last executing test programs: 29m43.463147875s ago: executing program 32 (id=77): fsopen(&(0x7f0000000040)='zonefs\x00', 0x1) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) openat$zero(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$inet_smc(0x2b, 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f00000021c0)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000004200)={0x50, 0x0, r2, {0x7, 0x29, 0xfffffffe, 0x2045404a, 0x0, 0x40, 0x2, 0x0, 0x0, 0x0, 0x20, 0x76}}, 0x50) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000d00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x90, 0xfffffffffffffffe, 0x4000000a74e, {0x1, 0x0, 0x0, 0xffff, 0xfffffff8, 0x84, {0x2, 0x5, 0x7, 0x74, 0xffd, 0xffff, 0x7d59, 0x7fff, 0x4, 0x2000, 0x7f, r3, r4, 0x78002, 0xff}}}, 0x0, 0x0, 0x0, 0x0, 0x0}) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f00000004c0)={'vlan1\x00', &(0x7f0000000480)=@ethtool_eee={0x17}}) ioctl$TIOCGPGRP(r5, 0x540f, &(0x7f0000000180)=0x0) prlimit64(r6, 0x9, &(0x7f00000001c0)={0x7f, 0x2}, &(0x7f0000000240)) quotactl$Q_GETINFO(0xffffffff80000501, 0x0, r3, 0x0) madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x3) 29m40.956923699s ago: executing program 33 (id=82): syz_open_dev$usbfs(0x0, 0x76, 0x101301) r0 = socket$kcm(0xa, 0x1, 0x106) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x24) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a80)=ANY=[], 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00'}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f00000015c0)=ANY=[@ANYBLOB="b7020000b02300ffbfa30000000000000703000000feffff7a0af0ff2300000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010001010404000011000000b7030000000000006a0a00fe000000008500000032000000b700000001000000950000000000000075cdc4b57b0c65752a3ad50000007ddd0000cb450063dedba767ade51f7f1f66acd19100002000000000000000ff7f0000b52f17cee19d0001000000000000000000cb04fcbb4e4d0b9bafe3ba431351a58a885ba9918d37b056b9bbd11b6b9f6cf7db6d574620260000000000008062d77e85cef4a2ab938f65aac33c4d620de2c9b7dc10d7d313f9f57606b83b994fc4051ade12f41deff6df6a936b4ec3827c739bb39aad16cc75fe369258673b5df11cc2afb53611cc32a790bc0b80e80eae8f5e64be2c9d2d29db3d36dd0cf8f79a015c7bd3f15aa6aadbeab2a01685108e61aa00000000000000000000000000c67c6c6a06e828e5216f601b19db1af1b5d356d0f062137d866d11be4ba3f0151fdbbd4e97d62ecc645e143a60f10800000000000000826151e3b42bcae95239ef5ca2a730a00c87c493db0300e63fda97a296820000000001000000eecc952a3fd2c46f3c1cde71a19d1a2982492a210e00d2bfea3b8d188df2eff8d56aaae7d32a2e180022537395019f02ec4b85f6aad7faca088de9b26797a8446b16c28d85f225992dbdd5bb01ba51508951c7a7d6ca0916c3a12912715649c2b1c7192a4251b59d378d3f00000000000000665c8b7e89eddfc3783f6c9129a7c5f8ee5f50579e2f638f7eb12f63be72a3d81ab324d6e417b1c2cbfdcada0a16e31790e26cf19588a7e0496ee2782224cf30f810da86cf1a3204f4c9404f5d7321a4fefc4d1c9139ca4b65b99909950000006b42077ca60fdecb2717e21f8f187b1866108b6e8c71e2603217606637ece1fa89917e131f4034a8383e99c3568fd04201b37cd92ca6ebf94a2d8310f7032775cfd75652f87b039d5430b3c6643e9146d2478ce31344b554aca7670000000000000010c65608fda6ed5d08e7a796042aa127d874105787d0347aa37801faff5b9050803a19ff6205aa5c263e407a2f7de56f7a0000e094fa4e3f05528caab5a430c08dd810bc97204b767dd969721a26aa740000000000bc433fe2d0a6ef2a8a91cd3cb305aa80dadef8b0caca780000000000000000863e21db415a222bb1a7ab94bfe4a74157d794f9d0430c2c0eb563350559829865a3dd08fb31bd0801e09aa3ee45e61a56fc83076451cff7632e49a41eadb5044a0d5f73d6932161ae5e9ce218a35cd8e7b747887b1a74798982d0b492c3f0ff53189d80733eb04f8124877b648ff438f7d66c7efcc09a8f3330b6c22d14e80db8e5608bdeab9388b758a15f4ce70390c214bc6838798f5b9b0b500d4e8b5174f329b8501c6feb7a6982bcea74a0f2ced7fa2059234a8d10b7f0597151d5c9067d57d85f4ae933eaf5174ba122f3f702ef8695578d3c08562c9fc185f0f65d11b4c58ae52500cbe99cde3758a5cbe6093dd328ac820e2de309d25a324647aadffcecf0f3bbaeda7af4436d9ffbce1b240a2f5e346eba8812e6329e01b087bde7da4a6448f478102e90c8134f531de08d4cf4f6f35b15a202544c0ced0c1715fd3a90099f785a13a2412bedba2981dd22bd9d736c00000000000000000000000000000000eb6fec8d7d2f77f4d470a9caa5b1bfc00cd1d40830ac35f229f8ffe1c02a"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x2}, 0x8, 0x10, &(0x7f0000000100), 0x10}, 0x94) ioctl$IOCTL_VMCI_VERSION2(0xffffffffffffffff, 0x7a7, &(0x7f0000000080)=0xb0000) ioctl$IOCTL_VMCI_INIT_CONTEXT(0xffffffffffffffff, 0x7a0, &(0x7f0000000000)={@my=0x0}) ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(0xffffffffffffffff, 0x7a5, &(0x7f0000000040)={{@any, 0xf}, 0x0, 0x1, 0x9}) ioctl$IOCTL_VMCI_CTX_GET_CPT_STATE(0xffffffffffffffff, 0x7b1, &(0x7f0000000140)={&(0x7f0000000780)=[0x447, 0x89b1, 0x9, 0x5, 0x7, 0x7, 0x5, 0x4, 0x990, 0x1000, 0x3, 0x8000, 0x7, 0x1, 0x0, 0x1, 0x46f4, 0x5, 0x5, 0x4, 0x5, 0x4b, 0x1, 0x1, 0xa6ff, 0xffffffff, 0x1ff, 0xcdf9, 0x9, 0x7, 0x2, 0x3, 0x1, 0x1, 0x3, 0x1000, 0xfffffffc, 0x7, 0xc96, 0xb92, 0x3, 0x9, 0x9, 0x5, 0x9, 0x2, 0x9, 0x9, 0x2, 0xcab, 0x7, 0xfffff111, 0x7, 0x9, 0x3ff, 0x2, 0x8001, 0x7, 0x8, 0x7, 0xb32, 0x3, 0x5, 0x0, 0x58b7, 0x2, 0x5, 0xe4, 0x5, 0x10000, 0x8, 0xfffffffc, 0x6, 0xbc4, 0x9, 0x2, 0x8000, 0x101, 0x8, 0xb714, 0x6, 0x8, 0x101, 0x92a, 0x4, 0x0, 0xfff, 0x32b, 0xfc1a, 0x9, 0x8, 0x0, 0x0, 0x0, 0x7fffffff, 0x8, 0x5, 0x4, 0x3, 0x7, 0x401, 0x4, 0x6, 0x8, 0x4, 0x38, 0x0, 0x4, 0xac0, 0xd3, 0xff, 0x0, 0xfff, 0x0, 0x2, 0x4f, 0x3, 0x3, 0x1, 0xffffffff, 0x6, 0x4, 0x755, 0x3, 0x40, 0x65f5, 0xfffff801, 0x4, 0x0, 0x3, 0xa, 0xd86, 0xffffffff, 0x7fffffff, 0xff, 0x0, 0x8, 0x3, 0x2, 0x8, 0x8, 0x8, 0x3d, 0x8, 0xf, 0x6, 0x7, 0xa1, 0x5, 0x5ef5, 0x5f0, 0x7, 0x6, 0x0, 0xe, 0x63, 0x0, 0x1, 0xa7, 0x3, 0x40, 0x2, 0x3, 0x1, 0xffff0001, 0x40800000, 0x95, 0x8000, 0x0, 0x4c0, 0x5, 0xdfd, 0x4, 0x5, 0x9, 0x51eb, 0x9, 0x7, 0x1e38, 0x8, 0xffff047c, 0xd, 0x0, 0x2, 0x7b, 0x6, 0xffff, 0x5, 0xfffffffe, 0x2, 0x9, 0x3d, 0x4, 0x8, 0xd, 0x7fffffff, 0x4, 0xffff, 0x22, 0x6, 0x8001, 0x6, 0x5, 0x0, 0x7, 0x400, 0x6, 0x5, 0x401, 0x8, 0x9, 0x7, 0x7, 0x9, 0x1, 0x9350, 0x66, 0x9, 0x4c3, 0x1, 0x2, 0x6, 0x5, 0x5, 0x0, 0x5, 0xffffffff, 0x174, 0x8e, 0x9, 0x9, 0x9fe3, 0xbc99, 0xcd3, 0xd700, 0x401, 0x7, 0x4, 0x9, 0xa, 0x101, 0x800, 0xfffffffc, 0x4f49, 0x2, 0x1, 0x6, 0x1, 0xb, 0x4, 0x5, 0x1000, 0x7, 0x400, 0x6, 0x100, 0x3ff, 0x0, 0x6, 0xffffffe6, 0x7, 0x7, 0x383, 0x40, 0x9, 0x6, 0x101, 0x9, 0x7, 0xf, 0x340000, 0x8c6, 0x62, 0x0, 0x3, 0x5, 0x2, 0x9, 0x9, 0xfffffffc, 0x7fff, 0x0, 0x7, 0x5, 0xff, 0x4, 0x5, 0x2b, 0xb32d, 0xfffffdab, 0x8, 0x9, 0x80000000, 0xf, 0x0, 0x8, 0x8, 0x1, 0xe3, 0xbcf6, 0x7, 0x8b9, 0x6b6, 0x7, 0x5, 0x3, 0x6, 0x1, 0x4, 0x401, 0xa40, 0xb, 0xfffffc01, 0x9, 0x2, 0x80, 0x9, 0x5, 0x404, 0x3ff, 0x7fffffff, 0x4, 0x6, 0x80000000, 0xc58, 0xc, 0x3, 0x10000, 0x4, 0x2, 0x7, 0x2, 0x6, 0xffff, 0x7, 0x5, 0xd, 0x5, 0x379, 0x6e9f, 0xe0fa, 0x1000, 0x7, 0x5, 0x0, 0x4, 0x0, 0x7, 0xffffffff, 0x4, 0x5, 0x3, 0xfffff100, 0x7, 0x80000000, 0x491, 0x3, 0xd, 0x4, 0x101, 0x1, 0x613d, 0x101, 0xd, 0x1, 0x3ff, 0x0, 0xc, 0xfffffffc, 0x4, 0x198, 0x61, 0x1, 0x5, 0x0, 0x9, 0xf911, 0xb, 0xffffffff, 0x6, 0x5, 0x8, 0x3, 0x4, 0xffffffb5, 0x91c9, 0x4, 0x1, 0x200, 0xff, 0x1, 0x7, 0x3ff, 0xcb2a, 0x8001, 0x3, 0x700000, 0x3, 0x8, 0x9, 0x7fffffff, 0x7d17, 0x400, 0x9, 0xfffffffa, 0x8, 0x9, 0x8, 0x2, 0x2, 0x5, 0x4, 0x595, 0x20000, 0x9, 0x6, 0xfffffffd, 0x6, 0x5, 0x8, 0xc1d, 0x3, 0x3000, 0x7, 0xffffffff, 0x1, 0x30000000, 0xfffffff3, 0x7, 0x800, 0x10000, 0xfffffffd, 0xfffff816, 0x401, 0x7, 0x3, 0x388, 0x2, 0x7, 0xca1b, 0xf, 0x0, 0x7, 0x4, 0x8, 0x7, 0x80000000, 0x1, 0x3, 0x9, 0x9, 0x9, 0x747, 0xffffff61, 0x0, 0x8, 0x3, 0x2, 0x8, 0x1, 0xffffff11, 0x2, 0x1, 0x6, 0x9, 0x7ff, 0x2, 0x9, 0x4, 0x2, 0x8, 0x4, 0x2a8c, 0x3, 0x525d, 0x8, 0x4, 0x9, 0x2, 0xa, 0x2, 0x2, 0x15c, 0x1, 0xe34b, 0x7, 0x3, 0x150, 0x6, 0x101, 0x4, 0x0, 0x2c, 0xb, 0x4, 0x8, 0xfff, 0x56a, 0x4, 0xffffffff, 0xa4, 0x80000001, 0x8, 0x4, 0x1, 0x81, 0x7, 0x4, 0x1, 0x3, 0x1, 0xed90, 0x0, 0x7, 0x100, 0x1, 0x4, 0xb, 0xf2, 0x0, 0x7, 0x80, 0xfffffff1, 0xfffff65b, 0x40, 0x400, 0x81, 0x5, 0x8000000, 0x3ff, 0x3ff, 0xe1, 0x7009, 0xfff, 0x0, 0xf0cf, 0xf8ab, 0x8, 0xb, 0x9, 0xfffffb54, 0x8, 0x8, 0x80000001, 0xfff, 0x7, 0x2, 0x7fffffff, 0xffffffff, 0x8, 0xfffffada, 0x40, 0x7d0, 0x5, 0x7, 0x7ff, 0x7ff, 0x5b5, 0x8, 0x1, 0x10000, 0x9, 0x3, 0x5, 0xfffffff8, 0x5, 0x3, 0x2, 0x3, 0x7, 0x5f3, 0x400, 0x1c00, 0x1, 0xfffffffb, 0x80200000, 0x9, 0x80, 0x3, 0x910, 0x8e8, 0x8, 0xf7b, 0x5, 0x79, 0x1, 0x7ff, 0x9, 0x8, 0x9, 0x10000401, 0x2, 0x7f, 0x2, 0x80000001, 0x1, 0x6, 0xd47, 0xca, 0x2, 0x100, 0x9, 0x0, 0x9, 0x5c1fc33e, 0x4, 0x0, 0xe, 0x8, 0x80000001, 0x2a1, 0x0, 0x106, 0xfffffff9, 0x4, 0x6, 0x3, 0x0, 0x20003200, 0x5, 0x892, 0x80000001, 0x14, 0x4, 0x40, 0xffffffff, 0x9, 0x887, 0xffffffff, 0x3, 0x1, 0x8, 0x18b348da, 0x1, 0x8, 0x6, 0x1, 0x2, 0x9, 0x5f05d22c, 0x9, 0x0, 0x2, 0x6, 0x8fe, 0x7ff, 0x7, 0x843f, 0x2, 0x7, 0xd575, 0x6, 0x8, 0x4, 0x6, 0x81, 0x7, 0x50000000, 0x6, 0x15, 0x8, 0xffd, 0x6, 0x10000, 0x3, 0x6, 0x749f4463, 0x4, 0x7c20c2c4, 0x2, 0x5, 0x4, 0xfffffffc, 0x5, 0x8, 0x2, 0x8, 0x7, 0x9, 0x8, 0x1, 0x8, 0x9, 0xfff, 0x1000, 0x8, 0x401, 0x1ecd, 0x4, 0x2, 0x3, 0x7b, 0x1, 0x4, 0x200, 0xff, 0x0, 0x3, 0x5, 0xa314, 0x3, 0x10001, 0x9, 0x3, 0x6, 0x7, 0x4, 0xbfb, 0x10000, 0x6, 0x6, 0x1ff, 0x3, 0x7, 0x0, 0x4, 0xff, 0x3, 0x80000000, 0x7, 0xff, 0xbe, 0x4, 0xfffffffe, 0xfffffffc, 0x9, 0x34, 0x3ff, 0x8, 0x5, 0x8, 0x7, 0x10000, 0x0, 0x4, 0x3, 0x9, 0x7, 0x46, 0x9, 0xffff, 0x81, 0x7, 0x2, 0x0, 0x73d, 0xd485, 0xff, 0x9, 0x97, 0x9, 0x6, 0x2, 0xdc9, 0x5e9a, 0xffff, 0x80000002, 0x9, 0xfffffffd, 0x7, 0xf, 0xfff, 0x4, 0x8, 0x4, 0x3cb, 0x4, 0x418, 0x10000, 0x7, 0x3, 0xa, 0x3b, 0x6, 0x47a, 0x1, 0x7fffffff, 0x7, 0x40, 0x6, 0x81, 0x7, 0x1ff, 0x8, 0x10, 0x9, 0x1, 0x9c, 0xf, 0x6, 0x101, 0x3, 0x9, 0x6, 0x8, 0x7fff, 0x4, 0x8, 0x1, 0xffff7fff, 0x1, 0x3, 0x8, 0xb2, 0x8, 0x2, 0x7, 0x2, 0x5, 0x166, 0x3, 0xe14a, 0x7, 0x4, 0x8, 0x7, 0x9, 0xffffffff, 0x6, 0x8, 0x2, 0xb6, 0x53c, 0x5, 0x5, 0xfffffff9, 0x3, 0x5, 0x8, 0x5, 0x1, 0x9, 0xffffff7f, 0x80000001, 0x5, 0x9, 0x2, 0x0, 0x9, 0x5, 0x4, 0xe4, 0x1, 0x0, 0x5, 0x0, 0xe7d7, 0x7f, 0x101, 0x10000, 0x5, 0xffffffff, 0x9, 0x8, 0xe44e, 0x2, 0x80000000, 0x4, 0x2, 0x1c0460d3, 0xfffffffe, 0x800, 0x8001, 0x1, 0x2, 0x9, 0xfffffff9, 0xa190, 0x81, 0x2, 0x8, 0x0, 0x86, 0x7, 0xb90, 0xcf, 0xf8e4, 0x0, 0xd, 0x7, 0x100, 0x8000, 0x478, 0x6, 0x1, 0xb57, 0x5, 0x7, 0x9655, 0x2, 0x0, 0xfffff5d7, 0x3, 0x9, 0x7, 0x6, 0x9, 0xe, 0x4, 0x7, 0x8000, 0x3, 0x2, 0x6, 0x6, 0xae86, 0x4, 0x7, 0x401, 0x3, 0xffffffff, 0x60b, 0x3, 0x2, 0xb, 0x1, 0x2aa, 0xffffbeff, 0x18, 0x2, 0x100, 0x7, 0xbffffffa, 0x6, 0x1, 0x4, 0x0, 0x3, 0x9, 0x401, 0x8, 0xffffffe0, 0x7fffffff, 0x0, 0x100, 0x8, 0x101, 0x10001, 0xfffffffc, 0x8, 0x7, 0x10001, 0x5a1, 0x4, 0x1, 0x7, 0x8, 0x7f, 0x3, 0x7, 0x7, 0xc8, 0xfff, 0x149, 0x0, 0x0, 0x717e17b5, 0x2, 0x5da47ea8, 0x1, 0x400, 0x6, 0x7, 0x25, 0xd, 0x788f, 0x6, 0x7f, 0x71, 0x1, 0x0, 0x6ccb, 0x6, 0x5, 0x9, 0xfffffa99, 0x1000, 0xffffffff, 0xb4, 0x9900000, 0xd, 0xfffffffb, 0x7, 0xc, 0xf55, 0x6d14e279, 0x6, 0x200005, 0x1, 0x3, 0x152358f9, 0x6, 0xf43, 0x81, 0x9da1, 0x0, 0x6, 0x7f, 0x8, 0x6, 0xa1f, 0x80000001, 0xfffffff7, 0x4, 0xf77f, 0x5, 0x3, 0xc2a, 0xffffffff, 0x6, 0x80c, 0x2, 0x13c, 0xae, 0x2, 0x3, 0xfffffff8, 0x7, 0x3, 0xffffffff, 0x7, 0x8, 0x6, 0x1b04e], 0x6, 0x400, 0x8}) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x20000011) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000780)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0xd}, 0x2}, 0x80, 0x0}, 0xe07e872420dfefca) r2 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000140)="1400000023000b6c8cfffdfccabb00f90429fc60", 0x14}], 0x1}, 0x2400c000) 28m27.801054169s ago: executing program 6 (id=491): r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000040)=0x7) openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040301, 0x0) r1 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65) ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r1, 0xc0884113, &(0x7f0000000080)={0x1, 0xfffffdfe, 0x0, 0x8, 0x8000, 0x0, 0x1, 0x0, 0x0, 0x1, 0xfffffffe, 0x1}) ioctl$SNDRV_PCM_IOCTL_STATUS_EXT64(r1, 0xc0984124, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}) 28m27.408725942s ago: executing program 6 (id=494): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r0) r2 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000005f00)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000006000)={0x0, 0x0, &(0x7f0000005fc0)={&(0x7f0000000000)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002dbd0600ffdbdb252100000008000300", @ANYRES32=r3, @ANYBLOB="0600eb00000800000400ec000a0006000802110000"], 0x44}, 0x1, 0x0, 0x0, 0x4048020}, 0x28000) 28m26.881026802s ago: executing program 6 (id=501): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x1100, 0x1}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) dup3(r1, r0, 0x0) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1, 0x11, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f00000001c0)) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f00000004c0)="e0"}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000480)={0x4c, 0x0, &(0x7f0000000200)=[@acquire, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 28m25.88301247s ago: executing program 6 (id=505): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000019200)={0x8, 0x0, &(0x7f0000000180)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x10000000000) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0xf0, 0x0, 0x0, 0x1010, 0xff0, 0x0, &(0x7f0000000240)={0x30, 0x30, 0x30}}, 0x1000}], 0x0, 0x0, 0x0}) 28m25.526698585s ago: executing program 6 (id=507): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') 28m25.099894586s ago: executing program 6 (id=511): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) syz_fuse_handle_req(r0, &(0x7f0000004180)="92756f43b31ffe542788ef586b7c5a344424e3acac2590be6bbe37adface4a8f2e534ffe76a83a93f0b3680a72fddfde83f96d01982384e8d689219cb9669b14dbaa1b799f82ea1fc926126a4163618e16d4f94143a4e0f27c44fcef3920a0b3805ed4e78098d8689cc7791bd86648070718d238664332948d87866c8d2590fc0f017f9853abd9ed60b99f1aa6ae2dbd24ab6dbcebdb055246815ace147cc50fa3b2861148fcda374d5b203e51d72c45e4dde3e9ee9a47ffe458baf7bb49035135a8194aa1f0a83fa2abed56398f90daff679634619453f533f22583a6e0a4dc09e9de46684d5e0136e229510f3702cf3a4cd0065d3e5d3c419e38a80b070ca55010e082a9c510fd18cc0b26bb5e8e459e747befbc5c6b60ace80bf41417b7b78cf57e5b3984f0cdddc615c5e0000454d3f4a196fb6d18aa629cf0b0245f95ba958d86dc175616f8cd3ac473057dc3a5ff7107973326350107f4468e7ecd48d689b82c12d22ae5f1858302a1b4cfde8fd347a99ddcde40d1c49d9b5099fbccf09e782212be4b2ce36a2bc3c9ee794abffe72a5501e6c4f3f7f68b74761ffd6620609224a3bf11f655dadb5c8a5813b02fb46830e9ac6825f5d0e89910352eb3a58c0dd82d094f94dd2c85666f684a8f437bbd0e66b9f4d366117b67a054d212c4fbc287848cb0578391335d5d616b14d99a2e3df8e8a152d5de99bcefcaab5bb5cc71f3ddd66b379c104648e190e0b28a180d3aecc5423575d4ba7dbf31215c717da7b87dd454b6efcd36c91aaa631127f5bd88723d221752f102bc0c7ac6c5c7a1ad6747af40d01b6d39eab7b0e1292b44683c586386ad00acf60fb8f9bac551a6eb5bab7317b5d89f64db10bd9018dfa6d65d93862e851afbc30fd70fe5f0de322462045177231852ca80e4e78da4fea0c79ba354333026c8bc77d308a8d256a19ec45d2088c196691d3f9aac28ded36004a65ee1ce49ba9599ceee84534bb61d02d04a6732f1e27d72962f74b59f3522bf844c5022986d55934e48b8681b7f5b7532391448caeef00315d28320a46d8bd7813544e1e4bf994e14a519c2654ff20b42bdb69c262897e28eca528f0999840b00ed8256597d27cfc20d71d5f40d0bbca759f7594c6034aa1e16a84ed152fad0fdc1c303a7f61225712714f823afc5ea241d482d3585759623af8c97ca6a84a2033b3d7314ea0ef7ba9b288b362a294c92c8b9736829c16f61c5a1ee04aca965d71162292274595ea62c9c2918e8279c99f5d2830c617c58211fd7452330184b9428d5ec1d5cd75ddcc6de3326fdc70e891104b3b013c30ffccfaf3308d9671b01f6b080a930dac2052c6f39817a662121d90d40d6a1facfb50bec7d408030b6d0ae3e744f3bcc327c35dc43cf86b743db78ff2e593b19923235ed6467f299b08718fe1840c16a748935dff941150fb08b30573b37bf9af5c86cc8d9e229a832e4ef25ec91f71120f2b3e9062485976c280a2d172386029e2f2a4801197fca0a13514edacf5ddbac5a62e8bb13dd1572657a821a8739297f72e29239d1cdddf3e30cbe9af3141f2275ee4ae85d86ec888fe9a6751f252057e95b8beb055e276439581afee93cd44f1e92f70e5f725451d3ab662918ffbb1269509fbd511e95a00ec717f9d60d643864abd6ad1cc4dd7f933379a6078a86c2158db8076e7b660366fca7b1c46d09d2c8e67a6494bfb4c2c6750e76593895b5e2b2bc78093840c3c4a807826bc2750a96b4e1dd5b82b492bb2215518c92064d1763c37132604e52e73fac3f4511f791753aeecfbb19816e0da7a1bfbea9eeaa0f256eaedcb119a61f7d0ea0f5cd4969d45cb014800f2c888d5c2217cf0f69a7507779883b57352bb8883cc584891950d6e792537074f4fc4337aa19b9bf60e18edd939d289fb4a6b7aa6c66da20774e249ca4f779d3c910b1a9a8e4c38af6adecc87d5481d181fd66023ffff246f4e2556b218fe8110acebe20b1675f1de6f265b6d1d8514a53522396bf0e2f2b153c498e48b36d16f8b9bd56f45d7f5b9397d7f1339117a176d0bad0b68e800682416d3e18fe2197c7f8dc20600feb95cc6ba86ad47f113e159bd4389e30eab2874bd27eebc56020c4dab9973b13f3e82aa62a7e0a151d73de48cb811e32be63ffd303f5a6ea6f097ed763fbf36c430821e451146de79922348354ce285af0997bf3c66e6ef02942e24b8f1ccdd542f09cfe65c0da0094c0b5fd26bbc061538b41e5ed2cbb390ee29b10a4b7a696009e1b5b86c44c0a561a257c15415feaeb1433ea275ed6e4b228503fe71ee5942665164faaed6697112206be0fe7863aebd4bbe951d5dea1da294dba0793196385f4d5141c9d6c4b0fa22b2e200cfb70b52aca31655e71e5a576ccb8ccb5b1364748aa981edbb81a813b1aebc67be1f7619e7e197622d981280429f6ca5145c5b3b05e6bace9191e5c58fbf140f71f594cbfd4db0e9f6923f1758ff9464a61a720a5d4f09c622c3ce3f5d0d3a1d191111168108f41f12b16e9eaf3617c353715cd35260560cbfd0555d51ce5c40bbdb7c95ceaeadadb8902974de50b0863348183864f5ea682e678286a06a6f396af29a7c7fb33a3579e25835963612f3c0d4cf369d85959a0adeda94d35824050e6fba7f83f90867583f713d7783323c7010e94c9be331f860db395dbde6face5bfdb616fcefa9c6b01f6963daa840a31ff554a458c0c50cb5e09f91f54f63234589decaf45bbfbaef0dcbff4ae6e65ca26a530261c491ef8eb9a855a1d7463391c9b66be96cf24c3c321ee5a5bdc857f60b582683c6ae1e3775b62a9f19ff8fa51380ca8a2a3c6de79012f5727ba12025e7e6723a23a81e067ca6e54c7b38ff64880d235d21e7ee5258953dcbf9e2a962f006ca4ffe870859242c850cbae4222b3b72c4f86934379ba2ead1dcde906241b994d95c88355af5a9a30ace9c933a6942f341ad221dd825846a8fd44c03e2eaa9311c26e15a1bd7cbba961a22ef23d7ebba0e34cec5ef09b1ce72814a97e33bd29f3d9ec80a4f45d1d29486accf15c11f1a800bd84918e7626f678275d7c7acb02cc0e6e34bb766ba6b75c3ad14fca9352e09c3b69390c045cfc842ff9ade8ca693c07fadc7047a946e6e570c3afc5b501c964103397f5ddadc2d59a048348dd42f07cfe31bc9b5ae453f5086bb41bba4c8a3e518e30b0855184b053f923025dd72ce1bcbf41231978b34a8547c71d7313992165078903c61d312b0d9469413c9fd97ccdf0ea270fb6c47ec8861a1c8d909eeace761b5a06ba46e25785ff87f867777abb237c6c980687991f1ed0157d58492260c712cec34c1fc0962103955db4d5090b6e8409cf3c3c79d0e691cf4fbc0b2251a016dcd456969cd32e5429533bf0d6f8bda84c05f0e2040de8b53bfb8676eec4b76c3df6f46b1e43732035dda577e75f640777f6ae90fd2f1af42ba462dac732019c599bfef01acd6a0d4d1796bcb8f58519d6f9ad9a3206704a94d472516b988141f44ecd2e6f28a49aa0c449db87972fc995a97379914546ea43143ea2cf779a9cbe81f111fe89129db3610492164ab2598eca7e60d9a6963d8ba03a86729db86e420fd96d61b8fb11edc2b339b57a740074ae5b775eaf60cd85dc934e604bf2b4bd58ee01205b4df57ac20ff8db45a05982b579643882407050c005102a2e71f1e56dc76dbf5331112e83e48bfb5cf2a78a893190d78426175c162ffaa7278a43b9932318fc17fb8cb0dfac610b1ad235b91f9cb7623b155117e07f7b876a3c37627aa31eafed141cc0c5491c4f621a66b6d837a144d78719c46511c04a093cf65fce9fabe5bd6d499eceb63538ece3cf19053550a239bf978c08c879f9954485a4e3e0d5bedb84b407ced85c4dfc4d75af116815992c29f0bc927c4a990c38ae4fcc9feb90fec1b1b555e04d010423010855394d5ccfc8ed21164190cd8f83be5debb70290c3547f07e4dc42814f1e001798e6ceee2558b0c6ff8c1759f90269ee226131116332b99ac8dd104c92088e1f91ace3198c0f59bfb75c4e4a697660eed43a29c831a552de37fce6dce96fa51b6e2111f3071a4e94422d15e102e5f67da7ca6cae6bed7743ebffacb8a811a143605791d17232181a517e872f71262c3c73668f0ef83aad498f67fa26bae698cf78f24c2dbecd399a190e6b8d0684e929f2e8083765eb2c67793a1adbb89d36b58bfb197cdc5f3c894ac9d886e8f3b0936fabd233c09de8fab8099f72a74d908ba5c5e4d39790b0bf9e45b710f5587b7c937c76690c5c5fce621a53a9fd03b0a4ee6d8d1abbe2ed561820a77f12a08cad0755540ab6dd1604b7c30a8652995ab80b85e919011de9438a4637eb0291124ed4b745e782cff98510cb03be79c2a81351abf276584d75cdd96b9c97e73eb71000b3ab7c3c19c2cab4497298fcb3052b5d4503d05e7f310318be6f848547b1a4f4db82caee190801478be28065036aa4d91f290c1f396343e73a5fe8bb5ccf0a317177ed1f77acda1a4a49dccfcab8d1b5d79f015f788b6d5e9f8228a8bcdc0696e6b19f5edffbcd7e9509c87fbe1f726b93bf8c6d8d37428763e142560c46c9e894f7317859000c25abc4f3691ebcd020171e0d4911b5d97a238109aedeb00b2eb475c1e7b45175f8aa85193b5c0f43b434c15de01610c4d022646cd6e3637f349a434a77f571ac1c5d698452d1b991e267f78dca5e592ecd31ccafcad84e4e98d134b4adc525b81bd6843428883023a6ea407201738c8bf16b541ff7280274a34d4cf14819f2dbae167ca0cae8471c495e006b45194ad91c4516f21cbb10e0d26fd5d734cd7725df5b3fbe92955f4a9bb3b9b813aeeff79d6ed5db92def19d060a208c3ec8c42c110786f1e1496c50a7249b03fc792764366894a35320b99d0bef9fd0b6a246c36a357c6b985dc83a37a8d9b8b9ad643dea94860cbe763bb73cc8422b69d4d12332242c8954075fb7117a6679638073617abcdb4619855b2036af160647f66b3531645a3bf047ae290d6ae2249f114e7a8464278bae1486022bcc7c37390c8d9a0efb0e1cfa0da8ef7a5e072f99a47ecc75e4e442880375193db49bb82ba34901286ca473ed5b63e4048db4dc455e74b3fdd2e7898ca3f4c3a02d435cde6141eea645055123a7dcf0d22057f8d425701afc55859f5147954e719d58c7486b1e02ac16cb799b77632c66bb78e6e52e11017c1736424fa4d433f1e19b4c881d23f0b2a12d5fae3ae24339088088d9b496ad97bd9f6e20a8597d1452a0c72dcf43dbbda8f18166585c06d21fbffe5fe7b55f71c9b9f1b34a02bd05ca63c7c1b1bebbb9dd24fb10291b04c665d45154dd28b85d821ce7e613119128996785e1006a8dabc4899b10d2671107d5a0658ed363b9d4b39d02f8cc5e350fbf0a31048adecd1f9e2ca749bd86f195eb48e9b4605f050de03d642940d79184618f7f88a9a0a4683ad84d6134e395305bc1d4d9d17cc334b97653529d6682a87a5fac80a6d46d6e72fc22e58be7b8f8617b3372ef2622110ab1ec448717118b257acffe55d18c7855e9e8710ad977a6792b2315a189eb4468c68641e9b60c0dab7016ac1ad63cd8004b6eca8fc88b1e4263acc00499255c16b11487a0af858075f9c892dc8044c4146e5a5677c4a2cb24bde5e078985020d4ab1e4c87492e76b7e6f4bbd71d84bab1885c9702849e70cf728776b1a94c2a8fb8c7ca01b6111ef6f2032a290949bfe473fe215273b8b5b3ad540f187490f63077dccbca6f62f0a7a66717c596cdef412f2560b10685ede967b3ee68b8c951959aeb1d7564c3b9d80762ce858381393a79916b78f7e90beadae30ffc0b2b614380f1c2cc551a44565209db3516be379ef566ab00c673fd8aaeeecdcf1168c1960e9a477b9e13757498a44ff089351d1f27abf9fd76816f924504647d1247715ca861ebe624172c322146d66eb2b247f8ecb3e1b5ddca89b287c57510cec40fcf89d802cf4368a861af320e01e34f7a6177d4bc549181b5e87ecdfe02f78c9a59a3bf91ebb6364023ec06410e7b4476ec4e3685bfa3bfe9ef9ecc12dcd899abe0f3c7f16b4686801c0c0a949aa26bed57df56f2bc54ef19af7fcbc7b0d691075f42a4a67acf980b568acb2342f42249f7c1ee3527c13182b096064ecd250887a942d26f637e1c4041b139659d2462a68680bb04387a3b399e396b9fe74de10356125fa47d0a20827370cbf36a79b6fffade91c439dd6cfff4bbe0dd3efefb61c491ee32f935d62307cba369ac8c20f6fe3d4857ce6d240ece5e4d149f0587155a8350fcc18efae2ff11cdbe15218a82499a1996df8b5462ee170b284321e76bbe5c3f4158387644d95f087c598e3d46fbe27f63fa784bda239512113424045a2c5dbc6bc3662ca730a86d13cf8f6fe2743224ca7b535caf6b4701a7dae9cfad3d7290104bbba15b6a064ae6e909a099f75fbe47c9e654d8e3b8dc0f3dbffe829e6c56f7a241e565136812a857f59ab565a9991c6b1d8abcc94c6b33bba314f6e5060e657e4647f969a551dd6c51dfca0ff5d9e4f401fedbc2c927eb1ed95ef25f4e5accba4999322ba1539499310dd5875433a22835cfd42fd77fd4680b7fe767d7aa5c33acde04a65bd3a663fcde4c80e9f2af498f13bf9abbaa1c1265edc691e94abdcc92270c05811cd2a8104eb18efbfec9e4ba9ae5cde211b9b93082ce034b6cd5fbe9cfbac4f7e2404ef159766124f73017cc3600f3c81cd78db25fc3459629eaf20dfdb062c7e502aa69412381d847a9d254d5befc451cda3606f0bc8ae62e0aee928f9ed0b21d705a8d31b899e16445ee064563d32f7b6bb5ad197023cf528d9b329ec67815c6ddf27d2a6ffa7328bb993407cde3d166159fd49fe469254b84c2916daea8df9d69bef019f1351b9bce193e30278835b82ea5f60dc0bdd7f7452b7a820ae7cd6dc29d7ac6a6c1b6411711a96338b1e769146b2a385d282bfaae61b041166efafab2d89a4567b9460cc22d752f8e9aacaaa0db7c84879f5359662d55df6570d4214740851c74574ced733807cbb54571110410892394c3dea07bd4154d0e5689d57c3360207dac951f96a358e9c466a5c5113f3a632e184f57f075edef4dcc9721b963beb95df09dedf848260cbc1ebfdc7408218eaba6d2c51928cd37c4c0c9f321fbb0994a56947cfd9643056db5dbea60a241f8f004c932bc8e645b2ec2eb9bc4e9e2f4156293234d05e70cb26b8a370b0206c756bda6defc11c5eb386640f535a4ffb714168defc6d82f40d8f5ba8768537ead5773c53bd779ca899a2dd31c9138569ff5107c2fb12b804375c3b3dc9b828bfd550328adf358f71e86a0c49fb119f5ef9e06c13855cbfc7d1a62ca2ea655ed912a6dc7bb8b18656e8923fc7a1702ab36947d79384d681c31923e98cf40209f776bc2b219a7ccd139e756a905aa351e6eaae90770c8a193f96cd5c66e4d77a357985556e14333716d80204a5c390e0d76f4081afe917f99ad8a0976b3342f51854b374b4baa9a7f22124d2b82749446e30d9795acb9c3c3a305a6d273ac528e8e9c95c37a78e765fdda55982c2961fbc85a14fc095a78b4654ee6dfc3298749a639ab9c8e155af3a77f8a409ce174532a492ef550a140f774d77d732b3b4ca5bc41fa4488ce5957ce219b032ae1f585273748d81b19edcf3e6cb9a93ec24e41c6b3c472f9baf3ca46cb8b9a91df18acebe7d83bd4473750c4f26806da2f95b9ea48b342460af729ab15e9f033eda67feec645f985d4b9489cf6ceec1b100d007bf46c74be53c7ea17296f9c5b5cbae736491213c93b513009ebdecfcd60d46d7b86c6e3b5e288f2ba5867c07936e7bd1b00de52191eb8630ff82ccafb27a59295164751811bf74eff1e5e2abdf3c93bc5dc9814be83b2562477935e2fa30db7ebb6ec380170cf10c1f98f8c5eb71c730c2b31b55a1dd1c12a64802ab95b63c529e0a96cec8f38680221d6089926d8309796c79994d63b67bfb62f66b4a502f30ed12be41e896e88bc45a160a526fbd5f002e677322f116ec5740d7563cd23ee853c008b84998e38fdf158556e28a532573956e7c00f91f08ca245c295a3d5e003a99ea727f61d12893b435d4c8f2f5cce00c6a3091e2a47f290c07168975c53d7529b71d10faf42d2bac9db8d53669cf59c709c25e9e40b5feaed4c37dde8b84c4961c00712326fb6aaa06e80d766b40b72480f3971def61d1d129676df2478e778d899ed317426ec33e496d1fdd2ec27128f8faee92828e13da72d6aee8330a7988ea1cc8b64ec4d8b20990864c16c52c4be6d00b304b87d97bffdd9c66a740b517223089d9f3f414abedc53c768dab9220b980e6c18d5f20ba8994cc8886d7bdee213442f456d79fce1b1eb48fbf600a666c8ade24d118e6328251cf7b57a6285c650e019850f392b1c29aec5c8fc489a3819d60d5de377d4c11b8ee5625b7c02c5d50d2af3397006f2e2a41a06f039229eef5878ed91f9f6be7e988924dbaeb8455f616275e8698d93fb536e2c839b203aa69bceceddbf9c53f8addba53d50ca0f7a4729a42ac6eb757f1b408ad4a0147546173e62f7621eb18a9e1681510cceb48e0a30ab7a1bf71d56742d5f034f2d725e7ea68a011dbb100fa6eefe4ee093873de366d34f4240ca027a25c5b979c9ac47dd1dcb6ed82c4aee09dcc23cf329a8644f89b5cf00e5683934b1837574e9b39b31b1009f276e15aa040959fdf100838ca3f5ab17e45036668d06044e3a13f3a0a6f68579e50d5b0164f900d7bcfcde78396cf30f0b1dff76dc397ab1a5a44b207eb1eaaf73b945c575029ae2dce20724991e6550155ded6a42672609f2439c5aab4882b2ffaf7da787b71d05d15516bd68c6f1a9d79b675395845f24ee853f877e72c14b6c6702f7b8775ca1bfabbbcf4019f7bccf07f1c211531dfc66a7a1df79e92a20dd1cbe1b22e1209e7e3ecb9d3c2450fc22a57bfe09bd735f61c361cdac2488ae0adc7885edc0712655daaf535e1de96ccbe7869d531d8bf3db512fbd17c772332a3f8cf1e052ee0202eb99a36a0f8d7219888acbb57090cdaf3b28e1e62e8fc2ec237bdf18592a7afe4d8390dcb5e7fcc31bf4f797e6f5710070902265cc2e8c459b7da1451046abd6c8c5b02c0be2d2f505a65376266563ac7b59ef3b4e2570a6cb0bd94d46ad861317c743ce1de12bfa2295a98cdded4414d87a1580b1e4675bbdf73a22cac4a1d8d456d089e0b60cbfd16158f073bd1dac481db49fa5d8801d0fb0844b4afec1bab4e61fa0f381fa667880a1cd8163953be7b591cc9dfd7f91902370b783ae8a0f3c7cbefa7d229a37c00f523529e159b11d2e240629b64af2d11404773e991207a722c320221ce23baed7cbe40a440c5680814b122cfba9092fe03478f85adcbdeacb76d6cbf2491eafae98327b278e267821a0e1cd06ef90cb0328e246c19d8c63b9332291a89bc9f989effc675c79a870ac024756c6f5a7e32babd69625d61487ae7399490b70dd0fade7d70ad9b0757300a2dde77abaff4f63a0303853589d44efa968e10d36561f04408ad0cc227fc6b2f904cead189a0fcca9b2e6cbde5498652e0b3bc9d8b7921474403718feb5cc750dc70f5a9b1a0ae2c642015b6a1a8ab0572182b4e39e0c869cbdc60c9465f5d564d18ba2f5b3bc3e05a458744077430c5ea031ee02dd8f0a65d7dd8d90dd9b8717f77d202239a5778719423fb2aec7ca86eb07c39de65a34b988d65377a7473e9145f16d79593e96903330bbf3a8024fc15519d9baa0fae2018786f4b1846fca355ff0fccf65cccad1896309a5ccf2056dd542c929850cc91cd655962360fe316557ab3fb378328f77a07d9da24447d3fa2020b382ed2e808ec9529a01273434c64b0b7c35a06a019e4ab51cdc9c0f266ab25b6984338a0ba910d1060283b636c5d7e8a3f969c1ee1c99b54bba7ff3679fbeecbb70349f076480a867cc4ee4cacaea39c80f642533599486d2ffb77b8c9109a9d25fa0b06e58eca764f7d56469eb9547036bbea9d5c3d35b4c1fbc3d39a372c2b7ad184965cad3819c8928f1588d00949949c0c4c93d30ac7f6665247c0108bd89dff3aafe780ac66febfacc8c6a3cc387d09da6de700487a80e2c8d56df94d7ebd3e1d9e06411a6c5f7eb6da41c6f52997b5ad47ba985261103fdf12eb4a2828b248f652ef00b6abccab2eb161b878b9dbc0aa911405b6f67adda83c16187748d7b524ffe6381f489f432d592e6171bd9ccb2cd52f977143f57fbf2ab0b823d449ae55f02440972334344cda01837b93afa4f46a2fdefe27e92764cf9596780846de2e3b1ea83e62ee43b1c05aee675e25363504addfaa68e7c53ed685413f5ba951f120d0a646e474872c81e5a887464c19f8460ae814ffff24cb51dd2dca28d597ab2ea60949f8dbbe67f263e722fdb51bce4e328a19f5ff1218e1f63b8da6d40dbd5490964499b2522ea323310634893ead661407966207a66ab13adfcf1a725ed14339c46011c0e0401f2386b47cd9f902fdf84bc85e74d3ae7cc544e4d65670a554a537712c6ee9f75191631d2a4c4da06fc38423b1d5b828d7201235b2974164f52aa16bee70ee509250752f4fdd6b9f8d021943df8320682a6f80ff0d67ab7a4ceea807bd5b3b7b6380b0c7f0caa67b0208ba71317f0355a3b755af0e2c007186389438615df80b7b25104a733fc90625b62682198733c0f1625dfaa08cf81e3df043094b7b5a098b3b36f803b5b0f10a057bf814ae3579932c0a5f208985bab3d817f975283b8838ae5cb709be72b58df7425e059fdbf4e0ee51b3da01fe0b44963c1196baee5ec5909ad80d9d1660f3edd90374952a0bf8b3bece2c2f944593f4de7de5e05ded096b8f4f05d65dfc2e806f78220d84b3db564fb12f4e5e8f5eab316591f004e9374cce8e787263bc3827affe6793c130b8621d3bbb2a86fd87f070ea21718281ee7aec4bb3bb71af4bf5721cecd139c4be8c9df4ec8dfb09a5cf1d86a25d39faa9f064a997c214f334e4410917fc3b4d67ada8d87a38c0f86b02bf653dddaeb5b75b300f8bcfd792858bef8ab23e063421939c59212964c9ed5dd56e215db58cef53d31a966bb8ce4ed56287fecb3a85ba435e0b41b20ba1164b9c9f2c49fa0f7b17a89e0ec47eefe992d63ee29c8c0a1ece2664fee8edadd43636a54c48519b4fcf55b0d9103602b92441a5f85cf8c5e406d0f5815f8f37309934bd78fbc2acf0a03b051b4528db4f7c09de7d0aabafca3736b8259c818ca338ca6754e0747717c2794d664a1cacc1e9c52764a308e6df73d975638630b74cce6c49b1bac16454e96852c4f9d8ed118e86d2f1c8dc33bccd4a07be128db5e80f5684ddcc1158e744411acde590f902f0987cfb750bb5bfeed53bff076868986b566d7701f48ddfcacbd325c8d930bcef26713bf60585d5c991e2a6cc33ccbc27f7ddfba18f998497c2eb378cc8f2cc07a1b4f141c5e0fb6f52e18242e505bcf6dd20e33a469d056a0b4fd5e72d0da9d0bcce1e2f9e9dc7d1c7b6cb0f3604287eca", 0x2000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x90, 0x0, 0xffffffffffffffff, {0x5, 0x2000000000000007, 0xfffffffffffffffc, 0x0, 0x0, 0x10000000, {0x2, 0x401, 0x3, 0x4, 0x0, 0xfffffffffffffffe, 0x47, 0x0, 0x126, 0x6000, 0x10000, 0x0, 0x0, 0x902, 0x1}}}, 0x0, 0x0, 0x0, 0x0, 0x0}) write$FUSE_INIT(r0, &(0x7f0000000440)={0x50, 0x0, 0x0, {0x7, 0x29, 0x0, 0x400040, 0x80, 0x2, 0xfffffffb, 0x2, 0x0, 0x0, 0x0, 0x1}}, 0x50) r1 = openat(0xffffffffffffff9c, &(0x7f0000000a80)='./file0/file0\x00', 0x0, 0x3) ioctl$TIOCGPTPEER(r1, 0x400c0930, 0x7) 28m9.856462098s ago: executing program 34 (id=511): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) syz_fuse_handle_req(r0, &(0x7f0000004180)="92756f43b31ffe542788ef586b7c5a344424e3acac2590be6bbe37adface4a8f2e534ffe76a83a93f0b3680a72fddfde83f96d01982384e8d689219cb9669b14dbaa1b799f82ea1fc926126a4163618e16d4f94143a4e0f27c44fcef3920a0b3805ed4e78098d8689cc7791bd86648070718d238664332948d87866c8d2590fc0f017f9853abd9ed60b99f1aa6ae2dbd24ab6dbcebdb055246815ace147cc50fa3b2861148fcda374d5b203e51d72c45e4dde3e9ee9a47ffe458baf7bb49035135a8194aa1f0a83fa2abed56398f90daff679634619453f533f22583a6e0a4dc09e9de46684d5e0136e229510f3702cf3a4cd0065d3e5d3c419e38a80b070ca55010e082a9c510fd18cc0b26bb5e8e459e747befbc5c6b60ace80bf41417b7b78cf57e5b3984f0cdddc615c5e0000454d3f4a196fb6d18aa629cf0b0245f95ba958d86dc175616f8cd3ac473057dc3a5ff7107973326350107f4468e7ecd48d689b82c12d22ae5f1858302a1b4cfde8fd347a99ddcde40d1c49d9b5099fbccf09e782212be4b2ce36a2bc3c9ee794abffe72a5501e6c4f3f7f68b74761ffd6620609224a3bf11f655dadb5c8a5813b02fb46830e9ac6825f5d0e89910352eb3a58c0dd82d094f94dd2c85666f684a8f437bbd0e66b9f4d366117b67a054d212c4fbc287848cb0578391335d5d616b14d99a2e3df8e8a152d5de99bcefcaab5bb5cc71f3ddd66b379c104648e190e0b28a180d3aecc5423575d4ba7dbf31215c717da7b87dd454b6efcd36c91aaa631127f5bd88723d221752f102bc0c7ac6c5c7a1ad6747af40d01b6d39eab7b0e1292b44683c586386ad00acf60fb8f9bac551a6eb5bab7317b5d89f64db10bd9018dfa6d65d93862e851afbc30fd70fe5f0de322462045177231852ca80e4e78da4fea0c79ba354333026c8bc77d308a8d256a19ec45d2088c196691d3f9aac28ded36004a65ee1ce49ba9599ceee84534bb61d02d04a6732f1e27d72962f74b59f3522bf844c5022986d55934e48b8681b7f5b7532391448caeef00315d28320a46d8bd7813544e1e4bf994e14a519c2654ff20b42bdb69c262897e28eca528f0999840b00ed8256597d27cfc20d71d5f40d0bbca759f7594c6034aa1e16a84ed152fad0fdc1c303a7f61225712714f823afc5ea241d482d3585759623af8c97ca6a84a2033b3d7314ea0ef7ba9b288b362a294c92c8b9736829c16f61c5a1ee04aca965d71162292274595ea62c9c2918e8279c99f5d2830c617c58211fd7452330184b9428d5ec1d5cd75ddcc6de3326fdc70e891104b3b013c30ffccfaf3308d9671b01f6b080a930dac2052c6f39817a662121d90d40d6a1facfb50bec7d408030b6d0ae3e744f3bcc327c35dc43cf86b743db78ff2e593b19923235ed6467f299b08718fe1840c16a748935dff941150fb08b30573b37bf9af5c86cc8d9e229a832e4ef25ec91f71120f2b3e9062485976c280a2d172386029e2f2a4801197fca0a13514edacf5ddbac5a62e8bb13dd1572657a821a8739297f72e29239d1cdddf3e30cbe9af3141f2275ee4ae85d86ec888fe9a6751f252057e95b8beb055e276439581afee93cd44f1e92f70e5f725451d3ab662918ffbb1269509fbd511e95a00ec717f9d60d643864abd6ad1cc4dd7f933379a6078a86c2158db8076e7b660366fca7b1c46d09d2c8e67a6494bfb4c2c6750e76593895b5e2b2bc78093840c3c4a807826bc2750a96b4e1dd5b82b492bb2215518c92064d1763c37132604e52e73fac3f4511f791753aeecfbb19816e0da7a1bfbea9eeaa0f256eaedcb119a61f7d0ea0f5cd4969d45cb014800f2c888d5c2217cf0f69a7507779883b57352bb8883cc584891950d6e792537074f4fc4337aa19b9bf60e18edd939d289fb4a6b7aa6c66da20774e249ca4f779d3c910b1a9a8e4c38af6adecc87d5481d181fd66023ffff246f4e2556b218fe8110acebe20b1675f1de6f265b6d1d8514a53522396bf0e2f2b153c498e48b36d16f8b9bd56f45d7f5b9397d7f1339117a176d0bad0b68e800682416d3e18fe2197c7f8dc20600feb95cc6ba86ad47f113e159bd4389e30eab2874bd27eebc56020c4dab9973b13f3e82aa62a7e0a151d73de48cb811e32be63ffd303f5a6ea6f097ed763fbf36c430821e451146de79922348354ce285af0997bf3c66e6ef02942e24b8f1ccdd542f09cfe65c0da0094c0b5fd26bbc061538b41e5ed2cbb390ee29b10a4b7a696009e1b5b86c44c0a561a257c15415feaeb1433ea275ed6e4b228503fe71ee5942665164faaed6697112206be0fe7863aebd4bbe951d5dea1da294dba0793196385f4d5141c9d6c4b0fa22b2e200cfb70b52aca31655e71e5a576ccb8ccb5b1364748aa981edbb81a813b1aebc67be1f7619e7e197622d981280429f6ca5145c5b3b05e6bace9191e5c58fbf140f71f594cbfd4db0e9f6923f1758ff9464a61a720a5d4f09c622c3ce3f5d0d3a1d191111168108f41f12b16e9eaf3617c353715cd35260560cbfd0555d51ce5c40bbdb7c95ceaeadadb8902974de50b0863348183864f5ea682e678286a06a6f396af29a7c7fb33a3579e25835963612f3c0d4cf369d85959a0adeda94d35824050e6fba7f83f90867583f713d7783323c7010e94c9be331f860db395dbde6face5bfdb616fcefa9c6b01f6963daa840a31ff554a458c0c50cb5e09f91f54f63234589decaf45bbfbaef0dcbff4ae6e65ca26a530261c491ef8eb9a855a1d7463391c9b66be96cf24c3c321ee5a5bdc857f60b582683c6ae1e3775b62a9f19ff8fa51380ca8a2a3c6de79012f5727ba12025e7e6723a23a81e067ca6e54c7b38ff64880d235d21e7ee5258953dcbf9e2a962f006ca4ffe870859242c850cbae4222b3b72c4f86934379ba2ead1dcde906241b994d95c88355af5a9a30ace9c933a6942f341ad221dd825846a8fd44c03e2eaa9311c26e15a1bd7cbba961a22ef23d7ebba0e34cec5ef09b1ce72814a97e33bd29f3d9ec80a4f45d1d29486accf15c11f1a800bd84918e7626f678275d7c7acb02cc0e6e34bb766ba6b75c3ad14fca9352e09c3b69390c045cfc842ff9ade8ca693c07fadc7047a946e6e570c3afc5b501c964103397f5ddadc2d59a048348dd42f07cfe31bc9b5ae453f5086bb41bba4c8a3e518e30b0855184b053f923025dd72ce1bcbf41231978b34a8547c71d7313992165078903c61d312b0d9469413c9fd97ccdf0ea270fb6c47ec8861a1c8d909eeace761b5a06ba46e25785ff87f867777abb237c6c980687991f1ed0157d58492260c712cec34c1fc0962103955db4d5090b6e8409cf3c3c79d0e691cf4fbc0b2251a016dcd456969cd32e5429533bf0d6f8bda84c05f0e2040de8b53bfb8676eec4b76c3df6f46b1e43732035dda577e75f640777f6ae90fd2f1af42ba462dac732019c599bfef01acd6a0d4d1796bcb8f58519d6f9ad9a3206704a94d472516b988141f44ecd2e6f28a49aa0c449db87972fc995a97379914546ea43143ea2cf779a9cbe81f111fe89129db3610492164ab2598eca7e60d9a6963d8ba03a86729db86e420fd96d61b8fb11edc2b339b57a740074ae5b775eaf60cd85dc934e604bf2b4bd58ee01205b4df57ac20ff8db45a05982b579643882407050c005102a2e71f1e56dc76dbf5331112e83e48bfb5cf2a78a893190d78426175c162ffaa7278a43b9932318fc17fb8cb0dfac610b1ad235b91f9cb7623b155117e07f7b876a3c37627aa31eafed141cc0c5491c4f621a66b6d837a144d78719c46511c04a093cf65fce9fabe5bd