 68.718676][ T4295] Bluetooth: hci1: command 0x0419 tx timeout [ 68.751716][ T384] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 68.761301][ T4295] Bluetooth: hci2: command 0x0419 tx timeout [ 68.792133][ T26] audit: type=1326 audit(1757524066.255:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4297 comm="syz.2.3" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f47b2c34ba9 code=0x7ffc0000 [ 68.827313][ T4295] Bluetooth: hci0: command 0x0419 tx timeout [ 68.840165][ T4295] Bluetooth: hci4: command 0x0419 tx timeout [ 68.847446][ T26] audit: type=1326 audit(1757524066.255:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4297 comm="syz.2.3" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f47b2c34ba9 code=0x7ffc0000 [ 68.871797][ T26] audit: type=1326 audit(1757524066.275:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4297 comm="syz.2.3" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f47b2c34ba9 code=0x0 [ 68.880080][ T4264] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 68.992206][ T154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 69.035373][ T154] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 69.093789][ T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 69.102148][ T4264] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 69.108604][ T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 69.120959][ T4264] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 69.137758][ T4224] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 69.164790][ T4224] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 69.214126][ T4224] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 69.223483][ T4305] loop4: detected capacity change from 0 to 512 [ 69.271913][ T4305] EXT4-fs (loop4): Mount option "noload" incompatible with ext2 [ 69.443487][ T154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 69.494356][ T154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 69.594168][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 69.758974][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #80!!! [ 69.759100][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #02!!! [ 69.776797][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #82!!! [ 69.819019][ T26] audit: type=1326 audit(1757524067.285:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4315 comm="syz.2.7" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f47b2c34ba9 code=0x7ffc0000 [ 69.895537][ T26] audit: type=1326 audit(1757524067.315:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4315 comm="syz.2.7" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f47b2c34ba9 code=0x7ffc0000 [ 69.942318][ T26] audit: type=1326 audit(1757524067.365:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4315 comm="syz.2.7" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f47b2c34ba9 code=0x7ffc0000 [ 69.977468][ T26] audit: type=1326 audit(1757524067.365:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4315 comm="syz.2.7" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f47b2c34ba9 code=0x7ffc0000 [ 70.164956][ T26] audit: type=1326 audit(1757524067.365:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4315 comm="syz.2.7" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f47b2c34ba9 code=0x7ffc0000 [ 70.265115][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #300!!! [ 70.274270][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #302!!! [ 70.283360][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #382!!! [ 70.294567][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #382!!! [ 70.303907][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #382!!! [ 70.313126][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #382!!! [ 70.322416][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #382!!! [ 70.846176][ T4326] loop1: detected capacity change from 0 to 512 [ 70.894935][ T26] audit: type=1326 audit(1757524067.365:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4315 comm="syz.2.7" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f47b2c33510 code=0x7ffc0000 [ 70.920923][ T26] audit: type=1326 audit(1757524067.405:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4315 comm="syz.2.7" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f47b2c34ba9 code=0x7ffc0000 [ 71.510532][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.517383][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.668814][ T4326] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpquota,nogrpid,quota,,errors=continue. Quota mode: writeback. [ 71.688230][ T4326] ext4 filesystem being mounted at /1/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 72.423603][ T4356] kAFS: No cell specified [ 72.865285][ T4363] loop4: detected capacity change from 0 to 256 [ 72.949295][ T4363] exfat: Deprecated parameter 'utf8' [ 72.954775][ T4363] exfat: Deprecated parameter 'utf8' [ 73.021848][ T4363] exfat: Deprecated parameter 'utf8' [ 73.039956][ T4366] loop2: detected capacity change from 0 to 512 [ 73.073436][ T4363] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xabf88b1f, utbl_chksum : 0xe619d30d) [ 73.186895][ T4366] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpquota,nogrpid,quota,,errors=continue. Quota mode: writeback. [ 73.296248][ T4366] ext4 filesystem being mounted at /3/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 73.911764][ T4377] loop0: detected capacity change from 0 to 512 [ 74.057456][ T4377] EXT4-fs (loop0): Mount option "noload" incompatible with ext2 [ 75.171424][ T26] kauditd_printk_skb: 26 callbacks suppressed [ 75.171441][ T26] audit: type=1326 audit(1757524072.635:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4387 comm="syz.4.22" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe970e3ba9 code=0x7ffc0000 [ 75.317662][ T26] audit: type=1326 audit(1757524072.765:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4387 comm="syz.4.22" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe970e3ba9 code=0x7ffc0000 [ 75.342469][ T4391] netlink: 8 bytes leftover after parsing attributes in process `syz.2.24'. [ 75.363059][ T26] audit: type=1326 audit(1757524072.785:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4387 comm="syz.4.22" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7efe970e3ba9 code=0x7ffc0000 [ 75.440325][ T26] audit: type=1326 audit(1757524072.795:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4387 comm="syz.4.22" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe970e3ba9 code=0x7ffc0000 [ 75.519914][ T26] audit: type=1326 audit(1757524072.795:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4387 comm="syz.4.22" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe970e3ba9 code=0x7ffc0000 [ 75.542391][ T26] audit: type=1326 audit(1757524072.805:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4387 comm="syz.4.22" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7efe970e2510 code=0x7ffc0000 [ 75.616140][ T4402] overlayfs: failed to resolve './file1': -2 [ 75.625702][ T26] audit: type=1326 audit(1757524072.855:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4387 comm="syz.4.22" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe970e3ba9 code=0x7ffc0000 [ 75.759184][ T26] audit: type=1326 audit(1757524072.855:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4387 comm="syz.4.22" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe970e3ba9 code=0x7ffc0000 [ 75.821609][ T4402] 9pnet: Insufficient options for proto=fd [ 75.873185][ T26] audit: type=1326 audit(1757524072.855:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4387 comm="syz.4.22" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7efe970e3ba9 code=0x7ffc0000 [ 75.916472][ T4411] loop2: detected capacity change from 0 to 512 [ 75.934573][ T26] audit: type=1326 audit(1757524072.855:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4387 comm="syz.4.22" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe970e3ba9 code=0x7ffc0000 [ 75.978286][ T4185] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 76.034250][ T4411] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpquota,nogrpid,quota,,errors=continue. Quota mode: writeback. [ 76.066903][ T4411] ext4 filesystem being mounted at /8/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 76.082092][ T4417] loop3: detected capacity change from 0 to 512 [ 76.313203][ T4417] EXT4-fs (loop3): mounted filesystem without journal. Opts: grpquota,nogrpid,quota,,errors=continue. Quota mode: writeback. [ 76.371133][ T4417] ext4 filesystem being mounted at /1/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 76.598104][ T4185] usb 5-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 76.619097][ T4185] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 76.640772][ T4185] usb 5-1: Product: syz [ 76.645060][ T4185] usb 5-1: Manufacturer: syz [ 76.653511][ T4185] usb 5-1: SerialNumber: syz [ 76.692014][ T4185] usb 5-1: config 0 descriptor?? [ 77.093763][ T4185] usb 5-1: USB disconnect, device number 2 [ 77.317738][ T4407] udevd[4407]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 77.852167][ T4432] loop0: detected capacity change from 0 to 512 [ 77.886899][ T4432] EXT4-fs (loop0): Mount option "noload" incompatible with ext2 [ 80.556764][ T4465] loop2: detected capacity change from 0 to 1024 [ 80.640064][ T4471] loop0: detected capacity change from 0 to 512 [ 80.714777][ T4471] EXT4-fs (loop0): Mount option "noload" incompatible with ext2 [ 81.559127][ T4240] Bluetooth: hci4: command 0x0405 tx timeout [ 81.653226][ T26] kauditd_printk_skb: 39 callbacks suppressed [ 81.653244][ T26] audit: type=1326 audit(1757524079.115:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4479 comm="syz.2.49" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f47b2c34ba9 code=0x7ffc0000 [ 81.798566][ T26] audit: type=1326 audit(1757524079.165:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4479 comm="syz.2.49" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f47b2c34ba9 code=0x7ffc0000 [ 81.850640][ T4485] loop0: detected capacity change from 0 to 512 [ 81.882500][ T26] audit: type=1326 audit(1757524079.165:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4479 comm="syz.2.49" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f47b2c34ba9 code=0x7ffc0000 [ 81.883666][ T4487] loop4: detected capacity change from 0 to 512 [ 81.927950][ T26] audit: type=1326 audit(1757524079.165:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4479 comm="syz.2.49" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f47b2c33510 code=0x7ffc0000 [ 81.986825][ T26] audit: type=1326 audit(1757524079.165:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4479 comm="syz.2.49" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f47b2c34ba9 code=0x7ffc0000 [ 82.069015][ T26] audit: type=1326 audit(1757524079.165:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4479 comm="syz.2.49" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f47b2c34ba9 code=0x7ffc0000 [ 82.160829][ T4485] EXT4-fs (loop0): mounted filesystem without journal. Opts: grpquota,nogrpid,quota,,errors=continue. Quota mode: writeback. [ 82.178974][ T4185] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 82.194353][ T26] audit: type=1326 audit(1757524079.185:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4479 comm="syz.2.49" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f47b2c34ba9 code=0x7ffc0000 [ 82.209018][ T4485] ext4 filesystem being mounted at /15/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 82.228368][ T26] audit: type=1326 audit(1757524079.185:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4479 comm="syz.2.49" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f47b2c34ba9 code=0x7ffc0000 [ 82.241822][ T4487] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpquota,nogrpid,quota,,errors=continue. Quota mode: writeback. [ 82.251460][ T26] audit: type=1326 audit(1757524079.185:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4479 comm="syz.2.49" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f47b2c34ba9 code=0x7ffc0000 [ 82.305745][ T4487] ext4 filesystem being mounted at /10/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 82.438095][ T4185] usb 4-1: Using ep0 maxpacket: 8 [ 82.588668][ T4185] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 82.641204][ T26] audit: type=1326 audit(1757524079.185:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4479 comm="syz.2.49" exe="/root/syz-executor" sig=0 arch=c000003e syscall=259 compat=0 ip=0x7f47b2c34ba9 code=0x7ffc0000 [ 82.876013][ T4185] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 82.886238][ T4185] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 82.896244][ T4185] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 82.909383][ T4185] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 82.919912][ T4185] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 83.160733][ T4507] loop2: detected capacity change from 0 to 1024 [ 83.178046][ T4185] usb 4-1: GET_CAPABILITIES returned 0 [ 83.184586][ T4185] usbtmc 4-1:16.0: can't read capabilities [ 83.464183][ T4240] usb 4-1: USB disconnect, device number 2 [ 84.171040][ T4515] ======================================================= [ 84.171040][ T4515] WARNING: The mand mount option has been deprecated and [ 84.171040][ T4515] and is ignored by this kernel. Remove the mand [ 84.171040][ T4515] option from the mount to silence this warning. [ 84.171040][ T4515] ======================================================= [ 84.218298][ T4514] loop1: detected capacity change from 0 to 512 [ 84.238280][ T4515] 9pnet_virtio: no channels available for device syz [ 84.310661][ T4514] EXT4-fs (loop1): Mount option "noload" incompatible with ext2 [ 84.365010][ T4517] netlink: 8 bytes leftover after parsing attributes in process `syz.2.62'. [ 84.504914][ T4519] ODEBUG: Out of memory. ODEBUG disabled [ 85.107551][ T4530] overlayfs: failed to resolve './file1': -2 [ 85.163515][ T4535] 9pnet: Insufficient options for proto=fd [ 86.761137][ T1108] cfg80211: failed to load regulatory.db [ 87.522477][ T4550] 9pnet_virtio: no channels available for device syz [ 88.061168][ T4555] loop4: detected capacity change from 0 to 1024 [ 89.442274][ T4564] loop0: detected capacity change from 0 to 512 [ 89.490123][ T26] kauditd_printk_skb: 42 callbacks suppressed [ 89.490157][ T26] audit: type=1326 audit(1757524086.955:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4567 comm="syz.1.77" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe662515ba9 code=0x7ffc0000 [ 89.529118][ T26] audit: type=1326 audit(1757524086.955:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4567 comm="syz.1.77" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe662515ba9 code=0x7ffc0000 [ 89.561682][ T4564] EXT4-fs (loop0): Mount option "noload" incompatible with ext2 [ 89.570039][ T26] audit: type=1326 audit(1757524086.995:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4567 comm="syz.1.77" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7fe662515ba9 code=0x7ffc0000 [ 89.990245][ T26] audit: type=1326 audit(1757524087.065:142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4567 comm="syz.1.77" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe662515ba9 code=0x7ffc0000 [ 90.105664][ T26] audit: type=1326 audit(1757524087.065:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4567 comm="syz.1.77" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe662515ba9 code=0x7ffc0000 [ 90.309549][ T26] audit: type=1326 audit(1757524087.735:144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4567 comm="syz.1.77" exe="/root/syz-executor" sig=0 arch=c000003e syscall=437 compat=0 ip=0x7fe662515ba9 code=0x7ffc0000 [ 90.370635][ T26] audit: type=1326 audit(1757524087.765:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4567 comm="syz.1.77" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe662515ba9 code=0x7ffc0000 [ 90.397267][ T4579] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 90.843016][ T26] audit: type=1326 audit(1757524087.765:146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4567 comm="syz.1.77" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe662515ba9 code=0x7ffc0000 [ 91.478067][ T26] audit: type=1326 audit(1757524088.915:147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4567 comm="syz.1.77" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe662515ba9 code=0x7ffc0000 [ 91.500424][ T26] audit: type=1326 audit(1757524088.915:148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4567 comm="syz.1.77" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe662515ba9 code=0x7ffc0000 [ 91.630058][ T4585] loop4: detected capacity change from 0 to 512 [ 91.795049][ T4585] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpquota,nogrpid,quota,,errors=continue. Quota mode: writeback. [ 91.828033][ T4585] ext4 filesystem being mounted at /15/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 92.097562][ T4594] overlayfs: failed to resolve './file1': -2 [ 92.148849][ T4592] 9pnet: Insufficient options for proto=fd [ 93.128509][ T4601] tipc: Started in network mode [ 93.139225][ T4601] tipc: Node identity 4, cluster identity 4711 [ 93.145417][ T4601] tipc: Node number set to 4 [ 93.263434][ T4603] loop0: detected capacity change from 0 to 512 [ 93.325178][ T4605] tmpfs: Unknown parameter 'hash' [ 93.368584][ T4605] uffd: Set unprivileged_userfaultfd sysctl knob to 1 if kernel faults must be handled without obtaining CAP_SYS_PTRACE capability [ 93.385941][ T4603] EXT4-fs (loop0): mounted filesystem without journal. Opts: grpquota,nogrpid,quota,,errors=continue. Quota mode: writeback. [ 93.508311][ T4603] ext4 filesystem being mounted at /19/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 94.346358][ T4615] loop1: detected capacity change from 0 to 512 [ 94.454672][ T4615] EXT4-fs (loop1): Mount option "noload" incompatible with ext2 [ 95.698041][ T26] kauditd_printk_skb: 7 callbacks suppressed [ 95.698056][ T26] audit: type=1326 audit(1757524093.155:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4628 comm="syz.0.92" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f436acddba9 code=0x7ffc0000 [ 95.787150][ T26] audit: type=1326 audit(1757524093.215:157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4628 comm="syz.0.92" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f436acddba9 code=0x7ffc0000 [ 95.857964][ T26] audit: type=1326 audit(1757524093.225:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4628 comm="syz.0.92" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f436acddba9 code=0x7ffc0000 [ 95.977346][ T26] audit: type=1326 audit(1757524093.225:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4628 comm="syz.0.92" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f436acddba9 code=0x7ffc0000 [ 96.062877][ T26] audit: type=1326 audit(1757524093.225:160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4628 comm="syz.0.92" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f436acddba9 code=0x7ffc0000 [ 96.106244][ T26] audit: type=1326 audit(1757524093.245:161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4628 comm="syz.0.92" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f436acddba9 code=0x7ffc0000 [ 96.188578][ T4640] overlayfs: failed to resolve './file1': -2 [ 96.228075][ T4640] 9pnet: Insufficient options for proto=fd [ 96.652602][ T26] audit: type=1326 audit(1757524093.245:162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4628 comm="syz.0.92" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f436acddba9 code=0x7ffc0000 [ 96.910669][ T26] audit: type=1326 audit(1757524093.285:163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4628 comm="syz.0.92" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f436acddba9 code=0x7ffc0000 [ 97.044905][ T26] audit: type=1326 audit(1757524093.285:164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4628 comm="syz.0.92" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f436acddba9 code=0x7ffc0000 [ 97.079244][ T26] audit: type=1326 audit(1757524093.285:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4628 comm="syz.0.92" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f436acddba9 code=0x7ffc0000 [ 97.547962][ T2304] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 97.742838][ T4652] loop3: detected capacity change from 0 to 512 [ 97.797063][ T4653] ADFS-fs (nullb0): error: can't find an ADFS filesystem on dev nullb0. [ 97.928076][ T2304] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 97.949397][ T4652] EXT4-fs (loop3): mounted filesystem without journal. Opts: grpquota,nogrpid,quota,,errors=continue. Quota mode: writeback. [ 97.970935][ T4652] ext4 filesystem being mounted at /9/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 98.017403][ T2304] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 98.218019][ T2304] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 98.279826][ T2304] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 98.336599][ T4660] loop4: detected capacity change from 0 to 512 [ 98.447585][ T4660] EXT4-fs (loop4): Mount option "noload" incompatible with ext2 [ 98.455545][ T2304] usb 1-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 98.481798][ T2304] usb 1-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 98.524962][ T2304] usb 1-1: Manufacturer: syz [ 98.536378][ T2304] usb 1-1: config 0 descriptor?? [ 98.874239][ T4667] loop2: detected capacity change from 0 to 512 [ 99.090579][ T2304] appleir 0003:05AC:8243.0001: unknown main item tag 0x0 [ 99.179152][ T2304] appleir 0003:05AC:8243.0001: No inputs registered, leaving [ 99.303275][ T4667] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpquota,nogrpid,quota,,errors=continue. Quota mode: writeback. [ 99.305344][ T2304] appleir 0003:05AC:8243.0001: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.0-1/input0 [ 99.570424][ T4667] ext4 filesystem being mounted at /28/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 99.725535][ T2304] usb 1-1: USB disconnect, device number 2 [ 99.795803][ T4676] fido_id[4676]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/1-1/report_descriptor': No such file or directory [ 100.471689][ T4686] loop1: detected capacity change from 0 to 256 [ 100.926716][ T4686] FAT-fs (loop1): Directory bread(block 64) failed [ 100.962871][ T4686] FAT-fs (loop1): Directory bread(block 65) failed [ 101.001831][ T4686] FAT-fs (loop1): Directory bread(block 66) failed [ 101.042461][ T4686] FAT-fs (loop1): Directory bread(block 67) failed [ 101.062765][ T4686] FAT-fs (loop1): Directory bread(block 68) failed [ 101.107556][ T4686] FAT-fs (loop1): Directory bread(block 69) failed [ 101.148114][ T4686] FAT-fs (loop1): Directory bread(block 70) failed [ 101.154718][ T4686] FAT-fs (loop1): Directory bread(block 71) failed [ 101.207984][ T4686] FAT-fs (loop1): Directory bread(block 72) failed [ 101.216441][ T4686] FAT-fs (loop1): Directory bread(block 73) failed [ 101.223210][ T4258] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 101.519332][ T4258] usb 3-1: Using ep0 maxpacket: 8 [ 102.093525][ T4258] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 102.140398][ T4699] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 102.150603][ T4258] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 102.188585][ T4258] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 65535, setting to 1024 [ 102.248751][ T4258] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 102.274545][ T4258] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 102.319335][ T4258] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 102.334671][ T4258] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 102.397285][ T4708] netlink: 2 bytes leftover after parsing attributes in process `syz.3.113'. [ 102.431158][ T4708] netdevsim netdevsim3: loading /lib/firmware/. failed with error -22 [ 102.456763][ T4708] netdevsim netdevsim3: Direct firmware load for . failed with error -22 [ 102.487420][ T4708] netdevsim netdevsim3: Falling back to sysfs fallback for: . [ 102.576264][ T4711] loop4: detected capacity change from 0 to 512 [ 102.592450][ T4711] EXT4-fs (loop4): Mount option "noload" incompatible with ext2 [ 102.618298][ T4258] usb 3-1: GET_CAPABILITIES returned 0 [ 102.624921][ T4258] usbtmc 3-1:16.0: can't read capabilities [ 102.905161][ T4258] usb 3-1: USB disconnect, device number 2 [ 103.660821][ T4719] cgroup: noprefix used incorrectly [ 103.683982][ T4728] loop4: detected capacity change from 0 to 512 [ 103.815249][ T4731] loop2: detected capacity change from 0 to 512 [ 103.855279][ T4728] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpquota,nogrpid,quota,,errors=continue. Quota mode: writeback. [ 103.911181][ T4728] ext4 filesystem being mounted at /26/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 103.965320][ T4731] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpquota,nogrpid,quota,,errors=continue. Quota mode: writeback. [ 104.136516][ T4731] ext4 filesystem being mounted at /30/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 104.490931][ T4749] loop0: detected capacity change from 0 to 256 [ 104.708742][ T4749] FAT-fs (loop0): Directory bread(block 64) failed [ 104.776954][ T4749] FAT-fs (loop0): Directory bread(block 65) failed [ 104.796768][ T4749] FAT-fs (loop0): Directory bread(block 66) failed [ 104.817942][ T4749] FAT-fs (loop0): Directory bread(block 67) failed [ 104.824644][ T4749] FAT-fs (loop0): Directory bread(block 68) failed [ 104.928775][ T4749] FAT-fs (loop0): Directory bread(block 69) failed [ 104.955821][ T4749] FAT-fs (loop0): Directory bread(block 70) failed [ 104.983708][ T4749] FAT-fs (loop0): Directory bread(block 71) failed [ 105.014891][ T4749] FAT-fs (loop0): Directory bread(block 72) failed [ 105.052177][ T4749] FAT-fs (loop0): Directory bread(block 73) failed [ 106.188021][ T4238] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 106.558585][ T4238] usb 1-1: config index 0 descriptor too short (expected 23569, got 27) [ 106.585297][ T4238] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 106.708071][ T4238] usb 1-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 106.727446][ T4238] usb 1-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 106.751518][ T4238] usb 1-1: Manufacturer: syz [ 106.780799][ T4238] usb 1-1: config 0 descriptor?? [ 106.978013][ T4238] rc_core: IR keymap rc-hauppauge not found [ 106.984154][ T4238] Registered IR keymap rc-empty [ 107.035372][ T4238] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0 [ 107.131506][ T4238] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input5 [ 107.265641][ T4238] usb 1-1: USB disconnect, device number 3 [ 107.832349][ T4775] loop2: detected capacity change from 0 to 512 [ 107.915453][ T4775] EXT4-fs (loop2): Mount option "noload" incompatible with ext2 [ 108.415210][ T4794] cgroup: noprefix used incorrectly [ 108.468534][ T4796] loop4: detected capacity change from 0 to 256 [ 108.911322][ T4796] FAT-fs (loop4): Directory bread(block 64) failed [ 108.937644][ T4796] FAT-fs (loop4): Directory bread(block 65) failed [ 108.973151][ T4801] loop2: detected capacity change from 0 to 512 [ 108.980604][ T4796] FAT-fs (loop4): Directory bread(block 66) failed [ 109.019797][ T4796] FAT-fs (loop4): Directory bread(block 67) failed [ 109.026495][ T4796] FAT-fs (loop4): Directory bread(block 68) failed [ 109.033856][ T4796] FAT-fs (loop4): Directory bread(block 69) failed [ 109.044682][ T4796] FAT-fs (loop4): Directory bread(block 70) failed [ 109.061620][ T4796] FAT-fs (loop4): Directory bread(block 71) failed [ 109.068910][ T4796] FAT-fs (loop4): Directory bread(block 72) failed [ 109.092092][ T4796] FAT-fs (loop4): Directory bread(block 73) failed [ 109.216993][ T4801] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpquota,nogrpid,quota,,errors=continue. Quota mode: writeback. [ 109.250299][ T4801] ext4 filesystem being mounted at /33/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 111.217686][ T4823] loop0: detected capacity change from 0 to 16 [ 111.267218][ T4823] erofs: (device loop0): mounted with root inode @ nid 36. [ 111.293058][ T4195] erofs: (device loop0): z_erofs_lz4_decompress: failed to decompress -26 in[46, 4050] out[9000] [ 111.317223][ T4823] erofs: (device loop0): z_erofs_lz4_decompress: failed to decompress -26 in[46, 4050] out[8192] [ 111.337230][ T26] kauditd_printk_skb: 17 callbacks suppressed [ 111.337245][ T26] audit: type=1800 audit(1757524108.795:183): pid=4823 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.143" name="file2" dev="loop0" ino=89 res=0 errno=0 [ 111.618418][ T1108] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 111.753124][ T4837] cgroup: noprefix used incorrectly [ 111.997916][ T1108] usb 4-1: Using ep0 maxpacket: 32 [ 112.112498][ T4840] loop4: detected capacity change from 0 to 512 [ 112.151377][ T1108] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 112.207600][ T4840] EXT4-fs (loop4): Mount option "noload" incompatible with ext2 [ 112.398007][ T1108] usb 4-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 112.446568][ T1108] usb 4-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 112.539796][ T1108] usb 4-1: Product: syz [ 112.587837][ T1108] usb 4-1: Manufacturer: syz [ 112.628996][ T4849] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_to_hsr, syncid = 0, id = 0 [ 112.653621][ T1108] usb 4-1: SerialNumber: syz [ 112.669019][ T4850] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_to_hsr, syncid = 0, id = 1 [ 112.696714][ T1108] usb 4-1: config 0 descriptor?? [ 