6d499eceb63538ece3cf19053550a239bf978c08c879f9954485a4e3e0d5bedb84b407ced85c4dfc4d75af116815992c29f0bc927c4a990c38ae4fcc9feb90fec1b1b555e04d010423010855394d5ccfc8ed21164190cd8f83be5debb70290c3547f07e4dc42814f1e001798e6ceee2558b0c6ff8c1759f90269ee226131116332b99ac8dd104c92088e1f91ace3198c0f59bfb75c4e4a697660eed43a29c831a552de37fce6dce96fa51b6e2111f3071a4e94422d15e102e5f67da7ca6cae6bed7743ebffacb8a811a143605791d17232181a517e872f71262c3c73668f0ef83aad498f67fa26bae698cf78f24c2dbecd399a190e6b8d0684e929f2e8083765eb2c67793a1adbb89d36b58bfb197cdc5f3c894ac9d886e8f3b0936fabd233c09de8fab8099f72a74d908ba5c5e4d39790b0bf9e45b710f5587b7c937c76690c5c5fce621a53a9fd03b0a4ee6d8d1abbe2ed561820a77f12a08cad0755540ab6dd1604b7c30a8652995ab80b85e919011de9438a4637eb0291124ed4b745e782cff98510cb03be79c2a81351abf276584d75cdd96b9c97e73eb71000b3ab7c3c19c2cab4497298fcb3052b5d4503d05e7f310318be6f848547b1a4f4db82caee190801478be28065036aa4d91f290c1f396343e73a5fe8bb5ccf0a317177ed1f77acda1a4a49dccfcab8d1b5d79f015f788b6d5e9f8228a8bcdc0696e6b19f5edffbcd7e9509c87fbe1f726b93bf8c6d8d37428763e142560c46c9e894f7317859000c25abc4f3691ebcd020171e0d4911b5d97a238109aedeb00b2eb475c1e7b45175f8aa85193b5c0f43b434c15de01610c4d022646cd6e3637f349a434a77f571ac1c5d698452d1b991e267f78dca5e592ecd31ccafcad84e4e98d134b4adc525b81bd6843428883023a6ea407201738c8bf16b541ff7280274a34d4cf14819f2dbae167ca0cae8471c495e006b45194ad91c4516f21cbb10e0d26fd5d734cd7725df5b3fbe92955f4a9bb3b9b813aeeff79d6ed5db92def19d060a208c3ec8c42c110786f1e1496c50a7249b03fc792764366894a35320b99d0bef9fd0b6a246c36a357c6b985dc83a37a8d9b8b9ad643dea94860cbe763bb73cc8422b69d4d12332242c8954075fb7117a6679638073617abcdb4619855b2036af160647f66b3531645a3bf047ae290d6ae2249f114e7a8464278bae1486022bcc7c37390c8d9a0efb0e1cfa0da8ef7a5e072f99a47ecc75e4e442880375193db49bb82ba34901286ca473ed5b63e4048db4dc455e74b3fdd2e7898ca3f4c3a02d435cde6141eea645055123a7dcf0d22057f8d425701afc55859f5147954e719d58c7486b1e02ac16cb799b77632c66bb78e6e52e11017c1736424fa4d433f1e19b4c881d23f0b2a12d5fae3ae24339088088d9b496ad97bd9f6e20a8597d1452a0c72dcf43dbbda8f18166585c06d21fbffe5fe7b55f71c9b9f1b34a02bd05ca63c7c1b1bebbb9dd24fb10291b04c665d45154dd28b85d821ce7e613119128996785e1006a8dabc4899b10d2671107d5a0658ed363b9d4b39d02f8cc5e350fbf0a31048adecd1f9e2ca749bd86f195eb48e9b4605f050de03d642940d79184618f7f88a9a0a4683ad84d6134e395305bc1d4d9d17cc334b97653529d6682a87a5fac80a6d46d6e72fc22e58be7b8f8617b3372ef2622110ab1ec448717118b257acffe55d18c7855e9e8710ad977a6792b2315a189eb4468c68641e9b60c0dab7016ac1ad63cd8004b6eca8fc88b1e4263acc00499255c16b11487a0af858075f9c892dc8044c4146e5a5677c4a2cb24bde5e078985020d4ab1e4c87492e76b7e6f4bbd71d84bab1885c9702849e70cf728776b1a94c2a8fb8c7ca01b6111ef6f2032a290949bfe473fe215273b8b5b3ad540f187490f63077dccbca6f62f0a7a66717c596cdef412f2560b10685ede967b3ee68b8c951959aeb1d7564c3b9d80762ce858381393a79916b78f7e90beadae30ffc0b2b614380f1c2cc551a44565209db3516be379ef566ab00c673fd8aaeeecdcf1168c1960e9a477b9e13757498a44ff089351d1f27abf9fd76816f924504647d1247715ca861ebe624172c322146d66eb2b247f8ecb3e1b5ddca89b287c57510cec40fcf89d802cf4368a861af320e01e34f7a6177d4bc549181b5e87ecdfe02f78c9a59a3bf91ebb6364023ec06410e7b4476ec4e3685bfa3bfe9ef9ecc12dcd899abe0f3c7f16b4686801c0c0a949aa26bed57df56f2bc54ef19af7fcbc7b0d691075f42a4a67acf980b568acb2342f42249f7c1ee3527c13182b096064ecd250887a942d26f637e1c4041b139659d2462a68680bb04387a3b399e396b9fe74de10356125fa47d0a20827370cbf36a79b6fffade91c439dd6cfff4bbe0dd3efefb61c491ee32f935d62307cba369ac8c20f6fe3d4857ce6d240ece5e4d149f0587155a8350fcc18efae2ff11cdbe15218a82499a1996df8b5462ee170b284321e76bbe5c3f4158387644d95f087c598e3d46fbe27f63fa784bda239512113424045a2c5dbc6bc3662ca730a86d13cf8f6fe2743224ca7b535caf6b4701a7dae9cfad3d7290104bbba15b6a064ae6e909a099f75fbe47c9e654d8e3b8dc0f3dbffe829e6c56f7a241e565136812a857f59ab565a9991c6b1d8abcc94c6b33bba314f6e5060e657e4647f969a551dd6c51dfca0ff5d9e4f401fedbc2c927eb1ed95ef25f4e5accba4999322ba1539499310dd5875433a22835cfd42fd77fd4680b7fe767d7aa5c33acde04a65bd3a663fcde4c80e9f2af498f13bf9abbaa1c1265edc691e94abdcc92270c05811cd2a8104eb18efbfec9e4ba9ae5cde211b9b93082ce034b6cd5fbe9cfbac4f7e2404ef159766124f73017cc3600f3c81cd78db25fc3459629eaf20dfdb062c7e502aa69412381d847a9d254d5befc451cda3606f0bc8ae62e0aee928f9ed0b21d705a8d31b899e16445ee064563d32f7b6bb5ad197023cf528d9b329ec67815c6ddf27d2a6ffa7328bb993407cde3d166159fd49fe469254b84c2916daea8df9d69bef019f1351b9bce193e30278835b82ea5f60dc0bdd7f7452b7a820ae7cd6dc29d7ac6a6c1b6411711a96338b1e769146b2a385d282bfaae61b041166efafab2d89a4567b9460cc22d752f8e9aacaaa0db7c84879f5359662d55df6570d4214740851c74574ced733807cbb54571110410892394c3dea07bd4154d0e5689d57c3360207dac951f96a358e9c466a5c5113f3a632e184f57f075edef4dcc9721b963beb95df09dedf848260cbc1ebfdc7408218eaba6d2c51928cd37c4c0c9f321fbb0994a56947cfd9643056db5dbea60a241f8f004c932bc8e645b2ec2eb9bc4e9e2f4156293234d05e70cb26b8a370b0206c756bda6defc11c5eb386640f535a4ffb714168defc6d82f40d8f5ba8768537ead5773c53bd779ca899a2dd31c9138569ff5107c2fb12b804375c3b3dc9b828bfd550328adf358f71e86a0c49fb119f5ef9e06c13855cbfc7d1a62ca2ea655ed912a6dc7bb8b18656e8923fc7a1702ab36947d79384d681c31923e98cf40209f776bc2b219a7ccd139e756a905aa351e6eaae90770c8a193f96cd5c66e4d77a357985556e14333716d80204a5c390e0d76f4081afe917f99ad8a0976b3342f51854b374b4baa9a7f22124d2b82749446e30d9795acb9c3c3a305a6d273ac528e8e9c95c37a78e765fdda55982c2961fbc85a14fc095a78b4654ee6dfc3298749a639ab9c8e155af3a77f8a409ce174532a492ef550a140f774d77d732b3b4ca5bc41fa4488ce5957ce219b032ae1f585273748d81b19edcf3e6cb9a93ec24e41c6b3c472f9baf3ca46cb8b9a91df18acebe7d83bd4473750c4f26806da2f95b9ea48b342460af729ab15e9f033eda67feec645f985d4b9489cf6ceec1b100d007bf46c74be53c7ea17296f9c5b5cbae736491213c93b513009ebdecfcd60d46d7b86c6e3b5e288f2ba5867c07936e7bd1b00de52191eb8630ff82ccafb27a59295164751811bf74eff1e5e2abdf3c93bc5dc9814be83b2562477935e2fa30db7ebb6ec380170cf10c1f98f8c5eb71c730c2b31b55a1dd1c12a64802ab95b63c529e0a96cec8f38680221d6089926d8309796c79994d63b67bfb62f66b4a502f30ed12be41e896e88bc45a160a526fbd5f002e677322f116ec5740d7563cd23ee853c008b84998e38fdf158556e28a532573956e7c00f91f08ca245c295a3d5e003a99ea727f61d12893b435d4c8f2f5cce00c6a3091e2a47f290c07168975c53d7529b71d10faf42d2bac9db8d53669cf59c709c25e9e40b5feaed4c37dde8b84c4961c00712326fb6aaa06e80d766b40b72480f3971def61d1d129676df2478e778d899ed317426ec33e496d1fdd2ec27128f8faee92828e13da72d6aee8330a7988ea1cc8b64ec4d8b20990864c16c52c4be6d00b304b87d97bffdd9c66a740b517223089d9f3f414abedc53c768dab9220b980e6c18d5f20ba8994cc8886d7bdee213442f456d79fce1b1eb48fbf600a666c8ade24d118e6328251cf7b57a6285c650e019850f392b1c29aec5c8fc489a3819d60d5de377d4c11b8ee5625b7c02c5d50d2af3397006f2e2a41a06f039229eef5878ed91f9f6be7e988924dbaeb8455f616275e8698d93fb536e2c839b203aa69bceceddbf9c53f8addba53d50ca0f7a4729a42ac6eb757f1b408ad4a0147546173e62f7621eb18a9e1681510cceb48e0a30ab7a1bf71d56742d5f034f2d725e7ea68a011dbb100fa6eefe4ee093873de366d34f4240ca027a25c5b979c9ac47dd1dcb6ed82c4aee09dcc23cf329a8644f89b5cf00e5683934b1837574e9b39b31b1009f276e15aa040959fdf100838ca3f5ab17e45036668d06044e3a13f3a0a6f68579e50d5b0164f900d7bcfcde78396cf30f0b1dff76dc397ab1a5a44b207eb1eaaf73b945c575029ae2dce20724991e6550155ded6a42672609f2439c5aab4882b2ffaf7da787b71d05d15516bd68c6f1a9d79b675395845f24ee853f877e72c14b6c6702f7b8775ca1bfabbbcf4019f7bccf07f1c211531dfc66a7a1df79e92a20dd1cbe1b22e1209e7e3ecb9d3c2450fc22a57bfe09bd735f61c361cdac2488ae0adc7885edc0712655daaf535e1de96ccbe7869d531d8bf3db512fbd17c772332a3f8cf1e052ee0202eb99a36a0f8d7219888acbb57090cdaf3b28e1e62e8fc2ec237bdf18592a7afe4d8390dcb5e7fcc31bf4f797e6f5710070902265cc2e8c459b7da1451046abd6c8c5b02c0be2d2f505a65376266563ac7b59ef3b4e2570a6cb0bd94d46ad861317c743ce1de12bfa2295a98cdded4414d87a1580b1e4675bbdf73a22cac4a1d8d456d089e0b60cbfd16158f073bd1dac481db49fa5d8801d0fb0844b4afec1bab4e61fa0f381fa667880a1cd8163953be7b591cc9dfd7f91902370b783ae8a0f3c7cbefa7d229a37c00f523529e159b11d2e240629b64af2d11404773e991207a722c320221ce23baed7cbe40a440c5680814b122cfba9092fe03478f85adcbdeacb76d6cbf2491eafae98327b278e267821a0e1cd06ef90cb0328e246c19d8c63b9332291a89bc9f989effc675c79a870ac024756c6f5a7e32babd69625d61487ae7399490b70dd0fade7d70ad9b0757300a2dde77abaff4f63a0303853589d44efa968e10d36561f04408ad0cc227fc6b2f904cead189a0fcca9b2e6cbde5498652e0b3bc9d8b7921474403718feb5cc750dc70f5a9b1a0ae2c642015b6a1a8ab0572182b4e39e0c869cbdc60c9465f5d564d18ba2f5b3bc3e05a458744077430c5ea031ee02dd8f0a65d7dd8d90dd9b8717f77d202239a5778719423fb2aec7ca86eb07c39de65a34b988d65377a7473e9145f16d79593e96903330bbf3a8024fc15519d9baa0fae2018786f4b1846fca355ff0fccf65cccad1896309a5ccf2056dd542c929850cc91cd655962360fe316557ab3fb378328f77a07d9da24447d3fa2020b382ed2e808ec9529a01273434c64b0b7c35a06a019e4ab51cdc9c0f266ab25b6984338a0ba910d1060283b636c5d7e8a3f969c1ee1c99b54bba7ff3679fbeecbb70349f076480a867cc4ee4cacaea39c80f642533599486d2ffb77b8c9109a9d25fa0b06e58eca764f7d56469eb9547036bbea9d5c3d35b4c1fbc3d39a372c2b7ad184965cad3819c8928f1588d00949949c0c4c93d30ac7f6665247c0108bd89dff3aafe780ac66febfacc8c6a3cc387d09da6de700487a80e2c8d56df94d7ebd3e1d9e06411a6c5f7eb6da41c6f52997b5ad47ba985261103fdf12eb4a2828b248f652ef00b6abccab2eb161b878b9dbc0aa911405b6f67adda83c16187748d7b524ffe6381f489f432d592e6171bd9ccb2cd52f977143f57fbf2ab0b823d449ae55f02440972334344cda01837b93afa4f46a2fdefe27e92764cf9596780846de2e3b1ea83e62ee43b1c05aee675e25363504addfaa68e7c53ed685413f5ba951f120d0a646e474872c81e5a887464c19f8460ae814ffff24cb51dd2dca28d597ab2ea60949f8dbbe67f263e722fdb51bce4e328a19f5ff1218e1f63b8da6d40dbd5490964499b2522ea323310634893ead661407966207a66ab13adfcf1a725ed14339c46011c0e0401f2386b47cd9f902fdf84bc85e74d3ae7cc544e4d65670a554a537712c6ee9f75191631d2a4c4da06fc38423b1d5b828d7201235b2974164f52aa16bee70ee509250752f4fdd6b9f8d021943df8320682a6f80ff0d67ab7a4ceea807bd5b3b7b6380b0c7f0caa67b0208ba71317f0355a3b755af0e2c007186389438615df80b7b25104a733fc90625b62682198733c0f1625dfaa08cf81e3df043094b7b5a098b3b36f803b5b0f10a057bf814ae3579932c0a5f208985bab3d817f975283b8838ae5cb709be72b58df7425e059fdbf4e0ee51b3da01fe0b44963c1196baee5ec5909ad80d9d1660f3edd90374952a0bf8b3bece2c2f944593f4de7de5e05ded096b8f4f05d65dfc2e806f78220d84b3db564fb12f4e5e8f5eab316591f004e9374cce8e787263bc3827affe6793c130b8621d3bbb2a86fd87f070ea21718281ee7aec4bb3bb71af4bf5721cecd139c4be8c9df4ec8dfb09a5cf1d86a25d39faa9f064a997c214f334e4410917fc3b4d67ada8d87a38c0f86b02bf653dddaeb5b75b300f8bcfd792858bef8ab23e063421939c59212964c9ed5dd56e215db58cef53d31a966bb8ce4ed56287fecb3a85ba435e0b41b20ba1164b9c9f2c49fa0f7b17a89e0ec47eefe992d63ee29c8c0a1ece2664fee8edadd43636a54c48519b4fcf55b0d9103602b92441a5f85cf8c5e406d0f5815f8f37309934bd78fbc2acf0a03b051b4528db4f7c09de7d0aabafca3736b8259c818ca338ca6754e0747717c2794d664a1cacc1e9c52764a308e6df73d975638630b74cce6c49b1bac16454e96852c4f9d8ed118e86d2f1c8dc33bccd4a07be128db5e80f5684ddcc1158e744411acde590f902f0987cfb750bb5bfeed53bff076868986b566d7701f48ddfcacbd325c8d930bcef26713bf60585d5c991e2a6cc33ccbc27f7ddfba18f998497c2eb378cc8f2cc07a1b4f141c5e0fb6f52e18242e505bcf6dd20e33a469d056a0b4fd5e72d0da9d0bcce1e2f9e9dc7d1c7b6cb0f3604287eca", 0x2000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x90, 0x0, 0xffffffffffffffff, {0x5, 0x2000000000000007, 0xfffffffffffffffc, 0x0, 0x0, 0x10000000, {0x2, 0x401, 0x3, 0x4, 0x0, 0xfffffffffffffffe, 0x47, 0x0, 0x126, 0x6000, 0x10000, 0x0, 0x0, 0x902, 0x1}}}, 0x0, 0x0, 0x0, 0x0, 0x0}) write$FUSE_INIT(r0, &(0x7f0000000440)={0x50, 0x0, 0x0, {0x7, 0x29, 0x0, 0x400040, 0x80, 0x2, 0xfffffffb, 0x2, 0x0, 0x0, 0x0, 0x1}}, 0x50) r1 = openat(0xffffffffffffff9c, &(0x7f0000000a80)='./file0/file0\x00', 0x0, 0x3) ioctl$TIOCGPTPEER(r1, 0x400c0930, 0x7) 21m52.194479898s ago: executing program 4 (id=1955): r0 = socket$nl_route(0x10, 0x3, 0x0) mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={0xffffffffffffffff, 0x0, 0x2100, 0x0, &(0x7f0000000100), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50) lseek(0xffffffffffffffff, 0x851, 0x0) execve(&(0x7f00000190c0)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x1c3425, 0x0) execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) execve(&(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000180)={[&(0x7f0000000300)=' wO\xd5\xce\x82\x89r\xa0\r\xc4Z\x15\xfds\x17g\n\xee\x9f\a0\xc3\x80\xbf\x80j$\xe6Z\xde\xf1pc\x96\x8f\xb5\x9d\xe3\x11m\x88~\xe3\xc7\xe3\t\xab\xbb@\xd9\xf8\xa2N\x03\xcf\xe4\xd6\x0ew\x10\xc2\xaa\x84bC\xc8\xd0\xe07\xa1\rIa\xb1^\xc5WG\xccV\xd3\x91\x84x\x9d\x8eg\x84\xeb\x9e;\x8f\xa1\xa3\xcf]@\x82\xcf\x01$;\xd5\xc0\xa8\xc8r\x0e_\xac\xef\xf5\r\xd5Q\v\b#E\xcf@a\xa2\xaa#\x13S\x04\x12$\xcb\xbeV!\x1d\xc7\x84_\\ \xc7oh$\xc9\x06m']}) ioctl$vim2m_VIDIOC_S_CTRL(0xffffffffffffffff, 0xc008561c, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000005c0)=ANY=[@ANYBLOB="580000001000030400000000fedbdf2500007400", @ANYRES32=0x0, @ANYBLOB="0008000007500500380012800b0001006272696467650000280002800500190002000000050017000000000008000100810000000a0014080000000000000000"], 0x58}, 0x1, 0x0, 0x0, 0x800}, 0x0) setuid(0x0) 21m51.065442275s ago: executing program 4 (id=1958): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000120000002400000008000000850000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000005c0)='sched_switch\x00', r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x90e7d000) mprotect(&(0x7f0000ffb000/0x3000)=nil, 0xffffffffdf004fff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000340)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000340), 0x48980, 0x0) ioctl$TIOCSETD(r5, 0x5423, &(0x7f00000000c0)=0xf) r6 = fcntl$dupfd(r5, 0x0, r5) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x3000001, 0x31, 0xffffffffffffffff, 0x0) ioctl$TCFLSH(r6, 0x400455c8, 0x20000000009) ioctl$TIOCSTI(r5, 0x5412, &(0x7f0000000200)=0x2) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x80383, 0x0) sendmmsg$inet6(0xffffffffffffffff, &(0x7f00000018c0), 0x0, 0x0) newfstatat(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x0) setresuid(0x0, r7, 0x0) setfsuid(r7) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)={{0x1, 0x1, 0x18, r2, {0xffffffffffffffff, 0xee00}}, './file0\x00'}) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RSTATu(r4, &(0x7f00000002c0)={0x6d, 0x7d, 0x2, {{0x0, 0x54, 0xb8f5, 0x80000000, {0x1, 0x3, 0x7}, 0x0, 0x1, 0x1, 0x7fff, 0xd, 'sched_switch\x00', 0x10, '/dev/sequencer2\x00', 0x0, '', 0x4, 'GPL\x00'}, 0x4, 'GPL\x00', r7, r8, r9}}, 0x6d) 21m48.091563227s ago: executing program 4 (id=1965): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) prlimit64(0x0, 0xe, &(0x7f0000000f80)={0xc, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = syz_init_net_socket$bt_rfcomm(0x1f, 0x3, 0x3) getsockopt$bt_BT_DEFER_SETUP(r1, 0x112, 0x7, 0x0, 0xfffffffffffffffc) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r2 = getpid() sched_setscheduler(r2, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000850000000800000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000780)='netlink_extack\x00', r5, 0x0, 0xb0}, 0x18) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000680), 0x0, 0x0, 0x0, 0x1f00c00e}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) syz_open_procfs(0x0, 0x0) r6 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r6) ptrace$pokeuser(0x6, r6, 0x358, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0xaa) chdir(0x0) ftruncate(0xffffffffffffffff, 0x2007ffb) ioctl$CEC_TRANSMIT(0xffffffffffffffff, 0xc0386105, &(0x7f0000000100)={0x9, 0x0, 0x9, 0x7, 0x9, 0x4, "0f93000000000000b96aff0793f30200", 0x4, 0x2, 0x5, 0xff, 0x0, 0x1}) sendmsg$NFT_BATCH(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000780)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000001714000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4010}, 0x4008050) sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000001000010000000000000000020000000a3c000000120a09000000000000000000020000000900020073797a320000000008000440040000000900010073797a30000000000800034000000007"], 0x64}, 0x1, 0x0, 0x0, 0x44800}, 0x0) 21m46.00598663s ago: executing program 4 (id=1967): r0 = msgget$private(0x0, 0x420) r1 = creat(0x0, 0x24) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x18, 0x5, &(0x7f0000000540)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10) dup(0xffffffffffffffff) socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$nl_route_sched(r1, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000380)=0x6) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000400)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbee7, 0x8031, 0xffffffffffffffff, 0x2000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) msgctl$MSG_STAT(r0, 0xb, &(0x7f0000000180)=""/81) futex(0x0, 0xc, 0x1, 0x0, &(0x7f0000048000)=0x2, 0x0) r6 = socket$kcm(0x2d, 0x2, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r6, 0x89e2, &(0x7f0000000340)={r6}) sendmsg$nl_route(r7, &(0x7f0000000500)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="4c000000680010002abd7000ffdbdf250a0000000800000008000100010080000800010000000000060007000a00000008000100010000000100088008000300ac1414aa08000100020000"], 0x4c}, 0x1, 0x0, 0x0, 0x20004800}, 0x4) r8 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$nl_generic(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c0000002d00090027bd7000fedbdf250500000008000a"], 0x1c}}, 0x20000086) msgctl$IPC_RMID(r0, 0x0) 21m44.771977867s ago: executing program 4 (id=1969): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000380)=@abs={0x0, 0x0, 0x4e24}, 0x6e) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(sha1)\x00'}, 0x58) r2 = syz_io_uring_setup(0x10f, &(0x7f0000000140)={0x0, 0xb423, 0x0, 0x5, 0x199}, &(0x7f00000001c0)=0x0, &(0x7f0000000040)=0x0) pipe2$9p(0x0, 0x80080) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000000)=0x400) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x40, 0x3, r1, 0x0, 0x0, 0x0, 0x80800}) io_uring_enter(r2, 0x3516, 0x3e44, 0x8, 0x0, 0x0) 21m41.939521392s ago: executing program 4 (id=1979): openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x1e8301, 0x0) socket$packet(0x11, 0x2, 0x300) socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_io_uring_setup(0x10e, &(0x7f0000000140)={0x0, 0x334e, 0x100, 0x3, 0x41}, &(0x7f00000003c0)=0x0, &(0x7f0000000300)=0x0) syz_io_uring_setup(0x2400, &(0x7f0000000240)={0x0, 0xbe44, 0x10000, 0xffffffff, 0x2be, 0x0, r2}, 0x0, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_io_uring_submit(r3, r4, &(0x7f00000001c0)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index=0x7, 0x0, 0x0, 0x1, 0x7}) write$UHID_CREATE2(r5, &(0x7f00000001c0)=ANY=[@ANYBLOB="06"], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r5, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f0000000000)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0, 0x52, 0x444180}) io_uring_enter(r2, 0x7277, 0x0, 0x28, 0x0, 0x0) 21m26.678244121s ago: executing program 35 (id=1979): openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x1e8301, 0x0) socket$packet(0x11, 0x2, 0x300) socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_io_uring_setup(0x10e, &(0x7f0000000140)={0x0, 0x334e, 0x100, 0x3, 0x41}, &(0x7f00000003c0)=0x0, &(0x7f0000000300)=0x0) syz_io_uring_setup(0x2400, &(0x7f0000000240)={0x0, 0xbe44, 0x10000, 0xffffffff, 0x2be, 0x0, r2}, 0x0, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_io_uring_submit(r3, r4, &(0x7f00000001c0)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index=0x7, 0x0, 0x0, 0x1, 0x7}) write$UHID_CREATE2(r5, &(0x7f00000001c0)=ANY=[@ANYBLOB="06"], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r5, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f0000000000)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0, 0x52, 0x444180}) io_uring_enter(r2, 0x7277, 0x0, 0x28, 0x0, 0x0) 18m4.339999678s ago: executing program 2 (id=2346): socket$kcm(0xf, 0x3, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000007, 0x38011, r1, 0x0) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x1, 0x2000) 18m2.101180225s ago: executing program 2 (id=2352): socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="12000000020000000400000002"], 0x50) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x50, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000600)={{r4}, &(0x7f0000000580)=0x2, &(0x7f00000005c0)=r0}, 0x20) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000000)=0x8000103, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000040)=""/15, 0xf}], 0x1}) io_uring_enter(0xffffffffffffffff, 0x47ba, 0x3000000, 0x0, 0x0, 0x0) 18m0.594721639s ago: executing program 2 (id=2354): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000380)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(sha1)\x00'}, 0x58) r3 = syz_io_uring_setup(0x10f, &(0x7f0000000140)={0x0, 0xb423, 0x0, 0x5, 0x199}, &(0x7f00000001c0)=0x0, &(0x7f0000000040)=0x0) pipe2$9p(0x0, 0x80080) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000000)=0x400) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x40, 0x3, r2, 0x0, 0x0, 0x0, 0x80800}) io_uring_enter(r3, 0x3516, 0x3e44, 0x8, 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) 17m53.027576517s ago: executing program 2 (id=2363): syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301) r0 = socket$kcm(0xa, 0x1, 0x106) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x24) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a80)=ANY=[], 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00'}, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$IOCTL_VMCI_VERSION2(0xffffffffffffffff, 0x7a7, &(0x7f0000000080)=0xb0000) ioctl$IOCTL_VMCI_INIT_CONTEXT(0xffffffffffffffff, 0x7a0, &(0x7f0000000000)={@my=0x0}) ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(0xffffffffffffffff, 0x7a5, &(0x7f0000000040)={{@any, 0xf}, 0x0, 0x1, 0x9}) ioctl$IOCTL_VMCI_CTX_GET_CPT_STATE(0xffffffffffffffff, 0x7b1, &(0x7f0000000140)={&(0x7f0000000780)=[0x447, 0x89b1, 0x9, 0x5, 0x7, 0x7, 0x5, 0x4, 0x990, 0x1000, 0x3, 0x8000, 0x7, 0x1, 0x0, 0x1, 0x46f4, 0x5, 0x5, 0x4, 0x5, 0x4b, 0x1, 0x1, 0xa6ff, 0xffffffff, 0x1ff, 0xcdf9, 0x9, 0x7, 0x2, 0x3, 0x1, 0x1, 0x3, 0x1000, 0xfffffffc, 0x7, 0xc96, 0xb92, 0x3, 0x9, 0x9, 0x5, 0x9, 0x2, 0x9, 0x9, 0x2, 0xcab, 0x7, 0xfffff111, 0x7, 0x9, 0x3ff, 0x2, 0x8001, 0x7, 0x8, 0x7, 0xb32, 0x3, 0x5, 0x0, 0x58b7, 0x2, 0x5, 0xe4, 0x5, 0x10000, 0x8, 0xfffffffc, 0x6, 0xbc4, 0x9, 0x2, 0x8000, 0x101, 0x8, 0xb714, 0x6, 0x8, 0x101, 0x92a, 0x4, 0x0, 0xfff, 0x32b, 0xfc1a, 0x9, 0x8, 0x0, 0x0, 0x0, 0x7fffffff, 0x8, 0x5, 0x4, 0x3, 0x7, 0x401, 0x4, 0x6, 0x8, 0x4, 0x38, 0x0, 0x4, 0xac0, 0xd3, 0xff, 0x0, 0xfff, 0x0, 0x2, 0x4f, 0x3, 0x3, 0x1, 0xffffffff, 0x6, 0x4, 0x755, 0x3, 0x40, 0x65f5, 0xfffff801, 0x4, 0x0, 0x3, 0xa, 0xd86, 0xffffffff, 0x7fffffff, 0xff, 0x0, 0x8, 0x3, 0x2, 0x8, 0x8, 0x8, 0x3d, 0x8, 0xf, 0x6, 0x7, 0xa1, 0x5, 0x5ef5, 0x5f0, 0x7, 0x6, 0x0, 0xe, 0x63, 0x0, 0x1, 0xa7, 0x3, 0x40, 0x2, 0x3, 0x1, 0xffff0001, 0x40800000, 0x95, 0x8000, 0x0, 0x4c0, 0x5, 0xdfd, 0x4, 0x5, 0x9, 0x51eb, 0x9, 0x7, 0x1e38, 0x8, 0xffff047c, 0xd, 0x0, 0x2, 0x7b, 0x6, 0xffff, 0x5, 0xfffffffe, 0x2, 0x9, 0x3d, 0x4, 0x8, 0xd, 0x7fffffff, 0x4, 0xffff, 0x22, 0x6, 0x8001, 0x6, 0x5, 0x0, 0x7, 0x400, 0x6, 0x5, 0x401, 0x8, 0x9, 0x7, 0x7, 0x9, 0x1, 0x9350, 0x66, 0x9, 0x4c3, 0x1, 0x2, 0x6, 0x5, 0x5, 0x0, 0x5, 0xffffffff, 0x174, 0x8e, 0x9, 0x9, 0x9fe3, 0xbc99, 0xcd3, 0xd700, 0x401, 0x7, 0x4, 0x9, 0xa, 0x101, 0x800, 0xfffffffc, 0x4f49, 0x2, 0x1, 0x6, 0x1, 0xb, 0x4, 0x5, 0x1000, 0x7, 0x400, 0x6, 0x100, 0x3ff, 0x0, 0x6, 0xffffffe6, 0x7, 0x7, 0x383, 0x40, 0x9, 0x6, 0x101, 0x9, 0x7, 0xf, 0x340000, 0x8c6, 0x62, 0x0, 0x3, 0x5, 0x2, 0x9, 0x9, 0xfffffffc, 0x7fff, 0x0, 0x7, 0x5, 0xff, 0x4, 0x5, 0x2b, 0xb32d, 0xfffffdab, 0x8, 0x9, 0x80000000, 0xf, 0x0, 0x8, 0x8, 0x1, 0xe3, 0xbcf6, 0x7, 0x8b9, 0x6b6, 0x7, 0x5, 0x3, 0x6, 0x1, 0x4, 0x401, 0xa40, 0xb, 0xfffffc01, 0x9, 0x2, 0x80, 0x9, 0x5, 0x404, 0x3ff, 0x7fffffff, 0x4, 0x6, 0x80000000, 0xc58, 0xc, 0x3, 0x10000, 0x4, 0x2, 0x7, 0x2, 0x6, 0xffff, 0x7, 0x5, 0xd, 0x5, 0x379, 0x6e9f, 0xe0fa, 0x1000, 0x7, 0x5, 0x0, 0x4, 0x0, 0x7, 0xffffffff, 0x4, 0x5, 0x3, 0xfffff100, 0x7, 0x80000000, 0x491, 0x3, 0xd, 0x4, 0x101, 0x1, 0x613d, 0x101, 0xd, 0x1, 0x3ff, 0x0, 0xc, 0xfffffffc, 0x4, 0x198, 0x61, 0x1, 0x5, 0x0, 0x9, 0xf911, 0xb, 0xffffffff, 0x6, 0x5, 0x8, 0x3, 0x4, 0xffffffb5, 0x91c9, 0x4, 0x1, 0x200, 0xff, 0x1, 0x7, 0x3ff, 0xcb2a, 0x8001, 0x3, 0x700000, 0x3, 0x8, 0x9, 0x7fffffff, 0x7d17, 0x400, 0x9, 0xfffffffa, 0x8, 0x9, 0x8, 0x2, 0x2, 0x5, 0x4, 0x595, 0x20000, 0x9, 0x6, 0xfffffffd, 0x6, 0x5, 0x8, 0xc1d, 0x3, 0x3000, 0x7, 0xffffffff, 0x1, 0x30000000, 0xfffffff3, 0x7, 0x800, 0x10000, 0xfffffffd, 0xfffff816, 0x401, 0x7, 0x3, 0x388, 0x2, 0x7, 0xca1b, 0xf, 0x0, 0x7, 0x4, 0x8, 0x7, 0x80000000, 0x1, 0x3, 0x9, 0x9, 0x9, 0x747, 0xffffff61, 0x0, 0x8, 0x3, 0x2, 0x8, 0x1, 0xffffff11, 0x2, 0x1, 0x6, 0x9, 0x7ff, 0x2, 0x9, 0x4, 0x2, 0x8, 0x4, 0x2a8c, 0x3, 0x525d, 0x8, 0x4, 0x9, 0x2, 0xa, 0x2, 0x2, 0x15c, 0x1, 0xe34b, 0x7, 0x3, 0x150, 0x6, 0x101, 0x4, 0x0, 0x2c, 0xb, 0x4, 0x8, 0xfff, 0x56a, 0x4, 0xffffffff, 0xa4, 0x80000001, 0x8, 0x4, 0x1, 0x81, 0x7, 0x4, 0x1, 0x3, 0x1, 0xed90, 0x0, 0x7, 0x100, 0x1, 0x4, 0xb, 0xf2, 0x0, 0x7, 0x80, 0xfffffff1, 0xfffff65b, 0x40, 0x400, 0x81, 0x5, 0x8000000, 0x3ff, 0x3ff, 0xe1, 0x7009, 0xfff, 0x0, 0xf0cf, 0xf8ab, 0x8, 0xb, 0x9, 0xfffffb54, 0x8, 0x8, 0x80000001, 0xfff, 0x7, 0x2, 0x7fffffff, 0xffffffff, 0x8, 0xfffffada, 0x40, 0x7d0, 0x5, 0x7, 0x7ff, 0x7ff, 0x5b5, 0x8, 0x1, 0x10000, 0x9, 0x3, 0x5, 0xfffffff8, 0x5, 0x3, 0x2, 0x3, 0x7, 0x5f3, 0x400, 0x1c00, 0x1, 0xfffffffb, 0x80200000, 0x9, 0x80, 0x3, 0x910, 0x8e8, 0x8, 0xf7b, 0x5, 0x79, 0x1, 0x7ff, 0x9, 0x8, 0x9, 0x10000401, 0x2, 0x7f, 0x2, 0x80000001, 0x1, 0x6, 0xd47, 0xca, 0x2, 0x100, 0x9, 0x0, 0x9, 0x5c1fc33e, 0x4, 0x0, 0xe, 0x8, 0x80000001, 0x2a1, 0x0, 0x106, 0xfffffff9, 0x4, 0x6, 0x3, 0x0, 0x20003200, 0x5, 0x892, 0x80000001, 0x14, 0x4, 0x40, 0xffffffff, 0x9, 0x887, 0xffffffff, 0x3, 0x1, 0x8, 0x18b348da, 0x1, 0x8, 0x6, 0x1, 0x2, 0x9, 0x5f05d22c, 0x9, 0x0, 0x2, 0x6, 0x8fe, 0x7ff, 0x7, 0x843f, 0x2, 0x7, 0xd575, 0x6, 0x8, 0x4, 0x6, 0x81, 0x7, 0x50000000, 0x6, 0x15, 0x8, 0xffd, 0x6, 0x10000, 0x3, 0x6, 0x749f4463, 0x4, 0x7c20c2c4, 0x2, 0x5, 0x4, 0xfffffffc, 0x5, 0x8, 0x2, 0x8, 0x7, 0x9, 0x8, 0x1, 0x8, 0x9, 0xfff, 0x1000, 0x8, 0x401, 0x1ecd, 0x4, 0x2, 0x3, 0x7b, 0x1, 0x4, 0x200, 0xff, 0x0, 0x3, 0x5, 0xa314, 0x3, 0x10001, 0x9, 0x3, 0x6, 0x7, 0x4, 0xbfb, 0x10000, 0x6, 0x6, 0x1ff, 0x3, 0x7, 0x0, 0x4, 0xff, 0x3, 0x80000000, 0x7, 0xff, 0xbe, 0x4, 0xfffffffe, 0xfffffffc, 0x9, 0x34, 0x3ff, 0x8, 0x5, 0x8, 0x7, 0x10000, 0x0, 0x4, 0x3, 0x9, 0x7, 0x46, 0x9, 0xffff, 0x81, 0x7, 0x2, 0x0, 0x73d, 0xd485, 0xff, 0x9, 0x97, 0x9, 0x6, 0x2, 0xdc9, 0x5e9a, 0xffff, 0x80000002, 0x9, 0xfffffffd, 0x7, 0xf, 0xfff, 0x4, 0x8, 0x4, 0x3cb, 0x4, 0x418, 0x10000, 0x7, 0x3, 0xa, 0x3b, 0x6, 0x47a, 0x1, 0x7fffffff, 0x7, 0x40, 0x6, 0x81, 0x7, 0x1ff, 0x8, 0x10, 0x9, 0x1, 0x9c, 0xf, 0x6, 0x101, 0x3, 0x9, 0x6, 0x8, 0x7fff, 0x4, 0x8, 0x1, 0xffff7fff, 0x1, 0x3, 0x8, 0xb2, 0x8, 0x2, 0x7, 0x2, 0x5, 0x166, 0x3, 0xe14a, 0x7, 0x4, 0x8, 0x7, 0x9, 0xffffffff, 0x6, 0x8, 0x2, 0xb6, 0x53c, 0x5, 0x5, 0xfffffff9, 0x3, 0x5, 0x8, 0x5, 0x1, 0x9, 0xffffff7f, 0x80000001, 0x5, 0x9, 0x2, 0x0, 0x9, 0x5, 0x4, 0xe4, 0x1, 0x0, 0x5, 0x0, 0xe7d7, 0x7f, 0x101, 0x10000, 0x5, 0xffffffff, 0x9, 0x8, 0xe44e, 0x2, 0x80000000, 0x4, 0x2, 0x1c0460d3, 0xfffffffe, 0x800, 0x8001, 0x1, 0x2, 0x9, 0xfffffff9, 0xa190, 0x81, 0x2, 0x8, 0x0, 0x86, 0x7, 0xb90, 0xcf, 0xf8e4, 0x0, 0xd, 0x7, 0x100, 0x8000, 0x478, 0x6, 0x1, 0xb57, 0x5, 0x7, 0x9655, 0x2, 0x0, 0xfffff5d7, 0x3, 0x9, 0x7, 0x6, 0x9, 0xe, 0x4, 0x7, 0x8000, 0x3, 0x2, 0x6, 0x6, 0xae86, 0x4, 0x7, 0x401, 0x3, 0xffffffff, 0x60b, 0x3, 0x2, 0xb, 0x1, 0x2aa, 0xffffbeff, 0x18, 0x2, 0x100, 0x7, 0xbffffffa, 0x6, 0x1, 0x4, 0x0, 0x3, 0x9, 0x401, 0x8, 0xffffffe0, 0x7fffffff, 0x0, 0x100, 0x8, 0x101, 0x10001, 0xfffffffc, 0x8, 0x7, 0x10001, 0x5a1, 0x4, 0x1, 0x7, 0x8, 0x7f, 0x3, 0x7, 0x7, 0xc8, 0xfff, 0x149, 0x0, 0x0, 0x717e17b5, 0x2, 0x5da47ea8, 0x1, 0x400, 0x6, 0x7, 0x25, 0xd, 0x788f, 0x6, 0x7f, 0x71, 0x1, 0x0, 0x6ccb, 0x6, 0x5, 0x9, 0xfffffa99, 0x1000, 0xffffffff, 0xb4, 0x9900000, 0xd, 0xfffffffb, 0x7, 0xc, 0xf55, 0x6d14e279, 0x6, 0x200005, 0x1, 0x3, 0x152358f9, 0x6, 0xf43, 0x81, 0x9da1, 0x0, 0x6, 0x7f, 0x8, 0x6, 0xa1f, 0x80000001, 0xfffffff7, 0x4, 0xf77f, 0x5, 0x3, 0xc2a, 0xffffffff, 0x6, 0x80c, 0x2, 0x13c, 0xae, 0x2, 0x3, 0xfffffff8, 0x7, 0x3, 0xffffffff, 0x7, 0x8, 0x6, 0x1b04e], 0x6, 0x400, 0x8}) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x20000011) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000780)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0xd}, 0x2}, 0x80, 0x0}, 0xe07e872420dfefca) r2 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000140)="1400000023000b6c8cfffdfccabb00f90429fc60", 0x14}], 0x1}, 0x2400c000) 17m51.387472982s ago: executing program 2 (id=2366): socket$alg(0x26, 0x5, 0x0) syz_open_dev$vim2m(0x0, 0x2000000f5, 0x2) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r4, 0xc0045516, &(0x7f0000000000)=0xffb) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r4, &(0x7f0000000200)={0x1000000d}) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000003680)=@filter={'filter\x00', 0x42, 0x4, 0x4a0, 0xffffffff, 0x210, 0x318, 0x318, 0xffffffff, 0xffffffff, 0x408, 0x408, 0x408, 0xffffffff, 0x5, 0x0, {[{{@ip={@multicast2, @private, 0x0, 0x0, 'wg1\x00', 'nr0\x00'}, 0x74000002, 0xe8, 0x210, 0x1ba, {0x46010000, 0x2c000000000000}, [@common=@unspec=@limit={{0x48}, {0x0, 0xdf6, 0x0, 0x0, 0x0, 0x9}}, @common=@addrtype={{0x30}}]}, @common=@unspec=@SECMARK={0x128, 'SECMARK\x00', 0x0, {0x0, 0x0, 'system_u:object_r:removable_device_t:s0\x00'}}}, {{@uncond, 0x287, 0xe0, 0x108, 0x0, {}, [@common=@unspec=@cpu={{0x28}}, @common=@unspec=@limit={{0x48}}]}, @REJECT={0x28}}, {{@uncond, 0x0, 0xb0, 0xf0, 0x0, {}, [@common=@unspec=@connlimit={{0x40}}]}, @common=@inet=@TCPOPTSTRIP={0x40}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x521) r5 = openat$cuse(0xffffffffffffff9c, &(0x7f0000001300), 0x2, 0x0) shmget$private(0x0, 0x0, 0x0, &(0x7f0000b39000/0x3000)=nil) write$FUSE_DIRENTPLUS(r5, &(0x7f0000003740)={0xb8, 0x0, 0x0, [{{0x7, 0x2, 0x2, 0x7, 0x3, 0x9, {0x2, 0xfffffffffffff430, 0x5, 0x7, 0x1, 0x66c, 0x4, 0x14000, 0x5, 0x4000, 0x8, 0x0, 0x0, 0xfffffffb, 0x4}}, {0x6, 0x1, 0xc, 0x9, '/dev/video#\x00'}}]}, 0xb8) ioctl$FS_IOC_SETFLAGS(r0, 0x40186f40, &(0x7f0000000440)=0x1f) 17m49.537862811s ago: executing program 2 (id=2369): fsopen(&(0x7f0000000040)='zonefs\x00', 0x1) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) openat$zero(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$inet_smc(0x2b, 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f00000021c0)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000004200)={0x50, 0x0, r2, {0x7, 0x29, 0xfffffffe, 0x2045404a, 0x0, 0x40, 0x2, 0x0, 0x0, 0x0, 0x20, 0x76}}, 0x50) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000d00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x90, 0xfffffffffffffffe, 0x4000000a74e, {0x1, 0x0, 0x0, 0xffff, 0xfffffff8, 0x84, {0x2, 0x5, 0x7, 0x74, 0xffd, 0xffff, 0x7d59, 0x7fff, 0x4, 0x2000, 0x7f, r3, r4, 0x78002, 0xff}}}, 0x0, 0x0, 0x0, 0x0, 0x0}) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f00000004c0)={'vlan1\x00', &(0x7f0000000480)=@ethtool_eee={0x17}}) ioctl$TIOCGPGRP(r5, 0x540f, &(0x7f0000000180)=0x0) prlimit64(r6, 0x9, &(0x7f00000001c0)={0x7f, 0x2}, &(0x7f0000000240)) quotactl$Q_GETINFO(0xffffffff80000501, 0x0, r3, 0x0) madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x3) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r7, 0x29, 0x1b, &(0x7f00000000c0)={@ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x1, 0x0, 0x0, 0x0, 0x400, 0x7cb}, 0x20) syz_open_dev$usbmon(&(0x7f0000000000), 0x80000001, 0x82002) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000600)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1}) io_uring_enter(0xffffffffffffffff, 0x847ba, 0x0, 0xe, 0x0, 0x0) ioctl$FBIOBLANK(0xffffffffffffffff, 0x4611, 0x4) 17m32.663647708s ago: executing program 36 (id=2369): fsopen(&(0x7f0000000040)='zonefs\x00', 0x1) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) openat$zero(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$inet_smc(0x2b, 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f00000021c0)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000004200)={0x50, 0x0, r2, {0x7, 0x29, 0xfffffffe, 0x2045404a, 0x0, 0x40, 0x2, 0x0, 0x0, 0x0, 0x20, 0x76}}, 0x50) syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000d00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x90, 0xfffffffffffffffe, 0x4000000a74e, {0x1, 0x0, 0x0, 0xffff, 0xfffffff8, 0x84, {0x2, 0x5, 0x7, 0x74, 0xffd, 0xffff, 0x7d59, 0x7fff, 0x4, 0x2000, 0x7f, r3, r4, 0x78002, 0xff}}}, 0x0, 0x0, 0x0, 0x0, 0x0}) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f00000004c0)={'vlan1\x00', &(0x7f0000000480)=@ethtool_eee={0x17}}) ioctl$TIOCGPGRP(r5, 0x540f, &(0x7f0000000180)=0x0) prlimit64(r6, 0x9, &(0x7f00000001c0)={0x7f, 0x2}, &(0x7f0000000240)) quotactl$Q_GETINFO(0xffffffff80000501, 0x0, r3, 0x0) madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x3) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r7, 0x29, 0x1b, &(0x7f00000000c0)={@ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x1, 0x0, 0x0, 0x0, 0x400, 0x7cb}, 0x20) syz_open_dev$usbmon(&(0x7f0000000000), 0x80000001, 0x82002) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000600)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1}) io_uring_enter(0xffffffffffffffff, 0x847ba, 0x0, 0xe, 0x0, 0x0) ioctl$FBIOBLANK(0xffffffffffffffff, 0x4611, 0x4) 14m41.557954263s ago: executing program 7 (id=2605): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000120000002400000008000000850000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000005c0)='sched_switch\x00', r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x90e7d000) mprotect(&(0x7f0000ffb000/0x3000)=nil, 0xffffffffdf004fff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000340)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000340), 0x48980, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f00000000c0)=0xf) r5 = fcntl$dupfd(r4, 0x0, r4) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x3000001, 0x31, 0xffffffffffffffff, 0x0) ioctl$TCFLSH(r5, 0x400455c8, 0x20000000009) ioctl$TIOCSTI(r4, 0x5412, &(0x7f0000000200)=0x2) newfstatat(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x0) setresuid(0x0, r6, 0x0) setfsuid(r6) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)={{0x1, 0x1, 0x18, r2, {0xffffffffffffffff, 0xee00}}, './file0\x00'}) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)) 14m35.023109895s ago: executing program 7 (id=2617): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000066000000004b64ffec850000006d000000c50000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) dup(0xffffffffffffffff) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0xffffffffffffff2b, 0x0) ioctl$RTC_AIE_ON(0xffffffffffffffff, 0x7001) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$packet(0x11, 0x7a6f938d2aadffed, 0x300) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000180)='hugetlbfs\x00', 0x800001, 0x0) r4 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)="5c00000026006bab9a3fe3d86e17aa31106b876c1d0000007ea60864160af36504001a0038001d004231a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb5b64f69853362ac3407173ec", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x4080) mmap(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x3000008, 0x12, 0xffffffffffffffff, 0xabb35000) recvmsg$kcm(r4, &(0x7f0000000940)={0x0, 0x0, 0x0}, 0x40000100) ioctl$COMEDI_DEVCONFIG(0xffffffffffffffff, 0x40946400, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x13, &(0x7f0000000240)=ANY=[@ANYBLOB], &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={0x0, r5}, 0x18) socket$nl_audit(0x10, 0x3, 0x9) 14m33.616534508s ago: executing program 7 (id=2608): r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002040), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000002080)='./file0\x00', &(0x7f00000020c0), 0x0, &(0x7f0000002100)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) syz_fuse_handle_req(r0, &(0x7f00000021c0)="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b39de2c5000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000190000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dfff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d3aa35dd00", 0x2000, &(0x7f00000041c0)={&(0x7f0000000000)={0x50, 0x0, 0x10000, {0x7, 0x29, 0x0, 0x100000, 0x40, 0x0, 0x0, 0x457, 0x0, 0x0, 0x2, 0x2}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_fuse_handle_req(r0, &(0x7f0000004300)="d5c2280baf4e05cfa1d1112770cf43a123827586f0f2675b130041ff58ba6533ea7947f2f65b1d458fe88a96133ea3927f41fa6976fad8c967c88679769ee674b80debcd1ec6ce1eb490888bd66a52141fa82f51882b22a8e36ff462b51560307cd0048156800ad137f359719a9c5d6ad6a8c999984f22461c4ca6614ca4cbbd5e9103a3459228e3bd35e3c1cd5f2a83fbefafe7c5a39617ba1d856f37977da077ffcf4d52f5bb3feffa9e100b0279cb635a61ae9f5f4491bb1c9f04c041818a1ae9a25cbca38c4b4754a8be4f52db20ca464b3b4faf0ea8ff193b414e7b7a4ec8aec2e77adc43d09c62d37fc0aa6296a56a9445f264a245d41e77de43c2694cc5885ebd454a3b78b60172e3e6a2fd79efa8b5fbbe827512aa0656920858da51616244ad32e53ed039a270c042662bc966a8fa05e23a51c76585a6f753e57c63b5a1dd11c4ce8773702c5c759471b79ee9bed600d99853afda9b675f071bdf6ff4eb99cb1ae0128ac1f8132f9b7bef82221276395e59f1323c9f9f6bb937a9db0bc2088670ffc3e6233ba73d4e324df7bc866e84e82ab707ab8aadd593913dd3533cddb396e804a63155ad6911962bc49bad21faba90b5570b62d98eb5328214a7198b36ea6df9a72dc248311040e01539112e1d6bcb4ed9d7fb70d22768ec6603e4727b6ed2616eb9108524985ccd70f1361f68b1fb7088829acdd59ec5af9e84409737f0d852a3c55993cb7398b5640c458bc036115b86de7b8e68f1cff882ee5707040571c3e5c9602c773459cfecad4917d8ba2902bd64a676e2c6e507d06dbc806c13c0fd18175087440ce7d7300dfe745b8e98ac63b400e449a3f2518c6112c9864fde68f580ebc2d72e4bbd03f16a7289be813c258b02f76ce901afdafc69046c947c9e801ac635b2a95cca291c052c7f8149c92aaeaab41edb34a70604a7538c4bb6486b983416843fe6a65d7b828d66deb991e71526b7627e71c6a795a02e787bc561ec4b65d4742a129c59bc71b323850cb416f3d32494d6dbfe3ea73cb473b093ae0b0ebbbd3e3251ece756b3cc381f05ea1b8c3f7fbcbb16fc446fc084725e6c3a608221aad8d8179112f9e5ee3697346a0dc0645e530df523cf4daea14764c25da2da863adebaccefc2c83a9257b3131ac2fe04a27bf3aea8979b6f3091b4fef99e203725368d297bad3b020273d0b606d2368e2ecb0776349cb86bbcbaa5c910636527e3cbeca06b4135170d8808c5f113fcd77ecb2f099d1e663617a46ffc5275c8fcc339d315ca1583f66fe7a7e6430405c0be889826c07fcafa17f04e08bc39570a1f499092d390c5dba82d259f652307ff941e9f1f569a48144da846f14452df295553de6ef4e9ba0cd98dd16cf89d8bead08eacd4eea71cc5f8232349f2d8519b1172c724d3bbc415c19c9e679b5a96bc9051cf6f243f243366622023ab1b7039a89152e7db97f291bb3f0213c445c25caf5f0a5a2b382c841cd8a490dc97d008966e94ed0b5ce07bcc0c13b39c349e4b596147a633f3a73ab6012a1582d3d283293bd7c01f99cdbad8e18d24867c39ed0dc3fc3cc800edd23af24b225acb2cca5aa264bcda40e1432cf2cc0050efdff48fd49ae4225a983d1b12facbaaba73294eb225fff64a677d0ed2cd71bab61b3fde8a1fdae638d2036283a8a4ff5a548d05cb706f56ce7e3f55a688fa6c70393c53c33be11f34a38f61f80c8e94e50fc9d7c3695d234705bb9e0b2a8316cf54d7963f548d49f153bf796d0970ed1264c19d79eb77fd0aad4844796cec73a08206b9eca76f2ad76318a20d52e7d3338eac40d03775cca0c2b29a451cb10bc141289c2703198e7137200a360463000fab97d0da72a7b4e8aadfa8a2e559a7d06bf49d6d4a932cb29994ef7ca0c1beabf05b898bb2338e89a67373d50614300f13523fe451d4058e5a522d364ec884099ee3c6e6db8d4ec1e5dc08d127b6301a308a1d6798878c28ef828b91b529a22b7519d249a189a7eb942b94ce26148ea8bf16a44261cd9691ba980ec2d0c710dbee41756cb39b88213ad5763239ae7636e983580c41a40b0f3a3af9fa6f995ed1981d073f63a623554bb01869bdfda190bc8d9507cc067b897e1c5f0d087cf8dfcb171169541fa3cce7c3a620544c74f2d3234935a0acf6c804c43992812925cbaaa24f497e7a00efb20c45c7acb80adb3322cbe0f08d1015b40f5ae1366003ebea977b7b95f803487d10aedca3fd018cfa7b267dae604ed0ada202cbebd731f86b7c6764911d4ff0c75a318ee43b1b556781ac58fbd773b2bd0dd693f9b12fa149bbe392cb2d6bf72015912f4a120e47654d42d14107c67b4502b5ad62044d0022c7f8b255a3e46da4bb8f9e44515e4076ce7b1aefd57c4e264b2cbee4a9e8612ce8517b028067644c927a9ce7564449c8fb0471a87b9b76f374c7c2559379a3004326bdc91be5ec52672dc5fac0883ec527f2a1248601bb9267c3123568b815b90b40ba06c250e3068dee2d7fc232141eaaa130443a5775d049464ec454a7c980d9eebaa4f67a75075a6bc28ded9a5f07fe658a2b9eafa37f14055155409d1aa50be6343d13d515d0531b84644d2f58c280d6d008dee95607f67eb74c900f664d97f411f4ac6afc18f11b6fb75e78b3ff25680ed3bbf5b20969678475b86faa02a751e4cec87735645753f245047371c9e6e2e7ab5a9ea3182b4c96934a21b9df3628b478f5ef705aeda49a0609d4b8f5bf34424581557d029438306002fd4e9cff5a2d4e7d5e23c2992032d314b8fbb46ccda250070fc1b679c9c8646c5fe22d8fe2e0fff73d8153fc46ef7885aeaa2d1eabbe455544d46fdef8e3ef9debfe589870942bcc7196e62736e927c311782b5e4da2889d530a7c1550bff4909d2055941655cbcc5c924a477c80fc3b8a904cd9e62f5fb005b5b00154db5becbe327c0f3ec8314ef3fb53977ec24ff7d15aa83a13b23ab99c5332306023005d2dfb70d3ea2aefababd019ae16d304c083e38997cc94bdeb746fc151849c98dc2a23554e6fe789d3aba8bf4e31133c7f93a3cdcd884271dfdd2c45be398a5349ef5d08456178dfafa31cb4c607f09394d71b3405b3d615c7c59c125db88f72380140345d24c56094711dd833221d6b7c5864d049585605c1301c31982d19e403b601b797fe99d0bbfe30d647a913da72b4c5306f6123e7c572828308a9a8f4c686d07125d0006229c2e890ff7d3c354dde61ccd3b26069a81a98e112e61a930f253d607cda5023f002a09df6b1371638d9661c5a06bed166434f07120ad21476de8ad47296af4b449d581cddc74f9be42a84596fb0634f330a856216a9b32b080c8b66e9f51a758b9ca2e1215ddfe633714ca512032f6547217b1a60fcdb27ac8a04bc7851718b38607bc92c13118a323c3221bad99a8639762abcc4a08654da9938aeb301c55546f5ae7f61439dd883a1b2dede156a57c805ab12337d5381a2fb25b32916a8827fc4de8e2ecc70eeebeb01659d6bf88055477b863fb897d5db275a0c222d261e7df79474858b721e57747fe8997faaf36f5f175b23dd3c5efb2b93fb5824da18d635cd7027a3b0b1c87e7c90a5681682b8a7c47dc82fdd3f329c7b60270100dec8ccdd310245b92f4b0bd9a92e1f2a5733b1b91966be15a4761b06f6fe3b05b60ee7964b4d028257c2210ca88031db0590190d3714c1b6ec86e2821dca03db2fc0c9f0ad9800d1773c8037e9b38c7eb7c99618b731e0526f8453c7e1bb67cffcc2d96cc297e1f917b13dd7dda2a8b12191ed107c1e076ffd4965b9415f830be97935cac23a87f07e26354273c2663c7ef19a27dfe08543fa057e1285c909051602981f5929078214058684bc80bed493f6ef853012cb654d180e414fd484f5cb2cfd06c9b753f417697ff42794649e05fcaa3d53ad0fdfbb0db57dc549115e59978b14dd621370d136176098af2f39a2de72482a29b616e8b308b3d9b46ac9abf3d57ff89fe59b5a97966cc4b97d06c20ee4fd765e1c2abce54dc271a7c7efe656648800c27a9988583b4b76572222cb28916b9ff5f6f649de93923179809405c879a90cb450f604cbe8af55cf2a6d844a59ab0393b394e09c79e1b3c403af6eba69330f6969f78a49eb7022e77a39363f11e07fcc69f670f63c11497352f3f5bfea0aee446da35428cebe28f1c2d23ef3ff97e16ceeb2f88ab19b2b69dcdcc81b947b483cc06c776c52232489f86f4c377eb38056042e2e9e0943fc0ef1490df472b9b244235598894a2ffc296f0a2e4257baca6a3ea8cfb1a22ea8295ab9e5faaa2a9e964ae7625dbf945cdbb369265f429d475ab69413cc5bcb89af57b1b966bd0076f799a401d4b46e5045aceb1ef36e5bbfb037bb7681f2a38ef1df9b84baa3598201d13a813165355bf052bb5e456dc0abdefed995b4eb37a39b313af800f6029243a6a7bec75a23389a90034cac8df6713b919028a14649d756d0093550278aad494de2dfeb76220fd3ee5be31f73839ace7f0d6da650e26f5ded30471ed55d2e814fc1b89102e5917b4e58840ecc211eaffa5a2937abeb882ccdf29308e3ac30e23d66ee79c29b4fb7e793a55e344cac298e30f1ca3333df8b58f43126a3404a61501ce06b75e6e6a4bf13dbfb05efd7b9b4219efd428c8f7f345884640d19f5515abcce05f315f00e65d9aa8022890a23da45ede06f455d66e0c96bbf7e9cc74eddca999a51174b4784eba8a9ebed13415de6bd0f160443d43b78181cfa381313a54e25f6751a38f290e5972ff7f70692e18c4737af2a7f6d4eac52ea594a22be4fd00fac1484e6d2d4d3196b49212b49598f5bc77b34d8a3633cf7212c869557d6eb27bf0d0a02555d9318194e9de9c9730ac72daee7cad6c2d4b248a8744515670766a8f1c739917fb859d98974532477989f4c24345f120f5320fdb8d8d56fa6ff2511e701bab399513cecb3e740e3761d02685a765f5267554d0f9243b51620197adc3b561b59c58f334307220db357c1121d7dbf593898b5d2c505f333445c084a6cbc6a7e5252724c83fcee85e304534780a01e7ecceb2ef53ffb6bc6cb9051b1400493ce55d62c01e972fff3cc7d0b68a2dd4d263c9191df1b629e323797f570083f122db3df6abb6fd6c4a351bb7500c7241e4392ac76e04259968e517a43e907cb0b0533d6750b9587a1a5d852639c6b789d333e848e3ad66cbf19c5ee5a641036cb7a858f822f657dec36cc134d6c1a629cfce1f1e24dbb73d09fba04f53b2c6309d71d92211a1f08535244eefcbb52e095626bcc78b950db1cb8facc3660fa705dceef155b00aef3291367ffcea06b5abe588bbdcea2637761308dc65509798b6a494dae4a75c1922c1234248dbfcabfaab3088a0dad09a135a45d75105314020f3ba8901dc39ee624a32e9f863ff55844974b44e57b30302cd0c349f3cc091befd5665f918c298ba89454fb811ce573e41f27490853a52abd6144e85d77de88c3f2e5506c8de40a3957e65936f3b294ce92610b63cec888cb16fe0e8a7af3dd142da96b57f602cc64ba69966724584c2872e5fc42348a324ff082a3ecfded82c3e5b7292d3726c4800176acab6a7a1479a0b5fea79f299e90ffdb1b3843e2349b8f8dc7881145b3796380474c2ceb57e27726c9e50b746a2b12a214fea9cfd6c668363fe6e402710665118928fedb2f4900322b0c7d2c348881ea52278dae765c14b51fd5e8f000602aa3978d83b76056410c2260931e35d841793c8a36b191f93c33c0e4e6367ef45a1cf5145d774861224afbb11a7b77bb94492ec49827f713f8309d80d22e17701046e04c5b277f7b423cbbada01e6d40beb56e755e583b8f3de4b67c4b5ac83771b805fa7af49de2fc8b9a223293d83e7eb4eea3a3af1d1221e5d458e7cab60eaf1b51550a1b125ce018d76096f16d922f4aba48a728ec1b7d4812fe2ca789261b6d8e0c8edb3ba9007649084899c4f6b7986c1cb4a98d412c801fb91675ee42e2bb511bff6700772d3c03a7cb6adb41cbddc33053f8f65c164e9bd47b931510046506b169216d0a04edc479bc51c28acc536ced3834a7a9ce8fb55b72fa186a559437bf41f04b733e05986c915bc19f1b2f99d3bae6c13873d32e3c809b71881c3075f8dd1746f36409ac7934c25236ee2752560fcdd5175037a6fc5f0da58a229418ce30f3e64f9eb6ff3fe4498f47fdd69ceac5e792c8c9f087316f334b7f75e3432d3f1d03ee97c8f16485ec906c94e6c9580f7d03d98a8da85ec118b77c6c1d3b2e99fbf4b45e66cb4f8817f786d1f90e1e5e250be8c240a9648a219a02e62acbd72d1b0c0b42c75065a35664ea6a03cb05ea179f2e8e50e3d7ed53d31cdc10cf5fce48781fa338e3ee819f410540f045cb0edd7b2d219993faaa97cf95aa6144e889a02069421291d05eade30693a751039fece452c22d1afba081d1c40178fed7684cae475fcc365484118a184670cd7aa2758bdb01058ea9b244d5241f627bc5be11c9395e3cb839b0eac7842a312e1fc8b4ddae2aa4ef907ca5c9b847785051323e16d5497c4424289496277475bba67da750fa05bd8be730e4aabaeb94641fa2263dd3d4eb511b4fa40b8cf8b16d7aded1163f2258add79b04e1eb888afa27d057de2523863fc2da38d44cc69ae2d455900eede5fce69d7e9f8707cdb2456a45dda14d257eee4982f86259b855a0293068aa4aeff9439bc06c8ed5a370fe46fa88fa9bb92872166ac69152d1cbb4720eec5b9a057890cbb838aef12091454fe721395b46f9fa29ec1829fedf65aaec1176bb9eb15511bd77e7d4fe7321b3e0dfda95e5c90c3663956477885d6d94b280f58edbc77e864dca73536cd4988bcde2a3edb91704ad59148d85a001e393cebdb56ee088fa1033cdc6fbcbea30e2974035bfe29cee1eace13e30950bb4658886dae7e565ffd7b71e41feecbcac35fd97c81a8fff9d2a1d43f183c6e984671e06645eb0a60228d1b6c12c28bc6eaa4b9125c57b48ced2e199ed3acf12dbe10af4a56f2f5dca829fd07fc3f7e0de6913c73be0ada3e43bcbe70de784de699d0b51d7a56a3eacaf5d7dcd77d73cfb82e04633574213e05dc98850d822bc6dc90dc3fd6184296287342e2243fe6f0cf94e6d02a1b900d0c718e2afbe7fea2fafa375f209fb9cef5d844b861a1029aa3dd7081e81fe6501bbb413dcd23e013f279ef87e082335ade324b7688054992ccc63fbf9153213ab6d07ed0b79945d19639aaa5dd10e53aafe57f1e323300246cb1d6ede1eb1f319ca6fe1b0cc8e733b34818425888110b6eabe2db302310d0a8bcdd5342146b29c535cc9a95a455c8926d77323a31b948d47dc611815a329654a252fd09dbcec5f3cd8bc7e465759eb8e72ff6fd4ef1f375e4e8762a58148622d14480b7bb9aca2eeab3367a7376c9c85e6ba1735e56a2fcc6baf92c8d21942883f318eab7a568fc7ff01885a7089aa7661b15d73799bc0b8f8ce6a3b61adb6949965a223850b6825616c036e099952e04fde7cf086b5e76d45b86ab78b322f9af580173f2e798a39df7cade0d365c9d46d3fb36970f8a99d7b20a1b275afff852126f21ac24ca8c34deb49ba511f4d9edb4f56941aaaa477253f9bfc9a25a2694bbbe3b917074dd4eb6f1be20395ac33dd932a7ccf0604d64257b5af3faf271c145c190a528e471a7f23a53b5f9ea1bd0cc36410e9c538e91dd01d162edde856087b60dcba2042e65b6ae7b81787bd3308db9eb025b6fd930a9eb74a30883b83cfa8be5270dd3ee3408db7f7b136adebb3ee30f0e0b8835a0ded325363e4a2991cafd4a73483954c0f5d3358b25780608fa48f3f527c7e617ec12eb017df33f5088676d8bc476da251e608394e3d8fc0883fd4d1804f8e07f5e12ffa4ee80365a88abf29936bf1b255539fef95f5cf3bebcd26817edb28e7b6adf4851dcfe8aa1aa097f67c51557326ccf9c46ee2780d491e87774324d4dc5e199b0cdef01094ea72bd5ad5fe1be6c9d545df3dc5de550665d220718a2c0baed2833cfb1428e2d1c2b9ea1e29f4b07fd6c51492643d4000716cd1e8a4f9d58b6b04b805d8962495323fd62949b17348418201664c6f2f651f99d73f8d17bb5e52dba2e6f94fa33f816d74bb6a45bd6cbdbd07f530406227c8fd11f390e805bbc17bc0e81076a27c0be023b64777afec0a7a0c3f53f03bc2ca72ae2873d68217a1a6905f414c2cb1b9561dfd07850a026da5f5775a66f8f3a6bc29b48c8a81b06ba30994ba8e7e233e3a3a5d886767ea6de91fbfc0a594c2375d62e71c7209d87d0f6c7a79a0d80da328e93f08650ec745495c771410913d094e4190075b7225761172eb420c82ab493548f6de38e17d3e687a89ce77c67c58b875c48c8a4d1664cbc6f67df357e040444fcd515d92d5823fc3ef6485208b6f3eda8cd09ea3b004f7eb06ac268ae8c3bf571aa3f619222a47540f9af340c80c587f7226e3d715b18c3ee41f64777d3a0a09f32190ad67922f6ecc63c956a715c3c42a6aaaf5e588d119210083ceaa414820b62fef87a678cd3f24f8fa3cdb6629b041cd7555974313f56d1b0e117ea925dc95e18b5d3f4ba9812f1067022945c3f5d547370d45853c4db3c9ca4436d7e649e1ac3ec02f9c1e9139849b46027d4b276cb0eb4b09848999f466f528290e47ba9540ceca89390db3fcbacb1d566e22e917f01f4442bd4dd0d350d057ffdf5b3549ca559901e6ff5147bdc25c11b23f1678f02c20e4e2e6f339b262e2b82eae0b15b4227f1d514f99ec78fbcf80c8f6f243536f2d7a809de05ae5e1d676fe950ad3513f801bbe4d16737def4b5ec4b62f8562cd5432bd372645202edeb286662d7e8d0dadac5b91c903c2756bdc4f5a7c931f2c3f7feace2b83f5459a196000e2ed1e1b2accaa9d637d5e408340161331c4b0047bf2ab31d317bb1c8f6e1b3d52f9f240bd971a447942dd4b73301781656aad9ce9b01aed907b7eb3a78397b97e601b04a4cb028d327ef32cf20c34e8dad9c9b1f981ab5c06a2b0271852e2a1016ee460d8568391c9ece5a2b8f29cbc6f2d6cc2e66c30c96df548e67dd6ad8c1ff09dfa22b2e8b2c52a3948c4febb0910c2d34c0604a5ef930cd53be69a4bed9c9ee057178ece02a6b4df4624191590952888bdfafd2dbeca128d500872a8b236fba9623672c4dc15f56a761ee0c54026112fc464f72d3039587f009b94930dac0dbe444a939b38c0f5bce7aa366bfc2bb909db231178228846f71a56ab219e28cef1b102c1bfadbe8f0916d10a573b8cb38cc2cc2ec496a410a4e82847006d2ed4bac927a63a00416d0bfce59cc69aaf78ddc9566f23582999a655c8ad3b217486fb5a037ce089baf344d55bbd475be4e90b10e92c9c1bae3202c2d63355549f0ac95058724fea81ff9cec027e7b93e2cee43af81c6978fee5faf6216118785251b8ca023115b2f87d5d4b10c29aa3616628ab40a8ef36668ef57d7f9be505eabc01947ca222362818a71b3d63e5725a4d8a2c619b1867f70daa07703360d026d6f65247330be1ba84ddaaa7779591ca261beda4f4c094af65c5c276fe3bfb89f067c8c54af67e78f61bdc114ed4aa869c3adf282d7a8e7272579e9fd9e47611e0dc89f97561110e0141c69b1fa114e27b3d1e2c825ea008a370e08cd0a0610edef20cdd8a7cda0922fff046edfd2ff391a10ffce5dd6045619ce9af6b03f4193d858a76b201ed5beb0f11321707b7b593b23adaee4a0c0caf39dfeebcbd2948030435dc94ca00990c728502ec4686194f0f454304a422023c1b2c5b1ebbcd8cd50fa2d11361e3bbdc306e2739e27de300eda27b1c1ea62d773104cea77c18037c6bcc76423621b45abbe789b384bfdfb46efa1627ff29d9d840bf6e1f05e7e13fae6383e42ce153dcb062fa0cefd0fe9298ddbe77fd78d7036b5a815504b48267203da08ca685bfe8ae89c031074bbe5d3d6dcc6a3a8a8a4d3102765c3b714867f4516df62f214351b97bb8b5697a9f9a9dd78627342b239c524a3943d1d70f8cdd7391f05e7395731a8fc05210c6733ea256040bbbb53389229b84dafaaa3db1d5eca2971d9e550149461f1a672eae2319a99beed48934520666bc54b63085a744b5fc9a9b089b16c50ae945f74adcd4c5d064a12a6e103ef59bcc035a755ad31836eb7d04e5900d3800c822b96b466a9f6611f46b8a7d6131f91c625a5604de5bf01e5ca5d99a714c8dc1160260010f8d55f9125ee453b61c911bdf0824caa804c76d6512802875c5433de9b2e8b6c579a67fec5d2bc64ed3d1c313854221b75c9a0ed42af6f5354e7b1d1bf8661baa1261e68fc20d14b5652d25a536f208bff2b90fefa163a232696e655bcf95bed39355ec865e272fed582aae18858f5096ece40b9108efb00147f9c2ced59bfe2a79826851850ed95b35908dfb4d9ab7da0668a1fa8933ac4f6534e9598481477791fd1a1c269011ac9fe81f0491790e8aac121ffc00e38a7619a1855e6899abc2c670375a3ba4ac0cf652da89a70628cee1a35ae17b3490102e3c88ca324d06fce2151bc9de49472cf6e76ccb16d2a9cbf4161812e2c7758d73631024190fe9b71935de6968b289d3503b497f3f4b6306446ae9c312f8f1c63c1f7e62652173d9ed48cb128815bd44a12061f9b73fbdc6674ab9e0d01807f7bcfa0aa59168420e5ad8b72d7b576e273a1d229934fce2867689a41cb17767cf9defe1a96515a677ba08e10e187a3ce2f1d78e6b43b0d46c36163a1967b203df4f53379ee98422e973ab5c090adff21b5cc84fc78358021f681a0f0fd744f687e4f6c295470bf8f548d2d3dc841481dd51db9124cacde83bc9fef44a3e69e1cb28579d897f3013ac6133395328247fdcc152e5563678258936576196ced017c79bb6a4ea501a44cb25e5af1697afbdb3abb316837470ffdbe985ac3967334a90731602d3fac4f5c2758f04ec9c161a7cf330b7c7549fb62e6c15d07a7203c94edd3a8141c91b2029d6a90b14322337e6610822d9d7bff58c10d9c6cff71822f6456a421a65fdaa5d2c793f256a4e7a39f0d85d65fb95479eff79345c0615c9bbb4fb3324f9360b70dc709b0200042e8461b8cee9ce30beab3e276df48f41f001262fc14153f9764e13b50397442e00d7b11266bde10a3b7f83818086ff0015409679e4472d9e0215804fa9d21cebfa5cb5099cf88750cbeaaf58c2743f2746ea4cb73760ba88a07b91b68553716d563af5d7702219d0c600916dc54242d825c6d68320baf234a39f0b9ea9e6a4a72c4d5829b2f28508f54b33c7e0394a43fe23e7940d9b04bbe790d903a2d2c979e0ea79931b934d094fa2d5948c05cf278c341d788f2061ff617c9fa4700b1e1f0fbfa1b8c42848f2ea01cd318a8748c3336622ead25527ddbcd8a12ba3a5183f4419deb13558ed0ec99e73448c21ede0dbee9c01fc7675e54c60d4dee29c0f8fe81af6fe7b726f5d3c50dac634aefbf1ca6aa4df1b340a4109acf30939f6094c8591218729788111bfde98cd96d4b04b25bcd1bcb7f826241995573bae00", 0x2000, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000680)={0x78, 0x0, 0x7, {0xe, 0xcbff, 0x0, {0x5, 0x7, 0x9, 0x1af3, 0xa, 0x80000006, 0x5, 0x6, 0xffb, 0x6000, 0x11, 0xffffffffffffffff, 0x0, 0x800003, 0x1c00}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x800, 0x90) getdents(r1, &(0x7f0000000180)=""/211, 0xd3) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) mount(0x0, &(0x7f0000000240)='.\x00', &(0x7f00000000c0)='nfs\x00', 0x0, 0x0) fstat(r2, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setresgid(0x0, 0x0, r6) r7 = syz_open_dev$vbi(&(0x7f0000000080), 0x1, 0x2) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=']) mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) chdir(&(0x7f0000000080)='./file1\x00') symlinkat(&(0x7f0000000400)='./file1\x00', 0xffffffffffffff9c, &(0x7f0000001200)='./file1\x00') ioctl$VIDIOC_S_OUTPUT(r7, 0xc004562f, &(0x7f00000000c0)=0x1) ioctl$VIDIOC_S_DV_TIMINGS(r7, 0xc0845657, &(0x7f0000000480)={0x0, @bt={0x12, 0x0, 0x0, 0x2, 0xd59f80, 0x8, 0x5, 0x7, 0x8, 0x0, 0x2, 0x596, 0x7, 0x0, 0x2e, 0xd, {0xffff945a, 0xfffffaec}, 0x3, 0xed}}) 14m27.379144573s ago: executing program 7 (id=2616): socket$nl_route(0x10, 0x3, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb45, 0x100000000009, 0xa, 0x0, 0x3}, 0x0) r4 = shmget$private(0x0, 0x13000, 0x1, &(0x7f0000feb000/0x13000)=nil) shmat(r4, &(0x7f0000ff1000/0x3000)=nil, 0x400c) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000002c0)=@newlink={0x40, 0x10, 0x503, 0x70bd28, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_HSR_MULTICAST_SPEC={0x5, 0x3, 0xf9}, @IFLA_HSR_PROTOCOL={0x5, 0x7, 0x1}]}}}]}, 0x40}}, 0x0) sendmsg$ETHTOOL_MSG_LINKMODES_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)={0x14, r1, 0x301, 0x70bd29, 0x25dfdbfc, {0x24}}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x0) 14m17.810192074s ago: executing program 7 (id=2627): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000120000002400000008000000850000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000005c0)='sched_switch\x00', r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x90e7d000) mprotect(&(0x7f0000ffb000/0x3000)=nil, 0xffffffffdf004fff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000340)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000340), 0x48980, 0x0) ioctl$TIOCSETD(r5, 0x5423, &(0x7f00000000c0)=0xf) r6 = fcntl$dupfd(r5, 0x0, r5) ioctl$TCFLSH(r6, 0x400455c8, 0x20000000009) ioctl$TIOCSTI(r5, 0x5412, &(0x7f0000000200)=0x2) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x80383, 0x0) newfstatat(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x0) setresuid(0x0, r7, 0x0) setfsuid(r7) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)={{0x1, 0x1, 0x18, r2, {0xffffffffffffffff, 0xee00}}, './file0\x00'}) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RSTATu(r4, &(0x7f00000002c0)={0x6d, 0x7d, 0x2, {{0x0, 0x54, 0xb8f5, 0x80000000, {0x1, 0x3, 0x7}, 0x0, 0x1, 0x1, 0x7fff, 0xd, 'sched_switch\x00', 0x10, '/dev/sequencer2\x00', 0x0, '', 0x4, 'GPL\x00'}, 0x4, 'GPL\x00', r7, r8, r9}}, 0x6d) 14m14.411186212s ago: executing program 7 (id=2630): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) socket$inet_mptcp(0x2, 0x1, 0x106) fcntl$notify(0xffffffffffffffff, 0x402, 0x100000006) mkdirat(0xffffffffffffff9c, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r2, 0xc004500a, &(0x7f0000000240)=0x3) ioctl$SNDCTL_DSP_CHANNELS(r2, 0xc0045006, &(0x7f0000000080)=0x7f) ioctl$SNDCTL_DSP_SPEED(r2, 0xc0045002, &(0x7f0000000000)) read$dsp(r2, &(0x7f0000000300)=""/79, 0x4f) socket$vsock_stream(0x28, 0x1, 0x0) syz_open_dev$media(0x0, 0x9, 0x40b02) pselect6(0x40, &(0x7f00000000c0)={0x6, 0xfffffffffffffffd, 0x9, 0x40, 0x2, 0xd}, 0x0, &(0x7f0000000680)={0x7ff, 0x7, 0x5, 0x7, 0xffffffffffffff22, 0x2, 0x5, 0x8}, 0x0, 0x0) 13m58.848180235s ago: executing program 37 (id=2630): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) socket$inet_mptcp(0x2, 0x1, 0x106) fcntl$notify(0xffffffffffffffff, 0x402, 0x100000006) mkdirat(0xffffffffffffff9c, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r2, 0xc004500a, &(0x7f0000000240)=0x3) ioctl$SNDCTL_DSP_CHANNELS(r2, 0xc0045006, &(0x7f0000000080)=0x7f) ioctl$SNDCTL_DSP_SPEED(r2, 0xc0045002, &(0x7f0000000000)) read$dsp(r2, &(0x7f0000000300)=""/79, 0x4f) socket$vsock_stream(0x28, 0x1, 0x0) syz_open_dev$media(0x0, 0x9, 0x40b02) pselect6(0x40, &(0x7f00000000c0)={0x6, 0xfffffffffffffffd, 0x9, 0x40, 0x2, 0xd}, 0x0, &(0x7f0000000680)={0x7ff, 0x7, 0x5, 0x7, 0xffffffffffffff22, 0x2, 0x5, 0x8}, 0x0, 0x0) 48.56122186s ago: executing program 1 (id=3526): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) fcntl$notify(0xffffffffffffffff, 0x402, 0x100000006) mkdirat(0xffffffffffffff9c, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r2, 0xc004500a, &(0x7f0000000240)=0x3) ioctl$SNDCTL_DSP_CHANNELS(r2, 0xc0045006, &(0x7f0000000080)=0x7f) ioctl$SNDCTL_DSP_SPEED(r2, 0xc0045002, &(0x7f0000000000)) read$dsp(r2, &(0x7f0000000300)=""/79, 0x4f) socket$vsock_stream(0x28, 0x1, 0x0) syz_open_dev$media(0x0, 0x9, 0x40b02) pselect6(0x40, &(0x7f00000000c0)={0x6, 0xfffffffffffffffd, 0x9, 0x40, 0x2, 0xd}, 0x0, &(0x7f0000000680)={0x7ff, 0x7, 0x5, 0x7, 0xffffffffffffff22, 0x2, 0x5, 0x8}, 0x0, 0x0) 41.196777046s ago: executing program 1 (id=3535): r0 = socket$nl_route(0x10, 0x3, 0x0) mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) lseek(0xffffffffffffffff, 0x851, 0x0) execve(&(0x7f00000190c0)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x1c3425, 0x0) execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) execve(&(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000180)={[&(0x7f0000000300)=' wO\xd5\xce\x82\x89r\xa0\r\xc4Z\x15\xfds\x17g\n\xee\x9f\a0\xc3\x80\xbf\x80j$\xe6Z\xde\xf1pc\x96\x8f\xb5\x9d\xe3\x11m\x88~\xe3\xc7\xe3\t\xab\xbb@\xd9\xf8\xa2N\x03\xcf\xe4\xd6\x0ew\x10\xc2\xaa\x84bC\xc8\xd0\xe07\xa1\rIa\xb1^\xc5WG\xccV\xd3\x91\x84x\x9d\x8eg\x84\xeb\x9e;\x8f\xa1\xa3\xcf]@\x82\xcf\x01$;\xd5\xc0\xa8\xc8r\x0e_\xac\xef\xf5\r\xd5Q\v\b#E\xcf@a\xa2\xaa#\x13S\x04\x12$\xcb\xbeV!\x1d\xc7\x84_\\ \xc7oh$\xc9\x06m']}) ioctl$vim2m_VIDIOC_S_CTRL(0xffffffffffffffff, 0xc008561c, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000005c0)=ANY=[@ANYBLOB="580000001000030400000000fedbdf2500007400", @ANYBLOB="0008000007500500380012800b0001006272696467650000280002800500190002000000050017000000000008000100810000000a0014080000000000000000"], 0x58}, 0x1, 0x0, 0x0, 0x800}, 0x0) setuid(0x0) 39.788342666s ago: executing program 1 (id=3536): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r2, 0xc004500a, 0x0) ioctl$SNDCTL_DSP_CHANNELS(r2, 0xc0045006, &(0x7f0000000080)=0x7f) ioctl$SNDCTL_DSP_SPEED(r2, 0xc0045002, &(0x7f0000000000)) read$dsp(r2, &(0x7f0000000300)=""/79, 0x4f) 35.537232233s ago: executing program 0 (id=3538): bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @void}, 0x10) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0xc) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74}) ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f00000002c0)={0x1, r1}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1) syz_open_dev$video(0x0, 0x485, 0x40000) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x48c00, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(fcrypt)\x00'}, 0x58) socket$xdp(0x2c, 0x3, 0x0) open(0x0, 0x200000, 0x0) accept(r3, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xf}, 0x94) 33.120929508s ago: executing program 8 (id=3539): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000024002, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) read$msr(0xffffffffffffffff, &(0x7f0000002700)=""/102392, 0x18ff8) landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(0xffffffffffffffff, 0x1, 0x0, 0x0) r1 = socket$inet6_icmp(0xa, 0x2, 0x3a) bind$inet6(r1, 0x0, 0x0) write$RDMA_USER_CM_CMD_BIND_IP(0xffffffffffffffff, 0x0, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, &(0x7f0000000180)={0x3, 0x40, 0xfa02, {{0x6000000, 0x6e24, 0x40003, @mcast1}, {0x2, 0xfff9, 0xc00, @remote, 0xffffffff}, 0xffffffffffffffff, 0x3}}, 0x48) r2 = dup(r0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r2, 0x0) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) 32.633236821s ago: executing program 0 (id=3542): r0 = syz_io_uring_setup(0x5c2, &(0x7f00000002c0)={0x0, 0x3594, 0x10, 0x1003, 0x21e}, &(0x7f0000000240)=0x0, &(0x7f0000000340)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0x2a5cc081, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000004c0)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x4, 0x0, 0x80, 0x2, 0x0, 0x127}) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) io_uring_enter(r0, 0x6efc, 0x3900, 0xb, 0x0, 0x0) io_uring_register$IORING_REGISTER_SYNC_CANCEL(r0, 0x18, &(0x7f00000000c0)={0x1, 0xffffffffffffffff, 0x0, {0x5, 0x5}, 0x1}, 0x1) 32.445546453s ago: executing program 8 (id=3545): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000024002, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) r1 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0) read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8) landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(0xffffffffffffffff, 0x1, 0x0, 0x0) r2 = socket$inet6_icmp(0xa, 0x2, 0x3a) bind$inet6(r2, 0x0, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, &(0x7f0000000180)={0x3, 0x40, 0xfa02, {{0x6000000, 0x6e24, 0x40003, @mcast1}, {0x2, 0xfff9, 0xc00, @remote, 0xffffffff}, 0xffffffffffffffff, 0x3}}, 0x48) r3 = dup(r0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r3, 0x0) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) 30.961486434s ago: executing program 1 (id=3546): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x101002, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000740)=0xe) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000340)) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) timer_create(0x0, 0x0, &(0x7f0000bbdffc)) ioctl$HCIINQUIRY(0xffffffffffffffff, 0x400448ca, 0x0) openat$mixer(0xffffffffffffff9c, &(0x7f00000018c0), 0x0, 0x0) r4 = socket$inet_smc(0x2b, 0x1, 0x0) connect$inet(r4, &(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10) r5 = socket(0x22, 0x2, 0x24) close(r5) setsockopt$SO_BINDTODEVICE_wg(r4, 0x1, 0x19, &(0x7f0000000080)='wg1\x00', 0x4) 30.863230525s ago: executing program 8 (id=3547): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000024002, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r1 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0) read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8) landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(0xffffffffffffffff, 0x1, 0x0, 0x0) r2 = socket$inet6_icmp(0xa, 0x2, 0x3a) bind$inet6(r2, 0x0, 0x0) write$RDMA_USER_CM_CMD_BIND_IP(0xffffffffffffffff, 0x0, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, &(0x7f0000000180)={0x3, 0x40, 0xfa02, {{0x6000000, 0x6e24, 0x40003, @mcast1}, {0x2, 0xfff9, 0xc00, @remote, 0xffffffff}, 0xffffffffffffffff, 0x3}}, 0x48) dup(r0) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) 29.424536385s ago: executing program 1 (id=3548): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000024002, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r1 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0) read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8) landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(0xffffffffffffffff, 0x1, 0x0, 0x0) r2 = socket$inet6_icmp(0xa, 0x2, 0x3a) bind$inet6(r2, 0x0, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, &(0x7f0000000180)={0x3, 0x40, 0xfa02, {{0x6000000, 0x6e24, 0x40003, @mcast1}, {0x2, 0xfff9, 0xc00, @remote, 0xffffffff}, 0xffffffffffffffff, 0x3}}, 0x48) r3 = dup(r0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r3, 0x0) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) 28.004313764s ago: executing program 1 (id=3550): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) r3 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCETHTOOL(r3, 0x89f0, &(0x7f0000000080)={'bridge0\x00', &(0x7f00000000c0)=@ethtool_regs={0x11}}) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={0x0, 0xffffffffffffffff, 0x0, 0x5}, 0x18) landlock_restrict_self(0xffffffffffffffff, 0x6) mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x3000003, 0x8c4b815a5465c2b1, 0xffffffffffffffff, 0x0) r4 = io_uring_setup(0x2754, &(0x7f0000000080)={0x0, 0xfffffffc, 0x800, 0xfffffffe, 0x800001b4}) io_uring_register$IORING_REGISTER_BUFFERS(r4, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r4, 0x10, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000003740)=""/4096, 0x1900}], 0x0, 0x11a}, 0x20) 26.579278854s ago: executing program 8 (id=3552): openat$pidfd(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r0 = syz_io_uring_setup(0x82e, &(0x7f00000003c0)={0x0, 0x5eaf, 0x1000, 0x3}, &(0x7f0000000000), &(0x7f0000000080)) io_uring_register$IORING_REGISTER_PBUF_RING(r0, 0x16, &(0x7f0000000380)={0x0}, 0x1) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000066000000004b64ffec850000006d000000c50000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f0000000380)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = getpid() r6 = syz_pidfd_open(r5, 0x0) setns(r6, 0x24020000) openat$cuse(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)) r7 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00'}) bpf$PROG_LOAD(0x5, 0x0, 0x0) 23.127356756s ago: executing program 3 (id=3556): r0 = socket(0x2b, 0x1, 0x1) setsockopt$inet6_tcp_int(r0, 0x6, 0x24, 0x0, 0x0) accept$packet(r0, 0x0, 0x0) 22.847710855s ago: executing program 8 (id=3558): r0 = socket$nl_route(0x10, 0x3, 0x0) mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) lseek(0xffffffffffffffff, 0x851, 0x0) execve(&(0x7f00000190c0)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x1c3425, 0x0) execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) execve(&(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000180)={[&(0x7f0000000300)=' wO\xd5\xce\x82\x89r\xa0\r\xc4Z\x15\xfds\x17g\n\xee\x9f\a0\xc3\x80\xbf\x80j$\xe6Z\xde\xf1pc\x96\x8f\xb5\x9d\xe3\x11m\x88~\xe3\xc7\xe3\t\xab\xbb@\xd9\xf8\xa2N\x03\xcf\xe4\xd6\x0ew\x10\xc2\xaa\x84bC\xc8\xd0\xe07\xa1\rIa\xb1^\xc5WG\xccV\xd3\x91\x84x\x9d\x8eg\x84\xeb\x9e;\x8f\xa1\xa3\xcf]@\x82\xcf\x01$;\xd5\xc0\xa8\xc8r\x0e_\xac\xef\xf5\r\xd5Q\v\b#E\xcf@a\xa2\xaa#\x13S\x04\x12$\xcb\xbeV!\x1d\xc7\x84_\\ \xc7oh$\xc9\x06m']}) ioctl$vim2m_VIDIOC_S_CTRL(0xffffffffffffffff, 0xc008561c, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000005c0)=ANY=[@ANYBLOB="580000001000030400000000fedbdf2500007400", @ANYBLOB="0008000007500500380012800b0001006272696467650000280002800500190002000000050017000000000008000100810000000a0014080000000000000000"], 0x58}, 0x1, 0x0, 0x0, 0x800}, 0x0) setuid(0x0) 22.736177867s ago: executing program 3 (id=3559): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r2, 0xc004500a, &(0x7f0000000240)=0x3) ioctl$SNDCTL_DSP_CHANNELS(r2, 0xc0045006, 0x0) ioctl$SNDCTL_DSP_SPEED(r2, 0xc0045002, &(0x7f0000000000)) read$dsp(r2, &(0x7f0000000300)=""/79, 0x4f) 21.388917262s ago: executing program 8 (id=3562): syz_open_dev$sndctrl(&(0x7f0000000040), 0x2, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = syz_open_dev$vim2m(&(0x7f0000000000), 0x47b, 0x2) mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x6, 0xc, &(0x7f00000006c0)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r5, 0x0, 0x2100, 0x0, &(0x7f0000000100), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50) madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x3) lseek(0xffffffffffffffff, 0x851, 0x0) execve(&(0x7f00000190c0)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x1c3425, 0x0) execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) execve(&(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000180)={[&(0x7f0000000300)=' wO\xd5\xce\x82\x89r\xa0\r\xc4Z\x15\xfds\x17g\n\xee\x9f\a0\xc3\x80\xbf\x80j$\xe6Z\xde\xf1pc\x96\x8f\xb5\x9d\xe3\x11m\x88~\xe3\xc7\xe3\t\xab\xbb@\xd9\xf8\xa2N\x03\xcf\xe4\xd6\x0ew\x10\xc2\xaa\x84bC\xc8\xd0\xe07\xa1\rIa\xb1^\xc5WG\xccV\xd3\x91\x84x\x9d\x8eg\x84\xeb\x9e;\x8f\xa1\xa3\xcf]@\x82\xcf\x01$;\xd5\xc0\xa8\xc8r\x0e_\xac\xef\xf5\r\xd5Q\v\b#E\xcf@a\xa2\xaa#\x13S\x04\x12$\xcb\xbeV!