112.709148][ T4851] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_to_hsr, syncid = 0, id = 2 [ 112.726253][ T4852] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_to_hsr, syncid = 0, id = 3 [ 112.742336][ T4853] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_to_hsr, syncid = 0, id = 4 [ 112.758163][ T4822] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 112.785081][ T4854] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_to_hsr, syncid = 0, id = 5 [ 112.798869][ T1108] hub 4-1:0.0: bad descriptor, ignoring hub [ 112.807945][ T1108] hub: probe of 4-1:0.0 failed with error -5 [ 112.826072][ T4855] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_to_hsr, syncid = 0, id = 6 [ 112.891089][ T4856] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_to_hsr, syncid = 0, id = 7 [ 112.909157][ T4858] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_to_hsr, syncid = 0, id = 8 [ 113.088898][ T4859] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_to_hsr, syncid = 0, id = 9 [ 113.107473][ T4862] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_to_hsr, syncid = 0, id = 10 [ 113.119565][ T1108] usb 4-1: USB disconnect, device number 3 [ 113.290354][ T4863] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_to_hsr, syncid = 0, id = 11 [ 113.308813][ T4867] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_to_hsr, syncid = 0, id = 12 [ 113.340154][ T4868] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_to_hsr, syncid = 0, id = 13 [ 113.362878][ T4869] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_to_hsr, syncid = 0, id = 14 [ 114.288648][ T4875] loop3: detected capacity change from 0 to 16 [ 114.303301][ T4878] loop1: detected capacity change from 0 to 256 [ 114.333084][ T4875] erofs: (device loop3): mounted with root inode @ nid 36. [ 114.344787][ T4195] erofs: (device loop3): z_erofs_lz4_decompress: failed to decompress -26 in[46, 4050] out[9000] [ 114.369758][ T4875] erofs: (device loop3): z_erofs_lz4_decompress: failed to decompress -26 in[46, 4050] out[8192] [ 114.390900][ T26] audit: type=1800 audit(1757524111.855:184): pid=4875 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.155" name="file2" dev="loop3" ino=89 res=0 errno=0 [ 114.585210][ T4878] FAT-fs (loop1): Directory bread(block 64) failed [ 114.688510][ T4878] FAT-fs (loop1): Directory bread(block 65) failed [ 114.757697][ T4878] FAT-fs (loop1): Directory bread(block 66) failed [ 114.841721][ T4892] cgroup: noprefix used incorrectly [ 115.310220][ T4878] FAT-fs (loop1): Directory bread(block 67) failed [ 115.316886][ T4878] FAT-fs (loop1): Directory bread(block 68) failed [ 115.408174][ T4878] FAT-fs (loop1): Directory bread(block 69) failed [ 115.435271][ T4878] FAT-fs (loop1): Directory bread(block 70) failed [ 115.465589][ T4878] FAT-fs (loop1): Directory bread(block 71) failed [ 115.506209][ T4878] FAT-fs (loop1): Directory bread(block 72) failed [ 115.530918][ T4878] FAT-fs (loop1): Directory bread(block 73) failed [ 116.119722][ T4906] loop2: detected capacity change from 0 to 512 [ 116.211198][ T4906] EXT4-fs (loop2): Mount option "noload" incompatible with ext2 [ 117.735086][ T4923] loop3: detected capacity change from 0 to 512 [ 117.985866][ T4923] EXT4-fs (loop3): mounted filesystem without journal. Opts: grpquota,nogrpid,quota,,errors=continue. Quota mode: writeback. [ 118.068033][ T4923] ext4 filesystem being mounted at /24/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 118.598277][ T1325] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 118.697485][ T4933] cgroup: noprefix used incorrectly [ 119.238602][ T1325] usb 5-1: Using ep0 maxpacket: 32 [ 119.346488][ T4938] loop1: detected capacity change from 0 to 1024 [ 119.398574][ T1325] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 119.422244][ T1325] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 119.577897][ T1325] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 119.587001][ T1325] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 120.316960][ T1325] usb 5-1: config 0 descriptor?? [ 120.371603][ T384] hfsplus: b-tree write err: -5, ino 4 [ 120.456814][ T4946] loop2: detected capacity change from 0 to 256 [ 120.694521][ T4946] FAT-fs (loop2): Directory bread(block 64) failed [ 120.722195][ T4946] FAT-fs (loop2): Directory bread(block 65) failed [ 120.754641][ T4946] FAT-fs (loop2): Directory bread(block 66) failed [ 120.784839][ T4946] FAT-fs (loop2): Directory bread(block 67) failed [ 120.827349][ T4946] FAT-fs (loop2): Directory bread(block 68) failed [ 120.885606][ T4946] FAT-fs (loop2): Directory bread(block 69) failed [ 120.895186][ T1325] savu 0003:1E7D:2D5A.0002: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.4-1/input0 [ 120.915282][ T4946] FAT-fs (loop2): Directory bread(block 70) failed [ 120.937341][ T4946] FAT-fs (loop2): Directory bread(block 71) failed [ 120.962812][ T4946] FAT-fs (loop2): Directory bread(block 72) failed [ 120.979624][ T4946] FAT-fs (loop2): Directory bread(block 73) failed [ 121.202487][ T2304] usb 5-1: USB disconnect, device number 3 [ 122.097201][ T4955] netdevsim netdevsim1: Direct firmware load for @ failed with error -2 [ 122.146675][ T4955] netdevsim netdevsim1: Falling back to sysfs fallback for: @ [ 122.305789][ T4960] netlink: 4 bytes leftover after parsing attributes in process `syz.2.178'. [ 126.185753][ T4975] cgroup: noprefix used incorrectly [ 126.690322][ T26] audit: type=1326 audit(1757524124.155:185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4977 comm="syz.1.182" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe662515ba9 code=0x7ffc0000 [ 126.837016][ T26] audit: type=1326 audit(1757524124.155:186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4977 comm="syz.1.182" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fe662514510 code=0x7ffc0000 [ 128.488658][ T26] audit: type=1326 audit(1757524124.155:187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4977 comm="syz.1.182" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe662515ba9 code=0x7ffc0000 [ 128.511102][ T26] audit: type=1326 audit(1757524124.155:188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4977 comm="syz.1.182" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fe662515ba9 code=0x7ffc0000 [ 128.537276][ T26] audit: type=1326 audit(1757524124.165:189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4977 comm="syz.1.182" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe662515ba9 code=0x7ffc0000 [ 128.562983][ T4987] loop1: detected capacity change from 0 to 256 [ 128.641609][ T26] audit: type=1326 audit(1757524124.165:190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4977 comm="syz.1.182" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7fe662515ba9 code=0x7ffc0000 [ 128.658474][ T4985] loop2: detected capacity change from 0 to 1024 [ 128.679988][ T4987] FAT-fs (loop1): Directory bread(block 64) failed [ 128.742814][ T4987] FAT-fs (loop1): Directory bread(block 65) failed [ 128.913702][ T26] audit: type=1326 audit(1757524124.165:191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4977 comm="syz.1.182" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe662515ba9 code=0x7ffc0000 [ 128.913747][ T4987] FAT-fs (loop1): Directory bread(block 66) failed [ 129.485725][ T4987] FAT-fs (loop1): Directory bread(block 67) failed [ 129.497369][ T4987] FAT-fs (loop1): Directory bread(block 68) failed [ 129.514396][ T4987] FAT-fs (loop1): Directory bread(block 69) failed [ 129.522695][ T144] hfsplus: b-tree write err: -5, ino 4 [ 129.528408][ T4987] FAT-fs (loop1): Directory bread(block 70) failed [ 129.528447][ T4987] FAT-fs (loop1): Directory bread(block 71) failed [ 129.544418][ T4987] FAT-fs (loop1): Directory bread(block 72) failed [ 129.552687][ T4987] FAT-fs (loop1): Directory bread(block 73) failed [ 129.588016][ T26] audit: type=1326 audit(1757524124.165:192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4977 comm="syz.1.182" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe662515ba9 code=0x7ffc0000 [ 129.654257][ T26] audit: type=1326 audit(1757524124.165:193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4977 comm="syz.1.182" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe662515ba9 code=0x7ffc0000 [ 130.248001][ T26] audit: type=1326 audit(1757524124.165:194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4977 comm="syz.1.182" exe="/root/syz-executor" sig=0 arch=c000003e syscall=259 compat=0 ip=0x7fe662515ba9 code=0x7ffc0000 [ 131.495258][ T4993] mmap: syz.4.187 (4993) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst. [ 131.510867][ T4993] netlink: 64 bytes leftover after parsing attributes in process `syz.4.187'. [ 131.803245][ T5010] cgroup: noprefix used incorrectly [ 132.406247][ T5016] loop0: detected capacity change from 0 to 512 [ 132.657371][ T5015] loop1: detected capacity change from 0 to 512 [ 132.777187][ T5016] EXT4-fs (loop0): mounted filesystem without journal. Opts: grpquota,nogrpid,quota,,errors=continue. Quota mode: writeback. [ 132.777259][ T5015] ext4 filesystem being mounted at /37/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 132.790982][ T5016] ext4 filesystem being mounted at /46/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 132.841578][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.847959][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 135.422292][ T5036] loop1: detected capacity change from 0 to 1024 [ 135.968020][ T26] kauditd_printk_skb: 11 callbacks suppressed [ 135.968064][ T26] audit: type=1326 audit(1757524133.345:206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5038 comm="syz.3.196" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29c8014ba9 code=0x7ffc0000 [ 136.327927][ T26] audit: type=1326 audit(1757524133.345:207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5038 comm="syz.3.196" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29c8014ba9 code=0x7ffc0000 [ 136.350727][ T26] audit: type=1326 audit(1757524133.655:208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5038 comm="syz.3.196" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f29c8013510 code=0x7ffc0000 [ 136.373249][ T26] audit: type=1326 audit(1757524133.795:209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5038 comm="syz.3.196" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29c8014ba9 code=0x7ffc0000 [ 136.374271][ T384] hfsplus: b-tree write err: -5, ino 4 [ 136.407190][ T26] audit: type=1326 audit(1757524133.795:210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5038 comm="syz.3.196" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29c8014ba9 code=0x7ffc0000 [ 136.527899][ T26] audit: type=1326 audit(1757524133.815:211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5038 comm="syz.3.196" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f29c8014ba9 code=0x7ffc0000 [ 136.725549][ T5045] loop3: detected capacity change from 0 to 256 [ 136.830306][ T26] audit: type=1326 audit(1757524133.815:212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5038 comm="syz.3.196" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29c8014ba9 code=0x7ffc0000 [ 136.932122][ T26] audit: type=1326 audit(1757524133.815:213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5038 comm="syz.3.196" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f29c8014ba9 code=0x7ffc0000 [ 136.962610][ T5045] FAT-fs (loop3): Directory bread(block 64) failed [ 137.048866][ T5045] FAT-fs (loop3): Directory bread(block 65) failed [ 137.053598][ T26] audit: type=1326 audit(1757524133.815:214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5038 comm="syz.3.196" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f29c8014ba9 code=0x7ffc0000 [ 137.075614][ T5045] FAT-fs (loop3): Directory bread(block 66) failed [ 137.079052][ T26] audit: type=1326 audit(1757524133.815:215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5038 comm="syz.3.196" exe="/root/syz-executor" sig=0 arch=c000003e syscall=259 compat=0 ip=0x7f29c8014ba9 code=0x7ffc0000 [ 137.108359][ T5045] FAT-fs (loop3): Directory bread(block 67) failed [ 137.120431][ T5045] FAT-fs (loop3): Directory bread(block 68) failed [ 137.128632][ T5045] FAT-fs (loop3): Directory bread(block 69) failed [ 137.169757][ T5045] FAT-fs (loop3): Directory bread(block 70) failed [ 137.176981][ T5045] FAT-fs (loop3): Directory bread(block 71) failed [ 137.185620][ T5045] FAT-fs (loop3): Directory bread(block 72) failed [ 137.227922][ T5045] FAT-fs (loop3): Directory bread(block 73) failed [ 137.452847][ T5048] crypto_alloc_aead failed rc=-4 [ 138.495200][ T5086] cgroup: noprefix used incorrectly [ 140.149641][ T5095] loop2: detected capacity change from 0 to 512 [ 140.261719][ T5095] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpquota,nogrpid,quota,,errors=continue. Quota mode: writeback. [ 140.278415][ T5095] ext4 filesystem being mounted at /45/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 141.647502][ T5119] loop1: detected capacity change from 0 to 256 [ 141.811154][ T5119] FAT-fs (loop1): Directory bread(block 64) failed [ 141.861195][ T5119] FAT-fs (loop1): Directory bread(block 65) failed [ 141.887292][ T5119] FAT-fs (loop1): Directory bread(block 66) failed [ 141.925359][ T5119] FAT-fs (loop1): Directory bread(block 67) failed [ 141.946952][ T5119] FAT-fs (loop1): Directory bread(block 68) failed [ 141.961031][ T5119] FAT-fs (loop1): Directory bread(block 69) failed [ 141.978955][ T5119] FAT-fs (loop1): Directory bread(block 70) failed [ 141.996080][ T5119] FAT-fs (loop1): Directory bread(block 71) failed [ 142.012194][ T5119] FAT-fs (loop1): Directory bread(block 72) failed [ 142.039827][ T5119] FAT-fs (loop1): Directory bread(block 73) failed [ 142.123516][ T5125] loop3: detected capacity change from 0 to 1024 [ 142.955564][ T384] hfsplus: b-tree write err: -5, ino 4 [ 143.095992][ T5135] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 143.117505][ T5135] Zero length message leads to an empty skb [ 144.538602][ T5143] process 'syz.1.223' launched './file0' with NULL argv: empty string added [ 144.854795][ T5152] loop3: detected capacity change from 0 to 256 [ 144.913420][ T5158] loop1: detected capacity change from 0 to 512 [ 144.956059][ T5159] loop2: detected capacity change from 0 to 1024 [ 145.022707][ T5160] netlink: 'syz.4.225': attribute type 4 has an invalid length. [ 145.090561][ T5152] FAT-fs (loop3): Directory bread(block 64) failed [ 145.097505][ T5152] FAT-fs (loop3): Directory bread(block 65) failed [ 145.108011][ T5152] FAT-fs (loop3): Directory bread(block 66) failed [ 145.121110][ T5152] FAT-fs (loop3): Directory bread(block 67) failed [ 145.143898][ T5152] FAT-fs (loop3): Directory bread(block 68) failed [ 145.155001][ T5152] FAT-fs (loop3): Directory bread(block 69) failed [ 145.168468][ T5152] FAT-fs (loop3): Directory bread(block 70) failed [ 145.175268][ T5152] FAT-fs (loop3): Directory bread(block 71) failed [ 145.182071][ T5152] FAT-fs (loop3): Directory bread(block 72) failed [ 145.188843][ T5152] FAT-fs (loop3): Directory bread(block 73) failed [ 145.326677][ T5158] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpquota,nogrpid,quota,,errors=continue. Quota mode: writeback. [ 145.762611][ T5158] ext4 filesystem being mounted at /50/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 146.160478][ T4224] hfsplus: b-tree write err: -5, ino 4 [ 147.735678][ T26] kauditd_printk_skb: 12 callbacks suppressed [ 147.735697][ T26] audit: type=1800 audit(1757524145.195:228): pid=5191 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.236" name="/" dev="fuse" ino=9 res=0 errno=0 [ 148.770624][ T5217] input: syz1 as /devices/virtual/input/input6 [ 149.298103][ T5228] loop3: detected capacity change from 0 to 1024 [ 150.252291][ T4224] hfsplus: b-tree write err: -5, ino 4 [ 152.351257][ T5261] loop3: detected capacity change from 0 to 512 [ 152.456512][ T5268] 9pnet_virtio: no channels available for device syz [ 152.476728][ T5261] EXT4-fs (loop3): mounted filesystem without journal. Opts: grpquota,nogrpid,quota,,errors=continue. Quota mode: writeback. [ 152.502476][ T5261] ext4 filesystem being mounted at /43/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 152.737312][ T5272] loop2: detected capacity change from 0 to 1024 [ 153.992210][ T384] hfsplus: b-tree write err: -5, ino 4 [ 154.996011][ T26] audit: type=1800 audit(1757524152.455:229): pid=5285 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.257" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0 [ 155.697858][ T4287] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 155.953629][ T4287] usb 5-1: Using ep0 maxpacket: 16 [ 156.188083][ T4287] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 156.218512][ T4287] usb 5-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00 [ 156.341920][ T4287] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 156.398509][ T4287] usb 5-1: config 0 descriptor?? [ 156.499605][ T4287] input: bcm5974 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input7 [ 157.003877][ T5309] fuse: Bad value for 'fd' [ 157.206961][ T5313] loop3: detected capacity change from 0 to 1024 [ 157.598013][ T3546] bcm5974 5-1:0.0: could not read from device [ 157.628590][ T4287] bcm5974 5-1:0.0: could not read from device [ 157.688072][ T3546] bcm5974 5-1:0.0: could not read from device [ 157.758453][ T4287] input: failed to attach handler mousedev to device input7, error: -5 [ 157.918606][ T4287] usb 5-1: USB disconnect, device number 4 [ 157.938001][ T4750] bcm5974 5-1:0.0: could not read from device [ 158.290664][ T9] hfsplus: b-tree write err: -5, ino 4 [ 159.337762][ T5333] device geneve2 entered promiscuous mode [ 160.762192][ T5349] netdevsim netdevsim1: Direct firmware load for @ failed with error -2 [ 160.791591][ T5349] netdevsim netdevsim1: Falling back to sysfs fallback for: @ [ 160.804583][ T5352] loop4: detected capacity change from 0 to 1024 [ 161.074423][ T5289] Set syz1 is full, maxelem 65536 reached [ 161.550985][ T5378] netlink: 68 bytes leftover after parsing attributes in process `syz.3.288'. [ 161.676140][ T384] hfsplus: b-tree write err: -5, ino 4 [ 162.578046][ T4259] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 162.958130][ T4259] usb 5-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 162.992010][ T4259] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 163.067951][ T4259] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 163.097462][ T4259] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 163.132750][ T4259] usb 5-1: config 0 descriptor?? [ 163.200279][ T4259] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 163.979173][ T5412] loop0: detected capacity change from 0 to 1024 [ 164.670708][ T5418] loop3: detected capacity change from 0 to 512 [ 164.799487][ T5074] hfsplus: b-tree write err: -5, ino 4 [ 164.807402][ T5418] EXT4-fs (loop3): mounted filesystem without journal. Opts: grpquota,nogrpid,quota,,errors=continue. Quota mode: writeback. [ 164.938029][ T5418] ext4 filesystem being mounted at /59/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 165.803280][ T4300] usb 5-1: USB disconnect, device number 5 [ 165.874884][ T5431] loop3: detected capacity change from 0 to 512 [ 166.074038][ T5431] EXT4-fs (loop3): mounted filesystem without journal. Opts: grpquota,nogrpid,quota,,errors=continue. Quota mode: writeback. [ 166.088281][ T5431] ext4 filesystem being mounted at /60/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 166.220488][ T5439] loop1: detected capacity change from 0 to 512 [ 166.350459][ T5439] EXT4-fs (loop1): Mount option "noload" incompatible with ext2 [ 168.476847][ T5397] syz.2.296 (5397): drop_caches: 1 [ 168.843947][ T5460] loop0: detected capacity change from 0 to 1024 [ 169.688877][ T4224] hfsplus: b-tree write err: -5, ino 4 [ 170.151151][ T5481] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 170.263230][ T5481] overlayfs: failed to set xattr on upper [ 170.296786][ T5481] overlayfs: ...falling back to index=off,metacopy=off. [ 170.337583][ T5481] overlayfs: failed to resolve './file0': -2 [ 170.650998][ T5491] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 170.660225][ T5491] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 170.669368][ T5491] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 170.678297][ T5491] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 170.727858][ T5493] overlayfs: failed to resolve './file1': -2 [ 170.775413][ T5493] 9pnet: Insufficient options for proto=fd [ 171.281538][ T5507] netlink: 24 bytes leftover after parsing attributes in process `syz.3.326'. [ 171.727652][ T5515] netlink: 4 bytes leftover after parsing attributes in process `syz.1.327'. [ 172.211401][ T5528] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 172.289358][ T5533] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 172.340164][ T5528] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 172.403695][ T5538] loop0: detected capacity change from 0 to 512 [ 172.431114][ T5538] EXT4-fs (loop0): Mount option "noload" incompatible with ext2 [ 172.917992][ T1108] Bluetooth: hci4: command 0x0405 tx timeout [ 173.035890][ T5549] loop1: detected capacity change from 0 to 512 [ 173.140510][ T5549] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpquota,nogrpid,quota,,errors=continue. Quota mode: writeback. [ 173.171724][ T5549] ext4 filesystem being mounted at /65/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 174.339451][ T5570] block device autoloading is deprecated and will be removed. [ 174.379004][ T5576] overlayfs: failed to resolve './file1': -2 [ 174.408575][ T5575] netlink: 'syz.2.339': attribute type 8 has an invalid length. [ 174.543471][ T5577] 9pnet: Insufficient options for proto=fd [ 176.409233][ T5609] netlink: 'syz.1.345': attribute type 4 has an invalid length. [ 176.976704][ T5619] IPVS: sync thread started: state = BACKUP, mcast_ifn = veth0_to_team, syncid = 0, id = 0 [ 177.238632][ T5625] overlayfs: failed to resolve './file1': -2 [ 177.264830][ T5625] 9pnet: Insufficient options for proto=fd [ 178.945378][ T5635] loop3: detected capacity change from 0 to 1024 [ 179.749330][ T9] hfsplus: b-tree write err: -5, ino 4 [ 180.001706][ T5649] loop0: detected capacity change from 0 to 512 [ 180.841588][ T5649] EXT4-fs (loop0): Mount option "noload" incompatible with ext2 [ 182.074488][ C1] vcan0: j1939_tp_rxtimer: 0xffff88805f8ffc00: rx timeout, send abort [ 182.084575][ C1] vcan0: j1939_tp_rxtimer: 0xffff8880603f9000: rx timeout, send abort [ 182.260710][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88805f8ffc00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 182.276720][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff8880603f9000: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 182.489313][ T5670] overlayfs: failed to resolve './file1': -2 [ 182.932527][ T5670] 9pnet: Insufficient options for proto=fd [ 182.975333][ T5673] vhci_hcd: Failed attach request for unsupported USB speed: super-speed-plus [ 183.408221][ T5683] netlink: 'syz.4.372': attribute type 1 has an invalid length. [ 183.928032][ T1108] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 184.150797][ T5704] overlayfs: failed to resolve './file1': -2 [ 184.190107][ T5704] 9pnet: Insufficient options for proto=fd [ 184.207893][ T1108] usb 5-1: Using ep0 maxpacket: 8 [ 184.307961][ T4238] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 184.338193][ T1108] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 184.395700][ T5707] loop3: detected capacity change from 0 to 1024 [ 184.406648][ T1108] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 184.650706][ T1108] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 65535, setting to 1024 [ 184.708429][ T4238] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 184.941055][ T4238] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 184.964774][ T1108] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 184.990946][ T4238] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 185.007368][ T1108] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 185.033158][ T4238] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 185.085690][ T1108] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 185.122533][ T1108] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 185.188847][ T4238] usb 2-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 185.203381][ T4238] usb 2-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 185.297469][ T26] audit: type=1326 audit(3905007836.760:230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5710 comm="syz.0.382" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f436acddba9 code=0x0 [ 185.338430][ T4238] usb 2-1: Manufacturer: syz [ 185.353944][ T5074] hfsplus: b-tree write err: -5, ino 4 [ 185.372776][ T4238] usb 2-1: config 0 descriptor?? [ 185.447989][ T1108] usb 5-1: GET_CAPABILITIES returned 0 [ 185.458294][ T1108] usbtmc 5-1:16.0: can't read capabilities [ 185.474887][ T5719] loop2: detected capacity change from 0 to 512 [ 185.523515][ T5715] block nbd0: shutting down sockets [ 185.653467][ T7] usb 5-1: USB disconnect, device number 6 [ 185.707685][ T5719] EXT4-fs (loop2): Mount option "noload" incompatible with ext2 [ 185.823953][ T5722] lo speed is unknown, defaulting to 1000 [ 185.851810][ T5722] lo speed is unknown, defaulting to 1000 [ 185.868295][ T5722] lo speed is unknown, defaulting to 1000 [ 186.191014][ T5722] infiniband sz1: set active [ 186.196046][ T5722] infiniband sz1: added lo [ 186.209329][ T5722] infiniband sz1: Couldn't open port 1 [ 186.237513][ T1108] Bluetooth: hci2: command 0x0406 tx timeout [ 186.245568][ T4238] appleir 0003:05AC:8243.0003: unknown main item tag 0x0 [ 186.267934][ T5722] RDS/IB: sz1: added [ 186.272627][ T5722] smc: adding ib device sz1 with port count 1 [ 186.279047][ T4300] Bluetooth: hci1: command 0x0406 tx timeout [ 186.279137][ T5722] smc: ib device sz1 port 1 has pnetid [ 186.295580][ T5722] lo speed is unknown, defaulting to 1000 [ 186.379220][ T4238] appleir 0003:05AC:8243.0003: No inputs registered, leaving [ 186.391170][ T1108] Bluetooth: hci3: command 0x0406 tx timeout [ 186.408119][ T1108] Bluetooth: hci4: command 0x0406 tx timeout [ 186.435714][ T1108] lo speed is unknown, defaulting to 1000 [ 186.485795][ T4231] lo speed is unknown, defaulting to 1000 [ 186.556828][ T5722] lo speed is unknown, defaulting to 1000 [ 186.685927][ T5722] lo speed is unknown, defaulting to 1000 [ 186.816009][ T5722] lo speed is unknown, defaulting to 1000 [ 186.901016][ T5730] netlink: 'syz.4.385': attribute type 10 has an invalid length. [ 186.959362][ T4238] appleir 0003:05AC:8243.0003: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.1-1/input0 [ 187.020352][ T5730] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 187.042546][ T5730] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 187.071510][ T5722] lo speed is unknown, defaulting to 1000 [ 187.383632][ T5734] loop0: detected capacity change from 0 to 512 [ 187.574166][ T5734] EXT4-fs (loop0): mounted filesystem without journal. Opts: grpquota,nogrpid,quota,,errors=continue. Quota mode: writeback. [ 187.591876][ T5734] ext4 filesystem being mounted at /75/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 187.919095][ T5750] overlayfs: failed to resolve './file1': -2 [ 187.940375][ T5750] 9pnet: Insufficient options for proto=fd [ 187.997956][ T1325] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 188.447927][ T1325] usb 4-1: Using ep0 maxpacket: 32 [ 188.552091][ T4300] usb 2-1: USB disconnect, device number 2 [ 188.567997][ T1325] usb 4-1: config index 0 descriptor too short (expected 156, got 27) [ 188.583177][ T5755] loop0: detected capacity change from 0 to 1024 [ 188.608229][ T1325] usb 4-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 188.854927][ T1325] usb 4-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 188.876531][ T1325] usb 4-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 188.905814][ T1325] usb 4-1: config 0 interface 0 has no altsetting 0 [ 189.195524][ T1325] usb 4-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 189.212384][ T1325] usb 4-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 189.226641][ T1325] usb 4-1: Product: syz [ 189.231697][ T1325] usb 4-1: Manufacturer: syz [ 189.236413][ T1325] usb 4-1: SerialNumber: syz [ 189.243481][ T1325] usb 4-1: config 0 descriptor?? [ 189.300008][ T1325] ldusb 4-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 189.316679][ T1325] ldusb 4-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 189.455559][ T5767] 9pnet_virtio: no channels available for device syz [ 189.469391][ T5074] hfsplus: b-tree write err: -5, ino 4 [ 190.241613][ T1325] usb 4-1: USB disconnect, device number 4 [ 190.250797][ T1325] ldusb 4-1:0.0: LD USB Device #0 now disconnected [ 190.932353][ T5771] syz.0.398 uses obsolete (PF_INET,SOCK_PACKET) [ 191.111986][ T5791] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 191.133555][ T5793] loop1: detected capacity change from 0 to 512 [ 191.229777][ T5793] EXT4-fs (loop1): Mount option "noload" incompatible with ext2 [ 191.460254][ T5799] overlayfs: failed to resolve './file1': -2 [ 191.516354][ T5799] 9pnet: Insufficient options for proto=fd [ 191.675155][ T5806] loop0: detected capacity change from 0 to 1024 [ 193.360371][ T4357] hfsplus: b-tree write err: -5, ino 4 [ 193.602926][ T5820] netdevsim netdevsim2: Direct firmware load for @ failed with error -2 [ 193.652766][ T5820] netdevsim netdevsim2: Falling back to sysfs fallback for: @ [ 193.867097][ T5832] netlink: 8 bytes leftover after parsing attributes in process `syz.4.417'. [ 193.934045][ T5832] netlink: 8 bytes leftover after parsing attributes in process `syz.4.417'. [ 193.951449][ T5831] qfq: no options [ 194.294775][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.408165][ T5836] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 194.429652][ T5839] overlayfs: failed to resolve './file1': -2 [ 194.523316][ T5839] 9pnet: Insufficient options for proto=fd [ 194.594209][ T5834] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 196.532863][ T5844] sched: RT throttling activated [ 196.817199][ T5850] loop0: detected capacity change from 0 to 1024 [ 197.119036][ T4357] hfsplus: b-tree write err: -5, ino 4 [ 197.153631][ T5854] ieee802154 phy0 wpan0: encryption failed: -22 [ 197.257887][ T4259] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 197.624527][ T5875] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 197.638329][ T4259] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 197.662232][ T5877] loop2: detected capacity change from 0 to 512 [ 197.675636][ T5875] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 197.710521][ T4259] usb 5-1: New USB device found, idVendor=05ac, idProduct=921c, bcdDevice=9d.fb [ 197.727999][ T4259] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 197.758960][ T5877] EXT4-fs (loop2): Mount option "noload" incompatible with ext2 [ 197.902397][ T4287] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 197.929711][ T4259] usb 5-1: config 0 descriptor?? [ 198.147906][ T4287] usb 1-1: Using ep0 maxpacket: 16 [ 198.176763][ T4259] usb 5-1: USB disconnect, device number 7 [ 198.247611][ T5882] overlayfs: failed to resolve './file1': -2 [ 198.282982][ T5882] 9pnet: Insufficient options for proto=fd [ 198.428274][ T4287] usb 1-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6 [ 198.438436][ T4287] usb 1-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 198.446771][ T4287] usb 1-1: Product: syz [ 198.451825][ T4287] usb 1-1: Manufacturer: syz [ 198.458126][ T4287] usb 1-1: SerialNumber: syz [ 198.474122][ T4287] usb 1-1: config 0 descriptor?? [ 198.607399][ T5885] netdevsim netdevsim3: Direct firmware load for @ failed with error -2 [ 198.698902][ T5885] netdevsim netdevsim3: Falling back to sysfs fallback for: @ [ 198.788576][ T5873] netlink: 8 bytes leftover after parsing attributes in process `syz.0.428'. [ 198.797599][ T5873] netlink: 12 bytes leftover after parsing attributes in process `syz.0.428'. [ 200.302071][ T5894] loop4: detected capacity change from 0 to 1024 [ 200.457851][ T1108] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 200.681152][ T9] hfsplus: b-tree write err: -5, ino 4 [ 200.813955][ T5897] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 200.983660][ T1108] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 201.025169][ T1108] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 201.091663][ T1108] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 201.131542][ T1108] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 201.278089][ T1108] usb 2-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 201.287180][ T1108] usb 2-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 201.416445][ T1325] usb 1-1: USB disconnect, device number 4 [ 201.417015][ T1108] usb 2-1: Manufacturer: syz [ 201.453541][ T1108] usb 2-1: config 0 descriptor?? [ 201.521286][ T5904] 9pnet: Insufficient options for proto=fd [ 201.813315][ T5917] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 201.884407][ T5923] cgroup: noprefix used incorrectly [ 202.001828][ T1108] appleir 0003:05AC:8243.0004: unknown main item tag 0x0 [ 202.035145][ T1108] appleir 0003:05AC:8243.0004: No inputs registered, leaving [ 202.049690][ T5925] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 202.078096][ T5924] mac80211_hwsim hwsim11 wlan1: disabling HT/VHT/HE as WMM/QoS is not supported by the AP [ 202.091410][ T1108] appleir 0003:05AC:8243.0004: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.1-1/input0 [ 202.190146][ T5924] wlan1: No basic rates, using min rate instead [ 202.323140][ T5924] wlan1: associating with AP with corrupt beacon [ 202.378993][ T154] wlan1: associate with 50:50:50:50:50:50 (try 1/3) [ 202.396842][ T154] wlan1: associate with 50:50:50:50:50:50 (try 2/3) [ 202.408415][ T154] wlan1: associate with 50:50:50:50:50:50 (try 3/3) [ 202.415345][ T154] wlan1: association with 50:50:50:50:50:50 timed out [ 202.566172][ T1108] usb 2-1: USB disconnect, device number 3 [ 203.537285][ T5940] loop1: detected capacity change from 0 to 1024 [ 203.626062][ T5944] loop4: detected capacity change from 0 to 512 [ 203.758598][ T5944] EXT4-fs (loop4): Mount option "noload" incompatible with ext2 [ 203.975394][ T9] hfsplus: b-tree write err: -5, ino 4 [ 205.879281][ T5963] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 205.933744][ T5966] netlink: 96 bytes leftover after parsing attributes in process `syz.2.458'. [ 205.958809][ T5963] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 206.095429][ T5972] netdevsim netdevsim1: Direct firmware load for @ failed with error -2 [ 206.953155][ T5972] netdevsim netdevsim1: Falling back to sysfs fallback for: @ [ 207.239401][ T5978] loop3: detected capacity change from 0 to 1024 [ 208.025104][ T4430] hfsplus: b-tree write err: -5, ino 4 [ 208.469933][ T5995] cgroup: noprefix used incorrectly [ 209.044867][ T146] Bluetooth: hci2: Received unexpected HCI Event 00000000 [ 209.100086][ T6000] loop1: detected capacity change from 0 to 1024 [ 209.943933][ T6012] loop0: detected capacity change from 0 to 256 [ 210.221397][ T6012] FAT-fs (loop0): Directory bread(block 64) failed [ 210.247952][ T6012] FAT-fs (loop0): Directory bread(block 65) failed [ 210.254641][ T6012] FAT-fs (loop0): Directory bread(block 66) failed [ 210.276041][ T6012] FAT-fs (loop0): Directory bread(block 67) failed [ 210.318142][ T6012] FAT-fs (loop0): Directory bread(block 68) failed [ 210.358097][ T6012] FAT-fs (loop0): Directory bread(block 69) failed [ 210.375131][ T6016] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 210.407989][ T6012] FAT-fs (loop0): Directory bread(block 70) failed [ 210.427994][ T6012] FAT-fs (loop0): Directory bread(block 71) failed [ 210.455457][ T6012] FAT-fs (loop0): Directory bread(block 72) failed [ 210.455479][ T6016] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 210.473081][ T6012] FAT-fs (loop0): Directory bread(block 73) failed [ 210.549013][ T6012] vfat filesystem being mounted at /96/bus supports timestamps until 2107-12-31 (0x10391447e) [ 211.120221][ T6023] loop0: detected capacity change from 0 to 1024 [ 212.068196][ T154] hfsplus: b-tree write err: -5, ino 4 [ 212.121307][ T6045] loop3: detected capacity change from 0 to 256 [ 212.190722][ T6045] FAT-fs (loop3): Directory bread(block 64) failed [ 212.200424][ T6045] FAT-fs (loop3): Directory bread(block 65) failed [ 212.220408][ T6045] FAT-fs (loop3): Directory bread(block 66) failed [ 212.226990][ T6045] FAT-fs (loop3): Directory bread(block 67) failed [ 212.253645][ T6045] FAT-fs (loop3): Directory bread(block 68) failed [ 212.256475][ T6047] loop0: detected capacity change from 0 to 1024 [ 212.337421][ T6045] FAT-fs (loop3): Directory bread(block 69) failed [ 212.354000][ T6045] FAT-fs (loop3): Directory bread(block 70) failed [ 212.378025][ T6045] FAT-fs (loop3): Directory bread(block 71) failed [ 212.399199][ T6045] FAT-fs (loop3): Directory bread(block 72) failed [ 212.436574][ T6045] FAT-fs (loop3): Directory bread(block 73) failed [ 212.487440][ T6045] vfat filesystem being mounted at /103/bus supports timestamps until 2107-12-31 (0x10391447e) [ 213.375286][ T6053] netlink: 'syz.0.486': attribute type 2 has an invalid length. [ 213.413825][ T6053] netlink: 8 bytes leftover after parsing attributes in process `syz.0.486'. [ 213.437071][ T6055] netlink: 'syz.0.486': attribute type 2 has an invalid length. [ 213.477531][ T6055] netlink: 8 bytes leftover after parsing attributes in process `syz.0.486'. [ 213.519373][ T6056] netdevsim netdevsim2: Direct firmware load for @ failed with error -2 [ 213.559601][ T1108] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 213.577979][ T6056] netdevsim netdevsim2: Falling back to sysfs fallback for: @ [ 213.665973][ T1108] hid-generic 0000:0000:0000.0005: hidraw0: HID v0.00 Device [syz1] on syz0 [ 213.969687][ T6064] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 214.113010][ T6062] fido_id[6062]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 214.665704][ T6075] loop3: detected capacity change from 0 to 1024 [ 215.397426][ T6078] cgroup: noprefix used incorrectly [ 215.671283][ T6090] loop0: detected capacity change from 0 to 256 [ 215.695076][ T154] hfsplus: b-tree write err: -5, ino 4 [ 216.358134][ T6091] 9pnet_virtio: no channels available for device syz [ 217.609649][ T6090] FAT-fs (loop0): Directory bread(block 64) failed [ 217.648638][ T6090] FAT-fs (loop0): Directory bread(block 65) failed [ 217.661262][ T6090] FAT-fs (loop0): Directory bread(block 66) failed [ 217.684969][ T6090] FAT-fs (loop0): Directory bread(block 67) failed [ 217.707083][ T6090] FAT-fs (loop0): Directory bread(block 68) failed [ 217.733631][ T6090] FAT-fs (loop0): Directory bread(block 69) failed [ 217.765531][ T6090] FAT-fs (loop0): Directory bread(block 70) failed [ 217.806128][ T6090] FAT-fs (loop0): Directory bread(block 71) failed [ 217.835299][ T6090] FAT-fs (loop0): Directory bread(block 72) failed [ 217.855523][ T6090] FAT-fs (loop0): Directory bread(block 73) failed [ 217.910689][ T6090] vfat filesystem being mounted at /103/bus supports timestamps until 2107-12-31 (0x10391447e) [ 217.933467][ T6102] tipc: Started in network mode [ 217.948155][ T6102] tipc: Node identity 12c5dc7c0a94, cluster identity 4711 [ 217.955548][ T6102] tipc: Enabled bearer , priority 0 [ 218.005219][ T6105] device syzkaller0 entered promiscuous mode [ 218.156585][ T6102] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) ! [ 218.204201][ T6102] tipc: Resetting bearer [ 218.232889][ T6101] tipc: Resetting bearer [ 218.395318][ T6101] tipc: Disabling bearer [ 219.070347][ T6120] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 220.222693][ T6131] loop4: detected capacity change from 0 to 1024 [ 222.700930][ T6148] loop3: detected capacity change from 0 to 256 [ 223.564274][ T6148] FAT-fs (loop3): Directory bread(block 64) failed [ 223.690996][ T6148] FAT-fs (loop3): Directory bread(block 65) failed [ 223.697735][ T6148] FAT-fs (loop3): Directory bread(block 66) failed [ 223.705757][ T6148] FAT-fs (loop3): Directory bread(block 67) failed [ 223.713744][ T6148] FAT-fs (loop3): Directory bread(block 68) failed [ 223.721453][ T6148] FAT-fs (loop3): Directory bread(block 69) failed [ 223.740380][ T6148] FAT-fs (loop3): Directory bread(block 70) failed [ 223.776318][ T6148] FAT-fs (loop3): Directory bread(block 71) failed [ 223.796229][ T6148] FAT-fs (loop3): Directory bread(block 72) failed [ 223.811762][ T6148] FAT-fs (loop3): Directory bread(block 73) failed [ 223.849893][ T6148] vfat filesystem being mounted at /114/bus supports timestamps until 2107-12-31 (0x10391447e) [ 224.679916][ T6161] lo speed is unknown, defaulting to 1000 [ 224.839541][ T6169] loop2: detected capacity change from 0 to 1024 [ 225.080778][ T6171] cgroup: noprefix used incorrectly [ 226.248345][ T4287] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 226.353976][ T6179] netlink: 20 bytes leftover after parsing attributes in process `syz.2.522'. [ 226.508040][ T4287] usb 4-1: Using ep0 maxpacket: 8 [ 226.673661][ T4287] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 226.685000][ T4287] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 226.734016][ T4287] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 226.755940][ T4287] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 226.776053][ T4287] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 227.885872][ T4287] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 227.945279][ T4287] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 228.298001][ T4287] usb 4-1: GET_CAPABILITIES returned 0 [ 228.359202][ T4287] usbtmc 4-1:16.0: can't read capabilities [ 228.514090][ T1325] usb 4-1: USB disconnect, device number 5 [ 229.394511][ T6202] loop3: detected capacity change from 0 to 256 [ 229.471709][ T6204] loop0: detected capacity change from 0 to 8192 [ 229.529016][ T6202] FAT-fs (loop3): Directory bread(block 64) failed [ 229.550770][ T6202] FAT-fs (loop3): Directory bread(block 65) failed [ 229.588320][ T6202] FAT-fs (loop3): Directory bread(block 66) failed [ 229.590398][ T6204] vfat filesystem being mounted at /106/file0 supports timestamps until 2107-12-31 (0x10391447e) [ 229.642946][ T6202] FAT-fs (loop3): Directory bread(block 67) failed [ 229.661574][ T6202] FAT-fs (loop3): Directory bread(block 68) failed [ 230.190360][ T6202] FAT-fs (loop3): Directory bread(block 69) failed [ 230.197273][ T6202] FAT-fs (loop3): Directory bread(block 70) failed [ 230.204343][ T6202] FAT-fs (loop3): Directory bread(block 71) failed [ 230.211269][ T6202] FAT-fs (loop3): Directory bread(block 72) failed [ 230.245681][ T6202] FAT-fs (loop3): Directory bread(block 73) failed [ 230.309153][ T6202] vfat filesystem being mounted at /117/bus supports timestamps until 2107-12-31 (0x10391447e) [ 230.937843][ T1325] usb 4-1: new low-speed USB device number 6 using dummy_hcd [ 230.960818][ T6212] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 230.997707][ T6215] loop1: detected capacity change from 0 to 1024 [ 231.958162][ T1325] usb 4-1: config 0 has an invalid interface number: 55 but max is 0 [ 231.996137][ T1325] usb 4-1: config 0 has no interface number 0 [ 232.087867][ T1325] usb 4-1: config 0 interface 55 altsetting 0 has an invalid endpoint with address 0x80, skipping [ 232.208415][ T1325] usb 4-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8 [ 232.223474][ T1325] usb 4-1: config 0 interface 55 altsetting 0 has an invalid endpoint with address 0xAB, skipping [ 232.235619][ T1325] usb 4-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 232.252934][ T1325] usb 4-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 232.262617][ T1325] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 232.296573][ T1325] usb 4-1: config 0 descriptor?? [ 232.328149][ T6211] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 232.338167][ T6211] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 232.346267][ T6225] netdevsim netdevsim2: Direct firmware load for @ failed with error -2 [ 232.349723][ T1325] ldusb 4-1:0.55: Interrupt in endpoint not found [ 232.394731][ T6225] netdevsim netdevsim2: Falling back to sysfs fallback for: @ [ 232.615573][ T1325] usb 4-1: USB