\x1d\xc7\x84_\\ \xc7oh$\xc9\x06m']}) ioctl$vim2m_VIDIOC_S_CTRL(r1, 0xc008561c, &(0x7f0000000100)={0xf0f005, 0x2}) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)={0x1c, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x1c}, 0x1, 0x0, 0x0, 0x14}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000005c0)=ANY=[@ANYBLOB="58000000100003040000", @ANYRES32=0x0, @ANYBLOB="0008000007500500380012800b0001006272696467650000280002800500190002000000050017000000000008000100810000000a0014080000000000000000"], 0x58}, 0x1, 0x0, 0x0, 0x800}, 0x0) setuid(0x0) 19.391625583s ago: executing program 0 (id=3565): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nfc(0x0, r0) sendmsg$NFC_CMD_GET_DEVICE(r0, 0x0, 0x24000000) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f00000003c0), 0xffffffffffffffff) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(des3_ede)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c2", 0x17) r4 = accept4(r1, 0x0, 0x0, 0x80800) recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_int(r5, 0x1, 0x2a, &(0x7f0000000000), 0x4) recvmmsg(r5, &(0x7f0000001140), 0x74e, 0x0, 0x0) 18.219102534s ago: executing program 5 (id=3567): socket$alg(0x26, 0x5, 0x0) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0xb, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r0 = syz_open_dev$sndmidi(0x0, 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000000440)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r2, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe) listen(r2, 0x3) accept(r2, 0x0, 0x0) 16.846675345s ago: executing program 5 (id=3569): bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @void}, 0x10) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0xc) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f00000007c0)) ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f00000002c0)={0x1, r1}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1) syz_open_dev$video(0x0, 0x485, 0x40000) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x48c00, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(fcrypt)\x00'}, 0x58) socket$xdp(0x2c, 0x3, 0x0) open(0x0, 0x200000, 0x0) accept(r3, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xf}, 0x94) 14.869103031s ago: executing program 5 (id=3570): r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7f, 0x2) syz_open_dev$vim2m(0x0, 0x47b, 0x2) mknod$loop(0x0, 0xfff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000140)={0x1, @pix={0x0, 0x0, 0x36314247}}) 13.380523187s ago: executing program 3 (id=3573): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x5, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000005c0)='sched_switch\x00', r0}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x90e7d000) mprotect(&(0x7f0000ffb000/0x3000)=nil, 0xffffffffdf004fff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000340)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000340), 0x48980, 0x0) ioctl$TIOCSETD(r5, 0x5423, &(0x7f00000000c0)=0xf) r6 = fcntl$dupfd(r5, 0x0, r5) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x3000001, 0x31, 0xffffffffffffffff, 0x0) ioctl$TCFLSH(r6, 0x400455c8, 0x20000000009) ioctl$TIOCSTI(r5, 0x5412, &(0x7f0000000200)=0x2) setresuid(0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)={{0x1, 0x1, 0x18, r2, {0xffffffffffffffff, 0xee00}}, './file0\x00'}) stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RSTATu(r4, &(0x7f00000002c0)={0x6d, 0x7d, 0x2, {{0x0, 0x54, 0xb8f5, 0x80000000, {0x1, 0x3, 0x7}, 0x0, 0x1, 0x1, 0x7fff, 0xd, 'sched_switch\x00', 0x10, '/dev/sequencer2\x00', 0x0, '', 0x4, 'GPL\x00'}, 0x4, 'GPL\x00', 0x0, r7, r8}}, 0x6d) 11.929711424s ago: executing program 38 (id=3550): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) r3 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCETHTOOL(r3, 0x89f0, &(0x7f0000000080)={'bridge0\x00', &(0x7f00000000c0)=@ethtool_regs={0x11}}) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={0x0, 0xffffffffffffffff, 0x0, 0x5}, 0x18) landlock_restrict_self(0xffffffffffffffff, 0x6) mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x3000003, 0x8c4b815a5465c2b1, 0xffffffffffffffff, 0x0) r4 = io_uring_setup(0x2754, &(0x7f0000000080)={0x0, 0xfffffffc, 0x800, 0xfffffffe, 0x800001b4}) io_uring_register$IORING_REGISTER_BUFFERS(r4, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r4, 0x10, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000003740)=""/4096, 0x1900}], 0x0, 0x11a}, 0x20) 11.06121997s ago: executing program 5 (id=3576): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000024002, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce) r1 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0) read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8) landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(0xffffffffffffffff, 0x1, 0x0, 0x0) r2 = socket$inet6_icmp(0xa, 0x2, 0x3a) bind$inet6(r2, 0x0, 0x0) write$RDMA_USER_CM_CMD_BIND_IP(0xffffffffffffffff, 0x0, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, &(0x7f0000000180)={0x3, 0x40, 0xfa02, {{0x6000000, 0x6e24, 0x40003, @mcast1}, {0x2, 0xfff9, 0xc00, @remote, 0xffffffff}, 0xffffffffffffffff, 0x3}}, 0x48) r3 = dup(r0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r3, 0x0) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) 9.93488448s ago: executing program 9 (id=3577): r0 = socket(0x2b, 0x1, 0x1) setsockopt$inet6_tcp_int(r0, 0x6, 0x24, 0x0, 0x0) accept$packet(r0, 0x0, 0x0) 9.52012114s ago: executing program 3 (id=3578): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) fcntl$notify(0xffffffffffffffff, 0x402, 0x100000006) mkdirat(0xffffffffffffff9c, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r2, 0xc004500a, &(0x7f0000000240)=0x3) ioctl$SNDCTL_DSP_CHANNELS(r2, 0xc0045006, &(0x7f0000000080)=0x7f) ioctl$SNDCTL_DSP_SPEED(r2, 0xc0045002, &(0x7f0000000000)) read$dsp(r2, &(0x7f0000000300)=""/79, 0x4f) socket$vsock_stream(0x28, 0x1, 0x0) syz_open_dev$media(0x0, 0x9, 0x40b02) pselect6(0x40, &(0x7f00000000c0)={0x6, 0xfffffffffffffffd, 0x9, 0x40, 0x2, 0xd}, 0x0, &(0x7f0000000680)={0x7ff, 0x7, 0x5, 0x7, 0xffffffffffffff22, 0x2, 0x5, 0x8}, 0x0, 0x0) 9.444743225s ago: executing program 0 (id=3579): bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @void}, 0x10) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0xc) ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f00000007c0)) ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f00000002c0)={0x1, r1}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x48c00, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(fcrypt)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000412ff8), 0x0) socket$xdp(0x2c, 0x3, 0x0) open(0x0, 0x200000, 0x0) r4 = accept(r3, 0x0, 0x0) sendmmsg$alg(r4, &(0x7f0000000740)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)="564004c6852da7a299e4c397614090d1a6e12edf1767f157", 0xfcdc}], 0x1, &(0x7f0000000480)=[@op={0x18}], 0x1d}], 0x1, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xf}, 0x94) syz_usb_connect(0x0, 0x0, 0x0, 0x0) 9.417998877s ago: executing program 9 (id=3580): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000024002, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1) r1 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0) read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8) landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(0xffffffffffffffff, 0x1, 0x0, 0x0) r2 = socket$inet6_icmp(0xa, 0x2, 0x3a) bind$inet6(r2, 0x0, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, &(0x7f0000000180)={0x3, 0x40, 0xfa02, {{0x6000000, 0x6e24, 0x40003, @mcast1}, {0x2, 0xfff9, 0xc00, @remote, 0xffffffff}, 0xffffffffffffffff, 0x3}}, 0x48) r3 = dup(r0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r3, 0x0) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) 7.641351457s ago: executing program 9 (id=3581): mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000a00)=ANY=[@ANYBLOB="54010000100033060000000000000000fc000000000000000000000000000000fc0100"/54, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ac1414000000000000000000000000000000000032000000fe80000000000000000000000000000b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000048000200656362286369706865725f6e756c6829000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c00200000004e2100000000ac1414bb00"/268], 0x154}}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socket$pppl2tp(0x18, 0x1, 0x1) socket$inet6_udp(0xa, 0x2, 0x0) sendmsg$L2TP_CMD_SESSION_DELETE(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40811}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={0x0}, 0x18) r2 = userfaultfd(0x80001) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) ioctl$UFFDIO_COPY(r2, 0xc028aa05, &(0x7f0000000180)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00003ab000/0x2000)=nil, 0x400000, 0x2, 0x2}) 5.586986249s ago: executing program 39 (id=3562): syz_open_dev$sndctrl(&(0x7f0000000040), 0x2, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = syz_open_dev$vim2m(&(0x7f0000000000), 0x47b, 0x2) mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x6, 0xc, &(0x7f00000006c0)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r5, 0x0, 0x2100, 0x0, &(0x7f0000000100), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50) madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x3) lseek(0xffffffffffffffff, 0x851, 0x0) execve(&(0x7f00000190c0)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x1c3425, 0x0) execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) execve(&(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000180)={[&(0x7f0000000300)=' wO\xd5\xce\x82\x89r\xa0\r\xc4Z\x15\xfds\x17g\n\xee\x9f\a0\xc3\x80\xbf\x80j$\xe6Z\xde\xf1pc\x96\x8f\xb5\x9d\xe3\x11m\x88~\xe3\xc7\xe3\t\xab\xbb@\xd9\xf8\xa2N\x03\xcf\xe4\xd6\x0ew\x10\xc2\xaa\x84bC\xc8\xd0\xe07\xa1\rIa\xb1^\xc5WG\xccV\xd3\x91\x84x\x9d\x8eg\x84\xeb\x9e;\x8f\xa1\xa3\xcf]@\x82\xcf\x01$;\xd5\xc0\xa8\xc8r\x0e_\xac\xef\xf5\r\xd5Q\v\b#E\xcf@a\xa2\xaa#\x13S\x04\x12$\xcb\xbeV!\x1d\xc7\x84_\\ \xc7oh$\xc9\x06m']}) ioctl$vim2m_VIDIOC_S_CTRL(r1, 0xc008561c, &(0x7f0000000100)={0xf0f005, 0x2}) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)={0x1c, 0x7, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x1c}, 0x1, 0x0, 0x0, 0x14}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000005c0)=ANY=[@ANYBLOB="58000000100003040000", @ANYRES32=0x0, @ANYBLOB="0008000007500500380012800b0001006272696467650000280002800500190002000000050017000000000008000100810000000a0014080000000000000000"], 0x58}, 0x1, 0x0, 0x0, 0x800}, 0x0) setuid(0x0) 5.490223808s ago: executing program 0 (id=3583): socket$inet_tcp(0x2, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) r3 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2) mmap(&(0x7f0000036000/0x4000)=nil, 0x4000, 0x1000002, 0x11012, r3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000100)=ANY=[@ANYBLOB="3800000018001000000000000000000002000000fc000009000000000600150002009d7d736a1680100008800c000180060001000001000076c9501926e8b897ac7bb396c0b7e70d92dc390e981b600eaf923d9790b82812ed2261484bb787baf65ca261a99d3f52ec30a4e9bfd71ee7d86eb38d1fa34b2eaa75e76d026909c6f26c0d85a6b93abfa5dfd57847e50e406c6f408227ecf214dd1209d6b638fdd02b54ace2d2f9df090c8eb3d86e89a444fa5ba221fa6d63285ecdbbb538fde5afcd8ec3e916fb22d5f2ea2c60d61065d2c545a8a0977b1ca3d93a4370293dbc794ef992c42ef59fe679c9e8a1018e14ae981efe2dcfbb8f5f3d80d7f32cd3de9afdf4afda5e1d2a1a2a92ac00e0"], 0x38}}, 0x0) 4.558736593s ago: executing program 9 (id=3584): openat$vim2m(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_DEV_CREATE(r0, 0x5501) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000500)={0x51, 0xa, 0xd, {0x2, 0xdac}, {0xd, 0x65}, @cond=[{0xd6ce, 0x0, 0x1, 0x6, 0xd, 0x5}, {0x0, 0x8000, 0x0, 0x4000, 0x6cb3, 0x3}]}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) ioctl$EXT4_IOC_SETFSUUID(0xffffffffffffffff, 0x4008662c, &(0x7f0000000040)={0x10, 0x0, "270093381e3328ef70c1d664364c499d"}) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) syz_emit_ethernet(0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000004c00)=""/102392, 0x18ff8) madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x66) 4.344883033s ago: executing program 0 (id=3585): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r2, 0xc004500a, &(0x7f0000000240)=0x3) ioctl$SNDCTL_DSP_CHANNELS(r2, 0xc0045006, 0x0) ioctl$SNDCTL_DSP_SPEED(r2, 0xc0045002, &(0x7f0000000000)) read$dsp(r2, &(0x7f0000000300)=""/79, 0x4f) 3.836684455s ago: executing program 9 (id=3586): sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2) getpid() sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) kcmp(r1, r1, 0x2, r3, r2) 3.528560311s ago: executing program 3 (id=3587): r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200), 0x109041, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='huge=always']) openat$dsp1(0xffffffffffffff9c, &(0x7f0000000080), 0x8040, 0x0) ppoll(&(0x7f0000000100), 0x0, &(0x7f0000000140), 0x0, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x28011, r1, 0x0) mremap(&(0x7f0000003000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000009000/0x4000)=nil) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x9) bind$inet(0xffffffffffffffff, &(0x7f0000000240)={0x2, 0x0, @local}, 0x6f) connect$inet(0xffffffffffffffff, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) ioctl$SNAPSHOT_ALLOC_SWAP_PAGE(r0, 0x80083314, 0x0) 2.480108686s ago: executing program 9 (id=3588): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) r2 = socket$rds(0x15, 0x5, 0x0) setsockopt$RDS_CANCEL_SENT_TO(r2, 0x114, 0x1, 0x0, 0x0) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file2\x00', 0x101042, 0x40) symlinkat(&(0x7f0000000000)='.\x00', 0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00') syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0) linkat(0xffffffffffffff9c, &(0x7f00000006c0)='./file2\x00', 0xffffffffffffff9c, &(0x7f0000000700)='./file7\x00', 0x0) mount$overlay(0x0, &(0x7f0000000340)='./bus\x00', &(0x7f0000000b80), 0x200008, &(0x7f0000000900)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1'}}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@verity_on}, {@metacopy_on}]}) syz_mount_image$fuse(&(0x7f00000001c0), &(0x7f0000000240)='./bus\x00', 0x322020, &(0x7f0000000240)=ANY=[], 0x1, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mkdir(&(0x7f0000000100)='./file1\x00', 0x13b) r3 = openat$ttyprintk(0xffffff9c, &(0x7f0000000300), 0x4ec80, 0x0) syz_open_pts(r3, 0x40100) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) chdir(&(0x7f0000000140)='./bus\x00') r4 = open(&(0x7f0000000580)='./bus\x00', 0x80242, 0x100) sendfile(r4, r4, &(0x7f0000000080), 0x7f03) 1.42695664s ago: executing program 3 (id=3589): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000380)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(sha1)\x00'}, 0x58) r4 = syz_io_uring_setup(0x10f, &(0x7f0000000140)={0x0, 0xb423, 0x0, 0x5, 0x199}, &(0x7f00000001c0)=0x0, &(0x7f0000000040)=0x0) pipe2$9p(0x0, 0x80080) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000000)=0x400) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, 0x0, 0x0, 0x4) syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x40, 0x3, r3, 0x0, 0x0, 0x0, 0x80800}) io_uring_enter(r4, 0x3516, 0x3e44, 0x8, 0x0, 0x0) close_range(r2, 0xffffffffffffffff, 0x0) 1.400236743s ago: executing program 5 (id=3590): r0 = socket$nl_route(0x10, 0x3, 0x0) mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) lseek(0xffffffffffffffff, 0x851, 0x0) execve(&(0x7f00000190c0)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x1c3425, 0x0) execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) execve(&(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000180)={[&(0x7f0000000300)=' wO\xd5\xce\x82\x89r\xa0\r\xc4Z\x15\xfds\x17g\n\xee\x9f\a0\xc3\x80\xbf\x80j$\xe6Z\xde\xf1pc\x96\x8f\xb5\x9d\xe3\x11m\x88~\xe3\xc7\xe3\t\xab\xbb@\xd9\xf8\xa2N\x03\xcf\xe4\xd6\x0ew\x10\xc2\xaa\x84bC\xc8\xd0\xe07\xa1\rIa\xb1^\xc5WG\xccV\xd3\x91\x84x\x9d\x8eg\x84\xeb\x9e;\x8f\xa1\xa3\xcf]@\x82\xcf\x01$;\xd5\xc0\xa8\xc8r\x0e_\xac\xef\xf5\r\xd5Q\v\b#E\xcf@a\xa2\xaa#\x13S\x04\x12$\xcb\xbeV!\x1d\xc7\x84_\\ \xc7oh$\xc9\x06m']}) ioctl$vim2m_VIDIOC_S_CTRL(0xffffffffffffffff, 0xc008561c, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000005c0)=ANY=[@ANYRES32=0x0, @ANYBLOB="0008000007500500380012800b0001006272696467650000280002800500190002000000050017000000000008000100810000000a0014080000000000000000"], 0x58}, 0x1, 0x0, 0x0, 0x800}, 0x0) setuid(0x0) 0s ago: executing program 5 (id=3591): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nfc(0x0, r0) sendmsg$NFC_CMD_GET_DEVICE(r0, 0x0, 0x24000000) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f00000003c0), 0xffffffffffffffff) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(des3_ede)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c2", 0x17) r4 = accept4(r1, 0x0, 0x0, 0x80800) recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_int(r5, 0x1, 0x2a, &(0x7f0000000000), 0x4) recvmmsg(r5, &(0x7f0000001140), 0x74e, 0x0, 0x0) kernel console output (not intermixed with test programs): 1401.379901][ T13] team0 (unregistering): Port device team_slave_1 removed [ 1401.975855][ T30] audit: type=1800 audit(1758796927.694:26): pid=16241 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.8.2914" name="SYSV00000000" dev="tmpfs" ino=11 res=0 errno=0 [ 1402.118109][ T13] team0 (unregistering): Port device team_slave_0 removed [ 1405.440503][T16135] team0: Port device team_slave_0 added [ 1405.873783][T16135] team0: Port device team_slave_1 added [ 1407.112075][T16065] hsr_slave_0: entered promiscuous mode [ 1407.153126][T16065] hsr_slave_1: entered promiscuous mode [ 1407.360936][ T5952] usb 9-1: new high-speed USB device number 57 using dummy_hcd [ 1407.369533][T16135] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1407.398017][T16135] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1407.470889][T16135] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1407.574773][ T5952] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1407.655791][ T5952] usb 9-1: New USB device found, idVendor=04b4, idProduct=bca1, bcdDevice= 0.00 [ 1407.669200][ T5952] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1407.685726][T16135] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1407.727543][ T5952] usb 9-1: config 0 descriptor?? [ 1407.736112][T16135] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1407.950803][T16135] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1408.008018][ T5889] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1408.017771][ T5889] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1408.101088][ T5889] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1408.118750][ T5889] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1408.127018][ T5889] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1408.212178][ C0] raw-gadget.0 gadget.8: ignoring, device is not running [ 1408.219893][ C0] raw-gadget.0 gadget.8: ignoring, device is not running [ 1408.227912][ T5952] usbhid 9-1:0.0: can't add hid device: -71 [ 1408.234028][ T5952] usbhid 9-1:0.0: probe with driver usbhid failed with error -71 [ 1408.300593][ T5952] usb 9-1: USB disconnect, device number 57 [ 1408.669510][T16135] hsr_slave_0: entered promiscuous mode [ 1408.702044][T16135] hsr_slave_1: entered promiscuous mode [ 1408.721576][T16135] debugfs: 'hsr0' already exists in 'hsr' [ 1408.730791][T16135] Cannot create hsr debugfs directory [ 1409.713174][T16285] random: crng reseeded on system resumption [ 1410.239737][ T5889] Bluetooth: hci4: command tx timeout [ 1412.260986][ T5889] Bluetooth: hci4: command tx timeout [ 1414.721338][ T5889] Bluetooth: hci4: command tx timeout [ 1414.947171][T16300] rdma_op ffff88804f5921f0 conn xmit_rdma 0000000000000000 [ 1417.721014][ T5889] Bluetooth: hci4: command tx timeout [ 1421.335812][ T13] bridge_slave_1: left allmulticast mode [ 1421.357386][ T13] bridge_slave_1: left promiscuous mode [ 1421.381015][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 1421.457139][ T13] bridge_slave_0: left allmulticast mode [ 1421.571730][ T13] bridge_slave_0: left promiscuous mode [ 1421.580578][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 1421.672765][ T13] bridge_slave_1: left allmulticast mode [ 1421.754780][ T13] bridge_slave_1: left promiscuous mode [ 1421.786221][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 1421.915820][ T13] bridge_slave_0: left allmulticast mode [ 1421.938913][ T13] bridge_slave_0: left promiscuous mode [ 1422.014473][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 1422.823145][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1422.911358][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1422.991745][ T13] bond0 (unregistering): Released all slaves [ 1424.247852][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1424.320428][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1424.349691][ T13] bond0 (unregistering): Released all slaves [ 1424.658556][T16275] chnl_net:caif_netlink_parms(): no params data found [ 1425.457843][T16355] rdma_op ffff888059f461f0 conn xmit_rdma 0000000000000000 [ 1427.085073][ T51] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 1427.371309][ T51] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 1427.758162][ T51] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 1427.778999][ T51] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 1427.794929][ T51] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 1427.912238][ T13] hsr_slave_0: left promiscuous mode [ 1427.956170][ T13] hsr_slave_1: left promiscuous mode [ 1428.058352][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1428.158778][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1428.273484][ T13] hsr_slave_0: left promiscuous mode [ 1428.299860][ T13] hsr_slave_1: left promiscuous mode [ 1428.422545][T16373] netlink: 12 bytes leftover after parsing attributes in process `syz.8.2945'. [ 1428.473887][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1429.299025][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1429.860788][ T51] Bluetooth: hci5: command tx timeout [ 1430.315681][ T13] team0 (unregistering): Port device team_slave_1 removed [ 1430.971185][ T13] team0 (unregistering): Port device team_slave_0 removed [ 1431.747595][ T13] team0 (unregistering): Port device team_slave_1 removed [ 1431.779915][ T13] team0 (unregistering): Port device team_slave_0 removed [ 1431.940911][ T51] Bluetooth: hci5: command tx timeout [ 1432.695252][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 1432.702247][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 1434.030845][ T51] Bluetooth: hci5: command tx timeout [ 1434.057267][T16275] bridge0: port 1(bridge_slave_0) entered blocking state [ 1434.064574][T16275] bridge0: port 1(bridge_slave_0) entered disabled state [ 1434.075587][T16275] bridge_slave_0: entered allmulticast mode [ 1434.083657][T16275] bridge_slave_0: entered promiscuous mode [ 1434.092877][T16275] bridge0: port 2(bridge_slave_1) entered blocking state [ 1434.100012][T16275] bridge0: port 2(bridge_slave_1) entered disabled state [ 1434.107373][T16275] bridge_slave_1: entered allmulticast mode [ 1434.123930][T16275] bridge_slave_1: entered promiscuous mode [ 1434.269150][T16275] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1434.321271][T16275] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1436.100958][ T51] Bluetooth: hci5: command tx timeout [ 1438.524783][T16358] chnl_net:caif_netlink_parms(): no params data found [ 1438.825185][T16275] team0: Port device team_slave_0 added [ 1439.255247][T16425] Bluetooth: hci3: Frame reassembly failed (-84) [ 1439.367063][T12134] Bluetooth: hci3: Frame reassembly failed (-84) [ 1440.024639][T16275] team0: Port device team_slave_1 added [ 1440.731583][T16275] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1440.742412][T16275] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1440.769884][T11838] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 1440.792628][T11838] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 1440.801019][T16275] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1440.842699][T16435] loop8: detected capacity change from 0 to 4096 [ 1440.878418][T16435] ntfs3(loop8): Different NTFS sector size (1024) and media sector size (512). [ 1440.962712][T11838] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 1440.972689][T11838] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 1440.981175][T11838] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 1441.089564][T16275] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1441.111003][T16275] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1441.139589][T16275] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1441.417251][ T51] Bluetooth: hci3: Entering manufacturer mode failed (-110) [ 1442.024210][T16435] ntfs3(loop8): $Secure::$SDH is corrupted. [ 1442.030234][T16435] ntfs3(loop8): Failed to initialize $Secure (-22). [ 1442.504616][T16358] bridge0: port 1(bridge_slave_0) entered blocking state [ 1442.518866][T16358] bridge0: port 1(bridge_slave_0) entered disabled state [ 1442.527918][T16358] bridge_slave_0: entered allmulticast mode [ 1442.542724][T16435] overlay: Unknown parameter '//bus' [ 1443.280486][T11838] Bluetooth: hci6: command tx timeout [ 1443.287537][ T30] audit: type=1800 audit(1758796968.424:27): pid=16448 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.2962" name="SYSV00000000" dev="tmpfs" ino=15 res=0 errno=0 [ 1443.312897][T16435] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1443.324769][T16358] bridge_slave_0: entered promiscuous mode [ 1443.338718][T16358] bridge0: port 2(bridge_slave_1) entered blocking state [ 1443.349568][T16358] bridge0: port 2(bridge_slave_1) entered disabled state [ 1443.414635][T16358] bridge_slave_1: entered allmulticast mode [ 1443.422828][T16358] bridge_slave_1: entered promiscuous mode [ 1443.602839][T16275] hsr_slave_0: entered promiscuous mode [ 1443.617037][T16275] hsr_slave_1: entered promiscuous mode [ 1443.634355][T16275] debugfs: 'hsr0' already exists in 'hsr' [ 1443.657764][T16275] Cannot create hsr debugfs directory [ 1444.373055][T16358] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1444.387967][T16358] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1445.453089][T16465] loop5: detected capacity change from 0 to 1024 [ 1445.467717][T16465] hfsplus: Unknown parameter 'rarrier' [ 1445.629052][T11838] Bluetooth: hci6: command tx timeout [ 1446.125382][T16358] team0: Port device team_slave_0 added [ 1446.178543][T16358] team0: Port device team_slave_1 added [ 1447.701251][T11838] Bluetooth: hci6: command tx timeout [ 1449.149404][T16476] loop1: detected capacity change from 0 to 1024 [ 1449.163739][T16476] hfsplus: Unknown parameter 'rarrier' [ 1449.860829][T11838] Bluetooth: hci6: command tx timeout [ 1450.816318][T16486] Bluetooth: hci3: Frame reassembly failed (-84) [ 1451.655978][T16358] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1451.663217][T16358] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1451.689420][T16358] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1451.702973][T16358] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1451.712900][T16358] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1451.788920][T16358] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1452.839327][T16430] chnl_net:caif_netlink_parms(): no params data found [ 1453.053598][T11838] Bluetooth: hci3: Entering manufacturer mode failed (-110) [ 1453.289067][T16358] hsr_slave_0: entered promiscuous mode [ 1453.347089][T16358] hsr_slave_1: entered promiscuous mode [ 1453.390341][T16358] debugfs: 'hsr0' already exists in 'hsr' [ 1453.400000][T16358] Cannot create hsr debugfs directory [ 1454.810632][T16430] bridge0: port 1(bridge_slave_0) entered blocking state [ 1454.818036][T16430] bridge0: port 1(bridge_slave_0) entered disabled state [ 1454.830900][T16430] bridge_slave_0: entered allmulticast mode [ 1454.867478][T16430] bridge_slave_0: entered promiscuous mode [ 1455.193400][T16430] bridge0: port 2(bridge_slave_1) entered blocking state [ 1455.211332][T16430] bridge0: port 2(bridge_slave_1) entered disabled state [ 1455.971104][T16430] bridge_slave_1: entered allmulticast mode [ 1455.979118][T16430] bridge_slave_1: entered promiscuous mode [ 1455.985449][ T30] audit: type=1800 audit(1758796981.104:28): pid=16518 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.2977" name="SYSV00000000" dev="tmpfs" ino=22 res=0 errno=0 [ 1456.005616][ C0] vkms_vblank_simulate: vblank timer overrun [ 1456.440928][T16430] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1456.454368][T16430] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1458.704735][T16430] team0: Port device team_slave_0 added [ 1458.998328][ T13] bridge_slave_1: left allmulticast mode [ 1459.009569][ T13] bridge_slave_1: left promiscuous mode [ 1459.015393][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 1460.049169][ T13] bridge_slave_0: left allmulticast mode [ 1460.124297][ T13] bridge_slave_0: left promiscuous mode [ 1461.151358][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 1461.215918][ T13] bridge_slave_1: left allmulticast mode [ 1461.261885][ T13] bridge_slave_1: left promiscuous mode [ 1461.267666][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 1461.359014][ T13] bridge_slave_0: left allmulticast mode [ 1461.380873][ T13] bridge_slave_0: left promiscuous mode [ 1461.386637][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 1465.558543][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1465.575545][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1465.603918][ T13] bond0 (unregistering): Released all slaves [ 1466.048474][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1466.066422][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1466.081071][ T13] bond0 (unregistering): Released all slaves [ 1466.878678][T16430] team0: Port device team_slave_1 added [ 1467.000322][ T13] hsr_slave_0: left promiscuous mode [ 1467.030826][ T13] hsr_slave_1: left promiscuous mode [ 1467.048712][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1467.064415][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1467.095743][ T13] hsr_slave_0: left promiscuous mode [ 1467.101758][ T13] hsr_slave_1: left promiscuous mode [ 1467.111480][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1467.128771][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1467.701628][ T13] team0 (unregistering): Port device team_slave_1 removed [ 1468.749210][ T5932] usb 2-1: new high-speed USB device number 68 using dummy_hcd [ 1469.015477][ T13] team0 (unregistering): Port device team_slave_0 removed [ 1469.184599][ T5932] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1469.205079][ T5932] usb 2-1: New USB device found, idVendor=04b4, idProduct=bca1, bcdDevice= 0.00 [ 1469.214368][ T5932] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1469.235723][ T5932] usb 2-1: config 0 descriptor?? [ 1470.251440][T11838] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1470.410525][T11838] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1470.419139][ T5932] usbhid 2-1:0.0: can't add hid device: -71 [ 1470.426971][T11838] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1470.436400][T11838] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1470.445041][T11838] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1470.461532][ T5932] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 1471.184632][ T5932] usb 2-1: USB disconnect, device number 68 [ 1472.512674][ T51] Bluetooth: hci3: command tx timeout [ 1473.042338][ T13] team0 (unregistering): Port device team_slave_1 removed [ 1473.122206][ T13] team0 (unregistering): Port device team_slave_0 removed [ 1473.140822][T11838] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1473.141073][ T51] Bluetooth: hci7: command 0xfc11 tx timeout [ 1474.610769][T11838] Bluetooth: hci3: command tx timeout [ 1475.470863][ T5952] usb 9-1: new high-speed USB device number 58 using dummy_hcd [ 1475.700293][T16430] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1475.719097][ T5952] usb 9-1: config 0 has an invalid interface number: 117 but max is 0 [ 1475.734788][ T5952] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1475.756459][T16430] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1475.841088][ T5952] usb 9-1: config 0 has no interface number 0 [ 1475.845239][T16430] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1475.880133][ T5952] usb 9-1: config 0 interface 117 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0 [ 1475.882407][T16430] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1475.933321][ T5952] usb 9-1: config 0 interface 117 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1475.948784][T16430] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1475.976036][T16430] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1475.989150][ T5952] usb 9-1: New USB device found, idVendor=0afa, idProduct=03e8, bcdDevice=99.d0 [ 1475.998473][ T5952] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1476.006652][ T5952] usb 9-1: Product: syz [ 1476.010907][ T5952] usb 9-1: Manufacturer: syz [ 1476.015497][ T5952] usb 9-1: SerialNumber: syz [ 1476.079621][ T5952] usb 9-1: config 0 descriptor?? [ 1476.511279][T16605] rdma_op ffff88805395f1f0 conn xmit_rdma 0000000000000000 [ 1476.700761][T11838] Bluetooth: hci3: command tx timeout [ 1477.022727][T16430] hsr_slave_0: entered promiscuous mode [ 1477.029829][T16430] hsr_slave_1: entered promiscuous mode [ 1478.240287][ T5952] usbtouchscreen 9-1:0.117: probe with driver usbtouchscreen failed with error -71 [ 1478.313948][T16358] netdevsim netdevsim9 netdevsim0: renamed from eth0 [ 1478.341732][ T5952] usb 9-1: USB disconnect, device number 58 [ 1478.395164][T16358] netdevsim netdevsim9 netdevsim1: renamed from eth1 [ 1478.678959][T16358] netdevsim netdevsim9 netdevsim2: renamed from eth2 [ 1478.741250][T11838] Bluetooth: hci3: command tx timeout [ 1478.831324][T16358] netdevsim netdevsim9 netdevsim3: renamed from eth3 [ 1484.235682][T16572] chnl_net:caif_netlink_parms(): no params data found [ 1487.922500][T16653] Bluetooth: hci4: Frame reassembly failed (-84) [ 1488.589293][T16572] bridge0: port 1(bridge_slave_0) entered blocking state [ 1488.599735][T16572] bridge0: port 1(bridge_slave_0) entered disabled state [ 1488.608120][T16572] bridge_slave_0: entered allmulticast mode [ 1488.652871][T16572] bridge_slave_0: entered promiscuous mode [ 1488.689239][T16572] bridge0: port 2(bridge_slave_1) entered blocking state [ 1488.720225][T16572] bridge0: port 2(bridge_slave_1) entered disabled state [ 1488.785978][T16572] bridge_slave_1: entered allmulticast mode [ 1488.799010][T16572] bridge_slave_1: entered promiscuous mode [ 1488.879386][T16572] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1488.902619][T16572] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1488.986927][T16572] team0: Port device team_slave_0 added [ 1489.003815][T16572] team0: Port device team_slave_1 added [ 1489.045103][ T51] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 1489.075354][ T51] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 1489.085448][ T51] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 1489.094829][ T51] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 1489.103032][ T51] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 1489.779559][T16572] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1489.807115][T16572] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1489.947558][T16572] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1490.020779][T11838] Bluetooth: hci4: Entering manufacturer mode failed (-110) [ 1490.069721][T16572] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1490.077470][T16572] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1490.237031][T16572] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1490.829794][ T13] bridge_slave_1: left allmulticast mode [ 1491.100845][ T13] bridge_slave_1: left promiscuous mode [ 1491.120308][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 1491.225616][T11838] Bluetooth: hci5: command tx timeout [ 1491.942043][ T13] bridge_slave_0: left allmulticast mode [ 1491.947788][ T13] bridge_slave_0: left promiscuous mode [ 1491.985041][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 1492.371251][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1492.443502][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1492.471350][ T13] bond0 (unregistering): Released all slaves [ 1492.757634][T16572] hsr_slave_0: entered promiscuous mode [ 1492.792148][T16572] hsr_slave_1: entered promiscuous mode [ 1492.829521][T16572] debugfs: 'hsr0' already exists in 'hsr' [ 1492.889291][T16572] Cannot create hsr debugfs directory [ 1493.210922][ T13] hsr_slave_0: left promiscuous mode [ 1493.280926][ T13] hsr_slave_1: left promiscuous mode [ 1493.300901][T11838] Bluetooth: hci5: command tx timeout [ 1493.523178][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1494.311001][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 1494.317358][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 1494.500484][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1494.868442][ T13] team0 (unregistering): Port device team_slave_1 removed [ 1494.894401][ T13] team0 (unregistering): Port device team_slave_0 removed [ 1495.059748][T16430] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1495.481097][T11838] Bluetooth: hci5: command tx timeout [ 1496.270954][T16698] delete_channel: no stack [ 1496.330947][ T30] audit: type=1800 audit(1758797021.594:29): pid=16696 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.3014" name="SYSV00000000" dev="tmpfs" ino=17 res=0 errno=0 [ 1497.540891][T11838] Bluetooth: hci5: command tx timeout [ 1498.475284][T16711] delete_channel: no stack [ 1499.291471][ T51] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1499.302352][ T51] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1499.310224][ T51] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1499.890984][ T51] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1499.908442][ T51] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1500.544549][T16722] loop8: detected capacity change from 0 to 4096 [ 1500.660828][T16722] ntfs3(loop8): Different NTFS sector size (1024) and media sector size (512). [ 1500.758925][T16722] ntfs3(loop8): $Secure::$SDH is corrupted. [ 1500.781650][T16722] ntfs3(loop8): Failed to initialize $Secure (-22). [ 1500.889620][T16658] chnl_net:caif_netlink_parms(): no params data found [ 1500.998790][T16722] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1502.122730][ T51] Bluetooth: hci4: command tx timeout [ 1504.317224][ T51] Bluetooth: hci4: command tx timeout [ 1505.689301][T16658] bridge0: port 1(bridge_slave_0) entered blocking state [ 1505.710884][T16658] bridge0: port 1(bridge_slave_0) entered disabled state [ 1505.718179][T16658] bridge_slave_0: entered allmulticast mode [ 1505.771143][T16658] bridge_slave_0: entered promiscuous mode [ 1505.790640][T16658] bridge0: port 2(bridge_slave_1) entered blocking state [ 1505.814224][T16658] bridge0: port 2(bridge_slave_1) entered disabled state [ 1506.042821][T16658] bridge_slave_1: entered allmulticast mode [ 1506.052088][T16658] bridge_slave_1: entered promiscuous mode [ 1506.081733][ T5952] usb 9-1: new high-speed USB device number 59 using dummy_hcd [ 1506.344977][ T51] Bluetooth: hci4: command tx timeout [ 1506.920909][ T5952] usb 9-1: Using ep0 maxpacket: 8 [ 1507.024691][ T5952] usb 9-1: config 162 has an invalid interface number: 84 but max is 0 [ 1507.052219][T16658] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1507.060759][ T5952] usb 9-1: config 162 has no interface number 0 [ 1507.074871][T16658] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1507.090528][ T5952] usb 9-1: config 162 interface 84 has no altsetting 0 [ 1507.144278][ T5952] usb 9-1: New USB device found, idVendor=0e8d, idProduct=763f, bcdDevice=9b.23 [ 1507.167952][ T5952] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1507.200745][ T5952] usb 9-1: Product: syz [ 1507.200787][ T5952] usb 9-1: Manufacturer: syz [ 1507.200818][ T5952] usb 9-1: SerialNumber: syz [ 1507.399947][T16658] team0: Port device team_slave_0 added [ 1507.677656][ T5952] usb 9-1: USB disconnect, device number 59 [ 1507.690050][T16658] team0: Port device team_slave_1 added [ 1507.817257][T16768] delete_channel: no stack [ 1508.478615][ T51] Bluetooth: hci4: command tx timeout [ 1509.108558][T16658] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1509.172617][T16658] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1509.359685][T16658] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1511.787304][T16572] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1512.661172][ T90] usb 9-1: new high-speed USB device number 60 using dummy_hcd [ 1512.706239][T16781] overlayfs: failed lookup in lower (newroot/623, name='file0', err=-40): overlapping layers [ 1512.722269][T16781] overlayfs: failed lookup in lower (newroot/623, name='bus', err=-40): overlapping layers [ 1512.735066][T16781] overlayfs: failed lookup in lower (newroot/623, name='bus', err=-40): overlapping layers [ 1512.803937][T16658] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1512.811134][T16658] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1512.882189][T16658] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1513.119581][ T90] usb 9-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1513.129931][ T90] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1513.160846][ T90] usb 9-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 1513.174383][T16572] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1513.192372][ T90] usb 9-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 1513.196252][T16572] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1513.895578][ T90] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 1513.981079][ T90] usb 9-1: SerialNumber: syz [ 1514.091118][ T90] usb 9-1: can't set config #1, error -71 [ 1514.121859][ T90] usb 9-1: USB disconnect, device number 60 [ 1514.298911][T16572] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1515.236473][T16709] chnl_net:caif_netlink_parms(): no params data found [ 1515.329255][T16658] hsr_slave_0: entered promiscuous mode [ 1515.392380][T16658] hsr_slave_1: entered promiscuous mode [ 1515.405604][T16658] debugfs: 'hsr0' already exists in 'hsr' [ 1515.428166][T16658] Cannot create hsr debugfs directory [ 1516.697961][T16709] bridge0: port 1(bridge_slave_0) entered blocking state [ 1516.858253][T16709] bridge0: port 1(bridge_slave_0) entered disabled state [ 1516.880981][T16709] bridge_slave_0: entered allmulticast mode [ 1516.895797][T16709] bridge_slave_0: entered promiscuous mode [ 1518.006483][T16709] bridge0: port 2(bridge_slave_1) entered blocking state [ 1518.343709][T16709] bridge0: port 2(bridge_slave_1) entered disabled state [ 1518.351559][T16709] bridge_slave_1: entered allmulticast mode [ 1518.359571][T16709] bridge_slave_1: entered promiscuous mode [ 1518.506667][ T30] audit: type=1800 audit(1758797044.294:30): pid=16817 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.3043" name="SYSV00000000" dev="tmpfs" ino=23 res=0 errno=0 [ 1519.117327][ T13] bridge_slave_1: left allmulticast mode [ 1519.154067][ T13] bridge_slave_1: left promiscuous mode [ 1519.160408][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 1519.231393][ T13] bridge_slave_0: left allmulticast mode [ 1519.270815][ T13] bridge_slave_0: left promiscuous mode [ 1519.276649][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 1519.794135][ T13] bridge_slave_1: left allmulticast mode [ 1519.808347][ T13] bridge_slave_1: left promiscuous mode [ 1519.814261][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 1519.840508][ T13] bridge_slave_0: left allmulticast mode [ 1519.850386][ T13] bridge_slave_0: left promiscuous mode [ 1519.856874][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 1520.202020][ T5952] usb 2-1: new high-speed USB device number 69 using dummy_hcd [ 1520.202931][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1520.279631][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1520.312479][ T13] bond0 (unregistering): Released all slaves [ 1520.373988][ T5952] usb 2-1: Using ep0 maxpacket: 8 [ 1520.381298][ T5952] usb 2-1: config 162 has an invalid interface number: 84 but max is 0 [ 1520.430990][ T5952] usb 2-1: config 162 has no interface number 0 [ 1520.482064][ T5952] usb 2-1: config 162 interface 84 has no altsetting 0 [ 1520.513990][ T5952] usb 2-1: New USB device found, idVendor=0e8d, idProduct=763f, bcdDevice=9b.23 [ 1520.536396][ T5952] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1520.555878][ T5952] usb 2-1: Product: syz [ 1520.567254][ T5952] usb 2-1: Manufacturer: syz [ 1520.572577][ T5952] usb 2-1: SerialNumber: syz [ 1521.572259][ T5952] usb 2-1: USB disconnect, device number 69 [ 1521.663427][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1521.711409][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1521.750269][ T13] bond0 (unregistering): Released all slaves [ 1521.854601][T16833] 9pnet_fd: Insufficient options for proto=fd [ 1522.068013][ T13] hsr_slave_0: left promiscuous mode [ 1522.108099][ T13] hsr_slave_1: left promiscuous mode [ 1522.125729][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1522.140644][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1522.154370][ T13] hsr_slave_0: left promiscuous mode [ 1522.161838][ T13] hsr_slave_1: left promiscuous mode [ 1522.170978][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1522.181269][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1523.374309][ T13] team0 (unregistering): Port device team_slave_1 removed [ 1524.493482][ T13] team0 (unregistering): Port device team_slave_0 removed [ 1526.633722][ T13] team0 (unregistering): Port device team_slave_1 removed [ 1526.758125][ T13] team0 (unregistering): Port device team_slave_0 removed [ 1527.207394][T16865] overlayfs: failed lookup in lower (newroot/631, name='file0', err=-40): overlapping layers [ 1527.259335][T16865] overlayfs: failed lookup in lower (newroot/631, name='bus', err=-40): overlapping layers [ 1527.286227][T16865] overlayfs: failed lookup in lower (newroot/631, name='bus', err=-40): overlapping layers [ 1527.599736][T16709] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1527.631713][T16709] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1528.862603][T16709] team0: Port device team_slave_0 added [ 1528.958322][T16709] team0: Port device team_slave_1 added [ 1529.323815][T16709] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1529.338684][T16709] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1529.367352][ C1] vkms_vblank_simulate: vblank timer overrun [ 1529.491045][T16709] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1529.633241][T16709] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1529.640202][T16709] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1529.811314][T16709] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1532.548412][T16709] hsr_slave_0: entered promiscuous mode [ 1532.589593][T16709] hsr_slave_1: entered promiscuous mode [ 1534.457995][T11838] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1534.468871][T11838] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1534.478151][T11838] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1534.496475][T11838] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1534.505079][T11838] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1536.731041][T11838] Bluetooth: hci3: command tx timeout [ 1538.746123][T11838] Bluetooth: hci3: command tx timeout [ 1538.898967][T16658] netdevsim netdevsim9 netdevsim0: renamed from eth0 [ 1540.371574][T16658] netdevsim netdevsim9 netdevsim1: renamed from eth1 [ 1540.851979][T11838] Bluetooth: hci3: command tx timeout [ 1541.577286][T16658] netdevsim netdevsim9 netdevsim2: renamed from eth2 [ 1541.901061][T16658] netdevsim netdevsim9 netdevsim3: renamed from eth3 [ 1545.401651][T11838] Bluetooth: hci3: command tx timeout [ 1546.824549][T16658] kthread_run failed with err -4 [ 1547.558746][T16893] chnl_net:caif_netlink_parms(): no params data found [ 1547.809051][ T13] bridge_slave_1: left allmulticast mode [ 1547.830744][ T13] bridge_slave_1: left promiscuous mode [ 1547.841229][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 1547.883005][ T13] bridge_slave_0: left allmulticast mode [ 1547.888947][ T13] bridge_slave_0: left promiscuous mode [ 1547.895148][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 1548.519402][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1548.649037][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1548.837223][ T13] bond0 (unregistering): Released all slaves [ 1549.677190][ T13] hsr_slave_0: left promiscuous mode [ 1549.683573][ T13] hsr_slave_1: left promiscuous mode [ 1549.689698][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1549.764128][ T51] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 1549.773669][ T51] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 1549.783063][ T51] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 1549.792242][ T51] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 1549.800791][ T51] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 1549.842136][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1551.090781][ T43] usb 6-1: new high-speed USB device number 94 using dummy_hcd [ 1551.268137][ T43] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1551.291524][ T13] team0 (unregistering): Port device team_slave_1 removed [ 1551.322849][ T43] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1551.352377][ T43] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 1551.377447][ T43] usb 6-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 1551.403003][ T43] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 1551.422235][ T13] team0 (unregistering): Port device team_slave_0 removed [ 1551.431455][ T43] usb 6-1: SerialNumber: syz [ 1551.867311][ T43] usb 6-1: 0:2 : does not exist [ 1551.868366][ T51] Bluetooth: hci5: command tx timeout [ 1551.880289][ T43] usb 6-1: unit 5 not found! [ 1552.198200][ T43] usb 6-1: USB disconnect, device number 94 [ 1553.494862][T16929] udevd[16929]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1553.943004][ T51] Bluetooth: hci5: command tx timeout [ 1555.934667][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 1555.947612][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 1556.035662][ T51] Bluetooth: hci5: command tx timeout [ 1557.295909][T16893] bridge0: port 1(bridge_slave_0) entered blocking state [ 1557.371084][T16893] bridge0: port 1(bridge_slave_0) entered disabled state [ 1558.271287][ T51] Bluetooth: hci5: command tx timeout [ 1559.070661][T16893] bridge_slave_0: entered allmulticast mode [ 1559.113545][T16893] bridge_slave_0: entered promiscuous mode [ 1559.152542][T16893] bridge0: port 2(bridge_slave_1) entered blocking state [ 1559.160074][T16893] bridge0: port 2(bridge_slave_1) entered disabled state [ 1559.251062][T16893] bridge_slave_1: entered allmulticast mode [ 1559.260157][T16893] bridge_slave_1: entered promiscuous mode [ 1561.420768][ T30] audit: type=1800 audit(1758797086.754:31): pid=17007 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.3088" name="SYSV00000000" dev="tmpfs" ino=20 res=0 errno=0 [ 1561.974119][T16893] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1562.198544][T16893] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1563.184933][T11838] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 1563.221251][T11838] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 1563.231543][T11838] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 1563.258908][T11838] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 1563.308216][T11838] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 1563.362280][T16893] team0: Port device team_slave_0 added [ 1563.371785][T16893] team0: Port device team_slave_1 added [ 1564.903694][T16893] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1565.066930][T16893] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1565.101278][ C1] vkms_vblank_simulate: vblank timer overrun [ 1565.120754][T16893] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1565.828217][T11838] Bluetooth: hci6: command tx timeout [ 1566.095987][T16893] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1566.143347][T16893] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1566.179016][T16893] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1567.351014][T16893] hsr_slave_0: entered promiscuous mode [ 1567.357797][T16893] hsr_slave_1: entered promiscuous mode [ 1567.375546][T16893] debugfs: 'hsr0' already exists in 'hsr' [ 1567.390747][T16893] Cannot create hsr debugfs directory [ 1568.130784][T11838] Bluetooth: hci6: command tx timeout [ 1570.722735][T11838] Bluetooth: hci6: command tx timeout [ 1570.739007][T17050] IPVS: lblc: FWM 3 0x00000003 - no destination available [ 1572.338257][T16953] chnl_net:caif_netlink_parms(): no params data found [ 1572.741758][T11838] Bluetooth: hci6: command tx timeout [ 1573.894028][T16953] bridge0: port 1(bridge_slave_0) entered blocking state [ 1573.926236][T16953] bridge0: port 1(bridge_slave_0) entered disabled state [ 1574.015408][T17083] overlayfs: failed lookup in lower (newroot/471, name='file0', err=-40): overlapping layers [ 1574.040404][T17083] overlayfs: failed lookup in lower (newroot/471, name='bus', err=-40): overlapping layers [ 1574.058228][T17083] overlayfs: failed lookup in lower (newroot/471, name='bus', err=-40): overlapping layers [ 1574.088120][T16953] bridge_slave_0: entered allmulticast mode [ 1574.181650][T16953] bridge_slave_0: entered promiscuous mode [ 1574.600968][T17013] chnl_net:caif_netlink_parms(): no params data found [ 1574.619116][T16953] bridge0: port 2(bridge_slave_1) entered blocking state [ 1574.714828][T16953] bridge0: port 2(bridge_slave_1) entered disabled state [ 1574.734976][T16953] bridge_slave_1: entered allmulticast mode [ 1574.750009][T16953] bridge_slave_1: entered promiscuous mode [ 1575.256242][T16953] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1575.305783][T16953] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1575.834747][T16953] team0: Port device team_slave_0 added [ 1576.103795][T16953] team0: Port device team_slave_1 added [ 1577.041080][T16953] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1577.057626][T16953] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1577.099800][T16953] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1577.183507][T16953] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1577.190480][T16953] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1577.216600][T16953] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1577.243291][T17013] bridge0: port 1(bridge_slave_0) entered blocking state [ 1577.250494][T17013] bridge0: port 1(bridge_slave_0) entered disabled state [ 1577.270922][T17013] bridge_slave_0: entered allmulticast mode [ 1577.307411][T17013] bridge_slave_0: entered promiscuous mode [ 1577.358098][T17013] bridge0: port 2(bridge_slave_1) entered blocking state [ 1577.375315][T17013] bridge0: port 2(bridge_slave_1) entered disabled state [ 1577.383406][T17013] bridge_slave_1: entered allmulticast mode [ 1577.404412][T17013] bridge_slave_1: entered promiscuous mode [ 1577.767199][T17013] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1577.814212][T17013] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1578.183507][T16953] hsr_slave_0: entered promiscuous mode [ 1578.190837][T16953] hsr_slave_1: entered promiscuous mode [ 1578.539706][T16953] debugfs: 'hsr0' already exists in 'hsr' [ 1578.546027][T16953] Cannot create hsr debugfs directory [ 1578.820059][T17013] team0: Port device team_slave_0 added [ 1579.232828][T17013] team0: Port device team_slave_1 added [ 1579.858338][T17013] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1579.889008][T17013] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1579.914938][ C0] vkms_vblank_simulate: vblank timer overrun [ 1580.105582][T17013] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1580.153762][T17013] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1580.398679][T17013] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1580.424725][ C0] vkms_vblank_simulate: vblank timer overrun [ 1580.482208][T17013] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1580.708184][T16893] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1580.891803][ T13] bridge_slave_1: left allmulticast mode [ 1580.897472][ T13] bridge_slave_1: left promiscuous mode [ 1580.941236][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 1581.010352][ T13] bridge_slave_0: left allmulticast mode [ 1581.020061][ T13] bridge_slave_0: left promiscuous mode [ 1581.051277][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 1581.087876][ T13] bridge_slave_1: left allmulticast mode [ 1581.119072][T17117] overlayfs: failed lookup in lower (newroot/664, name='file0', err=-40): overlapping layers [ 1581.187857][T17117] overlayfs: failed lookup in lower (newroot/664, name='bus', err=-40): overlapping layers [ 1581.200912][T17117] overlayfs: failed lookup in lower (newroot/664, name='bus', err=-40): overlapping layers [ 1581.230928][ T13] bridge_slave_1: left promiscuous mode [ 1581.236710][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 1581.254831][ T13] bridge_slave_0: left allmulticast mode [ 1581.261684][ T13] bridge_slave_0: left promiscuous mode [ 1581.274343][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 1581.999575][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1582.151579][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1582.242630][ T13] bond0 (unregistering): Released all slaves [ 1583.061455][T17126] loop5: detected capacity change from 0 to 1024 [ 1583.076686][T17126] hfsplus: Unknown parameter 'rarrier' [ 1584.275287][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1584.433205][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1584.486569][ T13] bond0 (unregistering): Released all slaves [ 1584.684061][ T13] hsr_slave_0: left promiscuous mode [ 1584.710135][ T13] hsr_slave_1: left promiscuous mode [ 1584.723802][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1584.766287][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1584.840201][ T13] hsr_slave_0: left promiscuous mode [ 1584.864812][ T13] hsr_slave_1: left promiscuous mode [ 1584.873411][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1584.885121][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1586.324015][ T13] team0 (unregistering): Port device team_slave_1 removed [ 1587.117078][ T13] team0 (unregistering): Port device team_slave_0 removed [ 1587.124935][ T30] audit: type=1800 audit(1758797112.244:32): pid=17145 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.8.3121" name="SYSV00000000" dev="tmpfs" ino=17 res=0 errno=0 [ 1590.775749][ T13] team0 (unregistering): Port device team_slave_1 removed [ 1590.836064][ T13] team0 (unregistering): Port device team_slave_0 removed [ 1591.029950][T16893] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1591.134714][T17013] hsr_slave_0: entered promiscuous mode [ 1591.153720][T17013] hsr_slave_1: entered promiscuous mode [ 1594.291639][ T51] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1594.321498][ T51] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1594.331055][ T51] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1594.361344][ T51] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1594.369180][ T51] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1594.401748][T16953] netdevsim netdevsim9 netdevsim0: renamed from eth0 [ 1594.453161][T16953] netdevsim netdevsim9 netdevsim1: renamed from eth1 [ 1594.666572][T17180] rdma_op ffff888054ea39f0 conn xmit_rdma 0000000000000000 [ 1594.729545][T16953] netdevsim netdevsim9 netdevsim2: renamed from eth2 [ 1594.857692][T16953] netdevsim netdevsim9 netdevsim3: renamed from eth3 [ 1596.219249][ T13] bridge_slave_1: left allmulticast mode [ 1596.245363][ T13] bridge_slave_1: left promiscuous mode [ 1596.277621][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 1596.302029][ T13] bridge_slave_0: left allmulticast mode [ 1596.307774][ T13] bridge_slave_0: left promiscuous mode [ 1596.332842][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 1596.420921][ T51] Bluetooth: hci3: command tx timeout [ 1596.614419][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1596.644903][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1596.678881][ T13] bond0 (unregistering): Released all slaves [ 1597.367485][ T13] hsr_slave_0: left promiscuous mode [ 1597.449353][ T13] hsr_slave_1: left promiscuous mode [ 1597.472747][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1597.481237][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1598.510335][ T51] Bluetooth: hci3: command tx timeout [ 1599.206024][ T13] team0 (unregistering): Port device team_slave_1 removed [ 1599.367735][ T13] team0 (unregistering): Port device team_slave_0 removed [ 1599.813595][T17215] loop8: detected capacity change from 0 to 32768 [ 1599.836867][T17215] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop8 (7:8) scanned by syz.8.3137 (17215) [ 1599.855297][T17215] BTRFS info (device loop8): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 1599.867105][T17215] BTRFS info (device loop8): using sha256 (sha256-lib) checksum algorithm [ 1600.285082][T17215] BTRFS info (device loop8): enabling ssd optimizations [ 1600.292528][T17215] BTRFS info (device loop8): enabling free space tree [ 1600.590808][ T51] Bluetooth: hci3: command tx timeout [ 1601.191382][ T8167] BTRFS info (device loop8): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 1601.502701][T17013] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1602.181000][T17013] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1602.671520][ T51] Bluetooth: hci3: command tx timeout [ 1602.748867][T17013] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1602.852511][T16953] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1602.908255][T17177] chnl_net:caif_netlink_parms(): no params data found [ 1602.994046][T17013] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1603.937170][T16953] 8021q: adding VLAN 0 to HW filter on device team0 [ 1604.999122][ T6018] bridge0: port 1(bridge_slave_0) entered blocking state [ 1605.006339][ T6018] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1605.041355][T17177] bridge0: port 1(bridge_slave_0) entered blocking state [ 1605.057690][T17177] bridge0: port 1(bridge_slave_0) entered disabled state [ 1605.071141][T17177] bridge_slave_0: entered allmulticast mode [ 1605.093665][T17177] bridge_slave_0: entered promiscuous mode [ 1605.122960][T17177] bridge0: port 2(bridge_slave_1) entered blocking state [ 1605.139095][T17177] bridge0: port 2(bridge_slave_1) entered disabled state [ 1605.156356][T17177] bridge_slave_1: entered allmulticast mode [ 1605.168818][T17177] bridge_slave_1: entered promiscuous mode [ 1605.233483][ T6018] bridge0: port 2(bridge_slave_1) entered blocking state [ 1605.240729][ T6018] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1605.267455][T17271] loop8: detected capacity change from 0 to 4096 [ 1605.292049][T17271] ntfs3(loop8): Different NTFS sector size (1024) and media sector size (512). [ 1605.363723][T17177] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1605.383042][T17177] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1605.400984][T17271] ntfs3(loop8): $Secure::$SDH is corrupted. [ 1605.438569][T17271] ntfs3(loop8): Failed to initialize $Secure (-22). [ 1605.503111][T17271] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1605.643569][T17177] team0: Port device team_slave_0 added [ 1605.672329][T17177] team0: Port device team_slave_1 added [ 1605.837688][T17177] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1605.856174][T17177] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1605.882140][ C0] vkms_vblank_simulate: vblank timer overrun [ 1605.898915][T17177] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1605.954693][T17177] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1606.011369][T17177] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1606.106423][T17177] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1606.371360][T17177] hsr_slave_0: entered promiscuous mode [ 1606.378112][T17177] hsr_slave_1: entered promiscuous mode [ 1606.425870][T17177] debugfs: 'hsr0' already exists in 'hsr' [ 1606.457850][T17177] Cannot create hsr debugfs directory [ 1606.472722][T17013] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1606.616939][T17278] overlayfs: failed lookup in lower (newroot/665, name='file0', err=-40): overlapping layers [ 1606.674112][T17278] overlayfs: failed lookup in lower (newroot/665, name='bus', err=-40): overlapping layers [ 1606.685720][T17278] overlayfs: failed lookup in lower (newroot/665, name='bus', err=-40): overlapping layers [ 1607.166850][T17013] 8021q: adding VLAN 0 to HW filter on device team0 [ 1607.619007][T15844] bridge0: port 1(bridge_slave_0) entered blocking state [ 1607.626530][T15844] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1608.694018][ T6018] bridge0: port 2(bridge_slave_1) entered blocking state [ 1608.701176][ T6018] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1609.445508][T17177] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1609.503793][T17177] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1609.643277][T17177] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1609.681488][T17177] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1609.855453][T17013] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1610.003505][T17177] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1610.016460][T17013] veth0_vlan: entered promiscuous mode [ 1610.040181][T17013] veth1_vlan: entered promiscuous mode [ 1610.176790][T17177] 8021q: adding VLAN 0 to HW filter on device team0 [ 1610.690219][T17013] veth0_macvtap: entered promiscuous mode [ 1611.424015][T15844] bridge0: port 1(bridge_slave_0) entered blocking state [ 1611.431214][T15844] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1611.652408][ T4616] bridge0: port 2(bridge_slave_1) entered blocking state [ 1611.659604][ T4616] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1611.671191][T17313] rdma_op ffff88804fed69f0 conn xmit_rdma 0000000000000000 [ 1611.822297][T17013] veth1_macvtap: entered promiscuous mode [ 1613.782728][T17013] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1614.039863][ T13] bridge_slave_1: left allmulticast mode [ 1614.053840][ T13] bridge_slave_1: left promiscuous mode [ 1614.059635][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 1614.981411][T11838] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1614.991372][T11838] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1615.000012][T11838] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1615.051152][T11838] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1615.071470][T11838] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1615.100146][ T13] bridge_slave_0: left allmulticast mode [ 1615.145436][ T13] bridge_slave_0: left promiscuous mode [ 1615.183728][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 1616.575732][T17338] rdma_op ffff88807ad091f0 conn xmit_rdma 0000000000000000 [ 1616.842219][ T90] usb 9-1: new high-speed USB device number 61 using dummy_hcd [ 1616.986218][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 1616.992677][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 1617.141308][T11838] Bluetooth: hci4: command tx timeout [ 1617.380060][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1617.439525][T17342] loop1: detected capacity change from 0 to 4096 [ 1617.695213][T17342] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [ 1617.775552][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1618.722502][T17342] ntfs3(loop1): $Secure::$SDH is corrupted. [ 1618.824859][T17342] ntfs3(loop1): Failed to initialize $Secure (-22). [ 1618.861049][ T13] bond0 (unregistering): Released all slaves [ 1618.883535][T17342] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1619.222877][T11838] Bluetooth: hci4: command tx timeout [ 1619.229616][ T13] hsr_slave_0: left promiscuous mode [ 1619.276404][ T13] hsr_slave_1: left promiscuous mode [ 1619.321269][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1619.362153][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1621.440590][T11838] Bluetooth: hci4: command tx timeout [ 1622.081667][ T13] team0 (unregistering): Port device team_slave_1 removed [ 1623.146345][ T51] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 1623.165087][ T51] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 1623.286047][ T51] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 1623.385941][ T51] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 1623.403999][ T51] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 1623.471978][T11838] Bluetooth: hci4: command tx timeout [ 1625.462636][ T51] Bluetooth: hci5: command tx timeout [ 1626.474984][ T13] team0 (unregistering): Port device team_slave_0 removed [ 1627.550754][ T51] Bluetooth: hci5: command tx timeout [ 1629.063518][T17394] random: crng reseeded on system resumption [ 1629.475501][T17177] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1629.620888][ T51] Bluetooth: hci5: command tx timeout [ 1630.983193][T17406] 9pnet_fd: Insufficient options for proto=fd [ 1631.333231][T17325] chnl_net:caif_netlink_parms(): no params data found [ 1631.705809][ T51] Bluetooth: hci5: command tx timeout [ 1632.356781][T17325] bridge0: port 1(bridge_slave_0) entered blocking state [ 1632.392693][T17325] bridge0: port 1(bridge_slave_0) entered disabled state [ 1632.441133][T17325] bridge_slave_0: entered allmulticast mode [ 1632.457988][T17325] bridge_slave_0: entered promiscuous mode [ 1632.505685][T17177] veth0_vlan: entered promiscuous mode [ 1632.561217][T17325] bridge0: port 2(bridge_slave_1) entered blocking state [ 1632.822935][T17325] bridge0: port 2(bridge_slave_1) entered disabled state [ 1632.830326][T17325] bridge_slave_1: entered allmulticast mode [ 1633.755118][T17325] bridge_slave_1: entered promiscuous mode [ 1633.782803][T17365] chnl_net:caif_netlink_parms(): no params data found [ 1634.098671][T17177] veth1_vlan: entered promiscuous mode [ 1634.247277][T17325] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1634.602954][T17325] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1635.672269][T17365] bridge0: port 1(bridge_slave_0) entered blocking state [ 1635.689552][T17365] bridge0: port 1(bridge_slave_0) entered disabled state [ 1635.699721][T17365] bridge_slave_0: entered allmulticast mode [ 1635.732684][T17365] bridge_slave_0: entered promiscuous mode [ 1635.756137][T17365] bridge0: port 2(bridge_slave_1) entered blocking state [ 1635.778364][T17365] bridge0: port 2(bridge_slave_1) entered disabled state [ 1635.818403][T17365] bridge_slave_1: entered allmulticast mode [ 1635.836682][T17365] bridge_slave_1: entered promiscuous mode [ 1635.953714][T17325] team0: Port device team_slave_0 added [ 1636.258170][T17325] team0: Port device team_slave_1 added [ 1636.389788][ T13] bridge_slave_1: left allmulticast mode [ 1636.397835][ T13] bridge_slave_1: left promiscuous mode [ 1636.433837][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 1636.456283][ T13] bridge_slave_0: left allmulticast mode [ 1636.490892][ T13] bridge_slave_0: left promiscuous mode [ 1636.501358][ T13] bridge0: port 1(bridge_slave_0) entered disabled state [ 1637.108550][T17443] fuse: Bad value for 'fd' [ 1637.147781][ T30] audit: type=1800 audit(1758797162.954:33): pid=17443 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.3180" name="file1" dev="tmpfs" ino=3722 res=0 errno=0 [ 1637.540128][T17448] Bluetooth: hci6: Frame reassembly failed (-84) [ 1638.041745][ T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1638.068383][ T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1638.091439][ T13] bond0 (unregistering): Released all slaves [ 1638.180540][T17365] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1638.273792][T17177] veth0_macvtap: entered promiscuous mode [ 1638.347734][T17365] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1638.429933][T17177] veth1_macvtap: entered promiscuous mode [ 1638.523541][ T13] hsr_slave_0: left promiscuous mode [ 1638.529755][ T13] hsr_slave_1: left promiscuous mode [ 1638.758230][ T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1638.771163][ T13] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1638.781813][ T13] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1638.898103][T17454] netlink: 56 bytes leftover after parsing attributes in process `syz.1.3183'. [ 1639.457969][ T13] veth1_macvtap: left promiscuous mode [ 1639.468102][ T13] veth0_macvtap: left promiscuous mode [ 1639.484707][ T13] veth1_vlan: left promiscuous mode [ 1639.494764][ T13] veth0_vlan: left promiscuous mode [ 1639.621421][T11838] Bluetooth: hci6: command 0xfc11 tx timeout [ 1639.629712][ T51] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 1640.527591][T17466] IPVS: lblc: FWM 3 0x00000003 - no destination available [ 1641.166121][ T13] team0 (unregistering): Port device team_slave_1 removed [ 1641.378439][ T13] team0 (unregistering): Port device team_slave_0 removed [ 1642.609098][T17325] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1642.617111][T17325] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1642.647914][T17325] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1643.081704][T17325] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1643.088686][T17325] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1643.869501][T17325] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1643.917343][T17365] team0: Port device team_slave_0 added [ 1644.939314][T17485] loop8: detected capacity change from 0 to 4096 [ 1644.950996][T17485] ntfs3(loop8): Different NTFS sector size (1024) and media sector size (512). [ 1645.001835][T17485] ntfs3(loop8): $Secure::$SDH is corrupted. [ 1645.008018][T17485] ntfs3(loop8): Failed to initialize $Secure (-22). [ 1645.058631][T17491] 9pnet_fd: Insufficient options for proto=fd [ 1645.065825][T17485] overlayfs: failed to resolve './file1': -2 [ 1645.099192][T17365] team0: Port device team_slave_1 added [ 1646.332790][T17325] hsr_slave_0: entered promiscuous mode [ 1646.402676][T17325] hsr_slave_1: entered promiscuous mode [ 1646.462564][T17365] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1646.610197][T17365] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1646.636230][ C1] vkms_vblank_simulate: vblank timer overrun [ 1646.828460][T17365] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1646.890570][T17365] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1646.902996][T17365] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1646.956138][T17365] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1647.157276][T17177] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1647.356411][T17177] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1647.920662][T17365] hsr_slave_0: entered promiscuous mode [ 1647.979481][T17365] hsr_slave_1: entered promiscuous mode [ 1647.999743][T17365] debugfs: 'hsr0' already exists in 'hsr' [ 1648.015836][T17365] Cannot create hsr debugfs directory [ 1648.047220][T13785] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1648.061684][ T1145] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1648.088257][ T1145] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1648.127100][ T1145] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1650.281720][ T76] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1650.298617][ T76] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1650.870514][T15844] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1650.968596][T15844] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1655.584193][ T90] usb 6-1: new high-speed USB device number 95 using dummy_hcd [ 1655.763449][ T90] usb 6-1: Using ep0 maxpacket: 8 [ 1655.881284][ T90] usb 6-1: config 162 has an invalid interface number: 84 but max is 0 [ 1655.883839][T17365] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1655.890873][ T90] usb 6-1: config 162 has no interface number 0 [ 1656.862156][ T90] usb 6-1: config 162 interface 84 has no altsetting 0 [ 1656.909224][ T90] usb 6-1: New USB device found, idVendor=0e8d, idProduct=763f, bcdDevice=9b.23 [ 1656.929401][T17365] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1656.940961][ T90] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1656.999336][ T90] usb 6-1: Product: syz [ 1657.015160][T17365] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1657.021441][ T90] usb 6-1: Manufacturer: syz [ 1657.040619][ T90] usb 6-1: SerialNumber: syz [ 1657.118196][T17365] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1657.796390][ T90] usb 6-1: USB disconnect, device number 95 [ 1657.860104][T17325] netdevsim netdevsim9 netdevsim0: renamed from eth0 [ 1657.976520][T17325] netdevsim netdevsim9 netdevsim1: renamed from eth1 [ 1658.086693][T17325] netdevsim netdevsim9 netdevsim2: renamed from eth2 [ 1658.203699][T17325] netdevsim netdevsim9 netdevsim3: renamed from eth3 [ 1658.613891][T17562] netlink: 56 bytes leftover after parsing attributes in process `syz.3.3210'. [ 1663.449808][T17365] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1663.649007][T17365] 8021q: adding VLAN 0 to HW filter on device team0 [ 1663.831424][T17325] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1663.877778][ T4616] bridge0: port 1(bridge_slave_0) entered blocking state [ 1663.885045][ T4616] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1663.964226][ T6018] bridge0: port 2(bridge_slave_1) entered blocking state [ 1663.971509][ T6018] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1664.075533][T17325] 8021q: adding VLAN 0 to HW filter on device team0 [ 1664.250318][ T4616] bridge0: port 1(bridge_slave_0) entered blocking state [ 1664.257492][ T4616] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1665.245167][ T4616] bridge0: port 2(bridge_slave_1) entered blocking state [ 1665.252346][ T4616] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1666.806907][ T2148] usb 2-1: new high-speed USB device number 70 using dummy_hcd [ 1669.673551][ T2148] usb 2-1: Using ep0 maxpacket: 8 [ 1670.326662][ T2148] usb 2-1: device descriptor read/all, error -71 [ 1671.535667][T17625] netlink: 56 bytes leftover after parsing attributes in process `syz.1.3224'. [ 1672.522055][T17365] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1672.991094][T17638] Bluetooth: hci6: Frame reassembly failed (-84) [ 1673.202481][T17365] veth0_vlan: entered promiscuous mode [ 1673.422807][T15844] Bluetooth: hci6: Frame reassembly failed (-84) [ 1673.469193][T17365] veth1_vlan: entered promiscuous mode [ 1673.978436][T17365] veth0_macvtap: entered promiscuous mode [ 1674.023390][T17365] veth1_macvtap: entered promiscuous mode [ 1674.147896][T17365] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1674.229233][T17365] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1674.289953][ T13] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1674.407224][ T13] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1674.491530][ T13] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1674.800500][ T13] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1675.060954][ T51] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 1675.322484][T17649] 9pnet_fd: Insufficient options for proto=fd [ 1675.624709][ T51] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1675.641963][ T51] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1675.656830][ T51] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1675.671144][ T51] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1675.678915][ T51] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1676.899868][ T1145] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1677.020867][ T1145] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1677.066079][T17661] 9pnet_fd: Insufficient options for proto=fd [ 1677.155112][T17664] 9pnet_fd: Insufficient options for proto=fd [ 1677.496540][ T5989] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1677.569864][ T5989] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1677.712630][T11838] Bluetooth: hci4: command tx timeout [ 1678.164513][ T12] bridge_slave_1: left allmulticast mode [ 1678.170216][ T12] bridge_slave_1: left promiscuous mode [ 1678.208504][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 1678.265377][ T12] bridge_slave_0: left allmulticast mode [ 1678.561517][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 1678.567869][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 1678.609559][T17675] loop0: detected capacity change from 0 to 32768 [ 1678.720334][T17677] netlink: 56 bytes leftover after parsing attributes in process `syz.8.3236'. [ 1678.734969][T17675] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.2639 (17675) [ 1679.206024][ T12] bridge_slave_0: left promiscuous mode [ 1679.212255][T17675] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 1679.212548][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 1679.222624][T17675] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm [ 1679.562475][T17675] BTRFS info (device loop0): enabling ssd optimizations [ 1679.569497][T17675] BTRFS info (device loop0): enabling free space tree [ 1679.789302][T11838] Bluetooth: hci4: command tx timeout [ 1681.009457][T17365] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 1681.861007][T11838] Bluetooth: hci4: command tx timeout [ 1684.021182][T11838] Bluetooth: hci4: command tx timeout [ 1685.594874][T17711] overlayfs: failed lookup in lower (newroot/706, name='file0', err=-40): overlapping layers [ 1685.612521][T17711] overlayfs: failed lookup in lower (newroot/706, name='bus', err=-40): overlapping layers [ 1685.625885][T17711] overlayfs: failed lookup in lower (newroot/706, name='bus', err=-40): overlapping layers [ 1685.973057][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1686.023819][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1686.109408][ T12] bond0 (unregistering): Released all slaves [ 1687.790124][ T12] hsr_slave_0: left promiscuous mode [ 1687.805375][ T12] hsr_slave_1: left promiscuous mode [ 1687.968064][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1688.026313][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1688.544305][T17728] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3243'. [ 1691.274486][ T12] team0 (unregistering): Port device team_slave_1 removed [ 1692.081874][T17748] Bluetooth: hci6: Frame reassembly failed (-84) [ 1692.696371][ T12] team0 (unregistering): Port device team_slave_0 removed [ 1693.467714][T17750] 9pnet_fd: Insufficient options for proto=fd [ 1695.746459][T11838] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 1695.756843][ T51] Bluetooth: hci6: command 0xfc11 tx timeout [ 1698.257239][T17771] netlink: 56 bytes leftover after parsing attributes in process `syz.8.3253'. [ 1699.081162][T17773] overlayfs: failed lookup in lower (newroot/14, name='file0', err=-40): overlapping layers [ 1699.107894][T17773] overlayfs: failed lookup in lower (newroot/14, name='bus', err=-40): overlapping layers [ 1699.120490][T17773] overlayfs: failed lookup in lower (newroot/14, name='bus', err=-40): overlapping layers [ 1702.210875][ T6033] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 1704.277035][T17650] chnl_net:caif_netlink_parms(): no params data found [ 1704.288228][ T6033] usb 1-1: Using ep0 maxpacket: 8 [ 1704.351813][ T6033] usb 1-1: config 162 has an invalid interface number: 84 but max is 0 [ 1704.374294][ T6033] usb 1-1: config 162 has no interface number 0 [ 1704.384614][ T6033] usb 1-1: config 162 interface 84 has no altsetting 0 [ 1704.433173][ T6033] usb 1-1: New USB device found, idVendor=0e8d, idProduct=763f, bcdDevice=9b.23 [ 1704.450834][ T6033] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1704.467453][ T6033] usb 1-1: Product: syz [ 1704.472906][ T6033] usb 1-1: Manufacturer: syz [ 1704.477491][ T6033] usb 1-1: SerialNumber: syz [ 1704.780923][ T6033] usb 1-1: can't set config #162, error -71 [ 1704.802279][ T6033] usb 1-1: USB disconnect, device number 3 [ 1704.967636][T17791] IPVS: lblc: FWM 3 0x00000003 - no destination available [ 1705.105152][T17797] random: crng reseeded on system resumption [ 1705.242728][T17650] bridge0: port 1(bridge_slave_0) entered blocking state [ 1705.558025][T17650] bridge0: port 1(bridge_slave_0) entered disabled state [ 1706.444783][T17650] bridge_slave_0: entered allmulticast mode [ 1706.453008][T17650] bridge_slave_0: entered promiscuous mode [ 1706.604231][T17650] bridge0: port 2(bridge_slave_1) entered blocking state [ 1706.697793][T17650] bridge0: port 2(bridge_slave_1) entered disabled state [ 1706.781152][T17650] bridge_slave_1: entered allmulticast mode [ 1706.944660][T17650] bridge_slave_1: entered promiscuous mode [ 1708.076932][T17650] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1708.125114][T17650] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1708.288692][T17650] team0: Port device team_slave_0 added [ 1708.319937][T17650] team0: Port device team_slave_1 added [ 1708.336972][T17813] loop5: detected capacity change from 0 to 4096 [ 1708.369621][T17813] ntfs3(loop5): Different NTFS sector size (1024) and media sector size (512). [ 1709.600858][T17813] ntfs3(loop5): $Secure::$SDH is corrupted. [ 1709.606879][T17813] ntfs3(loop5): Failed to initialize $Secure (-22). [ 1710.712810][T17650] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1710.719798][T17650] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1710.764457][T17813] overlayfs: overlapping lowerdir path [ 1710.996244][T17650] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1711.126276][T17650] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1711.252384][T17650] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1711.339954][T17650] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1712.166946][T17650] hsr_slave_0: entered promiscuous mode [ 1712.247187][T17833] overlayfs: failed lookup in lower (newroot/692, name='bus', err=-40): overlapping layers [ 1712.446952][T17832] overlayfs: failed lookup in lower (newroot/692, name='bus', err=-40): overlapping layers [ 1712.552113][T17650] hsr_slave_1: entered promiscuous mode [ 1714.592887][T17839] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3272'. [ 1715.631850][T17851] overlayfs: failed lookup in lower (newroot/714, name='bus', err=-40): overlapping layers [ 1715.684690][T17849] overlayfs: failed lookup in lower (newroot/714, name='bus', err=-40): overlapping layers [ 1717.093766][T17650] netdevsim netdevsim9 netdevsim0: renamed from eth0 [ 1717.312509][T17650] netdevsim netdevsim9 netdevsim1: renamed from eth1 [ 1718.058635][T17650] netdevsim netdevsim9 netdevsim2: renamed from eth2 [ 1718.672468][T17650] netdevsim netdevsim9 netdevsim3: renamed from eth3 [ 1718.785717][T17858] delete_channel: no stack [ 1720.739665][T17873] Bluetooth: hci6: Frame reassembly failed (-84) [ 1720.852921][ T4616] Bluetooth: hci6: Frame reassembly failed (-84) [ 1721.383980][T17875] 9pnet_fd: Insufficient options for proto=fd [ 1721.553196][ T5889] Bluetooth: hci3: command 0x0406 tx timeout [ 1721.727336][T17650] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1721.967981][T17877] loop0: detected capacity change from 0 to 32768 [ 1721.995881][T17877] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.3282 (17877) [ 1722.012244][T17877] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 1722.022710][T17877] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm [ 1722.140615][T17650] 8021q: adding VLAN 0 to HW filter on device team0 [ 1722.182391][T13785] bridge0: port 1(bridge_slave_0) entered blocking state [ 1722.189585][T13785] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1722.264442][T13785] bridge0: port 2(bridge_slave_1) entered blocking state [ 1722.271659][T13785] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1722.281193][T17877] BTRFS info (device loop0): enabling ssd optimizations [ 1722.288211][T17877] BTRFS info (device loop0): enabling free space tree [ 1722.381224][T17879] loop8: detected capacity change from 0 to 4096 [ 1722.423142][T17879] ntfs3(loop8): Different NTFS sector size (1024) and media sector size (512). [ 1722.602367][T17879] ntfs3(loop8): $Secure::$SDH is corrupted. [ 1722.677298][T17879] ntfs3(loop8): Failed to initialize $Secure (-22). [ 1722.711577][T17365] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 1722.770055][T17879] overlayfs: overlapping lowerdir path [ 1722.842141][ T51] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 1722.842533][T11838] Bluetooth: hci6: command 0xfc11 tx timeout [ 1724.018861][T17911] netlink: 28 bytes leftover after parsing attributes in process `syz.8.3286'. [ 1724.941899][T17918] 9pnet_fd: Insufficient options for proto=fd [ 1725.298431][T17650] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1729.630808][ T90] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 1729.716746][T17650] veth0_vlan: entered promiscuous mode [ 1729.738440][T17650] veth1_vlan: entered promiscuous mode [ 1729.820843][ T90] usb 4-1: Using ep0 maxpacket: 8 [ 1729.874792][ T90] usb 4-1: config 162 has an invalid interface number: 84 but max is 0 [ 1730.430804][ T90] usb 4-1: config 162 has no interface number 0 [ 1730.457842][ T90] usb 4-1: config 162 interface 84 has no altsetting 0 [ 1730.550976][ T90] usb 4-1: New USB device found, idVendor=0e8d, idProduct=763f, bcdDevice=9b.23 [ 1730.603092][ T90] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1730.661443][ T90] usb 4-1: Product: syz [ 1730.699094][ T90] usb 4-1: Manufacturer: syz [ 1730.732675][ T90] usb 4-1: SerialNumber: syz [ 1731.650859][ T90] usb 4-1: USB disconnect, device number 4 [ 1732.985244][T17650] veth0_macvtap: entered promiscuous mode [ 1733.004302][T17650] veth1_macvtap: entered promiscuous mode [ 1733.043514][T17650] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1733.057062][T17650] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1733.361937][ T5989] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1733.387344][ T5989] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1733.409355][T12134] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1733.440549][T12134] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1733.567356][T17959] Bluetooth: hci6: Frame reassembly failed (-84) [ 1733.592228][T17957] loop1: detected capacity change from 0 to 4096 [ 1733.619387][T17957] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [ 1733.630153][T12134] Bluetooth: hci6: Frame reassembly failed (-84) [ 1733.719244][T17957] ntfs3(loop1): $Secure::$SDH is corrupted. [ 1733.737410][T17957] ntfs3(loop1): Failed to initialize $Secure (-22). [ 1733.795247][T17957] overlayfs: overlapping lowerdir path [ 1735.103915][ T4616] netdevsim netdevsim9 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1736.557221][T11838] Bluetooth: hci6: command 0xfc11 tx timeout [ 1736.560965][ T51] Bluetooth: hci6: Entering manufacturer mode failed (-110) [ 1737.127305][T17973] Bluetooth: hci4: Frame reassembly failed (-84) [ 1737.159062][T17974] Bluetooth: hci7: Frame reassembly failed (-84) [ 1737.628938][ T4616] netdevsim netdevsim9 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1738.022166][ T4616] netdevsim netdevsim9 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1738.203486][ T4616] netdevsim netdevsim9 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1738.282456][ T6033] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 1738.450819][ T6033] usb 4-1: Using ep0 maxpacket: 8 [ 1738.469449][ T6033] usb 4-1: config 162 has an invalid interface number: 84 but max is 0 [ 1738.561950][ T6033] usb 4-1: config 162 has no interface number 0 [ 1738.620130][ T4616] bridge_slave_1: left allmulticast mode [ 1738.627339][ T6033] usb 4-1: config 162 interface 84 has no altsetting 0 [ 1738.651602][T17977] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 1738.662509][T17977] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 1738.672174][T17977] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 1738.680496][ T4616] bridge_slave_1: left promiscuous mode [ 1738.687193][T17977] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 1738.695612][T17977] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 1738.718997][ T4616] bridge0: port 2(bridge_slave_1) entered disabled state [ 1738.730326][ T6033] usb 4-1: New USB device found, idVendor=0e8d, idProduct=763f, bcdDevice=9b.23 [ 1738.739905][ T6033] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1738.749924][ T6033] usb 4-1: Product: syz [ 1738.754562][ T6033] usb 4-1: Manufacturer: syz [ 1738.759384][ T6033] usb 4-1: SerialNumber: syz [ 1738.776992][ T4616] bridge_slave_0: left allmulticast mode [ 1738.783364][ T4616] bridge_slave_0: left promiscuous mode [ 1738.791315][ T4616] bridge0: port 1(bridge_slave_0) entered disabled state [ 1739.016414][ T6033] usb 4-1: USB disconnect, device number 5 [ 1739.345400][ T51] Bluetooth: hci4: Entering manufacturer mode failed (-110) [ 1739.353157][T11838] Bluetooth: hci7: Entering manufacturer mode failed (-110) [ 1739.360872][T16434] Bluetooth: hci7: command 0xfc11 tx timeout [ 1739.480861][T17987] delete_channel: no stack [ 1740.191401][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 1740.198193][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 1740.742361][T11838] Bluetooth: hci6: command tx timeout [ 1741.304670][T18004] 9pnet_fd: Insufficient options for proto=fd [ 1741.953280][T18014] 9pnet_fd: Insufficient options for proto=fd [ 1742.279062][T18012] loop0: detected capacity change from 0 to 4096 [ 1742.347565][T18012] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512). [ 1742.685236][T18012] ntfs3(loop0): $Secure::$SDH is corrupted. [ 1742.777442][T18012] ntfs3(loop0): Failed to initialize $Secure (-22). [ 1742.820893][T11838] Bluetooth: hci6: command tx timeout [ 1742.985511][T18016] overlayfs: overlapping lowerdir path [ 1743.643526][ T4616] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1743.742884][ T4616] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1743.781063][ T4616] bond0 (unregistering): Released all slaves [ 1744.011663][ T4616] hsr_slave_0: left promiscuous mode [ 1744.061272][ T4616] hsr_slave_1: left promiscuous mode [ 1744.108419][ T4616] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1744.166517][ T4616] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1744.215629][ T4616] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1744.259174][ T4616] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1744.413030][ T4616] veth1_macvtap: left promiscuous mode [ 1744.443349][ T4616] veth0_macvtap: left promiscuous mode [ 1744.468055][ T4616] veth1_vlan: left promiscuous mode [ 1744.489754][ T4616] veth0_vlan: left promiscuous mode [ 1744.955788][T11838] Bluetooth: hci6: command tx timeout [ 1746.388998][T18030] netlink: 12 bytes leftover after parsing attributes in process `syz.8.3312'. [ 1746.994286][ T51] Bluetooth: hci6: command tx timeout [ 1747.074316][ T51] Bluetooth: hci5: command 0x0406 tx timeout [ 1747.186516][T18033] loop5: detected capacity change from 0 to 4096 [ 1747.212158][T18033] ntfs3(loop5): Different NTFS sector size (1024) and media sector size (512). [ 1747.305941][T18033] ntfs3(loop5): $Secure::$SDH is corrupted. [ 1747.360067][T18041] 9pnet_fd: Insufficient options for proto=fd [ 1747.474244][T18033] ntfs3(loop5): Failed to initialize $Secure (-22). [ 1748.224618][T18033] overlayfs: missing 'lowerdir' [ 1748.508609][T18044] loop1: detected capacity change from 0 to 1024 [ 1748.522681][T18044] hfsplus: Unknown parameter 'rarrier' [ 1753.225216][T18069] loop0: detected capacity change from 0 to 1024 [ 1753.239653][T18069] hfsplus: Unknown parameter 'rarrier' [ 1753.773805][ T4616] team0 (unregistering): Port device team_slave_1 removed [ 1754.273139][ T4616] team0 (unregistering): Port device team_slave_0 removed [ 1758.026356][T17982] chnl_net:caif_netlink_parms(): no params data found [ 1758.613100][T17982] bridge0: port 1(bridge_slave_0) entered blocking state [ 1758.678640][T17982] bridge0: port 1(bridge_slave_0) entered disabled state [ 1758.710514][T17982] bridge_slave_0: entered allmulticast mode [ 1758.772125][T17982] bridge_slave_0: entered promiscuous mode [ 1758.792941][T17982] bridge0: port 2(bridge_slave_1) entered blocking state [ 1758.800107][T17982] bridge0: port 2(bridge_slave_1) entered disabled state [ 1758.857219][T17982] bridge_slave_1: entered allmulticast mode [ 1758.942216][T17982] bridge_slave_1: entered promiscuous mode [ 1759.792603][T17982] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1759.818297][T17982] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1760.146484][T17982] team0: Port device team_slave_0 added [ 1760.270896][T14851] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 1760.331963][T17982] team0: Port device team_slave_1 added [ 1760.516634][T17982] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1760.533265][T17982] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1760.559641][ C0] vkms_vblank_simulate: vblank timer overrun [ 1760.643121][T17982] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1760.759859][T17982] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1760.767431][T17982] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1760.793390][ C0] vkms_vblank_simulate: vblank timer overrun [ 1760.820733][T14851] usb 1-1: config 0 has an invalid interface number: 117 but max is 0 [ 1760.869160][T14851] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1760.926583][T14851] usb 1-1: config 0 has no interface number 0 [ 1760.945361][T14851] usb 1-1: config 0 interface 117 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0 [ 1760.978523][T14851] usb 1-1: config 0 interface 117 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1761.102723][T14851] usb 1-1: New USB device found, idVendor=0afa, idProduct=03e8, bcdDevice=99.d0 [ 1761.127987][T14851] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1761.157333][T14851] usb 1-1: Product: syz [ 1761.166640][T14851] usb 1-1: Manufacturer: syz [ 1761.200846][T14851] usb 1-1: SerialNumber: syz [ 1761.207769][T17982] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1761.314789][T14851] usb 1-1: config 0 descriptor?? [ 1761.491494][T18127] random: crng reseeded on system resumption [ 1761.572660][T18117] rdma_op ffff88806a8b51f0 conn xmit_rdma 0000000000000000 [ 1761.699209][T17982] hsr_slave_0: entered promiscuous mode [ 1761.700348][T17982] hsr_slave_1: entered promiscuous mode [ 1762.512347][T18132] delete_channel: no stack [ 1764.508816][T14851] usbtouchscreen 1-1:0.117: probe with driver usbtouchscreen failed with error -71 [ 1764.808232][T14851] usb 1-1: USB disconnect, device number 4 [ 1768.251721][T15589] usb 9-1: new high-speed USB device number 62 using dummy_hcd [ 1768.667663][T17982] netdevsim netdevsim9 netdevsim0: renamed from eth0 [ 1768.756116][T15589] usb 9-1: Using ep0 maxpacket: 8 [ 1768.757934][T15589] usb 9-1: config 162 has an invalid interface number: 84 but max is 0 [ 1768.757965][T15589] usb 9-1: config 162 has no interface number 0 [ 1768.758011][T15589] usb 9-1: config 162 interface 84 has no altsetting 0 [ 1768.761257][T15589] usb 9-1: New USB device found, idVendor=0e8d, idProduct=763f, bcdDevice=9b.23 [ 1768.761292][T15589] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1768.761320][T15589] usb 9-1: Product: syz [ 1768.761341][T15589] usb 9-1: Manufacturer: syz [ 1768.761362][T15589] usb 9-1: SerialNumber: syz [ 1768.823413][T17982] netdevsim netdevsim9 netdevsim1: renamed from eth1 [ 1768.858781][T17982] netdevsim netdevsim9 netdevsim2: renamed from eth2 [ 1768.929952][T17982] netdevsim netdevsim9 netdevsim3: renamed from eth3 [ 1769.429641][T15589] usb 9-1: USB disconnect, device number 62 [ 1770.682309][T17982] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1770.742858][T18177] loop3: detected capacity change from 0 to 4096 [ 1770.742990][T17982] 8021q: adding VLAN 0 to HW filter on device team0 [ 1770.820777][T18177] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512). [ 1771.015896][ T5989] bridge0: port 1(bridge_slave_0) entered blocking state [ 1771.023175][ T5989] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1771.048244][T18186] IPVS: lblc: FWM 3 0x00000003 - no destination available [ 1771.369821][T18177] ntfs3(loop3): $Secure::$SDH is corrupted. [ 1771.382257][T18177] ntfs3(loop3): Failed to initialize $Secure (-22). [ 1771.491655][T18190] overlayfs: overlapping lowerdir path [ 1772.062480][ T4616] bridge0: port 2(bridge_slave_1) entered blocking state [ 1772.069669][ T4616] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1774.594323][T18209] loop3: detected capacity change from 0 to 32768 [ 1774.625354][T18209] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.3354 (18209) [ 1774.644039][T18209] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 1774.654194][T18209] BTRFS info (device loop3): using sha256 (sha256-lib) checksum algorithm [ 1774.684699][T17982] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1775.081570][T18209] BTRFS info (device loop3): enabling ssd optimizations [ 1775.088627][T18209] BTRFS info (device loop3): enabling free space tree [ 1777.311615][T17177] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 1783.151020][T18253] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3359'. [ 1783.605839][T17982] veth0_vlan: entered promiscuous mode [ 1783.791523][T17982] veth1_vlan: entered promiscuous mode [ 1784.339007][T17982] veth0_macvtap: entered promiscuous mode [ 1784.513496][T17982] veth1_macvtap: entered promiscuous mode [ 1785.119004][T17982] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1785.282968][T17982] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1785.439220][ T12] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1785.484343][ T12] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1785.517931][ T12] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1785.640295][ T12] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1785.679977][T18276] overlayfs: failed lookup in lower (newroot/714, name='file0', err=-40): overlapping layers [ 1785.833095][T18275] 9pnet_fd: Insufficient options for proto=fd [ 1785.910010][T18281] overlayfs: failed lookup in lower (newroot/714, name='bus', err=-40): overlapping layers [ 1785.924265][T18281] overlayfs: failed lookup in lower (newroot/714, name='bus', err=-40): overlapping layers [ 1786.671940][ T6018] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1786.755547][ T6018] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1786.908964][ T4616] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1787.008184][ T4616] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1787.058112][T18285] 9pnet_fd: Insufficient options for proto=fd [ 1791.250961][T18298] delete_channel: no stack [ 1792.363861][T18301] random: crng reseeded on system resumption [ 1799.480492][ T51] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1799.491903][ T51] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1799.500910][ T51] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1799.621732][ T51] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1799.632437][ T51] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1799.761261][T14851] usb 6-1: new high-speed USB device number 96 using dummy_hcd [ 1800.393521][T14851] usb 6-1: config 0 has an invalid interface number: 117 but max is 0 [ 1800.410810][T14851] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1800.438051][T14851] usb 6-1: config 0 has no interface number 0 [ 1800.539117][T18330] delete_channel: no stack [ 1800.556377][T14851] usb 6-1: config 0 interface 117 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0 [ 1801.305707][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 1801.331137][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 1801.404001][T14851] usb 6-1: config 0 interface 117 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1801.448592][T14851] usb 6-1: New USB device found, idVendor=0afa, idProduct=03e8, bcdDevice=99.d0 [ 1801.540084][T14851] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1801.568207][T14851] usb 6-1: Product: syz [ 1801.576512][T14851] usb 6-1: Manufacturer: syz [ 1801.592113][T14851] usb 6-1: SerialNumber: syz [ 1801.608777][T14851] usb 6-1: config 0 descriptor?? [ 1801.711153][ T51] Bluetooth: hci2: command tx timeout [ 1802.004973][T18321] rdma_op ffff88806ab1d9f0 conn xmit_rdma 0000000000000000 [ 1802.724987][T18322] chnl_net:caif_netlink_parms(): no params data found [ 1803.781137][ T51] Bluetooth: hci2: command tx timeout [ 1804.132776][T18345] loop8: detected capacity change from 0 to 32768 [ 1804.193442][T18345] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop8 (7:8) scanned by syz.8.3380 (18345) [ 1804.215832][T18345] BTRFS info (device loop8): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 1804.226126][T18345] BTRFS info (device loop8): using sha256 (sha256-lib) checksum algorithm [ 1804.253132][T14851] usbtouchscreen 6-1:0.117: probe with driver usbtouchscreen failed with error -71 [ 1804.318384][T14851] usb 6-1: USB disconnect, device number 96 [ 1804.633356][T18345] BTRFS info (device loop8): enabling ssd optimizations [ 1804.640334][T18345] BTRFS info (device loop8): enabling free space tree [ 1805.029584][T18322] bridge0: port 1(bridge_slave_0) entered blocking state [ 1805.036894][T18322] bridge0: port 1(bridge_slave_0) entered disabled state [ 1805.045162][T18322] bridge_slave_0: entered allmulticast mode [ 1805.062848][T18322] bridge_slave_0: entered promiscuous mode [ 1805.086114][T18322] bridge0: port 2(bridge_slave_1) entered blocking state [ 1805.086279][T18322] bridge0: port 2(bridge_slave_1) entered disabled state [ 1805.086501][T18322] bridge_slave_1: entered allmulticast mode [ 1805.088540][T18322] bridge_slave_1: entered promiscuous mode [ 1805.860853][ T51] Bluetooth: hci2: command tx timeout [ 1807.012906][ T8167] BTRFS info (device loop8): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 1807.578763][T18384] random: crng reseeded on system resumption [ 1807.746542][T18322] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1807.857538][T18322] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1807.945201][ T51] Bluetooth: hci2: command tx timeout [ 1809.806994][T18322] team0: Port device team_slave_0 added [ 1809.817939][T18322] team0: Port device team_slave_1 added [ 1809.933728][T18397] delete_channel: no stack [ 1812.080552][T18322] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1812.120114][T18322] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1812.146349][ C0] vkms_vblank_simulate: vblank timer overrun [ 1812.674003][T18322] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1812.752542][T18322] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1812.770647][T18322] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1812.906959][T18322] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1814.106072][T18422] overlay: ./file1 is not a directory [ 1814.250925][T18420] overlayfs: failed lookup in lower (newroot/720, name='bus', err=-40): overlapping layers [ 1814.313980][T18420] overlayfs: failed lookup in lower (newroot/720, name='bus', err=-40): overlapping layers [ 1814.728095][T18429] rdma_op ffff88805977c1f0 conn xmit_rdma 0000000000000000 [ 1814.810776][ T2148] usb 10-1: new high-speed USB device number 2 using dummy_hcd [ 1814.832350][ T43] usb 9-1: new high-speed USB device number 63 using dummy_hcd [ 1814.976238][T18322] hsr_slave_0: entered promiscuous mode [ 1814.977361][T18322] hsr_slave_1: entered promiscuous mode [ 1814.978349][T18322] debugfs: 'hsr0' already exists in 'hsr' [ 1814.978378][T18322] Cannot create hsr debugfs directory [ 1815.091806][ T2148] usb 10-1: config 0 has an invalid interface number: 117 but max is 0 [ 1815.091847][ T2148] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1815.091902][ T2148] usb 10-1: config 0 has no interface number 0 [ 1815.091949][ T2148] usb 10-1: config 0 interface 117 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0 [ 1815.091980][ T2148] usb 10-1: config 0 interface 117 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1815.110350][ T2148] usb 10-1: New USB device found, idVendor=0afa, idProduct=03e8, bcdDevice=99.d0 [ 1815.110424][ T2148] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1815.110463][ T2148] usb 10-1: Product: syz [ 1815.110492][ T2148] usb 10-1: Manufacturer: syz [ 1815.110520][ T2148] usb 10-1: SerialNumber: syz [ 1815.120247][ T2148] usb 10-1: config 0 descriptor?? [ 1815.352682][T18425] rdma_op ffff88802272e1f0 conn xmit_rdma 0000000000000000 [ 1816.914798][T18322] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1817.176989][ T2148] usbtouchscreen 10-1:0.117: probe with driver usbtouchscreen failed with error -71 [ 1817.422351][ T2148] usb 10-1: USB disconnect, device number 2 [ 1817.744628][T18322] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1818.362601][T18322] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1819.617231][T18453] 9pnet_fd: Insufficient options for proto=fd [ 1822.652571][T18322] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1824.393031][T18322] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1824.464405][T18322] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1824.602964][T18322] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1824.724205][T18322] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1825.875844][T18322] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1826.002518][T18322] 8021q: adding VLAN 0 to HW filter on device team0 [ 1826.073839][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 1826.081040][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1826.104606][T18489] overlayfs: failed lookup in lower (newroot/36, name='file0', err=-40): overlapping layers [ 1826.130175][T18491] netlink: 100 bytes leftover after parsing attributes in process `syz.5.3409'. [ 1826.167012][ T6018] bridge0: port 2(bridge_slave_1) entered blocking state [ 1826.174279][ T6018] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1827.436892][T18489] overlayfs: failed lookup in lower (newroot/36, name='bus', err=-40): overlapping layers [ 1827.448970][T18489] overlayfs: failed lookup in lower (newroot/36, name='bus', err=-40): overlapping layers [ 1827.464246][T18489] overlayfs: failed lookup in lower (newroot/36, name='bus', err=-40): overlapping layers [ 1827.506747][T18322] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1827.696957][T18322] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1827.906730][T18503] rdma_op ffff8880684099f0 conn xmit_rdma 0000000000000000 [ 1828.110903][ T2148] usb 10-1: new high-speed USB device number 3 using dummy_hcd [ 1828.302695][T18511] overlayfs: failed lookup in lower (newroot/45, name='file0', err=-40): overlapping layers [ 1828.521818][T18511] overlayfs: failed lookup in lower (newroot/45, name='bus', err=-40): overlapping layers [ 1828.576617][T18512] overlayfs: failed lookup in lower (newroot/45, name='bus', err=-40): overlapping layers [ 1828.664347][T18511] overlayfs: failed lookup in lower (newroot/45, name='bus', err=-40): overlapping layers [ 1828.857258][T18517] 9pnet_fd: Insufficient options for proto=fd [ 1831.011690][T18322] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1831.436028][T18322] veth0_vlan: entered promiscuous mode [ 1831.662596][T18322] veth1_vlan: entered promiscuous mode [ 1832.446373][T18322] veth0_macvtap: entered promiscuous mode [ 1832.467431][T18322] veth1_macvtap: entered promiscuous mode [ 1832.747426][T18322] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1833.008623][T18322] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1833.120314][T18533] loop3: detected capacity change from 0 to 4096 [ 1833.189087][T18533] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512). [ 1833.241326][T15844] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1833.297850][T15844] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1833.372256][T18533] ntfs3(loop3): $Secure::$SDH is corrupted. [ 1833.395060][T15844] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1833.432407][T18533] ntfs3(loop3): Failed to initialize $Secure (-22). [ 1833.593521][T15844] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1833.767446][T18533] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1833.776594][T18533] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 1834.883075][T18552] ubi: mtd0 is already attached to ubi31 [ 1835.640853][T12134] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1835.660119][T12134] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1835.707018][T18554] loop9: detected capacity change from 0 to 256 [ 1835.822574][ T6018] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1835.873041][ T6018] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1836.048873][T18554] FAT-fs (loop9): Directory bread(block 64) failed [ 1836.077434][T18554] FAT-fs (loop9): Directory bread(block 65) failed [ 1836.170929][T18554] FAT-fs (loop9): Directory bread(block 66) failed [ 1836.219034][T18554] FAT-fs (loop9): Directory bread(block 67) failed [ 1836.260879][T18554] FAT-fs (loop9): Directory bread(block 68) failed [ 1836.294734][T18554] FAT-fs (loop9): Directory bread(block 69) failed [ 1836.308434][T18554] FAT-fs (loop9): Directory bread(block 70) failed [ 1836.402060][T18554] FAT-fs (loop9): Directory bread(block 71) failed [ 1836.430168][T18554] FAT-fs (loop9): Directory bread(block 72) failed [ 1836.499277][T18554] FAT-fs (loop9): Directory bread(block 73) failed [ 1838.856662][T18571] 9pnet_fd: Insufficient options for proto=fd [ 1843.500139][T11838] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1843.509866][T11838] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1843.519357][T11838] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1843.691465][T11838] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1843.701115][T11838] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1844.615625][T18594] 9pnet_fd: Insufficient options for proto=fd [ 1845.536365][T18606] overlay: ./file1 is not a directory [ 1845.625659][T18607] overlayfs: failed lookup in lower (newroot/39, name='bus', err=-40): overlapping layers [ 1845.770151][T18605] overlayfs: failed lookup in lower (newroot/39, name='bus', err=-40): overlapping layers [ 1845.872923][T11838] Bluetooth: hci0: command tx timeout [ 1846.421762][T11838] Bluetooth: hci4: command 0xfc11 tx timeout [ 1846.428259][ T51] Bluetooth: hci4: Entering manufacturer mode failed (-110) [ 1846.609487][T18586] chnl_net:caif_netlink_parms(): no params data found [ 1847.132483][T18613] ubi: mtd0 is already attached to ubi31 [ 1847.942309][ T51] Bluetooth: hci0: command tx timeout [ 1849.641325][T18586] bridge0: port 1(bridge_slave_0) entered blocking state [ 1849.871315][T18586] bridge0: port 1(bridge_slave_0) entered disabled state [ 1849.879001][T18586] bridge_slave_0: entered allmulticast mode [ 1849.924419][T18586] bridge_slave_0: entered promiscuous mode [ 1849.963038][T18586] bridge0: port 2(bridge_slave_1) entered blocking state [ 1850.040833][ T51] Bluetooth: hci0: command tx timeout [ 1850.048129][T18586] bridge0: port 2(bridge_slave_1) entered disabled state [ 1850.109074][T18586] bridge_slave_1: entered allmulticast mode [ 1850.123283][T18586] bridge_slave_1: entered promiscuous mode [ 1850.214913][T18626] loop9: detected capacity change from 0 to 4096 [ 1850.319444][T18626] ntfs3(loop9): Different NTFS sector size (1024) and media sector size (512). [ 1850.335718][T18586] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1850.414119][T18586] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1850.518530][T18626] ntfs3(loop9): $Secure::$SDH is corrupted. [ 1850.554055][T18626] ntfs3(loop9): Failed to initialize $Secure (-22). [ 1850.700266][T18626] overlayfs: missing 'lowerdir' [ 1850.715709][T18626] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1851.894162][T18586] team0: Port device team_slave_0 added [ 1852.067190][T18586] team0: Port device team_slave_1 added [ 1852.100797][ T51] Bluetooth: hci0: command tx timeout [ 1852.278754][T18640] loop8: detected capacity change from 0 to 4096 [ 1852.349250][T18640] ntfs3(loop8): Different NTFS sector size (1024) and media sector size (512). [ 1853.745670][T18586] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1853.918467][T18586] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1854.234118][T18640] ntfs3(loop8): $Secure::$SDH is corrupted. [ 1854.334750][T18640] ntfs3(loop8): Failed to initialize $Secure (-22). [ 1854.402787][T18586] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1855.879420][T18586] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1856.283470][T18586] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1856.360752][T18586] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1856.600007][T18586] hsr_slave_0: entered promiscuous mode [ 1856.652369][T18586] hsr_slave_1: entered promiscuous mode [ 1856.672029][T18586] debugfs: 'hsr0' already exists in 'hsr' [ 1856.677828][T18586] Cannot create hsr debugfs directory [ 1858.143927][T18670] 9pnet_fd: Insufficient options for proto=fd [ 1859.537169][T18586] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1859.780976][ T51] Bluetooth: hci4: Entering manufacturer mode failed (-110) [ 1859.781050][T11838] Bluetooth: hci4: command 0xfc11 tx timeout [ 1862.636927][T18586] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1862.686057][T18687] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3455'. [ 1862.752425][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 1862.758764][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 1863.584671][T18586] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1863.613219][T18696] overlayfs: failed lookup in lower (newroot/21, name='file0', err=-40): overlapping layers [ 1863.736185][T18693] overlayfs: failed lookup in lower (newroot/21, name='bus', err=-40): overlapping layers [ 1863.847264][T18695] loop0: detected capacity change from 0 to 4096 [ 1863.892061][T18586] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1863.911338][T18697] overlayfs: failed lookup in lower (newroot/21, name='bus', err=-40): overlapping layers [ 1863.975342][T18695] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512). [ 1864.048714][T18695] ntfs3(loop0): $Secure::$SDH is corrupted. [ 1864.064772][T18695] ntfs3(loop0): Failed to initialize $Secure (-22). [ 1864.087594][T18695] overlayfs: missing 'lowerdir' [ 1864.135622][T18693] overlayfs: failed lookup in lower (newroot/21, name='bus', err=-40): overlapping layers [ 1864.158981][T18695] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1864.818397][T18586] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 1864.828084][T11838] Bluetooth: hci6: command 0x0406 tx timeout [ 1864.964157][T18586] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 1865.214473][T18586] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 1865.329162][T18586] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 1865.741684][T18711] overlay: ./file1 is not a directory [ 1865.793206][T18710] overlayfs: failed lookup in lower (newroot/9, name='bus', err=-40): overlapping layers [ 1867.248743][T18586] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1867.251259][T18710] overlayfs: failed lookup in lower (newroot/9, name='bus', err=-40): overlapping layers [ 1867.745486][T18586] 8021q: adding VLAN 0 to HW filter on device team0 [ 1867.928407][ T1145] bridge0: port 1(bridge_slave_0) entered blocking state [ 1867.935651][ T1145] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1869.054047][ T1145] bridge0: port 2(bridge_slave_1) entered blocking state [ 1869.061282][ T1145] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1869.385307][T18586] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1869.500828][ T5932] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 1869.938058][T18741] Bluetooth: hci4: Frame reassembly failed (-84) [ 1869.970843][ T5932] usb 1-1: Using ep0 maxpacket: 8 [ 1870.653171][ T5932] usb 1-1: config 162 has an invalid interface number: 84 but max is 0 [ 1870.683138][ T5932] usb 1-1: config 162 has no interface number 0 [ 1872.023069][ T51] Bluetooth: hci4: Entering manufacturer mode failed (-110) [ 1872.060801][ T5932] usb 1-1: config 162 interface 84 has no altsetting 0 [ 1872.096714][ T5932] usb 1-1: New USB device found, idVendor=0e8d, idProduct=763f, bcdDevice=9b.23 [ 1872.161333][ T5932] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1872.210779][ T5932] usb 1-1: Product: syz [ 1872.230951][ T5932] usb 1-1: Manufacturer: syz [ 1872.244122][ T5932] usb 1-1: SerialNumber: syz [ 1872.286415][ T5932] usb 1-1: can't set config #162, error -71 [ 1872.471488][T18747] netlink: 36 bytes leftover after parsing attributes in process `syz.9.3467'. [ 1872.525168][ T5932] usb 1-1: USB disconnect, device number 5 [ 1873.832607][T18762] 9pnet_fd: Insufficient options for proto=fd [ 1874.196126][T18586] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1875.032585][T18776] netlink: 40 bytes leftover after parsing attributes in process `syz.9.3473'. [ 1875.704282][T18775] overlayfs: failed lookup in lower (newroot/10, name='file0', err=-40): overlapping layers [ 1876.772695][T18784] overlayfs: failed lookup in lower (newroot/10, name='bus', err=-40): overlapping layers [ 1876.906472][T18775] overlayfs: failed lookup in lower (newroot/10, name='bus', err=-40): overlapping layers [ 1877.069579][T18784] overlayfs: failed lookup in lower (newroot/10, name='bus', err=-40): overlapping layers [ 1882.232307][T18586] veth0_vlan: entered promiscuous mode [ 1882.434563][T18586] veth1_vlan: entered promiscuous mode [ 1882.979643][T18586] veth0_macvtap: entered promiscuous mode [ 1883.854424][T18586] veth1_macvtap: entered promiscuous mode [ 1884.247817][T18586] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1884.562742][T18586] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1884.690871][T18822] ubi: mtd0 is already attached to ubi31 [ 1885.397618][ T6018] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1885.410837][ T6018] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1885.419539][ T6018] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1885.560851][ T6018] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1885.803912][T18820] loop8: detected capacity change from 0 to 4096 [ 1885.893997][T18820] ntfs3(loop8): Different NTFS sector size (1024) and media sector size (512). [ 1886.045416][T18820] ntfs3(loop8): $Secure::$SDH is corrupted. [ 1886.103180][T18820] ntfs3(loop8): Failed to initialize $Secure (-22). [ 1886.181208][ T6018] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1886.189368][ T6018] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1886.257757][T18820] overlay: Unknown parameter '//bus' [ 1886.317182][T18835] 9pnet_fd: Insufficient options for proto=fd [ 1887.521747][ T1145] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1887.529582][ T1145] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1887.611746][T18845] netlink: 36 bytes leftover after parsing attributes in process `syz.9.3487'. [ 1887.626216][T18833] overlayfs: failed lookup in lower (newroot/59, name='file0', err=-40): overlapping layers [ 1887.656312][T18833] overlayfs: failed lookup in lower (newroot/59, name='bus', err=-40): overlapping layers [ 1887.669150][T18833] overlayfs: failed lookup in lower (newroot/59, name='bus', err=-40): overlapping layers [ 1887.727962][T18837] overlayfs: failed lookup in lower (newroot/59, name='bus', err=-40): overlapping layers [ 1894.297169][T18873] 9pnet_fd: Insufficient options for proto=fd [ 1895.806219][T18886] delete_channel: no stack [ 1896.698400][T18882] overlayfs: failed lookup in lower (newroot/55, name='bus', err=-40): overlapping layers [ 1896.801170][T18881] overlayfs: failed lookup in lower (newroot/55, name='bus', err=-40): overlapping layers [ 1896.869126][T18882] overlayfs: failed lookup in lower (newroot/55, name='bus', err=-40): overlapping layers [ 1899.114748][T18898] loop8: detected capacity change from 0 to 4096 [ 1899.195738][T18898] ntfs3(loop8): Different NTFS sector size (1024) and media sector size (512). [ 1899.702594][T18898] ntfs3(loop8): $Secure::$SDH is corrupted. [ 1899.723027][T18898] ntfs3(loop8): Failed to initialize $Secure (-22). [ 1899.907651][T18898] overlay: Unknown parameter '//bus' [ 1899.924378][T18898] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 1902.724925][T18913] overlayfs: failed lookup in lower (newroot/30, name='file0', err=-40): overlapping layers [ 1902.745571][T18913] overlayfs: failed lookup in lower (newroot/30, name='bus', err=-40): overlapping layers [ 1902.758273][T18913] overlayfs: failed lookup in lower (newroot/30, name='bus', err=-40): overlapping layers [ 1902.787990][T18913] overlayfs: failed lookup in lower (newroot/30, name='bus', err=-40): overlapping layers [ 1908.016235][T18944] random: crng reseeded on system resumption [ 1910.164947][T18955] 9pnet_fd: Insufficient options for proto=fd [ 1919.312789][ T4616] bridge_slave_1: left allmulticast mode [ 1919.349185][ T4616] bridge_slave_1: left promiscuous mode [ 1919.397489][ T4616] bridge0: port 2(bridge_slave_1) entered disabled state [ 1919.995608][ T4616] bridge_slave_0: left allmulticast mode [ 1920.083525][ T4616] bridge_slave_0: left promiscuous mode [ 1920.202499][ T4616] bridge0: port 1(bridge_slave_0) entered disabled state [ 1922.502472][T19022] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3528'. [ 1924.189852][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 1924.214708][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 1924.843733][T19037] Bluetooth: hci4: Frame reassembly failed (-84) [ 1926.149238][T19043] 9pnet_fd: Insufficient options for proto=fd [ 1926.261271][T16434] Bluetooth: hci2: command 0x0406 tx timeout [ 1926.900827][ T51] Bluetooth: hci4: command 0xfc11 tx timeout [ 1926.900863][T11838] Bluetooth: hci4: Entering manufacturer mode failed (-110) [ 1933.171425][ T4616] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1933.252739][ T4616] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1933.266706][ T4616] bond0 (unregistering): Released all slaves [ 1938.114590][ T4616] hsr_slave_0: left promiscuous mode [ 1938.155406][ T4616] hsr_slave_1: left promiscuous mode [ 1938.201705][ T4616] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1938.260890][ T4616] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1938.356776][ T4616] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1938.389340][ T4616] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1939.221337][T19102] delete_channel: no stack [ 1939.705252][ T4616] veth1_macvtap: left promiscuous mode [ 1939.730851][ T4616] veth0_macvtap: left promiscuous mode [ 1939.741272][ T4616] veth1_vlan: left promiscuous mode [ 1939.800958][ T4616] veth0_vlan: left promiscuous mode [ 1940.557917][T19107] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3549'. [ 1944.082704][T19131] Bluetooth: hci4: Frame reassembly failed (-84) [ 1946.181123][T11838] Bluetooth: hci4: Entering manufacturer mode failed (-110) [ 1946.620807][T18436] usb 6-1: new high-speed USB device number 97 using dummy_hcd [ 1947.665997][T18436] usb 6-1: config 0 has an invalid interface number: 117 but max is 0 [ 1947.761144][T18436] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1947.781718][T18436] usb 6-1: config 0 has no interface number 0 [ 1947.787925][T18436] usb 6-1: config 0 interface 117 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0 [ 1947.799746][T18436] usb 6-1: config 0 interface 117 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1947.873001][T18436] usb 6-1: New USB device found, idVendor=0afa, idProduct=03e8, bcdDevice=99.d0 [ 1948.080083][T18436] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1948.310982][T18436] usb 6-1: Product: syz [ 1948.319173][T18436] usb 6-1: Manufacturer: syz [ 1948.354741][T18436] usb 6-1: SerialNumber: syz [ 1948.518895][T19155] netlink: 56 bytes leftover after parsing attributes in process `syz.8.3562'. [ 1948.882421][T18436] usb 6-1: config 0 descriptor?? [ 1949.225182][T18436] usbtouchscreen 6-1:0.117: probe with driver usbtouchscreen failed with error -71 [ 1949.333152][T18436] usb 6-1: USB disconnect, device number 97 [ 1952.442290][ T4616] team0 (unregistering): Port device team_slave_1 removed [ 1954.815912][ T4616] team0 (unregistering): Port device team_slave_0 removed [ 1956.380533][T19195] netlink: 20 bytes leftover after parsing attributes in process `syz.9.3572'. [ 1957.264401][T19199] Bluetooth: hci4: Frame reassembly failed (-84) [ 1959.380913][ T51] Bluetooth: hci4: Entering manufacturer mode failed (-110) [ 1959.388696][T11838] Bluetooth: hci4: command 0xfc11 tx timeout [ 1963.648296][T19224] netlink: 100 bytes leftover after parsing attributes in process `syz.9.3581'. [ 1964.326485][T11838] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1964.336826][T11838] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1964.349953][T11838] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1964.561895][T11838] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1964.573038][T11838] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1966.721714][T19245] random: crng reseeded on system resumption [ 1966.759628][T16434] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 1966.770141][T16434] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 1966.782941][T16434] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 1966.811627][T16434] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 1966.821027][T16434] Bluetooth: hci4: command tx timeout [ 1966.821877][T17977] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 1967.084023][T19252] overlayfs: failed to resolve './file1': -2 [ 1967.109706][T19250] overlayfs: workdir and upperdir must be separate subtrees [ 1967.221836][T17977] Bluetooth: hci0: command 0x0406 tx timeout [ 1969.040957][T11838] Bluetooth: hci7: command tx timeout [ 1969.047602][T11838] Bluetooth: hci4: command tx timeout [ 1969.270818][ T8417] ================================================================== [ 1969.278931][ T8417] BUG: KASAN: slab-use-after-free in __mutex_lock+0xe8a/0x1060 [ 1969.286498][ T8417] Read of size 8 at addr ffff8880525c80a0 by task khidpd_16bf5505/8417 [ 1969.294744][ T8417] [ 1969.297070][ T8417] CPU: 1 UID: 0 PID: 8417 Comm: khidpd_16bf5505 Not tainted syzkaller #0 PREEMPT(full) [ 1969.297111][ T8417] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 1969.297133][ T8417] Call Trace: [ 1969.297144][ T8417] [ 1969.297156][ T8417] dump_stack_lvl+0x116/0x1f0 [ 1969.297212][ T8417] print_report+0xcd/0x630 [ 1969.297243][ T8417] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1969.297284][ T8417] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1969.297325][ T8417] ? __phys_addr+0xe8/0x180 [ 1969.297372][ T8417] ? __mutex_lock+0xe8a/0x1060 [ 1969.297401][ T8417] kasan_report+0xe0/0x110 [ 1969.297433][ T8417] ? __mutex_lock+0xe8a/0x1060 [ 1969.297468][ T8417] ? l2cap_unregister_user+0x71/0x240 [ 1969.297523][ T8417] __mutex_lock+0xe8a/0x1060 [ 1969.297552][ T8417] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1969.297592][ T8417] ? __lock_acquire+0x107f/0x1ce0 [ 1969.297644][ T8417] ? l2cap_unregister_user+0x71/0x240 [ 1969.297703][ T8417] ? __pfx___mutex_lock+0x10/0x10 [ 1969.297734][ T8417] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1969.297774][ T8417] ? lockdep_hardirqs_on+0x7c/0x110 [ 1969.297827][ T8417] ? preempt_schedule_thunk+0x16/0x30 [ 1969.297884][ T8417] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1969.297925][ T8417] ? preempt_schedule_thunk+0x16/0x30 [ 1969.297977][ T8417] ? l2cap_unregister_user+0x71/0x240 [ 1969.298030][ T8417] l2cap_unregister_user+0x71/0x240 [ 1969.298088][ T8417] hidp_session_thread+0x45e/0x660 [ 1969.298131][ T8417] ? __pfx_hidp_session_thread+0x10/0x10 [ 1969.298173][ T8417] ? __pfx_hidp_session_wake_function+0x10/0x10 [ 1969.298217][ T8417] ? __pfx_hidp_session_wake_function+0x10/0x10 [ 1969.298256][ T8417] ? lockdep_hardirqs_on+0x7c/0x110 [ 1969.298307][ T8417] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1969.298348][ T8417] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1969.298389][ T8417] ? __kthread_parkme+0x19e/0x250 [ 1969.298439][ T8417] ? __pfx_hidp_session_thread+0x10/0x10 [ 1969.298480][ T8417] kthread+0x3c5/0x780 [ 1969.298513][ T8417] ? __pfx_kthread+0x10/0x10 [ 1969.298546][ T8417] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1969.298587][ T8417] ? rcu_is_watching+0x12/0xc0 [ 1969.298629][ T8417] ? __pfx_kthread+0x10/0x10 [ 1969.298663][ T8417] ret_from_fork+0x56d/0x730 [ 1969.298694][ T8417] ? __pfx_kthread+0x10/0x10 [ 1969.298727][ T8417] ret_from_fork_asm+0x1a/0x30 [ 1969.298778][ T8417] [ 1969.298790][ T8417] [ 1969.525445][ T8417] Allocated by task 8167: [ 1969.529774][ T8417] kasan_save_stack+0x33/0x60 [ 1969.534475][ T8417] kasan_save_track+0x14/0x30 [ 1969.539172][ T8417] __kasan_kmalloc+0xaa/0xb0 [ 1969.543966][ T8417] __kmalloc_noprof+0x223/0x510 [ 1969.548838][ T8417] hci_alloc_dev_priv+0x1d/0x28a0 [ 1969.553885][ T8417] __vhci_create_device+0xf0/0x880 [ 1969.559019][ T8417] vhci_write+0x2c0/0x480 [ 1969.563367][ T8417] vfs_write+0x7d3/0x11d0 [ 1969.567716][ T8417] ksys_write+0x12a/0x250 [ 1969.572153][ T8417] do_syscall_64+0xcd/0x4e0 [ 1969.576660][ T8417] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1969.582554][ T8417] [ 1969.584874][ T8417] Freed by task 19155: [ 1969.588929][ T8417] kasan_save_stack+0x33/0x60 [ 1969.593713][ T8417] kasan_save_track+0x14/0x30 [ 1969.598410][ T8417] kasan_save_free_info+0x3b/0x60 [ 1969.603447][ T8417] __kasan_slab_free+0x60/0x70 [ 1969.608232][ T8417] kfree+0x2b4/0x4d0 [ 1969.612137][ T8417] hci_release_dev+0x4ef/0x610 [ 1969.616908][ T8417] bt_host_release+0x6a/0xb0 [ 1969.621516][ T8417] device_release+0xa4/0x240 [ 1969.626121][ T8417] kobject_put+0x1e7/0x5a0 [ 1969.630537][ T8417] put_device+0x1f/0x30 [ 1969.634700][ T8417] vhci_release+0x185/0x230 [ 1969.639220][ T8417] __fput+0x402/0xb70 [ 1969.643207][ T8417] task_work_run+0x150/0x240 [ 1969.647801][ T8417] do_exit+0x86f/0x2bf0 [ 1969.651982][ T8417] do_group_exit+0xd3/0x2a0 [ 1969.656505][ T8417] get_signal+0x2673/0x26d0 [ 1969.661021][ T8417] arch_do_signal_or_restart+0x8f/0x7d0 [ 1969.666578][ T8417] exit_to_user_mode_loop+0x84/0x110 [ 1969.671875][ T8417] do_syscall_64+0x41c/0x4e0 [ 1969.676475][ T8417] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1969.682375][ T8417] [ 1969.684689][ T8417] Last potentially related work creation: [ 1969.690404][ T8417] kasan_save_stack+0x33/0x60 [ 1969.695107][ T8417] kasan_record_aux_stack+0xa7/0xc0 [ 1969.700317][ T8417] insert_work+0x36/0x230 [ 1969.704650][ T8417] __queue_work+0x3f8/0x1160 [ 1969.709247][ T8417] queue_work_on+0x1a4/0x1f0 [ 1969.713929][ T8417] process_one_work+0x9cf/0x1b70 [ 1969.718878][ T8417] worker_thread+0x6c8/0xf10 [ 1969.723475][ T8417] kthread+0x3c5/0x780 [ 1969.727546][ T8417] ret_from_fork+0x56d/0x730 [ 1969.732138][ T8417] ret_from_fork_asm+0x1a/0x30 [ 1969.736911][ T8417] [ 1969.739222][ T8417] Second to last potentially related work creation: [ 1969.745793][ T8417] kasan_save_stack+0x33/0x60 [ 1969.750495][ T8417] kasan_record_aux_stack+0xa7/0xc0 [ 1969.755704][ T8417] insert_work+0x36/0x230 [ 1969.760036][ T8417] __queue_work+0x97e/0x1160 [ 1969.764631][ T8417] call_timer_fn+0x19a/0x620 [ 1969.769244][ T8417] __run_timers+0x569/0x960 [ 1969.773770][ T8417] run_timer_base+0x114/0x190 [ 1969.779251][ T8417] run_timer_softirq+0x1a/0x40 [ 1969.784040][ T8417] handle_softirqs+0x219/0x8e0 [ 1969.788818][ T8417] __irq_exit_rcu+0x109/0x170 [ 1969.793518][ T8417] irq_exit_rcu+0x9/0x30 [ 1969.797771][ T8417] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 1969.803431][ T8417] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1969.809420][ T8417] [ 1969.811735][ T8417] The buggy address belongs to the object at ffff8880525c8000 [ 1969.811735][ T8417] which belongs to the cache kmalloc-8k of size 8192 [ 1969.825791][ T8417] The buggy address is located 160 bytes inside of [ 1969.825791][ T8417] freed 8192-byte region [ffff8880525c8000, ffff8880525ca000) [ 1969.839681][ T8417] [ 1969.842007][ T8417] The buggy address belongs to the physical page: [ 1969.848409][ T8417] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x525c8 [ 1969.857178][ T8417] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 1969.865676][ T8417] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 1969.873306][ T8417] page_type: f5(slab) [ 1969.877297][ T8417] raw: 00fff00000000040 ffff88801b842280 dead000000000100 dead000000000122 [ 1969.885903][ T8417] raw: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000 [ 1969.894498][ T8417] head: 00fff00000000040 ffff88801b842280 dead000000000100 dead000000000122 [ 1969.903175][ T8417] head: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000 [ 1969.911940][ T8417] head: 00fff00000000003 ffffea0001497201 00000000ffffffff 00000000ffffffff [ 1969.920788][ T8417] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 1969.929450][ T8417] page dumped because: kasan: bad access detected [ 1969.935849][ T8417] page_owner tracks the page as allocated [ 1969.941556][ T8417] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x528c0(GFP_NOWAIT|__GFP_IO|__GFP_FS|__GFP_NORETRY|__GFP_COMP), pid 5871, tgid 5871 (syz-executor), ts 113334042337, free_ts 36683457965 [ 1969.961368][ T8417] post_alloc_hook+0x1c0/0x230 [ 1969.966152][ T8417] get_page_from_freelist+0x132b/0x38e0 [ 1969.971719][ T8417] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 1969.977631][ T8417] alloc_pages_mpol+0x1fb/0x550 [ 1969.982481][ T8417] new_slab+0x247/0x330 [ 1969.986650][ T8417] ___slab_alloc+0xcf2/0x1750 [ 1969.991342][ T8417] __slab_alloc.constprop.0+0x56/0xb0 [ 1969.996728][ T8417] __kvmalloc_node_noprof+0x3b1/0x620 [ 1970.002116][ T8417] pfifo_fast_init+0x125/0x3b0 [ 1970.006896][ T8417] qdisc_create_dflt+0x125/0x490 [ 1970.011852][ T8417] dev_activate+0x63f/0x12d0 [ 1970.016465][ T8417] __dev_open+0x432/0x7c0 [ 1970.020811][ T8417] __dev_change_flags+0x55d/0x720 [ 1970.025884][ T8417] netif_change_flags+0x8d/0x160 [ 1970.030936][ T8417] do_setlink.constprop.0+0xb53/0x4380 [ 1970.036419][ T8417] rtnl_newlink+0x1446/0x2000 [ 1970.041117][ T8417] page last free pid 1 tgid 1 stack trace: [ 1970.046914][ T8417] __free_frozen_pages+0x7d5/0x10f0 [ 1970.052125][ T8417] free_contig_range+0x183/0x4b0 [ 1970.057075][ T8417] destroy_args+0x794/0xc10 [ 1970.061583][ T8417] debug_vm_pgtable+0x1a32/0x3640 [ 1970.066792][ T8417] do_one_initcall+0x123/0x6e0 [ 1970.071570][ T8417] kernel_init_freeable+0x5c2/0x910 [ 1970.076787][ T8417] kernel_init+0x1c/0x2b0 [ 1970.081127][ T8417] ret_from_fork+0x56d/0x730 [ 1970.085772][ T8417] ret_from_fork_asm+0x1a/0x30 [ 1970.090547][ T8417] [ 1970.092860][ T8417] Memory state around the buggy address: [ 1970.098576][ T8417] ffff8880525c7f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1970.106634][ T8417] ffff8880525c8000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1970.114692][ T8417] >ffff8880525c8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1970.122745][ T8417] ^ [ 1970.127846][ T8417] ffff8880525c8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1970.135909][ T8417] ffff8880525c8180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1970.143962][ T8417] ================================================================== [ 1970.153330][ T8417] Disabling lock debugging due to kernel taint [ 1970.159485][ T8417] ================================================================== [ 1970.167565][ T8417] BUG: KASAN: slab-use-after-free in do_raw_spin_lock+0x26f/0x2b0 [ 1970.175393][ T8417] Read of size 4 at addr ffff8880525c805c by task khidpd_16bf5505/8417 [ 1970.184321][ T8417] [ 1970.186654][ T8417] CPU: 1 UID: 0 PID: 8417 Comm: khidpd_16bf5505 Tainted: G B syzkaller #0 PREEMPT(full) [ 1970.186711][ T8417] Tainted: [B]=BAD_PAGE [ 1970.186725][ T8417] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 1970.186749][ T8417] Call Trace: [ 1970.186762][ T8417] [ 1970.186776][ T8417] dump_stack_lvl+0x116/0x1f0 [ 1970.186836][ T8417] print_report+0xcd/0x630 [ 1970.186878][ T8417] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1970.186924][ T8417] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1970.186969][ T8417] ? __phys_addr+0xe8/0x180 [ 1970.187023][ T8417] ? do_raw_spin_lock+0x26f/0x2b0 [ 1970.187062][ T8417] kasan_report+0xe0/0x110 [ 1970.187098][ T8417] ? do_raw_spin_lock+0x26f/0x2b0 [ 1970.187144][ T8417] ? l2cap_unregister_user+0x71/0x240 [ 1970.187206][ T8417] do_raw_spin_lock+0x26f/0x2b0 [ 1970.187246][ T8417] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1970.187292][ T8417] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 1970.187333][ T8417] ? lock_acquire+0x2cd/0x350 [ 1970.187392][ T8417] ? __mutex_lock+0xe8a/0x1060 [ 1970.187431][ T8417] _raw_spin_lock_irqsave+0x42/0x60 [ 1970.187482][ T8417] ? __mutex_lock+0x854/0x1060 [ 1970.187515][ T8417] __mutex_lock+0x854/0x1060 [ 1970.187547][ T8417] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1970.187592][ T8417] ? __lock_acquire+0x107f/0x1ce0 [ 1970.187648][ T8417] ? l2cap_unregister_user+0x71/0x240 [ 1970.187715][ T8417] ? __pfx___mutex_lock+0x10/0x10 [ 1970.187749][ T8417] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1970.187794][ T8417] ? lockdep_hardirqs_on+0x7c/0x110 [ 1970.187851][ T8417] ? preempt_schedule_thunk+0x16/0x30 [ 1970.187918][ T8417] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1970.187963][ T8417] ? preempt_schedule_thunk+0x16/0x30 [ 1970.188020][ T8417] ? l2cap_unregister_user+0x71/0x240 [ 1970.188081][ T8417] l2cap_unregister_user+0x71/0x240 [ 1970.188144][ T8417] hidp_session_thread+0x45e/0x660 [ 1970.188191][ T8417] ? __pfx_hidp_session_thread+0x10/0x10 [ 1970.188240][ T8417] ? __pfx_hidp_session_wake_function+0x10/0x10 [ 1970.188288][ T8417] ? __pfx_hidp_session_wake_function+0x10/0x10 [ 1970.188333][ T8417] ? lockdep_hardirqs_on+0x7c/0x110 [ 1970.188390][ T8417] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1970.188436][ T8417] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1970.188481][ T8417] ? __kthread_parkme+0x19e/0x250 [ 1970.188538][ T8417] ? __pfx_hidp_session_thread+0x10/0x10 [ 1970.188584][ T8417] kthread+0x3c5/0x780 [ 1970.188620][ T8417] ? __pfx_kthread+0x10/0x10 [ 1970.188658][ T8417] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1970.188703][ T8417] ? rcu_is_watching+0x12/0xc0 [ 1970.188750][ T8417] ? __pfx_kthread+0x10/0x10 [ 1970.188788][ T8417] ret_from_fork+0x56d/0x730 [ 1970.188823][ T8417] ? __pfx_kthread+0x10/0x10 [ 1970.188859][ T8417] ret_from_fork_asm+0x1a/0x30 [ 1970.188923][ T8417] [ 1970.188936][ T8417] [ 1970.455645][ T8417] Allocated by task 8167: [ 1970.459961][ T8417] kasan_save_stack+0x33/0x60 [ 1970.464656][ T8417] kasan_save_track+0x14/0x30 [ 1970.469351][ T8417] __kasan_kmalloc+0xaa/0xb0 [ 1970.473953][ T8417] __kmalloc_noprof+0x223/0x510 [ 1970.478824][ T8417] hci_alloc_dev_priv+0x1d/0x28a0 [ 1970.483860][ T8417] __vhci_create_device+0xf0/0x880 [ 1970.488992][ T8417] vhci_write+0x2c0/0x480 [ 1970.493334][ T8417] vfs_write+0x7d3/0x11d0 [ 1970.497712][ T8417] ksys_write+0x12a/0x250 [ 1970.502062][ T8417] do_syscall_64+0xcd/0x4e0 [ 1970.506554][ T8417] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1970.512806][ T8417] [ 1970.515123][ T8417] Freed by task 19155: [ 1970.519185][ T8417] kasan_save_stack+0x33/0x60 [ 1970.523885][ T8417] kasan_save_track+0x14/0x30 [ 1970.528579][ T8417] kasan_save_free_info+0x3b/0x60 [ 1970.533623][ T8417] __kasan_slab_free+0x60/0x70 [ 1970.538405][ T8417] kfree+0x2b4/0x4d0 [ 1970.542308][ T8417] hci_release_dev+0x4ef/0x610 [ 1970.547078][ T8417] bt_host_release+0x6a/0xb0 [ 1970.551709][ T8417] device_release+0xa4/0x240 [ 1970.556295][ T8417] kobject_put+0x1e7/0x5a0 [ 1970.560714][ T8417] put_device+0x1f/0x30 [ 1970.564892][ T8417] vhci_release+0x185/0x230 [ 1970.569406][ T8417] __fput+0x402/0xb70 [ 1970.573475][ T8417] task_work_run+0x150/0x240 [ 1970.578069][ T8417] do_exit+0x86f/0x2bf0 [ 1970.582249][ T8417] do_group_exit+0xd3/0x2a0 [ 1970.586965][ T8417] get_signal+0x2673/0x26d0 [ 1970.591480][ T8417] arch_do_signal_or_restart+0x8f/0x7d0 [ 1970.597037][ T8417] exit_to_user_mode_loop+0x84/0x110 [ 1970.602317][ T8417] do_syscall_64+0x41c/0x4e0 [ 1970.607080][ T8417] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1970.612975][ T8417] [ 1970.615287][ T8417] Last potentially related work creation: [ 1970.621137][ T8417] kasan_save_stack+0x33/0x60 [ 1970.625857][ T8417] kasan_record_aux_stack+0xa7/0xc0 [ 1970.631065][ T8417] insert_work+0x36/0x230 [ 1970.635394][ T8417] __queue_work+0x3f8/0x1160 [ 1970.639983][ T8417] queue_work_on+0x1a4/0x1f0 [ 1970.644575][ T8417] process_one_work+0x9cf/0x1b70 [ 1970.649514][ T8417] worker_thread+0x6c8/0xf10 [ 1970.654107][ T8417] kthread+0x3c5/0x780 [ 1970.658175][ T8417] ret_from_fork+0x56d/0x730 [ 1970.662763][ T8417] ret_from_fork_asm+0x1a/0x30 [ 1970.667537][ T8417] [ 1970.669844][ T8417] Second to last potentially related work creation: [ 1970.676421][ T8417] kasan_save_stack+0x33/0x60 [ 1970.681205][ T8417] kasan_record_aux_stack+0xa7/0xc0 [ 1970.686414][ T8417] insert_work+0x36/0x230 [ 1970.690748][ T8417] __queue_work+0x97e/0x1160 [ 1970.695355][ T8417] call_timer_fn+0x19a/0x620 [ 1970.699960][ T8417] __run_timers+0x569/0x960 [ 1970.704474][ T8417] run_timer_base+0x114/0x190 [ 1970.709172][ T8417] run_timer_softirq+0x1a/0x40 [ 1970.713954][ T8417] handle_softirqs+0x219/0x8e0 [ 1970.718725][ T8417] __irq_exit_rcu+0x109/0x170 [ 1970.723406][ T8417] irq_exit_rcu+0x9/0x30 [ 1970.727654][ T8417] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 1970.733301][ T8417] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1970.739284][ T8417] [ 1970.741592][ T8417] The buggy address belongs to the object at ffff8880525c8000 [ 1970.741592][ T8417] which belongs to the cache kmalloc-8k of size 8192 [ 1970.755640][ T8417] The buggy address is located 92 bytes inside of [ 1970.755640][ T8417] freed 8192-byte region [ffff8880525c8000, ffff8880525ca000) [ 1970.769436][ T8417] [ 1970.771749][ T8417] The buggy address belongs to the physical page: [ 1970.778230][ T8417] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x525c8 [ 1970.786983][ T8417] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 1970.795475][ T8417] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 1970.803014][ T8417] page_type: f5(slab) [ 1970.807028][ T8417] raw: 00fff00000000040 ffff88801b842280 dead000000000100 