disconnect, device number 6 [ 233.372762][ T6242] netlink: 4 bytes leftover after parsing attributes in process `syz.3.540'. [ 236.589663][ T26] audit: type=1326 audit(3905007888.060:231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6251 comm="syz.0.544" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f436acddba9 code=0x0 [ 236.663402][ T6249] pit: kvm: requested 5866 ns i8254 timer period limited to 200000 ns [ 236.996364][ T6259] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 237.036709][ T6260] loop0: detected capacity change from 0 to 1024 [ 237.070299][ T6259] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 237.123596][ T6262] loop2: detected capacity change from 0 to 8192 [ 237.191492][ T6262] vfat filesystem being mounted at /102/file0 supports timestamps until 2107-12-31 (0x10391447e) [ 238.973133][ T6288] netlink: 4 bytes leftover after parsing attributes in process `syz.4.554'. [ 240.379406][ T6281] netlink: 20 bytes leftover after parsing attributes in process `syz.0.551'. [ 241.902629][ T6293] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 242.059958][ T6293] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 242.281482][ T6293] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 242.406336][ T6308] loop2: detected capacity change from 0 to 1024 [ 242.477053][ T6293] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 242.894868][ T6293] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 243.236509][ T6293] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 243.284617][ T6293] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 243.326099][ T6293] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 244.765883][ T6340] cgroup: noprefix used incorrectly [ 245.306990][ T6344] loop2: detected capacity change from 0 to 8192 [ 245.380546][ T6344] vfat filesystem being mounted at /106/file0 supports timestamps until 2107-12-31 (0x10391447e) [ 246.883128][ T6357] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 246.896824][ T6359] loop2: detected capacity change from 0 to 1024 [ 247.897105][ T6366] netdevsim netdevsim1: Direct firmware load for @ failed with error -2 [ 247.927297][ T6366] netdevsim netdevsim1: Falling back to sysfs fallback for: @ [ 248.101881][ T6374] loop3: detected capacity change from 0 to 512 [ 248.442324][ T6374] EXT4-fs (loop3): mounted filesystem without journal. Opts: grpquota,nogrpid,quota,,errors=continue. Quota mode: writeback. [ 248.457335][ T6374] ext4 filesystem being mounted at /126/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 248.613264][ T6384] cgroup: noprefix used incorrectly [ 249.270456][ T6386] loop4: detected capacity change from 0 to 8192 [ 249.354015][ T6386] vfat filesystem being mounted at /110/file0 supports timestamps until 2107-12-31 (0x10391447e) [ 250.177581][ T6365] syz.0.575 (6365): drop_caches: 1 [ 250.743642][ T6401] loop2: detected capacity change from 0 to 256 [ 250.808638][ T6401] exfat: Deprecated parameter 'utf8' [ 250.814101][ T6401] exfat: Deprecated parameter 'utf8' [ 250.855332][ T6401] exfat: Deprecated parameter 'utf8' [ 250.894996][ T6403] loop4: detected capacity change from 0 to 1024 [ 250.937466][ T6401] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xabf88b1f, utbl_chksum : 0xe619d30d) [ 250.978999][ T6401] exfat filesystem being mounted at /112/file1 supports timestamps until 2107-12-31 (0x10391447f) [ 251.127885][ T26] audit: type=1804 audit(3905007902.570:232): pid=6408 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.585" name="/newroot/112/file1/bus" dev="loop2" ino=1048653 res=1 errno=0 [ 252.776224][ T6428] loop4: detected capacity change from 0 to 8192 [ 252.865784][ T6428] vfat filesystem being mounted at /113/file0 supports timestamps until 2107-12-31 (0x10391447e) [ 253.190882][ T6430] netdevsim netdevsim3: Direct firmware load for @ failed with error -2 [ 253.218637][ T6430] netdevsim netdevsim3: Falling back to sysfs fallback for: @ [ 253.624750][ T4238] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 253.864317][ T6438] cgroup: noprefix used incorrectly [ 253.870073][ T4238] usb 5-1: Using ep0 maxpacket: 32 [ 253.988134][ T4238] usb 5-1: config 0 has no interfaces? [ 254.148052][ T4238] usb 5-1: New USB device found, idVendor=108c, idProduct=dd68, bcdDevice=84.5c [ 254.161759][ T4238] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 254.170317][ T4238] usb 5-1: Product: syz [ 254.174788][ T4238] usb 5-1: Manufacturer: syz [ 254.179944][ T4238] usb 5-1: SerialNumber: syz [ 254.196541][ T4238] usb 5-1: config 0 descriptor?? [ 254.466710][ T4238] usb 5-1: USB disconnect, device number 8 [ 255.003569][ T6446] md2: error: bitmap file must be a regular file [ 255.097485][ T6449] loop4: detected capacity change from 0 to 256 [ 255.141587][ T6451] loop2: detected capacity change from 0 to 512 [ 255.180594][ T6449] exfat: Deprecated parameter 'utf8' [ 255.187978][ T6449] exfat: Deprecated parameter 'utf8' [ 255.230750][ T6449] exfat: Deprecated parameter 'utf8' [ 255.305976][ T6449] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xabf88b1f, utbl_chksum : 0xe619d30d) [ 255.354198][ T6449] exfat filesystem being mounted at /115/file1 supports timestamps until 2107-12-31 (0x10391447f) [ 255.417090][ T6451] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpquota,nogrpid,quota,,errors=continue. Quota mode: writeback. [ 255.546254][ T26] audit: type=1804 audit(3905007906.960:233): pid=6459 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.601" name="/newroot/115/file1/bus" dev="loop4" ino=1048657 res=1 errno=0 [ 255.588051][ T6451] ext4 filesystem being mounted at /117/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 255.730813][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.801958][ T6466] loop0: detected capacity change from 0 to 512 [ 255.923191][ T6466] EXT4-fs (loop0): Mount option "noload" incompatible with ext2 [ 256.787372][ T6483] loop3: detected capacity change from 0 to 8192 [ 257.056466][ T6483] vfat filesystem being mounted at /131/file0 supports timestamps until 2107-12-31 (0x10391447e) [ 258.228202][ T6488] 9pnet_virtio: no channels available for device syz [ 258.428915][ T6490] netdevsim netdevsim3: Direct firmware load for @ failed with error -2 [ 258.523394][ T6490] netdevsim netdevsim3: Falling back to sysfs fallback for: @ [ 259.741765][ T6510] netlink: 4 bytes leftover after parsing attributes in process `syz.1.617'. [ 262.689811][ T6520] cgroup: noprefix used incorrectly [ 263.391916][ T6534] loop3: detected capacity change from 0 to 512 [ 263.445846][ T6534] EXT4-fs (loop3): Mount option "noload" incompatible with ext2 [ 263.711280][ T6536] loop2: detected capacity change from 0 to 8192 [ 263.822913][ T6536] vfat filesystem being mounted at /121/file0 supports timestamps until 2107-12-31 (0x10391447e) [ 265.145867][ T6549] loop2: detected capacity change from 0 to 512 [ 265.390966][ T6549] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpquota,nogrpid,quota,,errors=continue. Quota mode: writeback. [ 265.527986][ T6549] ext4 filesystem being mounted at /124/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 265.573550][ T6556] lo speed is unknown, defaulting to 1000 [ 266.837038][ T6567] netlink: 4 bytes leftover after parsing attributes in process `syz.1.633'. [ 269.364230][ T6571] binder: 6570:6571 ioctl c0306201 200000000080 returned -14 [ 269.418268][ T6571] binder: BINDER_SET_CONTEXT_MGR already set [ 269.424753][ T6571] binder: 6570:6571 ioctl 4018620d 200000000040 returned -16 [ 269.569829][ T6575] loop3: detected capacity change from 0 to 1024 [ 270.246638][ T6589] 9p filesystem being mounted at /120/file0 supports timestamps until 2106-02-07 (0xffffffff) [ 270.279042][ T6590] loop4: detected capacity change from 0 to 8192 [ 270.399071][ T6590] vfat filesystem being mounted at /124/file0 supports timestamps until 2107-12-31 (0x10391447e) [ 270.781236][ T6598] netlink: 14 bytes leftover after parsing attributes in process `syz.1.645'. [ 272.206021][ T6598] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 272.256407][ T6598] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 272.277421][ T6598] bond0 (unregistering): Released all slaves [ 272.455227][ T6613] cgroup: noprefix used incorrectly [ 272.743464][ T6608] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer. [ 273.106010][ T6628] netlink: 4 bytes leftover after parsing attributes in process `syz.2.653'. [ 273.537403][ T6626] loop3: detected capacity change from 0 to 1024 [ 274.408959][ T6641] netdevsim netdevsim1: Direct firmware load for @ failed with error -2 [ 274.461814][ T6641] netdevsim netdevsim1: Falling back to sysfs fallback for: @ [ 275.711797][ T6653] loop2: detected capacity change from 0 to 8192 [ 275.846804][ T6653] vfat filesystem being mounted at /130/file0 supports timestamps until 2107-12-31 (0x10391447e) [ 276.989774][ T6665] loop4: detected capacity change from 0 to 1024 [ 277.200311][ T6667] cgroup: noprefix used incorrectly [ 277.631732][ T6672] netlink: 4 bytes leftover after parsing attributes in process `syz.0.667'. [ 279.059931][ T6655] lo speed is unknown, defaulting to 1000 [ 279.727141][ T6675] binder: 6674:6675 ioctl c0306201 200000000080 returned -14 [ 279.984917][ T6678] tmpfs: Unknown parameter 'usrquota' [ 280.499691][ T6683] loop1: detected capacity change from 0 to 256 [ 280.564815][ T6683] exfat: Deprecated parameter 'utf8' [ 280.577901][ T6683] exfat: Deprecated parameter 'utf8' [ 280.604736][ T6683] exfat: Deprecated parameter 'utf8' [ 280.641983][ T6683] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xabf88b1f, utbl_chksum : 0xe619d30d) [ 280.688954][ T6683] exfat filesystem being mounted at /124/file1 supports timestamps until 2107-12-31 (0x10391447f) [ 280.881646][ T26] audit: type=1804 audit(3905007932.350:234): pid=6688 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.672" name="/newroot/124/file1/bus" dev="loop1" ino=1048667 res=1 errno=0 [ 281.345723][ T6697] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 281.743447][ T6705] loop4: detected capacity change from 0 to 8192 [ 281.834942][ T6705] vfat filesystem being mounted at /134/file0 supports timestamps until 2107-12-31 (0x10391447e) [ 281.989702][ T6707] loop1: detected capacity change from 0 to 1024 [ 283.054149][ T6723] loop2: detected capacity change from 0 to 1024 [ 284.021063][ T6729] loop3: detected capacity change from 0 to 256 [ 284.028325][ T6730] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 284.028401][ T384] hfsplus: b-tree write err: -5, ino 4 [ 284.074693][ T6730] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 284.079024][ T6729] exfat: Deprecated parameter 'utf8' [ 284.117903][ T6729] exfat: Deprecated parameter 'utf8' [ 284.125913][ T6729] exfat: Deprecated parameter 'utf8' [ 284.161433][ T6729] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xabf88b1f, utbl_chksum : 0xe619d30d) [ 284.224643][ T6729] exfat filesystem being mounted at /149/file1 supports timestamps until 2107-12-31 (0x10391447f) [ 284.382339][ T26] audit: type=1804 audit(3905007935.850:235): pid=6741 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.689" name="/newroot/149/file1/bus" dev="loop3" ino=1048671 res=1 errno=0 [ 284.467112][ T6743] loop2: detected capacity change from 0 to 1024 [ 284.789408][ T6745] loop4: detected capacity change from 0 to 8192 [ 285.077853][ T6745] vfat filesystem being mounted at /137/file0 supports timestamps until 2107-12-31 (0x10391447e) [ 285.615787][ T6759] loop3: detected capacity change from 0 to 1024 [ 285.664790][ T6761] loop2: detected capacity change from 0 to 512 [ 285.905554][ T4287] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 285.949652][ T6761] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpquota,nogrpid,quota,,errors=continue. Quota mode: writeback. [ 286.160285][ T6761] ext4 filesystem being mounted at /138/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 286.695949][ T4382] hfsplus: b-tree write err: -5, ino 4 [ 286.938024][ T4287] usb 5-1: config index 0 descriptor too short (expected 23569, got 27) [ 286.952566][ T4287] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 287.328114][ T4287] usb 5-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 287.341847][ T4287] usb 5-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 287.506340][ T4287] usb 5-1: Manufacturer: syz [ 287.521944][ T4287] usb 5-1: config 0 descriptor?? [ 287.667984][ T4287] rc_core: IR keymap rc-hauppauge not found [ 287.680677][ T4287] Registered IR keymap rc-empty [ 287.699125][ T4287] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0 [ 287.741318][ T4287] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input8 [ 287.829528][ T4287] usb 5-1: USB disconnect, device number 9 [ 288.853889][ T6784] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 288.967894][ T6787] netlink: 20 bytes leftover after parsing attributes in process `syz.4.705'. [ 289.426986][ T6784] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 289.868432][ T6792] loop4: detected capacity change from 0 to 1024 [ 290.385552][ T6797] netlink: 'syz.1.708': attribute type 10 has an invalid length. [ 290.448058][ T6797] device syz_tun entered promiscuous mode [ 290.606962][ T6804] loop4: detected capacity change from 0 to 256 [ 290.690390][ T6807] loop3: detected capacity change from 0 to 8192 [ 290.702978][ T6804] exfat: Deprecated parameter 'utf8' [ 290.708400][ T6804] exfat: Deprecated parameter 'utf8' [ 290.713724][ T6804] exfat: Deprecated parameter 'utf8' [ 290.725717][ T6808] netlink: 68 bytes leftover after parsing attributes in process `syz.1.712'. [ 290.790101][ T6804] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xabf88b1f, utbl_chksum : 0xe619d30d) [ 290.808921][ T6807] vfat filesystem being mounted at /153/file0 supports timestamps until 2107-12-31 (0x10391447e) [ 290.877930][ T6504] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 290.995310][ T6804] exfat filesystem being mounted at /142/file1 supports timestamps until 2107-12-31 (0x10391447f) [ 291.127106][ T26] audit: type=1804 audit(3905007942.590:236): pid=6810 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.711" name="/newroot/142/file1/bus" dev="loop4" ino=1048675 res=1 errno=0 [ 291.309629][ T6504] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 291.352049][ T6504] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 4 [ 291.497865][ T6504] usb 3-1: New USB device found, idVendor=05ac, idProduct=921c, bcdDevice=9d.fb [ 291.542778][ T6504] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 291.626307][ T6504] usb 3-1: config 0 descriptor?? [ 292.252315][ T4238] usb 3-1: USB disconnect, device number 3 [ 292.907410][ T6832] loop2: detected capacity change from 0 to 1024 [ 293.861234][ T6850] loop3: detected capacity change from 0 to 8192 [ 294.027686][ T6852] loop1: detected capacity change from 0 to 256 [ 294.034262][ T6850] vfat filesystem being mounted at /156/file0 supports timestamps until 2107-12-31 (0x10391447e) [ 294.138443][ T6852] exfat: Deprecated parameter 'utf8' [ 294.144001][ T6852] exfat: Deprecated parameter 'utf8' [ 294.187932][ T6852] exfat: Deprecated parameter 'utf8' [ 294.230666][ T6852] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xabf88b1f, utbl_chksum : 0xe619d30d) [ 294.268300][ T6852] exfat filesystem being mounted at /137/file1 supports timestamps until 2107-12-31 (0x10391447f) [ 294.364472][ T6855] netdevsim netdevsim4: Direct firmware load for @ failed with error -2 [ 294.414150][ T6855] netdevsim netdevsim4: Falling back to sysfs fallback for: @ [ 294.429556][ T26] audit: type=1804 audit(3905007945.900:237): pid=6852 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.725" name="/newroot/137/file1/bus" dev="loop1" ino=1048678 res=1 errno=0 [ 294.454578][ T6858] loop2: detected capacity change from 0 to 512 [ 294.700397][ T6858] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpquota,nogrpid,quota,,errors=continue. Quota mode: writeback. [ 294.748949][ T6858] ext4 filesystem being mounted at /145/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 295.266432][ T6877] tmpfs: Unknown parameter 'quota' [ 297.164900][ T6882] loop1: detected capacity change from 0 to 1024 [ 298.027853][ T4240] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 298.287796][ T4240] usb 2-1: Using ep0 maxpacket: 16 [ 298.427929][ T4240] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 298.453555][ T4240] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 298.467993][ T4240] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 298.491731][ T4240] usb 2-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 298.533239][ T4240] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 298.568552][ T4240] usb 2-1: config 0 descriptor?? [ 298.905646][ T6903] loop4: detected capacity change from 0 to 256 [ 298.940304][ T6903] exfat: Deprecated parameter 'utf8' [ 298.945857][ T6903] exfat: Deprecated parameter 'utf8' [ 298.974450][ T6903] exfat: Deprecated parameter 'utf8' [ 299.026578][ T6903] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xabf88b1f, utbl_chksum : 0xe619d30d) [ 299.041839][ T4240] hid-generic 0003:0955:7214.0006: unknown main item tag 0x0 [ 299.057842][ T4240] hid-generic 0003:0955:7214.0006: unknown main item tag 0x0 [ 299.098273][ T4240] hid-generic 0003:0955:7214.0006: unknown main item tag 0x0 [ 299.106669][ T6903] exfat filesystem being mounted at /147/file1 supports timestamps until 2107-12-31 (0x10391447f) [ 299.123829][ T4240] hid-generic 0003:0955:7214.0006: unknown main item tag 0x0 [ 299.131905][ T4240] hid-generic 0003:0955:7214.0006: unknown main item tag 0x0 [ 299.147454][ T6906] lo speed is unknown, defaulting to 1000 [ 299.148989][ T4240] hid-generic 0003:0955:7214.0006: hidraw0: USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.1-1/input0 [ 299.253514][ T4185] usb 2-1: USB disconnect, device number 4 [ 299.261135][ T26] audit: type=1804 audit(3905007950.730:238): pid=6912 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.739" name="/newroot/147/file1/bus" dev="loop4" ino=1048680 res=1 errno=0 [ 299.354935][ T4430] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 299.377025][ T6915] loop2: detected capacity change from 0 to 8192 [ 299.455123][ T6915] vfat filesystem being mounted at /147/file0 supports timestamps until 2107-12-31 (0x10391447e) [ 299.815061][ T4430] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 299.908482][ T4430] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 299.918942][ T6918] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 299.961011][ T6918] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 299.970991][ T6920] netlink: 'syz.2.742': attribute type 10 has an invalid length. [ 299.991192][ T6911] fido_id[6911]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 300.034676][ T6920] 8021q: adding VLAN 0 to HW filter on device team0 [ 300.065327][ T6920] bond0: (slave team0): Enslaving as an active interface with an up link [ 300.134110][ T4430] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 300.411883][ T6906] chnl_net:caif_netlink_parms(): no params data found [ 300.467880][ T4240] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 300.515126][ T6934] 9pnet: Insufficient options for proto=fd [ 300.589566][ T6906] bridge0: port 1(bridge_slave_0) entered blocking state [ 300.616480][ T6906] bridge0: port 1(bridge_slave_0) entered disabled state [ 300.643179][ T6906] device bridge_slave_0 entered promiscuous mode [ 300.685896][ T6906] bridge0: port 2(bridge_slave_1) entered blocking state [ 300.715446][ T6906] bridge0: port 2(bridge_slave_1) entered disabled state [ 300.737890][ T4240] usb 3-1: Using ep0 maxpacket: 8 [ 300.775611][ T6906] device bridge_slave_1 entered promiscuous mode [ 300.878161][ T4240] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 300.906766][ T4240] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 300.929159][ T4240] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 65535, setting to 1024 [ 300.951848][ T4240] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 300.964668][ T6906] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 300.971270][ T4240] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 301.007970][ T4240] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 301.021442][ T6906] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 301.028614][ T4240] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 301.168101][ T4238] Bluetooth: hci2: command 0x0409 tx timeout [ 301.200807][ T6906] team0: Port device team_slave_0 added [ 301.241539][ T6906] team0: Port device team_slave_1 added [ 301.328058][ T4240] usb 3-1: GET_CAPABILITIES returned 0 [ 301.333649][ T4240] usbtmc 3-1:16.0: can't read capabilities [ 301.419493][ T6906] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 301.445276][ T6906] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 301.531874][ T4240] usb 3-1: USB disconnect, device number 4 [ 301.567095][ T6906] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 301.643382][ T6906] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 301.654449][ T6906] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 301.689246][ T6906] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 301.796517][ T6906] device hsr_slave_0 entered promiscuous mode [ 301.825941][ T6966] loop1: detected capacity change from 0 to 8192 [ 301.857168][ T6906] device hsr_slave_1 entered promiscuous mode [ 301.875829][ T6906] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 301.885967][ T6906] Cannot create hsr debugfs directory [ 301.940837][ T6966] vfat filesystem being mounted at /146/file0 supports timestamps until 2107-12-31 (0x10391447e) [ 302.279359][ T6973] loop4: detected capacity change from 0 to 256 [ 302.318275][ T6973] exfat: Deprecated parameter 'utf8' [ 302.323635][ T6973] exfat: Deprecated parameter 'utf8' [ 302.397896][ T6973] exfat: Deprecated parameter 'utf8' [ 302.448771][ T6973] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xabf88b1f, utbl_chksum : 0xe619d30d) [ 302.628999][ T6973] exfat filesystem being mounted at /151/file1 supports timestamps until 2107-12-31 (0x10391447f) [ 302.751366][ T26] audit: type=1804 audit(3905007954.220:239): pid=6980 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.754" name="/newroot/151/file1/bus" dev="loop4" ino=1048686 res=1 errno=0 [ 302.876994][ T4430] device hsr_slave_0 left promiscuous mode [ 302.942923][ T4430] device hsr_slave_1 left promiscuous mode [ 302.958695][ T4430] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 303.250166][ T6991] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 303.257881][ T4430] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 303.277095][ T6504] Bluetooth: hci2: command 0x041b tx timeout [ 303.287155][ T4430] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 303.313059][ T4430] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 303.321066][ T6990] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 303.395043][ T4430] device bridge_slave_1 left promiscuous mode [ 303.436122][ T4430] bridge0: port 2(bridge_slave_1) entered disabled state [ 304.286676][ T4430] device bridge_slave_0 left promiscuous mode [ 304.299888][ T4430] bridge0: port 1(bridge_slave_0) entered disabled state [ 304.383617][ T7004] tmpfs: Unknown parameter 'usrquota' [ 304.435871][ T4430] device veth1_macvtap left promiscuous mode [ 304.448908][ T4430] device veth0_macvtap left promiscuous mode [ 304.458708][ T4430] device veth1_vlan left promiscuous mode [ 304.464710][ T4430] device veth0_vlan left promiscuous mode [ 304.468604][ T7006] netlink: 16 bytes leftover after parsing attributes in process `syz.1.760'. [ 304.717994][ T4259] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 304.985343][ T4430] team0 (unregistering): Port device team_slave_1 removed [ 305.008107][ T4259] usb 5-1: Using ep0 maxpacket: 8 [ 305.016686][ T4430] team0 (unregistering): Port device team_slave_0 removed [ 305.043567][ T4430] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 305.067613][ T4430] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 305.148022][ T4259] usb 5-1: config 16 has an invalid descriptor of length 255, skipping remainder of the config [ 305.167790][ T4259] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 305.197179][ T4259] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 305.208426][ T4259] usb 5-1: config 16 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 305.225927][ T4430] bond0 (unregistering): Released all slaves [ 305.237878][ T4259] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 305.247214][ T4259] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 305.309014][ T4259] usbtmc 5-1:16.0: bulk endpoints not found [ 305.324156][ T4240] Bluetooth: hci2: command 0x040f tx timeout [ 305.423543][ T6906] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 305.459822][ T6906] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 305.504197][ T6906] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 305.555735][ T6906] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 305.798027][ T4185] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 305.825107][ T6906] 8021q: adding VLAN 0 to HW filter on device bond0 [ 305.833551][ T7039] loop1: detected capacity change from 0 to 8192 [ 305.851800][ T4382] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 305.873826][ T4382] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 305.902904][ T7039] vfat filesystem being mounted at /150/file0 supports timestamps until 2107-12-31 (0x10391447e) [ 305.926209][ T6906] 8021q: adding VLAN 0 to HW filter on device team0 [ 305.974318][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 306.004032][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 306.032173][ T154] bridge0: port 1(bridge_slave_0) entered blocking state [ 306.039370][ T154] bridge0: port 1(bridge_slave_0) entered forwarding state [ 306.047819][ T4185] usb 3-1: Using ep0 maxpacket: 16 [ 306.074911][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 306.108453][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 306.138539][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 306.168127][ T4185] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 306.182961][ T4185] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 306.192947][ T154] bridge0: port 2(bridge_slave_1) entered blocking state [ 306.200128][ T154] bridge0: port 2(bridge_slave_1) entered forwarding state [ 306.228713][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 306.273177][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 306.312481][ T7052] loop3: detected capacity change from 0 to 256 [ 306.323789][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 306.345464][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 306.378029][ T4185] usb 3-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6 [ 306.394993][ T4185] usb 3-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 306.405377][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 306.426216][ T4185] usb 3-1: Product: syz [ 306.431436][ T7052] exfat: Deprecated parameter 'utf8' [ 306.439268][ T7052] exfat: Deprecated parameter 'utf8' [ 306.449164][ T4185] usb 3-1: Manufacturer: syz [ 306.452250][ T4224] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 306.460108][ T7052] exfat: Deprecated parameter 'utf8' [ 306.477949][ T4185] usb 3-1: SerialNumber: syz [ 306.500069][ T7052] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xabf88b1f, utbl_chksum : 0xe619d30d) [ 306.509664][ T4224] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 306.512633][ T4185] usb 3-1: config 0 descriptor?? [ 306.549875][ T7052] exfat filesystem being mounted at /165/file1 supports timestamps until 2107-12-31 (0x10391447f) [ 306.567360][ T4224] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 306.582236][ T4224] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 306.807594][ T26] audit: type=1804 audit(3905007958.270:240): pid=7052 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.768" name="/newroot/165/file1/bus" dev="loop3" ino=1048690 res=1 errno=0 [ 306.835204][ T4185] usb 3-1: USB disconnect, device number 5 [ 306.890823][ T6906] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 307.114425][ T6906] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 307.168727][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 307.178081][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 307.446323][ T4259] Bluetooth: hci2: command 0x0419 tx timeout [ 307.817800][ T23] usb 5-1: USB disconnect, device number 10 [ 309.762495][ T384] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 309.807559][ T384] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 310.074613][ T6906] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 310.432054][ T7088] loop4: detected capacity change from 0 to 512 [ 310.569330][ T7088] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpquota,nogrpid,quota,,errors=continue. Quota mode: writeback. [ 310.675039][ T7088] ext4 filesystem being mounted at /156/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 310.686329][ T7098] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 310.852283][ T7098] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 311.202809][ T384] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 311.231634][ T384] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 311.330334][ T6906] device veth0_vlan entered promiscuous mode [ 311.433509][ T384] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 311.508634][ T384] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 311.517306][ T384] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 311.559456][ T384] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 311.600167][ T7118] program syz.2.775 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 311.600297][ T6906] device veth1_vlan entered promiscuous mode [ 311.684726][ T7120] loop3: detected capacity change from 0 to 8192 [ 311.699368][ T7113] device syzkaller1 entered promiscuous mode [ 311.788305][ T4224] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 311.813473][ T7120] vfat filesystem being mounted at /167/file0 supports timestamps until 2107-12-31 (0x10391447e) [ 311.817057][ T4224] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 311.898587][ T4224] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 311.960576][ T4224] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 311.995839][ T6906] device veth0_macvtap entered promiscuous mode [ 312.023508][ T6906] device veth1_macvtap entered promiscuous mode [ 312.129525][ T6906] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 312.187758][ T6906] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 312.234081][ T6906] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 312.271055][ T6906] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 312.297762][ T6906] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 312.337795][ T6906] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 312.367830][ T6906] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 312.410112][ T6906] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 312.445854][ T6906] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 312.492896][ T6906] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 312.585251][ T6906] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 312.640680][ T7134] loop3: detected capacity change from 0 to 256 [ 312.643053][ T6906] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 312.685054][ T7134] exfat: Deprecated parameter 'utf8' [ 312.720122][ T7134] exfat: Deprecated parameter 'utf8' [ 312.728629][ T6906] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 312.735848][ T7134] exfat: Deprecated parameter 'utf8' [ 312.767492][ T6906] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 312.814659][ T6906] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 312.837822][ T6906] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 312.867902][ T6906] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 312.898261][ T6906] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 312.905998][ T384] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 312.928547][ T7134] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xabf88b1f, utbl_chksum : 0xe619d30d) [ 312.943833][ T384] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 312.975681][ T384] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 312.988676][ T7134] exfat filesystem being mounted at /168/file1 supports timestamps until 2107-12-31 (0x10391447f) [ 313.038576][ T384] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 313.096841][ T384] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 313.117146][ T26] audit: type=1804 audit(3905007964.580:241): pid=7142 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.781" name="/newroot/168/file1/bus" dev="loop3" ino=1048694 res=1 errno=0 [ 313.152805][ T384] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 313.192745][ T6906] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 313.222634][ T6906] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 313.303853][ T6906] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 313.367463][ T6906] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 313.695253][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 313.727362][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 313.773308][ T384] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 313.868186][ T384] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 313.876608][ T384] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 313.945080][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 314.248410][ T7160] loop3: detected capacity change from 0 to 512 [ 314.349840][ T7160] EXT4-fs (loop3): mounted filesystem without journal. Opts: grpquota,nogrpid,quota,,errors=continue. Quota mode: writeback. [ 314.514669][ T7160] ext4 filesystem being mounted at /171/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 315.753542][ T7176] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3) [ 315.760549][ T7176] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 316.017817][ T4240] usb 3-1: new low-speed USB device number 6 using dummy_hcd [ 316.150270][ T7176] vhci_hcd vhci_hcd.0: Device attached [ 316.319584][ T4259] vhci_hcd: vhci_device speed not set [ 316.398848][ T4259] usb 37-1: new full-speed USB device number 2 using vhci_hcd [ 316.518417][ T4240] usb 3-1: config 0 has no interfaces? [ 316.524869][ T4240] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 316.663961][ T4240] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 316.878516][ T4240] usb 3-1: config 0 descriptor?? [ 317.161952][ T1422] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.437449][ T4240] usb 3-1: USB disconnect, device number 6 [ 317.480529][ T7179] vhci_hcd: connection closed [ 317.485518][ T384] vhci_hcd: stop threads [ 317.498165][ T4259] vhci_hcd: vhci_device speed not set [ 317.567961][ T4259] usb 37-1: device descriptor read/64, error -71 [ 317.652947][ T384] vhci_hcd: release socket [ 317.772274][ T384] vhci_hcd: disconnect device [ 317.850602][ T4259] vhci_hcd: vhci_device speed not set [ 318.963305][ T7189] loop4: detected capacity change from 0 to 512 [ 319.139437][ T7189] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpquota,nogrpid,quota,,errors=continue. Quota mode: writeback. [ 319.206522][ T7196] loop2: detected capacity change from 0 to 8192 [ 319.217572][ T7189] ext4 filesystem being mounted at /158/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 319.460524][ T7187] [ 319.462905][ T7187] ====================================================== [ 319.470025][ T7187] WARNING: possible circular locking dependency detected [ 319.477070][ T7187] syzkaller #0 Not tainted [ 319.477129][ T7196] vfat filesystem being mounted at /159/file0 supports timestamps until 2107-12-31 (0x10391447e) [ 319.481500][ T7187] ------------------------------------------------------ [ 319.481509][ T7187] syz.1.788/7187 is trying to acquire lock: [ 319.481520][ T7187] ffff88807c130c28 ((work_completion)(&hdev->bg_scan_update)){+.+.}-{0:0}, at: __flush_work+0xc1/0x1b0 [ 319.515986][ T7187] [ 319.515986][ T7187] but task is already holding lock: [ 319.523371][ T7187] ffffffff8d4c01a8 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0x19e/0x560 [ 319.533093][ T7187] [ 319.533093][ T7187] which lock already depends on the new lock. [ 319.533093][ T7187] [ 319.543499][ T7187] [ 319.543499][ T7187] the existing dependency chain (in reverse order) is: [ 319.552508][ T7187] [ 319.552508][ T7187] -> #4 (rfkill_global_mutex){+.+.}-{3:3}: [ 319.560507][ T7187] __mutex_lock_common+0x1eb/0x2390 [ 319.566232][ T7187] mutex_lock_nested+0x17/0x20 [ 319.571648][ T7187] rfkill_register+0x33/0x8a0 [ 319.576852][ T7187] hci_register_dev+0x452/0x970 [ 319.582226][ T7187] vhci_create_device+0x32c/0x5c0 [ 319.587773][ T7187] vhci_write+0x391/0x450 [ 319.592654][ T7187] vfs_write+0x712/0xd00 [ 319.597524][ T7187] ksys_write+0x14d/0x250 [ 319.602373][ T7187] do_syscall_64+0x4c/0xa0 [ 319.607306][ T7187] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 319.613718][ T7187] [ 319.613718][ T7187] -> #3 (&data->open_mutex){+.+.}-{3:3}: [ 319.621533][ T7187] __mutex_lock_common+0x1eb/0x2390 [ 319.627259][ T7187] mutex_lock_nested+0x17/0x20 [ 319.632655][ T7187] vhci_send_frame+0x88/0x100 [ 319.637859][ T7187] hci_send_frame+0x1a9/0x2e0 [ 319.643068][ T7187] hci_tx_work+0x9f9/0x1710 [ 319.648092][ T7187] process_one_work+0x863/0x1000 [ 319.653547][ T7187] worker_thread+0xaa8/0x12a0 [ 319.658746][ T7187] kthread+0x436/0x520 [ 319.663337][ T7187] ret_from_fork+0x1f/0x30 [ 319.668271][ T7187] [ 319.668271][ T7187] -> #2 ((work_completion)(&hdev->tx_work)){+.+.}-{0:0}: [ 319.677482][ T7187] __flush_work+0xdd/0x1b0 [ 319.682426][ T7187] hci_dev_do_close+0x1e7/0x1030 [ 319.687888][ T7187] hci_dev_close+0xd7/0x180 [ 319.692907][ T7187] sock_do_ioctl+0xd3/0x2f0 [ 319.697947][ T7187] sock_ioctl+0x4ed/0x6e0 [ 319.702806][ T7187] __se_sys_ioctl+0xfa/0x170 [ 319.707928][ T7187] do_syscall_64+0x4c/0xa0 [ 319.713041][ T7187] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 319.719479][ T7187] [ 319.719479][ T7187] -> #1 (&hdev->req_lock){+.+.}-{3:3}: [ 319.727210][ T7187] __mutex_lock_common+0x1eb/0x2390 [ 319.732950][ T7187] mutex_lock_nested+0x17/0x20 [ 319.738403][ T7187] bg_scan_update+0x44/0x3b0 [ 319.743618][ T7187] process_one_work+0x863/0x1000 [ 319.749070][ T7187] worker_thread+0xaa8/0x12a0 [ 319.754265][ T7187] kthread+0x436/0x520 [ 319.759040][ T7187] ret_from_fork+0x1f/0x30 [ 319.763980][ T7187] [ 319.763980][ T7187] -> #0 ((work_completion)(&hdev->bg_scan_update)){+.+.}-{0:0}: [ 319.773802][ T7187] __lock_acquire+0x2c33/0x7c60 [ 319.779177][ T7187] lock_acquire+0x197/0x3f0 [ 319.784196][ T7187] __flush_work+0xdd/0x1b0 [ 319.789125][ T7187] __cancel_work_timer+0x3ac/0x520 [ 319.794758][ T7187] hci_request_cancel_all+0xcc/0x300 [ 319.800647][ T7187] hci_dev_do_close+0x4e/0x1030 [ 319.806011][ T7187] hci_rfkill_set_block+0x10a/0x190 [ 319.811729][ T7187] rfkill_set_block+0x1c6/0x420 [ 319.817098][ T7187] rfkill_fop_write+0x458/0x560 [ 319.822479][ T7187] vfs_write+0x300/0xd00 [ 319.827235][ T7187] ksys_write+0x14d/0x250 [ 319.832102][ T7187] do_syscall_64+0x4c/0xa0 [ 319.837035][ T7187] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 319.843448][ T7187] [ 319.843448][ T7187] other info that might help us debug this: [ 319.843448][ T7187] [ 319.853686][ T7187] Chain exists of: [ 319.853686][ T7187] (work_completion)(&hdev->bg_scan_update) --> &data->open_mutex --> rfkill_global_mutex [ 319.853686][ T7187] [ 319.869400][ T7187] Possible unsafe locking scenario: [ 319.869400][ T7187] [ 319.876840][ T7187] CPU0 CPU1 [ 319.882195][ T7187] ---- ---- [ 319.887549][ T7187] lock(rfkill_global_mutex); [ 319.892308][ T7187] lock(&data->open_mutex); [ 319.899416][ T7187] lock(rfkill_global_mutex); [ 319.906699][ T7187] lock((work_completion)(&hdev->bg_scan_update)); [ 319.913289][ T7187] [ 319.913289][ T7187] *** DEADLOCK *** [ 319.913289][ T7187] [ 319.921542][ T7187] 1 lock held by syz.1.788/7187: [ 319.926557][ T7187] #0: ffffffff8d4c01a8 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0x19e/0x560 [ 319.936733][ T7187] [ 319.936733][ T7187] stack backtrace: [ 319.942752][ T7187] CPU: 0 PID: 7187 Comm: syz.1.788 Not tainted syzkaller #0 [ 319.950072][ T7187] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 319.960445][ T7187] Call Trace: [ 319.963732][ T7187] [ 319.966727][ T7187] dump_stack_lvl+0x168/0x230 [ 319.971423][ T7187] ? load_image+0x3b0/0x3b0 [ 319.975936][ T7187] ? show_regs_print_info+0x20/0x20 [ 319.981148][ T7187] ? print_circular_bug+0x12b/0x1a0 [ 319.986361][ T7187] check_noncircular+0x274/0x310 [ 319.991324][ T7187] ? add_chain_block+0x940/0x940 [ 319.996278][ T7187] ? lockdep_lock+0xdc/0x1e0 [ 320.000884][ T7187] ? __lock_acquire+0x12d9/0x7c60 [ 320.005932][ T7187] ? lockdep_lock+0x1e0/0x1e0 [ 320.010614][ T7187] ? mark_lock+0x94/0x320 [ 320.014949][ T7187] __lock_acquire+0x2c33/0x7c60 [ 320.019836][ T7187] ? add_lock_to_list+0x18d/0x280 [ 320.024991][ T7187] ? __lock_acquire+0x289d/0x7c60 [ 320.030027][ T7187] ? verify_lock_unused+0x140/0x140 [ 320.035254][ T7187] lock_acquire+0x197/0x3f0 [ 320.039788][ T7187] ? __flush_work+0xc1/0x1b0 [ 320.044402][ T7187] ? __lock_acquire+0x7c60/0x7c60 [ 320.049443][ T7187] ? read_lock_is_recursive+0x10/0x10 [ 320.054839][ T7187] ? start_flush_work+0x776/0x820 [ 320.059961][ T7187] __flush_work+0xdd/0x1b0 [ 320.064380][ T7187] ? __flush_work+0xc1/0x1b0 [ 320.068976][ T7187] ? flush_work+0x20/0x20 [ 320.073314][ T7187] ? try_to_grab_pending+0xf3/0x7e0 [ 320.078530][ T7187] ? lockdep_hardirqs_off+0x70/0x100 [ 320.083851][ T7187] ? mark_lock+0x94/0x320 [ 320.088185][ T7187] ? lockdep_hardirqs_on_prepare+0x3fc/0x760 [ 320.094169][ T7187] ? lock_chain_count+0x20/0x20 [ 320.099027][ T7187] ? _raw_spin_unlock_irqrestore+0xaa/0x100 [ 320.104924][ T7187] ? _raw_spin_unlock+0x40/0x40 [ 320.109778][ T7187] ? __cancel_work_timer+0x331/0x520 [ 320.115089][ T7187] __cancel_work_timer+0x3ac/0x520 [ 320.120210][ T7187] ? cancel_work_sync+0x20/0x20 [ 320.125063][ T7187] ? remove_wait_queue+0x120/0x120 [ 320.130182][ T7187] ? cancel_work+0x20/0x20 [ 320.134597][ T7187] ? lock_chain_count+0x20/0x20 [ 320.139459][ T7187] hci_request_cancel_all+0xcc/0x300 [ 320.144770][ T7187] hci_dev_do_close+0x4e/0x1030 [ 320.149633][ T7187] ? _raw_spin_unlock_irqrestore+0xaa/0x100 [ 320.155548][ T7187] ? _raw_spin_unlock+0x40/0x40 [ 320.160483][ T7187] hci_rfkill_set_block+0x10a/0x190 [ 320.165682][ T7187] ? rcu_lock_release+0x20/0x20 [ 320.170534][ T7187] rfkill_set_block+0x1c6/0x420 [ 320.175391][ T7187] rfkill_fop_write+0x458/0x560 [ 320.180243][ T7187] ? rfkill_fop_read+0x4b0/0x4b0 [ 320.185199][ T7187] ? common_file_perm+0x100/0x1c0 [ 320.190227][ T7187] ? fsnotify_perm+0x5d/0x560 [ 320.194901][ T7187] ? security_file_permission+0x75/0xa0 [ 320.200440][ T7187] ? rfkill_fop_read+0x4b0/0x4b0 [ 320.205377][ T7187] vfs_write+0x300/0xd00 [ 320.209616][ T7187] ? file_end_write+0x250/0x250 [ 320.214468][ T7187] ? __fget_files+0x40f/0x480 [ 320.219145][ T7187] ? __fdget_pos+0x1e2/0x370 [ 320.223732][ T7187] ? ksys_write+0x71/0x250 [ 320.228173][ T7187] ksys_write+0x14d/0x250 [ 320.232501][ T7187] ? __ia32_sys_read+0x80/0x80 [ 320.237264][ T7187] ? lockdep_hardirqs_on+0x94/0x140 [ 320.242464][ T7187] do_syscall_64+0x4c/0xa0 [ 320.247339][ T7187] ? clear_bhb_loop+0x30/0x80 [ 320.252015][ T7187] ? clear_bhb_loop+0x30/0x80 [ 320.256689][ T7187] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 320.262587][ T7187] RIP: 0033:0x7fe662515ba9 [ 320.267005][ T7187] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 320.286956][ T7187] RSP: 002b:00007fe66077d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 320.295583][ T7187] RAX: ffffffffffffffda RBX: 00007fe66275cfa0 RCX: 00007fe662515ba9 [ 320.303833][ T7187] RDX: 0000000000000008 RSI: 0000200000000080 RDI: 0000000000000004 [ 320.311809][ T7187] RBP: 00007fe662598e19 R08: 0000000000000000 R09: 0000000000000000 [ 320.319786][ T7187] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 320.327850][ T7187] R13: 00007fe66275d038 R14: 00007fe66275cfa0 R15: 00007ffe7bea79d8 [ 320.335842][ T7187]