dead000000000122 [ 1970.815608][ T8417] raw: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000 [ 1970.824197][ T8417] head: 00fff00000000040 ffff88801b842280 dead000000000100 dead000000000122 [ 1970.833042][ T8417] head: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000 [ 1970.841715][ T8417] head: 00fff00000000003 ffffea0001497201 00000000ffffffff 00000000ffffffff [ 1970.850388][ T8417] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 1970.859044][ T8417] page dumped because: kasan: bad access detected [ 1970.865444][ T8417] page_owner tracks the page as allocated [ 1970.871145][ T8417] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x528c0(GFP_NOWAIT|__GFP_IO|__GFP_FS|__GFP_NORETRY|__GFP_COMP), pid 5871, tgid 5871 (syz-executor), ts 113334042337, free_ts 36683457965 [ 1970.891045][ T8417] post_alloc_hook+0x1c0/0x230 [ 1970.895825][ T8417] get_page_from_freelist+0x132b/0x38e0 [ 1970.901397][ T8417] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 1970.907378][ T8417] alloc_pages_mpol+0x1fb/0x550 [ 1970.912225][ T8417] new_slab+0x247/0x330 [ 1970.916389][ T8417] ___slab_alloc+0xcf2/0x1750 [ 1970.921160][ T8417] __slab_alloc.constprop.0+0x56/0xb0 [ 1970.926541][ T8417] __kvmalloc_node_noprof+0x3b1/0x620 [ 1970.931930][ T8417] pfifo_fast_init+0x125/0x3b0 [ 1970.936707][ T8417] qdisc_create_dflt+0x125/0x490 [ 1970.941656][ T8417] dev_activate+0x63f/0x12d0 [ 1970.946264][ T8417] __dev_open+0x432/0x7c0 [ 1970.950605][ T8417] __dev_change_flags+0x55d/0x720 [ 1970.955645][ T8417] netif_change_flags+0x8d/0x160 [ 1970.960604][ T8417] do_setlink.constprop.0+0xb53/0x4380 [ 1970.966081][ T8417] rtnl_newlink+0x1446/0x2000 [ 1970.970775][ T8417] page last free pid 1 tgid 1 stack trace: [ 1970.976565][ T8417] __free_frozen_pages+0x7d5/0x10f0 [ 1970.981772][ T8417] free_contig_range+0x183/0x4b0 [ 1970.986714][ T8417] destroy_args+0x794/0xc10 [ 1970.991216][ T8417] debug_vm_pgtable+0x1a32/0x3640 [ 1970.996241][ T8417] do_one_initcall+0x123/0x6e0 [ 1971.001041][ T8417] kernel_init_freeable+0x5c2/0x910 [ 1971.006251][ T8417] kernel_init+0x1c/0x2b0 [ 1971.010582][ T8417] ret_from_fork+0x56d/0x730 [ 1971.015168][ T8417] ret_from_fork_asm+0x1a/0x30 [ 1971.019939][ T8417] [ 1971.022247][ T8417] Memory state around the buggy address: [ 1971.027874][ T8417] ffff8880525c7f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1971.035928][ T8417] ffff8880525c7f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1971.043984][ T8417] >ffff8880525c8000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1971.052039][ T8417] ^ [ 1971.059045][ T8417] ffff8880525c8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1971.067100][ T8417] ffff8880525c8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1971.075149][ T8417] ================================================================== [ 1971.083195][ T8417] ================================================================== [ 1971.091250][ T8417] BUG: KASAN: slab-use-after-free in do_raw_spin_lock+0x27f/0x2b0 [ 1971.099071][ T8417] Read of size 8 at addr ffff8880525c8068 by task khidpd_16bf5505/8417 [ 1971.107339][ T8417] [ 1971.109657][ T8417] CPU: 1 UID: 0 PID: 8417 Comm: khidpd_16bf5505 Tainted: G B syzkaller #0 PREEMPT(full) [ 1971.109698][ T8417] Tainted: [B]=BAD_PAGE [ 1971.109708][ T8417] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 1971.109725][ T8417] Call Trace: [ 1971.109735][ T8417] [ 1971.109746][ T8417] dump_stack_lvl+0x116/0x1f0 [ 1971.109792][ T8417] print_report+0xcd/0x630 [ 1971.109817][ T8417] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1971.109852][ T8417] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1971.109889][ T8417] ? __phys_addr+0xe8/0x180 [ 1971.109928][ T8417] ? do_raw_spin_lock+0x27f/0x2b0 [ 1971.109959][ T8417] kasan_report+0xe0/0x110 [ 1971.109985][ T8417] ? do_raw_spin_lock+0x27f/0x2b0 [ 1971.110020][ T8417] ? l2cap_unregister_user+0x71/0x240 [ 1971.110065][ T8417] do_raw_spin_lock+0x27f/0x2b0 [ 1971.110094][ T8417] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1971.110129][ T8417] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 1971.110159][ T8417] ? lock_acquire+0x2cd/0x350 [ 1971.110203][ T8417] ? __mutex_lock+0xe8a/0x1060 [ 1971.110231][ T8417] _raw_spin_lock_irqsave+0x42/0x60 [ 1971.110270][ T8417] ? __mutex_lock+0x854/0x1060 [ 1971.110294][ T8417] __mutex_lock+0x854/0x1060 [ 1971.110319][ T8417] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1971.110353][ T8417] ? __lock_acquire+0x107f/0x1ce0 [ 1971.110395][ T8417] ? l2cap_unregister_user+0x71/0x240 [ 1971.110444][ T8417] ? __pfx___mutex_lock+0x10/0x10 [ 1971.110469][ T8417] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1971.110502][ T8417] ? lockdep_hardirqs_on+0x7c/0x110 [ 1971.110545][ T8417] ? preempt_schedule_thunk+0x16/0x30 [ 1971.110587][ T8417] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1971.110620][ T8417] ? preempt_schedule_thunk+0x16/0x30 [ 1971.110663][ T8417] ? l2cap_unregister_user+0x71/0x240 [ 1971.110714][ T8417] l2cap_unregister_user+0x71/0x240 [ 1971.110784][ T8417] hidp_session_thread+0x45e/0x660 [ 1971.110820][ T8417] ? __pfx_hidp_session_thread+0x10/0x10 [ 1971.110855][ T8417] ? __pfx_hidp_session_wake_function+0x10/0x10 [ 1971.110896][ T8417] ? __pfx_hidp_session_wake_function+0x10/0x10 [ 1971.110929][ T8417] ? lockdep_hardirqs_on+0x7c/0x110 [ 1971.110970][ T8417] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1971.111005][ T8417] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1971.111038][ T8417] ? __kthread_parkme+0x19e/0x250 [ 1971.111080][ T8417] ? __pfx_hidp_session_thread+0x10/0x10 [ 1971.111115][ T8417] kthread+0x3c5/0x780 [ 1971.111142][ T8417] ? __pfx_kthread+0x10/0x10 [ 1971.111170][ T8417] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1971.111204][ T8417] ? rcu_is_watching+0x12/0xc0 [ 1971.111240][ T8417] ? __pfx_kthread+0x10/0x10 [ 1971.111268][ T8417] ret_from_fork+0x56d/0x730 [ 1971.111294][ T8417] ? __pfx_kthread+0x10/0x10 [ 1971.111322][ T8417] ret_from_fork_asm+0x1a/0x30 [ 1971.111365][ T8417] [ 1971.111375][ T8417] [ 1971.377953][ T8417] Allocated by task 8167: [ 1971.382267][ T8417] kasan_save_stack+0x33/0x60 [ 1971.386970][ T8417] kasan_save_track+0x14/0x30 [ 1971.391663][ T8417] __kasan_kmalloc+0xaa/0xb0 [ 1971.396263][ T8417] __kmalloc_noprof+0x223/0x510 [ 1971.401128][ T8417] hci_alloc_dev_priv+0x1d/0x28a0 [ 1971.406164][ T8417] __vhci_create_device+0xf0/0x880 [ 1971.411298][ T8417] vhci_write+0x2c0/0x480 [ 1971.415644][ T8417] vfs_write+0x7d3/0x11d0 [ 1971.419981][ T8417] ksys_write+0x12a/0x250 [ 1971.424318][ T8417] do_syscall_64+0xcd/0x4e0 [ 1971.428818][ T8417] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1971.434788][ T8417] [ 1971.437094][ T8417] Freed by task 19155: [ 1971.441142][ T8417] kasan_save_stack+0x33/0x60 [ 1971.445826][ T8417] kasan_save_track+0x14/0x30 [ 1971.450595][ T8417] kasan_save_free_info+0x3b/0x60 [ 1971.455627][ T8417] __kasan_slab_free+0x60/0x70 [ 1971.460455][ T8417] kfree+0x2b4/0x4d0 [ 1971.464358][ T8417] hci_release_dev+0x4ef/0x610 [ 1971.469130][ T8417] bt_host_release+0x6a/0xb0 [ 1971.473724][ T8417] device_release+0xa4/0x240 [ 1971.478398][ T8417] kobject_put+0x1e7/0x5a0 [ 1971.482812][ T8417] put_device+0x1f/0x30 [ 1971.486962][ T8417] vhci_release+0x185/0x230 [ 1971.491472][ T8417] __fput+0x402/0xb70 [ 1971.495449][ T8417] task_work_run+0x150/0x240 [ 1971.500040][ T8417] do_exit+0x86f/0x2bf0 [ 1971.504200][ T8417] do_group_exit+0xd3/0x2a0 [ 1971.508722][ T8417] get_signal+0x2673/0x26d0 [ 1971.513395][ T8417] arch_do_signal_or_restart+0x8f/0x7d0 [ 1971.518951][ T8417] exit_to_user_mode_loop+0x84/0x110 [ 1971.524277][ T8417] do_syscall_64+0x41c/0x4e0 [ 1971.528863][ T8417] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1971.534761][ T8417] [ 1971.537121][ T8417] Last potentially related work creation: [ 1971.542817][ T8417] kasan_save_stack+0x33/0x60 [ 1971.547519][ T8417] kasan_record_aux_stack+0xa7/0xc0 [ 1971.552725][ T8417] insert_work+0x36/0x230 [ 1971.557045][ T8417] __queue_work+0x3f8/0x1160 [ 1971.561630][ T8417] queue_work_on+0x1a4/0x1f0 [ 1971.566213][ T8417] process_one_work+0x9cf/0x1b70 [ 1971.571143][ T8417] worker_thread+0x6c8/0xf10 [ 1971.575734][ T8417] kthread+0x3c5/0x780 [ 1971.579890][ T8417] ret_from_fork+0x56d/0x730 [ 1971.584470][ T8417] ret_from_fork_asm+0x1a/0x30 [ 1971.589277][ T8417] [ 1971.591586][ T8417] Second to last potentially related work creation: [ 1971.598149][ T8417] kasan_save_stack+0x33/0x60 [ 1971.602922][ T8417] kasan_record_aux_stack+0xa7/0xc0 [ 1971.608123][ T8417] insert_work+0x36/0x230 [ 1971.612444][ T8417] __queue_work+0x97e/0x1160 [ 1971.617041][ T8417] call_timer_fn+0x19a/0x620 [ 1971.621645][ T8417] __run_timers+0x569/0x960 [ 1971.626159][ T8417] run_timer_base+0x114/0x190 [ 1971.630843][ T8417] run_timer_softirq+0x1a/0x40 [ 1971.635624][ T8417] handle_softirqs+0x219/0x8e0 [ 1971.640391][ T8417] __irq_exit_rcu+0x109/0x170 [ 1971.645074][ T8417] irq_exit_rcu+0x9/0x30 [ 1971.649319][ T8417] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 1971.654959][ T8417] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1971.660940][ T8417] [ 1971.663246][ T8417] The buggy address belongs to the object at ffff8880525c8000 [ 1971.663246][ T8417] which belongs to the cache kmalloc-8k of size 8192 [ 1971.677378][ T8417] The buggy address is located 104 bytes inside of [ 1971.677378][ T8417] freed 8192-byte region [ffff8880525c8000, ffff8880525ca000) [ 1971.691352][ T8417] [ 1971.693662][ T8417] The buggy address belongs to the physical page: [ 1971.700055][ T8417] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x525c8 [ 1971.708817][ T8417] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 1971.717305][ T8417] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 1971.724843][ T8417] page_type: f5(slab) [ 1971.728827][ T8417] raw: 00fff00000000040 ffff88801b842280 dead000000000100 dead000000000122 [ 1971.737414][ T8417] raw: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000 [ 1971.745999][ T8417] head: 00fff00000000040 ffff88801b842280 dead000000000100 dead000000000122 [ 1971.754712][ T8417] head: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000 [ 1971.763392][ T8417] head: 00fff00000000003 ffffea0001497201 00000000ffffffff 00000000ffffffff [ 1971.772063][ T8417] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 1971.780725][ T8417] page dumped because: kasan: bad access detected [ 1971.787136][ T8417] page_owner tracks the page as allocated [ 1971.793267][ T8417] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x528c0(GFP_NOWAIT|__GFP_IO|__GFP_FS|__GFP_NORETRY|__GFP_COMP), pid 5871, tgid 5871 (syz-executor), ts 113334042337, free_ts 36683457965 [ 1971.813619][ T8417] post_alloc_hook+0x1c0/0x230 [ 1971.818406][ T8417] get_page_from_freelist+0x132b/0x38e0 [ 1971.823980][ T8417] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 1971.829886][ T8417] alloc_pages_mpol+0x1fb/0x550 [ 1971.834734][ T8417] new_slab+0x247/0x330 [ 1971.838900][ T8417] ___slab_alloc+0xcf2/0x1750 [ 1971.843588][ T8417] __slab_alloc.constprop.0+0x56/0xb0 [ 1971.848974][ T8417] __kvmalloc_node_noprof+0x3b1/0x620 [ 1971.854532][ T8417] pfifo_fast_init+0x125/0x3b0 [ 1971.859307][ T8417] qdisc_create_dflt+0x125/0x490 [ 1971.864259][ T8417] dev_activate+0x63f/0x12d0 [ 1971.868864][ T8417] __dev_open+0x432/0x7c0 [ 1971.873212][ T8417] __dev_change_flags+0x55d/0x720 [ 1971.878244][ T8417] netif_change_flags+0x8d/0x160 [ 1971.883198][ T8417] do_setlink.constprop.0+0xb53/0x4380 [ 1971.888665][ T8417] rtnl_newlink+0x1446/0x2000 [ 1971.893349][ T8417] page last free pid 1 tgid 1 stack trace: [ 1971.899139][ T8417] __free_frozen_pages+0x7d5/0x10f0 [ 1971.904342][ T8417] free_contig_range+0x183/0x4b0 [ 1971.909289][ T8417] destroy_args+0x794/0xc10 [ 1971.913787][ T8417] debug_vm_pgtable+0x1a32/0x3640 [ 1971.918808][ T8417] do_one_initcall+0x123/0x6e0 [ 1971.923582][ T8417] kernel_init_freeable+0x5c2/0x910 [ 1971.928794][ T8417] kernel_init+0x1c/0x2b0 [ 1971.933128][ T8417] ret_from_fork+0x56d/0x730 [ 1971.937717][ T8417] ret_from_fork_asm+0x1a/0x30 [ 1971.942492][ T8417] [ 1971.944889][ T8417] Memory state around the buggy address: [ 1971.950503][ T8417] ffff8880525c7f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1971.958557][ T8417] ffff8880525c7f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1971.966701][ T8417] >ffff8880525c8000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1971.974751][ T8417] ^ [ 1971.982193][ T8417] ffff8880525c8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1971.990254][ T8417] ffff8880525c8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1971.998305][ T8417] ================================================================== [ 1972.006353][ T8417] ================================================================== [ 1972.014402][ T8417] BUG: KASAN: slab-use-after-free in do_raw_spin_lock+0x265/0x2b0 [ 1972.022220][ T8417] Read of size 4 at addr ffff8880525c8060 by task khidpd_16bf5505/8417 [ 1972.030484][ T8417] [ 1972.032806][ T8417] CPU: 1 UID: 0 PID: 8417 Comm: khidpd_16bf5505 Tainted: G B syzkaller #0 PREEMPT(full) [ 1972.032848][ T8417] Tainted: [B]=BAD_PAGE [ 1972.032858][ T8417] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 1972.032881][ T8417] Call Trace: [ 1972.032891][ T8417] [ 1972.032902][ T8417] dump_stack_lvl+0x116/0x1f0 [ 1972.032948][ T8417] print_report+0xcd/0x630 [ 1972.032974][ T8417] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1972.033008][ T8417] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1972.033042][ T8417] ? __phys_addr+0xe8/0x180 [ 1972.033081][ T8417] ? do_raw_spin_lock+0x265/0x2b0 [ 1972.033111][ T8417] kasan_report+0xe0/0x110 [ 1972.033138][ T8417] ? do_raw_spin_lock+0x265/0x2b0 [ 1972.033173][ T8417] ? l2cap_unregister_user+0x71/0x240 [ 1972.033218][ T8417] do_raw_spin_lock+0x265/0x2b0 [ 1972.033248][ T8417] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1972.033282][ T8417] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 1972.033312][ T8417] ? lock_acquire+0x2cd/0x350 [ 1972.033356][ T8417] ? __mutex_lock+0xe8a/0x1060 [ 1972.033384][ T8417] _raw_spin_lock_irqsave+0x42/0x60 [ 1972.033422][ T8417] ? __mutex_lock+0x854/0x1060 [ 1972.033447][ T8417] __mutex_lock+0x854/0x1060 [ 1972.033471][ T8417] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1972.033505][ T8417] ? __lock_acquire+0x107f/0x1ce0 [ 1972.033546][ T8417] ? l2cap_unregister_user+0x71/0x240 [ 1972.033596][ T8417] ? __pfx___mutex_lock+0x10/0x10 [ 1972.033621][ T8417] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1972.033654][ T8417] ? lockdep_hardirqs_on+0x7c/0x110 [ 1972.033697][ T8417] ? preempt_schedule_thunk+0x16/0x30 [ 1972.033740][ T8417] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1972.033774][ T8417] ? preempt_schedule_thunk+0x16/0x30 [ 1972.033817][ T8417] ? l2cap_unregister_user+0x71/0x240 [ 1972.033861][ T8417] l2cap_unregister_user+0x71/0x240 [ 1972.033913][ T8417] hidp_session_thread+0x45e/0x660 [ 1972.033948][ T8417] ? __pfx_hidp_session_thread+0x10/0x10 [ 1972.033983][ T8417] ? __pfx_hidp_session_wake_function+0x10/0x10 [ 1972.034019][ T8417] ? __pfx_hidp_session_wake_function+0x10/0x10 [ 1972.034052][ T8417] ? lockdep_hardirqs_on+0x7c/0x110 [ 1972.034093][ T8417] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1972.034128][ T8417] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1972.034161][ T8417] ? __kthread_parkme+0x19e/0x250 [ 1972.034204][ T8417] ? __pfx_hidp_session_thread+0x10/0x10 [ 1972.034238][ T8417] kthread+0x3c5/0x780 [ 1972.034266][ T8417] ? __pfx_kthread+0x10/0x10 [ 1972.034293][ T8417] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1972.034327][ T8417] ? rcu_is_watching+0x12/0xc0 [ 1972.034362][ T8417] ? __pfx_kthread+0x10/0x10 [ 1972.034390][ T8417] ret_from_fork+0x56d/0x730 [ 1972.034415][ T8417] ? __pfx_kthread+0x10/0x10 [ 1972.034443][ T8417] ret_from_fork_asm+0x1a/0x30 [ 1972.034486][ T8417] [ 1972.034496][ T8417] [ 1972.301700][ T8417] Allocated by task 8167: [ 1972.306015][ T8417] kasan_save_stack+0x33/0x60 [ 1972.310748][ T8417] kasan_save_track+0x14/0x30 [ 1972.315536][ T8417] __kasan_kmalloc+0xaa/0xb0 [ 1972.320226][ T8417] __kmalloc_noprof+0x223/0x510 [ 1972.325087][ T8417] hci_alloc_dev_priv+0x1d/0x28a0 [ 1972.330145][ T8417] __vhci_create_device+0xf0/0x880 [ 1972.335287][ T8417] vhci_write+0x2c0/0x480 [ 1972.339756][ T8417] vfs_write+0x7d3/0x11d0 [ 1972.344147][ T8417] ksys_write+0x12a/0x250 [ 1972.348516][ T8417] do_syscall_64+0xcd/0x4e0 [ 1972.353030][ T8417] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1972.359186][ T8417] [ 1972.361578][ T8417] Freed by task 19155: [ 1972.365636][ T8417] kasan_save_stack+0x33/0x60 [ 1972.370334][ T8417] kasan_save_track+0x14/0x30 [ 1972.375027][ T8417] kasan_save_free_info+0x3b/0x60 [ 1972.380147][ T8417] __kasan_slab_free+0x60/0x70 [ 1972.384930][ T8417] kfree+0x2b4/0x4d0 [ 1972.388836][ T8417] hci_release_dev+0x4ef/0x610 [ 1972.393610][ T8417] bt_host_release+0x6a/0xb0 [ 1972.398221][ T8417] device_release+0xa4/0x240 [ 1972.402832][ T8417] kobject_put+0x1e7/0x5a0 [ 1972.407251][ T8417] put_device+0x1f/0x30 [ 1972.411412][ T8417] vhci_release+0x185/0x230 [ 1972.416025][ T8417] __fput+0x402/0xb70 [ 1972.420046][ T8417] task_work_run+0x150/0x240 [ 1972.424643][ T8417] do_exit+0x86f/0x2bf0 [ 1972.428820][ T8417] do_group_exit+0xd3/0x2a0 [ 1972.433371][ T8417] get_signal+0x2673/0x26d0 [ 1972.437896][ T8417] arch_do_signal_or_restart+0x8f/0x7d0 [ 1972.443472][ T8417] exit_to_user_mode_loop+0x84/0x110 [ 1972.448759][ T8417] do_syscall_64+0x41c/0x4e0 [ 1972.453346][ T8417] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1972.459250][ T8417] [ 1972.461563][ T8417] Last potentially related work creation: [ 1972.467260][ T8417] kasan_save_stack+0x33/0x60 [ 1972.471962][ T8417] kasan_record_aux_stack+0xa7/0xc0 [ 1972.477168][ T8417] insert_work+0x36/0x230 [ 1972.481499][ T8417] __queue_work+0x3f8/0x1160 [ 1972.486090][ T8417] queue_work_on+0x1a4/0x1f0 [ 1972.490680][ T8417] process_one_work+0x9cf/0x1b70 [ 1972.495649][ T8417] worker_thread+0x6c8/0xf10 [ 1972.500245][ T8417] kthread+0x3c5/0x780 [ 1972.504400][ T8417] ret_from_fork+0x56d/0x730 [ 1972.508989][ T8417] ret_from_fork_asm+0x1a/0x30 [ 1972.513766][ T8417] [ 1972.516091][ T8417] Second to last potentially related work creation: [ 1972.523450][ T8417] kasan_save_stack+0x33/0x60 [ 1972.528166][ T8417] kasan_record_aux_stack+0xa7/0xc0 [ 1972.533374][ T8417] insert_work+0x36/0x230 [ 1972.537704][ T8417] __queue_work+0x97e/0x1160 [ 1972.542295][ T8417] call_timer_fn+0x19a/0x620 [ 1972.546983][ T8417] __run_timers+0x569/0x960 [ 1972.551504][ T8417] run_timer_base+0x114/0x190 [ 1972.556231][ T8417] run_timer_softirq+0x1a/0x40 [ 1972.561013][ T8417] handle_softirqs+0x219/0x8e0 [ 1972.565820][ T8417] __irq_exit_rcu+0x109/0x170 [ 1972.570543][ T8417] irq_exit_rcu+0x9/0x30 [ 1972.574799][ T8417] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 1972.580454][ T8417] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1972.586441][ T8417] [ 1972.588769][ T8417] The buggy address belongs to the object at ffff8880525c8000 [ 1972.588769][ T8417] which belongs to the cache kmalloc-8k of size 8192 [ 1972.602822][ T8417] The buggy address is located 96 bytes inside of [ 1972.602822][ T8417] freed 8192-byte region [ffff8880525c8000, ffff8880525ca000) [ 1972.616623][ T8417] [ 1972.619022][ T8417] The buggy address belongs to the physical page: [ 1972.625414][ T8417] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x525c8 [ 1972.634256][ T8417] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 1972.642762][ T8417] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 1972.650301][ T8417] page_type: f5(slab) [ 1972.654282][ T8417] raw: 00fff00000000040 ffff88801b842280 dead000000000100 dead000000000122 [ 1972.662866][ T8417] raw: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000 [ 1972.671586][ T8417] head: 00fff00000000040 ffff88801b842280 dead000000000100 dead000000000122 [ 1972.680261][ T8417] head: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000 [ 1972.688933][ T8417] head: 00fff00000000003 ffffea0001497201 00000000ffffffff 00000000ffffffff [ 1972.697607][ T8417] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 1972.706274][ T8417] page dumped because: kasan: bad access detected [ 1972.712672][ T8417] page_owner tracks the page as allocated [ 1972.718370][ T8417] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x528c0(GFP_NOWAIT|__GFP_IO|__GFP_FS|__GFP_NORETRY|__GFP_COMP), pid 5871, tgid 5871 (syz-executor), ts 113334042337, free_ts 36683457965 [ 1972.738178][ T8417] post_alloc_hook+0x1c0/0x230 [ 1972.742957][ T8417] get_page_from_freelist+0x132b/0x38e0 [ 1972.748540][ T8417] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 1972.754442][ T8417] alloc_pages_mpol+0x1fb/0x550 [ 1972.759290][ T8417] new_slab+0x247/0x330 [ 1972.763452][ T8417] ___slab_alloc+0xcf2/0x1750 [ 1972.768142][ T8417] __slab_alloc.constprop.0+0x56/0xb0 [ 1972.773523][ T8417] __kvmalloc_node_noprof+0x3b1/0x620 [ 1972.778907][ T8417] pfifo_fast_init+0x125/0x3b0 [ 1972.783679][ T8417] qdisc_create_dflt+0x125/0x490 [ 1972.788629][ T8417] dev_activate+0x63f/0x12d0 [ 1972.793230][ T8417] __dev_open+0x432/0x7c0 [ 1972.797572][ T8417] __dev_change_flags+0x55d/0x720 [ 1972.802611][ T8417] netif_change_flags+0x8d/0x160 [ 1972.807580][ T8417] do_setlink.constprop.0+0xb53/0x4380 [ 1972.813071][ T8417] rtnl_newlink+0x1446/0x2000 [ 1972.817769][ T8417] page last free pid 1 tgid 1 stack trace: [ 1972.823558][ T8417] __free_frozen_pages+0x7d5/0x10f0 [ 1972.828767][ T8417] free_contig_range+0x183/0x4b0 [ 1972.833713][ T8417] destroy_args+0x794/0xc10 [ 1972.838222][ T8417] debug_vm_pgtable+0x1a32/0x3640 [ 1972.843249][ T8417] do_one_initcall+0x123/0x6e0 [ 1972.848021][ T8417] kernel_init_freeable+0x5c2/0x910 [ 1972.853222][ T8417] kernel_init+0x1c/0x2b0 [ 1972.857556][ T8417] ret_from_fork+0x56d/0x730 [ 1972.862145][ T8417] ret_from_fork_asm+0x1a/0x30 [ 1972.866916][ T8417] [ 1972.869220][ T8417] Memory state around the buggy address: [ 1972.875010][ T8417] ffff8880525c7f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1972.883151][ T8417] ffff8880525c7f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1972.891202][ T8417] >ffff8880525c8000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1972.899252][ T8417] ^ [ 1972.906440][ T8417] ffff8880525c8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1972.914502][ T8417] ffff8880525c8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1972.922586][ T8417] ================================================================== [ 1972.930750][ T8417] ================================================================== [ 1972.938827][ T8417] BUG: KASAN: slab-use-after-free in do_raw_spin_lock+0x11d/0x2b0 [ 1972.946664][ T8417] Write of size 4 at addr ffff8880525c8058 by task khidpd_16bf5505/8417 [ 1972.955000][ T8417] [ 1972.957355][ T8417] CPU: 1 UID: 0 PID: 8417 Comm: khidpd_16bf5505 Tainted: G B syzkaller #0 PREEMPT(full) [ 1972.957414][ T8417] Tainted: [B]=BAD_PAGE [ 1972.957429][ T8417] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 1972.957459][ T8417] Call Trace: [ 1972.957472][ T8417] [ 1972.957487][ T8417] dump_stack_lvl+0x116/0x1f0 [ 1972.957553][ T8417] print_report+0xcd/0x630 [ 1972.957589][ T8417] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1972.957640][ T8417] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1972.957690][ T8417] ? __phys_addr+0xe8/0x180 [ 1972.957747][ T8417] ? do_raw_spin_lock+0x11d/0x2b0 [ 1972.957791][ T8417] kasan_report+0xe0/0x110 [ 1972.957830][ T8417] ? do_raw_spin_lock+0x11d/0x2b0 [ 1972.957880][ T8417] ? l2cap_unregister_user+0x71/0x240 [ 1972.957953][ T8417] kasan_check_range+0x100/0x1b0 [ 1972.958001][ T8417] do_raw_spin_lock+0x11d/0x2b0 [ 1972.958044][ T8417] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1972.958096][ T8417] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 1972.958140][ T8417] ? lock_acquire+0x2cd/0x350 [ 1972.958204][ T8417] ? __mutex_lock+0xe8a/0x1060 [ 1972.958246][ T8417] _raw_spin_lock_irqsave+0x42/0x60 [ 1972.958302][ T8417] ? __mutex_lock+0x854/0x1060 [ 1972.958339][ T8417] __mutex_lock+0x854/0x1060 [ 1972.958374][ T8417] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1972.958424][ T8417] ? __lock_acquire+0x107f/0x1ce0 [ 1972.958487][ T8417] ? l2cap_unregister_user+0x71/0x240 [ 1972.958560][ T8417] ? __pfx___mutex_lock+0x10/0x10 [ 1972.958597][ T8417] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1972.958647][ T8417] ? lockdep_hardirqs_on+0x7c/0x110 [ 1972.958711][ T8417] ? preempt_schedule_thunk+0x16/0x30 [ 1972.958773][ T8417] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1972.958823][ T8417] ? preempt_schedule_thunk+0x16/0x30 [ 1972.958896][ T8417] ? l2cap_unregister_user+0x71/0x240 [ 1972.958963][ T8417] l2cap_unregister_user+0x71/0x240 [ 1972.959033][ T8417] hidp_session_thread+0x45e/0x660 [ 1972.959085][ T8417] ? __pfx_hidp_session_thread+0x10/0x10 [ 1972.959137][ T8417] ? __pfx_hidp_session_wake_function+0x10/0x10 [ 1972.959191][ T8417] ? __pfx_hidp_session_wake_function+0x10/0x10 [ 1972.959240][ T8417] ? lockdep_hardirqs_on+0x7c/0x110 [ 1972.959302][ T8417] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1972.959353][ T8417] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1972.959403][ T8417] ? __kthread_parkme+0x19e/0x250 [ 1972.959465][ T8417] ? __pfx_hidp_session_thread+0x10/0x10 [ 1972.959516][ T8417] kthread+0x3c5/0x780 [ 1972.959556][ T8417] ? __pfx_kthread+0x10/0x10 [ 1972.959597][ T8417] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1972.959646][ T8417] ? rcu_is_watching+0x12/0xc0 [ 1972.959698][ T8417] ? __pfx_kthread+0x10/0x10 [ 1972.959739][ T8417] ret_from_fork+0x56d/0x730 [ 1972.959777][ T8417] ? __pfx_kthread+0x10/0x10 [ 1972.959818][ T8417] ret_from_fork_asm+0x1a/0x30 [ 1972.959880][ T8417] [ 1972.959901][ T8417] [ 1973.231707][ T8417] Allocated by task 8167: [ 1973.236061][ T8417] kasan_save_stack+0x33/0x60 [ 1973.240762][ T8417] kasan_save_track+0x14/0x30 [ 1973.245453][ T8417] __kasan_kmalloc+0xaa/0xb0 [ 1973.250057][ T8417] __kmalloc_noprof+0x223/0x510 [ 1973.254918][ T8417] hci_alloc_dev_priv+0x1d/0x28a0 [ 1973.259950][ T8417] __vhci_create_device+0xf0/0x880 [ 1973.265095][ T8417] vhci_write+0x2c0/0x480 [ 1973.269535][ T8417] vfs_write+0x7d3/0x11d0 [ 1973.273877][ T8417] ksys_write+0x12a/0x250 [ 1973.278232][ T8417] do_syscall_64+0xcd/0x4e0 [ 1973.282727][ T8417] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1973.288615][ T8417] [ 1973.290921][ T8417] Freed by task 19155: [ 1973.294970][ T8417] kasan_save_stack+0x33/0x60 [ 1973.299652][ T8417] kasan_save_track+0x14/0x30 [ 1973.304345][ T8417] kasan_save_free_info+0x3b/0x60 [ 1973.309382][ T8417] __kasan_slab_free+0x60/0x70 [ 1973.314165][ T8417] kfree+0x2b4/0x4d0 [ 1973.318064][ T8417] hci_release_dev+0x4ef/0x610 [ 1973.322828][ T8417] bt_host_release+0x6a/0xb0 [ 1973.327432][ T8417] device_release+0xa4/0x240 [ 1973.332025][ T8417] kobject_put+0x1e7/0x5a0 [ 1973.336525][ T8417] put_device+0x1f/0x30 [ 1973.340682][ T8417] vhci_release+0x185/0x230 [ 1973.345213][ T8417] __fput+0x402/0xb70 [ 1973.349197][ T8417] task_work_run+0x150/0x240 [ 1973.353779][ T8417] do_exit+0x86f/0x2bf0 [ 1973.357945][ T8417] do_group_exit+0xd3/0x2a0 [ 1973.362454][ T8417] get_signal+0x2673/0x26d0 [ 1973.367048][ T8417] arch_do_signal_or_restart+0x8f/0x7d0 [ 1973.372594][ T8417] exit_to_user_mode_loop+0x84/0x110 [ 1973.377879][ T8417] do_syscall_64+0x41c/0x4e0 [ 1973.382461][ T8417] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1973.388346][ T8417] [ 1973.390650][ T8417] Last potentially related work creation: [ 1973.396344][ T8417] kasan_save_stack+0x33/0x60 [ 1973.401028][ T8417] kasan_record_aux_stack+0xa7/0xc0 [ 1973.406224][ T8417] insert_work+0x36/0x230 [ 1973.410542][ T8417] __queue_work+0x3f8/0x1160 [ 1973.415129][ T8417] queue_work_on+0x1a4/0x1f0 [ 1973.419716][ T8417] process_one_work+0x9cf/0x1b70 [ 1973.424656][ T8417] worker_thread+0x6c8/0xf10 [ 1973.429243][ T8417] kthread+0x3c5/0x780 [ 1973.433301][ T8417] ret_from_fork+0x56d/0x730 [ 1973.437912][ T8417] ret_from_fork_asm+0x1a/0x30 [ 1973.442682][ T8417] [ 1973.444987][ T8417] Second to last potentially related work creation: [ 1973.451548][ T8417] kasan_save_stack+0x33/0x60 [ 1973.456408][ T8417] kasan_record_aux_stack+0xa7/0xc0 [ 1973.461608][ T8417] insert_work+0x36/0x230 [ 1973.465955][ T8417] __queue_work+0x97e/0x1160 [ 1973.470544][ T8417] call_timer_fn+0x19a/0x620 [ 1973.475141][ T8417] __run_timers+0x569/0x960 [ 1973.479664][ T8417] run_timer_base+0x114/0x190 [ 1973.484352][ T8417] run_timer_softirq+0x1a/0x40 [ 1973.489130][ T8417] handle_softirqs+0x219/0x8e0 [ 1973.493899][ T8417] __irq_exit_rcu+0x109/0x170 [ 1973.498578][ T8417] irq_exit_rcu+0x9/0x30 [ 1973.502821][ T8417] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 1973.508464][ T8417] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1973.514453][ T8417] [ 1973.516762][ T8417] The buggy address belongs to the object at ffff8880525c8000 [ 1973.516762][ T8417] which belongs to the cache kmalloc-8k of size 8192 [ 1973.530890][ T8417] The buggy address is located 88 bytes inside of [ 1973.530890][ T8417] freed 8192-byte region [ffff8880525c8000, ffff8880525ca000) [ 1973.544680][ T8417] [ 1973.546989][ T8417] The buggy address belongs to the physical page: [ 1973.553381][ T8417] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x525c8 [ 1973.562216][ T8417] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 1973.570961][ T8417] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 1973.578497][ T8417] page_type: f5(slab) [ 1973.582469][ T8417] raw: 00fff00000000040 ffff88801b842280 dead000000000100 dead000000000122 [ 1973.591105][ T8417] raw: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000 [ 1973.599699][ T8417] head: 00fff00000000040 ffff88801b842280 dead000000000100 dead000000000122 [ 1973.608387][ T8417] head: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000 [ 1973.617145][ T8417] head: 00fff00000000003 ffffea0001497201 00000000ffffffff 00000000ffffffff [ 1973.625815][ T8417] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 1973.634476][ T8417] page dumped because: kasan: bad access detected [ 1973.640878][ T8417] page_owner tracks the page as allocated [ 1973.646674][ T8417] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x528c0(GFP_NOWAIT|__GFP_IO|__GFP_FS|__GFP_NORETRY|__GFP_COMP), pid 5871, tgid 5871 (syz-executor), ts 113334042337, free_ts 36683457965 [ 1973.666490][ T8417] post_alloc_hook+0x1c0/0x230 [ 1973.671306][ T8417] get_page_from_freelist+0x132b/0x38e0 [ 1973.676880][ T8417] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 1973.682792][ T8417] alloc_pages_mpol+0x1fb/0x550 [ 1973.687640][ T8417] new_slab+0x247/0x330 [ 1973.691803][ T8417] ___slab_alloc+0xcf2/0x1750 [ 1973.696495][ T8417] __slab_alloc.constprop.0+0x56/0xb0 [ 1973.701883][ T8417] __kvmalloc_node_noprof+0x3b1/0x620 [ 1973.707263][ T8417] pfifo_fast_init+0x125/0x3b0 [ 1973.712038][ T8417] qdisc_create_dflt+0x125/0x490 [ 1973.716991][ T8417] dev_activate+0x63f/0x12d0 [ 1973.721582][ T8417] __dev_open+0x432/0x7c0 [ 1973.725915][ T8417] __dev_change_flags+0x55d/0x720 [ 1973.730952][ T8417] netif_change_flags+0x8d/0x160 [ 1973.735896][ T8417] do_setlink.constprop.0+0xb53/0x4380 [ 1973.741380][ T8417] rtnl_newlink+0x1446/0x2000 [ 1973.746064][ T8417] page last free pid 1 tgid 1 stack trace: [ 1973.751856][ T8417] __free_frozen_pages+0x7d5/0x10f0 [ 1973.757058][ T8417] free_contig_range+0x183/0x4b0 [ 1973.762003][ T8417] destroy_args+0x794/0xc10 [ 1973.766499][ T8417] debug_vm_pgtable+0x1a32/0x3640 [ 1973.771521][ T8417] do_one_initcall+0x123/0x6e0 [ 1973.776283][ T8417] kernel_init_freeable+0x5c2/0x910 [ 1973.781487][ T8417] kernel_init+0x1c/0x2b0 [ 1973.785812][ T8417] ret_from_fork+0x56d/0x730 [ 1973.790390][ T8417] ret_from_fork_asm+0x1a/0x30 [ 1973.795166][ T8417] [ 1973.797470][ T8417] Memory state around the buggy address: [ 1973.803089][ T8417] ffff8880525c7f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1973.811153][ T8417] ffff8880525c7f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1973.819205][ T8417] >ffff8880525c8000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1973.827251][ T8417] ^ [ 1973.834274][ T8417] ffff8880525c8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1973.842329][ T8417] ffff8880525c8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1973.850378][ T8417] ================================================================== [ 1973.858424][ T8417] Kernel panic - not syncing: kasan.fault=panic_on_write set ... [ 1973.866136][ T8417] CPU: 1 UID: 0 PID: 8417 Comm: khidpd_16bf5505 Tainted: G B syzkaller #0 PREEMPT(full) [ 1973.877429][ T8417] Tainted: [B]=BAD_PAGE [ 1973.881569][ T8417] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 1973.891618][ T8417] Call Trace: [ 1973.894886][ T8417] [ 1973.897801][ T8417] dump_stack_lvl+0x3d/0x1f0 [ 1973.902402][ T8417] vpanic+0x6e8/0x7a0 [ 1973.906396][ T8417] ? __pfx_vpanic+0x10/0x10 [ 1973.910915][ T8417] ? do_raw_spin_lock+0x11d/0x2b0 [ 1973.915944][ T8417] panic+0xca/0xd0 [ 1973.919681][ T8417] ? __pfx_panic+0x10/0x10 [ 1973.924118][ T8417] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1973.929849][ T8417] ? rcu_is_watching+0x12/0xc0 [ 1973.934622][ T8417] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1973.940264][ T8417] ? lock_release+0x201/0x2f0 [ 1973.944960][ T8417] ? print_report+0x2bd/0x630 [ 1973.949635][ T8417] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1973.955281][ T8417] end_report+0x159/0x170 [ 1973.959699][ T8417] kasan_report+0xee/0x110 [ 1973.964115][ T8417] ? do_raw_spin_lock+0x11d/0x2b0 [ 1973.969150][ T8417] ? l2cap_unregister_user+0x71/0x240 [ 1973.974555][ T8417] kasan_check_range+0x100/0x1b0 [ 1973.979582][ T8417] do_raw_spin_lock+0x11d/0x2b0 [ 1973.984430][ T8417] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1973.990073][ T8417] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 1973.995543][ T8417] ? lock_acquire+0x2cd/0x350 [ 1974.000244][ T8417] ? __mutex_lock+0xe8a/0x1060 [ 1974.005010][ T8417] _raw_spin_lock_irqsave+0x42/0x60 [ 1974.010230][ T8417] ? __mutex_lock+0x854/0x1060 [ 1974.014997][ T8417] __mutex_lock+0x854/0x1060 [ 1974.019588][ T8417] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1974.025231][ T8417] ? __lock_acquire+0x107f/0x1ce0 [ 1974.030281][ T8417] ? l2cap_unregister_user+0x71/0x240 [ 1974.035681][ T8417] ? __pfx___mutex_lock+0x10/0x10 [ 1974.040793][ T8417] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1974.046433][ T8417] ? lockdep_hardirqs_on+0x7c/0x110 [ 1974.051652][ T8417] ? preempt_schedule_thunk+0x16/0x30 [ 1974.057046][ T8417] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1974.062689][ T8417] ? preempt_schedule_thunk+0x16/0x30 [ 1974.068083][ T8417] ? l2cap_unregister_user+0x71/0x240 [ 1974.073492][ T8417] l2cap_unregister_user+0x71/0x240 [ 1974.078722][ T8417] hidp_session_thread+0x45e/0x660 [ 1974.083838][ T8417] ? __pfx_hidp_session_thread+0x10/0x10 [ 1974.089483][ T8417] ? __pfx_hidp_session_wake_function+0x10/0x10 [ 1974.095741][ T8417] ? __pfx_hidp_session_wake_function+0x10/0x10 [ 1974.101993][ T8417] ? lockdep_hardirqs_on+0x7c/0x110 [ 1974.107202][ T8417] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1974.112848][ T8417] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1974.118490][ T8417] ? __kthread_parkme+0x19e/0x250 [ 1974.123619][ T8417] ? __pfx_hidp_session_thread+0x10/0x10 [ 1974.129261][ T8417] kthread+0x3c5/0x780 [ 1974.133334][ T8417] ? __pfx_kthread+0x10/0x10 [ 1974.137925][ T8417] ? srso_alias_return_thunk+0x5/0xfbef5 [ 1974.143563][ T8417] ? rcu_is_watching+0x12/0xc0 [ 1974.148338][ T8417] ? __pfx_kthread+0x10/0x10 [ 1974.152929][ T8417] ret_from_fork+0x56d/0x730 [ 1974.157519][ T8417] ? __pfx_kthread+0x10/0x10 [ 1974.162112][ T8417] ret_from_fork_asm+0x1a/0x30 [ 1974.166911][ T8417] [ 1974.170203][ T8417] Kernel Offset: disabled [ 1974.174527][ T8417] Rebooting in 86400 seconds..